From 7a00777fa4be5ccd68deecf68d489e5e276c859d Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Wed, 13 Apr 2022 12:03:31 +0800 Subject: [PATCH] update to libsemanage-2.9-8.el8.src.rpm Signed-off-by: Liwei Ge --- 0005-Trivial-style-fixes.patch | 76 ++ ...-contents-of-modkey-in-semanage_dire.patch | 31 + ...USE_AFTER_FREE-CWE-672-in-semanage_d.patch | 42 + ...-missing-include-to-boolean_record.c.patch | 37 + ...nage-move-module-hashing-into-libsem.patch | 555 ++++++++++++ ...-compressed-file-handling-into-a-sep.patch | 824 ++++++++++++++++++ ...lean-up-semanage_direct_commit-a-bit.patch | 150 ++++ ...onally-rebuild-policy-when-modules-a.patch | 492 +++++++++++ download | 1 + libsemanage-2.9.tar.gz | Bin 157690 -> 0 bytes libsemanage.spec | 24 +- 11 files changed, 2231 insertions(+), 1 deletion(-) create mode 100644 0005-Trivial-style-fixes.patch create mode 100644 0006-libsemanage-Free-contents-of-modkey-in-semanage_dire.patch create mode 100644 0007-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch create mode 100644 0008-libsemanage-add-missing-include-to-boolean_record.c.patch create mode 100644 0009-semodule-libsemanage-move-module-hashing-into-libsem.patch create mode 100644 0010-libsemanage-move-compressed-file-handling-into-a-sep.patch create mode 100644 0011-libsemanage-clean-up-semanage_direct_commit-a-bit.patch create mode 100644 0012-libsemanage-optionally-rebuild-policy-when-modules-a.patch create mode 100644 download delete mode 100644 libsemanage-2.9.tar.gz diff --git a/0005-Trivial-style-fixes.patch b/0005-Trivial-style-fixes.patch new file mode 100644 index 0000000..f5bd700 --- /dev/null +++ b/0005-Trivial-style-fixes.patch @@ -0,0 +1,76 @@ +From ac10bc27090916fe8fcdaf4a9f0e8cc0165f7210 Mon Sep 17 00:00:00 2001 +From: Unto Sten +Date: Sat, 11 May 2019 01:04:16 +0300 +Subject: [PATCH] Trivial style fixes + +--- + libsemanage/src/direct_api.c | 2 +- + libsemanage/src/modules.c | 2 +- + libsemanage/src/seusers_local.c | 2 +- + libsemanage/src/users_local.c | 4 ++-- + 4 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index abc3a4cb..b037890a 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -517,7 +517,7 @@ ssize_t bunzip(semanage_handle_t *sh, FILE *f, char **data) + size_t size = 1<<18; + size_t bufsize = size; + int bzerror; +- size_t total=0; ++ size_t total = 0; + char* uncompress = NULL; + char* tmpalloc = NULL; + int ret = -1; +diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c +index 62af1018..fa84d33e 100644 +--- a/libsemanage/src/modules.c ++++ b/libsemanage/src/modules.c +@@ -1130,7 +1130,7 @@ int semanage_module_install_info(semanage_handle_t *sh, + int semanage_module_remove_key(semanage_handle_t *sh, + const semanage_module_key_t *modkey) + { +- if (sh->funcs->remove_key== NULL) { ++ if (sh->funcs->remove_key == NULL) { + ERR(sh, + "No remove key function defined for this connection type."); + return -1; +diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c +index a79e2d3d..3e2761c4 100644 +--- a/libsemanage/src/seusers_local.c ++++ b/libsemanage/src/seusers_local.c +@@ -133,7 +133,7 @@ int semanage_seuser_modify_local(semanage_handle_t * handle, + semanage_seuser_t *new = NULL; + + if (!sename) { +- errno=EINVAL; ++ errno = EINVAL; + return -1; + } + rc = semanage_seuser_clone(handle, data, &new); +diff --git a/libsemanage/src/users_local.c b/libsemanage/src/users_local.c +index 7aa43d44..8193476d 100644 +--- a/libsemanage/src/users_local.c ++++ b/libsemanage/src/users_local.c +@@ -38,7 +38,7 @@ static int lookup_seuser(semanage_handle_t * handle, const semanage_user_key_t * + semanage_seuser_list_local(handle, + &records, + &count); +- for(i=0; i +Date: Thu, 17 Dec 2020 15:59:49 +0100 +Subject: [PATCH] libsemanage: Free contents of modkey in + semanage_direct_remove + +semanage_direct_remove allocates struct semanage_module_key_t on +stack, then calls semanage_module_key_set_name which allocates +modkey->name on heap, but modkey->name wasn't free()-d anywhere, +creating a small leak. + +Signed-off-by: Jakub Hrozek +--- + libsemanage/src/direct_api.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index b037890a..c32939c0 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -1944,6 +1944,7 @@ static int semanage_direct_remove(semanage_handle_t * sh, char *module_name) + status = semanage_direct_remove_key(sh, &modkey); + + cleanup: ++ semanage_module_key_destroy(sh, &modkey); + return status; + } + +-- +2.30.2 + diff --git a/0007-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch b/0007-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch new file mode 100644 index 0000000..5d84a0d --- /dev/null +++ b/0007-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch @@ -0,0 +1,42 @@ +From 30da7a4907893bd43fe9da40728a3bcabdf3d7a4 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Wed, 28 Jul 2021 11:21:35 +0200 +Subject: [PATCH] libsemanage: Fix USE_AFTER_FREE (CWE-672) in + semanage_direct_write_langext() + +>From fclose(3): +Upon successful completion, 0 is returned. Otherwise, EOF is returned +and errno is set to indicate the error. In either case, any further +access (including another call to fclose()) to the stream results in +undefined behavior. + +Fixes: + Error: USE_AFTER_FREE (CWE-672): [#def1] + libsemanage-3.2/src/direct_api.c:1023: freed_arg: "fclose" frees "fp". + libsemanage-3.2/src/direct_api.c:1034: use_closed_file: Calling "fclose" uses file handle "fp" after closing it. + # 1032| + # 1033| cleanup: + # 1034|-> if (fp != NULL) fclose(fp); + # 1035| + # 1036| return ret; + +Signed-off-by: Petr Lautrbach +--- + libsemanage/src/direct_api.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index c32939c0..7638653a 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -1022,6 +1022,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, + + if (fclose(fp) != 0) { + ERR(sh, "Unable to close %s module ext file.", modinfo->name); ++ fp = NULL; + ret = -1; + goto cleanup; + } +-- +2.30.2 + diff --git a/0008-libsemanage-add-missing-include-to-boolean_record.c.patch b/0008-libsemanage-add-missing-include-to-boolean_record.c.patch new file mode 100644 index 0000000..b0af48d --- /dev/null +++ b/0008-libsemanage-add-missing-include-to-boolean_record.c.patch @@ -0,0 +1,37 @@ +From ecf6e6a9fda1a28cc3df36841b44326ed0c12312 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:22 +0100 +Subject: [PATCH] libsemanage: add missing include to boolean_record.c + +It uses asprintf(3), but doesn't directly include - fix it. + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/src/boolean_record.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libsemanage/src/boolean_record.c b/libsemanage/src/boolean_record.c +index c234094e..bdddfa23 100644 +--- a/libsemanage/src/boolean_record.c ++++ b/libsemanage/src/boolean_record.c +@@ -7,6 +7,9 @@ + */ + + #include ++#include ++#include ++ + #include + #include "handle_internal.h" + +@@ -21,7 +24,6 @@ typedef semanage_bool_key_t record_key_t; + #include "boolean_internal.h" + #include "handle.h" + #include "database.h" +-#include + #include + + /* Key */ +-- +2.30.2 + diff --git a/0009-semodule-libsemanage-move-module-hashing-into-libsem.patch b/0009-semodule-libsemanage-move-module-hashing-into-libsem.patch new file mode 100644 index 0000000..06bfd12 --- /dev/null +++ b/0009-semodule-libsemanage-move-module-hashing-into-libsem.patch @@ -0,0 +1,555 @@ +From 066007029b3dd250305d7fac0bfd53aa1e4543cf Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:23 +0100 +Subject: [PATCH] semodule,libsemanage: move module hashing into libsemanage + +The main goal of this move is to have the SHA-256 implementation under +libsemanage, since upcoming patches will make use of SHA-256 for a +different (but similar) purpose in libsemanage. Having the hashing code +in libsemanage will reduce code duplication and allow for easier hash +algorithm upgrade in the future. + +Note that libselinux currently also contains a hash function +implementation (for yet another different purpose). This patch doesn't +make any effort to address that duplicity yet. + +This patch also changes the format of the hash string printed by +semodule to include the name of the hash. The intent is to avoid +ambiguity and potential collisions when the algorithm is potentially +changed in the future. + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/include/semanage/modules.h | 26 +++ + libsemanage/src/libsemanage.map | 4 + + libsemanage/src/modules.c | 59 +++++ + libsemanage/src/sha256.c | 294 +++++++++++++++++++++++++ + libsemanage/src/sha256.h | 89 ++++++++ + 5 files changed, 472 insertions(+) + create mode 100644 libsemanage/src/sha256.c + create mode 100644 libsemanage/src/sha256.h + +diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h +index 4b93e54e..26ac40b2 100644 +--- a/libsemanage/include/semanage/modules.h ++++ b/libsemanage/include/semanage/modules.h +@@ -282,4 +282,30 @@ int semanage_module_get_enabled(semanage_handle_t *sh, + const semanage_module_key_t *modkey, + int *enabled); + ++/* Compute checksum for @modkey module contents. ++ * ++ * If @checksum is NULL, the function will just return the length of the ++ * checksum string in @checksum_len (checksum strings are guaranteed to ++ * have a fixed length for a given libsemanage binary). @modkey and @cil ++ * are ignored in this case and should be set to NULL and 0 (respectively). ++ * ++ * If @checksum is non-NULL, on success, @checksum will point to a buffer ++ * containing the checksum string and @checksum_len will point to the ++ * length of the string (without the null terminator). The semantics of ++ * @cil are the same as for @extract_cil in semanage_module_extract(). ++ * ++ * The caller is responsible to free the buffer returned in @checksum (using ++ * free(3)). ++ * ++ * Callers may assume that if the checksum strings for two modules match, ++ * the module content is the same (collisions are theoretically possible, ++ * yet extremely unlikely). ++ * ++ * Returns 0 on success and -1 on error. ++ */ ++extern int semanage_module_compute_checksum(semanage_handle_t *sh, ++ semanage_module_key_t *modkey, ++ int cil, char **checksum, ++ size_t *checksum_len); ++ + #endif +diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map +index 02036696..a986b2d2 100644 +--- a/libsemanage/src/libsemanage.map ++++ b/libsemanage/src/libsemanage.map +@@ -63,3 +63,7 @@ LIBSEMANAGE_1.1 { + semanage_module_remove_key; + semanage_set_store_root; + } LIBSEMANAGE_1.0; ++ ++LIBSEMANAGE_3.4 { ++ semanage_module_compute_checksum; ++} LIBSEMANAGE_1.1; +diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c +index fa84d33e..3a82d275 100644 +--- a/libsemanage/src/modules.c ++++ b/libsemanage/src/modules.c +@@ -34,11 +34,13 @@ + #include + #include + #include ++#include + #include + #include + + #include "handle.h" + #include "modules.h" ++#include "sha256.h" + #include "debug.h" + + asm(".symver semanage_module_get_enabled_1_1,semanage_module_get_enabled@@LIBSEMANAGE_1.1"); +@@ -1146,3 +1148,60 @@ int semanage_module_remove_key(semanage_handle_t *sh, + return sh->funcs->remove_key(sh, modkey); + } + ++static const char CHECKSUM_TYPE[] = "sha256"; ++static const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; ++ ++static void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) ++{ ++ size_t i; ++ ++ checksum += sprintf(checksum, "%s:", CHECKSUM_TYPE); ++ for (i = 0; i < SHA256_HASH_SIZE; i++) { ++ checksum += sprintf(checksum, "%02x", (unsigned)hash[i]); ++ } ++} ++ ++int semanage_module_compute_checksum(semanage_handle_t *sh, ++ semanage_module_key_t *modkey, ++ int cil, char **checksum, ++ size_t *checksum_len) ++{ ++ semanage_module_info_t *extract_info = NULL; ++ Sha256Context context; ++ SHA256_HASH sha256_hash; ++ char *checksum_str; ++ void *data; ++ size_t data_len = 0; ++ int result; ++ ++ if (!checksum_len) ++ return -1; ++ ++ if (!checksum) { ++ *checksum_len = CHECKSUM_CONTENT_SIZE; ++ return 0; ++ } ++ ++ result = semanage_module_extract(sh, modkey, cil, &data, &data_len, &extract_info); ++ if (result != 0) ++ return -1; ++ ++ semanage_module_info_destroy(sh, extract_info); ++ free(extract_info); ++ ++ Sha256Initialise(&context); ++ Sha256Update(&context, data, data_len); ++ Sha256Finalise(&context, &sha256_hash); ++ ++ munmap(data, data_len); ++ ++ checksum_str = malloc(CHECKSUM_CONTENT_SIZE + 1 /* '\0' */); ++ if (!checksum_str) ++ return -1; ++ ++ semanage_hash_to_checksum_string(sha256_hash.bytes, checksum_str); ++ ++ *checksum = checksum_str; ++ *checksum_len = CHECKSUM_CONTENT_SIZE; ++ return 0; ++} +diff --git a/libsemanage/src/sha256.c b/libsemanage/src/sha256.c +new file mode 100644 +index 00000000..fe2aeef0 +--- /dev/null ++++ b/libsemanage/src/sha256.c +@@ -0,0 +1,294 @@ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// WjCryptLib_Sha256 ++// ++// Implementation of SHA256 hash function. ++// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org ++// Modified by WaterJuice retaining Public Domain license. ++// ++// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// IMPORTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#include "sha256.h" ++#include ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// MACROS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits)))) ++ ++#define MIN(x, y) ( ((x)<(y))?(x):(y) ) ++ ++#define STORE32H(x, y) \ ++ { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \ ++ (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); } ++ ++#define LOAD32H(x, y) \ ++ { x = ((uint32_t)((y)[0] & 255)<<24) | \ ++ ((uint32_t)((y)[1] & 255)<<16) | \ ++ ((uint32_t)((y)[2] & 255)<<8) | \ ++ ((uint32_t)((y)[3] & 255)); } ++ ++#define STORE64H(x, y) \ ++ { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \ ++ (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \ ++ (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \ ++ (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); } ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// CONSTANTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++// The K array ++static const uint32_t K[64] = { ++ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, ++ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, ++ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, ++ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, ++ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, ++ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, ++ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, ++ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, ++ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, ++ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, ++ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, ++ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, ++ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL ++}; ++ ++#define BLOCK_SIZE 64 ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// INTERNAL FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++// Various logical functions ++#define Ch( x, y, z ) (z ^ (x & (y ^ z))) ++#define Maj( x, y, z ) (((x | y) & z) | (x & y)) ++#define S( x, n ) ror((x),(n)) ++#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n)) ++#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) ++#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) ++#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) ++#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) ++ ++#define Sha256Round( a, b, c, d, e, f, g, h, i ) \ ++ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ ++ t1 = Sigma0(a) + Maj(a, b, c); \ ++ d += t0; \ ++ h = t0 + t1; ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// TransformFunction ++// ++// Compress 512-bits ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++static ++void ++ TransformFunction ++ ( ++ Sha256Context* Context, ++ uint8_t const* Buffer ++ ) ++{ ++ uint32_t S[8]; ++ uint32_t W[64]; ++ uint32_t t0; ++ uint32_t t1; ++ uint32_t t; ++ int i; ++ ++ // Copy state into S ++ for( i=0; i<8; i++ ) ++ { ++ S[i] = Context->state[i]; ++ } ++ ++ // Copy the state into 512-bits into W[0..15] ++ for( i=0; i<16; i++ ) ++ { ++ LOAD32H( W[i], Buffer + (4*i) ); ++ } ++ ++ // Fill W[16..63] ++ for( i=16; i<64; i++ ) ++ { ++ W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16]; ++ } ++ ++ // Compress ++ for( i=0; i<64; i++ ) ++ { ++ Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i ); ++ t = S[7]; ++ S[7] = S[6]; ++ S[6] = S[5]; ++ S[5] = S[4]; ++ S[4] = S[3]; ++ S[3] = S[2]; ++ S[2] = S[1]; ++ S[1] = S[0]; ++ S[0] = t; ++ } ++ ++ // Feedback ++ for( i=0; i<8; i++ ) ++ { ++ Context->state[i] = Context->state[i] + S[i]; ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// PUBLIC FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Initialise ++// ++// Initialises a SHA256 Context. Use this to initialise/reset a context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Initialise ++ ( ++ Sha256Context* Context // [out] ++ ) ++{ ++ Context->curlen = 0; ++ Context->length = 0; ++ Context->state[0] = 0x6A09E667UL; ++ Context->state[1] = 0xBB67AE85UL; ++ Context->state[2] = 0x3C6EF372UL; ++ Context->state[3] = 0xA54FF53AUL; ++ Context->state[4] = 0x510E527FUL; ++ Context->state[5] = 0x9B05688CUL; ++ Context->state[6] = 0x1F83D9ABUL; ++ Context->state[7] = 0x5BE0CD19UL; ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Update ++// ++// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on ++// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Update ++ ( ++ Sha256Context* Context, // [in out] ++ void const* Buffer, // [in] ++ uint32_t BufferSize // [in] ++ ) ++{ ++ uint32_t n; ++ ++ if( Context->curlen > sizeof(Context->buf) ) ++ { ++ return; ++ } ++ ++ while( BufferSize > 0 ) ++ { ++ if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE ) ++ { ++ TransformFunction( Context, (uint8_t*)Buffer ); ++ Context->length += BLOCK_SIZE * 8; ++ Buffer = (uint8_t*)Buffer + BLOCK_SIZE; ++ BufferSize -= BLOCK_SIZE; ++ } ++ else ++ { ++ n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) ); ++ memcpy( Context->buf + Context->curlen, Buffer, (size_t)n ); ++ Context->curlen += n; ++ Buffer = (uint8_t*)Buffer + n; ++ BufferSize -= n; ++ if( Context->curlen == BLOCK_SIZE ) ++ { ++ TransformFunction( Context, Context->buf ); ++ Context->length += 8*BLOCK_SIZE; ++ Context->curlen = 0; ++ } ++ } ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Finalise ++// ++// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After ++// calling this, Sha256Initialised must be used to reuse the context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Finalise ++ ( ++ Sha256Context* Context, // [in out] ++ SHA256_HASH* Digest // [out] ++ ) ++{ ++ int i; ++ ++ if( Context->curlen >= sizeof(Context->buf) ) ++ { ++ return; ++ } ++ ++ // Increase the length of the message ++ Context->length += Context->curlen * 8; ++ ++ // Append the '1' bit ++ Context->buf[Context->curlen++] = (uint8_t)0x80; ++ ++ // if the length is currently above 56 bytes we append zeros ++ // then compress. Then we can fall back to padding zeros and length ++ // encoding like normal. ++ if( Context->curlen > 56 ) ++ { ++ while( Context->curlen < 64 ) ++ { ++ Context->buf[Context->curlen++] = (uint8_t)0; ++ } ++ TransformFunction(Context, Context->buf); ++ Context->curlen = 0; ++ } ++ ++ // Pad up to 56 bytes of zeroes ++ while( Context->curlen < 56 ) ++ { ++ Context->buf[Context->curlen++] = (uint8_t)0; ++ } ++ ++ // Store length ++ STORE64H( Context->length, Context->buf+56 ); ++ TransformFunction( Context, Context->buf ); ++ ++ // Copy output ++ for( i=0; i<8; i++ ) ++ { ++ STORE32H( Context->state[i], Digest->bytes+(4*i) ); ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Calculate ++// ++// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the ++// buffer. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Calculate ++ ( ++ void const* Buffer, // [in] ++ uint32_t BufferSize, // [in] ++ SHA256_HASH* Digest // [in] ++ ) ++{ ++ Sha256Context context; ++ ++ Sha256Initialise( &context ); ++ Sha256Update( &context, Buffer, BufferSize ); ++ Sha256Finalise( &context, Digest ); ++} +diff --git a/libsemanage/src/sha256.h b/libsemanage/src/sha256.h +new file mode 100644 +index 00000000..406ed869 +--- /dev/null ++++ b/libsemanage/src/sha256.h +@@ -0,0 +1,89 @@ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// WjCryptLib_Sha256 ++// ++// Implementation of SHA256 hash function. ++// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org ++// Modified by WaterJuice retaining Public Domain license. ++// ++// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#pragma once ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// IMPORTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#include ++#include ++ ++typedef struct ++{ ++ uint64_t length; ++ uint32_t state[8]; ++ uint32_t curlen; ++ uint8_t buf[64]; ++} Sha256Context; ++ ++#define SHA256_HASH_SIZE ( 256 / 8 ) ++ ++typedef struct ++{ ++ uint8_t bytes [SHA256_HASH_SIZE]; ++} SHA256_HASH; ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// PUBLIC FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Initialise ++// ++// Initialises a SHA256 Context. Use this to initialise/reset a context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Initialise ++ ( ++ Sha256Context* Context // [out] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Update ++// ++// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on ++// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Update ++ ( ++ Sha256Context* Context, // [in out] ++ void const* Buffer, // [in] ++ uint32_t BufferSize // [in] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Finalise ++// ++// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After ++// calling this, Sha256Initialised must be used to reuse the context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Finalise ++ ( ++ Sha256Context* Context, // [in out] ++ SHA256_HASH* Digest // [out] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Calculate ++// ++// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the ++// buffer. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Calculate ++ ( ++ void const* Buffer, // [in] ++ uint32_t BufferSize, // [in] ++ SHA256_HASH* Digest // [in] ++ ); +-- +2.30.2 + diff --git a/0010-libsemanage-move-compressed-file-handling-into-a-sep.patch b/0010-libsemanage-move-compressed-file-handling-into-a-sep.patch new file mode 100644 index 0000000..1a49ac4 --- /dev/null +++ b/0010-libsemanage-move-compressed-file-handling-into-a-sep.patch @@ -0,0 +1,824 @@ +From f8c74eaf19df123deabe9e2c71bd5b3c2beba06a Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:24 +0100 +Subject: [PATCH] libsemanage: move compressed file handling into a separate + object + +In order to reduce exisiting and future code duplication and to avoid +some unnecessary allocations and copying, factor the compressed file +utility functions out into a separate C/header file and refactor their +interface. + +Note that this change effectively removes the __fsetlocking(3) call from +semanage_load_files() - I haven't been able to figure out what purpose +it serves, but it seems pointless... + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/src/compressed_file.c | 224 +++++++++++++++++++++++++ + libsemanage/src/compressed_file.h | 78 +++++++++ + libsemanage/src/direct_api.c | 263 +++++------------------------- + libsemanage/src/direct_api.h | 4 - + libsemanage/src/semanage_store.c | 52 ++---- + 5 files changed, 354 insertions(+), 267 deletions(-) + create mode 100644 libsemanage/src/compressed_file.c + create mode 100644 libsemanage/src/compressed_file.h + +diff --git a/libsemanage/src/compressed_file.c b/libsemanage/src/compressed_file.c +new file mode 100644 +index 00000000..5546b830 +--- /dev/null ++++ b/libsemanage/src/compressed_file.c +@@ -0,0 +1,224 @@ ++/* Author: Jason Tang ++ * Christopher Ashworth ++ * Ondrej Mosnacek ++ * ++ * Copyright (C) 2004-2006 Tresys Technology, LLC ++ * Copyright (C) 2005-2021 Red Hat, Inc. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++#include ++#include ++#include ++ ++#include ++#include ++ ++#include ++ ++#include "compressed_file.h" ++ ++#include "debug.h" ++ ++#define BZ2_MAGICSTR "BZh" ++#define BZ2_MAGICLEN (sizeof(BZ2_MAGICSTR)-1) ++ ++/* bzip() a data to a file, returning the total number of compressed bytes ++ * in the file. Returns -1 if file could not be compressed. */ ++static int bzip(semanage_handle_t *sh, const char *filename, void *data, ++ size_t num_bytes) ++{ ++ BZFILE* b; ++ size_t size = 1<<16; ++ int bzerror; ++ size_t total = 0; ++ size_t len = 0; ++ FILE *f; ++ ++ if ((f = fopen(filename, "wb")) == NULL) { ++ return -1; ++ } ++ ++ if (!sh->conf->bzip_blocksize) { ++ if (fwrite(data, 1, num_bytes, f) < num_bytes) { ++ fclose(f); ++ return -1; ++ } ++ fclose(f); ++ return 0; ++ } ++ ++ b = BZ2_bzWriteOpen( &bzerror, f, sh->conf->bzip_blocksize, 0, 0); ++ if (bzerror != BZ_OK) { ++ BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); ++ fclose(f); ++ return -1; ++ } ++ ++ while ( num_bytes > total ) { ++ if (num_bytes - total > size) { ++ len = size; ++ } else { ++ len = num_bytes - total; ++ } ++ BZ2_bzWrite ( &bzerror, b, (uint8_t *)data + total, len ); ++ if (bzerror == BZ_IO_ERROR) { ++ BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); ++ fclose(f); ++ return -1; ++ } ++ total += len; ++ } ++ ++ BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); ++ fclose(f); ++ if (bzerror == BZ_IO_ERROR) { ++ return -1; ++ } ++ return 0; ++} ++ ++/* bunzip() a file to '*data', returning the total number of uncompressed bytes ++ * in the file. Returns -1 if file could not be decompressed. */ ++static ssize_t bunzip(semanage_handle_t *sh, FILE *f, void **data) ++{ ++ BZFILE* b = NULL; ++ size_t nBuf; ++ uint8_t* buf = NULL; ++ size_t size = 1<<18; ++ size_t bufsize = size; ++ int bzerror; ++ size_t total = 0; ++ uint8_t* uncompress = NULL; ++ uint8_t* tmpalloc = NULL; ++ int ret = -1; ++ ++ buf = malloc(bufsize); ++ if (buf == NULL) { ++ ERR(sh, "Failure allocating memory."); ++ goto exit; ++ } ++ ++ /* Check if the file is bzipped */ ++ bzerror = fread(buf, 1, BZ2_MAGICLEN, f); ++ rewind(f); ++ if ((bzerror != BZ2_MAGICLEN) || memcmp(buf, BZ2_MAGICSTR, BZ2_MAGICLEN)) { ++ goto exit; ++ } ++ ++ b = BZ2_bzReadOpen ( &bzerror, f, 0, sh->conf->bzip_small, NULL, 0 ); ++ if ( bzerror != BZ_OK ) { ++ ERR(sh, "Failure opening bz2 archive."); ++ goto exit; ++ } ++ ++ uncompress = malloc(size); ++ if (uncompress == NULL) { ++ ERR(sh, "Failure allocating memory."); ++ goto exit; ++ } ++ ++ while ( bzerror == BZ_OK) { ++ nBuf = BZ2_bzRead ( &bzerror, b, buf, bufsize); ++ if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) { ++ if (total + nBuf > size) { ++ size *= 2; ++ tmpalloc = realloc(uncompress, size); ++ if (tmpalloc == NULL) { ++ ERR(sh, "Failure allocating memory."); ++ goto exit; ++ } ++ uncompress = tmpalloc; ++ } ++ memcpy(&uncompress[total], buf, nBuf); ++ total += nBuf; ++ } ++ } ++ if ( bzerror != BZ_STREAM_END ) { ++ ERR(sh, "Failure reading bz2 archive."); ++ goto exit; ++ } ++ ++ ret = total; ++ *data = uncompress; ++ ++exit: ++ BZ2_bzReadClose ( &bzerror, b ); ++ free(buf); ++ if ( ret < 0 ) { ++ free(uncompress); ++ } ++ return ret; ++} ++ ++int map_compressed_file(semanage_handle_t *sh, const char *path, ++ struct file_contents *contents) ++{ ++ ssize_t size = -1; ++ void *uncompress; ++ int ret = 0, fd = -1; ++ FILE *file = NULL; ++ ++ fd = open(path, O_RDONLY); ++ if (fd == -1) { ++ ERR(sh, "Unable to open %s\n", path); ++ return -1; ++ } ++ ++ file = fdopen(fd, "r"); ++ if (file == NULL) { ++ ERR(sh, "Unable to open %s\n", path); ++ close(fd); ++ return -1; ++ } ++ ++ if ((size = bunzip(sh, file, &uncompress)) >= 0) { ++ contents->data = uncompress; ++ contents->len = size; ++ contents->compressed = 1; ++ } else { ++ struct stat sb; ++ if (fstat(fd, &sb) == -1 || ++ (uncompress = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == ++ MAP_FAILED) { ++ ret = -1; ++ } else { ++ contents->data = uncompress; ++ contents->len = sb.st_size; ++ contents->compressed = 0; ++ } ++ } ++ fclose(file); ++ return ret; ++} ++ ++void unmap_compressed_file(struct file_contents *contents) ++{ ++ if (!contents->data) ++ return; ++ ++ if (contents->compressed) { ++ free(contents->data); ++ } else { ++ munmap(contents->data, contents->len); ++ } ++} ++ ++int write_compressed_file(semanage_handle_t *sh, const char *path, ++ void *data, size_t len) ++{ ++ return bzip(sh, path, data, len); ++} +diff --git a/libsemanage/src/compressed_file.h b/libsemanage/src/compressed_file.h +new file mode 100644 +index 00000000..96cfb4b6 +--- /dev/null ++++ b/libsemanage/src/compressed_file.h +@@ -0,0 +1,78 @@ ++/* Author: Jason Tang ++ * Christopher Ashworth ++ * Ondrej Mosnacek ++ * ++ * Copyright (C) 2004-2006 Tresys Technology, LLC ++ * Copyright (C) 2005-2021 Red Hat, Inc. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++#ifndef _SEMANAGE_CIL_FILE_H_ ++#define _SEMANAGE_CIL_FILE_H_ ++ ++#include ++#include ++ ++#include "handle.h" ++ ++struct file_contents { ++ void *data; /** file contents (uncompressed) */ ++ size_t len; /** length of contents */ ++ int compressed; /** whether file was compressed */ ++}; ++ ++/** ++ * Map/read a possibly-compressed file into memory. ++ * ++ * If the file is bzip compressed map_file will uncompress the file into ++ * @p contents. The caller is responsible for calling ++ * @ref unmap_compressed_file on @p contents on success. ++ * ++ * @param sh semanage handle ++ * @param path path to the file ++ * @param contents pointer to struct file_contents, which will be ++ * populated with data pointer, size, and an indication whether ++ * the file was compressed or not ++ * ++ * @return 0 on success, -1 otherwise. ++ */ ++int map_compressed_file(semanage_handle_t *sh, const char *path, ++ struct file_contents *contents); ++ ++/** ++ * Destroy a previously mapped possibly-compressed file. ++ * ++ * If all fields of @p contents are zero/NULL, the function is ++ * guaranteed to do nothing. ++ * ++ * @param contents pointer to struct file_contents to destroy ++ */ ++void unmap_compressed_file(struct file_contents *contents); ++ ++/** ++ * Write bytes into a file, using compression if configured. ++ * ++ * @param sh semanage handle ++ * @param path path to the file ++ * @param data pointer to the data ++ * @param len length of the data ++ * ++ * @return 0 on success, -1 otherwise. ++ */ ++int write_compressed_file(semanage_handle_t *sh, const char *path, ++ void *data, size_t len); ++ ++#endif +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index 7638653a..63a18808 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -50,6 +50,7 @@ + + #include "debug.h" + #include "handle.h" ++#include "compressed_file.h" + #include "modules.h" + #include "direct_api.h" + #include "semanage_store.h" +@@ -446,194 +447,6 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, + return 0; + } + +-#include +-#include +-#include +-#include +- +-/* bzip() a data to a file, returning the total number of compressed bytes +- * in the file. Returns -1 if file could not be compressed. */ +-static ssize_t bzip(semanage_handle_t *sh, const char *filename, char *data, +- size_t num_bytes) +-{ +- BZFILE* b; +- size_t size = 1<<16; +- int bzerror; +- size_t total = 0; +- size_t len = 0; +- FILE *f; +- +- if ((f = fopen(filename, "wb")) == NULL) { +- return -1; +- } +- +- if (!sh->conf->bzip_blocksize) { +- if (fwrite(data, 1, num_bytes, f) < num_bytes) { +- fclose(f); +- return -1; +- } +- fclose(f); +- return num_bytes; +- } +- +- b = BZ2_bzWriteOpen( &bzerror, f, sh->conf->bzip_blocksize, 0, 0); +- if (bzerror != BZ_OK) { +- BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); +- return -1; +- } +- +- while ( num_bytes > total ) { +- if (num_bytes - total > size) { +- len = size; +- } else { +- len = num_bytes - total; +- } +- BZ2_bzWrite ( &bzerror, b, &data[total], len ); +- if (bzerror == BZ_IO_ERROR) { +- BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); +- return -1; +- } +- total += len; +- } +- +- BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); +- fclose(f); +- if (bzerror == BZ_IO_ERROR) { +- return -1; +- } +- return total; +-} +- +-#define BZ2_MAGICSTR "BZh" +-#define BZ2_MAGICLEN (sizeof(BZ2_MAGICSTR)-1) +- +-/* bunzip() a file to '*data', returning the total number of uncompressed bytes +- * in the file. Returns -1 if file could not be decompressed. */ +-ssize_t bunzip(semanage_handle_t *sh, FILE *f, char **data) +-{ +- BZFILE* b = NULL; +- size_t nBuf; +- char* buf = NULL; +- size_t size = 1<<18; +- size_t bufsize = size; +- int bzerror; +- size_t total = 0; +- char* uncompress = NULL; +- char* tmpalloc = NULL; +- int ret = -1; +- +- buf = malloc(bufsize); +- if (buf == NULL) { +- ERR(sh, "Failure allocating memory."); +- goto exit; +- } +- +- /* Check if the file is bzipped */ +- bzerror = fread(buf, 1, BZ2_MAGICLEN, f); +- rewind(f); +- if ((bzerror != BZ2_MAGICLEN) || memcmp(buf, BZ2_MAGICSTR, BZ2_MAGICLEN)) { +- goto exit; +- } +- +- b = BZ2_bzReadOpen ( &bzerror, f, 0, sh->conf->bzip_small, NULL, 0 ); +- if ( bzerror != BZ_OK ) { +- ERR(sh, "Failure opening bz2 archive."); +- goto exit; +- } +- +- uncompress = malloc(size); +- if (uncompress == NULL) { +- ERR(sh, "Failure allocating memory."); +- goto exit; +- } +- +- while ( bzerror == BZ_OK) { +- nBuf = BZ2_bzRead ( &bzerror, b, buf, bufsize); +- if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) { +- if (total + nBuf > size) { +- size *= 2; +- tmpalloc = realloc(uncompress, size); +- if (tmpalloc == NULL) { +- ERR(sh, "Failure allocating memory."); +- goto exit; +- } +- uncompress = tmpalloc; +- } +- memcpy(&uncompress[total], buf, nBuf); +- total += nBuf; +- } +- } +- if ( bzerror != BZ_STREAM_END ) { +- ERR(sh, "Failure reading bz2 archive."); +- goto exit; +- } +- +- ret = total; +- *data = uncompress; +- +-exit: +- BZ2_bzReadClose ( &bzerror, b ); +- free(buf); +- if ( ret < 0 ) { +- free(uncompress); +- } +- return ret; +-} +- +-/* mmap() a file to '*data', +- * If the file is bzip compressed map_file will uncompress +- * the file into '*data'. +- * Returns the total number of bytes in memory . +- * Returns -1 if file could not be opened or mapped. */ +-static ssize_t map_file(semanage_handle_t *sh, const char *path, char **data, +- int *compressed) +-{ +- ssize_t size = -1; +- char *uncompress; +- int fd = -1; +- FILE *file = NULL; +- +- fd = open(path, O_RDONLY); +- if (fd == -1) { +- ERR(sh, "Unable to open %s\n", path); +- return -1; +- } +- +- file = fdopen(fd, "r"); +- if (file == NULL) { +- ERR(sh, "Unable to open %s\n", path); +- close(fd); +- return -1; +- } +- +- if ((size = bunzip(sh, file, &uncompress)) > 0) { +- *data = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); +- if (*data == MAP_FAILED) { +- free(uncompress); +- fclose(file); +- return -1; +- } else { +- memcpy(*data, uncompress, size); +- } +- free(uncompress); +- *compressed = 1; +- } else { +- struct stat sb; +- if (fstat(fd, &sb) == -1 || +- (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == +- MAP_FAILED) { +- size = -1; +- } else { +- size = sb.st_size; +- } +- *compressed = 0; +- } +- +- fclose(file); +- +- return size; +-} +- + /* Writes a block of data to a file. Returns 0 on success, -1 on + * error. */ + static int write_file(semanage_handle_t * sh, +@@ -1045,15 +858,12 @@ static int semanage_compile_module(semanage_handle_t *sh, + char *compiler_path = NULL; + char *cil_data = NULL; + char *err_data = NULL; +- char *hll_data = NULL; + char *start = NULL; + char *end = NULL; +- ssize_t hll_data_len = 0; +- ssize_t bzip_status; + int status = 0; +- int compressed; + size_t cil_data_len = 0; + size_t err_data_len = 0; ++ struct file_contents hll_contents = {}; + + if (!strcasecmp(modinfo->lang_ext, "cil")) { + goto cleanup; +@@ -1084,13 +894,15 @@ static int semanage_compile_module(semanage_handle_t *sh, + goto cleanup; + } + +- if ((hll_data_len = map_file(sh, hll_path, &hll_data, &compressed)) <= 0) { ++ status = map_compressed_file(sh, hll_path, &hll_contents); ++ if (status < 0) { + ERR(sh, "Unable to read file %s\n", hll_path); +- status = -1; + goto cleanup; + } + +- status = semanage_pipe_data(sh, compiler_path, hll_data, (size_t)hll_data_len, &cil_data, &cil_data_len, &err_data, &err_data_len); ++ status = semanage_pipe_data(sh, compiler_path, hll_contents.data, ++ hll_contents.len, &cil_data, &cil_data_len, ++ &err_data, &err_data_len); + if (err_data_len > 0) { + for (start = end = err_data; end < err_data + err_data_len; end++) { + if (*end == '\n') { +@@ -1110,10 +922,9 @@ static int semanage_compile_module(semanage_handle_t *sh, + goto cleanup; + } + +- bzip_status = bzip(sh, cil_path, cil_data, cil_data_len); +- if (bzip_status == -1) { +- ERR(sh, "Failed to bzip %s\n", cil_path); +- status = -1; ++ status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); ++ if (status == -1) { ++ ERR(sh, "Failed to write %s\n", cil_path); + goto cleanup; + } + +@@ -1131,9 +942,7 @@ static int semanage_compile_module(semanage_handle_t *sh, + } + + cleanup: +- if (hll_data_len > 0) { +- munmap(hll_data, hll_data_len); +- } ++ unmap_compressed_file(&hll_contents); + free(cil_data); + free(err_data); + free(compiler_path); +@@ -1749,19 +1558,17 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + { + + int retval = -1; +- char *data = NULL; +- ssize_t data_len = 0; +- int compressed = 0; + char *path = NULL; + char *filename; + char *lang_ext = NULL; + char *module_name = NULL; + char *separator; + char *version = NULL; ++ struct file_contents contents = {}; + +- if ((data_len = map_file(sh, install_filename, &data, &compressed)) <= 0) { ++ retval = map_compressed_file(sh, install_filename, &contents); ++ if (retval < 0) { + ERR(sh, "Unable to read file %s\n", install_filename); +- retval = -1; + goto cleanup; + } + +@@ -1774,7 +1581,7 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + + filename = basename(path); + +- if (compressed) { ++ if (contents.compressed) { + separator = strrchr(filename, '.'); + if (separator == NULL) { + ERR(sh, "Compressed module does not have a valid extension."); +@@ -1798,7 +1605,8 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + } + + if (strcmp(lang_ext, "pp") == 0) { +- retval = parse_module_headers(sh, data, data_len, &module_name, &version); ++ retval = parse_module_headers(sh, contents.data, contents.len, ++ &module_name, &version); + free(version); + if (retval != 0) + goto cleanup; +@@ -1815,10 +1623,11 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename); + } + +- retval = semanage_direct_install(sh, data, data_len, module_name, lang_ext); ++ retval = semanage_direct_install(sh, contents.data, contents.len, ++ module_name, lang_ext); + + cleanup: +- if (data_len > 0) munmap(data, data_len); ++ unmap_compressed_file(&contents); + free(module_name); + free(path); + +@@ -1837,10 +1646,8 @@ static int semanage_direct_extract(semanage_handle_t * sh, + enum semanage_module_path_type file_type; + int rc = -1; + semanage_module_info_t *_modinfo = NULL; +- ssize_t _data_len; +- char *_data; +- int compressed; + struct stat sb; ++ struct file_contents contents = {}; + + /* get path of module */ + rc = semanage_module_get_path( +@@ -1896,19 +1703,33 @@ static int semanage_direct_extract(semanage_handle_t * sh, + } + } + +- _data_len = map_file(sh, input_file, &_data, &compressed); +- if (_data_len <= 0) { ++ rc = map_compressed_file(sh, input_file, &contents); ++ if (rc < 0) { + ERR(sh, "Error mapping file: %s", input_file); +- rc = -1; + goto cleanup; + } + ++ /* The API promises an mmap'ed pointer */ ++ if (contents.compressed) { ++ *mapped_data = mmap(NULL, contents.len, PROT_READ|PROT_WRITE, ++ MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); ++ if (*mapped_data == MAP_FAILED) { ++ ERR(sh, "Unable to map memory"); ++ rc = -1; ++ goto cleanup; ++ } ++ memcpy(*mapped_data, contents.data, contents.len); ++ free(contents.data); ++ } else { ++ *mapped_data = contents.data; ++ } ++ + *modinfo = _modinfo; +- *data_len = (size_t)_data_len; +- *mapped_data = _data; ++ *data_len = contents.len; + + cleanup: + if (rc != 0) { ++ unmap_compressed_file(&contents); + semanage_module_info_destroy(sh, _modinfo); + free(_modinfo); + } +@@ -2857,8 +2678,8 @@ static int semanage_direct_install_info(semanage_handle_t *sh, + goto cleanup; + } + +- ret = bzip(sh, path, data, data_len); +- if (ret <= 0) { ++ ret = write_compressed_file(sh, path, data, data_len); ++ if (ret < 0) { + ERR(sh, "Error while writing to %s.", path); + status = -3; + goto cleanup; +diff --git a/libsemanage/src/direct_api.h b/libsemanage/src/direct_api.h +index e56107b2..ffd428eb 100644 +--- a/libsemanage/src/direct_api.h ++++ b/libsemanage/src/direct_api.h +@@ -39,8 +39,4 @@ int semanage_direct_access_check(struct semanage_handle *sh); + + int semanage_direct_mls_enabled(struct semanage_handle *sh); + +-#include +-#include +-ssize_t bunzip(struct semanage_handle *sh, FILE *f, char **data); +- + #endif +diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c +index ae023582..c5ce071c 100644 +--- a/libsemanage/src/semanage_store.c ++++ b/libsemanage/src/semanage_store.c +@@ -59,6 +59,7 @@ typedef struct dbase_policydb dbase_t; + + #include "debug.h" + #include "utilities.h" ++#include "compressed_file.h" + + #define SEMANAGE_CONF_FILE "semanage.conf" + /* relative path names to enum semanage_paths to special files and +@@ -2055,60 +2056,27 @@ int semanage_direct_get_serial(semanage_handle_t * sh) + + int semanage_load_files(semanage_handle_t * sh, cil_db_t *cildb, char **filenames, int numfiles) + { +- int retval = 0; +- FILE *fp; +- ssize_t size; +- char *data = NULL; ++ int i, retval = 0; + char *filename; +- int i; ++ struct file_contents contents = {}; + + for (i = 0; i < numfiles; i++) { + filename = filenames[i]; + +- if ((fp = fopen(filename, "rb")) == NULL) { +- ERR(sh, "Could not open module file %s for reading.", filename); +- goto cleanup; +- } +- +- if ((size = bunzip(sh, fp, &data)) <= 0) { +- rewind(fp); +- __fsetlocking(fp, FSETLOCKING_BYCALLER); +- +- if (fseek(fp, 0, SEEK_END) != 0) { +- ERR(sh, "Failed to determine size of file %s.", filename); +- goto cleanup; +- } +- size = ftell(fp); +- rewind(fp); +- +- data = malloc(size); +- if (fread(data, size, 1, fp) != 1) { +- ERR(sh, "Failed to read file %s.", filename); +- goto cleanup; +- } +- } ++ retval = map_compressed_file(sh, filename, &contents); ++ if (retval < 0) ++ return -1; + +- fclose(fp); +- fp = NULL; ++ retval = cil_add_file(cildb, filename, contents.data, contents.len); ++ unmap_compressed_file(&contents); + +- retval = cil_add_file(cildb, filename, data, size); + if (retval != SEPOL_OK) { + ERR(sh, "Error while reading from file %s.", filename); +- goto cleanup; ++ return -1; + } +- +- free(data); +- data = NULL; + } + +- return retval; +- +- cleanup: +- if (fp != NULL) { +- fclose(fp); +- } +- free(data); +- return -1; ++ return 0; + } + + /* +-- +2.30.2 + diff --git a/0011-libsemanage-clean-up-semanage_direct_commit-a-bit.patch b/0011-libsemanage-clean-up-semanage_direct_commit-a-bit.patch new file mode 100644 index 0000000..7fa31f7 --- /dev/null +++ b/0011-libsemanage-clean-up-semanage_direct_commit-a-bit.patch @@ -0,0 +1,150 @@ +From 129e121c9ab17f726a9a6294cfe04db97016e7ef Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:25 +0100 +Subject: [PATCH] libsemanage: clean up semanage_direct_commit() a bit + +Do some minor cosmetic cleanup, mainly to eliminate the 'rebuilt' goto +label. + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/src/direct_api.c | 91 ++++++++++++++++++------------------ + 1 file changed, 45 insertions(+), 46 deletions(-) + +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index 63a18808..7e99a59f 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -994,6 +994,16 @@ cleanup: + return status; + } + ++/* Files that must exist in order to skip policy rebuild. */ ++static const int semanage_computed_files[] = { ++ SEMANAGE_STORE_KERNEL, ++ SEMANAGE_STORE_FC, ++ SEMANAGE_STORE_SEUSERS, ++ SEMANAGE_LINKED, ++ SEMANAGE_SEUSERS_LINKED, ++ SEMANAGE_USERS_EXTRA_LINKED ++}; ++ + /* Copies a file from src to dst. If dst already exists then + * overwrite it. If source doesn't exist then return success. + * Returns 0 on success, -1 on error. */ +@@ -1053,6 +1063,14 @@ static int semanage_direct_commit(semanage_handle_t * sh) + seusers_modified = seusers->dtable->is_modified(seusers->dbase); + fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase); + ++ /* Before we do anything else, flush the join to its component parts. ++ * This *does not* flush to disk automatically */ ++ if (users->dtable->is_modified(users->dbase)) { ++ retval = users->dtable->flush(sh, users->dbase); ++ if (retval < 0) ++ goto cleanup; ++ } ++ + /* Rebuild if explicitly requested or any module changes occurred. */ + do_rebuild = sh->do_rebuild | sh->modules_modified; + +@@ -1119,14 +1137,6 @@ static int semanage_direct_commit(semanage_handle_t * sh) + } + } + +- /* Before we do anything else, flush the join to its component parts. +- * This *does not* flush to disk automatically */ +- if (users->dtable->is_modified(users->dbase)) { +- retval = users->dtable->flush(sh, users->dbase); +- if (retval < 0) +- goto cleanup; +- } +- + /* + * This is for systems that have already migrated with an older version + * of semanage_migrate_store. The older version did not copy +@@ -1135,48 +1145,20 @@ static int semanage_direct_commit(semanage_handle_t * sh) + * in order to skip re-linking are present; otherwise, we force + * a rebuild. + */ +- if (!do_rebuild) { +- int files[] = {SEMANAGE_STORE_KERNEL, +- SEMANAGE_STORE_FC, +- SEMANAGE_STORE_SEUSERS, +- SEMANAGE_LINKED, +- SEMANAGE_SEUSERS_LINKED, +- SEMANAGE_USERS_EXTRA_LINKED}; +- +- for (i = 0; i < (int) ARRAY_SIZE(files); i++) { +- path = semanage_path(SEMANAGE_TMP, files[i]); +- if (stat(path, &sb) != 0) { +- if (errno != ENOENT) { +- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); +- retval = -1; +- goto cleanup; +- } +- +- do_rebuild = 1; +- goto rebuild; ++ for (i = 0; !do_rebuild && i < (int)ARRAY_SIZE(semanage_computed_files); i++) { ++ path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]); ++ if (stat(path, &sb) != 0) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ retval = -1; ++ goto cleanup; + } ++ ++ do_rebuild = 1; ++ break; + } + } + +-rebuild: +- /* +- * Now that we know whether or not a rebuild is required, +- * we can determine what else needs to be done. +- * We need to write the kernel policy if we are rebuilding +- * or if any other policy component that lives in the kernel +- * policy has been modified. +- * We need to install the policy files if any of the managed files +- * that live under /etc/selinux (kernel policy, seusers, file contexts) +- * will be modified. +- */ +- do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | +- ibendports_modified | +- bools->dtable->is_modified(bools->dbase) | +- ifaces->dtable->is_modified(ifaces->dbase) | +- nodes->dtable->is_modified(nodes->dbase) | +- users->dtable->is_modified(users_base->dbase); +- do_install = do_write_kernel | seusers_modified | fcontexts_modified; +- + /* + * If there were policy changes, or explicitly requested, or + * any required files are missing, rebuild the policy. +@@ -1323,6 +1305,23 @@ rebuild: + } + } + ++ /* ++ * Determine what else needs to be done. ++ * We need to write the kernel policy if we are rebuilding ++ * or if any other policy component that lives in the kernel ++ * policy has been modified. ++ * We need to install the policy files if any of the managed files ++ * that live under /etc/selinux (kernel policy, seusers, file contexts) ++ * will be modified. ++ */ ++ do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | ++ ibendports_modified | ++ bools->dtable->is_modified(bools->dbase) | ++ ifaces->dtable->is_modified(ifaces->dbase) | ++ nodes->dtable->is_modified(nodes->dbase) | ++ users->dtable->is_modified(users_base->dbase); ++ do_install = do_write_kernel | seusers_modified | fcontexts_modified; ++ + /* Attach our databases to the policydb we just created or loaded. */ + dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, out); + dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out); +-- +2.30.2 + diff --git a/0012-libsemanage-optionally-rebuild-policy-when-modules-a.patch b/0012-libsemanage-optionally-rebuild-policy-when-modules-a.patch new file mode 100644 index 0000000..251a08e --- /dev/null +++ b/0012-libsemanage-optionally-rebuild-policy-when-modules-a.patch @@ -0,0 +1,492 @@ +From 090a82e33be97d42eaa75bec85a32ccb6b7a13e8 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:26 +0100 +Subject: [PATCH] libsemanage: optionally rebuild policy when modules are + changed externally + +In Fedora/RHEL's selinux-policy package we ship a pre-built SELinux +policy store in the RPMs. When updating the main policy RPM, care must +be taken to rebuild the policy using `semodule -B` if there are any +other SELinux modules installed (whether shipped via another RPM or +manually installed locally). + +However, this way of shipping/managing the policy creates complications +on systems, where system files are managed by rpm-ostree (such as Fedora +CoreOS or Red Hat CoreOS), where the "package update" process is more +sophisticated. + +(Disclaimer: The following is written according to my current limited +understanding of rpm-ostree and may not be entirely accurate, but the +gist of it should match the reality.) + +Basically, one can think of rpm-ostree as a kind of Git for system +files. The package content is provided on a "branch", where each +"commit" represents a set of package updates layered on top of the +previous commit (i.e. it is a rolling release with some defined +package content snapshots). The user can then maintain their own branch +with additional package updates/installations/... and "rebase" it on top +of the main branch as needed. On top of that, the user can also have +additional configuration files (or modifications to existing files) in +/etc, which represent an additional layer on top of the package content. + +When updating the system (i.e. rebasing on a new "commit" of the "main +branch"), the files on the running system are not touched and the new +system state is prepared under a new root directory, which is chrooted +into on the next reboot. + +When an rpm-ostree system is updated, there are three moments when the +SELinux module store needs to be rebuilt to ensure that all modules are +included in the binary policy: +1. When the local RPM installations are applied on top of the base + system snapshot. +2. When local user configuartion is applied on top of that. +3. On system shutdown, to ensure that any changes in local configuration + performed since (2.) are reflected in the final new system image. + +Forcing a full rebuild at each step is not optimal and in many cases is +not necessary, as the user may not have any custom modules installed. + +Thus, this patch extends libsemanage to compute a checksum of the +content of all enabled modules, which is stored in the store, and adds a +flag to the libsemanage handle that instructs it to check the module +content checksum against the one from the last successful transaction +and force a full policy rebuild if they don't match. + +This will allow rpm-ostree systems to potentially reduce delays when +reconciling the module store when applying updates. + +I wasn't able to measure any noticeable overhead of the hash +computation, which is now added for every transaction (both before and +after this change a full policy rebuild took about 7 seconds on my test +x86 VM). With the new option check_ext_changes enabled, rebuilding a +policy store with unchanged modules took only about 0.96 seconds. + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/include/semanage/handle.h | 5 + + libsemanage/src/direct_api.c | 187 +++++++++++++++++++++----- + libsemanage/src/handle.c | 11 +- + libsemanage/src/handle.h | 1 + + libsemanage/src/libsemanage.map | 1 + + libsemanage/src/modules.c | 4 +- + libsemanage/src/modules.h | 3 + + libsemanage/src/semanage_store.c | 1 + + libsemanage/src/semanage_store.h | 1 + + 9 files changed, 175 insertions(+), 39 deletions(-) + +diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h +index c8165900..7f298a49 100644 +--- a/libsemanage/include/semanage/handle.h ++++ b/libsemanage/include/semanage/handle.h +@@ -66,6 +66,11 @@ void semanage_set_reload(semanage_handle_t * handle, int do_reload); + * 1 for yes, 0 for no (default) */ + void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); + ++/* set whether to rebuild the policy on commit when potential changes ++ * to module files since last rebuild are detected, ++ * 1 for yes (default), 0 for no */ ++extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check); ++ + /* Fills *compiler_path with the location of the hll compiler sh->conf->compiler_directory_path + * corresponding to lang_ext. + * Upon success returns 0, -1 on error. */ +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index 7e99a59f..bbdca2b2 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -33,6 +33,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -56,8 +58,7 @@ + #include "semanage_store.h" + #include "database_policydb.h" + #include "policy.h" +-#include +-#include ++#include "sha256.h" + + #define PIPE_READ 0 + #define PIPE_WRITE 1 +@@ -450,7 +451,7 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, + /* Writes a block of data to a file. Returns 0 on success, -1 on + * error. */ + static int write_file(semanage_handle_t * sh, +- const char *filename, char *data, size_t num_bytes) ++ const char *filename, const char *data, size_t num_bytes) + { + int out; + +@@ -850,8 +851,21 @@ cleanup: + return ret; + } + ++static void update_checksum_with_len(Sha256Context *context, size_t s) ++{ ++ int i; ++ uint8_t buffer[8]; ++ ++ for (i = 0; i < 8; i++) { ++ buffer[i] = s & 0xff; ++ s >>= 8; ++ } ++ Sha256Update(context, buffer, 8); ++} ++ + static int semanage_compile_module(semanage_handle_t *sh, +- semanage_module_info_t *modinfo) ++ semanage_module_info_t *modinfo, ++ Sha256Context *context) + { + char cil_path[PATH_MAX]; + char hll_path[PATH_MAX]; +@@ -922,6 +936,11 @@ static int semanage_compile_module(semanage_handle_t *sh, + goto cleanup; + } + ++ if (context) { ++ update_checksum_with_len(context, cil_data_len); ++ Sha256Update(context, cil_data, cil_data_len); ++ } ++ + status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); + if (status == -1) { + ERR(sh, "Failed to write %s\n", cil_path); +@@ -950,18 +969,40 @@ cleanup: + return status; + } + ++static int modinfo_cmp(const void *a, const void *b) ++{ ++ const semanage_module_info_t *ma = a; ++ const semanage_module_info_t *mb = b; ++ ++ return strcmp(ma->name, mb->name); ++} ++ + static int semanage_compile_hll_modules(semanage_handle_t *sh, +- semanage_module_info_t *modinfos, +- int num_modinfos) ++ semanage_module_info_t *modinfos, ++ int num_modinfos, ++ char *cil_checksum) + { +- int status = 0; +- int i; ++ /* to be incremented when checksum input data format changes */ ++ static const size_t CHECKSUM_EPOCH = 1; ++ ++ int i, status = 0; + char cil_path[PATH_MAX]; + struct stat sb; ++ Sha256Context context; ++ SHA256_HASH hash; ++ struct file_contents contents = {}; + + assert(sh); + assert(modinfos); + ++ /* Sort modules by name to get consistent ordering. */ ++ qsort(modinfos, num_modinfos, sizeof(*modinfos), &modinfo_cmp); ++ ++ Sha256Initialise(&context); ++ update_checksum_with_len(&context, CHECKSUM_EPOCH); ++ ++ /* prefix with module count to avoid collisions */ ++ update_checksum_with_len(&context, num_modinfos); + for (i = 0; i < num_modinfos; i++) { + status = semanage_module_get_path( + sh, +@@ -969,29 +1010,91 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, + SEMANAGE_MODULE_PATH_CIL, + cil_path, + sizeof(cil_path)); +- if (status != 0) { +- goto cleanup; +- } ++ if (status != 0) ++ return -1; + +- if (semanage_get_ignore_module_cache(sh) == 0 && +- (status = stat(cil_path, &sb)) == 0) { +- continue; +- } +- if (status != 0 && errno != ENOENT) { +- ERR(sh, "Unable to access %s: %s\n", cil_path, strerror(errno)); +- goto cleanup; //an error in the "stat" call ++ if (!semanage_get_ignore_module_cache(sh)) { ++ status = stat(cil_path, &sb); ++ if (status == 0) { ++ status = map_compressed_file(sh, cil_path, &contents); ++ if (status < 0) { ++ ERR(sh, "Error mapping file: %s", cil_path); ++ return -1; ++ } ++ ++ /* prefix with length to avoid collisions */ ++ update_checksum_with_len(&context, contents.len); ++ Sha256Update(&context, contents.data, contents.len); ++ ++ unmap_compressed_file(&contents); ++ continue; ++ } else if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", cil_path, ++ strerror(errno)); ++ return -1; //an error in the "stat" call ++ } + } + +- status = semanage_compile_module(sh, &modinfos[i]); +- if (status < 0) { +- goto cleanup; ++ status = semanage_compile_module(sh, &modinfos[i], &context); ++ if (status < 0) ++ return -1; ++ } ++ Sha256Finalise(&context, &hash); ++ ++ semanage_hash_to_checksum_string(hash.bytes, cil_checksum); ++ return 0; ++} ++ ++static int semanage_compare_checksum(semanage_handle_t *sh, const char *reference) ++{ ++ const char *path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES_CHECKSUM); ++ struct stat sb; ++ int fd, retval; ++ char *data; ++ ++ fd = open(path, O_RDONLY); ++ if (fd == -1) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to open %s: %s\n", path, strerror(errno)); ++ return -1; + } ++ /* Checksum file not present - force a rebuild. */ ++ return 1; ++ } ++ ++ if (fstat(fd, &sb) == -1) { ++ ERR(sh, "Unable to stat %s\n", path); ++ retval = -1; ++ goto out_close; + } + +- status = 0; ++ if (sb.st_size != (off_t)CHECKSUM_CONTENT_SIZE) { ++ /* Incompatible/invalid hash type - just force a rebuild. */ ++ WARN(sh, "Module checksum invalid - forcing a rebuild\n"); ++ retval = 1; ++ goto out_close; ++ } + +-cleanup: +- return status; ++ data = mmap(NULL, CHECKSUM_CONTENT_SIZE, PROT_READ, MAP_PRIVATE, fd, 0); ++ if (data == MAP_FAILED) { ++ ERR(sh, "Unable to mmap %s\n", path); ++ retval = -1; ++ goto out_close; ++ } ++ ++ retval = memcmp(data, reference, CHECKSUM_CONTENT_SIZE) != 0; ++ munmap(data, sb.st_size); ++out_close: ++ close(fd); ++ return retval; ++} ++ ++static int semanage_write_modules_checksum(semanage_handle_t *sh, ++ const char *checksum) ++{ ++ const char *path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES_CHECKSUM); ++ ++ return write_file(sh, path, checksum, CHECKSUM_CONTENT_SIZE); + } + + /* Files that must exist in order to skip policy rebuild. */ +@@ -1030,6 +1133,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + semanage_module_info_t *modinfos = NULL; + mode_t mask = umask(0077); + struct stat sb; ++ char modules_checksum[CHECKSUM_CONTENT_SIZE + 1 /* '\0' */]; + + int do_rebuild, do_write_kernel, do_install; + int fcontexts_modified, ports_modified, seusers_modified, +@@ -1159,28 +1263,45 @@ static int semanage_direct_commit(semanage_handle_t * sh) + } + } + +- /* +- * If there were policy changes, or explicitly requested, or +- * any required files are missing, rebuild the policy. +- */ +- if (do_rebuild) { +- /* =================== Module expansion =============== */ +- ++ if (do_rebuild || sh->check_ext_changes) { + retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos); + if (retval < 0) { + goto cleanup; + } + ++ /* No modules - nothing to rebuild. */ + if (num_modinfos == 0) { + goto cleanup; + } + +- retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos); ++ retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos, ++ modules_checksum); + if (retval < 0) { + ERR(sh, "Failed to compile hll files into cil files.\n"); + goto cleanup; + } + ++ if (!do_rebuild && sh->check_ext_changes) { ++ retval = semanage_compare_checksum(sh, modules_checksum); ++ if (retval < 0) ++ goto cleanup; ++ do_rebuild = retval; ++ } ++ ++ retval = semanage_write_modules_checksum(sh, modules_checksum); ++ if (retval < 0) { ++ ERR(sh, "Failed to write module checksum file.\n"); ++ goto cleanup; ++ } ++ } ++ ++ /* ++ * If there were policy changes, or explicitly requested, or ++ * any required files are missing, rebuild the policy. ++ */ ++ if (do_rebuild) { ++ /* =================== Module expansion =============== */ ++ + retval = semanage_get_cil_paths(sh, modinfos, num_modinfos, &mod_filenames); + if (retval < 0) + goto cleanup; +@@ -1696,7 +1817,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, + goto cleanup; + } + +- rc = semanage_compile_module(sh, _modinfo); ++ rc = semanage_compile_module(sh, _modinfo, NULL); + if (rc < 0) { + goto cleanup; + } +diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c +index e5109aef..8a01c53a 100644 +--- a/libsemanage/src/handle.c ++++ b/libsemanage/src/handle.c +@@ -118,20 +118,23 @@ semanage_handle_t *semanage_handle_create(void) + + void semanage_set_rebuild(semanage_handle_t * sh, int do_rebuild) + { +- + assert(sh != NULL); + + sh->do_rebuild = do_rebuild; +- return; + } + + void semanage_set_reload(semanage_handle_t * sh, int do_reload) + { +- + assert(sh != NULL); + + sh->do_reload = do_reload; +- return; ++} ++ ++void semanage_set_check_ext_changes(semanage_handle_t * sh, int do_check) ++{ ++ assert(sh != NULL); ++ ++ sh->check_ext_changes = do_check; + } + + int semanage_get_hll_compiler_path(semanage_handle_t *sh, +diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h +index a91907b0..c4a6e7ea 100644 +--- a/libsemanage/src/handle.h ++++ b/libsemanage/src/handle.h +@@ -62,6 +62,7 @@ struct semanage_handle { + int is_in_transaction; + int do_reload; /* whether to reload policy after commit */ + int do_rebuild; /* whether to rebuild policy if there were no changes */ ++ int check_ext_changes; /* whether to rebuild if external changes are detected via checksum */ + int commit_err; /* set by semanage_direct_commit() if there are + * any errors when building or committing the + * sandbox to kernel policy at /etc/selinux +diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map +index a986b2d2..1ef664be 100644 +--- a/libsemanage/src/libsemanage.map ++++ b/libsemanage/src/libsemanage.map +@@ -66,4 +66,5 @@ LIBSEMANAGE_1.1 { + + LIBSEMANAGE_3.4 { + semanage_module_compute_checksum; ++ semanage_set_check_ext_changes; + } LIBSEMANAGE_1.1; +diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c +index 3a82d275..f1fe160d 100644 +--- a/libsemanage/src/modules.c ++++ b/libsemanage/src/modules.c +@@ -1149,9 +1149,9 @@ int semanage_module_remove_key(semanage_handle_t *sh, + } + + static const char CHECKSUM_TYPE[] = "sha256"; +-static const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; ++const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; + +-static void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) ++void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) + { + size_t i; + +diff --git a/libsemanage/src/modules.h b/libsemanage/src/modules.h +index 8a5c01f4..b828a534 100644 +--- a/libsemanage/src/modules.h ++++ b/libsemanage/src/modules.h +@@ -109,4 +109,7 @@ int semanage_module_get_path(semanage_handle_t *sh, + char *path, + size_t len); + ++extern const size_t CHECKSUM_CONTENT_SIZE; ++void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum); ++ + #endif +diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c +index c5ce071c..1fff667d 100644 +--- a/libsemanage/src/semanage_store.c ++++ b/libsemanage/src/semanage_store.c +@@ -115,6 +115,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { + "/disable_dontaudit", + "/preserve_tunables", + "/modules/disabled", ++ "/modules_checksum", + "/policy.kern", + "/file_contexts.local", + "/file_contexts.homedirs", +diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h +index b9ec5664..1fc77da8 100644 +--- a/libsemanage/src/semanage_store.h ++++ b/libsemanage/src/semanage_store.h +@@ -60,6 +60,7 @@ enum semanage_sandbox_defs { + SEMANAGE_DISABLE_DONTAUDIT, + SEMANAGE_PRESERVE_TUNABLES, + SEMANAGE_MODULES_DISABLED, ++ SEMANAGE_MODULES_CHECKSUM, + SEMANAGE_STORE_KERNEL, + SEMANAGE_STORE_FC_LOCAL, + SEMANAGE_STORE_FC_HOMEDIRS, +-- +2.30.2 + diff --git a/download b/download new file mode 100644 index 0000000..93e04ce --- /dev/null +++ b/download @@ -0,0 +1 @@ +25f086ff66175a0ca0e7b34dbe8586b7 libsemanage-2.9.tar.gz diff --git a/libsemanage-2.9.tar.gz b/libsemanage-2.9.tar.gz deleted file mode 100644 index 9f73aff8dc026e53f6537dcf98f91b6f25435df7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 157690 zcmV(}K+wM*iwFQJfQwuJ1MK~4cO=J=APVX$^6ZarK_m-VN@U@UR)ORY1!R$sPyhx% zk>ZfN*g$3g2vufADk2jgBymqa=C!A1r|-<}?A~+F-I+Ug_w0VyvuD-nRySL%R{w?K zKU#aZdw4{6yfT3-ipb~|3mM^VZf{tF-1zPG%(wzjgdxw*E9<(AjhS2w4e-0%$Vu{b63YqVLJh{gFKD zE28c9dTxLC-kv5G z*mn9*;7wyZd+zc{&i|dmqfhq^KD^U5^5_4?>UvuKuWc@G%;x_Tp1C<8K0J6S_FE?> ztz+?F>!5YKy)TYlKHJ~h5%9m(!AYxzrRe$C4MNZFiW|6bn0bd&is$~Q-*JWjrXlwF?PiT2uP;L}r~j(! z^~K2$fO{9iEAhPR`$0oI^TQz)f3YpZ(#rDk(&F;!(y|aQPqu5Kb?pYXe%}>dCYKZWE9XA9; zfGIh2Uct*7=T_YMqo8&H<`IC`AG-YxH+Bg;<-l*38WTB<5h5Dv#YHI6LrlXF6eE(V4#6N%S?nqdAYd7a z5sXOKWNJhV(1?v!4CRRW&S205?jfA~o?8nCZrcO6w~}fOa-eQ};Iv6c*w%2hH1Ly}+{ZoHbgEd;dfKNU%@eNYs z5)c?7MJ1;K)AwJAHnepyLWG=iAB$eO*itPvC4go~6F=y9edI+uRn$Z{cVYeoHJEWg zh09xwA$H^zXb}v(_NeOw&^D6toTdwO6YIKP4!W=wVYfp71QU(M=M!LY>czlyUg7MB zje7$>AK==bG8eU`<2B zuw+T0DHbH-2FSQXQ=k}d*)=pRybBte8!x=7Z&6e9J8;{sca1UKe&kEFEdo zC84bYJtT3;k{VEwMSFh7yST-?X0A?>_OaO^j zeg5hx-eyVV+Sr~+;fUdlzZeePf#|`Y`kkj@VY!ZD($v`O|i z*Q%QUL;oYRvDNXGmsC4UQKx5A-^a|59a&v6%i^;}!Q&2(1i8Ltc+> zJeXMs=N#~XacK`3QJ@-VS3Nn^dNiKrZVgnM!0(LOT!`ie@XG%VB?30ly=|D9!jL*L z@UgF`L&5F@$$bU7+fcEv`y~tsDt#!taZxqJc9WP8*OBzNrM1dIZ2-ww+9kAU#VIsR&rysJGz6e!0cte~B|wmxMttS;iqkeyk5am>(k_}dRg<)QQa5WQ)J?Ta8G5FH6-dGvNyRuIfT;r9KhLe#G_e zjtk<=AD}$L)@vx#faf~bAX#BsCU6>)Ty%#>iZq`pMm$LS~Mq}qLowimQVJzOzBu}|xqfMkG3`)$~H zp#t1s-UM83X)O~9kkrtDAKReBIC2MZgD4DfZ36AM%iW~~A}$+lqoveC=?s)bYQZop zUN~)3(E-7Z6LgxSYk-R3xum^%fKZC~TE;%V2?2D(*EHRDR7P(dzfx4 z1mo(C+LYEbW8%~&Vi~-XYj~hB1x(~@1yq1!ab<5rii5Gs)>>6xcdVv~>-L><)VLkk zUx0!EK&9mf#&zKOgRUFF?Bd2%ocoF@D^78UV}!`1u^BY%)ExtbNZ19>dC&>AAKowy&BgevTk=_)f!!1 z6^{arJBcwV!=fdkMq1M&CCM5%0f^n8nz_3oiN|wCEqpv*!kW4I5hjvcSJFtRgd}gx zks82>SQ^j-A_b#9YrYCDEs)TT)~J()NmKK`!l3{Wpf@{YvGDsHk2lPu2*7RvKpGng zX`_-#dt0tsKF(KQj3Wnk2c*vqQA3kVfo&@VrA~yyDs9NrEl`T{OGGmuu~R!&Yq2>Z#)Q)P50D*I z`f|o}0XVjfUz~{TgI%$6c(A*7x_5YRBAy=}3wiv~5W9OPr^kEGUg9Sz_~LMP@A=-& zHom~YT57T`shDybX0VHfYg1dqX{5!CVW1!ZqQrpQL~3F=xVb@_)S&CMwSH@CQdy-3 zI5pEO>HWg(kl=wPom*)$mrF~u`Rs_1vd%~z17Sj1MgE*yV2e4d0svxuX!Lx(-mJA8 z(x~V+%}=M(30&GH!m!T6&Ul_DxtQ0?)N>u`Y#TV$Z7VHNQ|n^Xmu4clUG6wT2T0}) zNYe~`GTZxtc%*;r_HheJhFwE_#gUK`Ldm$=0+XBeBe}mr!@n38APkw zhW#fBM?F>N<=mZbu&K1c2GD5WQO&fCKF*&SV}WAj94DT2gp?eh6*fIFYx{9px*oBE zDYkI;*1t8CX@Wv6)FO`RIyX<12qY_>gXRw|EBR6_sV3ywzz@{Gc_8K`0{V;x`-si8q23Lv|Awb6NVgl?$eDYSZCrxcR_jX!MALWH zIu)Z3S+&s+65Gs2!exuCN2INdh9RD~&<+luyK?&lIxWgDSOVB4l3038o|X0|Wi)X+ zY~usSgAwo2Ycy$N`(cHd+9=Xy(C@RMh%7|jkgR$lnxHkga;kq zkKu<~@u3f6fDCmLup;XX>rL9IE8_Aj4MsS+2sA`_piFHV7%DzAe)>yH*U?M2Ssu@V z;s2MLY@0^aq4*3p(Thi6&C1?R7&}oxc_GiFdTz%Xfwm^MS)J&l2gy4CMcN;QT}A^$ zdf*QNWOH~kz(p#&!v2%3RAO5*N*U{>Tvlao+Fi%%u^On%q+8;Z>kd%(08{Ci$kpU# zhGYOMP{!g<+8`@c&Uq+JgV?uP1Uf-Phmlps-x^Zahap$WPR&#g^^njJ7N0?A!|vef zHbk?GoDM7+)o~oR)gW%Tl~5dMA@>JzUSq$sy;!N%EIHjT5OJBLxT2vl!B73)7bIxIc zCzy{9+)(4`xh}aJ$XfM(69i3P>4vTBp76pBT=Ug1!=T81}L>%>EMiD)|90r9&IZgyw@{V zI@Y+Ps@Fj->iZ0Uxe}Lcwo?VHjUoqF=x;K;M4?m1lPq9sr;TTSw`$GSWKbMrs99QR zV|@g{kd}r`pav)L4M(Jt)AEA0r?g%e2}K5il#_Tg%w^392|#d3PAcjw!gu&RWHW-XNo4=;bMI3wD-Qt=?J(N19 zL6e9gjTnBwGkA)^J8@~bMzaCVz>ro9G=|Xt;^InZ;JL^spret%?a@{RRTkj9i&0mO z;X=#~VGIu~ZH6TVmk64*KOd3nfbRo%(1v+N>4wy5$Cg>>Aet8zNvWYzgygEq)guDM z&pl2?AeqCS$R>jjmc%qU!*iCWkr9cT`Ns%R|;0A`&6B;<&B#s zjU-GC0)ZrnLzaVPBONNSr}BiIde!4IXaX)*rnrDYM&|iVC&)DqsR-YxcalnSrs6>! zRbgE%y^&Y4nHCs49X?lPS%5~aNT|65i4nuXA#UeTCSe0OUC{E~1F3oKhH}!Fl7jgZ zIgtbjD3?C_ghlC$fUHRe$)qxs0Qk+7?hT)Efn3DI{P>Xdn$8egXl4UrH zkm4MYa;FdHp%{@2^<97y&GmEAC$RN+`n-q76};#-K<1$n&*ddjNr6>6Rq6*FO>umVk!(2+)CS1Fj<^22{{!)FU5i&Ey$+-pEwntr;w!j$(vs<4 zNZUu(>7+DWTE5Y9qHk!z5!LB%f;^k>Ttcs$P8Y3%T{|4hV6*i#&_b)MadCU>YWczDYL4&FDviTVC33lHa#th??}DF+4oT z5HF{pu7!HmwbLa{CI)~edCYvL^d!zq8Axq9^70y=TmsMW ze1hBr$?Ay9Ul2QlBRf&3P9E&1Ps$DsV)%sYcQy7R@o@J0T^Z}3CvDOi9$$Ibi)X04 zMlPV`P+K4K7f$U&p!_=W@lBDV)}~`%+G85CTge=oSBw@ZhNp)fGdVm-8%(_+bt<{1 zwIQj_>*bN2i4HrOOY&qGZkshFx;Dr@;YyXACU0_r(yldm#3DVDa_L8JdJg&1bd}>9 z$I+AFqoycl3i+5eZpsE_OJf6$bjqmZb4y}A#!a5gam`v}yOr@OXuHK-Z4|eF^Mou{ z{h`_~^63lhrpy_E2OF_&u*0*i;f2cX?)C>BRP28FM2| z5MhtbIh=OjhsF!94+L;)(FxrGZWQnx?J8)if(|fl|8jU$*Bi%}k)08)5yGew^vz>{ zvyUn~+9bZS3Z7FLEVN3rtnnEWPH?lUOb=X74j3Z6mD( zN-8OBO%a(b=U2YhP8p-4!C+^?xTiVEitvkrc2`` z&1m*R6%LV5DAhV6*58PY$r$H_pp@N)siPuu<0%i9sV}J`B}I4LgPzYj@3>Et!~0K) z7i3mf8+39=l1!Y@1@_g~_;h@bxNc1!OK|K@bR@B@6#8f^3eiUcOMa-k&eV=!CDn>19L&e>^DMfmWdV_3i$naHb9 zcfe?t*F8ETdr2;k;mG6O$KB0E&&5u7VK3%Wtq)NRgvpaegNf?lYTcL88H0jo)X}Ci zfjUK?$)zE4Kd`%Jvf$&jvuoGmZJ^BwDoQX*mQd`FomZmhJ163jw^0m2X#qw2v#w9wCiR8 zi#?IM1$lI8Mx+?WLmN&*=@9G-B#$>?6O3-LYAW^RtO% zL1cKMz%W&xCJ@n%Ks%8|j~uA_v8iAfPU0?Ew%u&xDrYX{_#1xb}>^VQ9bB`XZ`6TEUqg+#ymU3W*}f^7K#_~^^74(to znlTa*IpP>~sK~Y{qcNmfhT$i*;|Ueb*pWL5uT5`q^pR|)fKu}L0J zIw#@=x~8*~NWX`aHN4|1t@_3<(5$tCdRMDN!>hRbV_8aj4^n5WZcVW4$6Vc`;~GVO zlKi?yDweUNon7fc@f~vHg!Ezd#?IPH*)xnNiu6ilW%Gu~lW?mS7iF6u9hTJ@3hF_R zYfnxYJs)ur8U!+hy{0YoQ4^J?)YJmb-9zw(yX*{wgI{?PD zU!vP13-NgHl-#dnj|^I0hhgeyQU@(MYQ6;&_jTo+dqZth)p;nS8%w%BaR;XJTekhs zgoqi^6Q0fs(#tY)DX6n40cIL*$YiP?Zr_patI5;)4kp{-(-D=zr%IF(W317yC5V`C zz>rBhmY14>f=g%<#{R>3XQ~BVW|dLqD@aTs$^9Xj&5cO#D6JcJDlM!H=fl+`WC86i^nYKEYy4Vhm2_52 zv?RVjR$5Tj=<{2N6$O+5;yRW~#aN*juPcpKDSygjqMAs|8Dh6vIk#)DmY`lp382&- zE4yx#)kW%*rb4AcpZE+JwYuJ@3)9wRH+gpJh6UzQxcR8SRjW=utgT&9yzsosUoN>NiY?1mDC(76+*FbMoxr#rmmxKv}Vr$Z)D7_uJ_ z&JSF~RA_x^4eByu6tAr&(D0A zlNSLlV%m9)1~~_PbStx*p&RaV@aL7=Mau+RJTTotpC_ivKBzRV=(AyF^)iCcS>T;J z-AJUnCU`UJ8+mxK2d7yoauc;yAg>hSp=9v;Ud%&K`SV&_1Yu}Ka>1rwJndz-q%|@y z_Hr&pII{JfybDzlD(PCt<{{k2%LoioHMrzfym1xN8)EMa3{~(0uc;JFbs0#Ar1Zwq z8<=A(_s7Z`wB{k}qa=|jYS`&1$}51{L7SBM7sLu2ZB2>`8iHz<=q&})nx&3xMdwn& zsCf~PmzEhiX>0{*irYzaN$fl}H8WH6g^|6*bWxVBzcNO9ODgrFfev(`sM9AMzt8lS z3GrZ-Uy%VKydsuC<&c*9SdKQ0tHLi5MiNPmHP$huQVhz~kOeUvmXS+peAbv;O0I8+ zD7Mm7iIQ%lTfjMx!M)~W3+HZnwc?dE9HzuG=_V^pb*_|*aeG3kQPS~Up%HtA{&y;K z17)HlyM(mkoZkwA`Oj~oqbaH=jjk-CBkd#=B8*azEC%sVFN+ROr=%Uw?E17V^V%@n zmo6H@23K^RAM2tKSPAQzJOg4uth>^vsY8%h)mV~Hj;Z6|4LUN52*HwL6xO%_x5G&w zcs9!<5C;CB^!qS@1NJl_qmV`svk_d>loeT?Mae`8mSJ6OlEX`8K1edd$iTC}z4j;$ zhR3|`-qfVgJ30x@jjLu|0F_&uR`74LMn)#g2B;y?1`ESjpid~{J@f+g0#9e8QfCh; znN|(`uMkfT@fVb^2sn*$6v)_YYC`ACV&81wM>_E(l{+%^OSeylMiPd41YO4wkEc70 zj#;(7D-Fz{kwPj;a1mciNn#papuFJL=20+oDK&u}K%gmAUlrjfoYGjZ`n}dv z%A<00HD(7X@2Q|XI%|rO_e2>=INBgKgOf^i-*WVW89#Btx$)IPC5uF5KH6tXMNzK_ zdi6Agp3H)foys`Y92TotifvIEQ@`ipR10}^&<6TY`$ch%(i$#lGz@A20_S%kT+ldp z>C=J61y8}?I+l3`9p6Tr@CfQhCIYrjkCKU!q#YBjaK7Hr<54H&*dqT8xv1zWmn>Df zs7}f>!v}}rlkMZp{iKwI-e!RCE@6-JD31B@hKG{3{=tO9y8=44_W}@Z!Nxs3IY(I z_wnAzPXzQp()C}y+}41AxB%nD_Q4K~6JlYEBX(DOdiW9#D4^f_yD_35p;}_M^}Mxn zy7w`RE|i33PF}uf)tKHVr$nIreR0s*0erF6N$dFIy&a;%aqDP%?^sZFl;dNBa(KWi zdIR4kMHr{03El57FR% z3T$*JUTlBLDOoI%i9qD}baCb8bI7L>fH9&x95r0tBhy5bbWi*#59}VlV+U zEz`&}#K}=>XAl2?@4$L6*86~7ZRZds(Z76&qX;h~5U~xzi4c$vdB_A#LFBaq#Us$R zoR)ex7oxV){3rGgPl(xew@ruWE7Rm3(M2s!gJT7z)2z$!H^ z6bYkADwzx#N*f$U)pt1cXd~;ys34PGT_vp5;bE$g24d<+DNV93<9 z?2RzgE+uYlUMnH<RPR4yJh!ET z%3`d>s`nEaJ+8B8XE2G8Ks6Zx$c|Ui;uyyC*j#09OX}$aK*!HDmm{rJ8dyPHTZkvJ zsHe5~rkxVzfvMaRUSV8^%ABZlJ`NsZ$1U7eDdhr%pi(flv}e8y2OwKBg^uf#8ZwMN zsV6`eveX0-sR<{p&f&*Y&EHhg@dKsa#7$o)DS%SLFG z5$2LVlyneK^W%U2Jn+vS!Q_g3DGVtk=H6O(vHg=) zT`ca1FlbWhp(MEf}41kyHuwrB;)EzX>SH15tiW z)wjI|HnzS;$I4KDQ4KC;VjnLMRmkp5vIO+p?Kh;ml!0RtiCS1f3cs@}r{C$iXG8Hgyb|w;gO~gJTgGQi11O;WHoqI6;ZJMLSMDu-ezjGr%^_NJ zYZo-Ngr%{~BrcqLWuXq=y$i8`Wf(EQ95yL)10aqcEX?mX{YTI+Jc?;lXL^r>AGftq&XGomU1T z7lQys=VAeP3Q%f@`5o;NDoG5`$@=tmIIm%6AZNjihCL*_UP06JGrM`Sb)q(O7~5wk zWzZlJ$yTx(kX?HlT@VHX3iFg9kla#XPi@0s48c3y_$i8imkBiVp%p zLcKL%Byd;t&<*Mg?eYD~h=rDch2DV@^^*82)H(6{+dN#cPDLF;*wrbF-Gjdqy+ahs zkQr)Mrg0XLhqnWFAwt1A(5VBy{jD^x1R6)RQ!wg#FJ4N)bsjk^Y@lXvzVxAgCeKI*yT*P7r z>g~2pP60^$tp$cw7r*+IvYv~@p4ePp&nSpWv@W)>wgzQxyl$uM1RbpeKY82)9n)4h zvY9uVPvHOM-7|P093A#$0sAh9_}nLJ{%b1SK^tSp|IMY1nf#x|Q#k(TzK_RK+88iK z8%6e?<(1W>{byxmcK$n+=gH%QJJ-t6(z-ZyJK`f}$Zj0s@e?%BT!5s!5NBG`e|C7d z-`YL^MSth;c=zn1v)T_hV`pv|o2`gV7t#`BYvybhR-1#??wL&D8JSLyJGZQFQMcc! z;Wh=~*-9kJ5A#bSy!0EaW$$)`^AFrU>~?B3AoWiG22c|(M+o|4tV%;vyXdr~O4@iD z=xIO4>A)fz7dqiYUo41<$B)sJfV-I7_TeLj1(rfUVvryt6qHiKC|L?4%rRjpN!u_h zfWjV8Y)IfPlta{3s$xqkC7UWD-3m4aEOUTfl@ZUFLmsbt3A=J+f}-|wI}s`%#iO6y z!4zN0u6*otM{X|vV;`=uRE17hcqY_fa*)KM}{6CzRsUD{jAu$(Mf4jl_oEt4=YAX3o1=_PIURCvnjf8m)!uI=L}fCc&= zXdG$%Z*^mJrvFXhnOOfjIoqbVu3QDsEM(IFlba0dk)oj{=B{7Ns1+2b%=JFMAQqxq zn)9Ui&qr=>TLq;GNLhus%%tPyV#S9%)zGSf7d82~6e<*PUk#H{UnSHk-HJD)EVX6Z zp#$56$NVa&i!6173*$ip@@<2c&BxbHa9Njt_>BZ~h9C0K?82~AqD7hk9t%b$G)lz@ zMiif|*Ruzo^6S6!;~1ljqV<1yVne~CFs3eI8`a6HPyON5e=&xjl$$L$PhX8Kwam}=(0L@TK+A0v%`<>}`! z<{+-nwE)WBLDvY(eRK^0%dVXQUsUNDxwcQaKYcKXss`RYa4ey|12&K|K zF|%7H!T|M*Qb~_-9G?t8DMrqQ8zGl>EU%j>b26Xy@W>!TSybXj^05eoywL5C`8Km-Mf4r|Wm~o?^4YUUg#!X~McnV8N>}MA)c@#i z-m%m^{S@hc>#LUd-<6sF=QJJ=58ITl@2U8)A6|_d@eF1jOfd28&(8U;4~DQcybYUe zzxRF(=9GGVOjn?sg3P9$@BVBEe`XclyLS5G!`o5N@!V@D>|I~3d;mL&zT53K-OdOL zV|j}*dP)$*soTEl`(6JM_QU)8I~j$g=1PjI1UYFA!pD>4AbdP&4#LNGl7ldV7L~IQ zKAt=a;p02WLio6P7D7pb$@36CzN0*ZkMA@OVa7&nxApAhhxYxM{#3LrlQnh47bhQ{ zwT_R4ShjxymN*bA_HTO!&kx0_T?Occm!zq7F%@pk@^7dRR;^dT!Hl*2JArgj;1(-& ztrM3ooatfaM7q)*Z}&QP+OL`d$NL%2dZ3Fl>JIsW994oR8^ye0(FhD(lY&>ikr!HHQmvu%c%E^E?Jd6f((I8BQNI{Hi zo=6aiLzYc78vsdj`(ee)rMHB*Xv3@i|P?F z3y%>Cg+W~`M0P`EN{nwoBGk;!F(o#=CAsJgW8a$1X6%@a8#OUe_Q^jUt+G)6OJxJ8 z-bR7`x3;mC_WxX4U76{BQ+UR=|2;2b0JIdcEj6Vw&g7a2pBLH*qckpAU-CnSR4Gfn z9OI)2+y2&WhD`UTTo_T5jKd!IVkWkUQb=Tage0@s zR58m1<_$62KXF8pmW(7hh#q++qgaKqkyWWUq#VM{Wsj8&x%g6^&Vx}n@MtP_FM(7= zc1I21Ql(_c=~T^dZZXqsc#Ad-LWm(j% zqfn%br=X&ta6!%1Vm?pXWs4lab-_x`;CH2wS8)u_);=xt$PkA` zzGR8)i1#y8rM%jVO-p$P@wtkwbGngg9^!K%!#&(EO64gM_&qx^O;m6b*T5^dirbT^ zCVj={9*(QsxALj5{*UbdUaXTJ|2Jm&-=^~1#rmJ;0B$RF{~ACkH}E{&-xhCl zH*4KEap}2ejkC^`L1MBcuAFvL;3b~5InED%8gEsrlJO>QLCXw%DqdHw{GQwKf-)>J z87ju&S}6b3l$$`tZOj2{4oY_y1`BpD^VBl<5I97x(^|%k=)K>d-Uu z)|q+hJalgzp!4p2MmC-3TjG9<{*ZJcoXo%gd|iVZazB+M7ktTc;Eyh^@E*{_A~TPd z!Cz4?`Gx2?w_?;CdOcvx?k&*$!VTPh+ZD9`LmlP9yQD1aVMF<=obz?fyj7rY4QLA{ zVz26mV1tMxp1@q8I@Clb6hs)DbPClzq%9QBEzKrn#DKTb23Soro-Qfy28i zPOsEYoNQj-8+uL`x-O?0USrC)Q~>wEvN3c?H@2+S$yd_!jhczHpzpc>*>4kCFl6Dt zX`{pm{kG>Icp5q<-JyoO)(>ymmNZvaL3_i{?OrtJcD7&Qt>jOc!!JhtHm7#>fg>Y+*N#DN_e!qK*SaMcttd9Oo zelV2oP5n_XcG7{+=zIuoA21_=&h`#I-rnEa#p_#)%MS3%?%r{0=d_V151XBn*73(| z^-R=I-;P@^4o_RPuZ#}r!9wP^32Cvzt9u7-8&@>lMSQ7mOd0wpEAa~R9w;+7d~zt9 z3uFsBFVeDb?p`1;teqr7lO_Ww&m*3k+Cxm=Gd^%oh#GWn*3#n}(q+eI^gU0ll?QzY zQ^jcJj1GY_&g6cK{SMr&?{wshAmIYo#I$WLA?+B&u6%f1#?6(B%R2Tm4WGDdD9Mbg zQLpC>Nfa&<3*N$nTacc9^@doId}*W7P$HL0BkWAamnE~1JRf=8IF@~d887s-(jk)Q z8+nPV1m0;pa0B$fgGn00-@sb;Bny9Pxm*XRsO-UW&{;y&ZcGaqxWGR5&PCYG4&5Hf zlNa$>Mh(y^8Qeyq}Naz7*i|8ZnvtrC!fl$n}Q87c`M$thN2F3h)d9UN(W z{e(KJWVIvu?xlkn6FHl6gW7hxAz1}fsb9E(Z=rzFXS2J%tCikJQ&u#%^l&|umI1kq z5ZD2Eml_LWW6xmehLY`9z#ULoG6W85sy0v%R_QM39qP6=vp^$32^bwBg?$Y(wE67b zZx4ad1|)U-bJ&*S#%Tz<-Oyp|VRe3`m_SmcIY$)0F0nZT(5A%|*DAT9zp_yRx0~nq zu>rGv;PP^fGED7rU?=LLxq>^V%pYp^M#h2zf2fQh%tpx#A|ip4=LqKaS*^m!c(fe?FqEKj`G= zZZJ>NyDu3U^ikIdd6p-cBVuV96$y@^5D?UzZyZXxQYfz&>n!4=92Ixy;)(5Do4X}` z`{a1jF}iN{YK!Nkhfa>EH^EU4k0OFZi=TheIyqbM3;K^)88PNA^(o z?e++C(@v_R@vAwl%d%t#t+7f2mN29NttyfDutYF;9b#WvV7hon61&(G4ez|!v@QAgb;0x%HPmUPoDh|bigA!;Wn-_1a1DEn zMM3SmE_4JW+o(Un#qb<>zkNj;l@WCs6j!xt#-J*+Z>5I;RU-BEOjR6LT~&an+a>U` zs)bdsVeK$gBQXFMUFTAYZQM;H@NPS8T>Z%8cG>rFLSQMmLF$N|y?tpx40#RyXn&v0 zj#gqaj5DrrhQO^Gk`y(QO9dfqK^Mr(O=!f)6jch@G_fmT%ha}1F^mC`T#C3Hdl6}o z6h4@T6IJIKkhQ0cC45k&RZ^1H>9#mHJZ+uGRrxt7EM2_wyuUC|9K> zRSo?f30AZE`|mADv4nauD+FQglGWtX6a*xjd*!+VS|{7D=wwJ%M2lvqcg+BmCJ*if z-62^KNi*~NhKOo+J(Mq3WbDK>iqtg*r>!hkxH*%0kzho^p-1KnWgnGi0@HMTDm?%7 z&H){?nT{U-SQP)aZ1MkD-FT|GD34Mhc=H3LImR# za$*GYU7_=+XgUm)!7r{7#B0Q3SH|N6Qqwd^OZ2rY3&bk0ojq!&+#rNw;8q1ID_4~x z8U9gj@{}0MPysALUbDIZ)HI-_Lf+y?TVmb{an2c|I>IZ z{{PFH;)UDo!dCUm$VbzIEiCK?iZ%ne!GN|>Ha$PRjamHPG@cUczh6xO$cqNF7OQ+Aj7>i%v*=B6KZpS|M%4S6UrLIC7b8Rbuaj9i3MZ0g?x>iE|50Jwqxc;T^{AYbL75}%gv@yH? za~jWG?f;H`()zUEBq&kjo{oX6fl-+l=bQ@-=+wvlzUV|~kT}vA$g`aM8p(qo^)Bla zDBgqoBOrp6dHyqyiwOUf6&-J4RIu4Jo3kAFWVDyjpe~qm!lN;(V3UozF^tap?EG@! zeVJUAy8aC>u2(QmGOWxdZHmu)bm@`@K3NB0S(L1VThgAZizf}b)y5yq|1q+TdD3I+ zW9*D4)<~jn=&1u&WY$3Jp9%%@!Vu0QIPfk$^06#Mby7Shi-jDe=I)#S>D*N=>IeO z&orL9)c*?(e-cIPmYvvUbG&080#WJAr%2DuEmnBWL#0X|^5m#Mr4_FVM?ATDrOoDL zUnxr1ga)kbRyg4)IV>e@QgTaD`cy}DwyNoinyGlKQ)Ky4R8}WBIY}KW*t-a7`GcJ7 zu}_)2zV%kG*`uD)>;Kr>}J`1N{FR+zXa3gb+zJ+Qc^0F6cTCNByzb2#sd>ZR8fLf_| z=TpIz7|9hq=PaPS#e`s1xY{X;2U7P>%nky+?N62U|Gwfs)|b-$zniP8v-N)p&z-FQ zxn_S`vFcpCWmJ{j_WwCL;8tHDNLrSDWU<1-hNO!lCgmg)FmvnbGZ1(lv z-sjxE^NeQ<-f*#4>)K;Y*8HsR43YrY?$%vK71tHdCCJY=nadlvIR0oZBjyw7QqVE? zE@=$kS>1oz_eLk!Y$%4#0=c#s&bJ|{TJnK2eo@&4UaK8qqW@=EPh|zDYibpVhbec~ zcc4*NbY=y(W^V=#dN)po{nV1mhY~J+x}9t4Yaj9X1~D1ZmFnu-7`-|8a2(6(Q+#Up zh_>6Zk6`FNJF9AxaH(+gHp{J7Y2Z#n&@ESqE8zv{_?t0ZNk$D!*L>=IVzv2S>qo>H zF$9*#byIJp_n#4l*JElcmz+}e6Y-@f%C7~nv&|@GN9MNVw=I>ui_8!y8byIW zIAa)JT-#sax17s6{Pt~j3zHfuU+Qmpzb(pA!i#_U5%sJ!?&$LuP9llU-{eC?o76Nk z#9WB=A3m2Zn61I8uP14n(Hw|g>dwK5LqUSm7DZiML74>$XV{_43Y_m!6Bv9rQ&Rx>ig2Z+a|h zj5*tRC5lvV7h+ua`SLKBW!AS<`VKz@_oHYNy~{d|xp8P{=y~xKuW_8*^{qX)Yx5Oh z$@S`CjL#+E?m%?*ZBJh}x#ZwX{Ri|CxR*!q*eA8^-iqpZL7fDDkTJja<_jKu|5@&x zDs-xxFZYn+J#|Khn)hP9*w2gsUoSM)mwC|Mi+kYp1V1PTYtol`MduZB3CGOv)^ia; z{w^P}$z3;m(vU{+d9_w{y;O4-xIkjG4G-3gBHkIvPD^FE40^*vq7kZ-@e4#Dqm!c7Jgs-=X(`!EKK`pFVW(D5 z^64`MzUR{_nme(20-mFu4E?+Lil4dk4lEi*i8-UU&-Mf?-V(XAthMvQ+ApV8TBdOlj17j|7 z(R5FVvsczYZ@i*jUK7wy0yBee6u#Vb#{BMK_)O;%AUR#c63%b2$veE@gdW^?vy9%R z#wKvm**}&~mtc6aT)jGDo;K=Qxs>~4JV~IUOHPN>dTUFUSJN*0!=K-hqv?=w%&S&D z!}x4MT!2FQ>F#QY&6^jabjiC#)v@z;WvW6zN(RxkEfueR&!cjL=F(uzMh7dUq-CG?IRK#_w%t&5$C`w% zKe-niDVr528Oyc>a-h%NU6*NgZol5erHc-pZYPMOYi+l!!LE>cv5MUgpUbxOu1iZU zGIaQyHYX}x5Xt5B-2x5`|L!^Q2P$6Fmn{|Z{q{=(e-!fzUgxRsHYQLwPtQ^Dcuw=K zyTyhoPtV%Y8Kd+Yxbh$;R$3u5-(Wh4H!LH2_07poJThluaE{8`ZB_N|2-@1%ttYw; zMCBwrbg}yxMTq(MiT^(OfOYU>cb$1Q)Z;2x_ioEuF*
`jR4v>5jZix8)s?dO`j z>K7vxLM?+-icROX->I>Yp*7etK|OgyQSULogVbt?ZbU`8iQKwhD)m9>o2$}dvV>9# zcFtb6MBZEzm~&R%)ol~lmQ><8rLx=BmDY`muz_&hs>dciD)%gpl7cT0!TbEj1+TH#=R#OzNRo5YOTUxk5`jGC3b&j? zf6>X>NYD~<*n9hiu#(5sNuRm26pe_Xu_ou0by*rrmy@NN2aS;{+k58r2T`DdzkgNI zYrlJtvioEhr>{t-mPGO3_D+RR2I~tEne8c#a~V+$GD$P*FLAvPhrp22EcSP7(hd?) z38r7;+GxJAW0d0S6v*2C3dirJMXv6}-(0+H3GtPn8hTHAxuaWRX2~7(Djj~{aD|}% z0E^@{L~rG=306_580@b@bF!t&LJLava|n+n4;}ydxrvxRgpgjlQ70*~v%yJtx=odu zerMC%?9DKOZS*pYmB_o&=QZg?uwoBTReT9_L7kESPl|ENr;gFoBjA=g` z?z*fWLV9cy8Ht0r`CO`2_z95b(@V5?9==OxQB2hL|Hz3Yykba)a3|Lb1wH`dv!YhXP)ZB45HnVC=*IuHkQe=-S^P7`U~M{|>^b zzV2TGXwawH_zkok)QY(~e!M-PN_v+tE_kGQKIL?5`A}AvzZkX+oj4rk{v#f>3_Svh)(98>UXZ8IEeX#L+U>0 zB4?%(b`0k*PpHF)4*9N%@0;k!o{N&$m@t9B>P~NVvxT+dIqWR!y{Qcvt5%K^78x^r z(7q6mGI<*PqQ$`UN?`2Womi9nU~lhlE|Lw?=w(m+qfF65=0cz&;wt+_AG&8N5`O?R z?SUc?_-4g^HNDt_guyBKL*r+@MMjcj0&2PPV_+8MmG~@R`+Bvek%;_T$@cah$XiNd z=o8}|{hbd~%5k~>A?D?sXeNMn?>r8E%Q`X!hTi|(&g*e7pY?4AY>i65dk-{7kT?z| zIF#tZ5a?hDdIO)1})~o_rYef_x+fGJX*?dzN{ataHOUEHvVMY8SJL01xcS(UO zA)edaGWv?Ii=AdUaS=zst^GqGSI4b82|exNmEjgalk)q4+(A^L#3AIq@>pDj#6e`D zTHC#Z0p#DXZ)IyG56lbGMmQ6itACd0aWv{d)lU~7Ke#`k9?&Y$XZDv+H z_HgEr%jF+hJcS<}I9d0Gw##82@DV$)8fNPy)}JKc8G@;t4Mo3_S5qs*$A)DkwsL8g-H z^8}%u849CW%r#c(q#+L$;|F6myRr}L^?^JLEytAlte>ij;=4AO>UPOAwZM&mS%4wFeuFt&G=}*-Uz| z>;j5pXAE?7dpFU7X7AWTRF>6^Swh)lmN zZ+abv0uC}J3N!IaQg71S8RP6bN$`$zKK8t5_d=R*eM)UY$Rp=H%tTgWdeIT1QY=M# z`oVy%#8*Dzw%_Z^PFLY%hl^yWj&WXM@V9HLKS^W{8b1_|H^n7sgQ=vhMJuO|ezIFm zPU-1%Rl&89c@U4Um1VRSs##}Tjjar2H!q%y+HNwik2W>x>8<9Gk-1*ARNJ%+7tcV? zqIv+%@mp9h_tg@xlLbu_cuHS5)qP&(G{i{!3UInV>OLPk#YOcMTmXV?4evHyvYOr0 zwhzHhA_KwI2ov6~`((v_FApW7t=>A45+naoSML=Q8tXDiBeuQ(z!25J8}Q==a76jf zZL{DAyn0}gTHCR#R|mUpRwJlX!!t($H1;7efo2vB#Ov%iyUW|VVy`Ao$I3g5$Co6iYW5B8E|JLOT-t+>*0F3xwx0`xl=k+) zKz#q`ESBlP)RCHxC?el0?tP(WMWwOxxgZ9Y_YM)!oMK^#LoImO5i+{1H*=gn7j)l^ zYhNG}kr_AnvBX7)Y07DTQztmooJFenspH_shT^?32y#fNiivsf@gAwT=0GXsI=lC~ zYiVjH73F(S&G;1N`0XdOs>*?5bPiw^N!_X)*p~{`3KNuJRU5by7Ym zrD`^fi6-LV%L!?PxBAy^z*jw^?w0x0b$GeLX6lF>LeycmR{(QhhOf^jFSi=cHzxLC zgoT$QZ^yqtYOHtT2}1H`NEk7Wl*sFMC)J}|cpmmZh=mx~xKgNdT&;zs>nKtaKZ6NF z{g+(1vwjFGJ{5=w5lobB2~ZBuTX1(&8)Wx$=eG|hM+eTy$t4XXL@R0+ zrUhc|NGXjF!TQBvzn9|;pJFBMjLcZu#N*|#WNB);3^3u|BenT;XzKH-3b8y`za0Z# zhuTW}dtcv`sX|o~+nYQ@vvKlYRTFe&Sls&sqKF12x1{%~`3)1!D_t)OJM+qJlsb>g zlaScg`kL9UjNwU5q`qW|5WFUB>>02UcYhQsl#4(1AySTiJ8VFqY3ww}{URD+%t)4o znNW{ASBjO(%aEJ^*0s+~Zqe&v9wS`8lX>KgX)jXeAf9GPVqU3tUD`T!@pRVW?Y@2WV^ggu2@I0Rjdw$C?{JA za@1AyqLBcjAQr4?*#xW<;z9Ab?SdCQx(uqaZLa*Cwm+`Je?IgJTu^t^6I^e4lq+fF z=0-{^g&NEy1v(DwA{AjQvb~OTAqDzK<{TMmPX`RkzdI&G~4E>Q70hi8JL=~ zV*&av4Jv~^HF^sR1Wa9-VBaVqi3ArBdaR(^qxOfvnV~@x+2I&{=a)7P@Jm~=L6SE*N+2nFe+qwDBkue1%^V=N34#R86 zUT&5$H0(kv1=wl^qIdw^IbG`u*eCgCaqV585l4J$1emQ)1z<|_A_TmkI{4t!2d}yV zi5Xf`j3I=r$g~T>y-`9C`BuCQDJI)5?E@S~u3Oo>2zXxj7%>UbJ53HN`NEB+jY zss<48&_~#uCc2(HbWQ(Zp1{;ZEQ921_8ocjhHSZW4;!w<)TqA1pnlc(;>OXoGi?*k zm1or}cPYFWoUo{j{%IYjS!IbgO#a@l1cJT`L^Cw4eENu_OC6d$>_Zm=`Gb0a?8 z<6!)9sP>?yMj~=Q-IY-hyghLw!DJWNE~m17ZM2>c%WPzSIw;ZaUviwE@^F=y%8bc? z?cybT-mNwr=<+$_n~>EV2Esij-W2X9g15+T1J0d&?cU@v7xlat^7u|;w~U*J%q!2Y z%qkcc{wApVMMjUxec1N|9RgJRZdP-A9=6H5Fs#5!vAEO;3xw{3z?ueSHtB<_z|g{)X#SAvNfnR8HX;b zZ_O=G!*Xeau$B-GmfNl$ZLI0gHEl*6GuuVP@MxUQI*{;x&7(F4Czui1OrkZNUiDg8 zQjYP2VtpIHYtz2-QgbKak6#r2xPa5@sshKV$Y<|U6TwJW_xqq=mSE|LDeUT^{T-d9 z<*;M;LtbTHWQv=z??i1q^RCU%hUX6R9PmovSymO6#a2_3GzPRc^L+&}`Us~10oOgz zR{?t{->}X(FL~Ox6x=sFTcFrOa+MXN1hHQ?J_H;U3@a8-cSK27Dxs>f%>K+x+CO|< zu=A*TkddhtuOmu-f<7U@{FbAk=Yc=g#aC*P<)ECMmTPkg8Z$S49;oqo8v3|JumB z*(O-HwUkREkdu5v`gB?-l}^Yo$rwBPL6uEFA;v0g-WyJG8`jAz^16BKf&B{i7vTo; z9_BtN6}1I?E81stbCDE|n#{qOgkYRE)4Zow%*FsS&4jcgQ3a5mE)P`gjE*iooM~k( zJmO0EW&Z#L(RiLD>p!gxY<4XDamxJl>ishzNoKbV=;KMoDi`Csf|nClRqv;N z!3VDw)<`M7dpyNCdPY_LNtzl~_r4^s>V+tr6s(lhDKfLM2_*@R|IKVTWgR5p?ep7S z518QX)%m5I%PVG-okIx@PqwLe1|iJx%>qpWO*F!(ix;MXJg)jtGpW=n)Fgi}Y&HQT zhKUp7%w!RsK!wWXk?_1bXWd5k=|g)&!jDvB8|$vFVz1}y*Ef`+GDpDUqpTg!(at9f zr1lXS0y`&scO?h|Bz?08mN)!)$aVhBo-RIbu-R#K==6!I*l6b6Vi~e+h4nV=!Et*M zjdla|G^O<;!jcL0YrkjTdSuY6I(wxe`9w8K)$`$)IVu=X7KHR1xaBx}AfpVnbu3xw zPGhwu`S!WNl#B$^our6M?&j!)Foaf_y!Qw|UQI?sA~!*Ntq1VWO+jgf6?uS|QjwoG zFt6Ze2iJ@(h3a+MCDcT}M*14bqY4MPeulle>{C7{r(+_#8 z(ySkJ+ls2|jXDb@w40@Pk@dF&+tWXrvfdP3R#YEQFLKI7)vG;3FW9-UeztO;uuC1b z$hVHJ7rn4r1YL2G*}`7%=K5^u5KRs3!=T@bjDsDR-cFWBgP0sh+xs@Gu*Bx zGBDJ*YgyIjS;*Zup?%UZ2$E%dWxvk$;!i1xiz6AW<`)-SKXpvGRR>8gnL0&Jg~?M6 zpBbH9M$Fy>U)}Rl3&@W;?!Lkfimw=?Kv7ufOkq@WY2Ig_>2t-^g&&5m8|&w%0)L*G zDA(zJ3Uf-;QM~2ci(DD$DxJyQ#Pnpc3W}TGDoRUr$YFV(WVq}x*sjywd;1Z^c|_Qe ziE44kbJSp8M8&he)tj%yy|%;2XUW4x_2C(~j}Ab70^398hyHQ(JTHvZSm{cjdn^JUm9$%!{ng^RGl9G(_n#|$*P2X;p`{RS)B zX%ZR+1pe#q%%CxTs9G>MSOco-1gHNZz$w^kLACb*GzZ^Fb_I5~N&;;D>(75fXr6FV zHXpKo0Ttt$;G#>|SnmbZkO$B$6<6=o+9uEdi?BOVjI#kxFpL-jN*{oV(PJ2K{Nu%8 zBU(QF*;;~)%z~ipJ4}T=N1CS z5D+{EG34wZNkImn>}A3R&W79VViO*$d@i6$`OBt&e{cq4T_n5~MmQ&mCzIK;)p_NM zktzx6;6gc5R=IOh3qw9TkYtTgU3>8R7iBbo?4)@#h#92WG>GL}mp?*xTwTdxl)YOv zskr0KwsaN7i0p+3%~OKOzP43jU|(Eulu3VM3Xzq!MnA!}>irh8h~ZI8YOFGq9XRd3 zgTuW@YK(=5XjB;X>({WyPwDPNiyiXX%fQRfSQb*rVQiw{{&Y3PzFwYXNX|W3jRmrP zdc}6w@4W`?BF;tlbCSGdxpuB&zY#ii@?+`)>aFPxjo{B7U#xtz1pDP~HOlt#Do$SJ_di&z}F? zvttO2@cq+gi(YV5dHFb`1Gd4N9We6ofU3G+O2an(0nF}H{vQLnABP!dI&hZ=FrEMr zLjNCV69)QmpwLyli|pa_^xFFvn6>>gI0LvN0urMEW8?G{K{uVN2eXF}z!~>1BC^_3@;v>u?!Oeb_yF=azq{+J1K45rz`ygJg*_)^0v4!X zu#*VTaRbw5{<7{r%cTL+*MMR6;=iP-Fan^fK<}AT0Q+J4QW#hF!T!KXMK120$h*Ga zuOHnJ!E>Z@nRj9$w5wk18h0$+IB_k=%<6uhB;z89MnMF1>VdGXogW*T~bj5_^KBt0n|0 zwpw(u<5l`qed(>rT-O+xwhpK98 zsj=m}<=!IMYf4vY#U=bL+97z0liMyrI7cc;vH=s6OIt>cR?hs3d-Y(M5(Ou82|2mP zlm*9kJ(w<}WRT1X8AP#MiOVJhpF;%gJuzDl&Eps>hQ;Cr;h=^%SMDKn)E7?D`4S@2 zt{-LAXkJp(ne{>8uO?;Yx_BXaJzVbJI#r{n!aU|h9JS)dc3?s7O&aQWV{O?FCu3E^{NPVcjHFtC7c88Ek&PRP;|A)zBzf;uJ@@qMU zjUgk4vO;suKe_S=OYcZGI0rc2Gn9$z73osYoyNc9)X?dh^=ohZcJjAvKKv~AK~Ok{zlj#MGos@3#N z0T*8k=v03ixT@wEA-*ZyMon>EPbAkvJ0g=6{e=j^qK`AfvK+YAAY!;-`=o9x*&-c- z<{yCF(_`_L1UpMk){KaRH#V8NR~yk$h%1@la5<0rAehZ-19^jsh4ki;Om-Uc19^`B zR^l$k*MN=?GAP;2$XR!*y54UQB;!wGEyiBRNRoYu1s$_G z%c))(u6fb9*sPs#-mWOddd_o%I2$9_P@F^{qc;CJg4cA;smw@u+i$hc;XKnsIV;#< z^+1s==ECrS1m7e8i_GUe4nkjv_eZ%MVnN&bo?GbPhHpl+i#Lyp$6M3IpK;`3Bfs$1 zPK)(`?CtIB?7vk5uFN|?ZC$INFp&P2XPKwkj2@W^TV0iPR)$aDO7Nwg*NWc~CGx=| zy#%Ai{yzKYiSPt#QXBsfkxl5?qGC2I;&;B79Yy(x7>YNm<~uF**)6SnUiwsRxH(ZH z{!jzqvB}Z3l=irN#KRwsD%A)W;UF@1s-~+6zc@d$YK=wYD9aK;M!dSfm|;$itOZ2< zVtvGugg<75JXu^)_{@|<>R+VnA_Rg7=_S1>LvvAFa9;dz)ilH_Kzpr_XZ2cBG}fST z-9qd~w8qGkFg8Rz(f z-gZ6lQ2CegnRI!UpNWtX)GKh0zL7Lx8@*5LbQ7W~h0BqaSx~+hOk7f}e8J!^xT8Kw zbmmCARY+;)Rm~?!^?`_8wVL4z2fjX>g=p;8cQmU)R8~w0f}q}hmH8vDNfy@6UZ)ze zjK9gNb6!}T7w022kok!2cY2^!@O85B``i@CkdaKlldot=p-EHBP;@FedU9#a==@l3 zI`e#AOoO1cujC|N&+Yy~QkSN-lTiB;m2%#_Y=!)Q5pQZH;j|!*Rm(s%@2eDrgVIo5 z-h?=9JS(IybcTqv3tak9J0Nc=$K7q=;vH!n?F~bdA?Ev-WLFlm6ZiI9Xs`@ zQ2r>UB49&pt@u{%oPDtacl|jfq66Quv~^9d+Gxm$!&`T;-S$z5f0BQafq$Ie%u3Nn zNt@Mba4f`)X|U~UdP#J(=+}A_J;7X0jz}w4Z^GC&wyorL&LmCt^AE=WRrqle(^)e7zwT?MRr8L(2tEstrW|g2o>)Y6@oV$ zshASkU3iO{^fp*o%XG#*^VMwyIHaQs6RX%?!nf|sHkaUBbkip0Bn$1~i0+3L&r6>_ zD}}0_pNWx*1-6}O-OJM7C8K9kG+jyGe&L*r(y%?3r=dwdP9#`2OlO&lKPYJD zPjB8Extr12>A6#CFB7HU+3_p?8Mk<9qk73~1Ejuw2J|k#=dRX3>TjN5;JG@RiWddMt z58zHKOCJiu3z*1s=LI+k0l?ug^sMwhjyB5 zoG!sIRci>6T?VWjj=+SW|7b=c0C&@H+b(!PZ&7IvFiFh>RCgkFz@546;}Be=wK!k{ zZ8atpfR{)b0s@eScfjj$@w;F&E=S_tgh3U8gIx^%{H)W10{65*r7SrN!^9dAnGqb#@_yj1G+K6tqq(62%vF-k0# zd{ljm0r8Rx+?i2RF%_)W#?uqyczh4Mif6cw${C=YkIboR9sZ%TaP6$LE{(xvRU8cO z7C2RH4&uT_{H0&@2ahMGo{{jBA-IfS-URllH25-I zTru>LZ~>wQB`dS&O`we04!hjr*Un>F%!QByCCj#PC4gHe*~o`zx~Q}76A>O=DcB}| z44FL>VvVFYKU+lU>~#9af72G`v-avJl+U*@x6W!zFJ6ZJ4a(TpK7orbM>fGQ3xMf$ zvrteA@Gs16L$duLK;NzdRCOb@7l3WXf1d0r0oi>#Uje@b)xrnR=sf^C7yjKH7pSTz z6zmGy{tCbNjDc<34v;eRpIKm6nw5KCH1!!w@gFG@wvG=3 z*u8Xk{%4{8*v1WPA(*vg|Hacam|3L)nm52w#{c1IN^3v2tbP1(J1aZUNXm z`yPw~-;D%!bQcd7K*{w6j;IHcZQQi^`^@8+5({(l4~ryq{^9RQxMZdVDR^}iK<7?o zAOnub&g~ed+3SWG1^?iX?1q{C@rlgrFgWk**9w0keW#_ZYK8jm?#eFiTVSjd( zDA>E&wb|2)mc;TgK$II)EbNJl*K)e3CXz)8X-IJzp=4b02fdJ;5%ay>nj2%5NzkPF zMj4~~jwHlfjpI`{yg0)C4ZF<#%G}`C#VYqW-boHk=`RlZ4~7D7c=8VhU{!!KUEF@W({BcUs>(M|`Oak4@{_ z)A5QB+0;@nkL|mNCov(6L<-4hg)&-RXct)^W~!hHMFiG)IdK?=s|>IXX*w|!zDPvb z)IkoWFZ$S7Lg2+R1>x0|ndq{er4)MZj{ZOXQL9K-4$y)!>qn&FasV1y;@v z5o1ks$EwjC4CN6^3JpF;M`^%1B?l3D-fwHX693f9AZDh67mE{K&WE;WXh8Sv7>#sw z=kXQ2$K{rh6(P;X@Y4SwrL<_P0s+9 zM`UP{`nTjA{UHXXD3Y&RV$z=K3$-mT$=DVI&niOns^J#me{rvCq^>u9Xfpa#c3iNy zZhYIui9Aa0>?7Q%W&B==0EJTL8MzFZwj!fT{Pb(WSZR3otg40&pL#-~0}-Tsm-e~}+d4?cAKy&KtBg5WW3}=SRFaFc7H6|c*E`$_ zqL(P`3L-ZN++`pcaGV*va4_C&LOWj2-?OwxS^df;eW5~z-oDSO+#qsGZ)!%M$Cj@v zD2`&Bn~q{FGeV51fj6U1kP=ixH214$%1d<)$D?!}oBiRB8;6*KT-}q5D=@S!N zF^x}k;hi4bopU#~;b+kK2(!+N+~=jTXS-zIwN!m-(8Zzi4mkBF?Y8?DWEFflQRR3?21AS=m zf20RuATfuE0T9pZ;;-j()I1d&z%Y5hl$ICua_pfti% zt})+wkGD(c;A(&5kibWj;~Em?m0 z5DfRl2soKIUX==*~QQzMzi|4RJX~VU^@`F^udm8X14 zX_@8*?PH1{M17_u(E0(TCU8lz-gbSMAFqgV;@BcYLr`62_AT*_)ShBtNl9Ezo{~=_ zdYop0sxr5Zd1PK4kv6Qkv68&HbE`s8KAAAN%#9Y21w$SgCw8wMB9}ErWMsaE;Is73 zHeq~0RtjU57rmTK-O`kBJzmn1W7ZQ5^%YBE>ARb`+f4~@YjJvf1)>}<^0IO`J z?)()_2VvH88}<_dN}lJ370mxdj=OGumQlcV6%f4wvWEVRf-((2xpW|Rm%CFVe~XgX zpieN3b{Fu2f#wy6tz!HVr1XDu0xQKK;{*^tz}3Ri-E2ty!u4Od7%|{)koa)-e<%ur zo!DnHrKh#2e?VmzIR6K(|Gp-Lr2l>z7{&Je->=4V1M}I-W|RUne3RKAdnhO4 zGmtc|%ctAk;2$PnDTeC{wTbTVS#o%K{<$)HmhyO8UlXSH3|K#s~CaMyqz)k z_cI>JZv2v~*yYNqI6Qp*QYZ8hY?>4qzl0YVaiTJQ^m&6Tb`iuCK;#OZ*^C955GB6{ zmJiI2=R-UNH!nATcbAw%N<2YEAj@t zyC|nuXb+6Ue04x}Bh0~{FS+T|OX#_P^6^aL2O0Ybc2n6f{O_)kj_|-;^a8;Z*^}iq zmr7BP+5vyfq>~FvG>Pn~gheG<6-2!ue{-GdH|JbuCwfMfaL<6wUzrdt^UBb!`&sbS ze&>MKPcC59H?ukv_gQODpvS&gSR>dYly^m3)8Wo3EJ6Es6PW_SC}3(F+|cIQ@pUHP z7X)rS)Oh?z2tL+rAG3jzHZw=kXUR9;I3n+a5f|kBX$bc&&`edGk3T`(`s?z_{ zh~An@S@z)$$+RzHL(v1FhE44SFQg;Y4DJsVg2dtIAG)Hd#tTWTeXQqOR`Cz(aGPAO zye>X}!k#HU#<$iX;N{I&k8?SGYyX+_C#l*c0naoZ_HOpbSL85B=DlpAduY5XQ%V(o zYz3kxUL&2B>2-IeyrDRY zO|;j)3rQiknaPe_BW-; znt6SNTQ4M5n^six`USh=;pRz3pU7yJkSF|7>gGB8rsL z^_(mu7*$q=)hNrzz2yp@U0;J;p=k=m_Gr%Za;vplKeRkt-@k+?hLA)eR1&MvpoHt- zlMcN2Pv+ZDI}HWyO&=sTf3k1O-oc{a4L7O#c#`jGij)r|(ly7iS&YkW491jfz1%PU zNTY->?KZzr4+=6CuZu5yiE-|$*V-50xZX(-(XQAK^N}i2ut}*~oaI;K+((g43C4(6 zLM8ZMF)FIlvlHLur{m+TxeIi*UK`F|;6I({cG3$Sn7(J8*`IdCnxOgKH~yN(M(V2s z1W6h~E;>k}8+K()?MEK(P!xw)p~-@6ZVeJqEpB07zf|%BzZ5n2dY`Fwh8M{YT+XSP z_qMk`q5g|N6uMZIUS_B(RIvf~NXFdK9pBY~SnM9m1092yuDh zy_0oc*P2N;zw7=3hv8;cfA{vI*xp)~S-#md>h)Map?u&W+1R^=TQ)o0SH%0?bl5!p za~40`IR<^uXy3l>sQdYgBoH^#-V>h$eWF{|%+aYNjt-waf*~U^60;;kI8F|YRQ&aK z9L$T76_f`sx1@6Y{8gw>W@4`9>-XGzDD`Z)6GY>245|ZRA!KopPs|c%MS=%2gj6VV zpLaYkT9z2Gu@%bvk5)M*%t!Rg$Efh0jBsuSS=>I%mC5%J9qmlfNeU^WF!Q$2mY;N= z=I81f*jf5xzG544r+-SMdvq$0d>8NVHuiz35<(5{5X6B2mVCc3>$TT&TE}E++^_Ao zkDFJnr}_cgUCk<%_Vo?*mY`(o@AD#hHkSaVuS1?lo3;Xt@D~kg{V~v{Wr~s)?{vRu zl}iOnhuoCv4_nHxP~hufe3yw$t&ET+m%NpBAUxs&A8g z8fQsta>K#bQu7^-9MsCoK!nzt9V3GG*tl9kWT6q=+cdQC7*)5fXjQ0wBP%5#lT)YSh(t*>H2ONZeI|C?a~aBB{p`DL zKBiEFSH+=@ItJdrCK)$Vgs@!uZ@k3QT;r>WWM_w>{R-81M%XnZ5S>5B7gBx1cVMhW zWd1|%D{+p@XL>##BYv<)J+VjOH}{8%r-h_jG++-qC%@G@guG2DDbXj7$qYAnU;!HK zm4{Ea<;MNAcwUAoDzjrpHUTBJ>@OLW=ak~Jyf&4CUz4RXASko-tw(6G{_vD=;&8!& zXg_n{)ke>Fyqri(^j;6wGOzPC{H;xAJ?_1mfMVXrS7LaV=D;JjkMtEfv-UFy(ejSD zWsJP+Qfpem_G!g@H$q|-)Mg-R_2#MttnpHL_5h?D)$%7f>8bc1GioymY}{N#av8<7 zF;8-ih4H(Ne`flHxw0h#wJ2STvcF5$53)fH5!EvktC?#C< z|8%J8=6k%JISZBW@M=>T&-5^v0=|AKaG>w|>^~p!jqA z)u7!a?3;zW2ZpUd~W!~;}*Wtn?vi%uvVTwcWUbWmc=#tBRzs%vANFp}f{zJYSl*DGXNcg*OsUb4 zWv?lSjWBHT156GWD7(1KA|^mHEY-&5L)IdhF%T*XyCFCef$ekdN5Pgv;3&BgHJmgl z>W$Q{Y+DD?523G%?hRZBzD=9p**2}=N0|Wam7yEp5EF0=;_YZhaXVnudIQjV@=qo@ zLEoIM-`oIS{@j12<~*b#Sop2f!D0F;o-hYVoS_+Ct`&+ZsKP)K&eQ(Db1~XM_d!5m z0xt(QNb(&Cgd!5G%*I9;aBz)i1 ztE{_WjlRP6v|xgC+2jMd;eFUhdpNSSC}tIu2P3hARscXdLx=DK_yX%UU=jvLfVLRf zG%y?dV+RZFyL71M06bXg)4Q~-SlWS(t*qVxmA9|hykl`~524Xa*Jt5TP{~jH7ujp^ zL^LHgV%aLmz*}`<^;@;u}LraaBrQ|UJ^iq=S;c* zC|xK!?1zk+v>V}i0ZofhJ&@BY0~{RPczW8r|=UOf^&+#|B(lcVh) z#+a#8e>+(y3D{TJH((!MA0NHmSk8izZio(wnQ%Wb2{7131i7?EM=QH;+HD7Q^j|&6 zP~HS8Vct{I0^W0w+-^Vd%?5=aNRz{nC)*Ryc`wa&?Ov9T|1tm$qh?LR^V28)rFGyNtYf(;8Cs4)2l+~kk zE7U2RS_<+xt`;DI@!1d_h@Mq~o}|}g`W*o{7Ae1N0j$Kz-~q;|$ANThgXBF;VGYl4 z7bKtC2=WBT3zJ4`1dCEAE*Ff9l&{}mLfMZS@-n|?!WZHtmg&!IIdFcT2RIi?*Cr}a z(x7r_JU|-R-dz=Vg^S;e4gOt*tP}~i9D-BMZ=hGrCj!Su?&)cU8aYwn_}JuUbbgoY z$5-cxFVxG%36S%$HnKG&`XIFlc<+`w;#!28Znu0N+?R_(+Eay%>VNbkzr}U#I}esB z2l(1&E8&s9-#2}JTR0ODRH?D|Fq-?;~ncMZk=*iv=Ihq@P(eaVXOxIyB-$x+@Mi%jUfBOv90BBUCm?gJ zv>M>irP~60;`70uU4tu@Nqi&r8hM@_TTvA3(r;T$u7(mmXrF9;!!Dblh2}C3h+L_b zOR)6d4Xw$}InS7HXKl})Gt2pql7-9$q1A4#O|F5l&6A!d7Cr=!(N=@yx=lYGTeK-f z2)68{`AJ$Y$$zqw9dqDjutKgg@?(z**cB&@36x=?7h)n0&?0u^k0T7-e`3e0o=p@8 zGU9X@|55Y)Tf!S=!H$P{we@WAoM*$|45zZmQ#*Owx)hnY1AbS@9@?i%ueSB-Bh_*u z9%iOPAPXW4ISIcSv0k13L4dt_;lYvf>SYH0@Jsb25w;uySXJi!;j`VXK zT7T>?Zn2epbT?{Sn^aGKXJseTjhp2NZJJ|AEZ}yyb=IuV>P!573sfZHVoQ`!gC(RU z$9RG+4=4=Kw!(i>Wv?rw2GotcrBD0w-OR_Kpf3?Q(ywB~t#H)(ri$>Z=#O}k{nTnR zFp>A3HRo37_-TU%IMV1rLM~4xCU`Y_`kvr??T0r+3ol^pVCRjda?F`)f}>#XYcCDv zNp26pUsuSmK%%+6dB$AQI!l7cNCbK|`BrD1^;ihj64>?wGEb+_by~tJk)15aV@C(n z#Pk!Ce}NdPdcFn(ZC-+XpFthaj&>;L{{yr@OTRfD%TVM$L&5(Fwf;Z6l>b`!PB2gW zTYT}Sbl~;}()a#WJB%P9$ZYwV&h}}VkO94#gY)bERN2=cvthgUGtA+b^D`&~%n;Nc zUQp?*;?HPU$?)-4Fw_5%4u=iv8(V2#|DSmsmwqjX9i4*yS45Q-zIQL3Ue5`f+Yitj z;&g}2VD$dX>H53%B>g|bpnbQ_-`^X{|95R|ZDZ#DJB7zK{>@8o$ZEjdw2|-s3!|ON z|Gd1hwmQrIJdH;Uet6?up4|k_pxLg)-VJVtSAPG@{j%*+TvXGG9Cin{@v_0_{8j;Z z(;b^Vr5@Y-f8o4x@r>}U+Q^^(%d1OE$^6gD8_P?x{9n^}ejrXp1Im4KKJvO9l^^7Y zX1zG~`uHkT!MHA^e84EkOU&JZsaXOF)93QFA7JJNDk2u#=4DgCSrON&j99H>gdYc4 zQgW_A0NnPaYMIagK{En`qK$r-P4)d@#|z*O{7|pgj(+mt+0Nm?^SuuVy;qluoPeta{n_J4Ope<% zBKVuN2qHR&)%N$E?d~0O1N^CuPGhybgPr}CyRFnWuix&DIxbKFN+d|2@c}X{wlBI4 z3?))V)&-0|h2~E3YN3Eg)v~vdFTLh05~ zOv%sYk%63`eRb6dVD#s|fI{;kudpg88%~c?s^xtJv(W=*gn|)utmIhwtu*@ zjY(nsc+mKM z>!iDW$0tUqn+5xLA!SH$=-*1&)*Xk^{(mJ-o}(ZtWD#bgn+y%zwaEr zJWYI++Mud!DPby&SZx3B*^i$hO$N>|9G$}=^LDe{FeK31&8`o>Rf8ar6!fgBk=!;b zD}3s8K@d(3-!ob{GwF$+pYQFrPTu3HCx>-mXu(2bKroEv&Jv?S-+9dH&9@e!0S3nZ zuyxQn-ac*ZzGrk!BycSnC*&pM(6<(DU>$8c0VSBcSbW_4tbO$b(&~8U1W5!6-p~ye z{SlVcP1hUg`j4CKI#jFyaZggjeY;8I1fW1hYAI|x{ie@<51b%$o6z%&x?OAKZmf3K zugTd9qD4+bJwM_9F{kH+IaOuWlttXY4o5-Xc!e&X4oveQC-re_G;n7U{tpp82m{pw z{5k4l`oKjfyBNB|MO1evxr6yJ{!*gxd2MdaETnT`)@nZJ8G+Yvh0*LDOnbSIi^biu z4-a0RogBVA-f7j2w{fW@6~yVI9zZCAJU|9ebYMOZi@q>f2L~7Rljf6}X3#`MoP1HW zh|A2XQ1GcBUfr(qzsUad$I%Y(#o!ia?^8;Yp{GZ!hM&7C{p6`~$hg5L;R{OVU?A?N`Q1r-X zP(RkX24t*@aMF!k8CS1)hg(0(|8XJ1)FJaYzzYiL1TmBpdM0dO|eE z%CTmt%ksVf%j2Z*E^ag7$plBd$kgVBF6b7E9f5m*lT(~)dQReGkfp_9Pi(HQXB4c> z8O1i%){M0;zbt|@)<;X>9Q2+HUR}x^a#=*9Dt45QcC2Wa)fl0RSh4&KSdxy|+Tv~^ zheQQ%wYj!^xZZh3C`lgCRLgUT!J<+=_}>f;FfA4(_#jr?GQw&HkXh%6R{QY-+9}dZ zWo{p`8;?2~sZ;7NdtZ&cc!{pYN@sLcY9N{Qo|t=_THsPX%BQutC*ir*e-gM9^NCKB zHeOU?3&N@EI{l}B#G+iWA{HhcLn|9LT~sSyvEhkhFL@^>rDH3eDG*`TN83bV(2m<50vTZShW}@!C492a?{ha`#?DJ_+G@=sV2V#! z$`J;N;T1CoDJb=L$0vwLvXRhTnw``<QcJgN^!x!b%w?8E&{i>5FUTvF1u7g%F|m| z@|AlFo7W*;$x^CpDLlinc!m+4wI`1SGO0Lj?HnHOJ{3K8=y$}BEOn2c)Bs5kZi4yp zj9#A&MU21Cj!(Cr?YFjSs<4Mwtq^rRDBVF;0wL)QBP^Jg0MKI@tkI~=!2^l~Xlm^% zClHVEqK&h_&-!q~9~d~R=>)FBf7c^yu6?hQLI>0@%xt?*qQ35p3f!;KBOHiII3^ky z2Tz{T_l#$vkurGxfKPzlv?w3z$y@)W%x+KGMuGpw(#q;u(*I*~ePee2_cR`mk~{w3 zHlX`H7GSrvvb40W9E}^~X^hemrRm{0##B8OaghtPj`%i+XUsMrq_fJRz)zJIKXGrV z&R%cOrL555Q!SRo!meDi0VjNwRZ@aZlvc2x#B`Hk;Po$)`U9pi$x&9MmSE__pdAcv z2QDg4R9lfFL7pvJDaO`9oUII1>uk66eD9#OduBEo9|lFTt&9@frb(`-vE66eC#^GH zDOFPj$>!5LfYkK3v-2~69p?- z9zPbZkX3$JgRMQE8YYHIHYr0e->0uv4Z$F>?pE!qS_ZmOAu5HhL^wIRkA)lqqvUuU zQOG2FqTolJk%|`ZNS=~cqqWnn*;(pgS0sjW3CyTQxz<^2w2)is(F^6MXe*UK(ndzr zNClGVeLyzODPoyXO8?C+R@|4z zx-*aCy#X0=fVU%n5HV$deFs!T`YbebeN`@>kkN+A!Uk%WQ$kE+vq(zb(L}?>f;Rdc zEpOH0n+`hB6p>F3CFfhHCyJ2`m#&I>Peq}>Pu9}+Iinx$U6NH;p7ZU32%mrQKEP;& z3j5s-zA=Ayyg>g9N9VHfgO~gJ`gPyEkokgXzi z!=N)7EW}E0Nf5GBqV^o47}Zt9jB4;5YhC(ymD31&2dHt4pnVlAaFK?1^yHDQ1|`yU ze)vQ9_c2#~^!d^w_(j9%gyh?JvG9&0MMKQL9peAZE62%(P_5`ORBZu>cg0e?HU0t! zwtKouu*xy?dR_bysn9mY6S>wLQ&kk&kd0siW`AIU%tZsL;3yRXzATtXeqRnWSLm@4eIY5?VFZH`w({gQthjjP|tI_jrEQptcpJ73O31``y6 zAJYv>R%J>Xb|w*k44}LOR2CYG;-C#U3ppYVyCGp9Qi<`1VbhQWi^*k}jdn=Yd$NND zz9+jbaFw5-i(fonynR zjeRUSXNrdne5iOizLg3maEIJk(k@e7EEghslrSZN^Z-fJkL<~@ z|LHT7NezGn=YOlKtD7nN-{$)4{+DSyW$k~k2#(r`C1K0@76p%CgUTq8Fhu1QH!NGz zu~%j6&3HCcFgj)074i$x=>nj`%T@B=L7qFLq$Zb>I5Iwl!pL8t7xGg>onMgcqQUKD zSg?LRa)a9{y|2)J%U1R=jCVKy0PfurfVz@F0^Mo`8Qd?ua2S@PgH?kvDL_i>@P7+y1CuiQk17^+WHHZ?V1Cei3TvZWZ;&8`7okWk-*CvGAB*1$B|RJ7Uo!jahSi zjQIH42`=jm`9s1u!*_R14cV$mVB{zF%5xRVr#UEn}a_iTRA9?c?>_^U)>gwZ`EM z5g2a;XIWY(_iZv?$%!1HpRP9S4V0}nj12cN09b@z!1tvsKE3eJG|lFHI@U1i;^(g0 z=fbr);OOV>uzjV_6I>jam~F&vdlY!XTe3tdf>V)&cj%vncn6@>$uv%Ow_=|VU`;Eo8J?uQZp(D>IEE3xCh;NfNP*Q!SYS%|n=#qfd6?IZTwW z;1NZI2b6#Y;Ex~v5D9_?a%F(ss!4OX)hw!r_Ku0vXWkceb?jggX-jH%&0iRFhvs!{*ggYr77G98=hX$ce1h|ssiafT!JSJRxUTID9NK(ZnbUYJlAVvw~ zm$`J;*|44Jt1@saHai)$+in=XDnSs+TXXhdz4V4AEr8)@=Q z&~3Bof+>~i2q@~X0%x&5C%IjvlRrOdC@Aq_wYT z`1qV;T6ChCI8IK=>T^?2$G&({G{Y1l7Nz4jEj230LxoXX5Joto1XLP7%~V+-TlgLM zgHe}S){P`t#u#Oq?)tRS>OGJcZa%o=1GqV}`8k9nsbGZ`JG|216bVa+EZuz6%zJtW z>hf%72zm*QB$M_t9>Xu1s*il09fM{o7}3`xa1y9OJQ{o`q2;_1T06w$=|ws;dP!4& zt2P8R(m-KsU#Dqb!$IXdgTw_0A-vATvN$IP|2#g&`Iv}$<#FfroTj(w$sCElJC=8{ zFNG3s;vOh*l=PzC-Z|a-xV4MdhYj66#^aM`{gvrjFLie9No_w7Q;_0EV_GG}oH;Qa zRUR-YVW_?vujtUIHi^5q$aNPdS&8f!-$F2CQzv=HcJ^oelpumEBO6?NpBmCijAevs zb5U8Q|9c{8LPOt`fecw}`jtFQwb8B61KzOi=&HI>yeBi0%(v~ywf|sT$>i?;MfRWd zjn!2C$IZ2sm6`o#3eR`e{)4=mVf(>P6We_{o*#eJ#hbA`w(Y&10_`_Kd^B2Sn zdw=AzgVFBrJ5)YD$?Za+%3PPbgpw+8U3n;8NXJKLnS37Kd%N>_e_r|Hv$k7k!XX&O zu3Ugt2moEDCn1rtXjyjI88CA#O_3T$rxdAq95DeYea1hM0ShUICX;+ik<08b(7QM$ z8N&`=d4scX;It$A47O5_xq`B4OuHETxcELfb;*xiCmhO+R7?6O^`)b=(ar_h;Ldmk z#9C^IcWBTaz4yq{Xsv|Z$MCKMv@D3T8yGo~&Bf_}+s-g_$vG*GZ$-LrC5K?0wXYIA z%<7v#vTNm(IVlb*lP=PFft!~%#fk5~r?~UraCiH3yKdON(1+IThOWqmbb9=h!jh$GO~InSkn1U`1lSo)8bE zTh7`L(+XI;8Kw|z`$iZc#5ci=`FqCVftz1mt==Ks#=?JON5Y z*4|;S06A-y@|{{MjA!}bykn2n+-~22L+f4g^yJ>3xxKvur`8I+y*roI+)hpC(ORlQ zbL085-n~0(E+y{Ho3;EXPs5irx6^Ofl{HuYlbP1;IsRv5V?A~M-{vO%dnY|CcxL+F zO#ds^|9G7pBWgCOBHXcZz%%szw1bj1g!|M8^1C>>N|4vZJJbR4yD^y(P`uKOwf>8H zh-b+s!<}gWr4C!BviRqB_>Bj$lvw}oJN{#BeRDk(|FOC}v;R!vdGZ(&>ZMeGjr1kt z4ZMXM3S)V3dgX-zcqedzTLFJkAb;pz3~!vk-4eI{NVLi5j%mjEt|j3O1u*&(KOhKf zhQOD2fm1*}(=hvcAv(q3j}H%CihUQ)8pMZgALK$;9F5L_A*uSl*LFcL3MUi;d>dZD zOg+D)n$HoL6N!v?4s)nO*Dh`e*MslezPwFFtTdNZixOr-pfjB_#9jpQqRKj;j-IK2 zp{m);qD9nYlpO^5${#@Qt^g+V_r~jX#kng+p?fjvHV6ik7N6{$esuWqRBRu7Dn8jh zKHfe!{d9}&zeHC-_u6GxUT@I#0Q3zyul9$xfIWeD(K_Dw2BLF_1+p zoV1P(_v=pu{C98X(^77&I+3ycG*3Z_pXfQAj`TvnlRPQ=)C-J|*!$^=)>GtX;QzJ* zDlJU00Vezc5fu($OhS|;v|8iUSv_aizQT(tdBDONIg1GMPAry7`2YPj%Hi|wEr@C7 z5}ltGY35)%2m|lgMF0WlcQ8?59`*6k-v&t~0Dy<7$RHwgF5D)~iMeLz;#uT^ohW#c zJgg@&Wns^0N0MESt+Mf&^p2f>Inp4bF5CCwb=g@Q>hd-ryRx)}#%uFStS2&>Jh14{xv@BVBEe||8ejR1yTyieMddVWk{wcD_e+;V9L|4bCO zZZ6gqXFH794r8{%h;|rn|FUM&T~QE|>Y7xrBb|4W!~@3HQ6E?;c|A|s$2~suqH(D;34sN~ByaWsQ_+p)lP*jAY;$(fUJU16mvw=m{T^w98`RWzOr6G?E! zh&$*k=wE8e#ovPV;tt{s_T8I!)pV7|fPhEN__AKSVYHWyg1`lR9Di%*DL7_RmQK@P zg?Ph?+;<*rpPcM{c(5>7ZVXoH;+M24z%Ss0!7}K3gOx1-3f$ZHKlF%Ql9F2TGl&rl0+*y`!^d`-eL}IobPH zE&h4(VtXH5VP70VFF)GfS7m`jd(S_`&dAo~3noPT9d8%pJA!}KI@nc^j*bsMJUiMx z{fPep3TlMj4c`~=8-C*6^xe+;xNf4C7HV{`6ZBuf_`S`y-h!Tv?v_ub6U&8ki5A8; zJ^sIngo@i63~!^f1ww3Ta9Ewd;l=V@@>5Siz}QrfwrA&Ezx^upRbm_eh*L@fB>2LV zC^jIdDx}^IF^C=n3n&zL>3!;ZBz$aGv#9BKLF%J-*~f|!r?%6+O5@~yIlx}SCrhu% z>lLb}tA((vgJf{8J%1G1zXH);xt-KE(1&Oje(CnF{2pGo-L{Yfw4s3$hBxW@+$pG* zZdUHcNBviQ|E6D?`_vhczZq9=-Pn zIoS|N$tUu@kF76ntx^yKMLA_vRgWoBG4#Hu{HLF8KRY}=%`W&=<`Ld za6%Wa2zYBXijsQoJ((kjZzM4km&NxjEy{=|esqLU61IwVst$Z94qW$O?)H|I*Lf-K z7O@7}Z*d>&_q(^a<$HvkdW2iEM})#7PIy7jSL%<5-0FitWVxa!&eQ5n39gHGk2fg@ z4sWU$`ksA+i+MmjNaxHZ-j#+|d8xxI&?(RG!&%SkFW^nsx%`_6_Wew-&X)`IZ^<-@ zjbCErf0|M|ONx&qN6THM=INq-#7UaK3OIs}Ud|+PCoND7U;Z?^)0q?POSgYNDE+i` zP=HSH*y|~qY%4ZpC1rWmLVsw^W`Ueoh??3NPV(3`rt%~=p-ni=V_0f65mAgbSC#S8 za5%Bi&>wY)Z|LMr{K@2q#at~4AXm$Hu~Nv%I)3}JvFdGYRZy#O-t+M=xK&Mz@TkmkEs*! z9$VXzI?Y$vGTa=Z3Q(6Ls8}hbAH~ZT)Ag&GNmJOW=pExz!!j}ZeH~Q~`lIZvQriDskX?QQvJHe5zW=r+VPx z)wR`IIBxy8wR2jo4a{VCQ@x4p{r$sF(k;YBoU1OXsL%*g++y_EL|vY81y29c6-$dhB7Cv)DbmGp z#&CJ{HyLyzTaD@t+b}1b)e+c?V!xl4cJsV!z-OM^IN!YjCJ{Gs%-k? zA-fA@j-lcs-t`^jQcDG}3f$4gosIuc$7?otzyBePqO5f6vVq2y@V#9r;c|iCu zq`KMTBn9w@w4k$ZEr06=S9j%U`q)|g@~yWx_jEo}_xujMuWzL%y6xz?Bv{_j7eS64 zfR}`fc4)Vof~@^mBv(HbF)oj@eAxqUvl6mUbR-{H&FghtIkq*9QtNB5`s^}-J^$p|37&Ml^C#N!t}B^Ggs_wIgWFW)QAm~DFWt5R z@C0;a14!(AChwF(*C=bmpR?MAm-UC#_I5G)mb7Z5&A3Y&Yis&LYPj!pP8X7TX<4dk z-Lrt?7K*E?ndDXlGH9*qTM3~HwQ2BdF zCBHnP+?0+PY9_ttMge(5lZRJRh|`buPQ>$<2Ro(t?k{#lkMlN z@6U;22JfKC)4dgryb~tr$_fiNfZQV=@0wi1<1GqK{CV!uoj?tl{nHz62_HT3Z@dt{ zKog?@`i7Ciurun)M7*JfZUV!=HvmYWI`A&Q#TG#L0Vu}^BX);}kfcIda+F-E5AheA z7TWYhHrx^U_LyHP7BFT9j9+^Gm<6(Ciqt#4O5|9Ml%*JuNb#2mUE3I-IT{#@X}C!P zQWyTf?Jp#{fClvxk3F#tV8?ek){x@vkjUmJ;L+V<8e7F%%u-_eK(vmJ50ByX&qm>p z2iYfkG1rj;9a504CPv&r8M|ceU*!63M7`lqku|&B_0447c4fJzMpHCyHoJk5WrBx1N=ZJxm$+~T#Ev&tI93bp0DBS*sl~PXOAOX@2aE6b z$yHt+SmFy5TlLr*luPCt`WxE7tq@iIN{XLdSBZ!ag@vFj!~zsXzwMFSpr8&X!CxFD z+u$f!j9WmrDV*#Bp8}3SPJoVlK^$Tsks?aYWQnJ{NEaM%xXN78*pgbOPn}mBcg68J0%q8#2NHrJtQ_f7&Tin%Ib8cZ ziuHECbZCi_>+Fpmbi_RK*F3)LbM%$D`tw()1HV0au^KkaP1NXm2y8{1(uAXp5GgJc zrlyu*8EeHi2&rP4v2i^Whk7CR2;Fn{((8w6#zVhu9Kbg0I^mU|X$`wIiidM3yxjpc z<2>}c7%52YLz50&T>zC}1L+PM_zDDE8{tV5LN~ZZ0YM-zU5|^w@p6G--9otiPIE58 z4sVcM~C|-t>cf+ z_78Wq_w#$8aOY^V^7s)tDwL`^W_T`rigEf<)nr84R{@XPqocI_h3j@v(7z6L>_&<^vDLTYK!EM*oD6RP=G4`4mZ;f%S-I#MI+2#sjJv5 zZ1NO7sA}LV*?T<|s1xKO_LZqsE+wy~DT+c=YE8kM%b9dB%_X-$ip}zo&WeUCiLwpj z9A&Ch!TcV8wEM{I4nS;PjQVX36~|2+Dy$&cQLx*#MB%_~dl#N7*Dtx+sI>$2k-+JJ zxGxsv2!N$|N>rDL_Y@rPsrRF19qWG7EKp>*0peWw{wof}hKi{kD&>Ik;qWe<@X^Zx z$D_s@QSU@N$kd$Psea(EVPF9G%Z}GI7GiszUh%?6<&Hs>@ z|AXSEyLZw?LH@su<+arP4;yQn>$ChHQ+Q_iKW6zqX8Aw91^GXs^dBUCIsH;R_ebsx zlWIkm1_$(uKy5@w?MQ@Ck_TPn=aw>@Jb`%;szBfO`UBvdJ`jZe zy#;k>6ynW)Xb0fm{=ob>jQzX`oB=fWB`VB(p#OuWA!U?f0vpN5FB4R;5UIwS%SF;8 zxtv^8&DiQK4l-Uu@vXq=%wHbgWCY;Q{jZY}b0y4evkf@_N+rxxj`JkehrMYUCnNAH+4F=Llx zIeD@zQsvksW~*k8w~!^RaVA?)XoV`L11z?TxPwFwq9BB=TEfpgDin_<*s8_7%GI#O zJ=tX`au$e{Am{L{TI6f2zD91-TebPm3>)ef^ARd3pII!ctfo}ZplHmalM5#8q^T-) z7euVg&Qa0^2lXPhi+M;HMR}N0MNPjaqcodDQ>9H`CM*payF%K;Tszyr48grq?2%=( zo6%N{PAxObpbODf?KAQD@QcUq@jq1NS?j~S1KNkH;*Z{Y#05X^fAK?`cmb)>6v; zcmetV{(wE%(4}*qm>CnB!0j*D#GA$*H?bnh#V({B9RH2GHo4RDLcZ4$zVjB3t?RI5 zBZH0jA>!I~`wLKiksOp{#i4i~zrXX2&>)5q#N(l1Ga4=~#;wp zeazzO4L#6iVx&Oyoi?b9cz(T$=ci9VeR+apA^M?8X^?BK0p%&93{47R-FQU#_ zyY!}aII}13$=LtXsuSg6o~(_6{r}P$d`ss4Us+n6?f<9n{J^{DW8&{K(+E#0#UA`~ ze6YQL_R*Qnzm{LhmTge+5~od$=lt%3KJ9R>yiUjMqY-ZC$IjSU_kq2d%efu$3!;Uf zTsgldFD5TjeCX@KKLB;cyZBB?w7mH*$LzlEe_dN&-$>p6wXrt4|7#jg*}Dyr8A$Wy zb#%X0bguxpm+L7d(zDFS@|cz~@}_~axRoTaNO6k)muUI{j7|58RBPzP4m;2wc@I*A zAi4H%K5wo6n_Vy=SS}(`#X?oA)Qyu_cr;=+awEJP%yg4-hx|T$zG^Tas;pGaW1nv} zD5O;Y1t+7Gf>1y!Dt3poLU;wVq9(1hqRQHz2G6R?&3;tZ4OO|D+VDdfjj`N=X0(gu+sl?gGsv6F@toJOl-_!d9)MiU25j?V!Vu`(y_- zohQ5OdX~yuto0!(T&6>|{!oX`2E#lFB3rN^PZhI?O{!W6%<{)vl^Pp;!oo`WSQn() z2a8Uo(wTM!)taV7Q8ZaLj*@a1EN+;U*vQd-=s!VyRha^^n8MI$3-1DsadU_cCz+Ja zp|aUxlGX&YWOof++}<^*5d=xcoBpx3>$^}V z*8KU&*Z-H7mN(Mp|EudW{eK$IIQoCiHD2j!w{osEu;0FGx%JERR&wxccUX99QkmP5 z_(gPGP~_PI;-qzaY}}oMf@OYN`Xl4Pw{!~z5Pg^Yx#*%S7dAT`F|R5Nebl%4h*|l4 ziA6D>3xUXK$|#FYO&DQ>H@=e5Tf$zb%bUnJ_nYPBBQs9Ra-ESuJQp`hpz%&fIdcpW zmzU}rnkc%(4FVOE`F$lsy$~v%4M7769j3@T?{M6jDv@>(wL0F)fr`a4p;E{$aiu-#Tax-j0UaVysZ-cxM>KT*a=36xxm`h{BPU6EKxY98+aDP4mF@!$&&MXk5~@HObzG{vd z&_b3mD0_zCE{*ul`yjFEVHS}u`uIO;{{F~}@t&@p0~`6n<6U*8uU!Oq1yN#g%l@A9pe@~=6`=IeNwjKjj^%U;ViFWm$qU+} zt`mrkJAk)tzkSPYlbBgVB-Vs2K3*rhI2FMKrYTvJmOQ}*N2sp-BN&Y8J$**8uMY=d zx6dCr=8+a^KBucwK)VGA!-^5tzT0FU0nn{4hv+_v`kbIsrc@J1Zky?^z6cnhQGi+bEoP>dN)*9vm;;>lx z4vG#yKckouO=60p;$S1HaqbFu?FJYC=3bzqIN4;RN<=QX1oPT!yAXqujO1Un`w<`+&6HH&>0Cms(YnL6o5t$44U%xE} zN2TGp@PcsIB$Q5LMsqKuX$1d|2KJ#ZquV+JSo}QngCW&oRGp!8YEE?Ej0#%1k3HbUMrtXPS^^b98uIYPwhqF3I^qcwhvvF>#|TNUC+22fpAK zFN}rkj0Rng(_LY=fb@QV32P#51LVr{nj8|`kdUrlvk2@G7Qd~+e$jg-pz4{-+JjV= zB3Dru-#-e~Tjcyf7dgzMNv(Uz9j_~2 z>x_4|uFQHD>o2g}n;O|&x9i%Kj*i9D1boz=UQrm#_$_+Dw3K4|L^-#`({6aAf3t<}p;MLK$EO)pcWDcz|Win?>Mcb|# zP?BVnJWA4mZHoq}`Nh3Y>$nwAp@$X@&a%Z>t$d|Eg)#ks>>%S4G0PUI^>DX6l3CLt zslq@3C3G~<>x9BiX&=$LfjPfq9XU1n0$atPF_jbs6auoz;9AEf8uT<+R$3s(gIP)} zF7rf0pC+$Aa^Y)@^Kq&YOG*AdjdWFv^yR+ux*%HGd* z22ie1^YO@0Q0lIDxJW4-eH5!#pcDeZH6hR4E9crnm2eM;kJIL{QtL@o>mYwB0YbSM zNLUBgZl`JMRRVpDGh+72rJy^?)I-&DnmjxOHFOq#Gz`6t8$ZP*4DqzL-&OR5H3O3{ z2o5vECB`hCfsPh+y=b|jBpBUWB$MWu*m5J`l-%c8rr=yj`|+GMA75LH$9iV=B^nN; z-9v^q)&*W{4gR+c6xCxEB{s;FtD2cI6kkS>+AETS*;S?BKffCDAl3HQ0#JY2QbTjq@ae zBiFF*&>H}`h8_%!p_`8e9hFCtvnP&wWhK zz`17ISLn4JvUvcLkn|rRVW4f4Kd?JxA??R0aqhHVVd5%dWd4H15JpJC z=Y4a0S1cYcJf_eV`faE0SLP;|HqzETG9SRGO|sq;bCwirS%aoOwi4xdA0C<|6^eY| zV_>4rr1ZruB0AoJtz_naTBTXmLE?BDj}$)21E>(CT&IK_uY~fbkZ;Ymh&1H5G9f;> zyRlS@(l?}BnnRkZlfuMw$=M^M+SJGW#r@75h`F*y{&Ph~ z{x&T6w7eu?iut9IqVydM)xMV}@BCMK)^^S(3r}Icx&`ir7K9@fcdzvO@BZ63FU;UWA>RA$bx<+RE4`J3b5op=MvketrHg9>w)%9 zDczoGRdGQnHg(R97gLo~yIXcmN_|$qvQBnmIrKU(3$pU+Mep1o==+Hb7Aiu;7W|$L zZ;2+9{WFnC1+s7NobG+x+I_}7G0vJ39hFMsk%Kvkg-?ToXEV5KbGkRqEuN1=_9HrC zga5kS4wRy;#SQN+j18Sk2F4p`(3CmHo@suHR82Lu^shP?P`Klo(5KXQhW;F}j?z*C zN2;k`ZN*&l6RgH&+M@Wz6n`pxT!#9^b@)IA|HL>oQtKDqq4$gL(+752&+mi+wfMg7 zRn#i1U5bMG9>CZN7SIYNub+v1@zmXNNMD&UpRM0I4f6NRK436Xc!oJv`)%#&74J>j zXDssW$7WvgCY(3m9OIE1c>2iE4=GZS>zPqDOooai5we9J;3nK1wy$Ic=pkC}i7!>J zC7JQ&KBsdQ^K5%Zs|oJ}hBI5b1w6^pmeoF*H|Za20{4^)TR{GI<>0{IKl~v(#3eh( z#25tRB4Y2OcCY))`=Ty&8;Mga)F_ahqR?TZikWj=zD@^IR0`7I;gx|;N)}OsMn>23 zu`}rr89LI;k>7(<+)_#ykOktw3WF_uD6WsdV6e2w7tP*_f=EPxi9V)z#{&S&AZ!&E zhN)zvy`ldwXOijQV|_8d4$Ze9M;SjYkwqt zrCNf}GJ4Z8Lg_IsxtJ&%zq0Ai32!A&?K?QA5|E4=PP0Y@hC=yeCeL12DQ>D8g>AYk zuyr%)1{7LgBTC)gPb|)}H3g1d<99=DXTUQ`G!lm6?V~+LTAd+gK;W;~oIJg^m*bCE zj8+4CA!2_h;&ieQhA&tEq-jP0_(GI)yICZ3yI6pnI5LXRH!LKNNbRMh#}^bM^JhjW z`bG`P_1fAXev<QMpQB;DEmznuMNvOs_W`_IbKvL*lL%JR(qGll04 z{QtFt%+DB_U%oIINMu);#2yr_Gh6XRA~ICKGC#KCeq5nZE5$K-enegjY5yXrMB_yY^wHP} zj!i91^++l?MpwpCg;H<}R2kV;IgMs^Sn`mc-1VPsa-Td2SV8>X^2XYFD*x~5#w`AC z8qe70Kgb(+R`VS1Z@%9nA8aaPdFPAcCp_xuK(%p>f3T`&dxar$V;vOn?UthtJS9mcX*|`FAEYAa&1fQuP>D4Q4!V1 zC`N!9L`G;gqIzbEF)rc{+`fiUPz$4*@Wxch7&zOyzCU21`J8MoibpmAgV-dmEb?aZ zU_>>>W_8P17lY+=w(b&NO*=J0O2crzH$f0 zkJaTXVgMCJ`0v8f(&i=(3!{2L(o#y=`5WRQE{Fe7O!IvxY{}9XF(g6}Z-=C%$iSqh z@Oxf)GRg)349TShQY`D~{Ec&GXBV*OU|vhgevL`BpP#f&@$S66gAdQ1eY&%~zu!96 z2UZsY&{~HVTyp*gGK_=5hC<BrpK~{MFhZ3Q-ga-B zpZB4RP6d?Rc~0|4jb6bjk1_o~2JAie+m@!1PCN%R1m?)|Ny-^s1G^>UefNBi9G8Xv z!iWd%b>xc?Efh$JXraK8IJb!EHnB-~R65GNU@;L=2JlkyixSmF-9QXtKnf0Qld_@I zi7n0X61K9)9XryN&jLUD(~bI+V_h>o$7PLL(33*Sa`dM@8ArQn300r$C%XK#>S-@Z7=qFUiT0 zXTPbkxz^N-qu@*{Y1SEWIRi4UKwHuBaW`kek?Nz?kmsI`W0z$|qX5HqF-ZcnhT+&< zlR4ZMkEVdj}aOu+*b(^9ii#QHTL1m@EqRtr8RbeD30Zu@}&m0Wym0#&648_V+8Y zF(Q!le3to6TdjYVcRovH%bw3lhK?B^j2yWt>!chEYBnSVC+O*wE|I5WIkIR{r)7rq ztz@~Cc)68Sxp+1Y3)r}|DN)`6UX{PA18D207-tDT%Wsf+#DDRHQnERwVm-6oimtbk zuD4P*4!mVjhXC_~>O+Z0WlSD|^Y3LdMr%3wb;bO;k{iN>b(d5?(hC3Z_@AFW;IK{- zTQdBRQX6^Qj>?$FIeSpzsa$Q5q+?0b!3a&-@n8lodV^J|c$9uh3HELj_og{5aTOLb zTN+uT(u%dxN`ByK%-_~*KYj}XH6O*qE$g7TVw}=|Rw6(v8c-&lCw?#_VgB=x*M5bY zL^rr}Mb{Z}7TY;WoV*ZWCJ}20X>&K`OI_b_vA~M zqbqv)BpO{AyU`U(qcW=UMp8hgEX0gbYPFt|hvZRg-m>`BuV5alpDXe_ie`VprvO=& zZT>!IHKas=k#m5Dt_5n;DN?Qt@?jB|%g77iXHlV*sL--%>ST!ag&wZ%iu0fomwrQL z$EKOoGdvsUUc|_U1IEHg`<@J|T>i}a0vU?$n^JDke4ZBfLtwO$q}Jp4+0Ot@pmM)P zZVM{m`-1$2pJGy*&g#fp#bYlO$$XrWIdVv88@E2vi=W9BaIw2Vtzr7nr<-H@$q0>2&E&~!*BHYkCb|57mA_Eljcb@S&UZNx=(`+`^j%h= zzShbsiOMVS$}5&Q;pOCul{<0A;eA;um%z8RyIGJT=?CobLF zO~rg=Q}NKi(suCn?i&|(8jpt3U?M@mKSL*!2}fDpajwzO#~Sj8W)Y9QQ+*BF0bbr> z*^eM?D(^?qm9qCE(q5xaNJ603kkjrWs-U0^L!GDF3lcYyN2VX07-vGat%UQiP46_E zx0KdtTiRoK40X#6fv1K3Yb6Jq9v94un%t%ZMxx5)LLe&^AS-boS(s$&#kM7L+4vG) z4_Ek0T$KQzKwrO3Nr}0nY*4xoX4U4*$HVm13Xzu@%}U<)ETqq*e37RftwJR|^~(9& z#n&|wM!n2O8m&zrd5_zeJw6|#-Yc!E_uetR&~jX&H^TO z$%|C;nM>ZxCGU^>DL((dfB(PLwH3?x|LW}ge+thX`2UemF6sZ5DqAJ*i}e~=UJ`Qd zl3mWaOm-#nCfOKFbqDMiE(yGVZbhr#-FOs6ik(^l(FsEgZ+yex58?_mYTivBs@p1E zj3B)BI&PHhw5{$4C11eE^$r^;=Xq!5jbAqW@0P74R*VuWsZ9T)u0Di0!9ARDDJ$Rdtgp>d((fAk9>JwyxcHxmM>Rgu7swJZH#j%SHiLye|e|CY>j^|SL4t8 zx{@?7R(B;V)+=Llo5+>WP!DIWgyo*x^kJNij?GwZTS-zH1-QrVp^^4T*kHA#En6ray1V#T)7lqHR9rF?d% z>>+Y1ZGKXgLAl3Yjt&Rp_xFT~dPc)s$Oj6sBT41BQv^0u=KI>bYrf`F>u!jD?tz_bTGFmnExvoY@){Y{DV`edfOLW=|yvQ=LFSD_mps?xNdLkgdqcJ|R z_sW-jSZYOl=%r$Y6FzD&&?qAyY-fis0u4GsObx1XXfn=fWI7BUH9mHnGfr=i zH;mbx$h6^JOP0eT`klJCAV(s|Plh#ZDPbf}xm(xS$zc_N28 z@l_&=ty6Ln7RZ?3l=qWs!I|d%>%t3@T^y!x0YH4l~T44lQU z(k{r;7LP9RST`Y;I!ZjIoi?+bax9Z1^B@zaLX>~v`$?%Recp@{NIXE2E?|0%kTWc6 zV9|AoxWg9nS5idzNG;8ZUEhB-8kEW)VH%c8ZM3u5L0ER;IhXC(hF`BB{h{C_ML23Y zQB)=y$40)vt-YfqG-u{8b3&Osp)tbMJUcVeL{3xcmULX~g(o`6UB z9Dhu)s4qUw-^;({pdvTH8 zs*<%>W#35fxHL%H_|o<%`~_PKtEp8M zMxkih5*kFl0%2$g1^4u1+PTb|LebY#8S?C*=2(L7iez@x7Y6GOR@DmGB`To<6yxnJ z7?`MAYukK|q3b5%a_O+6uKnO+@C^ABJJ^_T*_k&{*icAZ{9I5#K^ItAWPy{ z;{sQsIuv-U2yTwbU7trJ=*lF}m-fET;c|tfOEdqEDLi-J|GB@vcXC?R0W@8>iU%k~ zGk~-YwNIFIYt*5%e!q>!8%~E$g;;P}Tq%v^7NusiWFe$2$_Sq<_E@USwok14d=)>* zV#hY>ag;tH$GJuN6}&K9;6gL?Q6hkJDYwd3ufes1 z(qSqRDSsAvrPMGaPfTOlGR`YGl2YYr5hEH&PT3M2Q+AQ3Qs?GIrkWi6{ccsuDyP>4 z=w~AyosZ^ue;S+P=sPn)tmitmAW0 zWuj2lF)RP@I;Vkh&Ib~FCh!8Lh{ZZ)SUw`7B960#{glP=D? ztk8vK=(rI*n`4X5hUbd#sCt5wJAJ-A$do!{n|Pe6VpVkhGVU=;c8g`sOp3(yIAJQTu$u&SC&@RXZQb3;~6{tL-7X2bR5y&^|6vWD>xZpAL_FL zcF&jmmcG$9x(?VZ>H@k?^sI@enNH8Df~$H9f>cy23l7cE;r`yvr@PN0GlQLozf|^P zA;!E@S5?oxTKAa~-Q%ePSu;%-DjFZ~i=ty=R*#6$blrijOcXbH@o~gYB`gy3(-{sa z-)=04w6PP?&{LZsv)wXI`q5Eb0`DkW#^U?xWnuh`)!;DqRm|p)y zN1si<%JzlIH2k9t1IwHzlSG1Lk3?Z!_sFRsllFW;%*7xw`(+Chdl`K%%HSd@P;deE zj`H?qe)d92KxZWUmb6lWDL1d4k)O}bq;a={JHAboe9_`0lNUh0qvcrP?B*Im6PnXh zragn1dZ)oHU9pNQ7hPRMDGpi(hpmHCq9wW-!&=)FiEVA+~~A@iR@hi{yafCI;bqc+}a zd@<^FX_M`AgcI+b>_g0nBYv^$#US%u*}2pJ%c~957+)BpTWWZ@2j&RJj@KziaJoHQ zwJrt=gNuf^7*H*H8E&1*DZZtGSCJn=f?JVf3+h)xs1Bw4>eB782g?PYn)5xb5;s$x zl+Gk%951pltoDk;|>G^Xe36!#NhAf^*RcRQ`L$ zywm}FCUX3BoOngsL}6U)^Ta+)z7>&z*~Bg9jWfPDvPHAn2rKcZB!TXWw3QQ1^tBPF+4l1J~2h7{ouv%3^WMds|;%elPF6(}ilmAqX3B^Iuyz&ew)mjpBZg_5(jmT}W%TnmH5HZG8&3rDUzzz-{FEXAc%fISH7Sd)o?J(Ln1O1s3K;vwW2Lh zSyv;ihFBfCDhAh$9Y>c%V0NrT63?kWn?MM;G1RZ(S5ieTrBMkP{j3h|l41H|3A}f7 z53DopTNUsZk;)!OSDULWg6uNL973bqI|_l!gA5AIkQEJkl)R?MO#7ES%J`N?2*wzf zg9Xi3CF2IoD&vF@5_wCnn|2p(EnHGw-sQ~RaZm4rGtIbnl_)S{-d7So=T6;Ol4(p! zUsn=85=mcKl6`iNyshN9y!6TGdc)h~y(M;aCU#|sRWUbiE3qsU(M2U`Q(AOKN!r{K zT~CtUA)7ao*tU?dOG&J@4f8${+g8rJio~Wam%D`|lezEk0+Mq6pOb}v7Q}yUt}d_6 z{6F8&^W-ra%~LL*8{!n*M?!Jxwy*kr*T00#=>Gl=6vpywWe45~9GC-m9URDf5&9Ry z8z*qL#H~L9ZJ`h1y5oh?WCH3so=rUQ1A-tY7`zMbu@T?e5AS$jkGfzc+Y2_qmHf zju)dY9pnfoEk4;h{pj%Jsn|aFRD801e7t>d`so&whQ$ZI;wcZo;S~Ao$_!I^_yrM<@%DJYEuJs$k@XcL@h#MyzlA=a0nnA3mNh4DB60MES(0RFt|`$0oI^TQz) zeX$K&oR#I}rN!mdrDY*ro^02Y@AITF(pniP876HlpYk+Te!=hO`XE<`ub#j&JJPg3 z1yvQ;5@A2ZhXwqMFK@xqL~|o(sOPq$M&q;9CKu>4f^?Z^vt2KVCd;W}OpB2%iSOhn zqX*F+0cA;3DnnRqr;xhkh?^CNRt96z-R=_ELT*s%IsiZe^%Qqr5tlxjj3)futfHe{XRv2-cEfwMjq0 zJrOL2^15o55;c1vUQ^9!cC%Yh0!?aQ+|G$RER75U`qwC%oh> zVON`l5>ND4?LQP+IPtY_`YFu+wULbfU0&Z@TA$f}rtqM69l>l2o{As);nm0y&jOE* zq~876Isf&+kW4|%wokij`TW=kVYZ$+uv5q9-JcEN&!}kceY5c1wbK_L-j0Hf=Uzi$ z@A`7(16U#YZnxWXJEQl7G$f?<*=vim+0L{^ zlX34lz&$r&z92T8l2j>`v=?5|Ax0NiBhO9I%*CV*c(E?kGj1*b73X5X4!vHhnM!P` z5WMd9$3jBZEJQ<=D?)^V0LMUs>J=hErRr#yB)jApu=CE@8J!R(of%=K^qk?s07iIt z(GaT*v4)4reu|-gsuh?d@@!urr0YiWX^w&u&XlNV?@q_Z1`j39F_W_fNLubQl89Mu-^@5@U zlid*uZ-@2fd^{*Nyk^8wr9bb_b0AHUzwd~*VTa?~S~xov+@CUKCB5Mi`)QMpkU&Swiv<_j|m&9a%+LMQW)^o;G zHKt<4x&KLVHsF|BU0SkYs(d7elQn3Drpl|OgG-|w=BGdXsanW;&Vb#7*$|T?%R=%6 z8U~@~S2T}+>15}%4~m)Ul14wq9cTuNK9P9a}c#R~S+A=a#+H8T&UTU(Ire-}#fh|DQPRw|)xt z|Ld!^{r~dHZ2v!nr_%mEzNx=k3qY0uV7B+4?fqwa|0;X`q!WsEA=zy`d-GrMTy_SW13?J(*ZsPQK;)?!302-`$x>N8X#h$+SEz4Q zsT^tR1{ts07gsI@qPZlyvdLLzXCH5$Z6AMla&}hVii$*) zzbfC?sPb2W?%`Tksz;n{`q2|R0tY6!y^%6xP#}X=^EJ?xAh(;@d1>-H|;6AUimq?a}{|p8%oJmrvxsiOl8>(kYPv{i59;CV`Yr zpKd>dPA6m^^?`#siE_8$6O0Enuf%=qM;574hV>m%qWd6m%@Ipf>8?{{6NpYinq)UhE9LdNI5-^qe|>GrSu9>~rB zK=4*Qea@f1$7dc56C3|X$tax%zaWJ^zm2^kuIK^8G_Tw^o*Zwv^*Gu)YMmXows#Gy z1HJp?c<;0&BBKM!!%xpn_Wo6C;Y)O8=c6G1bM9Lu(0`p?vz4@(#>Y$WN$AYvP=+=1yt{qqWua(mSGq0 zD;9S_z6}iW41{;|f%j;Sd(L3scFv3|jU&oE)}+g9)$3pQ6+}vMTM>htWe5$EK1Iz$B`vH{MoJVC#!eN5M+}X*q@U8+kS1N6*HszPBwMHZB`Bu_CoRw!gl%laA2}rhEqRu5@(UHxYn!c{{)k0s z9phUGEM=orjuSHAqGc(@A1E;fkF%wW{KDxhIP*)oko;mmqID%39DT;(JeZb({K3eP zVVfHbIS6v1XN-dUDzj$f6b|Es6M`WFx=})5duAu4`ec$R1F-oyA`>!hCaKOy@L={W z>qHLE_=PNo-m>Q66ETE{16e4+c{&h~!21h~@|M-#w``oi6ye&a;SOmRjvNFo<>zkL6b zNVk4^dc1AHx+DpzgERV6i3~pjCbJTtn7-D6Rurry%c4nEkIZo@GeVM9Mx5aB=}DZL zg~L(_24Y;cdu+MM=EG7f828qAzP-~*;8ud~D!^cz%k~iMPj@?j&khgwTiXYdj$r{9 z!njBvMb0S_iw9#cmvZt{kkWFJ*dPTJ`;*+6<+2 z;3zRdnr?GBnkLtis2Pcn-;}<2XPRbN9kUVvs%x4N_(D~)pr{4i9Az_uAFK*q37B#& z7ebBA`BHGzL@5C}KBvk+CmpXCvY`r=fJ!=5Ay7l}DgpC;G?TFvk}`ToiC#^rg(MM^ z8bqm8t9;#<-ch1gw2T*yzp>aCz(gk{GOCDIE=G(bg* z`&ptnR-$pH(ID%Vx;1JU?R{=HbcKw#?fVGByrUK`&QLKIn2?fj9n?+)DmU$ z7Sx!!`<9H8FUep`Nt(#iDKIYi?eO#dd_!>8N?deX_A-csIn)jDY{Cn#YuNEs!6kE zs;1R`h?l)u^wm`5O#9rJ0AiLeN-2?4FH;aQY)Vi$X+BC-wOVVo#+e?mZF}aHy>PA= zYUBiy#R8?|Y>C&jZQAmtOuV*zKbb#ok`OX>j)jva0mrsS%$-5;`nKI*-ZYBW9%mZF zAyl0N@!Gb%Ox{e0)h?I{PS&QzwxP)*nX#WS90_>AD_XCMT|rYW5$Nv`Ul${t##9}? z;(A6%mh%dT&DvhH`zl$F^qTxyF&*W}W7{J}LyxYnQ77=Bu$JSz|EJJ!D4dv+1VvIj zlKw6@nvXcgtP_N&n}9xfJ7!-*z#XkB1wjP(wif$Va$u;@^*8 zYev4T02Av!k|7@PA}a1f(5?<+R^0#{Kx9&G54U0$9Nj|KG1YMw5^Iqfh@fxbZueHj zgVcoF0sEY;c?3X(i+&0ShXNrK`2dAuqIxKn1e6L#wEb&flr}(tag5zi#SSC}I}+KH z_mCu9Imc4=oD=y^+IN^h#N399V8|+xR5%?JaOEf$<@jZXug8OnEma6RNwNon6ZBgX z0Z>U5aGlFc*S=8M(hd01b7kS3!38BROW>WiHP~$c}KTEx7C@QklCTQ*1&1MqNNDEG_jR; zG~G4Er3RcIHQqVBqPYcw5RF$%0_BIhod2R!1Pn#H!1|00QoI6)rSo5S1I%JggyF>4 zva-J9v){S|biCIQy`GZmI^S}UC1nk=}umTPS<`ROm z^t}2%%=QPJ#ENn#OSD>U^bMS2q}XRvjY?8waN$8Jg#~G-8X|)bH>acAhj_4c*N~)WJ1PcblC6 zomO`M3x3CMliRPwTLnU3b`Cvy^?%#V^Z$I0Z69ObqWgkO(5x9#XQSPSHifs3Jgi&; z=j5yZYaaiDF*G3WAuf>#`<(iSKq3=Exl}JNQECIIqHu=U&BLWhrr)iJcP}GN)FmED zd_Y9eZb|VbS6$N1z}!XpK90|iRQf}Mn1#?csqliRaBz&S#N!jp(Sc1)MUDJ$a`(Q$ z#2I}tdSwtd4TvT;6yh4xngoG9>l0Df{@dMe5B5&aPNJ1p|A!~5+*gPDN9qWaS-!ru zRcBc>=}T!v@&u&S1Df#<%ET3D7;_7(cH)XGDXSQ*fV2{lL8%LfuPuyp)=?>H`mZJ( zk*5()N}o?U`7(yw`hSeaP*%JVyj&vCUThi-X)@{dgoU-MWN%Z7{2{q(y?}$smnLy2%^r4a%Y(E4IqkZQEiRe z*g8!dlig5Sl2iXG?YA|<+cHWQuSdWBiiov(Lk4GZsSUZ#J#-P*Li7Z1LKzx4LUc1H zM>C{mgUBXlC?XlTf;0*c6;~mo==p!Pqj=Q11oJLHR%`gh7@7lUzF){VO1W)I7`Z0k zEU@V13N0D~gUNXCa?m0gH}^RV+5Ya^=Kj&^NDLNVam%ukrl7q-(7cIOUqss^b(f3@ z0SrdO(gfl(s4So5)w!ayNx7vdh___ZZ;567l09m&87e^Ukza?`wfnl5T9Jr;*inYB zmJK0(*j?{qHj{RK4!|i_jp(-hz!dr;=SVOND`&St{hkuZlIi@-cb=h(w1K1dxWpTd}SL|!BWZcWu z$G3X1-T|u>^Fw4+2rXAQ?ExK3Z9wNaeOk7}wTh!A%~tZQx^d(=m0g&Xa( zSzm7hgwcv>f?j&1T}d-Si)wq@WTzApNa_y&lT9yUu7YS%*Q(38LF~E75~dNoJ2^h1 zv*y3jH#%XCSs>-<=%%bN6ijSNy(vbbR!~+vE4AS{WxC1k4vy;ms}#!fRXaF6*2dx+v5aOh;z15Arwe_iJN%$h|x zUP!a^^=#a9NNCXwMx%|SLU005jz}hpTiusBm}*6K*zVjWb#8gtA*>QgT$7~|Deve( zB*O~jf^D)FxX<7xiVTvK>yFoqEXl${>&xCmTt35F`p9gn8(X0a^n&fti}yn0I&@6r zW8hz$;L)$}bq|K*jJ}C;JnNwVg6&}27PjXEO?Zj=Fr(kiNh;&QtG?)Xq?m!yYKB*bKB2xaPk z61f|g;5-s@kJe_h4@n;DtU;NN$gT7ML#xcusSrf&KNNOw^be3tP z3;`w^=n1XGf@)FJ62Wo~;8L0+=pFOPI_&~;6`6yomy9m>F4Te8VnF#gEgAix&R;I! z%=xwUvQ3BV;jg}%&?$gyNWiTHR^b-;;bDs-!ZrX7W|F|_nb63|6c2zc;rxC?6Aw^QYftUA<+3;1iH0XK+ zqKS}I4SGy%;dUsQ)zW7FrO8_o22d@pWEFd(O2Ic?X`x4N46~cIPen7&Uq}(68y2dn zSygxoWtml(zD&cfOF3p#3px>DB4CUH0c|+j{(M(c-lP`J#G27fa{MBxb(`PVv}h=L zuGue4!`r6bH!l>CC3`#MeIbF0d8Mc#eTOFHr0>vR0a<%TIwb=n^Ab(K3sKE6*=bIT zuw0Af05hvsJL0{Gy83QRny{@x)1_#xXcxfo4g+jXW<$5sQ*R-G*|L z3{CPFvB6x75jTQU<{Ve({&=14l|SgH5-Fc;fvOjm;|8zfT!|KK1eqxQro^qusF(Kf zF88#D;j{3qd%aG9RhneyNq2BXO>yiEx^#4>MLyk&{$K=eBqlheujJ;Y$`gxzaT&}{ z$P?6EJSqZo*DWFyFs_RU#)}?{3QpC7KnJ7r0;A#pz03GhO0EoGir6HEOn*ylZO~|P z3pG&)G*;ac_@Q~nR)A3y)Z`#J`fag8mq|td$e}|(=%+d&6g(Vc>c|c*YG%)c3`3b8 z8%o{1m(KU8)Z5X`K9FN-Ri`&??`GFaRH*TEU>&AdO^m%B?oE78YW2GR1* zm7toIpgDzPLG!{ZTd2DC&CK|-njtzc2fr3Gtbu<1@nUdaj8NkJAfHfbM9NMv43tVt zugx~bSnlX8P-KP0sOQCE2tF6L8-@(J8lvaVqphcw-VpM@TsCY!i%(b!*QzkI@7pH7 z)A6sA?lITW;CrzUp)%i`^w9ZlGm$yB`~Y1o>(c!_Kdt>MUhe5as63bSppE1>9fK;1 z>MVNn$#%!M0u`kYef9mp8(hEkU)T6`-9>QkGVQjb;b z^uEWIIiG=S-5iZD3LTbRbfHOW&_?pK*VR((0b3cb&!(-2J1^Q%>oYmEm8sMX*VFiw z={8diBHM*!ya+hJ0)B2*7;Si^##fqoi-pc-FAyQ)%b@5r z;8TzJxm%KTG_eLbY1dzi>D!OiHIQhAT3m?y8(uR^i(9AQhZ%RCV z{r+&jNevwC9({{D<5Z&4S7&bqom!`_eE!&&7AhXE1ED4k%=Gc7j1IsXRt>+CM=ODZ zyl=MBkheOly);98g1(1k+2mxL)zolAouP3~)YCpIKZ`^_M1u`YQ5;;Y7SynZJ8ao2 zMnlOvjitS57MvUy`i5uS7~7(0QHAY^&v7dq`PJffdUM$gy;&7_jG7|tlI4V_fC4KL zz;@2N&#@ifbG!_2oCDG~{Q5FZRzfhn@WwH?CNG~m9^XGc(D8&j%DFH5P~i4gZ{(S? z@d#b%c(g%rj-CN40CA-roV^Mu>s&YX%OW+guLt^ltCXDh0%)Pw$T#fDF_K3WW!c`r zA-$ALWePL-tp3}f_uV0*Cpp_hPd=LpJ&MM3xKD?K!&s@7qWiL#7%dU*T{rfJJ@Se4 zBMKf7nzKR^WsssyP$cE)XKW%;e7eCmjY#8IV|K5bokPr1-HFtCqqhg|n^Qzm)0#GF zUl<+jH960DYRiH<^!vH`9era>J$n7kH^#XW77Z_=2S4>6$lcuz-@FS=w4pLk789X) zMLU#b{{&$}=bRAUTEy6WgAW*rC~ji?O=NBb3$p-U0P|2e84+F`og!>(OmaZwMzubC zQiYWbL5UIdGM-+|s@#&^O7uT>La|VE>Y&#GE6vwdyLWj`_yPncM(sNX!(KXO6taTB-&@=v_DY? zI~>d~*F;G|zM?#ry5aI!8f|REec`7PN19g^bDl#o{u45I)h{RMNIOkNrDodgfVh2B4p1ivNa1?$r!I~3 zmQ8*EwnhL{CF9^n4Qf0O@Y4SvxM#%)ibM|6-FF8iIf^#KpkNxr45Ll3Cm_`6)S=9& zDQ+f?TjNRGwNp)5gcaEo<@v<`k=^V)?$T0xF{m;CDgRDW2A^iG!PRLs&nKM@g(2C2 z-Rg}Q5?LHL?zwf!i6w7Xk`tjeNLZWsUN~Bv4nZlDSYmT5yNF~r-j=K$x}@Z}IQxh? z1pcjUZa#fl_pSe4x)i zr21t|zLLiuTw#mn3HXt}zJ948o#X*wZ?C6X1Y_e0)Ai4 z)O3-(ftgv@#O+N?|6D4cn6Hu!Do1<-8CGV#C- z4^qx_l3jzY(i6JmW&9~o&a_^7F^b1Bax112Udc%2s3kyyj^W|u;(WI?pJlQts8BTY zXHjk85<)LRl(El9BqTpi`|$`cm}Hcqilqmjmy8l)4B{@-O8VIZPe2j=sBYnYNYWP9 zcJNcmGe)P)+f*9{crZfLfI!*DbZ8tur^3Ww{qasj2c)i2WRNR5FVjj0KrB#FC!A<& zT+2C;O;n^|&VHn$e$HX*f9#(e?H}rk9CP=51z(9{+Mf4(G}Qt9YsfD@`}?^qHD>M}sS6vwiHtkE_dsj^F{2ab_sC;zM-Iu??zvg(=rz4kdha z5VI)&91^c+{bk~KBIqh&hJ3Hh!Yh?uz)t%QbOo?HJE&RUf1cJOe20^XPY8v<6v{0Y*tbl9Dcmm+%>y6JK4nLydC+J!T^@qnA13foMLO^l=(*B;(eG zNR$!PtWGLFV?(CCV^glaY~_J5QDm#k^l)N`r)ics#_X>-k7V?#-z7=U$*bdE3*;*j z>kNe4F#!`BQdwy(Kuh6iBH9bC^6Ub16p?;n(Gapn>9ZcOW_tIXb@2;=98d=Q{< zw_VO>%&*i+#ZR4LpdzkFOu5flgeB8g@9|VqjJ!>P&XRVnUCLc`;B$5!(MUnS8 z4-q}jo0>18iXH-NIY}qpQxUDVO1N)BkEl@9)pt7la+LfP64}3zEMG_run-39$)hS*&#V%i*eG&MZ9l@ zhpPtcBKZdF_w@qq?+#*Syi7(aA*3m}v5IU!)WzJbN#2}t{vZgFs%i^UC90BX467wZ zir%0E*^|zBawAx+VBc|@)sqrSZP=RMeP@Y^+SfUm)DA(7@5dl36l~)zTEt47;Pjff z^mG%$t22EjrZ;=|Kp%y@;T%i`v1X>#DJ;_*U)%-tlrH&E1hSManP@LbM<}1-kt~s| zJ43AZLlAbe(-K=KRZ$Y2H$lv(FBNaVlah5@Mco1D86%k>gjyG|bW;rzi-)0S2f<8C z<=sIb((S*e9iTw({Tc406qtq}*i5ufJI9sUGE;<3-JV$HK9 zdY`xOr_C#8rXTV8#7mvxo+b;^(D|LUGkQJB7mq1fq9AeXZ^IU5Cf1pmV%9vV3t*1f zQmWoElSs$diE@|?is=ZN34-Z(nhAjEU6KGeWChcedX~rh+$XS< z-L$DZjq;N0{Css+FyYlPeNxJ`!x~3FxpIP0=T$09NB%U**vX{tamSL+Aw^A`{hvYf zgmZ#xS5}PWWRAoYmtH8U8K+qKf;jR>nMErrN(Q zoZsW*8FU*@qN1k`R4K}h2ZFTSh>}kU(qu5Xpk27@2cW%^_n7M1dAiXhoc8&KOVtKC zmahgF)lDu2Dn@m?=mxM0M{8UNlN67YziOOzoT`Pn^*mJ0sE(c>DD-1+ziy;_;Pcc-%$F4;5LVF_xPRR`dGu zR$Q}GJXI|}>#b_qYog&#&@Y)~S8Z)o>X&>l5GrHhC2xF|zaeqD4Ac!ie1}<(L=q%M zu_#Cj32v)80&o^x#hEgvKp`@@i0_RT)?|_NbD64=)cEfB?f&b7>3MR=6dZXVe!dKB zW&}doEbra-yC+9HF!=4@=-X#5-)3@i3(U};$}Z_XO%f~CU_*9$9nr=~a6Oo)@CKd? zc=XV`23<@cJXOrR$59wly3`< z&vge^@*=<GcI;7z(PXQ6;*3AXs;9Ub8!A*LB9ruuAv?iW5#Y8!M4w#(N3muXn4%; zLICbTiD~NQPi#zA+jCB1Dgag#%aoO^pq44?TERBNKDpuNGbh3665i*aQffm@`a({V zu{iYFgoOYZhvTdCnOhm-)#6x2S}wr0McbJ+u$K9<9GZnMqfHgS#2b~yaauFj#a4}3 z$|@vYs7z%t`dMu-P~M4gZ%Ar3uXoFiThKUkI!a*D1C__4xSyd_@lj~!e7sbo?f2zJ zGw&=Ehh>DFFQm!?mAHyGsX(MP)ZuOl+U#HB!Q$a4`IHVOsx+;E9KV|O*CS0v1r9T= zpfjRB7$X20wmRPYEpF8j1GB?<@kbn&mx1+>r4;`R0;ioA7xAV92I$yN(617Yu8VG4 zOgr}F8}M*jTvd%=2s`B-9wj0y6{tkUo9qPN1-kZ-&LQdC9tc6wM{P(KoTCUw3P?{DyKwdjom(t)v{}gTolurKDn`*Z<{DxsyM`85o|mPd z4US_;2S9Ioy<*)`zPh27k+@E)2H9_@Q8|82!)jP>rd45KIE}7t&DvZrV~td7umPtv zW_}})jMjGooa)nLOkrr}yx8Tl7vvMct>&r3A_p-{Ar!wL=~O{Hm0du)WT(nBYtdW) zVUtV7uoJl0&k=8iWXj#mt8+c%5=)4d)dM*}+=9l8bzg~CnZZask!LDwWxW>4&*qXr zUmQ3`jM#2S05-z!wJJ>DS*x@>aA;eJki1zS2$jJN2Q1;W&U0VPRq7NenC1gRKbH!2=v<;DAWQ<= zl0!@^YgQIkFP~XPRUN!teRvEqTa-~K8Y^}#&ENO&s1J+8v*>jHkj{6Itvm#qk&T~G z(&2+#v@a;u95m4HWq1QA{0pOwMi%8n2#79AU$SrEwmi8(o!P?$7DPiUa#GjXY3oGF zx}1igY*SOIqi1eHx@vi+DR86}%9^AUc~_ai%`HwS1m9FCy3~#VVw}Eu{%HWydUX{# zG)&r@f=>Y!ckAU$hfofqd`4eUz@NHTB$Em;7(N4;BxMn;H=29=D==8{nN<#12a zVPj^{zB~&;2`QgE*;slMKSnPi?;!0RAj=u6U}=r-h)F-^d5q2zqSu_vp_pCnyyHt}{?^nJ#?9v=Td-ko~cAt)hie@@rAXMU(X; zy-G7J1`{@0r10cx7Gt98drSj9nUB(48gU|XtTDLdQ*l*GP}xOzvuYqNb2OV0)m&7t zCW}^QX|*`2)GoIOOiQcz#Jt&|B@Oixa*-NtOHw=x3%%UDUglHuwuLRAp^DrYO!^cn z*`mEvd~`0-_KL{Kf>mB5TnH@kc?aE0t~k~SSV{&RaahRm!@+~adWf(EuNMx5_YFGX zWV@CRj@n#+3ohuL63%&O$DwFhKGj|JRpTk0C?1XCYpq|~11`^nKM0$Kz$lU7@*}_2gt1 zN`ksK8Mk%#!e9JJa$kx(KJL7XN_-8Yz>Hz7YX_wr(~)M-k)~Nv`A_l(spXcEicA~n z3(A*+wLFKL)p1FpkeSClpmtb<$vXzz!Nk_VNKJKET~TyUS#1$H;4E!UG=#g&ZjPmy zo1@%2U6YJ~Ti>j_=m(lv$j?OlzG|+Ud9IQ)42-wEHp@LkXT*2p-N)4p+zWHBAe?Yr z1ZDVbCBL;B35$1CfTt-INSrQKIq^VNkU4dWR#{q`OEb2YrTjJg!(t{2@l7v9kYxo^ z$WZl7b7;=}G=Y)~z+vYy*(1f6O?@GX$YjWQZ(KvxwqU31g71LS^930d1xIrn#QY|O zWKfZ-=CerS_Fwze=8kipLaB%VjX-k0Fh<=B!3peV70l7>#^-3|DOzztI=7{{dA_yO z%iW_^d8V4Vxy8H{2O11DsbmpV+^5ghBo}rWwUCN+p_HNIjQykzip1i$gny!{_;ON= znb7*?m;7842jz(LhDRD3xkt&$(msI{SC(1Os>vFKxn%wd$V>LrqPsHc`=S+r+r75a z2?Jy`{Fx0X=R?Dhv)@deP?Ck^sS=cOE?cDe2-B7i9~zf$%_#G~z-35n zrJJkKO)f+gFF~weC4vzI28v=*zNiv2&2K)7HdbYq%pDSr3-;#!Ukco@xa0udVaQq6B`z(U!({!q zBL`@U21rB-=f;OJM{-gMU=K6)xk5@j{^9glwB&X%)W>`$y~*+LUw!VFBGyF<>S7i{ z)0$s(RRK({Pjv`|4VLpy!cG7mzi6>oobXvxIFH2Qm+V?U&Q> z_vF%Pjs}CV*x*@qtZj*uIz>noEF|hdTzlQDNbi%V=I=r=)F~ap;~ekurrH?JdP*#x zWn&mR6gF)O7NRCe5LuJ4^5MrOUsN}Tt-YzKBiI9;JWl1xIdE|wcNwqfGS8%E-mL68AYX#A^LUuZ9*UUsL zYN0GV=lgv z4dx6*AJmE#<6wA=2LquxTE7#WdSkjlzv*CkIokfd-ekahzU6tg>wx6l!QkU$Xx_74 z!Gv@?T?#4lq1T=~+&%ghlN?zkJALct{Pv}54~|w$t<@K#yPPvTu(ojlJ;rFLTj((f z$GvQQMOM>W3OpPQ=u&m2&$KNs$&Z)0PfJRs)D%F&Q}2UFxC|@ zp5~N==2qy$Y@^A>hp6r-Js~SPNEo)DZ;CRO;jE{YP?I;5;VvNE+Yz-He$U-<+#)^MtdWP)dVkyTH2PrK%D+^+{;G z6DwcHc%>=b3MD%=bDNKj-Bc;qXu4e&W6P(+^b$BUZ3+0Bhc~hGvS7B!;)WqV zn?u`k?H%u8IvXLP(4zN2Zgl&DZ{w(7Uxb#e%B$A9lY`@vgR>uQcGU{fiIujws8r(r zn43Z>$o+Rooq%;AWHu);M3qdckG*_^^!!_A0+q1N^2gb`ydfsM9p!R{=v8Kxc?@Dh z9a?*-R%RV2_KCWyuwA9i2$aGx28+Lc!x6 z3zpJoxb1A!U2;Ft1MhmpsL{UM)YBa^;412P)Z1JIvv7E5eW&GVWD8>%O2;(30y%WwR zU=PcxW;WXjF_=)d$1$Bk@yi`t%mbI&t-HTOY@@&~FHPY2){~~Otx|30s>J#crF*xU zV}%Tvu$^NJ$&?Dcc}lJv%I@CT!9Vu{fLNuWO)X>mNpEq7J!`>~0@XvdD5lDNT~Iu! zAihLNae6!(j8u*lw^_ZwI)}9=^#&n@XR3{;d~&}=63gn&R&_)~v7R02&u+V6G`<{B zYUdO;tg#0P-}s4lj=Fn-c=#h7iB$N?ZQ}HC4dfe4{+H}eSzA;31WaInZ-C?5fp9HW z^Tekia5212NNr8%CVxynD8a9EgZtKo%&hxjLUX{}`Ib#M%?64~6W(9RL!(JlPBV*lBeIb!0tKe~8JZNQeon2dsFAvf6 zaAJA$S(%1omUV=gNmN&qnQ?7cwUS7ag>9bLsmuT#e1L&46KmR^B+@X6+o1AON($2{ zMfBt)cEma2YPQN`ajk##tw*awt(vXBd}H#IW^roFpV~v*>a8=?i9{bpz$2Y#lgU>q z_y{dE3!0YHP-{X@M%0=s0?v*Klf&M~Q+}XQu}Fq2O9dr*9GRmhn3U;uG=>>IS~bYi zjv+So+Cxz*zR+d^dnx3X;2%-qc4 zXhldT8I?{-5(LftUzijiMO+6|Oly&>?hbFpy?Cq(imSujU z)K%&5{Iq&rkyZysZ;owR9dn1VUz$kJukPT=A|U5|H45BH$9)W9>;`ROhNhxzqEc4T zeU=H))iz_?8Dkz09&Aj~p=NWe3(@O7*l(2FBUR93PFtB_|!$==6_fy9nb%h4%Jq%C)u+;R}o5y#V!e%-58o-@2YY=lwq3?JCCp4kphwLqEIPwfU!7}SX+%Yk4ku0yhkm3!=el-OCbxf2EWzrBX_)t zU33qNJv43x2K$Ox)VTN%rFQ=K%sKBUQlcdsM!u+!=q{2Vi)?2FX&Q1p2;W&V)yAr= zy_K3V&gxB?zw^w0M?*Ee-poZ+mc^mM!Lo%VYshC$shljOC=jqouC6J90h==iYkRe9 zJk0UCJ(Tjh$Q3bNs0{g$7Il2Ya3ao-2xnnAUuRlY3$zdx5soL=>6Z{As!S~$s^!g2 zPc8J+5$~LCYYkB;0~d5gg(2aMcj{(4ty1H~Jr%<{b5@thQpH>8q}z4G9%^6SBxGvA z$_V0kDs#>l1_Ue6CvusizG!v2rXc%luei_e6b<#651ZP)hjqDMpqRrB9aK8%RLaN{ zQ=meMj+qsff-R-o0pta$FjYL#x%e{HHDlLSlun&2x)=yO_8iqond#5k1+|athHZYq zwWFTMH+;$0atnx#4JYE|N=#qN-W}QtR(~L2S1@jaX8SBrZz^bQ!RfUA^85dE({o9b zwe9u4ZDga?hRk9yOxG_L(Z(ixo;-O(f8pc)-G1_9`!8D$A3fTB^7QGWr%&Md)|00X z;r${SFZ)bjJV($Z=GQ1HSN7iR-0$RrS!gHY%fSdNsQ-<#K|eafbA!)+9>br%gB_J! zXX_wnUM@$gm|%5pFuWdtxiXGwd-Z60bMw&}{PQ?Eqmt2C(z@&qx`T`BMs#?%Cn`l} zXgdR|jp7l96yepH*`PDNibu%~UDSz}?csH<82WQQ8Pm<1V7F`xMg##TV&@tkPWo-S zKms(4WYo)K3fOOt-baU+FMAYyoAi@W+>PE%&bw)gsvoAUq>p#qXVDO!W@tXr#d1mX z29Y@x$V6}OWO~f^%q1zVs02XX@w2_YC0i6Q8<-Hf2IB4-!-fV!j*mmVqZ^~QOVnHs z(L#5*EnQoegP}~`J5~aCk|mu}h9&!XL{-!$^j2h9aK{m#sZ+D|;b9-xRb8YM4=2jHFKi#Fo!pmQ$9bnN;)Kn_X z>w}a1y|d=-yMyL;&E>D*W!g`I?=ds#er;h^yy3{K_|GciM8t4MRcg=br%!pF;vvz&=J& z`%y=iL_JV5&6@n6Jws(X1=G~kt*l6ewZBgLt?mRA`{&uXoetJ7UmA}leVE*Bd?s%q zIiK{&r5S_?+{TG>WJ>r|xfS{~Fhbf{u+rgO|Fgkj7Jl(5S^u}Tw{q+M<42o!>;G+h zJi_YqxcQw=Na6FPEs}3ol+vO0)Dl?V=e_ zTj4S*^?Kc{*Bp+(I;wSA<2ryapJ5&ZkiqcJ*I$Fe4ohl3?i%&&(p*>-TN2lZ<9%i$ zL=HXf1In!c4as6V#l_$s>{ix`YF{hJ0`DC_1lAeGrCoz!-Qi{2Y}WC58U3`E4l{TN zg`IB0FK$F&K&`B-UvvlO-DoBH8rxp^sV~2Q=_S7^T40di*R<0!Gx&Af9+N*CfhJh| zd@UNX+9?>#+$)Ka1b8!Y?e0_Up8T@L?$)F?T!&wPf-bQk`B{Bgzg))5chvINQHv7esB15?$#6Ir zjSZ;TAnM>Q{dtVJ9|jTNLRI1KB2nt3%V-~^X!QMm@zuxZ!G>6VK<3Ut1qklBmA<-@%Z2z(tAwIkmx3|IcH0 z{%>zSe0(?mZ{w5K|K98!AD!+0>#TVIe@>2e5B)Z)x0q=SNtRdKgz*ofwrwEgN@aM@ z2y$FWDbB&_7K5i7GCQmFZUv1fyjOVra>aPcW|#epte=(TWlNJ$hMMXPx|KO!LVcN| zu}X`J3-cl!;cSnfkl+;3E?00Vm{?Atu0Rlo$1y0pVqQZ6^Cwk{!`-k9fyKZWbRkl3v`+bCZD zw;pdj+{~^2@c-TVe+wVi5h=%hC+9IXm!_R%6q%?ugi0wXQeG4R%Hp(HyQ9>N*ROU@ z_nR!Pny>fY931Vxc3iH&z>XF`XUFZ;-=oo*OMda&c5*(sAeA84S>Zo_8;@I;DW%<{ zyIW<#I2K;`P$W$|!?@2uCmNjpoQUgv^+6Us6CohuE7hLF6CT4?_PG~Qb)k5D=6!~L zaLAkGHTP&m<$~W7?1+PSEE{YDz|%d8_+^MI{C~||eYf1WHzYE=;IuITH47tAq8^_K zcF+IX1?%cG-d6&&4uKL~i&k*=&A3EXUlqF|0&iACnk|Z{ksJiD_^_{tGB`ckJ$rxJ z1jrnPEZSRpiIj>cv3YwktdSD6W8=hSrok+LkT`xUb85;E*HRQkthwaoRWVq6Fj=3A zGGLs(-`m?iJ*A)u!%bMMbr-Op(6lQkA5Mf)$CzSDX^>^B@}rgi(Kj{Zh{$(5Vlsb% ze#+B8!nTtmt5Ma%C~pf#mZzIQ6~|d4doPP>_pkCC-rK`u+|-5IAKw_!ERwz@`lOVe-p?I2HEZcg#zVf^u#DKsk}an7_O!&V zG|#uI(OVT?0M!jxWwdvS-tY(jExgAJa^;%;#(W_~;~|V190gmVE|m<7r=l35k#plw zoP;{`9M##B>bBEPhx1wsA_X(&QFQ5s}eMX98oxT=Y2etIpyzi6<2 zUZkS10$@)TeN@_h=blDWu7zDsVfbRCj?)y2%wjvUuQp1b0LC~;E&y+23{yJ|d%G&h zA&X~i0+nN@{b~VTmA66k#3aadVw`75cpb$3|hGI=2hlwNA5d%x8vkoA;Gmk{)VZ(UYBpGtFF_ED_8RQ$$%7=0)o1{c< zEb?ygz#6)vN=fT=JUC8=`)1v`bvI@*8s&H;uV+X=CLGt70B~8M%>g%SDLLUTg3FGz zgu{RTzN;ep+1RS(beB0x;s(gM*sYrMXO1&e%n;vkObfyQp&W3|Fq4IJYX3%G%^Ip) z`!t_QwOig=WR9nUPRQv2xgYSSsqiMMThLq*ua^%vrI zMzQUpa@%G>w&M$na}lf*>0YeT;hUvn@kZ#w7B{;)423q-QX z$g{=mQi}jLp0m~~5Z>^7GR6~l!JTb#^_m_9ukRr5I?&c=H77z8RremOtyT9KthJ|b z7Ob_VaSyDWPvI0;EAo!G4uQ4q6kdR}p)&Ce&%9PxFLOf`5VS838TCdSQ9*FA^9K&4n#`;+`6avFMH4JHK(| zooXmh%cmO4U778Ka&7p6TJqMFaOs+a4)dp(=9pW=i`Sc!0$n)Phap%cSqizUNTZ{W*G%ch{o z{M|GYIr4OXm4W;X1@2beasNV7mmA7~7KU@RfD2Ap3+HpSKuc>`6WzI*z$Lb(IlBrc*`D^&|7P<{tP&39&jQYFjEHjE zAmH~4{M{mV9Z2oggi;yFrRFDGKv!^yc^2K9)PL$@`bil;g-}_j%G*}tZ@l%sKajr$ zV0Ja}QGI9GT^YmFm#V`3`vp4>c~Po*>Crrv%>x(0n58ob zVfQ3Lv3-=>#}|%5f{r;>ie5NYK|^Kd(2lz4j%gS%RQY2XftOeMW$=iFawcm_obhqm zcAIlsxF7QB7L_mvtBVQD)?N}uit{~#4z{l<%R~CYYz2Y87AIv2Hmqhpofh#3nhzvK?76JjDnHVh=_MXgmEZxe)?TX9B~k z8ZICPC%U~EhNqj7Z?yM}{T$r~1-C!0-1`YAoELpcD0tI7BgFC@tI{Xyh;pTa!U(6f z%1=l2s66D0YVmr};FG|spW@L)U4!I@0%Q~4-2|0HSMzid4XZDNL3!ANd%D|CV7gSi zB6a;TVO0=M-YIG`7LEOl&Ei6miMwK8z!x^gPCJ-R|OvYcrW{4 zyST)5ii{>!J4WIM?+ukTRoqU#3FCB>SXdU8n8A$UbSHz($G}0E1yhjcAN;$nCY+jU z_|%wJdP;?lG})`9q@&w146s}|rn3Kv?SGMFXHEw|iT(fZ(N^C6-`;$BXaC>A=TBk( zml^Fd+Td)`%n=yw+9CyU;q&V7JdJpjH`uAFn+r*8?2Z{GZi!`_ZF^clzHgeAN9f&!V^S=wtNl zpxXv^fJywkcfsGCTVNub;P2u|H#!+)NxzeH+tKskNPhQ~J{z>#(cXIWHtm9Rjh>Ht z^rg!6GEZ;vW*Kp-3;~+qW*OsF83Hl&%`%=_Wz3sRZuw>zyj6za+}$kmTi+~0wF8&S zR5?nZUuFr6?kJQmR}`vPq*?~ws(F6H8GKuweOLRHuZ-3sSTflY}~*`T!`=(J=gZrPOCq5 zaw`w7oS~vC{zBK-=x3C%!+vxz8oFZ^k6M@b48x-^W+y{oL(&MHt4PWw>27soZfVWa z)sOpUd(HQ!`zO1vUq>q&$+)#4PMQ!a#_je>zWm|AE36{Q1NpG%I;wn5;n(|bcHbYK zHNQK4yAP!i4;S3O-W{K)0?99!Bi>sMn?3&a;0R%!%9aNgX@4DxWh>NkaWN6^DY^dD`Eg^)T&oBe070lKwa&p)^JrJj=56b2~Ut%h@N-?ygE*L5lJD!8YJ39BCC^Zr2r?!kcH8X_jy{c< z>=a&ZBD(V(-j=y%oD{(J@YZnA4i)=J5Odg#TgfHpKZufKS=J0-)sx8*(IJ0znYJz? zT;G}7g(Dk#I7$di+ob&2{@ZtlyJ!21<;n3eps2pC1d6>rI1#1b+X~_bsNnhpt#*@( zm@fy*)#bT>|9SwQ93#WwzXT93{=`7lEC>njBaT+?{a1ef>;a1J4qnSr2d_UHWAtYC z@bJ~{-aneB`wWUC@?<4n;N8jon}dIG0nh8h{eSMm6v#F`?-=rr|L?|!Z#-|`AH4n+ z(fe_8?QdoQDGq3gMJvsw5H-!F#bZ28j*gG^_1P9E;P@-4TQCtv*OXa@_NkDvJMzZ_ z_jSbg3*&p1SjC1TX!jTO6J?M3(FG-}tAC*ounK}qZH@-C?2HMH~7dY&frT;!)Qb+I}}AuJ+8q^?kLx8St|Xx za>}BMR4i7cH?q5vChW2q{vr$GU*{}|U1m7RE^GJkEAYk!YMHIDOGV3dl2BQ8_BPuyLZpGkfY<4Ar<*=ph{ex{ug5qWcn|MkL_XqnA<;VKZ3lM|i)s z^#N!4gP-~j>XG%3I${bphMc$c>O#B~&s3}}ONxZ;3Eg>*ze|RBsf-pZPe1EpX#%#x zTYL!WyQDh=yGq?Fhs&a{4#QiIb-toFf6|&&q^xM0QJ-+LW9=-ZYcO4kf}A?WyOYSc zBD~IuaTDB1E|Dh2Cm2C(xYacN6nCK*E|yC+?*hS&``v3+1tYLi&|8Y;9!Aqmmn4Ds z4r_cBNUVzyYvBTT=5*Q26}`N~ybs(0UupxH$cqw*kwp{(+O5$*9I;P_5jp_IZKE|^romt3Uwl-rv(Zl_4RAa7_;VyC|7P8bCqoONF7!VxvleaDahjO5 zSJuBFapXK)^*pR?tgqJp$Ma%ig{}pf(A8}&BEIL$YP(Y;5gYeKon5O4fWyI3mg!ZO2d0veGx6FDF5bFALV|9fwJHQQMI>k7~t zUerlU4n$Hw>o6T>IL8PijGT;61CB4^6lbmE6V9xjTwn^a+Wk=?gAPyjzik57?jOD0 ze_dC3*J<6u3lVoz#pIWy#T97+3;l7k5wZ5WDO5bflr!+}CfFK1P&t;q- z*pgI}#q3ZbkqeeCo7w{!vQ;q`i(i$KnyRy8y2aG;C<^3d8-CGl2e8j|;Yr$t0=zc$ z(mwozcaJxLe!ch?{`Ca6JEcWSMG$+rRI{DRt^ojk1uLh1jFgG!2_CqmcD1le`)#0L z&2DZrNFBZ>pB;!( z(D;u}ez;9Um#o1P8jlHQnig}8a;aaK2(VV5GG4^vn(IAhZK6MQ z`zNK-%ZnQ^gh4#8uBhB|A;APk<>;L!xTzKgdPW;+QXVGb;Z@SNY>X{#%`CP=f|6NK zm*+0>8<8doaXKF*@ki_R+RNcp6ETVJRGUlWZ+aRv{>k9DrIfqzijSZ8mi*b5NPwB|)qAdoCdMXRp8)H?wxmee&I zVf8`SH10ZgL)~32m?Y8B@!9^fXwYrjI|rOzi)A0XvB-L!@Kxfp*E+v5>;fj!#S#_1WcKPjRrL@>}K zn}GR!4KLei3#gXi2&etlV1&)U3pQ`satk(Y5kEuqgAPUrr8tK6yJ$#RCZPKtlPH^v z5<(wE3I@m|S%$pQkM2#dXBU()d1OAq(zId4t`n?fZDy~pm@CwQQq|jrkq|q0$w0PmGSFCmdDV7XptuX-a@bf7CEQm#wrDN{T(Jq+*=w< z#!D1yg|0=+S~bDB&?VM~cla}t&C%gey1LD&M6x^r;Img)@Alb8l7a&F@AiAH#DAvI!OeX^Dz>A+PYB3I;B6 zU|%A=RYo8N%*|aWN`X5Fg_~Bb#sTC>Zc?Zq$FO8Fq_Z>Vb_ZA3$WRY&KS|m;-UYt_ zW?j5^75ljEa;w4)10-HsJ8awmYvW0BOPV#g!!<6{@Pwe$-R&?LYqHRmIIA5qxfO0= zG%SNl)SRk-0C|~eFx{|SJnNflUP7(w^s2P=R#@TSwJyHAq%fy-l_F>R$tPIaSPh_1 z8;}wzPzG3D1j8WPbubWg-P6}f{Y2^GCyXfMI&Lk(6!lT}(B**BGsNxfyWNxBv*Qzi z89Ufxc}W=mJooH(T0N;paU*h`oGW^w9zh~YNGu`fGgudCY6?eKguz%ie^`)UBpu9` zPw^-nOftTe%BYQ#Y)NfF3df(6imM7!o~-p1(; zvc!ICYC2X6<_xfdePGdWr>2|&`S_n`l^*gAlmLUS;D-FNEqtZvj`o|4&_Mr+>p5gF ze9ppNlkxn$JAugo%AytdU$5jdv0#m?#r|;Srm(Pkr)WL3?1Tz1om=o$6lPG|7jqz$YgF zC%P;YFp-!1xttcQ@h>7sUkeqpCcdXED16;+l1;kgd=<~3k~{1&Pb!gD6boi%WPrrr zCSqm|Sj$jT`8pJ%ixx0Ftm=wvUP6E2sPH%vM#rsO?g5NAX-Ek!QIzTQD~-rTXvys& zCNZ^2m=lfZY!5w~L53(R-i=as1fV6fti*z|MK2eQXguuZO8La5BQ<#f3o*BYQ0O0Y z#tyq2(#3?OS@9w=g*BBxnciSotY#(it84F5S{Kd!&_ODfA75je!mMe?Ll#*n@;C4ZJ2D8`$qnaH~pw!CBqopjqyb0L|=fSvNeHVhZHQ>9@= zsaxTZm6@C_+7sT?VkQr6yV*Qzd%%S|8^>D**Ra4t;ph{D%Ew(G%tf{(mma3xa$g3^ z7{~{RYqf(ZwUK*OBP!qspCXcI$ySA`V%2-y3}y%B4Q|&A@m^>8b1D!Q4X6{sf{p}~ zBf*8uAlIVyC=xZ$pb2AIlIk2)E^s|y_np~V+=kfZ^Xjv?N#Z~@8fCF$#A{Qin}6Ti z;c_8DSfbtDs*=OQrw-^Su_bk{q)FOhzoc&=DsCmzNX6w#M#U&OIh8u%Tgf70DXX+f zdDc5Jdp>Xq_ND(C))73)dAb^wbp$2!r1{(^sE-G-0(IHB#4P+1!q=@RgoPaRzcIDs0Wp(fpgfaY9V29KfF zcxEOGa+!7LVQywZ2W^fc1oRLySOl^Z`y7!1>ViKn(zbSqyp1a)o8UPQ#2NzfaNPi~N%A`%A zffa@rs1?bF)rbQxEC!N-$9y=k%Usw$!QS#!8jcdX+@<5I^i}HiojPr{XOJ{SU9nFw z>AB!OHGVLZ{Jl2~;W;Z^PfelBP$QXud%NkEwj zK|H0%GI(mibvo{3NDzHtS7B{cMkP^Uxx?!D{X^WHe9J&@i}K<9IS`$~+hBU95fp$k61( zSNjN%m0YtgGJvT7baQbRNp~>^bAIbzop$%{;5o~SwLnk8FLSG!xf(m`m?w{jwQ$)z zO?TvGBJU>Cj|9UnMd!_}bcdFl(bW#!yl=dNUy_h|6Odp%r*r(Eb4oft$K6+ww;QXd zjbaEHr|RhsIPkN4=A-C=Zd--j6QN~v6#Nx4}!B0TfT{9jz2+ONv2Hf)&M!sQ@?%QsYH0Jvg?X%)m6qk#2h|Zca zbK7~0bc5ou1Q$SF8y7)#le!HzU$EEB=%p%ZD;Q-sNh$<#V@yjSUc@UJM)nEkGrh=EH=iwg-py8li$L7=_97oThu9aYKeDTNxc}a^U!Rg1J>Gh*Q2@k9ON_SOblU$uGlh z+DgX+l@29QC^?;Mp@2@K?BEmdcG^w^JW(TCUs0}2W+$VM(Kiu!ZPX8*m%eQW)4gO; zO`fOPV2os|(HM`%3^Ds`JL$KQJXmEu=u@gncX8y63MAw+fkOA8+_dn^Jed=cAMt|G9H2bzLo|gkeh|ZzR}6{m3I{`kcw97|bGXnc=Nzu*7_Lz$cnsH9N}j@1$JOK^ zT%)LY2v?d&e1de8@EOt#vHpsamlQz3r)08(CKztnF4FG;B7WQd5(92 zxo2|#1XtUjqe9ZQnueg}DPfb8W>9riU}9wYVt1U*GYY>e`ZF;4V?rk(WkbTtA(P+; zvs327!IK_Fb)g=VHhW<-d*N;NqH41jMa?SOxaz;wNg5H+fH6ue1)dEen~zwZmut79 z!0#+O&N!U)hA%81Z;q1%#UbeqgkVVwEbA1Nbj76tRdFe#5$0YP3Smf3$hkv=l5nB5 z1hEBSYZ5|rV7=*Lq%{YA;+E6NT#OwAb9KK6F4y0lc$VvnTUf6z!VC6A$%=hpFWDE) zntf5WXj?m3Bjq+xI;TrL5!?@uYUaX5RbgRc5U_q319ib`Ta8aU)YX7fDHy_fU9MTn zD$fKgS|__l-|jCjiD+3BXG^trOrov6h_i|$`Yere$W z$L(*=@d&OuM=p-DKipnB2gQEx-TSC^g)TB;`c)~7ka5xX{s@z3rQ%Q}9k{!s992o1 z4~BLJgJE<J@_RTlgs`nDRa)V-KYYHk-dQs1(A-E7re8C!Dv{+w=81D+JzUUoYT*ltC((N!S%l1v|<518~ z8Gw@NbMNvLZpJJxt(sdgzvG=4C;x{{NiX&m?u@yf3)Zk8(0@~A539$rM@m=sunWyJoSbZ zPNQ>{nf4evjljVV7O^$MG+Wq>Pcv`FKr*)3SvqkrGLK z49;>k+LY>HCgD+_%tgb1VE{0;Y&0l2Vx|VgkXJ*SGX9m`jm|)zQg9PMagdC+CY)FZ zLRcrw5-FC3MjnCqW0HZ~0CvFaBO(=zXibbxHqff-`JhdAv;925ET_HU_?m}Aq>-yK zV=C>nNA>wxm*^sFepK zFkW$&sr)CL5G5J6)}y!B45y|!Pe@t0;q+PR3>e;tQgu2PW;D(`y0R)#^e)f1C8f>t zKPAO|Y+O>@U)1Nm)3Jn0{!Z8#U{G9GDVk7f1o{)Gsq#o+)j;3!RlQk=B!o(}-I_*} ztkY|lNSN5d*DdkNhqm#`mey8w@MS~L_|m^2hf($CVu5E*Sm|s>mbeSn& z`S=2?9UpnD9W%Mm=uG2TF4R}7E`d!du}cLuleMFgg8aE6gX&Y9cJUlDCTCA6cc{E8 z7AXwBSL#|n6WtOgS5XWb=h;9OU&4R*zzhuWT^*u)5-R^ZXDMH~mu=k3RvHL_PwzWN zAPp}>fcy@oB6^9{DIKh&Lq$PpavvK}!!xhB%PNe`43P@4rRUlY4^lGU!4!SZcfdL| zDSDuh^|GY(o(Jakd$ODdT?F~F^5W*C8%#W(@NreF>2#vysfIh$>-;2}R;MyF;hRIn zYYbE)4}S8BpjSo58dGA;Mx(ge0q>?@wT^VQ;vA=0L4H#&w-gtzSk%|=;?lY0!tXWZ zICTNV((AO>LTB)ZvP-#ES(s^%}f`)Shj=u@L^3|lXLd=T|-}*BQAKrr<4{yTi5qtBA}&8P)^T|Pw)aB3GP(j zCnsE_?iAe8oAl*pvP=MW0;)>7hOVy8_lSc+_By&_7j+L>xhVsj;_eYE=k8axxN};{ zjwi}@Tw>1Mhk?c0(>%zA-b?I4?*%$DP*=y0u-awaS!ujrPEb=MdSP9#3OuYdG^ENU zJ(H6R!z|P#s6xN4@f;D^84Y#?h3RUguHEFcb&F1LEGcb5d406lnZ!zawB?EsOH|Ok zqnWFqdS|JC6{)0(c`VHPyhzmb{W}zr30Uf6tupbWC?~h~^bleh*XTE2vteRidFhdn zfBF4?j2pYxw%7l*k&Rj#&L#JAw}BS~J$dqo{=&!oyS@2z>n~dmA3fTB^7QGWr%&Md z*3(Ci;Qa#nSNfS`<9Gy3;;L9wuI#oDYJ7AhS#I?;&L3-_Uh60=H}Drj0#0(N$Zj_`Cm7p!^1sMp0g$c zuZ?h<8+Y7bQbpOIGro#P$xd`VnBd-9gwhWaL!D2?c&`9P^=%9&`)<@5wA0QtKE&J2 zMk3$tsF$G+4u5=m^gcRFaIKHNrAz6%(Ywhx$U&-pn6{EWC;T1a(+qE#IKQTvZxESN zflTxUb2Z24=-Y{sR3-qAJ|&|JoqyZwTe3v~6GO_u4jp4JMj#HcYMpivyL9=1sJR}Z zh3>Mt#o-c!DknOJ{!+5(bJ~6COh6At7#K(Y{lVFH$M4Ug-J>5Ou-s2}kIsJBQKoky z_ohos8qOn<*On00W*~(i%dc5f~_+ zexfTjTEJUVjwwaCiEQqgwmZ1z3oBHEml2sQ-WqL!qer|E9rRo4jp*?f6pQ;GyD%Q7 z0N_p90pM@CgTbf~y&7a=Ec$jgiZ-{mwl>$c9&T<$(fiX~@{lfnop$H~zNS+3zTH0( zO5Wb_QS-Z|x>vBE2!QFgx|4PitxU#g7go^(*8P`!A9~jRC!3G&*8ki180-K44zkNh9K9N)IQ-G`pU?T5UjIe@`u~kH zSP0MJ{ssJc{__~VRM8P0t-(K!!-_(_#^dM&mW1!(G0SBvbEi$*X%l}gZ9?8TLKZcW zpELRKl{mCFO?~KIuYF3h^c)JY{8szbbjZ?>^Xo!M5!%J`ECIwOzif!V>z6Ohw=KLf z8lM>z#_f1?VLxLhTdo{5n|qcH+((!R)_HcFZH&`iVk5J{dr!@Hn4%`6pNkdCde%

S#(u!|as@XU&uS-Pg_UcMr~@$IgWj!%_MP9g6z4K0Ioq zcC0MLjnnH6?CT8h0iTxUbTA%p=tl{)Biv)Mn9ig2d3pIVZMTzt6Z%xk;ecwLiAH1r zu3@m5I*J@<+wp~AyDKX@){O(cib2#QS{{woeI$}WC@g(djIaT5{{V16(~4iUPo;`E zB(I>Z5rmvOHrEt-(%iEk6p|vqn9W+;$e!Yo+S%pWOF9RWuRO{U4Ll46x_FrOKk|7x zQ2xz+B6OXI+sx1{D6BJQsggE)krlX?T@Y)vggdRK%NyC{uoRy9yB4kB-RbP2=Nsl@ zyev{0ItLwE zTIFqBxMKI>b|T|~y8zZeDZlXrwk!-F)p~o-l#s<91CI=XZ2~3aQyZtadliG?1AQLE zZHZ3Y!9|^`;tF%Re~3aDTNTN{*X?GhG9JClnnGZ!EaG*#lO)(MU-KzFwKC&2FDzCg zoV8lLe-Uj33Cx_q;YbPuKV(U2km58MM<~-lpLhn^8io=GV4vddgqQdJ;Hn`M9Z*o{ z63p~M0T#8kI8mS?d2uISqX}!CAuMFdYcb;t|1i4aMbxPX zHgk*SM3mg0qY049WI@5cw$Nto3)%Z*%xfk^sc3A28Fzkp*jfKjm;{kPUM$A}OI1Qa zu(tYcBjC6_V5qv7fV?*Z_8qbK^h$o-I2Jh#V462ont5>m%7Q^Fh!0QsP=c_!V4iqD zjbI`J`uX5RuPJYk6{j!wJeGMRQzGH6Q{BN82HDC+HUH&a$i#r+i8{6Gl*^qnvv+gE zgqCWvthXK=Pw2+8Ued#h4u9(NhK}ki-|Cz@dnV_iY9Ccm#HfXL$fkJW0#$C~!n8Q* z(dCTv0&0Lxj)oE*_D0_np9MFxS(@EuRI}aTAJY#wQgk+52RY}|q6qDFz_EAU8nUSJzWLY}%u726@>+%Sw!2sfF3+ChSxsNJ ziHot*vvt)L38?sq-#B-T>Fpjf_jgFt&{2P4JrLt*hbwd8fW$Qy)XvENJ^FT{z zHykAyUcB2JPe^;qrlnn;bRLkUq^pXC4ho~B&u*ZK$hkIHOeb=kE=7D zqvYQcFv+q8o)o6Qz)v{LcyBiA(Gi-ct?)#jL`nx*)t7GVK2PtX2*!^LQ+1{_$`Yhi)WXK#E=fc z(F`0WEtnd(Cj|Bzm~^ypr8XPLUrFZOWy~qg&J!?f)J6u>yH3WUw|Ll^&!de7lZ#7n zP|hTRJ1W*KdQ%R|O%T(<=XXak(*D~U~oHMwtx z-ZpZ4e8iph>`g6Lj$=A%DendT0yx@6$Ytrktvc|V_;1pO!GSg5oc9<4n>}U|b%!2c zSk&juM%$gLykg8V}KiR9d>tYTQkvn2;9qDTttWJ7~3_a&2%s}k?Tfsv1{*`{m ze5)K=llmh#HTp^bL+{&t%siY&nI{BpSSRtD*lsVJ0tngVW9NW8wjcjAAE}Y(YM!= zQ9DgOLE-e%#rEG@gHb=}cGr{k#3~#`fpE}SVn=1@=w0OKUF7JWD{?e{4&~tJ3=_B< zHi6);5BL2iQ9Om50M33s&=a6o&qPRO6ZdOJ{kUsITRtZhUad1`HKBe~j@!gc66avl zI!^;}q8xNZ(VZfhwWB6RLOsOO)oGh;*gfqsIC#xILU_s>%~T6Fn#t`C6)|E+UP)+r zL@AO8O832QI(%aS3>b}96Zmbf*<4;~Hsi6Flg(ySs{tSP;&F|)-W$=wM)as&ugfDj zOJw-fR?VoTdQ{_FfuG{hh3}GQLp|oNwkNmK1GZaVUq{uE0l6_zGGdQN9(~GSYK}1b zl<=&y%n-v#AF23X+Jv{sFGft1}0E=>U^{L>M4H40=BAA9thkCfV-mhZ z%Z{x6wJnj(9^X<*qsu{KWi% z9%cH>01PTgZb4M~B^R!EI2;XN`ap{mLpuT>xPs_(sE(5rmTPpaeiW-IX+NAMFYQgb z9H;|KbPX%?5D3>3k)Zvx<6{aOn*cXwB0|*>8_avnF*_K^-WB~hKK~g9T&@q)ZMoLH zezkjw-p}_(XDki3AJI9B!vP33*6_qupQqa4@gA&=n9J<6i4R~r3QFw%>+EDV+6tEt z3h%bJ#Jl5@Gg;!Hw*)QLZ+7?gq1YpDiC4$Rhx@xn1m>}~#2b;5?R4ph_x|X!oo?Tr}zvgb>h~7XO)(=)1z}f0Bd5Q*hu*`JuV%Y^k|{@sP$obghV3o zg`y*tqUn+8584an8(Q%`i2Td6N)##|3s^>Y>6-`hoWiq!g(QrXk-;;X3B&o9mBo^5 zu7zb`s4QY>Sr{@4TU-{1(PEaD#UZqq1!iIRENqEc7)Em}G7d^IvFaj`YJNB8+P5$| zEn@Xs7&7_w&ugg7u!)`CeS3tSLe};kbCh?7ubmBO15N~Y4M&6VpfJ44U(gNh^Oxcs86hS^ zh3xQCe;Ji3CDahT`~68G-~89g++svP$^3t~we`rE|J$37H}B^EZG1d20#f5H5dr>k zJ}IF2X_T}EqqY+~kSmt4QD0t6Zs)%&4G8cih$<9B8fo5$3{8Ba+@Lp%N7V~%S18#X z^eX_wD5mmKXfKkf-wH}GyKptIbo3a$l$XpZmqeJYuAP`$sYdt-0C!aW9 zOC==C@~ANQ?_?NhErT!+5b!wm4iV{x#06~4VP-nxo@o4?jIeiSC+MG#iw1pd~_ zVc30CDQm0ub7^`+omQqpmU+bI5K#wzgPuxZ`>2hp7tw)Occa>PpfSwq(eAqgX@d#2 zjO;^-IU&>Jn_qcQJ>~H3U-iqpWTje-?Yoq~zw1x2{wLP!IWqy5#D8ys>X+01w(j!( z-^yoWwJhtdNJ7f-G|&73p>_Zwv7eq}MAJJ^9qP+bQ3X^k@|B{0aK!_aM|wkBrQMMamt!x^U*R~ zp8FOe=T4!D{(Aq-!O{L}pB^tSWK=~A1Uy46M`Wj{7^7;A$&M4?!CH}Q)Xeefvp!2z zc|+-6E?y7|S3-Ls6ag^73f#+8;&<)0bcap0t6@i2BY42gV^EZIX?u!3EmbPIU7RnX8kI0bC;doTk zDFZL*W|x_mjHV;St^}{Fqr$kXV1i7+uhAm9DlyCV)tr;Mlf~?78Pd*a>%0XWf?!Av zAIemmdT4lTleUtPIOQNk^0p9zcgu#x!Kz?%9GDeo;u`TG%49Q8W*VA!Cv_1~ zvKfd{g&;XEMFFb}%cQOPQ8v5;NtdoTa11#(wWK4-SKS&2B{jX%EX(1?60a&X1(tc8 z&&W}p^Jy)HtO#gosIq&Db2&`oP_v!Yw>;Kz& z`t-@uJOAG;d^Yl_6Skg4Z5DfdzdMovN{|ewWK%DfvCDy2=q1?C8 zsB=zt=Zc+x!W+iW)#Vw%j>xYM?KBKdKuGtpXvH##376-2RPu1{wXrHS6snNNf6!#s zRU~O)+KKyOs62pt4QD^~SEyzXTcLGXz1q>Yr^w$zy%aZypT6JQ+dncS_{HO4`o!lm(`sB$rNQ~u?DmyCI2&?wz4_Vul6=#`Bb;g2uNoM9XW>1(^C&eN2ZptxK2t z8L9ik9uJ}iA$-bxO&$pom``lUFpHTZNIiIm4DBan<>4~Biz43XD|T|?^z*~ z1-~s4>p2HW&VbHn&~srC5EOS#rgkM~M0$42urQ(2>#~18q1;D;38K8Ua7nDz6j&WD9I(s8=^)EnYwc+AF?KNZHnkB@MRzv+o8c- zeBrKsXutEy{K8c-$#7quC)6$Pe>X$jLT|5(x1q={nJZTt3yhD`xZ9lD!2O^bsIZ7Z zU64uwCvi$fvASo_mzQ)|9?=&De1iH~L>h)BfXprI9g?zmIi#9FF;(2|z+Gz5+x?XI ze>f2PM&rLWpFY`q;)(yd%l~;BpDF!6H|_rMxOAp*8C8ri3V3Wh*HBXgm<$Y_&N<_` ze|px?CC)io7C@}Gohw8vRVa+I8;~;ucTTALof>9h1|8ch7ZrZXT~g|hfJb2%4NBTo z7;Vx{x)rHWHF#^`9Rw7;y({e3zbDD4`Z!NB%z@pzQ34ucKTB?g2GpIv7^{|x=s`LD zvKwN2Z1aW*!1&KY0WcH#fZ~49r~JJ)-Z#Q5-?d7;NG&@l3q=nSa!hWH^MVFJ?yk;kTv=wY5dqG9!gFesvxKDks*sK6{2B*|nkn@wmS zZ-z$@cOQ!|HW9a6VSC*?y|uic<2JnUUmVkrXL`?-jSnlU)O{mMn}AE5{|nytMttu;&Ng?8S4#s zg-MNPubj3#17)6J{#CEb!uLzJ{ned*2~@}Hg$(Bj665L;_wQ;cbja!-y2$v3?!i#r zOHY)u?cC_A7c@^QZxIPeLs7b_xgXOH<_lx%s4niZvfM#*19$(yID#h7C*5YBG?o{a zOBud3x_o76ntiW~@3CH{M8R)T;3UpqJIc&m5lUU&i^r`?(1e#Mv93m&a`K9xkN6@^ z`;>i`2)@)FaF>vnKjQ^L<^)-bw(3L)>OnvGWla6~`I~QcWStusfS*GHuq{WR@({=i zzN|su+s9~{Rv(6+#V{-hCj1J_j#h72Go!9eOlhq~rMhBUW`GwgDSS+&M;348 zoh)#sklMjk zf>D>8r!#N-A;)%;u_Z96JLIOvj1M@p%c76ZZo3!49sAqa|0Vt(al(E+2T)o5hs~#( zIsebYN85M)pIi9+Dg8e;cE*ei-g#ng9YeJ!@^)VHPUH@|VdH&@U7CvISd4L7()$Hj z?p1ofSfjn9Ukk9>s~r)T)nMn^H)FAv&}OkVdj&F8G1v1PGMBwxLW0T$`)|E&-F+7G zsign4&*#zrOZ2}-n_F)FzwON@clrNr<+HKsyFIT+1-!dT@9ru+=PJEF%8>vm?E=RF z|9Z#TdyO95r$u&*Ck!mAo$kLoKCC~BI5qI=S2`pt3dV$~ z-HchBtc3j~4pplN_)#)RSVj%ywqJ?B$t z6N*m@)aU)Ve0_S3_1TaJ0}xxBc?kRhK?uDx3`1_G<$;JdzG%7`lB!h=iBq86usH2G z!(h0Y;t@{k+|W#OdUkxW-~7k^$JO6nbA7B1oyaS{(`ERa}KUXht zQc2ohEK`>Am&@F2!r!6JiWE-z%7w~O{hFl;^89kK;v~Pr@>IN3q*8icRk8v=+`ha7 zqp(7;?%=AV6rBj7V7t;{BfRFeLZhvsyuS)sd8sO?fmNf~0R&wQKD|CY<%+lF25Yrs@rypjnoHqAx=ro4+)m53&nakwsA~kKkVX8lqUR-os z#E<5Jvkeo>1*94#Ia?*quqEL_`T2%2PaA(#F8;EDcUgsR>rWw0xc`pTi27E*RE7$nrl1TOZS|4IAdB~-x!FZoRHVH4vU5$k5XtL@-WM&;jx~V zCqS1ck36edz;rGXiPbwM;E8HevUm{E`fc$ZuzrCTaAW9TB|ruvh7 z{IXIq=xT<>tUV0meYR$BrH%&DJr9GLoIL|9ti;KjN_?-9JEQtJRd#2?fnJc>*%-#c zyw0v>8&2wMsh@$2&YGsdbk3$p70%^s8D3?HoIQ4-Ka2BFqkose`Q|=h|L=m5KmVn| z{clem=KR0gPwvit-Nt7@`Ja(te370~5EX@PVwp-Yo)Xv}Jm)iY^EXcT%!_h`Y|jO{ z+!X1ZZ6nLc70EicXLZOKOiNNN4-~fTnOxR{LKlcuS?=esog)#nUk~@EfX0_CmH*j; zMIb*WQSSwtAe;mtkQW-wNeRTtaM#O*bnWn`gTXdS~QyRwT9S!5nWSK7X z_8DHj8B$E2AUAKkL&m<@MAO7Z57vC$B_>VycpekXy!NCI|g!fTw?=D?ZMMr(Wo71P>EDxWh+%;%y0Tl%)@6+;O$|UpR;FUN$+DSfr9-JOy1XG}a&rK}bbZY!A;ms8b2$roDUFJC z&Ss6#bTqu)+~s#k$Y)MMPR3@n6y(;^8%RX%@hRHA#6Nfna>Eq6jr`+Qbn2YR$H~=J zlzCh$Kz7=3ZR(h(q}cs5ZNl+Td~0#4@mtI@Za5^v@4tu)PWlbD6M!3Ur2Q#8a|_7!P0*)G^<5UU zSXgZ8^xjnK=5l*8_=<_Wi$bAv|8JmgQ>FDLs8i(ht~Q>&ec0)?m*zLmF;W3G+&jwK5tHLr{lqd+*EGXY}`(ONkJZN`MN9#w?B|D_+mS}Hx+&( zvv`}%aPfPa9~33@=AL-6dAqD82k*Y9!+E^vYhe;^QMj+Z<lt{gHB5qGpcW)XbR6AO9;aL+OK-LlB#&#z#Xin%Q&=yXZl z35YKjx*J&OWI<;!zJNsT+>2?mxGxy(-#l~sVm?Lwzl9`!|4V89pY5mH`S`ylj~?Fn z|8C*)=kfpDz#-#m>E0`OHT<^WTpod&%I|LYb*k=&6?A?9u8$i_<*wa11s$C`e|zCja-mD&Z|13AwqP-y}pAb@F3T*}jdCtHme!rs$y?$?|RNjnAFpTdVFf znF_LgqDO{~z zS@nKpQ}ioS{i5J>ZC_=p;FK-_A z68`W9B2V9`V2)ljDN540<&6V3r<-LF_-a}c)kUyEf?mhuK;d!(gM!k<>fm2H5V9ls$9|`+rrw@=jihbrm|}(4UP|`RCm7&MYwz;y}|X6GN|7!mgPj8L8ov3g;p<2Cpa;sk?#) zGm%>BtUnQ{re-J)sj2w|(~w%~VM!KJkLK!4LaJ!~$IU_N_5WyZ`$AHHmid34KFRO@ zJbiR`{{J>URsBD?&kr%KztH_%zkQ7#bWm~QH)@CKkU)|A6eaR&;B?Pt4 zsW-`p38jL{H=j#yNwB6*a2XZmx6CDl%#TGy^q3$EPrz9L!O+PdX2vSnHPE>&q(T|d$v3PR(zXe85F)_ z#5+c;!ibjpYJr?MtJp7I{b$a6Sw(r^{Fh3S-&zVxE6QlT44CBKDM)~+^%yJvrM3u+ zXkvDJOc(o8l>IUk`%@6oM2gX3vtJq>u;A-2A@`+A{n9WeqSb84FH8JC3rPW4cK++h zQ_uOY?X5fi&nwMQIsx`)$?2YZlqFX|ggB%#x&xRbwmM5e<6HRwMIV_+mRh>p^~kUzVS7I8@%E)p%OMh{1Z*}d*Po?#L&J;i;>;I#NkG68_|C8;z{6Dwx@#p{9 zd=j03w7Jf7_8$-lfSi%iZD(4No#C8 z0i{_zTsDub^|FiR>W&Zcd2*5Vn`6-Hvbe?iz0p9gm*Q0-CZs`oLO~=j;@$2}=!G~n z;HfzoUX0>)lCLRVglkIBD3!tu8)p_gFp@q>T<SP;kJUGCxeB<(s- z=mku02X^iWm~129MuP_jppC3rO^7m9JznX|a>K!BY(0=6Wo}K*6PSCN^xFc2^`bv$ zC+@S32CW~)Ezr!fCf%LkP>83wZ!lmki%DwDW*i*Bg3UIx6;Imf*a4bCj<{&Pvqs@d3>k;-^Pb8D|_*G{`>dku+E=POu*Z=aD&&$9O?R50w z@BH`g%fiJ*&-C}dFE8ViT*4)-9JqGlV2i!hnd@?b9ecltQ0}YXB!)+Rnakmbwmc)pQE*|!V_QW>TBKe|7K?$JC;(xZb-2K0;r%#{W&Hvl@P$l*Q+J-Gj!?C#R>@}QN;YLzvKhLP zP1O~xk5?>QeZXB^eTpg-Y2@nhQ&g$gf<*ldY}CPu%tY z$@bm)e=DDj)o6Dzz8s96MgKdbrDG?&sMG3?-CJa?vki=Gas!dzG3NQP zpC+SG-)Xvql_~Li@c{y5?D*4g#aXYmvYuV{VD1(u{I@D_+eE^0M0v!t~LA=1BZ8$zZ|@<|oD^3HU&6mB!=v0j>d@^C1Ia zm_?VA^N1t~2qSnfN;=6X>9>;TQ#?v(&qzT)9r*!HCjR{(quf#m601KDlG!dH#Wl>~ z1Qw-k7rLEhGN7NPYlqh)$|z9>R(IM%j1}x1oblIEh+{Pj1%n1L7A%?o%qT(U4T2%* zC4~S8+Y^e($)ZgV9Z@!+ZNNsfwzW(tsUj5fASinYh}dgdh1Rz5InoVQ6;78iN@z>1 zKUS3HTOf_JS)2_+bV1P98-n=31dT5?)l+Un z)EmaFkF?nfW;3;LUlB{;$)uMwM__APOp-jl#L+;q9g|>tPU;mgUlF}^n|#|L@)>X` z8J$Ej`szhQ0i7Zs4SiM4aJ>#O^KdBnIeJGCWs%q{k_$a*U)fkGZZPJ?l1d5ZCPUnp zk3e`uazXHQNCn4j%3LsK=0rv50J>QlLCWpx2(+q*veu5%^R$bJkWfFti7W6Sy%n%w zVooxg|Bm!s&ZU#i3G&c1Rku*&W^3fkRGNiW%14paj-R>njbo%fIc{xbIHVOwzy{iVw4i{s1R&K0ZNEtL`WF@oUqf|n{ z1fa!4=g@4li(W)q#xUn7Sm zLtAv|iyBp*3wKNdtkTPnA|`+}TWQzI-LTq=heI$3w7Mll#;RgQe@im8DYnJA-0~tr zC5B8M(F}CKqw*T6dM)Fe9LA%67TA#4ppu z6UHj9brJYKAO>hM!s56dT;GKvv!KOYU8@jQB0?e#DSumJVL4WnHgm|*3N#7JfG>kV z%qZj%BHRX#d|4cl3(@`!*u;kyhpJUGtQ7{1tY#QqQB6Wxy#G?<^cT3y%TcI0YQby- zQV<81T)DD{WE%ZRPZY^~Ba7{X$CciGDWmEmE0gK6p*wB%SDzy*4+!zc1R%xbN-e1; zexuQ-sU{w-y_8$(zzLgZsPI4U55 z1Cq8tn1)2DU!wXvBFj_3ihh%6?Xz=3k7o(`C}HHK$BZf@THEP zER|03iNUY11R8=WC%kgvrc4yu5u?R~3Ec{;iBgduruL$42d+p9F^7N-LNGgu*bM#m z-G%Iy(erD8OkvSM2Od|Zg|$qt8Y@z6m70kz8lz&`sQF()n(CAx8&m}XSEh#+Hb4%& z3cCyQOvF&wglUo8xbT=lcF?^&|4c?0ho~fmytl_~n=X~Xv)KxL)spsRPy~}$@wEZ| zPQt#|#=T{6rOx_FBQjT6$0qlyT{8=@tfCMry4rj$AvUWFQ@%h==)3QjQIM75ITxyJG>6>^TNcHRj0 zn2q?1vst;Q%Ho&Z*y2}x?X#FeEP17@A(58NlrhG>04y}{oTxXn{II0g3-YY%a8|kw zlR6ulo<+YMU2H|0V?xD~{-l>HO&3B@U>Jq4Y1ryED*a4sW62$?ifTWAsAO>GcZD*- z&WMjPN^l5>@IWF5pNyGqBc%czDVWsb!29d6m? zyWO+zn(s~yj!zEGe!#YH7JTw(J4*rMHLvmHG!o)wWwq)}9ea+L(FY>_AgB_lB7wHF zK@2VO6UQcAqA8_1)fX4#DrS>jA01@DpOt&r#=XsllNIZ!IrQ#}5?VyR{u4|ioR51JBIxE%c zcgh(B1gg*{QW^8xO4a)k(j`4Gr^R_{X5J9Da?Zfd{-yI%4lX%)8 zbwawYTz0!FJ7ONZ**!cw`|jjD^L-fV-a#4ERysY@!`-8AoBRJdD*-JPt`*vsyqms% zhUt4FGuV2A+%?;j*2C^u#86j4JLMi9oHJQKx46Lh{`%k)Q{TRJR<`Q1;Sa+(BHv$o z2G*Hfych9;L`Z7rb4h%WJCBB05&l42Q_VeO<|Dh~9*qF0$^^@8t!P7~+NOxkS5dw* z83-H}k;6rH4_~OryZe}PzHD=!AX|I;RBM{8eFS0c?5j&13ye@Rdqgq@%|e-AMjpuddl(u! zSM8&uU(D73y$D5wmiln&R2N_eGY`@l_rwD^frecpUQ8+oqeopq*G z*v50x859kG-^J@0fvTI$_GC5pnw{uq1IY^KlvL3#CSuwbGJWC1`Sj$WB}In70_)_6 z2u7qz_qQ*^R_zxA+Nih>GZjZvW{BMIXVr&4`vQmmR*peTc@DyjGV^j@fpoDqj&f(> z#XUom@&>7{&%?*^z|X-rx{R~vJV|hXhNGkvV+tgZoI_*>!c+g8`=|{y_~=i=dq~La zP(5@uhzkTbI&=gFcZOPWAuZ%}Lzkc$MYbQbcVCM@GM`%loc5%2hc=+ z7Qi9K*s25#O$2=K%ugvZnoxJ%P((~KYt-`RTlhkGOL#5rm}>^++WZZfYj4p11j`Sm zBI3+d=!%M!$|X{kjYKYjD#*@>z<%PZDYF;~4@d{RXSQsB7CubFPf zf54G#ESXYU21hjC9vnqmp2xfYivISuzd1v0%7wfj(Nck>iAVs+asjlzi=<%)6E*(9 z;m;45-w?*(R&Bq0VfXF+eT~=i7gh(o&QgPTF2f5p#sQZE*fk$Uy$LXAFUAO!0T5Fp ze(Vgo-N6;g;!$!j>4MZse!(+*6hMbSU~aHM&>*m%#T2PN$BiS^z5-RF zJG_i*><+6^Pjc(Q=|6W54_@zmw|i1+)uS3h>Q8$39RzC&QF+jOpuev@sH3Y0Q=DR3 z-+Z&fKDeETe`?#sglyu4M&dZ_PZD9O@D79Q_k;BZ$Zre`zf}fP(%%W?$~T}@mC=Gb z6DvSZGA|WV?_k&`DAh+vv<33HL96}RmOIrqk;7yiW8J6f4U-cq2>6^>b4_bnQnj(X z#fz%?z3Kdx+2E?qX&uR`CUoD3p*7}n*+k|^%*Szy=P}IP57so!&0;3;FXP3LSFJlv z>aBvgOyRM!Ol6#a1pAg|GBiaK8IQ3<^dm5hHBL7<{X$MILtQEJ3s-hT`80)T&Q04c z%bpQ5>~UEd@T;U(GIhf*#dj5SU0Q=U6^AI#lVFn3qMM0Z!g7+1mMuWVG;Fp493{yQ6erJPGw`eWyw6QyL!t3X$Z zmH35ZkKg%%(xLltSzI#RLilrJ8ZD;bLUO#8H!&Cf=pTH`&Wi)Ivgm#haj{3<1Vq&} zw=1!OXE2OCX8X*k9{Zgox1c()VW$b;f}#xPPNIYM_Gx@R*sVRNRxR;t!#$4xbv|>a z5Bljijk`eYjJAxEHHxyQV1x3VKJ#7|;X1}A$!IhfmF(~>B$*rcVGpyUWfr=BXL>!z zFwFEE7A^F!4D2GD3~GU0`fakc?U*qDxaRm`0OsuFjJxnxLU;R_Na2f=K1v)uOg^WyccI5D;JysEseO0XNm@B zAyg{e!fP`tv|pth?F7?|<^vokDWa48z2lSD&%o{*Uk=*Qn2r{Lf`SG!Mop89XwqX) z0&FRBa)v4s#lliyx@2G=TqDgkc^N{QXT)F4Q$>sn^Y^;O zhOVD*(HSLl>rAaeebpNlaqaVIdW1tU6^>3LQ{u^^9@*oqZ7Ce{0+fYv{{lW>p|ENZ z)xaPo5nqpX-yPsfQuswnmi}r9*5<#n!D#H7sZ@k6Nx^U8T8hFl+jrV#Q2!GvcWVJ{ z6zhLm+m9YS%ISYwo7;E#-z|JLd|Pf{WVWO4;xX@6$ouDy&wox@<7c_aR69z>SA)^V z=p9VTI@+lIl5Ff-rO`t|H4fB`_RrLM5Y=7_B@ghyN1>7euv1#X-mtY(5P};Rc8DH+ zzjlfx!piFyWK)NBNzklC)tRp*mM{%rqaN)zWd-3JLV8Pa-#moe3F+mp_um{G?Z5Wv z?R&?dv;XT%7cpA2$5f8NPM`#%Wzt{c^ZM29DJ$Kbw zDdngovvX=Id6kjP{!`Xffk(K*4F#!Mucg`T>3ddvI70(z2ntuugnF7452}Dh5Q=-4 z6^&~)<+v7)s4GI{u$ByJw&+21eKh2FNX95k!!s7&E^5Y-Bd27>QhWZss_Nyu%f6+8 zE-ik>@|vV(EHzR*V+}mQ9d0N{)p}hrV=E5llrxse9cJT#K^4#lLOJ^e$2FUBTr1C5 zYgkJLHCyzcy53KmvG0&ztwA?DW!d3a#JNRW$+f9eImZcKt55GxuGm^BGvySJ%)&!3 zNd;O-biDV8=H0$E2ZI8FQ1L2gIDTaj;DYuog*fDFULS%j6*MvZ@L}DGgGY|)z+7sX zx2=Z6L}*}ry^N@}@VvnW{S&4&=vNqe?hI0!42KPhtlD_ZX-NWxa5Xb1V2>3oWC7zv zRV%SBy*XL=RVYr&#JF_Lnx#k7uz!H6c8hoMe6qr0pV+)^U_xapaJaTg$b&{6FL@e? zER+iSDbWiIn_1@pF;nUo;{+64H;k}cDdU|iN@4fDa`*xZ5vlU+;Zu6e7Jt3~KR1eO zhstc5h1f+AEXuF3f){Z{`t!~odTSu$|IcVgYa#CcGXMYP=EKe0`Jbm-5AXc{xA3Xz z|94{;kwlFw#cs?29X&Adsaz42rA36q{r!8ae8Pocgti3*u zpw^4t9Ke#Y8f9{sWd#-b(9F!7VA@sSJ|k1z$eAqF*PKkwDf0IAz0^;`^(=jN$*0i4 zS8sJg0d+E4`Mh#chqzC^7&=|65?YK#VGxEzsX&l%SPDXQVIX3|6_^$tC%P|&BM7L& z*E?|DD^9FN9E$X~m#P1L>aPg9rAcK>$8}K?q}~YsmB^pRrZNAJRrQJD)3e>P_ovO% z_j`N$r>6jdc@V%on+6&lrIv(%X(e+sQfG<47?lrYleo8%ZyjorHkO++IL#`}8J>_b zayH__??o!1VtzF{tVtARSu^7}x0-!Shs|slw-QAHirmkSk4PKCY1nWYie zze{2~7%49;{)bgQh)YSA8%Dbu9bYoBZtcY0Omj$zn^6jN$p@=>ks6w0W9)Od{p1D ziSSv>8Zl!`c3XCAs*nSN#>UtsnQ@30G@=2AzAaYePM%j@&5D1RjJzeK3VzzEn7w*#n~$nTiC@h>($%6A2EAmULKzH1IQ>_HmiMt&pNIi{$qVJuma+ z3Ii@-pfPZ(?KH#Nps3?Dd5^1I|LFMj?%A%RZ-lf61R5DO%}U*!8%2m$#!0FnZbU69 z-s;?GKEhU5PZXT$_Xi;a+bP6-dSU1}=pkW!>4jl2@F}KQ<8iIM2s0kn^Md1X!?CWc zHUVd8^Nw+FA|I?~)bA_x`@YXr7J6$C4&;qMW$h)Qpjg;5ipxv7ERWL*12jQ>En=QS zjQv^o8eO`V2J{l43?iutHul)UZ|#@3``pea?Em9)IX55wyZP|x*5kYQ-{0u-TloJx zj=hTR!rKTj&2LU|ZlKa54h0DX)JBMiOe-r&LK~1WCAOC5LR{y(R9ueHRHrWFBEm1Z zD@v6SkQ$u(f?5m&8Mc#dbplihuU%lT06A}$LY?{dBpFRLp4Erbvjqt@@et}K3-2~{ zBQTb#(EthfzLSOWG-ph`vEDMqGj_L3Wi{?oE0(KOQd41eu_sI^#&gzlOUS-Y|)euUCPr!G^)N(>jApx~Vf_#5f8x~j0u;a!{cropqrCq2aBK5U|GS0H zo&Hy@|M5CILvWI-A}m-r;2C;z+CfDh&P{3r#a*0VB`E6R0(F4mZp^0yl&^F%t^ZN9 zcm<%C3=7i$D(%bO%Hm(#;mWK34a)zr^}l^SzXnjU{y%!S`82owKe>zlx|Pp{KkM?7 zyM)Vk3778@E>rq|KWvDkl<$Rc}4C+WF4KQ|1 zquS~IyW_+9vk3k@*!$u2DKJzYTRy%y>r|`6%y}7RP)0WZsu{_ zJfFZ1v3iz_4Pd0*hhedY(*{M)I6Qtrd%1zS>?^bD(le|p?nw?-7Jfy$Hb2DbLdOf& zm!2&ffOzU`InR(ZDJo2w`0i%1HsmOmrecNNy|aUV?l&}VoSq$@>^J|he{!^c zSTC%4_V!(Iz3}F=`^w=(QD#v))C#)XrLMM3J#FqOL)lhU@3yNK|MBVnW(@f)^I}yP+Tr2gW%+wdeoyN-8DRqJ?L0(>*~P4 zR}w%ja!>{aqM-n)b}s=X{hB-oB2Z1H02dK!tmjQeiFKoxxd_lrf3iItQ3$BZuRHGh zCP&fhP<8zp6MkW~da?yP?^Q6O@1=FGynf8#jC@t9Sz3+@yiwngf~$h`vS@jH6<3$5 zjwg`c9OPDakm>Nfg2+A!0JLwjdJ^l+=%u!Yu&#e z)o9YgbWT-|hGZh8fvz+hUXe z3I+x`c9#Z6ag-a?8=PF9tqz&9GY8Rnse$@u^k>D4=A^Z_+&Ggm6R(Sm73Y%WT zPktHF1*%a3Tme0y6-yqS2(DS?h!(0z;pHXQ&p8BN?&t*5%zJdgYt_3l2 z_KXv>%E(6Fyb!uqmC@xbwYZD(ZkkzTpHKFm+6v8{UX<0E z7CK@G%UV0VNXIqIgjS~!D3YIX1l>qRX^YW$=05{E=kd?wCD~U%XFTZgN%8wgl18+( zDa~@G(O0Y%7aHH<@S%yhkPOfAqQN*azL-Oz%S$-+&>L#lIrUg2g+riMH1c+@a)&C* zluCYq4zcdeu&ORQ1v26jktkPJ1k#T^5TLGNq<; zjY(e@o>lC_H_?{zeu;vfE?MTzimwrp)WhqVfPvEr_@E)~uUlG`FQ7quq-@+JArr;x zMNAZ-Bj|bJof~2Qf7$-e{I|cA#(zD2xSfyx+In&q|9u;u>ia+LJ#p`LPfqun@6Qen zPfM*!io#smIz%0>quS1Ym!U0H* z4Rv=lr{yvneEAAYTW-SH*J9d%@C0&YlOYG4!Se|^*yz4lYt?iwpVfOz##LX_?7>+_ z@0>k2^|snx9OHJv8#!LYD(?3%pkuY`;p^E<+c@ghYz(rqAy?X>uzNU4_{!>x0`^)a z|9jznj~sLO`?=M#%hBKp+Tp8hF$VA|c>seK^WC}o$8Wst z&gEDPwcH<=eeVoFv$)DAf^&d@rB^8sKM{!8j`0wFi=_;c2dhNgc!C52`7_b zv>Q2;(QGy?TT5t%sD?1@07y! zVRgP3Uq+kjUZ$DCDlf{NsIBtm(6P+_^tU-q|MA*?;=biYwNYaKJ=yl;f8N@Z6su=jA$C#FH_G=rKe7ao3J#@rNH0v<0;?_qDsE{>aoga*($HJ}1YYHFop!gy(S5e)}h>Frk z<#JGOl*V{bYY&tm;j~#^0^;t1x^w}w{iIwuFhH!gGP`3QUW)Mm{$LYd=@!X7HZPF3Ly8G#w9R$Br1SA0KFf51PUHAngJ^15(TiNk|*z{vdszm*VOG& z>cis3J>aFn9tJNjt1N)LY+upEAY{e_@fLvzP|a4_6;IjEr67pQ*a85R_e&ywl9165 z#(hKuDvXGPcnE8Z4J|Xk;lcJoU_p$PXOC) za$vcTz4^7pDN+i2N<+kuQlJVYd}+@dB#d$_oYZfgq|OvH@cNis=Vl-hxdKv!1BAy4 zguj**B2e|t#ZnFWyjrYn6I}u0G=a(Jg6~Nh^wF~$#7Jef@WSFnV>&o@2K=pl!uG#0 zY;&FhEIa@A$C(^UAys=OxcOWG|htFBfq&w=ow9HVj3ZR?n1ULMU=ec)s zC80T85`GvZo!bOgM+QJqXYD0w82qBf?TCZf%S&jn*HQ|Giqh!0A_x5X<{KG&gc>hq z2vA35MgngBGI^CB>Bsa#Bf3xPr3jO<;-vT(zv|Z7OE*^-brR7O>B8=FfdXh>$rAsS zhe1pdm^o-Q4LA+0f@uR?lHH`(Hr+2iZK8i0VPh02@aEuOZ}*>}D)9g1srjRWcrPqyn3c50 z%CHdff%Q?mk?Yq)64jY1CQneP_(VV>`dQFw)WX}o+(G8xvNroG(;j+CV<>!?072H! zcI;oEBOGs#gbt3-GvB>lCzt2xbv90Vkwz`*q$3O(r>wuUeY_t1Ga2D_#t5)t&ox!; zO~w-_qI|lk7=jTj2yq8D6OvEK=$hI^#E1wy_syX;+WzqaTJnA7sl~GWf=e1z9-~gBegjlJzG;YMtq;%Yll^qU2{5 zB|lp>$u6@#qBT_&>c}e=rz}{|Zn5H1 zN$&{|8#mZLCEij++E7JRrm{w&^@=&viBjDFt=jG+yF_1AI~6zJitA8~m07Pt9V~6! zUv3u?OPvs}Mbmqhb9Ex-gebMa!(>nSmC{ZxqnE_nvG!;%Z1VE$?bY-L_~!ih_kVz2 zbUxm>+bD_ue7NPg|L@V$yZF!B`1oSWPR>dr%bX&vxx4hT zbSKHX=ada-8%f-t#J88*D@$vXprJ$3p{N+EiB-#Omly1U04Obm8c%5vh?tCTZu^rFpA zw3pzTa`UqFCxFQ#)i)!I_Q+< zhxYVlhIHUd+B&I-vsl zq9x1ju!Ixay6#;-RD|}!@SC^_sIbiTUC_?&`4iOt#L9gO_dh>J$|06W<29I%`G!#V3=h}PIVC@u-rd5MmD&Lg_bY9dgX#; zjV>9NQ46En7!270LDH8=`|e@2je{_@+f~r@;w#H+mteas(3J~w1%v_QZ7K_8_^)yY zR*fFy(Zb*e)j?5!&pu){!mX{wRqr0Xih3-y}&n(N7lb-v{QBOTK>yD|JKI zF0MHk6cB{dL{vb-F}ykScQg)<7R<4k#|rCK94Yc`1W>>kJ~Iwfxgrwmi3xHG3g|*+ z!AJc`&(AMdTdy5dt^&tU??M=n|E3TnODKEsVi;UQ$sCW3Q&X2t2YHzBaELm{8dY z9BwSRD8R`slc6!0aj#;L$5Py)$OB^DuxyMIUMgs47`al$J6V)+Mfl3$3%VZ>NtJI8 zpYrvIq^sr&@N=WccBss@S%{VEU{QXJ6}*Tu(w}!`biRfBKN)#r7vlaYJO8!$csrl} z<>})mcmAJS_{@5_E%HeIa$7l-!nf99i3*q7N=C^?f`h=ZIXo1GnPJD{yI!TCXZxglC+h;k9E_EeU*B zzMKqmwDBdW5_$`oD)W-ELA*sRYs}uHl14_jo@KP?McYuS;H$T~p#*ZW=?;;&!x`Uc z*sM^;sWQ4Dov9IYrawCOd=g28ft6xeCF9+FKMS> zest+n;J+s+CM1qH+b^BGI_Psk+USadsyV4GzNRBzcobJ;=H!bK@Ju^Z6dBv7?KYit zYf#JLIi>~&?S({Fi$n8q!gQVWOudkgO02v7>8ky0xN1w`M5C(xRSObO zIgyWv$Xr-_8x8t#^x*@qqyT|58KvWEg{UJjtUGgj_svW#FgQ?{t{_24;lb_s^FA2o zFJCI0L~3ZpSYJLe7;&sj+3h2iq+5h!vxdRrbu+zfAw6)G70)yDtg@6VP`GqIE4;}# za3NI{{fn+HGHk)z6+eZDSH?-IU~Uv087vr=)yGVl`KUT!by7f@-$R8EY&RA6>4l-= zq0fdj%@>BHMb4V#S!3|5>jYg{(_4`WwzVCD1h29#3 z19>A*anG-LZ`9LeXAUWi;xz&@%3_ns zijs^1q)Y*2oQ>wMITw}ZB$$?&{L)Q=!jMF!Bx*4b!qQH<)d^53GHZdoGE+2}T?%#P z-;-oC)p%APPR}0TC;@e*pCt?LHgzK~ma5SJ2{`4|LV21KcHUTT-8^4Yb(ikBn5MT@ zVuPFO6ycTcQ(1RX5O!4#7I5eupPlC?qk0sKfnaeg!u`apVV~mBMZF=8*b5MNA=knw zA-a^Og=kcLq1FR*(I;#wjdFgnhSG(t(m*Y|(^gsrWAp_I+-UKBymhE(0Y_0pT!2d$ zwyymt3j6ZqW-fUlK5Rrk%Zwl@VMV_k(cUyo&2$tE$nDF&aCQ8(r!3gXUJ%HJkB!_Kpc zn_nuYV3qwht8n=yoGL!g?pmn&_Kw-hZSs|Evwv+{rha&X7s?`kaK05HASJ-+#p4#` zwPI(Ea&QB=WCTZi5o0=NK91fV=){gcqpwNu>sqvB_I~nsWzeYw8=*M$&SJL+N z&^SmYK2OG12?!hVlxF0QV~3oz?e=_a?WMI5x4xoeux|&>Vh7{-c3o#E5l%}pJ;^~Q zqI(o2v*1;~l2sIwpu@laK=%MS3i)W2ee3M3>+^Lk=z8b-xU#XhXr$MGKDXjY#<#9K z$Re(M36qb!_%zLBrXV~HL+NoO!*wy;ZFG*;h=_{(2KY8H@(QtpL5{?}m-ItrNGa2^sZtX={_Qhmam}y@rw(3@_`r-~(HtTOt z{+F%)?eqCHfRgq9(ZkLB{?C)g+jr~#EqpfoS9CrJU(tDY|K{EOn}4eNH~+9lB&387 z9Fvf*r#UL2l4mUF9E4|QRvms&3zYR*(FX=~q!LLO(LYh`bpPG)Vf|Ue7o@&^r6Yl& zU?`Bv`{WM?lA!F6pt#)@zHkf$5)$u4RP)0W`^V$DdGe1RV)ZN;8^B1r55wZEOB)nD z!-yL)E`|J*kMuusp9PxhPt*grYiKdcv4J$w7ExL!EO%6;YVqA0Vd zNGkBcW>-pO#)c?00K6(5&cmDI~ z!-seG|J}yt>#sH@*=XZD?QbOgPtouiR=@r--BjIdb|x^flV(#~Si{GrnsVO)Br!h* zJ3)TENXDQrs~3W^mY0_&8TH!iYt0a^_dK)UgVlt$9BNm2Z&PNg|-Kd0*E`lqTsKP`hWj8p(Q z{eGwFQ*TRZcc?U-Jryy{Swt`1C@|*BGH@x?>WgG*q&;E6cLDQ2!OWE?1AICkiK zK4-r1y^)yt-bsG*y<=|jz0us_duwol@3k5u-^;l0t)4u=w^_-1jgKwMOUIWSnaPd9%m{uxdBLi`EWzGk7cV>5pCSO;MPzEG+?k^2kvO$CxbEss0(mPK^&!T(T zN^~z$ZPnd6e6etZFe##2)-Z6%QCDb-&wO;EaP(2qNk&P(WkWL%21vRA3?bh10y`S0 z`;amGnC?pcYQ;M~w6`b@v-cBNJ+gR|cCVwD<4`+s+MSG&b*D0`vFZ^TvT6Gl+>GR0 z1qKyt1R1TeQEK+bmo+iC0M~B2kec}s%F~pddx;^c;0b+MI*2C*J!8R|famhLREx^_ zT$FVAJR^e~suB-)NhYp^Q;cnrh-#w~-X_o}PQhMb<9lUKMbI)IGa@TFX8-@uUXTD; z6Ze<#OsOkE(Oa8Wy9sEq0{sGBmC9xZw^eVNPsREQtV)_pLU=+#T^tu_(yh?zfv`n2_1$dTJMwyHH;RY*;?4V3HdlFThLWL7(5}rT{ zojx}(c_!tP=N6}qoH&!&C(e8CqzO)$_vI7Do-T#_OwhXVdD7*h7)dAnr2=3sSOGN7 z!fx^@=~e&=WvOUIuqBf_KefxjG7I7k$p}=%tO|uEy(X2d0A0Xzm`csbQOTU7OR=e` z?6TqEkAf+RpTIN)sLaF!+7uS}K^Dgsq{ie~-0mcNm|j@J0Tk#H$vK~tV;4ucl;g0M zfRr1CDQd*6&M)N%iN#8}VY!rJchRj#IkJm^1%|Urxpy33gg1wRz*9XsHdJvEb36$J_72gXe2_-S9K0*hN>GUHeIS48A^SVy-(3t)CPc1 z_e9DMCP}MSE&3)}SzCdBDPN?zm{NXfczwFcAnNN;K4mG&ua>-&(dZK29G*u@C$(K! z@$otG7IGB+CvF~)3|3QJvJNpygv-=1`>dNQq_h{aTu@ni&>?}<2@5QBfA*q;mW9w_ zg;%Fsc-dR>w<5%lf+)l~vkS2|h_&FbyfEwJcsluI=%3|kG;yY5san1=#)pY23SK<&O?8CT`*!l5Z z_8}*Da8w&=9IA^PMO+d)Oj%p(7~2}!mMYYO`h0#oYsuLpImud0fT9whzjRXab8vJLDk`ui}uDnQc@<*h7RiJI6mPsKV zC=x+pjBFXCHYCd>kSrRKJLh4!gH;zMb|fB)6*}kTLPzcN-j1z?&7r6{pIy|v5?gC| zdkukC6f`t=O3rv{eu}%3lB!h1SJy_ACc;0lti%3Pzm(ajIo9&IC7ajdDVQC%%#7&E z5YNX|n7+xt7Qy=tT8o_mafLbHAaFZVA(m4io?|ZTTA1gjL_G79@YJk4B|LR)d>1`4 zV&BZ*u#xIYD3uS*iGFxWV7-N{0~RuioeBNw8YqY6+{!ed;02fk{n;nMk%4u73K)TU zxlxVV?SSe;gNhuDMM!O8I4*t#K5eYYDwDtQUYva_X&j5p);QMmG#>U0sy5j(m~XJy zGiX;2c?Lt8x2lb5chP_?$d^|{IZN5~&J)3IM}Q|X*~Yz$)0MeOE;0ZQ^GxnNA_|E& zC)U)7S*y0&%10i8Tdugv5#HUAH*?M<-^8tr94&YLbJ7}n0-B0KZr#0J4m zI}Bon)eXBh~tS#c=rjpnH+phG$|4YJL-De(62l=n$y>AS>fhHdL<`_5bG zi|;$Zow4t;MgrueDP|B4lfbxu*0WhYec$Cpw66;Y98Tyo++~*_((<{#0nhjG?V$f|jOIA)RW4ud>5^@xfgp)l$ z`;j9!O9^5SWhP@n)IA-?BhoF#Iu>``RQC%6!Fh6#_M1kAF4>ng zT#B4=^G;5Y;zNv56=ZlE=GC=$Fv%9P>EVpy9v75MFwR9*hdJSk8)31n=bN&kw+7z0TE-&AT^5U*$^aBI;nGmeF_}q>Gc0$+WXb%_r6LQgpX1r-;-5N7Ixc`n zBgAkqG-70D;p#=sOwpm6nwnwFgA7WGb<3mQjNbYtR}lcs1RnD>t7^cCz~({|Rse5v#5=W!EdN527!YHOtSGJ6FkE-6VviRkkMfsMR%E^=iG==Y|@(m`(+Ia(s5&JllIW z6N2iltwPJua|Wph5g&VENI+o(!D1Oyp2?VzNA2p8O{1DT`&O^&Igq`>ab(8}hex2r zc%6-tUUM?Hy(rVic=mIv_q5o0HqUoZH*h$or-0fHX9_TN=iCoBDIoU6XQKdCu0{ds z#%vUz(>a;~m*eqJTz#@IB486U69Fq%BLekgHX`)8nK=&@=Q)uiKo3eMO}g!AjcH8? zz_A(~urt-kpoDshjD?1{#Lx*uWg zAVPB%e~_%W5Py)7Pya@|L4@oV<_#**FK@vUgjBin1kLFQGVZf*jn{c+sqzAefx7bo z-Q*Zg;RPBhQ)DVn2VbFf^M0T?=CxsD&Fu@Che}~@P(Izm0(?P>q1d0(A7q`Tw)Cz7 zWu}Vf$W0AlP^OyKNCVJ}QCaIvep9WqvGXYAwDX#Y|rYaaskZat5ThH{Z*Yg`>Op_3f)_EAQpcdsoi8glXnym1-dU{tS;m0f`Lu3wtf%m4 znY!*&{u;$Jx8T{DbEdyB&G)(eTk}&a?B!Czb+Mi?>ycx z#&{N2n5wxDKNxrP2AyDx?iUupRjS|Kg753V(Jf1G}sxQ*mmIe*?@~%6* z*JlQ4WeJ6!y&U}kc_OdEO^;oX>NbVA5ws>~cY0eTz0H}?Gb?C#A=H#N+ZC&3bi-8m zYOcjD;COM?tP8kNciIJPGQ#OJN{vrYIcssq4Vh)i*^JcYNuRIU)|nYf`^+BnYzbw!B$!Q(b@ zy5Akj{gNUyf46a&-2u<7yF=PYXqWMd7i*S>Y%$-XkUjq z&rTtsIg1ZUR$RzVA$9TwcM1vFFKnl`0rZEkce}7}%S*rXcVxay| z{*o_ljHlQqG!5CQHp7TnZeg=Y&s*x&>_^Y1~DlFK{Kly$ooPdic`x0WrcvmOfLs>T8>Xv z5u;%tC=xE^K;D((Lz!+%0d)!i$%$G4qc`OkNoeK3(n4TbY?ebhC`U^lCoP3`UIqIYy+WmICS(0us7HIhe};7*=23 z;|bl`1phVEO927ZSt)Z^5ZCG<-JSuhyaP&Si4fedc6^GvX`6sp8w|-WtzS@!6p2raMQxGNgw87G`>VX+^CmDgAV=p z_UL_dm}IEuew*}@QQVE*O+cQuu=ZivO8OazoZ*CoY|@U-uc_i2MCDYV61^D!{1`>< zPL!nZo>~Xf1{0@8+v{7hJpr;2ff%X9W9-5R4X6|Y2IBs8)P<#KBx|nw$)J1NM*9ol zUJi!PvrB*oeZ5M-tT|6`m%B6RHV_09j=n!Q`|kMtS+slfL-hUb$;s}~*$+EV7={qu zCZ7@pmG*|+6d*&#Msa_94X7i8xBDl1-$9k#R|kg&XFp&E-W;4A?Vp}TZ;nr*-RRx! z$=Si)`@`Ln=-vC1cgLsu>rr%?B$CcVQ6H%lozbZ54MynO9LH%l6W#v-hB>>W)#Ng! zFtS#XegX_*Sn7t?(+y>J04$1qhB}(6J3^yraO_hw9^?lZ!RT>rLmB$jiSx%t*y6(TO@G(r&C=?GVD4+KJ!3C4xG*GRcIV*L};1Q<+2Fxu!01{>$`NC5es z>cC98ifQ;_yHmZSkLLa86JAk&bqO{fz4+u-Bj`Hf+qwPoAfaShYt>Wlx@13DnaW6+nZvfrUq;fvF&LEDW4M6dL z*cP}Qkq6+wnI0fegr_C62I>F`F(^;GF$9$YXF*2v8_7++9S@WNwseKcnaGWWJ)k<+ z*Y#x{ur(Sm&;@xkmjTfC*!%@eC*BuCR!jRZw}9b4V(a}j-tPc^;0KeUfg>y00T4F3 zkmLJOQca0SK>Zf=H&q7ZrW|zW&f3cM40q(D*#!8C_2D%0f;wH6=w{?SR2CZ zgepD2>zAbe#p!`X`X8D%o%PGP+bGfh9zA@#ozwpwZEfD^f4A`2Sgoo6Myv4Ov??H1 zno|ix2yYz2IbLfKzXMqY~ zw7LOHPul6@?x%_~-a9^e)BJAvYj_AtL+&|L=(oC)c7jVIOWqB3qrlo|zP!#hFp4qD zKSpN`K3#_CY-)Fx!0+i8=EzkaRi93JF&R-$$-%L{bTFnOMa3aNOQ`~p0Uy2EfZxERGS|A4M|7!IfG6=)g>DM?Z{Na;OrZ+8%bcEJR~P9TAR z?jz9~PBg8~N0P!{ia*Ud+GYv-93~qTTReB#?iYA^g5S-ULOW3584cMyC5~Ye^ z=ndE&)@Hq+DfI#Yll8AA1=Y!hVP-TzLHv{sCYkw+)i&`2#0O}&80_A^9Dq8Vj(}j| z9nfMJXW5l3E1Ywa{>MIW1U&3fC@(PsMuQ}x-1&dfVe`BTw9C@}SP!#a-0g}7s5=8T zm+C=!(Z``+MYP$9p)+cf_#I%E(I~C#tVD<$(+H+Jh~zO5(CP;=57#8}35Jn8h{63A z(JHc5lgDHyR0ecP>||C@K;JgU><}yp{iAOUXqrYs{`v@|5-#O%Cn^tur#{>K-UOz? zS-UHhaUui|1h^>eq%EGUa7mE92Yfq!7YMUXmu_>H}^9#b!!ek0Az2fz#&MYd!ZTgvkiQEnox zXerirmOl;BwnIPVX?CGgkD<=;*GV6Ahc8a^{xUv=`ac{0t$Euh)c?1)A3ofClGFd6 zY(2Wu|8L=A>i_?UN8RXc+8G%0JZ}w?bNcE-XD{w1 z=kPBmkI!2G+r>F-=san_KYt5bJNaslqZ1I(-^F8AF7GU&JB#Q~XAyyrp)po*h+u1E z+9@}J;Q_-a;{nz_ZQ-fJCsPy{`_0$;Zw`+3 zUmLdGinGdIt{Crt_^}1oel4xT729^~qVIA;{B?{(*XNph$227)Qoo9k)5do3781aI zghcH-#gfseKd>KlTK#d?X?xsG2cAcG94q%2*w}prOU{M;Y|;nm(axL5r11s~=So)g zRh&A7yJ-*1YxmhX*f2IBSK7(>&B5Wm<`mkGU%}ZlN??9q zj4c_qs2sB$ZW+$_jvi;YMFrD_r;;@h1|!q`ZO$upWeBX!PTucFTg%IK17tQri45%o zh4{(w@ma(8eFk#)w0U^E_Yd>w$^P!^+{2^yZ>h_t%b(F+fUyD5DeNe#S3g=+PS1`{ z_D?_PhxCA6z1uze?)1Y>02UGC$9(f2q8HJBqoenShtX$Mmwf>y7R?kC3?MAn$Ze>x zxg#W9f+BdtgOlm865AT=x)DdS%j=YoC7r(*Fh+qB5Su`F9gI16N$ zO)To^SbgjX3C?vk(fN^ZQZ&a&4_!H;%QPiqeCoRWjt`DBp^pOS#{^VPTG9AH3L0yh zVr|W*xd%GZ)O!^s-jl8Uu8)_-JjQWxo&um3iJ-6j;d#9pKBa5P6Nd*ICF?Ri0 z)>)Jt?XJxRbZXV>l(JVG>8GQ1{2nSQXL*T5CF#M1!p&|X{iI2!laSmpo?&g{r)*R| z>465%{@>vsOUbK7-5X{6j%iFz_3>pRTH9jnyKlKN3wowJY2h;3d00&I^9g#vg?=sc zZ&LINn#a26Z+t)d0CBT8L`7YQR#DsCDItk~RYDXlRh2A#atfnGIzo9<+%r`;z<&q= zI|0f7^a+0nUa1Hu-!p$f*|`IydvGj|z82%RpmJq=4HJuzBq(F2A%SLT1;t@Qp5y!OG(ie5p}Ee2F|(OG%H4 z(&%}VS8w3?H{aBeFr03`vcf0H3M9V9{FsQB~zg@1qL}9x2(%4~E zmHC;)nYtJ?3-i@co6g?8qqX0zrKA9mzE%f;wY+ z%8s>Ad$dxl2$=UQ_C%s1J65Usf^C{~| zWyzvNYGIzSaNG$&Mv<&h*ml6ClY_g^2hv>bFg8C7+7nQeN> z@;JLHnYL%g?+*9>xqtY9A+{&O+RBQb4a*^z?6`k&!s+PWlRtuD#F5o;Ga?(}Xnp5XmNRq-etUou0iu3MN?B$OOAwfQOxLPC-t?nAKAKHrYsc12^!arE{po%{zL6(gg!9ePVGVowUSr!7 zLOfMxS*6MPf|1EtE4ea~mN%(-#$)8)d+imopdbKnb&T=Dtk^h2Fv~0JQb!X@8X-!+ z=FzXelEU@!1*nbvaoxlvNEZxV#RNM-M`3gpI{g3GKRL2gFQErl8D3R)W~FO}4lPJO zmzy3XO1kW`Usu;}tElX@o0re*k*8(7&^>4D=9K93mIfbi+7)=(e1=QV(dJUo^|LJn zY+317Tgp4tERvG*$wP75wU#$smwb$CRWg}%N_N#_Cb%`nuO4UJ=VhoE*{k1c{p?kkxjQ`)Z6^MH3MnSRY3Ur+3@mGcR^R5+>5zB@RL-o8IQi(c)+kNxNk zD3fQ=oA*b1X9vee5oj8R`>&&eBQAM(@akmuGPHAbi7pugk19} z***aK=Uh+6WZyXqOTiqI^9vH1TLK7NM783meSeczgyA zF^Xg@i#y^#fhCXVJPS#sDSf)+ZD_fxiYM$wu_%E+PlD-yz#WB_xxOn0x3#{LPtAC| zVtNu~(Yzx`ywQHeC3kVRJVh*N03W%yx7@Xz@NjpPR3AKBbYeF|LN==+_54-M?VFhZ z2q*oe+yR^ofO0uq&RAcpa3$3XW45+PMaXTmeM^Vck!}5JdpCszu}_FesD48tzKG|5c?X(WvP%X zjK->ykT5%m(>>qMNw<5w_U{SMtb<|GB%~;oE#{MB7$~i*Xp{kzxq;-+h;uife2mE+ z;SENN+7u1o9VLhc2ueJ!ba_ou27xF+BQT-!e|YE#saluP$(E4WB}zL!gQz-y%K|1L z$R<7B<7CjT0s=iW z%Fc0ND%t(ZZIzHK!FZ966tA0mcmk2KPy#!UfR0S+C=AgHr94^X8j%93;|E+N$=UQI z2Z$GOZFjh>+|SM_bK_=o|9(WL3Q+0WKRVt&Iuo0SmGE21A>+ryG8;^QVrDoWN2`|? zdf9Q^_J>cz?9u%xLb29UKvdz>>uhp7V3-dm@y(#W_Mc=#bB^S)Xpd%w4(V4aeg<>{ z%3A0!?5L&>bH!bpW7jCLe@4M9t`DorutjNka8)eUQkfyodDhY#g%@kvY?>G)3>5jS zOWsVN61;Ny421}FO$x)Lf*gqE%qVN?UB+K@vRE5KoS$z>W66N+bc z_s$Ofxo-#!xreNLpI;!u_{Ph_I1PEdYc@I88)A#&CU@A%n5P_{+hM2>61T@>Z;xNU zKioh4Bk`EbZ2hJ2S}9()$#Y?37RY<D-8Xz7-C93LNQdT3A_ZVrYPR@W-{?h!Gd4Gwc4$ky4V zZNkKp9XTN1pB$X+ODJ+08FL7r$W26@3`(?v=i zi)|i?8s$z5*kBC=Ttu!vY1UL&EtQ-RQebEVdDw4INE3$OvVDAt3;%jh}-#* z?93}sr!1%Of zz{W>tn401=1)_>R!63#~1F+2#tm+|WnXt>zuWoJcNZC&%uP(Ml9f|y8he1yAHv_VCD3oq5+t*hy5Z^B)NaBpxi;(#hAHKhra4A>QwC!IJ#J@X_DsMRqwD)3N1^KzFQfyD{$+7!0q8Zq^wiK*8QL1RNTXwBPCSIkA11_8Z6( zpzHMplm58L?g}UXZD)Av9O*JU!kstn4Xr3&bhNK;A?`e2BzKoVCFZ;LYZj_|b2WMlg${(P|`P&K`gFw{Cr#>A6T?>?CM6Seofe zb#--hb#+~i-W}{Q`dxrBl2jJWB3Z@klBXxgGT~tk2Mo?_>GB+jv7u^+TCibFD>Q@u zG;sQ1&a}!Cz5~ezFKm`h1lk}Xp`unZmZf1H`YgmOToGrp0MQNP>bupUs*Mg(z0hv} ztT{(3%9V~E16n4;a(Duf`ecGKWX60`gn3>Nh8u8Wg$@L?M$v}3KM2p#8Vi*)Zcw(l znzG;G_ezu@AYg3~zC;j< z_-p_t7MKMNCKu|vXv$R`kGc_FLahe9j@%sMaTdLk#uM1?CW9+n82@;6Ok%E24PwjT znc+Lb*>c9SWeKzdFSFAazrN4uIH@@H45aISYg23HbnIn8mI&{l2OVgDjK$QOo*q(s|AyQIEWEEdNl+_P@7kyU!w zw{i{}r+6FAo%m=r?BEKGkqO62=Cqz#3|khSYN&*1D z>FgI-YLsP?y&mLdpt8#?6wHrJMSBSd60)lRA8Y@Ip_+H^BtF^6t1=x*9bS+&qK?6- zB3t^|ALUPdt6f`{w_z@a**BkHw2yG!(-_fPm#sazk z`mh&y@#ulz78iaznnha2w2F;V#pSG>B<}|};QlCMds?!Aaf6Q@2#U*ET+W4d5S>eA zE~wHRQ;`qXkQEg(LY~%Ep`n7s3>~!uMc?;aX&ADHW`^NKRHE~$l)y5#XC)$-xj$gF zIQ5*l=y7!US+4_6{A|Pc(S?~5LSb6DqP6ksL!U&aPxR;nF zi!MXT2b6b9@EP)Zb$co%AX6OWXVL*?%XEAs`KDG-L0q+=%7W1y#2Dh#wW=YDGgTZd z1jTM9XGfpeN^!Q81!#e}OYT}hbyKKwJ$duC;C3LtX;IKKIp`OezDS3jZOPpI-E$4G z3~g|dRoueq7Qv7MlYzADzoycv2weQurbAZm5`^R@ zFz0cXY1?enIXOD3(yE@nokC63no(TyA(nlwFa~Ert~%tLWmd4YL>*x`FZt4PEeT9i z>`rImWq1S(+PMT)w7|xDNH(2w@3YqVw#M~S1rcI7>!k|Yvg@O&J;St05 zSmLW)8CyunaixB&0Bxlgt4URe2wKFiw@4gP@ELaC14AZ9laRHoQ80m#iK;9+wg_9* z@WI@_gk#H8UAR(^+kV`&$UxbETGL;+K9;?{agF@!7*mLXkSI-e`V_yYF``GokCZBr z@nUer`_F6=Eo*06eFEF8>uYOC-8Baq#7&aTv-DPv;MmW0rM9rLWXbk(04Q2OmsI)q z0uTZYNrR8DYZ;zbm5k*k#Hiq37~7L@5Kdyu)S(?GIHi>UhH0zVNI-Ht6<>Gei*~xh zv8W6vi_dDPqyOU)zyaU18YWe zt~a8cBA0JRbM+rXKWLg=j`pj=C^9^TUv6$F4&9Ek|e8FA^cGaz+B`6Y16!S z9M0!m;kEp?3ox43RJzI=(p6d_`Kq2tXqx^tyKkP&9K&%SEjVAR6a?MbWD;5HOmfyu z#2Fe7TtiB)a~j!3OQs=YSW39=MPtnU1++ICqsOxL-j+tmE+z~pK7Pmy4~>eTuU+xz z=eW5r$^nL0HEWix*C_M!Nc=q$?PMWH1;m^|0o2h_fmj^ARKB)VnFHpd)qYBiCJsbH zK!C;5l-r27Au@P#uq2ET;*)-3&7h-O!fdFc_n?2ydxSdkV zdScgtrwRc^p=`ISb#$fDxWoA9`#;qSJswm@;y_&Gb?$W^Q{`C9wr~R*4D^C?b>a3K z2`EaC@V1C@uW20?5zG(WBdY;>ghT0?K!l>ij_=#uWPYm9$a%(AGYV901iAsg;H%?h zM5APOc1|RInPA{_OvXh+YN&Z`njI0sB3@%x6vF+9rL(#Su9hbsI*j)neHDFXj#EoIt+RxSSQ zVZ{Y&f|Sikmp5$M4AEj3NPh@>Dz0Io5@vN$R`=8b-n?48(5cdO<6i!Ts zCfWQ)4z1v5=uBlsq2le@nAQ(-qcd;H4^-|oOgaCUi*b0#QKwq<5Tt#dXTNe>drL*q zf7)_rb^jLmXC+meNQ;C~&&7e8hHf$&d6HchULWj^QPfPW3j;We!GvLKgM>mZkW;z2 zf5#Nrl*vaN=*5YaXunBWk#&{*K3YSPgc%J{#wYyGCm|9VRw z7P*AISY1DJm_Ry5U^$eveuD-m9KQO2*QM{xji;Jdb-v&^P)K+%eL#9^`ISCs+4z-b z7&n0JvkA7WwSAG)a2_DiY_q!Ivx2e zs&Q;DF~R19&urMh1Kb}l!S)0DN+O$%LuMVyHI#-3zJFi~%vIHdO9}AA3Rtlk;$(*Q zhRZGJy$FAT_!cyDdo)Yhg+ou#a>i<%YC^-PlnZ~;wclIk7-|6Eq1nxp5#0#BRs!HX zyGSnS$|pQ6sMpPh4|nozZoG)u09O{7%8ecdquF4vhM99=4dRl`%yP@JrbTu^fu3Y` zl~t9Q9XhpPcL>b~H9Le$Z4{f4;R#)q{TTj6HIO{Y+L6g?XT!zjb#Oa0CGe0iB>)-^ zIEipTWJ^}Yc3B*!Mca5Mfl+$k7&Hj}HA|3dwt`+VgLA@~{!JcrVfP{(gz342fB687 zp;yiNQt&pK;6Vy4nbT=Jow2tK5cjwLMODB3AxN)=r^&!#teo8sM_)2AJH-kUiUgx| zCOBhUMJY{;nk2_iR|!W%OO4F(*=U*X9mXnOvfAa4EwS?0ewqw=CV-Dc6tX5-#JBN@ zc`$`vJH}j&79bf?$D)=v(4Mus~Uleo`o`@Z1}I2?WE?>6&NFLq|exkD1~ zIGo5GNtU=Ut(lQ{LUc-<#zPElL_6X*#r$eejv!^-75iYR+>W|3Yc#~o!?CMeO_iCH z$f&S_;hf!AO~qahbq5cA|NX%>AL_`0s=-`KJ3YyPZ)wW776}M`w5Y0_=6IK*B8JI% zPj$e)s3DoHCD%;O+mC|j2Krh`iQOqX)}>Qm<`??3DF}IBBSe!+875ZKo5O>2>h@`q zun%k2dpS<~Cv4+JCaf5BD;d;%3C#6!sOweXuJ<({?^}gCy-pR~3#44^zf`ddlqAv; zq>7^|XbZvh!JA()X3f}etC28JKU4yx8TxGiB_YrJFl7nvnvi@doK_bKqRy0bD#U?- zLEqEMR(@njm!&?%)AjRu+m$muiS$`CDkT*)-C^ng!FrhP%0b1kAGaAbazVdtbEUXd z+CZN7Ps@Jf)JKeklq_HlG8{yFV%PDHAn|l#$^_W!iQE-PSTZ~hX=m|LNC@gOi9!Wl zgo+-I3N12=FzbNr8~`mb*A_+6;Ecjsf=vHm?FETTC}zOuD4gZ!D)<(T_T5RMM1KlN zc}xF6@qyG>N zW|8tA?4F~gjdZ5qkb?2lbIIqk(m=R7sM{*L;^Uc8sxT@}uQL*^mU~T|Is!0E?l|ss z7@zEIkiENGUJ^;!lFXyE7i?@D@l=~#!ez~}sy-Cxh!1V0%ssy`0?^thAte!N0Wb>X zm}6dd!YKmXXa;L*G9RS1kuWE-RE4oX+8Y9Wd=!J3B^fIW=>xYQkm~2QQMxnJKo%VF zB1*fHcnn9Hlsi2|6XgWsp^$UiY19oRVCEH^T+zM^?+sHfw3dw4aPAqJCH(p!GC1X> zt=97rkV!mkwEwYx(s{MJ{~AcTxr2b=of6k<27SIa!RE+-BfFY&<5Om38Ff9&{a6l9 z3u@4X69WelQnqO1T!t}`l3)!c3}e`)=i2@s3jo0>P|yp2NUarE4s*f1U-n<&fZH!c zZ=E$&+;f)ScWBAbQx=<3W@`fp%S5Y(QR^9o`uPiXcYLyY^6pr5X=3yYlCY-~4-~S7 z^$#?@(<^$x>$b%aDk$jyv=g2FN zXei!OpCUkD$RD~B*{6U(RQL?@iNk6I!JhI9BSW-qKL)YnIk!OWa}bL<-V3kx@WE?z zqnqf&e)m*c*|n%G)(Kcxj8^Cyvj*qt*l*Yl!$Dlv9|tEFezhm2*5yGo@)6L~w$Sxt zz4DJ516s^KY7J(AJwFjv{ZUJLHkrcfjQqU!nMdw`S~TgRj3S!v%tmM;7WEnwFvP@p z(Zp%YmG6P%I6{L`D!PJwb)Yj~M*pYDZrKQ@uM`G{f@1$47DM?HkDdJb=U^#E7BZtSCY7s}9yKr0$wpd%3f6;MOqiC#vzF|TDd#;ET!n9WD7cF4d97#b z7it#T#Cakq!4Ah)GD&iX3d$y{$jl<+smd_-yPqBAq9s*q4kGu{g`VcL{uOEAVNOC4 zsz-)JypWJtQlM+CA@|jJuW8vlD<|JvgqOZbU59qz=x|>YmpSLf3Fs7QV8<8u+~9!tah5?N z&Vw8)ZEQ}-hlU@|;l$#4v2bp=<~3VUE7oHrW=$poTqbRD#=|0OZ87=EFR}C7?p5JJ z;s9#xzrJ6WGY+sHW+yvdv(GC`ayQ|DZK{Q?)pSIXkmK^CtNb^OFI zqP9;P=|#x@i}*O*nxns|x~?_3wJpppDdowWu4Abi$Dq4{Mj(@|5@ zls#_d5|!bRTDx4bMKS84Zrqa?ThSF2qEO9f^D3D=_WRV9evg=-D0P<@rdOh+k-~`; zENWHTY=~o1D05ea{JBZq!l`xHg*n5gLMohj7^{a455#Br5WQ8aTpvn`-De#U*E1Bf zouw~!_+Y~h6kJe@0ne>8Lt@OE2|qLxp)=J)5uvH$X@lXw03R_2a*v${nqdTiDcOrY zxFz9%bL4a<-Xab;MCNJP4u)>ze><)`!y)dOUYwdiThf3XNW#~zkxl%%PL*dlFI8CW zY|kZPyhSMWy5W!tsKwRGjROo1LsEc;WLPyD%hpQ9RpKC*b$lZSITZ~u)4JgUPEatD z2NVm8qDy4m!+0vW-rN9T(OIY(po^%qPW(u0txlj5O6|j?Ri3$iucgnXEPBu>zJrR) z#}tIuUd~ckCnbBnT>q%PclhSb{t3zqCX1HXz)Cb%2@9X;Q)XbXi0yVmGRNgGzddUI zegE*?agFwFGE@xhGqZ6|C2(>nMBS=1oXN90W@01vg*2MPls44Xx@2xcoObAHd>9Sk zyw%W?-$E-l5kvGtwp&)QF|4w=f*6>sx6*Q{O?!=DRtj;wAa!SktSZ7F6PK#UV^O5V zbn!~UW07Jr1C;Ml$)#JE57B`2T0t3d^o?nzdc}2}K$sbWl6y*^cG7EPDZ#w6G-S@S z?PS@vY!@4oVxQ-Pa$=b<%5&Fz-S{%fK+w{jMvZKvX5G0k2 zQbEs~zcisVUUrabugIC*bu(JGBB3K2(8=o77tA}a4v^5)jALEDlGLag>&A>=ooS>V z5O}kW4}iG^X)<&IPutt4xHqbUEYg4pL?x%Ij@FZNL}wG0${DQoOJ{%=9BsCh9X=qb3{cto?mXaRn%lLf}ojbl+Gqr2W%tN0XD9y&vjam@pdMFO@w zn!9hwnZtOE*+jTlIY8 z>=i{+EeZ<8jH$xf)IQ8&1&>1&J;o{1%Zc*%%J~(2j}Qy!SxbIMDAeN@xfKDt5hS*? z8mAsrMn}N}E zKxe{No#Xb&tC#TQWoPg8A=)1|OAT+(nAEW(rITtQPEqrBbbOC5sZ1} zI_-bJY}2=cAG4|B6g9Fip#3hq$Ftp^cJ~kbA#9UVH1#nNcju!MXHxQEc@c^%5?^q5 z&&+ITDrT-p3C}iK;@D{ay)W3ygphZY!21U$N80Ve4uP&5Dsp*f9pyyG$_ZeU7;q<# z7hTQbG#SKXFyo?zfyf|cZA~Ar#d@qZ=0pc`PfZZco=2c7Ws)hR9%Hr8b%$L z%}MP|4^7atRD!eN^%ABb1ko*xyC_{rGDoFZar1+Zdir9thhE5%zA(1Sa!?Dox;l;U zz1e|!5`sdp_rE{s${j% zX7ffW%!bTc$q-vzm~72lhF`lBT9YcB+fFe7-eGD82Pvj0?G9$Wh(v#7$gM0S)luIO z|GlKGlaykf!$nD3)Acg>Yb-?Cny#^pGSXfuBW+FB*h*c}b`F|1N85H>rBp-R9ytloMe5(hj%`Zd!kXklz8A45uvInYK)L&E-)G&81Z4!E?TR zC8G0H@|gCmqbgJ@dpfyN$=q@&UAyPn4<^SaiaIih;1DuZJe%sMs4P~f zCd(QRI%tHHoJ8GaONY%C28}IEMeDi6EMa-d--fTL`E1(CUR`DHn31w}N-wp|WoYIa zRIcs}<-}EBZ_#(`8`DO?FJGE573+!+X_3!r@2xmH&clwnNFx_{pP>F4%QK!za!ug>7ry8~Fa zhX<4z(`AsPawbu(*i9rJbb6=w6TbCMRV*bFLY$+Q0T|RyUQLcuC4P`&i+|!jJIbfL z7fwUVwwaz;{8Pejc_YkIuXeC4&C5)@(BI1>4g$8d zhjCjB+~r+O{LS;4xm_+&TK1 zr-8b-$Z$CJ|L?$bW+Xud(-N<;P8t>*e8OHG_f0A0n(;`^-gXqmMy_eGf2)w(XapHP z=f6E{=zf`3W;$dS@1ij68HVXzRu_4CXL=~O*>u?-16jxdMU$Pua)%Q{HSUl5*#Hr~ z$Rc?d@+|^Lo&LBn?&EH#^bY=FOp8<$g?=h@?t>L5lNex(X-E5Y%#N6IxY*8#diBtp zCGO*QdwcEU;{v83wBlnN1|43+5j%m=?RYF6gfWm?uftAU^MYE8fvqJM;S9-aswMib zjW+;n4s)=xLI#;MhKn%{I!(^OH4H>WY~wO7Y0bqqa)z~w@C^a;t704i)6H-Wwj4&< zt;IW(EwGF6j4klz;2erxe5}JlNG?0&e4GSDleQJ@OC)$W3S#a)HYCx(;&m#JG?`7h zs<5S#k~Fdr-7Ih$6p%-}iffu3QN^n|*?I_TeCm?8`uW3`lc9&sOO_voWvnvl(@_ro zm78?@DkQ`vJJ1k$eS2ehZ|oFiViy3inb-wnl<_mL)2R%@SY<+#(IqkU5RpBM4b)B$ znE=c9I$C>yHlEhSwa%QbP*)TfAZiInuok}k!HodmyDa{c&tIM)E82%9C1j-w_4o=1 zI2{L~Ly0-+HSwM*axOIM(HY%nRgxO_T&4r{&P5ICajuJ~m&JT~Uhg0Lt^KmOle4sQ zC{%i=MWlv=tXkz%KA0ErY)k0QO4Y)D98nv;aATGt_=yiD|YNT`lsAZ5eR*Xa~Ip(NY-E7)U+ z5IJV&2&Bzi6n!(V-3}Ho`Csh2V-D4&0A4(hMkq*A6 z0TphmazJ5kdbS%oH3?D~jupu&o4 zFSN3Z=qHQ8JxZ;MXV1&TT_g`+rJc|c2p_i82=U5bfI*LR zzGzr|fKe&M8-2(*8Q6_K`qzwtL8=O>q-k&H!FadIjF@^Rt9Fd~{UXfdmT0#~Awi+>J%^~aMhF>?GXJW8Y;ZwJ8=qtQg3rIzHLfW`!7+4{DA}TXo23$eM z4}l=Y3#Kj<<_awc-b6)Zt^r`wM=~cn9$-%dsq?4+3kl^Dj>PHGD$62e_aqm|+S=(^h1$Ul<=8RRTvJRnzo$a2tDi6uOe zZMz})2V;WTSZGD1Y@>aS()6j8B`_Fwsd`W+CWl>>u^N)gR~>FP#PL`0G8|Vn1fH+l z1e0jjkSfpFEUCPZn0Hl{n}+c~2Zu&TEs7$5^h*Ixzs15icYlk+)39Ywcn%X48zTWU48wc+tYw z;DSH=hu`1{YPC+5tXPzG!VTox~Bu*lUnF zbxx{Pd^LZjB_D}oELh;K5Dm0vAu231a1h2{Bsg1&As3~BCR4f`H9Oh5oturz+R7@! z8~B|HVMrUdo^qJPwbQFL_y_h(;(PmjGhaZMNw24UueFk)#Z!c9nk&gboOlbw4_k7k zK*Ku93fN1firn_%kwh;9oH?@ho{GoCC;(JWuWTK~k{YrM(7Gd#C(hl$l77gBGt0Ta z(Rwp?O4`BYg1~9n(l2ODg;QY1?bzkDstqnkC2g%v15Rr^=q7-O!kZdAL%td`h@5 zMc=3-U590ISDu3=vj#eKn1qHhEDEwG4H#8l%MEQxEgX(S9tToj@Y((c!L2coY~-NH!~wY?OAxG1P%BbzYwAnAX&> z;2@bs+w7^tOJ{&gNz*{s3&$kC!$!^L7~Gce4EhEd+M_N2<->5=Jx81apzB?$w25=M zwz>8?JlPz8r&PF|D%Fe-LbvPScP_4DDB%!mr zmPf`V85u}dvX&_~4@@8yPDvp?>7GwmF*JyWm})hR!U?jA1kKRtL~L?>=F_hln;6WB za6WNzuxdN@&Qvw#OIjZHKH84`P|}mDSS3*50(??;J;{`roDdea`h)7$+|Hn*2fTWZ zU3Bf-#FG2BiQPX$m=JsLkD$(*)J)yGW%G(t8a7}QlvX9jmXuN*6PA%&^p2(1zzSte zLZ5qJR(>jd)<{y^SGApzKOxM%P8^(&8sC$E-1VUY_&StQzI@iKEMTfi#xC)?lV&xW zBPjw%)6aw7M-Q~qwW@|K&eO!?x=pkXU)fn1R7FJ?L3=cvT$!j-sA!crK`}qd39i%v z`#%-Cequv#0GmxjoZcPKHi-#(6=Aps8kPkyR-h?c*c7L!LJfGNBLyjIaM~p- z;^pIubPwOoWvC8JyT`i|)!=lCZ4BnqNt1e>IMT*~ykYplGC0k%)y}W2+MY9yWZE zBX%q|i4ab5SDd*aZ)hPAAy*CE$?~+o1&PHY3$%iN0-8H%c-i5{rzYy+bOEa@lY!WHL_F$|Cn1v?g&D zC_k08EK)|pw`Dk6t68m1V@)w6Rm=c2a;mAdKm+oSL(JIRK)^6yt!a*eMSURq%PK9T z-L@x0zM2vxUpVySERBkrcbaZXG`4g5ARq=6&pFtN{XpqKttry@5+pgnW9_cOlk*(A;~ zN}jFM;Xh$cD6!ORRrKQYxeXzym)2Gsl#J(!T1;XJyW?AXHmAP{Ca-w-^BfPKgB12ha&M)#*LBV* zXCeNxkVb}8#UwwHMS;Vj$m~ZeI-4c?$(rIJ>LdhUY*7;GUeqUd&@hEkYY*TozSg6^ zefS$q*_1%xJ_e9=3;FFaA4u*dkXr}4rRa5I-VuVANLPe;d@=}Dyo`Y`mK@rLp?IOj z@6AEexK7{8wB+@cE?ug%#$R`_=DaBg&fwv54f>A4Px%tIkyWv3tCp=T5ubj_1!FHE9befjB%uS!mp1dr~*EbO+-n!8y=JeL?;!y+oPY%^0J?_GtL zGkSBaCD@T8M6bs>MJ7~7f1c5J$RM-VrlOxJzGYl4TT!A#*dq^5`!>{8wP?DR8`KO) zre~Z`eYts>ytx{+;SrMa8L@E$ac|D_4QAR9tsa0xHsYm;wucb+!#P_SPxyMts z^(J!?82BuWdW@^WHKTeF#gsZop@s(|#j`St@GrU@`{LPm z!sfCS#%08}ClT+%QID#KGAEVvk4jWpZ?X}w9Bi|UhbeN$zfMRV)5z4D2eL;*#=}j~ zTTR2$96{zqO}90@briSuDF=eRrR3@%j`1*JZv`I1l243`m>aNK0AzBy?%y}~tYNFM zm}E$StlV~U_Egp#3--(FDc0)=_fEr&t-{w}$rVc_b0x8wxyO6XF|=TuhqLKega;Xx zclA44pRglKw=N6GxoLtNmK*jok8kDIiNoSOEVQVoJV6eLM_vuQ@ZIO|k z9ZcrILq=f+P$ce_2|Y^Yi&36w`_{(1cC!K@cH|^u#-@(dw62WY*ptB5s(J2ApleufMk>M|O zNSv);RYQcrsdbKQ0EsIp5AAW}IHQk3z zEo04LTh7==*e)^;lM8Mk-^w&b4L}&(YS@N zlY9kS%sVwKWm+&n7}sg1hG`6EfaLXIh5^qmqG*irAdBhx5Zk~`KH_B#c{`v}j6B+G zveh{!D40ybD|hoKUgrgDVrMQU0Y8OFC{)VeoV~!BDZfdOAh(Obgr$MlD4GXW)F*e3^DOt5Cgy&aniZQo+#hqEhAI_{nj@){g zaTofR$^ywONZlpZ+p{Gj@nqB;j`byvA?UvG-1E)%CYu4aO36*dJpi?gvvH49Pbg<7Hv&HH``XfI6KTL-%6f0#4pKe^ zN=L+wv*bnA;>7AC`e=cN08s+5SqGlZHr`vOk0KaqUBUbzwXVT2U4O#f>s2o&(%WQxhXv-wg35aofS*9QqgJ4v=j*ygRAoTmEqP43EF^&~*wB1+`mMF>GiOp-w)X}|2`&L7PmZcs0W(Aq7b4I8)cdmlzKkhyYe#n)Q z5x%yy{{KBnC*4Put5PzF*3Ylo#|C_!J$pj`!YA|Z=H}CV46y1mLvs%3a*`y|vT{}LvxEDCe2|IHrsv5d-46a1P6ol7u=^$+z|kxC z;bItehxGlwrjsbWO4niAdVvnfDAN6RlAh1P;78ypn4If}f1dI;Z`lxIf1QNDr+@h8 z6#nrQ+B?T6W62oruy@n*OW-2s!4KU~zGkYR4s0(OUvbQm#$Gen+Squq27jIfCsZ;x ziMr>bWRRSJNb>sip0~!+;0QLUpF`M#_D2*I#3miFSgkWCj}; z`gr$Z3@LSrZssu>9rqq36KY|Y^y2;%KAh1(p6+*|$uLzX>7NeX1+Swtg?B$iqi7Ni zg158NfduG#9e1M1?lNUD7B^<2fxCEOKv8T<|fJw3)KeWt2yTsZCEVDpWt>!GF!Do(hy!hVV|)*ngu zbI+S@O#eBrR#+pwe!jB2oXM7eyAtP00J$fdnZ$bX_Ne{${lj<1_A`tGZ2iQ9b2NoH`u_O9KNO0S$1EHH3u3FQ*A%_`S4Bq<^B=E=~RBT zmwS}SnPHKq;+dMwh8zG2e-^=_nL1X>}Qpwxhlb@N+ zT`K0d**O|Ep|f)jkK2IIcmK%0fNlyqAajeNUOel?9Uq|L$NhuM6CZM{$DSHFM5|}n zviZq6*z*u<9tDVHjfY1%lq#E~Mo~}QObo*w-tRfdpmn%1ygyOF9g*js4U*H4Typ#I z*-XM04U-RiRj4fgkZ18_UnVvKg*T_b=y*|$$0z4Dkn9dR*r)G8Fnb?3p1^j15we## zHoEiD%sDd8Mn#^R4!*ByiQq2W0_dw)s8nUusRG%=k1t#xcnmNW{6RL8PnObCID#{- zT!fQxFb|{f4wfSDP{CY%9)C#p+dO;ziJe49Ba*&0nOr$>ImB4WtuefS!nLTtUz@PE zaP{y)Pg_x%0B;>ad)*p%g@?KKXiqOm;G{a>Y$NfgpHLtHkn7=VYR3%5=1nY`RV$~Z zw{yu2U6QcHa`3X_hGjreurR5t+R0m>+hw|cz}qy+=>;-2U5om1xmTwI-&rUD{LaED z$ct*$>U6Qx&Doi%PHC#9sD5Tsdw%9mHz@siQj4h{byE*!yRVnjOpUh&0CPhS18WEe zgLwd!Kxw~M|7Xg5RM5?!H1EyM0!dFYby7I`PCNZ>$?(NG!}YT&T-_BBZL}Fr#@t6e zzrNLv1##YTs}Sr8^Q2n=+ug9?kS~c^ZOLKMb$7KM-Z!b#d3~UMO~)< zO)ulK_4xXIlF*r zASqrS8jt|zLXEC52TZy~U9kG|E?rfjHc+NQU6|5nE>h;=wc%04>q0|@lyzaD1O{~> z;llN?!e6lDP0N2(@_%Q11!BVJTE~EL`Tz0v8(Ui$`G0EzzTV0IxA6HofmTfo3d!tNphs3MwhgC0`zp*8<_{TCcpCbxoK`{Rfpt9P zjE%sl*sBl7bhV4wX?m+ca{AAxJ57V%oJ=ChQXc^!T6oX>No<<8SFg#qUk@j_Vqa8l zUnMA+BzPsrH5(LBMmm$`IaLy+xSPN#Y7#!|aY+K0`38m>P~aG=l3p<_16o_zR{*Y> zLU>`NQ}#fWb&u1~;MUMz2?p*y%$Lp7?2ps{MmrWw$!>}s>M1h3y-9nxH^Vt&(fHW0II`%OTw z2G0d?orCDILD@uIcw*z-LKT`6;gnK+M-z;3?r|QYF^IJ}n~URrre~lN+jWMLxZom) zM?I6;1MTdY3{pykwnSM)5}lilZ>uSX(>VOsEXuf_5X2f~>;cIA9{;lcQ|Hwr8Dj32 zx6?@j<^i42$R7pWO|oSHGjF+V7=V;+S<`_jR_T&n$9}vAwHZ+srqoNp_b#xZQLiy( zKN_k)zG|6T;(tQ!L7}*@!~a)#TG2NS8`zBg%ot z?H71Cc{qIcDL@TV81$pd;5-_PK~69m4=%Ov18l#XG;ZW*~|U`N;L=<>>q%R$NIj___H^wPaza%j-oD zq*C&s0T2Vvsga>Q*qSj&@hLDi7(ERcg$bZ?8k)4zNhoYeM?7Al4i13W3tnjA{@LqL z5-~k8{KdZR!`TQ*G*-XeYz3>|Zjrb2cQS*G7z&JL!*~R(r_X`d<(5o5_AnOSbDhxO z+f5+U`y3zdlhsH#IRp5(F7P)jsTTvS*SBZ`Sm0$e;DR}{L_!0Qw_ErS4 zf_YA$8_PlI-oO`px&&z`rsVZCY1z>NFrvvM8Nk6_b`hI|R_T73UL#QK;qgiW8bcgEhx@0frwacU4J)D)$`LoY{`nF{Q4tZr~A z7t(KG1C63L^HF#)fQzhDckd;x^6ly-`f7D2@py_SpN(d7Co?-2upPKZoG&>=s2;w~ z45|9L36dArn;#9`EliKH#rO*5Mk%Bhni#us!}oN-DbX$5&UDCi)YmW_2nwNd{>d;^ z8~JB9yE|vvr%jkt_Gx|#CU4%aef!;N@g9sIoc#K>-5GbBF|ze>Lr$CejM)tCyQo0n z>H7OK?)Pfrzurzg5833YX2I2~Tm0N>w*rLQ;^=jeoZr9f$ECQpoQ^Gz7GrZ(-G=93DaXGCYm*-S+l*yZ$F1t|s>NB=Ux888 zWK(}ECgovK*JMy%0ekw|m{S33nu{@wDc{qVXH4Wauoz=9RU7$dpNTPX`+si6gk!A1 zm!dJwY9C#Yu$CZqUosYf-)+A0=3#y~6$_?Msc^Onq zb(C~qbEw)3>JP%7c#L(_QH+c~43Dy?!$&fUYNSl7Ur;5*Kzv2KDg#jt;r02II3|7_ zEK7M}F3Po>`i+7YpNn_tKK|V7ONLpCgDI5!ftZ+0DFqa?Fe|g${*v5G!SPiwv@B3Q z=SoyBK^=nB2vPbrZs=F!dblJyuvBDet~ z*rna_TUTaPKKFIcJL$#oVmIZAyw(c}80YmHcX#~D_&YAK4m7Fzz@geZ@k^J{k^W(ZJ-Okkf)qIw! zCgu7LE^|-2?dS6OC%wM2%Pqoka~>}x_TYDpFALHAtvg42$u%&Chs5o!gFF9-oAHlW zd>zy`sh@iVIF|KalKgY#^t%XRX3 zyeKZCQ)iTxQ5iGxDdbfGN;ii*UZ~)?(usKR@)hWuUfU67Q&1j8cm=Se2NGEu`T(dZ4%dA;6jcOJ~E?#?RSUCDP zorK+K&C)fIk6BHcX;%2I{*plJn4a?h1Lxq zNJ-{vUW*-i4BKaRMIW7D@_Lgfn**vdU17rR9xkWCRN+=YbqpPsP59iIB*m{T)hq6T zQ=LGI4(wTPE$e|1T=0dhY2972*KI3xaz%n_7$cBE!qEt zYj>~RM}_^@<0qc{pHH4`-R=Lk@Ok9P&GXdF%_*r$0=Amo_NZPP??&;*;2r#EqUBgo zK^E9e;oxu46;;?Djt9{&8cow}&7XqCOWC{u8hlh#Qd-TFR&4|594kKy%}&8{Y;R{7 zPbMf9`O9b^s|sRc4xBq$mU{W)?s2=r%)0Zk{c8W9{nC-4w5^=|j6%vgB2G?NccdDX z71AS9DJiH(UMj#3njNcv_W1ij8sO$eDIS=eG%)G=%TlfY z&YvO8vJ*x7=%^t>3RW|QSK9_an66@%$}Jp8NW4OL4T4Ag_qLY zd1k5_@%r$vEFz@;#89+w5D-Kb(~Tj-9rL7F2Mj)ycxPWugpFD=Yxqb7z#3h!sJg>( zBR7e9Amza8lWiI7TlIl2fZmkcs)k+)&Nl*RciERSDpRWSuQZuVi^t=xv!#;pln$t| z$}gL0OzOc_(;gNkWs*I~-aU$r>Xp;rf?^@H3W-J;;H3j~Jg&79mQYDKxc` z#ZEErCIN73nFOWOCW!#0o0f13gE}m1|CSAdvAWofVYCf&%#Q}~X!fx-C9oK^7%eCf zteP5>ildMo1dMvJQC*r)y}DGvPYqp2DVs9nQI|WiGgBjleC385rZz_6^B)%rJw4xd@ZMdhMxmuL{uB=V9 z2^F@QC6fF13s!=|FUz{LxF7Ge*mt&bmjX>Q#Z*}5NXJxXttH>RRl}OUMb3C~L&x+^ z31^Ycy=Oh|IWN1%*^EQ4e#DVi?km{mi&?q#rt;t-XGR#AXgEpRsm*I}oVD(DU`l}l zt_yE_Ucl91{jOUFW=}cmttw2(+WjRd(gk))RN(0qpHl%odHIU)8>`S(aj7l47@y)w z3UdLhQZNJt|I^M_b8mA~pW^$Uly25;;QFV^{^RNQ8_#n0KaV%>?tgCMQ}_Pok93J5 z&G0QS5^=5v^Gd$v+N^ye(~A>|R8aRuMs8SmaXGJm6T$P@G#;c?w>Xvwi>t-reS3nz zf+|F~vLp7Zeb^=_o4Xv6GHMtPgFG`TAGLYs59$T=v}(Xt6EA!G)vN=eROJ1-PveIT zbP7XR`7Yi5E?sE_N>^Aaa$#rpSl|R?z5AaK?QU@TjJI#ve+*o=Mk2~o&>>8mIoAuz21ucBJ z_JYm@@^TQSQ@H_bizK3NW@fzL4W+3y9#_Iut}m+Doa^_@OZ z8}W-F$y@+rx(YJw2lxF4+v4{YB4PCiIBPEm3{9z?nO$BoWqIbFTa8nzFU4N6L_fEv zu_B?%LY1!I!jF9{F8`OE|JWk?bKC!IZ9ax~dHcV+_;0uI`Eut!&#|udfw8s`U9oR~ zypy;W?kiXn;j9;Dp2D^=N?d!nl7n99DbVYI;PqAToc)v);EMNbs>J`yH6HA z-}hav;>N=dsJgkta3aQyWP7n`s64^-U9ob9+p479tG&2A<3D{RN6Z%ynH z2)1aY9g#;@&)F^U5%4}4v6*fj+7{Y@u>Xw=X>{1(4&1`mTxjv0)1 zivqrG2nAo=*^-)OxddHVQ56G>H=HeH-M>jWYFkDjg;9X)j<5J>%RsjAUez&U+$#0h@b*_%Cc;|u!L;=LjKtkxXbj2uiV)6 zT5+-QB>E61vs4NqDAaWad93v?opmt~C9m?lnnzZiSCymQ`FKNKgX4KI&NXGfbgS{R zY%ln9n4bN%xv}-+eGbkslw4U`K?VUMopj;n+9sc7kQkvNoD2rZS%dJsEx8+vQOVh*F6~7vri>FWaMPj`n8717(d^)?Oc@%XPlPMWVZXkw& zQA@Y`?&bbT=jae+`}Ui|zqf6EPN3hvA2jZ%dHLV}Rn~T6wH2rx?jEu~VKTx-kT`&X zn0HvuR=AGv9ig$-isBWT^-16S-RhdzQy}bdo{q6fS+|IP?i9aSUBXXMTh7&;u~7NM zCJwlW`aS5Fry&``CZpC3Jm+H+whc1nejoPD$tW6-)?@Sl8O@kNYEb1?a2mz~)CG{% zgPI`m3U{LR{=wgOU*ibOqqj$gCx-`z$M4?0Jv=&b-|fEAFJx@A)Hi5ImO_ItMX&n3 z9aq-@Z+K9^4LX`6hZvz3$hO~W+02u;Pb(ny!F04?qzjo}!nvk1HS0VTT%G>%SH*+z z6e*Ci3WGcC4w4js&{_&69`$Rif2w_`OPi2y_ZcR=xPMjCv8~#&xU?J{WkIGTdue9C z03#iSSE2jCY1q9$9|eBWl&;ra0A4%l{f;^So8z&Zem$&)OY+#bu|;kn2;}?@W=zA% z7@Vr?!G&Vv9&y$&d&%h8?%9@#MDx#ieOSgww5fd(;_=(_D3*!g0VxT)|c&E>YB_HV+8L)buWqXu+ zik!SxGR?N!TQt8pGqaKzq>|UU<-yi>l_B-TVokaZChMen{1$aY9Dah~9v0G*)@N4$BYaxj~nS$f1&=X>@BkqHhd_>R9f?JcCS6Ooy$=d zbjgX6qTM{kD7Tr1lq5GBcPlC_QpxMs7#1c`1oDiYziCN2A00z|SDx8gXO``x+MUp* zIM<|HiGR=?#bEO zi`ocP6%2xH$VE0FzxFR{*H!OK<*&}iS>y3SBYcBV1=HDtLkl*J+XHscq5<=4YAcI5 z?+YqST&z7ZBk%CTLX#);8jlf<#X>4>e#-t!TaQqU6WqfN+B9X(=Z0EL(v&77G9Hv(5lF1sJ&(E<4RySs=jSaQ%f~*KxgeN{ z$TrC6O^e%HUb1!oX9!kzFmUEbzM)H}_f!cwo;rl3-OrG!@YaRmu_!WIQG3t|rVEUE zDO)SSMHdQjC?^wwoT$;&4@42x`Y=t9DkTPBBiJj(+|0R-2JQzD>Na5|d?&d_iq zG?2>>VV;e8xzVn)vhWryr}8_Xk{cx1ZZ~TB$RNq#*o8?C!|@oSr6AxiB(-iW6VU4d zhKD7AOh&w&S-H(TXL4Zs4FFqv5j4Joo$|Z1`5vK^rdE_gt*vg)C^RI8X^kGfODo&H zDU7g57x6abU<1%x(Hvn;Hdqsw8*esE<6abm!4!s*hE%QG2S2wnr2*4!lUfFE{a2K#WkS*a@8MPCb zwBaq^V6?NKFxr_3bH*ZAiO|Cm5By!%B94}B@Tn!q7$L?u9G9JI6cJ_n1+J;2{x5BF z^EG|S?7t-1=CuvLD*S&QZ$8f3e?7ai|GJgWo&8td{_8f)x{9@piyDb!wQL1W*w@og zF-kwDscnz{ zd=`CTi6*fUf#ur6o6{MVqouae@JsJ)cc1EyPyQoH5Fdq`2mxFX|99irRzCj!=H~Zz z^4~3dt`q;)(8*M52r01dqrE|xromfcBT~;F8Q9vfeJ$KhfZ(i5$fk%oXMqt*>Bwt= z>>0+6Cs_jdApNcVtCCPV-X^onW&P4K?b%-HPJ^Dw@p#&MCg8^66qm`*i-^cTdoWoz zRieXiHc&Irc><^A#b+B~tG2;@;KkOeC$^?b9}1MLwwG_Lbf{3DvABVyARK5BuwDZa zpZSOnXw}yu0On$TmP1&L{H+Qow**WsI|rctke&_zndz?pchxFa5Asz8ebs{93hgOG z?v2)GIxY(G>40WI#;_HErdtzbs1{|5uvs_6XYS&=7F}c`e&zwrxantCmlHD;uLb79 z>u`_`q7Tua25y&XAXYaw4{~*-8l0>a6U#+Gq~^=;t3mMN*tB5}sUCX0aV8f>uXB-C z7rphOOD>FFE68LadTnb@A9~d-3DfZrM#*PLP{OI+5NTB_PpWDLUCJDEGj*{X_Igy~ zb8-l5zX)pGzaPC+)gFc$B+dYV#+&Xq3aP*kngx??s{n=qRGx<^S6gI{t;UpYemoWmwnV6_nadx9dPA%(}l;YBfY}0 zD;Y(Ptk8+&sHhhKcBy22GcrspP>e;^S{>@vHAB zv{>+xoB#{8f84-dPzRX3&G9hLi`|Sd0s@Bb7&R4B7|BbMj>M!7acQeBx%y+GN#L>@mosMr1LXj z&w)*!C8?S!@Ls0*)cDNdu|&O?(|~4mOyO4;;1d3+oFQ@v68)u$P< z$j^rHB!r=R=+a2qOK1ohMXSWDSu*giTgTt1nJDLhdutkG=$ zw%Z(w|tpTD^N_nWvsLfv6TQ@MX|(mp!aeck!FQ>4tai&Uvk zJ(|UOB~%ddvJ&E^=I9>%CWT((!!#k4qgd{bC$K|iwqIpQ(4>8@q@ZMzy-4!K`>a$i+o&3E<*;>d-=RsCF53?aQ8AOA;>MSbvp!Rwn(iUrz^ujnN;9dO zwC39RI*qa_!TJ(TBs=q1PcLBfUpeSov*w>`q>Gs0*Ba_=+1AfH+PSUb>yGwTOx-Ji znb#b>vcX$3G2i*DR^pZ8yea$dS~K)jm~_`7>@RABT}={|_PMsm;SoF7dM+<+;0Gj* zYnqRFFHy?S{uys9Yjpcn+&W%fbOc_eo^L$si&brPl z>i>o#Nq#w(UnE;*XccyC1*(GVtmg5JC#8jg)4Obq2ew&J+#rq1Z&~Htl2eIPG#gAy z!B5A7S_w^yAj$-sDHRu11L|$FxTM8Es3^Mlsw3E!*7s*Wh4()<6Z(Tb<@Y~ZTTdS6 z?|(M8?&5#k#^>7h|6Zg0yI>zxhW_O;+HFVdnAd)PktiPCasJ!2+AomRSwmJN(1^_Y zX~&KflHVgNJNY^rMOG+kl__vaqJR{*FKV;=;<#bCE3Se;)zns%?|%9;UL)ev!-vrtNTG4Ab*dU*;c?nbF0) zAqpW=t`Hu7g1iqzA+GgRc=7oBo)KA+Eh|&#_+Yy{IL;1L@Is5l4iPn6A+jN6O3ReE zHDnwb3SAkBPjRK^RNIl*wn@)9DR?ktZu>n`TlWm>I}eDb^iB9GD0|3c7!Cb~m#%W$ z$IceA;`Fp8rkjP$X+vJuw_y&i1~J;i!Dg*C9rJ87wytB~iFWz4hZ6(( zg%+EI^kWPl3VbojX}UxwQ4sB9tD@ z?B(xo%z~-ludek`0ha6D-gwXEeoPmILn^;L^6>+2P^1F-wnkbxBgI!kbIynfl{C+c zh}BZ@jMTbensY{c5tPbrxQb@PilbCDBWk4ncuV>5S6^z)GeK^cC3}YQJ=eYcs)=z= zgrMRJHy@(2af3WKHkOn=xxU~ItqR<-+c-abd0dv>uq}=+C$drbOta>5-ZCu}dv9T4`cXWM z!vPG75}S!UiM~n0_-qnVrl0X_GEUN{C|6ve+?4^L#VWLw66Y&+yHfRTPj| z(6>g8BTg8Y0)qr*sN<{T`^_C@RW~h5QSdd=KTX?bCVzGY@d-K}<)temYCmAt1K2}I zmR>+)#bP%~_Y~_>DP$tV6^>2xqd+TkpFN%=<7hICnPvWwFPZDbh4~zu#JA`uqz+Ol z5IDY5jD^y3Ho|FuHqBEi5vM`;A&dv;2+`E5RZxXV($N_j`_1NS%_ux*H4Db9^nBi0 zu1Tu&)s*oNVGv^!YX^WQHaT@=2MUAJK{&eLLBbFxmvI_p!RLSiwK%Dw4G$ZYNCUZC zp^|X2tc!X=i<5w~t}fASODg~ifwhopZ#Ii#cdH1yzCA@PrTl&(0DDkTir@KUxe5#y zC|Gl1nNt2109?xf-}S(+lKiq$IM+^EyoWN=`XW0h@^U*wN9y|bFBe(k=h($HH{L&> zF;J1xLUtAUE?bK?UAb-%OY;w>cuk>`hv5nXG@NVSyppfEHfvkX_2R^R)WyCk?dwW|?3M=46+=5-oX#s?ak%45<3U<%hNtaT z%#Jk%=<0|}1t)TrQ^^l}6%m|2MzfaPip*wf+GCJ$>HUu9@Lh50R9mL^Hn+HLHYHE4 zK3xNr)^~EwuyoWXJoX!a0yzR;$U+|azk`*ztVK#LTR^I!hiHYx*9cyV5s+pYF$`g2 zCy1edpg4#hJ~T%@7h;UBC^r_r#qUc`FK)$8fnUpQOb)1$nV5S_3BmpQ=6+T^Y`(m`Ns6w==aQOt(gXyh)ua@e<8t0E{RcS|&45b}Y>%6wRn7tQ)bpL?%xccP zUlbFyuuqHRM$xb7RB9(**?(!U^md0wsED_+N z%Ub{7ynul}*m+R?{u90r?!_q&$bR1>nDp<54+$*72!LgmM9A#l4E4~VWuZdrg$nMbOB`qSQ;law{!}O_X6Q1?RLQI##4Sr%2WS5`ymBC>}E2@saUzF?gkoeJX0q=KH9-6=LJZYSsKqBf&kF7K>(qyhnRE z@|^5H130o0VIkB9u#o2-=ou3h60X724-QY-+d(e@(G9n6yyLkHsCxQnI2(Y79gpT= z^(9=sjLCbA4O>C#&E>$%T==}Z5$ic(@u_szyg7D{eckkK`*|j2XMu^y+Z+~6OvTLX zok!gZQa@_q#Q|t_GC$hB_IeUr0~>I0;2*u}-{CCVRU$D;X;6qe?8PZs(sXc2XaVQt zTwcBPbhcw7Xj#|xHfn2kYbjOpLG0)xi_xUulnO)61)mdD1jPy~32BGTxXM=^!1Jsm zkLpN1A3V<<%1Ifye67H8_Dx4Vl3LN*OY3c6&@64NVALrLQl|TChuJRf7X}0@En*?q zloQz2Ui6&XSuG80Z36G3>ghvuT9(3BVN|B@=34nDpZQ z6+WDeP!vJ?mT5E@rpnmmr-OIF>j-zO;HPL5O~OI&c6JKnNY!7*UEt195T?NxpQh(g zFF3uTny(O;V*v(^c+deEcJ2gGj8+iTzz3jlH1^zD-&8$Ho2>vfXW4te znH3Ixg$Ym3X`?<5KagHOia!99A!nJGZ%#qZIHQ3>C4<`?JgI>g&K5_j8^b;6N-hS3lIo`V`$)2+=s?r!Eql%wjYypibdb-2EoSG=H|xQ=Hrdc0OW#Q z3K{ShxFS((zTlcfy`JZ)Lp0`9Zi5AVs&)AG>uVg=i;{Lb*3qL#<%7(k~$0O z((6oJdWLn`*sQoRzt7Yb3pJXVBX38!0MxYey^1zcm@c$^PHlEkh&6Cx=Jv&fnTc2kqC*(yAwK-j>&^5SYF1GlVGxZ%SO&tJHuDS6~@%axuyly1?Z`Jv4YwO9gto=WHyF35g#^*ZczeP`epZUyJTLE7u zS%Rg4->d}KKGAL!!i%Z23J$8c<_Zp~>~J}U{{5QH1+@GNdr5^3v#8tK#3od3lr+?W6hF1#dmUS|L=GM|G0r!<)P!fNcZ8`bo@UEWW2);RFkeaPvzB4bo;Ima{(JR z`CetVX{_tjqUU@cvx7oYeP?cT4Ep;rR`Yw)5Ugk z2#}edbPJ+`Vp!AKtf5BGe}ctbb($)nghh;qryJ!CJ}hUtZ{XOkpKY`Z@q)u;+oL%~>jt#_Y=a`W@?)wRjR#8#Xl_|Q3Q^+Py0YqmIRiE5&Q&u$tMGNe2%q*MKcdN06>wOQ4f z<@{n*NJz6Gjd^Rk=|LmBzS$QL)PDL$IkOg@|JbzZCJumA`rq$8@n0U_+5g|l=TCY5 zyH4t|BH3e+XvJB1?3#*6o{&sK0>b=?a3y=L%2 z>A4;Kf1D~)Q?7)7h&o&k$f%nskTn-%?ChxUMqIe*`jAavc8Bt+6+HNT^nfeqct@X1 z#4l`>6xZDW@NU3C(=r|9Ci3Euf!?_mnPz5E?CO<*`5sx&{@dV@2#2GO(R*cwZxumO zlW2n`@#zS!6R0q9ZwK@Eedqp%xkI0qZ`@fHVpZq@k{X?)~h%+HF-cXcBh{=-|K!SF{6t#bv zTmUV@*2cLZD9R1+_dfDTd>Zy~*N7=M-4Ztsji%!f;|amRS;jXH=~Y+W1rHG#Ux|VO zW*RV|sxHthM0YujnAL7C=Tgk@8xGI)zyBNDYe*wj!J-LQq3z5XgK>8yIztYy~V24*jAP>xZV6}%2#ZCca zAOWs)Q3tC{z`nK)p#G_1eyQVzMLr;-2ON&Ai*Eg#PK1M+VL*P|pz6X))JDDi7C(IW zUaxbK2RN-dy%hyVKJk(sgQRf?f(C1_nzAdgE=tiB|7tex>jr>mI%8pPJNa134W6sD zV6(XsJbV~C5Wm;lN*=)Wu=$>uS+0nX04$@XuCVc5t$W6Jj=?zuYJr+n%Naubn6sHN z@2>3p?mEBx$EI2{jn%8BUh&!9p}Z&`v&*!_-!I{0$}4u{khp&dZ;Ku7#uc6}vYD9!`#T=9Q8`E6|t z9>2!{sIFM-$9McjqNOfby|BdY5wHO3lW0813A0f+>7Hlu)N(m>h3XWabb0LnAt-Sy z%Z#7^ooOcYcNAS>0lg!RTO{tMtw53yWgU4_G-iQTU3?LkBvm@k1ymJg^ku@CT4v)h zau8qv)2o2%ig%-xW04wq?pRRS5f*7UC_^XR?rai`P>xResx>&e1E3^PW1#tB7Wr2b)AVnYmNEb^;I`Bi2&O$i03o(A>Qj;^hVgzMam@v!dA%_e-jbMbNBSc*n z0>$2z*!-AK!Yfl2Ml?E`o})0t51LSLjmyzug^jK|zH0C)U|_fkzosF=$%>!Jnsy)* zs;3m=1g(aMrsAHlm~*;P>zY=k+ZR4jJqf-QCGIHlTU%4)XXwhNI2%Ir870tKa^UPG zNK#>thNBqPWS8QXBG{r|VLfOX;gmkO3eE^0(ykn5LT6K@36$eDUjnauAC$T$cMA^xmV;{nz&lcuK{s727OHUi=U^W@E11J0e zG&CfR1u6g3&852X1e)yW`%Xqi(~Aj=sO%HRb#<1gA;sOtl3Q@_4J@g2lo=t48!?JTGuA>n zlOn()v01IpyeH3_!Ll2n-9;0;aWLelG^IsN3mSQU9BZuG|CHbVp5I6x75BeekDoow z-~T?jyZ^n7&;0klcXzsXce;0Xx+QnID5ugKQ*1HZ`@$IHw)1F!w@W5%C(SQX95kCo zAkU#iPmeB%VEC6b`zZpb6MJ()a5~jo!7RfGuseyzu112>UW;!9FB-u4dE*@d1oNflrZM$@yXHt-brWo;CLTi>TY1I z9CY3tygP2c41Ql;>U6@XtiMhtXh1z6j8SJcLZ71!A3vZv)Tewe-vs$)=sX9Mb}k3) zZ=w+}tL3a!E1fC+ZC@tv*+;)y6=@}_rQ1Q8qJ{Hca0-Ki3QemVZ;|Smvgs+t(}Fpn zr5ED;a!iyHkF4tOG~nv`JxwvP;mc4IB_G1UED~lR_4w}1yrfELgfFL2YL45?&hd)! z6j_m>T6l>TL}EUt`|RPtXPr6{*$tuRA;B3RfQL+(aDU0D&{03E^F5BA&eyRm8xF3N_X-}=z%@x?M~=bHa!11LNpNSrxzQ!@<# zWC+ztEBFASD3_Jdeq!E-Kk1-`L!^^h&~P$vw}NQeZPL2ANy7@8UUT$>*SUex6d^Ui z`P95#!s*6HK%D#BnkG2X$9;Mm%k*==u7qe_P4$LV2vOxLh^@lAXdBB?JS_=utmmvB z;_|~LrL|lMSV>W^wx$*$3KZesGQ7eYbGK7>W`Mq9-H> z5kT1=BIa(3m`G6b)iXku{(4s2+ihna;G?w^Qh_x!W)V$hBSbg$A9l~-o!No#=m-Zy zn034@_mN(O0Y%wRmgh<~p3yHrBB8xWCPT{wh>urVNXT6K!A!k@gB7kj zl=OipQ98paEKz6eB9bvk^>FIsu4G{cNw%E2+HU68-6HlC?ttgD8rWIn@_lFFYjEYU zT{Vn(F0b91FyU%;k>XTh_O0BVA?h2`maUVNTf>j)%J53=3q{{b%24vfK`Hmj2cKt3 zYhG;n98K)Y&7BNqOLLSVLCm1zpKkk*3VhBjE&x!=QoPG0R zNwo4f6`4-%2&q7tZ9>>$rZ2omlvZGfqim&N_%R;Nh8FFJux;)p8~+nc5|R;TBi=)L z&Fqd(w*YI3_3DjZ4#JUvK!cv&96rxQa&B5^y@{k{)2tee+{W1?7^JiAIZue$WQ~-< zJ)cIvrf6uy8}eV| z6;OGuR;l5u;f36si6jKW%Px&T5hwE*60vQxu-fD_DyVl6jY)9^Vt0aj?PW}2v%$5x z-0G7KJ~hWP8e)U5+4&Wt*Xc-Z;raT#X&=R4zedH}CG<(6wp<-Jwbh_r1RMSfsvEtg z!S~JRgs1;hXOi|haW z^S^!;Pvf&uGKp@Yj|%^Pi~yVS|KHene0TqI3m<#_Y3}cs<6r9IU;l5yiwO7Go9Uxs z{cmn=d_wr7om_Xtn=2^@YWaW4w2 z?)KN$(LRE|$eola`1@CZe*S;d-hKI|eN%l@@c$=IHuLiT_ZxTo|294c3EteIW`daO^ODc<2`VAf`8@1) zqcrWX=`U>^O3`U_OKAC#&d~NEjfb-VT@r`Os4rO~vsv0@uF`2VM6K`)`E&4ccMrXA ziCx2Kem&U305<=cMWgB9O1a}Quw)q1590x9Nbq_qOaq*zmij^$LYhHmTV7sX{yDiM zJ!Owoc4#$8oSWJYO0n^LdHEOi3ud@+=zH%*WS=B0(0vJRD3{6PVqFY>^nCB-ZfOt}X{n__mXhwSrAv_R?#^ZDhW#<$ zdH#ZD=6ZA9o|*g1oa?&oPjF7EyY&*UOo?2@o8Gg?N*#p{gW$`Hdv}qwfU5}443D+; zFHy*+5|M?Vl+@ct_g*zQ0qFGOwzg1ws@ETMsg}fWT$Segf{iz!HXe>OnG~> z*mL8yYICha5tcoZ(Y{Bq6fSwD6uqb&t)}v`ZrR3n8s22L8&4oz*qi$acq=H?sjTmfOCmT(g0w*&!rl)0vXr;T&LX8#y4 z9r+OG7jR`HmE1}rucSe7eOi1=kf9}9&BQ-xt2xHVWIJSWd`p|3dMExGnP0N|hnc%gV3N{L`9i**YIKK8g5JS$mWK1YyK!#i*7P!D zaURfLR6LVIEb$!l-j8$?#^)@RNV{WU8T^@V%N$U_cUbqc*u^$J_vgN6PAf8B$1x$2 znms9%M43Df3$#;WmU0-}^J<*o zbZYBl(?mw>4-Vry_fgFq1|uM{P1b-md~23AJf2yoaML4(E3C zq~||L>AHEBE5{1A$t_pGYQK^Q*NC===&x&VvMk@J&BotMa+3=3;t-M}7Y;TKQCOdA z5UPIwtn*ZjL%W!@!k&#NR9hF8qQ3afO;Q0!bb$sl$7ca6_DlDl!8yFuq|RAaZg0_r zg^R{ymjTn?4iP9s`c$*4P!GJaNb5Hdyrb;wO7uz?q++f*v$?pC7wi-^+|Onj%;D8v zH9%3ZG9>C6L-A=uT|_IwyZ86`g}S-#!YPH`i~H>Gqjyo_3?{gqHvRKab_{ux$^ot7 z$KcS}y<18JxV!WGo}iu`RW$JcJ9X@Ha2d;hG|NxhPYV4#df7UDQ{+K^YXt;<#H4rx zyi=?}t6R~KnoIcDgDH~7X5`LRO=X^*w4SD(4`bbgaJE~#QU2-3VlMIG-*WSZxV!>U zPgr&8;Fk48Js=_^t?I1>4(|olAw!5qdG9#8(c(DckwFwZ7hT3!+z)_hZbZPg z#T+x{+X%B_LVGVhO3$67WF^`l|7~9T*n0PBZNi#Ldc~7=`?4L+13x@}if|+Qwe-+B zG?SM6<4W~D<8HrpwT9k$YJlcAYo*SR9uD|3N}OkanD6wx-{XP&M&<&iPjM0vKuFBD z?$NNxiO$G3&gV$Qir&Ncito6i;e7NsA>lO6(TMrbO_A;Gb#V}oisNze*YR}L>p~iG zlZ$TFBERRWRzpvrmtsB(+#k+; zqHs%Y$juD=-mA#2ZSItpWgO{k4xm%Hpy|dLej5)SO=-tZ5^QdMbKde7IJLg!);LlC ztWvPlKc@U}9_4+u*@YyjOxpzW-q(QWqSiqYM1IVs_k1qqp zz|nKoQh+q54pO1EGQDf1Ab5{iAQNIwiPKzu-r~vz(HSW)mi1Q7(pFp$=vg#xQO!D1 z9$|mmw=N*WJUgXz#gio6?d_jnQjesqm1wnA*LgR`tBE(mx{qYA z#aj^2sk3kI1{V)EcG=I_6ZC@i>5H-~9sP1Xg(FVflMI{PhKQs=-PL$kQrP_J;Xoi4 znrNNl+`cChw?E;=K&I;gtG}?W!>#kcaR_YVaLApr5hW;lZU{e)jo~-Z6|`U zYb+whhF7RX^BigXQjq2A9bSL7ln4vpnyZ-c>`>rz2E}XZpDOU_v2)(gcT;@m7XCp9 zE-`ir2OAlAotrstyDi_CO~{-HJn&HbokmdtCjql)gIZ6raV87ik;B&n z%;NhR{yxd_djIxDZN-Eo6lF&--4bp*RwHhaXg|Nf;T)}-v{OG7Im(NNyfKy=Z_g|D zC4MSYE01JXiV6v%p*C;JBFSa7==szpod<}#gNz_fDB|eZbkYzr-><5M!L$&@c0J$!oYB&eoT}Ov2)k z?e>|#FWZLq?KYpM8v+Rq_8U8MB98h`!ANQP+elf0Gi^;l+hZ@2t=oAU!1HCUhh>Qk zu+m^KF%0rMZo%rWlP1f~9!1ixRtTD0>k^?gIIj}@%*?OaXeOq1OA_~fMG-Ic)Ks$nF9vkcmm z^zIURR0coXW=jB6|6Vx&2EOBQEx5YAP6lR2wkyzUmddhzbBgHP;(>S~g9Uu~*<1r& z&k6Eglgw^y>}p}fJTiBSn6PHu%5O&X8Dn}Z7#Z@fjSI!S^!JI=?+HyEN%d)@%R!Ip zN^^_)?acrUS^w-{*(@{kxRtNgO}np@5lR|K@OFP*7rma6Lw_lxd_nT<00(?&d7tHw z-vM!;E_)(RPac|0)buS!aiIwb4aKFrDg87Hxs|(hCQM%dMorTMQnT^V66v98YQs_* zRr0Ol>o@n*FB`u@uPk`bSjAUQgyPV%11T(ULZ1;I7{? zNqlJ___`x*RhUppWohNOsWr<*aR6foODqj0Og*5d>-dEm*5{wmy!neuXYK z|BI#zk95Fmiuz?QV|QrJSEWq4(zwbNYu8e(MpqQCeJLHTUt+%yy`!9yBbPaC&>1Q* z(T58}VauC6GDx`ExwchUS4l9}{{8Vb{o%=IcGpa+y%*A{sN5^Hy4PR)<6S;8*2#_U>fm@1N4N{9A;k#0zo#`58>P3Kx}`PKeYO=nY5d z)CIS?Y37UNvJvw!g24i4mXjDr6_zP~v)kCDvOhz}{HC(ysLvU2O1>nmD90lIQChbW zHMr<-UWgbvBUr$zN$M3vjH&`H|C3rBNb|VdC{lZbcP#s_R#VK%ekFSaJj+;KF!b2t zo0laWW%PfmlyJvttNhqDB^Q>Ra6~J|MEjBOGA{%jr@djOn_VJow_wvD#0_>#1U|-1 z;QM-ES2|&>@MF29aFOaH)cWW`x{lrX_t0Nia|#WyihFr4=gvo+A4kjZ4_R0pLoe|2 zM28o=dbppbHQWm;o3aMpT6gq+itlntU}+CN_f!?X+D`1v^W5K$O=fSemi_g|puuBG z4PcMuT(fl?fbYB4ys=uMyWkTgWbJrx!MSJ@qdxfJ{P$yrDGl)roD!^lc@AtmeS$mf zTEJc%h`~>1+Pnvd02B%A@jIhT)u+c+)h8#y&gDMmVZQaP5udUraO{!Y;)xl1r9I@j zy(aP25$d``t}c0YuV4GDo%N{3o8aC-jH}~@2 z(VROoczfo7vr$aL6=ETQuG)$|KJ5Sq*P7b&Yc*C^`BxaquQX>bGr$9&Flu(^1&2pifV4>RWN` zV%14ABX@a7(!UO*u!Z>ff0UZ}(q^2;H@iCrnZzo~T?y}7Ltv`6wT1O}LqlQ(!lyO+ zp5?_s*o6iWirIV?i+K3&lgsc5CzS~9uujBtfG^=U*sdeNG3wCrTdf95=vytIIi2pwYEkz(KY)4+!( z0=|PDQtRiI_baLD!Xvj#Y7Zpi&jPegkB$2)HN9uKLx%5?y)SUA#(qz-H>p|ALoHk7 z1e+%QBJEg?2`ZS3S-j%=fT~uZEA}ZdyA^)~F0nsJ=3plUGCKLwY3BTE7&B7o!( zB?3F`xhAHhjBgRN@o0QUFz!CHdrw`xeRG=~4SBSaetWP-K@hK*Qk;@;Xlh!!|L`%| zNDvmJm>vLd-*Gdp4w^n}S>9?CrBn=18_EjTWx%m=g)i1S0Q>*wSXk)=+B*Dze&Wgq zi#&<64jq0k;Et2~?8~3wt5SZc<6dgtgYT*VA`X$x5+e0uX%{d~;4-cHzEp0v&nFBn z=*Vz0^yet{BK@ZNr~mtGx<&< z1RBxdw^F|c$)Nr(YR{vgZi0F%b9utchBf7FHvj(i?Xf&X{=>0_?%QxH7T2S3|UuQ8n zUL$3<=f`Grcn>^%6pgs}CrfGD^v;mzXeN{Hn(ba->sxPXE(|=KEJErK9#dytT{~nDWPl&J6G6jp)DolG#su>Q z0j@Jc-Ii%u=^mbnu!f*BB2TS3i6X<~R+JCR7P`;3!ckOqo_eL@s)M2Q@LuP+c_H65 zLqIakZ>L-uEmaHk@v>H}?{TwWo0N6x2D4KbG^?JHyn;YA-KO*nzsP#|4n`Lcv;`ok zsjnCLYeAXm+LBiyvhf3#U~q%9)hk62_w_BEU|}N}Lg93%DUrQl{dIL`!`wxO_Jr_4 z5l@A7l03iZ!@j^qIGJB2s=ZYO(;j}YcAYkR&{=>xIRF;V7T_zpz>XMoRg3PPvX#t- z)bP+x!`SGZd;u>fH1LN`o@t2(okh6w?iSoBptHf16n-lp9<>Z#H@I9UM_PMT938F6 zFUnhWvhPm%7^M55>3t75Q;XPzs*BRScSa#%|9!zzApaZ!5yTs7Vu zKv`Ijmte<1sEyYNhTtUF_pO6%ra<=P<31~U8>8cW_ffdZ_c;Rowp~A4q*bLKJ-X)E z2M;n`*AEXOS$(ItIN8_Q4RAB&!NBP-c< z#OCd2tC!P+^AIjJ#iT;F3Ck}WdmZb333BORejN3OUzKbozb=!!8g`<@sRA`BN{R|5vVNylY*{arw#nV!UZ)3LqA(!OoAPryeDb6<8@RBng z$@|96<{InqTJn@V8K?lC6qd40HY+b|rcAwb&9QUQ( z4ZWE!|9KWaAsiNWXhbH5PL1(uEfqPbYGB^{fV0}??bhtZ)XyhGKZ)$k<=5kN4_e(B z?>M=WA$T!lS_Sw{^EFwl%sKdKk}Axh>I#$CqB}c(*xW+cu7r^9&eKz|%7gEIThT4k zZ)R|oYtrf=G}cNU-Mr!6=_W7<^x}q~&W0zN=!7!ktKh5Jfm;Yzt~RLNF}_0eQOH>` z3;`oi`KIIv2pX7lib7`lTRJ&)hfpIE(x2$6^>gR}wsHq&;f4naYfpUckZay4inS`e=bxBLX0 zn|GhwFt8=lDlNn&J!%)it#P#ROSZO&rt8YfK?CfC+0Gk8!kASov!mV|ksI+>sT8$n z?k0WP9NsP(pPcGrqRzx*@y_u!5yoOBNHc(k3z4(^HX)3GsT(n)mKTXQUG$a4?-`dx z$S!lN6L5F}z>N8hc7qt1zAXo~yqQdCJ7_~ku$SECd{)t!A+JOFP05xwc#XEig3QhK>XbY&N(K0!;s zAud4J8^U0o(yFfpyzhct+~xmx#F{g$iFuYW zbokKV35M);MQPrs8OK6AH2n;M%40Y`*;!slZ;|XIzmG5Fe@KX=+%x~6KAW)YH2Iw| zMC%jS-q1Z6aim_sq%>Zbpmu^Cxq?J_v4uxD&pXo`g3V!5wktk3OZF+X)a!ayub4aGj`;KZm1zb2ZF`m*5Yyh|0c*!bK5|e4G@vPni;l=N%(%-^@Tg|d zRwkp$#pAU>*514hV(QZ2W)R4nNaZ(j6NC^uAPQ3Qfpu5gLdd5Nu+$Jc845!QN%m&e z##^~jzcThmAZaUaIU|!*f9LG&4$W#UtkdHL2{N3XB5)38Fm0P7sC+kvxqJWpMHKX> zC9?$spOZi2XQ1nA8Sa)v5$WMn_H7XILKNmvVsDePmwJFW6K1xoo;R2Y!lWU{ky*@k zA8-;hJ}E(tJf}8A3{*5QG&UqP9bkP|?rp!*qy{v)12ySq#*Fz`%mvmvIlH^aerM7x zUJz}_ZI{?R4$NTq2#cOesW|}w`0c3fCJi8UJdGOTYczeUwnOun3pO!;@t5LfuG=59 zQ*=nJm3Oj;&2A3htk_7KQVqE^4e%0!wAJLX%UEAn`JHo6Z&b?1QEzntg&yj39=!M1 z8F<*>1VjygwqeHw%05nOoSfhWR`z>x%W+x1dDNV!o?Hex&ClEFJqb4!hLzI3akdwrgGSOma{&8t%ZfmJnz#0JjnG; zOo3}*z0Kd3#6;KIo>roM)~k!Y|#Y=x$!|uvB zT?4)q-4M`}2RizT1%?QsyriBNn_#UL1LSE>zR;bGnbk~^z1-HymAtQ3dv(~ti zXJkpE$E6~arz>#D+s+Rf2~U*AKxe;b_7jTQBu30aM&)}b3dT$3O>_^*mnxt*mL0j0 zJLfnq_=d&trFQi=wj{Zm*jr3Wi- z5tjYC^fe6=_q&~6ZK)J3k-Wu;^jqRKx6g(+$2IRh zy*TCbGnh}s755yy(R_k`w6BLd?XCFOyk-%M`if@E_k4yNP{@`310lA1vQ~?fzxiU0 zEARnJ-l9`TJRYBZVn`O%ob*m1h$< z7m~4U+%okS*vkt$gp`?2FcKhOSllBaREibPCLFx092%f!Ect$bws|I*DYL?3iQ!%y zb2dR5sZ>%mo|+Z|TKYbdAcRr?h}1^xr(fZ#Q>t(YY`sbj3c;!=bDH2O*wLx_V$h#f40r!!mrvc2dfvr*8kBBk*V( Oju-!GVIYv - 2.9-8 +- Bump release to get around OSCI issues + +* Thu Feb 17 2022 Vit Mojzis - 2.9-7 +- Trivial style fixes +- Free contents of modkey in semanage_direct_remove +- Fix USE_AFTER_FREE (CWE-672) in semanage_direct_write_langext() +- add missing include to boolean_record.c +- move module hashing into libsemanage +- move compressed file handling into a separate object +- clean up semanage_direct_commit() a bit +- optionally rebuild policy when modules are changed externally +- add command-line option to detect module changes (#2049186) + * Mon Feb 1 2021 Petr Lautrbach - 2.9-6 - sync filesystem with sandbox (#1913224) -- Gitee