From 8e51c280fdb6d0067f24216f4271ed77af64b14a Mon Sep 17 00:00:00 2001 From: wujiangtao Date: Wed, 17 May 2023 11:07:37 +0800 Subject: [PATCH] package init Signed-off-by: wujiangtao --- CHANGELOG.md | 57 -- CODE_OF_CONDUCT.md | 133 ---- CONTRIBUTING.md | 36 -- LICENSE | 24 - MAINTAINERS | 2 - Makefile.am | 226 ------- RELEASE.md | 101 ---- SECURITY.md | 37 -- bash-completion/tpm2tss-genkey | 44 -- bootstrap | 7 - configure.ac | 256 -------- include/tpm2-tss-engine.h | 103 ---- m4/flags.m4 | 52 -- man/tpm2tss-genkey.1.md | 118 ---- man/tpm2tss_ecc_genkey.3.md | 36 -- man/tpm2tss_ecc_getappdata.3.md | 39 -- man/tpm2tss_ecc_makekey.3.md | 36 -- man/tpm2tss_rsa_genkey.3.md | 36 -- man/tpm2tss_rsa_makekey.3.md | 36 -- man/tpm2tss_tpm2data_write.3.md | 42 -- openssl.conf.sample | 22 - src/tpm2-tss-engine-common.c | 698 --------------------- src/tpm2-tss-engine-common.h | 199 ------ src/tpm2-tss-engine-digest-sign.c | 315 ---------- src/tpm2-tss-engine-ecc.c | 875 --------------------------- src/tpm2-tss-engine-err.c | 187 ------ src/tpm2-tss-engine-err.h | 133 ---- src/tpm2-tss-engine-rand.c | 151 ----- src/tpm2-tss-engine-rsa.c | 813 ------------------------- src/tpm2-tss-engine.c | 372 ------------ src/tpm2tss-genkey.c | 415 ------------- test/ecdh.sh | 62 -- test/ecdsa-emptyauth.sh | 15 - test/ecdsa-handle-flush.sh | 52 -- test/ecdsa-restricted.sh | 52 -- test/ecdsa.sh | 15 - test/error_tpm2-tss-engine-common.c | 96 --- test/failload.sh | 12 - test/failwrite.sh | 9 - test/neg-handle.pem | 13 - test/rand.sh | 5 - test/rsadecrypt.sh | 16 - test/rsasign.sh | 18 - test/rsasign_importtpm.sh | 39 -- test/rsasign_importtpmparent.sh | 43 -- test/rsasign_parent.sh | 35 -- test/rsasign_parent_pass.sh | 50 -- test/rsasign_persistent.sh | 48 -- test/rsasign_persistent_emptyauth.sh | 57 -- test/rsasign_restricted.sh | 52 -- test/sclient.sh | 43 -- test/sh_log_compiler.sh | 83 --- test/sserver.sh | 27 - test/tpm2-tss-engine-common.c | 31 - tpm2-tss-engine-1.1.0.tar.gz | Bin 0 -> 394448 bytes tpm2-tss-engine.spec | 88 +++ 56 files changed, 88 insertions(+), 6474 deletions(-) delete mode 100644 CHANGELOG.md delete mode 100644 CODE_OF_CONDUCT.md delete mode 100644 CONTRIBUTING.md delete mode 100644 LICENSE delete mode 100644 MAINTAINERS delete mode 100644 Makefile.am delete mode 100644 RELEASE.md delete mode 100644 SECURITY.md delete mode 100644 bash-completion/tpm2tss-genkey delete mode 100755 bootstrap delete mode 100644 configure.ac delete mode 100644 include/tpm2-tss-engine.h delete mode 100644 m4/flags.m4 delete mode 100644 man/tpm2tss-genkey.1.md delete mode 100644 man/tpm2tss_ecc_genkey.3.md delete mode 100644 man/tpm2tss_ecc_getappdata.3.md delete mode 100644 man/tpm2tss_ecc_makekey.3.md delete mode 100644 man/tpm2tss_rsa_genkey.3.md delete mode 100644 man/tpm2tss_rsa_makekey.3.md delete mode 100644 man/tpm2tss_tpm2data_write.3.md delete mode 100644 openssl.conf.sample delete mode 100755 src/tpm2-tss-engine-common.c delete mode 100755 src/tpm2-tss-engine-common.h delete mode 100644 src/tpm2-tss-engine-digest-sign.c delete mode 100644 src/tpm2-tss-engine-ecc.c delete mode 100644 src/tpm2-tss-engine-err.c delete mode 100644 src/tpm2-tss-engine-err.h delete mode 100644 src/tpm2-tss-engine-rand.c delete mode 100644 src/tpm2-tss-engine-rsa.c delete mode 100644 src/tpm2-tss-engine.c delete mode 100644 src/tpm2tss-genkey.c delete mode 100755 test/ecdh.sh delete mode 100755 test/ecdsa-emptyauth.sh delete mode 100755 test/ecdsa-handle-flush.sh delete mode 100755 test/ecdsa-restricted.sh delete mode 100755 test/ecdsa.sh delete mode 100644 test/error_tpm2-tss-engine-common.c delete mode 100755 test/failload.sh delete mode 100755 test/failwrite.sh delete mode 100644 test/neg-handle.pem delete mode 100755 test/rand.sh delete mode 100755 test/rsadecrypt.sh delete mode 100755 test/rsasign.sh delete mode 100755 test/rsasign_importtpm.sh delete mode 100755 test/rsasign_importtpmparent.sh delete mode 100755 test/rsasign_parent.sh delete mode 100755 test/rsasign_parent_pass.sh delete mode 100755 test/rsasign_persistent.sh delete mode 100755 test/rsasign_persistent_emptyauth.sh delete mode 100755 test/rsasign_restricted.sh delete mode 100755 test/sclient.sh delete mode 100755 test/sh_log_compiler.sh delete mode 100755 test/sserver.sh delete mode 100644 test/tpm2-tss-engine-common.c create mode 100644 tpm2-tss-engine-1.1.0.tar.gz create mode 100644 tpm2-tss-engine.spec diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index c57f08b..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,57 +0,0 @@ -# Changelog -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## [1.2.0] - 2023-01-09 -### Fixed -- Updated minimal version of tpm2-tss to 2.4.x -- Fix encoding of emptyauth -- Fix some memory leaks -- Parent handle issues with signed representation by switching parent handle to BIGNUM. -- Fixed RSA_NO_PADDING modes with OpenSSL 1.1.1 -- Fixed autogen (bootstrap) call from release package by embedding VERSION file. - -### Added -- Use of restricted keys for signing -- StirRandom -- Run tests using swtpm -- The ability to import key blobs from things like the tpm2-tools project. -- Compatibility with openssl >=1.1.x -- Support for ECDH -- QNX support. -- Only set -Werror for non-release builds. -- Additional checks on TPM responses -- CODE_OF_CONDUCT -- SECURITY reporting instructions - -## [1.1.0] - 2020-11-20 -### Added -- Configure option for ptpm tests -- Configure script AX_CHECK_ENABLE_DEBUG -- Option for setting tcti on executable -- TCTI-env variable used by default -- Support for parent key passwords -- openssl.cnf sample file - -### Changed -- Fix several build system, autotools and testing related issues - Now adhere to CFLAGS conventions -- Include pkg-config dependecy on libtss2-mu in order to work with tpm2-tss 2.3 -- Enables parallel testing of integration tests: - Make integration tests use TPM simulator; instead of first TPM it finds - Use of different port numbers for TCP based tests -- Fix EC param info (using named curve format) -- Use tpm2-tools 4.X stable branch for integration tests -- Use libtss2-tctildr.so instead of custom code for tcti setup -- Fix manpages for -P/--parent option and correct engine name -- Fix TCTI env variable handling - -## [1.0.0] - 2019-04-04 -### Added -- Initial release of the OpenSSL engine for TPM2.0 using the TCG's TPM - Software Stack compliant tpm2-tss libraries. -- tpm2tss (the engine) compatible against OpenSSL 1.0.2 and 1.1.0. -- tpm2tss-genkey (cli-tool) for creating keys for use with the engine. -- man-pages and bash-completion are included. diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index 2dc02b2..0000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,133 +0,0 @@ - -# Contributor Covenant Code of Conduct - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, caste, color, religion, or sexual -identity and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -* Focusing on what is best not just for us as individuals, but for the overall - community - -Examples of unacceptable behavior include: - -* The use of sexualized language or imagery, and sexual attention or advances of - any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email address, - without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces, and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -[MAINTAINERS](MAINTAINERS). -All complaints will be reviewed and investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series of -actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or permanent -ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within the -community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.1, available at -[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. - -Community Impact Guidelines were inspired by -[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. - -For answers to common questions about this code of conduct, see the FAQ at -[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at -[https://www.contributor-covenant.org/translations][translations]. - -[homepage]: https://www.contributor-covenant.org -[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html -[Mozilla CoC]: https://github.com/mozilla/diversity -[FAQ]: https://www.contributor-covenant.org/faq -[translations]: https://www.contributor-covenant.org/translations diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 4035aca..0000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,36 +0,0 @@ -# Guidelines for submitting bugs: -All non security bugs should be filed on the Issues tracker: -https://github.com/tpm2-software/tpm2-tss-engine/issues - -Security sensitive bugs should follow the details in SECURITY.md. - -# Guideline for submitting changes: -All changes to the source code must follow the coding standard used in the -tpm2-tss project [here](https://github.com/tpm2-software/tpm2-tss/blob/master/doc/coding_standard_c.md). - -All changes should be introduced via github pull requests. This allows anyone to -comment and provide feedback in lieu of having a mailing list. For pull requests -opened by non-maintainers, any maintainer may review and merge that pull -request. For maintainers, they either must have their pull request reviewed by -another maintainer if possible, or leave the PR open for at least 24 hours, we -consider this the window for comments. - -## Patch requirements -* All tests must pass on Travis CI for the merge to occur. -* All changes must not introduce superfluous changes or whitespace errors. -* All commits should adhere to the git commit message guidelines described -here: https://chris.beams.io/posts/git-commit/ with the following exceptions. - * We allow commit subject lines up to 80 characters. -* All contributions must adhere to the Developers Certificate of Origin. The -full text of the DCO is here: https://developercertificate.org/. Contributors -must add a 'Signed-off-by' line to their commits. This indicates the -submitters acceptance of the DCO. - -## Guideline for merging changes -Pull Requests MUST be assigned to an upcoming release tag. If a release milestone does -not exist, the maintainer SHALL create it per the [RELEASE.md](RELEASE.md) instructions. -When accepting and merging a change, the maintainer MUST edit the description field for -the release milestone to add the CHANGELOG entry. - -Changes must be merged with the "rebase" option on github to avoid merge commits. -This provides for a clear linear history. diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 37897e2..0000000 --- a/LICENSE +++ /dev/null @@ -1,24 +0,0 @@ -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its - contributors may be used to endorse or promote products derived from - this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/MAINTAINERS b/MAINTAINERS deleted file mode 100644 index 054591c..0000000 --- a/MAINTAINERS +++ /dev/null @@ -1,2 +0,0 @@ -Andreas Fuchs -Juergen Repp (occasionally) diff --git a/Makefile.am b/Makefile.am deleted file mode 100644 index bda32b4..0000000 --- a/Makefile.am +++ /dev/null @@ -1,226 +0,0 @@ -#;*****************************************************************************; -# Copyright (c) 2018 Fraunhofer SIT sponsored by Infineon Technologies AG -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# 3. Neither the name of tpm2-tss-engine nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF -# THE POSSIBILITY OF SUCH DAMAGE. -#;*****************************************************************************; - -### Initialize global variables used throughout the file ### -INCLUDE_DIRS = -I$(srcdir)/include -I$(srcdir)/src -ACLOCAL_AMFLAGS = -I m4 --install -AM_CFLAGS = $(INCLUDE_DIRS) $(EXTRA_CFLAGS) $(TSS2_ESYS_CFLAGS) \ - $(TSS2_MU_CFLAGS) $(TSS2_TCTILDR_CFLAGS) $(CRYPTO_CFLAGS) \ - $(CODE_COVERAGE_CFLAGS) -AM_LDFLAGS = $(EXTRA_LDFLAGS) $(CODE_COVERAGE_LIBS) -AM_LDADD = $(TSS2_ESYS_LIBS) $(TSS2_MU_LIBS) $(TSS2_TCTILDR_LIBS) \ - $(CRYPTO_LIBS) - -AM_DISTCHECK_CONFIGURE_FLAGS = --with-enginesdir= --with-completionsdir= \ - --enable-unit - -# Initialize empty variables to be extended throughout -EXTRA_DIST = -CLEANFILES = -bin_PROGRAMS = - -### Add ax_* rules ### -# ax_code_coverage -if AUTOCONF_CODE_COVERAGE_2019_01_06 -include $(top_srcdir)/aminclude_static.am -clean-local: code-coverage-clean -distclean-local: code-coverage-dist-clean -else -@CODE_COVERAGE_RULES@ -endif - -# ax_valgrind_check -@VALGRIND_CHECK_RULES@ - -### OpenSSL Engine ### -openssl_enginedir = $(ENGINESDIR) -openssl_engine_LTLIBRARIES = libtpm2tss.la - -include_HEADERS = include/tpm2-tss-engine.h - -libtpm2tss_la_SOURCES = src/tpm2-tss-engine.c \ - src/tpm2-tss-engine-common.c \ - src/tpm2-tss-engine-common.h \ - src/tpm2-tss-engine-digest-sign.c \ - src/tpm2-tss-engine-err.c \ - src/tpm2-tss-engine-err.h \ - src/tpm2-tss-engine-ecc.c \ - src/tpm2-tss-engine-rand.c \ - src/tpm2-tss-engine-rsa.c -libtpm2tss_la_CFLAGS = $(AM_CFLAGS) -libtpm2tss_la_LIBADD = $(AM_LDADD) -libtpm2tss_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined -avoid-version \ - -export-symbols-regex '(tpm2tss*|bind_engine|v_check)' - -install-exec-local: - ([ -e $(DESTDIR)$(openssl_enginedir) ] || \ - $(MKDIR_P) $(DESTDIR)$(openssl_enginedir)) - -# Due to confusions with OpenSSL Naming conventions for engines regarding the -# lib* prefix, we will create a symlink for the engine on install -# see https://github.com/tpm2-software/tpm2-tss-engine/issues/6#issuecomment-422489744 -# see https://github.com/openssl/openssl/commit/9ee0ed3de66678a15db126d10b3e4226e835b8f5 -install-exec-hook: - (cd $(DESTDIR)$(openssl_enginedir) && \ - $(LN_S) -f libtpm2tss.so tpm2tss.so) - -uninstall-hook: - (cd $(DESTDIR)$(openssl_enginedir) && \ - [ -L tpm2tss.so ] && rm -f tpm2tss.so) - -### KeyGenerator ### -bin_PROGRAMS += tpm2tss-genkey - -tpm2tss_genkey_SOURCES = src/tpm2tss-genkey.c -tpm2tss_genkey_CFLAGS = $(AM_CFLAGS) -tpm2tss_genkey_LDADD = $(AM_LDADD) libtpm2tss.la -tpm2tss_genkey_LDFLAGS = $(AM_LDFLAGS) - -### Tests ### -TESTS = $(TESTS_INTEGRATION) $(TESTS_UNIT) - -check_PROGRAMS = $(TESTS_UNIT) -TESTS_UNIT = -TESTS_INTEGRATION = - -if INTEGRATION -TESTS_INTEGRATION += $(TESTS_SHELL) -endif #INTEGRATION -TESTS_SHELL = test/ecdsa.sh \ - test/ecdsa-emptyauth.sh \ - test/ecdsa-handle-flush.sh \ - test/rand.sh \ - test/rsadecrypt.sh \ - test/rsasign.sh \ - test/failload.sh \ - test/failwrite.sh \ - test/rsasign_importtpm.sh \ - test/rsasign_importtpmparent.sh \ - test/rsasign_parent.sh \ - test/rsasign_parent_pass.sh \ - test/rsasign_persistent.sh \ - test/rsasign_persistent_emptyauth.sh \ - test/sserver.sh \ - test/sclient.sh -if HAVE_OPENSSL_ECDH -TESTS_SHELL += test/ecdh.sh -endif -if HAVE_OPENSSL_DIGEST_SIGN -TESTS_SHELL += test/ecdsa-restricted.sh \ - test/rsasign_restricted.sh -endif -EXTRA_DIST += $(TESTS_SHELL) test/neg-handle.pem -TEST_EXTENSIONS = .sh -SH_LOG_COMPILER = $(srcdir)/test/sh_log_compiler.sh -SH_LOG_FLAGS = $(INTEGRATION_ARGS) -EXTRA_DIST += $(SH_LOG_COMPILER) - -if UNIT -TESTS_UNIT += test/error_tpm2-tss-engine-common test/tpm2-tss-engine-common -test_error_tpm2_tss_engine_common_CFLAGS = $(AM_CFLAGS) $(CMOCKA_CFLAGS) -test_error_tpm2_tss_engine_common_LDADD = $(AM_LDADD) $(CMOCKA_LIBS) -test_error_tpm2_tss_engine_common_LDFLAGS = $(AM_LDFLAGS) -Wl,--wrap=Esys_Initialize -test_error_tpm2_tss_engine_common_SOURCES = test/error_tpm2-tss-engine-common.c \ - $(libtpm2tss_la_SOURCES) -test_tpm2_tss_engine_common_CFLAGS = $(AM_CFLAGS) $(CMOCKA_CFLAGS) \ - -DNEG_HANDLE_PEM=\"$(top_srcdir)/test/neg-handle.pem\" -test_tpm2_tss_engine_common_LDADD = $(AM_LDADD) $(CMOCKA_LIBS) -test_tpm2_tss_engine_common_LDFLAGS = $(AM_LDFLAGS) -test_tpm2_tss_engine_common_SOURCES = test/tpm2-tss-engine-common.c \ - $(libtpm2tss_la_SOURCES) -endif #UNIT - -# Adding user and developer information -EXTRA_DIST += \ - CHANGELOG.md \ - CONTRIBUTING.md \ - INSTALL.md \ - LICENSE \ - README.md \ - VERSION - -# Generate the AUTHORS file from git log -AUTHORS: - $(AM_V_GEN)git log --format='%aN <%aE>' | \ - grep -v 'users.noreply.github.com' | sort -u > $@ -EXTRA_DIST += AUTHORS -CLEANFILES += AUTHORS - -if HAVE_MAN_PAGES -### Man Pages -dist_man_MANS = \ - man/man1/tpm2tss-genkey.1 \ - man/man3/tpm2tss_tpm2data_write.3 \ - man/man3/tpm2tss_rsa_makekey.3 \ - man/man3/tpm2tss_rsa_genkey.3 \ - man/man3/tpm2tss_ecc_makekey.3 \ - man/man3/tpm2tss_ecc_genkey.3 \ - man/man3/tpm2tss_ecc_getappdata.3 \ - man/man3/tpm2tss_tpm2data_read.3 \ - man/man3/tpm2tss_ecc_setappdata.3 -endif - -if !HAVE_PANDOC -# If pandoc is not enabled, we want to complain that you need pandoc for make dist, -# so hook the target and complain. -dist-hook: - @(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages") - @exit 1 -endif - -man/man3/tpm2tss_tpm2data_read.3: man/man3/tpm2tss_tpm2data_write.3 - $(AM_V_GEN)(rm $@ 2>/dev/null || true) && ln -s tpm2tss_tpm2data_write.3 $@ - -man/man3/tpm2tss_ecc_setappdata.3: man/man3/tpm2tss_ecc_getappdata.3 - $(AM_V_GEN)(rm $@ 2>/dev/null || true) && ln -s tpm2tss_ecc_getappdata.3 $@ - -man/man1/%.1: man/%.1.md - $(AM_V_GEN)mkdir -p man/man1 && cat $< | $(PANDOC) -s -t man >$@ - -man/man3/%.3: man/%.3.md - $(AM_V_GEN)mkdir -p man/man3 && cat $< | $(PANDOC) -s -t man >$@ - -EXTRA_DIST += \ - man/tpm2tss-genkey.1.md \ - man/tpm2tss_tpm2data_write.3.md \ - man/tpm2tss_rsa_makekey.3.md \ - man/tpm2tss_rsa_genkey.3.md \ - man/tpm2tss_ecc_makekey.3.md \ - man/tpm2tss_ecc_genkey.3.md \ - man/tpm2tss_ecc_getappdata.3.md - -CLEANFILES += \ - $(dist_man_MANS) - -### Bash Completion -bash_completiondir = $(completionsdir) -bash_completion_DATA = bash-completion/tpm2tss-genkey -EXTRA_DIST += bash-completion/tpm2tss-genkey diff --git a/RELEASE.md b/RELEASE.md deleted file mode 100644 index fb9c065..0000000 --- a/RELEASE.md +++ /dev/null @@ -1,101 +0,0 @@ -# Release Process: -This document describes the general process that maintainers must follow when -making a release of the `tpm2-tss-engine` library and cli-tool. - -# Milestones -All releases should have a milestone used to track the release. If the release version is not known, as covered in [Version Numbers](#Version Numbers), -then an "x" may be used for the unknown number, or the generic term "next" may be used. The description field of the milestone will be used to record -the CHANGELOG for that release. See [CHANGELOG Update](#CHANGELOG Update) for details. - -# Version Numbers -This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -In summary: Given a version number MAJOR.MINOR.PATCH, increment the: -1. MAJOR version when you make incompatible API changes, -2. MINOR version when you add functionality in a backwards-compatible manner, and -3. PATCH version when you make backwards-compatible bug fixes. -Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format. - -## Version String -The version string is set for the rest of the autotools bits by autoconf. -Autoconf gets this string from the `AC_INIT` macro in the configure.ac file. -Once you decide on the next version number (using the scheme above) you must set -it manually in configure.ac. The version string must be in the form `A.B.C` -where `A`, `B` and `C` are integers representing the major, minor and micro -components of the version number. - -## Release Candidates -In the run up to a release the maintainers may create tags to identify progress -toward the release. In these cases we will append a string to the release number -to indicate progress using the abbreviation `rc` for 'release candidate'. This -string will take the form of `-rcX`. We append an incremental digit `X` in case -more than one release candidate is necessary to communicate progress as -development moves forward. - -# CHANGELOG Update -Before tagging the repository with the release version, the maintainer MUST update the CHANGELOG file with the contents from the description field -from the corresponding release milestone and update any missing version string details in the CHANGELOG and milestone entry. - -# Git Tags -When a release is made a tag is created in the git repo identifying the release -by the [version string](#Version String). The tag should be pushed to upstream -git repo as the last step in the release process. -**NOTE** tags for release candidates will be deleted from the git repository -after a release with the corresponding version number has been made. -**NOTE** release (not release candidate) tags should be considered immutable. - -## Signed tags -Git supports GPG signed tags and releases will have tags signed by a maintainer. -For details on how to sign and verify git tags see: -https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work. - -# Release tarballs -We use the git tag as a way to mark the point of the release in the projects -history. We do not however encourage users to build from git unless they intend -to modify the source code and contribute to the project. For the end user we -provide release tarballs following the GNU conventions as closely as possible. - -To make a release tarball use the `distcheck` make target. -This target includes a number of sanity checks that are extremely helpful. -For more information on `automake` and release tarballs see: -https://www.gnu.org/software/automake/manual/html_node/Dist.html#Dist - -## Hosting Releases on Github -Github automagically generates a page in their UI that maps git tags to -'releases' (even if the tag isn't for a release). Additionally they support -hosting release tarballs through this same interface. The release tarball -created in the previous step must be posted to github using the release -interface. Additionally, this tarball must be accompanied by a detached GPG -signature. The Debian wiki has an excellent description of how to post a signed -release to Github here: -https://wiki.debian.org/Creating%20signed%20GitHub%20releases -**NOTE** release candidates must be taken down after a release with the -corresponding version number is available. - -## Signing Release Tarballs -Signatures must be generated using the `--detach-sign` and `--armor` options to -the `gpg` command. - -## Verifying Signatures -Verifying the signature on a release tarball requires the project maintainers -public keys be installed in the GPG keyring of the verifier. With both the -release tarball and signature file in the same directory the following command -will verify the signature: -``` -$ gpg --verify tpm2-tss-engine-X.Y.Z.tar.gz.asc -``` - -## Signing Keys -The GPG keys used to sign a release tag and the associated tarball must be the -same. Additionally they must: -* belong to a project maintainer -* be discoverable using a public GPG key server -* be associated with the maintainers github account -(https://help.github.com/articles/adding-a-new-gpg-key-to-your-github-account/) - -# Announcements -Release candidates and proper releases should be announced on the mailing list: - - https://lists.linuxfoundation.org/mailman/listinfo/tpm2 - -This announcement should be accompanied by a link to the release page on Github -as well as a link to the CHANGELOG.md accompanying the release. diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index a59e069..0000000 --- a/SECURITY.md +++ /dev/null @@ -1,37 +0,0 @@ -# Security Policy - -## Supported Versions - -Currently supported versions: - -| Version | Supported | -| ------- | ------------------ | -| any | :white_check_mark: | - -## Reporting a Vulnerability - -### Reporting - -Security vulnerabilities can be disclosed in one of two ways: -- GitHub: *preferred* By following [these](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) instructions. -- Email: A descirption *should be emailed* to **all** members of the [MAINTAINERS](MAINTAINERS) file to coordinate the -disclosure of the vulnerability. - -### Tracking - -When a maintainer is notified of a security vulnerability, they *must* create a GitHub security advisory -per the instructions at: - - - - -Maintainers *should* use the optional feature through GitHub to request a CVE be issued, alternatively RedHat has provided CVE's -in the past and *may* be used, but preference is on GitHub as the issuing CNA. - -### Publishing - -Once ready, maintainers should publish the security vulnerability as outlined in: - - - - -As well as ensuring the publishing of the CVE, maintainers *shal*l have new release versions ready to publish at the same time as -the CVE. Maintainers *should* should strive to adhere to a sub 60 say turn around from report to release. diff --git a/bash-completion/tpm2tss-genkey b/bash-completion/tpm2tss-genkey deleted file mode 100644 index 3897ff6..0000000 --- a/bash-completion/tpm2tss-genkey +++ /dev/null @@ -1,44 +0,0 @@ -_tpm2tss-genkey() -{ - local cur prev opts - COMPREPLY=() - cur="${COMP_WORDS[COMP_CWORD]}" - prev="${COMP_WORDS[COMP_CWORD-1]}" - - case "${prev}" in - -a | --alg) - COMPREPLY=( $(compgen -W "rsa ecdsa" -- ${cur}) ); - return 0 - ;; - -c | --curve) - COMPREPLY=( $(compgen -W "nist_p256" -- ${cur}) ); - return 0 - ;; - -e | --exponent) - COMPREPLY=( $(compgen -W "65537" -- ${cur}) ); - return 0 - ;; - -o | --ownerpw | \ - -p | --password) - COMPREPLY="" - return 0 - ;; - -s | --keysize) - COMPREPLY=( $(compgen -W "2048" -- ${cur}) ); - return 0 - ;; - -W | --parentpw) - COMPREPLY="" - return 0 - ;; - esac; - - opts="-a --alg -c --curve -e --exponent -h --help -o --ownerpw -p --password -s --keysize -v --verbose -W --parentpw" - if [[ ${cur} = -* ]] ; then - COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) - return 0 - fi - - COMPREPLY=( $(compgen -f ${cur}) ) -} -complete -F _tpm2tss-genkey tpm2tss-genkey diff --git a/bootstrap b/bootstrap deleted file mode 100755 index ea4b79c..0000000 --- a/bootstrap +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -e - -git describe --tags --always --dirty > VERSION - -autoreconf --install --sym diff --git a/configure.ac b/configure.ac deleted file mode 100644 index d4a9356..0000000 --- a/configure.ac +++ /dev/null @@ -1,256 +0,0 @@ -#;*****************************************************************************; -# Copyright (c) 2018 Fraunhofer SIT sponsored by Infineon Technologies AG -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# 3. Neither the name of tpm2-tss-engine nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF -# THE POSSIBILITY OF SUCH DAMAGE. -#;*****************************************************************************; -AC_PREREQ([2.68]) - -AC_INIT([tpm2-tss-engine], - [m4_esyscmd_s([cat ./VERSION])], - [https://github.com/tpm2-software/tpm2-tss-engine/issues], - [], - [https://github.com/tpm2-software/tpm2-tss-engine]) - -dnl Let's be FHS-conform by default. -if test "$prefix" = '/usr'; then - test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc" - test "$sharedstatedir" = '${prefix}/com' && sharedstatedir="/var" - test "$localstatedir" = '${prefix}/var' && localstatedir="/var" -fi - -AC_CONFIG_MACRO_DIR([m4]) -AC_CONFIG_SRCDIR([src/tpm2-tss-engine.c]) -AC_CONFIG_AUX_DIR([build-aux]) - -# propagate configure arguments to distcheck -AC_SUBST([DISTCHECK_CONFIGURE_FLAGS],[$ac_configure_args]) - -AC_CANONICAL_SYSTEM - -AM_INIT_AUTOMAKE([foreign subdir-objects -Wall -Wno-portability]) -#Backward compatible setting of "silent-rules" -m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) -AM_MAINTAINER_MODE([enable]) - -AX_IS_RELEASE([dash-version]) -AX_CHECK_ENABLE_DEBUG([info]) - -AC_PROG_CC -AC_PROG_CC_C99 -AM_PROG_CC_C_O -LT_INIT() - -AC_PROG_MKDIR_P -AC_PROG_LN_S - -AC_CONFIG_HEADERS([src/config.h]) - -AC_ARG_ENABLE([tctienvvar], - [AS_HELP_STRING([--disable-tctienvvar], - [Disable setting the TCTI option from an environment variable])],, - [enable_tctienvvar=yes]) -AS_IF([test "x$enable_tctienvvar" = xyes], [AC_DEFINE([ENABLE_TCTIENVVAR], [1], - 'Enable getting TCTI from env variable')]) - -AC_CONFIG_FILES([Makefile]) - -AC_ARG_ENABLE([defaultflags], - [AS_HELP_STRING([--disable-defaultflags], - [Disable default preprocessor, compiler, and linker flags.])],, - [enable_defaultflags=yes]) -AS_IF([test "x$enable_defaultflags" = "xyes"], - [ - AX_ADD_COMPILER_FLAG([-std=gnu99]) - AX_ADD_COMPILER_FLAG([-Wall]) - AX_ADD_COMPILER_FLAG([-Wextra]) - AX_ADD_COMPILER_FLAG([-Wformat-security]) - AS_IF([test "x$ax_is_release" = "xno"], [AX_ADD_COMPILER_FLAG([-Werror])]) - AX_ADD_COMPILER_FLAG([-fstack-protector-all]) - AX_ADD_COMPILER_FLAG([-fpic]) - AX_ADD_COMPILER_FLAG([-fPIC]) - - # work around GCC bug #53119 - # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53119 - AX_ADD_COMPILER_FLAG([-Wno-missing-braces]) - - AX_ADD_LINK_FLAG([-Wl,--no-undefined]) - AX_ADD_LINK_FLAG([-Wl,-z,noexecstack]) - AX_ADD_LINK_FLAG([-Wl,-z,now]) - AX_ADD_LINK_FLAG([-Wl,-z,relro]) - ]) - -AX_CODE_COVERAGE -m4_ifdef([_AX_CODE_COVERAGE_RULES], - [AM_CONDITIONAL(AUTOCONF_CODE_COVERAGE_2019_01_06, [true])], - [AM_CONDITIONAL(AUTOCONF_CODE_COVERAGE_2019_01_06, [false])]) -AX_ADD_AM_MACRO_STATIC([]) - -PKG_PROG_PKG_CONFIG([0.25]) -PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.2g], - [ac_enginesdir=`$PKG_CONFIG --variable=enginesdir libcrypto`]) -PKG_CHECK_MODULES([TSS2_ESYS], [tss2-esys >= 2.3]) -PKG_CHECK_MODULES([TSS2_MU], [tss2-mu]) -PKG_CHECK_MODULES([TSS2_TCTILDR], [tss2-tctildr]) -AC_CHECK_LIB([crypto], EC_KEY_METHOD_set_compute_key, - [AM_CONDITIONAL([HAVE_OPENSSL_ECDH], true)], - [AM_CONDITIONAL([HAVE_OPENSSL_ECDH], false)]) -AC_CHECK_LIB([crypto], EVP_PKEY_meth_set_digest_custom, - [AM_CONDITIONAL([HAVE_OPENSSL_DIGEST_SIGN], true)], - [AM_CONDITIONAL([HAVE_OPENSSL_DIGEST_SIGN], false)]) -AS_IF([test "x$ac_cv_lib_crypto_EVP_PKEY_meth_set_digest_custom" = xyes], - [AC_DEFINE([HAVE_OPENSSL_DIGEST_SIGN], [1], - Have required functionality from OpenSSL to support digest and sign)]) - -AC_PATH_PROG([PANDOC], [pandoc]) -AS_IF([test -z "$PANDOC"], - [AC_MSG_WARN([Required executable pandoc not found, man pages will not be built])]) -AM_CONDITIONAL([HAVE_PANDOC],[test -n "$PANDOC"]) -AM_CONDITIONAL([HAVE_MAN_PAGES],[test -d "${srcdir}/man/man1" -o -n "$PANDOC"]) - -AC_PATH_PROG([EXPECT], [expect]) -AS_IF([test -z "$EXPECT"], - [AC_MSG_WARN([Required executable expect not found, some tests might fail])]) - -AC_ARG_WITH([enginesdir], - [AS_HELP_STRING([--with-enginesdir], - [Set the OpenSSL engine directory (default: use pkg-config)])], - [], - [with_enginesdir=$ac_enginesdir]) -AS_IF([test -z "$with_enginesdir"], - [AC_MSG_WARN([Empty enginesdir, using $libdir/engines instead.])]) -# This weirdness is necessary to enable distcheck via DISTCHECK_CONFIGURE_FLAGS -AS_IF([test -z "$with_enginesdir"], - [with_enginesdir=$libdir/engines]) -AC_SUBST(ENGINESDIR, "$with_enginesdir") - -AC_ARG_WITH([completionsdir], - [AS_HELP_STRING([--with-completionsdir], - [Set the bash completions directory (default: use pkg-config)])], - [], - [with_completionsdir=`$PKG_CONFIG --variable=completionsdir bash-completion`]) -AS_IF([test -z "$with_completionsdir"], - [AC_MSG_WARN([Empty completionsdir, using $datarootdir/bash-completion/completions instead.])]) -AS_IF([test -z "$with_completionsdir"], - [with_completionsdir=$datarootdir/bash-completion/completions]) -AC_SUBST(completionsdir, "$with_completionsdir") - -AC_ARG_ENABLE([unit], - [AS_HELP_STRING([--enable-unit], - [build cmocka unit tests])],, - [enable_unit=no]) -AS_IF([test "x$enable_unit" != "xno" ], - [PKG_CHECK_MODULES([CMOCKA], [cmocka >= 1.0])]) -AM_CONDITIONAL([UNIT], [test "x$enable_unit" != xno]) - -AC_ARG_ENABLE([integration], - [AS_HELP_STRING([--enable-integration], - [build integration tests against TPM])],, - [enable_integration=no]) -AM_CONDITIONAL([INTEGRATION], [test "x$enable_integration" != xno]) - -# Use physical TPM device for testing -AC_ARG_WITH([device], - [AS_HELP_STRING([--with-device=],[TPM device for testing])], - [AS_IF([test \( -w "$with_device" \) -a \( -r "$with_device" \)], - [AC_MSG_RESULT([success]) - AX_NORMALIZE_PATH([with_device]) - with_device_set=yes], - [AC_MSG_ERROR([TPM device provided does not exist or is not writable])])], - [with_device_set=no]) -AM_CONDITIONAL([TESTDEVICE],[test "x$with_device_set" = xyes]) - -AC_CHECK_FUNC([backtrace_symbols_fd],[AC_DEFINE([HAVE_EXECINFO],[1], ['Define to 1 if you have the header file.'])]) - -# Integration test with simulator -AS_IF([test "x$enable_integration" = xyes && test "x$with_device_set" = xno], - [integration_args="" - AC_CHECK_PROG([tpm2_startup], [tpm2_startup], [yes]) - AS_IF([test "x$tpm2_startup" != xyes], - [AC_MSG_ERROR([Integration tests require the tpm2_startup executable])]) - AC_CHECK_PROG([swtpm], [swtpm], [yes]) - AC_CHECK_PROG([tpm_server], [tpm_server], [yes]) - AS_IF([test "x$swtpm" != xyes && test "x$tpm_server" != xyes], - [AC_MSG_ERROR([Integration tests require either the swtpm or the tpm_server executable])]) - AC_CHECK_PROG([realpath], [realpath], [yes]) - AS_IF([test "x$realpath" != xyes], - [AC_MSG_ERROR([Integration tests require the realpath executable])]) - AC_CHECK_PROG([ss], [ss], [yes]) - AS_IF([test "x$ss" != xyes], - [AC_MSG_ERROR([Integration tests require the ss executable])]) - AS_IF([test "x$enable_tctienvvar" != xyes], - [AC_MSG_ERROR([Integration tests require building with TCTI environment variable support])]) - AC_SUBST([INTEGRATION_ARGS], [$integration_args]) - ]) - -# Integration test with physical device -AS_IF([test "x$enable_integration" = xyes && test "x$with_device_set" = xyes ], - [integration_args="$with_device" - AC_CHECK_PROG([realpath], [realpath], [yes]) - AS_IF([test "x$realpath" != xyes], - [AC_MSG_ERROR([Integration tests require the realpath executable])]) - AS_IF([test "x$enable_tctienvvar" != xyes], - [AC_MSG_ERROR([Integration tests require building with TCTI environment variable support])]) - AC_SUBST([INTEGRATION_ARGS], [$integration_args]) - ]) - -AX_VALGRIND_CHECK - -# -# sanitizer compiler flags -# -AC_ARG_WITH([sanitizer], - [AS_HELP_STRING([--with-sanitizer={none,address,undefined}], - [build with the given sanitizer])],, - [with_sanitizer=none]) -AS_CASE(["x$with_sanitizer"], - ["xnone"], - [], - ["xaddress"], - [ - SANITIZER_CFLAGS="-fsanitize=address -fno-omit-frame-pointer" - SANITIZER_LDFLAGS="-lasan" - ], - ["xundefined"], - [ - SANITIZER_CFLAGS="-fsanitize=undefined" - SANITIZER_LDFLAGS="-lubsan" - ], - [AC_MSG_ERROR([Bad value for --with-sanitizer])]) -AC_SUBST([SANITIZER_CFLAGS]) -AC_SUBST([SANITIZER_LDFLAGS]) - -AC_OUTPUT - -AC_MSG_RESULT([ -$PACKAGE_NAME $VERSION - man-pages: $PANDOC - enginesdir: $with_enginesdir - completionsdir: $with_completionsdir - device: $with_device -]) - diff --git a/include/tpm2-tss-engine.h b/include/tpm2-tss-engine.h deleted file mode 100644 index 1d29530..0000000 --- a/include/tpm2-tss-engine.h +++ /dev/null @@ -1,103 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ -#ifndef TPM2_TSS_ENGINE_H -#define TPM2_TSS_ENGINE_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum { - KEY_TYPE_BLOB, - KEY_TYPE_HANDLE -} KEY_TYPE; - -typedef struct { - int emptyAuth; - TPM2B_DIGEST userauth; - TPM2B_PUBLIC pub; - TPM2_HANDLE parent; - KEY_TYPE privatetype; - union { - TPM2B_PRIVATE priv; - TPM2_HANDLE handle; - }; -} TPM2_DATA; - -#define TPM2TSS_SET_OWNERAUTH ENGINE_CMD_BASE -#define TPM2TSS_SET_TCTI (ENGINE_CMD_BASE + 1) -#define TPM2TSS_SET_PARENTAUTH (ENGINE_CMD_BASE + 2) - -int -tpm2tss_tpm2data_write(const TPM2_DATA *tpm2data, const char *filename); - -int -tpm2tss_tpm2data_read(const char *filename, TPM2_DATA **tpm2Datap); - -int -tpm2tss_tpm2data_readtpm(uint32_t handle, TPM2_DATA **tpm2Datap); - -int -tpm2tss_tpm2data_importtpm(const char *filenamepub, const char *filenametpm, - TPM2_HANDLE parent, int emptyAuth, - TPM2_DATA **tpm2Datap); - -EVP_PKEY * -tpm2tss_rsa_makekey(TPM2_DATA *tpm2Data); - -int -tpm2tss_rsa_genkey(RSA *rsa, int bits, BIGNUM *e, char *password, - TPM2_HANDLE parentHandle); - -EVP_PKEY * -tpm2tss_ecc_makekey(TPM2_DATA *tpm2Data); - -int -tpm2tss_ecc_genkey(EC_KEY *key, TPMI_ECC_CURVE curve, const char *password, - TPM2_HANDLE parentHandle); - -TPM2_DATA * -#if OPENSSL_VERSION_NUMBER < 0x10100000 -tpm2tss_ecc_getappdata(EC_KEY *key); -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ -tpm2tss_ecc_getappdata(const EC_KEY *key); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - -int -tpm2tss_ecc_setappdata(EC_KEY *key, TPM2_DATA *data); - -#ifdef __cplusplus -} -#endif -#endif /* TPM2_TSS_ENGINE_H */ diff --git a/m4/flags.m4 b/m4/flags.m4 deleted file mode 100644 index 8dcee7d..0000000 --- a/m4/flags.m4 +++ /dev/null @@ -1,52 +0,0 @@ -dnl AX_ADD_COMPILER_FLAG: -dnl A macro to add a CFLAG to the EXTRA_CFLAGS variable. This macro will -dnl check to be sure the compiler supports the flag. Flags can be made -dnl mandatory (configure will fail). -dnl $1: C compiler flag to add to EXTRA_CFLAGS. -dnl $2: Set to "required" to cause configure failure if flag not supported. -AC_DEFUN([AX_ADD_COMPILER_FLAG],[ - AX_CHECK_COMPILE_FLAG([$1],[ - EXTRA_CFLAGS="$EXTRA_CFLAGS $1" - AC_SUBST([EXTRA_CFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional CFLAG "$1" not supported by your compiler, continuing.])],[ - AC_MSG_ERROR([Required CFLAG "$1" not supported by your compiler, aborting.])] - )],[ - -Wall -Werror] - )] -) -dnl AX_ADD_PREPROC_FLAG: -dnl Add the provided preprocessor flag to the EXTRA_CFLAGS variable. This -dnl macro will check to be sure the preprocessor supports the flag. -dnl The flag can be made mandatory by providing the string 'required' as -dnl the second parameter. -dnl $1: Preprocessor flag to add to EXTRA_CFLAGS. -dnl $2: Set to "required" t ocause configure failure if preprocesor flag -dnl is not supported. -AC_DEFUN([AX_ADD_PREPROC_FLAG],[ - AX_CHECK_PREPROC_FLAG([$1],[ - EXTRA_CFLAGS="$EXTRA_CFLAGS $1" - AC_SUBST([EXTRA_CFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional preprocessor flag "$1" not supported by your compiler, continuing.])],[ - AC_MSG_ERROR([Required preprocessor flag "$1" not supported by your compiler, aborting.])] - )],[ - -Wall -Werror] - )] -) -dnl AX_ADD_LINK_FLAG: -dnl A macro to add a LDLAG to the EXTRA_LDFLAGS variable. This macro will -dnl check to be sure the linker supports the flag. Flags can be made -dnl mandatory (configure will fail). -dnl $1: linker flag to add to EXTRA_LDFLAGS. -dnl $2: Set to "required" to cause configure failure if flag not supported. -AC_DEFUN([AX_ADD_LINK_FLAG],[ - AX_CHECK_LINK_FLAG([$1],[ - EXTRA_LDFLAGS="$EXTRA_LDFLAGS $1" - AC_SUBST([EXTRA_LDFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional LDFLAG "$1" not supported by your linker, continuing.])],[ - AC_MSG_ERROR([Required LDFLAG "$1" not supported by your linker, aborting.])] - )] - )] -) diff --git a/man/tpm2tss-genkey.1.md b/man/tpm2tss-genkey.1.md deleted file mode 100644 index ba18174..0000000 --- a/man/tpm2tss-genkey.1.md +++ /dev/null @@ -1,118 +0,0 @@ -% tpm2tss-genkey(1) tpm2-tss-engine | General Commands Manual -% -% OCTOBER 2020 - -# NAME -**tpm2tss-genkey**(1) -- generate TPM keys for tpm2-tss-engine - -# SYNOPSIS - -**tpm2tss-genkey** [*options*] <*filename*> - -# DESCRIPTION - -**tpm2tss-genkey** creates a key inside a TPM 2.0 connected via the -tpm2tss software stack. Those keys may be an RSA key for decryption or signing -or an ECC key for ECDSA signatures. - -The tool respects the OPENSSL_CONF option for specifying engine specific control -parameters. See `man(5) config` for details on openssl config files. - -# ARGUMENTS - -The `tpm2tss-genkey` command expects a filename for storing the resulting TPM -key information. This file can then be loaded with OpenSSL using -`openssl pkeyutl -engine tpm2tss -keyform engine -inkey `. - -# OPTIONS - - * `-a `, `--alg `: - The public key algorithm (rsa, ecdsa) (default: rsa) - - * `-c `, `--curve `: - If alg ecdsa is chosen, the curve for ecc (default: nist_p256) - - * `-u `, `--public `: - Public key (TPM2B_PUBLIC) to be imported. Requires `-r`. - - * `-r `, `--private `: - The (encrypted) private key (TPM2B_PRIVATE) to be imported. - Requires `-u`. - - * `-e `, `--exponent `: - If alg rsa is chosen, the exponent for rsa (default: 65537) - - * `-h`, `--help`: - Print help - - * `-o `, `--ownerpw `: - Password for the owner hierarchy (default: none) - Openssl Config control command: `SET_OWNERAUTH` - - * `-p `, `--password `: - Password for the created key (default: none) - - * `-P `, `--parent `: - Specific handle for the parent key (default: none) - - * `-s `, `--keysize `: - If alg rsa is chosen, the key size in bits (default: 2048) - - * `-v`, `--verbose`: - Print verbose messages - - * `-W `, `--parentpw `: - Password for the parent key (default: none) - Openssl Config control command: `SET_PARENTAUTH` - - * `-t `, `--tcti `: - TCTI Configuration string (default: none) - Openssl Config control command: `SET_TCTI` - -# EXAMPLES - -Engine information can be retrieved using: -``` -$ openssl engine -t -c tpm2tss -``` -The following sequence of commands creates an RSA key using the TPM, exports the -public key, encrypts a data file and decrypts it using the TPM: -``` -$ tpm2tss-genkey -a rsa -s 2048 mykey -$ openssl rsa -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub -$ openssl pkeyutl -pubin -inkey mykey.pub -in mydata -encrypt -out mycipher -$ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -decrypt -in mycipher -out mydata -``` -The following sequence of commands creates an RSA key using the TPM, exports the -public key, signs a data file using the TPM and validates the signature: -``` -$ tpm2tss-genkey -a rsa -s 2048 mykey -$ openssl rsa -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub -$ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -sign -in mydata -out mysig -$ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -verify -in mydata -sigfile mysig -``` -The following sequence of commands creates an ECDSA key using the TPM, exports -the public key, signs a data file using the TPM and validates the signature: -``` -$ tpm2tss-genkey -a ecdsa -c nist_p256 mykey -$ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -sign -in mydata -out mysig -$ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -verify -in mydata -sigfile mysig -``` - -# RETURNS - -0 on success or 1 on failure. - -## AUTHOR - -Written by Andreas Fuchs. - -## COPYRIGHT - -tpm2tss is Copyright (C) 2017-2018 Fraunhofer SIT sponsored by Infineon -Technologies AG. License BSD 3-clause. - -## SEE ALSO - -openssl(1) - diff --git a/man/tpm2tss_ecc_genkey.3.md b/man/tpm2tss_ecc_genkey.3.md deleted file mode 100644 index 7084815..0000000 --- a/man/tpm2tss_ecc_genkey.3.md +++ /dev/null @@ -1,36 +0,0 @@ -% tpm2tss-tpm2data_write(3) tpm2-tss-engine | Library calls -% -% JUNE 2018 - -# NAME -**tpm2tss_ecc_genkey** -- Make an ECC key object - -# SYNOPSIS - -**#include ** - -**int tpm2tss_ecc_genkey(EC_KEY *key, TPMI_ECC_CURVE curve, const char *password);** - -# DESCRIPTION - -**tpm2tss_ECC_genkey** issues the generation of an ECC key `key` using the TPM. -The ECC curve is determined by `curve`. The new key will be protected by -`password`. - -# RETURN VALUE - -Upon successful completion **tpm2tss_ecc_genkey**() returns 1. Otherwise 0. - -## AUTHOR - -Written by Andreas Fuchs. - -## COPYRIGHT - -tpm2tss is Copyright (C) 2018 Fraunhofer SIT sponsored by Infineon -Technologies AG. License BSD 3-clause. - -## SEE ALSO - -openssl(1), tpm2tss_genkey(1) - diff --git a/man/tpm2tss_ecc_getappdata.3.md b/man/tpm2tss_ecc_getappdata.3.md deleted file mode 100644 index 32abb5b..0000000 --- a/man/tpm2tss_ecc_getappdata.3.md +++ /dev/null @@ -1,39 +0,0 @@ -% tpm2tss-tpm2data_write(3) tpm2-tss-engine | Library calls -% -% JUNE 2018 - -# NAME -**tpm2tss_ecc_getappdata**, **tpm2tss_ecc_setappdata** -- Make an ECC key object - -# SYNOPSIS - -**#include ** - -**TPM2_DATA * tpm2tss_ecc_getappdata(const EC_KEY *key);** - -**int tpm2tss_ecc_setappdata(EC_KEY *key, TPM2_DATA *data);** - -# DESCRIPTION - -**tpm2tss_ecc_getappdata** - -**tpm2tss_ecc_setappdata** - -# RETURN VALUE - -Upon successful completion **tpm2tss_ecc_getappdata**() and -**tpm2tss_ecc_setappdata**() return 1. Otherwise 0. - -## AUTHOR - -Written by Andreas Fuchs. - -## COPYRIGHT - -tpm2tss is Copyright (C) 2018 Fraunhofer SIT sponsored by Infineon -Technologies AG. License BSD 3-clause. - -## SEE ALSO - -openssl(1), tpm2tss_genkey(1) - diff --git a/man/tpm2tss_ecc_makekey.3.md b/man/tpm2tss_ecc_makekey.3.md deleted file mode 100644 index fe9cd31..0000000 --- a/man/tpm2tss_ecc_makekey.3.md +++ /dev/null @@ -1,36 +0,0 @@ -% tpm2tss-tpm2data_write(3) tpm2-tss-engine | Library calls -% -% JUNE 2018 - -# NAME -**tpm2tss_ecc_makekey** -- Make an ECC key object - -# SYNOPSIS - -**#include ** - -**EVP_PKEY * tpm2tss_ecc_makekey(TPM2_DATA *tpm2Data);** - -# DESCRIPTION - -**tpm2tss_ecc_makekey** takes a TPM2_DATA object as `tpm2Data` and creates a -corresponding OpenSSL EVP_PKEY object. - -# RETURN VALUE - -Upon successful completion **tpm2tss_ecc_makekey**() returns the created -EVP_PKEY object's pointer. Otherwise NULL. - -## AUTHOR - -Written by Andreas Fuchs. - -## COPYRIGHT - -tpm2tss is Copyright (C) 2018 Fraunhofer SIT sponsored by Infineon -Technologies AG. License BSD 3-clause. - -## SEE ALSO - -openssl(1) - diff --git a/man/tpm2tss_rsa_genkey.3.md b/man/tpm2tss_rsa_genkey.3.md deleted file mode 100644 index baa2dbe..0000000 --- a/man/tpm2tss_rsa_genkey.3.md +++ /dev/null @@ -1,36 +0,0 @@ -% tpm2tss-tpm2data_write(3) tpm2-tss-engine | Library calls -% -% JUNE 2018 - -# NAME -**tpm2tss_rsa_genkey** -- Make an RSA key object - -# SYNOPSIS - -**#include ** - -**int tpm2tss_rsa_genkey(RSA *rsa, int bits, BIGNUM *e, char *password);** - -# DESCRIPTION - -**tpm2tss_rsa_genkey** issues the generation of an RSA key `rsa` using the TPM. -The keylength is determined by `bits`. The exponent is determined by `e`. -The new key will be protected by `password`. - -# RETURN VALUE - -Upon successful completion **tpm2tss_rsa_genkey**() returns 1. Otherwise 0. - -## AUTHOR - -Written by Andreas Fuchs. - -## COPYRIGHT - -tpm2tss is Copyright (C) 2018 Fraunhofer SIT sponsored by Infineon -Technologies AG. License BSD 3-clause. - -## SEE ALSO - -openssl(1), tpm2tss_genkey(1) - diff --git a/man/tpm2tss_rsa_makekey.3.md b/man/tpm2tss_rsa_makekey.3.md deleted file mode 100644 index 7fbe13b..0000000 --- a/man/tpm2tss_rsa_makekey.3.md +++ /dev/null @@ -1,36 +0,0 @@ -% tpm2tss-tpm2data_write(3) tpm2-tss-engine | Library calls -% -% JUNE 2018 - -# NAME -**tpm2tss_rsa_makekey** -- Make an RSA key object - -# SYNOPSIS - -**#include ** - -**EVP_PKEY * tpm2tss_rsa_makekey(TPM2_DATA *tpm2Data);** - -# DESCRIPTION - -**tpm2tss_rsa_makekey** takes a TPM2_DATA object as `tpm2Data` and creates a -corresponding OpenSSL EVP_PKEY object. - -# RETURN VALUE - -Upon successful completion **tpm2tss_rsa_makekey**() returns the created -EVP_PKEY object's pointer. Otherwise NULL. - -## AUTHOR - -Written by Andreas Fuchs. - -## COPYRIGHT - -tpm2tss is Copyright (C) 2018 Fraunhofer SIT sponsored by Infineon -Technologies AG. License BSD 3-clause. - -## SEE ALSO - -openssl(1) - diff --git a/man/tpm2tss_tpm2data_write.3.md b/man/tpm2tss_tpm2data_write.3.md deleted file mode 100644 index 7ccc072..0000000 --- a/man/tpm2tss_tpm2data_write.3.md +++ /dev/null @@ -1,42 +0,0 @@ -% tpm2tss-tpm2data_write(3) tpm2-tss-engine | Library calls -% -% JUNE 2018 - -# NAME -**tpm2tss_tpm2data_write**, **tpm2tss_tpm2data_read** -- read/write TPM2_DATA - -# SYNOPSIS - -**#include ** - -**int tpm2tss_tpm2data_read(const char *filename, TPM2_DATA **tpm2Datap);** - -**int tpm2tss_tpm2data_write(const TPM2_DATA *tpm2Data, const char *filename);** - -# DESCRIPTION - -**tpm2tss_tpm2data_read** reads the TPM2_DATA object from a file called -`filename`, allocates memory and stores it under the parameter `tpm2Datap`. -Must be freed using the `free()` function. - -**tpm2tss_tpm2data_write** writes the TPM2_DATA object from the parameter -`tpm2Data` to a newly created file called `filename`. - -# RETURN VALUE - -Upon successful completion **tpm2tss_tpm2data_write**() and -**tpm2tss_tpm2data_read**() return 1. Otherwise 0. - -## AUTHOR - -Written by Andreas Fuchs. - -## COPYRIGHT - -tpm2tss is Copyright (C) 2018 Fraunhofer SIT sponsored by Infineon -Technologies AG. License BSD 3-clause. - -## SEE ALSO - -openssl(1) - diff --git a/openssl.conf.sample b/openssl.conf.sample deleted file mode 100644 index dcb136e..0000000 --- a/openssl.conf.sample +++ /dev/null @@ -1,22 +0,0 @@ -openssl_conf = openssl_init - -[openssl_init] -engines = engine_section - -[engine_section] -tpm2tss = tpm2tss_section - -[tpm2tss_section] -engine_id = tpm2tss -dynamic_path = /usr/lib/engines-1.1/libtpm2tss.so -default_algorithms = RSA,ECDSA -init = 1 -#SET_TCTI = -#SET_OWNERAUTH = -#SET_PARENTAUTH = - -[req] -distinguished_name = subject - -[subject] -# prompts and defaults here diff --git a/src/tpm2-tss-engine-common.c b/src/tpm2-tss-engine-common.c deleted file mode 100755 index 9dc100d..0000000 --- a/src/tpm2-tss-engine-common.c +++ /dev/null @@ -1,698 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * Copyright (c) 2019, Wind River Systems. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ - -#include -#include - -#include - -#include -#include -#include - -#include "tpm2-tss-engine.h" -#include "tpm2-tss-engine-common.h" - -ASN1_SEQUENCE(TSSPRIVKEY) = { - ASN1_SIMPLE(TSSPRIVKEY, type, ASN1_OBJECT), - ASN1_EXP_OPT(TSSPRIVKEY, emptyAuth, ASN1_BOOLEAN, 0), - ASN1_SIMPLE(TSSPRIVKEY, parent, ASN1_INTEGER), - ASN1_SIMPLE(TSSPRIVKEY, pubkey, ASN1_OCTET_STRING), - ASN1_SIMPLE(TSSPRIVKEY, privkey, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(TSSPRIVKEY) - -#define TSSPRIVKEY_PEM_STRING "TSS2 PRIVATE KEY" - -IMPLEMENT_ASN1_FUNCTIONS(TSSPRIVKEY); -IMPLEMENT_PEM_write_bio(TSSPRIVKEY, TSSPRIVKEY, TSSPRIVKEY_PEM_STRING, TSSPRIVKEY); -IMPLEMENT_PEM_read_bio(TSSPRIVKEY, TSSPRIVKEY, TSSPRIVKEY_PEM_STRING, TSSPRIVKEY); - -/** Initialize the Esys context - * - * Initialize an Esys context. - * @param esys_ctx The context to initialize. - * @retval TSS2_RC_SUCCESS on success - * @retval TSS2_BASE_RC_BAD_REFERENCE if no pointer was provided - * @retval Errors from Tcti initialization or Esys_Initialize() - */ -TSS2_RC -esys_ctx_init(ESYS_CONTEXT **esys_ctx) -{ - - TSS2_RC r; - if (!esys_ctx) { - ERR(esys_ctx_init, TPM2TSS_R_GENERAL_FAILURE); - r = TSS2_BASE_RC_BAD_REFERENCE; - } else { - TSS2_TCTI_CONTEXT *tcti_ctx = NULL; - - r = Tss2_TctiLdr_Initialize(tcti_nameconf, &tcti_ctx); - if (TSS2_RC_SUCCESS != r) { - ERR(esys_ctx_init, TPM2TSS_R_GENERAL_FAILURE); - } else { - r = Esys_Initialize(esys_ctx, tcti_ctx, NULL); - if (TSS2_RC_SUCCESS != r) { - ERR(esys_ctx_init, TPM2TSS_R_GENERAL_FAILURE); - Tss2_TctiLdr_Finalize(&tcti_ctx); - } - } - } - return r; -} - -/** Finalize the Esys context - * - * Get the TCTI context and finalize this alongside the Esys context. - * @param esys_ctx The Esys context - * @retval TSS2_RC_SUCCESS on success - * @retval TSS2_BASE_RC_BAD_REFERENCE if no pointer was provided - * @retval Errors from Esys_GetTcti() - */ -TSS2_RC -esys_ctx_free(ESYS_CONTEXT **esys_ctx) -{ - TSS2_RC r; - if ((!esys_ctx) || (!*esys_ctx)) { - ERR(esys_ctx_free, TPM2TSS_R_GENERAL_FAILURE); - r = TSS2_BASE_RC_BAD_REFERENCE; - } else { - TSS2_TCTI_CONTEXT *tcti_ctx; - r = Esys_GetTcti(*esys_ctx, &tcti_ctx); - Esys_Finalize(esys_ctx); - if (TSS2_RC_SUCCESS != r) { - ERR(esys_ctx_free, TPM2TSS_R_GENERAL_FAILURE); - } else { - Tss2_TctiLdr_Finalize(&tcti_ctx); - } - } - return r; -} - -/** Serialize tpm2data onto disk - * - * Write the tpm2tss key data into a file using PEM encoding. - * @param tpm2Data The data to be written to disk. - * @param filename The filename to write the data to. - * @retval 1 on success - * @retval 0 on failure - */ -int -tpm2tss_tpm2data_write(const TPM2_DATA *tpm2Data, const char *filename) -{ - TSS2_RC r; - BIO *bio = NULL; - TSSPRIVKEY *tpk = NULL; - BIGNUM *bn_parent = NULL; - - uint8_t privbuf[sizeof(tpm2Data->priv)]; - uint8_t pubbuf[sizeof(tpm2Data->pub)]; - size_t privbuf_len = 0, pubbuf_len = 0; - - if ((bio = BIO_new_file(filename, "w")) == NULL) { - ERR(tpm2tss_tpm2data_write, TPM2TSS_R_FILE_WRITE); - goto error; - } - - tpk = TSSPRIVKEY_new(); - if (!tpk) { - ERR(tpm2tss_tpm2data_write, ERR_R_MALLOC_FAILURE); - goto error; - } - - r = Tss2_MU_TPM2B_PRIVATE_Marshal(&tpm2Data->priv, &privbuf[0], - sizeof(privbuf), &privbuf_len); - if (r) { - ERR(tpm2tss_tpm2data_write, TPM2TSS_R_DATA_CORRUPTED); - goto error; - } - - r = Tss2_MU_TPM2B_PUBLIC_Marshal(&tpm2Data->pub, &pubbuf[0], - sizeof(pubbuf), &pubbuf_len); - if (r) { - ERR(tpm2tss_tpm2data_write, TPM2TSS_R_DATA_CORRUPTED); - goto error; - } - tpk->type = OBJ_txt2obj(OID_loadableKey, 1); - tpk->parent = ASN1_INTEGER_new(); - tpk->privkey = ASN1_OCTET_STRING_new(); - tpk->pubkey = ASN1_OCTET_STRING_new(); - if (!tpk->type || !tpk->privkey || !tpk->pubkey || !tpk->parent) { - ERR(tpm2tss_tpm2data_write, ERR_R_MALLOC_FAILURE); - goto error; - } - - tpk->emptyAuth = tpm2Data->emptyAuth ? 0xFF : 0; - bn_parent = BN_new(); - if (!bn_parent) { - goto error; - } - if (tpm2Data->parent != 0) { - BN_set_word(bn_parent, tpm2Data->parent); - } else { - BN_set_word(bn_parent, TPM2_RH_OWNER); - } - BN_to_ASN1_INTEGER(bn_parent, tpk->parent); - ASN1_STRING_set(tpk->privkey, &privbuf[0], privbuf_len); - ASN1_STRING_set(tpk->pubkey, &pubbuf[0], pubbuf_len); - - PEM_write_bio_TSSPRIVKEY(bio, tpk); - TSSPRIVKEY_free(tpk); - BIO_free(bio); - - return 1; - error: - if (bio) - BIO_free(bio); - if (tpk) - TSSPRIVKEY_free(tpk); - return 0; -} - -/** Create tpm2data from a TPM key - * - * Retrieve the public key of tpm2data from the TPM for a given handle. - * @param handle The TPM's key handle. - * @param tpm2Datap The data after read. - * @retval 1 on success - * @retval 0 on failure - */ -int -tpm2tss_tpm2data_readtpm(uint32_t handle, TPM2_DATA **tpm2Datap) -{ - TSS2_RC r; - TPM2_DATA *tpm2Data = NULL; - ESYS_TR keyHandle = ESYS_TR_NONE; - ESYS_CONTEXT *esys_ctx = NULL; - TPM2B_PUBLIC *outPublic; - - tpm2Data = OPENSSL_malloc(sizeof(*tpm2Data)); - if (tpm2Data == NULL) { - ERR(tpm2tss_tpm2data_readtpm, ERR_R_MALLOC_FAILURE); - goto error; - } - memset(tpm2Data, 0, sizeof(*tpm2Data)); - - tpm2Data->privatetype = KEY_TYPE_HANDLE; - tpm2Data->handle = handle; - - r = esys_ctx_init(&esys_ctx); - if (r) { - ERR(tpm2tss_tpm2data_readtpm, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - - r = Esys_TR_FromTPMPublic(esys_ctx, tpm2Data->handle, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - &keyHandle); - if (r) { - ERR(tpm2tss_tpm2data_readtpm, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - - r = Esys_ReadPublic(esys_ctx, keyHandle, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - &outPublic, NULL, NULL); - if (r) { - ERR(tpm2tss_tpm2data_readtpm, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - - /* If the persistent key has the NODA flag set, we check whether it does - have an empty authValue. If NODA is not set, then we don't check because - that would increment the DA lockout counter */ - if ((outPublic->publicArea.objectAttributes & TPMA_OBJECT_NODA) != 0) { - ESYS_TR session; - TPMT_SYM_DEF sym = {.algorithm = TPM2_ALG_AES, - .keyBits = {.aes = 128}, - .mode = {.aes = TPM2_ALG_CFB} - }; - - /* Esys_StartAuthSession() and session handling use OpenSSL for random - bytes and thus might end up inside this engine again. This becomes - a problem if we have no resource manager, i.e. the tpm simulator. */ - const RAND_METHOD *rand_save = RAND_get_rand_method(); -#if OPENSSL_VERSION_NUMBER < 0x10100000 - RAND_set_rand_method(RAND_SSLeay()); -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - RAND_set_rand_method(RAND_OpenSSL()); -#endif - - /* We do the check by starting a bound audit session and executing a - very cheap command. */ - r = Esys_StartAuthSession(esys_ctx, ESYS_TR_NONE, keyHandle, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - NULL, TPM2_SE_HMAC, &sym, TPM2_ALG_SHA256, - &session); - /* Though this response code is sub-optimal, it's the only way to - detect the bug in ESYS. */ - if (r == TSS2_ESYS_RC_GENERAL_FAILURE) { - DBG("Running tpm2-tss < 2.2 which has a bug here. Requiring auth."); - tpm2Data->emptyAuth = 0; - goto session_error; - } else if (r) { - ERR(tpm2tss_tpm2data_readtpm, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - Esys_TRSess_SetAttributes(esys_ctx, session, - TPMA_SESSION_ENCRYPT, TPMA_SESSION_ENCRYPT); - Esys_TRSess_SetAttributes(esys_ctx, session, - TPMA_SESSION_CONTINUESESSION, - TPMA_SESSION_CONTINUESESSION); - - r = Esys_ReadPublic(esys_ctx, keyHandle, - session, ESYS_TR_NONE, ESYS_TR_NONE, - NULL, NULL, NULL); - - RAND_set_rand_method(rand_save); - - /* tpm2-tss < 2.2 has some bugs. (1) it may miscalculate the auth from - above leading to a password query in case of empty auth and (2) it - may return an error because the object's auth value is "\0". */ - if (r == TSS2_RC_SUCCESS) { - DBG("Object does not require auth"); - tpm2Data->emptyAuth = 1; - } else if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { - DBG("Object does require auth"); - tpm2Data->emptyAuth = 0; - } else { - ERR(tpm2tss_tpm2data_readtpm, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - - Esys_FlushContext (esys_ctx, session); - } - -session_error: - - Esys_TR_Close(esys_ctx, &keyHandle); - - esys_ctx_free(&esys_ctx); - tpm2Data->pub = *outPublic; - Esys_Free(outPublic); - - *tpm2Datap = tpm2Data; - return 1; - error: - if (keyHandle != ESYS_TR_NONE) - Esys_TR_Close(esys_ctx, &keyHandle); - esys_ctx_free(&esys_ctx); - if (tpm2Data) - OPENSSL_free(tpm2Data); - return 0; -} - -/** Deserialize tpm2data from disk - * - * Read the tpm2tss key data from a file using PEM encoding. - * @param filename The filename to read the data from. - * @param tpm2Datap The data after read. - * @retval 1 on success - * @retval 0 on failure - */ -int -tpm2tss_tpm2data_read(const char *filename, TPM2_DATA **tpm2Datap) -{ - TSS2_RC r; - BIO *bio = NULL; - TSSPRIVKEY *tpk = NULL; - TPM2_DATA *tpm2Data = NULL; - char type_oid[64]; - BIGNUM *bn_parent; - - if ((bio = BIO_new_file(filename, "r")) == NULL) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_FILE_READ); - goto error; - } - - tpk = PEM_read_bio_TSSPRIVKEY(bio, NULL, NULL, NULL); - if (!tpk) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_DATA_CORRUPTED); - goto error; - } - BIO_free(bio); - bio = NULL; - - tpm2Data = OPENSSL_malloc(sizeof(*tpm2Data)); - if (tpm2Data == NULL) { - ERR(tpm2tss_tpm2data_read, ERR_R_MALLOC_FAILURE); - goto error; - } - memset(tpm2Data, 0, sizeof(*tpm2Data)); - - tpm2Data->privatetype = KEY_TYPE_BLOB; - - tpm2Data->emptyAuth = !!tpk->emptyAuth; - - bn_parent = ASN1_INTEGER_to_BN(tpk->parent, NULL); - if (!bn_parent) { - goto error; - } - if (BN_is_negative(bn_parent)) { - tpm2Data->parent = ASN1_INTEGER_get(tpk->parent); - } else { - tpm2Data->parent = BN_get_word(bn_parent); - } - if (tpm2Data->parent == 0) - tpm2Data->parent = TPM2_RH_OWNER; - - if (!OBJ_obj2txt(type_oid, sizeof(type_oid), tpk->type, 1) || - strcmp(type_oid, OID_loadableKey)) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_CANNOT_MAKE_KEY); - goto error; - } - r = Tss2_MU_TPM2B_PRIVATE_Unmarshal(tpk->privkey->data, - tpk->privkey->length, NULL, - &tpm2Data->priv); - if (r) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_DATA_CORRUPTED); - goto error; - } - r = Tss2_MU_TPM2B_PUBLIC_Unmarshal(tpk->pubkey->data, tpk->pubkey->length, - NULL, &tpm2Data->pub); - if (r) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_DATA_CORRUPTED); - goto error; - } - - TSSPRIVKEY_free(tpk); - - *tpm2Datap = tpm2Data; - return 1; - error: - if (tpm2Data) - OPENSSL_free(tpm2Data); - if (bio) - BIO_free(bio); - if (tpk) - TSSPRIVKEY_free(tpk); - - return 0; -} - -static TPM2B_PUBLIC primaryEccTemplate = TPM2B_PUBLIC_PRIMARY_ECC_TEMPLATE; -static TPM2B_PUBLIC primaryRsaTemplate = TPM2B_PUBLIC_PRIMARY_RSA_TEMPLATE; - -static TPM2B_SENSITIVE_CREATE primarySensitive = { - .sensitive = { - .userAuth = { - .size = 0, - }, - .data = { - .size = 0, - } - } -}; - -static TPM2B_DATA allOutsideInfo = { - .size = 0, -}; - -static TPML_PCR_SELECTION allCreationPCR = { - .count = 0, -}; - -/** Initialize the ESYS TPM connection and primary/persistent key - * - * Establish a connection with the TPM using ESYS libraries and create a primary - * key under the owner hierarchy or to initialize the ESYS object for a - * persistent if provided. - * @param esys_ctx The resulting ESYS context. - * @param parentHandle The TPM handle of a persistent key or TPM2_RH_OWNER or 0 - * @param parent The resulting ESYS_TR handle for the parent key. - * @retval TSS2_RC_SUCCESS on success - * @retval TSS2_RCs according to the error - */ -TSS2_RC -init_tpm_parent(ESYS_CONTEXT **esys_ctx, - TPM2_HANDLE parentHandle, ESYS_TR *parent) -{ - TSS2_RC r; - TPM2B_PUBLIC *primaryTemplate = NULL; - TPMS_CAPABILITY_DATA *capabilityData = NULL; - UINT32 index; - *parent = ESYS_TR_NONE; - *esys_ctx = NULL; - - DBG("Establishing connection with TPM.\n"); - r = esys_ctx_init(esys_ctx); - ERRchktss(init_tpm_parent, r, goto error); - - if (parentHandle && parentHandle != TPM2_RH_OWNER) { - DBG("Connecting to a persistent parent key.\n"); - r = Esys_TR_FromTPMPublic(*esys_ctx, parentHandle, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - parent); - ERRchktss(init_tpm_parent, r, goto error); - - r = Esys_TR_SetAuth(*esys_ctx, *parent, &parentauth); - ERRchktss(init_tpm_parent, r, goto error); - - return TSS2_RC_SUCCESS; - } - - DBG("Creating primary key under owner.\n"); - r = Esys_TR_SetAuth(*esys_ctx, ESYS_TR_RH_OWNER, &ownerauth); - ERRchktss(init_tpm_parent, r, goto error); - - r = Esys_GetCapability (*esys_ctx, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - TPM2_CAP_ALGS, 0, TPM2_MAX_CAP_ALGS, - NULL, &capabilityData); - ERRchktss(init_tpm_parent, r, goto error); - - for (index = 0; index < capabilityData->data.algorithms.count; index++) { - if (capabilityData->data.algorithms.algProperties[index].alg == TPM2_ALG_ECC) { - primaryTemplate = &primaryEccTemplate; - break; - } - } - - /* - * TPM2_ALG_ECC is *mandatory* for TPM2.0; the above should never - * fail. However, *if* such a broken TPM is used then ephemeral - * primaries according to the TSS2 PEM file standard can *never* - * have worked on that hardware, so it isn't *breaking* anything - * for us to unilaterally use an ephemeral RSA parent in this case - * instead. - * - * However, it may not be interoperable to do so, and it isn't a - * good idea anyway since RSA keys are *slow* to generate, so - * users with a broken TPM like this really *should* have followed - * the recommendation to create the RSA primary and store it in - * the NVRAM at 0x81000001. And then the TSS2 PEM keys should use - * *that* as the parent, not the ephemeral version. In fact, there - * is a strong case to be made for defaulting to 0x81000001 if it - * exists, *before* (or never) falling back to generating an RSA - * key here. - */ - if (primaryTemplate == NULL) { - for (index = 0; index < capabilityData->data.algorithms.count; index++) { - if (capabilityData->data.algorithms.algProperties[index].alg == TPM2_ALG_RSA) { - primaryTemplate = &primaryRsaTemplate; - break; - } - } - } - - Esys_Free (capabilityData); - - if (primaryTemplate == NULL) { - ERR(init_tpm_parent, TPM2TSS_R_UNKNOWN_ALG); - goto error; - } - - r = Esys_CreatePrimary(*esys_ctx, ESYS_TR_RH_OWNER, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - &primarySensitive, primaryTemplate, &allOutsideInfo, - &allCreationPCR, - parent, NULL, NULL, NULL, NULL); - if (r == 0x000009a2) { - ERR(init_tpm_parent, TPM2TSS_R_OWNER_AUTH_FAILED); - goto error; - } - ERRchktss(init_tpm_parent, r, goto error); - - return TSS2_RC_SUCCESS; - error: - if (*parent != ESYS_TR_NONE) - Esys_FlushContext(*esys_ctx, *parent); - *parent = ESYS_TR_NONE; - - esys_ctx_free(esys_ctx); - return r; -} - -/** Initialize the ESYS TPM connection and load the key - * - * Establish a connection with the TPM using ESYS libraries, create a primary - * key under the owner hierarchy and then load the TPM key and set its auth - * value. - * @param esys_ctx The ESYS_CONTEXT to be populated. - * @param keyHandle The resulting handle for the key key. - * @param tpm2Data The key data, owner auth and key auth to be used - * @retval TSS2_RC_SUCCESS on success - * @retval TSS2_RCs according to the error - */ -TSS2_RC -init_tpm_key (ESYS_CONTEXT **esys_ctx, ESYS_TR *keyHandle, TPM2_DATA *tpm2Data) -{ - TSS2_RC r; - ESYS_TR parent = ESYS_TR_NONE; - *keyHandle = ESYS_TR_NONE; - *esys_ctx = NULL; - - if (tpm2Data->privatetype == KEY_TYPE_HANDLE) { - DBG("Establishing connection with TPM.\n"); - r = esys_ctx_init(esys_ctx); - ERRchktss(init_tpm_key, r, goto error); - - r = Esys_TR_FromTPMPublic(*esys_ctx, tpm2Data->handle, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - keyHandle); - ERRchktss(init_tpm_key, r, goto error); - } else if (tpm2Data->privatetype == KEY_TYPE_BLOB - && tpm2Data->parent != TPM2_RH_OWNER) { - r = init_tpm_parent(esys_ctx, tpm2Data->parent, &parent); - ERRchktss(init_tpm_key, r, goto error); - - DBG("Loading key blob.\n"); - r = Esys_Load(*esys_ctx, parent, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - &tpm2Data->priv, &tpm2Data->pub, keyHandle); - Esys_TR_Close(*esys_ctx, &parent); - ERRchktss(init_tpm_key, r, goto error); - } else if (tpm2Data->privatetype == KEY_TYPE_BLOB) { - r = init_tpm_parent(esys_ctx, 0, &parent); - ERRchktss(init_tpm_key, r, goto error); - - DBG("Loading key blob.\n"); - r = Esys_Load(*esys_ctx, parent, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - &tpm2Data->priv, &tpm2Data->pub, keyHandle); - ERRchktss(init_tpm_key, r, goto error); - - r = Esys_FlushContext(*esys_ctx, parent); - ERRchktss(rsa_priv_enc, r, goto error); - parent = ESYS_TR_NONE; - } else { - r = -1; - ERR(init_tpm_key, TPM2TSS_R_TPM2DATA_READ_FAILED); - goto error; - } - - r = Esys_TR_SetAuth(*esys_ctx, *keyHandle, &tpm2Data->userauth); - ERRchktss(init_tpm_key, r, goto error); - - return TSS2_RC_SUCCESS; - error: - if (parent != ESYS_TR_NONE) - Esys_FlushContext(*esys_ctx, parent); - if (*keyHandle != ESYS_TR_NONE) - Esys_FlushContext(*esys_ctx, *keyHandle); - *keyHandle = ESYS_TR_NONE; - - esys_ctx_free(esys_ctx); - return r; -} - -/** Deserialize a tpm key from disk - * - * Read a tpm key as marshaled TPM2B_PUBLIC and (encrypted) TPM2B_PRIVATE from - * disk and convert them into a TPM2_DATA representation - * @param filenamepub The filename to read the public portion from. - * @param filenametpm The filename to read the private portion from. - * @param parent Handle of the parent key. - * @param emptyAuth Whether the object does not require authentication. - * @param tpm2Datap The data after read. - * @retval 1 on success - * @retval 0 on failure - */ -int -tpm2tss_tpm2data_importtpm(const char *filenamepub, const char *filenametpm, - TPM2_HANDLE parent, int emptyAuth, - TPM2_DATA **tpm2Datap) -{ - TSS2_RC r; - BIO *bio; - TPM2_DATA *tpm2data; - int filepub_size, filepriv_size; - - uint8_t filepub[sizeof(TPM2B_PUBLIC)]; - uint8_t filepriv[sizeof(TPM2B_PRIVATE)]; - - if ((bio = BIO_new_file(filenamepub, "r")) == NULL) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_FILE_READ); - return 0; - } - filepub_size = BIO_read(bio, &filepub[0], sizeof(filepub)); - BIO_free(bio); - if (filepub_size < 0) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_FILE_READ); - return 0; - } - - if ((bio = BIO_new_file(filenametpm, "r")) == NULL) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_FILE_READ); - return 0; - } - filepriv_size = BIO_read(bio, &filepriv[0], sizeof(filepriv)); - BIO_free(bio); - if (filepriv_size < 0) { - ERR(tpm2tss_tpm2data_read, TPM2TSS_R_FILE_READ); - return 0; - } - - tpm2data = OPENSSL_malloc(sizeof(TPM2_DATA)); - if (!tpm2data) - return 0; - - memset(tpm2data, 0, sizeof(*tpm2data)); - tpm2data->privatetype = KEY_TYPE_BLOB; - tpm2data->parent = parent; - tpm2data->emptyAuth = emptyAuth; - - r = Tss2_MU_TPM2B_PUBLIC_Unmarshal(&filepub[0], filepub_size, NULL, - &tpm2data->pub); - ERRchktss(tpm2tss_tpm2data_read, r, goto error); - - r = Tss2_MU_TPM2B_PRIVATE_Unmarshal(&filepriv[0], filepriv_size, NULL, - &tpm2data->priv); - ERRchktss(tpm2tss_tpm2data_read, r, goto error); - - *tpm2Datap = tpm2data; - return 1; - - error: - OPENSSL_free(tpm2data); - return 0; -} diff --git a/src/tpm2-tss-engine-common.h b/src/tpm2-tss-engine-common.h deleted file mode 100755 index 66dbf94..0000000 --- a/src/tpm2-tss-engine-common.h +++ /dev/null @@ -1,199 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * Copyright (c) 2019, Wind River Systems. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ -#ifndef TPM2_TSS_ENGINE_COMMON_H -#define TPM2_TSS_ENGINE_COMMON_H - -#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ - && !defined(__STDC_NO_ATOMICS__) -# include -# define TPM2_TSS_ENGINE_HAVE_C11_ATOMICS -typedef _Atomic int T2TE_ATOMIC_INT; -#else -typedef int T2TE_ATOMIC_INT; -#endif - -#include -#include -#include - -#include "tpm2-tss-engine-err.h" - -#include -#include -#include - -extern TPM2B_DIGEST ownerauth; -extern TPM2B_DIGEST parentauth; - -extern char *tcti_nameconf; - -int init_ecc(ENGINE *e); -int init_rand(ENGINE *e); -int init_rsa(ENGINE *e); - -TSS2_RC esys_ctx_init (ESYS_CONTEXT **esys_ctx); - -TSS2_RC esys_ctx_free (ESYS_CONTEXT **esys_ctx); - -TSS2_RC init_tpm_parent ( ESYS_CONTEXT **esys_ctx, - TPM2_HANDLE parentHandle, - ESYS_TR *parent); - -TSS2_RC init_tpm_key ( ESYS_CONTEXT **esys_ctx, - ESYS_TR *keyHandle, - TPM2_DATA *tpm2Data); - -#define ENGINE_HASH_ALG TPM2_ALG_SHA256 - -#define TPM2B_PUBLIC_PRIMARY_RSA_TEMPLATE { \ - .publicArea = { \ - .type = TPM2_ALG_RSA, \ - .nameAlg = ENGINE_HASH_ALG, \ - .objectAttributes = (TPMA_OBJECT_USERWITHAUTH | \ - TPMA_OBJECT_RESTRICTED | \ - TPMA_OBJECT_DECRYPT | \ - TPMA_OBJECT_NODA | \ - TPMA_OBJECT_FIXEDTPM | \ - TPMA_OBJECT_FIXEDPARENT | \ - TPMA_OBJECT_SENSITIVEDATAORIGIN), \ - .authPolicy = { \ - .size = 0, \ - }, \ - .parameters.rsaDetail = { \ - .symmetric = { \ - .algorithm = TPM2_ALG_AES, \ - .keyBits.aes = 128, \ - .mode.aes = TPM2_ALG_CFB, \ - }, \ - .scheme = { \ - .scheme = TPM2_ALG_NULL, \ - .details = {} \ - }, \ - .keyBits = 2048, \ - .exponent = 0,\ - }, \ - .unique.rsa = { \ - .size = 0, \ - } \ - } \ -} - -/* - * The parameters of this key can never be changed because they are - * part of the interoperable 'standard' form for TSS2 PEM keys. - * Where the parent key is ephemeral and generated on demand, it - * has to be generated precisely the *same* every time or it cannot - * work. The ECC primary is used for *all* keys regardless of their - * type. - */ -#define TPM2B_PUBLIC_PRIMARY_ECC_TEMPLATE { \ - .publicArea = { \ - .type = TPM2_ALG_ECC, \ - .nameAlg = ENGINE_HASH_ALG, \ - .objectAttributes = (TPMA_OBJECT_USERWITHAUTH | \ - TPMA_OBJECT_RESTRICTED | \ - TPMA_OBJECT_DECRYPT | \ - TPMA_OBJECT_NODA | \ - TPMA_OBJECT_FIXEDTPM | \ - TPMA_OBJECT_FIXEDPARENT | \ - TPMA_OBJECT_SENSITIVEDATAORIGIN), \ - .authPolicy = { \ - .size = 0, \ - }, \ - .parameters.eccDetail = { \ - .symmetric = { \ - .algorithm = TPM2_ALG_AES, \ - .keyBits.aes = 128, \ - .mode.aes = TPM2_ALG_CFB, \ - }, \ - .scheme = { \ - .scheme = TPM2_ALG_NULL, \ - .details = {} \ - }, \ - .curveID = TPM2_ECC_NIST_P256, \ - .kdf = { \ - .scheme = TPM2_ALG_NULL, \ - .details = {} \ - }, \ - }, \ - .unique.ecc = { \ - .x.size = 0, \ - .y.size = 0 \ - } \ - } \ -} - -typedef struct { - ASN1_OBJECT *type; - ASN1_BOOLEAN emptyAuth; - ASN1_INTEGER *parent; - ASN1_OCTET_STRING *pubkey; - ASN1_OCTET_STRING *privkey; -} TSSPRIVKEY; - - -DECLARE_ASN1_FUNCTIONS(TSSPRIVKEY); - -DECLARE_PEM_write_bio(TSSPRIVKEY, TSSPRIVKEY); -DECLARE_PEM_read_bio(TSSPRIVKEY, TSSPRIVKEY); - -#define OID_loadableKey "2.23.133.10.1.3" - -typedef struct { - T2TE_ATOMIC_INT refcount; - ESYS_CONTEXT *esys_ctx; - ESYS_TR key_handle; - int privatetype; -} TPM2_SIG_KEY_CTX; - -typedef struct { - TPM2_SIG_KEY_CTX *key; - TPM2_ALG_ID hash_alg; - ESYS_TR seq_handle; - size_t sig_size; -} TPM2_SIG_DATA; - -int -digest_update(EVP_MD_CTX *ctx, const void *data, size_t count); -int -digest_finish(TPM2_SIG_DATA *data, TPM2B_DIGEST **digest, - TPMT_TK_HASHCHECK **validation); -int -digest_sign_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx, TPM2_DATA *tpm2data, - size_t sig_size); -int -digest_sign_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); -void -digest_sign_cleanup(EVP_PKEY_CTX *ctx); - -#endif /* TPM2_TSS_ENGINE_COMMON_H */ diff --git a/src/tpm2-tss-engine-digest-sign.c b/src/tpm2-tss-engine-digest-sign.c deleted file mode 100644 index 7b02bad..0000000 --- a/src/tpm2-tss-engine-digest-sign.c +++ /dev/null @@ -1,315 +0,0 @@ -/******************************************************************************* - * Copyright 2021, Graphiant, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ - -#include - -#include - -#include - -#include "tpm2-tss-engine-common.h" - -#ifndef TPM2_TSS_ENGINE_HAVE_C11_ATOMICS -/* fall back to using GCC/clang atomic builtins */ -# define atomic_fetch_add(PTR, VAL) \ - __atomic_fetch_add((PTR), (VAL), __ATOMIC_SEQ_CST) -#define atomic_fetch_sub(PTR, VAL) \ - __atomic_fetch_sub ((PTR), (VAL), __ATOMIC_SEQ_CST) -#endif /* TPM2_TSS_ENGINE_HAVE_C11_ATOMICS */ - -/** - * Initialise a digest operation for digest and sign. - * - * @param ctx OpenSSL message digest context - * @param data Digest and sign data - * @retval 1 on success - * @retval 0 on failure - */ -static int -digest_init(EVP_MD_CTX *ctx, TPM2_SIG_DATA *data) -{ - TPM2B_AUTH null_auth = { .size = 0 }; - const EVP_MD *md; - TSS2_RC r; - - md = EVP_MD_CTX_md(ctx); - if (!md) { - ERR(digest_init, TPM2TSS_R_GENERAL_FAILURE); - return 0; - } - - switch (EVP_MD_type(md)) { - case NID_sha1: - data->hash_alg = TPM2_ALG_SHA1; - break; - case NID_sha256: - data->hash_alg = TPM2_ALG_SHA256; - break; - case NID_sha384: - data->hash_alg = TPM2_ALG_SHA384; - break; - case NID_sha512: - data->hash_alg = TPM2_ALG_SHA512; - break; - default: - ERR(digest_init, TPM2TSS_R_UNKNOWN_ALG); - return 0; - } - - r = Esys_HashSequenceStart(data->key->esys_ctx, ESYS_TR_NONE, - ESYS_TR_NONE, ESYS_TR_NONE, &null_auth, - data->hash_alg, &data->seq_handle); - ERRchktss(digest_init, r, return 0); - - return 1; -} - -/** - * Update a digest with more data - * - * @param ctx OpenSSL message digest context - * @param data Data to add to digest - * @param count Length of data to add - * @retval 1 on success - * @retval 0 on failure - */ -int -digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx); - TPM2_SIG_DATA *sig_data = EVP_PKEY_CTX_get_app_data(pctx); - const uint8_t *current_data = data; - TSS2_RC r; - - DBG("digest_update %p %p\n", pctx, ctx); - - while (count > 0) { - TPM2B_MAX_BUFFER digest_data = { .size = count }; - if (digest_data.size > sizeof(digest_data.buffer)) - digest_data.size = sizeof(digest_data.buffer); - memcpy(&digest_data.buffer[0], current_data, digest_data.size); - current_data += digest_data.size; - count -= digest_data.size; - - r = Esys_SequenceUpdate(sig_data->key->esys_ctx, sig_data->seq_handle, - ESYS_TR_PASSWORD, ESYS_TR_NONE, - ESYS_TR_NONE, &digest_data); - ERRchktss(digest_update, r, return 0); - } - - return 1; -} - -/** - * Finish a digest operation for digest and sign - * - * @param data Digest and sign data - * @param digest Digest calculated by TPM - * @param validation Validation ticket for the digest calculated by TPM - * @retval 1 on success - * @retval 0 on failure - */ -int -digest_finish(TPM2_SIG_DATA *data, TPM2B_DIGEST **digest, - TPMT_TK_HASHCHECK **validation) -{ - TSS2_RC r; - - r = Esys_SequenceComplete(data->key->esys_ctx, data->seq_handle, - ESYS_TR_PASSWORD, ESYS_TR_NONE, - ESYS_TR_NONE, NULL, ESYS_TR_RH_OWNER, - digest, validation); - ERRchktss(digest_finish, r, return 0); - - /* Esys_SequenceComplete consumes the handle */ - data->seq_handle = ESYS_TR_NONE; - - return 1; -} - -/** - * Initialise a digest and sign operation - * - * @param ctx OpenSSL pkey context - * @param mctx OpenSSL message digest context - * @param tpm2data TPM data for the key to use - * @param sig_size Size of the signature data - * @retval 1 on success - * @retval 0 on failure - */ -int -digest_sign_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx, TPM2_DATA *tpm2data, - size_t sig_size) -{ - TSS2_RC r; - - if (!tpm2data) - /* non-TPM key - nothing to do */ - return 1; - - TPM2_SIG_DATA *data = OPENSSL_malloc(sizeof(*data)); - if (!data) { - ERR(digest_sign_init, ERR_R_MALLOC_FAILURE); - return 0; - } - - data->seq_handle = ESYS_TR_NONE; - data->sig_size = sig_size; - - data->key = OPENSSL_malloc(sizeof(*data->key)); - if (!data->key) { - ERR(digest_sign_init, ERR_R_MALLOC_FAILURE); - goto error; - } - - data->key->refcount = 1; - - r = init_tpm_key(&data->key->esys_ctx, &data->key->key_handle, tpm2data); - ERRchktss(digest_sign_init, r, goto error); - data->key->privatetype = tpm2data->privatetype; - - EVP_PKEY_CTX_set_app_data(ctx, data); - /* - * Override the update function so that the TPM performs the - * digest, which is required for restricted keys - the TPM will - * reject a null validation ticket in this case for the signing - * operation. - */ - EVP_MD_CTX_set_update_fn(mctx, digest_update); - - if (!digest_init(mctx, data)) - goto error; - - return 1; - - error: - if (data->key) { - if (data->key->key_handle != ESYS_TR_NONE) { - if (data->key->privatetype == KEY_TYPE_HANDLE) { - Esys_TR_Close(data->key->esys_ctx, &data->key->key_handle); - } else { - Esys_FlushContext(data->key->esys_ctx, data->key->key_handle); - } - } - if (data->key->esys_ctx) - esys_ctx_free(&data->key->esys_ctx); - OPENSSL_free(data->key); - } - OPENSSL_free(data); - return 0; -} - -/** - * Copy digest and sign context - * - * @param dst Destination OpenSSL pkey context - * @param src Source OpenSSL pkey context - * @retval 1 on success - * @retval 0 on failure - */ -int -digest_sign_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - TPM2_SIG_DATA *src_sig_data = EVP_PKEY_CTX_get_app_data(src); - TPMS_CONTEXT *context = NULL; - TPM2_SIG_DATA *dst_sig_data = NULL; - TSS2_RC r; - - if (src_sig_data) { - dst_sig_data = OPENSSL_malloc(sizeof(*dst_sig_data)); - if (!dst_sig_data) { - ERR(digest_sign_copy, ERR_R_MALLOC_FAILURE); - return 0; - } - - dst_sig_data->hash_alg = src_sig_data->hash_alg; - dst_sig_data->sig_size = src_sig_data->sig_size; - - if (src_sig_data->seq_handle != ESYS_TR_NONE) { - /* duplicate sequence handle */ - - r = Esys_ContextSave(src_sig_data->key->esys_ctx, - src_sig_data->seq_handle, &context); - ERRchktss(digest_sign_copy, r, goto error); - dst_sig_data->seq_handle = ESYS_TR_NONE; - r = Esys_ContextLoad(src_sig_data->key->esys_ctx, context, - &dst_sig_data->seq_handle); - ERRchktss(digest_sign_copy, r, goto error); - } - - dst_sig_data->key = src_sig_data->key; - atomic_fetch_add(&dst_sig_data->key->refcount, 1); - - EVP_PKEY_CTX_set_app_data(dst, dst_sig_data); - } - - Esys_Free(context); - return 1; - - error: - Esys_Free(context); - OPENSSL_free(dst_sig_data); - return 0; -} - -/** - * Clean up digest and sign context - * - * @param ctx OpenSSL pkey context - * @retval 1 on success - * @retval 0 on failure - */ -void -digest_sign_cleanup(EVP_PKEY_CTX *ctx) -{ - TPM2_SIG_DATA *sig_data = EVP_PKEY_CTX_get_app_data(ctx); - - if (sig_data) { - if (sig_data->seq_handle != ESYS_TR_NONE) - Esys_FlushContext(sig_data->key->esys_ctx, sig_data->seq_handle); - - if (atomic_fetch_sub(&sig_data->key->refcount, 1) == 1) { - if (sig_data->key->key_handle != ESYS_TR_NONE) { - if (sig_data->key->privatetype == KEY_TYPE_HANDLE) { - Esys_TR_Close(sig_data->key->esys_ctx, - &sig_data->key->key_handle); - } else { - Esys_FlushContext(sig_data->key->esys_ctx, - sig_data->key->key_handle); - } - } - esys_ctx_free(&sig_data->key->esys_ctx); - OPENSSL_free(sig_data->key); - } - OPENSSL_free(sig_data); - EVP_PKEY_CTX_set_app_data(ctx, NULL); - } -} diff --git a/src/tpm2-tss-engine-ecc.c b/src/tpm2-tss-engine-ecc.c deleted file mode 100644 index 9e72c85..0000000 --- a/src/tpm2-tss-engine-ecc.c +++ /dev/null @@ -1,875 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ - -#include - -#include -#include -#include - -#include -#include - -#include "tpm2-tss-engine.h" -#include "tpm2-tss-engine-common.h" - -static int ec_key_app_data = -1; - -#if OPENSSL_VERSION_NUMBER < 0x10100000 -const ECDSA_METHOD *ecc_method_default = NULL; -ECDSA_METHOD *ecc_methods = NULL; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ -const EC_KEY_METHOD *ecc_method_default = NULL; -EC_KEY_METHOD *ecc_methods = NULL; -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - -#ifdef HAVE_OPENSSL_DIGEST_SIGN -static int (*ecdsa_pkey_orig_copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); -static void (*ecdsa_pkey_orig_cleanup)(EVP_PKEY_CTX *ctx); -#endif /* HAVE_OPENSSL_DIGEST_SIGN */ - -static TPM2B_DATA allOutsideInfo = { - .size = 0, -}; - -static TPML_PCR_SELECTION allCreationPCR = { - .count = 0, -}; - -static TPM2B_PUBLIC keyEcTemplate = { - .publicArea = { - .type = TPM2_ALG_ECC, - .nameAlg = ENGINE_HASH_ALG, - .objectAttributes = (TPMA_OBJECT_USERWITHAUTH | - TPMA_OBJECT_SIGN_ENCRYPT | - TPMA_OBJECT_FIXEDTPM | - TPMA_OBJECT_FIXEDPARENT | - TPMA_OBJECT_SENSITIVEDATAORIGIN | - TPMA_OBJECT_NODA), - .parameters.eccDetail = { - .curveID = 0, /* To be filled out later */ - .symmetric = { - .algorithm = TPM2_ALG_NULL, - .keyBits.aes = 0, - .mode.aes = 0, - }, - .scheme = { - .scheme = TPM2_ALG_NULL, - .details = {} - }, - .kdf = { - .scheme = TPM2_ALG_NULL, - .details = {} - }, - }, - .unique.ecc = { - .x.size = 0, - .y.size = 0 - } - } -}; - -#if OPENSSL_VERSION_NUMBER < 0x10100000 -static int EC_GROUP_order_bits(const EC_GROUP *group) -{ - if (!group) - return 0; - - BIGNUM *order = BN_new(); - - if (order == NULL) { - ERR_clear_error(); - return 0; - } - - int ret = 0; - - if (!EC_GROUP_get_order(group, order, NULL)) { - ERR_clear_error(); - BN_free(order); - return 0; - } - - ret = BN_num_bits(order); - BN_free(order); - return ret; -} -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - /** - * Initialize a TPM2B_ECC_POINT from an OpenSSL EC_POINT. - * - * @param point Pointer to output tpm point - * @param pub_key OpenSSL public key to convert - * @param group Curve group - * @retval 0 on failure - */ -static int -init_tpm_public_point(TPM2B_ECC_POINT *point, const EC_POINT *ec_point, - const EC_GROUP *ec_group) -{ - unsigned char buffer[1 + sizeof(point->point.x.buffer) - + sizeof(point->point.y.buffer)] = {0}; - - BN_CTX *ctx = BN_CTX_new(); - if (!ctx) - return 0; - - BN_CTX_start(ctx); - - size_t len = 0; - - // first, check for actual buffer size required - if ((len = EC_POINT_point2oct(ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx)) <= sizeof(buffer)) { - len = EC_POINT_point2oct(ec_group, ec_point, - POINT_CONVERSION_UNCOMPRESSED, buffer, sizeof(buffer), ctx); - } - - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - if (len == 0 || len > sizeof(buffer)) - return 0; - - len = (len - 1) / 2; - - point->point.x.size = len; - point->point.y.size = len; - memcpy(point->point.x.buffer, &buffer[1], len); - memcpy(point->point.y.buffer, &buffer[1 + len], len); - - return 1; -} - -/** - * Generate a shared secret using a TPM key - * - * @param psec Pointer to output buffer holding shared secret - * @param pseclen Size of the psec buffer - * @param pub_key The peer's public key - * @param ecdh The ECC key object for the host private key - * @retval 0 on failure - */ -static int -ecdh_compute_key(unsigned char **psec, size_t *pseclen, - const EC_POINT *pub_key, const EC_KEY *eckey) -{ - /* - * If this is not a TPM2 key, bail out since fall through to software - * functions requires a non-const EC_KEY, yet the ECDH prototype only - * provides it as const. - */ - TPM2_DATA *tpm2Data = tpm2tss_ecc_getappdata(eckey); - if (tpm2Data == NULL) - return 0; - - TPM2B_ECC_POINT inPoint; - TPM2B_ECC_POINT *outPoint = NULL; - const EC_GROUP *group = EC_KEY_get0_group(eckey); - - int ret = init_tpm_public_point(&inPoint, pub_key, group); - if (!ret) - return 0; - - ESYS_CONTEXT *esys_ctx = NULL; - ESYS_TR keyHandle = ESYS_TR_NONE; - TSS2_RC r = init_tpm_key(&esys_ctx, &keyHandle, tpm2Data); - ERRchktss(ecdh_compute_key, r, goto error); - - r = Esys_ECDH_ZGen(esys_ctx, keyHandle, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - &inPoint, &outPoint); - ERRchktss(ecdh_compute_key, r, goto error); - - *pseclen = outPoint->point.x.size; - *psec = OPENSSL_malloc(*pseclen); - if (!*psec) - goto error; - - memcpy(*psec, outPoint->point.x.buffer, *pseclen); - ret = 1; - goto out; -error: - ret = 0; -out: - if (keyHandle != ESYS_TR_NONE) { - if (tpm2Data->privatetype == KEY_TYPE_HANDLE) { - Esys_TR_Close(esys_ctx, &keyHandle); - } else { - Esys_FlushContext(esys_ctx, keyHandle); - } - } - Esys_Free(outPoint); - esys_ctx_free(&esys_ctx); - return ret; -} -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - -static ECDSA_SIG * -ecdsa_sign(ESYS_CONTEXT *esys_ctx, ESYS_TR key_handle, - TPM2B_DIGEST *digest, TPMT_TK_HASHCHECK *validation, - TPM2_ALG_ID hash_alg) -{ - TPMT_SIG_SCHEME inScheme = { - .scheme = TPM2_ALG_ECDSA, - .details.ecdsa.hashAlg = hash_alg, - }; - BIGNUM *bns = NULL, *bnr = NULL; - ECDSA_SIG *ret = NULL; - TPMT_SIGNATURE *sig = NULL; - TSS2_RC r; - - r = Esys_Sign(esys_ctx, key_handle, ESYS_TR_PASSWORD, - ESYS_TR_NONE, ESYS_TR_NONE, digest, &inScheme, - validation, &sig); - ERRchktss(ecdsa_sign, r, goto error); - - ret = ECDSA_SIG_new(); - if (ret == NULL) { - ERR(ecdsa_sign, ERR_R_MALLOC_FAILURE); - goto error; - } - - bns = BN_bin2bn(&sig->signature.ecdsa.signatureS.buffer[0], - sig->signature.ecdsa.signatureS.size, NULL); - bnr = BN_bin2bn(&sig->signature.ecdsa.signatureR.buffer[0], - sig->signature.ecdsa.signatureR.size, NULL); - if (!bns || !bnr) { - ERR(ecdsa_sign, ERR_R_MALLOC_FAILURE); - goto error; - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000 - ret->s = bns; - ret->r = bnr; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - ECDSA_SIG_set0(ret, bnr, bns); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - - goto out; - - error: - if (bns) - BN_free(bns); - if (bnr) - BN_free(bnr); - if (ret) - ECDSA_SIG_free(ret); - ret = NULL; - out: - Esys_Free(sig); - return ret; -} - -/** Sign data using a TPM key - * - * This function performs the sign function using the private key in ECDSA. - * This operation is usually used to perform signature and authentication - * operations. - * @param dgst The data to be signed. - * @param dgst_len Length of the from buffer. - * @param inv Ignored - * @param rp Ignored - * @param eckey The ECC key object. - * @retval 0 on failure - * @retval size Size of the returned signature - */ -static ECDSA_SIG * -ecdsa_ec_key_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, - const BIGNUM *rp, EC_KEY *eckey) -{ - ECDSA_SIG *ret = NULL; - TPM2_DATA *tpm2Data = tpm2tss_ecc_getappdata(eckey); - TPM2_ALG_ID hash_alg; - - /* If this is not a TPM2 key, fall through to software functions */ - if (tpm2Data == NULL) { -#if OPENSSL_VERSION_NUMBER < 0x10100000 - ECDSA_set_method(eckey, ecc_method_default); - ret = ECDSA_do_sign_ex(dgst, dgst_len, inv, rp, eckey); - ECDSA_set_method(eckey, ecc_methods); - return ret; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - EC_KEY_set_method(eckey, ecc_method_default); - ret = ECDSA_do_sign_ex(dgst, dgst_len, inv, rp, eckey); - EC_KEY_set_method(eckey, ecc_methods); - return ret; -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - } - - DBG("ecdsa_sign called for input data(size=%i):\n", dgst_len); - DBGBUF(dgst, dgst_len); - - TSS2_RC r; - ESYS_CONTEXT *esys_ctx = NULL; - ESYS_TR keyHandle = ESYS_TR_NONE; - - TPMT_TK_HASHCHECK validation = { .tag = TPM2_ST_HASHCHECK, - .hierarchy = TPM2_RH_NULL, - .digest.size = 0 }; - - /* - * ECDSA signatures truncate the incoming hash to fit the curve, - * and the signature mechanism is the same regardless of the - * hash being used. - * - * The TPM bizarrely wants to be told the hash algorithm, and - * either it or the TSS will validate that the digest length - * matches the hash that it's told, despite it having no business - * caring about such things. - * - * So, we can truncate the digest any pretend it's any smaller - * digest that the TPM actually does support, as long as that - * digest is larger than the size of the curve. - */ - int curve_len = (EC_GROUP_order_bits(EC_KEY_get0_group(eckey)) + 7) / 8; - /* If we couldn't work it out, don't truncate */ - if (!curve_len) - curve_len = dgst_len; - - if (dgst_len == SHA_DIGEST_LENGTH || - (curve_len <= SHA_DIGEST_LENGTH && dgst_len > SHA_DIGEST_LENGTH)) { - hash_alg = TPM2_ALG_SHA1; - dgst_len = SHA_DIGEST_LENGTH; - } else if (dgst_len == SHA256_DIGEST_LENGTH || - (curve_len <= SHA256_DIGEST_LENGTH && dgst_len > SHA256_DIGEST_LENGTH)) { - hash_alg = TPM2_ALG_SHA256; - dgst_len = SHA256_DIGEST_LENGTH; - } else if (dgst_len == SHA384_DIGEST_LENGTH || - (curve_len <= SHA384_DIGEST_LENGTH && dgst_len > SHA384_DIGEST_LENGTH)) { - hash_alg = TPM2_ALG_SHA384; - dgst_len = SHA384_DIGEST_LENGTH; - } else if (dgst_len == SHA512_DIGEST_LENGTH || - (curve_len <= SHA512_DIGEST_LENGTH && dgst_len > SHA512_DIGEST_LENGTH)) { - hash_alg = TPM2_ALG_SHA512; - dgst_len = SHA512_DIGEST_LENGTH; - } else { - ERR(ecdsa_sign, TPM2TSS_R_PADDING_UNKNOWN); - goto error; - } - - TPM2B_DIGEST digest = { .size = dgst_len }; - if (digest.size > sizeof(digest.buffer)) { - ERR(ecdsa_sign, TPM2TSS_R_DIGEST_TOO_LARGE); - goto error; - } - memcpy(&digest.buffer[0], dgst, digest.size); - - r = init_tpm_key(&esys_ctx, &keyHandle, tpm2Data); - ERRchktss(ecdsa_sign, r, goto error); - - ret = ecdsa_sign(esys_ctx, keyHandle, &digest, &validation, hash_alg); - - goto out; - error: - r = -1; - out: - if (keyHandle != ESYS_TR_NONE) { - if (tpm2Data->privatetype == KEY_TYPE_HANDLE) { - Esys_TR_Close(esys_ctx, &keyHandle); - } else { - Esys_FlushContext(esys_ctx, keyHandle); - } - } - - esys_ctx_free(&esys_ctx); - return (r == TSS2_RC_SUCCESS) ? ret : NULL; -} - -#ifdef HAVE_OPENSSL_DIGEST_SIGN -static int -ecdsa_pkey_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - if (ecdsa_pkey_orig_copy && !ecdsa_pkey_orig_copy(dst, src)) - return 0; - - return digest_sign_copy(dst, src); -} - -static void -ecdsa_pkey_cleanup(EVP_PKEY_CTX *ctx) -{ - digest_sign_cleanup(ctx); - - if (ecdsa_pkey_orig_cleanup) - ecdsa_pkey_orig_cleanup(ctx); -} - -/* called for digest & sign init, after message digest algorithm set */ -static int -ecdsa_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) -{ - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); - TPM2_DATA *tpm2data = tpm2tss_ecc_getappdata(eckey); - - DBG("ecdsa_digest_custom %p %p\n", ctx, mctx); - - return digest_sign_init(ctx, mctx, tpm2data, ECDSA_size(eckey)); -} - -static int -ecdsa_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx) -{ - TPM2_SIG_DATA *sig_data = EVP_PKEY_CTX_get_app_data(ctx); - TSS2_RC r = TSS2_RC_SUCCESS; - TPMT_TK_HASHCHECK *validation_ptr = NULL; - TPM2B_DIGEST *digest_ptr = NULL; - ECDSA_SIG *ecdsa_s = NULL; - - DBG("ecdsa_signctx %p %p sig_data %p\n", ctx, mctx, sig_data); - - if (!sig) { - /* caller just wants to know the size */ - *siglen = sig_data->sig_size; - return 1; - } - - if (!sig_data) { - /* handle non-TPM key */ - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int md_len = 0; - - if (!EVP_DigestFinal_ex(mctx, md, &md_len)) - return 0; - if (EVP_PKEY_sign(ctx, sig, siglen, md, md_len) <= 0) - return 0; - return 1; - } - - if (!digest_finish(sig_data, &digest_ptr, &validation_ptr)) - return 0; - - ecdsa_s = ecdsa_sign(sig_data->key->esys_ctx, sig_data->key->key_handle, - digest_ptr, validation_ptr, - sig_data->hash_alg); - if (!ecdsa_s) - goto error; - - *siglen = i2d_ECDSA_SIG(ecdsa_s, &sig); - - r = 1; - goto out; - - error: - r = 0; - out: - ECDSA_SIG_free(ecdsa_s); - Esys_Free(digest_ptr); - Esys_Free(validation_ptr); - - return r; -} -#endif /* HAVE_OPENSSL_DIGEST_SIGN */ - -/** Helper to populate the ECC key object. - * - * In order to use an ECC key object in a typical manner, all fields of the - * OpenSSL's corresponding object bust be filled. This function fills the public - * values correctly. - * @param key The key object to fill. - * @retval 0 on failure - * @retval 1 on success - */ -static int -populate_ecc(EC_KEY *key) -{ - EC_GROUP *ecgroup = NULL; - int nid; - BIGNUM *x = NULL, *y = NULL; - TPM2_DATA *tpm2Data = tpm2tss_ecc_getappdata(key); - if (tpm2Data == NULL) - return 0; - - switch (tpm2Data->pub.publicArea.parameters.eccDetail.curveID) { - case TPM2_ECC_NIST_P256: - nid = EC_curve_nist2nid("P-256"); - break; - case TPM2_ECC_NIST_P384: - nid = EC_curve_nist2nid("P-384"); - break; - default: - nid = -1; - } - if (nid < 0) { - ERR(populate_ecc, TPM2TSS_R_UNKNOWN_CURVE); - return 0; - } - ecgroup = EC_GROUP_new_by_curve_name(nid); - if (ecgroup == NULL) { - ERR(populate_ecc, TPM2TSS_R_UNKNOWN_CURVE); - return 0; - } - if (!EC_KEY_set_group(key, ecgroup)) { - ERR(populate_ecc, TPM2TSS_R_GENERAL_FAILURE); - EC_GROUP_free(ecgroup); - return 0; - } - EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE); - EC_GROUP_free(ecgroup); - - x = BN_bin2bn(tpm2Data->pub.publicArea.unique.ecc.x.buffer, - tpm2Data->pub.publicArea.unique.ecc.x.size, NULL); - - y = BN_bin2bn(tpm2Data->pub.publicArea.unique.ecc.y.buffer, - tpm2Data->pub.publicArea.unique.ecc.y.size, NULL); - - if (!x || !y) { - ERR(populate_ecc, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!EC_KEY_set_public_key_affine_coordinates(key, x, y)) { - ERR(populate_ecc, TPM2TSS_R_GENERAL_FAILURE); - BN_free(y); - BN_free(x); - return 0; - } - - BN_free(y); - BN_free(x); - - return 1; -} - -/** Helper to load an ECC key from a tpm2Data - * - * This function creates a key object given a TPM2_DATA object. The resulting - * key object can then be used for signing with the tpm2tss engine. Ownership - * of the TPM2_DATA object is taken on success. - * @param tpm2Data The key data to use. Must have been allocated using - * OPENSSL_malloc. - * @retval key The key object - * @retval NULL on failure. - */ -EVP_PKEY * -tpm2tss_ecc_makekey(TPM2_DATA *tpm2Data) -{ - DBG("Creating ECC key object.\n"); - - EVP_PKEY *pkey; - EC_KEY *eckey; - - /* create the new objects to return */ - if ((pkey = EVP_PKEY_new()) == NULL) { - ERR(tpm2tss_ecc_makekey, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if ((eckey = EC_KEY_new()) == NULL) { - ERR(tpm2tss_ecc_makekey, ERR_R_MALLOC_FAILURE); - EVP_PKEY_free(pkey); - - return NULL; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000 - if (!ECDSA_set_method(eckey, ecc_methods)) { -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - if (!EC_KEY_set_method(eckey, ecc_methods)) { -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - ERR(tpm2tss_ecc_makekey, TPM2TSS_R_GENERAL_FAILURE); - EC_KEY_free(eckey); - goto error; - } - - if (!EVP_PKEY_assign_EC_KEY(pkey, eckey)) { - ERR(tpm2tss_ecc_makekey, TPM2TSS_R_GENERAL_FAILURE); - EC_KEY_free(eckey); - goto error; - } - - if (!tpm2tss_ecc_setappdata(eckey, tpm2Data)) { - ERR(tpm2tss_ecc_makekey, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - - if (!populate_ecc(eckey)) - goto error; - - DBG("Created ECC key object.\n"); - - return pkey; - error: - EVP_PKEY_free(pkey); - return NULL; -} - -/** Retrieve app data - * - * Since the ECC api (opposed to the RSA api) does not provide a standardized - * way to retrieve app data between the library and an application, this helper - * is defined - * @param key The key object - * @retval tpm2Data The corresponding TPM data - * @retval NULL on failure. - */ -TPM2_DATA * -#if OPENSSL_VERSION_NUMBER < 0x10100000 -tpm2tss_ecc_getappdata(EC_KEY *key) -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ -tpm2tss_ecc_getappdata(const EC_KEY *key) -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ -{ - if (ec_key_app_data == -1) { - DBG("Module uninitialized\n"); - return NULL; - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000 - return ECDSA_get_ex_data(key, ec_key_app_data); -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - return EC_KEY_get_ex_data(key, ec_key_app_data); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ -} - -/** Set app data - * - * Since the ECC api (opposed to the RSA api) does not provide a standardized - * way to set app data between the library and an application, this helper - * is defined - * @param key The key object - * @param tpm2Data The corresponding TPM data - * @retval 1 on success - * @retval 0 on failure - */ -int -tpm2tss_ecc_setappdata(EC_KEY *key, TPM2_DATA *tpm2Data) -{ - if (ec_key_app_data == -1) { - DBG("Module uninitialized\n"); - return 0; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000 - return ECDSA_set_ex_data(key, ec_key_app_data, tpm2Data); -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - return EC_KEY_set_ex_data(key, ec_key_app_data, tpm2Data); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ -} - -static void -free_ecc_appdata(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) -{ - TPM2_DATA *tpm2Data = ptr; - - (void)parent; - (void)ad; - (void)idx; - (void)argl; - (void)argp; - - if (!ptr) - return; - - OPENSSL_free(tpm2Data); -} - -/** Generate a tpm2tss ecc key object. - * - * This function creates a new TPM ECC key. The TPM data is stored inside the - * object*s app data and can be retrieved using tpm2tss_ecc_getappdata(). - * @param key The key object for the TPM ECC key to be created - * @param curve The curve to be used for the key - * @param password The Password to be set for the new key - * @retval 1 on success - * @retval 0 on failure - */ -int -tpm2tss_ecc_genkey(EC_KEY *key, TPMI_ECC_CURVE curve, const char *password, - TPM2_HANDLE parentHandle) -{ - DBG("GenKey for ecdsa.\n"); - - TSS2_RC r; - ESYS_CONTEXT *esys_ctx = NULL; - ESYS_TR parent = ESYS_TR_NONE; - TPM2B_PUBLIC *keyPublic = NULL; - TPM2B_PRIVATE *keyPrivate = NULL; - TPM2_DATA *tpm2Data = NULL; - TPM2B_PUBLIC inPublic = keyEcTemplate; - TPM2B_SENSITIVE_CREATE inSensitive = { - .sensitive = { - .userAuth = { - .size = 0, - }, - .data = { - .size = 0, - } - } - }; - - tpm2Data = OPENSSL_malloc(sizeof(*tpm2Data)); - if (tpm2Data == NULL) { - ERR(tpm2tss_ecc_genkey, ERR_R_MALLOC_FAILURE); - goto error; - } - memset(tpm2Data, 0, sizeof(*tpm2Data)); - - inPublic.publicArea.parameters.eccDetail.curveID = curve; - - if (password) { - DBG("Setting a password for the created key.\n"); - if (strlen(password) > sizeof(tpm2Data->userauth.buffer) - 1 || strlen(password) > sizeof(inSensitive.sensitive.userAuth.buffer) - 1) { - goto error; - } - tpm2Data->userauth.size = strlen(password); - memcpy(&tpm2Data->userauth.buffer[0], password, - tpm2Data->userauth.size); - - inSensitive.sensitive.userAuth.size = strlen(password); - memcpy(&inSensitive.sensitive.userAuth.buffer[0], password, - strlen(password)); - } else - tpm2Data->emptyAuth = 1; - - r = init_tpm_parent(&esys_ctx, parentHandle, &parent); - ERRchktss(tpm2tss_ecc_genkey, r, goto error); - - tpm2Data->parent = parentHandle; - - DBG("Generating the ECC key inside the TPM.\n"); - - r = Esys_Create(esys_ctx, parent, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - &inSensitive, &inPublic, &allOutsideInfo, &allCreationPCR, - &keyPrivate, &keyPublic, NULL, NULL, NULL); - ERRchktss(tpm2tss_ecc_genkey, r, goto error); - - DBG("Generated the ECC key inside the TPM.\n"); - - tpm2Data->pub = *keyPublic; - tpm2Data->priv = *keyPrivate; - - if (!tpm2tss_ecc_setappdata(key, tpm2Data)) { - ERR(tpm2tss_ecc_genkey, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - - if (!populate_ecc(key)) { - goto error; - } - - goto end; - error: - r = -1; - tpm2tss_ecc_setappdata(key, NULL); - if (tpm2Data) - OPENSSL_free(tpm2Data); - - end: - Esys_Free(keyPrivate); - Esys_Free(keyPublic); - - if (parent != ESYS_TR_NONE && !parentHandle) - Esys_FlushContext(esys_ctx, parent); - - esys_ctx_free(&esys_ctx); - - return (r == TSS2_RC_SUCCESS); -} - -/** Initialize the tpm2tss engine's ecc submodule - * - * Initialize the tpm2tss engine's submodule by setting function pointer. - * @param e The engine context. - * @retval 1 on success - * @retval 0 on failure - */ -int -init_ecc(ENGINE *e) -{ - (void)(e); - -#if OPENSSL_VERSION_NUMBER < 0x10100000 - ecc_method_default = ECDSA_OpenSSL(); - if (ecc_method_default == NULL) - return 0; - - ecc_methods = ECDSA_METHOD_new(ecc_method_default); - if (ecc_methods == NULL) - return 0; - - ECDSA_METHOD_set_sign(ecc_methods, ecdsa_ec_key_sign); - - if (ec_key_app_data == -1) - ec_key_app_data = ECDSA_get_ex_new_index(0, NULL, NULL, NULL, - free_ecc_appdata); -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - ecc_method_default = EC_KEY_OpenSSL(); - if (ecc_method_default == NULL) - return 0; - - ecc_methods = EC_KEY_METHOD_new(ecc_method_default); - if (ecc_methods == NULL) - return 0; - - int (*orig_sign) (int, const unsigned char *, int, unsigned char *, - unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) - = NULL; - EC_KEY_METHOD_get_sign(ecc_methods, &orig_sign, NULL, NULL); - EC_KEY_METHOD_set_sign(ecc_methods, orig_sign, NULL, ecdsa_ec_key_sign); - EC_KEY_METHOD_set_compute_key(ecc_methods, ecdh_compute_key); - - if (ec_key_app_data == -1) - ec_key_app_data = EC_KEY_get_ex_new_index(0, NULL, NULL, NULL, - free_ecc_appdata); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - -#if HAVE_OPENSSL_DIGEST_SIGN - /* digest and sign support */ - - EVP_PKEY_METHOD *pkey_ecc_methods; - - pkey_ecc_methods = EVP_PKEY_meth_new(EVP_PKEY_EC, 0); - if (pkey_ecc_methods == NULL) - return 0; - - const EVP_PKEY_METHOD *pkey_orig_ecc_methods = - EVP_PKEY_meth_find(EVP_PKEY_EC); - if (pkey_orig_ecc_methods == NULL) - return 0; - EVP_PKEY_meth_copy(pkey_ecc_methods, pkey_orig_ecc_methods); - /* - * save originals since we only override some of the pkey - * functionality, rather than reimplementing all of it - */ - EVP_PKEY_meth_get_copy(pkey_ecc_methods, &ecdsa_pkey_orig_copy); - EVP_PKEY_meth_get_cleanup(pkey_ecc_methods, &ecdsa_pkey_orig_cleanup); - - EVP_PKEY_meth_set_copy(pkey_ecc_methods, ecdsa_pkey_copy); - EVP_PKEY_meth_set_cleanup(pkey_ecc_methods, ecdsa_pkey_cleanup); - EVP_PKEY_meth_set_signctx(pkey_ecc_methods, NULL, ecdsa_signctx); - EVP_PKEY_meth_set_digest_custom(pkey_ecc_methods, ecdsa_digest_custom); - EVP_PKEY_meth_add0(pkey_ecc_methods); -#endif /* HAVE_OPENSSL_DIGEST_SIGN */ - - return 1; -} diff --git a/src/tpm2-tss-engine-err.c b/src/tpm2-tss-engine-err.c deleted file mode 100644 index e164e1b..0000000 --- a/src/tpm2-tss-engine-err.c +++ /dev/null @@ -1,187 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ - -#include - -#include "tpm2-tss-engine-err.h" - -#define TPM2TSS_LIB_NAME "tpm2-tss-engine" - -#define xstr(s) str(s) -#define str(s) #s - -#define ERR_F(f) { ERR_PACK(0, TPM2TSS_F_ ## f, 0), xstr(f) } -#define ERR_R(r, s) { ERR_PACK(0, 0, r), xstr(s) } - -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA TPM2TSS_f[] = { - /* tpm2-tss-engine.c */ - ERR_F(loadkey), - ERR_F(init_engine), - ERR_F(get_auth), - ERR_F(engine_ctrl), - /* tpm2-tss-engine-common.c */ - ERR_F(tpm2tss_tpm2data_write), - ERR_F(tpm2tss_tpm2data_read), - ERR_F(tpm2tss_tpm2data_readtpm), - ERR_F(init_tpm_parent), - ERR_F(init_tpm_key), - ERR_F(esys_ctx_init), - ERR_F(esys_ctx_free), - /* tpm2-tss-engine-ecc.c */ - ERR_F(ecdsa_sign), - ERR_F(populate_ecc), - ERR_F(tpm2tss_ecc_genkey), - ERR_F(tpm2tss_ecc_makekey), - /* tpm2-tss-engine-rand.c */ - ERR_F(rand_bytes), - ERR_F(rand_seed), - /* tpm2-tss-engine-rsa.c */ - ERR_F(rsa_priv_enc), - ERR_F(rsa_priv_dec), - ERR_F(tpm2tss_rsa_genkey), - ERR_F(populate_rsa), - {0, NULL} -}; - -static ERR_STRING_DATA TPM2TSS_r[] = { - ERR_R(TPM2TSS_R_TPM2DATA_READ_FAILED, Failed to read TPM2 data), - ERR_R(TPM2TSS_R_UNKNOWN_ALG, The algorithm is unknown (neither RSA, ECDSA)), - ERR_R(TPM2TSS_R_CANNOT_MAKE_KEY, Cannot create OpenSSL key object), - ERR_R(TPM2TSS_R_SUBINIT_FAILED, Could not initialize submodule), - ERR_R(TPM2TSS_R_FILE_WRITE, Could not create file for writing), - ERR_R(TPM2TSS_R_DATA_CORRUPTED, Data is corrupted and could not be parsed), - ERR_R(TPM2TSS_R_FILE_READ, Could not open file for reading), - ERR_R(TPM2TSS_R_PADDING_UNKNOWN, Unknown padding scheme requested), - ERR_R(TPM2TSS_R_PADDING_FAILED, Padding operation failed), - ERR_R(TPM2TSS_R_UNKNOWN_TPM_ERROR, Unknown TPM error occurred. Please check tpm2tss logs), - ERR_R(TPM2TSS_R_DIGEST_TOO_LARGE, The provided digest value is too large), - ERR_R(TPM2TSS_R_GENERAL_FAILURE, Some unknown error occurred), - ERR_R(TPM2TSS_R_UNKNOWN_CURVE, Unknown ECC curve), - ERR_R(TPM2TSS_R_UI_ERROR, User interaction), - ERR_R(TPM2TSS_R_UNKNOWN_CTRL, Unknown engine ctrl), - ERR_R(TPM2TSS_R_DL_OPEN_FAILED, Failed to open TCTI library), - ERR_R(TPM2TSS_R_DL_INVALID, The TCTI library is invalid), - /* TPM/TSS Reasons that are useful to the user */ - ERR_R(TPM2TSS_R_AUTH_FAILURE, Authorization failed), - ERR_R(TPM2TSS_R_OWNER_AUTH_FAILED, Owner authorization failed), - ERR_R(TPM2TSS_R_OLD_TSS, An old TSS (<2.2) was detected and a TPM session may have leaked), - {0, NULL} -}; -#endif /* OPENSSL_NO_ERR */ - -static int TPM2TSS_lib_error_code = 0; -static int TPM2TSS_error_init = 0; - -static ERR_STRING_DATA TPM2TSS_lib_name[] = { - {0, TPM2TSS_LIB_NAME}, - {0, NULL} -}; - -/** Load TPM2TSS error string - * - * Load the errorstring from TPM2TSS_f and TPM2TSS_r into OpenSSL's error - * handling stack. - */ -void -ERR_load_TPM2TSS_strings(void) -{ - if (TPM2TSS_lib_error_code == 0) - TPM2TSS_lib_error_code = ERR_get_next_error_library(); - - if (!TPM2TSS_error_init) { - TPM2TSS_error_init = 1; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(TPM2TSS_lib_error_code, TPM2TSS_f); - ERR_load_strings(TPM2TSS_lib_error_code, TPM2TSS_r); -#endif /* OPENSSL_NO_ERR */ - - TPM2TSS_lib_name->error = ERR_PACK(TPM2TSS_lib_error_code, 0, 0); - ERR_load_strings(0, TPM2TSS_lib_name); - } -} - -/** Unload TPM2TSS error string - * - * Unload the errorstring from TPM2TSS_f and TPM2TSS_r into OpenSSL's error - * handling stack. - */ -void -ERR_unload_TPM2TSS_strings(void) -{ - if (TPM2TSS_error_init) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(TPM2TSS_lib_error_code, TPM2TSS_f); - ERR_unload_strings(TPM2TSS_lib_error_code, TPM2TSS_r); -#endif /* OPENSSL_NO_ERR */ - - ERR_unload_strings(0, TPM2TSS_lib_name); - TPM2TSS_error_init = 0; - } -} - -/** Add error to error stack - * - * Add the error to the error stack of OpenSSL. - * This function is usually not called directly but using the macros ERR(f,r) - * or ERRchktss(f, r, s) from source code. - * @param function Identifier of the function invocing the error. - * @param reason Identifier of the reason for the error. - * @param file File from which the error originates. - * @param line Line inside the file from which the error originates. - */ -void -ERR_error(int function, int reason, const char *file, int line) -{ - (void)(function); - (void)(file); - (void)(line); - if (TPM2TSS_lib_error_code == 0) - TPM2TSS_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(TPM2TSS_lib_error_code, function, reason, file, line); -} - -/** Print a buffer to stderr - * - * A helper function to print data buffers to stderr. This function is usually - * not called directly, but the macro DBGBUF() is used instead. - * @param b The buffer - * @param s The buffer's size - */ -void -printbuf(const uint8_t *b, size_t s) -{ - if (s > 1000) - return; - for (size_t i = 0; i < s; i++) - fprintf(stderr, "%02x", b[i]); - fprintf(stderr, "\n"); -} diff --git a/src/tpm2-tss-engine-err.h b/src/tpm2-tss-engine-err.h deleted file mode 100644 index 742c4c5..0000000 --- a/src/tpm2-tss-engine-err.h +++ /dev/null @@ -1,133 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ -#ifndef TPM2_TSS_ENGINE_ERR_H -#define TPM2_TSS_ENGINE_ERR_H - -#include "config.h" - -#include - -#ifndef NDEBUG -#define DBG(...) fprintf(stderr, __VA_ARGS__) -#define DBGBUF(...) printbuf(__VA_ARGS__) -void printbuf(const uint8_t *b, size_t s); - -#else /* DEBUG */ -#define DBG(...) -#define DBGBUF(...) -#endif /* DEBUG */ - -#define ERR(f,r) ERR_error(TPM2TSS_F_ ## f, r, __FILE__, __LINE__) - -/* This macro checks for common TPM error codes which are meaningful to the - user */ -#define ERRchktss(f, r, s) do { \ - if (r) { \ - switch(r) { \ - case TSS2_ESYS_RC_MEMORY: \ - ERR(f, ERR_R_MALLOC_FAILURE); \ - break; \ - case 0x000009a2: \ - ERR(f, TPM2TSS_R_AUTH_FAILURE); \ - break; \ - default: \ - ERR(f, TPM2TSS_R_UNKNOWN_TPM_ERROR); \ - } \ - s; \ - } \ -} while (0); - -void ERR_load_TPM2TSS_strings(void); -void ERR_unload_TPM2TSS_strings(void); -void ERR_error(int function, int reason, const char *file, int line); - -/* Function codes */ -/* tpm2-tss-engine.c */ -#define TPM2TSS_F_loadkey 100 -#define TPM2TSS_F_init_engine 101 -#define TPM2TSS_F_get_auth 102 -#define TPM2TSS_F_engine_ctrl 103 -/* tpm2-tss-engine-common.c */ -#define TPM2TSS_F_tpm2tss_tpm2data_write 110 -#define TPM2TSS_F_tpm2tss_tpm2data_read 111 -#define TPM2TSS_F_tpm2tss_tpm2data_readtpm 112 -#define TPM2TSS_F_init_tpm_parent 113 -#define TPM2TSS_F_init_tpm_key 114 -#define TPM2TSS_F_esys_ctx_init 115 -#define TPM2TSS_F_esys_ctx_free 116 -/* tpm2-tss-engine-ecc.c */ -#define TPM2TSS_F_ecdsa_sign 120 -#define TPM2TSS_F_populate_ecc 121 -#define TPM2TSS_F_tpm2tss_ecc_genkey 122 -#define TPM2TSS_F_tpm2tss_ecc_makekey 123 -#define TPM2TSS_F_ecdh_compute_key 124 - -/* tpm2-tss-engine-digest-sign.c */ -#define TPM2TSS_F_digest_init 150 -#define TPM2TSS_F_digest_update 151 -#define TPM2TSS_F_digest_finish 152 -#define TPM2TSS_F_digest_sign_init 153 -#define TPM2TSS_F_digest_sign_copy 154 - -/* tpm2-tss-engine-rand.c */ -#define TPM2TSS_F_rand_bytes 130 -#define TPM2TSS_F_rand_seed 131 -/* tpm2-tss-engine-rsa.c */ -#define TPM2TSS_F_rsa_priv_enc 140 -#define TPM2TSS_F_rsa_priv_dec 141 -#define TPM2TSS_F_tpm2tss_rsa_genkey 142 -#define TPM2TSS_F_populate_rsa 143 -#define TPM2TSS_F_rsa_signctx 144 - -/* Reason codes */ -#define TPM2TSS_R_TPM2DATA_READ_FAILED 100 -#define TPM2TSS_R_UNKNOWN_ALG 101 -#define TPM2TSS_R_CANNOT_MAKE_KEY 102 -#define TPM2TSS_R_SUBINIT_FAILED 103 -#define TPM2TSS_R_FILE_WRITE 104 -#define TPM2TSS_R_DATA_CORRUPTED 105 -#define TPM2TSS_R_FILE_READ 106 -#define TPM2TSS_R_PADDING_UNKNOWN 107 -#define TPM2TSS_R_PADDING_FAILED 108 -#define TPM2TSS_R_UNKNOWN_TPM_ERROR 109 -#define TPM2TSS_R_DIGEST_TOO_LARGE 110 -#define TPM2TSS_R_GENERAL_FAILURE 111 -#define TPM2TSS_R_UNKNOWN_CURVE 112 -#define TPM2TSS_R_UI_ERROR 113 -#define TPM2TSS_R_UNKNOWN_CTRL 114 -#define TPM2TSS_R_DL_OPEN_FAILED 115 -#define TPM2TSS_R_DL_INVALID 116 -/* TPM/TSS Reasons that are useful to the user */ -#define TPM2TSS_R_AUTH_FAILURE 150 -#define TPM2TSS_R_OWNER_AUTH_FAILED 151 -#define TPM2TSS_R_OLD_TSS 152 - -#endif /* TPM2_TSS_ENGINE_ERR_H */ diff --git a/src/tpm2-tss-engine-rand.c b/src/tpm2-tss-engine-rand.c deleted file mode 100644 index ef88b79..0000000 --- a/src/tpm2-tss-engine-rand.c +++ /dev/null @@ -1,151 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ - -#include - -#include -#include - -#include -#include - -#include "tpm2-tss-engine.h" -#include "tpm2-tss-engine-common.h" - -/** rand seed - * @retval 1 on success - * @retval 0 on failure - */ -static int -rand_seed(const void *seed, int seed_len) -{ - ESYS_CONTEXT *esys_ctx = NULL; - TSS2_RC r; - - r = esys_ctx_init(&esys_ctx); - ERRchktss(rand_seed, r, goto end); - - TPM2B_SENSITIVE_DATA stir; - size_t offset = 0; - char *cur_data = (char*)seed; - - static const size_t tpm_random_stir_max_size = 128; - while(offset < (size_t)seed_len) { - size_t left = seed_len - offset; - size_t chunk = left > tpm_random_stir_max_size ? tpm_random_stir_max_size : left; - - stir.size = chunk; - memcpy(stir.buffer, cur_data + offset, chunk); - - r = Esys_StirRandom( - esys_ctx, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - &stir); - ERRchktss(rand_seed, r, goto end); - - offset += chunk; - } - -end: - if(esys_ctx) - esys_ctx_free(&esys_ctx); - return (r == TSS2_RC_SUCCESS)? 1 : 0; -} - -/** Genereate random values - * - * Use the TPM to generate a number of random values. - * @param buf The buffer to write the random values to - * @param num The amound of random bytes to generate - * @retval 1 on success - * @retval 0 on failure - */ -static int -rand_bytes(unsigned char *buf, int num) -{ - ESYS_CONTEXT *esys_ctx = NULL; - TSS2_RC r; - - r = esys_ctx_init(&esys_ctx); - ERRchktss(rand_bytes, r, goto end); - - TPM2B_DIGEST *b; - while (num > 0) { - r = Esys_GetRandom(esys_ctx, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - num, &b); - ERRchktss(rand_bytes, r, goto end); - - memcpy(buf, &b->buffer, b->size); - num -= b->size; - buf += b->size; - Esys_Free(b); - } - - esys_ctx_free(&esys_ctx); - - end: - return (r == TSS2_RC_SUCCESS); -} - -/** Return the entropy status of the prng - * - * Since we provide real (TPM-based) randomness even for the pseudorand - * function, our status is allways good. - * @retval 1 allways good status - */ -static int -rand_status() -{ - return 1; -} - -static RAND_METHOD rand_methods = { - rand_seed, - rand_bytes, - NULL, /* cleanup() */ - NULL, /* add() */ - rand_bytes, /* pseudorand() */ - rand_status /* status() */ -}; - -/** Initialize the tpm2tss engine's rand submodule - * - * Initialize the tpm2tss engine's submodule by setting function pointer. - * @param e The engine context. - * @retval 1 on success - * @retval 0 on failure - */ -int -init_rand(ENGINE *e) -{ - return ENGINE_set_RAND(e, &rand_methods); -} diff --git a/src/tpm2-tss-engine-rsa.c b/src/tpm2-tss-engine-rsa.c deleted file mode 100644 index 41de34e..0000000 --- a/src/tpm2-tss-engine-rsa.c +++ /dev/null @@ -1,813 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ - -#include - -#include -#include - -#include "tpm2-tss-engine.h" -#include "tpm2-tss-engine-common.h" - -#define chkerr_goto(x) if (x) { DBG("%s:%i:%s: Error 0x%04x\n", __FILE__, \ - __LINE__, __func__, x); goto error; } - -const RSA_METHOD *default_rsa = NULL; - -#if OPENSSL_VERSION_NUMBER < 0x10100000 -RSA_METHOD rsa_methods; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ -RSA_METHOD *rsa_methods = NULL; -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - -#ifdef HAVE_OPENSSL_DIGEST_SIGN -static int (*rsa_pkey_orig_copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); -static void (*rsa_pkey_orig_cleanup)(EVP_PKEY_CTX *ctx); -#endif /* HAVE_OPENSSL_DIGEST_SIGN */ - -static int (*rsa_orig_finish)(RSA *rsa); - -static TPM2B_DATA allOutsideInfo = { - .size = 0, -}; - -static TPML_PCR_SELECTION allCreationPCR = { - .count = 0, -}; - -static TPM2B_PUBLIC keyTemplate = { - .publicArea = { - .type = TPM2_ALG_RSA, - .nameAlg = ENGINE_HASH_ALG, - .objectAttributes = (TPMA_OBJECT_USERWITHAUTH | - TPMA_OBJECT_SIGN_ENCRYPT | - TPMA_OBJECT_DECRYPT | - TPMA_OBJECT_FIXEDTPM | - TPMA_OBJECT_FIXEDPARENT | - TPMA_OBJECT_SENSITIVEDATAORIGIN | - TPMA_OBJECT_NODA), - .authPolicy.size = 0, - .parameters.rsaDetail = { - .symmetric = { - .algorithm = TPM2_ALG_NULL, - .keyBits.aes = 0, - .mode.aes = 0, - }, - .scheme = { - .scheme = TPM2_ALG_NULL, - .details = {} - }, - .keyBits = 0, /* to be set by the genkey function */ - .exponent = 0, /* to be set by the genkey function */ - }, - .unique.rsa.size = 0 - } -}; - -/** Sign data using a TPM key - * - * This function performs the encrypt function using the private key in RSA. - * This operation is usually used to perform signature and authentication - * operations. - * @param flen Length of the from buffer. - * @param from The data to be signed. - * @param to The buffer to write the signature to. - * @param rsa The rsa key object. - * @param padding The padding scheme to be used. - * @retval 0 on failure - * @retval size Size of the returned signature - */ -static int -rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding) -{ - TPM2_DATA *tpm2Data = RSA_get_app_data(rsa); - - /* If this is not a TPM2 key, fall through to software functions */ - if (tpm2Data == NULL) { - DBG("Non-TPM key passed. Calling standard function.\n"); -#if OPENSSL_VERSION_NUMBER < 0x10100000 - return default_rsa->rsa_priv_enc(flen, from, to, rsa, padding); -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - return RSA_meth_get_priv_enc(default_rsa)(flen, from, to, rsa, padding); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - } - - DBG("rsa_priv_enc called for scheme %i and input data(size=%i):\n", - padding, flen); - DBGBUF(from, flen); - - int ret = 0; - TSS2_RC r = TSS2_RC_SUCCESS; - ESYS_CONTEXT *esys_ctx = NULL; - ESYS_TR keyHandle = ESYS_TR_NONE; - TPM2B_DATA label = { .size = 0 }; - TPM2B_PUBLIC_KEY_RSA *sig = NULL; - TPMT_RSA_DECRYPT inScheme = { .scheme = TPM2_ALG_NULL }; - - TPM2B_PUBLIC_KEY_RSA digest; - digest.size = RSA_size(rsa); - if (digest.size > sizeof(digest.buffer)) { - ERR(rsa_priv_enc, TPM2TSS_R_DIGEST_TOO_LARGE); - goto error; - } - - switch (padding) { - case RSA_PKCS1_PADDING: - ret = RSA_padding_add_PKCS1_type_1(&digest.buffer[0], digest.size, - from, flen); - break; - case RSA_X931_PADDING: - ret = RSA_padding_add_X931(&digest.buffer[0], digest.size, from, flen); - break; - case RSA_NO_PADDING: - ret = RSA_padding_add_none(&digest.buffer[0], digest.size, from, flen); - break; - default: - ERR(rsa_priv_enc, TPM2TSS_R_PADDING_UNKNOWN); - goto error; - } - if (ret <= 0) { - ERR(rsa_priv_enc, TPM2TSS_R_PADDING_FAILED); - goto error; - } - - DBG("Padded digest data (size=%i):\n", digest.size); - DBGBUF(&digest.buffer[0], digest.size); - - r = init_tpm_key(&esys_ctx, &keyHandle, tpm2Data); - ERRchktss(rsa_priv_enc, r, goto error); - - DBG("Signing (via decrypt operation).\n"); - r = Esys_RSA_Decrypt(esys_ctx, keyHandle, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - &digest, &inScheme, &label, &sig); - ERRchktss(rsa_priv_enc, r, goto error); - - DBG("Signature done (size=%i):\n", sig->size); - DBGBUF(&sig->buffer[0], sig->size); - - ret = sig->size; - if (ret > RSA_size(rsa) || ret <= 0) { - ERR(rsa_priv_enc, TPM2TSS_R_DIGEST_TOO_LARGE); - goto error; - } - memcpy(to, &sig->buffer[0], ret); - - goto out; - - error: - r = -1; - - out: - Esys_Free(sig); - if (keyHandle != ESYS_TR_NONE) { - if (tpm2Data->privatetype == KEY_TYPE_HANDLE) { - Esys_TR_Close(esys_ctx, &keyHandle); - } else { - Esys_FlushContext(esys_ctx, keyHandle); - } - } - esys_ctx_free(&esys_ctx); - return (r == TSS2_RC_SUCCESS) ? ret : 0; -} - -/** Decrypt data using a TPM key - * - * This function performs the decrypt function using the private key in RSA. - * @param flen Length of the from buffer. - * @param from The data to be decrypted. - * @param to The buffer to write the plaintext to. - * @param rsa The rsa key object. - * @param padding The padding scheme to be used. - * @retval 0 on failure - * @retval size Size of the returned plaintext - */ -static int -rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA * rsa, - int padding) -{ - TPM2_DATA *tpm2Data = RSA_get_app_data(rsa); - - /* If this is not a TPM2 key, fall through to software functions */ - if (tpm2Data == NULL) -#if OPENSSL_VERSION_NUMBER < 0x10100000 - return default_rsa->rsa_priv_dec(flen, from, to, rsa, padding); -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - return RSA_meth_get_priv_dec(default_rsa)(flen, from, to, rsa, padding); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - - DBG("rsa_priv_dec called for scheme %i and input data(size=%i):\n", - padding, flen); - DBGBUF(from, flen); - - TSS2_RC r; - ESYS_CONTEXT *esys_ctx = NULL; - ESYS_TR keyHandle = ESYS_TR_NONE; - TPM2B_DATA label = { .size = 0 }; - TPM2B_PUBLIC_KEY_RSA *message = NULL; - TPMT_RSA_DECRYPT inScheme; - - TPM2B_PUBLIC_KEY_RSA cipher = { .size = flen }; - if (flen > (int)sizeof(cipher.buffer) || flen < 0) { - ERR(rsa_priv_dec, TPM2TSS_R_DIGEST_TOO_LARGE); - goto error; - } - memcpy(&cipher.buffer[0], from, flen); - - switch (padding) { - case RSA_PKCS1_PADDING: - inScheme.scheme = TPM2_ALG_RSAES; - break; - case RSA_PKCS1_OAEP_PADDING: - inScheme.scheme = TPM2_ALG_OAEP; - inScheme.details.oaep.hashAlg = TPM2_ALG_SHA1; - break; - case RSA_NO_PADDING: - inScheme.scheme = TPM2_ALG_NULL; - break; - default: - ERR(rsa_priv_dec, TPM2TSS_R_PADDING_UNKNOWN); - goto error; - } - - r = init_tpm_key(&esys_ctx, &keyHandle, tpm2Data); - ERRchktss(rsa_priv_dec, r, goto out); - - r = Esys_RSA_Decrypt(esys_ctx, keyHandle, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - &cipher, &inScheme, &label, &message); - ERRchktss(rsa_priv_dec, r, goto out); - - DBG("Decrypted message (size=%i):\n", message->size); - DBGBUF(&message->buffer[0], message->size); - - flen = message->size; - if (flen > RSA_size(rsa) || flen <= 0) { - ERR(rsa_priv_dec, TPM2TSS_R_DIGEST_TOO_LARGE); - goto error; - } - memcpy(to, &message->buffer[0], flen); - - goto out; - - error: - r = -1; - - out: - Esys_Free(message); - if (keyHandle != ESYS_TR_NONE) { - if (tpm2Data->privatetype == KEY_TYPE_HANDLE) { - Esys_TR_Close(esys_ctx, &keyHandle); - } else { - Esys_FlushContext(esys_ctx, keyHandle); - } - } - - esys_ctx_free(&esys_ctx); - return (r == TSS2_RC_SUCCESS) ? flen : 0; -} - -/** Clean up the RSA key - * - * @param rsa The rsa key object. - * @retval 1 on success, or 0 on failure - */ -static int -rsa_finish(RSA *rsa) -{ - TPM2_DATA *tpm2Data = RSA_get_app_data(rsa); - - if (tpm2Data != NULL) { - OPENSSL_free(tpm2Data); - RSA_set_app_data(rsa, NULL); - } - if (rsa_orig_finish) { - rsa_orig_finish(rsa); - } - return 1; -} - -/** Helper to populate the RSA key object. - * - * In order to use an RSA key object in a typical manner, all fields of the - * OpenSSL's corresponding object bust be filled. This function fills the public - * values correctly and fill the private values with 0. - * @param rsa The key object to fill. - * @retval 0 on failure - * @retval 1 on success - */ -static int -populate_rsa(RSA *rsa) -{ - TPM2_DATA *tpm2Data = RSA_get_app_data(rsa); - UINT32 exponent; - - if (tpm2Data == NULL) - goto error; - - exponent = tpm2Data->pub.publicArea.parameters.rsaDetail.exponent; - if (!exponent) - exponent = 0x10001; - -#if OPENSSL_VERSION_NUMBER < 0x10100000 - /* Setting the public portion of the key */ - rsa->n = BN_bin2bn(tpm2Data->pub.publicArea.unique.rsa.buffer, - tpm2Data->pub.publicArea.unique.rsa.size, rsa->n); - if (rsa->n == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - if (rsa->e == NULL) - rsa->e = BN_new(); - if (rsa->e == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - BN_set_word(rsa->e, exponent); - - /* Setting private portions to 0 values so the public key can be extracted - from the keyfile if this is desired. */ - if (rsa->d == NULL) - rsa->d = BN_new(); - if (rsa->d == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - BN_set_word(rsa->d, 0); - if (rsa->p == NULL) - rsa->p = BN_new(); - if (rsa->p == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - BN_set_word(rsa->p, 0); - if (rsa->q == NULL) - rsa->q = BN_new(); - if (rsa->q == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - BN_set_word(rsa->q, 0); - if (rsa->dmp1 == NULL) - rsa->dmp1 = BN_new(); - if (rsa->dmp1 == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - BN_set_word(rsa->dmp1, 0); - if (rsa->dmq1 == NULL) - rsa->dmq1 = BN_new(); - if (rsa->dmq1 == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - BN_set_word(rsa->dmq1, 0); - if (rsa->iqmp == NULL) - rsa->iqmp = BN_new(); - if (rsa->iqmp == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - BN_set_word(rsa->iqmp, 0); -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - BIGNUM *n = BN_bin2bn(tpm2Data->pub.publicArea.unique.rsa.buffer, - tpm2Data->pub.publicArea.unique.rsa.size, NULL); - BIGNUM *e = BN_new(); - BIGNUM *d = BN_new(); - BIGNUM *p = BN_new(); - BIGNUM *q = BN_new(); - BIGNUM *dmp1 = BN_new(); - BIGNUM *dmq1 = BN_new(); - BIGNUM *iqmp = BN_new(); - - if (!n || !e || !d || !p || !q || !dmp1 || !dmq1 || !iqmp) { - if (n) - BN_free(n); - if (e) - BN_free(e); - if (d) - BN_free(d); - if (p) - BN_free(p); - if (q) - BN_free(q); - if (dmp1) - BN_free(dmp1); - if (dmq1) - BN_free(dmq1); - if (iqmp) - BN_free(iqmp); - - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - goto error; - } - - BN_set_word(e, exponent); - BN_set_word(d, 0); - BN_set_word(p, 0); - BN_set_word(q, 0); - BN_set_word(dmp1, 0); - BN_set_word(dmq1, 0); - BN_set_word(iqmp, 0); - - RSA_set0_key(rsa, n, e, d); - RSA_set0_factors(rsa, p, q); - RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - - return 1; - error: - return 0; -} - -/** Helper to load an RSA key from a tpm2Data - * - * This function creates a key object given a TPM2_DATA object. The resulting - * key object can then be used for signing and decrypting with the tpm2tss - * engine. Ownership of the TPM2_DATA object is taken on success. - * @param tpm2Data The key data to use. Must have been allocated using - * OPENSSL_malloc. - * @retval key The key object - * @retval NULL on failure. - */ -EVP_PKEY * -tpm2tss_rsa_makekey(TPM2_DATA *tpm2Data) -{ - EVP_PKEY *pkey; - RSA *rsa; - - DBG("Creating RSA key object.\n"); - - /* create the new objects to return */ - if ((pkey = EVP_PKEY_new()) == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if ((rsa = RSA_new()) == NULL) { - ERR(populate_rsa, ERR_R_MALLOC_FAILURE); - EVP_PKEY_free(pkey); - return NULL; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000 - rsa->meth = &rsa_methods; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - RSA_set_method(rsa, rsa_methods); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - - if (!EVP_PKEY_assign_RSA(pkey, rsa)) { - ERR(populate_rsa, TPM2TSS_R_GENERAL_FAILURE); - RSA_free(rsa); - goto error; - } - - if (!RSA_set_app_data(rsa, tpm2Data)) { - ERR(populate_rsa, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - - if (!populate_rsa(rsa)) { - RSA_set_app_data(rsa, NULL); - goto error; - } - - DBG("Created RSA key object.\n"); - - return pkey; - error: - EVP_PKEY_free(pkey); - return NULL; -} - -/** Generate a tpm2tss rsa key object. - * - * This function creates a new TPM RSA key. The TPM data is stored inside the - * object*s app data and can be retrieved using RSA_get_app_data(). - * @param rsa The key object for the TPM RSA key to be created. - * @param bits The key size - * @param e The key's exponent - * @param password The Password to be set for the new key - * @retval 1 on success - * @retval 0 on failure - */ -int -tpm2tss_rsa_genkey(RSA *rsa, int bits, BIGNUM *e, char *password, - TPM2_HANDLE parentHandle) -{ - DBG("Generating RSA key for %i bits keysize.\n", bits); - - TSS2_RC r = TSS2_RC_SUCCESS; - ESYS_CONTEXT *esys_ctx = NULL; - ESYS_TR parent = ESYS_TR_NONE; - TPM2B_PUBLIC *keyPublic = NULL; - TPM2B_PRIVATE *keyPrivate = NULL; - TPM2_DATA *tpm2Data = NULL; - TPM2B_PUBLIC inPublic = keyTemplate; - TPM2B_SENSITIVE_CREATE inSensitive = { - .sensitive = { - .userAuth = { - .size = 0, - }, - .data = { - .size = 0, - } - } - }; - - tpm2Data = OPENSSL_malloc(sizeof(*tpm2Data)); - if (tpm2Data == NULL) { - ERR(tpm2tss_rsa_genkey, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - memset(tpm2Data, 0, sizeof(*tpm2Data)); - - inPublic.publicArea.parameters.rsaDetail.keyBits = bits; - if (e) - inPublic.publicArea.parameters.rsaDetail.exponent = BN_get_word(e); - - if (password) { - DBG("Setting a password for the created key.\n"); - if (strlen(password) > sizeof(tpm2Data->userauth.buffer) - 1) { - goto error; - } - tpm2Data->userauth.size = strlen(password); - memcpy(&tpm2Data->userauth.buffer[0], password, - tpm2Data->userauth.size); - - inSensitive.sensitive.userAuth.size = strlen(password); - memcpy(&inSensitive.sensitive.userAuth.buffer[0], password, - strlen(password)); - } else - tpm2Data->emptyAuth = 1; - - r = init_tpm_parent(&esys_ctx, parentHandle, &parent); - ERRchktss(tpm2tss_rsa_genkey, r, goto error); - - tpm2Data->parent = parentHandle; - - DBG("Generating the RSA key inside the TPM.\n"); - - r = Esys_Create(esys_ctx, parent, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - &inSensitive, &inPublic, &allOutsideInfo, &allCreationPCR, - &keyPrivate, &keyPublic, NULL, NULL, NULL); - ERRchktss(tpm2tss_rsa_genkey, r, goto error); - - DBG("Generated the RSA key inside the TPM.\n"); - - tpm2Data->pub = *keyPublic; - tpm2Data->priv = *keyPrivate; - - if (!RSA_set_app_data(rsa, tpm2Data)) { - ERR(tpm2tss_rsa_genkey, TPM2TSS_R_GENERAL_FAILURE); - goto error; - } - - if (!populate_rsa(rsa)) { - goto error; - } - - goto end; - error: - r = -1; - if (rsa) - RSA_set_app_data(rsa, NULL); - if (tpm2Data) - OPENSSL_free(tpm2Data); - - end: - Esys_Free(keyPrivate); - Esys_Free(keyPublic); - - if (parent != ESYS_TR_NONE && !parentHandle) - Esys_FlushContext(esys_ctx, parent); - - esys_ctx_free(&esys_ctx); - - return (r == TSS2_RC_SUCCESS); -} - -#if OPENSSL_VERSION_NUMBER < 0x10100000 -RSA_METHOD rsa_methods = { - "TPM2TSS RSA methods", - NULL, /* tpm_rsa_pub_enc */ - NULL, /* tpm_rsa_pub_dec */ - rsa_priv_enc, /* act sign */ - rsa_priv_dec, /* act decrypt */ - NULL, /* rsa_mod_exp */ - NULL, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, - NULL, /* app_data */ - NULL, /* sign */ - NULL, /* verify */ - NULL /* genkey */ -}; -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - -#ifdef HAVE_OPENSSL_DIGEST_SIGN -static int -rsa_pkey_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - if (rsa_pkey_orig_copy && !rsa_pkey_orig_copy(dst, src)) - return 0; - - return digest_sign_copy(dst, src); -} - -static void -rsa_pkey_cleanup(EVP_PKEY_CTX *ctx) -{ - digest_sign_cleanup(ctx); - - if (rsa_pkey_orig_cleanup) - rsa_pkey_orig_cleanup(ctx); -} - -/* called for digest & sign init, after message digest algorithm set */ -static int -rsa_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) -{ - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - RSA *rsa = EVP_PKEY_get0_RSA(pkey); - TPM2_DATA *tpm2data = RSA_get_app_data(rsa); - - DBG("rsa_digest_custom %p %p\n", ctx, mctx); - - return digest_sign_init(ctx, mctx, tpm2data, RSA_size(rsa)); -} - -static int -rsa_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx) -{ - TPM2_SIG_DATA *sig_data = EVP_PKEY_CTX_get_app_data(ctx); - TSS2_RC r = TSS2_RC_SUCCESS; - TPMT_TK_HASHCHECK *validation_ptr = NULL; - TPM2B_DIGEST *digest_ptr = NULL; - TPMT_SIGNATURE *tpm_sig = NULL; - int pad_mode; - - DBG("rsa_signctx %p %p sig_data %p\n", ctx, mctx, sig_data); - - if (!sig) { - /* caller just wants to know the size */ - *siglen = sig_data->sig_size; - return 1; - } - - if (!sig_data) { - /* handle non-TPM key */ - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int md_len = 0; - - if (!EVP_DigestFinal_ex(mctx, md, &md_len)) - return 0; - if (EVP_PKEY_sign(ctx, sig, siglen, md, md_len) <= 0) - return 0; - return 1; - } - - if (EVP_PKEY_CTX_get_rsa_padding(ctx, &pad_mode) <= 0) - return 0; - - TPMT_SIG_SCHEME in_scheme = { - .scheme = TPM2_ALG_NULL, - .details.rsassa.hashAlg = sig_data->hash_alg, - }; - switch (pad_mode) { - case RSA_PKCS1_PADDING: - in_scheme.scheme = TPM2_ALG_RSASSA; - break; - case RSA_PKCS1_PSS_PADDING: - in_scheme.scheme = TPM2_ALG_RSAPSS; - break; - default: - ERR(rsa_signctx, TPM2TSS_R_PADDING_UNKNOWN); - return 0; - } - - if (!digest_finish(sig_data, &digest_ptr, &validation_ptr)) - return 0; - - r = Esys_Sign(sig_data->key->esys_ctx, sig_data->key->key_handle, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - digest_ptr, &in_scheme, validation_ptr, &tpm_sig); - ERRchktss(rsa_signctx, r, goto error); - - memcpy(sig, tpm_sig->signature.rsassa.sig.buffer, sig_data->sig_size); - *siglen = sig_data->sig_size; - - r = 1; - goto out; - - error: - r = 0; - out: - Esys_Free(tpm_sig); - Esys_Free(digest_ptr); - Esys_Free(validation_ptr); - - return r; -} -#endif /* HAVE_OPENSSL_DIGEST_SIGN */ - -/** Initialize the tpm2tss engine's rsa submodule - * - * Initialize the tpm2tss engine's submodule by setting function pointer. - * @param e The engine context. - * @retval 1 on success - * @retval 0 on failure - */ -int -init_rsa(ENGINE *e) -{ -#if OPENSSL_VERSION_NUMBER < 0x10100000 - default_rsa = RSA_PKCS1_SSLeay(); - if (default_rsa == NULL) - return 0; - - rsa_methods.rsa_pub_enc = default_rsa->rsa_pub_enc; - rsa_methods.rsa_pub_dec = default_rsa->rsa_pub_dec; - rsa_methods.rsa_mod_exp = default_rsa->rsa_mod_exp; - rsa_methods.bn_mod_exp = default_rsa->bn_mod_exp; - - if (!ENGINE_set_RSA(e, &rsa_methods)) - return 0; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - default_rsa = RSA_PKCS1_OpenSSL(); - if (default_rsa == NULL) - return 0; - - rsa_methods = RSA_meth_dup(default_rsa); - RSA_meth_set1_name(rsa_methods, "TPM2TSS RSA methods"); - RSA_meth_set_priv_enc(rsa_methods, rsa_priv_enc); - RSA_meth_set_priv_dec(rsa_methods, rsa_priv_dec); - rsa_orig_finish = RSA_meth_get_finish(rsa_methods); - RSA_meth_set_finish(rsa_methods, rsa_finish); - - if (!ENGINE_set_RSA(e, rsa_methods)) - return 0; -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - -#if HAVE_OPENSSL_DIGEST_SIGN - /* digest and sign support */ - - EVP_PKEY_METHOD *pkey_rsa_methods; - - pkey_rsa_methods = EVP_PKEY_meth_new(EVP_PKEY_RSA, - EVP_PKEY_FLAG_AUTOARGLEN); - if (pkey_rsa_methods == NULL) - return 0; - - const EVP_PKEY_METHOD *pkey_orig_rsa_methods = - EVP_PKEY_meth_find(EVP_PKEY_RSA); - if (pkey_orig_rsa_methods == NULL) - return 0; - EVP_PKEY_meth_copy(pkey_rsa_methods, pkey_orig_rsa_methods); - /* - * save originals since we only override some of the pkey - * functionality, rather than reimplementing all of it - */ - EVP_PKEY_meth_get_copy(pkey_rsa_methods, &rsa_pkey_orig_copy); - EVP_PKEY_meth_get_cleanup(pkey_rsa_methods, &rsa_pkey_orig_cleanup); - - EVP_PKEY_meth_set_copy(pkey_rsa_methods, rsa_pkey_copy); - EVP_PKEY_meth_set_cleanup(pkey_rsa_methods, rsa_pkey_cleanup); - EVP_PKEY_meth_set_signctx(pkey_rsa_methods, NULL, rsa_signctx); - EVP_PKEY_meth_set_digest_custom(pkey_rsa_methods, rsa_digest_custom); - EVP_PKEY_meth_add0(pkey_rsa_methods); -#endif /* HAVE_OPENSSL_DIGEST_SIGN */ - - return 1; -} diff --git a/src/tpm2-tss-engine.c b/src/tpm2-tss-engine.c deleted file mode 100644 index 824f538..0000000 --- a/src/tpm2-tss-engine.c +++ /dev/null @@ -1,372 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ -#include "config.h" - -#include -#include - -#include -#include -#include -#include - -#include -#include - -#include "tpm2-tss-engine.h" -#include "tpm2-tss-engine-common.h" - -/** - * The identifier of the engine - */ -static const char *engine_id = "tpm2tss"; - -/** - * The full name of the engine - */ -static const char *engine_name = "TPM2-TSS engine for OpenSSL"; - -TPM2B_DIGEST ownerauth = { .size = 0 }; -TPM2B_DIGEST parentauth = { .size = 0 }; - -char *tcti_nameconf = NULL; - -/** Retrieve password - * - * Helper function to retreive a password from the user. - * @param prompt_info [in] The object name to ask the user for - * @param ui_method [in] The ui method callbacks to be used - * @param cb_data [in] The callback data for the ui - * @param auth [out] The user provided password - * @retval 1 on success - * @retval 0 on failure - */ -static int -get_auth(const char *prompt_info, UI_METHOD *ui_method, void *cb_data, - TPM2B_AUTH *auth) -{ - DBG("get_auth called for object %s with ui_method %p\n", prompt_info, - ui_method); - char *ui_prompt = NULL; - UI *ui = NULL; - if (!ui_method) { - ERR(get_auth, TPM2TSS_R_UI_ERROR); - goto error; - } - ui = UI_new_method(ui_method); - if (!ui) { - ERR(get_auth, TPM2TSS_R_UI_ERROR); - goto error; - } - ui_prompt = UI_construct_prompt(ui, "password", prompt_info); - if (!ui_prompt) { - ERR(get_auth, TPM2TSS_R_UI_ERROR); - goto error; - } - if (0 > UI_add_input_string(ui, ui_prompt, UI_INPUT_FLAG_DEFAULT_PWD, - (char *)&auth->buffer[0], 0, - sizeof(auth->buffer) - 1)) { - ERR(get_auth, TPM2TSS_R_UI_ERROR); - goto error; - } - UI_add_user_data(ui, cb_data); - if (0 > UI_process(ui)) { - ERR(get_auth, TPM2TSS_R_UI_ERROR); - goto error; - } - auth->size = strlen((char *)&auth->buffer[0]); - OPENSSL_free(ui_prompt); - UI_free(ui); - - DBG("password is %s\n", (char *)&auth->buffer[0]); - - return 1; - error: - if (ui_prompt) - OPENSSL_free(ui_prompt); - if (ui) - UI_free(ui); - return 0; -} - -static const ENGINE_CMD_DEFN cmd_defns[] = { - { TPM2TSS_SET_OWNERAUTH, "SET_OWNERAUTH", - "Set the password for the owner hierarchy (default none)", - ENGINE_CMD_FLAG_STRING }, - { TPM2TSS_SET_TCTI, "SET_TCTI", - "Set the TCTI module and options (default none)", - ENGINE_CMD_FLAG_STRING }, - { TPM2TSS_SET_PARENTAUTH, "SET_PARENTAUTH", - "Set the password for the parent key (default none)", - ENGINE_CMD_FLAG_STRING }, - {0, NULL, NULL, 0} -}; - -static int -engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ()) -{ - (void)(e); - (void)(i); - (void)(f); - switch (cmd) { - case TPM2TSS_SET_OWNERAUTH: - if (!p) { - DBG("Setting owner auth to empty auth.\n"); - ownerauth.size = 0; - return 1; - } - DBG("Setting owner auth to password.\n"); - if (strlen((char *)p) > sizeof(ownerauth.buffer) - 1) { - return 0; - } - ownerauth.size = strlen((char *)p); - memcpy(&ownerauth.buffer[0], p, ownerauth.size); - return 1; - case TPM2TSS_SET_TCTI: - OPENSSL_free(tcti_nameconf); - if (!p) { - DBG("Setting TCTI to the ESAPI default\n"); - } else { - tcti_nameconf = OPENSSL_strdup(p); - DBG("Setting TCTI option to \"%s\"\n", tcti_nameconf); - } - return 1; - case TPM2TSS_SET_PARENTAUTH: - if (!p) { - DBG("Setting parent auth to empty auth.\n"); - parentauth.size = 0; - return 1; - } - DBG("Setting parent auth to password.\n"); - if (strlen((char *)p) > sizeof(parentauth.buffer) - 1) { - return 0; - } - parentauth.size = strlen((char *)p); - memcpy(&parentauth.buffer[0], p, parentauth.size); - return 1; - default: - break; - } - ERR(engine_ctrl, TPM2TSS_R_UNKNOWN_CTRL); - return 0; -} - -/** Load a TPM2TSS key - * - * This function implements the prototype for loading a key from a file. - * @param e The engine for this callback (unused). - * @param key_id The name of the file with the TPM key data. - * @param ui The ui functions for querying the user. - * @param cb_data Callback data. - */ -static EVP_PKEY * -loadkey(ENGINE *e, const char *key_id, UI_METHOD *ui, void *cb_data) -{ - (void)(e); - (void)(ui); - (void)(cb_data); - - TPM2_DATA *tpm2Data = NULL; - EVP_PKEY *pkey = NULL; - - DBG("Loading private key %s\n", key_id); - if (strncmp(key_id, "0x81", 4) == 0) { - uint32_t handle; - sscanf(key_id, "0x%x", &handle); - if (!tpm2tss_tpm2data_readtpm(handle, &tpm2Data)) { - ERR(loadkey, TPM2TSS_R_TPM2DATA_READ_FAILED); - goto error; - } - } else { - if (!tpm2tss_tpm2data_read(key_id, &tpm2Data)) { - ERR(loadkey, TPM2TSS_R_TPM2DATA_READ_FAILED); - goto error; - } - } - - if (tpm2Data->emptyAuth) { - tpm2Data->userauth.size = 0; - } else { - if (!get_auth("user key", ui, cb_data, &tpm2Data->userauth)) { - goto error; - } - } - - DBG("Loaded key uses alg-id %x\n", tpm2Data->pub.publicArea.type); - - switch (tpm2Data->pub.publicArea.type) { - case TPM2_ALG_RSA: - pkey = tpm2tss_rsa_makekey(tpm2Data); - break; - case TPM2_ALG_ECC: - pkey = tpm2tss_ecc_makekey(tpm2Data); - break; - default: - ERR(loadkey, TPM2TSS_R_UNKNOWN_ALG); - goto error; - } - if (!pkey) { - ERR(loadkey, TPM2TSS_R_CANNOT_MAKE_KEY); - goto error; - } - - DBG("TPM2 Key loaded\n"); - - return pkey; -error: - if (tpm2Data) - OPENSSL_free(tpm2Data); - return NULL; -} - -/** Initialize the tpm2tss engine - * - * Initialize the tpm2tss engine by calling each of the submodules' init - * functions for setting function pointer. - * @param e The engine context. - * @retval 1 on success - * @retval 0 on failure - */ -static int -init_engine(ENGINE *e) { - static int initialized = 0; - - DBG("Initializing\n"); - - if (initialized) { - DBG("Already initialized\n"); - return 1; - } - - int rc; - -#ifdef ENABLE_TCTIENVVAR - /* Set the default TCTI option from the environment */ - OPENSSL_free(tcti_nameconf); - if (getenv("TPM2TSSENGINE_TCTI")) { - tcti_nameconf = OPENSSL_strdup(getenv("TPM2TSSENGINE_TCTI")); - } -#endif - - rc = init_rand(e); - if (rc != 1) { - ERR(init_engine, TPM2TSS_R_SUBINIT_FAILED); - return rc; - } - - rc = init_rsa(e); - if (rc != 1) { - ERR(init_engine, TPM2TSS_R_SUBINIT_FAILED); - return rc; - } - - rc = init_ecc(e); - if (rc != 1) { - ERR(init_engine, TPM2TSS_R_SUBINIT_FAILED); - return rc; - } - - initialized = 1; - return 1; -} - -/** Destroys the engine context - * - * Unloads the strings of the tpm2tss engine. - * @param e The engine context (unused). - * @retval 1 for success - */ -static int -destroy_engine(ENGINE *e) -{ - (void)(e); - OPENSSL_free(tcti_nameconf); - ERR_unload_TPM2TSS_strings(); - return 1; -} - -/** OpenSSL's method to bind an engine. - * - * This initializes the name, id and function pointers of the engine. - * @param e The TPM engine to initialize - * @param id The identifier of the engine - * @retval 0 if binding failed - * @retval 1 on success - */ -static int -bind(ENGINE *e, const char *id) -{ - (void)(id); - - if (!ENGINE_set_id(e, engine_id)) { - DBG("ENGINE_set_id failed\n"); - goto end; - } - if (!ENGINE_set_name(e, engine_name)) { - DBG("ENGINE_set_name failed\n"); - goto end; - } - - /* The init function is not allways called so we initialize crypto methods - directly from bind. */ - if (!init_engine(e)) { - DBG("tpm2tss enigne initialization failed\n"); - goto end; - } - - if (!ENGINE_set_load_privkey_function(e, loadkey)) { - DBG("ENGINE_set_load_privkey_function failed\n"); - goto end; - } - - if (!ENGINE_set_destroy_function(e, destroy_engine)) { - DBG("ENGINE_set_destroy_function failed\n"); - goto end; - } - - if (!ENGINE_set_ctrl_function(e, engine_ctrl)) { - DBG("ENGINE_set_ctrl_function failed\n"); - goto end; - } - - if (!ENGINE_set_cmd_defns(e, cmd_defns)) { - DBG("ENGINE_set_cmd_defns failed\n"); - goto end; - } - - ERR_load_TPM2TSS_strings(); - return 1; - end: - return 0; -} - -IMPLEMENT_DYNAMIC_BIND_FN(bind) -IMPLEMENT_DYNAMIC_CHECK_FN() diff --git a/src/tpm2tss-genkey.c b/src/tpm2tss-genkey.c deleted file mode 100644 index a731897..0000000 --- a/src/tpm2tss-genkey.c +++ /dev/null @@ -1,415 +0,0 @@ -/******************************************************************************* - * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of tpm2-tss-engine nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - ******************************************************************************/ - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "tpm2-tss-engine.h" -#include "tpm2-tss-engine-common.h" - -/* This tool uses a different error reporting scheme than the lib. */ -#undef ERR -#define VERB(...) if (opt.verbose) fprintf(stderr, __VA_ARGS__) -#define ERR(...) fprintf(stderr, __VA_ARGS__) - -char *help = - "Usage: [options] \n" - "Arguments:\n" - " storage for the encrypted private key\n" - "Options:\n" - " -a, --alg public key algorithm (rsa, ecdsa) (default: rsa)\n" - " -c, --curve curve for ecc (default: nist_p256)\n" - " -e, --exponent exponent for rsa (default: 65537)\n" - " -h, --help print help\n" - " -u, --public import a key and read its public portion from this file\n" - " -r, --private import the sensitive key portion from this file\n" - " -o, --ownerpw password for the owner hierarchy (default: none)\n" - " -p, --password password for the created key (default: none)\n" - " -P, --parent specific handle for the parent key (default: none)\n" - " -s, --keysize key size in bits for rsa (default: 2048)\n" - " -v, --verbose print verbose messages\n" - " -W, --parentpw password for the parent key (default: none)\n" - " -t, --tcti tcti configuration string (default: none)\n" - "\n"; - -static const char *optstr = "a:c:e:hu:r:o:p:P:s:vW:t:"; - -static const struct option long_options[] = { - {"alg", required_argument, 0, 'a'}, - {"curve", required_argument, 0, 'c'}, - {"exponent", required_argument, 0, 'e'}, - {"help", no_argument, 0, 'h'}, - {"public", required_argument, 0, 'u'}, - {"private", required_argument, 0, 'r'}, - {"ownerpw", required_argument, 0, 'o'}, - {"password", required_argument, 0, 'p'}, - {"parent", required_argument, 0, 'P'}, - {"keysize", required_argument, 0, 's'}, - {"verbose", no_argument, 0, 'v'}, - {"parentpw", required_argument, 0, 'W'}, - {"tcti", required_argument, 0, 't'}, - {0, 0, 0, 0 } -}; - -static struct opt { - char *filename; - TPMI_ALG_PUBLIC alg; - TPMI_ECC_CURVE curve; - int exponent; - char *importpub; - char *importtpm; - char *ownerpw; - char *password; - TPM2_HANDLE parent; - char *parentpw; - int keysize; - int verbose; - char *tcti_conf; -} opt; - -/** Parse and set command line options. - * - * This function parses the command line options and sets the appropriate values - * in the opt struct. - * @param argc The argument count. - * @param argv The arguments. - * @retval 0 on success - * @retval 1 on failure - */ -int -parse_opts(int argc, char **argv) -{ - /* set the default values */ - opt.filename = NULL; - opt.alg = TPM2_ALG_RSA; - opt.curve = TPM2_ECC_NIST_P256; - opt.exponent = 65537; - opt.importpub = NULL; - opt.importtpm = NULL; - opt.ownerpw = NULL; - opt.password = NULL; - opt.parent = 0; - opt.parentpw = NULL; - opt.keysize = 2048; - opt.verbose = 0; - opt.tcti_conf = NULL; - - /* parse the options */ - int c; - int opt_idx = 0; - while (-1 != (c = getopt_long(argc, argv, optstr, - long_options, &opt_idx))) { - switch(c) { - case 'h': - printf("%s", help); - exit(0); - case 'v': - opt.verbose = 1; - break; - case 'a': - if (strcasecmp(optarg, "rsa") == 0) { - opt.alg = TPM2_ALG_RSA; - break; - } else if (strcasecmp(optarg, "ecdsa") == 0) { - opt.alg = TPM2_ALG_ECDSA; - break; - } else { - ERR("Unknown algorithm.\n"); - exit(1); - } - case 'c': - if (strcasecmp(optarg, "nist_p256") == 0) { - opt.curve = TPM2_ECC_NIST_P256; - break; - } else if (strcasecmp(optarg, "nist_p384") == 0) { - opt.curve = TPM2_ECC_NIST_P384; - break; - } else { - ERR("Unknown curve.\n"); - exit(1); - } - case 'e': - if (sscanf(optarg, "%i", &opt.exponent) != 1) { - ERR("Error parsing keysize.\n"); - exit(1); - } - break; - case 'u': - opt.importpub = optarg; - break; - case 'r': - opt.importtpm = optarg; - break; - case 'o': - opt.ownerpw = optarg; - break; - case 'p': - opt.password = optarg; - break; - case 'P': - if (sscanf(optarg, "%x", &opt.parent) != 1 && - sscanf(optarg, "0x%x", &opt.parent) != 1 && - sscanf(optarg, "%i", &opt.parent) != 1) { - ERR("Error parsing parent handle"); - exit(1); - } - break; - case 'W': - opt.parentpw = optarg; - break; - case 's': - if (sscanf(optarg, "%i", &opt.keysize) != 1) { - ERR("Error parsing keysize.\n"); - exit(1); - } - break; - case 't': - opt.tcti_conf = optarg; - break; - default: - ERR("Unknown option at index %i.\n\n", opt_idx); - ERR("%s", help); - exit(1); - } - } - - /* parse the non-option arguments */ - if (optind >= argc) { - ERR("Missing argument .\n\n"); - ERR("%s", help); - exit(1); - } - opt.filename = argv[optind]; - optind++; - - if (optind < argc) { - ERR("Unknown argument provided.\n\n"); - ERR("%s", help); - exit(1); - } - - if (!!opt.importpub != !!opt.importtpm) { - ERR("Import requires both --public and --private\n"); - return 1; - } - - return 0; -} - -/** Generate an RSA key - * - * This function calls out to generate an RSA key using the TPM. - * @retval TPM2_DATA data to be written to disk - * @retval NULL on failure - */ -static TPM2_DATA * -genkey_rsa() -{ - VERB("Generating RSA key using TPM\n"); - - RSA *rsa = NULL; - BIGNUM *e = BN_new(); - if (!e) { - ERR("out of memory\n"); - return NULL; - } - BN_set_word(e, opt.exponent); - - rsa = RSA_new(); - if (!rsa) { - ERR("out of memory\n"); - BN_free(e); - return NULL; - } - if (!tpm2tss_rsa_genkey(rsa, opt.keysize, e, opt.password, opt.parent)) { - BN_free(e); - RSA_free(rsa); - ERR("Error: Generating key failed\n"); - return NULL; - } - - VERB("Key generated\n"); - - TPM2_DATA *tpm2Data = OPENSSL_malloc(sizeof(*tpm2Data)); - if (tpm2Data == NULL) { - ERR("out of memory\n"); - BN_free(e); - RSA_free(rsa); - return NULL; - } - memcpy(tpm2Data, RSA_get_app_data(rsa), sizeof(*tpm2Data)); - - BN_free(e); - RSA_free(rsa); - - return tpm2Data; -} - -/** Generate an ECDSA key - * - * This function calls out to generate an ECDSA key using the TPM. - * @retval TPM2_DATA data to be written to disk - * @retval NULL on failure - */ -static TPM2_DATA * -genkey_ecdsa() -{ - EC_KEY *eckey = NULL; - - eckey = EC_KEY_new(); - if (!eckey) { - ERR("out of memory\n"); - return NULL; - } - if (!tpm2tss_ecc_genkey(eckey, opt.curve, opt.password, opt.parent)) { - EC_KEY_free(eckey); - ERR("Error: Generating key failed\n"); - return NULL; - } - - TPM2_DATA *tpm2Data = OPENSSL_malloc(sizeof(*tpm2Data)); - if (tpm2Data == NULL) { - ERR("out of memory\n"); - EC_KEY_free(eckey); - return NULL; - } - memcpy(tpm2Data, tpm2tss_ecc_getappdata(eckey), sizeof(*tpm2Data)); - - EC_KEY_free(eckey); - - return tpm2Data; -} - -/** Main function - * - * This function initializes OpenSSL and then calls the key generation - * functions. - * @param argc The argument count. - * @param argv The arguments. - * @retval 0 on success - * @retval 1 on failure - */ -int -main(int argc, char **argv) -{ - if (parse_opts(argc, argv) != 0) - exit(1); - - int r; - TPM2_DATA *tpm2Data = NULL; - -#if OPENSSL_VERSION_NUMBER < 0x1010000fL - OPENSSL_config(NULL); -#else - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); -#endif - - /* Initialize the tpm2-tss engine */ - ENGINE_load_dynamic(); - - /* Openssl 1.1.0 requires the lib-prefix for the engine_id */ - ENGINE *tpm_engine = ENGINE_by_id("tpm2tss"); - if (!tpm_engine) - tpm_engine = ENGINE_by_id("libtpm2tss"); - if (tpm_engine == NULL) { - ERR("Could not load tpm2tss engine\n"); - return 1; - } - - int init_res = ENGINE_init(tpm_engine); - VERB("Engine name: %s\nInit result: %d \n", ENGINE_get_name(tpm_engine), - init_res); - if (!init_res) - return 1; - - if (opt.ownerpw && - !ENGINE_ctrl(tpm_engine, TPM2TSS_SET_OWNERAUTH, 0, opt.ownerpw, NULL)) { - ERR("Could not set ownerauth\n"); - return 1; - } - - if (opt.parentpw && - !ENGINE_ctrl(tpm_engine, TPM2TSS_SET_PARENTAUTH, 0, opt.parentpw, NULL)) { - ERR("Could not set parentauth\n"); - return 1; - } - - if (opt.tcti_conf && - !ENGINE_ctrl(tpm_engine, TPM2TSS_SET_TCTI, 0, opt.tcti_conf, NULL)) { - ERR("Could not set parentauth\n"); - return 1; - } - - if (opt.importpub && opt.importtpm) { - VERB("Importing the TPM key\n"); - r = tpm2tss_tpm2data_importtpm(opt.importpub, opt.importtpm, opt.parent, - opt.password == NULL, &tpm2Data); - if (r != 1) - return 1; - } else switch (opt.alg) { - case TPM2_ALG_RSA: - VERB("Generating the rsa key\n"); - tpm2Data = genkey_rsa(); - break; - case TPM2_ALG_ECDSA: - VERB("Generating the ecdsa key\n"); - tpm2Data = genkey_ecdsa(); - break; - default: - break; - } - - if (tpm2Data == NULL) { - ERR("Key could not be generated.\n"); - return 1; - } - - /* Write the key to disk */ - VERB("Writing key to disk\n"); - - if (!tpm2tss_tpm2data_write(tpm2Data, opt.filename)) { - ERR("Error writing file\n"); - OPENSSL_free(tpm2Data); - return 1; - } - - OPENSSL_free(tpm2Data); - - VERB("*** SUCCESS ***\n"); - return 0; -} diff --git a/test/ecdh.sh b/test/ecdh.sh deleted file mode 100755 index 3462e74..0000000 --- a/test/ecdh.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash - -set -euf - -# Create a primary key pair -echo "Generating primary key" -PARENT_CTX=primary_owner_key.ctx -tpm2_createprimary --hierarchy=o \ - --key-algorithm=ecc \ - --hash-algorithm=sha256 \ - --key-context=${PARENT_CTX} - -# Create an ECDH key pair -echo "Generating ECDH key pair" -ECDH_TPM_PUBKEY=ecdhtpm.pub -ECDH_TPM_KEY=ecdhtpm -tpm2_create --key-auth=abc \ - --parent-context=${PARENT_CTX} \ - --key-algorithm=ecc256:ecdh-sha256 \ - --public=${ECDH_TPM_PUBKEY} \ - --private=${ECDH_TPM_KEY} \ - --attributes fixedparent\|fixedtpm\|decrypt\|sensitivedataorigin\|userwithauth\|noda -tpm2_flushcontext --transient-object - -# Load key to persistent handle -ECDH_CTX=ecdhkey.ctx -tpm2_load --parent-context=${PARENT_CTX} \ - --public=${ECDH_TPM_PUBKEY} \ - --private=${ECDH_TPM_KEY} \ - --key-context=${ECDH_CTX} -tpm2_flushcontext --transient-object - -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${ECDH_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -# Get public key of handle -ECDH_TPM_PUBKEY_PEM=ecdhtpm.pem -tpm2_readpublic --object-context=${HANDLE} --output=${ECDH_TPM_PUBKEY_PEM} --format=pem - -# Generate peer key pair -ECDH_PEER_PUBKEY=echdpeer.pub -ECDH_PEER_KEY=ecdhpeer -openssl ecparam -name prime256v1 -genkey -noout -out ${ECDH_PEER_KEY} -openssl ec -in ${ECDH_PEER_KEY} -pubout -out ${ECDH_PEER_PUBKEY} - -# Perform ECDH using the TPM key pair as the private key and the peer key pair as the public key -SECRET0=$(echo "abc" | openssl pkeyutl -derive -engine tpm2tss -keyform engine -inkey ${HANDLE} -peerkey ${ECDH_PEER_PUBKEY} -peerform pem -passin stdin | base64) -echo -e "TPM(prv) <-> PEER(pub): ${SECRET0}" - -# Perform ECDH with the peer key pair as the private key and the TPM key pair as the public key -SECRET1=$(openssl pkeyutl -derive -inkey ${ECDH_PEER_KEY} -peerkey ${ECDH_TPM_PUBKEY_PEM} -peerform pem | base64) -echo -e "TPM(pub) <-> PEER(prv): ${SECRET1}" - -# Release persistent HANDLE and remove files -tpm2_evictcontrol --object-context=${HANDLE} -rm ${ECDH_PEER_KEY} ${ECDH_PEER_PUBKEY} ${ECDH_TPM_PUBKEY} ${ECDH_TPM_KEY} ${ECDH_TPM_PUBKEY_PEM} ${ECDH_CTX} - -# Ensure tpm and peer generated secrets are the same -if [ "${SECRET0}" != "${SECRET1}" ]; then - echo "secrets don't match" - exit 1 -fi diff --git a/test/ecdsa-emptyauth.sh b/test/ecdsa-emptyauth.sh deleted file mode 100755 index 62757dd..0000000 --- a/test/ecdsa-emptyauth.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata - -tpm2tss-genkey -a ecdsa -c nist_p256 mykey - -openssl pkeyutl -keyform engine -engine tpm2tss -inkey mykey -sign -in mydata -out mysig - -R="$(openssl pkeyutl -keyform engine -engine tpm2tss -inkey mykey -verify -in mydata -sigfile mysig || true)" -if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/ecdsa-handle-flush.sh b/test/ecdsa-handle-flush.sh deleted file mode 100755 index 18d8685..0000000 --- a/test/ecdsa-handle-flush.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata.txt - -# Create a Primary key pair -echo "Generating primary key" -PARENT_CTX=primary_owner_key.ctx - -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=ecc \ - --key-context=${PARENT_CTX} -tpm2_flushcontext --transient-object - -# Create an ECDSA key pair -echo "Generating ECDSA key pair" -TPM_ECDSA_PUBKEY=ecdsakey.pub -TPM_ECDSA_KEY=ecdsakey -tpm2_create --key-auth=abc \ - --parent-context=${PARENT_CTX} \ - --hash-algorithm=sha256 --key-algorithm=ecc \ - --public=${TPM_ECDSA_PUBKEY} --private=${TPM_ECDSA_KEY} \ - --attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda -tpm2_flushcontext --transient-object - -# Load Key to persistent handle -ECDSA_CTX=ecdsakey.ctx -tpm2_load --parent-context=${PARENT_CTX} \ - --public=${TPM_ECDSA_PUBKEY} --private=${TPM_ECDSA_KEY} \ - --key-context=${ECDSA_CTX} -tpm2_flushcontext --transient-object - -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${ECDSA_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -# Signing Data -R="$(echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${HANDLE} -sign -in mydata.txt -out mysig -passin stdin 2>&1 || true)" -if echo $R | grep "ErrorCode (0x000001c4)" > /dev/null; then - echo $R - exit 1 -fi -# Get public key of handle -tpm2_readpublic --object-context=${HANDLE} --output=mykey.pem --format=pem - -# Release persistent HANDLE -tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} - -R="$(openssl pkeyutl -pubin -inkey mykey.pem -verify -in mydata.txt -sigfile mysig || true)" -if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/ecdsa-restricted.sh b/test/ecdsa-restricted.sh deleted file mode 100755 index 5e7b6e1..0000000 --- a/test/ecdsa-restricted.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -set -eufx - -# Generate 2k + a bit of data -dd if=/dev/zero of=mydata.txt count=4 bs=512 status=none -echo -n "abcde12345abcde12345">>mydata.txt - -# Create a Primary key pair -echo "Generating primary key" -PARENT_CTX=primary_owner_key.ctx - -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=ecc \ - --key-context=${PARENT_CTX} -tpm2_flushcontext --transient-object - -# Create an ECDSA key pair -echo "Generating ECDSA key pair" -TPM_ECDSA_PUBKEY=ecdsakey.pub -TPM_ECDSA_KEY=ecdsakey -tpm2_create --parent-context=${PARENT_CTX} \ - --hash-algorithm=sha256 --key-algorithm=ecc256:ecdsa-sha256:null \ - --public=${TPM_ECDSA_PUBKEY} --private=${TPM_ECDSA_KEY} \ - --attributes=sign\|restricted\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda -tpm2_flushcontext --transient-object - -# Load Key to persistent handle -ECDSA_CTX=ecdsakey.ctx -tpm2_load --parent-context=${PARENT_CTX} \ - --public=${TPM_ECDSA_PUBKEY} --private=${TPM_ECDSA_KEY} \ - --key-context=${ECDSA_CTX} -tpm2_flushcontext --transient-object - -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${ECDSA_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -tpm2_readpublic --object-context=${HANDLE} - -# Digest & sign Data -openssl dgst -engine tpm2tss -keyform engine -sha256 -sign ${HANDLE} -out mysig mydata.txt - -# Get public key of handle -tpm2_readpublic --object-context=${HANDLE} --output=mykey.pem --format=pem - -# Release persistent HANDLE -tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} - -R="$(openssl dgst -verify mykey.pem -sha256 -signature mysig mydata.txt || true)" -if ! echo $R | grep "Verified OK" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/ecdsa.sh b/test/ecdsa.sh deleted file mode 100755 index 35c0647..0000000 --- a/test/ecdsa.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata - -tpm2tss-genkey -a ecdsa -c nist_p256 -p abc mykey - -echo "abc" | openssl pkeyutl -keyform engine -engine tpm2tss -inkey mykey -sign -in mydata -out mysig -passin stdin - -R="$(echo "abc" | openssl pkeyutl -keyform engine -engine tpm2tss -inkey mykey -verify -in mydata -sigfile mysig -passin stdin || true)" -if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/error_tpm2-tss-engine-common.c b/test/error_tpm2-tss-engine-common.c deleted file mode 100644 index 775f602..0000000 --- a/test/error_tpm2-tss-engine-common.c +++ /dev/null @@ -1,96 +0,0 @@ -/* SPDX-License-Identifier: BSD-2 */ -/******************************************************************************* - * Copyright 2019, Fraunhofer SIT sponsored by Infineon Technologies AG - * All rights reserved. - ******************************************************************************/ - -#include "tpm2-tss-engine.h" -#include "tpm2-tss-engine-common.h" - -#ifdef HAVE_EXECINFO -#include -#endif -#include -#include -#include -#include - -TSS2_RC -__wrap_Esys_Initialize() -{ - printf("Esys_Initialize called\n"); -#ifdef HAVE_EXECINFO - void* b[128]; - backtrace_symbols_fd(b, backtrace(b, sizeof(b)/sizeof(b[0])), STDOUT_FILENO); -#endif - return -1; -} - -void -check_tpm2tss_tpm2data_readtpm(void **state) -{ - (void)(state); - int i; - i = tpm2tss_tpm2data_readtpm(0, NULL); - assert_int_equal(i, 0); -} - -void -check_tpm2tss_tpm2data_read(void **state) -{ - (void)(state); - int i; - i = tpm2tss_tpm2data_read("", NULL); - assert_int_equal(i, 0); -} - -void -check_init_tpm_parent_via_api(void **state) -{ - (void)(state); - int i; - i = tpm2tss_rsa_genkey(NULL, 0, NULL, NULL, 0); - assert_int_equal(i, 0); -} - -void -check_init_tpm_parent(void **state) -{ - (void)(state); - TSS2_RC r; - ESYS_CONTEXT *e; - ESYS_TR t; - r = init_tpm_parent(&e, -1, &t); - assert_int_not_equal(r, TSS2_RC_SUCCESS); -} - -void -check_init_tpm_key(void **state) -{ - (void)(state); - int i; - TSS2_RC r; - i = tpm2tss_rsa_genkey(NULL, 0, NULL, NULL, 0); - assert_int_equal(i, 0); - - ESYS_CONTEXT *e; - ESYS_TR t; - TPM2_DATA td = { .privatetype = KEY_TYPE_HANDLE }; - r = init_tpm_key(&e, &t, &td); - assert_int_not_equal(r, TSS2_RC_SUCCESS); - //assert_int_equal(1, 0); -} - -int -main(void) -{ - const struct CMUnitTest tests[] = { - cmocka_unit_test(check_tpm2tss_tpm2data_readtpm), - cmocka_unit_test(check_tpm2tss_tpm2data_read), - cmocka_unit_test(check_init_tpm_parent_via_api), - cmocka_unit_test(check_init_tpm_parent), - cmocka_unit_test(check_init_tpm_key), - }; - - return cmocka_run_group_tests(tests, NULL, NULL); -} diff --git a/test/failload.sh b/test/failload.sh deleted file mode 100755 index c183dcc..0000000 --- a/test/failload.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mykey -chmod ugo-rwx mykey - -R="$(openssl rsa -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub 2>&1 || true)" -echo $R -if ! echo $R | grep "unable to load Private Key" >/dev/null; then - exit 1 -fi diff --git a/test/failwrite.sh b/test/failwrite.sh deleted file mode 100755 index e160550..0000000 --- a/test/failwrite.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -set -eufx - -R="$(tpm2tss-genkey -a ecdsa -c nist_p256 -p abc /no/such/file/path 2>&1 || true)" -echo $R -if ! echo $R | grep "Error writing file" >/dev/null; then - exit 1 -fi diff --git a/test/neg-handle.pem b/test/neg-handle.pem deleted file mode 100644 index 95801ea..0000000 --- a/test/neg-handle.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN TSS2 PRIVATE KEY----- -MIIB8gYGZ4EFCgEDoAMBAQECBIEAAAEEggEYARYAAQALAAYEcgAAABAAEAgAAAEA -AQEAyJBHMXSEunTQBWTX2uot2qnvMBEJbhuM4+/bv7Ltaz2zjFdxdSB5tLp4fJZQ -AoUggU3HmF8sOGYfHTFJeNZJRFqXdB9sotNWLrWUeMXrAxdDJitGli5n87YrCTDu -6/DbJYbw1sd4/QL0sqXgzLogU7VPJhc+el5DjjimEeN6oU99zfN1HZacPTs74h0Q -LPrL3BACc/lkg1q6ePREulRI/Atcy5g5hgApfjSB6kMrbOwzzkGiZVZpZBqfPaik -k0SjQqNZFYejfDt99PgKQHyPHfuEVrjS788jQKvRWoPTYUQCI6iJDcp5JLk0RbqV -gD68RWwhQVDCmUpq5ebP/f/47wSBwAC+ACDN2bcOjh1KxxE8YlJXVdmuwBiUL3mF -hLLNWV3HWHnoAAAQ3OnaC4u9p1bOSyUPcw7fUR4UTNbqD2cSwPPMNRslR5RhoNBP -+j6M2vlKP7UeSxZ/at8CZHtKWV+VS+Osy9Dn+wHdqa1YSvRCBgP1a75OI9jjQ+li -I64327Vq1ZEl0LIyWdCCWrISRMcVT7JPmGhtuAS4KdHztl58JV9mntQPclW3Rp4o -5M/74zf2eaTxZOBV+OxhPR77SSQQ+w== ------END TSS2 PRIVATE KEY----- diff --git a/test/rand.sh b/test/rand.sh deleted file mode 100755 index a8ee049..0000000 --- a/test/rand.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -eufx - -openssl rand -engine tpm2tss -hex 10 >/dev/null diff --git a/test/rsadecrypt.sh b/test/rsadecrypt.sh deleted file mode 100755 index c4c58c3..0000000 --- a/test/rsadecrypt.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata - -tpm2tss-genkey -a rsa -s 2048 -p abc mykey - -echo "abc" | openssl rsa -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub -passin stdin - -openssl pkeyutl -pubin -inkey mykey.pub -encrypt -in mydata -out mycipher -rm mydata - -echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -decrypt -in mycipher -out mydata -passin stdin -#this is a workaround because -decrypt sometimes exits 0 falsely -test "x$(cat mydata)" = "xabcde12345abcde12345" diff --git a/test/rsasign.sh b/test/rsasign.sh deleted file mode 100755 index 9cd4484..0000000 --- a/test/rsasign.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata - -tpm2tss-genkey -a rsa -s 2048 -p abc mykey - -echo "abc" | openssl rsa -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub -passin stdin - -echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -sign -in mydata -out mysig -passin stdin - -#this is a workaround because -verify allways exits 1 -R="$(openssl pkeyutl -pubin -inkey mykey.pub -verify -in mydata -sigfile mysig || true)" -if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/rsasign_importtpm.sh b/test/rsasign_importtpm.sh deleted file mode 100755 index 0133b65..0000000 --- a/test/rsasign_importtpm.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -set -eufx - -DIR=$(mktemp -d) -TPM_RSA_PUBKEY=${DIR}/rsakey.pub -TPM_RSA_KEY=${DIR}/rsakey -PARENT_CTX=${DIR}/primary_owner_key.ctx - -echo -n "abcde12345abcde12345">${DIR}/mydata - -tpm2_startup -c || true - -# Create primary key as persistent handle -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=ecc \ - --key-context=${PARENT_CTX} \ - --attributes="decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda|restricted" -tpm2_flushcontext --transient-object - -# Create an RSA key pair -echo "Generating RSA key pair" -tpm2_create --key-auth=abc --parent-context=${PARENT_CTX} \ - --hash-algorithm=sha256 --key-algorithm=rsa \ - --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ - --attributes="sign|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda" -tpm2_flushcontext --transient-object - -tpm2tss-genkey --public ${TPM_RSA_PUBKEY} --private ${TPM_RSA_KEY} --password abc ${DIR}/mykey - -echo "abc" | openssl rsa -engine tpm2tss -inform engine -in ${DIR}/mykey -pubout -outform pem -out ${DIR}/mykey.pub -passin stdin - -echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${DIR}/mykey -sign -in ${DIR}/mydata -out ${DIR}/mysig -passin stdin - -#this is a workaround because -verify allways exits 1 -R="$(openssl pkeyutl -pubin -inkey ${DIR}/mykey.pub -verify -in ${DIR}/mydata -sigfile ${DIR}/mysig || true)" -if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/rsasign_importtpmparent.sh b/test/rsasign_importtpmparent.sh deleted file mode 100755 index 37c1daf..0000000 --- a/test/rsasign_importtpmparent.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -set -eufx - -DIR=$(mktemp -d) -TPM_RSA_PUBKEY=${DIR}/rsakey.pub -TPM_RSA_KEY=${DIR}/rsakey -PARENT_CTX=${DIR}/primary_owner_key.ctx - -echo -n "abcde12345abcde12345">${DIR}/mydata - -tpm2_startup -c || true - -# Create primary key as persistent handle -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ - --key-context=${PARENT_CTX} -tpm2_flushcontext --transient-object -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${PARENT_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -# Create an RSA key pair -echo "Generating RSA key pair" -tpm2_create --key-auth=abc --parent-context=${HANDLE} \ - --hash-algorithm=sha256 --key-algorithm=rsa \ - --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ - --attributes="sign|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda" -tpm2_flushcontext --transient-object - -tpm2tss-genkey --public ${TPM_RSA_PUBKEY} --private ${TPM_RSA_KEY} --password abc --parent ${HANDLE} ${DIR}/mykey - -echo "abc" | openssl rsa -engine tpm2tss -inform engine -in ${DIR}/mykey -pubout -outform pem -out ${DIR}/mykey.pub -passin stdin - -echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${DIR}/mykey -sign -in ${DIR}/mydata -out ${DIR}/mysig -passin stdin - -# Release persistent HANDLE -tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} - -#this is a workaround because -verify allways exits 1 -R="$(openssl pkeyutl -pubin -inkey ${DIR}/mykey.pub -verify -in ${DIR}/mydata -sigfile ${DIR}/mysig || true)" -if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/rsasign_parent.sh b/test/rsasign_parent.sh deleted file mode 100755 index 3788b50..0000000 --- a/test/rsasign_parent.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata.txt - -# Create an Primary key pair -echo "Generating primary key" -PARENT_CTX=primary_owner_key.ctx - -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ - --key-context=${PARENT_CTX} -tpm2_flushcontext --transient-object - -# Load primary key to persistent handle -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${PARENT_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -# Generating a key underneath the persistent parent -tpm2tss-genkey -a rsa -s 2048 -p abc -P ${HANDLE} mykey - -echo "abc" | openssl rsa -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub -passin stdin -cat mykey.pub - -echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -sign -in mydata.txt -out mysig -passin stdin - -# Release persistent HANDLE -tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} - -#this is a workaround because -verify allways exits 1 -R="$(openssl pkeyutl -pubin -inkey mykey.pub -verify -in mydata.txt -sigfile mysig || true)" -if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/rsasign_parent_pass.sh b/test/rsasign_parent_pass.sh deleted file mode 100755 index ded2c2a..0000000 --- a/test/rsasign_parent_pass.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata.txt - -# Create an Primary key pair -echo "Generating primary key" -PARENT_CTX=primary_owner_key.ctx - -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ - --key-context=${PARENT_CTX} --key-auth=abc -tpm2_flushcontext --transient-object - -# Load primary key to persistent handle -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${PARENT_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -# Generating a key underneath the persistent, password protected, parent -tpm2tss-genkey -a rsa -s 2048 -p abc -P ${HANDLE} -W abc mykey - -cat > engine.conf </dev/null; then - echo $R - exit 1 -fi diff --git a/test/rsasign_persistent.sh b/test/rsasign_persistent.sh deleted file mode 100755 index 734b4bf..0000000 --- a/test/rsasign_persistent.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata.txt - -# Create an Primary key pair -echo "Generating primary key" -PARENT_CTX=primary_owner_key.ctx - -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ - --key-context=${PARENT_CTX} -tpm2_flushcontext --transient-object - -# Create an RSA key pair -echo "Generating RSA key pair" -TPM_RSA_PUBKEY=rsakey.pub -TPM_RSA_KEY=rsakey -tpm2_create --key-auth=abc \ - --parent-context=${PARENT_CTX} \ - --hash-algorithm=sha256 --key-algorithm=rsa \ - --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ - --attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda -tpm2_flushcontext --transient-object - -# Load Key to persistent handle -RSA_CTX=rsakey.ctx -tpm2_load --parent-context=${PARENT_CTX} \ - --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ - --key-context=${RSA_CTX} -tpm2_flushcontext --transient-object - -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${RSA_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -# Signing Data -echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${HANDLE} -sign -in mydata.txt -out mysig -passin stdin -# Get public key of handle -tpm2_readpublic --object-context=${HANDLE} --output=mykey.pem --format=pem - -# Release persistent HANDLE -tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} - -R="$(openssl pkeyutl -pubin -inkey mykey.pem -verify -in mydata.txt -sigfile mysig || true)" -if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/rsasign_persistent_emptyauth.sh b/test/rsasign_persistent_emptyauth.sh deleted file mode 100755 index 4558b48..0000000 --- a/test/rsasign_persistent_emptyauth.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -set -eufx - -echo -n "abcde12345abcde12345">mydata.txt - -# Create an Primary key pair -echo "Generating primary key" -PARENT_CTX=primary_owner_key.ctx - -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ - --key-context=${PARENT_CTX} -tpm2_flushcontext --transient-object - -# Create an RSA key pair -echo "Generating RSA key pair" -TPM_RSA_PUBKEY=rsakey.pub -TPM_RSA_KEY=rsakey -tpm2_create --parent-context=${PARENT_CTX} \ - --hash-algorithm=sha256 --key-algorithm=rsa \ - --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ - --attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda -tpm2_flushcontext --transient-object - -# Load Key to persistent handle -RSA_CTX=rsakey.ctx -tpm2_load --parent-context=${PARENT_CTX} \ - --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ - --key-context=${RSA_CTX} -tpm2_flushcontext --transient-object - -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${RSA_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -# Signing Data -#Actually signing should not require an auth value -if ! openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${HANDLE} -sign -in mydata.txt -out mysig -passin file:notexists; then -#The expect script is only here, because tpm2-tss <2.2 had some bug, and thus us asking for passwords when none were required. -expect </dev/null; then - echo $R - exit 1 -fi diff --git a/test/rsasign_restricted.sh b/test/rsasign_restricted.sh deleted file mode 100755 index e5facc2..0000000 --- a/test/rsasign_restricted.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -set -eufx - -# Generate 2k + a bit of data -dd if=/dev/zero of=mydata.txt count=4 bs=512 status=none -echo -n "abcde12345abcde12345">>mydata.txt - -# Create a Primary key pair -echo "Generating primary key" -PARENT_CTX=primary_owner_key.ctx - -tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ - --key-context=${PARENT_CTX} -tpm2_flushcontext --transient-object - -# Create an RSA key pair -echo "Generating RSA key pair" -TPM_RSA_PUBKEY=rsakey.pub -TPM_RSA_KEY=rsakey -tpm2_create --parent-context=${PARENT_CTX} \ - --hash-algorithm=sha256 --key-algorithm=rsa:rsassa-sha256:null \ - --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ - --attributes=sign\|restricted\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda -tpm2_flushcontext --transient-object - -# Load Key to persistent handle -RSA_CTX=rsakey.ctx -tpm2_load --parent-context=${PARENT_CTX} \ - --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ - --key-context=${RSA_CTX} -tpm2_flushcontext --transient-object - -HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${RSA_CTX} | cut -d ' ' -f 2 | head -n 1) -tpm2_flushcontext --transient-object - -tpm2_readpublic --object-context=${HANDLE} - -# Digest & sign Data -openssl dgst -engine tpm2tss -keyform engine -sha256 -sign ${HANDLE} -out mysig mydata.txt - -# Get public key of handle -tpm2_readpublic --object-context=${HANDLE} --output=mykey.pem --format=pem - -# Release persistent HANDLE -tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} - -R="$(openssl dgst -verify mykey.pem -sha256 -signature mysig mydata.txt || true)" -if ! echo $R | grep "Verified OK" >/dev/null; then - echo $R - exit 1 -fi diff --git a/test/sclient.sh b/test/sclient.sh deleted file mode 100755 index d5e3459..0000000 --- a/test/sclient.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -set -eufx - -if openssl version | grep "OpenSSL 1.0.2" >/dev/null; then - echo "OpenSSL 1.0.2 does not load the certificate; private key mismatch ???" - exit 77 -fi - -echo -en "SSL CONNECTION WORKING\n">test.html - -function cleanup() -{ - kill -term $SERVER || true -} - -openssl ecparam -genkey -name prime256v1 -noout -out ca.key - -echo -e "\n\n\n\n\n\n\n" | openssl req -new -x509 -batch -extensions v3_ca -key ca.key -out ca.crt - -echo -e "\n\n\n\n\n\n\n\n\n" | openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr - -openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt - -tpm2tss-genkey -a rsa client.tpm.key - -echo -e "\n\n\n\n\n\n\n\n\n" | openssl req -new -key client.tpm.key -keyform engine -engine tpm2tss -out client.csr - -openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt - -openssl s_server -cert server.crt -key server.key -accept 8443 -verify 1 -CAfile ca.crt -WWW & -SERVER=$! - -sleep 1 - -kill -0 $! - -trap "cleanup" EXIT - -# We have to sleep, such that the pipe stays open until the command is finished. -(echo -e "GET /test.html HTTP/1.1\r\n\r\n" && sleep 1) | openssl s_client -connect 127.0.0.1:8443 -cert client.crt -key client.tpm.key -engine tpm2tss -keyform engine -CAfile ca.crt - -echo "SUCCESS" diff --git a/test/sh_log_compiler.sh b/test/sh_log_compiler.sh deleted file mode 100755 index 1b5ea20..0000000 --- a/test/sh_log_compiler.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash - -export LANG=C -export OPENSSL_ENGINES="${OPENSSL_ENGINES:=$PWD/.libs}" -export LD_LIBRARY_PATH="$OPENSSL_ENGINES:${LD_LIBRARY_PATH-}" -export PATH="$PWD:$PATH" - -if [ -z "$2" ]; then - # no device passed - test_script="$(realpath "$1")" -else - test_script="$(realpath "$2")" - INTEGRATION_DEVICE=$1 -fi - -echo "Creating tpm2tss symlink" -ln -fs libtpm2tss.so .libs/tpm2tss.so - -tmp_dir="$(mktemp --directory)" -echo "Switching to temporary directory $tmp_dir" -cd "$tmp_dir" - -if [ -z "$INTEGRATION_DEVICE" ]; then - # No device is passed so the TPM simulator will be used. - for simulator in 'swtpm' 'tpm_server'; do - simulator_binary="$(command -v "$simulator")" && break - done - if [ -z "$simulator_binary" ]; then - echo 'ERROR: No TPM simulator was found on PATH' - exit 99 - fi - - for attempt in $(seq 9 -1 0); do - simulator_port="$(shuf --input-range 1024-65534 --head-count 1)" - echo "Starting simulator on port $simulator_port" - case "$simulator_binary" in - *swtpm) "$simulator_binary" socket --tpm2 --server port="$simulator_port" \ - --ctrl type=tcp,port="$(( simulator_port + 1 ))" \ - --flags not-need-init --tpmstate dir="$tmp_dir" \ - --seccomp "action=none" &;; - *tpm_server) "$simulator_binary" -port "$simulator_port" &;; - esac - simulator_pid="$!" - sleep 1 - - if ( ss --listening --tcp --ipv4 --processes | grep "$simulator_pid" | grep --quiet "$simulator_port" && - ss --listening --tcp --ipv4 --processes | grep "$simulator_pid" | grep --quiet "$(( simulator_port + 1 ))" ) - then - echo "Simulator with PID $simulator_pid started successfully" - break - else - echo "Failed to start simulator, the port might be in use" - kill "$simulator_pid" - - if [ "$attempt" -eq 0 ]; then - echo 'ERROR: Reached maximum number of tries to start simulator, giving up' - exit 99 - fi - fi - done - - case "$simulator_binary" in - *swtpm) export TPM2TSSENGINE_TCTI="swtpm:port=$simulator_port";; - *tpm_server) export TPM2TSSENGINE_TCTI="mssim:port=$simulator_port";; - esac - export TPM2TOOLS_TCTI="$TPM2TSSENGINE_TCTI" - - tpm2_startup --clear -else - # A physical TPM will be used for the integration test. - echo "Running the test with $INTEGRATION_DEVICE" - export TPM2TSSENGINE_TCTI="libtss2-tcti-device.so:$INTEGRATION_DEVICE" - export TPM2TOOLS_TCTI="$TPM2TSSENGINE_TCTI" -fi - -echo "Starting $test_script" -"$test_script" -test_status="$?" - -kill "$simulator_pid" -rm -rf "$tmp_dir" - -exit "$test_status" diff --git a/test/sserver.sh b/test/sserver.sh deleted file mode 100755 index a54e879..0000000 --- a/test/sserver.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -set -eufx - -if openssl version | grep "OpenSSL 1.0.2" >/dev/null; then - echo "OpenSSL 1.0.2 does not load the certificate; private key mismatch ???" - exit 77 -fi - -echo -n "WORKING !!!">index.html - -function cleanup() -{ - kill -term $SERVER -} - -tpm2tss-genkey -a ecdsa mykey - -echo -e "\n\n\n\n\n\n\n" | openssl req -new -x509 -engine tpm2tss -key mykey -keyform engine -out mykey.crt - -openssl s_server -www -cert mykey.crt -key mykey -keyform engine -engine tpm2tss -accept 127.0.0.1:8444 & -SERVER=$! -trap "cleanup" EXIT - -sleep 1 - -echo "GET index.html" | openssl s_client -connect localhost:8444 diff --git a/test/tpm2-tss-engine-common.c b/test/tpm2-tss-engine-common.c deleted file mode 100644 index e42ca56..0000000 --- a/test/tpm2-tss-engine-common.c +++ /dev/null @@ -1,31 +0,0 @@ -/* SPDX-License-Identifier: BSD-2 */ -/******************************************************************************* - * Copyright 2021, Erik Larsson - * All rights reserved. - ******************************************************************************/ - -#include "tpm2-tss-engine.h" - -#include -#include - -void -check_tpm2tss_tpm2data_read(void **state) -{ - (void)(state); - TPM2_DATA *tpm2Data = NULL; - int rc; - rc = tpm2tss_tpm2data_read(NEG_HANDLE_PEM, &tpm2Data); - assert_int_equal(rc, 1); - assert_int_equal(tpm2Data->parent, 0x81000001); -} - -int -main(void) -{ - const struct CMUnitTest tests[] = { - cmocka_unit_test(check_tpm2tss_tpm2data_read), - }; - - return cmocka_run_group_tests(tests, NULL, NULL); -} diff --git a/tpm2-tss-engine-1.1.0.tar.gz b/tpm2-tss-engine-1.1.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..58156addf507469278d04ffbf5356d04da2a4751 GIT binary patch literal 394448 zcmV(lK=i*KiwFQA%C}zv1ME9%ciP6b`D%W}l(33nApw418<)0(;F=!Wa1GAm#tt5& z0aOb~)kt6(=f9u5XGTcEkI>$pb?#Z~cqPG%_G|X+_b7ok+tC8fHRen#hiO&4s#nUd z{??xg{2UzY<7f3?znc7veqL2~5BB#D_Vz1#uwJe1)%IVJ{a61%KhZ{_&;O90;K}nJ zg_dn{&~c}wZKqN_Bqu&&r02QY)0@C$#6yHm@M581tC5&EgtyRC=38BAk;C-u1{vJX^oe# z0Azq6^GPseBw+rG6L&1W{Bm(ceqj#tVI#e8WLpL~vkc~NMkps9uJ9={$!G~Q5aGFv z91~{2bDzwa&*3}SjaVppCF1%(W19vjwohCS(F!2zlGrqeF+qvZwmsjS_;iLlk2h!% z%Mpa9t_QoB0zugF!m@2LVkG2j9NHxUkU-^qXK>oR8j$A2NAkXTdD*-ed^`r&VCsee zVRI%aSu@YJfH3UIr%td0(E<6qec3t%jOLrpS!eJOSc!9}~@Cnw!Y(j>j+<)G8L zI%{5%-qmHV+i&ZH^cjmZ3pAe5?O2=+D9~g9wQMf;{1J|mgJiZzrgYBWSPf>)K`t;i zu&HmK8PK4%>rBKB0XA0QF|o$Paf1@!Am0zuAna*v&2n(fSQfDf;RAvx;)d!-5ZDJl zl$xe!K}tY4SYeUvl^);=cpf!P3%`OEJfLZDVf)hAI5Py~0g(CT(UlU8vz`5=cQ)V6 z7UV&6A(&Xe!CsPuZ$T(>aQ8jn@Wu_MKZgW=vg@%~i7G z0dP&CF_Pycy;v@l^0%2x$mxVNve%g_{H0EE74oUu8+5uCHJOod{*`{y?B3?sIk%=LNKS%uNj1v5!B`2JXn4d(-Tr$rEHyec$wA9U%oXunu zMbsf$Yx3O4c5aoY3ZRc~*`=QOE2&WU+2dTtRb1teJPhfs7!)mtb|9nlLN45t`65?d zbTd&rKgQ4}!#(2tmB0>~!DDS?GXsAqtwUKrK91&=1HaD1ZV&;CocbJ%Z8pObu)#qy zizx;{;d8myM4JSpLXL^)!YLc*5V0g64CX<7E#hwhDP)w{DSudc#NS2m=7FPM1xPQad1pV zKBIRlWK!6AO|CE|1SX_-$P<r*gt%+?}YKv`vgZZPeF z8J7?zsyxvvN6dB?B_w0X)IDX?qz0CnE-;2vC(02#Qi36gj=%xN6l_3*)z{<{)02&F8%!85& z_aWH!B3T0PFB7(JfD}u)RiP<|d$6kX&sOyYs0a#zOop>yXc$9q`Jw0w8+m!YSv+6E zHCf|2_tP=i_Gd&Jlj|I?kt*H!v23z=*$Hj?nD{ebEuSVI6v+4AOUt>=Mf9>5Din{u zL{xceH7iYT7pxBmLYDk8IPbmfTsF#p@D-NG7gS2)b~~I=en%xUx;wM{3^0`H5;We6r!3o3CYQ>CJj>%W@@E~}tK%qi^+dY@iAVAC}m($cke6}tZ z?iPs_l0;MZS}yl8BC1=s^n2<%5UT3R5Fo#RAuuEKnedI+QiOje7$zbDxCUk%=`~>X zu~Wr%2L7PLiwH%LiQo~K;cT{SploIFE1tYM>qa&wmUM%tU)<;ypV{hH&~HX2l%zkE za>_?auq+ZysZ@w#D3%oW#~=?`u|PUoBHNP#?g^XTw4VFZ98WW4gR<* zR5zQTQXsK;fT?_s+Z2&>OT^x!jIcc;yGjlSFt+d$<1v0l5&1rw+FF)0$bEupilpNX zqu>Y*3nhoxm6h4Ta9=7F3+pnVdc?D$c$j{sbcg_$DF{|4Yq5YF$K5;paTqgY9D}H2 zLW3YGPK=1XCA1e1tGoSsvcT#M>rK_+zUjXOPz#f^m@RBirt}Z%XU8>kKMW?YtTQvj z+GWh|3~(U0pQK+r#r_ z>$G#x#?T=4pv~4i|KWk8Aw%cRaTkulzigkioBag7{~Ue<`-KF*;vEkMR{` z8vR}SvJcHbj6Z*leFPcdOJ~aFlEky*44gjEL8bNY`%mblfN_`W{>8-QQn^ps=^-N}qL7@ZU ztQ%f7vjrKB{P2U;?w+Ll7|2Kc@egB&OAyewKK&7wSJ`rVIJ{~hli{$SxP=A^2T;sT z!I>5d@JS3Atq54o64Jr~ROsW(7RVGyew#}dJ?&)3NgN4OpA(-!)$|$3_fCZd2aYTm)VOEoUC>qrWniSERVM8Q3 zm3ufR4t}q%nVs^fdddo;Z^~h!ugZY4Q9DtrU$6ioO1)T@Mk>FOZD+*I0tujaWdV-{ zP}>X9M^VqSL0+hm3Q*!gw@5GuyFTKJmPd8XLFhqZs*|Et)EpK7MP`qSrNnpYhC#7} zcnKK89gmBmJB=5M(8QhKFh&U^3SAt9If1=Id=BNLF_qD@eRh&$QX~r@J!du^J4)u- zCL+0`-*81tpk$L4jdZ}%=9UTCA3@iO&!B4*DCn+G0E{f#3YJ1hbYX{sje#s=1}T#| z7N3d!PjbX+0hm6+5SE4Bg;6N&n=a!{J`f`@%Lr}igU=gi2z2DCVFmQ9rc^mb+V# z(o6f}1G)%WRJP19yW}L@?6XiI_cwwRHHebCaEpQLvFQuZgiQ++>d)8+O;c>9A--yg z1g7T*sF;Fz1i`1f%#K0$)P53VlmvMKVn0n}-)4`17_gtC|81e-SM#i=_Lv-SeP-9& zi213a9o<|P^kS}bUB!vl))t0V>TE*Ek)-tE^)?$_7X%4U(1>Kt=Dwg+-&e7K zY=hs4xxXrx#vvxPf^gO5n~uJb1uv+}&Sp3S>4!r&jYp|ZOL+ulpshIHC_Gq{DQ8PgSh_gpg_fCw z0Y)ebA{ch$&?mQB-IEiD>v4=N;Eapv7*Mw3a9q$=#4Z`A&LQ%d2x#&;2V-&P!%qrs zr6Sz0Nb%`qsX5Gn31dmBRy~M};w{5LJQxxl7X(Xu%tn7v&SQ`l}F>`siVrQjp*4jku~RUB6y!R5^jg+6aQh6DokTlteVywQtrT(D|{I3>`bgQ=Ew*3Y6Zt~Xk}tKr~dudSUo zFRo6St-;l0`%?Qy`|_fFrgeMm%jTeS@k>-6$z-nXmVD@#91|boS7EuZ!9?bi7LyU%EK6vS9Nb$ zg6p8G+ZDqXqOdj+@ax)N7Xo6l6BmcymO{aAE`|#T5COg=$C))^ez5#AqCi3e@axS* zu_ccUq&c@t2d^(;ah@U{Q=TdK4M?-QJ9ksE2)hBvzH3|NrZhPMf0HO!vga9~2Y-#O z2T{uRjKt3Ujr8enu1bHSEki+kzu|@vbe+H@Gu_SbeS}=oj^*)sw|`Qt7xm)m9zkY% ze5OJ6)m%QV#*Y%%)b^%Sp$qo6NdAkw z9L(*0%}4RGxUU!g5{Mihgah5;?D=yhDu!Y=9e5{W5!+{e%=%C`|?4xw{u*&_3} z4&uX>%T-aO4g9dSr^Y0r6Ej0&b%$L&I@*W&qZ7aAAp4L1RHO`%e3x>;cf-k4+*DvcR2A8CfdWEZsfGrkuLW?-j(|-n5a639} z$_q*TMY|Rnl;yU{ZJ))Zq&#kNy$$7eA-WQCeW>Ki*VVFziEkxM-20^Y#W^_Jez!-q zcdC`zULhNwYcz9{yrN``!215?;AgF-B3>)wzlR&K5Dcm>Fktij6ue$j7|oYZYER?z zTF)YR23^NG*bM6+i6uDgyttnfmzw0V^YVUbX&(Av>y5%{y@YkRhSfY%Sa1FeR_lYp zdiy7^j+zRo4Bw7k+}lwSQ)pxNMg668aiAY5jF)&E9HrXICh0l46W7ByW|eO>nDP5$ z0`A=-I8~Od0}h@C99zsbN%DOeh4Wz@2j2l&p+Qr@d z?)`_4|4Zn|FxhxAwSK#^XO8Rr?(-m=FYcFr+~VjMIz${UwLf$QMBG4**cj)3n9x)v zpmW!P*zJYB<%S&E7Dt1W;>w(d(O8$+Q(TSapr@3#;dxR~S#@>M8D+@k%$m?*{pzCg zVJJri!*_K^hHbf_d`ut|2Tu%|h<&S8c&u(1boBkpQoImC>mp$gOSE)QzwFxd9 z9;Pv%iLPIE`mJKUs(-3fcWwan0T+FX8&GD&s}VsQrctN{pga;FFV}0>whLM=uPf3; z!LZw}uMu5UT>?5yrhmEfQ>9uz?PymY%ICcv;(~qmFApoQ-PCeKa_V`ss#mosw7}4t z!Do0s^Sm@&brpwtyDuuD=birJ@BQ=M@NG+rmc=xk-ZA#`!h?Rkva2sVIv(kCtj{c) zY`3Wowa_XtLjLwE09O558~IAw&caF zlmWfyzTOX=v>iTjX>=Rtnf2=M7kY%NDJ}8uX3L(06@$^aq}wWQUPssF87Bu0GH1&P>EnAZ8Cz%qQ(5Z z-cpNVdaBV?Z^H6$RFbdbS+cQ&Ru0NLvY<-=75%>uXs5-z5-HZ8Cq1RU8UF_oc25nw z!dRe@NSM`sVL(%m|A7JUtsu|EioH~C!HH{EVJ>~SYqT^+64}$AbLQQ@M>UB-MK+GW zVjid6-NyZC9|~T^ix2(1r=||kyBF(&gkF1-0taB zeOLSSEdRvr!+#QY?SF0K*#2kwS9sIzhWHZaNyua#oe*f7-3Ia@z|c#X)FcKx&BJ3m z5Vr0Ae$P3QY}uCMWSYI(-DyGA`RXklotI{FFT3f*(oos%nw~rrh~*5iSME`e1y52q zx=8F5h%-Yg7_39(PpxG6qtbNlk7ME&m~Ec#?!MaJtL)VZ-||sT09a^Z7nboI8ZDvz z@sF4xO)VTaF=*0=VQUM5Q^;y#Am_)q5m3duT}{RYJHi$&yay-Q(F_hgI@WTX&Sr`l z&-NG0ev?eS?UQr1nNMurpD@G!1)3r=Q*oiUAyqm@;Tn`j+XW=FZbx;@Gc0-72X>{O zpB`+O_BL(moHS?pxY+z0>f6LGRu0%T4ex?}#J$H1r9hng7wmXocnZ97l53gf!jiB& za>&qf*eoam>Z0Y)o}PZ^AlyM`f~-D`w^%c|Da@!GX-#uzTu;AZQE!+Pzo3s5oI5`q z6G?JeB285keOsfb2XhQZLZm2>Bo`&pR7KIZb$T({ebEBc(4pQT zv&$fR3-=8lSj|MgJI=%^@~^9L_+?xLCGP1Pps{;<53)w;B(xBSF@y_W-KeSPF5aJ? zb+43^iwRs;GkEdK_LacUWspa6xi&_%TrIac?^!KioT~L&_`3icO>76ats)GP<=(rd z^H7AOW!4;bNZ!!8=ym%8n&CVF8$b6}-Vub7aR-HHKmDX7%qjy8dgM&ttb+eugoc*r z$}%?|e$lj&P6rYl>vy}P0r2OfUeHUx$D=`+Y0tD>{K<6hM|;}n!E`kpetx{ZDQI6_ zaI4BNE6au%3YsAMF+%nukulp#$;?yReVBXx5W9g4--BfApX0+qEHkRPKlI7m@UnpC zK5K-wo1;lWe=#}D-#rvNeEc}ev3gxsZVLR)y<0B)7#f1A@h{KnnfQ-x{jcH!4_2=g z(BMp%u}WXE3Wl|_PPzPFuIbw?R`Bb$7i9PvyCwye^0J*g3*q#WIk49=(MMYcAQ3c{~U0bZDA}cMKbqsc392E8i*|{nN#cvJGspKu1Wm3JvIUStvvTg+k*6jg z=?4)7RtENdvyom(T(;Y5HucugeB!|Uh0k*wL6HDE<>gr|G8@M1n`$x;7|kCs6Re4E zYCt8f2tqB7sOwI#t0M-Bpm?LRKKt$*mI{4{17E=BOGT}HL8U4IXzDfEG3l=sf+ULr z=A*1CPTOT?Mac1mg^@fx%7%9191-oF-o0J4ks(@3Fma!dOuXiQTJ7%D>(+IpdSg^t z)dJm{AW5qlRilDeQ1(j&eu3-N*?Fno!6YFjfvcoLGHnwY%x+!6sYkoFA1%^jHnj)1 zev?)XjUeo>iCXlJB=&6a!z3>xJ>I8$jzi|LPI)H5)te1$LMtu<=5>n6d(B2&%1vv! zxYU9zWbTn#6&7!x80jANpi?iUeTHZH6evbSmYB7ppz+ji(sXzts1K| zNkMPtUah*%>dtw^5@!|TURt4+C*8t0;89bV)E&wB2WEAN&Fs7W`qqum01qGs(9N3*lzEPQV_Co2@84{9*+_H!%)WiGRyIRk{aYcfG< z-sMwh1iho+S3H7e1j1wv> zG8gz-Y5mjRj?eO`9e^|>pl5B2tR_n5^MbWFu~aAC#Bo+HRF2Ek3APY0?_yM+l?gkg_$+fo0jRDE48w+@X{V_+m?FGQv|@qYl!(siwV z11Bbw4NYxTjD%>(NuJ*i4sZd%sE|}bfmKbxN{pDGZ5%X_{9V6zAzJ^ge{scDz*<@w z=pRK?g7s66`IFc?R^`LzEv?hGmJM87HVH2r3~#ty)N1I}%Bi%Ge2OEVZ527yuDV zF1%`#nG+U%Y}6AUpMsD1eBvWp+b=bmrCOzIRH+KWY=Sj_>2jFI55Ht_7`%(+a_jyJ1%L=-5Xw&pDR4q$Q3DQ%(aezKU7z9ugbsSM`P71K zf+8ZcIE+Ah6^;Bc8fiu(^sC7C^Dl{hs8ozu^prWLUoG3*3}7YMYtODVS^ z`l@YWjw6h5$hnjuLops*Wj)zsV`?^jqSCnD{{Iu+&m(<^8hG z>_l5xCSsZDALSW?C(MhT;E4Hxy%Zb;D^G$Q+O<&m&!R?5;id+h$)0v=jm!n#r@I3< z{f50xqxmn*a^3mNnlHS`vyj4a!KLpmSe(4*;Q>p5WAL;@{G17gqs*x>Lg^)PjHbkh#>QK$BgX%C? zN%D<#3jIT8lhld9P|Cf?f!TE;0UW^aY(jaRk~2JwHq%6<2w_NRw6m7RD5YYGd(lC7 zp^|P|&DYllKio(k5(eFhYa6G0ok~_#lIcIZeyz89{o|4?bkI87|H^Wj0%z)2@%#OQ zgRK#seQ4+4@P_22Ysr)r=p#-z--1_d|%4tqacW91Aj6Y(1FapLUQW`Ex_9glu-W#1-J-aTLCu~=( zp5Cxpa}Bg+1g)8lwno(=HCs`!v-Su5L$TLyMMnI2>J&$=`3zIWR%ntVHs&7T~-d|PP#}_+tfryGxQaJF(0;<*Xp+*pLJ(tpbsY>a-RHX>W z8f`ltM4RRRP~KX~`1?q_T@yg3LwR-_M5i#Helgxlo>DWwBL=jr!&--VcP&<2pscR)rv zpv2f`Q3&+XIsrR0vX~Cm+84Rq-->sOKWyJy6vK3=`?v5nfQ-k%*e@q~v~EQE^uOQ! zt&|w;I%ehk7dng%`@_LesRsXY_ZN{A?Am&(?TxJ2_@j0_y|qwyU&`=taz?m^+ZlH4 zSZQ4N7c0| z8`@|{f|p1e!{UNgqG>j2W3q3+#a$LNC*gYqhxdoKzjaSC#(DI7|70gzOncpvx4$*& z8MIS-cK_6gNG8n@qthShIv~yAk?dknm#z0NDi+ zI`SfW#w-%^g%(FR-DuNcO_37?W~`B_3Fx?%qx4VYD&;Vy-WI&R^w!&xi@=mkywJgn zBSbeSBZo=gd)LL%4F=@f%YO>0_6lQyW>ssi#K}~(Duu4ab9z`u1Un&ZELM~B;V97* z5ysR57t|?Q9TCAch^PAd_3xz{dPjpDbh+!+0&T5ZH#z*7{7K;FPaEt@tQ%D4R?nVg zgzaG)Mf_%MqD3LhEeg83)}g`Tn&nhA;b6mCD}on`I}v31o{}ikk6Z}zVHQTbrQcC7 zIGvBJNr?hlwRoTy9vkK-t%P!37a z;JuTv;mwVTCvrK_3aG#2oAe7kj$m+Wx+hws#`#^s-L&hvOD*2J3tTC(!8I~ zwgW~dRW=fwRI5PDZ5>yiEA#1gkfyb&yQMifg*|#pNa&O$ZvxD$!wXrdyGC%xE#+Wf36jO|25-KWYSxJwLlUEUGqa5X?#O)2%hE0G*AYW?l=kw1( z0j-hUz2JNK)Btw&`ggPV?;E|9k8-%Nsl-A8=e4|6ysHZCx8FX{d5|BWKT=j*aIfvA zoE??CtFr6ivpA&PP0yPQXy7;_RsZrE?3!Kdj8YNSq;J$G){0t4H|fPp|n_)uGcdNkJ=0`w1G z0m6kzG7cPy!Ike$amTYJceQE}2#bw+wvIc_zAZ^wn4#!S@_cc|f9YE@&(ycbi5`78 z>0Xr_f7z;w9TtAk>PDHxmJ+^J!j1yA}nQvP^ekhwm=4=Vzvthpg1X zVQ+@=7f5FFu|?PQ zqmAm~3Cd&vPE4OA>I~1q>KiNW6ahj!5Wmvqqf`x!-R>PmGJc}xdw7@?dUTAb&hq^A zspH-i^>y@_8wxq)g|AQ9Gw8y}L=JABtm)jV7Om-0QLn4>L9s?5CEqP}vlYkiKp z%1IASW=LaT@iCVjsUEqg8(rGkh*HG2U*7Ef7I~?JTgz{_wHz4BJ$#L3hFcJAVED_x zaxtJ%!w4cwN{YfOalYh!@3D|kxiH?OUT-$^0<-IgiYx7UGYk@~_fZ+Nn5uK`$8+jm z^^P^M-1#gn1hpIK8pXKOAG=E2_V^%w6TdSZz_%~a4MwSG)?toU#pxS7Fo+X@J+rKyeFx#ty0k`^#5hvh7<*Yw zsz7`hpwd)tbw%PDR6;3*5JQysCB;P-44}t_~fQ?%E5F^fib(sHO2YR!iUbisE zN1pmS3ybQ%qBlc14c2a2q{(%zf4BjcYiWkD@o=9CNz3^F;k%J4rf3n?s1A$IpakQg z8#Y0sU}^nMy!&Fw^4&W2DRI3{$j8^H#h`b6cziPm#8HVDm}5(M9>>CH_V6vSiEYk& z1S%?mKFyQ^goK0cMkH|p;D(fwKK<^Kc*Wg`2bNCZzvUW9d^){~8hlJLCH>=*^X^5D z?X*1X7~IAov-YV2w=K7C`VZQ>USEUzI2@?uJjvlokYL>bqwC|<;w3P}K=9Lq5PMRbVFP z1jm0&K60}mbi5A|h`1f&eqwC&#}HieaRGX~oTF&qd5L_hRpq zoFTh_o1ZS`i!gURtB0-&9|poh z5guBH^JVMM3M2pF&p~uMI1+JLk?ehHj_LY(XzgkJeutjLGh%z}tp)#&5740ncfyrr zz<0c);yTRkyWOTAms=WsP6YDoIa*5@&W*8lzPJ+sN{~K z2v$}5Xw5}=kJ30EBrVU|8Qo^%<>DQ$M)MdheN}l7V3ze2MkQW{QvuV%RTM~1!e6J+ zgu)D}L@6A}N7XmUb2&*?Bzd(k-bqXuyu6*mS32(rJmRjLdG8?Ff z8P3mgOQf7<8HP}y&a%nnZVwoJ^ViYMyoutxFi3e;Q2 z#zo1l6u{3B+`>8$0d?Y-XnX-1`R6lP%M??=!J^|rnyi0|(&bB{1D z#{>JB+df(i;(*pO1N!OjFPoi$rXH3zb#pl=Y^q*f#a@zpwf*Cx@+wi9&1So|PjVgj zeEX9tj0hwAZ#oydJ|orY^TF*xHd1{meKxrL0vB`W=Z9BEg$|SDGR4_`);r2Nn_T>8 zgRh2(XQgZ<#j`3!&dw!;eo%!}{-I16+wr-+`O_Y!>j3=oL-u~U33IwhHYdBhonw)P zmI_#C5$3~d)oX=*{Ls^+Kffa^Q&4s1aK71CFv(UGdBqQ}ILzWgAQfgqHM3jzei9Ah z(FxG_;q#*zvJW8p&#X}pgHVwk*EUhOEq08YJX6R_Mw{RMdA(98f~?Jqqcgyn>t>X3 zF|uqY&towjL3tIXj6#2GD%9}eX^K{{;SCuAi~#))DcvAhjiopo@0)MXVW#r>;COE{ zQ(s$_3Xu!6?XHQ6iI$qv0R{5w#pfeTA!=pg!}+$nH)Nco=yA6`($VSU)(g&q2nIxM zJ9<4cqa(^W=}n?>>a8eJxt2ylxR!$9c(p+mwr2q}OqZP=65ddi?49P_##1tFklc!} zj__onI)JX?LBBy63$G_p8hUjYe7(|($7rSt6uKP(ljdP;UieC-oQ45in%ZC)lOb+a zU|TQJ6n3@UK9AB?5?lqNQE<^ZA5B~FI*DB;S**^L zUFT{}ok}iR4Ass(&D?XYF(Uq>TK3aSjSAXsk=v8|59_H{#hq||c(=xk)bW*U%3ix# z=2cOL^eQ(*{i>`pm71lXGkH~1lOxKttss25X6{vXL7kfbLy>20u8MOTTLmr^V}42P1Ht6&o0WtMEhBb0+~dMiP{-@HIqIiFBt^9)dK z^K3fmkyWhc;|XgrQie+A7n!Z4n_g8P!EL|lmf(X8MZVs=ZGOGBKEyx$Od&u$P=c!N z!Pm;4{`2ooe@e&0^=6tRusY{}S(}|!r?u85IW;O7+XlIRejmUXuRVVF5I;MQA9n0d z__p@w!NavbbvD)?JlI%!wDuUDcOI@k-1w9CZ?%wX{7--WoBUh;N;#InvDg(uTD~LU z)JA>&3fn)4QTQ4PrPG4a9+V&7PUvp#Jbk(j9AxK-hk?nwqxdW(1?zLv7El`vZ-3N- z8`e6+SiZRi_11mF97L%hQa~~aql0;gG_yst0OqTngncwkjk;5ytpMe~9o~*77*QrV zgBw1rpviMTWQ*Z6oD35sDaA-aFDPdEzAJBP>nyKi6a z9C~lw9=C5oZsg zfnC8CLlYKMrW%Y9uHfdv*#vrrQ!#Xh)j(Io%Ca_Jm!rmBbPk3A z(y|GfD>5_ATrQ>;6cEy2PQbJVc-07Xef6kzP_8=$5R@FlNv9dL1- zW8evb$2H#zP~FO1vw|)eqr|%_`dLo$MQ*ki5fr6uc7X$Xh0P>CWfZ&9WG5*dDni*4 zh4;F~YZVVHv^tIG5)Mchf!-|eO6tSIg3f5W;FZj7fINK$owRuQQPcwa*9Ig=Bu68 zZ=dh%9=|=@J8T}j**n}h-hcfiS7$fNI-;W1 z_vx5kPhwX2vM?4dXVzx$fjV<%0_!*owJYhGBi3xRD4HN}V^cib+triGTl}(#qL6n7 zZ;pXYdXEs>eDxe>3*(@ir7!n)jw+SiSy+jE%_|4&IJjByyyiv2Yc?;!!C14V3OT@> z@VWRsBT~WgDV8@}kS4hSE?M+IRV1toDbw8 zsJvRKs5EJ?et0r1!Ptr=uY(o)460M<&og9YA|y-#Fx68&bmLnxGKfcf;U#={*;D`Z zK}C^HTXevQvch_wLqox&amTi+mE*~+ck-czLKE6t-w;l=?6pd_WPqZOUOXIS!;)x1^76o)!nA*Ypb1ZGx}Hj<0zER|d&y0W*b0u`iv zKq+V`G8#|e!j?*I>3VKNLpa8Ap{t&2of=N0s!NjW1KVIl%K#-Hb=}ai_dJ@w#*70L zDP90|a(=%TsR~B~SX;iyS`{FhyWwe^Xe{2b zf&l!&VMv=NEAM`3zOOgw@5ySdeX@>`0eC%C3w)NuA_O6sBbop%Ge2M|lQ`;|2mL5a zIkT%gfZGgy*U8MvlV>oofvGa>VFmn+--@3|reu#aDqG0$B5=UOalz4U(vLDxiPQ z4e8*9U?T+dvd$b-#&qXw!tc_hQsSAeWp?u$=9W0dgk@&wR3tk~s`kF3qI-HJz}l)e z+fCINIp#t^ir^|^lf$=+{^6;gSVskK4M1ViX@d9=Z?SGjrr%iu4!9Som6Xpeyh#8w zFGKro?uR|NBk+thH#%!;-gP{=gd6imJeE@3bWao=Adu-Kb7}_J7^T^f z#8d@CCNJccoLD}qOU-0Dssos=k|pMw30~T%rGn}WDCHQD)1($6W55f;%c)Ca3Dt~C zsA{JR4ArXiMM414_i)sMYn#4~dk;6(xxjhEpD{8XWLen^Qm*iLV{MJTY^X2&aF7Pv zgSh%~<>~0%`o@FzssT#;F{D>fmp@10O-ffQ-Lp}`y#`~PDt#NId|a`B*!|ZN)>Nws~&n_!stW5)jpqMrt@0 zKv+dox*re50BzjY`2{Og;Kw;}PS|XBNF$}vL%3K`HLRAE3?6Z=H{9CgXqsN|V1irT zw%#P}4uao8f(SS~@Yg-YwT{~B?qC|CFh&(^_C}ZLT@ukSdg$g(v%HM(<2vloM>OgJ z5jnpLs69{^nZk(+q>Gb&+1Gu?^KZl=fo zNWFsZ53e5O8p@$DHVAq0s0qvynV?Vr9^KwUtG$iZ`qjfPZt+2;#Rp&9BDB(a_W<*+ zOViu{A|1QFl$6gaZsUu4zA`;8d(S9*7qAH^lJ2HpNbnf*6L6*rGG4d(|I#U-=WxCA_=%ba zdlJI~r@%w^^+V^S`%b+Yr#GK5Hn~Wx0gi3#Hcm_jLzF@gHXo%F0id8e<1;P|3@Ksh zlEt7r3rXlILPHh-gcFp`JFJPzOE7ie^hJcmvUg~k4>4_Mgq2z!Lq^8HMoBC|V3UwA zLeWJ$j8c^PlfXgcLZyHzq$p8Z3K98fa%ZXY_~9B}s1Kj4ahA7W{pqEAsMgq!DYnTGIzX$pTijXiphX>Pc& zaf*4_`PZbU(g~;sLwYcL*B!hM`D^%Y(0$KeuimXo*Z6${zFY4ezk|Q3o2!X;$5HF~ zK{t@k5T4)%Oo<pfX}*deZnjwQe9ch;`pS$~5+23WA4j608RZn!|W zehH7laRgI_ji+a4Q6I^Mv&qI9ePGqIR1N6j36O&raQMkX{v3}3`RGun0Qs@rS~K6? zjjrG8$j8zShl=MP(Z*vejsDX3@svM;&LjFzRiZJCHu@E9+W8R%W#?}LUZ8j%2AIH5kB2^H#XTHefap%&@KCp|~>y%rh^k(C!XTIuJqt4no z*Me^w>L?B4n@9m z{0JpGPb6x)e2n_^MIB!<;D;yUf6yOkO1${II}=gc{!Sy*QL?4VWGY{7C&7>-`rN7L z*d`{nJRUs8VNC>4CUn&KD{^hg1@e~<-t*V>2k!&(jpmKtH|Q#$Zx7zfQ~Bufn?Y!` zB|kR8f$oVWg&+FSnC~75I&Hpn&DSgS^~s|f^>q-Y`YRd$o5rr5s25jH&9|=kdZh}> z>ZQR&j3Z4WzIovDq5kqvzC4o8Cu@|>N+J4b7i9x#XRqK6@%STDpB?pOU42RPldBD> z7bO_4h`wJ3iEi)a2_CweUWafz5(;#`jn#q-IC4>G=utEO+c0LHVQi@^j;_((MM__QQvaldgyoxPJ6d zNgjqtr+|V^-PNfqB?x5aOoycxQ@XovFlTg_uMMR#i+gh(q~YgJlRFB#g{zAv zpt$%TTYMSCmPl}a825Z{60klP2sVr&MJvU{X}awfTTxd9r`u^HQ(?k zTivp^vc5|Ez;!(7dn${4)q}IrPn0P;w%85NBlamqEeSc$)%mEABgrbd{mfiA^lK#% zFnXMK{}J|5uK)&t7-_$xQeBw&6PkfT* zYKd>(>!4~#k})c2(jsh9mPZ1{rdcH~KBPSk*Huj{V@_Bl{O|CQfD5 zw8PrCkL)Hid*d{sI2^m2`wS3@&YPyI!r`fV%)8K(=-WVlqmsxN3si5zip_;zl_9uD> z$SKiNhMN~shDqN)pP#b1EAk}sw@GFbfZS9{5k$x`13 zYO4m;Rw1jUz9X|m1(46uUj`cXnd@rS)t#^=mx6k-@yLAr>$>`?4;Ei2{P@We9xbwK z`~`_L{)W7muA{j&erGXprpP#H)-}tfzX~uj+or!-vmw^a{v{_#cZ5gh{%1bkdXgwAvt%3oy)#P4$djUEM2bHMz+{SQL%?>nPSY^<%&Jc7RwEt zm@-{PSiD?;Nv6o8u+XDSp+~tw)}{%&mn-0Q#VlXG(4$PDqOO3`b4wBHmoJ9AUZxNeNt z{*uX>TuXJ$N9wQ4Nvfa1OE#?xOZpY?ll&YA2>!w$JL#+5hvb4DD3(zDK(^BUE-Ncc zrut4?ru@)f%r+sr>9nqYBFiaXWf7R?)HTP76c85E{@%5JT$vxheVQM@e>#mJ6Y4y; zdSVJ+J+;4g?H|(q74LI$qhW%$QvD-R!~rp>>f1x>>qGtZk^W|GXiCGRe@qOtDF#;k zM#hw?6NhTPbg6o~qvDIH#BaC^tM{OZv#JBhdvrdCyPRwX=w#{ko-B8^cV!B!D1GeBv91;q z=p+>mhpe~taJi%&D;cH7Kq{a?A)8DF7{CdJyYb{vH|gg`D}f1w1B4;paq>1#o zvG(XmnF}5e(T4{+-lgXRI?jFK;>p`7HUF5-EsqD z<-5Tk z81)LIN)oP_b;?q$e@l^0xZ)t_T>|%;uSq{FSJYJ0 z9p>zj_}VR%oZkNc@#S4AU;T^*AC`2 zv!t+RE`^4MRufX+R4%FN*1IVxbW=L9en3V8_)&UG;Y(FqTj^q@jL9yLOvB(tKA005 zMp94;NRYqMc^YGbC*NB()o{*8>@C1$XPY)d4&(x)~6|-=I|%mha*zrLpOwvGSY?1 zs)|YH2?6iH(H_WUwWgPzAlH=avMVi_rZv9b1WjcnDmRkB-CBjFfEL!8v#-qnFXXnZ4y;{-h_T-*BHwLc! zY))T{M$b&0BBYnA0i_HHhqjo?aR)z&Fd&yu73xnOT@_)`NI3G=itS{eKE7=_UlV7Z1I2ja) zi)IpP%8+v4lIeQE$$`W`*FwxPvOUSxaugFg5vmG?<&Y>x?M7P(2dw5fU>VVteP^Lh1P(42(ba8Q8h#FH049uwz?-=64iPmAV25QuKd zdMMY%=?Z^z)=H|aZLH0#NS?%^ucxePG#q2J4f`$zW|!q3EHdJ8a?$ntrJXOdQFMEcE;iOmx5HubdN*c&FWxG zie@S%RmOpmqI{lE2xHZp$D%Y-QiR4Q@_pTWjqK+e3$|6j3q+3# z%CY|DA$?rR2OA{uVz6NpE=S=8Jp7UkfR*F!xx+`wc8Zs+S+;DS-Cq=Oce29vkH~$u z@%wjPXsbe7@)=DQpq%l@x#S4pt`=coOF}eeKfQ6U8?Mgf5u^ey6IS{Cv@6oI;~N;I zX_1SNG5XAnEMpc*4a^uLy!@#UO^^w@Bv2XV=ueDnM1}woqn=mfQ}9VLG{;ixslgqUlDFgk0Q6OS?;p?BvoJ zc5>tqaZe9v9Sc;oakKHX7*mp$l8ZLjSE;;s4s)llJDoCnteeY0kv&$5Gza1gqF6W9 z%lLW{o>GPJ+3cH*x)`gg0q(9vYqifZ+%Xc z&DsqGCt@d|g7(>Y=mKVNdmRo2PKX0`A>!}_80zZY+7!HExqch2V{^;i4h!rB(K)FM zAK?lY$bHba(2~NLeX!y*ONu>oC{h7i?clGJ57ES0lMvXR#OIGN<$y^6K&`~1!L8Fo z1M>t>-2S8?VF$6?Fvft}@puZCSBoKI5xCH@)_L+(F8FAzw@5)G_UEzy!(x{YbR4Dl zrK&A5%q%t7H0@m#85J5FLQEQZaTcTTj#Z4@pXPf-EfS~41m|($@Q`a|5yzWcWMjBs zB!L1$X$mlae*s+7_Mq!(k%Sw~o^@1NyKraiVR`VyYz=sis-^KYxyARI@NJII3N1NT z8<*Bl;ugD7T`dAzSiK4^Lm-tnKL~mKQ6?Hrx7oCl-1HsyJr%w9pBCmrMOakWz{$U( z&b=LX(FqJ)9%QlJ>__KON-_5DixQ<~tKJ3xH%PJGq`=sH4BUMGMs;0iw%4_At#a9r~WRCSx^>)9jF z#qKmQZbq@}iSah&XyKz9T*Xme;-1qcajvfr)^sKC`q9}L6da}A!4dS^c8`!^_K9mC;Ex@Q3{!=Oa_&pvRg1LBV%i701q`0d z0rk(gNT|O7wJP!Y`|%L&2;P_k^99%~0Hezl)gGfzQkFdoIXwZoR0z~&R$YgcH$Nu* zF8@N$NUjdcncc45?fJEg2~DyXuq7FSY7dBWc|k0gKtMRmtl|(_AImBWTV=jKdLWas za-cLbnOE$_vME=ZZoZYKn_k6P$eZyMW2R7ze;g`2)W4J&v9+9Alj3!&l6qC-_)IPW zSP(g3{a`}x?b?JM6zs&wWt6HE3)19REr_<6$sigxKa057@z-!9X&P8Y!(fqSHXu&8 z{VQo;91Mo)6m#|&?jC-G)9mK4?V+GopkkyjriM{q+>eq>Euwyh0T=D7iH>d_@yBCM zwZZV*Crgd9!EI*Nm$%aGMG##wTul0A31BFR)Q=^3N0^=WC_Iz$(Ii!qzlinqb2jZ= zBoSl&N!XA1X&3WoWdL}DgcV|qRSvN+3^`d^Sa{Fwy?*BHzxL{lnb#~+CBI7G^)e!v zhN1ND9GCsK`HW$sFtygr}TLPDHJlBZ=TL>_}C8mIB8$J^6P4w`T$$3(V0 zJt%TVJz0};^E<6NB3bp+DLZ=wONmG(Pae)2B9~GW@p`uYqlM}}QuQ~i`iPRkzM(e^a96szkOM#SC(swxGVZ?(YNu!(ni z;R_`2i+h1L8^u+KD=4ZXsbnetTaQvE5F61nd<1bIt7cST0n5}Z_CRPV7lfwkf{^hu zX#RFJj6?N;erSLt0(`Z=PrEseE<>Gx>g_0v2IM2>jY8NZ*wKR{op4kqeLagOR2-9? zMm>~edS_vPVgtpwO~(!3_b9<_8Vsngn~s)pO8h#-K-6c`QI8Wix8~g&!DMKz2c#fN zZVncp7hD@bZ(uedV%GsVDJ)FZ(h*D?o_dq0uM$UpX!@RH3N+Dh;T^zqs~E=pr0wXE z7m{rWe~b?R0WL1j!gOnMMBMqDWRmk6!|k$6#R;y3InjwdhY?RhD?hMKnRo>pI7)@4 z6O;%HZZXy6IPowX7K)29L6)&Lbs-%j=Y~+;E1ltHDgCjvD z2AV)yniRkr^@Rb(@W8h~zNw_nb~j#>U>c$zFD`3&b{=ic^U{s4Fnj!U1YIW4Ip#Ch z>A7K`ocV2j52%}Dwy6T;V?2+rw$%w1@BWqgfjL|66QBQCLIem|4M}d zEND)J1}uK{sQ66||98VPj%^)!b<|mS05+4`7ArT_OdF0aTEbVZ=2eK?h6D;!?^)XP zKriy}(UZCa#nPyrSaHkA6hVE}vAk%l*$s%r$!d{F2enT*rj*EjtaP*$=8>C8(&5xZ!X5G`G^N~+Yv!I z8Ylo!L89vtys(aT5BysK^40ASG-mu!k}^h&*vIO&#l2phQ%WCi=!g- z*yfB0+Nnu0a4D%AHGY|n0^O=|v$9ED{n9eVqeV>3XfOtoK5Zjw^dtS4guk}qydll5 zOnEYxE?gq5zsuA2bqTXl^d>pi8;Fu-^PH_ci)hrkPDq(wKo!bdEHYF;bNQ*4;AU(F zZfsR^XS5D{ap4Qn9n6yG_0`5ZW%T;(i48maNbjl2>qUAj57-8$T#M_ z_G{9G@{^HhXSxI_E}RnmbNfAMIGp!%{OuyFmT}6AoIXe|AQDXxACxVdksp+mP-z9t z_Go)OT}H95Wo;BIG?YZrsmZ2Ex@M4FEv2V7`!Y=CZi^96^|JeuYwv!ns%b}j2V3J^R2kW=3bIv*R$j(<){!4VK}@mQcVPO-`$56se;1m$c0#BfS;onKR=~XG#Fh1G#t8R%i%+P{G zzTUiTe!aFn#6SH^A(#%7psIWDweqL`qyN(JaJ`u(2~7AL?Mi_fYpu1r(`e8~Xh++I zF)aNT^#R20+T({0@w4;zVaNW&uaDLrJp5BSu4Iu9N_c=RXl-)bRw zGHd$t-{jx&S6;gtjoQftK>Cl9fKpnL2?}rgL`C}U$8>>DF%SVo{r3E350JVK+-=gE zMB`M%l-uiTo%JR#Umc+BJ6qne_x5-f5BqLBzMYVz$;$4k*LnK%X%mV*@Sab?&^wCH zNVxAkkD&{a)-=5RQLjbA!knlhw2nBAhu$$-dEI*7r1bf>-tGBlnzUfN-$LPvu!umT zpHG4z+9IIl)=Q-QEfPFnD)~tW=pHybAWg_T0jAVOBc!+=o!vq+kxZ6F58-5(C=u0* z*KfTSaFBb#g9r|zsFUS{Dq1{MGb6Itz`ifw+7;nV%2JOm<+wVV4p1nAgxQb#$KM~kJ@zoq z?T3FlD)=w%auQqaG@z1O=G(?mJO;}J!W5Jt_;0W$9oJ^oMSj31U zG!27(D;Z(0$H&k+ryf%_C)$~&F_vl&+z*3WfQ#N>+7C5+3ydb14NQ-PCP6Syonqao z>rO?j-#!#GBRZNK8C0Mo?6K^Kn< zV9Ye6E@9Pz^RQLfe}1%G^{UmS+GtR%RB(k(k*VLtK_XdmsvmiD`Oxx`MpL^$K`s(BoMR!y(}HHuBd>;Ku&x#wlkv3Z7837A*0XxpLefIGXBjr` zI&B%t91z#w{Ly9*wiGa%;FcBQ0psBi;6KE;3GjT?d%5#JKR4h6S+xo2U=wJ!3JcYP z<;cu#M40JM$>BE$=<~5TK z#8!IVtNqt6eyp#uBHC;#8L99?B(6Pg_vaTs?!V3#WP=&IWWLNbC74tth_vSE0dLM< z%z9CccB8i5V2-$9o;J8;9rCNqziHJ!^oD(}-QM+tWT&Nf12a`mR$BFwRd`yjwNE;v zYvI;-4sLU|=Ws4BfNhb+pshQ*@v5$kvvca=1Fn2MuQJcxS`m6izdz}d)f=4lgXH2R zp7_f?=|{+hx;O9!$YCH-8${g+a3LW|3%r;6umApR|FGiLRzT{4F6xsi89;-^PH_SX z&TwGr*>+99lN3qL8&h$MXIYUQ#&L&}Q=kSCDx`mT&6oS%z1cbbep4#sCOwduAr^TS z!vT?>u&y z0p;H`&}xznE`kKCm4nS9=)z3m|_^D?rOq=ZThN@m_m>p!imk8kd2|9 zLNR~`1cQOJVMdebNKX_kDcY_{-=94Hz*jO#$sw2tfmOt7PVsy%c_r~ z8hl!`k(cFzd8r4(CG*|AlVa-umhYFLemYOdWC~^HVDoMQA5owJYY)-Jy&b0u0TooJygS1s1%{3rNRbipg(an zcYS6wY%LW}&{_RXe(me6UXM=Q?k;`wZf^MJPe1Wt?Crk)%U_B?uan*1=JB`;;Gku0 ze>~>)-@Ktu00{bo+m1iw_rZ7nMW1o^9~vo?jiM0tO9!&ZvSbJ)xu3X%zDFFiYVCqc z$5>m1)&-YNNky`RH(`%QW51>sWKaXQ4Wa3Zg_u3h_g8tOLhG$9IE=4=sD`_w4-4LkedZ*w)dpQY zsv~WWGYN;xVpiasPSH9>^lZS~AxA>0w`oe&J_*cw9QJ@A173KalHFpkP&-s}#E#YC7J!0*)Ap`?a`K+O_69A0P3sx` zE-p;a`c;v5GGHX4)Z z`0qlhEPF>W>S|HOGbZSRG5RbQfI-3!^5z?PF=dX28iJu+!bXubP)f)So_%e-h>f+e zX>8FW7Qvyp+9i#t0Ix#*o{|VG<T-m5sgTdes_^NfaJc5Ru3 zgt&mdh-fi^D2fb6Y}gggGUGuh3m}g)Y*l&;KuX!zlRXgY z&bwb)^>-&H?e}+gTORy+7c_s{Y5vdqP5RwFY4vLDR*dop6n9aRvH-nHWJ96X7;VDX zka3d)nLeKW%~tchul+H@5j$1m?DRfhSuGt!M5_!CWqGEw#!4&-2Lp!=YqSGvgQmGs zoltblVswR@p(Q?Nyh5DMH9@<05!WYd06HWv;RLWK3=Ss2U=R)%hqo#?OPHityx3kn zw*OX>y*s@-_dm4y6}X{LfH;|kTb{yELu>{wer~YpecSGbSMAYsF!0vD{d32{T8a(j zqcjM^F;i1iag-;9svg8RAo4 zjmF=SyBuzJZ{6!W#JxV8@`?&bwJHRCfT6eH2BSKkEEP|Nl?d|LU6cO{>Cb@wj%|U-Nd;E)-NBpV{e#!QuLJIOFgh)#nh@CvE>6Str{8m+fna9 zZ$Q+wXJCWAU4#K{0sk02fJ3Oa!}IVjb_MmjQ9=XpyxXAH6HUw@yz$gO^Bw21J`4a@ ze~{rO)3dYah74Qu(BOn)NI?8VAQ?|WF5&~GX~J&cr%wXFihu4CD;k}TVpN{eb`U%( zu^dPLsvMya4Z6~^;ms_GT%jk7)65Cn(m`nr;hd9^w9h7JZz1^v|RxtajK~0Y+H&BQtzQh9`>owXv!uaBj*JM6aV>szYci%?#%V|d5cMx;Jp?T zYqS?x%`aNN#aBg{fg#d96%eL>MG6AIL z1@Go|8xFkn!2M0XP*Ckbx6vp)^Zc)q6Ts3{+7j4`8ejvse({JXl@FYqak5?Y^@CQ> z^O2B(btKzFMYI#q=oYK$vzDKUK76uwbr(=9PKq={q>_kK3;^bXk>7JWY`A+ z9ULRr&tEy&yw>o+mkf?a;f_sVtb(ywN;Ewdie#!S%O?U`_I>US4sn{V`Y>1zmEg#! zqNH;UEK)^xIf>q{-yyO8nM)dYe(RPMZ>?&6;=uV_2V`ar#|DT>iI0KU^E=`-7RJmp z)OPm1fSbL3hxhvz41aL%;Xe<6E_w+R3G!MyqhN6R8|+}&R1`Uq9lPS7K6~f@q#RU#FkX&BS_efQ;i8P?)kqb8zuN9L#a$}iZO6xP@m zBApY3(G{=sc*GvTJybrs4Y9H|KpyxUE=od^-pbDYPYv(c+lIG)xc}2Cd4#Y558a!$ zYKm@C+4&M#1MMw9zd)(nal8-iV}z%~uTVg37)xa`*pJ;*(9Ul94w|p6jgrGkqqBhG}ueK_hF}%MY_J35y|Ig@u;jTo9^&hDJ zefS7|{m1|NUqSyXo9#7?MWIG2qBlY`s_7?`yP?ro)DN2>5f4d$BKT2rt<&suTI=g` zoxvZ^Qw0A-Tys%t!!NbgMi0 zwpC*4|2tXw+lKy&+4(D6w~(Fxp)tunA}f9N5mq>o3FZOvBEoUa7eAc-`ESL_*y6kZ{9LMCDs>)3hQ7vMj%%OXe)miJeZ6+q zzVkm=7X4Hu)kIcmYh-`)_OCDt8m9$glH;&=i!u^Jyi!(mVy^y znch{sZ_%xp3yAOe^8i7OA`^4!KDHtOCpoCg5M0Ur% z2u9?(6_PuURPekS<9oM3d5h;k+DMS>yA>3xE8BH8xOFG(A5{W1gQp&qv?^}B$Pnm3B?+ZMiIxtL-M6nnWD+=_Re>^&-R|b z_w`D{eRy>I_J<#T`uTq_HYiB8ndEiYLP8;4 z$p{HJ35>LZYImd|xdvZr7+FYS)AuRM6E$H(!FG-GrSp!4oJNstQa9mH!Qs|4YGiL+q)QBras@l zG1to!^DH)BNt7Z0Rv_motOk@+>)m{1sQ+zvNU&Vk4Q|X&!zAqkg0MPNl$qHX+CeU- z$T_nw%88ihb-mTi8+#a518iu^F?~*_+f^OjXNvIFtQHS-m|XQR3)swILZK*u>lgj# z5gM-BK-x(2uu!9f5p9dA{})Ff;n+-^?67wUC6bF~nDhcB1my|agdw>xpgR`x2v8&T zTWC8uyEVXsw5y(`kB2R3oWQ?EyK(MYYh#VNe5-K&j~7{h-s69-srMe2Px@xivpr?M zd*$u6cmMJi^eqwhcqq}n8SL^=W9}0mzR5sqh%KAbw@=Eic>JLp9+O7%)$@XbL+8~R z6|f=jYGbvsyo~L58zk+b!<^V%YCfBAM?VhHsxu(nD7s=|_3Myyov5`6Zol%xrIfB2 z#F0Rgqjp~Lpq5sXTaJ{#iGKk&e1X4o?oN*Z<6+=DeLZ9Me%=_y(E8iCajyiRdO^x8^M&s+5FY9bzQ6F z#^rUcNB9NpRE;9m%QoZ|&>=L)5Fa3%N;*$!YOEAggM3mwx;?f@5@6Yg1{f3|v^*io z2vcLm8KlbZmV8OwnOHT@dKo~SKt3xF5P)RBr#UeNK~fAyU{-YN(@T!p3~YG)-0wX&Z5gE0w9g4tMx99z+=$#Lg= zEvr=Rn4l6x>?(oIb#P0#43kh;$5@aGQ8>^Jo+PO0Cv<)dX&(mfW$Raz*oxG2Yc$mb7lIH@I*^f|&^1Z0+ zV->pt7=P5tlf>$LaNFW~D?h3z0%*4nt@JtN&IQG2xV;W;IrbLkiefsfA8q@;O+67x5qZoXIN@HjtL=1zoU^Lk-XoP!8tZhWkwm*+h@2xcVqq|q!@Uo~@D*Zj@nqhT>;ML#EmqiUd@|)M zQ4Uj|UX#5i={JC8O=K8w3`V@}P-C@~4c#YTXEW`FM0?gyXOA(=kK=}}kvXux|8Z9( zZFbdWNxV((fiJ~_NW%Y9NtaV&_$dv#*o4|>CZQB?^z4B|sJo@i9Puh0541ex@>kN2V2qa7%0%tVjYmE{) zvb2GvLRFDBcp`7$rnJ;yS+ZU8Z#-7a3!pGLuSr!0HSzPCrYrw9s>$X_ z0AGCtX^$vu>IaO0Nh6V_IerbS2gUgeSX;pv-e9X!BS_cUh@zF?+w1L5UT3YfzDAG_ zG^no(Djds&nCf7Hieu7?Ogta{ zSH)PtxdX!o%?`}^%gG4}oatBlms-2;v&ihORTtb)ySrm4S$mUS=i8{Yy-hSx%Ak*8 z^n|p<1$h|CaV2^TP*$SIJecc1-^s|M_ha&r!g-<|Hf5(FRG|}kiDOzP0izU8KdnEs z%~}vfBCHyvAc@j-;hJBD6J#zZu+ z6}7W28*FrU5RGB)`0$X35_RXyYjMnIg~w9FdQ4$S4#93Hjr0bzxg6e%LPj$z(5*zr z5HLgo_2_7`Nl&h+A->b3736iK&X6%!!2Vx1P~PNH)gs!&TY0ed^pWBzmbvjqt#$06 z;XUa*CFeGI`cNTlc5k78ZpdZfJgMg`X$9v@b&#$?d?uxYWcHUgfj{yU>Y~-B)syPh zr8A&}jQDr~43WVRC_Rri6`Dxe%dNVDG`zlVRZJ(+HumyuZkq`fzAe~&i`YPAg;ww+ zT1~~d;|i~@KX7IW$!%JcN_PBnh5xhAAuv7v=J+s(ZdNtHxJw0h0BCoMq?mkZCON)` z>N6EJRV2y&Nc`B<&DyXnVFtv)4S>#6B427lGM!q{yA*GMUE;VjolgVtl_E*yj^zbN z#mXjBTDL8w7t_=cX;Y1gJR@{k_LP(MBVGVkYY!vt0-mH@5aQUTv9jzRte!@P=;nh|H7S>zT3#XlUwo2FThUK`MK`? z+$g>uMS^5mn?$4gwkm?B!W$JGwpBzl5&D$rpyjNkJ;4_6#alU!Mz?U{)Ja=)Lxz&z z>bb{iZa&h=oN%r6w6*?-8j`4M6q--HX1xj!BtUW@VZTch@2Sw6QAgSXoPy|W$Bi5=}4ofVNeK6_vZ!wbjHMNkKH)iM@rmj)97hipeC<_!E~X)##ZC0`&Lac>16hoIR#? zs(biITEi6vK&X``W?jU9iqj=P0yP$!!2$5#5+p+djoziYwh90iXY)?eq<49WAtw&m8TAeILF1Mlg>1nt8=UEqM;GEg z1fEaB-}I@G3`2g~SkxMV20l`zL!MWcoEmjt;qFd4n|I@R5|UX&h{!$IpIXriD$>KK zD8V+euV{A%xF$8hCrS80Q3W|ZLo~AD&l1!l4M!`;i^s;JaC)`gmd1e1n1nI<*2lZt zql`I(-b@TtmG@lmUmTOHa2SkknX?v2VFMKw*J25vqjp9~PM1QGOq8p_C-(t3Xnd}a z?;Du+0N(qFC7`yDZ^FY9c*SW8xgwGa)bSH^(xiaOWVMOPenh6Uah!UVSsJ4V%V3kS zvlYL!!5AkxQwE)A1d`YiWEIX-(Q4TsqO7-~bU37Wu>z1Xr29BlMR6~CxF96q;H}lB zKpIoVn`9xuI8=SRs3=P!3!5Xp=3~sRc8EYXOPj(-L>eWVhBMDO)N(0dMUkB>F1Def zSIfFIR5TM#@574I#0j^`Hws*JKFYECqU_^!p~>}8;}N$C$T+cbaco(I4C`0;VvY#` z{DV|rbe|gGA6aGF(7-Zl5)~O$JQ zdD|H)5oozFWzk;aE!j$7AX03Va)pNHw+79@=>(9acqJ9ZDtcP4aMTgn$ ztYK8HXuGDKz%L1cOP6HiHP2JLA^XaNj>FQDbdC^YSIRa4=9^?_D49rdadX#A;9Ms! ziE-#4;bG7tJIB6`Ros$t>Vj7$aQaH;Mh=<8%2mrnkIklxvC^Sv8%TjNk{%xY^x|o%#%L{hvv04N%J`Gp2wDM& zFsyz@+aFMmL501}2YD`}w@JQ}D7lMWWM?kp0SknZ@7Li$7Fl?1ofXs}`A5X;<(QY3y#;9rQ!e^NR?5g#$1K1iq z)`_ko-=+`vdxIZ8u*ki8S+Fj9A9CiaID`Vj)eqMDO-&o3xhN~08k#t4EI=H7xdwpK z3Vpc>fX)2WEIcL?YmJjmV@nDAw@B8%B_jR#YJ$%Y@vj?+Q1xP5MN~BUEnoqXAv4G# zkeRdHU2kRgFMnC3o%;R_T&Pj-=z*+?Cf``=Mg%t6B%ZSg_;?b^s>YLqQC5(C{|?z4aoz(U6GGw~F$vHd==qz3mf;oUNQ zj5rFx$83}Wz#m?{-OfMuPEJsAo_~RI^X${H`{0v5him;j>3V)cNPLC|$)KiVK35q* z^)ogMV*NwTWjP?1JZgg7@&MuZm@))ue22!O0`W*bS7=l^$UW&n^QTVLuw6KCn6YXHSZqjWso==pr3vWk@8Maw% zXI-+G3KofCp>iuyK)+%|oe?*w#Ut6h@Kj>FAuYs4E|eP*vQb^~rbV7W8W*2sv`Ppk z(ugw#FUH%WXxx_B2>O5{F&QPwQ-_=rQ!ybSjz~p#W|ApB%)_8TnBFS@IoV&8_V}KpE}W9YAPt5s=%>+j?Nx~{T^o&P zn}0#%9C1Ns#RB9z0X~#F)uxVFzN!hAa;04Y7D}Gq_K@mI+L$JrzMP!2(Uqc&NO@cV zV(HGSX=e-M($IvrIaT}`_5rvZ>UdBEs&lJ;6`dZd{z(U5pgo2cEzuuf`yC+CzOU4z z>sDPC$058>9p~t>oGAy&zEJrma&_38NpMcu0;Q%4N$N`;MH*yga+2B+=HJ{#VtEuJ z*~k>5Jr}Y2Va8Ym9za2wib{+uAnH@BKoFITb&m=15TZyVN`~U3mk@`5GzrFzu)MN( z1p7*XgUmSlRp{fQtiw498XHX+O1X|2lsXIYS+haRvx+z`7#vqbLNai-sO3EmCTKiN zLXu{z)smQ|T|ypISXN1PQ7X>?wjq>aYq2}P5*Sv0Lf`wZwmtu+W|Q1~WFo#LEHvp6 zv^Y>b;(Jt&3DX}6P9^%C64sJTdI5Kncs19bj^!tf&M2Xy{S|te*!3L$lAMQ$)ugzk za6&`R_Rdw#eRRoNu70m%F<6qRwbDfH8jCnF{^e}(D%G7YYEaSjrHD6K$6$qspa3aj z5!ARg=5+h8UdVB;=iv01!*UZ_`BE^|BiOVwmWO~ zcA#rPu81O!MZOitUEspPjj9#zF1Gqcj>#9UYE1a*_j{!oAPxca%GR1`3q{s^P#H zq>Q%|`F3owq?%=-*jaA2W&keUSBsAp5*#+NVQ`P#3|kQelY~Rgk(|lscbV&LA}U?A zR=`@grba@m_qj4M^R+Jn3jB1+(Q>wPK@3zl0TM;FTNt$lP(+M)ID1%YA7AbKeUE*~ znr6zM;4-8Jr4OKx&$1%Czg5dLP?;S-q9YWyLGtM^Q3`A|xr)?pxq3)Ue-4UFJ~rp! zjW|ZD8@WL-+!FNKN%=AZWbC&n>^|IhL!@Vn1_>kkoUACWtG;=%dUw*ftNsz#UM$Q0 zC^b^2vEKJfFuijf{4>$N`>WL@*#n~6-gx}KMA!a@iv1U(Vp;6A=fc@YfN|M-x7K|6 zp8nLmDuzR;VmOp4aK2u$x#@$xbT~Eoa&JP+ifHkl^EdDO%{yiplI6<|TDAFNSiP&Z>2LEzMBnjm z^MCg7JN#WWwldCPG>@%jv%j+EdG?83s4bTQQRmn)jMDLwP}Vi)G}2i->EJmm5u5#9 zr?5oeM|a!T-q$B5-q+{qG8B^x8k{4T!*Lc$*|^X`$9j=YPdX=?MSaZ{!~GwS!i@l` zR_S5bQ&5i234nQ}-%3(IHdsDdgE6nwd*#OoyT5BD|waSWsQozcO zRd2oZp!JATrCebQOzxhN*NN%KZIebo#_2+fCgB9rwqU3t??)4!`~{FP@yL4>q`yVy zmmwheZ_eQng?kR7)-Xz2VSg(5;mcFhKb)VUUP-<)2?Ou$Ck1?u!Hi<$}3Wen_iQ$ja z<;+@($MBCQ3Ow0PltRc*hBBJ1_S1?;rLKkM<8eg%Qfl!J^F~rw`>nP@xOQR%O0Q0HR8B;ide;J2 z%12>h2)69LOaJLXq52w*7dW%JLl% z@*uu$V*HkYUO2e9Q_feIs6g%1qfis7UnU2*XJwX8iS0Ry91HeqzpZ*`9EB=j>F>QQ4VevcU2C{D8%JMzwidj?zG`0X;u@F@O zP0dXS^sk(vY6e;HnN-CeO;p@7Kh+y{1f5t}ZP?p*jMvZ@wVdqybPkZC^4qlTMK$bQ z1%qkeP`)D!22AHP#zddsT&l`a%Xz@Bh$p&2);EInzG=`P}&8|aS>x6B}9 zdW|nqKo{S^`j40pf~LEIL*gWfx|}iMJ03fSkA+2`sElMh-LNb@IcqOWm0Cwas*46! zV`jnoUsWp4-tN5I-8tIZ?rdQkQG_}5$YWIT>hDJ|Vv`;MjnqH>&(Zg%Lf-xb7WNYv zqOF8%1`NelJxeXH{_UST5}^(a#7rsp@%rt{m%Fc?ZL{Urn@QMw&{}tN?f;Wp;Er9R z<{}y6YO#wt08!^JC@KCVbOoEQC1i8LXf-Cw)ef>dHNUbR&r9}rR2VZ)-EI!Cc? z#vc9jwzgQ4!igPhWmjaw&RIH@`YL8MTENu5fW?UR~(vkItpyOkwR z0ir4ePcrj6sp_^)PHNQni9Ffz=$lpgq$(}gD`HyMl^WJttZ^1qE3C5yD(@NEt+XmD z(-BUYf960OkAPjEBFUNfDDFQ$5>6%obWcZG5LP7_Z~LCFa>{N@Q>&PFwNhD=WPJM|^d9v1p0FZYj* zz1{EkcK?3*{O#*q?;S4V`^sD{Jv)^nG92cJOH6)eGG3y8VmxBTP$yty+DIbNEUQ#3 zh|8-$SXC*~0OD1IYP|f2Rkuc~ndpY_1ruV6RAPGDM-osR!9De8g)~wzOA{tC&8o0$ z$?8m~LC(a$HV%})Bc^0Cz=%;KSeZ1jkW68CHClSochcIQ!df6v0_P4B)lJ|nIm)2= zRs3ECY%ms#pb11odf!fm!Hs3NEkI#ys|E?Ig-=c~GShagqaN}&u-bNQT|MNZ_HmlMw=RV_>Iv z$W?PKDLaEvtTM15TIR^a;;z601AsZJMUk+ zqESzT`-t&}HoOPkL+_FISfdlS>zeZus66+9F|iVk*?C)a4X$WWo<9B6`xXHPC*I;f zoo<)pY@9ioltve=Yd%);$gZRB1c3cfDtEzn5{=R`&mTRPiT$=J1(Sx(or|Kn zOAN)OtiH%bOQ~B7zRd$r(JfOcx;u%Q&|_8?cBJEub=K-D>%Vl?R*Be2IP@!?X%3}f z;=G5WczS+eQw5zhuQ_m6#BzJLE(bQCD})&b!bSsU3yH0$6y1beyv7!w%@s~&$u2CbP5(dm=Rf#o9{!=Dc8-6m#mBH11tHkY zMmPT}`hSeMjp>Mq3DT*{B%sA4WX(MxvjW+^i8r)tX(1${kBl&*me*8vFrc8|f!1}f zg^x-LFhrQg7`;*I%u#90nA4QNyh0)eS3xuoor4O{EY$=(voMhq{JU?qtAJpdO5wk^ z`~AUoRgmA;$;n7Pr;TIu>oxb}>2v4lb9wsm_36=ebujXpi9BHw0x=(;2Y-LIe+W+~ zPNzKj0e)YZksQ9-t`gA7@1yVcUcQ9BKBA$*{)38 zP39_0kc5RH;xcdh$z5A(is+5XbC0inY1P~KoWxUo3_P5qQ93n#p{M~#C{b4IP2w&F zsr+>sQ;2-BfY(7UqBD#nyNpQ#1IuZi8bMfOs}Fb@U9lrP=Fp6%u;EQ?5IZM}1>l8n zko4@7#)IQLS$PLc{>jOEbUi#d>D-<3m=TarV2j4_Y&6p6vCjL4C3u|brg9u)J9;V>uwoIE?F zx;WW)?_2MFfyvfS+V5euf4-YF4oQPc{*D{#mQyIIKLMvymUX$5k`+h}T$TT}!9%A| zqINk{|4TC6RXZ9EMJ$INZ=o05N;i@WPmA81TA*=DdkFvP@b~U~3t&=xfe(Bkb36>2 z7${q3$3~q7aN~;K7ZM8%nF=>iA);$!w4tFUtKRuq5_^P%V>9fZp&&W#+v$&}Yqm1# zdjYiL*L7WvzZo*-r!$PMwH1F&T1jl55`WP!0g{UiO@yLD#gd}wlu-l*t(jtM`{*~4nxc`@-cS3-r$=vhclVBt zfa9c}&v*7;zCGOA?(ol7`$w;Kj(5M`ezZY>AOGrYd+=2Sf}(WE{fP94N=84761p+* zC45gP{|fXje%Qh+u=3-hvlvdV4}(`}_%p!*r{p8|-@3P*L&?}>ANcLGFo z{qEgP^M8WoZ|^sO1YKp7TAg2sr#IF@#ps-Y3RhMAkg3({OBJPO9bfmYGQ3#wzFkwx zQZatwY8-F@DXnnDD0fRV!?Xm_Drs&rieatWGfH90>>)Rtj1b0B8|Km;bL6}}eVI5g6cUe{y>YmBmT`p8zo!rq*w` zzPdnZ$P+ZYz(h1`y5YmI<(v>cx`g|peWZXBTC#$y+n9n15s`rM?L=&(C0J9EaGWp| zKQ)+~PYL4yZXwDQ@F7uafXENh_val2%DpPXj&+Qeds&;zweh zOmHWm+}o7kK*qzC)HF4+|DtLhRWs8fgAlz8r?A?m+9E;xFK|$_6_mD!r|J$&_D2GT zOep&e5y#HhRetb3%xxH@vc@@=9tCCynZ5+uw zfm8v?68pK^U;o{?iicoU%5VwKFv)bZexj*?4rya~KGWUw}rX5&)45b+QIA^`}X>_F_8 z#sPd=a5~wVM`0BnHA@-;exiO@&?J8e%sMyDFZ83@+V)BI| zJ8w+bg|yp*G14IFaR1dS>lJ-jxaVdxgY zG78OUHmo=~JQXz`w$^6H2iruOk0=h847V!8@bMC%PX-*fK}bXbwoe|$sCohbdp zw0FAm`e^@@9v>CU?8y^OH()&CbkKf+44LW~AOXN*NL-=W{P}I?c=LiD$xHI&(_z8tH1SSEWK6VRZ>_&LHVG5rEg*l>U>zQ@| z3DENgR2H7}ZUZj)NSCzIjNxn!j6>sOnxxvp%h@UsV!#<_nf}z8e<1m1az0se%;p_) zEN4MXg%9>?w>>&0x%SlJnKB>T9`r)iq-c2$$q-n>q8@Y`rreBy!i<75v=%C83HQz^ zHMgDh!ghGaopN(qdQiN22qI3gxeYxmY=|JsDP|h_;DB`$AaGA4ZGg7f+Fe2@f(v8|_8QbuH$>$$- z4&lF-Z%ZxL@h(zDp%}C-$_ENBC2pyym{enPt%}M7ESyHljyQlC;KpSKyi1r-Xu|fw zn*SKV*||<^2Wvpt6;4VBbZ!DHe;2(Th>t|CU_nW;hoj z%G)-r@N(?H0vEt{I~j+j0v9I>r{m=ST;%sVKLFZ4+y|ES;LUdRHbjMM_We(AD;&Hz zvR^Y__m^$q-Y}~o*&L*kxIgW&P@E>Q(dt-X9_>LIOW=2%_4lp1cL#;n_^%QSWCFn1 zgL?B4Zmj>#j5;6dO$DaRRimf7tYRlJl}IE8Q{|~-#6+|?K<`msxcD&jh|^QRj?l?q z6_N2`6N7mtA6=`Gu?2U>q+*?tCmMqlIvSn)L z7YW8)(XKNX+IPEf02Kic0usESwHu50Pf3Wd?Tfg%=GQv@2VYrs z(%y(kAwnG7LH@}~>txmcP_ZsHRkD_CSHCgWT^-udkE`xg=U^uaP-D+Tmq)@3t-D~AIAoh;#*2l3HeKk%B}889fxq~w|5a=O3E+5Fw>D1 zcX-Jy&=faJP@HzR{h}q?u6^t*FW1|j@aUfQw|zdC9oylo-c~0}lt)(GuiN!cwRPLY ztL}Lvr8hFPCLd3~vN*Alun?zoGFtc5DbvoWX%-F8u02a#{TILQ%LfxnHW1Vk(gi2Al4`AJ``W4u8eek3UK0iBeFfoMp`r!4m{lnA4 zy*Dp+cK2TGy*|F5&v1nkK29ZCxatCMC-$Pku8o9`2>N~1v4d+du8e^SN*p1w=1rn#q~NA^k5#X@ zVLnUupl}B=l}q-+EyR`q+SQvpGr0p+4kePL4D=myqi7$y`SrD9qt9S2;3Qhd8sx2|=pGX{o%nlx4|aQ}5%_~b6pDc&Td%Op#+PbMwWEt?Lax%UM1nM6Q0 zH6LlM88vOzO~zcW=7tcBVA)SQ-u~<7`#;Sd%>^^Jz1rSaiyM)h&(5^3X%r^@;FZ~Z0JmTl73h84ORY*$^iMQ1pHN1O1&UC zyDAT8N4}!0yXrcp8I2S5m{E4XGnfKAHx!5zyYnn6ByVb8{b08tYizf{k4!tsT}^j( zcXzJqe{xThY0Tc3>IdVOoN3rk?pk-=-MRk(D5t8ojQVNG1xqV6yPsa z-VsR_l?d$pz9_|NG=o|+0ID5V7{-DI0mIBC18P z@~~R}jKiD90I-)f{MSA*^nao*oCCuaoc1JbtCe}k?lULM)(&V4DO0!mEL{L=kqA#4 zQ&8I$*q#b`)$RTC=5X(b1n@|9pz-QF?5$(}DCM-(#!$lfQ8>zIq{$gQ-D&35p{X*3)nL6)RRxzE4|N z(yXr*Os3T?sO5-3%%FZG_jb|-qaa62JYkKEQtXzk(vy^hJDIFlUwO@b;nFx^j!4=< z5hDXO%|jQGcudweOh}U96Yz^~(WHZDt&tJBSC*DlHCmPIcxi@Or4FM@#UsTgS@h24 z2fJCb-dC(q@1GgLo$3!LTyzHs$g783y2$A*ZD_MW3TJCOm6vZN%e%I=P_E2zh*ac8 zckQg;-WQYj+6%~w2yJ6wEBY2pk)3QDk25p3;ln1{vhXZ4Rx>P-Mp@Icmo(EPJ+uk7 zO^&>(CS@PfOjxf?H`JCD#!IzJfVE`EAFCZ}&FCq6{Q!1QmxTWu0hgfJ=Zl?A_;svu zYFbuO%gU;thc>Vw`FyG%uvQp206WnpP`=G)XbWhykzlObNO_+E9DJo;*2qEH3OJTQ zu$%ccFP^nN&EMfv@iK==T?4C+=4lkdo=5_j;wr5Oy9CM90s}y<-CDl{O75)Gh&gho z`aIh{>T9YhJMSm^en9s!+^Bco?Hmz7GBZ-3x*Gz^EzN*FE%7zkV)p1*ax6fayZFsn zd1Lg3GigT>^28&zA`=817g7hrMPU|3H;JyoQNvRMR^A_4z`~A@L29pQX123#CM<*T zR^b{ye)R?bq}fh~<4^6{$4*l-NT1x>Y11pYd=y|Dk_gP+XJPNz2b`9Sw~ErldeBT0 znjs4zbKFxJJ>gF^%4V%r(IVxFg*JJzobs(9;m87o>`B}hqp~7NbIpH{stWjYS3k)= z=b(JZno61riQCItNj?|PCmc}2%3m+o6USOR+zWoaq7YoD~*ckMe2-H0f~dR&9YzKO~-7zATL zyS(-kaO31-r*ZNLE9+usWO`2i@>rtIZD@HM@_i)jnZz+6TG}hL;Y-3Hhu>BUu7T8D zbj9YBzE5q&pr}AFNVTQ^wq<8f+L)o-t5(|8Wp9r>FtCJ#M)(I>J9AvcTJO5wat|A+ zkLjlIea~iks&1*`+1A_^R7@UKlQkukoa$7Z7SS^R$j>lzOk(zmQ?@E!+PG2^(F>^4FFDgbi-oJcZUcZ}_T zcT1Cfqr2fna23VViCVmNyIr>z{q1OqZs#5;!_XVqK1dBw&Rmdhb#6H_O}&PBk3u9S zf=PrHI^@QI@iKW=x4bt8NBcja9xI$+6il@We!J~k?Z~aDY=^wv+w<#a#9@L&jnByu z@Dz%AiW3XjL@WAjd%HjuwvS$YM`oji)a?jPIOMZUk=w-_45n{H!lp%7Isl$=UI{fl7dJI?}*prCY&X$ilN6`^^;{{0%);iQynshfXW}$1_vZz8CqB1JRU@``-w7}=Lk|BsrH38l56=~o&Ex9CBon2JtBM< zw>%_waJRQ|<%@Q9M@G!pQ|PoZ>Mq;CyiVH5<08N~Ky;yTe3Hl#Z7QvhiEJTlAU7!f zE|gv-ef6uYMX!6W3OZ5TtHds^C8gt2stH;x9$)FrPO(8n@vU}AT z>s4KNo^!asA|j{=%=0wRtTW-P&XC;@VUXvye3dcDx<6YblbDYuvWwQjRa;<(K6j5IJE+9$ zacY991cBu#myEyL0+yEOnFd3-2-B!Xj>#N)7iy{u$Jmm|xhGzpI^r1bN*@N9KEoi^DOdL4+dTn{jP5_X1TzPkLa`FMw6k?P#$tI|J4kqW@A0*(m zj}f>1yx)iwBDeaX^cKvv3WLZa)S{C)dr{OGUCQB^+4a0C>E`VrRTuIynb&Mtt46D( zjVkP7_Kqxj&n$Q+>uNh89D6in190Q5JqT{CM%f}yaKu_x zfmf(rvLnD!z#-%lFQ9P@3qL@ePZvgd8KyXs3F^}Z_E6F5Qlb!aSlZ)1WD)-mWFVm?L(*JiA!3PSR6pSntQ3Q z3>$G;U?#m8Txmc_V-W{={0^uii#S-DT!cGjqJ}R=44;7(J{u{>LNhLKQ9y3x3*pJm zw}R*2Iu(Xyd~>*mjwnZOpX0|O=FxIWSd1&xaUY}!5^u0MH0=(_BT>v%L{_#asb{u{ zA?j?&?t#ICB7}D-%;iM#9GD2R25K5eGm#AfCMF?Y{OBAbA>)};O$WESRjt26Uohxx zB^wYWNVUB;hYP@BtF6znJ2opm!)|!l8}~7G@59!5tMkB^jrLI_`P0|6pFbIhM6}(F z(+iK6?q>;{LyZ&!-DO}65?m5axey!8s)VoH7Y)iduMIy#*0{q*Mj0&WbFh|Ea2(Y|gn4aKKja#}#MoRDYKARPglzM<_w zgaHo`0J)L`P6(xj81$-e3T!@%VtXRZ14lteI-kn)0vIf{Skx4h@m399Xo3xJh^@pi*=@}XdZm40-Njtv18<``>a zi^IYAuR{#FX~wlMFYpdV^d5uB)!%((hNy$fd%39=@d=pJFlqmCvO=w$thP^2I&EJb zzx%~%w|&|^_mwGv+*)<7yfZmFURhipi7Y--+P9cK7`93^hB{!P*knc3^Vxb}RqD@w zwlu-yYM7T*=Av*f=omhGDk={6JXg_t@4t`RsCE>Ufy{9gRm0ugIo^A5aQO3LYw)E@ z;Qh!&D8M}x(y0T_q5(`350o9*T@A0HgH>8GV9G8;sabVnTuM($!hA^xb3q81#7r1a zyC8mi#aX5qmdUy^;(WTH>LwpwoyPH%K?GH=R#2#FN8dtZQ5bd$&}lds8DsNk1lT(= zdms(ovdc-H>BP%Kil}qWau{cLxpm2o&T59nS+j%Q8&ixj43fkXI=kKvdxstTvp&;d z*~ju;^9NsT?0Goiym+?nBN?I!sPx0Dh%)UGXN%jSvIkL+$VrsMBZ~1Nd4E(E$si?5 zQ#9RAyiV((_YMAStx4W3_54BWK|rq_G{+l(NRT8v6~$wvuvEQ}Zwc|q>1v?^am51+ zXQD=hR=C(S@yh)voE^-fpzOI?Yh=a}$0=N+!MKIN>T$ko_SdKFM=LD!n{u?P$v3^>gHsv6DKCqJ5WrR8KHS|ZJq@;G-;(Z=bF{LLyYqM#;ofdudYwjR zgrDn;b^6?BY|!U}#sm6%*my{vj~b8Y^Ks)beLiVCq0gs{rz3+>gSY$k z@NhcFIDr9j}M7Z3t-_AqKi+h?GEx_FysG zLwJQ>s~mX+eH!}wTPflk#}dHP)r#H1>MQ@%pXzg0BYe4cbTayqAE5M+qU~F+PD^kO<&dp?ome?z-=V$ zZ)q@Z2IOu4yc^y?fGO#s6^x7K93(CVvhy6y z6%wB_Zn2Al4tcB7JaQyUaciT=QlML8Jd=c@O0rF2P?fRGm`R=s1~#rE#=cm|6zsZzUrn4u`^y z$#t%hwffDbjK)`(TXJePOrk4V9C*yR2_ddMBDgIdIqB4 z;*ri2YtlSo?j>T})QzWx&!g6K5@&0Zq{(#3m?mCrs09_#g0IspI${ZJkA%`K$|Gbg zA>J+~qn4I%C}!1I!BZWS_>tuha|aRUdNKpxmD(ZSTAdo!%9^B3Khhw|t6z~dCK?^$ z1X*AV%RUtNBGyQ!3)0+@zia2i(kX)7EO#bl9^E@5xYVYZ1jYx38iH~@LcSybIb*?_ z*N?C1lFSn9f@Ga>6lWL_3~b#vlDajN3|3C!UOPo;kY7`z?KvWhm49jyo()tgKuL0& zNLDLce8vlX<9VgmTFAhbN-{Vl`3QL%;O@lE>aeUtXX7@BV%0Hcu;7C(QhWtdEt)<; zK{)JUG-5}v%9&6|IZwc)?Q`_u#1w@1MGNKg&9H3%Us1*)plO)|ND|}$ znf)TSL&*U#$r)t|QA5F%(`iq2M0(0%Mur=$3N75WZ?bj1J9u-vfAIP}V0O-Se}UKn z*Txnu!c{Ov&reFUmqnH+Kkmzxp_Ac65+f7jM1|0y?{%nT0|jy3I>nwkXAY?KFiChK zGtn^?tJ-@^@SL(12uH+CDBQuzE65G2G=FSB6_uQCTM45aJ7)7wC?88al~BZIoEI#U z7G=GIXYZ-`D{Nl%&cR;!2j<}B)(omKb5QiMr=ds1^|hp-_t| zG>xQh)c+_`vz@_Fm*YH+I(jc%U}tBRX?&(UAp>2(G&Uh3;Bz!j$u0wkg%0vo?fLCWQaz!3C;U{Kj3;-VUt9O@?l8@OJ@e^E zmc`8b-Ok~Q_ltypmN~;gLuhe#1&!EHpETi%#hN1KQzf<^Q|E+zO*rZ$$~2^rm&Ai0 zoJtZY3}|D8?`!7s`C_be$uwt>DY^7EghU+07-*eRl_uynjJ4Crtti%d6dk0PS|gbV z$LK&ogcU_Fv$Fr>L!x*=y^M57MrEhu^aTwQ`=)eDJm@W3&n3b280T|zJypeWa$tZ| z<$RP%_$H(j8%gTe`ikhIjiN*vWcgss`b-*DZQe)Ypr|rFETM1M*p@v4H8|1E!<0VC zqff4LSx#8u)~s%2O|DDxRv96T@jFtx@A@1SyW4y!rU~SxcbUSH`(JK-EwMp98>n@a zL_ABz(9oC{CVi|RR%XVCJTEe^)Ui0JS?8Dv5fMsQceTA*-WEtH;nqf+4xKZokhAqr zY^A3o6=|<;wF7Q(1y%KQ5)yQr)& zGGIPK21yT)%pam&LCeQTr_2PXZf6qqfLM=|&<-P@Dgp`tQweDpEb%<4Tt9q5bUU0( z+s$!+$w8%clgF?FU9I^L)cFK>dPx-^SxqYF(D)aS>MUDnLM?21`)&&)#ROol|VU0XUzuiXgU z!1_1cEuVFKon!PnoL@RXTD6evz&XLvCt1@3_dCTk1CVHlR%n=J*lVC?1;r_#_H!a< zebnLj4yPEq2CzS6c}SwGuvPsMp7Upb>Q@$>7nSI3JPTU zFwBgzHo2a%W65+@^4bI;qG)+!x_~0$evdi@fL6amDzCcz;W?&MWFkV! zZiX)lR#_INkRm;nA4(=7^LsbL&vF`kbRy z=Iey{S9^eFmmK`ZINLC@l5<(N9H)g}@mxjTUGoO%Y7IQwJ_V4w@k>;6miq$f{*0S- zN-_D-4zpTP*8zy6(Wp|!K4}?drJRRbwnC6oI&jf_Cngjc z#T|r($S!3@Q$?B6bGG>^s$S{tmre$d_NHpZtmCj$j&K~|7ZIk=sYU- z9TiES|HvhAMwu0Tf99Z9=K+u{T|cSJmOt28t+Q?=n^r25dk)hI&QpvW7C~J?=-f50 zRvp4;)9zQBA*|~8DzuuBH{|Rf> zY_4V_G&%>>5n|>fZjJ<-7kHDiu)q)FCbyV0R8J`{5}gs(@pIXz`I@;xUSytjZn;F% zvaqV$N~MmtI%V(yA3hpha?Ur0Yz%Ngz5*mKM_B`}l7)T+=my5uCi zNq8Oh*^9J>93@#XyLnW<5Y$S9S+ltILc=X(@C8Q?P3^T=OPQh9Oam`+j>)vdDOb9; zDx-no{h$#ILK#0SoH#||M)g?Ii=t+iqlHQ0#cVQN!W(mZqdz;9u9Z_9PXXID0#}fh zWZ9+nv+ZV1*jDDGS|uNqO_8NnPpU;_YNlOP!b;Vfk^0We*NaWq3#8U0Z?kEygIF(T zCOdnYhC)*c0w-fu&VJL%HoWHK+_RWP*x)(Qvp#c=IgA!u9_(~ZhR%FsRW3Yh6bq$K ze#I4x{uNI!65}m1QIa!|U99bEZIhK{sfY`M$!94`Hu^6jA9MERWIK)4{yO@bBrg`r zD1Y0hKwquOzjdgO}P1dmyIU4R#Wt4fM{?C~J~Y=5TUZJNTHrZ&uK( zJeYXJ+qDhn`0KB?>z_&sO}NlE_oe*G|6s~A`u4VEp zh{R;e%Ebqb@z2nuNCk-LPNM+;QL9qKDSg(`NOI>J&hG5rU^cjI%m(Lwn7LY?yG+WT zJJ(=#AT*5ala&^XrRJ-Q(%y2ecJ_c9lK<%YgTv#4H^&RaHOU-xm+H?RcZagqu2-2e zZ=ZM>hrGaJzdo{(o3;K0j+a@r#lgr~2Rc80{p+V$#c(m{FwS5uKmGCN<;&(ulgL7A z69BdN%(#n`tJj(d;kvQ`a=Q4lF{bEdPV$~V^GOYs^n50*f%d_E);q$xt9^X4^J4F? ziPpTI*ja)M52v%J5x0|~6ML_D+SAi^6kkR;Lf>4Of=-PvoAoctfY3BMN6loe~ZJ1sDOX3bW1SKD88y>pWyev_=gb%B#s`zw1fUt8akyOR-Yfp=$T5%HY* zM&7b%_0j&t@z-rP+O}tL+xzHr;%>7%!9?cnP*z|rC#&zgwdT`C^L_oD2Y=x{?KGdh zmq2GHt9K_I?_}MsI4&4!c6f8fQ{03#pB#Ky49#Ev?}j`niF1;TYvQk9^aV)=4pedL zLF@TQqkd zowp7KNyTObfYg@B^=#NQ${&v@<8?Cm(ZKcyAlF>+2#{7R#k|QruNqT#s4$@l3)DX1 z&4<(f%O=|c;`dLR)Gqc>b(6pqG+Yp~ZBD#BwI7bJAVp*r+0<{8^TOmptt2KG&n!O)$2lOG;~k)6M&FAEhihb)TDe3$*I|HHMGOM^(+PVaXH1)n z<;YCOWAELogJ*k9k(l1Y4LRope2|g(H=8~3d(Vi<#kaI)`@|d6RpLp!pg-{lt@Tw} zbnBmrVjz**P0C`9$HPV>x8yW$jX=jI$v4yulBk!NLz!|0l z;t(F$bElxPuI~f4Gt=uqS5JfU?c<#n_8#DDOEz8n@q%*?>XdkH+fLP4_g!lU?0+W4 zWhE}%a~!*8c&2}j6T0>cSD#G;f5$((L6Sxc$0UZZaIEd)_d9xs{{b?}N`=5$*%!u~ zg_4k&imkD!bzr?g7>pdJegaE6dB!ahdB45{Yl$a1ISO*jXmjReeg`@v7{xB)V7)>U zcyae1(28n;z0*t+96M2^+(2QcijJUCxdR!8*d$QW(~3^0Hj3cRcLsxompYCJw5VfC ztHI<>niMoC>*TjC=us|l9JGTU0pKnjQy_Auw}Lj2_|~eaDo#gkm$Ct-KMtNaQX>iN zeW<9r;s_7#t>6%f3&qzLzQ<(R%9l(W{K*4{@1{n@w~(Q)k~jz5?u5f#QVpM9Qha4J z7@AroWJ%E`wpAf7{~R0Z^uSS?t>9ibB{y;q4ZBjIVe<)RDGZzo42wsBx3~%pmE}F0 zssYV$q4)l@r^38dB)Woo0&E0hPQyiJh+ook8cl7<<%a@t6 zFi{0+FOPS3voF1~L2#aI(#z*BcU~OX;A84y?PuP~`DprAAb8+vJcX~PgT7YM3zpR7 z%Q!{vS=fz&QIp8<=6c0BWS60;|6!%J^Y-}Q)z07dY&#cQqraH)m;hDwH*Ql#m|VDlbRb^IL=1=V-1sDsBW&F)5Xo zcunZ}#F$bF!g0XD=6w4{0YoI}v| zs#y|~yrc6qy!oUCVYy?&e?=8K#b#bA`33n!%i7=2;=J7d4%V}IaM(OLczd|JNAG7z zqa}m6>_xV^*^roUo8RjB-U`N0Qc}`YYQb!k+B^ZaW@d|=b>tyi3u&G@OIH5`P2N*d zn_&DR&nw)o+&UM;c}KEgJ+88#v|~C=(!`HhcWpX~Z1c{E)i1Tl0F%A48$U-pi&s=Zu zK@=8O2{H?IhPycxZh3AnrXRuyW{4vXGAWO`HZqeEM8r{okyIp>L7RSH=Mp1W=7w9Y z8i4^Ir602B6vJBRH?f_nK!LZVX7w;Yvyy|F>1fzk_FlMY4p^on@Qj`;Sv*lK!V@K@ zq3WWKY94*etcc;w$&0s_LT&qi+9$C+R>VM z1P};W+f@Z)*8K53Y^qAtltat_yWfQ>wj+Wp2ZAKp7<%REI*KK_P%BSMmA%{;3B)5S z&=5tMltM4v7mrs zh~WG|-5ol;rUur`CGdf&a@r-U1p_*SvzA;7uIPLePdFkB0>_A8FAsHAw)v9m8DwOu zGdHjk-E0fC5lOe~IMb%X2LOM)Ni2E06ayzQE454s6Q+_|E3@-PD5I#5{D2Hb zQnvvtAM6y0#!wbP%2DqtydG!-=Am;vn94uw9Uko;ymsm+C96}#%8mQmypnk2QcRKK zee=!f%j46%gXa~^pl{*@z?PiSXMEf2?U;D53k5SrS z$&KKO3@2)tTXqvxaN9|!1XexD^wok*By|n%BsZ2DnBADfMAUKtFE|g-T12gY1H}J| zOJ&+}cK3gO#q`;AmhN|7ICWOM+>vV7P0RW&xTvO4_dtHps+Nz`ZWTtAo8^LQZqlJ! zcFM2zk6!H@?|!f7LB^em625<=1aWtmu-A^_&SFbb$;7+HiiKTewFW3>o$J}p7jMR~ zzdwk_;b`0Z=7fToQWVS8eMF*N{YxplPW#jGDJr}&rAd(`&*&lC!srey1~5_?eY~{m zJLx|!I5_x3$&%0FxWPfsndS--E4Y-hXD*Uok;dZ=|KcC`Z`Jn0-g4ZLNe9R(lB|P{ zo6SxHym$P`AM_Xhz<+nWxxI+)WOhHIF1h1R{-D432mZSY=k=o$F0=b#Wy&3W&|mxm z|J|L1TO_fcW z_}5=*=6mJStl$H)+&i!DR^4L$rl;QcnHo5T)!#b+hD8u)FfIv`VJno1qg{}ohRtxaPv@)v405r{ zO{{K8xycmXrW*m6A^gyYchy;&qOt4}6%B`;V=E&ij>le!=VsJZp@=ggBFE!ujytty zXi?*gHM8jKJ(?H!VMb7e`yIYftRrmVcOv~}pFf*ATp)OfOE7xX`78N*1+8&HcKlNZ zELK>v2bPcB^#>13@AJZ&y!o#+fiyT@_5K)qh{ks_(BT4;m>G*FE4HuxUU#P*7iIC| z=|oWZ<92Ro+1oL3#$t(uX6d_}C}*2iD2An_*#Q`qoB#}^5g7i+5DbMR>t~bZF5z3) zcEzF2KRZkBtgp>NR=hD ziSDpT`bf=1m^`~B;4KYQt?UM*a5ePMvUd~@FrW0g$pD51C}On))zNTDTQ2p^qc%KX zL%A0G`YZg}?mT+%aNQ&p2w5?>sTw)&^>hPJ{I_T@2-;{3ehR;+k*L4@@af|xPn0UG zcYA&vjq2W=S0BR8UDLPm^~O4V>4nfDeM@BQ^dpAPRVzphYhNe>#fYq)#r|2vudl%g zO36+dEThJB&gD>*918pL94)C$>way4E}5#6}`AI(NO z;7>5RX*)I+sa<}NmgBBQ|CIQ&u==UkLOF@R)8{P1Vy1Pyw10OUa#0h zdM2<%R;CQx1l(2Up^idgTQLQ+1WhBw80i3-1fUUHi*Hlk^1{lmRc3jsXJ49ci#^^7 z#Y@wXNTW5=LiPjqyUJ$Afw{+Rmb(bbdY~)q4X4SlWi??i!QkMQ&_?BDlr=-lqfJ;V z%aT8uva10B)VsvM-6iQ|@0D6M=dvVjN$~F#Y9(kdmJ7;MhQWE%+xEZy`s-IaFZOq} zT?Rbx`Q<6VzExoFr#-h&C1=wC$4YCR;i~FgL{}K#*E|DE7zKlEN+rH8Dj#h@LQ!@| z5l)gZ_BRMrlxCGP6;~FDL@DJY=6uw6ND;Oq9{Z@T)KogWB^o(2l>wdTfK;l-L3oyu z?-|m4WT8#-2z$gSS2(4*$*W4auqD)wN)E}n$w#r6jESE+CoV#NTx}FM7~qj`JO$a@ z6LoQ@=W9@E8fe&USRlElzz zRuN}^B`ZgEgtCdQEuH-PBAE0s;mcr}Tu^Y^K9Z+!5o7H5Azr-UL`BUi8s@21H;IMF zFUyi=TgKO_D~(&#`_^-iq)-T z{4HLMd#(j#FD_jTHDXP3^1XA$hOmGBvtuS0dJlf(7mo3}H)CCMi!&WzhJZhAjZ_$m zM4Mvp0+Dx!J!5gqBSVcu{4n5}0;~{Dh|6KKTnwsyEICi%2sb#v9y_We0@EB#y*G$4 ze6>o2dJX%4Vcf<44=8yZ6@C((N7w~95h(|en9{=R-~!+Z!Nv~501Z(ZWYPo8szk^W z^b8q==afI(W7O+ila{$le!^s93)t#9xJARccydW`+7FLF^ay|@z%W!??Gj$A9K)73_fj&VBYN| z!$#Q8k)2ptI$1t3XY>RP>4~QgY291ZBL~7!I9{M^mo#a+M7-`2jdtyuKR?7FH*K>_ z$0k!6tJ>h4UQdt@nw;|fEd_84^%VRa)qxY zR@(T`qe}~Ck@EJ0@lAnuw-bKu9=v+B^ZMCQi%EFoP)~PXJ;PO?n57LSXo*aoj*XiP zme+;RLlkeJCZ=Nfrcm-F#oE{-+{8Bb2?t4l3D zO8OF6!Y8e^^(<@hj1=tvwlcX*CNT`~&Cc=nl%04y!1M}$Spdp$>$VZ#@GaXS0_n*$ zfNVUXgsl=X7AZ{hb}#8bi8Ts4mnqMv$MR`jff>bkZMH?=nMLy3J|g<+tOhJZUp5dR zedJNC5TRGJh*Yh)UJ+W`?2-d6qU9xbgG2?23Dr8IaVqZ#A!K;DE!;#>wETr#$;fo> zXm=d4`a(tP*=;IN`)hr(YCW$OudY*s*SX`YX3>bYVNd3*qI8FuYtfe-VR95}D4g4a zC^m{VBpRK;ZG&pVU~*2WaVbeqaE?dQ6%Ld0DPF!L;z4`=;0mq>!tuNt@Cu_%Tn7mX z`Fj_@>A^h^1?VzjNz+>lwmhYRK#lSJ1-G=kStLTk)M?25Y1q( zZ0{@<%HnIt4YXLX#PT1`5UAr~OopC+-s@3%`$}eEN|BKxf7WY(brOr`Lw^C~kKu@( zcXwIr*;fHTi2|HZ+>+YvE?sX+cBU3CZR%mKlXG>o^-UfVC=uR_0}Mv8{lP?lA``>i z-4EIRXBCzr9~?WhzuBs)?*_r>GEuvuwgZU-lH8LNiy(V!!fUH+ZX9P*H>Dhzw2#Q{ zt{0B3qDed=v9l&AI3=9YQ&8M>;KY=myov+&s(3Y2%{Q8jnyGo4d30j8A(J;{)w-Jo zGb`w2%i3?O1m$|!MC?iV@W^Bx!CNV%nE31kcmGoUa|###v^Qw&zDFVi0rZ*rTq5X5%{&=eDt-Q z<1NU=#u&3tkM)D(Kd}zrQrY>_Dz116%hhD3G*aYBFnRJfBZo~6e>Du#Ku4oZTB?Ob z&he5y#!HKw;-&i^Vk0W5!Xc)NR7+oeVwV1}17p_zc+O2=As)d0VPa~MERh57iQ9MX zYHOL&%;3ufl$6%MV|N{lQe9K~!v3b7uw9VJO=bzzNO~rsH6nhrduEd2iI3eP=*H_u1DjWOOpc^aSKAO3XyT^^0|_8(2q+no?wmCCA$>b9*g0dF7@f zl^ZuIB^|1|j^i%NN>1dx@tP&N&ZklO)ynb`c{?pHnOsX0d#uVnhI+wDy2JI&8}5kL zj*d$>0j5~X<3wQ2p<6jt^*HMBmr*=Y-=XrZ72C-QX~jaJ6<})y@p(K=Se;vK4T37Y zT5VMLiW7XztwbqfaUa7W#T@3S56m9jXXV4xM2UV2FBGA7U#ER(16w%pYwIU|)(CtYonbtOe|oz*N0cH7W`yy0pe?Zxf)BYn*H2s7Vlgo zqs*$kIXrlAxbw=Rh^9(rzG__gF#q%$c3ypU;JrRL28vSxjzugX{0a$bX5=*!&%O$y zOQq%z#Z3#L@-@Pm(4=qncV%>~3c?#Xh$kss9CsV5eKTq=&d0{IRdvHZ7x4iH7UcT8o^q#+cy^C=$kG$p2>BS0* z0_XzW+$P~E?!)OdV7k*ZKE2*p$G|g{Tpk&n{Dsaioq2AB{0vPHP$E1T#Bp2eqv!@t zHQ6e$4OilkaHb(*4hkZeVC*U;5^w|-N!#)c!vRH=8X43=P#MhtK2hTLiPP0P1R!nV3nV!H=4H%Jw%nVm1_Mk#L0B?8IXJ zu%G!0FU%-Ag(G20k|q!NJrZs4rGU|wXpv=<^m?_jz`iQgw8Nw=JS;|?4oBCqao4i< z7R_bSDO#-!ZX0I3ZAD?K1Vnfie+wtE%&HgnLyD4n9ZGA+K0|vwUSp=+g+5M6FB_97 z0Nh3`V2zoGApk-%*M{)M(v}vwCL))cVi961h$JO00N@0zSS8gtxDpTL2&cfrg5ftv%4jBvskgZ;S^+%oxE#FE+>lB#0JPpfCuEBIbdLkC zIJInc7udmcINtuC_oI28)5Cqp#0>ar6_|`)*|gj2_hLP{7uw?Rr6Xr8*o_s3U6~bd z_=r&uU4^G;iINNgG$gvMe#l;;ix11_a)~&?$TI!S1?pFdu`TYvJ+Lip*uscbq)cCq zXbqYrl>23f)<&~9IzqHsQHW^lg3`iiX)WWl&}jp9v_Qwv`{sb%A#ftFdzt= z@H1iSXtc3@KSZ6~Gc74aoF^s8OpfVWt;blUD}y9II8MZ9$t8(-wn(uNTPhDKSz)wi zH7Wd!CBK#Mql7G4l?4E-5bZB}(;3*BsBdnRmNpSba(xXZg*QjZI&IIqH-O&Cg@@nN zx~v5{IV)Cnak~p2_d>jr@2gs5S-UVYnHe%=;q}aiQ(1f~79VR_JQCY*f8l<;>efA0 zDIeHFzPMUOy~DE+b9P7;V!q|z@)#bNeK&p-eRwb-iGh;B65Sz%6;eZ~{mbLi-Jf4D zK2w21wB;mPaN^lr>8xh(G?5g$tmGp=t6fm32&GVH$aL^z)HRQtuiR zzp`QX$1hsm{)oj|I2sC&25mOPXqTxA8IU1$(Y_OB9F3giQd_zbjmD(tFQ|cL#N?_X zNEw4C}_Etn?^?Bcojj(~%t&X-(}5jypIK z84;Pybdz|1W(~A(#3^j7uWH6cfv^br4D{0B$!if1r4qr6%fvyvgiCUcPvHgQAV|}b zrS>^pB zj|pqosuv=}*nfdIBOv|J-hiB)VcStAZ)%ZO1!Fi1!EvW0H0Ch5OeTq-@!lYnXs4id?m29 zOOwzF|BzhU5kqh&_GPt)OmwaTbF9K71JDnn)XTE391#rJ>S#0ttco68QUO(YC+>P@d(pd;6mt_2Vvh%V?cDbGSU(Iz-8~bxI9>#c)@D1=)_PdW$=)P6~ZjM zp3e^tUY#OBINE#T9Uthg`nh_TfhF@E07{|%`@@nneqV6H3wkkd3OMHx;K8WpDOVB< zU4<}-&Y9hC5MO5j&RU@P0QVpRa2xjlIPyh9pc9sS5qR79qu|X7R2QI7J?fHJ9utC? zMXVaRL6sx};^=yzX9v_o70OTItFT{1TdgqE(bUlSt>xaUlt}U`O0&A|G9iOhTh-YoQ%|<5$z82;S6jc+Ru~QpI5)iD=Z#{?PFWWvvYnzHY8yquoU#*FavI^X9Hn#> zsBz#CdwmS2!~1S$_wV?5xcBCzcW}6mSMMwKd{0V;MPi)E^y8IMCb$CLm{(p4I8$OVy^H@PavnI zP%efA60ia^-7-hQe(TbhNrrvV1ZGYW=Zr~cOhw%-YZ|j~9QiR6LUDdI#ZcUW9lMA# zKT-v&`FSsQ{^w_wh2C$H*b3k&%{aD7iD|n_HBpcKNF7~UG-4~mgq)0tYlcTF+O|wd zOT+#ujT&u{?fPkO2{?iZHysI51&U2&sYa|Vni;SC)_plm`WfYCC`mlEFi40rtC-XO{0($R@w;vz3cuLW z(?~a!X6u?QX1ywuuG(@gl2>gZ1{{UV+DsFr6}BZalI5jG5x{3c!UxrQb4Vln@CWX? zvzldyD!N&C(@89t-|}Cl5e8?>3!fFaNlXYQsAVltD-S65Lycz8fABFc(DQu8SufX- z{83wPR%p%zAkIQ__g>+CM~rQ6zjYjdV`n1qOZGT3!2dOLuFvbVP|21@^v#Mh-Ku^->0wviHhDq$uAh z53m4H8oQ+t+*q@MTDH%_L303frk3ZN5IDI-L=b2~T;xg61K8lfyI1ZwVs!AvB1*O(C4RNnk;obV)N|$uK zc`30LB4gx2G7T5S=U_0ydI{%)IH@lwaop6iRAs~_Zp$RGn_+W`$6&JnB!9xy{TXou zHc>VdZP&0_AWE{Epnxe2c7Yk)vNyOaf14KqxbH5;?29C|u+Py5)9hi;QK!%~!xHzD z73LI232Pekl2*rYG=ko$#vd(z>?9r*r(Q!s(+c@O3)Ud_mA*>U%!`N)U|FF~tCDSe zyHY;t1@r{jDmlu-au?3So%j!DN6Gj)H_|-NmAbm>lqxyYQ6zzLwYy&^d~@(qzWeg~ zxEOG}0(dBw%oS_8sp2A1n*7-FO%zFK92s|KhQPU4N<**8r8MsL{Obs4=B(EJ1T>i? zoK1xtN?vy{0;NoLbFDym`7l+kM~kN=1rneEbz~GbSL`bgiEkNdPMHo3*)860ZTZx( zzt!@$lp*@4Z>%FJn_MV$(6bKxSuosT0dClY{}pqav@Ypz+}WPt*FKNODQ>Z>w|mO5 zyiz?h%xTL?#9KCu!Z$g}b)Igjx><*o>YG*SR2Fll>Taf>jHfX}Q0AV>-(N;nFo56r z6rl=t=BjM|QJ`9=)3t)YU!|3xNE+1+FA+Wz7Ejh+OYarrcNL`cESEr2!)OahGP(`i%lw zUs}jh{EdGhTK{vdr}<~P%%kZ4or9edR7*V2!QiwXo}G@#$g4Pv=8w^+A73ZlvzIRc zZlJWUgGc{8grQ)9hucw)WviGk7Yd#}+k1Zc245+=%He}brpNN5rOU7fuZsV}OUt(E zzr0)W-q+Ds-8^moac#U=}N!KSEcKwBMpTpltq4&P8d$ir=UYM1(S1hvdX`hk!bRTglplVELv60+&b00 z2`tG+(+&{D{us%mhp)G5oW}-R_JYB60NCRacP_B}uSHl3I7@0VFecM63d0l1KzSP` znTI6!=FVWAoZxSSSbm^#JYcjA355-~OtSe#;VCBUkVL)`UP)ZtoPc7gQ4?1T<1l%v z7^Oy>bgIhc8ZCME;UWRtO0hL{WGs7ODof~e1dVKC+m)s4sFzHpD=Y>30DY+-D#bNa z|8`w|$K%}T^}=yV(sS9vrWIfZBSGo8Qrx9xOyP~p9U_r7(1=@ND&<4w+{RN(M}Z5X zqUZR{*yn^Em?PPXN4=2Z?dS>c1o4rXg5=O@!WMaVUh_5GI4c`EW&cX@wW&c8ugeR*yG>~*d@H4v)Oe-j$N!1WotSUh!J!FFhcF_)^e!sS zFmM>k{wF*>H`k;Jb}4It;4X3N&!-%3H!y+hF>vwpyoEFTvDc`Z<+OzO_(sI`YEdb_ zcFB#s$d{xisG6!V5{2CS5fsu9U9LZDep!Fpc;Y_)WTCmd%q4zK; zY>aC_eHvExhlDSS{c4E` zu(|F>R?sG$w?jfbS*gEBS!Z1eA0-;770_MZ;ri|>irg-ZekxBVeyFlu0b>HhBwT5I zAP&Qc^4at_YJMoGx0aRNHpQ7UzMjpP0XkL+c8$qsb?Dt7wl-BFa_KYx?|Qq>kD{|- z62I56IP0yTA7GSc`0UDO!k@{|D%JbTU+8JCM;}qdzXq7fioT7<{CRU@)p~dK{QbMN zr|&hSPe~T~@}MkagmD2=VCjM+bNIgWmxXRK>P*mFCyuE@|Ivj(H``VL z8E7a#AteB%&WmNoA~u;3o-iWNP0@ zI9dPQ`~PqGm-@#~Ti<;9*Q$^ITk`(AvU>NS_U^rJH^K1^IjOQ&l_S7+z5+n)IVka0 zCB_vYA&mKNBIs1-=EI;-R@;~rgM+nn|G_~#OR?w;v{ablf_Wc0i&#b{ypSd<6&J0$ zBqdS&xpPXn=!$Nf0(P;gF!?hML5N%krbeU8XzqbdTK5jyI3aNs6205BXmEb{FKq86Rp2LMA9Hy&Ve+YqG1J z#)-l$CXuPmW2(}a#+D|Qjc0mT$!WX6ci3hxGk-gKZsGV2U9LXt4Iuhud; zGjVq@cv3};O!tb{KHcxl!gbIIR(q$hJ3k4viibu=N7Hog9XrSR$=AQM>g}(;-tv;K zPg?JOX}z!4zW&<(&_X~2hE3hFaqp6;UDIj{A7&xa>QpiDVF*AEMH7|3%W5vOaxY_w z(}%tklZeP*pqM0+%$Z8s0qup#9r;HhlDLW_rcpV8hQVbhG~noxD5l^ljxeJOMuz1` zuw?dzH)zq3H3N6obqbfkAQviiFml3m<8kCUIq4*-4F<5SeWV7-C zW5Sv;PCS(gyO)pplml2;>R`l?ngBpPkW(L z+7pSm6s5|`rvi9=;+`z$O!>{8NbXU*lg7YeT(B(Q%!8^G^r#LbQG#_J5E$VNnM{EP z4f_przlJ+;)RV{sc%57XC^2A0U~ z1gZs{T>-A3r7X^>`?O~=+eglk`j)wm&Y<}m+3&AzOU0>pD^{{*MMaxn z!;**qZF}h@9vXEL^kvohtk~3mLM1mO0U}(X(Ya^}9YF#BCC49%Fm#l_Qa9fw zq|#rq^0vYPP<)+IjXA9@(-WnI@`6sZg~q{O;o`zScV;PtZ?EUsU&bJGtXHxNm6_N zTbY?F{BA2}^xU$VML(O4(|5@Nn>n;DpmCf;*mtu}@nuk2>D)(L4tUzdE}>%P*DhOp zIeadXuPK$9duQDLuF=F(c3wri*9uMe)1d6N@BdDbHMEbXwJ{lvEzkSF?<7 zM}t^pM<^D$V1Pd?lUr0p&*y~>OO|9(pFR_p4HhEHN$RP8;-Og}aP)R}ckk#3ZG&h% zNOCKSLE}(39LItMv|KQ6E>!#2`3nYsrCclKH8rVCiAb)bLVon41i<>%qau{072SMA zn1_|+(qmbu>fR_?s#Rn1AvtiO9=C=eU2jqnsQ1m?KShFousEvFt-9G{b~+JGtKwLc zVB7kMQF8PKVK6ddVGMdwslLVjHaUMA2`b+myg_g2_pMgTYc@&HNp(Hgws(iGn$~Md zLfdLpDq@m}qe;wE_{!FC>apA_xbI|t~BmNlsSkbp|k^JYPXW! zjzwGUx4Y4(JsJ9|XuhgO$>Ed5NXT0Oe0PC10)F$%UllPM$5yVukHc3m!u_J;*COL@ zC^QpK)R+OE4+dJ$Ymc=;V@0_m=ANSY^qmNpMDlT8X%Y_3uuCZ?j?FNjYSB(IFt1iV zXD8(#>>j*&16?;IXEl~MI(U1yyGQF<*;RITwkZW0?c`QPYuEX{B=8T&MkC3%W@D~q z+zCK2vL%~1Cm@av-X6bsd)%beK*!+2+?GxV(M|aSpTf6~7f~W!@pmU=0!*_34oTwrJ6lDS@+i%mbu$sxVo1{@X zO;y!h1?{8}Vyg^TNuaS*wDn3xea~eYP-qbQg@;wLvVSJxmD(z`y!Q@6!oMe!yQ5rs z3H{-TQDbAfewrfE4S~W{UvNVE1I$J4sq^WHX{fu}I%6jl6QHpNW%r+i(z#urI3Fzx zHJ(VUTtMAC7Qcc#TEZ9`6|!=d=$QEmOPRR1p13k6CNT_PpvO2!!xZ{+=B zO1$ZaA{t`-+EUlC@;A4M&Z|pm0!;P>a4N)Go>~Q!%g+#82-N@jUu?Y4+ z*JgCn1fcNV90EH2sfmDs8)pATILF)SoUjr!N7t7 zvSBVj89dr^m;+DFXl4Ktd~<0aA*A2~adQ6_mfDay$UQ*~s)*8zrV4>!D&mzEczRTJ#9Cn!#v^DfO}(*-U<<3w@Dff6OIH_@e2N#ZB^NV zIrFe2Tv5(>sZ3^qb_heFEAqE9UXlR$bWaM4L9Dzo)PsAQs^H1cO>s+7O*KYv8Ocw& z@A@d9N?=06ZakpFG)PaO)*uexZabCd*jRXjLaL_P33Qu5$+xOW0AdsV%IqPD2Um*M z>kpv#%EqeIo~nQJ^DAKj^8bVs=Ne2I6YnflIruTo%QTW{zBz%Ly;q26Sn(a4a)y_3^VT~ZkVM>>!1`Jk`S^)QO zNsNR~>W95Sz#cfMHApQDB|ePz0>f0H0LuVjj<*zKXg}2)h%&bBE4GbVps!@Cz-=JL z3kZe~UpeSmA6W&^3P0HGCF}jcfGz^wPRdkDcC!dc=po3$k&$iMliFpGm<-u zB>&>UQJAa>6WT-9fF|`n7ic*-HcRJh#;OQj;Yd^Z<-@&~dpk#aHm>VkqKrxvz-$lb zlZ=-#)+1bK0XxeU8HuaSW2YSq)HWslr5n2b%Um6sJACK8cTNssAbB8!v>-4>!muTB z1tm(>ZVph6`=)aX7eMy9D57n-feGp&kKR59N`)GL3uB^!B`F3sV*>4o9aS2R5?Q1i z_dfgfg5lT!+&!hwf=JZt9y4;IR+-z_6?cw3x>*IHuhkHNlV~oXjn>#P| z-oG#GPl1hE3=@kUT6#yqJk9EfMI~J;YuH@#It-97`c7j$2OCfTJ9ZJlOeC-mjQ&&w zq5;o>UTBFr@T>M$^F;VTQV(2%aMBbk(3>L#!4?OmMXu~=Vannyav^GDch_x3H0 zGZwE8ybpY=?C!2sDi}SH(S#O!8se8?IgU640QuDTt4uAE!+Ib2H)!cr8qjV%q~_uy zOr*IoYXuJDIpGhl zCOTo;;wgQk4Xr5L`N)jiIg`WG8u zGX^H|=%CsHJZnLDBT>Fx%xzesF65vzn0zK1rRy)CtS|&O-T%SJWugBssV&NM6kd^z zqVjv_DC(=OQp$F^h(=ezAcC_!4#k6r#5=y$p7~CTt|t`QO;;@Q)MGdbzJZBm6Z`O4 z${$Z0;=~KOXz9qfhE;bIabVedO_5Gf{1f_Dh*kklkyb9y+@C-gV#EegYS*H}LxnRM z0w9KhA6i4Htz4A0bW`gm@pUdNsMbT;Ng^G6FZDNyQ8TI@$AsdQ#!)LmiOg1_V|5@z zwr5TVDfKLibbADjo%tu_F3<$@(1Dq)H)=`y7e0?|Ab}>EUVH5SQ%6i-Fn`=8JEPxG z>g)C|KayxXM8*w3xZP;~a!5bgA1h1WSC;x2m(JRasyP#w+PVV*ygvG&<8{}nzdCrf zr{C(8Yt;p5ovgh3#d}{rS%sqQXCXT>h=BE^Lyd2?eHDP4HRFG+ppAeND?=?`E>?zm zF(X!nkrFyLz7fU};uB5xu&;t)Wc;o$Qtf@+twhqJU97%`&hWH}OoN2{UNjtr{V1>^ z=)@DHk`yBeDsK5a8g~aa`97&Exju|MBA;ISIs~f6CJ73ZqRF=7Ln(bKBnNcHsz9NL zEl!i$WD;XUjhgrlTgKm+GRAv;+1sVqHzJ8Pa&Pp@8r-^A9fbx!?X{%i0pQZ^>2#C? zXCWCc>-lEAHr0%g05B6~T%2jVN`pEKgTB&K*cS?P-6sZin_Q#u(J5ti-&XcAtVUC7 zfNdRJMq{3nCSXcLQqa0%Yt3D0(-N}JK$9|KosxAqZRJ9Lm?7pOfM|zE1q#?A4v8r7 zz9N%dVV0i>QGkbW$#z`S`%s1d!!@&1>e^_{7NJ#H?9gX!>b9XD3L>j*ZKl4&_KoJk z`O0cA*U$`~Wk9erof;|4`1N8KlJ*%6$F0c z>;4A^O(B$WNqSE+<=>_&q*3x~i5TMohEMUSfQ_~ch1nZLouiZLNv-A-J*jGVP>w71 z>usz79i3EN1KL?-Hw*f3&AW`h^fG55)vP}t_d%jmwBpT|u$GR{V(Ly*+5iHQ6<7f& zyA@DH+CWFlvy_>f+=ZvZ;5_PW*XTn#ZW0cT9Cfl`oCycJ!)vKn8OgSDD-{J{a&L}i zonjmeI1U0FfK^XJSbdd^o-z7Gm}vE6Bo<%hRxnqB*5x2B;aeeR~129}*=^(PBwaea26Ibw;Qb1ROm}_i!jqLTo=XK3mVkCehVcW97MA&Qik~z@@CwYmTRz>BJX*X*vuiOWLD5MBR8jIvDJ2Oti3k-hQ z+v7oy)YV0RGP8N3)T?<2eIdb)F_HR(7AT3uy$n)pheXsnuV2ugw>vNPyqCMDJ1<}2 z$L{gZZ|L{#!ONFB$Mp3TOcP2SX%Q{F9=v zS9Z-UrIV81eBCSby@XGJS`2gV&!Vc$K{*!><`^cSD`2Ibi0tuP+blxMvUsBO6eoJ` zl~FS=+caCnk<75zRYi=&uFLHRbC_dxT zWR3{8lcyJz97nT^+;r)U@0{y$S0H|!DlVy-0e-_gorgCjw1HJYi7Nnkg#A*G^^JF(Gr@E?Ci+zz zWYMPuet(!f#w9!Vy0t`}TH)rqmxr*-+q|-#S$KX@rM488_N`arQMBQsISBCS@Cwh1 z`eB=>>QKpQv73bhd5l1CxQY6XsM@%UDDcJO>;k7O1~O){9$1E# zq^u8zuLYuyvxte%MQlF=rzyKQ6Gl%_v)E9kS0x>rGPxj)H3O-}ZE+7t3N)-? zB00PzyFN4-LM>HF610|asQGmo!R-gzSwM>XuJFJowE4UIt2%AI)C}td-26cOg>L-s z&FTUmDX5bO33^_wH1;mwgfXn|eZCu)w0hcPsgYWNFoE#8bm%ln}+EQukFF6CB3- zj>xKVkMYRz%^nS~OMSGtKV>*1_uEt4Q9U+(u`OmHOgvNcbwCCsgrqk}61WZst;tulsFFK zGbix?iX`i;caI)FdHViN|L(k7Yd(EXp82tV>fb3PVenRPeTDDjz2tw5ceqBO=^3ANR)ZOQQZc-0Lx zP^}$(zxVQGmHo_xT?68RUXqGkR>Zukcy2%jiMWb5{l)9IFkZZ9{6uRbGhD6!v;>8R zo2Z{)7)|Lk!X8{n>@Ku9@Bf}|*^&7c?eRF|@Wbm#N0xi^bbw+q0O-xY?QY#^vr0<*$s+KS30N;j#=a|`A?ULoFivrp9S7q?lN;l6|iLiK_6kSXb1<8zv*y-#>FhdW%yMM=h`; zX)7m1)SKcla5*)sZ?S0V-A^!X3SmI+T^2>Hg|b+6!>s5{EH1|d6d*91i1JSXmXnv+^XHW2B(>=GTDsfv?HB%IIy6$TEIaU10Dq@6M)Lf0cV`s;+-h&!bLd6n*j%A z0mvv582u*tn=(=6Z-p4pUe^&TzmY4&f+`2NHaD%731LeuYOH3eWr3cK5O)z_uQO*Q zg8*nG?FwPFQkb;L_ko}A)%48uQ2$=kI|L|r+w8KLXMz(tt_M8&K_V< zQl#S->lxdvWayq*ajdydu|mkST^6g_>Z&;0wWVE2?Flz9_HwUil_uo)P6nAMdSKsv z1tkhWqFSdv9S(0<;hbz)WS$B@URwsJKTo}mSi%%o2;tx@6@ea|!-DW-EK8v-WT1oE z?@_t^Zm0P_LG!owoBU)oA2Z)J;gZ3kRLWJCFL7*s!>*N#mJC#s;~e56WsqS^B{=Yn zm8v5z?JA(g?rWr=b%tV^Ak8dnprEi+-avu{P!jUBu@6YLVToi1kK-VCv_Z`Ebe@A<|j0It-L0#5VP9oyr zvuzBSgwm)}6`!u$l1`=B5wR}%-nzSPf@S9rxh5ikM3iGwWr9&8z=j-TmZz3&o0uMW zU9T#su~+5Oy+j<26N)ZZS9K%h>7Z%4k&t0%&y8J82+rkE%Nm+{0PZ!iT-CyX&9Lg@ zv<5S5(sGu1CZ4QI$-DdRs$F#U5Mde6BUxvLxxm#Kj|UO+iYNq>rBdsJ2l|w&ost$$ zDNFU%-x)<+^0lnNN$u;es~;*#^Mek9fh{2+kfY2q9`Y~KG(q<_^n`>Fgg0ZdoafpY zTaa$`Zo4NT;wI$umyneq;zAQ#((-GE^U4jdAHPx~h$tGP>&a?JcBh?`t#FuYLLU=4 z{^%h}!)NcwYmpwc`U4c~l=VU(Kx8f2trkj;ycGfE!EHlj2%B8eBtpqb#lZxj*(Ann z0}`!-GX##j@D}|!ja@2Jtk&MJT(h*E$L1L| zjcyOeW($#Aj3h=}rkvM@k(p#}r2f%@vL((@;h;4Qf*G*aI{W17zh(OP+t<0k5!vA) zye@f~v;Td1l|~5(WQ{1e9df7Qb+^pabgaO9ce1B`>85f8&p+{{UHGDd522L(%2?!g z!?V}`F70qCT3s@@4vqLNQS!H(owP+TI@gmT9G8j{@h*9El`?_bp?qjmTr#8ab5+8% z#?Gz@fV!^n|7Y)Cw%fSU{88{fC0^l7wjnq{&;)pqY*$jI(=by~Z*L{l!5R{b8s`{s^(k3GI-m$OW z{;t38omTm9BJ@Y`Q1YE8bvy^IOWZxS>lw%Wg(#B!*p*qnZ5i1$+ikmCi0a5e7j+tn zDt>D6hrN>gR47YxGofe-lqJVw>1U-fazj9;T1i7YVZW;n_^Q&&%00m}D>pRV{>Y~F zcd#q8cBF5jr|4vo^E&reMoSegKrrue5S_|j95I2E+caF0fCqm=~8*xwoJdZNl4xh}$d4*}gF5m`z)3 zhJbHa+yX>7m{44&X`ZiYJDhtb>BE0j4UA9|lL5{yby0fFrv2e-Jz~bDh_siCzGh(4 zaAz;6NyuA`9ja1L{=WGD|KF%;XNRe` ztfkH`;}P<&fenUd05;8be$$ls#(2%BgN)l;LNa|~GtSakchs~I{DeN_qQAzo3A9K% zC{7zFa>^Xxe+fIn@2T(ah~)KhV6&mtk8iz*SjFcAhw(VMc5n)L;S5=r(WoVv-xwL! zNg~cvSSYh`_=i`#Fz`bsa=F(^Td->5>xL(AS-eOn`4H2{5fnwB1+rj&t1irk8Bs>V z_7opWIdel4>Vl70XtcAYr6M26{380biB-x}cEh--l`aG^`zIfKb zCZ+|K3#F-mvOptO*<1?a$2OF2U=_>&Jzn~~*J%*2Bgx9}qE~l%aiPN&WEsW8I0l9l zPU&_|HHrimIwD+L6!sT|*_3GTv3}j3Ml~MKNndTv!`d-yL|BrZV;1e<{>VtC$YE&3 zanmczPP=j6D&WY@#7#j*_>Yv>zA@%V*kvn#E^ZfYL^5cpaj=V$DG!HODwG0hKAEgyp}7~7pF)$R1Bq|&j=08^u>Lj1NLP?3)%I(RTdKogGyTBW zKtFt0*JKxTTi0oSxrRM|dVdOwd^O&VIV(-{O_&vlAgH>$n6<*net4%Mbl5*_z;p4M zn=QX@5(=l1VxbC7(Ex6te4{3FX+Po+l%>Ec#!gqy|J$Wnb<%x!y~M{<`0udy-ihSD zK7?x0knI)yh5+FxHcJi+0Aja5#K5DF99?h|nocAZ`0 zgY?uj#VlwO27w(>)K)!qlPZbb_aeJ>5$8l7Xpw^O0~G_>1pAzMypS19dKaj5z|=dv zPJ3Lzus=$k6aq>Ug0IfZ}ioonjDaf?%`LlcQ{h}YbVA;D3i9^(F#20jd~+dkj6 zVISIFZ`U^UA@zT|_U>+z_~Q@uIT;__-5S*QnX?yvO`5;$H2)1FWxi|^OD0WlKer2Z zVz*C|Qgid;0wgq%7t~Js=X0X6pFECe#YKN~2C^7W9Sm&jh`sAg?OiZEF#nyrQ=>3p ztV0~0le(!Zpw6_){HcP)79evT(*gm$wqxNy`R=zbgA87t4}Yt}UQfNOgU+U`;ZrPV zKR1|6IB-ov&V%N1#?cKD%t>oFs1y)cG_7#swRiO256AYe6ZQsrnoKfJ&q#$OPm`Cr zNzD|{Mmth7CSa4FM+nsXaY9d~~$)*eqkHPVMQ=?w@xa?KMp8FMCG_M~rnUcY5dD z^xU-DopFDb;r}WO5N=MZyQfur@#5t8T3OL?wLzBDhHtzG~l@a5xn>wUo>!bT;cEWQRU8fl3WZD^JsV1bbHCg5HGBb1)(~vHh;z&w1ch~SE=6q#8y_>G zz?1~z{CWS$-A(Ma8~N@pkKifv-+xNw+CT5^VTT^C4Er`zmtufGWLZFEs9zBB(X0laYBov1((l%@D7+92ZfuXE+BzKRq&YZgKR7u4 z<#BuW@X7HBOkh7)&{1~YZe#Dsm(#{CiWRm4^aI2lk}g2h^Seg?l^Ds4UM@F&6G&Of zTW-Z|Hz{;{a|sq z4;l~6X~lOnQw4ecBpH6Sirm>nq~rwb)JEylcQtr`%mQopOEch8I}9l;Ky|y#zkt$zxMm6^EU_ zn9cX!!{=x@xNWP83vS2sZKppY{GG9XN6uH7Nov%+M@M^4P4kVZn&r5mMy+ahgSRnG z>QNh%URB=Nzv`a$B60(fP9sIq+#`bW@)12x%i8*^U586s;gl{@n@57bn|5vTilr!y zBu*3P{1%-^|inHC%(4Ut<&Rd?XRsBbGqC@-48;# zjO(Ua|1O-xXgqc{Bg2pIT{-g){>5%orjbL&5(qG)Nqf(q9v+<>!}kmL7H?*NC|B#n z4b?G=bgsjApl)t($wRVU^0XX9>bUv4w5qPUb;8Se*?O_^*V@a|#@Z?Vv$1wz=YGws z>EAW@zk0Q9zANhg-0nl^YP`ewl$_sK&wTgE2c~2n+_)2#KEozhDqepb&@G!NU3jYk z#hb~>Wpp(;DNXODTVE`;3C}mxk80A_^mdM(%nhVqK^9w#I}EBRjH7cyx^j`uqcenr zHQm0i?^Y`&d;wTcu8q10vSPXc#6}vv7bhS|<;Ll63{-Zs`w6K~Pt_FGuDRNIdxLEZ zWE-8Q?Z5^Rs(z$-rvTyLl5zAp9suR#&QeNHikOnCwc*I{m|7gE z0K}-@>+~?$iuEG$vz&bwZprUkVS_dH7sfTiQ`JV>3jRPWv*N8)KAe)K^5Y6EL6NPk z=ysU9M%sbGbyDt!`06cFT#*T0M4XEkAk?AmlG&eStic$A@oa7@MxZO$3UQBk1C@5c zpPypx-7V50?0azC0*`%KE#Xg}!Ywin^9l38>i(~lk$0{ zm)3>p^_f-oX=_vg&75G6`8#YOOXdj$B z&*yl3@$x<^8NI2_+^hsMyV$HqoC5Wq6xj%7H(kcxYEc^9WfrS6zwAyIcR%IQaU(38O4RiX3 zKipsQx6}RtJAdI>WSak>>HvBctoRvrgxRjVGw)6#~{U0?|{8vQmO@p}1@-&4iI z;xoD)ELi2k{faf9aOiU~p;Wh&?;C{A0VTbiq$xs^39KetoRD5UJlflX7ww-9kN&)K zbolJa13l_YzW7UF9_e&C8!tDA#!cXFAXp0?>kqzNFSY>cOC(%NAAlG5!e@S9d!TWi z07TL65ZWY5rTX53*vu9d^)3|9ft9Mw=&FzdzC)R(GPxr*8f7(nrvvtLA}f^kBA9Fm zR=3l9HoMSF%^>V%F6}L)V@EU}N<`W0W7#6J(0eJjhfk^YsWWRo2_r?cI#mb{af}U*0*Znjq5dq3~C)`Q<^{~RC5p(*u{q(p>yF(~{+pH>N{5w-SIN8Nyu*a$*4AAkGFgbKDMHIVp{qNKL zy%Ic(;4>KKhnQ+Xr$kiXbP$@hkNg}Yfw1gk-`l|B&nU7qAUYf>da}D)3qRiMASxJ! zRsnxbQ&cOQ#K4oIQIEp8b}?0;y7k%U0!<#fRLnlkA&N?KEsuHZ{e4mmc~9(s%Rb{B zbJ6eG?7b6&Y0!K$PzK*qv{%%VoCA$S?kx}{6YFEcbQAMjQc#iYU&j&YbN1NiMS!XR z+ytf%{o%_Szh!D}0=`rQr266KKN`RJd|!3)$tRBZ?=hZSo6O*OH_m77^XKoeBW?jS zW*JZqt72?R661zx1vOK2%fo-0_4|rjACOS7xqQTO z8aMl2+FU0ew~hr(v9qT*Yy!DKGSj{o&QMBbqly5h!4!5e93>SVE@N)tw{$Y1 z;MQ4YmQRkJ!LC@iwEA%8;24^< z`KZOCv#`VB))_i=7HRf2ZuaOd`^t1MhADsY*pw^yaN-Lk0`jZGRbj1I-7L2+)1=!L zjJ@^dAKNd#YQIRjFZ(O+iypRnNbedoauoHwp-cN(Em-71_Bq#hXdWN`U6$7G=HG2) z-A6vl!t%PdpFBG_XzxEpTXp-v-tq3y{?n7gqj{?q^uu2?wwb~UPS8}jqf(TY3&Ws3 z34Kp!66#Q_Ub%zmuv1EX-5-%-%Ef4e62&Da=3P01d0%0-KjPr++TnWrlw^{hJdt#G z*ck@)9GcOj%O3UhG?~@|gx|^?7G=;uZziB-BxTfiB@hPD3SHKp67)cmL&^<<<&~ zYYGhXY?5vneAxKY`*GS#CWGb`hLPb9n4ac0_dq;wpD6J99u9y)!YI!%sM0xpKR!lm ztTF7IYQx1;7tt9aAn#dOUw+SEsmhXa)V!9%0q!ALVheNNzl&m|EU$E13by1o`ij>D z$QCTgc$5Ku)!ezk`t;r<_G0fZ=4m%pH`dqRRhE|4%)Y@C>hv^w4>CIs>%BZ0%YT1` z|B6lO14b(sCC>0q4)xeA3pWbed9l;r!|%&K^Xu_psOEbmK?QuWfB*`VZEzt)wC%las({plocwm~%9%5&L0MX=70`CdYgjY8%706uu{#nw&h-uh^ z$9uac`-e~3Pj(*fVeTOOZ$?XrqK{z8Qb|~;#Asz)jDG5Q?88f_GhTH0{l&*i{ifxQ z7hihXqMin0fG$e{u~rZL_-o(bjVFJ9yDC6#FfWxm3hAP~<_I$JsTWl%#gj4QAkQCv za<6ka%5rc&CBuO7Wdmtd7GJ8uodefo=Th@sIw5akv8ebq2wcw^^ zyV%-acSk^X5ZD!luJ!8GTF{+peQWKVm3*HPgux)0pfH_GgIqwC7)ul;%mdA)@In)b-@9vE2Io~I z*3tqJ>7;*^TxV#HM~;E8kT@60+SZFD^K!-KSH|g!-pkW>s~e{unrqydwZHBU?dV?o zb?fEImb`&YG$d~enGzDM@FQ9=80okYq!`73N*)<)vOXFd^J9^QTBq;s-97!V_Jw}< zA-ZEtQj8#yoNXzLTjKILxlg{G%r&%D_jdzu2X(v3|2hJKsf&yTBim673F@065CJ=4 ziCg0|lUPcciN zp>1$tRxP6I6rDl&O5_GQ-bo}8YdoHeU?-u3t|t>u809L*)1@WtCg;sb^bT0VO!m@L zYq!i#>1@)&V74txU_3x0udPjB5~ED&%P@Ekp`?*Q_quK?snn;nO}$k&%kpp)ZBodA z*HLvQ2+!_*8NwE#6GHc}3|<>(V8jpcwkhnFc z?ZZ|`{Jo-K5?xXhFKL2EnKX}UNYsyphCR>??k0f~ND|ZHPlRN~l1GQ<{>1WWU1bs> zpk)(IOWCS~zJ`B2ZLM|h<7vhJ{#sw0B@i{w@6N=jYN?F7=yAv!Mi#P?K=>gHz|*)s zR3m7H_&l4$DQx}=@{4Y53a|fINX^Ngp7eXisERdO1t#zFST=Q>-k(^ zI_TygYdRC&@6pw7{H|t7Tbu&urcYK>O|Ium&PY2Mww1i136v2tDrH4V;Rep3G#4aX z|JsJ1=f!)es3IFd6uicQ_D3*ojH8tAX%`T4El`qRK|z{{+iu~zin=J`g&sST_J;xV z1b>#jV>f-J4BD_A0#xI+XhYje#ZVpElX?{N=voj}V>Eu=kW7 zCGI=2{Nzz8|7p%Tu}5md|MXU2R;0irC#a=Fb|P3>Fa7?R@yi`M+?hq z9r?U?Fe%fX*`BDv=@QTBmN#~nJyTXM?Yi}|{!=yEBDzpn7hkwFfobq+W+~jGee;!} ztON0L=`+>xLTg-a`_o)o&3G=)K*oPPCrea*7~9pNvAH4nGfM>9?#?w=D1dkxyv9t{ zV_6)|*-;dQC#ub6H<<{ESr{m|=K=+5vPY@{%1UUC?Ecjqu`B#FCoTc1LdJ3nNK_Ic zz#k<)PtGrcn~$6jx<>m=G3)G^<5iJ4+SWdKuR60y&{i&%ENG$X)x<)s12xsZ5ob!3`&A_Q9?u{ns2`cyo6V!PC>#+qg z_p4kJ+eIJ*wSws(IL`shNDugGlLRA*KJJnYc+Zj2MFsDB=?B6sJR8Ct(yZ0iih9!Y zTd^T4vMRV8gU^_zz+K*=(ZUkd;+;eXtou=2E@R@VOp=S&A^2!5I002ZApetx>vAr@ zT@)@{5c7TqH9{jUUtX)`Vlrc|M2Jfrt8Zr8P25mSmeF_pooDdU>iyed&S|EpPKG_u=i_lWaS; zn_b9t*kgY?2Q9=Sk%SChYqrnAe0dlo-rg2uGP|MuCaOV$S>fVoN5$zBHc4}GZu=z; zY~HR?DqW3y+`1+%;SrId{cLX}`ID~{idM>PtpXS8z>*n+(JlV5BBsXU->NnD1I`~U zn7xne?h+r$n>Jpwh!Hwv5mTyCpx29l*B$hxZH1|Rf!WoEqnB(%fHxi%dIV*SSz)K$ z5eBAdUN+A2g&9FHm^ooT4#iwT7w*L2$|I~i2)Q6UC*mz3?OJ^y>SvIZ7x>jRav((~ z9O;L%PPUABj10ozlY?If?TNvlDXN!S(ZLepA3@T3u=s3pA=s$I3}>X_2l8TJ!_hvH zO48Hbko7_0HpHrw{>;lB`}5Jx)2Dk!ZFZMw|G0N>_~g-Xd;durjT!q#P}zpalNN89 zyv7mipPM>JXLU)mO&$-h00hB8GeiDIs4mR1*}zX%YqP6eaY_JoTbUB7S1+q@E+9d? z^>W!7R%(%hn?J=?tyV$J;brosH=3xtW5X7D?69e2BF~%r|iJSc`s*K za)C$sK`-Mpy`(&b`xO{kl(Lh45BS~Yg{cRv*0<~OC+ciqlyFa(Cx`7v2ZuklkDvW` zd{Pl@2nk)Mua=Q4HAfAf>py*k?86HA(17sBCD^6r{(Zin&U=*~fgBzGwEcE`aqqsE z77Raw5#hl*nasYqS9$Pk=U{i|cyD{dmeNO3?(v_Gabo3&{q(f??74Xjvx+nN^zeB9 zx%ibhyTBCaLpt@S7A7*Fi=;xpEV~b$?wtHYBnZ(94g%DYt|mFn7#fa_7@i`$I$CyL;zAYXNIu2XnHX@$KkP2FX;i2o z0-E9LgN-e?%j|`Nn{!?Y3OGoEq%#@mZ`>|%&Ww7TL87jk=Z^UqFBnYrg2$NEPNpvC^Lo#YWcY_@Zz=1i2k6uAf##o$xDu$BCWzpU6?b zBOc-aZtoYol|4(4xNpK8FRq(5Va{+Q+fkx=3?cEsgLAp&tQMYhzoOG~&`aNa*FHGG zueSFNA68Cl8x`+2nzOK5G!hs$4e7MXDtPGPUsBleATRVfV)Q{HaYkgA9Rm0%dtfam z4Vy%PnI_*9B=^dySw3s<B z6#=&w=g)>-uDGDs1od)yHBu`ZcAOj8GSmao#$tb=8b6o~#!a4%mNbO7Yd6JI;&|>b zwJvNFDvWoh{iGN+)l-;(BB^h*jBW?YJ%5&}j}3jTo|)P@^Ng#$q1B-3w}o-d-19bd zd7C#Rwher%zO#B}3@PSBI?$cLy*2mu!_%rQN2R6yoHPcuL^JoX5;%mY=&RhDD<9Gxlr6YB*h;dgfn1$(ZOXfNV`4S z>|2#UN9eYQ-39^eCc=2?XI0pezqd|n2m4R%L3+M86!U?;!+~Q8OXk4I554l9`JJ4%3+g$IB8TQDHX39Vb8mRWuLX50Q=+4 z6GkuC^JLd<{!9$hE2#G7h1(?D@XIYjkKmVVn&`u)uYm2En7AI=8)!Gu64RXRqQThG z9_nj?iZb;d5Vp&s!WEmzpe^*+^W&>l@~VAc)m2DHkvl_Arm2%ZQ7S^(-cRTvpxdIt z5zHi4V(2IQjp=~tPfa=;T;e(Su$y+`N36m+O*@Vm)63&OHJO0;aOL+$z_9y;#RAHi z4ye~99|&5gSf}iYRY3jY=3?#dIuUCN%tGwzt&?C!1y`KSHP0W=M&YlOu-if!Kg68j z2sr;vGR{~myz!V|zInJNGRv2U3k}n8#>PPhJJvVBh=kAJhEY|JYt!*b&dbr#v{wFL zDp`{28;5H2?p`@P4XzX+Q&$tARK}S;xq8jMbrw5m!1&P#C{?i=!Vmb#s#g(r9kCfj znonokCKa*2swEUB+zcP&&Z0~LGUr-1#|Vl15H&#!JnRXV>xr7IGeg;ubuoRijP@wS z2|h$x1?jl^+|Xw4eABGghm6pP#!G@wcLkgCrc#bmUkLsp)8f+tt`L$b z|9N57h9JYGmrc#x*+Sm8;Z~`8j7Yr(#2FY%f0{6n?T zotE<*-t$%~cojKU;3{tXdiv_VIaMyilSk#8ej&1G!Kdz<4>C2Ow(GRk^h$*ZfncoN zfOm|1@gDyf&QMq&c9KKOYdCoBs&qoKWmuh=o({5!IV}+OXqa}=EK{e}hz*UEs&SI0 z@V%g%pg4nCw75E{a&e|5HKq?j=^e7dHenHv<69~n_fjAsN12!qowKM`>HZ1*YZ#KR zV9wnxuuFHl58anAp*hQmi)kZt3(j6}@NPVDRRMqZw}uDKQ`${jGEV(;-g_$mM_mjg zP0{|0PPW*LgH~@rQO@B0);i^vmNn=YM*NyUgpDUQJPz7G;r|jSI@WZ_eK7kEOP{Oc zP(~U;vMC6-s+#Dq31`qFd@63aiX?HP0+6bAG4i=6ChANHQs7@_ZH`B z12u1ObSZIjLDTAujxM2>OKJDT@q;a4XaS=Hds;{aROHv;ji}7G1E%wK&K+3e^Eh{K zYWsz~JNUz%cZWB++k1Ezv$%`L%31|yeM#*Q-+fnw-&G4Q`uKPkT_s%hxAyMQN&9$j z_u0{2`^jPZ!QRuOz1^LYJ=nAYO?sy{BuI1f9g4f7*5&u%BaEz}XYm(oAs!1Aat~oK zkcEt%O8b(b&OU~V8NL*i#qJEXSwTdArITq~ z4o#Wivkp3phL3=b4WpSm?+mB?sIlv84Wn}K>BnW>3o`A&ej36pxAWw9-zqq>Ty8~7 z4*BTkyPGs;I*str{oRu`R)yziA8KP#jNu!z?1OkW?t8NuCNlIEqPS6R0hL&E_Xq8+ zy7uwg_S61Dphvm>teWr_l=Hd>^Aq-x0t(s|LBY!;*=kWPPcOYCUc!kOinvrpY86;H zRM65G2zCm8kpo74s&j`A#y}1qZTZ7{1KR-4a2x+{k2{x83?I`U?m0;Rohx|J=0DsE znL1rQ_u{y{|NPnUk!iypd(ZcFa|`Hii+@~q%XgL3_-W@adqBTV_MZI3J$!ihbni*~ z=O0b=>a1F_?#@>sUTuHPkiBj{-gzFR%fyH9%zGI$4^QyT!QPX?TK?-?CQdE1vA%iF z@6ZsB5U$xFu=~Lx!UMDJh?*<;=;&!!5+1mcw5Nkj>+kSj15=9+_K#qipY9y(oE&;P zICyO8YjyXEX2*NCRWD9rTaeuK@$rMh<0!Xl`@z3HdisiFPwS5MY5j1>K?CtCQ@>x2ucYG1re>s- z{o{7<4oD*03G{Ec1cFx$-dzSW;YOYJbHf(4cv@LnE@_pL2N%9-Z(<%{8cE4V?f44j z$#o}u8ICY~=M6D8z0nvKZxn{%jiRVsI}F`Lh5M=+pUL)N`^Wt!J4e5G%$Gj$&ZXY_ z&mZp`931X0BQvpz47ospEz=XUO1x#p1)k8`6_fRTOGoGQzJY6@Eg^#VGBT%W13i4- z(fPq}TzU4+AUL`Hyl?2g2AGQb<^z=dAZDUvWHS7ti#Ztfeth;w6#I&kkGC_LgUOp@ z+ictyI#>L9{k|Q#e|f77kis0cO;tGYrf}3Cy29!xLhf7Oin_BgVO|i`sxV5wogti= z_LOGvzHlB|Ctx6$ox?KTLkdo!ek{isOl)fyx6$^v{Gg=t*%pR>LyMHH0*!k?S)|Em z?+`ABu#d{x#j;YabD5$`;{1Ykj4ilbE z%vpZh**Lix>c&_>FA#qxpo52KQJ6jx z^xv7U8;&@pl103K-G0-{dXzPC1Uy?0fk{Hfsi0`PolM~{pP}xny}X<+0dkYq91);` zX8b8L3>pgDGAT?M=M|Q#8j=gdcjNo!FFQvB>$aU!n);LWdnsbWWWkD^i5^_MVS+j? zv8}FX*$@w&?LoP14^r4RsgT0=ole5f!|3ZLZfxCeL~`TgGD#LF;cp&vs8GLY;IR0) zwZ-4@9`MTj9VV!#7mM^@?j+t|z@0NGCp$-v_CR)FbzEC})Sosz^&Q{Xm!old4n&(B zs9SJ)jIXlFkABgQ-S$g3{JfgX@=OOO>aB42l<*m!9_>Bce{Oe@`mPt30xS#Qr!M=mPp=lFKi!Wj4zAZ5Y8ly~(d&(vUt4*d7k|h+cHa!j zF(i}Q;i9Wr-dMHLR^vX9`K2h=d7c<7nHj$5y?wk zJ{nGY!&!PmyCqbn;bI5;j}bw-@>^{O9NvRZJn1NVwXQcU%V z7Q>b~)PxJG;$fSaLGR*HkXsp>tKWn92-|^L*AmLcu{Tg~=EYro)FidM$RNaUrCer| z&;?Is8OUA<%KU7M}V;nFL>&TFXKk3uBnrLy9KpFB4 z;Xp1~WVE_42pJ!65oNiTu|!=knO56zV|2{0+PGhA@LTXh%XqOjjCJ?_GJ`f(^*2q_ zZQAiKQrnpSkS{@>2Y~s`DNp>*Bkc>z^8z(0H*QK(r5qA?sS>Wnm)Y%yRtW_7A_K*z%$1xZI>pRwP`IYPS5?{-lqsTZVI%=NBd zSi)8na#KZ(Q|q3Zs;JOv;a4n=r3Z(;GS&Qc86UwpO|zn;isC|*x)E*FNaHiF`YN$} zcA84MTRK}YpB!~$T}SG1zy3g*O}eYrL02Vj!5FjLBfH2l5N%4}ce>)?Ilbz2aMt!ZWtlo#x=KSfoWrH6ar=+r9iR4#GX-a5$d?l7|5zo+2WlR+yZdHU@ffIup z$l|Nm-C)Zrx(e3Vz~Wl|@$sKccF7gs(KE6H6gW_~Oso}L4%MFxVrF^D&a6YVOTz5H z?r~fRh!V&@G-8GAvZqOIXlo_@*DI>S%$zGW%9Oq`EP9E!3&h*E!OdZ}UzS?Pn@+&0aPaMJPgCA~gN=CD^M#9*OQ zqmxG$CS%{3p;iDaxJzyuM$I7m_6h=>VhY(zlmD$zXR@nFz>0;Rb{r@m8wL^DUsBNhJZo z`IF_zoaWh%NtimRO>7*l{gN^IXiIMM51|J|WuD&xtL!5uhx?&>#~ep0+Wg0_dt-w( zN(rRSUbDE>!*r=okNnF>3nnBQC%cy={qbc2L!Aw?-UWUKJJ6u2$h@H$lm6a#iHEMf zRp-^AroY-Yo6cWEC?s|r)|iEw75)$YTZtroHg-BQ3a5eUU=TP zKoMTj{^JVAZ%5`cl1fopYA3LL#h{(aI)+ z3|57!i+tvncc;mct9N?CxNqj~4{vy6*jrj)3`+|Rz+0(c5KAQ^So*N|n&DWZ3lupd z>EwMpJZ9`)oyb6uEbWQc{^i`zT$Ob)p+DUQ%kGklPui=1N)R=jiq|QkQN=#O~YA;$}N?UxKcvRX}FzR z1QC*{*t0brgCx3Pg+6&!Ntlv@4 zZEOZON{?%NnUh$Go#1>{AyCTjOxG8FrCX~Eoo0&G$i_KZ zyb8JuwfUT4DrbXG%Ft&CDYRw$A=5xszQ4)miI)HdsGq#>puSgx;3@pL!kyUuFyy~!=e@)re~h;c)izHzf@ zxx{7SyKdWpofGD=2%I1&eQf&a`BVm%pCkAW+fIPt@I27?etIW9aX0$`G4)D1s0}6H zW1JJGz_hz0+ynF3fe)6FmwFyJwzF{0&pF7lLvn^P7ohCA3Fo}jHDx__%H~cMd#K1g zq{x4~k8xL$$4ai3`GG_;A^g3geT&8Xu@}z&2Txab5n~=NA zD%}q_9M~7>uyf5YO<#DGRrawI-{&+n{!d)wX}Wldh=y)>ysdvHc$C|^6?q&Hx2hJD z@Y9i0q5=i9?v5Ov>utLBxHo=3>53365WG zlYRIZLOH!Km|=RwHS{KMZQxe+nv8Bao@n(bJ;cOMBVMw}N!-Wnt$(-;U$EDslalv!yYR?T zV^!0ltlLFGQ7%IHtNS2-30fI^kUyI3J9VdJE~abRBl{th=Tm0ff!FIb{VE9LGH~q|izwP#k%TW;Ywus{t z+H{|?zY|4k+0;UBNR6+ac?kB0^GY61%MFU+c`}+xCP;be5EEfBdebcJpHoE!{1&)f zSn6~FD+T}NQQ3*9?jAlqe!90?wGNlSjupIAjNavU=I~e|Rra4eJT!0an>VfQ6+GnB zWc$PO(J>rBJbVmY5|sBT_@i_xmG<5)|KW}Q3Y&Z?Cg%Mv%HYsO`{}{X$-~2=#|$sj zesW^(e_|p#gD!cNBa12{Z^3`7JahYS9MYtV?z$AGc`cg96zK@(jksGD8zxlQ*Ciio(S{KRETD=reqXJ^>0OhDlo6c+&TG4%)jv?HnDO>S^`#)SRxbZ@~XH z;eU7GfA`>jU&H^tf&YDby1uav|AY4%@O}f{Z@~Kvc)tPfH{ksyyx)ZPoA7=U-fzPD zO?bZv?>FK7U3h;N-rt4ycj5hAcz+k(--Y*gzpdu_x3jyaz556EOakL8b0AiH#akFH zPZt)J@!U^(>bbEC2WjeIwK{xW3Ed=HHN~Hk4>5(lagd`BaC+8JYrpjf5jP;b;o=LY z<>JGsUqzwsxrq0tGa+_ekJ4ef2|B!Uz7l&tm$*OY-7KMs1bg1EcrpyXqzD{wi>WN> zNT96G(Br1AIyVCX8j~i*XOq|3)@sp-XvEG4C?#@sNwb|jTTS2wD;bW4I9-#G&qU~ffqlSzDt)z9WLl{zF4U5A?W^seS6_Mdo}de16BsE1 zZFn`kVq$(T8mt&a=8n0rOIRS7>p~p})#jrj#-{xG++qz@#$SD9Xu|$(tH3@A!Pfg5 z`wGz4{$}!XVg8146a1&yR96!1C@f3hIUvtFzuOAhvFAqQ`TInJiU$-9CK!mWMBcWB zKSSCRuY72H3(HzhaV_mdw6{G%zwLbeJf#HRC?5(v?R{CymqbcYz*fvT-e3+|CzlN# zp@rV-#Axy&OrKfF*8Y0B+&X>t?H^A+oHpRk*2-yP?R4X`a=N)zxrFzp%P)Wjd5KR? zPdC;s;86|!9Io-Zzn%_XLY3Ca8tU$6aIXO6-l(oZpYE@XD;Jdq_0kdX_&+cV=hhrd zb_Hy|Lbkl!L+tV?OS)#~=n^^_~@L=cBvB24fqq|}9tND?+v{1k}a}T#K zOm*e`%Bg8WtJ}b5y;yJl@g@E1)W8cUDE-}r0-d*S?@{^SaUT~6pQ|>B`#H-}+t=;k zD9rIXuPmI!f`qVckzINK1VC@eK&y~!R1%v6g9}KdO$OGFs7Ix_X!4Kg!u=M=|ocsIVE7s)fE1RVJsuV zuqX(}?;0Qt3h5X%FFG$h`8B}pKuN;8Tz{Nobo|q|(@A2Rz}-wmQ^J1IVDjGZ&4_b8 zwro)Xo@t|iOuoFhwD#S@{pXMOwm>q5rlzx@B%+?$OxNSd2xe%IxeStwqr(}_CwK~M zTM8z_(@00_GQp@Ubt2{rgqU$)D2P$Cz#zlgHpsz0QGa?(<$?)$Fn2oe@DE|g!_n2M zm$pYwq-~@*95vlnN5deCIjuASJY7jz`VLGkCbvi@xM*%TH~>^-Nw-*V79T&SdZ!Bq(0ctK5G_h~jhNGe2c~NXpTjGlz>ZB3c;{Cz0oXd)8PCL z;ecVz_>{D%1M&%Y(;p?>ZDJMl$s1ei4Q%sm@!IUCu*2ntTg$iJ-@s)J{5|O+$L04W zqJy=w0+4gEPv}k2dvganjvdm~A%$#y&;q#G-P3f%uk`7N)JF z1jkoJoOTM+qyCeVNn4@4I6qNUQ{7Nb8K8O8w$i+6Wrl5ADQLp0F{Rel^n>M;#m-73E_i(tasam|R?e(llb17|HN^%_M&!e+~ zR}LkD=5$Y-Z;SSqzG+o#`cE1?epcSK(L&M2%Lv$H-r5CSlW#vlb?9U?ySR)kOcvKk zGLa9IPr6Ekaq$v4S8I1bfVh~Ve!>zOq{+37ToP_MLaY{n541_9tm5%iTfnbWwV)WV zKBBN-6l1?Zl%9v(fbl_*si+l!Kz3X%=Z&VD1aBtAr$pi#SU^#(MvV;!b}gskb<2Pa z*p0_j2_F$zViHaJ+3#;&r2FCU*~!yqCqGo#&m$h3o_ibh}=-a|?;B?D|hii1n zL4ayQ!i&6jYzS4a$xVy_pQ6TcNhX=cFnrrPWxEnZ={9WMrFhi}X5sjk$EfM~p_(sU zG!ap8Wf->bC#k{0O9GhcRzE@Uuhk!6o_V=%8J`xrouyO-Q+)!{-4fMiCvAif*2589 zD$Jcl*wxCi!8U^V%dFloq=!*RoWe<|NQAJBv zEg#@f%p03^VA_A5(XZr&K6l*yw$Y+h!^9@n5zknCwY0PX6O1Ik)t}l{QTasQSwaP&zb>|Ju1=MNa%8@8O5U_E({8Inl;yK%M#{r;N)RlQ?&`w7Ae>zW}%)xp7E z9;=pVRZ!_r>mZ&W-Cov7CS6n{auf9?HE4MG6)BkX72T0s*sRFNrs=pfw`)wT(bYTT zwRAK3=P66xpef_R4%kq%4=EYsc)%8gt%)q}E7W^eYg(uJN_eqR7-oVBsn2eK{$qFg+Z~9dfwb4keVQ z?d#r#Uy4egYde!duf!kzP*fsn$BxSs&>Ruz2+@{2-$v(p%j1GG8A5<_%J4urp{MAz zVzSwpi~hE*Gs;f2bUvUAH7n$=x(5Hl=HAlb@{1_r=gk?7=!hg(&ax zK+KmO4;-EcR%pWZ=Wd`%b1E89)k+AL)e1l8u1n$ORnn?cw69rJX5 zH)t~wKu{r8)Ev<=ZyUMu@?ThEZ*heLpNj)K!;ttgoZ&^bHk5R zemD(L$Acv;Ab91JELdxr%&51rPD@L6Z(G^Ub=kt9;?0W|I`+J5NqL$Eka9B*ixRWM zyU(zRqj(PE&fIopl)bda^Nu-0-$G3@fD?zLn6LT7bSKx%$!sV)rUtA)8y;cureJ?8 zPLHL}Wfa+%xind7_eYx}z1<3FsixYtrL~RHeOXv?!E<-pRZzpd-9`BuQ8;hOL6M;A zcCQ-|&~QEVFH-$1`GQBjbz=OPasE+~OyV zNVLqa2f6p!55VDSQslFrwxe1k{VA232%b=Zh$?h}|uZr6(P+Yl!`7uZ@8vi-F_jxDys(<@I_;qd?hhH`x3LkvYL(|96 zr3p%(R&P+Is6HRh0%{*ZO|UAM)j~--e~uY0FkCHa6k-Dcj#SZ6)Lup|Af&zI$Xx>F z=%!Q5Sle1)dUGFLWS$EuA(?P9ci(zPH;HsQPYf8ebvWU03l`aF92j;-8HOYu()nzP z$%HCP1$T4YaGhgc$SRo{!T?rqaLyw|V6y3XLRNvGhiI~Iipd`O7n<-%cUd?xt8k~S z!@o+3vaqK`MW8D!3x&esPSh%_!OFd+Xj>bk|I4Xg=hal_miO_Krm_LSMh%sTj-4-f z$?Sr+lk+P{J9c`B8N)ytkPf8Xrt`QF7k=f#>|Km|PCNEI9t&K=&m-Ly&8Fx^D@%HL z`cJvLb9S?@5v7XuK}iJ^JesUUYGUd1 zho;^jfNBuX5N0v=SqiN}wDoakpi|Sb6 zYcA`}8vw;7x3p$C-u6-D=6#eR45+d0I9hqO0tt9EF{_-Z{xv zb(nSh7SA!O@u~f2_Y~PI&|mg|Mpz{uQpZY*T+-|JIVkXwwko^gXh#UajMub2O8pHxBNk&RWubAPMs^N6q^ldku`CV}37VC*CUo9|PmXpu^O2fZk z`yF?w+B+W}4~p*EoU!m0YkiiEGJmn<@nzC`JyZFe?#Il5G;n?=oBM+^fSO%Ah69`i z^&(zQGLy|ZmyJ2rXW4GI{8GsmiY5<8Tj_^k34uWAn9nC^>iz6al8e#synk({st1Jq z!gck*i0*PF9?++b>CRHlH;R2ljUqn9g8`Jk^--Oi0Kv;fUE2#b0dKTktZ!_-w0${} zQZP4o(|OC#lfY$R^N-mH-eaY58hlHLxNKk%p1+b=XLPr<`Q~fwEByZY%{Okwc2Pvg zA|Lm5yEDBWryn&ruutCHYi-W1?0&{4_WPK4<_ZR{zYk%6&z|f*_j;tkD!?SBlWE4Q zD09^rP4F5(@Oxk<7>pl1St&oWo4i}}nF)aN6~S8VNx_+pkMyT**TUTjU*?MrLl97S zYmRw<#I*8u4MstO;4xSxsQ8vEp>k@rC%&A1loce$UMML(zolZ;9m%wX%W7zMVcoQE zFm~=G<)5>R3mNf~Ym7AkUS;>IuWTEgK4Ktd3|IxHXL!-qAQZ{JjqYpY%LLC|q{jm~ zjQm|}y-BE~Bwq(#7I$LuD4fEClcep2n)csQ&G*foa3}AZP5G-4&U0ST!_&PGv%eUt zPm5!fWn~KlT^z`9c;9@@f4y)1S^pSEe?Xxo|J6kEKd_tJ(EFx+e~ue`Fn-_E|Kk7N z+K2eBU$en@d*%0^65(0PBNA>>1DlX-nA?zJ6X);?1CSbeZF@}e9`b&Hk~W5;=6M1l zvxFbuw8Bq68lkkFtMVDxOzYPaGo37$Q&xe?r1Ki%t}v2GB2qbimAsQg_Un4N>9{_w zq8w5i;-y(t(5|f!V?%NVB6bc{SmdbcRC?Auz3z>jj8(mh;RwHrZPFxE^OXq9oB)&J z8Lz9YlxxM4uL6u8B7!arH*5_*7zkIJhf(R!R#wuqvx89``B_$2tX^Ccf0PtF(n4?NmMTzx)SE|jU;W{<0I`bT zGs^$lp7O`*%C_`GanUQYNAY-cMhzFLA=YBRG^@tn>pIpKwtlI5$ZCc)h+&A#TVKoRjEg+d_UP#CrL&hf6%+=A%5;NOa+NVd1wE5*;IRM0!C1I!DHph zb+I5cF_ughi2}=RD9>SMQH>xXt^Av8R#o2yYT$~(QwmG}+*vIo5%4@95*%P!avUiv zZ;2cedgoAV|Kag{1OM7yg_cJga*tc5MhMpE8VaWm-`BK`2c%FOHd1JqB7SCm?8l7; z$+?x;i6iW3Zmvu`QKj?b&wIaQ-uwS`=KZSwX;Xi@`Y}8D4_dhAp1FP@k>t5GpmTBl zSyp&=H!7|k4rOv?bC6xMIa%{4J2#zJM-X(--%?eo244%{nmSD}gxQNp z!nP>x%sG6m^BOqr(Uj~QD}=8MkBog(QuPP&pNsy10w98Ay8Bq@ZJ%C_rY0yucz|8JCyJ7 zkiEw<_8yK3R9$&*^)s^V-`idPzBz{fzj*I9-+OQGy>C8TdH(|zALA$7vUx2Y!ix*| zA1%y#U6=O-%knaCU2Wq5PisJ~Kmv)iF}%;E9crsz@s?d{vQ9@-1N za%4_|q}Yoq00gPlqJh-rc&vSjM?&n6+Wa^1+W^t)-)Q4Byx2mIeaJhO=H^yi1Ykxi z>LoEDdQ_pe!jNeLsBn`|BI{UbAvxNf90`K`s-aWp;%U%#`rdpLK*lcd_g?Ova z4>xl~O5@E6ij>5!%=O~9G2%?(a&8slFh9g$euTrkar+_hw-3mngFiRs>=t3qpEK%g zp?EWmlM1bfUKGnGhL`2M9mAjs*#x(ZExTO|{f*IOH${;b1ethY;=#o&f0vrpO8i^ZAg$V&sw;#pWUlIN2`&AcGwIM&SVKj)u!t8g=} zaEo}eqRGtl=+-lYWANCA#iGqX#Wzvoo9J;-$XOvREsr@X-K51u7d?u% zUy6B-o(o2tIiJsf7lLw@7aA&zQ0oSth=4tzwANt|LrOdk~*j6&XOX9*`&@2D0Sh!Yaknw`!JcOR#c5b1=1 zk|^D!0tENqFxcDAfj%PAqg-|DRKOqOzc~~)DCbMqa^1AicClTPU*Y`I{8|{*HY{H_ zsdp@Nq~|qm&}o9rxM5v?CFn(fhrX+?EiSQbMy-(dy~FI zERyUS<&xa?X)}{k$Sny2-?;7`eG zcuKmCpmlHReJ@CKxFrn$mGz*%#Vbdw4b^I+jGSGMW*h{l+ChvdbD*i!2yodlOr&K; zi_JC@0av0wBJ?=bGI<5h{^pfRyf=P*?=dD3Mg%%!&8|^mz2MX@j3G|1par1|7}?0S^fl(6#1G54yn?^Si)S|-PsuV%Pc@o#K2cS=0+MK*BhUThtpte z!D>EAw-_?guM+`uDqY3zZc8XGE?Y=dY0l|h#X%VEw^J;~5iqs!2$MaJGY^CkeY=sn zaDMRK+!J+<<{oEOK4=@U4U1p>Wk1~`m^J;uXy=%P$0Eb?4~GmN&Q*qe<{szg&D}i4 zujJmiYlY4xrj?*GNrgSy%|foWuH}$E(o#+^Mlqu`QL;~WG^YzQm^#9XK<2H}JV2hE zz*Z@@C>>LJL%QJJRI*;6aYC24i&>Kx=Qi>wIui+Tc)ENOj~BYe6aTv_~_#=tJY>yea_$%aKP-0qR#s{kWvs% zr2)RUBeGmA1pFwNXm{x5ZA7^0`;ujdT=B0^-K{+bHdopRiD$<9$8Me+y}M)f$-AEv z=e`dw`A^69j9znj1sw4}OO8UH`Q$Ugubih}^2wnfpUSZFLV@5 zxu<`}=b&sq$~{0@%Hr*3cdJ#*QUEzQMp_y(=d@RxW0N=YZo1L$1$XUisF^!7G(byN zmOfi#)0%M=6*OIKrm z?7jx5xFzs(cSVsYH?9x+++mlxy$SA-yc|HMD|}ESV`6<%q#qOQp8qJ?aJTQkEj}Z2 zNj{VE8CE&kk9u_4mTISOi4{Y@{u<_#<8T(!0`9SuxEhRwMIo(WLN9xTh={T6K1d)C zxKK6st=Nfzps;a~?LpEv*dts@S2w^>Cc?Mn!;uEGknAs3tyo5yE5kYcUtpe$-GUD!; zF-8@FnrMpb0}FO3vc&6^n^P2cS8q(ac)>hRt8u)ZM(3q7?thuW`lc)iz_^b_Wvgir~Zl8_*iyh(a} z^el{z+(^n6a{$)6Zt4&!D4(|mZk%>o)%Mp zTXQ$J=WlM$;Y6uI<}A(UUm2gw=5KmZ#5duDuJ}kI|JnJ(n`ZF84Rd&~((r{-r#@U# z?cpNRL32SWGbdhgdB$u3pApqiiaOHY7vWq)Nq%lT zo#DLc+0wSHR_P3{xJ3{=>jlyk7Cl;iX>K=Je_ZN3mEY z^e?xnrLY2@I(Ik267m)K7_$s#Gg0bFK)zTfGG?M?!``p6zy+dpGg`JE^*K-KrLSEsTO2cmRhI_MaLmzkXxbFjxMJonDT*e1Q&6^9Ttlw9>#Etb|5pt8$l9}4x zqocj2&}u|Xu`kvFUCBTK?z1|2C)|QI-<)i^r`wB7nJkdF1JSJ!hk}< zi47FVCB&3aDKC1ctBTO8-$l1Jhjrfu zj8IiD4U-<;(_UMvgvd>l9ExH$IOQk3WJIOlEn(78Du`)17*E(ii&oc*!c8O!w?J#m zHdtUh;iy+#-T;u*MpfJzRrn)J(^G3XakGOrd5yQC2ZkiF*h>~#6XUrp^L z@Q-V!8-CZ;E*LwT07=TeO3Lx_J~<1HvgQi`S2BxU{?TfnQeC-?Vyd*!YO!G+sZ^{g z(uvMHlej7V(wkU+R=+g<+;4nIlf1Y?k6FN_M@zmdwWL}rYu*5R-+b^ko86a82B>05 zxRsQMs|nF4s2SW_wp@i1C*H&xNHik}L$pJEfzxw%@Og+F0}+IeGEFOF9O!-CY7^Xg zH-@;=x+=ZnKzF`60{-d_qSpmiMSft{lt(z}QcMR%qKNLNF!{Qxj2V2y&LiQH{*dx@ z@$GHvtnI+q_$j&YH%VYPS;O6o-gW^QI3+=*q z;(^+V8CVEr06IawnXAHU=Zmk_?A;v_D(zEf!n6^T3!8D-A}Ve5!&@Mt7F1|%ilf_6 z0U~?134FcD8O-E~o2FJ#T3pm!`9Sfm+VZJZFd@t^#_KsptO|id%7iN#hUXNK6Rz;9 zs|(0k+JGl+6-ikJ9U+oF(AVgVW@r~Xt;E_mg=B`hoU{J4+plLz^Q3AzQIoD!aE=CN zhT;f^7XR7$3XU&ZkuWE5!OT9c!iK@H(2Gkf zH0WJi!l6%WqWgHZ!PjQqr3QHe?)^NB%lWPO!R1IFu~= zG&N3n^@T{!4xX7w$(p5rF8cS}Uz)W75*bfzBxEDC!_+jCYlqy9ij`VqeV%>7|73?x`ibFgh_?qf40ZLc~A?sZxLx~VEl z^PD;tyow#*!yF}J{!|5ba^UfL3noy*mgE8&B-dV#7P!8Bi=LOUi7rX;{L?fe95rNd zylM1L_nHq54pit^@iHyAGz*f*so@lx2Mmixx|;&)gj#4K0}jj^;!e0`RAY}kyu(r_ z(O@`*OZ)_R1PnJ?HR+Jd#aCoIK;#;)6-gRt(QA4G;vKxtCb_O;`We^G@<@UCRyq2f zSrN8-@-0IHK0}MCr1EJntKmDi(y=(Z#*nJ1TC$=ZQCnn3tp&Q@mTTo_ybTBtv#c-h ziF!skq3V)|#-hqeh$w#r2QM38Je!O$rc^a-><79`=eD5}D}8qDFn8vrS3cCrdEpKn z0~w0e8qN+)a1_x?=1%5Lct#=XHCIJW^Y*Dnl1?1~C_=u>tJI6W=_|b#sh^jW zd4~R+rel)zvuPL|RH)8Cwu3YteiMq2&j2cCDXszm^UFr-Ut2B{PZ(09maAV#j!xbC z0v0rHS1%uPez^Q>Yc2QkyE{soeDlh0bX+F{e(0mRT%B2E#j63E@>aGRLVj^-%GzovQ zYX4d|s~_*1;XbaSW6V$z%7QCCnye*~`NDC-k@uUH{xtvi8x`t)SWc`}FAB!Fg=)Px z7GfdYx?rKX?Ode7vL1@tL?sYaAfy`$P|V=QiVmv9L4Kz??oyq#cd8>bcez?T(sTPQ zlo_Nxgu!E8IG5dczFMF2hur`!=9ChobqkanIk%V4Gxt`Gxk_}f@%F^ekIb7)l6P;- zHT$~C##JcWY&uOpmCcRCa6NwA8wYS|7P&{bF-{PS*|HL#L6mw7quZ<~?bIBRlWGZ6 zSeU($#!=#>DkoF#?AWcjw1wQ%#Vy!m?8VNR1s-p=7!q?%^M_=4iQ+L8G?5!qt_jN+ zFE*% z{;)2&AsRX0hKD`cE%d?*p`d)@PabxvCzxy($HbS-B14{LN*2feZ+%}7~1k=W$ z3~cWCg7^`7C+Ti2qm6PSKcm?zhII+TgQF@ED;%r-qwmGFv=Bv}`!nmsn)^0e*Hr#! z1%7dnXjSN~%MS00p#*U^Z}Q_$-=>`zx!xD~@RQk;Udj;i?DwY!3Y2_A_pA2-)h-l8 z4QPc@9YB;>BWG_yoo`CQBmpLP_Wr3*PsQa8Bu1on!m?l zj|eVP)e3VQBMJjm#RA;LOy@e%s*MFlcQ5!~Z!m5a>!?~uCCUP#v=)KOfHz_cb20!( zvYQTrC8M@t$XU1|*qIQNS^CrjGOVB=TO|P&u)t?%jH`NfH~u~{-DDeKO9UC->e6z( z8Z^RJYs!m(80`5qs+xNGwl_7kKh^W8czARIBXslVxSSo?{W+sjoNe^E39X;(FSp2W z<`cStamla-ff7T%>*5N?%8b0Zgzu5pB<%M9m4kdBg7HU=g>KSF%3PE_S7M-wh=ow; zgn4V$Kcj*#$9N@O1X>bJ&$fHUF&*-2+mdPalJ7cZU5K0Yh3PPkx_V6y25Gm4yW_o| z1F8|5<3ysc%`lJRP%E$xf!Rh~d>vUuIio2?uOJH6>D$v8-T6fwXu)ybsaLmv!g zh%*QEvo^~nYiGUT8iiUm58$%tcFm?2^lRQj=_OO+7~w7R;;&mU`m-4ZMpe!C#lgXm znB&VFU*v?G;(%GwXnXv1B9pNy4$vVVkA{Gy8=d#Da}uK~fAL3m*r#ri76b7_!J-zU zsT#L)qNZ9>i@Rf6UPetytxmEF|mL(v{&vyb>SbsDkq4&Hu z$vn5?4&}2DPigi!aL#noQOg6wlkl{R3`W3Rwtf4zk14C3z|?g+rW zRXqh+zZ&svVcsHtSoci<~6cGgfaAZJH(AFMO)) zMp-J;dH9<|>y*c2*?98XG02~VKPD%9>a=DFBQb^2q@kBHh%o(hi;*Vm3ALV4x4BVn zb)QIbOT1Jfhy7T+apSFGo6@VrccABQ1hn$jG&mqRW!uNmoM;ctSDuw_q`WrdHUn|) z|Ha993opySc6XjHkPEE{nS&cjM;BH3(z|mLI;#AvB8BC5z5TjsE@o+lxa@UcX3tSf z_T2kQH^(P39}7%s#F2*lN63AAB=0dN6g0PGayRYA-Btw-clL@Xf#E2+D~g+02+8C3 zy0IJ-$YN+Ncg#;Id-Eq*HX8`e28y|(a}!ZTi~)?P8n+=98jpLTm;p95GMEO!@4`;! z445w5K#YbgZrX^5AmOsllYKEy!x2tb6hB)M(mKbHQ^n(3I&s=+H#l(SzA78vh-PEq z&&Kr%zZ>p|ISvv2)_78&3kX;Ob;kIj)Egsqoj}qwWwb6rSYfL=3HpW9M7g zRGlCpsz^Y!=)cZr;zc?Z#A%8BMZ)n-K~Le6&Bp?Us2FL$v?KobV0i zprB!zX4+R24~A7WcAP+3U;yH$YXhwkGB2Zbxs{VxNKbdsADw}e%jMhS-q_QSh_23c z;HS|Q=A&BW6}_SX(IV5RdgpGQU}R*%pN`ZRC0z=U;m~Lz(O@<$E5+)VW zyB%SIJzq4+rWeNW#D2_+qfdEyzLEea*>hqf;CCJ|Q7rGdyDS$b#Sa$1JugW0qC3uJ zdzq8xWiEh==5150$y@*z`iM2?iDpHfGjvM`+){wt5}A!Y4Yx&5TLSb6HsM%1r*C@1 zQ^=<4zd8`e;mAcX72#VKnL5RG&*O)>Se-Kokxv!3<{@LgB2++NE1D_7Fa9-r%kbT` zwbPBYab5co&EC+idEoBv&m-eBdih5SlN7oBBAJngHeXTX#lv&z;7X)wobt!ESW?~< zqaU7O zd@NEFd@{`MUG&eKetvT==;OmrG;3MV=8U8~9H&D9CAvLo#i$&|DtfqS%2&^uBqW=Ny>VLRDme{&QXv1zJfJSHr`( zU9H8Z)#1aIf8k@HVr?#1`$tX+$urft^s%KFMIMYnVG3Ez;>~F}JccV;d_U2wa$57^ zrfCPx&vu&+=Pye2^!~kh$HI&YNR0)qg~C#!N>1hx;W;nJ#bC#^yr6fBlrsfVVqxwX zJ-hk-K$kzRjssP&LN6&}V4C15O%uK~C9F3y_5mzPP3lRec}~Y( z(L2Hlpr_T-8Wv?gbv$Kda;a8vi(_-eKTW&I(1Jlu#r#9j%Y@-ac`rF3=BlS;SH%XY zQ87>EFv+IZfgCa#0UJiT{-o3CAyOnqK?V(+O-8TNp*VTpv115?V_zgjz?|e_kc2(9 zHw*^`!mM4J^Yn`JiG6(KP`$?FEZ#}CZUO*xK#IS5nAaD(|40>-4}iHt{*wyP$=HNR zHX3e`=ALnlS-np>b5wy&QXd10H1!>{@1eAkzC{&uZ|bI(IRC^c!$+R68CP(?6~tta z5=b(B!)yBNI>f0``n@V?L4ZDFuxe-m5TTjzt_C1Z^~OF@)~Lgg86AqNf*RO2iOQU$ z3}$G|F0`La828T0@qk+MOTyt|;TEMDogFrZqe7bVp(h@ymfL9XHSJSOk+;~+j-!Ef z4pU2@QPV7sgY9oEs*S+hgf=TfZpIcIOu~rCtVG=lXP5AR@FNI`LwZEsdwlI# zT!{IVIx@-n${@h<}#<)kC>0ai_?jIO}t50-k#s-y?H%HQM#Y|pK zNmB~8vCtvqley%B@6Un8R+p?Bn^q2fu}Cz%q2{R%wfzNfXyPeb1ev5<@0$l1xgoyp z77fG`KzA5kTNrJn6;Flxku3sm9UoM&G!^d2x7KGjB&*_Gr zCKn9J406glD}Fj{MthX`npN2Ov$uf?k&3>m!8enyuptD&pVbqmQ5Vp3vTa9P578g?mZZN02yQqVM zNq|2Z{~c$t;LQiO;SUnRJxa%0a*wLv*f2X0 z0|ZsT(j@;~@fLXjFWWLZtG2Ib2-_i)X~m~~`FxZ3bky%s&dEX)QEJ2kTL@Bk2^M{p z_RsC4$4ORM+$_zsTFsH?NI_F|2YKZb&I?74oyye}f2?08&XSB*6q8@{MR!~{d?5C; zV>_qlqv9{n%Q>UTwf1&yb4Ryn3V7S|QCUmkUDL!eYxdW0HaJTsxA}-Pfx(TA6ucfx#K%9WrANtCXSYASA0=n+W)*H3mH?;+-P%ReX5C4m^O zDDQD*4@Vhnx2typboUa6wUZl2JAFH)(Dus-{6%53$Zx5_StH*=#DU6^J#W}6-{P)u zi-fEiX3;>O8v-FFS-?TtbHD2#s3EdZdVxM{DEZYjaa?>|6Fv^!DeRFPcsQydv`Ty? z7ofdjbL={%&|W9rjFwENF>@zWkpkvTsng<@O{&etvS^>Qt+H;Rs;Q7Nh9Q!$)AOq4 z+jxSOrb=OltMVl$E(K$FwTL8YLg!)<&5;e?;vTyBQ76pLfL-H#yBamAU7@d+K-PrX zNG2IZyXz~WEBOc&xn%LAXbQvJ9c!>ijz)&_+4G2{hdV-dls+a<5w8myaO*c zkE#8C(=vx`Gt8Mkotw3F{xKNGdV;E zIo&pkZ%saQrsRo~m_>lYu%Q%sewmq*(w97nA zCW5=IZpqm3$$*1sG$$#{IhkI1=WzS)KRmu~;9m#|?42E&7qgE4huJR)kq1lFv}Q1@ zZ=(VEw;imG86-nQoI*p@l(cXo6V9zOP3uvPC!$NKpn=g!%o(QWL4_qYH%TvXC&K}$XeJ|?oHqA~ zX!+e6;C3nxt=fIJoWFT{CGkr z%Vq2b&s7v_T>*f!VRhD~?&ws?VI=$lZ3eiuGjkO9c|!xxM%ZUwKx}NT zt=^>fmWxxPm#UqIrh(ih-7f59igCmZ4g187T4t5oZcnersc7l$D6l;qUT?^sk1OQ;lJfm|xv}c67A&~j2S-rI}g`_{ouE&rg?#X%D#)Gs(e@BYZnyDG+~pXfB9jDCvXX*a;m)j z{22xz2{?C?erJY>jRIcFYG&XdGYe4hfcE(BDc)JzmXV0BJi3lZy|N@&v+C{-e98gd zUTpWY(NsEY?Sq9HvNx#xs_>CrNmNJ~q5_n(GAfGDxPWX}h7fPFV))7o@trN*+eJj-Ej7ht@`S6Hgasjhl z5DpLw;O{zD`7aklQ_Sz*-*JM=O;k+EfEajeTEjmX(r$Pj?Bnn>1T6uN+W7k)K>8$d zS?0Y78Nev^FUO4KvkjJZGEOmDR8G$@hm4fMmCh9rj5h?gGej@CZQuE(`P@Fz(%D5X zVgTJ%tHq^tdhN_Q?Q4&50Vp@0UPqaANJ&Jn#BJM8iIlT5;b=784i@U_65Xz8Mb<&k zCU-$7RCNvz{@hyD2__edX;2Y-yp%)t>yt-X(+CPL_ok%U0@Fg@-Eyyk(4ITyM|Ke< z;hn%TR}I%>K14iZP^dTcR=wqKdn@qdw|Z`ulfc*Tx7)hji2ngQcZ)Y`YdzYdWYBW(^6H|Bn)%Ue60=^dSRL*duj-ba^YyA- zdJybyackIWS!eW7)vOBPqi-qEnFvezEJK}m-GJPEsf;)r)m4-AP)Vsaz$?l)J(Nre zPAv@o|KRZ0{7dUDY3DS@LTk~(aMM|6Iyym}_hg?El)PK&3PMT0PuLET;#DBX1vNkI zu8Q6bJx^?!;KYc|w-u!ibgJpR{@C5aDrn5PB0Wh$oI5%71(~vl=dP~9#-w8}z`_KP z+?^2`!ml&T)p6lGgxOf2KAae=N{*OF6EMSsIx+j=PF{iI-mbUSi*zp$FG3bi8C<}I z_!5@Sc6fVQzF_mz*d)`zVzDJokmKbIo?fwUplFQQtNe1_HJY#-^1S*9nlyE9>K9?)AMk7Z_3P`E9LL>CTMxt zAOe>LOy1iY%`ytzREH!Nl8aH!G6Q1@Guxw>=Vn?~)dTJ(KVL#AwDG+z9oUiwB@_JV zZ9F%nqmA+Ak|lG&J|L7cl7wf#GLwt3!J7u*0bsc0%&h- z-){TG4YvHi_lgbOH;AIbTFtD_}DaQfi;F*WXB%S; zpKd-m(4fQW+Npk|w${CmZ1(1eiaj~lJbwDBU^e&qy+Ln?dQp-eQcTT25h8xvoD^n< zQ$#>T*M3O{W<%tp&{7<(=65@CsMT&~UrM~|m*&fh>MPrnh8Ef;TmXevwRuohIq;$N z8wr5c7HEt`jDj=!Hgp5Ac|x%^P@V|;aYQ~$;!QS#?mI?DKOmqQ93UnafRvz3O!ghZQ* zra5GmEa^;VXZy2m%HI^>dX{N;Cq7-n zf3+vMFKY4{n`EXl`ufc`?gP6R*PBIteC>7zl>oW6Ft<%>6O-HcDQonH=B3f!HouMg znAn-n(=nY)GaipDpXyoZMi6@*@amk*%dKaq3$QWX9f2;T^%ZnoHg4(OgflZtJ0Orb zK+^dqjynI_f;J6X=H5$1_M#*3fk%I3p%9-lWz% zOhVlDc&6H7Q*L+@K%SBr?4K;-fOZNr5MN-*eZ~-`z-pn#XSa7jIPtxyxDuj>0OC2Y z1=lc(DM&}0i8iA&jf61IANBE7H3+*W!}J~4_0ZusvBukLn^n+3{GPakSS9P?V*$9V z)VMs|YdDVblP`@fUkaq>=uWQNli3jY%G%LmWNglH>RKJX#i!AQq=j3dq6UMTybnM-<~Fc zPmE8;O}E!2*c`;kQ5<-k-Cmay9%Pud14%%>Rl5{V)U%}jMy!k?7MZLE zVi1}Lx0LZkwDc6OwyDF=M}kQ%z9Clr?@dSNUm8odxHEb_IV-;`mh$ZPN6_wtsCS-z zFGRsT8g8k$rQ;Tvu$-3PnwozaJztQb7t{35Le&?VRgbcl(e{A4e`fmrccbus2O9tR zaz+%j_-S;WdJUwrsAXcO3y6J4=Wz}ep!FdVsNFq9JIC&t{Eqno$hF-JM3ru{NhgET`B&HLKqqsO4q;YFD^$O08g(4#* z#+m2prp4$pApT%hhU>U3Jb!rOBz+W<`P1UGEp3UpjRjP3PGCtYolesUP5NiPSy>~3 zB~TR#^y8w}Vf{^xV1)v>C0oY0nru|uRx(u>T#W>)wqY36wfaf{p^|op*Ik4N<&_ak zsJ^q4mRzq|$66zA2zM`1J>B~5yYb$`JI{_rufFnS^ag>>1@dbKY$69uswet@z3voXS*rm8b!Cfr9$-LgkoAGFh zN}fb~U0(HJ@ARy37z@5=HD9inO=q@O2BQ`==H2BV-KtV|wCPeCZ9So3lL5x~9rJKR zt})r@oar!X+T50euQ&S#2pI3$toq*$GmV?(_ogtv_>%9P5F=_+#4Ra&NNonU1v;Wk z6>F5-x=e~*u$*nntC(U&^DJX1Pl_F0#Uay~hO51E-RTQ+#0;BO19))S!2BR z)PDQ@i@!n}wfFDquc}@HobP4HN&ykPJ?%aQ;`4}3XV5i>Da*~A7Vbo$RU7NS>J#>> z2`HgD)D+|qSXzv@Wce8nws5v z#Wu^ln|?3KU-j8I`OnJ3e@^Z_&$sUrKi-i*;WU^_n-Z1qM%YVwnoLl&U-d8A-`vjk zZVzvzuGmYSsW_2?Az}d!;nP6&Fk$NiS7=gqm5!H znKpSH?MKiCL+;MH9|kCwr0A9vHOVNdiPwb|WBt(snya+Cr8Go&-SRZ+9_(-zJJ3Av zp)hWed2@VW5ppNA{Rsavy_^vEtR$VmHd@LzlgN$C0MPs4ZCU4_@;|xf|F+!o=VLVI z^KxZ;+$|WmJO_d3$th)WL^9T7s>TczwB&9;Bl<}HrmebZaSg(xgtsi;uynoJyc(oj zl3TXmm=s^Mw>b5h$2r&z49@P~yZ^j(|9R_v@~uld*2w<-hh4luFaBHHy)-rNEg;N$ z=~>`Y!nnV&m#_!f>LeQU6soPQ!Tk(>zBo8~`QoqU<;vO`WncO9i!C%Aiu+rE0#Qb3ALZQ3jZs-jju6n1&iuqMrPp!wKa1qtmx?i;+NINO2C z6(2d0xu$n$dv^K>8ztv9&lw)%TF@qQw?r{+5&!MQA%|{b>R45CE@RFEtLA&2S@*Q< zn(wEk0ITjnB~F94m`f-jSy-P?aV94sw(IH31@ENDJ=8nJK~|-bgKO3b97oL>AKe0s z8a>6{ycdMf%}LkZ7=U~PU&KYfkMGWK0q46L} z4bG8Nx$Nd2pAkIYl*{Q~*y;Xb9F6Yd$O4R_OWqId?y1Xn-{HN;SkJEtiUdtH8S z2OKd&93nrAJI}3Te%m{qIM*cJ`k${s|s7DV8#7M@LyuF+9v z;^v5%Cq&R>-Y(_+!W(^Q&K_SX+uqg?GiPsm*_C@=G4$H~#f@AkEPPckK8U?`>Fpa=Kn6rcf)2m+UK`2_S#Mxsk6W~(e-sZNx zRn9}s@K&5har^I?Y|-T`oF_8evdKco@;j6s)SlKL(Y3hJ!_6O! z2*5!*8U-%mVc_Dxh*-)Ichr;%Jbi>Kpg{-X^WVbKk`_`JVfuH;9< zG{+C-Osn;~6))PtIEuJa=H^dUOG7LIwur0*1dnn$XUCjYBR4m@(UB?=j!n!;!R`(M zac4s;-iBiwZ9j=09;cH*6v(dL$+=+mf@FX}^(dGn8g69rz`H?OrTDB5`E`kvdTM;p;t=pt_@|cqnulyhW zR^E7)_!V_=RG0`!3e@x~Ebj$35_3;JaE0`T>&hgOsWuW^U86Xk!lemb2zs4)5Fr*a zO3E?q8ot)F?6^vZ2#5?6NPAtIJBX3Xt~oNa*HIWBvYz!ij4bBEN-cm(lLMmRHmlEF z9oXE@O$1j3van)ggzFRLZi`5b1nt948Y8@xH_dUdO=n!tR%uF`8I)0x(sJ*(;&NlrKx@NFb zstbE3k*#1CMQdTXmw2y<^8{t?j@z)huMc5_frZt4%Hy3o%!nFBTcq4jQ`jX34^*(% z3$`=u&^PJi3{&Y;1&WU_3aJWr8VPFM9^`(axkeT|`Eu}!L&6J}0XJB@K(y=lbwTo{ z`oGs5Lj)x^h$F%(J}(p|fN~Dhnna0Hdl|SThj5w%vvN2f9Jw}51zm6Q-b+?5NdQO( zhSCaDv`Neapp&)89Pbk*M6cyO@b5Jcl1bF3=jgY~-eCXES(Q1-6u%szKlOW4^lE?( zSJ2Yc-AyR*?;`F@kpZA_ws{;ba0xGT_!!>iIEANG=Wf;qf>Nak<%jTFq)zzDNt#B} ztCxIgII@NE$;aajo~vGEmnls3t=Tu=>s3jFH%Q*%RJG}m^R3eJ5EW?lQ`6kI&nK7U z22bSnVfb*!rk=j-0eAN&*knuD>mJ%w#>Jj%HiNF(%|H`TI6#Vb#99~^CLMCBI;C{O#0WWjCXX^LtZ*4Pg>A39svorBSXW( z=*PtLDH{$&dR*f5NK_nqO-_oj%EL*m1tfhAx98ScE`0dmq*^ci#N)pdR>-$pFR-S49_ax6p>AfGycD!~9*e(K&`v?wB7sEbn~!VU zRVP<{kJFp~4o*%m9mT61PDs%(d{y;{<*&I=X8B$^IG8h#J*nU)>|(@B&qneCZMIef zvIkM#&1JaAyp>#-2RkP_`r#^fNEG^I%$KxoouJXEtk8x15yCf}b365{u0$nMuT%lH zhU41hNa@Q2W4v1AmVwTC4q696iKixRpe7{;Z-^C0p9QFB2 zvA7I;LqoR_zCnU4ANKi8n+FD2a4c}7@fqgiw4PfgYhx(1zdUY3EsZ|buy1VitNRwm zys^}G;tVSmq(|gS#F`Pkx-kj$I#wW%QIV_55ik&HDRTxOtC$X0TTOLE=zdw7uimIE zNrS2oid7Ko<>f)@+jItGXH?}CrJK#vQyHk&;e*31an-{NWrN;t;z9!@DYdCKjf{gd zEwxKVxLuopCFf~$4SH`1 z*Df$-6&60N7U^EqS;aGEiHe+1b`$c=nT=JGH5pb^RnFxt)PtMII+NZQZZ$D0Yxox|%Z&8Za-^wQ zdvU0nC)|-1*VW5DK41|P5o^xvJz8?tpi__FZwgc@HsarAs7@D$P=>rwxX!}%)NvI0 zivok!Qwoj|$j~gC4N^bc3!OT<`9IY&DL zOL9P?IKxQWfn=v|JHX6Hq9wte(;fsGZl9ZS>gwMk zkd;@Nu-+Ow7j!OFTa+89?zP2DP7|nGtoVEL*@AZwk!~XC!AI2hcg4O5ADd&>DCeQjm z*Y}@1eRg7&>rQ@h`urkQpXz}E6-uGTFMw|=SNfqAA^5WA89_aSdp<65qk^-vXMO>l z&Eh`;{$W^Vvbq2Q*0H#I1N;^xQywZqQ9M z@@+|ffWZ^W8mZv=FEacs?S3`8N`8+qGBl%E z=6@j}pmX+`UBCIQ6~c_Mhj}(T%P_)cI4#@o9LeKAqCB4m3`wVu z7fu9M)JwaHup9LLuaK_Y_wmC;v>Mv*_87SJYK4 z-Vh*M+_Z6A6ZsufwsX9Mhst2=SgIk-(+qv2Juz@9GH z#xZciO&4iC5>qy(WdX!ht8MfAqJEp+PXW^Z*^yypXL&aCQ7xC6N@H&Z?Cb0O_Z^heBmxUcb(Iz>c$DqS97OpbX;pXwqgKg}6C5 zr=hBaKNZRw*9g_t#(CWos%6ECLORi(wo$pdUHemodp@{<7IPN;tlkf$$KlgFAcAWxn4KTJH##cDshP@pMuZm7U5_b zvl|86S$MBmO9mHcRXi!mcO=Ydfdk!oK=T&St^d7^?mP!~%pS85ezdQ~DqBW~qNkAv z0PDcfQ(V^>d9-sBxUV)QZAgtnH``%LA&?fa#C}Fw?0gGrD6|wBQ1j3+pU;eXgKe~^ zcd_MjzL%n&`@q?*SXkkN=pNf`(}mY;WQscLibUW<0sYRY^E@D6zu~o&>qFkN8J&zPAegGfyh9OmV4Ta4ZKL0_;L! zhlE&j@bDb}D)l(f=W;Jfv%&py$Qhg&AagW!`aR0!yeetOF~G0aML7dF{8mW-bA(xS z|31sMFm;Vefv!su)cY5U?f7uS3)O`yw|{OsOiOgdu#Bc!7tpmjr6#`^ju4AY3{!Z^ zRb7vK*ef6VsW+52E2oH{j!|at2cZMS-|E-t)YqE_b)Jrb4;EuW#R=qve#IZ4m*r#0 zHTHIHYe%yaU*FguhYyOclUuD;f7H-0^=vl^ln z*_G8xgg$(p0R3*Klx(sJk}gWV3{0d1U38gs`IJC24q@DiSm$~skxfptVN1+tb7Z}l z;m)NJ_Kmf~*d2my>!Li> z{JBr_RB=J*#old58ZLntY5r<#<4koQGv4;Z-+Ksen9OvXbkbI^*Zt1f4KHX^FHX&A z?PZKe<+5?A8Ff*c(F8Ue|=TDozTp zd~^j61V%E&Nd+z$J%jHc5*u-!UQUZC6Htf5jOA+B8&f5jnBe-S$zY7yN_#8cDG`E8 zs|0}$r8E1XQbd3qc#iV5-Sj*`2X`?~cNfYPeZ^O_S13%E;{ujK z2M4Rwj86b^CbId3F<83A){pnmybW^m_J~_6on93saIG695Viu3(}=Sl)qxJQV087^ zl`y0Pg;|iWUePuCIap^+&-?j!=Uj_5(ePm-stT3#8mrNN89krGskY!iuiD=rf(1V$ zDMnS=jrwYizF%N zWhE&J6izJ<6db*|MXCY|@0M>geszmh3&n%7IdiDagg;#;iytPSOn$QliB-y4j2Hx& z+5PG(HOc|Wfb%fxOh*VAc!$yg^)g;ASj#>trQfCq*l#x0TlY|Z!3YP-*U9x44NpC> z`}{e_;w2Z6)`h$M?(xp<;qmkKgT1E*hrc}Ddvek~**SW&chZE0*FRVQNBD(nefMRf z$gHO8q-yjk;>9-4dc$rznYQs9REw(FmAJ8t>CIZZY$pE6Vbl> zCm?oi@%}RaV@F;3FAk6$pBoP-yRs04h>urgF#?f0GldKhqbZx{@ z%ySGFN>VCmUWepXEd2#g#+&`D)aM&U$G6F3B$irj1z3oj&fO2i3@$nSh8q@lgc-A=yZ!SXbJUHsu z;=CXzb-)gME?jCwPyS?RY9DbqLeKh0RO)h2<|vqXAz11XG+_^wnnSo3K%*{4qF&^H z%|oDe97sVL4~G(pzbsNH{up1~-PFHFnf&QNh~kKl?deSdgjf2q=QNeAtf9(fWev)% zuqKZBu>~SRpRZi(_m&;)mb9|vM!U7uFhObE_l1)Ylr*-zYIvF4)Co7d`5kfP7VC^F zUtRQ0{s^4#TcPW-OZNgW;pGtFbY>J8+{`^Sk=-w#!rPK;;1j6&Kgsw%$@o8o^pNn9G2Rxz}VR%d&4j!tobLqf<9iAk^jMAJXVZs~-eol6{2ok;JL~`N! z-IW-$zGMPMgNwEk9Ac)96mdF`t0O~FY8v(UuVq}??h=TZX%Q#$z1ibK;yuK7CHa< z87U~m>Q0*T5KyKMfoh-Ua#a)bp1}r3DM$YWDI#6%qyKgc{c(k1l6`*S&z{+ zQp32_fXOeLPJMfFczDqEij+b^)HPpTA(;p};Q7fZ#+Y+@aRzusTJUD*JfFkCcR@bZ z(Cc}|OY-VlsFBdl>Mh({V_-gCOFsLH?O(kA<4i55i?tVLaXIxgUb^+-+c@a-oG#|B zw1Pe^)}!1NnD^V0K4Y^n)8IY3k(~>VR8fMWMbZ**~B; zY8+>rw6kU{{^YcoPbb~)y$*vX*dfi?@2dHxod2z4^On9sweDB;e)H_mb4i9W5Ne+IG@rvzC=JJ9jmWC~jyjvD{Swas-0C@2Qh ze)c&Hzf|PyydZs5D3DJhvJqYniOftQO1-aLmu_&u=7QxPieL4oP48_W;x9y^i=_5K zI$chsi>9Np^jXPv*^GZICBGFNFE&Yf05LJ6Fc%%gA)jb#|0@RKDUc@KylOc{zAC%y zjmH$dTg0>m$HZf5o??jbguqg+y%f*nL4lyB$@w|KbP7lyP)?9wd!q@PjiCbZa<*a{ zqusg`E6AVpLZ&PR9csQYwDcX;`wFZG9f3l z#Gp?ma6;$jy|SkI4AoYQ-u)~@p$r&m4zvQ@}; zyb+c5EYNLwIUsuzY8eBM^C-lo3jf~<`qlP2mP-KU6_ZrC{x|$m9o06DW|K~8gE@R> zDeq3DkG48t)wq&Z(#|_w=Ha*8Z$XHFA28y11@HSl&JTC?51t+ERn3OkG#g(BsTBsj zXWVk3hNkc9q+}yS z5hxwL=}ksMOq1CvPPJ%3>uLulySw!7hX*^4j!kpqCN4LHTIcxWX#Z)vq95!G1B0+y z&LPmb=M%;Y4s*HXEoXl!<=b4I`M&U5v~NmF2V36TXg5`uyW!?f;~k{v=@!T2$vBBx zQ1|9x?_&hRKiJA zF~%XVaLh1X>pTI@bcES#ZB85u^xN;M`zZg(Zli&+BX3voH5^_L9L**)69%dfLuzW0 zT3GQolWv#YI-?-E{KqKmCQlOw!3UoSz7jNyCgX(~k3{2W6kZsci6i7_BsLVoLeikk z!W*taUT8dp!V~i+&{v>rZVHA_C{qW5hSavla4{g41>zxZh=!E!hD~{coFD#}=SLO$ zNF^*mkj-Nt70dxnoQ({fj0SCV9@gX|H(G10sfLh%O53V<^y$Ap63@absrJ36hsXQR zO*iFeH=u5)Nqq!^_z^OFZ|;ByUE&u7fGIouz038#`{4!IX$PtUMrN zt%jL<`NjqyO;6LwRWd=WytH-ETIGyP?kiZIgP`nI!}Oq|a}ZGSONbdmC)|Wh=_Fz7 z!)b4lPOrJ921RO<9N{>mY@=qmGn-)8AEMsf3Dv}J`=XO~4O1pD_n^)jIU zh&iu1G*1u(G8A6rKg}61scYTz&DwAVe8T4Uf7oag=GmcW%W7vdz9wgrv=2ui?S{DG zc5Q7JVPel=Ij0t6|Fi9REi-tHu1aGUqv+DD=uP5HraogM-fReaW_v@;X8}0AS1GWZ z70y2Vh0o_nMjDpkj+?soft1y7*B*94J?mCpoSLpG8xAm+uxUeb~AC#?@2MwTeu{DSXWUez@zDb$lg-|oY<<7$4sZXYZ?R>Ag%0Z;UOeR1H{LQ!qjEdsaU0S?cm;eMFKqcrs2V)2wV^96)Bt zst_$c+Ie!Y|KoOz|BH|1$yS_^D$Z85&_!^^>{Ia7gfcy*QzUIy30?5#7$hKi7*25@ z;0HsScjZruULOSa&d(Xe!t=MtCy^;QkxTQk$dqP~aoJ;TbIk=QU>yCMp9RL4@^ltC z8X6~Y3A7J4WrSfWyH(_?PqGAo)a!nAn8+B=E}8F8Z+4MR-7dD77rdL8v#~^)5hmT+ z3jNRJopMAstG9FW2_gQTsSApCj<6~Aq=bouJm-Dgk|pCPnw~Jn4;RQI_!f0G&hS)P z@ZV3%PDHN=$gaq?SY%RUP`?n$!LpkI=1^kIC1?zsyeGQnpdV~f z0apkS1-T)RpRAAmwctH06<{Gmh5YO>IYa~tJek;tH&1#Oqym(C=NL7)8vGjdVYh;q zH5rYjL2X5+=NMdapc%4D%-Ub&F()agt(|VHjqAcUMNP^FUqOQb)L5AFC6A0*m!8zs z;V>~FT9@2A)hOmKKi|lSz3Wf4Lt9^Me~=D6FXWHWCYB=8cJlzO+y3mxSZR-V z(^qKPUZ{`FgIZCWUK3s?j|w|^^!M-N(c+!VgJ~2jOo+u1##}muM|^^6`NrI7V<_M4 ziaTcZjPa}d*(y9(Ho_=6UyB^B+n*hH`VnX3BM*qn`LX!HC|FL{%pz+j>r!(yy){!M z{&vx->B|KdPOl(s%6V)ySgQuB1_?x?UvcRslW#@37x=1#h?Iino#7 zDz%{LP~P$h!R_h5(u>p6wU_8!^kS#^Z%OmFms|X#0TMWyaIIPw9}r7eT`NBZX3p73 z&a&$7dRTss(fJErJis~2$n09=<8a3?KgMA1IM~i;f=3BsIC|ul<2>F(`vs4Z&Xh3a z!W>TQd(fe0=xaoNC4>QlZBTeNc?@wo0zfYqVF@R}ophU2Api`rk?%d<`6=UOI0sKM zwE>+$5CXSgrBY}~Z#c5$J>5C^X_ec-)Kf4bgmTWv)W7`&8VpjN+8xM65IzMS&5Gq`HB#U9ErjkXGA`RCScCt#ZHge z8l#`I67_?ErG)7~r$=%Hnrf~9{;$LRLr0)h*>0;&_E?oX2CFr@@5BHi9*CPo8%-?Ki6#qT(7JpZoYRDJtsfo<|ofUaK5Xv~y>VMcS_T{SKwq049jleATs z$5ZiORF5YN9Qv{Wn=XNJktF4+;T@rKmai!{(3&@$o(B}%!`LrUgP-G}BG5rNsF&$% z(#t^pYf`4dRn<-{7{CbXT;VMhFc1XJ+gM!vujfmFaooT zspe`=cXt20^JuSOYJb@~I^I8gQn>>)o)XHbd2nc+9G+m(G>*UMabCVJpu|2o3J=px znq~AU$p~VV?3yd2!Y-1|WGN`^j6k}4x6!J|gw$&?HFd1?gggcaRS-U8o0C7tLp0l_ z8`}M@2VWCJ!q8WsRq+*U^_usKYGbrsI$<0*O91iuzZj8+b;yOcD!n1Bcn{{bO|eoF zfmN>)8eZ{B`Hn?WyrjbogG8GPe;_lnF^1U0f%fH}HKlh>ZiKAw!; z^t!wQ{0XgKxpq9M`jDIdi{upoVsW=K%MY)LP9eFq7f;+PGdFOX*CRdh{Ed0>noAe znsBO!@mJXJ0yQ}ubxdM8nvsW?ZRX%X`(Xdaqn)E)+IZEgF^6Rc!cr!PWgTRzSbJYD z&0^(a3dFgBfbxa_Ey1rKXHedwv&8iiW=Iz)pNz_y&F5sQQa2dJ?LqbFyN$1^08v1$ zzqKE#A1bJpgni}STm2kfmaSH+QuJ!MQF%wb1)6a-yFlv+uj0{T$|L|CU@uc7CBTY=fF!$eTH3;NfJBHWWe}sc0S0@ zfYAd~Eb`iyFb)DOz;sm-8zN?d-lRC%BV@B$j9Bh5StF{+$Ith=louRr=)VmOe4g}A zy;8*BautAQOLIFuJacGE)35unt%H z%%aKY0IM`C&ON6-Q@lh0X4z;iVwtT#<#Hgrp%X3%LZqA!D2#J+?;!Jwa7^76)#&d*xP@r-QQ&0$&gZd}GEIU5MaG6X4Z zmijeoa%LT5OHjtm&txDnH*vxNeNgEpP^AIqJIb=&83x+LR~ZS6Z-AeJgGi~Tp(E@$ zkw8iETnxrxf~b_5)%j@VSQpfsH?fen!}WkPZ!Pur7)qu+k5?-}0~uIqG~&+&m>{7S zwzOA`z29?<_=PJ@kknl-o12b9BXpGvy6ibj5|A~EneHgiVelQU?d?6ccUms?#4{m; zow5h>r;9_w*;d9@vH*tOQk+IX9^7ECxrFB>KJyqZ?dVvLJ-EyZBB-Ka)_O2BbBaAj z^E0)3E4yHavC2nuI#=x$9bXDEvx_g#B-QUT8a?q?1K{{w7A7xkWl<&p&2M5e+ZECP z*4f;W1Zd*zgmVl-^DL3yL>e$o!6lec6+U@ckt>@>DV(Udm4jGy@h>izVu-S(&3q$o za~U}E2ZFlhRq-;2az7<~+{gAcjMpjZZ&YH@K1bC&4Dz zO_(hg;(TMIFf%wy%6XSW2jAF?7i#QvZcbZwq_d=Nq*&-nU{zJ;Ol-HCI#rD)4UQG^AzZBa3&lP<0?FGe(2 zsyvEH;F&H5dErpUk~zDfdNuDRxk#_%Jjf=AE&`4;6?Q0__K1>86f*4+h5$geQDq7< zn)EIZWd_4xWP@akJ%ndpQ&ht7=i;pO!_C&^h$2j-F2i1gdCA?z4h}H9%v3evV?9NQ z=u1F8<}S-f!`Qtur}vR{CVlQ^m=hg8ujR5FFYpCzqt&SvB(+~Eg8a-mG@>0z8jrv& zH)3Z=1nIr@lip(_I16g^Oz--x=(EW8hrFvXG=sVn`eSKXY@Nw96&;nD)&WB+Z%6a-e& z*z?n_+V_*4M;Y8GnCl7=e!J;;4?P01S?AK4060r6f)q$D!K^o(QO_%Pyj>=k!e=A6 zv|jg6F%D$KPk8$XB(tFnPeXIx9n-lS^*Sj-3}1{`Nu*`~8x=?$(PS-zwm=%>e!5zr zY`dM**%?vAg`J{cz!*vmicM@!y9(z}x#JSeB-v|86GtB%O)TaE@%}z~8-7h<3%P}X zCIm*Dw`2lCnDvthx>F3O!<5d~?Cd{ZwT;^Bjd!#uG;$(COw*|LkYOGb&H(M9L5MOp z!~5b6%UCbte7A96cnWv_FdYW9|$S!adS0(!} zn$9#`m#!N%iAx(aYA7)p*OCo2V)L(8i?|HeFS1D8xpT+-xc6xPi8o6bGe;uG`yi_ei^YPaZ7N>f*hip~T;NH7E2RFTw@~dJaeT?-Rxh{y^u` z`*d}@TC}hHZM0X7IzS!%qMF>T${nIGTN%)wzJNyHhP!O`$c9e~w6zJ3_J-Z9%K!Lp z@XvHS*lbR-teFmh{Yje}t&P_D8m&MxnY~?;D*_hyG@%HBW#=YkHADbJSt&Pq5z=u6M+2!jK?ZC`mPg8*? zc)qc5^tD+Y^rmYw;Lz8^#-bapm0dPg#Z?8^Y-ojZK}xPt(%E1W-qCR zb^Jp^(+Klaa=hjEnt|0hUa*r6GmzrZMPS#yTHbA#jX(bJo_P)rhZv3Cn+@2F0Nrx3 zOkh;;Qa`&kFh@gzt~sBiWTfw0qVLfvk^AAbA$%YZAI_$t#!09f(40C0WTW%x6>=8X zsU*urogR5NbVnWX91#;Wao5Xuk5!MQMzw*Tfu_1?(pUagUs~Z7q%9Dk88{XSb^5ce zx<=ybeh*fHzrpiG(~wEBw^i!xDpE(_=it974Q@O;>-VzDRV1y@_}OfV3T1pqbGnLS zSsP7|gr+2ejeF|;;Ci^qK2;-1Q3c!=PnCEo!A1#2)62+aI2pocS*-8EML43b`nno_ zwTJ9KfaG0xIgP;6#l}R9om70gkSB3VEU(~xWB6E}Iof~FSmKRpVkmF}_CXJp0XY=> zXgpfpXD2`Hnd8HUCqM5T?V0^!^YrNOFZ&NL4rJ#Tepgq`&-*7o9X>lTP~vFk$;mI~ z@S)jx@{9TN{*wo*X7BmaqrKx}b9jU-$m6F6`+M+o|H_6T= zfo4w*>66mf{@yV*_jvDU_b2$d^W*-({>d-MB0k(dd4laeJUlWx=IPGS$^P!MgPkMu z^x4tV!{a^Z!UJgd$^MgvNAR6JOsxtG3taY34$a|KUZOJM<=%O&-=%Ft7hkD{}|`t;n5*{0Ot{E9AYzA@5$b76Bhwn!g&st z1B&7AXUBW4M-TRP4xqhbY``zftGV~Kla8mTFAyz5Dk^1mvW5La$rl3$9-pkp?t-F~ zJ2ns$F-p1^MBk%WWDJe9epq-|fQD)WRF)tX8gj{6ibz3|Ncu%)`;wyx<4F&3L?*rI z6g6ctcsl9*CX{9(XHR?DB&K;bpfTfKIesX4YQ-U29H~e=QWF5t0yv|ny%rJ+LuK2z zLjiM421x{y^gNv)BaQeE#?kXt9yqyoLre8R@*0y?573ASgkyr9Fx+nktioODs7nf8 zYwS!pWua^+(bcqA1XaNh=y&wyauAXjQwZ&zsm2k9_~Y>d+pgY`=-i3AA(>euS;W70 zfW_}z0<#V>*>-)YUK#ec>y>(C|KTwP#>3OvuwNy2Adn#+9PXc>UmIokMP9c`^GrHM z*Dq+TJL*lhYwxst^8-C0Js~{CzqgwB;{&$*l!7|ZCwSDyZlV?<#QA!%pO~C1P9#FiGD0&e2UzwlI zpu5eJfq&KPwD26z+rb-p#r=gY;;(9ryK0)}Rqi1btz?tVcBPAP(+D*KOb7kqKPq^| zwMWA?pHp#x>1AzpjBY1wRfAn`kHtPzsmwC;bgQ0Lp5Y%`rnYWg96m*A`Lfk&nHSBI zm*)6r_u)Q}@(0H!_+M06jV8IGQtBB0hPBw+1ycP>N!jMq74a*U74O>O`&_QF&opO) zVN(apv)G=((UH!!wB#moTJXQSldcrTL#*GX8rmaU=icVPAVqi5z$fY3=jLXCF)MrGi>@)W;=#z438k?vX?^X7$lbaeRasRWc- z3K1O>x#tEBnaR5rR@w2Mbc2%pY9Mp8L2CmG$?haY+}# zT>|A!{5B^ksj3ipRJ~bb7qVfx#t7nH>rj@#>6Ap0|FX5{E33oC5RbSzk^*_mfU(~&9X{4>^o~&bfSk_sS9*I9y zHQ)bXGc1lh-S84kc$SZNtRtKqxfrV6wl1HYtYPf^;P$kAJ@pd372X6%|0=o8Y$3f( zylF%b24Frx++xN7+K0VL!RVwBuH(+B6WwBV6a{k-!dz+t8xYNnhpW+~u%_+P<rvKfs>Y z2seb?3>EPcvW?l%@weDGMEQsklx|fQkEE9y&yZZ>tOF66jxI>Gzlz@Rz$qhDZg!D} zPhP7_a@tAJ>z-WBSQ}5#SHk6r-#Ie67*(Nscw};sBke3M;agrXKP8}>83A;*3&RnK zI5Z%<#F=|Hicc%u1oGrn$bg3S8~wOaEoUhG&Gj|kE0|RL9L!#iJqcHd6>wfR8o!gV z@yEOWY(A)#*Ur?n!(=;~qV7v{M(Up+sYlpv(TlTLbr-XZ8xo_A*AmFxM{MBiNqAW8 z2W-f>4~wDlrUfB4iXSv0G#!km*INN_H-^im*c8OPFuXC(qHi+j5qpkMaRJ3=tB&%i8Ic?vKQ}T z3Lcx*GjsT7+FiI4>z;_*?AEOWuls{{5Q(c8oN!6z_y}awYQmDfzk^$94P6h0TRbX% zGA^LU9(Gps`M@I<=u7vFUg#osw zW;RGN3PwqI@GkuvrrA~8lF_J1M)}b!BhDk^{qPe|(l>Yo)QJtK8_A!VvC$N%5FI1b zQ>2(eJk3~_gH5+8Mf?(wDY$9|n4A=uP#|bnMo!+!H}~!VyE1N5uVF^+%9&aL@z;B? zxoNMv7wgS$Up8Wg3S27XVd8YMv-Y?@%i5ExZQm(B|F-_6*<4?*=d#IbCtjs*$3RS$ z>*m{Uzco!6=9gw;eSO{38+B8&ZN1WA{9QV_I{RvJRoYGJmg|aR3vh1}+|i^{Axi&g zbd#4F(?Td~AJR+IGXSlG|F|yXZu>kDM9lCRMx0nyW~BVq)O2|q9$jH@a+Nm~rr%pL~OrGA#mLF-yGlt!PY zM8PRx%~_&Np$9*HX_>7Ea1iC24R?`(Akm5`Ai=gzI?km_s3JZqqlow&n--6PA?6Um zN^Zm6Kycx<@)?$*>ncxdWu>KQU90``9Pi_Z_o@-6F@{~z`w=(qeVA-iLSBs~uigB1 zM>ABtX22O;ro@S18PR}*6RVpl9HT=?EWNB)HV6-L$z9|PrHG@CPjtNb-Hf55+$%3! z2$%j03z>fGy4bPF#w?|$>` zOa6Dm$doc|r~i1;tTC;X^%v`#FY$jsep~V1VSRUx>ZknMl>hO|^OYy#_{wZ<+AuvU zdh1)d2jSoM))7oqpKY$suYnbU@=Jm%Fz3GPYrmunZVdjlAC$CDU2qp=v$ggG z7qja2W5F(5d9ks1_iNl_xc&v3K=UH-No@8)zw>b)`Pz$=|wW3%$#^acqRDO zi<+VE<=70CKWQX*EOSr)VD7H3H;6v8g4Uwl5Pb>plph>ERRmGnnv+;Axwx@JK zqJa*(s}pby^OD6=;GGxg3v9XxY-{3IFrgf7^w}_*krZ$~>o<@K8Ypsq)Es$D4o7FB zE|6knnJ#7|KX{*DB!$2%ajyHqKW)JLL}bOtduHL>nenEwpbk0umQ;jY-)x3!)QH`& z!zB(+c%F?CTENJdCjSpyZkK82HF2tZ{@mFS&YKTVbI>ZT|I^dvv*%`GqqTXLR($^m z8u_O6wI1YwJM z5|C+PNBikHW~saE4T=AR3#5lPI24Cj1ep^mtsW?7en0LJ0C%rEE z|Bq%FIhS%Dt#pf?oft;|*9(!*Roe(!Q>S!u0e7cYpXtt0cCnuzvX)hOwu}lI=-sGI zbUjcTlq*M9m|9_#azx-FbFPRE5^>cyV6z!Y5)_8f3d8St5`5aS24|e%p||U6b#J|1 zG)1%G6=($|&=RC?>V*l|M(8(GgMZ0y{JG|-=bPs_UA=VC*U@`rzB>0>s$ui`Deg$B zkQ@>iWr4XX0Y!KY+X3mobKGhc#=tSSJg6G~x7N*b+DLx*ZJyC~Jt;Z9sEF~l`~Cbq zzO0(HISk0HcYXs0%W%~pAz?5J<*=q#BerS{JFLR6U@@3aKr?cM1SB^p8c=S0h9yVE zLA0ECiTfKZE-b z&!bS?R;|_+Jfq;Gb9j8U6CdhM|U?_Wiii1qf(7B4zCtr>zC>zs07_2}*dc&#e z0`7>KnBB0%OW1F8mBGENysO4Gt|o2xm0c#Es&2SB_6C1Iw>xXt%10l!IhC!|%B!r; z7WndF=gn)vtz~m}ReX%k*baqzAGf7M<%{Sk&gFKqS_OYCbTad3?x^40es!?h-Z?nf z-Zd!6bo&Q#@~MEwV88O}4b!W#dbEgT^_aH(aPK@O0#hmp(g2DtBs6B|uu0^luX+8ZfhDXz z>IAbzx^0-#iMR*)2r`nZvhe6ULKhX>Q`{D@PZ;qax_GZCc6VV=BZlFykrGzT z=yO!>Vm9atyK|}`lO(%~T;shm(VlYU-xcpi@4ob_M#8|mg3sk^-N%Hdz6#?*+y!Sx z6!=|PO~UJAL=fsz>@Lc#DI4mS;xqm3dydHZ+wxXNHafKNi49W4pZ7dIsuE}=nCVn+ zMUJt4bBrtKSd?!&)=Y{Q25!&ZuB-CcHy~1vR3~)g?%p^|Bc76 z*_~j%&c9Rq_r}Khz4bW$``*`^|BV0sed5233jp^P+cYsxcCW*T{4?|qlNUDZEEoKJ zx4HgpbK`Dn(+~a*L#mBvM`@@bGedhruQ*5=yN#CbfHFS2I zq%Qmz?{5w|mRMzsfkZ;vMLv_H986&#L73>)%sBFW^OQps4>)ugHGC4?O#TLfd{WkF zpv*mDWi@VRlUR;rxb-P?j-?+YWyln8B)b$X9;zFWMJK!jsnhZ(S3M3#21W+%Pz>G0 z8(4#eF}PL(hwocoQH+~pUz-7?A3&sW3|mJb2pWjOfwBKLg#)|94hYC!KAGpV9E6%9 zSsZZ8zrgwlb3nm{=#CCMtShncH!l(eV2@mWA2)?81Hu)%N?2^)T~4Rtt+lnQtE<+< zaMl`4F4iPQJzM*pz*Bb6pGW+<;9A3gUJ8R6-Oz_siJHXld$$X{U|2@DAs~CZzzo4} z-K%2=7>zi+@KYS@%%&qOwMzRQ6J1Iuy4~NhM-kt~^@RqJ+O!>5cP1;stN>#gG765O z)9Hp}Ai&I^7rcvW-l4>UuQC3gGb(V96YaqZG6a7Ie>4**_Jhp$_Y@+J{$68@f+dqN z)cH=!HRZ7_PyHaJ%xviUE~jtD$xzYQaO8}{!%KYE8TCgK`a4|ya{b=qSJ$i;1 z0mm;ZDAv`z(bZS+r;d%?QtNJTbsN%xlonMe3G3Q$<^)HK;Apq;s>uY3igzOA{)Cn( zllZnoWlV_u%_OQ>GhYggAz?!=Ht526ff!5rKFiW^KG5^;iy9M-RAj*pFFQ^ zoY%I@D?%(q(RLTp;%GY!d-FDxADL7T%H(gXIWbMf-*t>r%u`!~i(F%>jJFdT#?EeB zMAr|R(P@l}c$*M?W8DnJ1;d@(Fwy+xisyE1!xYSTTunl`?t5WZXvX(Xe>INbs@FE^ zRW@@#(Yf(j1SB%NXhYR(o8j-?igBHB6}Qb>)By$Msx|+ozdTjjgf2nVEY^fBo@+r@ zXwepQZL2n>;%!)lKqB8-vqCV1Au5YK(BU!Xwzk4X=SSfLACY=CEGDY!Z8jJ&rLDCA zV1G{2v4p|F1$;g1FjrCU_s-Um!5SHXTghOnwww&w?dkNoO|4}Oa_I&hbi4k)yjZ_~ zcVkc|Wf`e_FD65Iyh)EA0slzicK?E2Z0L&v;*c-&^;v%=ukX?8ANw=Xe-19Ry|3x{ zV;DQ!%=jvsQV-y<%Kv<}fGn|247*4jqL0%js6DDl^JHUTSQlt_n6W$MzUU%qnTwLi zru7PkvSbAjGVVBRVq?5lxxg4;O&qZ%|AE=iaN;ZqMEl-#o79}C^Ky0@Ax{?2 z^?PJ}@M}_w_Szr+Xt&7}lL)0y$3pqbm1}kngAtx(aX|SYN6`Rcsv?nbbk(JgD;Rw^WC!z($}d z$A8{`T2w_p^T$8BIKa+| z{%FKmnfTlF7PMTiu=;b=ieIcAO$jL>>1T*{#ZkGMZjf^!W@BV^;c>kMr%syzQBv4s zWK!>JZ2Zf{y#^d@=0`E2%UvmQMrE7Xz1)Da;SPs4Uph@>h8dzM);9bOR^dbK9kdVs z20HO!%ll51+qeKx!=EUIbzb%2j1aT!4I1N=b<*~?=vw0nTWG0-8{~UOZM4)ye{`1g zn?;2SO3N;xBJ@{rG2B1R-moc+!@NKZ+Er2cIXIDKK2W6D{HL<>pa1+<)c@{3IX>Ar zIA{&JpG!6R%{TW-^uOyEx$r+W?tb(2z0G@@>)*n2;1%v|{8Rt?yXb$-15Liz15vbc zhZK2h2fg9!ZDoZNU#fYEewrOlA>=*A`$>KtFnTZi+9f~6^4a8WXrd zm?P*iO;B6QAnYq<{Q9EF>M{6n2z@<1J}}>J8`!6Z!9{or2 zN#NfXoeuri&65_%vVIe$ncvEcTp+MRADNxz8BNz)5bV0?czU_LVSF_ya4oa57A)Nw z&5Wwu*L1ooovxkwN^9+GG@53}x5MA6%uFlP@8;iX%ZORiY4FU@Lzx$vulzD?mChp# zh8K9*E4NcoJPSnHh) z;J<(T_FfCF`PRj674apf#}#;HlDFq3E`=~(QiOYE34CE`gMd+{mBC2d;t|Q!5)e8Vu`pWy_D>`fs zF!>{}lNk#CS%m?HSz}L@5ti>n;XA@0WGqjLGYUwVO*Ex%Z}>)BF+`uI$#}P9-1f^( z!$hsgz_2ew$Wogs7@^`ulP)_pk%3>+wI)jSJWCONRVmo=a5Qz;V~ueXAC|r#ib24|X0MZ#Vb7!fHOi_XiK8z=2nQc1)ISHs4J< z)86V}wwhgMt10~J!&-|_+3g&hkTXFza-w!tEC5NXe32{5ndArelKpnQdx<^m8gtg9 z=aCTma5n5sd5e-DpnLHtW=4={=IjhOhJIIW8Qqj5tYI3F+0ec;$vFx;ulz0kia?Ub zU5qY(vXoeW5^oPLd_rd1$0z^U?f(ggGI(wGQ=Ff*PiKw3{kF{h&+O91-EY7C`rCV7 zBjdNeaqnw*ZNB~||M#C{{jn4lx=4qw)9cU7|8K5;y&3WU-`<58{3rkaJN(lQm)7Q2 zCf2}o5cYQhEF>!8>G|&AR+`wWEGy=+D`43eKM3b2JK+}`{g^LmQx?yU|xKl3>ckO3Won(ngJKZd)Vt7vN z9rW)*!!%q-$|Rl6CPTAciQ>?k9r_HEf0HiqpBtq`-tf|EUT5pGg0Au)n+asV1{7B>E;)2&Knqh-P_k+Y`srGtS*lv!|sj)X%m2rEwJvP!mmB!rr_*Z-VEN4UPg z7d!m~B)3VcQrXP+0lwu;g7yJM*PV6JdEKZ`lnr50-KrZlPo-6QQkJ9^arWuIx6LRcCt&*LPEY3zESWTTMEs0CU1EV7L- z?LYeI#Qb!4@L=!gm{QhIvY7oJpPd}S1Ie*d!58Q$>yqhcDjhFTj+a$uwIHp|DrLIK zS1ZV`Lmjy}!OqcM<-z_jrN-HN&?-)?lN%-WJs6`+wo}n$I}B2f!*PG@!puSc4pzvZ=$BP#^LX!neFlZ#WknP9EZ;CCuqM0Djwm@0&cpGuACFJ=PoACZ znMa3*4=8KV@!rv2;Ep-IZw?NRX||qW-kt|LCp+|EXac4RUc=u%K0Ds0N!x#NvUha! zjFLb!VB|l;v>a7-ccAJ6n%%=EG*p-&1nGxH3o{9Mse=&oe)q&HR>AB)m`})!(LC9E zbg=(u@5%07kY%W0vkdJ&5s&L%G}VwK5US9h-i}?Rl{EVg&CY|r>|?j3Fs%LYzU&j4 zvfZB~FH)=W54it#o}K&z+vxYX|2Mv+``_39Y~K6kpZEXo^3P5mZv7vVN%H`t{O{16 zzIB#N`ste=E(S@jkH(VkD?7t3Mg^LOv(9A(rTAy-9Dn|h^`@=!NirK=j?Urw?55vW zI^#ZN`<|NbI+qhffl7ugeO6TAK?0YT`FS+z!c72|$ameV!PVvuy&;tArb(Cl!7C3& zgWeGCheuHP&FG>J#rVk}8P3vv>q4GmJ=n`I6zct6IvJUrq(4Q`&U}}`&sHKoe|VGh zvZS9#$w9Ago~Cf^OfpQ@_ucEut0eiGKNSzte($Y$YQ8&zCI+L4|L#$e_RXVbdyjUW znC~tU?9nW}NQOV8{p>nxcGIkPA$|JS(GceIXSi28AZ5ZpdcZ%xBWUg|&B(vbFvZ>w zeRRg=yT9?T7O))SqWSyRS-%H`e@dXW;Te{lU?qImy7V3v)qR@G`nUrqAMkf$Tz>rX z2gCzNCuw(>P7!4;zPD`q8?8A3tO%$g>>(o3)Z2mOM|c)2RWnd^rHN<2!lKqMtupr2N6-WYC)=Lvx&5 z!bq|V{*&<|e^HO8De!eW{q$`@K}6qWFw9PJ_iKLrbFbg;B?EIbf*A%@=esL@(CV}% z{K%h^>vJHp=DX`z3;*~5cs};d=C}Wr3{&%C+IdYp+;_jh&olYu_vkJo{r~2@d-wjS|NqCy|Fr%fieOxP>r+zyF0%fx*mooS|Gm54{8Rt`JH>xe z_$L~CDjfNg&d%SGtMq7`4uKY1OZ9v7Pam7A`rwcQj*lym%Y6})beL}F3BiIVrne;3 zL3$shzBgz>Mb#q+d;^RIGk^NipQ9G1e z?%>wtbkMI<&SyhPd#ktw*2eJ~T?LvL9cOANkbrc6=`0XO=|iQW!%sWo1cUZeElOb+ z*xNz6`Smw%HsHYs#n&eOtCO@)SE^k!)zhK>e+aCl?M~8PF-OgnX}{g0-3Mgwl9 zZ$aqINI&rAZX51c)G$lC_8XnawDcS0-+_N&Ba=`4r9+|q^Ss-#$iNS=VpQ(G(vme<=hD^A1rktXoQ}T z`i5zp5t^rpZkb)KGiTJU#4Sgy6>-$sbfykDO*{fd6sKJ4=bwKzf2i`g@4n!5C{{0h4Eya01M~13l zUggfEQ{Ihx;}jjsuQQr)gWe8((IFAe5rt{@I6HHzvTRrF(cXz!vuD!$baL`^4X&Eg z2`u0Qm+%jNFw)V6x13p<=ggpI+Yo)eHa5QnVzS=a*y4GhS#uLxyzcQj$NS*_&)$`G zwUI0B_jCUW#o;7&2Co=McrSAg0f*rXLpZi`XL3kRr`_GQ`=;&o^a6O2{P$Z=Nxj*C zS+mTTEZAzbRFX=ysZ^DlLWOGu(!qCIolfEJeeiJw|EF!p3d=+D|9ZW)K4bqU{=fA9 z{igh1?p$KAM$feDdSk7*o_;F)JeuMj$7RI390u zNi>(6p!T9(%xbyD#2!h~%FiqGSn%;IcvEOO<4Zc7P~|9e7ZV1DN2NN)W>CQJ{a@8F z70-71I8LW$aDaBhN1%u#@Kj8@4VM#Rv1k(zfo^XXR*G{V(wLla4iY&`)kqc|f<(r6 zVwjXDQ{vm2kEBGl(oUqf4voeL;Y0Tyw1jvNolH=stK_ADl53&%$Re5V5#WbypWm7ua{T`&d$!1qMKC9wz$x&p$rE( z)w!875?p8wNDK#ZF`>ezb6mJmOK0!lp%;YQ)sp!BnEF5BR^OTUUqk+@*K4!)e>c{a z_Wy56{}aN->EvfA%FsSXw!cien&nRV+wFf2jHAz1kZCR}<_)*T75+cXx%)qjT77+e zx&Ob$PxYDT9Pj;6R^cqm2MAvRbCAC!UUv4%4e_k1RiEAOk0zdF;=#~KJ z4N(~uE`J#BmSG{&!oQF}118SO@aIe^Y=<*N5p-p1rkWl8cQnbDnIq5qXrN5%b~+8c zy{qZ^8Od~dE0_lQ!Pr5(0p~9}k%RdvbiY`bc`i)8c}%jcx}0t)}Jpf*Ubjzt}5P<4-5G_oWgXF85x)>FTcz4qHdBRUhj1 zO1b|3nv5;3p;wKs?8bLe_&2PaI+E7Ymm=!WG9$K;9gm6&OGQ~G8>e9kM|~9A;?m}7 ztK#U*;h}m9v7Y=;N1R3b&&Y6#&Z?-D0N+B`?h~+Lp>PYZ99mAaqst3O`l(~+#>BZJ zV18ie>W&~FqK+kK@&5#exIK{91x}&2@a5N5=WPd<-Mg(ny5gCgDeSgIsL+cBG27b{ zdzJ8QRXhpjXO=Wn1-QQ&_ou7Fz{`h$dAa!n&kW~Y=lj|dgbV*VJg-G)5dfb=MXBQ9 zbYfG%udTOw_w8{@|7GWB@31AlTrjTy6O;NR#6RoCv&y;hs&hlBC#XYZ8p06E`BamO zaAgQ|=0~J+?*8_MpyA+v9B|;|JqD8|Pi7jaM+`ANFJ4VwN~^bebMb4J?9Lm%c!L*c zaa8Ru3M~}LRWJI{Sm*q)GBjpU#cN2hjhA34EB`ak{}sO7!4j~@|F5yWF{A&lZ#I|u z|M!3XUkT4c4(=mUs~Tf*>^mdel7n4xVmN+mJCu>^aauD;YZSEOop$S}tM7LI*jD8_ zU$xfR%o(0b)2uFCsp2=wjvq!1JAOINA<|1|KfLESf2Xqrtn2 z5)sRaxY}l)hubTkQkcHT-urG84Apavf{f_%v?I!1@4tv0#sMM?D?2jIYX`G=5W+4x zG{%-|Ym$F%%hNI4K6T8HZ`672+?Zt37eggJ3p3&rkx%JQxi1=2f}m+wuX^d)KxY=k zV4yjRz}Pm_1;We#Bnh~lw@3L{tbCF~{qikcKM-g?dG?TwAlL<0IfIC{E%PK~CREOk zb_+yMGy9F4OypRXjwb&I`ybB0?&APpk^O(OQJ?YuSVQ$C|Nq|k|K%sAm-=}uBE*Z% zGH>aT$7JswdtT^$m+SvKCXv^X{}Z;Q+oMT1HKK5MBeJky|F3PX)n@Jgo6Y6^U&{YK zjQpQYK)bVZ#o)6~3tIR1H=RoK<2NsVZM_AAv9uaLNsF@+k;Im|L_f$6^Y#-|E^`Vz zQ-&DLfcgcGq>V81j33OlV1z0sTCfdb^6s-`oBnhXzWdyF&TUxQ)F(Njcb@~?ehLvT zgb<8CBdYZ7GfA{QuEB!zy!$-%EaPUX*{_$WWPlskr{*3g#|^WK(ha8hu2VIOgbJ?f zV&Gjg%ebriQY*pCfa`k@5FYQCVMIE}R0OJ6W&DF5mndqr*;@n*G0-54^8r0ZvN9E9I!!d=jcFLjG_#s$SxMyHe>Ex%!YPaMF(XCCs*3It z1%mz>0cZL^in2I*T!0iKW10to{tP+B)NELB9x-Hzd;LlaCdS$L>&=IhmlOnr))>)l zlYn=CA6pSLY^$JgGQR@f--_R`y}kyh;id-*LnyOonoRY)e!T4%mtZefPcPSV@rYBk zZ7a1DYQM^Pu}xndPQSjsrVNmNR89G6`A-q+J1T*T{C{Qs->m+(4l!^k|NV&i-*)NI+d(5bQfjVhA6QcSW!oI0d-=i&2?J(7?>?-b90+Acf0;6Bt8n_VRkjHkvn&=yD zV7pV9`>$}mQk3RVbWuVM!ovB53%#_s{lo2l<=d(JH?se25Y5li{|#aROZxwJvHvOh z|4_ER%S5&NHR%0KPdRR6|GOm#SY-dJZ_M8R+Sq7rF8BY^{R_}{ZC$00QVKOXOZ(4K z|NGYZ-;AQQbO)CMSWQoaC%zZb`?j@udmr)g@7Yr#oJ;(ycteFVW6N`JnZ1poy^D{YP-^`9@-olxT z=Z7-~OUQw&$s*mCN%&S%HjB9ld|$&boObpgrr~Sc*LYC-@T{GIc=v@tNOzHuvRFHp zj%;SLL=0P8pJOkr&`T@ycWeI%hD6o|I?{B}`uGp#|Ffp<|7GRB+Q!oU`}O5NrKuk7 z9PMxK&g!kLqkW{|q%Hqxrf6$><@oo#YQ=SW!IwhP%AS6B@Up$reoK0B_ZNC^_O+Ey zGj+=8+v*i+cWVWo3mlU6M3ny$g_TA@yw7a!$71XW3pC7T%YhrD)N7y~svz^|etQQ=hV;D_GM8?z)YDkB1r`9oykc$?Oh+yez=Gx? zY?r5T0j*tFFACY;F=q`OHy6gGV*v?((kX(bjcLNA0sO9;P zh?9z9MYU7VOpD-8zGdcaeki%gd@PQVxg_mbPNyK4VFDsyLTY9M*Uu%LR5hElH6cOL5t2IfY40l4q=gCh&^TvX)Xl16W!aNAXuTZlvS5-W@2wuk` za33Y@Br$T;cbey-fHYEenau($5_e3jr!zTivTWypU)e#z)K>Bx6ygWv@}H4oUkuxm zoa}u6Jr;|z%Orjhbx|S#r%;n&Ob#h zM|ozUdfIBYU$?hN+(Ob#ON@+j0&673(WpnLhJ4#TLKj{H^}spB+C`J6b4^2JdGR7! zOr$6G$@0cF!>-6DVtREu9Z6~R?r!&By8s##1jOyl&?%2d)*TV)+2S2|;XcVW_4@T; zM>VrD-?p4KmLz#t5ikkSr2Ul2J{CJ-G9($#G+ZVmS@OZ81Ivb7nFF7boikmoWTJ_; zqcLMQ>aiO;)u48%j3V+*Xzw$`LD6DzV!e6DnBQW zP7a-MbS_>-j!ViEW6}HKFbpTbR<%ls`l%C?O$VuDSz;*%UOzlDe7iau2sJnz{JTfI z+Z=9>3}Quo=~nHOG=hos>RpeJ-x%0wGbRZnGrt*DVA@rqjwH3p{4 zz*I{W?H~l-l%QxQt?`g>9k!4uwKftv#|NU=>d>$2bv2R3opD%=Ca`1%Rf1IK2K4{P z>>uS?<%QlRRw=(Ub>9X8wT|{`Yqb~k=aq@oFCj{&?e`7R9U$spn&gO?zgynfm_}g* zoGdaLBku<_RuMFqAew;12J9iN%)U5q#U<(>w)x;5wKzkXa{4VT>FKiyHx zT9AT_4l1IHhGGArU(!-k+khC_n#pfBRXSKRXFL@!2QuL=@Y0A--S#A#Ey zRn;n(q3>3b#X|&IxopaFKHz1FXOsm%ylnIw*9qBf&sN?Ho`hb!I2Dao#gLmAOPw?- z2b4&nHnj_JJ;tVrcI1Ub>bp`0ek#$FdrIm^dDg}OJ)wVS3EZ}bx(9;6JBuAR>KWEEt!BgSVJ;8L@RL2Ay5i+yPBU|w73Kg^NwWOYbk_G0HhSdiD<_}ENMmX8*{-#;UM#c0iCO! zM08+sa7s!h`w)@>NuX#a2S=Um&LJ^7^?^j>6339>-roeYku>cU>>!rqpc_(lB9xL2 zVSt~~N=&3F9>I%g{V&#g0!e$`_-Lm^e3m#YKJJ8|he! zVu{#t9Atz~=AfF%P# z@l@JNw3|6OwJ`cbE2TI>f`B0`r{A}6dMf~<+-snzUQVQVoE1=*mPw(I&5uMDiLkTm zqtao=%s+Y(5-G9ZpE(-_r78p?SaiHI^tlw%cbXAHuOr;!iP<-f zb=O!Sf2~HR-iM?aB;zwuBLF>$0Rs8Uw60}a?-_yA=qJ8+>Ohs-?X)3n^qoPZMv;-n zD?AG;;$q%R|0#`*_D4$#HE80J z7Re#%NXClOxH`&kLW+|adwf#Eq{y4_$T5co30rPP=BkLdUPR>JRQ3@}Y!kT376G{q z3}2;s^}O86tmLOhorEP0lwIz>Fq4^v*~-QU{a2Clj4tcGl|+IlsJov|b-^01Tv;4@rY`kh&Mq7hwc25X4ZMctODC zgHy+d(XC>R`xV-svcJ^FYA1%0G_yQvgS=?*R)WepWM6>+(UME7z*WmLgDTa>0aG0x z)~fMs2;C%YKql^$yovQ_?Dk}NSn&F#^IJK&aFWdz93l4(C)lsxcO4cegtuNA%CUJ!Mb)P5cU|+Stt~Qm#R9&UYw1aw{ z7Y0bOAefGm)CSZ#L*kOpD z`NWQFKjjAM#0`g*SD#d}At%tZPTX7K<3HQ4JxV-)NJKZBaY+A&-z5qan`D#G%?=LI z%D`6RQ(xGv4tjwX!H5qVy;P5+EUE+-i)GS~_=(|LiPQuIIYbUGyt9Js9rCxKw^vOALYU6!39n3C0DLVO4^o+AEm z=rJ<~D+HHRGOg&7Y=X3&7@q6ck@QYKl{Z8&`}hQ*qaq;j>eb?bZS~W;hD5ED(cl32NESdK>>(Dq?5am7X?W* zIOPo;>TiNWB2MreBux>pxCN=u$*@@VS381GNmU>~0v68(Dc!Jacr*1#N5VT>B5|!4 z`c6>k*~W-{A!w4}tKfuX*;F;Pr=`jstPm4*pd+4%-))JjaqqN)d1uLvqX__fUc&&1 zBzJDa~|>hyie^c^KpL zz@5O8*p?@Jz@7}%({{6X(^J@$IZ!S5HdNdKp+5`!^jA?6kXuf4%CBg7Ko#YXoWxKk z!~lYR(R27HSC$gt_b>k`wV--`qS00He;_W^*EZMJH=FCVCj9@_>h;?HiS?!Y_l?(o zF4y@3_0_O3UX`s{k&poK2ef6rIN zE8mF5L$6PwQs|J|v8cCA>d-W;m5U~wfK$bm^8)-CgsA);;@LC?0e3BQpp^;cYH%o(M zt;gT}@|Rgv-Hni~nYg)#i&;&Kf$plTtg5W6%&g2T79L@=K@6t|@Obim8p2Tv20Tb? z*x+<%LbP51%A7>(iS|V+@tHF1z3zs1B@-ZURU}{7R zA`2}u{tmck-AIu(vxd+sr$z*fD(xdwM@!=*&rJPUoD8{@MbaHGJ$qGAEiL(@Na)W+ z0@`q84Wr~ePXYwoQCcDc0g(P-%-)|McqP{=BdQ@!Y)*L$khKJ8yryPl%&oo@Sez2?=_$s2mEFtA3wdeZQuJ?d_)-u2u*`jvchX%q>|MoINLo?FKk@6w|#Rl9FW1eV!UyVdjl zHlT9!Ue&72>KS#i@Ri}ADRKv0uL;bNmS|7)1}D9Ky+7!C>a5+a@woTAF2YB8N2<~8 z@yHE&UWpp%SJ6D6(6G^K`hGI#Asn*Dqu%O!-R_`+5R@W~!UYWxjX{-a*LbkoE$%ao zR=fKKa4{G>7bSIZ?$L9a^p@^kzgxv{^k@Lxe!3*JO5@p2byl^!vqt^QYq=iYwgKp( z-t&qwd-Wd5)TQx@Dz!X7_j%R`H~E?(<`U1Xs-LQA?R6c<%UGd2(L}GV>4)m|2JX2Y zeXNWB)xZ6n-RUG82NQ99WUpok);ZtVrN`hAkKa%wk$=>W`UGR&$Ui@&-oY5o7V#lR zKC!PVN}x?NIUJ4_vvrLBcSwN@mZ8eIIrV90msrenva^F4C>Vt6IX#8}{%7yau>Ypx z4Nn^FlT!AP4%q)}pByD1#H~>SnT9LH*EUqwtJ@=fgif9eYc#>VK40PFZ@lUZP8xL= zC&S58-J;Iyb(F!z9KQeod9x0&34hXYX&P#`{<_+i!bhn$2D0QjkT;)?sB8QZtAzTN zo*>K*GHkUkT3(kEY$>JZ%Wc+%CskrI+sd;Gn*J+nR6syuaciwq92CZ5 zc=~bjJ_M%^3NQ(+lAfqN^S-3y6^s>X4|Y@ROU0unpdtA~VOxz-8aP8o&Wyzu0nv}b zn%=%5Le<0m1u)+0&agvMP1}@#wv7EDj&|;Xhr&kRP;Iku6qnQ70vt&8=y!<;^F3|B z#98ZStwB@m5faij<7ZylmZRq}F`jb|oJ>p4ln<%}A%P+CYOQV1Y?Xqp}U*cx%bbl#X>@x3Htnh6l-q+TVN31{HD7f7?g? znD!rkgeaIwFb*%!5jT@OcmGRFpE z_EW?$W0A#d(98Hma zs~yN$y%Xh^Ghrmw2ZKDRg*Quoj<-oW<}gs*lI$pUgXt^@n~fC!aU7xn%*1Zfef zS;bzMKXXE`yjU!re zC1o7VI8DeHZbQaaV}c}+R%dkQ-;nr2^1kK|4)9+F=z&w=8GFPIUcPwo@>%R)_y0RT zAW8=PG^;;b0xalHQZZEd3xBB1jQ1{3mz6i{I}zyS=Kg3IiBT%X#3cJNoUDnV1l;|E z0!_pW6~IvP2_ZrT!v|R9((TZotAb`@;z%crrS4}&j3-SsygSw_oN_Bm`IX`hEt#5k zI%v`2dE9wgo>%^SIP@3Op(gob2iu6VL#vOban8JO325PX+wh4m08JNr+pYA8;=PYJ zK!#y%kLDYf=hKiAt?0IBNp&J<8#ESk!%&4TxtA5a{;%=};1jaHG21etJUGHBiP4S1 zRZTqHF%&BQLe>i*TyNF;7Hfu7tQhVhi(#m{mF6nXr3#RR*?zZD1dkiKWp`xLce9o_ z`Ehn~S5ZVmGho+f;eAkjW8OX{h>+f8kTAfH*cDhXDCy`=cH%|h2Q|G3qopPY1~V1& ztc5Cj!(+CMtwFCCsM@4kafZyz>HpgB@Bq1(lBZ~A+jGfd^tfxH;dIEct(_Cs+#G*n^?EWIOuZHoL8a_~pH?XlJQ9xWvXh^e#IvKtA{H z>%t=K4hMgX-QiTu5;#|f4opa7B0au^t4S0==CFf?5Cy87_eVp2{ShgDfUlE}mm~VV zPsJUG4xv6mF%58>Jx(Tq6KiC%9V=4u1={3cqU`r#^KI-iI9D}V~BrM6q;b} z5B_q>kc*F^YYsNL1G7r~+aGm>DgD z2^dX!6m)cd(FW?tL6HAGj%JuU!jWVg4!y!8j)MiP90*7X;ft>l|7dD; zs}<-WjId+speF(X$0r(xID-gnK!`L6*Rcr_kJs-_7m1x78eL!&EeM7_0kmTvo^X5) z$NB-pKk)TH%Yd8Ucw|k_6z3>RhY$GUe@IS}$#jX#S-V-{*=M2;Z|Et~hWXPO$9IHg zkLTI)(@j3WGcMg<43};mu&Gx=O+H^~=P?{JS*2fv4(&+lHQeB}RLeOKb`z%KC&QC! zPcsk%s{66X-n`2pvD=cH*0dlbm~@NxkqjU{>U~cO&cqDx?x3kwRwJU3!?K=hLDQte zSjTIK&IIPxU(QK9i*2NbA$%(3U~Pf`R<|4rExO|}x|78Qc^|~Y`Qx&~L4*%jgn?ZP z1~ndoUPKEAYkMXq<$O)}txlado%zgQzA~+tu<2w1Kwy>&8Op%t1!j7|lb5Q@D~!hW zUVEw@@}!Y~sNWwu*ZD%yZgJmv7kpeSk$lg>$f-m6tr6SbyDn7ru8X;Mm=lqNLf|AV zXu&4mtoQif%8$80{qs0?o&VH3_Zp4Qgyej)hdHy|B#Sb|=nY7%p{1$S@|BXAR)Vxf z6xeDVk`P8>Q>K?J!-tWY2R>)pAo8{#Ae5X-+>mfVraY}fYTiq%el{hla9tyyahVAY zo3&dqK}lhSfs)xz7%MtqLtS!A(z(pkG38XX`pQ(rJF_Gz2>^D=9LP6UX)HEY4Zj2? zmMB58dIK0Q{d@5-*2_<}M_UwJj@j}D_D)XshkAicUzp!K`k;LVILs@^#4EvJI;*Xu zMH&{+thkppSD12CvpQ(>MVQ)E-Vc#LaW;JN{SbH**-6RU9+(IMNQa#FZ-Nfea=~22x7B$ zHso}!g{!O7{B!zfHvEa$D;*{J8_4Fa)pTO%5)L4WH_CH>B9edI1>-bD%^oUmi3?1o z+l^?ne1G^OEMJk)^hW2aNpKHId4+TWqdN#n9D!rJ&u4*z@i@HV+BEa7gS=C_*4+xb zDg4iI>}>59aiC8*?t+p?Q%fznB&Id#5#0VsG`fT29|s%^zDIlBUdf0XdjFJ?G+j4P zL6C52f}I1_A3xI!2o_|EDuSiZT_1 zqX&ucBs3wa04^pp=eoHP{d;+dkM_x5UGphV1|2*glyhhF3ND3LbBz^_Kr6R@cSmr>!R%DZb$HJ0{#kTR~eu`{jl6E2hCs{BQ0>Oc;(ak#62PC{G z?+x#`3yJsnoYO?|1z?L`2GA}D^l7wYFdY03=7E!4A4UL*Yo*jYd8a{A2Gs zozG1)M&rkbUFa=UTQuH_(NyxDCB!ABpp0?IsN6gzD^g8o3!VLQ#o3HQf3cX6Py$O` zin@v2BS|LPXwAGb47T$0m+SAoabiWY2o&mWvaQp!a5yH4)upJNz&XckN+KtPh$ z(2CG98!SA4$GtW4y3t1l!kgH7$+_v0?vg|^3k1Imh`Es!^vzm;keL)Ah#0qi3NQG| z$~_Kow*cRUz=X^*nqeS0b*yr^^tA|&Sj;rUSzTE%^i8h(Z@x&K>0LLLD&!zVjxt^7!yqxA%^o7P_ zw;*`!U8^#3++L@@6*n5d{Zr~lyQ>DVZ#bUpLBCfUMN9{$Ne&jENxng4a~$n0DiG9g z&4O=?$}ED7fZcc~k3lYVaO$G7u%H72f{(=b4Q;$pK}FA<8xd{Rr|y>-|j_1yi-UlKC1 z$(9yNgmljgQHj?y_G3lui(r4BP^{i(n5sq5D+%@0!&NZTF!UKc$O`7mXl*h%n|;I{ z`e-V|=nyAA&J0`r6A7W-WxpJKwuR=?a2<2eTsdOSfgdsm%&qbXW8sG+nG`Jv^yM61 z3NXjur2l3}a8Ayb=okhjqpGVX+d{(OuqQC5#*Kc6xFYn-Ek2s>g%P$#*&P#1s*{z? zrr_U{Nbo_-`ZS)$Hs34p4%945)si{YcV;sSg=yXdb@8$%J&Sh#DH1K}v=I8%DwW#W zKIVfE0z$GKJ`6dR362G*M;{-8SnqRx+UOKpss5C{xX9koqx(CLKa9RtzsTo2eu(A! z6n3N0VxiyQ#m2nYX%Io|W*OaKEeI7tjPRM**xCdth@>~Ser(}j*q~iL1S>JT$AOt{ z8P^$jZ4gH5n_DA5+;FIYVe~A{;QYwHv&#o3J=$l250NsiL(};J85!%lnXiZ|(a zlUl-{C>KMSN7y%a^!(}099t^4H>Ju3nO#65Egc=3b&?dP`q*raH~5rV%@D&fCPv7gB++e9*{$z^;%Vp})FTSj6gQagGoVtfpZZmzl`ggyf zx*fS+Q8E7swu3ShIo!tzeNXuPqe_`Own(0*F$7x%`O^jih7V>0Z7tL(D#Y)BC1Ez2 za3Ud_P@tj_t%yI2+2eU_PT`GRwy6lrb98L5oWYK&nQ3)_Q9d}2ZIDu{9B`N8`ZEIjiViPJiJ0@oY>`{aYRGP%mPwbDIre~PAt;S$=TMp;ex{%RESOc)GdUC3=;ipG* zyJ-yF;-{w#q1&yb4X=u5*kP^R-#jBT_0*LXZ?)6Ia2%~Z6QXf0@%@x;TRZ4Rud_HM z)>1*K+C3Y3Ekrn{t#D;CHB1vgtT&{+rZYrvZ|e-Y=T*5ZGg{tS4JCB4=4HS+lwzEy zq=q>7h|&m)2O({PKc2>4ZXjN;LlSAGMA+rkbgo@s_-N~yVwRAe-2oE&(Q*0&-E6Ut zaM_l4LPOYVRD0*g&b6bh1|hAS#j!)54xbZlEDo-R0ewDNnT48d_sPT2ZN(BG7SAW^ zZ`8|N@zI7y+!{fUin?HSU= z*$H6P7uUDS{SJDo*0zoh@V$nFk5$WR46{Lo!&3V+UZvb#1PD!cBUm{xk~ov59ZAzdgZB03dO z`h6A#zt!S18d=`v6FIHoCz#@c1~kZouz=-u*_Eoj8rCXw!sTEev@M$HAajUBlE%1I5Myz)&+oFOwY z(tY#d#fys34YlpriA#Uqt?VU}iU>zN)s?-{WohA9qG6maw+onBDx^JV;V)Om?`Wqa z!2l=V1+HEc0!zuD8B>9lCgDcL+pV_yn-B_gSwxMJN*U3_++=NK8ie(*w)AN|;Php= z4tnRvPzYFSi-##*9+AwpzfZmYQTqSRUW+bAbyA3r=`uY@p_c)gdj1v2sgm2lb7vm` z=ciji@2XQAQ-M-a8=v!kad_UMukgI-2nR`y zBrh09?3l5z1?a}xPm)P;4I_@FV_O$VN70eMPT>F9pIUl7ixy)@GBGm&onES|x9aNZ zT2RvfAGzA&2@q5c&nI2V%DssihthM96eshR8VEHuD!4Takv*(@Pp1Jxjak(s>du;+ zY)-zvh#%Dkc%8XtQO?&I*Oi=J54n|#+*?bEeV&~{0x zkj8N!Gbk90Flcv)V;N0gDHnJ=f}wYTiMTljq<`OIv3-nbWwFW8-q9wWUXp;ouI&*O zAW;DN=-S@{cK#7aaaT#K%OUg2>-PVy~6l|&kF||!lRcaw~8mVt6r)zR8 zZD5N+8m+ay1T*0dO;mFsXA4==xN2`URQI9zDDQNH|N0*x5Tb*o1nmK7hX7$we0Vxssq2gO8 z3?z1$%Cg!T+a^iFZbAWz#mt%ME~`|VNcD-z67HdXYX_1?(HO|Wo?dDt-~oC_*Z1a; zPa$qCTUOM=qbyRKU?j3Ga$v5U#sXF0;Uh1hIBcJsOX*Uc> z;ds!Z!uiwx0Jzgi>3`pRN8xvt618fl+L*^H$Q`8u7At!TmUN;ylCss4hDgK(W#7_I zOYiaoMz>U3$}5vKA~D1>AbgiGwRN)(&EDNMf>X}5I$n_I5-<UIGytfAC>Z!QL&gzOf9~CBMkBTzc(*`*9vkh?Ev zHz%wuNp1j{GDz8`E4I{hVrnURP?*6DF}JR}*m$t&_w5cXHIM?m38L zm*htlzYeAJS@sNfa#DQ@vFwukp!%=mC=4e3GuZAnB#G;N=I_vzLTJubviL8@4u=Yi z{jaRNpLiJHt0Eo<^~!X5#{x8UIS#fD3z|ph3R{o)Ug@#0^ z2adN0^&0=QhK9iMK zV7>v%=uG^w(ySZyi|9kSBN~k;ZuHrQ@k?P&MXDXWP_fOui z2fZX>XY@7{$&)_kp=5QxQH|Wtu!Wd~Sss<`3o1A5a;LCMyyT_9GzQD5Xps_r8eWh& z6){;k4Ku8s3U)SbY;Bf?9OX{KPFGJsj{&4Zo)5uk<0tcHAvt{%6_9E0ji0pWrmF4Z z1*d+pUu_r`sHv>H$l(s}e#hsbWw%xRrCR-^N%s+ay~IZp1d+pYhVyc^^))iiY@~j0 z3~kqC8PenfqN9q%7xw_Hv$QO6GAD9fl9WG9(` z4J+3q>2|4nDcHt`pe0Vrnqfv)pGS?_FD#hE*IF{4I-g*aU(Juv?M=NKW>K;2JS#a& zqeI9~0Y^V=DfM@}8!HDyXZ##2FZw9=48uu(D5GHu6hDYoq(Bp*Sq++TETsm7wIJ`KkQg?JH|df69M;K= z`Z?o4mK?Td6<4WC0K>)B!7MwZOPiD#vn#$aPAA&BjI?t`lsR5pmhrksGlO*UR}m8g?7BruFS zMrhaJtTQq=sBL6ZWaqVPk%PlgI?pLZQY8x=j4jVx6t%@0U1y{>$1@*8Q6hT4I`;!K zlkO`dm63<9oZgUSQb6(8mFZ80))K0aVG3^#6=ri&vp_J#ct-^$Ylz`T%L9MBg0Upa z!^`2nyPfSv8|zOqnPZkhjeW9PyeO&lv?F;ZNts9*%dARKK0Yfo33~I*1m|34iF`Vd z>>t)1sU{m9NIqttvHJn(ZGtqD6{*6tf##2}Qcw$jgzF03WS%A`8H%{kZ4G(B`DL* zVCiJ=VbBY_4o#Pg3NBt8o}k|We=J0qKzI zIY^(UjGCUJltY)0NLa3|xuG9ANg_`3IvGea>`R{muIh$Rc1lY;;t+N>fw9s2V^Vg(VvdqIBk41T zOe!47t$qka#WEHbV8mYbWI4gm8N5TFbbna7lq!Vwt0A006wFkz5+O=_EO~EeZ7|tD zMp}h*Ew|v((HS+PoHC;!8_9i`dnIz%>7JkaWaP~c3mNGcTE3s4XH6U-<1?KFBCVH4 zM?Z-?9i;LhS!pc+fL;&`@sJ()k-)dJgl$%V^lsOGP}e#T=V|0BoE^jnln2ufKl0B+!Q3@ zAkcX{0|x021NuAQVm`435&Y6z5idjI08nX7!{Yh~|J++H$VgoZj_s2&XFH{oMM~ji zPHR<9sheCitJbFTZet*%y6=DZ&sbbhRdA_P+#|2~*r}3~Fv<%i_mt?gLc-HdP&>gm z;!i{zG)j9%4RyauFiNuJh_D=`RatqA;pWY=U50&k#FF*fV2AQ-(;3@JX}fHhra2ic zTo|K%B5?Oz)~clzO$9g&ZFH0qRVVMMd@juj06nt=eG|{(~bGEdtRDjeL=o$UbmBJr){4xIG8R%jxMcQA+VvB!kpCDr0*} zVxe^(r0ob?Utw7AB9Y^1&k^pdg(B6+FvbYKgM`<>Cy!CHBPU_x6q_llNQd62Qz9=P z%1aul%?xZAhpz=G+7Lu7z7=htCPK(;N9lfKEZ=Zg7jh!QOelg?{$wO1e)D88JGWv2 z;1E*_o5Bogi~J@z)h!2}Ds3(RvN5~<{FU?rxC~p9KMk*;Fuf&A2HNGEHVh_}pq&Tf zo#+@TFQOTFQ=KQhcwVrzMc3Jqys zxeW=SEU%KPJvmsGuO#Rz2jfA>Dp`=#^tph9hV&sS~yBMGfc`4(gK}EVL*DnBNlLF(|5;sE&DnvEsU&DfZk>-?>6zf znFZM~IoEK_nXC!5fe)Gd`lGg%90O+9pDRUNvTE=LEZo*_CnUk*#i$OAkemwNIh&6X zPh0Vbz0FGzcwrIC@d%^@d4$S-35-nrA)FmzUTVg^XO$8chbDme#YM%z{~3 zGm)GkP-e(abfAlK;%1bQN*IW9kKM1*zJzQxdqjq5G?3QDWv0NCQ)J)G4wg7cY%y6h zzDDWw1p`fx@pL4hkQa3F1aHoFo@$alHC$Q#b+f>O~0t35*;SztY z)M18lGBYQ__NY6QSH^%;@ljh%4Y_o6gRxEg9@;}G_hD>eAcY0W03_7_*47(ROjAOjhvqL~Xn_>+zw`B3g%OP|O5f=6D4&wJj5R1`!j)*;7sal2%YkoS9eWsVOO zDOqFm$K*aV^77wlv>c^ld=`>rw7+^}cw6mutKABuew}O%Uox9ja`2=OV6HBIN^8$` zb%0(61N0|IR&zARhzF_1;Ric`5bbuEDn1WTqreSC!P7(6RqfC|;#vYlM^s?a(9gG?yuOcMwA1gU4p<(HXj%KLvqon7n%oW1a_P5} z4`c210d_vjE^uV6ebl|jj+ffT8y=d#qh(+z&}r+Gi0(J9;F@APzO6aw4K73SWFYy~uI;mIDF&W+MB@;a98K&8Au9s%B+-+) z7G7(CH8V+Nu0qZfHqk#ZhMXHA1t9;|JfRrtgNmV@Zr74&C<{r{EFy&w^J$?*`7yt`YV>oAtGIb2l)1A@q_FmJu1W7_)i>KddPRA_qCIy&673^)``5~oQT z{=2)WZ=e4hA)wm7QZ+e+AAr<4+}va#SlYN+q!?i=q+SUHjc)M=tAF)^3qaU}8&`qL zh1c$`0^$BawzLs#ky5dU0fKN@g$puauf zve2~`p3B*ChAsoxgb_B@V9cr9?a(H^S^qK?!bI9HN5O zPHFG8czthrn-U1AKyR98)ut`>DUyTpC8y)Qu+AYXtnq=^?geLOQhP&%OQBK}j!hez z!r&fEq{O|nFWu!~tT^nD6B$}t6?kM}*6(!(@3z>cjI}|ehs6(m7Y-xzmL8fT9u}`4 z_or|i%esh0-oK#TgVOGi&jAUd#fd}UDmm7B_viwgu>!diNH9(kYE*RtS`_wR!AOor za%*D_nQZfGBBGZDR2=JVlCVjGQI8A6!;!THyB323{ulAK2aNUp*u>)1gO+tGxgzz9 z>uG=KbomWQ@qbZbsC)NuK04hFP9`qDa^{}Z;v5aiHk9A}NL%RM;1>~t;eyDb<1^#% z*sADuEsl!p1$Lu$E(S6tIazY}ouX!yWUM#}=R6QS?PiE{_9@f|Lg=0sIcA7dASw!} zUCI9CNi90OWR-JVz0ednki)tfwD5XeFEl;^Ez+f0C9jKenPXkXfOJ+H6O1RUEGyf# zXMgB4D#oJnY8DA#7G}!b**swg%o~yN2nN~4oo73U8)=u2YCP})LO6E^tekG4tdtrO zW_O)dk~={kKXUex+y^E9H?i(qA#4}l3g~_DKNCX^q{BMc68=!E>31Eo+xTvzgP%;n z2eS(qb5A&WN5D6gd^JKDQJei*Ud=lCBo4@PEU*Lv>+qD`3%|)Q_h8wWAVqAyW1(y0 zsfgd+^&=_oIqGMT1AF7mP}$ZgM^;Flh-icy%gREKX<*UAX$`hlNgg>FpgRVC_ zuSKnOH{jc$Zr%xnbzi)syPph1AWeZrKD`?s*Y=cK#1CGVSE~l&XyNHa8ktF4dvt>_ z?|o*`rCe-&_~$T!mNltXotq)=MDZpoG?CU3T;9*n`3AFpr0%n2j(Mf8M7B(UkS*Xr zPX;j3p_2`$D6)efi{114!|}B&Au|h6)ll0SHtrriL?zU5iIAGdFT7hGvl6-}wFUAp zm%*m=Uh`^uEnAr76h01p9>A+vV++horF6p1;99I;1r&Mb+sz%3&ts$4=md|9i)pyg z&BwE&2C(tltNflm2vYLbl#YK&z7wkSnn!i@4L=enc2v8EqL8&x=g2kc!r&t1i*ivM z27?BAOg?JRVSVUdjT>WsSReq>8^7|pHK3S8#=uG&_Jr&&CuTeJ!w>7<6IeD|U4Qt5 z$ZK59CK}vR%S)9egjQ>g;2_;*N`WaBZONi7F4>BfM1f$VRo#7gls`Sqk%!Es{Ig1Z zDgUZa$iRKky?O+6mwz?hD2CsxPw z;=o&<+akfGIVuTPLWtAIA=`3GuX5VQHyo!q9H1QYB%!F)Yrl{bpv-!9ueLd#zx1-j z)TCux&_UCw?ov{jD5&H@j!p^!)6QdJF%EQ|U0y?+QZHI2vA)7c!*RnsIF;s!$Pg`b zXIv9=c9V8W;+yBdR{@p~f%iU;^pVI(<<*=Ft@PsXq`+Ex9vMI5B`1d-1Xw+o-MJ`J zPvu8HB&Yvp-2rSNKeP?0y54(R(%wNVTt9(m}FfV!lE>O(;_suQBw=- z#{kFtozE7PGQ1xd#04S7PtZuP;CVb50B=Yl7-d((Pbinc059BvMh(YN(@$wqhY0sR zV5BJ0c`?4vm=iT$=S8mqc2P~fg;yN z@khHvA4za&kSfX@JwU`LPeSQ~0lP5tJJQHFN8dSP=`Yp#jcYu&?=a&pgAWvUSyk=R zj+B>A^0$Bq^g0>zv?h_e5ZK@>>He^Y7Kgq=_ z{n_!m3?2<+?MLXe%(|qbplCab=Z-DuSauzJO$*BN8`Rlpa!Qkb=9XkxY0caq2doM(6U7Ef1+AlwpRL-f9&nSR^~@_YSUUD?<>2V~S`UmeI2U_4*Q<<4r*AB`5>mh%$wops#K7 znDO9&-TqU-YSU%-nu+mbU~rZZ)8PKpzQjXbj~%*#Qg*S;&$+WL+*+k#cQWXVzZPNmOps5kx+i>p*fCeEM21F zX(c_uYd)K>L$7{If51M(IVJ$IJ+2H`{DcV)jm<%s~c+VY9a&Y z-7CLS3W4#1pMI|smhFI@T5Rr}k)!tYHQ>YG>dpa^lpDp9+MZI;5HD(b7yui#GpyC3 z6~ENyT`JI(4Ej9bM+l70IY9sK7cg}IX9embLm81ieE)Fcp@yZU5Dy=H|9zoso6TLd zCf&~V`sxo))*h`v(e?iT#w8_BS7k0xYHP|n5lWX-XO<8XbGKIUpz-Eyaobi5c~pWi z{bl7Unuikm8%IC+o%~usjQ|W&6}>HKpC7p{1|3D`8yXBbbdwH)$+rw%35-!CJDy{& zF_PO2mFX0k&T2S$N%erZzYn?{6>WCpOY5XyV2>k?;aezGn&8t0z2eFEw{K0M3svYM ztx)RgHV!fQ9hhK`@nu`PQUmsa)~j5u+Pc)1gG{j1o-eE^bRSz{f@@{|7g6Gh7o?br zI@8dDfeJZqMcPj7-V4>eiyL+CBGSE!n|E(o?@~G^=?wV-W%^<$kMzELB4Z)j{Xklr zFeK6Aere67z+CCRcmazTJ*cpoHdZ{lR0=dUzzJ~qOtb*wiI{amwyQJQ#Ni^%i|}1{NcLrrwJGg~ zC^m^L4A+RNTvG9%HLIcVwpA<_zql)snRkXi7AiU+)|lo9u%_&L`j9%MQpbl%5w8## z8SknPZ5G*<(mo6%?#R-Isg1|WrlUY*M-c>&KZ;>METCytl!haiKk<>dsS^DECAGI7 zM@Uv(sHVh^i*!|yP6Sh=gi%cS1tEe%G?BsEsS+aV6!8+Oom&JAUA{6ggF_r&ZGfaQ zStBc9^si_6>yiy;3Np zP01-EgrsQXA3|L%?vI2fnTGgNiL$>&K>R@)~6q#4eDX*^-(F@l@v%KRy*P z{e~V2yOwjfI+WFn@sA13xP{TWJk}{)lJpK_=VPUk=ta5`d9-IzK1WY(ucW75ckaoJ zeKc`fpGI$z{4m6U&=K$22J=|BX%oHxX+W007-fK{yAlGv8?lvf9=M4WU~MpH9V!8J z0Ff3+p86Xy97e1l?edxBI-M4=P3=)YDzDvkYEfA%oKcQE0;{<5Ewl=oUQ&nkhAYbS zlBjey9bnM$;V(E>(BW!IAsmjDAGSSoZ=6zQfX5pO_c0jIWm+lNSr;(K9Y!y)6k?m) zO0Ro{izzv8tSr%zbHmAnH%iHqhiXdh|EJ=xB<2s_$)Ww%-Jie0pYgE2UK)pC$;Y6y zerc_|R$g7%eOWntQ3WDe?sq=F4U8`F`0)n*yY}SKn*A^SS%0$r_+M)epFDc>WMgAv z?a{wh*B-7vT>F>!TMeY_jQ;m;@&|>$Xc5>8E;1EV`U}`WI@<|`EHvSlE>du(=dv@r z=(S0onxndomCU@H$)Lo>2)52Rl-)p_{)F0ko@wq)9z7g~n=32tAjfN~^fJ)(6@Rb- z>kw9Ap_pMYmW6}YK`9vFcG~cP2g0zmGM)~anQOqI-v?U7u9Js;d*%H)!lV!-1r(Rx z7pJt|-vAfCzPi3zTEq8#NGGRuekW5ByIN0J+AHIga0t7G;}JL|r0sj<7x^^DYFe$m z>a&vxfI~bCd*$}v99`EAWf=Ahb&qEOJNUeN1?aq|$e*mIr970Qw2y-iDQ6Fe z^2qP8+zg-pQ7VQGTzE!sLUt*F9kN6C;DrYav{938S%CPLq`zG0EenHl4+I`mVYpuE zPn;0J6g`xmyCszp>*a?4kM;A=3m7_@^LrXO^2;;!FQmI`nxf5&)H{yl(7SQ-_yA2b zCq0ZlxMi#4uxSA1ciDvy_7)v3K%Q~d%c@)C%$G$P&D~?U>eULtA+GKcw&?2rJP>() z8%L9h4jL=GS6ik4#jy$QFb)1jnH&Xgn7AZjJ@_dc9z~H&*^H7!4Qt5-baa2F)_~?^w>s0zqVkQx(g4- zSEGTwSf^nk%3^^iUHAjsqxp8POH*4QWOYz-$m3xr$(d5};3g3aOihXBhJ@{2cv+I3 z-Z_|>iDzHVeD3)VZLQqy(fH)aqqOs%j!Sv|KU&>@^tJW%jn#jNM|bD{pTz&+{L5wA z^4o3FafJ0*et08(kodoiRQ_*meFOQwhmRhvZ9Ia%VE!LJda`=Q|9y==-)i!N|8~5w z*CNAnd=!hU4e?Rz6KTAbFJj+jz7_v-a#%%*{XM?>qA!=s@^Zq;SzZ>U5+B3f01m@l zVpq_xzdfc%hrb>k9XD!?3{=0bytw@+0hKSGE-zzF_0@6f_^0ZxVp$}#kw?1U+N(4x zf>79l&J?z==6$hOZS2--`ri?<5mTRsD&`+P4$r(rn6;0Hj& z)iIzkWeB93QLi>n>WAW0W&fm_$(#%^K;5K`@i@*WJz>%E6#Vi9$7E1i2W28n!9h0+ zkUJQa#gTHoA`VaX_nG6ZoHSn^!IAqj%<|YDkn+%=1F%BzeA2!Qxzz5_@vrsTi;(Id(ICAnWo>q90b7Iqpo1(MH$vn z8<f0X`jtUtV? z|Njm2pI6T9kpHga(p}j3>TZk91o&M<+Fff^(dWlW{Z*CkRzuSv2jcE-=zyTIRj?V z|0j>4{Qr~n#~XL_|L;!!U5LxeMUjw)Iz)Ut;I9?-dZjt=n;i}g@Vrg@RoIrI#pEyR z+rp5~gcM*rE(|TLD!O|NzF^U##=)aDn-Ld^&oc|w%-q)A^KfaUy{Qc>_wQ^hnUvE@yOa5=QaRd3k zi{W2S{_o&-C;z|u^A+ho{P%F>)=1-G@Ba^1pFF;M|Njfjf7&H*@$)}j|8wop#-qsm zKY6tNrA=vlKF@7@p0z$`RTJa$!ia?-V{ZwK5> znUwn^wxszD-C7dYfuN|wjqa8j^z0iZ6sx^)Z<$#24PP`F4ZzywV&)j8yn@bX)xL*joO@`w(NHW3B9hLfU_ryBVA(IgsAL>Q<+bKiuyM_)VB6Dg zr2ifCKm3~Xf8*}{cSry4=>Hx4zoY+u1^VwijV(z2XWD<^V^4(sKU{ruNB{5Wf5N+M z0{wRury>7|`UE#3{x{YwFddQV1uj`$K+S+oh={5|hT27tM%!S%vm!oX^C=!=cO{XrT717?7+$+=Wdyr~!oDdvO(&fTtFGU|sppQ1qoaOzN&Ji4|D+Q5 zm%jf!TEEl(zN7zl_rJUQ-`)N1?*4ao|NCp`e|(|)-=oJ-{h!B=pWL1Qcjtd}?ZxkZ zpZ~O%_(JDe7CWzVY1YN&FgBOL`3_@aX*}~fD7(w&jjFJi$uU)>yg%ud=T7I{E$?qb z|FsdoZPWjajfc_u-|EJl|DQYhA6t80;sCg@TcNo$GHk@B*cW8tR}RO_K+I`o@Y$5v z!q>Go$f$cyq|Mi--fwS=%|Rw=b8vU__-}dt`Kt8)$({b+9sQ53y)W|sbVIYUx!!sH zPV_&5?;ZXBN7H}TZ7n3<*cJQ?`v3R|zyGX0dbqawc>M{`|3{A=-r4_rl|SD`+!H6; z{l1_xp$FTLLe7Lheg_k;H_HOJr2UNn)KWN`#X*_7c~ct!V;&;GIYiA8}Xxl zbyh~hiyUVb07NN zH406v!w7rT@!O+ocAAY2-@6y+nm&VZ!p)@x%T;&xpcdwPKx@(IG>K#=CfSH$o{w1= zbaY%j1e)L4Jvw}DJENDu)H(7w%@?P1+Z5qy6!gr?MpzaN-xqIT67!D=f_<^SmH3Xm zZZAZ4?2`7$Y*HJ+-)e%V2ugqJ8^AJEy#yz3duA09Rq$7MaMx`z} z|oW9nsQhU<99K@wViNAHCiMU_HLy1(GsqUtZf?*D=G6Pxx`A4phvUaTt6IhCtydBvKR{!A_N19fKUGpdT!p$5`G#$!?4ff_#hQ zr}|6f;CR0Z^ry;X$|8y(k-{@1ozR^BUOkU*X5PMin_1FSTM@Xi0LmiC9~I%iEEt&< zkq!OdCjOvJaTMC>Sl7p+Im?{ag(B_#5uZpIL+~JdK*t@@e7p@Z?Z&e}o`b9eV8e>w zjfaRP)*h|M(mPseqJNEV9;Szs7p3n!QWkmVYN7;KV)XD5{6!^(exE)#zYN(HXnlM@ zGJue$gf1!JQV&bA%L-V#JA|8060G@-B8jdXFWC|URZU>KUw$f)7jfs&sYtW>-s^Qc zp38($w1AFQWU~im>X4sIN1UI%qfa(D|<^X`IG>!~p@d;!eF?|X%V~73t zlcw-y>wU4&UI_GDGoc;x0MT6)Mo@xW`x<_q16vH^@&&x-JSqM8E_9~Kf7kv*|1TSN z{$Kud`Ttr>2=oQyKWnS&t5N&^M^EnJzx++)|GYBhl>4X1k!HLAs76RAy;k4{fOJ`s z(`d?zKmufON_sw0wuC8f#E+C@D|SAeDfV|@E+TKDQ#?i9l)0I_NyOw$nYg?OJ8)Yf zr;NJbSR$tkik#?ugT+p-rC^Emc;^v4;gB2IlfqX&nZyQtZZTBG5krZn7%H=<7>ZDm zeR!?7me)cp#@A|kF-fv6uZ7Bc&D_gtODJX3t(0J@Tss!8PtPWA#5%Y3y5zmK1yWi+ z98pbG7Ac^5}L;rwBRa&fl7}S*|cOH znT17L2}oQ<8b@xy2w-{BN| zwR&JG!kKxbV+pMuzt&Q*SeqlBUMqVuDl^N>AvQ{A6*j1rltr4A$&mt^t|Tq9kR&Yu zf%lPCr6|o_S25{Y0+^qt&Kb+x=9she!JB`58JSz!0>imPY1?ZSw?)vUoLGTP631oc z5y#DsDuUFiyILfN$Ic>BIp|@gJUC~tnWfi4p9_ZIkMXazJ{B_E>Ume6ai1&X$yh=j zadUZHhU9grJ+g!Z*daKO&{P%AxYxAAUn^OGH3+gq!okR+>z<1e0)DXg2Y*Qc&})t&N4G zN12H9=u0n>udqU*&CM}~H~{hWBby^xR&rBGYmmiOacEL@r67LBdPtKe{tZ^dXYaO~ z&eY9XTX-(D{uUoN((ZTu)j!_;FUj@G7mEM+I3EA=@m>6%udM&|W#T_1 z#s9o%_=hQuT9%WYv@A;xEptcxbWondF^hN$HQp}hk>xGoD1&~cyJC5Zkf!hZl{h))ALZa$Lfp0BCB)?;%tUzPmcTvbczVyaK*v;*# zjYb$O`@u?mf4oUZ0mXFj3h}Iv2(<$^(fa7zWQ4CB^q3&Lv*0~usqq>FV<2utfHlU4 zhaSM;6)p6+R}ahL(C<=3EI@BLfKZe}83ZPuMjyqkBF3Lcp;9>}9EO7x_Qn67!212}Ra8Exy~sEg}M zo{hAY!ch01`LYHVprhx_pDXpMfZxaUqgS=P>YjM^D`Zy9u_<02?eA6VaJ4(!gVe)j zz4q*+c?1dBN&{+Uac4kQ?YaSJ`S%4LJ~Mf{zf zK0{dhwaT;oDz^rG-K*8ByG`tr`Lzop2srK+MdP@-Tf-mKU#ifdO8wU&Kt*zNbl9l= zzY{11*)|w~Hs(5j9v`0hUsMcTAcB_po zv47N{Q9Ef=ivmr%uyF(eLk8LK``JmOhJ%L#e%P$m>nFr~7GMN^hT(z!SD^A9jq}kV zbr?qKsQxR0#gU+CD2kt7Rv{gx`;hzAtXFU-8ZdUdO}ikp2}9YmdMXa9FZOFMs)xH( z%soOlKi3-70?k{kfkkTE^v@M&_XN96^97jkPiqYqX;ww;xv1>Dsv+t$PFNh)LZc?v z4ODBK?7ox(4}0OZ4;zdO!wvr(ceO$pvj#B3mfK zf{Ga)oN5b}R0H*Ow?(P8ln+PkPIpvTQCAT=4gSqkcK45VEBmd=!Snsfiw4ya{SCO} zbO+%WE=QTlL2H-u_|LXj%G+%f;Jf+@Or9);-_1s2y;W`e+R$mQGa~j!mOD6!*2HIv z{k^)Cyj%bExOp@K+U^mcw0i_g5avgfMf~^otPX5zd}VSWR&~GjOjWGx?Fp;nrejpb z>VosFI>3o3*m9S+NU7K9Ww1q{IL+Oc)!m;+RiX9*c5X}0ObIEqJRw4uLY-u;L!6w{ zqVuN&P;gC^Ca~P_x@9dpzdsybTdNL^mNUHG!CBC8)?bE)5m6S~nce+r1u)(RlC+(H zQ@RB-<3+u4fS03OlvIdQaHh$$Z zA4f#q_gXy3&@EoChcA%i!geb}O0@Qyu!8D9^l;pPzd2K~hMt#EEM6#1hKm0__9;aKmbs3s&<-qlKHoIt#bcZZF)< z2zbZED}`RU9hsnAMHZIwnnV{OWngI_0h48jn#GFjIdC*hEDeGZx;i{3DNf0IA9OqT z2oRF7wS#?$A6rV{b^k2rg{6^y;a`bdUbeFQ@eH>Ecje=I-WP=&u1-2(pt|3dyDxJu ze+uvbm%VDEiR*nSAKMZI@kV_7Xd|(dKllj>w~h-lY8FUhHbE6J(#)EKbO&%0pbn9a z(B6!y>O4$#;l6RjABiVZx zLv_C17oqQq%kg*^Zmz6c049^OGAw*v1d2_ME{PQu>8(7zPd{*@0J5cx_4SSKe|WO7 zkq%Z4ivAa?cE>9}`2MQjdD!tEKYsk=dvEPg=WK2Lac6Dy?4b`(AN$`we028x`6J;@ z+hq{E!&z&0X3g1y2kwmRAGUCro!c}k421a!a|Nf9Z0x4(z-rpJV8Y6Qe7HK6&fS)f z9RK8Bvsx$IuZS2sr`UJf5d&i_6qEwF1d?ef9JiyTllO0=5Hldo{*BQ1ScSyx%pGj{ z;g}EJCX65#qF*g!|q+2NoWxg{o8!xN- z`vpEw#r=3S$_E_A(3KTZz$=GwvTbrp#Lak<@#TzitYuX??@hw=qC~t?Geb`*Kujxw zuePcA_#TQnnNtg}nFls|2ewUbgm+UI5E>a16|8oz}177#aL!s~23fkcWo5)X1u1wvx3F zTa`L)s3<0pW(u_IaaY(I&X!oaz zAto~+Df%KD3Znt>MQ9!{DNMxAy&_yuM&59{8eWGjbIX_ms3E5_$80J?mGoyRpUCZM z!b206p*stn^lzl~BXi)qr0ICodQm+r$V|BU zG2+{~Z@okD3!m5tJU`gSODjpMgDxDF;_fUeDDMdWaC5J={Y0(aoHkZYs0I`&4;FZKi_ zp_FO56=S!PfBIlu`0dL;WPb(7oq*7|^xpfjfg*6zBmcKacjWh#W_wh`j)HO+fg!G@ zYyqJ9SFq~WRKI79s~myAafpV-jeK$Jp}x+-D! zWM)p;=IljsbChDs%|dBy<=gTaxBe};Omdp(zeCYPX{a|R0&l~rSo#qt#8RFYRskC; zjj@n;>U8&8)w6F&6=y2!hx5TsBEl)&pW?Z(*-0+tP>l2KC*t|Y_eDb)Ha-s~gN}TBuMOIyzC`wRHbQ8AhqaVI zXNwN6G(Z61qWd17dN{Ml=K*{eTe8(GVCx;A*{) zpMv>~95EakFF0XS}Ms|zHfi;wHx2=3wIYdq|uZ@bWG=V=$} z#~*j0b314qb5QxIiqm|jIC7^ra;G?Qr#Nz_IC7^r@;6l+5eaYK77ye(elbwl84{4; zfts|lE5Eeh{&i5Jm2J+# z?bomEPDPq}J4EaAbCLTtd_BmCtOeX1&W{2Q%51o@v~(8Yf2a7Dz`vl$m6eO^TRo9x zsCcnJtM9tQ)&Lk?GiY!Y4_o7r*X_YriaaCzhgxsFiv-jlHEScXR$g9OT3LaXsoE#m zCY-)d631p~$?fhIiqzyX$87-l3Ncu+*T5^l2Kgg`E%FWB0d9&)dN|I0nM#}ZNXQ~YUjOU|*gH=X;+T{@8b_WXV?%_eW4IA~3|82Zfr_OifPbjWz zzHBwBz$#XN87X8*n%PlW6s_=5Nzo8ll~zEPr=`Alys=@Il#lQUh3!&o50+F&zBNgG zF!{2{Nr*%t1FLrs(iI8wLs4DugMO|G(fY z3}D};ju%kocvUUBEqiUI$y%1H*L1>KXT@)&WxZEDt{%cwdKYg01#a8yqCy6rFHpPV z0Ck!y6%tE~oQ4$xi{n)==abUVRTRc*jn7ZUlhwoVm8T^&t)+jtGVX{;sJ_}>8y!^f z2R{140dEEg7Oy`D+?p~m(|;$A4Cq1_KSDYgiHLQAV4sO3E29G0^YW!C>|pFB(gjjy zVNc)V@&?NAfA|hM8L~DVVuK`o`z>FR^!O{LI2V2_!~ZUFZ?{}1I7G}b4Gq6!rVsd} za}9K9Xn5?8{{ar!G`#Zhqs8S@Ehui^kEmJZ0htObxY#m7E%}J&f6B`MO(Cj=x9?p+ zosCsW90X^8vxKIGfvyg74aLgooAN2(|N8av$2Tjl;m?B=7?~Jo2^4P)L%uVhn3HY_ zW<<7#M>IWvp^1%*4VfgRYRAPpQrMc^rf}M&e)F7&NXz2mRyHSAM0xr3%E~t({(%2h zfK@NP&SPp}<@7%*Z-6;2zFsTlBrw?6KmSw^xo6cEwL`e`kZ;D*Y&rV|@Xlt%C!Mym zw2o=kM;87Ew=cC2;C`F`?z@33sCsS9X~En`{}6O6LiP2c1#(NM>SA@vZI^KQBmn?% zLcCzy^0>ZW=%{Q#LWML16@I=EpK>%Q_LQiB%q=Z_bGSAAuW;q{U`4>Hu_holwIDU8 z6?W-V3tK2$lH1`AbIU0GPFGqip>EnAKSBY@{068DW<#y47TSD+3cCr3BbB(N$B7{E zQWAOKv=MD6k<*I5IDyo*$QH6&u2M2H^aZ;qRu-03^hNlSy?G_A%ud%##;)FT%Aj66 zWjLv*PLW(5l_3%;#2@by>RK0}Y{oSji6U#;lBd`AO|^u;K};W|b60YPVRo&^X`6_97#pf_2m`1>%qtj^k zGy={9TGH@&4J=4LU{mm|W)-Ib;&qUi8>=-B6E(xu zY_8MxwN&n%f3nm}@t7xB&Dk>(E20OU4|R7M2)|>C?>LTdCC9B;W}GKECYFR=hIPss z39FSBvjqgcB5hzwLVm zYc)%mFVCwd_1uu7R7x$!Mxv^Eu)h}@A4p0nk~Bt;6&a=dz4$0WDH$zm4_=Uy+{Y}%u1Egi7^d*|{FmqTxdj1@e z2czKpJR@z_Vs;n$l{d+VqL48zI^vH4G(`T@c!Y*Z?FsbZz2D+zO_V#)J5NbH`;>GM z9QH_F-|utEv_hAD3{s>-XEeQ;@FLO*-!;993%|pXLF%XV=%LrxQoad$kzWLuO=uh! zNZ;A(2v6(b4*U=JVo?fxjL(BQZX7EiRGO+3Z)ni*MyRVkoRD5TYV5MK)c4w#q&<7- z_eC&h`$etH+L;V{s1ogmWg%)p&Q7v4#{~xNu8hW*zcpfcNOKmYg=}yHC2iwzbI-}xdkN&?&2;W7)lP@B@rc7 z%w^alLWKARg(IQ{j}@}XnJJ;}mjx^PqcMPwK2}jv`pj>mM^YR(zkE^V5FjC{9ZQ97 zjz37+(r`Y9mmaFKdwn!5(9}e`5kgHvvQ;=g_bCR4R4xcn1~r0G7#@j_eN=|0F^#Sm z91QHkc21HZD;rh$FrPcL{T3VRMjjZn%$}vtBvI~Wr8=5?tAX(&tuy}A??jZLRJ!ED z1S8>2e&KDV+GJB`AJ7XkyYj2eUya?PV`LrLVLKT5c-GXbyC?NV?NznatkhpriI3-8 z-gN>t5qT1#9*?hqbo7Ez*y>FB{cAZW{fogilbU-*zc+CQqdNR6S81qi>O>X@bC7jHGHu$czP z>wWO9!>PbXyD0{3sadTbWW_fC0}wxB-8P=}F>fr(LUKO%YVuVpOG}ZWtTN>Q!zs!A z|4vu89RiGp;>2~6h*JiMYfd6gAt!E_#Que<{>Ul`^Nb};3Qjtts03SeRW7L3 z2wxokb1Lq=S>BXsoAgDc*!vtG^&DKxsleGK%r0@ZRTs@DU_U4r=w89Di`j4_mn00x zmUZuoijH}PW+z3mf*JtbkJEca%xE&CwZlOAY#nO78_caO|vB8~|kE|FH|^P@JZzQMVToe}ick0KA` zUu4VUQJ5_h3b<%j)vMtj`gsb;Kh*xwZ6SKpk5jcJXiw(&{t@4SSn zfT(v{iEX=w(W>lOOGu~jrahPYV#`{3nIgCD>?;y=Jrn~3tSVwhTn{OM$QXpQL8+#- zKdmJUIG;}jZH|%X0sEZqhZi^$JdQjVS;|2h?surqxwNwhcNr)L$6^+3wVys%mv5_5 zlN?9FhCG5z6#Dc#e+j&uKZ-WNsSKp&qwXoYp;yI?A_1^Lw9~rcM=FHBw&B0;#F{gO zaNuuCtkn1G!RtX*A;+!9iI>^OaiWOtzV(yC?3dl=aw4+m|A&pX&|?8lHNIy@R-yvr z?v+G}UYN2~!pT`aJFRZED6;S$HdEM&S0$ppw3J>daX7KuLNp-pv|&0F9J!<*ac(sc zvM4~jV0^0VC7jTc>?Ti*)#rJZ2NP;{dAJjkvP9-tBbq9yI=t1~A^&84nr)Je4AKpV zU>yc$G-+cjrH*K#;la2&?)glSa4_kUSWv0Qgz7v(Jb?dJwl25edu4m&Vr#f{1-}Iu zK)}ZZsdga04tyP&sRcc_PK07@Rpjva&J~FShW>ks*vqz;aF=E~PDtTWWMAxSW6con zJ?IuoWJ`V)M^gze8Qk$vqxOqfUtRs4EtI8e5;m!Z`_#|D=pC>XXweN9G_-}jMx#!+ z3n9HM!4R2H8^1JaYza-)-PzC|i|_nw0VldU&V_*bmz93`J8Nw>CMVg(w!{a z0XzH#rVC5GTFhaQk*PybZA&r;lrB%HEt!gzo=sxRx&yd!lZm(wG@nmBb*M^v0nOFH z`0vUfVSIAJ9S(p7Z2!x5Vc7cJbMjyV*LWcskn5A7Flzot8(dil0H9rq*QG|5&WluR z9FBE^oPsbVY=Bt3^4k*&1?4)bB$QW8nh2gwxc#smc=hmAt$uV!R+srMMrgU_6(^S? zz>5_`^kMD+j8x6ly+qerL$Vn5#$>RI=H!!s##@B#Q5Rz*=D7m&9NGxlUE)P-hi1^j zb25g$W~V$Dh*B;dV!(zYpOy@hWV28UTlesf%7|!ps+U5YT(HWT+ouM?*YRzAFW(aE zdsHe$Zc!oH7}=$rEKJHhSy6~()b*ryR)ipxC(A2XOskM8Z9!7c+`6abh`L%Cc9(=m zN}u->e7<;I@e&S5cWhf+Wy@J|ze5+#j#}ZIP0&Anw0)O4`H)4d)6&wvx3C3UYyoI5 zoh!iw;kCkDw`?Fuy5SVsl8ECeir+?cbR|o|4cV1&yiMwFP<;#6@^)@%C&&G^&>%C) zy;=helv^(=^}SZLUO%cgluad%dNKtd5rDzwo|&bT@^rE0GI*2K6?m#)41alEsqIVA zflw1q)6SNG&=+YU2(zuzxRVjv!8j3OTPzK+VBwos9D289EfRw+NjYNM*Ld8t6Y16v zUi!VBxjO^`O*$R(eshskTbXGNge_X9NP&v(myxhU}5dhelX zRqwi(3>z1L^dCVaz!y0@+H-NB1(GD=bQj>gH||2XJ4z-9uyRYNpc>|s0P->z z;L!mjYTU((Ivhu%F1g?Xbl5Tn2ZB630(EL2?0)6?}OfZiuF$N%q$N(0oue4Z39D#*R1ZKExnqsbd%(uD6j;i`#ipE_&oB-T@=&X zaB_a$y(;xEz#+{Dx|P9*@m?%FK~utb>T33~f)F@{LgW z>nzB8`O>L|@63KrLV{-AkLYAj9Iwn@&e_(Lvdq~wW^B247)s|+BCzQLDzxdP^+csI z9N5Ib>4!GleU_=%<~9N@xcNr)&s5pmVKu-VTH9PnPglJB`X($mtElv7db1gG-Jyyk z52-wFwyV{GDP_%G)bhrCS4%R*p_#ikGdMuJkm-whj-OhDtXwW8xZ!7)gB$U*Qc6i; zN)h##Nq%xuOZCQm^sYF)5cy>pTudus&1SrqZRLZ*t$dLt4q(cVC5}+yfFuqxPC8=vzmW;QA@Z54&hz_JfX?eD^{8@k!*ia+7?7+Z(mN%VwUecWL8ZR?5@<=o8Kd&p z8taBJDlwnA7 zfTV7%H6|r&WIb zi4uPPX(vOfL_52?_-n6vd~mc^B>X&4*!A_+gUYb*ahRli9s2<|AXfIwtW<<*y2iiM{8L{$eP-3Z2^7xptj*scL z0c?6_M^mCKJ3;5`M$9MV{rZATHh-oZ^|6Dxfm9g(#jj&j(V=hrwUe0^*k~s;6YA~n zqoNm;;-8S#`1RnVS>r_c8&XdWj-S;IDUpBfWPn?RZebGtk|~EeMU`pllqRISs8?wW z=?8q%q_uP;pU$X5x$)$9S*1*qR6*s%YbiaQq*^L3UQ4RoBvq1GSVx5t;$rFxU3nw3 zNU6*=LdtPObgyfyfK?Qn+x%30Sf2tw_#Yy}dQx9v;@!FyAa}pq*#b1=eKX)>R zG`xog_^Y~CYw{QV+Q|T(xW6$;{-iXycKH{isMe0S75eA#hE93Bv6GR!9HwcPF7ij~ z*$J*W^d4t&O`<7>k;3gF_-%4=VI01&^Et(ofP*{=LME9qC-r?hA3jZMuJ7mw_Z8u|%hwT0N1ZolL!Q2*ojrf9+%%uqc|f z|E<<7>Jm+}OIf=lmI&qe>}}vlt6aTuf^z$+0?F*q5BSC{OyBrpCld`}h*{AzyOi3E zZi+0SLmcW7I>nT5Ajof->jp&Bh1}#wSqGe*xRX(*0%ohzMqG?ddtT(;Ryt7cN z{9}gw&AEJURC(H2ApEw?1ysJBW=gp*ObV1}x7yCGqmf-*j!$TO549P=e}!cK;@*D-^CK?=rPXbmZef9_-g=$O+fCt)Wu?3~LC{sk#|a@4#edl2Ii zNjXqMEvX@|q>=CSP*{#h>NliL26q3f&z($Ywoj<`4=X3zRos-FjG-=ys)V#4LRbso zb%-J=m9M{)w=vtxnDjrUSD*c@bL9#&UpgnSD+Q*8S&2@tngtfaF`Amrp5A5FD(?#>>xPz zrbfV-9{c9r)WA2>L*Cq*5$|SJBpEv(wH}G&a5!H&5c48&nD4?c|HZ>F|JTJ~{u_m{ zwS&znr;gG^Y9T53tXpQSa2G}PE{g1B=Icg^UC7x=;&zHhc3lW&((a3dcwG?Q!qHwA zg1>0sR}1*9#DL92!jkT|K})%%c&yUIVzUC6&Z;yus_FcdqoGb0t7(NToxfrYos05$>a#0(E1&ekN0HoIHPC`=#30w0;WME$I7?jKRwA zZ*ca1NciwS?N5$u#xh>N1nk54$PX_!br`$My`9ZWqPo?ld;)_1s`VB=_{+hX$4_#S zW>%uRWN4pE$bEJk`)_H}eNQXxB~_AoeD`FK1V~%f29Sc4A#>;@RAY)-FhJL&nnQu( zCHrt3k#6O^sHf1`^(eG5TBx8l_o@ZNim`If#ALXqLNeU5k+TLYy&*NmjH!)dq&hV? z9Y#j|*i6x|i+cKT+)2Y!$vOGAnSf=dh?xf2Ppw~Ac43)uPb;B@Fa}Z&oko)fFBuF5 z&gDUKT@Muu2Db!|5oWj1^KJ%q{IHqHOda^mR43%h*ExlEI%&B6&T+M*^Z^M0J0QrU zfS$7Z6L;~{&4Wl5GLG-{8StZC-KRCcKnv!l67Cf;$-rQ|ZC%Grx)YJx*wW=1ta4>* z0Wl(D~}QySI1oV5{?kXmpZJ5JrFVzby<5Se@VDP)RQ z1Pe_HFt15H83&X0B?Ye5Dt4vI&S*1puVjiV1S6xYv`Jk_jwQ(1oZ%b!-p*3q4Tgeg z%02&a#PhQ?SC` zu;va{C5)MG9mF3 z9ix%~lg{1?yazNT!goHn)`+Jfp{%UWDy)UskW5(zW=j3cJkI4elkighVm|}4@kjr~ zT3{FUUk*HZz5in1rK9{W2cLZF-w=Gp5uR_xL|Mw`Z!E(Na-^PprX$8Ou=awHeFP-L8Y($-LmZ^+(|v)I`P`2ZP;;Ti#Q`9wlf+ow~~8l!Ie z#FJ5goZoTA(V&A-j)q%dvAn!eEN%_9E^~^`bNr+7G8_<28aeckhgLNj>%y+)p9?xC-h&i2yM!!2^OLM1wH&>hQK zLC5gPcCtm$k@Y)HZT8Qyw6sp~fR;82Dk_hOB-C-@2;I}JZ8Y?AfDRal>Tq(K|pBd0V`BMF997_)`{(7 z4sL7nL=^DR=&Nu`ytIN@&>?=3HYmpf%35NjuZmJO4JFs-gTjvHoVUEqsvAAnhQ3aNEp>_uqIA$ikfnn?`0p70 zdoD;R4O=WXhk+=yISiFp`cXW1kP47PpcNvO&DU`dA8rHXd1b%h^qC{Nz_tCyoZvW= zkX?Oj;4WFS7l6Gxxua8u%3{ zK<{=}z_lO#g_nRmz%~__|BXFnTQ_T=EFQUVq0oLKp*!K1^U4%zA z3wf?)-l`|aT;f#ZNTkayR<$y6?(O2!=8X$x=PcTv1@8zq+I=bAR~vGk!Tj57*}w1Z z`EwTb;#xgvMpOTI(q;zgrW8&=Sb)%3jZR$_dYa~69rMlXO{t&V*P98*Zi^OLLo+u? zG{b&J8UG@b@vH2F1yvLiy%*dON*H47|>*;9FA%BcEx17Z8E z(L^~M^AkiKb+VvL0qm<;{tp z?B5MuHE)jy@^CCb1Zj}(h~Qs_2!6Rmzo@xKva_f=GAIY>#&nSCFG2`agVPrUPtO9Y zVvhN|F)h@6yoqYWtx-cYB=eI)In;Ob@UKD-zwFvy&;YhTNxwoZ*%RI!L8KwNIX#5x z3z0)^ZpMnhsaa$}%$&-b(?Z$58z^wy9wp@ASbz}HAm7o!zYHDxa*O^}3?YC*&f%tR zHm$t1fuGmOV3ge5%3wIO@OE{%45hpsOwEd#WByXs*5}T=Lt1ZtxNcjS?nYF3uF+NW z`BtX(@1nN!r|$T_;ZC|8dVThPcNE(hj=vAh23+4-E)3>cZqj_+RS2A~A{o0!Gzndg zz%xOdci-L}0AKw8IQzf5BjBqZ0e{bpc|!~2n=6d|=_kewJ3K|gu{bnW;&Bsf{sP*f zH|zH2o9lcjrP3Qr!ySp8m&E=R*7;3o9dgV6Flra!i2rnY7d>2)7enH4npSk`0h(56 zAzt>5T*hYcj$nRag85h4D4*wM=Ck$p|DLorS&V#3w)3A!hm*uze-Y*V&l-|j^GxuC zb^LEWVRv-*i_+b%u`xcAnx-(Z{~UUHyDaT(Q`9-m?HOXD88sF?#cwRZy`#$uP5T{X z{yLQTFTcS)!!6?HnQ#3~={j}%R!Mr?Q0t~x{e^6|ZaxgRmnFGh zZV!A8jZ9;J{{d9;mRa9hqm%QT$-GeJK9E)Mg->Hu@vHK>|MjHyj=%jX#P+Yckv_xU z_UBpS{#~gxcKmi}b zspM_*w6{ek=Q@gMq0E02%i@b4#j@hprPti` zTP4>CZWL~e*I&xB!ezi(;m+xc>;6dCN@hEmF;S zPG`AZ=02Wv`GwDCUGuAQy8j5ud&lj59oqXB-cX+rKJfE==lor1H+KAX33tp(&P}oU z3pviY`7qp0q^U3IU+0F?b4O~wFsc1wd*E|uWGajM-%llPo58&;Iyu*AObccH!&nwy z{4ACgzb4EzC= z=JlXhF6K;|xx=kPP8P)rO#eeIIOv)+66g2}qYDdM&hcS^K4ETFY}43788uS`OHLmQ z9RkYAQIp8)6(`q!Yp>F*;IgB_x#ab?!mY?Ts^|`e4ZwX3H9yq&)lzN6N$bj+BRg;UneY-|AHhL-EENN9|k5bwWimaNMo9CvBVe@0Z>4u}c|{o6J|K^-BFkqp-BJtPoc_anokL zEqWqL;cDWa+e=G+e>lE|Ca<>K&AqgAUz9G0nKSeU_YE~&P(QQ;yK>NS6D$-B69q`@ zWc5HRvS3{lJ`;WfvZ7?&Oq=JlttK_I%hO5;nf49lb)M<7W^C7WAHH zH(@uS*LvM%UQnmhN@EP$9eQ~PhOM(nx7We_i(&&@hFXRYEh&k&&cDF%5v491Xx{;(vKbrs z${<`vb7GD#&t3NHgZ=rj<;q#`#R4IEuW-viKs>#v8UdAhSrpX-H0Azg~H> z3^e=SoBXpNLZs7n*)6%SRUTwb&iJmY3du5l=(SU?wh700H|uV6c~%?vR3f%t)sc?a z*k!B>ws`t9x&T+4S+SmPXqW1_!=)yGFw>e7FY5eHGn2goW?!f*U z2KJY1`o5_9?clvX5_r0ajt~4I%1p}RQJ5pP1Bay>itsX+^g6;Hgp-jEN!}RhX1V3_ zASm~O3ph)>cRqbV?JRIErO^bgqm%$6ohu4&(81(3Fg0Tz0GtKmOD+KQbCjKv^>bw* zoh;bmi_W_(?!%=Y7^ZTLr&;_7b!lg9GmNN(& zA;Q2izDqxfr5zINReq{UGJ`+Ww)+vsWgqyi?%+b?ynd;4J_tsgoPco{uX)pgtUmI?NpCzK z1n80r0kD)x53m|qozXSyph6N`1C8-oUeY+@;5dmAlgRbPVha)m2HPI_&^oMrf|_sv zJNL%Ob#ft*u#AR57W3HGvxnf^1KLR&pNXA57*ZF793dlu*DGFa zCY7YelBB8X2x8P!AvvUg`YG_ja{$}ZMkgu zNMI(zg1UB%fgf)Ny7WLihFNzlD1g8?kq}J-DzZ3UM*=ha&r*rKJzy@+JZ(aq-QpMRznjd~IoqQjgmkdLf{g4uVpS zD~(1r6$CDTgTR7h4k^tc?`*=JeDC#uQOns~%85znUHFoq5Rur>kj~A4 zZX^M8tovabhHFg_4EVLa6&;hMB^N{J4;~VV;4Lljh$h_eg`hgE5coNS{ZM}UgU&Y6 zv`$J-?OIlqq~0j1`iE8L(|te+JEm~c*#PAepC3$W`9x`9Kf(!|u5cC(gHdF4IO_(7 zD%(72R`xe>Cjcd5VZ_qzSg%1z>ANS-RTb!FeuI&C)c~NaO zn)TWtbJ6Bj8et6Jc)6!VJ;cU@}~bz**{>slR!AbMG7ey(Z}p53&j6ux8vWE+q&PbH`) zhm;#)wBJIDK}fGhHo!-Legn%Waf-n6bSY0Ct>gO9i+bgN?vWw3#dzsn6nW5sQm|1KoU;U+8{iTW1 zHk>2GxGvB4*0VXP_vFl^=Ul7^bcZ|O(7x481p3TfSMylj2F5pWtagOHd^;~;Yu845DH z;pM?*KQK0Wz3?E#irAwT&x{UZT8Tx+H4bOqflkHXOOAZJ(V0{6vhu3hI<6e<9Z9=1 ze5EN}2En^cez5_b23h^RTBG?KnrY}a(UIQ|-uo?Crl6!u9Xtk9BGLc;JNW6OBI&1R ztZ+O+8I690QV(FP(U1#QPT!PI|Fg98`t|agmDlj+!ODfyZ5Ri`L>Sh?=3Hn&Cu641Pe0=_tZF3O_=t7M?2~KW>e)j=CY2al5nfG5VB-)!v$yMYuw1 z?DW&(^2&0-)&zR1HF0#=EF*Xio2Q{!dA+joO=k;m_-G~wS__LSr~g@D^~aoDiMZ;? z+obnLGeD-n6uoOI3Ts2H88wDd#i*=xjP#MF@ecchlYiqamoHAAh= zy^YCK+%>$SRh?bw$$58>SWcA2*F!)Z-^7PLGCxmNSE1P}zb)FA{h%Wz-;F+8i9bGx z*IP+a6T5p_!AcI9k?R2bZDEa0M6@%6aURy=04#)Ynnu~!v&k3jo5oAe+Z-6#@+b2I z7e`Lr*FRD-!<0r6iYGlAk=j=(8^^b2*r5{Ywxm3U@L3rqQPUNouyAZ!7eP9~-gSp9 z7)Bpeb+|mB7oClyX?XOAwrFfBiWk9mBRL^xbV?X}69=%du^~#m?%-W0)|?6Tz8lR^ zJF*JqtAtHbB~(mf6}0e@tz-KN1ViC*VA!QPrT?)k?^oB^Qqg|K)A zZLV*_jh%j!Ne{BAJz_EY>I4SG9y3C)IFP^>ag%e z?MvXvP;a3R3}T391u87iCe)9*J^#XMU!xMn#mMW6oGMI86CEFZx4p67DU+Z--g<2e zFyR(`h5{VK9=1wv99;OQZ-GZ=Wik#(Lt?$WDq+kXLWM-qnEme@Ll$0oqdA8Ri>8cQ zH_XO08$|ZY3<}|44aq{A87t4Xo8666Qj!b}3Gy@dX!DGIi=v|;0I~^5EjhEkv7k$3)AX}SEPi+mi3d7 zhqGQ50Ky*tBse%PCf>*!jD0^Og((e5FA>zM@_Xkcl+$}~-|vXCYo$}*4Fa5I)Nt}f z*mRlo#8~3gA*mj5yplz4RqDGh;VJ}dy5xJ8C2?Msr}ET=&}oYpRoB8I8VS^_(@=rl zDzK6!#{oc@DG+)ZFDA0_`n_ogTu9|rxmXc<6c^VKP$#gm>T}jVFmO=&EKREQRT|z75Kl}>Xy1TkRsfDEScXuI(%Mx zaZ<0gY;IUc3N^h&wj&FuqqHc2*hIV!tWD)U?(O82s7`ZlnukOyucu$B9k|*b-SE9oUD|920Lh`>Gh{wrDBiRQ~3kdbjZkQQtf28nN4v3cT;}; z$?rG!YtQPHx-=-$4G?`j4#B7uDR8!eR4;V^<>sTZ&@zJKls%p!sQyvFX{X~JF$-pl=x8sdHlZ#)N zYlwiM2V}@)ew#(HGlO|kZN^&3IP~A)^=uUB0cX=O<%CU)dQHcLoV|V1@K7epa`B)9 zStSt^l~K^ViIJYpQ^`%oMz>3rw!H)vQT6>xBAbo0jV>-7ZsyrlXgpHA3vHnUSXX&&L|!4-V33V*$-)=@cdeRb`J*6Lbo z^|5q=YI)Nn^ZNN~I<;JreRVo&6MizMjV8rP5v)vtXMk8q^cIi+lamumC&N}=31U^W zyMlyPti1Gk$?YjG39)+GeL_NeR$h9&KNgpTm2F~<*ci6baF}%TYXLs)Wl3R3WaSbu z%SEm6IqVV(4NLKU8M`GjG!_ELRw0uZBfRXXLnU5zEWTKeNMy4L*OnT({Jy)1@-FT_ z{kxgTT#oy|65-#JE`MwyCvzSk2Xh`s#)f`uW-<|;$FN!neuG4^M-(zQGJeK%snjX7 zTE$*i9}W+vdlli+EF7&>=M>^)o9N4DE@qG(>s1O5s{Q4lX%Dg*9v*D-Qw}hre!$UG^zKf74$m6qfK%#d_qQkNogbz6Mx#ema{J5-~m|nK?0a;(W*yZX=PjReX!_SYOACl{<>)T`5$xaLb#JB8>}r| z{s`xlT^Lmzp;d>BUY0tLNs&fq6$zpBON3N(5lTrw=r?QUFrVx6caMID7ntw#cj_<_ zQnH@(1cZ-be3TMnKpw03$Rd6~F$MYo#@cz-!9I;0NIHg*pRnso{=z=&BL}~;&+V$w zeXmdGgfri+N4<@l(sQsda!{PJS|sr|M8{m-=izMT$3DO9+I%ut2ex~5N2s2u$dep7 z$b}_hjGcpYQl*@Y_Q{rb@__QVr2qVHon0(GxzeR_)a%nR4(42Z0U8zIIb|#>FG5|U21PazK~EaVuBuBr1PaC zDBWo6i$kxEk9m;&-XDx9A4NP21RpgoP=ybl`!3NN6l{oP!D1H#T4uo(Qk| zsD?`rP?L(Gh(Hq>fDrmV5brTCjVmh`fXU>n3>$$%(1pSI_=7j{qXFqwx?wo+!Q;>CE z-y3h|zV!~pkKcOLr`paN_!0P6n%XGQZ*p5-k=k- zQR0Yixc-imCY2IMW3mK@UhhD}|uy`Fz#K8AEsv?Ug-!ZRJ#B~t}qMF!GsWgZp zO$DXwS`iuPqMU<-+cai>p)-SdSQAS-V*RQ1o4nNBMj?)Y) z`;>+XyERe>L5Bf9k}4rjKmi*oq1bvLo;uzAR`m>i%!2)JKG^p~(}&)|>BQvu^kMnY z551W4u@mE53~kooygd5e0Ws-1iq1+aG5Z2o#&ZOj9+@Arez^(=@7)q|t@uk*k|0nlJP3m&q?hs`@obc0Z=Q=d121AbP(v=YX@#UFg>$Co*dR- zdSdVpLO3}q8RfhW8(Q2#Zdz4UZ+EbEsQiYC0!$h^2Pv- zDsa-dGcau-+$hR%@Wz8uLPO`sPY)!9HrymYhn0isR2X=HlI-d{@OafGKt!Jd;dTEE zC+ZTJ+IcZ-R_ZB8UIu-M~|N%|M&RO#`?zk>J#Mu zAFn=Hz2pDB4*z$%e==fO>;}W@QTO67TG47Fps8^br3ICS!!s4?5lRZksG(i^7BB2OS%9$H@K;N5T6pD*I`Z*z=&* z3qD9eai`02Vyx8n$D0zbwQ>Zt5b2i02}SUtKMBXsoiR)A0MWDHJ!YwK8wBHS+b<$8 zBD~6JzuhL<_Bsebi|wA*?E_mb5m}ETf?E7$L=+;>&(5Une+gWK>|!TqPf!F%;~9CZwPq0m((hdY!POpk5c(+6WiZ zfR|MmTD@q#tTjaA=y~(!O1&!J_i_E`Rc)`jC!YNZnN_iSbo^_*_Tptzygb^cr>)B2 z9;6-uBk}B{iK6Okr2#dwv{fLla`>yL{&HNeHX7onE@}tI`!#?E4b&@#aMNlOMeT5R z{{$`!FNy+Sh{L0%*smSbnoz8HRK#`>SiGhqDr-5UO={!)c5RqDSM0W6WJqr*n^|D8ZN z$QOH+1K?vCB0pnzV2XB6>eU0p{OCEtX`DQ3G;7V1W>vg6I@+UgZ&d5AYP;3Ome@aP z(8!%Mszrg%o7g-;fnkGe`2FmpQNsbGQ9o=}>-Cf4Ch#)_7=@o|V28!Qnu*bGK=igjQiZn^tGVVfDp+?M3x)w~Dz( z2`MLzp&xcO~&6aE%e^6tEP_3i4$)$2jF zC|ab5*J>5*=dS60TCIIpU|6NqI-d;M`0J{$C9rKlz8opAEYL-u?Da;abpY$=XiqEy zsvi2C2G&n(i^G%s{Vg1Vb8&QBJ!~}g71!T7JUMs<3-3ojbZvEw7@&*=2<`jG|!T8^Y0K9KyL%Lq(Bo z@du4h#tHsQxExX=+>v*@`YE<`u+(1iMe;1#Afwn`2sm~6(697QN$0yJBYrEo| zf8F%)32yA0dc(L&8ZWV& zRVFz5KfgV$jQIrgaTxOeu7bCI=u8VXGwl23OMLGXAE&P{yI!OA;;;qOqyFo0bCG&` z)rG4(ul-WpgM@|az|n+Mdy!tjf~qxZud298j^Jnl3b;V^!=t@Q!5VyTGQK^alV#lq`8ltTTSSROahy9j{exa`{t1-D8up)jnzXTTGc zJz5E?Nk!0+Sz7+5VidXdrQi1xF*A8Huqt<`>)7BQpEA?illT*ECK+e}P&Sefjq!eg zEZ~JdfWiXlAKey!5V)Z5IdS02?RsNS7KUYx^oNtFr<*fB5jB9TmuPe^27=V;CLuY} z!NEbApg2V2F?B=0LDD@&s+6=x*Tb>NWeAuBeCK7ps%W!r4qIY)|b!r61fn5bpDy)P5V(*#U*(HWvhqQRG zl=>}KCgXu)!4=?whVF7!QEdmKI82z$SLrmT4g5=X7Sbmpbd032%i!9ORKGhIXYl;O z$!Wpl<-4d40Yg?4eDY2PJOscRcq6flV^oYLj)NjjC!K_my@23khYA_qezei(fLlh6 zWDf^>n@;!(f86qh!xoNz9$*z>qGdn?*3`X?uF zyy(B}(jM;)hH!JG<$&vY``d0|6ZuWuA&F6umMq{U;XgZho@d-;dPc297y+bsT(a3{ zthegBVua+Mf46|~hZ|CZ3smu`1g|XBUz%bW`R!JFe5IK@U8GsZyX>igW zR=4z;mt0-XJM-xTHH@72WS3$Vto2j%*A{Im*lJFTP^yVJnoH>p8v1}sJJ7I+^fo%( z3qKq)c>b+$!*=ke+>UA&*@d1G%?Zv`B2&hKy|Li-n73!VNNB*2x9Y7uxZk1gxuc`j zKKh@Nt>7Q)Dqt_5@I!apz7%=29A!h~$_?>7{%NG;g~D;6XmS zT}fXy=UNpKvDV4qPlrc8A5L8qYEdHYKf-pJcjc)zFe*}YZ}z$)!gUPe;df-unNx6S zlRYRdMVdZ6>~ZugPyj*3=yR2$S2 zFgeV(X&$N|k2Zx;6_FsS!zJ?uD}z+}22mst14{jTRNpH)L^AS~4n__k zjD#Y3@RKMi{0oHgvj&4%H*&QenNomUdYUkylx|I@T`ps`lTPN^Xel+k&f~Efg8&s& zUBWb&jPa8Y-qe#(TEj%h=D+gX%FRSJJNM;;^r>-}|B{yzja};H z1p51VmlN@Kyq(K4 z`D+GxRH+^>1Q{!A#S2RLV>$5rVfoSvFIlLrt2JI$)^5OeM`mFWzWbKhRl-DZXu#Xp z4Dnxt`{bpT%zesDw|M`EbnU6rT&T?(VL@ebA{(mntUVAd&x|5&)@?U0&XXpAvp3U% zjHx>?|K-f-EpVqaNj7`>((etKn;QnhNl%#tB7t@pHhQZch+x#=;;47z4I%}R5d|Ld zde}uH_P#e5;EF~r<-F_nI-z9E5SBDT&7pS6Xyl`I6fu7i&>5=f0Q+~|#gn!i;gKr8d5i@eZdsNhRh!i$R@LeZ^b+gO#eJ?}x{Np)Wi!>tB8!q& zvg{l2gjnIEcG!HlF4W_Vl0POgcuDk?SCM)8vG&2_%zB4Se4Q(sW>u@-s3g;z{jhX} z%+%TfujrEPZAh~UGsyzgqqTA_&y-{mi4#TY^X#y7)*Y;$4f3hovfike2Bi|^c|fpu zircrSkU}W_4uA)wy&#I10*B*4Wq+T{KWqCZ_3C^wDQv`#&$dd((HQt2@=?6}FNha3 ziQx=C0G*JH74>qkE;VX))wYyVOFjWt)g}!Cd-id<(K|5NE{;cD8xFLLB@k6>f}^>a zOH;=WyCWna)>Viw>!gfaCw=5PUvuO-MX?%1V3>mQFdgUN*Ti|4fb(xDIRBQ8^KV}h z=id@=?(~OiY0HDMQdfvw@oOv+XfF}}-_r5_Z7Tl1eP#TAOTxeVTR&~7b5<#bYWhN(Hfr9(^FOeXWU^vu{YFbv56 z-3NR_aXP=Dm^a@H>F?h-1)Jm_zwr+Q6}=q{3eM0%GsJJ(&rev)PcG(1igl8Ubt1)v z$;F0|V!tI9`z_iibTp-1%!wBMEw%7((ZV!fiG?Xg&c!WlyV$;SIf`hmb!ytl!{p@O zl9OGk>gN2Gl4B?VWzpldKVBud1@(LYco&75bDe+gq4i?OWdOo&(E{z!xJA6UEW^k# zB67TMCfAggMU?E=S8YyBx+3-huVY{OWPAoiX%e3^*g+7+W3z5n7v1;%K#H>Y@*^*r z{953LlOD2%2+gX6+#k82SGEfzf0Zwdc-xcD7Wk=cDWu;J1SR#B?I#U&V^TLi^#%gq zoogTFxwk_*my{sPy|7Fd!0M~x*6~l(Utv&`?-Ekx_1^ioBogj@>Pl#84xyx84Rmd^ zEuc5v;dC78VemrSEGX)v z!JsAz(?{3{Z(mdotM$r$!Z0K9G{QzkF@=&7N~*uMc*7Foem+jq8h6AoGz95#60^^M z+@x89Fk8o=G9FJP~La%H?4beC*V>T^=_0#t|!%L?2UPuZXvxiO9%J zc~q1(9?O8uG0SZt4~1B!UVBw(R=JQA07Xm1MWQh%+){U-+p!Ew?1I{)p|xADV!Pcz z!-pL(1}4NcHVG4xS+hO#N0kYY`y>;DxN$?0_I|m;U0DP|^c6r(sx>g`K2;SXbm}3d%@mz|PZ+7SYNe2|KAk%kwx>0&NT+aFLt7Sy!>SVOfG| zVC66L4a2@ps*M{{=2kLH&(I!4WF%=LB5YLM6vS{m>iGi;u-0-lcXnKFXoa9&x zMPH(#qwcPk1Xyy7McX&E)w6dh9`s(9O3G52v@e9#-ZR@x@2>eVoB?MZY@?0HR`|&- zVHhdIp`-z8NeY!r9PLMHo0b>F1OAM?;wJ67L~TM#q@(Dt-Ga@tScirEo@Y*e+}92Z zqh7+9+sQ{ekt}NZ{Ks#5Ch75;w=Vp2O%yr7vN=ovXU-IUl2zcy^2+-A=Cfdruiu$- zcpYgR47E8Rx1#xgy(+*R*}6IBe0v0a8vkrHno^OI2c50NSN-VmWGJ~h+lYO()I2f> z%+doegC#qmQ)!G{dQMv>q8)(#I=^vQuX ^^TtLHb47uo^Ao3XKAcCi>#btT9-0Y z>Y(ukNdAMCe?Z1asbq3S)-&>cx3ypYC3!=|ZK=yS#kkDpn#pm=tMmkbha^h6kPV26(iRuc zrA>&`V!DMHkzh%`xic9$YR%?BfU==$Yb|trkhkg=lc|0}U1OE$RJW;hYAsZ_POb$x zg;^8vnIg?knXl{r4LFtZ5ARoc>ih^<;$%o-%`AhALEjib6=%)PRXI+PK(m8uZ zHzVC(E4U~eE0@a!aSo(lFh0*i72u=L5!jIup`8~;1yVI2$yHv7&z`r$ z{rlpagoMULo$@?aAYab(P}}#~qkzLwvU6|tjYlt{1d>ij^aS2*U&@o!L!FlMNl*Hv zMz$Jd+jgIf)59uV26e0`y)7Ys+Q^}%?gi$08tM5u*{hJYQdpr^;Di@Km zY#u%6xc>EiN4t8hpvp!W34kjGpor3+04a~0#2MHa|XN>P*^WxO!Z7Rk~Oxr=WJnA?M8P$0Kj z;<;7^prr)MgvD}>!^XC~e9SUN3{kwJ|Gs@|^VWe6RcAeI6wPCiD*A9*QFn6I zHj+kANuEg{DGNTDRuDzhs^H_KG4|W-v;p?p9k|Jpv=QsCCk?26B>*@U_UqFIl4E-f zWPjJz*JqTKx^xP3;!+s_*PYf6%xj%pqw)*_c(|Gf0KLGc)VCc?5r~b|X~j@z#>J+M zf_baqvg^}E7o|*QbT=LnHK-HWFti|AzfJ@RS+iEXTG^9MYLYj;A)A%`7h?L(ueWw9 zhrm8kIBhiap0exfE#M++hqb0|-R$^ySvp>St^-f%QiqL%ved8LBVsCTxR27{;uu7z z&f|o#5%XnT_Q{m8(Y}2@WqkFqB+LGg)VGKsdpb#rz3xpRWd;Xe^j}piT9Y(yCp8OA ztL(#RaGUl0=`;-bw%}6E6_SI}HV9difqWIPP==?9 zF;vOyhXwsn(kMgks#Xn&_}ZhSQHCoX^4!rg?$LV2VnP!+bHwv5bjMeY|Dk+X-*)`J zwe^kFhtc>Sj~?H}f4h_aPLcmwjpW+}Z0Lug__;gih62XT7t2S>XX0up_^Hl-qE3iH8lGX-F)*%xmcq~(Ew=GSf zEt7%biIf~ixd?zM8xL0wly@yVmTiT^SPc>g%~K;P!pg@?NOZO7UX5+57gtq!YBgnx zLVuQx24)ODl%V8qfScRE96rE|!3tKe)l{{x-VIOUcvf3~^f=?}DD5imxL!K|+Dp#K znnZ|!Tq@yxBxH&uy-p08V&|uaO|eTY7C2>Aa2~rR9JEATfx<0RPlrxfq!NZCS*(T$ zx3X|86>w#diU}cC3eH5BAS#iGj#v)aIiDN|X@OSauGjNLD{JfD zCl|9Ku4tIM&!5E$e=5dNHvZ{f&mDp#si+-=a~g$+TxjNBh;v zq0pvyDg&>8FW?p@*+G?j1azV)gOEes>)%NJI9wX8J1iWo_ zy}bUgy!H_OTP?4ZA7-aLBdDv{KmH|QVflaiw&njDkDsirqyG1!M^85J2>|8)k5}*F zf8WXf@8th?^8Y*e|DF8*PX2!<|No1G5btyYS4y53RosZ{QO@1#j24JG9ud38Gf0Q; zc7l-;8_z3vw`z0oWIWF|g9dKns>6`uC8Q{U`awLD#C6js)4W@;tA=OopFtB*4}aC6wRN5~R1=|sB1$U9UP1@J;ScY;h9 zZbAUJ{nY!DDK*aps+in<#V4`h- zc6DvX06pR^BE=k?N8Z@^b`j-ZS#`C|wmu4-nDB)a!3*|exO@7vK zAC>17?K-)OMLj_=IM`t*oThL)gbO_KjA^cytEJ363e_wpoZ&${u-EI}*#lg}B}8uJr~8HG1n zZsEyUa@on5Dk{w;CD;~+?piI%s_NVFnw4j?p$F)pxrH6gtKJqx_Cq$^XLIt9789*I zX1gHcA+p%DNEC=~puoHs+{_ofKJyPwT8=~0)`2$)FTI}aKM_Y5J^#u1TYWQcpl>;Q zvSPu&Xqmu~%E)uU;dTvVZq#9ZV@~StMBrrJh z%{o(GbeB*=w#&?Ku<@8L&A9VFJ)Yl0!mT@_%Z_DrUy3o`n1vLEU^*0{@b#B$)l;yS z249VN4oo$5o3=N&h;P*7%JTkh?H1vzd#dW(h+Bs4AwkAozbizK5#=oLosO7t#7R&i z;-V=M`T?f_3+cg%R5ereu3&RmDGkRWN$ko{1d6ec@gv-5*mdb~JR18;N~%poOC1!;*vD=Y^H%zlqd8Y^D6OTYWWNeKjNJuOO29)TVyAsiEtjz>WAxa1Yb($uoiEj znTufxA2G{8_Iy!*=WzS&`t%MaW972+EBK&}4%rPOHZA0YIwdA(G$d%$W$UFHokorG52}^k>%DJ;l@Syg_fZ%U&nu>7Otx zbpRF{kU2DeKYt7!=v|fIo%rjGgbFlI54mAC9ODVhq>=-zk}BMJ&$~c}nnm%!XOAZ0 z!=+Czirum31b(R6x%A$X_>&HLfm&#FSb>TYQiS`ZiMRMSKb-b{{7Z76z@R0Y)s63ITm@;9X#B;cgk$loUk( zUGJk;gkYqDeUkGTx}evAax0(7%jEbW^eE5+WuV6rN|X_J&^_e>{#wadCc+6La41oE zZM~uI(dodo2U6`()0yU+-qJKeFKbeu!~%5P7&j6E&y z{n0hT0WJxj)bLf#Mp9GL*s?M-)g_Vh#8v|DlI$tijYL?njf$i6-qQ2aFYW(rGiy}T}+Q6cg7s8JyCJ}Soi zHtCLNU0{@jY(xy794ldUD;~8%j#w)iy@GFRv19Lcj=tG3GbD?I%eK|N^XDTR9>0E|F$zbuRVS^*gzRD$Yv!?xFJlQ$k#1;bU37gXm!BmJ-* z3=QqIzz!Po+XTrf>}v9o2G?A}GZ8V)uVZ62G;CL1u93weA99jkVmd3MBuISiIr`dizrTdg@7ey*vshXC0CC?s(t~w5Zx0vl+e2Z> zOUO1#A`&8!X~532g&i&mAF+TNSRY?OV{&Wgp->5hqIvkjr!DdEW5x=S*6t6jx{;@_ z!omwO;v#V7T&6#_o(%f(0n&bqDLutz=Y3{%ALmL>fh1g@-X?9pxnV>ed>5A9ea41O zeVmPs4!t(X!4Xc9?DM?6W!mJv`F^b)PkHLPITx}RUvP_$WN|(tL{pEp`|biO3TE=U z+HR}prgFzmwe{Yb2CE)=vtZdiC$=Jp#UiRou<@{}DIry-gi}olglfq@Q$naF){<-H zQxtvTA>8PK7Qz~kTW`O0yjzE!?^j8KS-8OnO??tV8vscv!@%d#!zJ)g1HY}!u;d`F zxB_^|S5^TNV7EiK6592&y$`};u9Cp_x@RMA)RiJx83Nu@O&~zzODBVlv;`usHsZ4D zL#_7ZHR|~~y2u7`E3C7Ja4c+L)hp%0R7J>jc0=1r0obs2e6heY;ZaDq7M{+ zh;#g5!fFg&LgOgQmvB|wR#_Iqw%$-nv%U*M-fqLaUS9MOEYTZB(=r+}bZ#FtX_2C} zkVJdLNq;&vFS>F)ShT=lw*jTfv9y1YoOjzBdS~5UcYGb=zfXX(dAJUXrsGT9%H=8H zqT>(FCb*_v?9yb=S?wmUX7VFz}nJfmO=`dZS&2-Ec|T>dCu$|B3vZZnkb`8PJ*sa)56m4Z2WK z%0cB9lRAfJ_JK=4Za5-Huk%D`NPNdMNBk&U;LPlrm)MXGXIcEa@9dq6+kRGU_<1}E zU^|cDU_B)uZ!nQ0sFuH+sE9I7WgoLR0$7oXT#PV}k2fR+mD&mD8?Q;AMy4tj9& znBD5u8)f^8(dmmv@tz8Ao&ev@c@!6y#nop>dZI(mEHFng&+aqt;tLb@w9_eaL0wLc zSv@U8b^KT@Oy|iGWatr2DrPD&=e-7{MO5JPZ!^UkTxF!6g@M6C>YGYcmofP_z~dQV z(PLS<8JEqbv%QLn#Nk|d%)5qr?TB1A5D9(PNHB|0ZwE!$Dg7i!*y9J|fL<8B(tU+| zYNp**%pJtM_a=$$Q|>0J_Ox5Wbd}bWOGQMeYD;-zx}7n0eu2x#To;lQLP4tFb8*h8 z_k%?hIB)xo5Pgwbq^FTb;n}l=Lis38a8*mPB1pZi;iyJ$;z`39xtDy-MADMl4_FTX zH`7@!I7_<>V!8MQFl{Ps<6MthE=5dx66e@?qP1-&Z#-T%S`PD1?dsiJrp@JzDN`Ez zF=d?X_*uzoz_5CW^ggDpf!LJRwvt&q>d5pMSc_@WC&@6Zlg}D&ly^^;0HlxdyjhF z`=Jv}z4bhQjseK==W%8Cr~GPB#3HJ%7K#iNihgox*Yh0d+ywytAE_!KR?!iRlp@dJ z5ysI}>Ks^CTH}*oN+EE5`bH~qq{Yvc>^t;B#?3Aitu!l0wv(Us$vMd6r}tV1pSEi1pwkXOJI-`s?@UnX)NC0? zIvpJoMA`r_!K0_tQ?aA1YSx|CLCB60ortN43!OXwkS{a-SmkFBNB1dh(T}V}&s%Kz z6&V;?uiInJffUlQ5Q(WRv}_>OTUU|9+Qu{%*on#D-5~fd5cz@RZYWq$b$72(DWm|5 zXpk1gt~Wr76!|uw3{^=vh_sbb;J5*(0SuWJBP2`lDV&@EzdY&rDL{Pa;1fQ+h{ZyB3n*cTpIcrX(|EtHVr47G8-j43=BdeHbqJS5D9f% z6en_)hF*uHT{7+j+S>TxI292$3^uS5vN}EvvqQ;qT1zulj*g6N5WzPbHhc=&?Frnf z%Hp`^qX8A$xhnGuxLJj1qaKN+&5KiWrVbt?up$3K)`Bt)>Sjq}vBvEIfLnnAJ|RzHge57YOS#iVc_(pxdScw6@4= zB0tq#r$dloyLqtfDmcd70StGyV+iVkp}dpYw1asU1WjVq0vD;D;pTxt18}Ddj_71E1ordpFb`$KwWpi*O6xGL& zfeIZMXf_yYwb^07>Q+)QEC<#CquP^58=FB+aNu8!WsY3@d0V~YoA^xFPaBEzw6>MT^ID>C?xX5k zGMZ-M&Rv=PVwFdQ8S67?uy7TXp7IjdHXMFhTgdrO!_iuV3c9wSlqw7-gWinQCrf5lqE8CEJ9V&wGQ0Dy60WgOJ#RG2CKpQpsiY^zSs~(bbuz*ml;YW zC03C*#^=N~B7*D}!VDLjgTOWbuN&HxddNxa<6qkMi(-an1F`l5W#{p5Qr#@lQN>8d zeXnvZw*IwjZ>MQ{nrw@B+(uUvfOes=OaU*MWPx?ci@-*eQR&WM@gwyosQ zN(M5BmNjO232Dfamc+_;?ebYsIj0TnISj>9fo^dM5!LQ3qYo^rb)~wi_)&!L&v)Nh zdY#nhd7g)+D6-$Ku3u%L$EV#laxP;<_&NX6KRagHKQjK?4c~rezyGdptZ%Gg{I}Id z57$;7uRre{3ACwKAR?%sdz-hc1jfA8LZ@7{m!-hc1je{cByYaV$q?ojuF-*xSP zZg4Z1Bcj`9MQroiY3ZHNOAQ^@pSZP54n7;+QUtgaKCCV#){G zZU?RyS^2_{-Eu&lPvG>{#CcwbQ~_Y(-LXW1D5mCkuaR;HY)85;pmz(Qtx72@w~4g< zY0E8VY-!^KGmM23smhp6;C)nkV^{9#Bq4tpzlOr;KJwAigXP;!J8DM>y<_DM8N+d_ zi@q05yMs40c+$6ka(Cs0?~HW+Jg~2pldg2&XDUy+LMGvj_RMR)3!~;ST(^DJqPw!L zsme>YTJi*)bgeoxe5Y{K$+i$9eQsMrv$%^bBY@8+B>~5|mNigCaZ=MRZ1o5f1>UE{ zvh0?n4bIDeyy-2I@`1chlis>&Ox^#n+j9KB4Ve`&gZ%9fuE9ln(o8eDRKaq?h3IkV zh>HNsags>jZD2&q^Awhj?WBC~nrV(lEkSAY_$A#vMv;}R-*U62>rja%6C>NpRKTGq zvTDt^qv~QME8Hq_2zpgKMZ~;L2O1qt#!~P~i0M{ovDFSyuJwGs@&bKZS5Eeut>d5f zX4?Ygc@Y#IAfBbCECQkc7pt=?OYc;6)q*IAwZg3qgd70e$+T~%_i_(e(;&wR#sqgV z6uMn3xRa73!!-2#K|XEpBrwM}ky#{agQ@g_?NCG0W8mMv4QVe=X=R4HB-3WHzoaNm zT*nl4a7^=n#3ZnK_yQQk*6zU`uD?Uk?sr-p|9lYIZ;g7~8`UO1+9Jt=J?4C8<-*H0 zWRO2|Mg_@+qj_k_oAmHLIPeRqzJ(I)3mN=Wy>2?l;PbY`1AoR)pyzMaE}$8ycM`k}m~k)(vj@U>DY+RYtFA%zs-uR42c4z(mSz#-vW; zX_W`#lp*p^*dO*N$_j@jfD?Tjkku`o5d_%#c{X-DC(u>Ny2+CGP+zw4lL21L z3K72vc)M=e0#5aE>^O%|o)OB z8|P@(XLdlZO`lzx03?jEeNlpq^X(O%fVSy+*$U-^G)e6b#pO*e9OeI%J1RqRCFq-NGq@HJKq9V@ysO_v@L=zuj>I44%Em~Wg) z52@d^4LRce!r^Tcy+REx3?g~IdyYzr)kA#UB4)mN`07=quC%{}x}vIEsLdg3(Xu~y z-yH=5iU=olz-QhBuwy{npeip_SnBdpOBZ#Agw0^-r-D)awj*7yq>Lxn-kGlbN_^BuZP#;!X*cx#jAnu6eZ6Mg#l9Bx0d8V?j7PzBXg$@aZRzO$ zasjEJsz`!MIA(402*a!QJCP2(;hl}$VeI02JDG``x$38=85dFp$Y?RkrvQ9X>7up5 z!0NZYKA2GtwHiWEblJcmN*F`;jVwNZWaPtx=y;>H3d-BUl$Shr4dJO5^&CdbSclbsS}WNf0pbR2O!8QRr91LfqGwT~^}g5>!5O2c6hyZdJuWw;Ce- z>1j>TRcoHcv{ep{I4WM-YNe=43g_kr?>ba(N@0M(8!cnH_UL*DAbBb2h>u!xnn*g1 zb=i*L`Hg+PCG^B>!|uhvYR)##nWJCPQKW4m<3hAlM{!t{-S4y^O{{!#TofU&(Qt{w zRBWQvZ;l8G92_ic8|G;!I2Avmef0oHps8|K92U-s%6|>Hps8|K92U-s%5-w*RLa>-7@n^Ji=6iWmOCXFn>456~a-#StpO zj0|>+LINOS7g(5G!w)9?GZq9m^&E@E$+=~mi1o>V5?jRDl_(Uut_G0VgH1n}puUc7 zf&2j3Xnd|r*LWAoPX_4p2xu_N8vtcil>uaw^o@wJ{3IO#!Z9%mmOGn-zB7T1i^xH4^0ng9KU!b2lCc(ygHX+$=G-Vybiq# zOtcJcIMOZ;8n8iql-x+p1PzvZWJX;&^H72*SN*_8smpucSdR}we*(M&l&e>WdsMES?gT&=qFqLIP=Cz2vWaV;+Sb`y3ASgz9V6TolTkkvhkK=^!3)p{eY^-fOiuwOue{?7R zxs(6g$$#$TKX>wSSLS<)vLADHR4w?(!>ls4QqXEQp=>9KuhVIDIrQ)!BCgDPb##QySpi^ z;L+nfvP?YEA1>#at0A1D#D zB-|*TralFhO#)y7lEZXX+g9vXS<`6n>NHB{C}57ltr7l|@d&J7)LC`uds%6`Brnva z3|l-`#(X^bIFKmksI-or{SS1f1v?#xLh~gVQGc9nx@y;J)LtC6fV9+qJ#H>i?|JQ) z>K;lo7p=nvJ`14;>!a4Jy{h7*AHg96v~Gdwhevyrf;EzKo%d0zs|*Ws4>`S_Gh1AY z92wX4Xc>?y5n1S;cS&CeSqYqZ?aSBH3$OcqbVbmP!=!xUQ`}k)By>qA49n~p@I_^h zCOpX`x!gw&j4An_ic#d)8+Hc3MNC_f#5eX zC2sjeNzY)zo*al}0tx6oJ4Ckuj$2-tl^E-}g#y2k^Z*&xO_~%s zpnA$)E78gfZU}TwW%XLDsRohyrJKz)BxMelIS`n56KD@m<{L6vsi3}S zTVKsI5a*Ssa{+4#<&)GOb|%7aG0{@39$a_!fm<1Cg8^1%r1t^4ba(Jx)Gh`n2(aC= z4iggnHujj}4)5+-;S9=CApZ= zhxrLgbzN!1s$B$~j1wKV$Y@xUtPgTBs86ZhvJ57?F0D7LMEf^4(8n0qLGtIoK)0OT zeKt_6QV~B!u8ABRN40alOW#7SY|{$nj9sPC&ER@~`qdXJ)=|h6K)mJxud88Ybx8BOO?j{WUET zTl>}fIkVODjxNY#M~$P*2D82IkS`V@HRQ^6``d0|lWgBqZzMX>Bd^<2{T7=LQhWNt zu!_1pJ+e0J1LkTg&69dnECcfH=Ai=3pNPpOWmZ9<9GEhbU3T%U*XqLJt=s}kuNEswxFC~p=ME(Kz zcQxO>5gp4ADm^+E6@b1shA|CIJ5;gyaa7TccDNA~@g=+M4cz&VsCk2HU@y>utHUT@LfFSmIZ_~GQQa#XKd(Jz zMxzt>`068W)Z4tvLkG_KVPCO}y74iL+b-dwVU`(JvZY(|oqjxlu6Qm>oCh0-44KOqch0HxV z$t{!=0kSw*%@D!a*LYb`fp+%c8jiQEdW{D;z|a;IOtgD@knRZA3dI@Kk;I*F2#!6uvY*lv0pLxv%2>1`;B?J z7B3d-TCB(oy9RI)yB32#t80(e*5~P3yjZMju_8C@8o){HS`2=Qc|JJ-(QJfmCmD&| zHQQd>QQwlJ%Jvkg5&UFKH|@hzyIhfp(%nj7E^MPgxMrHJD@Q9%W8`EdnIRe}>r)x0 z(5O)r#RDr?d&IWfXocB$C&y=3`fPahHL7fep-SRV6o++OX*7O5s_!kT&?fs2eNf8| zej1JoJ^&Y8_Pe_m6f}=&jl7kS}M?4&hWAte*|? z*aOs(lbn#;PWroH&3z`>kKpv`xN4DF-j98Hcf9 zE_Kii$Lo-m&mNbcTy~ZNA_En;<+-3jx$K-Sh!{#~ExO4u{YO{ZAI~j&0VKMs!+@t# z9w}&B>!qRZ!06Zc>{|5%ogNGv4`#YbGRJZoSgD5_B}(M`x0ECDi_^T#M&if1qDt;C zQ8Wd2I${=1UN~55o%g&8#!H>9Py)kp?m7KTYlN`9V zLAhQSi|fzC;yM8fn)oYX)UKz`@C-&R`GqjDtQarWb~!&MhYJB5GaNIIrxiGY>swfB z>IlD1NV}SacC@lxG1EF%62H-P|8#5qKg(Oo^=w)6Pk`U zI7Wezad=O=R+|NK1FaWHZh3&y#sgO?W~O`m(T9gRL)DWZ0CNt|_&ICm;u5n?Saw8d zd7w;kAD3|CIiCJm83(!%;aDs`U#{cGEsKK4$2s#tCL^1Zj;a4a!U|>l2b^3>aF~}) z?-Y2xP8QM#azf|k-99lckecTQ)NMr!Z@+cjFQl^s?$JL{KKTq5@X)Yag2pSk5BCC#>qPmKC!>-5&!(kvbKQO)C zs9<`5Uup0`Us*JIXc9N*cyNaP&N>$#ylWN2#%T-=gz*R8=jR#~s@`J#u>_VoTDa6rQyhSmE^Z5cRdi5rUxU-tW84JyMh4}n+y*G&mZQ)treWP6~SjdpR_#9#=SW@n^m!;vJ<#m`n%@ zGvr^&s@=j)DoQZ+PEauvLhwGIUncUH2E#g#IslrAx`K6%)rZtE^iAV9JgVmB?xPET zKNn&=oXxi622M9^vK+OEOGE zinfw5D!_go(*-&vDTFfh+N(;l%7vt!>1=so3<|f@9q4u(O9s2BR=aQQ)~ncZchK-* zX^$~-o@3n*CML5ocIb~PGNNCC@_LFgc0`Z7ERALsfe?LZkdtT)jiMf?Lld;~@@d%6 z=V=1hDU2>J-5Wf6$v0!zQo22iLMD(r8FZllC>*+8}06=q)fmhBM&I zgKe~tf~}pAFpN4D1G}J(DT zy*lyCxr-Fcx!x(o2fhjBqn${875`k#2O;d4Bn1fGu<+A0UE>7H7A*ywA^rR|tH9Yo z%&b@X8_a?|zJ6!U;dMmQFx2K8+luA`_NoAPWNWsVVSXWl>e{W!7@`uGl!}&r-lX?^ zISgsti|AI&A6~-puS8j9WF+L_&AJp8Qpk}%7 zLGJzU==O&mm#28hU+CJFXobs{IQc4{cODw!rDwb$yT-e=Z83?dQ%xV-=E9lnIFRu| zNM=12grYE7MfNgIzC7z@;Y%V8M^R(nW?diu5Wj4 zP_rSw9E`dbJo*@GWvuRA5t}Qrw<^X`Q*0k}F>GQvYMmATRyRU}s&nCThTtM`5k1h| zNIEec0LiN`R{z$Pr7h!|cU|5@70rI!ymPblH}(I88O-n8(Dm0G{=e2AJ${7#zn-i< zdbqawc>T%0R@WY_Z>-<>|GM-4b?5)<&i~h)|F1j$Uw8h$?)-nXe4Y=-Ko&!b9Hs!uJQ;R_tTzKd!$le%V5i zrSY|tABCR0sln}4sfi0nEx5qi2#jAwwE?kw4{Tc%Q60TC1pYWu-N)+w6>v~ExkCR! z2+)`X0XXZ2Pa?H1u{Mn~_XMYf^d8(|0Tv5B4E)jX1BHK&ywFgVFm4Dev;mt)n?nSq zK}>z_nGWcf0nw_)nN=q($HX?C*SW+@a3O+&QuJyfs6727E@>PljOhC6#`h5*?-7XH z6?#C`H}D;}kVCi1&!!tVy0P(?7ymKB!Pu52HY>6>=iQ5m^a8{LE(yxLds+C$xSq2g zxna{mMX@ci-e!B#-@FVqhnvTn;pY3FH^-Z?N>CQqBNd7kZT?$w+n&DBPpW@pVW(t^ zO7`>Hqzl}C%adD}ULkW{PQJ?ik)=(+#ZwBmO<}bKpnOVU-xS8RF7X%yRx$pAg)dEE zxdX6#3go~PR`ZyS#?UT2VvJKEADhB*jZQ%$G==5b!@?;Yd>=)FdYA(FXHys#m>jy4 z!ed={)pFOr8h71~NvqQ9nOsa}87ZqET8xUCYrTOQnT<;=16Wj6MnrYP*i5MvvSk65 zb89E58MM?L9CZ%2ERURNM9z{)kTYS|qDZv3N4GMcu&Xluz_B+9`NE3oE_kxz?;akZ zaw{ck4h^v$Tec-tQV_X>H-wuE&?h|dbo3Z?LBnC^8L*!wV0POaFt8LgTy05=`XcjlmoYn?WmUwib&x`!yr2gp3mi0sn>1?Svm z!Fdg36T^JlP9xhspwydA8#x zgne!}$McNil^RE>^gyF19z2K*O0?$c)y?ag*|TfTId}3XL+5k&A}qe`LNCbSqB@ed;+3Z!vug>iIN~e_ z+(%2QZN)#@CV7|#JnYkLVg{p%S=j@WsG|<4Vo#0mhw*n~+a;syp!+F_e?+e4lu>!3 zSuFVY?mOEhGNbxqGN$?%RG6xlj?co=3AFB7APmTKCe7C{y4noM$G8(NQdhD(4x=WX z&AA&baLW_0dgXwxPB(lv#Wc%yh+!LO@k4V9I3yj(j--#aDyEAZ)V4GPF>e{AH8$I< zv^sppi?vq5^JCM5BNCjWnrtw-o@vV^?YdEk15W`Apyr%?N*9f=0t90Spm1;j6qF6Q zKN~Ga+Yy>k_6{VZv=S#V3BBkNCfc|utmz|Dc31`TSjn0B zM{5bSLOZsxM4~l9n^o=Cl9k%$)wW-B5>mz?Wp1Prwo$>aOJy;oszYF=sO3jdh%|4L z230qaLa>|Gg=vJY_NP$^y3gb-pE<@l-@Wf9S-sl?fQ)-Tp9sWsi{);U=F6JNpL45C zGorqwz4d49o@rg1ce_k=az16-B(*(tuNcObeD`qxAxe_adXf$ORIAYjA6H}BVw$uf3h%y zfkq8FB_0pe`)X-8^3S_h)*B>(2EN*bPQ%rb?dniHXV)!sN+nl))}~*kc)_-~Ndp0x zBtWq%q-^M2^pZ^0*W{YU)p<`OIBT&e9~_UCqR2?BDAKmog)QsUuSyjjV8A!Ux8dsn z&XV+40|^~LmlFvH&rb4rWdXCKkE&&Rxcy{Iev*f&M4oe!e|CI&j?F&_09Mu_;TPR2Vn(oK8(5af+(BI>`icP z?lx;0TMg<9pu1x6PKu_>-5a~8$b17;xyh4)*0|$4DeT>h8P1WI-CT`kc)HV)+i8F# z_cWh-J1ftcx0x&ea_wzB*ueW~7QQ^+SpPigS_3UPMt8umh~j-@0qcI?@MQQeG6^kY zL4Avtuy6YD<-+ov53(IB=OQ09m73bAxLuX*$uhdfkS2-vm%aAw zs76oG|9-ei@t>bOdh}#tsA%+fVHyJzwyNmwZCts{Cz)J z_xnC%+=Ax!{aaQ1Mx<^}?fd=>wZ0LHTh;l#e~T*L_iw84jlH@xeee6Xr0#ux5p8em z!ENe#-@ipw@B6o@>3#ne6}|7@ik|oV+fnnre|uWq_is(f`~I!zc;CM*74Q2qHN0>A zz^UxEU=P%*|1W>KUVi-jn?eSY@amsGjnD@xGQlY^I(EY4csvX@S5_`yUr)};?VwL4 za3!_nS0cbxV0Taa&<622;1KW5peOcy47>yc>iNq?3HdN2*>Frsw!EAHu6B$;NwP~U zQpf^ZpIe!Pqudq=o!AWkmk6&z1kve^sMOLQT;KW^vH2;UUg&SGNLseK7}c2EZE z$00z67=lv>puG1+4wPQd1}dKn1j-T+r;LJe-ldsj(M{{1vRglD!OqX0_BUX#OirV| zOUcS;(bk`DJ0&Y8zc7TeNw?Q2d6O#~_4`Qhhu#HV>ontQJx21y0>gB*-ytxf1o=~- za!m@^CZPkhXg%MrylA{Bo-TRqmIj3ylA&CdyOqPE!`g0Tzt#A)(X1Xo;sJ}P;Ld$? zQ2D8vKZP0hF&JJrIfKzCDW9^XpV2LT>E}UELOp)(tlR63uL17;XI}dqEU6A^01n}> zJ?r_}?EsvC*${6xwIi`|cULYOcGs2aUoK`mAu;O8}32?yRgAMd{jLn~<$dQ}f&12$!t zr`Agya;5M&Bpw#!+`*_wYag&1QFuPofqe(OB0(;j@wTAJA+=GMI`(!!9Q`Z~e^z6C zD*uIzP}xIy^T9C;Tb(EZbU7S%w%b4a@TM@m7;f>IW&Er0$eURT&kb)}3jOwE#B^c? zR1|c~Ds>Jty8W&M!#)O@6pTu9;Cnvowr7?(uI=Kw;zIX16rVQ=CNPyRc6Y_uhjpy2P_Ue8+zFM|&)_$s$Ay8rHWw(ZJkLjaVu&*~(l zvys=P#o$)iuO0rRi}#A95>z3ZDfAN>?PRp@@5MpjU-@ks!+8pSm|bY(_eOy(rYJEG zXZQ=4O5nIGdf$rXDY~DrHtPXy`@I_Srj`9Xo=QjtBK6=>|3hnat+o0X=*xICA(Hla zP|kq?Krn@j>?|EPc;+{n6}V^QPqBB$KfT~n0Dmxj%Ac;5*B?P9CD9=SrxTxEyY*j> zn@30ld)+gB970VZ;QY$#7l{<-6i#mD9YSP9-Y%Jj(8@=W$Zb2nRQ7W7)!LEZ(X}-1K~syv64^ZDCBU zl)5<1FbJ_#^%j?hi%=?Ub&C-~R$tzxt|hnLwDshc)N2Z#hekm##wm-mx?+!rv)C5G zC21JuZPs2r(GDcH8fVlegYJ0t>f!BCN+=v#HFS{{?S9aH=b_W^G1Is>$F2BnEVDfb zQrT?G&!TEc_G%Dhg&~5cNyq!a(e6(bB;67NKHC$|nG?8H(ixf3-qj#TxY?kqz6;jb znS0#Q>!b{yRY4vR-i3#Y3}1B9htjGhM>Nu9lrz4lSMW2T=T>!l0Pc$u+}xMfA%)~4 z*W>>CZd)2x0}Koo;e0Gqsg+e0nwGc>LEX``8xmQJTw&JK@sYGgOsRON( zT4dSs`%T#Gqg&Hpl(NB{Wyj!90ywQjz*k?ht?DFK+s2il9cs-b<26&}_qol}aic@H zk@PP~J}JV<5Jk+9L6dTC>r^5CEjVsV(QWC7B+^KQK4f^mFGeuL3>qb-(G2Ho_}i}I z|JL;ar|hfB{tI9m_IO4z^nxCGsHXcn&>}8y`H1!rDRGx6BTfHzb$xAZ!_5Cf7{ay3@V`6#->;(oE4FX%PsV-*9$BkNpKKM;lJ~1}r8zbfHRU5nY z8Y$WffMuzD!r+s&jHk<~gM}{Yo3^bsm4)Hayn)`G?Sfg5MG!h5h|%a!GOO- z^lOFpn;q7Z)T|AqdD1$4SwB`j_o#>?<1nTyp199V1c;m4Tn->fev;!+GcP=?2#YXMP2BJY=h;cNY_Pz0-?_(M7 zK*UkLQNvB@baCzV(9jTsC*6Ccw(Jeucx7J|mZedxt#*@dH}Ic!VdLETqOxsp4*nlL zcFxO%HTZy}AW?MPznqlxkHWKZxlDs%)uxkH9j3eyt58O<>sYzP%9WF$>y1mzz1B%t zKK9IGY~=U7pwBT4k$s@k7z(0@RiS4p30cM#$66p{Ef!74X3S^TEGcrMcZ%XM8@0#Z zRuG4@do6yOh8Qzj!`u(<;v?7f#xpsbQBB=0j*l$VXc|yDAW>M?z3+`ie$XqC7*<6kA-npZ+ftj>RQ=@e zc>cPKFVbUQ;`1BA#AZS?M_}OdAt~B}2|<+&rjaP>@`^>SLy?wcNM71-6bht=o=!*p zc$}05-oHhALBB^V`Ho(3`}`id8isalJYs#Nf$zOj_VtvV_%a^CZV+I_%7DBwco)9) zdu6VcRgXTQ7>!`y`j>W|8;@A=yM8#0fRSkBvMA|UMLv+gY19|wR20azTr(RFO>Qr8LhZ7)3MM`v z(**QbZWkV%Qi|@<=Ttn5q>~m3#h9B|8$e0ep;gW=4XEacaY?@BsFXIMlNEUOYN4J3byX zl%r{M%_iT?Ne4DjGs3)$=(l>AIGA+M^UoR8oO@nmQk3*=6;AYUcJYUulxYf&X*0!=W+%5sw%6}M(q6B$yN6z|KQ?~BA#I*E=1Zz>2Pi@b zepxDPlvUZua$(9{Ak3RpeCzc2J*u%-tzIjt^4 zQcn-&LXU9J?CE0F%9^Zu{fp?C_NN!X$5h2Q7? zZ~e*Iqs0B+<1hNZ|C#&0_%!?D?*HP~C~f@rywXMl4`ijO*MWpf#)klj{ep(s664l= zOA1LksA>@(4vFI_oH6z;iP&8@g;Qui2)i6P41Rc4MuSMeIm!11>h4sWNGZ3J#qR#T zT;R>Q!233S7Z;l>FimpST^J@lZv5kP@3=w9F-ZsJPW`BXMquq6ho%wv!bTpBZTZ4_ z{=ebcY!?4V%qsZjosZEIKj9*1HvixFdhP4D{m0|Y$6xT@{-pf>0Xu*@(f%;@?|7q^ zve^AD$-x{V5`WKcnQgjXUcaVq#J1c|&AsO>snm|H2{QA-SH>Vc$=ity zTBR~AhbWR+g@5Y1yV^FJ^{9+X|ij-2&u}#HzQc6A(iF|55=S9hj zqUlgw!hlc*8#PKu;kkA`6mE+lwY``1lb}&_q>p9&HqV#L3 zP>k3GD4K#ePP9rymPx*04Jh+FkKs4<%;iYfupB2K=&FWM66z8u5#lnP0_e8|-$2xqRrwf9aswILuUF-2#x za-VuJBuzaBdwzF-gZ;AEzo@`2)CUoi%+UrQ&IeuD6?iK*7R{GO&37BM^{*B=->h$t zjmZ;nbPWSM5oJ^r`jG4hhE-0Hlypa4I0(h_aO@8T z{j5a0K;~x{-~fX_e821dC_Twz@!X5hjY}LKp6=9-_Zls`SLI%vV(EgXNxp1yOjVTq z3LVHG-^A)ya`A*CS)}f{ULKr^rXRs6NTQtTh3Z{nz6l-h{npGVh(;LE0{Gi+?0 z3VAUsmxO>}RHaFpIQqb7ChAN)mOE#ePKanypmWzUy27-$r^Kae7*ggW{Ry)W27bMq z4rrC|aenXQ6+&Gy>?J{<{_<2G5PfvzLR$SHU99MnqFP;XoK$GXJebs)X!(AuuZdPh zf0M~EOex8*BGm(EV=N^qT8OYVeOhH6TP-a*pe*^2A%^r}BmO}96e=q4d|e^4qVLi~ z`vFslR=>AS&l`_p$7hGJ;MsWz(JprgeucfR()Ntpl5?z<5P+@5F6zpcmQk1qZ*YIZ z^y5Bo8mmJSP{3dUhGJF9sMSC0Nt8-KgBNt_FJ`%ZzQ>sm*gs-+SL%F6e zu96U2n2KwSb=YR#Dyt%Mb5L4rt@Iruk4UOB$YqR(916<=(cS8_Yo_iB1#RKC+iq=v0UMt zUY+bWG0Bx5p!&i7$&~F@5zJ4Mx;VW_CmBnEWkqb}opKK$#yz0H0Ev%`%|@PoSQnBZB;xQ~NGRG!W6=^yEo4tW zR&D32y9Wdon@^@uDGt{}^-5GPVM{`>5j98Xo{XJhPCd!&@&xr@0w^h?8!=9~l&{Lq zxRA`1&pE3nz3H(fme%&!No4zGCc@gxPGH=WmzLTo2S8pa+r`{cwNR=Ti~F6QI^LvQ zC?QyJ8P2WbB=TcJo>r@Gna$;v7D?^wE7h(ynqYLY;(2CW>PIK1#|^Aaq2#dJ&btoI z?GDg@(r|HNX>Jl=BmM+m!>L$?<3cQ2b;hj3&)^I*e|Y>$8QP_42ftXORHdthd^{6- zdXxIUT$>C>dB{K$jbau+anVs6d3Vx?f9s5I!Jh4D8=2zj*>PkM*guRyshsT7* zbkaCJDBov%@(<{&<9+%F%i-A=djC?)t9n|mO1@lf)(>88?*IwO))(wv`D0Gs%5E@Y zk<}L_8%@^!g!^sYRD^RY>=Qd$-lyRUOAPxJW7qohQhQd&e)~t;nzWZ9`=CiW$I76*)(@U#2)OeXEw?2mA zf%}j&65e17&&ySjvGlgYNjQR)@XjAt`b$1Jrpkg+H@rU`O!}jNfn&ueNHSK9HYlhl zj~EV}1R^qQEg;VMl1OP+A#}zjSUIiE*4)_=FI2E|RGSj&kkWA05XGM_(zW|27Y9`! zfils$nyCq=oX<`4s8eyX>T7lNuG7KBxwY#K9>-C`{+3rS@*<`8DfLXP;`8JB!OkoF zyd?-$H5BW7Oom!^eQ`1N0=&SIg!r;s%FOLymZ28wAHlY#2s%oY$?Tpv z^PS6Fw5$iT-fdKBMPj1OeI|%H$*0xkQ&wKAN^|;0)?(p~$!KtDOKRdINP)0)W=vnGFYIIWb`$>%nQdoR&grij_!1f zUSZ;@kGh-aTJ;PSgPa^y#tZ^CsmdFR>J`Glb;teDq$0d`AQTgG4}$?Y=vtzMG26&x zh!^6A?fBlF%iPsD@%?t*-0VH~o+NWKXCx5I&1KYFVm~Pt$ESDYEC&b5E-l>-@3BVH zJTG%OyCPhH1vZog_%qV7cM~`p;iqywH=mzo)+4zIWG9+SWL9fj7MC%4oG7!LIGbFE zVF0zW+`T4&O*Y{N~AWL|D*xEb!Wfr|PASlm>Lf|wZiz=yc%b(?D_QKO#meMM_ zn(%Q}8}akJ%=c*{=16a&RDen4R!U1_>aApBm1K}sU9}3*o2tIf$+}=eRR*V>ur{EX z`S}wy-Y(L6rBsaGr?!W`%*e7(J2)}6p<1QiISY947Puo--LA$0T^w?$8vCtuMSk@<4Buvz#tIxR?-itD zt2IVCro$fkeWlZ_sM~%Lqb}}fR1mc+mtBpmTrR67s1L$=&~-&-6d2^rb5eY@Elg}X z*Nh=oJ9>3^@XJ=3y<2)CXLM<*^09cH%f9;NIA3MkO%uVrC~fE9@C2`9$Pq67GK0_; zys!Te|3B#z{%HL2wGx?CKR$Z=XnpfB{Db(98;`%>KmQ^Bp;cE}Jlrh`Mh~n`Vp~ZSsK-u1ip@1%pB&ef z6O7Vb)@)2HRKrSAZ2rjiZ_!l7IMJazq`9aBSAxk`6EDayiT%8QT+f$;h8`N0Q$#}h z9(gdJpqk|xB`d6Ni5)jmh}PqVPQ_*V4SiXcR~CnP0)X_8@0x81ti%$sKmK-Imh>i~1}}ONS}X+(eqYiA_XV5kF`b8T5m>p{pgZdhf2X96MZrc ztYriM5wk;p(7)f#iUA_hqJRiH4oIsTPA1~-aEOh>u|Eu8?Q<-U+W#}bKpw{iCZ{7Q zaOig*#AL!0pCDFHIMAa;cLx_?IDzVUqY(!gBiAtQoIS=f7izT3+CDjuGq~(1Icom8LE?|s!H1515tv)5H(!IdqGmsbsx6l zz`rpakI_`f0EJV&4Z<5d0>RFyyH>^JAYiB(OFgX+QS0Swa6|+-^_wxQmJ zevk?dw1$C!uzI9Nct=ziVx;?g0*7^J#UUAteXn=Ni>bm3mkox|tl~zp8k*M>gUILG zH?iVYjE=*n{B+EUJcP#mq9PbwGn-nE6n0Sm7tgr+@L_aTn!Oap4JY>os8A z-bBs;iU!RzR1t4|e}qQOce1AgV$YoX#+M*PggOMNYrju`qr>N|!)D{8krLxbMmVCU zfJ|T@V{`90VlR*;rEx4xIL|9fZA*5{N+lz>Skwrdq4Dy#aRek{G^}s2jGg95M<>{M zb=Y}c-}$lCthZjd6`7GPonq@%quK229qgUNs+0VlLEx7bwjFJXJN3QSsnv<6NufkF zZl3Jd_YP7jVt-Aq#!3C+XTpW~fZdp|WY=XN|@#!wvp(%Efd zTRW{r^F?ZF;%Tz$Mnk`|)7j}9X4cD2GrN_q>c>)9ie1verJvc-c-m~rhtL1MyLX&2 z?(X-DX_J}T`Z%Y5U`(*KWQQjgT4vKSGtBNe_)VBUM>A)KNtMF+aQW}oU*e%U!THR$ z43-HsetB@3!87H@?5xL)=3#wTYREGv*lCiKb{j_slp(e1`;C)Vhr0<%aEa8jN9|?v@Od47?mtHgdq<6#Q$8j6qP0K5VO^-^N2!AxpPsE(giA7W z$(v*|=pD9BU|5j-?l!U~Z!B4ip1rH4Y~6{^+1U}6EHg7`@=5( z4-Sv_>&?CYBk$T*B@+ttxbdQK+&I{2NF>}$V}K)nOmSeNaOey2!<&vGMB;E_L=+@t zQR)X1e>@ud6S~S49-+yUO{9aW1o^?&94p(pPAS%kI@x3_k?W&@^fMi!k0{-o=tN_G zKC;yTULHZgWWa!Cgm&f-5sh#9k#7a4#yc1*y-e$% zkh4p!ypEvj(o3;>*wU9Hk@yXR6bRpo`e=owZX_gJJG%j4XL#m5MH)w*2K`&SDwLO@ zbOS~fZKgC1QbPG9vOBhkK(QsFz9vx9GfkDVU94}Ny*NBPJ9}O~K2swe4tgD(B41EH z^YSw+rknnxtHDpEb|p=KkJ$QZD>A4{$gk!pRwa|ed#M|r?-F%sVp~AvR-tmMP&b|& zGMKV#JmF(SYL*}&x+ubhMg2zX1aFha8mtCpJKj=7-W^|{IIdVo!MI};SEK0#k|=J) zJI!>7N@Kd_QpPZdxQo*y5jIsH)8YKzy3zYu1&XwrTgqS5petO&7jn|H{9`a!o*w zL_OJt*u3sB;tzqE16S+e9b0HZTmYxz;5uYtA92Uw2;UhPe!Mr77pBrJZ!4vN&??zL zyM?VO&K4ia>*F0bu@sky__q_h6r@1)BjDPRj2nn7n8vCmT3p8oY$G8BMxYL3hCzEu zI$PmeZD6_--(+YbPbKE8yw8<>5^}1TkOp*NXCiFvADx1PecWi)PxgM|$<0X77^5KQ z;#Q~v1}Ss2%&o%?pM-nr9x6I2GPnv|gwljmgDfv}RS+U<9q&8#Oz2-4Qu=1 zGkE`4fKtZ@zeGj|H)Wf%j-v^D*e;SK0b3BTL4jhgJY^}(&eqwH4Df^qjM16q!KwgC za}5ZFJgA3ODAtjA2c~&A-vc+f$ia0W5t6fgBAep9*>Edm((&^sgWZ1kjpjuqS zZt@#ZAHb9edayh1PGJUBo72g^#CKkA@Jz~^-`l&h3ZV7-g-cm1PKsVqi^oaHh>}7J znpfvSQBtfP__IbykzLGE_h%1}k~M&6UL?1lPm7Bp&m57pIkNms?3d$6;fD#@V`$r) zedMLZ$TFV|Zvq)BhD_CF8md)n6E)=Uaz3*`uJlIXEse10B>VKFPYuIIV=w9Y+;A8y zEgxVqs$&g1n@Eu{2*n==IW)^X)(ep*!zsD*Sk}sT)WHo>R<)w0TsXZ#W0dj4gxbOa zZzpzeKB^;$b>3Lc`XNQInpK<9%cEwQOo~8Wf>jmBFgXJ$B5;H)x#vyTXitXX3uN>? zHWYV<(^;5_xuEuEC>!fL=rh=%8%xZPv|2azQ6kWc#*|v;gLX~)jNMCtCrIA2jltoO zNU_Nx5K$Z`RvwpCkyOxnYT_#^ZrK*1liD7Ztl46bB$7mFz%Xz8!60VEecFM|sopBJ z>$}a^UPZT(@eK^NEywaZo+Z~tIaK7g+J*DN`c@uhL~dCgw4L*}JaY@NwN(~{^=)_% zPoJWRCiL1UaR$ePEA95#+3NW@XL!RfSX544d=NN1#i%0Ftibz9rT7MEVphllzx>GS zVi9~yPn_X%RQLWR+R&8>89%U0P}79RHw;GCPOCgy-yI$Ybe3Mxllt9W{kjH*TY8zY=O zNqBHPAy;emfhhg#jZvin{PQ}z!4o@qW=ROZURkxxX~C*neO3cs`xJ&|h>p;-)k)|* zA+=H2G3bHrAR@6P^3qe8h}l)bfAh+`98Y(6K2RzKKH2oxX#%nMtuCLi+5&{=sjs`8 z>*>KB)njjMAWDO$I|N7GjFpD~;(5(|#`$r!}!V_OAW@P<(fVZ+g$JhPSnzpYEf$z7E2oH%2S^=V3HN?aX(> zw-@{~>7zLFq`vjvc2cjzPwJ1poYcRZ)W4k6zns+nXHV*hc)zY}g~x8P;b|N<{!!Yf zJ=rWHXbN%!ZTNJAu;;I-z4aDa<-ksvlfRBmTd#n4sl8JN%H$5xM$z$|k{){`7jz1n z9rVHm+E^V*%vG_%<(e(u>tgF8f#@khQO1B)FnyF<8UaTlxis1?D49bDgRP=bRW>EC zio4C1+U%-?;!mkvcntM6?LB;XT;DI1DSR-B&TZM+R^z0ktJ9{qwlh-%AsO_TY86td zk9rZ+ttKxJN6Kz3H=sMVxJdWIBmST%9UUIIqe4AT|E37otuKf1KhyaiZyq~-)b&RG zCm})3!+&}7^`rRt|IykP|NlSh`Tzb30B558VW)owmo@$1j*tWXVmQA9T)fzMY9ZK{ zFUT!Ql5o&<5q$S`XZNrP=a23DSs{;)t>fqL`)vKuV}5MP$4B&tQJhgRO%J>OfQNkk z3w-?o{QsRdxEl9^9!nCxm;LX?`lHRYg#GXOlP~=Le?|Wrn`eL62Jln8`SN)0V7CK8 z^GRvw52^eQ*FIP0LvP&s5M9yBiU@-bz{<*rynMLGL<@_jWYuP*mBByBwrd=ifRtJl zygZ9SGG`5MSid)(24qe5hE9b<=Z(~Lc?6s3lNQI2M7$6>l(IS%&RTqQ^oNLh$xM7K zjej|Kj5_k}l1?`gZrwThheULc`WiyvypX48+F7*5YagnKyTDT_s=yI`^;+fx!8(qbsS&&F?^+sYD#oe|o3(YrF)D0A)^ba;MawuFA9VO(UAa)| zd$^Le;n{_+v>u$Nha+W=B3U*L2C_af98Axc7NeD6uMa!yR35=&<0X4UXG9Pl6IMpm zu=*XQ{=T9$CrZPPN^jY76dnh&lVTt?-<9qkW}aXK}GqD#DG zqdTA!iQzPwXy{^zB|?$~SyqS1C1PDQOalb&@uLabt}9p;1+K%F7_4Zb-u5I&P?1+m z({fD~(Ooq0hZPwEQWaU&fV0k2L@|ZcPpo#c3gXKW8hbr-giq4*F~J4oMwAs}_&Jjw z!iz!wVih_Yro$=)&(0mX=VL*AvKS#Zf_++{}Up}Q&U zO38^#bkG=AD1}nJ4++&yRS{~dVpcQmm62f$q+K+RslF$O-u6c$jD#8t{3vobn0JNP zK+{1jk1Jed|xe5zL|fNc;?h(3L@aH=-A{8~NfH zMu|owWv|u^Yty%X?$he09#_}D&Jq6ij^ed)$>uafRjI8dT>R1*K;Iy%ZL4{O4{B!N zZW!skt20!^ zYVcm;ZQzARsjWH^GMUD;t)X3tm8vr2VbjmcvgTC`Qr`KIO1$I($M4Y5h3-DF?^G^r ze=kLNyk&=`jD0&o0BwkIX`Cv(qza37WDwFM)P>pRxskR) z)G~xAOmmnq{Ft2t*_^3dA^Ej}>}39usv3S~tt{NK<%hNkrix3;bckAB8KoqSYN^Gb zIJQ_hWz`AU3t6?l?X2i~WJ_6fX;Vut^`%ToL1-16K})C3i*xM6g-4f zr8$Ys=Cx#aA=(@+bfvT(-)86ih^o=0Val9qWU3!^q z&)~uNLiz`B4pRo5fk{bLQq%fZnqcL2URTD%gkfw?mDvwvBx<@8Ux?9W6*{GzdL7ZReo5wCqe{|m^XXj&89um;cAxk`xBRs+h-12wfn#FU`bzgE3r<*$`OvG}aK^%N&(OKz?6l~Dc5 z!2eB@3MGk9R<2mJ8E}WIPlD<%pLl@GSNUA64#S?mEu9u}=nm)7%lSdCe~FbmjeMi0 zmB0$9?i}}65@+8DrBalVIPVUz4)BIs&=77%{7h9wOFG!Mpzg)ue&?r-Hz^lN`}H3i zvOV}yRsO9wgMGG8lIJAB#{+8|oed4--njCzM4N4y+r1>m@IYg|C&ZiB$tQ1mN3(i4 zhK3uRG+HMuXx>kI$A<^|jRVxVpJ4+NAIkXN58ml5X4}4Cfp0H6E!046b8vv_5N|cR zm7aewy{cZo&$kh$+HE{PeYt(6zV)W2@8+i4ZQkbx~+@dcI1xx`Sdm+gs@GIOf%GA?Oh zHkwjZnpSH0$j-;rvs8$$`*J}|IIaUFrJ0r(F_00hiX;a#Puc7~b#vHXti;MD)~Xpc zgn6<|hlN3x@0~P|%C>zY07-G9l9LnXw#e=^x!&$Q_o-0y;r4R5*b+|cu!kV1PP0)z;QKY8 zlz8`*vyo^41FBU!dUbg4%T|mDvD{IWf=6uDr^p();(0DrDP>9MDEN~yKtc)cbK=gy z;R#M`Jnko6W>Nanh2r{ei~ptklRh~H{5<>LjfDO0=Ej%!kAGbJFEh{>{Y$xcz-j3M zel9I7RadIUuVhw~ugsuc4-e?|=a1+0Om8V2atM891^L=s|N2{J0OE~Rk+RVHsmZc* z&c0YgNZ0z#kM);M#G8%UX6*^zk)Q@mgF57Zc5Um61DZK{opcO z9gRa|%&U0EC8Tm(P&T131Y4q3tKnA}havI#fM3W|d#&nm17z@4V-9!(USl!jBH9Rd ziE(;?IiFC+NwZbn+2p3fJDIk7wcJ>w!6;k8vel!)WRP@tS5tP$H33^Q0`|m=X!{E8 zSlUtIrH?b53gD88CJUh=bZHUIts+sZUWw}AT2Xn_U?jT!fVXc}7oc$BHrk8>T8E8rMP{p?VrTgO$N;DK}#*%whNd(3y!I4u6Q|7;wSV=sSYk~}b zkz%AU1WZAemAHFxVj21Bf^e>>mcfq*PvHvpe?^8fgd`XYk@8%bKId`Oh4q7XA)-=` z#)zdlp>U8EDIQjTERFGXUG!pfY=Oyup1{Gdv(&OdaIgR-9S5WIX#72C3`wF5bWF>i z*hDc4O?;>m5=buh*lbV)eY~4LM zfh7*MSoYY+!2;Jjk@#&#j2GxfMKG9}_%%N_HMASYu3cw4ZE(3ss?BjyyTECpo&U3ng- zkBagRv3!T9p@zT|lFeA_`nb_LZJv}!J+D6PsGEWJ{OhA&u`h2@ynb!c$lu9SFLat0 zSt(3WFS5!yeExTnNtU^myVH;e1v9pTx zFruoxok{FFn-ZKcBY!esIRsJt;R*7*>yN{L#Bf5KGnO*Ce(s8wqwy8w{>UcTx9~IX zY%FcnRr&LBHXS))b13OCo<-}$0+e1XLT8c2y;!7mdWy`ZWlbwXO>s#awOw`fOIA(R zVMiUBuH=bN9h_=9D@fV?cv8FO&H3Q)2=hpdfDNSxGQGTD?oTXDL~SvC?{3ntFAlv? z2aa}8=O%p<`xeN<)_a9t_~_bUeoGUuioDSdvv% z3U4t64*aJ>22N?B+~kNDD_cu`?W!iF&hmp0gSCoQp$0RthX4k1y))Zq5HCR2a@{J8N``+Q*- zVU^QJ0{2A|wo2zlw9gg1aQcVsd}ba8e%KWm{#XR!jGF&f0TSC&?0+1SIP?5JdVBTh zmcI+(KW>8H7d!uNe7(8x<^2Cg{Dt#$KfpV0<^Z)z*$i_F#`d54x;mc=%KZ#(coRHvOOUu8$ z!3M{>AnPCWyVv0W!y13ry9jDzlwuzoR24o)Tu>qeFF*O{K!j$QF)tJsl&GlV!>pr2 zRv$d%@PKqa;qZXjKlSiHL^3)$d3aEb|K#HXQK2J5^7!x+b=q`%kny0y4?Lcq>P*KdT}MB@RO00R-a%EGxD#^{)%5@9TMKIE zZwcgOx}Sdnc6TY`$diedD_0v9$VwK*u!OWI%X8hVD%8X&9QQzW=NcZuKR>>d4qgg} zRAR>x&{KqQwU`HKz)`CLrf?Y`+sfNRmvmU#7??|DAwryu?C|k4A%}~+VKt7VVIQF~ z(Ua}RAl$4=vNV4bx%RX9vmPvQU|k6@-I z;Y5}Du~ILSo*Al7BB`pd;u(1w$~5f%l7IN*?d_ssGACIljxL7CYFy|4a9{ayd z``9%sm`;OO>ujJF{IFl&IX-OJ{u;bPvcm=g;m8t6Ee^A$l+1_NX^^ENs_RlNH=QR( zQB8-!I`-H#Y?(e`y~+yrkcEr$BE+9gGd~BqS;nwVYd{_B4z}T4QZ|l)7}Sq9`M;u}CjmchT-$ z+Rw_0Ra;qCpjF@2*5EynAysmO&84D?ydJrhstPw`o;eKB|6VG|FMV$UD=kucrd37% zmP~nT)=4^LaO5n6wxg;U;khpQy;A$v&JUQTU9bLM=lrVzPe7H3kf$MyHN>3~M$rAx z+&@oj&mDMk(%A2mSoe(STIF*2hq;71C21|+IX&1rXq^DH z#_orc!=ujg)4k>{l|Yx|oz_v~=W>A~{G#y|obb58s-2=u;bzgK)pQbxu#>yYY&w>( zGHaEZ8MHKZD8Yb5JTbA9Y7x;E1I4q22#>tfm;Osc4RcZlW??^NFIdtKC4_`y4C zG!ZK;#Q1sixI|44q*=&@Nxjp?jT~7EEl3 z)Z>_QT7^05Mzf%G=VtF(W(i;lS;vCwq4h~P`>qU9w zeVOPt=A=cJVtOZIy_H8IT)#UVcw^$Bh$u{u#SwE8^sVR*`}kS1QPWo0$Woc)e+y&F zpIC-4z_dr>J}@qYDz7ReZ=lBh&`0M|=D)C0`L`pwY=kj_J?3-|?T6FY7;JB?Iw&TcsNVAi4)fBTy_Qzos)rw53u0ISqlPCT;k zg9fH5!A|mp_568Rt{-J%YpLAYTS_Q-=M4g>Zfnzm5(15Bv09gXE5=L8W2PTf8)tZ&n|obU&8*evEt@Db|dbd&J5UC0}EfZ^Q+6!Iu9HVl~G z8;!)M_LCpv#<51T#`FX_xe0^Z*ml35W>=27uro~qIFtFk7|%@bN_x?Hb$EQjD19x0 zT!F{N?z~yxj(OK+XnjXk(}37;tREZBW0u{FN-VSjbNASyK%if<#u)#jO^fQ*;ktEX zjk$+&x_jp(4#KqV&gk7-2LD!zv&vffikPu`$>Z7Ywuiaf*Jf=^Zx;vQMCqR{joT7z zU||&XFG!}dIJ*oek=|m-;c>6JM!pfS-ocJyGA1^zv=AO2_h4rl^t*jcJxw4`QBRzm zCzatV=C>%vx5Z14y4upJgIKD$cQS60h4o6hu$e&)C3GYv!(lE=C};5in2!kwkV)XS z;A{!8CUp50NTGlylbY&Xm}Cj|eA0M*LNb;M`LEPU>X>NTRU1*Iu--nGRmxGA8hplb zN&bHq_SsoW`N?%%bwn+vv*n+%as!b41!s8)GA5j+vb3-+RoJcG&VdJ&@2!iC+JI>_!z%i?It z!yN!;zLN%7LqDSEC|Wo~lqq@8Mgwaf^|%q76bKBe5UW>SeE+w4tFzx|wGcjoaIS!} zE;-WDCQJDi5^b)1Wo$@T%#0J*BTrQB?yBmdJWPB#9cvBU)Uy8$E6FzfD5auj@tIWhH5I8M_M zrS_WCjU&`&E~!AUdnlJX2?a(du{EsPOlWI$)yjs~NYBnTbY~T|}oDd!!JOz7Kf&G>Js4KjbKh%W*i=%!)6G zps;vi+F)c-WM{SCL*$Vox2WVJ?-G>sb1%uqx${Bkr#4Ickri853SyHHOH*U*6FFOf z6Wgq40Q0$|^jmmVw(}L@1Xgs-^hRs!Nlgw@O=OO)EE%c#^gF`!kV_ksh2`^W5;jH+v zkq{(S0%Ii5-5#O|sKd7I5Vpy~dn?LeIV6wC&W{7};qt56E#(ut0VQzfmFaq=;+{s= zbisryQq~Z+oTUD;Sa{EE`)C?hq&tr!8QzdkRVnXUY!xT>FAsz1KlBeiw<^&_&tRi5 z##?iut{ZBZSH&EU6MX{JkJYQJ+|t{axML^YwrfGexGrtRlXwq?Ht3MM$IC4|@Ix5kP}U=Ca~T^o*q? z3K&Fsp>@TqHLL)IxjU3$b8y1Cpq_VN7jE)I_q zJB;h)uWpjr>xvh5x|Bj@!Vgo>a0D`m)ANWmDI2pjDRHd_k>EOS=g(0Y+|Fy=hct5C zIXwDBC6-5l^ET^Sj6tpZp6A?;>EBJ;9M);^7Z=(u_P;LvuSVtkUG0C@*EgQ5e;v2~ zee`5=?Th{IAB6vF;8&|Ah^2b1`Q|kmq;L%78XEj6`@JkY;Pr36eNx?k0VW*ZM-Kr7 zei@E?u($7flYjNE-uj5ji&X#YkifS7x_Ls(93%}gKMByoCXTDTzB#|&P9)+}tS2I= zot6%zIF?-re1_nHeX2Km(6XZ8;1Gx@6WynbVS@W5=6r~yE@B;9*u@XFwO;-_me$J; zu(M7vwO(Gx&>E-dC!69f-@_0W%_2!#C2dms(!vO5JDnMVM~)(n0MZUk=2*U(y>zs%k9nRh9cKPrB}|x ziueG3mR8C(1|zJZ1JffKz!Mo9p!xLAqod09Mtn)4&Co0HujCsnD< za09LLjEQ6;%~KB7$+Nvtd$Pd?l%Hw+3uV`c2e4M>MWcR#0Z*vSIs1@Cj*oOZRzH1> zHlr#8mOiT4(3Ap;M@Pl%ufS>u(IeygZj-BDmLW{#TgX57{vd$nrTL zj&P%IL-C41O$9W-!v=3TJ)d2z1mS|xd}{U zHkoI;SSV4AF*FtoZHGz$mQ+?p!J<)DsYq?68yY94M-<-?Z8Lc)ix8DIu^<$@Vt{8X zn_UQU;XN<9|G^A6?bMrl^;St^$I8OwqLc)zWcxFcS+f_8wwvO@>%IlCpvQnZAocN; z8oQ@h&gjXaB{3__ep(u}As})}9oZD{je4tbP~UH)vP0&HE;~=ji_~!g@djwO3p+-) z+d@<{8Fqrh)0LN8Z1xfozhAc;J5>?fGKa|w%SQJF5oO@5(0-X@L9XRBTkkvnH zeR#H#&p(BgFLyrLSPCYIzIRrTr?APi+h=F1=jY~4x9fGUolpFN_7Dw-2qIy(YbDYz zMpN>$GGF8iC;M4-#d(IOi?Q#$)vsu;qJqMJE$!mn&|w46?Kg$S&Z|R_SIx{r(S=rH zSLCC=)>c;k`d2tu{q@%Zo``|R_Pwb3*T3f9DB{EOtpb`^E9Wfo$oDvLvX-Kb0s?rA>@!qh|MJo&uN8!5x9(@qyvO_t7vUc&#```c5e&hW zfF0{-JKr6N>Sg|84xjgb+RhK(ndjsE?fiJi&uWsVbc5<4-VLlyiB*KY$93$4vvF{E zu(wlhc3vH}PLf0GBq7-RpHAZjD`B@wiRbn7RFa09J=O4D&Y4Dl;uh#i$w{LM}CmqNQw;CJ>2SoIc}YCycD`$uv~8lyZ|* zPRW;9GE+?y9UDOheclzsSk6xyRrT#)e>UCbK}U`=+ui>QxH!HeYj^yyogW0E8s%eE zr+jKmf0mvyH`4ACl~r_3M4LG@m5tIXf$VL6x3gb=-Dx%s;yn~z{L{asVe`5j^FV!n z2#?(f^8^{Oxx`@Ru;lY$zMR(G{;hA*Xb?&t-*u(aQDoAj+cXA}eXe1tS02SOQqp*V zD69l<5Sn)6!7!CD^xScyd05|_Rq%fOcG5dr^C|MjFQvdJ)0bLB)W5T$zta_UygN_o zCK9dePL@$6A4D0|>)$>iy$76x_Flt!9{Q6$f{k2zq*8-5Gqm70U+$oB{a^q~a>LTN zy+C_X$VzlTw2V;y&O@VyVCS&eZ0wwLP;P0ZTAEg56eli|NWJrdess;|xg%J#I2_S1 zeCs3Jv+6=D0UdYnbZM0l??|@>+w=-VJ@klizU0VUT4)^(>Nf}Bg*Py!@mo1Uf8Ul8 zA@pj%XTnYdj8J;5(Ajbzj~?tr5SbIcDAv59kXWy@FKVMo4wzJ8mAKe%{j`I^D#IKg z(~Tf6lw2&=a_|TE+_sm?kuk(oFzpO_c)G=VZyX-^DwhkPayvWQg`FM#Da~o60WB>i z=t(coHa0BICXl?X&0}YWwho}$?b>_FiTr>+s6gi%6{xAC z-_e4WHkfiiN947Fd!Wgo^r`$Mkav{YD2h-Wa)(9boY`D4b#-6f6|$HyI=Ba4iRw?a;dp zRe8G@t)7+I?fjd<+1dH|S$XyB>}-AYsz?hF&t4e*>LPsSD_>$#Jrf0EwlntWG}-mh zMw-e^FC(RhMBgE({=k#!DFyd{md>>E^(6AK@uUa{I5AmjQMVfEgcLg}j{t2zlD}0e z^Iu_A{e5u7peU#iRY4WW@8X?NJS!IQA6Ya#W|zwTOiG2~mE=)>|qBbZm zvY;bh)Nm7-MnxbM5C|zyy3tn!v9&2I?S|HQ3akT+*B$OTF{&gJP!K(|EEW4DV1^H7B0Wg^?w+f_~1Qhk}hhY7K~ zn5mywUdFWbZg)DA`c0e_q>Thgi#(w8;Bnf8>EhfE^(1n)qiT}&sHB&yo9}z&V#1stjm+Ma_EWmdUuH-beof$RiceKE=JyjwtGSm zww^f2uVMxNEDI;Lot#YVB8YzH_#K3Vzd;J5FvRO_mA(C!A8O|Xx;lgZp?@?RRm@`W zlK;Qhd%fS-5)HKC3y>FsXp4uUIokv62y#GKmBwQ)FWDp!{LwsZU>Ii;$V0|!hC{>4 z#_kUfpRh@@5M2WfVBxd<2V1Jkk#<5YyBikT|Eb2y{3X1;C^H$lH;E1$%q zm;Y|);8Tm!rUujFBNMbz5#OZJ7ANL-!?5Z8Ju3vofy{E{_kNJBIjSn;3vkCh$++Dv zqk|cK-=*;>iy=N2Wbs%#vr6@_aQAYL$Yv-*EY%6nYCT&@ZRgHLHewyauRo;Dc3sno zqn$>5xa=b$Madoo?)AbmZ95iA+d6&zW8)Xo#~GFXH0I-UxLX0a4WNPt`h1xI*Vp9y zkw$cdwJq|%M+Jon7#?j2NG$={*B4B`MHnHRhZm=u*{b6bv)Y;j=M@p>43gBN`;wyh zltF9`9U4jHF6>M~KA8Vb(=dG^x<#f=Ma`ntooT3B^*h%(wc5S=)O#bf-YRd0m)ajw z?^vO7>2QcgTs-2tZLuMb+l4hWXQhUgl1`Gilbx5#mH3`PvlIU)-%2Ks#(1Ddbanzv zcjH&mheD-qc;1E43C)hHaYyU{LY!^p!>K3vpEb#e&JI%Kc@`5*Btp{kne@qvw%1& zHaxh*`a~jl)YUVGrvSQbVBMAECrUV#EU~am7HeD5=S+MD`MiCZxg%K~v zu>_%P4Az$n8zt|++;-dLC`CzJ)o~)vq$UU#F(dcJEm0uGjiM5H6ZGDB{Q=#QVC}Yx zYAY(nxRWtr=Kj$Kk2a)UlsQ4F#_a?zv?TaKmlV0C81Ei>MhsGd$<6-jhaJu6Y=JT!_K?*gqY2udD`Bqz9V%NNJ+b)9+9QUKe zBB9!``H7pqO*1syxf}hCmKqjAE20P-LuPDNo5wS2wHH8 zU)Wa{QuQRn$?PIUNxPmV3m}`=uJpYelSK_Sk~mL{t5FZtGPs`AiJ5HPo#?ZU_d%F- zG)-;>aW*%98=zX2kT=cZfmtj=5xB>0<{U5Q9wpA zB(OE9cpHG$V;*{i(w#S6{^42!vPuG~sB25CNn8!9in3QUT{0#m?uxl^Bw0X)dG1-V z9n)p0kSsm01%ogg*&?^1hZb>t+A}NU{cJ8vnX1)~NJ+O&wJqh&1$Rc}m{3a>&+IE5 zHv0W(Z`VXRG+ukKu@Q9irK2%dF>S(tD~T8JWM)sW@T4bKBi%faBoJuG_j<_6dQ-&2 za>dGTR=vxpD+Qohy&_qXvcyC>Gn~= znqYWuJ~VCV8<=+TayFk{wb_G6sz)+fv*Lx?W^)lnP%TL=yldP!kd=}_v z3JQc!rhZSt5IEhWs3>Xc+L=GDpF}@EP(maMow1d>M{{RiiO&2iFNfK6Esdurwt{?HWl!`1rmY1ipuL(Q>*0l;}aVb6LE@9oH zBVmW|f~D^qno9wT1ghVC2Mr;QlE&eS+*zT0zMiw*6muVQT5}?eth5cCG)F}~l&&^w zi?iIhC1AL^)3Wx|BNNTDH&iROKBEIN{>tb1#aRKe(eM1(8|BJJE_U?a8+;GR&d*mA z`ZQ6?L(!CVo73evtu7$1X~S zd<=EOxg%L6>E1WLimFOnj+>jzO35t{4KOY1MrG>w$-~t9^Ndr~S09rL8dI9@$)U6} zr!4XRw!zM@0kUivUp5XJz<(OMWJt$`A^1ziG+D^}!^oE}l_8=hy4U1s#TI8skrfXp zQS{X=!rN!yV?=fWbqRCmcp!ZU9rprs5Dko?2k|rDt#aa|`0!|C#z-dQ9^`9xAqEqX z&7oamO2Nr{6&d-4&w2=4Le7Uwq`3T-BJ3}}O$l5X4R~cRzF74sT>FK8)hD2#x}?xY zDRs#4#x22-5=(z~HUeN%De55js}0*P!k&b6VG}&lnT%$nbd4x8P{-mC_h0@v6jJ2s zU)r7FB8^W;4_9-QNs8W*1_x4=YdOmvlQ(lSWlZQlCBvr7CJe?M&sd@ht_8EZ zKD0nf8hrx+)EhWxoe30sl?av)DTE2#eS0m3+t~Mob==D8E!eYAB6QQN=a&B>SaP%` zHch~S7j=dp0TniKjEHa+gGAtLA9K<%g^6%MTrwAZmR&Y9gk8{Db?Ah>|7&1&)$$xp zZDFssQpuSQF?<<4`3(hwk+-?1`^#DKvpne@V4WTIZFO*=x$sNK6#wFOD;; z#C6~)N{(7^?D57h=`5)^yi76m5hY$^D9h|f(#CeWTtVAa+)(;Pwy^_ZNy!@}BPs-! zkBH$f@0rbE&JD2RrG|(M-}tq;P7N`2M%7^OxK(bq-|Xq3vK63vON1E98Uua zf{Ji1w3V*zgvs>6xM`{Ah>jAPVr=jvvdf_91Tq**0KB#wbRsAvm~4Y67x{?^!{ht? z_a;~bi+CXJ!5>KY{P1^GAD{}fGTQ>V>2+rs#PAh3Y z%xqtJhF-@GdP!32ryvn^k2*6PBA_PjCOnNT(mWU&v_1- zTfMHp+$EnA`cIuhV5snAg-^GL2Zf1$!o&(*NhMa#!4#vu#d7?HIe>k^353xZr1c_Z zBY2uVY(jM(TQ@D$uE35YqDJNAjkKw>&Se+NIRvJaj~ zsI2d6c{N5V+93=RF?Ki>v2U@2pHfg9u~*`}tXGDm<&EdIBEE{0*X5iZLFS{R({_R; z16h@e@ri2~EF=aOxIPaqkWpn+g|*rHy>JwBgrk^1QM5o5D>iZ+NgxE}2fPXU`{tUK zIWyzGY(rz0&vPUbvvXN{{alH-7AXDkU>dHq70l+&!I}zHD!qq&$%^>2H*@%8Z78(wpCOW``3I4JNWu7EUCY_A~%y z7+wYaf1ys2ZfLfsi*hG0(~Gofxrs%CMb{5dT2f3=Q=d&-*=Ie3yoOjI%L6H5W6(6a zo!ZMUWs}y533UCH+&Z0?%a8LEE3=8H4Iy(UBmY;qi)9p(Q+l$svMNl=5O#4na>G{q z8KX&p;L&H#AhXM`Bb-^8gvW*fO3=F&0W!yY<${l(X(DtJ-#u&*FsT*z zh_r^NihS#jP-PU37;n`C@DSn^*Or7Nm!$BK*rszste4M0XHIY@%-0gcO)c zoL8m+qBQo)SR&3gRJU7VzOF+J!!XKeGwtH}XM2k!Hw;sVvK!AP6xwpUkSHHsLBJG_ zws}E2@6_VVXKnXp`bmwbGhb2&vS4b}abanq;N)}ltqL1U3Xbj_M#k+A>K-rg)>;{W z>&U_r4+cUBQh_?0#l=cKdy*Yank%gqMy7#t@sBzXJk=ed{BhGqz|~%lRI_}A;cB_b zqTI|{%N$)EbiE<(a@Y=4BpnkcaKOVX$+A-~3DSUtvhXdkT~%~ERQuwIZ^_6sY+bo6 z?5G>3GDmje1TusAo|9$)pNi(dWbTFNP|Mjd;pSp7WWh1W5NoWpy1XK6fWmv?kstZ% zWbBQA`0>6t%NJylGqs(r=f%3%5bKXADJIfs@{*|1ouZZ$*tMM?{jlkg>*b{1CCd$c z^c1Cnl# za2)XtMKBvq5z+msmfI3=07viiUs_1=xPJT#dDjDz)EvKqM+RhUk`^|I$mB^`y}Z0E zo;P0Z9mH?pv+NPlE}kWw#=&l!N=^>CJr9cVT`@KjoZ4ti8Nq-rgb*yLo*p-tu=0Z6 zKRp0$%n(C+t&?0PQk$vgLiAOh}UZ0g@!(NK(N_ zSlpwI)QVb$dJsvcV&s1k8J6`M`gRuk_`>gc`02uf`lI;s_m@XU7_W~dAXbT75)o(# z@OEIL!~QM2-8o)uz91Idd{Lzk8HZZ?^|ps=_%x7NJ2#w<2BqWtQTEX zrt{f?Xx-79v;xUTVHr2mAiPOfP%$u!jQ=R9BxS>vMPKGB;XjE!L)%oMWyEk<88=AL z03?+u#jPc*cjd{e15vt7B`j;UikXRIZQQ%qsuAVWrKKg^($bD}ecJizEBs=8c>P*_ zdKt#@ygZa&{_ef=+*~hr{w}}4P6Y!Oh_AnPQ@r^4Yd1ygv#QX~z^zeNe(ZBR3rJ>C z9jjF4Mn;bvhDkMN18oUH`3mdGiY4Zuu~jqjM&Q|$u< zO+s7t%R|O3{)GRu+-_Z&XrrxYdND+?x+hIiyMrmmA3#Ga*jSNoV0ZJ52)17SV@&x-tQ2E2Vcpss8SQN|6BgF z4l{Gh9tPqIG?GWBtyiU&VIq9l%R@Y<(n5F{8W?GL)I3i~uLHT;={cr5pRG;uPIH%1 zmlPQW^&=PtD7Yf7y4|bLLJUL8ymNV&g;k}#wBNcX@ z{iV#1WAOjk^+_p+GV4F23@S4c;<6eP`I{Gt!!qJHV~c`?r{vABjnvqyuU~66665O@ zYj9Ev4#Z)*s9=1rJ-@Ir0*Tj5g@MRX|s0cMy&g6g|hZoel=92t%79a;E2Xc3rocOKE*gpJJVj@5(N51$dzRF`0a< zJ#GQ+M^%LLc9BBdhC4+#pM(ielTH47{zN4XZTIbA_C%#kHP&~BcCm-q<*AAu#}>wM z%EGYI#@cyoFO1_I1t5{l%+Og4W8L@@X_>=;9!#_atwSPiV_3^qUzIu7LozAz2(v!5 zaG9NBCnZB>Y93&n90l9Vw8swRxSU%4q(Bt0u1UtBNOZ}}Bs=p`$ac?4a=a6Zc433? zruizmTb2Xan?!+k0KzTIYc%{Nefy3^>aL3&VIWXlh-_sROj-1=bsnglopg!CK|i5# zGme#@+1IzJaze=V%`o{H69#mZN!y`n|TACGe# z#&2LNd8^O1-=IRyPWmQ?*EQO9x6V_OAM7`F(MVRb zgQ4H+Pi7=-?j0Sni}EO(k?c^#dJ5UMXm-LUn>s1~REgb44tA>yo@4t2Rf7Z_8}vsE zI4ZH!dt&$J`tb`kKN8Rn7Z|A*E#3s(EOy0VOT11k%XCRfNnN@eB^Y3jUa(~%7cif; z>ciP>xP*BcQosut_lDavpS>u}Wg?Y82ZP4SQr{dmm|B+^P7v5)L8Z zrJ(T=Vim#MXrS*8N0U3@O=7036jAVkJxqaWbqLk$tNO45E>fT!fTWvRZV9iS#yDgb znkDw`;Athd#EcuwOE1H)gb>)}_hWxD9S36l=||w(hKqJpYVtZ0+SLqxu|7*w!( znr96VWFo)dE4En4I|b!2Cu*R*F)20Byun1aqVW-QMcX68Zkq9OTh}$wlQwcTG`v&QK#LkKhuCv&;gpw~&wvuHZQ+R$xY>6N$D0&%Q*JMuok+PWOpufy^6xW12@N}IfRmgcpHKq2QRL#WQ&l5Viwe5%sSae{xkAfkp| zFLj%NLQRU4p)em!|C3Rz%~!trPN-XM=B|*ZN16OysVv?L$z?a5est_Tv=MfU=~cVP z?sNg+T(-%??m-46@GLU2PW5A80#j$jcowml6`7NFfzprb2hF|bE`^yzre&B_&b&dy z6=aXy+Ja+eZ&-@DT?{QYGpj1K)y3QRd5cQl4&BXg!EMP}WNCZSLTp-gs=amSMrH08 zu`2Z3I>cT6RejP{_nmgO<;~?Db*3Oa{9kM@!F=h9z!tUa%wsEe4^Bsl!I==Wa}SW~ zwRU@LedAo~_X)Vi8*^Cf&NN^}cW=8`xEWOSqbR(;8GOX6e{?)5D$fo@b7diFz*{E- z-^4-F7cXF?ESBX@@wj%2;M($17-yelFAPVE#}sIru|hZu(r6Igk)W**BBYh5rXkU4 z;BX?Zvnvc5FK)ki!onOLS>ohOc9$%Y!}K+=OFme4a3~nyHF$sWgA*?J{eFGtu=N_l zQa2BOK{w;hN&Wa`1LR9ZLu2{rpscS5PvF&VQ*phOM$P^k~BX3nDOQb-PvtH2UCYT7W$OaXWYc6wDNszEOJ$<-q^HKUk+7g*zg zTzfIP0^g^$eTyw#mAWRc8FCQ1ePS4DN=Hbw6;@4Aq9V~mb1S`3DvMnyGYPDV7^!cQ z`aKn(v$QyJqSD1iwlbC?i0k_UI1x?9tm)uI8Pm0<*MUH8=#JGX41-sz`KGUAO$EI73>; zrb4`f?WM`>&z}{b8n!y>tdQ1QD6gLt_&fXyBN~Y_6;%>`=@I7}%PN}B;kZ!0ofXEo z99Pc@Q7B)aNJ9WUqLAF%3N|0j#~Z=>U7`*1>Rr8nF9Uy}`p>R_>P6mx?23?mfArzk z51kK1@g0ygyBq1`zlT@uwsw}Wul@VKcU;^}d!eyP@2RT)Sv%|VPk^~Cb=(2iRIeQq zzy5L`DQ|(5Iu_NpzCY@W#{GA2oWQF}e;mNb1|XLAsGYLG)uD$m&1#`(@dIa-P3bdC zt(1=ZPpz;2XL@t)R7KNP)Nz`v*WN~ZEHp)y2*y#trKpPTh)E8e$*wY@J0z0UNNcKZKpW@~n zRmkc9L9rsSI*rDtOWMMJl*5*USKU9_(;{;uqlFR>DtWtvT?ga`ZLFt3U%teuV|E%v zkDwL^BMn{T!y23P-1rjr1U=XgewD09*^I{yiEOt75jDeckNxzeCcx|8iUERy1ygT; zv|AGc7Zb6EsdE1A^)D$F@5E{tb|u01%YmzD;~*$NT@Es!EV+N9$t=!A<+m)kSpT*o za%z@iYLdY~;?+3Mbq9E4t=qjHO32v;j;CnDaXeqr_3HTjEfM&J=-#IsWSS8={_ zRu(IT)wA_g^?8IpK1#|T&x`KDoza->H@)d_B&x5pa*i!qd~}1{NE))hp#(N$+N)wM z%fBJVM`QNmi6@&?yiaGrUb?XM`n|*?ujOL5+Kbga??lx$27oU zQ0k~d2D2A&Ylw6$Asb5zJTpILl!$?mlNSDcHL{deC;z!M4=i-)z0A@<$z_ zG+tOP=fs~TwAJVJogZ7xdh69peEb(UyRH#enQ^u+DI9OW7aP+3h0XX0j|DyPC`Q9* z4D97Xg;6KQ93b-Iq~DzmP)k6U#@bnEqxNJ?YitPtqSqtGZ4JV$nypv2I%qGU%v#%%&aP`iyRr^cRkdlH8S-)tAp{+R!YIVz4& zOVj?D^O@5qj33f2?H#-q=6`2`)>1ec12XYdH_Mpb`})X{_*4Wb^Q)0R@+2IdOG5%Y3!!2R zt>h8HnRPkzij+9qV+LO9xY0Uoo|M}BUO{BhQ$`{fKb0(*0(yu)GBASWD_TcPn-fG+ zXq~=%*=R}V(X{u3YBK`{rttoGJ&p`R$N|*;KX~2iBD2@^{3IqFL7uF#1=9=b;i3&>eC3S0sED02hrJ_$f%{u1-X>HsN7HhL?KZBHgLlPSdtdwXGub32ywyhleL=J|4zXB%WIOc(@E$ z0@sYgaDrYn>?w-5N^SKTv$Z!kt}!4lb}V^x$h2&fL!L4W zo`Wx?{UozN6Y_l;uwNkh9jh=Pu&1DfodT#Jo*#j^E+$;Wu1L;KuLAu$b4_;gRzr-*Cg~gq7~)7rv0n8<;-K zKzLC$4(iXFXos=$V+tyqE6rJH<%+~5$8UACjOrllzLkg8#MCnK%?zVTj6@82&~rXKYJwQ}26lC|#*ukEXXY59L`w2Xm`G-y{4G zADe7PpfcV$2Gk89@YP<94osX=e~q#@}aXmR25ZphAT0N1D6aAg(octApN0Q62h&%SRg*(XcR^sIJg|)L6z8V zJx|cSm_)I;xzbEYHi#wrlxoOH>Cg}Cp3uZ&OGy+kZGO(&yZz=#2RE9xh`)Ui^;W9D zJU*zmJRv`f!W(})>gpN#0nQ%Lqi@&D3;8q|UBYkJbGv`oY!>1moG7RZ84V9rR(N3| z2uhDZz|c_#X+-_WR7Rgx>G298g;*HK1~7#noKZCbE?;JlE^>WQQ8BS6{;uW1wffg zT%Zj7lbW3BXeXr=Y1LLPpC_9jzPeRTEqpK*YlT3WgK9IW6}hdE;3#+374I8AG+QNCjq()O=Bz zWa+3IKB{fJdn~#9VIW#NhvEuuFOKd<0FW$n}C&}LJ^)GtAJZWTgA509K%x|q?8liil^jcEX)yTaM^4#B|0 zM(vy0T1EI*-AJt0=n^RKVU|9{O@+pVT(mBfw5EFA8U{5F`1}-w0~o95kCRgWu#L;` zCfk1?ajY`?91M+4Y`cb-6i~q*V5@6%G1;asJc4a`5uG@P**s?uO-$$#!PD#jTYtRq03mCw2Ksj>h+@v*&vK6VoPeq$uNjMkvj+d+TMy^8{%6F zm`nn}5UG*e|MBimt#VT+y9rms*bB&Z(J7WcQn~yyQ82%@p;FpADkKR(J3t4^3kzg6 z;hL1f zj6xiGHh|?!j7I-tb5mt738#UR)J$=@HkbXQr*(=$D#$S7{uMf-VyGiLNHHr(tx3L+ z_WIvv%9*=55oZP3oVcEOO*GNVOwWFmNefLeQhLQfcEXLeV^ajiH}=S? z#JIXFkQTU(+SlDln$~)JzmeE5(}&$otKs}qa=RNiVb(gJORua|5W7&!Zl=6pzs91{^UR$He#JCN6U^P;}jJUwnK94L7a_e5czF&Qo2-1N~&hV74HRtd3I-X~Dh zY>VT#48`sn1)de~SIR@mxdTzAaQm8xFn8{zC~UGgvJh-w+Br?wfPZ*(3M=|iUZh3g zhFOI`#4`GJryq2@DC%DY${QT*sW2wA6{$*LKb6+YCQh^%c)&DQm@S)VGo*F}BBhP8 z3Q+3dc#)Ok#OsrjdtNsoPXJJ*M`a=P%YM+SF$JS{wh$39WFG1{w7I6FY8$=K5tzeL zGbL#^*$W47iWAsaQ6hb=xV{?!pD$B9J1QLqKwiw_Bm?qew9nuJvsfl{XxS+g*@dj; z@znON?*ToHf(6T$Z_PO}4cYhj+%hv%+MdEje3a(KWPL;~Pg^zafEPuxFxVGfomXi(R zzo!V~WkV%zrOwAtIw+YIb|pl|qF5EGL*2Ta6@CEm)smpIvV$y8A{Z!>wyZtDs}T>C zT(yoE&NIUx>*Jn)mm>&&Me`9Ro$|g=^M~z_OoUEFsRdKe!{9&?v}()|3vWiZM({fTQG zAKPUJ{Tjo|!?BNGuj|ddddtOjj_*q%b-Vg3Fw)7QEc^iJw7;Mbkm9)gyGa2vc7Eqx zE_L5`n)Qe8`k6pwNenXBkW=^g1h#DI22Y#`S*L=SjdM+#O(i{AlDtax?C;5`a)|>J-@qU4a;cFfwLdDz>WDcqVp(^=#-OhZ!cZb(5@6BzfUOxgjTj<}Ujp`?*{(m|*)?%6>C~$a z{==vjM!kPtjYjf7Pxq7*o3X-oW()>~p`y`wbUH$>n#tr21`I&Tdx{eTpb zl2i%#0Xx9!_TZ7m_X#g{V{L6sT-;&UMsnnd$bAQWS=mE%sxI$(Q$i^~^kWVkhzMEb znh*`#WncxM2N3cv8KKd5$+EjvKT_d&d81OMy90#HlEN5}&^Eoys#5!TdwpZ$n{S>n zx%G`734-;4BK)FZty0#&->YD%`}8#EK{u92QKN*GoJAXW*;nnr0R_nTVSEw-p{yT)BxxpV@ z|Ek-yr_s;-;M?0(luJx|aTcNC9i1?+%Q4Wlk3RqCq&@N8`l`j;sgIHT6laLX{^Dj{ zi>on`LLZR;n%u`w!>ZXo!w#flPf{J&C@4fn3!l((IX*fe7EingZKEqPGoq#8W(Jj% zXU{wwzyIY2dE!k|!gcfCkw3YP@r;)11iz#2o4Kx(a5AMh$f~iTBY6;QOQ)iGQNO{Ae0XwzNArdDkNo0Vm_i>%|T!c6!vb zgA^9jfY(5xH@O%p<}ITy+_!{So{Uno@RUyG$>Yb5o-8fH_>me%VJ#?t1L&p525JMb z6=l{Q`RIC=KJ04$0$ws>Y~KL487s4g*hg`;DmLFdIP;2l^v0Ss#H;(adi;O(#oGYy z&0rD3K?1hjjVBxHo0~LW6+i}i!V+t-+9OJYj}NUc&)V0%eez`O8>nt=c4f`-h0u8Y!@G) z#&Lk5t65FR&>`Un7AI_PinF{xFJ-dk@nisSdsfbrF`hj7W|OI8FI{SRniqqcLR5c4 z@vNKC32$tBoR#&Ja^~)zWxOvhryOgy%!aLPY_6?YneHOUfj(&6@bSAR^b1~X);6X$ zYWBTl7O?$>>|)R}3Iuks>QB0>*uvHBWv#c0S44ioAbDFhs#*0?X;5e}yuol0{DlZki{xwhXejX2Ms~ckfxi#W`fRei&7h{a4CTCxKCDz}3$`GSu ziVhZZ) zMv-D&9*C-Y6CIR}sb|h?yV6^gNci0WaQkb&{ua13ySJgP3M)z9x^*gdjEMA`O{{>&!lfA}^&B z>*C{8qrTfX?(8;S>>SLGU}>jzj6C@RG_N;|=Kj@i!tgG74=JI&MGhQ4KR1F1W8 z(4jSte}OlLM~#C{tI>QRO7cEs??v_G__R?G?sN6$>S=4|@VJqBJ;SDsD*cOkv*i%j zIX-N)s(eGVckuGF7;MBsf4Z$nyNYr8)`4?VUbYxNHj;Oi%%*YGh%LHw**sUv0`Uq5 z(*Vyi!S>oyeh$LU6r{khzrC*Bpe?X`x53%et+Guamxz@iFJ2h8hA?Z|%XEmBSIV|0 zXKq=7`0-2Vk*Ic^hcSk>y+Sj8YHsJ1N%x(cLEq<=VVmt==B!WAq}LDe6Xpk6;`pSw z+j-eMd|q$ju(SAu3vsu}Zbo%v}swDa%g2!i>Gv{W#?P7 zvhZLh9`w)TY{2zey?ob?B;Ve??)Q2=*~_5aoD(vPR1QWb6~L%_47$#iH_<2z*kQ#& z_GIu@cF%kqTgi z44bw^Z-AORQCh3mi|<2xl*&(8$0L}dp?!lkT~3n^w=3}ZQOwDP zMq^9ec-hX^9*FjQ{a<**-Z=380Z0=wcF_C(MJ6G%_*=61vVLOcvgYVy6L#Jg-j#%Vj$Sat7-{nRc%|1LjzDDYBm6bfQHOCz%O_xx zsjDWAB>_@N5)vDgn!npRjA{=VwPa&uAVF?qJlr!Z>YY+Mx*n*AgiG4XOcrT<)3#^s zaQ1LKT@qPDGKQ6MwPTesGsKCK==6lF@aLRhvidH`=pDDxBAQ;IRI;2~w-f}wE>}o>{mg=bi|u8r>wo_SP=Zns5SWL_Aw2ipd|V9u%gNi z)6)o(sLNBmNf!7#w-PH~+7K;?wEe%tvm})_Rx(~^WeLKx9K`C%PRP`B94{-AdtGt= zQAwm`IpE9+CY#Z@oRADVNSWEYcX!LO9@OhfUP2W-wr9I99}Y>Xlfot#`MSWZnNr;AgAA^(+n@wjE@$gFWZ=2jP)_Iw9FNk zC|_#3<42YG8gJ*ABGL{opF`svE5*`wYbSu6&f&sASF{B_p_-CjPJxD0yCg7HL$ZI1 z`e^Uw1%5b<$R2H^O~v%h4`OnYvC+_j#c$MkWSqf(__nVMnU+A)$cK7o2kRXNtGC-U zKSanw9RQ%ObV=z>0Em5|>n+8JO(+*qbyD!FUqwB^WO`nKH|7W>GGh>Nvx=5!0`3 zL=BB1QitDlJLLXQA`lTKIC4<6n672P)!~G{Cf&J#)iUR0L}?|C zguXU6}AyiK1>{H6U?b@#AkMvOv(QdbeC7|W?7a~f%r zj7%M(q}$^=xzxHr@5+<~J6{|$M|Z`V9mAWT=_sJ6wD2@r8`Vxq$`S2oAqA&YQ5a~* zHJgJYE(T8JDB5(vCx=Fzx`5$=_nwqJLFC-rYIeZQywvqYB-3*Ku|p>3cy&w#vjH ziXVY93Qmo`BLkpmpAI`xC|;pWbmXAO?CiKDs2m-}7GgokHEv8xjkk0CaV!EmM)@!@ zOf2ho8c+bjcNj}Ao>)gTPpjB;5)N7AiP_}J%1Qqg+&6TqgD|Lqm=3#OFwrwrqTpKm z^eM6v5=MdgCi9%2;abBO9+UrpHY` zBKva=utHZaywn2`pR0F@5OGn+V+@lqpSE20pf@MgNm#w`tA>U)F%SlrD@4F!6mc-0pxUfIbZBWU3M@b-9yyUTt7oS86)k z8RDYGoa{CLgFt-0LIC$__Tn_T<}K)c0Q0>+=}@5R*z8yqFFZo|rRnM^uq8{3p_8xF z0AE7dj!cWvh;bxT#hMAMq83LT$$(Tfg-D566hXuM-a_>X{H`BGyew1e1riZ@r72m- z!JLcrpJSi>D#psuZv$)PMt>%j?gdsTY-=CO*f|^+OhTK44+}_AR_aVuY~$r|17Wra ztrBXwP3Vi}DY0XzJ23-qY2sud#gI_aN$h zR7XVS=zMFd4S(xf=lE|b(IcXIG_QJ$>#sV2|HJHc%3fcrR`IrJ;wmqcJn&>t0jtHi z)On22qns%%-0ty0WzZ)w5KxbWO5a0}89FMfsF0XKw3d#;w{)lFZEhSb0zv zC+QGZ{g^v9$l1(f3~$pB;qh+!7dZLu?MOj`j>7Yg!SMa)@c0CFxfcv9gPL9*8aUqli$?wA6!yCG zlv&(f=}lazN*ao3s5iG)VT=@V7c1#;v&+qlD4QZv7^#AQ`)}SNFu-ttzS8NYFkC)mPzuzR=nk(=GkEm4w2H$h7q4GST!#nD+1vh1sNvnLK@&cJs?6PH#n6g%qGmj`U_R9 zx89xd7bCIvCL9k`6kW^)-=Nc_J}XjJ_7X!3)kE5jIc5ChJ!s0uyu}=!GILBrTzD8w zm;?n{u`OJ~^^?P6EFu3UfzG}x4&PQpz?RvpD3SwRv7{>4p-Iw;DoSGzP5cog9h3hv znZYlU)PV3bgi-}l5W9^puH=EWR+Bp9$#B$3Ya4&1{ICj9E4IB#Yrq)3s;E)gCQ>dB z%2W*_OBEZ#*H{)%KF$HC5_|dabRIGym+%HK{5?V=;0WLBsBAYz&-5IFW_hGK$5}xN zVeEj(7;hg^)~rXfrvyAsY}Ph@(9xR+y^7W%4XNGur|HWx&kHoa`c&kRIptSt=9hZ8 zlAxCLeic6G>E`r(Vz%Jb1xKsyNL@f`4K>_^bveQFRc4G=A%WtNH9?3<#z!%;ggEe1 zknC=^7O54NC?!juql$TR2$eVt^Ok!C)x6vfin-^FmwN}|{c#JoQ(#`=1^rt6a2DjB zek7+n$bT7<>M8$JUg#h?0=!szDn}S^Yy0rx;03uh_r>>u-Jbi^YFT>rp0f=NJjOnnS}3AMEI+s%QEj?3X!#^EnP(v(}R zTFG+uU;OuDP8W}5P(#tZ5}!d*YPb2r`8ibIN$h;YO0Q!!VhO5tkp5$lxl;Y-AGIyE zcM)R5h4DC41`G0l7KtJVEU;njY_0afXqC1j$}W9Xp@k^CM78_LGWXkD6h4pKw?3?< z%06!#o`KUH_~!#QGI)Q`+-M!WQA+JhQu$Tn(1glnexSwcsth9n@~2c{cIbvvZa44_ zANi?>v0m`8m_u+K^*R?_kNw*T$1Z^bLoN{@C6^ZJ1vZ3!bnQOiISJ`mcO3R(LSwAm z`!J?#KMXpPyAg)O0%oE7GFaROrlUri4mJ6l>Z;ygPG{w15Hm;%Q|+>Us|(etV$}Gu zD^3vNS&XiM5Oxy5!YH?_AI?uS&>w1LlkH*8o?@^kPE>kCr&S@v@G{B2oaoCE14nC@ zpeu(55X758{l2n$Ztgult{?x>QFoQ6kw2~~r51E)l@Q>RGMoE_gaEvWO~#q=`nQj0 zV|03-qH&U^Dk;e*2xc%{<<}DV73GEiAssIIR~WZ}fNPN1CZ}MrAm?CV>?0haUtpa( zn!FaU;OQldiBPF(9!45-XOPyh6EoR+Egq4VJIKYd;)EW>mlaijD$gz5QD;2+lb zP2{yZ@)3I(%&aI;Dav4?&~NSbX7$_i^UvFR@p($NEY9ShH!0JWO?TAR-}jzuvSka7 zb$2v%?+UR89~*<~z4{Zzw!81(anIgwc&)D-Q7$&pyUrYs-8iDeiqhqDgx$JP`}T3| zwgNpp7(h>NNEl%gxet9g;n+k0(U=16Bt2FKB2cF>R1jo7YGshb2z!iHtOX;>Vd$6t zB5Fm-2tuzcS|J6CD?jj+x|SE?BvgoqR6fES7Hh?dy0E27X<(jxokNrMB8E{`+Z>X3 z=MTaWp*Kf?H-gh1Yk9GAU=t20;L)SnS}o_s`m{DnAz&77qFe=kYVG#gI&9?5Q*Ffx z>i1s8H$`j+3)f-81$qEMU;_oEBqqeSUzdyI_{3yLA!5H^oQERfh{3*yIsv?}Q5R2` z+Ctn@p#-;V2!$m$v~?Ivo9CEvo3(=V#e>igw&V!eanpo1XsCwZcGNHwm&`rj@V^rbUa0 z+@}r4B^X%sVmwhJBlU;mO9019b;^fncjFHRWVukSV((UAF;;np+K%3hH;J_Bl9N!` zv_bmp>8E!^%fX*Hq^`{cT3SJKYCqA`*AY*NYQ?&YQVP zOwRq4?N_S=)qG8aQCFrtIb0%&)H z^Nh`A6IA4lnqY@u$fH1UGDw+uVrcYy*zk$rYrRVG#`oS9#asUl-DynUS&d|hCd-RX z^RT{qc+mWXrw2%q6}D@lD`~QcGG+EBGI(`_a6j_WPvZEgt)BP<0|UbhxbV?ZP=l3| zGLUvVsJf1VU#Cu5HZ=Y@r1q(T^}{J@n#i0kAs-=_{C^14z|u~bNw z?s=$)9Wo7Mjp*7K(nCKNZIDuqm8PeF>eUi&J*cL`WrOY#<1$SPpz$5{$M<*+RD}8r zdynhEeD}zR-$#}kjs_YHo87`9U*Y>}A|M^3uPBx4>?+dk>LC(nihMa=PK`^TS}ed} zKu=lFaXYHnRE>_p8bZ_T?qo=`cHNm!+NXuLvOo4}v%_N?s?l2LE z)a{vC_$VAzaHe3i73{9h(^HkS$@x2WAGDKY0bhxAsESd$fJZV&!~s`>Ew#YPy)WRu*a6-Hh1JJ zyt_arR#eH)=(a#MC7)iMJSi9gY6K;a3YYPa{ZaBz<~Ya55JHVV}7h6e{ z--~N~MvgphQL^M8^wK0aIx^gAwc-r#4fI+~U2?qQIF&Hdo?kq80c8-%W*?e+q^<(b zB zn4wrn*WXG_45?79ph1>?symvp$Uj0cf7Dgx87&H|^Y$xy(SS8VQ-f1GKbXA?dyf0&o=;{s4Y9BRHEyTPA8ExpboDua^6dNvhP# z!zbUoEzhk(t$%Az2%C>Aiyc0-72eA)A3HiV@Etfev88w*Flq^2p~zmeFL{c57QDb@ zZ{Vz4V7H~!6{}?1Jb@;nEN}Y_O(@j-q0<_zvkPM_a#k!xfBm(#LU(V!uAZN-oR!ZE z*}`AX*8hr$fF?St>PoJrHwaQi=);wV6|B>m1zaHBk(x9ARNOlcu3myOSm#AoOqdwp z^w(IFGv|>z{_`%xQdXUUccSmeEhpyTsU_W|AF;!|J~8P!7O4oZRgL(sA!8~ z_T-^wWy~HqyHl>F5*HRTu5c-9>=O6&`nq{QUE8>S!7tM8c@6p0YtOU-oZQQf!jmRW zjUwB41Js%*Te3uDVDG2gs>;Vt=ygdwGc+cvhC(YQz>-29n`H#RT0CE zRkZaWRAD|xhO!L{-fcEr09I&pp~SPSyjrVa$Qe}W#l@^#y6lB@Ban*iH@cc<1$^=5 z-%6q#kRbe~K$fxW*i-Eix2>^6hCj~=niM|vpYr|8nG`yR?HY>Y`K-jQH}H=vn9I@$ zm7x)SKr=01k?ibU9jSLJsg@U$f}%{R#XA*bi$F%auWqvvSO!s8{el!K@wdU5vA@A6 z;6p5cFqwcmiQ)wkMaBNl3O_v6*H6VBpn&yFv$pm;?xVfs>eSc|;LX6a}vxN0*EiC#k0w8PH3v4H?jjZS&E#cNGY( z7T?HJl83tn{q1(`{Cu^FR;6b5aJB@?9vkC|v{gMa8FV4*lV+)_z;(P)Kd%8^Md};bX|oP^pVkRZHHm4O%Hg9mh@+diW0=O^<_+cO=95P<{g4q? z#s1t6pgpjufnZ;>5tA$3fo9bQ9!8oK`>mgL6w9{zoUNmN$FZ2ZMNn^BYtfAlt)^Oe z-efkGrUdQTzl^pEdoNn@HT>ExJ}p{7)ev`88N8x9ULq0~W+_P%X?H;8l|#9Y7FcJ7^hfW-4S`L_FpL&T!{=a z;ehds#^i;zx7Lt+gY18P})c^D@ER3QXkIX zKX$F)XK{w7B(M6fdiDR#&(F@vTOY*g8GC4OieF(*D!y^oP?DpYy2BQAOYVRbc7DJh zG+|`FLF_&!r6$7;2zcp@HxZbP2fGx6(!TyLWybE4@PV2H#$0edu`T}=>-WZna zYIha!ERXB|Uf<%EY-m5bV<90;>1tK}p~CVwz4h$4M{aD*tWin?yL?F9W=#Ui|0Ub? zA?dxASqW>MBNXQX)3D9vIK`*!ZuMU~FyYY0$b!R(iA>8fgzGTGV9x43)x$XCD4a{5 zQ}Ru%&0nnxEfk9%+b$=uFe{&@j5*_=t&XGv`WA;}GQ5zjBF47kk@VDvFszSUFnGQaIsyFto!r*ei%L?PrPS(54Jz$as9v@c)>@k45)86tY|&VPk81YkY;)Sz)LO>O4wS>#oVAfMi)1S{lu`a7dp{K^ zGd_|={kYcTE0_oR?czi;ollbGZIFjdqCoxn%p@nDgX&{)K`^OP-fq^`YwNK@@MeDf z<+PYreKuJeheNShdm<2i4P^(-jXqm9S$BcgUjOa%KeCZzN-xp~mjZtIje;+_(LTsWX=Q{`_c6FTU-nHV|`8kT9@14 zOEQpGHp)&AS7n;u`nM_FN)PY$1~@0C5y3;{lG?Z;N$G9&GW&isp}K^QGQm(q+l z&<{^J?qtn+NbnolzAMQ3{fOOf{)atGSXChE?W#RO<`54udH54Nohp=0)K2J8& z>homtz7>!zk2XNw^=Ra+WKGz?Cr;SG0uvS{BLY;aa3(&R-1(yQ3R3;APU!{a#mL)O z>!^v*?MC*?d~VLH$UHM9plZ@*!~=%?9^)B=Fq~fzu8KsiB4r)B$HgbcpJq&5<;|<3 z>gj6~IU=#bj!r8g8iY4+_M7rVPPj;*=fe<9Mjk(YToHU1kkm`EWdJ0h+83!Xbe8k_ z1B#V0Mqp?%CsrLVyh%9Zh-O<951h%V&mAmt8wkqX8<>DUMqltp|1n?iKZRTtSLf|< zzlle+TWN!|E=os@3g7xPnlH)=8CuN~=w?b@eW<`=l(+E56Z{c?6f_A(QmK=AlDCqG zIAR5Vux?+L(qm;(h!B_toq+~JURwH0(`Jc1pR^4L2F{6Rn8DK)Jd?%IKy)>0UEFYjc-p zM)lFghm}11EAk&!szW>#Z(Kyf{s`Y%k0NhrEaDZzcSG;0-`#$+QN8F-)U>MxOg(VP z13CG@d66sv-kCxU=&C@L0}r~8C!0tLwp>-jlg$gO0sNFC4jBw_c+j+;Y}#!o&u(zw z!M0V7;m~lx>RyE?}nF`wH)!675av&gC8-CdBTKg_a4+oShma*^u}Som)sB$*avTz z_&cd~5pi49&^V1d=KH_TR(PMSEN(3PiMx}uwv%x^QGMMf9k;Mi?rk82!0UGX5j!U5 zI7A&mm=i>VLK|i*bc&r}fB`ImISyxk$zkyN+9%n5_}X0si9$_pn96Tg z@XnzMTPi+aEZZm?z+{WmJNWmDEcfX)^VQ&9X7jUIu$lEx$aI1d{GdnYfDvv4Jns>$ zYxksce0m^>>cCV#)te<5h-yYbDon)Ogi4#79gd#9aO<~aFXXfpabA8{C7isQ!S-1^ zlw3SuI!*U8kQdK#OX+db7hW`H`Me4QfN;;9y%&vUi&37N^@EokHXzwYh=m61ie4#|q zXM^rw+Cxu&g$Qk7^Vv7iAnW;)?y4bVDQ#hb4u~6%z3n#yhr0T!BrI0Nd%^b(rHE{9 zFH7X_2E?9HG~d5Ef$Q=Wan>%JZ3Splwc2|ct+ux+OXp}N2fw%5ziywe6d)=8hQvaC z%CEv7894WYn2bg7EGP>2zc=&rc`=~Og4JnxzC~BDqY$2oh66huCpPH~l|BMTt=Er8 z&z8_Xg&e?0I;mD*PB8S_{#z+v2TnBiM1BSM!*@Ifr^3aShdI}h!jc4lyBLRWeHp5- zJBGET!@ov6nc2jW>r-W+nmrF%PAc+Y?b>X2AxmVR@ncw6v@)$qM=ZNUEojnzL%u5bn)yH zMJ?^mS$HocppST1R5H*9U#B`tIvbqqbjU ze$a*5r=E@HC^!QDCJLh`|7F0n_dk1maxYius)iZvp<{2#L`{Cws~aZZDB4d6kNhoU{8)5w&;j4RF+qeP!r_BMMFN%jje)U& z=0J5AB<62_(`Xvb2iAzc+b)#Yl|_%A88i~8F`9O@%&7yD+IVqxr%>vJs1{14Z(zz5 z-Y>uVST1wsn&`-^GFwo1_a?TqXNy=Jbaj* z{%*>@kCXcay#3SP#okk>nSGIF0hmZb9^-o79gYU$2;OI{Xt4@qGKo)E+&FsUo`mPg zy5~|i24AiTeg`pa&Jkc4_JtnlKL!L=BaMVy>mcLXHN!OMt6OauM1zXb+h(>@_n#4y zaEkkr?gPPy=5}-3NQHozUGtPoFAEYLQ-n(D%)96vh8Li}wg0*>BmV_Uz%osF=Y#Ay zR#rw)&@V3lX*u5mMy6EdADJu4msb2*X-_-(WP{%IXQa4cy)A> zQk{6?D}TblHH0|QNV)tK8wG=*ZzXE~BNE^5YJ5ALq{&(T^AZ8+b7veoXzI(j)W?n1 zY4fDiF1TsW%Q<2p0Y!|AeI%_>T9~AqLT-u()u`9G49A@@1>xAvlWR)Bsk%x?k+Q7CVRgM|;i2F}upxJ%`~BbGi~}1ca4%FYP%pxXM?M z?xU$?Hb~BFGK&OX*qZq`51J$2MwEvXggCK!|YTm(hx$u1qSoswncu~HoEiLU&;NCTjz)$E-&n4-_T8^etPvBY{sM!Hq3 zhx;alWG<(I)|V(MeDXD!II*=uq>t=c;2` zlq6*D6q-;o8J3K`$1_{pO63*pmK)kk1r?(;qJ}6z$zg+%R-DqJ6jJODtuEh-%zj}k zle8_EZ-8@qX%Rn@J!oHo$cZM}FBpQ0Bl{2yQu)d$kU}E1%Q`a_#)Bhiso-6d4uq-~ z1kA(WxseGy6$XAqK1CB!+fcA1_E5xti~}#04eiG@cAN^N*4N?8s{;&NaGvb*Fy3-m z;gf6TG(BO3C{tZgL4my2zXW-Z_$6Af>AGY3WI?GOV@{Dr{&?7rXvUKVn|3|BBn1Fv z_a+og?=oRHlqfH**}``ls;C_{og<_^49Ike!Gq#Oc(H(MsYSSI^!bJ8^oti`X~5Fx zN7`JA6B61qb3HY2og#rNdIs((t2De|a3@4P5_zjC`HJvw(To!t0PF>g!Fa2@9DB6Q z%AEx%;qshLq@x%{jSFvru?cnKIENwzej+%)lf%QNlv+#py9^(zng3yk=sra%CPY*f zC!M$)UL?a54zGg#zhY*HcX$xkZM--=D7Di{#_-U?&5raM<}}!8od#MCoR@pSKpiD^ zUNv@p+&g$#YGY3q)}g76;k@))!~x!~zl28b?C%0~KJ@E1cW?guX&=eHssrLWiAV6p%qD&?7Y*6=91vIPZ_(_#ca$$PYASM z?@fopJDh9?x){MMnM^2RDuxX~))Gvpc2%^f9Q0uzXdTul|IuMpXI68^YMx}>VTlsecKrV z9}OvJ@>1Sp7J2l{6~ZDn_OJZg?KdzGV~X&TB$5|f!lrRns;!)r^KX!l)q=EkVG=ZS z#G7op4G3aVMRI?A1Fq$DA1~PyMgMRPm7C;IkxZ*y92X^ZX&+>4w*pX@P%0a z{%;$(+{(&|_}Lp%Xjc{GhW2u`vr6a~I4&WVPDmpaq7Z8p#?per0Inf9(}|NQk}?*j zW@(OSs07tm#I4N!^%!A@Zf?kaG3ve8|^UNCRDIBQsS1Rktgu z*t2atXA0YE}z~nqHr*s_)2Ey!#*BR2#FF7EAm0zRKjr*wFfW}imM!iPKKge zJ*%D7R!wZp9S@cvLIxoZbQUX$89kX!H%Z~k%NKbS^Dg=;26p)C>R%0FJ@hbe+;|3U z`;EbGWgQ(MkgOU>j9-eCs%XeE^U+@o2`E_u*IThJ3~O!flCa-oNgc`91{e9fnm&7% zsQ4$0B^fOOIPAnH2QgIfp~F8%C5I_rbH-ctmOT{|J;J{lQ0Nv(RVoNBC4N3be-B6< zZsG~pt8f}%gz_MU6XFjRx^z!nUd%Pl=Gyiaiyt2sMz^s=N)T zI8jNw(FkYX1RXQc5u5b$=${MARI-0MrL)(zsJ^S|?9WjO=C6I4jp+NR930K~vQTv6 z%V5GPKQX2^j%NpufcDDGnOT>dH!j z5vcUUUMPn?0n8NkH*LXYmr~0prKk=J2QJ*!>GReJh*!HPJ4?U?bF66Y>RXi)b338b)^z3W zs4-Cn7k$0m175qj6@GTH8{meI_{yu`Rtq}WS1>huQeB97MWUXWKAW~2A0&!(5vBy^f9E{AX4GQKT%sl(Wgn0=B5vN z9Zo<{CiuRc_F=nN9T%bV>{o@fggmeX>kSTO9%ZXMDhPR;giR;!B+qMW9Ql$Bx1miA z(P}6PtOQf9F{pGgmtrorP=r(0Lhvt%a{~*mrb3sVI*-~ow=$GTlHgo=(7+Rr$njrB zov8-U1_~x$xEWN(nGKF%{XVGE+-6YcCs?pWNAqHY)P)(=<(Su;g1Ejj+30|lMbBJH zI$9oUr8(ShH@5PO4h7YKDEjt#X`FC3bFtVtu_7QUsXY_sH|Jy253#ns@o4k$ldr$| z*1PCJ3Grv~y~6CN^>e5dHjnmCooWM;Z3!}I+TGpSF6{1p%qfi$?f|XMi$?wA^jOzd zR!Fq5swC3#;YC+AFD@d)8SKKAJJ|-FY87SG4kKf1q&WU}ha*vqQmc(wFsJ~Fuuczc zCo17Qc4+_K-eR$2JVbdmrG$-GY1XBn8hM)ypB$ea?9@*hDffSBPIS%n`D8o|x;RHY z#JHl1-u}o>VXTU5+7+LgNY)je9G7ce2f7ri44T}`DAnf|B zCZ#sXnqWmX*S>wCszR2B3(uBZTv2J4md~t&#MRmSE$`fYLt1yR(uYtPH`s<6=`+om z%+BQ1GaBcS)T{0{PF@}EX5MSV2RYs78qK=FzmxYXe$d5hn`K+#xWt>1exT8DEZ7*% zs=cNA(WKvv;!7h@zj=4y>6%FiZRVPdup;FAlRDqPkdtrAvB#j8jspF)km-6y#yto5-mO+sGNMGnt4(pP)-KGoH^K&;RhACBs zt0X!|159n1gT|)V8X2i0QcC;y?XNryqarsD{w=D=&<+O6#H#FF;?*7py`pLrQRR=5 z6)lYd^jC21{%~o-b8+m;VHo>B$xb&yDF9eKUj>0pvTh}sgC_cS7Fs=YD%+M*%KLEP`b59ISyNacR>O`^X40jZHV?t z{T_RzMAtry5PqZ65pcMEAnkl7L$4pyqU*(b;@8`6o@jH-{t%bu2YR>LY-YDKUNPlE zx7~KV3vw@=R5xk5Os@!Coa`+)`!?GAk6%hOTKxh$AFhNTzKOHhjsvNj)d$hPuoUk2!aW|c_i38((@ z4?Ull(a5`sBQ)L>ow8$N?Cb(r3C%9R7)~0*Lhc5&l{YEjnQc(Gg{FsID<+2A;`53_ zj@35eQO6c)^_*~Di;i04?$Ywl2bi=~_f=UqJ2tP`s=(k@8N9{Xh~3Cj){dMS`Ki5l z<*{n!AFOs;RINAV5{ez=A4;O#+y}X%{Da#J-et-^v@4KpMI6_6s0|gX$oKwVmCj(wAjxu}c&`vL6e}d> z#{DR#hVO8Lca)Q%H|)S0<<#gIE9LAs8M1d5XAqwgOMmfFCAui~W&-l{lXtv_551o6 zUzuNOV)2w%gm=%IUk*Xd-2?w7jGlbn1CRm8S?u%^-vAa|;K3j=ho1yi<>Ip<9enYV z!4g07d`OPrXP6Z8XP%xYnW$rnceIAST0DylhINlzp95v&e#OP{h%yj(T!@=LK;!i7^3Gbmn7gN@OPNy0B<>${$K`uSmNHl5|2Fl5NqNTcO*4h!=jkpGlxBCAC|gkk zHCEE6RxW>^%2~C^&lPuEC6KDOjkyET$d*mQBrFYU59YOlu;o}Ni)?rLd5H( zV!B#)*73IRiu39h&$~OlUB7Yp;_Bt~tNz|U|Ni#JL36kt9E69Xqu>59K8{+Glj-TZ zpKgA>eSP=Kzy8mPm5`5C&q}r0S$Q=&TWz<`)y9ej6Y6h&6R9+nd1cJkA}y`sal6lMTKcL;X&F+kR!Cjvu!ShavDa?C zQ&P-Rnfy9ZUB?!mrob&EEK2m7`i{%niJnrjDnu)hu2Ed$A5*qMaf-`ff2mS8x?B}L=p&R~s+ zV(4nwdLe>gUP*{_3p?pdh9gKp_Q7siZ7IB{wQ;Jwu>l&xy%$bz&I^8+b}s}z=@K)n zlNYg1hBVY5V@Ryq822MZ;{yH?GhF7ENqgm`bSq@&JyvB#a)R@Gla_Fhsov`;u&N>| zsn>riqRR9g-F1>x7Gje2C*;HdVjhJ+Rz4MxcNc9T6%g8nTS78cWh|F}o)`VA0O4FP z&B=KBWV0Ayl?);(-9MV`4sVt4a^Rge=sOBDB!D+JXr+MOhmn;DT6}QYtO&l;0rC?x zpo;J%UgG-0(d14!-ZGpN@6Ainn*=A(1=?bv45Y0fg5hcqlI{*&4r8fI;o2W@Nm);; zVXHo;S*!A}RVGOF(8)#UWwOd#TCtO`edeBQJ!L}7A?^i4iz%{4u)B~|iBMo3zml!A z*ubA$bNrR4+$iRTk*JvvD>?jE~(3+|{1=^I9cZu^PJ;r$XYtXiCB z<7LnDy#raW*vjeqjyd~=7A&x1x%VdDy+StU$zXRQaMB z-3>3oK_sfzzSl#O-PtpdJOp+QU%b#BPmWN>ns`b{`E8Fk4^EmN%d#1BQ9;20rDybneppleZ|um?;sY0B6KN zkX{5L-BzKwchERE+#+8uY58)N2NHj)w?K?*wdyY$ohArUFLukCNZv}EhuNY_gK5iZ z63dC&T~EC#bZh5X|5+J zi9XTwgehjap6JhxePZiX{kXB)+_&o416M-jgvxsmPV?qJY3tj?)#XQ_8 z+FjV~6G))6=Rydi{-um{r&88_2Sdm7hJLEaW9sMKW)nB3Y>Pr71=vEOFU!IkR2!3z!Q~>WFscH|lz@+DCOq|MISi(N4M(=hk*ckC1f_ zG#%TFVRZ;kk^x2Z!S*F>@kSEOC zpiccu>>2{DNk#0ih${CKEv}ZF&lNG8kbG)7+xbrY>%7?>PI4(;e{MFmigapfBrTHe zah2k?4u3Q9R`RQih(`N+LPBwiEmnUh<}>#1l%%soki{hsBO2_hCZ9mX?;#MRwAu>x zmXrn(PGwnSj9~7L;#L~Qjx%qh=)La@ViGdPox*B%1JlI4zjIV-zu0Rw&NK1!a-E0Pe|TLg`pd68}TK2kAQWO#*^iFv&6GJzYIq9@r$Q zwSsr3v3tYH{y^|2K{1lgip6O4*EWVlK3`d-*kAZvv@p&U!f%lN=mrfBqY=n;cE;6T z&q_}bfNTZBBdeTz5c3BhyRdQwS&B~>z+`xfs;5}-XQjq#lt@}g z1tW`lH-eR}tai8z2ZQj25xjQP7s4SAhP5PouSIg?jgeg(>?;&b%4OCV-+#oBe%mJ6 z1l}8agASM3A^%VqwVc|_=qla|d=*MTx$q&*CAt<)P>4ZLcX8?8h;Y!8+aEdRAwCL< z2-rfb*69Gmp4*xbKNGB=if;h9NPzGHnc|1P{6#!1pL0J-4Tm}lojBzBBWcO&dJx)u>i@2yb|p)z>kM}CG3Dh?tJ zRegu(!X~v{MA4~Jul}D`{TJE|$)9XKbXKNAk0p*h&^JWZ{r2Ui+FL+Iyu!zcuOQ-&l?{- zHzhFI!6~e7iF1Yuramk$0)6%nUD}z{Qm+JazWS3;;i@YsRa~+v!Nw0;pT7jcbHaZ#vgu_;x#=TCPtj zdeP}ncpO-?B{(25xiYD0#o78(Sv90b;W1_r6yp6^{%rj$UlFBuVZVoF`)eO72@|RfQJVkN{1P@(JG3w0@g)f3_0c9H8W(dJZZabm`2k9DaO~~EKtZ$=<$_M10uV<`Q z4G-=rxn<>kN*-z)5@>(`QsdC;Ue|In`hl9RCNzv-!Rd~(oSqveDU%KF0?*bhDTQUS~?)qbF_21A9e2d%fNmw!WE7+>3llp<(KwvUwt#x^7}sI)STL@_Pip1ohIte<@>GKlQ0#*kfB zHd0-(Mk6SNk-O8LU|al1pbF?iutcz5E2ZT*5fLNoLk*na;n*nJJniwn_ZW1l6ZzDzZTa`9P%q93;?c*aI`!(WXhb9U zU@K1Q&zp_a_t4BzA7{%oj7%A}CDO{`L%V-&XKpc3I4cELQ0dyrG9r$3quNSo)Q58- z^i_HFJ!Q0Ob-umsR6(q?ES|NpC05^443ZL5cC8Wxm9zZTS-uR7=x;~Ui)b<~MFEDy z*(k^8oZO9w0M6vq_XPeV&hjU)z@vUeW$jnEz9pQUx zoPAh*j}brZV#L~4;`9I&?CKl5;}>uW`}M>5S$U;YPUL&vzbsK_s(vhsc#6yIv;6K^ z9tdJZ{=IruIxE+x4*2B+znH{UCwrCEvkxE6#;e%N^xDG?j_jsI?e+72um0M8_QSdA zn9B;jq<@~q>q5zid&q()=>!Jz84aeQFd+)uvGm*RT1^j4P%m${f3;Z4c|Pf)mbFe? z!MwJ@_XKC9#2#^0=1=l=!z!-8tg*lhy|7x4EKdr)bby?*SZ94!Hg2oHGzchj60Y`& zl5aY8ygGy&WkaP!q@vCa?vQEV`wqRQ@TiGfGkKktw9GO=R&vYzOGHNNzzKRVjqrat zDWK(d^5T7N*$+U}%#pN)R@ivU2K?}8j&@S@23aiat>w%Q??0xM^-&dovjng4O6B)f zG22D2_|&0Qe#+SHrM2?Yk2*jI?7KDueT|lD0MYTdp zvTWwV0Ui)-TVUn3V^fEdY>J7OIQt-G4}M;peJ=`BL|I$TS0l(p?_5wz76c;LgYdkK z+YB7-@aazzXfwPwG*El3(R?-zU05jT=7b-XMXQg0jin}bz z=In?=%qvuUU28VWi+MC5XOqu)$LoAid}pspp2pR8#PG!T$vIifrOe!vsmmRW1~Q`& z@&q+ut;1nt9g^jErgRqU%G2%y`a#H1Ab!7s1n^djSh@skmxsisz`CK`bfp=kY{?18A=K0g=RIi&ku#x1c#$Y)*2MF1;bj(7#lZUw3SWEv1U`k@ArRu zY@3;lEs0r8-xU_ecNry6;ku;=^AgFg&zFjhVnf+Sn2BMFcPePzV&@vJFZmsvr$!UY z=wv%I%WMrW>a!Q7JAcQ^h={?1mk|^rd|Q@U^~>hh6(XBJv%^2~DAY zw~Nn;98rfZq?C=b70r_U@{8^Ev-5Mb&?|}*z~*$iSbt+BBXvR(2XwGp$feRF7g>r(Jf;t_KUdb1GsI zEmjj!XQ~T7>#lF;1yh3Xl@h2wr;i-^FDAR;lKs?!+P11;Sz&8|qyv(2Q6JJKZ;+rqoR zORG8(JZx=>S`=!uc01DpDytoK;pp+?o44^wyx4oa-`G-mCS%(5~>7(a5?jB#`|*T@6s@MslDI? z+C}dL_NOSGr!05F0EJ*gt;IPL23JzNX(?mo5wb!$)O6;2!q{7cA1;GHn9z&BbHYFm z6Q0yOX^9GBvHz;G`wJYic`v^wlMF)ixd-aS7??ospI4)iRo~sezdSlJ3Qo!E5*!Bk zk%Br~uoiB?20D4>x_gDmYS!BEMP3d{p1GHQ3nGyW60ZSjYYSA&kpP^!rJ&%-sHg_> zmO}(zLhDv(VMrs0$mmxkR4#JrnneKwJ+D{cs2kEHFs*Z?;ycD|7>05GNY_c9aC;2# z6Zl=VO)oSk)gMto0Fw}3#dlyeRLYoi=14Idt~jbISREV?QpdnYhTAnHWTG0nEwShz zGo=tmI(%u^r4i4WZF=ISJZZMX5V~8Md0bv1RvC=ufF$AC9AUt~QM=JR@3pnh;uD0w zisqq+$7=fX9|x~ZIBYbo;GUDQWaNE7RROT6*nMF|gt#%>^drM{QEP+T8I5XCZ&16x zD5Xj&W`K@7Oe#ymTF>CpPMDLW3{iDyzLZK^+I%_nK2o-pRJ9g!@w^uSZ1vTPy)6Q! zgmsLzHBk+A<|1h`&BWj6Gyd2~G$SWB2hz={t|AfCT zTEBd?8iXC(so|uGHqVnjU!YZ|qC?)O{0n46{Q#0NYz$R6QSKZbHaoj}#|m@vaC}ko zL}CA@{f2(Mvx9$j67R{6pnpqHowv29=H(p-BhxL53tCH`L&jSAT;kPImWVUQ^(kA( zF@4gzBF>yKQBc?X)mI9%YQeI8WHx3{rLL~Kw~EH>>9%kgBU(dAT&pOR$T0FAMGvz~qJ^pyTFFcJ#nIey~fL8QD!T%zpUMbi}gwvA%atHf1`fiVo2}aQOwhDk%$E z(0tudcSY!Gp<^DNC3vRbesTNFlg^V(jYUakY#q~&JGS=uM>n1C-(T%$wY2ZHRJXEX zLbBsXSpaZkIrDNywGZ;ZoLXO_GbkDbsmS0oxzLPx2-5BE+ZmUisWV1bFd0!ox$4p( zTQ=|rMsFtTub@jpM+EXN&$PW0@kI56_syGec^esWC$p~z*bzyW6pUUvK{kH=G zrnnu@=w4ji4%+SR4n`38Ab^g3G|S-mzIfdf-_+JB;@jF9s(_A;cBp;N2UGv0ANarP z$p7|`k^hY!(QG7DT$4_a81UmK8}0J(Z*TP8zS5coXJW_R)!_|I`Ny?y@3(>5JnG>y zc+o!ohdgQntDYk_#CNj0;Fj(lth38E-@J8Syo+Y-Vb=Ouuxox6-3lK=Fxu#Xdv12j zA4>z0rnLC1YKvKli%(KrSl0y^O8-TKh=&Uc-2cb6JaSB@YAGRZ)HZADpLB3?`0#H3 zst=>T8t2FNWhwsy{Cmcl7)7zQYaHNbiQdTirhz@wip_1-HY&jDWM}vs-x-$1LgVwP z0-DSE9?JNnBH**@0pe2fjA4P!4WrG)&OdhF-#&1CeVTkUU_F#v3e#@C_j~C_G-QGe zl#m|U$%0S#gAb9PcNVAg0)jO7!&wbGu&2jC7_{I#T|Iq`?*;VL+NbHrW(?4~Te6hA z*R4X=3p(tR%e;%r4MI)AKztKAOp4u!4Po^kwLAG@dGf{ba$wFSfX+QRaW83B0rw?JbkJbyW{>l__I;l$lXVW`C9sD7ULa-F_ac* zhwHz;VB7N+yzOG8WEh^sErym=Bo71Usl-SOg{nMKDKHk)d#ptY>9(y3t}SLJf6r6X zfBpc&R!N`7CMjbT{3+#)%+&_#&AWnXIg0Ir`b+Tw24?I9=2~u%1>npH{9mPbUp2OK zNPF-+n0;FLf92Tl|AhQL%S`EkTqsjkH4-ODic)kna;wg-7v9CV4?FU6*oYCe+DECX7>Sd9fKc{3_ixM}Fp;dwR~hkT zbanal*Yd}=YwE{i`GZHsk=bGvRjR;9lvZFfTj6_bMC+UmNwJ_3RIt;S4-E)znO88# zBmaN)-n^lWBWWD|{fj*}8FIdov`c=xe)gJycVtM97n>NCD^8hX>!`cnLRVHBo#`HGrU6BVVF^$uKJsjpVm>S}#8TW#ti%*}7}&W)=oi*RAU_y%|QB+em_+wC#$t@F+f!M)8FbRCo8pwTHlPXzhfl)kPgQv^@2Gb z_lJHvyzB?RLlfkn97?b)JUmY`YRS3ML-?XQv zsny>;r?%_ce6xOG1rysw>#z9?R+y$B(+55cc3$P%JE`8%cx!TS%Jkr4Hg+(>2m3ebNG$h{o-MCt5zG5Hf(<*C3c-B< zw4=Cu>LoPcWGGyo@OZ-EMdQAt;}d_Pr#Vg#HWr>)^x)3+qz!4b(eA8Jd{?R92XAD$ zJi!r-1M--+hj-r;e+Evv_j{nSa}iX&4^<+&t@G>Y{TEFJ^s7B1(we)?Q|>xV6Gk)c z$)u{~ebLCuz4Rra;8!VR$fO@2e{U{T%tf-}vV&A+YMUYq#yjeue~Hc=*9!^1AG5pf zm^D6Sd>1&=1t7ZbwZ!=+@PBSOJlN^vnJfPEs`5(i4o$3)WLRtRcov7>(;SHLH^^?u zQl{9c_?Eh*b7gMK)OqpsHgzaVGuB!tJSbR>_j}pO{9b#+9s|YA=YzrrTnPDv%h`isuos0y87P8}Y_&VwhgxJuaHBKjQMT;(- z7HJrEw)cL@jqqzVwUn;R+I3U5oD_<89hS*}NXRk^W#&`Y7#s3z;^f#MGv}7SPYA** z8pf(~3kMJw0`UT#6@eGFxbc7~gL(8LdbgfEm^B8$^L=7RjbJTS_b>}NsUcQR_|9}{ zPX_Nz2GN}qd^hQIlRoZl>}@~WI)b6z-`~m3hpvKO9B=O&VeIdX7dyvCcMHioIiPPw zpyC+=`=%oCYSjZA_ITOL1T275>luyg$Xt}pyUi+fLh;A)t z=!>;xQFtvKVXW394iqB>_dH}nN%vpCpv*|V5+FMd>Pz)|8q6;eM2>6e>RPH8cFf%G z7i&-B4_sc2hQ2q7bl5WAdu>8|XcZH(DIl?wj-r;xffv?3fYDI6^*{|!xd7ERl^3bv zFGbVVD^!ais|T#GtX})KfH6DBjk97qsXAeXE!K8<1_i3x?xJACVv=dQXEJHS09A&$ zszo76Rm$oDx;VyYdQpf#uDmx|Z4Sn9=)-BD?I#C_N3B>pC=yJ2w6#BRb88{NYM|d` zSea=D;t8f<@?NPu9bD#a81MQu?TokBh{Z*W^|huN4OKiYRxrj)oUoZpc$!T3rC6b$ z2a6{htm_qidRSep0@Xz~J9Yfd71?DVNrI?BZs62#3XAGJ>Dam7-sAu5&08C1Z(Jw1 zz)S;mhOrP@7%`xQmp3?Wf;TW87@>}*82|d$rxfhEw0v;7N_gZ<)ef42%kHNdVK?FD zWWv9*=3q5*4(0}H&Bf}3d0L%kocr`x537)D04a9hVNS3=tE zX2}#Xv3|L=_hM(KwY`h_Y(R03nups5$NPux(n*N=r+fFicTy)ycKKHdGyeSW2xHZ$ zSFe_l{?QXHWkpMQ`E-?HMlC;)sCSUuLPzQ?D-)&4TU=oI*KLN|d4hFqY-6nLxTZNM z?JVPdQa)+D`Z|-~S|3^`&zR;?;+5}pS|=t@J*2c?&Adycv;soxuQFvr@}8}&6>DbM zd^fVvfJcDG9H2`oNA#2<+4&q89%&r)TUfH;xIgelR}@jtWr;|MxP`H0iFn6BaZ>rv z)UV~%W{rrQl{NjW&S!t;b&;Db4%q|LJ!T~dZUFTS|5SLY$d0q(i=JDP~Rz7 zKvr`;GgcP5+QHj2azfdQ&x6S>ntYvLm^*%nOfBy`3cKTxKP5Nx8464uwq)kWA7D6; za5ynDp#5>w+L=;+bOk{5y5_v&zR`?y3k7{(MuSmni21YOX7BfL|8+mS?z>rgVQ1XU zU*Yn3$^s9&otEAU7~&5W`t|IY1*_&37+nn!ZARXOKY50(uR>_6ft||wfOXGfM6Pwt z&wV?%$^f|Kn#`_sOkf4EB}N}hHaNr0o6zRbC^=^t1cX2&NDC>`V{<5Cy5C3O99KIL z_eIJT><8=cQk)DIUR8z#$?tK)g^S-QeJY;8+U;{psAm&TI!GirjMnr%S-H9T@SW0MRYEb3!Fz zQZwK{WCUdBLji4CW5q_SLZiwN1?z)y7!RgThv>fl#vkf+$_?jE>Ck#+O0YUIG=BiI z&eB|l zYklYey0%e4qmV76$Y80n0xlSD1~~2T9{BF=5hEaGivfP83Berqd@s|w09g2?U z997v^aoUHI*ej`)Y$zJ)t8m~in`W`IQq+6JZAo!U|Ms0)Y{-CcVY{YV-#WaY;=i~F zI}b*~;BqNlz-A)vl_S+AlXjsF6H3XAZKd_P59=?){(3{$c<>bkG+h$6So-*WpRj=u z7WEed0bPy|h>(XwUjY zKPn4s0FQziTE~E;rJq-bU5PBgf*b@x*1^(U54yqVmb9HSdk#3~$M71_L=~|#e!upH z5fbEc@JtVer*jef7KgV+=b86cslZ5N*5=X`}p&V}6Tw z?X>3*pm4wmQTV}-Md$GtBMPk>W!jxhjDLz^DeY-+=~SIALK9EbQ&@hZpc|c5PIYT4 z+D%VRrjwI3mUd3eXUx?TPJi;IT!Ln1D*0jAiRDsy02#|C2SCvY559e&?DGqroFcWe zStT^kY-02(_-?U4DtIDR3UCvotD*BT?Gl2YG#SNn4K-#j~e&`mQNsv2{p)S!XDJL4_oEpm}PpbL}QqgH_ zydi}8MyKVW{-YoySSOl}I5@+SMMcYtC%;x+oqk<8jZVLYLu-ssWRnsKxP+6+QYF6@ z+>PV!jJlH0_68yxyQeqD`0;amN?hxL{E+Nqk}2J|oa z?sa!rdXjWq?#`l517eKRa#g9mq34gX1{(M#hJ+!$o&R2i<>sq0(w6vst zVQRXbXhk)4uQeXcExLq!oq@L(#$l)$Xj*H-Y> zj+lSCzw3n^jA03-(en8CM`LO3p$Toxow*B)OU~W;7gR@QQM!%Py65P_%VU2kbOsA9 z#~ig)ds?U$On~qloy|Yhms?usSSA}H8SYpmP0Xn9(- zDN#>(Cg*WeI&iqFN*rz##h*Yhm%X*%MtFsK#~XQnl(w2b?yKShu^m8t3u-a8zKBx9 z`O5EXKRw(y{8wvxQ>{Yrxy%2&b$GPBzo$w)??2)2E)Wj4e%@vfL;p>HSa3Ed8;1)1 zYf;#A8UZusf0Pb4_Ru*7Cj7D3?j(TWO`8Qz)gG=@awmKmn^W6yc$-NO93kheaoaJ2 z?>tL^JC}7?w`|1ah_?T?yFIRXCFTGmQMfm3r!z>@adeyIROic$@8@&lI|D+roLlA} z%i{Vv>>)~~m@+8N_984FL{DP7!YT^42Y8RcE`E;i9J4SJrvrmdT8le7sQ1`9 zSUgFrlvkC+7y~{WB$rdpNMYk+^IGfZ%kECDLfzgpuagM@+0s#}?jL3=d=dO%o}HDD zTlUXgBp*t(T!*8doZFr%`Hs z3zx1+Z+YOpDhUMxi0{?*-uChK-qG>KUUN$wZyoOHmyGj(J}Tf^{iCoT@U`v}vf-yi zo#(We#fj%Y079d7U+f%jAM9+Yz5TtTA2$xSHfIK4HubdZe(wgadCiIwQo39ue6-yU zM#uiJS6uGQP&2OJf1_u$+P~Yw5k2JZ&FM>gTDxJ->J>jJbGb0bsq@PMNoEJKb`jk0 zJ}ctdDE<+L!_`n4s(420X7#ruZ8)>SNxHDCH)P#bJH;m$nl@EuBHw8d7`D^JIw_#G zPFI&NVch;;Nm!CD!D_Zk{|_x;Tc71wTKT1H0Z+hvD}di41Bmf)=c;#pj(>_5=9zS@ z@-k*XTBa+q{VB~CDson4mwq`s~ zsPv_*Az@7szRE)vcq%#{zFu6buqIZ0ex6Mm9?r$uf9@`R=)d2Evq$kx}?^=SzCSdNPVqVA3j=J{r20nzpb22;QjKc9qI`cqj$f) zYrQL`dHNi#oWcBYk9{BdsFI~mU^O~wO|1Om44Fn$s5%0a!|0Wa1{c%aQ)+aE7Kxp} zAH{e`(@KI@!*3XSJoeWdMutM>MH9k8beCqJ1A2Y(WZ^*)C|`-Q*`?SVs>Q$HXT0yN zh+aVAw32=3-v>#IMbYr!EM;osfqBt=fUH!|$g> z92g?cac(rUO(az%Hv;MVPn2tmlg@uyJmYr=*-TwTD=yZFo6$d}Ec-m)iE|HXa&(@k*@n6HyEV%1 z-hJMqoLb7y%Z@kAcuXyKp_2;oluc*C%gk-WAc~wI8>d+QaFMFP6iKznJk6tGN@zb5 zPfjxV;#)BaU!NpWg1Y{2ZppJnAh^0~J}~;rEHzm^U461VQBafu%#FgcVs~9FJyGwU z%vb*7&Jm`{xYwfgFc^&JYkuR>YALAkn!|pNba2(#g#opp(XJHS11R5eL5$QR_CY>F3Nwup;1)~U<@ww2`B<0EJXy9&&stZ%k(s%^PzyIKS8GYrWCqB7J z7v|rd3!h|Xe#E``;k#3*4;uXB)|+MDEzp*;33J8;!>`lYfYHjU2YqjvC zi>$zws+pT^{pp8^NNHZ9$`JQ*(c+Y~T2{dlD`|A6xoX|yD07O|5 z+a-au(@rlFUT3vn<4r=7;pwwYwRT$n+cZV4yQtfuv5e8xTC4x9zNC#yEQM0R=31MU zAWYDxJ>q`pFn*-ul~k=I7_+L^{^G0g@X{yE*-@y*gUg}Up%xMttvKuI2Y-juXow6b zneS}$Ssz>cx&)M)b!rJntXE5XuAEX_)mS^WlVctP;0Oqs;Z#Y~K+3kFWSdf@g>n2i zntWe&UgplbyGDfZOPlSB*7jDL@=Kd-jAcB>&teLJDUUIw^1&PZ&{D`uZ12G^Kz~Ug z*7!~RyVd$i{h>CeWtH~nTJ%TF{XcoX$4&q2cKre!DuruC&$N->9uI>NS~YvHx}&N@ zgS!eYugKP!72`V;$r-A~fnZffhJn{_+Gzvnce0@w^6(iW%Wbnv(HY3*F&cMK=SQ$D z>B7msftInAGZl&rOO$##MjyIVLC6rq|6CL|Qr{DzrKE%?A6*A+-?^R}z!t6x?|WZZ z@LsIb7Cy1s)9k$beN=lF{JEf!=T!byIOMyzh0o(oF)+(;qz2=mUmN*1BZpr#iU^bW zR!syPrghpaex|zDOxO4+Z`WT){bx_=U1K|aBA08yTv)EaEa7r#K72H<`o^8jLDR8< zFVHlMV~qNIB1W1QUNC87l3q5kgBS4}z($CbiKd2`u@dfI$v;~yGk=xhMw~}M$~^#| zZ>^`6-|^$sHC6kO{+{oyA02LG+9qYz80+7lGmv$5MIj@tSB%85B-|7dp9GV&v;CCl zHfzBQ<0vs~7Vc!nWe{8h?Cz$vQ=ebsH7TM(FC6Cby!Jbr+Glwjw&FVP`2jIv+%nxe z6A8D=3c~E9i*!-7dgbbM@6T(Rg}UrL7o~-dtykQ;n)p8yKb2a$$@i zD-jQnGLPvDjJoJBY0snN#T9{|3sMRM6r$fBW|wHX&{ll`T1E~GL{UxP5v_$qh%2xq zw+~NwQ39^+hb_N98s7332Pb}zm)eDUa8bMP;r?kCKHNF&!X(eM3m@*5cHx74(k|S= zA??DP-e?!TxT4K>ak`*c-Y-sQKT{{P3wYGX$B*O%h%oqtb~pt%kq)CFot;xi8V}Fm zu;+ELC~m4~blWwb>xepQ=fhE#BfR(gYc{h4O1w!_9{0b&=+YnqoOO^zL?9+v9I@RT zwh8q-%XAlT?F)cqmYt;FW6=)Ta#2qh^T3CW7WE{2&af1xqiP)76_9_C^rCS*8820{ zhqeg4U&lg4_+IUYMT&-fUiTL9Zxq<|%Sv0>)~+A68Yeqoz186Gbi#sL%Yfi{E1J zGm2aPsCMgJ_y}PDsV?+9#ckD%T#T-U^{|qxD+~0z9iz&qXHzPhsbjgdQ(e)U;iKx3 zo`VmqYr-HVS$t%f9-&jHhp%3}v!3fq?}(XtEX>pbk5QNTd{P^c-GZtfBL7(=PV0s@ z7odxqlH@1t5&4LkP3a63TlSNK42+Yhb6E7R<7+%rHL-7BX)xu$m)s1coZVno&#aA# zNqd7Jk_J5sO_@*RiPAe#h8P8?-P@{$WHE`1Pk4gtOLRbE*b0S5G#86VV|>F~!W6XA zC@B!2C*ai%Z2Ks&M`sh9sr$qa!V;7QuD$&&@v?F4FE_$RqjW-P}j4TF+ zouSu5Q7?JY(GJn|Z($7+UCFcOS;ygw&|xD%uRt|360 zM69f?#WaFm>g=Nt5ESA(;{yrR2N55!KPL64zQ)%N=sJkc*li3iMN$CNL}jOvt~`Lw z-*kixhp!b%nT7!9;n#?kbRI&@tW8N=XAO69jZ$@%Gn+2dE);4r#)VPvLHH0jWLN@G z>a#w10cr@lZ)hpENV*iOXOIS=kd7Ev4}EMmU^ER6Kd;*o_&9Iab+gSQ2VvDMSZJPH zpoWtOyA#GmB2z02=Ye6(l?Ts1= z^`818Pd(Ik<_H3g_pkY;n@H+&^4JMQP@>II_xe7&(jDTqTTjkwnPyS%NNyP$hKtPf2>(H$FJBv_ph8d<2@Wme3 zapf5(gybU(iLMq~6_TRyMY?zuL;lwNtej zJ%W|FqF536f!g$8q>C^l}Gc^*>p~3H%e)6AxmcJ>1)kW6d2W@iyXBH|2r8%U zMbDgYvsn`&D=1+vQN%0Koa`iSTYmzZ_>9|NpU~D%lTtQSwrP=rg{LFkxu@h%>A9fT zMIic#2bJ_p(@?YbMJ80mj>z%VIg}k~?!wboq(% zP&8!YgZA1&<}O>9vcDGYeP=NrI}6HFX`EN(;`e~ zECFY%Fe$2`b*g1w^S0S)p~c$d$T7(DtJQ7iofanG^ut|M8>TP;diP~-BY%{3f7;wW zoRFie7b{9Gy^9O#dk;2jFzCi%Z~2S_)ykqa91xy=@kAW^YA0{-e44ej$r7D+l zCWJ9!N@*mM79_PsvaM1|qVJmF2PfTbYkydr>hwwcxZ{osY5Kr(0S&n4_s&tP1n@vT z{6y1nbbPpdfE(qm?fhdg$(ud+i?%{qoLCZ7%gnyJ8n%SV$}f_`3qDZaJkoq$>eIuu zBC>){GA+F-8OCBW_B-eermSVXtL{AicWzjUdQs>p)QjqL2SXp7r0|(>WJm1!2)knU zXEhVzak5ONcXw~hG*Xuk0DSQR|HTXZ7ccOi)(d>p2~JKPJjJxmdqWr@m zyiJbr#<#OM!<*~!+;(+tz)W#@o*PD50!gEMoy~hN?pyYiS6u-HaE&2(H}N>#4aW!J&=;?S-SWn!^1^ZkE|j<35xlS=^Tg&PunV?!T9TP zjRY+<_Mp1X9^=1HJKWt-TlMNqHCN zxuqTd?jOEOCt(!X1i(KzLPC`S9*F*E5<)WW0YA+c`vB%>lQgnOebnm{(oD?S0GM96 zCb#?EzUqY?IEg)iz0vKYY^tynDX~~Zx+7VYh-@3hf9$_FK6r8b4|g$+TGsNFjK}-? zJFTqTO#B?Uwly+Ytid+%-!0X*UT#%v|74Cen^n72u?raCq_Za*TS}*86m;5woRQrr zeMVkqna1wM-uAPtBN$m21sG82pK$0yskW`IRQSW0s zZ2Rk3*-5Fn*y6Po^J%S@aWvR=;;WCtl5D&9-~oLo48WIbas$k;ZxuR zbRQ1W(EE9&d48jFr7y9Ubr80=j@3uaznjLizt z+Fq<_jA=%xFdZ(V>3P0%N_UGLt49+WCJin9Ls^`wSkPe1 zbaa1vm*70H%isJFb?MxH$6CD_jBmb68SQ4NC(kW#6_lRmH2%8#^*PClHMh@Q|B%=l ze^BF#H`(QjV)+8+QRE_C(C|{Bu@2c~6oiCJsG&*_yvi_uQTj#SuBKU+-fc&p-JTo`1wS>pf}( z7jU$$s*_jnAM3#Fr%n;L30GI^D{(*$eVkyO{t>dx(9m0d#2^-bJos+y(c_1;l~uJ- z$D*tCwH0miRaMsKr}+70{o&))Zy(q2?>F`52b9wckca~IDWu)v33|_ffr+a|XFsp1 zX}4!E%Wo2{Zd&Iww9wbM$jRL&;R6@ytSz`tLiVb{wf>2{u4HV`&y%oDL>ccgw{fmf z=R9YpJhYlm+~>6BUAO};$yrJclh|-Xbz#0f)g2d4a_Tast~&xmY-`B!?ex z7QI(DdS|f(3F2O|SfzWBw9QB@@<-a+Jb{P{aJY@}pyQ4F*3iEUBGj@>M=XfKmYx9H zgX9Bs4B5r;3eJiIg!emgyN0&<+T9b3Tre_nKypwL4qsOt1rsSxdYyhOGbF2D@iGP& zoE$OrSkBnJ)%IlAUAfb%vj`qlm01ve&drN(V@Wpdz4Z?C)WFTyZyf{n#8nQbWOBGS#)_Oq>>qpd|IH0lJC zH};;lj`m+1HchhqrMUswPnyUNoS>^8ta1@!ETU(ip+6cA`)cKhdjAUhw;<(DnqPlC zX9*pN;@fYjpf0#j$VJc=FICs?SAxn?fO!)dE z_#^(a`{u5K8KX4JWKvY_-{oQ_+xzrA2qA+$kep!D;^4sflD=t9Q#7-~F-0rW6(}X> z&;#|%J0AvZUp@7^U1+}Yk>-{obsY3>Rnvrjo8+Q5DJ%LI_Zt&$lRu-FEVCZL$oFd< z_Q1TtOc})4>k+HJoo62)fd3ONi~9a`6h`0tiFf<6_vce%jrshV_eUZ5F8Zw>V+Q>Z z4QOQRoCkobFH=XN+J(6qM?2)@Zl@lFlTP6?$((bJyz`x3O%s1t#j_bV_*u5W`$s`p zAH=`STv49y^=eur@Uuh#gfcRc*?`@~O4@z&w4ewh@{4x0Q&VL{+)g=I7^ zIxXrvr^Sgu=UfOI#~W(*#m@2e!OoW2+uu9-apQ1nb7lanG=DTbyWhKkZ4j?d(JEXn zl6Ap$KNubR!(MT@Gega|1OAN)m9>Ajha-BpyL!U(b_cydyub1@m*;ZV|7C$BvJZx^ z8E<%>6>)78|A+~fhSC7~MeAnux8!NZrdKX3>kXCWS3AWgh{IBKCi0yYqvc;Y7G!C; zb-KEI3FGz$$D>Mzk911^4=rI^BlcN_>a7Jl0r#x{e&0fa6K~FX=TV?dl9r2ybIYrz zcszmWM%HTF7vF~@bUa-u&vBZ|c9ZkpEdS0sk4+fMjDh?#qxiYVp#EDWG1lgKgl8c5 zeY{jzc!2j*wBh0)7hZ>5q2N_jtp^xVSx&Y-`~5hlSeW|v8DCM|(}MXg+2k}E|6Sr{ zyp9X-D)=meuQ)?@@*G6sLKVM?)K}5zX}_4hXDptU0%pn3qdHook{|ddR#_@otX+}A zrJ|KJWv)7L5@3-8edxPhBz5BIlRG0dRWnbDu$}ii8RQ5=x3)|{G@gdA(A%WK-oCks zRdtL5GTsU-Q|aE$wUhKVa`({3K>Aa#butX|ERNx7zoXKDk@rnP*c^8d5l8vXI5;A8akh@5pXO$2B>65F}#IDEFaEDOnZH)fTjN@czPbVB&F2P^mYJ@4)aeg?Mg_NtRbHD9L9I?^W5UqEEK7}O{i`P0u zh$72*R+(e#`k)`MThTh~=KzC{GyjL0bFwROXLh1;SM!?tzCiiY zj7y{2=*^=HcYC~wh&PG)L1k7BmwLGH^x8>(#p%=m#1+ed*K6U+2J=m4Tz+m^$VO!+gMr7H<-nDNDl|`70 zSnC$>l%I_^?ZDXOoz2$ai#_r(UcQfQP=EMmx@(x!%-L_YUVC&oGQA{KS_t5f6TsSZjs0K0+;8B&GcQ5ewm5&LUlXP{(R z!KJ+ZtqBr9ewQf@0CdZVipZWY(HJ9^jAQifpnW9~#)$=BU%~y*M75=w;;@Ks zGIeh`tRn|NkA0bPTm|frbRKuJ0fUFC%PUQq|4aW?+e4^UoUVu4u|q-aMQfuUaEJ#ZTrwLkTWQnB`ES2y!!?3&W3l# zBkR2XKj=U#t8aPgjB*%=V~860M?c7ueIyUHmM9LHK4I@3)z>WU4-WyF??VCHoLilO z3quZA5}9@ZG{^AgRi&`eZ0#OBZyjzOz1TTkJSpW40_3$Vj&t+TWnSCsx5%lV=Yobi6XncV&f)_c^Jsif1UJ+W_>30(_ zEM-o7UBy2~ZVdS}ta=n?LleoG_A+b0uDxOpHzy)4?UAgLV)9V|Qj_rA=t3OAkK+d= zf@s5#7akPQODhudz7CXmV=O?48$fR3?~spHSn;Mb3r#HIBD{HbgRy!GNXf8RIXVn1^vqJrx%#3CKllB3sU?+xA=lMsvEF-zq?$`-39J|B^#gA=D|J?Hg7_wgsV78|*PQ-!^qMa&OD_7DqlZ+@Xk>LzY+?NU(iJJ~|<;b&|Op1yM*VH0cy$&R4U{H)h9ck9OFJId zZPa!xkO&?ceth_^*4ED(JByGmB`a#}2b13)4z2jIp#(VQkC+7eAo-3Ir{PqH@w#s4 zv(TXiU!yfju1gHpAI5c;`b-+8f^#PqfLx}8OJ*CjH{7_G_(_t{b)Y6Wx($uGbST|v z7;Lnr&ElJ#Cgw8MGlzham`nCdP299=r$3zjbyb~e^ODmdEkpP@jZMfTSH+GWO}&D3 zc=Bpi_TGtrGgo2pkdTf*lRFHhNkbmr!*;4}X2kH!+EA^Qtn>VWu=s_cFK^ zA^woWOpJhG+QuXs)*1PD7D!0gvT6{5%mnWjK{Vk|-^Xb*MN!QWE*?#jULm3HP6K#M zbpvpJW@-TITBqv@PiZ8Emc}ZrhDn6*I1V+WVDJwHoNO?21KAvzFdAI9R;(bMNE#oi zcj#Yq{TpOuI$g9hi?S-nxeA;N-vkLxL@LyZO>W4-tZEJ7!U>OB48W=MmnE(-kMVMN;Pp1=AXQ4F?tNDp#>&0kfmW5VgT+Ar4 zWDY~9(l8=g9QqL+Lm(3m=?u*>hP;19`$W!df6xbH;Fx__f&KQaj!;$9EiG16Q1|hG z6avOaB!LH=E3bd)V<gTm*NUh~O}xRi*$e zAo58yKG#}7F|x#uajo_5-ld1+Qw5n@*Kq@q)fE&rKu5GYst!;v&BI|4^3bSP zu+<`hf$C#cUJ}VP(K;N z8j0f&<^xbnX95>%2RfQ4(ju`{vX*SXPDmyP$scKANg=>lKtaJ0e1gxB-f?jaSPx}# zO%my0dQCJn@vWThMHWn~SVuC-=9Bt9kmm?jJ|1=S_LUir)S{kqGr<)xnF4+i!(V51 z#fhLaOTDQ67G2p0M7JOdyc=-O9ViKxf>}s}4@Xt>oPZ$N0ECqA0BWb-)iOAAZg>kT zkmNo{ePK`I=Tya`D-?3U0s122AcG|)pJlkX!s7Zw0S$Rod0=}$CDeLUC=?`>+_klu z`+Lu}pD&(3bD+orRm=GYpSJoDM*g6s!bh9_MQ}MDvLic}(sk#Cjcj2b@zUe!T+vBBI@?DsWbJiqWDdA_n+1G&nAamw{V?-8J;i*bMP zB-L{m-xK&OD1bBIytKAZI>SMEmpncsPyg2%Cv5CTHbwq)nICc*(8gO96 zM&Lj+7T_dz_4LD8YAR@^F=uPBbncb#gM8#2B zh#ETUbrmKECL2Zc$cMt)mYyWlP%BT0li?F~PXecH8$&K5WDE(lSb57{{uWm%Pu`b} z=mq9y_h5Tx>kx;R>Sfl0I0Y!)U`K6Ob{)fhnR;D7*bXl z5Sl~mc7Yc%cdYevAAb&ZHjcLn)<(6H3#bdZ@$=TkvD(_jNPO#_FIR?$J-LC z$@z4!-ONgEw)V49ZH(L}_9`#x29_i30BRU!+%@B@mSs;Yrz;xhSeKao6odw=N z(v8LT-gEL?t$8Rh%8RlDho+>tyG-6X;{90$d~>&>WgD5m?aR(2V7lXUgpYK=Np8XW zYGeClH7zEfJ17$~QxdiRSaQ%xVbn0N6Kz$3hHDIYMH(v>vcM9-b9jbzhZo#v)lo-t z!@YU4n@-Kqx7*GV=0MZ#6}By{Y7|TM>mR2&H1#P3J23&$-RO}RoF$H6T`pMq27DV2 zT{t;;RQt~8Eb2y~6KRf!sGUq_U9USml^_KGvcl8)w*N-ZY7|{E9D;Ol!>vRrr`z_zePFk}V zV$vBC)`H6Gh!)iwgh{L)A~P5b!`18`6p+!0nVy)Dv>B%aBl+^>%&g>Hm`Mss_c^nZ zrvF(CB~qjp$J;wcnt3>4#&R0tnfy+I5hrLV=W}orG=;F)qQTXKAS9Vq{i0f=ZiWtdS7T^rGw{8aO{wCe@^u03gNrHT=_Vd|0Xt+LdIy79kG&}na~yp4LKOi} z^jU09H^?oHh&-?{69?GUx#EE^#3 z&Ilq2L<-a%4~I;CIJ5!X9(sd8_g3z^O(hYkN|6m69w1>rdR2r095S5}&V5pG9}h-M z#q{+7ozT!xa|g?N7^R{n4K<+SqZqOhguAn_a?Cx>E-j}&Pi9(I6B}eE)EjL_wBk%GO>UXGqgn=M>hH=BJ7(&7y z)nnzqSV}?g=Mx4b&aL*j-#LFe0s&G>Bqa&98b*agBSHRMAoGI5LbZI^}o2{oCM_YJRin0R9#ixWR z;u~CwzxbkmdF}Pl=W{=-`8OEzgrrd@g5z?CjF^k>_!MC!;$Y+g2Iv?a=7T=_p3oQ9 zas*6ST>#(d9CRmX9VTEK$3ECr`M_sxGhcUrrw^60HTMBVvRC7Q5on@DhD6?u5s@C_rqw^A!CUFy!(Te)|tvMo#IxJ06j zPBbLWJbJlTy>RH))#C1M9KgqRHDp2Z`t1NO)Mevzf)3(H<4mnaOnFVqsDPyaMzC(m z<3;rwuZzxo(Xfe}*3}RR)kxF1+c^UeSAKUu$8(?*s9MYF#AQHg4)C)2K_x>|WX1`a zcupu$Kg)@RJ04cbCQqsfra}wD&QrT7;(A&)b6{~FmZJrp8hchY_{ub3KX-3@G;d+1 zOyl8%mPZ@491#=8Ftp(Wa*Z1I5(kOWBNVq@^X1HlF)}8@3WQEsFf=x{^dfnou;r@O z7OL`LK=b*$0W2_h+chNrg~$kwkW=+KZ-5Sam%a{+$8~G{j|=Dy@UnQ&u;7p;ft)z7 z;SQRIto1n%_(#EmX?L+P9kg^Wh*vi!HrOwnF|11%r1KEwg-r*Tp5YyTWMI&>Oi?^R z#-iJ*mMOD)9h&s6zC)y;xwa{~7Mmwkh4ko&>4G$;rPUY`)|yR;<@Uz12;rkG?R68C z0x}eTZ3?%5O@TeIUNoPJr?s7;U?gj=03#Cbkj!l(o5mjI2MV2yqdvn09zz2>V|M(g zJq!lguk9@y)5Wf*9MP6wi)`qW*M_q-40q7x0nZnqWB5EXd$M2`f&Hyax$l}}qNvS+ zbG&|8cSDZx6l_fLNi+-x{!sd(&EcpiSvw-nI#R`6!%`PHsmq-FyBu!deqU{GeDkO( zx@9y-q+1G9Q;BLmufy|Ojn#s*;0|hC}*#`eM-hv*D0~qDgS9e|#fo!Qo3bAz^Oq=i%sz zyP?~^7+nqPVI^7n#LDj6d8(dzKc)KlI-lDfw|2g%)l+zHwa+s2NeqpM;8FeLWbNUr zSMRLn`qDeXqK^fOl5rcU7>e6UD5^uEqSt2~l9S=bnRNOR?RO1m0tOPBIR1AI8|ZcX ziax!p3ubyohtvFItl@EV?a+$Bs+B9ePn zV^|hdU_8c?WgC5I3m&BJ4)%&0G<8C%}}OKE@gGZGY)jX|jqk=>h*5 z>gxI+$RtbW)5sEJ>4)@Qwoe@vi|`9#NpdCNsBFg=TywG7?gr>DQX2A(W3$~fY`|hb z@m?fH4N=S|n25Vk%ao+JbTEinOhM%KVPI&az^n*Qo2W=)eRaIwq|?GhH@q&g4Pp;Y z#sN^o+9+(hr(i8kTozswH`nFYUoWFUH8i7djyjQ?b%>=7BFjw>Ip$$Mq_{4E8_`y# zzE-&bG@IwaCD*U#yIz>_uu+~U(#Uq%IA@&m8Du884r}IeS>t4Om5?nN%0)E>&e&{j zO&;2KqKbn;S29f*@(IUeVIqKm|5)Sa0kbd}If)U2iQVRJ&jLP42Yp%^-pDqks%M}3 zr+G`9W6GRT7E*9g!c^JpBx1C(x)xI-dZ{l}oZ-X zQ2;43@u=h43(ZO(OJe7y7$KoW8z?6j!m2>JPtWdwR}8R3Te#q_dof&AJZL zh_d~-FlmV_2(d=nn<$k*pEAX37jA|Yi6&#k5!Z4(CKE#++fG+)43RUeyTv*vj#zOP{wfy8w^o!z&l|P)Fd?|Gz>hQ z#Eny8!8p|0G{1W(x3UX&_X@NyA4U^500{z{WXUz{MnjJy@pxT^;U0>rO7h968oj5W6{o1?(z;2W(HPD$ z;^Acn3)W)Kc?K2qm<;xa39`C}7~CB@`y*mw^HmQ-&e{2aLyhD%M8#NR{JoQJOdZ-TluJ7^QeE|3@d`-M2llbR# zA`!7RdKdkoBR|OQ`qmR2hQ2B0L(gqN_1G^4Qu9RU3?TH@YL|y0WFl`6_r$WL}X0+~ug`P-9lb!0jk*^JC*z zvU7+LN9d94geAO-bk3+$9bho1K#o}#$9Ta+n8ag?w`4#XTJY>?@|_R_$9z+<_Pl6B z^LQ*3WBQaudk*uI=Svb>3X>kbE<06jYBeXvmPY6otI^|!H(qy)k|(4JMCH7G;>wNK zdvo?lHV%y}>J1HK2{flhW#|$`qz+FSQj%X?sk*fz@FEI>rw5szF55=)KlsF7k$El^<)AeJ?;lk_;K(RDKu44HQ z@`71PaQ>O}C0+!R*$5+FR^?L8gfhO}O1d!4BtL(YHef++9JW|in-f$T%?I#=mJxP3 z-R{Irvsm(3mchpzeO!#who1{*z-&)Qc%>eGqDdk1U)*kYZRa10NiOlhU$pz^#fc>= zFd=5|UJYBqS`nGjCn_sWT}AzH*M0}R!ITxP_tu@~|IQ7| zq>0+3u-54ghCcc#z5Ydad@b9r6GveXgY$Bm-(`V!2~MV8Lvtd2|*;^PPEpJC(=uGCY%4NT^_*S=EU z|7Upq@E_->n+3??2M(A-aUulGl2;`Zz_FOoFmk58y7-Ih_>n)vn^`IytDXX(ge;_t zG-CiuRJZe>lG(y^PtbwR3c8opY|^pww4M1?I2=dTRR~|8wA(GTOQH$_TQbAf?Q^JG zO>Iy5#wWd~+P9b2K_73n;K+4(jSqwChvZ$p?Zb3otGMCMU%sp+Tfb0kcQI=}#0TlX z9;;XG9{t?pgxsSPxf0QS9x%KKx$TRf3#_eA4m}t~AFU&BqWRVVPX?PiJ5fC^pjXbR zO_lGu=;sjFO~1PQN11zd?Bjus4Y0JbW*rqoNxhP_y@5ZWH|^LNP5$6#0)P&r*#N`^ zK_o(UFjA|@*+FhNzo7}lk_cb^0M)Hhn`<(;&t)$dj>Ti#7klCA6x_`m3|gyg*gi6| z!aU*~@s8*-uqHGQGzvB8fOqNFkmXgimqH$DxD9F);pIF| zEyWi*WWE>2@6of#-W{}m1>&iY$WwAvtHgVeh7m+hV!v}$bZd&b?22jk5qgrFU5xty zTuv%xST2h*l^Y?JN7|pyWTYUeOo7S|vjfQFQql`67ux5)=3@EFv=bpqIS{Y1R<8J2!Pq$7P`fX7j<*kXw$$GK-qDX6hg+L- zfG~SZp44%akcjE_HaZG^C%!Bj}X(_ z4m&6gG?<@#<`|1#)=5qQz?c`ojdlPDOQiURtpTYaHPD_L7trc&NeqAHT%x$}tT#N~ zu6Bw~7`bKCoydDygoE(uVtwhfQd(}Et}b7~DE^`2FeRzXJLQ!B-&xc4vGiHSvDAW_ z0Qpv6zHi~l+MB(~xlXk)Md@6QZ)TUG`t7g3)`m;-$x^4&&cp%l@~V9kSM_}8`+fCe z(CxCZul7v-Nt*IWdYmIczJQLON1e60V>FCarX1T2eSI}SKAJAPV2E-RR#o93g{UhT z!P;n(l??k2p3kb-ZC1_iUL+Wq*`q*bz(WS9GxRRQ{zdoJHIs%6Pmea$LpEkW6$N7I zwL=6<)$z8`U=7xOADFI=(@FHDfa)FOYiowC+x9YXTd%y}^>})(vmzsZ=vB#`EPbq& z55_m&Ww(3=g{-g7r@3XBqS?QGN9E(K`?I`Cvb!9pUK>`3kOFnrs)Ysk=bV!skRq6P zIugyftXvc|N8A)x@mMT7vng1%*-S{q zZRO<+20p7%k(0k`k32@gTp-fas)ITv2=FxtV2OCP{`S zj4GoTg~oaFt=JHw)`J9_v8|&VLsi>Xfsam-B6mb`y`)fF7?`xi*`i*^Q+%aVkfYs- z-JzU4p;>RJCnWRyoh-#QSTq$EOh6x!5G!03k0Y>3n0ZVmW`~CwBczW{V$=9x_Cb+QZrZ7T(AZ+1(MZ&w<$;L%Lb`O=J;PSC-zb4Yc!_M|+4f+Zywx0xCR^nDEcFS;Q9wh^=GuYOg zOltU~X3u5LoSi+xPxd6PV9o}(-b(Ih1%FRW+`@DYZebSoZPG@Xi?#a{XI3w+DZR)R z+!bbdBAMYV!~EP;#`)wPux~lb!-;Hw4{RhRkgX5SI(wP?$nCzLHs?~nkJj?oqs)i# zx(oNgF^3-`joE@ZK;3m=1L{mfa`e39G)CUs#Bz9o+uFQmzF zrLZsu^P9=x)-DdVo1X}ax)>=7o8Dbjz~l8rC_1o0INR)YH!B+5kgZbDX&M^iDbi1%;2LUi z1&(6;Po3W)9NAJ8qLwB;x5V$hC43BY3x@alDrjG^7EFY$eaQ20&+mmpf&&?&agXRJ zlHH+qiIE#5SS?1gMRS2rd2hm?Lu8UV4f_IPC=a1b*sCI(wa4G6pMs|~uNz#V^8l;y z=lXpWgparPOyYQ0L$)qStUppcgLO1irMHJ0dz<^awNmN5`bs@o`R*IF ztk%@&l3M#_ZS~P3^|e}k_-JkQ+i%zYwsL0KJ>Pq(Z8bT4r%NrJ};;Rqd(RC|vw%do>FP+eO+AJwBr-eA0 z_Q;NfL-ZC<6xC-Ub`$#4?6XnrV=mgYUY{C9i{}{*3$)M~h2rXQur?1gc~gI@v#7y4 z58seD2BET(Q1lThu90q4!sDSiK5&SSPA7#y5oi);R?*=QZ1|!2w!Vrv%qI7S-GD-+ zu(4~W!+TX=;YN=9?i;h|Xc@B?<)0-6wiPm)oWHDUf!^q4taHJZ?9MT% zMeAr~gV>he%@n?d)7e19wJx5?MxP&tf`XRY&4+bec(*tyU zM!M9)a6E7@ei}{17-|Wjo~o0R)!Jk9P>-(ssRAo4OR;9auE-q*deDUtZXAnAa4*KV2K|VUkz_@h)6Vh9viM z;B3zDsE?bFPW#qwJT0CU>CjJ-brh|i7U}yb$<@iqGS1zAkBOwJiv`XVcgSvXd&1wNz9?88o3ZF zf~4fQGIo!Dv&1DwaNp0fV~W(SKB5}( z?5xHoY~5Vk#=_is6177YQGFOgoaAhoI!tGgYrk6@^1FARmP1bW+spv+0Flg$>-CPe z1KM+u-WTvR6v74FRdcj>)ZFL*S&1`$*kxo4=QRGB|Qvr)gcE+x|@$x!yo#)^ne%;T~7g z``h1M->r(7Y;x_I-pt{)+&NNy1cSkakL=whHJN>XgbG`ZT`}y0ucuv~UF3e-VOK$QX zs9(b2Yi}5iF@h*M`WJfy=yh$i{#c<`+4dD6CV-xc-R^WEN`1ApmDX$B%XVAUy7(VF zt*;l$_TpITk3zaT`mKMH?WQKfL67Yo5e|OhMd&<$)8(ZEbkKf$b(}a1UbYM;uqd2t zy8dA^F{jn@!k;EQwb|Maz7{pZ{ktljq7`LeVbZHwk% z2up-$%9E~t%O+1I8^%YKyq)f_F?S2c5k?meaofS~Bl&&&MeX)8SGz5WACu2m@%Cfr zYRoLl{cyFq37T`Us*t7UMcb%yA6j*e8-iH@PJ-j`=<(J)w72e|#{u`KziahJ_0><} z>%wA^CyZ*ge$|wSn}E%cT95namB0Ij@vBIE6`h{;i%P`r zFoc{@6;De6%YUH>6aa^$PHB;^797{)TFfevmHE$`JzUB`AK438%GgAeKdIt9`hF)f zb4bt+o3!U{yEJu2x-g#t!k0VKFL$PLXKG#`H@vUk$0h1#dWV|yVY85FGh7v`UF^99Koi+S7jH^Xy?n{H}X?QH4Ia#{N~NzNjU2a3;abC-H+Y>~iaM*HJ9(Yzq4) z8Rm6?^}qzpQd@PcCZ)d!FJLS!E&iivtdYMkyD5f;f+iyie zN`pA`e;WtTyK?P$S?%o~!-IGdKtll(mf8T2TwH|1UVW~;`25S}o4)y;f7xvxf44pV zNE_`UxT_58FiZZGX8ITA;P)wn{KA~-?Lwt<_-dDqyZm)p95|O4D7uZ_JX#uGuhCH+ zULNlc{Qir*?UyFuML)Rt1?Kx(?CC0W^yFl9<<%?vK88=%_=z&N!-w^?H;?Npm~rh9 zIlZ2lS)o2wv18@JU7{z>8`H(Mlq_4Ol4UIpnJE0w5|5eCuj@Y8ppI!~I^~=S@=Qgj zo~Mj8*HeMiKcEe`zGm*Orl_B!&sJq0spF}wW68^KbJz=Co*%zKC(H|EwBfI-U*MRs zv4^xBeFX3kIl`bj*S_inmscZ5h=2#E8jtDMzIe$(Ac#Ww+)%?ck7%0EJR4_l0k40n z{SGkZrb|$?@c`0+K)mj?cN@{+$lQNvr|3Q3>qqK8czE*80e_=IUM*v!N)P~f^rEJ; z!yzi{c5mU(yN#~F%0MpAqZb{YP0UeW_ZD|Fxir5D$Cp>SQoJli!#a3meQeM89U~D( zz*otUy7Ij@x3w$iwoeU#BpE{2$@wg3Wwuc6QiS3)MCDvh>S-@ZAJ29FVRdrQ`s~Y@ z^17RSf-l_p^mS#c0rUw-bYW)U{zu25p9dD5S$cDv^xmR{4N2y;Tr5okSxnW8Q4+k) z43$d8=@lm-7PId5KMm#hjA(~t?vo@OD7p1}v){Aq+4n1ZVgG0p4r(u6V!8stv+_TG zGxg@?Ivl?Kw3n5irZP8R-bS;vd-S|@xOMbm=Xmj?lndn*H_rB-pPQEy6xv?Dbv_R0 z3od(XMj_GA=gp?rS3H0DGWl_5Q@-tNa={01KHd0vYvWjL?H(NOAFk_E)&>hAY#5wg zyg@YXasWZ(VnnQc5hDFXhN0)Rhat37{DQWD)L;4<7G?z+L-KpR6A9t}XaIX1z?SKu z=OtABQexXR?!!?wQn%q)z3zwC%D?fDRng$+B#a+D(pN*PgL>Wc^yptltsl2HH@Eg$ zJKIk;w+@aLp~vQPbAR_>duQvgb+Fyc{?KggXMcDGe_K2I&7WL|JKK9d!Plc7p*r^q zHf8f)dmFpkP05v2@W+kA&F22*7B&~DF6FUm-+Q+GT*_SpsC{p=S2VsVV)kaUQR)KH z^8i;io0vdnbSshG;ls{m^W{rg0{9$fpoHf(oaY3{c1&wNS&5JZQrmA@#6$>mCncF9 z29wG#3@-(2`{u@giBq$3X16LHEObZl7usD|)B^@~)PhE~{NXUf!GjIEv$6NQb+CU> zcvX48lY)^%O1K4pR zwFqf^1R$bEN0}a;17M`dR>{L`6=-we0bi=&ND%tK3$_l1Womm}6p0~n0KUIpdwH~7 zG2V`$)9%<+3#eP#_6MST8ulq%mANT8zg4|Q3i)W=np^yaHj(2Ie{X9!6v6@y8x8Ow zuhASu^HIevGwOxjBVe$h35zG$v;L}j(&=|`=^SqTe=oKVw>abGR&%Fyw6zJSJ^AV2 zaQ}G=^`cu(Hvot1Y#jXvxiVJBVx{o5Ane3Hj^6!ajrj@{b zb<(eX#gx^rzIvjfuh3+Qpq-Y!`l@(FR15t9e*nlNI3j`XRo1dM`zmAq=&hB3xle#@ zVLlkByj|vQxMwuMD8Nk0N^c!)U_M)mfD^ZdmdT0?7KNr0B&DzwyP4E-)||xkw~Kzu4V3e8bV93((Gb!F7P^I1@*f!}*@{HlE5r z0P;&_d@;;B3}%a?CAZ>uD}@4dQbOF7MyMQ0wXdkq z$h#CL?ohVxUt=Tx4*ysTAGZ%q>p@%V5tNbz=y8Bs;U$G5AS7u zuq5|hn~X2N{~m{PYyVjR`lY-l1&Wh*5r%3JpDOAtG^n9go~ZW)ofE+^V4#&V!ESdw z;O(A;At1TI_`Dmmk>`AtS<7G;yzxdpW{@Vmf09x4vv0qhscNmicn)ml2*(%trlYU* z*lYo&tnXW)A20pk(j(5)u^o(V|cT(nBgy`h;uY68z8JigDKv*-J>wZv<`#^8%MC`eWCVG--FmLPD;$k?Iy z3^0Su>^9`0sz9`~XnWKtqH4~A#lq65s$FzPA^ZY0lww75!FACOYw)#*r##AfeH9Ld z6Ef5HI6G{_8f%Eu2Ho*x(4SB=m6yQqxe~YdT}Td=n~mrM7kF?zKKxf}>*tM~MVJYx zr6P(WM@8zUmuutm{8@0;=8HskSt+< zzOgLXk9<6ok47H|8{a4m;0dW)&>w4DLpQRf-mRN~Zc%g_4MP}xm>nPcFB6a40Dfj? zAR$dNs>TgdO++^uG-yS$xEvwcz!9Cna8|O8QsvrCS(VGu8|p@F2Ob)wOs3Y6gu&$G zz&uRBJe(C~HxFhv1+zONOk0))(~&z$jhw0*cFlZH=E<8{w_S50%46<6iWgP9FIe9e z)+Fu-7C&f%vk>`|eEcUIB&e2bAUa*xo3rVG|gD%=5QoiInU*Ym9zLiUR!DxQE9xv4vGhD#z?U?4IjLjR$e*5EW2F zYMUV4DdbF)1Gafmwa1|tIdqh5JSNbQ`7ufE5=b91^A(I0p-^~GR45|e=d^%%s}oO_n0BX8j(rD%p{v|(^_a`LeD zov2R<#S3oK!}?=3AVBqe>>(Wfeb}=|-a4w@^+b~odC}(AU$c9rSXfE0u8)w9;(bcZQ;F^HD*6jBNqtQfT z2pimHL7uXZk8)CKo)`wi)8?A*#nF$8aTh8DhfG5m@+oa|DVSyssz_HlL4=*b3W()F zax|-k*-YwdZZ1^&Yq?r2nc(tNWePKEh83nc40UUq?Ef<-Z?=kDVRn_c%&a|NIHT6i z#G1YFDD0tgxvX3nQQF-My|6Rx`Z>cYA14ldw(8!vk4g^x!c@JoQZl)aR^N(OP{~Ru zOwt@HSt*6-x|oGoHR7E`*Qf0wo*wCzp1u6FhGRG?^!#`|7f?tx9sS50;>l+=-eetF)Qmz!7R3_67+b=kc@4d>#}AP? zBGLAEIAjdU$3hZWcmoUqj1S$eC1?~gBx8GoSKvsC$!Zy`XT#xeJdlg>$RBB0Ue7qD z$IGa&Uz3Jfejn|iA4bcj{opJ;*6+@S^4O5XYZvk5Mo#y`ibV78erQOHcRl=U`{!c&p&(AK4$Mnhm5% z3fiNcf9WohP9rI?d&5guaQ#tKmoa0lqeh7ohAj1=M(Meel(?5+wWYVPN@_*en#K2) z-qJIjMK3jhp21zqPBovK&DPV6qbXQgqmh+UOE%VAyiZM3Cbpzjbh1u{o_;zUOgqB!FD`hXtJErxn$YIXeA>_ zm6DXil5-D_{*UD7ZydE_xNOFcI*_&{@!@fDx-M4Z0IbED%heJ-!+dC(snt{1p9R{S zLxw8+qO1nJOvnt2c+f*z_47Jl9U~~z<)SykN7bci#k2u^&+nb1^w0tTWs|dnz>=_n zKEd(~D6*eH@7&txEj^w_D4g6;&S=fCof0ctw$lT(YjCk2P!XpByl`~7h}inpkLrbK zD;Ula?%3dgVN!=E*Q?4T&0fM^|JO8o|7TTqGjwie)#lAna<$p73Hq(^`8XjyXwEJ@ zxU=x!^OhVmrw9&Uo?Wp)Gc7e}<_Ha%Ut|VfWCmYk2A@i1(9RYal-|O_MY|P2>dmNj z@qShjLi;n2AT6hS<1{`2E$FyMD|aq~~_ zjc44W8a_d|ZSpNuidTW#?q$eIkFkYiswqL2_LC$C;1XZxlC&3K~T zm$4=H#nY!b`g!^JTy8#(m!FrDPw??MEPIN%#|I=|#L2@Vt`#ra{{dEBmxClR;F>&WeuDWDQd%4JZx*jJPC5dKDvT_eP(&y=OMT$ zq^b9PQSN)B+PM^a%2~@uOIG7LE zgekI|Aj&x;*&(qp?MTqr{f|##pNF40UEQBXR`=(ns?g<3ntB<|NKsP&J~chnR<}sH zIP@3OIW*3`9|Ak6f-iLQ4s>(BiFC7l8QPR{|5Fjp@C)7iLO1{S=;nSV**yGsx8wNz zm!RK4^F8$NN+jm9rk{t+DfIKOIWPS@Y-ZEXVS7gUnF8>M>1R3esKo9TFhFnVXZv_- zR~7#XogNgcYIS9$sz{!=wJG%O!w70=LUX=Q(^;u0lhQ+=q=2D2u>WFOIwuXyC6@Nh ze(c81h+NyP&eG|lpz#owm{jHWId<`k@ zNsO*j8pYbBs_n1o3mX7?^y2B!@uJR9c?JJFd4;HqnVx+#gNGHkUf6ii+Su9NIHF!B z`sYaJ$Q_HpM2#?!{?O|xj;d=F!@1oH`!yI; zA3aaj{03YxDVSZ%9W|@mjQIZ3e{R0mz2`-Nk$=a% zdt4XN%JhDd4^>@dRb6=9$gfySK(f#(kmrVOpgT3DmUt%Rj+ONX6_%m7iHB8}(VN{g zd2?q6TbRKc$1JhrF^sEWGctxi@}`GCKEOe$+eJ1tV+bS*4S_s2BzIy6Of515@Gf@I zz+=k3aQd$cr22ofwVCKUGI>{i`?aXSUW~il+nRQZiaP-KFsY&{rv*3$wlTC|fg&bc z!0L-#xMGTSB?w1=gQ0%`+&hZgh<&_(YT$I3IhN?3l*f@U2R1bxEO?`Vg5L%}D!hb0 zjiRP<6!20LA!Bw zQen^yA{Hs^!9lX?lMbHcT-Sh$olp+7Uoilr3v**piAVfjqW+5S;hA&dzXu;SVAi5_ zCW6+itBb*#DblNA!b(H5u>l2J=-$q9M-7kxFmOI$H~=6+Lhlw}j>%-bG z;SwI|^{Y5ngpxlPO29pCf|>@d z;HXh`*moxV(4W+hF_@lr(^!$`HlWTCyusPC(^1RgXt;bcxO}vH9`u)K@*~-BquT-c zu?Cbw*cP>1B`zqUY~q>dd}>O%c-?qliswYm{>eV4+8|?2ll>QTgJTU7#|nsjFrk-C z69&}ww@J!#ZkNR^54nGC?Wy9*>e|CckH7i$Z{KlJv#5S>%iCm4lOIz11GIzsStDE& zJX}JOXqh{}ij zNA`#~&v92rJ@%&6vqIiMT4F2#+8`Sku;rwAhJ*XV56R@X$?W@O*()tCmth>Nj8)zyZkRzn`f+P#r}b=WSyA07j8+nM0%vx1YOw7#`41Pu`9B;!9iJj_w-EdD(2#(8!-lh z3ZIUS25oM9&Ak{X>mg$yhFD!A<62s&caH#8ePLez9DcmBYCv;7gx+ZOH}*o1!-v;j zmctr6+^VZ9mI;NEvx!2~*TxRjWBUJ<6x^FUG5X}uyy~TUyXA+rf_Kn|r?lq*{uSU} z@C%)D{|x&{rVZ7<3qwZ0bbXL918Zv6w`)Ok>aqWaW&jN50uykKjBv~emLJK805(Rz z(wf`O_*g?&Q`z48^02%&|NM=|ImsUqT4*s3KIYwnaeiBky(J&#mm%cGgr@v`gHI;?@-c2HFN(s{5(@KesKS!w#OQ- zYJTf?VkBzCTrs4OxXk_Bcyh$>`fR?xReew$YXhEQDb0HRoKT_u462=5Pgm!Z?=9rX zLe^3Xo;hTy&3tY>7bGdpfhuj#a}jD~q2gOr;qCbs_t7QtIAB`zAz%4p+Qm^trgu?^ zzb(C&i6TikQL+9+fViB`dqD9x;>J7g!(R7OKOl9YK1H z^{AGJT+0!)9sf!t>6K}aY9ie|vw!S_@OvlKH+QgiKCe|38<6|(h2CE$ka)$?+ob)) zyqz0~(4qU~6!@a=;fXyKZ|~;3HCF9P@Ac(&ex2Rw$L?vbH5T9Zh4GRM+JC1TZ6Iphx7-p4F8Kx>^rL6!8rNvb+p;L3?#e$xVj@8J<7IRxhY2*t`f}c zu&HQubrnxVf9|M?*C!f&@8IZ?io3RVRSv8-zMKPkp_QvwK!5CRoaB_dip|T0i`1t{ z*b0#M;cG5&{A+uS&&XV`ZtgB$gU|)2my4^vA2Hx(&=<(6i^fx#GywxeA2 zDx`fD?E0b*$E?`*Ev(eEqQe+Im@Yb8!}AFBsV-=c)m@4>w0K@2jxR_vfv9H!X+6#& zbwJPkIB1K@*1Y;EKLN@nQc={Z4$t4(0?klPfM1PH-kmi|hv(s~=;J*f*kt#Lh{RKq z5_RXh`8k$wd1X0N_ke;wJ~rI}QyAu1w$13$mDQ>iuu%L*tFI{w z=Y`b=A685i$8W^lxHK3|(yu~eHK3R>NhcOpYVhbF+xrJs*vy5()fMW)%`AEDcf?&~ zp|UOV`)HLJ5+A_#+jT`-g|`Avha4l>XkSEcX*ptd%etDLDuhxtEKyZe4NCi2D&!Ei zhuZ3$6n(TgUHU6DrwzIzb=sQLofE=Lb{n%LGT3>6W~`?ai(v4cAEU4LmOW3Y)rk`Z zjG#O-_$yTGw|{E?py!$>DeJG_n7hkn0et?IppVTW{WP>QyEv7A!ZC>+oq3+G->QMf z0CfX!<`<2{+JZZs+|RRHk;5jiO;;U_Mn#+IYwM1m7yLQV{fKb7REA|hxFy7L4xA_A zxn-n%#m$>DtacnqJrl+j9%6zX7}AWUs%|>HK1wbgMx$O&uZ==$2FEYOkkuwMLLB{I za9cl4r%KA#5{`igK5}PuI2E}jeGPFD|1>>43vg0dg=2sgAY?*ihbW}i1!(A4qW+3d zkOnKUbQ@>GpKRpI+BIGM-0;+*gGy9r^h3^7r+PDPT**k*VQr`O-M3f>PAB2bg%s;~$ ziT;&D96hz6C@b8)5e0Ra;FN(I0i1tuiY5VS0|XTH52pu;!mVhC6W9cC`F9oqjPL0| zga^yv&+FDzAp>rY`-oq&#I;oe8u$-DX$1)R1tmqA|4)(Xfze}@6?`(gx->Rx$^hdz z7|1F1*{_l*1aZSE1_V0E3lfs6Gl!`xJ+C%z1Ot_ooYgmR6IVl^Fw4Hc@EH}HQLeW* zL><$IABFHiNCgesGi!EOG)^C%fTm~l7GFJyzor}EHZw>X#)Qb2iPVB=8qA&U-mUByKg-l1V+}j=@e#_zPbR-p zIxfs}QKtx*5tTIu$V5bv`s= zps5rif{LCViMPGCB%1yZvvQ9)sBe1=i`ak;v4xAYkl&<98bx* zBSw?o_6i4J!%bqvA$;$B^yT8m9Ov`#^A!Jr{}WiFFwwd;1d3Ve2dmaG(?dv~s^ea; z@bOu{@NHq_p*jP_$8IajL7IW5X)`C@iD!k8sG~mty4FWs@~`aTPE_YWl9niLixWAF zo|Tb@%|V#gmq}Pdqn?DP2zT7@@b9ar7Z=-hY@tULkvLXuzo;=a)?jW>Lw$;uBE#iM z5dn@{MiUu&SrI71vxK^rMgS8E-(xYZ5f`sOie8T#&Nd$?r;BG<={RT_e`g9k%Shej zqEb}G9eYDt<||F35cCB)`{pYNct*yZtEOU_OgTADHk!OGA`L*!RIV(45N*z*@UgMc z*N}PlEdns8^t^i^T{g@kKm!Xc|$BCTq%W^=&0wro@AXXW#gVAvwjH@Ck;#&++Me zCPHPb&;g9MWfZ8yXUfbXhQ$C26f(UmHu~Un5DQl*qn4L!%BW|POnC#-GUByrNEETW z@;~%sN*J9YdfbXm%DGJlf7l^8hOHuj~X6Ta2W~s z>CBYf8t=;oD-H28%3ucZ#}j9sD$hZ`{SH!mPsn z46L*!=zax%#}rZ!z*AC2fKpf(hgn7R+wl;Y{7s<>5EnRH?FuEhmm$=p?T+mHsRjh~ zhI;v0;G&m3TS=k{HuJ%a6X~|EMp;k-%5QdcU#OzA^r<`I@! zJ~{;xOU<^pub$_2+&o5(h!Zm3Pgw)SsV{DW9Z4j ztV&9rZgS8+4aRE`))rqrV!UER%V-o5pDgagUA7?rNQjhfy>Sg*bQd52j0G<7fu?2w zZ;Hln$XQ;GkYkXjt;uD(hyiH09~F;ZqVJ6BET(3xtD#buzXG{BEBAs{s}k}Q2M>L_ z`hJYqrQ&i*$P=m$*5@gQ=2csuCbybro*Q_ars-tXDIRvCG52%t!x<}c zIK^7)NtvM+c+9uPudoc2-z<0+lLi@_o<~aRI@A6dRv$fCK;}A+^1L`462qpH0ybM! zhmn5_P#F6lU<6x;WByp5a7Z!tb^}?Ht<6Ui>x6L_ncsYk#tdq*yi3*iE~^9}K>cM~ z>T8JJ!08ugbG67&;uRROQZ6L=oZsN#e}{&>eLL4?m{{pmW+8U^Ep*>jb~! z7hIavi`)b=vWJ^flP_D1*B-KjnE*0({%9gp=vQ)+4P0b^!KM>1;ZRWG+(Qu<<_ z#a8G3w%d2sn9+4_>JXnwXYwiYDdgj43w}tVMh{N=F)hFWt_<4k@j$|gXU6kpS}ARc zYroRiEJMJ)7dS4?wJ;%{&yRGFC||{AI1&(Rs4<5~D$IEK%hws~$x-xbJkN4B?=Y#S)pM;8c?fl=(hqbOTQO|~4V?{oO!&c^cV z^TufUhwpC(51u!)=l0eQJU-w1@#Oap$@7mdqFa{v_KQ~(TdrZ3SdY&58758>m=FFJ zVa!8&~i`s ztv`J4iri>%ZAiXfm70&9Mo*HYD`?5LqaenJAt?}im=x+8Ln%|>mLc0lhOV$<>I zhv$m%Gz|)P#8>E4H2ACACf%XyybIp!k`(_=qnmYm&TZ(Fxw4Gk!lNs=tw&SM%PpBb zeO2I97cmntC;8j>M-hiCyj;+5-3rG{8FPDdXnX;;L2&ni?)GmKpAGMG69>*WQ|iE#6JMi$>at zm8a~`>MSG>V$l@iWE41}NIqby0jDhjzW_@J2Jq#R`qRnuJPjb=vh%QOCu*th{BW0uKW{xrj{EO?R4J3&(3d?Q;kP1L!G?gF-=paNQ_gwOH z=i}l+FYBGrDDz+L*l3FO*3ufmJYU8BWh+%g?C^@YqB4O;fT#D6-<14{vlQV&E%GSr zcD$l%_R77*fb|4bv!Huh-01}(jT7?rm)p#&?tVyGuOHAK+$QjdDy;W2YnkP~vh|h~ zZ9QPZy|^NLA;ALq)WLs1pk9BXg@sHGE4)b%jTj!V58prK{2Z$21Ko@K z&f|WxHhUDRqluqCpC?CVFAb_UOP%yB_bcZr9yg`3-S{TfQ=|<-2Dn37xI{UGzEW`Csrsojgw$($%r2}pvcLWUqg-NF)VWqF?tt9i~ zgbcbo=9zem=jN2<$8PPtdYn#@Ky{84VAH3GJ`L)vKqU8P=%Q9V24uO8hLWv2p@@fj z$aF3hHctQxt?0TxYdl`0x^xYD_+{2T*YyDf04N`yS)w#F7*0XvGB9Gz%S90 zTfBlF3}>+vA)R}Ad1OYeuzbzRhhG1&7ae=HwF*8#NRXPH(>S>)Rgb(Wo_UTboFtA| zlO?g%=}`FVJ5wLy+4H$Q^A>+Jl4-Av4xsrS5}e+dr)$+eIWk|S(}1Jwd=-6@py9^;+m_ML_DzhRMO@-# z5?S&5b$G?|dKuq>ydSRve_#f=R}OHx#v6{$^h_W>w7G{r#3`HaiOE9$4KyVRW>D_n zTcl=Qq$8x4>93OqT14Y`8y0W>N*%S3y16!Rcd)Z-;XCGU;oy{zKn)yqwj`jIm;j1el6A18$7&`$MY1sNsp-Lwx*S_(yr6ri3my=VLe|B` zPUdnz*PcJbmvHiyVcD}bFu{iXDgf9FI(yZGk?eKi4umxWVwGvtMJu`$n%W9T*K=h$ zLq2<}CuX>*$;XK-AR?gDjQAwBDz=La4X?bK;qw?6YlAzrJt>#1 z|7M=Im$$!za73|FRydN8Ks#faJ*$kS%LCm;aH-UojqJN|0D{gR7*0Fx9}Kidssn(vIc+w&;Shp80E@feT)b7l$e#G z2-4o%RJ~PglE`bA?)5QW4ALB$1J7B&ZPy#DQzjP2_`_{DVPW6U~R zDWn#xy3!y)n-___!684Zc8~zUPUx~+%uCh)Q)_?>1Y^YD?)Jz+@F-0g&Fk3MTk01r z-(H?0m_9Q#X)J|M#&vU*OD-0sW0@!h{nZi$qH7L`#QW|gu&faStFci)f=)ODCCwg- z5;p`2B6SnX{g;)$QuPxW#k<1t8^_0_aayDYGB)|A)We~A)>O!g4~>z&{uj!&X@kD> z?e{Z#z+yLZM-knO{+De_m@!%7#J0KUhfot=DagwKIe{1y>W?}8Gp9PmV^bQCK>)>s z<7Q0Z;r9Mos*BCJXeduxMVZtKwY9!be>M`}{dNFwjHUcilIHU8^DuLs3Y^hGOe2VDM@P-yG|Q$uu%*p0D=v=##y~ z#0BV-yZ93x)ufyJ@|+5%zI$l%ft^NLZQ;OrdGPU!tCO$UPu-LC zPhIdZoU~l~ylxnrf`SS{6^^A3)(?9B36PW%}nax9rYtk0Yx4OmDvDhM&q`j0VgM=6w{+brYE>5>-=oXN- z$O0PRmc?NkZ4!>Oy%I_sKc;_Li*x_+P2D%!Kih)mjW>j4j~Gd9UT$0MnrH4>?+6ePfU<)v!bh5`Nx@=Avwv)6^c4#Qhj}O}TgEIjK>zKoXEa;&`cSR+xsJxL@ zgk^npe4aNobjiTK?)n-vYbO$e z!h%&lg~4QZJY-OqZEr>>!wo@0XSx0xg#g4Vhxu%MAnI)&LvYd+84goH1XaNFj_Qlu3y$&iM{jnYK$Jys zv=CgB!S$?VyiZ*Dd(dAh-4HF(5^~r1ikOf$Jfr|*grrLi-xi>F%bjlj;*F6yY2Y5s zII;aI3;-UAk$c5emadqrj<>^X^P6j#TLyM_uVp4F^#t-8NPa5k_ojD0*dUwEQ70O0 zpziS%S8Ub3VqeZl`|xSc0#|i)p;fCJR?;>5M4#78jjxM)s>LoPUF>kzYY|aMgcA7v zSCItRBHhl6Q>(CBkvEGSI(zZtacoTt52UTiaY;F`@!(KZm%^Bf2^*KSvzl!)Y?_d>~dS??0|AOkQkzdjx$pQFsu zzkS1EqIy>_Vb7L^ql89TSlA@ixy^7eAnJa`#spSwP7@JdM7b0&c)*(Sx8Cxl#>F7Q zsDNN42v)}5VpRHYu03qv=Ek3{C+ml$EQi$7w!8?lb*%uZ>MTrH!iqczrr#BP4|1)q zO1p6MX%~aoA@70V1SyITf+LQAE}F9p7JsTB>w~}HfsunF>#cJCIoM+k9o&ni+?=5r z&3TYu)u_g>mS~2+5?OUZp0YM75@BqqFs|FsO%iC!nu=m}e!TICS`B z`3SbpqSuyWM>_mhuo;Py-ghg68eQOKnj~rYHcii?DE3eJKid)3#_u#6R-LALel&{R znY`jt!X1Z>Q^Jk-luZ;CZ`z*2WN9#2^`ah-OR;XaVF`n`qX-IP3lod6%|8C+mOK{3 zF!03y(Z+i}Qmq*j+_UxUtVb1;;?&5P2|r`2Q}9ZkhiRL@V+7i3`?slz^;?L!$s-(> zfB;h#$evG4l?!@@X%_FPlyx2I0=~k*1UhA;=-2x*!>L6TB(GB`y1;fOaJ%tlPA}4_ zCapW`&%=8hn*Dp+G?7E$Fp;`5G@{Tu01Bmt32YCWq()qiFX<%rg7@*dCDI#C#lp+% zR)6aDE~xK^j*W}Zz@3nJ^Uve=h)e>nr?E z-%#;UdY|v3quy_u2B^gZWyx`WVh!$o6NZ3yHPsb7K9A4oR^Jaf;Jc152l>EN2LXFR zB!dmN4bteaEAI14>T~C1R_;odg{g_sV^j5=w*;@vw-!_HNV~L1_9!AIe}d^F*i7KE zD*0Ua#RWRs5ZoO#Etlqv?WY=jO?0(h&o)i1uWP#<6?LU+w~6=&TYulSa_VN?N)-3u z<@bWF+4+l9d8yjA#!2@q+R7Uv#@g_y(hi1;;S z00-n`>E)zUE&D~TtHBr{t)Pkfv-Pv{vkaAD*b>+EP_#R7fu*RQ3vK>cp^pl5*Tog~ z434qU0@ZroOnJV|#u(+zC1_Rf5AhB9WbJ9d;lGB+II4C1oSQwno$yH2a!E#ogSGc_ z=-IPyqlBIZ$SAeYu;-iqG-Av6bSg-ig@+&H$cJLLNkI)kz=oBuWXq!lA_)Jog9ax_ z)r1KiAB+PiO3aZ(S81^FmebFX&$)C2I48W<9HbVln;_32iZfU0YBM>(SxT{!F#iXRGdnL4=^T_ zp^w2=oZa%GMnsJVtLva@q@dK21jrb27?c1RtR5LJiQ3gt_ytQ{5b;p=MF{Zvt2PRr z!&URX@uEcrGTXE|6Q5f+WB<8GJRqVLe>;9|(%~~26_>s$jsR2ErQrYDa4VooSwss% zcfS1hgyU8Qu8xP&`9v*u}Xq#F~b&=TF)K#OV|UbpyMoM&?s%mp_)s(^mla24TputDcfTC_2q zgdw3sma(!gBdK~(&X0coBwJu$)mBf1sB581YQsG<<$0^$rDA)7xiIjFglmX(Xy7qo z;ROP&T)(sEMS?|h!SjdZ%Wuo*rHpd6!`2^4$d9p93X%~@_r?<5`)ZZNWBy!xoU)sF z-CaZ**S_R=8~Bumi_`EvYUp+0v&$!h_`W%$9&`N-Z(Crxu`)}&OUqf$Q>!Lkh30;P zbm*h#KaOxPwQuNF=k_KT3lz*@K)Kh&?sUgFVYd7R52-;g)I_G*Td}tm6I60lQf3bD zp2*9DHA1>&&Hj^lTx1M1rdCO^s>B1#;P&1A=aaXXAt{x^?C2qbkw*E;zY$v^X11;7 zL*r_ zv%lIgDHBAZpU)q?HDxyk<)uS*yELMvR6=)gS$W*rD6)I>$^(4hgvT3m60~?sC)HVZ=VVBPB+|dM~MMoI{Ej0;5`r&BP(j#|E1S510En)au7_}WEaim#Jvp4DW zLE>*e`3pvy8^4@?^9!+l>IFfS!!e=;Qi=<-Sh)|p)7OpJ(I;_cZU?2be}~ZWg(LNy zCl4@1xVDYE3BG^JAMX*-x;;U4*m7gp;YttVxL?H5d9;VlE*TkB6i6F*z5QFOKSBjW zZ`>8}20a|wnE8_&0Y|+z;eD__SP-KPS**#OmNv|_pQi?)0XAi^j`RQz!l0(z2?&7& zwI2|xNgOy(&OqlVa?tQ33f}p!TmtHRo`6XVBwU{kMrIjIf4GQJ^?w_e$HNp(x}#I( zo%BWC?#evlsX~MroGG>M&VGzxaw{xdJ`c`Fdzz~UyYZ%x*#hP z&!@qNpG=$5Q@~qag}#Ef3S6>E2+x<#{+PO1x&7Sgg|B<~(Bo`#HLuC`uT5aHSqeE; zm5Xdk{7OigP07#U%Vy;q$Wo+Ml>iqzLUpZfgfQ6xs^=+?(J2&}Nasi2W$Fy1SagT)_c2JDSw=)OOy&+AoZ8>_B%7B zAPaV~E>+OBut;K(!saD78Bq7qPAe>TzxI)8Co}Yii(@%DI_UI_u$bJaFKw=zTRdtomil&B5wHGmNc22BW|J#K0w(P*8|G8QtW0u^sc+#mpb*CYa8Hd z%7_Pkc9zdWm@l9=&L#S@Yb#r8EOe&$&$>6@1t3Oj_mx>4EJc~qp1lz~0D?GkfcJ04 zLmJ{JV2F$E^0GMwAmXsUsC2^<^sBQ`!#yNR&>-^rUoP=!BZoHWVMsq0*LU7p6M}Bm zi1OOzCYL~M{$oACnrb|-CT^tv1Wy_Wn-Y)kCV5y}4K z?BYKM{5TZey_*p_d;3SQD6)t#t!(>00{9(c6liQdZ{>NY=&rs2In8iTTucZFqk+r6 zq9%FOTR`2YA}$CqP($XnH@q9Avco8uc$hWTO#@<1X1(q8$_R9djh4a3y*Z5!FnBt< zZ8F`NzbdH?#2E@#^?#SD{c8YEwxNi>9>Ky4ITr1%`qlBE$A*mf-jlT-qyFCJ6F7Vj z{f*=K3`jpMuY)8>mn1mILJwu|WNB9-Pq$$*_c4a}lu7e17X54_M`Bc0n2mv=pam|H zD+S8U0W!XT1|E0{oB{oI-UfMfVm)`cV?WgkO2TQmBOi*pYZ7}a{2Md~>*(K8-q%%+ z{`vaEHn0HR|0tI8jT^Ejkr6b?GVv<~{+W#LKm;l-QH!77AP{-o^V%hB#?AS$8s+g0 z5XZqu0*^6H9PSiANm6BZN}(CUNy4X}ObN<+TBqdRPT;S)s^J`o0liAh#W_$0Sh)P# z{_aF9ckvgHx*le{yH)P`_2gjkHCP9-#m+%SJC5ZTl$^=fzkmp4mymc)l@O81e~13# z0F6e5w65Mt#1i|mO=J+>UF&V{HDG3B&;_K zk&F0k~h`xGG^Gw8rDZ_i-sS>{Y05xkr! zUvM_LoqP8tvJF9wm>}<#*2?C{?5${uZP8nqd)W2aU)4AzT2<2A$a$}rN$@osr3mi{ z!&;=N)WI|p2U|Gbllv?*c1=@s8O^@EMijE;Nip2@hYb#G;B4PO#F@1`gYBUdT@X9x z%MeKj`j4{7VNa%HtTzBZZ@uBA`a@Jye?=N$!PVOgP~{@Xs$3XQ?%y@n>YX}=VDUfcv6YO=rQHl8PKbFK0p5VJkR?{jBZd zC99Yk4a%euM;$o!kXhdSh{- z;scF5c3LI4<&HR&CSDl2k3$}IRYT(P&Oc^Wjo~A`O$SXVE7;1z>{U+NL#>-gozv<#vxKZe2(t5C>@n&h{19|j^&eT4c#oys133Aj~DR36q-Ns^hj)Hfba zaQCG6(}_NDI}yywN)a6t1X$8&JRidzG5FKU!a!dV?FpE|3#w4ea_QORUj)73&%<8v zwj?E|n#i+vg@2i*BLGdBq9GijZDH!ww<{mSt{196E;xNy4|3R*gE_>rog^6ZY5yp`bNV=oOP?I( z|9i9;583Zpqwiqn((9l`duJJL*x6D$nV#||QJ=jt>QL**X*0{9qbJ=+kdh=*hZZbt z*T`c37{(*k(Hh~9Jk+Et+mR`a%ML`sV%#A?c#yS`Or2lVc*KSCj;bY|YBo4i_zAm- zTN4{>mqfGESCv)jXxRX5{D&Hb+e~&2;f_xv~A#^N^YQ*aBdA=mxrYm zw&bvu<*3Z|D%OfgkkILTf)?fUYDa6<#+W#YHD6Gj5p0wZo=U*2@j_KyIonAf2_81 z;gapnwNaC_a}14whEyv@s{XW0QpVU(FPr^?6p-@UIOp-YMJp{QRC+gz(f4zbA9bz# z18MITGI%y=EI+OtFH|pt{e!{(A5(w<{}}zZcDi6puoVhWU})NQs5Dr>6Au5x!je5D za2n)_nQ#J9nacF&Q&f2%3|U}?-n68En=yqNkA$<5N=Mm-sm zPdxq%@~_?Jjf${N+wi|BNV1Y-B->kRl|NaAzAe9A$Sa{5tZ^VRKunqF_3QA7J`%2( zk>`AkB9`M|7r%bD?DUDjo&#N~H8Vglk?X}GZ%a&y-KuD;A&my`i;-p7c$susM931l z#JBU`%S{d6cz->=+~*WZMz0CNg>pW~SZIICyLlO-bTzly%u2+W6|=AaG(el?Vfq&a z$Xl$U#jRrh+71Kcx;krTGSB=dGZuVkm!c<+OGuFS^I0seEB|L9Okx8p{pgT*G5TWc zjQA9}2D9xVvPRP1y_`&A>Mg`QVl+ymL6Q9r$$H-oqoNb{eqm{U#{(??&pZCXcK|E# zZQXx^IuYL8kZhCT#9E>QM|QSjsE1DYs3RXR1th)w=L)9Fr%OD0!nxQedUG0^D2I${ zE*%QCzniE@Nc<03|M5big`Ss{IqQ5oVLnr$asp&Yx+j$g&aYOXFd^G z-Vs>YI_mvM`AD@+y=K0c%GKpOeB!4TyDl*;)-;qUZP{d`j2-kESAr|e6V&mq=g7zy zpB(nbJ7X9b1L&3nT>XBF)iW+z7t9QF}niq_@%BfONIUah_ggc(bdyu(5p8ZI2Tj$ z<@a~`pHobeYHBHIzTZRXvq9jcjZAHPG@-Ei?)H1tVdP{GZd(Aw2ZUG;HKXwZlDjsl$iQ57IN43U1P$%rAzPV>ZJ?2hqL#AD-74 znn>&mqC1THe;4rIR?<`8oJ1_@@rYB${<>^mrn>W;{)epJX9_ZJ^hM(Kh)1$?I2!5i zGv&InTZv-$+nRSY_INx>L)*z?Q(ZV)isb)?!iODo$0US(LKE4S;eXdi@}Kgp-ZFdK zfjLEHFr&)w|9%%PXmw>Ci4j@SK9lDD>)^KOjR@m(bXcQ|r5m8o{G<-8LS4#b85Nn--QE1OA z9gUIO0BTIf#X8jP03Wuvi&L{096E3YgX5 zkS;Me;1`vfByr!@hpX=6l(D$`d0~)dEuY8F&K$$%o_AL6FymdUDaj{MuIvfH^WGw0 zgTnd}sv;v)BtBqWgjm--LB+tZLhoqa|I(HeYg9_gUUY1U3ep?jb1&K&GFk`V!*!hU zv!UFqaU}ukzUIOYuK4T>Eo!Qnkq$YT05GFjZBtLNHyASI@z$KW6g=7V$3-6~oPuUX zx$&&BS+lB2Wo)ubQ4W5HjWhP;!Yo7GU;sA+a-(G-#Hl{n?*2`i4=U}>ar3;k%FRqa zS`%(jxdJiAC{Ku@8hd##r@6P95!M#6)jn#RqSmU@5GdC(aH%oxwd@OYxr7YU7I&5WWkE-QVNNaW+ zK6~U83&(sL#Ov^&MvGeUwgC2gqhE7DZ?y8e@q7Q2FeFFPE5xNJwWLpw4m8_m!c3WW zUws~rrvZy-*W~Eq}RBwF)q3(-`oY%=yr*c zz*x?n)=^`|lU^w@{GD2Y>FIkwb?`*jd5z*62rv87Ifd$P5}#-n3FQ$6?(R1|5kOwv z-LVD@4FXysm!TJj@y^M$y)h^xwL@k^FlZlNGP3|>@9qrgejg6whh=R-EDEnIV>MN~ zERk_(d!@wBx>4z=i)HKr6eQCNah{}eAK%Y0bb*qF|^$tXSVZNG}}8< z$6+ z2}`O-F~WT0S}fc$RBpDYp|z!Xc;1?P7av~P7akXfm}(eNVZn}XR0vgqfH#_9?Og4e z8{C`V+5Tn$dT^MbJ5qFm&`5&s55pg0lObL0DDg9a0AJc(cgWEn6^r5U01AvU zm*N;Ne2>`q6MGF;uaX6pveiBYS4~)+`{6b#@l85wrj|qGqNC!l?nCn)AaRuL&93M9 zVEcT^15xcUE)5KoCnAS$mjDQbDcT44$Ml0-P-0F@iv!w*VJVbTRE0hHG!&wLC4^A zEa710;UH7i8nwq`&Lj5+0*L6tqCj@+a601d@q9U9Yc40K%R5zMUo^LjDRgp@(6>|m zcHG(&iMk$3ihk^0CvXxKAPU5;i%pse7st=}bk2JXwTq^oUPvE;h*Vx4V8C}33S*CO zsIMqa{pMKsIJW(qlPuFBQFtx20fBh7dwXvWL% zAON$#8UaPX0!%VY01sh&Q$g*ND*a9wP_*pmt}{VRcHtFeQ86U|1#>j# zV?WVQ1ikBjdv|G1T3LOih zz-{1ZT`=A* zLIHAGNq3C5bO2Z*CVaT%5j2BkKze+C!yf1E(Cz-|a3csuI6e)&X;2CSBtqy^RhjfZ z%xt7*r#;jdj8Ww|5JDmnM4xvC-M?Sc4uaX{M2T;~Q zacU0PJ<(35;S!x(n#P21Q!*TZ*%r1KJsjJ1?HX08d3^M7aB_yZk@N^Ji^uU}hIFrg zeuTcoO7?ODn8DSxmrPz_W%2lCL$MO~O&)}`FncZNqhE4ubUyOFwpD1MSE-^iCQFKRrKsCH@TMj@D*@ zbhw|?DkNv$$>NkaOL24xUXw`@AQSq78?lFenh`x=QJ0BN*P@3_+=nA;@mfg;c6>$@ zuqfAu!0^1rYYAK~UG7NauJhR8I5uWe)^Y?#5WeT|6}p|)PEAQx={d5R30>22mBehv z{>YmE9I+lF0n(z+`$sVA_EaF#Ths2*70P@0)E0^ZC+3Px2J(VD z9N7@iPr6kFuZ4CG#@SQ!jlxLTB`k01aS1z-N^tN~nC;_(UAwe)i!Sx0Tl}-mAlJZ& zM(APIaB9X$d;Yjtl|-)tlxuPk)fo@zwWZtSe!%i9)Ce8^*JD;Du z#ZqEIMKQfT5Lp`2Yf|nMf61CE((zkKVuB`WRaE`eL9uo*izM517=lcR0}G>Z%wi6F zi-71zbgY>W5a3C9=Z_o;PTGk9<5~iU3-l?qb@3g+%_h$a3cCM0!Xuw5cAvbad{y zD|V*k(eDSdlT{$}1QNp{%cjJpP zEbD6WN*TPq6p5_0G~EalR(0oIbfv7X_f;Xsw`hFNzdtBM!iry5?hpG|^FchnIxI!w zEo>3L>UBC8y|an|3MlN|`$@ZlC;+io*eRZhIM7Ami0^_fx?>ChNzMf`ZbA@;G@CJ0 zYkf)-XUsrXB&iG>JVYspg~751qNe<*s_>RY)pou|on{#1A8>`C5-90j#p@RJNE1DU z@rcCnzBN4t5Z1c=^vFm&3@AW71K4hwx8>&OhIGFdOn~Ke&<-rWxKEe~hOnZV%gwL9 zb~pyNH{0LqGl%pj(Q?y29U2mQm)9Q~6!s}2euxYGMFd9&9TXAHu*|Az1Q#)Wz}R(l z?xHoZc9-B|9C$=g0UA29tkrlFbc4~YlQFA7mN=O2?>a6ZL@#lxTyPTbB(b%yEr>{l z0iCoRP`K!k3r@gvL#DX!k_(o$A{VG;*AoMzHD)jAnF^=Ew9L>TQ)U*h6spAqnrh^% z0ON2mv$k^g#dMG}w{R-3M97+18!5$R1U_?fr-F3@=*+SbslZf#IV*8u;lc~P;)$Ht zETPWL3`zSc4DjBt2gnK|vDg>(A@Qduk}3prDNnbJF|x(ulaZ+rC9=^R$@-SH79Cz_ zi>|}@_>$W3{T&1T{!lL@#a&lO>;|M6FgH{HCn7P_ZlVy;jndy8@m+@gg^|hGN*Elp zL*m&>Xy&R`M1(J>)2*-B`9hu4wOGxCRcI9J?n>d7htbc0IoCR;oR8F1*HKx?3epkB zJujMUCVu=|l~i*|s)1@1qgVyX0`x?^k6}4=LI&bQSUrgqg5vsvexY8G&S?)otjIbr z#jvkXt(~fMTv0ur%urki%Lx-e?y49NHoK3myZ0D(jHR^77I++ zFT8N#RhKZkM5l_5zbtZZhyvHkr0?Cij*0VT;^PL zu^mFdCWZ_GDQhX=XTiD=v+t>rq&~ioqdTs`rQi35 zNOJ4NW<{;7tgfkNL*G|N!VaisA)L2qh^lJ4->w%(|1qwH75#AdF0hgwM@{+zQR(d1TvEX21@^+m^n++1cLP+S@PWm#x(bV$u+rOCM|kE`&N6 zl-`V3%0Bc*<6&Q2Yq2L;I*i+G-|wJ3MON*LmBL%r8^>6U{jgDbYo2Sx(rWR2{0)~? z`*kDvUP>eYxM2^stkXyoOWurF>HaM*bZCcGW2eRxg|S&A4R!chl;~%tMY7>NJ>#EK zb{2r$z%9yFXz->{yZtTxL^uP4qVE=s->^XPA+8wUlq&fk)35# z+NM8NzK27 z2QK2J7mUqBlx!RQdml5;QPvvcK~w8I%CINU@Nq>OYornTg%{Y`6W3m}&ixRZ-(Q#C zspWEN%TboXLR`gafrd^DB;7snL|FsKN$X#)zX#NX_6p{UvEYDIJ$5BiL!t0qW#W(| zYQZDyRJ;-+70Uj>7=@sGVsv8CxY2$thQY@D&!HFU)EC_H(Q!+>xSU#wrG&|;Hqwgg zsoi9+P_FAwMpO^frcY)o$YO0DY%Fgd?5o9XG;C1^D8udmgWFXbeXn~P1<~?8Yda9X zQ?Z#|g2fv3#2+HOgXi0^AZ}4NsTB;ozqL#Q!?1#pRe>2(*XXc<0FhA;!6Xfr?kG z&a7{Ty|zfz7zYil)!jMz*RIO#*C(a}I5svBplj|H-;E>~P4(l}#^%mqz;pLc@`ys9?$YJbcb+@j)VV~H$JMw#x@1J;H91M~; z1y%HC#wm9`DXI<9&WZpOacH*H*b;CEOXTrv+;`Cqw(XOlo&W74B7I08laF^0(*s+s zFQ?BxWn!P+s{gT}#x8u)k$y5i_KJ-*NnB0`EDLS8wdUM|d@u%dkf3#2LD=xKK4t+v zN}sYW#{ITFTRnTR*Tmz=Ob4pe*@;T?$!VVRPa&f{Uk*JVdgy`VP0|2_=8?`F-t+at z_Bez^BAU!qyz3)0_C4J|LE#@%$8UE%biV=J!u5`3;r@+>im+An<3a7kOSQThWR|$Z zIq&)51v*-zRy^pKHkjI5rL_V!Pwe}|Qg?*n5X#$v`5K?Ao`>QoqRm&~0PUB$x9Y;b z#+^F~$ttkQ&Wf*s_7xq|aSXaad&G#Ljln0N;>F4nZMTlu4~G5))MvFHwT!$d@`odQ zgXwFvj*d5*trlMAi5g`U4XWFGyJ{5`If0LAwPd5>`=r|BSpV@*z!?-L$N(=qFam@a zVBrC+0PB-!7<>Y_7XXJef0c~lzSh%1S18Y$&DgVx87G>4ve7~F8DubNBvA2-#^~H{ zd#I?5J~7yMr{|5@EV>f5h`^xB4y>Xeip8UVeQwag4p3a8-TcK>lUxjNGV&}&WC zC&!$u{RBhNz4mS+q6558V9y`@>j=HKpn_No121d6_Gs+k%0nd!wk{zvxhry`H1dXo zs+5`_S>r7N-4?&SB>JzZ6xBG9jBSaB#<5|n6!btJZ6;tUS1-%~0 z;pF2VtU-dctbIZqy+C^#M;k%36ArrG2&MKZZ3R+KK>KdmaSe60XkK7njoIsAzv4O( zB$d3?-_8p1y+;N0OCs|-*3KFCU-!f7z9}=b%M52L6WL{=*~+}J%e~NFYzf0Y&JYt zh;RIxWnf^U+lX9i7whlH9H;(rY z*#TgrHKXY(`=O@H77Tq7Whq?LGD^<$*hqS&M?mXJXVfZeDWC;DOEcF0>*E;PC)Ke8 zX*H2>lC@@r(iI`HxV-ww_XmK((Kg+9jxj&qZjBQ( zBt+vu5`_3l(@fztUNQE|NIKXlJUVt5c96AVjtjj)kPmPKw1L-}zm3BY^P|8JMz-%- z4ut^hlUGCL4wx%skD=Tyxf{G@yDTvh>S{N7Ko$qUv3JG;VD6!BHN$73(KH&vp$1z) z{D~6vYhlfebka&j+A5{>#&AA=4a42S+u8=5*|cv-G8TiiwW`*5Wl1^*N9crZFb9lZ zAUBpF`%V{aSPAJI)TZ@aPVw>s2j0ja6>7~L< zd~ETNo>CqS{FjkowYX%>n<_3TcY`dLb+sTNGZrvzj3U8mV#;trDTi5yatkzl^<*s` zcTp2@pg(UjR&L{oK0Ty9J$av1Vl}_SDwNO;gz2z991oB+Cpk?pDtD@?-SxfxcmRvL zHwfvdEFQ~Ap@EH>QOXeW->gg`&hnAMP$&yc1OS&`iwjRe?vc249U>4u;&Vno)vywK z5jLh9hOgC_6dWGJ+UF>BC<9(#Qi9kU*Bzda2f!2oroZyFi8@vXlyBga-(=!NM{kpZ zeQD4s+*5u38cAan2nLHjNdNlj(WZJ-UqQRFdV$K6akLyUHxNR!$%R1;t)bBlb7LiW zx&mTJiMV2l4`I0N-xjnwe<8tBWT;qcw!o2*MtKU^kX($Rv;6}KMlM1mmn4focdZxd zdKe_+uW%5&g89cQD;Xl1MnYauwXhh|HSwi&6JzYHUYQJyP z{@r>d4=c6rS`-+mzJ&hF2bl5fiKdQuF+oxhG;{={B|3xmyYCI@Nk+*qp^}!+nKBU0 znZ*QVF(m}k8hCs<*CUmdBqWR~=7O~L1u-^t`V?7jNVQA5^X6i|2j)G4I7pjJsqL|ef?DC!4n!$?6VKCshA=IRis^| zN8@uKk?1GAzz$yQC^?ziH9O=DF^MpIe4$B^dRz{X!tul$qCJo9To%u=c19A|kmgJP z<6}|U-$xcIVn<5$&?bHCamR@&x<*)&=fKRuGvu2INH7|+l4ZULjhP8+F7ju?_T~%| zvXDI&3(09%xYrqA9%*65aZiuDz3PI*6hzi#)l6eABWquAWu2Te#@M|`%V?Rgh~`xh zT=sF8{?bq@lj6exvxCH+vn#7)PH;OmY_s?c%&70+EqVGqwVPwV+T|EBbsZ{ooU>T79Ti9}D4TM#*Gpl;gevHkT+D2zs?_ z4FmJRajBI;!Ja+7jEdC$kt-~Q6UZfSaC{lYOxETWP(8fb^KVcSr(T#a1~9)CgaEtpT@ZF0qs{`xycaV!HSrQ)wXMEvXVyZXWu`1vzN}moH3Kx(ZnC4Kv5`4P zVZ(87!em)BipzX**|uzTGm&%6 zC0b{wg9_cx?|T6w$moDLD1ES^7k7L(OLn7Te08rL^EEasv_ynhoMOUgi3xtdN)BR8 zPf=;e(;bDhAe9JoHpx-$;>EN`4rzcz(7fpbqZok!aYDQ$U=5Q_$U+BiR99;ApU)2t zl;0b7J(3yW@!7ng8k(Xe?bqj!1DVx7k(P@LFQ7VVGQk$KeMn)d`kM+#Cfel;B*Jw<)|z z>*zpH44i!9z4iw}xII*WVM!I=^H3$gCbQ_%y{(xs5?I*nNRY0a@Lg8kzJDF(os$?SxOZ}N%zxfk|)z}eqcAJ0GhF56~jv zCL1p!jSLqas7`Q!7N~uR^>mH#Mo6-z8AmuE5-~!IPi}G+V#uxQ28R#7QC59tltrpa zWRXtFgE*3V3h`}*uNI3qBe#f9uCEG+P4-yD5H z`yarm>l`?N&(3CFRD`3ooXySb}xDPfnn z)!OiteMOsGnMOoZ6g9A=T$rUEod#9X4zyD+OXT)dL)Lo3t;_znAzY}NS}52)OSR;s zp~|TKSGLfJ4i|6Y-%+m8TQ2e*#T{jG3K|E5Ymb6m>9}rwhcMN+ zFVS55P8IF#kPZzw=5oKoQlN8ISLqDB>pnYw7fni|SwHjvCq|^_q7wC!RMJ_!N5%bMGiA3L!x^E)HC%i=`O%n zQD{|DV#|n9QOuUj?W5!7k6X>3#7q5)!>tyf=SG^(A=sqgiYyC?%5W-?0LDG77i@Q* zStAjR`;U~RK+Reg@A5YTRxo9B?L}Ug-#Ai&Q^jHWCfG@)@+M6tN%R4A!gHwH3OLOPPSRPD_I6w_BUD_=2WA<;IUz;wp62ILcwtS zanFK297N#cK!-A9`e5M0K3>adw$zrOi?uzEtz8e@&!z1T%C&LK{XEF~uA@*Fptd?ubm*q1! zn9*?E1!17s%Z&IUnKchxV7|Ly3rnhoK&;JcUp`6|?z)Kajs84+OU8AaX(#z}Zpauy z=4M1LG{)cL#lG(E|eVc zCe%gr9+da{-GUsscE(MZ&YZUmIp+s&LgYH$i6Kj3$&nYU4SOF6nV@%~WB0<+|lk-`zmO zgc>;y`Mc5K9P}$kUNEmFaCZyag^f%QzIz@TBgk%P=$tb`6g$Q3j%LMIp)9Q_mtssP%^xoYE*n7TNN;4_lCc zp@ISM*jMBp_33ydY6&Ef9EPvaO~;VkYe+1TZmbNkj+T(O(a(w$d8AoYMOLv9nzBj~ zW*hhSkNAs~7af2eZogE?+#8sdNa_Wb9)f7b6^YLZeuV=<7>>>{s%}KCMY`c&aEnLK zb|fGlDPyoJh0ddn2Ga@sh|D&_;cF#ESumWnONtDI5S~c~yo=~MvY}`Yw!sLDHo7_? zTOB;p!Vvs?C=D35&yz(*I@H@(#KAUz%V9Vks3H`&xF`ao{iEeI4ls#iCIRV+R7SMT zQuo%}ZQ@mH&+CtZHh`!n8z5d=5#9Cua2!EF%kKfnohhJj-4cY=3DHpa=){^7ZB#kG z>5o0Y)&Vq&wPNapySW$g)YGHQnzbAS{1m4{dBu_xIu@jD?;Ra)?CfYMnnk@aK%SP_ z-SO!CCs=C35^lG{ai0y52Y!fCaSely<`IC%$fvc6x*p(rLf@n&>5Dg*dchd0AYqSH zBJ0b5#OurWclo5iB`Ufa!xJfi4npX1 z14@-ywLEsYh#&kup=>INS_fJc-Q*dVm9t!uCX_6|mi~cl1WYY$m>mvuZoxPu?L>oK zbU6iVQbZS5LkkwLwjOp^^&`e^eU}`e_ON(*d4o||(YBq+uhY$Ych>d}uFFR@!N=|3JwZMB+_uDXq8wTQHTys&S15kdz5vFE&CDAv7*P%+;RPBH5v zmixg0!ykLE5!Iw21{c#trPiL%#3F^mTejgA&Csi~gIffU74idNO(>?%8y1Y&@|ym~ zQ>hO~Hl}Y(90R(Xk+O6@qr@K*>UZ#8V>>P8fYyUPF64X7m~SDlbH(`9GK+A*S>t_L zCqhuDKC##(3Rc7{*qg{_0I?Y1IV>EGs)l!o&=Cc@uF$u~f-PBD(Gv)Kl0pn7m1;v~ zPhZKHTbQabttQ3-8GDUFX{?EZRRf9PZuy+&8gU@7oE4-nlJacA-J$!gfE|W#y8>3d zO~s6}2PnR`BO7>w?(l>h0yB(A=dg4jJM5yo}&X44o&v?U;Bf!>;l?hp8;P_=x%5_& z-j@p*WsjPN+Xu%^QBIm#a&zN&!zqUeb}4jE_06M4<-5pyw0}+(p4)mG=;PSyPZ9x5 zE$i@`hJPOSBk#huE)r?#Bsw5RomZZYnutdftjoTmr1hzg!^5LHE31)rJ?|W7LHAZ` zp}=wm@O3IH}>m6Zi(IkVaVvTmvjSg*`iy|}^|S%tCp9@rG;=ROa-)>)%m zWjxE7TTU4AUA%`HK}TylvZ1t-(D+sqafx<}=;3kvwuc%mPuNugALJqo$9W4a2!jVMg&Z!6%~3^?Q3&d6w! z*jLa_A>g)RgNL(%tLR%=qVT~lEtOuFjZVu=CvsNds;@*#f8Wb7J)myB3(X&5L{H_ zqYE5Js!E%dk)#&G;Gi)JA__XHKvm?I6w4aWN+h;;v`Hwk=~{^`mj#YxxdrG49>`N0 zos5XEqD{U}P$)nlV&G8H@rR^7iD(tosuLTWrwhS(!$@mjO+D1zy5#v@3MZndUWIQ0`p4d#BG4ycuf#Z@3pMdu*eaV}X32{yC0uf~Z}>zJLP< zhh%WK+%223YsN6QHTbbo&~?L6_BDZC*8+wVrbKrdu}p_8ZXy)#5|V>e6UWWu&(U8B zY>GnTr{@plYbmMy+&s^1+Sll<KatkcSvj_?neXF0mS zxU>OW?2nU;yeX16^tO#=sW37^5viiqAm}s@AJU<)EEugHmJ`b%`yi;)qMltav7zHaTs*cE2f1-#tyhY zWn`$har0g*320TT1yQYwZlQqbfxni%Vy`6?pb!2=T*Nq8PUM(J;oJBiDhq_NbuTgs zL%Q=q8&ciHDXxrW2ZO5Jxc%)(j*pNZHqW*SX*^|Rd(L7_&$2t$*=4hf7Om+kGrHurDXBGP-Oy zC_BeEb1;UgP`7?K?uufhzK^q%#Zv(zVRHMSncAe29qfX}`<4ar)(!eI9a%^AYxF1@ zUWj1FD)yeojckmAk-pXO%$*?Vud?5_;UyqVWQsfEUhh_ALwbU8Fsu#lnC}=4LLf{F z3L)9@G$ybI1ObM#&ynJB>yxF z(?tI`3t6InODbxQRQ3wYcI=bATrM!cyPDVp5Kyw$fImqS0H?F=N*~G8ar35Om^&ks&k=uE-M*Jbj zZh4&=3E25&xHg!oWRq1WU&Utkr_JrdmbEpKN;U-I6RX%HvMh&#(QKgS;}-*}g~JBt|V2AwgEM?p8L zs50x|xOt|1M`76i&)&B`v~eSk|BU|%-Qu3H;|CCuHc+=mc%*!e*Ef(hcX4VKdkuTB zcU|u~z$NM5{+)-U)xK-p`9dLu#u%OsT>)3z=eu>6?fxll z-D5b4xE#!hb%(2W#eb6ffbpEK-jjw|_SHKvz&{@Tf&Z8@Og^hi0CSzrW!;9X=}0U~!UPIktqQhlx>`viZQ5*d@rS;hOQN zF>CiD&p_IZ^>Y_e2d*=UxDDV z0DHoEVc{P%gwj9$@sDr5`KBpx(Bz*b73X%5(((~J%1?tYAf zg&>jvg_ch6$N4*;Pq;IVm1Xoak{SU3zEUWwkMU99~s*{jga#uCQV++MFyj6S$5GsaCsAV#JAv zYIqG1&^74=2u_}P3GsnTwz*`RN~R@I&Sy#`DNlDsr42$0pW-uK(}_SVky8N7Wm#+< zw6}M5H(%|aVjS(~M<;uy|7tFC2r19cdA||`&B}dGRE#%($hBgu><+wF!V@wS2_}6B z&|*NxE}4Y~PX&@8P7QFK(Gruj+FYrvE6puqX=Id6U%mnwUwXdzvbgkfxmkdwl?(ObpNcn&#vs6kjP=VC`bF+lAQ!0oU?c>v|wEzVr-l%Rdt4tD9b|IA4 z4%*K*xBhvuzj^W#Cao}HUZJ^yveT4?3T(|rR-@)kCEotm_KHhfxXhNPblDp{gNpSk z=T^k5P=KRSfT!37Hl| zb{LI#ILQE>$>40}g>HDGEKsG608UIY=|HoT$fXR8$YcxT_F7*C3YWGGf zi-hF~ONEhGLgT5S512jgb1uQt&12CWVS3;)S>8HiN=}BE767u?pchfdhUG(<|68V- zy|QltAt`_J;B@mPwVXRG|H1@_u-OOF>=K>V$Q7LWa)tg4>$N5FJ`XPGOw?m9b(w#b zG9dcUAjWLP=mKtt=cocT4G1ZIfX^BX7F|3DB_(L3@B2g2?_fe(K{<{w0q&*W4U9kq zHX=#LnGj>(HGOhc8pF>Ir+*?K6jZ({N3l(v|5JC&5)q9d5adz>wBqhGg3WEuxh!T1AsFDQZ|d?hvz`0Ur~blTz3h z7nJ??Jtv+daGiL#`EdYjTDR8>k0L;>p(l4YZU&D)?vKU11!=nqGpzf-q19nSs&2(#U&lC_z+EZ0Ptm`zKwcH zMyF{swHSY2g$<~*bGTh99QniGZ-v6YuoJPa0{0qVTtPM2C_kuR1Y~uLE6YYFE$Lzk zx)f7GbLo#F}1n7`qrjCIuJNSk*Av$9{$+QTd@8 zQKV84yJbX}xLZPDT1hSjzCd0|O&5r<5jB&350_8>CZfQr zt1G>)2YxTS;w(lIcH;-=${vx8=EN$pM*cA6Js8oN3^|H9t_svWHCw=Xe3_6p)4DW& zo(gJuc=3&#S`-?SQWHp$OP^TM?1tq9JdKS;H}$-u$n&IxKpDY8nrt!=GgMI4gQm)? z|DdUQ&{REWsy?@->JE#Eb|m7s1KTCvSZ5T4??8O0v|mcLo@I5-0X4SV*hnIWj~XBc zl*WA$D~$@bvGB~?G*NFuygJ!wA8hU&p2B}SFWU!4+dHZ-rZJJzn^g)|4O`LNejQ}M zOVNE!8HGqq>KWw{q@8%%CRUX3e0OvIWT#nL)Kr~W5#Q(4l?b7i&0^dMhU!=U5rVy{L6(dfTEw0;=QmBy1?AS!jPi6r(Xv+xg%_6*ueikIP@AX*RRu(|` zt{S)Wh{Z}WQoQ6gMPA{NKuxrs*K@obl<5y9uRp3bdDT&onb#VX-cYn;K5Q0qdaEoE zu$#_c7~a4s1;u6Rn)D$yO?6Eegp_M5)g{>^;j5sMP%pA^AaE*rYuNFcm2`4?lBU)R z%Czn?+zazRPWOS{C;aUb2I{LFEn88E*RP{8@_V|}t}e5iS0ZX^H?OUu=l>U#(mzt= zFh>s}3D?NoutfUR1e(;dsd$=>qsjQ0hMQUNlEMj`NN^jx8(JigBxa1qGZ4}6ViqDA zUQ8pR;l*?!8eYssL}ode*9J?;ub*NC6hdfGQ5Ly^(gop#gwCa zr?^YD!QF(+y=7cDE~1uiIVL*%f-$~*4!)`L@+iGi6k-=THpVPQj!HHnqu`-EE(O~q zhks-l=O7Ov?~oo9jvNzNh@H#ERO2!_HHB8iacphjUEhBwe)VMpYD0$7-A`kulAzgquikT$KM2LY-zYYt62z~~!GY<5wkp?nAJ?udb z;%92XXA|9n2>N+NP!S(P6n;RWV-hDys3Nm@&i`a6lLvj}*RHSp`WVdrp3*WF{3L2N z5dq~vwRz8~O&Ryk%!DM-{$ch>CPx6Y9TJ#X2iDS6x3r!&#@xcx|730n-}L_4G7dDf z`Va`SA#?|8okxFst5u?Y_bBEEwDPxL}!GLKyfZLX2j=pxni=xBT-izALqV}8oE%_o&7ta3ZM)H5v zZZQG_EnDonU@a{bxwNICzFQpi{fs|an5UWw(3qPoSzN}3iM@+n5uvG&G5WpLvRV^S zRy0btVClvgka`0Q?vv!GOETX7gmIR|Y82fE2#WVg_PuWwe>8ViBYPhdG#Cj*DOy>! zTLs+UM_3rsB!yilru@0O4*KkL$^TR<{8yHLE5(2cvo9;!%gKBwheoQ9L>wJ_n;6TC z#MpvG)FjmK$kmplH5xLR3275PNhYg$CVks$+PmEtg|vPtG%A?c%_v?6@@Nzat``>2 z(pxM6KSjQcbiy%L$|JJ)F|2lxL zumy{Ae1Kj;958_}<4GAdiK z$Utl~U{H!za^@kA$eIa<7^BQ`q2IG-l{Vi3W>>%N_`M!|3%db*cIof1d(Q8XsPN1A zx%{}G&w)LpPuMxQmMZ7--}C>d#K6#^Af~B0O&FCwbnmPvg&7*Bv_*;9E~^;W!8g6~l~ekqKMHFdchmu9C4JHnFSxige-mSm<0gcDAwo($cLlQ1rg#{+kjVQ6RS*&^HTn|Sk*4IVp z&9C*hmDW}I zIDcN3vB)XAkS@u`1vkjE8j$xwl>4$O^JP+1nUM|24x1ygwK0ejY^y3TQXOmWAT(FH z`UFmgB*DJ#zk}Y4#=Y=n-Mr$kyYFo;#E2ArkJ?tDC}f(^gLMGqntojEr+HKgt^ zr=nooEB454xs+w*$NNCUd+zt7oj#6X)m`v$+i4`tON z$8>VU_d(co{rcq(3H8bH74vrD})F05Xs zkE$a4MMgU_E5p)?u2`!&9F9KA>CGLuOLyFX3I_e4K#k|T(b$7gV*+p=1Z_?Njxj;a z`WU>2G+UHK11p+B{asX701Fwd32(O00ofHZ^Z#Tg$Bf4mf7o?Dhx(Xw>Ke7BdLxso zl;jNj#qffzu2iS?_?C8k=ve) zHom~&C^`HfqM^cF2s;ichrrW?5|Jk31rmNaFSfQ!G~rKaVTrZdGA>Rm zst~>;i%j*BKkpJ*b!$r+vIQ8UYKADPu?iFIi#wh6#hi(3H1>!S-Jx^)i}#xq_Ou2omre8CQ}J3Mi^&|K!7nOY_yPI!cjXf*j_sx_cx+T zQ9D|V*>1;KNfeA>R*2c)Zhv-<`+Wd+mbRv$vQQR#Cr4uIyJyo}MkZ99#^yWUJ)4`+ z$H9;1n_6QK6KES8Ltm8vkh zgFm5Wd82^8+z!mTJrWg1EDhlWXT+4xDnmY&QA_RyFh9-rhHu=r$ogV1Fl`onfu3BH z)eqTTRRgV}A#s_Y@uL8nd2hEdQ;>Kse*olBD3;z=hj{HE@Bn;4eS~*_cYK3j%d$Am z)zbU2!I}f?AL9P#WLK=!m&Fza;Qvi@I;i|7b9l@Fjt5W?w;jim6fRcc-T^ixS(I@dHdyMwkwFok$^8U|!OeR}Co zJ{7#`!~_`rJ2u#*dN_VbkDMutiG59f=5t)8;iQxvKbY0?fMh0EE z9^Z{9uvMAlrv~&%A%eSIHaWU*h;PfBLo|L2SPcNT#v|7s2hbc0X?eNyw`E-#}OY>!2AEh7o2omM}y<=6A5!Q2A=)!pW6EH=D~U4+UkD zy@VkkEWGrAdf0@_g@+f8ZxJyC)33o@x#82XdKv`kuQcYozOdHMDzeNLtYgjX1HZi$eM8G88T+% z?$OcGbs1-j`hMN-Jk@=FgD>qeb{!FIb{@;pKCndVunM#@M)S*STEo1sSHuT=xm4+u zxtLwv_!PZfHDAl>Tml~tZFhu*F#%Q83$-ekuPjx{)7c6ARh)%7FuLe$6eKA4@qQyA zNT~o`K%u{zM6raKaG*d{EYtlVet)z4R-jrc_If3Hjflw=#H3~nxdc1h)qd;S-bMd? zzX_Zjwg%&Y4fDwBqE%R^ZGyN~+q6Y(yZzJgtJm$5qgOAtb}V@Kx`PkfJFic74l&o= zNxN;a-KX-dlN$|*3DC499r@;x2yy$8aBeA=DFvVO9gBgKfm6{|F79)db3H9xspP=u z5WFZhx7u5qTR-izf8N}eD&5ScNNspsF3cG}*W(m#PB(4o7khLR?tWM0Y^9c3Y^9~qjDoE}-J z`{W71G8FlGxs(b{)P1&cWkJcWazbB9yN9jZu#1;89hL!dQnMk|UbKl0+AeOPD`Is+ zg;Jp#zBs)xjZs(!B!CoA8_QzV*s8Se_|h#ama(F`bxU5m<@7D@nhnH@YuCJJDn zeds*X_|}#z_I#{DF!A|`*aiH;vjePUSW6=oZt*hAQwKaeoRAligt966(10_lfvi3d zcz4E5Nu1M@5&-ICgp~Yq&_=|$J=`^o16r>jUHi`1-a{opSsR4U{t%PovOPwjkex1$vMq9!Kd%G(gy5u$W)3u311g0MdC$m~GNEuPIT|Gj zB+F|}jhw;P6G|P#+0EVeaDbsWVc1~|Sr+--cjvM+B;%6shRIwth6#r86sr=pO*2lJ zRzL1GiwWboVAEQ(==X19KXjUuEtr{16Gd~(T20|@;J`z7o*WR4T9Xj!1(kD!TbA=; z$tfE25UtXg5VIJ&ILD}^>2}G-*zRkW4pf(wu!T~c&mw10zPdoM>_HFq3ZXOCoymMV z6_|pSp3at>XOip9;mS|>R1R7QW7sgtLX>D?Q5^bLH2UW!+nJ+}aZ}X}#Ti^Q!nklg zzq&$_rLa_r(4@kC++xsZWRX8^5g&Rz8oMxuZ?)8=k%0vmZ9!$+5YiBXqHf%NtBRne z_Ne$PqRr^=ii=yKrZ6D^)euBM$LrkGFhUbcvy;GyL(?dBAL718Jk5Es7iS^?<{gWC#M33v&lJztwNc^I8_9kY#I(cN7@lv+R5XQXgnk+00ObWp)=VM zpKR{+-bT);95RNoR#Rlpkuw0fj{SoOjP?_(@X z?$|Gm3`{z9LC$1TFIGI8ayv=(zcdpPX79htOHF9*B` z2okkNE3KtBcJ05LwSORh(WZ{-9Wx^9v7m_nt_LWvOoQpQvY zevlZ(MiglE#0kekBtd^XQqF<{%oT4UvKrHJL>dkWqwl_R_?E~XiayFGCShWO7~dDF z^~VEGe77u?sF_xog40MKSFz9$z<*`rV7at8`|G9KxkQN{SDTW6@f09K2S~r8XoajtcfS$sh&$E zgD%Eo&@c!~MYmMHL`gIgD0cA`u|F%;EF3Les3!GK0pIBvZ&&K9Ow&M4e3*L}>dLZc zoV#8lxU9!I)~LumqS7d(8=|68r=qn&9}M~S6L0A()P9N$VPOK7@J+aVm|OB|o+Dxz4)=83976zd0mm8oyf3!T1%Ap@-;S#`A%g(;EQ zIM4`hDv}BjJHSYrF|<*pzMa>nHUE02Ns3Xzq@eYFboo~fQ{u~510e^RcvEA@N_d?`xNEEBNevXzb`0ayJGYtO<*h) zJ8~0+ZCu%FAR98a0YJSw7~(CxMzW&hTq;h|agtg*N4j6DM>-az+f##SYAV;NW!@m; z3#cQ7lcriHQE{o{Y9{!U2nWN=SEuk!S1z9Xw6nh-$q-6BKy_hka0z~HD#Cxz%7jGN zK{%zTQWqfbCs}&3!-iG@b@(e2sz05hy2jisDw@i|xDF**DW>iRaT;)lY#GU)jp2Py z2asYDxPa0QkRVD*KsN}+n09`Iq!}#)pH5RY-YP9Q80LrXaDE~CoiePA6N(qa7~<%R zY;}XltAoJ4a5N}d1p(UW*s2qB7~=q4U2F=Mg1*?U>zcnHL*kf4wS(g-4e#6fGVLhe z)>ml3_ib8+Xd1MxD+(;Sjuuv0T2Vt>=XNPrAom3}s?r9A4^qL9i1C3W-Zj{ZqaqL@ zp8-aDLD6feN8i<#C%4RqTsPV~F2#o&@z*87XerUhL}bg4AB{{`Tpi6~t1O2n1 zVW0&e=h{X?0v3cq`<*fn2K0)j^_AuNggm2g)m<%If5v{B~UfYnrZ{YWnr{8{uziE_W$=dDP7Zi|0KY0zM zzUj6+t4fxULXS@@ovI`ZRg9YFd)=zMxphaVxpM|VU0M#40&D5|hnp&J2viJw(=%g>%XS$VqhWQ=i= zqEe4n#oFq#wP#PiU3~`c%vbHBe~Kjr)R0A+&8YOZxXA#E;u7CPC6>$RwkQ6^AYgDe zAa7!LbyzxRi0d0MP&SkUAJ&i+7Ug=IrJ9`I2oE@G=dh=a2QVqMXRE7^AAh^L{P^j2 zPu9Nu_Q`k4-|p{g`}46EKuOr%R3?RuGAgG2Xf2p-#bzY|rtB^!gl&tVs-}i@fzQ-R+ zdSb}zm>tk7OW5B>E?MH1TFW5FJ$fX)222-n(}pU|=Wy}8w_)cT-qdrM1K`O(Eyt}l zTnCiD02YnA4B!*8NrwvMjYLsuR6fM7T%5j=nQ>62=tXAJfX|H-rS$qfY%)Fd0G_bk zc}ezEnxaZcEdXi0bE#iGdQ>hfe1M}m>OV?BX&vW>P02B~7kmS3D?bOLe`c?spE?Yf zg4AV5NOJIw`<4xf?X*(>dJKRDhi`k6VDPGlgON7$>*g~)MSn81@P`s)bNz75!3T5n3mNZ#XgFa_U=U$uw!YG+fk%Z)isq zUE6c6fJ#xjzsZ(Ga`vov7bGRurO+8swgm(Vr-q)WV`ME^w_DV8fEb)DkCRdRK&_M zJKwl=?FYqrapPXzPz=Q28?N|1R?uJ@>hT-*EtGW;a-BARbC`Sqh+NyX`%phNM1!S! z*dDLCx~AR7YgPFK^C~sPzIDnMkJ^F5k_9A(M|orIasBZc{14xJqRx131oFvu^oX{d z8vyGnHx6Bh929cifke9UmK#ySq>zdBh$1nMJyH+qINOG@K=Re4zbO*^_)%}Pfav{w zd@weijQJ50EP7S2g9)xrcs#Lxf1?hTCq;8hds=|R*@VVHLZz=A{6c>=QEIJiw@*&D zx7zT%nefVZ_UtpdQ#`wWcZz3!oIAy{|9N+cXZPh!@ocI)#k1SEQ#{LYrzl8kwBc3v zOocfT9N%c6a!a)8gh~7EIVL`e?tx$jMKc6A0Fbf}1Q6)vP+p0&u<_Q})HF{ybd1!xYf)S(hXq0u!tLul_sU@ z^kJWNu7@_Ig(KTXPdGux9%AWBoEzOR+I#4cnr)W!h@nRav90PDeTx1S8|riJjzLq< zA?ku^lAk3}QEHV+_(wKPKl59)@o0eRCD^aM(C&+izJGqsey#$|?Vt_@ih}JB4>JYN zZ(|8#locFXg__ve`st`yYW*?)O59u#|7QJ}@|w%cVF`DM7N|ZeV-(d-(B)+nkLm9g z1qn=CKq^v{0f)NWpahm^n-sc~qd>-)HY_S%pDjrcHMGY>s~3!&7TKtx^7J)4h250y zom4fm65%9O%X&@EBU2lmW}{-s2;`tZ_QW^A900Le%hSqQG*VZ&Su9qBFgZ z!`aB|kfRq_a7@wV&j2A;rEiCq?USAD`SkhGKa`EhC#V@T?CJj+=hOZ*7`!~BB<-BU zw}z#Y(Kw$z=sWh_>qoz()w?z-5|Icg3z&>V<`H}L>^I}uAyAi(AB-k9ly{eUvLP)G zVurzh;#g8#h4(h)@6iT;=zrx8wRTWtKq>_SE3o2QCAT4?HQ2?`EAepiV5hdfcXEo* zzg(_dl};H^cL9I&B+ZvgSI(`%RWp`F7u$+uvsD!`v+qVw;@Je0s{wWpJzk8093sT& zlbx-~RD~M_&KP@##_O7`$TLKunK1%{#{#QX;8n zJ2-bjG=hQp%5r6C_1Bf=f9dwkR@%c=D3sl1|QWL%&xVa!b|c(mS)rA1I`vFN76W7D#9Vy5c^1CL`cma=h<^OUxH;A9t|mh<80lhhn@YAwg(DG2f;q2{*+;e4|5jV{Lr( z8vZotv8Xv>C20Kmy3w%iE;W%Q4~aZ%LL0~{NVK))Fb31SC})5$QEGbea_9IST!s)# zS~S3?Uz2Q*DAE`QqsH~{VhwG(?@w-^DY?ME_b53aD(^vbpm~}}cEFPJ3lCU3B|UKC zGl~ytz_Gd+g!LDcAaHb3r3i^khl>|W^tHAmLv9Z+i&nW-`U}YwH0PgPu*f32jHUP& zku9Qibicwyd^?yXT@b@eix*Q__DqroO(^Y8_ab}nvdb4f)O(gbB5I1gpIcsV5LHto z0xC0c&)>PzrcZsg#YaI%6}25vTCzW$mrF^8z!4NN`)s1=rlqRV(u&kDF>>0;mMM1r zH-!r4p5=+1dlD#iW|t^-?j};~WXcpfw-PFL66}2^E>`UPwdIPPnFI@o6E0o+D@hPL ze~bu`O=MZ??=K=n?0haUV&`^pg!5Si37%HomPnKk^QR_Djd6lRu@e_5cG5D%&fSEH z-V8!TZ>mtSdv~FtWS>_$rAV^aRZnIREOujp#qK1*VmDi`*!|xWEPD4WSnS@DV6i*9 zV6l5Q!D2U4u-LtoV6mIv`MYt!V)w5tSnSRuSV)}kZ2fhlirqg(s>r6Wti|^ikt%jS zmsGKPJE@}gS)~e|R^F5DQL5OTCROalrHb9ORI#h1iiDOQCxc2OUJ4oi(t+>LvZr?8 zjcb6y>_~T50%LNv``w(-c36S}+ZjbSxIWBR6M)DPv}YKF%#2g!V@};xko!}!-_`wr z3Iq^y-WYMtcvMgb1BcbfN~eZZYiQID^=VjWc7^Dx7v^<`1wc9yCdQ_lD3`?x#{@JL z+ypc5N(eAvMCWR)EkXlbV6Wz`>G65G##&SLh~Gs2LSWLyiK9#jf3ax|Ol|7)KIejn3P;ylP; zF>hL}##=Oh{&AhZsz4$m2gMYpA2v&kH@`OC;(wJ!tKO*)B233KBD+r{dEmatcNwy|re)xZs0q%>+fS}+ zqmE@Hte)i3}R;`GYZEGfE0M;zU!o-Wid7T3r8w^8WnSkOEXLsTsPQPq$rc+qf(iwOfWQMfF!o<~<) z;5rP7qdCdA2etQ69F^xJEzw&(30=vMa8R!i5rq!1IVA6ax=zH%XQ9}r;Vkr?1?ul( zL49Q%Iu)URNr~)upYLv$V0|yB4f=1%WfuvM3o6#1&=qi<&QwDOIx^$er>I7fYGM-i zxAA=Mg!)(?g^1S)5!fbK?&vI+6|im$lolLnUSbX0UWVIGo3`w4&&@O<_p7wmmB|cJ zTfk(I7zk&g5zy_Knp`Uw4j$%V3A#~^7R&@5H?dw?UnQpvou{O*ITz1c%w50&Bi&Xr zS1t(hfg2F#5*UF@!= zRL@VgYZzGS;G~9bnIJ}-%dou^t`n)l8hZwreB9cdtKrgJje30+tbch{FDoYYLqy%ndTp3{ipc zKzIX7#f+s>OV|zvLnuKze!Q&S`)8FOG9?H>C-F`vps<}zzZZMJKgOMNit1@7F*D_j zStJf2ctDY8pvRbqq)1W+ze$K9{4gznEM&_SfIXGF+9twfiWQjOwvLrHyIqy~y@Y4P zmETIZ&%dW=9vp#k=m%~{r&bjiTOIZ=dfPfe5zx?jBBGqIo?9xI8>f{@h^8?XvQD3WGnTx3x1MC|uz!9k%&VM>LCV`T zqqniFM@oKPi_s{uMUo%?;V;^ z4rbe)^hMmHokkBQaX}?}BPWoJCV3~i!ZrY&?@SFo`1AB_?HH)kBrn#07riHqb#U_TelQVP=5=eZm#1TPC&37f=b!b&TQF2f=8#hNTC6II$SiYVgnE|M`x*Hd z(b`lVb{D4g6>_N<#_oYv#o%RftoR%yYdmnTeD0Njxvz_9C6-@a*9)^y%zRg_1|enK zx5nOnc9xbm#6*0kLM*a>qG(fG8?>OOe%&%9IX-h?KsXhD7$a@#Ee->QQMk0ijT5Yw z3%8Fo#P>(kfIyHc@dR$2j!bh)SDWF;#ZYlm!wk&>aCPHTAwDG3v1t{WiJv$Y3+fg> zLe`nu8bmF)8JuGWYL||UnTw|!*hn?Lb+o&yZ!J?2SQ@4kPZE%-x*mTo$HP5Vw6V^| zj?_BgBS&(m5i`Rh3=kZimC>=t~R?X1QT7IQMkT zUIO{c8F_ZUUWrXjDN!q0r*Yk9YSIr*l(?t$o^k7_%3YKQW?MO$gk%w-^*f|$?|Yb) zfc> zUS!=1WuURI-NASu`i^%IUdp6%QO*dJiz1klSI!E43ges=Odb~vZZJ~pb-Od@wgJYx zA$eS~ily|C6b`Jp`Fv};plyFlWiRFr>iR+VKNrKHHYqvs#PKMB&a1+oXOB~I$?-&-Ekb!udgmIFN^aV z%qOPPL!FO%J#~;6EAyo8n8N*HWVk4T9VS-U!E`6`n%)`V2@nL5s*0rz6v#=uT$P+o zCjL?uiIkph#AcfSLgpGemr1BHXQjEay87LB8`36p^`E4jr_`Dw_u?{C_A~H#;f*y; zUwI%{&^_i)<5Abdtjofb%A%q}vr*ztp*!yRfY$+LwC3!fQ)x_T7-fV=3iC#M4X01k zR`3!)1HHPm!@$S1pc4jOTiGy1*SWd4ay?Ye^MwI?={Ogij!8zpxZbnt#=(v`UZkP` z$*5K%lw&AdryKCaFXl;5BW9#Nq3ly3r=QemQ91ha#Rx$GJ%C*9VQk_4jT-hZ{wQ#& zNO~PdP#<)nFBpFfZ$I4k4$$uaXv7We02gspR=)AaGN-9BVz7E6|G$oBkpg&3DqqU; z6JC;Y1C>I>u)}FKRennvFx?uBv2%K`GUcI-9E0aAn$FcHPv4c*F!nrpnoetqDhJ8E4h~~k%_-^Ids#x+pad_HT z{b%F#ae2}Lz|tlq3@C_OH0uZM;VDlzT|aPsTh6fHVn9y7EM^VE*@aFGoPkW?Ict0N zz`d~jz-)38A03^@iRiuyE=`gns)7T`cm!l7LxxAB!nv6=YN>x?$~I}@)|ese&u#j9 z?gF`9-~#E|Be`a}Bl`m6nf?v_=#3obJm}(A&k5x>f9QDlwH(hI832Po_Z<#4&Gh~F zyQd&3S9LZ?;EVh2JEZR3c!Yc;VcK;q8Udwbya_sCKf_onIifSOJf4x?fyh?}UIT^L zDl)PYMCf=$eA^Zhb#hwKQRlM3Jbm)y@zVuN;42g2Qb2pw1i=~rECq3+{!P5x>2@)K zp51d`SNpHJ+{)=E#wu09Wa6c0HN@K4+?6Zh@tHw2#H-zFJ^#NroW>a!F^KT6?XEsu zU0GWrdcCwq-43N;)OJ_Kc*GLrWQEa}C+%y`o<3dv&gg+3tQyqkm}|*g&%id0P8w5J zL=13G1Ku9h#ZQ<7dgt9c2Zte!`%Vy0ermp<3>=5EF(WxRec-d6+d&RO=>aKq{Ka_W zXi350EmAFhnWxb~+XA8r3?$y>Z4c9vV*lw9zK+>Ec{f&juG=ACydj&-2dGf)qe(Z% zx1}8!-QCU|*xnRp*(G%}#Ri1Y*n#hvR5?+`c>4IeH6x2{=F+8+$JQ1rOA;kS?Kc$9 zIyp!%>=1>htnih7=I$?YOb4YR1e$wXUw!|iGLguZSJ#%8jY>BG)IhCG$A9wvDSd-S zYxULfm7>0P%mSKcj4d zhSDkpje6zHf_U3#lxAc|k5|8a`dtcD6H#=wbOA$yfvKUQ8NZk`u1q+Vj>M~PYhcHq z%tT%DN<3L@CgjY-1nB~Ivm1a3^z)6Wnq=jr9mamsALS{ zO3TViyWdlCqTNB6HBp@HO%y1$FDYRbq<+61^UCH4rK^b3MZdSvVun8h3S!gG5rOjxKygC5MW zKhg(IGhMY3-8*OqZ_rKi)L+hKRSA<#W=*`tQr}}W2*+mR>zz{ z8*`yche~;#!ui5uwUXmV-l^Y-C#{~PxG=j;qNZsEZhD7{t{nE9seH^Rbw~A^=VWCK zF%@kl8ne40FCx&YYwNgab>Q&cvp&)9gP)t$;C=M_5*MX`+n!larTibhEXdbwEvbDD-?Zau* zuRn$(@miExE6XeLYG|{Js{;#)a~t<}7#GO1jUOn7zmY~hn^4c=|Sy?Udo5TIplVka2jH{YfQW^!h1pKFUeWbre`de8C0ISH1yk8 zii|{&Qs>i`=6iaIvT3%*yg?txx09aRj3zi#Y+##$7=9%O+!_~|MnQ^LOF&p6A z7kEiPIs0f5pOjO@?n26BYq-B{B>x^cecz5b zmITvm6{pqDBi4Sm&86GubZ{3_kvODgsWvLz#V{ZaE@vvzg=llqUvV7N!N`qnc63tZKci|HP;y(6dNUw9a~t?LXO z4>S0pb?3+)xy}qZX(v|CJ0U_*C=+l*3+QTi>38pPPUOSCec^WK5ML@DY`)mrYHuBE zmkOy8h**wgP{{91vm`@0lnRUD(80``K3REi$SSA9#;w{(0aME2?X0r5i+SJ!2)bWj zyxeF^br41HvV^xaB{Y^a-w-WoQ$8xE`h-OTnfMy(s=U`7c{!&-0{}-vWeRY?Qb?9X z1O@NxFh?wb!CuE&#kY#~J)g;idr63sw}(`h?>*0N#K30zXwE@Qk_FX>urA)b895iu z_1m}cnr47kQYuK}V!{);>*KW#js{rS(D%B5vW+dq=UiDtQRqxTn_3q}L2Xhd-5yzd zUSfb*>Q)K$U1*Ps>8U*oLyHAQ@)m{+uHbh`+LH!oe6*+y_ze`2&25Eq2Up0Zze+9X zd-^N9jU`hhn5cRoeNMOC>o;q)XK#(5M41$++T^>Q!nq^OBX3b9=(=y#o=k1YoVT6* zUGZiax<`L1wR4an-yH0}J$Wvcf=e5%nOP_Fv3mo;B-8+SDpn;0Z6ow~7Ew9s4sbz!q-Wdv`}reHc1&K<72>)W9>jAb3XJm7;7~3yg*_0_dnHUts#TWY z9`Gb({+oe>`1ncuXM5Kx5R%Xup3JoA-VxAKlG{nCO3=n0n&%+{A?FNkxyn)8ukFDQ zO>(3`0SC0?EwrXLeHj{KiM8Dgk$(exZ*y>)S_iYVPCjo-WlZG@=le4=|W@fe*_+ejGYAdo-wBq2Vw7 zfMM32u9YVZQwa&8)+;HODq1R9&$p<}$tROQU7R?MR2bF^bB$2;zg}Vct<*5#W%bH63MEy~_4)Gx&LD zI94|sZUsoQtW9AK-5H~Vx+b91385-~0 zXG3)|ycv6;+h;OHi~PPre0iKOIGQ?#OS^z2=*36bn~&Rss@?ugx#7Nf4E!GkwM6l8 zI-w~4*mZ~%4ebjwU*OF^?%kzW%ZV9|?E!fOqdkC)JE)Se7t||fnJ&6|anD8^dZk?2 z?z{0Vsp@h#zFt|buP!59(T^1a!jw^G5sqs=U5goxPM@6#o}KgWW1j$z4enY}7!E|Xb$nd+S+ zcO*mUMnEf6^7`YwEy2zLfjA%e??5O9Ccno8#pC*QmBeb`Cs&s@;$y3Blfdz@J#;(x z1NqPt=1H+D(>w!)iG2;;GbK5;b~j)~dX z*?@H18K8U7xg#!ct{Onp^#TY(Fh&^gy9(|;7~~&+px;lxhGpuRawMF+)yR#Azd8LL z0lSx7ZQhBObpA+vDuQBSn1we_rmGk@&AUD4$`792*Rdv2e9m^JNiy~sm$TOoq9aYk z3w;WL_?vfqOFB?aWKdgrp_LPH$IoV@g){4OP(XU#?o0-gsZ5iFAM_rRn_bXblb=s+ ziQG~5)~9T>uy0w*aFSsco0!AQ*mJM1VCTT^D4o4J+J==bsEhSdYq8-!gjLNr=43+ni^V`_* z!t#W}mtOp(JEMrioe3xs@)XEj^W6LCmNi?qjDA>C1(&$mM)lZr2C((bF%84c9F+_i zDIE50w?vd@I}8Tb*H1 zl-6BIMNe?)!=dye=cq(A6IRDmQ{w z<4tSjt@?Yh(YUa3yhu1bc5I0ivld<XE;mDlsaECe%mXxAJjlzRJz+b`+16Y*NrbUxTG<;QF_Nh+cv(|#$=PZCT&VZWqj z0v5QcCl^!U9t@b^5axGWJ9IE!jE+7pLp=dg4_ zG$w*Q+}P?>oL_z*YBgwe7$puzy?xC^3o^HNQ^ODkoiH9nB_AW~3wCpXV{QX+wPEvU zy8}El<%MLK3s@Uwvwv=P-eoBnltqdxvab9>Of#h{y(i^DelvMd3MN*d zB`~S$(|{QKVNy%LGNvNvRtMfh)&YC;kSiryQr&!c58~BG4`Xs-$$tAtn8I3;`3U^JxE3KDD;vc(v`#Z|DV+wc8u9SBYwMT86 zFJSL-@{FKxN@SfN0*-}2{ZiD#_uscSw|0(p#Sf{h9E}QvCX9;LF`p(GsTJ@fDVBh) zkcjc@G;+f6$P>#Og-->Bh@$~Wz}sK~M>opfB+8#{jE5#5BX@?GDWe~Rk%cJ?3}7}( zur;H2!Lv)T>{W4F{KKq@bE8aIKfwR85^J=qoXKy|QHtAaSsc*N$j=eI#NeOw0!9#o zb~p~2#UBeZGvQY8M_BwtU0JbQViD0}N~9t_CGzbqi<Nc+{~j(~IjL`lY;VHohb< zSxF!e*_A4S{ugEvm@M?Cmg!w|3DFR8bO-SQY?NRmYi(u~jHEe9YHdtU)DDJDr>WRe z#;X({9WU^++<>E2>VD#P5Tvh6NO*V#_DH&xPqEGVjqpo5>{J{o(i6vgP>cUQXXb&e6=ny+J^VYRtQ9lVil# zc;en#VjdPS*I562V&%y8(5U)818rcm~98poNR!F-kc#6-cpNtzRQ zOAO_S@(+Awny{(x_O&sW_(IC*c3}oenOEY>VLHi|f4I!4nvM&dY8oG;&P=J(q$5o{ zrra50A93EEkUSOsVL8i6O7>h7+fL|=2AHiW6LIGHv_`$J}vBD70;CcY7-K?x&Tq1Dp$N9!yCFDJ(NQ^HDA=q=5{q#6oNL z{m#3#3DMy_AGo(7$jHudLRrsG2fUvAk7B4nwJn`MisICu65j2(n2?zgOl{Q*7|**| z{D2=dtGKm=S%NZZV_@!pGdd@M5JeIozJDcP^c4Zp7Y4f7$9&aWTet-Ba8hxQ2P z{qR6=lyU}J)VN|t;0cn`tzk{dPmYe3cE8OdY!BVxT(`*-7Q+cRKv-aVIw_`#Pw0={ zQQSnC(H3T}=Um|ml0o<=>fjrIaf8EicpR_#z$32fLi}<`m(nuX8`M%czPZGYfBT!* zD8J=dwvp`NeWz~+XxtohM(#PH4UoixRnv(vQ&9Z98Q`~O>CN-4?VT4dPfp*K5Y$VI zCpbhbQ+NVdOAbg0)t!z*ArwJk;WSdz@hyTnw8Lhpwe+UFS^KwL`|n%zg?z1BD>6%1 zh9ouSD9-f@OdK=5&Ma=Tb!QhiDt6)xfZ&2m6haA$yoVg(^cub}nCtYb|50qW| zIkK&<00@dNQX;1Ke0RH)IqNTJ+M}*SZsN=yyg{3y4fX7fLq6jNCwNXA!fG;gUoS9i zE?&~&;j?RpcC=D_8NDxxEth6Fq2K00O$!$i$PYCKGqe7>C+Zc^TB^fRDK=UwjbX_u zaQ;Ke?TuWUvhyZZHEercAmg(7K#14lq3i`fH`W#RsOxn4?MvT(*R(R*#q-k06YVw@ z#O1lv?e`g68MwQRN!vDL*AQMCcaKQ`L8@5@11dSxe(`Pb;+%$Hw2TO7h>?LXrg-rooiKT1e zr}XVWnLf(^Ltyq>=&J&J!A5}xw~`awMC8^YmYiT%$L$AsS(zPuh)``ZUg|oUVzrk{ z|E3C1WF$=rws+xpm}efdTaJ9#0aebVOgzxg6+y!c7GvmW6*O&}W)K?;4XA3VOmt*1pB51_!3+`F6%o%zAh|+cI!*X?{^{E8gTR0Ne zqJ&8|OJ|spkJDFmNS8*jpoj5&_H=YZa|)6&F%FtkOrbpr(5_1ExH`qORHvaFH|kv@ zP|Ffl+akRg@yLj%B#NqnrM{|KLb4`tD&vHKZ*6_7sPoo*-5U*n*|%2M@{B9DTB`#7 zv$(-uMsDcn;|fCA64Hmxg;CT^_0DbfaLR3u3AtTL(WwgXDC`??%DP4G2IaV#)HdjN z!xF%@E+qG39WNch?CH0uy|^v`Z1w}6gAilpVyx6|_u#D1!La3uL6dlWaPl)0Q4ONXec)=%8QHFaH!w^)1D`{H!-`TkDh1B`Ns5{zHM#FSxI>N_xH_~VWH)~tNOKvnwadSwxlRds@T zWohWbK^0I{ZhWAMX0P5hS7Kcdl@o(yRn|r0Lon>S;SzLqxf*!YmbKop$}kAG8H~?^ zaI_S7Z&u${SIY@Fr#C|afP~!mFdWe?WSzqL4&17$>Q=eGOGupMJP^3IMj-ZP1%X}u z+wYAX+R1=`Dy@%=4<2x9vl+4cNW41S-q{uE9X#U)aMb$s3x zWsxk=YqqTImIVN@BfmFVORaL9`hagv@l90NK(bwJv_5`pjT(q$dTb+t19ND>o0Ye} zH-3Hdk00ME#Pq88kp65W`$ENudB}#SXb6+}51LE`AtVTlSo$7Et%g?;_@w!(!C9W?FJx5FULeea^QefNoA5!+U zXd%CU+D3!+MHda>p)Z|be;nX{1u2+WTbB4xSaduPF$*N60c)lZYQP6K3bcc&C&*f9 zPc7%Z`0y#Ktxu`}Bo8#eUn+kvnrW8o(nbtcd4sL;mzK*Lp9*ReypPOdwvF0u);(p} zZAWkaP{ZxmK6i*A06-Ejm49+`;T^-nqij>pu{ThG&*s4goXoQjzP! zu4Ezd9>D&gGk}*Hd^->TTxvgVGSAXk0D=LkKydFLd+u*zw|7IiMldoz={M_G?YfoES}Fmx183@XA` zn6SaV z)(&=Pd-HTt3WZX<+uq;D1S*2Tb!<#%b54E_0f^Qr8-)zrQIP3CJ2pqNKn3&=G~Cgm<3j_jlW9B%J}XxH94Iy^ZAw%Rub3dfXQyN$i4 zV9+v;OxKr*d^$evFc@WntLd+(gqbNOxRTAHuE0IaJ_MUbi@k5#pON9(-%^+7sumf<0L*xUBNR3l^U}!7k z93~J2veCE`0uF@4JZ-)etc>?(w7<&y)bgZ`4r(yw_VLT37cVyt+R(+dHtkPI%e#s3{k|Va^ zt1l)osM(N~K!BWR%ZrKa7*ckDwrz#jV%GE+s4ZqsP+@_^0_k>Y!5)Nsos<*ihD>H# zYD0$6ENGWLuAg5UM1W-Fm{Xt;6*mS1c0Dmg#8a>cl7=H^2(XZ@a zJ*ummfMdrTeo0_aUK$x^BegmzeDK=llvXMUQO2=Nrk!&6YB;94Qkle~i8WC&8V*na*!$#xt5UiHe@y$+XOWmjujDv}qY$m}A<$ zz+pFG<-I=NwIURvNXwD)XXziM0!d+X-KoNfMFFQ}JnGV$f4oKS`BGX!&Vw2`kxu?M zpD8R%^~m?9x&F&iF-r|?w4xG8)oLhD)?`^S$)OyGCXPQ~k+v-I2=>)ah-3IPtU0g< zaQ0@=EW4pd!+eOE5JC^10qBv`*PF$Vl`Sq6aOsjcQgSK3*xHJn_Y7!fl%S$U8ZA9C zV_qphH#5bJ4QiypCQl{|IVWb9EU6j72;fEd(*AAihfbT6WgPWeg7f^3rBc~=z~FCh z=2V?ylPFP_X3Ms1Teoc9vTfV8ZQI5z+qP}nHm2V0>7JN~{BZuj$;jN#de+9Y<_HjRy~uf!F~#s(wtqZx@cQ>e|no|)p-i#K;$ zAc>ECIqj@u(&ViI{sf18;a0wvJq0hm4c_JA^UJUF@DB9fys}i4jjK@bZsv@RHdeNn zo5irzQeAf1P-{hk`GHM;oty|DGkE{wYM;487ax2^S*)KqWG3~#r(p_gfA7Z7Qq;dv zW{iybDse_N(5pWP&X5i^C7kgh#228nu4v5L7iog~jLA$>M-NrU2jamIV?ODdUOXnR zSy+I`99Kl)?C6M4D#)j4^m-x{iR#VIV?YUsQ@HW0AmN>XP$&qx6tRpD?#w}XQ&lOZ zrR7j9`M0VgyYt#s=Szvb&-k@|Odg5XkS<2nZ)=K6s1s4OOxf&-3EgWM$s3UAF-BKx z7j%1S`_{%_M&fAU&lU+3S3ahjV&fN1>lmZxvVqQoGTUuJ64=+6tUJV>>`tOph6jy3 zR;=>$cB`8ZKw=&WR$YN>{(9YZKV@nueeK2I;XXBm`(>-L_##Krl}m2eU)KmCV)U=3 z>cv2$F<|#zrG=5FxdV5jS6ini_oh`Al`7$1A-aRqPsCRbgm1+NV|6X=F-h?e#UZBU zG%PB&(p~ef$C~bEHgi_>^CS^Hae$ zh0)1DIJktw*k&Y{jr*0#7V8S`@|Oh`pl!XV+f!D&JB3PVaQB*K9bDJ7guYHc6tqq_ z2=!ldk*ZdF!W^z&^5_-!{}^chA#InoW0S_0^L|BcC)eBCbBB6{7(CKw453PiNwyWB z`EdF?wMU1W{+DF3_Zb@6Lqwi&oFtRx*-08bae_{9gM`=)7}hRfjtdzuao34SjYP69 zLD&Ye+4(fVlM#<&`3KFK1pc-2A?TH&hk024WARu_0P*F=po#LEFCtAW$XSEYbc4ZpVCF2VlYwZIoX00YmescAt z)UraUV5QNAjHUnxhRv@@t(H)T_31asFc}{xJfp|VV znW#P7akGun-tL|o^n)7)$+EmYSH3Ej!X?#aR0JjPCOvJo7g1aZFe)4-xO6Lh;+zHHSz3?|zzO{J?yk^H2Rs*)SnK7O6cs zc(`7K1vC3Ov6GIML(LH;`P~ph^H#fH_5Qibt)U$k-Eiynbi~XqfYxHY%{CO)C4Kb# z>ey^kiR5~GP5s({SP(9oyq!PX;NE>knxKsFyPd9FF@A7hF785O@xbFk0l<0?1f9pO z(!+)$6O`QRx1?G9gMqE79h;w4G03SC`oQB_gvQ-v(sUfV?$$4iN~Zz>krTVD=mPSQ z2KvL_w4-o>-jup@MlA1cO;fP^nb4aA_@DKWiuh9ngF;c;jC0ZX!kk4SzOE>P4-GMV46|P3L#-nUTbJ{b*=rnB*C<{f?{F z8y2NirnUgc0LRiR#%XZVxD^-RRh`-+IOgdhh-I^^aN}<-!kPQM_r;afxgyp%8YNYl zYGI#-zkL3k02KC3E*I@Pt)1K(J)C40p-PR<2K%eGw3RHsD;En2l-Pg}^zwos*>pR& zcpPz~T9+=AC|J|5v3E^-PIN~MlBuIK%> zNyj~WLd2!P%J#oq;H2tp=i{0GzehyLY!HwUnvK*TAC>kG1ca+z?YBHC)O)C0D747|)-J9hGT6xW# zg)P0iJ{?uq(Q*2#mD3k~&pYaAuJX4fVh~0&4pKox890OOF!vJ!B>ow|{3Haw0bgTP zZH^v9f2b!a-iQ#^Cm_>ajdC#3v1;WDV1e>1&ocGas!C_B`Ib&FEKnGB4o-kD2}TnK zOW%EbOG^b9F7UgnURG6|jaHV|!^YAi9RkIN^Z(Ohpx6UAl;~+Y@FwHwLPZX-6`z~@ z4{dP#4F7(tFA;?J`a>>zgH+`r{$ZXzFcwRi}%E zVk*{o0ak$)GJ#`}NmEEpE{Ge_-AjVc@c#VHi8_E$E7#$P0QMGWB`e7lz z(NBPQ@k!&^Q&nU-rtKAjZ3?Icgqf?MY!GQuknF_`dh}|Seg{b82i%)y7BE))p7--r zMKGdk+Mp{ZmE=FLYfbp8%Z;tgkTgEhom7rZ(s=y(E*=?d+gC<-DT>GNu|Aon0^ATb z2GjTkdnUvEQv{tPP3d3->X#IbY~q7s(vv85;p{~M?BG3OKDfYvC)S!URx?-n6YSTJ zAH6h74=f=@F<}`rG~y85l2{`wEHWn;VqnAslzL$bS0f4ge3&)6dMFEaUkGfWQf`s* zkU*&Jb@&uPS%M=H_5)M+!t2Y9{bh1&rdf59#LKuWl4l_fi;`=gOPeO zpC6Me_?M1{_jXv`u~k|bKa;6#BWPa?@|+m8q9c=6e&E}qYox$^tvT{3<`F) zjb!LQWkbgA5c6n#nr^=3JdkHl{2QgVwlAw zd+!o29EuFDtqgHbiX^V>^((EXsY*;5QQfKfwg!#DjvNW)G=rZpC~`(oh$Tc)Vq!`4 zAFk#qQazr%fAbCs20SL;y%l;g$#ReX`OBTa$|nXd8mj2_E*}%kqPVL%up6r|93p1^ z&|lbrg@R|Cfq>`j{%}%A(_k8&Sg1akbz(xHOZ>wS;%ghQKZkN~T$m>R0IZuXt&*hn zF`g!F^=9OxNYimx2<~|ZDR>ZX9_p1;&&MmVfr~HlJe;d& z=hg1wTX3+@R3q>9d(_=0-lbCY^J-uIWoj5cCOmxYzJo=^NuEMIsFcY~k!Vf~*>%Z%!}Irih9+?SH?0#N75@KVnrjjp6NdcXOHJ%x zuz@K^E^`vNnojRR(=Dk9;#oYdv#NG)K*K8vs31mfKhQd ze)Yl_MrwaH_-dxNult?GDmgTRIQ$lErv(KA)?rju55~Fe>3Zmyrob}poO=qf{Onb8 z3=^^!9cSZ!a-^bnuK;5ue&^MWQ7pCyHY=_A6e?6q3<9MiBENKzRpGKYfN{1SUF`|n zLq)ZPQw;XvoldS1GOV%I+sPAuqAivTwrFh)`I!mvr1Y?09j21M+yyw-cePuyPXA>A z6fO_UM7(XiM-Rd1hzvO*j0+3az&)DwIfRes@5v)fN|3$DTnM?>De3(aFhHSR7eZ4t zCND^7OFc~36sX6&%Y%0!BuAw&8A*u_eh=oSKinm5!bk!xzFN2Thso4Tjx1-H?MMgG zo2#EuyA3cdeuFuIM6tjR&MG3`z_eKnZTioU4k#pO;-!H%GlH*j@&3Tz5Ok7hG*^y* zIValz)6jQJt+j~vv~F)wk$kc0Bp%lAS~~x6xD;+Oh2uUhH$QWG#sN@2GCznR8)zf zs6`l1brF+H<%aI!Ku_;~eGrcFsS%RwkYl;D!g~QZ%#L6;D690gI2_b=3U^%eLaz(< z>uKh%td{g0%R!*%%B=@fkpLo+(B>PPm;TMc;{lWVfQx6%9NA1I+A6}44%Jj<)q}sp z=0zIe(qxzgE_3=7ZAJO0pJ-+#y*@hjNHf4j8IGly#2U=$e`iu7mV^8zs0@2jLQG6x z$So7h`^!mjC{7KS`;K!}su$6pjGOeQR_@ev)>9NO7#F0Hr(@w1eeUcqYr^nEswCnp zYtb#~=->2~&i04l6m1Vdyjby&$o)_$6J!dCtZdZS@*o#mzpwJmm zOM${>cXU1Ufhz2lZES3cdjU&H_gg8tzv1A< z;;5rE8H;$YV_eLK#J9)2`99?!ddGzIhyxB{%$E%hX}pfKAck$}od&^{qY&a-=RG~_ zPF(h}=JHZZ{Ukt*L2-%nfI*3B7|yRappU0sb1d1LDRaL-jlnDh!gCGCAzn6y0w$pw zRSkuxiwt@xAI*!F6q(SN^`YajTIiS$Tg!ijd8B(f-iZj^X6VE?qMartSv2TzeWaT5 z?;;6VgXRogQiXvF6;VJx5jh}ER2Q@uS;}C;@=PZE3v2Gp4TQojeZ=~subjk+18{fB zooBotB=dX#f&XQxv}GPGkf~Yhshw=}JC7gWsxxPPtp2m{JkL3{NaV3&H#(3cBn2&l zQ#DmJ-PSZID`pU}k~&R<|D*M2s}Bs&oEPH|>BcHZh&ie7sDFxYuWUYX$4Zg#*)}y)lo+;9j$82CZaC zK~Mw}s4=Bk6`SxuffJd=&@US;(ch+1V+7dWZvfQDk~i+bTcm=eG$ml>T()GEbXdc3 z2}zu&ynK<&;+IvYViR7^0c$`mHa6bM$`@(cHGt>H`0glB2fyM!E* zkQmbUdS3Ylaz6Tr%0?k4cSIm=FCMJ8%8{+}SZKcq-=N+WrnjfWCjZs>J23Gkb4{~g z{b6Wy(-ZA&29E(^o&XvhR3FWN9QrjU8dF%~T<0fw0GP2_w}>teE!HeCr3@?)#OCH= zxvQGqwfr|{`qcX4#>m6nT_2}QfX5}1Wz)+w$`n7H3!1oVV}HJ`qwKKv?|YIA%wKRt zyZq+2f(60`VCNNoMKAwQyb5~Md7ij6I%9=BioIGs4>5BCw4uAvv%bWekLzC8z+b6v zSp3Zuft@Jfcfgt1e_JiAHwTNjRYih5LK9Olm9s5(D*$O+(nuybSsnCZ0PCC(DX>$o z@EBq7IBR4p3l;=6fwaLKkc&UQ;`zE;qs(U{{rzY$+f|m%hQ67Hv4z#qOaQ}P55b!6 zExVm+YZshI0S5vSjZP9CqzMLU(62?f+D`Xnqe<1c{4%~VLJ;&zYX1tGcg|yksQTsU z==(nyrf1K{TlP~hH)cd!q7Oa9|4iR4>yNd1OR<3q%Ipkv=*J;kfF{Xl*r=0`tKi1>UHs#pgc?htZDMM zkl+JTK1AsyR{(`9^ZK+oe%_l^cC~ag_|^kY6fd}1#irsDfY4V3xYC8GZh80+JvUxs zWr}v=V2AjV^JKXJ-LRwE66KQrgR%u4dbK3xQLLEP%D`9;N6J8di+XMa2m9*H!^e08 z4*b4gJ{_&HHldR^?23`9aTb-UX)k`_PORDNH<})5jxhpM_>@<>Qv^3@0xH?8KQsXF za2~)enePuj01!UTdHRnuf6mMArHVgYZ9Ae&kXydl#rLey#xVoJ7BAV(FrjTyTo4`EZ!s1xL@8k+oN68|Ca7DZu=pD znOI3umLP3I_{&)(77Z?+PVnZMIm3WY!fmO(GjjR`{SJ3wTS|la4hQm?cT& zk$ll7Rwg<+jOVQOTb7QPw)x}y;2WEKA19_Kie=Pkk}nfpyD4u!c79~=Zz~^n668N0 zPnYiMXl#_e_YoVx`7D3{l7~12DJ=cjw{#*!_KLGywi4)wZjVjNA9Je=3YF>z zOi>zO0>N$(Ya5%bqWlh@`wOZ*-%pQ_s+#Z?wKW{dl6z>M#*Hn$Z0{j?Dac!U5PlP& z-u6DyRA$}web2gg5LTg=IpSjBmw+HwSiOz<$O5bBxvYawbNLE{=ycw8#3^r zn___gCgcqB1%Y6jZ+F9x>|%vf?8(t`vFDt9gI&)guEWnPUZx;i7SqgD)NHP2f-c6r z_S}^imOnXCJ26V(YS(d;ox=bnVWHD8d{_?_!2Oc z&ypSo67vCOK`vO2B*y>)n^`(2)Yv5(ndg+6sxDL*(pL@eR- zqVCD1P_j5USD|JGBQz{nnw-k0i^wZBZk)M+3z_$YRT_|5OGd6H!rd6P!{$)|DetZ< zIVB+AH$FNvL$7k{#kBe7dF=(0uhrbgX1{Psm9L(^@(&1g`&94uk}r64f>phrxZhhS znhh+%G@>sSf8lKAwFAc2e(xK%xuXQ-Pl7#%bTNNqpMJ!FQbs*G;K4%0ZihQqMk_Qv z99x?&$A=*q>4L?^=6Td5R0e{28UuzTYNYO`&qK)>S#3`;=u^pZ?;YPz9jY?UK*zDP zsEleH`@K*Cs!ze{n0~M`iSuPY_y*Vj7V%qkadKq#c=y^3XsI5t*Th@zDymElg8eh*QM|L;36?XGou6Pzv4fLt3UVNfhet_dII3OC0j-R_l`DO^ zwp~jiG-VrLM$TX*Bho-QULp>D>qaTZjCTHn z1d0yw>O>&yLYD2R_2)82$RrTctUeAru3v^sJuIrL(mo!P+$*efRN|jP!!KqpYcaE} zQo;Tc?A~d!iVzQj$J1z%)FsI5uD~OnXztMQ#OO2R*>WKzhcp99Um`etFvhT|vFmsk z<+Th`ysl+I28WBfGiov{w`+Lo)A)>d6FeSlCE0vvJxqO*eWL3=x9*o;B8u2iJW5bZ zfoNJ#T3(G!$eI+Zh=lHX>mbn#r~6dwQ(>B}Y;?DQe~xUYAod>hGOsNd587!&d~75? zAoDxW?(Zb5Tn{pQPxcNplAPY*av6|3 z4BDz-xEy$AD?rhTIro9&!MwHnIK%p^kYFf7&jY&F!=Mi6sSLx`Lm+J2?kPuN9z1>q zGXtV?+54-WYUgsx`U6G&F|=2Cily6%j%VQAPy-dkDeiQa!|JTK~KnWWl;uoPG z^_6-0s}FWS??fm6GlV{NB7;$&45UGmw#$$g4(mYL(D}Y&0%Xa_#TJj?aHe&`YFqq-<&|DFf+1$7dHe@f^Ws_ z{9ZB|y@6WV12r85Cu^}eR;J(r*C8}tQ;{`|bRp021Sl0{yPQIu)=J_Qa7xy;{ z%Q6B(*Z*NyBJ=mK^|Y}IPbi}eInaq6%=Z78W~@o91zq>&9bErgUF`Ap3;hSf zQw+A^1^FE>l6d3=2M1Z|%ilq0eodhHOHdZyjid z*zc6VN%Rzd5S%(80TG^kixUQtFC^IE%ylWM-vBB)=YMKQx9pEKWc~4x2)Km)Gk^az z1%Xi`MK*#z2XEv%V}|d{MY@>IinMj0G$}Gccu$+Tj1fevZa2=ls5{@YBH#ba;pVIu zfXbKp6LfDkYDAA~-pPmIuiSlT3Tmn(N*C@o-nv+H@IyEY708D!(BuVg4!98E;AyMN zvGkWLVSp2N>dGeN=c)*RcPQpRC=J0L-Nm^Z#n58n3e^}6&N63BD(8!`f({N2TQ!cq ztFZbN&2*xd8hfp>YW~8Pyl7Qr^|h zs2fXqvz|dE?>g!Yg6{mP1~QZL<&-I$y=BhDccsYn>#pIn^Ma7gOo#nUt?aJ@-FM&m zt-0fNpyZ?WjMu6iKJ!}FcHs}oJR;OGG!?5!$T3(pXiFoKZuw-gA;H40kP0dyCvbWc zHzYV91EhTL)zY(tCIVRv1UD3y%K6gic`Vg}m8zFlGYV2EJ?jVDT}YI6jh{_f`@-rl zmB@GgAITfr`#T(fHPcpKZ4EB&nsro3NKU0b!-be?HQ5ljsJ4;jNSZ*Uz9o|vlzKWy z3_R>;F~xZ{3|D8P*7mDX1RdkE2S%%@r0{pqsBEar$W@!0xCkLa^Ev2ply`3|*4Z4d z@p4Jr=sr|7OCrD7F=U)lzPFq%BEiKfuQ+OvFKG0*{t3z7Jg!9m@8?$Y0yh#UHGuHs z!u_*^Tx!uJQZ@jT#cEL-j0$Q-sFldn3DBq;&;kC34aZQMV!%RngiW&e&>WlYSNDe_ z1(5ft4JI)rUT)5q_r>k)wJonE--`E;NJUT*III)i6ikCnCIzI2-_=8o+Th`6&kFPF zCacouME|_-^wlxpz(erC(OX982ObyX`c$xb(6F~)=U$bS@cy)uBF3_WF{VGVN9VK5 zB*?!`Lk*>Zmr##bgQJn3j}`XUyJ8|)c9~+zSsTTa*Fso2|E6tIigk{5Fa|H2yd27e z)%wZoIwN@f&3!mHV`>g}Ik6zIM#I$<%B%KgCS{K1p6GD>eFmI|TM*I_cX(2unP|Yd z<~{%)!D_aV9!5Ehh^{ z0;lyOp3I!;6|-jaej=w+nkFO+N?S&M_quMJirNMj(Ig6?fcCinA|T%ixP{j1RIkP8`{-mrBe^8_A)m~UtakMN=m3r8}p%I39cc*%fLT=W#t zTu^kKnHD6t{6~R{EV51JGyIGJgW!6`bfF9@1A`Vrq#@8nG7ml){Ru7!?C7~sR}fv8 z;lEzp@d^G?jr7h-V8)=Bt?(nK!{?iq4c`GfR9M4n{USj?zf5 z)IPRWNgeM#%9}!j&hqiXVp?G})1La$x3i|m4Yh5#qw}ZI6@Nf%;ef-4@8G|Dup*$s zsL;$MH?($Q0s$sb9)mQ+JRoVkANZuo(&G9C$!ET^)hm`FDrj{gUjiCFFu1LIu7J5| z*!lBp46}fG-kv6Q?_UibZCkN`Ev z8RsxoMY8=#wXK4Zqv`BkX|3|^S)ssKxae^P16_MU{DLl2BHr9vMWFJ}ctgsknDY(ouEdmeK7$R%XdyNED3n}S= zhpIIMt7(IoX%j&RuEDAN6B;Y+g}hRC{@furo$-!?sk9c!wJ#X*Im4;>g0uTjcLL>C4qwd3pXjMsm2f_>=OybdLEcJg^GU_@SFaapf*=An-}Eg6N;bveeW<|d#_l& zuL3u9pIX1QJDBkhNPQ7|r`A-9dH`Z~u61AjKU@GoT7-GiQ=lOzp|%5+Bb6{2yqwd) zyn(mRp^PQ`MFk9qQh`DeFq_QuvAe?$n z;?sxFI3&fq*;(g`E`bw!v(?<%LKd1RvESB$tQ6FV7}7R;@etbZ7?qx1$BdjS!W3Hv zBm4GW87W5pz!9)P0f3HqdR`*U{!k9OZYx3NxkmL$V zCUm>c?AOeYote|c4?|iGl!52awrZ>ME+CR33JlJ!f!QVJHIOSfCjJ9v5#1^Ziw3jX z2FcA?d(tugbxD!Oc=1G1arramguRE#K!sa=tYr6nrfI_M50}@JYSL+c?bE6J9|z?; zNl7MJmFvCxIHY%j!hK? zT9MRJSuy3&4PrCCqX_cFrvqkc==ZsQf)~co^w8xDB?B9H-5c`PoIt`|>9uq<+OZt> zbgSFX27~YfeQ56(`Vj&`thv;bJC}bcYu|TCK|g{3mrHDt+cpvOyeGow<0&kSf`UhA za4$94_{-Y(xj36zM???_l1*VfLYP)tH(X0&I79yOEo{@sX76OK$I%YBKs-;$b-aNd zd_hX~61Ys;c6vl7^?ISjCyS_Qo_j6pL(C(M#C28NbVO5T4(X}(S@u;&W^#q)u3afm zWn+yAz>3r>##@yGzCC$8m~9vzbMhjgeutLI}<;>b%u<`OwQyQ zKCQUSsRG!|e8-C5baNAfb&p0`qx=++x^OmR`Xt&=wKuPWKDPVyt~T#t(`O0m;nX%j4$Ft_!(OUicy|9n|slBMxsq9OS3ykXbd6HWG`;hdn;dOV*|=) z%R!{5SoKHP{R8yV+5o&CKu@^Wa}Ivk$_GEi?|uO6hyvA=3u@)MdIenp#QRsbNSB$D zuet}I=>^BV`xf)o&*+}L^1P%~?r{0s_^yo^EB$-K8`h!3o$1l-RtKhM4FhPGiM(PJ z(rn#5cablfa5m~D+nr@*9WPbi1}#q-#asC#?Z7?mk_D&=Ks}#f9jC1l8M^L9h{1&@ zsTUsqjv10Ly2Ch_E`bAiygM5UnxmOb|Mj256OUC~}ZiX(*Mz}>m zP1fnB#Xod=$AEdl+cS(q$VMh@I}=+v*H3+` zi8FWDJq5PNMr?^AQoO=vYiYu_vsw66(&_UUx|z!5b{D|{?Gl3kKFg{jsznUDy0NC@ z?K5>IH&vpvLyu*}?sSz?-3U)nJTLE1f3s>A@9d9pSr z!UVh9mXw4wN@Z>3lA`F4Pa1rYOw8>vle5*R8#}8f_+q$;SZid&aB?T>8ip04{aE8HiF>on?1WUE=n1eQTxs6&xi7$hLsOr^!E^SR|=)?D)mw7NVAhL!G#18tEGl zqAt|Q4$N7-6Qg(L*}UV=`2E4KPS42qv25aF6-znCxuO@(P31|Qsm3}I>dEewK?^Jl z-Q3>GWM$jIzMDDeroeb?irECr()(t*3UxV?gJik)Z#5Et#4JVu(Yo4JGcJ+2-=-sy zUPoQ7Rxkd}(PQdC{WApUV`Yki==>1>J3!nIfwNCI_ zkbbh<{`pa9?lI12(#TU}_4*^Hv5l9n=Fc)dHDxjfE4I;hRXFPNY8t zeX~zwA+rv7J*`+@bFfcy&XhLlv;0krD{$F>V$AuMWICq`Wsw0fL@UwC!V>*-gMP}l zl%Xtaxs})Z4Q_~I-4{fT{o0*oA|5*R8yNCy2hlG5KV;G~kry1l^0 z^>x#^+mFchMPO*~!l9r%E}@VoSBio}6vQYq#F9m_+lhSE-x!6qfdU8{SjFM*njK-U zl3yCj`~C(&w?!K6wBE_VB8H#@it3RtqD>q$PD&?-d7;mwhkt?7t%8QxRF4n_GzL~A zvac1+^a#HOv-qKu=hukhKLd54&$f@==%Ami#Lg`WE+cv*yN0(~Cq5E8$nM-r(`;19 zv1#=qI#aVKN{#r~IQpw3(=H|}<<8Ex>UR7)yx2jZMF$b-d?iF5dtNnET&j-h4V__R z70c|pUZ1~+DOW1yzkq2MSa^js&d>6}3105Y;vs=`5)46jSUT47QOKsuo;Q}Pf4Yt~ zg+EjdoYX1b8OyP+EZ*M(v@?6b!GcCm-1Z!Cyi34yeS;o1AhB!=y`G)(^sQ8a!g`7@ zW4Wc)I3SFUuiLgIKtwr+PA2&gaPNs0pa+w0H~PwA8=VZb{@}j-IG7dh42}`6C~-o81Q?`=ZyHD@O+A zn2_UDiwfp!Kv&-@dKG(;9s4BFqC;tKIL=OiWeQMi6nTOxf!-DdI9D?px&n6!CP@?o z7kJ+b-qel)Lg6275e*#Cjm@-DV{Cpj7`A_?0K0qPMkT^f7euh=aFF3KSeQX{0@9xXWb#Dbyy^gDqea z#E*hIYPb3{ifcNs|1X}4DsoNUF@^9P(Ig|f>|tLpFfYWG_e;-jRW%RtOK6I1MuWZH zpL}S=kZ?ha^B#VM?%-F<^N6s*ScMRp)&mQN*l4c1ewgWgt>Ib!x$6SvpBd4jXvXM1rY2I!o(OJNxcyC$IA^RGQxbiVXK7R>P|$S48l3ovvmf z5tIZyma-@xz0S|3>+~V=!^(!!hMw#My7q@E_lg$B9jw%?LtS0ui9izGL-Osz&Poh# z2npN+TR-c9>a7hRaLA}Qo{jFWP^&{zWwWW_yV?=oaAkN&xv)U(*waSn1KrF&`9Qgi z2Cghb1Z1KKt>j;=W$i{gOe~?hs)ZhfwR0l!m5u)r5(Z`9Davap4!Mc{AuJGt&1uYP zjTr3KRmUFen}taX&g+2eH!9s3)xE42eKN9z@16=mKS#DZkXcy;lNz{$b&H0syNa)Z zzlpx>04N9-X~z6$A$!G0+%2F4C!Q9Qeo*)UV>&67>fo2Pyr*n+*rh*(a51TdQ41M(#|>%-BRdF2*Ex~2tP@q+a0V3c^n~z@v^vgbW%<34B%D{Pohd^S&Ucu-I2=J7cR}kYUV3cc}kpqS#XgdPJIyBfB5Wo=tQ$q1$ z!gJ257)J&>n8y&z3ipE59h)96=ha~v0VXf?94koytiSIlxBo_OBt=!`Vd`?v7hj#F zyXnrVmT}P!SR^)`x2iFfDpZIW>r0SgIQ;}VYS=)CzSoNv@Tqh+iAX0X`xxm}>XPEA z#cZ%R3@qYJx{^-$FRc{jjTNRy8{}jWLY~NqV*;$Pzs^XQ{oPf#`I@(nAj6baqKkDW z{)ru_%zA);=ZB$=l8R2e0D-(oaP+`xNzPRSk#=_yeIOk`E(|t0Hy_k4fN=e)11@L-XXn7hb(5WH!uL6ooR?o-jJ?0U->UVuwg3+sZ zu^NqxeMDd}%z#vt*P}gzgqtrSIs6R#8pKc->vgD&A9!A7=iROl<$|Y1(4!BP*&4NT zP>(PEPQlcmLPGbeMKc+PLv7NC2Fi>H&B}oAy)#iY2KIDU6QN)-4=;te%x{!TXxIc+ zyqqq*J71I|UKg+A9E0sWDN8oW&aJ9Sr*ZI178AE_AN@O-5$ke{mj9j-0m2-(74gDMpWKQR zrc6du^y2jXdos?~dw!HP8C_${7S%1wHnEis7qcHa`Wz(>2dRJ3JpJ2yq<6FzH#a=K zZEyFwS6$Y1KufmTKPTC#Tl5P*zxfIuMt;~wG(pwi z_-6b3LB+?!#5Y41$g`mu5sEV9A+OsB{={r^)mK9^i6iuDi1_%MU)^EAYfIJ0%$U+S z%1$T_qq49i;cT-MLIJ(S#cNWg%2Wg>(o)`l49K=r0IpHlV4iG4;s`?&?-oVtdHU*t zM|Q&sOp_f8wpfI0r>D)aB*+grD8H8bm9I&>nptm_Hscyksgy6iKK(}p@oR$E?nbo5 zF7pYUSw>3NY8;PV{>`Jfx2&u{qIJ)dJFZ~Yt+fGiW?Rbi4pw-A7K7<+Szly)=j?3r zmrv@*9@A{sZSjpOn4;0I*gC4Fib7M%#(f(8OBq2Q)_GgBb@jqmlG96wtP;o#D`P?} zYIpT1G`i)Ypp|5AqZ6ewF57kf`_FrWR2|x(_8k%P0|;D<{vYJFcwgGwL#GEjOR=o$PHs6qCL?1~QR1sl9ksaI7FU^Ooon3O zg0P700Id+1Gm~I|jWG8Au-mSkJ;ZRaaI!w@UTqCL%m7`ZC8(}oD{h2kl)^Squ$9sI z7BAdv+|HuFm2=to#zn2ZhP9jPJzRxx-G?>FXCxf|c4|XVf@P?*sHE8Kc@Tu_*{w`? zUNYtk32D`C<;wL?P`aG|eWq;l6m)Lcs}0j{daAT9i|PZaKlTqg&_*`1ZuUn+yI2<6 z1G;@=H*t@71D35+eVLN0FDU4<{h|y^ex$ozaeln{N~$fU<|iumFN2MU>8#{+==PFv zj~|fhZ|DDHXu0GO+Hx25asKi87H4t~=maA@D1W~cli{=3qAQCg2 zc40o{L0}}n4**T2&m*=+yZMLEzg6B@*)1x=2;69;*fH9(T>+dyoIeGe=C!=*_Rk8xkIVI z8bQ}(401KyLt(U~aG7uywXo!QGe^~@bkJCZHmSLCLU<6~W<2+Srk=adjgdSIfEzBR ztd8aHHXU*r-36!FvfuQ#-D`r=uw8a1kd9%?xG-57$OLAlD=wU;Y#iou%>kwK!xuWf zz-9LhSd*+?r#J6MSpw8Q|NbfVzP~_<2mujiyLoSd|1QfE-6sY+1L%enj;jsZg zESLqrQmo6>(+>UuWa^MTy6N0zNGWwN#N-hB{z*T zWgF<)cLdQ~i()Jf&W^p{-vXEE7bP6!Oy>H!L)Y7<+QJydXXfnHBQPo#liFL3v zdSmIQ(=kAnG{;iF^bk(SBXg&%u^dnX{TQO1X=tp-(8;=pc7vn_0L_Y|onHpexbw6e z1vDW#^NbFKO%?pQs9cJ`yOq2?Q9Q(wW8!&P)EBy3kqqkM&BF=vOF{>>EL@VVB6x$o zGyf%ib8{lfxjUuIN>E?Iqf42Txdk$AGTHRFhC*iq1&WM;=N#gJS%%|}qSqpP83 z!{#6zzGWR(e&MC!dhg+bKIdIYBr$>uUUzER2v5XJ5azih%%>eqCf$Quv9uW z5Z=w4$GJY~l#k;-M>(UDYzAht~Bk0IjUJ=l6 zv@O_IW|^PEizMRXI}v6^(lP_FZZZ2u->fhD?FwZoIw&5O+9B!3D38a3531ZjS%QYt zQx%T9?`qn-jL>)+_QbnUyzr+c2hPw?GJls_DWr6Y)EB|D!6oiR3o_!wW@(&ig))lE z>f*|#yrOW$gnN!KTs|ht z$n6M?AjlM5-LApBfb@)Lg4?>2X4mEf)Yc8iyBBE6C(T{Rh>nKjtCJ-YWLCj3UA$_;dCzaw&9x~^RkF#$_e6=m>LFs&>0Wl}^)uoZxDL1YKLDjb zTE7kVKhGZ}uUXx|;4>V`k6f48UZdmp`v7AVw#X#gOOr*~=g7T&vt}B##2nBv{m;m$ z4YQ$FjclbHDF{{}nLp^R15TyY2L;l&a!@~A3K7Vq{hnOPx;{p@;LV>V1N}o6pkL$^ zENyZmJlc7H#E`z)Qj7eYNe(!l=eHd%9Np+(IuXYqGidgMXXkfZbl#xKBADuy^dN&l zSv8nbmICWoyS7Cx3h1~ou+dKed#+$$U<>({pqORQx7`~Mj9*-gw4vbl6@2nV(~j&` z?RoTqD~k~2XtKq=a_o09yJZwlrSHCTq$eb6$&w{dnsQKdL=fC*F|aYoJGmO$fv|qD zxQmy_#<3qIY^o&QIX4u#5~C_mgg_mlWrwgXcFABI5QtX=WG)`65_0;q9|d-UOfahD_aXBcaa^q1>bQF}hT z$aSu;uilaQ`3H*1xU|$NidE5sMRIDD@t!7nu$_GHJo(@kt4whmmxA$m5RUN0wgDblSagB!C8=@l)`zYL|RXXe7*2;6+!d zBoYxCSliGQHBRCVY~3Q`PQ)j3oN6{|Eg1beRpz!eTU7zL zTKD{_NDfq2zrlcVf-6R~Vp7ybQE09HX7%ygkNR7^g5TdfVF77@ zvD0Uvo38NXI>Bpqsi9aR>FJu66)=kHqAX80`SK;&i=+#bW4B@1Y(NKNIR|oo7hUP# zwZD1uMrf2rrsOgx=Bxv=c@|ehv|Tp|BH0nMT90Kvo+7mtC2|7_E?iZR48e~%2~UlA zAqotPauDGmDb7D+XB;gr!W4AU%*d6&zHnCSvtcluVoA@7m2p>=5RzfKyry7G+Hmr$<{9hNcI{PD|KbV6X!?6S=Ud)Iz@l zGos;ay?#x2Y-}+)aj{%HdelIRa_9nc@D6E}d7~jcAUXGj8iswxOd zII_DgipO@pN>RC4?#6bNyBP6Qyc9q#UX~hRvz&~?Ws2;4h`_0`DXNA-L&iB1S@)z^ zn+Y}HgmZMqqilWRSJR$WnL zR2vX40nuuZxcBbma2&}=*6lOqTF?R0ft@%6f?&yC9Z{dloS zS_C$E0iv-4_Y~tZI#o)YEJk>AI7n7f5yKEr z;ElS)dqO}rPf~Ww(cmo1>Z!RfF$8RScUX}AL`nPdB#}?udQCW1(fB1SVjVB!F#&Z* z9C^m^DDz`#M^v|Gj33?_B36+KTX#c>2t%WTA$1%$waE|-G}B2r9-%aldo^ObqsALP zO|V*(17_!VUN=UCT+hUp`3l*VekbJM<650qq{;}}layB+mvR&K->pZFs^Vuhq!CZ* zPqb3u$v%DE+pM9I>$wx!aH5tsq6h*G#P9eXleVK56crAtplTNTfxeLd0F!-<;mDmggOc%&AYRuI% z$y453lJ%mxV8<0A)qznkPS)Y+b?n=8@@3`v63M0IDk&q+9oVcm1{F!o3KU6fQXdJ6 z7q+ABxZ^~weJVguPV}1+1C9(T7sa*%m>f`)+)EuSQE_R$1CA0KI3BV~jxFmMKqwNU zA??;vX15qZ5%DP#6d@L68;{`Cr|7E3c+)JV3aiNSMy?~{ZF{~nM=Ccc3_hq|!o+?5 zeS32Y%_e?GB^+v0C=PT~95%8_qfh|hpn!f2VyRsCfQts@p^+1gN1j;TD10g~M9e_} zka}Lb)5hZjO|B*5-CMfX9GcY}S>SY=YT6nmBR*llqEW>JD&hk!?8dLl@*6P<_=$ET zD!hxR6dSFThI&23FP|jjPbHo8$!xrN)*YjF?oSzMVq=*Xl&s$#4AvP1t>v`F z$boI~bggy{tC|l*Qt>5YOwxv=t`6!(Tv2rgljx^;VK`wFuVL%Bmw^C#g#V8QDEASU ziY2Ux(GI8V;cP}(jb|kAz1v_L<6zW)U+efs24-b;K6!<;3lYE3HeZYQ4mp zn|y2)Cfd-GTz#9%$g6&-7(0oVQrFpM8fzYIv>8lLt+Kf0+rpdeoZ_VIUEcr{o^c;c zHNko-spJ(UQ>crHGt;G)sVILb6s}`4%%UUXR8yfSt`9_O;F?V69nDRYa%H z)Rg2gFeA!S%=(zSClM_s`-2zAsLzs8P-4fn408Z0_=dXH0uEgjZ(FVMH{69*Yvr2@ z>#UT#o#N=$i4$~!08eE)kH8(cn7I_y(Eb(aXbe>rP$*uMbjhzSBVKo|T`jEj^i!)u z0Z3wE8ul<#=82|fvSg~SghZ*BgKp+WDHFO(ktk_Hm+k#kl-BMUagoyfHmKXsbWES5 zyWtfHVLD>Df`U142Ipu~2Me_B|3TD=269YSFK;OTeEzcx7o8{3WK;4L>CyBUUEgP9VJJu?V{eAVYm`$Kk(!>nwE z@j!YuMQN5;{rQ(S3rYKnf0Wpc5)We`={oRo5_8SekwhugHD{Fqxru&(1PO28G~2{8 zXkKNEr)gFWd|f*gu6IGF>QmR;D8D130-++_!zs|lL};CN^-R~H85D3yeyJEK-CDwY zRcm_($FL07ts**Iwqx+3*qQx4V#fMi_pw>}%f2-2ps7m}mvTn_v$oL<&|mit}4&cIS+bjL;dp`;pQxlQXIN3Twg zU!DFVPAp;DATL?)^yp~6omHB*uozs^^PYS}fsCDxmHN)>ow6BKF6KXKv~DyU2aIsi z#gm;ark`b0jP(Ph8FNtT9J$Wt`h(5Gz1^J?pme~3;ltKrO|8++0OWxlyt6VGXB>>E zsj>_t*<%e!)c7gdwv9&}XFaPp8BIIaZYWmb_(efHzmqY>R!ZcnTojuuL!s;;6F-mc zK?eDY2o-Uk>*NJ$QX?q2y%kUCE^7Twv7wxSc%yG|ySd?h_9+YUQzKwq*6`M6I3on4^{KE!%k4VKRhVE&At+9!WZYs5f(j zL8KsnTG+}RLa89tB{`Pfne3t128_W}wi9m)lTJt+I`yLtO{!pYY){fuEZJvv2{fiQ zl1!(kGF``DbP(ep-hiZ}=LK-2 zDL@(dvvVHKmUQY*pz3}xb&Ij4mA$v8^T$Lx7v%OhLa{MGy{x{dV2`8hG|>_PD9Ck3 z_624*xtS%0Sri*SA0u(5^krz}ayY(zmWmyc<_k ztSo1(3gwXv3!|E8cQsRpFhKQXA{eF7AeMeQezv;yPmfeS-Eysh4K11zJ6VQ z{AA_ZCpG;0wEp6lN)iG-X#0Eg8wuJ2XTA6VKGDrpoRfF7B&wZS=A)4|= zDtL6E=$1@$!!A}ZuaUXPhG_gMDvz*itW6XBtA*(5sO$E6F_>nx)pRI-^D--o&mlp+Cfy@(m_;h@>y6VHWQOnGfM%({fy3w`d_v%aR*r@Sd7LYASk?DZFMyOdKmFO49h4Y1_Gn3=>~^ zEb&>LG2>OH=}gI+<(4fwAIPj4Zr6j|#|_&A!8r9y2pXtlD9#jKo^Dnz6C5szUHg3G zb{z5C>Gz>$!ojV*6o^w7&YxR46|9+rf#kV+zKoh^-Sh?X$IW_Dp=<$lpuuUHafzha z;Yz>d{oPyKu6%}@JI}ca{NU;5Hay7h-+iyLnKQe1p--_efAgZ1rCy@bpCrw57kJY} z>ZAf22smYvm%VD`*%eh}H9%w_A7zEGMmzf8*dIFpUA!czL`z)6Lf z$v4U|7a)8Rdxv|cdxs~dn}=IF;&kWbf%-8i*DLhy_rijNuUsV1MX_b6GA(OjLe@Bh z&C^YB@M`~b?|6Sl93CB>{IvOUXM1J<(k*Fvac6LidQ(k5Qf1q)+S}*_;<@3eGa6Wp z?hGv>h5j22#B2ZVj6(V{zb(Y{e!CcS#?Q{zV-zk;Ofd975Q*Z$5v;Ro<DalkucUq139B zCP@F;X0v~0wQEeC&&E{-qCO9nz80Op*K$%ehae)08jOSKvG|0}+!m~+Cvl0`)jmIksy1J?eFce`32Gl?N`=3HFJrI`&-0X*G1QPy7kJ-4Y@=5pZcj}J1R;W`Qa zicWI`Q5}Y^!NO~!wX)HOEr#D2Dw0KiT~s#2r;Ygg>=iI&;0N&~FgGd^#F?`H<2)lj zM>*gZDwa~_2I5J5*1c4C@hwjQyC zl&Mg<6ZU7-$9)a>pETH8M zD?gUg7t!V(GbIeHWU81V2;J>EVJZ@=EFtZcWGO>?n+qOl=78lbG7c^;r~M39b%}KM zQN-}y#uyJz$8(4FyZ*>X3Gxal3#Lrvz~f|7vR+l3I~`kQ*9?OD;3J2E>691y047Zd6sFP4m`Jy1f@$N_==)E;*TdsL&tk{xc6E= zc;&g*zra@fEqc?xt-o1Wep}(lS=U$imA&)wQ>i4u7;?R*}(`CY?R? z>`j~9d?LM@6))~K)q6WLCP7QWO9ptJzu75T&BxD4Sz04y_-V02DE4M}H1z<^O4qJaaOlG!oW zLcbX`UW(96@%v#|vD~v902D2iBYk2Oq(ZlINzqIL-pn{EvFGco;nY%;eD=K*x>f4F z{tYM3y>dz;$B4_y`44bJa`0hfFS;mD+`hO}&66EA9K7HwiES8xOQ*IYK^(*2*%+kD zet%QD1S~jFm*Ba?ZT(g&K2zz+bLcCvpyv8Kklpsn5nuN{GaHX-k%-?g9 z$i&07RSoV`EyipI%<1RJH(@FwsFZ#$8N0U(hKRc~98WlKj}IFR9AjuFrj#-@4C9a6 zF{>duj^2Ib%+o42!JcAwO-~!G$of9Yr7Ap-R_MTqLLxNSJ5^M+dK#XT?#Wx$>X6-4Fa>$%cAppD8*+s zK{J$pXa>Ke=|J+lk+Mi=K5rycsz%*S)C^5?kXPgPuGej{d;lLx7%)Zip^K52PjNCD>xC3-~`+FRY%xcZ&VxmFB>H_O_NHNV!?1To71UT zWJ(s|erQ_*Y;)LleruM3kImN7o6Xw4?b?6euD8k`TPq(g63wS-G(I+TA=x|?L$Ygg z8cr0l`Ffx1bZY#v2CNw`XJJ6JDCEH6*R|#t8x|!fOLXF_V8pUdHp^qLv^Jz5w^042y4S)SppNzut@9DRiSbWSBH2BgmPkDxj__PKt?>FJ4^IRBlx_0HB&5k@5M z`Xf~0PeT32aGGv-eQXUTXOMP>;a8x7I8D4i8F zdy$x*8zvAz5tSP4lbz$umz$?YFR=y7XhBllqBweoQRJ_17G=Cnp6IHY2~K}Tu}%X{ zJ7j}w9y&w1dBiJXHzY`SGC+Zv&I)*z#vmXVOvizm0S1n!*O}16!LXe*HhxR>VGZKl zO0z+0ptyB>EHg%J$xrPC&&z`kD1K1m3mJcOW9Gc&%)HP(sn&X|a+Bmd82TRNCX;6d z2QSdIMQLm>n$iob(6c#00tPr$m-OKXHHsN))+Xv%!fSXqa{nlRz&+>68BzRLK0g){ zgWt$ro)#}qtFa+0WKCA19(_{}D=BDs&l|#u$SsEZ6t$p1BKGJepzcuM_KY5)fngzW zeZ%xBD<-=T*H}y-5Y7gX{ZdS9f%oiwEYk6D<$+;gB> zaz7{)p6|TaI}{&Yl5+?!FR@GC8XsGpwed-O;5INy13aaK7%1)dW3oh8-jFlA1P@WE zbhx`A=<5$Ce&V-UtxP~TK39=mV$Kk@&eT8amMUfzY~ma9Rn+>UM@n<_iBnNVMX-L< zN$90n-y9BXbleUYDTew`H6o&6?F611`QMgTj1}J^V=JK{uVkPD{8#L z4zFMpVh5^cQ2JAeInw4Y|5V8(@D>8tF9rki9Df}2G4-=EByLm!Q3W>3t@TFN4;r); zQFWXxAXyk4iY-C?c2dmkHkMYw3>6l9Y-C71XEAPpgbti@jx7wHAMUT79G~g1D0!eP zbh*{OxAF^`qv1~r&l>Vhhr-nda+{IITB*szq#c~>mXGkVP|TSz@C&IFMD%3r#h;;F zO>i0ifrm_lXKH_qpECP0^iJMQG{@dM*pj`1G;(f-H$w+bb-*N)B9?{grWHl5L62jr zpb*vVPeGMc;8P8hWp6Frs8&~Fn(VexLl+iNB=W?KKgN90q!HCd*dbovRoTWUz;NwG zP$GF@XBuq-EVcz_VX^P@B6BnlX2+N+G$@!Y=+42v6ouRFHQPAE&_zKKV2#K-JBl~& zjT`*9J07W2?H-yQox2wx{Pk=Zf@tD+@Ai&CwW0$0jImJ&xaYKd)6qKh^7zn4nV@n04dYYl51f|3$R>a$zwc4|{ z_lvtES+L4j zc*}P@iFw{`tMsfi-$nq#Mez#?mM8>{hltkI`m-nX>ndQn-v>;us!MJPD~}ls+yS{9 zpe3J#fK0zj8v_|EMzQ4unUNY5Brsr4BVJ$ybrVhTFdb1^{F|tksG=Lh?$@!%h2uFa z|EqiPQ0G&i_EAY+s+X$jo*ldE0k3m)4Gr2x5&4?b)*8fnr|%CbEpXu3LpYR$6wnos z1N)^OubXB>A6U6qT7>WI_KU+;TNo!qtYX0PCH(;Q z>s6Fxb&Sf&HYD*es7xa9z8eFh4q@&zSjLV=Y!xHJDgzCd4ND{#+WTl6 ziEh)7bR+x-s`8Cox1OClBMAfV++f`T3&ntWJyc@A(pGywSFJh<+h=dvEP-%JLd*gayP=AF-V3ORoQLtA8l?Q9q#{&$peJG zDtix*?Xiuq0i!ly!Jj)c$queAm2VHJOHs)t@d-hz1+)A)q0F`t>Fa2xgRb)xGfuxp zsz$^D0;?9H9kYP;Rs|Bra|cl&Jj>Bd>z76Oq{f(07~ZyIREW&@bh!uX%wf zuq*+OIrgs{%-}Xz^ovq^v%-zj>9EM8#4^RQnM>=V>Fu8ZT5e-7Ui1X9hVTZ{H| zC4x}<%8?rI%h&S=;heY$`i8)=?~S93J}`DPNGK!!AK6CDbIjZ+_pZdzrGy9>d$LCq zh6~+y0`2;^h?n_nSf@!qVRebO9@M1avcX8#qcV{N!1x~V@dF;&6d*jJId&JXdgTo9mYEt^tVgXKr=OATjo7J+U9fI@A~NuZdsVf9cgw88jz?{}0KhguTF^=*0gfo=Vp5 zK&n={1{{CNax+#@^>c8kd*r^;79&geUN=ipqocvCRw+_; zx3AY|=2GL8#-&6=?)+fxg_8p)pKWNakxBh_oM$X`y3x|)i<$ky_6dfl)Fa6z@xU)n zTB@07o4As?iq+{wZmjCWil4g3ZMnwhSi8U)>D8*bz%D)RwJDm0x<>R z{IH`eB~HkA_5a2ocCRike=9bz`q2r<4%zfKRDeBdNa1 z7ONoWVqV`qeBBSwqHsOR9z&LYsNJgC(V=;Cw_fClFR6xC!u9LnYWW?p;cJ<~yf2I{iRJVrf*2mQ70mB1C2Pn96L=tJ%nE z|IM%U3SNc%+IU-Om0Jr);oXR6An*`VvbS$pz1E+%4k5MN+z z+?FBD6NBuq|@pX-g_94*QFT}~Ng#u%D*Au-`Tm8vFgR9~;GL_biUHgeDTLDr>f z1U~Z?GOK}D?ZtQ!8YG)K4pG>B)Ql*Tu2g3*iwV|NU4HqL9xtiisLQma`o}j)mDxcX zRRQCGm68RiSw!^(7Dm-ejdU-p8z5ziytoe})pl+!&@vIYgT8JbUOiqluHBQ=48^yPpk|I_iTkgWXQE>j|neJw*h!4(GpqOr-gx|B`$xl1bIEFP6wGMIGI!j~twN=!h z@Ta@McQ7p}a1hgtAfhFc7P-#gk8GIR(gl^h557QaDNKa>j?!2S)iYI8%Zh0sQI^!A zopQpu9Qa*fKf2B-uk2}{(MeqVU^MzqTqf9CM&YHgrf9LDr_&|>pf%E*3m(I}nCQj&)ombg&tP5o`7hNhj- z-VxgnB7eLbc3jMR73GBo9%Bz(D=y$BEq*js4qWfWFA-8qMIqrqB52YTG4PvT2hxyt?C@WgjGxYSmv{4@Lu<7YOfKxI)X`YNxMR@}V8#716=T z&s&N$oA_pPQPvw*E8@3glfn0J*!dB`oarHx#OKiL4*t2=Nb^oo{{*TxoVa??TtDYeaZX zVIm@c_hCdUy4(Tc`qv4Mvp#L2v|V0a3CmngA6xK`{TTSSXu&ziuKjnj_V2f?R(buS zXtdZFg5UoN`%dXBzJAhNJL)-xIzfUMRN2n}9a8K@HJ<7v z&zGj`e=DP2PTluJAVlBy-vvf6ig%7cPES$U8lA@R%cB=BH-BGQ=Z9?5J{hf0kn@Nsk<$_HMi6% zvC4S?3?7abcRybIDMa=O(h>Yh$wx{yl2H;+HWF7ORQQgjN-gtCM3M4Qivnl9q?9*?UQGHv!nj74_Av0fH-xQRja&Do-?frT z2L>{`q3%pdGSXIMq4QSiuOyVXCM%D+;^^A`SBAFB(5{p?x_G@fprD1KDe7pP3BnxF z4yxqwbWGm?fA0AiiNN!p&}P(&mExsE%vfJpYJ2OqnGnFB7m~U1eQ?%g-8V<(r zO^#lmPiux}dyLQ|)LKzj)A~oVT%r>-OypSpvIbJ~T}Y?bfqt4?GKPqwhJBx7&U%~K z%Y@m0^2D05GBRjLj$&0A(a*BWQ8dZnWUsKg*YZk0O!6RHZJ{v)8HFDmI3G~pSX+%91lwg2f36$ zb3YtkKf`r^Usjg&w-veZy&xlYWk*b;5WoSjYgog_z0Z{1q>FcReWZyoM%f}uVi~^E zzQ8-Wkb^#`inIg9=#Rpq&rVBO1{mlkrdf(1=V?pg39BSua@LpC)0yYgwMzaUa54_W zBhPod_W%ZEeYP5Nm6OO9*%{~A7nKMDhat46`|0@A>o&UIwGWQAcj7+u6Rw%n?FCXI zK#EJh*-xzm)QmNh09#0?TxRUg)3vPrJYBnO2c%1))W8r+z8ntiN*=-X??|xy83-1L z@hAUE9Zo6ehu4L3(8*6w>VK7_XP}Fry}I01gwg2)=0mG6g(`B-h^dG#*%UFywBKSr zF?PLpMBzzB&TnIPBx7B&Q$_;NpJqzYp-6T$PtJNJ0n#@(D$$4v^Qo#PPsCm zhr$3&KAt>zQWdP{Pir0dW*>^^q=}2DOzqh&`d^JPTlgir^eDs&JM;(WNz%VThcpFF zy>4ThO#mo&Z(st>$i05^_)B?e|0$%hq_S?0u_hkZucZaiidZ_{sq%f!&i-zBCNrsN z;@m{J%Y_b5taSYH6u)>N1BL!jDseJT?nV)j4FA9{jC++-b{!60M=>Eeq^*uzy>L%t zBLn`$!QlWg)?aMV%}8FipX)z_Ak!uCh&5vx^~}d7oVt!(X)7QjJC`JWi~Vh;jN0SXj};643hQH~Ho(*H>Ul75hxpX^DJ(-r zk?a^g8`u|ar}=obcJ79X>}noE_u}9IoO}^`kZuB=MU5QNHGpgfe&|M?t|2Jca8(me z*UpUr@UJv*s1N~%9~$=4HFFH*$piK<O2~)&> z#3WVqc&ZiVB$(DT&W70@j15!!lA;;JKJgI0-^D1)sBR>O@Q&Z>)eFR5D)bIl2miz} z(Jw5Rb*n)*!nS24uRHSHZhAw+C^>k0#P3O!i-De14T3HGlY~g1Mx6Bt@aGG+J{7D|Fq6HPjJwfPkuak-jH0GQ zRY4mDTk=JNqR?ISn=LCV#&`>a##UiL1@>rSJZ=@_qnNvLT9zfn7Y+nX$!RV{O?>}- zdvj~&XjlA@iVWYVV6;u6cpdiU2Az2d0~@XB%7qU&QMl=joNzqyFihd60z<^`!2qe} zwL9$)sGKy9mW*X=8K{SHVySra{QtIJ9UP;@h3W}+#DTt)W43*;Vn+^$7joX~6^TnL zWo1P0r%xR6xSosu9}UnIuY)Wy7B4#^CcNO7d+E-mW9(x&O%Nt|D6x|W!k`X{!#!n@ z6sL~s&$h=bioGtK{yC5>>A)yzgyJw1tAw_S3KXm8-3125<6twWMQPT7;bGXljAeRbnBI3onyZ@Fk$}%>eZPbOXc@CKhENl#Vk(=N3VXuc3Q|jw|nNx6dws zG7AS)D@DBVP}E+F+IvO2zcxx3pa}$JHx#>0*B{x@#kL%yk^-NuRSPoHl_&F5$%s*U zm^KAsso{+c2KAy~U})xw8`L=-K`+LrMLECWP{8D$i6b)HchFY{t;)m_UU$J(-5+-` zhJXqK&4w~aRcU$z*MslPH@`ODR*F!Rze8amUs(MzTcqb17UgY)abkp@!_#nQGI((G~ArJI+A_Y4cO748*zr!#hSg(T_NOi`G zfC-sRJ-I(M7O2ksYm^YBAZWHAQ_D(`(I{uUO^c1Q!TY=_yyQ$AI^pw^Z88At_u9#+NQ?KkyxRmm zLsn<)Hk>Wm?W`z*>Q$zt^Jld(xrK;65V7=UIapk>>u~HZM?|e}>Hahq471P&UH#ql z96v=F<2hG>A3Xia0^r{M+<0d!Au=j}APRH;o0nlJ2@n6rY##5A{q?(mJ!1z#Er+zE z1POEGUgUGY8ScyTrbSDE{}tBRjQsJ;G(t$vtL8KrhI6!DKO-ldmyh1h;_!o270n^b z&G4Rm(WzZp&|Gy37o?1gh%7yl^^{`cbEKd*B?yY|oNB{Tu!IZi@J4@P$|;nD02Jn42Jzt0MGMQv}iz^4B`%p8)t9Sm0^JL?&Q>M z$HNuJXAsk-903+#U+9wlqfcRRq&ZXEjw$jon_$HB=vvz_(WIjEww5o|eHk$cN!$rL zbA~;disqz2jgcKXB~>PAlZ3|%p^}gp%eej3r7QUgmVjYK!)eTwMO5IqAJwjJ%AbswHV+WD`?Nf=zp{3G?r(aX5YT`s5WtvPC z!AMXUxtj_q2vtAF% zI`B>dMIBhg8(j*Fj;1T)3-tG=;vj zUeMZ6ENU_$^QGcNQA6XtjzFE#Zc6dr>0+FePhbyr*@n*R9;On^|QumZj?fDZ62tEaM|8SQNW9W>jS&w6Qv_ z5K3L52PmWkW!p5iL@_2xny#9eAnmGdMHGq^BxDwiX6l#cbetgI#g^GG*aK0|NgK7~ z)@C>VW;EOF<6U*sZ0xblESz`_GD*KT@nxGcQ|dA?BW?+t&nw0g7X1s^Zeu#!egX>K zo3`z4x9xkWml9y=F?HXF22v1{!jdN%+=mAD4Q7|qAcKvC@Qi`skLeI(Tr(B<&7~}D z-F`ecpppME7Gc6=5iW*pbtPV;e7d1=t-NBMVV-sPp*&ARug* zWn(ht-g|yRVKPq&^wq*12nvsTVioSgoG=#24N%gDYTQ`Y=N<2 zs(Mb;_zFlF@9wqbC)&yKR!UBEGFcGd?`^7>eb zd*${KP2@3rqr{(==XZ^jJb~@Ui%sJE-CMJU9QNNea6W;3sg1^DUh-KE>$=U>bT_v3 zAeKIer4M51Us5c+50((TpDM^Ci%((;`2O=V25jYlHT)S^gFz43%)u=1XJrq@7$z`? zM5%lh5i2-1lRzkUWfNVV;u#M-sq)hfJgUOOf#>UD6ml9TunMEZJs)@!?EC|dF7anR z@TfsdIq;apCLegBlG8YboV&aO4_$)f{fV1_#&2Asn1RVllH@f>+;uMgPW#U3YYh`7 z-)->saulRy>-boPD^cGf4;^*U#OS(oFhDp!>vg>LC7Ijk%9gGzYTG|;{=C!P-rwCi zY@>a`}o$}nuSq7}9q{7BsTemOo-UIhBm<*0=`t$!JrQ*M@(0DqjaTT!=Hn~12fRGp-)_IyKYG5oUsx1qYV-fw zd-MLbZDnEj{qOySp8}QD%5t^DX;1Gxa@E$coy51^9xrWrqEx0O+UAWUs-)zlN#4)? z&H{h{7j1Ty=CRIcOoG5*unlGggBipFklNhg)JKo3EYv|u*w7-Et%5*U_hV0hL&IMu~CEvJN2R;)3X6raP|DkkNh)O)uY?yrQhv( zbiR-FVinUf3K?cxqF)!!LuLs^-DQ&mI~qanmUvcj7IfP`3wn|C7NyxG*_bZyOwadD zHrj36ES8s-^=q>!zAICrOxoSvgZ8$?PxzsXmnY-QKVcHGQ{sFOgs3Y9xb6r8j*mxP zyS=;|w{N*1&EE>;GH_U`E3CqA70dPg6C$g~Noqb#2x2~0kjepBRHEJEin;jSB}a*v zIRwN64GLN$ZB6d?%LtV>-?wq3#pP}f`jJ0Y3WO$LuT0ZzfSRhVWkoW4>pU_bE(?a( zjzK1&#T0qXiKil&?F`50BC6XX9vu1xn)v9w%mg#5+w1fK$i_`t!-2;y?@jh314PX4 zGAhLMN}^7vzlHzN-p~6m?)lTRBRGceUsI zY;2TMHvCrcXY4awxF9Q`{WDIMo~Yuh#1Zd8Hpgs51~nMH?A;V~dVJU6CNXQu*{7@O8dY2%o*1(hkyHI0dd$u`*Gz=9qB+)ZbRbJ$I@t0E zUABAONynpx1HV{SSz$JNe&HfjNlLEB%)tg?=B0Am`L~(fx;{QX!<)*@7Edh|2jeb$ zD}zE;eC!6Rdq+-o4tO*0wz8$4gvC{MWe=S01E>4I={|6}51j4;r~AO^{*yUfwWH6^ z@J=c@k?&On?}z=3p?!ERSk^V288$K!CnrO#(cf6PZ0VY(xXEVSZG2{s(wwK2+k^>E z1{kAvgP@#sjUc0l3Iv*e>0qX+WhYF-Kn-9%fP8!s_Z$qg^xX^Nr(9Dtod8X`^xNXH z0>K!PFKO-52KH8ELpy_XFa<(V9*D2O9UUKTAJBmVKZ@#a>?KQi94w%>Vgg^t^2(}R z7Z%OVAb?iy6cqR>B~`oL+4!Ph0k8_^7906wRx;K68zquvck9vI z66=h8l3)+!20sXr&^g5mXGaAznpLu-T zy^!ewU-{un(|jW>9guIrLZ79$waORh#bWY`e`<%y%AmA0i<3XRV~s%P>5r*p6P;lm z2d7&B1jo9-r-P^L55)TR%SuM*#6edoWQ;^Ko*;n+ohXuHilN)_D%#&V`YCfU1_aI` z4vuiJy-~}i7p{Nvom>x=qQ$;xXrgX#FbN8CxQ^a4Z4!f5;C;nnvlsAG&0#xs`JdS#qr8#C?!13{z0M*B zD=wQIeCP~^unf-z0}AZ+eJ zTvi3PIBcOrHOX?NK2vqXam8cBwodl=$utp#ojNCxz8ywz13OjsXtl}ND* zu6!#ORGg1p=RohmU*l|o^If^UW-(P{P4!gjiwbsS8os46rEK1ezFLxs z+O56yr#oBiyDJ5y>2X)#(YXX~e?)`Z4~r`HQsvoOV;wZ2b5 zv(X~c9aST*GY0p=d)I74hJh@YOKCwuA(qV0*kz7v&C!umq!eWF=+r~DZJ z@4N@3U@o>Bq-Of3-WL)GefS;X&J`}aSIl4YC*kz52@7-j^a!w!7_z0Z-V%03p>Caf-C!pEq(a7z* zsiKb_3K39UT#udw>hAQMp|&;D_UE8y&+N4?ht_BH`CTY~CcH0WAINIjop*&ipm*IP zvf(bYV`Q&@PrQF*A@#v`ll!T3(YFzu%n$d*KV( zDTdM-cF~<-$j0hl!cH*EFzHEP>paG83G|C^OB_PfeKt zi4RYi7pi1o$~;?bGf`#=n2G*v+%OmeX+S5;XX6X8^snz$SO2ZE2yrip zw9!kEDtMoJM(jmLdDkiEYp_{u|FnBUeprLqdM=OpPb%^u10NVZjXntRpU|#}6n;v% zNo0It(aE$ro`KeT<}~~?#F{Z8@|8p>mwGWBSddiTV})}P>bulDflS|v$|sM!{#_Xa zu+%zqf^Y{iZNZs`O#j_B3VvKNZMXd&N2aZwn~hA{MZO#|ZMAC-GMy?nJDE-ty#tv} zOvBHCOj{^@3^IME3hzXw=d1ZslIiO^lIQDr$@2BbC&$xf*f-BJrI^-NZ%WD|A+^kZrY+qsIk`uq@cnHJq$t!8Pdq%fKQ1anP>LwG;R%#qy@^UR^7Z%+$Qo{P^^Cie9C2zpkHYj)12bmAD3 zR&+~CGms*w&?qY!5^4+`oxEN-l{lyn)^s5$AL6hY^M5>0)T-0>#5N zioGvRTY-g&hyslBgMp~dJR|BVy6WY%;D#4b&4EcNy5oNTR?J_^8ZsM*WwZFiSuA#V zQ9_s!GF)ZLixf^F!w|W}qGwq{gka)nNptJ6iV(UjSMVY%n$66A22ADcDy zNsQ2lp<)-X0J2mPlE>Ll)sP`a(eFlgFRfVi0Z-#NEp{}K_MxbawHl0ML`)U43 zOMqsaMdxJEGZ8x(%|(c_&~x92Cmctl8w_yB=})SA<#8;vpqOZqGhvp@Poa1gB`A_g zyrWat39k25gl^rIzjerK-B5e-k9a%@x2c5cgV3da7#WH??H-6x3@no*83SbHeIQTy zPDtOt8Wk1BV~MW<5%;mz+{A_7YNp&4>p1k4cAk%ynK#r2@* zBD+|Rgze92quRNjEovukbK2oawezqcP2P~WpJ-xzHoMJEa-Z2r?Jzrc+*@|Cc9orv z!vRlO z_lO_jNL^@6n!$D0IOyh2L}Mcu_qxO$QfzNIkvNVSouFd1L$~uLkJZ7SE&k{zriJR} z-saZRljj8|l}F{+e=MpOcuP49Fw{xa4Lf)b6`P?o!`i)Vr%2qX32R}EiSK@O1tgf+U}@aT;5&(b*n5OZMTh&1ivh* zZA2_Qe3w5&h4u<4r?1AKwUUju`W9c@Vwp# zlihBY1qV^B0-+$U6t|*MT(;}n+&`=WjHV*lXysGR)~J^|>Xa&D*k7lRMfsiD^gK(q8> zp$>oQD}_`Owx93qA8xf_+dJMm+$+yBK7|E3>u{Go!eaP^Pxhywp4F?8B$ap8_ntR5 z0E8rLGj^|hn9{eh8{)CZ>x;M;O;&%z{WfhXiVY<48(L};*?0bS|zJa^DY zk|j)Zx_&g8@Hr!`K_rvcjkzd_%cEczHv#rG$cVEkoIIVT&NVT$GoT{c6l#T^>dshqlWtut#)NZDCnS2zsk%w{ z8eP34;k-*XC{hI57+lLUg-CRI6@IG5Uco)2Mr559ta)o zpmVA5t8mp3=X^{WK|dl68suvn4j?12KYIP)=oY^Mt9;9=28TyRp-asG%ASd&vA?x9 zx1Oz^>>M{(6b7GfF!zhUf zws(GHic?#hkB8iINX?6KbOVSJ(!DBiR=6}q!G)}TB7mH}g%%B6QeflwaU(hb2tOT? zj$(NT8a1s=NnEG4YBDlOJnSBx6`83$%SzOJiq}gdXT4#xC~+ak5=`a)fP2ka&uBz9iCwz9zPz#<0tVa=>}>0vU&)HyDWv zAJrGprRo`~1}V7;s}32eK;Kb6Rt4ll)Cv9Js3P1e;D?F02Lsg1)EtAg5La&Ky`OSjE?Y-|-c zt#COX5k_E!4P^%UjIhkz1jHizR4zEv>1i$==}jO%(^MdnT4R&AoYCVcb*3cgtD5IOXMceH|#v;`SvlV;$lVE$&_!K3yFe;r03)*$V5}*YtP!n z<=>zyaz9TiyuPb?0ZGEs{iE&UKPJI@3;?BsCb|62E2E_e%~raxiZjSUSFM8VrmC+~iq68TQc04NGI_N+FE!l26nS zU0@F21B!3mU=%so%3eY@8lU0WMx|X*&oz2pEdzQ`{YixC0^mF%AErv*eFJcPgEwJT zNYL3wB)Vf_U|Ic6|Jpj0Mro4Hq(pZsq?X&(SajWy>tw3x8`&EC>SYkT$*Ya^H(cKf z$S1-v@I-uaNW$KEATdb6t*En7Vx!J(^%<&@k4D3B@-RVl5aL1S6r0;e$J7&$ZSUFk zbHK697mI*8Ps#CZlN5YWT94&8wSyP?dwX$HdyJ~xbtMstMomN%p{pxMMJUb5Uje<-J@ch{1hErV;Mw(&*d8tRvXKFouG*ghIS(wd$`| z#5?hGgCEPWsf1l?vtSgSZZILcn^ZJt$FPPsK^gl0Wi}M4Zk$y7Gq9}?+8h(I8i*G& z+hZGA7&GJ!wif0*OPE{OpFYj~1G@t(3!~x49BKpGX=LqgRP3`QTFEZC3+YP2nvH;^ z2BnY!^gzt!BW77$`VS&$>18^hZK=x&_RP84m4(DCOkZ3`W%#()7ZTOmml(|Pf4Iqz zb(0}6#q4=y-fBovr;JTT-OQh|+dgW;R?zPIgSJ$6Hy_uY{A-ch?eUg^*Av_ko_j*Q z609gDE1Ixd%nQoC=Z;&7LG-ItcSPl@P>P{eb0Mi-ng3??ZQ4Qet>Iw#5slmea3`+8 zN0019^+-D1#a5lWeve(HF1D+09R6`|ygy}6=S)`r+cSo82W=zRjO%Pg`R)b32%p^K>XAct2J0P z7p(#y^#Vf>J1pCkz4>b~JKFAMOhBux>D$L_}i!i>82S8N4 zZi==^%*hxwcb>6$%3gX-p@`Knk5oxH+SsD4!^8c<)R+@6HCq#t zSJRv+Q{$V}Q;jO`v@=(K=lY}|Bj=Pva~Q%vvl_D4X*q!7+_`E&;h5#Z7_E91rQMh=Of^5sm(4_JgB0XN!Ja# zl0B|D&N`au4BU}_<@IhWe4)g>WfMB6IIE&aSR0dr2Qvm4AsdgYz-KFufizPkGyRyC ztT{&>OXvoF*>?vZq(fgKH`B*M3u*J5aC8;#5jG`|)WTeZ_s!$Yv9Hh+X<*;CPDz5e z?v@&P(oAkYC1(Cq;3{?~_m@f?l^K#IE}W{ZY}3cYHefBFADh zry#Q$bz@Ct&NOA?1?1l$16MR|GRF2FGOHZtI1m?rQ=A*kf<5sghH7fm>jvcW5HFcW zZ$`n80yq7{b+t}oVp2-gU`<;s{6Dh!x?&c$r!&#UTug7)&fL!RW)+T5T{F0V(h(}H z5(HX}Rx{2bG_5*$Z8DI$-~H$m#rdGZCHWR_+|sn3`-9YxWTsu$fx zxY<0ZeYXH#ngsD_nbOpF{Cp$eDUYAm|_pI&ppUK z@o3+Z_>(m?@@1b{s=r%(_a^&fp*o-VlSDNw`()MePZ58T+Y|AsHZge+f*ypRf70Cg zRH9Id(<|n%fM!-pCbE-1m{@ebqRsBfEP~DM$uzNM_hgDtqcb#9B|djfvp-&x!R(Je z1HLlu`ANbHp!#{pEP(DLiA8>HCUQT_p$|QWrbs5AX#PA1B=;qdz!2Z3IKuN`iWD-j z&V?$uU(v(DZvnxhKhBXiEWrOLX+!TOF+V7Y!-J&pAZh$l=G7;aGGd0Tn8~Nb+0ycb zO#FvP7sngN+dG?wvxpcn>ohq-W}6~x*twe7Wj}Y8anu?4y>7TD-zbZJ2Fzn(G$u(Q z3hB>76j6vzl1I!u&8%_{)9fQpvnhhgr<`IB(#m~FD{8RsQ)Dq_#uT|_dhLr>cfS%$ z8q)>D7>Q|)ER(L{A0^P(yHm`4n&jj`w0RJ1{&_R(lL|QrrmvXK5GD$wWghd(hZTG# z->rp#3pxwktEG~kne4?WT}-tj zas7~I#9c1>%Q=<2AF*RZxlN)E z!RdEZ@1+LZ$dRR=IGiumf7_DduHDj@X(vtzk*zzuWk1kvsSpT1EPlDE9m_Tu<@~xoP&?Zf)wIECNuD1o~hG zdHUM(!!BfrIKE{Ebx`3gyS}F}rsx?oVpqN^ay{wI+-s=;uu&xfu=gCg?r3xSu$czs zop@63%%oKJHmpIz!cCZG*b&lz+U83w@! zMiN7}Oybm+#BhIM&^W0BAn;s5y@52`e zkMlhp<)$XZ1TP@dD!xNa_vim3iR63-xE7Kbo_K%)(JWo&M}kjg|n{d4#E(q*Gl&1 zj}+llR9*TOroSzsHc`_#8h21HmYmW?GEHld@uL%uLc_!cXs$niZtGmSg9{ZR5=k7z zNGsKFOd5@{Fp4xG6*c5bB0}G?VidaME>}c73R!|BR_OdBQSMZ>(&~(N0%OmWq6(k5 z6f2d|DW8)xR-nAn#6x9&jXm#gihD|-H+6N~DjO=b2?q#CBNA+&T0o%&7*FL^oB{J9 zOIO5b91avLD2L%aIxa{^*8x5Kw(e}lT%Oa&GAYchQSr^au~11V|T*ZTboDlS6FU`7 z)|)|#5?RQ@vnl@^ZygeN_>c~V*KYVoJ6jy#%(xf2Wl`uuoA|xq_J~LtzMfX64pf9orPz16zetRG~`9uf%=(8d> zfKbuG&&eI?`H4$f>smB4t{;=2V6}H8B~dg35lJhw@P4j0xVm!h$Y|lkjxH{CqBMBz zF8l0Fp6BNwXdW1>AL8*+Qe)<*>vq}7JAJ0WTDaL&c+*spVxkt$QrAB4k`KJ(126f& zOMbSzV zL)+_}BaJnvqEBR4+HoT3ffAv|hGuBIM>MBe?fQ{LrtQ6eJBVsd6461xv|r~)W8l}OqT*gN6neG%4*;1^M$;b_RO}*KKJISOQv>F{bl-g8fWF6oHC~q z+v=lSXfVNI8{I-K>Y1DMqs8_~YfMF4!^B-PyHLg+dV{1-<4*y@^~f!-nKC_?0F;*K zBPKGZnh3#k!(2^0$Ewv!uQwF&)eE+Rx9QI0ip-@xKe?U+I&JDaC9{m5ZA`++B{JsD zqgf_hCUs7cXFWHx^_FD0MZEH6Aj;La-W=*YaT(ckIzOv9jEna|4&^Hpvp>YkOxDW; zShEKyN|eT9HUR{u`5cl+TVi}eGZK@GtWj<;}Y{xRjb^csA|0OW}&Kay|YqP zYZ6SRs+q&McrVOLRW-C6s+y!kX*_16s@-r_f(kk3r=?IRO-8%nEEE)T-3#$VKvU>u zH~fGkvm4GwExX~2gc3*OK53-vsC@E>lVx$rh~V#^D5iQhhq}ppvyno|JRcQQMealZ zX}Qco`>3{A$(|b5$rLX+JPS2;UOI<>a!8y(C9H~PBy7>eJTkb=dvm1W#uBa70g6FbCn2Wo9FOYQ*l702-Z_PXxW2p`Kie6GK(i{S(B@p3k9k zM&8*7qb@KXaWsqFi9qV*HVcu|wa!W?&GDa1EVG7h;SQLWXewYigfl^TQb-^HwMG@H z(&{8F0pVUBSCofi4vJ8PMu)wT9iHrL9W_hNQoQCFnI%ZtAL5au+iSqHsK%P!qmzS! z!>yyE?ft!@_Ooq(&=5yMx8qeKZ|H_}<*`TC>CR)YI8|VQ&@m0d!($G-T0ROyFL1jx zvApS>yR?4jYG*l7Dc!wpi09tG3*DYzmlJro-Hqrk>f>$gagD2q;a01IaleWe)4eci ze)l+8MG=eP(V?pBS+WvcfzB$HgMkMPZE$63z$$vgDmY{nHD+bAop@p#jH9w+^mTmc z-pTB5@pDrYm)&lc-9(@l5Tj$8mE!V*VJep$yFU?HvR9mxj>yd0^V~O8p2+B9fW44h zS3?izIXP>CMVb#rVF?SH;&0&=*&)X>BL{8iByOkHU?s#r+Y8B zX!E?Xy9w7n^prpHsufC)#^;!h&H*67UUy~aCnu#3Yx9(Arc}K~m)kv7c2eSB5{O>c z1`xZ~3?SG!iSkGejH0^xj8dxe5+%+3(tu!fwb>1SjeT!Ky=o`5p>VmJ$k)!!xW3!o z+2}yd6KV7w9oMC}ka49i~04L_;oQ47CLkxc5{aJ{U zqb;bn0MLf+C>oyuU863FH?*&-Zol$%rC2KcQf{o_(L{_>3nDE=zntJQwc^_qO}?eSJ=!E?Mp z*FRTo3Shq;hY|4MqVK+;>)Rp-(a8-EJO5&U4l|^ipYAxsmhkS7=m59hfQE28l1F~! z3T&)p=MmsuD($v^YrCUzad~(B*Dcu|d{oH45iQs`i_5@-B0(WKUNOhf+Rn=&ztA&$n90H z-4OAKD*W0B{Sg|4MwN?B^*r>U0liyepWoR>hcUYcK>rUFqQ-x3R$&vQ~kwOTeOPR7isLSmAO!eTU~sx+Okjh(IaJ>riLQY!6RYa`JN2B1|tc(K3tMjo;bWe|n7GIUpD{YqOm1UzZrfY0P6i%t z;E{O64oz+n#n7pVSXzd1=sI=a70OhJKyT$L9l8jaR{CT)_BdMK+dkg@&sH3zvU;u{ zH)SbNJqN)%==&p}c))~LhXLA9hJ_qRJDUnr&jnaUwiu!DfJs+(PL$$u(<=w&A+z=s z)j>&#`>9LTM`QLKlpJwOg4SMA92}OB_z71mX<5XNKepQI8(aI&l=Etw!07126%jC- zJ>{lsbm^ikWe5GZu+=TDaJyOnEfX0I`g6IUaG#H<# zCdBqR*@r6UHL6AE^{g8VN+SSs?G8prv}y$eq1U`onM094w@dTQE_C@dT7E5&e9i6(<=9tbKdn&F6;%hpS71Qm z1qRR~r)~h_JOI|@8llj9L=SCpPSK?Dj10ia;FLiRI?72R_eS4`DFN&WDv!MDp7gLT z0agIc8F0qeo_I3|t`Wi@K%3t;Zb(*?G&^y!`RGHsB9Otxj;PQq@<5#H0P}<6B#wd# z!SQ>BJgsH{;-sp_%qP832!uMiBp-N)HESiJ5%9qwPf-`93U&(2XCKB56&(D~yG6V) z4;1EAbLn4PiZh>VRTDE|Jm?|yx>mibCJW#Qs30Yf_O6hC#ZQ-MWKnr3-6T~9q7>Et zY%RZXtADRo|I>agA0Ai#-G05&DmQB@_10>ASUQ!qutLyAOF(=eM67!N1feWlgm4_jLW}1sd`H2A}EqX#eDJ0~k$aZWvtCDngxQeO}`gtlpCd zsyB%&nFOQTVqM-*3+y})_Ge(4>-^rC{&6yy?>2^5z^&Q z&Uz&Fup4uF)PRg*sQVzWv)zh={iE%d)EV7?`YG;{L?a6IKWD+UX`-daT@G;sB+n_+3;9gr zjP*a`EuwxVfCJ}r*!Oy#T?z0!=TH&76GL4PF~gELxKWJinn>PvxVAxL z_!tM~)U1PiU2EtC%LVkzG;BQVy0o=1wpIn%v}$sRAJ&u;M1}QNz~Lr(2Zn&#e3{wi zN67OTJ!s`|3@^`?heackMf6}L)H%8otO!_Z{VPN$25&(x7R5K;#JQ5+>}Hsxkk;EY z=(r3X8H8G1q@q8%K{F2>af@m&#slT$Z}yR#3jhzSyb;*98tFJ{da|HMS8@0D_qNCl zJ0;P*jxHY-v^mM)t2(Hw!yrP$_~1nn{D8K>u zskvHPeH`Z`5af}P8EEpT%={hmia~fQ-I>e25`ZbB1BW7S7mjNBLZUk)JmL`$1<@+L z)wR8+wm=8e@BsmFM6y)r(WLT)5&-B0CBAPY(V}@LOF7QYv6Vd19~QVZM=bmWo!}u0 z%?CBucwo>_=M2(8EdETeQJ4#kWw(%wKH>J;Q4a*a_R#NIyTOupfmh&^vXyV3z}8Rm z;9z@GZSU8vkDQwU#*DY%Xo5Aj5dn@!k_f3ZZb~Am+t$`gBdQx<)aEpO&&Nng-SA0f z=es?r66sJ&Z+F+X_m1Jet;6>2{wDh-eP7UyL$fmxwD$(K3B3ml9!TAMAlfPKb_H^-3yVYR*YC1|o6GLT=x42P}>C-A))#eiGLG!Bz0aBc+3?pm$qKUDdUlxW2o& zb&%aK{xn~6sLV%i1dipoi$d*iVxjE_GpPmcF-uWsAuJbAqO@Al)>_TwLNrtH*Wb57@J@IHFSBqQafx*!!Zcjm?# zB|lBG>=3)zElUL3ov(4a@JDZ-4n~k_RUDRJ=C)vwkKTf0q<~aIQZWN&ZjVv&qc$1G4sWEn=MA3a%ed3=YSG_$);pk0Vkn z%XY?Li2h)d078CUu-Jw=(gjIk2*SiL47%eE1J}|@MIC0Lcuj^N7ifI4Wai-TKt_-( zpH8_ra$OB=FrZkI%&%$GqP9G1veF{JWiXOS4mG*iil+{~SGgzNJKhbMGjYFg-*LyL zd$u*9YnMbd<0qDu@YC-1(WThNqfNKx|INK7KjoEzZh7i)Sf8iCI2?F%Yz{@wdY-d+ zvc9tcxHMPSgv4JZi6!dZ-CvJHl<>y%_CH52&@>Etq_7*QMfV;BL7C8U2|SRiRqJVGf=tX(7{8q z=FrQ?%=_6KY zga~`fNM8AP6VZympuTvd{C9L&vo}mS-ID8~XsnTfjM#~bgw=j8PYD5xCIqWgwc(U( z>|d(af;Fei?UV=608xt5+k^PafIiV>8oT0i@pW{kY7szdkX0>yDJ7jQLA}c~8^@iq zI&D=zNZ|jfPJ8t*KE`Lu@sOf?O!B@*!WLWR(FNlX**~iaY~0ti2FB zXSE=JYj~-S$dZ7KB2owMh8NA^>Y9CY8eZ5Z!v%>Z>iAVnkjbt~=2>$dAS=7LJ?Jhb~PV;W2kAeU?SPiaj&qa^aq zwI&$7MrvonMg5jK#DLJ43&Oj1a)=UWmDaHD-s@mR&yL{V-(~bbI*qP~k$Xm`0R!(^ zAk$dE`85Pq#*aK=m)#K?E5i=>f5rikGCyMbnvnQ1$b5yY7@F{)4fA;z^f|7&v;$$S zF4b3s>X1uY-aZ$=!cZ{J_V4REzjAEQ4#(}J696;^pd6(92&rLCExY>BdnbHR67U@MgP(Y?KKj?nPb_E=?7 z2yzlox<$i*x%h< z-`m8CQvQIMGNyYxLIf1!v8nK$#!%HvKfSsobS!3WKzamBSyi3`$E9?Mgj_^lb*$2k zJJ7A-AEy4D~& z1n+2o>=6OOT)U`oY&%$l)$eML#mVp6d&s_&VLCsBRVQH>h5P|CAWv$KnX48BkRlkN z0xl|f)5+u5c!eYH0zGfCuTDB9E$Ar1L<69v((-bN!8S3bVqa%XY=br+Si81%=pBuZG5+vO1iTTqUkfnuHwiPlhd&5;z?_ z6Vd>M^H&6M+TNgp6q~`-aCaW?ps_WiG?=B;#O+179ZRfo)I^uKYw@^dMF?IlJ8yZl ztDx~X&pGJ3N)uJ@FY#DXJ(+FQWH*c7Cs;;Ss5DLGN}>2&;eGrK;ehm?d@m*v=J9MP z2ch@`=|=H;#R%nwPv(qIVwKsAZ?@WbFRWQ)%qo~_s%yBb^CuCSe&XW!8OKwNi;{Lw z%7GD5BVvG+!xDNF&9b;^AQR^@ra7XXkBWo7Yk8(fNzIxj$dPc=?*hp3LjgM+%!~p_ z&uj!W0!dEK8-yhB!z|y%fh~;&6jv4Dwvfk^7;Rp(zpWppkwyWNt!ZzC&Zbb{1c`$( zU0jW=7FXBaJEV4__oh)uS1rvE04UysI@!t{LHMxFdD-_Ydwiub%9a8@1{|1_G^nHt zRg93=<@|@RWZgHoQr+&A3!g6VjxOyQJS1pz-IrP>xvk;dt83x*p(Fgi=?3$_0}6Z* z2G=lrC}jgU9nzJX6jjJN#d9@IquU|5=>Kc%c2V`$Q2=n~LS7WPHP^pF+{lnw?_d!z z3Vbc5z~moQS8``*K3UV-jocexpILp9CDF1j3gMKj{$EDx#<#IeaB=n9W~+#6@_oq; znwnbx4Tx7|8Q>9wJ;L#11C9aOyngt+R;y)>HcmM&gf-b0l(+9;Utuj{-p>Q(pa4W9 z?Ln=+8;v-mP%gg058=Hf?X^s{LSBCFE{=bF)AX`(+I5gBzMn`ianh2~2%y~I$baKi_ z@wxa*Y%K_+5ciYS)6{?=42O(4sFVwGbE&oLw#uc99p6#RdEq5j@)&-rSOmoEWf)^9 zMyidMk0tA-)GCk}uNsF&3n-1%&eEJ@S#R*ws;FnO9IAFJC)+f$N~LZc%BXBj^m6E2i=uKkxCM`kybc4E%?<%$m0hEu5G&szZ)ieNFsTIz^JR zPOG^~mV0EDIRxUdap|J}c;NOAFbI|9JJuci;c(hyVKTe=8tl0E^c8DPbNI^*bQ!OE9HJrL{Hmy-%-v*=BHo2Mg{Q#$D$Q zMOppkwk(81rUby0)&Phb*1+|EZ1vy&O`;Zz$NKh5@k4F(RQx0?^EmvO)jLwPx8@Mq zvZ1BwprkLj#iq2yqWn|yZanpfB5ka^?y6*1dwP+Y5b#6YEGn04G7lv6-=Lx+PO?n> zSZrUWmj7hH%T_r<*4{u=BNJ)Wq^$hR=>yl-EKxaDVJ-=@ZaiaACS+B_=sFM=!3c&c zYRF6=Y3>ii?$IB>f1U-fcbszFR4KHhM7tU$#wmDaSCi$Rl*Q)%JU=)PKcZ~@y|~0f zY>>Nd`@kf#vNV!hp1Rtci1R%(My-x!O)|OvH5P;%Rn-6L#QrP`eV|D$zhzz`}uJ zTtSlhKspSlvNDmhe0BLzFLSLH>>9|Rg5*jvbgBwS)4UF(L`{0RzQnF+=&NoyDA0LC ztHg->MZ3H$sB*Pz7Orm^soO?)=pdF##sw|~#cWODKAA$ZP%6sYC52X0u<|f22G?PB zguwvB$-Il#R&XDN{lC7VH{}E`U>87!0CP>wF$utQzQMrV-N_drNX?J=-aaK^O2@4cb9xCe4BqyM#cMHC@H(vQ^q> z*nd(TMN!ooT%cDU*6E7X+G_2wG)=-X&V^|w_k8a}tdB@+FKqkcLUHWtI%+@{0*SZ?;dG?9Y6CIA}Y_zzNldDp1u{ zbF3y6l8rAo38V_?Cg?nJ7TK9pqBRclE?qW`B+I&Hq2;trdD55o8scE&lYk?yoS`n7 zJZV_Qp15ks%_Z3zj6AeAAgQR+2}1V75lk=@72<^bM2w{0h{$p2G9RyCl<}gW*YVGN z)I&$&c%4+FFctBWfhH|Sm7QaEX2F7mW7{@5w$rg~J9%TtY;;BgMOsDar-Ss0piy6kTyoWjRKL-~&nhs!sqGt2+gMLwX0BU;Z| za_uMZdn`-=jng7{siPc25xXD*WlUG1oZSh3`1b?Dja?-|3h!6qwe`i>f?0jIyIOHh zkyN3r0K_Hun!jA(p!(Sp7P>9*?5+u}stN77XDq{*nt6SyZOLKeXj1|wqfTz(u@MGc z*_Ben;LFVEk4y;KT@Q7bi8JKsb~%fr9I}OX5XNPIFlOV@isl)A?0lHtXO7-#LD4Q7 z)rEWB&hV4@xoaI4zG(fXZ_3k>Hx_Avgx9S0fGPOrGA$X)6N)Su^R|*{p@Y=MKQE>J z`BLnns|i-EyZ>O}E%YL)HmKBYNZ^C=BEJl5Aq z98Zx?P^B3#eI=@_o1oB~9fR79hNzRc^#DFSAClaVT*_DzyGS#0YEsOXmwaVoxuFq- z+-B0SK)|v@y@vz=C!`OZ=$Y;4?ccS?0?ZemX$Uu<1{f`CU{dc;F-D0ZfBdIeyZL$L z0Qw%pp8%Rt0-=-~nyZ2e1NwWxk@amq((RQ%q&GEJXRoa-;U7dI$sZih^R8cr`djOf zIqD-uPm)TQ{`Mt@+gkOSt-|^A+^J(QWs z9KnJ*xM0FYVWC;S!?TnL%dw2ct;7+vkWr?X{v89%_-OKmoM_u!-kLfDJMLO#Y}D?k z&|UGG;5L$r!ao}KA^Cf(_fwpsukB`DA*b}^$nAs6cS-(2@cWqm?bfa^n;D)7TGlWo z2GIoIi0D^F@SNls@AocGU>%wWG_C!_^IlAFr2ifC&y`%E2dc;`z;(>+ljz?AVN4L7 z&L$UzJP?6ojd(O=V+>cBoDv0fFJFlgSIH_dNeIS!cm;P7JsGb6Il?*Jeg%;f6Glm3 zCh7~$X&>AcrK8<{2YVy)VQDClg3`&a*(z`3jSzS#I&~A<5G^?J(Z#la^P*U!E864_ z`eMeSISqyfHX5)T=Yk+W&Lxl*An#BXTuu4}&g5qF)1NyN(A}D3#bNBUKrj({FT zGeDRaHYuErQ?p&IEk~H(II!n4^aKig<&Nc{qa6m~0%(E7hhxTL1dJmp1JWLRNvm^5$rDW30sGdU5Q3`I zIp>-kh=>p!pdseNkLvCG9Jgrffa{tAm{DKkms1o!hT&G~soBc1fT#~Zs$OOv4|29& zgEn)Ixa5XWhdntWJ^gB-XN_Kse%~&?pja&f9rP0uSln=jhE`=A{HpC;FN!{uPscx$ zl;p6+^@ovi6^VnMerC*T}%R7XOxcaRv(>Z?rL(%7Y&f6pKBWfLpN{XQMq7$ zZz|3Ugo&u2i*e}=K&VRm)}~|HUd%}=WoWHk z5^Oj7JEBPGrktRg=$Q>;0!)_VqL{v^ z8h^YK-i?jyhONml5~w$BRkHZIQ z3s)#{Nck66Yp5S>F1R~~QXG;UOezy!=(O@T%!Y`XLgPq4{XW1X9g|zMHXUqxf|2xT zPI&hkjbaGMqId=pk~((5p3y~&^Ni=gWEBrCgW34KmgDN(Ofkz?=DB+wVDO^4a*9o? zJo>T?yT^C+-O4|O2+x3N5;VxbGBAh*dM)U0nFQ7~l!m=;b8}@dMF|=!lM%%e*kgN$ zOulpD8N}c^du*23km{1ep~;`!o(z{}oO)cWNk#eSWQdD?AeqbX<*^M#`TBr}=6!plbC+0QH`SY;tb_xqO%cnUi_8R;k zvX2QIwnbF!<_GG<(eU`nPZ>3O4xlZ!9~o3;sF#> z*L1-ebkmk5G$)aRD97%39@jJj&@smha@bth#jR+1A@BsUxb)AJq^G!ito~~rkI4RP zv*Luxab<*OdenE{qq>4KGu>o>ztOT4%NV+WVV;7`5yo7HGygb@R`}{K!Tcz44PV0os(H$IPwLNN zw@fRBSUXU;l4q#{JQb{`c9KcgVbD!|@a^8v!j`P3FRf$0^6joq-BWzLex9> zsg3(85HCtFug~D6DJH@J1Trt4&M%uqe8G-?Zmbf&Cx8Xw1>4x>0dw&$>Nu*V9+2My z2;40O(OEoJUYu@T&Q=z_GRB*7xndx(gQtF8&&L==M3llnTXb|HobWHEiQw!Bw$3h5 zsm7sb)+DpAVD&hOQw%_#w0Cw3VIb{O^il>D93f1(uM`d_z&9^Q>?m7`)_sHNzSwwQ z8R1C~Q7Q@4QIGfegZGVqF0WYL$XC7f(Iokvv^5;{QGckA$e@7Z%~OHFpDYM2J6ozR z>%cm`RK<#~1h;Sq~|A#NLcI z34}mi)T64W7?VE#%6xD4+j(`qHLvmo@=wr)6OQ*l62MDix+ndixJw570vZ2P6PDwD zsu7=9-|CNM!38Y;4uN?06FK-c6b5sb*+e$Tnx_Ezez@o3wYJ{luZ+fVv^BXgya=AX zcye;Y;H$|78Q~tuqO9xBy)Zh7z$Yt}+j16rERRB^%!LC0us?FDk1qAps8LaMeJ+T= z5|&S~?~HOJ_pai@U|DtVvw_O4UVvxbd@@8U4=g||QaHPgEzBJ-OfS`9sEp1<8$_z7 z2gcJ1A_r2z&YN}66-GE}I*706kdc*8go?EEPOwg4#W+DAUMK6IPtd&>8JkQR<5cQQ zBlo6@pP_{KEXxd>HEUcZ+V4k?@bh56<;)8t#AicRDte}0q;_O^hE2wvwRTWaikpFy zBVpLNv;&$f@4(@)a}9qyCnS-d{mvp9W@P{ z&thj^nstg)=6ad{u6^W*j!HAg5Z@--|fLBl2&SB2z>U?m%e0g18 zYKwhJY~hs%uvc6bmm&s7qXatxuPM0#ROC7`Ein>vOM_>sDMW!&DR3fYRkV(mLyGE) z2E6q~kdAcEvHUxDZ2+qRKNKhe5_Hgft78X;9zbmqIm6)yrq35JPpWc`Y^!$?zIx+8 z+K4ZjJ7BL{Y%wY%dOK*}NUU_ywZr$sRlP(xfsP#BZrKQNu*x%9Zv5x!AsG&~E$7y+2L_1nOwLEnF8E;rfmO@;i>@8I zk^RSiu7h*RI|*?kL0_czJ~k~cy0W^=e`;wj*~*LpGC)a40~CoEb%0jZ)_XjZfR2L4 zfD2CK7hL3FqBGOE?4M-h+F$ksgc;^^bFJF6A{o+*UWE#1?Do8Z5JsN*&%+X0i?zu+ zEXeb%sF-0PRNI#E?INcNPQ}i$F9(Jr0`$VhIZ$~$uvC|i>t%_K;=L%cnYfo|dBWS3 zYOzho8a~STi|s)a{r6%0V^Zd$8530yDTw7VFtOTUH}?i*R7KpT5PF=w)u-ApqmP0Y zB|1qiI?)77=D;IsN#*CQ7xA61g)wxn&2sboyYyNE5IDwf30Eej{Y#6A&RA}-XUxt%{mW`r$zLZ$&9y2{&`Jhl+^!^=_^nCWhkD;4_ob!Ik_Ez=-mw#@fS67# zS&?V{f`B6^#%6SS$3gSOqvAOR;f+{W9sJgVJ~5|&urDJcxRi?7`&C8WK%E=Dd^>c} zoBi5gXRJ;u?#{DKL%I|39!$j=&nDh_W~|@ArjCGUpeRlrVSvHqLOaE&(Q7 zvIf;Kt7aYWsF(g*Ey*^!%KWLfy*CQ@9fhsnuL`}k>yG^EYi75cfh*a7;ADYNUo2b< z3qd0#^F!qj6F=Pqf^O*m`Ykx#E^KL#BV-8R??Q`0IY^!+kY(%>xPzoGb{jgC2T}wnfV@3NO4V z3i9;>-UZ4t1*N1+d$#q}prOIDe(%pfQ=q#(3V&wW&EdHfSQ=}Aq6mDNnggY`pQ*?S zW0i=^!5G;IrY(4aD*`9cJat6g5_cUbOOI9%$XSv)i`xb`=*)Y1 zRe1-ym=ovp;62GxC>Cqe6Xle)>W{ehQT3uOU0BSyNU-Bgcz62F**u&9+LzPm>Ts#AxUsw1=0iFdg04{VZhpig|Fc=b>Dd{v%4v zZEfcb(l`#Mt%&;juUf9$^N&~yu(0rz!(K2@(%@2OnPfru8E6-+?<7I{|M8WF01 z+7%Df%O1%WC(@p5S=n5^{nz>2qgrd&mZ3ToRO_y`e@TO6JAb~%@eEu2Jj=bR7hDYN zJ#YazgRQ=jt|gHw5Ug4fjGVt0yJi3sfHTiP@e=Fvg%T- z<#onZx`QLo|EfU72FeV<$L2GKySKF%b~<{bi8f0tsQvJO8)rVDsEOC|1r;>j9ay|t zk2Qb4&GHnZ^X3POzzV)8Hj`=(GAs{H=3osdEt;K%G9UT3A!6~ zXJbgu0ZaOT<3Vo8&90=G9Y%6=Y>O(=vDrx^(kn^NzX+%iEp7du8FtCwfwr%Q{J}oM z=R*`wJO5Kk_?U|!!=gIc1x$-j2-=x2mPsqkuymvxtZ`snPQG|-E*IQ^z+YmB)D(nR z_YDw*P=rQX|3=FDe60S=oDnA?<8l!4%YY+=3NrB#h?7^TKqK{O#q|RbY-1x)D+*9| zw%~hnD0S*k;GUKXy#g=^2B63y9~*uA$$CepV$yCuKjHM8k}kz^N;wrM-`3Sg zLnAOZ>Kx6a_C9Dmpshitv1C2Xk8J3C>HmI1YUcU5D0Fq<1(k z0cll2IkzlbCxSWw1gdu%}e{S5_nwU_+UX`8A^q6^-)XiP7jz& z6W;M6b{xiHQu36B`u}kwTqa|tfLJctKKA7BEpFIPRfK|^jZs*3wm3_c#9b?TnVy}Z zS;6=6Lu*=n*04|TW;--^n8(wGm_+A;+pRts|IIRk#VSxKd&s4PoV5^Ej2lW14oYli zVHs{nY7)0p-X;XI^|{VIlr6>!kA63nT;f2IWoL2HX05yBU6RLj|6AT#GIr>@@M

A%iQ)DTRbe#J_KzlT&LhoNL~J`fgZcT_b{L|bX3%BJMT4!q1fr6kjzjvfpQ zntcaEg9D0B==7xg36V3HfT}tLD^$`qs8lXtjc5XHq|B#~5a7ll<+_^43FbgxrFCFS znhQE>e}<=O{;!u?#2~~p-tEvR`Z5xX1kw5o4L#f|Yb)wc+>1N{#~&45Vjz$+DN>4q z07cbW1nhv*YG&u4n4@{Zaj@d&J#sh>41Rw1dVW?6yv*3|)R6&iB6xZ1(K)C`mlj&>xoY-GhlfbH z)MMNShP!Nvk@5%d{i^P-t8&d?KO$&C+y%tPm<#v}J=O=@n`Gh?YvNx-z?2kT!mfh| z`{>|@^+D^#!7Zn@jjKf(M$EpYc*RcGEpxF2(B~74f>1Y6kEXQ6asC@<&S%nR$>a@1 zGu*02ByW__%m|hMB0_Y`FohG;EpZ@I&D_~|{G{2gwvIwg3Zuhww;8h8(HY)`c0ZLE zu~rEuq-1W$la+E~))Vw$3((*qaWQX!DG@~u!V*tlWxal}7z{Zft`xr^_&DJDHLW!N zo_De5j1+p<16oCwj74Wv!dKw=i-|eAwTy}21771Eio!Upwo%*n*(8GZ*)oyeEufiN zJ1a5m#k}`<(v+W5`z$RGJ?&@#?#D@x7Kp}^^YcDra%|)DR10=uYg#W>dNl(H>15Ro z#X__x0rXz|NGa?WU}kxo=WoT!JZnZ%hnce?Zy}z?>)010 zp3JPvJSepsv$Du`HWlbhe=Gk}+B$&Xy!nbV+=>;0^%5?qkkWMKL(1+F&LmKGRI#v* z?Wf^2`!tl6({malPOPxe3#evZ({cX13#YR)XP?6|XiWg7YQQQ6nS&_3x0Y+3gSzQl z_<)f7mb%3MXHf%HVoV-+<}!XI;hNPBme@_9l5Or1Eb$Vv+r<({Ye;LLX~PBTiBfEF zXBIXy_ZL&ZQUy2I6LhS)Cen~uI#S_NRwY#G(cj$wjyfT-+EBDcaGrz*r2!-bPPBT# zEKbxqZ46ES<8vUvl5zQ@MzD=y6+)N^_^v_7B@_R+)I=ocU6kM2NXKA2`5+Rgs`bP z&6cIZ<6kOda?Rj;QPtJ5*l{vG(xsc%uBqkxikmLip;#deh*ODvCqZaloAxN?YwnUJ zs%?rco&i3-RG+by`D{R9gelSAEj#eHQXHhl68gamLoBehW{2*77*c_maWMf*bF}8&YQw z@^AXKcP=Z43+8YTAyU7j%|dmWtDWdZY0tu|9-UIQ5E48Vh`_bRlw_enugS#l+RZtW zDHrjvO3Q7J4dL)?seKC#?=rkW$6Z_qdqZ=7U>C8Ur|Hf0M+sk`%le(S4}pc+<)RhS z>xw0@CYYnMYLkYzLc|YA= zhIwsz&EiTr8$v3nonwNs_6=Jo)ZnaDwzYXgzkUh$Hoo}oO9%^@Op~A)7TP(#`YI>O z@9K;pZmq`4AyR8T|K$*UFXkHxx|3DpuZnY&>7jZEk{Q`#w}T(rVL^Gg&WcK;h`4Vr zAuhOM;?`~8Qw8P|RnA_KYCDS^yJ#AGnnT()sJc;hR#rKg(`8#5iB{c6SpoG%xiz{f z7I@Olb3sH?e#d)r0eXHE>Nj@qP-vO@m~ZG(RtcxAb+nE)2BW_!_L0tms9*A548LTC&xZ7d$eh3h zAUD|u>81+RaBx9U?|EX7Ot4=qnj6-qlqu2L8v{mFhZ>_>lFd=rVEP*ny(OH(+UYr79RM-xCDfUI7H{&4GSV;Qbx12`?pg#7~94Ni*}e$GwqlM zl7C>B>uUKUS1JOiJ%L1XvUYg=!{*#Z@9Vq5)DWy;kz$19sjp2!GhWN(1F>%$=JKp{ zGv_3~MSf#Q>UQARt?O(+8bcg*=*Iz*3 zGAV)yi}uYG7>h_W3~ssAkgwwJYvC>PCTS&h@s~$rBzSXO=@J;bk;}>nZDf<6qHc&x zlvLg-!;I4lFuGrK1#`>iEHuuj7oU=9D7kJXDb$XRcYh%Zbzz@BVry1 zS|Lofqbn9Mu2Avf4W($r9e`|nvR7qoHQ8qf$9}(# zO$FEbH1RO^kR$X#BY7E|d6GU21?eM^cQjXR*k(v648D)4;;L?u)r1+NH#CCR8>C0l z1E2)<>+g&8aul{!{zSdu6#a zr<3`#KctcGM0cgy@yQuU>Rp#qW?;}u|5Q-k$Sx*t;{4N&a_93-FWp0GaB;NlDZg<+ z8d>kFdY;MuYu_6o^t*i!J)fEr=a9VUbpwek7h8M^xss z9H3Lp_y`2tCmIak`F5zl+B@&7r%;Vu-*L<{`tyljx_=FRnY2f<{r33$@_Qudt2&t5 zWNcc#UY2J47C+${N_wVuMRA-Zz5hBKjcZ{_Mlmm($dhhKfqit}N)gu8uIQ?c?;1)9 zwfE#oC9L!oZ*(s>9kU6>^DurIjJV>?prY$ig8&1S9>M=N$1*E zoUQ!^>KN_sgi!u^@?t33N3fh~+rJh7LV+}#N;IYcGHC@;@HH!8$4;KDN1hu6$DUeW z^pTfMmRT4p^c=_Qh4oJ(@kE9!P?L^nuE`(gT$u=$tEpevSh;WAObz3V{2s2x)4pP0 z28s+9>_8hBzp&c->`#!J^k!OhJ52?-YYv!_&Ix;334976%Fib^b+=(l)qjCWX~&8X z%oYGKT*!Q+4u;VUFfiUGM&cpU6sVDqB8Cu951at3IlUVtbYYC5(;S44q9JcPD!Kxc zIxs%?f;wK*{w-dqDK6oMR!OTygl^qqc9p>>3O@hRz#q;zDL|=IGatUuZk-KIir(o~8=j+p9Ojh-Q?4$FE08 z2Xwd93xTkl^MV67$iG&8&Y$;-@}{9Bbs`B{^W4&*E_n#%f|QJXQ}yAbsVO{-jS2)~ zcf98R+^c|j87$4`qC04olig(o|6)_XqUF-L zggmvXFQ=l+yG!h7&L{4c!HV}$hJ8bEs);;!APvX>OR;@y_PT?58;Dka|J~)E>uxb{ z$6ZKRWFAwJC#dsf$PHlx#0Eajv(2QNxkLKve5w5Gq@p@_BV0yfGM3r`$7R-T0HO4t zc8?FY0iuNUDuXWa^)+a{RaY7t)^;t^u6M`-M)KA+_m+D@k6YKbvzOW5H^gM%TpPk$ z8+`l-v%g_Rx_H%u1a@}WKh~$nprpZ{oFv^v?Wq@~QJA_QL}Y7!I&WF9-m17$AIs89 zpGrW6uDIf_vyW5vZS=(O!4$|#Lw+S8#DUZEIaJ8Qrrh0t3+^2t-3I@sFsga-`}Qk* z+E$KLGJbj!EU@$ng^+5|z-ob}^M`9FCd6YHy2EXj0P(L5#%LIBPl{W)1=fYmb9Z6a z4?LOvu0UyYY9J)B)}ci-T!^PI-q`)04yC#4L;o?0@@}c5Bwa`wONXhLgmQ(^!)x;v z!O^}$UxEd+*J@(! zNqzf|HLPB-PG4Vt^?xbxUT~y8gm+RxuTdq{{Iuz@?zX#*kK)ba9I-??4A=^(o@Py_ zEgEwiuC?Gq#U>RaE%N6P-DAu+RrZOTitFlTeu8@3=1_C=U62_5kHhlrrmrXaue&(* z+!+ot$07OH$+Xl|FnwhRprgVJRhqYJH*QUs-+V#?UY)#;mS4AqO7)n1dH5asMS~S+ zHR|t7Pqp5URi39(8pZ>aNZkE}QHWQ1I<+E%(ENl}(s-OILHNS4xZU= zV%@t)K0PRL9+%i0@9-BNa!9%S{HWg@Dc%peaT!8BwNxSw%6t`8E>G zwePktV+zgsiKj>q!;==n^<8`Upq>MKY7u(DS4ya z%}CP;!%{2TmS8`hKtoC@^R&MFGo`l$2)UtjQ{CaNjtZpi|J0*}>!zG}bts2>v`nh8iMkryOyn$|*xf*lG+ZTATp^g4f zV6-UuyF*Uex>Pp5XpW(PiW)8k;4o7`FHAjfswY6Vp24R?7Jyj7?JuzSqaJ@KJ<-;k zVC>(OeGDu1?)niy1b1f_j9jb_yf>|e%vRa z?a&`Z{0SCh-E8z}2&4Y1T!R42Fb|>_32lN6PBBK%YM(eG|tLl72WQ_8?4gE+%~ zk;ZEi)h2(JrefCzU5tJ7eS*pgMUk0_eVIoJ;T?mT`s0HJU(_d!ZPSiT0%g#z!GrSB z2(ar|u47cd2%C~!4zM~pC#b?cZi^8mu2;zhGZt8)S{(KGnNhxcR%+T}UkAgCpNhD3 zDxx{xA>`tS$dn-=KvX3VQil+o`l)S3!Q?49t$46#m%(3YB5Fuvnl6Y>3LICT@6j;x z^rjb`H+(hi8e2+=(*``D*H}u2*$~^Go3uOKUl6&;3WJsNBnoxksfEakQHp&`NjLJW z!R$@E=~-?OAfN~ny)m(vgZRvT#G^|0PuTe}yTP^B>I4MHhadYhXW}LmV1{Q6!r8FY z3w<_dX5S_7*bA43Q?Mb#1)tei?}>Xa>w}MwM_4*6kxi6^yFUh3rvLc*(vO*nSo$eA0kYB%5w z28EG^hQ*kW4+{G(-8U+qQ)k&u1(s;6C066T!*ZuqvDhr*<%2R57#baaRu|$~D~`0) zKi0xm?5o;ZwWY=NNzN)%LI^f=r5JF=PUAJ?=9t-EVQML6qNHlw7vt;-B_e}-rkJ^P zNvK9n==OU`-I$1h%kbIx$prkcDhRbV@S!4h#7X58URR^h5{{oUjH z7X39}^*hdiRMlDhiV!-!PL+}Ngy1L&IujlboB>%T9~Li@PqU9RI~C3JjtO$q2}`J? zDxcJJgbNtn*s&oQ6cMUo^?GF<-hY+Hj4B=yFNCJmNpt&j{DgA<>hgP2{VNsmJnR;D z!W>1Q;iK)vM>Yg1YXAH0H?-nNY8FPYPV!H~LIT;4AN+8HQc&^aG6_m=w1G(?<>Ia7 z{1BvQz{bP+)45pX$B|0DPiX9e?lc-TJq3*v>T=q1z?NMlmZAAy6px8^Z5e@I&R7f1 zEmC#D&OFGLgi%-YsHzjd1RiCqX4^mMJM`961{1e?lF6~%w)E`{v zeO%bBT)G4pQP-J4sk#>KUH7 z&r_qp9S{*FqigCDt`c1nEbr`m+^DH7nMGKUaOsV&Wt>p_dQ?lc;MMEK8h+sn=GE6_ z4-!NzfT~8|x*O;roIfHTlv}=RKvk-EBbQ?>Ih;X2j(Ilm9gqJ45G9GoT1X{Rag`L8 z^1f-QWGV@VHmA^8loSibUW!@sEV8i))>Q+L6vHDLg>WY`fe>1e$<|O&K-%iszVD1?K@IHW8vXoz$Rg(mRMy;1%Hs zv-2)FSE)JKpA<+G>QN9W#ZXH_$KLeL5+)XYH#DIEN{Y%eRtyjUP`g)=p}eCQ69^QryUEs?&;UlyuW-JGY zxBig`dmeUP$rbE*5LwuQ>ZiIe^=Z)=9PKD{ZW&tl@2jZIH+hIe6-G8AO-xRH{N+(u ziw53W?k1LOOp}zr*Pzy|+JKf#tWho+^CC$_7E?c=(tV$cY_dL;C@{AtNQbGy`eh#l zY`x4zMrzG1fAyw|&wtM9#zqbU_r7$*q zrpad%+f`WAAh$&dc~T92TSdl{H~OHW6keg}gV2PCnCOBdZ~1FDhd0o}G_=3`Izl4# zNrlIO#@?{?^^>%8AC@FzgGDCQKF03I(GmnBn-lo_FG@R#YpA84W4;r2C6BhvAva~6 z$m{It&E`1WLme*u201M4FvTZOy-VPA1I@=w)%~=rS(7lo`il$Iq~_#?B$fKxE{M&r z2h55}nWb?g%_YGO57tj{?-iBRxRFrh5?7=FyZAWyTx7e}T`rReN1eS*b%NCW#*P{`P>whi z3yEXh5Ww%wNn}%lUgmZxm>B$ROTKzzQ;fx*0qMS5eMC#gXK|6_VotBzlg0g^!cAP` z$_3NuRDsW&eU7`l!0I*DSf-1v8AD?#re<7HQkgHf$DU|=AqM@v0JaU1D$%5Yf$u9o zZR^ft2|v(?qxm};U?D{JbzhJ@S_T~IIxCT`fK4+YgOgtg=r#l?&tM*E+*45?T+8}fCg?>J=hh-_++ZCg6h*Py?oeg-gt>fQbCjr$OQ_1-re56#Jh-)6u z@giaN?3Tswvk8JvIKgnf4tQ?rDbo-fklh%$ggq1KM&crE1K$i#dMl?XUAOKHBkqJ1 zNYiKA%Ug{JY%1neY})_jBRufck#}9l z>)(AIvHIjdJp&f}ogPY{Z>*d{v?M4yAixlzdtQS4zL5Pk}z8*uq(z0c zl32iWaEqg?NyY6zN!fJoRd(n~AA|U*g~4qblrJrx6FXC=AJ(Tbkek17T&3Eqs@t%$ zAJYX_QY18HRW3xfxnr8!Ochp~pQ)}OtQ_7Gy8r!g$%gFnRptiQHxf0-K=M?V>E62%nAc`#3#dPl^E=TC1>+R0fjfZ;p@Xb5eL>w&D+hN`QJ0WK zn1PWbRzMn_IJdemD@Vg%aRjfx9^I9Iuum zO(>MmiNaBr`eQ~w(=)m^VWvO6NIfpm8En+`2DmK5=DH$k(K@#10LQ6AFvvrIU60#tcSS-9s^gMs^=)U@t&+@!{?> z|3FTT?*)oQwMa(xZ(l>}16Hwlj;)IYC1+4~)DaE1eH2u~sDBv92fsOp_`?G z3vYiv1>|yp*S_HJRpPUOkDZfWkcWO3_O+~Xmi2Zs4m z5n+cYX3{e5@t%*c{LjHmAcCiV9&f)t349TI!*&O6_h0Y4{(p}?=e_?3ZG(DHf%b5K F{s&9{7)}5H literal 0 HcmV?d00001 diff --git a/tpm2-tss-engine.spec b/tpm2-tss-engine.spec new file mode 100644 index 0000000..61744c9 --- /dev/null +++ b/tpm2-tss-engine.spec @@ -0,0 +1,88 @@ +Name: tpm2-tss-engine +Version: 1.1.0 +Release: 1 +Summary: OpenSSL Engine for TPM2 devices using the tpm2-tss software stack + +License: BSD +URL: https://github.com/tpm2-software/tpm2-tss-engine +Source0: https://github.com/tpm2-software/tpm2-tss-engine/releases/download/v%{version}/%{name}-%{version}.tar.gz + +BuildRequires: make +BuildRequires: autoconf +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: libtool +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: pkgconfig +#BuildRequires: pandoc +BuildRequires: tpm2-tss-devel +BuildRequires: openssl-devel + +Requires: openssl +Requires: tpm2-tss + +%description +tpm2-tss-engine is an engine implementation for OpenSSL that uses tpm2-tss +software stack. It uses the Enhanced System API (ESAPI) interface of the +TSS 2.0 for downwards communication. It supports RSA decryption and signatures +as well as ECDSA signatures. + +%prep +%autosetup -n %{name}-%{version} -p1 + + +%build +%configure +%make_build + + +%install +%make_install +find %{buildroot}%{_libdir}/engines-1.1 -type f -name \*.la -exec rm {} + +find %{buildroot}%{_libdir}/engines-1.1 -type f -name \*.a -exec rm {} + + + + +%files +%license LICENSE +%doc README.md CHANGELOG.md +%{_libdir}/engines-1.1/libtpm2tss.so +%{_libdir}/engines-1.1/tpm2tss.so + + +%package devel +Summary: Headers and libraries for building applications against tpm2-tss-engine +Requires: %{name}%{_isa} = %{version}-%{release} + +%description devel +This package contains headers and libraries for building apps applications +against tpm2-tss-engine + +%files devel +%{_includedir}/tpm2-tss-engine.h +%{_mandir}/man3/tpm2tss_*.3.* + + + +%package utilities +Summary: Utility binary for openssl using tpm2-tss software stack +Requires: %{name}%{_isa} = %{version}-%{release} + +%description utilities +This package contains the binary of the engine implementation for openssl that +uses the tpm2-tss software stack + +%files utilities +%{_bindir}/tpm2tss-genkey +%{_datadir}/bash-completion/completions/tpm2tss-genkey +%{_mandir}/man1/tpm2tss-*.1.* + + + + +%changelog +* Wed May 17 2023 wujiangtao - 1.1.0-1 +- ID:NA +- SUG:NA +- DESC: Package init -- Gitee