From 9c519a0aa9a0cf79f36c07122780c6bd6c305787 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Wed, 31 Jan 2018 18:37:51 -0800 Subject: [PATCH 01/17] Add BearSSL as SSL/TLS provider to ESP8266-Arduino BearSSL (https://www.bearssl.org) is a TLS(SSL) library written by Thomas Pornin that is optimized for lower-memory embedded systems like the ESP8266. It supports a wide variety of modern ciphers and is unique in that it doesn't perform any memory allocations during operation (which is the unfortunate bane of the current axTLS). BearSSL is also absolutely focused on security and by default performs all its security checks on x.509 certificates during the connection phase (but if you want to be insecure and dangerous, that's possible too). While it does support unidirectional SSL buffers, like axTLS, as implemented the ESP8266 wrappers only support bidirectional buffers. These bidirectional buffers avoid deadlocks in protocols which don't have well separate receive and transmit periods. This patch adds several classes which allow connecting to TLS servers using this library in almost the same way as axTLS: WiFiClientBearSSL - WiFiClient that supports TLS WiFiServerBearSSL - WiFiServer supporting TLS and client certs It also introduces objects for PEM/DER encoded keys and certificates: BearSSLX509List - x.509 Certificate (list) for general use BearSSLPrivateKey - RSA or EC private key BearSSLPublicKey - RSA or EC public key (i.e. from a public website) Finally, it adds a Certificate Authority store object which lets BearSSL access a set of trusted CA certificates on SPIFFS to allow it to verify the identity of any remote site on the Internet, without requiring RAM except for the single matching certificate. CertStoreSPIFFSBearSSL - Certificate store utility Client certificates are supported for the WiFiClientBearSSL, and what's more the WiFiServerBearSSL can also *require* remote clients to have a trusted certificate signed by a specific CA (or yourself with self-signing CAs). Maximum Fragment Length Negotiation probing and usage are supported, but be aware that most sites on the Internet will not support it. When available you can reduce the memory footprint of the SSL client or server dramatically (i.e. down to 2-8KB vs. the ~22KB required for a full 16K receive fragment and 512b send fragment). You can also manually set a smaller fragment size and guarantee at your protocol level all data will fit within it. --- .gitignore | 1 + boards.txt | 144 +- cores/esp8266/HardwareSerial.cpp | 85 +- cores/esp8266/HardwareSerial.h | 69 +- cores/esp8266/Print.cpp | 19 +- cores/esp8266/Updater.cpp | 4 +- cores/esp8266/abi.cpp | 18 +- cores/esp8266/core_esp8266_i2s.c | 7 +- cores/esp8266/core_esp8266_postmortem.c | 77 +- cores/esp8266/core_esp8266_si2c.c | 72 +- cores/esp8266/heap.c | 25 +- cores/esp8266/i2s.h | 1 + cores/esp8266/uart.c | 52 +- cores/esp8266/uart.h | 6 +- cores/esp8266/umm_malloc/umm_malloc.c | 16 + cores/esp8266/umm_malloc/umm_malloc_cfg.h | 14 +- doc/esp8266wifi/readme.rst | 4 +- doc/faq/a01-espcomm_sync-failed.rst | 58 +- doc/ota_updates/readme.rst | 8 +- .../src/ESP8266HTTPClient.cpp | 63 + .../ESP8266HTTPClient/src/ESP8266HTTPClient.h | 2 + .../SecureBearSSLUpdater.ino | 117 + .../HelloServerBearSSL/HelloServerBearSSL.ino | 142 + .../src/ESP8266WebServerBearSSL.cpp | 153 + .../src/ESP8266WebServerBearSSL.h | 63 + .../src/ESP8266WebServerSecure.h | 6 + .../BearSSL_CertStore/BearSSL_CertStore.ino | 158 + .../BearSSL_CertStore/certs-from-mozilla.py | 51 + .../BearSSL_MaxFragmentLength.ino | 125 + .../BearSSL_Server/BearSSL_Server.ino | 179 + .../DO-NOT-USE-THESE-CERTS-IN-YOUR-OWN-APPS | 0 .../examples/BearSSL_Server/cert.pem | 20 + .../examples/BearSSL_Server/key.pem | 28 + .../BearSSL_ServerClientCert.ino | 259 ++ .../DO-NOT-USE-THESE-CERTS-IN-YOUR-OWN-APPS | 0 .../examples/BearSSL_ServerClientCert/ca.conf | 12 + .../BearSSL_ServerClientCert/ca_cer.pem | 18 + .../BearSSL_ServerClientCert/ca_cer.srl | 1 + .../BearSSL_ServerClientCert/ca_key.pem | 27 + .../BearSSL_ServerClientCert/client.conf | 8 + .../BearSSL_ServerClientCert/client1_cer.pem | 17 + .../BearSSL_ServerClientCert/client1_key.pem | 27 + .../BearSSL_ServerClientCert/client1_req.csr | 16 + .../BearSSL_ServerClientCert/server.conf | 8 + .../BearSSL_ServerClientCert/server_cer.pem | 20 + .../BearSSL_ServerClientCert/server_key.pem | 27 + .../BearSSL_Validation/BearSSL_Validation.ino | 228 + libraries/ESP8266WiFi/keywords.txt | 28 + libraries/ESP8266WiFi/src/BearSSLHelpers.cpp | 808 ++++ libraries/ESP8266WiFi/src/BearSSLHelpers.h | 122 + .../ESP8266WiFi/src/CertStoreBearSSL.cpp | 141 + libraries/ESP8266WiFi/src/CertStoreBearSSL.h | 61 + .../ESP8266WiFi/src/CertStoreSDBearSSL.cpp | 150 + .../ESP8266WiFi/src/CertStoreSDBearSSL.h | 47 + .../src/CertStoreSPIFFSBearSSL.cpp | 125 + .../ESP8266WiFi/src/CertStoreSPIFFSBearSSL.h | 43 + libraries/ESP8266WiFi/src/ESP8266WiFi.h | 4 + libraries/ESP8266WiFi/src/ESP8266WiFiSTA.cpp | 8 + libraries/ESP8266WiFi/src/ESP8266WiFiSTA.h | 1 + libraries/ESP8266WiFi/src/WiFiClient.cpp | 5 +- .../ESP8266WiFi/src/WiFiClientBearSSL.cpp | 1214 +++++ libraries/ESP8266WiFi/src/WiFiClientBearSSL.h | 175 + .../ESP8266WiFi/src/WiFiClientSecure.cpp | 24 + libraries/ESP8266WiFi/src/WiFiClientSecure.h | 1 + .../ESP8266WiFi/src/WiFiServerBearSSL.cpp | 89 + libraries/ESP8266WiFi/src/WiFiServerBearSSL.h | 68 + .../ESP8266WiFi/src/include/DataSource.h | 61 +- .../ESP8266WiFi/src/include/UdpContext.h | 21 +- .../src/ESP8266httpUpdate.cpp | 23 + .../ESP8266httpUpdate/src/ESP8266httpUpdate.h | 5 + libraries/ESP8266mDNS/ESP8266mDNS.cpp | 88 +- libraries/ESP8266mDNS/ESP8266mDNS.h | 8 +- libraries/SPI/SPI.cpp | 14 +- libraries/SPI/SPI.h | 10 +- libraries/SPISlave/src/SPISlave.cpp | 8 + libraries/SPISlave/src/SPISlave.h | 1 + libraries/SPISlave/src/hspi_slave.c | 17 + libraries/SPISlave/src/hspi_slave.h | 3 + platform.txt | 4 +- sigma_delta.h | 72 - tests/common.sh | 2 +- tests/device/libraries/BSTest/Makefile | 4 +- tests/device/libraries/BSTest/runner.py | 3 +- .../test_ClientContext/test_ClientContext.ino | 94 + .../test_ClientContext/test_ClientContext.py | 60 + tools/boards.txt.py | 3 +- tools/platformio-build.py | 2 +- tools/sdk/include/bearssl/bearssl.h | 169 + tools/sdk/include/bearssl/bearssl_aead.h | 1059 +++++ tools/sdk/include/bearssl/bearssl_block.h | 2522 ++++++++++ tools/sdk/include/bearssl/bearssl_ec.h | 804 ++++ tools/sdk/include/bearssl/bearssl_hash.h | 1346 ++++++ tools/sdk/include/bearssl/bearssl_hmac.h | 211 + tools/sdk/include/bearssl/bearssl_pem.h | 243 + tools/sdk/include/bearssl/bearssl_port.h | 20 + tools/sdk/include/bearssl/bearssl_prf.h | 150 + tools/sdk/include/bearssl/bearssl_rand.h | 295 ++ tools/sdk/include/bearssl/bearssl_rsa.h | 743 +++ tools/sdk/include/bearssl/bearssl_ssl.h | 4136 +++++++++++++++++ tools/sdk/include/bearssl/bearssl_x509.h | 1451 ++++++ tools/sdk/include/user_interface.h | 1 + tools/sdk/ld/eagle.app.v6.common.ld | 1 + tools/sdk/lib/libbearssl.a | Bin 0 -> 4278774 bytes .../libc/xtensa-lx106-elf/include/assert.h | 2 +- 104 files changed, 18817 insertions(+), 408 deletions(-) create mode 100644 libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino create mode 100644 libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino create mode 100644 libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.cpp create mode 100644 libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.h create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino create mode 100755 libraries/ESP8266WiFi/examples/BearSSL_CertStore/certs-from-mozilla.py create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_Server/DO-NOT-USE-THESE-CERTS-IN-YOUR-OWN-APPS create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_Server/cert.pem create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_Server/key.pem create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/DO-NOT-USE-THESE-CERTS-IN-YOUR-OWN-APPS create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca.conf create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_cer.pem create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_cer.srl create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_key.pem create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client.conf create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_cer.pem create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_key.pem create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_req.csr create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server.conf create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server_cer.pem create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server_key.pem create mode 100644 libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino create mode 100644 libraries/ESP8266WiFi/src/BearSSLHelpers.cpp create mode 100644 libraries/ESP8266WiFi/src/BearSSLHelpers.h create mode 100644 libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp create mode 100644 libraries/ESP8266WiFi/src/CertStoreBearSSL.h create mode 100644 libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp create mode 100644 libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h create mode 100644 libraries/ESP8266WiFi/src/CertStoreSPIFFSBearSSL.cpp create mode 100644 libraries/ESP8266WiFi/src/CertStoreSPIFFSBearSSL.h create mode 100644 libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp create mode 100644 libraries/ESP8266WiFi/src/WiFiClientBearSSL.h create mode 100644 libraries/ESP8266WiFi/src/WiFiServerBearSSL.cpp create mode 100644 libraries/ESP8266WiFi/src/WiFiServerBearSSL.h delete mode 100644 sigma_delta.h create mode 100644 tests/device/test_ClientContext/test_ClientContext.ino create mode 100644 tests/device/test_ClientContext/test_ClientContext.py create mode 100644 tools/sdk/include/bearssl/bearssl.h create mode 100644 tools/sdk/include/bearssl/bearssl_aead.h create mode 100644 tools/sdk/include/bearssl/bearssl_block.h create mode 100644 tools/sdk/include/bearssl/bearssl_ec.h create mode 100644 tools/sdk/include/bearssl/bearssl_hash.h create mode 100644 tools/sdk/include/bearssl/bearssl_hmac.h create mode 100644 tools/sdk/include/bearssl/bearssl_pem.h create mode 100644 tools/sdk/include/bearssl/bearssl_port.h create mode 100644 tools/sdk/include/bearssl/bearssl_prf.h create mode 100644 tools/sdk/include/bearssl/bearssl_rand.h create mode 100644 tools/sdk/include/bearssl/bearssl_rsa.h create mode 100644 tools/sdk/include/bearssl/bearssl_ssl.h create mode 100644 tools/sdk/include/bearssl/bearssl_x509.h create mode 100644 tools/sdk/lib/libbearssl.a diff --git a/.gitignore b/.gitignore index 9e38e28cad..f9dad668b3 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ boards.local.txt *.gcno *.gcda *.o +*.a diff --git a/boards.txt b/boards.txt index 3159d90018..c87ac9aea8 100644 --- a/boards.txt +++ b/boards.txt @@ -319,11 +319,11 @@ generic.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER generic.menu.DebugLevel.OTA=OTA generic.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA generic.menu.DebugLevel.OOM=OOM -generic.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +generic.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM generic.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -generic.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +generic.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM generic.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -generic.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +generic.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM generic.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG generic.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG generic.menu.FlashErase.none=Only Sketch @@ -556,11 +556,11 @@ esp8285.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER esp8285.menu.DebugLevel.OTA=OTA esp8285.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA esp8285.menu.DebugLevel.OOM=OOM -esp8285.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +esp8285.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM esp8285.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -esp8285.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +esp8285.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM esp8285.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -esp8285.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +esp8285.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM esp8285.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG esp8285.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG esp8285.menu.FlashErase.none=Only Sketch @@ -712,11 +712,11 @@ espduino.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER espduino.menu.DebugLevel.OTA=OTA espduino.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA espduino.menu.DebugLevel.OOM=OOM -espduino.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espduino.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM espduino.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espduino.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espduino.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espduino.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espduino.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espduino.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espduino.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG espduino.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG espduino.menu.FlashErase.none=Only Sketch @@ -860,11 +860,11 @@ huzzah.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER huzzah.menu.DebugLevel.OTA=OTA huzzah.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA huzzah.menu.DebugLevel.OOM=OOM -huzzah.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +huzzah.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM huzzah.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -huzzah.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +huzzah.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM huzzah.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -huzzah.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +huzzah.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM huzzah.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG huzzah.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG huzzah.menu.FlashErase.none=Only Sketch @@ -1011,11 +1011,11 @@ espresso_lite_v1.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER espresso_lite_v1.menu.DebugLevel.OTA=OTA espresso_lite_v1.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA espresso_lite_v1.menu.DebugLevel.OOM=OOM -espresso_lite_v1.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espresso_lite_v1.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM espresso_lite_v1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espresso_lite_v1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espresso_lite_v1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espresso_lite_v1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espresso_lite_v1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espresso_lite_v1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espresso_lite_v1.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG espresso_lite_v1.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG espresso_lite_v1.menu.FlashErase.none=Only Sketch @@ -1162,11 +1162,11 @@ espresso_lite_v2.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER espresso_lite_v2.menu.DebugLevel.OTA=OTA espresso_lite_v2.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA espresso_lite_v2.menu.DebugLevel.OOM=OOM -espresso_lite_v2.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espresso_lite_v2.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM espresso_lite_v2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espresso_lite_v2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espresso_lite_v2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espresso_lite_v2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espresso_lite_v2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espresso_lite_v2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espresso_lite_v2.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG espresso_lite_v2.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG espresso_lite_v2.menu.FlashErase.none=Only Sketch @@ -1313,11 +1313,11 @@ phoenix_v1.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER phoenix_v1.menu.DebugLevel.OTA=OTA phoenix_v1.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA phoenix_v1.menu.DebugLevel.OOM=OOM -phoenix_v1.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +phoenix_v1.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM phoenix_v1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -phoenix_v1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +phoenix_v1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM phoenix_v1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -phoenix_v1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +phoenix_v1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM phoenix_v1.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG phoenix_v1.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG phoenix_v1.menu.FlashErase.none=Only Sketch @@ -1464,11 +1464,11 @@ phoenix_v2.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER phoenix_v2.menu.DebugLevel.OTA=OTA phoenix_v2.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA phoenix_v2.menu.DebugLevel.OOM=OOM -phoenix_v2.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +phoenix_v2.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM phoenix_v2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -phoenix_v2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +phoenix_v2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM phoenix_v2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -phoenix_v2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +phoenix_v2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM phoenix_v2.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG phoenix_v2.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG phoenix_v2.menu.FlashErase.none=Only Sketch @@ -1612,11 +1612,11 @@ nodemcu.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER nodemcu.menu.DebugLevel.OTA=OTA nodemcu.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA nodemcu.menu.DebugLevel.OOM=OOM -nodemcu.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +nodemcu.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM nodemcu.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -nodemcu.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +nodemcu.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM nodemcu.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -nodemcu.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +nodemcu.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM nodemcu.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG nodemcu.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG nodemcu.menu.FlashErase.none=Only Sketch @@ -1760,11 +1760,11 @@ nodemcuv2.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER nodemcuv2.menu.DebugLevel.OTA=OTA nodemcuv2.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA nodemcuv2.menu.DebugLevel.OOM=OOM -nodemcuv2.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +nodemcuv2.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM nodemcuv2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -nodemcuv2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +nodemcuv2.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM nodemcuv2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -nodemcuv2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +nodemcuv2.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM nodemcuv2.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG nodemcuv2.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG nodemcuv2.menu.FlashErase.none=Only Sketch @@ -1888,11 +1888,11 @@ modwifi.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER modwifi.menu.DebugLevel.OTA=OTA modwifi.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA modwifi.menu.DebugLevel.OOM=OOM -modwifi.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +modwifi.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM modwifi.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -modwifi.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +modwifi.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM modwifi.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -modwifi.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +modwifi.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM modwifi.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG modwifi.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG modwifi.menu.FlashErase.none=Only Sketch @@ -2033,11 +2033,11 @@ thing.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER thing.menu.DebugLevel.OTA=OTA thing.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA thing.menu.DebugLevel.OOM=OOM -thing.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +thing.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM thing.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -thing.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +thing.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM thing.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -thing.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +thing.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM thing.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG thing.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG thing.menu.FlashErase.none=Only Sketch @@ -2178,11 +2178,11 @@ thingdev.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER thingdev.menu.DebugLevel.OTA=OTA thingdev.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA thingdev.menu.DebugLevel.OOM=OOM -thingdev.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +thingdev.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM thingdev.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -thingdev.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +thingdev.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM thingdev.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -thingdev.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +thingdev.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM thingdev.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG thingdev.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG thingdev.menu.FlashErase.none=Only Sketch @@ -2326,11 +2326,11 @@ esp210.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER esp210.menu.DebugLevel.OTA=OTA esp210.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA esp210.menu.DebugLevel.OOM=OOM -esp210.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +esp210.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM esp210.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -esp210.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +esp210.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM esp210.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -esp210.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +esp210.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM esp210.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG esp210.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG esp210.menu.FlashErase.none=Only Sketch @@ -2474,11 +2474,11 @@ d1_mini.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER d1_mini.menu.DebugLevel.OTA=OTA d1_mini.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA d1_mini.menu.DebugLevel.OOM=OOM -d1_mini.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM d1_mini.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -d1_mini.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM d1_mini.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -d1_mini.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM d1_mini.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG d1_mini.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG d1_mini.menu.FlashErase.none=Only Sketch @@ -2602,11 +2602,11 @@ d1_mini_pro.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER d1_mini_pro.menu.DebugLevel.OTA=OTA d1_mini_pro.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA d1_mini_pro.menu.DebugLevel.OOM=OOM -d1_mini_pro.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini_pro.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM d1_mini_pro.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -d1_mini_pro.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini_pro.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM d1_mini_pro.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -d1_mini_pro.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini_pro.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM d1_mini_pro.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG d1_mini_pro.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG d1_mini_pro.menu.FlashErase.none=Only Sketch @@ -2797,11 +2797,11 @@ d1_mini_lite.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER d1_mini_lite.menu.DebugLevel.OTA=OTA d1_mini_lite.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA d1_mini_lite.menu.DebugLevel.OOM=OOM -d1_mini_lite.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini_lite.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM d1_mini_lite.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -d1_mini_lite.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini_lite.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM d1_mini_lite.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -d1_mini_lite.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1_mini_lite.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM d1_mini_lite.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG d1_mini_lite.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG d1_mini_lite.menu.FlashErase.none=Only Sketch @@ -2945,11 +2945,11 @@ d1.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER d1.menu.DebugLevel.OTA=OTA d1.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA d1.menu.DebugLevel.OOM=OOM -d1.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM d1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -d1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM d1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -d1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +d1.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM d1.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG d1.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG d1.menu.FlashErase.none=Only Sketch @@ -3096,11 +3096,11 @@ espino.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER espino.menu.DebugLevel.OTA=OTA espino.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA espino.menu.DebugLevel.OOM=OOM -espino.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espino.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM espino.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espino.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espino.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espino.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espino.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espino.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espino.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG espino.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG espino.menu.FlashErase.none=Only Sketch @@ -3244,11 +3244,11 @@ espinotee.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER espinotee.menu.DebugLevel.OTA=OTA espinotee.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA espinotee.menu.DebugLevel.OOM=OOM -espinotee.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espinotee.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM espinotee.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espinotee.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espinotee.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espinotee.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -espinotee.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +espinotee.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM espinotee.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG espinotee.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG espinotee.menu.FlashErase.none=Only Sketch @@ -3459,11 +3459,11 @@ wifinfo.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER wifinfo.menu.DebugLevel.OTA=OTA wifinfo.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA wifinfo.menu.DebugLevel.OOM=OOM -wifinfo.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +wifinfo.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM wifinfo.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -wifinfo.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +wifinfo.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM wifinfo.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -wifinfo.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +wifinfo.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM wifinfo.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG wifinfo.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG wifinfo.menu.FlashErase.none=Only Sketch @@ -3619,11 +3619,11 @@ arduino-esp8266.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER arduino-esp8266.menu.DebugLevel.OTA=OTA arduino-esp8266.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA arduino-esp8266.menu.DebugLevel.OOM=OOM -arduino-esp8266.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +arduino-esp8266.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM arduino-esp8266.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -arduino-esp8266.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +arduino-esp8266.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM arduino-esp8266.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -arduino-esp8266.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +arduino-esp8266.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM arduino-esp8266.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG arduino-esp8266.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG arduino-esp8266.menu.FlashErase.none=Only Sketch @@ -3765,11 +3765,11 @@ gen4iod.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER gen4iod.menu.DebugLevel.OTA=OTA gen4iod.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA gen4iod.menu.DebugLevel.OOM=OOM -gen4iod.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +gen4iod.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM gen4iod.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -gen4iod.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +gen4iod.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM gen4iod.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -gen4iod.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +gen4iod.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM gen4iod.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG gen4iod.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG gen4iod.menu.FlashErase.none=Only Sketch @@ -3914,11 +3914,11 @@ oak.menu.DebugLevel.UPDATER.build.debug_level= -DDEBUG_ESP_UPDATER oak.menu.DebugLevel.OTA=OTA oak.menu.DebugLevel.OTA.build.debug_level= -DDEBUG_ESP_OTA oak.menu.DebugLevel.OOM=OOM -oak.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +oak.menu.DebugLevel.OOM.build.debug_level= -DDEBUG_ESP_OOM oak.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM=CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -oak.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +oak.menu.DebugLevel.COREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM oak.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM=SSL+TLS_MEM+HTTP_CLIENT+HTTP_SERVER+CORE+WIFI+HTTP_UPDATE+UPDATER+OTA+OOM -oak.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM -include "umm_malloc/umm_malloc_cfg.h" +oak.menu.DebugLevel.SSLTLS_MEMHTTP_CLIENTHTTP_SERVERCOREWIFIHTTP_UPDATEUPDATEROTAOOM.build.debug_level= -DDEBUG_ESP_SSL -DDEBUG_ESP_TLS_MEM -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_CORE -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_ESP_OOM oak.menu.DebugLevel.NoAssert-NDEBUG=NoAssert-NDEBUG oak.menu.DebugLevel.NoAssert-NDEBUG.build.debug_level= -DNDEBUG oak.menu.FlashErase.none=Only Sketch diff --git a/cores/esp8266/HardwareSerial.cpp b/cores/esp8266/HardwareSerial.cpp index e5b0d79a8c..4eb2366fa5 100644 --- a/cores/esp8266/HardwareSerial.cpp +++ b/cores/esp8266/HardwareSerial.cpp @@ -55,10 +55,8 @@ void HardwareSerial::end() uart_set_debug(UART_NO); } - if (_uart) { - uart_uninit(_uart); - _uart = NULL; - } + uart_uninit(_uart); + _uart = NULL; } size_t HardwareSerial::setRxBufferSize(size_t size){ @@ -70,30 +68,6 @@ size_t HardwareSerial::setRxBufferSize(size_t size){ return _rx_size; } -void HardwareSerial::swap(uint8_t tx_pin) -{ - if(!_uart) { - return; - } - uart_swap(_uart, tx_pin); -} - -void HardwareSerial::set_tx(uint8_t tx_pin) -{ - if(!_uart) { - return; - } - uart_set_tx(_uart, tx_pin); -} - -void HardwareSerial::pins(uint8_t tx, uint8_t rx) -{ - if(!_uart) { - return; - } - uart_set_pins(_uart, tx, rx); -} - void HardwareSerial::setDebugOutput(bool en) { if(!_uart) { @@ -113,16 +87,6 @@ void HardwareSerial::setDebugOutput(bool en) } } -bool HardwareSerial::isTxEnabled(void) -{ - return _uart && uart_tx_enabled(_uart); -} - -bool HardwareSerial::isRxEnabled(void) -{ - return _uart && uart_rx_enabled(_uart); -} - int HardwareSerial::available(void) { int result = static_cast(uart_rx_available(_uart)); @@ -132,27 +96,6 @@ int HardwareSerial::available(void) return result; } -int HardwareSerial::peek(void) -{ - // this may return -1, but that's okay - return uart_peek_char(_uart); -} - -int HardwareSerial::read(void) -{ - // this may return -1, but that's okay - return uart_read_char(_uart); -} - -int HardwareSerial::availableForWrite(void) -{ - if(!_uart || !uart_tx_enabled(_uart)) { - return 0; - } - - return static_cast(uart_tx_free(_uart)); -} - void HardwareSerial::flush() { if(!_uart || !uart_tx_enabled(_uart)) { @@ -165,33 +108,9 @@ void HardwareSerial::flush() delayMicroseconds(11000000 / uart_get_baudrate(_uart) + 1); } -size_t HardwareSerial::write(uint8_t c) -{ - if(!_uart || !uart_tx_enabled(_uart)) { - return 0; - } - - uart_write_char(_uart, c); - return 1; -} - -int HardwareSerial::baudRate(void) -{ - // Null pointer on _uart is checked by SDK - return uart_get_baudrate(_uart); -} - - -HardwareSerial::operator bool() const -{ - return _uart != 0; -} - - #if !defined(NO_GLOBAL_INSTANCES) && !defined(NO_GLOBAL_SERIAL) HardwareSerial Serial(UART0); #endif #if !defined(NO_GLOBAL_INSTANCES) && !defined(NO_GLOBAL_SERIAL1) HardwareSerial Serial1(UART1); #endif - diff --git a/cores/esp8266/HardwareSerial.h b/cores/esp8266/HardwareSerial.h index 4b384fee53..cac61953a5 100644 --- a/cores/esp8266/HardwareSerial.h +++ b/cores/esp8266/HardwareSerial.h @@ -93,26 +93,50 @@ class HardwareSerial: public Stream { swap(1); } - void swap(uint8_t tx_pin); //toggle between use of GPIO13/GPIO15 or GPIO3/GPIO(1/2) as RX and TX + void swap(uint8_t tx_pin) //toggle between use of GPIO13/GPIO15 or GPIO3/GPIO(1/2) as RX and TX + { + uart_swap(_uart, tx_pin); + } /* * Toggle between use of GPIO1 and GPIO2 as TX on UART 0. * Note: UART 1 can't be used if GPIO2 is used with UART 0! */ - void set_tx(uint8_t tx_pin); + void set_tx(uint8_t tx_pin) + { + uart_set_tx(_uart, tx_pin); + } /* * UART 0 possible options are (1, 3), (2, 3) or (15, 13) * UART 1 allows only TX on 2 if UART 0 is not (2, 3) */ - void pins(uint8_t tx, uint8_t rx); + void pins(uint8_t tx, uint8_t rx) + { + uart_set_pins(_uart, tx, rx); + } int available(void) override; - int peek(void) override; - int read(void) override; - int availableForWrite(void); + + int peek(void) override + { + // this may return -1, but that's okay + return uart_peek_char(_uart); + } + int read(void) override + { + // this may return -1, but that's okay + return uart_read_char(_uart); + } + int availableForWrite(void) + { + return static_cast(uart_tx_free(_uart)); + } void flush(void) override; - size_t write(uint8_t) override; + size_t write(uint8_t c) override + { + return uart_write_char(_uart, c); + } inline size_t write(unsigned long n) { return write((uint8_t) n); @@ -129,13 +153,32 @@ class HardwareSerial: public Stream { return write((uint8_t) n); } - using Print::write; // pull in write(str) and write(buf, size) from Print - operator bool() const; - + size_t write(const uint8_t *buffer, size_t size) + { + return uart_write(_uart, (const char*)buffer, size); + } + operator bool() const + { + return _uart != 0; + } void setDebugOutput(bool); - bool isTxEnabled(void); - bool isRxEnabled(void); - int baudRate(void); + bool isTxEnabled(void) + { + return uart_tx_enabled(_uart); + } + bool isRxEnabled(void) + { + return uart_rx_enabled(_uart); + } + int baudRate(void) + { + return uart_get_baudrate(_uart); + } + + bool hasOverrun(void) + { + return uart_has_overrun(_uart); + } protected: int _uart_nr; diff --git a/cores/esp8266/Print.cpp b/cores/esp8266/Print.cpp index 0c3d362ab7..c276d8e982 100644 --- a/cores/esp8266/Print.cpp +++ b/cores/esp8266/Print.cpp @@ -33,9 +33,24 @@ /* default implementation: may be overridden */ size_t Print::write(const uint8_t *buffer, size_t size) { + +#ifdef DEBUG_ESP_CORE + static char not_the_best_way [] ICACHE_RODATA_ATTR STORE_ATTR = "Print::write(data,len) should be overridden for better efficiency\r\n"; + static bool once = false; + if (!once) { + once = true; + os_printf_plus(not_the_best_way); + } +#endif + size_t n = 0; - while(size--) { - n += write(*buffer++); + while (size--) { + size_t ret = write(*buffer++); + if (ret == 0) { + // Write of last byte didn't complete, abort additional processing + break; + } + n += ret; } return n; } diff --git a/cores/esp8266/Updater.cpp b/cores/esp8266/Updater.cpp index 2a93d96d79..e01eca0bc6 100644 --- a/cores/esp8266/Updater.cpp +++ b/cores/esp8266/Updater.cpp @@ -86,7 +86,7 @@ bool UpdaterClass::begin(size_t size, int command) { //size of the update rounded to a sector uint32_t roundedSize = (size + FLASH_SECTOR_SIZE - 1) & (~(FLASH_SECTOR_SIZE - 1)); //address where we will start writing the update - updateStartAddress = updateEndAddress - roundedSize; + updateStartAddress = (updateEndAddress > roundedSize)? (updateEndAddress - roundedSize) : 0; #ifdef DEBUG_UPDATER DEBUG_UPDATER.printf("[begin] roundedSize: 0x%08X (%d)\n", roundedSize, roundedSize); @@ -390,4 +390,4 @@ void UpdaterClass::printError(Print &out){ } } -UpdaterClass Update; \ No newline at end of file +UpdaterClass Update; diff --git a/cores/esp8266/abi.cpp b/cores/esp8266/abi.cpp index 2670ec989a..8001c185a5 100644 --- a/cores/esp8266/abi.cpp +++ b/cores/esp8266/abi.cpp @@ -24,14 +24,28 @@ using __cxxabiv1::__guard; +// Debugging helper, last allocation which returned NULL +extern void *umm_last_fail_alloc_addr; +extern int umm_last_fail_alloc_size; + void *operator new(size_t size) { - return malloc(size); + void *ret = malloc(size); + if (0 != size && 0 == ret) { + umm_last_fail_alloc_addr = __builtin_return_address(0); + umm_last_fail_alloc_size = size; + } + return ret; } void *operator new[](size_t size) { - return malloc(size); + void *ret = malloc(size); + if (0 != size && 0 == ret) { + umm_last_fail_alloc_addr = __builtin_return_address(0); + umm_last_fail_alloc_size = size; + } + return ret; } void operator delete(void * ptr) diff --git a/cores/esp8266/core_esp8266_i2s.c b/cores/esp8266/core_esp8266_i2s.c index 942a0e73b4..4251a7036a 100644 --- a/cores/esp8266/core_esp8266_i2s.c +++ b/cores/esp8266/core_esp8266_i2s.c @@ -56,6 +56,7 @@ static uint32_t *i2s_slc_buf_pntr[SLC_BUF_CNT]; //Pointer to the I2S DMA buffer static struct slc_queue_item i2s_slc_items[SLC_BUF_CNT]; //I2S DMA buffer descriptors static uint32_t *i2s_curr_slc_buf=NULL;//current buffer for writing static int i2s_curr_slc_buf_pos=0; //position in the current buffer +static void (*i2s_callback) (void)=0; //Callback function should be defined as 'void ICACHE_FLASH_ATTR function_name()', placing the function in IRAM for faster execution. Avoid long computational tasks in this function, use it to set flags and process later. bool ICACHE_FLASH_ATTR i2s_is_full(){ return (i2s_curr_slc_buf_pos==SLC_BUF_LEN || i2s_curr_slc_buf==NULL) && (i2s_slc_queue_len == 0); @@ -92,10 +93,15 @@ void ICACHE_FLASH_ATTR i2s_slc_isr(void) { i2s_slc_queue_next_item(); //free space for finished_item } i2s_slc_queue[i2s_slc_queue_len++] = finished_item->buf_ptr; + if (i2s_callback) i2s_callback(); ETS_SLC_INTR_ENABLE(); } } +void i2s_set_callback(void (*callback) (void)){ + i2s_callback = callback; +} + void ICACHE_FLASH_ATTR i2s_slc_begin(){ i2s_slc_queue_len = 0; int x, y; @@ -248,7 +254,6 @@ float ICACHE_FLASH_ATTR i2s_get_real_rate(){ return (float)I2SBASEFREQ/32/((I2SC>>I2SBD) & I2SBDM)/((I2SC >> I2SCD) & I2SCDM); } - void ICACHE_FLASH_ATTR i2s_begin(){ _i2s_sample_rate = 0; i2s_slc_begin(); diff --git a/cores/esp8266/core_esp8266_postmortem.c b/cores/esp8266/core_esp8266_postmortem.c index 9712429795..83976918a3 100644 --- a/cores/esp8266/core_esp8266_postmortem.c +++ b/cores/esp8266/core_esp8266_postmortem.c @@ -38,6 +38,8 @@ extern cont_t g_cont; static const char* s_panic_file = 0; static int s_panic_line = 0; static const char* s_panic_func = 0; +static const char* s_panic_what = 0; + static bool s_abort_called = false; void abort() __attribute__((noreturn)); @@ -45,6 +47,11 @@ static void uart_write_char_d(char c); static void uart0_write_char_d(char c); static void uart1_write_char_d(char c); static void print_stack(uint32_t start, uint32_t end); + +// From UMM, the last caller of a malloc/realloc/calloc which failed: +extern void *umm_last_fail_alloc_addr; +extern int umm_last_fail_alloc_size; + static void raise_exception() __attribute__((noreturn)); extern void __custom_crash_callback( struct rst_info * rst_info, uint32_t stack, uint32_t stack_end ) { @@ -55,12 +62,28 @@ extern void __custom_crash_callback( struct rst_info * rst_info, uint32_t stack, extern void custom_crash_callback( struct rst_info * rst_info, uint32_t stack, uint32_t stack_end ) __attribute__ ((weak, alias("__custom_crash_callback"))); -static void ets_puts_P(const char *romString) { - char c = pgm_read_byte(romString++); - while (c) { - ets_putc(c); - c = pgm_read_byte(romString++); - } +// Single, non-inlined copy of pgm_read_byte to save IRAM space (as this is not timing critical) +static char ICACHE_RAM_ATTR iram_read_byte (const char *addr) { + return pgm_read_byte(addr); +} + +// Required to output the s_panic_file, it's stored in PMEM +#define ets_puts_P(pstr) \ +{ \ + char c; \ + do { \ + c = iram_read_byte(pstr++); \ + if (c) ets_putc(c); \ + } while (c); \ +} + +// Place these strings in .text because the SPI interface may be in bad shape during an exception. +#define ets_printf_P(str, ...) \ +{ \ + static const char istr[] ICACHE_RAM_ATTR = (str); \ + char mstr[sizeof(str)]; \ + for (size_t i=0; i < sizeof(str); i++) mstr[i] = iram_read_byte(&istr[i]); \ + ets_printf(mstr, ##__VA_ARGS__); \ } void __wrap_system_restart_local() { @@ -87,21 +110,25 @@ void __wrap_system_restart_local() { ets_install_putc1(&uart_write_char_d); if (s_panic_line) { - ets_puts_P(PSTR("\nPanic ")); - ets_puts_P(s_panic_file); - ets_printf(":%d ", s_panic_line); - ets_puts_P(s_panic_func); - ets_puts_P(PSTR("\n")); + ets_printf_P("\nPanic "); + ets_puts_P(s_panic_file); // This is in PROGMEM, need special output because ets_printf can't handle ROM parameters + ets_printf_P(":%d %s", s_panic_line, s_panic_func); + if (s_panic_what) { + ets_printf_P(": Assertion '"); + ets_puts_P(s_panic_what); // This is also in PMEM + ets_printf_P("' failed."); + } + ets_putc('\n'); } else if (s_abort_called) { - ets_puts_P(PSTR("Abort called\n")); + ets_printf_P("\nAbort called\n"); } else if (rst_info.reason == REASON_EXCEPTION_RST) { - ets_printf("\nException (%d):\nepc1=0x%08x epc2=0x%08x epc3=0x%08x excvaddr=0x%08x depc=0x%08x\n", + ets_printf_P("\nException (%d):\nepc1=0x%08x epc2=0x%08x epc3=0x%08x excvaddr=0x%08x depc=0x%08x\n", rst_info.exccause, rst_info.epc1, rst_info.epc2, rst_info.epc3, rst_info.excvaddr, rst_info.depc); } else if (rst_info.reason == REASON_SOFT_WDT_RST) { - ets_puts_P(PSTR("\nSoft WDT reset\n")); + ets_printf_P("\nSoft WDT reset\n"); } uint32_t cont_stack_start = (uint32_t) &(g_cont.stack); @@ -123,20 +150,25 @@ void __wrap_system_restart_local() { } if (sp > cont_stack_start && sp < cont_stack_end) { - ets_puts_P(PSTR("\nctx: cont \n")); + ets_printf_P("\nctx: cont \n"); stack_end = cont_stack_end; } else { - ets_puts_P(("\nctx: sys \n")); + ets_printf_P("\nctx: sys \n"); stack_end = 0x3fffffb0; // it's actually 0x3ffffff0, but the stuff below ets_run // is likely not really relevant to the crash } - ets_printf("sp: %08x end: %08x offset: %04x\n", sp, stack_end, offset); + ets_printf_P("sp: %08x end: %08x offset: %04x\n", sp, stack_end, offset); print_stack(sp + offset, stack_end); + // Use cap-X formatting to ensure the standard EspExceptionDecoder doesn't match the address + if (umm_last_fail_alloc_addr) { + ets_printf("\nlast failed alloc call: %08X(%d)\n", (uint32_t)umm_last_fail_alloc_addr, umm_last_fail_alloc_size); + } + custom_crash_callback( &rst_info, sp + offset, stack_end ); delayMicroseconds(10000); @@ -144,18 +176,18 @@ void __wrap_system_restart_local() { } -static void print_stack(uint32_t start, uint32_t end) { - ets_puts_P(PSTR("\n>>>stack>>>\n")); +static void ICACHE_RAM_ATTR print_stack(uint32_t start, uint32_t end) { + ets_printf_P("\n>>>stack>>>\n"); for (uint32_t pos = start; pos < end; pos += 0x10) { uint32_t* values = (uint32_t*)(pos); // rough indicator: stack frames usually have SP saved as the second word bool looksLikeStackFrame = (values[2] == pos + 0x10); - ets_printf("%08x: %08x %08x %08x %08x %c\n", + ets_printf_P("%08x: %08x %08x %08x %08x %c\n", pos, values[0], values[1], values[2], values[3], (looksLikeStackFrame)?'<':' '); } - ets_puts_P(PSTR("<<0){ //if SDA low, read the bits slaves have to sent to a max + while (SDA_READ()==0 && clockCount>0) { //if SDA low, read the bits slaves have to sent to a max + --clockCount; twi_read_bit(); - if (SCL_READ()==0) return I2C_SCL_HELD_LOW_AFTER_READ; //I2C bus error. SCL held low beyond slave clock stretch time + if (SCL_READ()==0) + return I2C_SCL_HELD_LOW_AFTER_READ; //I2C bus error. SCL held low beyond slave clock stretch time } - if (SDA_READ()==0) return I2C_SDA_HELD_LOW; //I2C bus error. SDA line held low by slave/another_master after n bits. + if (SDA_READ()==0) + return I2C_SDA_HELD_LOW; //I2C bus error. SDA line held low by slave/another_master after n bits. - if(!twi_write_start()) return I2C_SDA_HELD_LOW_AFTER_INIT; //line busy. SDA again held low by another device. 2nd master? - else return I2C_OK; //all ok -} \ No newline at end of file + if(!twi_write_start()) + return I2C_SDA_HELD_LOW_AFTER_INIT; //line busy. SDA again held low by another device. 2nd master? + + return I2C_OK; //all ok + +} diff --git a/cores/esp8266/heap.c b/cores/esp8266/heap.c index 49b6f12585..5f5aaef799 100644 --- a/cores/esp8266/heap.c +++ b/cores/esp8266/heap.c @@ -8,10 +8,19 @@ #include #include +// Debugging helper, last allocation which returned NULL +void *umm_last_fail_alloc_addr = NULL; +int umm_last_fail_alloc_size = 0; + void* _malloc_r(struct _reent* unused, size_t size) { (void) unused; - return malloc(size); + void *ret = malloc(size); + if (0 != size && 0 == ret) { + umm_last_fail_alloc_addr = __builtin_return_address(0); + umm_last_fail_alloc_size = size; + } + return ret; } void _free_r(struct _reent* unused, void* ptr) @@ -23,13 +32,23 @@ void _free_r(struct _reent* unused, void* ptr) void* _realloc_r(struct _reent* unused, void* ptr, size_t size) { (void) unused; - return realloc(ptr, size); + void *ret = realloc(ptr, size); + if (0 != size && 0 == ret) { + umm_last_fail_alloc_addr = __builtin_return_address(0); + umm_last_fail_alloc_size = size; + } + return ret; } void* _calloc_r(struct _reent* unused, size_t count, size_t size) { (void) unused; - return calloc(count, size); + void *ret = calloc(count, size); + if (0 != (count * size) && 0 == ret) { + umm_last_fail_alloc_addr = __builtin_return_address(0); + umm_last_fail_alloc_size = count * size; + } + return ret; } void ICACHE_RAM_ATTR vPortFree(void *ptr, const char* file, int line) diff --git a/cores/esp8266/i2s.h b/cores/esp8266/i2s.h index 64e306d650..925dfed509 100644 --- a/cores/esp8266/i2s.h +++ b/cores/esp8266/i2s.h @@ -51,6 +51,7 @@ bool i2s_write_lr(int16_t left, int16_t right);//combines both channels and call bool i2s_is_full();//returns true if DMA is full and can not take more bytes (overflow) bool i2s_is_empty();//returns true if DMA is empty (underflow) int16_t i2s_available();// returns the number of samples than can be written before blocking +void i2s_set_callback(void (*callback) (void)); #ifdef __cplusplus } diff --git a/cores/esp8266/uart.c b/cores/esp8266/uart.c index 328acca7df..c5acc9977d 100644 --- a/cores/esp8266/uart.c +++ b/cores/esp8266/uart.c @@ -59,6 +59,7 @@ struct uart_ { int baud_rate; bool rx_enabled; bool tx_enabled; + bool overrun; uint8_t rx_pin; uint8_t tx_pin; struct uart_rx_buffer_ * rx_buffer; @@ -102,13 +103,31 @@ inline size_t uart_rx_fifo_available(uart_t* uart) { return (USS(uart->uart_nr) >> USRXC) & 0x7F; } +const char overrun_str [] ICACHE_RODATA_ATTR STORE_ATTR = "uart input full!\r\n"; + // Copy all the rx fifo bytes that fit into the rx buffer inline void uart_rx_copy_fifo_to_buffer(uart_t* uart) { while(uart_rx_fifo_available(uart)){ size_t nextPos = (uart->rx_buffer->wpos + 1) % uart->rx_buffer->size; if(nextPos == uart->rx_buffer->rpos) { + + if (!uart->overrun) { + uart->overrun = true; + os_printf_plus(overrun_str); + } + + // a choice has to be made here, + // do we discard newest or oldest data? +#if 0 + // discard newest data // Stop copying if rx buffer is full + USF(uart->uart_nr); break; +#else + // discard oldest data + if (++uart->rx_buffer->rpos == uart->rx_buffer->size) + uart->rx_buffer->rpos = 0; +#endif } uint8_t data = USF(uart->uart_nr); uart->rx_buffer->buffer[uart->rx_buffer->wpos] = data; @@ -195,24 +214,31 @@ void uart_stop_isr(uart_t* uart) ETS_UART_INTR_ATTACH(NULL, NULL); } +static void uart_do_write_char(uart_t* uart, char c) +{ + while((USS(uart->uart_nr) >> USTXC) >= 0x7f); + USF(uart->uart_nr) = c; +} -void uart_write_char(uart_t* uart, char c) +size_t uart_write_char(uart_t* uart, char c) { if(uart == NULL || !uart->tx_enabled) { - return; + return 0; } - while((USS(uart->uart_nr) >> USTXC) >= 0x7f); - USF(uart->uart_nr) = c; + uart_do_write_char(uart, c); + return 1; } -void uart_write(uart_t* uart, const char* buf, size_t size) +size_t uart_write(uart_t* uart, const char* buf, size_t size) { if(uart == NULL || !uart->tx_enabled) { - return; + return 0; } - while(size--) { - uart_write_char(uart, *buf++); + size_t ret = size; + while (size--) { + uart_do_write_char(uart, *buf++); } + return ret; } size_t uart_tx_free(uart_t* uart) @@ -281,6 +307,7 @@ uart_t* uart_init(int uart_nr, int baudrate, int config, int mode, int tx_pin, s } uart->uart_nr = uart_nr; + uart->overrun = false; switch(uart->uart_nr) { case UART0: @@ -504,6 +531,15 @@ bool uart_rx_enabled(uart_t* uart) return uart->rx_enabled; } +bool uart_has_overrun (uart_t* uart) +{ + if (uart == NULL || !uart->overrun) { + return false; + } + // clear flag + uart->overrun = false; + return true; +} static void uart_ignore_char(char c) { diff --git a/cores/esp8266/uart.h b/cores/esp8266/uart.h index b79745adf5..127c5d0ebb 100644 --- a/cores/esp8266/uart.h +++ b/cores/esp8266/uart.h @@ -127,8 +127,8 @@ int uart_get_baudrate(uart_t* uart); size_t uart_resize_rx_buffer(uart_t* uart, size_t new_size); -void uart_write_char(uart_t* uart, char c); -void uart_write(uart_t* uart, const char* buf, size_t size); +size_t uart_write_char(uart_t* uart, char c); +size_t uart_write(uart_t* uart, const char* buf, size_t size); int uart_read_char(uart_t* uart); int uart_peek_char(uart_t* uart); size_t uart_rx_available(uart_t* uart); @@ -136,6 +136,8 @@ size_t uart_tx_free(uart_t* uart); void uart_wait_tx_empty(uart_t* uart); void uart_flush(uart_t* uart); +bool uart_has_overrun (uart_t* uart); // returns then clear overrun flag + void uart_set_debug(int uart_nr); int uart_get_debug(); diff --git a/cores/esp8266/umm_malloc/umm_malloc.c b/cores/esp8266/umm_malloc/umm_malloc.c index ac249b643d..d65eac781d 100644 --- a/cores/esp8266/umm_malloc/umm_malloc.c +++ b/cores/esp8266/umm_malloc/umm_malloc.c @@ -499,6 +499,10 @@ #include "umm_malloc_cfg.h" /* user-dependent */ +// From UMM, the last caller of a malloc/realloc/calloc which failed: +extern void *umm_last_fail_alloc_addr; +extern int umm_last_fail_alloc_size; + #ifndef UMM_FIRST_FIT # ifndef UMM_BEST_FIT # define UMM_BEST_FIT @@ -1661,6 +1665,10 @@ void *umm_malloc( size_t size ) { size += POISON_SIZE(size); ret = _umm_malloc( size ); + if (0 != size && 0 == ret) { + umm_last_fail_alloc_addr = __builtin_return_address(0); + umm_last_fail_alloc_size = size; + } ret = GET_POISONED(ret, size); @@ -1688,6 +1696,10 @@ void *umm_calloc( size_t num, size_t item_size ) { if (ret) { memset(ret, 0x00, size); } + if (0 != size && 0 == ret) { + umm_last_fail_alloc_addr = __builtin_return_address(0); + umm_last_fail_alloc_size = size; + } ret = GET_POISONED(ret, size); @@ -1713,6 +1725,10 @@ void *umm_realloc( void *ptr, size_t size ) { size += POISON_SIZE(size); ret = _umm_realloc( ptr, size ); + if (0 != size && 0 == ret) { + umm_last_fail_alloc_addr = __builtin_return_address(0); + umm_last_fail_alloc_size = size; + } ret = GET_POISONED(ret, size); diff --git a/cores/esp8266/umm_malloc/umm_malloc_cfg.h b/cores/esp8266/umm_malloc/umm_malloc_cfg.h index 916dd47aac..314e51fbbc 100644 --- a/cores/esp8266/umm_malloc/umm_malloc_cfg.h +++ b/cores/esp8266/umm_malloc/umm_malloc_cfg.h @@ -2,13 +2,6 @@ * Configuration for umm_malloc */ -// with DEBUG_ESP_OOM debug option activated, -// implying gcc option '-include this-file' -// this file is included in *every* source file -// *before* any other include file - -#ifndef __ASSEMBLER__ - #ifndef _UMM_MALLOC_CFG_H #define _UMM_MALLOC_CFG_H @@ -184,11 +177,8 @@ extern char _heap_start; #ifdef DEBUG_ESP_OOM // this must be outside from "#ifndef _UMM_MALLOC_CFG_H" // because Arduino.h's does #undef *alloc -// so Arduino.h recall us to redefine them +// Arduino.h recall us to redefine them #define malloc(s) ({ static const char mem_debug_file[] ICACHE_RODATA_ATTR STORE_ATTR = __FILE__; malloc_loc(s, mem_debug_file, __LINE__); }) #define calloc(n,s) ({ static const char mem_debug_file[] ICACHE_RODATA_ATTR STORE_ATTR = __FILE__; calloc_loc(n, s, mem_debug_file, __LINE__); }) #define realloc(p,s) ({ static const char mem_debug_file[] ICACHE_RODATA_ATTR STORE_ATTR = __FILE__; realloc_loc(p, s, mem_debug_file, __LINE__); }) - -#endif - -#endif /* !__ASSEMBLER__ */ +#endif /* DEBUG_ESP_OOM */ diff --git a/doc/esp8266wifi/readme.rst b/doc/esp8266wifi/readme.rst index dd412b9153..1b0f22dc69 100644 --- a/doc/esp8266wifi/readme.rst +++ b/doc/esp8266wifi/readme.rst @@ -7,8 +7,8 @@ ESP8266 is all about Wi-Fi. If you are eager to connect your new ESP8266 module Introduction ------------ -The `Wi-Fi library for ESP8266 `__ has been developed basing on `ESP8266 SDK `__, using naming convention and overall functionality philosophy of `Arduino WiFi library `__. Over time the wealth Wi-Fi features ported from ESP9266 SDK to `esp8266 / -Adruino `__ outgrow `Arduino WiFi library `__ and it became apparent that we need to provide separate documentation on what is new and extra. +The `Wi-Fi library for ESP8266 `__ has been developed based on `ESP8266 SDK `__, using naming convention and overall functionality philosophy of `Arduino WiFi library `__. Over time the wealth Wi-Fi features ported from ESP9266 SDK to `esp8266 / +Arduino `__ outgrew `Arduino WiFi library `__ and it became apparent that we need to provide separate documentation on what is new and extra. This documentation will walk you through several classes, methods and properties of `ESP8266WiFi `__ library. If you are new to C++ and Arduino, don't worry. We will start from general concepts and then move to detailed description of members of each particular class including usage examples. diff --git a/doc/faq/a01-espcomm_sync-failed.rst b/doc/faq/a01-espcomm_sync-failed.rst index 639870a4e7..c91cc32678 100644 --- a/doc/faq/a01-espcomm_sync-failed.rst +++ b/doc/faq/a01-espcomm_sync-failed.rst @@ -3,7 +3,7 @@ I am getting "espcomm\_sync failed" error when trying to upload my ESP. How to resolve this issue? -------------------------------------------------------------------------------------------------- -- `Introduction <#Introduction>`__ +- `Introduction <#introduction>`__ - `Initial Checks <#initial-checks>`__ - `Advanced Checks <#advanced-checks>`__ - `Reset Methods <#reset-methods>`__ @@ -332,35 +332,45 @@ GitHub. I'm Stuck ~~~~~~~~~ -Hopefully at this point you were able to resolve ``espcomm_sync failed`` -issue and now enjoy quick and reliable uploads of your ESP modules. +Hopefully at this point you were able to resolve ``espcomm_sync failed`` issue and now enjoy quick and reliable uploads of your ESP modules. -If this is still not the case, then review once more all discussed steps -in the checklist below. +If this is still not the case, then review once more all discussed steps in the checklist below. -**Initial Checks** \* [ ] Is your module connected to serial port and -visible in IDE? \* [ ] Is connected device responding to IDE? What is -exact message in debug window? \* [ ] Have you selected correct ESP -module type in *Board* menu? What is the selection? \* [ ] Have you -tried to reduce upload speed? What speeds have you tried? +**Initial Checks** -**Advanced Checks** \* [ ] What message is reported by ESP at 74880 baud -when entering boot loading mode? \* [ ] Have you checked your USB to -serial converter by looping it back? What is the result? \* [ ] Is your -detailed upload log consistent with settings in IDE? What is the log? +* [ ] Is your module connected to serial port and visible in IDE? -**Reset Method** \* [ ] What reset method do you use? \* [ ] What is -your connection diagram? Does it match diagram in this FAQ? \* [ ] What -is your wave-form of board reset? Does it match wave-form in this FAQ? -\* [ ] What is your wave-form of complete upload? Does it match -wave-form in this FAQ? +* [ ] Is connected device responding to IDE? What is exact message in debug window? -**Software** \* [ ] Do you use the latest stable version of `esp8266 / -Arduino `__? What is it? \* [ ] What -is the name and version of your IDE and O/S? +* [ ] Have you selected correct ESP module type in *Board* menu? What is the selection? -If you are stuck at certain step, then post this list on `ESP8266 -Community Forum `__ asking for support. +* [ ] Have you tried to reduce upload speed? What speeds have you tried? + +**Advanced Checks** + +* [ ] What message is reported by ESP at 74880 baud when entering boot loading mode? + +* [ ] Have you checked your USB to serial converter by looping it back? What is the result? + +* [ ] Is your detailed upload log consistent with settings in IDE? What is the log? + +**Reset Method** + +* [ ] What reset method do you use? + +* [ ] What is your connection diagram? Does it match diagram in this FAQ? + +* [ ] What is your wave-form of board reset? Does it match wave-form in this FAQ? + +* [ ] What is your wave-form of complete upload? Does it match wave-form in this FAQ? + +**Software** + +* [ ] Do you use the latest stable version of `esp8266 / Arduino `__? What is it? + +* [ ] What is the name and version of your IDE and O/S? + +If you are stuck at certain step, then post this list on `ESP8266 Community Forum `__ asking for support. Conclusion ~~~~~~~~~~ diff --git a/doc/ota_updates/readme.rst b/doc/ota_updates/readme.rst index f05f796dca..18116c5167 100644 --- a/doc/ota_updates/readme.rst +++ b/doc/ota_updates/readme.rst @@ -57,7 +57,7 @@ Basic Requirements Flash chip size should be able to hold the old sketch (currently running) and the new sketch (OTA) at the same time. -Keep in mind that the File system and EEPROM for example needs space too (one time) see `flash layout <../filesystem.rst#flash-layout>`__. +Keep in mind that the File system and EEPROM for example needs space too (one time) see :ref:`Flash layout`. .. code:: cpp @@ -65,7 +65,7 @@ Keep in mind that the File system and EEPROM for example needs space too (one ti can be used for checking the free space for the new sketch. -For overview of memory layout, where new sketch is stored and how it is copied during OTA process, see `Update process - memory view <#update-process---memory-view>`__. +For overview of memory layout, where new sketch is stored and how it is copied during OTA process, see `Update process - memory view <#update-process-memory-view>`__. The following chapters provide more details and specific methods of doing OTA. @@ -224,9 +224,9 @@ Instead of the log as on the above screen you may see the following: If this is the case, then most likely ESP module has not been reset after initial upload using serial port. -The most common causes of OTA failure are as follows: \* not enough physical memory on the chip (e.g. ESP01 with 512K flash memory is not enough for OTA), \* too much memory declared for SPIFFS so new sketch will not fit between existing sketch and SPIFFS – see `Update process - memory view <#update-process---memory-view>`__, \* too little memory declared in Arduino IDE for your selected board (i.e. less than physical size), \* not resetting the ESP module after initial upload using serial port. +The most common causes of OTA failure are as follows: \* not enough physical memory on the chip (e.g. ESP01 with 512K flash memory is not enough for OTA), \* too much memory declared for SPIFFS so new sketch will not fit between existing sketch and SPIFFS – see `Update process - memory view <#update-process-memory-view>`__, \* too little memory declared in Arduino IDE for your selected board (i.e. less than physical size), \* not resetting the ESP module after initial upload using serial port. -For more details regarding flash memory layout please check `File system <../filesystem.rst>`__. For overview where new sketch is stored, how it is copied and how memory is organized for the purpose of OTA see `Update process - memory view <#update-process---memory-view>`__. +For more details regarding flash memory layout please check `File system <../filesystem.rst>`__. For overview where new sketch is stored, how it is copied and how memory is organized for the purpose of OTA see `Update process - memory view <#update-process-memory-view>`__. Web Browser ----------- diff --git a/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp b/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp index ad8b14892d..676cdf33e8 100644 --- a/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp +++ b/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp @@ -73,6 +73,34 @@ class TLSTraits : public TransportTraits String _fingerprint; }; +class BearSSLTraits : public TransportTraits +{ +public: + BearSSLTraits(const uint8_t fingerprint[20]) + { + memcpy(_fingerprint, fingerprint, sizeof(_fingerprint)); + } + + std::unique_ptr create() override + { + WiFiClientBearSSL *client = new WiFiClientBearSSL(); + client->setFingerprint(_fingerprint); + return std::unique_ptr(client); + } + + bool verify(WiFiClient& client, const char* host) override + { + // No-op. BearSSL will not connect if the fingerprint doesn't match. + // So if you get to here you've already connected and it matched + (void) client; + (void) host; + return true; + } + +protected: + uint8_t _fingerprint[20]; +}; + /** * constructor */ @@ -116,6 +144,24 @@ bool HTTPClient::begin(String url, String httpsFingerprint) return true; } + +bool HTTPClient::begin(String url, const uint8_t httpsFingerprint[20]) +{ + _transportTraits.reset(nullptr); + _port = 443; + if (!beginInternal(url, "https")) { + return false; + } + _transportTraits = TransportTraitsPtr(new BearSSLTraits(httpsFingerprint)); + DEBUG_HTTPCLIENT("[HTTP-Client][begin] BearSSL-httpsFingerprint:"); + for (size_t i=0; i < 20; i++) { + DEBUG_HTTPCLIENT(" %02x", httpsFingerprint[i]); + } + DEBUG_HTTPCLIENT("\n"); + return true; +} + + /** * parsing the url for all needed parameters * @param url String @@ -213,6 +259,23 @@ bool HTTPClient::begin(String host, uint16_t port, String uri, String httpsFinge return true; } +bool HTTPClient::begin(String host, uint16_t port, String uri, const uint8_t httpsFingerprint[20]) +{ + clear(); + _host = host; + _port = port; + _uri = uri; + + _transportTraits = TransportTraitsPtr(new BearSSLTraits(httpsFingerprint)); + DEBUG_HTTPCLIENT("[HTTP-Client][begin] host: %s port: %d url: %s BearSSL-httpsFingerprint:", host.c_str(), port, uri.c_str()); + for (size_t i=0; i < 20; i++) { + DEBUG_HTTPCLIENT(" %02x", httpsFingerprint[i]); + } + DEBUG_HTTPCLIENT("\n"); + return true; +} + + /** * end * called after the payload is handled diff --git a/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h b/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h index 02e4ca5cc5..c8ddea7b74 100644 --- a/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h +++ b/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h @@ -135,8 +135,10 @@ class HTTPClient bool begin(String url); bool begin(String url, String httpsFingerprint); + bool begin(String url, const uint8_t httpsFingerprint[20]); bool begin(String host, uint16_t port, String uri = "/"); bool begin(String host, uint16_t port, String uri, String httpsFingerprint); + bool begin(String host, uint16_t port, String uri, const uint8_t httpsFingerprint[20]); // deprecated, use the overload above instead bool begin(String host, uint16_t port, String uri, bool https, String httpsFingerprint) __attribute__ ((deprecated)); diff --git a/libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino b/libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino new file mode 100644 index 0000000000..994fdb5fa1 --- /dev/null +++ b/libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino @@ -0,0 +1,117 @@ +/* + SecureBearSSLUpdater - SSL encrypted, password-protected firmware update + + This example starts a HTTPS server on the ESP8266 to allow firmware updates + to be performed. All communication, including the username and password, + is encrypted via SSL. Be sure to update the SSID and PASSWORD before running + to allow connection to your WiFi network. + + To upload through terminal you can use: + curl -u admin:admin -F "image=@firmware.bin" esp8266-webupdate.local/firmware + + Adapted by Earle F. Philhower, III, from the SecureWebUpdater.ino example. + This example is released into the public domain. +*/ + +#include +#include +#include +#include +#include + +const char* host = "esp8266-webupdate"; +const char* update_path = "/firmware"; +const char* update_username = "admin"; +const char* update_password = "admin"; +const char* ssid = "........"; +const char* password = "........"; + +ESP8266WebServerBearSSL httpServer(443); +ESP8266HTTPUpdateServer httpUpdater; + +static const char serverCert[] PROGMEM = R"EOF( +-----BEGIN CERTIFICATE----- +MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx +EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w +HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX +DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh +dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y +X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj +oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI +t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO +S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy ++O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq +hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM +E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb +fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC +JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m ++TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA +5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg== +-----END CERTIFICATE----- +)EOF"; + +static const char serverKey[] PROGMEM = R"EOF( +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI +IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z +uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf +zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+ +ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh +BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8 +djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T +yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M +q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr +eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN +d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn +geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y +84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx +/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim +RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu +DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg +rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW +YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK +iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X +jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ +zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV +kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt +/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO +j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg +gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk= +-----END RSA PRIVATE KEY----- +)EOF"; + + +void setup() +{ + + Serial.begin(115200); + Serial.println(); + Serial.println("Booting Sketch..."); + WiFi.mode(WIFI_AP_STA); + WiFi.begin(ssid, password); + + while(WiFi.waitForConnectResult() != WL_CONNECTED){ + WiFi.begin(ssid, password); + Serial.println("WiFi failed, retrying."); + } + + configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov"); + + MDNS.begin(host); + + httpServer.setRSACert(new BearSSLX509List(serverCert), new BearSSLPrivateKey(serverKey)); + httpUpdater.setup(&httpServer, update_path, update_username, update_password); + httpServer.begin(); + + MDNS.addService("https", "tcp", 443); + Serial.printf("BearSSLUpdateServer ready!\nOpen https://%s.local%s in "\ + "your browser and login with username '%s' and password "\ + "'%s'\n", host, update_path, update_username, update_password); +} + +void loop() +{ + httpServer.handleClient(); +} diff --git a/libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino b/libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino new file mode 100644 index 0000000000..b041f53997 --- /dev/null +++ b/libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino @@ -0,0 +1,142 @@ +/* + HelloServerBearSSL - Simple HTTPS server example + + This example demonstrates a basic ESP8266WebServerSecure HTTPS server + that can serve "/" and "/inline" and generate detailed 404 (not found) + HTTP respoinses. Be sure to update the SSID and PASSWORD before running + to allow connection to your WiFi network. + + Adapted by Earle F. Philhower, III, from the HelloServer.ino example. + This example is released into the public domain. +*/ +#include +#include +#include +#include + +const char* ssid = "...."; +const char* password = "...."; + +ESP8266WebServerBearSSL server(443); + +static const char serverCert[] PROGMEM = R"EOF( +-----BEGIN CERTIFICATE----- +MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx +EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w +HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX +DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh +dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y +X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj +oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI +t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO +S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy ++O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq +hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM +E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb +fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC +JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m ++TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA +5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg== +-----END CERTIFICATE----- +)EOF"; + +static const char serverKey[] PROGMEM = R"EOF( +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI +IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z +uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf +zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+ +ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh +BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8 +djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T +yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M +q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr +eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN +d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn +geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y +84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx +/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim +RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu +DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg +rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW +YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK +iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X +jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ +zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV +kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt +/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO +j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg +gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk= +-----END RSA PRIVATE KEY----- +)EOF"; + + +const int led = 13; + +void handleRoot() { + digitalWrite(led, 1); + server.send(200, "text/plain", "Hello from esp8266 over HTTPS!"); + digitalWrite(led, 0); +} + +void handleNotFound(){ + digitalWrite(led, 1); + String message = "File Not Found\n\n"; + message += "URI: "; + message += server.uri(); + message += "\nMethod: "; + message += (server.method() == HTTP_GET)?"GET":"POST"; + message += "\nArguments: "; + message += server.args(); + message += "\n"; + for (uint8_t i=0; i +#include +#include "WiFiServer.h" +#include "WiFiClient.h" +#include "ESP8266WebServerBearSSL.h" + +//#define DEBUG_ESP_HTTP_SERVER +#ifdef DEBUG_ESP_PORT +#define DEBUG_OUTPUT DEBUG_ESP_PORT +#else +#define DEBUG_OUTPUT Serial +#endif + +ESP8266WebServerBearSSL::ESP8266WebServerBearSSL(IPAddress addr, int port) +: _serverSecure(addr, port) +{ +} + +ESP8266WebServerBearSSL::ESP8266WebServerBearSSL(int port) +: _serverSecure(port) +{ +} + + +void ESP8266WebServerBearSSL::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) +{ + _serverSecure.setRSACert(chain, sk); +} + +void ESP8266WebServerBearSSL::setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk) +{ + _serverSecure.setECCert(chain, cert_issuer_key_type, sk); +} + +void ESP8266WebServerBearSSL::setBufferSizes(int recv, int xmit) +{ + _serverSecure.setBufferSizes(recv, xmit); +} + +ESP8266WebServerBearSSL::~ESP8266WebServerBearSSL() { + // Nothing to do here. + // Base class's destructor will be called to clean up itself +} + +// We need to basically cut-n-paste these from WebServer because of the problem +// of object slicing. The class uses assignment operators like "WiFiClient x=y;" +// When this happens, even if "y" is a WiFiClientSecure, the main class is +// already compiled down into code which will only copy the WiFiClient superclass +// and not the extra bits for our own class (since when it was compiled it needed +// to know the size of memory to allocate on the stack for this local variable +// there's not realy anything else it could do). + +void ESP8266WebServerBearSSL::begin() { + _currentStatus = HC_NONE; + _serverSecure.begin(); + if(!_headerKeysCount) + collectHeaders(0, 0); +} + +void ESP8266WebServerBearSSL::handleClient() { + if (_currentStatus == HC_NONE) { + WiFiClientBearSSL client = _serverSecure.available(); + if (!client) { + return; + } + +#ifdef DEBUG_ESP_HTTP_SERVER + DEBUG_OUTPUT.println("New secure client"); +#endif + + _currentClientSecure = client; + _currentStatus = HC_WAIT_READ; + _statusChange = millis(); + } + + bool keepCurrentClient = false; + bool callYield = false; + + if (_currentClientSecure.connected()) { + switch (_currentStatus) { + case HC_NONE: + // No-op to avoid C++ compiler warning + break; + case HC_WAIT_READ: + // Wait for data from client to become available + if (_currentClientSecure.available()) { + if (_parseRequest(_currentClientSecure)) { + _currentClientSecure.setTimeout(HTTP_MAX_SEND_WAIT); + _contentLength = CONTENT_LENGTH_NOT_SET; + _handleRequest(); + + if (_currentClientSecure.connected()) { + _currentStatus = HC_WAIT_CLOSE; + _statusChange = millis(); + keepCurrentClient = true; + } + } + } else { // !_currentClient.available() + if (millis() - _statusChange <= HTTP_MAX_DATA_WAIT) { + keepCurrentClient = true; + } + callYield = true; + } + break; + case HC_WAIT_CLOSE: + // Wait for client to close the connection + if (millis() - _statusChange <= HTTP_MAX_CLOSE_WAIT) { + keepCurrentClient = true; + callYield = true; + } + } + } + + if (!keepCurrentClient) { + _currentClientSecure = WiFiClientBearSSL(); + _currentStatus = HC_NONE; + _currentUpload.reset(); + } + + if (callYield) { + yield(); + } +} + +void ESP8266WebServerBearSSL::close() { + _currentClientSecure.flush(); + _currentClientSecure.stop(); + _serverSecure.close(); +} + diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.h b/libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.h new file mode 100644 index 0000000000..0216a3016d --- /dev/null +++ b/libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.h @@ -0,0 +1,63 @@ +/* + ESP8266WebServerSecure.h - Dead simple HTTPS web-server. + Supports only one simultaneous client, knows how to handle GET and POST. + + Copyright (c) 2017 Earle F. Philhower, III. All rights reserved. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + + +#ifndef ESP8266WEBSERVERBEARSSL_H +#define ESP8266WEBSERVERBEARSSL_H + +#include +#include +#include + +class ESP8266WebServerBearSSL : public ESP8266WebServer +{ +public: + ESP8266WebServerBearSSL(IPAddress addr, int port = 443); + ESP8266WebServerBearSSL(int port = 443); + virtual ~ESP8266WebServerBearSSL(); + + void setBufferSizes(int recv, int xmit); + void setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk); + void setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk); + + WiFiClient client() override { return _currentClientSecure; } + + void begin() override; + void handleClient() override; + void close() override; + + template + size_t streamFile(T &file, const String& contentType) { + _streamFileCore(file.size(), file.name(), contentType); + return _currentClientSecure.write(file); + } + +private: + size_t _currentClientWrite (const char *bytes, size_t len) override { return _currentClientSecure.write((const uint8_t *)bytes, len); } + size_t _currentClientWrite_P (PGM_P bytes, size_t len) override { return _currentClientSecure.write_P(bytes, len); } + +protected: + WiFiServerBearSSL _serverSecure; + WiFiClientBearSSL _currentClientSecure; +}; + + +#endif //ESP8266WEBSERVERSECURE_H diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h b/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h index ec6c344a48..730860324a 100644 --- a/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h +++ b/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h @@ -42,6 +42,12 @@ class ESP8266WebServerSecure : public ESP8266WebServer void handleClient() override; void close() override; + template + size_t streamFile(T &file, const String& contentType) { + _streamFileCore(file.size(), file.name(), contentType); + return _currentClientSecure.write(file); + } + private: size_t _currentClientWrite (const char *bytes, size_t len) override { return _currentClientSecure.write((const uint8_t *)bytes, len); } size_t _currentClientWrite_P (PGM_P bytes, size_t len) override { return _currentClientSecure.write_P(bytes, len); } diff --git a/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino b/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino new file mode 100644 index 0000000000..ffde679224 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino @@ -0,0 +1,158 @@ +// Demonstrate the CertStore object with WiFiClientBearSSL +// +// Before running, you must download the set of certs using +// the script "certs-from-mozilla.py" (no parameters) +// and then uploading the generated data directory to +// SPIFFS. +// +// Why would you need a CertStore? +// +// If you know the exact serve being connected to, or you +// are generating your own self-signed certificates and aren't +// allowing connections to HTTPS/TLS servers out of your +// control, then you do NOT want a CertStore. Hardcode the +// self-signing CA or the site's x.509 certificate directly. +// +// However, if you don't know what specific sites the system +// will be required to connect to and verify, a +// CertStore{SPIFFS,SD}BearSSL can allow you to select from +// 10s or 100s of CAs against which you can check the +// target's X.509, without taking any more RAM than a single +// certificate. This is the same way that standard browsers +// and operating systems use to verify SSL connections. +// +// About the chosen certs: +// The certificates are scraped from the Mozilla.org current +// list, but please don't take this as an endorsement or a +// requirement: it is up to YOU, the USER, to specify the +// certificate authorities you will use as trust bases. +// +// Mar 2018 by Earle F. Philhower, III +// Released to the public domain + +#include +#include +#include + +const char *ssid = "...."; +const char *pass = "...."; + +// A single, global CertStore which can be used by all +// connections. Needs to stay live the entire time any of +// the WiFiClientBearSSLs are present. +CertStoreSPIFFSBearSSL certStore; + +// Set time via NTP, as required for x.509 validation +void setClock() { + configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov"); + + Serial.print("Waiting for NTP time sync: "); + time_t now = time(nullptr); + while (now < 8 * 3600 * 2) { + delay(500); + Serial.print("."); + now = time(nullptr); + } + Serial.println(""); + struct tm timeinfo; + gmtime_r(&now, &timeinfo); + Serial.print("Current time: "); + Serial.print(asctime(&timeinfo)); +} + +// Try and connect using a WiFiClientBearSSL to specified host:port and dump URL +void fetchURL(WiFiClientBearSSL *client, const char *host, const uint16_t port, const char *path) { + if (!path) { + path = "/"; + } + + Serial.printf("Trying: %s:443...", host); + client->connect(host, port); + if (!client->connected()) { + Serial.printf("*** Can't connect. ***\n-------\n"); + return; + } + Serial.printf("Connected!\n-------\n"); + client->write("GET "); + client->write(path); + client->write(" HTTP/1.0\r\nHost: "); + client->write(host); + client->write("\r\nUser-Agent: ESP8266\r\n"); + client->write("\r\n"); + uint32_t to = millis() + 5000; + if (client->connected()) { + do { + char tmp[32]; + memset(tmp, 0, 32); + int rlen = client->read((uint8_t*)tmp, sizeof(tmp) - 1); + yield(); + if (rlen < 0) { + break; + } + // Only print out first line up to \r, then abort connection + char *nl = strchr(tmp, '\r'); + if (nl) { + *nl = 0; + Serial.print(tmp); + break; + } + Serial.print(tmp); + } while (millis() < to); + } + client->stop(); + Serial.printf("\n-------\n"); +} + +void setup() { + Serial.begin(115200); + Serial.println(); + Serial.println(); + + // We start by connecting to a WiFi network + Serial.print("Connecting to "); + Serial.println(ssid); + WiFi.mode(WIFI_STA); + WiFi.begin(ssid, pass); + + while (WiFi.status() != WL_CONNECTED) { + delay(500); + Serial.print("."); + } + Serial.println(""); + + Serial.println("WiFi connected"); + Serial.println("IP address: "); + Serial.println(WiFi.localIP()); + + setClock(); // Required for X.509 validation + + int numCerts = certStore.initCertStore(); + Serial.printf("Number of CA certs read: %d\n", numCerts); + if (numCerts == 0) { + Serial.printf("No certs found. Did you run certs-from-mozill.py and upload the SPIFFS directory before running?\n"); + return; // Can't connect to anything w/o certs! + } + + WiFiClientBearSSL *bear = new WiFiClientBearSSL(); + // Integrate the cert store with this connection + bear->setCertStore(&certStore); + Serial.printf("Attempting to fetch https://www.github.com/...\n"); + fetchURL(bear, "www.github.com", 443, "/"); + delete bear; +} + +void loop() { + Serial.printf("\nPlease enter a website address (www.blah.com) to connect to: "); + String site; + do { + site = Serial.readString(); + } while (site == ""); + Serial.printf("https://%s/\n", site.c_str()); + + WiFiClientBearSSL *bear = new WiFiClientBearSSL(); + // Integrate the cert store with this connection + bear->setCertStore(&certStore); + fetchURL(bear, site.c_str(), 443, "/"); + delete bear; +} + diff --git a/libraries/ESP8266WiFi/examples/BearSSL_CertStore/certs-from-mozilla.py b/libraries/ESP8266WiFi/examples/BearSSL_CertStore/certs-from-mozilla.py new file mode 100755 index 0000000000..cd0da9e327 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_CertStore/certs-from-mozilla.py @@ -0,0 +1,51 @@ +#!/usr/bin/python + +# This script pulls the list of Mozilla trusted certificate authorities +# from the web at the "mozurl" below, parses the file to grab the PEM +# for each cert, and then generates DER files in a new ./data directory +# Upload these to a SPIFFS filesystem and use the CertManager to parse +# and use them for your outgoing SSL connections. +# +# Script by Earle F. Philhower, III. Released to the public domain. + +import csv +from os import mkdir +from subprocess import Popen, PIPE +import urllib2 +try: + # for Python 2.x + from StringIO import StringIO +except ImportError: + # for Python 3.x + from io import StringIO + +# Mozilla's URL for the CSV file with included PEM certs +mozurl = "https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV" + +# Load the manes[] and pems[] array from the URL +names = [] +pems = [] +response = urllib2.urlopen(mozurl) +csvData = response.read() +csvReader = csv.reader(StringIO(csvData)) +for row in csvReader: + names.append(row[0]+":"+row[1]+":"+row[2]) + pems.append(row[28]) +del names[0] # Remove headers +del pems[0] # Remove headers + +# Try and make ./data, skip if present +try: + os.mkdir("data") +except: + pass + +# Process the text PEM using openssl into DER files +for i in range(0, len(pems)): + certName = "data/ca_%03d.der" % (i); + thisPem = pems[i].replace("'", "") + print names[i] + " -> " + certName + pipe = Popen(['openssl','x509','-inform','PEM','-outform','DER','-out', certName], shell = False, stdin = PIPE).stdin + pipe.write(thisPem) + pipe.close + diff --git a/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino b/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino new file mode 100644 index 0000000000..c9375c1f00 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino @@ -0,0 +1,125 @@ +// Shows how to use the Maximum Fragment Length option in +// BearSSL to reduce SSL memory needs. +// +// Mar 2018 by Earle F. Philhower, III +// Released to the public domain + +#include + +const char *ssid = "...."; +const char *pass = "...."; + +void fetch(WiFiClientBearSSL *client) { + client->write("GET / HTTP/1.0\r\nHost: tls.mbed.org\r\nUser-Agent: ESP8266\r\n\r\n"); + client->flush(); + uint32_t to = millis() + 5000; + do { + char tmp[32]; + memset(tmp, 0, 32); + int rlen = client->read((uint8_t*)tmp, sizeof(tmp) - 1); + yield(); + if (rlen < 0) { + break; + } + Serial.print(tmp); + } while (millis() < to); + client->stop(); + Serial.printf("\n-------\n"); +} + +int fetchNoMaxFragmentLength() { + int ret = ESP.getFreeHeap(); + + Serial.printf("\nConnecting to https://tls.mbed.org\n"); + Serial.printf("No MFLN attempted\n"); + + WiFiClientBearSSL client; + client.setInsecure(); + client.connect("tls.mbed.org", 443); + if (client.connected()) { + Serial.printf("Memory used: %d\n", ret - ESP.getFreeHeap()); + ret -= ESP.getFreeHeap(); + fetch(&client); + } else { + Serial.printf("Unable to connect\n"); + } + return ret; +} + +int fetchMaxFragmentLength() { + int ret = ESP.getFreeHeap(); + + // Servers which implement RFC6066's Maximum Fragment Length Negotiation + // can be configured to limit the size of TLS fragments they transmit. + // This lets small clients, like the ESP8266, use a smaller memory buffer + // on the receive end (all the way down to under 1KB). Unfortunately, + // as of March 2018, there are not many public HTTPS servers which + // implement this option. You can deploy your own HTTPS or MQTT server + // with MFLN enabled, of course. + // + // To determine if MFLN is supported by a server use the + // ::probeMaxFragmentLength() method before connecting, and if it + // returns true then you can use the ::setBufferSizes(rx, tx) to shrink + // the needed BearSSL memory while staying within protocol limits. + // + // If MFLN is not supported, you may still be able to mimimize the buffer + // sizes assuming you can ensure the server never transmits fragments larger + // than the size (i.e. by using HTTP GET RANGE methods, etc.). + + WiFiClientBearSSL client; + client.setInsecure(); + bool mfln = client.probeMaxFragmentLength("tls.mbed.org", 443, 1024); + Serial.printf("\nConnecting to https://tls.mbed.org\n"); + Serial.printf("MFLN supported: %s\n", mfln ? "yes" : "no"); + if (mfln) { + client.setBufferSizes(1024, 1024); + } + client.connect("tls.mbed.org", 443); + if (client.connected()) { + Serial.printf("Memory used: %d\n", ret - ESP.getFreeHeap()); + ret -= ESP.getFreeHeap(); + fetch(&client); + } else { + Serial.printf("Unable to connect\n"); + } + return ret; +} + +void setup() { + Serial.begin(115200); + + delay(1000); + Serial.println(); + Serial.println(); + + // We start by connecting to a WiFi network + Serial.print("Connecting to "); + Serial.print(ssid); + + WiFi.mode(WIFI_STA); + WiFi.begin(ssid, pass); + + while (WiFi.status() != WL_CONNECTED) { + delay(500); + Serial.print("."); + } + Serial.println(""); + + Serial.println("WiFi connected"); + Serial.println("IP address: "); + Serial.println(WiFi.localIP()); +} + +void loop() { + Serial.printf("\n\n\n\n\n"); + + yield(); + int a = fetchNoMaxFragmentLength(); + yield(); + int b = fetchMaxFragmentLength(); + yield(); + + Serial.printf("\n\n"); + Serial.printf("Default SSL: %d bytes used\n", a); + Serial.printf("1024 byte MFLN SSL: %d bytes used\n", b); +} diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino b/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino new file mode 100644 index 0000000000..b49ed3e7d8 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino @@ -0,0 +1,179 @@ +/* + Demonstrate the usage of WiFiServerBearSSL. + By Earle F. Philhower, III + + A simple HTTPS server is implemented with a self-signed + certificate for the ESP8266. + + This is NOT the best way to implement a HTTPS website on the + ESP8266. Please see the ESP8266WebServerBearSSL example for + a much better way of doing this! + + IMPORTANT NOTES ABOUT SSL CERTIFICATES + + 1. USE/GENERATE YOUR OWN CERTIFICATES + While a sample, self-signed certificate is included in this example, + it is ABSOLUTELY VITAL that you use your own SSL certificate in any + real-world deployment. Anyone with the certificate and key may be + able to decrypt your traffic, so your own keys should be kept in a + safe manner, not accessible on any public network. + + 2. HOW TO GENERATE YOUR OWN CERTIFICATE/KEY PAIR + It is easy to use OpenSSL to generate a self-signed certificate + openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days 4096 + + You may also, of course, use a commercial, trusted SSL provider to + generate your certificate. + + Included with this example are *SAMPLE* certs and keys. They are NOT + SECURE, since they're shared with all copies of the repo, so + DO NOT USE THE SAMPLE CERTS, KEYS, OR CAS IN YOUR OWN PROJECT!!! + + Run this example and then try connecting to the server https://IP. + + This example is released into the public domain. +*/ + +#include +#include + +const char *ssid = "...."; +const char *pass = "...."; + +// The HTTPS server +WiFiServerBearSSL server(443); + +// The server's private key which must be kept secret +const char server_private_key[] PROGMEM = R"EOF( +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDJblrg47vF3qlE +NMRM7uG8QwE6v/AKpxOL+CLb/32s+dW9Psgf+oZKJgzGkYUoJdWpLitTmTZeykAs +Sq7Iax5Rq/mGqyAc7oJAUUAupfNRU0KwkD1XqtpQWEFoiqoIqZbOZ4CRX5q8z/MN +BH1aPVBMKaL33uwknkgJBzxwZJ2+uGKxRJt8+koj1CXgUCk5lEAEEG5kqE326MjN +O/c4gBqulBV8AIoq6/trY3apTS7FEOiN47qh1PVzoBm/oGVwXvoZAZOj7+gGGo91 +sBC5oHJy5Y2BOcNB3opTNXQTiK3Z80b5wc3iQS+h83qAfHwhs6tfAW22WkAf+jtt +x8KdRWFNAgMBAAECggEAPd+jFL9/d1lc/zGCNuuN9YlTgFti/bKyo2UWOCOz1AVu +LVJyoLgQtggYFoqur1Vn2y7uaiB+/gD8U16hb7jPuGCuJjq8g4aUBfOvVmTtZ8a+ +joPQA/TcWJ+zf8xQTJbjVwWeDYmje2oZC5+cbbK1zp9fiuoz+U+RawyI+TE+700i +ESCmsKFIHy2Ifruva8HgcPYIPpZ9zLxJj0Dii+WDs7zM9h2dzO4HfImSG/DPmgoV +ydo9IcrUE7KoMLa8Uo7u1b2h6BnTn7GfYiMSUsYcYR3CnpDBknBWjZMwrV0uqv9q +TbVc4QXt+c1q89HDg7BIJaOAzbCvJfgAfXUqZyqwQQKBgQD5ENFjicUzCqPw7fOy +Q5Z8GeUbIJ5urT1MheAq7SPd2kK8TsO3hUjNC0LLNSyKPs6gsYaIiObO3wDGeZZk +xeHBhrUVaz2nIjI7TrnCUpMDOrdxcPr4bc+ifV5YT4W3OFBWQ9chQEx3Nm3DbiX4 +fpno34AiFrJF791JkTPFj9OIUQKBgQDPCgcae1pQr77q+GL5Q2tku3RrE4cWtExf +m8DzAb4Vxe3EhPz8bVr+71rqr/KqNfG1uKE3sT0fhB6VMTkHTOQU13jDrvpPUS3W +Vg8cVr5/+iiyF0xb+W8LQ+GVdR5xnMPSZHUtXyURvtzT4nnTAlAtN7lEytX9BzbX +xhltOOwGPQKBgA/Y/BnDSGLpCGlqGpl7J3YaB7PkLXCJYV8fHZZdpGyXWKu2r0lc +F7fEQanAZmcde/RJl2/UlisPkXMPhXxAAw9XTOph+nhJ+rw/VB6DNot8DvQO5kks +Y4vJQlmIJc/0q1fx1RxuhO8I7Y8D0TKwi4Z/wh1pKEq+6mul649kiWchAoGAWn8B +l9uvIHGRO9eSO23ytTcSrfL9Kzln4KqN7iom0hGP2kRe6F9MVP5+ePKrWSb3Hf0z +ysoX83ymeYPob352e32rda04EA9lv7giJrrrzbikrSNt5w3iMcRcCB4HTpW9Kmtq +pIhgBZ+tmpf1s/vg28LtoloeqtjKagpW9tzYnekCgYAZFZ84EGqS9SHw5LELgGY4 +mQLMwbYZ6wBMA2PlqYi/17hoAVWz37mLDjtWDB4ir78QMoGbesQVtK9W/4vzmez4 +ZLKlffdL5tCtA08Gq9aond1z83Xdnh1UjtwHIJvJPc/AoCFW1r5skv/G6acAk6I2 +Zs0aiirNGTEymRX4rw26Qg== +-----END PRIVATE KEY----- +)EOF"; + +// The server's public certificate which must be shared +const char server_cert[] PROGMEM = R"EOF( +-----BEGIN CERTIFICATE----- +MIIDUTCCAjmgAwIBAgIJAOcfK7c3JQtnMA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV +BAYTAkFVMQ0wCwYDVQQIDAROb25lMQ0wCwYDVQQKDAROb25lMRIwEAYDVQQDDAlF +U1BTZXJ2ZXIwHhcNMTgwMzE0MTg1NTQ1WhcNMjkwNTMxMTg1NTQ1WjA/MQswCQYD +VQQGEwJBVTENMAsGA1UECAwETm9uZTENMAsGA1UECgwETm9uZTESMBAGA1UEAwwJ +RVNQU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW5a4OO7 +xd6pRDTETO7hvEMBOr/wCqcTi/gi2/99rPnVvT7IH/qGSiYMxpGFKCXVqS4rU5k2 +XspALEquyGseUav5hqsgHO6CQFFALqXzUVNCsJA9V6raUFhBaIqqCKmWzmeAkV+a +vM/zDQR9Wj1QTCmi997sJJ5ICQc8cGSdvrhisUSbfPpKI9Ql4FApOZRABBBuZKhN +9ujIzTv3OIAarpQVfACKKuv7a2N2qU0uxRDojeO6odT1c6AZv6BlcF76GQGTo+/o +BhqPdbAQuaBycuWNgTnDQd6KUzV0E4it2fNG+cHN4kEvofN6gHx8IbOrXwFttlpA +H/o7bcfCnUVhTQIDAQABo1AwTjAdBgNVHQ4EFgQUBEk8LqgV+sMjdl/gpP1OlcNW +14EwHwYDVR0jBBgwFoAUBEk8LqgV+sMjdl/gpP1OlcNW14EwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAO1IrqW21KfzrxKmtuDSHdH5YrC3iOhiF/kaK +xXbigdtw6KHW/pIhGiA3BY5u+d5eVuHTR5YSwIbbRvOjuoNBATAw/8f5mt5Wa+C3 +PDpLNxDys561VbCW45RMQ0x5kybvDYi0D1R/grqZ18veuFSfE6QMJ/mzvr575fje +8r5Ou0IZOYYF8cyqG5rA4U7BYXEnH44VgwlpkF8pitPsnyUWaAYqE0KnZ0qw0Py4 +HCkfGJNlNOOamnr6KakVlocwKY0SdxcLoXSs5ogTQvTSrAOjwcm1RA0hOCXr8f/f +UsQIIGpPVh1plR1vYNndDeBpRJSFkoJTkgAIrlFzSMwNebU0pg== +-----END CERTIFICATE----- +)EOF"; + +void setup() { + Serial.begin(115200); + Serial.println(); + Serial.println(); + + // We start by connecting to a WiFi network + Serial.print("Connecting to "); + Serial.println(ssid); + WiFi.mode(WIFI_STA); + WiFi.begin(ssid, pass); + + while (WiFi.status() != WL_CONNECTED) { + delay(500); + Serial.print("."); + } + Serial.println(""); + + Serial.println("WiFi connected"); + Serial.println("IP address: "); + Serial.println(WiFi.localIP()); + + // Attach the server private cert/key combo + BearSSLX509List *serverCertList = new BearSSLX509List(server_cert); + BearSSLPrivateKey *serverPrivKey = new BearSSLPrivateKey(server_private_key); + server.setRSACert(serverCertList, serverPrivKey); + + // Actually start accepting connections + server.begin(); +} + +static const char *HTTP_RES = + "HTTP/1.0 200 OK\r\n" + "Connection: close\r\n" + "Content-Length: 62\r\n" + "Content-Type: text/html; charset=iso-8859-1\r\n" + "\r\n" + "\r\n" + "\r\n" + "

Hello from ESP8266!

\r\n" + "\r\n" + "\r\n"; + +void loop() { + WiFiClientBearSSL incoming = server.available(); + if (!incoming) { + return; + } + Serial.println("Incoming connection...\n"); + + // Ugly way to wait for \r\n (i.e. end of HTTP request which we don't actually parse here) + uint32_t timeout=millis() + 1000; + int lcwn = 0; + for (;;) { + unsigned char x=0; + if (millis() > timeout) { + goto client_drop; + } else if (incoming.available() && incoming.read(&x, 1) < 0) { + goto client_drop; + } else if (!x) { + yield(); + continue; + } else if (x == 0x0D) { + continue; + } else if (x == 0x0A) { + if (lcwn) { + break; + } + lcwn = 1; + } else + lcwn = 0; + } + incoming.write((uint8_t*)HTTP_RES, strlen(HTTP_RES)); + incoming.flush(); + +client_drop: + incoming.stop(); + Serial.printf("Connection closed.\n"); +} diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Server/DO-NOT-USE-THESE-CERTS-IN-YOUR-OWN-APPS b/libraries/ESP8266WiFi/examples/BearSSL_Server/DO-NOT-USE-THESE-CERTS-IN-YOUR-OWN-APPS new file mode 100644 index 0000000000..e69de29bb2 diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Server/cert.pem b/libraries/ESP8266WiFi/examples/BearSSL_Server/cert.pem new file mode 100644 index 0000000000..47238368aa --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_Server/cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUTCCAjmgAwIBAgIJAOcfK7c3JQtnMA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV +BAYTAkFVMQ0wCwYDVQQIDAROb25lMQ0wCwYDVQQKDAROb25lMRIwEAYDVQQDDAlF +U1BTZXJ2ZXIwHhcNMTgwMzE0MTg1NTQ1WhcNMjkwNTMxMTg1NTQ1WjA/MQswCQYD +VQQGEwJBVTENMAsGA1UECAwETm9uZTENMAsGA1UECgwETm9uZTESMBAGA1UEAwwJ +RVNQU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW5a4OO7 +xd6pRDTETO7hvEMBOr/wCqcTi/gi2/99rPnVvT7IH/qGSiYMxpGFKCXVqS4rU5k2 +XspALEquyGseUav5hqsgHO6CQFFALqXzUVNCsJA9V6raUFhBaIqqCKmWzmeAkV+a +vM/zDQR9Wj1QTCmi997sJJ5ICQc8cGSdvrhisUSbfPpKI9Ql4FApOZRABBBuZKhN +9ujIzTv3OIAarpQVfACKKuv7a2N2qU0uxRDojeO6odT1c6AZv6BlcF76GQGTo+/o +BhqPdbAQuaBycuWNgTnDQd6KUzV0E4it2fNG+cHN4kEvofN6gHx8IbOrXwFttlpA +H/o7bcfCnUVhTQIDAQABo1AwTjAdBgNVHQ4EFgQUBEk8LqgV+sMjdl/gpP1OlcNW +14EwHwYDVR0jBBgwFoAUBEk8LqgV+sMjdl/gpP1OlcNW14EwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAO1IrqW21KfzrxKmtuDSHdH5YrC3iOhiF/kaK +xXbigdtw6KHW/pIhGiA3BY5u+d5eVuHTR5YSwIbbRvOjuoNBATAw/8f5mt5Wa+C3 +PDpLNxDys561VbCW45RMQ0x5kybvDYi0D1R/grqZ18veuFSfE6QMJ/mzvr575fje +8r5Ou0IZOYYF8cyqG5rA4U7BYXEnH44VgwlpkF8pitPsnyUWaAYqE0KnZ0qw0Py4 +HCkfGJNlNOOamnr6KakVlocwKY0SdxcLoXSs5ogTQvTSrAOjwcm1RA0hOCXr8f/f +UsQIIGpPVh1plR1vYNndDeBpRJSFkoJTkgAIrlFzSMwNebU0pg== +-----END CERTIFICATE----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Server/key.pem b/libraries/ESP8266WiFi/examples/BearSSL_Server/key.pem new file mode 100644 index 0000000000..4d270b18b5 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_Server/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDJblrg47vF3qlE +NMRM7uG8QwE6v/AKpxOL+CLb/32s+dW9Psgf+oZKJgzGkYUoJdWpLitTmTZeykAs +Sq7Iax5Rq/mGqyAc7oJAUUAupfNRU0KwkD1XqtpQWEFoiqoIqZbOZ4CRX5q8z/MN +BH1aPVBMKaL33uwknkgJBzxwZJ2+uGKxRJt8+koj1CXgUCk5lEAEEG5kqE326MjN +O/c4gBqulBV8AIoq6/trY3apTS7FEOiN47qh1PVzoBm/oGVwXvoZAZOj7+gGGo91 +sBC5oHJy5Y2BOcNB3opTNXQTiK3Z80b5wc3iQS+h83qAfHwhs6tfAW22WkAf+jtt +x8KdRWFNAgMBAAECggEAPd+jFL9/d1lc/zGCNuuN9YlTgFti/bKyo2UWOCOz1AVu +LVJyoLgQtggYFoqur1Vn2y7uaiB+/gD8U16hb7jPuGCuJjq8g4aUBfOvVmTtZ8a+ +joPQA/TcWJ+zf8xQTJbjVwWeDYmje2oZC5+cbbK1zp9fiuoz+U+RawyI+TE+700i +ESCmsKFIHy2Ifruva8HgcPYIPpZ9zLxJj0Dii+WDs7zM9h2dzO4HfImSG/DPmgoV +ydo9IcrUE7KoMLa8Uo7u1b2h6BnTn7GfYiMSUsYcYR3CnpDBknBWjZMwrV0uqv9q +TbVc4QXt+c1q89HDg7BIJaOAzbCvJfgAfXUqZyqwQQKBgQD5ENFjicUzCqPw7fOy +Q5Z8GeUbIJ5urT1MheAq7SPd2kK8TsO3hUjNC0LLNSyKPs6gsYaIiObO3wDGeZZk +xeHBhrUVaz2nIjI7TrnCUpMDOrdxcPr4bc+ifV5YT4W3OFBWQ9chQEx3Nm3DbiX4 +fpno34AiFrJF791JkTPFj9OIUQKBgQDPCgcae1pQr77q+GL5Q2tku3RrE4cWtExf +m8DzAb4Vxe3EhPz8bVr+71rqr/KqNfG1uKE3sT0fhB6VMTkHTOQU13jDrvpPUS3W +Vg8cVr5/+iiyF0xb+W8LQ+GVdR5xnMPSZHUtXyURvtzT4nnTAlAtN7lEytX9BzbX +xhltOOwGPQKBgA/Y/BnDSGLpCGlqGpl7J3YaB7PkLXCJYV8fHZZdpGyXWKu2r0lc +F7fEQanAZmcde/RJl2/UlisPkXMPhXxAAw9XTOph+nhJ+rw/VB6DNot8DvQO5kks +Y4vJQlmIJc/0q1fx1RxuhO8I7Y8D0TKwi4Z/wh1pKEq+6mul649kiWchAoGAWn8B +l9uvIHGRO9eSO23ytTcSrfL9Kzln4KqN7iom0hGP2kRe6F9MVP5+ePKrWSb3Hf0z +ysoX83ymeYPob352e32rda04EA9lv7giJrrrzbikrSNt5w3iMcRcCB4HTpW9Kmtq +pIhgBZ+tmpf1s/vg28LtoloeqtjKagpW9tzYnekCgYAZFZ84EGqS9SHw5LELgGY4 +mQLMwbYZ6wBMA2PlqYi/17hoAVWz37mLDjtWDB4ir78QMoGbesQVtK9W/4vzmez4 +ZLKlffdL5tCtA08Gq9aond1z83Xdnh1UjtwHIJvJPc/AoCFW1r5skv/G6acAk6I2 +Zs0aiirNGTEymRX4rw26Qg== +-----END PRIVATE KEY----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino new file mode 100644 index 0000000000..de6df054da --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino @@ -0,0 +1,259 @@ +/* + Demonstrate the usage of client certificate validation + for WiFiServerBearSSL. + By Earle F. Philhower, III + + TLS servers can require that a client present it with an X.509 + certificate signed by a trusted authority. Clients which try + and connect without a x.509 key, or with an x.509 key not signed + by the trusted authority (which could be a self-signing CA) + can not connect. + + This example uses a predefined CA and any number of client + certificates. Clients will need both their X.509 cert and their + private key, both of which are generated in the signing process. + + To run this example: + 1. Generate a private certificate-authority certificate and key: + openssl genrsa -out ca_key.pem 2048 + openssl req -x509 -new -nodes -key ca_key.pem -days 4096 -config ca.conf -out ca_cer.pem + + KEEP ca_key.pem ABSOLUTELY SECURE, WITH IT ANYONE CAN MAKE CERTS + SIGNED BY YOU! + + DO NOT UPLOAD ca_key.pem TO THE ESP8266, IT'S NOT NEEDED (SEE BELOW)! + + ca_cer.pem is the Public X.509 certificate for your signing authority + and can(must) be shared and included in the server as the trust root. + + 2. Generate a private server certificate and key pair (using the + self-signed CA or any other CA you'd like) + openssl genrsa -out server_key.pem 2048 + openssl req -out server_req.csr -key server_key.pem -new -config server.conf + openssl x509 -req -in server_req.csr -out server_cer.pem -sha256 -CAcreateserial -days 4000 -CA ca_cer.pem -CAkey ca_key.pem + + KEEP server_key.pem SECURE, IT IS YOUR SERVER'S PRIVATE KEY. + THIS WILL BE STORED IN THE SERVER ALONE. CLIENTS DO NOT NEED IT! + + server_cer.pem *CAN* BE SHARED WITH CLIENTS, OR THE CLIENTS CAN SIMPLY + USE YOUR SELF-SIGNED CA_CER.PEM + + 3. Generate any number of private client certificate/key pairs (using the + private CA above) + openssl genrsa -out client1_key.pem 2048 + openssl req -out client1_req.csr -key client1_key.pem -new -config client.conf + openssl x509 -req -in client1_req.csr -out client1_cer.pem -sha256 -CAcreateserial -days 4000 -CA ca_cer.pem -CAkey ca_key.pem + + Every client should have its own unique certificate generated and + a copy of that specific client's private key. + + DO NOT SHARE THE PRIVATE KEY GENERATED ABOVE! + + Included with this example are *SAMPLE* certs and keys. They are NOT + SECURE, since they're shared with all copies of the repo, so + DO NOT USE THE SAMPLE CERTS, KEYS, OR CAS IN YOUR OWN PROJECT!!! + + Run this example and then try connecting to the server IP:4433. + If you don't specify the client cert and key on the WGET command + line, you will not get connected. + + ex: wget --quiet --O - --no-check-certificate --certificate=client1_cer.pem --private-key=client1_key.pem https://esp.ip.add.ress/ + + This example is released into the public domain. +*/ + +#include +#include + +const char *ssid = "...."; +const char *pass = "...."; + +// The server which will require a client cert signed by the trusted CA +WiFiServerBearSSL server(443); + +// The hardcoded certificate authority for this example. +// Don't use it on your own apps!!!!! +const char ca_cert[] PROGMEM = R"EOF( +-----BEGIN CERTIFICATE----- +MIIC1TCCAb2gAwIBAgIJAMPt1Ms37+hLMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV +BAYTAlVTMRIwEAYDVQQDDAkxMjcuMC4wLjMwHhcNMTgwMzE0MDQyMTU0WhcNMjkw +NTMxMDQyMTU0WjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAwwJMTI3LjAuMC4zMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsa4qU/tlzN4YTcnn/I/ffsi +jOPc8QRcwClKzasIZNFEye4uThl+LGZWFIFb8X8Dc+xmmBaWlPJbqtphgFKStpar +DdduHSW1ud6Y1FVKxljo3UwCMrYm76Q/jNzXJvGs6Z1MDNsVZzGJaoqit2H2Hkvk +y+7kk3YbEDlcyVsLOw0zCKL4cd2DSNDyhIZxWo2a8Qn5IdjWAYtsTnW6MvLk/ya4 +abNeRfSZwi+r37rqi9CIs++NpL5ynqkKKEMrbeLactWgHbWrZeaMyLpuUEL2GF+w +MRaAwaj7ERwT5gFJRqYwj6bbfIdx5PC7h7ucbyp272MbrDa6WNBCMwQO222t4wID +AQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmXfrC42nW +IpL3JDkB8YlB2QUvD9JdMp98xxo33+xE69Gov0e6984F1Gluao0p6sS7KF+q3YLS +4hjnzuGzF9GJMimIB7NMQ20yXKfKpmKJ7YugMaKTDWDhHn5679mKVbLSQxHCUMEe +tEnMT93/UaDbWBjV6zu876q5vjPMYgDHODqO295ySaA71UkijaCn6UwKUT49286T +V9ZtzgabNGHXfklHgUPWoShyze+G3g29I1BR0qABoJI63zaNu8ua42v5g1RldxsW +X8yKI14mFOGxuvcygG8L2xxysW7Zq+9g+O7gW0Pm6RDYnUQmIwY83h1KFCtYCJdS +2PgozwkkUNyP +-----END CERTIFICATE----- +)EOF"; + +// The server's private key which must be kept secret +const char server_private_key[] PROGMEM = R"EOF( +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsRNVTvqP++YUh8NrbXwE83xVsDqcB3F76xcXNKFDERfVd2P/ +LvyDovCcoQtT0UCRgPcxRp894EuPH/Ru6Z2Lu85sV//i7ce27tc2WRFSfuhlRxHP +LJWHxTl1CEfXp/owkECQ4MB3pw6Ekc16iTEPiezTG+T+mQ/BkiIwcIK6CMlpR9DI +eYUTqv0f9NrUfAjdBrqlEO2gpgFvLFrkDEU2ntAIc4aPOP7yDOym/xzfy6TiG8Wo +7nlh6M97xTZGfbEPCH9rZDjo5istym1HzF5P+COq+OTSPscjFGXoi978o6hZwa7i +zxorg4h5a5lGnshRu2Gl+Ybfa14OwnIrv/yCswIDAQABAoIBAHxwgbsHCriTcEoY +Yx6F0VTrQ6ydA5mXfuYvS/eIfIE+pp1IgMScYEXZobjrJPQg1CA1l0NyFSHS97oV +JPy34sMQxcLx6KABgeVHCMJ/EeJtnv7a3SUP0GIhhsVS95Lsl8RIG4hWub+EzFVK +eZqAB9N9wr4Pp3wZPodbz37B38rb1QPyMFmQOLlHjKTOmoxsXhL2ot+R3+aLYSur +oPO1kQo7/d0UAZoy8h9OQN4a2EXvawh4O2EvFGbc5X/yXwAdEQ4NPp9VZhkNIRkV ++XZ3FcIqEVOploKtRF/tVBTz3g61/lFz21L9PMmV5y8tvSafr2SpJugGVmp2rrVQ +VNyGlIECgYEA10JSI5gmeCU3zK6kvOfBp54hY/5dDrSUpjKkMxpmm7WZQ6Il/k7A +hMcLeMzHiriT7WhRIXF8AOr2MoEkHkH3DhVNN4ccieVZx2SE5P5mVkItZGLrrpfU +dysR/ARAI1HYegGUiKacZtf9SrRavU0m7fOVOiYwbFRhjyX+MyuteYkCgYEA0pbz +4ZosetScP68uZx1sGlTfkcqLl7i15DHk3gnj6jKlfhvC2MjeLMhNDtKeUAuY7rLQ +guZ0CCghWAv0Glh5eYdfIiPhgqFfX4P5F3Om4zQHVPYj8xHfHG4ZP7dKQTndrO1Q +fLdGDTQLVXabAUSp2YGrijC8J9idSW1pYClvF1sCgYEAjkDn41nzYkbGP1/Swnwu +AEWCL4Czoro32jVxScxSrugt5wJLNWp508VukWBTJhugtq3Pn9hNaJXeKbYqVkyl +pgrxwpZph7+nuxt0r5hnrO2C7eppcjIoWLB/7BorAKxf8REGReBFT7nBTBMwPBW2 +el4U6h6+tXh2GJG1Eb/1nnECgYAydVb0THOx7rWNkNUGggc/++why61M6kYy6j2T +cj05BW+f2tkCBoctpcTI83BZb53yO8g4RS2yMqNirGKN2XspwmTqEjzbhv0KLt4F +X4GyWOoU0nFksXiLIFpOaQWSwWG7KJWrfGJ9kWXR0Xxsfl5QLoDCuNCsn3t4d43T +K7phlwKBgHDzF+50+/Wez3YHCy2a/HgSbHCpLQjkknvgwkOh1z7YitYBUm72HP8Z +Ge6b4wEfNuBdlZll/y9BQQOZJLFvJTE5t51X9klrkGrOb+Ftwr7eI/H5xgcadI52 +tPYglR5fjuRF/wnt3oX9JlQ2RtSbs+3naXH8JoherHaqNn8UpH0t +-----END RSA PRIVATE KEY----- +)EOF"; + +// The server's public certificate which must be shared +const char server_cert[] PROGMEM = R"EOF( +-----BEGIN CERTIFICATE----- +MIIDTzCCAjcCCQDPXvMRYOpeuDANBgkqhkiG9w0BAQsFADCBpjESMBAGA1UEAwwJ +MTI3LjAuMC4xMQswCQYDVQQGEwJVUzElMCMGA1UECgwcTXkgT3duIENlcnRpZmlj +YXRlIEF1dGhvcml0eTEUMBIGA1UECAwLQXJkdWlub0xhbmQxFTATBgNVBAcMDEFy +ZHVpbm9WaWxsZTEVMBMGA1UECgwMRVNQODI2NlVzZXJzMRgwFgYDVQQLDA9FU1A4 +MjY2LUFyZHVpbm8wHhcNMTgwMzE0MDQwMDAwWhcNMjkwMjI0MDQwMDAwWjAsMRYw +FAYDVQQKDA1NeSBTZXJ2ZXIgT3JnMRIwEAYDVQQDDAkxMjcuMC4wLjMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxE1VO+o/75hSHw2ttfATzfFWwOpwH +cXvrFxc0oUMRF9V3Y/8u/IOi8JyhC1PRQJGA9zFGnz3gS48f9G7pnYu7zmxX/+Lt +x7bu1zZZEVJ+6GVHEc8slYfFOXUIR9en+jCQQJDgwHenDoSRzXqJMQ+J7NMb5P6Z +D8GSIjBwgroIyWlH0Mh5hROq/R/02tR8CN0GuqUQ7aCmAW8sWuQMRTae0Ahzho84 +/vIM7Kb/HN/LpOIbxajueWHoz3vFNkZ9sQ8If2tkOOjmKy3KbUfMXk/4I6r45NI+ +xyMUZeiL3vyjqFnBruLPGiuDiHlrmUaeyFG7YaX5ht9rXg7Cciu//IKzAgMBAAEw +DQYJKoZIhvcNAQELBQADggEBAEnG+FNyNCOkBvzHiUpHHpScxZqM2f+XDcewJgeS +L6HkYEDIZZDNnd5gduSvkHpdJtWgsvJ7dJZL40w7Ba5sxpZHPIgKJGl9hzMkG+aA +z5GMkjys9h2xpQZx9KL3q7G6A+C0bll7ODZlwBtY07CFMykT4Mp2oMRrQKRucMSV +AB1mKujLAnMRKJ3NM89RQJH4GYiRps9y/HvM5lh7EIK/J0/nEZeJxY5hJngskPKb +oPPdmkR97kaQnll4KNsC3owVlHVU2fMftgYkgQLzyeWgzcNa39AF3B6JlcOzNyQY +seoK24dHmt6tWmn/sbxX7Aa6TL/4mVlFoOgcaTJyVaY/BrY= +-----END CERTIFICATE----- +)EOF"; + +// Note there are no client certificates required here in the server. +// That is because all clients will send a certificate that can be +// proven to be signed by the public CA certificate included at the +// head of the app. + +// Set time via NTP, as required for x.509 validation +void setClock() +{ + configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov"); + + Serial.print("Waiting for NTP time sync: "); + time_t now = time(nullptr); + while (now < 8 * 3600 * 2) { + delay(500); + Serial.print("."); + now = time(nullptr); + } + Serial.println(""); + struct tm timeinfo; + gmtime_r(&now, &timeinfo); + Serial.print("Current time: "); + Serial.print(asctime(&timeinfo)); +} + +void setup() { + Serial.begin(115200); + Serial.println(); + Serial.println(); + + // We start by connecting to a WiFi network + Serial.print("Connecting to "); + Serial.println(ssid); + WiFi.mode(WIFI_STA); + WiFi.begin(ssid, pass); + + while (WiFi.status() != WL_CONNECTED) { + delay(500); + Serial.print("."); + } + Serial.println(""); + + Serial.println("WiFi connected"); + Serial.println("IP address: "); + Serial.println(WiFi.localIP()); + + setClock(); // Required for X.509 validation + + // Attach the server private cert/key combo + BearSSLX509List *serverCertList = new BearSSLX509List(server_cert); + BearSSLPrivateKey *serverPrivKey = new BearSSLPrivateKey(server_private_key); + server.setRSACert(serverCertList, serverPrivKey); + + // Require a certificate validated by the trusted CA + BearSSLX509List *serverTrustedCA = new BearSSLX509List(ca_cert); + server.setClientTrustAnchor(serverTrustedCA); + + // Actually start accepting connections + server.begin(); +} + +static const char *HTTP_RES = + "HTTP/1.0 200 OK\r\n" + "Connection: close\r\n" + "Content-Length: 59\r\n" + "Content-Type: text/html; charset=iso-8859-1\r\n" + "\r\n" + "\r\n" + "\r\n" + "

Hello my friend!

\r\n" + "\r\n" + "\r\n"; + +void loop() { + WiFiClientBearSSL incoming = server.available(); + if (!incoming) { + return; + } + Serial.println("Incoming connection...\n"); + + // Ugly way to wait for \r\n (i.e. end of HTTP request which we don't actually parse here) + uint32_t timeout=millis() + 1000; + int lcwn = 0; + for (;;) { + unsigned char x=0; + if (millis() > timeout) { + goto client_drop; + } else if (incoming.available() && incoming.read(&x, 1) < 0) { + goto client_drop; + } else if (!x) { + yield(); + continue; + } else if (x == 0x0D) { + continue; + } else if (x == 0x0A) { + if (lcwn) { + break; + } + lcwn = 1; + } else + lcwn = 0; + } + incoming.write((uint8_t*)HTTP_RES, strlen(HTTP_RES)); + incoming.flush(); + +client_drop: + incoming.stop(); + Serial.printf("Connection closed.\n"); +} diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/DO-NOT-USE-THESE-CERTS-IN-YOUR-OWN-APPS b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/DO-NOT-USE-THESE-CERTS-IN-YOUR-OWN-APPS new file mode 100644 index 0000000000..e69de29bb2 diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca.conf b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca.conf new file mode 100644 index 0000000000..028b10e347 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca.conf @@ -0,0 +1,12 @@ +[ req ] +prompt = no +default_bits = 2048 +distinguished_name = req_dn +x509_extensions = v3_req + +[ req_dn ] +C = US +CN = 127.0.0.3 + +[v3_req] +basicConstraints=CA:TRUE diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_cer.pem b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_cer.pem new file mode 100644 index 0000000000..416c9bef94 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_cer.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1TCCAb2gAwIBAgIJAMPt1Ms37+hLMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV +BAYTAlVTMRIwEAYDVQQDDAkxMjcuMC4wLjMwHhcNMTgwMzE0MDQyMTU0WhcNMjkw +NTMxMDQyMTU0WjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAwwJMTI3LjAuMC4zMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsa4qU/tlzN4YTcnn/I/ffsi +jOPc8QRcwClKzasIZNFEye4uThl+LGZWFIFb8X8Dc+xmmBaWlPJbqtphgFKStpar +DdduHSW1ud6Y1FVKxljo3UwCMrYm76Q/jNzXJvGs6Z1MDNsVZzGJaoqit2H2Hkvk +y+7kk3YbEDlcyVsLOw0zCKL4cd2DSNDyhIZxWo2a8Qn5IdjWAYtsTnW6MvLk/ya4 +abNeRfSZwi+r37rqi9CIs++NpL5ynqkKKEMrbeLactWgHbWrZeaMyLpuUEL2GF+w +MRaAwaj7ERwT5gFJRqYwj6bbfIdx5PC7h7ucbyp272MbrDa6WNBCMwQO222t4wID +AQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmXfrC42nW +IpL3JDkB8YlB2QUvD9JdMp98xxo33+xE69Gov0e6984F1Gluao0p6sS7KF+q3YLS +4hjnzuGzF9GJMimIB7NMQ20yXKfKpmKJ7YugMaKTDWDhHn5679mKVbLSQxHCUMEe +tEnMT93/UaDbWBjV6zu876q5vjPMYgDHODqO295ySaA71UkijaCn6UwKUT49286T +V9ZtzgabNGHXfklHgUPWoShyze+G3g29I1BR0qABoJI63zaNu8ua42v5g1RldxsW +X8yKI14mFOGxuvcygG8L2xxysW7Zq+9g+O7gW0Pm6RDYnUQmIwY83h1KFCtYCJdS +2PgozwkkUNyP +-----END CERTIFICATE----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_cer.srl b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_cer.srl new file mode 100644 index 0000000000..bec2d5b2ea --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_cer.srl @@ -0,0 +1 @@ +A25EB184B01D7FBB diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_key.pem b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_key.pem new file mode 100644 index 0000000000..43027f189c --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/ca_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxsa4qU/tlzN4YTcnn/I/ffsijOPc8QRcwClKzasIZNFEye4u +Thl+LGZWFIFb8X8Dc+xmmBaWlPJbqtphgFKStparDdduHSW1ud6Y1FVKxljo3UwC +MrYm76Q/jNzXJvGs6Z1MDNsVZzGJaoqit2H2Hkvky+7kk3YbEDlcyVsLOw0zCKL4 +cd2DSNDyhIZxWo2a8Qn5IdjWAYtsTnW6MvLk/ya4abNeRfSZwi+r37rqi9CIs++N +pL5ynqkKKEMrbeLactWgHbWrZeaMyLpuUEL2GF+wMRaAwaj7ERwT5gFJRqYwj6bb +fIdx5PC7h7ucbyp272MbrDa6WNBCMwQO222t4wIDAQABAoIBABP6hzblRLEMyE2l +GIN3+q+z3R4iDOPgl13tCIqxZQ+VBP/yw46v+0GFK6O1+MLGDFfLa+hfZNUlotcC +Sgh2xC476IdknrmpP6Gl4OB+jhxvdUBA0nu8WR9+97A1xh4w7jswxyMHphgQH4qo +0n/yBaW35RAmO60iksfHrC7EytUtahZkWq13xZsN8VNEn3dS/M54XEEQp+BLXZEh +WTd4sm5ddK58NZwLvkn0zaMyH38tllF7sezxZxWz+q4yCOB1/Xw0BC3e7dqBLtaC +PHrxWedph9sF+HXyDoXXp6S6IfSlXnCwMl0e3xBppIY9BYDnVwZpGxfUAMg26RyH +w5UEmPECgYEA51v0bxjZ/3boOH44glEFfmcJCLacoeQud+DZEMWFxmkApEVn9211 +t1G+N8rnHBiAhi9bDhi3Qs9fvOxXBhqaLw1xV8KGNY8bKiKoUu8y1aeHWPbgmzYp +sfrX70mhgHUgJt4i6xzW5esTmXl3ZAqPWxzECavmoLbHnssouPb5YckCgYEA2/Jj +LPlP4XN8b4NpOhYlHmMEIwD7utIct5/7ydjtucUQAHqJ+EQ20R4MCHc9zTvjeyZ9 +H/Rdxo+L0pwpbqSr0JTxOqQ1GzqstT9jVYNs+tRIQoeskd+Ags34sDJwPIbGUPfz +rBOfcHLwGfAMMBQzk5zT8frAZQV/8H7ejpCxyEsCgYBIptOnX4J1en2J3/kW0yKK +gwiPN+kP3XvKIU2Iur47hBWzgCgZxsHEg2LcWlcgt4EEojJRxukljcFerkjVndz1 +EZ+aE3fZscqx/JgnEv4/oZAbG8uEcgm93iuY9OJGWIF0MyV79150bNGGzGH1hGto +DSxybQzLQxqEfv+WtdeyIQKBgQDPc8GjS8vSQ9EchQAdL4H3NUFTmrvULBW2BInC +in8+9uXu7aVwqzZg60xCN+XszA31vAnMt/ozLHWfQne5ykvcQn985iDI/ACmO5F/ +uKRzuQIm7j0QoZRey9NCrXA7RouLFzOYHDIIKADbFhUIzCURl5w44l/RaOyRc7iL +E2L8HQKBgQC8WK5nT2QYtimzuwQrvSWkWyVu8/z/U8AKTusCV71uL9A6OBiUzJO3 +/3Befn+qt9Nm1ZHqTsJWXIE8LPblhCkvYraq9cJ+KIymWtFVMeR99DN/yTofdyxX +Uw58Z3i5HDK4AzJhBzvk14REw5xOZZLsWAqoMHTCM/T+hVqhD+cjAw== +-----END RSA PRIVATE KEY----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client.conf b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client.conf new file mode 100644 index 0000000000..a443fc36c1 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client.conf @@ -0,0 +1,8 @@ +[ req ] +prompt = no +default_bits = 2048 +distinguished_name = req_dn + +[ req_dn ] +O = My Client Org +CN = 127.0.0.2 diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_cer.pem b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_cer.pem new file mode 100644 index 0000000000..e98e95f0b8 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_cer.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyTCCAbECCQCiXrGEsB1/uzANBgkqhkiG9w0BAQsFADAhMQswCQYDVQQGEwJV +UzESMBAGA1UEAwwJMTI3LjAuMC4zMB4XDTE4MDMxNDA0MjIwNloXDTI5MDIyNDA0 +MjIwNlowLDEWMBQGA1UECgwNTXkgQ2xpZW50IE9yZzESMBAGA1UEAwwJMTI3LjAu +MC4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MW88nCi2tUrf/Tq +5w+5IvuqTAusaN4eelwS69sd9yXfM/DEgipw7o4t340oGdLVA4b7h1Qwxttw62ki +Z5VecXosg7xbJSjbB4LLLcmvC0pYvCactMWI+k4Na6VA1cS+hMsgnd37Shzo3Gyz +2AxrpMrcANsIaLD+o9Ji/00XmbvA/dKW/sG6vK5rWjNV0JE9WVjAW+eek8doIjh5 +mOKVR7zVeR1cr8wTp48e6LX9oJsv9nfACyIyMGCFp8qa+zQEBNKevohEl9OOi9Vh +H50UU6UEo0ZGAzWF8fp+T4ltTFxr/T0PXn5J2Kk2Wl5Zt5XLt0cDBlrMDpz24ZAQ +go/CDwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA/6HqENDo5gsxWQIyC+fRFEUIy +cJ2lOlGxrf83oc1I5V10A8r6aOcwNoYlMq1Upcu2oAk2Kf5X9pq6EbM7BXuBESm4 +TYYPawv3lHeiX8uX3iUReasDLBTbj4WycteSjI4JUVPvZv8ILznKkKLr2tGV19ha +UfFu/cc3iazMt0jMORd6gznWxkbgY9Qr3V4VNReD0ZUa0s9ANOjnKRIXymRicCRy +HNwSXsj/sQR1lbnI1pkyGlTZaigADlqIsH+XJjYuVxdUge5Cz1+D9kcjF9PjF4V1 +u/lw6sR50qc2k5rC1WK4QLlgoknd5+ZrRiHlZXrJdcj9KnWdh4aGa3jwJpOW +-----END CERTIFICATE----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_key.pem b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_key.pem new file mode 100644 index 0000000000..94e0880d4c --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA5MW88nCi2tUrf/Tq5w+5IvuqTAusaN4eelwS69sd9yXfM/DE +gipw7o4t340oGdLVA4b7h1Qwxttw62kiZ5VecXosg7xbJSjbB4LLLcmvC0pYvCac +tMWI+k4Na6VA1cS+hMsgnd37Shzo3Gyz2AxrpMrcANsIaLD+o9Ji/00XmbvA/dKW +/sG6vK5rWjNV0JE9WVjAW+eek8doIjh5mOKVR7zVeR1cr8wTp48e6LX9oJsv9nfA +CyIyMGCFp8qa+zQEBNKevohEl9OOi9VhH50UU6UEo0ZGAzWF8fp+T4ltTFxr/T0P +Xn5J2Kk2Wl5Zt5XLt0cDBlrMDpz24ZAQgo/CDwIDAQABAoIBAAb5eE8z2+MsCI14 +HAk7U3ubjI+Q84qm6ur0D6edIIa+YtWki3kkbhj3wLJGDWjsIo5e+SAhEvOdEQ48 +QE5EIYL4JI9HmMfDPRo3hJY6xdlkRNxHmRNxykFHS+VyPk3GF8DYqH/nmpeh1f+S +WNFHX6jAfoCQLOt0Ke84pMf/w65uGixdVcXgHRA/n4gKbS84a7nZEl5NqT02wrrA +BRY6pRvcsvFHaf4VEPKXpRE5UxXGMJwtyYfl9Mukszepi6g/Hk2WI499tdgDzM55 +hWLRlW7ZzMILz4aP1LYt7iolKPAEst2rZdSgumIwznZUymIevlo95iYjazX9TWFv +K9LKoeECgYEA9Mj569wGYATBSD1SQzPRMQybDpBgoz+T2tfeqaas2aHcUIUK2v8c +iR5xe3soFOPTaaQBtUgo3S016SR2OLo9xY0ag71mrJZj+zuY+bPO1YMi+qh0/s5E +ZRGMzhAzTmX/5jYQmu6W5ZIAETELMZ4E8p9hW/yG+1oT4Z0csXfP4BkCgYEA70D0 +Ef7e2os/76X7T2PpcLfA/4VPLS/QIbm57eVuc1GX5U7/YXdnqE4Z1pFhR+yJdId0 +iqx9NxTpqxK8QTkswZSeltLXnvWxlZWjsW+GdhwzrLjjA8OAuZqk/uiNVVTavl0M +vjxTJWAiRU3PF9bLeFvF059HuflnFOqwtiyEWGcCgYBOWMUlKJchxGPYq0fZGoyq +Fk7KqotDtOWt9cneoupP/e52Fx8SWPTZLlVEIHcDuKfB+CxTyXTK1d2bcYAlR/bd +c/w4jjZ+puP5VWnxAgwBaqeXcrN/mqVpc+SNT8IcJalyFXvbGuJROBmtZvUePGV5 +Amo29ux9JqeWXqMAakiugQKBgB50MB0SSh+bVfoVMJX8a7xzR1e/CkMAMQf58ha7 ++4EmQ6Vmls87ObCMsHFFdBKJoz13+HemWRHn0Y57BgdvVakWV9Fu6Q9Mytv1fi6Z +uY3TLSixKARUoE//xTzFMShJcsaEZZjZaOP7BqG3s8KfDqs1U0sKnUCo5FwfO3sU +04vFAoGALjVG6v0IpvPFZcJBN8wUuu9cLduyCnUiFsMYgfglXDSkynRS51/7Fxqf +q0ROTeHrKem3iiJ62j7U3tNni2awczWCgTlUjSQzBQo6Cu1UA52M3/XyqVNmfx/g +04dVpDrqFscdIasQcL1UddiwcT2a63RjriBaTETvjegoNVu1XR4= +-----END RSA PRIVATE KEY----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_req.csr b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_req.csr new file mode 100644 index 0000000000..6862a65be1 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/client1_req.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICcTCCAVkCAQAwLDEWMBQGA1UECgwNTXkgQ2xpZW50IE9yZzESMBAGA1UEAwwJ +MTI3LjAuMC4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MW88nCi +2tUrf/Tq5w+5IvuqTAusaN4eelwS69sd9yXfM/DEgipw7o4t340oGdLVA4b7h1Qw +xttw62kiZ5VecXosg7xbJSjbB4LLLcmvC0pYvCactMWI+k4Na6VA1cS+hMsgnd37 +Shzo3Gyz2AxrpMrcANsIaLD+o9Ji/00XmbvA/dKW/sG6vK5rWjNV0JE9WVjAW+ee +k8doIjh5mOKVR7zVeR1cr8wTp48e6LX9oJsv9nfACyIyMGCFp8qa+zQEBNKevohE +l9OOi9VhH50UU6UEo0ZGAzWF8fp+T4ltTFxr/T0PXn5J2Kk2Wl5Zt5XLt0cDBlrM +Dpz24ZAQgo/CDwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAFLPF8/g9IMgQZvk +ZXvgPPPUAvANX3e0mcivjZD1BoqQ7CHeBqDpaaqH6i0qZrRQI6oli69IeQczkrXh +onhzLvCVoWmS1FH9JyWozRO6LeePEtV0jzxBDxHAd3pmlqTwLEpm0LfpBMkMe0Cb +r+3bOvAqW4ILkdSJ5FiAqlubu4+ezSLQTS/EJ+BzLkhuVuERqXFo/tW5KqviYbTL +XbvoLRVydNOUVZ+ts9YAtYLsqGoB6Rax6IzoLz5BXe5edw3FAEuotAJaLgWkBh/A +283zzb0pIUiZdF+8n61Fg4qFMZYYps4Fll4FXTn4mIzsfbJpkPXYGGuKvla46svH +tpAv/so= +-----END CERTIFICATE REQUEST----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server.conf b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server.conf new file mode 100644 index 0000000000..d7ca2ead5a --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server.conf @@ -0,0 +1,8 @@ +[ req ] +prompt = no +default_bits = 2048 +distinguished_name = req_dn + +[ req_dn ] +O = My Server Org +CN = 127.0.0.3 diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server_cer.pem b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server_cer.pem new file mode 100644 index 0000000000..c87cec7203 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server_cer.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTzCCAjcCCQDPXvMRYOpeuDANBgkqhkiG9w0BAQsFADCBpjESMBAGA1UEAwwJ +MTI3LjAuMC4xMQswCQYDVQQGEwJVUzElMCMGA1UECgwcTXkgT3duIENlcnRpZmlj +YXRlIEF1dGhvcml0eTEUMBIGA1UECAwLQXJkdWlub0xhbmQxFTATBgNVBAcMDEFy +ZHVpbm9WaWxsZTEVMBMGA1UECgwMRVNQODI2NlVzZXJzMRgwFgYDVQQLDA9FU1A4 +MjY2LUFyZHVpbm8wHhcNMTgwMzE0MDQwMDAwWhcNMjkwMjI0MDQwMDAwWjAsMRYw +FAYDVQQKDA1NeSBTZXJ2ZXIgT3JnMRIwEAYDVQQDDAkxMjcuMC4wLjMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxE1VO+o/75hSHw2ttfATzfFWwOpwH +cXvrFxc0oUMRF9V3Y/8u/IOi8JyhC1PRQJGA9zFGnz3gS48f9G7pnYu7zmxX/+Lt +x7bu1zZZEVJ+6GVHEc8slYfFOXUIR9en+jCQQJDgwHenDoSRzXqJMQ+J7NMb5P6Z +D8GSIjBwgroIyWlH0Mh5hROq/R/02tR8CN0GuqUQ7aCmAW8sWuQMRTae0Ahzho84 +/vIM7Kb/HN/LpOIbxajueWHoz3vFNkZ9sQ8If2tkOOjmKy3KbUfMXk/4I6r45NI+ +xyMUZeiL3vyjqFnBruLPGiuDiHlrmUaeyFG7YaX5ht9rXg7Cciu//IKzAgMBAAEw +DQYJKoZIhvcNAQELBQADggEBAEnG+FNyNCOkBvzHiUpHHpScxZqM2f+XDcewJgeS +L6HkYEDIZZDNnd5gduSvkHpdJtWgsvJ7dJZL40w7Ba5sxpZHPIgKJGl9hzMkG+aA +z5GMkjys9h2xpQZx9KL3q7G6A+C0bll7ODZlwBtY07CFMykT4Mp2oMRrQKRucMSV +AB1mKujLAnMRKJ3NM89RQJH4GYiRps9y/HvM5lh7EIK/J0/nEZeJxY5hJngskPKb +oPPdmkR97kaQnll4KNsC3owVlHVU2fMftgYkgQLzyeWgzcNa39AF3B6JlcOzNyQY +seoK24dHmt6tWmn/sbxX7Aa6TL/4mVlFoOgcaTJyVaY/BrY= +-----END CERTIFICATE----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server_key.pem b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server_key.pem new file mode 100644 index 0000000000..a984995c42 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/server_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsRNVTvqP++YUh8NrbXwE83xVsDqcB3F76xcXNKFDERfVd2P/ +LvyDovCcoQtT0UCRgPcxRp894EuPH/Ru6Z2Lu85sV//i7ce27tc2WRFSfuhlRxHP +LJWHxTl1CEfXp/owkECQ4MB3pw6Ekc16iTEPiezTG+T+mQ/BkiIwcIK6CMlpR9DI +eYUTqv0f9NrUfAjdBrqlEO2gpgFvLFrkDEU2ntAIc4aPOP7yDOym/xzfy6TiG8Wo +7nlh6M97xTZGfbEPCH9rZDjo5istym1HzF5P+COq+OTSPscjFGXoi978o6hZwa7i +zxorg4h5a5lGnshRu2Gl+Ybfa14OwnIrv/yCswIDAQABAoIBAHxwgbsHCriTcEoY +Yx6F0VTrQ6ydA5mXfuYvS/eIfIE+pp1IgMScYEXZobjrJPQg1CA1l0NyFSHS97oV +JPy34sMQxcLx6KABgeVHCMJ/EeJtnv7a3SUP0GIhhsVS95Lsl8RIG4hWub+EzFVK +eZqAB9N9wr4Pp3wZPodbz37B38rb1QPyMFmQOLlHjKTOmoxsXhL2ot+R3+aLYSur +oPO1kQo7/d0UAZoy8h9OQN4a2EXvawh4O2EvFGbc5X/yXwAdEQ4NPp9VZhkNIRkV ++XZ3FcIqEVOploKtRF/tVBTz3g61/lFz21L9PMmV5y8tvSafr2SpJugGVmp2rrVQ +VNyGlIECgYEA10JSI5gmeCU3zK6kvOfBp54hY/5dDrSUpjKkMxpmm7WZQ6Il/k7A +hMcLeMzHiriT7WhRIXF8AOr2MoEkHkH3DhVNN4ccieVZx2SE5P5mVkItZGLrrpfU +dysR/ARAI1HYegGUiKacZtf9SrRavU0m7fOVOiYwbFRhjyX+MyuteYkCgYEA0pbz +4ZosetScP68uZx1sGlTfkcqLl7i15DHk3gnj6jKlfhvC2MjeLMhNDtKeUAuY7rLQ +guZ0CCghWAv0Glh5eYdfIiPhgqFfX4P5F3Om4zQHVPYj8xHfHG4ZP7dKQTndrO1Q +fLdGDTQLVXabAUSp2YGrijC8J9idSW1pYClvF1sCgYEAjkDn41nzYkbGP1/Swnwu +AEWCL4Czoro32jVxScxSrugt5wJLNWp508VukWBTJhugtq3Pn9hNaJXeKbYqVkyl +pgrxwpZph7+nuxt0r5hnrO2C7eppcjIoWLB/7BorAKxf8REGReBFT7nBTBMwPBW2 +el4U6h6+tXh2GJG1Eb/1nnECgYAydVb0THOx7rWNkNUGggc/++why61M6kYy6j2T +cj05BW+f2tkCBoctpcTI83BZb53yO8g4RS2yMqNirGKN2XspwmTqEjzbhv0KLt4F +X4GyWOoU0nFksXiLIFpOaQWSwWG7KJWrfGJ9kWXR0Xxsfl5QLoDCuNCsn3t4d43T +K7phlwKBgHDzF+50+/Wez3YHCy2a/HgSbHCpLQjkknvgwkOh1z7YitYBUm72HP8Z +Ge6b4wEfNuBdlZll/y9BQQOZJLFvJTE5t51X9klrkGrOb+Ftwr7eI/H5xgcadI52 +tPYglR5fjuRF/wnt3oX9JlQ2RtSbs+3naXH8JoherHaqNn8UpH0t +-----END RSA PRIVATE KEY----- diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino b/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino new file mode 100644 index 0000000000..2f543ef886 --- /dev/null +++ b/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino @@ -0,0 +1,228 @@ +// Example of the different modes of the X.509 validation options +// in the WiFiClientBearSSL object +// +// Mar 2018 by Earle F. Philhower, III +// Released to the public domain + +#include +#include + +const char *ssid = "...."; +const char *pass = "...."; + +const char * host = "api.github.com"; +const uint16_t port = 443; +const char * path = "/"; + +// Set time via NTP, as required for x.509 validation +void setClock() { + configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov"); + + Serial.print("Waiting for NTP time sync: "); + time_t now = time(nullptr); + while (now < 8 * 3600 * 2) { + delay(500); + Serial.print("."); + now = time(nullptr); + } + Serial.println(""); + struct tm timeinfo; + gmtime_r(&now, &timeinfo); + Serial.print("Current time: "); + Serial.print(asctime(&timeinfo)); +} + +// Try and connect using a WiFiClientBearSSL to specified host:port and dump HTTP response +void fetchURL(WiFiClientBearSSL *client, const char *host, const uint16_t port, const char *path) { + if (!path) { + path = "/"; + } + + Serial.printf("Trying: %s:443...", host); + client->connect(host, port); + if (!client->connected()) { + Serial.printf("*** Can't connect. ***\n-------\n"); + return; + } + Serial.printf("Connected!\n-------\n"); + client->write("GET "); + client->write(path); + client->write(" HTTP/1.0\r\nHost: "); + client->write(host); + client->write("\r\nUser-Agent: ESP8266\r\n"); + client->write("\r\n"); + uint32_t to = millis() + 5000; + if (client->connected()) { + do { + char tmp[32]; + memset(tmp, 0, 32); + int rlen = client->read((uint8_t*)tmp, sizeof(tmp) - 1); + yield(); + if (rlen < 0) { + break; + } + // Only print out first line up to \r, then abort connection + char *nl = strchr(tmp, '\r'); + if (nl) { + *nl = 0; + Serial.print(tmp); + break; + } + Serial.print(tmp); + } while (millis() < to); + } + client->stop(); + Serial.printf("\n-------\n\n"); +} + +void fetchNoConfig() { + Serial.printf(R"EOF( +If there are no CAs or insecure options specified, BearSSL will not connect. +Expect the following call to fail as none have been configured. +)EOF"); + WiFiClientBearSSL client; + fetchURL(&client, host, port, path); +} + +void fetchInsecure() { + Serial.printf(R"EOF( +This is absolutely *insecure*, but you can tell BearSSL not to check the +certificate of the server. In this mode it will accept ANY certificate, +which is subject to man-in-the-middle (MITM) attacks. +)EOF"); + WiFiClientBearSSL client; + client.setInsecure(); + fetchURL(&client, host, port, path); +} + +void fetchFingerprint() { + Serial.printf(R"EOF( +The SHA-1 fingerprint of an X.509 certificate can be used to validate it +instead of the while certificate. This is not nearly as secure as real +X.509 validation, but is better than nothing. +)EOF"); + WiFiClientBearSSL client; + const uint8_t fp[20] = {0x35, 0x85, 0x74, 0xEF, 0x67, 0x35, 0xA7, 0xCE, 0x40, 0x69, 0x50, 0xF3, 0xC0, 0xF6, 0x80, 0xCF, 0x80, 0x3B, 0x2E, 0x19}; + client.setFingerprint(fp); + fetchURL(&client, host, port, path); +} + +void fetchSelfSigned() { + Serial.printf(R"EOF( +It is also possible to accept *any* self-signed certificate. This is +absolutely insecure as anyone can make a self-signed certificate. +)EOF"); + WiFiClientBearSSL client; + Serial.printf("First, try and connect to a badssl.com self-signed website (will fail):\n"); + fetchURL(&client, "self-signed.badssl.com", 443, "/"); + Serial.printf("Now we'll enable self-signed certs (will pass)\n"); + client.allowSelfSignedCerts(); + fetchURL(&client, "self-signed.badssl.com", 443, "/"); +} + +void fetchKnownKey() { + Serial.printf(R"EOF( +The server certificate can be completely ignored and its public key +hardcoded in your application. This should be secure as the public key +needs to be paired with the private key of the site, which is obviously +private and not shared. A MITM without the private key would not be +able to establish communications. +)EOF"); + // Extracted by: openssl x509 -pubkey -noout -in servercert.pem + static const char pubkey[] PROGMEM = R"KEY( +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcCPMEktuxLoDAxdHQgI +95FweH4Fa6+LslU2qmmUBF+pu4ZOUvpIQxVU5wqdWaxZauxG1nYUTrAWdPb1n0um +gLsGE7WYXJnQPJewIK4Qhua0LsrirIdHkcwHQ83NEYj+lswhg0fUQURt06Uta5ak +LovDdJPLqTuTS/nshOa76hR0ouWnrqucLL1szcvX/obB+Nsbmr58Mrg8prQfRoK6 +ibzlZysV88qPcCpc57lq6QBKQ2F9WgQMssQigXfTNm8lAAQ+L6gCZngd4KfHYPSJ +YA07oFWmuSOalgh00Wh8PUjuRGrcNxWpmgfALQHHFYgoDcD+a8+GoJk+GdJd3ong +ZQIDAQAB +-----END PUBLIC KEY----- +)KEY"; + WiFiClientBearSSL client; + BearSSLPublicKey key(pubkey); + client.setKnownKey(&key); + fetchURL(&client, host, port, path); +} + +void fetchCertAuthority() { + static const char digicert[] PROGMEM = R"EOF( +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +)EOF"; + + Serial.printf(R"EOF( +A specific certification authority can be passed in and used to validate +a chain of certificates from a given server. These will be validated +using BearSSL's rules, which do NOT include certificate revocation lists. +A specific server's certificate, or your own self-signed root certificate +can also be used. ESP8266 time needs to be valid for checks to pass as +BearSSL does verify the notValidBefore/After fields. +)EOF"); + + WiFiClientBearSSL client; + BearSSLX509List cert(digicert); + client.setTrustAnchors(&cert); + Serial.printf("Try validating without setting the time (should fail)\n"); + fetchURL(&client, host, port, path); + + Serial.printf("Try again after setting NTP time (should pass)\n"); + setClock(); + fetchURL(&client, host, port, path); +} + +void setup() { + Serial.begin(115200); + Serial.println(); + Serial.println(); + + // We start by connecting to a WiFi network + Serial.print("Connecting to "); + Serial.println(ssid); + WiFi.mode(WIFI_STA); + WiFi.begin(ssid, pass); + + while (WiFi.status() != WL_CONNECTED) { + delay(500); + Serial.print("."); + } + Serial.println(""); + + Serial.println("WiFi connected"); + Serial.println("IP address: "); + Serial.println(WiFi.localIP()); + + fetchNoConfig(); + fetchInsecure(); + fetchFingerprint(); + fetchSelfSigned(); + fetchKnownKey(); + fetchCertAuthority(); +} + + +void loop() { + // Nothing to do here +} diff --git a/libraries/ESP8266WiFi/keywords.txt b/libraries/ESP8266WiFi/keywords.txt index 13014f9353..0610a749b4 100644 --- a/libraries/ESP8266WiFi/keywords.txt +++ b/libraries/ESP8266WiFi/keywords.txt @@ -19,6 +19,12 @@ WiFiServerSecure KEYWORD1 WiFiUDP KEYWORD1 WiFiClientSecure KEYWORD1 ESP8266WiFiMulti KEYWORD1 +BearSSLX509List KEYWORD1 +BearSSLPrivateKey KEYWORD1 +BearSSLPublicKey KEYWORD1 +CertStoreSPIFFSBearSSL KEYWORD1 +CertStoreSDBearSSL KEYWORD1 + ####################################### # Methods and Functions (KEYWORD2) ####################################### @@ -157,6 +163,28 @@ localPort KEYWORD2 stopAll KEYWORD2 stopAllExcept KEYWORD2 +#WiFiClientBearSSL +setInsecure KEYWORD2 +setKnownKey KEYWORD2 +setFingerprint KEYWORD2 +allowSelfSignedCerts KEYWORD2 +setTrustAnchors KEYWORD2 +setX509Time KEYWORD2 +setClientRSACert KEYWORD2 +setClientECCert KEYWORD2 +setBufferSizes KEYWORD2 +getLastSSLError KEYWORD2 +setCertStore KEYWORD2 +probeMaxFragmentLength KEYWORD2 + +#WiFiServerBearSSL +setRSACert KEYWORD2 +setECCert KEYWORD2 +setClientTrustAnchor KEYWORD2 + +#CertStoreBearSSL +initCertStore KEYWORD2 + ####################################### # Constants (LITERAL1) ####################################### diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp new file mode 100644 index 0000000000..d964aa444b --- /dev/null +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp @@ -0,0 +1,808 @@ +/* + WiFiClientBearSSL- SSL client/server for esp8266 using BearSSL libraries + - Mostly compatible with Arduino WiFi shield library and standard + WiFiClient/ServerSecure (except for certificate handling). + + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#include +#include +#include +#include +#include +#include +#include +#include "BearSSLHelpers.h" + +namespace brssl { + // Code here is pulled from brssl sources, with the copyright and license + // shown below. I've rewritten things using C++ semantics and removed + // custom VEC_* calls (std::vector to the rescue) and adjusted things to + // allow for long-running operation (i.e. some memory issues when DERs + // passed into the decoders). Bugs are most likely my fault. + + // Original (c) message follows: + /* + Copyright (c) 2016 Thomas Pornin + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + + class private_key { + public: + int key_type; /* BR_KEYTYPE_RSA or BR_KEYTYPE_EC */ + union { + br_rsa_private_key rsa; + br_ec_private_key ec; + } key; + }; + + class public_key { + public: + int key_type; /* BR_KEYTYPE_RSA or BR_KEYTYPE_EC */ + union { + br_rsa_public_key rsa; + br_ec_public_key ec; + } key; + }; + + class pem_object { + public: + char *name; + unsigned char *data; + size_t data_len; + }; + + // Forward definitions + void free_ta_contents(br_x509_trust_anchor *ta); + void free_public_key(public_key *pk); + void free_private_key(private_key *sk); + bool looks_like_DER(const unsigned char *buf, size_t len); + pem_object *decode_pem(const void *src, size_t len, size_t *num); + void free_pem_object_contents(pem_object *po); + + // Used as callback multiple places to append a string to a vector + static void byte_vector_append(void *ctx, const void *buff, size_t len) { + std::vector *vec = static_cast*>(ctx); + vec->reserve(vec->size() + len); // Allocate extra space all at once + for (size_t i = 0; i < len; i++) { + vec->push_back(((uint8_t*)buff)[i]); + } + } + + static bool certificate_to_trust_anchor_inner(br_x509_trust_anchor *ta, const br_x509_certificate *xc) { + std::unique_ptr dc(new br_x509_decoder_context); // auto-delete on exit + std::vector vdn; + br_x509_pkey *pk; + + // Clear everything in the Trust Anchor + memset(ta, 0, sizeof(*ta)); + + br_x509_decoder_init(dc.get(), byte_vector_append, (void*)&vdn, 0, 0); + br_x509_decoder_push(dc.get(), xc->data, xc->data_len); + pk = br_x509_decoder_get_pkey(dc.get()); + if (pk == nullptr) { + return false; // No key present, something broken in the cert! + } + + // Copy the raw certificate data + ta->dn.data = (uint8_t*)malloc(vdn.size()); + if (!ta->dn.data) { + return false; // OOM, but nothing yet allocated + } + memcpy(ta->dn.data, &vdn[0], vdn.size()); + ta->dn.len = vdn.size(); + ta->flags = 0; + if (br_x509_decoder_isCA(dc.get())) { + ta->flags |= BR_X509_TA_CA; + } + + // Extract the public key + switch (pk->key_type) { + case BR_KEYTYPE_RSA: + ta->pkey.key_type = BR_KEYTYPE_RSA; + ta->pkey.key.rsa.n = (uint8_t*)malloc(pk->key.rsa.nlen); + ta->pkey.key.rsa.e = (uint8_t*)malloc(pk->key.rsa.elen); + if ((ta->pkey.key.rsa.n == nullptr) || (ta->pkey.key.rsa.e == nullptr)) { + free_ta_contents(ta); // OOM, so clean up + return false; + } + memcpy(ta->pkey.key.rsa.n, pk->key.rsa.n, pk->key.rsa.nlen); + ta->pkey.key.rsa.nlen = pk->key.rsa.nlen; + memcpy(ta->pkey.key.rsa.e, pk->key.rsa.e, pk->key.rsa.elen); + ta->pkey.key.rsa.elen = pk->key.rsa.elen; + return true; + case BR_KEYTYPE_EC: + ta->pkey.key_type = BR_KEYTYPE_EC; + ta->pkey.key.ec.curve = pk->key.ec.curve; + ta->pkey.key.ec.q = (uint8_t*)malloc(pk->key.ec.qlen); + if (ta->pkey.key.ec.q == nullptr) { + free_ta_contents(ta); // OOM, so clean up + return false; + } + memcpy(ta->pkey.key.ec.q, pk->key.ec.q, pk->key.ec.qlen); + ta->pkey.key.ec.qlen = pk->key.ec.qlen; + return true; + default: + free_ta_contents(ta); // Unknown key type + return false; + } + + // Should never get here, if so there was an unknown error + return false; + } + + br_x509_trust_anchor *certificate_to_trust_anchor(const br_x509_certificate *xc) { + br_x509_trust_anchor *ta = (br_x509_trust_anchor*)malloc(sizeof(br_x509_trust_anchor)); + if (!ta) { + return nullptr; + } + + if (!certificate_to_trust_anchor_inner(ta, xc)) { + free(ta); + return nullptr; + } + return ta; + } + + void free_ta_contents(br_x509_trust_anchor *ta) { + if (ta) { + free(ta->dn.data); + if (ta->pkey.key_type == BR_KEYTYPE_RSA) { + free(ta->pkey.key.rsa.n); + free(ta->pkey.key.rsa.e); + } else if (ta->pkey.key_type == BR_KEYTYPE_EC) { + free(ta->pkey.key.ec.q); + } + memset(ta, 0, sizeof(*ta)); + } + } + + // Checks if a bitstream looks like a valid DER(binary) encoding. + // Basically tries to verify the length of all included segments + // matches the length of the input buffer. Does not actually + // validate any contents. + bool looks_like_DER(const unsigned char *buff, size_t len) { + if (len < 2) { + return false; + } + if (pgm_read_byte(buff++) != 0x30) { + return false; + } + int fb = pgm_read_byte(buff++); + len -= 2; + if (fb < 0x80) { + return (size_t)fb == len; + } else if (fb == 0x80) { + return false; + } else { + fb -= 0x80; + if (len < (size_t)fb + 2) { + return false; + } + len -= (size_t)fb; + size_t dlen = 0; + while (fb -- > 0) { + if (dlen > (len >> 8)) { + return false; + } + dlen = (dlen << 8) + (size_t)pgm_read_byte(buff++); + } + return dlen == len; + } + } + + void free_pem_object_contents(pem_object *po) { + if (po) { + free(po->name); + free(po->data); + } + } + + // Converts a PEM (~=base64) source into a set of DER-encoded binary blobs. + // Each blob is named by the ---- BEGIN xxx ---- field, and multiple + // blobs may be returned. + pem_object *decode_pem(const void *src, size_t len, size_t *num) { + std::vector pem_list; + std::unique_ptr pc(new br_pem_decoder_context); // auto-delete on exit + if (!pc.get()) { + return nullptr; + } + pem_object po, *pos; + const unsigned char *buff; + std::vector bv; + + *num = 0; + br_pem_decoder_init(pc.get()); + buff = (const unsigned char *)src; + po.name = nullptr; + po.data = nullptr; + po.data_len = 0; + bool inobj = false; + bool extra_nl = true; + + while (len > 0) { + size_t tlen; + + tlen = br_pem_decoder_push(pc.get(), buff, len); + buff += tlen; + len -= tlen; + switch (br_pem_decoder_event(pc.get())) { + case BR_PEM_BEGIN_OBJ: + po.name = strdup(br_pem_decoder_name(pc.get())); + br_pem_decoder_setdest(pc.get(), byte_vector_append, &bv); + inobj = true; + break; + + case BR_PEM_END_OBJ: + if (inobj) { + // Stick data into the vector + po.data = (uint8_t*)malloc(bv.size()); + if (po.data) { + memcpy(po.data, &bv[0], bv.size()); + po.data_len = bv.size(); + pem_list.push_back(po); + } + // Clean up state for next blob processing + bv.clear(); + po.name = nullptr; + po.data = nullptr; + po.data_len = 0; + inobj = false; + } + break; + + case BR_PEM_ERROR: + free(po.name); + for (size_t i = 0; i < pem_list.size(); i++) { + free_pem_object_contents(&pem_list[i]); + } + return nullptr; + + default: + // Do nothing here, the parser is still working on things + break; + } + + if (len == 0 && extra_nl) { + extra_nl = false; + buff = (const unsigned char *)"\n"; + len = 1; + } + } + + if (inobj) { + free(po.name); + for (size_t i = 0; i < pem_list.size(); i++) { + free_pem_object_contents(&pem_list[i]); + } + return nullptr; + } + + pos = (pem_object*)malloc((1 + pem_list.size()) * sizeof(*pos)); + if (pos) { + *num = pem_list.size(); + pem_list.push_back(po); // Null-terminate list + memcpy(pos, &pem_list[0], pem_list.size() * sizeof(*pos)); + } + return pos; + } + + // Parse out DER or PEM encoded certificates from a binary buffer, + // potentially stored in PROGMEM. + br_x509_certificate *read_certificates(const char *buff, size_t len, size_t *num) { + std::vector cert_list; + pem_object *pos; + size_t u, num_pos; + br_x509_certificate *xcs; + br_x509_certificate dummy; + + *num = 0; + + if (looks_like_DER((const unsigned char *)buff, len)) { + xcs = (br_x509_certificate*)malloc(2 * sizeof(*xcs)); + if (!xcs) { + return nullptr; + } + xcs[0].data = (uint8_t*)malloc(len); + if (!xcs[0].data) { + free(xcs); + return nullptr; + } + memcpy_P(xcs[0].data, buff, len); + xcs[0].data_len = len; + xcs[1].data = nullptr; + xcs[1].data_len = 0; + *num = 1; + return xcs; + } + + pos = decode_pem(buff, len, &num_pos); + if (!pos) { + return nullptr; + } + for (u = 0; u < num_pos; u ++) { + if (!strcmp_P(pos[u].name, PSTR("CERTIFICATE")) || !strcmp_P(pos[u].name, PSTR("X509 CERTIFICATE"))) { + br_x509_certificate xc; + xc.data = pos[u].data; + xc.data_len = pos[u].data_len; + pos[u].data = nullptr; // Don't free the data we moved to the xc vector! + cert_list.push_back(xc); + } + } + for (u = 0; u < num_pos; u ++) { + free_pem_object_contents(&pos[u]); + } + free(pos); + + if (cert_list.size() == 0) { + return nullptr; + } + *num = cert_list.size(); + dummy.data = nullptr; + dummy.data_len = 0; + cert_list.push_back(dummy); + xcs = (br_x509_certificate*)malloc(cert_list.size() * sizeof(*xcs)); + if (!xcs) { + for (size_t i = 0; i < cert_list.size(); i++) { + free(cert_list[i].data); // Clean up any captured data blobs + } + return nullptr; + } + memcpy(xcs, &cert_list[0], cert_list.size() * sizeof(br_x509_certificate)); + // XCS now has [].data pointing to the previously allocated blobs, so don't + // want to free anything in cert_list[]. + return xcs; + } + + void free_certificates(br_x509_certificate *certs, size_t num) { + if (certs) { + for (size_t u = 0; u < num; u ++) { + free(certs[u].data); + } + free(certs); + } + } + + static public_key *decode_public_key(const unsigned char *buff, size_t len) { + std::unique_ptr dc(new br_pkey_decoder_context); // auto-delete on exit + if (!dc.get()) { + return nullptr; + } + + public_key *pk = nullptr; + + br_pkey_decoder_init(dc.get()); + br_pkey_decoder_push(dc.get(), buff, len); + int err = br_pkey_decoder_last_error(dc.get()); + if (err != 0) { + return nullptr; + } + + const br_rsa_public_key *rk = nullptr; + switch (br_pkey_decoder_key_type(dc.get())) { + case BR_KEYTYPE_RSA: + rk = br_pkey_decoder_get_rsa(dc.get()); + pk = (public_key*)malloc(sizeof * pk); + if (!pk) { + return nullptr; + } + pk->key_type = BR_KEYTYPE_RSA; + pk->key.rsa.n = (uint8_t*)malloc(rk->nlen); + pk->key.rsa.e = (uint8_t*)malloc(rk->elen); + if (!pk->key.rsa.n || !pk->key.rsa.e) { + free(pk->key.rsa.n); + free(pk->key.rsa.e); + free(pk); + return nullptr; + } + memcpy(pk->key.rsa.n, rk->n, rk->nlen); + pk->key.rsa.nlen = rk->nlen; + memcpy(pk->key.rsa.e, rk->e, rk->elen); + pk->key.rsa.elen = rk->elen; + return pk; + + case BR_KEYTYPE_EC: + // TODO - not parsed yet in .T0 file + return nullptr; + + default: + return nullptr; + } + } + + void free_public_key(public_key *pk) { + if (pk) { + if (pk->key_type == BR_KEYTYPE_RSA) { + free(pk->key.rsa.n); + free(pk->key.rsa.e); + } else if (pk->key_type == BR_KEYTYPE_EC) { + // TODO - EC public keys not implemented + } + free(pk); + } + } + + static private_key *decode_private_key(const unsigned char *buff, size_t len) { + std::unique_ptr dc(new br_skey_decoder_context); // auto-delete on exit + if (!dc.get()) { + return nullptr; + } + + private_key *sk = nullptr; + + br_skey_decoder_init(dc.get()); + br_skey_decoder_push(dc.get(), buff, len); + int err = br_skey_decoder_last_error(dc.get()); + if (err != 0) { + return nullptr; + } + + const br_rsa_private_key *rk = nullptr; + const br_ec_private_key *ek = nullptr; + switch (br_skey_decoder_key_type(dc.get())) { + case BR_KEYTYPE_RSA: + rk = br_skey_decoder_get_rsa(dc.get()); + sk = (private_key*)malloc(sizeof * sk); + if (!sk) { + return nullptr; + } + sk->key_type = BR_KEYTYPE_RSA; + sk->key.rsa.p = (uint8_t*)malloc(rk->plen); + sk->key.rsa.q = (uint8_t*)malloc(rk->qlen); + sk->key.rsa.dp = (uint8_t*)malloc(rk->dplen); + sk->key.rsa.dq = (uint8_t*)malloc(rk->dqlen); + sk->key.rsa.iq = (uint8_t*)malloc(rk->iqlen); + if (!sk->key.rsa.p || !sk->key.rsa.q || !sk->key.rsa.dp || !sk->key.rsa.dq || !sk->key.rsa.iq) { + free_private_key(sk); + return nullptr; + } + sk->key.rsa.n_bitlen = rk->n_bitlen; + memcpy(sk->key.rsa.p, rk->p, rk->plen); + sk->key.rsa.plen = rk->plen; + memcpy(sk->key.rsa.q, rk->q, rk->qlen); + sk->key.rsa.qlen = rk->qlen; + memcpy(sk->key.rsa.dp, rk->dp, rk->dplen); + sk->key.rsa.dplen = rk->dplen; + memcpy(sk->key.rsa.dq, rk->dq, rk->dqlen); + sk->key.rsa.dqlen = rk->dqlen; + memcpy(sk->key.rsa.iq, rk->iq, rk->iqlen); + sk->key.rsa.iqlen = rk->iqlen; + return sk; + + case BR_KEYTYPE_EC: + ek = br_skey_decoder_get_ec(dc.get()); + sk = (private_key*)malloc(sizeof * sk); + sk->key_type = BR_KEYTYPE_EC; + sk->key.ec.curve = ek->curve; + sk->key.ec.x = (uint8_t*)malloc(ek->xlen); + if (!sk->key.ec.x) { + free_private_key(sk); + return nullptr; + } + memcpy(sk->key.ec.x, ek->x, ek->xlen); + sk->key.ec.xlen = ek->xlen; + return sk; + + default: + return nullptr; + } + } + + void free_private_key(private_key *sk) { + if (sk) { + switch (sk->key_type) { + case BR_KEYTYPE_RSA: + free(sk->key.rsa.p); + free(sk->key.rsa.q); + free(sk->key.rsa.dp); + free(sk->key.rsa.dq); + free(sk->key.rsa.iq); + break; + case BR_KEYTYPE_EC: + free(sk->key.ec.x); + break; + default: + // Could be an uninitted key, no sub elements to free + break; + } + free(sk); + } + } + + void free_pem_object(pem_object *pos) { + if (pos != nullptr) { + for (size_t u = 0; pos[u].name; u ++) { + free_pem_object_contents(&pos[u]); + } + free(pos); + } + } + + private_key *read_private_key(const char *buff, size_t len) { + private_key *sk = nullptr; + pem_object *pos = nullptr; + + if (looks_like_DER((const unsigned char*)buff, len)) { + sk = decode_private_key((const unsigned char*)buff, len); + return sk; + } + + size_t num; + pos = decode_pem(buff, len, &num); + if (pos == nullptr) { + return nullptr; // PEM decode error + } + for (size_t u = 0; pos[u].name; u ++) { + const char *name = pos[u].name; + if (!strcmp_P(name, PSTR("RSA PRIVATE KEY")) || !strcmp_P(name, PSTR("EC PRIVATE KEY")) || !strcmp_P(name, PSTR("PRIVATE KEY"))) { + sk = decode_private_key(pos[u].data, pos[u].data_len); + free_pem_object(pos); + return sk; + } + } + // If we hit here, no match + free_pem_object(pos); + return nullptr; + } + + public_key *read_public_key(const char *buff, size_t len) { + public_key *pk = nullptr; + pem_object *pos = nullptr; + + if (looks_like_DER((const unsigned char*)buff, len)) { + pk = decode_public_key((const unsigned char*)buff, len); + return pk; + } + size_t num; + pos = decode_pem(buff, len, &num); + if (pos == nullptr) { + return nullptr; // PEM decode error + } + for (size_t u = 0; pos[u].name; u ++) { + const char *name = pos[u].name; + if (!strcmp_P(name, PSTR("RSA PUBLIC KEY")) || !strcmp_P(name, PSTR("EC PUBLIC KEY")) || !strcmp_P(name, PSTR("PUBLIC KEY"))) { + pk = decode_public_key(pos[u].data, pos[u].data_len); + free_pem_object(pos); + return pk; + } + } + + // We hit here == no key found + free_pem_object(pos); + return pk; + } + +}; + + +// ----- Public Key ----- + +BearSSLPublicKey::BearSSLPublicKey() { + _key = nullptr; +} + +BearSSLPublicKey::BearSSLPublicKey(const char *pemKey) { + _key = nullptr; + parse(pemKey); +} + +BearSSLPublicKey::BearSSLPublicKey(const uint8_t *derKey, size_t derLen) { + _key = nullptr; + parse(derKey, derLen); +} + +BearSSLPublicKey::~BearSSLPublicKey() { + if (_key) { + brssl::free_public_key(_key); + } +} + +bool BearSSLPublicKey::parse(const char *pemKey) { + return parse((const uint8_t *)pemKey, strlen_P(pemKey)); +} + +bool BearSSLPublicKey::parse(const uint8_t *derKey, size_t derLen) { + if (_key) { + brssl::free_public_key(_key); + _key = nullptr; + } + _key = brssl::read_public_key((const char *)derKey, derLen); + return _key ? true : false; +} + +bool BearSSLPublicKey::isRSA() const { + if (!_key || _key->key_type != BR_KEYTYPE_RSA) { + return false; + } + return true; +} + +bool BearSSLPublicKey::isEC() const { + if (!_key || _key->key_type != BR_KEYTYPE_EC) { + return false; + } + return true; +} + +const br_rsa_public_key *BearSSLPublicKey::getRSA() const { + if (!_key || _key->key_type != BR_KEYTYPE_RSA) { + return nullptr; + } + return &_key->key.rsa; +} + +const br_ec_public_key *BearSSLPublicKey::getEC() const { + if (!_key || _key->key_type != BR_KEYTYPE_EC) { + return nullptr; + } + return &_key->key.ec; +} + +// ----- Private Key ----- + +BearSSLPrivateKey::BearSSLPrivateKey() { + _key = nullptr; +} + +BearSSLPrivateKey::BearSSLPrivateKey(const char *pemKey) { + _key = nullptr; + parse(pemKey); +} + +BearSSLPrivateKey::BearSSLPrivateKey(const uint8_t *derKey, size_t derLen) { + _key = nullptr; + parse(derKey, derLen); +} + +BearSSLPrivateKey::~BearSSLPrivateKey() { + if (_key) { + brssl::free_private_key(_key); + } +} + +bool BearSSLPrivateKey::parse(const char *pemKey) { + return parse((const uint8_t *)pemKey, strlen_P(pemKey)); +} + +bool BearSSLPrivateKey::parse(const uint8_t *derKey, size_t derLen) { + if (_key) { + brssl::free_private_key(_key); + _key = nullptr; + } + _key = brssl::read_private_key((const char *)derKey, derLen); + return _key ? true : false; +} + +bool BearSSLPrivateKey::isRSA() const { + if (!_key || _key->key_type != BR_KEYTYPE_RSA) { + return false; + } + return true; +} + +bool BearSSLPrivateKey::isEC() const { + if (!_key || _key->key_type != BR_KEYTYPE_EC) { + return false; + } + return true; +} + +const br_rsa_private_key *BearSSLPrivateKey::getRSA() const { + if (!_key || _key->key_type != BR_KEYTYPE_RSA) { + return nullptr; + } + return &_key->key.rsa; +} + +const br_ec_private_key *BearSSLPrivateKey::getEC() const { + if (!_key || _key->key_type != BR_KEYTYPE_EC) { + return nullptr; + } + return &_key->key.ec; +} + +BearSSLX509List::BearSSLX509List() { + _count = 0; + _cert = nullptr; + _ta = nullptr; +} + +BearSSLX509List::BearSSLX509List(const char *pemCert) { + _count = 0; + _cert = nullptr; + _ta = nullptr; + append(pemCert); +} + + +BearSSLX509List::BearSSLX509List(const uint8_t *derCert, size_t derLen) { + _count = 0; + _cert = nullptr; + _ta = nullptr; + append(derCert, derLen); +} + +BearSSLX509List::~BearSSLX509List() { + brssl::free_certificates(_cert, _count); // also frees cert + for (size_t i = 0; i < _count; i++) { + brssl::free_ta_contents(&_ta[i]); + } + free(_ta); +} + +bool BearSSLX509List::append(const char *pemCert) { + return append((const uint8_t *)pemCert, strlen_P(pemCert)); +} + +bool BearSSLX509List::append(const uint8_t *derCert, size_t derLen) { + size_t numCerts; + br_x509_certificate *newCerts = brssl::read_certificates((const char *)derCert, derLen, &numCerts); + if (!newCerts) { + return false; + } + + // Add in the certificates + br_x509_certificate *saveCert = _cert; + _cert = (br_x509_certificate*)realloc(_cert, (numCerts + _count) * sizeof(br_x509_certificate)); + if (!_cert) { + free(newCerts); + _cert = saveCert; + return false; + } + memcpy(&_cert[_count], newCerts, numCerts * sizeof(br_x509_certificate)); + free(newCerts); + + // Build TAs for each certificate + br_x509_trust_anchor *saveTa = _ta; + _ta = (br_x509_trust_anchor*)realloc(_ta, (numCerts + _count) * sizeof(br_x509_trust_anchor)); + if (!_ta) { + _ta = saveTa; + return false; + } + for (size_t i = 0; i < numCerts; i++) { + br_x509_trust_anchor *newTa = brssl::certificate_to_trust_anchor(&_cert[_count + i]); + if (newTa) { + _ta[_count + i ] = *newTa; + free(newTa); + } else { + return false; // OOM + } + } + _count += numCerts; + + return true; +} diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.h b/libraries/ESP8266WiFi/src/BearSSLHelpers.h new file mode 100644 index 0000000000..55b4970a42 --- /dev/null +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.h @@ -0,0 +1,122 @@ +/* + WiFiClientBearSSL- SSL client/server for esp8266 using BearSSL libraries + - Mostly compatible with Arduino WiFi shield library and standard + WiFiClient/ServerSecure (except for certificate handling). + + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#ifndef _BEARSSLHELPERS_H +#define _BEARSSLHELPERS_H + +#include + +// Internal opaque structures, not needed by user applications +namespace brssl { + class public_key; + class private_key; +}; + +// Holds either a single public RSA or EC key for use when BearSSL wants a pubkey. +// Copies all associated data so no need to keep input PEM/DER keys. +// All inputs can be either in RAM or PROGMEM. +class BearSSLPublicKey { + public: + BearSSLPublicKey(); + BearSSLPublicKey(const char *pemKey); + BearSSLPublicKey(const uint8_t *derKey, size_t derLen); + ~BearSSLPublicKey(); + + bool parse(const char *pemKey); + bool parse(const uint8_t *derKey, size_t derLen); + + // Accessors for internal use, not needed by apps + bool isRSA() const; + bool isEC() const; + const br_rsa_public_key *getRSA() const; + const br_ec_public_key *getEC() const; + + // Disable the copy constructor, we're pointer based + BearSSLPublicKey(const BearSSLPublicKey& that) = delete; + + private: + brssl::public_key *_key; +}; + +// Holds either a single private RSA or EC key for use when BearSSL wants a secretkey. +// Copies all associated data so no need to keep input PEM/DER keys. +// All inputs can be either in RAM or PROGMEM. +class BearSSLPrivateKey { + public: + BearSSLPrivateKey(); + BearSSLPrivateKey(const char *pemKey); + BearSSLPrivateKey(const uint8_t *derKey, size_t derLen); + ~BearSSLPrivateKey(); + + bool parse(const char *pemKey); + bool parse(const uint8_t *derKey, size_t derLen); + + // Accessors for internal use, not needed by apps + bool isRSA() const; + bool isEC() const; + const br_rsa_private_key *getRSA() const; + const br_ec_private_key *getEC() const; + + // Disable the copy constructor, we're pointer based + BearSSLPrivateKey(const BearSSLPrivateKey& that) = delete; + + private: + brssl::private_key *_key; +}; + +// Holds one or more X.509 certificates and associated trust anchors for +// use whenever BearSSL needs a cert or TA. May want to have multiple +// certs for things like a series of trusted CAs (but check the CertStore class +// for a more memory efficient way). +// Copies all associated data so no need to keep input PEM/DER certs. +// All inputs can be either in RAM or PROGMEM. +class BearSSLX509List { + public: + BearSSLX509List(); + BearSSLX509List(const char *pemCert); + BearSSLX509List(const uint8_t *derCert, size_t derLen); + ~BearSSLX509List(); + + bool append(const char *pemCert); + bool append(const uint8_t *derCert, size_t derLen); + + // Accessors + size_t getCount() const { + return _count; + } + const br_x509_certificate *getX509Certs() const { + return _cert; + } + const br_x509_trust_anchor *getTrustAnchors() const { + return _ta; + } + + // Disable the copy constructor, we're pointer based + BearSSLX509List(const BearSSLX509List& that) = delete; + + private: + size_t _count; + br_x509_certificate *_cert; + br_x509_trust_anchor *_ta; +}; + +#endif diff --git a/libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp b/libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp new file mode 100644 index 0000000000..b688f4c671 --- /dev/null +++ b/libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp @@ -0,0 +1,141 @@ +/* + CertStoreBearSSL.cpp - Library for Arduino ESP8266 + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#include "CertStoreBearSSL.h" +#include + +extern "C" { + // Callbacks for the x509 decoder + static void dn_append(void *ctx, const void *buf, size_t len) { + br_sha256_context *sha1 = (br_sha256_context*)ctx; + br_sha256_update(sha1, buf, len); + } + static void dn_append_null(void *ctx, const void *buf, size_t len) { + (void) ctx; + (void) buf; + (void) len; + } +} + +CertStoreBearSSL::CertInfo CertStoreBearSSL::preprocessCert(const char *fname, const void *raw, size_t sz) { + CertStoreBearSSL::CertInfo ci; + + // Clear the CertInfo + memset(&ci, 0, sizeof(ci)); + + // Process it using SHA256, same as the hashed_dn + br_x509_decoder_context *ctx = new br_x509_decoder_context; + br_sha256_context *sha256 = new br_sha256_context; + br_sha256_init(sha256); + br_x509_decoder_init(ctx, dn_append, sha256, nullptr, nullptr); + br_x509_decoder_push(ctx, (const void*)raw, sz); + + // Copy result to structure + br_sha256_out(sha256, &ci.sha256); + strcpy(ci.fname, fname); + + // Clean up allocated memory + delete sha256; + delete ctx; + + // Return result + return ci; +} + +br_x509_trust_anchor *CertStoreBearSSL::makeTrustAnchor(const void *der, size_t der_len, const CertInfo *ci) { + // std::unique_ptr will free dc when we exit scope, automatically + std::unique_ptr dc(new br_x509_decoder_context); + br_x509_decoder_init(dc.get(), dn_append_null, nullptr, nullptr, nullptr); + br_x509_decoder_push(dc.get(), der, der_len); + br_x509_pkey *pk = br_x509_decoder_get_pkey(dc.get()); + if (!pk) { + return nullptr; + } + + br_x509_trust_anchor *ta = (br_x509_trust_anchor*)malloc(sizeof(br_x509_trust_anchor)); + if (!ta) { + return nullptr; + } + memset(ta, 0, sizeof(*ta)); + ta->dn.data = (uint8_t*)malloc(sizeof(ci->sha256)); + if (!ta->dn.data) { + free(ta); + return nullptr; + } + memcpy(ta->dn.data, ci->sha256, sizeof(ci->sha256)); + ta->dn.len = sizeof(ci->sha256); + + ta->flags = 0; + if (br_x509_decoder_isCA(dc.get())) { + ta->flags |= BR_X509_TA_CA; + } + + switch (pk->key_type) { + case BR_KEYTYPE_RSA: + ta->pkey.key_type = BR_KEYTYPE_RSA; + ta->pkey.key.rsa.n = (uint8_t*)malloc(pk->key.rsa.nlen); + if (!ta->pkey.key.rsa.n) { + free(ta->dn.data); + free(ta); + return nullptr; + } + memcpy(ta->pkey.key.rsa.n, pk->key.rsa.n, pk->key.rsa.nlen); + ta->pkey.key.rsa.nlen = pk->key.rsa.nlen; + ta->pkey.key.rsa.e = (uint8_t*)malloc(pk->key.rsa.elen); + if (!ta->pkey.key.rsa.e) { + free(ta->pkey.key.rsa.n); + free(ta->dn.data); + free(ta); + return nullptr; + } + memcpy(ta->pkey.key.rsa.e, pk->key.rsa.e, pk->key.rsa.elen); + ta->pkey.key.rsa.elen = pk->key.rsa.elen; + return ta; + case BR_KEYTYPE_EC: + ta->pkey.key_type = BR_KEYTYPE_EC; + ta->pkey.key.ec.curve = pk->key.ec.curve; + ta->pkey.key.ec.q = (uint8_t*)malloc(pk->key.ec.qlen); + if (!ta->pkey.key.ec.q) { + free(ta->dn.data); + free(ta); + return nullptr; + } + memcpy(ta->pkey.key.ec.q, pk->key.ec.q, pk->key.ec.qlen); + ta->pkey.key.ec.qlen = pk->key.ec.qlen; + return ta; + default: + free(ta->dn.data); + free(ta); + return nullptr; + } +} + +void CertStoreBearSSL::freeTrustAnchor(const br_x509_trust_anchor *ta) { + switch (ta->pkey.key_type) { + case BR_KEYTYPE_RSA: + free(ta->pkey.key.rsa.e); + free(ta->pkey.key.rsa.n); + break; + case BR_KEYTYPE_EC: + free(ta->pkey.key.ec.q); + break; + } + free(ta->dn.data); + free((void*)ta); +} diff --git a/libraries/ESP8266WiFi/src/CertStoreBearSSL.h b/libraries/ESP8266WiFi/src/CertStoreBearSSL.h new file mode 100644 index 0000000000..bf669faed2 --- /dev/null +++ b/libraries/ESP8266WiFi/src/CertStoreBearSSL.h @@ -0,0 +1,61 @@ +/* + CertStoreBearSSL.h - Library for Arduino ESP8266 + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#ifndef _CERTSTORE_BEARSSL_H +#define _CERTSTORE_BEARSSL_H + +#include +#include + +// Virtual base class for the certificate stores, which allow use +// of a large set of certificates stored on SPIFFS of SD card to +// be dynamically used when validating a X509 certificate + +// Templates for child classes not possible due to the difference in SD +// and FS in terms of directory parsing and interating. Dir doesn't +// exist in SD, everything is a file (which might support get-next-entry() +// or not). + +// This class should not be instantiated directly, only via its children. +class CertStoreBearSSL { + public: + CertStoreBearSSL() {} + virtual ~CertStoreBearSSL() {} + + // Preprocess the certs from the flash, returns number parsed + virtual int initCertStore(const char *dir) = 0; + + // Installs the cert store into the X509 decoder (normally via static function callbacks) + virtual void installCertStore(br_x509_minimal_context *ctx) = 0; + + protected: + // The binary format of the pre-computed file + class CertInfo { + public: + uint8_t sha256[32]; + char fname[64]; + }; + + CertInfo preprocessCert(const char *fname, const void *raw, size_t sz); + static br_x509_trust_anchor *makeTrustAnchor(const void *der, size_t der_len, const CertInfo *ci); + static void freeTrustAnchor(const br_x509_trust_anchor *ta); +}; + +#endif + diff --git a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp new file mode 100644 index 0000000000..e5424e2767 --- /dev/null +++ b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp @@ -0,0 +1,150 @@ +// Removed to make Platform.IO not barf +#if 0 +/* + CertStoreSDBearSSL.cpp - Library for Arduino ESP8266 + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#include "CertStoreSDBearSSL.h" +#include + +CertStoreSDBearSSL::CertStoreSDBearSSL() : CertStoreBearSSL() { + path[0] = 0; +} + +CertStoreSDBearSSL::~CertStoreSDBearSSL() { +} + +CertStoreBearSSL::CertInfo CertStoreSDBearSSL::preprocessCert(File *f) { + CertStoreBearSSL::CertInfo ci; + memset(&ci, 0, sizeof(ci)); + + // Load the DER into RAM temporarially + if (!f) { + return ci; + } + + int sz = f->size(); + uint8_t *buf = new uint8_t[sz]; + if (!buf) { + return ci; + } + f->read(buf, sz); + + ci = CertStoreBearSSL::preprocessCert(f->name(), buf, sz); + + delete buf; + + return ci; +} + +int CertStoreSDBearSSL::initCertStore(const char *subdir) { + int count = 0; + + // We want path to have a leading slash and a trailing one + String cleaned(subdir); + if (cleaned[0] != '/') { + cleaned = "/" + cleaned; + } + if (!cleaned.endsWith("/")) { + cleaned = cleaned + "/"; + } + strncpy(path, cleaned.c_str(), sizeof(path)); + path[sizeof(path) - 1] = 0; + + char tblName[64]; + snprintf(tblName, sizeof(tblName), "%sca_tbl.bin", path); + tblName[sizeof(tblName) - 1] = 0; + + File tbl = SD.open(tblName, FILE_WRITE); + if (!tbl) { + return 0; + } + File d = SD.open(path); + while (true) { + File nextFile = d.openNextFile(); + if (!nextFile) { + break; + } + if (!strstr(nextFile.name(), ".der")) { + continue; + } + CertStoreBearSSL::CertInfo ci = preprocessCert(&nextFile); + nextFile.close(); + tbl.write((uint8_t*)&ci, sizeof(ci)); + count++; + } + tbl.close(); + return count; +} + +void CertStoreSDBearSSL::installCertStore(br_x509_minimal_context *ctx) { + br_x509_minimal_set_dynamic(ctx, (void*)this, findHashedTA, freeHashedTA); +} + +const br_x509_trust_anchor *CertStoreSDBearSSL::findHashedTA(void *ctx, void *hashed_dn, size_t len) { + CertStoreSDBearSSL *cs = static_cast(ctx); + CertInfo ci; + + char tblName[64]; + snprintf(tblName, sizeof(tblName), "%sca_tbl.bin", cs->path); + tblName[sizeof(tblName) - 1] = 0; + + if (len != sizeof(ci.sha256) || !SD.exists(tblName)) { + return nullptr; + } + + File f = SD.open(tblName, FILE_READ); + if (!f) { + return nullptr; + } + while (f.read((uint8_t*)&ci, sizeof(ci)) == sizeof(ci)) { + if (!memcmp(ci.sha256, hashed_dn, sizeof(ci.sha256))) { + // This could be the one! + f.close(); + File d = SD.open(ci.fname, FILE_READ); + if (!d) { + return nullptr; + } + size_t der_len = d.size(); + uint8_t *der = (uint8_t*)malloc(der_len); + if (!der) { + d.close(); + return nullptr; + } + if (d.read(der, der_len) != (int)der_len) { + d.close(); + free(der); + return nullptr; + } + d.close(); + + br_x509_trust_anchor *ta = CertStoreBearSSL::makeTrustAnchor(der, der_len, &ci); + free(der); + + return ta; + } + } + f.close(); + return nullptr; +} + +void CertStoreSDBearSSL::freeHashedTA(void *ctx, const br_x509_trust_anchor *ta) { + (void) ctx; // not needed + CertStoreBearSSL::freeTrustAnchor(ta); +} +#endif diff --git a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h new file mode 100644 index 0000000000..0b95f27cef --- /dev/null +++ b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h @@ -0,0 +1,47 @@ +/* + CertStoreSDBearSSL.h - Library for Arduino ESP8266 + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#ifndef _CERTSTORESD_BEARSSL_H +#define _CERTSTORESD_BEARSSL_H + +#include "CertStoreBearSSL.h" + +class File; // Defined in SD.h + +// SD cert store can be in a subdirectory as there are fewer limits +// Note that SD.begin() MUST be called before doing initCertStore because +// there are different options for the CS and other pins you need to +// specify it in your own code. +class CertStoreSDBearSSL : public CertStoreBearSSL { + public: + CertStoreSDBearSSL(); + virtual ~CertStoreSDBearSSL(); + + virtual int initCertStore(const char *dir = "/") override; + virtual void installCertStore(br_x509_minimal_context *ctx) override; + + private: + char path[64]; + CertInfo preprocessCert(File *f); + // These need to be static as they are callbacks from BearSSL C code + static const br_x509_trust_anchor *findHashedTA(void *ctx, void *hashed_dn, size_t len); + static void freeHashedTA(void *ctx, const br_x509_trust_anchor *ta); +}; + +#endif diff --git a/libraries/ESP8266WiFi/src/CertStoreSPIFFSBearSSL.cpp b/libraries/ESP8266WiFi/src/CertStoreSPIFFSBearSSL.cpp new file mode 100644 index 0000000000..00874d8f72 --- /dev/null +++ b/libraries/ESP8266WiFi/src/CertStoreSPIFFSBearSSL.cpp @@ -0,0 +1,125 @@ +/* + CertStoreSPIFFSBearSSL.cpp - Library for Arduino ESP8266 + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#include "CertStoreSPIFFSBearSSL.h" +#include + +CertStoreSPIFFSBearSSL::CertStoreSPIFFSBearSSL() : CertStoreBearSSL() { +} + +CertStoreSPIFFSBearSSL::~CertStoreSPIFFSBearSSL() { +} + +CertStoreBearSSL::CertInfo CertStoreSPIFFSBearSSL::preprocessCert(const char *fname) { + CertStoreBearSSL::CertInfo ci; + memset(&ci, 0, sizeof(ci)); + + // Load the DER into RAM temporarially + File f = SPIFFS.open(fname, "r"); + if (!f) { + return ci; + } + int sz = f.size(); + uint8_t *buf = new uint8_t[sz]; + if (!buf) { + f.close(); + return ci; + } + f.read(buf, sz); + f.close(); + + ci = CertStoreBearSSL::preprocessCert(fname, buf, sz); + + delete[] buf; + + return ci; +} + +int CertStoreSPIFFSBearSSL::initCertStore(const char *subdir) { + (void) subdir; // ignored prefix, not enough space in filenames + int count = 0; + SPIFFS.begin(); + File tbl = SPIFFS.open("/ca_tbl.bin", "w"); + if (!tbl) { + return 0; + } + Dir d = SPIFFS.openDir(""); + while (d.next()) { + if (!strstr(d.fileName().c_str(), ".der")) { + continue; + } + CertStoreBearSSL::CertInfo ci = preprocessCert(d.fileName().c_str()); + tbl.write((uint8_t*)&ci, sizeof(ci)); + count++; + } + tbl.close(); + return count; +} + +void CertStoreSPIFFSBearSSL::installCertStore(br_x509_minimal_context *ctx) { + br_x509_minimal_set_dynamic(ctx, /* no context needed */nullptr, findHashedTA, freeHashedTA); +} + +const br_x509_trust_anchor *CertStoreSPIFFSBearSSL::findHashedTA(void *ctx, void *hashed_dn, size_t len) { + (void) ctx; // not needed + CertInfo ci; + + if (len != sizeof(ci.sha256) || !SPIFFS.exists("/ca_tbl.bin")) { + return nullptr; + } + + File f = SPIFFS.open("/ca_tbl.bin", "r"); + if (!f) { + return nullptr; + } + while (f.read((uint8_t*)&ci, sizeof(ci)) == sizeof(ci)) { + if (!memcmp(ci.sha256, hashed_dn, sizeof(ci.sha256))) { + // This could be the one! + f.close(); + File d = SPIFFS.open(ci.fname, "r"); + if (!d) { + return nullptr; + } + size_t der_len = d.size(); + uint8_t *der = (uint8_t*)malloc(der_len); + if (!der) { + d.close(); + return nullptr; + } + if (d.read(der, der_len) != der_len) { + d.close(); + free(der); + return nullptr; + } + d.close(); + + br_x509_trust_anchor *ta = CertStoreBearSSL::makeTrustAnchor(der, der_len, &ci); + free(der); + + return ta; + } + } + f.close(); + return nullptr; +} + +void CertStoreSPIFFSBearSSL::freeHashedTA(void *ctx, const br_x509_trust_anchor *ta) { + (void) ctx; // not needed + CertStoreBearSSL::freeTrustAnchor(ta); +} diff --git a/libraries/ESP8266WiFi/src/CertStoreSPIFFSBearSSL.h b/libraries/ESP8266WiFi/src/CertStoreSPIFFSBearSSL.h new file mode 100644 index 0000000000..8cbb3795de --- /dev/null +++ b/libraries/ESP8266WiFi/src/CertStoreSPIFFSBearSSL.h @@ -0,0 +1,43 @@ +/* + CertStoreSPIFFSBearSSL.h - Library for Arduino ESP8266 + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#ifndef _CERTSTORESPIFFS_BEARSSL_H +#define _CERTSTORESPIFFS_BEARSSL_H + +#include "CertStoreBearSSL.h" +#include + +// SPIFFS cert stores stored in root directory due to filename length limits +class CertStoreSPIFFSBearSSL : public CertStoreBearSSL { + public: + CertStoreSPIFFSBearSSL(); + virtual ~CertStoreSPIFFSBearSSL(); + + virtual int initCertStore(const char *dir = "") override; // ignores dir + virtual void installCertStore(br_x509_minimal_context *ctx) override; + + private: + CertInfo preprocessCert(const char *fname); + // These need to be static as they are callbacks from BearSSL C code + static const br_x509_trust_anchor *findHashedTA(void *ctx, void *hashed_dn, size_t len); + static void freeHashedTA(void *ctx, const br_x509_trust_anchor *ta); +}; + +#endif + diff --git a/libraries/ESP8266WiFi/src/ESP8266WiFi.h b/libraries/ESP8266WiFi/src/ESP8266WiFi.h index 9d6e7f9942..4cb96b9d66 100644 --- a/libraries/ESP8266WiFi/src/ESP8266WiFi.h +++ b/libraries/ESP8266WiFi/src/ESP8266WiFi.h @@ -40,6 +40,10 @@ extern "C" { #include "WiFiServer.h" #include "WiFiServerSecure.h" #include "WiFiClientSecure.h" +#include "WiFiServerBearSSL.h" +#include "WiFiClientBearSSL.h" +#include "BearSSLHelpers.h" +#include "CertStoreBearSSL.h" #ifdef DEBUG_ESP_WIFI #ifdef DEBUG_ESP_PORT diff --git a/libraries/ESP8266WiFi/src/ESP8266WiFiSTA.cpp b/libraries/ESP8266WiFi/src/ESP8266WiFiSTA.cpp index 601b4aeb43..1d8cadfdb1 100644 --- a/libraries/ESP8266WiFi/src/ESP8266WiFiSTA.cpp +++ b/libraries/ESP8266WiFi/src/ESP8266WiFiSTA.cpp @@ -356,6 +356,14 @@ bool ESP8266WiFiSTAClass::setAutoReconnect(bool autoReconnect) { return wifi_station_set_reconnect_policy(autoReconnect); } +/** + * get whether reconnect or not when the ESP8266 station is disconnected from AP. + * @return autoreconnect + */ +bool ESP8266WiFiSTAClass::getAutoReconnect() { + return wifi_station_get_reconnect_policy(); +} + /** * Wait for WiFi connection to reach a result * returns the status reached or disconnect if STA is off diff --git a/libraries/ESP8266WiFi/src/ESP8266WiFiSTA.h b/libraries/ESP8266WiFi/src/ESP8266WiFiSTA.h index 3de34f353e..f08c179b5b 100644 --- a/libraries/ESP8266WiFi/src/ESP8266WiFiSTA.h +++ b/libraries/ESP8266WiFi/src/ESP8266WiFiSTA.h @@ -53,6 +53,7 @@ class ESP8266WiFiSTAClass { bool getAutoConnect(); bool setAutoReconnect(bool autoReconnect); + bool getAutoReconnect(); uint8_t waitForConnectResult(); diff --git a/libraries/ESP8266WiFi/src/WiFiClient.cpp b/libraries/ESP8266WiFi/src/WiFiClient.cpp index cf2703ef98..fb3f2025f0 100644 --- a/libraries/ESP8266WiFi/src/WiFiClient.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClient.cpp @@ -112,8 +112,11 @@ int WiFiClient::connect(IPAddress ip, uint16_t port) ip_addr_t addr; addr.addr = ip; - if (_client) + if (_client) { stop(); + _client->unref(); + _client = nullptr; + } // if the default interface is down, tcp_connect exits early without // ever calling tcp_err diff --git a/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp new file mode 100644 index 0000000000..bbff0433f9 --- /dev/null +++ b/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp @@ -0,0 +1,1214 @@ +/* + WiFiClientBearSSL- SSL client/server for esp8266 using BearSSL libraries + - Mostly compatible with Arduino WiFi shield library and standard + WiFiClient/ServerSecure (except for certificate handling). + + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#define LWIP_INTERNAL + +#include +#include +#include + +extern "C" { +#include "osapi.h" +#include "ets_sys.h" +} +#include "debug.h" +#include "ESP8266WiFi.h" +#include "WiFiClient.h" +#include "WiFiClientBearSSL.h" +#include "lwip/opt.h" +#include "lwip/ip.h" +#include "lwip/tcp.h" +#include "lwip/inet.h" +#include "lwip/netif.h" +#include "include/ClientContext.h" +#include "c_types.h" + +// BearSSL needs a very large stack, larger than the entire ESP8266 Arduino +// default one. This shared_pointer is allocated on first use and cleared +// on last cleanup, with only one stack no matter how many SSL objects. +std::shared_ptr WiFiClientBearSSL::_bearssl_stack = nullptr; + + + +void WiFiClientBearSSL::_clear() { + // TLS handshake may take more than the 5 second default timeout + _timeout = 15000; + + _sc = nullptr; + _sc_svr = nullptr; + _eng = nullptr; + _x509_minimal = nullptr; + _x509_insecure = nullptr; + _x509_knownkey = nullptr; + _iobuf_in = nullptr; + _iobuf_out = nullptr; + _now = 0; // You can override or ensure time() is correct w/configTime + _ta = nullptr; + setBufferSizes(16384, 512); // Minimum safe + _handshake_done = false; + _recvapp_buf = nullptr; + _recvapp_len = 0; + _oom_err = false; +} + +void WiFiClientBearSSL::_clearAuthenticationSettings() { + _use_insecure = false; + _use_fingerprint = false; + _use_self_signed = false; + _knownkey = nullptr; + _sk = nullptr; +} + + +WiFiClientBearSSL::WiFiClientBearSSL() : WiFiClient() { + _clear(); + _clearAuthenticationSettings(); + _certStore = nullptr; // Don't want to remove cert store on a clear, should be long lived + if (!_bearssl_stack) { + #if 1 + const int stacksize = 4500; // Empirically determined stack for EC and RSA connections + _bearssl_stack = std::shared_ptr(new uint8_t[stacksize], std::default_delete()); + br_esp8266_stack_proxy_init(_bearssl_stack.get(), stacksize); + #else + // TODO - DANGEROUS - EVIL + // Steal memory from the SYS stack instead of allocating HEAP + const int stacksize = 0x1200; // Empirically determined stack for EC and RSA connections + _bearssl_stack = std::shared_ptr(new uint8_t[1 /* just placeholder, real space is sys_space */], std::default_delete()); + uint8_t *sys_space = (uint8_t*)0x3fffe000; + br_esp8266_stack_proxy_init(sys_space, stacksize); + #endif + } + _local_bearssl_stack = _bearssl_stack; +} + +WiFiClientBearSSL::~WiFiClientBearSSL() { + if (_client) { + _client->unref(); + _client = nullptr; + } + _freeSSL(); + _local_bearssl_stack = nullptr; // Potentially delete it if we're the last SSL object +} + +WiFiClientBearSSL::WiFiClientBearSSL(ClientContext* client, + const BearSSLX509List *chain, const BearSSLPrivateKey *sk, + int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta) { + _clear(); + _clearAuthenticationSettings(); + _iobuf_in_size = iobuf_in_size; + _iobuf_out_size = iobuf_out_size; + _client = client; + _client->ref(); + if (!_connectSSLServerRSA(chain, sk, client_CA_ta)) { + _client->unref(); + _client = nullptr; + _clear(); + } +} + +WiFiClientBearSSL::WiFiClientBearSSL(ClientContext *client, + const BearSSLX509List *chain, + unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk, + int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta) { + _clear(); + _clearAuthenticationSettings(); + _iobuf_in_size = iobuf_in_size; + _iobuf_out_size = iobuf_out_size; + _client = client; + _client->ref(); + if (!_connectSSLServerEC(chain, cert_issuer_key_type, sk, client_CA_ta)) { + _client->unref(); + _client = nullptr; + _clear(); + } +} + +void WiFiClientBearSSL::setClientRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) { + _chain = chain; + _sk = sk; +} + +void WiFiClientBearSSL::setClientECCert(const BearSSLX509List *chain, + const BearSSLPrivateKey *sk, unsigned allowed_usages, unsigned cert_issuer_key_type) { + _chain = chain; + _sk = sk; + _allowed_usages = allowed_usages; + _cert_issuer_key_type = cert_issuer_key_type; +} + +void WiFiClientBearSSL::setBufferSizes(int recv, int xmit) { + // Following constants taken from bearssl/src/ssl/ssl_engine.c (not exported unfortunately) + const int MAX_OUT_OVERHEAD = 85; + const int MAX_IN_OVERHEAD = 325; + + // The data buffers must be between 512B and 16KB + recv = std::max(512, std::min(16384, recv)); + xmit = std::max(512, std::min(16384, xmit)); + + // Add in overhead for SSL protocol + recv += MAX_IN_OVERHEAD; + xmit += MAX_OUT_OVERHEAD; + _iobuf_in_size = recv; + _iobuf_out_size = xmit; +} + +void WiFiClientBearSSL::stop() { + flush(); + if (_client) { + _client->wait_until_sent(); + _client->abort(); + _client->unref(); + _client = nullptr; + } + WiFiClient::stop(); + _freeSSL(); +} + +void WiFiClientBearSSL::flush() { + (void) _run_until(BR_SSL_SENDAPP); + WiFiClient::flush(); +} + +int WiFiClientBearSSL::connect(IPAddress ip, uint16_t port) { + if (!WiFiClient::connect(ip, port)) { + return 0; + } + return _connectSSL(nullptr); +} + +int WiFiClientBearSSL::connect(const char* name, uint16_t port) { + IPAddress remote_addr; + if (!WiFi.hostByName(name, remote_addr)) { + return 0; + } + if (!WiFiClient::connect(remote_addr, port)) { + return 0; + } + return _connectSSL(name); +} + +int WiFiClientBearSSL::connect(const String host, uint16_t port) { + return connect(host.c_str(), port); +} + +void WiFiClientBearSSL::_freeSSL() { + // These are smart pointers and will free if refcnt==0 + _sc = nullptr; + _sc_svr = nullptr; + _x509_minimal = nullptr; + _x509_insecure = nullptr; + _x509_knownkey = nullptr; + _iobuf_in = nullptr; + _iobuf_out = nullptr; + // Reset non-allocated ptrs (pointing to bits potentially free'd above) + _recvapp_buf = nullptr; + _recvapp_len = 0; + // This connection is toast + _handshake_done = false; +} + +bool WiFiClientBearSSL::_clientConnected() { + return (_client && _client->state() == ESTABLISHED); +} + +uint8_t WiFiClientBearSSL::connected() { + if (_recvapp_len) { + return true; + } + if (_client && _client->state() == ESTABLISHED && _handshake_done) { + return true; + } + return false; +} + +size_t WiFiClientBearSSL::_write(const uint8_t *buf, size_t size, bool pmem) { + if (!connected() || !size || !_handshake_done) { + return 0; + } + + if (_run_until(BR_SSL_SENDAPP) < 0) { + return 0; + } + + if (br_ssl_engine_current_state(_eng) & BR_SSL_SENDAPP) { + size_t sendapp_len; + unsigned char *sendapp_buf = br_ssl_engine_sendapp_buf(_eng, &sendapp_len); + int to_send = size > sendapp_len ? sendapp_len : size; + if (pmem) { + memcpy_P(sendapp_buf, buf, to_send); + } else { + memcpy(sendapp_buf, buf, to_send); + } + br_ssl_engine_sendapp_ack(_eng, to_send); + br_ssl_engine_flush(_eng, 0); + flush(); + return to_send; + } + + return 0; +} + +size_t WiFiClientBearSSL::write(const uint8_t *buf, size_t size) { + return _write(buf, size, false); +} + +size_t WiFiClientBearSSL::write_P(PGM_P buf, size_t size) { + return _write((const uint8_t *)buf, size, true); +} + +// We have to manually read and send individual chunks. +size_t WiFiClientBearSSL::write(Stream& stream) { + size_t totalSent = 0; + size_t countRead; + size_t countSent; + + if (!connected() || !_handshake_done) { + return 0; + } + + do { + uint8_t temp[256]; // Temporary chunk size same as ClientContext + countSent = 0; + countRead = stream.readBytes(temp, sizeof(temp)); + if (countRead) { + countSent = _write((const uint8_t*)temp, countRead, true); + totalSent += countSent; + } + yield(); // Feed the WDT + } while ((countSent == countRead) && (countSent > 0)); + return totalSent; +} + +int WiFiClientBearSSL::read(uint8_t *buf, size_t size) { + if (!ctx_present() || !_handshake_done) { + return -1; + } + + int avail = available(); + bool conn = connected(); + if (!avail && conn) { + return 0; // We're still connected, but nothing to read + } + if (!avail && !conn) { + return -1; + } + + if (avail) { + // Take data from the recvapp buffer + int to_copy = _recvapp_len < size ? _recvapp_len : size; + memcpy(buf, _recvapp_buf, to_copy); + br_ssl_engine_recvapp_ack(_eng, to_copy); + _recvapp_buf = nullptr; + _recvapp_len = 0; + return to_copy; + } + + return conn ? 0 : -1; // If we're connected, no error but no read. OTW error +} + +int WiFiClientBearSSL::read() { + uint8_t c; + if (1 == read(&c, 1)) { + return c; + } + return -1; +} + +int WiFiClientBearSSL::available() { + if (_recvapp_buf) { + return _recvapp_len; // Anything from last call? + } + _recvapp_buf = nullptr; + _recvapp_len = 0; + if (!ctx_present() || _run_until(BR_SSL_RECVAPP, false) < 0) { + return 0; + } + int st = br_ssl_engine_current_state(_eng); + if (st == BR_SSL_CLOSED) { + return 0; // Nothing leftover, SSL is closed + } + if (st & BR_SSL_RECVAPP) { + _recvapp_buf = br_ssl_engine_recvapp_buf(_eng, &_recvapp_len); + return _recvapp_len; + } + + return 0; +} + +int WiFiClientBearSSL::peek() { + if (!ctx_present() || !available()) { + return -1; + } + if (_recvapp_buf && _recvapp_len) { + return _recvapp_buf[0]; + } + return -1; +} + +size_t WiFiClientBearSSL::peekBytes(uint8_t *buffer, size_t length) { + size_t to_copy = 0; + if (!ctx_present()) { + return 0; + } + + _startMillis = millis(); + while ((available() < (int) length) && ((millis() - _startMillis) < 5000)) { + yield(); + } + + to_copy = _recvapp_len < length ? _recvapp_len : length; + memcpy(buffer, _recvapp_buf, to_copy); + return to_copy; +} + +/* --- Copied almost verbatim from BEARSSL SSL_IO.C --- + Run the engine, until the specified target state is achieved, or + an error occurs. The target state is SENDAPP, RECVAPP, or the + combination of both (the combination matches either). When a match is + achieved, this function returns 0. On error, it returns -1. +*/ +int WiFiClientBearSSL::_run_until(unsigned target, bool blocking) { + if (!ctx_present()) { + return -1; + } + for (int no_work = 0; blocking || no_work < 2;) { + if (blocking) { + // Only for blocking operations can we afford to yield() + optimistic_yield(100); + } + + int state; + state = br_ssl_engine_current_state(_eng); + if (state & BR_SSL_CLOSED) { + return -1; + } + + if (!(_client->state() == ESTABLISHED) && !WiFiClient::available()) { + return -1; + } + + /* + If there is some record data to send, do it. This takes + precedence over everything else. + */ + if (state & BR_SSL_SENDREC) { + unsigned char *buf; + size_t len; + int wlen; + + buf = br_ssl_engine_sendrec_buf(_eng, &len); + wlen = WiFiClient::write(buf, len); + if (wlen <= 0) { + /* + If we received a close_notify and we + still send something, then we have our + own response close_notify to send, and + the peer is allowed by RFC 5246 not to + wait for it. + */ + return -1; + } + if (wlen > 0) { + br_ssl_engine_sendrec_ack(_eng, wlen); + } + no_work = 0; + continue; + } + + /* + If we reached our target, then we are finished. + */ + if (state & target) { + return 0; + } + + /* + If some application data must be read, and we did not + exit, then this means that we are trying to write data, + and that's not possible until the application data is + read. This may happen if using a shared in/out buffer, + and the underlying protocol is not strictly half-duplex. + This is unrecoverable here, so we report an error. + */ + if (state & BR_SSL_RECVAPP) { + return -1; + } + + /* + If we reached that point, then either we are trying + to read data and there is some, or the engine is stuck + until a new record is obtained. + */ + if (state & BR_SSL_RECVREC) { + if (WiFiClient::available()) { + unsigned char *buf; + size_t len; + int rlen; + + buf = br_ssl_engine_recvrec_buf(_eng, &len); + rlen = WiFiClient::read(buf, len); + if (rlen < 0) { + return -1; + } + if (rlen > 0) { + br_ssl_engine_recvrec_ack(_eng, rlen); + } + no_work = 0; + continue; + } + } + + /* + We can reach that point if the target RECVAPP, and + the state contains SENDAPP only. This may happen with + a shared in/out buffer. In that case, we must flush + the buffered data to "make room" for a new incoming + record. + */ + br_ssl_engine_flush(_eng, 0); + + no_work++; // We didn't actually advance here + } + // We only get here if we ran through the loop without getting anything done + return -1; +} + +bool WiFiClientBearSSL::_wait_for_handshake() { + _handshake_done = false; + while (!_handshake_done && _clientConnected()) { + int ret = _run_until(BR_SSL_SENDAPP); + if (ret < 0) { + break; + } + if (br_ssl_engine_current_state(_eng) & BR_SSL_SENDAPP) { + _handshake_done = true; + } + } + return _handshake_done; +} + + +extern "C" { + + // BearSSL doesn't define a true insecure decoder, so we make one ourselves + // from the simple parser. It generates the issuer and subject hashes and + // the SHA1 fingerprint, only one (or none!) of which will be used to + // "verify" the certificate. + + // Private x509 decoder state + struct br_x509_insecure_context { + const br_x509_class *vtable; + bool done_cert; + const uint8_t *match_fingerprint; + br_sha1_context sha1_cert; + bool allow_self_signed; + br_sha256_context sha256_subject; + br_sha256_context sha256_issuer; + br_x509_decoder_context ctx; + }; + + // Callback for the x509_minimal subject DN + static void insecure_subject_dn_append(void *ctx, const void *buf, size_t len) { + br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + br_sha256_update(&xc->sha256_subject, buf, len); + } + + // Callback for the x509_minimal issuer DN + static void insecure_issuer_dn_append(void *ctx, const void *buf, size_t len) { + br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + br_sha256_update(&xc->sha256_issuer, buf, len); + } + + // Callback on the first byte of any certificate + static void insecure_start_chain(const br_x509_class **ctx, const char *server_name) { + br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + br_x509_decoder_init(&xc->ctx, insecure_subject_dn_append, xc, insecure_issuer_dn_append, xc); + xc->done_cert = false; + br_sha1_init(&xc->sha1_cert); + br_sha256_init(&xc->sha256_subject); + br_sha256_init(&xc->sha256_issuer); + (void)server_name; + } + + // Callback for each certificate present in the chain (but only operates + // on the first one by design). + static void insecure_start_cert(const br_x509_class **ctx, uint32_t length) { + (void) ctx; + (void) length; + } + + // Callback for each byte stream in the chain. Only process first cert. + static void insecure_append(const br_x509_class **ctx, const unsigned char *buf, size_t len) { + br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + // Don't process anything but the first certificate in the chain + if (!xc->done_cert) { + br_sha1_update(&xc->sha1_cert, buf, len); + br_x509_decoder_push(&xc->ctx, (const void*)buf, len); + } + } + + // Callback on individual cert end. + static void insecure_end_cert(const br_x509_class **ctx) { + br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + xc->done_cert = true; + } + + // Callback when complete chain has been parsed. + // Return 0 on validation success, !0 on validation error + static unsigned insecure_end_chain(const br_x509_class **ctx) { + const br_x509_insecure_context *xc = (const br_x509_insecure_context *)ctx; + if (!xc->done_cert) { + return 1; // error + } + + // Handle SHA1 fingerprint matching + char res[20]; + br_sha1_out(&xc->sha1_cert, res); + if (xc->match_fingerprint && memcmp(res, xc->match_fingerprint, sizeof(res))) { + return BR_ERR_X509_NOT_TRUSTED; + } + + // Handle self-signer certificate acceptance + char res_issuer[32]; + char res_subject[32]; + br_sha256_out(&xc->sha256_issuer, res_issuer); + br_sha256_out(&xc->sha256_subject, res_subject); + if (xc->allow_self_signed && memcmp(res_subject, res_issuer, sizeof(res_issuer))) { + return BR_ERR_X509_NOT_TRUSTED; + } + + // Default (no validation at all) or no errors in prior checks = success. + return 0; + } + + // Return the public key from the validator (set by x509_minimal) + static const br_x509_pkey *insecure_get_pkey(const br_x509_class *const *ctx, unsigned *usages) { + const br_x509_insecure_context *xc = (const br_x509_insecure_context *)ctx; + if (usages != NULL) { + *usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN; // I said we were insecure! + } + return &xc->ctx.pkey; + } + + // Set up the x509 insecure data structures for BearSSL core to use. + void br_x509_insecure_init(br_x509_insecure_context *ctx, int _use_fingerprint, const uint8_t _fingerprint[20], int _allow_self_signed) { + static const br_x509_class br_x509_insecure_vtable PROGMEM = { + sizeof(br_x509_insecure_context), + insecure_start_chain, + insecure_start_cert, + insecure_append, + insecure_end_cert, + insecure_end_chain, + insecure_get_pkey + }; + + memset(ctx, 0, sizeof * ctx); + ctx->vtable = &br_x509_insecure_vtable; + ctx->done_cert = false; + ctx->match_fingerprint = _use_fingerprint ? _fingerprint : nullptr; + ctx->allow_self_signed = _allow_self_signed ? 1 : 0; + } + + // Some constants uses to init the server/client contexts + // Note that suites_P needs to be copied to RAM before use w/BearSSL! + static const uint16_t suites_P[] PROGMEM = { + BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + BR_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, + BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, + BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + BR_TLS_RSA_WITH_AES_128_GCM_SHA256, + BR_TLS_RSA_WITH_AES_256_GCM_SHA384, + BR_TLS_RSA_WITH_AES_128_CBC_SHA256, + BR_TLS_RSA_WITH_AES_256_CBC_SHA256, + BR_TLS_RSA_WITH_AES_128_CBC_SHA, + BR_TLS_RSA_WITH_AES_256_CBC_SHA, + BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA + }; + + // Install hashes into the SSL engine + static void br_ssl_client_install_hashes(br_ssl_engine_context *eng) { + br_ssl_engine_set_hash(eng, br_md5_ID, &br_md5_vtable); + br_ssl_engine_set_hash(eng, br_sha1_ID, &br_sha1_vtable); + br_ssl_engine_set_hash(eng, br_sha224_ID, &br_sha224_vtable); + br_ssl_engine_set_hash(eng, br_sha256_ID, &br_sha256_vtable); + br_ssl_engine_set_hash(eng, br_sha384_ID, &br_sha384_vtable); + br_ssl_engine_set_hash(eng, br_sha512_ID, &br_sha512_vtable); + } + + static void br_x509_minimal_install_hashes(br_x509_minimal_context *x509) { + br_x509_minimal_set_hash(x509, br_md5_ID, &br_md5_vtable); + br_x509_minimal_set_hash(x509, br_sha1_ID, &br_sha1_vtable); + br_x509_minimal_set_hash(x509, br_sha224_ID, &br_sha224_vtable); + br_x509_minimal_set_hash(x509, br_sha256_ID, &br_sha256_vtable); + br_x509_minimal_set_hash(x509, br_sha384_ID, &br_sha384_vtable); + br_x509_minimal_set_hash(x509, br_sha512_ID, &br_sha512_vtable); + } + + // Default initializion for our SSL clients + static void br_ssl_client_base_init(br_ssl_client_context *cc) { + uint16_t suites[sizeof(suites_P) / sizeof(uint16_t)]; + memcpy_P(suites, suites_P, sizeof(suites_P)); + br_ssl_client_zero(cc); + br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12); + br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0])); + br_ssl_client_set_default_rsapub(cc); + br_ssl_engine_set_default_rsavrfy(&cc->eng); + br_ssl_engine_set_default_ecdsa(&cc->eng); + br_ssl_client_install_hashes(&cc->eng); + br_ssl_engine_set_prf10(&cc->eng, &br_tls10_prf); + br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf); + br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf); + br_ssl_engine_set_default_aes_cbc(&cc->eng); + br_ssl_engine_set_default_aes_gcm(&cc->eng); + br_ssl_engine_set_default_des_cbc(&cc->eng); + br_ssl_engine_set_default_chapol(&cc->eng); + } + +} + +// Installs the appropriate X509 cert validation method for a client connection +bool WiFiClientBearSSL::_installClientX509Validator() { + if (_use_insecure || _use_fingerprint || _use_self_signed) { + // Use common insecure x509 authenticator + _x509_insecure = std::make_shared(); + if (!_x509_insecure) { + return false; + } + br_x509_insecure_init(_x509_insecure.get(), _use_fingerprint, _fingerprint, _use_self_signed); + br_ssl_engine_set_x509(_eng, &_x509_insecure->vtable); + } else if (_knownkey) { + // Simple, pre-known public key authenticator, ignores cert completely. + _x509_knownkey = std::make_shared(); + if (!_x509_knownkey) { + return false; + } + if (_knownkey->isRSA()) { + br_x509_knownkey_init_rsa(_x509_knownkey.get(), _knownkey->getRSA(), _knownkey_usages); + } else if (_knownkey->isEC()) { + br_x509_knownkey_init_ec(_x509_knownkey.get(), _knownkey->getEC(), _knownkey_usages); + } + br_ssl_engine_set_x509(_eng, &_x509_knownkey->vtable); + } else { + // X509 minimal validator. Checks dates, cert chain for trusted CA, etc. + _x509_minimal = std::make_shared(); + if (!_x509_minimal) { + return false; + } + br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta ? _ta->getTrustAnchors() : nullptr, _ta ? _ta->getCount() : 0); + br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng)); + br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng)); + br_x509_minimal_install_hashes(_x509_minimal.get()); + if (_now) { + // Magic constants convert to x509 times + br_x509_minimal_set_time(_x509_minimal.get(), ((uint32_t)_now) / 86400 + 719528, ((uint32_t)_now) % 86400); + } + if (_certStore) { + _certStore->installCertStore(_x509_minimal.get()); + } + br_ssl_engine_set_x509(_eng, &_x509_minimal->vtable); + } + return true; +} + +// Called by connect() to do the actual SSL setup and handshake. +// Returns if the SSL handshake succeeded. +bool WiFiClientBearSSL::_connectSSL(const char* hostName) { + _freeSSL(); + _oom_err = false; + + _sc = std::make_shared(); + _eng = &_sc->eng; // Allocation/deallocation taken care of by the _sc shared_ptr + _iobuf_in = std::shared_ptr(new unsigned char[_iobuf_in_size], std::default_delete()); + _iobuf_out = std::shared_ptr(new unsigned char[_iobuf_out_size], std::default_delete()); + + if (!_sc || !_iobuf_in || !_iobuf_out) { + _freeSSL(); // Frees _sc, _iobuf* + _oom_err = true; + return false; + } + + br_ssl_client_base_init(_sc.get()); + // Only failure possible in the installation is OOM + if (!_installClientX509Validator()) { + _freeSSL(); + _oom_err = true; + return false; + } + br_ssl_engine_set_buffers_bidi(_eng, _iobuf_in.get(), _iobuf_in_size, _iobuf_out.get(), _iobuf_out_size); + // Apply any client certificates, if supplied. + if (_sk && _sk->isRSA()) { + br_ssl_client_set_single_rsa(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0, + _sk->getRSA(), br_rsa_pkcs1_sign_get_default()); + } else if (_sk && _sk->isEC()) { + br_ssl_client_set_single_ec(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0, + _sk->getEC(), _allowed_usages, + _cert_issuer_key_type, br_ec_get_default(), br_ecdsa_sign_asn1_get_default()); + } + + if (!br_ssl_client_reset(_sc.get(), hostName, 0)) { + _freeSSL(); + return false; + } + + return _wait_for_handshake(); +} + +// Slightly different X509 setup for servers who want to validate client +// certificates, so factor it out as it's used in RSA and EC servers. +bool WiFiClientBearSSL::_installServerX509Validator(const BearSSLX509List *client_CA_ta) { + if (client_CA_ta) { + _ta = client_CA_ta; + // X509 minimal validator. Checks dates, cert chain for trusted CA, etc. + _x509_minimal = std::make_shared(); + if (!_x509_minimal) { + _freeSSL(); + _oom_err = true; + return false; + } + br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta->getTrustAnchors(), _ta->getCount()); + br_ssl_engine_set_default_rsavrfy(_eng); + br_ssl_engine_set_default_ecdsa(_eng); + br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng)); + br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng)); + br_x509_minimal_install_hashes(_x509_minimal.get()); + if (_now) { + // Magic constants convert to x509 times + br_x509_minimal_set_time(_x509_minimal.get(), ((uint32_t)_now) / 86400 + 719528, ((uint32_t)_now) % 86400); + } + br_ssl_engine_set_x509(_eng, &_x509_minimal->vtable); + br_ssl_server_set_trust_anchor_names_alt(_sc_svr.get(), _ta->getTrustAnchors(), _ta->getCount()); + } + return true; +} + +// Called by WiFiServerBearSSL when an RSA cert/key is specified. +bool WiFiClientBearSSL::_connectSSLServerRSA(const BearSSLX509List *chain, + const BearSSLPrivateKey *sk, + const BearSSLX509List *client_CA_ta) { + _freeSSL(); + _oom_err = false; + _sc_svr = std::make_shared(); + _eng = &_sc_svr->eng; // Allocation/deallocation taken care of by the _sc shared_ptr + _iobuf_in = std::shared_ptr(new unsigned char[_iobuf_in_size], std::default_delete()); + _iobuf_out = std::shared_ptr(new unsigned char[_iobuf_out_size], std::default_delete()); + + if (!_sc_svr || !_iobuf_in || !_iobuf_out) { + _freeSSL(); + _oom_err = true; + return false; + } + + br_ssl_server_init_full_rsa(_sc_svr.get(), chain ? chain->getX509Certs() : nullptr, chain ? chain->getCount() : 0, sk ? sk->getRSA() : nullptr); + br_ssl_engine_set_buffers_bidi(_eng, _iobuf_in.get(), _iobuf_in_size, _iobuf_out.get(), _iobuf_out_size); + if (client_CA_ta && !_installServerX509Validator(client_CA_ta)) { + return false; + } + if (!br_ssl_server_reset(_sc_svr.get())) { + _freeSSL(); + return false; + } + + return _wait_for_handshake(); +} + +// Called by WiFiServerBearSSL when an elliptic curve cert/key is specified. +bool WiFiClientBearSSL::_connectSSLServerEC(const BearSSLX509List *chain, + unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk, + const BearSSLX509List *client_CA_ta) { + _freeSSL(); + _oom_err = false; + _sc_svr = std::make_shared(); + _eng = &_sc_svr->eng; // Allocation/deallocation taken care of by the _sc shared_ptr + _iobuf_in = std::shared_ptr(new unsigned char[_iobuf_in_size], std::default_delete()); + _iobuf_out = std::shared_ptr(new unsigned char[_iobuf_out_size], std::default_delete()); + + if (!_sc_svr || !_iobuf_in || !_iobuf_out) { + _freeSSL(); + _oom_err = true; + return false; + } + + br_ssl_server_init_full_ec(_sc_svr.get(), chain ? chain->getX509Certs() : nullptr, chain ? chain->getCount() : 0, + cert_issuer_key_type, sk ? sk->getEC() : nullptr); + br_ssl_engine_set_buffers_bidi(_eng, _iobuf_in.get(), _iobuf_in_size, _iobuf_out.get(), _iobuf_out_size); + if (client_CA_ta && !_installServerX509Validator(client_CA_ta)) { + return false; + } + if (!br_ssl_server_reset(_sc_svr.get())) { + _freeSSL(); + return false; + } + + return _wait_for_handshake(); +} + +// Returns an error ID and possibly a string (if dest != null) of the last +// BearSSL reported error. +int WiFiClientBearSSL::getLastSSLError(char *dest, size_t len) { + int err = 0; + const char *t = PSTR("OK"); + if (_sc || _sc_svr) { + err = br_ssl_engine_last_error(_eng); + } + if (_oom_err) { + err = -1000; + } + switch (err) { + case -1000: t = PSTR("Unable to allocate memory for SSL structures and buffers."); break; + case BR_ERR_BAD_PARAM: t = PSTR("Caller-provided parameter is incorrect."); break; + case BR_ERR_BAD_STATE: t = PSTR("Operation requested by the caller cannot be applied with the current context state (e.g. reading data while outgoing data is waiting to be sent)."); break; + case BR_ERR_UNSUPPORTED_VERSION: t = PSTR("Incoming protocol or record version is unsupported."); break; + case BR_ERR_BAD_VERSION: t = PSTR("Incoming record version does not match the expected version."); break; + case BR_ERR_BAD_LENGTH: t = PSTR("Incoming record length is invalid."); break; + case BR_ERR_TOO_LARGE: t = PSTR("Incoming record is too large to be processed, or buffer is too small for the handshake message to send."); break; + case BR_ERR_BAD_MAC: t = PSTR("Decryption found an invalid padding, or the record MAC is not correct."); break; + case BR_ERR_NO_RANDOM: t = PSTR("No initial entropy was provided, and none can be obtained from the OS."); break; + case BR_ERR_UNKNOWN_TYPE: t = PSTR("Incoming record type is unknown."); break; + case BR_ERR_UNEXPECTED: t = PSTR("Incoming record or message has wrong type with regards to the current engine state."); break; + case BR_ERR_BAD_CCS: t = PSTR("ChangeCipherSpec message from the peer has invalid contents."); break; + case BR_ERR_BAD_ALERT: t = PSTR("Alert message from the peer has invalid contents (odd length)."); break; + case BR_ERR_BAD_HANDSHAKE: t = PSTR("Incoming handshake message decoding failed."); break; + case BR_ERR_OVERSIZED_ID: t = PSTR("ServerHello contains a session ID which is larger than 32 bytes."); break; + case BR_ERR_BAD_CIPHER_SUITE: t = PSTR("Server wants to use a cipher suite that we did not claim to support. This is also reported if we tried to advertise a cipher suite that we do not support."); break; + case BR_ERR_BAD_COMPRESSION: t = PSTR("Server wants to use a compression that we did not claim to support."); break; + case BR_ERR_BAD_FRAGLEN: t = PSTR("Server's max fragment length does not match client's."); break; + case BR_ERR_BAD_SECRENEG: t = PSTR("Secure renegotiation failed."); break; + case BR_ERR_EXTRA_EXTENSION: t = PSTR("Server sent an extension type that we did not announce, or used the same extension type several times in a single ServerHello."); break; + case BR_ERR_BAD_SNI: t = PSTR("Invalid Server Name Indication contents (when used by the server, this extension shall be empty)."); break; + case BR_ERR_BAD_HELLO_DONE: t = PSTR("Invalid ServerHelloDone from the server (length is not 0)."); break; + case BR_ERR_LIMIT_EXCEEDED: t = PSTR("Internal limit exceeded (e.g. server's public key is too large)."); break; + case BR_ERR_BAD_FINISHED: t = PSTR("Finished message from peer does not match the expected value."); break; + case BR_ERR_RESUME_MISMATCH: t = PSTR("Session resumption attempt with distinct version or cipher suite."); break; + case BR_ERR_INVALID_ALGORITHM: t = PSTR("Unsupported or invalid algorithm (ECDHE curve, signature algorithm, hash function)."); break; + case BR_ERR_BAD_SIGNATURE: t = PSTR("Invalid signature in ServerKeyExchange or CertificateVerify message."); break; + case BR_ERR_WRONG_KEY_USAGE: t = PSTR("Peer's public key does not have the proper type or is not allowed for the requested operation."); break; + case BR_ERR_NO_CLIENT_AUTH: t = PSTR("Client did not send a certificate upon request, or the client certificate could not be validated."); break; + case BR_ERR_IO: t = PSTR("I/O error or premature close on transport stream."); break; + case BR_ERR_X509_INVALID_VALUE: t = PSTR("Invalid value in an ASN.1 structure."); break; + case BR_ERR_X509_TRUNCATED: t = PSTR("Truncated certificate or other ASN.1 object."); break; + case BR_ERR_X509_EMPTY_CHAIN: t = PSTR("Empty certificate chain (no certificate at all)."); break; + case BR_ERR_X509_INNER_TRUNC: t = PSTR("Decoding error: inner element extends beyond outer element size."); break; + case BR_ERR_X509_BAD_TAG_CLASS: t = PSTR("Decoding error: unsupported tag class (application or private)."); break; + case BR_ERR_X509_BAD_TAG_VALUE: t = PSTR("Decoding error: unsupported tag value."); break; + case BR_ERR_X509_INDEFINITE_LENGTH: t = PSTR("Decoding error: indefinite length."); break; + case BR_ERR_X509_EXTRA_ELEMENT: t = PSTR("Decoding error: extraneous element."); break; + case BR_ERR_X509_UNEXPECTED: t = PSTR("Decoding error: unexpected element."); break; + case BR_ERR_X509_NOT_CONSTRUCTED: t = PSTR("Decoding error: expected constructed element, but is primitive."); break; + case BR_ERR_X509_NOT_PRIMITIVE: t = PSTR("Decoding error: expected primitive element, but is constructed."); break; + case BR_ERR_X509_PARTIAL_BYTE: t = PSTR("Decoding error: BIT STRING length is not multiple of 8."); break; + case BR_ERR_X509_BAD_BOOLEAN: t = PSTR("Decoding error: BOOLEAN value has invalid length."); break; + case BR_ERR_X509_OVERFLOW: t = PSTR("Decoding error: value is off-limits."); break; + case BR_ERR_X509_BAD_DN: t = PSTR("Invalid distinguished name."); break; + case BR_ERR_X509_BAD_TIME: t = PSTR("Invalid date/time representation."); break; + case BR_ERR_X509_UNSUPPORTED: t = PSTR("Certificate contains unsupported features that cannot be ignored."); break; + case BR_ERR_X509_LIMIT_EXCEEDED: t = PSTR("Key or signature size exceeds internal limits."); break; + case BR_ERR_X509_WRONG_KEY_TYPE: t = PSTR("Key type does not match that which was expected."); break; + case BR_ERR_X509_BAD_SIGNATURE: t = PSTR("Signature is invalid."); break; + case BR_ERR_X509_TIME_UNKNOWN: t = PSTR("Validation time is unknown."); break; + case BR_ERR_X509_EXPIRED: t = PSTR("Certificate is expired or not yet valid."); break; + case BR_ERR_X509_DN_MISMATCH: t = PSTR("Issuer/Subject DN mismatch in the chain."); break; + case BR_ERR_X509_BAD_SERVER_NAME: t = PSTR("Expected server name was not found in the chain."); break; + case BR_ERR_X509_CRITICAL_EXTENSION: t = PSTR("Unknown critical extension in certificate."); break; + case BR_ERR_X509_NOT_CA: t = PSTR("Not a CA, or path length constraint violation."); break; + case BR_ERR_X509_FORBIDDEN_KEY_USAGE: t = PSTR("Key Usage extension prohibits intended usage."); break; + case BR_ERR_X509_WEAK_PUBLIC_KEY: t = PSTR("Public key found in certificate is too small."); break; + case BR_ERR_X509_NOT_TRUSTED: t = PSTR("Chain could not be linked to a trust anchor."); break; + default: t = PSTR("Unknown error code."); break; + } + if (dest) { + strncpy_P(dest, t, len); + dest[len - 1] = 0; + } + return err; +} + +bool WiFiClientBearSSL::probeMaxFragmentLength(const char* name, uint16_t port, uint16_t len) { + IPAddress remote_addr; + if (!WiFi.hostByName(name, remote_addr)) { + return false; + } + return WiFiClientBearSSL::probeMaxFragmentLength(remote_addr, port, len); +} + +bool WiFiClientBearSSL::probeMaxFragmentLength(const String host, uint16_t port, uint16_t len) { + return WiFiClientBearSSL::probeMaxFragmentLength(host.c_str(), port, len); +} + + +// Helper function which aborts a TLS handshake by sending TLS +// ClientAbort and ClientClose messages. +static bool _SendAbort(WiFiClient& probe, bool supportsLen) { + // If we're still connected, send the appropriate notice that + // we're aborting the handshake per RFCs. + static const uint8_t clientAbort_P[] PROGMEM = { + 0x15 /*alert*/, 0x03, 0x03 /*TLS 1.2*/, 0x00, 0x02, + 1, 90 /* warning: user_cancelled */ + }; + static const uint8_t clientClose_P[] PROGMEM = { + 0x15 /*alert*/, 0x03, 0x03 /*TLS 1.2*/, 0x00, 0x02, + 1, 0 /* warning: close_notify */ + }; + if (probe.connected()) { + uint8_t msg[sizeof(clientAbort_P)]; + memcpy_P(msg, clientAbort_P, sizeof(clientAbort_P)); + probe.write(msg, sizeof(clientAbort_P)); + memcpy_P(msg, clientClose_P, sizeof(clientClose_P)); + probe.write(msg, sizeof(clientClose_P)); + } + return supportsLen; +} + +// Checks for support of Maximum Frame Length Negotiation at the given +// blocksize. Note that, per spec, only 512, 1024, 2048, and 4096 are +// supported. Many servers today do not support this negotiation. + +// TODO - Allow for fragmentation...but not very critical as the ServerHello +// we use comes to < 80 bytes which has no reason to ever be fragmented. +// TODO - Check the type of returned extensions and that the MFL is the exact +// same one we sent. Not critical as only horribly broken servers would +// return changed or add their own extensions. +bool WiFiClientBearSSL::probeMaxFragmentLength(IPAddress ip, uint16_t port, uint16_t len) { + // Hardcoded TLS 1.2 packets used throughout + static const uint8_t clientHelloHead_P[] PROGMEM = { + 0x16, 0x03, 0x03, 0x00, 0, // TLS header, change last 2 bytes to len + 0x01, 0x00, 0x00, 0, // Last 3 bytes == length + 0x03, 0x03, // Proto version TLS 1.2 + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, // Random (gmtime + rand[28]) + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x00, // Session ID + }; + // Followed by our cipher-suite, generated on-the-fly + // 0x00, 0x02, // cipher suite len + // 0xc0, 0x13, // BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + static const uint8_t clientHelloTail_P[] PROGMEM = { + 0x01, 0x00, // No compression + 0x00, 0x05, // Extension length + 0x00, 0x01, // Max Frag Len + 0x00, 0x01, // len of MaxFragLen + }; + // Followed by a 1-byte MFLN size requesst + // 0x04 // 2^12 = 4K + uint8_t mfl; + + switch (len) { + case 512: mfl = 1; break; + case 1024: mfl = 2; break; + case 2048: mfl = 3; break; + case 4096: mfl = 4; break; + default: return false; // Invalid size + } + int ttlLen = sizeof(clientHelloHead_P) + (2 + sizeof(suites_P)) + (sizeof(clientHelloTail_P) + 1); + uint8_t *clientHello = new uint8_t[ttlLen]; + if (!clientHello) { + return false; + } + memcpy_P(clientHello, clientHelloHead_P, sizeof(clientHelloHead_P)); + clientHello[sizeof(clientHelloHead_P) + 0] = sizeof(suites_P) >> 8; // MSB byte len + clientHello[sizeof(clientHelloHead_P) + 1] = sizeof(suites_P) & 0xff; // LSB byte len + for (size_t i = 0; i < sizeof(suites_P) / sizeof(suites_P[0]); i++) { + uint16_t flip = pgm_read_word(&suites_P[i]); + // Swap to network byte order + flip = ((flip >> 8) & 0xff) | ((flip & 0xff) << 8); + memcpy(clientHello + sizeof(clientHelloHead_P) + 2 + 2 * i, &flip, 2); + } + memcpy_P(clientHello + sizeof(clientHelloHead_P) + 2 + sizeof(suites_P), clientHelloTail_P, sizeof(clientHelloTail_P)); + clientHello[sizeof(clientHelloHead_P) + 2 + sizeof(suites_P) + sizeof(clientHelloTail_P)] = mfl; + + // Fix up TLS fragment length + clientHello[3] = (ttlLen - 5) >> 8; + clientHello[4] = (ttlLen - 5) & 0xff; + // Fix up ClientHello message length + clientHello[7] = (ttlLen - 5 - 4) >> 8; + clientHello[8] = (ttlLen - 5 - 4) & 0xff; + + WiFiClient probe; + probe.connect(ip, port); + if (!probe.connected()) { + delete[] clientHello; + return false; + } + + int ret = probe.write(clientHello, ttlLen); + delete[] clientHello; // We're done w/the hello message + if (!probe.connected() || (ret != ttlLen)) { + return false; + } + + bool supportsLen = false; + uint8_t fragResp[5]; + int fragLen; + uint8_t hand[4]; + int handLen; + uint8_t protoVer[2]; + uint8_t rand[32]; + uint8_t sessionLen; + uint8_t cipher[2]; + uint8_t comp; + + ret = probe.readBytes(fragResp, 5); + if (!probe.connected() || (ret != 5) || (fragResp[0] != 0x16) || (fragResp[1] != 0x03) || (fragResp[2] != 0x03)) { + // Short read, not a HANDSHAKE or not TLS 1.2, so it's not supported + return _SendAbort(probe, supportsLen); + } + fragLen = (fragResp[3] << 8) | fragResp[4]; + if (fragLen < 4 + 2 + 32 + 1 + 2 + 1) { + // Too short to have an extension + return _SendAbort(probe, supportsLen); + } + + ret = probe.readBytes(hand, 4); + fragLen -= ret; + if ((ret != 4) || (hand[0] != 2)) { + // Short read or not server_hello + return _SendAbort(probe, supportsLen); + } + handLen = (hand[1] << 16) | (hand[2] << 8) | hand[3]; + if (handLen != fragLen) { + // Got some weird mismatch, this is invalid + return _SendAbort(probe, supportsLen); + } + + ret = probe.readBytes(protoVer, 2); + handLen -= ret; + if ((ret != 2) || (protoVer[0] != 0x03) || (protoVer[1] != 0x03)) { + // Short read or not tls 1.2, so can't do MFLN + return _SendAbort(probe, supportsLen); + } + + ret = probe.readBytes(rand, 32); + handLen -= ret; + if (ret != 32) { + // short read of random data + return _SendAbort(probe, supportsLen); + } + + ret = probe.readBytes(&sessionLen, 1); + handLen -= ret; + if ((ret != 1) || (sessionLen > 32)) { + // short read of session len or invalid size + return _SendAbort(probe, supportsLen); + } + if (sessionLen) { + ret = probe.readBytes(rand, sessionLen); + handLen -= ret; + if (ret != sessionLen) { + // short session id read + return _SendAbort(probe, supportsLen); + } + } + + ret = probe.readBytes(cipher, 2); + handLen -= ret; + if (ret != 2) { + // Short read...we don't check the cipher here + return _SendAbort(probe, supportsLen); + } + + ret = probe.readBytes(&comp, 1); + handLen -= ret; + if ((ret != 1) || comp != 0) { + // short read or invalid compression + return _SendAbort(probe, supportsLen); + } + if (handLen > 0) { + // At this point, having an extension present means that the extension we + // sent was accepted. + supportsLen = true; + } + return _SendAbort(probe, supportsLen); +} + + +// Debug printout helpers for BearSSL library when libbearssl.a is compiled in debug mode +// This is really only for debugging the core BearSSL library itself, and not the IDE +// SSL debugging which should focus on the WiFiClientBearSSL objects. + +extern "C" { +#include + extern cont_t g_cont; + extern size_t br_esp8266_stack_proxy_usage(); + + void _BearSSLCheckStack(const char *fcn, const char *file, int line) { + static int cnt = 0; + register uint32_t *sp asm("a1"); + int freestack = 4 * (sp - g_cont.stack); + int freeheap = ESP.getFreeHeap(); + static int laststack, lastheap, laststack2; + if ((laststack != freestack) || (lastheap != freeheap) || (laststack2 != (int)br_esp8266_stack_proxy_usage())) { + Serial.printf("%s:%s(%d): FREESTACK=%d, STACK2USAGE=%d, FREEHEAP=%d\n", file, fcn, line, freestack, br_esp8266_stack_proxy_usage(), freeheap); + if (freestack < 256) { + Serial.printf("!!! Out of main stack space\n"); + } + if (freeheap < 1024) { + Serial.printf("!!! Out of heap space\n"); + } + Serial.flush(); + laststack = freestack; + lastheap = freeheap; + laststack2 = (int)br_esp8266_stack_proxy_usage(); + } + // BearSSL debug can get very chatty, add yields to avoid WDT + if (cnt == 100) { + yield(); + cnt++; + } + } + + void _BearSSLSerialPrint(const char *str) { + static int cnt = 0; + Serial.printf("%s", str); + // BearSSL debug can get very chatty, add yields to avoid WDT + if (cnt == 100) { + yield(); + cnt++; + } + } +}; + diff --git a/libraries/ESP8266WiFi/src/WiFiClientBearSSL.h b/libraries/ESP8266WiFi/src/WiFiClientBearSSL.h new file mode 100644 index 0000000000..af56781519 --- /dev/null +++ b/libraries/ESP8266WiFi/src/WiFiClientBearSSL.h @@ -0,0 +1,175 @@ +/* + WiFiClientBearSSL- SSL client/server for esp8266 using BearSSL libraries + - Mostly compatible with Arduino WiFi shield library and standard + WiFiClient/ServerSecure (except for certificate handling). + + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + + +#ifndef wificlientbearssl_h +#define wificlientbearssl_h +#include "WiFiClient.h" +#include +#include "BearSSLHelpers.h" +#include "CertStoreBearSSL.h" + +class WiFiClientBearSSL : public WiFiClient { + public: + WiFiClientBearSSL(); + ~WiFiClientBearSSL() override; + + int connect(IPAddress ip, uint16_t port) override; + int connect(const String host, uint16_t port) override; + int connect(const char* name, uint16_t port) override; + + uint8_t connected() override; + size_t write(const uint8_t *buf, size_t size) override; + size_t write_P(PGM_P buf, size_t size) override; + size_t write(const char *buf) { + return write((const uint8_t*)buf, strlen(buf)); + } + size_t write_P(const char *buf) { + return write_P((PGM_P)buf, strlen_P(buf)); + } + size_t write(Stream& stream); // Note this is not virtual + int read(uint8_t *buf, size_t size) override; + int available() override; + int read() override; + int peek() override; + size_t peekBytes(uint8_t *buffer, size_t length) override; + void stop() override; + void flush() override; + + // Don't validate the chain, just accept whatever is given. VERY INSECURE! + void setInsecure() { + _use_insecure = true; + } + // Assume a given public key, don't validate or use cert info at all + void setKnownKey(const BearSSLPublicKey *pk, unsigned usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN) { + _knownkey = pk; + _knownkey_usages = usages; + } + // Only check SHA1 fingerprint of certificate + void setFingerprint(const uint8_t fingerprint[20]) { + _use_fingerprint = true; + memcpy_P(_fingerprint, fingerprint, 20); + } + // Accept any certificate that's self-signed + void allowSelfSignedCerts() { + _use_self_signed = true; + } + // Install certificates of trusted CAs or specific site + void setTrustAnchors(const BearSSLX509List *ta) { + _ta = ta; + } + // In cases when NTP is not used, app must set a time manually to check cert validity + void setX509Time(time_t now) { + _now = now; + } + // Install a client certificate for this connection, in case the server requires it (i.e. MQTT) + void setClientRSACert(const BearSSLX509List *cert, const BearSSLPrivateKey *sk); + void setClientECCert(const BearSSLX509List *cert, const BearSSLPrivateKey *sk, + unsigned allowed_usages, unsigned cert_issuer_key_type); + + // Sets the requested buffer size for transmit and receive + void setBufferSizes(int recv, int xmit); + + // Return an error code and possibly a text string in a passed-in buffer with last SSL failure + int getLastSSLError(char *dest = NULL, size_t len = 0); + + // Attach a preconfigured certificate store + void setCertStore(CertStoreBearSSL *certStore) { + _certStore = certStore; + } + + // Check for Maximum Fragment Length support for given len + static bool probeMaxFragmentLength(IPAddress ip, uint16_t port, uint16_t len); + static bool probeMaxFragmentLength(const char *hostname, uint16_t port, uint16_t len); + static bool probeMaxFragmentLength(const String host, uint16_t port, uint16_t len); + + + private: + void _clear(); + void _clearAuthenticationSettings(); + // Only one of the following two should ever be != nullptr! + std::shared_ptr _sc; + std::shared_ptr _sc_svr; + inline bool ctx_present() { + return (_sc != nullptr) || (_sc_svr != nullptr); + } + br_ssl_engine_context *_eng; // &_sc->eng, to allow for client or server contexts + std::shared_ptr _x509_minimal; + std::shared_ptr _x509_insecure; + std::shared_ptr _x509_knownkey; + std::shared_ptr _iobuf_in; + std::shared_ptr _iobuf_out; + time_t _now; + const BearSSLX509List *_ta; + CertStoreBearSSL *_certStore; + int _iobuf_in_size; + int _iobuf_out_size; + bool _handshake_done; + bool _oom_err; + + bool _use_insecure; + bool _use_fingerprint; + uint8_t _fingerprint[20]; + bool _use_self_signed; + const BearSSLPublicKey *_knownkey; + unsigned _knownkey_usages; + + unsigned char *_recvapp_buf; + size_t _recvapp_len; + + bool _clientConnected(); // Is the underlying socket alive? + bool _connectSSL(const char *hostName); // Do initial SSL handshake + void _freeSSL(); + int _run_until(unsigned target, bool blocking = true); + size_t _write(const uint8_t *buf, size_t size, bool pmem); + bool _wait_for_handshake(); // Sets and return the _handshake_done after connecting + + // Optional client certificate + const BearSSLX509List *_chain; + const BearSSLPrivateKey *_sk; + unsigned _allowed_usages; + unsigned _cert_issuer_key_type; + + // Methods for handling server.available() call which returns a client connection. + friend class WiFiServerBearSSL; // Server needs to access these constructors + WiFiClientBearSSL(ClientContext *client, const BearSSLX509List *chain, unsigned cert_issuer_key_type, + const BearSSLPrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta); + WiFiClientBearSSL(ClientContext* client, const BearSSLX509List *chain, const BearSSLPrivateKey *sk, + int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta); + + // RSA keyed server + bool _connectSSLServerRSA(const BearSSLX509List *chain, const BearSSLPrivateKey *sk, const BearSSLX509List *client_CA_ta); + // EC keyed server + bool _connectSSLServerEC(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk, + const BearSSLX509List *client_CA_ta); + + // X.509 validators differ from server to client + bool _installClientX509Validator(); // Set up X509 validator for a client conn. + bool _installServerX509Validator(const BearSSLX509List *client_CA_ta); // Setup X509 client cert validation, if supplied + + private: + // Single memory buffer used for BearSSL auxilliary stack, insead of growing main Arduino stack for all apps + static std::shared_ptr _bearssl_stack; + // The local copy, only used to enable a reference count + std::shared_ptr _local_bearssl_stack; +}; +#endif diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp index 8a7d71e99f..02ddac5795 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp @@ -564,6 +564,30 @@ size_t WiFiClientSecure::write_P(PGM_P buf, size_t size) return write(copy, size); } +// The axTLS bare libs don't understand anything about Arduino Streams, +// so we have to manually read and send individual chunks. +size_t WiFiClientSecure::write(Stream& stream) +{ + size_t totalSent = 0; + size_t countRead; + size_t countSent; + if (!_ssl) + { + return 0; + } + do { + uint8_t temp[256]; // Temporary chunk size same as ClientContext + countSent = 0; + countRead = stream.readBytes(temp, sizeof(temp)); + if (countRead) { + countSent = write(temp, countRead); + totalSent += countSent; + } + yield(); // Feed the WDT + } while ( (countSent == countRead) && (countSent > 0) ); + return totalSent; +} + int WiFiClientSecure::read(uint8_t *buf, size_t size) { if (!_ssl) { diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.h b/libraries/ESP8266WiFi/src/WiFiClientSecure.h index 73ec587f1d..7047fdfec0 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.h @@ -43,6 +43,7 @@ class WiFiClientSecure : public WiFiClient { uint8_t connected() override; size_t write(const uint8_t *buf, size_t size) override; size_t write_P(PGM_P buf, size_t size) override; + size_t write(Stream& stream); // Note this is not virtual int read(uint8_t *buf, size_t size) override; int available() override; int read() override; diff --git a/libraries/ESP8266WiFi/src/WiFiServerBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiServerBearSSL.cpp new file mode 100644 index 0000000000..b10b759daf --- /dev/null +++ b/libraries/ESP8266WiFi/src/WiFiServerBearSSL.cpp @@ -0,0 +1,89 @@ +/* + WiFiServerBearSSL.cpp - SSL server for esp8266, mostly compatible + with Arduino WiFi shield library + + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#define LWIP_INTERNAL + +extern "C" { +#include "osapi.h" +#include "ets_sys.h" +} + +#include "debug.h" +#include "ESP8266WiFi.h" +#include "WiFiClient.h" +#include "WiFiServer.h" +#include "lwip/opt.h" +#include "lwip/tcp.h" +#include "lwip/inet.h" +#include "include/ClientContext.h" +#include "WiFiServerBearSSL.h" + +// Only need to call the standard server constructor +WiFiServerBearSSL::WiFiServerBearSSL(IPAddress addr, uint16_t port) : WiFiServer(addr, port) { +} + +// Only need to call the standard server constructor +WiFiServerBearSSL::WiFiServerBearSSL(uint16_t port) : WiFiServer(port) { +} + +// Specify a RSA-signed certificate and key for the server. Only copies the pointer, the +// caller needs to preserve this chain and key for the life of the object. +void WiFiServerBearSSL::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) { + _chain = chain; + _sk = sk; +} + +// Specify a EC-signed certificate and key for the server. Only copies the pointer, the +// caller needs to preserve this chain and key for the life of the object. +void WiFiServerBearSSL::setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk) { + _chain = chain; + _cert_issuer_key_type = cert_issuer_key_type; + _sk = sk; +} + +// Return a client if there's an available connection waiting. If one is returned, +// then any validation (i.e. client cert checking) will have succeeded. +WiFiClientBearSSL WiFiServerBearSSL::available(uint8_t* status) { + (void) status; // Unused + if (_unclaimed) { + if (_sk && _sk->isRSA()) { + WiFiClientBearSSL result(_unclaimed, _chain, _sk, _iobuf_in_size, _iobuf_out_size, _client_CA_ta); + _unclaimed = _unclaimed->next(); + result.setNoDelay(_noDelay); + DEBUGV("WS:av\r\n"); + return result; + } else if (_sk && _sk->isEC()) { + WiFiClientBearSSL result(_unclaimed, _chain, _cert_issuer_key_type, _sk, _iobuf_in_size, _iobuf_out_size, _client_CA_ta); + _unclaimed = _unclaimed->next(); + result.setNoDelay(_noDelay); + DEBUGV("WS:av\r\n"); + return result; + } else { + // No key was defined, so we can't actually accept and attempt accept() and SSL handshake. + DEBUGV("WS:nokey\r\n"); + } + } + + // Something weird, return a no-op object + optimistic_yield(1000); + return WiFiClientBearSSL(); +} + diff --git a/libraries/ESP8266WiFi/src/WiFiServerBearSSL.h b/libraries/ESP8266WiFi/src/WiFiServerBearSSL.h new file mode 100644 index 0000000000..646f79516f --- /dev/null +++ b/libraries/ESP8266WiFi/src/WiFiServerBearSSL.h @@ -0,0 +1,68 @@ +/* + WiFiServerBearSSL.h - Library for Arduino ESP8266 + Copyright (c) 2018 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#ifndef wifiserverbearssl_h +#define wifiserverbearssl_h + +#include "WiFiServer.h" +#include "WiFiClientBearSSL.h" +#include "BearSSLHelpers.h" +#include + +class WiFiClientBearSSL; + +class WiFiServerBearSSL : public WiFiServer { + public: + WiFiServerBearSSL(IPAddress addr, uint16_t port); + WiFiServerBearSSL(uint16_t port); + virtual ~WiFiServerBearSSL() {} + + // Override the default buffer sizes, if you know what you're doing... + void setBufferSizes(int recv, int xmit) { + _iobuf_in_size = recv; + _iobuf_out_size = xmit; + } + + // Set the server's RSA key and x509 certificate (required, pick one). + // Caller needs to preserve the chain and key throughout the life of the server. + void setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk); + // Set the server's EC key and x509 certificate (required, pick one) + // Caller needs to preserve the chain and key throughout the life of the server. + void setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk); + + // Require client certificates validated against the passed in x509 trust anchor + // Caller needs to preserve the cert throughout the life of the server. + void setClientTrustAnchor(const BearSSLX509List *client_CA_ta) { + _client_CA_ta = client_CA_ta; + } + + // If awaiting connection available and authenticated (i.e. client cert), return it. + WiFiClientBearSSL available(uint8_t* status = NULL); + + private: + const BearSSLX509List *_chain = nullptr; + unsigned _cert_issuer_key_type = 0; + const BearSSLPrivateKey *_sk = nullptr; + int _iobuf_in_size = BR_SSL_BUFSIZE_INPUT; + int _iobuf_out_size = 837; + const BearSSLX509List *_client_CA_ta = nullptr; +}; + +#endif + diff --git a/libraries/ESP8266WiFi/src/include/DataSource.h b/libraries/ESP8266WiFi/src/include/DataSource.h index 7f399a0584..2a0bfed260 100644 --- a/libraries/ESP8266WiFi/src/include/DataSource.h +++ b/libraries/ESP8266WiFi/src/include/DataSource.h @@ -31,14 +31,14 @@ class BufferDataSource : public DataSource { const uint8_t* get_buffer(size_t size) override { - (void) size; + (void)size; assert(_pos + size <= _size); return _data + _pos; } void release_buffer(const uint8_t* buffer, size_t size) override { - (void) buffer; + (void)buffer; assert(buffer == _data + _pos); _pos += size; } @@ -66,28 +66,65 @@ class BufferedStreamDataSource : public DataSource { const uint8_t* get_buffer(size_t size) override { assert(_pos + size <= _size); - if (_bufferSize < size) { - _buffer.reset(new uint8_t[size]); - _bufferSize = size; + + //Data that was already read from the stream but not released (e.g. if tcp_write error occured). Otherwise this should be 0. + const size_t stream_read = _streamPos - _pos; + + //Min required buffer size: max(requested size, previous stream data already in buffer) + const size_t min_buffer_size = size > stream_read ? size : stream_read; + + //Buffer too small? + if (_bufferSize < min_buffer_size) { + uint8_t *new_buffer = new uint8_t[min_buffer_size]; + //If stream reading is ahead, than some data is already in the old buffer and needs to be copied to new resized buffer + if (_buffer && stream_read > 0) { + memcpy(new_buffer, _buffer.get(), stream_read); + } + _buffer.reset(new_buffer); + _bufferSize = min_buffer_size; + } + + //Fetch remaining data from stream + //If error in tcp_write in ClientContext::_write_some() occured earlier and therefore release_buffer was not called last time, than the requested stream data is already in the buffer. + if (size > stream_read) { + //Remaining bytes to read from stream + const size_t stream_rem = size - stream_read; + const size_t cb = _stream.readBytes(reinterpret_cast(_buffer.get() + stream_read), stream_rem); + assert(cb == stream_rem); + (void)cb; + _streamPos += stream_rem; } - size_t cb = _stream.readBytes(reinterpret_cast(_buffer.get()), size); - assert(cb == size); - (void) cb; return _buffer.get(); + } void release_buffer(const uint8_t* buffer, size_t size) override { - (void) buffer; - _pos += size; + if (size == 0) { + return; + } + + (void)buffer; + _pos += size; + + //Cannot release more than acquired through get_buffer + assert(_pos <= _streamPos); + + //Release less than requested with get_buffer? + if (_pos < _streamPos) { + // Move unreleased stream data in buffer to front + assert(_buffer); + memmove(_buffer.get(), _buffer.get() + size, _streamPos - _pos); + } } protected: - TStream& _stream; + TStream & _stream; std::unique_ptr _buffer; size_t _size; size_t _pos = 0; size_t _bufferSize = 0; + size_t _streamPos = 0; }; class ProgmemStream @@ -104,7 +141,7 @@ class ProgmemStream size_t will_read = (_left < size) ? _left : size; memcpy_P((void*)dst, (PGM_VOID_P)_buf, will_read); _left -= will_read; - _buf += will_read; + _buf += will_read; return will_read; } diff --git a/libraries/ESP8266WiFi/src/include/UdpContext.h b/libraries/ESP8266WiFi/src/include/UdpContext.h index d84ef31ff8..2a6310a76e 100644 --- a/libraries/ESP8266WiFi/src/include/UdpContext.h +++ b/libraries/ESP8266WiFi/src/include/UdpContext.h @@ -27,6 +27,7 @@ extern "C" { void esp_yield(); void esp_schedule(); #include "lwip/init.h" // LWIP_VERSION_ +#include } @@ -143,6 +144,21 @@ class UdpContext return _rx_buf->len - _rx_buf_offset; } + size_t tell() const + { + return _rx_buf_offset; + } + + void seek(const size_t pos) + { + assert(isValidOffset(pos)); + _rx_buf_offset = pos; + } + + bool isValidOffset(const size_t pos) const { + return (pos <= _rx_buf->len); + } + uint32_t getRemoteAddress() { if (!_rx_buf) @@ -203,7 +219,7 @@ class UdpContext int read() { - if (!_rx_buf || _rx_buf_offset == _rx_buf->len) + if (!_rx_buf || _rx_buf_offset >= _rx_buf->len) return -1; char c = reinterpret_cast(_rx_buf->payload)[_rx_buf_offset]; @@ -361,6 +377,9 @@ class UdpContext void _consume(size_t size) { _rx_buf_offset += size; + if (_rx_buf_offset > _rx_buf->len) { + _rx_buf_offset = _rx_buf->len; + } } void _recv(udp_pcb *upcb, pbuf *pb, diff --git a/libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.cpp b/libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.cpp index f08aa1edec..9e0e11b8f4 100644 --- a/libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.cpp +++ b/libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.cpp @@ -59,6 +59,14 @@ HTTPUpdateResult ESP8266HTTPUpdate::update(const String& url, const String& curr return handleUpdate(http, currentVersion, false); } +HTTPUpdateResult ESP8266HTTPUpdate::update(const String& url, const String& currentVersion, + const uint8_t httpsFingerprint[20]) +{ + HTTPClient http; + http.begin(url, httpsFingerprint); + return handleUpdate(http, currentVersion, false); +} + HTTPUpdateResult ESP8266HTTPUpdate::updateSpiffs(const String& url, const String& currentVersion, const String& httpsFingerprint) { HTTPClient http; @@ -66,6 +74,13 @@ HTTPUpdateResult ESP8266HTTPUpdate::updateSpiffs(const String& url, const String return handleUpdate(http, currentVersion, true); } +HTTPUpdateResult ESP8266HTTPUpdate::updateSpiffs(const String& url, const String& currentVersion, const uint8_t httpsFingerprint[20]) +{ + HTTPClient http; + http.begin(url, httpsFingerprint); + return handleUpdate(http, currentVersion, true); +} + HTTPUpdateResult ESP8266HTTPUpdate::updateSpiffs(const String& url, const String& currentVersion) { HTTPClient http; @@ -92,13 +107,21 @@ HTTPUpdateResult ESP8266HTTPUpdate::update(const String& host, uint16_t port, co http.begin(host, port, uri); return handleUpdate(http, currentVersion, false); } + HTTPUpdateResult ESP8266HTTPUpdate::update(const String& host, uint16_t port, const String& url, const String& currentVersion, const String& httpsFingerprint) { HTTPClient http; http.begin(host, port, url, httpsFingerprint); return handleUpdate(http, currentVersion, false); +} +HTTPUpdateResult ESP8266HTTPUpdate::update(const String& host, uint16_t port, const String& url, + const String& currentVersion, const uint8_t httpsFingerprint[20]) +{ + HTTPClient http; + http.begin(host, port, url, httpsFingerprint); + return handleUpdate(http, currentVersion, false); } /** diff --git a/libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.h b/libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.h index 0413f4656a..44f7f42f83 100644 --- a/libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.h +++ b/libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.h @@ -77,6 +77,8 @@ class ESP8266HTTPUpdate t_httpUpdate_return update(const String& url, const String& currentVersion = ""); t_httpUpdate_return update(const String& url, const String& currentVersion, const String& httpsFingerprint); + t_httpUpdate_return update(const String& url, const String& currentVersion, + const uint8_t httpsFingerprint[20]); // BearSSL // This function is deprecated, use one of the overloads below along with rebootOnUpdate t_httpUpdate_return update(const String& host, uint16_t port, const String& uri, const String& currentVersion, @@ -86,12 +88,15 @@ class ESP8266HTTPUpdate const String& currentVersion = ""); t_httpUpdate_return update(const String& host, uint16_t port, const String& url, const String& currentVersion, const String& httpsFingerprint); + t_httpUpdate_return update(const String& host, uint16_t port, const String& url, + const String& currentVersion, const uint8_t httpsFingerprint[20]); // BearSSL // This function is deprecated, use rebootOnUpdate and the next one instead t_httpUpdate_return updateSpiffs(const String& url, const String& currentVersion, const String& httpsFingerprint, bool reboot) __attribute__((deprecated)); t_httpUpdate_return updateSpiffs(const String& url, const String& currentVersion = ""); t_httpUpdate_return updateSpiffs(const String& url, const String& currentVersion, const String& httpsFingerprint); + t_httpUpdate_return updateSpiffs(const String& url, const String& currentVersion, const uint8_t httpsFingerprint[20]); // BearSSL int getLastError(void); diff --git a/libraries/ESP8266mDNS/ESP8266mDNS.cpp b/libraries/ESP8266mDNS/ESP8266mDNS.cpp index ffed5ff2a5..e155c9387a 100644 --- a/libraries/ESP8266mDNS/ESP8266mDNS.cpp +++ b/libraries/ESP8266mDNS/ESP8266mDNS.cpp @@ -542,15 +542,33 @@ void MDNSResponder::_parsePacket(){ while (numAnswers--) { // Read name stringsRead = 0; + size_t last_bufferpos = 0; do { tmp8 = _conn_read8(); - if (tmp8 & 0xC0) { // Compressed pointer (not supported) - tmp8 = _conn_read8(); - break; - } if (tmp8 == 0x00) { // End of name break; } + if (tmp8 & 0xC0) { // Compressed pointer + uint16_t offset = ((((uint16_t)tmp8) & ~0xC0) << 8) | _conn_read8(); + if (_conn->isValidOffset(offset)) { + last_bufferpos = _conn->tell(); +#ifdef DEBUG_ESP_MDNS_RX + DEBUG_ESP_PORT.print("Compressed pointer, jumping from "); + DEBUG_ESP_PORT.print(last_bufferpos); + DEBUG_ESP_PORT.print(" to "); + DEBUG_ESP_PORT.println(offset); +#endif + _conn->seek(offset); + tmp8 = _conn_read8(); + } + else { +#ifdef DEBUG_ESP_MDNS_RX + DEBUG_ESP_PORT.print("Skipping malformed compressed pointer"); +#endif + tmp8 = _conn_read8(); + break; + } + } if(stringsRead > 3){ #ifdef DEBUG_ESP_MDNS_RX DEBUG_ESP_PORT.println("failed to read the response name"); @@ -577,6 +595,14 @@ void MDNSResponder::_parsePacket(){ } stringsRead++; } while (true); + if (last_bufferpos > 0) + { + _conn->seek(last_bufferpos); +#ifdef DEBUG_ESP_MDNS_RX + DEBUG_ESP_PORT.print("Compressed pointer, jumping back to "); + DEBUG_ESP_PORT.println(last_bufferpos); +#endif + } uint16_t answerType = _conn_read16(); // Read type uint16_t answerClass = _conn_read16(); // Read class @@ -635,33 +661,55 @@ void MDNSResponder::_parsePacket(){ uint16_t answerPrio = _conn_read16(); // Read priority uint16_t answerWeight = _conn_read16(); // Read weight answerPort = _conn_read16(); // Read port + last_bufferpos = 0; (void) answerPrio; (void) answerWeight; // Read hostname tmp8 = _conn_read8(); - if (tmp8 & 0xC0) { // Compressed pointer (not supported) + if (tmp8 & 0xC0) { // Compressed pointer + uint16_t offset = ((((uint16_t)tmp8) & ~0xC0) << 8) | _conn_read8(); + if (_conn->isValidOffset(offset)) { + last_bufferpos = _conn->tell(); #ifdef DEBUG_ESP_MDNS_RX - DEBUG_ESP_PORT.println("Skipping compressed pointer"); + DEBUG_ESP_PORT.print("Compressed pointer, jumping from "); + DEBUG_ESP_PORT.print(last_bufferpos); + DEBUG_ESP_PORT.print(" to "); + DEBUG_ESP_PORT.println(offset); #endif - tmp8 = _conn_read8(); - } - - else { - _conn_readS(answerHostName, tmp8); - answerHostName[tmp8] = '\0'; -#ifdef DEBUG_ESP_MDNS_RX - DEBUG_ESP_PORT.printf("SRV %d ", tmp8); - for (int n = 0; n < tmp8; n++) { - DEBUG_ESP_PORT.printf("%02x ", answerHostName[n]); + _conn->seek(offset); + tmp8 = _conn_read8(); } - DEBUG_ESP_PORT.printf("\n%s\n", answerHostName); + else { +#ifdef DEBUG_ESP_MDNS_RX + DEBUG_ESP_PORT.print("Skipping malformed compressed pointer"); #endif - if (answerRdlength - (6 + 1 + tmp8) > 0) { // Skip any remaining rdata - _conn_readS(hostName, answerRdlength - (6 + 1 + tmp8)); + tmp8 = _conn_read8(); + break; } } + _conn_readS(answerHostName, tmp8); + answerHostName[tmp8] = '\0'; +#ifdef DEBUG_ESP_MDNS_RX + DEBUG_ESP_PORT.printf("SRV %d ", tmp8); + for (int n = 0; n < tmp8; n++) { + DEBUG_ESP_PORT.printf("%02x ", answerHostName[n]); + } + DEBUG_ESP_PORT.printf("\n%s\n", answerHostName); +#endif + if (last_bufferpos > 0) + { + _conn->seek(last_bufferpos); + tmp8 = 2; // Size of compression octets +#ifdef DEBUG_ESP_MDNS_RX + DEBUG_ESP_PORT.print("Compressed pointer, jumping back to "); + DEBUG_ESP_PORT.println(last_bufferpos); +#endif + } + if (answerRdlength - (6 + 1 + tmp8) > 0) { // Skip any remaining rdata + _conn_readS(hostName, answerRdlength - (6 + 1 + tmp8)); + } } else if (answerType == MDNS_TYPE_A) { @@ -675,7 +723,7 @@ void MDNSResponder::_parsePacket(){ DEBUG_ESP_PORT.printf("Ignoring unsupported type %02x\n", tmp8); #endif for (int n = 0; n < answerRdlength; n++) - (void)_conn_read8(); + (void)_conn_read8(); } if ((partsCollected == 0x0F) && serviceMatch) { diff --git a/libraries/ESP8266mDNS/ESP8266mDNS.h b/libraries/ESP8266mDNS/ESP8266mDNS.h index 37874194ec..505f90c46f 100644 --- a/libraries/ESP8266mDNS/ESP8266mDNS.h +++ b/libraries/ESP8266mDNS/ESP8266mDNS.h @@ -81,11 +81,11 @@ class MDNSResponder { } bool addServiceTxt(char *name, char *proto, char * key, char * value); - void addServiceTxt(const char *name, const char *proto, const char *key,const char * value){ - addServiceTxt((char *)name, (char *)proto, (char *)key, (char *)value); + bool addServiceTxt(const char *name, const char *proto, const char *key,const char * value){ + return addServiceTxt((char *)name, (char *)proto, (char *)key, (char *)value); } - void addServiceTxt(String name, String proto, String key, String value){ - addServiceTxt(name.c_str(), proto.c_str(), key.c_str(), value.c_str()); + bool addServiceTxt(String name, String proto, String key, String value){ + return addServiceTxt(name.c_str(), proto.c_str(), key.c_str(), value.c_str()); } int queryService(char *service, char *proto); diff --git a/libraries/SPI/SPI.cpp b/libraries/SPI/SPI.cpp index de528e0b59..68be7d6c00 100644 --- a/libraries/SPI/SPI.cpp +++ b/libraries/SPI/SPI.cpp @@ -380,7 +380,7 @@ void SPIClass::write32(uint32_t data, bool msb) { * @param data uint8_t * * @param size uint32_t */ -void SPIClass::writeBytes(uint8_t * data, uint32_t size) { +void SPIClass::writeBytes(const uint8_t * data, uint32_t size) { while(size) { if(size > 64) { writeBytes_(data, 64); @@ -393,13 +393,13 @@ void SPIClass::writeBytes(uint8_t * data, uint32_t size) { } } -void SPIClass::writeBytes_(uint8_t * data, uint8_t size) { +void SPIClass::writeBytes_(const uint8_t * data, uint8_t size) { while(SPI1CMD & SPIBUSY) {} // Set Bits to transfer setDataBits(size * 8); uint32_t * fifoPtr = (uint32_t*)&SPI1W0; - uint32_t * dataPtr = (uint32_t*) data; + const uint32_t * dataPtr = (uint32_t*) data; uint32_t dataSize = ((size + 3) / 4); while(dataSize--) { @@ -418,14 +418,14 @@ void SPIClass::writeBytes_(uint8_t * data, uint8_t size) { * @param size uint8_t max for size is 64Byte * @param repeat uint32_t */ -void SPIClass::writePattern(uint8_t * data, uint8_t size, uint32_t repeat) { +void SPIClass::writePattern(const uint8_t * data, uint8_t size, uint32_t repeat) { if(size > 64) return; //max Hardware FIFO while(SPI1CMD & SPIBUSY) {} uint32_t buffer[16]; uint8_t *bufferPtr=(uint8_t *)&buffer; - uint8_t *dataPtr = data; + const uint8_t *dataPtr = data; volatile uint32_t * fifoPtr = &SPI1W0; uint8_t r; uint32_t repeatRem; @@ -497,7 +497,7 @@ void SPIClass::writePattern(uint8_t * data, uint8_t size, uint32_t repeat) { * @param in uint8_t * * @param size uint32_t */ -void SPIClass::transferBytes(uint8_t * out, uint8_t * in, uint32_t size) { +void SPIClass::transferBytes(const uint8_t * out, uint8_t * in, uint32_t size) { while(size) { if(size > 64) { transferBytes_(out, in, 64); @@ -511,7 +511,7 @@ void SPIClass::transferBytes(uint8_t * out, uint8_t * in, uint32_t size) { } } -void SPIClass::transferBytes_(uint8_t * out, uint8_t * in, uint8_t size) { +void SPIClass::transferBytes_(const uint8_t * out, uint8_t * in, uint8_t size) { while(SPI1CMD & SPIBUSY) {} // Set in/out Bits to transfer diff --git a/libraries/SPI/SPI.h b/libraries/SPI/SPI.h index c7e2ae4e7b..7d1fe15592 100644 --- a/libraries/SPI/SPI.h +++ b/libraries/SPI/SPI.h @@ -69,15 +69,15 @@ class SPIClass { void write16(uint16_t data, bool msb); void write32(uint32_t data); void write32(uint32_t data, bool msb); - void writeBytes(uint8_t * data, uint32_t size); - void writePattern(uint8_t * data, uint8_t size, uint32_t repeat); - void transferBytes(uint8_t * out, uint8_t * in, uint32_t size); + void writeBytes(const uint8_t * data, uint32_t size); + void writePattern(const uint8_t * data, uint8_t size, uint32_t repeat); + void transferBytes(const uint8_t * out, uint8_t * in, uint32_t size); void endTransaction(void); private: bool useHwCs; uint8_t pinSet; - void writeBytes_(uint8_t * data, uint8_t size); - void transferBytes_(uint8_t * out, uint8_t * in, uint8_t size); + void writeBytes_(const uint8_t * data, uint8_t size); + void transferBytes_(const uint8_t * out, uint8_t * in, uint8_t size); inline void setDataBits(uint16_t bits); }; diff --git a/libraries/SPISlave/src/SPISlave.cpp b/libraries/SPISlave/src/SPISlave.cpp index bc03e4b3f6..a88915b518 100644 --- a/libraries/SPISlave/src/SPISlave.cpp +++ b/libraries/SPISlave/src/SPISlave.cpp @@ -72,6 +72,14 @@ void SPISlaveClass::begin() hspi_slave_onStatusSent(&_s_status_tx); hspi_slave_begin(4, this); } +void SPISlaveClass::end() +{ + hspi_slave_onData(nullptr); + hspi_slave_onDataSent(nullptr); + hspi_slave_onStatus(nullptr); + hspi_slave_onStatusSent(nullptr); + hspi_slave_end(); +} void SPISlaveClass::setData(uint8_t * data, size_t len) { if(len > 32) { diff --git a/libraries/SPISlave/src/SPISlave.h b/libraries/SPISlave/src/SPISlave.h index 92936c9896..a52495cf9c 100644 --- a/libraries/SPISlave/src/SPISlave.h +++ b/libraries/SPISlave/src/SPISlave.h @@ -52,6 +52,7 @@ class SPISlaveClass {} ~SPISlaveClass() {} void begin(); + void end(); void setData(uint8_t * data, size_t len); void setData(const char * data) { diff --git a/libraries/SPISlave/src/hspi_slave.c b/libraries/SPISlave/src/hspi_slave.c index ce06e99f7b..66199b4070 100644 --- a/libraries/SPISlave/src/hspi_slave.c +++ b/libraries/SPISlave/src/hspi_slave.c @@ -97,6 +97,23 @@ void hspi_slave_begin(uint8_t status_len, void * arg) ETS_SPI_INTR_ENABLE(); } +void hspi_slave_end() +{ + ETS_SPI_INTR_DISABLE(); + ETS_SPI_INTR_ATTACH(NULL, NULL); + + pinMode(SS, INPUT); + pinMode(SCK, INPUT); + pinMode(MISO, INPUT); + pinMode(MOSI, INPUT); + + // defaults + SPI1S = 0; + SPI1U = SPIUSSE | SPIUCOMMAND; + SPI1S1 = 0; + SPI1P = B110; +} + void hspi_slave_setStatus(uint32_t status) { SPI1WS = status; diff --git a/libraries/SPISlave/src/hspi_slave.h b/libraries/SPISlave/src/hspi_slave.h index 55eeb76333..783c4b4a43 100644 --- a/libraries/SPISlave/src/hspi_slave.h +++ b/libraries/SPISlave/src/hspi_slave.h @@ -26,6 +26,9 @@ //Start SPI SLave void hspi_slave_begin(uint8_t status_len, void * arg); +//End SPI SLave +void hspi_slave_end(); + //set the status register so the master can read it void hspi_slave_setStatus(uint32_t status); diff --git a/platform.txt b/platform.txt index e27c30db05..40aec487e1 100644 --- a/platform.txt +++ b/platform.txt @@ -38,7 +38,7 @@ compiler.S.flags=-c -g -x assembler-with-cpp -MMD -mlongcalls compiler.c.elf.flags=-g {compiler.warning_flags} -Os -nostdlib -Wl,--no-check-sections -u call_user_start {build.float} -Wl,-static "-L{compiler.sdk.path}/lib" "-L{compiler.sdk.path}/ld" "-L{compiler.libc.path}/lib" "-T{build.flash_ld}" -Wl,--gc-sections -Wl,-wrap,system_restart_local -Wl,-wrap,spi_flash_read compiler.c.elf.cmd=xtensa-lx106-elf-gcc -compiler.c.elf.libs=-lhal -lphy -lpp -lnet80211 {build.lwip_lib} -lwpa -lcrypto -lmain -lwps -laxtls -lespnow -lsmartconfig -lairkiss -lwpa2 -lstdc++ -lm -lc -lgcc +compiler.c.elf.libs=-lhal -lphy -lpp -lnet80211 {build.lwip_lib} -lwpa -lcrypto -lmain -lwps -lbearssl -laxtls -lespnow -lsmartconfig -lairkiss -lwpa2 -lstdc++ -lm -lc -lgcc compiler.cpp.cmd=xtensa-lx106-elf-g++ compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-exceptions -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections @@ -89,7 +89,7 @@ recipe.S.o.pattern="{compiler.path}{compiler.c.cmd}" {compiler.cpreprocessor.fla recipe.ar.pattern="{compiler.path}{compiler.ar.cmd}" {compiler.ar.flags} {compiler.ar.extra_flags} "{build.path}/arduino.ar" "{object_file}" ## Combine gc-sections, archives, and objects -recipe.c.combine.pattern="{compiler.path}{compiler.c.elf.cmd}" {compiler.c.elf.flags} {compiler.c.elf.extra_flags} -o "{build.path}/{build.project_name}.elf" -Wl,--start-group {object_files} "{build.path}/arduino.ar" {compiler.c.elf.libs} -Wl,--end-group "-L{build.path}" +recipe.c.combine.pattern="{compiler.path}{compiler.c.elf.cmd}" -Wl,-Map "-Wl,{build.path}/{build.project_name}.map" {compiler.c.elf.flags} {compiler.c.elf.extra_flags} -o "{build.path}/{build.project_name}.elf" -Wl,--start-group {object_files} "{build.path}/arduino.ar" {compiler.c.elf.libs} -Wl,--end-group "-L{build.path}" ## Create eeprom recipe.objcopy.eep.pattern= diff --git a/sigma_delta.h b/sigma_delta.h deleted file mode 100644 index 6ed66191d5..0000000000 --- a/sigma_delta.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - sigma_delta.h - esp8266 sigma-delta source - - Copyright (c) 2014 Ivan Grokhotkov. All rights reserved. - This file is part of the esp8266 core for Arduino environment. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ - - /* -/****************************************************************************** - * Info Sigma delta module - -This module controls the esp8266 internal sigma delta source -Each pin can be connected to the sigma delta source -The target duty and frequency can be modified via the register GPIO_SIGMA_DELTA - -THE TARGET FREQUENCY IS DEFINED AS: - -FREQ = 80,000,000/prescaler * target /256 HZ, 0size.log export ARDUINO_IDE_PATH=$arduino diff --git a/tests/device/libraries/BSTest/Makefile b/tests/device/libraries/BSTest/Makefile index b638bb4fed..c4216d9eb9 100644 --- a/tests/device/libraries/BSTest/Makefile +++ b/tests/device/libraries/BSTest/Makefile @@ -11,10 +11,10 @@ clean: $(PYTHON_ENV_DIR): virtualenv --no-site-packages $(PYTHON_ENV_DIR) - source $(PYTHON_ENV_DIR)/bin/activate && pip install -r requirements.txt + . $(PYTHON_ENV_DIR)/bin/activate && pip install -r requirements.txt test: $(TEST_EXECUTABLE) $(PYTHON_ENV_DIR) - source $(PYTHON_ENV_DIR)/bin/activate && python runner.py -e $(TEST_EXECUTABLE) + . $(PYTHON_ENV_DIR)/bin/activate && python runner.py -e $(TEST_EXECUTABLE) $(TEST_EXECUTABLE): test/test.cpp g++ -std=c++11 -Isrc -o $@ test/test.cpp diff --git a/tests/device/libraries/BSTest/runner.py b/tests/device/libraries/BSTest/runner.py index d4e534af0a..e12b427118 100644 --- a/tests/device/libraries/BSTest/runner.py +++ b/tests/device/libraries/BSTest/runner.py @@ -32,6 +32,7 @@ class BSTestRunner(object): FAIL = 1 TIMEOUT = 2 CRASH = 3 + BEGINTIMEOUT = 4 def __init__(self, spawn_obj, name, mocks): self.sp = spawn_obj @@ -116,7 +117,7 @@ def run_test(self, index): time.sleep(0.1) timeout -= 0.1 if timeout <= 0: - raise 'test begin timeout' + return BSTestRunner.BEGINTIMEOUT while timeout > 0: res = self.sp.expect([r'>>>>>bs_test_check_failure line=(\d+)', r'>>>>>bs_test_end line=(\d+) result=(\d+) checks=(\d+) failed_checks=(\d+)', diff --git a/tests/device/test_ClientContext/test_ClientContext.ino b/tests/device/test_ClientContext/test_ClientContext.ino new file mode 100644 index 0000000000..ea6ea015dc --- /dev/null +++ b/tests/device/test_ClientContext/test_ClientContext.ino @@ -0,0 +1,94 @@ +#include +#include +#include +#include + +extern "C" { +#include "user_interface.h" +} + +BS_ENV_DECLARE(); + +// no need for #include +struct tcp_pcb; +extern struct tcp_pcb* tcp_tw_pcbs; +extern "C" void tcp_abort (struct tcp_pcb* pcb); + +void tcpCleanup (void) +{ + while (tcp_tw_pcbs) + tcp_abort(tcp_tw_pcbs); +} + +void setup() +{ + Serial.begin(115200); + Serial.setDebugOutput(true); + WiFi.persistent(false); + WiFi.mode(WIFI_STA); + WiFi.begin(STA_SSID, STA_PASS); + while (WiFi.status() != WL_CONNECTED) { + delay(500); + } + BS_RUN(Serial); +} + +TEST_CASE("WiFi release ClientContext", "[clientcontext]") +{ + #define MAXLOOPS 50 + #define SUCCESS_GOAL 10 + #define srv SERVER_IP + + WiFiClient client; + + Serial.print(srv); + + // look for reachable port on gateway + int port; + for (port = 8266; port <= 8285; port++) + if (client.connect(srv, port)) + { + client.stop(); + break; + } + if (port > 8285) + port = 0; + + Serial.printf(":%d\r\n", port); + + int loops = 0; + int success = 0; + + if (port) + { + tcpCleanup(); + int heapStart = ESP.getFreeHeap(); + int minHeap = heapStart / 2; + int heap = heapStart; + Serial.printf("heap: %d\r\n", heap); + + while (success < SUCCESS_GOAL && ++loops <= MAXLOOPS && (int)ESP.getFreeHeap() > minHeap) + if (client.connect(srv, port)) + { + client.stop(); + tcpCleanup(); + int newHeap = (int)ESP.getFreeHeap(); + Serial.printf("%03d %5d %d\r\n", loops, newHeap, newHeap - heap); + if (newHeap - heap == 0) + success++; + heap = newHeap; + } + + Serial.printf("heap: %d\r\n" + "loops: %d\r\nstable-loops: %d\r\n", + ESP.getFreeHeap(), + loops, + success); + } + + REQUIRE(success >= SUCCESS_GOAL); +} + +void loop() +{ +} diff --git a/tests/device/test_ClientContext/test_ClientContext.py b/tests/device/test_ClientContext/test_ClientContext.py new file mode 100644 index 0000000000..ae29bcd2fe --- /dev/null +++ b/tests/device/test_ClientContext/test_ClientContext.py @@ -0,0 +1,60 @@ +from mock_decorators import setup, teardown +from flask import Flask, request +from threading import Thread +import socket +import select +import sys +import os + +@setup('WiFi release ClientContext') +def setup_tcpsrv(e): + + global thread + + app = Flask(__name__) + + def run(): + + global running + + running = False + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + for port in range(8266, 8285 + 1): + try: + print >>sys.stderr, 'trying port', port + server_address = ("0.0.0.0", port) + sock.bind(server_address) + sock.listen(1) + running = True + break + except Exception: + print >>sys.stderr, 'busy' + if not running: + return + print >>sys.stderr, 'starting up on %s port %s' % server_address + print >>sys.stderr, 'waiting for connections' + while running: + print >>sys.stderr, 'loop' + readable, writable, errored = select.select([sock], [], [], 1.0) + if readable: + connection, client_address = sock.accept() + try: + print >>sys.stderr, 'client connected:', client_address + finally: + print >>sys.stderr, 'close' + connection.shutdown(socket.SHUT_RDWR) + connection.close() + + thread = Thread(target=run) + thread.start() + +@teardown('WiFi release ClientContext') +def teardown_tcpsrv(e): + + global thread + global running + + print >>sys.stderr, 'closing' + running = False + thread.join() + return 0 diff --git a/tools/boards.txt.py b/tools/boards.txt.py index 98311ef7cc..05ec1fffb9 100755 --- a/tools/boards.txt.py +++ b/tools/boards.txt.py @@ -934,9 +934,8 @@ def comb1 (lst): def all_debug (): listcomb = [ 'SSL', 'TLS_MEM', 'HTTP_CLIENT', 'HTTP_SERVER' ] - listnocomb = [ 'CORE', 'WIFI', 'HTTP_UPDATE', 'UPDATER', 'OTA' ] + listnocomb = [ 'CORE', 'WIFI', 'HTTP_UPDATE', 'UPDATER', 'OTA', 'OOM' ] listsingle = [ 'NoAssert-NDEBUG' ] - listnocomb += [ 'OOM -include "umm_malloc/umm_malloc_cfg.h"' ] options = combn(listcomb) options += comb1(listnocomb) options += [ listcomb + listnocomb ] diff --git a/tools/platformio-build.py b/tools/platformio-build.py index fbc2ef4ade..3c3ceb52e3 100644 --- a/tools/platformio-build.py +++ b/tools/platformio-build.py @@ -69,7 +69,7 @@ def scons_patched_match_splitext(path, suffixes=None): ], LIBS=[ "wpa2", "smartconfig", "espnow", "pp", "main", "wpa", "lwip_gcc", - "net80211", "wps", "crypto", "phy", "hal", "axtls", "gcc", + "net80211", "wps", "crypto", "phy", "hal", "bearssl", "axtls", "gcc", "m", "c", "stdc++" ] ) diff --git a/tools/sdk/include/bearssl/bearssl.h b/tools/sdk/include/bearssl/bearssl.h new file mode 100644 index 0000000000..ceabb10916 --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl.h @@ -0,0 +1,169 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_H__ +#define BR_BEARSSL_H__ + +#include +#include + +/** \mainpage BearSSL API + * + * # API Layout + * + * The functions and structures defined by the BearSSL API are located + * in various header files: + * + * | Header file | Elements | + * | :-------------- | :------------------------------------------------ | + * | bearssl_hash.h | Hash functions | + * | bearssl_hmac.h | HMAC | + * | bearssl_rand.h | Pseudorandom byte generators | + * | bearssl_prf.h | PRF implementations (for SSL/TLS) | + * | bearssl_block.h | Symmetric encryption | + * | bearssl_aead.h | AEAD algorithms (combined encryption + MAC) | + * | bearssl_rsa.h | RSA encryption and signatures | + * | bearssl_ec.h | Elliptic curves support (including ECDSA) | + * | bearssl_ssl.h | SSL/TLS engine interface | + * | bearssl_x509.h | X.509 certificate decoding and validation | + * | bearssl_pem.h | Base64/PEM decoding support functions | + * + * Applications using BearSSL are supposed to simply include `bearssl.h` + * as follows: + * + * #include + * + * The `bearssl.h` file itself includes all the other header files. It is + * possible to include specific header files, but it has no practical + * advantage for the application. The API is separated into separate + * header files only for documentation convenience. + * + * + * # Conventions + * + * ## MUST and SHALL + * + * In all descriptions, the usual "MUST", "SHALL", "MAY",... terminology + * is used. Failure to meet requirements expressed with a "MUST" or + * "SHALL" implies undefined behaviour, which means that segmentation + * faults, buffer overflows, and other similar adverse events, may occur. + * + * In general, BearSSL is not very forgiving of programming errors, and + * does not include much failsafes or error reporting when the problem + * does not arise from external transient conditions, and can be fixed + * only in the application code. This is done so in order to make the + * total code footprint lighter. + * + * + * ## `NULL` values + * + * Function parameters with a pointer type shall not be `NULL` unless + * explicitly authorised by the documentation. As an exception, when + * the pointer aims at a sequence of bytes and is accompanied with + * a length parameter, and the length is zero (meaning that there is + * no byte at all to retrieve), then the pointer may be `NULL` even if + * not explicitly allowed. + * + * + * ## Memory Allocation + * + * BearSSL does not perform dynamic memory allocation. This implies that + * for any functionality that requires a non-transient state, the caller + * is responsible for allocating the relevant context structure. Such + * allocation can be done in any appropriate area, including static data + * segments, the heap, and the stack, provided that proper alignment is + * respected. The header files define these context structures + * (including size and contents), so the C compiler should handle + * alignment automatically. + * + * Since there is no dynamic resource allocation, there is also nothing to + * release. When the calling code is done with a BearSSL feature, it + * may simple release the context structures it allocated itself, with + * no "close function" to call. If the context structures were allocated + * on the stack (as local variables), then even that release operation is + * implicit. + * + * + * ## Structure Contents + * + * Except when explicitly indicated, structure contents are opaque: they + * are included in the header files so that calling code may know the + * structure sizes and alignment requirements, but callers SHALL NOT + * access individual fields directly. For fields that are supposed to + * be read from or written to, the API defines accessor functions (the + * simplest of these accessor functions are defined as `static inline` + * functions, and the C compiler will optimise them away). + * + * + * # API Usage + * + * BearSSL usage for running a SSL/TLS client or server is described + * on the [BearSSL Web site](https://www.bearssl.org/api1.html). The + * BearSSL source archive also comes with sample code. + */ + +#include "bearssl_hash.h" +#include "bearssl_hmac.h" +#include "bearssl_rand.h" +#include "bearssl_prf.h" +#include "bearssl_block.h" +#include "bearssl_aead.h" +#include "bearssl_rsa.h" +#include "bearssl_ec.h" +#include "bearssl_ssl.h" +#include "bearssl_x509.h" +#include "bearssl_pem.h" +#include "bearssl_port.h" + +/** \brief Type for a configuration option. + * + * A "configuration option" is a value that is selected when the BearSSL + * library itself is compiled. Most options are boolean; their value is + * then either 1 (option is enabled) or 0 (option is disabled). Some + * values have other integer values. Option names correspond to macro + * names. Some of the options can be explicitly set in the internal + * `"config.h"` file. + */ +typedef struct { + /** \brief Configurable option name. */ + const char *name; + /** \brief Configurable option value. */ + long value; +} br_config_option; + +/** \brief Get configuration report. + * + * This function returns compiled configuration options, each as a + * 'long' value. Names match internal macro names, in particular those + * that can be set in the `"config.h"` inner file. For boolean options, + * the numerical value is 1 if enabled, 0 if disabled. For maximum + * key sizes, values are expressed in bits. + * + * The returned array is terminated by an entry whose `name` is `NULL`. + * + * \return the configuration report. + */ +const br_config_option *br_get_config(void); + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_aead.h b/tools/sdk/include/bearssl/bearssl_aead.h new file mode 100644 index 0000000000..c495dc20db --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_aead.h @@ -0,0 +1,1059 @@ +/* + * Copyright (c) 2017 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_AEAD_H__ +#define BR_BEARSSL_AEAD_H__ + +#include +#include + +#include "bearssl_block.h" +#include "bearssl_hash.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_aead.h + * + * # Authenticated Encryption with Additional Data + * + * This file documents the API for AEAD encryption. + * + * + * ## Procedural API + * + * An AEAD algorithm processes messages and provides confidentiality + * (encryption) and checked integrity (MAC). It uses the following + * parameters: + * + * - A symmetric key. Exact size depends on the AEAD algorithm. + * + * - A nonce (IV). Size depends on the AEAD algorithm; for most + * algorithms, it is crucial for security that any given nonce + * value is never used twice for the same key and distinct + * messages. + * + * - Data to encrypt and protect. + * + * - Additional authenticated data, which is covered by the MAC but + * otherwise left untouched (i.e. not encrypted). + * + * The AEAD algorithm encrypts the data, and produces an authentication + * tag. It is assumed that the encrypted data, the tag, the additional + * authenticated data and the nonce are sent to the receiver; the + * additional data and the nonce may be implicit (e.g. using elements of + * the underlying transport protocol, such as record sequence numbers). + * The receiver will recompute the tag value and compare it with the one + * received; if they match, then the data is correct, and can be + * decrypted and used; otherwise, at least one of the elements was + * altered in transit, normally leading to wholesale rejection of the + * complete message. + * + * For each AEAD algorithm, identified by a symbolic name (hereafter + * denoted as "`xxx`"), the following functions are defined: + * + * - `br_xxx_init()` + * + * Initialise the AEAD algorithm, on a provided context structure. + * Exact parameters depend on the algorithm, and may include + * pointers to extra implementations and context structures. The + * secret key is provided at this point, either directly or + * indirectly. + * + * - `br_xxx_reset()` + * + * Start a new AEAD computation. The nonce value is provided as + * parameter to this function. + * + * - `br_xxx_aad_inject()` + * + * Inject some additional authenticated data. Additional data may + * be provided in several chunks of arbitrary length. + * + * - `br_xxx_flip()` + * + * This function MUST be called after injecting all additional + * authenticated data, and before beginning to encrypt the plaintext + * (or decrypt the ciphertext). + * + * - `br_xxx_run()` + * + * Process some plaintext (to encrypt) or ciphertext (to decrypt). + * Encryption/decryption is done in place. Data may be provided in + * several chunks of arbitrary length. + * + * - `br_xxx_get_tag()` + * + * Compute the authentication tag. All message data (encrypted or + * decrypted) must have been injected at that point. Also, this + * call may modify internal context elements, so it may be called + * only once for a given AEAD computation. + * + * - `br_xxx_check_tag()` + * + * An alternative to `br_xxx_get_tag()`, meant to be used by the + * receiver: the authentication tag is internally recomputed, and + * compared with the one provided as parameter. + * + * This API makes the following assumptions on the AEAD algorithm: + * + * - Encryption does not expand the size of the ciphertext; there is + * no padding. This is true of most modern AEAD modes such as GCM. + * + * - The additional authenticated data must be processed first, + * before the encrypted/decrypted data. + * + * - Nonce, plaintext and additional authenticated data all consist + * in an integral number of bytes. There is no provision to use + * elements whose length in bits is not a multiple of 8. + * + * Each AEAD algorithm has its own requirements and limits on the sizes + * of additional data and plaintext. This API does not provide any + * way to report invalid usage; it is up to the caller to ensure that + * the provided key, nonce, and data elements all fit the algorithm's + * requirements. + * + * + * ## Object-Oriented API + * + * Each context structure begins with a field (called `vtable`) that + * points to an instance of a structure that references the relevant + * functions through pointers. Each such structure contains the + * following: + * + * - `reset` + * + * Pointer to the reset function, that allows starting a new + * computation. + * + * - `aad_inject` + * + * Pointer to the additional authenticated data injection function. + * + * - `flip` + * + * Pointer to the function that transitions from additional data + * to main message data processing. + * + * - `get_tag` + * + * Pointer to the function that computes and returns the tag. + * + * - `check_tag` + * + * Pointer to the function that computes and verifies the tag against + * a received value. + * + * Note that there is no OOP method for context initialisation: the + * various AEAD algorithms have different requirements that would not + * map well to a single initialisation API. + * + * The OOP API is not provided for CCM, due to its specific requirements + * (length of plaintext must be known in advance). + */ + +/** + * \brief Class type of an AEAD algorithm. + */ +typedef struct br_aead_class_ br_aead_class; +struct br_aead_class_ { + + /** + * \brief Size (in bytes) of authentication tags created by + * this AEAD algorithm. + */ + size_t tag_size; + + /** + * \brief Reset an AEAD context. + * + * This function resets an already initialised AEAD context for + * a new computation run. Implementations and keys are + * conserved. This function can be called at any time; it + * cancels any ongoing AEAD computation that uses the provided + * context structure. + + * The provided IV is a _nonce_. Each AEAD algorithm has its + * own requirements on IV size and contents; for most of them, + * it is crucial to security that each nonce value is used + * only once for a given secret key. + * + * \param cc AEAD context structure. + * \param iv AEAD nonce to use. + * \param len AEAD nonce length (in bytes). + */ + void (*reset)(const br_aead_class **cc, const void *iv, size_t len); + + /** + * \brief Inject additional authenticated data. + * + * The provided data is injected into a running AEAD + * computation. Additional data must be injected _before_ the + * call to `flip()`. Additional data can be injected in several + * chunks of arbitrary length. + * + * \param cc AEAD context structure. + * \param data pointer to additional authenticated data. + * \param len length of additional authenticated data (in bytes). + */ + void (*aad_inject)(const br_aead_class **cc, + const void *data, size_t len); + + /** + * \brief Finish injection of additional authenticated data. + * + * This function MUST be called before beginning the actual + * encryption or decryption (with `run()`), even if no + * additional authenticated data was injected. No additional + * authenticated data may be injected after this function call. + * + * \param cc AEAD context structure. + */ + void (*flip)(const br_aead_class **cc); + + /** + * \brief Encrypt or decrypt some data. + * + * Data encryption or decryption can be done after `flip()` has + * been called on the context. If `encrypt` is non-zero, then + * the provided data shall be plaintext, and it is encrypted in + * place. Otherwise, the data shall be ciphertext, and it is + * decrypted in place. + * + * Data may be provided in several chunks of arbitrary length. + * + * \param cc AEAD context structure. + * \param encrypt non-zero for encryption, zero for decryption. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ + void (*run)(const br_aead_class **cc, int encrypt, + void *data, size_t len); + + /** + * \brief Compute authentication tag. + * + * Compute the AEAD authentication tag. The tag length depends + * on the AEAD algorithm; it is written in the provided `tag` + * buffer. This call terminates the AEAD run: no data may be + * processed with that AEAD context afterwards, until `reset()` + * is called to initiate a new AEAD run. + * + * The tag value must normally be sent along with the encrypted + * data. When decrypting, the tag value must be recomputed and + * compared with the received tag: if the two tag values differ, + * then either the tag or the encrypted data was altered in + * transit. As an alternative to this function, the + * `check_tag()` function may be used to compute and check the + * tag value. + * + * Tag length depends on the AEAD algorithm. + * + * \param cc AEAD context structure. + * \param tag destination buffer for the tag. + */ + void (*get_tag)(const br_aead_class **cc, void *tag); + + /** + * \brief Compute and check authentication tag. + * + * This function is an alternative to `get_tag()`, and is + * normally used on the receiving end (i.e. when decrypting + * messages). The tag value is recomputed and compared with the + * provided tag value. If they match, 1 is returned; on + * mismatch, 0 is returned. A returned value of 0 means that the + * data or the tag was altered in transit, normally leading to + * wholesale rejection of the complete message. + * + * Tag length depends on the AEAD algorithm. + * + * \param cc AEAD context structure. + * \param tag tag value to compare with. + * \return 1 on success (exact match of tag value), 0 otherwise. + */ + uint32_t (*check_tag)(const br_aead_class **cc, const void *tag); + + /** + * \brief Compute authentication tag (with truncation). + * + * This function is similar to `get_tag()`, except that the tag + * length is provided. Some AEAD algorithms allow several tag + * lengths, usually by truncating the normal tag. Shorter tags + * mechanically increase success probability of forgeries. + * The range of allowed tag lengths depends on the algorithm. + * + * \param cc AEAD context structure. + * \param tag destination buffer for the tag. + * \param len tag length (in bytes). + */ + void (*get_tag_trunc)(const br_aead_class **cc, void *tag, size_t len); + + /** + * \brief Compute and check authentication tag (with truncation). + * + * This function is similar to `check_tag()` except that it + * works over an explicit tag length. See `get_tag()` for a + * discussion of explicit tag lengths; the range of allowed tag + * lengths depends on the algorithm. + * + * \param cc AEAD context structure. + * \param tag tag value to compare with. + * \param len tag length (in bytes). + * \return 1 on success (exact match of tag value), 0 otherwise. + */ + uint32_t (*check_tag_trunc)(const br_aead_class **cc, + const void *tag, size_t len); +}; + +/** + * \brief Context structure for GCM. + * + * GCM is an AEAD mode that combines a block cipher in CTR mode with a + * MAC based on GHASH, to provide authenticated encryption: + * + * - Any block cipher with 16-byte blocks can be used with GCM. + * + * - The nonce can have any length, from 0 up to 2^64-1 bits; however, + * 96-bit nonces (12 bytes) are recommended (nonces with a length + * distinct from 12 bytes are internally hashed, which risks reusing + * nonce value with a small but not always negligible probability). + * + * - Additional authenticated data may have length up to 2^64-1 bits. + * + * - Message length may range up to 2^39-256 bits at most. + * + * - The authentication tag has length 16 bytes. + * + * The GCM initialisation function receives as parameter an + * _initialised_ block cipher implementation context, with the secret + * key already set. A pointer to that context will be kept within the + * GCM context structure. It is up to the caller to allocate and + * initialise that block cipher context. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_aead_class *vtable; + +#ifndef BR_DOXYGEN_IGNORE + const br_block_ctr_class **bctx; + br_ghash gh; + unsigned char h[16]; + unsigned char j0_1[12]; + unsigned char buf[16]; + unsigned char y[16]; + uint32_t j0_2, jc; + uint64_t count_aad, count_ctr; +#endif +} br_gcm_context; + +/** + * \brief Initialize a GCM context. + * + * A block cipher implementation, with its initialised context structure, + * is provided. The block cipher MUST use 16-byte blocks in CTR mode, + * and its secret key MUST have been already set in the provided context. + * A GHASH implementation must also be provided. The parameters are linked + * in the GCM context. + * + * After this function has been called, the `br_gcm_reset()` function must + * be called, to provide the IV for GCM computation. + * + * \param ctx GCM context structure. + * \param bctx block cipher context (already initialised with secret key). + * \param gh GHASH implementation. + */ +void br_gcm_init(br_gcm_context *ctx, + const br_block_ctr_class **bctx, br_ghash gh); + +/** + * \brief Reset a GCM context. + * + * This function resets an already initialised GCM context for a new + * computation run. Implementations and keys are conserved. This function + * can be called at any time; it cancels any ongoing GCM computation that + * uses the provided context structure. + * + * The provided IV is a _nonce_. It is critical to GCM security that IV + * values are not repeated for the same encryption key. IV can have + * arbitrary length (up to 2^64-1 bits), but the "normal" length is + * 96 bits (12 bytes). + * + * \param ctx GCM context structure. + * \param iv GCM nonce to use. + * \param len GCM nonce length (in bytes). + */ +void br_gcm_reset(br_gcm_context *ctx, const void *iv, size_t len); + +/** + * \brief Inject additional authenticated data into GCM. + * + * The provided data is injected into a running GCM computation. Additional + * data must be injected _before_ the call to `br_gcm_flip()`. + * Additional data can be injected in several chunks of arbitrary length; + * the maximum total size of additional authenticated data is 2^64-1 + * bits. + * + * \param ctx GCM context structure. + * \param data pointer to additional authenticated data. + * \param len length of additional authenticated data (in bytes). + */ +void br_gcm_aad_inject(br_gcm_context *ctx, const void *data, size_t len); + +/** + * \brief Finish injection of additional authenticated data into GCM. + * + * This function MUST be called before beginning the actual encryption + * or decryption (with `br_gcm_run()`), even if no additional authenticated + * data was injected. No additional authenticated data may be injected + * after this function call. + * + * \param ctx GCM context structure. + */ +void br_gcm_flip(br_gcm_context *ctx); + +/** + * \brief Encrypt or decrypt some data with GCM. + * + * Data encryption or decryption can be done after `br_gcm_flip()` + * has been called on the context. If `encrypt` is non-zero, then the + * provided data shall be plaintext, and it is encrypted in place. + * Otherwise, the data shall be ciphertext, and it is decrypted in place. + * + * Data may be provided in several chunks of arbitrary length. The maximum + * total length for data is 2^39-256 bits, i.e. about 65 gigabytes. + * + * \param ctx GCM context structure. + * \param encrypt non-zero for encryption, zero for decryption. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +void br_gcm_run(br_gcm_context *ctx, int encrypt, void *data, size_t len); + +/** + * \brief Compute GCM authentication tag. + * + * Compute the GCM authentication tag. The tag is a 16-byte value which + * is written in the provided `tag` buffer. This call terminates the + * GCM run: no data may be processed with that GCM context afterwards, + * until `br_gcm_reset()` is called to initiate a new GCM run. + * + * The tag value must normally be sent along with the encrypted data. + * When decrypting, the tag value must be recomputed and compared with + * the received tag: if the two tag values differ, then either the tag + * or the encrypted data was altered in transit. As an alternative to + * this function, the `br_gcm_check_tag()` function can be used to + * compute and check the tag value. + * + * \param ctx GCM context structure. + * \param tag destination buffer for the tag (16 bytes). + */ +void br_gcm_get_tag(br_gcm_context *ctx, void *tag); + +/** + * \brief Compute and check GCM authentication tag. + * + * This function is an alternative to `br_gcm_get_tag()`, normally used + * on the receiving end (i.e. when decrypting value). The tag value is + * recomputed and compared with the provided tag value. If they match, 1 + * is returned; on mismatch, 0 is returned. A returned value of 0 means + * that the data or the tag was altered in transit, normally leading to + * wholesale rejection of the complete message. + * + * \param ctx GCM context structure. + * \param tag tag value to compare with (16 bytes). + * \return 1 on success (exact match of tag value), 0 otherwise. + */ +uint32_t br_gcm_check_tag(br_gcm_context *ctx, const void *tag); + +/** + * \brief Compute GCM authentication tag (with truncation). + * + * This function is similar to `br_gcm_get_tag()`, except that it allows + * the tag to be truncated to a smaller length. The intended tag length + * is provided as `len` (in bytes); it MUST be no more than 16, but + * it may be smaller. Note that decreasing tag length mechanically makes + * forgeries easier; NIST SP 800-38D specifies that the tag length shall + * lie between 12 and 16 bytes (inclusive), but may be truncated down to + * 4 or 8 bytes, for specific applications that can tolerate it. It must + * also be noted that successful forgeries leak information on the + * authentication key, making subsequent forgeries easier. Therefore, + * tag truncation, and in particular truncation to sizes lower than 12 + * bytes, shall be envisioned only with great care. + * + * The tag is written in the provided `tag` buffer. This call terminates + * the GCM run: no data may be processed with that GCM context + * afterwards, until `br_gcm_reset()` is called to initiate a new GCM + * run. + * + * The tag value must normally be sent along with the encrypted data. + * When decrypting, the tag value must be recomputed and compared with + * the received tag: if the two tag values differ, then either the tag + * or the encrypted data was altered in transit. As an alternative to + * this function, the `br_gcm_check_tag_trunc()` function can be used to + * compute and check the tag value. + * + * \param ctx GCM context structure. + * \param tag destination buffer for the tag. + * \param len tag length (16 bytes or less). + */ +void br_gcm_get_tag_trunc(br_gcm_context *ctx, void *tag, size_t len); + +/** + * \brief Compute and check GCM authentication tag (with truncation). + * + * This function is an alternative to `br_gcm_get_tag_trunc()`, normally used + * on the receiving end (i.e. when decrypting value). The tag value is + * recomputed and compared with the provided tag value. If they match, 1 + * is returned; on mismatch, 0 is returned. A returned value of 0 means + * that the data or the tag was altered in transit, normally leading to + * wholesale rejection of the complete message. + * + * Tag length MUST be 16 bytes or less. The normal GCM tag length is 16 + * bytes. See `br_check_tag_trunc()` for some discussion on the potential + * perils of truncating authentication tags. + * + * \param ctx GCM context structure. + * \param tag tag value to compare with. + * \param len tag length (in bytes). + * \return 1 on success (exact match of tag value), 0 otherwise. + */ +uint32_t br_gcm_check_tag_trunc(br_gcm_context *ctx, + const void *tag, size_t len); + +/** + * \brief Class instance for GCM. + */ +extern const br_aead_class br_gcm_vtable; + +/** + * \brief Context structure for EAX. + * + * EAX is an AEAD mode that combines a block cipher in CTR mode with + * CBC-MAC using the same block cipher and the same key, to provide + * authenticated encryption: + * + * - Any block cipher with 16-byte blocks can be used with EAX + * (technically, other block sizes are defined as well, but this + * is not implemented by these functions; shorter blocks also + * imply numerous security issues). + * + * - The nonce can have any length, as long as nonce values are + * not reused (thus, if nonces are randomly selected, the nonce + * size should be such that reuse probability is negligible). + * + * - Additional authenticated data length is unlimited. + * + * - Message length is unlimited. + * + * - The authentication tag has length 16 bytes. + * + * The EAX initialisation function receives as parameter an + * _initialised_ block cipher implementation context, with the secret + * key already set. A pointer to that context will be kept within the + * EAX context structure. It is up to the caller to allocate and + * initialise that block cipher context. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_aead_class *vtable; + +#ifndef BR_DOXYGEN_IGNORE + const br_block_ctrcbc_class **bctx; + unsigned char L2[16]; + unsigned char L4[16]; + unsigned char nonce[16]; + unsigned char head[16]; + unsigned char ctr[16]; + unsigned char cbcmac[16]; + unsigned char buf[16]; + size_t ptr; +#endif +} br_eax_context; + +/** + * \brief EAX captured state. + * + * Some internal values computed by EAX may be captured at various + * points, and reused for another EAX run with the same secret key, + * for lower per-message overhead. Captured values do not depend on + * the nonce. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + unsigned char st[3][16]; +#endif +} br_eax_state; + +/** + * \brief Initialize an EAX context. + * + * A block cipher implementation, with its initialised context + * structure, is provided. The block cipher MUST use 16-byte blocks in + * CTR + CBC-MAC mode, and its secret key MUST have been already set in + * the provided context. The parameters are linked in the EAX context. + * + * After this function has been called, the `br_eax_reset()` function must + * be called, to provide the nonce for EAX computation. + * + * \param ctx EAX context structure. + * \param bctx block cipher context (already initialised with secret key). + */ +void br_eax_init(br_eax_context *ctx, const br_block_ctrcbc_class **bctx); + +/** + * \brief Capture pre-AAD state. + * + * This function precomputes key-dependent data, and stores it in the + * provided `st` structure. This structure should then be used with + * `br_eax_reset_pre_aad()`, or updated with `br_eax_get_aad_mac()` + * and then used with `br_eax_reset_post_aad()`. + * + * The EAX context structure is unmodified by this call. + * + * \param ctx EAX context structure. + * \param st recipient for captured state. + */ +void br_eax_capture(const br_eax_context *ctx, br_eax_state *st); + +/** + * \brief Reset an EAX context. + * + * This function resets an already initialised EAX context for a new + * computation run. Implementations and keys are conserved. This function + * can be called at any time; it cancels any ongoing EAX computation that + * uses the provided context structure. + * + * It is critical to EAX security that nonce values are not repeated for + * the same encryption key. Nonces can have arbitrary length. If nonces + * are randomly generated, then a nonce length of at least 128 bits (16 + * bytes) is recommended, to make nonce reuse probability sufficiently + * low. + * + * \param ctx EAX context structure. + * \param nonce EAX nonce to use. + * \param len EAX nonce length (in bytes). + */ +void br_eax_reset(br_eax_context *ctx, const void *nonce, size_t len); + +/** + * \brief Reset an EAX context with a pre-AAD captured state. + * + * This function is an alternative to `br_eax_reset()`, that reuses a + * previously captured state structure for lower per-message overhead. + * The state should have been populated with `br_eax_capture_state()` + * but not updated with `br_eax_get_aad_mac()`. + * + * After this function is called, additional authenticated data MUST + * be injected. At least one byte of additional authenticated data + * MUST be provided with `br_eax_aad_inject()`; computation result will + * be incorrect if `br_eax_flip()` is called right away. + * + * After injection of the AAD and call to `br_eax_flip()`, at least + * one message byte must be provided. Empty messages are not supported + * with this reset mode. + * + * \param ctx EAX context structure. + * \param st pre-AAD captured state. + * \param nonce EAX nonce to use. + * \param len EAX nonce length (in bytes). + */ +void br_eax_reset_pre_aad(br_eax_context *ctx, const br_eax_state *st, + const void *nonce, size_t len); + +/** + * \brief Reset an EAX context with a post-AAD captured state. + * + * This function is an alternative to `br_eax_reset()`, that reuses a + * previously captured state structure for lower per-message overhead. + * The state should have been populated with `br_eax_capture_state()` + * and then updated with `br_eax_get_aad_mac()`. + * + * After this function is called, message data MUST be injected. The + * `br_eax_flip()` function MUST NOT be called. At least one byte of + * message data MUST be provided with `br_eax_run()`; empty messages + * are not supported with this reset mode. + * + * \param ctx EAX context structure. + * \param st post-AAD captured state. + * \param nonce EAX nonce to use. + * \param len EAX nonce length (in bytes). + */ +void br_eax_reset_post_aad(br_eax_context *ctx, const br_eax_state *st, + const void *nonce, size_t len); + +/** + * \brief Inject additional authenticated data into EAX. + * + * The provided data is injected into a running EAX computation. Additional + * data must be injected _before_ the call to `br_eax_flip()`. + * Additional data can be injected in several chunks of arbitrary length; + * the total amount of additional authenticated data is unlimited. + * + * \param ctx EAX context structure. + * \param data pointer to additional authenticated data. + * \param len length of additional authenticated data (in bytes). + */ +void br_eax_aad_inject(br_eax_context *ctx, const void *data, size_t len); + +/** + * \brief Finish injection of additional authenticated data into EAX. + * + * This function MUST be called before beginning the actual encryption + * or decryption (with `br_eax_run()`), even if no additional authenticated + * data was injected. No additional authenticated data may be injected + * after this function call. + * + * \param ctx EAX context structure. + */ +void br_eax_flip(br_eax_context *ctx); + +/** + * \brief Obtain a copy of the MAC on additional authenticated data. + * + * This function may be called only after `br_eax_flip()`; it copies the + * AAD-specific MAC value into the provided state. The MAC value depends + * on the secret key and the additional data itself, but not on the + * nonce. The updated state `st` is meant to be used as parameter for a + * further `br_eax_reset_post_aad()` call. + * + * \param ctx EAX context structure. + * \param st captured state to update. + */ +static inline void +br_eax_get_aad_mac(const br_eax_context *ctx, br_eax_state *st) +{ + memcpy(st->st[1], ctx->head, sizeof ctx->head); +} + +/** + * \brief Encrypt or decrypt some data with EAX. + * + * Data encryption or decryption can be done after `br_eax_flip()` + * has been called on the context. If `encrypt` is non-zero, then the + * provided data shall be plaintext, and it is encrypted in place. + * Otherwise, the data shall be ciphertext, and it is decrypted in place. + * + * Data may be provided in several chunks of arbitrary length. + * + * \param ctx EAX context structure. + * \param encrypt non-zero for encryption, zero for decryption. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +void br_eax_run(br_eax_context *ctx, int encrypt, void *data, size_t len); + +/** + * \brief Compute EAX authentication tag. + * + * Compute the EAX authentication tag. The tag is a 16-byte value which + * is written in the provided `tag` buffer. This call terminates the + * EAX run: no data may be processed with that EAX context afterwards, + * until `br_eax_reset()` is called to initiate a new EAX run. + * + * The tag value must normally be sent along with the encrypted data. + * When decrypting, the tag value must be recomputed and compared with + * the received tag: if the two tag values differ, then either the tag + * or the encrypted data was altered in transit. As an alternative to + * this function, the `br_eax_check_tag()` function can be used to + * compute and check the tag value. + * + * \param ctx EAX context structure. + * \param tag destination buffer for the tag (16 bytes). + */ +void br_eax_get_tag(br_eax_context *ctx, void *tag); + +/** + * \brief Compute and check EAX authentication tag. + * + * This function is an alternative to `br_eax_get_tag()`, normally used + * on the receiving end (i.e. when decrypting value). The tag value is + * recomputed and compared with the provided tag value. If they match, 1 + * is returned; on mismatch, 0 is returned. A returned value of 0 means + * that the data or the tag was altered in transit, normally leading to + * wholesale rejection of the complete message. + * + * \param ctx EAX context structure. + * \param tag tag value to compare with (16 bytes). + * \return 1 on success (exact match of tag value), 0 otherwise. + */ +uint32_t br_eax_check_tag(br_eax_context *ctx, const void *tag); + +/** + * \brief Compute EAX authentication tag (with truncation). + * + * This function is similar to `br_eax_get_tag()`, except that it allows + * the tag to be truncated to a smaller length. The intended tag length + * is provided as `len` (in bytes); it MUST be no more than 16, but + * it may be smaller. Note that decreasing tag length mechanically makes + * forgeries easier; NIST SP 800-38D specifies that the tag length shall + * lie between 12 and 16 bytes (inclusive), but may be truncated down to + * 4 or 8 bytes, for specific applications that can tolerate it. It must + * also be noted that successful forgeries leak information on the + * authentication key, making subsequent forgeries easier. Therefore, + * tag truncation, and in particular truncation to sizes lower than 12 + * bytes, shall be envisioned only with great care. + * + * The tag is written in the provided `tag` buffer. This call terminates + * the EAX run: no data may be processed with that EAX context + * afterwards, until `br_eax_reset()` is called to initiate a new EAX + * run. + * + * The tag value must normally be sent along with the encrypted data. + * When decrypting, the tag value must be recomputed and compared with + * the received tag: if the two tag values differ, then either the tag + * or the encrypted data was altered in transit. As an alternative to + * this function, the `br_eax_check_tag_trunc()` function can be used to + * compute and check the tag value. + * + * \param ctx EAX context structure. + * \param tag destination buffer for the tag. + * \param len tag length (16 bytes or less). + */ +void br_eax_get_tag_trunc(br_eax_context *ctx, void *tag, size_t len); + +/** + * \brief Compute and check EAX authentication tag (with truncation). + * + * This function is an alternative to `br_eax_get_tag_trunc()`, normally used + * on the receiving end (i.e. when decrypting value). The tag value is + * recomputed and compared with the provided tag value. If they match, 1 + * is returned; on mismatch, 0 is returned. A returned value of 0 means + * that the data or the tag was altered in transit, normally leading to + * wholesale rejection of the complete message. + * + * Tag length MUST be 16 bytes or less. The normal EAX tag length is 16 + * bytes. See `br_check_tag_trunc()` for some discussion on the potential + * perils of truncating authentication tags. + * + * \param ctx EAX context structure. + * \param tag tag value to compare with. + * \param len tag length (in bytes). + * \return 1 on success (exact match of tag value), 0 otherwise. + */ +uint32_t br_eax_check_tag_trunc(br_eax_context *ctx, + const void *tag, size_t len); + +/** + * \brief Class instance for EAX. + */ +extern const br_aead_class br_eax_vtable; + +/** + * \brief Context structure for CCM. + * + * CCM is an AEAD mode that combines a block cipher in CTR mode with + * CBC-MAC using the same block cipher and the same key, to provide + * authenticated encryption: + * + * - Any block cipher with 16-byte blocks can be used with CCM + * (technically, other block sizes are defined as well, but this + * is not implemented by these functions; shorter blocks also + * imply numerous security issues). + * + * - The authentication tag length, and plaintext length, MUST be + * known when starting processing data. Plaintext and ciphertext + * can still be provided by chunks, but the total size must match + * the value provided upon initialisation. + * + * - The nonce length is constrained betwen 7 and 13 bytes (inclusive). + * Furthermore, the plaintext length, when encoded, must fit over + * 15-nonceLen bytes; thus, if the nonce has length 13 bytes, then + * the plaintext length cannot exceed 65535 bytes. + * + * - Additional authenticated data length is practically unlimited + * (formal limit is at 2^64 bytes). + * + * - The authentication tag has length 4 to 16 bytes (even values only). + * + * The CCM initialisation function receives as parameter an + * _initialised_ block cipher implementation context, with the secret + * key already set. A pointer to that context will be kept within the + * CCM context structure. It is up to the caller to allocate and + * initialise that block cipher context. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + const br_block_ctrcbc_class **bctx; + unsigned char ctr[16]; + unsigned char cbcmac[16]; + unsigned char tagmask[16]; + unsigned char buf[16]; + size_t ptr; + size_t tag_len; +#endif +} br_ccm_context; + +/** + * \brief Initialize a CCM context. + * + * A block cipher implementation, with its initialised context + * structure, is provided. The block cipher MUST use 16-byte blocks in + * CTR + CBC-MAC mode, and its secret key MUST have been already set in + * the provided context. The parameters are linked in the CCM context. + * + * After this function has been called, the `br_ccm_reset()` function must + * be called, to provide the nonce for CCM computation. + * + * \param ctx CCM context structure. + * \param bctx block cipher context (already initialised with secret key). + */ +void br_ccm_init(br_ccm_context *ctx, const br_block_ctrcbc_class **bctx); + +/** + * \brief Reset a CCM context. + * + * This function resets an already initialised CCM context for a new + * computation run. Implementations and keys are conserved. This function + * can be called at any time; it cancels any ongoing CCM computation that + * uses the provided context structure. + * + * The `aad_len` parameter contains the total length, in bytes, of the + * additional authenticated data. It may be zero. That length MUST be + * exact. + * + * The `data_len` parameter contains the total length, in bytes, of the + * data that will be injected (plaintext or ciphertext). That length MUST + * be exact. Moreover, that length MUST be less than 2^(8*(15-nonce_len)). + * + * The nonce length (`nonce_len`), in bytes, must be in the 7..13 range + * (inclusive). + * + * The tag length (`tag_len`), in bytes, must be in the 4..16 range, and + * be an even integer. Short tags mechanically allow for higher forgery + * probabilities; hence, tag sizes smaller than 12 bytes shall be used only + * with care. + * + * It is critical to CCM security that nonce values are not repeated for + * the same encryption key. Random generation of nonces is not generally + * recommended, due to the relatively small maximum nonce value. + * + * Returned value is 1 on success, 0 on error. An error is reported if + * the tag or nonce length is out of range, or if the + * plaintext/ciphertext length cannot be encoded with the specified + * nonce length. + * + * \param ctx CCM context structure. + * \param nonce CCM nonce to use. + * \param nonce_len CCM nonce length (in bytes, 7 to 13). + * \param aad_len additional authenticated data length (in bytes). + * \param data_len plaintext/ciphertext length (in bytes). + * \param tag_len tag length (in bytes). + * \return 1 on success, 0 on error. + */ +int br_ccm_reset(br_ccm_context *ctx, const void *nonce, size_t nonce_len, + uint64_t aad_len, uint64_t data_len, size_t tag_len); + +/** + * \brief Inject additional authenticated data into CCM. + * + * The provided data is injected into a running CCM computation. Additional + * data must be injected _before_ the call to `br_ccm_flip()`. + * Additional data can be injected in several chunks of arbitrary length, + * but the total amount MUST exactly match the value which was provided + * to `br_ccm_reset()`. + * + * \param ctx CCM context structure. + * \param data pointer to additional authenticated data. + * \param len length of additional authenticated data (in bytes). + */ +void br_ccm_aad_inject(br_ccm_context *ctx, const void *data, size_t len); + +/** + * \brief Finish injection of additional authenticated data into CCM. + * + * This function MUST be called before beginning the actual encryption + * or decryption (with `br_ccm_run()`), even if no additional authenticated + * data was injected. No additional authenticated data may be injected + * after this function call. + * + * \param ctx CCM context structure. + */ +void br_ccm_flip(br_ccm_context *ctx); + +/** + * \brief Encrypt or decrypt some data with CCM. + * + * Data encryption or decryption can be done after `br_ccm_flip()` + * has been called on the context. If `encrypt` is non-zero, then the + * provided data shall be plaintext, and it is encrypted in place. + * Otherwise, the data shall be ciphertext, and it is decrypted in place. + * + * Data may be provided in several chunks of arbitrary length, provided + * that the total length exactly matches the length provided to the + * `br_ccm_reset()` call. + * + * \param ctx CCM context structure. + * \param encrypt non-zero for encryption, zero for decryption. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +void br_ccm_run(br_ccm_context *ctx, int encrypt, void *data, size_t len); + +/** + * \brief Compute CCM authentication tag. + * + * Compute the CCM authentication tag. This call terminates the CCM + * run: all data must have been injected with `br_ccm_run()` (in zero, + * one or more successive calls). After this function has been called, + * no more data can br processed; a `br_ccm_reset()` call is required + * to start a new message. + * + * The tag length was provided upon context initialisation (last call + * to `br_ccm_reset()`); it is returned by this function. + * + * The tag value must normally be sent along with the encrypted data. + * When decrypting, the tag value must be recomputed and compared with + * the received tag: if the two tag values differ, then either the tag + * or the encrypted data was altered in transit. As an alternative to + * this function, the `br_ccm_check_tag()` function can be used to + * compute and check the tag value. + * + * \param ctx CCM context structure. + * \param tag destination buffer for the tag (up to 16 bytes). + * \return the tag length (in bytes). + */ +size_t br_ccm_get_tag(br_ccm_context *ctx, void *tag); + +/** + * \brief Compute and check CCM authentication tag. + * + * This function is an alternative to `br_ccm_get_tag()`, normally used + * on the receiving end (i.e. when decrypting value). The tag value is + * recomputed and compared with the provided tag value. If they match, 1 + * is returned; on mismatch, 0 is returned. A returned value of 0 means + * that the data or the tag was altered in transit, normally leading to + * wholesale rejection of the complete message. + * + * \param ctx CCM context structure. + * \param tag tag value to compare with (up to 16 bytes). + * \return 1 on success (exact match of tag value), 0 otherwise. + */ +uint32_t br_ccm_check_tag(br_ccm_context *ctx, const void *tag); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_block.h b/tools/sdk/include/bearssl/bearssl_block.h new file mode 100644 index 0000000000..4772779d9d --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_block.h @@ -0,0 +1,2522 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_BLOCK_H__ +#define BR_BEARSSL_BLOCK_H__ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_block.h + * + * # Block Ciphers and Symmetric Ciphers + * + * This file documents the API for block ciphers and other symmetric + * ciphers. + * + * + * ## Procedural API + * + * For a block cipher implementation, up to three separate sets of + * functions are provided, for CBC encryption, CBC decryption, and CTR + * encryption/decryption. Each set has its own context structure, + * initialised with the encryption key. + * + * For CBC encryption and decryption, the data to encrypt or decrypt is + * referenced as a sequence of blocks. The implementations assume that + * there is no partial block; no padding is applied or removed. The + * caller is responsible for handling any kind of padding. + * + * Function for CTR encryption are defined only for block ciphers with + * blocks of 16 bytes or more (i.e. AES, but not DES/3DES). + * + * Each implemented block cipher is identified by an "internal name" + * from which are derived the names of structures and functions that + * implement the cipher. For the block cipher of internal name "`xxx`", + * the following are defined: + * + * - `br_xxx_BLOCK_SIZE` + * + * A macro that evaluates to the block size (in bytes) of the + * cipher. For all implemented block ciphers, this value is a + * power of two. + * + * - `br_xxx_cbcenc_keys` + * + * Context structure that contains the subkeys resulting from the key + * expansion. These subkeys are appropriate for CBC encryption. The + * structure first field is called `vtable` and points to the + * appropriate OOP structure. + * + * - `br_xxx_cbcenc_init(br_xxx_cbcenc_keys *ctx, const void *key, size_t len)` + * + * Perform key expansion: subkeys for CBC encryption are computed and + * written in the provided context structure. The key length MUST be + * adequate for the implemented block cipher. This function also sets + * the `vtable` field. + * + * - `br_xxx_cbcenc_run(const br_xxx_cbcenc_keys *ctx, void *iv, void *data, size_t len)` + * + * Perform CBC encryption of `len` bytes, in place. The encrypted data + * replaces the cleartext. `len` MUST be a multiple of the block length + * (if it is not, the function may loop forever or overflow a buffer). + * The IV is provided with the `iv` pointer; it is also updated with + * a copy of the last encrypted block. + * + * - `br_xxx_cbcdec_keys` + * + * Context structure that contains the subkeys resulting from the key + * expansion. These subkeys are appropriate for CBC decryption. The + * structure first field is called `vtable` and points to the + * appropriate OOP structure. + * + * - `br_xxx_cbcdec_init(br_xxx_cbcenc_keys *ctx, const void *key, size_t len)` + * + * Perform key expansion: subkeys for CBC decryption are computed and + * written in the provided context structure. The key length MUST be + * adequate for the implemented block cipher. This function also sets + * the `vtable` field. + * + * - `br_xxx_cbcdec_run(const br_xxx_cbcdec_keys *ctx, void *iv, void *data, size_t num_blocks)` + * + * Perform CBC decryption of `len` bytes, in place. The decrypted data + * replaces the ciphertext. `len` MUST be a multiple of the block length + * (if it is not, the function may loop forever or overflow a buffer). + * The IV is provided with the `iv` pointer; it is also updated with + * a copy of the last _encrypted_ block. + * + * - `br_xxx_ctr_keys` + * + * Context structure that contains the subkeys resulting from the key + * expansion. These subkeys are appropriate for CTR encryption and + * decryption. The structure first field is called `vtable` and + * points to the appropriate OOP structure. + * + * - `br_xxx_ctr_init(br_xxx_ctr_keys *ctx, const void *key, size_t len)` + * + * Perform key expansion: subkeys for CTR encryption and decryption + * are computed and written in the provided context structure. The + * key length MUST be adequate for the implemented block cipher. This + * function also sets the `vtable` field. + * + * - `br_xxx_ctr_run(const br_xxx_ctr_keys *ctx, const void *iv, uint32_t cc, void *data, size_t len)` (returns `uint32_t`) + * + * Perform CTR encryption/decryption of some data. Processing is done + * "in place" (the output data replaces the input data). This function + * implements the "standard incrementing function" from NIST SP800-38A, + * annex B: the IV length shall be 4 bytes less than the block size + * (i.e. 12 bytes for AES) and the counter is the 32-bit value starting + * with `cc`. The data length (`len`) is not necessarily a multiple of + * the block size. The new counter value is returned, which supports + * chunked processing, provided that each chunk length (except possibly + * the last one) is a multiple of the block size. + * + * - `br_xxx_ctrcbc_keys` + * + * Context structure that contains the subkeys resulting from the + * key expansion. These subkeys are appropriate for doing combined + * CTR encryption/decryption and CBC-MAC, as used in the CCM and EAX + * authenticated encryption modes. The structure first field is + * called `vtable` and points to the appropriate OOP structure. + * + * - `br_xxx_ctrcbc_init(br_xxx_ctr_keys *ctx, const void *key, size_t len)` + * + * Perform key expansion: subkeys for combined CTR + * encryption/decryption and CBC-MAC are computed and written in the + * provided context structure. The key length MUST be adequate for + * the implemented block cipher. This function also sets the + * `vtable` field. + * + * - `br_xxx_ctrcbc_encrypt(const br_xxx_ctrcbc_keys *ctx, void *ctr, void *cbcmac, void *data, size_t len)` + * + * Perform CTR encryption of some data, and CBC-MAC. Processing is + * done "in place" (the output data replaces the input data). This + * function applies CTR encryption on the data, using a full + * block-size counter (i.e. for 128-bit blocks, the counter is + * incremented as a 128-bit value). The 'ctr' array contains the + * initial value for the counter (used in the first block) and it is + * updated with the new value after data processing. The 'cbcmac' + * value shall point to a block-sized value which is used as IV for + * CBC-MAC, computed over the encrypted data (output of CTR + * encryption); the resulting CBC-MAC is written over 'cbcmac' on + * output. + * + * The data length MUST be a multiple of the block size. + * + * - `br_xxx_ctrcbc_decrypt(const br_xxx_ctrcbc_keys *ctx, void *ctr, void *cbcmac, void *data, size_t len)` + * + * Perform CTR decryption of some data, and CBC-MAC. Processing is + * done "in place" (the output data replaces the input data). This + * function applies CTR decryption on the data, using a full + * block-size counter (i.e. for 128-bit blocks, the counter is + * incremented as a 128-bit value). The 'ctr' array contains the + * initial value for the counter (used in the first block) and it is + * updated with the new value after data processing. The 'cbcmac' + * value shall point to a block-sized value which is used as IV for + * CBC-MAC, computed over the encrypted data (input of CTR + * encryption); the resulting CBC-MAC is written over 'cbcmac' on + * output. + * + * The data length MUST be a multiple of the block size. + * + * - `br_xxx_ctrcbc_ctr(const br_xxx_ctrcbc_keys *ctx, void *ctr, void *data, size_t len)` + * + * Perform CTR encryption or decryption of the provided data. The + * data is processed "in place" (the output data replaces the input + * data). A full block-sized counter is applied (i.e. for 128-bit + * blocks, the counter is incremented as a 128-bit value). The 'ctr' + * array contains the initial value for the counter (used in the + * first block), and it is updated with the new value after data + * processing. + * + * The data length MUST be a multiple of the block size. + * + * - `br_xxx_ctrcbc_mac(const br_xxx_ctrcbc_keys *ctx, void *cbcmac, const void *data, size_t len)` + * + * Compute CBC-MAC over the provided data. The IV for CBC-MAC is + * provided as 'cbcmac'; the output is written over the same array. + * The data itself is untouched. The data length MUST be a multiple + * of the block size. + * + * + * It shall be noted that the key expansion functions return `void`. If + * the provided key length is not allowed, then there will be no error + * reporting; implementations need not validate the key length, thus an + * invalid key length may result in undefined behaviour (e.g. buffer + * overflow). + * + * Subkey structures contain no interior pointer, and no external + * resources are allocated upon key expansion. They can thus be + * discarded without any explicit deallocation. + * + * + * ## Object-Oriented API + * + * Each context structure begins with a field (called `vtable`) that + * points to an instance of a structure that references the relevant + * functions through pointers. Each such structure contains the + * following: + * + * - `context_size` + * + * The size (in bytes) of the context structure for subkeys. + * + * - `block_size` + * + * The cipher block size (in bytes). + * + * - `log_block_size` + * + * The base-2 logarithm of cipher block size (e.g. 4 for blocks + * of 16 bytes). + * + * - `init` + * + * Pointer to the key expansion function. + * + * - `run` + * + * Pointer to the encryption/decryption function. + * + * For combined CTR/CBC-MAC encryption, the `vtable` has a slightly + * different structure: + * + * - `context_size` + * + * The size (in bytes) of the context structure for subkeys. + * + * - `block_size` + * + * The cipher block size (in bytes). + * + * - `log_block_size` + * + * The base-2 logarithm of cipher block size (e.g. 4 for blocks + * of 16 bytes). + * + * - `init` + * + * Pointer to the key expansion function. + * + * - `encrypt` + * + * Pointer to the CTR encryption + CBC-MAC function. + * + * - `decrypt` + * + * Pointer to the CTR decryption + CBC-MAC function. + * + * - `ctr` + * + * Pointer to the CTR encryption/decryption function. + * + * - `mac` + * + * Pointer to the CBC-MAC function. + * + * For block cipher "`xxx`", static, constant instances of these + * structures are defined, under the names: + * + * - `br_xxx_cbcenc_vtable` + * - `br_xxx_cbcdec_vtable` + * - `br_xxx_ctr_vtable` + * - `br_xxx_ctrcbc_vtable` + * + * + * ## Implemented Block Ciphers + * + * Provided implementations are: + * + * | Name | Function | Block Size (bytes) | Key lengths (bytes) | + * | :-------- | :------- | :----------------: | :-----------------: | + * | aes_big | AES | 16 | 16, 24 and 32 | + * | aes_small | AES | 16 | 16, 24 and 32 | + * | aes_ct | AES | 16 | 16, 24 and 32 | + * | aes_ct64 | AES | 16 | 16, 24 and 32 | + * | aes_x86ni | AES | 16 | 16, 24 and 32 | + * | aes_pwr8 | AES | 16 | 16, 24 and 32 | + * | des_ct | DES/3DES | 8 | 8, 16 and 24 | + * | des_tab | DES/3DES | 8 | 8, 16 and 24 | + * + * **Note:** DES/3DES nominally uses keys of 64, 128 and 192 bits (i.e. 8, + * 16 and 24 bytes), but some of the bits are ignored by the algorithm, so + * the _effective_ key lengths, from a security point of view, are 56, + * 112 and 168 bits, respectively. + * + * `aes_big` is a "classical" AES implementation, using tables. It + * is fast but not constant-time, since it makes data-dependent array + * accesses. + * + * `aes_small` is an AES implementation optimized for code size. It + * is substantially slower than `aes_big`; it is not constant-time + * either. + * + * `aes_ct` is a constant-time implementation of AES; its code is about + * as big as that of `aes_big`, while its performance is comparable to + * that of `aes_small`. However, it is constant-time. This + * implementation should thus be considered to be the "default" AES in + * BearSSL, to be used unless the operational context guarantees that a + * non-constant-time implementation is safe, or an architecture-specific + * constant-time implementation can be used (e.g. using dedicated + * hardware opcodes). + * + * `aes_ct64` is another constant-time implementation of AES. It is + * similar to `aes_ct` but uses 64-bit values. On 32-bit machines, + * `aes_ct64` is not faster than `aes_ct`, often a bit slower, and has + * a larger footprint; however, on 64-bit architectures, `aes_ct64` + * is typically twice faster than `aes_ct` for modes that allow parallel + * operations (i.e. CTR, and CBC decryption, but not CBC encryption). + * + * `aes_x86ni` exists only on x86 architectures (32-bit and 64-bit). It + * uses the AES-NI opcodes when available. + * + * `aes_pwr8` exists only on PowerPC / POWER architectures (32-bit and + * 64-bit, both little-endian and big-endian). It uses the AES opcodes + * present in POWER8 and later. + * + * `des_tab` is a classic, table-based implementation of DES/3DES. It + * is not constant-time. + * + * `des_ct` is an constant-time implementation of DES/3DES. It is + * substantially slower than `des_tab`. + * + * ## ChaCha20 and Poly1305 + * + * ChaCha20 is a stream cipher. Poly1305 is a MAC algorithm. They + * are described in [RFC 7539](https://tools.ietf.org/html/rfc7539). + * + * Two function pointer types are defined: + * + * - `br_chacha20_run` describes a function that implements ChaCha20 + * only. + * + * - `br_poly1305_run` describes an implementation of Poly1305, + * in the AEAD combination with ChaCha20 specified in RFC 7539 + * (the ChaCha20 implementation is provided as a function pointer). + * + * `chacha20_ct` is a straightforward implementation of ChaCha20 in + * plain C; it is constant-time, small, and reasonably fast. + * + * `chacha20_sse2` leverages SSE2 opcodes (on x86 architectures that + * support these opcodes). It is faster than `chacha20_ct`. + * + * `poly1305_ctmul` is an implementation of the ChaCha20+Poly1305 AEAD + * construction, where the Poly1305 part is performed with mixed 32-bit + * multiplications (operands are 32-bit, result is 64-bit). + * + * `poly1305_ctmul32` implements ChaCha20+Poly1305 using pure 32-bit + * multiplications (32-bit operands, 32-bit result). It is slower than + * `poly1305_ctmul`, except on some specific architectures such as + * the ARM Cortex M0+. + * + * `poly1305_ctmulq` implements ChaCha20+Poly1305 with mixed 64-bit + * multiplications (operands are 64-bit, result is 128-bit) on 64-bit + * platforms that support such operations. + * + * `poly1305_i15` implements ChaCha20+Poly1305 with the generic "i15" + * big integer implementation. It is meant mostly for testing purposes, + * although it can help with saving a few hundred bytes of code footprint + * on systems where code size is scarce. + */ + +/** + * \brief Class type for CBC encryption implementations. + * + * A `br_block_cbcenc_class` instance points to the functions implementing + * a specific block cipher, when used in CBC mode for encrypting data. + */ +typedef struct br_block_cbcenc_class_ br_block_cbcenc_class; +struct br_block_cbcenc_class_ { + /** + * \brief Size (in bytes) of the context structure appropriate + * for containing subkeys. + */ + size_t context_size; + + /** + * \brief Size of individual blocks (in bytes). + */ + unsigned block_size; + + /** + * \brief Base-2 logarithm of the size of individual blocks, + * expressed in bytes. + */ + unsigned log_block_size; + + /** + * \brief Initialisation function. + * + * This function sets the `vtable` field in the context structure. + * The key length MUST be one of the key lengths supported by + * the implementation. + * + * \param ctx context structure to initialise. + * \param key secret key. + * \param key_len key length (in bytes). + */ + void (*init)(const br_block_cbcenc_class **ctx, + const void *key, size_t key_len); + + /** + * \brief Run the CBC encryption. + * + * The `iv` parameter points to the IV for this run; it is + * updated with a copy of the last encrypted block. The data + * is encrypted "in place"; its length (`len`) MUST be a + * multiple of the block size. + * + * \param ctx context structure (already initialised). + * \param iv IV for CBC encryption (updated). + * \param data data to encrypt. + * \param len data length (in bytes, multiple of block size). + */ + void (*run)(const br_block_cbcenc_class *const *ctx, + void *iv, void *data, size_t len); +}; + +/** + * \brief Class type for CBC decryption implementations. + * + * A `br_block_cbcdec_class` instance points to the functions implementing + * a specific block cipher, when used in CBC mode for decrypting data. + */ +typedef struct br_block_cbcdec_class_ br_block_cbcdec_class; +struct br_block_cbcdec_class_ { + /** + * \brief Size (in bytes) of the context structure appropriate + * for containing subkeys. + */ + size_t context_size; + + /** + * \brief Size of individual blocks (in bytes). + */ + unsigned block_size; + + /** + * \brief Base-2 logarithm of the size of individual blocks, + * expressed in bytes. + */ + unsigned log_block_size; + + /** + * \brief Initialisation function. + * + * This function sets the `vtable` field in the context structure. + * The key length MUST be one of the key lengths supported by + * the implementation. + * + * \param ctx context structure to initialise. + * \param key secret key. + * \param key_len key length (in bytes). + */ + void (*init)(const br_block_cbcdec_class **ctx, + const void *key, size_t key_len); + + /** + * \brief Run the CBC decryption. + * + * The `iv` parameter points to the IV for this run; it is + * updated with a copy of the last encrypted block. The data + * is decrypted "in place"; its length (`len`) MUST be a + * multiple of the block size. + * + * \param ctx context structure (already initialised). + * \param iv IV for CBC decryption (updated). + * \param data data to decrypt. + * \param len data length (in bytes, multiple of block size). + */ + void (*run)(const br_block_cbcdec_class *const *ctx, + void *iv, void *data, size_t len); +}; + +/** + * \brief Class type for CTR encryption/decryption implementations. + * + * A `br_block_ctr_class` instance points to the functions implementing + * a specific block cipher, when used in CTR mode for encrypting or + * decrypting data. + */ +typedef struct br_block_ctr_class_ br_block_ctr_class; +struct br_block_ctr_class_ { + /** + * \brief Size (in bytes) of the context structure appropriate + * for containing subkeys. + */ + size_t context_size; + + /** + * \brief Size of individual blocks (in bytes). + */ + unsigned block_size; + + /** + * \brief Base-2 logarithm of the size of individual blocks, + * expressed in bytes. + */ + unsigned log_block_size; + + /** + * \brief Initialisation function. + * + * This function sets the `vtable` field in the context structure. + * The key length MUST be one of the key lengths supported by + * the implementation. + * + * \param ctx context structure to initialise. + * \param key secret key. + * \param key_len key length (in bytes). + */ + void (*init)(const br_block_ctr_class **ctx, + const void *key, size_t key_len); + + /** + * \brief Run the CTR encryption or decryption. + * + * The `iv` parameter points to the IV for this run; its + * length is exactly 4 bytes less than the block size (e.g. + * 12 bytes for AES/CTR). The IV is combined with a 32-bit + * block counter to produce the block value which is processed + * with the block cipher. + * + * The data to encrypt or decrypt is updated "in place". Its + * length (`len` bytes) is not required to be a multiple of + * the block size; if the final block is partial, then the + * corresponding key stream bits are dropped. + * + * The resulting counter value is returned. + * + * \param ctx context structure (already initialised). + * \param iv IV for CTR encryption/decryption. + * \param cc initial value for the block counter. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \return the new block counter value. + */ + uint32_t (*run)(const br_block_ctr_class *const *ctx, + const void *iv, uint32_t cc, void *data, size_t len); +}; + +/** + * \brief Class type for combined CTR and CBC-MAC implementations. + * + * A `br_block_ctrcbc_class` instance points to the functions implementing + * a specific block cipher, when used in CTR mode for encrypting or + * decrypting data, along with CBC-MAC. + */ +typedef struct br_block_ctrcbc_class_ br_block_ctrcbc_class; +struct br_block_ctrcbc_class_ { + /** + * \brief Size (in bytes) of the context structure appropriate + * for containing subkeys. + */ + size_t context_size; + + /** + * \brief Size of individual blocks (in bytes). + */ + unsigned block_size; + + /** + * \brief Base-2 logarithm of the size of individual blocks, + * expressed in bytes. + */ + unsigned log_block_size; + + /** + * \brief Initialisation function. + * + * This function sets the `vtable` field in the context structure. + * The key length MUST be one of the key lengths supported by + * the implementation. + * + * \param ctx context structure to initialise. + * \param key secret key. + * \param key_len key length (in bytes). + */ + void (*init)(const br_block_ctrcbc_class **ctx, + const void *key, size_t key_len); + + /** + * \brief Run the CTR encryption + CBC-MAC. + * + * The `ctr` parameter points to the counter; its length shall + * be equal to the block size. It is updated by this function + * as encryption proceeds. + * + * The `cbcmac` parameter points to the IV for CBC-MAC. The MAC + * is computed over the encrypted data (output of CTR + * encryption). Its length shall be equal to the block size. The + * computed CBC-MAC value is written over the `cbcmac` array. + * + * The data to encrypt is updated "in place". Its length (`len` + * bytes) MUST be a multiple of the block size. + * + * \param ctx context structure (already initialised). + * \param ctr counter for CTR encryption (initial and final). + * \param cbcmac IV and output buffer for CBC-MAC. + * \param data data to encrypt. + * \param len data length (in bytes). + */ + void (*encrypt)(const br_block_ctrcbc_class *const *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + + /** + * \brief Run the CTR decryption + CBC-MAC. + * + * The `ctr` parameter points to the counter; its length shall + * be equal to the block size. It is updated by this function + * as decryption proceeds. + * + * The `cbcmac` parameter points to the IV for CBC-MAC. The MAC + * is computed over the encrypted data (i.e. before CTR + * decryption). Its length shall be equal to the block size. The + * computed CBC-MAC value is written over the `cbcmac` array. + * + * The data to decrypt is updated "in place". Its length (`len` + * bytes) MUST be a multiple of the block size. + * + * \param ctx context structure (already initialised). + * \param ctr counter for CTR encryption (initial and final). + * \param cbcmac IV and output buffer for CBC-MAC. + * \param data data to decrypt. + * \param len data length (in bytes). + */ + void (*decrypt)(const br_block_ctrcbc_class *const *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + + /** + * \brief Run the CTR encryption/decryption only. + * + * The `ctr` parameter points to the counter; its length shall + * be equal to the block size. It is updated by this function + * as decryption proceeds. + * + * The data to decrypt is updated "in place". Its length (`len` + * bytes) MUST be a multiple of the block size. + * + * \param ctx context structure (already initialised). + * \param ctr counter for CTR encryption (initial and final). + * \param data data to decrypt. + * \param len data length (in bytes). + */ + void (*ctr)(const br_block_ctrcbc_class *const *ctx, + void *ctr, void *data, size_t len); + + /** + * \brief Run the CBC-MAC only. + * + * The `cbcmac` parameter points to the IV for CBC-MAC. The MAC + * is computed over the encrypted data (i.e. before CTR + * decryption). Its length shall be equal to the block size. The + * computed CBC-MAC value is written over the `cbcmac` array. + * + * The data is unmodified. Its length (`len` bytes) MUST be a + * multiple of the block size. + * + * \param ctx context structure (already initialised). + * \param cbcmac IV and output buffer for CBC-MAC. + * \param data data to decrypt. + * \param len data length (in bytes). + */ + void (*mac)(const br_block_ctrcbc_class *const *ctx, + void *cbcmac, const void *data, size_t len); +}; + +/* + * Traditional, table-based AES implementation. It is fast, but uses + * internal tables (in particular a 1 kB table for encryption, another + * 1 kB table for decryption, and a 256-byte table for key schedule), + * and it is not constant-time. In contexts where cache-timing attacks + * apply, this implementation may leak the secret key. + */ + +/** \brief AES block size (16 bytes). */ +#define br_aes_big_BLOCK_SIZE 16 + +/** + * \brief Context for AES subkeys (`aes_big` implementation, CBC encryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcenc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_big_cbcenc_keys; + +/** + * \brief Context for AES subkeys (`aes_big` implementation, CBC decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcdec_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_big_cbcdec_keys; + +/** + * \brief Context for AES subkeys (`aes_big` implementation, CTR encryption + * and decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctr_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_big_ctr_keys; + +/** + * \brief Context for AES subkeys (`aes_big` implementation, CTR encryption + * and decryption + CBC-MAC). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctrcbc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_big_ctrcbc_keys; + +/** + * \brief Class instance for AES CBC encryption (`aes_big` implementation). + */ +extern const br_block_cbcenc_class br_aes_big_cbcenc_vtable; + +/** + * \brief Class instance for AES CBC decryption (`aes_big` implementation). + */ +extern const br_block_cbcdec_class br_aes_big_cbcdec_vtable; + +/** + * \brief Class instance for AES CTR encryption and decryption + * (`aes_big` implementation). + */ +extern const br_block_ctr_class br_aes_big_ctr_vtable; + +/** + * \brief Class instance for AES CTR encryption/decryption + CBC-MAC + * (`aes_big` implementation). + */ +extern const br_block_ctrcbc_class br_aes_big_ctrcbc_vtable; + +/** + * \brief Context initialisation (key schedule) for AES CBC encryption + * (`aes_big` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_big_cbcenc_init(br_aes_big_cbcenc_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CBC decryption + * (`aes_big` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_big_cbcdec_init(br_aes_big_cbcdec_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR encryption + * and decryption (`aes_big` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_big_ctr_init(br_aes_big_ctr_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC + * (`aes_big` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_big_ctrcbc_init(br_aes_big_ctrcbc_keys *ctx, + const void *key, size_t len); + +/** + * \brief CBC encryption with AES (`aes_big` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_big_cbcenc_run(const br_aes_big_cbcenc_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CBC decryption with AES (`aes_big` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_big_cbcdec_run(const br_aes_big_cbcdec_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CTR encryption and decryption with AES (`aes_big` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (constant, 12 bytes). + * \param cc initial block counter value. + * \param data data to encrypt or decrypt (updated). + * \param len data length (in bytes). + * \return new block counter value. + */ +uint32_t br_aes_big_ctr_run(const br_aes_big_ctr_keys *ctx, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief CTR encryption + CBC-MAC with AES (`aes_big` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_big_ctrcbc_encrypt(const br_aes_big_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR decryption + CBC-MAC with AES (`aes_big` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_big_ctrcbc_decrypt(const br_aes_big_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR encryption/decryption with AES (`aes_big` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param data data to MAC (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_big_ctrcbc_ctr(const br_aes_big_ctrcbc_keys *ctx, + void *ctr, void *data, size_t len); + +/** + * \brief CBC-MAC with AES (`aes_big` implementation). + * + * \param ctx context (already initialised). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to MAC (unmodified). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_big_ctrcbc_mac(const br_aes_big_ctrcbc_keys *ctx, + void *cbcmac, const void *data, size_t len); + +/* + * AES implementation optimized for size. It is slower than the + * traditional table-based AES implementation, but requires much less + * code. It still uses data-dependent table accesses (albeit within a + * much smaller 256-byte table), which makes it conceptually vulnerable + * to cache-timing attacks. + */ + +/** \brief AES block size (16 bytes). */ +#define br_aes_small_BLOCK_SIZE 16 + +/** + * \brief Context for AES subkeys (`aes_small` implementation, CBC encryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcenc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_small_cbcenc_keys; + +/** + * \brief Context for AES subkeys (`aes_small` implementation, CBC decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcdec_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_small_cbcdec_keys; + +/** + * \brief Context for AES subkeys (`aes_small` implementation, CTR encryption + * and decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctr_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_small_ctr_keys; + +/** + * \brief Context for AES subkeys (`aes_small` implementation, CTR encryption + * and decryption + CBC-MAC). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctrcbc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_small_ctrcbc_keys; + +/** + * \brief Class instance for AES CBC encryption (`aes_small` implementation). + */ +extern const br_block_cbcenc_class br_aes_small_cbcenc_vtable; + +/** + * \brief Class instance for AES CBC decryption (`aes_small` implementation). + */ +extern const br_block_cbcdec_class br_aes_small_cbcdec_vtable; + +/** + * \brief Class instance for AES CTR encryption and decryption + * (`aes_small` implementation). + */ +extern const br_block_ctr_class br_aes_small_ctr_vtable; + +/** + * \brief Class instance for AES CTR encryption/decryption + CBC-MAC + * (`aes_small` implementation). + */ +extern const br_block_ctrcbc_class br_aes_small_ctrcbc_vtable; + +/** + * \brief Context initialisation (key schedule) for AES CBC encryption + * (`aes_small` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_small_cbcenc_init(br_aes_small_cbcenc_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CBC decryption + * (`aes_small` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_small_cbcdec_init(br_aes_small_cbcdec_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR encryption + * and decryption (`aes_small` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_small_ctr_init(br_aes_small_ctr_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC + * (`aes_small` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_small_ctrcbc_init(br_aes_small_ctrcbc_keys *ctx, + const void *key, size_t len); + +/** + * \brief CBC encryption with AES (`aes_small` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_small_cbcenc_run(const br_aes_small_cbcenc_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CBC decryption with AES (`aes_small` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_small_cbcdec_run(const br_aes_small_cbcdec_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CTR encryption and decryption with AES (`aes_small` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (constant, 12 bytes). + * \param cc initial block counter value. + * \param data data to decrypt (updated). + * \param len data length (in bytes). + * \return new block counter value. + */ +uint32_t br_aes_small_ctr_run(const br_aes_small_ctr_keys *ctx, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief CTR encryption + CBC-MAC with AES (`aes_small` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_small_ctrcbc_encrypt(const br_aes_small_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR decryption + CBC-MAC with AES (`aes_small` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_small_ctrcbc_decrypt(const br_aes_small_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR encryption/decryption with AES (`aes_small` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param data data to MAC (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_small_ctrcbc_ctr(const br_aes_small_ctrcbc_keys *ctx, + void *ctr, void *data, size_t len); + +/** + * \brief CBC-MAC with AES (`aes_small` implementation). + * + * \param ctx context (already initialised). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to MAC (unmodified). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_small_ctrcbc_mac(const br_aes_small_ctrcbc_keys *ctx, + void *cbcmac, const void *data, size_t len); + +/* + * Constant-time AES implementation. Its size is similar to that of + * 'aes_big', and its performance is similar to that of 'aes_small' (faster + * decryption, slower encryption). However, it is constant-time, i.e. + * immune to cache-timing and similar attacks. + */ + +/** \brief AES block size (16 bytes). */ +#define br_aes_ct_BLOCK_SIZE 16 + +/** + * \brief Context for AES subkeys (`aes_ct` implementation, CBC encryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcenc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_ct_cbcenc_keys; + +/** + * \brief Context for AES subkeys (`aes_ct` implementation, CBC decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcdec_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_ct_cbcdec_keys; + +/** + * \brief Context for AES subkeys (`aes_ct` implementation, CTR encryption + * and decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctr_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_ct_ctr_keys; + +/** + * \brief Context for AES subkeys (`aes_ct` implementation, CTR encryption + * and decryption + CBC-MAC). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctrcbc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[60]; + unsigned num_rounds; +#endif +} br_aes_ct_ctrcbc_keys; + +/** + * \brief Class instance for AES CBC encryption (`aes_ct` implementation). + */ +extern const br_block_cbcenc_class br_aes_ct_cbcenc_vtable; + +/** + * \brief Class instance for AES CBC decryption (`aes_ct` implementation). + */ +extern const br_block_cbcdec_class br_aes_ct_cbcdec_vtable; + +/** + * \brief Class instance for AES CTR encryption and decryption + * (`aes_ct` implementation). + */ +extern const br_block_ctr_class br_aes_ct_ctr_vtable; + +/** + * \brief Class instance for AES CTR encryption/decryption + CBC-MAC + * (`aes_ct` implementation). + */ +extern const br_block_ctrcbc_class br_aes_ct_ctrcbc_vtable; + +/** + * \brief Context initialisation (key schedule) for AES CBC encryption + * (`aes_ct` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_ct_cbcenc_init(br_aes_ct_cbcenc_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CBC decryption + * (`aes_ct` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_ct_cbcdec_init(br_aes_ct_cbcdec_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR encryption + * and decryption (`aes_ct` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_ct_ctr_init(br_aes_ct_ctr_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC + * (`aes_ct` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_ct_ctrcbc_init(br_aes_ct_ctrcbc_keys *ctx, + const void *key, size_t len); + +/** + * \brief CBC encryption with AES (`aes_ct` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_ct_cbcenc_run(const br_aes_ct_cbcenc_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CBC decryption with AES (`aes_ct` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_ct_cbcdec_run(const br_aes_ct_cbcdec_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CTR encryption and decryption with AES (`aes_ct` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (constant, 12 bytes). + * \param cc initial block counter value. + * \param data data to decrypt (updated). + * \param len data length (in bytes). + * \return new block counter value. + */ +uint32_t br_aes_ct_ctr_run(const br_aes_ct_ctr_keys *ctx, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief CTR encryption + CBC-MAC with AES (`aes_ct` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_ct_ctrcbc_encrypt(const br_aes_ct_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR decryption + CBC-MAC with AES (`aes_ct` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_ct_ctrcbc_decrypt(const br_aes_ct_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR encryption/decryption with AES (`aes_ct` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param data data to MAC (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_ct_ctrcbc_ctr(const br_aes_ct_ctrcbc_keys *ctx, + void *ctr, void *data, size_t len); + +/** + * \brief CBC-MAC with AES (`aes_ct` implementation). + * + * \param ctx context (already initialised). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to MAC (unmodified). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_ct_ctrcbc_mac(const br_aes_ct_ctrcbc_keys *ctx, + void *cbcmac, const void *data, size_t len); + +/* + * 64-bit constant-time AES implementation. It is similar to 'aes_ct' + * but uses 64-bit registers, making it about twice faster than 'aes_ct' + * on 64-bit platforms, while remaining constant-time and with a similar + * code size. (The doubling in performance is only for CBC decryption + * and CTR mode; CBC encryption is non-parallel and cannot benefit from + * the larger registers.) + */ + +/** \brief AES block size (16 bytes). */ +#define br_aes_ct64_BLOCK_SIZE 16 + +/** + * \brief Context for AES subkeys (`aes_ct64` implementation, CBC encryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcenc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t skey[30]; + unsigned num_rounds; +#endif +} br_aes_ct64_cbcenc_keys; + +/** + * \brief Context for AES subkeys (`aes_ct64` implementation, CBC decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcdec_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t skey[30]; + unsigned num_rounds; +#endif +} br_aes_ct64_cbcdec_keys; + +/** + * \brief Context for AES subkeys (`aes_ct64` implementation, CTR encryption + * and decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctr_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t skey[30]; + unsigned num_rounds; +#endif +} br_aes_ct64_ctr_keys; + +/** + * \brief Context for AES subkeys (`aes_ct64` implementation, CTR encryption + * and decryption + CBC-MAC). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctrcbc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t skey[30]; + unsigned num_rounds; +#endif +} br_aes_ct64_ctrcbc_keys; + +/** + * \brief Class instance for AES CBC encryption (`aes_ct64` implementation). + */ +extern const br_block_cbcenc_class br_aes_ct64_cbcenc_vtable; + +/** + * \brief Class instance for AES CBC decryption (`aes_ct64` implementation). + */ +extern const br_block_cbcdec_class br_aes_ct64_cbcdec_vtable; + +/** + * \brief Class instance for AES CTR encryption and decryption + * (`aes_ct64` implementation). + */ +extern const br_block_ctr_class br_aes_ct64_ctr_vtable; + +/** + * \brief Class instance for AES CTR encryption/decryption + CBC-MAC + * (`aes_ct64` implementation). + */ +extern const br_block_ctrcbc_class br_aes_ct64_ctrcbc_vtable; + +/** + * \brief Context initialisation (key schedule) for AES CBC encryption + * (`aes_ct64` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_ct64_cbcenc_init(br_aes_ct64_cbcenc_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CBC decryption + * (`aes_ct64` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_ct64_cbcdec_init(br_aes_ct64_cbcdec_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR encryption + * and decryption (`aes_ct64` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_ct64_ctr_init(br_aes_ct64_ctr_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC + * (`aes_ct64` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_ct64_ctrcbc_init(br_aes_ct64_ctrcbc_keys *ctx, + const void *key, size_t len); + +/** + * \brief CBC encryption with AES (`aes_ct64` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_ct64_cbcenc_run(const br_aes_ct64_cbcenc_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CBC decryption with AES (`aes_ct64` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_ct64_cbcdec_run(const br_aes_ct64_cbcdec_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CTR encryption and decryption with AES (`aes_ct64` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (constant, 12 bytes). + * \param cc initial block counter value. + * \param data data to decrypt (updated). + * \param len data length (in bytes). + * \return new block counter value. + */ +uint32_t br_aes_ct64_ctr_run(const br_aes_ct64_ctr_keys *ctx, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief CTR encryption + CBC-MAC with AES (`aes_ct64` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_ct64_ctrcbc_encrypt(const br_aes_ct64_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR decryption + CBC-MAC with AES (`aes_ct64` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_ct64_ctrcbc_decrypt(const br_aes_ct64_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR encryption/decryption with AES (`aes_ct64` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param data data to MAC (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_ct64_ctrcbc_ctr(const br_aes_ct64_ctrcbc_keys *ctx, + void *ctr, void *data, size_t len); + +/** + * \brief CBC-MAC with AES (`aes_ct64` implementation). + * + * \param ctx context (already initialised). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to MAC (unmodified). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_ct64_ctrcbc_mac(const br_aes_ct64_ctrcbc_keys *ctx, + void *cbcmac, const void *data, size_t len); + +/* + * AES implementation using AES-NI opcodes (x86 platform). + */ + +/** \brief AES block size (16 bytes). */ +#define br_aes_x86ni_BLOCK_SIZE 16 + +/** + * \brief Context for AES subkeys (`aes_x86ni` implementation, CBC encryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcenc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + union { + unsigned char skni[16 * 15]; + } skey; + unsigned num_rounds; +#endif +} br_aes_x86ni_cbcenc_keys; + +/** + * \brief Context for AES subkeys (`aes_x86ni` implementation, CBC decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcdec_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + union { + unsigned char skni[16 * 15]; + } skey; + unsigned num_rounds; +#endif +} br_aes_x86ni_cbcdec_keys; + +/** + * \brief Context for AES subkeys (`aes_x86ni` implementation, CTR encryption + * and decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctr_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + union { + unsigned char skni[16 * 15]; + } skey; + unsigned num_rounds; +#endif +} br_aes_x86ni_ctr_keys; + +/** + * \brief Context for AES subkeys (`aes_x86ni` implementation, CTR encryption + * and decryption + CBC-MAC). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctrcbc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + union { + unsigned char skni[16 * 15]; + } skey; + unsigned num_rounds; +#endif +} br_aes_x86ni_ctrcbc_keys; + +/** + * \brief Class instance for AES CBC encryption (`aes_x86ni` implementation). + * + * Since this implementation might be omitted from the library, or the + * AES opcode unavailable on the current CPU, a pointer to this class + * instance should be obtained through `br_aes_x86ni_cbcenc_get_vtable()`. + */ +extern const br_block_cbcenc_class br_aes_x86ni_cbcenc_vtable; + +/** + * \brief Class instance for AES CBC decryption (`aes_x86ni` implementation). + * + * Since this implementation might be omitted from the library, or the + * AES opcode unavailable on the current CPU, a pointer to this class + * instance should be obtained through `br_aes_x86ni_cbcdec_get_vtable()`. + */ +extern const br_block_cbcdec_class br_aes_x86ni_cbcdec_vtable; + +/** + * \brief Class instance for AES CTR encryption and decryption + * (`aes_x86ni` implementation). + * + * Since this implementation might be omitted from the library, or the + * AES opcode unavailable on the current CPU, a pointer to this class + * instance should be obtained through `br_aes_x86ni_ctr_get_vtable()`. + */ +extern const br_block_ctr_class br_aes_x86ni_ctr_vtable; + +/** + * \brief Class instance for AES CTR encryption/decryption + CBC-MAC + * (`aes_x86ni` implementation). + * + * Since this implementation might be omitted from the library, or the + * AES opcode unavailable on the current CPU, a pointer to this class + * instance should be obtained through `br_aes_x86ni_ctrcbc_get_vtable()`. + */ +extern const br_block_ctrcbc_class br_aes_x86ni_ctrcbc_vtable; + +/** + * \brief Context initialisation (key schedule) for AES CBC encryption + * (`aes_x86ni` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_x86ni_cbcenc_init(br_aes_x86ni_cbcenc_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CBC decryption + * (`aes_x86ni` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_x86ni_cbcdec_init(br_aes_x86ni_cbcdec_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR encryption + * and decryption (`aes_x86ni` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_x86ni_ctr_init(br_aes_x86ni_ctr_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC + * (`aes_x86ni` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_x86ni_ctrcbc_init(br_aes_x86ni_ctrcbc_keys *ctx, + const void *key, size_t len); + +/** + * \brief CBC encryption with AES (`aes_x86ni` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_x86ni_cbcenc_run(const br_aes_x86ni_cbcenc_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CBC decryption with AES (`aes_x86ni` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_x86ni_cbcdec_run(const br_aes_x86ni_cbcdec_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CTR encryption and decryption with AES (`aes_x86ni` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (constant, 12 bytes). + * \param cc initial block counter value. + * \param data data to decrypt (updated). + * \param len data length (in bytes). + * \return new block counter value. + */ +uint32_t br_aes_x86ni_ctr_run(const br_aes_x86ni_ctr_keys *ctx, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief CTR encryption + CBC-MAC with AES (`aes_x86ni` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_x86ni_ctrcbc_encrypt(const br_aes_x86ni_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR decryption + CBC-MAC with AES (`aes_x86ni` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_x86ni_ctrcbc_decrypt(const br_aes_x86ni_ctrcbc_keys *ctx, + void *ctr, void *cbcmac, void *data, size_t len); + +/** + * \brief CTR encryption/decryption with AES (`aes_x86ni` implementation). + * + * \param ctx context (already initialised). + * \param ctr counter for CTR (16 bytes, updated). + * \param data data to MAC (updated). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_x86ni_ctrcbc_ctr(const br_aes_x86ni_ctrcbc_keys *ctx, + void *ctr, void *data, size_t len); + +/** + * \brief CBC-MAC with AES (`aes_x86ni` implementation). + * + * \param ctx context (already initialised). + * \param cbcmac IV for CBC-MAC (updated). + * \param data data to MAC (unmodified). + * \param len data length (in bytes, MUST be a multiple of 16). + */ +void br_aes_x86ni_ctrcbc_mac(const br_aes_x86ni_ctrcbc_keys *ctx, + void *cbcmac, const void *data, size_t len); + +/** + * \brief Obtain the `aes_x86ni` AES-CBC (encryption) implementation, if + * available. + * + * This function returns a pointer to `br_aes_x86ni_cbcenc_vtable`, if + * that implementation was compiled in the library _and_ the x86 AES + * opcodes are available on the currently running CPU. If either of + * these conditions is not met, then this function returns `NULL`. + * + * \return the `aes_x86ni` AES-CBC (encryption) implementation, or `NULL`. + */ +const br_block_cbcenc_class *br_aes_x86ni_cbcenc_get_vtable(void); + +/** + * \brief Obtain the `aes_x86ni` AES-CBC (decryption) implementation, if + * available. + * + * This function returns a pointer to `br_aes_x86ni_cbcdec_vtable`, if + * that implementation was compiled in the library _and_ the x86 AES + * opcodes are available on the currently running CPU. If either of + * these conditions is not met, then this function returns `NULL`. + * + * \return the `aes_x86ni` AES-CBC (decryption) implementation, or `NULL`. + */ +const br_block_cbcdec_class *br_aes_x86ni_cbcdec_get_vtable(void); + +/** + * \brief Obtain the `aes_x86ni` AES-CTR implementation, if available. + * + * This function returns a pointer to `br_aes_x86ni_ctr_vtable`, if + * that implementation was compiled in the library _and_ the x86 AES + * opcodes are available on the currently running CPU. If either of + * these conditions is not met, then this function returns `NULL`. + * + * \return the `aes_x86ni` AES-CTR implementation, or `NULL`. + */ +const br_block_ctr_class *br_aes_x86ni_ctr_get_vtable(void); + +/** + * \brief Obtain the `aes_x86ni` AES-CTR + CBC-MAC implementation, if + * available. + * + * This function returns a pointer to `br_aes_x86ni_ctrcbc_vtable`, if + * that implementation was compiled in the library _and_ the x86 AES + * opcodes are available on the currently running CPU. If either of + * these conditions is not met, then this function returns `NULL`. + * + * \return the `aes_x86ni` AES-CTR implementation, or `NULL`. + */ +const br_block_ctrcbc_class *br_aes_x86ni_ctrcbc_get_vtable(void); + +/* + * AES implementation using POWER8 opcodes. + */ + +/** \brief AES block size (16 bytes). */ +#define br_aes_pwr8_BLOCK_SIZE 16 + +/** + * \brief Context for AES subkeys (`aes_pwr8` implementation, CBC encryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcenc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + union { + unsigned char skni[16 * 15]; + } skey; + unsigned num_rounds; +#endif +} br_aes_pwr8_cbcenc_keys; + +/** + * \brief Context for AES subkeys (`aes_pwr8` implementation, CBC decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcdec_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + union { + unsigned char skni[16 * 15]; + } skey; + unsigned num_rounds; +#endif +} br_aes_pwr8_cbcdec_keys; + +/** + * \brief Context for AES subkeys (`aes_pwr8` implementation, CTR encryption + * and decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_ctr_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + union { + unsigned char skni[16 * 15]; + } skey; + unsigned num_rounds; +#endif +} br_aes_pwr8_ctr_keys; + +/** + * \brief Class instance for AES CBC encryption (`aes_pwr8` implementation). + * + * Since this implementation might be omitted from the library, or the + * AES opcode unavailable on the current CPU, a pointer to this class + * instance should be obtained through `br_aes_pwr8_cbcenc_get_vtable()`. + */ +extern const br_block_cbcenc_class br_aes_pwr8_cbcenc_vtable; + +/** + * \brief Class instance for AES CBC decryption (`aes_pwr8` implementation). + * + * Since this implementation might be omitted from the library, or the + * AES opcode unavailable on the current CPU, a pointer to this class + * instance should be obtained through `br_aes_pwr8_cbcdec_get_vtable()`. + */ +extern const br_block_cbcdec_class br_aes_pwr8_cbcdec_vtable; + +/** + * \brief Class instance for AES CTR encryption and decryption + * (`aes_pwr8` implementation). + * + * Since this implementation might be omitted from the library, or the + * AES opcode unavailable on the current CPU, a pointer to this class + * instance should be obtained through `br_aes_pwr8_ctr_get_vtable()`. + */ +extern const br_block_ctr_class br_aes_pwr8_ctr_vtable; + +/** + * \brief Context initialisation (key schedule) for AES CBC encryption + * (`aes_pwr8` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_pwr8_cbcenc_init(br_aes_pwr8_cbcenc_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CBC decryption + * (`aes_pwr8` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_pwr8_cbcdec_init(br_aes_pwr8_cbcdec_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for AES CTR encryption + * and decryption (`aes_pwr8` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_aes_pwr8_ctr_init(br_aes_pwr8_ctr_keys *ctx, + const void *key, size_t len); + +/** + * \brief CBC encryption with AES (`aes_pwr8` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_pwr8_cbcenc_run(const br_aes_pwr8_cbcenc_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CBC decryption with AES (`aes_pwr8` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be multiple of 16). + */ +void br_aes_pwr8_cbcdec_run(const br_aes_pwr8_cbcdec_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CTR encryption and decryption with AES (`aes_pwr8` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (constant, 12 bytes). + * \param cc initial block counter value. + * \param data data to decrypt (updated). + * \param len data length (in bytes). + * \return new block counter value. + */ +uint32_t br_aes_pwr8_ctr_run(const br_aes_pwr8_ctr_keys *ctx, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief Obtain the `aes_pwr8` AES-CBC (encryption) implementation, if + * available. + * + * This function returns a pointer to `br_aes_pwr8_cbcenc_vtable`, if + * that implementation was compiled in the library _and_ the POWER8 + * crypto opcodes are available on the currently running CPU. If either + * of these conditions is not met, then this function returns `NULL`. + * + * \return the `aes_pwr8` AES-CBC (encryption) implementation, or `NULL`. + */ +const br_block_cbcenc_class *br_aes_pwr8_cbcenc_get_vtable(void); + +/** + * \brief Obtain the `aes_pwr8` AES-CBC (decryption) implementation, if + * available. + * + * This function returns a pointer to `br_aes_pwr8_cbcdec_vtable`, if + * that implementation was compiled in the library _and_ the POWER8 + * crypto opcodes are available on the currently running CPU. If either + * of these conditions is not met, then this function returns `NULL`. + * + * \return the `aes_pwr8` AES-CBC (decryption) implementation, or `NULL`. + */ +const br_block_cbcdec_class *br_aes_pwr8_cbcdec_get_vtable(void); + +/** + * \brief Obtain the `aes_pwr8` AES-CTR implementation, if available. + * + * This function returns a pointer to `br_aes_pwr8_ctr_vtable`, if that + * implementation was compiled in the library _and_ the POWER8 crypto + * opcodes are available on the currently running CPU. If either of + * these conditions is not met, then this function returns `NULL`. + * + * \return the `aes_pwr8` AES-CTR implementation, or `NULL`. + */ +const br_block_ctr_class *br_aes_pwr8_ctr_get_vtable(void); + +/** + * \brief Aggregate structure large enough to be used as context for + * subkeys (CBC encryption) for all AES implementations. + */ +typedef union { + const br_block_cbcenc_class *vtable; + br_aes_big_cbcenc_keys c_big; + br_aes_small_cbcenc_keys c_small; + br_aes_ct_cbcenc_keys c_ct; + br_aes_ct64_cbcenc_keys c_ct64; + br_aes_x86ni_cbcenc_keys c_x86ni; + br_aes_pwr8_cbcenc_keys c_pwr8; +} br_aes_gen_cbcenc_keys; + +/** + * \brief Aggregate structure large enough to be used as context for + * subkeys (CBC decryption) for all AES implementations. + */ +typedef union { + const br_block_cbcdec_class *vtable; + br_aes_big_cbcdec_keys c_big; + br_aes_small_cbcdec_keys c_small; + br_aes_ct_cbcdec_keys c_ct; + br_aes_ct64_cbcdec_keys c_ct64; + br_aes_x86ni_cbcdec_keys c_x86ni; + br_aes_pwr8_cbcdec_keys c_pwr8; +} br_aes_gen_cbcdec_keys; + +/** + * \brief Aggregate structure large enough to be used as context for + * subkeys (CTR encryption and decryption) for all AES implementations. + */ +typedef union { + const br_block_ctr_class *vtable; + br_aes_big_ctr_keys c_big; + br_aes_small_ctr_keys c_small; + br_aes_ct_ctr_keys c_ct; + br_aes_ct64_ctr_keys c_ct64; + br_aes_x86ni_ctr_keys c_x86ni; + br_aes_pwr8_ctr_keys c_pwr8; +} br_aes_gen_ctr_keys; + +/** + * \brief Aggregate structure large enough to be used as context for + * subkeys (CTR encryption/decryption + CBC-MAC) for all AES implementations. + */ +typedef union { + const br_block_ctrcbc_class *vtable; + br_aes_big_ctrcbc_keys c_big; + br_aes_small_ctrcbc_keys c_small; + br_aes_ct_ctrcbc_keys c_ct; + br_aes_ct64_ctrcbc_keys c_ct64; + /* FIXME + br_aes_x86ni_ctrcbc_keys c_x86ni; + br_aes_pwr8_ctrcbc_keys c_pwr8; + */ +} br_aes_gen_ctrcbc_keys; + +/* + * Traditional, table-based implementation for DES/3DES. Since tables are + * used, cache-timing attacks are conceptually possible. + */ + +/** \brief DES/3DES block size (8 bytes). */ +#define br_des_tab_BLOCK_SIZE 8 + +/** + * \brief Context for DES subkeys (`des_tab` implementation, CBC encryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcenc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[96]; + unsigned num_rounds; +#endif +} br_des_tab_cbcenc_keys; + +/** + * \brief Context for DES subkeys (`des_tab` implementation, CBC decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcdec_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[96]; + unsigned num_rounds; +#endif +} br_des_tab_cbcdec_keys; + +/** + * \brief Class instance for DES CBC encryption (`des_tab` implementation). + */ +extern const br_block_cbcenc_class br_des_tab_cbcenc_vtable; + +/** + * \brief Class instance for DES CBC decryption (`des_tab` implementation). + */ +extern const br_block_cbcdec_class br_des_tab_cbcdec_vtable; + +/** + * \brief Context initialisation (key schedule) for DES CBC encryption + * (`des_tab` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_des_tab_cbcenc_init(br_des_tab_cbcenc_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for DES CBC decryption + * (`des_tab` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_des_tab_cbcdec_init(br_des_tab_cbcdec_keys *ctx, + const void *key, size_t len); + +/** + * \brief CBC encryption with DES (`des_tab` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be multiple of 8). + */ +void br_des_tab_cbcenc_run(const br_des_tab_cbcenc_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CBC decryption with DES (`des_tab` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be multiple of 8). + */ +void br_des_tab_cbcdec_run(const br_des_tab_cbcdec_keys *ctx, void *iv, + void *data, size_t len); + +/* + * Constant-time implementation for DES/3DES. It is substantially slower + * (by a factor of about 4x), but also immune to cache-timing attacks. + */ + +/** \brief DES/3DES block size (8 bytes). */ +#define br_des_ct_BLOCK_SIZE 8 + +/** + * \brief Context for DES subkeys (`des_ct` implementation, CBC encryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcenc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[96]; + unsigned num_rounds; +#endif +} br_des_ct_cbcenc_keys; + +/** + * \brief Context for DES subkeys (`des_ct` implementation, CBC decryption). + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** \brief Pointer to vtable for this context. */ + const br_block_cbcdec_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint32_t skey[96]; + unsigned num_rounds; +#endif +} br_des_ct_cbcdec_keys; + +/** + * \brief Class instance for DES CBC encryption (`des_ct` implementation). + */ +extern const br_block_cbcenc_class br_des_ct_cbcenc_vtable; + +/** + * \brief Class instance for DES CBC decryption (`des_ct` implementation). + */ +extern const br_block_cbcdec_class br_des_ct_cbcdec_vtable; + +/** + * \brief Context initialisation (key schedule) for DES CBC encryption + * (`des_ct` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_des_ct_cbcenc_init(br_des_ct_cbcenc_keys *ctx, + const void *key, size_t len); + +/** + * \brief Context initialisation (key schedule) for DES CBC decryption + * (`des_ct` implementation). + * + * \param ctx context to initialise. + * \param key secret key. + * \param len secret key length (in bytes). + */ +void br_des_ct_cbcdec_init(br_des_ct_cbcdec_keys *ctx, + const void *key, size_t len); + +/** + * \brief CBC encryption with DES (`des_ct` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to encrypt (updated). + * \param len data length (in bytes, MUST be multiple of 8). + */ +void br_des_ct_cbcenc_run(const br_des_ct_cbcenc_keys *ctx, void *iv, + void *data, size_t len); + +/** + * \brief CBC decryption with DES (`des_ct` implementation). + * + * \param ctx context (already initialised). + * \param iv IV (updated). + * \param data data to decrypt (updated). + * \param len data length (in bytes, MUST be multiple of 8). + */ +void br_des_ct_cbcdec_run(const br_des_ct_cbcdec_keys *ctx, void *iv, + void *data, size_t len); + +/* + * These structures are large enough to accommodate subkeys for all + * DES/3DES implementations. + */ + +/** + * \brief Aggregate structure large enough to be used as context for + * subkeys (CBC encryption) for all DES implementations. + */ +typedef union { + const br_block_cbcenc_class *vtable; + br_des_tab_cbcenc_keys tab; + br_des_ct_cbcenc_keys ct; +} br_des_gen_cbcenc_keys; + +/** + * \brief Aggregate structure large enough to be used as context for + * subkeys (CBC decryption) for all DES implementations. + */ +typedef union { + const br_block_cbcdec_class *vtable; + br_des_tab_cbcdec_keys c_tab; + br_des_ct_cbcdec_keys c_ct; +} br_des_gen_cbcdec_keys; + +/** + * \brief Type for a ChaCha20 implementation. + * + * An implementation follows the description in RFC 7539: + * + * - Key is 256 bits (`key` points to exactly 32 bytes). + * + * - IV is 96 bits (`iv` points to exactly 12 bytes). + * + * - Block counter is over 32 bits and starts at value `cc`; the + * resulting value is returned. + * + * Data (pointed to by `data`, of length `len`) is encrypted/decrypted + * in place. If `len` is not a multiple of 64, then the excess bytes from + * the last block processing are dropped (therefore, "chunked" processing + * works only as long as each non-final chunk has a length multiple of 64). + * + * \param key secret key (32 bytes). + * \param iv IV (12 bytes). + * \param cc initial counter value. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +typedef uint32_t (*br_chacha20_run)(const void *key, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief ChaCha20 implementation (straightforward C code, constant-time). + * + * \see br_chacha20_run + * + * \param key secret key (32 bytes). + * \param iv IV (12 bytes). + * \param cc initial counter value. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +uint32_t br_chacha20_ct_run(const void *key, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief ChaCha20 implementation (SSE2 code, constant-time). + * + * This implementation is available only on x86 platforms, depending on + * compiler support. Moreover, in 32-bit mode, it might not actually run, + * if the underlying hardware does not implement the SSE2 opcode (in + * 64-bit mode, SSE2 is part of the ABI, so if the code could be compiled + * at all, then it can run). Use `br_chacha20_sse2_get()` to safely obtain + * a pointer to that function. + * + * \see br_chacha20_run + * + * \param key secret key (32 bytes). + * \param iv IV (12 bytes). + * \param cc initial counter value. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +uint32_t br_chacha20_sse2_run(const void *key, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief Obtain the `sse2` ChaCha20 implementation, if available. + * + * This function returns a pointer to `br_chacha20_sse2_run`, if + * that implementation was compiled in the library _and_ the SSE2 + * opcodes are available on the currently running CPU. If either of + * these conditions is not met, then this function returns `0`. + * + * \return the `sse2` ChaCha20 implementation, or `0`. + */ +br_chacha20_run br_chacha20_sse2_get(void); + +/** + * \brief Type for a ChaCha20+Poly1305 AEAD implementation. + * + * The provided data is encrypted or decrypted with ChaCha20. The + * authentication tag is computed on the concatenation of the + * additional data and the ciphertext, with the padding and lengths + * as described in RFC 7539 (section 2.8). + * + * After decryption, the caller is responsible for checking that the + * computed tag matches the expected value. + * + * \param key secret key (32 bytes). + * \param iv nonce (12 bytes). + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \param aad additional authenticated data. + * \param aad_len length of additional authenticated data (in bytes). + * \param tag output buffer for the authentication tag. + * \param ichacha implementation of ChaCha20. + * \param encrypt non-zero for encryption, zero for decryption. + */ +typedef void (*br_poly1305_run)(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt); + +/** + * \brief ChaCha20+Poly1305 AEAD implementation (mixed 32-bit multiplications). + * + * \see br_poly1305_run + * + * \param key secret key (32 bytes). + * \param iv nonce (12 bytes). + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \param aad additional authenticated data. + * \param aad_len length of additional authenticated data (in bytes). + * \param tag output buffer for the authentication tag. + * \param ichacha implementation of ChaCha20. + * \param encrypt non-zero for encryption, zero for decryption. + */ +void br_poly1305_ctmul_run(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt); + +/** + * \brief ChaCha20+Poly1305 AEAD implementation (pure 32-bit multiplications). + * + * \see br_poly1305_run + * + * \param key secret key (32 bytes). + * \param iv nonce (12 bytes). + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \param aad additional authenticated data. + * \param aad_len length of additional authenticated data (in bytes). + * \param tag output buffer for the authentication tag. + * \param ichacha implementation of ChaCha20. + * \param encrypt non-zero for encryption, zero for decryption. + */ +void br_poly1305_ctmul32_run(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt); + +/** + * \brief ChaCha20+Poly1305 AEAD implementation (i15). + * + * This implementation relies on the generic big integer code "i15" + * (which uses pure 32-bit multiplications). As such, it may save a + * little code footprint in a context where "i15" is already included + * (e.g. for elliptic curves or for RSA); however, it is also + * substantially slower than the ctmul and ctmul32 implementations. + * + * \see br_poly1305_run + * + * \param key secret key (32 bytes). + * \param iv nonce (12 bytes). + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \param aad additional authenticated data. + * \param aad_len length of additional authenticated data (in bytes). + * \param tag output buffer for the authentication tag. + * \param ichacha implementation of ChaCha20. + * \param encrypt non-zero for encryption, zero for decryption. + */ +void br_poly1305_i15_run(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt); + +/** + * \brief ChaCha20+Poly1305 AEAD implementation (ctmulq). + * + * This implementation uses 64-bit multiplications (result over 128 bits). + * It is available only on platforms that offer such a primitive (in + * practice, 64-bit architectures). Use `br_poly1305_ctmulq_get()` to + * dynamically obtain a pointer to that function, or 0 if not supported. + * + * \see br_poly1305_run + * + * \param key secret key (32 bytes). + * \param iv nonce (12 bytes). + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \param aad additional authenticated data. + * \param aad_len length of additional authenticated data (in bytes). + * \param tag output buffer for the authentication tag. + * \param ichacha implementation of ChaCha20. + * \param encrypt non-zero for encryption, zero for decryption. + */ +void br_poly1305_ctmulq_run(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt); + +/** + * \brief Get the ChaCha20+Poly1305 "ctmulq" implementation, if available. + * + * This function returns a pointer to the `br_poly1305_ctmulq_run()` + * function if supported on the current platform; otherwise, it returns 0. + * + * \return the ctmulq ChaCha20+Poly1305 implementation, or 0. + */ +br_poly1305_run br_poly1305_ctmulq_get(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_ec.h b/tools/sdk/include/bearssl/bearssl_ec.h new file mode 100644 index 0000000000..533296dcac --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_ec.h @@ -0,0 +1,804 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_EC_H__ +#define BR_BEARSSL_EC_H__ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_ec.h + * + * # Elliptic Curves + * + * This file documents the EC implementations provided with BearSSL, and + * ECDSA. + * + * ## Elliptic Curve API + * + * Only "named curves" are supported. Each EC implementation supports + * one or several named curves, identified by symbolic identifiers. + * These identifiers are small integers, that correspond to the values + * registered by the + * [IANA](http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8). + * + * Since all currently defined elliptic curve identifiers are in the 0..31 + * range, it is convenient to encode support of some curves in a 32-bit + * word, such that bit x corresponds to curve of identifier x. + * + * An EC implementation is incarnated by a `br_ec_impl` instance, that + * offers the following fields: + * + * - `supported_curves` + * + * A 32-bit word that documents the identifiers of the curves supported + * by this implementation. + * + * - `generator()` + * + * Callback method that returns a pointer to the conventional generator + * point for that curve. + * + * - `order()` + * + * Callback method that returns a pointer to the subgroup order for + * that curve. That value uses unsigned big-endian encoding. + * + * - `xoff()` + * + * Callback method that returns the offset and length of the X + * coordinate in an encoded point. + * + * - `mul()` + * + * Multiply a curve point with an integer. + * + * - `mulgen()` + * + * Multiply the curve generator with an integer. This may be faster + * than the generic `mul()`. + * + * - `muladd()` + * + * Multiply two curve points by two integers, and return the sum of + * the two products. + * + * All curve points are represented in uncompressed format. The `mul()` + * and `muladd()` methods take care to validate that the provided points + * are really part of the relevant curve subgroup. + * + * For all point multiplication functions, the following holds: + * + * - Functions validate that the provided points are valid members + * of the relevant curve subgroup. An error is reported if that is + * not the case. + * + * - Processing is constant-time, even if the point operands are not + * valid. This holds for both the source and resulting points, and + * the multipliers (integers). Only the byte length of the provided + * multiplier arrays (not their actual value length in bits) may + * leak through timing-based side channels. + * + * - The multipliers (integers) MUST be lower than the subgroup order. + * If this property is not met, then the result is indeterminate, + * but an error value is not ncessearily returned. + * + * + * ## ECDSA + * + * ECDSA signatures have two standard formats, called "raw" and "asn1". + * Internally, such a signature is a pair of modular integers `(r,s)`. + * The "raw" format is the concatenation of the unsigned big-endian + * encodings of these two integers, possibly left-padded with zeros so + * that they have the same encoded length. The "asn1" format is the + * DER encoding of an ASN.1 structure that contains the two integer + * values: + * + * ECDSASignature ::= SEQUENCE { + * r INTEGER, + * s INTEGER + * } + * + * In general, in all of X.509 and SSL/TLS, the "asn1" format is used. + * BearSSL offers ECDSA implementations for both formats; conversion + * functions between the two formats are also provided. Conversion of a + * "raw" format signature into "asn1" may enlarge a signature by no more + * than 9 bytes for all supported curves; conversely, conversion of an + * "asn1" signature to "raw" may expand the signature but the "raw" + * length will never be more than twice the length of the "asn1" length + * (and usually it will be shorter). + * + * Note that for a given signature, the "raw" format is not fully + * deterministic, in that it does not enforce a minimal common length. + */ + +/* + * Standard curve ID. These ID are equal to the assigned numerical + * identifiers assigned to these curves for TLS: + * http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + */ + +/** \brief Identifier for named curve sect163k1. */ +#define BR_EC_sect163k1 1 + +/** \brief Identifier for named curve sect163r1. */ +#define BR_EC_sect163r1 2 + +/** \brief Identifier for named curve sect163r2. */ +#define BR_EC_sect163r2 3 + +/** \brief Identifier for named curve sect193r1. */ +#define BR_EC_sect193r1 4 + +/** \brief Identifier for named curve sect193r2. */ +#define BR_EC_sect193r2 5 + +/** \brief Identifier for named curve sect233k1. */ +#define BR_EC_sect233k1 6 + +/** \brief Identifier for named curve sect233r1. */ +#define BR_EC_sect233r1 7 + +/** \brief Identifier for named curve sect239k1. */ +#define BR_EC_sect239k1 8 + +/** \brief Identifier for named curve sect283k1. */ +#define BR_EC_sect283k1 9 + +/** \brief Identifier for named curve sect283r1. */ +#define BR_EC_sect283r1 10 + +/** \brief Identifier for named curve sect409k1. */ +#define BR_EC_sect409k1 11 + +/** \brief Identifier for named curve sect409r1. */ +#define BR_EC_sect409r1 12 + +/** \brief Identifier for named curve sect571k1. */ +#define BR_EC_sect571k1 13 + +/** \brief Identifier for named curve sect571r1. */ +#define BR_EC_sect571r1 14 + +/** \brief Identifier for named curve secp160k1. */ +#define BR_EC_secp160k1 15 + +/** \brief Identifier for named curve secp160r1. */ +#define BR_EC_secp160r1 16 + +/** \brief Identifier for named curve secp160r2. */ +#define BR_EC_secp160r2 17 + +/** \brief Identifier for named curve secp192k1. */ +#define BR_EC_secp192k1 18 + +/** \brief Identifier for named curve secp192r1. */ +#define BR_EC_secp192r1 19 + +/** \brief Identifier for named curve secp224k1. */ +#define BR_EC_secp224k1 20 + +/** \brief Identifier for named curve secp224r1. */ +#define BR_EC_secp224r1 21 + +/** \brief Identifier for named curve secp256k1. */ +#define BR_EC_secp256k1 22 + +/** \brief Identifier for named curve secp256r1. */ +#define BR_EC_secp256r1 23 + +/** \brief Identifier for named curve secp384r1. */ +#define BR_EC_secp384r1 24 + +/** \brief Identifier for named curve secp521r1. */ +#define BR_EC_secp521r1 25 + +/** \brief Identifier for named curve brainpoolP256r1. */ +#define BR_EC_brainpoolP256r1 26 + +/** \brief Identifier for named curve brainpoolP384r1. */ +#define BR_EC_brainpoolP384r1 27 + +/** \brief Identifier for named curve brainpoolP512r1. */ +#define BR_EC_brainpoolP512r1 28 + +/** \brief Identifier for named curve Curve25519. */ +#define BR_EC_curve25519 29 + +/** \brief Identifier for named curve Curve448. */ +#define BR_EC_curve448 30 + +/** + * \brief Structure for an EC public key. + */ +typedef struct { + /** \brief Identifier for the curve used by this key. */ + int curve; + /** \brief Public curve point (uncompressed format). */ + unsigned char *q; + /** \brief Length of public curve point (in bytes). */ + size_t qlen; +} br_ec_public_key; + +/** + * \brief Structure for an EC private key. + * + * The private key is an integer modulo the curve subgroup order. The + * encoding below tolerates extra leading zeros. In general, it is + * recommended that the private key has the same length as the curve + * subgroup order. + */ +typedef struct { + /** \brief Identifier for the curve used by this key. */ + int curve; + /** \brief Private key (integer, unsigned big-endian encoding). */ + unsigned char *x; + /** \brief Private key length (in bytes). */ + size_t xlen; +} br_ec_private_key; + +/** + * \brief Type for an EC implementation. + */ +typedef struct { + /** + * \brief Supported curves. + * + * This word is a bitfield: bit `x` is set if the curve of ID `x` + * is supported. E.g. an implementation supporting both NIST P-256 + * (secp256r1, ID 23) and NIST P-384 (secp384r1, ID 24) will have + * value `0x01800000` in this field. + */ + uint32_t supported_curves; + + /** + * \brief Get the conventional generator. + * + * This function returns the conventional generator (encoded + * curve point) for the specified curve. This function MUST NOT + * be called if the curve is not supported. + * + * \param curve curve identifier. + * \param len receiver for the encoded generator length (in bytes). + * \return the encoded generator. + */ + const unsigned char *(*generator)(int curve, size_t *len); + + /** + * \brief Get the subgroup order. + * + * This function returns the order of the subgroup generated by + * the conventional generator, for the specified curve. Unsigned + * big-endian encoding is used. This function MUST NOT be called + * if the curve is not supported. + * + * \param curve curve identifier. + * \param len receiver for the encoded order length (in bytes). + * \return the encoded order. + */ + const unsigned char *(*order)(int curve, size_t *len); + + /** + * \brief Get the offset and length for the X coordinate. + * + * This function returns the offset and length (in bytes) of + * the X coordinate in an encoded non-zero point. + * + * \param curve curve identifier. + * \param len receiver for the X coordinate length (in bytes). + * \return the offset for the X coordinate (in bytes). + */ + size_t (*xoff)(int curve, size_t *len); + + /** + * \brief Multiply a curve point by an integer. + * + * The source point is provided in array `G` (of size `Glen` bytes); + * the multiplication result is written over it. The multiplier + * `x` (of size `xlen` bytes) uses unsigned big-endian encoding. + * + * Rules: + * + * - The specified curve MUST be supported. + * + * - The source point must be a valid point on the relevant curve + * subgroup (and not the "point at infinity" either). If this is + * not the case, then this function returns an error (0). + * + * - The multiplier integer MUST be non-zero and less than the + * curve subgroup order. If this property does not hold, then + * the result is indeterminate and an error code is not + * guaranteed. + * + * Returned value is 1 on success, 0 on error. On error, the + * contents of `G` are indeterminate. + * + * \param G point to multiply. + * \param Glen length of the encoded point (in bytes). + * \param x multiplier (unsigned big-endian). + * \param xlen multiplier length (in bytes). + * \param curve curve identifier. + * \return 1 on success, 0 on error. + */ + uint32_t (*mul)(unsigned char *G, size_t Glen, + const unsigned char *x, size_t xlen, int curve); + + /** + * \brief Multiply the generator by an integer. + * + * The multiplier MUST be non-zero and less than the curve + * subgroup order. Results are indeterminate if this property + * does not hold. + * + * \param R output buffer for the point. + * \param x multiplier (unsigned big-endian). + * \param xlen multiplier length (in bytes). + * \param curve curve identifier. + * \return encoded result point length (in bytes). + */ + size_t (*mulgen)(unsigned char *R, + const unsigned char *x, size_t xlen, int curve); + + /** + * \brief Multiply two points by two integers and add the + * results. + * + * The point `x*A + y*B` is computed and written back in the `A` + * array. + * + * Rules: + * + * - The specified curve MUST be supported. + * + * - The source points (`A` and `B`) must be valid points on + * the relevant curve subgroup (and not the "point at + * infinity" either). If this is not the case, then this + * function returns an error (0). + * + * - If the `B` pointer is `NULL`, then the conventional + * subgroup generator is used. With some implementations, + * this may be faster than providing a pointer to the + * generator. + * + * - The multiplier integers (`x` and `y`) MUST be non-zero + * and less than the curve subgroup order. If either integer + * is zero, then an error is reported, but if one of them is + * not lower than the subgroup order, then the result is + * indeterminate and an error code is not guaranteed. + * + * - If the final result is the point at infinity, then an + * error is returned. + * + * Returned value is 1 on success, 0 on error. On error, the + * contents of `A` are indeterminate. + * + * \param A first point to multiply. + * \param B second point to multiply (`NULL` for the generator). + * \param len common length of the encoded points (in bytes). + * \param x multiplier for `A` (unsigned big-endian). + * \param xlen length of multiplier for `A` (in bytes). + * \param y multiplier for `A` (unsigned big-endian). + * \param ylen length of multiplier for `A` (in bytes). + * \param curve curve identifier. + * \return 1 on success, 0 on error. + */ + uint32_t (*muladd)(unsigned char *A, const unsigned char *B, size_t len, + const unsigned char *x, size_t xlen, + const unsigned char *y, size_t ylen, int curve); +} br_ec_impl; + +/** + * \brief EC implementation "i31". + * + * This implementation internally uses generic code for modular integers, + * with a representation as sequences of 31-bit words. It supports secp256r1, + * secp384r1 and secp521r1 (aka NIST curves P-256, P-384 and P-521). + */ +extern const br_ec_impl br_ec_prime_i31; + +/** + * \brief EC implementation "i15". + * + * This implementation internally uses generic code for modular integers, + * with a representation as sequences of 15-bit words. It supports secp256r1, + * secp384r1 and secp521r1 (aka NIST curves P-256, P-384 and P-521). + */ +extern const br_ec_impl br_ec_prime_i15; + +/** + * \brief EC implementation "m15" for P-256. + * + * This implementation uses specialised code for curve secp256r1 (also + * known as NIST P-256), with optional Karatsuba decomposition, and fast + * modular reduction thanks to the field modulus special format. Only + * 32-bit multiplications are used (with 32-bit results, not 64-bit). + */ +extern const br_ec_impl br_ec_p256_m15; + +/** + * \brief EC implementation "m31" for P-256. + * + * This implementation uses specialised code for curve secp256r1 (also + * known as NIST P-256), relying on multiplications of 31-bit values + * (MUL31). + */ +extern const br_ec_impl br_ec_p256_m31; + +/** + * \brief EC implementation "i15" (generic code) for Curve25519. + * + * This implementation uses the generic code for modular integers (with + * 15-bit words) to support Curve25519. Due to the specificities of the + * curve definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_i15; + +/** + * \brief EC implementation "i31" (generic code) for Curve25519. + * + * This implementation uses the generic code for modular integers (with + * 31-bit words) to support Curve25519. Due to the specificities of the + * curve definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_i31; + +/** + * \brief EC implementation "m15" (specialised code) for Curve25519. + * + * This implementation uses custom code relying on multiplication of + * integers up to 15 bits. Due to the specificities of the curve + * definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_m15; + +/** + * \brief EC implementation "m31" (specialised code) for Curve25519. + * + * This implementation uses custom code relying on multiplication of + * integers up to 31 bits. Due to the specificities of the curve + * definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_m31; + +/** + * \brief Aggregate EC implementation "m15". + * + * This implementation is a wrapper for: + * + * - `br_ec_c25519_m15` for Curve25519 + * - `br_ec_p256_m15` for NIST P-256 + * - `br_ec_prime_i15` for other curves (NIST P-384 and NIST-P512) + */ +extern const br_ec_impl br_ec_all_m15; + +/** + * \brief Aggregate EC implementation "m31". + * + * This implementation is a wrapper for: + * + * - `br_ec_c25519_m31` for Curve25519 + * - `br_ec_p256_m31` for NIST P-256 + * - `br_ec_prime_i31` for other curves (NIST P-384 and NIST-P512) + */ +extern const br_ec_impl br_ec_all_m31; + +/** + * \brief Get the "default" EC implementation for the current system. + * + * This returns a pointer to the preferred implementation on the + * current system. + * + * \return the default EC implementation. + */ +const br_ec_impl *br_ec_get_default(void); + +/** + * \brief Convert a signature from "raw" to "asn1". + * + * Conversion is done "in place" and the new length is returned. + * Conversion may enlarge the signature, but by no more than 9 bytes at + * most. On error, 0 is returned (error conditions include an odd raw + * signature length, or an oversized integer). + * + * \param sig signature to convert. + * \param sig_len signature length (in bytes). + * \return the new signature length, or 0 on error. + */ +size_t br_ecdsa_raw_to_asn1(void *sig, size_t sig_len); + +/** + * \brief Convert a signature from "asn1" to "raw". + * + * Conversion is done "in place" and the new length is returned. + * Conversion may enlarge the signature, but the new signature length + * will be less than twice the source length at most. On error, 0 is + * returned (error conditions include an invalid ASN.1 structure or an + * oversized integer). + * + * \param sig signature to convert. + * \param sig_len signature length (in bytes). + * \return the new signature length, or 0 on error. + */ +size_t br_ecdsa_asn1_to_raw(void *sig, size_t sig_len); + +/** + * \brief Type for an ECDSA signer function. + * + * A pointer to the EC implementation is provided. The hash value is + * assumed to have the length inferred from the designated hash function + * class. + * + * Signature is written in the buffer pointed to by `sig`, and the length + * (in bytes) is returned. On error, nothing is written in the buffer, + * and 0 is returned. This function returns 0 if the specified curve is + * not supported by the provided EC implementation. + * + * The signature format is either "raw" or "asn1", depending on the + * implementation; maximum length is predictable from the implemented + * curve: + * + * | curve | raw | asn1 | + * | :--------- | --: | ---: | + * | NIST P-256 | 64 | 72 | + * | NIST P-384 | 96 | 104 | + * | NIST P-521 | 132 | 139 | + * + * \param impl EC implementation to use. + * \param hf hash function used to process the data. + * \param hash_value signed data (hashed). + * \param sk EC private key. + * \param sig destination buffer. + * \return the signature length (in bytes), or 0 on error. + */ +typedef size_t (*br_ecdsa_sign)(const br_ec_impl *impl, + const br_hash_class *hf, const void *hash_value, + const br_ec_private_key *sk, void *sig); + +/** + * \brief Type for an ECDSA signature verification function. + * + * A pointer to the EC implementation is provided. The hashed value, + * computed over the purportedly signed data, is also provided with + * its length. + * + * The signature format is either "raw" or "asn1", depending on the + * implementation. + * + * Returned value is 1 on success (valid signature), 0 on error. This + * function returns 0 if the specified curve is not supported by the + * provided EC implementation. + * + * \param impl EC implementation to use. + * \param hash signed data (hashed). + * \param hash_len hash value length (in bytes). + * \param pk EC public key. + * \param sig signature. + * \param sig_len signature length (in bytes). + * \return 1 on success, 0 on error. + */ +typedef uint32_t (*br_ecdsa_vrfy)(const br_ec_impl *impl, + const void *hash, size_t hash_len, + const br_ec_public_key *pk, const void *sig, size_t sig_len); + +/** + * \brief ECDSA signature generator, "i31" implementation, "asn1" format. + * + * \see br_ecdsa_sign() + * + * \param impl EC implementation to use. + * \param hf hash function used to process the data. + * \param hash_value signed data (hashed). + * \param sk EC private key. + * \param sig destination buffer. + * \return the signature length (in bytes), or 0 on error. + */ +size_t br_ecdsa_i31_sign_asn1(const br_ec_impl *impl, + const br_hash_class *hf, const void *hash_value, + const br_ec_private_key *sk, void *sig); + +/** + * \brief ECDSA signature generator, "i31" implementation, "raw" format. + * + * \see br_ecdsa_sign() + * + * \param impl EC implementation to use. + * \param hf hash function used to process the data. + * \param hash_value signed data (hashed). + * \param sk EC private key. + * \param sig destination buffer. + * \return the signature length (in bytes), or 0 on error. + */ +size_t br_ecdsa_i31_sign_raw(const br_ec_impl *impl, + const br_hash_class *hf, const void *hash_value, + const br_ec_private_key *sk, void *sig); + +/** + * \brief ECDSA signature verifier, "i31" implementation, "asn1" format. + * + * \see br_ecdsa_vrfy() + * + * \param impl EC implementation to use. + * \param hash signed data (hashed). + * \param hash_len hash value length (in bytes). + * \param pk EC public key. + * \param sig signature. + * \param sig_len signature length (in bytes). + * \return 1 on success, 0 on error. + */ +uint32_t br_ecdsa_i31_vrfy_asn1(const br_ec_impl *impl, + const void *hash, size_t hash_len, + const br_ec_public_key *pk, const void *sig, size_t sig_len); + +/** + * \brief ECDSA signature verifier, "i31" implementation, "raw" format. + * + * \see br_ecdsa_vrfy() + * + * \param impl EC implementation to use. + * \param hash signed data (hashed). + * \param hash_len hash value length (in bytes). + * \param pk EC public key. + * \param sig signature. + * \param sig_len signature length (in bytes). + * \return 1 on success, 0 on error. + */ +uint32_t br_ecdsa_i31_vrfy_raw(const br_ec_impl *impl, + const void *hash, size_t hash_len, + const br_ec_public_key *pk, const void *sig, size_t sig_len); + +/** + * \brief ECDSA signature generator, "i15" implementation, "asn1" format. + * + * \see br_ecdsa_sign() + * + * \param impl EC implementation to use. + * \param hf hash function used to process the data. + * \param hash_value signed data (hashed). + * \param sk EC private key. + * \param sig destination buffer. + * \return the signature length (in bytes), or 0 on error. + */ +size_t br_ecdsa_i15_sign_asn1(const br_ec_impl *impl, + const br_hash_class *hf, const void *hash_value, + const br_ec_private_key *sk, void *sig); + +/** + * \brief ECDSA signature generator, "i15" implementation, "raw" format. + * + * \see br_ecdsa_sign() + * + * \param impl EC implementation to use. + * \param hf hash function used to process the data. + * \param hash_value signed data (hashed). + * \param sk EC private key. + * \param sig destination buffer. + * \return the signature length (in bytes), or 0 on error. + */ +size_t br_ecdsa_i15_sign_raw(const br_ec_impl *impl, + const br_hash_class *hf, const void *hash_value, + const br_ec_private_key *sk, void *sig); + +/** + * \brief ECDSA signature verifier, "i15" implementation, "asn1" format. + * + * \see br_ecdsa_vrfy() + * + * \param impl EC implementation to use. + * \param hash signed data (hashed). + * \param hash_len hash value length (in bytes). + * \param pk EC public key. + * \param sig signature. + * \param sig_len signature length (in bytes). + * \return 1 on success, 0 on error. + */ +uint32_t br_ecdsa_i15_vrfy_asn1(const br_ec_impl *impl, + const void *hash, size_t hash_len, + const br_ec_public_key *pk, const void *sig, size_t sig_len); + +/** + * \brief ECDSA signature verifier, "i15" implementation, "raw" format. + * + * \see br_ecdsa_vrfy() + * + * \param impl EC implementation to use. + * \param hash signed data (hashed). + * \param hash_len hash value length (in bytes). + * \param pk EC public key. + * \param sig signature. + * \param sig_len signature length (in bytes). + * \return 1 on success, 0 on error. + */ +uint32_t br_ecdsa_i15_vrfy_raw(const br_ec_impl *impl, + const void *hash, size_t hash_len, + const br_ec_public_key *pk, const void *sig, size_t sig_len); + +/** + * \brief Get "default" ECDSA implementation (signer, asn1 format). + * + * This returns the preferred implementation of ECDSA signature generation + * ("asn1" output format) on the current system. + * + * \return the default implementation. + */ +br_ecdsa_sign br_ecdsa_sign_asn1_get_default(void); + +/** + * \brief Get "default" ECDSA implementation (signer, raw format). + * + * This returns the preferred implementation of ECDSA signature generation + * ("raw" output format) on the current system. + * + * \return the default implementation. + */ +br_ecdsa_sign br_ecdsa_sign_raw_get_default(void); + +/** + * \brief Get "default" ECDSA implementation (verifier, asn1 format). + * + * This returns the preferred implementation of ECDSA signature verification + * ("asn1" output format) on the current system. + * + * \return the default implementation. + */ +br_ecdsa_vrfy br_ecdsa_vrfy_asn1_get_default(void); + +/** + * \brief Get "default" ECDSA implementation (verifier, raw format). + * + * This returns the preferred implementation of ECDSA signature verification + * ("raw" output format) on the current system. + * + * \return the default implementation. + */ +br_ecdsa_vrfy br_ecdsa_vrfy_raw_get_default(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_hash.h b/tools/sdk/include/bearssl/bearssl_hash.h new file mode 100644 index 0000000000..860ab718b3 --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_hash.h @@ -0,0 +1,1346 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_HASH_H__ +#define BR_BEARSSL_HASH_H__ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_hash.h + * + * # Hash Functions + * + * This file documents the API for hash functions. + * + * + * ## Procedural API + * + * For each implemented hash function, of name "`xxx`", the following + * elements are defined: + * + * - `br_xxx_vtable` + * + * An externally defined instance of `br_hash_class`. + * + * - `br_xxx_SIZE` + * + * A macro that evaluates to the output size (in bytes) of the + * hash function. + * + * - `br_xxx_ID` + * + * A macro that evaluates to a symbolic identifier for the hash + * function. Such identifiers are used with HMAC and signature + * algorithm implementations. + * + * NOTE: for the "standard" hash functions defined in [the TLS + * standard](https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1), + * the symbolic identifiers match the constants used in TLS, i.e. + * 1 to 6 for MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512, + * respectively. + * + * - `br_xxx_context` + * + * Context for an ongoing computation. It is allocated by the + * caller, and a pointer to it is passed to all functions. A + * context contains no interior pointer, so it can be moved around + * and cloned (with a simple `memcpy()` or equivalent) in order to + * capture the function state at some point. Computations that use + * distinct context structures are independent of each other. The + * first field of `br_xxx_context` is always a pointer to the + * `br_xxx_vtable` structure; `br_xxx_init()` sets that pointer. + * + * - `br_xxx_init(br_xxx_context *ctx)` + * + * Initialise the provided context. Previous contents of the structure + * are ignored. This calls resets the context to the start of a new + * hash computation; it also sets the first field of the context + * structure (called `vtable`) to a pointer to the statically + * allocated constant `br_xxx_vtable` structure. + * + * - `br_xxx_update(br_xxx_context *ctx, const void *data, size_t len)` + * + * Add some more bytes to the hash computation represented by the + * provided context. + * + * - `br_xxx_out(const br_xxx_context *ctx, void *out)` + * + * Complete the hash computation and write the result in the provided + * buffer. The output buffer MUST be large enough to accomodate the + * result. The context is NOT modified by this operation, so this + * function can be used to get a "partial hash" while still keeping + * the possibility of adding more bytes to the input. + * + * - `br_xxx_state(const br_xxx_context *ctx, void *out)` + * + * Get a copy of the "current state" for the computation so far. For + * MD functions (MD5, SHA-1, SHA-2 family), this is the running state + * resulting from the processing of the last complete input block. + * Returned value is the current input length (in bytes). + * + * - `br_xxx_set_state(br_xxx_context *ctx, const void *stb, uint64_t count)` + * + * Set the internal state to the provided values. The 'stb' and + * 'count' values shall match that which was obtained from + * `br_xxx_state()`. This restores the hash state only if the state + * values were at an appropriate block boundary. This does NOT set + * the `vtable` pointer in the context. + * + * Context structures can be discarded without any explicit deallocation. + * Hash function implementations are purely software and don't reserve + * any resources outside of the context structure itself. + * + * + * ## Object-Oriented API + * + * For each hash function that follows the procedural API described + * above, an object-oriented API is also provided. In that API, function + * pointers from the vtable (`br_xxx_vtable`) are used. The vtable + * incarnates object-oriented programming. An introduction on the OOP + * concept used here can be read on the BearSSL Web site:
+ *    [https://www.bearssl.org/oop.html](https://www.bearssl.org/oop.html) + * + * The vtable offers functions called `init()`, `update()`, `out()`, + * `set()` and `set_state()`, which are in fact the functions from + * the procedural API. That vtable also contains two informative fields: + * + * - `context_size` + * + * The size of the context structure (`br_xxx_context`), in bytes. + * This can be used by generic implementations to perform dynamic + * context allocation. + * + * - `desc` + * + * A "descriptor" field that encodes some information on the hash + * function: symbolic identifier, output size, state size, + * internal block size, details on the padding. + * + * Users of this object-oriented API (in particular generic HMAC + * implementations) may make the following assumptions: + * + * - Hash output size is no more than 64 bytes. + * - Hash internal state size is no more than 64 bytes. + * - Internal block size is a power of two, no less than 16 and no more + * than 256. + * + * + * ## Implemented Hash Functions + * + * Implemented hash functions are: + * + * | Function | Name | Output length | State length | + * | :-------- | :------ | :-----------: | :----------: | + * | MD5 | md5 | 16 | 16 | + * | SHA-1 | sha1 | 20 | 20 | + * | SHA-224 | sha224 | 28 | 32 | + * | SHA-256 | sha256 | 32 | 32 | + * | SHA-384 | sha384 | 48 | 64 | + * | SHA-512 | sha512 | 64 | 64 | + * | MD5+SHA-1 | md5sha1 | 36 | 36 | + * + * (MD5+SHA-1 is the concatenation of MD5 and SHA-1 computed over the + * same input; in the implementation, the internal data buffer is + * shared, thus making it more memory-efficient than separate MD5 and + * SHA-1. It can be useful in implementing SSL 3.0, TLS 1.0 and TLS + * 1.1.) + * + * + * ## Multi-Hasher + * + * An aggregate hasher is provided, that can compute several standard + * hash functions in parallel. It uses `br_multihash_context` and a + * procedural API. It is configured with the implementations (the vtables) + * that it should use; it will then compute all these hash functions in + * parallel, on the same input. It is meant to be used in cases when the + * hash of an object will be used, but the exact hash function is not + * known yet (typically, streamed processing on X.509 certificates). + * + * Only the standard hash functions (MD5, SHA-1, SHA-224, SHA-256, SHA-384 + * and SHA-512) are supported by the multi-hasher. + * + * + * ## GHASH + * + * GHASH is not a generic hash function; it is a _universal_ hash function, + * which, as the name does not say, means that it CANNOT be used in most + * places where a hash function is needed. GHASH is used within the GCM + * encryption mode, to provide the checked integrity functionality. + * + * A GHASH implementation is basically a function that uses the type defined + * in this file under the name `br_ghash`: + * + * typedef void (*br_ghash)(void *y, const void *h, const void *data, size_t len); + * + * The `y` pointer refers to a 16-byte value which is used as input, and + * receives the output of the GHASH invocation. `h` is a 16-byte secret + * value (that serves as key). `data` and `len` define the input data. + * + * Three GHASH implementations are provided, all constant-time, based on + * the use of integer multiplications with appropriate masking to cancel + * carry propagation. + */ + +/** + * \brief Class type for hash function implementations. + * + * A `br_hash_class` instance references the methods implementing a hash + * function. Constant instances of this structure are defined for each + * implemented hash function. Such instances are also called "vtables". + * + * Vtables are used to support object-oriented programming, as + * described on [the BearSSL Web site](https://www.bearssl.org/oop.html). + */ +typedef struct br_hash_class_ br_hash_class; +struct br_hash_class_ { + /** + * \brief Size (in bytes) of the context structure appropriate for + * computing this hash function. + */ + size_t context_size; + + /** + * \brief Descriptor word that contains information about the hash + * function. + * + * For each word `xxx` described below, use `BR_HASHDESC_xxx_OFF` + * and `BR_HASHDESC_xxx_MASK` to access the specific value, as + * follows: + * + * (hf->desc >> BR_HASHDESC_xxx_OFF) & BR_HASHDESC_xxx_MASK + * + * The defined elements are: + * + * - `ID`: the symbolic identifier for the function, as defined + * in [TLS](https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1) + * (MD5 = 1, SHA-1 = 2,...). + * + * - `OUT`: hash output size, in bytes. + * + * - `STATE`: internal running state size, in bytes. + * + * - `LBLEN`: base-2 logarithm for the internal block size, as + * defined for HMAC processing (this is 6 for MD5, SHA-1, SHA-224 + * and SHA-256, since these functions use 64-byte blocks; for + * SHA-384 and SHA-512, this is 7, corresponding to their + * 128-byte blocks). + * + * The descriptor may contain a few other flags. + */ + uint32_t desc; + + /** + * \brief Initialisation method. + * + * This method takes as parameter a pointer to a context area, + * that it initialises. The first field of the context is set + * to this vtable; other elements are initialised for a new hash + * computation. + * + * \param ctx pointer to (the first field of) the context. + */ + void (*init)(const br_hash_class **ctx); + + /** + * \brief Data injection method. + * + * The `len` bytes starting at address `data` are injected into + * the running hash computation incarnated by the specified + * context. The context is updated accordingly. It is allowed + * to have `len == 0`, in which case `data` is ignored (and could + * be `NULL`), and nothing happens. + * on the input data. + * + * \param ctx pointer to (the first field of) the context. + * \param data pointer to the first data byte to inject. + * \param len number of bytes to inject. + */ + void (*update)(const br_hash_class **ctx, const void *data, size_t len); + + /** + * \brief Produce hash output. + * + * The hash output corresponding to all data bytes injected in the + * context since the last `init()` call is computed, and written + * in the buffer pointed to by `dst`. The hash output size depends + * on the implemented hash function (e.g. 16 bytes for MD5). + * The context is _not_ modified by this call, so further bytes + * may be afterwards injected to continue the current computation. + * + * \param ctx pointer to (the first field of) the context. + * \param dst destination buffer for the hash output. + */ + void (*out)(const br_hash_class *const *ctx, void *dst); + + /** + * \brief Get running state. + * + * This method saves the current running state into the `dst` + * buffer. What constitutes the "running state" depends on the + * hash function; for Merkle-DamgÃ¥rd hash functions (like + * MD5 or SHA-1), this is the output obtained after processing + * each block. The number of bytes injected so far is returned. + * The context is not modified by this call. + * + * \param ctx pointer to (the first field of) the context. + * \param dst destination buffer for the state. + * \return the injected total byte length. + */ + uint64_t (*state)(const br_hash_class *const *ctx, void *dst); + + /** + * \brief Set running state. + * + * This methods replaces the running state for the function. + * + * \param ctx pointer to (the first field of) the context. + * \param stb source buffer for the state. + * \param count injected total byte length. + */ + void (*set_state)(const br_hash_class **ctx, + const void *stb, uint64_t count); +}; + +#ifndef BR_DOXYGEN_IGNORE +#define BR_HASHDESC_ID(id) ((uint32_t)(id) << BR_HASHDESC_ID_OFF) +#define BR_HASHDESC_ID_OFF 0 +#define BR_HASHDESC_ID_MASK 0xFF + +#define BR_HASHDESC_OUT(size) ((uint32_t)(size) << BR_HASHDESC_OUT_OFF) +#define BR_HASHDESC_OUT_OFF 8 +#define BR_HASHDESC_OUT_MASK 0x7F + +#define BR_HASHDESC_STATE(size) ((uint32_t)(size) << BR_HASHDESC_STATE_OFF) +#define BR_HASHDESC_STATE_OFF 15 +#define BR_HASHDESC_STATE_MASK 0xFF + +#define BR_HASHDESC_LBLEN(ls) ((uint32_t)(ls) << BR_HASHDESC_LBLEN_OFF) +#define BR_HASHDESC_LBLEN_OFF 23 +#define BR_HASHDESC_LBLEN_MASK 0x0F + +#define BR_HASHDESC_MD_PADDING ((uint32_t)1 << 28) +#define BR_HASHDESC_MD_PADDING_128 ((uint32_t)1 << 29) +#define BR_HASHDESC_MD_PADDING_BE ((uint32_t)1 << 30) +#endif + +/* + * Specific hash functions. + * + * Rules for contexts: + * -- No interior pointer. + * -- No pointer to external dynamically allocated resources. + * -- First field is called 'vtable' and is a pointer to a + * const-qualified br_hash_class instance (pointer is set by init()). + * -- SHA-224 and SHA-256 contexts are identical. + * -- SHA-384 and SHA-512 contexts are identical. + * + * Thus, contexts can be moved and cloned to capture the hash function + * current state; and there is no need for any explicit "release" function. + */ + +/** + * \brief Symbolic identifier for MD5. + */ +#define br_md5_ID 1 + +/** + * \brief MD5 output size (in bytes). + */ +#define br_md5_SIZE 16 + +/** + * \brief Constant vtable for MD5. + */ +extern const br_hash_class br_md5_vtable; + +/** + * \brief MD5 context. + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** + * \brief Pointer to vtable for this context. + */ + const br_hash_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + unsigned char buf[64]; + uint64_t count; + uint32_t val[4]; +#endif +} br_md5_context; + +/** + * \brief MD5 context initialisation. + * + * This function initialises or resets a context for a new MD5 + * computation. It also sets the vtable pointer. + * + * \param ctx pointer to the context structure. + */ +void br_md5_init(br_md5_context *ctx); + +/** + * \brief Inject some data bytes in a running MD5 computation. + * + * The provided context is updated with some data bytes. If the number + * of bytes (`len`) is zero, then the data pointer (`data`) is ignored + * and may be `NULL`, and this function does nothing. + * + * \param ctx pointer to the context structure. + * \param data pointer to the injected data. + * \param len injected data length (in bytes). + */ +void br_md5_update(br_md5_context *ctx, const void *data, size_t len); + +/** + * \brief Compute MD5 output. + * + * The MD5 output for the concatenation of all bytes injected in the + * provided context since the last initialisation or reset call, is + * computed and written in the buffer pointed to by `out`. The context + * itself is not modified, so extra bytes may be injected afterwards + * to continue that computation. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the hash output. + */ +void br_md5_out(const br_md5_context *ctx, void *out); + +/** + * \brief Save MD5 running state. + * + * The running state for MD5 (output of the last internal block + * processing) is written in the buffer pointed to by `out`. The + * number of bytes injected since the last initialisation or reset + * call is returned. The context is not modified. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the running state. + * \return the injected total byte length. + */ +uint64_t br_md5_state(const br_md5_context *ctx, void *out); + +/** + * \brief Restore MD5 running state. + * + * The running state for MD5 is set to the provided values. + * + * \param ctx pointer to the context structure. + * \param stb source buffer for the running state. + * \param count the injected total byte length. + */ +void br_md5_set_state(br_md5_context *ctx, const void *stb, uint64_t count); + +/** + * \brief Symbolic identifier for SHA-1. + */ +#define br_sha1_ID 2 + +/** + * \brief SHA-1 output size (in bytes). + */ +#define br_sha1_SIZE 20 + +/** + * \brief Constant vtable for SHA-1. + */ +extern const br_hash_class br_sha1_vtable; + +/** + * \brief SHA-1 context. + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** + * \brief Pointer to vtable for this context. + */ + const br_hash_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + unsigned char buf[64]; + uint64_t count; + uint32_t val[5]; +#endif +} br_sha1_context; + +/** + * \brief SHA-1 context initialisation. + * + * This function initialises or resets a context for a new SHA-1 + * computation. It also sets the vtable pointer. + * + * \param ctx pointer to the context structure. + */ +void br_sha1_init(br_sha1_context *ctx); + +/** + * \brief Inject some data bytes in a running SHA-1 computation. + * + * The provided context is updated with some data bytes. If the number + * of bytes (`len`) is zero, then the data pointer (`data`) is ignored + * and may be `NULL`, and this function does nothing. + * + * \param ctx pointer to the context structure. + * \param data pointer to the injected data. + * \param len injected data length (in bytes). + */ +void br_sha1_update(br_sha1_context *ctx, const void *data, size_t len); + +/** + * \brief Compute SHA-1 output. + * + * The SHA-1 output for the concatenation of all bytes injected in the + * provided context since the last initialisation or reset call, is + * computed and written in the buffer pointed to by `out`. The context + * itself is not modified, so extra bytes may be injected afterwards + * to continue that computation. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the hash output. + */ +void br_sha1_out(const br_sha1_context *ctx, void *out); + +/** + * \brief Save SHA-1 running state. + * + * The running state for SHA-1 (output of the last internal block + * processing) is written in the buffer pointed to by `out`. The + * number of bytes injected since the last initialisation or reset + * call is returned. The context is not modified. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the running state. + * \return the injected total byte length. + */ +uint64_t br_sha1_state(const br_sha1_context *ctx, void *out); + +/** + * \brief Restore SHA-1 running state. + * + * The running state for SHA-1 is set to the provided values. + * + * \param ctx pointer to the context structure. + * \param stb source buffer for the running state. + * \param count the injected total byte length. + */ +void br_sha1_set_state(br_sha1_context *ctx, const void *stb, uint64_t count); + +/** + * \brief Symbolic identifier for SHA-224. + */ +#define br_sha224_ID 3 + +/** + * \brief SHA-224 output size (in bytes). + */ +#define br_sha224_SIZE 28 + +/** + * \brief Constant vtable for SHA-224. + */ +extern const br_hash_class br_sha224_vtable; + +/** + * \brief SHA-224 context. + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** + * \brief Pointer to vtable for this context. + */ + const br_hash_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + unsigned char buf[64]; + uint64_t count; + uint32_t val[8]; +#endif +} br_sha224_context; + +/** + * \brief SHA-224 context initialisation. + * + * This function initialises or resets a context for a new SHA-224 + * computation. It also sets the vtable pointer. + * + * \param ctx pointer to the context structure. + */ +void br_sha224_init(br_sha224_context *ctx); + +/** + * \brief Inject some data bytes in a running SHA-224 computation. + * + * The provided context is updated with some data bytes. If the number + * of bytes (`len`) is zero, then the data pointer (`data`) is ignored + * and may be `NULL`, and this function does nothing. + * + * \param ctx pointer to the context structure. + * \param data pointer to the injected data. + * \param len injected data length (in bytes). + */ +void br_sha224_update(br_sha224_context *ctx, const void *data, size_t len); + +/** + * \brief Compute SHA-224 output. + * + * The SHA-224 output for the concatenation of all bytes injected in the + * provided context since the last initialisation or reset call, is + * computed and written in the buffer pointed to by `out`. The context + * itself is not modified, so extra bytes may be injected afterwards + * to continue that computation. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the hash output. + */ +void br_sha224_out(const br_sha224_context *ctx, void *out); + +/** + * \brief Save SHA-224 running state. + * + * The running state for SHA-224 (output of the last internal block + * processing) is written in the buffer pointed to by `out`. The + * number of bytes injected since the last initialisation or reset + * call is returned. The context is not modified. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the running state. + * \return the injected total byte length. + */ +uint64_t br_sha224_state(const br_sha224_context *ctx, void *out); + +/** + * \brief Restore SHA-224 running state. + * + * The running state for SHA-224 is set to the provided values. + * + * \param ctx pointer to the context structure. + * \param stb source buffer for the running state. + * \param count the injected total byte length. + */ +void br_sha224_set_state(br_sha224_context *ctx, + const void *stb, uint64_t count); + +/** + * \brief Symbolic identifier for SHA-256. + */ +#define br_sha256_ID 4 + +/** + * \brief SHA-256 output size (in bytes). + */ +#define br_sha256_SIZE 32 + +/** + * \brief Constant vtable for SHA-256. + */ +extern const br_hash_class br_sha256_vtable; + +#ifdef BR_DOXYGEN_IGNORE +/** + * \brief SHA-256 context. + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** + * \brief Pointer to vtable for this context. + */ + const br_hash_class *vtable; +} br_sha256_context; +#else +typedef br_sha224_context br_sha256_context; +#endif + +/** + * \brief SHA-256 context initialisation. + * + * This function initialises or resets a context for a new SHA-256 + * computation. It also sets the vtable pointer. + * + * \param ctx pointer to the context structure. + */ +void br_sha256_init(br_sha256_context *ctx); + +#ifdef BR_DOXYGEN_IGNORE +/** + * \brief Inject some data bytes in a running SHA-256 computation. + * + * The provided context is updated with some data bytes. If the number + * of bytes (`len`) is zero, then the data pointer (`data`) is ignored + * and may be `NULL`, and this function does nothing. + * + * \param ctx pointer to the context structure. + * \param data pointer to the injected data. + * \param len injected data length (in bytes). + */ +void br_sha256_update(br_sha256_context *ctx, const void *data, size_t len); +#else +#define br_sha256_update br_sha224_update +#endif + +/** + * \brief Compute SHA-256 output. + * + * The SHA-256 output for the concatenation of all bytes injected in the + * provided context since the last initialisation or reset call, is + * computed and written in the buffer pointed to by `out`. The context + * itself is not modified, so extra bytes may be injected afterwards + * to continue that computation. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the hash output. + */ +void br_sha256_out(const br_sha256_context *ctx, void *out); + +#if BR_DOXYGEN_IGNORE +/** + * \brief Save SHA-256 running state. + * + * The running state for SHA-256 (output of the last internal block + * processing) is written in the buffer pointed to by `out`. The + * number of bytes injected since the last initialisation or reset + * call is returned. The context is not modified. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the running state. + * \return the injected total byte length. + */ +uint64_t br_sha256_state(const br_sha256_context *ctx, void *out); +#else +#define br_sha256_state br_sha224_state +#endif + +#if BR_DOXYGEN_IGNORE +/** + * \brief Restore SHA-256 running state. + * + * The running state for SHA-256 is set to the provided values. + * + * \param ctx pointer to the context structure. + * \param stb source buffer for the running state. + * \param count the injected total byte length. + */ +void br_sha256_set_state(br_sha256_context *ctx, + const void *stb, uint64_t count); +#else +#define br_sha256_set_state br_sha224_set_state +#endif + +/** + * \brief Symbolic identifier for SHA-384. + */ +#define br_sha384_ID 5 + +/** + * \brief SHA-384 output size (in bytes). + */ +#define br_sha384_SIZE 48 + +/** + * \brief Constant vtable for SHA-384. + */ +extern const br_hash_class br_sha384_vtable; + +/** + * \brief SHA-384 context. + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** + * \brief Pointer to vtable for this context. + */ + const br_hash_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + unsigned char buf[128]; + uint64_t count; + uint64_t val[8]; +#endif +} br_sha384_context; + +/** + * \brief SHA-384 context initialisation. + * + * This function initialises or resets a context for a new SHA-384 + * computation. It also sets the vtable pointer. + * + * \param ctx pointer to the context structure. + */ +void br_sha384_init(br_sha384_context *ctx); + +/** + * \brief Inject some data bytes in a running SHA-384 computation. + * + * The provided context is updated with some data bytes. If the number + * of bytes (`len`) is zero, then the data pointer (`data`) is ignored + * and may be `NULL`, and this function does nothing. + * + * \param ctx pointer to the context structure. + * \param data pointer to the injected data. + * \param len injected data length (in bytes). + */ +void br_sha384_update(br_sha384_context *ctx, const void *data, size_t len); + +/** + * \brief Compute SHA-384 output. + * + * The SHA-384 output for the concatenation of all bytes injected in the + * provided context since the last initialisation or reset call, is + * computed and written in the buffer pointed to by `out`. The context + * itself is not modified, so extra bytes may be injected afterwards + * to continue that computation. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the hash output. + */ +void br_sha384_out(const br_sha384_context *ctx, void *out); + +/** + * \brief Save SHA-384 running state. + * + * The running state for SHA-384 (output of the last internal block + * processing) is written in the buffer pointed to by `out`. The + * number of bytes injected since the last initialisation or reset + * call is returned. The context is not modified. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the running state. + * \return the injected total byte length. + */ +uint64_t br_sha384_state(const br_sha384_context *ctx, void *out); + +/** + * \brief Restore SHA-384 running state. + * + * The running state for SHA-384 is set to the provided values. + * + * \param ctx pointer to the context structure. + * \param stb source buffer for the running state. + * \param count the injected total byte length. + */ +void br_sha384_set_state(br_sha384_context *ctx, + const void *stb, uint64_t count); + +/** + * \brief Symbolic identifier for SHA-512. + */ +#define br_sha512_ID 6 + +/** + * \brief SHA-512 output size (in bytes). + */ +#define br_sha512_SIZE 64 + +/** + * \brief Constant vtable for SHA-512. + */ +extern const br_hash_class br_sha512_vtable; + +#ifdef BR_DOXYGEN_IGNORE +/** + * \brief SHA-512 context. + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** + * \brief Pointer to vtable for this context. + */ + const br_hash_class *vtable; +} br_sha512_context; +#else +typedef br_sha384_context br_sha512_context; +#endif + +/** + * \brief SHA-512 context initialisation. + * + * This function initialises or resets a context for a new SHA-512 + * computation. It also sets the vtable pointer. + * + * \param ctx pointer to the context structure. + */ +void br_sha512_init(br_sha512_context *ctx); + +#ifdef BR_DOXYGEN_IGNORE +/** + * \brief Inject some data bytes in a running SHA-512 computation. + * + * The provided context is updated with some data bytes. If the number + * of bytes (`len`) is zero, then the data pointer (`data`) is ignored + * and may be `NULL`, and this function does nothing. + * + * \param ctx pointer to the context structure. + * \param data pointer to the injected data. + * \param len injected data length (in bytes). + */ +void br_sha512_update(br_sha512_context *ctx, const void *data, size_t len); +#else +#define br_sha512_update br_sha384_update +#endif + +/** + * \brief Compute SHA-512 output. + * + * The SHA-512 output for the concatenation of all bytes injected in the + * provided context since the last initialisation or reset call, is + * computed and written in the buffer pointed to by `out`. The context + * itself is not modified, so extra bytes may be injected afterwards + * to continue that computation. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the hash output. + */ +void br_sha512_out(const br_sha512_context *ctx, void *out); + +#ifdef BR_DOXYGEN_IGNORE +/** + * \brief Save SHA-512 running state. + * + * The running state for SHA-512 (output of the last internal block + * processing) is written in the buffer pointed to by `out`. The + * number of bytes injected since the last initialisation or reset + * call is returned. The context is not modified. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the running state. + * \return the injected total byte length. + */ +uint64_t br_sha512_state(const br_sha512_context *ctx, void *out); +#else +#define br_sha512_state br_sha384_state +#endif + +#ifdef BR_DOXYGEN_IGNORE +/** + * \brief Restore SHA-512 running state. + * + * The running state for SHA-512 is set to the provided values. + * + * \param ctx pointer to the context structure. + * \param stb source buffer for the running state. + * \param count the injected total byte length. + */ +void br_sha512_set_state(br_sha512_context *ctx, + const void *stb, uint64_t count); +#else +#define br_sha512_set_state br_sha384_set_state +#endif + +/* + * "md5sha1" is a special hash function that computes both MD5 and SHA-1 + * on the same input, and produces a 36-byte output (MD5 and SHA-1 + * concatenation, in that order). State size is also 36 bytes. + */ + +/** + * \brief Symbolic identifier for MD5+SHA-1. + * + * MD5+SHA-1 is the concatenation of MD5 and SHA-1, computed over the + * same input. It is not one of the functions identified in TLS, so + * we give it a symbolic identifier of value 0. + */ +#define br_md5sha1_ID 0 + +/** + * \brief MD5+SHA-1 output size (in bytes). + */ +#define br_md5sha1_SIZE 36 + +/** + * \brief Constant vtable for MD5+SHA-1. + */ +extern const br_hash_class br_md5sha1_vtable; + +/** + * \brief MD5+SHA-1 context. + * + * First field is a pointer to the vtable; it is set by the initialisation + * function. Other fields are not supposed to be accessed by user code. + */ +typedef struct { + /** + * \brief Pointer to vtable for this context. + */ + const br_hash_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + unsigned char buf[64]; + uint64_t count; + uint32_t val_md5[4]; + uint32_t val_sha1[5]; +#endif +} br_md5sha1_context; + +/** + * \brief MD5+SHA-1 context initialisation. + * + * This function initialises or resets a context for a new SHA-512 + * computation. It also sets the vtable pointer. + * + * \param ctx pointer to the context structure. + */ +void br_md5sha1_init(br_md5sha1_context *ctx); + +/** + * \brief Inject some data bytes in a running MD5+SHA-1 computation. + * + * The provided context is updated with some data bytes. If the number + * of bytes (`len`) is zero, then the data pointer (`data`) is ignored + * and may be `NULL`, and this function does nothing. + * + * \param ctx pointer to the context structure. + * \param data pointer to the injected data. + * \param len injected data length (in bytes). + */ +void br_md5sha1_update(br_md5sha1_context *ctx, const void *data, size_t len); + +/** + * \brief Compute MD5+SHA-1 output. + * + * The MD5+SHA-1 output for the concatenation of all bytes injected in the + * provided context since the last initialisation or reset call, is + * computed and written in the buffer pointed to by `out`. The context + * itself is not modified, so extra bytes may be injected afterwards + * to continue that computation. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the hash output. + */ +void br_md5sha1_out(const br_md5sha1_context *ctx, void *out); + +/** + * \brief Save MD5+SHA-1 running state. + * + * The running state for MD5+SHA-1 (output of the last internal block + * processing) is written in the buffer pointed to by `out`. The + * number of bytes injected since the last initialisation or reset + * call is returned. The context is not modified. + * + * \param ctx pointer to the context structure. + * \param out destination buffer for the running state. + * \return the injected total byte length. + */ +uint64_t br_md5sha1_state(const br_md5sha1_context *ctx, void *out); + +/** + * \brief Restore MD5+SHA-1 running state. + * + * The running state for MD5+SHA-1 is set to the provided values. + * + * \param ctx pointer to the context structure. + * \param stb source buffer for the running state. + * \param count the injected total byte length. + */ +void br_md5sha1_set_state(br_md5sha1_context *ctx, + const void *stb, uint64_t count); + +/** + * \brief Aggregate context for configurable hash function support. + * + * The `br_hash_compat_context` type is a type which is large enough to + * serve as context for all standard hash functions defined above. + */ +typedef union { + const br_hash_class *vtable; + br_md5_context md5; + br_sha1_context sha1; + br_sha224_context sha224; + br_sha256_context sha256; + br_sha384_context sha384; + br_sha512_context sha512; + br_md5sha1_context md5sha1; +} br_hash_compat_context; + +/* + * The multi-hasher is a construct that handles hashing of the same input + * data with several hash functions, with a single shared input buffer. + * It can handle MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 + * simultaneously, though which functions are activated depends on + * the set implementation pointers. + */ + +/** + * \brief Multi-hasher context structure. + * + * The multi-hasher runs up to six hash functions in the standard TLS list + * (MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) in parallel, over + * the same input. + * + * The multi-hasher does _not_ follow the OOP structure with a vtable. + * Instead, it is configured with the vtables of the hash functions it + * should run. Structure fields are not supposed to be accessed directly. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + unsigned char buf[128]; + uint64_t count; + uint32_t val_32[25]; + uint64_t val_64[16]; + const br_hash_class *impl[6]; +#endif +} br_multihash_context; + +/** + * \brief Clear a multi-hasher context. + * + * This should always be called once on a given context, _before_ setting + * the implementation pointers. + * + * \param ctx the multi-hasher context. + */ +void br_multihash_zero(br_multihash_context *ctx); + +/** + * \brief Set a hash function implementation. + * + * Implementations shall be set _after_ clearing the context (with + * `br_multihash_zero()`) but _before_ initialising the computation + * (with `br_multihash_init()`). The hash function implementation + * MUST be one of the standard hash functions (MD5, SHA-1, SHA-224, + * SHA-256, SHA-384 or SHA-512); it may also be `NULL` to remove + * an implementation from the multi-hasher. + * + * \param ctx the multi-hasher context. + * \param id the hash function symbolic identifier. + * \param impl the hash function vtable, or `NULL`. + */ +static inline void +br_multihash_setimpl(br_multihash_context *ctx, + int id, const br_hash_class *impl) +{ + /* + * This code relies on hash functions ID being values 1 to 6, + * in the MD5 to SHA-512 order. + */ + ctx->impl[id - 1] = impl; +} + +/** + * \brief Get a hash function implementation. + * + * This function returns the currently configured vtable for a given + * hash function (by symbolic ID). If no such function was configured in + * the provided multi-hasher context, then this function returns `NULL`. + * + * \param ctx the multi-hasher context. + * \param id the hash function symbolic identifier. + * \return the hash function vtable, or `NULL`. + */ +static inline const br_hash_class * +br_multihash_getimpl(const br_multihash_context *ctx, int id) +{ + return ctx->impl[id - 1]; +} + +/** + * \brief Reset a multi-hasher context. + * + * This function prepares the context for a new hashing computation, + * for all implementations configured at that point. + * + * \param ctx the multi-hasher context. + */ +void br_multihash_init(br_multihash_context *ctx); + +/** + * \brief Inject some data bytes in a running multi-hashing computation. + * + * The provided context is updated with some data bytes. If the number + * of bytes (`len`) is zero, then the data pointer (`data`) is ignored + * and may be `NULL`, and this function does nothing. + * + * \param ctx pointer to the context structure. + * \param data pointer to the injected data. + * \param len injected data length (in bytes). + */ +void br_multihash_update(br_multihash_context *ctx, + const void *data, size_t len); + +/** + * \brief Compute a hash output from a multi-hasher. + * + * The hash output for the concatenation of all bytes injected in the + * provided context since the last initialisation or reset call, is + * computed and written in the buffer pointed to by `dst`. The hash + * function to use is identified by `id` and must be one of the standard + * hash functions. If that hash function was indeed configured in the + * multi-hasher context, the corresponding hash value is written in + * `dst` and its length (in bytes) is returned. If the hash function + * was _not_ configured, then nothing is written in `dst` and 0 is + * returned. + * + * The context itself is not modified, so extra bytes may be injected + * afterwards to continue the hash computations. + * + * \param ctx pointer to the context structure. + * \param id the hash function symbolic identifier. + * \param dst destination buffer for the hash output. + * \return the hash output length (in bytes), or 0. + */ +size_t br_multihash_out(const br_multihash_context *ctx, int id, void *dst); + +/** + * \brief Type for a GHASH implementation. + * + * GHASH is a sort of keyed hash meant to be used to implement GCM in + * combination with a block cipher (with 16-byte blocks). + * + * The `y` array has length 16 bytes and is used for input and output; in + * a complete GHASH run, it starts with an all-zero value. `h` is a 16-byte + * value that serves as key (it is derived from the encryption key in GCM, + * using the block cipher). The data length (`len`) is expressed in bytes. + * The `y` array is updated. + * + * If the data length is not a multiple of 16, then the data is implicitly + * padded with zeros up to the next multiple of 16. Thus, when using GHASH + * in GCM, this method may be called twice, for the associated data and + * for the ciphertext, respectively; the zero-padding implements exactly + * the GCM rules. + * + * \param y the array to update. + * \param h the GHASH key. + * \param data the input data (may be `NULL` if `len` is zero). + * \param len the input data length (in bytes). + */ +typedef void (*br_ghash)(void *y, const void *h, const void *data, size_t len); + +/** + * \brief GHASH implementation using multiplications (mixed 32-bit). + * + * This implementation uses multiplications of 32-bit values, with a + * 64-bit result. It is constant-time (if multiplications are + * constant-time). + * + * \param y the array to update. + * \param h the GHASH key. + * \param data the input data (may be `NULL` if `len` is zero). + * \param len the input data length (in bytes). + */ +void br_ghash_ctmul(void *y, const void *h, const void *data, size_t len); + +/** + * \brief GHASH implementation using multiplications (strict 32-bit). + * + * This implementation uses multiplications of 32-bit values, with a + * 32-bit result. It is usually somewhat slower than `br_ghash_ctmul()`, + * but it is expected to be faster on architectures for which the + * 32-bit multiplication opcode does not yield the upper 32 bits of the + * product. It is constant-time (if multiplications are constant-time). + * + * \param y the array to update. + * \param h the GHASH key. + * \param data the input data (may be `NULL` if `len` is zero). + * \param len the input data length (in bytes). + */ +void br_ghash_ctmul32(void *y, const void *h, const void *data, size_t len); + +/** + * \brief GHASH implementation using multiplications (64-bit). + * + * This implementation uses multiplications of 64-bit values, with a + * 64-bit result. It is constant-time (if multiplications are + * constant-time). It is substantially faster than `br_ghash_ctmul()` + * and `br_ghash_ctmul32()` on most 64-bit architectures. + * + * \param y the array to update. + * \param h the GHASH key. + * \param data the input data (may be `NULL` if `len` is zero). + * \param len the input data length (in bytes). + */ +void br_ghash_ctmul64(void *y, const void *h, const void *data, size_t len); + +/** + * \brief GHASH implementation using the `pclmulqdq` opcode (part of the + * AES-NI instructions). + * + * This implementation is available only on x86 platforms where the + * compiler supports the relevant intrinsic functions. Even if the + * compiler supports these functions, the local CPU might not support + * the `pclmulqdq` opcode, meaning that a call will fail with an + * illegal instruction exception. To safely obtain a pointer to this + * function when supported (or 0 otherwise), use `br_ghash_pclmul_get()`. + * + * \param y the array to update. + * \param h the GHASH key. + * \param data the input data (may be `NULL` if `len` is zero). + * \param len the input data length (in bytes). + */ +void br_ghash_pclmul(void *y, const void *h, const void *data, size_t len); + +/** + * \brief Obtain the `pclmul` GHASH implementation, if available. + * + * If the `pclmul` implementation was compiled in the library (depending + * on the compiler abilities) _and_ the local CPU appears to support the + * opcode, then this function will return a pointer to the + * `br_ghash_pclmul()` function. Otherwise, it will return `0`. + * + * \return the `pclmul` GHASH implementation, or `0`. + */ +br_ghash br_ghash_pclmul_get(void); + +/** + * \brief GHASH implementation using the POWER8 opcodes. + * + * This implementation is available only on POWER8 platforms (and later). + * To safely obtain a pointer to this function when supported (or 0 + * otherwise), use `br_ghash_pwr8_get()`. + * + * \param y the array to update. + * \param h the GHASH key. + * \param data the input data (may be `NULL` if `len` is zero). + * \param len the input data length (in bytes). + */ +void br_ghash_pwr8(void *y, const void *h, const void *data, size_t len); + +/** + * \brief Obtain the `pwr8` GHASH implementation, if available. + * + * If the `pwr8` implementation was compiled in the library (depending + * on the compiler abilities) _and_ the local CPU appears to support the + * opcode, then this function will return a pointer to the + * `br_ghash_pwr8()` function. Otherwise, it will return `0`. + * + * \return the `pwr8` GHASH implementation, or `0`. + */ +br_ghash br_ghash_pwr8_get(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_hmac.h b/tools/sdk/include/bearssl/bearssl_hmac.h new file mode 100644 index 0000000000..511dbbe438 --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_hmac.h @@ -0,0 +1,211 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_HMAC_H__ +#define BR_BEARSSL_HMAC_H__ + +#include +#include + +#include "bearssl_hash.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_hmac.h + * + * # HMAC + * + * HMAC is initialized with a key and an underlying hash function; it + * then fills a "key context". That context contains the processed + * key. + * + * With the key context, a HMAC context can be initialized to process + * the input bytes and obtain the MAC output. The key context is not + * modified during that process, and can be reused. + * + * IMPORTANT: HMAC shall be used only with functions that have the + * following properties: + * + * - hash output size does not exceed 64 bytes; + * - hash internal state size does not exceed 64 bytes; + * - internal block length is a power of 2 between 16 and 256 bytes. + */ + +/** + * \brief HMAC key context. + * + * The HMAC key context is initialised with a hash function implementation + * and a secret key. Contents are opaque (callers should not access them + * directly). The caller is responsible for allocating the context where + * appropriate. Context initialisation and usage incurs no dynamic + * allocation, so there is no release function. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + const br_hash_class *dig_vtable; + unsigned char ksi[64], kso[64]; +#endif +} br_hmac_key_context; + +/** + * \brief HMAC key context initialisation. + * + * Initialise the key context with the provided key, using the hash function + * identified by `digest_vtable`. This supports arbitrary key lengths. + * + * \param kc HMAC key context to initialise. + * \param digest_vtable pointer to the hash function implementation vtable. + * \param key pointer to the HMAC secret key. + * \param key_len HMAC secret key length (in bytes). + */ +void br_hmac_key_init(br_hmac_key_context *kc, + const br_hash_class *digest_vtable, const void *key, size_t key_len); + +/** + * \brief HMAC computation context. + * + * The HMAC computation context maintains the state for a single HMAC + * computation. It is modified as input bytes are injected. The context + * is caller-allocated and has no release function since it does not + * dynamically allocate external resources. Its contents are opaque. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + br_hash_compat_context dig; + unsigned char kso[64]; + size_t out_len; +#endif +} br_hmac_context; + +/** + * \brief HMAC computation initialisation. + * + * Initialise a HMAC context with a key context. The key context is + * unmodified. Relevant data from the key context is immediately copied; + * the key context can thus be independently reused, modified or released + * without impacting this HMAC computation. + * + * An explicit output length can be specified; the actual output length + * will be the minimum of that value and the natural HMAC output length. + * If `out_len` is 0, then the natural HMAC output length is selected. The + * "natural output length" is the output length of the underlying hash + * function. + * + * \param ctx HMAC context to initialise. + * \param kc HMAC key context (already initialised with the key). + * \param out_len HMAC output length (0 to select "natural length"). + */ +void br_hmac_init(br_hmac_context *ctx, + const br_hmac_key_context *kc, size_t out_len); + +/** + * \brief Get the HMAC output size. + * + * The HMAC output size is the number of bytes that will actually be + * produced with `br_hmac_out()` with the provided context. This function + * MUST NOT be called on a non-initialised HMAC computation context. + * The returned value is the minimum of the HMAC natural length (output + * size of the underlying hash function) and the `out_len` parameter which + * was used with the last `br_hmac_init()` call on that context (if the + * initialisation `out_len` parameter was 0, then this function will + * return the HMAC natural length). + * + * \param ctx the (already initialised) HMAC computation context. + * \return the HMAC actual output size. + */ +static inline size_t +br_hmac_size(br_hmac_context *ctx) +{ + return ctx->out_len; +} + +/** + * \brief Inject some bytes in HMAC. + * + * The provided `len` bytes are injected as extra input in the HMAC + * computation incarnated by the `ctx` HMAC context. It is acceptable + * that `len` is zero, in which case `data` is ignored (and may be + * `NULL`) and this function does nothing. + */ +void br_hmac_update(br_hmac_context *ctx, const void *data, size_t len); + +/** + * \brief Compute the HMAC output. + * + * The destination buffer MUST be large enough to accomodate the result; + * its length is at most the "natural length" of HMAC (i.e. the output + * length of the underlying hash function). The context is NOT modified; + * further bytes may be processed. Thus, "partial HMAC" values can be + * efficiently obtained. + * + * Returned value is the output length (in bytes). + * + * \param ctx HMAC computation context. + * \param out destination buffer for the HMAC output. + * \return the produced value length (in bytes). + */ +size_t br_hmac_out(const br_hmac_context *ctx, void *out); + +/** + * \brief Constant-time HMAC computation. + * + * This function compute the HMAC output in constant time. Some extra + * input bytes are processed, then the output is computed. The extra + * input consists in the `len` bytes pointed to by `data`. The `len` + * parameter must lie between `min_len` and `max_len` (inclusive); + * `max_len` bytes are actually read from `data`. Computing time (and + * memory access pattern) will not depend upon the data byte contents or + * the value of `len`. + * + * The output is written in the `out` buffer, that MUST be large enough + * to receive it. + * + * The difference `max_len - min_len` MUST be less than 230 + * (i.e. about one gigabyte). + * + * This function computes the output properly only if the underlying + * hash function uses MD padding (i.e. MD5, SHA-1, SHA-224, SHA-256, + * SHA-384 or SHA-512). + * + * The provided context is NOT modified. + * + * \param ctx the (already initialised) HMAC computation context. + * \param data the extra input bytes. + * \param len the extra input length (in bytes). + * \param min_len minimum extra input length (in bytes). + * \param max_len maximum extra input length (in bytes). + * \param out destination buffer for the HMAC output. + * \return the produced value length (in bytes). + */ +size_t br_hmac_outCT(const br_hmac_context *ctx, + const void *data, size_t len, size_t min_len, size_t max_len, + void *out); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_pem.h b/tools/sdk/include/bearssl/bearssl_pem.h new file mode 100644 index 0000000000..5e466bc72c --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_pem.h @@ -0,0 +1,243 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_PEM_H__ +#define BR_BEARSSL_PEM_H__ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_pem.h + * + * # PEM Support + * + * PEM is a traditional encoding layer use to store binary objects (in + * particular X.509 certificates, and private keys) in text files. While + * the acronym comes from an old, defunct standard ("Privacy Enhanced + * Mail"), the format has been reused, with some variations, by many + * systems, and is a _de facto_ standard, even though it is not, actually, + * specified in all clarity anywhere. + * + * ## Format Details + * + * BearSSL contains a generic, streamed PEM decoder, which handles the + * following format: + * + * - The input source (a sequence of bytes) is assumed to be the + * encoding of a text file in an ASCII-compatible charset. This + * includes ISO-8859-1, Windows-1252, and UTF-8 encodings. Each + * line ends on a newline character (U+000A LINE FEED). The + * U+000D CARRIAGE RETURN characters are ignored, so the code + * accepts both Windows-style and Unix-style line endings. + * + * - Each object begins with a banner that occurs at the start of + * a line; the first banner characters are "`-----BEGIN `" (five + * dashes, the word "BEGIN", and a space). The banner matching is + * not case-sensitive. + * + * - The _object name_ consists in the characters that follow the + * banner start sequence, up to the end of the line, but without + * trailing dashes (in "normal" PEM, there are five trailing + * dashes, but this implementation is not picky about these dashes). + * The BearSSL decoder normalises the name characters to uppercase + * (for ASCII letters only) and accepts names up to 127 characters. + * + * - The object ends with a banner that again occurs at the start of + * a line, and starts with "`-----END `" (again case-insensitive). + * + * - Between that start and end banner, only Base64 data shall occur. + * Base64 converts each sequence of three bytes into four + * characters; the four characters are ASCII letters, digits, "`+`" + * or "`-`" signs, and one or two "`=`" signs may occur in the last + * quartet. Whitespace is ignored (whitespace is any ASCII character + * of code 32 or less, so control characters are whitespace) and + * lines may have arbitrary length; the only restriction is that the + * four characters of a quartet must appear on the same line (no + * line break inside a quartet). + * + * - A single file may contain more than one PEM object. Bytes that + * occur between objects are ignored. + * + * + * ## PEM Decoder API + * + * The PEM decoder offers a state-machine API. The caller allocates a + * decoder context, then injects source bytes. Source bytes are pushed + * with `br_pem_decoder_push()`. The decoder stops accepting bytes when + * it reaches an "event", which is either the start of an object, the + * end of an object, or a decoding error within an object. + * + * The `br_pem_decoder_event()` function is used to obtain the current + * event; it also clears it, thus allowing the decoder to accept more + * bytes. When a object start event is raised, the decoder context + * offers the found object name (normalised to ASCII uppercase). + * + * When an object is reached, the caller must set an appropriate callback + * function, which will receive (by chunks) the decoded object data. + * + * Since the decoder context makes no dynamic allocation, it requires + * no explicit deallocation. + */ + +/** + * \brief PEM decoder context. + * + * Contents are opaque (they should not be accessed directly). + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + /* CPU for the T0 virtual machine. */ + struct { + uint32_t *dp; + uint32_t *rp; + const unsigned char *ip; + } cpu; + uint32_t dp_stack[32]; + uint32_t rp_stack[32]; + int err; + + const unsigned char *hbuf; + size_t hlen; + + void (*dest)(void *dest_ctx, const void *src, size_t len); + void *dest_ctx; + + unsigned char event; + char name[128]; + unsigned char buf[255]; + size_t ptr; +#endif +} br_pem_decoder_context; + +/** + * \brief Initialise a PEM decoder structure. + * + * \param ctx decoder context to initialise. + */ +void br_pem_decoder_init(br_pem_decoder_context *ctx); + +/** + * \brief Push some bytes into the decoder. + * + * Returned value is the number of bytes actually consumed; this may be + * less than the number of provided bytes if an event is raised. When an + * event is raised, it must be read (with `br_pem_decoder_event()`); + * until the event is read, this function will return 0. + * + * \param ctx decoder context. + * \param data new data bytes. + * \param len number of new data bytes. + * \return the number of bytes actually received (may be less than `len`). + */ +size_t br_pem_decoder_push(br_pem_decoder_context *ctx, + const void *data, size_t len); + +/** + * \brief Set the receiver for decoded data. + * + * When an object is entered, the provided function (with opaque context + * pointer) will be called repeatedly with successive chunks of decoded + * data for that object. If `dest` is set to 0, then decoded data is + * simply ignored. The receiver can be set at any time, but, in practice, + * it should be called immediately after receiving a "start of object" + * event. + * + * \param ctx decoder context. + * \param dest callback for receiving decoded data. + * \param dest_ctx opaque context pointer for the `dest` callback. + */ +static inline void +br_pem_decoder_setdest(br_pem_decoder_context *ctx, + void (*dest)(void *dest_ctx, const void *src, size_t len), + void *dest_ctx) +{ + ctx->dest = dest; + ctx->dest_ctx = dest_ctx; +} + +/** + * \brief Get the last event. + * + * If an event was raised, then this function returns the event value, and + * also clears it, thereby allowing the decoder to proceed. If no event + * was raised since the last call to `br_pem_decoder_event()`, then this + * function returns 0. + * + * \param ctx decoder context. + * \return the raised event, or 0. + */ +int br_pem_decoder_event(br_pem_decoder_context *ctx); + +/** + * \brief Event: start of object. + * + * This event is raised when the start of a new object has been detected. + * The object name (normalised to uppercase) can be accessed with + * `br_pem_decoder_name()`. + */ +#define BR_PEM_BEGIN_OBJ 1 + +/** + * \brief Event: end of object. + * + * This event is raised when the end of the current object is reached + * (normally, i.e. with no decoding error). + */ +#define BR_PEM_END_OBJ 2 + +/** + * \brief Event: decoding error. + * + * This event is raised when decoding fails within an object. + * This formally closes the current object and brings the decoder back + * to the "out of any object" state. The offending line in the source + * is consumed. + */ +#define BR_PEM_ERROR 3 + +/** + * \brief Get the name of the encountered object. + * + * The encountered object name is defined only when the "start of object" + * event is raised. That name is normalised to uppercase (for ASCII letters + * only) and does not include trailing dashes. + * + * \param ctx decoder context. + * \return the current object name. + */ +static inline const char * +br_pem_decoder_name(br_pem_decoder_context *ctx) +{ + return ctx->name; +} + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_port.h b/tools/sdk/include/bearssl/bearssl_port.h new file mode 100644 index 0000000000..277e55d4cb --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_port.h @@ -0,0 +1,20 @@ +#ifndef _bearssl_port_h +#define _bearssl_port_h + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +extern void br_esp8266_stack_proxy_init(uint8_t *space, uint16_t size); +extern size_t br_esp8266_stack_proxy_max(); +extern size_t br_esp8266_stack_proxy_usage(); +extern void br_esp8266_stack_proxy_deinit(); + +#ifdef __cplusplus +}; +#endif + +#endif + diff --git a/tools/sdk/include/bearssl/bearssl_prf.h b/tools/sdk/include/bearssl/bearssl_prf.h new file mode 100644 index 0000000000..9d54ad8d34 --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_prf.h @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_PRF_H__ +#define BR_BEARSSL_PRF_H__ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_prf.h + * + * # The TLS PRF + * + * The "PRF" is the pseudorandom function used internally during the + * SSL/TLS handshake, notably to expand negociated shared secrets into + * the symmetric encryption keys that will be used to process the + * application data. + * + * TLS 1.0 and 1.1 define a PRF that is based on both MD5 and SHA-1. This + * is implemented by the `br_tls10_prf()` function. + * + * TLS 1.2 redefines the PRF, using an explicit hash function. The + * `br_tls12_sha256_prf()` and `br_tls12_sha384_prf()` functions apply that + * PRF with, respectively, SHA-256 and SHA-384. Most standard cipher suites + * rely on the SHA-256 based PRF, but some use SHA-384. + * + * The PRF always uses as input three parameters: a "secret" (some + * bytes), a "label" (ASCII string), and a "seed" (again some bytes). An + * arbitrary output length can be produced. The "seed" is provided as an + * arbitrary number of binary chunks, that gets internally concatenated. + */ + +/** + * \brief Type for a seed chunk. + * + * Each chunk may have an arbitrary length, and may be empty (no byte at + * all). If the chunk length is zero, then the pointer to the chunk data + * may be `NULL`. + */ +typedef struct { + /** + * \brief Pointer to the chunk data. + */ + const void *data; + + /** + * \brief Chunk length (in bytes). + */ + size_t len; +} br_tls_prf_seed_chunk; + +/** + * \brief PRF implementation for TLS 1.0 and 1.1. + * + * This PRF is the one specified by TLS 1.0 and 1.1. It internally uses + * MD5 and SHA-1. + * + * \param dst destination buffer. + * \param len output length (in bytes). + * \param secret secret value (key) for this computation. + * \param secret_len length of "secret" (in bytes). + * \param label PRF label (zero-terminated ASCII string). + * \param seed_num number of seed chunks. + * \param seed seed chnks for this computation (usually non-secret). + */ +void br_tls10_prf(void *dst, size_t len, + const void *secret, size_t secret_len, const char *label, + size_t seed_num, const br_tls_prf_seed_chunk *seed); + +/** + * \brief PRF implementation for TLS 1.2, with SHA-256. + * + * This PRF is the one specified by TLS 1.2, when the underlying hash + * function is SHA-256. + * + * \param dst destination buffer. + * \param len output length (in bytes). + * \param secret secret value (key) for this computation. + * \param secret_len length of "secret" (in bytes). + * \param label PRF label (zero-terminated ASCII string). + * \param seed_num number of seed chunks. + * \param seed seed chnks for this computation (usually non-secret). + */ +void br_tls12_sha256_prf(void *dst, size_t len, + const void *secret, size_t secret_len, const char *label, + size_t seed_num, const br_tls_prf_seed_chunk *seed); + +/** + * \brief PRF implementation for TLS 1.2, with SHA-384. + * + * This PRF is the one specified by TLS 1.2, when the underlying hash + * function is SHA-384. + * + * \param dst destination buffer. + * \param len output length (in bytes). + * \param secret secret value (key) for this computation. + * \param secret_len length of "secret" (in bytes). + * \param label PRF label (zero-terminated ASCII string). + * \param seed_num number of seed chunks. + * \param seed seed chnks for this computation (usually non-secret). + */ +void br_tls12_sha384_prf(void *dst, size_t len, + const void *secret, size_t secret_len, const char *label, + size_t seed_num, const br_tls_prf_seed_chunk *seed); + +/** + * brief A convenient type name for a PRF implementation. + * + * \param dst destination buffer. + * \param len output length (in bytes). + * \param secret secret value (key) for this computation. + * \param secret_len length of "secret" (in bytes). + * \param label PRF label (zero-terminated ASCII string). + * \param seed_num number of seed chunks. + * \param seed seed chnks for this computation (usually non-secret). + */ +typedef void (*br_tls_prf_impl)(void *dst, size_t len, + const void *secret, size_t secret_len, const char *label, + size_t seed_num, const br_tls_prf_seed_chunk *seed); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_rand.h b/tools/sdk/include/bearssl/bearssl_rand.h new file mode 100644 index 0000000000..37379d2bf8 --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_rand.h @@ -0,0 +1,295 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_RAND_H__ +#define BR_BEARSSL_RAND_H__ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_rand.h + * + * # Pseudo-Random Generators + * + * A PRNG is a state-based engine that outputs pseudo-random bytes on + * demand. It is initialized with an initial seed, and additional seed + * bytes can be added afterwards. Bytes produced depend on the seeds and + * also on the exact sequence of calls (including sizes requested for + * each call). + * + * + * ## Procedural and OOP API + * + * For the PRNG of name "`xxx`", two API are provided. The _procedural_ + * API defined a context structure `br_xxx_context` and three functions: + * + * - `br_xxx_init()` + * + * Initialise the context with an initial seed. + * + * - `br_xxx_generate()` + * + * Produce some pseudo-random bytes. + * + * - `br_xxx_update()` + * + * Inject some additional seed. + * + * The initialisation function sets the first context field (`vtable`) + * to a pointer to the vtable that supports the OOP API. The OOP API + * provides access to the same functions through function pointers, + * named `init()`, `generate()` and `update()`. + * + * Note that the context initialisation method may accept additional + * parameters, provided as a 'const void *' pointer at API level. These + * additional parameters depend on the implemented PRNG. + * + * + * ## HMAC_DRBG + * + * HMAC_DRBG is defined in [NIST SP 800-90A Revision + * 1](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf). + * It uses HMAC repeatedly, over some configurable underlying hash + * function. In BearSSL, it is implemented under the "`hmac_drbg`" name. + * The "extra parameters" pointer for context initialisation should be + * set to a pointer to the vtable for the underlying hash function (e.g. + * pointer to `br_sha256_vtable` to use HMAC_DRBG with SHA-256). + * + * According to the NIST standard, each request shall produce up to + * 219 bits (i.e. 64 kB of data); moreover, the context shall + * be reseeded at least once every 248 requests. This + * implementation does not maintain the reseed counter (the threshold is + * too high to be reached in practice) and does not object to producing + * more than 64 kB in a single request; thus, the code cannot fail, + * which corresponds to the fact that the API has no room for error + * codes. However, this implies that requesting more than 64 kB in one + * `generate()` request, or making more than 248 requests + * without reseeding, is formally out of NIST specification. There is + * no currently known security penalty for exceeding the NIST limits, + * and, in any case, HMAC_DRBG usage in implementing SSL/TLS always + * stays much below these thresholds. + */ + +/** + * \brief Class type for PRNG implementations. + * + * A `br_prng_class` instance references the methods implementing a PRNG. + * Constant instances of this structure are defined for each implemented + * PRNG. Such instances are also called "vtables". + */ +typedef struct br_prng_class_ br_prng_class; +struct br_prng_class_ { + /** + * \brief Size (in bytes) of the context structure appropriate for + * running this PRNG. + */ + size_t context_size; + + /** + * \brief Initialisation method. + * + * The context to initialise is provided as a pointer to its + * first field (the vtable pointer); this function sets that + * first field to a pointer to the vtable. + * + * The extra parameters depend on the implementation; each + * implementation defines what kind of extra parameters it + * expects (if any). + * + * Requirements on the initial seed depend on the implemented + * PRNG. + * + * \param ctx PRNG context to initialise. + * \param params extra parameters for the PRNG. + * \param seed initial seed. + * \param seed_len initial seed length (in bytes). + */ + void (*init)(const br_prng_class **ctx, const void *params, + const void *seed, size_t seed_len); + + /** + * \brief Random bytes generation. + * + * This method produces `len` pseudorandom bytes, in the `out` + * buffer. The context is updated accordingly. + * + * \param ctx PRNG context. + * \param out output buffer. + * \param len number of pseudorandom bytes to produce. + */ + void (*generate)(const br_prng_class **ctx, void *out, size_t len); + + /** + * \brief Inject additional seed bytes. + * + * The provided seed bytes are added into the PRNG internal + * entropy pool. + * + * \param ctx PRNG context. + * \param seed additional seed. + * \param seed_len additional seed length (in bytes). + */ + void (*update)(const br_prng_class **ctx, + const void *seed, size_t seed_len); +}; + +/** + * \brief Context for HMAC_DRBG. + * + * The context contents are opaque, except the first field, which + * supports OOP. + */ +typedef struct { + /** + * \brief Pointer to the vtable. + * + * This field is set with the initialisation method/function. + */ + const br_prng_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + unsigned char K[64]; + unsigned char V[64]; + const br_hash_class *digest_class; +#endif +} br_hmac_drbg_context; + +/** + * \brief Statically allocated, constant vtable for HMAC_DRBG. + */ +extern const br_prng_class br_hmac_drbg_vtable; + +/** + * \brief HMAC_DRBG initialisation. + * + * The context to initialise is provided as a pointer to its first field + * (the vtable pointer); this function sets that first field to a + * pointer to the vtable. + * + * The `seed` value is what is called, in NIST terminology, the + * concatenation of the "seed", "nonce" and "personalization string", in + * that order. + * + * The `digest_class` parameter defines the underlying hash function. + * Formally, the NIST standard specifies that the hash function shall + * be only SHA-1 or one of the SHA-2 functions. This implementation also + * works with any other implemented hash function (such as MD5), but + * this is non-standard and therefore not recommended. + * + * \param ctx HMAC_DRBG context to initialise. + * \param digest_class vtable for the underlying hash function. + * \param seed initial seed. + * \param seed_len initial seed length (in bytes). + */ +void br_hmac_drbg_init(br_hmac_drbg_context *ctx, + const br_hash_class *digest_class, const void *seed, size_t seed_len); + +/** + * \brief Random bytes generation with HMAC_DRBG. + * + * This method produces `len` pseudorandom bytes, in the `out` + * buffer. The context is updated accordingly. Formally, requesting + * more than 65536 bytes in one request falls out of specification + * limits (but it won't fail). + * + * \param ctx HMAC_DRBG context. + * \param out output buffer. + * \param len number of pseudorandom bytes to produce. + */ +void br_hmac_drbg_generate(br_hmac_drbg_context *ctx, void *out, size_t len); + +/** + * \brief Inject additional seed bytes in HMAC_DRBG. + * + * The provided seed bytes are added into the HMAC_DRBG internal + * entropy pool. The process does not _replace_ existing entropy, + * thus pushing non-random bytes (i.e. bytes which are known to the + * attackers) does not degrade the overall quality of generated bytes. + * + * \param ctx HMAC_DRBG context. + * \param seed additional seed. + * \param seed_len additional seed length (in bytes). + */ +void br_hmac_drbg_update(br_hmac_drbg_context *ctx, + const void *seed, size_t seed_len); + +/** + * \brief Get the hash function implementation used by a given instance of + * HMAC_DRBG. + * + * This calls MUST NOT be performed on a context which was not + * previously initialised. + * + * \param ctx HMAC_DRBG context. + * \return the hash function vtable. + */ +static inline const br_hash_class * +br_hmac_drbg_get_hash(const br_hmac_drbg_context *ctx) +{ + return ctx->digest_class; +} + +/** + * \brief Type for a provider of entropy seeds. + * + * A "seeder" is a function that is able to obtain random values from + * some source and inject them as entropy seed in a PRNG. A seeder + * shall guarantee that the total entropy of the injected seed is large + * enough to seed a PRNG for purposes of cryptographic key generation + * (i.e. at least 128 bits). + * + * A seeder may report a failure to obtain adequate entropy. Seeders + * shall endeavour to fix themselves transient errors by trying again; + * thus, callers may consider reported errors as permanent. + * + * \param ctx PRNG context to seed. + * \return 1 on success, 0 on error. + */ +typedef int (*br_prng_seeder)(const br_prng_class **ctx); + +/** + * \brief Get a seeder backed by the operating system or hardware. + * + * Get a seeder that feeds on RNG facilities provided by the current + * operating system or hardware. If no such facility is known, then 0 + * is returned. + * + * If `name` is not `NULL`, then `*name` is set to a symbolic string + * that identifies the seeder implemention. If no seeder is returned + * and `name` is not `NULL`, then `*name` is set to a pointer to the + * constant string `"none"`. + * + * \param name receiver for seeder name, or `NULL`. + * \return the system seeder, if available, or 0. + */ +br_prng_seeder br_prng_seeder_system(const char **name); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_rsa.h b/tools/sdk/include/bearssl/bearssl_rsa.h new file mode 100644 index 0000000000..3d5c26a322 --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_rsa.h @@ -0,0 +1,743 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_RSA_H__ +#define BR_BEARSSL_RSA_H__ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_rsa.h + * + * # RSA + * + * This file documents the RSA implementations provided with BearSSL. + * Note that the SSL engine accesses these implementations through a + * configurable API, so it is possible to, for instance, run a SSL + * server which uses a RSA engine which is not based on this code. + * + * ## Key Elements + * + * RSA public and private keys consist in lists of big integers. All + * such integers are represented with big-endian unsigned notation: + * first byte is the most significant, and the value is positive (so + * there is no dedicated "sign bit"). Public and private key structures + * thus contain, for each such integer, a pointer to the first value byte + * (`unsigned char *`), and a length (`size_t`) which is the number of + * relevant bytes. As a general rule, minimal-length encoding is not + * enforced: values may have extra leading bytes of value 0. + * + * RSA public keys consist in two integers: + * + * - the modulus (`n`); + * - the public exponent (`e`). + * + * RSA private keys, as defined in + * [PKCS#1](https://tools.ietf.org/html/rfc3447), contain eight integers: + * + * - the modulus (`n`); + * - the public exponent (`e`); + * - the private exponent (`d`); + * - the first prime factor (`p`); + * - the second prime factor (`q`); + * - the first reduced exponent (`dp`, which is `d` modulo `p-1`); + * - the second reduced exponent (`dq`, which is `d` modulo `q-1`); + * - the CRT coefficient (`iq`, the inverse of `q` modulo `p`). + * + * However, the implementations defined in BearSSL use only five of + * these integers: `p`, `q`, `dp`, `dq` and `iq`. + * + * ## Security Features and Limitations + * + * The implementations contained in BearSSL have the following limitations + * and features: + * + * - They are constant-time. This means that the execution time and + * memory access pattern may depend on the _lengths_ of the private + * key components, but not on their value, nor on the value of + * the operand. Note that this property is not achieved through + * random masking, but "true" constant-time code. + * + * - They support only private keys with two prime factors. RSA private + * key with three or more prime factors are nominally supported, but + * rarely used; they may offer faster operations, at the expense of + * more code and potentially a reduction in security if there are + * "too many" prime factors. + * + * - The public exponent may have arbitrary length. Of course, it is + * a good idea to keep public exponents small, so that public key + * operations are fast; but, contrary to some widely deployed + * implementations, BearSSL has no problem with public exponent + * longer than 32 bits. + * + * - The two prime factors of the modulus need not have the same length + * (but severely imbalanced factor lengths might reduce security). + * Similarly, there is no requirement that the first factor (`p`) + * be greater than the second factor (`q`). + * + * - Prime factors and modulus must be smaller than a compile-time limit. + * This is made necessary by the use of fixed-size stack buffers, and + * the limit has been adjusted to keep stack usage under 2 kB for the + * RSA operations. Currently, the maximum modulus size is 4096 bits, + * and the maximum prime factor size is 2080 bits. + * + * - The RSA functions themselves do not enforce lower size limits, + * except that which is absolutely necessary for the operation to + * mathematically make sense (e.g. a PKCS#1 v1.5 signature with + * SHA-1 requires a modulus of at least 361 bits). It is up to users + * of this code to enforce size limitations when appropriate (e.g. + * the X.509 validation engine, by default, rejects RSA keys of + * less than 1017 bits). + * + * - Within the size constraints expressed above, arbitrary bit lengths + * are supported. There is no requirement that prime factors or + * modulus have a size multiple of 8 or 16. + * + * - When verifying PKCS#1 v1.5 signatures, both variants of the hash + * function identifying header (with and without the ASN.1 NULL) are + * supported. When producing such signatures, the variant with the + * ASN.1 NULL is used. + * + * ## Implementations + * + * Three RSA implementations are included: + * + * - The **i32** implementation internally represents big integers + * as arrays of 32-bit integers. It is perfunctory and portable, + * but not very efficient. + * + * - The **i31** implementation uses 32-bit integers, each containing + * 31 bits worth of integer data. The i31 implementation is somewhat + * faster than the i32 implementation (the reduced integer size makes + * carry propagation easier) for a similar code footprint, but uses + * very slightly larger stack buffers (about 4% bigger). + * + * - The **i62** implementation is similar to the i31 implementation, + * except that it internally leverages the 64x64->128 multiplication + * opcode. This implementation is available only on architectures + * where such an opcode exists. It is much faster than i31. + * + * - The **i15** implementation uses 16-bit integers, each containing + * 15 bits worth of integer data. Multiplication results fit on + * 32 bits, so this won't use the "widening" multiplication routine + * on ARM Cortex M0/M0+, for much better performance and constant-time + * execution. + */ + +/** + * \brief RSA public key. + * + * The structure references the modulus and the public exponent. Both + * integers use unsigned big-endian representation; extra leading bytes + * of value 0 are allowed. + */ +typedef struct { + /** \brief Modulus. */ + unsigned char *n; + /** \brief Modulus length (in bytes). */ + size_t nlen; + /** \brief Public exponent. */ + unsigned char *e; + /** \brief Public exponent length (in bytes). */ + size_t elen; +} br_rsa_public_key; + +/** + * \brief RSA private key. + * + * The structure references the primvate factors, reduced private + * exponents, and CRT coefficient. It also contains the bit length of + * the modulus. The big integers use unsigned big-endian representation; + * extra leading bytes of value 0 are allowed. However, the modulus bit + * length (`n_bitlen`) MUST be exact. + */ +typedef struct { + /** \brief Modulus bit length (in bits, exact value). */ + uint32_t n_bitlen; + /** \brief First prime factor. */ + unsigned char *p; + /** \brief First prime factor length (in bytes). */ + size_t plen; + /** \brief Second prime factor. */ + unsigned char *q; + /** \brief Second prime factor length (in bytes). */ + size_t qlen; + /** \brief First reduced private exponent. */ + unsigned char *dp; + /** \brief First reduced private exponent length (in bytes). */ + size_t dplen; + /** \brief Second reduced private exponent. */ + unsigned char *dq; + /** \brief Second reduced private exponent length (in bytes). */ + size_t dqlen; + /** \brief CRT coefficient. */ + unsigned char *iq; + /** \brief CRT coefficient length (in bytes). */ + size_t iqlen; +} br_rsa_private_key; + +/** + * \brief Type for a RSA public key engine. + * + * The public key engine performs the modular exponentiation of the + * provided value with the public exponent. The value is modified in + * place. + * + * The value length (`xlen`) is verified to have _exactly_ the same + * length as the modulus (actual modulus length, without extra leading + * zeros in the modulus representation in memory). If the length does + * not match, then this function returns 0 and `x[]` is unmodified. + * + * It `xlen` is correct, then `x[]` is modified. Returned value is 1 + * on success, 0 on error. Error conditions include an oversized `x[]` + * (the array has the same length as the modulus, but the numerical value + * is not lower than the modulus) and an invalid modulus (e.g. an even + * integer). If an error is reported, then the new contents of `x[]` are + * unspecified. + * + * \param x operand to exponentiate. + * \param xlen length of the operand (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +typedef uint32_t (*br_rsa_public)(unsigned char *x, size_t xlen, + const br_rsa_public_key *pk); + +/** + * \brief Type for a RSA signature verification engine (PKCS#1 v1.5). + * + * Parameters are: + * + * - The signature itself. The provided array is NOT modified. + * + * - The encoded OID for the hash function. The provided array must begin + * with a single byte that contains the length of the OID value (in + * bytes), followed by exactly that many bytes. This parameter may + * also be `NULL`, in which case the raw hash value should be used + * with the PKCS#1 v1.5 "type 1" padding (as used in SSL/TLS up + * to TLS-1.1, with a 36-byte hash value). + * + * - The hash output length, in bytes. + * + * - The public key. + * + * - An output buffer for the hash value. The caller must still compare + * it with the hash of the data over which the signature is computed. + * + * **Constraints:** + * + * - Hash length MUST be no more than 64 bytes. + * + * - OID value length MUST be no more than 32 bytes (i.e. `hash_oid[0]` + * must have a value in the 0..32 range, inclusive). + * + * This function verifies that the signature length (`xlen`) matches the + * modulus length (this function returns 0 on mismatch). If the modulus + * size exceeds the maximum supported RSA size, then the function also + * returns 0. + * + * Returned value is 1 on success, 0 on error. + * + * Implementations of this type need not be constant-time. + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash_len expected hash value length (in bytes). + * \param pk RSA public key. + * \param hash_out output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +typedef uint32_t (*br_rsa_pkcs1_vrfy)(const unsigned char *x, size_t xlen, + const unsigned char *hash_oid, size_t hash_len, + const br_rsa_public_key *pk, unsigned char *hash_out); + +/** + * \brief Type for a RSA private key engine. + * + * The `x[]` buffer is modified in place, and its length is inferred from + * the modulus length (`x[]` is assumed to have a length of + * `(sk->n_bitlen+7)/8` bytes). + * + * Returned value is 1 on success, 0 on error. + * + * \param x operand to exponentiate. + * \param sk RSA private key. + * \return 1 on success, 0 on error. + */ +typedef uint32_t (*br_rsa_private)(unsigned char *x, + const br_rsa_private_key *sk); + +/** + * \brief Type for a RSA signature generation engine (PKCS#1 v1.5). + * + * Parameters are: + * + * - The encoded OID for the hash function. The provided array must begin + * with a single byte that contains the length of the OID value (in + * bytes), followed by exactly that many bytes. This parameter may + * also be `NULL`, in which case the raw hash value should be used + * with the PKCS#1 v1.5 "type 1" padding (as used in SSL/TLS up + * to TLS-1.1, with a 36-byte hash value). + * + * - The hash value computes over the data to sign (its length is + * expressed in bytes). + * + * - The RSA private key. + * + * - The output buffer, that receives the signature. + * + * Returned value is 1 on success, 0 on error. Error conditions include + * a too small modulus for the provided hash OID and value, or some + * invalid key parameters. The signature length is exactly + * `(sk->n_bitlen+7)/8` bytes. + * + * This function is expected to be constant-time with regards to the + * private key bytes (lengths of the modulus and the individual factors + * may leak, though) and to the hashed data. + * + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash hash value. + * \param hash_len hash value length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the signature value. + * \return 1 on success, 0 on error. + */ +typedef uint32_t (*br_rsa_pkcs1_sign)(const unsigned char *hash_oid, + const unsigned char *hash, size_t hash_len, + const br_rsa_private_key *sk, unsigned char *x); + +/** + * \brief Encoded OID for SHA-1 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA1 \ + ((const unsigned char *)"\x05\x2B\x0E\x03\x02\x1A") + +/** + * \brief Encoded OID for SHA-224 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA224 \ + ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04") + +/** + * \brief Encoded OID for SHA-256 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA256 \ + ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01") + +/** + * \brief Encoded OID for SHA-384 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA384 \ + ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02") + +/** + * \brief Encoded OID for SHA-512 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA512 \ + ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03") + +/* + * RSA "i32" engine. Integers are internally represented as arrays of + * 32-bit integers, and the core multiplication primitive is the + * 32x32->64 multiplication. + */ + +/** + * \brief RSA public key engine "i32". + * + * \see br_rsa_public + * + * \param x operand to exponentiate. + * \param xlen length of the operand (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i32_public(unsigned char *x, size_t xlen, + const br_rsa_public_key *pk); + +/** + * \brief RSA signature verification engine "i32". + * + * \see br_rsa_pkcs1_vrfy + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash_len expected hash value length (in bytes). + * \param pk RSA public key. + * \param hash_out output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i32_pkcs1_vrfy(const unsigned char *x, size_t xlen, + const unsigned char *hash_oid, size_t hash_len, + const br_rsa_public_key *pk, unsigned char *hash_out); + +/** + * \brief RSA private key engine "i32". + * + * \see br_rsa_private + * + * \param x operand to exponentiate. + * \param sk RSA private key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i32_private(unsigned char *x, + const br_rsa_private_key *sk); + +/** + * \brief RSA signature generation engine "i32". + * + * \see br_rsa_pkcs1_sign + * + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash hash value. + * \param hash_len hash value length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i32_pkcs1_sign(const unsigned char *hash_oid, + const unsigned char *hash, size_t hash_len, + const br_rsa_private_key *sk, unsigned char *x); + +/* + * RSA "i31" engine. Similar to i32, but only 31 bits are used per 32-bit + * word. This uses slightly more stack space (about 4% more) and code + * space, but it quite faster. + */ + +/** + * \brief RSA public key engine "i31". + * + * \see br_rsa_public + * + * \param x operand to exponentiate. + * \param xlen length of the operand (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i31_public(unsigned char *x, size_t xlen, + const br_rsa_public_key *pk); + +/** + * \brief RSA signature verification engine "i31". + * + * \see br_rsa_pkcs1_vrfy + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash_len expected hash value length (in bytes). + * \param pk RSA public key. + * \param hash_out output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i31_pkcs1_vrfy(const unsigned char *x, size_t xlen, + const unsigned char *hash_oid, size_t hash_len, + const br_rsa_public_key *pk, unsigned char *hash_out); + +/** + * \brief RSA private key engine "i31". + * + * \see br_rsa_private + * + * \param x operand to exponentiate. + * \param sk RSA private key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i31_private(unsigned char *x, + const br_rsa_private_key *sk); + +/** + * \brief RSA signature generation engine "i31". + * + * \see br_rsa_pkcs1_sign + * + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash hash value. + * \param hash_len hash value length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i31_pkcs1_sign(const unsigned char *hash_oid, + const unsigned char *hash, size_t hash_len, + const br_rsa_private_key *sk, unsigned char *x); + +/* + * RSA "i62" engine. Similar to i31, but internal multiplication use + * 64x64->128 multiplications. This is available only on architecture + * that offer such an opcode. + */ + +/** + * \brief RSA public key engine "i62". + * + * This function is defined only on architecture that offer a 64x64->128 + * opcode. Use `br_rsa_i62_public_get()` to dynamically obtain a pointer + * to that functiom. + * + * \see br_rsa_public + * + * \param x operand to exponentiate. + * \param xlen length of the operand (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i62_public(unsigned char *x, size_t xlen, + const br_rsa_public_key *pk); + +/** + * \brief RSA signature verification engine "i62". + * + * This function is defined only on architecture that offer a 64x64->128 + * opcode. Use `br_rsa_i62_pkcs1_vrfy_get()` to dynamically obtain a pointer + * to that functiom. + * + * \see br_rsa_pkcs1_vrfy + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash_len expected hash value length (in bytes). + * \param pk RSA public key. + * \param hash_out output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i62_pkcs1_vrfy(const unsigned char *x, size_t xlen, + const unsigned char *hash_oid, size_t hash_len, + const br_rsa_public_key *pk, unsigned char *hash_out); + +/** + * \brief RSA private key engine "i62". + * + * This function is defined only on architecture that offer a 64x64->128 + * opcode. Use `br_rsa_i62_private_get()` to dynamically obtain a pointer + * to that functiom. + * + * \see br_rsa_private + * + * \param x operand to exponentiate. + * \param sk RSA private key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i62_private(unsigned char *x, + const br_rsa_private_key *sk); + +/** + * \brief RSA signature generation engine "i62". + * + * This function is defined only on architecture that offer a 64x64->128 + * opcode. Use `br_rsa_i62_pkcs1_sign_get()` to dynamically obtain a pointer + * to that functiom. + * + * \see br_rsa_pkcs1_sign + * + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash hash value. + * \param hash_len hash value length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i62_pkcs1_sign(const unsigned char *hash_oid, + const unsigned char *hash, size_t hash_len, + const br_rsa_private_key *sk, unsigned char *x); + +/** + * \brief Get the RSA "i62" implementation (public key operations), + * if available. + * + * \return the implementation, or 0. + */ +br_rsa_public br_rsa_i62_public_get(void); + +/** + * \brief Get the RSA "i62" implementation (PKCS#1 signature verification), + * if available. + * + * \return the implementation, or 0. + */ +br_rsa_pkcs1_vrfy br_rsa_i62_pkcs1_vrfy_get(void); + +/** + * \brief Get the RSA "i62" implementation (private key operations), + * if available. + * + * \return the implementation, or 0. + */ +br_rsa_private br_rsa_i62_private_get(void); + +/** + * \brief Get the RSA "i62" implementation (PKCS#1 signature generation), + * if available. + * + * \return the implementation, or 0. + */ +br_rsa_pkcs1_sign br_rsa_i62_pkcs1_sign_get(void); + +/* + * RSA "i15" engine. Integers are represented as 15-bit integers, so + * the code uses only 32-bit multiplication (no 64-bit result), which + * is vastly faster (and constant-time) on the ARM Cortex M0/M0+. + */ + +/** + * \brief RSA public key engine "i15". + * + * \see br_rsa_public + * + * \param x operand to exponentiate. + * \param xlen length of the operand (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i15_public(unsigned char *x, size_t xlen, + const br_rsa_public_key *pk); + +/** + * \brief RSA signature verification engine "i15". + * + * \see br_rsa_pkcs1_vrfy + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash_len expected hash value length (in bytes). + * \param pk RSA public key. + * \param hash_out output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i15_pkcs1_vrfy(const unsigned char *x, size_t xlen, + const unsigned char *hash_oid, size_t hash_len, + const br_rsa_public_key *pk, unsigned char *hash_out); + +/** + * \brief RSA private key engine "i15". + * + * \see br_rsa_private + * + * \param x operand to exponentiate. + * \param sk RSA private key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i15_private(unsigned char *x, + const br_rsa_private_key *sk); + +/** + * \brief RSA signature generation engine "i15". + * + * \see br_rsa_pkcs1_sign + * + * \param hash_oid encoded hash algorithm OID (or `NULL`). + * \param hash hash value. + * \param hash_len hash value length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the hash value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i15_pkcs1_sign(const unsigned char *hash_oid, + const unsigned char *hash, size_t hash_len, + const br_rsa_private_key *sk, unsigned char *x); + +/** + * \brief Get "default" RSA implementation (public-key operations). + * + * This returns the preferred implementation of RSA (public-key operations) + * on the current system. + * + * \return the default implementation. + */ +br_rsa_public br_rsa_public_get_default(void); + +/** + * \brief Get "default" RSA implementation (private-key operations). + * + * This returns the preferred implementation of RSA (private-key operations) + * on the current system. + * + * \return the default implementation. + */ +br_rsa_private br_rsa_private_get_default(void); + +/** + * \brief Get "default" RSA implementation (PKCS#1 signature verification). + * + * This returns the preferred implementation of RSA (signature verification) + * on the current system. + * + * \return the default implementation. + */ +br_rsa_pkcs1_vrfy br_rsa_pkcs1_vrfy_get_default(void); + +/** + * \brief Get "default" RSA implementation (PKCS#1 signature generation). + * + * This returns the preferred implementation of RSA (signature generation) + * on the current system. + * + * \return the default implementation. + */ +br_rsa_pkcs1_sign br_rsa_pkcs1_sign_get_default(void); + +/** + * \brief RSA decryption helper, for SSL/TLS. + * + * This function performs the RSA decryption for a RSA-based key exchange + * in a SSL/TLS server. The provided RSA engine is used. The `data` + * parameter points to the value to decrypt, of length `len` bytes. On + * success, the 48-byte pre-master secret is copied into `data`, starting + * at the first byte of that buffer; on error, the contents of `data` + * become indeterminate. + * + * This function first checks that the provided value length (`len`) is + * not lower than 59 bytes, and matches the RSA modulus length; if neither + * of this property is met, then this function returns 0 and the buffer + * is unmodified. + * + * Otherwise, decryption and then padding verification are performed, both + * in constant-time. A decryption error, or a bad padding, or an + * incorrect decrypted value length are reported with a returned value of + * 0; on success, 1 is returned. The caller (SSL server engine) is supposed + * to proceed with a random pre-master secret in case of error. + * + * \param core RSA private key engine. + * \param sk RSA private key. + * \param data input/output buffer. + * \param len length (in bytes) of the data to decrypt. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_ssl_decrypt(br_rsa_private core, const br_rsa_private_key *sk, + unsigned char *data, size_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_ssl.h b/tools/sdk/include/bearssl/bearssl_ssl.h new file mode 100644 index 0000000000..6640bc6518 --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_ssl.h @@ -0,0 +1,4136 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_SSL_H__ +#define BR_BEARSSL_SSL_H__ + +#include +#include + +#include "bearssl_block.h" +#include "bearssl_hash.h" +#include "bearssl_hmac.h" +#include "bearssl_prf.h" +#include "bearssl_rand.h" +#include "bearssl_x509.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_ssl.h + * + * # SSL + * + * For an overview of the SSL/TLS API, see [the BearSSL Web + * site](https://www.bearssl.org/api1.html). + * + * The `BR_TLS_*` constants correspond to the standard cipher suites and + * their values in the [IANA + * registry](http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4). + * + * The `BR_ALERT_*` constants are for standard TLS alert messages. When + * a fatal alert message is sent of received, then the SSL engine context + * status is set to the sum of that alert value (an integer in the 0..255 + * range) and a fixed offset (`BR_ERR_SEND_FATAL_ALERT` for a sent alert, + * `BR_ERR_RECV_FATAL_ALERT` for a received alert). + */ + +/** \brief Optimal input buffer size. */ +#define BR_SSL_BUFSIZE_INPUT (16384 + 325) + +/** \brief Optimal output buffer size. */ +#define BR_SSL_BUFSIZE_OUTPUT (16384 + 85) + +/** \brief Optimal buffer size for monodirectional engine + (shared input/output buffer). */ +#define BR_SSL_BUFSIZE_MONO BR_SSL_BUFSIZE_INPUT + +/** \brief Optimal buffer size for bidirectional engine + (single buffer split into two separate input/output buffers). */ +#define BR_SSL_BUFSIZE_BIDI (BR_SSL_BUFSIZE_INPUT + BR_SSL_BUFSIZE_OUTPUT) + +/* + * Constants for known SSL/TLS protocol versions (SSL 3.0, TLS 1.0, TLS 1.1 + * and TLS 1.2). Note that though there is a constant for SSL 3.0, that + * protocol version is not actually supported. + */ + +/** \brief Protocol version: SSL 3.0 (unsupported). */ +#define BR_SSL30 0x0300 +/** \brief Protocol version: TLS 1.0. */ +#define BR_TLS10 0x0301 +/** \brief Protocol version: TLS 1.1. */ +#define BR_TLS11 0x0302 +/** \brief Protocol version: TLS 1.2. */ +#define BR_TLS12 0x0303 + +/* + * Error constants. They are used to report the reason why a context has + * been marked as failed. + * + * Implementation note: SSL-level error codes should be in the 1..31 + * range. The 32..63 range is for certificate decoding and validation + * errors. Received fatal alerts imply an error code in the 256..511 range. + */ + +/** \brief SSL status: no error so far (0). */ +#define BR_ERR_OK 0 + +/** \brief SSL status: caller-provided parameter is incorrect. */ +#define BR_ERR_BAD_PARAM 1 + +/** \brief SSL status: operation requested by the caller cannot be applied + with the current context state (e.g. reading data while outgoing data + is waiting to be sent). */ +#define BR_ERR_BAD_STATE 2 + +/** \brief SSL status: incoming protocol or record version is unsupported. */ +#define BR_ERR_UNSUPPORTED_VERSION 3 + +/** \brief SSL status: incoming record version does not match the expected + version. */ +#define BR_ERR_BAD_VERSION 4 + +/** \brief SSL status: incoming record length is invalid. */ +#define BR_ERR_BAD_LENGTH 5 + +/** \brief SSL status: incoming record is too large to be processed, or + buffer is too small for the handshake message to send. */ +#define BR_ERR_TOO_LARGE 6 + +/** \brief SSL status: decryption found an invalid padding, or the record + MAC is not correct. */ +#define BR_ERR_BAD_MAC 7 + +/** \brief SSL status: no initial entropy was provided, and none can be + obtained from the OS. */ +#define BR_ERR_NO_RANDOM 8 + +/** \brief SSL status: incoming record type is unknown. */ +#define BR_ERR_UNKNOWN_TYPE 9 + +/** \brief SSL status: incoming record or message has wrong type with + regards to the current engine state. */ +#define BR_ERR_UNEXPECTED 10 + +/** \brief SSL status: ChangeCipherSpec message from the peer has invalid + contents. */ +#define BR_ERR_BAD_CCS 12 + +/** \brief SSL status: alert message from the peer has invalid contents + (odd length). */ +#define BR_ERR_BAD_ALERT 13 + +/** \brief SSL status: incoming handshake message decoding failed. */ +#define BR_ERR_BAD_HANDSHAKE 14 + +/** \brief SSL status: ServerHello contains a session ID which is larger + than 32 bytes. */ +#define BR_ERR_OVERSIZED_ID 15 + +/** \brief SSL status: server wants to use a cipher suite that we did + not claim to support. This is also reported if we tried to advertise + a cipher suite that we do not support. */ +#define BR_ERR_BAD_CIPHER_SUITE 16 + +/** \brief SSL status: server wants to use a compression that we did not + claim to support. */ +#define BR_ERR_BAD_COMPRESSION 17 + +/** \brief SSL status: server's max fragment length does not match + client's. */ +#define BR_ERR_BAD_FRAGLEN 18 + +/** \brief SSL status: secure renegotiation failed. */ +#define BR_ERR_BAD_SECRENEG 19 + +/** \brief SSL status: server sent an extension type that we did not + announce, or used the same extension type several times in a single + ServerHello. */ +#define BR_ERR_EXTRA_EXTENSION 20 + +/** \brief SSL status: invalid Server Name Indication contents (when + used by the server, this extension shall be empty). */ +#define BR_ERR_BAD_SNI 21 + +/** \brief SSL status: invalid ServerHelloDone from the server (length + is not 0). */ +#define BR_ERR_BAD_HELLO_DONE 22 + +/** \brief SSL status: internal limit exceeded (e.g. server's public key + is too large). */ +#define BR_ERR_LIMIT_EXCEEDED 23 + +/** \brief SSL status: Finished message from peer does not match the + expected value. */ +#define BR_ERR_BAD_FINISHED 24 + +/** \brief SSL status: session resumption attempt with distinct version + or cipher suite. */ +#define BR_ERR_RESUME_MISMATCH 25 + +/** \brief SSL status: unsupported or invalid algorithm (ECDHE curve, + signature algorithm, hash function). */ +#define BR_ERR_INVALID_ALGORITHM 26 + +/** \brief SSL status: invalid signature (on ServerKeyExchange from + server, or in CertificateVerify from client). */ +#define BR_ERR_BAD_SIGNATURE 27 + +/** \brief SSL status: peer's public key does not have the proper type + or is not allowed for requested operation. */ +#define BR_ERR_WRONG_KEY_USAGE 28 + +/** \brief SSL status: client did not send a certificate upon request, + or the client certificate could not be validated. */ +#define BR_ERR_NO_CLIENT_AUTH 29 + +/** \brief SSL status: I/O error or premature close on underlying + transport stream. This error code is set only by the simplified + I/O API ("br_sslio_*"). */ +#define BR_ERR_IO 31 + +/** \brief SSL status: base value for a received fatal alert. + + When a fatal alert is received from the peer, the alert value + is added to this constant. */ +#define BR_ERR_RECV_FATAL_ALERT 256 + +/** \brief SSL status: base value for a sent fatal alert. + + When a fatal alert is sent to the peer, the alert value is added + to this constant. */ +#define BR_ERR_SEND_FATAL_ALERT 512 + +/* ===================================================================== */ + +/** + * \brief Decryption engine for SSL. + * + * When processing incoming records, the SSL engine will use a decryption + * engine that uses a specific context structure, and has a set of + * methods (a vtable) that follows this template. + * + * The decryption engine is responsible for applying decryption, verifying + * MAC, and keeping track of the record sequence number. + */ +typedef struct br_sslrec_in_class_ br_sslrec_in_class; +struct br_sslrec_in_class_ { + /** + * \brief Context size (in bytes). + */ + size_t context_size; + + /** + * \brief Test validity of the incoming record length. + * + * This function returns 1 if the announced length for an + * incoming record is valid, 0 otherwise, + * + * \param ctx decryption engine context. + * \param record_len incoming record length. + * \return 1 of a valid length, 0 otherwise. + */ + int (*check_length)(const br_sslrec_in_class *const *ctx, + size_t record_len); + + /** + * \brief Decrypt the incoming record. + * + * This function may assume that the record length is valid + * (it has been previously tested with `check_length()`). + * Decryption is done in place; `*len` is updated with the + * cleartext length, and the address of the first plaintext + * byte is returned. If the record is correct but empty, then + * `*len` is set to 0 and a non-`NULL` pointer is returned. + * + * On decryption/MAC error, `NULL` is returned. + * + * \param ctx decryption engine context. + * \param record_type record type (23 for application data, etc). + * \param version record version. + * \param payload address of encrypted payload. + * \param len pointer to payload length (updated). + * \return pointer to plaintext, or `NULL` on error. + */ + unsigned char *(*decrypt)(const br_sslrec_in_class **ctx, + int record_type, unsigned version, + void *payload, size_t *len); +}; + +/** + * \brief Encryption engine for SSL. + * + * When building outgoing records, the SSL engine will use an encryption + * engine that uses a specific context structure, and has a set of + * methods (a vtable) that follows this template. + * + * The encryption engine is responsible for applying encryption and MAC, + * and keeping track of the record sequence number. + */ +typedef struct br_sslrec_out_class_ br_sslrec_out_class; +struct br_sslrec_out_class_ { + /** + * \brief Context size (in bytes). + */ + size_t context_size; + + /** + * \brief Compute maximum plaintext sizes and offsets. + * + * When this function is called, the `*start` and `*end` + * values contain offsets designating the free area in the + * outgoing buffer for plaintext data; that free area is + * preceded by a 5-byte space which will receive the record + * header. + * + * The `max_plaintext()` function is responsible for adjusting + * both `*start` and `*end` to make room for any record-specific + * header, MAC, padding, and possible split. + * + * \param ctx encryption engine context. + * \param start pointer to start of plaintext offset (updated). + * \param end pointer to start of plaintext offset (updated). + */ + void (*max_plaintext)(const br_sslrec_out_class *const *ctx, + size_t *start, size_t *end); + + /** + * \brief Perform record encryption. + * + * This function encrypts the record. The plaintext address and + * length are provided. Returned value is the start of the + * encrypted record (or sequence of records, if a split was + * performed), _including_ the 5-byte header, and `*len` is + * adjusted to the total size of the record(s), there again + * including the header(s). + * + * \param ctx decryption engine context. + * \param record_type record type (23 for application data, etc). + * \param version record version. + * \param plaintext address of plaintext. + * \param len pointer to plaintext length (updated). + * \return pointer to start of built record. + */ + unsigned char *(*encrypt)(const br_sslrec_out_class **ctx, + int record_type, unsigned version, + void *plaintext, size_t *len); +}; + +/** + * \brief Context for a no-encryption engine. + * + * The no-encryption engine processes outgoing records during the initial + * handshake, before encryption is applied. + */ +typedef struct { + /** \brief No-encryption engine vtable. */ + const br_sslrec_out_class *vtable; +} br_sslrec_out_clear_context; + +/** \brief Static, constant vtable for the no-encryption engine. */ +extern const br_sslrec_out_class br_sslrec_out_clear_vtable; + +/* ===================================================================== */ + +/** + * \brief Record decryption engine class, for CBC mode. + * + * This class type extends the decryption engine class with an + * initialisation method that receives the parameters needed + * for CBC processing: block cipher implementation, block cipher key, + * HMAC parameters (hash function, key, MAC length), and IV. If the + * IV is `NULL`, then a per-record IV will be used (TLS 1.1+). + */ +typedef struct br_sslrec_in_cbc_class_ br_sslrec_in_cbc_class; +struct br_sslrec_in_cbc_class_ { + /** + * \brief Superclass, as first vtable field. + */ + br_sslrec_in_class inner; + + /** + * \brief Engine initialisation method. + * + * This method sets the vtable field in the context. + * + * \param ctx context to initialise. + * \param bc_impl block cipher implementation (CBC decryption). + * \param bc_key block cipher key. + * \param bc_key_len block cipher key length (in bytes). + * \param dig_impl hash function for HMAC. + * \param mac_key HMAC key. + * \param mac_key_len HMAC key length (in bytes). + * \param mac_out_len HMAC output length (in bytes). + * \param iv initial IV (or `NULL`). + */ + void (*init)(const br_sslrec_in_cbc_class **ctx, + const br_block_cbcdec_class *bc_impl, + const void *bc_key, size_t bc_key_len, + const br_hash_class *dig_impl, + const void *mac_key, size_t mac_key_len, size_t mac_out_len, + const void *iv); +}; + +/** + * \brief Record encryption engine class, for CBC mode. + * + * This class type extends the encryption engine class with an + * initialisation method that receives the parameters needed + * for CBC processing: block cipher implementation, block cipher key, + * HMAC parameters (hash function, key, MAC length), and IV. If the + * IV is `NULL`, then a per-record IV will be used (TLS 1.1+). + */ +typedef struct br_sslrec_out_cbc_class_ br_sslrec_out_cbc_class; +struct br_sslrec_out_cbc_class_ { + /** + * \brief Superclass, as first vtable field. + */ + br_sslrec_out_class inner; + + /** + * \brief Engine initialisation method. + * + * This method sets the vtable field in the context. + * + * \param ctx context to initialise. + * \param bc_impl block cipher implementation (CBC encryption). + * \param bc_key block cipher key. + * \param bc_key_len block cipher key length (in bytes). + * \param dig_impl hash function for HMAC. + * \param mac_key HMAC key. + * \param mac_key_len HMAC key length (in bytes). + * \param mac_out_len HMAC output length (in bytes). + * \param iv initial IV (or `NULL`). + */ + void (*init)(const br_sslrec_out_cbc_class **ctx, + const br_block_cbcenc_class *bc_impl, + const void *bc_key, size_t bc_key_len, + const br_hash_class *dig_impl, + const void *mac_key, size_t mac_key_len, size_t mac_out_len, + const void *iv); +}; + +/** + * \brief Context structure for decrypting incoming records with + * CBC + HMAC. + * + * The first field points to the vtable. The other fields are opaque + * and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + const br_sslrec_in_cbc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t seq; + union { + const br_block_cbcdec_class *vtable; + br_aes_gen_cbcdec_keys aes; + br_des_gen_cbcdec_keys des; + } bc; + br_hmac_key_context mac; + size_t mac_len; + unsigned char iv[16]; + int explicit_IV; +#endif +} br_sslrec_in_cbc_context; + +/** + * \brief Static, constant vtable for record decryption with CBC. + */ +extern const br_sslrec_in_cbc_class br_sslrec_in_cbc_vtable; + +/** + * \brief Context structure for encrypting outgoing records with + * CBC + HMAC. + * + * The first field points to the vtable. The other fields are opaque + * and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + const br_sslrec_out_cbc_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t seq; + union { + const br_block_cbcenc_class *vtable; + br_aes_gen_cbcenc_keys aes; + br_des_gen_cbcenc_keys des; + } bc; + br_hmac_key_context mac; + size_t mac_len; + unsigned char iv[16]; + int explicit_IV; +#endif +} br_sslrec_out_cbc_context; + +/** + * \brief Static, constant vtable for record encryption with CBC. + */ +extern const br_sslrec_out_cbc_class br_sslrec_out_cbc_vtable; + +/* ===================================================================== */ + +/** + * \brief Record decryption engine class, for GCM mode. + * + * This class type extends the decryption engine class with an + * initialisation method that receives the parameters needed + * for GCM processing: block cipher implementation, block cipher key, + * GHASH implementation, and 4-byte IV. + */ +typedef struct br_sslrec_in_gcm_class_ br_sslrec_in_gcm_class; +struct br_sslrec_in_gcm_class_ { + /** + * \brief Superclass, as first vtable field. + */ + br_sslrec_in_class inner; + + /** + * \brief Engine initialisation method. + * + * This method sets the vtable field in the context. + * + * \param ctx context to initialise. + * \param bc_impl block cipher implementation (CTR). + * \param key block cipher key. + * \param key_len block cipher key length (in bytes). + * \param gh_impl GHASH implementation. + * \param iv static IV (4 bytes). + */ + void (*init)(const br_sslrec_in_gcm_class **ctx, + const br_block_ctr_class *bc_impl, + const void *key, size_t key_len, + br_ghash gh_impl, + const void *iv); +}; + +/** + * \brief Record encryption engine class, for GCM mode. + * + * This class type extends the encryption engine class with an + * initialisation method that receives the parameters needed + * for GCM processing: block cipher implementation, block cipher key, + * GHASH implementation, and 4-byte IV. + */ +typedef struct br_sslrec_out_gcm_class_ br_sslrec_out_gcm_class; +struct br_sslrec_out_gcm_class_ { + /** + * \brief Superclass, as first vtable field. + */ + br_sslrec_out_class inner; + + /** + * \brief Engine initialisation method. + * + * This method sets the vtable field in the context. + * + * \param ctx context to initialise. + * \param bc_impl block cipher implementation (CTR). + * \param key block cipher key. + * \param key_len block cipher key length (in bytes). + * \param gh_impl GHASH implementation. + * \param iv static IV (4 bytes). + */ + void (*init)(const br_sslrec_out_gcm_class **ctx, + const br_block_ctr_class *bc_impl, + const void *key, size_t key_len, + br_ghash gh_impl, + const void *iv); +}; + +/** + * \brief Context structure for processing records with GCM. + * + * The same context structure is used for encrypting and decrypting. + * + * The first field points to the vtable. The other fields are opaque + * and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + union { + const void *gen; + const br_sslrec_in_gcm_class *in; + const br_sslrec_out_gcm_class *out; + } vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t seq; + union { + const br_block_ctr_class *vtable; + br_aes_gen_ctr_keys aes; + } bc; + br_ghash gh; + unsigned char iv[4]; + unsigned char h[16]; +#endif +} br_sslrec_gcm_context; + +/** + * \brief Static, constant vtable for record decryption with GCM. + */ +extern const br_sslrec_in_gcm_class br_sslrec_in_gcm_vtable; + +/** + * \brief Static, constant vtable for record encryption with GCM. + */ +extern const br_sslrec_out_gcm_class br_sslrec_out_gcm_vtable; + +/* ===================================================================== */ + +/** + * \brief Record decryption engine class, for ChaCha20+Poly1305. + * + * This class type extends the decryption engine class with an + * initialisation method that receives the parameters needed + * for ChaCha20+Poly1305 processing: ChaCha20 implementation, + * Poly1305 implementation, key, and 12-byte IV. + */ +typedef struct br_sslrec_in_chapol_class_ br_sslrec_in_chapol_class; +struct br_sslrec_in_chapol_class_ { + /** + * \brief Superclass, as first vtable field. + */ + br_sslrec_in_class inner; + + /** + * \brief Engine initialisation method. + * + * This method sets the vtable field in the context. + * + * \param ctx context to initialise. + * \param ichacha ChaCha20 implementation. + * \param ipoly Poly1305 implementation. + * \param key secret key (32 bytes). + * \param iv static IV (12 bytes). + */ + void (*init)(const br_sslrec_in_chapol_class **ctx, + br_chacha20_run ichacha, + br_poly1305_run ipoly, + const void *key, const void *iv); +}; + +/** + * \brief Record encryption engine class, for ChaCha20+Poly1305. + * + * This class type extends the encryption engine class with an + * initialisation method that receives the parameters needed + * for ChaCha20+Poly1305 processing: ChaCha20 implementation, + * Poly1305 implementation, key, and 12-byte IV. + */ +typedef struct br_sslrec_out_chapol_class_ br_sslrec_out_chapol_class; +struct br_sslrec_out_chapol_class_ { + /** + * \brief Superclass, as first vtable field. + */ + br_sslrec_out_class inner; + + /** + * \brief Engine initialisation method. + * + * This method sets the vtable field in the context. + * + * \param ctx context to initialise. + * \param ichacha ChaCha20 implementation. + * \param ipoly Poly1305 implementation. + * \param key secret key (32 bytes). + * \param iv static IV (12 bytes). + */ + void (*init)(const br_sslrec_out_chapol_class **ctx, + br_chacha20_run ichacha, + br_poly1305_run ipoly, + const void *key, const void *iv); +}; + +/** + * \brief Context structure for processing records with ChaCha20+Poly1305. + * + * The same context structure is used for encrypting and decrypting. + * + * The first field points to the vtable. The other fields are opaque + * and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + union { + const void *gen; + const br_sslrec_in_chapol_class *in; + const br_sslrec_out_chapol_class *out; + } vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t seq; + unsigned char key[32]; + unsigned char iv[12]; + br_chacha20_run ichacha; + br_poly1305_run ipoly; +#endif +} br_sslrec_chapol_context; + +/** + * \brief Static, constant vtable for record decryption with ChaCha20+Poly1305. + */ +extern const br_sslrec_in_chapol_class br_sslrec_in_chapol_vtable; + +/** + * \brief Static, constant vtable for record encryption with ChaCha20+Poly1305. + */ +extern const br_sslrec_out_chapol_class br_sslrec_out_chapol_vtable; + +/* ===================================================================== */ + +/** + * \brief Type for session parameters, to be saved for session resumption. + */ +typedef struct { + /** \brief Session ID buffer. */ + unsigned char session_id[32]; + /** \brief Session ID length (in bytes, at most 32). */ + unsigned char session_id_len; + /** \brief Protocol version. */ + uint16_t version; + /** \brief Cipher suite. */ + uint16_t cipher_suite; + /** \brief Master secret. */ + unsigned char master_secret[48]; +} br_ssl_session_parameters; + +#ifndef BR_DOXYGEN_IGNORE +/* + * Maximum numnber of cipher suites supported by a client or server. + */ +#define BR_MAX_CIPHER_SUITES 40 +#endif + +/** + * \brief Context structure for SSL engine. + * + * This strucuture is common to the client and server; both the client + * context (`br_ssl_client_context`) and the server context + * (`br_ssl_server_context`) include a `br_ssl_engine_context` as their + * first field. + * + * The engine context manages records, including alerts, closures, and + * transitions to new encryption/MAC algorithms. Processing of handshake + * records is delegated to externally provided code. This structure + * should not be used directly. + * + * Structure contents are opaque and shall not be accessed directly. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + /* + * The error code. When non-zero, then the state is "failed" and + * no I/O may occur until reset. + */ + int err; + + /* + * Configured I/O buffers. They are either disjoint, or identical. + */ + unsigned char *ibuf, *obuf; + size_t ibuf_len, obuf_len; + + /* + * Maximum fragment length applies to outgoing records; incoming + * records can be processed as long as they fit in the input + * buffer. It is guaranteed that incoming records at least as big + * as max_frag_len can be processed. + */ + uint16_t max_frag_len; + unsigned char log_max_frag_len; + unsigned char peer_log_max_frag_len; + + /* + * Buffering management registers. + */ + size_t ixa, ixb, ixc; + size_t oxa, oxb, oxc; + unsigned char iomode; + unsigned char incrypt; + + /* + * Shutdown flag: when set to non-zero, incoming record bytes + * will not be accepted anymore. This is used after a close_notify + * has been received: afterwards, the engine no longer claims that + * it could receive bytes from the transport medium. + */ + unsigned char shutdown_recv; + + /* + * 'record_type_in' is set to the incoming record type when the + * record header has been received. + * 'record_type_out' is used to make the next outgoing record + * header when it is ready to go. + */ + unsigned char record_type_in, record_type_out; + + /* + * When a record is received, its version is extracted: + * -- if 'version_in' is 0, then it is set to the received version; + * -- otherwise, if the received version is not identical to + * the 'version_in' contents, then a failure is reported. + * + * This implements the SSL requirement that all records shall + * use the negotiated protocol version, once decided (in the + * ServerHello). It is up to the handshake handler to adjust this + * field when necessary. + */ + uint16_t version_in; + + /* + * 'version_out' is used when the next outgoing record is ready + * to go. + */ + uint16_t version_out; + + /* + * Record handler contexts. + */ + union { + const br_sslrec_in_class *vtable; + br_sslrec_in_cbc_context cbc; + br_sslrec_gcm_context gcm; + br_sslrec_chapol_context chapol; + } in; + union { + const br_sslrec_out_class *vtable; + br_sslrec_out_clear_context clear; + br_sslrec_out_cbc_context cbc; + br_sslrec_gcm_context gcm; + br_sslrec_chapol_context chapol; + } out; + + /* + * The "application data" flag. Value: + * 0 handshake is in process, no application data acceptable + * 1 application data can be sent and received + * 2 closing, no application data can be sent, but some + * can still be received (and discarded) + */ + unsigned char application_data; + + /* + * Context RNG. + * + * rng_init_done is initially 0. It is set to 1 when the + * basic structure of the RNG is set, and 2 when some + * entropy has been pushed in. The value 2 marks the RNG + * as "properly seeded". + * + * rng_os_rand_done is initially 0. It is set to 1 when + * some seeding from the OS or hardware has been attempted. + */ + br_hmac_drbg_context rng; + int rng_init_done; + int rng_os_rand_done; + + /* + * Supported minimum and maximum versions, and cipher suites. + */ + uint16_t version_min; + uint16_t version_max; + uint16_t suites_buf[BR_MAX_CIPHER_SUITES]; + unsigned char suites_num; + + /* + * For clients, the server name to send as a SNI extension. For + * servers, the name received in the SNI extension (if any). + */ + char server_name[256]; + + /* + * "Security parameters". These are filled by the handshake + * handler, and used when switching encryption state. + */ + unsigned char client_random[32]; + unsigned char server_random[32]; + br_ssl_session_parameters session; + + /* + * ECDHE elements: curve and point from the peer. The server also + * uses that buffer for the point to send to the client. + */ + unsigned char ecdhe_curve; + unsigned char ecdhe_point[133]; + unsigned char ecdhe_point_len; + + /* + * Secure renegotiation (RFC 5746): 'reneg' can be: + * 0 first handshake (server support is not known) + * 1 peer does not support secure renegotiation + * 2 peer supports secure renegotiation + * + * The saved_finished buffer contains the client and the + * server "Finished" values from the last handshake, in + * that order (12 bytes each). + */ + unsigned char reneg; + unsigned char saved_finished[24]; + + /* + * Behavioural flags. + */ + uint32_t flags; + + /* + * Context variables for the handshake processor. The 'pad' must + * be large enough to accommodate an RSA-encrypted pre-master + * secret, or an RSA signature; since we want to support up to + * RSA-4096, this means at least 512 bytes. (Other pad usages + * require its length to be at least 256.) + */ + struct { + uint32_t *dp; + uint32_t *rp; + const unsigned char *ip; + } cpu; + uint32_t dp_stack[32]; + uint32_t rp_stack[32]; + unsigned char pad[512]; + unsigned char *hbuf_in, *hbuf_out, *saved_hbuf_out; + size_t hlen_in, hlen_out; + void (*hsrun)(void *ctx); + + /* + * The 'action' value communicates OOB information between the + * engine and the handshake processor. + * + * From the engine: + * 0 invocation triggered by I/O + * 1 invocation triggered by explicit close + * 2 invocation triggered by explicit renegotiation + */ + unsigned char action; + + /* + * State for alert messages. Value is either 0, or the value of + * the alert level byte (level is either 1 for warning, or 2 for + * fatal; we convert all other values to 'fatal'). + */ + unsigned char alert; + + /* + * Closure flags. This flag is set when a close_notify has been + * received from the peer. + */ + unsigned char close_received; + + /* + * Multi-hasher for the handshake messages. The handshake handler + * is responsible for resetting it when appropriate. + */ + br_multihash_context mhash; + + /* + * Pointer to the X.509 engine. The engine is supposed to be + * already initialized. It is used to validate the peer's + * certificate. + */ + const br_x509_class **x509ctx; + + /* + * Certificate chain to send. This is used by both client and + * server, when they send their respective Certificate messages. + * If chain_len is 0, then chain may be NULL. + */ + const br_x509_certificate *chain; + size_t chain_len; + const unsigned char *cert_cur; + size_t cert_len; + + /* + * List of supported protocol names (ALPN extension). If unset, + * (number of names is 0), then: + * - the client sends no ALPN extension; + * - the server ignores any incoming ALPN extension. + * + * Otherwise: + * - the client sends an ALPN extension with all the names; + * - the server selects the first protocol in its list that + * the client also supports, or fails (fatal alert 120) + * if the client sends an ALPN extension and there is no + * match. + * + * The 'selected_protocol' field contains 1+n if the matching + * name has index n in the list (the value is 0 if no match was + * performed, e.g. the peer did not send an ALPN extension). + */ + const char **protocol_names; + uint16_t protocol_names_num; + uint16_t selected_protocol; + + /* + * Pointers to implementations; left to NULL for unsupported + * functions. For the raw hash functions, implementations are + * referenced from the multihasher (mhash field). + */ + br_tls_prf_impl prf10; + br_tls_prf_impl prf_sha256; + br_tls_prf_impl prf_sha384; + const br_block_cbcenc_class *iaes_cbcenc; + const br_block_cbcdec_class *iaes_cbcdec; + const br_block_ctr_class *iaes_ctr; + const br_block_cbcenc_class *ides_cbcenc; + const br_block_cbcdec_class *ides_cbcdec; + br_ghash ighash; + br_chacha20_run ichacha; + br_poly1305_run ipoly; + const br_sslrec_in_cbc_class *icbc_in; + const br_sslrec_out_cbc_class *icbc_out; + const br_sslrec_in_gcm_class *igcm_in; + const br_sslrec_out_gcm_class *igcm_out; + const br_sslrec_in_chapol_class *ichapol_in; + const br_sslrec_out_chapol_class *ichapol_out; + const br_ec_impl *iec; + br_rsa_pkcs1_vrfy irsavrfy; + br_ecdsa_vrfy iecdsa; +#endif +} br_ssl_engine_context; + +/** + * \brief Get currently defined engine behavioural flags. + * + * \param cc SSL engine context. + * \return the flags. + */ +static inline uint32_t +br_ssl_engine_get_flags(br_ssl_engine_context *cc) +{ + return cc->flags; +} + +/** + * \brief Set all engine behavioural flags. + * + * \param cc SSL engine context. + * \param flags new value for all flags. + */ +static inline void +br_ssl_engine_set_all_flags(br_ssl_engine_context *cc, uint32_t flags) +{ + cc->flags = flags; +} + +/** + * \brief Set some engine behavioural flags. + * + * The flags set in the `flags` parameter are set in the context; other + * flags are untouched. + * + * \param cc SSL engine context. + * \param flags additional set flags. + */ +static inline void +br_ssl_engine_add_flags(br_ssl_engine_context *cc, uint32_t flags) +{ + cc->flags |= flags; +} + +/** + * \brief Clear some engine behavioural flags. + * + * The flags set in the `flags` parameter are cleared from the context; other + * flags are untouched. + * + * \param cc SSL engine context. + * \param flags flags to remove. + */ +static inline void +br_ssl_engine_remove_flags(br_ssl_engine_context *cc, uint32_t flags) +{ + cc->flags &= ~flags; +} + +/** + * \brief Behavioural flag: enforce server preferences. + * + * If this flag is set, then the server will enforce its own cipher suite + * preference order; otherwise, it follows the client preferences. + */ +#define BR_OPT_ENFORCE_SERVER_PREFERENCES ((uint32_t)1 << 0) + +/** + * \brief Behavioural flag: disable renegotiation. + * + * If this flag is set, then renegotiations are rejected unconditionally: + * they won't be honoured if asked for programmatically, and requests from + * the peer are rejected. + */ +#define BR_OPT_NO_RENEGOTIATION ((uint32_t)1 << 1) + +/** + * \brief Behavioural flag: tolerate lack of client authentication. + * + * If this flag is set in a server and the server requests a client + * certificate, but the authentication fails (the client does not send + * a certificate, or the client's certificate chain cannot be validated), + * then the connection keeps on. Without this flag, a failed client + * authentication terminates the connection. + * + * Notes: + * + * - If the client's certificate can be validated and its public key is + * supported, then a wrong signature value terminates the connection + * regardless of that flag. + * + * - If using full-static ECDH, then a failure to validate the client's + * certificate prevents the handshake from succeeding. + */ +#define BR_OPT_TOLERATE_NO_CLIENT_AUTH ((uint32_t)1 << 2) + +/** + * \brief Behavioural flag: fail on application protocol mismatch. + * + * The ALPN extension ([RFC 7301](https://tools.ietf.org/html/rfc7301)) + * allows the client to send a list of application protocol names, and + * the server to select one. A mismatch is one of the following occurrences: + * + * - On the client: the client sends a list of names, the server + * responds with a protocol name which is _not_ part of the list of + * names sent by the client. + * + * - On the server: the client sends a list of names, and the server + * is also configured with a list of names, but there is no common + * protocol name between the two lists. + * + * Normal behaviour in case of mismatch is to report no matching name + * (`br_ssl_engine_get_selected_protocol()` returns `NULL`) and carry on. + * If the flag is set, then a mismatch implies a protocol failure (if + * the mismatch is detected by the server, it will send a fatal alert). + * + * Note: even with this flag, `br_ssl_engine_get_selected_protocol()` + * may still return `NULL` if the client or the server does not send an + * ALPN extension at all. + */ +#define BR_OPT_FAIL_ON_ALPN_MISMATCH ((uint32_t)1 << 3) + +/** + * \brief Set the minimum and maximum supported protocol versions. + * + * The two provided versions MUST be supported by the implementation + * (i.e. TLS 1.0, 1.1 and 1.2), and `version_max` MUST NOT be lower + * than `version_min`. + * + * \param cc SSL engine context. + * \param version_min minimum supported TLS version. + * \param version_max maximum supported TLS version. + */ +static inline void +br_ssl_engine_set_versions(br_ssl_engine_context *cc, + unsigned version_min, unsigned version_max) +{ + cc->version_min = version_min; + cc->version_max = version_max; +} + +/** + * \brief Set the list of cipher suites advertised by this context. + * + * The provided array is copied into the context. It is the caller + * responsibility to ensure that all provided suites will be supported + * by the context. The engine context has enough room to receive _all_ + * suites supported by the implementation. The provided array MUST NOT + * contain duplicates. + * + * If the engine is for a client, the "signaling" pseudo-cipher suite + * `TLS_FALLBACK_SCSV` can be added at the end of the list, if the + * calling application is performing a voluntary downgrade (voluntary + * downgrades are not recommended, but if such a downgrade is done, then + * adding the fallback pseudo-suite is a good idea). + * + * \param cc SSL engine context. + * \param suites cipher suites. + * \param suites_num number of cipher suites. + */ +void br_ssl_engine_set_suites(br_ssl_engine_context *cc, + const uint16_t *suites, size_t suites_num); + +/** + * \brief Set the X.509 engine. + * + * The caller shall ensure that the X.509 engine is properly initialised. + * + * \param cc SSL engine context. + * \param x509ctx X.509 certificate validation context. + */ +static inline void +br_ssl_engine_set_x509(br_ssl_engine_context *cc, const br_x509_class **x509ctx) +{ + cc->x509ctx = x509ctx; +} + +/** + * \brief Set the supported protocol names. + * + * Protocol names are part of the ALPN extension ([RFC + * 7301](https://tools.ietf.org/html/rfc7301)). Each protocol name is a + * character string, containing no more than 255 characters (256 with the + * terminating zero). When names are set, then: + * + * - The client will send an ALPN extension, containing the names. If + * the server responds with an ALPN extension, the client will verify + * that the response contains one of its name, and report that name + * through `br_ssl_engine_get_selected_protocol()`. + * + * - The server will parse incoming ALPN extension (from clients), and + * try to find a common protocol; if none is found, the connection + * is aborted with a fatal alert. On match, a response ALPN extension + * is sent, and name is reported through + * `br_ssl_engine_get_selected_protocol()`. + * + * The provided array is linked in, and must remain valid while the + * connection is live. + * + * Names MUST NOT be empty. Names MUST NOT be longer than 255 characters + * (excluding the terminating 0). + * + * \param ctx SSL engine context. + * \param names list of protocol names (zero-terminated). + * \param num number of protocol names (MUST be 1 or more). + */ +static inline void +br_ssl_engine_set_protocol_names(br_ssl_engine_context *ctx, + const char **names, size_t num) +{ + ctx->protocol_names = names; + ctx->protocol_names_num = num; +} + +/** + * \brief Get the selected protocol. + * + * If this context was initialised with a non-empty list of protocol + * names, and both client and server sent ALPN extensions during the + * handshake, and a common name was found, then that name is returned. + * Otherwise, `NULL` is returned. + * + * The returned pointer is one of the pointers provided to the context + * with `br_ssl_engine_set_protocol_names()`. + * + * \return the selected protocol, or `NULL`. + */ +static inline const char * +br_ssl_engine_get_selected_protocol(br_ssl_engine_context *ctx) +{ + unsigned k; + + k = ctx->selected_protocol; + return (k == 0 || k == 0xFFFF) ? NULL : ctx->protocol_names[k - 1]; +} + +/** + * \brief Set a hash function implementation (by ID). + * + * Hash functions set with this call will be used for SSL/TLS specific + * usages, not X.509 certificate validation. Only "standard" hash functions + * may be set (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512). If `impl` + * is `NULL`, then the hash function support is removed, not added. + * + * \param ctx SSL engine context. + * \param id hash function identifier. + * \param impl hash function implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_hash(br_ssl_engine_context *ctx, + int id, const br_hash_class *impl) +{ + br_multihash_setimpl(&ctx->mhash, id, impl); +} + +/** + * \brief Get a hash function implementation (by ID). + * + * This function retrieves a hash function implementation which was + * set with `br_ssl_engine_set_hash()`. + * + * \param ctx SSL engine context. + * \param id hash function identifier. + * \return the hash function implementation (or `NULL`). + */ +static inline const br_hash_class * +br_ssl_engine_get_hash(br_ssl_engine_context *ctx, int id) +{ + return br_multihash_getimpl(&ctx->mhash, id); +} + +/** + * \brief Set the PRF implementation (for TLS 1.0 and 1.1). + * + * This function sets (or removes, if `impl` is `NULL`) the implemenation + * for the PRF used in TLS 1.0 and 1.1. + * + * \param cc SSL engine context. + * \param impl PRF implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_prf10(br_ssl_engine_context *cc, br_tls_prf_impl impl) +{ + cc->prf10 = impl; +} + +/** + * \brief Set the PRF implementation with SHA-256 (for TLS 1.2). + * + * This function sets (or removes, if `impl` is `NULL`) the implemenation + * for the SHA-256 variant of the PRF used in TLS 1.2. + * + * \param cc SSL engine context. + * \param impl PRF implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_prf_sha256(br_ssl_engine_context *cc, br_tls_prf_impl impl) +{ + cc->prf_sha256 = impl; +} + +/** + * \brief Set the PRF implementation with SHA-384 (for TLS 1.2). + * + * This function sets (or removes, if `impl` is `NULL`) the implemenation + * for the SHA-384 variant of the PRF used in TLS 1.2. + * + * \param cc SSL engine context. + * \param impl PRF implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_prf_sha384(br_ssl_engine_context *cc, br_tls_prf_impl impl) +{ + cc->prf_sha384 = impl; +} + +/** + * \brief Set the AES/CBC implementations. + * + * \param cc SSL engine context. + * \param impl_enc AES/CBC encryption implementation (or `NULL`). + * \param impl_dec AES/CBC decryption implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_aes_cbc(br_ssl_engine_context *cc, + const br_block_cbcenc_class *impl_enc, + const br_block_cbcdec_class *impl_dec) +{ + cc->iaes_cbcenc = impl_enc; + cc->iaes_cbcdec = impl_dec; +} + +/** + * \brief Set the "default" AES/CBC implementations. + * + * This function configures in the engine the AES implementations that + * should provide best runtime performance on the local system, while + * still being safe (in particular, constant-time). It also sets the + * handlers for CBC records. + * + * \param cc SSL engine context. + */ +void br_ssl_engine_set_default_aes_cbc(br_ssl_engine_context *cc); + +/** + * \brief Set the AES/CTR implementation. + * + * \param cc SSL engine context. + * \param impl AES/CTR encryption/decryption implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_aes_ctr(br_ssl_engine_context *cc, + const br_block_ctr_class *impl) +{ + cc->iaes_ctr = impl; +} + +/** + * \brief Set the "default" implementations for AES/GCM (AES/CTR + GHASH). + * + * This function configures in the engine the AES/CTR and GHASH + * implementation that should provide best runtime performance on the local + * system, while still being safe (in particular, constant-time). It also + * sets the handlers for GCM records. + * + * \param cc SSL engine context. + */ +void br_ssl_engine_set_default_aes_gcm(br_ssl_engine_context *cc); + +/** + * \brief Set the DES/CBC implementations. + * + * \param cc SSL engine context. + * \param impl_enc DES/CBC encryption implementation (or `NULL`). + * \param impl_dec DES/CBC decryption implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_des_cbc(br_ssl_engine_context *cc, + const br_block_cbcenc_class *impl_enc, + const br_block_cbcdec_class *impl_dec) +{ + cc->ides_cbcenc = impl_enc; + cc->ides_cbcdec = impl_dec; +} + +/** + * \brief Set the "default" DES/CBC implementations. + * + * This function configures in the engine the DES implementations that + * should provide best runtime performance on the local system, while + * still being safe (in particular, constant-time). It also sets the + * handlers for CBC records. + * + * \param cc SSL engine context. + */ +void br_ssl_engine_set_default_des_cbc(br_ssl_engine_context *cc); + +/** + * \brief Set the GHASH implementation (used in GCM mode). + * + * \param cc SSL engine context. + * \param impl GHASH implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_ghash(br_ssl_engine_context *cc, br_ghash impl) +{ + cc->ighash = impl; +} + +/** + * \brief Set the ChaCha20 implementation. + * + * \param cc SSL engine context. + * \param ichacha ChaCha20 implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_chacha20(br_ssl_engine_context *cc, + br_chacha20_run ichacha) +{ + cc->ichacha = ichacha; +} + +/** + * \brief Set the Poly1305 implementation. + * + * \param cc SSL engine context. + * \param ipoly Poly1305 implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_poly1305(br_ssl_engine_context *cc, + br_poly1305_run ipoly) +{ + cc->ipoly = ipoly; +} + +/** + * \brief Set the "default" ChaCha20 and Poly1305 implementations. + * + * This function configures in the engine the ChaCha20 and Poly1305 + * implementations that should provide best runtime performance on the + * local system, while still being safe (in particular, constant-time). + * It also sets the handlers for ChaCha20+Poly1305 records. + * + * \param cc SSL engine context. + */ +void br_ssl_engine_set_default_chapol(br_ssl_engine_context *cc); + +/** + * \brief Set the record encryption and decryption engines for CBC + HMAC. + * + * \param cc SSL engine context. + * \param impl_in record CBC decryption implementation (or `NULL`). + * \param impl_out record CBC encryption implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_cbc(br_ssl_engine_context *cc, + const br_sslrec_in_cbc_class *impl_in, + const br_sslrec_out_cbc_class *impl_out) +{ + cc->icbc_in = impl_in; + cc->icbc_out = impl_out; +} + +/** + * \brief Set the record encryption and decryption engines for GCM. + * + * \param cc SSL engine context. + * \param impl_in record GCM decryption implementation (or `NULL`). + * \param impl_out record GCM encryption implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_gcm(br_ssl_engine_context *cc, + const br_sslrec_in_gcm_class *impl_in, + const br_sslrec_out_gcm_class *impl_out) +{ + cc->igcm_in = impl_in; + cc->igcm_out = impl_out; +} + +/** + * \brief Set the record encryption and decryption engines for + * ChaCha20+Poly1305. + * + * \param cc SSL engine context. + * \param impl_in record ChaCha20 decryption implementation (or `NULL`). + * \param impl_out record ChaCha20 encryption implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_chapol(br_ssl_engine_context *cc, + const br_sslrec_in_chapol_class *impl_in, + const br_sslrec_out_chapol_class *impl_out) +{ + cc->ichapol_in = impl_in; + cc->ichapol_out = impl_out; +} + +/** + * \brief Set the EC implementation. + * + * The elliptic curve implementation will be used for ECDH and ECDHE + * cipher suites, and for ECDSA support. + * + * \param cc SSL engine context. + * \param iec EC implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_ec(br_ssl_engine_context *cc, const br_ec_impl *iec) +{ + cc->iec = iec; +} + +/** + * \brief Set the "default" EC implementation. + * + * This function sets the elliptic curve implementation for ECDH and + * ECDHE cipher suites, and for ECDSA support. It selects the fastest + * implementation on the current system. + * + * \param cc SSL engine context. + */ +void br_ssl_engine_set_default_ec(br_ssl_engine_context *cc); + +/** + * \brief Get the EC implementation configured in the provided engine. + * + * \param cc SSL engine context. + * \return the EC implementation. + */ +static inline const br_ec_impl * +br_ssl_engine_get_ec(br_ssl_engine_context *cc) +{ + return cc->iec; +} + +/** + * \brief Set the RSA signature verification implementation. + * + * On the client, this is used to verify the server's signature on its + * ServerKeyExchange message (for ECDHE_RSA cipher suites). On the server, + * this is used to verify the client's CertificateVerify message (if a + * client certificate is requested, and that certificate contains a RSA key). + * + * \param cc SSL engine context. + * \param irsavrfy RSA signature verification implementation. + */ +static inline void +br_ssl_engine_set_rsavrfy(br_ssl_engine_context *cc, br_rsa_pkcs1_vrfy irsavrfy) +{ + cc->irsavrfy = irsavrfy; +} + +/** + * \brief Set the "default" RSA implementation (signature verification). + * + * This function sets the RSA implementation (signature verification) + * to the fastest implementation available on the current platform. + * + * \param cc SSL engine context. + */ +void br_ssl_engine_set_default_rsavrfy(br_ssl_engine_context *cc); + +/** + * \brief Get the RSA implementation (signature verification) configured + * in the provided engine. + * + * \param cc SSL engine context. + * \return the RSA signature verification implementation. + */ +static inline br_rsa_pkcs1_vrfy +br_ssl_engine_get_rsavrfy(br_ssl_engine_context *cc) +{ + return cc->irsavrfy; +} + +/* + * \brief Set the ECDSA implementation (signature verification). + * + * On the client, this is used to verify the server's signature on its + * ServerKeyExchange message (for ECDHE_ECDSA cipher suites). On the server, + * this is used to verify the client's CertificateVerify message (if a + * client certificate is requested, that certificate contains an EC key, + * and full-static ECDH is not used). + * + * The ECDSA implementation will use the EC core implementation configured + * in the engine context. + * + * \param cc client context. + * \param iecdsa ECDSA verification implementation. + */ +static inline void +br_ssl_engine_set_ecdsa(br_ssl_engine_context *cc, br_ecdsa_vrfy iecdsa) +{ + cc->iecdsa = iecdsa; +} + +/** + * \brief Set the "default" ECDSA implementation (signature verification). + * + * This function sets the ECDSA implementation (signature verification) + * to the fastest implementation available on the current platform. This + * call also sets the elliptic curve implementation itself, there again + * to the fastest EC implementation available. + * + * \param cc SSL engine context. + */ +void br_ssl_engine_set_default_ecdsa(br_ssl_engine_context *cc); + +/** + * \brief Get the ECDSA implementation (signature verification) configured + * in the provided engine. + * + * \param cc SSL engine context. + * \return the ECDSA signature verification implementation. + */ +static inline br_ecdsa_vrfy +br_ssl_engine_get_ecdsa(br_ssl_engine_context *cc) +{ + return cc->iecdsa; +} + +/** + * \brief Set the I/O buffer for the SSL engine. + * + * Once this call has been made, `br_ssl_client_reset()` or + * `br_ssl_server_reset()` MUST be called before using the context. + * + * The provided buffer will be used as long as the engine context is + * used. The caller is responsible for keeping it available. + * + * If `bidi` is 0, then the engine will operate in half-duplex mode + * (it won't be able to send data while there is unprocessed incoming + * data in the buffer, and it won't be able to receive data while there + * is unsent data in the buffer). The optimal buffer size in half-duplex + * mode is `BR_SSL_BUFSIZE_MONO`; if the buffer is larger, then extra + * bytes are ignored. If the buffer is smaller, then this limits the + * capacity of the engine to support all allowed record sizes. + * + * If `bidi` is 1, then the engine will split the buffer into two + * parts, for separate handling of outgoing and incoming data. This + * enables full-duplex processing, but requires more RAM. The optimal + * buffer size in full-duplex mode is `BR_SSL_BUFSIZE_BIDI`; if the + * buffer is larger, then extra bytes are ignored. If the buffer is + * smaller, then the split will favour the incoming part, so that + * interoperability is maximised. + * + * \param cc SSL engine context + * \param iobuf I/O buffer. + * \param iobuf_len I/O buffer length (in bytes). + * \param bidi non-zero for full-duplex mode. + */ +void br_ssl_engine_set_buffer(br_ssl_engine_context *cc, + void *iobuf, size_t iobuf_len, int bidi); + +/** + * \brief Set the I/O buffers for the SSL engine. + * + * Once this call has been made, `br_ssl_client_reset()` or + * `br_ssl_server_reset()` MUST be called before using the context. + * + * This function is similar to `br_ssl_engine_set_buffer()`, except + * that it enforces full-duplex mode, and the two I/O buffers are + * provided as separate chunks. + * + * The macros `BR_SSL_BUFSIZE_INPUT` and `BR_SSL_BUFSIZE_OUTPUT` + * evaluate to the optimal (maximum) sizes for the input and output + * buffer, respectively. + * + * \param cc SSL engine context + * \param ibuf input buffer. + * \param ibuf_len input buffer length (in bytes). + * \param obuf output buffer. + * \param obuf_len output buffer length (in bytes). + */ +void br_ssl_engine_set_buffers_bidi(br_ssl_engine_context *cc, + void *ibuf, size_t ibuf_len, void *obuf, size_t obuf_len); + +/** + * \brief Inject some "initial entropy" in the context. + * + * This entropy will be added to what can be obtained from the + * underlying operating system, if that OS is supported. + * + * This function may be called several times; all injected entropy chunks + * are cumulatively mixed. + * + * If entropy gathering from the OS is supported and compiled in, then this + * step is optional. Otherwise, it is mandatory to inject randomness, and + * the caller MUST take care to push (as one or several successive calls) + * enough entropy to achieve cryptographic resistance (at least 80 bits, + * preferably 128 or more). The engine will report an error if no entropy + * was provided and none can be obtained from the OS. + * + * Take care that this function cannot assess the cryptographic quality of + * the provided bytes. + * + * In all generality, "entropy" must here be considered to mean "that + * which the attacker cannot predict". If your OS/architecture does not + * have a suitable source of randomness, then you can make do with the + * combination of a large enough secret value (possibly a copy of an + * asymmetric private key that you also store on the system) AND a + * non-repeating value (e.g. current time, provided that the local clock + * cannot be reset or altered by the attacker). + * + * \param cc SSL engine context. + * \param data extra entropy to inject. + * \param len length of the extra data (in bytes). + */ +void br_ssl_engine_inject_entropy(br_ssl_engine_context *cc, + const void *data, size_t len); + +/** + * \brief Get the "server name" in this engine. + * + * For clients, this is the name provided with `br_ssl_client_reset()`; + * for servers, this is the name received from the client as part of the + * ClientHello message. If there is no such name (e.g. the client did + * not send an SNI extension) then the returned string is empty + * (returned pointer points to a byte of value 0). + * + * The returned pointer refers to a buffer inside the context, which may + * be overwritten as part of normal SSL activity (even within the same + * connection, if a renegotiation occurs). + * + * \param cc SSL engine context. + * \return the server name (possibly empty). + */ +static inline const char * +br_ssl_engine_get_server_name(const br_ssl_engine_context *cc) +{ + return cc->server_name; +} + +/** + * \brief Get the protocol version. + * + * This function returns the protocol version that is used by the + * engine. That value is set after sending (for a server) or receiving + * (for a client) the ServerHello message. + * + * \param cc SSL engine context. + * \return the protocol version. + */ +static inline unsigned +br_ssl_engine_get_version(const br_ssl_engine_context *cc) +{ + return cc->session.version; +} + +/** + * \brief Get a copy of the session parameters. + * + * The session parameters are filled during the handshake, so this + * function shall not be called before completion of the handshake. + * The initial handshake is completed when the context first allows + * application data to be injected. + * + * This function copies the current session parameters into the provided + * structure. Beware that the session parameters include the master + * secret, which is sensitive data, to handle with great care. + * + * \param cc SSL engine context. + * \param pp destination structure for the session parameters. + */ +static inline void +br_ssl_engine_get_session_parameters(const br_ssl_engine_context *cc, + br_ssl_session_parameters *pp) +{ + memcpy(pp, &cc->session, sizeof *pp); +} + +/** + * \brief Set the session parameters to the provided values. + * + * This function is meant to be used in the client, before doing a new + * handshake; a session resumption will be attempted with these + * parameters. In the server, this function has no effect. + * + * \param cc SSL engine context. + * \param pp source structure for the session parameters. + */ +static inline void +br_ssl_engine_set_session_parameters(br_ssl_engine_context *cc, + const br_ssl_session_parameters *pp) +{ + memcpy(&cc->session, pp, sizeof *pp); +} + +/** + * \brief Get identifier for the curve used for key exchange. + * + * If the cipher suite uses ECDHE, then this function returns the + * identifier for the curve used for transient parameters. This is + * defined during the course of the handshake, when the ServerKeyExchange + * is sent (on the server) or received (on the client). If the + * cipher suite does not use ECDHE (e.g. static ECDH, or RSA key + * exchange), then this value is indeterminate. + * + * @param cc SSL engine context. + * @return the ECDHE curve identifier. + */ +static inline int +br_ssl_engine_get_ecdhe_curve(br_ssl_engine_context *cc) +{ + return cc->ecdhe_curve; +} + +/** + * \brief Get the current engine state. + * + * An SSL engine (client or server) has, at any time, a state which is + * the combination of zero, one or more of these flags: + * + * - `BR_SSL_CLOSED` + * + * Engine is finished, no more I/O (until next reset). + * + * - `BR_SSL_SENDREC` + * + * Engine has some bytes to send to the peer. + * + * - `BR_SSL_RECVREC` + * + * Engine expects some bytes from the peer. + * + * - `BR_SSL_SENDAPP` + * + * Engine may receive application data to send (or flush). + * + * - `BR_SSL_RECVAPP` + * + * Engine has obtained some application data from the peer, + * that should be read by the caller. + * + * If no flag at all is set (state value is 0), then the engine is not + * fully initialised yet. + * + * The `BR_SSL_CLOSED` flag is exclusive; when it is set, no other flag + * is set. To distinguish between a normal closure and an error, use + * `br_ssl_engine_last_error()`. + * + * Generally speaking, `BR_SSL_SENDREC` and `BR_SSL_SENDAPP` are mutually + * exclusive: the input buffer, at any point, either accumulates + * plaintext data, or contains an assembled record that is being sent. + * Similarly, `BR_SSL_RECVREC` and `BR_SSL_RECVAPP` are mutually exclusive. + * This may change in a future library version. + * + * \param cc SSL engine context. + * \return the current engine state. + */ +unsigned br_ssl_engine_current_state(const br_ssl_engine_context *cc); + +/** \brief SSL engine state: closed or failed. */ +#define BR_SSL_CLOSED 0x0001 +/** \brief SSL engine state: record data is ready to be sent to the peer. */ +#define BR_SSL_SENDREC 0x0002 +/** \brief SSL engine state: engine may receive records from the peer. */ +#define BR_SSL_RECVREC 0x0004 +/** \brief SSL engine state: engine may accept application data to send. */ +#define BR_SSL_SENDAPP 0x0008 +/** \brief SSL engine state: engine has received application data. */ +#define BR_SSL_RECVAPP 0x0010 + +/** + * \brief Get the engine error indicator. + * + * The error indicator is `BR_ERR_OK` (0) if no error was encountered + * since the last call to `br_ssl_client_reset()` or + * `br_ssl_server_reset()`. Other status values are "sticky": they + * remain set, and prevent all I/O activity, until cleared. Only the + * reset calls clear the error indicator. + * + * \param cc SSL engine context. + * \return 0, or a non-zero error code. + */ +static inline int +br_ssl_engine_last_error(const br_ssl_engine_context *cc) +{ + return cc->err; +} + +/* + * There are four I/O operations, each identified by a symbolic name: + * + * sendapp inject application data in the engine + * recvapp retrieving application data from the engine + * sendrec sending records on the transport medium + * recvrec receiving records from the transport medium + * + * Terminology works thus: in a layered model where the SSL engine sits + * between the application and the network, "send" designates operations + * where bytes flow from application to network, and "recv" for the + * reverse operation. Application data (the plaintext that is to be + * conveyed through SSL) is "app", while encrypted records are "rec". + * Note that from the SSL engine point of view, "sendapp" and "recvrec" + * designate bytes that enter the engine ("inject" operation), while + * "recvapp" and "sendrec" designate bytes that exit the engine + * ("extract" operation). + * + * For the operation 'xxx', two functions are defined: + * + * br_ssl_engine_xxx_buf + * Returns a pointer and length to the buffer to use for that + * operation. '*len' is set to the number of bytes that may be read + * from the buffer (extract operation) or written to the buffer + * (inject operation). If no byte may be exchanged for that operation + * at that point, then '*len' is set to zero, and NULL is returned. + * The engine state is unmodified by this call. + * + * br_ssl_engine_xxx_ack + * Informs the engine that 'len' bytes have been read from the buffer + * (extract operation) or written to the buffer (inject operation). + * The 'len' value MUST NOT be zero. The 'len' value MUST NOT exceed + * that which was obtained from a preceeding br_ssl_engine_xxx_buf() + * call. + */ + +/** + * \brief Get buffer for application data to send. + * + * If the engine is ready to accept application data to send to the + * peer, then this call returns a pointer to the buffer where such + * data shall be written, and its length is written in `*len`. + * Otherwise, `*len` is set to 0 and `NULL` is returned. + * + * \param cc SSL engine context. + * \param len receives the application data output buffer length, or 0. + * \return the application data output buffer, or `NULL`. + */ +unsigned char *br_ssl_engine_sendapp_buf( + const br_ssl_engine_context *cc, size_t *len); + +/** + * \brief Inform the engine of some new application data. + * + * After writing `len` bytes in the buffer returned by + * `br_ssl_engine_sendapp_buf()`, the application shall call this + * function to trigger any relevant processing. The `len` parameter + * MUST NOT be 0, and MUST NOT exceed the value obtained in the + * `br_ssl_engine_sendapp_buf()` call. + * + * \param cc SSL engine context. + * \param len number of bytes pushed (not zero). + */ +void br_ssl_engine_sendapp_ack(br_ssl_engine_context *cc, size_t len); + +/** + * \brief Get buffer for received application data. + * + * If the engine has received application data from the peer, hen this + * call returns a pointer to the buffer from where such data shall be + * read, and its length is written in `*len`. Otherwise, `*len` is set + * to 0 and `NULL` is returned. + * + * \param cc SSL engine context. + * \param len receives the application data input buffer length, or 0. + * \return the application data input buffer, or `NULL`. + */ +unsigned char *br_ssl_engine_recvapp_buf( + const br_ssl_engine_context *cc, size_t *len); + +/** + * \brief Acknowledge some received application data. + * + * After reading `len` bytes from the buffer returned by + * `br_ssl_engine_recvapp_buf()`, the application shall call this + * function to trigger any relevant processing. The `len` parameter + * MUST NOT be 0, and MUST NOT exceed the value obtained in the + * `br_ssl_engine_recvapp_buf()` call. + * + * \param cc SSL engine context. + * \param len number of bytes read (not zero). + */ +void br_ssl_engine_recvapp_ack(br_ssl_engine_context *cc, size_t len); + +/** + * \brief Get buffer for record data to send. + * + * If the engine has prepared some records to send to the peer, then this + * call returns a pointer to the buffer from where such data shall be + * read, and its length is written in `*len`. Otherwise, `*len` is set + * to 0 and `NULL` is returned. + * + * \param cc SSL engine context. + * \param len receives the record data output buffer length, or 0. + * \return the record data output buffer, or `NULL`. + */ +unsigned char *br_ssl_engine_sendrec_buf( + const br_ssl_engine_context *cc, size_t *len); + +/** + * \brief Acknowledge some sent record data. + * + * After reading `len` bytes from the buffer returned by + * `br_ssl_engine_sendrec_buf()`, the application shall call this + * function to trigger any relevant processing. The `len` parameter + * MUST NOT be 0, and MUST NOT exceed the value obtained in the + * `br_ssl_engine_sendrec_buf()` call. + * + * \param cc SSL engine context. + * \param len number of bytes read (not zero). + */ +void br_ssl_engine_sendrec_ack(br_ssl_engine_context *cc, size_t len); + +/** + * \brief Get buffer for incoming records. + * + * If the engine is ready to accept records from the peer, then this + * call returns a pointer to the buffer where such data shall be + * written, and its length is written in `*len`. Otherwise, `*len` is + * set to 0 and `NULL` is returned. + * + * \param cc SSL engine context. + * \param len receives the record data input buffer length, or 0. + * \return the record data input buffer, or `NULL`. + */ +unsigned char *br_ssl_engine_recvrec_buf( + const br_ssl_engine_context *cc, size_t *len); + +/** + * \brief Inform the engine of some new record data. + * + * After writing `len` bytes in the buffer returned by + * `br_ssl_engine_recvrec_buf()`, the application shall call this + * function to trigger any relevant processing. The `len` parameter + * MUST NOT be 0, and MUST NOT exceed the value obtained in the + * `br_ssl_engine_recvrec_buf()` call. + * + * \param cc SSL engine context. + * \param len number of bytes pushed (not zero). + */ +void br_ssl_engine_recvrec_ack(br_ssl_engine_context *cc, size_t len); + +/** + * \brief Flush buffered application data. + * + * If some application data has been buffered in the engine, then wrap + * it into a record and mark it for sending. If no application data has + * been buffered but the engine would be ready to accept some, AND the + * `force` parameter is non-zero, then an empty record is assembled and + * marked for sending. In all other cases, this function does nothing. + * + * Empty records are technically legal, but not all existing SSL/TLS + * implementations support them. Empty records can be useful as a + * transparent "keep-alive" mechanism to maintain some low-level + * network activity. + * + * \param cc SSL engine context. + * \param force non-zero to force sending an empty record. + */ +void br_ssl_engine_flush(br_ssl_engine_context *cc, int force); + +/** + * \brief Initiate a closure. + * + * If, at that point, the context is open and in ready state, then a + * `close_notify` alert is assembled and marked for sending; this + * triggers the closure protocol. Otherwise, no such alert is assembled. + * + * \param cc SSL engine context. + */ +void br_ssl_engine_close(br_ssl_engine_context *cc); + +/** + * \brief Initiate a renegotiation. + * + * If the engine is failed or closed, or if the peer is known not to + * support secure renegotiation (RFC 5746), or if renegotiations have + * been disabled with the `BR_OPT_NO_RENEGOTIATION` flag, or if there + * is buffered incoming application data, then this function returns 0 + * and nothing else happens. + * + * Otherwise, this function returns 1, and a renegotiation attempt is + * triggered (if a handshake is already ongoing at that point, then + * no new handshake is triggered). + * + * \param cc SSL engine context. + * \return 1 on success, 0 on error. + */ +int br_ssl_engine_renegotiate(br_ssl_engine_context *cc); + +/** + * \brief Export key material from a connected SSL engine (RFC 5705). + * + * This calls compute a secret key of arbitrary length from the master + * secret of a connected SSL engine. If the provided context is not + * currently in "application data" state (initial handshake is not + * finished, another handshake is ongoing, or the connection failed or + * was closed), then this function returns 0. Otherwise, a secret key of + * length `len` bytes is computed and written in the buffer pointed to + * by `dst`, and 1 is returned. + * + * The computed key follows the specification described in RFC 5705. + * That RFC includes two key computations, with and without a "context + * value". If `context` is `NULL`, then the variant without context is + * used; otherwise, the `context_len` bytes located at the address + * pointed to by `context` are used in the computation. Note that it + * is possible to have a "with context" key with a context length of + * zero bytes, by setting `context` to a non-`NULL` value but + * `context_len` to 0. + * + * When context bytes are used, the context length MUST NOT exceed + * 65535 bytes. + * + * \param cc SSL engine context. + * \param dst destination buffer for exported key. + * \param len exported key length (in bytes). + * \param label disambiguation label. + * \param context context value (or `NULL`). + * \param context_len context length (in bytes). + * \return 1 on success, 0 on error. + */ +int br_ssl_key_export(br_ssl_engine_context *cc, + void *dst, size_t len, const char *label, + const void *context, size_t context_len); + +/* + * Pre-declaration for the SSL client context. + */ +typedef struct br_ssl_client_context_ br_ssl_client_context; + +/** + * \brief Type for the client certificate, if requested by the server. + */ +typedef struct { + /** + * \brief Authentication type. + * + * This is either `BR_AUTH_RSA` (RSA signature), `BR_AUTH_ECDSA` + * (ECDSA signature), or `BR_AUTH_ECDH` (static ECDH key exchange). + */ + int auth_type; + + /** + * \brief Hash function for computing the CertificateVerify. + * + * This is the symbolic identifier for the hash function that + * will be used to produce the hash of handshake messages, to + * be signed into the CertificateVerify. For full static ECDH + * (client and server certificates are both EC in the same + * curve, and static ECDH is used), this value is set to -1. + * + * Take care that with TLS 1.0 and 1.1, that value MUST match + * the protocol requirements: value must be 0 (MD5+SHA-1) for + * a RSA signature, or 2 (SHA-1) for an ECDSA signature. Only + * TLS 1.2 allows for other hash functions. + */ + int hash_id; + + /** + * \brief Certificate chain to send to the server. + * + * This is an array of `br_x509_certificate` objects, each + * normally containing a DER-encoded certificate. The client + * code does not try to decode these elements. If there is no + * chain to send to the server, then this pointer shall be + * set to `NULL`. + */ + const br_x509_certificate *chain; + + /** + * \brief Certificate chain length (number of certificates). + * + * If there is no chain to send to the server, then this value + * shall be set to 0. + */ + size_t chain_len; + +} br_ssl_client_certificate; + +/* + * Note: the constants below for signatures match the TLS constants. + */ + +/** \brief Client authentication type: static ECDH. */ +#define BR_AUTH_ECDH 0 +/** \brief Client authentication type: RSA signature. */ +#define BR_AUTH_RSA 1 +/** \brief Client authentication type: ECDSA signature. */ +#define BR_AUTH_ECDSA 3 + +/** + * \brief Class type for a certificate handler (client side). + * + * A certificate handler selects a client certificate chain to send to + * the server, upon explicit request from that server. It receives + * the list of trust anchor DN from the server, and supported types + * of certificates and signatures, and returns the chain to use. It + * is also invoked to perform the corresponding private key operation + * (a signature, or an ECDH computation). + * + * The SSL client engine will first push the trust anchor DN with + * `start_name_list()`, `start_name()`, `append_name()`, `end_name()` + * and `end_name_list()`. Then it will call `choose()`, to select the + * actual chain (and signature/hash algorithms). Finally, it will call + * either `do_sign()` or `do_keyx()`, depending on the algorithm choices. + */ +typedef struct br_ssl_client_certificate_class_ br_ssl_client_certificate_class; +struct br_ssl_client_certificate_class_ { + /** + * \brief Context size (in bytes). + */ + size_t context_size; + + /** + * \brief Begin reception of a list of trust anchor names. This + * is called while parsing the incoming CertificateRequest. + * + * \param pctx certificate handler context. + */ + void (*start_name_list)(const br_ssl_client_certificate_class **pctx); + + /** + * \brief Begin reception of a new trust anchor name. + * + * The total encoded name length is provided; it is less than + * 65535 bytes. + * + * \param pctx certificate handler context. + * \param len encoded name length (in bytes). + */ + void (*start_name)(const br_ssl_client_certificate_class **pctx, + size_t len); + + /** + * \brief Receive some more bytes for the current trust anchor name. + * + * The provided reference (`data`) points to a transient buffer + * they may be reused as soon as this function returns. The chunk + * length (`len`) is never zero. + * + * \param pctx certificate handler context. + * \param data anchor name chunk. + * \param len anchor name chunk length (in bytes). + */ + void (*append_name)(const br_ssl_client_certificate_class **pctx, + const unsigned char *data, size_t len); + + /** + * \brief End current trust anchor name. + * + * This function is called when all the encoded anchor name data + * has been provided. + * + * \param pctx certificate handler context. + */ + void (*end_name)(const br_ssl_client_certificate_class **pctx); + + /** + * \brief End list of trust anchor names. + * + * This function is called when all the anchor names in the + * CertificateRequest message have been obtained. + * + * \param pctx certificate handler context. + */ + void (*end_name_list)(const br_ssl_client_certificate_class **pctx); + + /** + * \brief Select client certificate and algorithms. + * + * This callback function shall fill the provided `choices` + * structure with the selected algorithms and certificate chain. + * The `hash_id`, `chain` and `chain_len` fields must be set. If + * the client cannot or does not wish to send a certificate, + * then it shall set `chain` to `NULL` and `chain_len` to 0. + * + * The `auth_types` parameter describes the authentication types, + * signature algorithms and hash functions that are supported by + * both the client context and the server, and compatible with + * the current protocol version. This is a bit field with the + * following contents: + * + * - If RSA signatures with hash function x are supported, then + * bit x is set. + * + * - If ECDSA signatures with hash function x are supported, + * then bit 8+x is set. + * + * - If static ECDH is supported, with a RSA-signed certificate, + * then bit 16 is set. + * + * - If static ECDH is supported, with an ECDSA-signed certificate, + * then bit 17 is set. + * + * Notes: + * + * - When using TLS 1.0 or 1.1, the hash function for RSA + * signatures is always the special MD5+SHA-1 (id 0), and the + * hash function for ECDSA signatures is always SHA-1 (id 2). + * + * - When using TLS 1.2, the list of hash functions is trimmed + * down to include only hash functions that the client context + * can support. The actual server list can be obtained with + * `br_ssl_client_get_server_hashes()`; that list may be used + * to select the certificate chain to send to the server. + * + * \param pctx certificate handler context. + * \param cc SSL client context. + * \param auth_types supported authentication types and algorithms. + * \param choices destination structure for the policy choices. + */ + void (*choose)(const br_ssl_client_certificate_class **pctx, + const br_ssl_client_context *cc, uint32_t auth_types, + br_ssl_client_certificate *choices); + + /** + * \brief Perform key exchange (client part). + * + * This callback is invoked in case of a full static ECDH key + * exchange: + * + * - the cipher suite uses `ECDH_RSA` or `ECDH_ECDSA`; + * + * - the server requests a client certificate; + * + * - the client has, and sends, a client certificate that + * uses an EC key in the same curve as the server's key, + * and chooses static ECDH (the `hash_id` field in the choice + * structure was set to -1). + * + * In that situation, this callback is invoked to compute the + * client-side ECDH: the provided `data` (of length `*len` bytes) + * is the server's public key point (as decoded from its + * certificate), and the client shall multiply that point with + * its own private key, and write back the X coordinate of the + * resulting point in the same buffer, starting at offset 0. + * The `*len` value shall be modified to designate the actual + * length of the X coordinate. + * + * The callback must uphold the following: + * + * - If the input array does not have the proper length for + * an encoded curve point, then an error (0) shall be reported. + * + * - If the input array has the proper length, then processing + * MUST be constant-time, even if the data is not a valid + * encoded point. + * + * - This callback MUST check that the input point is valid. + * + * Returned value is 1 on success, 0 on error. + * + * \param pctx certificate handler context. + * \param data server public key point. + * \param len public key point length / X coordinate length. + * \return 1 on success, 0 on error. + */ + uint32_t (*do_keyx)(const br_ssl_client_certificate_class **pctx, + unsigned char *data, size_t *len); + + /** + * \brief Perform a signature (client authentication). + * + * This callback is invoked when a client certificate was sent, + * and static ECDH is not used. It shall compute a signature, + * using the client's private key, over the provided hash value + * (which is the hash of all previous handshake messages). + * + * On input, the hash value to sign is in `data`, of size + * `hv_len`; the involved hash function is identified by + * `hash_id`. The signature shall be computed and written + * back into `data`; the total size of that buffer is `len` + * bytes. + * + * This callback shall verify that the signature length does not + * exceed `len` bytes, and abstain from writing the signature if + * it does not fit. + * + * For RSA signatures, the `hash_id` may be 0, in which case + * this is the special header-less signature specified in TLS 1.0 + * and 1.1, with a 36-byte hash value. Otherwise, normal PKCS#1 + * v1.5 signatures shall be computed. + * + * For ECDSA signatures, the signature value shall use the ASN.1 + * based encoding. + * + * Returned value is the signature length (in bytes), or 0 on error. + * + * \param pctx certificate handler context. + * \param hash_id hash function identifier. + * \param hv_len hash value length (in bytes). + * \param data input/output buffer (hash value, then signature). + * \param len total buffer length (in bytes). + * \return signature length (in bytes) on success, or 0 on error. + */ + size_t (*do_sign)(const br_ssl_client_certificate_class **pctx, + int hash_id, size_t hv_len, unsigned char *data, size_t len); +}; + +/** + * \brief A single-chain RSA client certificate handler. + * + * This handler uses a single certificate chain, with a RSA + * signature. The list of trust anchor DN is ignored. + * + * Apart from the first field (vtable pointer), its contents are + * opaque and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + const br_ssl_client_certificate_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + const br_x509_certificate *chain; + size_t chain_len; + const br_rsa_private_key *sk; + br_rsa_pkcs1_sign irsasign; +#endif +} br_ssl_client_certificate_rsa_context; + +/** + * \brief A single-chain EC client certificate handler. + * + * This handler uses a single certificate chain, with a RSA + * signature. The list of trust anchor DN is ignored. + * + * This handler may support both static ECDH, and ECDSA signatures + * (either usage may be selectively disabled). + * + * Apart from the first field (vtable pointer), its contents are + * opaque and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + const br_ssl_client_certificate_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + const br_x509_certificate *chain; + size_t chain_len; + const br_ec_private_key *sk; + unsigned allowed_usages; + unsigned issuer_key_type; + const br_multihash_context *mhash; + const br_ec_impl *iec; + br_ecdsa_sign iecdsa; +#endif +} br_ssl_client_certificate_ec_context; + +/** + * \brief Context structure for a SSL client. + * + * The first field (called `eng`) is the SSL engine; all functions that + * work on a `br_ssl_engine_context` structure shall take as parameter + * a pointer to that field. The other structure fields are opaque and + * must not be accessed directly. + */ +struct br_ssl_client_context_ { + /** + * \brief The encapsulated engine context. + */ + br_ssl_engine_context eng; + +#ifndef BR_DOXYGEN_IGNORE + /* + * Minimum ClientHello length; padding with an extension (RFC + * 7685) is added if necessary to match at least that length. + * Such padding is nominally unnecessary, but it has been used + * to work around some server implementation bugs. + */ + uint16_t min_clienthello_len; + + /* + * Bit field for algoithms (hash + signature) supported by the + * server when requesting a client certificate. + */ + uint32_t hashes; + + /* + * Server's public key curve. + */ + int server_curve; + + /* + * Context for certificate handler. + */ + const br_ssl_client_certificate_class **client_auth_vtable; + + /* + * Client authentication type. + */ + unsigned char auth_type; + + /* + * Hash function to use for the client signature. This is 0xFF + * if static ECDH is used. + */ + unsigned char hash_id; + + /* + * For the core certificate handlers, thus avoiding (in most + * cases) the need for an externally provided policy context. + */ + union { + const br_ssl_client_certificate_class *vtable; + br_ssl_client_certificate_rsa_context single_rsa; + br_ssl_client_certificate_ec_context single_ec; + } client_auth; + + /* + * Implementations. + */ + br_rsa_public irsapub; +#endif +}; + +/** + * \brief Get the hash functions and signature algorithms supported by + * the server. + * + * This value is a bit field: + * + * - If RSA (PKCS#1 v1.5) is supported with hash function of ID `x`, + * then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1, + * or 2 to 6 for the SHA family). + * + * - If ECDSA is suported with hash function of ID `x`, then bit `8+x` + * is set. + * + * - Newer algorithms are symbolic 16-bit identifiers that do not + * represent signature algorithm and hash function separately. If + * the TLS-level identifier is `0x0800+x` for a `x` in the 0..15 + * range, then bit `16+x` is set. + * + * "New algorithms" are currently defined only in draft documents, so + * this support is subject to possible change. Right now (early 2017), + * this maps ed25519 (EdDSA on Curve25519) to bit 23, and ed448 (EdDSA + * on Curve448) to bit 24. If the identifiers on the wire change in + * future document, then the decoding mechanism in BearSSL will be + * amended to keep mapping ed25519 and ed448 on bits 23 and 24, + * respectively. Mapping of other new algorithms (e.g. RSA/PSS) is not + * guaranteed yet. + * + * \param cc client context. + * \return the server-supported hash functions and signature algorithms. + */ +static inline uint32_t +br_ssl_client_get_server_hashes(const br_ssl_client_context *cc) +{ + return cc->hashes; +} + +/** + * \brief Get the server key curve. + * + * This function returns the ID for the curve used by the server's public + * key. This is set when the server's certificate chain is processed; + * this value is 0 if the server's key is not an EC key. + * + * \return the server's public key curve ID, or 0. + */ +static inline int +br_ssl_client_get_server_curve(const br_ssl_client_context *cc) +{ + return cc->server_curve; +} + +/* + * Each br_ssl_client_init_xxx() function sets the list of supported + * cipher suites and used implementations, as specified by the profile + * name 'xxx'. Defined profile names are: + * + * full all supported versions and suites; constant-time implementations + * TODO: add other profiles + */ + +/** + * \brief SSL client profile: full. + * + * This function initialises the provided SSL client context with + * all supported algorithms and cipher suites. It also initialises + * a companion X.509 validation engine with all supported algorithms, + * and the provided trust anchors; the X.509 engine will be used by + * the client context to validate the server's certificate. + * + * \param cc client context to initialise. + * \param xc X.509 validation context to initialise. + * \param trust_anchors trust anchors to use. + * \param trust_anchors_num number of trust anchors. + */ +void br_ssl_client_init_full(br_ssl_client_context *cc, + br_x509_minimal_context *xc, + const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); + +/** + * \brief Clear the complete contents of a SSL client context. + * + * Everything is cleared, including the reference to the configured buffer, + * implementations, cipher suites and state. This is a preparatory step + * to assembling a custom profile. + * + * \param cc client context to clear. + */ +void br_ssl_client_zero(br_ssl_client_context *cc); + +/** + * \brief Set an externally provided client certificate handler context. + * + * The handler's methods are invoked when the server requests a client + * certificate. + * + * \param cc client context. + * \param pctx certificate handler context (pointer to its vtable field). + */ +static inline void +br_ssl_client_set_client_certificate(br_ssl_client_context *cc, + const br_ssl_client_certificate_class **pctx) +{ + cc->client_auth_vtable = pctx; +} + +/** + * \brief Set the RSA public-key operations implementation. + * + * This will be used to encrypt the pre-master secret with the server's + * RSA public key (RSA-encryption cipher suites only). + * + * \param cc client context. + * \param irsapub RSA public-key encryption implementation. + */ +static inline void +br_ssl_client_set_rsapub(br_ssl_client_context *cc, br_rsa_public irsapub) +{ + cc->irsapub = irsapub; +} + +/** + * \brief Set the "default" RSA implementation for public-key operations. + * + * This sets the RSA implementation in the client context (for encrypting + * the pre-master secret, in `TLS_RSA_*` cipher suites) to the fastest + * available on the current platform. + * + * \param cc client context. + */ +void br_ssl_client_set_default_rsapub(br_ssl_client_context *cc); + +/** + * \brief Set the minimum ClientHello length (RFC 7685 padding). + * + * If this value is set and the ClientHello would be shorter, then + * the Pad ClientHello extension will be added with enough padding bytes + * to reach the target size. Because of the extension header, the resulting + * size will sometimes be slightly more than `len` bytes if the target + * size cannot be exactly met. + * + * The target length relates to the _contents_ of the ClientHello, not + * counting its 4-byte header. For instance, if `len` is set to 512, + * then the padding will bring the ClientHello size to 516 bytes with its + * header, and 521 bytes when counting the 5-byte record header. + * + * \param cc client context. + * \param len minimum ClientHello length (in bytes). + */ +static inline void +br_ssl_client_set_min_clienthello_len(br_ssl_client_context *cc, uint16_t len) +{ + cc->min_clienthello_len = len; +} + +/** + * \brief Prepare or reset a client context for a new connection. + * + * The `server_name` parameter is used to fill the SNI extension; the + * X.509 "minimal" engine will also match that name against the server + * names included in the server's certificate. If the parameter is + * `NULL` then no SNI extension will be sent, and the X.509 "minimal" + * engine (if used for server certificate validation) will not check + * presence of any specific name in the received certificate. + * + * Therefore, setting the `server_name` to `NULL` shall be reserved + * to cases where alternate or additional methods are used to ascertain + * that the right server public key is used (e.g. a "known key" model). + * + * If `resume_session` is non-zero and the context was previously used + * then the session parameters may be reused (depending on whether the + * server previously sent a non-empty session ID, and accepts the session + * resumption). The session parameters for session resumption can also + * be set explicitly with `br_ssl_engine_set_session_parameters()`. + * + * On failure, the context is marked as failed, and this function + * returns 0. A possible failure condition is when no initial entropy + * was injected, and none could be obtained from the OS (either OS + * randomness gathering is not supported, or it failed). + * + * \param cc client context. + * \param server_name target server name, or `NULL`. + * \param resume_session non-zero to try session resumption. + * \return 0 on failure, 1 on success. + */ +int br_ssl_client_reset(br_ssl_client_context *cc, + const char *server_name, int resume_session); + +/** + * \brief Forget any session in the context. + * + * This means that the next handshake that uses this context will + * necessarily be a full handshake (this applies both to new connections + * and to renegotiations). + * + * \param cc client context. + */ +static inline void +br_ssl_client_forget_session(br_ssl_client_context *cc) +{ + cc->eng.session.session_id_len = 0; +} + +/** + * \brief Set client certificate chain and key (single RSA case). + * + * This function sets a client certificate chain, that the client will + * send to the server whenever a client certificate is requested. This + * certificate uses an RSA public key; the corresponding private key is + * invoked for authentication. Trust anchor names sent by the server are + * ignored. + * + * The provided chain and private key are linked in the client context; + * they must remain valid as long as they may be used, i.e. normally + * for the duration of the connection, since they might be invoked + * again upon renegotiations. + * + * \param cc SSL client context. + * \param chain client certificate chain (SSL order: EE comes first). + * \param chain_len client chain length (number of certificates). + * \param sk client private key. + * \param irsasign RSA signature implementation (PKCS#1 v1.5). + */ +void br_ssl_client_set_single_rsa(br_ssl_client_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_rsa_private_key *sk, br_rsa_pkcs1_sign irsasign); + +/* + * \brief Set the client certificate chain and key (single EC case). + * + * This function sets a client certificate chain, that the client will + * send to the server whenever a client certificate is requested. This + * certificate uses an EC public key; the corresponding private key is + * invoked for authentication. Trust anchor names sent by the server are + * ignored. + * + * The provided chain and private key are linked in the client context; + * they must remain valid as long as they may be used, i.e. normally + * for the duration of the connection, since they might be invoked + * again upon renegotiations. + * + * The `allowed_usages` is a combination of usages, namely + * `BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`. The `BR_KEYTYPE_KEYX` + * value allows full static ECDH, while the `BR_KEYTYPE_SIGN` value + * allows ECDSA signatures. If ECDSA signatures are used, then an ECDSA + * signature implementation must be provided; otherwise, the `iecdsa` + * parameter may be 0. + * + * The `cert_issuer_key_type` value is either `BR_KEYTYPE_RSA` or + * `BR_KEYTYPE_EC`; it is the type of the public key used the the CA + * that issued (signed) the client certificate. That value is used with + * full static ECDH: support of the certificate by the server depends + * on how the certificate was signed. (Note: when using TLS 1.2, this + * parameter is ignored; but its value matters for TLS 1.0 and 1.1.) + * + * \param cc server context. + * \param chain server certificate chain to send. + * \param chain_len chain length (number of certificates). + * \param sk server private key (EC). + * \param allowed_usages allowed private key usages. + * \param cert_issuer_key_type issuing CA's key type. + * \param iec EC core implementation. + * \param iecdsa ECDSA signature implementation ("asn1" format). + */ +void br_ssl_client_set_single_ec(br_ssl_client_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_ec_private_key *sk, unsigned allowed_usages, + unsigned cert_issuer_key_type, + const br_ec_impl *iec, br_ecdsa_sign iecdsa); + +/** + * \brief Type for a "translated cipher suite", as an array of two + * 16-bit integers. + * + * The first element is the cipher suite identifier (as used on the wire). + * The second element is the concatenation of four 4-bit elements which + * characterise the cipher suite contents. In most to least significant + * order, these 4-bit elements are: + * + * - Bits 12 to 15: key exchange + server key type + * + * | val | symbolic constant | suite type | details | + * | :-- | :----------------------- | :---------- | :----------------------------------------------- | + * | 0 | `BR_SSLKEYX_RSA` | RSA | RSA key exchange, key is RSA (encryption) | + * | 1 | `BR_SSLKEYX_ECDHE_RSA` | ECDHE_RSA | ECDHE key exchange, key is RSA (signature) | + * | 2 | `BR_SSLKEYX_ECDHE_ECDSA` | ECDHE_ECDSA | ECDHE key exchange, key is EC (signature) | + * | 3 | `BR_SSLKEYX_ECDH_RSA` | ECDH_RSA | Key is EC (key exchange), cert signed with RSA | + * | 4 | `BR_SSLKEYX_ECDH_ECDSA` | ECDH_ECDSA | Key is EC (key exchange), cert signed with ECDSA | + * + * - Bits 8 to 11: symmetric encryption algorithm + * + * | val | symbolic constant | symmetric encryption | key strength (bits) | + * | :-- | :--------------------- | :------------------- | :------------------ | + * | 0 | `BR_SSLENC_3DES_CBC` | 3DES/CBC | 168 | + * | 1 | `BR_SSLENC_AES128_CBC` | AES-128/CBC | 128 | + * | 2 | `BR_SSLENC_AES256_CBC` | AES-256/CBC | 256 | + * | 3 | `BR_SSLENC_AES128_GCM` | AES-128/GCM | 128 | + * | 4 | `BR_SSLENC_AES256_GCM` | AES-256/GCM | 256 | + * | 5 | `BR_SSLENC_CHACHA20` | ChaCha20/Poly1305 | 256 | + * + * - Bits 4 to 7: MAC algorithm + * + * | val | symbolic constant | MAC type | details | + * | :-- | :----------------- | :----------- | :------------------------------------ | + * | 0 | `BR_SSLMAC_AEAD` | AEAD | No dedicated MAC (encryption is AEAD) | + * | 2 | `BR_SSLMAC_SHA1` | HMAC/SHA-1 | Value matches `br_sha1_ID` | + * | 4 | `BR_SSLMAC_SHA256` | HMAC/SHA-256 | Value matches `br_sha256_ID` | + * | 5 | `BR_SSLMAC_SHA384` | HMAC/SHA-384 | Value matches `br_sha384_ID` | + * + * - Bits 0 to 3: hash function for PRF when used with TLS-1.2 + * + * | val | symbolic constant | hash function | details | + * | :-- | :----------------- | :------------ | :----------------------------------- | + * | 4 | `BR_SSLPRF_SHA256` | SHA-256 | Value matches `br_sha256_ID` | + * | 5 | `BR_SSLPRF_SHA384` | SHA-384 | Value matches `br_sha384_ID` | + * + * For instance, cipher suite `TLS_RSA_WITH_AES_128_GCM_SHA256` has + * standard identifier 0x009C, and is translated to 0x0304, for, in + * that order: RSA key exchange (0), AES-128/GCM (3), AEAD integrity (0), + * SHA-256 in the TLS PRF (4). + */ +typedef uint16_t br_suite_translated[2]; + +#ifndef BR_DOXYGEN_IGNORE +/* + * Constants are already documented in the br_suite_translated type. + */ + +#define BR_SSLKEYX_RSA 0 +#define BR_SSLKEYX_ECDHE_RSA 1 +#define BR_SSLKEYX_ECDHE_ECDSA 2 +#define BR_SSLKEYX_ECDH_RSA 3 +#define BR_SSLKEYX_ECDH_ECDSA 4 + +#define BR_SSLENC_3DES_CBC 0 +#define BR_SSLENC_AES128_CBC 1 +#define BR_SSLENC_AES256_CBC 2 +#define BR_SSLENC_AES128_GCM 3 +#define BR_SSLENC_AES256_GCM 4 +#define BR_SSLENC_CHACHA20 5 + +#define BR_SSLMAC_AEAD 0 +#define BR_SSLMAC_SHA1 br_sha1_ID +#define BR_SSLMAC_SHA256 br_sha256_ID +#define BR_SSLMAC_SHA384 br_sha384_ID + +#define BR_SSLPRF_SHA256 br_sha256_ID +#define BR_SSLPRF_SHA384 br_sha384_ID + +#endif + +/* + * Pre-declaration for the SSL server context. + */ +typedef struct br_ssl_server_context_ br_ssl_server_context; + +/** + * \brief Type for the server policy choices, taken after analysis of + * the client message (ClientHello). + */ +typedef struct { + /** + * \brief Cipher suite to use with that client. + */ + uint16_t cipher_suite; + + /** + * \brief Hash function or algorithm for signing the ServerKeyExchange. + * + * This parameter is ignored for `TLS_RSA_*` and `TLS_ECDH_*` + * cipher suites; it is used only for `TLS_ECDHE_*` suites, in + * which the server _signs_ the ephemeral EC Diffie-Hellman + * parameters sent to the client. + * + * This identifier must be one of the following values: + * + * - `0xFF00 + id`, where `id` is a hash function identifier + * (0 for MD5+SHA-1, or 2 to 6 for one of the SHA functions); + * + * - a full 16-bit identifier, lower than `0xFF00`. + * + * If the first option is used, then the SSL engine will + * compute the hash of the data that is to be signed, with the + * designated hash function. The `do_sign()` method will be + * invoked with that hash value provided in the the `data` + * buffer. + * + * If the second option is used, then the SSL engine will NOT + * compute a hash on the data; instead, it will provide the + * to-be-signed data itself in `data`, i.e. the concatenation of + * the client random, server random, and encoded ECDH + * parameters. Furthermore, with TLS-1.2 and later, the 16-bit + * identifier will be used "as is" in the protocol, in the + * SignatureAndHashAlgorithm; for instance, `0x0401` stands for + * RSA PKCS#1 v1.5 signature (the `01`) with SHA-256 as hash + * function (the `04`). + * + * Take care that with TLS 1.0 and 1.1, the hash function is + * constrainted by the protocol: RSA signature must use + * MD5+SHA-1 (so use `0xFF00`), while ECDSA must use SHA-1 + * (`0xFF02`). Since TLS 1.0 and 1.1 don't include a + * SignatureAndHashAlgorithm field in their ServerKeyExchange + * messages, any value below `0xFF00` will be usable to send the + * raw ServerKeyExchange data to the `do_sign()` callback, but + * that callback must still follow the protocol requirements + * when generating the signature. + */ + unsigned algo_id; + + /** + * \brief Certificate chain to send to the client. + * + * This is an array of `br_x509_certificate` objects, each + * normally containing a DER-encoded certificate. The server + * code does not try to decode these elements. + */ + const br_x509_certificate *chain; + + /** + * \brief Certificate chain length (number of certificates). + */ + size_t chain_len; + +} br_ssl_server_choices; + +/** + * \brief Class type for a policy handler (server side). + * + * A policy handler selects the policy parameters for a connection + * (cipher suite and other algorithms, and certificate chain to send to + * the client); it also performs the server-side computations involving + * its permanent private key. + * + * The SSL server engine will invoke first `choose()`, once the + * ClientHello message has been received, then either `do_keyx()` + * `do_sign()`, depending on the cipher suite. + */ +typedef struct br_ssl_server_policy_class_ br_ssl_server_policy_class; +struct br_ssl_server_policy_class_ { + /** + * \brief Context size (in bytes). + */ + size_t context_size; + + /** + * \brief Select algorithms and certificates for this connection. + * + * This callback function shall fill the provided `choices` + * structure with the policy choices for this connection. This + * entails selecting the cipher suite, hash function for signing + * the ServerKeyExchange (applicable only to ECDHE cipher suites), + * and certificate chain to send. + * + * The callback receives a pointer to the server context that + * contains the relevant data. In particular, the functions + * `br_ssl_server_get_client_suites()`, + * `br_ssl_server_get_client_hashes()` and + * `br_ssl_server_get_client_curves()` can be used to obtain + * the cipher suites, hash functions and elliptic curves + * supported by both the client and server, respectively. The + * `br_ssl_engine_get_version()` and `br_ssl_engine_get_server_name()` + * functions yield the protocol version and requested server name + * (SNI), respectively. + * + * This function may modify its context structure (`pctx`) in + * arbitrary ways to keep track of its own choices. + * + * This function shall return 1 if appropriate policy choices + * could be made, or 0 if this connection cannot be pursued. + * + * \param pctx policy context. + * \param cc SSL server context. + * \param choices destination structure for the policy choices. + * \return 1 on success, 0 on error. + */ + int (*choose)(const br_ssl_server_policy_class **pctx, + const br_ssl_server_context *cc, + br_ssl_server_choices *choices); + + /** + * \brief Perform key exchange (server part). + * + * This callback is invoked to perform the server-side cryptographic + * operation for a key exchange that is not ECDHE. This callback + * uses the private key. + * + * **For RSA key exchange**, the provided `data` (of length `*len` + * bytes) shall be decrypted with the server's private key, and + * the 48-byte premaster secret copied back to the first 48 bytes + * of `data`. + * + * - The caller makes sure that `*len` is at least 59 bytes. + * + * - This callback MUST check that the provided length matches + * that of the key modulus; it shall report an error otherwise. + * + * - If the length matches that of the RSA key modulus, then + * processing MUST be constant-time, even if decryption fails, + * or the padding is incorrect, or the plaintext message length + * is not exactly 48 bytes. + * + * - This callback needs not check the two first bytes of the + * obtained pre-master secret (the caller will do that). + * + * - If an error is reported (0), then what the callback put + * in the first 48 bytes of `data` is unimportant (the caller + * will use random bytes instead). + * + * **For ECDH key exchange**, the provided `data` (of length `*len` + * bytes) is the elliptic curve point from the client. The + * callback shall multiply it with its private key, and store + * the resulting X coordinate in `data`, starting at offset 0, + * and set `*len` to the length of the X coordinate. + * + * - If the input array does not have the proper length for + * an encoded curve point, then an error (0) shall be reported. + * + * - If the input array has the proper length, then processing + * MUST be constant-time, even if the data is not a valid + * encoded point. + * + * - This callback MUST check that the input point is valid. + * + * Returned value is 1 on success, 0 on error. + * + * \param pctx policy context. + * \param data key exchange data from the client. + * \param len key exchange data length (in bytes). + * \return 1 on success, 0 on error. + */ + uint32_t (*do_keyx)(const br_ssl_server_policy_class **pctx, + unsigned char *data, size_t *len); + + /** + * \brief Perform a signature (for a ServerKeyExchange message). + * + * This callback function is invoked for ECDHE cipher suites. On + * input, the hash value or message to sign is in `data`, of + * size `hv_len`; the involved hash function or algorithm is + * identified by `algo_id`. The signature shall be computed and + * written back into `data`; the total size of that buffer is + * `len` bytes. + * + * This callback shall verify that the signature length does not + * exceed `len` bytes, and abstain from writing the signature if + * it does not fit. + * + * The `algo_id` value matches that which was written in the + * `choices` structures by the `choose()` callback. This will be + * one of the following: + * + * - `0xFF00 + id` for a hash function identifier `id`. In + * that case, the `data` buffer contains a hash value + * already computed over the data that is to be signed, + * of length `hv_len`. The `id` may be 0 to designate the + * special MD5+SHA-1 concatenation (old-style RSA signing). + * + * - Another value, lower than `0xFF00`. The `data` buffer + * then contains the raw, non-hashed data to be signed + * (concatenation of the client and server randoms and + * ECDH parameters). The callback is responsible to apply + * any relevant hashing as part of the signing process. + * + * Returned value is the signature length (in bytes), or 0 on error. + * + * \param pctx policy context. + * \param algo_id hash function / algorithm identifier. + * \param data input/output buffer (message/hash, then signature). + * \param hv_len hash value or message length (in bytes). + * \param len total buffer length (in bytes). + * \return signature length (in bytes) on success, or 0 on error. + */ + size_t (*do_sign)(const br_ssl_server_policy_class **pctx, + unsigned algo_id, + unsigned char *data, size_t hv_len, size_t len); +}; + +/** + * \brief A single-chain RSA policy handler. + * + * This policy context uses a single certificate chain, and a RSA + * private key. The context can be restricted to only signatures or + * only key exchange. + * + * Apart from the first field (vtable pointer), its contents are + * opaque and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + const br_ssl_server_policy_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + const br_x509_certificate *chain; + size_t chain_len; + const br_rsa_private_key *sk; + unsigned allowed_usages; + br_rsa_private irsacore; + br_rsa_pkcs1_sign irsasign; +#endif +} br_ssl_server_policy_rsa_context; + +/** + * \brief A single-chain EC policy handler. + * + * This policy context uses a single certificate chain, and an EC + * private key. The context can be restricted to only signatures or + * only key exchange. + * + * Due to how TLS is defined, this context must be made aware whether + * the server certificate was itself signed with RSA or ECDSA. The code + * does not try to decode the certificate to obtain that information. + * + * Apart from the first field (vtable pointer), its contents are + * opaque and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + const br_ssl_server_policy_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + const br_x509_certificate *chain; + size_t chain_len; + const br_ec_private_key *sk; + unsigned allowed_usages; + unsigned cert_issuer_key_type; + const br_multihash_context *mhash; + const br_ec_impl *iec; + br_ecdsa_sign iecdsa; +#endif +} br_ssl_server_policy_ec_context; + +/** + * \brief Class type for a session parameter cache. + * + * Session parameters are saved in the cache with `save()`, and + * retrieved with `load()`. The cache implementation can apply any + * storage and eviction strategy that it sees fit. The SSL server + * context that performs the request is provided, so that its + * functionalities may be used by the implementation (e.g. hash + * functions or random number generation). + */ +typedef struct br_ssl_session_cache_class_ br_ssl_session_cache_class; +struct br_ssl_session_cache_class_ { + /** + * \brief Context size (in bytes). + */ + size_t context_size; + + /** + * \brief Record a session. + * + * This callback should record the provided session parameters. + * The `params` structure is transient, so its contents shall + * be copied into the cache. The session ID has been randomly + * generated and always has length exactly 32 bytes. + * + * \param ctx session cache context. + * \param server_ctx SSL server context. + * \param params session parameters to save. + */ + void (*save)(const br_ssl_session_cache_class **ctx, + br_ssl_server_context *server_ctx, + const br_ssl_session_parameters *params); + + /** + * \brief Lookup a session in the cache. + * + * The session ID to lookup is in `params` and always has length + * exactly 32 bytes. If the session parameters are found in the + * cache, then the parameters shall be copied into the `params` + * structure. Returned value is 1 on successful lookup, 0 + * otherwise. + * + * \param ctx session cache context. + * \param server_ctx SSL server context. + * \param params destination for session parameters. + * \return 1 if found, 0 otherwise. + */ + int (*load)(const br_ssl_session_cache_class **ctx, + br_ssl_server_context *server_ctx, + br_ssl_session_parameters *params); +}; + +/** + * \brief Context for a basic cache system. + * + * The system stores session parameters in a buffer provided at + * initialisation time. Each entry uses exactly 100 bytes, and + * buffer sizes up to 4294967295 bytes are supported. + * + * Entries are evicted with a LRU (Least Recently Used) policy. A + * search tree is maintained to keep lookups fast even with large + * caches. + * + * Apart from the first field (vtable pointer), the structure + * contents are opaque and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + const br_ssl_session_cache_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + unsigned char *store; + size_t store_len, store_ptr; + unsigned char index_key[32]; + const br_hash_class *hash; + int init_done; + uint32_t head, tail, root; +#endif +} br_ssl_session_cache_lru; + +/** + * \brief Initialise a LRU session cache with the provided storage space. + * + * The provided storage space must remain valid as long as the cache + * is used. Arbitrary lengths are supported, up to 4294967295 bytes; + * each entry uses up exactly 100 bytes. + * + * \param cc session cache context. + * \param store storage space for cached entries. + * \param store_len storage space length (in bytes). + */ +void br_ssl_session_cache_lru_init(br_ssl_session_cache_lru *cc, + unsigned char *store, size_t store_len); + +/** + * \brief Forget an entry in an LRU session cache. + * + * The session cache context must have been initialised. The entry + * with the provided session ID (of exactly 32 bytes) is looked for + * in the cache; if located, it is disabled. + * + * \param cc session cache context. + * \param id session ID to forget. + */ +void br_ssl_session_cache_lru_forget( + br_ssl_session_cache_lru *cc, const unsigned char *id); + +/** + * \brief Context structure for a SSL server. + * + * The first field (called `eng`) is the SSL engine; all functions that + * work on a `br_ssl_engine_context` structure shall take as parameter + * a pointer to that field. The other structure fields are opaque and + * must not be accessed directly. + */ +struct br_ssl_server_context_ { + /** + * \brief The encapsulated engine context. + */ + br_ssl_engine_context eng; + +#ifndef BR_DOXYGEN_IGNORE + /* + * Maximum version from the client. + */ + uint16_t client_max_version; + + /* + * Session cache. + */ + const br_ssl_session_cache_class **cache_vtable; + + /* + * Translated cipher suites supported by the client. The list + * is trimmed to include only the cipher suites that the + * server also supports; they are in the same order as in the + * client message. + */ + br_suite_translated client_suites[BR_MAX_CIPHER_SUITES]; + unsigned char client_suites_num; + + /* + * Hash functions supported by the client, with ECDSA and RSA + * (bit mask). For hash function with id 'x', set bit index is + * x for RSA, x+8 for ECDSA. For newer algorithms, with ID + * 0x08**, bit 16+k is set for algorithm 0x0800+k. + */ + uint32_t hashes; + + /* + * Curves supported by the client (bit mask, for named curves). + */ + uint32_t curves; + + /* + * Context for chain handler. + */ + const br_ssl_server_policy_class **policy_vtable; + uint16_t sign_hash_id; + + /* + * For the core handlers, thus avoiding (in most cases) the + * need for an externally provided policy context. + */ + union { + const br_ssl_server_policy_class *vtable; + br_ssl_server_policy_rsa_context single_rsa; + br_ssl_server_policy_ec_context single_ec; + } chain_handler; + + /* + * Buffer for the ECDHE private key. + */ + unsigned char ecdhe_key[70]; + size_t ecdhe_key_len; + + /* + * Trust anchor names for client authentication. "ta_names" and + * "tas" cannot be both non-NULL. + */ + const br_x500_name *ta_names; + const br_x509_trust_anchor *tas; + size_t num_tas; + size_t cur_dn_index; + const unsigned char *cur_dn; + size_t cur_dn_len; + + /* + * Buffer for the hash value computed over all handshake messages + * prior to CertificateVerify, and identifier for the hash function. + */ + unsigned char hash_CV[64]; + size_t hash_CV_len; + int hash_CV_id; + + /* + * Server-specific implementations. + * (none for now) + */ +#endif +}; + +/* + * Each br_ssl_server_init_xxx() function sets the list of supported + * cipher suites and used implementations, as specified by the profile + * name 'xxx'. Defined profile names are: + * + * full_rsa all supported algorithm, server key type is RSA + * full_ec all supported algorithm, server key type is EC + * TODO: add other profiles + * + * Naming scheme for "minimal" profiles: min123 + * + * -- character 1: key exchange + * r = RSA + * e = ECDHE_RSA + * f = ECDHE_ECDSA + * u = ECDH_RSA + * v = ECDH_ECDSA + * -- character 2: version / PRF + * 0 = TLS 1.0 / 1.1 with MD5+SHA-1 + * 2 = TLS 1.2 with SHA-256 + * 3 = TLS 1.2 with SHA-384 + * -- character 3: encryption + * a = AES/CBC + * d = 3DES/CBC + * g = AES/GCM + * c = ChaCha20+Poly1305 + */ + +/** + * \brief SSL server profile: full_rsa. + * + * This function initialises the provided SSL server context with + * all supported algorithms and cipher suites that rely on a RSA + * key pair. + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk RSA private key. + */ +void br_ssl_server_init_full_rsa(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_rsa_private_key *sk); + +/** + * \brief SSL server profile: full_ec. + * + * This function initialises the provided SSL server context with + * all supported algorithms and cipher suites that rely on an EC + * key pair. + * + * The key type of the CA that issued the server's certificate must + * be provided, since it matters for ECDH cipher suites (ECDH_RSA + * suites require a RSA-powered CA). The key type is either + * `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`. + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len chain length (number of certificates). + * \param cert_issuer_key_type certificate issuer's key type. + * \param sk EC private key. + */ +void br_ssl_server_init_full_ec(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + unsigned cert_issuer_key_type, const br_ec_private_key *sk); + +/** + * \brief SSL server profile: minr2g. + * + * This profile uses only TLS_RSA_WITH_AES_128_GCM_SHA256. Server key is + * RSA, and RSA key exchange is used (not forward secure, but uses little + * CPU in the client). + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk RSA private key. + */ +void br_ssl_server_init_minr2g(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_rsa_private_key *sk); + +/** + * \brief SSL server profile: mine2g. + * + * This profile uses only TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Server key + * is RSA, and ECDHE key exchange is used. This suite provides forward + * security, with a higher CPU expense on the client, and a somewhat + * larger code footprint (compared to "minr2g"). + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk RSA private key. + */ +void br_ssl_server_init_mine2g(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_rsa_private_key *sk); + +/** + * \brief SSL server profile: minf2g. + * + * This profile uses only TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. + * Server key is EC, and ECDHE key exchange is used. This suite provides + * forward security, with a higher CPU expense on the client and server + * (by a factor of about 3 to 4), and a somewhat larger code footprint + * (compared to "minu2g" and "minv2g"). + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk EC private key. + */ +void br_ssl_server_init_minf2g(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_ec_private_key *sk); + +/** + * \brief SSL server profile: minu2g. + * + * This profile uses only TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256. + * Server key is EC, and ECDH key exchange is used; the issuing CA used + * a RSA key. + * + * The "minu2g" and "minv2g" profiles do not provide forward secrecy, + * but are the lightest on the server (for CPU usage), and are rather + * inexpensive on the client as well. + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk EC private key. + */ +void br_ssl_server_init_minu2g(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_ec_private_key *sk); + +/** + * \brief SSL server profile: minv2g. + * + * This profile uses only TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256. + * Server key is EC, and ECDH key exchange is used; the issuing CA used + * an EC key. + * + * The "minu2g" and "minv2g" profiles do not provide forward secrecy, + * but are the lightest on the server (for CPU usage), and are rather + * inexpensive on the client as well. + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk EC private key. + */ +void br_ssl_server_init_minv2g(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_ec_private_key *sk); + +/** + * \brief SSL server profile: mine2c. + * + * This profile uses only TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256. + * Server key is RSA, and ECDHE key exchange is used. This suite + * provides forward security. + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk RSA private key. + */ +void br_ssl_server_init_mine2c(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_rsa_private_key *sk); + +/** + * \brief SSL server profile: minf2c. + * + * This profile uses only TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. + * Server key is EC, and ECDHE key exchange is used. This suite provides + * forward security. + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk EC private key. + */ +void br_ssl_server_init_minf2c(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_ec_private_key *sk); + +/** + * \brief Get the supported client suites. + * + * This function shall be called only after the ClientHello has been + * processed, typically from the policy engine. The returned array + * contains the cipher suites that are supported by both the client + * and the server; these suites are in client preference order, unless + * the `BR_OPT_ENFORCE_SERVER_PREFERENCES` flag was set, in which case + * they are in server preference order. + * + * The suites are _translated_, which means that each suite is given + * as two 16-bit integers: the standard suite identifier, and its + * translated version, broken down into its individual components, + * as explained with the `br_suite_translated` type. + * + * The returned array is allocated in the context and will be rewritten + * by each handshake. + * + * \param cc server context. + * \param num receives the array size (number of suites). + * \return the translated common cipher suites, in preference order. + */ +static inline const br_suite_translated * +br_ssl_server_get_client_suites(const br_ssl_server_context *cc, size_t *num) +{ + *num = cc->client_suites_num; + return cc->client_suites; +} + +/** + * \brief Get the hash functions and signature algorithms supported by + * the client. + * + * This value is a bit field: + * + * - If RSA (PKCS#1 v1.5) is supported with hash function of ID `x`, + * then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1, + * or 2 to 6 for the SHA family). + * + * - If ECDSA is suported with hash function of ID `x`, then bit `8+x` + * is set. + * + * - Newer algorithms are symbolic 16-bit identifiers that do not + * represent signature algorithm and hash function separately. If + * the TLS-level identifier is `0x0800+x` for a `x` in the 0..15 + * range, then bit `16+x` is set. + * + * "New algorithms" are currently defined only in draft documents, so + * this support is subject to possible change. Right now (early 2017), + * this maps ed25519 (EdDSA on Curve25519) to bit 23, and ed448 (EdDSA + * on Curve448) to bit 24. If the identifiers on the wire change in + * future document, then the decoding mechanism in BearSSL will be + * amended to keep mapping ed25519 and ed448 on bits 23 and 24, + * respectively. Mapping of other new algorithms (e.g. RSA/PSS) is not + * guaranteed yet. + * + * \param cc server context. + * \return the client-supported hash functions and signature algorithms. + */ +static inline uint32_t +br_ssl_server_get_client_hashes(const br_ssl_server_context *cc) +{ + return cc->hashes; +} + +/** + * \brief Get the elliptic curves supported by the client. + * + * This is a bit field (bit x is set if curve of ID x is supported). + * + * \param cc server context. + * \return the client-supported elliptic curves. + */ +static inline uint32_t +br_ssl_server_get_client_curves(const br_ssl_server_context *cc) +{ + return cc->curves; +} + +/** + * \brief Clear the complete contents of a SSL server context. + * + * Everything is cleared, including the reference to the configured buffer, + * implementations, cipher suites and state. This is a preparatory step + * to assembling a custom profile. + * + * \param cc server context to clear. + */ +void br_ssl_server_zero(br_ssl_server_context *cc); + +/** + * \brief Set an externally provided policy context. + * + * The policy context's methods are invoked to decide the cipher suite + * and certificate chain, and to perform operations involving the server's + * private key. + * + * \param cc server context. + * \param pctx policy context (pointer to its vtable field). + */ +static inline void +br_ssl_server_set_policy(br_ssl_server_context *cc, + const br_ssl_server_policy_class **pctx) +{ + cc->policy_vtable = pctx; +} + +/** + * \brief Set the server certificate chain and key (single RSA case). + * + * This function uses a policy context included in the server context. + * It configures use of a single server certificate chain with a RSA + * private key. The `allowed_usages` is a combination of usages, namely + * `BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`; this enables or disables + * the corresponding cipher suites (i.e. `TLS_RSA_*` use the RSA key for + * key exchange, while `TLS_ECDHE_RSA_*` use the RSA key for signatures). + * + * \param cc server context. + * \param chain server certificate chain to send to the client. + * \param chain_len chain length (number of certificates). + * \param sk server private key (RSA). + * \param allowed_usages allowed private key usages. + * \param irsacore RSA core implementation. + * \param irsasign RSA signature implementation (PKCS#1 v1.5). + */ +void br_ssl_server_set_single_rsa(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_rsa_private_key *sk, unsigned allowed_usages, + br_rsa_private irsacore, br_rsa_pkcs1_sign irsasign); + +/** + * \brief Set the server certificate chain and key (single EC case). + * + * This function uses a policy context included in the server context. + * It configures use of a single server certificate chain with an EC + * private key. The `allowed_usages` is a combination of usages, namely + * `BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`; this enables or disables + * the corresponding cipher suites (i.e. `TLS_ECDH_*` use the EC key for + * key exchange, while `TLS_ECDHE_ECDSA_*` use the EC key for signatures). + * + * In order to support `TLS_ECDH_*` cipher suites (non-ephemeral ECDH), + * the algorithm type of the key used by the issuing CA to sign the + * server's certificate must be provided, as `cert_issuer_key_type` + * parameter (this value is either `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`). + * + * \param cc server context. + * \param chain server certificate chain to send. + * \param chain_len chain length (number of certificates). + * \param sk server private key (EC). + * \param allowed_usages allowed private key usages. + * \param cert_issuer_key_type issuing CA's key type. + * \param iec EC core implementation. + * \param iecdsa ECDSA signature implementation ("asn1" format). + */ +void br_ssl_server_set_single_ec(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_ec_private_key *sk, unsigned allowed_usages, + unsigned cert_issuer_key_type, + const br_ec_impl *iec, br_ecdsa_sign iecdsa); + +/** + * \brief Activate client certificate authentication. + * + * The trust anchor encoded X.500 names (DN) to send to the client are + * provided. A client certificate will be requested and validated through + * the X.509 validator configured in the SSL engine. If `num` is 0, then + * client certificate authentication is disabled. + * + * If the client does not send a certificate, or on validation failure, + * the handshake aborts. Unauthenticated clients can be tolerated by + * setting the `BR_OPT_TOLERATE_NO_CLIENT_AUTH` flag. + * + * The provided array is linked in, not copied, so that pointer must + * remain valid as long as anchor names may be used. + * + * \param cc server context. + * \param ta_names encoded trust anchor names. + * \param num number of encoded trust anchor names. + */ +static inline void +br_ssl_server_set_trust_anchor_names(br_ssl_server_context *cc, + const br_x500_name *ta_names, size_t num) +{ + cc->ta_names = ta_names; + cc->tas = NULL; + cc->num_tas = num; +} + +/** + * \brief Activate client certificate authentication. + * + * This is a variant for `br_ssl_server_set_trust_anchor_names()`: the + * trust anchor names are provided not as an array of stand-alone names + * (`br_x500_name` structures), but as an array of trust anchors + * (`br_x509_trust_anchor` structures). The server engine itself will + * only use the `dn` field of each trust anchor. This is meant to allow + * defining a single array of trust anchors, to be used here and in the + * X.509 validation engine itself. + * + * The provided array is linked in, not copied, so that pointer must + * remain valid as long as anchor names may be used. + * + * \param cc server context. + * \param tas trust anchors (only names are used). + * \param num number of trust anchors. + */ +static inline void +br_ssl_server_set_trust_anchor_names_alt(br_ssl_server_context *cc, + const br_x509_trust_anchor *tas, size_t num) +{ + cc->ta_names = NULL; + cc->tas = tas; + cc->num_tas = num; +} + +/** + * \brief Configure the cache for session parameters. + * + * The cache context is provided as a pointer to its first field (vtable + * pointer). + * + * \param cc server context. + * \param vtable session cache context. + */ +static inline void +br_ssl_server_set_cache(br_ssl_server_context *cc, + const br_ssl_session_cache_class **vtable) +{ + cc->cache_vtable = vtable; +} + +/** + * \brief Prepare or reset a server context for handling an incoming client. + * + * \param cc server context. + * \return 1 on success, 0 on error. + */ +int br_ssl_server_reset(br_ssl_server_context *cc); + +/* ===================================================================== */ + +/* + * Context for the simplified I/O context. The transport medium is accessed + * through the low_read() and low_write() callback functions, each with + * its own opaque context pointer. + * + * low_read() read some bytes, at most 'len' bytes, into data[]. The + * returned value is the number of read bytes, or -1 on error. + * The 'len' parameter is guaranteed never to exceed 20000, + * so the length always fits in an 'int' on all platforms. + * + * low_write() write up to 'len' bytes, to be read from data[]. The + * returned value is the number of written bytes, or -1 on + * error. The 'len' parameter is guaranteed never to exceed + * 20000, so the length always fits in an 'int' on all + * parameters. + * + * A socket closure (if the transport medium is a socket) should be reported + * as an error (-1). The callbacks shall endeavour to block until at least + * one byte can be read or written; a callback returning 0 at times is + * acceptable, but this normally leads to the callback being immediately + * called again, so the callback should at least always try to block for + * some time if no I/O can take place. + * + * The SSL engine naturally applies some buffering, so the callbacks need + * not apply buffers of their own. + */ +/** + * \brief Context structure for the simplified SSL I/O wrapper. + * + * This structure is initialised with `br_sslio_init()`. Its contents + * are opaque and shall not be accessed directly. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + br_ssl_engine_context *engine; + int (*low_read)(void *read_context, + unsigned char *data, size_t len); + void *read_context; + int (*low_write)(void *write_context, + const unsigned char *data, size_t len); + void *write_context; +#endif +} br_sslio_context; + +/** + * \brief Initialise a simplified I/O wrapper context. + * + * The simplified I/O wrapper offers a simpler read/write API for a SSL + * engine (client or server), using the provided callback functions for + * reading data from, or writing data to, the transport medium. + * + * The callback functions have the following semantics: + * + * - Each callback receives an opaque context value (of type `void *`) + * that the callback may use arbitrarily (or possibly ignore). + * + * - `low_read()` reads at least one byte, at most `len` bytes, from + * the transport medium. Read bytes shall be written in `data`. + * + * - `low_write()` writes at least one byte, at most `len` bytes, unto + * the transport medium. The bytes to write are read from `data`. + * + * - The `len` parameter is never zero, and is always lower than 20000. + * + * - The number of processed bytes (read or written) is returned. Since + * that number is less than 20000, it always fits on an `int`. + * + * - On error, the callbacks return -1. Reaching end-of-stream is an + * error. Errors are permanent: the SSL connection is terminated. + * + * - Callbacks SHOULD NOT return 0. This is tolerated, as long as + * callbacks endeavour to block for some non-negligible amount of + * time until at least one byte can be sent or received (if a + * callback returns 0, then the wrapper invokes it again + * immediately). + * + * - Callbacks MAY return as soon as at least one byte is processed; + * they MAY also insist on reading or writing _all_ requested bytes. + * Since SSL is a self-terminated protocol (each record has a length + * header), this does not change semantics. + * + * - Callbacks need not apply any buffering (for performance) since SSL + * itself uses buffers. + * + * \param ctx wrapper context to initialise. + * \param engine SSL engine to wrap. + * \param low_read callback for reading data from the transport. + * \param read_context context pointer for `low_read()`. + * \param low_write callback for writing data on the transport. + * \param write_context context pointer for `low_write()`. + */ +void br_sslio_init(br_sslio_context *ctx, + br_ssl_engine_context *engine, + int (*low_read)(void *read_context, + unsigned char *data, size_t len), + void *read_context, + int (*low_write)(void *write_context, + const unsigned char *data, size_t len), + void *write_context); + +/** + * \brief Read some application data from a SSL connection. + * + * If `len` is zero, then this function returns 0 immediately. In + * all other cases, it never returns 0. + * + * This call returns only when at least one byte has been obtained. + * Returned value is the number of bytes read, or -1 on error. The + * number of bytes always fits on an 'int' (data from a single SSL/TLS + * record is returned). + * + * On error or SSL closure, this function returns -1. The caller should + * inspect the error status on the SSL engine to distinguish between + * normal closure and error. + * + * \param cc SSL wrapper context. + * \param dst destination buffer for application data. + * \param len maximum number of bytes to obtain. + * \return number of bytes obtained, or -1 on error. + */ +int br_sslio_read(br_sslio_context *cc, void *dst, size_t len); + +/** + * \brief Read application data from a SSL connection. + * + * This calls returns only when _all_ requested `len` bytes are read, + * or an error is reached. Returned value is 0 on success, -1 on error. + * A normal (verified) SSL closure before that many bytes are obtained + * is reported as an error by this function. + * + * \param cc SSL wrapper context. + * \param dst destination buffer for application data. + * \param len number of bytes to obtain. + * \return 0 on success, or -1 on error. + */ +int br_sslio_read_all(br_sslio_context *cc, void *dst, size_t len); + +/** + * \brief Write some application data unto a SSL connection. + * + * If `len` is zero, then this function returns 0 immediately. In + * all other cases, it never returns 0. + * + * This call returns only when at least one byte has been written. + * Returned value is the number of bytes written, or -1 on error. The + * number of bytes always fits on an 'int' (less than 20000). + * + * On error or SSL closure, this function returns -1. The caller should + * inspect the error status on the SSL engine to distinguish between + * normal closure and error. + * + * **Important:** SSL is buffered; a "written" byte is a byte that was + * injected into the wrapped SSL engine, but this does not necessarily mean + * that it has been scheduled for sending. Use `br_sslio_flush()` to + * ensure that all pending data has been sent to the transport medium. + * + * \param cc SSL wrapper context. + * \param src source buffer for application data. + * \param len maximum number of bytes to write. + * \return number of bytes written, or -1 on error. + */ +int br_sslio_write(br_sslio_context *cc, const void *src, size_t len); + +/** + * \brief Write application data unto a SSL connection. + * + * This calls returns only when _all_ requested `len` bytes have been + * written, or an error is reached. Returned value is 0 on success, -1 + * on error. A normal (verified) SSL closure before that many bytes are + * written is reported as an error by this function. + * + * **Important:** SSL is buffered; a "written" byte is a byte that was + * injected into the wrapped SSL engine, but this does not necessarily mean + * that it has been scheduled for sending. Use `br_sslio_flush()` to + * ensure that all pending data has been sent to the transport medium. + * + * \param cc SSL wrapper context. + * \param src source buffer for application data. + * \param len number of bytes to write. + * \return 0 on success, or -1 on error. + */ +int br_sslio_write_all(br_sslio_context *cc, const void *src, size_t len); + +/** + * \brief Flush pending data. + * + * This call makes sure that any buffered application data in the + * provided context (including the wrapped SSL engine) has been sent + * to the transport medium (i.e. accepted by the `low_write()` callback + * method). If there is no such pending data, then this function does + * nothing (and returns a success, i.e. 0). + * + * If the underlying transport medium has its own buffers, then it is + * up to the caller to ensure the corresponding flushing. + * + * Returned value is 0 on success, -1 on error. + * + * \param cc SSL wrapper context. + * \return 0 on success, or -1 on error. + */ +int br_sslio_flush(br_sslio_context *cc); + +/** + * \brief Close the SSL connection. + * + * This call runs the SSL closure protocol (sending a `close_notify`, + * receiving the response `close_notify`). When it returns, the SSL + * connection is finished. It is still up to the caller to manage the + * possible transport-level termination, if applicable (alternatively, + * the underlying transport stream may be reused for non-SSL messages). + * + * Returned value is 0 on success, -1 on error. A failure by the peer + * to process the complete closure protocol (i.e. sending back the + * `close_notify`) is an error. + * + * \param cc SSL wrapper context. + * \return 0 on success, or -1 on error. + */ +int br_sslio_close(br_sslio_context *cc); + +/* ===================================================================== */ + +/* + * Symbolic constants for cipher suites. + */ + +/* From RFC 5246 */ +#define BR_TLS_NULL_WITH_NULL_NULL 0x0000 +#define BR_TLS_RSA_WITH_NULL_MD5 0x0001 +#define BR_TLS_RSA_WITH_NULL_SHA 0x0002 +#define BR_TLS_RSA_WITH_NULL_SHA256 0x003B +#define BR_TLS_RSA_WITH_RC4_128_MD5 0x0004 +#define BR_TLS_RSA_WITH_RC4_128_SHA 0x0005 +#define BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A +#define BR_TLS_RSA_WITH_AES_128_CBC_SHA 0x002F +#define BR_TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 +#define BR_TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C +#define BR_TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D +#define BR_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D +#define BR_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 +#define BR_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 +#define BR_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 +#define BR_TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 +#define BR_TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 +#define BR_TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 +#define BR_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 +#define BR_TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 +#define BR_TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 +#define BR_TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 +#define BR_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 +#define BR_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 0x003E +#define BR_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 0x003F +#define BR_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040 +#define BR_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 +#define BR_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 0x0068 +#define BR_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 0x0069 +#define BR_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A +#define BR_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B +#define BR_TLS_DH_anon_WITH_RC4_128_MD5 0x0018 +#define BR_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B +#define BR_TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 +#define BR_TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A +#define BR_TLS_DH_anon_WITH_AES_128_CBC_SHA256 0x006C +#define BR_TLS_DH_anon_WITH_AES_256_CBC_SHA256 0x006D + +/* From RFC 4492 */ +#define BR_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 +#define BR_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 +#define BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 +#define BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 +#define BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 +#define BR_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 +#define BR_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 +#define BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 +#define BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 +#define BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A +#define BR_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B +#define BR_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C +#define BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D +#define BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E +#define BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F +#define BR_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 +#define BR_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 +#define BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 +#define BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 +#define BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 +#define BR_TLS_ECDH_anon_WITH_NULL_SHA 0xC015 +#define BR_TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016 +#define BR_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017 +#define BR_TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018 +#define BR_TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 + +/* From RFC 5288 */ +#define BR_TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C +#define BR_TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D +#define BR_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E +#define BR_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F +#define BR_TLS_DH_RSA_WITH_AES_128_GCM_SHA256 0x00A0 +#define BR_TLS_DH_RSA_WITH_AES_256_GCM_SHA384 0x00A1 +#define BR_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2 +#define BR_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 0x00A3 +#define BR_TLS_DH_DSS_WITH_AES_128_GCM_SHA256 0x00A4 +#define BR_TLS_DH_DSS_WITH_AES_256_GCM_SHA384 0x00A5 +#define BR_TLS_DH_anon_WITH_AES_128_GCM_SHA256 0x00A6 +#define BR_TLS_DH_anon_WITH_AES_256_GCM_SHA384 0x00A7 + +/* From RFC 5289 */ +#define BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 +#define BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 +#define BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 +#define BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 +#define BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 +#define BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 +#define BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 +#define BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A +#define BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B +#define BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C +#define BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D +#define BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E +#define BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F +#define BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 +#define BR_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 +#define BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 + +/* From RFC 7905 */ +#define BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 +#define BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 +#define BR_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA +#define BR_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB +#define BR_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC +#define BR_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD +#define BR_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE + +/* From RFC 7507 */ +#define BR_TLS_FALLBACK_SCSV 0x5600 + +/* + * Symbolic constants for alerts. + */ +#define BR_ALERT_CLOSE_NOTIFY 0 +#define BR_ALERT_UNEXPECTED_MESSAGE 10 +#define BR_ALERT_BAD_RECORD_MAC 20 +#define BR_ALERT_RECORD_OVERFLOW 22 +#define BR_ALERT_DECOMPRESSION_FAILURE 30 +#define BR_ALERT_HANDSHAKE_FAILURE 40 +#define BR_ALERT_BAD_CERTIFICATE 42 +#define BR_ALERT_UNSUPPORTED_CERTIFICATE 43 +#define BR_ALERT_CERTIFICATE_REVOKED 44 +#define BR_ALERT_CERTIFICATE_EXPIRED 45 +#define BR_ALERT_CERTIFICATE_UNKNOWN 46 +#define BR_ALERT_ILLEGAL_PARAMETER 47 +#define BR_ALERT_UNKNOWN_CA 48 +#define BR_ALERT_ACCESS_DENIED 49 +#define BR_ALERT_DECODE_ERROR 50 +#define BR_ALERT_DECRYPT_ERROR 51 +#define BR_ALERT_PROTOCOL_VERSION 70 +#define BR_ALERT_INSUFFICIENT_SECURITY 71 +#define BR_ALERT_INTERNAL_ERROR 80 +#define BR_ALERT_USER_CANCELED 90 +#define BR_ALERT_NO_RENEGOTIATION 100 +#define BR_ALERT_UNSUPPORTED_EXTENSION 110 +#define BR_ALERT_NO_APPLICATION_PROTOCOL 120 + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/bearssl/bearssl_x509.h b/tools/sdk/include/bearssl/bearssl_x509.h new file mode 100644 index 0000000000..af01693f0e --- /dev/null +++ b/tools/sdk/include/bearssl/bearssl_x509.h @@ -0,0 +1,1451 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef BR_BEARSSL_X509_H__ +#define BR_BEARSSL_X509_H__ + +#include +#include + +#include "bearssl_ec.h" +#include "bearssl_hash.h" +#include "bearssl_rsa.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** \file bearssl_x509.h + * + * # X.509 Certificate Chain Processing + * + * An X.509 processing engine receives an X.509 chain, chunk by chunk, + * as received from a SSL/TLS client or server (the client receives the + * server's certificate chain, and the server receives the client's + * certificate chain if it requested a client certificate). The chain + * is thus injected in the engine in SSL order (end-entity first). + * + * The engine's job is to return the public key to use for SSL/TLS. + * How exactly that key is obtained and verified is entirely up to the + * engine. + * + * **The "known key" engine** returns a public key which is already known + * from out-of-band information (e.g. the client _remembers_ the key from + * a previous connection, as in the usual SSH model). This is the simplest + * engine since it simply ignores the chain, thereby avoiding the need + * for any decoding logic. + * + * **The "minimal" engine** implements minimal X.509 decoding and chain + * validation: + * + * - The provided chain should validate "as is". There is no attempt + * at reordering, skipping or downloading extra certificates. + * + * - X.509 v1, v2 and v3 certificates are supported. + * + * - Trust anchors are a DN and a public key. Each anchor is either a + * "CA" anchor, or a non-CA. + * + * - If the end-entity certificate matches a non-CA anchor (subject DN + * is equal to the non-CA name, and public key is also identical to + * the anchor key), then this is a _direct trust_ case and the + * remaining certificates are ignored. + * + * - Unless direct trust is applied, the chain must be verifiable up to + * a certificate whose issuer DN matches the DN from a "CA" trust anchor, + * and whose signature is verifiable against that anchor's public key. + * Subsequent certificates in the chain are ignored. + * + * - The engine verifies subject/issuer DN matching, and enforces + * processing of Basic Constraints and Key Usage extensions. The + * Authority Key Identifier, Subject Key Identifier, Issuer Alt Name, + * Subject Directory Attribute, CRL Distribution Points, Freshest CRL, + * Authority Info Access and Subject Info Access extensions are + * ignored. The Subject Alt Name is decoded for the end-entity + * certificate under some conditions (see below). Other extensions + * are ignored if non-critical, or imply chain rejection if critical. + * + * - The Subject Alt Name extension is parsed for names of type `dNSName` + * when decoding the end-entity certificate, and only if there is a + * server name to match. If there is no SAN extension, then the + * Common Name from the subjectDN is used. That name matching is + * case-insensitive and honours a single starting wildcard (i.e. if + * the name in the certificate starts with "`*.`" then this matches + * any word as first element). Note: this name matching is performed + * also in the "direct trust" model. + * + * - DN matching is byte-to-byte equality (a future version might + * include some limited processing for case-insensitive matching and + * whitespace normalisation). + * + * - Successful validation produces a public key type but also a set + * of allowed usages (`BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`). + * The caller is responsible for checking that the key type and + * usages are compatible with the expected values (e.g. with the + * selected cipher suite, when the client validates the server's + * certificate). + * + * **Important caveats:** + * + * - The "minimal" engine does not check revocation status. The relevant + * extensions are ignored, and CRL or OCSP responses are not gathered + * or checked. + * + * - The "minimal" engine does not currently support Name Constraints + * (some basic functionality to handle sub-domains may be added in a + * later version). + * + * - The decoder is not "validating" in the sense that it won't reject + * some certificates with invalid field values when these fields are + * not actually processed. + */ + +/* + * X.509 error codes are in the 32..63 range. + */ + +/** \brief X.509 status: validation was successful; this is not actually + an error. */ +#define BR_ERR_X509_OK 32 + +/** \brief X.509 status: invalid value in an ASN.1 structure. */ +#define BR_ERR_X509_INVALID_VALUE 33 + +/** \brief X.509 status: truncated certificate. */ +#define BR_ERR_X509_TRUNCATED 34 + +/** \brief X.509 status: empty certificate chain (no certificate at all). */ +#define BR_ERR_X509_EMPTY_CHAIN 35 + +/** \brief X.509 status: decoding error: inner element extends beyond + outer element size. */ +#define BR_ERR_X509_INNER_TRUNC 36 + +/** \brief X.509 status: decoding error: unsupported tag class (application + or private). */ +#define BR_ERR_X509_BAD_TAG_CLASS 37 + +/** \brief X.509 status: decoding error: unsupported tag value. */ +#define BR_ERR_X509_BAD_TAG_VALUE 38 + +/** \brief X.509 status: decoding error: indefinite length. */ +#define BR_ERR_X509_INDEFINITE_LENGTH 39 + +/** \brief X.509 status: decoding error: extraneous element. */ +#define BR_ERR_X509_EXTRA_ELEMENT 40 + +/** \brief X.509 status: decoding error: unexpected element. */ +#define BR_ERR_X509_UNEXPECTED 41 + +/** \brief X.509 status: decoding error: expected constructed element, but + is primitive. */ +#define BR_ERR_X509_NOT_CONSTRUCTED 42 + +/** \brief X.509 status: decoding error: expected primitive element, but + is constructed. */ +#define BR_ERR_X509_NOT_PRIMITIVE 43 + +/** \brief X.509 status: decoding error: BIT STRING length is not multiple + of 8. */ +#define BR_ERR_X509_PARTIAL_BYTE 44 + +/** \brief X.509 status: decoding error: BOOLEAN value has invalid length. */ +#define BR_ERR_X509_BAD_BOOLEAN 45 + +/** \brief X.509 status: decoding error: value is off-limits. */ +#define BR_ERR_X509_OVERFLOW 46 + +/** \brief X.509 status: invalid distinguished name. */ +#define BR_ERR_X509_BAD_DN 47 + +/** \brief X.509 status: invalid date/time representation. */ +#define BR_ERR_X509_BAD_TIME 48 + +/** \brief X.509 status: certificate contains unsupported features that + cannot be ignored. */ +#define BR_ERR_X509_UNSUPPORTED 49 + +/** \brief X.509 status: key or signature size exceeds internal limits. */ +#define BR_ERR_X509_LIMIT_EXCEEDED 50 + +/** \brief X.509 status: key type does not match that which was expected. */ +#define BR_ERR_X509_WRONG_KEY_TYPE 51 + +/** \brief X.509 status: signature is invalid. */ +#define BR_ERR_X509_BAD_SIGNATURE 52 + +/** \brief X.509 status: validation time is unknown. */ +#define BR_ERR_X509_TIME_UNKNOWN 53 + +/** \brief X.509 status: certificate is expired or not yet valid. */ +#define BR_ERR_X509_EXPIRED 54 + +/** \brief X.509 status: issuer/subject DN mismatch in the chain. */ +#define BR_ERR_X509_DN_MISMATCH 55 + +/** \brief X.509 status: expected server name was not found in the chain. */ +#define BR_ERR_X509_BAD_SERVER_NAME 56 + +/** \brief X.509 status: unknown critical extension in certificate. */ +#define BR_ERR_X509_CRITICAL_EXTENSION 57 + +/** \brief X.509 status: not a CA, or path length constraint violation */ +#define BR_ERR_X509_NOT_CA 58 + +/** \brief X.509 status: Key Usage extension prohibits intended usage. */ +#define BR_ERR_X509_FORBIDDEN_KEY_USAGE 59 + +/** \brief X.509 status: public key found in certificate is too small. */ +#define BR_ERR_X509_WEAK_PUBLIC_KEY 60 + +/** \brief X.509 status: chain could not be linked to a trust anchor. */ +#define BR_ERR_X509_NOT_TRUSTED 62 + +/** + * \brief Aggregate structure for public keys. + */ +typedef struct { + /** \brief Key type: `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC` */ + unsigned char key_type; + /** \brief Actual public key. */ + union { + /** \brief RSA public key. */ + br_rsa_public_key rsa; + /** \brief EC public key. */ + br_ec_public_key ec; + } key; +} br_x509_pkey; + +/** + * \brief Distinguished Name (X.500) structure. + * + * The DN is DER-encoded. + */ +typedef struct { + /** \brief Encoded DN data. */ + unsigned char *data; + /** \brief Encoded DN length (in bytes). */ + size_t len; +} br_x500_name; + +/** + * \brief Trust anchor structure. + */ +typedef struct { + /** \brief Encoded DN (X.500 name). */ + br_x500_name dn; + /** \brief Anchor flags (e.g. `BR_X509_TA_CA`). */ + unsigned flags; + /** \brief Anchor public key. */ + br_x509_pkey pkey; +} br_x509_trust_anchor; + +/** + * \brief Trust anchor flag: CA. + * + * A "CA" anchor is deemed fit to verify signatures on certificates. + * A "non-CA" anchor is accepted only for direct trust (server's + * certificate name and key match the anchor). + */ +#define BR_X509_TA_CA 0x0001 + +/* + * Key type: combination of a basic key type (low 4 bits) and some + * optional flags. + * + * For a public key, the basic key type only is set. + * + * For an expected key type, the flags indicate the intended purpose(s) + * for the key; the basic key type may be set to 0 to indicate that any + * key type compatible with the indicated purpose is acceptable. + */ +/** \brief Key type: algorithm is RSA. */ +#define BR_KEYTYPE_RSA 1 +/** \brief Key type: algorithm is EC. */ +#define BR_KEYTYPE_EC 2 + +/** + * \brief Key type: usage is "key exchange". + * + * This value is combined (with bitwise OR) with the algorithm + * (`BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`) when informing the X.509 + * validation engine that it should find a public key of that type, + * fit for key exchanges (e.g. `TLS_RSA_*` and `TLS_ECDH_*` cipher + * suites). + */ +#define BR_KEYTYPE_KEYX 0x10 + +/** + * \brief Key type: usage is "signature". + * + * This value is combined (with bitwise OR) with the algorithm + * (`BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`) when informing the X.509 + * validation engine that it should find a public key of that type, + * fit for signatures (e.g. `TLS_ECDHE_*` cipher suites). + */ +#define BR_KEYTYPE_SIGN 0x20 + +/* + * start_chain Called when a new chain is started. If 'server_name' + * is not NULL and non-empty, then it is a name that + * should be looked for in the EE certificate (in the + * SAN extension as dNSName, or in the subjectDN's CN + * if there is no SAN extension). + * The caller ensures that the provided 'server_name' + * pointer remains valid throughout validation. + * + * start_cert Begins a new certificate in the chain. The provided + * length is in bytes; this is the total certificate length. + * + * append Get some additional bytes for the current certificate. + * + * end_cert Ends the current certificate. + * + * end_chain Called at the end of the chain. Returned value is + * 0 on success, or a non-zero error code. + * + * get_pkey Returns the EE certificate public key. + * + * For a complete chain, start_chain() and end_chain() are always + * called. For each certificate, start_cert(), some append() calls, then + * end_cert() are called, in that order. There may be no append() call + * at all if the certificate is empty (which is not valid but may happen + * if the peer sends exactly that). + * + * get_pkey() shall return a pointer to a structure that is valid as + * long as a new chain is not started. This may be a sub-structure + * within the context for the engine. This function MAY return a valid + * pointer to a public key even in some cases of validation failure, + * depending on the validation engine. + */ + +/** + * \brief Class type for an X.509 engine. + * + * A certificate chain validation uses a caller-allocated context, which + * contains the running state for that validation. Methods are called + * in due order: + * + * - `start_chain()` is called at the start of the validation. + * - Certificates are processed one by one, in SSL order (end-entity + * comes first). For each certificate, the following methods are + * called: + * + * - `start_cert()` at the beginning of the certificate. + * - `append()` is called zero, one or more times, to provide + * the certificate (possibly in chunks). + * - `end_cert()` at the end of the certificate. + * + * - `end_chain()` is called when the last certificate in the chain + * was processed. + * - `get_pkey()` is called after chain processing, if the chain + * validation was succesfull. + * + * A context structure may be reused; the `start_chain()` method shall + * ensure (re)initialisation. + */ +typedef struct br_x509_class_ br_x509_class; +struct br_x509_class_ { + /** + * \brief X.509 context size, in bytes. + */ + size_t context_size; + + /** + * \brief Start a new chain. + * + * This method shall set the vtable (first field) of the context + * structure. + * + * The `server_name`, if not `NULL`, will be considered as a + * fully qualified domain name, to be matched against the `dNSName` + * elements of the end-entity certificate's SAN extension (if there + * is no SAN, then the Common Name from the subjectDN will be used). + * If `server_name` is `NULL` then no such matching is performed. + * + * \param ctx validation context. + * \param server_name server name to match (or `NULL`). + */ + void (*start_chain)(const br_x509_class **ctx, + const char *server_name); + + /** + * \brief Start a new certificate. + * + * \param ctx validation context. + * \param length new certificate length (in bytes). + */ + void (*start_cert)(const br_x509_class **ctx, uint32_t length); + + /** + * \brief Receive some bytes for the current certificate. + * + * This function may be called several times in succession for + * a given certificate. The caller guarantees that for each + * call, `len` is not zero, and the sum of all chunk lengths + * for a certificate matches the total certificate length which + * was provided in the previous `start_cert()` call. + * + * If the new certificate is empty (no byte at all) then this + * function won't be called at all. + * + * \param ctx validation context. + * \param buf certificate data chunk. + * \param len certificate data chunk length (in bytes). + */ + void (*append)(const br_x509_class **ctx, + const unsigned char *buf, size_t len); + + /** + * \brief Finish the current certificate. + * + * This function is called when the end of the current certificate + * is reached. + * + * \param ctx validation context. + */ + void (*end_cert)(const br_x509_class **ctx); + + /** + * \brief Finish the chain. + * + * This function is called at the end of the chain. It shall + * return either 0 if the validation was successful, or a + * non-zero error code. The `BR_ERR_X509_*` constants are + * error codes, though other values may be possible. + * + * \param ctx validation context. + * \return 0 on success, or a non-zero error code. + */ + unsigned (*end_chain)(const br_x509_class **ctx); + + /** + * \brief Get the resulting end-entity public key. + * + * The decoded public key is returned. The returned pointer + * may be valid only as long as the context structure is + * unmodified, i.e. it may cease to be valid if the context + * is released or reused. + * + * This function _may_ return `NULL` if the validation failed. + * However, returning a public key does not mean that the + * validation was wholly successful; some engines may return + * a decoded public key even if the chain did not end on a + * trusted anchor. + * + * If validation succeeded and `usage` is not `NULL`, then + * `*usage` is filled with a combination of `BR_KEYTYPE_SIGN` + * and/or `BR_KEYTYPE_KEYX` that specifies the validated key + * usage types. It is the caller's responsibility to check + * that value against the intended use of the public key. + * + * \param ctx validation context. + * \return the end-entity public key, or `NULL`. + */ + const br_x509_pkey *(*get_pkey)( + const br_x509_class *const *ctx, unsigned *usages); +}; + +/** + * \brief The "known key" X.509 engine structure. + * + * The structure contents are opaque (they shall not be accessed directly), + * except for the first field (the vtable). + * + * The "known key" engine returns an externally configured public key, + * and totally ignores the certificate contents. + */ +typedef struct { + /** \brief Reference to the context vtable. */ + const br_x509_class *vtable; +#ifndef BR_DOXYGEN_IGNORE + br_x509_pkey pkey; + unsigned usages; +#endif +} br_x509_knownkey_context; + +/** + * \brief Class instance for the "known key" X.509 engine. + */ +extern const br_x509_class br_x509_knownkey_vtable; + +/** + * \brief Initialize a "known key" X.509 engine with a known RSA public key. + * + * The `usages` parameter indicates the allowed key usages for that key + * (`BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`). + * + * The provided pointers are linked in, not copied, so they must remain + * valid while the public key may be in usage. + * + * \param ctx context to initialise. + * \param pk known public key. + * \param usages allowed key usages. + */ +void br_x509_knownkey_init_rsa(br_x509_knownkey_context *ctx, + const br_rsa_public_key *pk, unsigned usages); + +/** + * \brief Initialize a "known key" X.509 engine with a known EC public key. + * + * The `usages` parameter indicates the allowed key usages for that key + * (`BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`). + * + * The provided pointers are linked in, not copied, so they must remain + * valid while the public key may be in usage. + * + * \param ctx context to initialise. + * \param pk known public key. + * \param usages allowed key usages. + */ +void br_x509_knownkey_init_ec(br_x509_knownkey_context *ctx, + const br_ec_public_key *pk, unsigned usages); + +#ifndef BR_DOXYGEN_IGNORE +/* + * The minimal X.509 engine has some state buffers which must be large + * enough to simultaneously accommodate: + * -- the public key extracted from the current certificate; + * -- the signature on the current certificate or on the previous + * certificate; + * -- the public key extracted from the EE certificate. + * + * We store public key elements in their raw unsigned big-endian + * encoding. We want to support up to RSA-4096 with a short (up to 64 + * bits) public exponent, thus a buffer for a public key must have + * length at least 520 bytes. Similarly, a RSA-4096 signature has length + * 512 bytes. + * + * Though RSA public exponents can formally be as large as the modulus + * (mathematically, even larger exponents would work, but PKCS#1 forbids + * them), exponents that do not fit on 32 bits are extremely rare, + * notably because some widespread implementations (e.g. Microsoft's + * CryptoAPI) don't support them. Moreover, large public exponent do not + * seem to imply any tangible security benefit, and they increase the + * cost of public key operations. The X.509 "minimal" engine will tolerate + * public exponents of arbitrary size as long as the modulus and the + * exponent can fit together in the dedicated buffer. + * + * EC public keys are shorter than RSA public keys; even with curve + * NIST P-521 (the largest curve we care to support), a public key is + * encoded over 133 bytes only. + */ +#define BR_X509_BUFSIZE_KEY 520 +#define BR_X509_BUFSIZE_SIG 512 +#endif + +/** + * \brief Type for receiving a name element. + * + * An array of such structures can be provided to the X.509 decoding + * engines. If the specified elements are found in the certificate + * subject DN or the SAN extension, then the name contents are copied + * as zero-terminated strings into the buffer. + * + * The decoder converts TeletexString and BMPString to UTF8String, and + * ensures that the resulting string is zero-terminated. If the string + * does not fit in the provided buffer, then the copy is aborted and an + * error is reported. + */ +typedef struct { + /** + * \brief Element OID. + * + * For X.500 name elements (to be extracted from the subject DN), + * this is the encoded OID for the requested name element; the + * first byte shall contain the length of the DER-encoded OID + * value, followed by the OID value (for instance, OID 2.5.4.3, + * for id-at-commonName, will be `03 55 04 03`). This is + * equivalent to full DER encoding with the length but without + * the tag. + * + * For SAN name elements, the first byte (`oid[0]`) has value 0, + * followed by another byte that matches the expected GeneralName + * tag. Allowed second byte values are then: + * + * - 1: `rfc822Name` + * + * - 2: `dNSName` + * + * - 6: `uniformResourceIdentifier` + * + * - 0: `otherName` + * + * If first and second byte are 0, then this is a SAN element of + * type `otherName`; the `oid[]` array should then contain, right + * after the two bytes of value 0, an encoded OID (with the same + * conventions as for X.500 name elements). If a match is found + * for that OID, then the corresponding name element will be + * extracted, as long as it is a supported string type. + */ + const unsigned char *oid; + + /** + * \brief Destination buffer. + */ + char *buf; + + /** + * \brief Length (in bytes) of the destination buffer. + * + * The buffer MUST NOT be smaller than 1 byte. + */ + size_t len; + + /** + * \brief Decoding status. + * + * Status is 0 if the name element was not found, 1 if it was + * found and decoded, or -1 on error. Error conditions include + * an unrecognised encoding, an invalid encoding, or a string + * too large for the destination buffer. + */ + int status; + +} br_name_element; + +/** + * \brief The "minimal" X.509 engine structure. + * + * The structure contents are opaque (they shall not be accessed directly), + * except for the first field (the vtable). + * + * The "minimal" engine performs a rudimentary but serviceable X.509 path + * validation. + */ +typedef struct { + const br_x509_class *vtable; + +#ifndef BR_DOXYGEN_IGNORE + /* Structure for returning the EE public key. */ + br_x509_pkey pkey; + + /* CPU for the T0 virtual machine. */ + struct { + uint32_t *dp; + uint32_t *rp; + const unsigned char *ip; + } cpu; + uint32_t dp_stack[32]; + uint32_t rp_stack[32]; + int err; + + /* Server name to match with the SAN / CN of the EE certificate. */ + const char *server_name; + + /* Validated key usages. */ + unsigned char key_usages; + + /* Explicitly set date and time. */ + uint32_t days, seconds; + + /* Current certificate length (in bytes). Set to 0 when the + certificate has been fully processed. */ + uint32_t cert_length; + + /* Number of certificates processed so far in the current chain. + It is incremented at the end of the processing of a certificate, + so it is 0 for the EE. */ + uint32_t num_certs; + + /* Certificate data chunk. */ + const unsigned char *hbuf; + size_t hlen; + + /* The pad serves as destination for various operations. */ + unsigned char pad[256]; + + /* Buffer for EE public key data. */ + unsigned char ee_pkey_data[BR_X509_BUFSIZE_KEY]; + + /* Buffer for currently decoded public key. */ + unsigned char pkey_data[BR_X509_BUFSIZE_KEY]; + + /* Signature type: signer key type, offset to the hash + function OID (in the T0 data block) and hash function + output length (TBS hash length). */ + unsigned char cert_signer_key_type; + uint16_t cert_sig_hash_oid; + unsigned char cert_sig_hash_len; + + /* Current/last certificate signature. */ + unsigned char cert_sig[BR_X509_BUFSIZE_SIG]; + uint16_t cert_sig_len; + + /* Minimum RSA key length (difference in bytes from 128). */ + int16_t min_rsa_size; + + /* Configured trust anchors. */ + const br_x509_trust_anchor *trust_anchors; + size_t trust_anchors_num; + + /* private context for dynamic callbacks */ + void *trust_anchor_dynamic_ctx; + /* Dynamic trust anchor, for on-the-fly loading of TAs */ + const br_x509_trust_anchor* (*trust_anchor_dynamic)(void *ctx, void *hashed_dn, size_t hashed_dn_len); + /* And a chance to free any dynamically allocated TA returned from above */ + void (*trust_anchor_dynamic_free)(void *ctx, const br_x509_trust_anchor *ta); + + /* + * Multi-hasher for the TBS. + */ + unsigned char do_mhash; + br_multihash_context mhash; + unsigned char tbs_hash[64]; + + /* + * Simple hasher for the subject/issuer DN. + */ + unsigned char do_dn_hash; + const br_hash_class *dn_hash_impl; + br_hash_compat_context dn_hash; + unsigned char current_dn_hash[64]; + unsigned char next_dn_hash[64]; + unsigned char saved_dn_hash[64]; + + /* + * Name elements to gather. + */ + br_name_element *name_elts; + size_t num_name_elts; + + /* + * Public key cryptography implementations (signature verification). + */ + br_rsa_pkcs1_vrfy irsa; + br_ecdsa_vrfy iecdsa; + const br_ec_impl *iec; +#endif + +} br_x509_minimal_context; + +/** + * \brief Class instance for the "minimal" X.509 engine. + */ +extern const br_x509_class br_x509_minimal_vtable; + +/** + * \brief Initialise a "minimal" X.509 engine. + * + * The `dn_hash_impl` parameter shall be a hash function internally used + * to match X.500 names (subject/issuer DN, and anchor names). Any standard + * hash function may be used, but a collision-resistant hash function is + * advised. + * + * After initialization, some implementations for signature verification + * (hash functions and signature algorithms) MUST be added. + * + * \param ctx context to initialise. + * \param dn_hash_impl hash function for DN comparisons. + * \param trust_anchors trust anchors. + * \param trust_anchors_num number of trust anchors. + */ +void br_x509_minimal_init(br_x509_minimal_context *ctx, + const br_hash_class *dn_hash_impl, + const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); + +/** + * \brief Set the optional dynamic trust anchor lookup callbacks + * + * The dynamic trust anchor lookup callbacks allow an application to implement + * a non-memory resident trust anchor store. This can be useful on embedded + * systems where RAM is at a premium, but there is an external stable store, + * such as embedded flash or SD card, to keep many CA certificates. Set or + * leave these functions as NULL to not use such a feature. + * + * The dynamic routine will be passed in the hashed DN in question using the + * dn_hash_impl, and should compare this DN to its set of hashed known DNs. + * Of course, the same dn_hash_impl needs to be used in the dynamic routine. + * After the trust_anchor* is used, the dynamic_free callback is given a + * chance to deallocate its memory, if needed. + * + * \param ctx context to initialise. + * \param dynamic_ctx private context for the dynamic callback + * \param trust_anchor_dynamic provides a trust_anchor* for a hashed_dn + * \param trust_anchor_dynamic_free allows deallocation of returned TA + */ +static inline void +br_x509_minimal_set_dynamic(br_x509_minimal_context *ctx, void *dynamic_ctx, + const br_x509_trust_anchor* (*dynamic)(void *ctx, void *hashed_dn, size_t hashed_dn_len), + void (*dynamic_free)(void *ctx, const br_x509_trust_anchor *ta)) +{ + ctx->trust_anchor_dynamic_ctx = dynamic_ctx; + ctx->trust_anchor_dynamic = dynamic; + ctx->trust_anchor_dynamic_free = dynamic_free; +} + +/** + * \brief Set a supported hash function in an X.509 "minimal" engine. + * + * Hash functions are used with signature verification algorithms. + * Once initialised (with `br_x509_minimal_init()`), the context must + * be configured with the hash functions it shall support for that + * purpose. The hash function identifier MUST be one of the standard + * hash function identifiers (1 to 6, for MD5, SHA-1, SHA-224, SHA-256, + * SHA-384 and SHA-512). + * + * If `impl` is `NULL`, this _removes_ support for the designated + * hash function. + * + * \param ctx validation context. + * \param id hash function identifier (from 1 to 6). + * \param impl hash function implementation (or `NULL`). + */ +static inline void +br_x509_minimal_set_hash(br_x509_minimal_context *ctx, + int id, const br_hash_class *impl) +{ + br_multihash_setimpl(&ctx->mhash, id, impl); +} + +/** + * \brief Set a RSA signature verification implementation in the X.509 + * "minimal" engine. + * + * Once initialised (with `br_x509_minimal_init()`), the context must + * be configured with the signature verification implementations that + * it is supposed to support. If `irsa` is `0`, then the RSA support + * is disabled. + * + * \param ctx validation context. + * \param irsa RSA signature verification implementation (or `0`). + */ +static inline void +br_x509_minimal_set_rsa(br_x509_minimal_context *ctx, + br_rsa_pkcs1_vrfy irsa) +{ + ctx->irsa = irsa; +} + +/** + * \brief Set a ECDSA signature verification implementation in the X.509 + * "minimal" engine. + * + * Once initialised (with `br_x509_minimal_init()`), the context must + * be configured with the signature verification implementations that + * it is supposed to support. + * + * If `iecdsa` is `0`, then this call disables ECDSA support; in that + * case, `iec` may be `NULL`. Otherwise, `iecdsa` MUST point to a function + * that verifies ECDSA signatures with format "asn1", and it will use + * `iec` as underlying elliptic curve support. + * + * \param ctx validation context. + * \param iec elliptic curve implementation (or `NULL`). + * \param iecdsa ECDSA implementation (or `0`). + */ +static inline void +br_x509_minimal_set_ecdsa(br_x509_minimal_context *ctx, + const br_ec_impl *iec, br_ecdsa_vrfy iecdsa) +{ + ctx->iecdsa = iecdsa; + ctx->iec = iec; +} + +/** + * \brief Initialise a "minimal" X.509 engine with default algorithms. + * + * This function performs the same job as `br_x509_minimal_init()`, but + * also sets implementations for RSA, ECDSA, and the standard hash + * functions. + * + * \param ctx context to initialise. + * \param trust_anchors trust anchors. + * \param trust_anchors_num number of trust anchors. + */ +void br_x509_minimal_init_full(br_x509_minimal_context *ctx, + const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); + +/** + * \brief Set the validation time for the X.509 "minimal" engine. + * + * The validation time is set as two 32-bit integers, for days and + * seconds since a fixed epoch: + * + * - Days are counted in a proleptic Gregorian calendar since + * January 1st, 0 AD. Year "0 AD" is the one that preceded "1 AD"; + * it is also traditionally known as "1 BC". + * + * - Seconds are counted since midnight, from 0 to 86400 (a count of + * 86400 is possible only if a leap second happened). + * + * The validation date and time is understood in the UTC time zone. + * + * If the validation date and time are not explicitly set, but BearSSL + * was compiled with support for the system clock on the underlying + * platform, then the current time will automatically be used. Otherwise, + * not setting the validation date and time implies a validation + * failure (except in case of direct trust of the EE key). + * + * \param ctx validation context. + * \param days days since January 1st, 0 AD (Gregorian calendar). + * \param seconds seconds since midnight (0 to 86400). + */ +static inline void +br_x509_minimal_set_time(br_x509_minimal_context *ctx, + uint32_t days, uint32_t seconds) +{ + ctx->days = days; + ctx->seconds = seconds; +} + +/** + * \brief Set the minimal acceptable length for RSA keys (X.509 "minimal" + * engine). + * + * The RSA key length is expressed in bytes. The default minimum key + * length is 128 bytes, corresponding to 1017 bits. RSA keys shorter + * than the configured length will be rejected, implying validation + * failure. This setting applies to keys extracted from certificates + * (both end-entity, and intermediate CA) but not to "CA" trust anchors. + * + * \param ctx validation context. + * \param byte_length minimum RSA key length, **in bytes** (not bits). + */ +static inline void +br_x509_minimal_set_minrsa(br_x509_minimal_context *ctx, int byte_length) +{ + ctx->min_rsa_size = (int16_t)(byte_length - 128); +} + +/** + * \brief Set the name elements to gather. + * + * The provided array is linked in the context. The elements are + * gathered from the EE certificate. If the same element type is + * requested several times, then the relevant structures will be filled + * in the order the matching values are encountered in the certificate. + * + * \param ctx validation context. + * \param elts array of name element structures to fill. + * \param num_elts number of name element structures to fill. + */ +static inline void +br_x509_minimal_set_name_elements(br_x509_minimal_context *ctx, + br_name_element *elts, size_t num_elts) +{ + ctx->name_elts = elts; + ctx->num_name_elts = num_elts; +} + +/** + * \brief X.509 decoder context. + * + * This structure is _not_ for X.509 validation, but for extracting + * names and public keys from encoded certificates. Intended usage is + * to use (self-signed) certificates as trust anchors. + * + * Contents are opaque and shall not be accessed directly. + */ +typedef struct { + +#ifndef BR_DOXYGEN_IGNORE + /* Structure for returning the public key. */ + br_x509_pkey pkey; + + /* CPU for the T0 virtual machine. */ + struct { + uint32_t *dp; + uint32_t *rp; + const unsigned char *ip; + } cpu; + uint32_t dp_stack[32]; + uint32_t rp_stack[32]; + int err; + + /* The pad serves as destination for various operations. */ + unsigned char pad[256]; + + /* Flag set when decoding succeeds. */ + unsigned char decoded; + + /* Validity dates. */ + uint32_t notbefore_days, notbefore_seconds; + uint32_t notafter_days, notafter_seconds; + + /* The "CA" flag. This is set to true if the certificate contains + a Basic Constraints extension that asserts CA status. */ + unsigned char isCA; + + /* DN processing: the subject DN is extracted and pushed to the + provided callback. */ + unsigned char copy_dn; + void *append_dn_ctx; + void (*append_dn)(void *ctx, const void *buf, size_t len); + + /* DN processing: the issuer DN is extracted and pushed to the + provided callback. */ + unsigned char copy_in; + void *append_in_ctx; + void (*append_in)(void *ctx, const void *buf, size_t len); + + /* Certificate data chunk. */ + const unsigned char *hbuf; + size_t hlen; + + /* Buffer for decoded public key. */ + unsigned char pkey_data[BR_X509_BUFSIZE_KEY]; + + /* Type of key and hash function used in the certificate signature. */ + unsigned char signer_key_type; + unsigned char signer_hash_id; +#endif + +} br_x509_decoder_context; + +/** + * \brief Initialise an X.509 decoder context for processing a new + * certificate. + * + * The `append_dn()` callback (with opaque context `append_dn_ctx`) + * will be invoked to receive, chunk by chunk, the certificate's + * subject DN. If `append_dn` is `0` then the subject DN will be + * ignored. + * + * \param ctx X.509 decoder context to initialise. + * \param append_dn DN receiver callback (or `0`). + * \param append_dn_ctx context for the DN receiver callback. + * \param append_in issuer DN receiver callback (or `0`). + * \param append_in_ctx context for the issuer DN receiver callback. + */ +void br_x509_decoder_init(br_x509_decoder_context *ctx, + void (*append_dn)(void *ctx, const void *buf, size_t len), + void *append_dn_ctx, + void (*append_in)(void *ctx, const void *buf, size_t len), + void *append_in_ctx); + +/** + * \brief Push some certificate bytes into a decoder context. + * + * If `len` is non-zero, then that many bytes are pushed, from address + * `data`, into the provided decoder context. + * + * \param ctx X.509 decoder context. + * \param data certificate data chunk. + * \param len certificate data chunk length (in bytes). + */ +void br_x509_decoder_push(br_x509_decoder_context *ctx, + const void *data, size_t len); + +/** + * \brief Obtain the decoded public key. + * + * Returned value is a pointer to a structure internal to the decoder + * context; releasing or reusing the decoder context invalidates that + * structure. + * + * If decoding was not finished, or failed, then `NULL` is returned. + * + * \param ctx X.509 decoder context. + * \return the public key, or `NULL` on unfinished/error. + */ +static inline br_x509_pkey * +br_x509_decoder_get_pkey(br_x509_decoder_context *ctx) +{ + if (ctx->decoded && ctx->err == 0) { + return &ctx->pkey; + } else { + return NULL; + } +} + +/** + * \brief Get decoder error status. + * + * If no error was reported yet but the certificate decoding is not + * finished, then the error code is `BR_ERR_X509_TRUNCATED`. If decoding + * was successful, then 0 is returned. + * + * \param ctx X.509 decoder context. + * \return 0 on successful decoding, or a non-zero error code. + */ +static inline int +br_x509_decoder_last_error(br_x509_decoder_context *ctx) +{ + if (ctx->err != 0) { + return ctx->err; + } + if (!ctx->decoded) { + return BR_ERR_X509_TRUNCATED; + } + return 0; +} + +/** + * \brief Get the "isCA" flag from an X.509 decoder context. + * + * This flag is set if the decoded certificate claims to be a CA through + * a Basic Constraints extension. This flag should not be read before + * decoding completed successfully. + * + * \param ctx X.509 decoder context. + * \return the "isCA" flag. + */ +static inline int +br_x509_decoder_isCA(br_x509_decoder_context *ctx) +{ + return ctx->isCA; +} + +/** + * \brief Get the issuing CA key type (type of algorithm used to sign the + * decoded certificate). + * + * This is `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`. The value 0 is returned + * if the signature type was not recognised. + * + * \param ctx X.509 decoder context. + * \return the issuing CA key type. + */ +static inline int +br_x509_decoder_get_signer_key_type(br_x509_decoder_context *ctx) +{ + return ctx->signer_key_type; +} + +/** + * \brief Get the identifier for the hash function used to sign the decoded + * certificate. + * + * This is 0 if the hash function was not recognised. + * + * \param ctx X.509 decoder context. + * \return the signature hash function identifier. + */ +static inline int +br_x509_decoder_get_signer_hash_id(br_x509_decoder_context *ctx) +{ + return ctx->signer_hash_id; +} + +/** + * \brief Type for an X.509 certificate (DER-encoded). + */ +typedef struct { + /** \brief The DER-encoded certificate data. */ + unsigned char *data; + /** \brief The DER-encoded certificate length (in bytes). */ + size_t data_len; +} br_x509_certificate; + +/** + * \brief Private key decoder context. + * + * The private key decoder recognises RSA and EC private keys, either in + * their raw, DER-encoded format, or wrapped in an unencrypted PKCS#8 + * archive (again DER-encoded). + * + * Structure contents are opaque and shall not be accessed directly. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + /* Structure for returning the private key. */ + union { + br_rsa_private_key rsa; + br_ec_private_key ec; + } key; + + /* CPU for the T0 virtual machine. */ + struct { + uint32_t *dp; + uint32_t *rp; + const unsigned char *ip; + } cpu; + uint32_t dp_stack[32]; + uint32_t rp_stack[32]; + int err; + + /* Private key data chunk. */ + const unsigned char *hbuf; + size_t hlen; + + /* The pad serves as destination for various operations. */ + unsigned char pad[256]; + + /* Decoded key type; 0 until decoding is complete. */ + unsigned char key_type; + + /* Buffer for the private key elements. It shall be large enough + to accommodate all elements for a RSA-4096 private key (roughly + five 2048-bit integers, possibly a bit more). */ + unsigned char key_data[3 * BR_X509_BUFSIZE_SIG]; +#endif +} br_skey_decoder_context; + +/** + * \brief Initialise a private key decoder context. + * + * \param ctx key decoder context to initialise. + */ +void br_skey_decoder_init(br_skey_decoder_context *ctx); + +/** + * \brief Push some data bytes into a private key decoder context. + * + * If `len` is non-zero, then that many data bytes, starting at address + * `data`, are pushed into the decoder. + * + * \param ctx key decoder context. + * \param data private key data chunk. + * \param len private key data chunk length (in bytes). + */ +void br_skey_decoder_push(br_skey_decoder_context *ctx, + const void *data, size_t len); + +/** + * \brief Get the decoding status for a private key. + * + * Decoding status is 0 on success, or a non-zero error code. If the + * decoding is unfinished when this function is called, then the + * status code `BR_ERR_X509_TRUNCATED` is returned. + * + * \param ctx key decoder context. + * \return 0 on successful decoding, or a non-zero error code. + */ +static inline int +br_skey_decoder_last_error(const br_skey_decoder_context *ctx) +{ + if (ctx->err != 0) { + return ctx->err; + } + if (ctx->key_type == 0) { + return BR_ERR_X509_TRUNCATED; + } + return 0; +} + +/** + * \brief Get the decoded private key type. + * + * Private key type is `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`. If decoding is + * not finished or failed, then 0 is returned. + * + * \param ctx key decoder context. + * \return decoded private key type, or 0. + */ +static inline int +br_skey_decoder_key_type(const br_skey_decoder_context *ctx) +{ + if (ctx->err == 0) { + return ctx->key_type; + } else { + return 0; + } +} + +/** + * \brief Get the decoded RSA private key. + * + * This function returns `NULL` if the decoding failed, or is not + * finished, or the key is not RSA. The returned pointer references + * structures within the context that can become invalid if the context + * is reused or released. + * + * \param ctx key decoder context. + * \return decoded RSA private key, or `NULL`. + */ +static inline const br_rsa_private_key * +br_skey_decoder_get_rsa(const br_skey_decoder_context *ctx) +{ + if (ctx->err == 0 && ctx->key_type == BR_KEYTYPE_RSA) { + return &ctx->key.rsa; + } else { + return NULL; + } +} + +/** + * \brief Get the decoded EC private key. + * + * This function returns `NULL` if the decoding failed, or is not + * finished, or the key is not EC. The returned pointer references + * structures within the context that can become invalid if the context + * is reused or released. + * + * \param ctx key decoder context. + * \return decoded EC private key, or `NULL`. + */ +static inline const br_ec_private_key * +br_skey_decoder_get_ec(const br_skey_decoder_context *ctx) +{ + if (ctx->err == 0 && ctx->key_type == BR_KEYTYPE_EC) { + return &ctx->key.ec; + } else { + return NULL; + } +} + +/** + * \brief Public key decoder context. + * + * The public key decoder recognises RSA and EC private keys, either in + * their raw, DER-encoded format, or wrapped in an unencrypted PKCS#8 + * archive (again DER-encoded). + * + * Structure contents are opaque and shall not be accessed directly. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + /* Structure for returning the private key. */ + union { + br_rsa_public_key rsa; + br_ec_public_key ec; + } key; + + /* CPU for the T0 virtual machine. */ + struct { + uint32_t *dp; + uint32_t *rp; + const unsigned char *ip; + } cpu; + uint32_t dp_stack[32]; + uint32_t rp_stack[32]; + int err; + + /* Private key data chunk. */ + const unsigned char *hbuf; + size_t hlen; + + /* The pad serves as destination for various operations. */ + unsigned char pad[256]; + + /* Decoded key type; 0 until decoding is complete. */ + unsigned char key_type; + + /* Buffer for the private key elements. It shall be large enough + to accommodate all elements for a RSA-4096 private key (roughly + five 2048-bit integers, possibly a bit more). */ + unsigned char key_data[3 * BR_X509_BUFSIZE_SIG]; +#endif +} br_pkey_decoder_context; + + +/** + * \brief Initialise a public key decoder context. + * + * \param ctx key decoder context to initialise. + */ +void br_pkey_decoder_init(br_pkey_decoder_context *ctx); + +/** + * \brief Push some data bytes into a public key decoder context. + * + * If `len` is non-zero, then that many data bytes, starting at address + * `data`, are pushed into the decoder. + * + * \param ctx key decoder context. + * \param data private key data chunk. + * \param len private key data chunk length (in bytes). + */ +void br_pkey_decoder_push(br_pkey_decoder_context *ctx, + const void *data, size_t len); + +/** + * \brief Get the decoding status for a public key. + * + * Decoding status is 0 on success, or a non-zero error code. If the + * decoding is unfinished when this function is called, then the + * status code `BR_ERR_X509_TRUNCATED` is returned. + * + * \param ctx key decoder context. + * \return 0 on successful decoding, or a non-zero error code. + */ +static inline int +br_pkey_decoder_last_error(const br_pkey_decoder_context *ctx) +{ + if (ctx->err != 0) { + return ctx->err; + } + if (ctx->key_type == 0) { + return BR_ERR_X509_TRUNCATED; + } + return 0; +} + +/** + * \brief Get the decoded public key type. + * + * Public key type is `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`. If decoding is + * not finished or failed, then 0 is returned. + * + * \param ctx key decoder context. + * \return decoded private key type, or 0. + */ +static inline int +br_pkey_decoder_key_type(const br_pkey_decoder_context *ctx) +{ + if (ctx->err == 0) { + return ctx->key_type; + } else { + return 0; + } +} + +/** + * \brief Get the decoded RSA public key. + * + * This function returns `NULL` if the decoding failed, or is not + * finished, or the key is not RSA. The returned pointer references + * structures within the context that can become invalid if the context + * is reused or released. + * + * \param ctx key decoder context. + * \return decoded RSA public key, or `NULL`. + */ +static inline const br_rsa_public_key * +br_pkey_decoder_get_rsa(const br_pkey_decoder_context *ctx) +{ + if (ctx->err == 0 && ctx->key_type == BR_KEYTYPE_RSA) { + return &ctx->key.rsa; + } else { + return NULL; + } +} + +/** + * \brief Get the decoded EC private key. + * + * This function returns `NULL` if the decoding failed, or is not + * finished, or the key is not EC. The returned pointer references + * structures within the context that can become invalid if the context + * is reused or released. + * + * \param ctx key decoder context. + * \return decoded EC private key, or `NULL`. + */ +static inline const br_ec_public_key * +br_pkey_decoder_get_ec(const br_pkey_decoder_context *ctx) +{ + if (ctx->err == 0 && ctx->key_type == BR_KEYTYPE_EC) { + return &ctx->key.ec; + } else { + return NULL; + } +} + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/sdk/include/user_interface.h b/tools/sdk/include/user_interface.h index f80d9c057d..4d12133b1e 100644 --- a/tools/sdk/include/user_interface.h +++ b/tools/sdk/include/user_interface.h @@ -297,6 +297,7 @@ uint8 wifi_station_get_auto_connect(void); bool wifi_station_set_auto_connect(uint8 set); bool wifi_station_set_reconnect_policy(bool set); +bool wifi_station_get_reconnect_policy(); typedef enum { STATION_IDLE = 0, diff --git a/tools/sdk/ld/eagle.app.v6.common.ld b/tools/sdk/ld/eagle.app.v6.common.ld index cbc1ebf871..33abf7d8c7 100644 --- a/tools/sdk/ld/eagle.app.v6.common.ld +++ b/tools/sdk/ld/eagle.app.v6.common.ld @@ -102,6 +102,7 @@ SECTIONS *liblwip2.a:(.literal .text .literal.* .text.*) *liblwip2_1460.a:(.literal .text .literal.* .text.*) *libaxtls.a:(.literal .text .literal.* .text.*) + *libbearssl.a:(.literal .text .literal.* .text.*) *libat.a:(.literal.* .text.*) *libcrypto.a:(.literal.* .text.*) *libespnow.a:(.literal.* .text.*) diff --git a/tools/sdk/lib/libbearssl.a b/tools/sdk/lib/libbearssl.a new file mode 100644 index 0000000000000000000000000000000000000000..391391b6ddc008bc8083efe980998235c9ac357a GIT binary patch literal 4278774 zcmdqK3w&KgxjsB=Uvh7nr1vJ2o%EJolIGTumIjjEXfX{XNuku1G`BW^G)Z&m%|cra zlmZ1Qa0Im40*Z*JfS?}bXsH}1TCi3`K=DAm0fGln5IiW~^UP)Kckk?ip6~nq|Nr;R zFSF;Fciwqt=AFx$HEXTB`SY9mT0724n-z(5rL)UQ%jZ^Fd&z^1i23>9>_y{P?N;y_YNXPkOKM3iS{9Cv%kdi))ql#^uWUd!Gsn|APwT-=G3# zj8}nL;EOL%fu0j8u=~?0aC3_a-1Dpoe0SauAFMp7f>+e3;17SGLd~C2p_l)zk}f`} zlGkik$(_Y2dD|Y9`t?keUQw^o|GHXbe63GqJW{VRo@`MW&)%&v{#2lbC4E{A8=t0z z%|KX%_yzOSuz~Sv*dw4le?(=DTA(tEb5!Qi%_?(GKxH0GQklp9sxseQuZCx*so{~) zYWOubsjT5sRMxW>sH~IUR$2d*^PxWbtOr#>f7KF|E&UTmRQ8AXoQdzKkM!T|RyqHK zAF((|jaWThjTjuSMjR?oBfj~98u9ZoHR7!$YGitu8ksv!jhy?q8o6V;8u|HdHS*t{ zRwLh8qDCdXrbb1Ms8OYx)u<((Q=?YZt5F+YP^0!ft42M%T8%n(w;J__lWKIv6>9X< zU#ih(Jg!DxFhPyJ{bDuxsTb7f-xjMe)9TciGtX6HR_;+_Hhe>kxom+NbHh7o%$M(0 zV;;X#jd}fEH8yp;8awSKHTJwq)Y$g7)Yx5js400jvBYH zPK{f8ts1vIQ;oash#GfjPpp5VK#i}sHr8K$uNwca-&W(l@LM(h;q7Ytf2>#IpSe?w zfAt-e8}3%QWnWdf4S!X+opmaA_f0DIfiji*<9e0*+q+fn-(ORCQ@T~&f?uk<^Dj_& zO>w{w2S7b(|-D(nozsI`1||R z>B&db>HEI%zs={5zE|b9|5oKce3mK*ZC3>i-%teyPpE=7Ca8(?PN<2so3)>uy+_ec zd2RhE{nUXA)YN0f7an;*(NFtynel(QS51STzPUwBf9GyBWBa+r|2$32ti4Ii{P%8E zH0islXkVr(`qQ(j_~V~b#fR@zvnHQZv#uK-^kzNGHkO8ciS zQKhH#8NcA9DwY22dsS%yUv~WO%K38jIpzBW0afn&jvG{Y0zZ4&Jf-~=2#-AO`#DpW zDBo|nSIu$$`^9Qb0$-WGUTNQRud4hy{G->Z${$^#Dqnm$>i>SRsHJN5 z)S1#B-LB4rpFcJb_4B*ceCO9}R`Y-PZB^B{T~)OtsjAPfj`3$zq^TJH&DH8G;m`hf zvGV=yE7aM-SHDuHYEHZ4RKBIJX+!%!Q)^H6`pyjsvDVg&O`YAH0}l7K_qY3z=H@me zUeey`Q`UEN_WG=Y-40UbK(jBfwWGcDQb%ZS-rD37ng;p?yIYwphU^GVJQIaX5sek# z*OnZywIu~*Imw#`np?WsUCgzZOs&nm1A~2jk`~$2+t*Hcj^7e{`Uf0!1N7!Yz*shTzrzuJ69qjMW{oUHs+||{zv2?bKm6zIBYuW7CrE{A){bWao z=ZFfh92*Ts>tNsJb}ht8Fn+JzkKAwk>HSLrAl+n`d6y8eOY0lhAe5M4_cTXq4n61lmeGsz5nJ%inP zg=ETLZ<~uP&@UyrW2Pw|WL zDWWi+W{VptT2rD8&{3lt4V`q8(WytreEsNHv``(5mWK%{6of<)gxJ}oWwGfbh;*{Y zD8q_~DUeLjA}Jvn(*i`z%gTldBrQe>B=~AzMAV3@S1dCKQD#IWGfR`D_iyC#E0ss_ zF|8pXT7MR2W1RlYZF*1=VlipzYVY1Kpci&h%oU_*V~@{cC>$~(y|2A(uvO0t5^)v6 zWyi6s@9WtJ0o?=o63g_?emCkEgY4cOy`Dy6O+CGOLKq6N+6k@WgI&$7dQ0SDZEa0j z39iKM&hE|Tazl>Ty7l#UbguVh_YbzXOju~5mBe!7)B+f%7Et2U;#0IRKPHO?QK$v6 zIJJNx)Pk5$iy!mVqA5Zxj7QaCV=-z0jcPF$y-vi0S{RF}1u>@cEiNXCZtL9K*S^suO9hn;Q4l6^bljAe#VCj|sSd=2I!r899c4xx`l`?gX;K|! zQ3aI6DqxN)*7Zck#^%_3^Bi8-$kyvvTVKltTyeVF`|On= zN{y4DIio8^l+P91+t^ zx6Q1m16}=1y}a^M79yo3D0aPzVB~i+^ZF1^<2BFHD6qAw6L%EmGTPa_p{u>AU9ZTA z(@;AWAQIjBFG&8asi5&PZMV!EHPCXL9FF&<^@Ck{x5tdQcy)HSH?42(j3;%sZ^7Np zRxB&c8+ehklKOD_fGLR9OkXnW8AA($b2n!>QBU#w=Pbo6#ImB+kgRQ)X=KXzuOlI(4BYIYD+Y-J09`S@ZbP<2X=_ z58*KN_z;G+k1Qm*tccm>mIQsj`yt}7WVp4P1ERH~2Lq?cEq)}Sv+Yu*C#yRRiA}QS zA(q(Rj^hYye&y*&Y*LiJv&Y{TfCaI>cC%hbV>~;tO+fmVK1}VnXe@^uvd9oK7q|~; z-`d;L=MUcg_Wu6Po^G7k;n=LHt8Y-&2g`SS>iV8OdlQTra$a^KFUD_luVLwW$xM{M z3}$>K&U1=1WaE%dm}f`=Dz5uLFNX1#pP^~u@?#U_<;Rj@=DelpKIYX$T-}Bw4V7+& z1};No{`8T#HZnyY{X&A#j1NsesFeUpj_4rs|vy_#9HBN4WV|OB4ycN3<9Qt9q-QLvD(z8|2G4nh0 zX%34AUxKXtc9F2#62myB;#4A$5+@WC95=T2VZXE)r>gqG=1UPN_VVH<4Xq0#ovJp_ z^U(3wI)EHDMfRhli{aqN9AeRR#jg(pF(r{8(uW8dGAfPyxMArN6XfUMNmLOttcF&^ z(8VBh!YL?jw8*5mu_cqlIM-x4+*VBp(YEw&B zkGVay^tfw=r4AW?v2-_JVyU*PqeQA8I_zTULq(8Vh-m9+TDHQq2@y=%Xxv@?a5!VO zQWW0TzFA)aT_!yC!6{3EW;4M_kjx2NO=g=Q>nzBk(v~{3;UXb{6w!3tYHlknFPV*= z=0h|qJC@1=R`YH_EPaz320mGz*c(>e(HP+R5jN}KKdp{Qv4Uf0uEsG$_rSWBTcCt; zV^Um&|>+F)biRH$mSh+DYSKk<7jND7Rd$x45D$(JonSHueki8j6kYaA6 zbpmccI`PaXUXmln)I}0~^~Xq&&57Z5$8zocy_IEi=J25vUUI?k-WokEPn3p3I;uEP z(qMn{27P;+D6y^G)m)Z@qaS-PBZ|j8caOO@6U6qdn3%KTUzUx1b#_RsbWW*xc{Z{x z%{+d0hZFuI@#3CYiIVVeduWP273TBqQzXS?;#A=_EXqqtf^vQGkn9P{BeN#QGUL=d zt}IXzmF37ovL`AF%(5&DU;n(pbw!9wm1@-HdJhsDn;@USpr_4 z8p|us`~A|e=otwyymK6t%JX@Bs^s;{=P|!yjS}@Sza#T3!EOdfVzjljy$@&f?tmmA z8G7~U=1kv>U!>r?JuZ=R+L7#moa4uh6)rlbPQ)qBDH6?j(J2yfnLM@F_EVLor{XCj zqG3+S)Dlm*Vr$T!SZ^_8p*MTBW6z0Pp^`e384D#&hvIlOal=p|&V&*X6L8`rXecKR zfrb)s{zD?~hNI^{aTHwRV<`GA#Zk;%rM{VnCy9LG-qUfp`wR@$c#_CycfK+5ecDjI zn5y|3T2X{g6M5zCl~v)6EV@aGqu6}@K1FYK$P-H`FB?kRL{iK((@moUmof6D;b3zB z)0Qi{zT&tqHfGP|*BK?a;`qOF=2S!?vrEn}A8g<%v~zLo63_FLbDp|bMPo|MOhrmi zsS3?ds3Ph#jq;Tm_9oDR`X;;@rNf%V4Na>m=hQ7D1L(~g+jJ6fP5tu4wM`4pt8ZMq zYI)N+3m00R1&fywb%Ro0hMv#hV+``*^O8XE&8-+*w{Zhw01e8cWMq5#ZXmHq@SnYS}t2 zuUXZ!cwtk+vek<vxm(}4~7A=Q-hUOT_43}a8HP(icY&hSBT8Y4`Y`nvUTWxry z4R1uqF?*X0KX1ePZTN@{kJ|7Vgmf?IU!`8R;h$~jCO{U1Qf?l8vI3Y3jASV_A7KQQ zU%@!sDjT-hu-Aq=Y`E8kx7hHI4eztzw-6E@wee?c_-h-!Zo_vG5@w(-bP*ex80Y{W zzy+1JLuGh6?$W{lY+pzdLf&f#y(9R^)r9Czz)Lz0v4EFS!ypj;nGTY_h9DRU^WD)v zC^?hF6beO450u{iHQD0B>Am_pL{!{XB0@H1Uyd>nz7`xbt~ShMg; z$;!+2CTEUF4`$|Ot{ju?WsN}rlT>>8SsG=>j3mG#i z{EPvP{5*Kmk*050W42T}8E-&BKwx-Vo70?Bc<0?l;@pB8<%H=-Jpl3qrcuXQ7B$ zRvvG=c#31ccJQ-cd(@|Fc8x8A7VdLVaCh^@b`>o+CJn+(KE6AJhmuN*@+;Wifd>td zm>jH{X!z#luEBO?_*fWU{TXru1E7C zg{^%({rv+yJzYh0=R``2%Swt%rkP6Uc^YAV!mk==@5XJ-vhMXgiVJ7Wf`;>IS2iwg zs$JH&xW1;gp{gXUX2G(mQhaMk=f(^}=65bsXb?vZ``e8mjB?*;p5p#(8&OkL+&|D~ z!VZV}+Pj*ItqzJ~JG+>AQpIe#DsJiTSH+r{)OgOm9&%B9X>o<+vot#}Oy0Kkmcb2t z-v(nsQaY)MVw2k3(t<;tjfJa#VM{>j!WP;|K~+>S-o@C6yM0x>RcpN16r)># zHlWqE6hv?c(d#Si9{>^XurHDk(2O7H(hOXMm-=*CFp+(42E=p8~!g$n-e^>s%T> ztB&Ej0-X_YOd{=JU|DVBLEy`{1NcUbIIj6U(b;^d5=LJ$CYzV zUT&PcTOiMkKetv;K8BG$$F&SpZkiJUf`bg*93tOL>~_|HcslSXc-Ec$&AH;%0zkD7 z^C+LdIw#M?T`1`x^~Vn!onbIWBI8n1jLVgT@g#r0%DL|8T16!WV|sx6taa1{^$eA9 z&akKpDl|&CV9ZFTJdWh33o4Gps0*sm(FhRs*l}^}DuoOBcQu9>)FUFw5X8nC-K!ln zk;AKn*uB_GW9(Je@_S-1juaEtvxA$-4l~(d&RK^e0v8I*x#oB{Hyo}Oc&WfE1YRZZ zI)OU`?iF~ez`F$AEAWj1-zM-Of$tIceu2Lw@L_?E3VdAP=LCL9;8z5GQ{Z<6=5TPj zN)cG!L)v~BE9en{3k5C_xKiM1ftL!5DyR{d3T`eFbL7%{c8ZK8w$m+-{1)@t?D4_| z$92WCQ-te_!(1mE=9=c&X_ZgRyFj=?c*iqKV118bW$L|&#UB$q^#Wfc@H&Av2;42O z-X~a@*9-dX0^cq00|GxnZ1r#$*y-e?;Q0e_3Vz_UuI!#W3vrj1dUkoq=jiMYhZhQ5 z2b^QeW!oJFR2~Ie=dkV<%P;$J68N0_5@K6Vd~oiL0V8xDbrx7Q`;0Oi3BrB!S>Q`E zQ4lT^6}pav2usxmf7g+J`e$xn*qb?z-hZSy=R|Y%$>yxUTwqYCmze`6q=5!i!)QFi40jK|KX_+w;6=z@p;p7Fu14-TiFT~ad8yCgEVrZ!kT z`(GYB^7o}RFMTKb{)Zw3-8uJvJ+eHdDlIqvqVqd9ZQFg#{x3B@Si?zr7<xiGUT zV`(5S{H=lI-r;mbDSP+d)BMQQJKpMjZm{?8+r8haS+{C%UG>}RDr*YrDhldmXWV(B zZqAXqGajs~?5mqwUpH?--I--|^IPhw3c9oRWGT$04G&IPS6H*-?R85B*Ok0o&uo=D zev{EsUpIR}-JG(zGg|8Af_X_;?Ry7|kegA^Qa79Vaev>PU073{G1c{ z*(dX}-u+|Fqbu|oZ_cB~-`n(7LH3h(Jiq_d-Kh^e6?h}~V(8e{`i_h&I8rgqOTvXL zFZ^cv;lCDacqj*?zrJYXpXka?;sUZf3B-%?JF{)E8GXk_Rt7q<_x7*KUvR9VDtTM> zGVhWn|l2Itz z8z_LF(xds$W#>Ga#qoIj&S)#&+w@f6vuNiV;VX`e9R2N-yuhJ?!yCgFKIm->9Q)Gi z&)$1?##>)}ux`mnHG0Yi_wKvmXvJm2E?Hidq6(5#!BSOHP*QM?%H5K?_ncc_P5QIp zIDT2=_>x^^U`SDsi8z=a01ucA+i#b=_Q9Q9*?WpqVa65I5URPgKQCOBa!vN_`Io%7 z?hl6#C#&1?_hx@=eqqK-Z&u9p-u%Pi%D}#h?rC_OGw_~;mEP_7%Tv}4+n9Mc4V=ez zLREXXZmarZ73}+>@a_5a&7M=qs_dnKN)P=X&I>~$x8=X~Vo}BqnhtDR5U3~{rg96) z7L-?)my|76xi4OL)2n-a|G|P`xM!=#EhwqLlZ62!fP-nj-Sg`Y;yNYg(U;gK&Cj3z zYE9~<_ewc#P8=C|Ut`|za|_B2sp|7&@0_qL?&x1T{CHIawOKGTXKlv0`+o6EQ6>nc z$^|oXQZ^lJe(wBNYThl)c{IWS+7cew7oL>6a@~fKmc=8k{?|Vw{pkag{bch~!74A% zoNRL5_h3eNdHCEN=Qj5xEBsrK+(qDDw{BqF%E;7PezzjBZbf}$$6G53N+PquOK?Hd z<>(T)2A}F&mFqm$V&}eq!b03kXRZiwIo}t!K6pcDm-k7m;k-^dcNc)+D+zIr{>gBN zS7OJmB8WJ*2*B`Wg?LHd7ue-pk1}MrEBtaxLcByfK`dAD?eJwqK9sLk@UedTaOjI* z7m88u+x-S=Crp{|?0Haq{=ck`n#_ z(?a3@)IoA3f=~$ME`|7TsGL+Ug{PNErNF^w&ckog1jIutmJ)srKcVvtmGH93_zj1? zj^E^z6~tA6!w6D&Fdqq@6_|rCZ9fwh26iJ*X>y7^Z)|g6zX~;|H}n zAJlN@Li}bvqzSB4#%}x!(?6GzH~O>NQbp z09kDS!&P=|(yrh+XjdBdf=O2dS#6~om-H{e6NrS;RwFs-N*x)Q_9;fL(veB&{Guyq zkB(HN_d+2_R|j_^|Dv=%Qrcb}S*lWoGt;#}mKzRTgh(c)MJy`A(mGJ`)Nau(633TXybJ18V{w1Ak--XndL#xzy!h zYQb(B!_vfD&x2ONTx$b52iFFjgFThc6rF=Hx(Up~vlpt(>wd@;#Nni~6#(QjQD7#Gk}!mw_&s;xz{U1w1(3$fP{7Zj7>^evwFurj5X9xn%&G^e zfTMn!9%8-!%z769P}8sJ(y08x3Xq^)TkwtwSF6z_)Xq_)>ZicofzPEl@kc3sB>Eti zR|)SZ2Vym&THQyv(%goqQTI_6{wAVE-9O-pvl<<3)cr%IzK!Vg2>{gcJ7|Sb_p?kJ zftqp#|BR7RM5Zqy75@8RJZ+2e{*!b2WwK!<(vkNNQPVr{!)4=_mhTnvWh0^r@5WDb zNcl~kxfk>+(aa(gILc#*)4)GH!!sqG!6cNJrn`53Y~L~ZRl(ry8yAtTzOf=RCqHtr&fbBSw~mu zQP>zTLj*lPqY-JG1spOQx0vRj6vHd8&g0dDj&sO6Kt5BuI$gW#P@bt>oyYlkAL1o? z;a=f!$^t?w+@2x##WK_94EOnNy4+C}irm zh<>V%vl}NBvlfr$Z4o#j2dj?oiN0YTUF_M%{OME2`49P7i7{3TUJl?x{jrGJcLf+7 zC-aHd1DJEX$T4yad_5w{ zV@VihbQ9q{RnOpam_m5bjlmb-LkhFuAbFhQ(DYOT1I~IfG#n(FWfB-{(Qq{bC!`@p zh~AZ{Mg~USDk-l~%QHe&Ng<6fLYO5g!ka@bdy@K7@a?3@z5ti*q_}is^&RsD z)PCKZtrj!99zIE}y*aez=FqwDJbkJ35h6V;T8eYucJVRyBVWhBs4k+ETZusg)G!L8yVc9;adD^Hxj=e zSuigXm@f>jflpF;uXT|4MxE5afRbGjpmr4hIe5{T(-1W!Uf?PkR@@2dnwsWbz@Qi2 zrU3blBB5voRT{2gun0a@rAeUhrg0_YZ*AX zu`7p>yVA)`!fO?qp=1ibQs-UC;5K-dM9hK3P9!Ta>zxc;tR&%HL~692E(X$WG=Ae+ zkc5r+X8dPomc;s_15VuxQGe9Q;yplIm9}AB^``rgK4Cq3L}w z^a0Q)ElI`FxtSlSb=k-E9V9*tJ{hq{ACx^Aks`rBJXbP6sCGQ6Cv%b-h$%S-wDFoA zThnsT*hTRzps>^6F-;lhH$2rE25fIoUDkDwfT}d}pGfcd)fyn*MSw6-8E_0>Ib-0m zHR!%D+5EB16@SeF<$-st*~1L|0K)_~z8c+{3b5qwY$>^w+NW9SSP!jm0=b`((#kNUV| zK$C{UH2_(_9L>3s0jEU>!{>DW3M0j`uDC_kJUS5Q3+QILyG)=L2|})8bnFH?%5d&D zz)ASm;CVOb9O*niBK;jlv^4UQCi!`8lnu{!e8$1&!JiJ#>;Eix=Xjm3f2-1(!LWIYyq_p5)-}EJFA)h35c)v%6D;V`q~CNyL)EgecQGz&3$-9 z*L*vPR~sFi#Wzm-XPI{#i@LU!mdq(??^-{rtFvX+hSt`h3Hr6zS$K)KYY_jF^Z%jJ zh7|AQ>z9>V@yJ@gr`*|%e`aXjQtlsU!xm@<_$nrhL%Fa_k;qWK=5)uHIN$cX($5av*Zk2 zj+Z)0moOZ^UTT{1kn@{CX0R1B)x2D1F?ad zIcPT|JggM}`Y}xh%>Uv8H-n@afpH-qBegVc%uc z26DaaDA$<^>;6G+P>84H??m55l>?1|&c5|*&lpXj4xoxLu*dU)sk&3QXkogygK4@G zf~lDh5YVYRhv?o>I4qp9IXHr;Eb8*qWS!Ua7^}9^R+jiOE6t>`5vC4WNk%K+kESN2 zrh`WhCsP*65RG^cjWD{{ZX3Z$CC3y3b2t#pUp_IoIm-*GI=QIg+ahB)-9!xOkwSIJJ6m93Q*0hY&Y>N_2m``X;x@qB$8t8%bFk0QF zb#5p|5ji^7WqMGU5tm4}ln~UMsjNeAoR)bB4)&<+k@yX0`hceEI_MgQ7>{cYKc9%F zZTGbj&FgVg#pV5k9%Fjc#q}({%}CK*vQ>0Us;;tWt{&wO$Npx8F_LuU&47WrbWuBe z74Ky67~Z1ypGF~JE%Fn(on~P(Q_PLRXnQfVw8)*DBeoqbbtenwl8KrmVL<~O6coje zIPibkd?O61g-5V7+Q5emxOnk@G~v?>{V|98NP`6Tt%eoA&rGZV4E_H-+&{-@?P|ui z2VlbYmd>;R3)G+XgQovG%EtDMtuWYtf7ywTNbrAu@r?pLbKc&r%g2{$_{SprpCN`O zuXyrXm*`h2tR_U_T}|`p3gi63K{pAN)M0l|cPk2TU(x7qSN<1&cLJ>p)m2l>hdEZe z=AYR`Tj*DtO^b;bO*=Ca)U-Czk>Fz-!>J8p=*GK$wxEZD=>&YLG@#Y5mF51)DjE1s zBJ9`cTD3;eF*RvzY30-PuAU9HmAXf5gM?L(Ha;q5M{;{G3&OG0Kquipa9;ZV@|QW> zHq&L8fV&s%T$mCUC%@ZJGLOULPlTC25glaZzW!leZiV8@lsr=`4?}FHQ~^A1bts!< z%!FSBPx_VC6Z1fhjy%M?&mf%#YjmU&J>otSrR$9d`i;#|V;@R*4`0v?}^he=cSuX%%r>yyT zhcXME{JfoaJiHmFV_src2X_}kIx)5wI;Y^o(FWK zySuqWayaIhhv77M^4GxAk)PP#ugb&+ZA=ntMZ$Ewz$HxK zDwQz7U9A!(Mz4iKzoB!V&#_*5!88&i*{sz==|h?!Gl@1xaPzssUINnpx-a-57-g6UdNv}^?>lpZIv29QeUszpubg4N*C_*m`N_wX z;Y=In?55*LCfzwFkEbdQGi?%m6W2Ay9!Bp=f=rfiix@o3~Vp2ny!AGaq^BKp%&@Rx%%<{KRC>^dmwK< zLdwg9ck-^X@<7rKZwsg_(42EJcE!p2HRSPSVahuV-pRW)PF^7w8g5mrbE5fF)yZbk zD^=LpVc=5U>F`b-ALhC|%Az~IhXd0IKCHhl1g(Q!D6bIS$$QVrE3x_OQTfls>6tRw=L{X+o2V4^ z<{Z=Lhk=jluyZ+6qdQg7$U}F!m1kmj^$~ndHffG;Jos2w=R(cqolCZZyM5P=nQ`*A zQ=VH4!RO>njgwakdE}!!?pU2Xu3aL#x_3Huz{u;IlgChy^){LBJ@RqJ1bE8B(AC!x zDX$mT=`El;=j6G#3nhK%_pQSmn+}5t16sI`{@#?WjJlv+VP%{vWYh%}SGcH4^gU@b zmHOif5p_X5!(}`_8UYH%j3~w@#ies5L|riEYXVh#Nm-56y z0=A*w_s)oB*6B0j;vAt-7sLp2bA#goX0&~c^V*t&D`q6huE!0AvF|vJcqd4A7kmzK zS2F^)2tEg2RJ&^euU$FlFHC#wcLY|PAUA{fIvWHDW z&o(T@*-7PHgZ=lKgl->ixuTnQJukcnDgnoRi-?1}q26%~GS(jQmbxiDJe!|k(OkzimAU+aE%|?7Ars}l_S6j?^vRmM* zE#~RMBNl%j;m-t}drHcA1~h)A;4t@1#P=fP5Fwt9ke(P@UftisYk_$!A!a`^jhOY} zTqItEkgrk@cOd+h#g8I9VeyLye@{FHKXAmZy=k^?lM(W{G3D@-J@om)EY zNF3(!;V_4n$3(b%c#ne%t`OewaR27;9D%C@UL?KW@S_4hE%46;rv9Crw*?MBpN`H~og98$;3Vut9esqr^91I%jgE&O{hZJH<&ldFY#5V5)!BZ@F&JcLM z;8`r_JU?)98U@cf!P6;lx8T_#=vNZk`s@`vw+fy^0)Ij9d{xl@jo8ZhcfrGR3D++_ z75D|g^D9Arjo8Y;R}?;;B5;ksD+TTrc%Q(ZC${U!y~K76|0=Ls&%aN)9dAbk{|P~V zS>WFao;L;k1A#+mhbt=um}O1Ekj^IE)+d+PmKzcLa|K>4aJRr$3j76PEAz|5DQ50` z4cJ{@9wXhB^%H@g6a2pym|s^rnQ6rK`jQFkt}hcww=xR_KmMP9Pd`J@YXp6Tz$*n$ zlc0AC+)r%lumzZP;63#&(rw$X75ujfe1O>IJp|0Wi;(vL!Sh{#`TwvS|53}|0siL& z&wmP@zYyE`jyEm*wr3LCa&v%LF85}W1P}f{gU??n_~%=G?(6CVPov=J6Zk5D4-&gE zPi(L0Uj=s8_s2-LefNyOzZUo{f&W5m<)on<4o?xdirALBl-TY8YJuH;poMf>F3;v1 z{-nUS5L-D11^p`mKS*rl|3L8nPGHUgx1L~W@iDVGI;-L^ZzmicFYru(O9VbcU>t?| zc^3=3OyCs)b3f_I`nbSN0&fy{P++}>#9XD@1@GisE%0>$|Es{a3w%i6&kOtwfxj*A z;{yLc;AaJXLEzsC{F=aj7g+CGY+HCQ-z#fBk*$q^SgD& z|9gS?;ku*$U0{B&?&x}dX#0g)jSbfzQ3?}e<|qvzXqMfiD)gUEofE2L;|H@GgO`6qx_H!?lb5kICUr3H)h+?-2M4 z0zV+|!vY@>_;G=s68OggzbLT2&$2q?f0}T0drx2<7&*GW&$9eHKXCLh0#6XQKw$oZ z3dcWN;3|P@1YRcaa)Fx!ZWVY?;B5k5C-5f)zE$AQ2>ca+9}xKa0zV<}%L4yKVE(5K z*WSMg%zv}t=%WOlCUB9!a|Nyv_*{YO1YRxh#RA9Q)44kEzjHYJNrCyFIUN0q0`q@o zxcias3H-RgKM?rG0{>KC{_hbd=cK@|3;d?Q{2v{TKPc~y1lIR}_P%M9ppO%HqQFxH z=KuU~^5+R$Bk*E@`CmaC|7w9-1YR$&zJIiJ+brn(Zy)a7>XQP0O5jfm%>M@B`0p3^ zn*x7F;3EP*E-?Rbh?DaRf%QG9z1Mq1(Em%|KMDN4zG0`DcZdfq4SjRM~y@F8N`@1Ga=9%9?x`vkt980!(;L+}oNid&(xp)*s}E5rj@@M za@_wRzF6R1V%zr37W0^Bhs8XVq@e&6C- zfdjZ7WZq8$r&xRlIMZT2I~r**`|vc2`Rr(-#q76f7XJizmc=}?;X6!}|2#17--&+# zyvXAJ1m?Xw=_i3#So|Ac{(D5yUjgQQJ@IS6?H0cQ%zv^+`kTO;EdCSl7K`5jzRcqH zfd9qf_ks6W`~mPy7W1r#|Ll)4`JTh)E#_I#S1jhY)L*xl-&FHmQ1bH(=|3zU2mG|f z{NDN*i~0Qg1&i~6dH>G56M28F~8|9w3z2r#TN6O4c@0y&c}e~S-c#$+T!zpd7n<6M&MeDIdAGM-UPhLVxCc5 zY%$NGS}f-KErY~%&VIsTEb`OJm)^^`Lm_)8XZUHzKH>|fr?lcxmu`xaLMKV|VE z;GbE14)Dtsp9}nZi+-PeeNPKhEOIf$`tRH2q58$rfJ? zJj3E^flDpk2YiObT!*VH{v7Z^iw^-Wv-mFH^DMp>n9m|vhpz&E+~Nm-n=Sr2@CJ*& z0nC4^Nq%0R`z`)9Fz??aK1TFiCwvljDzLwwO< zp0D$soq02Wzhg1q7x)j0`TqKkEFJ^=yv1A_e`PVBNxfk)|4qtYES>}WH;eiH5%(!9 zs|J|wpyi~Yl5pcK=GfzNPtp;nDHe0=&9rz7aGAy9fahDx@wUL?YT%_7F9WW#xDj}j z#T-BQC)>I#j-T}wZwBVQd5+zC?6eqDRb6Een{ZM0v{9jIe~vI@S6g^FEIBFZePl=?r=n4UdtW5Qs6}b>wPZ=3EUde**S0> z0uKnhOW=LP98_?(3H*71?-%$HfsYFOjKD7m{JOyJ3asDTx8-JGuj1;ECvc&_6#`ca zTr2P@f!hS;d+$#E4uSUye2c(`i0%5IpUYVMEkS=w;Nt@SLf}`3?Ogt|!1{TLrDtH_ zaXe!Mo+NO4^VWaLZb?OX1x*>leYD+@dpLWn_d`Z*2*7^d&1}9bsWdZu$C$ zUn|TjJGN?RpkrXcv5vz@iY73$0SqVv@+mxWgcB5EiZU{S3j(WJ0)_Q~%IYO0D;AY3 zSgEqpsk0TM`7s!b;}E-mKsqhu>PQJcD(s~cHXcj^I!F7UgG%jNJg;W$f`iI zRYSqCj^)FgPEOWtNhv+iHQ^Oc*!)0yX)+|W^i}UfNXOoOV}Rwbw!M;9mAopjeE8PEmoAPRPKMc)*Unx( z%$E27b+?;_SDe`uj+f`NU-e)nC72P689DpDQj}4Z>GBqF0|XuE))pKqG%@IoH;te} zpS6{73PYQo-+!WD!jpHry8FFNZv;{w$aw2-!KXq$D=WzhA76R+h2nE&XB8ajc;T3l zain_!jyIQwL8@<7hE|`iR)4VK*x`Nm6=hZpUv6s=XQ;&JkA-$IyZ$ z3)K(y9=`oBZZeO3<<6&9op`zCm>cCK)j=W`LL?AYw~Z;{*qUJDC=;Ny2raM zdvE@Yhbs1_+wrff`Jp0>@qCjZT|BZpI!HUwik zwQxcn3|>?XhYgrvkhIm?o4+x0dtpZS@oZHYxasMo-)dm?s#GK3_Uyyys%kh4$@uxV zdX<5_`L|_vv~J&8m6{jc=2=M_GuI|p4PTO?R`-=9nMJ7N3^cg|4W9j4)iBo^cxF|A z^sve;?_1Il*;3NC82Zdz`9%5eppb-p_2eB-1&V^WnN59QTHf4@j8J7@*`{Ts9j(i1 zmYu(>d6~B?dqHy`t2DCU(JZ5)1zuLcp{uLUsj04Bcio!EqO7t*!wVkGn%B~oq~^81 zxh1<7E87y4US7SlW_|G23o=s59DB*4tb$`>GyXKMoxCmayuV`&jTIt251-%vV(``7 z8NoLK^P#0D?|>npV4ykO42QR#%BmXnV#f2Og%gg{41eBxKKuFnrGeaI9Rqn`7?es< zQ|3cwZ~Z81&pYwvble>0DE(Xb)!kef)`osD9DQnJpFFneaXnN{9>J3GQgOte1*<&0 zUR8yQGGGtNaJw0)7d3xImOYhKl?WZl99sJV zH-sSEXloJ(&V302jO-FEl5DQNlJ9n8aD3D$>>W|AF5m1MjYPgXDEX`={R&50XzmA1 zF7sW9%jfjLn&>K{7o`m-BRFzq0}$$BCASzbK9Wxbl| ztb$0F75E~Ok`7YpLni=-Q$v%&51)rtWpz^B-`UMFvz8M7h%e@aviK@p_(kHBEL{0i z__aO28QJ{iGyMMDz*%XhlRnDhDg4N^sf-kQ&muB5?J-8q@cxKMUfTQk4KML{P##ek zypJ5Ff9?d6(-Gei42O7MnfU~&7!I*=87xxsg766vSgy%j!^~P~y6)i+pDARpDkhyt z$i=(OoLd1|uV}GI;ro6WtYDPiRfe~mIuolL&E%5*g5(h#pi_`MvJGIk8nq+5AaFn8 zX*|yhFAA_hDs4O?=L9$;Lg}?-3Y(wNU`k1^tx(}*8jnrm>3sNH9VtwEo;g0IBbCO! zSFMgLO{+u3@NyklrLA7US{Q|OXscJ@^8!@FR+TaeC5O)suyUhHU_|T$KspRth1Y6m z>;4L;y6yqnf)w63hnoVAFbMq>znN^~==rFfx67-<8el9;?IIjYC3w5;1jiU{%4Zi# zAE#}aTtNsKRLA&llW&FRy^l<}+9b*fEh~=`3<)&|^0crO+B8b8mbSv9jMLg60hUDu zfG23t4Vr%X6A(55CP_LB+b=1~;K+nF*nt`JIK3zI`w+*)Jdb9cFY7!iLj0h{CeOps zJO)AnyH9yP^}GUHNKEa2s%xLCjk)|(*I4D#W>=E6*|n6MTN&NQD!@FDv)T0;HBswb z1BNj)H0IT^U1RuvcD-7@g*dJisE#!s*QvbosF}z(m{w^Z2@jMeQNTJv?hm{J3YW}@ zTBYmQC3KT|o7qWz|T#LpxCzUI)jL#qGxPSEyyo?;P_~?<3D`$-c zm<>NGA3x3T`HB^ipI*+j5bhho6Qix1`L)A zPzht)YW7uVviB&s^hu?6;3e#a&Cq+4L+@Mgb9jyN9=#JhzeaSTZuFzO5zWGAID_rr zTFK{@-V>K0zpnLsr0I67C1A^7drnn4&be&Rj6&q0qWw{-t8SJJHJQ8|9-o3ty+~P= zPA)+LN8-IYL9AKqw zqL_L55|yrJ^A8a>-JY(yonHn{*DLKX9iM~VKa-DDxo^4^!b`J}4S zu^EN0Mkc3lW5bUo?To=N9GRVkTy$TeS`Hk?sx|9lAbpn-F9e{yx>>CN1L&4nJpeBP z%;n?fxqQ}KITo3(KxUm*!nsNAI|!Jc-Qh+MX#&RwQ z9f-kcQEdS0;Jq(C2vOA(<*hV=>Z_Qb1%1K^x}Acyl1xFzji9NlkKgM3>(C7WXNRr< zwGE?L-hJRP_B{?05GPauzd@0M- z>UnlcABxtsdY%anA!gR(7q}+B!$iF%zpxw8GoiY(xjxK8|i%dSr|uC&Sirr@#&XZH?F1?cf>$dsv-$<3hmHi+sD zc<;b)lxVv6Z7TB+nyi)iHkEl2F{8|PsLV;|7^BR0sLW18wKC@-av0wGTVu9W=D#9M zEAt)#D)T!4Rpc_tTn_YM%It=uSY@&l>gQ^mB9yrj2~_51bV95$za3>xq|9fc$wpU` zciB?@6ivaZr`3!-+l=dNa;%!QNy!?%DY$W_K}Qt!ztXOwZyQn@ zI?S@RAz>Ghwjr~vZAcr

4=z+KAx@XAg3uvj;g!+Jl5eM`Nhb*@F~@9C59Q8e_yA zpfy8?GO)Fh<_nE+NLp_6jYsC$oG?;|o93v+Lfn5wtr_ALINjri*AReNJk;J~L9}); z)+Q&~qG%Nooir(0Ge$qkh$C(wtz4L1jFCGn+5`%k9<3^)(yF6uew;x|Y3LD`=3-iy zWGS#wiMcY%nWij}B4TPW)WD+=P(Ak61;)OkGiO;5wMseL7Z-1u6JLY*wm8v>Gemv# zP^vU`E3rOMEY{3u*Rj=SM$KBzceX66j9JaIgx=B8vxO~9ExB5^6)81f)K*8AjW~N8 z4T3H(wUtII7siq>E9oY{!yFTXRT{2guogbnXw*zl8Z-mbwZo>+{6`F*NeH$oURSDXYVvRKqn4cuN{v9W3Gc4K0e|O`pDL z)dCSQ4qBin22C1jdt6+hVnu;qUbs>X2FVbsH4Jo?#(;T0oT1^x z465PD8!K0|VjUPDmjN3cQkUJc^B_^Dj!6@&96mGPX^4>4>=po@C*pv}S-RK@t2=xk4kHSs0%T9B(4Ijm+X0qJt7d zH4PpOVj$*NxuG)HsNot0Jf#>~9W#`*A<<2mw~2w{jjhgUnxT;a_XIGDhhOb*$+w30 z)-p8$A5hf?8TP=Vkqjs`Ok0@~w*vWY91t48;Cv0&Fjx&gw7SDI18>F@Ckv{;!12ab z*T~fdJsULdS_Y0cs>t!6ek8+(mPQF5S#>c;IFeEI!~+^>YL;ebU|^QRCI$-)l>wIl zVJ8(ao2Sv`q3#+FGMnjQZRwSb$LJ(G9kyp`9X$F6zuHCcYf4|~B!v}^FSICAgOv5G8Tp)-Fo&hY#syaA~`ZcY0bq40wz&bQF|=AFB$3bs9D?;MxExgIhFg zVsNLSGWfZnG8kp$HXI~c3lD8F;IRP&^CKar_d zBZJ-Wo?69#bu&ECS~jwluAt}u1<_v7S4!zC53WOk5xG)|TzN1ma-|fx(!Xkq{Rc(v z2On#>@*ok#!fI`t^nW+hA0c>M!wad?nef8gG7GHKsd^x?9Z&>=b@2aVW$|+{lNnO9 zV?qBr#)qp(bbPQTVpNksESXHLgog=E2CFpuhZS-I*iE~MOuwv(_KO}!re9X^B}8@z zme_L;@cB6Ug-1&q?=ZrxL;eq0a6p)Lx%fQ*kClM|2NA4TzpKH0hW-Qs_BqxQ1}EUT z<})-+T?3?Dw0##uCxKrSFTq9dD4oF`4cF{LV4CHN=>cgAd{Ug<+Ah#`YkI8pSl4iF z!`M{QL@wmoMKw?&<~lC~+FgYl*TW~FOlc*TXQNyXlJGBqC7qd4;n55Rw(bmWhsPGN z!=HSJoByS$^e(FcQRHGkR(5N25V@r`sP?ZrSc_y{M8VDAR(MS(Fr|o%;Svxpg2w=B zMzFy^{A$P4W$*!Y_CbbRi?MhzAa_vpdj| zCS>Gj#h7ML0}m^{W^=#7(DCcL(}BKU+Qkj3CO_@R~L&H&HS;Hmio&2ag1mr04W#k)u7kO9kswiw(2|Bq^`QfJd!*iUJ=mVuM- z&uh!bTgku)IiQ4u3+C96 zJ3zXTCQ#Kj?6l!b8y4A+3kDrGXmpN`+YP$gO`s z=EIZ5vYg`tI1|1ao+_8_{{;Q6!-o8$3_DAslmGuP>daSY6u;@g`!m{tv$5uk3E*3E z4&odj&YCl3h9g;P&Y(D}&|&s$SWltgOUl_zHWq}HHu##P&6pa~rOwT67yx}qNodazAFE5C*%$+z{Y4YOLYG`OoR%*JN^jm}J) z(VMhgS8X#oI7(Zf{=aW>br{wl-^%sdD9YF;7J@;6^;XngFrH05S}=BeZ2nHR%H}tf z^mHY)V7k(u~RhTRxLV3x5$jof5wirX*&!BLj!ErZ;YYwyR_}%SPR9+QM}SUm#npI zj0Y!cwHj;b#;$rm^O)ut%f)7Bnab_Z7S&UArOjY9-4GTOZ7>>!r=uMcwEfGGl)?dx z>Y7SNJ1He~Ea;|Iu4~Q6qZ~tb1D^DZ)G=BPyU>`GHtpK16_Ki?8AIILblr@V?O4pQ zXXs(gf2vlynZTNys=cYv_Qopyb_^q9?Ai3Ywzh0Xoml{d;dLm+G@8H061JN~RMmYu zX|y}|Q>BA1JAJTTM#lj?UO%DhVhS?#HS_veg{pZ$xwG*CCzF1nToWuPcc)5fed(k8Ao(qqfgShije zVs-oiDrVZ|w8e@UGwQ~?d{CQIHxo5r2OpO)Gux6a1#>7?@H-zW*jzOD>sBzT*UX@R zR<)Z=td3X{VB!bY+Ni~!s5xtGZ`)Y{ikbk@CWF@Z^}sZDbML@lU;Brf;HGeAWoW2P zX=9yPn~%1(v1x9*2j-cZ`Ujf(U|zegiI?*xW3Ahn<&L2?DO<^=0ld!Msx}Waw{*3u z4rKcwJm8_DIe^%sD_GlP zYU=IjA7G;6i|SOessA(Vf3x4L#dC#r@=avaa%c}Wxz@yX!ar&eoTYTM!-6`kpPT+m zU=dtsRQH#&cg0Hb69#7u-0D#$qtfd;yPLbB*1&rPF)o@mtS>FAG^WAhOSaiD@&?*n zv+QWn?TN7>?i&V2C9qXBX1C06h&L^+4T-aX&d|87H|+{H_4c*vA)(G$xNu&iu(hwJ zzki^or>m&$oJeVLSxIrpv`9s9WpSB4A&Oudi#@SgHPGJO-`upUdwq{u*|4~&W;HQL*^}j z=V?We#qP$@=?-K+FYCs<44IGK-M}Z}mu2w`hy3nXh5W?BExipPT_QQM+*9#XBY|~e zNS8=XHRz6qA$bz-W?(&$}8If)`aq@L&{}Hmq<6n*zDMIq_7@UrDV$$e&fI~+* z@pOcwyTc*UopW~Gmw^y~XE+O<{9EDkEp`V=iSpKhhj|&&k%!ogZJyH7CCbZ3>&(m0 z>0uf$52jd$+u-T`nY^qw^WMRXa6|I`qc-I2l{40wyMJYhCEKe{{6*=*nc}R-i=9)# ze8QT$uw~E7k=y7c%oclXk7Yq?6R2{~jLLwZ%_ z5M3(CvHh7K#qPF5B|o$$r3BfHl0KvlWg_=!qA;rw(R-3Pw(Dd{qJB$|?sr;WdslOD zCvI1Y$z^NM*4{F>p=o_z^TzfVN+&l|#U{16rKPWZb4)Vsjbh@>ea+n)+TCz4*%FYt zI=fMfN$wx$Q^l=48#lIhqcU6dKCajlt82P-pctdrmV!ucUr(=DgZ{DK2-vuICt3Ci zgxsY#=Ws3v4m0f#&fhZ-a;0T{rZLVVdnu1sGnvm}UUeJ>RQCyaT$Py4wF|&N;b}5J(6YA>c^}5HSfMM2reb5EK-YOF&SRTp?(<2tiS~L_|f4 z7nHWxqM%~MyH>PTt%6#$1zNON(Q1pn)?2kjt8dX#{XNf~wa!^N#A*4{X5^KML?rfDMt%G~!6>+V9dHswCz#AG}qKG4?)-d}uo;z_#Y2Yl1!gtWlprXjE-vC)nEud$hxH z;T^Hs;|v-$eJik0kNxV@9)Ihs%ze3dRju__h;6kuHo@N8u-DdkIV!>4JlNBIh))%2 zZ&rf6{jfI-`_*Zh>J#j(ggq_4A}Fi9WeN6%V0)Gt6FqL8pJ4AH*t;5XmR||H+WSs| zy-nEW@ziPhRwvjSRUJK&Q+2$bEQhY9@52Opi(yZnlxb4!y`Nz34cJ?O{VYGWSGCs;@oj#0W4o>T;E#~h zHllltHNjIP?Nu0ioL9!$8-Ymrbjo;YgFhlyrhE_VjX*@&<7WZfmjORC!5-HN)hAZ$ zj@hV4uvbtQKi_!0QF~Ph_Ew=|;4#%{nodrzHwyN&Js%BawddB^#kTe@Zv%L(QK$B1 zCD>a8dt0EyV-JH@dsjlwmR}2Qf^Niqb!zXj1bY?r!Bj!CHymE=xwUz*jppE70XoeB zVFqfCYk?_K-mxLxkB<;N*2m+LKI+hof<2yd>eR-=3HIi}UODQH={pXddbIakg1x;M z8J&`i9pYFPblVf`Z9Eg@j2kA}8wIcSUQMt!3KzAjAXBII_9p1P7{z?{ykQcjdR(hm z^Tb_479oAzgX5lvZ9OhQ<52GwG#1+qbl+bS?5(*5qeeOC-g1vG0X7LSF6zz?NS9^oR9?uCn z|0sM`gyX8CJ$nAmouTTj#L1JdN}|L4$3u_z`|56o9{Uw_)S;Uy_JS?^suX%Hx`9yj zxTZ7yVy=8+{Ct}XDfhAc%>ZZ|D%T!^wG2!|-B$yd5qlqP4D?toQ{cIe_IQtMioqK^ z0wZ1~qS|9{<$NV&n(tn3l7**jbNWaY{i|GN4yU{kME(qJiCc) zTO-`xJ7Ir8tZsPk6l&FjP`|I6AAymW_K>^7;a1?nZk$!OsLwl$xC`To&3kRSVep|= zS8(d{iXV63SZfMoVUJhbxC>)eV9n7v5Qk)zVATk>x?`h#+tRqrD^T2p-4l!5<`p3B z!Yvj0?LSFfItY9?Wi^5Z?fWJ@zzl7f$#nF6_>9yPs!j+=W~JN)PsI z>!5wx!nlo&+PHA6_5&f_qno|dPfyt9lWg3D-FUIx=2;SVVK;S<-R6^A+=XMUBanqX zK1s!0*y|DB0EOL?Ok5OpPa<}kcg}Gaj=j4HWMPjzMBIgOh942%bkC8)WV;?=Hrh8% z-Sm4XzxSW<~1rC?Kef5#Eotn?KgOP zDx;_ff}vA0;`s%mlJbuJ3kFuPmmd-&?p1+)kYESCMYr`(w+Mp)PuVb|oVpuBn}YJX zShnnYY8}$lIIUj)wifE(rIek|&Q95!GCJ=)x^vGrU5kIXYC|q@olYBeY+PQZ)ef&Q zI`2B$naXMT3y&)oR%_Gg+qB6k>~v@t&K+0s<&G=*?zrZZ*ECrBF0R<2tyVgcU#BB% z?K}Np{2w?iD{g7tzvx)bj-=U^56?qQLpQ_!37Z^u(PL$TbC8}QguJTeCXmquv(MoeT22A}!I9IYuA^YeSx)41sk^?EBQD=i zR|+$2jF!^}|KP~!(pGV+>*X*K99h%c4@^1jlT|*Ha&-T^_jGCFPGQYU6x%tFx0yD? zWqI(5P93%pvZkNU4wSQ=$(*x-ZZbUOtaGyJyYerD0FJEX!z)G(pa|r&y zkyW2{N;&n(s?R%<92|5M!mh$mgs!e39|-2PAcqwQN7lHk%bY_gMF_8Xab=zze>+Vb z9+yogof(94?E!L@4_V8W)l7Ys4_S}p+8E@FPS#@$0_UKjc%9*SK^}vU$0DJbv7G}s(?(V~?Gj__Gb_Fz;#D zm%|1KR|B7e0vL_(3gJZvxt-G`C%9%&9*84b-GhbwFw>&SX-w`2M?VKfYWZC_gUFEJ`pwBi-R=G<* zgkvFd=?BNs&yx|(n5Yns7736mK2e%Sl*KFlE zrMyO%HrJ71X9GfdwX=~dZEO=**Lc0l@MdA!c|@2+`jjxEZzse4PK5Moe;2tu{=w~r z?WY~!!q*pryWL`Ys z_@1znFsId1E*GYqVPx1DfskJ9j3Re*W<0)U=_JgbMk{mS6f*5J2(#Rp$gnvNA-&pc zCga*lw}?8zOAN0NrcM5|m^v&sPP$H;>k!hb%?;#EwCH&osUys1Gv#}QY4bI~|0X z&TeGb%tc7AHlt)*JLn3iBYcSAQeoOWT$nbG7G`~M?q0@alE#s7tSW@`dMvk27H_iP zrcp<@#&DxBkHu-#sYCmV$*|dikX~)BAa|ohobS{TzQQo40j8WbZxp7@WOzRp|KNB% z@betHF+gSJN13A*{=tC`RsAUb!4<-*&H%%M4YTW4of8dDFg(?8wc(kD=NVpNc)8&# z46ikOyWs~7KWTWUVfICu=64PM#c+geQp%0(U-?&te`oj)hW}zXjC#?yJq#BbKFsiN z!yGTyxbA&Z9uf#wYvgkc^WBT;bKOC*TyJ=>;hPQr&G2ZPKziKE z4PQ;>$pyCtphf!(1a$Z9WO6O?Jz_G&;KtziRY9Fx&z8 z({y$x%e_G_u-*@pQ!eQoVR*FBpGlVd&L*=1fjb+l_Xd|xE_S|c_`F4YPggvaYq=gCd>UpJy`D_7EmtfTx|Ga!&e%txBx+hn=Ncn_@i8*E2<++?!ocQo>Y4HuHdP7#=Pa5?jiGCCs+k2O4jEO94; zHEy+$FE#vK!*>|oX81L-=8-J-Jnw<^o+pGhu6ax$i$2$MRe8SQGQ)?H#pY39+T=LR z2+GCI$wt4*=$~(Ro#72&+8F~ocTz6({(#}f3_nShG&}>=xX&5+M`XDl+eaPY6xqYGMsOib2Y1-!@#t|TalxU&hduF8J=qR46>x57OZy8GCIwM&olZqh4j!+#Tfj&-y{|D@%~$)Yt4-HbfX za3NXJFv4(^VNUj}I#(FJ!SGKEKS!3f_aa&DpML|^d+EKDOS}5m=znhHz0qH4+;g1Y+p&^ai&Ty7tj+?6v$Cs3&hRX~OHaygDrC~RYBx9$M8bK=NVpZ_!7e$JJMtEJ8tD04c}t;F2na3e#r2nhMzY4bHgti{;lEP8-B;| zr-nZ>?7p3r^1vT^U=C`~m|D|Crj;HdM4ZmUdZNpp( zO7%Z8?7rER<7RTqL73mv>a!TvrBg08JkT(|nN^)3hPkej$|o3}YWQ@+Zv8l1XY>;1*>XNE%@lfm_s4%3^&xV>TbEvM*oGxCEC_cqM+sMO{WhKCvEch#!H zg@cq&Hq37pRo-B@$?!bGT=h!zFEV_&VJvGJ)A^3!?-{<)@GXWPBI7zu_o(3~4L@V} z7lxlV{D$GT4gbmTpACO%_%p*?R7=yt?=O_G>O+hVHr&^6f5TjWOXChRe7xZk4Rf6? z)vqz!Xt>ER7u`|)<%Taae1+llWO;7A+3@X#?>78^;U62`X84zee{J|>!><|syt} zig?T>*9TMkml@`AVJcr|n5&1W{2s$x3{0O-pD_G0!#fP`GVI1S<@uLuiK(4G8vfYu zCx-d5OZB;$wKBhjQFh~^V!w-#yD?Ic=NWk)!$pQm4IgRvXu~57yD?R}8NS@`m4??EUT64b!?zl~+wcz!KWcc3;b#nQGt3p>H2tp`e%tVS zhX32}r-prwuSyvv8SY@Xli}`$dl}}cb84sD@KJ`jT&3!aHaymFmEkFdYYopZJlpWu zhTXWd4L$nYbEe`@$=hIbm?W%xISe`oj|!|xmZ z$nZYHT>DSUJkxMz!v`6T8ZI#G#?_@f2N?Na!$%sfG(6Jq7{lWXpKACF!wrUK8Fpj! zlAd#oe5v8(hPm{imcv@Z>kZ#*mC4ZHU&5|{5;G%i=SRDRX)n}**t{DI+* z4S!}h#P@v(HJ#`HKEyI5_ z{Gnm@u1CiF`L0Lfy7xOG=X-3GcQ@S2a38~m80I>n8uu8(#~VJ;@C3t?4No^*XV|?z zk}>~tC>LI0_(H=g4RhsL)xXy8cMZGuP-62YBj>WD8uuZ?j~jl{@XrnZ!te`*UoyPM z@EeA?{;3}KQ^Oo9QhAc$4u<(%fa-KN+{GCb69rQuPA#~7Yy_!Psl49_;) zYQ>FZWdF1(U*7Ao8-czy55Z9Q(paH`=9!!)7#tQX~|;R3_1{3Xrh zlnYlFX8Eh!m9yxuoK^11S>#nlUTv7=srs%wMW5xVa#wC5XSu1o#W2fF*kCBJU` zQ1W;W$EhSQ?i)qP%V|h+wxqvC7>D#`3bSvXEzB$|5Y7PeT`l7>+5DD>jL!?)QaEIO zm;Eh~9|Hcia0z(5a2eSB)*AX1;QK{>B>2a|!@-XWj|4v{Tm|NQTG>+OuLyJVbz!FY zJz*Bze+#p?_6zp~d#D%MDF${TOWhqL%w~D8FpIs9F!Ok*FzxW2EaMh}j}q<=9w}T3 zK3RA$c&ae-UM*Y+o+&&De3tMjV7`0JmbS!i?8&UJ%Y{*l-qpe^2fmY~4o}Y?kfrV2 zDNOwz3RC|fVK%?VgxPHP9+q+W9mmgwqu`ywEH}P~r4IA>iZJVUkMLpOKa-`e_(YhS zp9`~`IVTczSkCFfEaxm?mUCBOmUB;GmSJz<;ow7rPX_Z{Ep1K%4tx1VD9pTEAk5QnnQ%V%8Zt8ow^o?daf2|AyHS{Gd?!nN zrr};;*2ROutP8%Ar4Bz;dO|n~epYxO_!q(~pIyR7fnOG8d)p&?Eci{~QQ-H4r+_~c zt_SZEo&nx3JPXWubF!t6>MYDW_7GD{`L32c7JLR-`bK{LPi8wmQ#cjO_p_8UspkkY4g8G&<=w!`g?VebQaB3cyISh7 zPS*(c0rOoghYGVj3>0nxA1*u>JXH8>@Ug0rJiW?cTx4@(3&=JmgWFn>SYS$ICUhww6Ro-n`F;yYs6 zxfon5d?|R4@a5nmgx7$N5$12qj}_)`%qNrCfZ?VIr-5sQGr*0)>@)eknEL1jy=Gya z*XIi(NnVREZ-*`s=6S(+>KK=O&NafhV7^nPoagv@;X}Yb5IziimvANce&J)mKNda? z%-_q<&Pm{(3Qq-Z6Xx~kIpH(FFACRye=A%M{=M)5@E?TF0rNLCw0}PMFTxjt|0cW= z9L9y6I+ugn310!u6uugqM`q!`^%G{97YnlwA0*r!e1tIj@MDB=2#@cSX@}RT6NOo} zlZE?$YlQoO&k|Ox_>P#zV%km? zZUIjcW_vhI_$n}emqh(FU^<^C0vyDi-`im@R#Ol#v*ELH;iB+z`j3 za0Qtefg1+z^Fj$X3f^Y}fEx$z7dZ^phb|7dnsPP_xJGz?fJ1K{nFoPe1n&=Y=>BQ? z*>`CAU798R3^e^Nosxdmy{6x#P10XQxun0EEa`6|OZr_JB>gKWm-Jsvmh`V9OZqpF zCH3%h4+VfRd(7U;WYXJPk@EbN|n zg{S$jFWhLjncOb0(_(m);k9ITEN~kQ-)s0$a{EB%S;M;w?=j40J=Nbw&J5y4LUDHA z*@`@ua-MW>g@(%w4q>iObGu&vn*>H>DRb+NNaBB^3G<>gN_dTcRKTA0ugyCk^%`TZcAR2Q64=Wou z=!o*t!;XkX2bPwWn*W0bmq(*zM;u-OAzXF4Wh2KN=leK0#9040ss|eLx0UBVQ8E0f!Y#>O>cH%+9oz5qYV*5f zZ{7K`8(&(zBlOONY4?3{c6GG;)$sd~yOPR^x^AyszP)1Gx=VU_x#`hIw*2S;|0hXz zZtK5zcINzN3g0~nH*U*Qyq3#Kcdotmn&Z9Y$9X+w^f>qM@4Q)C)MY|ZSN=W%v;Tx2 z9-NUgbC91AIdw!?Q9&DWvyjLw z=!0@$rXn;Yi>7juot;llf~DCRw^x-#y!_HFYU#>UvyzwKrjV?nB2;^@rj}r)SRYzzl9l_n523A{ZZ< zR-7u?*)%Zu`Oj1Dd-lfNtKYtG-`Uw)OHn(x7udSxXRp1pHSL4)%wFaZP3W<&~MWl^tI4U&?yEGWGe&wC5|^y89CD{a|=g&V;7U!<)KHXzIHAxo2N{d+WaYvbPSCJfZ>a2<7MJytF!KgVAXD z`{7q3+pn3A=C|s@?S;p6@p6-*4O{vb&D@-n|3qPOcW-Pm!dZD!c|zepPIGP16d&5f zDMM4ob~w+!ENe@e*O*sUlyl}E&+J|O>Xr#boilP4`75&yFLTW?zbR*UQ|HCW)w4UU zEkc~k)05}*i`LeJT)g5AXC7TWc1vJCzbI#TQRkPRM^z6+Rj1x}!l37ya>|-I?_T}v zjqw`G-n!xWn$E8xGhLpj>GFC_&WAOfLN#5Z-`4f1Ee`D|i4N^B zd3w!KXU$s}ows)3b(Qn3{&?r0tn0={$M%`GwsPl;tm^vc zbv32fb$0dIg*)@JuDcM`dfnD2B&(yK8>4G0ue)z;<^0OXCk3PGmA5FBSCo-_8eZET@gAxW6`m>$z?lo(Og1#U7yJ7@_b(B z*Yk2d%CR&llm{|Uo$_2kC#32t7n#0 zS2tHriavAATjQeD<0eEGe>g6`G&&&ZI5h0+)U%(h**!jcYm^NJomy@rZD3$ZIx^RZ z?Z7e8?i*esNgP#KoH10I2hXhdIkjgzp199u!rrOe5#IKCZu`;sQ$u6h|13KrT&yQn zq%dQ2-lE~7{n1&pgY&mNG8v@g?Mg|D+=k#x{bI*^-_PMNPwis9oXIt+y}^-W{LAdf zTP3drxsqF5r*%EHgZ-s^4dJZ{T@j9?0P&MYs*S93u(rR=WTx$bv4-UzLOe7hpr(1VEr0ji;CQsnE0e=50uz z*U{-Q-`36{vHh|1v6QIhMd8(*0MO&{mbS%b30)bPh}^Ke@ZU#=<@v7y--F*m3*th4 z@>AFh`KcV%35Ak);~xs8@J2NpN#aVep-9SG+?SffMioj;*~uW1)XxPe!x148fzs88 zk`&=X2doXnMlzoe!@EY|e=>g<78zGb+=YLU@lMKWjx3ps|4EVi@jr#t>LtAx*}@?5 zH2$aU!M}EA@!wsse;0zh)F*k2Pkm-7oi~>`$$#~ki;M>#N%lfcD}yDUoD|~mA{ix& zlI}KAGdN*Pa<@Qz8q%c52>j3dK9ZOe;qlXWNT&+{-y@~*xIyGf9HCWy ztGS;^3HG!45UT|OS6ob2{IJ-=H9yjrz_@-pR}4v!do>c19FL^C`OCac)hTuU610Gf z?=h?5{zEfV`qn8`+D6@ z_fl`7_Sycs2$CXP(jk*)PM436*ie^H_zg(9)-S->*CoW#>$-@<6m(-MLp?&xV6O`Y zTS8T#Fdr%c{i>LLRfq`-^rr^;2mJ-d3k`OL!koyzE7sPffYl#p9u>L`$M(999AD~% z%ELTlxSpCwL3x;MsoU9z;dXdEqR{oPh0ski>96}SG;`~k7ePp*>p2e#vH9O)bshoV zi+$k1epS++{RzDb5B4WI$T--a;Glx#!Gh{hilXp0LfPXLz+bl32Q0T?Fc>83R_=Wen|V(Fe7E^CZ056T zx&Z!8jDGZ7==t|h@f9lGNJY2F-Xwo0Hu-dRB^8nH2ien9Vo%TWWP>kJy@VSj4bDWjJ{VGgP}ch)&jVe{j=&Y;T1 zT!_u@V>6%U#6|F(5wTA*3iLFd=AqT&`ZUj;7uy=vm#53|(4+IKSEXPi`EL+C1K;lh z{QDhzA$J~WEjI#qW{^YaYRsf&J3%U1@7iA0Mpo}#KvJA$W z7IHBvH3sb#>0TF$61rlZpQ`}9;Qc!OOsHQUh^pX=RDQ@nk)RqzK#zmKtQ=PXt}-Sd z=UxG?7@q|Dg4T34YbdTzLW4um6xa-gaM$W_t{vda>zyb22BSoSI%nYc z?H**$8*qz6^?LjOkHm)$<;E^PxxC)N8MD6lbn5*Tp3nmbLgsZI*ax|t^RTlV7lH16B~NIfA%6ab8(C2AHEqe!Z=bNUKftw9TW<g@$_~{9=Fpw`Qgm;bVNv^G^2eG8@d&!`}WvO<-TAu zv#*QOfi^~WqJGC%^mJ}!Npu{X(eXW!i!Pg;I{EP<<@kPJqH`XM4uE!-5+sEO>vvGp zS?ihVv2rSl*8np;C|(C4WTD(_V(($rP^;n|EQN(; zbj(4Fd3d18KGDp|@KPa1L$B zsrapz=jjYFY%#coXQ?-hfgAT}6`eNR4U{*L!5XJ~Is?_67&{bo8{v^K27EBY%LWFj zTh&T;np2p>pw{8340y^Tu?*a!hIcB1%ixpo-NOZ5?t1b%c;7qqW&}SDkXNu2m%LM_ zAZQK{Lg!E=Hf@3BGZ-v`PsSHW7kK&W$xLr5wgwg~g@ju?mTK^TFTx{Z40t5&S_W0} zmF}o#V2^V=>bdYJ=|F&G{s4j2bQP5W*qw&F()A2ahEK+~1kK1R8N-H1k=yR=ujkfO zqoHNS*bqBMi$MvUCK7KLU^INPcb=E}dH40?G4M3J#-{`u&K-yUG@6VDJS)#b-uPt1 z12N}S4xWfqyb_Y@hufexIIUw+&@V+;Z0i#l3;(F2%@YuoNScg>% z)JW@QkDdg&RSYIMJcEJi#+yB*i{X>K$=62CxHbZG?s)va2R`hr9u=zyDjy&`A3|F2 zy~zx?KN(4`8dMOAM-_=TCMHy4eElbGRa|dcOpp6;iwFCh@YH+4;WP%@;14Xm5l&$u zgQpzE%wsFKN%yKMfOomQr&CJT8NL`E$6>(uDc<6pUh*;VmUuCQ-*!5a88D5>o_o%S zCHGLsf+S1^#Ti!8HAvK_QXJS`lBja!R~zDbIAa#xn?PoxNdMEDsvd_fBE_=iu9UOLlq5g9;XUdF#3T z3T=2xP&{M%1bgyg(J#loyW!DR8BjIFshTE1o%`S;-s+9Z){~eNY~8tRy-5_du**5d zxF0^*n{aIejWv)4pOs16O|9Z$%jz&L+Ng?n$d{cc))Rh}R4_VQ3hI&p;~rRNxR+$+ z8H{y!Is?^>*BOLjtcu1?gh%}{P~G^6%8P6+JUcsvh44rOgMsj2Z~n6N1nFr;0(lPG zPB_uTk=Tz58-pS65pTYC@cOnQVrMWDzBeHQnB$b~H9f8{(JHjgDf=R%n86`!T1ayW z6B!gZoW?+P+cM_*H&uw26=Hc&cpQyEA9$2c^LhgF7xtDmyNsTIjRUKX_Z6r<29*w{ zF;Lys>ELOHewINLKIF|$Wym9e7cM@C34Sj8m!)+FbbbZ@Yj|}w z{y7jP=JigadG6e%1p^i}H_Ta3Q{1#@VCmrEhNc+fIS!G}t9%;~H-a~kHCG@=~51eAO&M&O(tVv7(X0w|HEnNF}a@>=Cy(xSHdpA zK~h_n7GnhxD|cl8JGTUOLZ;yTv`m*H7U5D!bF5;~YD|lHA1Yy2qf1;C!>;rLj<~d^ zu$iHFSQDlI(0T%sY+-)dK~9H-y42YTxx-rh)U+;6lXiU9o>*&S{#Q*@Me78OW+NeyDPmaukhnFVb-XoV_gBMz(`SP#ow zJp}(vzF;=U7jhBHJ5D;D)V?c2KMki|8g2mM{l|AgJQvv?T;Ot$Bz4J>&>BKMybw&g zzQU0^w#anvGM*dBI15n|$*4fcVb>h$2RKygf(Qx-he8^S;wmU=3#Cd>w!WNuXbd2u zemFH)ra^gmuIaRQxmo1eb8tembCPr2f9+J+yJ@`!iQ#|EchHfbY=ZWQwSQ-_hxc5k zK7GNg^BcTcj{Vm)Hq@OpoumG4y<%Mbng^FpZ}t{6&Yj;JgP#KdZmvdZyXP30TpmUd8;k>4~b7n@}KW0mgC5M-l zo)h=-Gn0jL7R;JCr=dPthr0re<`!K({-jCKW25f+9xa~DxOFv6O$)$t<`y&M#S0qh znrF?OQ`|JGxnX_{cg>6zpIjC#o-t$LoM4xzVAqWLn&ujf!fjYNbK&fH#mzOfO$`fB z1My_U^AbxQGu3JXIYbQ%Dns>1X5*C|RBtPFv*dKs+?mr&Lva~*Io1+qO5;sudNazY z?tp`|7Pqc-m;P3V*CYmYuEtEFpb(^~u6e#Ru)4Vm=QK~pwimPrZ8&Jo(!}RauWty7 zAkc+9nock@T@UBZ0q^)@k3BM4ST}#}f(5+UD?aJ?=)jV)(vs3cg35M}h0)+%(wpLL z1gDRlGh?ndY2wJ~mBS~VJZ4hW$mwH7SB;!dIcDO}(sq@@M-Syhbac4oa!wy*Qe|7^ ziJ|V-ko$QbOGg{Z+^=kPzKE^9W!jAt^1nWM2O)Yn_rpAWWMdq4s?TV=E0pLML=2eE z`IK{5HDCO6gt!%TI<*KnNW^`!;g<-%i|{C6j&;&5b;g2KpX0rBJQjH{!VvtGMoz{p zmy4^97Sva#=|2<##%0Lp)G3000G{&K;OW|m%hy`eVMs?EGCvZfoav&YoID&pAAS-1 z5aG=Ty9#eZNY~b}ICw#u41WzzJNl^HmVPewQ=j1>@YEj(Pe*++?z5a+AGO=E!}dly ziES66Sev1J>M*2h%gzaqQ->kl0XiiM&YO*1&nsEbJU<8#0s(neDJ7XQG^l^V*sqF-`?hxCw;QHJW*V&fT;({6|@yen(cOBM& z;&_2r<)D*1Q2T(Qu#sAqgWc11A+)K{M#|gDzKt8?-Bs$W`EzHNaG#i|Z>U{3bNY<= zHM1L9NoKJRE(!M5)Yi^#IH%QaJkGY-u9;smXC|(zL4gF(+7LC(nuEgxyU_@}5)1~+ zZotL1BzOof2@dO0ii$zg6pPrHH-GNDpoxE#|4}Hh+esGXa)f$0ph%go7?mksR2hs^ zvU_EG?#qA=UY*44ar|FTU0}>c;&E2MUIF&g9=m9@R|U4|8-wjur!KbXPKLMX+XQ>v zAfr8uFU0IMgRMQhk#_JOUv z#xJn<=LCEEjXho#)gI^IvGx+1F89&32awq|=)Op=6O@?0FVpKO_O#v8UT+!}r)AL% zddl3DGd$i7arc~Hn_!Q>3DwIzZK}P~6YR}9Hg1n&?`n^8Lf|jfZ}6K?y&bUj&QGxS zHtZEZf$8I|f!ez+!QMyMp|=Ir9=|_e9CaBZf?FBd>jkg&9!an_3Y`G!OP$)_*T~A; zHwyMxZnPJLS9>oe*qa7>db{Y{FDfZJ|zUZ-j-P*edwf(JxJ-s!7IA-s| z1bbJ*UIF&g9>WMc?Pa2UK-JyiAn>>rE%&RV9vvR%W45`yd4%UxBcwgvI;y>1VhLWED_UUvvPTyd&*Lc(!3pz%G6^f4dB@Os?o3C9iP1?87$ zkH6or`Dm;T=I5im0mh!2GfpETtcAUfh^tQ1Hz&c~m>N8KpiXFSAiSpUl7#fl?~T5b z7c6mV@4^Io8)x7v87b#M&{ccah&{Gpx@D+@qJ(m$&Fd5N?m(gCyBNVg>dL5hdo=)8E41aGwo_V_;VMHLo*{`kH4c=r~9@f*lU74 z>am>p=%ely7fuLyA$ZuN^h#%GTlcVRCY z-vEVMwGeI>B0+qMEgg^ zQoy#Bjr!FZ=eeto~+hHFu_nOo1=9S4d1McVjJss~IvN4;|iEb;n_GhF1PnB(6 zyR%{aY}w|uHyic8T()`b%trlxSGHO6S-1k-BHJgp{g4LZtMbt89zD$ixD27H#65Y( zhlM$=Yo0SjOCK&}Gx3QsQLMvst)Cr5OGa{K%RN3y`h6)#-i!ME0wJ%{$}CIO;a-)q ze^It_$1F5)Iu8vueUTp!SDL?*OM2QvpKEpT-ixA~WX!3Akk1+9dW3v`P392Rw}fAW zoNa}2Ue{@w%=SS~u0=RenEhp=@N9(V2`@vqSeW)V33C|j4dHhYerR;~9aav;G>6pG8Tx9M+xP{CcI=Cm{$t(|^2h=G-$Y)#1Q-#x|zAh0t>y51P zhegghBx`zjj^)5e3&KId{4(kw;l2o6xj|D6XEnUw(72(R;_^Bhxd7G`-b6Grp! zR+3?J6+(Koc{Mo||KQfZbG|aV>)@3)2-D`R!Yr1}WY~NNA-&psl+1&|ZGqSM+J9=XU=w1W0P9pM_ojl#6avh%a39Xu2Ia{ES+GGB`*v+MD5@DDBzUgu9LBum@@hS_JS zoc+5p?*Wu~-B+G!xZ3bc!}AO;G0gh}wR45xwT5pt%-1EV|C-_V4S#Al1?8sttas%+ z!|M#+YWRM`j~m`**o_xR8UD%0_Z#N3xE{BQVK=9j#KmViF`Yh!PcU3(c%EU-H>~y_ zF#LPNozW4hPJ`jI$ZVW&bHUp0t)M(Rkn_`EWjDu_=x?E1($9HqwGZUHw%P~&&cuDg z=>O5k|7_%cGx7`^M~~aXaDT%C$dZO5jQnUaPZYS}V5W!deWKCfbG62;HFC~7t8vc) zGcM1A#YX2c!u9VXlrV7;c?M7h-ay@omOsmh-sOWbF{j9UaddyV`fvh+EeuTAK+htm)yLpvn`-QjcyO zNNm$hL#Wqrx89@V@f@SyLKgW|hHo%@v(dlH$bU$Nr+W|~kJT6aIOUR_pOMA>FUat8 z{4J{TUc>H_CDGx%gW7THF3NpHPlS43QAQoHUuoE_mniZ^%Hipn$kN6xF#0PDUuJZ! zG4k(|;pyyJi1!$shYZ{G51%&j=g9DMFOVfYuNj?p4gbmL>@#w=o*}mB?0SaXaPOmK zl4sbiTR6bTE68GJ2wBoI#^_8ke5%o@Gx9lPu`}Q3xOE7nE-p3ttBlUKjr<0(*m>CS zZw!BGm}?SfJLyTrKDs=x-YdFw|0E5^Q%Cp|!_9`58@`k*HrJD-ZQo9Yr@I@W-a|e` zx!B)j*saSa`hTHZ?6`II`EO0eEf zUQfBC^CqKzr;$Hwcsp6_{K2qYcPlz<+v@5F-@qP z&y~u(4fivAgkg8Tit8oa7SOLFEV_o;VTVaV|b(CO@{9= ze81s`4L@dhr{P_Oe`EM}hTk;&u3+nzF?o0R#JQsom3pKO>@f2q!?hG!T))9@n0iw&{P&eNnioF7d2b;EBO=2T9q zgTe9`=aA)I%gvoEe6W%CHr(HEiQ&TxA7OZy;Sq*8CzBrcRKqof8w_(@8r5H5_O2Z=!pJaG~;d;Z3hUXeyVEBB)OAT}GC{5=Y!<;Be<+mE^!<1RGp zp8X|XeD+tJ?;8HT;kyjqXLyTYHzpu9e`Vxc|3vM-W|-@rsGO5S>HYR!4To^9t325- zCy!Eju3es{+8i2 zhSwTiZWd z40kh}YnXFp>GMmO;Uf%l{S(#UoLb5g4WDZG48skEXBp;PTxw^T;Y$o(ZkW?*>2uHq z!?zl~!|-Oq4;kKS_@{>5*a)7N=ze45uN!{T@cV{8Fw7agG@U7iGYxaTG1cjAxR>F+ zhWi`Fsp;w37ahsyG}@_C`=HJc@EWyVCJ_P@lEk^PrS@73IRz({$nz8e4F zTscTySPm+W8fJb~?(!@8%&*E_z9hfQm*#z#VdhKaE?=V0e5u^!OXSR#%BL8fX1LmL zz2Qc~O@`+gZZ_Ovc!lAWhF2NB+VC2~YYne6yut8B!Y4~2ln+Fq8yQLl@eC`uYHSC_pMed%*h248D;ciAh*KpKu zf#E{KMTRR34>3Hd(#-WdHJz{WURu&NiuZ?-9(R8$Y1lxy^x?B%pX(LVEiinZFb)%2-5G~ra_qgI&jNgIU=!E=O5!Og;h!RHI}+p!kmqrsO5PXVtI<^j}*`gc45oGm;F%rP$NoB{47Tmvo;W;-bs zo(Uc-d?uLdhA}SRpAHv38_YGtDCfPvc;R!wrwE@9t`=Sbo*}#n+$4Mzc)sv8;6=jU z26J4C_Sp_s2!9`Zx$q5Ou0KYd8^PBJ-wNg!7v;BuZxQBL`yIkR1apjwI$OX$5`G%| z6X9pUPYVA6%&{-(^IpKMx6BR%ZV%;P>A;hErJ!mR7#gj>L4 zgf9k95dIFB<7rIiEnv4kGnn^T^&)=|%=Oc#^BDL7vRrpA6vi&^QepPJR|xYHP=0el z{qA6nt&!RHt`|NSe2Z`a_zq!~;b!3@!4C_M20tl$5_r4tcreG-Xuk^lTj9yzw}kn9 z(_Z0e;Qtn`1%EDF4^B-A>@7&2_7bVJec3=@O?JjRAF=n9>?)0N3y&I;S}&JVWxR8IRgO4 zbv($_St*QS@vao+A=U`zfZck?(2s&|rYOPJ;MvM|eSk1)^WH--Cx-xFrJeJI=?yid3Y{F!hGID(AwxMko}VcsLr=~|BL zUvzCorqyR>3&%A1OblEU-sjC29FOfYVQ}nc{hkhkDNcI@%>QbiMX&aqO|f46^5@Sqg?3L!7FbvyxH&;!`lt-HvER+y@vN2 z<~^AnE5~ruaFO8(!y^ojBeT)MO*7nRxY=-v;Z!SRPDzSvM37p9e`#YUP4PnShE{>YzrnwD zb;0qf9at~yyfd-bMjx7fiyK%V$ZhmO@pilo5;jK` zkbg+lP6U)^Jq;K|V43qr<8=SdRULx07}5@0_MlyS(tac@HYtC)Spxwj(0T=g_N^Bu z$TXX{`Rt%840Na1ycs)tywBeXzo;%iKJLb%>sEfq~ zd>4ty$K<=JM>SS-e8P5a@i7+@Su^0p3_F*#p3R-@gO@_iaL;+)$${pAgn8e!CH)fz zh?hC6JI6zy2ZIYb0TPSaI=js&5JFy0{P)|M#I{?X98V3Mpo}LwYnma?*nD`NWR#Kh)ZuTXr!@s}tSjVgN4#6a zSOR+TZjiC2DW}hX9|^B%1$w;oi4w%AjbYeU=B{zDHw0nO@5k+(0-3ePn=X#4t5ci+ zfwi{^_IU43dn^Y{UmaNE0Np$%FA>D)zH_jx%w7C8kYo7j6nQ^nk2?g{L*BddxV$>) zad~^Eae&^r*bya&(|s3W+uEzgz+VAmw8vX+wf8-+#sPZY#SUJI)#*Ntfm(YjVNdI= zgY09y-3704fZnZ$RAU5+o3PK?+W>pjkTHE(vXAzD49_^F@N}tYV0>;QrwB1oD{YcFn;?g(@Lb)9$-vBmV*P*sj#6-pdf!eDJPB+aGUXxsUl^p7b07 zdauLY+XQiHk0Gi(=D2Eg6vFP1Xt}U{_}FLd6`-A>2xCs|#RLLYe&GBab}#MQlyKV~ zk=w0uj%_{rgM)?L852)I*o{QnZMN*V`||lHSOReucDI0bJ14#Y3cC^RxQO$M$m6oR ziexkWdSQ)SwF7;QmF59?`%31yPsi^_m}}MnnMb78F$kU$I#$9PLH!f$E;R%MP8m=}x)9^gQOAIeJe1+jx48KlB zxzW7|ujTL;u#QtCqq!+}He6tMh~Y}I*c=I_P1efY=c<1)T7`#oh>UvjLTM(*lJ>AItPuHyeJ`@D{_*7~W=hm*L%p-!l9M!=D)bo8buSLeiFMm=F0Xcfacp zof0E2Gt997)gNQn{Z2#To?+w-hG!Xe^UsO?MMmz=X1@>=U%jbDzp>Tk3D@ zl!N(RpYBM*#|pEZGyT+I8)Ta&v)%C>GMW7i$1ch2x9Ie^uFrv-&h}9S*jAlV!+7Q# zIJmYUHuCnR<8EaYrBUa;eB5ml%L|v1as(Xh=D1t>#C3IL5wAAlw+zav9uzH`;H6JG zbi|?gGm_rIklWuKb7Njv&n#Q~_us{T{{j4KW6bRah(msA9fMF3$Gk$Jly4#UqA|BI zREZ?9&kIFTo(}?^y|D6o1QDLq!B|`5XWSmlokoTxlYEJ@P#+-$-v3VY_H#dV(HX51= z?^e3^52h`@D)UAJEEv}SdUyCC@O*f_#|>^w9uoWpIcUa3Jilbvto86%2OS>ksN-i@x~3;{=Sl+uW-I`n zFa&32)`p1?+zu+k+hV$_NO_j2qlK5|AW<3WJ| zkBs52rLn_Oz~cq!a}Ya;gRS^U&23)jLRc3U7Qa@bM%pp`Gvh`P-2HJ4j^DX8U@&5I z(_**oMzDxWut3UEE=lpPjvE~~_5T-)6~zXQbm0XzIWs5pXYU&<=kP_NL}sZ3+`MWO zj$#EvM)8v3sMEl~c7cod5R*Ib|JlJLo^?E{81k~053gq$ndd1TFR%anU{dQ!`#(3R z#LFnJJiOPT3$EJ%^FQ~|<-wD2X?O06^!i~h3;fIU20|zCxLRR604tS_mse$O^S9uv zY~CADPS4BVSa?k<(7j)X62z$uUZRz`s~q-*Af!E(f!cHT;n-H!4B$PQI>l2Vu=eJ` zUJG{89?L=Podwo7K=-{S?@-j~zNHW-bKm#T!oR0VX5V>Wd)&PkBfzbcJ1*}b^|)7> zI6#lTBaITo>9P3iVD0U}15g2E%m=a*vv(6%;{d%$u*Z92b-M3*2&}ybl(gPpI%bcz zavFy=_?y%^BT&3o;!uY!7xtegu1a)fhsx#}G{< z=JufSqY!q7M9T$-IABbPmCDXio!ZlF4Xym^IHtsNiH?1f8&is3d2wNGeQ{tta6F0S z%63WCy8b$iEzLpRb?j=PVLqFv{9?m58FuF-I~+JZkm>X5ufh7v{SM{0-J{zFuk7Yw z6S;fkit?w+LnCHf)qH~zhIojwjzNUfkmDw(o*`F!*Hq2|G%1aEF89u`B zP{YR=KEd!*!>1drH{590mAT~6U0Z}NHahJ4HJ#{YV&6)!-%xoDSj!(6liMT*i4X zam?dAGv@JujCni+&EUHt_M+d6d3-bGfo4F*=AiCtJ?4Rq>0cT1cwWam?)eXmc_a)x zxa5B2aS$EAXlh9KYUb~LC)0Wa#N24n%r|2mIBj^@%ZKOfCT~5-dPecl^WQS&fztkF z%!7pq_sy6`P!6Xe;QgDrZ^k@=lK5uKR{i}cHQ9f|+SN+a|b9nJ3PjFA9-+A1*V0pwVi}>>+ z;o3;3Wu@;8$||jh&KneMnZYkVjtHesI&s8_`0(S`U-Db40Wi;RL4*4Y`R?O>2-_F~ zxfS9AzWZ3i^hJ{Rf)(F(WKt#eTdOhLiX?r@1v&=80hTt#K$b(Szp?r@*namBd{dG7 z3}X%stw0cd4*!C$KL&@c0ta7z92H9Z`h)qyFRb|G$BjU`f8@&#W|>9f22^@?;0Oyx z`rMZvlx0075(NLtzWMmijeZm(ufZ1|k=Umf%s;PD^2JAAhm#l-!n-d%2(CK3NuZcx z@yZt;+Nt@5X~~c;<$rt|^7{)!4ZkA_|L^)XgvH?oI0lvBqmHjSMAB-2 zMoKgocX9S&zbyJXej9QKPBM;-@FZndK-P0F75r})Cvk=R%{U1Q6Yf7TPNEe?`|O$N zir|&GJr3^;IVi?=MU>O?J<(Wr^sg~j4~oXN;xX6-e?-Vn%WkMG6QUgEbQE3l9E zcU3Y?I7tPRwBC@^n7s$U z8izJGM>&6guTJq^2yFVs!QN)bm_Gdmg6&`{JmZwY)9pv3ukvlkBvd{-4Ry3Z{{lR3 zgVmi2y$anxNFBPj;FY<35A@is)akz0A+Y&~Ao1G%{@%ACe}KKcY7C*;V~8dab2%u4 zD1_Z1(Q-ji9q?@kzlq`vj5@Wa+ZtN=*ZJEJ_D%Y2Nc`Fxdu8D+4y*@`lN2NDFRXR_ z&9@=J(~FLuT#WKj-elN)55f)yZa2KX^M3`b-zNNla`^`2Q^RR!tSWaOR--QHdPA+W%g&vy$$y>{LMHC3ImQmfzWS5xE>3c{p)z) zcHmQl*$gmd@#z4M5sRGMy zZaCiZC1WqQGG^bzv6sGP?B!4ydszX^;42jN*WZl2bPD0ODv6WS{L{a-;dSl*r(-Yt z$^O@N?B!ql^5hCT_7aS@gx%1J9eW8zV{{yb<17Q_Ws#%n0sNb1qtE(;s4|~Oer1)_?*t;@)<$% zaV6N6%U2zTiQ>k$Ky6JXn!dKiVXiX?R=ii@AaHIP>}>~q z**FaE4Zq4bObsfZ_wMR=T>8Xu7_LEGp-Q5|&9@A5`w{4|U8&Q2ybb~LuCDMaj>B+` zsl6Hrq1s~@GV&-+hA4zzHV!ikmHN#%OpYlz_F0`1w!64P?^V7ThY6b9*Wouh|L$=Zj$O}1f2U(I3x(OY={O9>XLKBfef;I3!|U7C!hOMO zg#QiWGlR?jfp23DD?jWje;c!bV~7dkGud1BK2Z~%@Z{%RE{Z(izLEK1BvKnmx+xM~ z9tm9&Ntqu>Zo!M6L0K)2_}+}H(jn36v!WaD;mpdct7k-8&dq8W6rDFCIxBQUcKZKg z?@ZvUsIEUg^WMuwLdeD*@ezV7vLtK*qJ{_<6cr&XS``9>r3Q#0C|DF!q)@TNrIl6` zq^Q_xi%Y9jYr$H?7I$rJwJo){)Y3|;w)!v1|M$Cd&b*TigJKuueloe=IdkrrJ9qBf zxpUr~I}@%PaV5sk{BTEc&bF+Ud)c?La~9is#@W~wV@EGD%SEeEe$QbE?r$;wLu~Tt zSmn5yYAhPy+u06=S7s%nNYYy_O5qrsgm0(rxSH8ii6wo4BMEp;RZNPsFv7uWhm|BGcXLNAQFTpyvhCh7i;2PTUQu#Vuq}q9Y@N}t~ z)scke!idvM9}3OD6~yB4*F6nwHx!4!(D+as8afk;Ou|B2n1qFy;u$F6YL`~*WL$(L zOJ&(_izMd`0Hq9(MUhR|S*ss|sZPJ8m;Jb`;kN=R=U`z+CbBr<6q$is3Y;R>Tu6$2 zjdAm5LjGTy+9ii>sd4^x2 z#se`r&EW(_W3jmLKm=DW>W&AZMGW_05sETvdRV$pCgY05N_#CHGpptgQay=3l2F`Z4y zoO$yqYx>M)FLFWcj2V?P!Dw8;@IZlGtD2b0IOc{MMWPs?#L-8A2h4iI>}VyswQ28J z8th!+Cbk(WW0}75B{%%ZjAFv<$!Gx6QcxW~!TiW}s5eU>7>g8o)97*wJYR{84ZUi7 zQ)|!w3}gz^>0~(W2NGCq-mJ;iuVyE~kyF!%ukEw#S7U2{O6Xd<(TEGMu+hOecdS=# zD%KCd_$GIX507tRVInl;FYAVFEbx!xSJM+l`$6BVpw-k zq2l$>i5P+6CH3_9owbLUK!WNm#=1R@HSo{Gv61^dkY8;A62-+9Bek~*Z0&8qJ+lxp z+B=Y6Z6OjZgN_EZSATrd^RPEq@`oY{%jE}PO+y>+!rpyGptwcSP=_G{E|FBRheHqT zZ38onp8Gp+Qu&=q4MZ+GC04!mI9Y5!G^pMS5U@efa4huL`_!POUxz@M+ZI4?m@1iV zuYhrgVaRKp@awjbZLH5cCcTEJ{C(KlOOT-ZVvMR3h8J{ z*XCQE$2_w!L0E`I`69zt7+z!ePQ$-4?4z!$9XI!llvO(9T5g@F!;^#1+pwK`+0C&m zX(virp1TU8Ka(svUo<)kjLs6Hvy9Bf7=iv9%>#dISNTmwemhz0-)VGyWON=j^2dyv z`_Qy(UzE9fWwyJ@T@3S{t@1vG`xzc$_`kvb#|MAS^G$|tGyGk{?s}1iob92erDt91 z2{4q~GDOoG%2_8gZGAf`Xa7W*ZLD(KaG_yd*Q(RYFz+)e=e;!Ys?p!t|1S zPnd1|-NJ118MF*}oXWO7*z;awbnqxRXuv^?l^Zy)-{9tsmAhYV{sWjnnUA`zFE*)P zEcxyjW@?ITjKwaCrCfurY+?M|PL7{j_F#5hU##zZv6#pDQ}e~L@Eh^P{sv-rQR(SP z_+lT!T2sE*S=5Xr-QXhi#r}Y6;)@;5#Lshgv1|A*@WrwZ-lQ+~%h;%c?dbLle6dFv z59`r^hc%U#RAgFxU+graIV;di-vrJ7v@iC&gfEtDYr+@Hwfer;F9yEYi>Sy}$~bMY zcGwq7A1w-k!8HVjeX&7d;6EFBHi&G%*%%(kf6EKg23}Dbeu0MfbL)%!*drGC>SrX1 z5sQucV(sWfH$E|X;E{~#$8FqNU}2c}XzxGNKH9qOR2kG*XLzBzqfQT9v>5u}yt4;z z(VB6L4V|)eANbT-m<@V^8yTSa5#u2b`)GMZr}E#&{@7hOI+Z8<@LXN$=L!0IEZHES z#dLxFVix#E=@mnVY1n^fpgr3J$DFjGkCr}FHu3ZwQils~gQsHAJOI5lSl9>Fp!QsU zOofO?z+O3G+GAeS-pBRPu7$n-gpYPJ9CC3K0FUEP_-J?FURo&SLbr;R%SNy*=jQro z_rP9reY8)R9Vl**JRowRFfUm+aF&CAw87;CEGdD= z{pZJj*(=pR9fsGjD0BTv=nW%C&~2|^UF#w@os9=l>hZiC$VdAa?CoU&32KjVM1_d= z;$+1k>;Tqs$pY8+(Pp8Z=9_eC&xjma`C%U|&YV6>yIX(Vo5NurZBTorB2vHUEW?L= zv_bhC_R$9AFq?Hlo@M#CuS_3_@)d?x8K&nzb#5|zo8iMgS`-GtSS(sr?CU5`Hq5@4 z%BLEhVYu3Gt>OP=A8iqiLw&UL*Ydp!`fi7S*9-Ihe2ef2;O`2Tg6|bB13w@<2E0|6 zKHcrYjsqO;=6(+vxiSB^-4?q zqxg z?+eCafK#xZ6zfH4@XmAc2pVy|*yP87!FL8zScfCO^P`U;PMxs;6WRUFKaaeK#50=a zzAgAipPF6^I)?*SDl_k|I~m87&UF3}OvaGT3Fj#9%$49%gO>tXB{FEtKhj+}<62%1 z2|EnwSo|)TTM%7_C36%0-GHT)Zp?Z>B#4q?V_`dcHSi#Yqw?c|NE?1*&<;;cNql55 zp3b44cv&d%iNQ4ciNO|4equ0P(xi`eFFj{SDz4&Lt!3Spo-_3mgRS%vgIW5C!R+9} zhder0VdP7LENxB?H*US#BL7&UFv^rs9+s%LAhMpoo;2k69|m@iF>;gLY86s1x;S4*V%X+P1;2SK@qr9$k&veto=Q zpD2Hf_T;Q|&PxclXuvJ+Jcu3RFC z4ayAKxw?Kg7MBJzM=o^6fAUB9@w!2W<^555jrsfZd?9)06X9K(=T}1+{29&h_py%~ z*F=cb2Jhm^+&mTb*q>v)Igr1PeO->#(V%!11lHa<*yB4tw8wJbwhS!n5NH~p>jS<- zkf7V#vyKW8-;B!qpjlVF#gN(kc8C8aF8gH{LihVsu%@AzvvFeL1PQur71pi2vaII$ z`W|5+f|8y$WHrp+55Ss+MpnZf$6aVp+ya5k-*VWif{f*?el3>sHY`k2 zgoS})Je%{b^JzHwY%?^_2A3DG@E)(B8hV3u1u=CPUdN)$_07;@z0#oDUV*?K$6g$V z)<1S2xQ)lbW72B~=%-5RZjzRd7dhSwV2 zVfaZh%8=n%EIM}1U2E*IBfNt}$2vw)@0Ht=B`v>A$h1t--RQXQ5sDptKTq|C8vPTE zKKG|OJg>^`kxll+woT=o4RM?t)Jy%59z{nSkKRLU*Koa!C80@7T%U$913sC z!8%tGqp`G&Hb2RVsNQR_2`9|#`8Boi(68eBGUgT71G!k#r-Q*jpY7pQyzBA`WBhON zwtNQIsU7WwmJS5&hh`B@V9Voxj612eAYV@ z{ua)m&ps#Z@zIIp$G+)CEZ9vLn(J?=g}vtbTlj8^2E{E9=sD!J)v&h+G4rQ>1?F!X z7N#k}!tgI7YL36991jZxK@#_$Hn`OHw_E_d!S(dG>Yf3O{Cm)Aj=!b3bNs&vdwY$2 z=8b`I(9dwI-r+g^gL2^isH+)v9eq?2qV9*egy2AP%dxMP@VB@QOI?2p?hZT;hy5+V zG*aqgIqYu<>epd^OX50Hp9b4=ZPSvD^9JSQZ+N0yG%!!i}9(L*m5zZ&yH)81Hfq))Iag7ANNR zzr{r<^yk12v(7~+bdfqg%o%{Xei(Wd#Se2WwcNXhDHj1FZ6ap8OPdIPr{Z{*Hj&k! zV7yDmNG;fFQG$PgABIPD2*$gl!c1G5syE){>yWk5jc&XPB?zC-@h&Xw1CDn&5(*ga z5?fCw#M1P57nUl8NBS066A3n-^pgI%H53iYlhw=G+XIIqBxUiz8vTx;r>cRa64VpfG zu43QX`SYt5^j%b2Id4Hl@2W+`MT2@*R?X~NHD_AiS<|OC+%TZe;6DBO&Y3s8YT=B^ zL$$XCyI1=jToLloA{^>LPjH6P2|X|v%YuHs#lCvGFw*$ z>goC7I?pLXFD%MjuY!|6pYJK>!hXl8SkyMqy+ao#NKhMPSXbtz<*>)+XFlIEFKTZJ z*xFly_2&3xw!&U>{4&qN_)D;#71GyO8taAM+(*jrW4 z9>=W|LdJ5zA%*3#5v+LtdY8c-RKuX#>W_n210_9g>?dnE^Vl>Eja&nJoI^x|;uZ+( z@ot8_&5$vF2lC6bNB_GyewiAae6|@HxL+zo{o`|j zmJ5$buOaR`6`9yekf7zl7*!+;MYtH^5O#n>%LPT%U>pqnoB3g?y63=%>ztd<^EjBJ zP$=q`k#0tDIZuzS!rs4+B$%8xVL`EeGO zmU@?!`ZcAIX`jrGQ;UPLg9@;USB#RkyGZBpXYVEwIp940=TIe<#K8;)es8HiG{ld? z!8hW^+01mw){m1M`f-wtA17V>I76X-*pKt?A5X)3=V3oiMNL&@-_MF4=a7t~3H&&J zY3RoZCN(l1oWQ>WKhCuc{5W-8B%wov{*r_8;NW+)W_xhz`Hoy+gnMqnl@pAYao>je zh}WFxV5(hQjjueq(K$Sl&(8>(INAz6hw&cD{xq5G2Ltc#hs2Nb86085+cCN+b^IwT zE)Cqqz&;FFpDpQku|f3?`*9BYaab=7`*9BYaiU>s5wsN1I-WSTC434?glN!Ghk~fr zB4k3;jT}peqRzu;*XbclghM&LhWC<$AE&|inmXTZB|4{=431Vn5)p9|whi zumFqt8ZI-u!th}~j^}ZNz#;VGxX)8GcRbF(0sWgj9;b)%&__;#_w#zT4MYT zU2qt`ga3$9_yQmNKJ+QV@3Re&8^1FW5RTt@A1lem@3V$lZv0O2Jfi!KV+vh59LmEn zK*7{C2OP?i!dI#y<&kIvhZg9Uhc2V?$o1G74E;G%Tt+{KBybtAfc$lTLAu7Kx}m%? zG!8h`4KvB#(l{M6hW`8+5z8#|_xSfMEUk27*1ICfW+_t25IHAuKX#M(Aou|+ncv61 zC$QvT@v?pzky4zfoY4@66B!+g zCF)(^uP3+)=1l~-z_VV0CD|*#Ha6kf;5x)QkKCxZgo6-a-KfhPB=DZyxtk}IxfIcf`v^M zS+ChcT-)BKdP&^Ck)*j~(AAowv+YGB7xAAw^^RQ?dpmz&&*s0T?Sbsd# zZ7A@@^cEwb-7h}N<1K>`?l)bwalc>1qPBtF?MM_SNYHJoux{;*L6@TtGTP&#M0@m>s6F<@H4V_qMxXmGBT(ETX{h5up6BfY(4LMP zV*a*aVH!R6kHFQ_oO#6i;$*Se&_EkpUcka8MZ+1;vyT(hVR#*jGS^o@Zx}&>ZhHmm zJa!HHa2(X*aU5to)z4sWuO>pQ_86loh2ii#;$cys%gCCM2+`mRMxo$f-g9Hyq<%QL zzc#oXv!2lRR)U!QYBFz63?FwqRcEG!9fs~$$ZUh@!TewQ)?+pE%*F)aVl2v+8NSM} z9cT4zBY)0t6c>QnNh3>HwFGOq6;LiGqOalO4VRN8?PM_1GOHYiqiL%QpKtW}ojKL# zI2_gIxKOouC7BH~!VN}eli}Nq4!>^5@lTkWt7Qf9W4 z*)}V8Hr&;4FT-qSRey+K)_;|cF+A4rB*R}YJk9V-!}AR zhHp3gfMHI9qiLTo{EXq>82+8%w+z2+*j=-7Gs!Y?+ycV73Jmva&k>scP|o|D=B>UR zmB)=vp<%Wms$vtS^iRpY#ymoY)8*csKI5*zobetRSc{WFp(94BTDu{2s*8oQ=6>9W$~noq;$x)NF9Lj?;% z1AMMef#Gvq$0(At+eIl4A!^F!I-4r7qq zt{8Tg@VOpv*j)-Q*~lpCa~&1>Tt^w7>nY-M9SQya8lUTFjrd&I4kmoATtj=a5&w8G zvNA_b4}7j{=$y}W7a)gQoX?eOE*$o`@)M5#jXqa6T;X=r^TfvYSS(HXT)Dl(Z4ce2 zY(oQ4ImiWyXa%0vCfu-Wv?ES8+;!-8p_uz&9aDcRWeiqkeX!idj<$w-&=`MieXSpR z$fEVN?onUsfnGXo!n1k+kL%T+vd0wz-s(PG9n5IQ&;?u1DcY=IkInVPCS0%1&8psB zV3Vj|)65wawH2C#>#*|0g>$QW*H%ocs$75z=EM_+#=B3inZIBG->B|= z+DY-^KK+XN6!i!);oLTHTvE80yvgou>nWq>&7AK|7(a5#@Y3<8kC{+Da>|&|LwkH4QhQUt*4`ahZ;rq9I@tS9_*-|twX_Tw=5g@(S&!r6 z`diEJkW>gew8z_~+S>@W$~jfN`NTZ9$bLlK4c>ib*yk&XM*2=o-U zNE$>g?1sHmY@|JU)ii(Gz)Yj(ek)FDbNsEnQ=8{+Jso<3VPAvh?{x^2x$Vo)8>UKT z+bdvOE_?Et=WqQf?CovD9{0&cP{SUatT==nAkcEj0?Q+ss(BeW3G6Ouuz6P*V=MnW zzrV_EV8Y+pVBDkos4rb9hyAUdHEvF%R0UwR=;X@u=-W$ z3{bx+eXQ5wMn!*XF?4q%GW8LNn*AOFK6H{bm0Xa2P9 z{kzis_Ce&0$cs6X3x56xuk>?LIxbx7kHyhU*g82WIGVBXtMl)T7u6nfZzTC|UOZl# z@!T=jL`Gfdb?blT%xRHP)4hMx6wWM&BoFca(J#GCPWsH8$o67y)Smq_OCu}Bd;b_0 zNiOx0;fcz)774e{M8eFOHIeOSc{4AIB%kYT|HJ-_d$4827qNx*wpXDqbs{9m*F(~0 z=G~DM%f0+)xBfX9f8?%fy^OaRFZPn3+n?WsNiSv6TR(koDQ*Z+WS^3j}$yYnG zE4}1vz5H)8-R<5ncSp8w^iBeQ*Gqn6|Fci*>)tY6^zN?y+41;0MZewJ=Cb~0U|j5k z6%X$3?V~nt^}HULll@cvI_kdt=cHuBrfpc-J88{`?08XLQNh;kk*E7-d(o13(bYxq z8AV049Ve8O#*Z2F(yqenc<-$RkG$7Ca;D!S^OV1?xb0w)zw+chSQwlM8)y2kG9t6|43aJoz3ZWs$*|=cEiBFeI{lc^y&F zfUS@%71`uSS!PD=NnIBwAK}@AUT%pu;AZ4wVVHO_6>k~4J;&?k_Ru|Zax{bWCnGYp z@LF5}J)-BNteCUEk*$}@*5qmXWiPVdTl|b@QPI>Pk#ka#zo6TKtfQDqitZW`NuE$w zUNj&J`9B@I*;f|r%$nS@FpdkzogH@p#Y?U(iP!dst{Al+1%W(`z%lIWj(zaVBoE*3 zd8K_fpOeyN(^Ca~Pa4;E)NvVGle~;b!TimW{ZT`xJQ&JDPv{r*u>XN90ZqN4cz;3P zk#{^&(02qbp?>}5k7%T3)b_}P(kXvUFDRHlGP&!1Z^_?#;ACLm1w0mH<&`Jj8=Tp* zZ@*Gxe|tXnI5~oHD~p~P9nG?62feHZsfUUfip<>eoju?z`g;FFy0ew)gJJ*;eA(H2j8Dx^YuRG_CmY z&hba$!F5%zVf8PD_3Skyqep)4j6kGuYVnTFIoq-%?XJfw($0S(Qt+%lE)vg(bo+YS z(yEdDsz&tA7%i7*L9dZze!OsN>iIh=a<&ESD1J@C+g`0OGNhe%gmH3$&`41(Ql-DcIZ_zS2nj5>o z@12pHgfF!AMqj*J65a#v?X~XXN3iNIje3Q?*VgF`^Opj0b0c0-GPPq-e`x`ZG1kTR zu^}zj_uOipAHiyJuD{farRG8rI@pHy+V=PNvDe-$lVjYNSDYNl?cs8P^@!IsFF!dc z7nY$Kilau1LrQLuQfFhHe_YGtJ_##PuWu5J!GC;QMsgG}(zMD_inZ#9!cFX_DTDFc zzDbfe8YXVhsw4CxO_;!@ET@pl{~dA2US6KRYCfIa1{1#^!mw@`{su(1mp~67}P$o}U->IgTO+U4cbPI`hJTH*U)qfd)F9(mdb z)L7@kYicgsGTDyE1wLA`Z>C`qpu4UhUJM6I@GeeCj2T-UiP0r?RrIT|uO%(>>-as` z7u5H5=p$L?uZ~#12)kXu_IM0tVQZQH44lzq{P+8zEd6TiCWxd*Mjj8Cpphe%j97uTb`#Fzu!xEaw@^gN`ya{soMGH@ z84o+|=R}$2a_+pdpUsbJCoNBb^38sBbuIRD1+8s}c#GcdeL&M zCw-a6o12e+kz$@(+zFAFmq3wX7EkLM{74e%$1?PC`J@;bT#5ft)}cUca6)ZJpms90 z`B`NDCSV(!#VkT=T#h*uw{5-H^V_giu;f`3?Jj4UuGLNy42kvEjlcs$dnE44#0(wg zRnGGKZY)SNKVC=J>+W_lF24XOtmJ%<^N&W;;T_QrqGGD5{K(@V83753k^h*BV&y7U{sq+Y$Klvm-bXFv zS_>Embo_M{$Wb?!u!YYv?2qf-2a3?)7JnQM&YA1Z`5+-?5&7k=(ZHHJS8ODD1d2y5!+P@HA4HbDPAWfg6@-f@Ve)QRx?Bs1E1Aw% zE5hQp4@!m{mJB#0_DlRf>W9$xabHDXljg5mi59AtJFr}Lm>aRBH?Q>8{?C9yUsOuV#gQ4X8ZTq2+9DKsnJb7Ra2Un2A>4q=r(YYM zrqg`ZqlMfs80$wSAqDi~5uTx&AnyMT{tfWQN0va)gT*rndOT?VT>nc@FJKXMQlTrG zA0tU9NtDfKB%I2fO4*PTW#epLp|&ghUxl_+=xo14+bT)eUWtU9q)cs-6Sj-jVD$qY z+ceZTR~GNXPVWlOztF9IF6TNTuv3um97ZC zCYr0<+V`Ekt+2O%TGKuMYQHPeJVh;(?={ZeTh1QqChgrQ_P*sTbYO0==NsJGP^@_a zzW_~oSsoM3Z#yeziRLD^c9GLuESi54%{$z-Z;9reZtVf5xfYuA;&en;lgIr7x4++r z<`3Q4|53B}MI6m=YT;-ec1P2J)^RjH3G#?FuXr!CW{IuG+b?^*DyVe4V_fz8m4q4MJVQ}*b$m}*O}?WZ9Qmb zHcqj#6N|hLp|f>7pp$NJw$7lwH*hVKTLHTA(r~%Ti7;0)u$jl08)55r1CfnKfT#MKJbV{S%4_+Q|j*p2ho{S6rk?jK*^{o^Xw9n>0I9z=(2C$=_EnYhu*zh~us*mDV9mM?#AKLp9g5ao*R?dfYz`zz(Ooc=%6&Mk zrGTMtVDmkAirPiBudH!uG@d$-YL%c{0BVf2#((06P79m7)UN}N<(YL|HTSP8)-q`p zs@ZkCa@6jmTt7XXa=sFr z+|rAt218Mcc zZ1Osv&BR>DsvAM^bV%6YYDcq*u1-E*jAru5>1Vn;9FgP|=Tfm#I?6f+&DD_uM1o9C zz=qD|U1}U<0TZCgQw!H~AOD2*iQ}r1v98#)6i)=ZJ}OjAs`uf~ZgK=kqjRa)UDC;F z50m92o}8XmfLD~=5g=VJDNd$CzI)4&%W5C93gx~ng3RH}6e(t-oQrwT+)F=`3s~#F z>M|b%gsbl>m-$|#-PNTqGB7AJst*db7rW|nOn9jEzi~QP)o@u#c2OCb-J!0^Av?zg ziCIksv>(QMCId7)3{+%P=5R9pyTISn<5;lOt>YiAF-gGAzY9!AO`}CQE+UE;v9lZV z7A(7DJ-`Ka8arc&ctz_O^AhpBiKU264G{mszz!u$F{(u?<$F^Yxu@Pb@7S}M=9m@V zJC_k3D5Ksbi`F|}>)?%xBFb=hE~8dhoC=|hlaFH*cX%$NE?Arjf&F?|VKh+Xgkgc4 z5j!r(0HZNjTv7tNDM-qQ&z4S3sCDx3jMzUxQbtR#I2FP*PClLyJ0?(J#OFJwLb%Pz z$9)gcy$;W1bRQO{LU`E8$1&RJ@LWbuVR0&iUpo0XM!OuI%jl0-pt58=A%dnKa}_We z>hN4f$6;|Qgfb@|$B6w0W*5;7Sey#sMkgP~XoJcL+nxMeMsGWu$Y_5cZ~l794H|RHZJi zW{qQX6qX2Hp<-Mdh?%)`XL>v%b`CJVL;m_{0QQh^>cy36Pzfpza*9x^o)5Cg6nMO<;wJoM>(!>ad6#+tr}NP4^)>h=5=dL zar>A+wuo`CJ&_fzR|MOaFy=*V({np7e`ZCSfry)(DabALmj>IHFy<9+(`zHa^x8() z^whse(lcfQVbgQ_4S{SC<6wIt|7<=U2(~X_yffgiD7AUv{@J?haNBEKOkHzUx%#Zz ze902Vy8;ePar;w&Y!Tz%I<9dsb&V;mx>g7$SX(1|)VjR|wkNwTWr1t8_8?sgl&;FS z{(&CVPMX4R87yDCd(6Z}p6eU9$0~A_^Mlu%MWN zw{YZ}(Ex{MGjdMrI=6ZVol6|L89?V;^3G<&qi;BQbQeg`jx$n)@nLTSLN8D#w+iK< z!U!m!dLSUz64+N_VCRNmQV_Xr36Xhb;O;cAn{))0IF?aZG{gY~Sh`{vghfMV0CU9d z(J?ASjJ}-fU!kMux?b!VIX4VqhWguEqXjR;LVpx*6Z8~CS>Lg+yVDK}`!2_0sl{>u zmTRzFhlO2=Em$7LvK0$E2QOlI1IwFOQlq%Eu;gH&*EEi$0LuwjhGQ9vWgM0YEYq>9 z!Ey~2*6rJ|Jb>jPEOcT077Ht*-ZX=wX?Q%m2CTm7@s7wBAbD4uf<*)GgZwxt1>W zql?mVA(o>}yx8!vHDQd-Ov%^Me|CA%zsGm^%=+T#kQ zsEVb%0J$&417+yoc%$y9gQ5+~At=I3Y@IJU+~qSD%K;wj0dEcV;k%qw9SVy-Rf{>{ z5%{jWg2D+3GLR&twSbOp<#|g@OTqu(tA&A`@hrt?Z&#wht7geAmsaOwr!z=&SV9eT z($X^OS-yX%OSXeue%3thzd7k{UFz!pZ-aCVQ`{JAe@(YD|2DVREltaU=&h!qFJzQKy+&^Ufu%I<0o4jtk}GC9a0}(M?fzu9My7s7vwZAbZybXDE=p z7Nq}{o;B`2xPW&B+8cr``b~m#w|}0`7lM@ERckz>fz79aEqB$m8Ps&<|FOXGkKA_T z`TOqM2DrGN3Gy85UmFviwMbeT{%^a)oyngBc2jw|$+cszwfin{m20Qwi~GInk~CgQ z&jd1e#mcp(lgG8f=G%jOy%1;xv%u+g<~!nyT;xhLll2IBU%iAC4takk>KdlkTr2vq z8>Tg`fsLj(Tkc}Vb;A-c|I^S@OEjl1xs5!?r7mOm)jyO(ToLJF0Wli#ea2F>E z*%*EuV$T(&?mK9)m^8?xZN2=&H6EC$Et*m_Z{b{TM&*K94=dB>&*M9bo_s|#{MG|r zc*H$v3dY~gpHT^3xL~$dc|j#cU?kp*Y;W+=@B#m=(SVIjw5`^z-U;3;2?!+$Doq`rKDBI22@V<=h38wSkc96*Fek1cx-E zGO&Yt@RXX$iWyTboL@6z%A9#sbC3~lUd7x>ukM_EwMFx1&g3mSP@lHAwlY-zH^1*$ zuP|9c-faHxk@&Dkn0FpEPlEeMYaMAlE5VtgYVjbPu$t;A3u-G+(2cwe>rRu}tS#ao zfElXJGsF_ET!c&^u14pj@|clRbk~hcqnLO{7w4U$xu@HN3+AwDKvFxm+EvLZ+#f7Y z*ONJ~@S6j;Y3#_Ka&wuW5k@9a~VW2*lKb=y38y3~y4DKQFXAm<`pRD??P>4V| zndMA7A7WvkoXlSdDCeUn1Lb7uN3hV1%0M|;?enpffpRjQT%0~1^#+4!laI6v)FG=5 zAN%+iPMvK=hpgp8M=S%=lF_$y_UV;npq!kAn0EdSrhPIW9~r1a#*Z~FEgv5lC@0gK zK~dbu$+|B-Rx(hZ%(9|rw2_llpT0u|>XWrj&?m@1Ia%e`gPB#z>GxyVQuTKH!*8VS zSnxY*sKduu&BHH@oR715EW5xAv`MDxf+D)m7$_$*ro5$*lQ~kL082+Ow^Q#3FkKpy z4+PVVLFQvI19ixn|5J>dOq;ZIrje8TK}I`Qg0&pzq{DBHPJX?S(_5#<$Po<;+%H+r z?@x?AT@kE@-0yo}EzbxV7Oc9obZK-G9X`tIwNEz(1MQQw%=v2u1LYdDU1ELazSOP@aexn$o9z>hs*Yef3$ecrNbu_YDl0u2wbg zUmR+@{*pzVuH8EIQRE#F%O&6>14@E+p*Pl;p4&38oFwaNZy45jKhdBzN+D3@wlO8a z90;_>YgFyc2HX5i#ya<-L2XQjK$+V%lz49V5$&FJyNqfAfsJ*e!!(VuP zJPmvH=L5At7q>Fhy*FU55Hanw#-jH4t1#{He!-B63*{fWf_1fVk?1)k{=-eLKdfhO z=QO;Ni|w>`Bo?*zR6Tp|#yxMPIUj28=k@H(W`l!sM|+)(J@!jA4aDBXU1TgKR}ggD zZvpmrXV1Y;J5tU_66Wu(Vvj$gF|<1xW321tk2cxYWvqIyA!7whAc5PsM39#4mxk0n zL0?JNsl$*5J!P(!Krc>^pxatO&mPCV+8_@sm+n}!oIBUEHx>3ua4l(2d-?V3^;#I{ z(Oyq1YLC~vwvn{4p+B}Gtp>Hn*oeKt<2-LF1lYY7$3lBqSXd>kz2zrhlq_T#)Sj+u zY~>B-CNUKq2|oH8Y8kGtO51G9BX#a{OrOb3VTj_1N$;(_AjKD!vm?MKzK*R9?u(SW1a8uq4axt_>%mc?mUZenEi zFHFA~*C}T`#qHAZrI24Dyd3eR!g1uE>(r-@@yo(jA?C9Y|FAihWVM~HtYOuyEH!p|VyD!d)>Plf3> z+ab*B?-#NDF; za=Nsie6FBAeXzF+)7Sb_GW6NLl2!j%k+Ur%tDOB(+W9-;-J;VDI%L&(OLW-g^g@|Z zpMJ{;hWX})$~p9i9EY8=g;yi~z3{7uUlFFx8^ZM6aZDQ1(nrVJOrCTx$mxanhfsip za;P{??@VdXU!4I?Ixxz(c=np{5MfC@hnR$d^SaO9+$j~2wn2YL{kx^C* zW3c23vt3f2ER3S{rU$~}{`E%wE5o}D|Jm?6hMn&~>|Ed{_VqQx>kP9U z(ERXuSefmBGW#^j?QqR1cQM@G@X3bHGJL+_TMU1nENv8j&(LdRJLS1JID{7r|H`6$XI52qNN(~ZtKMqWXd{LeMK%;+o!bH5xi{B?X z0@Eh@qF*sOYYpFI^f!t=pWW^?I{Y@8=6{FL-zoa+|NqYD>@oazqyG=lXCE~cZHd}! zV>q8I$JocnhZ!z4I{fsk+L>l}w$VACEOmQ{(Yb;wWwi>-vf6{ZeckAM%jn!>bZ#>` zd~;m$d_P(C^;4ts1X=d=44C_3+xZ8h^P16l)9CPxZ#~BUGddrN4*SU|=m+V3IlqeP z#|6i`zk~`$=9(pZx0)tM~u!d zjLx%0=a-_xw)`c^CC{%J{XZM|2V^;3ej|%{$VS?1u;!r+S#&xWoi0YFkJ0HTI(%K^ zc%yTo(K*TJj5RtFjLw;&(*t&98Tol+ss9%mUPYGU{Tf;NoY#W2|GAlRX^ZYOI!_q> zgWo64gbyXyN34}<}<$9 zhTOT&4F`TM5o9BH_VVg5F$Iz@($F?_7y5r)eQpKf@(;j;{%Yj~F7^9c_V+xF#V`n=5H9@ zWB6^uoT*FoKQzqW*HoTvn7@;$oUbt{cQEXJBa?h~HS#`&=~L6RLku5hc!c3H!)F+# zuSV^hZFs8TS%%LuTx)odVZIZqHZM24+VC2~ZVa3p?+r%2(eSN?-NZ1Wf0vQpZ}=g@ zj~b@GTJ!d6!}MLNe7E5@48LXgZNvX(_(Q|V=x3-+`n{Fu6IAYOxVzzAhWi_K&#H3l zd>u{goM`xD!>1XZV3rfYevplxpZF}4S&b*_YD8o z@HWFc4DU3|*A3M^eTmAi8Gh67`-VR-?4Fk;|9oCnJM9g-=Vj69YUJ$Gs6Jl>R32z} zgyAy7V-1%ZraxNkxaVluubU=8nDZm3&Jx4R41diqKZK_GHyB=T`1^+MG5nz6pBR41 z@NhPZyA2u@V^Z2H=M%fN;zKoo|QWo?qv8V!#xcTHGI5b_iQfqPd4(i44-Rw zrr|FdzR2(;hF2K=is5e=zRB>dhQDL@0mBa)-fsBkhJR!DcZOdx{HEdmGyI|9WIV%a znYS>^+0<0-p7Es&k23O}hTSv1=p1k4qYR&Hc%0#hhB-f*?styi^9?UF%o*HNf0f~@ z4S(G*=e1M)n+-UT*5NM&r#uX zaUNKIgJ?%N&Nl=72(Xt%?Rv*P+$|Y~ZC>I8X z`N8cjWbQ_v-`#IsXp0$KK82Z2)rlKsK2`4WBY9?i^jKVeM9%!Eyo@ZzGRE*&!{vr2 z8$R3cY{ONCs}0v0USxQQ;bn%G8(wL6wc#~}uQR;X@H)dA3~w^L+3+2Pw-~CBs^J-iXB)0EyvXnp!^;dW zH@wF1b%xg(UT1i-;X4d(F?_G#t%e^pyuP#yzUikxn3`u8Zu@EC7_@DboI3CF?o=~1Tue5G(#@YTYDz}E{8 z0pBQmJowwf!@;)+j{@^M0XcHKthdVBh4EPKv93~%UAwVKWERUWMb1;Ohb(3Fu3^?g z%JZN@UmQ6f+(MW>@*LsLVEW&v(*;~0d=!{-8g1SI{)+I!U{1$H`8M!3gdYd56aEF5{xs@54c;uwcAfq-%3lHBEBq$- z0b!2o)o{H!pi;(Ady3H&?ZH1KZW3^4s{OiMraUSVEm{}86n zd!KMSa0Cq!^*J_~v*D5B;7nnTKgtt63fw`M{_nUjr;FrolT14p%;~tuyeAA0J{~+& zcoeuqnBxRS36BAf5k4I}PMBi@CJUbno+4ZUo+-@szDk(mra22L^T2C&kucl-rNZ=) zuMoZlyju7=@HN7`jyVQ~cIX#hFU)KDR^jh~?-1s7e7Equ;QNI+2jowL9{_I`ei*z{ zcq{l>VP4-a3hxAS{0#H(6!=x)XTf`fe+mA(@QdL0gy~cNP?&8%5*k0+`6D<(_ziGt z;WxpZgxNN5j1Bca0QVG*pzah4CxHhGr-F|cZUG)C%rVAegmb{-ggG7FWZ`z;DZ=#4 z&lHY>tAq={HNtFH76})DmkM(X@Csr2=2r_32VWyx2Ilx29@i=04Z>r=w+fE~-yzKL z?{^E+XV0-ZOnWYPt8fLFV|6I!G=9$t&j!CJO#eN7fYf2zvs?I5FnxfOUk?78@M`dT z!fc1=52VgD;28QLWRAh0KahL_m}7p(H-g&=ZvfLbNI9n!GTGH-Ya8_X6J|%=YO)Vg6RIO}G@yFJ;i? zNbnQFCxhufq@3fReH9iChK7Oh}xs-Ua#( z$v9lEwJ`f9{K^L98Q{*sba{0X=CF<4!t9gu7iOPih%ozICkV5DGEz7WK1H}Y_;leS zFvm6JNI#iAMlvFAo-kZI9(|0IGd~vz(_OYqn0==e!tCp=7G~bA5iSIOL%0{1!RLV> z@c4ZWC`Mra%x6LbZuVuYIM-F5Wu*E}NA$T5)#tHkpMRL)GQ;JDr;?FBhAJ$|iwrL( zGqVV5uqdxHyxH)*WYhtMtyq+I8h+96Zo_*G?=zf=zJl7xGtB;?%GnoG9&DI>K9!F( ze751)hHDKkGrZdHTEm+R+h^y8jNCpWKX2r_4DT^)pLt`rKWYB64Cfo>bA;*)FkE7o z{SVcdY}h?}%K387n8NH&sQyaB>_e!0gW)?2-*5O)!%rK2*)Z?ZYV#e#Y%o-wVVL(+ zm2=u+W!^89hZ*L5QRU@^ry8y@yvVTq4Vw2VwZne0@@B*A538K_73H0Vc`s2p`?tz_ z4YMDsa`s)7*)WN}|N8oN?N;!Pv?}{j zbc-%sIs2Rb)>LnlYm@8AqV<$g&(GP0&#mJ7u4%>jwI}7I^@ihh!@R9A zFB#<(GOj)4)Z*X^ul3RQNwn@wX)rD<> zJfDxQ@kv`#T%JQlTIITFFPPOjE&rFZTDNlhtw48W;?`uQ1x`CEiHx)=*R-CutV>fT zkoREw?N0VRG>iqrP#?U^cnsCo&5vQX9~*AZVw3(~vHg9Vd*&7Y{jNT)Av)MPJ3-=K z#83VUwnhBZ3n7d|l6aSkL{hHDS~U3fXC#*LI=7`J(K{DOO?iiFv83N~EtYa!5M2Rb zEY^#g{M7G4mc;&DZRnzGW;ZLNj;StTKiu?n2*L-Xl1fOP7m(^x>mK`?Xz6}gGK4ip>cu>awV zF-P@v650tG9@u7|#C_#7cB8)mqU1**Xz6+z`Be7laLN1uDW6GNx$ku4yF+Z*5!?J8 zPK|z$K&?kYtw*5d#upCa0r-3^D^MGhP#YAe&8NbNED)dG!d53?jir*wYrsE|>06yQ z&GScahne4@a0G>cy%DtMwaj9c&T#wMK_la^MkB58#kp}V;TEj<;}QwSxrA9BwEZcr zc0hrbqQ8ze=|<+d@%Q8qsIS;1}V zv67R{JXUZUy<9mz0QeQd@t=;U+(H07ba|2UW6`T)$%wt^)n2lfI~ZH8XlzUC(b&>J z-)r*%%rmgz@YnqvN!z{((NyfF?Own=fOfn}cq4F)V3{vkJ_C6#m!aXB!A^5>a>D#6INM)7y_#|(Q1E)iU@R$ zT@Fa(m6Bho4&RMx!Yb=q!s-cVtlHAk-HtFFa2{bE;9byu`s`m-B(*ch_&hoJU$;(6(*u*@40-_0d_?q6^etE;fWKBoD=M`;45dw%~{Ff{)>0pdCMbmmvnBfUDnrjxP9`9o~=A&%L4gVI};4U6xg@ z^NG0Zgjxj8z8nH!Rq| zh_{De1F3(off4r=YygBIFgf0u9KSw}&4J1B*5vs036tZk$wd9Cr@$K$_t}`jI9gDJ zadk>H$kc(4lQ*p3a7c&bIMw9%^$C+r9A`ZRJ&eS0CKNv5aeiLT=YRG%QH8vq)|J~! zq1;>w<@Qo2HyVl(Hzq$}9a57MjLCzoLy5xv&z;W^C@FMy5fZmI-tQQW4Wf^XMa|tO z4>sL!>^$NXvU}XvH?b-|Yahen=e<1R8J&&`Ch-|86h`H-EZI^dYe6b)uggU zKizT?T@8I_&!1b_7o}NM+1GwKgqGZ&v$ zLEeM)IdiM41gG~KIIwt#JFYs$oA~a@Vw#o=BF7Gc^7uD@uqFItP9mc$6ZajJ#J6&S z!?0c)6w>$caX~*UPt1cXhebEr}!2M=n`84w$gV_zs9S5`cC ztdl&C2YtSp`@ITjlGu>e{k#M>B(C{}+k(ccq1;{M4aIDi8w^)ba^mTzx9@=(Npq)%zGWg?ayxValJ! zaZE+bdd2&M9>?=wYi}pk^ZLG87vXKz^(_Oc;o8V%*RQB1`OkC!fYwb!Gb zJ&wa_EPs69v-a*a_Bgao?eX_p{JHx$B9CLU?C<(&V`x2ldA$OMKJ!O?wddx`p&6=;38mJ4T{U^=^fVs?q*)#5>$`x`q=%h#15yT6UO~^!J_+JQ_tR<+@SpG z+q<%!y*EmOZ*I_DS7UEeJ$rY-9)E+?fXy!OM_rr0)Fd25!4yl!zCZu`>EI~5(9m3QLrv(pgk^6*3&CRWiL=A(V^b2@Q>}ah8fUn z?0Ekq_Ec{j^fV8Y(H6sQfGwAdQHlDDsuLc^KkC`r340vdr$O!gt)9Jd*rOiHh5OfX z<}*T66C>W-F?d%*MQV?+*^RdsCx00Pyx$gLp}j0DtdiDVb$7gH2AKx6r|TM9dBbmR z$Y3^6ZtR;GYKL(YImr~kSi}*RGZDD$Il&LNV765e*Mi&ad9E%}5^QISoCr}obrs8M zu$?VzB1F+b4wcnlJ5G`b{H8`}o$YJ^6QSWZHrN6sLez^VRzT4@HI(bT(i5TKH#T^s zB|_9)DRv!=vkCZmuUVsgdxp7g8bD}9>s%RJHw~5Bo?g!$8e0>hUT?F;^t=KRA&MG& zYGT!$-Lvbh&#kw9v8?mnkj**tYOn9lQp31?W8QJXFd@Bj%acdEN&b`Eep= z8L;+HpH~^LYcjew&bN?1cAR}&3Ss^^#udTYhdi_od1znc zE)C?NeaJ)m;5h6!`)E2t`_ha!`;dqBArI|~+@*m$v=4b`9~|1pPD1;1EFd`hkkdXz zdH5IF7r9FVd1xQ<&_0;yn8xSHL7<+Ga%0HAqGPXl&(X2YOt0gTS>N>C44{{bPCD&T zpG;k+&(1r7)o1>7K9SCby9=}RDm#hc!1$k49_skcVRW{a>Hv3-);EEh95Wl z92xC7!>_=4-SPcVok#eehB@d`<$P~k*}bD8b%XDBs=Tk^0c6oR-pEfha=ss~Y5DG^ z=FPpYBKcfl|7h%s?>MSH-(OVjZ}jiP4AcNyMenC}Mr-LO*$TIW$DVf{}x%-yICccaYii*li1*Y;u`4E?aE zj%#~G?%H1A;YMe?;Yo(iH9XC5m0{i!bzc`6c5Slk>k1=ZWtjItP3!K1qJOKAyLMaT zcNzH)4FAONPYwUv@RNpLH2kvRKN^1B@cV{8FdSn$FL|R6QaQ)4^972|5k}tG@X?0* z8XjbrzBskd5&X(y4No%s1;dqw=NPUw?A{TTd|qPYmlNQkw0UYuMnvI%Z7Iu=35M^<9s<{^Ft%&95<@N*Bq2N--dE0!<^$r zR*h?D|Er-}{aHCx$sEgxY+<@H2*8A4%-IY~*}>M$_^o9%VOA zwCHml2$l0K8)esb5*^M>qw-FM`HqeDi#Q*R^09_bFg)6@?NgN-`DDY>40G-WwLjPJ z`G)zbkLrBc@K+6AV|bn64Tjn8Qaj%@`~$;3GQ8FBqlWpSk=k+nF?Jjf{$S*<8g}1m z5*<5dbOddW+TlC1%6uD1`(W;!Wa;B|G4gJPIlqkR4>UZ?aEalQ4WDLsg5fg_^Q9=Y zKi}{LhA%Sg`gM}$l}7$G!`B+V(eTZNHyh^sGMWdzo2C4SVfXzf+3yoZ{wu>T8Ggm^ zYlin4e#h{?4DUD0SHv_wtqtcJjvMZ2xR2q1hKCqF(eO!zPc!W1o|a?hn`)Y$*@ovE zUSRlQ!AA?7mqg`rD11uhXf{%ZC4G_;tg4 z>rVAQFdV}@N9FEYRH$XX=CBt16O8;s!+e8M^K+)*sfK45 zo@cnm@M6Ok8~(E4D-B;`_#1}#{-);V4#W2tzRxgU^HlvO3_ox9MZRQ3OA_+7*A z8|F)+s^7}6`!1K1Ex*g9I=BQqAHQWYWMR=hIbEFU`=ZNI`;GaOqkb^Nv1p&95Ul>6 z?v%?tl)eM?)f7=K*Y5zzg$GkEc^gK#FfhyyZqXs*aKrp$7Vky!2Bz_{7W8~f6W``nAGx_N|thP-yf3wx@R=m7w1G&o9)>@*JFenFQ&RsDoj&l z!u(x{b5Bx-zblms9}Au=JR1B(vgCo!r(~MFK$vB)L^uxS^C@+BOq`B@%=568Ecw4l zn07dZf^yp7^C>wF-XeT7_+DY!*-n;Y-ziKx&kEDdi^6g6?}VA3SA=QjU9y~)e+ko$ zk20j3c2b1nVET&Mat}fBI1htcabzkhbv|`8AL$Two7qP?Z!WTPbWF81YITq!q zhN}!OGQ8aI8pG=hZ#H}{S?btU!#fSXXn42by@vN0cK#o+nTPYM_Tyx!hrJ9BHaxh=UQ@VgNDOqFmsd4 zwKRr1X>6_~-U1rTwe)2QgSnQRJ(+9C-H#7A*V0u?7|gZg5{_d=(C1;Jf9U2~a(iiF zuBCr62Z_0sTrMh@i^Fp*1%uf9b%*C#l3A1fU2`qnjp`S>HJD%N8uB9nKSKV$!*eYS zO+Pk$bnfA~mN2-_PIZIY;RZqbUU?UwyT?M|@LWs(&)&NLR#lv9!)xuGKte(iLXf-c zga8TVvJ(&@5(xnmDhTF+m!hyq!lechlb`{)Y0;|13l^kG3k`^US=n_q#X2+H>0Tf9Ly|WcEDs&NJ^^)~s2xX00{j`QEX$ zme6&W))GR~7zOKlwRDPLZ2%F!lt2I-GpLGdUkL=>DaALy7~!+6s}d3oHC;qDQ#Eur z=|j~uYGEX!(q*c<<(oczO)01H*jh_ns9a-WhwGoTPEH7F?O`KQ$CD}9fLNOU&Ex4* zeug!|khoqaCnT9Uw$_q4`RytH|J~X=v7=+wU*q(nZ7M|nls4p49$RZk9q@nI+F4U^ z*l_y>lVpDRGe;1+Z<@d7TGoFp-ee^H|J${eFf)2=ttGQ;(ovRX`iyHW+0Wm&y3hO$ z@6#7o`X5?INq=rPrYvq(0q1=BEJEqRl)~9)fjpj^mx2V?aJKq8^-KUuDS zMOvsHQ&&88Y-2o*|M2np-?i2f7d-mEaK)vzmc~d&q{LnX%s1EQ4DE_hjZF(zES|rp zEwZdBPO^0Qq860Ighm!FY-_qGF1Wd+AqXAunjun2BU)^ zaF}7~g|W4g7@uK`cM`1DS0!>d#yA~J$6*G9l|J^BPG3E+);AOW?()YzQ|qf!`uIAA z)3+=^-`PjewD!Q?ukk4Q)+OlMqV%OIegD<9mv$l%Wh$LgmFQ~oN-u>dY_uX){Y<#--g>)Qjr zyLJIa_5Dg=%BSLjy8tfr@tW!My$h`M@x7Ps^!-`lz%k}FrH|KLr_a1M1HU_u_%2L$ z`ht)%jx$N<=oi4l{Bg|S^bG+I|51JGkD{-Cg1$zjkMAxyedc>CrH}8-beF%;3HlyU z`nd9l(>Dz~{G01KoTIM2RF$AFzbLj=%@Cz;f#{yNKvx%{;y=zA6Vx?6jRYbt4d1ts0Dy=1;6V}fFiw)WDdgmjO#_7dN5(&^re0xZCw zjO7>(>&me$LEq8VUg9eYTHgoN-LJj$9|`)7w)PU=uhRN9Pw9T`CG)##w6&LhC*^RwqpiJk06g~B&Kzy+rN4?k$2;2EOML%Pmt)AO zvG$CnW5RfS;yaL_M$OUIUgGzAT3;jdeb%*?_>P)0E-kuBj1Aho&$RZ^`hsI?F9pn- zqOL}HjXSpXQmi&uALwkA`5#?-$;?;CdP-a;?`b@65M@&DY>6- zD}d*$Kf+>;hkTr8&irrVa6W?TByl{zF~hO7m+U6MCM0sU3v{JXxrqZl+X$~iKD0*19?=QT<3Hs-F`LFh)P*)KAf|wU<1;yc_+7X1d@Y+&RR!fvAH^>((gZ{iAy?ejYiz znS+VII=nBz`?SW=BtottKQiZP+Og+~VL(gWov`){>#5nFWTVUOH zJlhn$T`=|RAcmfM;nF%i_Y<>W!aM-$zWdpw@NU7>(*xGe!4C}Ewp&w#eT&1K-*nil z1=1e^m|WOnYcF};v9*^>bMTI>y=3QqkFC9A+rzQ7mux*8TYJgY!&PwHcXhlDI&7|k z^6lNXl>82b?^gIf6y`jn)AO*xKUerkg`ZRSMTLK_@M{VmTYCwW0ds8aC0h^2)?Tvp zaBS@*TMx(9Ub6LYZ0#jm569MCvh{Fm?Il|e$JSo5^>A$MC0h^2)?TvpaBS@*TMx(9 zUb6LYZ0#jm4`vQl9(-p(+!*l}b=3c>Lfsd`dgi3%3!5&+C$@31e9^~BoNMZ91naFd{ejF!6EYFpWt-XW_ zgZW>y_L6Mwgblp0{8HJ83~Miis!(iHOXL4`%|(I2U@n%r<9VHk(*wN^(Pr=3|Ka41 z{gX0h3`@Q6@yNb2Ukc!?-iZj+)_o#SkvVzD(9DzzcSoK(^MlFRyFw=I>|J|5ypU<6-u?KteVbmtH1u@nV3K9Wk|{6sqNx;3 z-C4xm1^KAVC{9mjuLE4>d9wn4C+)j;Z+mXjflEKQFnd=RsUMMc)w7|4-4tjVxuiq(vpe_LM_1a9C9EJ1h8| z6C4bfI9V@;oaCi|p}gc5Ewt(jGi{tq$0#h7bOMg@gpGsBkTy^_+s2t46_*X(z9WTDuIjJac zarwZ`U*`23*7n%2m2Y+aG8AgeJ8f9STg5$3MPFkJmmav{UC;9t2ECeqx3Jo)nc@we zIyf(F%%XeW$lKN@Z=RPPM03sCBMGKw=grHm_+>%ndFj<#rNI?swr$J8fo-ets<(P= zE!=Ga2h<(!f=uhTC&Fa(Z$GUNQN>RSe&>#VTWNMte%tv-?}QQ?pQo&socivSosVHf}sLo00!PcoeopAMK)jfxm_w=f&8bf2UW(Gp} zp~olf{$2TL9x7tt)=$z?hK%UEYr*i`(WBY|-hxoR7pQ7&y}PwFY5kYNd8PjP^$T`R z45cT1Kij*ZFDhoocf#xM$lAK~y&XRaf4|1N{%heIYP}QkP8f66<`>ZVi!)IE&%!Op ztQa;cqoySbm9?;?kCZ2~pmY}BDo5QFOd>(#lL}@>D*lxIxAYHuX86}aXR?YB^kNsDehg_+v%MCQ~D&WVX<^^q^Hj>mds5r z-Cq*ge~Pq(g{6He=BF(x&X|=EEf!=orCB(-BYPxW)ANddJG^^R#qSD+wYDxmW!Rq-qdttU$J=7aKW>mGHIJ9>&P@MU7dGuBsn zx@&~#2VXBen2sfw)Akf+RH7KR_;cUL3?eTGgZ>l?+$GX)i76{d~nRbc9aQnVGjOEAK3{^}NRd)m!td(uz!+UA4YFPYQ-b zH5UAG`miEt7!_|7{1Wxn?fGi8q-PJ!4CD@eD0k4)xdUIx9q>+W|Lk3@=DPKGxifc14ov=_%w3hdkarZb?(nA@ z8S)+_Hogz>pP6>*QA2G&md~AHKHX&b2iG0`JAb^NW^S>+>1q$B0R7G|pP%MWNeJgV ze7t{lCIXOzzSYB;iF|kax+LTD&P?hB-+F&z;F@3<$eBw3EI(}d$w%_Jr-P1j-G3nt z_o}k#v>NBSXgWF2X7j~#bXg`v(+MT9oErm(#R|GMDT(#4-oGX|5z!fjU;jiL9lr~u z{wBOTjL`mIy~Xb#Ea0b%q7z6)^MlhfAKch_i?1>)CHZ*>vEJej=}SuHGkYww$fkjs zOzOD=p~*?iCA9U2r^hPbO|U&1`QxRGr_yJq!;|thbR>SUlE3D^0%w4i@k0bv0%lGI$Rt8mnDOK!rkz1Zjd9^K7{csO zeP#zhCV81uX3=CIsAwROK}^~bkKk-1hsv0vL{5wyLzAs;&V^(>!(_hhKLV#0Kg8(4 znoC7}nR*}Q^*Lj9ofmjHK>fi{kY_h^G&_OU_clcF|J^?m0Xe4uu_*nPdj1Zkaa_L+ z&%ehuy}q*{@H_n5$cz9Pu+RZ2^*fjdV_#%rM=tjKRYtZjiaH!(?Q8+R|8J>y9!uvx z1?2<2j30jkV1Wutut)u}tpbGt}s8 zq|RK}Se4eAo81ekZ5=Y`CIs`*v4vRtZG;rt65?Vn@8R?woL-^Wb?NiK(x?g z%2|;Ou({RrnbOtfnsl%6nUr6b+v)k&+K~FZ#S~p@L+0kL^!)2=$XR*p_Tgikz$P!x zl;k>}nF?%5@`lf6(YM3rMPU6c-$X|88zJKH*#J>K4%T)`dFJQifEmwI@Qip9KRXdJ z5{LO)% zBTz6CcojIe8crSJ75cS-)ken}Bv6C!uOb``fLq)2VkZHm`x2k>yS>p%x0ltShyQmxQXc5a=<5%LicL#)9Gs z$6I@5oEyy)`ZnV=$hcQ910ml;$TAz^m$5`^O+*IIMew5tzS;!W##cw9XuU&e)z$F@ zgq!NHWp0PpzZ^dvJ34>M`#o%#FJ~FPEoHu(WqwA=Y&`F|GLt{joQ_xW)C(aNtKe!z z|2*tyb`Iwt1ld888xQ)RK@f3gux{$74&knT*kiMPmK#}O{jdVAu_3m8)ZW?>P1jr!eqA26B^9 z+gUs~8Qv@4HO-F-M|PHZ{?E;^gLq_Tx#$0azGsYYjOXv64`Uv0iw?#NXL zdy>A1^r4;qlAd#o2fn@ZaVM#f$kbEx+-*GYJx$*W^kKoBXXxP$nj>-EJWJ0QdYU}{ zSMgIef%Dt;!TkH&$HGtaVSQjr+VON7T|&A&Ec&Gx~4PvkEG5;PF4=W2QmeqoD(K z5I4oS8a8|_2!B9Zawll5kJf~<6ne_ov^hXQUOnIQ`Eh`0+m9ilS4Q=`MB-I^&rk8| z8A|=H!y5gEsh?jdM)l{Rp<4ZGp}HIqy-ShpF&E&B8fg0diOA(xUOs2Tax~}<^&h8Z z?z%S{fhR5k7<3+fxc|yHQc73BcLjZO=-U9_H{mP27T_s@n*q4<2}~Jv?|{vR$3NcB z#d!5Z>Na{$q}~!2Z1mE0|C`fL#5|Z1*WlMH*d&DG(Na+ttYmZCq&|~Sj&BI1+EH>yiFL{7 zQ48(_hh=SW9L9H7JrKe>MTu%XR8xbdB<+@++&Fmr+5XGWV$O;0qy5FsiAUipaWvC@ z_dzmlJtCR*`vH8W{pRDyoA%4Ey!Z1l3h z8ol>Ay-!%Z<2#{qC}=l8;g~OY{`qFCm5j+MKZYtfJEU`e_ z{X7c>mmu)l{og=|>3+sTwdsCl0fgTGx_bZ-;cBTfb$Umj=vo^vwrekQUvmFzi@@hd-9j@Lz& zqhx;-S%H#qs*Pz(RI;HWo8x35Z`Apaag&ID8D4|V0D-66YeGouPUlH@PYktUr=-2t zFx{;rP$1z_AEw4kf6e<0CNNzHi3vO;;Y;GeV?%$Q(TsnU4tKT19B}7M9>yOV!V!nj zw4c~9YeIELXK-l#Ab_LkvNH0fddsMud`ZV`bz&JX!pwqlqQ zs-c|2x1ZtM58;OMQgd7R8hjOtNxRg<>We<2!rWP2YI?g#@SlW{@D~kxf*A&HFw9Uv z2+?@R)<8dN+*Furj5R^5jO>L=z~Sf{cZlY?RBsMxU0@v~ycptsZwr2QK!v&A>*Jl= z48Nbd3lgiV7xRCzSu$euZxW<)(YpLo55`L;o;K|a&z}`U)y)!6fW{h48@1sTV-VV`rvxyve!b97tyAGdV!cihTcv+x;dAm2+%I|U+4BniY2H7OHP)FPc3$YT%RpV8L`=$Y%y=v#`Ql;gZ$hFupQ zb21~5YOj$9!u(!eKP?Rb$)uDH@qnfv)+t;{-}XgZ)UQIoF!U8z-oUb zzGagXN~1np3!MUdS&ML!g;4`-C_cqEp(e}y#wyQoX{eF@F}~A>jc#M57+B($_3h(l z_oy21)#`yvZcwsUW|sXQYyhspL$r=K?$DSjZWM5QEH44X8z%9RS(dnXAt9p3jF+pt zh?gf?84B<4Sn_d7@>Ob3G6H4Kn9+CaK-|v7s)6c9U3Ho7^+7q&hXJBNl$qmNcs1mK z0h_oQ%;=#~4`-*HV`?1_2u&>^^R}XkV!6WoBNL15kWi8arP;VCD;+D97j_9@q@z@u z22!5p*Y{^tkCA*zHH;;(24Tp9A!1u$W_ld?o;Thm!iW{Iys&^L#q@aI1j!nd4ngxf zS>+VvoG4Uo?Er6Oj67)|1*eqwlLp#?Pc+S85`%v6?D&rWkuC?5pn7W3M=TEhh=g5K2UEi zEJ{O1axzinWTMK+OwygP(dt#SbVlQJ3(`xc>(Z-_wn;{|5$Dozgt<{d5u{^bQ8jd= zI*ME-g5IVF)=XcopzkBXtZ?7O~tQE zfz+5b{H}xrlTNx}o@ava^F`RJVG&A)6XK`<32( z-8rzy-lR3&kS;>rvn6|{(7O!qB3KrK?w4ahgq%=G_A1HzD&Uq_=ypK1BlK}DYjaR% z>@m;?!|W}jnXzXxCKevV(X3dal=5yR=&cQO5%A^) zO6c&EH*$CGBheI{C|iXbY*&cx8j7XxI%^CmQin*u8a5(MSMzw$<;=6H!!Ny4&=Q7k`BRVKvU=7(Jb z=Vz0>s@3Qd2stN{&%dj|6IIr48{5mX7C_0Sbf}A2w%E+OM z_9&EbhLs7@ErnIB54VCMiuNefHVhUC(U}B$nPA|2I*uDZJj^kKIyw~w zo=?YdW5YuTCE!}1}+U9fk<-UGW6b`LDi6lXMl0pjqY#*^Kd4Z!S8_{jE~N=^<>-uq#n zQgWVUJR>-5=eq(x8CyGBW)5tzk~1AwZs-1Y%I_m`z#GR7-2YofZ~XGTY#a~IZ#NrA zcyPSZB`wREN}D2W%}u3~+ZwS!L`&(CNL%B@kv53iTPw=Pjl+uN4wiPbv^2Mu+NH~j zn>)+G;|)R z`SPZ=k|k_!?H!GcO^bkWSb&!|(Ru%Q2Nqh(b({xf`_po$V zQ6hoLzbjGI`@bYsfK?S&u5?p*NvQ*jJP=%yI!KVI#NcdcT(;_CznAb};4s|YD>c>C zI1a}4i{voaL&C$xQy_NmY^>i0Q&D5!e|@zH?ZIOSW?!T8nN)_t%jDLXwrnu?|9+7) z2uonY4+xo(Kx#h~g{{{$8mo%G0i*W7T9fciJfEDbrzA+$D{Gl9swxoNZcZly{nX<` z_~KfUMaUWm#_}0lZ4@Po1kD6xA!nt@d{7F@WImN?wBKclE(xJ@f>7H3Hp*bl{kOIF zskm4eEww!M29-oBrzTpBB~etv7^pBFv6t4G24?#((+kLP|J0g6WZPi=ZXE`H8>_!S zYId}|E~jfvE|S<7OwN;2`wLoULW1T{u9A}Z!Bys<_ArMtRSs~pzr)$XGWDP~G@Q3m zOhJ8iplG{ayV#r?u0ivx2(Vuc{&;OF`qE&MNlG_Zdj^c7ydrPc?+};ssxL`iE66styAN!6pwRxQ_ixzo! zad|P`dj$cXGtOVuvbw-GmtxOGMr!R%9bR+G z^2H%stz};?v*lO(%F*-ZpIU#$l)4$S&zL`-thj=AVqcY&%%v2#X?a5n1|*XI=+a~68;^j?^A(IDFT=Nsn8w(%Z zz)On3dOm_sHV%8XnWKTZngN*4V@vLrZD2 zx+j;9wa1#x=E$5P-KK{5v4NOu*k%f9nn?SKg&cvFHt}B(OB!6u@@CgeomS(uCvGrj zwxf$xkTeQ5W9sxyn=)lWsGy;(rM;b_)#5Ww3ze0WhfBhR_L!PiRYGc& za;y#GrXR@{kyEGW&lkSC8|;qHdr<19i*cmUKTToI zdS{D#iIQ_B+wnPX?KoSMoDMJ**{kF)EBub)aBA1Z<XK#nbVNqhk!Y=Lpdif#t3$I?TqV;+p&&!@&Q}2dwi){k+0C}K6{dVO^zk_e^|3d1`tAab(+3aJ zamMMp0|JK`)`+R!e7Mxt8`kOjGU97}x6`AH^F9n2F^?t9(Rhy|j6Lz+<2?gTV!Cc* zf}m*LpH!IgD^U)Xm*wD9)Rp5+V6E?7c)HW~n#6%)%x0x82NI|6BVes>Cp>Xi7#rQ= zTUwg88y@O##$jGzHE$0*5l4dSctap}n890-Keic`cK|HISpE~i!+-QV52LNP(GbK@ z9pMCh6ETe0iE!#0Bs}WlhooBHozUk-O9+nYo0_2SBj|e-;nc_T*yWF(zG;0E(IDK_ z9JHuD`;rAE*6hbKs*N}ysqc7Lr>`|Z-v%5EcjaeH@@V+<)M5IYG4z`Vm-<4mPTv)x z55+X*5$I$7opCxYP0)8c^i2ne`to3%zD)`G_CsF?;m$aHT?srk(vTy;b-eE;@Iv6_ zcf)%ifj9LiJhnIdn-LS$EIA5qzwlgA8^N2&h+cJ)qz zzUOe4RK*ibj8lCuLEn~z*y{vOo~Z8xSf}rk1bqXB;p=YK*?{Nt^+8@7W>Vk5!McDM z663uzRc7E`V#OXURL0<>-=?uI4 z@x0dh=54^s1&}d+R3KY_mMyJ;_%CFt{RusrHRl&HQwz$&_T?IiFJ*BO@@GOAT($bv`I~1WSDXhf z{Rb2LA0+to2}?d#cyfk*&eYIwOwxz#C25L8k8fadkq^mHhBr^2fhUQaCi4aBTem@8r3`pO%L zG5(~v9@fb>6N~(2Vu`y&$+r^ArT;dCZzmT1ol3rgSaja2`Ai`` zj-ht^kuzFh-h9A>VRMQMG-DZJ>gX$S>L5;&b7Zi{)8P`Q$+<9!avUS-WAfCKB{)s; zf2zn?y~Jsf&zT}00GBvT+Vc#`i}3@)Vh}TL#4bPV3MpqkiCum;QpiCYD2L1B$zh&} zUAj|5&U_N5$$2qHg2p1!Lk0He~_swk(h*mZbpk zbC8)Z+_A*quq?zb52h@TN6R94t`$DZLhQ=8NaQRFv6HunoMj<)`a4A)f=lemScmI* z4hqDlFbf3pHBK(1!+S}ZpD4^vvYnjw?!+wbF9owsc;8Do%lITQ^e+h5_ppii9_lTy z#C#&dPmIZD+20ln=)EVH`dJ=wSP#Um{p5?B^+4>}PZ8zN&pIAQjJS+P>^P@T4$d^V z9LJLr66`p$DFz8uPVD42i+m^K#7_P#kv{@CvCHR=M7|qxV#j}+avVE8J@=C=-Ve<8xG6VJ&xuio zdk}XVuxlIBMZOnuVyAPi$e)Fr*va|*5_R$^{9@re2M)2*xmM&aLQd@B@^b~o<#pjY z;p_*8*m3yP6FGcpe}`~h1&7#i?x7qUKEZ#0809(u4zc4rBAo4TpA^oU;1D~`t0F%H zIk7u0J`(wRkQ2M}HwD*Dru6~j#A&?9z>K0C`QcjxqlNPkKrRBcGUD z!w04@d`W8v{Cx$7h{4H+OX~}t`E>ayB1iIuVi^8dxU`O6LCng4nF#ClA+I8a&Z%%| z9e+BpHi zuOycKZ6i5?Hz|CxVCwG@O#QrelTZEk5<~y}aA}?X2Z(d<1G5vhui!@&-Xoa$pAk&` zyk3(}{RfDl|4q2GPX8fdX(#WIBltswJzRq*r~aOTdjRtqO?e71pBYkr2rjMDpHD1p zuYerE#R`uVO#NI@lpN-n&-sYiHkqEEj~|$HSYM_WIcMx}KZOSpkHQa3F05Z*pgE5m zAE$0K?l^^cnRlGi6|PbE9EBGsyjbB@h1V#2gTh}|_;!V#RQLsjc^qBd{-Q8fQg?D5 z3x{7uaQc5$(^cvL5sk#l{*g}|;)xLomfDE`kC-ly>E3cp1x{l>e% zuHWd96w5WGi3ZJO(Y=xIAypCA%&lNOX-oC5wkBBAzJBg)F zdj#0^Z)X3=5w;#)B}eev3cpV*dhm5klyjWI!-z%yaA4}^xm&I{6^b)i;d+J5K9Hj4 zS|z`YSjxLY$#*IF6H0zi;g5(V|9#QnIUG`WG_mx_CBUwKo=mya$*GDzN6F7uxIuB2 zDS4ZcuU7I)mHaD8zD?n~6n;?QUnu;X!hclwU4_|axUys@JXqlZg~us8RpB!go=Yrs zyFkg8DSQ#J)a@!@)-CS`uTq?A73T)Uxm9ttD$Z?+^F77+q2fF!9DY*2M{$0o@bilQ zSA{XsTIGYu| zMRB$(`L~sPhm!wL;fEA{l32>}G%(A;`_O|*{34iigRQhLSYeH0#~a2~Ow zHC5ro3SXu0oeKX_;X?}d!F9~(9INnI3a?c77KMMT@Cyomr0_5dfSmsE#PWP(ijp@f ze1*bS1G7G#!8Pq`luNzcuJHF1|8B+qk>dQ6Sn7GVl0T*J^9uiwSnBx=VCDgz1bN9A zzdJcTTZ+oFDVMzUCziBAN?xdNxxy2OC9P9{nHE2fpQAYSinBuDuPS^iFyrzI`R`IL z`MFo&A1eNf3hxJI-0Wn$m!$ZAQJfDICy)`--;-GKp9V}lyqC;ToFR%cLgAAXo~3X^ z;S~yBrSR7kzFXl(72c=tL4`S%ae3~iaG}DL3ZJR)xe8yV@Xf@zwqN?DlHaG~4=ec# zO8zQw$j1FZaR%XL!sYX1h36@}PT_AWyj$S|3a8*E#OW+lc!t7D6~0>G?Zi^X2bBD` z3Lhjcl(G=ZJ=90Q?tUr@V?ftFk5_m&vBWJ=@-a$&ijvP#@^gtLtqX~dw|Q8rbOf{4<6BsBjSDKBvDxVW#fxkI+R#F}ms~M$?O8R*kzqVprmDk-}kxtBI)$=2TdR zXDNK9!VSdeQ)m{$I=o!rHib73GlMW!!a97N!e3GNYYKlu;T;O!tMHE%{;9%GDf}yi zUsQO%!tW^jzQP|X?EA6&XAz@4(c~yRSYbXpa2!5AaCo%B6BVvf_%wx2SJ=F7Ea^s+ ze2K!%3b!lF=MgRsS1D}PQxct7jl#cG zn9nI(T6{L)@COPXRyfG{0m)A71qTnF^n+ z@H~YZ6<(rntHK=$U!m~T3U5;QMuoqv@OKsdzQXq@{1b&AQkY|FSH|Bc{9A=zQTPpo z|E%y~g@d@jIGtRV$Km4?9;$Gz!UYN!DLhf(Duqu|_;iK2--=83e1)47UaIhg3a?Oj zjl!2Ie1pO_Dg1SXw<*j`UR-|uL*WM$-l_0o3jadk7Zm=T!hcklTM@Xl-ck5{g}Jkg zUiNf5s z$K|K5!h;ny^M_LQkxD*V;c*I2P}s~RO5ABmK3m~hh0j&^e1#V)e1XDk3SXo!w;*!m z`m(~C6~0;FE`|S1;X4&JbDL6@`<46wg&$M+7YhGc;pY{8Md3dx{IQP}GlD_4@j znF^bERLLi|TXOX$zO+CgtQ;E6n*@C%;Ky?lZf|M=EUQX@!51lAo&Z=M;`8+@vsf zw{q#ORd|!aH!95Ch#dbug}E=0lRvI7cPDc4mlXbk!mlgL{fiv`BZaX%RaD+vVQzEe z_yr1c*CQvNtZ<#eXDiIzjvRlb!rb@B$u}x|i^5-5nA;;c{{0Gbw6yy3J*|txWc0p=4MGw&&djN?<6NbQ{nRzjwrlD;bw)okCM}~L1FHu5RadH!%SU18pJaC1t$O?A)Q2atn4 zg=Pq>d$t||cJo5{l%vcv1+Z@ZrwG_R6F2iqGUqdva={hk%RIwG$^}#;g3~v zQ(lp?ypCU`Fw5)Yrd+~jxt#oLh36@}MB!$ITNUn5c)h|K6uwg7jSAna@D_!)Dtw#5 zJBTs%rMVZ@;roes5MUmFb$BPSw53NB-c2lXjC&N`ODt{aS%se?mbUbw!uyGH@B{NI ztiuP0rJmnZ_z|T!Z!#e=bOZm=kF-|0I}r% zA;HL^Sv;L`s(n)Acs$@eD;U$+-tPqS-Kakb9u54a;4m=1m8TxQ%E&oA;+eo739bRo zL|tV|z4a5!JPa0$OS{K!)yZKVMhWI&Ef+il_$0waz>@@*15XoN34FTXxxn0pf;t<4 z>ji%SnBR40OIunlnEB}t%>1kp%>1ku%=~bpFUDnlZV-F|Fc)2?oOQyL*@-6r-zInl z@Ew9#Kb*%S=M3Nn1oJ(UhXkJwyjyTHFz58h?*!(Y9`Rb>KM+g%|C3SHyFH#|T~se2U;Dz#2c zCHQh+zJEo|)xb*y-vrG0H_EpFUn2N+V9v!+{ypGp1pg42?>STc6W}hvKL@@;F#DCe z1-}UVfZ&&b9~OKNnBSgI&pW`s68s79e!=|K;5ET~KJboUeqZpR;9OwNxls?F3Gn$e z@hQN3*Nd3v`ar?w0}m6-_eS{M7df2oKS412gEGO(fhP!N-@rLH^7$Uf48iMxXA5TE zP%ro^z@Hbq9XKMGbN_tTntJX4=KEvB-veGLnD2_L6U^^>E*H%2d#)AyBJgIxd~f7y zg8u}(RWR4b_>SO1z;_A$D=_EZm@aoz{ITHPz`Fzw1m^r3IU|6d5X|}eX9ROYE->fih|d9LpG`au82gYJ z%yroL{x;3+4~p8#Jkn9mSy70mBBzA5-w;JXC#T~2On z%RK)D_+i0VfZKaQaBpC~k4FyQ-+Wmx=l=gBnDhOA5zIOM!-8i3^W8kg<%YqWXCsaP z4;8!&c$DCkz-5B@{^rSoIcLu~G{)tIy_`cMz7zNy!FK^S2xgzLOz=Ix?Sgj#uM)fm zc)eiG*B~^qnY}eZ$Fu`E3Q?OJv*~z^4hm4|tZ~ zhk)k_W`8hGFyFD^92(=k2z-HH&bwbI_)Xx81@qg%wSog^Ya0afoaQ_m_3)jU>jm?j z)|&)#FN!UKIS2o5f^&htBbeW6aGs5NxWg#t*@)R6{ES$}gnIoVS}f-#Ko-VlsSzjsLR0O0opGl`D`hk!kdE2)#$eHx#GHy92#eGXb+vS57< zs9>neFE-E%5lh4Z;!-Q;_{Qgt7^gEGey7vu5uN#zi%t_)bWWsPbWSH0opr>hGnxgk z4s#6TFvmb{+`d8K>lNmB!j0!|SNL9qcM|u;56m7|ho4jURbq^3X%4|U{E@;bxSlzA z4lxfFOi1A(g)0>1Hw*4QVvfS|6z2HAaXN_6u4s7ecX*@1H!FOb!aEe^eSwR+TVam> zoqWH-9P>Ll$N3JMdm_nC7On?Q&NZbRHs28lhu;r6d6mNE`MYqqR+Qs3D%`5@YK5;< zc(cM=6~0qpUjLl_M-<+x@QVr`Q20HCJ@nU3PrAYb6wW8+i3t-{c%s77iHBHD9kIN> zw1D_{D{m&2cb__mLsq_lIM-sen#h>4l9tl46U)oSoHRB(E*uJ#g~R%H+_<5Xr8`|0dt5WftUN$3-0y(__sDSPgz z1G_|F_O2aINBR_9^H3!Fl}OeTNe2V7dNUh+KYZKrE7N02ckzC)GCdv1+Q9Ujs_JlM z`k|>ICn?TAQoU_xAh+*Bx!F(W_IV{Y>w~wmcg;ZwZrHy5`aU~fiEPP>Yz{=a9*TV9 z>B!gLiQJkO7*>N+`f_f#_cIWVcJsEUly9pVojYiZ z4XAl4Q2uC2-q!nTp7KK@*1Kbsx9$2tc?-AgKfUJZNYfW~RR;F;+c#q0iTkGQtKZkO zZ^hG1DMcH07KPr4G&(hY-lJR$wlckF!#P8&@Uq;S^0tR7Q)Xo#cUDxsJv?YkQPLa3 z_fOqfDfL^ueRd7RQwP;!B!L0b>dQjIv$k$+oEiLj@9-U=ylLL{sopi2PjCI?l|2Q^ zQuiLp_cE)t9=iL`p`-;Z;qq3OG* zdF_T*^R_KP?LAabzU_L#F@y4^2i6c!bTt_+^~0ZvX-Y&Gj(=fqIf zRG0Z}RfERlZ5t4t!s@mK%G-L#@doiihw3lidMInm`n;{XHLrZzfa1@}E@{)MP%YKFq^+5TQoU^e;yI2HJ^jSt@?CSH z$&c)vvv+uI`BQ<>!?y>*m*qAt%j|KDspk6+wJsQxcXoP3V9u0q>(s0{b>Z;X@Hy!x z1y0{{dfsbWUS;)8E#J1}vPTMVl#`a=C@-iBx7KGZXyTz;Do6QCH@u1_T)y@Cyhp3T zC$6vFT3`$Q(AG>GOO|z3z*Pmj(3-ZVGT`z&cgx4sPx&~Q<&WUxaA!gKn^*KgQ`mZF zP+rAp5E!-$?QbCR?_FUok% z$jZ0vpB0FnlgMxV=_}IHE0ZJUq^;h1C~w>T%eM7=y#M2)9v}bsX^)@v_~OSee*8;= zrl$8Fly_NVPFv(mDO~R6>TUarg05hBxi`L(ySXyG1|3hPS2LU4&)_kG52xiVy625R zZWlVT^z4UnzwvbL*I&uq@=orpU+cpTI(yfl)UrhnXPz}Cy)tQ5vekVmx|TpnS@y0h z>BA2_p8L9AlzuRXX0fl&OG&fRQ_C#%HxpAUGh7FnQdSh$o%>v$1HOwI@{VHG9sYE~ z`-o37J&`<2?U#|)Pcy;;)gCTU^gF{mf0{of zAsn}H9`7lf;jIPVLG&`JlE~c{;F}(1Xlz#h2R7ym{5l>B1zrz0*95OkO5!~i&*~z$ z&a?nn{v6|66BPB}^Oj+~e_gW9$8V7_qcLNBauUb?*Cws^HwLZ=;sq!f+8NckQN39l zIvy%DWH+0?Dl9 zK%gfl?1M?k++GA#bq^^i$s9okQhHuaUs5vXQxTR6Cn*UaAEC)ftQ}~32Am$rkOZHd z4oQzK@F$%~n4I)={Ps*vx(!YW>8V4K)BOw(dbLqSKYt^HUawp6lbq+X4@&CwAU$E@ z;rCbYO!TV}lAgx3{*veUoDt3H#aqJUX8$^Pa(cZ<&)59N;2Gehe*->V$$L)*=uL#I zTxx!qb~+(7#)X$KgxR6`-W>qF$?HvJ7EK0%qUj_uh)G-G5u6Ljp)%$ukrQLb&}6Io zM$j{!VKQI$zXK=b2?&yts424uKkvbt)d(=m>vP8JIxp~YfMLOG)Mj==N3#=neOtlw zxBC+jkaHRk3)F9^=ifFN;JAJrp8sts#2gOS`tmRIuOl-8#Fw>m7CJzs{)J40vD^gH!EO3I)!&rIAENC zOr&3Dndjfb*!?=oqiBpntD>@1Q5iCSuZa+eBBWtO3!|vP^Z&!J8XahIpb_zGSOe%5 zUEulmz3O9ni#6&0z*WTk%;TUhF?$!FF8@NgciiAFc>V;RK{#F%-3Ed=Ua4OHZ$gWI z4omF+0%BX%b4bqN_Cx+TrlAgD6dIo5{uX{kKJ;D@9sg4Rzt$UeF~cHMMPr$Kb`Uc4 z7opBvTBA2Yy^M7!ME+9#(y(vzxA2L8jkR<#1l6!M)>4U;cRG2C?1>5pKBBz>XZU2w zc~~1@^Q-AIrK`<1=`Qk3f_3?wp1;_J)Q_0U=!b2@=%1O#>zK!PAZ8w~V;+x(fO#~YN$@a_ zn_M1wd0={PnLO4Zo%jqD7Jx7TgbXBrO!;NZ(^``!W)XKV}&de@iVcoh-p+ECD-4mf$j$;H&hY1jcheJVmCb*uaY5`N9HS z&H@ED?O0dLe(My3Afo4A^&s*!lvfO{DdiRB;)liktu0MpO=59*#95w?b#a+@Q=&pD zW^D{XW?36y)?Ye%le4og6gt#hrw#gVHzf18mOs zA?!10c&+!h@C(49T@aPS4&}2JK5riSAb$7}Ncb821UFr|F8q=K``3nFGvNNU;kOOA zer@<~1{_!u=0OW?+PNm2VZhC6!kk13ZaTC&%%`!zO}kfzPcUHX>hM?tKDZ>z2PeTz zdoKx}YQXK6g!%Y2xM}?*;d2exv97EE;5$gBY&pP30LSmfPmjOyx9j-Z4d!oGF|R6P zP`v)I{x5Duk8%9*5Ct~PDR<(sQ4nm0qH;F6bl9>oNOnO2GluQwa|S}gbNp<5>=z(P z@sD2sCu!4rtGhhYI5<3_z_g_8iH1u>DHm~jSPUIox`%`7B z5$Ao_V)oWo<4|!0NdH5=$2jy{i1(akqyBOiI-aVHkF%OaEjl)< z_BN;XVXLc>vsrkB*euawH+&q%NQSX<4SNZM;k*cLx*3!q zpj?4kt#Fh$C5Kjfg*;YN@_ENNwAv`410}mbnJP-wI?8TKx!I<(_Y$v=k3yN*ZH{ul zX61h58CteNOS5Qsq7dZ0{6Q!` zbd)RCnS>PO1EKIseN!S`yS%^@rlL8sT6l69#$FaE+NZN+;7EhSBQV^Ncyv%C9&ls^ zloL4DOg%=2X$b5nT(DQcGluideMnpP-equZf;A{7%K3 zGA9!7l;P8C7?aW}PzN)mBA*}dC!RAd*q$@=MfEOrdUEQCa@Pf51dvg_h zdrQ91V0z0s|531_-KCS8?(z*}tNd;-QN>=Er=VX4RCqalR^dAKXOq)<_VvhcASGlD z<(wYoSn_VzBYo6v4XK~7t&L%DLDSGXV1 zc%|ky|0Zi34Dpg?vc?l93;h-ucf>PHJ2cICgb;qA3HEAjPZ~Z8qlP~U!3=9Si0}$$ zBB%>NnRxt$&hSJS(wT&uP(EaEc_(skHD235UWwoZw zA=NqPQlf*LTpWCV%kVxZG6y+)Cu1nb2~!9-+F3)u(GFin7`hvP>l2OVuxC7nJmWds z8UHqaILsN(Ha4EaoADgljOVasJcl&nIh+~Kq0D#=W5%;v8PDO%cn)30bJ%i1KV*g@ zGv@hSzn;y|jN5DA)SS$0aR7fZGXa3Rjyzs;{d3Iy1&~?d*57h5>S}lm<-CvK2yr;> zR?ao|Bxk|Lji%_o6wVjvH@79{n%fdS+#ifP+j)jvX>M)LGt5v02ZkKQ<4nelnm-rG zm{C>|^4ewUXfI-$T6-Jd6lOSNs+F&Pmb<9`nz}1Qrljs{*MVCHQ)M{puEy%YIf2<= z^F}3`GgS2=sAarz`FR#E_ezw`_7^D}@K5>$PE)_|8wpZ&kACUB@zMfr0O5b`=P@bo z9VRUx_ssqA(yFVO+9m!zFl=&@PlhD$m1O3zH%I5ad1s=2HX_`sUWlIyVA*B%Cg}ZD z{xsspo3azp0=Z^9e{Q@Q6M4#LkOBitIQwRmj17N|@lQ43?3!%2(SIouVTQcwhw;ON zd6wB6OlF|T!PKRIfiEUoc`TCW_wh$$^i2z949=+U-^b6wbtRDRrKOz$5n8oCG?%1I zNKq$rW*~(g$9chw327%APtTE1pEA;8Kx$td_25$<(tT(-% zKWgBNz9jZeHjy(#D+uU;ecuLVB zF8htORO2}=4RzW-#&`Pg22QM80}&%y$U$j76C5mBOcsZf_+@?j_}M+G27I-8AcOIS zURmD&su8d30ANHhOeYe@4aL%8jNDje881)bC9|+`@rDZ#Szx?;^(|jWTm^Mqhmy_J1F+sTu(%xB%S2s3_1-JXGr9?6h;t zp(%+Kz#fg#Sk5pe87uWuW&jkFry<2`^yXuzsm8DG?=+2NT@FDjKQRqbR`WPY&`&ci z`dO8K{ zg2^TRq=8n^sDTqrJE*oI9=ow3nxa`V`dZ#pEu1(I=MfFMCeQb3=-}QA^I_-;y8xo* zA0goE{d5huGPO{j|_;EK=G=$vNY zd34TzJu)>jruS;;I6{1CIP6eXM`wnC=hJcA_=L?R+pD3o#B%Ahz#f@!$PjAjI6{2F zIfhV2Cv4z6I*uDlxE#_7L#Uy{$tB;LPiH!83ie4T8@0~M?V@kC3FP427?M5*i^{SB z`)li@h7Ko+0^X)MI(RrdI6!nZ7_R7Q6d$vIAy6f2Z-NX!Xz8gmo;+YIe2I^QzEZ7$Ti8UEW$a2=i7O>lcO z_#5!=GQssuM(-XYI@^gJhWD37R7ZzT=K^MP4@=-H`!=UhCA^V80~QCH&UXwviw;Yj zgtjs)S^^R{9@nL+f&V;M->av?4?6-LrY^+P!Eat%^J?idn&4QWIk4xD9?jat;4B^= zt+2(y*$AtPuonKSO>iBZYfW&hnl`|Hvk8utkge)n*krG24Vn=lrv=a)>2AJlXqZ#mq14d9bw;`*BEH;*E`UyMGyouK%w2(3OUK2m?TW>$)iLAG|4c+d zMbWXz*Xrc!l#)8FB-Sx74>o4Kj#;l_*6Wz{(IX#=IakM=t76X8G3Um`RDECtG#%N0 zV@S&irZdLC^XWKld@a}ln6A9caL=RTxbcOx3D?tcgjkt)gY&5xNchz3kWc`ty8K3X zIR;=Uo#9A<#YM(@4;P%J{g!@gEO3dSOnVv%NP5vfxRA98&^K({xiz? z8it(#Zya*x`+v*mjbER+roX+dp|q*NgX5JhX<61(+7xMPZYrJJ*0^Hn@|Myik+#N* zBW)13w^o#o8`sdX%)!!*mX_xB($0>ixYJM7+I==hpa8Zu#=2wvr`mU+o=@jZKSyafpEN`UWr# z$3oOWdwVl>5`>?3pI)+Qjlq4M9}M8Y@HffxQxS%Wl)#riE%5b(K%^3jc_82iGpUx( zR$}5?d_Ne(+_fKEgP9^?qzN1_m~!99{nT_sW&CJft}{`S6+OjZDzGYD)PY6~6`(JT zDZu?vFv)0NZPH7^`Vf9_waGye${m+>aGlAePi9ge_AB+eqcL~OzNdkK?8f_J8(^i1%|i%rUb;D4r2AtYB_ zESwKgOzsRP!)T*UUqZoW-W@+Kt$@kfI`eDz2<72$ald5h32{HP#qE(w{eCKH7I}Ls zCAGiN{FRGY8IT-IF^T#?Ey00-21xoC&YLNQ><2fS{G+)sMU^fvkEN+{31#K7VdfZS ztd`c9I%H#w)uBCruX!L}vXgxznnI-(WF%3WzP zos``ASS#YuIXV zUNH2NwfH)VZQmB$=KAmFJ(!wpRDV|fgSI6FOzZbei(hNXkz{g|%+`a-WRC3ly2^yw zkY$ppAk< zU}90H%PkMzGiy_igOg;M%u!Ct;0|_3K1!$hl)G`dXPIiZhvO@z`JlQL=XrF6$>s=L zV)Q4QUvr{E&L*$rudFpqY#Tc-Rw5Lcjc)Ol8@H!zU((Xn5#n2UvUjZ!E?w2sv9h(v zY%V*dY(6)aZD_wZ(&_}uT9$XLGm2G;NysS;LC9i<&%J4l^Lam}ow?LM}Ur*}=%c?S5=GSC-tYYHDlo+E=u;qMbE0 z&No`xz0;U#tO{6isxoErPMb1iLa3mjt);!4?P79Tll!r^gh4z@4Cz>HUIP=an zW2^ZymM?1Y>T9RXpIlu#duDyzwD~h<)J?0IJhQek+-q|6jLNcJ9HhiX%Wg=CM_9&i zv`>T6(U=|LI$pZ+b6`lrFo&tfVSDF5hSlff)akH}OWjV+I7uAq!*G1dQ59VpH_j#g zM>vc}Jubd;wI1e&99Q1%IJ|!#$K6MC$KkyNIqn{#I}Yz3$Z_`{-ElarLJr;esGK~w zoai_mE-@DgVL0Qy4BRCCQ!!9=a^6=koPJIx@F@%9@<~7Mw}?4u#2Gc>KLJCHiNl-u zQjv2qh=#g|c|6GH%n)5#K3}~+FmL5qN0jrHo~FApvaJPRU7I6^*y+y&rs*zj1>}rN zm!>-o<*uFlL%5`UO%bT#>{k+zQfaQA`TOL=`OVIS|6u-o=Z7PhwwlhSUB6b+E_ME&L>X0(}j zalHKc^X#$>UQ#$>T#MiYR>_%iB{#B76XN@os3TMLUZg>u@iQ;$qc-rcC4v$Zehm=0_NKt)t3Hqp? zmmp`HzS$5s%&;Qp%ZJPS@wS~|%pbchUEZ1SyGtTqRL3HPDW3yJN{#Bf3|Q-1 z06)7nXI!56KCr_K+X#Kr;Zh&FL6<+ildbi2!q3a8Gfu~52pneEv(Wb@B2pio<3;t| z2dwoKz@y_ie7D4bW6Vxe4C{;fFdGonw+C43D}skSXPmyrAaIyrd!R2LF7;)?GK}%| z!)kqeUr8J1{iE>MHfWBxLf)isqfud%7HlP!8ss7*(fS=`el(BkAGqNS^*A2i zo_Cn?lv%NM%K2!9vHVO&>)QyA8ww#fs-reR-yG;`MmXzli14VdIYHlx@Vj9Xf}{Et zC+K?s`Zge(`i>VK^{r3P$Mp}~5Cy?eeVnG%<*h;?c0)jYA>mP(`3V3FN}> zjMKqSjvQuKN^Pv)$b+9@)b~B`@E_GT2m0I)2jZv>KDE;Nrb3_VH}Zu?eSA(ueJG|e zS3)1_*BPhdCkgsCDt#kCcKKudYkjvtU&tvF9=&fQ@E$n|@BIYctKb!Mqpv3lpws0V z$KCPzC-BA|g=hAxQ0dGAkLQvzu3kn$pTi7$7WKmQDyo5bp169clyu3Vxf3V(ulicd zU#GevLEmk2ab3WHqCO6{oxT|f`Ys*nd0%mzm(n*cftQnu_g_#JXI#2xC8YbnLOl7D zbongarOP+ST^#B-snEU^kf?8Qg1$zalpldq4LcUr>06(mZyWR-aLVAiv@S`|w*W(x zD#)mBoYMD|1btVH#%+r``INqE6ZCDxqtL0ntUfpP;Q7IKESZNeEKLU9{3VCxQPF38SOW{ZD(8Xgcss#kT{`pXYR_8$Pc>{M ztgGjz6ZCx#`VK(mjMMi-g1)I3fRI-W;v`t7uMeUlwgK8!eUUvpS~&dkvxfEC_& z7iAap$E^4$?;NvMBn$2AM_eBPJk$QPBaBAq^FooilVgqFJoAp`2w)_?-bL+g2R*X0 zyz{+Em(DrUZ)QSAKoCH!mb<7eZ>)DyO#C8mqlAPNsRJz&t`mLG!Y1Q#pB|-2Qb|{IE?TFVnz<8)61eqz^vePd_Xh; z6fi63C@J7w7LAznNpW$GAkia$5ui01HP=(^aq(})#h;CfzZe()Rb2e_xcECRPR~uH zKg8cu<&}BtZ5DgwPFmdEbazvPw-L-W{H*BhTyr0S_Z$p}aNwdoa(R zxI4O$oBy$Q`6=CTP`-oeX0*F!?-JZY0mNczEaveA1z{W*uCN=BIKKFt`*9xgUD}(6 zV~o%ZzjIH+?_7gpv+z)Y&<V*YTUYPL9dzaK=Z;$)aR?eeUBxfnz96pL0jHz0b)B zDx6L1>S)F%SH}?P4(BV3DKA22HlK5E7UQFWIErw}o^jKN-IOt1(MuG47O~4)uITd= ze}%%8#EyT7qSp|+vT7B*PT_im!wNSLJDFP){WfA}hbBeerf{?3xnI#+6mC^`ufh*2 z+(t~J;%LX|<2_?{$X;xW`hxhuk$_Wl>r3pWO42hz_`zW?CpH`$88dPXG}k`FOsC0+ zDT6r4>A-6`(vuMqCpkNeCfyD5ERvXVh=qslNIGQ_Cpq6^Hqt4RILY}u1JY9v5{n$F zo{^6q9OvOAW?96-bD^WNEMk$#YLK605sMDEU1R7hi&*G$9i47KEb{+>^l|vXu@9%< z4u@GT$86H6+qWG?;GK=>iFE3~>$(gW=>S6hwAW63>M-Br8;X;3J|^HJ z0rFF~8i!f#jSd5vbq)FXIAb$T@(*=5i5(Qj12{>~bXe-X-_e5ziG}`sN6$t`EWYuo zqmM>NEVkl37RnESMl5vRQz0GA;SmeHz|kjwPAv4R9G&e(oaDxtcG6KtKBnP!8HxF5 z=51ogXElkFXeb;3XXhe^lLnEBc5(D+4kx*BgV(H-GaYnd;pZOAq?dqBEc~+_eHQ4% zQZE1Jp8VyY6AS-(N1q2evBX{vmFle@!7+~ka-*O5{qx}yMv@Rfle$kf9&YnKqnUZ%cP?$K88Euc$&dOEHb%2 zF=gHlIt53%sv=jd&q6H9;mvZJ?yPMqZC4*nND%jM%jUWa9zYv1bSs+f2v!oCW# zdt?;g2M2Ky^77z)?F@I}MG`SY#*F!yq~nKI6eArEWfO}W=8?T_ndajUj%1v&r)>%` zbmPHp?4w{D)YYe!*YE@LF#K-$PZ9F{m>@BD$i~y>_(u~veM01MIG-3i z6AI6FdD&$m8%VV(^zErZF8r>%??v0=L_=CjC&oX{5E39r@!$O`5nX= z_`&fc&UA;rtMGFUQ~r+}=Iy1I9Uh4A7sQa?gOI1lKSJz$^0&b9t(`X&e%E1h%L;P= zf zsqiv|>lEIkaHGQ873LaA%6(4ZLkhpD@Shd-!B&#@Ckm%yZW6k=KkVw>tmuy_%x?k+ z|BDJQLE{MhD++&0Va_8mc5zD=8BcygIv1We-ckJjPTbehKOn!ucz-TZRywiEdx4^J z4|^F~ICsd{GDY#sAa;4VpS|e6jM$AWTp!9fvsv-)SNsPR{wIZhqwt%=Zu~h8EMpM| z2GIfkUK_#ZDm<3h<-L-4q_v6pCaa_0LAql*yVjk zVe@@cM-QU2i4GxRN1s9LbTHo~bz>L5ODf}7HF=y4{EmX)EehYG@K=bPoJWBvhf}lp zZm5&q}1f@;c>S#j{)SJVflqx91i8hrpD-8+pz5CS6@# zQ#`*>d3k$J*sV*)1Irrq)1EO~P=KMVbOg;x*LzJtO#?qW_6_isgS_(a%o@-RX0g!k!ubkMC8jVOSK$;~s_=CRFD6DG=CKT?;8hB*QTR4uDu|;Ar{H@OzE9y@3V%uA z4uzjo_-Tc|r|?e|{<*?E3LjDUkHly{9)H0p_@u(-8pQFK>qm!q{V4qBE1ae97=?2b z<~v`K_X>rtR`^@TTggyRrnti=4PnE^Ps}}6y`ts3s0xQ zT?(6bqTIUoM~ZH)-5mXAivC-Lk1EW2xl-1j6y|sKg#LlTW(Q^`KZVzK4i8s&q{0Qn zZr-^>VRJ3%=*5bDox=R?rsOs62s!>rMdv#_!gHg-n-soP;Uu-l6bLg?B5=tvN*wzq={;DTSX^n4575 z&npW5O5xWO=ANCx|DMA9)~3+;fKV_u^%Q)z!e~a%Hwr&Ea2Xo89^vv!?voEC9eH^0 zGEeS@2Z80fBb#)0Ju;efcdfze7rBpZu3y|W#RSqFE+oHOlTRYu;Ud!AI&d244o@fD zjkhJFJ3NbY=eOmgJ3NnccYRtxy2F4GIT-RIm{k?|xNQ@`#y+krsv-bq;p_}?TI_oR+N`;pwT&Hlo!eNCQ6yBon zZ3;INW9;T}KTg3d#55|7R-A(O5<8!HSm8Ee=RfTVcMv&%C1WFNibogQEwhU~}E)>RZWc8CSOSUJpn1au4JF*!F}@tuXC6@O~g*myA|Hy zFnPX0?DT(BVO}$)xw<^>FqW#`3l8H}wa05l@-X`=4l~QE4zv1493BeHYf18F1OFSb zv(HI~S!KQ#L^_5!ub;z|Imlt$g7F4B%qBk1VVZ7)!+d@*%Hd*Q{@+QOvp?SvBIdZr z?+y^tjQln`F;$x7Fy+s6nD4dmT9P~?fU6wN0j_a4ANVGR3xGE|%;!p59KHhhc86yH z^SkSmSpmG8*!k_39j4uQElK+Mz~68<2+V6q(({1%P7(1q-~$ei2mX=6va)--@Sv-VfvT zDRDdSZ4Ms*-s&*#hjEKJ@^ItIFFM=}-0JX4!22BjDe$8X^F2piw=(aqfxqSOd%#aS z%rWeM!el%ejNDU z9Of8s(&3*12QauY@BaeE9zzE6UDrVl^FGjEhxw_G^Bm^=9$xb@FZ=F=4)Y#QuEWK^ z*reI;@VVYZhxu%d*T2lm9XzjcxE#2|Vcz2@bC_Fu@>-bu?7RGc7BTPrEOD6cB(89n z&+qCS=7yfUE+#+waf8FW_tWSw`*f4TTY>L(cpEUUk(rn8IX>v{7l0pfnC~cl)!{DS z#~gkc_?r&@6YzH(=JUSqIm~wzf8a1DZ(c{UEWV%kQ-}Fp@xM5HKJa0OM*#oE;cVbH z9p<|y{CF4TdPhYH+MTsHeNfYagl)I+YWP$(d97LGrXoI50^|Y zIE+V<-cKCn+Taz3F=czarY1kCF&|3=i|iz4z4qNTrl8B!RgC2(7q4J zNgPKIr;iH>9HVjiIHBVp$;U+n4$j{`PVVjy`N@cjeAZv&XA?X5Mvjv|iF7A_Iq zPVD4Y64S6aYHQr{GqF+lbv-^ht%EQ`oH4xtPT93!HL|@LPr7As&Pu z94BxJ?u#*3a0W3O3rA4lkiwiVWlcU!Vg4Vq&^Z^%bp+=*!SxDnQFxoeoU4SNbCTc= zh0SvrIu8!6tA*zkg^wtFOyTzxPQW-WdCjvGCzJDy&_^pgLE$1|*N;jRo~Q53?2fKh7B};T`65U5K0u7o z6AWdvccuA{;7IZ(0>!`bdB6Yg6N&gAojEyiQ({H``M1qq+|swE&-}&}%Qse6)*al? z_nJACn~J~sh2K`z6c_kQDzEA&s7kL~(wrQ~ymGq#yzy68R~8+d;jdg-d`;H%_Z>6e zuP)o`t@*~QkoNicORTiY<h}2Z{5i70o($gTJU0 z5||d+)~}RVi~y#+9tImH)V!PYC>DKHa4$s1pme`*{61vv{lq(HYK-A3Nx+p z#zth^TD`HF`N}$Lk5+^;Taw#KnnKMFHbUwxjo{j~9s;(mr+})qhVZ1LwVhyUDygYx z-ql#w)Y$QCV>qep-O~**Ml(4 zwv8J)OIm8%n4{xPltKD)pvOZNEDfaoco~HJr-OO)t z*L2z1u~-zgal_GymThe%E0%>@k9@bWskWtI?^heQ+}ZdPO5bW~`?I!VM|({9T~dBc zx3T1|2amFzP@%Q01i4qNuW4^;*!xK1Q_I5JI&1e=cRbLzrKxdO^_JV4?|i-O#L;6$ zOt*-kk$b4f(F(|DhbRa!x^y))JXPJf?PzODE!DZJvH44l)MuB`=#TqCDNQ{`Pedzq ztaqilRxE2P33o#xBphvpz;Exrv8}z67HZknu@TLJmfu(n2iQ@SvM-eSdML%HcTB5y zBBEZmQm@CT*KSoi+SP)phPQ34Zfb>^sMId&%~e&Y`$B22hf1&Cw)>&h|((}(y4z5oT33vA<}Cpy{Q#W z5tY6TR&R&$U2#?)48f2{+mv9GVc&;H=OGp1_S;&H!9yCtC!B|LH?FI2xhjhhx z$k|TYik1>;+YqB|EwpV_+HN!2c2Qec+xZE!jJR-B)etAIwxxpdwpn@5lRc{e^4igI z6xqgpiJo<$soVCfp3bhAp4C`2G+NnY%lZ8~)a1itp@cInhR+h#6b=Rb{%IT`ld**%Qgha=W4b zF_`iM@S_T5UZ-PkhCL|wkDKX6-rmLa8=dFD&|W^N~O%#RaMzWOq!j~tExsJ6H=?H zE|^#q?lW=a#%V=Z)AYG!d{OC$>+gGO>dFi4+F;nAzBj$F=oi-=Eq;Go+JPWe8frc9 zW^uopj$=Jh^hz*(Nl}I+#YL%DQ4E;JHN_mWrfABXH!M7$CK=8?tGW@Zixtb3V=yJpy4EORhVJiY6|on#3Jaj!)~(IoL80M_ zrktm$w|o`Z!;|+{*FD(S*3da%S2bqkVHl2@n;JLXy!DPd*FerD$k|>)^+nFg7&((g zPH9sE)EEX?sK~Brn6b8V+s2z=$U7S=pT?T%sqcKZ(bQ{u({6}E)mB0=)NAY3mQdR! zsaL7gYeBdHb%M;C&RWbFlTo|oyD(?83<$TjZQFW#%`nuZa)0AfP5av(-C-o}Zh8!2 zS#2xXSZupUULcZJisZ?iwX|7vODSd!$_@|PT8(CD+7`}fX|HQ*Y#M;-?QGot$gW*G z_n9IdYkG!O-HrlU*z&ujDO*;qsA;N@A~s18rMs$81Qu!wI$L206p_<18FR_Dx~Ch_ zewfDwaF`9Zw+&M*_yjEf3@m@BhNcqBKNhuo%cf{q+rzZ{0++oSO<&vDih?GiJe1N> z%HqQCm(DJfhz8nU-I>$Yj^PTnRL%W73O$5E53_=gNukfELbpc?-7OVdDHYr#6)bI8 z5UpT1hvhc4L&M1t-x$!+)7cH*7zPc+H-2W!d${R1T977&fyL(!Nek{4^FAh}Z<5lt zOX&+*R-)2Wz%q9=O%AtPM=I^?L6wI^94RN<-F6I)G(b7h>qd>^O(&rOG&y9|FfMvn z)ObwPct+INE^6!+HCDE4ic_Oh)L78jW4$h?t=oDX9D-hVB0Qkw7`+Z{C0_SOqtD64 zoD{aoVW?x=?s&xQp3!c1NEF&F3OyzYZED#br_cgX$TeY4+hiJWe$sSkBM^6h;rLoc1K+XePU&2 zSC}rdDdNYRRE~;mL5WV-cqwfC+F{H6|%NiZxbYS-dYNm1?F@&67^e z9XTmV&%;qYkBgqqh@OW;&)qGL#Tjvv7}2>v4?4Ot;!4xeoe{&ORJAdbidv~baz`iy zlXC1Z`9xJ38+~6+T4PSSal@*dl&Bw~F5-yC#Su@6%7;Yd!=mzIEziWMyj@gwPSVr1 zQdHj5Qfiq`Sjoql7GO@dy(j01Pzt(_8iz5zW4#bN67Q=@@5C}bs(gu7eo{pF+7_pL zMbpXfHd}&IzM<`KXS?;oi1MvgpYEpZ;V#SUls^XLdn_}Q-^$iU4d4>t1u*!D#!wmz zo)Z~)CS&b`1yk(U^F&ofCoT@6I#+0&OCmZqh|aapxiv=TZP2+ZqBDH6-D&|}-rm_0 z?uHV(k-_wP4A3V!k70n`gbZM_YNt|Rm^k9iIasjKo6}k*M+fP~s==L5D6M6Z^$jSB z3r)=L6+3cLl{+7o;jaOzy5Y~6w-u^74~>|&OPYIoxJR28?g{&zh_P>4q-G1ApgY40 z+9tcYVfC@5>g>)6YFGjdp&lH#vw<4c#%t)>bQ?5uZR#{^hlZ|ABN}#F4Nt%UjyVlc zx*bPX?t|IP^u5Upq*#fDOR-R`!%zyNx}kJO)sRkH1VviewsFh0ty|aRq_#EK1zF2+ z45#h3tX3%2ZOd|sbwROX))*1RdJHof4w{{aXqJYavNAH!Y(ghOYoezth)y;8s)lyr zD$42;ZndU@p*ZV7sfgEgiPyD5AJ;lgpKj>m8VCBo>yA0!-%eLbMPH!bMVx=-4s!_r z=cnhniT8=Bb2@P$7BNe>-5SO&%vvLAbc-5YP~#Zn9&&A7-FCR82la}$*zAl=Wn=y{#(EVMP+iMm;6SA3zztS9s|om_(pCbJqn1dE$B<6(?_*6SW~ zUY8nv1{S8*?N(lw*@=rqYu-p3xAeg0wr+*bwZX3DLZIn{E$bM|azpMRm=%t6IO0f; zp|jZ`_ZjU-!#cZLx@-}+x-@+b)v+zugBFDHaO>l^aKM`Xsp{}a85j>meBmdKCeKX@UH}~+)W3+rvq`8rW zrauv9dSrDSE0qRGhr=Cq4rf|0*m!nJcwPE(m2*h0>>n2Ir6LXiBb}SDc^KJZou3LFnwFCp$W_Qp1_E<~DE5Dtfwk ze%92`ko@~PI-X9g2?ZAvZ+tp`XY>50i*D=a*qPcksbfL$ik(GG&GUD5G^G}VhBhxK z-rqF8X=>=4JBQ~l?g*D09iCs^4DN!^xgFK1Z52l#qM8}1r-shUU)zCfM{6sYD}R0S z^1Omj=KQ9jB^@2>Q@1QAertVEb@S1N`RkE2e|AURW5sV(=g(;_+%`2d3^%amq*gvw zJaNwcIYqzi*cUp#=-TF4$BW-wSlIe{=={C=J36MNPMmgRVsqQVj`6Acr?s^g9WUNL z{;l7%q zH}4E(g+^3X9xS@Qqho*S@`f#24%T!ZIbJ+*f6>n7J1eG!vfkQ1Yu3SFBaKqnbHlc} zx`TUZnP5}%hT5#q$oV^q>RHu!$C_6bPi!h$-&_#NUeVOiaWGiLx_&ovOKEZEiTUe; z)y-G0&kBt~ZBggfvE(T&eu{Ozx;pqo2Wwnf{MMY{)6H2SnEQgO=b&9?l@?$0^wm%2 z{{~85n16Y52aJ%H#oNXg7ES9w-7gw{B)fTf-s_?CtH+~pj}+BkJvIM$@mtf1Mi&QP z?+E5LA04!J@4>gS9_>PnQ8}oO+M-5KFhBobQBnQQ?mK%n99w>(tTyF|+SG#Dw5he} z!Tf`l4k*kF!VZ6+?S_pG9hqEw(Ri43OwRO4`8mZ`XOU-eVM(yGc;d7o&`U>G6ba9Q z>9rA_m4yuvo=u~-MR>MPZ;kNmE^LqRJT|&3!t>1Z?g-DJ!k!4v;nBw;JjbV>i13^& z2&D*9*2)xEQrNOqrcMo|31h*^w1QB2FsFE87ThIkWxDM6z2RiRV>s9G{O{W{LTei?5k;#}|)fjY*%J9IUJlzEGT#+&m*#ws%(5a#wyti*Y&0 z@29>nBJDtm)1mo~i-w%^`4^q{`l6v@KD>1JjG4z1pI>zD&ld6ZI4Dx#G#m3;_f#m9 zwt7H>GR3HP&XfpYkR=Qf!ePJ3lk(G`P{zD%S>BEi@+=`QLRjd^NfgQah8DM3Np2C>LHB*uYkAC}xKFNWpduNrcPPNpsywsYv3ulgg zsdQjjwbP*HrBK3K7aW=PT*2N5rJ-?ZpWy|4yrQBd!SN|2{$O^n;3_Zcs^KrrtlIm* zy?A-zZB%~w@Z^NdYiovAjvP_*(nS~449CBaRtB>@e^Gw$@nA5aXlnkLJ%xj^@&ZM5 zl~eb6ZT@+I^QP@xnqOC)viFhvNBy(r=HC#wChMB5uU`N ztMX^~ubFdA)*JV|K02>(%FCs}9jj9#^)JjDy)gd@IJeK)U}oWzQfCiTbanDzq}n8C zT)1%h>Kwkf0#6?Ojlw~t$qs){;mw8Lo1T}P=u++}{KoW|k=UTZ&C~C3DT9&+PxhC( z{y=(;la`Y_Ik_}Bd9dZ1{u<*Vp>W~oDbrWuxw}nFPJ~uF@=_-!R-83|^l1P5(&ntj zYvx=ul7n7CaB}hbFT4>PT|9L_NwAO?B^wQvs!5MNDI$x|6qC^M1cHUg=^Yv*JdW){^t+9Lj!&>DESYQlXGDI zNCv!b^~UUhP+$Ow&hSZps2=#waFyhoK!i4$|AGz+B?qQ|IB!Z-UP?~jca4L>iPy~W z(u%zG57mtiW<5WkV48Q{wEV*2tmoffcK^S+9BIP_`A3}h{D^aZHsYMuM-2Vrh#_eQ z>ddUGS4Z3kI%q{@VAZoaA3z_rjv+vklMl zf;dlkZ2s`0558abQ3u~$qXg_5-r&J=8JA-QfR4|Mi&M5vkB{@!G@Xvu2hIC*2+T1P z3<-Gu#~T>rt5n`Si6$5@D1kY*`L_qQ`0hp~_u8DvGZycleRQ6?6Skl^be^3k!{#Z9 zD~H-`@v$V96EY>(pIZ^wJSjF$Ky>3vdCVj4Em{6qAY1-A6GZD`%eXrsQmL47rbNmK zCeS|H{K!c|x(r)<+XHnOkZp=d@XbTre0L!7FE|;I!|&_!Pl)<`eYsVF-=D}AzWn~P z@}OuSA(3Bu^e3FfO8EOGK4^loUL$8hBH!mj8ehXoNC3D6sfh`+2Ba-Oq|ZiRjQ8GI zOZemUUBUdXOh=?|6<}aiG2vJ76S$7l#Dq@#_Df9o9)kXql$4o}>>GpflAl9{guy;C zd&yn+NyzeDfrNzQw;9Pdk-o_^Tf!vY0%jS&PuC?>_-;oeB{`KTwZ8p`WF(uMyL_)B zGSnORT_jBg98?T2hzP1s@x%m{J&=$RW720Zh3ZiJpn8Bog(2U>wx!XilMPjc#yAi}qh z(D!vCc5OZ4Mle6a?psKu(~RhaM&crhT*M56*D+UBF@C+XuOiM!??)jv?WvzpA;0G!qh3vXd0#w z(v5l>qw0OmsCVvPpp5TC0xRQN4?*WOgBb*-4l%VmkzhP0GnENnHa(9+p|6!22n>U@ zzns7t@fe2seK~=}jbIFQw6Up(osYVG#fV+Z7>)IaY0yU)MYU|~cZhkJ{9hwqmnnnvbs!JqZmV3Hg*+aEbDnw)-uLe*7r?WbXAsRW4}kt8&31_;4tHB zU5kQ(p9N_MYq0{rH`~iH`&T9;(n>rmYdcs+8gnI>Hse2dWgC+vB+_Ke_$6@rk`vh& zJUEj3TKOLoHe<5Mcta#(awOwYavn16&y2`{jI|h6hZU2~hUPzZWlv?ywBBr6_90W4 zuRJ^K`F>(k=8URi_Mh04x!D^$-%B>-`cdPk=u0NWf3G*nROcn5mH*xZFLN?8PB0eY z{N!uR?_(QcLV%6_AXH#OOfX%K|K)W-3dluZIv@UcsbTsP$QQE5%FE)uf&3V|H+mcs zf_x`96(t0@2}?G>7?kNSK^2NZxzZy;VB@GodwEbqmP%v4)9hw{sSZn;C+A# zAT`fd=I`6;pEUSH)5itZlX?oZs)58`q ziXLWTx1y)y3={n?aQYt-{r7sgMWE5Gf9+@uXwDMQu7u_IALn_#a{nz5(gf|J^`r`> zo=IMR)+mcve3?cAAn#U2Ti*f~>zZj4U5NMojsE}c^dDi!Uj*6cpJj4C$tZ@8k*3bv zS1`W_!ni3Vt2Np%jZFqAht6f%g%xDGd<9IVUGQa6{u4tcIKF3S<^I02@_e)XtX(Zq zE=9@_lQPGq1peeJV^%QatN}x`s?^q0HP!3S3Y~ok+|&2V1YZ$sI|Q}+rELbZ;xA1r zauWHK(S9fgz8<6TQ0Q)vm-Pf)e^g{>;abht`Y!%cVc4fhuSfBhqkk9%2k;`;>_tVr;4BD>Sjcnlwng)I^7%Z=JswaweMS6^z~p*ES|vjo7#^(gu@_ zDY^9@9p`dmfgd1tVKq|cpta_~g1)lEcd;R6kSpa%bn)P=0J{io2KXVs7_yD!?oIC^ zHg+GtuvCz|{4jo2P_-M;>#9v@3z2dm*Ciuxb|T%kB5^64HTV+Zw;-|L2LQpR@pCU? zW5_c0SBQOuu_KKA4zV7@#=Z;i9|R`=2BO7qjHm2Iob+wqjfu}db^&D@xdoIPl4K)y z1oDk}AIwH>31UX>jRcf?iBu36X}IZkZC@9eL&0~4PzM$hPjp1|pj<$S3@Nvg1 z>Qra=V4R@UH`B6sV43JdwK!4Mh}0U!cFL3QD)3SHr%olx41N5UODg}Gl7s{ZGQVc{ z%f*d9!;}b*kJfMki&I?Oaf_mIVz?s4HtmrNr4E6Q^}E*ap?(=g5M8AV4&zPutrH|g z880$PwiCRE^a46-YvPX~!*sBl;D6B$_9etZ!e%#(;3bK zz+pPsg_u@(aq8Qhn1w+jzLQC^k(-NrV@8YI8z_#QH!O1RvT`rJA2PEc^LCC&D?H!V z%$W2gq~<=1B-*VCN#e)0<3uYyq0=#e!I)h7Oq9jDkk>QZs;Y?7(Nl>(fxO^Y&|XF< zL3-Z_g24cn42ITZ8+!?2D-j#Z|JB_FfcDG6kC{a;0^ltAd!rc^ahOFXIogMcR_bW! z7$w<=W#3EmpLL9c{g$eaq4AQnVjB+8#ywg`<5_(cW~l zA1T^NNBfnc@%AWf@V26b94&w$+SE6QB?4$%BIG^+z-30RNp#DMz-IOq3`p#i&w^t< zI7&4KhYjQ7xj%NvD|;n#AoX&Oxb*F(NH0YCpPd5VaOt-|M+^&YM8r}%w+}p&3jEx1 zB=!y7;$?!#=+I|#exF;sEHAeVF2{=eMVDj!%?{=KcVRm2d6*3%jvGIA@PF>fROFaA zIy&zrs~uqYkHjo$kztD1%uEMxcQ5znPRi{cRn%LK>1( zFpIQq#75SU?SRSkKI3MQcEAh=+4%p=p;+;K-*8`IR(l5xXD~O2Y&6jwkWUkudL^RM z8W-eZ)tiuu2-l!_zPZN4bFfY)?`Hg(m9FaQ>U*{q7&tNMGLzho zmqh(9Koaf=ru&kTkdR3Bvj}c%>O`o758A&kUU{E4To$azGUU-hpj7vNz9WLWCo086nmSkDajpmi2 zv4?|^Z8Bs=(^GwEeTs%YF!dbjH!NC&AI3dDS_q@VbA98|WB7xK-neuojWA#+I!ILV zj9A{0Q3aSITNQ+xp^U<4D(iM>G&&QrkrDIKgl%1WgvQ! zqEtGNO_^+oBuqHRk}lVLmNX@n3&MCz!0GeK7|g(#;9>mO0}web1oC;a83@Dd7zVBl zd|o*NVJMGbfYCj_m%k?;AS{vvK;oxnv>-Abul<&0EG`CeGeA$N?1^F%X7W8(2lk83;qH4KVze zdS8N&<nOD*qg2Gb001q0!YHdYoGtR2cifRhbx8IU=Gh@OJ|OQw(< zXI}0VhN>~h9z^(A2Ih%juc}$z*$je)w}OH2MytjeSl)65S%!B31L2Lj;f>ZEM6-vb&zqx#&54Xzqror^Cp2TgZtC+Y7)-HL2GcB+!8Ml3 z;BHfk3LtZo;P-Z%{k(>5uTSBqE6(4;=)dAb=?wlC&OYAegg%o;?IHGK!bcJVK4MG6 z*Wi#sIKrgNXTS%9iQdgjA zKAXQ;<7{woc0+cbEL??Wf$=^t@d^ea82r${ISgLJnTSuHgNg8$CS@*zUz?N-Od-4g zg9KWfK`zcjZyi$z&Hf_ZXBk|F6Ds#*I2$L*V^D$9sZ6-oq?9q(gfktLDI7IEo4?TB z1bdipH_ijb+I>Gfx1rU?8se8VWN>kIRzr&+;+I4QsP+pm0&YE_-dPmO*81D?Q|>1d zu;)QkV>eD1gTY>$iQXDo@2i0337j{Z!8c9HEleRad&hfa47hztqPLbQ-vc~=6K%oZ zph+>(_&rhX`G={7!7C=k_{qNj{?eqBG3YTVM%r%xxknhJF*s^cjI_4_dCvpV81R;w zYr_8kJZVzO7+@X~-Od8!?FvX^kZe+nv~)n;qJT68+;YrG8xAb17F--sH$J zDdi0EO^T8BDZooj%4`NjCdJhB3P3)`LU(7t?a7?9S%BP?47xFxV^WMXK7_0^DYF?Y zHz`J1E#NAXQpSL{!kjejMaDhIP!23$jxc_=;{=HTMw!kmoWuVcte2EAux?S#!1}>#2DahL z7}%CBXJDIlHUqXN8cv$EFZw6DeHNQ9a^Nz6Obk9_UM36 z*qP`CAahK>?_`{Q?}|MPufT~O!pUcjg)E@KzzPN|K)GBrf4<3IY?9|Ppp1Zb^X5GS z^DG^|=3p@-qbN(TzatE(i~;rZdpAvDcuk@i(xDVYAIv*%Fv79}S18 zAc3KIO9_jB*g4*2ELRy*m~o`dn8Hvp#!mP);~WNR?h)ST+)ouP?_37LFgMbuTs6{$ zFew99(+R4kToRb$a{OM26RZpzYqGEgyn9smQd$35x0*L{4 zPlTO7w8t6*8*m~s16NR?6a?!}w~U_md4R2!m4RdJE3D9|B_j8JFtl1;297sF@je{k zeFO}TSzZQX(GXZOF>uPJfNGBK;MWdmWel9up-O67MCuD*co`=u#=!B8R=k}N-dDl! zYs<^P@rD#{SA_TXVECiuWpKhkdb~M4#BYC}DV2efl&K`OM>|vgN#kj;?#D^!m zb4$!{p27Kh81g&xiQW|4?A=4iTeFGY<&5$M><*kPnc>%>NrasyI+>i@d-1twDz{vu zZkR?yHLf*lar(WPd)6bo17|;P^Q1m&z08rr_b}R`Nx?n6b8em_IdN_5GkNwQj~a)h z6wFj)rNn@@Az=@}3~xDu9R|)}@CBR! zufFdd0$Un~VRLZSn`auXj6rni98otaByw|vGMfz7YzAChn>!Q)U$%4+cpIYk z8q$0Q_u=$oy)Vb@h?@uUQ4J}?)<04nS4%&_8Spm0U_dt_J~I~?K}`RMagfQIaMDx{ zBW!b+VLMKAQU>3~8SvI@-b3&`OBX%02#VTnl4tKg@Ffc$LhyA9ng4)=lAoK#wir?w znaH7B^{9CaJ8iiD_@~1G^BY9 zCgRlP)p*kV*hA6i0+<)fNZJ2xgX9EvmG ztxMQL@F|?QvhK}0a}RmP;51`Xy&0Pr&C{gl*rZCC#GJTi4Z-CMm?0Mwb4ip-m>GtdsaMl z!sB_|Y6G((BV_4vj0df|G8*3*<%jI)#k zcg(?xS1MJEpjR*ucBiq4UNeVW6<`O&5@qXPRLyYCf>PT%W`vp-He z;)pr^JKFErV)~7Fch2`80|$86iIrBy>BCFXc}o|2c{Qt7F3nrIXie?Xyy7)W)-7MP zIerQea;F>eaPt^TPE@SFK%?QyU(ae@V{L+UmU8QYImMr~ymDa0xk&n>h+uvU7mbG{d4)0&pFIlp*I=6-$2^jwj z0Suq1Lgm-4tzEcuG2&>u<*QaLT?1&EE73H5;LH7dct8NF1rqxC@$2I+{$Iim)F*=a zN6=XgZNg=;FOX<{`7XRKu(=oZlj3A0IJ8;GkCqfgi4plgRz7l|c|E6aS482y(E@uZ zoD?be)C!|&5rv6O75?6;o`9-;V_Sbe)W09>9<9f1{XZgcTU;UfcM_WhJ^CKOMr8gLx z_c5hwo1d>nP>gR^zW7ZEbx&XG*c{rFGb7=zWacERRjKT8W)0O}CwGFY6oHKgAkR z9W0ONX1zkET1v0%~QojpdALtJ_7_<)i&=gYmb1#*$XDE%B4Ltc;vi zL)*%sfwshK*Ksa^7IDwP!!WX?>yrJr7Z zYG`?4y)-&Y{@3|)@Aj1$E#5L#L+d~5jsGW|wngG=^#5Aq<67`cZ@&r-eNt?j#0h+^Hk$Wv@W{t|M~Hpb~x1t8P!l`Mr&>R%hIi$ z|6Ma9%l-SdyPdi8XlzG0YYpoar(aQgyxp|6RC7wFyiv+#!>>!%mehUC(yb;UIa-!Y6}r_&*IIKDOHFyFV*3W(nSj!k zi5I<}Gn4xJ_BzH&HOc)__05h40@0ft%;oQOvm;=Z2=@fcn(JNL=>KN>^PSdU_E!%% zv6z)`Ikt*9Xv*GBZ1YJou+xg-lpzMP&A?wfSjR5bnM({!9zFC}PVK~YfhZS&%TQ%&6itnlNls~jkLR?*lf9JfUAhbq z+J;ffYktvzT8U+tOEj@s#p@%Br>IOT$6hYl3q@%oD~+7Cjl|tamm$O2#Fj-Y(;KmP zOH>D~r!CiBP75dHY%p#vmjTRc9baoM10wmYgfrJCRvPuR(nL2alXP>d)A^OvR_h=- zlhar7h@aCIkVZ113)|DL`UTP|&-d!?2oIh7aDCN~+MOg*hV$s_jE79)JeCDtHbI1?aVp< zHVbIa{IBp~JIYzf_TtLgO-2A(tj^du&0Nvg3s<=vOuK!O_2J*ks@k?1SkT=8g4@sQ$gz;eRhXi=SBA zM(buH z-%aiz5OHja*s`Ma{r^Y1^d8&AhODWzq4=A&l}(NENH5S7YgJ2$Zz=JgsLYk7zYP9= zZDcH9?IV4GHngLYy#pgXj@HworSL~B|9@NG(bnkgV=}`3*UcUAEn?>a8H=Lr^2z27 z_9nT0A&woXbSeK6*W}VJ^lI^B*22Pco!62d?Txl}wA&{iUFBMmGWFOcwYHX_KAK{&=9h7XTG>AJU$;JqE!X-F^^|f+ zk&)Kci@(zDQT|x}jMnjVoO18N%A_32X{{mBnEJ_AaoPh<*UENXB%=rQ(VV^8=4O;Ji_h@EYnZMHdwymQrC0^Q_^W$4z?r=uy8++YK37>4-?yXf+b3JCBZj9AF zV_VJ+Qr@xh~Tin*G_v|d?Mq5zk zM^dD%qxL!72q{n8te)hLwHxWS^fT)zwogU1I&+K3Q^-?WOpgQ7*7j*T%d$`2rClgN z#*>e?fIO46h05xOiZUno&d^VB|OE*4*kmnl!5EuH#{G-54Z+uXk5AT7we^4vTs z$LjELFHg``_Qea487)^VOdi|T$2RsGh)D0(8g}Y`m^sC34d3p|TzsLy-VE~0e{9%W zjWPevk;?z)=x0*3)BF43KXn4>hQ8ih+}gK3t%25?A=17XYE$hSls47=+RE4=Qr_5& zI;9=#dh^>(W%Ft$5ND#fZR+VbbtB2Z!Cdl4(n_$J&^0x`NdEXz&Rl=1gS=H|HHq3m z+e+#iua&NaXiFZUN2Q6~IG9=-YvHJ5aXwN+2Q9~9{#rTqA9<{Y$RKW|u|^HXL+ncf z)*q~WfwaD(aKsCm-)icHH<|{e<#+ z`$@IAEqkuI;kDG@^USZ*hjiZ?kXlUjMm_hdCPCFRrE@dku6jsQ(hV2k$rp7-ws{eU> z1pg=L>z4_}MEwFFYSIUE)Dy)4n!1sKN_;Hke{im}UiC5*vs9FN8A`Hgu7rMP!!kQ> zHVcY3>^Q&sW-d)kD;(*^1Ou&sk;YcGHn&4Uz`UQS9Ze6YmTm|5>4dSIl0u`XbxSqb^z zlgoT2oOeaF_xBU+eH=cG&bOF>)C{U7p4e}QOWABvtdnhYrssc7(nNiXL)m`pbN}hh zYHTvNkL$dAulnFRM zALxljn*Ik%`{s6{dA4Zjp250*`00vv@~K@qZv4Xf)eCEv7JA{;)zuz8gSZS|_FH?? zI_%Kkt*u$Tras6IJ1(kQzEIMZZ(Lfxp$@5rsUY85ymtMfI&aO=CF>S1U0A(*)uP&k z)dd${?5$k7a&g@T$-8LD5--e8x#6pMC=elJu3ocb=^AdTfZZbSw{S7?jk|Q=%5fLx zE;bBCE9@IlKfYjLy+^U42lQOJW>Nj>HD1*kY_FiQ#%u&Z*=`dC&z1(Y)-J90YFDpX zX6k0MFJD<#>n&V()tqauD4#L&+Jy@#c5VHl#WyajTeCX6Vd2v7@_KIr6&EcQE-IKn zi?L?wR;^vWY}L{w!Nu6$!u#~KbAnd{&F&PzoRutT@uJ$=wZN-Z=hQC^*XOKVy10J% z>QyAS<>sHp~)Gw;4UAopo^VwD$ zH{R1~m@1l|h*~dxv4phTT6hf_@J8sn z%3HO1%}S`+TeHRM*4zxoqB})(r^-gJwd<6ogNrU*ve4vQOGOqh zUJa-FG|TZmeZ>_MgQFL(S-o~Gw-(8{_S3;}xdr*T`D1M3n2*N>?VcsxJhSb{!WpZo zS9^12U%9Y&>g<^%bIPw=STdvh%Ch2;*^~487f+ord0caItaZ+b))+luup)faFq^{)QHcmWPFXAMGtP8hx;z2s`2!y0_ z6G76Lcdz0hrheq%_DtE1hg&lJhr`@IZmh%Hg095jKLb+~<#IbHTm>09+_q_y;~4`i z{xA=i{e(JjQ#2mTOPqs{^zQ+S%;$jFKS}4VjM)yq1?UiPy z-B@~L@eoV4(@88%rduvdVpDoAIbze@swFO$TFc~eV)b&X)~iY^$R$pWzV%AG;#EAP){b z=y{Pt@Og3cuE(+cIcQhlWPb87KFP&J9{1@J8GsSYUG6mf1tkxoOhjHeu-1?AS&kec zVd^h6M@}@gF0&|FrYQzLH;e90!GiXHKW?(Ik`exviLu70O zK`_%YpRl%~eq1Injr#4xspZumekytQgRbSxQ}Q@Xh`jH{$!kFT6`XR2j3+@5%(VL< zk30BLKTh2u?=e#=WVkfe|11d8^4bugPs$=D>4KNX@nwQfmZh3+Nt}L5pkE~zSl{z;N_{uQ$*aZX zi!4>a7AZFzC-0z=7gX}@j+57NPISqt<=q)4FZM7S zbCA~z2FlA;@}7^A*9m#DJks)>iIX?$JD&F>25ZW@K*{@goV>mxqf03*@8vjo30P-x zjHbNNO5X3CJT$90rbAw)!wkd^eitXN2=b;Qo$@YneDvqP#K~I%c|p+S5P9@-u$rYH z({4Kr-(bfl`5y+~!_4Rokw-rl%%mph7YUUwByy>Gnubu;jJ4AF=oILM& zT%zIf>I(4X;}m)0OIjbUhx%^A!;S_nPzyX|cEZF0DKR{kNL>@y$_KvmNU52NDehE&> zOTo#xN6YK#@VpN}lSAZ5TtZDx@ZQx~Adgx`kAS%#*YWgd1So(RTyk*k_s6WXn0~hT zbR9EsF83p@j{s)ak&X~V=)(mrFIjo8ett6po2dB-KpOi3k04GTE@Zh2G!M&vu8p|g z07l3w9p>EXj~Owk-!Si5mrlF-%{SH^0YLyW;tej!xzulFNSz+^s$7(Fqu*$y)3eMs zJxJm08NZpqbb29)U>fSX#i0G&-FlMf3gh(F&w17SW zcK_oDDG)OZvDp*?H&F&qIp8%9{NOX#Ji_0h{x2|8pAgt zY9wD!VGfWu*q42rP#2&Qic4l10j@MwiY3bThx-U$lRWI|`J5L~42G=--VJ3E&UyZX)|c7t@e z!t)faQ2dpOzJ!=JA8^#*^bIl4t0i`ef;vU#SSs`|vCG?_=v#=LoZA#`B6j@S6up_) zm36{(%YYrod$q%KW6H^J(~QBq2abbXB_m{@!AZ`y zGaa40#7WN2vq(oKX5lAPiGv6Wi9uw!#7Tt!IL^kI;ifNQkw4tgDW6#6k0Kp?HWwkk zO-jtiFd4*Jm>wNPCf=Wf3R2 z@#HE;Pew?bB00gYI68%X{<{NNxKeT<%WF=3E!@|RvoaJ7L z@Y9Yb!(ri>>3HTMoacCkIxIYuq(e>(!WG0Qi#ieu&l=LfvjO4fh`|$dSa?29I(W7s z+(rx@)`?hn?k62Qtq8wF44%;r3(q5t=P`uea6BQ0h37kt=UIf$5kn6C3>KajNJm*O zBm9};p*@L(=T*|d^J|2^A%+n8JF)Qmo^ehHTRb)XXq|L+{V9&}>i z|D&UaK_`}SKXCL0(20dVnSCGfw}4J8^3Qej+dwB4`UQ^O1Uj+EpWx{1AH>367Uvl(L(1|54?`1GA$K)p*PZxNIg{RZ;JcsZl$MYO`h=u1Dj)#w>f9rS- zf`?dmj**VC_!#?rV$}Tw@DK|RF9AvK2Awzwa~2Oi;$~hx-sY#gh)LrYj>!Kqc!*`r z;xnF%am)#S!%2){3>KS=cJ#goiIX6c2l;&NQj=-EWK!)sjs!wdE)DgVa~Q~ocAA-@M9PmzCw*p11*1x|PPO@-fanDRM?l85p?aG3IwF?UdY z3PPSDKZDryk)h;qc$mW34paVEhbh0nValIG4EaR}d5ZjL#I9dVCy&FW3YR-f`JZvP z4{(*keS!Ivdgjdl<{FY^g%R?UvKok8KiWbbhxwIG!P^{WS^P>T>D0f~;S^w&?aRgw z4!W;zjDhA}reHR+V4BQ#q2(DtJlbLg!jq>k*PKG1tnf7omnnRM!j%dyQ<(lQGB+u_ zL*d;D8y|M{`iY|dO5vjlzo#(QT~b!2!fz_f=QzT%Okwk(P*<+GC+~27G>Gs|RhV?C&b zA5-*BVmIFM+DgXWA1R)n5xcya{dZTefTv=KL!ZV zr$4ddNmuwng|8xZdX^HqIpR8CnJ<=-KFZc{t-`k|d^@p|)1v4P5j&Y*A$IkBTJaoI z_(jF@FN)qn?BpB)rf&Q?=9`M=UB&b7{~vqz0UcG5f-UmIUG{@pkW*0-+?p|p;V`C;F&lJ}i_%Mxw!^EV-1dOPD@ z#{KDn-t|7-q)(+auQ|pmjdvMeGWJW2Y1MAA#`S0&e;dHQV{s>@Yh83V`Cm8b<-ca! z-*|!XcH@i2DX?Gm)w7s!edE5y17Wrs?u#e-|IB!g z@ljgsc@kzF3gUd>j!D07(w{J0b>q*kzIl0i2P-{<>2faPe6;3O5azu2pz!i0Pi2#* zqwzH3nY5O1DXn>ZV7$?ItI7X`Nk3qGlvdr&82@a{o6x>InT-n>S2Av3+{t*T@pR)v ze{Ua`gr#*>ZL8lN=2Vf>KR zKHMMYYrgBm6tM5wFelTst_vAQ(3-ZKNsl(^wM=?*lirEOH6~vpXkH-VHN~WFGwI2+ z=5>?~MP|Itn)Dy(O5XHaCjAfN47gDCmGg>m1>@GnEX{Wfg|EyDV>kK2*i>Jbi{Z=9 zCiA(dainpaaSh{m?a$*V-wOfLAJG&$YSIGnw>PjSCw`8kaJzVO+b2=uExAq zfn!aAfJPcvl!<$E@WKXxTJA)7cnkwT*kP9F@G2HmEXX)xp8ab9>#r)N71^6FxGgA@pR+4#`BF=8+-1>sm#qL z-E&_~>4!}E*T#&0@YUz6@kL|)cIM0TyYXXV9=CmYf{e2n=Q0j6E?^vCT*A1VaV6ub z#x;#S_X)M^jZC`RxU;e6o}u#do}q79MjMYeo@qSS*mGY|<-BLoR~xT0-fXgI9%MYsc!Kd1&-!#U-##xL*jq@89F)nUg!ML(rH` zO^jO@w>R!++{bu;@mS-D#?y^w8P7LfWW3CHrSUrBjmF!IcNl+Ze8Bjq@k!%z#@`!X zGyci=uJNzNPmG@%r{H~HZ8K?%gN?Ho=Qa*CE@)iDILf$;akO!)aV_I|#*K}e8@Dq~ zFz#;L+xT_kp~j<)#~Z(C{Fd=N;|0cv#_t=iF5`&6~>#5w;As;{?hm>njB6Xm8#gs>Y3w%c zY&^(#nDH3n3C7cnXBoe1yx907;T#$m>#jLR8UF|KM{*SNlMd*hDAJ&gMp4>lfdJk5Bf@q5P0j8_}4Gu~{x&G>-v zVdIm=r;UFwzGD2q_@VKi#{TBFr!>atjq@7kGY&Vlzq^$&=@pFY8r$FInwj)g#%|-z z#)FK98ILiZU_9M;mT{8t3gflL8;rLZ?=U`MeBAhq@p7mB?jf)$XG_GtM zXB= z=KXu$F+G*B)A$u*mvLd^2;)-5<&3KsS2eC@+`zcKaYy4G#`d@4H%$6C#VBFle zwQ*15zQ%7Dk29WaJkR(&<7LJhjkg%@Fy3W+%=nb?dE<-5_P73@P5J|4PYi(ene24x z`;G(}Gse@Gp3OL~aX#a4<6_38jmsOy7*{iHZ0w02P(9n3^aSJn#)FJU8jmraY&^~Q zJ>zA@9~*Bq{@mCTtDt%wH0ei-zcoH*{FCu*<6n&*8K+{bg68Ek&Sjj}xR`O2ae3ot z;~K_wj9VJFHST2G&3LHsNaJb7GmYOfUS_<`c%$(S<6Xwbj87S#H@;~6lksiir^XzM z*VpE$jGe~0jPn|oF|J@7XI#TL-ngN0E8}*?y^Z@D4>KNRJl%Mf@w>*0jn~kM+gWeC z)%Y{x!^X#qPaA({eA)O%<449%jRUg2tWQeg^u{5^`Hc%17dI|xT*0`qF@6&9bL8{< zywC8o7jZt=OkVV}$j)^9_P|$e{Q3Gsgu=eKh5Ss%eN4Uz;m;StP!#s{S%_ph&MEmS zg+E_^gmSPiCV^p3zP<)AOvgTguWI=7^%tlG`+oDS$8@wKUk&i*yC>EJ_Qj&NV7l(r zv|+m3f$7@kbYi;Pjp^DpdNExFU(^RbvA!^F+rKbw54^CaJyn0Ur*Bz8Y1NtS=Ch~W zl+JeZrF+^<>1;P&dJL^)Vf*;(X& z<449%jr|x$q;~eieaW7Fe6pt>pUi%IzWkp4SxPTt(u*2jOiFZqvd*x|9#7H9AAE4{cBZ(RcFSE`sz6}7FOL}Lmfg?pC-nwWX#f! z>x+2;;XX2cX7Kd8WO`I?yI{66ogZE(7lhfiOb>@w$`LTzkm=mF zeI{e^JmV)Yy$t-d(#yeTWDZ4gS>~8$H{@#Y&vH%pIj!~&!h-soRz?&1am-4l^B9;{ z=4M$~=BC1NBbkTGTV8g-Rb(!2b(zapSLQNuOh-;z5^gPXxjM^SmcBApq2DmMGCW?6 zfoI6o;kj}hc)lDDGX^h2+t>!<%`(?7WAH-sy*pxjTxOoDw6@8c#&=}qaiH-+w5?F2ZLJPA%OPk}SbZ^Aj{>2Rq07F)M)!c$xoa_-FYJd|$o`Ka%gmf6BkZfkEDBAHiwl$8biO=PX&}=WuS> zANyLy4RXFga3PsvdKZ&Z!=>c3a0NL%93y9hYsidkuP0}L8_C(>7IIFwoy_x~PI4&R zLk@%c$s8+au*?|wk#bRZoLn59BA0~Ul1syH%VlB46LNXW!-;Z5c%@t!UMt7KAIm&P zU_2qGtp&6HGR+wLFXejhA-Ms3Ol|~!D>sAB%PnE{ab`I@FS{YPhwsR4n6ZV-(;0p& zGp?TpK&CUUKZV>IcFO(W5Sj7*+2uiS9+~HE`Q_noxXf|HBW3mpC?k)BE6E(cfpLkf z!(_OYJPm$L=D9`_c{bci=6MI>5;-l;@4Co52k9mATyKEP^O2!4&-LDrSHTlx_BnV{ zUI)*T*Te6~TVci}a=zQ(WiroYK9E0$KazLB94DOlzl1-N_rts7L-0PC{S^+&N8uAP z`!1Z3Pr~2J-@sSp)9_9CEPPk~4*p&K9)2ocg8gxx!n$37Q_0t0_WNc!&$BrGAAJ+f zDf65wRAxVk0`fh$sLXTWD4G2y*iW40Jc29BkKtvAwWT+R%Sk+Z^+Ew->$2pOdS>7v-Apk8&NDaipBK9(-S}4?mK5 ze)^}}7!FM3&EFJGBe#Gv%B|q6avPX2r7XW4%yAQFH(W^W2p5xi&Ra_E3NxmZ`Fp@I zaxb`s+z+lN4}crVgWwi2$3kPjdzQm~EuCbJY0mgkrjLgE$z$Qc@ z%4y$%-;!s;Z_6CJe4+dJZ&%tHn^Kd2k2RKf?4A+u*E%KWDBg`07mj4sn zO1=emkbi-@$oJr0@^3I>P&w@*c&PjYenWl^Pmlv}Ui_w<5@tLqr{x$n@5oMgv77;B zJSy|BzY)hnpfkfC$ywpeat`=2IXApZ&I|98dChcKE&!j9!{IY>1k4yz&MOkWDzo3x zO}Q-07*ysd5C1M#grCa1_VQ2T%~J(VC3Bpf^fLQDaZCo5Qxnc9vo93mPMOYYwE}WH zTvVHRyTeyMD>%3;N8*U@BuN7lWSw64-y2;()J~GGf zW2`Cj^n-`X9A{vRJQ$uNkAOKY1oMxA=g91*^{&k8#rNdNFyl*^pVy8b%Iv?jL7ojW zzLa_9!aHP+W0Wi}gb&C|;IHMSFvpbOv`O$ec{zMhUI8f z=}qvT@)kG{afwX-1WqGwhcn8b!&zlsv*wofz#NZ))9!^CM@k=ni^+%JQt}a)aiq+1 z433dc!Zl=G<8qt|<~av9l7E0($d_S`S;0Kl;7&68r7^yg>9^s2@-OgU`5rt{egKb? zIex+v`4Rk<`~-emeg-qvl;uB%6J-akrB=!uFKVsKK5!q)DPhK)a@w@;=Q6Le8F$Kb zjxTjc<~8>*IV;S#Q|8GIpO<+pepzN;I*y6KJbBHgt|d2yUz6FN zk7IN&Pb;{U+!pR2w}-pPZn&4+5gs6ShKI`C;Wy-7FymBNeqZ=ac_7R)}-LMmW8^3C=8Ufpf~+;81xx%<)fH z&Q7?f`~@5(?}i!g$~=4E%JN>gn#}RZ>d1%S2J#WOnS2~>BcFs5WcHivCZC2G`^tH- z59RCfd6==UO#cBMBVU3i$-Iv;UH%E4BlDihyYeqE<6~LQukiaa`(l15^Ippa`3byL z=6#nPGJi8jmU$0`v9c^P1^l&~3O*%sY}s>iI+)|eFh9pT{ZZx^c|XhS>v>RVL%Qz7JSRMp3=9cNh;Ll~=i~3S#-_}Di?@Jw%C&1sz z(_qHmvK-!{x-8Fz8Gp<4ci=nnyD*=N#q=fcW107^I1Uffm%}M!-p6vv>?6zH1ej+H zoLy#r**x-kIKRw$UE%U(I8xpUmyvl7tdhJPj+1x7wd5~g#_MvvyWu7>?~^fJm+AZ9 z4l?hVb&(Ilz2u|t0Qm$wR6YeWc9-Rxh9}79V8-q;{Q^8oz6ie~v;Xd5`8vEzW?x>8 zBgAQchCh;jfj7(d;m>4_LAXnP2=9|Q9^qm6Da`m@miZ^l@r7uPQ^@#UIuO1p^Bx}K zdzqdJzALAN8Q;tF4DeH#_xAiVdegJOspK4RdYSk680*Vv+5b4F%zJ)}^<{ctxPV*) zE-Lf>UzE&#$>n6;3uN3cr!5axlPkh?B?&aDrR|?k4j-VjsCK z{JPA0io@jw@EExfJV|Z}b8IEfw>dmVZVA6Dw}BZm%slPj_hmQCm|>=Of;Y(QGrd*j zy~!PNA2?a&*pM8riPH{-zm|u=r{t0FIhp;cFUsTLA7%Ej{#l+1-_$oy;*WJITCn%6MZ=%l_Z}tWw1+SFvz-#4u@W=A6@HY7m_;dLQ{H6R1J|sVfkI9TD;Fwyh zPaw=#WjZB%Sxyb#ka_R+jvNgCDl>lTv78m=W8PR!E;xmp2X@M#Fk_gRCm)<$=DprL za$z{X%=^CKaxs|k%$zn7E+g}Pa3#4k94D8BYsnSh*W^lY6S)f9N{)j&$kpL4a!t6G zTn`=~zXlJL8^Vl#X5E^=6XfRbn{q37mfRM8M{W-FY`V(pUJ~Ki7>}fqgTSAGRI3OAg_gs%Io1MnPatbj5SWnd*PMkPhrMO zGkrT;N8SxLkiUeR$@}3p@*$Y9)13AQ+)X|P_mNM+ugl-U!)1=gz&L77dmf%7Uxug4 z*Wfua$7y(1z6CSBn$zBe-XRu6`AoE)#dVVUAZFMP>zP1%Z%q?3^wZ)3wM;O!ad{~aDTZrJVdSs zkCI=5$IA`isd6KjvDqxY2|Q131}~CZz)5l&c$Lif4aRJ9+5~u$+!_8jq9zVLCmKYUsq1YeMc!dK+sFk`tn-%;={@)-Cxc>?@Io&+;qjQOX+Ddib(I(a6{ zm|5nT4d;;O!i@1|`aJkmc|Kf3UI>?v8M9GVUJ6IcNpMwp1zcNR1=p8X!%gM2aBF!z z?3OpeUFA(MW5QXtt?)p38_bw+rhf*HmUqAt<`A^s-JMcSfK{*hPkW<2pEob?R>nJZXuA_>a z4z4a|fa}U3a6>sO++5BMx0Q3j9p$`mci9E^mGi-a@NKyR{6Ovq{~>pUpUd6hplsfC)EnmWbGW`3%MmOymLr=y1b#&x2IrF*zfo9b z%tmo}JX~6y1Xq-&z_BvpH)_f=;dprt+*oG(MoW1<++JP)cb54axt{V;xWBv%9wIZg zbd>x7JYHrj$5eSOJX2l|&yzof7s;F9B$;s?t7OJ?tdn=Zn`Fj#d@ApTzmOT@u~*&) zeHmmQ%oP zIW^o>cEY{o^zcAA1Rf?cmSeQcSdNKuc6gf1F*s+-jOCawb3D!^a(;NZTmW7z7lPNz z;qVr@D7;;cgm=q~9o{c9#^Z?0IO3CXMfj{74gVllfv?H2@GY6~9{1#0@I$!{{7jCA z0}x=#?>l2WQp=3-$RIa^v&b#rTry)kTry)k3d-%_2$?Y+C1u8Vl$ROfQAO?sSC@Oh zb!EnQG?e?m&E@`ZTbVH)9pxc#cbPFBedUqxAo&e=gv=O^vGRC$vdnmo88YKN=E@xF zbb-v+kEQYqc!fL@UL((eH_D6y`9x+c_D*>LyhmOHAC#BEN9ASkH}VSjJ9!m+NnQT2e+3w{%dFX65Lb10{54%!$aho@F@8< zJYHrT$W-|OJX3xM&y%0Pi{xi;lI(}yc2~*%@H#mN-Xy1nKb091@`aop-YYXETQXTb1<#Pbh3CqQGg%-r&Sa^4 z0bU_rgxAPd;f?Z-@F(&Oc&B_5-Xs4EAC&LFN9FtQH!@>RzLObqa!F>)$#t1AC%0wB zoIH>n_#OEVnK38Nf!yV6=-47=r}a924A?kz8e2g;0T z874EPWwg8&o+y6=Pm>wbGF#pR&zHBrOXN@B8_Ev+mfc(qfZNI` z;Er-?xVy}_m%eg(c#zEgNh9PCc&wZio-F5pXUMtXxpE$OfgB1imD!(Zg`6K=BNv1> z%0=K$qDPJQ1ELPlo5o)8R$( zOgKrN1Fw?bhS$lAtJx$kfIpSrgTIg&OS4yA34bMj2p^XjKXY2%2w#vl!&hX+%={#O z3jZQAX684UaWYS2#>qHb-u2EnnUwMYIGxNmnN0E#IEQ=`&MO~>UzJb7MdWYc5;Egt z%F5^AX!!@Ys(cBqEnk7_%Z#6CDl>kjwaoY#x6JsNuJSK%Z}}cPP-gthFq!c)qvb!~ ziSiS8n#}l_*|H-A_WyDKyhKh3FPBrpt7XQ|te4ZlTjY%Jb~zKgTV^cHemNU_M9u-9 zlykvnWsdRxgPa$>CWpbdsp++AkO zOkcSlJV<8Wz7g^uc&t1Go-7Z8XUHSqx$+zE0(l&~RGt8@kSD`yWX95Ll&8U;$c(Gm zDKoBSk30uHD8CIKl^J96jl2Na>>`tJ7IN1^1Ls!~Ny6@DTZXc$9nz9xq>kr^?shneq*Ip3JzNMe=PpN&W?1 zCEthF$-lyzf&MPy9=T(_8JVoRZa0!`lJ7s0Y?L^Cr z+o>uuZl|_f8LltKz)j_vyk8ywACcJ)^`tx)J}VD{ ze~=mTb4_N<&n=lTKlkK`@I!er{7ilm4tUkO4NQkq%Z&fYAkT)g$Zx~BrE^3 zSuw$KYB-zB=f=DuXMpp`A#h*PA{Cb>TRsoV(uLT&=@m7Bp|$t~gIavS)x%zn%l=z(wTAa0z)DTvna|N6WL|sxtdb z*OuRb>&pw^rt%`VwY&s&%S+*|@-n!$%s$ow<{0)3f zJ`LZJ&%*a)_Wyn;{{TOeFTnwYyxYJPIJNvEoI$<;XOVBhx#ZihOTG&ilpnwm@^5fS znf=Ji%TM7dGRJ+ZE(gMO<&%emmbGM{%eNX`e3kPE?M zWj_08vK#@=kl7!7t{ep~kl8nVsay_TAyoO%hTbW z@=UnDJO>^k&x1$Fd}h>mc`-ayeh;20FNf#JE8#`*YB)(=1Fw?#T&Z>P26&Ua1^!h2 z4E{pi3GbEJzyB*a89pxWg-^?e;0y8*_=?QuQ2ivIfPaxs!N198;3x7q*b(ks?-$^d z@+CN(d7r2D{04^*421m<};HvUtxVHQht}p)yHY3>V7D9uca>AZz2!9UK$+tc43jg$qvcHSM48XankHw1XUiPJV7~kcyhP3mFPB~L zYB@i=Ugq<)w#bFy?J}RWwOfvW_sfy+5xF#cQZ5Idl`FzO$b25xHMt6WOOAu@$u;1I za&7pTTo(=~;@t+~;nZ>iID^dRcV&^A!MWs?uuE9sB#(th$b44VSa~8mS)KyVkf+0Q z<+tDk@@#miJQrRe^Vwo+qH0sM{pA^e@Z4!$Jw zxn$Snjqq)GGyFi_3jZN*gP+UW;h>`4ZQye_t-K2kmiZjBZ1Ms475NaHPd*G6mXE^4 zNAOhnF+5X#2G5fnX|ey8`CPRmIR(5*P6Mx#o$w|(1N^BR41XbKg7?Z<;IHKD z@Nqded|J)}Uyxn!6*(XLll&_Di(C-?O)d;Sk&D2N2=96?2B(xu!0BW@&n=T&8qOh? zgY(K2;aBBoxQJW@E+NOkWo179En2P#SC#9*wdMM7eYqjrRBjBnmYczDxh33HZVUI8 zJHP|w1bCRt@jph(UEzsx4|tl~8=fr>falA6?%Wc2D7;)A4zHF+!|Ua-@D_Ojyj`9G z@0Q<$_scWjBl2wcq&ycsE6;;}kmtkK6uOoLc@6 z&LFRYv&b9ZT=K`TOWq6@l()hW@;11n{25$c-U(Nccfr-=J#bxlFWgW*1UHut!)@i` za7XzR++98m_m$7WgXHhv5%Tx&SosP(S-t_!kZ-|rSS}1_lllC>SL6sdpUh_o7M7#n;&N%Yv|J9ZC|7`EO!7)Nhr9;PD}MyPDsO~~$eZ92@)o$PybX?) zKZC2vJK);#7jS)fH{4X-1Gkp0}=F1o1CGr(`xqJ;?E%RBC>*b%|E%MLscKI&6TYdoVmw$(k$dBNY@?-d{{0#m< zehy!g`JBmHav*$9P6CKyC>ym0QCrz9p9&RabgxkxT;m-1>a8G#$ z++Y429wP68N6CBO@$x=+s(c8ZDIbC7$tU1N@@Y6p<`_$>pd-;Qce%2 zlQY7Z0;MH<_c)iSL zw{DTU!Q17Y@NT&eykG7IACU*cC*`5=S$R18gFFhpCXaz{$>ZUB@UBjmI2SosHdvV0AmA>V-K%D3PJ@@+U#z6-CE z|Ag1dff+ECi<}nzR89|nAqT^I<;?IwIVXIcMqf?7F3Tz58!|2_{O-t^;9q4<@?1u! zw_l3V-g1h;PPq&mBA0`+%N5`}ay2-=Tn`SH>%)<9Be;y*6s{zYm zZX$PqTglzw4stKJi`)n9CHIF1$OGY_@?iK4c_=(V9s$28zX8vZ$HMQ(P#DETY6ocuLhSw03= zlTX5R#f<{2kmz{vJ+{FT&mAD{vqA8vMF^10F8lgvZFY;Yspcc)I)mo+JMT zzbik6-;T&J5p`v%vs@U?DHnr7%q&d6#M)LP?3;814PQC(nlG$g!hx{|#Pv&zR2Ft(0Bjrc% zIGKI+r^x;R*#FCc@Y^z<-LOzj4=2hQ;gvG`ZP{c?#T^&VhR2)l$Z7OTYFqE}Q&%$eH2(vI`y} zBW%%cl#Ejxzwt75d44lw{O31cj)s%uD)1UP7TzLPg};z%!F%O+_$#>qd|Yk}pO%}# z7vvW36}dJ1liU&hMdmfmZ!)iI{*VX2&Pr&XTmW7na&Gt)ISkG(^E$4$jLST~GI9(Y zD_4hW$qnJgax=Jn|r>v9L!JFkz z;V)!fckGi7!N+A@JDicv!&l@>@J*TL_P@#Z;iqySj=3qZ^4Xqg;Pi5CIET!0=}@^O zTtF@dN64?irDUGFR+O8=HRR541GyL6Tpj?om50C`<>7F5c_iFdo(vC?--JiVGvKi@ z$Hkf~&w*#iJcoQ+<~ig-IT22j--lPqtKhXV&;34@c`mn2J_LU*^W5x9`51giJ^>$- zFT&r-Jij_G--0j8ci064elxPyk(Hg^Og~EYj~{8^OnhS z2Y7~@0MC^>!3*Rb@KU)iyh0uduaU>W8|4Y`C-NkCr_A$>Ju=TR4$5=kQ}SZ?dwD5* zL;e`PFDJuK<*(rs*tzn%#&LKu$~;ErlzA-9FY}mNOb&s|$)RwZTokS+SAd(zHQ)|% z6S$|G01uKm?#gI+7(7uP0Z)@h!?Wc#;ra4Rc!@j*UM_PSmDTdQ@OpU>yhY}7cDBna z;ob5F@P7G2_=vm~J}G|$pOrVkSLJQ+9eF$aNaizf{A0XrehhZXC*Z8|DL7Q-7$)KJ zdAOAPJzPP)3dhQP_DxNh@gJVbU&8*e-gUGOP9<}EhV(MWVaP1sgmcQjz%KbuxR9J82*-Un6o-s4{pv+B&-aq#5O|fG8D1x6hd0SN;ZNmIc&E&BA-){p-v3k4MZC^P7xkKDIU>9c zr8Qw8y0|wzlIA~nmBXK-gomDgeC6|;)mOf!OqHLX=_=n-j>^X=$&2!9(JH?Qt@1n2 zXiL6$Ug+~s;|a#Ij2F{vaJ)XipU<0(cNrfxK0|W_;dK>%KHoKdN^_y{O67QI-n;ar zhte6md5RkIT*{YTjSlwaX<*#OxEr0xo9A`oF~-x4d9LHj&+{8c7VoqhjCU9xFg|5` zk;XMLUq2f^G7iKs%$JAfA3o|o66Okes?;|a#I zj29d8SnHd1v+*wD!^UTfdHnNDd)N4>F^_G&JeiF{jf)zWGp=Ubz_<;q{U?t}KEG}} zhR*BVKBv>6UcXDbyzbnweaEQMrAw4=-@9aqVttF3C>>RzWcgB&WlDsGmWYguH2;<< zQz|sHOsR5Zkcd}@G^4B6tKo29W7o^!*Us3UiWTW(Ds`cE5Jt zUH3r1qd;d+l)F@%yL6blT6~7+pj|~n{oVCXxZ^Lo>tTU*;U>1LRG2&NM%DyZ=_q&A zZdsi{3GOlpuDJLN-5m+8s?k9gi-jh*`RzmIQ2}wTGR}Yt{%r$L(g1gLZ*q9=0j}!K zkke%xPX7u+h7SmHm39Ud3Pav7ciHHmi1giE!%BFw&Oixey(L6A$Gt2d%vH*ntx(uF zSM@M=ITn<%!kI8vIcGq8hPDC6PLD}&*YMT1M)+W7NY}EM7wYT`>Q<)01(bR21ZR}s zEc)}g@a&G1SWo}sH@KN2$U|tFC3JHmh(`Ee=68$*83Yy=yV_qy9mn?gD*CA#6 z$05%JPo1z}Z39rFb7%gkPBmDk^1eD%9NzqCP|rwuB- zXam&AGrx1EZ5yCYgS(dfOP$KL4LEn^pX*)8yKE@r*qJf^RPSc2cST>lqX)QCop7gq zS?}l<>;6Txy^Yz-)0mZ=Sx;lVq)=00tzg~#*S0LrdjIpXRn|H=^B>j;mhHcm787`!DM@=6|wo z2XpzW_?AC*fZKWYxOee;qZYBwfY1S<-fa>q<1gD$j_}F&ekQnToEb2roc|nr54w21 zE7(+ebjKvf|6+SUOF46d4jqHslgs+@;(Lsy_vQU-*`bq}_hq@BHYw}N`=878v`u+m z-oKU`KG_uO4Cv84A|3Z7|Fy1YORSTBS0>6sLnJy-*D$t06n8)6#-r_eBt*GON2HGq zntCb0o#ADpmUafr(D(db<{LiL+olJ`y=*7Xcm03ZPM$Wc;;ZL>ZYNKh{zE(cz5P9H z`afE)XePGnu?TK9|FX^eyCtM(_@DmjYC%OICsXE-(|G>GaRFE=z7sE;eDOiux&o{99nLKxjc&*jXc-?a%^#C z3;(@q6&`->XcMo}HsI!UZ_zBnTL3=vED!bpH?L#Sy`Q6kf0^FX?AQhTo9R7m7vcPe z`TGyR_I1Z|q>M=Sm+3<|fBy=1ZeG^XS7=ZgZ69*koyl8=Q31F8odIZ-I9F*j;fwD? z_@B-2Wn zu>7WN{$<%Jd6q5nWp@_uJf8XA#*%ryB&FL1{L_57Q2%9}{QGt4U8w)IPH^o0Z|kJ8 zr`}mFyR&)g=vyb1{^L5q9#U=k<3G0PKdcj9o3d{IrA=czb<2L)ox`@NXKVO(ZR)Mm zKedVHdxC??KQxImh#PV2&C577OPAozdD)%ouMHA|25B4c58J4>TrSSbP1L)I*m9i- z?%bE%uV`Vg>&AEgHop52>AXqdeVifJJ>Qus6$W@d^_;sVxbqBf=k;cZa=W4ur{pZ@ zOmQ4P`n%#jc2x~?htAnkEh1oAY;=kqgDO-!wkl)4K3SaEo8$B*RfTdF8waoUuN&5( zb7*AcEb~LsvTj49;w=8r`gZY(mDEJ6Q^r_N>;j&X7YTo0sCZJ_;vWQ!`x5 z7hL!G#mk|QUuWsMbo8|oGW~et6EIVRm`er9cLgakh4pj zW-Ws13~SZs*u;!=t2wh4EX|!knTs8R8x+ejHDzc4F3zgAPx`y+<2oYQ_1Xzn{AE|Y z`>whRgVWvho0AlZYm58ts*eJkLCNkK@fnT;gt;qXgSuNBmlZWnxT{}w^F|t$H_Tl= z!Bzf7?kIN!XArL>D)92dUQ2W<8d@Ja?o!U6y9vQ}O9ta;7&9=GxrUYK?(&v0%Kz@k zV4Rrr4Z1rdI3j&~dY(^WpBC-?cz`Q9yekd}Wjx2@3*{=EJK+pMIXD={<6zu9_H09M z#@;yH=1#G+_Y9!2H#Iyy0lUGF)1I~+JbXY*`=D<1Frx-TLXp*TAru{Sw^ML@`tI&w z{Z%8CRE8zJs0c5BqJ0-YWh;c;J;B9s26Px56z_kxOE52Cu$R_+G1nKDFcmIzYvZkT z8CE&LU3S>mv$MVPnxT1><-EqZE2-AKc_8y$AH;Dss4Y)yDxW*;&BDdX9A2Pnlz$wK zBcr^sL&d-={o{#tJ4@PaHh%Ha&GFxa%2 zr@>gkh;#?0cfU03p0~x81gMHm&w)02j&BulW5^!bb<7-BC0#fEf#znzVLd&5WH$uw zbsTpp&(R2KTP*Bj-rU9a=x=TN{PF!To^`QppZnVO?!$k-ZDBY09LxLoJ}W-Jo$AeiWac$BGw?u$E!!_qOSQ^iXhB<~8cV>R*X}vd0>mgsG zL_d7Vv7^AbB2HEYygXU)tPh^6dG06Zdma7@&sCxyR_5;Mq1pvidCZ7LG>YA)huyu5 z?;0xW`L4AMxchtX#p|KUH`*EUkT(jv2aGZoFOTuoVSxMPNd@m|=$P@BI(W{PqIJIH zITb@i%)#g%mbL6(mo@7E-$}r2%m-_Z%NpTS{raMQzVkWHVsgFS@qA(a!*Z140TnGd z!2R+tjtV}*=Ex%-mO{n9hC`oc=Qi52bMx*1utVdiV>z^hXL)ns!0gR`_lkF4i%laP zzjhaY48=zFx2m!!3=!&VrPz>IQHPq0IceGY*`WbJkN`RY?wPV42PhwImy+W zDIm|Gw*1Gg3OM>si_IDKzjU0%A@)cBj^-8ad5*OI4;^PK{@)&FYvP!i?5c6XRsFK7 z+I?45&vDin)E~Erf{NB{^>(X{AEfSKlnZ&Jposp~fF@K%;j=3Ol}u0!A0 z$jGZ5YHTP!u0y9;&H(4UTK>68*6Gr(M#kFy9r|Rc8`ga8&p2x1cWwLxA2e?LITSdz zRVQzO9eV6CC6@SP-j!JVs5q`pm%kU=C^7Xvm0Q%maDWS4@i>pa+v%U~F8}5%8-sI( z6YeFK-HZL*OOxI2-FGhvbH5$tpEt@qE6VkDXlN&A%5h1LuswuT&3ij=*`Cn00dJ0t zNEw%yB`Psb=-gciL4F0%O*bUQuS-&gA)(X4Ql!9dx-ouRllqMaJvJocuvB5mH~mt_ zbm%v`?vz|jSIs*Vm$aeIy{M!|IZGC;7Lj3qdy;n>j&jWkTbA4DbY_W9pEInHdr%{H zt48j5$?lHH?oP?>&dKgB$?mSn?rzEM?#b>R$?l%X?!n3KA<6Ec$?jpv?%~Pq5y|e6 z$?j3f?$*ifHp%X`$?kT^?)J&<4#{qJvO7WZS(Y1f4!oJ~Vzph-`l`n*tB85$td=tj zQ91(x{YH)p&6lxXzfSc6B8P-Vae_v!d0|!k!j@Ic88#r!FDz*TvL^l+mYhG{*&8=; zXN9@vE^%TJmbvCehUWM4kLee>F*G!A)||*N_w1;oQwMk8q0GC~11mrcp`VlK1A%Su!Fhrdi~yrWs?ZM|Nl$ zS=+y505k6oNm0wc8?%QcO%HGADZW~KP|mQ7CC8x2yvrGu6dIL;CCaIDTrNT4Q{-hv zUt(C|nW)64FW*Ncg~lbG3ESNZHT9h$-)W~`=bqNv1K zaY@y}cGt>T(xh#UOMDu(8;kQ|aukU7VNttl`6{~sC51+5-x!wE?eCv=``hPu8<+Gb z+CL^%vkpr-<*mJ~r!!@;d(N|zw^JTT8MV9D<9xB6lm9|E-So~k4vk&yX4vB<6)GJ| z$XNHeGxK%tX<4a@Rf9wCWa%DMwED%XJehC4bm!fY4on|fJhmbJ&4*p7%5e2ecFpnZ zV|seZYZ2(oinI7Z8F7t}fKxo4!Ve3?NqpUE-jn$KZ-0jsmoqFbDKy%@POP_>M%ezD z81J99DeBtDJrfQp6>p&JzLJ?Iajf1aX#1*|9z&YJ%Rh@T!}jF z2-{OF?zkf=ae8E_F>#6cy|r;Z4dX@??XSx54Hi1>;b?!~%5ApeStCrH_%z%VwYS>K zDet66CoVQCM)SkcW6|LIA>Mw9l=%Oa+~mfKka*K516Z@hCqX}TwmZ=ToN1miu{ z|J@Q}LgTc>q`lK6{TXZms7>P2myL?e9b2L+w5T>_u+i@PQHhyq`PV6VtSa`!b;EE~ z)qKvKLSvCPw8Pb$C9#6z9Yw2mAM0JjIM>@w|AeGdxk@ej($&^KXBX$xNsLALaa`^x zDe89NzHVDmgVv#qs`-T_XZ1@NGp51p8u{8aviol85?%IWXkOA89T=~lM`~c<{Zo|)*`3j|4@aJZuAdx5 zowox@AmS_dLSVczbqQ}BPghDEojzXI)Tv4o^*`V`6MVzrn=};F{kN~t`0?yNz5d%T zvrd%C=>z;6BmJ;1Wju`U)fyiL;#lC9ewV-J|LOiSg97s+VT@x&z*~WlzKr<4Yf4|< zME^kiR_uqIocDD9K!)^qCjdA<-zy%l?-@^R-*fu^^gh+!KF81De);j|d-1s)-ujOT zVqaYRH1t;B7zdZaFSjof{&(TeQ|I&<8Rmh?;&^L5XDpEKbIxPB|675cg_{xJDW3T+ z;)hFqhJPKU@!l~V{04v7@y7S^ccge9Z~Yyq3i3bypeTIe@1K%EvH^iX-TS=m=O38z z8-A85C>B-mPnB{5-vtIeX3oHrHSu3yAdnrO1_iQ~DD6+=Nx|Mi{-)uF zihlwcdQur>5HN}X;6Z_#@NdeXz|ZhsDi)GDcc9b39Yh*-bP3Gjn2$uiG+*GKz%U0d zPXg22=9@^*n^b9n`KFSi1wL`6?LDZMUtk*tzit`RWaTHl94qi9a~giP0~b0j;J@sC zP6j2F1JlI<=_piXtmj|O+exy-zkJT`y_3~p@#$U%(lK8;7Uoqfgo4^JBR}G-y&3-{ z&t&FdVXV>L^SsRcQnB8$*C2a(9xVcwIM^tuuE0ToEGYxqkDh93J zNKL+d9g}BeMYT(a>$Qr`r2A<@sCB5d{G7T-^=V;{5GBOQ~ddZS6IQ(Vm z@RzAroW|a%+%Ji_DKX(CJNh}Acyo4oq0TSV2~+Fij+jR5>E~$b{}_#x&51fXn!RYE z=AI_XK8V%r`MRIu4bLZNvmSnqJ)Y079@w4?+x4u6RDN0Zqaa5CPct}nAl!fdjB0?b(z$J(IK_3+8fnM5>z;2!AxHn!FH`-eq*8D_oaY2Ed zkS`VAyprC5k{38W^^^>Gs)^=Y;F%Yy;6W}d!Aj=I#j37ahADGlTl>IMawe4Qa4-$c z#{c-lF;BB)^ve^@tz-~pf`K-$8XSugu^Y{cl{m=3S@D$@vm4}DHXaP}VxHc2+@XhJ z#zP#OCSdk~H(Z?iP|vJJ;6oQ??0t8V?@*y(JR$RYg1<06vX1MWFUJ^1zR9dT=9upd zpf-?y5DWSb>=O8yb=*hk2Rvz6ZW%ySOj zg>e~pVB~??vBr^aKi+?g5AyE>0%zYqC zgorj`dq7A>vXqSA`>PEoN%r52Ui@Bg1!D`zF3_5I$r-}AiR zJlSV{d+jxAE_?RunLV?2PJa(c3cZLQEE2{Rs_TW@In)25OMeIM@ZOsSh}~ zJ|J6y&^&C-caDcO<+zNO#%U?@|@Uzgld~3C&O>9OCENc?CrLeF|kC39~I>Wsi62 z?h0rUz6bVL?L7tUFQxs9UEzn$KoQf(#qK2X;D;6&8h9uET|tB)-0!8cSRtM@GJ@w|hrOM7r#Yh-op z(jIR*IIyJ0eg`|3^f=^T!;&6+7c{c^Xk`!nW9G=}y_G#$IoMX&gV#o6^{UDq$qo)K z?!kJGR%~&PVGcGf?lIOu-LjPP0HcwfluH2f0Lk~la+9z5yFR(fF@M+h$h%AdP*G5ObY87-oGxv z&)yc;=bM`R?+pFe56QxL-GC#Z>hM8E)*G^QIGEf85Vv~k()Gz59PL3{LB*6I*yTS# z=vj`S?7yXqhU8gDQqBeJA#kxWYYN-|#&R!IPsL8?n($aOwgVZ~_f%!$VyChTUX~;*7_=5z%yt}VT!RGHYix!F)12Zo zkTYwC`3wea7b9c55ubUS4<6f%W6Vsx20wyxg_N>5;+-JHD-;ab2t`JRLa9HB*be$kJ9Vk+JE6%7FtjZ^x}{uEgHg+lcSZG7Wp`EO zLaXN=5xgUUyV_p?iL3qmI=HL-{46(|yQ;p0DuUrp8y59`;ui_tr7V>g6?_O6mP^U_ivq=Z)$lbKTPJfs9EYoGeRoQGw8U;?b=BgOjsSkxIi(w56=3Ms2#H98Q3#fj z2I)p7bkJuI*J2c%12M1Hgk+a2xn8Rl;Uc@^tmq z+kO|6Ua0Pf-u5H7Y`gK!IfB6ZKRjMlzXbGRN1zuw0lnA(=*63VFW&fj z@uuI4H~e0_+4tg&z87!uy?BG~mCPUB*n9D&-fJv>cr)+C8~Kp-NDR9&%-I*AX{>=? zgr+i2Uxc!TF<)n zUI0^gin!}a87Uq=?mWC;6}}ug{!juR3Jkvrxe1*bp5IVBf<1`PSK+@w#cQ8657w^4 z#>S!rp~XY|$;D4Fl5bJPmqvIwwqQrYC@iN!#uxZ;f!xn1s<@CG4|Z?aHYw8b~LT@7CX>wu^X?aG{nQo_P4_Hj-5%54_+fY&x z4#e{{wq`B7R{X@a{JMS;b`yBa?>28AO6fGQEfrhDyTC2QDikoj4Tb!{R$Xu~9pPK2 zgQ?{cL7f6#bca!T=s& zBA87I1~PxR6J1{&LN@xjS~7TLbtnjTTs<1bhv)&^etkw6Y8W;8wRIY2$jQN}=D(Ua zlLiUHV{)c)L~M6tCkoC=3ytg)Y02|Hu+wmN#zuM(>rIM?G8$^(0-)=PEfi$YiBFa6ilJV|3DB4R1h)9eeyuJ@Adh4dRo=+jGd1EPT(KT&QxcY zVW`_AnCAAq7Vgf_VVvQh@A~#Q-U%C7kE2xo8@b^fi$(OqN@@t=<+HJ7!Ch#lyyN~w z*qQ_vx^$L-Z!-I;r(tbcdCZr57Cp`a;WTDy5c(%!L*nQ)K|3D`X3%rr-fmt+xWCR4n4-n>~+EM z?$~TrIez`2dAS&N_>|2SGxzzQtF@Syf$uQ;Fz=j(wQ=*nP;9tb=$(r#4uzLhUuPf) zdSF9A(^G|pmq@x(m`YC-Vpj!(?lBpo9SCMTWcsd;<31r2oQ>T`P_}G6fmRSBe(N3j zPA(XIUs}_<0BJE4Os992!wX~KIV0s9+Q@*Nh>-irii-;9kNMvWcQlJ0dlJW%L2sup zg`O%jECX+UDm_(bSOy%7G2dsx&k&|R78~+P?>ua-3<$K+s0?T#5+wd8Wn)WO3?-M|iU6 z=VA*57e5P6(!g`&oT^5Ggm0bhU1))rijD9&UMJJ%NFDj0$B`Jt^anb|bpd}8w)kLV zWzcy&kwdQd;4JQPT*a|A6GZ>N{2`3=))P6Xjt@p~cO7s;?C2(770QC|U5n#2nt?4G zoWGua3ARMsADhe%I(Iv5J$Fm3=+yPxy}^o3t8W})##T?xfC^P3!TeBtn2@W*kfK+D zEdyIzfM=}rQAdJ`I2S2nKo!QXbE?fOXFxIwTPV1w2%gux2;^L2%>qbK()6eu2}(~~ zPq@a*@#`F~lk>5m&eNm0gkXNKCY126lh$*OC4qxlAhCm59*`{a>dq?M}tc2d&BkR$ET!Q zu%Y9kY7{-~L>ICu`vCQ=!)Aycc1P=D}Bgdm8n-Ku_<<{IcOBv(JI`9JlZ9(fnHA60@&ypA1<) zBWD=uHoiym8s%4xaAA(6&xblFZFDj z!?*U=SFDgNvFdLqU~ zIFhAVi`j@(aoV8~7*I7nf*XzvEopQ;VGcIeFqNTUimvDGTr29bp1V9bMys(k)KEM) zq`5KJaBAqyz!nLvu3S&Z^K!KXmBuzuB_`9tC>IPJ6as@H^=iT0wAF^&Q7a6Y>6E8U zhsX4qbIhYzPLxHD8fdVtSWm#}S*T{wVSWj5slAD>r#IJQ14oRcxK^g$SLb%Azgo4LpHp@p5Q`GrRSrcVxymGj7+uB$L_ocC?TiW zkkd@aX*T4v`ZgvO@={U%tJJ);l z_ipz7=+tLlj!rGGQq!?k&@n6OXu1tHX0a3P|ug?Z_tN^|GWEh2V*rP72d-4lPZLKooYr%M!!jWsXDg>m@O{*Ieo} z!-?_GU+R9RK`#!66q` zOMs^)7WDv*hDlSTFzKC9iq;|Kc1ibSX@bE7x9qENy?ro47jT z%b|(WU*z%|c310C_p5cOs|!UtT9;Te!-;M2`@=L@$Mnkb*F|?oLM|3-GvsXAE6BGJ z{z~-hk1lX+OX6|zNc%pIOmB-f5(OfgN;lv*Jz1m&B z&Azivvh5AK>#O0l(*g333#&HS7KIait7Yrk_iG;8zERT9CR@t|&T^upllDW2?OcpZ zp{C8BW#+VD+I%ct)5dswO>M8J>Ce8ebrmiR2@TS~yV8Fy*9%>Y+F~4=>;Lz8S>!Bh zi|Q@gyjaWr3{ukYyij7VFTHc|EG%|cir!_seb!ZfH`jZsuZO&@zspXgv-4edQh%2H zJyGib>!H6REOysvd?NGZ?+YPk&0ou!TAwf9M)BUg*qz_&eL}xo>gs;A4-#^Pw#+Fw zQ+SCajMI-O9ff!U6oNrVE*eM6*vvR`w-wPt5ja}nZ2M;3*+EhH+muflv*n6kEFjrp zL1SOW>^3^;(kgnfn0yhzZsLjTDhJZ-+Ykvw4*MHltuHC;F?Q_nOks}=4fbe2G=29& zD~3-om9-1UPJ+*gb{Bcn-&nQdM{{~QXkn>4O=0)D%$18zfR;SJpbi zAIhi4r#a4DKK_FB-KuywFa8$qbHQJqW-V17)mu_mceL@XJd)Vi#mlh1W9iSY&z+|K z*jShsjfHv9SbQ_Zn}ya!){{!t)r@mBx6lYqH!+2 z+8Jg!YbTkx^9`Lg(LXd^J!?Na{Y>*xSBLdVVOW24FLmYMQyX!q)tb!IYQB8RStfcT z@Ofk|w3Mi$%BIP3ntMbkjr{-V8_#fj(k1w1B!-cgy%)?qdbH5&Wo$Xg?1stB6N-+)H{iVHPGFm(NdWE=6;uK zMwQ^25Er4Ci6tAAQe+L2t+#wznf>MeeTmmZ{f`rWUmQz?W$vy>v?nHKKmERgk2gAq zhe@%%#QykDxzLC&c?+b`^-`k9L?c(?Ayc9?$gx!OX>i~q@NmKUS3I9yYKSkkKtfh>j{iuq~ zW5_jwzI*1!Yws>iz>?*vy#eOH-!=7up`EZqKuvGcKT1&h zJ{0c<>wJMsaovG5SBzOM;xu>7W;uzr5r#asd`~Cv-Pxw^Rhoa5n zofLM~zVgj`*hQ(s85XIpul}4Zb0@<085X(P<{zFkaaT%`%ZBzg{i9Bv`z0>JP26>K zliy*tUrlQ#o2l@f1OLoIJ5{mk%iccM`cZ=Kt0uTwy4V$_Pn{n;gk7)7pNWV&qy9Sb zl1iuVuc=pEHgPeTmf{t(6s=sU{o|R>17;9`jLu#(GV#ui-f3CX`tXc(%gV3uEkTtl zUp(Z4p~AeOGs}x-7Um7;8G-Gn0eDJ`T-L2+q$ zl;0M}E}1)1G|T2L$}3-3k{2xGON}|sQfXf9{G7a*`E!f13uorzp9uu>^5*4~EYxt> zxw%0F)$#T-5>Uhk`Iw==pZ(VZIZnN}G&ir*kxL&FHlRNehE(R2W|tS228>{4*;Vr~ zjnQD%fkx$tf8ebk6=iwIQ*qH8myOw_m#Knfv&TI;s|o)mtLJ0_@W->73<5=pN09e17E1Ie<7hK zJvcvW?6|C;Y<@`zs!?9RP-le>x%6qY~6%Eh0n=c%Flp-WMO{LLUopdRfqqNPjx;w%>RF<`h3YS zQ|w#|?k@ZQSi|yvw<&)P*0Aj(vAAY~Rp&ax{9k4&|DEB_!QCXT_Hpi8O)g*g;8c;{ zZ1`!z{2y4HcZvkYHh_*U@gV&@q!PZi@m z03IRC6~M{D6TzJ5rcORs^LV|H-)Hn+0&`xU`uo8ng}bAIsh!bawUcM$)nJYHKCs$( z4$O&k+WZ=#?YZ`uT^j|mnUmN`saqVeb=Ych@tH5gWM(}V+ z&x=O>A$X9;`L5wP!nt5wV6Y4vh8)>&3k`U_xX*?0n*LY8_;dN)2hj7v1@l}c%W~)s z?j@`f^|Yx@ufe+@pndvWfy}V`uxZ+Q;5teZ`Bbp#+-$C|$H9|CCj?{Ng?oVO!-7YP z{8q5m!{@-Ki=3K44!Dop6$40+JTB_(HwWjCvEL<;oPIa-%@y;o#tFuo(U2L+>wijl5Nq4-ksG=?`{lVCn_Y7?a=3foUYioHkOY1$ zec)66ESQdRa&OUNT~(bavU3P*R3|V8hTHF~qv5#~$+?^ke1db|#l(mzF2@ zJ&r;4Nsk+ZLzpyn$AdKXu!FSOWo4pCY2z%$WST#h^O)G>u#qg5N2hnZ4Aviz+|}>9 zp^Qslnhd2H#URp#S+5Ts%eNJ|OuIyu7Bkmr$MnS0mJ{c^`)4bH+%k^nfayJ z^YR)<=CXgC=8tC2o?V)Eb%Vo&#W@Z3vrDs!=3w+81)6K_b?eWVUYJS%%7#S6<`u$MoUW>5ehKtFc*omEU2nR>Ht@uEyA7+s3$P zZ!<+CxyX`IwA+tU&>ff=)ZpWB&R1aci#znbdw24%gdg-^ktvtMHi#Tzs^L zY4`ea;U`P2y+b&teJyJ*wUNDo+hXO+`=*xjxJLFeI{4S>Xp2tsn9;~yE$sEh@ln{g zYFzDI+{oTq*ke6br}o&-SLU%Du*dSEz0TOwUTGtH8^6OI-zKv5b{Tu88hh1^>}`d; z8|+QMaoX!4dbIbk*hBN<+y>a= z`BJCl@?j%;M~%InP^KR3MPLZ3u73tE*a3S{f;hFu?>~f)93z|Fcrj&MJM)ywz}uj#J%)J_S$U-f^Enk?XfSd_INKd z$q9Pm?SxEil%S`_rZmzkN2mQXHjv^}@4QCw?%IMeBYc8rh4SjW?$>QP5K?ZDcR*d3=co`K7%<#@@Oh<9~)>8%4JTgCxq-@ff$e8|jUn?XSnidVF@r`@6ba z=-KOtw&-?&0H1v2KsZ+ftpl9sa&gVk3JWz~1%*wH7PqosH~m zggxrf9-pVEz1Cn;-GaI+@m3$gs?+q*H{#$x1;&2}I2v+2Z>_*=+pWEtN{nG4Q>XTH zUwtc&3qJdo%IQY}rZVOt?sXTtZ!SQHBe>&g2;Qs1?hb7APjvSvN_g)LyF02q-qE#j zl<-~}b|XuB{3Q2`gOX|PIPZ8d7eNcCbs-9I2qRjaLpqjExIqia^q%UTeerk{TL@35 zCUXbQ>+_Bka}j7=BD*~GVHe6C?-Jz5F3)qgel+Zb5!_*l zKTYK)3mtRd?S*(|!J%-&fxI6oQ`TrA(u~_14c28>=e;;ApUK(M+_?jE9#keG>!-es z8L1;5?01LQIKg$qrp!DlM-3+%MhVpG@cys*tcl744f8rsInR!AhT*Y>Cm7B&JlXJ6 z!_y7VFg(j}uHgd1g@#KEmm97yTxqz<@Cw5K-e7p6;Z26O7~X1lo8j$-cNl)g@J_?K z4DUAlieX?7;-rMQkaW8`Vn2lO7F}m-%2Bd(Et1J{+wV!1!9glnZvTCae4vpJB}>@h zMxH^IuE$uz6Ud^UNtU=KlO?XHMn0V^c4io!MV9+xuHgc**e@hY*b=goLpfREtuQ*3 zMyJZ?tS~w?MqX>=s|>FpOI&NoEF^IujAzy9`HF);^%KaVa~8^@T~DuFNk(4yk+l^f zXSg2;GaTo$VbF4ZCMCViZymwG1RakXS6?tFC$tq_%Py1XC zGf8v?LWit6Y@eyabuz`G!&639ol4PJ4!=%xhC_#}I@?5^0XbRa{D%m%&-FHMi_Tc+ zkX7fP=x`klpCd7k6QDy@omP~?&WZ3-L?;tEWYys_9_n!2&Q#Hv3>~uSTq*LYkdswj zMLELqxx{Uv!}Cv8osFWyX9!P;&J5^~RcDvza9z;bqB9FRWYyt(FyrESp$LX7%x^Aq z$g0zda_Dd!QD4z1fDT!8CWyQca^eNcG2N_sy~R%8t9N!=L6B< zI;($)&RXb@Rp$hx#pMNl3K?mxgAQ4BhKdf?Wla&C4bUO0POj*1z19lR*$5r7>Z}*} zCdkPu-$pq$uJ3x8j5KV44q0{Hp&T36eSJfQ&Q|D7x#qdyaOGw>g*I9u9tg5bUuI%S#{nO9j>GM zMsyB9hpakn6MUH*gq*DMDCH~@_ya`e5Om0@GeUGm!=EBLhoM7Oomrxj2fs{ojzEX3 zI!i>S8vZS!a}+vc)!86AT-W!Q=mfZTkX7dwqVpX5H$;cyFtX}=B68kW$twRl<;XAB z2PUCE#d^ZA8d-JtNq*{Z-C%Fg;TVprI)g-q>j@``PCMw3RcE^BaGl|mqQfyCS#{=% z4%Z*vBs!g;Lsp&pMIMEmtnzJ?Bb{8Y_-oPOc#*6+uZj-WG5$q#IF2N%&SBBv`o^YM z@WnFW_>!zTttm%bT=&>pbU5xLtIkM~vu{FH`9#VQmg^*EiVnx7WYsAY9j>2TDmufV zLsp#{(c!wv4Wg3)9kS{?A##pu$tvGTInuy&n6HZt$Gc?Jc}H}(KJ$p^a2!ll9e%f* z<-;*CS>^31hkdT+OcR}{&>^eNOwr*wPkuz0`pe<-15&if{u){JpAh*B$jK__$Cw$G z>p$NR=K4>5n3;0+mm|%+%~=Rb*06mjhYr_;^5e^7t`|L*ZD}uDjBqt%v>p5+uWPp< z$1O0pMRXFtT(d}h1Pyiww*og|`vW<35``JI2R6#v32S;Lh`b|wvdRlZ-WfhwSY`5TlYEZgUA$q1V&tUA25DeueUV3l{F9AUXW zcC_dWgbrDC_%Sc)us&QNIzypDR-G!54~Lwr@*62fSguRthrO7F4Cs(mXRGLN{q0`S z84De<>ikXQEMv0Dk5Uf%A@o<YOh+?2pe8ovF|v ztIjf!PlueW@>P_>KIi@(6rCB+A*&AO?5Oh`{5M2r7Ies}^B2)!AG{g+rN~PzbjYgH zP2>fTlT|*Da@gm3V}7BNVOj6Usxw`5*at5Xof7DfRi{#PxIUR5YoncV=#W+CLDAU? z|5u_@0UfgH>=k(>>s>6?FQitoG`QKcah855ut4?>yp~H32 znPlkHK!>b4IU=uxoUHN^$`O|9sIL*7RnQ@;&W)nOKKX;9vj#e3)%ls|aNYGQqQmQ$ ztU7-Yc^%|rl^>=YY2Z5Trf9>M{teI}t4?dmp~Lmtu1^k~jnE;h&LrwUz6o-&%BN9| zuw3t5COTW7Lsp$7qQiCIw~EeI=#W+C0g-QmoUHO~l*2yPjsHn>wnK-kI$w%>2jpax zbE=DBxz4)A^PlqyG7i{ek{aot= z;h{VL*RHqsdkCWnxc4vG;l77kwVS6UXMlOET`GRy9QW~zWCiWG=mU=JR69JI;~Y#bwB1iw@`1O9bngzYGtB+upkD)P?o$tn*sFVK%dMot<6fLlp9 z?5~0Ugz&TQUnfI989L-7oC~`BBJU}jgmXvtjmTNlWcH2dlBBHq3akF9A|D7jS@ro( z7#T0mHCf}GB=X^qlU0AF$TJ`(C!x&fN<}_aSmoDCgfyI=e;7I3^`fj zeN^PEJ7m>=LFCgRCu_WKihKs-WR-s-@>!6R^%`j_^@r~i^cLoQZ6q1xlM8*a>dzD% zzH7iQL-U;S9RxlDqJ9DN$(mnxZ-TrKa(8c%a=Tx`^4)~bg!yhl2i8^C{1%)_Mp#}i zWUXUoio6_hvX;sDBCmj)ta+bCIc)MB2R`4S%}VHy)#hT6S3yozo69LjSYAiG$1v;) z=#bSuzbH=~US|)Jp;H4Lvf6R?An5S@h@GNS3mvlB*-bfg_&&v(qO%G*WYzgZFPJ(NPEyM-qa7=56nGn}D>eE1dGIgCkn9k`lqi{@HTj4H-nO4eidkMG>o!lJ$ zaB|eQ`5E9)6hCldvFV)11Tdcm(Qyrt@-$)EoFUBSE=RZx{1S51_vOmLAuwG9Hl3HL z1h>6vYqRT5MYWb>OygE;f*(zCW`O z90JpA!lvhF3%D%{8*VE$>TiS3EfmEM+;(hw9(RD-$~k?89L042pIa!3AGlrE^qlSn zx0Unz3OVZE7uZ7`Fx_5kI`6X&+*a!6yM{j!X89i>NAWxlKDSU5KXkaKXdUCTp0-lo z5)Jbi4drN}f{x@U>JfZyAuwH(EcKJmO4{>by#pcIh>+woxBZ-VK?C`-kCp=&HP{;l74BPoO&E$=K*7 zk-K}oh%EMJ8Ro~jRcE=8uQYrU85`X#@R?@Lw?0C-oZoK^b6lZqCO(!@-%g%Fxul`D z;R%K>G|YJc)t^Uh>eFx)xx42jMyJ-uIR??N_Z!|q7CT$PY{U7S>S@X)FVB;u9e$BI z!W^rp%})$}Ww2ms|MwW3x5;uIzcBJ|$Aty)T?^^cNZZHHPms%;)?X*I~mWaSru9G6t;oku1t3J(n8JHO%MRs`F37r(&?E zHoKCgPWC5@%`**;HOyz)s-I=#ml~c$mirz5(J|A^RiyKb&U~`OTW#bwkR|L*MrXaz z*>2>|8u<%k3HuV5@p3%-2cxskFrRm8em^5i*uR4rmgC=6sN*W<*jnYM8hKYE?@hUs z;XuP93{NCWT<3ym^L@1Iml>Txqf=sZ78;#u!#5b_vvjq;&G0LR4;oIuja>D68@|Bs z0>kSJ|HAP5hU0PVs?DB;#~Pkvc%|XT48LXgT`U5x7bUGWI zsOWHf*URYiH+-hy@nkt)lfbmk@nF7@Ut#3sMqXj$%PE)itTcR!;XB9@*LpDH;#hBs z(Rsw^{MPVihW}2M>njNZB;`}cl7=3Jdy^&JbTH%P*loDc8EtfO4fDN04O>f=c!8h+65Zw-HBxD8(7P@99v z(holatbOu{luLfI3}0$E*YG^Uzb1>#ugEFxRu;sy0ZU&!0j&M@&Xh}BryEWuOV~4v ze58?|W8@bb`4wb|s|d`vIwKi1Mt`;84TgV0mav<_8a9G^smfCgk0i_b#!C$6k|q6D zk!9WEVk5615A)@7qme&g_&0{Bsr^7y>3T*JSkI_F^~_|cK8slSbi-+ehZsK7@VSOB zFg)Gx48wVb=NevYc$wiF4Buq<4#VpWKWO-2!%rFhrQtsqe#7wlhW}#t8^ixH+?3;; zcnIM5AElK~Hhh|4&MB(S>4paw9%6W+;d2dh-cjvvj#)X|aGv1>h8G*Y!7!hbtDQRx zuQ&XdVLn?{{a=%t`f~V<;olqPGiTM|GiT+G4S#0%?}j<2srmuOi4s>E!(3~q@~(zC z$EouEh6fwwyr=4%Z8*#Dg@&&%Tx58W;iZOeHq1Fujq5JM_ZWWE@Z*MmVfb0YT*s(3 zcN_k*;r9%GZum>X;YiF*6T>GNKGkp<8U1g%{)UGc9%0yx>qUQxkzZo?a>FHt%MC9! zyv*=w!#_5Br{TK|Z#Mjp;cbSu8|EC4=J$ESdkk}KS9RVo{DI+54FApWmxjMK9OCl_ zDYtmT?F@G`e462IhWnFwbATIcc!c3mhNl?5$nfQcXB#dz%zxvkaV;~77s!w(sL#4y)_s?8mSpEvxX;k}0U8UE0)d;TM3b;!s$Ppxr%W0-47Ro(>m1m$Li zI~hL3aI)c^h6fnte4^Ssn~ZS+-8qIYFwFUG)tN&^pO5ZJ!=;9=He5qSKZCB;FrPK4 z{5Hdz$?~k=A;X*#SNV3sFOj8x`#Zz08UCZ;j|_im_^{z4hWRj8?Z+8D(eO!zyBO|n zIMr}p!=nwKZTLLHS%&!^&NV%k8FtUmq#WEcG~q=?XQ|=q46ihNvth2s)wu37e7E7v zh95HgGs9dDrgnB3-es8UcvXk%2bAA7%(Vn6|EuB84gb?H?_;Xp+;A(yry1^MxVPbS z!(5l3Hb)!2!0=2D%kaB~4;eme_^4q{3ab64hLa4pGwhxpO1(`n^4^B~8y;+Utl~e$nYbEpEdlv;XQ`;8h+dG`-ZKR4Bun;QNxcL ze!=idhPeh>)Bh*K`wf3=_)EiF8?9kmnrEbK3?K76S?c6qqjQGg(T2}9e6HaO4D%VX zrlG)ah2cuW*BJhh;oA(~VfY@y_ZfcN@RNqQmRi&ETf=({?=^hD@Ik|082*Rhrsz+p zeXhGv<{E2d`~10=k@qn?)bMb_nT97Do^E)C;T*$r3>O(LHN3>|a>J_(uQ9yQ@Fv4t z`>pwX%J5FZy9{$pxaz-Y_+!IdE3P{6=6N-~@Lw-)Yq*2qQw?`DY@eB@8~I?vXBeJn z_*}!&3}0+`w&8rk^9)~Qc#+|yhHo-_i(&gb|1Kkc$nYbEw;SGJ_<6%G8h*v_9>Z@L ze%J6J!-ow=_{?9Pkv27q|BqZRZ)3Q#;i%yh!@UiUFg(ie1jCtzFEo6K;cUZsh8GxK zY`EI+b%t*=yxQ;`hSwXu&+r3=cNl)g@UIR3#_(%~|7iFf!yg#_((u=YL!5(<^A&IS z1jB6&pJez{!+pso`*GGl!)}g7je`&oDg8@EpTe8eU@9&D}^`HAY@**v;dJ z&TU4%+3-V#w;A4U_$9-?GyIz2KN|kT@ZSu7Y4~fy%{f;h>1<^f!;2u)#g{XO!TQ{? z9hhq;=sIH4XK0)o;5r1lC^miek_^_h2R$iAn@g99P1gzZ1?#wbAmykxbVIS}7<@Qb z=kYTrm$CL(%7rITE@SFU%7rIWF8z?Hlnc9O?@}lE>|N(>W>H_tB$skwV0}5@(M3I@ zTUyU(qUyPExoH`?a+5M-xvAWhkCY+HN6XfgkH}d*DtF~0a+Z(EGYqqQRPM@0^jSVC zcjX{u!gA2Enq`>fpz;#K<%TN^R~oJ|yuxse;abD146iY~!SF`In+$I;yxs5)!_OGr zX?U06-G=uX-e>q7!ygzvVECZnBZiL}4*0BI%Af1{l=h;KX8kM=mPp`*;hKG{n8XRsogUm_|H`XxUA=K-U?+PkUCd)PG=3j)} z{EOB%>Ilyw%k`LRxPUCzV4>kLWXby(?8`~spW>V;#wv8BoQsq;CmrpC<|~sdd6`R= zHsm_8r1MU)r0v)6HEo}eB|Ut%p^c>BLgD6!_cCEb@4iP(9R|5lMD75a#zt+6vzT?j(Fa_%z|o;O@eYgL@0JZRjWb6nKd6FTf*&IsZ9E z_&M-I;pf48*NU2X)wH+$qepz*7ES~IR=6Md55jCG{wU0EHNP#)w&6ozUf-Vx^E=3VpNRI0!T%7R5B{g{a&QE5 zI@DPK#y_)jd>!}%;TkZ%AwnI#$8)kU-x=*9%xfh@_!e*<;akB2gzLbZgQJ~|V7^yE z-V7cm{2-X`LQ?)D_yXY_;ERNL-SFK=>hK++9N}Mq=L)|7E*5?fJYV<~Fz4wQ_D|sD z!u!BK5xDalewt5D)ISgW8{x^|SA{t*{f6)~@LR&XCf*n3d^P6>X@}Rx--L6)e;4LE#GD_bj+@7Z zPp*NS@3fL{2DcDi1LjzS@;kwtD!wmq2tGltB$R`d3&6h? zE&=~mxD@;c;Wc2+Khl03_-*04z#j^;-hCqc4EQtQUEqHR^F4!q3LgYVFc76p&LMLh zKKV=V3Br80puKPh@X5lg3!I~*{>j+*Js)xgwm!lWzypLiCp=8}V(>^|zKb?anC}@( z621z2fiTbEMZ%mD=6ogNs=$^bycj%JnCG@wnBO{@FU)!4#lk$d%Y|Mk_yYQpn^}?J_{)zAo@PooT!H)>P0DeOF0QeWehrquQ{v6Er2pCrg{>#Gc z;J+r^8UCBXr^0_%I0OD)g!!Jtr^4sJ|3aAayI6X8!0 zX1XpG?gW3Pa0-0B??C%}PvT19f$*;qo&xcMJ3Q{ld4w=X(>hb0>VxpOQDh|GDrZ@P8@14L;wepw4dizY%^7{;R@o zz~@Gtx8QRle+>V9;lIQGNSNPb`kQck0@{D!PGBBmST`?d3i$li6Zya3j}cx4f1>d1@HyW~ zolWqk33LAQQsKwobMBQoFTiKqU6u>42LDKS4fsak zTfw&ouLHAuX@}o}S}*(n_$R`@06!@F8}K8-oU437nBRi>g)rZV`IYcrz%L4a1b$hV zbC|CQ{}ueE@aN!nh57BMzXZ%VZm z=6q%c;ZfjIgf9Sh6Xv^qy@W3Urwd;K<~gQ)zH`HOoyhs%QNnY<eD8_O?^e|cKM&?Prkrz|Jg?;6fO%fY ze+F+8ei!_-@cZDM!kp*iJ5bdB4E%~P=Q(-4DQ^zmCwv0m9Xo@458{_{)WD46Gx z@*d!3!kqu)yHS)61oQlnIp@jqM;;F5`6KiDTm6N{fzKx69ze(Up~$ET!Bk;Bmb_G$ zkMCv+^En&O6ZQGXj_*m4PXS*o+yh)G+#k$$rl`Z`Y&F7s&h}rze9p$XY3iH>UMD;b zyg_&Z_&(wDz*~g*4DC_jDd6qGe1`V4@a166U(Va3Oe~@B;9A z!VAF%gqMMNz8Usf@L}N^@Ylkt!F*wxIvapZgzuqPcq6!t@MdsF;Vod!eKYJ<{9^W2j^0Z$M<1U^sr3-DCozk@FkJ_4R4{56>K;I#8C zxKNnS!Agbszs)Ly`+zwQPW}Gi6~cqSD}{%ER|)gm!nX?Z8CRX~Nbo(ve8#m&n9qQJ zD$M8H+k`IxKPj98envPS{DSZm;N8OI;NJ`LdDmXyHQ+xB^ZD)v!uNtd7Tyl#ygBpu zB=}2VKF2*OybB!0#YCN#zzM>?1#=Fa@;%^o!h69d3BL#C96ELQ?6!w+1kXBBh53xO zzwim*p~9zw&k{}t^Bq9i845l}n9ral3y%bIZk;+4z%zuWgJ%o#*-?QopB)tm&jFVU z7lRiG^O;hWFrUA2o}KpjoV8YXE%;{P4dAuHeCOaUVg4_pjlz6~fb;CM!*3&R6@Cl+ zxbRnC&c9QK-?@2C_*?KU;W#{J_?2^I6S4;kn@Vg!%07fbeqgUxoSX@UZah zV9xu~KA*|(LpfwVBWxo46EN2UQ2rpejqoGjj>1oZPZiz)P8NO|e7f+n;J(8AhR|SP zKHK3tq_ofP+wmPzGT$wjAk1fn=Lx?Jo+|t)_!410Bb+77=Rf(vd`4I(+znhR+zVVG zoC;nl+#kF`cqn+Ka0Yml@Hp_T!sEewkCkb@0DO<|<={=iIbgoiN}ajjZNhx!_oOhN z7d<1)XMQgT^Ba1*h520Q_rlkK_X=MR{8n#b>J_B*Ms?PEYo&3 zINZuJpAjYq^Z8Os;jQ3y!Y_hP65a!j3iDfiJ%rx}rwV@v?l1f?c&IR+DV-(E@A-`t zJ_p&slP#w{~AB+T)} z*TScQ0}MWBvkS0^a5A{La1W{o_X2kmP6eMToDNPF?gvg2=GbJY@KEq*VSYm+Qt3I4lq2KZmXqrr(-v%!3g z1#?{(`E2kh!jr(=geQYjgr|VdAoE1SWf&eSjN49d5gFGN-DQTeg{f0c#zwcu@KRyw ztR}a2D#4EpZz8jT!TnU2YTJZ6f}a%TdXi^_Sr2y!Cxd?{%<|tO%sTd_FzeO3!Ytdr z2(w;&D$H+geId-c^p!Bn^IyUf!SU^UnzO)3!WV&C3+I752y;Apif|D)S-2E@y6}8( zU*T)OgN3gH4;QWlj~2ceJVAI3_&i~*6`3l`wIY`Y-wB>2yaAjqd@s0A_-Syd@ay0T z;lF~H3Lgfq5axJurEn5>m2gY&t-@T7Q76px821Qw1aA^P1^iRtD0rK2ckq+Kr-Ppn z=6Lo6;lAMA!Xv=H7ajxND?A?jXW{d~9|&iGKNg+_J|vtC{!*B0vW^PR0f$jBSywq$ zO%T2s+)}s_+)j8I_$1+Ka8#JV*U z0%5MfxJa1mC@vE|2+k1>Vf-~$xHY&~nCm6x3v-RcV&MzG%Z2m6KN7A0-za=N_!eP~ zC2tqz8l3gQ+rjq*x6YdT^Alw`LS7E-Veps06U%nQ;5X=u~^1ROgHxcIevAOUZa2w$(z#WA-t~^b6 z0l2&HB5-fvT5vz%o4`YaZv~GK=D2ch3^8NFU&FKG~uVgmkRF$XAA!kJV%)8 zR^|!61uheQAG}a_KX{q&N8oFPKLOt${26$)@VDUGgab7CcM6BW_X;O~Hw$xZ%frGg z!9Nq`_xW}RcK|;p%yk93ga?9uCp-$gM|c|ePr{t{e@B>WPxcFQ%y>|E1^9E}wcsPd z>%iX%-wTez`DY#An6a7gCU7g^pMg&l-VW|8%rRg$;g`X^gx>|H3;zQ=Ncd~;nZnH(odae6Da3c#1IBiCiq)3OrM|EjUlOGq_Ng-=i%RP61a4_X95#9t2(?JRH1I zcqDk0@EGu|!dxd(C!7VoM|cK!lkiONPlacLw+VCn_>?f$A^cL9>kxiVW(N#zuQ0^H z+rsQ8yf1tb_)9W73~)z<*}n}#k#ckkg9Kr8nSz$W?C-S`MmH-sNf@_*po=i7MbJ~Y zGdNY4{XM!+Pw%rI84@A8P@&Vk9O^-+x92FC9b-5K3-xgru#Xr@^E{Ny&J0`zwh#}B z)41@Mvpz0oU*bxpT;g&zB`)@%HLeL{iEAoZ;+jR4xC+TEaJUL=$}0@7GF)ePli_WK zpE11K@Lt0o7(Qh9sA2X+G(GJMvp=EoRKr6Jk2O5m@C?HRhI#K-n^lHu4X-uKwUw&B z)$k6(d^W8*d99PW!M=l|4G?rgZH;em!T3}+giZaCL)iQ!7aHHNvq zP}8u%FxMKYoc#c0K2uia`a)%{DO5gSnClBw9^ihX%szo~N5jd6`x@pmV%6t!VdbfY zXBp2U)G)u4jX(ePHoe3q&@yA1C!{ElI+jZ^(2hU3sCshsybW!~qM zdm0{Sn9n^`C)4nB!?}h_3|AViF}%j`2E$ytrg3dIypznE5!@?=_Zj9IHPtz6IA{Vn zZ(eZC4RL;m(G88XicNepH6xOvBR+=Njf3GJOxI z(r}I8HDoSAfZITJ4-7HZBcJBwc{ww4=9gZb*MHEUe#6p=)B6qT-*3RMfqe(}i$?qP z?c3M<4jw!(8XeGYSpTSVvzjd%mw9$5gd3o^P;hw=+e6f$n%u4BgtgH4)s6 zI+^#E{pOzwvQYZjy|jru?}L zTfz+doE9Xu3oU5+97B#&JUP3b-4=r{_nl~%w zPNh52DoDDWdrO+qdh_w)&I=+Z^Cg^k6fPqF5q?@cgP%xOKH4$Tmgi7307rKI|A#o=Lk(Os9otZQdO-lR;P$4ww5zuQI3QcUw zwkDwq_S4ajCAJMEB|$x&(q=7u*!YQU`SFJ&F@;^Ee_#+v@OC)>Xn|dchPy3eyCXYM z;Qm8Jn5mX?><~XYu!V!i@f!+#gJlD#iO41^V5qD#CrB?So|l)Nmt9(zmp-aAcmCX> z;`D;-(%c2vr4W~u4DCO7a8B_&#q{#x;=;1@it@aovg|&E75(}S?vq!TpI$h3cKV#0 zoMR6ROdFckKYeadPT~CAyZ|w#=jGs0PEk=_X<7kOQC6Oto0ktp;u~INIlL%>!s4Pi zQTM|-IKQZD?wq2$+$eW!+G%+@(@RMd2wk_Hg{3p%<^D%skw%| z(#*oVA|FEo!}UR9$6X20 z+~T4>g>%bM6g)I1+UNZK(LVY4^Nai;QNf}7-0bpf4Z?j`xnlmjl0N0xvkUXeFqR)P z=8S01oYLa5GS-4V=Z%l{OY7e^t#2=%2(DKOqP}hg(_IajIk70eIG8qN+{{sgu%NmtAWkla*qef30(GQE&)W!8wLM3j@X=MxNAtgatS$V1V3zV4GAdSfn z(q@;H1!<*uh1qGP#gwEqJnJg;XGQneRQN!-d9&xwnK_rKPV<~Sdvim5K&k-O{=COBhI<+;ToExjfcx=|* z1nft#sZ$%%Ah3D`*pI3beAUYbQ%_wDfbTl0Q_O}y!|)i_xpK_Rys#WJeVp6SFhKX7 z?L!1{dhA;4EAtTl2MF`4PLEYVVB_W5IhF(CWp`HNT?5uIz<}?=Jwp(u$2MS}+*jmh z;Y44r2jv)d9~4%-Un8Qf5{4dixNXCRE?K?fdtXEA_hM;cXTU@gbiutp`8aydLdHC) znJeb+Krb9;xsP$TK9Np1v)o zk-)T(5Jy}Mvd3jmB%(;bZd%Mmf)ipppolBEm?(nOYd6rJFO=@_Z)0pI8#bsg!*dam zB(sj|xR1H4AM24NS*!!fJfF&)$dZ+)k*63=Gd#%f7{linzQFKw!!r%%8=hy_wF#2u zyN&#(hMzLL%kXQ4-#5%Yww6ykDxv0`oo6k>lZ~A3dxu!z;aqu|s-VwgT$xMxvn^8l zIECn!WX~@w$AAT6k$*R48Q8BsMlN*!e$29)RTh`QKqd@NflqP&{mtEnS{#CeY2s)F z*HR__aXI(Zarp2R^2K_C-w?+op%;K!37s527?XVIyo3knh2z^o6Jrt<=y#1t=2J5+ z{!h+pn#=%kO{ZZmE-sa_P{MY2@vJZ5Jrjt(z)$1?VqDxE_-#VHrk&%Ohj@Y#_~w3G z`_M`Vg9Hve;<|=Tqby+nclx@WgoInTGd#rq!__=--u%KKZboP}c3LHHx;U;d#1+Er z5^AZoF2sM?*)eGLW9)STCXE6lk&uRE?w4^lBhq4n4*!_>0ls%afshrVZQrNgOsJIK@yBs{pZnO5Glumvi zhRG*4y0Sy97HPrAPJVPnwbr3FO)@&(HX7}b4zplqWT)Y5pgLpow*y~&vFox(Umdfo zE&~}32dsz38-8&xWJfXo`4QOvQf$Wz0Cj{1-`za4<;mgA)Q<7M7{y?`ht@*|Y#2vj z-<4;)E8EB^p@{o>Xd;R-6#8Es0-{x%JFlehIHNv4pu-Sq=DdD`{PAN)eYmunOJq$F@!uV2q7b9lSjg;W(DB}`CxH9PyiF@pz7u^m z-rp%_cpl^anX<3;hGO43J)xr@B%?ua?z{BH<0wz?zteMlKIqwawSq7LO?#$c%3m@0 zU|7vZ5m?hoy$ozoZ0gkBTnLnTY#;0mhtG0hy47A4*xH+g{eK#P;$q0Hy^iRM@_tQw z&Ey!%xfYv-0S1@hir`Z}b$V<)1j;StQfqk2g zcaRU31IvZ$H8dY?oPd3GH^83ei88fEu=WnZ9`$IC<*oKuMtThagQsARYarDr(r4qU zj$`@^2-yYVkc9Slz8jCh*PxQ5L9R~i>Aw0_e(V_BrjY5iIpe;)qPdSu7#C?!;ylhP zCgvipr0qUycFY|+W@f3yTm*A8)*buIfFtRci?}BjcAsZB<{~&lxV-Bf%a!F!$DFod z{u*>08unI>y_dP5^-DL=b$QT$&@?|-rm zjPBaDv}@~(VWYOcx2be(cvep9ty5ZORIMl}+dAvYXU-Tl`I2Xv$IX3jSh#w2+tS&s zFD@Ms*ZJ(};gbhkGB#uK&Wpnt=XROYbGZahISc2&D~YgqN8`V$T~Yn%AY)a)aac@=G?rmd0f_W8PM+ktI2)h_E)#6i1hze zT+k*XSa5gA*l5@1T8thSBu&ehFskcwN9O$atrmwe+w_WbL3b0;1*zeN+`LVTLv5aY z=c|7I4855B#|sj#`e@W!;onBkx;=xA+Xi;=0J~>*eRy)Tbyc6xgyzj78B?pzja(eA z=v>e|YeU_vIn{^qThDD%lUmTZqWP@+>XM4;S#ws+?YcI#ra5$mmn^KV%CEj+4z>Dk z8osu9P3MZtg4C*&)vFd%Lw`{P)kkm7+%%)0b4~NL!z*}f)|J%=xH5lHKEq{gFFY`# zqVwA3n=)%sSKUz!t4ph)wQd0ntXx0?vo}>%3_nn~9ZEHs1v6Hyt1hXj-uiTPMe4ez zN}#mZr=S#vXB?>9-g#4P#qfecD6D#bNv=s{Dwr~?e zY`q>KHavjLZMbjM=6g2nIIzV9LW1f871S{j1e&q7@Id9JOdo8+PZ4ruzK`wEO}h{5 zZ~^N~K%^}7KxM%ermiM))zj4*@~aQjZYr$$F9dxuzdqXMHtnm~a$q;ZyU+zYeC`-6 zB3rcZz>KxEn=-GMQ&IQM&#P++*H&)0zq;!B>L(HVN|)Q;Z#sBjpNoHo#$T}8mE^iR z4lticLfxiJguY@y!IqlJ4fj<)Ij5p_d*K85TW_nbs;OR=Uv=H8>)+dS^uR%9X1AJQ zA@5^C4$Od!EieTmE-gE1Dxb{XUVET!Z6T9$L-ne=s+pd3E=8Z;liI3g-+`mCOdUKn zQ#-DhvnjJ;H!Q-!fjSs`{DCVsZQ0HeT3fqy5l#!v{GxnRfSYHxx+k^ud#SBl@($YM z9j#B^Zj-!yE_qvg(hlrci>y}EuFS8gLo$)6b-p&wp56MM)Hd&>wsvNZ8ndh_vr}8S z!ry1?9(*#trgHlZvAY{~?^}6A&6Z8Iuv<~LVLL3BEWoKLxq4OU>^AqLwtX+P4UJc) zwldadr?#$7^+99(s7v+k1N#~jYDL}u!`_>~XH{JNJY-|v|__n9XPrQ7@ay`TT@elpLTIp@roGiT16nYqu+eW3X6j!oODTlYfu`yPf( z9-)~lD^r{nhPGy~g(K10hg-$~MO&tdv{g1RZi~f7tX_uzmUGz_N zq>pVKO6jv*>C}G;oT3>{p{3VSddqe=MM(N4SbaB?-`mCNeIOVTX`3mCGMxJm>3GO& z?e?2mkHbTnn@&0&az zwN2Z@I=o4DcrRq_recuSaEQ*7ZGc=zkOT=y!9Z=t%A+T z_9I<_&92IHN5uBlO%$=$6~QsxErISx>+!cwwjV_A5FgDzS6Mm0slB^(J8K_wYs266 zO7k5@T2HpqC&FUuuF4Fj=HAxbta-$($#xGy|Kl*_Nz@BP@yg1~*1ce+n;b;-CU%hZ z)G~pFx-1i0D+iM8Br6HIO~&vZ-#Rp@VQ6C4HL5^&7h(S<_?1&4L!M!y~PzF=91dONc4EI~)U z9kJ9!N4y;<%%zAxj=ytcQeokfV@8bj#~hsSd2a^hO#|IAvI}7}sm7Ps- z>+_RZPqeR@6Ii$DzQYreu042Pb<)y?q`5QE)>nfEJMXC;bHO(3&pKm0i`I;&OF0mC z^@#~}NyVPofxNP-d`(%iM&?~oh>fBz`*B}k@t}oU-*PQ||Nc8)+4A=FpDat>S19{A zWAFCP_^4$kuy-qYDX7h@w{O$2ealP2?k(;r?%!t0{;ehBs?4UinpgyuY1QkolUuxS z5mt@%*qY3i{MMmOabX^}C>x}FZWe0d+J3mcqZodI$<{QqHFM)VH-CNo;>8=Q7meVe z(_Y+C1`foKjLWj`$!x=x5^M6K+wQo1y40G}QU^tfRZVEpIusSl7T2^P zgw1Zve5Cs3_Vpc8TJoE)0=LJlyJLOZs`cBxeeLSimFPtswt#C;wWh3NEVM)y=0LlR z8*hFHjW*40$$zAJ-49T`sra7irFX1vZ|;cOR*fA{CPM$sE$gpcx$)~88X#v4vzJYGgtdIM$$k7ED&$U_gWmws(-*#U9rS{)Qa zzcy}c9ooJ|_p40zYfe)$`UIKz9kp1Wi_yEAzk&6+HLhuU`=*UI)?}hDbMIOINXtF# zcW)KRJ6iTYEW52Fi^Vo;$#b;iIxV@lqn0+SZY{$qP1#ME8>=xaEt{J1TX!#QU*8gk z?%lrrp1ZbfyM325v8UxRT6HrTXywT7&_mf;x45Qdwr*mLZlY{kHJZStcuvQ5SOQJt zw-#gF-n8`5^%y_w8REF4HSKQCG)C|NSpG3s{!k4~r7gcFWck)Lp|&eU$f z+K%mLs2J^`mDVyg*93p**ozi1K=)L41~jXjts}MqKNWj)U-xOlYWm;{`GA(Uub!L7Er_);@no zkKhh%-aWeYHM;f9y7f7&b?7t|P|SNCk3Db8@DH$;sS zEvKLYG&!Wy5EnhF)!3uecucFYS*x)_t5Mgwri&V7T8%j!N0is)w;xnq2Zx~7ootG0 zJx;H~SZS~OQ1m&qK0lG8aun)_+nsRT?lIHt4rzsUXodD@h1Rrg?xN5ft&lT>N7{?A z!4w}YL%^$UIf)9&NAo+5-&2kC*$gucl{hl&%1^`&JU@xbozO0G%5a%OA(uI-mD{70 zdrT|0xpha#WiTh|I`%fvW!AV(T_!G5-82UZLao+(>eo~Z=Q{2>bsRPu+p4i4Fr(P| zN*qCUVYz~u$yD={qvqE9L_^P`Aw5rMJs;D09@2X5Xx-Drh-|(0Ao0ug^~rH>}K04EZ7Yq8;&scEnR!$t!0Y&q>_BRWe)aFYWCzmFfne`c?Sk24`CcP|6ubVWG8_t)B9y|YPAJ`4*{=f! zPIr{m7`JZPxUnHWsl8ck$XZVzobFa_ZHHn9Ra=f?d!g8IWeiubBf^YfD894JHvr6EkH_XsOv%nbv_5tJ0@wyD}9F#Z?bVxn8$dd);p6-meb^FoQBj`UIdJn|Xp{dHrCQ%~U_2(TtvhCRjBvdDC_O>eEwO?d0yz0F*&8GV=;r?MM81dGd_@hD=S^13~a*CjPQ1`E^cb{Jll(Sd`xGOs(vtw-Q<8#lt|+F@5Y z2(+A3Z5?M@PRKn3v%-;%x{kC5lTC%($4p1c>^RuES2cl?yv#XtM~&bSj3AVUTc5ze z0ek*Os+&&fz<9{@jiXz2V0;XwbbVtWPy3GKlcwa>*b^F)vb|m7QA?hj446H0z)`F(0z? z@w_$fa)jNRnDWTpdv|k)5Ke)WJB^I9Ce!Qc(F5>2`_Z^;*v@!d> zRY^;4z+IrEl9I0$j=;T%M^;U{y7SV~SkLI#MaNe+Pp?gyP@5w6CZ^!tM8Q9HZ=&SGS|?r{(EF>+Mh?2tRMr21z2@wT>S4&+A{$F5G; zP{1Z0&U(C_PXU3seO&8QJbciR)l$%uP#2va73-fJKdWqipwu_(g3gJD_j@MKd}iV# zZ)u>&GdX+AsL_GR)o*?4Xsi$Ne3fmfJ$$DJT10QO{FvhCvWSo#N{NmvszD86J+u9J z7Z!Q*E-f5+^JpJ#Fl~KLwbkR-hi@F128r>#%gc|6^{Ts8?@vscgdSXZ%LkAbQ|z1G zmRf_GS&Ju@%zbi^`aTjjv!HoYSxi@XO$l1V{D>aqp})P!qpXLsLIcZz%a3XsnB; zrX0TXB8U{7-%`%dhw?j;#F1V!lcbj@eRB91p<}d3AYLm3nIeSNTgW zZhL=b(zJ=4O86=B23xIz2D{?}i5{_TCA+@HL!#QnZEY8k)reP{e3 z&k1L4&F24Spx#lBOrE25toLw!aDtw$%kXuzCpLX{)QGl(0olhU6qc-;ThbC-cay)Z zrEuN4xpU$sv{{!ftO<1Z=hol=8C>L_JaO{O+ircg;TO{`*!t{Lmf|DryXDb|4O%Bs}qDfZ-}(--uaJhFQ0Z?fCk@`lEG-G*b6vuktQ&UCrkjOTFn zz5l6=I5YgfpjVR)IepN5*`fNf!_JSwO-uHd_!71A_ zFXi!h$#2X{%uP7tePJH|6AAXzx|~qDoIuo4gxstvrbGR<q2=D}$EW2M6cwz?36{CotJcn% zUhL10yPB_Bgp8al*v_H0?kt*mb8hf(nVyt8^W#PwoK_a4SZlKOu}!L$ABQ*`Giz*- zch+U4zNWzYBa=$L*m>zClLE6!n|!67r6W5LixHbAS5MA<=v%*v^`V_!Vi2ZaTrcxF zKaPgE`zF=C?pmzauKgw~dH%dI28oi9!7I0ZR9G^%aAGiLTv1lZR6i?Ds@GN9Zz>&! z6~UQw=;yf7tbC_iISIv1|BGNV_73wpCU17$q$UK6yje8}cO{p+zj&fKyC2$$H3l_% z=~GUEsd)QMl#37=Eum<3-X$F>6ix0DilR$K1$z$EIR$0W#jwWKdPnQloh|p~$73~c zoTjKC*3-~74QgLjql91V3SYGqaW1Ezmr#`BMC78Wh{%qGa;BDMX=^FtXC`CHjm0Lfe-dply5EBbiOjXTpdtU*$Q#nPR|2(p>Tnn}F%Ss(9o@iz~qVdH(bM1x5AQ1-=Oy4Olf-RG(AfVvDBcR48>;Mr7E-x$??-q*2)!g&~9;-de3X~i^eE;FY zsU`V%=x=UpYOugxl3iGoFrfg>;WQJAmkbIvpt%Zk#6-(cdu2gp8&djtq5Vb4H2+G)C9)Z)i-UZ-&G%>D(wKR zrQWHw!=c_@p=IV4klb3~F!V1dj+l+`a(l&w`jC7|ul&Wd;s8j|i=5TH>83p%E^0$^ z#}$psk9Qly9FHw?yrHEYq{w5JIpMLTK0hAeab2lf-iQBKNN8W%TG4b9ybKX?!&Hfp z2vRLNMwTK*UW%YKvt(pvsb_Mv#7Pw+Tc$Fi^tgdSki=G^=h%=RPZQl<;p(hsajd6( zEv?a{LM0+~mrz+ylz>oq_gdDUG27$ zW>rdX>n(Ejw(-o#DvK(PHynu0gY_n|%vrdLvUJ=m>m_bt;p%aJnB#a(&bZQqVrREt z%&VNK-DVc|LC$%Lr>%GPII z4^1qNccWADM~4R&PAKpoI2qWYgqr&15Apqd=i`Mj)uR(Sk0xHR^5dp)16Jis9n#Np z<13$M7x;~cs%_V0E39ocx*+O<1FyqoS+cx1&Z*8?6!bdi$23@e-3< zJRWb*{M@g(_&vZ&2*Y`IO7f5l$4g>8H_o>nN4TF5JXqM-+1S}RH`WJxWIqwy96!ew zd!WH%eWS|i<2>ORlZ^*47Tz7TI3tl9a7a1SdRE z61%_HQ|Yt5F~dqJv8wN!n;ndq7@Yg$mF+Q=3$5u-{56#cmg+0^U;O9KuS&?S zN;x(xsE^=fo}7e91D$c4qooWt@d#v3aqv~hjPDVjpxC-4tux} zZPOmF_su%D)w4e^E3d^ft8vz_ridKRGqct&cDnG2qkn*wkcQg#c9M&whHEs&`dEQx;-y znLpN>=iDNiUSPk_X1`G7oGm(ob31XXq`-eTyRh4#$>RKy=USrf&n-A`r*ZE{y9ss? zyk*fpK_d>Sz5F4&sDRObaBfynR(63k+u1^7oXAOd;n3&75l+u?aO24>T#@;=qAaW- z&OMX-*kT8Y9r!}q(Th{95a!ndhrE@aJodvO0}Hd;el}!a|BMfZd}la*Z6~|!)R2K0 z*=?T>8Q3?w?c|W}WFXYW;uxeX62SikV5jOz9`MKNzqQMf0O>%&I&Q>NTxVp*B+i>apM+dV8Q5w6TYj*EtB{wL+pxmb= z?hCpoIjcVZ`BB)oEM8j+JMgKw=$WHk!od%VDkc;pYV`v64>G79uggVQAO=S!j?Tg{ z$mvpXTz>2uZEZ@zyT@}AbVQ5w=Es+LRnVR`F~}#mKPovkx8#pOxaf#B``CN_!ao+O zdPND%e=0ny5V5R`j}QfiB`UnDS%Dta(uC#@OMaPHl!bU!c+g>^6XwUh^8EhS!_MyG z`D_*LVaoaas53sUL3jgmLV@jUa`y#wTW*f?tkOb#qLF1&lKBMJC*#AO-{L*eSGT-# zJ)Z}kly$We4BU3Gj!fWw`-EK_*EuDK*x~d!tF$0wttp;gJdmtS2LtJ-;kJE$PD0mb znk;J_W?RqKw>?k$RwgxgE=@Sxe|NvL6W4eFZ)2ja``VRP2f9k?~(n`dUO*+7D9yoN{6OM+xZz`}I4Vw$p0rKWacy)|S3= z)3?R#&$=vQQIv1seSyVMg;qvXZu)ys-nb{zzLW8(^?b?`DWwthQOEkH+IOY=B4bbH zi<#%gzCCbJ?4g0*vm(>KIpD^~UuDKywVC7keGoY4c`)no)SnJ4_B|9hKjG?(+tM%Z z|M7sqDW&$vz~;cG$&cZ;g5FJeJE}6}2mJ?Te8K)j;J)a6fkz_`q`n?|ga2sSds(ef zl~(__czb$eT3ULNFA&vdRm>H3{eU;J(yTv4AI!Wu@Lu0_@gFB0PQE+oh14hQr_)w? zo=*6x|H(d{#0z7uOZ#@ls^mE_v3*YYKTcSf(Hb#7_J#DB8T;%LDc28N>b*6(k7sLg zedc$w*2gwyee6AyIM=_x^W~WI$jg&n7%-vlF8t10Ox(Dnm3C&_MBm($bgRIwNt`q= zHS3y`|4KZ!@6`B96DP)1B<{2CPD-_>rq8smiG3}4fBa*1V{CF-Q@?_wXFXe^CMWx2 zzt?w0|E~q++HYiCIPlHXo6~-s_2rmPlDzRBTgM`QYhBjwzdR9rf8J--fD4lE^!oZ8 zw!fQP92=W4E!Ile({G&Br{5?2KlZ*d(3`d}(3<(}w3>vUTWbdVGBv|~&}vJ#&pt0> zX2#8NiLt8#=SO_UWBL9NHzsYW_rd-F??~&txL>5dW!;jpX28nC3kQ@9I1w`@%T6gu zj*mY#WpSSuJ!5P;F1qhK15aek>HCy*U7smwH>9UVem`z(pB)Lm9(Z|NKYvHcbDm}W zev~#Y$v5Dgq~rb{_nl=Q8~8on?~+q9S7%F3a^U%>a%)`j zxdGcB7yE?og0x`Ln~}BA!=g_lOiUdZ7ag^r|B#e1(O1XZk-5WO9?|6A61^(wyRoYh zUg|&2eeFf`*w5Rq`;Vp$ju@F*;Tzw_mp&}@$BE}h zeAWI<{{b0kzHdZb7`ZodV(J>Jq~GQCn5?5o1@R|*mFbfQ_~J?vcO|_O^;!BL-z|}; z{hy3|*;g7EWIyR0l62>QZ`ji^r}RA*)7M{^b}**A&$IT3ez_@W{m&iHFY-j(iio$Z z7wxm6e;oO@nA?+P#J|(`M*o(WRlb?A2}$LB_VvFy>8~+G8Rg!5{Ft5{J38_5h(|r& zjCv~ihy7}!a^eqof1dVOVt&>z>&B>aqjp=r9uNflN>=f}N7GhCJlX%#z=?>)wAA_2G06=4$Zne{+Z;_ncwvf>!03lYWy`e|JU*syaROu{(ra$ z|M0dKYwlO@&w!UD;eW>QZ>s^kD>VnWdl3+a<9|x|+a13}dJc7(@sGh{qVap=_-EG5 z;Qt9^eV)~O0;%_l|J3MQpJ*9qlkXKGnmMn%|NYsXAN2dqS3i3Ana5AgKl^guHT|Cd z@b#e+F8O5dfB$~|_ewro_?LhA>`zN-F8KN7e}-)SA0%bt|9ZQ0P%_J43;zuNwfU zI*F-qAL+K&)qeDckS)x%a^W~V+Z>Zo>Y#5l3;JfZ#orN9^}6~|_*j{34Rz~u z)z4^)Alfp=Yd%n6W9*KXuD981>bAz^@2Xq49a8ck7rgkicR)9L0*t|zD|~_h&==k% z77H}q|8)~s@Gh})LBYGk_yf1zb^Mq%1sFI0U#jDM1F-koLFR!ds8i zlo%Xv`JyqtGZ-u-;Ka1`MeG7PAg>yWSPt9|kRq?gM}+0&Zw~lgqRfD=1D{a=-_Man z(?&5F{#ZK~vSRzAF@GO>29PR>__OUVg5ZlCh);i^6e438IQ?VoIjj=L_l@~y%PYnb zaRU~VTKgVQQe*jF4E}BQ8_4j2frmjV2AIIECJ=%uR59RV+wlY`F^oQm6sp75h$UyS|?7s+P#jUpNj|H3-cdccAB4C>p!TOi#swr0DB$Vw>eUz4T z+0=5&^SXyD-bNsj=Qq}Bgq3m!Fm{y?I{~IHKIc03?<<7r5UCc59f_^`|D1UNzJg5`~XY4B8$RYno1d}*^?#uoa_qqwQ8 zm-Z;@i3eLr7hP_7K2mz~HKEB(x|qCLL;aUoo<9o<`bqxJ6+eGUnEa|peg%==_Oc}_ z$D zcx7M&Z5iZ2C}naK1`7e~IP`oQ<#GhBB+H;XQCdOZ9ss)m1o=LLK|ew1 zWdOX=pTLLRH-hj2g4?4J{s)NN`$n_?^A6I0Y2+a#3TkCkuBf)`vK; zRmvEQBr^CrCqc4^jB8O68Mgz#74Y%*B%#a; ztjXEpT=*iN6=qn2pCjjaT`GRvt$3bPeATUZo?G!%RxFO>nDb(gwzqe>6^o_fXKuw} zT`_$X6^ay3;9khy&R=MtCq#-T@Hf&1%wvgOe+f$G@Tc%@1ycrQNSrV&2RfS$LL1Iy z)31ByfJ2;Qh&ag>u!xg<4?vJSL+B*pAWs36la0m`ffgs>uZrQy?T?Sm2r+rt0PX;A zEu@}nPxnM_w{pLL8utTdNwB9z5`-eHXm%m}L5R0+fk)tt=d|v28~p6pEk3&VU(f_Q zc8iZ4%LkuyED22PSgSBy26P4|`t33iYFS)l+1q>^zl|sjoduu~iND#(8S{WJJ`IwU zPm9pqu|2o!U-%Y-Wf-T;FwUA`oH03?EHma+)DnYmBNSYRT4IcBlyHf-^PxFkgJJ*P z_cX*AvyeZ$B?c}9kfZrTZVfOZx0$4|5Rn2ABKt02aCJBIn~*MsZnN@=z(H5~*ui0M zkb4!Rgp5zCiSc8sXqq|wN_5Vy1rMZPvubaD+cAEvP2)cdX*7PVP2=;okOx%i5`Ups zhT;=vD3(c;VxYyxE`ZEdB-`uV2M)u>z62IA!4d#L@`QZsCZKZuhJ%soV|#$Xl}mGq zkDU#GKK5Hk)jpOEK;DP9qWzTpy&8-sp{$9>&b1WgT(3xZ3`JrY2U z<`cOyfDyS1Nh*N|*W)$sz#A}? z?d{KDa0gsY9HH-_wwU)f^Vaih?{GOyA-{Y@!#M-(t|in7IE}F5%(R6vrtpS?KQ-0 z15&ix>OVKOduKIS#673QeMWIMw#bapYtHED4zhPVY<+@t=V_8?A^Mcf@)+|v|yvljO| zB`!A&DoW5B1b{*BMF^DHH_gf$?cm-ra5Ej;Ukx0i5bGvjis`y{0(UzC-C)7Z@Nnjy zgVs-BqUEgwKw^nQybi>t9b#@WY|lMy?jQi<%H4yBxCLv;3zfkdH}4!yJXaw#IK_)u_fT+{!Oi6HvzKwTT7O8 z2+7_ai?w4wIdP0IAH$Rb7A-&o-Y-X)!LW=(9I|CJ;m~s^f)Qsb@EO-w_AiC2jwKvP zo{RVaWPT5&f_5<7g>@#Q&az(=rYC^Tj$3b39}JXs4-&If^4Xnh}q636TbG^od{2)LgE_lDrgJ(1I3UAvHEEcJQ! zJ7f>~b*^oaz0Ga5mAe;o6_~m751x&pohpkGAnOJex4%o%VO>m>MULYrruvMg!rIqg z&_4uP*1mM9eSk$o-vP4rMM1ftB@o77w1M?-*b53{CP-E;Cz`l)CIEKvF3}fzMY!}R z;En*-DLAJObk4k5P(B6am{4Y_&V%CgKDPn%&<=nK%MKvPie{e%^Y@4CWBwW7;>Fus z_V$y|WxzD7ImcuzDujLmreV!F=I2SK5k=`e*<@+@P*$4(RFPes#REW@&&$-4GClq5E< zhv#IV6Lz0KU))OW8vQg`;!94F6Ru_e2)<8GWmW3!k@L&((G+D$Q)8b;l84PN1xhQGvexSvjAMj#x(zUaiEaJwZ zp2X&b6j!9hea#TZ!=!X}Y+!m1;xt*rwQ6xsP~0>v?sX+Dm;M{JA+3i%Jy*{Mk5j zT8PUMQS<)jkVa?{L$-=1e42r^%7j#o7$bEf5xDz;#8zr_twgt0wo_|^Sxe1R?^@hl z%^Tq`e9vU?u1y4KyhHlABewalp5A%;K;mlfqL7q=2Y^e$q;Q=tNP6X4EF=f{OGnn% z!ue^p-#R4zin< zeJx`n&b^|2jx3YBS#NKD6Q_3Gw>d|a$v?rX2VjvrC*ol+o(uOm>rPdJ3*faVODtri zjAghlH(XZ0r-093$Q&s`=ye&>5DQ01aR>$`16%#`q%@r+EX(IhX(>xHE&Bo~wWBoj z88q}Oq=&HU;Yxf-#1xcX0x4Jn!xi?Y+LubZe*?0A8L}qUW7V45!=%v z*0K)2#hA}JQvp!7AgP1qJ0%R)OK7eMLvRb&^~fJ_a6d3`?*PXI@POd30KPBdo~FE* zKKB=g<6V54ugM-8PB~?p>t-G9RYkI84jqZKmpy6&84j4}6u?o(QfyP~3hgnNw9Igt4g8 zt0q|wcN(VoBVY(k^TAKiEf)r6Kq@bKroDaLKxd<~Fu*PGD!8g_bQT7<(P>3dCil%? zla0>m0C&Vs0xuh#Yo+*x6fwEKBE@tp@^S`mmST|jP7u^G7Jj&SV{w;ETEKZGq3zyRZG4EQ|F8m=3b`R{{vW!s*A2 z&N`HEiMTr;4x%mlj=*IQ+jT3U$s&&PRK)#^;@;Qdju_$=011=eUSeQJ58^ag#J#7* z@ptEgyp1c`6`_PnwCm8~9t|AtL7XOwxXGv|+O4EGt{@`rRzqA0kfPnbz=hZ>cI~Vt zi?|jcW~_nZij>0 zYvA@exWfkSb>KKJ-W8lWDX4A1UmS`*lUh1w2(|a%qpe)ZgF=$^T?gZIkhq?XcWNQ8x_?7RYR~lyaNM`-G;kh_J~eyP5uvtd zDzqkoM%7*x8bY~>mTMq>phNmllO*1%YI%;x0A{rc!dC7^;HZwf6UlRl(ot^E{^-d3 zf{>I=`4j7`H$&l+HOB%$y;cemdO3}ATcx&Kxf8$=I+ZcL$f+#eie^Yk{}zVIepmJ+ z{6gQ}&Unu~$-A;E@FM1MPx7wpNyeb0_9XAhp?n?661G^0+l)`7(tAL2oAIfX;t)5u z&G<}8MJ#dm@>kh4%tvwPGUz}(wgo}MuEUbAVAhkf5^dX&Uk35}DCRT)_&So>i1;HJ zW1j;-ZA1c6mhHiJL70Y~+i{WK!FSNIJ>U;4%l3dZf~3m!fF%saSMkAh#wZfZXfn`2f$eo zZ^4+zdi{CeZ;;b<3Daa*!akJx9w>}i5WJ6Kx%^*<62)=T&PQ9KP_W}8iUvaoZjCMj zU5ru*0RP3TIK(i-;C2iMpJkyj@icB0YAIft%^z))=@t2e&1J%jJ}($K~<< zJC}nWImGLL;~t*4ClpStK>V_hYs67OI_@jC{w9FJNPJ2t&QV>tx6r3KHIw0raC{~1 z0U#OE&k>}G^W03b-7yC4Rp2;xW~$11)^Mrd*8n6f56OjT{0JC>VVzT;a!%f?s4^P^ zq_yF0ByAm&)K2z8}8t84cs)~*r&;YGqw*B19<|Q3l5IMLg5Gy`jNXkbNtj?NL?= z^*E`B?W=?uGYF4fTxp?+RYLV_u|~dxd4S>+U_D!W;^W8Adzl}j9%;oVXy zLr)i-3kDkj|0%`b-7-z)&Xy@IhwRlbY;S1}wd34U?z+$QP9u@9As2et#(TGvxD2x8 zL?d~M!MmlKh+PoD!}>(wm;q;Fuc+XUK%sA5B^0%pe+@Y9+-e=%8t{Dx95+d~3C`Ih zi5zD_ML?n8b=W24eFoN@h>t&XsIMhLeoX+5eZ9@V(eK&U`vvFpmGe87 z?xH5DbnOo)+84PK6&&c=8|R`kmk`gcje=HZO@XVT%pKTVl-bpbrK_7ry_3~07Aluk z)zyootDm7PU8PV?u}h_~0Z^D7pCTQfj#6k#fXE{quR#sn@h<>JFK-cCxf4c}4_yZ% zu)}ondlcO{%&B!kdDPY5pqYN=NM)@Bz|l;v2+mmga~Ff6%*5^6s4_T+{jT>@@cF&` zVVCGJ9-x;K{gH#_Z@$R+=N$N`I*-X`iZx1ZYA%c@0s++_Fgg)n1d>&znMTt&5AAtII4x{vm;lA(4PZy-d~}CeRt%a0Q5JY%A`b-KVR;&1VJE{tjc zl0A{ z!Vl*bfD}d7h(1StMmNU%4c^%B-{6f4{|(;w&~NZ2sNdjCG=GCPX_&2kv6sKV8;r4W zO2Kbc=^ydM!#kkI;}?BnLiALJ9>X8>?K4U-OQA0x)$SLnq2#53MMRLlzr&AT_Qhe{ zVf7E`@Ba8NH5d@mz=OM78KF8XW@g&MQ>NQ9`&|{ohkyq9t>GydFi;i&GN9R+$Oesa z%GqWG${!qR*ZA3CQqDrl)D`Mc(%FV0*!7*mo=i#^g)lXQ!m+=P!Eh%BFoQR&x2+^7 zhM5Hr*x@M@cmz&mP7-)UAqA0aYX&pyFD*YFUmJb)PJ)YOq}upzypf4vM1@nHM41)=YfL6>3$H z)gZg((0zpdCEzbbg4umL39z?@*)=QmF9GRlqzI@RTmk)As6Yx>D}V~=uPZ_SL8kt; ztH0);{w0v0TJ5G_IGJm|dtr5ep3|ApOT+z^T>l6IqIVAxIJwXSvx~uDTXUGn|D1)* z642GJK3X%#J5hLNGt;~w*U1J04jz=t=~FDcZpZjgW)G;-w$3^^BBp$VTivxJDMWXf z3`W=Tp@zp==3~A9!QX=~+L$jAc#A6uWV4qfhtG<$z<><~yT)uT7+^9$a(#?XZfk98 zHZz{xz$heq6d}z*!jF#**-79*DKw|-B=A#JNZv`{6-_}d*KB<5K{C9SJVz9Y*?%KR zTp{pBg~z8{Wc@7?^dj{G1>#dKQiujsArRl8`P}fn5p_D#kv;~A?re(DIOe=rgC0yp zcBKL}Cn-c5{UZr?1c92)>?}N8WLsZmCjY6}%{vwE3}!*$oy|=1hP)GWM{YTJvxRpK zGtFD>c7Q7Y0~mA|hOEEvx&wMLzDLw)HDw*2h$)XprX;%lM+(thJXv*3%rF9Kz>_1H z*T7)#@9}l$`_~QHA841n9enp((D-=K^s*lHm&EIVPxbX73_-t;V%G z34DlTn2W4$2x>a1e^wwqV^-2HyY!8y)7h4E-eECa-Ncc0F%o((1KF1ps5DR% zqK*EMgl!zvV#Zs;;jw-&u#8<`U{)j`Lx@}#;`3r8P?^!2jMbUTv|4(mGg~gyFX2Fw6ds>)k@YPkcmk<^Q6N6$B86zf zPfoF@)MLgIfygG1s_;@3A7u3ks+`om3e;3mh&E(TL6P^J(RF6CkVH0tYK7Oe$;$s$ zLTyr4C{R;LA=;3=1I0T9HG|m?kwi8DJ}_Z;6%O>k1f+`PDUD>1%ZOD#-PsSlZHnV<6BAY-^;k9hC@;)PK zlR8j=no0`MhU{t-7Yk|zvqmJ5O<)K?k6;yeM>gr7j(S~eROhdxFX7;#%vzZ-2 z3Xd*8n7f{*QN&8iO!J0T&%wav3Bz<|YXo#RKnzS1kvNN)8&RnNMa22FI|-<2(*eoF zctaViM$-3?pg2C|BKbZf+ae?v1$Plb6m{-Z^+_PI6j(I5XBXs9I2h5+u^HSPg9Ml?n*mVRo&6vzgt16h01Fz?>rt)0vGF zkmnD%M&q*tiAG{R1qohBC*TSTkXf^UbC|IK!-{5oP~@Tv3P5FrP@frsn$C388et&ETLdFGk*IYVd0t1$hM4~EU<2bwPm6p zbbW3;xZi^I%q{~DMpaYkWaAZ;8KrPPucdjdEf2byOa=o-5R#b97SQ#g3KSPBDznMb z4u@2(RrtIf33Zum63`uvn^4@QsLa|0oP|%heu&S9kx-YJqhqY0<6c+C12!K1MB>0Q z{{s>Rgf|VHAj-@Uk)}mpvsWrj;bT1LTq`KSl$MQHHVldQYmxIIP{O}O{(A@3GQNiT z8<5a4vs;iP7!ml6!ket$5L7v-+Z3p&q!4Wcqc#-3C#V_BeuN~l33MvFu1(gv1XUiQ z(naMWg=j-IR}*heGiI164VT4TwFvpfhQDR zYev@l1XWJzJ_TwjDMTBxc|Vvd2J~jer_w|=0sj9C@VYixV+2(mqPlvMLbM^96@y6d zK4v43Fo)BaKLhJwwxltCPT-Imf$UV95d`Q|i)Fr3Rf}bAY(E@nv057DUdXRe%@J1~ z1o#*dj+o4zLGoJ7Yj+ahHYH%K%?J$7*h$eGV_gPWE?voE4VOCfG0u7BN}Y0Dm1td! z!RtIE*nyd&ZKBo|Q>X-Jxk~WK=nqzA4r{8x%JobxTAo1ytjzX92O~Pw0JT(6neA1Y zN`6S-WfpVVJ}hQ_1{e7}j|%9n96v*m8!PC`Yz*Q8^u_%vb#cVy zKjaXong3BNGviZcDuggAhd!v4$ecYheR(ukFGFIeH>L5hNYz^5PCgE~4T(H|ME++7 z)>^Db{Ttb&HG|pBND`h1+@bI$Ym1=DNxe;hno0`MMtI_KvP)1inC(Uq*#!0}ysk}F zwQ`h)sBY*Zg=j-|HTtm_33@YYL=xEqc=j~HDp_j)K@HOD|A6M0NEhg=j-I zD`p_U;h1qth2o&rfAxo|td=5uK zUzrURW!$afSfCikL1pIj-e>gQjq+1Lze2Gxb66t{R(JbV1vRa9o_qTgD{hX}mPVy^UFRst5ecnho&2|}59 z!D1|k^+2swRAw9=+nPo7`ibpl0g@{nMLtf;Q)4q8-XuI&%8gPk1YC)Pb&S~~NDR@; z*-_*E`ZS=(!Z9KFXAZ1e(zfwfqueng?)yklwD_%d0TK_+1`wq3^y}jXeqwjcJdfTv{APjM7-w zYc=_H5;%fn9N;x8EkNGagj~+-w@6;=x`W8n)s^?hK;w%*W}O0F!R!enueBm_CjrW^ zW&Q%dzfK_$#eOpXBT_WZ`0Q2Wpp2a?gFl1|hC0i-q0SC+JF8_P)=?y@%NL{sl;hCt z?U_5MeP_)s{^Ii(Dh|IR**Um|Y4MLl?45N21EiIVyhZ zvNiZFmtdU~%UEm%_)R3napuR6;L2|xyG&$$8IXGg0ii`^TxHDjI8YYx7&m5jA#s1k zoUGkrCb?i`W^{Hm%1rZyVkVG|;F&>(0fMIxt*;;ecs?^nE!R#!Ikm4e$nJ0t1$h(_ zI>jsoni^&t2h_!i%50EO-8GI|-&u;v>>Ef>Y$Ef`f}X)F1(k?q&cF%r%%~?C1%q5P zQ#%q+%($PR^_X*Ir57+)y<1iS7P)?e&z~Z3oSDCbWO!~@@*_f?!R#?4nIQyzsqpxe z>v4R(ieyM4>UkvNHXw_ty)QF68|wLSV{v%s+ytz7KXx{XSb~_%N9ukwN)rb8u3a;P zFSClFoS9|__Y=i1(`1ugYz*RqYC9TAeFg zBXD11xO6Rwh)fo9p2q2D%#}K!aKkNTArh>^Y^8v1XxNLQ2Z?sl7xyZ>7N`uKqb{9C zI%Pge!D|uxhZnz)=2hpE`NbeF9vgYxpfb6MN{}}dc=15UYot@=eux(XCofJNUUVE@ z?4iB}12`LLI8v!bB0mr50;JJM7a{43qS@0pBnD!A5xx-V3rLk3iJW-K(lowR?>ub) z;9o&{4e1Ed+erG-ZBGJ%0grD=OLFW(9`bW-J%)4~Nnfu6coXUONFQh<@>58kBiXP; zoMR7?rvPTO=lV3;!1FehzWcSuz@Gs89umJXJ7wVcEf(J~$D58-NcwsZ@K2FCke)Q~ zya~u#dHj}%CqRAin;-tm62Bo@Y2b^&Fdm6cyh1Z0CtkyO6j6xX-||Kl~1kH(M7O`riY1Hxh4@^7N}O-n`^%q}V^6T=n$~fa@T49ny_R zY@au?^rgp#H<#j(xLM-5p|7(5(~o%|8*bqFf`U>cj^7LezaH>ck=WK&1J64Qy01Sn z@Vq-vgT%WCD~ z)AO8U!p|XbZqO$B;%=`MiCew94E*C@*pKuq64xYsvHVLUy<}-T^Z!k8>XFHevwR@I zw*ML*hfmIA1ZB&{za|z`&A0d;iUl?GbyWpb^BQWa3dT1qSg~kHeL>B4LO3z{EDR`&O5)NZuoh_@ZL|%!X-*UibpLUc781;Fb1CwWs zLnUkrtm>{6o;RBWwLL;g9{FrGYAfE~H3`ZaDq9Q@~X@k=zrHJY! ze&)fI*R}RDaorW%lSqDLS9B2_F|_~5>4=YYA!77G{cZ`^UQ4=y7aT(+FFR^^e0Bin z7z>$4`tZCOwR_dD{pMQf(f9p^g@L00;MhS`OAVl^s$o*siaFKzXgrM*4l6?`ewxT9 zt%dW1YAMH9E3KZ2a7kj}0V->7) zKJyk8ztT$CO?@hi($KW9;#WLhk?~St&GaZecGTarq1ijdqsBtj)$NA7LWNb;->--b z)p(gYTr2p1jI82ORHc>Hgfhb|AM!fWKUH0GWR?GD-Bgc48tReah$~x}qoX3ywc-Pj zXW#>>uC^p)Doxa!)wUvD>l4z%w5@3?9SuSjQ1VrnmxaWuY^eHvCVGbZ18t%-)U$wX zDQ&|!L)x0-V)o_q{e1}(x5TK?RG(@^*PhQ2QLA^P_~B~N zP}ws|FlrRmiYMs4cWp)c-oMA5J=vdrqqw#!qF3Ceb$fjP*A?kjuOF(lt)( z3duKHS8XXD=!ug$E2`pDBc;4od4jT=vcIynf)&1Z{i&hi3HQ>_O06yP@Av2K^F`UD zyJeJy%70dg|Ht$?B3*m*|3>8Rjo?2&BXs;xUQNsEd99)x@yh<;-W7_0=F0MaBK~ys z7UgLwMs@ekp5jTUFJ|BW@p!IcPIpU&G}J4j;!&S${eO04WV`>~aaSu>_gSxeLwQB- zI|}O4)5;REo2jjepK7E|znA#e_FZSHmFaKFXSC;VR;s>-&mBruJbLGOrfqePgvuKK z_`do~TQqxj=4-A#FR&ForwHqvgM#V#TE5~`cz&vpRaR1cR36g%2`D5%@1{c0OtoUh zF>OiJVkiQrR`dyuRPC8vdDJ;nN$x(cl@8i(Lp@bzH!YJIsy<#PCvk<>RMk4`>N9T$ zqfYK->!u~mxu)<+6D^rHQ8aA!QR!o1OiuIG3var7b2aZwK#*eMq4z7YsQ*QsV{~so zj!H6bcH9!hTIAOuBN}knEf2^Kcq4er12;iD-ab)z4kXSXI6ErJ#l^Z1Bso;vIdq_& zaJudayw*T&vY_t)?<1?E17>tlu=YV(NZq~qo!TTPM4@f(3S%>41|?O^+!Q4Vr@9lR z@QH${mrv!E35GO1eY(1zUdV`V7JhTGw5Wcl=GDD8TkapJPc=+`RXvdL3m>54_|Y$Y zH;Tg)HZ;!NDB^EYqCZfx@?#ZnHz-BarygK6145lpUg^}>sQs06)#2{-^gLly)t*I9 zRgzRs)vQyiY4~Z1we(D2E9TmuIQ0lqrrN>lQ@W|O36s;D;aY;ykeqtp$!YdcahjSd z3#$7a-TQ9x>$ODnD5Q_cqwJ$c;O}#)^+TNlySJ`g(6nL5@+QC5fm&(Hu$I(1Om)VQ0r?e0s<#ZMA?nIn2Ey3T^`qoyTu)U?j5rK6LYLByQN z9PiDlW?#(c(Y0Rn8*2G?HsB|+uP1}byQPh8BjnFfiJyPTHpSE82 z5&Y-Ir6(_e ztL&zFt?*05&dGB4QFj*f{d(H%U)dk_=7;~NRZZJ!D^a(9bbqd6k&0%fx0rLMtGB4u z&qN1hVWpw6p|&$+){9rCoROV*J`VQ{O3=HG{~P0~9+%L3{O2NY_n4p~cE|#~?+0i% zZF6d(J&kou{1Wl`RA($go}hVDTl`$(d`m|-d_+`Rq5gJ1AN{-hU)eUib+)T~QmrPv zS^FOym+rA$+fcPgJLrB94xfV|9z6?84EgmO>^f3f&ydVInJ<0*-x!GnlzsGEpjDM6 z)g2h^1GJtQsWgAc^8bIEJEk?d`9p?XD+bWAG zD}{S9Eub*rb|XG~Wl>|HVoTQuqa^4ZdsnKqw(>xJhL4xhL4C3n#ov7%^}Ys$dZBkm z#OQg=7WHb?mD7w2XJ!FPFgdk1s@{?MuSZvXmZVHm!*I)VwUwfp{5sB1D{asJ)V?vi zUA7pmEivYZD5{#9y~pHGAA94}_bz(2mG*X0|Mgv*>4CkCvhp+?J-Yfs_c7A`6S7bE z?4ahl?`jT`v$u1czQ?7kLH_^K(M;*jPd)n7KipfCw%s}Z{^;vFoJxYS4?lI>4#8?I zFlVmz4Q0>X=0$g{$gf7kl-65}HGM{nzNg#zVp_wT7y90{>RqT^#iM7mqViK=lr-Iz zvbLfU{=a8$ufK^neeXg(VD?wpKis!Nz3YjSu(7DUe9={Et3&(yE@s*72D3P_VWx{Y5=@a^rvc zxf5k%ZE)qr9MERDt)U&5cm*qS|Ncy#IN8zb6DO}mb2#u&j=Rcon3Czi7zlYlM;-~1 zQPr4K4wl3hjp^SFlR->CRxf|lV95N6%nH9F*@OCU1sQBUrKF(i_)ri3^9ubAc;8`pnzhquTUGB})%6c5ZLA4Yjv; zK4iI)$xK*E2gb}eCDk@uUk<*2YKO-mF-UmJyyo}8y0zG#`$ET%0$Fde_LcP z>9f5bsYh?rG9~j6)Lm+)slv}Sj2+GJysMRNmO(3G+l@7MYxzkAP<9z zK=Lh@(=;1W|M#Tt7^#0{?Pm33F>JIS*b|*@iv`5qVZjsHF`O#X^umL=)`dqrGOSiF zVL5`5A)jH%c2;nz?2lp~w4G@TwE)wW5i%K8ORWfFGK3~K8WLk%7d9*+(=ZvBrc%DkNVdXu8VW@rhK0P1X>WQoCYLr+&56Ad%!=*KaY1^8*p+Rop~>xP(ARARrT^0vSLWS8C*IVWutT^Ry?RJ#1L$A)MQjbvnV`lJ)kxJ`@#1G zt+@&)^bMH|_=MK*Y2!br@4|nM+cc3khD4|!E)2_dao97#be{@>@jKy34HtJSw#;e2 z1Oku1de_R{$tFsS5$Wi}{e})p;sTDTAU*{7JObY(|0v~CgxBOb$Ph(8zbxU;;rWeh zuNGw5)9xt`MThvjNn-O_$C|cxo_sTUUf2lHN&1*h@>VQ|j2i}h zEaKiKEG|0kf$)mP#D&n~E-vK6JcFlu%~@cl+GwHK7#<^kwOsZXXL8;+lP&H2vCdb0i~zFk!oIz4Jh`=3fu*My z3Ekbkt0~6m<~LT1?y~jD9Ude1o_R0#s~-5HQqY!;k!pN7W%YS5Jd*u*xwF!6xK6){ zJa1YkG%CGG-gD-Xf2}pAy?c$0?;2Y#GRB@hM)nf_)IAu^DY_(k?UUs#!8MTV$z+!H z9Ov{vg<_xFiE*OEUsh146HzwGZqktza%iaLaQ{heq&nQ2dgjL56$u`0G6a%+uOk(W zIXJzg(;Fi0wKa7aof~{~47zTb}&T?A=+Wth|4g&nM5=wyisXAJi{}!pX&q`CT+z-(U7$c)T?Gsjb zwFkdWOwgg8(mm85^%TXtC(ygpkUTAwn1|GRTBKv>9!46Ca>J$mFQWT967>BZh727d z87{TqLz^7!cWa~0GB#1~H8^3At)G4Ze@os4gH}{X3a#O~4Yl>tJ97SilpJI5$&e!T zFccrJq90%=Hby#<&~&)}d{u6RaEyqr?(_Js{MCpZ8cGu$A*NG9;u}sAV zWl%k?%5XHXKk8gjlSWsQx>5F{sm|)8_T}a$W4+qN2Am0@s0=SXoPa*Y>u=QlEUa6- zL>j%*qDbSU>NKdH4)kyv0}Q8^c3MmccndqEcr>0J)n384rQeH#(F3QR=^;pXyG02| z#~8lV$bf(`+#x$nV16kW{FfU2=o*LmfZDtY58B|J5xwbG`q4+!MmELVqx?n;rQ!$G zlf$Y~GTbBJR{@1_1uNTAyaf1g$9fuq^?!AdQHK(7CK!>zXg_UH*EX(rMb&f3!)Y%z zGJ3JF3h%6%*I3_Rsdrhes8zs%s`>SJtyWWgb+uKuq84n{@|yaF#vop6WzAc3s%gps;FMHWL|AWHC~lvRW?*CZ=5&(nu?_j z^-ZfQs+KfXHCT03b@P|5)Qx5(Nd9S2ZfS zkQ(s*u8Ku|YpFL}dz-pse5p;sdcyY?Qs*Uz`4XUmtZz>D9&q6cR={0L)ITVH?8ilr5otXj0h zT2kLoH+-Zrdw7ddSviDoiU+`o6?Kc6suo!DS2V1wa=njZq8Svhpne7VOYID$6$!32 zuNn?pWi4N^bSeD3YC(mFTOJx3ae=BLx*^?>a^}ykhX-FmZ?rD?;upsRbLKbHFJI1= z*yUe#NpSeE5rxAFbJa*%v3ToS5Q%TeyGmYgS21Zxb-gun#zht5C(M{SWoG$B6;mda zUo?IElo`c^(c>pfDjpsUW?X#1Coi2-7OzB=iEOjX7j*JUQ<r&czSenF%0zEqc={Utwh&3`uF0Z6P{f|TmOe6=q5 zh+lxjt0$RwgPq7^&g-A$VLj@m>+75{b$^FCJk0+Tp>zv^u>fW2sb7xUQ{6(RF7rHx zpYJrj&VgS+Ug^MNU~DZ@zi787nS8x4b!Ps{c%=h>y;axMFX!#4?kJ}&bFB~G5Ulk% z0$A(w1w$YGqTilm<~uT(_eY{l`1ay~4$N^Jj7(>w*k&V zVp|U*-R{8ru{XX*nRvdySI_Y_z}mLI0(`Z@GYp;3KEN0FY9DR^Oc_jkfiGXmOqf3o z7j$60z*pO9CSYDY^_T6UnzXOu%p{aGO#5p)ECrm5#J1KWX+Jpt7;20BXOMHAkVn7R zmhBSGb@2Ly*FEXOSU`Q4_jUL=Uo<=$u(tCG1O6spJ*Rd99)v_4=qJ}ZFkcYOxlKG@ zEUf1gUnZ>Q4u89;(%~5cMHtt}&ld~py4wH;9XwwwtnJTVW72rOSXj?5{bKK)`pfx_ zYBKM&omo%Y`3k_=hiQMPCw5+jobf#y=~^WE8DahM@SfV@d}Le9wGUrvz?FctKd%Oy zh(wtika$rh;ju`R^Ar+s8Vxm6)y^B{98QMuNESLQ4eLfzr>$_jdr;^Jt&RZU6m|0GhUPr*GaRcE~ICEeH zZ90HPbYtp1^upSG+y$*W8oH5TsMck~rGnr>!yUqP9qSM!Y@kEvuu%@7yAH8Xx{a@i z4Gpe|b;fN`Lw(&a;!&>WSPz@Vn-rIY7cX(R7gSZQSXfcrFt4sE46}%**kOt~ud=eC zYGoLihks=^hoxcOl7+bKVB&f})$%m%NJUt&hT%2wb+~h64O4H2AEug>Xac81uyG`! zfZI$cL*WmJA@EINJ1(JAtXsiLK4D_ zkR%~Vlq4icxDk>h+(_~s$E@SBk9N=VzW4La&$9mO+~=HY*37I~vu0g$O%igrt-e9I z+a2E}2Z2Hn8!sp_6({b~9UGeyTn!Z;N_vw4urY}){W4&d# zdA%p_xDjq)2sIWV5X`?VM!loB=j+Xg8~?_7+i>%G8}OL>Ct(ORxK9<#zrBpBXmDP$ zUMAc^y`!+#`wox)r+No94(_7iJFCZirBDyQwEeB#Z}{8b*eKEeVVZdHm0ogBs2=xiL%k*`>XpQfP|Z+Gd3?yrl7-rQy!+<(xDB}H^l?8a)Z;M;{JXwA z=#6^+)B4giMZH&Xb(Ev37q%5#Uq+;;#|zIiMLY~)nx0KjZ*aEwI4(O*Uq0Nz^vzCD zFC8`(+$Mw})SHo_UXSeYaVwF;di+is>a9spuMX<{PwU^x6!r3Afrs_EfYtjZMZNZ@ z$9>B%gz4L!qFz_jx#!=2sL<#jbQ%m zQ`9Sid)B)hw@|M@ih9NH2X05h5NhO2QSZD>Ur8i~di;*;(^vj~saGLIJzhdFyk36) z3H9zvQLiTc!1*2q=5cr^MP7aUAslPu-$Ndcn*=kS0nghB_na^Mj>NxlIv!6^ZyJK( zI3xaiy+)rD^?IY;%lJF%@jGv*H#SAR)Hfwx7z}CG>y1oN?@yb)3RaKD9DF{P!JE4e z0~*3>oRXqm`&`M>7xo?adU?SouQwY9Pr`9JmJIb4rl|J|>Tz4d*IQY6thYHuy-Ed> zj|t$<*XwOaQSWVhP=xIZkE4Y7_d|+$=?WzuxAS^?Q`BpN%e%gT1WsQyt9Lm?z453Q zj*EG{^C{|`N4=Nvo@2clR*x6_^7(i4w&V-Bc|C4t!@OjCWKw+Gt9TC9tA$&5y#-R# zTZxT8IBvx8LXEsB>gB?v80#a(dbO=yl@#?dmrOo3$B z8d$v%De8TWjbAuc;`N?QQLiL+7~aJ)x8;dS1q#;b-t10SzeMj>8*BH6s z^)5|OuMG~;gySnL8S1^8qF(RP$@?2&U!Cu_PgE}~g6~kTH+R@IgnH{z)GJvg`SZ6K za>Mj(Pf@QSw7||wPOO7r2!FepqTb?)*#9dMtJfOIq25g?>hLV*{Zf{H-ENkfQN-5_?r=rk_V5cjyub*ch`r6=#rw>AEG`!8u<2IQC_bGAB;mF~?1nd#=_ZAM^m&6sN zV-NIy0`~Aa%G@_h747jQrzGH4v|f71-RRM9Vv3g9jwu0eE7ct*JIkP44|NQi3~{a(%(_XSen zu@4DY8+fdNLl@jqU0*w*5b8I%e(_R%R^vMKu|Mel1Wca~30VJpNQl0fCPxzfb_rKb zKR=O@hlJ>tUw_O`j^rUBj$8iZAt8=i?&KjMu2b>@DB*9H@a1E@SY;(3;zL60B9qrc z34hzta(uq4l81!2#N-E1LUhC{Ih1gHYY>YiM8D4Y-+9C+c}R$k`1s?T$q%4}=!i>l zDB=3nBo<4Ej(GUr^Cv%m5~5#)lS2v75d(kBwIF#&_}e#aj?YhoeD_?{+rj>1|wmJUZWhn#{X-bwpK@*?EhbNH2?o!=ecsCc`hg6>BBOL=DFri zG|#nMqIoVy^IVSRx$>iVuJ}LZx#Itr=i0r747m!tWt`q8?rcr>5oXg;e>G@pGw@Ch-b#x2Z~boBpqKKwW9o2DU}4{|gg zv_3@hLF+>_ALM_mZ(1K}ayqqMMe{**qWPe4qxm35^FcY$d{CWeeN#@fzR8_fUpZZA z#e2}L@t=k;-=cY_`SAZb548?t!}#&JV?}bA|FJG9r!aH)M-2a%hecxXXdY_0NApmQ z=Aq_!v@ZGdGZ8~H{c<$@+U94#-@^Kk*&I#3UT-x0z7D8<67#i;qUo2T>DRJ|)&b4i zX!;e8reE_vntqKNO}}1CP1cv|&~5M^hWfbupO=y9M6XfP5WPlCTl5;06D=dGRuX2)*8n126KbC3kSe@wgYTb*LDFYay*Q*0F(d+$hrdiXI0prK3PBhJ` z6HW7fQ%A2Qs-xEu)lto;j%r4)T{Y|Cd9z_XtblvwXG0F(ZhT!dV>RU#xbG-4mYS}C z|1d0(a8eI*+CxQm>qY3Ayf?H>Gx zf&N>4#8cMi5u0pCgh93!FGK0h0cd`=tvxB7Ju#PE;$h^MSy0(seT z#@5HXXymXaorve+@C|Ov;kV~sEKOj?*FM zS;mnw3imT;Ho``Pvb`3MbJRm+LH@i21{zmU4Iw0uFUY z`HgVT@2kvDLJl3CYZBwA$#WBy$UHY;1C9K`$fra7!^-&<_gCf9xX+L(mR}6{bYdC+ zLmtIT%HetWdorJw=Qwned5*&qG@h653p&&pp?G=3=`cO~9h7x=PQ<73O5E?FQHR?+ zI@I|~IVW+SJ0UhM&y~21Mt)V~)1iKO#cLu?hv{#}IG*<&+&?Mv+=`(z>R=U(9G-W$ z;`I@y!+Oi<%f^)o0~bHd^_KqIdW(3<^|lc6u>#zVdu}&4F4tQ+u?_yi&=)u6aNQgz zbK2gNdHie0a&pNbXNYo!<9;-a9KPS_kTaQa)Oj8Eb7|xx$suPs@~VK31RW2p#I<=lbY*IsfR8&*Q(G9=`AB5U-+m zO~mOCAHsNn*k|1ondj^*lV{_8EsdI7&*|_U+@v`E6h|j=;bZub@dDWH;{HE05*i^+ zhw0~Ue2h0moDS1-v*Ilfr$e0WbePY#Asy;8W*pDObBKD%Yzq@@_mJNn`M%wosT`hL z#B*9WF3&CcoJM{p1gPmdlTIGRPr^%ZYWkJ?umyhwooH}&XX!+IUT~O=8*3)XA^%;)`MT*uEF%u9abtclIc%TTF^=iv zIb2^Uhx3UJ&-Jb1WpGc2_z}g+hzI$W3NFg-UW#GaSuKNgX*oc&)AVhoy>CBPClzR-(Pgt2EL#;-&1sm^S#76d>_#v{+i-R zxTiz>9mNado=)V57*^oMI()5kcpq(0obMMp5$gtruW@5O-!F972L7Zt=Mx>`*BHlZ ze+u`}dl0^f>o0DM_eVSjjhcK<(P0|$D$aRKhh_Q#9%sWwj_dU{c^>Z3yd{eN2sfp< z@?(g;o5Nhb(K-NgIr=&fZA%f)fcQVQrFbrWU#W;2YjWAqVfof#964BBW8b@x!{x~3 z9&-4#fjJN3zB`Q^E>k+>a9%Kn`_$346dnsl>jv_<$f9+lHGts*+?c-^_q@^EHlCH^ zFb{ZRob&!>8g-Horo(oIpOuVr-JnCfjN)83=&-G*s(4An>F^%p`3|hZb%PH1V;ILY zJdAsO7SgZbeld-Ft}}Fak4K-0h;x02J`=e>Fl^DdALD+P#^t&}hjr$t;x!ScL;RxR ze4o{#ely(||6!oR=khHu<6Ph9uzU+L zj+%J+(Yg7|;d)rYa>^;^ZrpQyVonA*yp{(Q=Xywo`5diR$mhBjtyf&ZG4#QW&&%(6 zPtwTYx<`ka&neDzj1DzlQ9KFvbcj!595p#lX2{ENKU?07`*&pKERql5ex=Nu56v6o zL%5IL*O*SOlXO_ezK1#eTqo%e|2N~99&QUy(a6EW$RX#V;#@!J5KrK`f&B7_(IFn~ z8z9d0(Dx0Z?GobGw@X?-3#(2|G_XB$=C!3sDG?o)>(=aaAJv!8!2(u>FJvvb}-%vaW_jK4l zU!XW&A06h~dd4vg@8h297Hbxh!{^{HigSL@;dAP|;#@cAL?&SP3pds&FDIsD6vw`} zj1cF#L5F3O6_2xV!;gUu%Z0CvaV{4+%yZ7xY3i_ zPFpk$T6UN<(YRf4-<(EHW;sm%LyB`c=`j5qhxuGj=rH}9zWDU`4+Ezoo==K_ck!7b zM$Zw?nTdgQ6u?1_q>IC&cpCpxJ5 z0>fBlUaYY%=+A)V?OJDPNV*pxaTd@|C%m<1Pr_3tnxndA({1$ z%dG#a%=(w*n_)D{jh-tt?s*H(m5wgN1Z-QFBWE%5y9eWZuKY5e>o%Fsh35NF4xg(M zjn`Eb_q>JYs!10?0){%wksFws%6zWYGM|g*F*2Xe#pARzw`cumJQt7A@)n+JFkKW0 z7@lU1Jls4+=5tMy`CPBbe6F`?)L(#m-a`GwwDuF0F-Kly{zzv1O)~5A7y|QIe~-*f z&<`}8>k#gF3(s|wE{OyTCzvCjHlLUITvud1S1JUU&*#caqkcBr^A_soqV;*f^X9V3 z1oajAbL6pRo~Ot-?&7A(tpBFW`ZwSfUm5>l$begX^@vf+>|kzo zgSiQduNuoKKv#=7`mEHrr5Ts+GBY*A?=eT8amw#(@#ynQ@xB)4cbrh?8S_Z<1oHy( zSLXfZ6Xpx%OxU)B=gMp5`QIVl5bI&^K=YU8)R^ZXr>}XDdA0dtnhOiVCvezT`Ihm! zWAUTr)0Tgh)-p;+ot&S+oP}1-Efz0i=DFY@Cpu3}&wDrHS}wI{u1FYo?pfGJYR9

=h4*P*UE$0bZ=Pcc{9n!IXuaMv*l>iJH_@tdGp*%V%yP<_@3Nda7H>eSPGgwU zQ!pL&g)HYG%js?&YJQ#8bk3o}ekmOGQP(i8d9ua)C9QFPwD@WB6*E5&LjBY*>pzI) zn1gZEPqLiC%J~*KH7s7+;*A*BxGl{O(wetjEZ&#aYa9S`8t%gOX{_bEVxDUGGc5mY z%UNQ6&+^|_epS?8Z#i2m=WFv(^CfdmEY~ofZ>6NK@@M{^(Z<8)4LS#WF+=69Kg;4zl-isihfobQpd+~TV&{xRd4 z&MoFIY0c+77C%gD8jiu72DTx*VmYaAOsKC?n8Cvzr z!>sc&>Nl}?bBniUT=lz|AEi})fW?Q=sy_l|{pQ$DeAD7@S$q-Ws=v~_hF1MgEdCX( z`rp8;{~qd}w)k0#|G~KGCuB@^I$HI!SUexC`UPOtPmBG{sur(l@dk{m{sZRLwCZ=V zcyC(u`@yW=74^qie4@ptF|PV^%SE%SZm z=H~Y1ZszCAQ_Ks^@0mX{@29oB`Zt{y?+FY)!QoiYAB<~W-H3h0;7qi}EokvF=IZ9! zwB~I~i$6r`c^|f%$1G=%`Dx1;W$~A2)p^Bo-n5+gmb1+KsriUG0S8e+&6{bx-h8x< zYZZXQF|G=XYhK-L`Hd{z&fL@d7_FL*!>m~o%VMPEyl6R-&GXG0&4 zzr?tvKOP6$f^VR;?q#xg9$NMD!>s=%>fdeg>K3oZxav1Gx1?47A&WmstNvp!>$k#o zb*#lFSo}4{RezTGZCdr0SbPnw`s-lUpO5I<@RsT=H2EK=Bwsh*^-~PocVrp zPxFiBdFBn~-R2YK)Y$hAuQ9*5in*1!m-z+r>*l5Ao#u1qR5|dxde5e(3&q|?8R2jo zy8z=_UZu_DX^mUM;&m+E+TxFx2bxEiCz)rN-=;Nf3t&#$HcaY=mb0GL`tvERY1?5r zM`_hLVfmLVhu%DNMBoy89`es}D3{cJu%YyG@r@ziMK5$dOdS$_uV7qWO!i~GI ze`}cayW%tDaf?4`@nMXs{uuKFTJ>ME_*=BFzaVc!0$VGljA(cD8%zIuKKr`OVCwg%cZ=w{5f4cmcPs5-&y=;i(fL|fc@xDGrRc~TGMbV%xUP4rzm4NHOzG^zrOMZ zBfl}@)nn7v#`61Eet)`ZEN8goyl9?iInyjYi`I0mFmEyMH=i*lCMAzs(p=yCxOs;8 zZSx1_FU^O{*UU-Srwh|un%4Zen=T#~4b|cByYK^yYq>vce%w5WR-JJcf8D&${DFCk zd9V4H`Bz%g_B*ZRm8xL!v?ZD|)5^(h@xrv~6tf)mWgA{&E%SZmCYImE;+@UCY1Qv% z`OjI-So169sg^(6;tS0yY1RJ#<}#WbkG8cI-)r$hjBDAQH2+F#{#>+p0`_Y{{j@Oa zvu#CA##JZDT*UH=TmGGvQ`vIvF}E^5YJS%Iig|{4srgg$kLJJ3Sqmq>uA=5D=2qq> z%#+NsX|3n;>5{Sc%OW_mZCKB^=GCW`zt`eFna`Uq)2f*YpJTx}%(t5xnR}SWnHQTs zGaoX?-*&BoF4D{@Vq6=b5T3R)4ws=m97qoa$i&wUIJ#!;k)7H}5(>&I^$h_XX&wPT` zbY7s#$6ot2i)X<0EX0e_$}ey6`z_v%zAILzo5dfeE5zbYTYN0tE*5{u;%}JWGjA{- zF#lm@wa`{4wK>s@L($iBuuF2?*sNYRN?tctwNSH)xrVugxsAD_xr=$Ad5C$qd6ap) z`DOET^Gx$%^D^@X=8w#q%v;Rgn!h)nq|@R*45x7mK5xEcPLF+^ki#~;!EDnToXgBM zy&-;^IcmqN=ViNxkW<@S&)n49!raBoemz5-zUBdD9%~3WBh75D8{$!WT}|6Oi?fYx z$obIBcDW(`nR%O;?QcWQ0rN3))c#G+d&%N|niH@u80w@oXEtXu7cv($v(0U&Q_ft| z%yzaRr;WM2nf<+l9JZ|ue#-o;`33Wf=ILhklMw36GcPprm`G?F#?J6@%svg{ATvI5aK*PH@K|1g1Mf# zq4@!GD{}{PXY&B_ATzJc5T@aI^Ca^W^V{YH=IB}rdc7+wzS+Fh{Iz+v`H1zh-cMXsGj!`CaoG z8ox7fSZDs!{JD9Dd6)T^`K0+b^Lg_X^EGpp8yj%s^;^X7GGjsZr(uScOVX*n!hmbFz+?*Hy<${H(xYIZCUkP zsqlFop7#cGE^}UUA#+i4Wpg!i9dmtiYjZpE!{$fK1IM!oZ0=_6ZSH3tY<}82!aUkM(LC8a!#vA8-@M4Y z*1X>QnR%OemwB)GC-cwdv*ruts4cP9C0>&!EYqCkJm!Mt+sviS<;+q0Vb#Ca;*HJC z%$>|#%>&GX%+H#iH;*$IM#Qc$YgL#K}m-&11kLKg%s138`$sZQ~%bW%W zM8dL2Z_Z`TYc63fZNAHVw>f3o=I~stEayRUXLC366XvMRvtHL|i;pv>Z1WtRcb4VM zHNR(m-@MMe(fqY}xA}fGDuKcnVuW7DhZfI^|e#rc= zc^Hj00USn{Uo^jDj@pnbf4apNnU|X1H-Bi}YTj<%W8P;zWIk#>Wj!>6~Hl zS>~1I56tV$o6O&szcn8)A2y#fpEmzxPL(-%ex^5PH0L!ZnTwiBn4@;}dhOLMUf0~f z+{WDA+{N78{G|CQ^KkPh^91uG^IPV3%>OdKXI^7oXa3aux%q4JZu3#|3G;8}^X5Oz z(K!N|x9QlHUd~|Vbp}E_m${g^q&Yf|Ky@lwyr#L1xw*Nu`62Ve=Kkh^=8@(x=85LX z<~Pi<%}dQI%paORHg7lYG#@e_HK#n6AqbdG~+HneyPa~pGab1(Db<|oag%zhrkG>gAso@<_OUS?it-elfl{>uD~`LH=U zKSHnlJmZC8p9`1F*USkxZW?mfA6{@Kb53&}GtZj{`K8TwneR47=TK;R?zQ;+<_FAe z%^l3$%stIdnV&U}GLJRCY<|@|(>%w##Jt?R*}T=f)4a!gz$d7OE&d8&DVd9itg zd9``Hd6PLh|3&lvJBuGQA2I)I{?+`KITen7hvk*UoZVc+T-;pAT-Dsf+}zy7+}%8g zE)v@g3^hM*j?U9j&NPd^VV-NAZ~mA0J@cpL&&@l`yUhPK|71RGK5M>gzG_ax^JVl} zqVtC2TP%L7xrn*Axsti6xwg5Uxs~}rb7ylm^AqO5=3(aO{3A{OD;9svJkvbKyxhFX zyw1GQ{JHr{^DgsV^Fi|w^EvZH^EGnbdUIMlkGYV!s5v^PN#j9n%^=nGA}iMZ2rW&)x6#OgZYs8 zjQO1T5A$EaF7@oJCxsSQOd9e9u^9b{3^K|n}^HTE)^M~e-&D+g8&EJ`$a}qTl zj#~VL`8V@}+(R`CRpSgg!n7O36ia9#3R_~+xE&hP{ zVe=#Afpp2(=hP7MbLNre@#dG!(K)uN^M=J2o0pkao7b8*nWJ-ZRda{McbSivkDGrr z|89;?N`Ad*%o)vD%z4d8<`U-8=8EPj=6lTdnp@I$#6?3}b0>3G^AqO5=3(X$=5gkU z<~inh=Ede^=GEr4=I!R4=I_iun13<I<1l|RnRA$LG2d>!!(72!*<9b; z$lToA+Wd(5QFDLuK=U)^;pQ>s@#a^})6BEXbItFW-#4!_Z!~W;Z#VBT?=zn?pEh4G zUpA*Jn7q6)n6sI4ne&?qnM<0>m}{78n;$T@GIulgG)L!p>wWix#YfX+;-X=kIXdrK z@z*Rq(>%w#!o1r2vH278Zu58MgXSaV3+Bt_I2`+vP3@+8L7<39{2dA(omVsJQriXZb? zGvGfATm{2$pEjR9oQqVIar}Scu7WRX~Z^}vjF2BsU_V-?8T%N{wN&JW54ctQi2D9Pt8TvNk+U_l2 zoHHB4V%)-c+{@tb-e1YM)(!Cba!+keXU<^GWzK6(G8Z;;Qo?zB<;|7MRn7Iyjm%BW zEzF&0tutJX!9C2q&HcdxCM_fk2golMe81yOIRmoo8LAsFfTTLKx+o*#cjh0=C(OT?e>0yq$HgbtPi;@?#pY$^mF5lR zPtBj3zchbm{=t06eAN6KT_83+=gpVQf11;!O3r5=G-2H6Tw~RV&NY^kET^!!n7O36 zlDVomItN)bqjQkurk2yf9G#o2oao$Sxd(IbInANBxu5w7^I-GS<}v2+=9kT{nx~oH zFfTAKHZL=;G;c6}YX02(rTIHrpEW<251Egee>0yqUo!t`PM45eKZBXq1`5v`T^mT# zkYw?~=3?fOW?pMP)Zw*>gKL`Wn4{|f=`)nq0}7w5ZOrY>J!pNl_BQu3KVg2(JkmVI zJl;Ib{Dyh9`EBzu^Gfpv=8w#u)B3Fc()_h~xA~CysQHBX7xN`LP3-;hrnv z&FN_E2S(Sykux)%Ayy}wITwxguN?B4lW2X87d988^|@TqT!z-?Z+UZc?zTQpqjR_A zn#|EQypFj(t?hFob5mOTfi28!=&+qJccKf$URPIh4_fbq=zMTFIv-r??GwzA2h&S5G}i??U|O>vsgZ18MV9%*0T7mBCKVxrwXk3|8-SZ^Sog-So8VLny}_=>w93$ z!=`m%&9}Ap!kTYa>cg5>-!y6xs8msLEJ+!zcX>a zg87^+kIFdhC%RT3<2cnJ?n%Wti@0CG_{}i;=BByoj*)Z0FUk11D~|gW%)#O2sNYgL z34Tj)&I;~VFkS@ym&{qgeF?@nE7(5?%~`QgE)8#y%fj2`3h*u&izkkKm2lk3@Ie`i zDvo`XFkTb>MXn2Tzk+eh`Z)GaaGjLqa!`tP|a2c7a z)?IQzxT;(PzDK?tt}mB@@0YpgTgv6&_A+1B!*X@Fhg=hWOs)-cKY`QM3})XZG{1{H zC%1*!w+Z9z;R$j_c#`}u{5H*%2gAGOf61ID8)?1Q*oR5*7cz5xr1c);XL|4nnK`_c z-_3e&#$!dMISQ{WL34iIEb}dyTP_SI$y|Sm%6u!`A#;AR-xAj0{H!8#UAjl+y3|1C zd~PChKDU(d){Sc?bNyi-Caj6KYjpiSx)Iz*@g^|)HetLaJVb5{50kkpM#=5qadHQk z{hV-IE|;nD!|+VG8$4Hj6kaIzhS}!{$9)W5CHI5Z%8$bvWq!ZhB0mXlmxsW+b9_IDwIGr!S>E&18O!5>syUg#hdE^;z0eL1| zRDKI)e<`f_He61A2d*r?3)her!@O=C^OwO59;CV8?TQ8FL!|Y#$ zIX}XyxPOYmv=5BQw?Cwy7H249m? zVSAh=O>8>Tz=?8NIE$Pf&M7Ct`Q)46LULxfxSSO(EoX<>PYdTmE|}Ngqi=z0$$8;= zauVEFE(kZ5*&kS2xj5WWE(v#&OT)e7a&UjS0z62r2tOlNhDXR%;IVRbc%sbxohdT= z8=E25hv&%m!SiMABk+2Ee2q=v6*Bi1*xw7|t>E=?TX?hF9{xh^2=A0T!+Yg!@Bx{9 zm>rRO!R-5m_4~kQv75Uzo#d6vy8X^I$lw{1lu~eg@7e4}){d!{Pk$D7c6` z8fHH*tUnIsH3w<#vs9EP!R#M~aqhp=mZ!nI{vhM8!%gHj;Fj`in0>`C=WV#NJRj~Z zzYF(~m%sz$r7-)A;kfU^!{iU(Q8M>~#>wobZIZkJo+|TL%S?F-JXhWZFO<2jv{c>! zuabAdYh~_3ZIt)GTjag)cA5KDyX5`wKKV!ZpnMoUCLe)M$=v@sE1!Vb=L}!_&+t{5 z`(+8(2VwjSoL)W)XOemBC%gO~IFEb@E+GE_v;P^^`3o*3$ECvdUrq(HUmE75fqCsk zn*Gw%mAMbtP|gT9lQY5WqlWq1H|!v1gLxfB#&f_uhNm0CcI9r18lB4R@2r!R#l8`7go!W$sh6pB%&xG!XWhu$f#f%nQE!3X5^F#Fiy zxcnY)QvMu1BX5H*$lKv7@(!5CV>m9qqo@((ck-eLS8Ttxmi z%-(w15l9t>L0Fzn_(o+217l?O}dLnAZTM z`Ms@%+y$;HKLR(Dd&2C)hxxtW)-sR3c98kqu8aI6+*2M3_m!W42g<|Yp)!xr4wpy6 zqvaRj2{Mn@PL}yyaJoDho+a~p;XL_uc#%94UM|mqSIcwYbuzy@Zj$H0TV;NaWM4ph z?Tg_(GQU&qmsh}tWq!Y8UqH-X4WE|zUGtpG>zQAcH^A5AO)&cf;<%gPM488rv&h?E zUh|YW{BD|0=CR~L@-CRyKV{B$F#8LlzlSTx2jMF6zu{UkzrXTYsLbc_=Em}AxVd}= zZY%S9ZAbYW%)Wy-?ghA)%;VGjC6+IW0Ux zPK4*kH^KAeEbtOJ8@xi!0k4sB!RzH);LS3RbAKV<3h$JY;JtD|_<&plW*%r`gh`tZbFY{P<5t-lD zOUTXPvNFHBSCk)wtI7Nx&wh$nvm@L z3cf0T0P~u&jIV{$%RD}jNnQ_Ump8(BWFEKR^=CQmW|;jT(OckBGW(7#CvS(@4-#{B z!ZqYwa9x?lIU34);bt=Xo#pjvIqnZ|2l*h}MLrDolz)Qz$|vE0@-OgE`3yW<1y#tlJI5u4)~f}7EW_hEWaF_DBlHVkt@MD zWgfrDCs&6H$vl=*T)r1BE!T%D$ULr7MQ#f7TD_c39^8yoN7xy1>2UN8tW)Pk4~b<3rELePH(E#Buw=V`UyUnkWx|*^d)*2EsGsA@CfT z{RGdKhrvta=iwFdNO+Ar4qh+61aFon!C%O)!8_$?@LqW)d_bNJACc$6CuR0G%>JD? z%?sfR@*?<(%wtsiU5+_R;k5F5F#CF9d?n2Gcl7&kZutW^zq}SMBCmr>$UMGPR^A9# zl-aj&HTg5Rw!95)Ab$xrk$1qn#xbYi8@Qdk8}2Og*jRV@d$^B$03IM8f``b*VD=5g zn#W;Y`naBCc$u;20@;z`3xemVriIhP%30w9at`>2%;T~rxinEh@sz7)&UkjI#H^Sv)_T64t-U8Q_zRiG%h_ia z?hl!1X|l!g*=8eyTnx@3mw}Vy2jSagwo555cZ1mn7oWF3TwfjvvkxxD$H497SKvqF zSup$EV$K41ko* z1-~y}gg=t``}imFRrqt6zmI<<^Y?M~$HnJO4Sz4+03VXm!9U6Tef$@hzmNYe^Y`&f zGJhXu-(0Mj1Lk$@>D=&*GJg}#Ea!)F$OYiMav`{&Tm&vA7lZGRZ->jv{H^?MnZK3S zl*_{PWd3g6SiTEpzh0cSN^o1bD%?@719y}8+jnod3H-Rs-@c!e+rVRK+&D~>u}c~^ zMa}`wmh-~w<5f>_#P}FcZAEz z55pB@zBjAM-C_0##&LVX4dh;M6S*(kQs#TPojed`|6m+%>Kj}-v*bGxy>vme+^fbzkzGWyWzU>UbvzB zJ={#@_OrEo2<{;N8}1?>g?q|B!F}bE@Id(&c&PjvJY4=A9xb1TC&>SS*%ujK*Clwm z{0BTs{tKQb$75T;zQ~x*ZSQh9ExcN0+oW|ex4oO>j4=Bp_x$Vs-vz<~Q znQfEUcNxd!_O`TK6Rse$JyI399$ZVl53VP3o7`CDHo3Xn3~np8ggeTu;coJSa4-2G zxWC*99wc{xpOL%6Bjld&Sh){8QD%FjDKgt5&5#GdbL1f~`#|GsXB(s?@^E;CJOW-L zzW}ojH0FzXP+a zI_oTe*-sk%E}T(b4D-BF#+Smm<@ezHGTUVrkw1V-$ZVTbR{jXCD6^eXHF+akTV^{Y z_L;`#`V4L&e-5{lx54e?FX7JeS8#XvYnc6~vCcQ}0GVx;hRFNiVe${~DET1FzSKDG zVR(|vwn&oTehBDhJHIpmDt>r3k2e}%|KHRvxYQR0^S}^-? zW1MZ42Fmr}q4It3aJex&T4pMho8%twR{2qweZH|K+bQjlAA|SH{o%th+bJEF2f?Rhwo^JMKMh}&pM|f< zY^TJ&;P_l4;6#~ima@ofvy@XF3+I#BeyNZ=0WL02giFh>z!hY+WvU`ig=@(?7pI;) z18ywOf}6{4!ENPva7TGQ+)Z8x_mUUE>^qLHYY99^X8WaQ!ngJ;O=;W_dr@O=3*c!|t*P3&Ke^}m4E$ZXfNUS_+d&GJt83z==4*w-A#WgDlx z@^|n7c|Uwa=5=3B%7@`I@)7ugd>p1@dt^_ZXtH4X; z>M;AS<22WV*UD_~v{9}DZ;|hX*_R#j>%+U```~>t+dCbUo5IKB2jEk3EBLJ32EHgi z2(!OC)^86d!^*LwN+;Onw1wEsuda$m8KI@=I_}nQfo?%2VKhGTT0}KRrG#+dd7K z-+)KUZ^9Gg+3;kUZJ(yg^Wj-C+dj>c7sHF>f5FS;W$-hU>|{z>Vc!;pX!1F#GXi zKHE)ol-X{oo6L4oy=1nVVn2S&XS=CEay;5XJR`H+)ClGTTb6mkYp~?ejfb>ZAH+g9b58^A?mo(ok% zZVZ=|o4^%iUSGPJ+!C%Wv&~flxgFd@W}B;)GTU6WlRLwmWuBMZUG5I|k=f>IfZPja zpMiWWec)koUwD+Xqc&7X`JXanDFO;8$m&!b+d6mreSL{EK)4=vu z8|4Ww`wwJ%61-iW472}0#$SW?$!vdhP<{hGCeMOT$#dYd@?7|$%ywB1!t1kE-Smd0?s3^f(yv2;iB?~a4GpCxSaekTv^@#*O1vRtFFwpSPkW^a5MQ! zxV8Kh+(G^t?jnB!_mua*ePy=G8Yr_})=+srJY4<}9xWe&C&>SXC(B3S>GE-SmV64H zC!dBF$-lwN<=^4eGTUyglP|)XWVYAZDqn?n$k*UKay;5&?3WYZ!}1OAaXCGFT4vj= zbMj5_WjQl^P3F1HX$r*FfgEt6oEy#}=Y@01x5D}4B)E{wYn~UE3&W-5qHqPd1YAWf z1=o_x!1d%i;l^@#xVd~6+*Ym(ca*Ea-Q*f@FZmw0zg!0%B;N}^BeSj72)Q9VR%W}e ziE!i$fUuWb&@CBJ|z^=&Awc-oLmOI;krIm-n8Rb!MR(Uj>TOJSRmnXtS zwqIFrmaVAa*%jL%KYPlJ_PHq8jlH0;tWw!O&A+xR59=S8TU+w}Qmb=5p<(}|qneD#L z$^GEV^5gI|c_5soaBLkI1SiTv;4Jb`IH&w9oKJopE+mhHi_4?o(lXnFRglNQRb;je zt0l8-SUvd_xUu{y++1cmv9|JbxT8E1?k2O%STC7v#`?=|!-M2^;Ai9o@CbPkJXYqp zuoGprC7U9zglEX_!*k>h;Q2D!l`WCku55+;F}y}*8?*KDr|@R^Gx!Vnb9kq`4c;qn zhY!eXZ+1jxd$W`BZupG67rr3xgRjUx!tq67%l$B%Rz3n}l#jt#bf`QdRg+n!C5i@;OmV(?7)c6hGLc4!M_wnJMgmxWi!YD571rL=+!^7nl;nDJVc!JC}Y?I|l@O1fAc$WMcJWrkh zFOu1YZMi%fUM;@`uaoD&o8$%XR(UbJLuPxnJu=&~?Uz@;hvoO-<1*W}ot8g>&&h1t zc3EcIwrlbhI8D*mIb$rEgym_$ZY3UMLq`C zl8?jnE*-Z2aw>SNoEn}e z-vCdM)5A05jPM*e6FgtO8D1i1gICBo;5BkCc)gql-Yn;bzmN;SJLSUgUimiofXude zN95b#lX6M;jLbHB7i6~CyCSpAUVO3Ga<2%dl`F#;WuE(bb4t!Bw0AH0C!3o7<>j3)zNG~siGs(;0>@xcX z$Rn?U3&pO*8$=j0^#vRnwhCKrR#+#Xv8 z*cU>gTnf%2mw|K2cf$GPyWm1{CAhd;1uiYufGfzg;3{$*xR!h`Tu-hKHr zKfFX{Uk)qef$$o65WHS~3f?TUkB2Yh;qXp*B)nIC0X`s)fse>9!YAeN@ELg`d_jH% zz9LV7<4eSrJNt@AE589}l;4E2%Ir5HxBL#AUuGW?MdU?r33&-zR$c~Il-ajLHTgrh zw!98*Aa8)1$e+M1<;`$Ac^lkWX8#l2Fhi%f;auatXMu%zii;%4OhYas{}xTnX+VSAo08)!?2o`|9W`-vbYn?}dlT z4dCH2`|uboH-;z3P2tIMb9lPk3Z5mmh3Cob;YIR8@N&5myjt!CuakSgo8(^bR=E$n zLuS7qd*uG`et7_VSbh>dE?`4ZKF) z4X>BKg*VIl;4ftMo3c|r0PmF#!3X3c@Dce0d{RCIpOJrsFUV)%EAly*{Ri{6#S3s+ z`4XH_{sZRqH<)u3&Mn6$V*4*Az(wR6;1cqUa9KG6Tv5&hSCiRaOKmwT+(6C_H<5F} zE#>%_o&>j+C&L}&DR38gD%?|k9qud7ga^vA;Gyzdc)0uyJX&4=Pmte* zC(G<3=l@~vO`xMHw!ZIkddL7BNWvU~>23lsfj|bvKp+VL!w`%RzyTy3=0U+Q4H1aGuBu(T=9BJ|yM?!cHwte9KPbE%{5RpJ!A}bB06!!AEckih=fN)tSAky_ehK^! zVZLkUpTci|KNQ{v{#5uK@NwaT;BSQa4xS%`4}7TiksB)GNk58y=MGvJQGe1A`8;j`c#!iER)zpw**nQ#a=UpNdrRJcC)D&dCU z(ZW&Sal(zkQ-qs>ZxC({o+BIsE){MCzDd{zUM3t5zD+m*e1~u%_+DYYH)xY^GWa3k zj^M|H)4)#&cLwhi?goBQI0O8OaBuLN!a3k~gmb~~3-<#b5$5}cjtUO~e<54|{!Vx( z__Xkq;9rDCfz4Fi?nU5G;c?&y;fdfz!hA)@}1_kq6`{s;Ic;RE2a!Uw_5G~EZ@2Zsyuy-f{; zKLR%q{uta+xEkyeJ_=3{=DVGeg^z>Ng}(rI7ycUDTlgfnuka7xfx`a+Um<)3JVN+q z@F?N4;4#AIz>|c{2+aS&F7PbjQ1Aj_zB_8Ma0Boy!cpK`g&Tp_3iF*(cMCTMZxrVH zr5+TH1OH9f4}MZO9{h}OTk!M3iQt!n+k;;hP6hu%xD)uF!d<~13TJ>n748W>E}RYi zMmQJzgK$6azlHO_=Y;wGDtEf>1B1c!g$uw@!iC^w!hEk)E8(lat%a`vCkkH+?kF4p zcNXTmuX+ei1ZN9R0beG39XMZ@@5CA^TmrsInD56LEj$N2PIw-8its}44Z@4SbA-#m zrNTFXZxX&4yi9ln_%`8H;5&pX!1oH@4&EeuC-@=Zb>PQ@?*%_4d>?qH@Fwt!!ViF7 z5$1cj-V}Za{EqM=;P-`}03Q+N`?`(_ZwG%Nyc7JL@GkIa;TOQa2v>p4PP*OsPOnhm zSHTg&Z-5&KzXfg~d;lCL{64si@CV>_!biZV!qwoe!bicG!Y9Ceguep!7v}rGE*Cxt z9wvMWe2wr=;D9jS6E;EkSMYVhW&_Os!Y=SU;Sg|{a2WV6!hDz53gHIe3gJlbUBc1e z4Z=;p4+!&pV-E|r06!rd3;w%s9QZk5KX|ur8}Mtw?Z9sdCxhP=P6r=WjD&Ju)2 zf|G^$&a-r3zVocR@I-KLVZQ&YukiKYfx^?lR|wArj}V><9wj^F4xT2= z_odAe{tI}4@GaoQ!pp(82(Jd;D!dlFR`_o4-NNg^8-+K59~8bH{5RnT!A}bR4g8ES z-?jF<@K*3k!rQ^G3qJ$?hw$^@e+s_@{!sXJ@TbE2z{iFE0scn#0Qd*tgW!J)zXv`i zd>HKRqWi!n;QGR!fun>^fSU<_1#Tt$4LDx-BsfXsrAK@r) zf8oa9eBl^y5gET#<~3e86g*WJM+&1vxGA_)7(a0_mIx<Y}R1b$R_ z68LH1S>P(+GVmM1E5Qea?*xA=`~dib@T1`Ggb#p!5`G_iR`>(3v#YM-N8oVbkHHOv ztHDi#YrrjqkAwZfUxP0d{tnzh_!n>|;ora+!lsGeBMCdf{e(lngM`DtLxk&ruN3xx zuN7_x9xEITo-EuLJYBdMc(!m1c%g7B@QuP=@KWK{;8nu>t@`c43E+E#lfae29l(DT zP60nEoCe+|+zGr>xGVTY;SBIA!ac!n3TJ`e5zYg@FI)irSa>M-nDB7$3E`38UK zEie8rVlp1#8==DNw-Lh8;O4^3!EwU)Q@xQS%s!kdoDJ?N+z;GGcr!ApcIz$=As2d@#n2fR+0?+v(5nC}hPEW8Q)i0}j8 zt-@Qt&j>#TeqMMh_$A@J;MaxsgWnZC06rr89{9NMA@KLYAArvYe+o7-bh{h_hX{WO z_6UCiju!q7++6s3@Fl|hJ$}6K8E`w{v*1)=!-4&(a5OkmxHY(sa653ma7XY6;m+V| zg$IDg3+IEU3iEg6CBnnNbA?BM7YSblULt%Ac)4&9xI&n}AHPeOzaQTq%-?-KAiN6v zu<$zYQ^NOvpBKIl{IW2AL%mPKh=I@l_g?|IL7dD-EADJ-!he9`D{?@pcaD8yD za0GaOF#n%IfpBB+2x0!dc$9D~c#Lp+@Fd|3@HF9G;CaGX;G2Z|ftL$k170J1EqI;q zSnz$q+rak=SAZWCz8$;s<@#@95Ba2S>O(9Vs7 zv%sx{2Z0lWuK*_t4+p0UUj^nZdBPpQ z<-*i+g)rNFjc`7AgD~57voQB6PY6#2KP}95+%3EqyjS=R@VmnIfIkp^3S2F`6a2aG z0r1zt)!~BfJb85a#=WCJ3(vUnhJAc!qE#c%Jb6;4n@SEUAgx>*g7k(G~g7Ev`mxVtDzah*ueZMf@tMi`l zSKyC?zXjI_p8}r{{t^7G@UP$>h3jEm_*u9)*uW&j{u~bu5l#X}3bzNx2&aL4!d$Nt zg$uwPg@=PX3v-R`A>blY+54i%0BHxOyNok?zOsH=}~OZWy0quUt6ggb(Zggb*L2=@V(2y^|KCp-eY zM0gZvx%#;9Q1JJ{ zW5K@&bAEQ`=(;ZgHx%Ystc5VoU#*2XKPL*W0CyDToZMZQXRF@Ao4|dAIS&sM-VVN8 z_*rl#05bg!;B%B4#5bg)g73R5qurT|{mBQ>BqlIUICkXSLew{G; z#tdPu>GOn_fXjs0XZ|9*6ud(CR&a&z8t`4h_klMESAri9=9>Pn@MiE6!ViO=7JeMO zOZZ9f9^pOUy~6vzZwns;9}?!-yhfPk@e{&ayT27a2L4f)=kcF~zXcoE?6Vzt1`iSb z3G5O6H#l0@;lP<)I1+q`@Fn1Q;r8Gp;ZERA!d<|7D$KR`D&g_q z(ZW1Oj}x8@o+3OIe1kCGy*5{PHh7WnJn$0XmEh&VYrwY)^Sx*H3Eu~PQ1}V(W5PUZ zKPAjF^-f`~#V-o)0>2{s0{BhgD)2kPuYeB;zXASO_$}};;g7-J3ZDX>5&k#$oNzrS z*5AIm9eH++5azqN8VPePZXwL~bj1nt9Nk8^CAgii7n~;C2HZ{fQgAQf6mYI^PjH@a z4)_`}ACTe-2=hEOL6~!3i7@BDdBU6nmk6hVR|sRvXxu4`Y8xAbd7gSenCGd7g{Od@ z5WWulci|hrFAC2Ezb-r<{I2j4@Dbsa;N!wPZ+AL_%EqghRmxgu}sygxS7Fh1tGe3bzNJ7ES~ID$F(w zy-epn0Ng;B>skxpVz5_u1~^H09=Mb6B5&5kTB2J9}9mEJ|_Gl_)FoRz$b;-m;NPu7JOFN zK;LlY>9*tEGF+I?_8SUw-ESfs4{j;k7VHzg6r3R34xB8U3{DqL0e2VX^Z(w$IpDs+ z!@&cEuLKVh9tj>TJQh4&nCtuX!rT+i6kZFSFMKDsTzDP$X5o9lD}~pC*9ddpc(?Fh z!5f9S?msBJ4g7@gF7Qs_D)5WKuYq3?egpib@L}*f!d%ne7v^*FYT*#95nl*gW~E{`zxuFZs-gD(+|2PXVS$gENFPz`4Rhz=MU0z=gt`ldl%$ zeziz=A$Yv-&EToROTi_=+`G;dUI$(z%(1gXct3c#@Imlu;cD=m!k>ZH3$y>M393e*05gjaz33*Q00 zT$pp_FyZy!YlQCy2ZT3+CkX!)e4X&);2FZ(z@@_5!M6xM4XzO8TzaqYv*69bFM=Nv z-UEJGcrSRD@SEU0!f%7$6n+Q%jxhVl`@)=8j|iUv9~I^t_=T_wZTg)s&&WRrw*ZF> zMBAl67?(#l6dWyFAKY9x3Vew$pY10Kw*aRIb9iv2mwG9krCx;$mwFYErCw9XQm?sWsn-&+)N3_a>cw$u z)oTk`>cw$r)vJmu_1Z_4dL1IW@qz0YZi`Ra_*WZqe_(PT;A(7RuZ{UE$&%@2W6q&g zIM4hRb6q#Xb)FM#Jk!SIWEvjVN*i-6x577*IVf;#wK3ObD||1R0~Qz0;TBih_-h-V zv9Zemc@A(~JU?3;YvW68%=5D)lV#&UHolVFMCZvfv&GYGywJu=ZG1bK10PqVjUTl! z&$pJ$%QoI`sE*~VLKyvxRWZG6zi)i(ax#%FBo!aQM>6=~yG8((VUPBzZ6 z@gN)X-HukCV{JU$#tUt{l-yd^_jVgs+W1i$@38U9Hr{XJk8FIx#y{HF2&paCW8>!J zHd>!}8>iT~r;YP$TxjDW8&9?ITpKU3@oF2dxA7JmZ?|!kjrZC3kd2So_@s@0wQ(5c zeltPWx3P`AHg0d@ZZ^)fae<9T+IXUkXOa_jS>-lfY2$S^-fZKoHr{39y*55*<7yj! zZR0aGc7@gI6KUgE8((VUPB!K{eXP0+BDdG|y3)pDZ9Lt^3vImA#(bBJl~1LOAGI;x z9b?J7Y~%el=6hQ#8NP?b;vdO4zo-lAv&9}8H@9)TjrmR!OTMR#^K4v5=0*uuk&UO? zc&?3?kYx|N+Q#c`yv4@bZCpj}q|4f8<3lz+X5*7&9*S}OO75b0+?dhR(>iwx$xh!p6pNYBC7o`?Ws+vEZ>2l^4t{cj9cUMimyI@k}q#<+1OdPxV zzEqa=p7)+R3+6@6E8a3=;!K83Mp!w*AXl>Grfy5J@#rC=YCt;T?nzI{I$gOvDr<9; z_x7lilpibSRBeTJle*tHuXtJ7q!Lu`u8FALk&_%*gHgRXx_ZW%O+~AtstyE( z)dUI;IZwDe?mdCwX@Tx1?u_xsdvY<$T$WuD=r!qz z+A@1tdfW3@r$(qs>?<6`(1nYvg%^j(bFR77FBJjOCMWZ>el)EJW=b5*b?~#``C`Dy52cf8|E(C zH0jCOdguN@8%|;y_SN-1uMIC!m)~u}EUVssTp!f@BK5hjZ>YLo#P)UjMqisf?RKwY zqlMZ=xzaawZwvIB^iHjf`u#!Qn8&_xnYPh+edABoTlMoC%SLt`FRZt+(M9V0yZz%L z?NqnVU1qb z9H7S7pR|p#W3FXKd)^n$f69&*vCa8?SoO6(*_N>6MeK87TPj;#q%G}zn2nPhk>B8t z=jx2{lZ&~2^~2JW=`IdL-57|}M!(hRaef1%pX}&G7D2ltUGHgziTZdKM+w%16Mmnn zXU-_+m&dUr=%i>=PqUi1=h+9wwWVrv4e zbiUs>&Z3LJmiFpg?}f$81^Z`R-@cQp#18?vM6it(@h zc+Np)Px&j$x9!eK+ube6cmM9WYj#h+ad%P4 z?kkIT=WPpgPYZO*OY7$M9yC+7W$$%tect=*uB;m0nP^X|*Ls+qh%dkU^2p)nosO)R z%pLU#_C-Fs>r9M9WgRn9Ue2z1+gtT!)z4?Mj`<|K`n#(AA6FfYdA(lIQ|8|Ag6AT) z?y5S`;y|VOOi$#9xSipLTckXjU3t*l8-@}Qo%N;fOmj~wC7{#q3_IMs3h6^7eKULd z(8JAAww^W)M(qvJ8fT@RXbOSXdN>YL8UqIJ3>k0)Yu(|ddG)>NQ3dId8J+gF^t8Mz z-SpJY@pXUWxt)!>ySDkd<-B~xzvoO&p!@xAoLTewnH%?>DS7Qo@vCQ^iFVw)^Bh|v z<|& z&FEhANYxr&M&;6|XJ06o6PZ<<>P@bCW9jq-RX7YLhIe1Ktoyu4ljbFdd)7{L)UR{6 z8~)O74&MkI?e_SFAMg#U@fDu(4ZSCd=h-!zQgGfo6}aq-lSjP)`3>K4;-rVch;_;l z7?cZn}6zafrG4T=LsNq|oWF?!au_g?PyxKE}>WzF!O zERM==m>izzUK8j(FSR(}&@!ctlkY}(oZe~flXIey8}Mwl|2=O>fZwD-7A3wMeHe83 zu^t}T(er}?9=G4uJs)SvZGj$>vJYRO1+Q}+Q7cN1{D$1c^wFV7`Ndd8qTh%09T~Id zmt>80PaK4T3g&qISlTewduF;%j*ZH1Fexza2GK}z>dBmfiX>eJRgjY!pj|WkCl5qH z4Ue;^%$@HzIX((%zmHWw%0;P3vpvxhaPD+u99cI~Yu%Gt&s)4Eka@U5mvyU@mC3Sh z3}lPe*Kre&&9Xu>4x#^XsqCSu^#Ok+1-r0Xjg#6=NOR=CE~WEldPmcMs2A+a(*@U7 zmiFYNP1^$e3J?-mrS-~hsP-IIaiyN7EDp+sWE}GIP>nK2IX`$WSbNnB{z`LB7u^mY z9H9AF`IASYQ2TtxAJjiH1A8F9uNU<>v~b?;+D$xn@aPn3-`U4rnC#2?)b8DtQr6kH zPta7*TlSHCth12VD^vEIb@OeUlmOGsNi#hz^oLrjp_ih6Lc!#Sy(=euI#0I78=Rsd zS8^zb!?QLeJ418tgz`1MY}n*Rw86jC(*2e&50ha}M?W`4kl|2}GU>L|IMkah`SLH%P`R5;PV! zhA^1k8)9#%&+^>d)X}$gZ;9Hl>)H2D9X*YIQr25!vmWGzR2r}#CJH z<19KzRr}g;o%9{IdO1J!VxRj-?1DYy&;Qc;V;>w`4E-l-FxH@~8f&ARC;t^yecakt zm0_*rDAQ|g&+3|TtwV`zLsp9ZjEa17z7A@;nIqfH9G0N#YOUiJscUB4x;8Dbc2M7- z9Q0GxHQ6Kem?nDx?uAt~*{ca&O4_Jd(2HMy0k$xWt! zu~FQ1_ktyq&0AtiqvcN?)pISnMg)gl_2*u6vh!4>DZi}Ak3gUD*f%Yh%=J|6adNP5 zf8xRB1X~oHf&cgSC%w1%vi^5}QuV+4lmBRcG7wvlJ-z`4eEn;Dd8d4r$^N9W68n>y zKzz-fygh-o)xEslJzoFrsg6Lxfj}GShS-34a&}L(d{e7>dc8R^U-);&r|q7avs?Bs zX}jZ*I^P+Tg&@KX?2ETT;`e9PCe3u@%eKY8I}h3B><-H1QmOHAte6J~^T`M-%!<=4Nf07Q8F9GxwOhd=wdPH zmR)ixx5wl{iO5t@{9>IW*<JHBsWk!*ossZ#G!C^-T>K~pi1aY4QeY@ zc?i~z$mdJAu-|}+&?-41GQB(~0_!+@9C8I6-RF zm{ncLnyN1|YK3`_fkzg2ZeL4-FslE%&U24nVroO0?Pzb&lUzb`T& z&hhHrb3=T~q2`yvTKb0smiq%sS9bPH3wa3}#AQgIks36J!?zap-{V_zz*kY@TYbuR zo0LPvxOEc8_u%2yE~N?l|JYg9s1OIszMO0_#r&?i~_Xt1DRITl>NL zo@NIEx0eJ~AMu22;n8ZX=aQ089M>v52_=CwR-0VRE%8+hT7riK&gnmP605mRRuwIV z0srAHbrtW<^ZffUSIapk6H>edMc!fFg3<2kVJQU#MVRTr^6(rYt8Zl1Bi@HGgeFA0 zwmACzeD21*d3QB)Z!vHF{+y9%w#P`Z##`lT%yaE?lYF`;RLT=F;D+J}jfy8UE}qb& zctX?S3C)TpG%udeqIg0~W<;`C6W}j&(3nHsarj?}Wp>(+Y&RVokZScy^k6kybfkaN z8T1JTpi4+uo3{Elt;B$e$+gmyU?$nLH3y-u#iJhv#|=_*4!J)T1Jp_mL56KQh%lRA za9sE|<)&>q6XTCbw=|fTc7JTnCKMKvUYp6vv`x7=$Ue6`#*f~lWifa--B^0Agk{ZO z89AFK{-NK$X(HwUM`X5)6J&-YYPt#*dw*=&rj^jWjxM|7QA7KrmQo?<>xu*ZxE@P6N&DKj#V`$3f&Nq!{@w@e%TW7 zYvKBRwd+f>reUaRpTOhclm)ps{?!T{DH=q5vW>D zW&EDNC5}K`O(6DEpyi%QYp=SSbE-7J?)duqG9CN##XsEhTl-x0C>>3kYVySGsXS6s zc{ZdmeiarBeJw8jr}oi3PbI{)_gB7<5Z5&JRKmuNH#?2vaV`Co=Mv(Y_$z-+*w~6G zf*Xc@PUL_^Ay{b3bK}oF0)^3@R{QvUjWGu7TNmscb%)f+p~=Sp2PTjN$gS#SiU!7%ci2q z-r^i1=jEnGXjXYqML&F>TKUfuP0X(EuRknnUe$Q_KDD=q-hDDW^>yFjsJ9%R+?+v% ze~+2+u4U$ZzO=XEwTfY>dwqwZqIX9k71|6<^p*qjH`+<6Al1Z{DY$ZK)dxjGd1>pD zp3o=p+u79o(Ad+lSI2&F^_Z+>RmCCrFJTR+`S?vmbG$2Z`-PxF@V>ff`aL-(d?UDi}?#k}eWwA&L%IuJ;#30!(AkZ{Uryyf)tNjaBt z#L=>6aEhwgotL)H=MS__=C4&@cYh!z7>R9ZbqA^V$&)irW))%Esf&=48GX7&69;ljj(1@q*{k^ z4g|9Ofo_gKpPE3{sX*^R(MOznc27-c?07Z9Nb_~$L9xe>K=c z%={1?R^sdNQD#3p>yN-Ab&Qr!9ei^bh6;9i$RQ{<${`{J=j88cnWok4Yxdl8IjWqQ0FBugtpzpq=S zjIsS4A{YMPZJlz`AL;P*LGAbWat`>iYkXO!e7$K9Y~0-WA$C=pesjvxa8$#Pch8|4 zuBlwD?B%ZsptH9=5bzCZ`i)8+A zW6yM1zCjL8#B1B4gBu?nBD9>t*BV77N9^(W5BPjFKCc=vP{1hX$M0VF?iN+#_cPVC z>+_!P@w)~Pwp(#6SNrC0vAse9i; z>-OAv`O%!3-(t${U3L7c0Sg=6*R$G&Z(^URd?K*zM?GNHE_qmPR*v^w})4}*tOC;+~Mo5o1}m6&z0%zn%>v& zWa49S-|qN#!p$%4h&+nl|IEF6eCYSBlbc`tl&|-OxmWwEUW(})?WqoX@WfA@vRc1- z$*G0-J>87C{+S;~ce~rauEA~dro=t_VM?dcm?>S>I$X&|yW}>RgYQI7J$pQ4+B$dg z=ye}tEZF;4>gVIWuRp8sg}B=WZBAJ^sZ;kiuf=}3pwxfg%bzD6zUdd&s)$GH9s2tI z_(|Pbwx4@uf-Ogwvt3m9Ajj$JuX2C<^qElS{&sB_+&QnSHfSK#-C*KNvd^i59atxL-zI#&%eBHGTY z_uB`*hCF^KAt5?`a@=m@^KgZ~=jOldi5YZ_ug836t45BaN1D}aTkT1H-4XKehBw?X zTk*b*vez08_I=;^lPRBuhJKW3#LjajeEUqdl;4IwmU*kEm22b){5F5vEvZ$Tnj24@ z{>@10u&CFfqF>CDckgb0P4V`w9Z!7NVCX9R7S;ICY&m&ulh|$9DW_Jxl{(Z|-TB@I zi(>YVzbVx-cUtII_>uhDr>3A;I)Ax+f4HlYyXCXfj<-5o zjNi}R5#Df1VnO1q56$lNcxhpe`>Wqh==;$u_qp5~Tg@NaG5zYt45RwK+ao(9&c7sc z#U~;4k8X3^S8^tGR^ie3xy_$RdFI7$I#2u(?-j}0ACb6hqVKoXCn6sHd1!3@-pU3^ zS0%Zp&wV>?+sL%2ge3f4yW|yDLCm3)V<9)WUW>Xnt?%D^`?p*+G_2yYwTY|VxVq)P z@Z-!Gp-;FT{`SD7Uw?Z=LfL=?&Z{B^^_V&Php}}7F zD_l*&x7Tmg^n+N(OS3=rj#>Rmrv^3OxZc4J6tlV}UHZdwN9#YnVQJ!BU9z3w%U|uZ z_Jsz%LH^~Q)Ti2p-Mt#`Jv$m7@@z9_;|;Ih*s*;*PuqD{{IktX`|?{9AG;&dJ$YK^ zRx|Nlh{d@PD}Ei(_J%heY#A}|SjMWtCqw z-2ZexNBr_(Nly$-Z~ELAyhmcqf%ttJ;$uI1Ws>*4j(-dPzUL=hJZCFfJakvPkOraU zmmDv|J0G6f?|t68vBP4#5&okM^J8y#>A1gX%Azn|VKZmx8`t-|8v}myhI`xGmU>S_ z)9)%IGWF{x?mmu5%^QANVwld;C(~f zOEjo<<> zxUGx7HPmS;O_c_vNE#N#G9|zI=#Txu z@}V>9yV3!zW0WM-wafB!sde4&a?#GHSX5B*Hn-h=eBX)2J!VG~SC7BfbT={YLZDHP zFHUm%&HjjR)#E16ouWKp^_n2s-P0U{Fi-vKW=%ERBh8iYMAl=ca8EV2!qd3kc&53> zJOQV<;dv2J{IhICHXwooRTisHmhB-j$2#$sGluFg`v}awMg-*|n3<+*5HgxXK}NA? zEqH+p-_WHpqekb;)JoSl{8Gft&eWn= zU<|bD$^^~VF;zF_)}mRlVP+~r7%@*Xc!=r5z}49eVV}}@3}GHR=OGl(*%j7iH%wt#}7Uao zp^p{O-o^C7G}&f0Xg6-7<#Vu(d5uZt>S(V2T*|semE}SV%eqFD#XrZeEbZ$DAIlo0 z%9=nQ%hFzs3zl`QDvK|SF=DPpm^sbtj3u=xYBNolADK^6HblM(nxSPDQl=SmE5#Pk zXoidyWdm9?LwWBr2;+rLU&yKP5@}p=8~o-{l%W@PbNwPrw=~;QRh3NWz^W`&RT)Je ziqyUp@Wr9rb2YCzkO0LmmB2H?7sB5a6nks%u*#zD*QhucQmS*W+w5Z9=Q zl0V$WVC4Jx%rEePSBt<-=6e2f-`Fb{#wjxnQgJge`TeZseMiNhxS5#$w9i?wr7Uh{ zdaZW}yq#*j)r%72kuMvu9OWmOLmi9oIRv>FiD`&w08?#JF@*?Y{6fYvUn4Oa0-S|* zUnrn5C_p^N;!z#XM9hKtAcrN$0mp7tgd5gQG7A|93GHYlri(;dEuodL3*ZTW(mz`X z40V)h{h0eQNjvuUa@PuQ8mEdk*AcN-@PAuuvtuC77@>k>z*gnT!FE^%Zq;nkF!qPH=? zK`LP!rdQ5bQyiQFUq>>|QP;_E%u>t5^(xJ2#Br*b=3tdNV-~oSFE44zY>)}(;2BD= zKMx=6D3sV%nay#7YP28BA#7Fl`S$AlD1-G541ONx%=Pc%P!d~!*$xS3sRy_k$k z#=#8NDg}?AU{-vzlXa>OgD18JuuJ_L73Zu_hEH@y_9)7*JMzD2+PaKw=E37JC6QTI zLh{&!JjRK{XiH)jhlQTqbSd1JQGxkNA~>d)c&Q}jzj9OxFtJQocS_t2dt5N}I;7qr z5(h1bbviY3-i0`h1pdQ9m9xwyocE-FeIgQrLwjxQofV=3bNMGk*j+m+5u{__Sp>2^ z165${7~Nm0$1g3)|EZ_)++S*+1Ac@E|6oRu3QI($VoIU}RxA-BEa6eB1f`Oi$M_;T z*6S@RHR~*kg%aT3Tq*FaCGaCPuuXJVh(JU1Q>Ehh0!1Q_ss&V1)RJP*k5#xH60E|| zI$4P2)Ks`wBxYL@GFM3paZ#&~V(zj;^jxTyMNX%clE)6wgPkte{>Y)-b`emu5G$(5 zR!w(q*AXNP;{k+kiNzjfq&oNXhc9`#PO%tH z8T_qoz@}!LI^MhiZybmEcy+j8ACD`*V79y%pV%{4zNMvcg|)u*3*&~>`nE2(bRP2m z8ux>E-qmV~Va`_PrY}%L>pTQ^7&xw4T ztI{Fp<4cP#1GHvr8~)pXtKmx-DQVysjx!G5b$}ZXfy>MMjsePXn>V?7So!gt8nyW` zHlF#JL-49W9%&LE_TggnmZ7-nQ6GMr`ByPi8dQ01g-lQq~I2GIg+T3wG<&LD2lI*Wa@c! zQ&R$hN+)-zvCxPy+HtJvbtkCN)&;d2A1FF)$$w7@%X%2dK+q z)C7_NXw4WkAze#(PDqr`LZ~$%Ek*>d#GCQK{#Iyf>XvN2? z4qT2ggzo?K0;ApcBB4_2*v&e2HTQOE{#pt^6B%Z*yEAr(YW{kcDs%p#QQKM)YW`vf zQnFLGg3{A*n|DA%Z zi{gJ)uyRqn8@=0EaiTOnQo+lm2`vF_67Ug$Wj&Eky;<*fp{}iFQt$OxTziVd>ADh9 z_k)}mAi+IGR5Ka&d$nD*B5oAoxW0E%ahNB!a+5)eD#MvM zvVPyIKqxPHzKkjFQ^ZlT#?6)eoE0x~kHqFtd7gj>pOjFft0ltZ5TPVWVEx?a9xP#~ z5<#4(#Gc7#zpU77E4kENnusE8MC5KuiRpGlN zSrrGmD0+*It5tV1bm2CDB5f=YF*3DAF6>dIQc#{HB26V-3c0kqRdP{|KB{ zqm~-3P^Bu5A?n0C77+}qu!T*Pum^2nGbL=NEsUd!HS>EVks6d-HC5pm(7H=K9-X_2O~2dd}p-2v=vvd)2|#S+QB49W8Hp84q~t9oa~q z#n~Vcz~ZVcZ8*kI*Q)L)eVT7I+c=Zx!%IJW#H*duc);ZvQu5`~g|FOdkV z%^rtk{b-4~U#a4Ussr>86~iWDOvwc?4@;?Qb)H%yd(vk`;3+9osb$OhEr~xU@#@sB zlnWj=M-;!cq>&*e%0 zBZc|$84d%-=s+dNXE!wSO_Gz=S3N?5$&GeCNrT}=ztNe0C*j5RG1nhMGG7&fmZHIZ z?*X0$wD}YefqgZa0W~;5z0QmG)X|_r=g?{yLYPQ-2t%N@g zO3sySO?g>jV`ReJ;3rC{Lgx==AshM!b12nd2c_EFpZ%aDRG3njMy0}R3;n34a{vb8 zH54}viO|${1A-nyvHpbsb7-42a1O!WW&^+x1&Lb#-2tuV(&i7tcO`siLk@IaDG0}a zg++W{B4`B@@g=&?0NU`axjeVTHwWMdT^8S3!Md{e4hnu;6yIIJ{zYwa0S&Q}Z&Lv1 z2k;w!ke~Uv(aXaac0$H#mgjf<0`M_nX4h*no(*OQwASSXG{`~u&qpz>uMV( zNsO-C{Iq6p0uOC4V|#qC?Xn?5vn@1XHY#i+W=hmGR+NtxU4%sa5yP=CUB!s_FbQ0u z1C`)(gmJE@)LAfJmHm%cXpxZ`JTIv@EMPzCwb&-Y9U7B=tdm=hpY|j5orvO6YZ;%KA)YcMfflFl%?tv#fgjB+@^)_2Mt{pn>O!3 zgf`o(L`21t2;?OHicaTHv#?l+Ge+XCBJi1AK-}Wu&2SFXHRv$0IrO~<-;?yIr^GAOK>dM!4C7l>Y;q%O7~iU5 zC%_+zlin&7y9vH->;v#GhU2I(x~Va~N{w+xg^NRcwG8o(7V)fP`A*_#r(sqoO+Q3F z_#T(|oR|anmnR+PqYumE8kJ=hd|r-5Y?6$L6 zaBwDYU?y--CU8I|a4;rtASQ4Sw(E{8IZ<%Z!Sv6LztHH;j2&Uwh*RZG0B}cX-s67H zD)+cm?ypw44Ka9IQ|!-_JFB)_wP>TCoWy@1uPv7+G4|R>xaLFdwyjY+J|60YQq*Z| z2#aH^I*rk%PGdWe=2C=Or?GK}z?GPfj~Xlk8OTW2(nuVOFiyV1RTxI5p&!be#I|#} z$d~+1-0g_tGlyGM91M4o+f}tvZbB4$|0XGhvk3br_lQsHFp3+AM-a%p-KQ!r_yC1D z$>YwDQp39lJ2v&F8?FGSCC`OO$pOU`AQHVim_jY!?Yw9L)|C6$AI#xw*&obdqM*_K zAX1uRgM$Tw4};~VHt6D)F?=Tc_rPY!{2$lwFNXhB_&GersR0m%Lz!OX#;MqR`qc;+ zr@HGc@Hav?pPhxMv7j)KTK(JRETs)Q*_K z4-S}!#rQBXd2nGECt6!1hl$aP`$CmKePkmjLPZ#6l-Z_1qx#MUEgKAL7G*}F-5l{o z{rbHSggt>E`aix2SHC{Aq0=9;Ur1BK*&w5S59J9(nMPP!gAw74%=+~a;Wpu^7onxx z{Tp>d>iY18F;06uP0WNA{TopbUv*&O29hfTU_;Z?k&!+`c0~H94yI1eWZwEr80`*b ziJsfZ=4lLJYUr*NZX!YTYlHCB3YDd*M>9#UJk8+=*04o=STLqGxh}kAZ4pssbVye7 zyK-7kDZGB(s;2`MZB?rly_cMy>Q0?1&L)P{!rRJBZ8XFj*6hmqS1Duq+(v36X5d!< zk=FGQjs06EM!?@j0Yci=N5e*kVEi!zldASpx5Q;PnuttQW=~p=A)h|tO1j=26%2|_fnO#+G4al(^((Jbh6hS z+u071QP9F&Xo6UDiLL}J>NdTgNO#sNwUMe|pk8VfB=rs{Jx` z5PM0d7CNX`-5`!CTwIt;V+fsM+%5xuyxj;0URUR)tz13Fw6FSNlrB`}nZB~aG}_bP!xI+j4K4I&VVXDn14TOA`w zV@EhW6kbWywYno%HK`=GJu{TRRSV$UqVYC34`_T4&K8A3>F8P%z72d&g%;vdT`%L4 z!KP8j7-|T_r@9!+v@{&ueYjybI+Rw1t4&tNaPdlX2pxVO-Dy-TEdvKHHYBp56YWv) zOUel9%j@WAb&VLOqzmbM=w`x^bS&9gduE`hp}0egA!}V%u5}fG$JqQxudV`wO;X{7 zYhA9n`drgrg3?jV4waJgZ2b&8tgd{Ayf2q zCEk685xbGd{M|-3dacsg$Ny|iF}ATk`Li}$2c7t>x_at6YPvl7x8hc|f*JOKKezeG ztV@`Iv)o!2By>8wE(@Vd&6-(ZEzou!;tnx}){&((Syh`EnWPnNj4L|))*QOWjxvT@ zmmcmz>2Py^2B)KbrBJ7Hd>M+w$iQlF{-20OHoui0zarB@h1YFx{)Ku0Zm4$?9Q6&p z+Wwz_pwTLJ2pxXI?YsuBz%sNBH%&1`M937Kr^Ho*6Pf>c4c-{){n?u4p%i`}&)$Ue z7vZ*=a3T0ko1aYW(1e@I>NJa$o4pD7#h(?h=lM-Y`%wAwnvgvZO-QGMshWsRDsHDy zI&veS6KyoHPX3E;Yd2n0vY2ocv6yuwO-;Z#-M)X{T}=Mu&f*aT#UEhGeCzol*Y@8P4>qCtV)dpdTGR?Qk2j>~or3 z8nMAE3WO@qX|Hf79exeOVN?W{5Cj?6Y(sJ=opCz4fbIm`$bgQdDxkD=wFE#bI#U&n zq%#w@(^y!xkx-1JAx6cOA*rz&naxz2AJOV!qItL-M(Reol!3WboJ8?YcBV0!4u4MJ zG|C(s30lF?R?ZHiOK`e-8A;o#WY=0bHI)<&BP}S#u-_45klWz*A})}OP{Hae6F%F* zQk!{tFbQ>_ZuT)uWpMbWUFq(J?{Tms=+#;BJZ7@RBm5NWTNUF-9Dp8 zhJ?Dx@%dL3J(>=sLlGSk{%d@&87lsy%!iP38Tec8Mp89yG!mU*XhR)A8i^Z&h0cs% z1nCwPF@nxI=%G`PDsiJJ=um$hfqd0P?e4)%+t6K)8M0d)jAxX>UtcX ze8^?*TMVnlZ5qSysV-(yjT<>CKRy`rUzv=y+lm_opi_-I1pTB8&%}Z1B5c7OZj=~t zB?iX=y??`v^64<8E!N7Yq0UI<7H1zq<&f9yTf1xFA3Fa>&Cdeb;6|gAFW5-Z)4@+WAH-kaEX1DH=kY((#g0v zC)0fvHzwd+aMFpJZle!@wOu-W812rLOPUi8Z#$vBD zKgpN!Xcaol3_8%^2I)c_biPCBSOT>LBTx!1vS_gs*#(Bx>5F`H3w7w|W-M`S zBn;Bw_zYf@;k-t-Gj2>?ec%k$h|l0*91BY#2TpIE>rAim=!?+!*9^ z+Tjkv*D-bV;ZYaM(-Y-r2~iHyqLJzFPigiEhw+!H=%IA(Ryc}Ilv0aN6i9saJ*-1V z{WZ=Q1(D#@4TPnXj+LxXC2OXV71CicTD@)u)hUPBQw~!p<5bFFbgYzhd#+A7+@5l{ zE#+`~%HcuNQe~ZTggxa5Tgnmklp}&EmmuXy+-Lwgp-`+oHl5y5!|N+EVuEtC-Mva~ z2p!6qwbt5%ATG#kTDp61!>;&Lmp$4FYY5OP|EC6K%0Fm(oLg0w!Xo?8qK$Fz@duum zk?81lWCTgK`ACSUYXUy!Y`y0+ufp~$5J@X18H zj%Y_c#w7CT7B4=C;l<}IyewCu)w02GJ~`mU(>X7myLfT4$BPRUuXOFGwVi0q0$g)= zanSLi_SWSAMB{FSJ03S5ee;Q$1WxLqLDrg}8Yvv@R=r z4gy%;a@Nwoou>>D&fcZ5SYmv9>ZBNr3a_sQgxS4(gZthd~ z&2;OU0GN-PVOGCj+&0|L;@*XO4{qz)0buxxxb5NW6OD0G-}boEaCgF8fO`mT`&BHS zBjWP0KCl0q#=|`@xMM6sEFIds~kFx8)NW|4jm^>yKY>^ae@x36vms#`JD!UAl~!cAbSCXHJ_obwU;LyU>+JQ{k1Odg zk+a&2nPbO}8xO|B1IEi>z%ER1u)vHNQ%8>*13!DT!7mnI8Giw9^x$-cAKQn!@oD0% zF8CX;%K-`rQoSIB3YCUCA?;S54)v*0>h#W1<^raS{d18`zD&uKNeJb2Du)Vp+VpTq znJR_oR;y(#L4Orns%oNiLoVnTR%Jg#Wy4fuO}u5pbn3!YMWLpyzDKEiAxB*#+%DhH zCR59faHh44RBMt2s_HKFX_Qfs@n?!v|_5a&Uveaohe<}@UEtWah;`G(m zKD0G`4AfEf=3Aunvl^Gpr$e-4nM!5VO4~XNGTO?zR%Upl3ZbR!^<1P{Lf5%WwUaK_ zDQ$LsJ`Rr2})bbk_Ywf7-2jzHZtw3zb&xi&(~`w9=Y8m82eG_8K|D8z`-) zgJpC7MYLi+{!eWPxNmDD=ku1`k!c*xvCbS%EI$hy}~ZiE}^Pky6z!La=wz( z?Wn{5C+hX*ThI~C@p7?ItVhaRrE_?lw$uHPpJsS8K0{UQv^6ZtFxC-{?ZuyJ3rF~$ zZM8oyX{z~ow7P%F|cU(BGHI}hLYJ(ISj)nESt&$n;3x=Vasn{}Zd_+#NLG>F4!(xLJAEeqa zD?g>?dAZCAha9yNp%7;aTUnyLUQAU=2fM83gpPk+ZhA}RRnyZn^{EF&q+-3CYs2Z! za5dTKiA*p5da~A2q+V9TR9ZcK>mj5=tVNo`Z=T9WZymIxwc+CiSufI72&W#+_N|h2 z640^1PgOs@>dvYux`))++QlzW-AYZ#;dta!yNf@AE$gXLHN;mr)O-#fwS|ubz(?)i zW1kaAZ7*x8ptQvl(%V&i5U{qo%t~+Ct%ZeMa*<3(ETK#dL_N*ebFjKC<*h-ibK|ET zSh}68EiI=pYf{t;2qm2|q*#_^SshOOt*xBiT-WBXNG(AQWdmz4G1Y}!cXHJ^^K+r9 zqkWTTZF_4=u_g%)aciP&9c0})x^cATYHUJMPw<@1tq_)28r~A0PNlO>t1YA3RqLrY zv)X#P2iM*9G9Rl=^+c;J$!W$~(EMOEcLXIlu{k+bgZ9*YgS|qxyVXX_$7*YqrR!oX zn z{^IP!sA8?Dn{_zQ%+CwA=eotMcGo?DT9vANthQrathQr5dQ7=gkGgO>uV)ZFwOb33 zu9qHP+Rp4P7nW0NZt90V_a*fbFj}U*7(wz@bkZGnLYKt%dBpO z|6eY%U${+Y6Eza1s2Qq>`usiCeNOj3j#anXgzG-4$E{oCW6fn+k`F^nH5#>~TbN@; zhg{ErW)W_T5ORA|0wdK^CI#1w086Hm5cS$ zhYyTjwP#W5v?51vk5?9MJt@`myFOa#$6pTaQ=z>r+qXk#Y#MKhnuwaHoy-)qyQyn< zZ9M(iM45_vZ8tZqFdLTuwSmPabJP1}D@5Y9w8bu6k`F zSq-c=0=j%XVRQM_&vdk2PU?uI)>iG0!tkRk)v_gO?Qfv^Sc$591NB*=LbQzapjH>o zHQue(ROD={n8Dp?x?8%xXzwE|x}MyaJ9n2JofIuc0g#kD=qetL-!d)z=9 zsvH{9%8FE&GfIuisT_F-HJuZc%{!>JP}Zrt^S%uu!=sYSR3aXAf}BZnBU}$eHcox@ z)M~cMOl@*t)BlIPdk?T`-v7tHXQq2oO*JZt_Dr`)O*388L}|KD=_aK?mziq1kY=ih z5Dh}eDRc;75GUj)Cv?bB9hXpq9Jzk|?ABvm`?cQd zy{>!hwbpy>En(}&IGzp%lc5qdxCsYUe9~aO#R0${#zt05N@s2-Auq%1^9)Rc->&abnHd%`jtZL*#~ANBgg6qhzEyR~6($n^F{yHo8jN5pC! z_ZQd3N`|%Py6`PHir^C?ig3D{g-S)A!*=W%&4XwUjd_5fc1K_6w1-T(FRD&-BH51o z{hW)|glNr){QG~ohS=id&c{AoqctZQ@79aCA)&TgqA`Z=zo^faa9|(BIbQo-3?F_3 z@u#{8NlPvc+wH;Vt6g+X_|oWG>2Ha(v4h0|=O-^>T!dxOm*ym%e!_aiszpm8`qFmz znN1%4hmAe##ljeZ!f>eQuIP+QI3PfEpAAbH@tx7>_i!W@#W@*u^#z7IhOm*~UoM8| z4Cln~B`x|KMqRPep>l4Ke}c7h{l($a^p$8@YlN-n!RTAi8;RkqgxcvSu`(7-0mmL4 zCx@*HYYhr6>2gB%N&Fp;fT=}Oig9^-LGiR{F$AaMXC82Ax_h@trLlQ4iszQb`Ku*` zB{Mk$-<&t|!lKd(N{XVP&n}!&Jb7l}?AQf-&d1!Msq?24O`0}ycHyi^(=eLYxkcwr zDY?LgFPu6x8cby^;6QMci{EpY#6YN4(dgguE%B-&z>F+|8R09&n%r6i;6`B=M|Mk?}xYM;zInSndg?w z3T0x7i{=)V7SD|h;^bfgqPmXaJnR>n9I~Ss+O;z$rDrU>HJIk)hQCI{=FgrtbNcL} zsqrbe!yz_!#MpTMc(^|yo_Q{-HKlOYta^;b1*Mtuil&s#ES{Y?Yi23N&$p(> zGe>rbXHJ_oe|GeiQt;NasfDG5HVFSlDQC|=w{{2skXH1z}JZ~QFGszq=INrHa zm+Vg2?W5%seiI^&+cJ0~OMbWqWzvw@(~4tbPa8O?Z@<$<4jVgW;G|(g#ta7vxI!H!`uPLFkd(!e)2s+*m#E$p*u(Let^S&~61>s*bfLEXQV6n>$|3>#f zk(O`6577I(cZwbFF=EH}RfTZ>l$rH1vu@7rxG%?- zKfvX1dMuyQWCmmQOIi5XU=yFgbh0ewmR?^K&+e>VJqiH=X89#xA+Ly%30uixAS(G zck-s=#phz!uqQj8?accpEoZCqzhN6!Gkl<0opWK{_sH@ufm_LU!NMcNe+{-e z)UQ)nhfKJQl?mIpX2UkF`(PW_3$TsrQ`pK($04%~dos+nFPz5taGv}W%(gjAVnfia81 zI&(E_>kOOyXDa_$*y{WdY{UKn+d6X;wo_YYy1{80cC3q+!s&|N1Rp1FfNh=O0~u_c z;kIw<3?GPK>x|uZi%>;p>kRKr$D*pZNBu}S*la@%`|SST=5RQU%Z9f;%e4CNvy3_H z+j8MDVRxkb_Yh}3``_c0j+fm>f24fQALd)1IlQOchMmQQi;i)+9r`TO?#Vw=nf>uT z%VeK}Gl%P13SJy`3|^)3HuTvshsLfZ4Es9zHta6AKMLfq)&_w2*4ez`^5uBh&&7-R zGx4%=&W3F}x(;T?a%fv`SHV`#wJC9F}eCc@}JS zwz%4BbC_|ahAzGyCdarJz);}?2eSf``4Mn{?T})ix>0P;KgOh95!uY#~j)|XgIb@3=D`6?4pepKd*+c=o)~lDWktt-Bm)gwffR z)+L2=OIv4GNl?)|OK`+-#yas-K&%tL-N!mjo;OcvjJm}e7G{W5S->GyW$8wF?mKrh z<`DkJ&Ai=@gAN%x0|7*iETK{J|}Xd&K`+ z9S;Gy7snA`=(^!w9GzBlW*$QNJbwK-Y`3f-czEISa`CsFvSEsq$3tN=<14n}YkyL- z`$sRlmyG^dc=_^{;E#=nS!ZROj)0l(6+DNJqr|8@96eW*Hy`%pdCO6rAI^M@hCwfMvtEc!IkCLjcrlOVJ&2btZ^a*!cb|qq zFLVoBc|3Hp^8N|?@>Zfej>kHy-#-vA^S#9=k6#H`zj}CCc^|{RywxbL05R*VjQ0^R z^SxClFOC6O9uM)Xy#K(yJf3#xg_w0##t#UX`QD}%qu=IYd3^4OmB+&nUtTWCTfza< zSsBSlGV`sHm+&+l#8_TqysW$qRm$6j@^bOMbyfzy!kYPBtsSx0X7pJe4`-}AJ56ZY zTP?g%3-4QJW%RF7-ZqqH%cCihtvo*Y3jbGZzbSa*NXvIZmGbtWyw(_w_2Xfum3Lm1 z@><{xzGt0zRh7Ir-WXs>=v&^+RmNNG<>>St$IHV-=CQs{RVi;O-r%9QbynWSD&_4& zdCQT+^7u8>%KKN9@>bxDR4Yt*{PWc+pj+d49S(WnmtGvF$+oAhfd00(C z_eXi(Bd-=R{;%@*Kp>WF>kG@992Fh@wQ3whl9_L;!gRDopVQF>FTTh5+z{KVFE1H8 zM}9@M&dNweo|*4$cIENwh?U15+41G=LwR;8h{IVK@hau*MR_IIQL%pQU3opLl=m(+ zMmtU5%i|-BtZc@|yo3D^W)jQmfS1*8RF(1;Vx{A$1?#MgQ>v7=;X^!*3VAFq6E7=o zdX@4v99!9Jo@H8jldF`s;^S!kv%D-@`hOw`j*GvrZDsEwHPn=&zufBR^WQIrAm2mY>alg18-N9v8hUVpQF5C zh_O7LI^wuk-WyfQ+mG++cB%t!SCqH2N_pKr#S^Wx+<1&)<$Y15yv1pir!ahZd#jYU z_cMGJCPnq*X+SHF8?K*!t6Jl0J_G8Q$L_yX%A4_3<#7q;qm_3|mGbzc^?{*;=pQSO zzq)SbJBz=L_LH1{C*x)1^{!H0i?)@gDma{#kyE9-4X(UgSKgQ^<&8plc3Q)iH?m53 zdr@8<5?H@}uDr9Wl(z)s+35{mUQw0uI{v$IdIz}juB%esyC~02fB5p2R4H#f%Cpb? zL9V<9tCW|Vark2jZ2s{QkeTB-@J%dMruC20&G*9gQKh_I*y&x&0n}L;o2ryoif2Wv zLJsHOP`s?XT`CW&SLimOJnY&kIxFv$D&?hoSGhd6y<2%-RVi;b%8OT&RymFTsgidP zd3}$NhubW|_F?twbv*XFRw<2_gEgs=SK2B1+_EBVkTzBFR{lX=59QhLn~?X6RRTdP zuM1#iZa(JAT6}hKK65?fdt7cq0JmAk%CNJ&6zi6C_TGRhJvWQ}Jw$TG)4RyePV2ybG$7_sQJDzeibl z^Qx5BqFX|2AKqknXS(v1Rw?iHd6?cKOvhDK%B$5qA(n$LP%Lk}EAP%KAT!;s1(mR%t@`sZdVG6ukHz*T46xlsDv7 ztj{=Zvd+qTt4etT<|l+amRE$AmB;T&ZZ^c~-G^V)FO9>G?2NjL&c)1N$cO$DNj;4w>L#nOm^N%-dah2H1BKk=|{vMhfP?Ro)+6w8?~n^00LUght?Dt~jYR@o(mPYC}v z&K0{^%KftcF2cWatGv%grCG=KN9b?Xv?0F<9)9Oy#TBuN>m(HyNBqSue;Gul*$=-2 zqEqn;X8F^SKib*CEOXQn|F1KY?TWWn8(;H#uE5JijMniGe7gq zTrOswyE5~$%*^Fwjys3_l*-R=@s7^f&in+ha(G;0?&X~8Jis~6nR_l9c9ioNXYNfb zXS{QP^Hk><&a<3LoJ*Y-I4^WAb6)Jc#CfUna_1G!E1g$4mpiX^UgNyhd7bkH=Z(&r zoHsi^8T z+}b(AxubKob2sN4=U&da&I6qDoQFA&avtNH?>yeQz%7i+gEJUQ(D$`!v<_uz(fUG}OzRLP#pR?rH=|Wf z3m1>m8n(5IXVA*;NNZf#&fRDYn?tK^yEl$o$vJ4D(0z2|4ob=8x(S=8tm1{E@@_k>f01bqn)H4)doe#~$4#YIO+nN5lSZ z{%E|vn?EWu%pW<-A34k)l{pIIvw1#-R!+W)k9P)RJV(SX%pV=fhWVp-m_NrvIbr=d zBXXEO$`A8L4)aID#*u2}hxw!B66TNGkvS?q%pb+W{E>59IbbZ|1pcc!t3IL5sza!= z9O^9puFe|vf2^~nCDd6Cb(TY&wd_KjwJbuN<*-cUT-4i^%kP$HQ%+TMt;E)uQTY3? zWvX&GddmsRRLi=6ae1oq4Ch(2$|-R!bvX-Md?Br6QRcju)_edfT#eQ|3Cl&}3d=?L zVY&EiO>V|vl^>Ri9Cz{7&SAMICoC5^EEmnsuw3LEH*8ogiX$9L(5awMe|K6aL0_pt zJdK&!&$Nlme-m^XBjmJ?;$hn5Fzp&wn07g=lYcbripN>LmT8!FIZV48rd|8YFzt%} zZrU~f!?eq}EMMCK7)$8Df3qWKV}MLA(wloO^!+j3Zrnnu2zplvWtkHbIc z!nA09hH26K4AY`AnfHhFQBJ6j$_e#RIsE3In#&TRTg_83f4F)~z>6M^K9^T&U;Kk^ zC0;aRyJ^hBZRp>Q<&fGBK=%fXLip2!xa<((%%|(>I}y)_FrV{`w)i=Uv%a*&FJc^J zmZ5(WjbS+*wB)^krkvKup)F^sa@cHYk#e{^Y0FuroE7Llpd2n|+H(G>IM-j=;_ot!I(&rw zPs-tXO=PbsNQ-JFyzpd^P6&bzY@=BvJRt=Lt9P;;}{p4 zkM&p18065FbDDD4tZcS&@{vPZ&Q*$!N1V2JIpZjw*C3x%P62Xg%i%qB%whAi&y+J2 zIke>*R1TZ1HLey-%M9eumeZPXl*6VjeUvi`Ike@BR1TZDO;=6{a%jsrUpZ|4#^y1c zZ>7kgEr-``7+-)mZSiLqM;+K)?gQm4L=J5^`<26Hbak=+U^!*Tp)ChLTph|uM<2he z9C8*ThqjzN<*?b^6y+>I4sAK}l*8tD*D7Zza%jt0rJTFbe_T1skwaU~^U7iKy$_VL z0y(th{G|9w#A%Bs*NCPi{0ugY>0O1KcCh8-D2L4ePg71ga%jt$svI^CT%?@U$e}G~ zxpLTS@ImFQK@M#>o0P-mgl{TmEplkf`CK_{W|)NiH|x9(Ike?8W*p0!%?~>$X9IF* z%Q;Cox#*8k&PL?WmUE8cn-HfhzJPI*&t{Cvl(QK*wB@W)&Rys~tej_%LtD<@mBVI_ zuPA35a%jtWS2-V||BZ6CBZsz}pOwR=QVnWF^JFJ-Xv=BAIO@#ilUd5yg&f*)dMf8+ z^hYaaH*#ppnW6Z*h|?Bl(=3+HW|&Kqvj;h}<=m(oHqU%eIeU>qTh2!1u-WEI%K02Q zwB@|PIL5{1oL|vc2lgR{ww!~?`IRx`GG{+>Xv;Z@alF|4GmA#f0p!q@(_is}h|?Ay z&NyCdE;@zAu!oRCTTTh%c(EDjlnw2%}ej0k;C&_wB@X094|II{U?na zp7)|HX9weWu{r9eG;(-8jJBLZiu2qUZE-yKB@D~vt1V~@%X4P5<+M`{o3-{)4$r00 zmNQH_qtTzF9G+vNEoY{3*bMe^+-kl zSPstx(v~w#aUOTk7UzA9ET7GLuTl=r7t)rqQ8{e(%OBikKAZY}Cx@oK$x)omd-G&A z?=6toymyhz=Dp=IoA*8~vw80xnaz8Dli9pC122xZ6Z#!wHY*+?k3gS4oX#9J0e(Yf zv)|#|hxf;}fbI$!_2#cox5eL#S3{q+>CICdn{v1sYVlc$W3=JdeJy^i;wk9U7U$<5 z$8`t#{5;^eQf13|QSoNz(-wb|aSY4--mf%^)W8siw2_j&iDk<%JE zwB_(;hnO=4eI92sCj&XO<&-Jj5pmk$*D;P^+2r{iw;)fVV`3Z?=;)fUO)(bhb<-{51G@{>6Il0K8EoY>1#-Pu8VOh=qtrX8koVIv3 z#!)_-exIV8@yMYqhsWZ~VUzH1Ox_>c0do8?`9kHesrVgq|5$7)a%d}u_YkriHX;8f z-9NfdiME{GigP=lE&d7P7?w@W|Eru5_Wt8iJHi6$sBWDS6 zXe;M4#g`&ZTl@gyr~{kK*W@uUhFy*v+Hx8)jvO|n&r!|_0K@M#>KPtW!aoXa% z>7T>0$$wKC<6Vaw+H!g*z5#LC;xib>uzWRxLf990p628LjR!5M**bpSQNwZ zQ2<$TH}przd=x;jT#Ej3nU4Z^Sl)pCZux!m-;wzUf^e*h@_DSAQY#u49~W?i%;Qj= z#!4N4f6&o&kp?EQ#Ec4ir9rp{2r^r^$*@~y4 zPh0#v#hal|TYWB9yaoES<=>!q9DUlx%ln`>-qz^Tmj8g_8R*ki{^N>sx@nuP=M>LI zpSJkxig!bww(*AZP8e?vV&S}#<{NH*4)y7UK5gY3Qal%Z+REXtf3p7gKl;T`EtkfM z=OIqpbn&N0nLiA1+RCqnzf%X|A9TTkBC}elgClcU(tJOQZW^_v3djvUn$HKay^26~nDmfOpqdBbRd6CR%KcB|1Tn}lhb1wc)#Rmo3?}Yg<6ajS4 z;>GwQ=Jz?OVZ0@XhwoOJpXV#T6mi8PFwsf#<3o9{(LF#NB?V?%Y|*)I8PSKw$6lYAuW0=&oy{26<&q@ z{qhs&x1vwMKj>&1HhjJ#UJWtY=6@fU`L)oeZMt~q!1CLpKY~UMw@up0AFhhbTQ9zZgjrI<=jJKyv@+3ZCW-c z-U5Bv;+q)9c+W=vc^bpUWy|@O;;qrAE&j3M+}>%6|EPFJ^l6KSeLKqM_8#`_O#yT~ zHsE->$+q2v<2}T45D&+DT0fgBzZc@P<=4gEsjZ^pFOHk;i9VMN&GF{Sj5VQ$;U9E# zUF5J!$BS{UC$z=uGd>*uprh+z9cCBGL7e%aoU{;*%0Zm#RVb%T6c5LrBO-I&rD6r+ zx^|4rx(}8cq5mj7691rUixnI z^l4k47bwp4ine8Xnc`fpXv<%&cpQD&_91sD&UJ~l_*%s|KWK|{y=Q$mPiQ;l59=!8 z*@)4WzY}IY*CpDfYY*ccqDNPKNh62r6>Zz{kBW1>qAi}p^$q#Ch|%_WIvRhcc8VT_ zHC4U_{o|RB_=Rvw#kuIY4lvH=NAQ-l)KT~c9bFf7V;7b?;#|ITUCvl^Oy#iC(Vs{o zz-3L_dRVMDmo;r=E>=7RecHj93rZ|^1ZS(M9#!-hg=x?P_2Ud@^W0f}* zkE2i9KK}#7Tcc0cO~XIv!m>a)T<&36Xd5|(^AK?^ciQS4z9XOxZ10$hS88_TupVoRfj;LOb2zR1 zYC$(ce=3c_I6wKa@@LW9d7~@AtFb)anQfRDXZed|R^wWkvv(zp@>ikHmz7^m*TX;P zR^!!JzTbJh%|1SD`S^gec>%(5SvHUrW z{C(*2W%>JQtuqIhBOj!Ze+YfPEI)?rC7~$-=&Heu<=W0EauRa*9h~Lx8XR9%PMqe3 zg^u5?8q4jSJIkDJC(6k%kLOut9{PM)nZxK7ED`%O=E!56*|w8$mN`}C=V}R!GE33t z%gS6pAIB1L9K{^@Qs=8>mbqN!^1WGR`KxJ^zXpB2to*ff8WPa0gB#0_IzJ_Iem)~} zTsvu$xeI;1tjyhXE0&0LgE{gZ8u@$C=gaaxr?qd{#~k@v=YulqP%SYkhxbGAW##ah zE4H6WVUG4WM>!uWvz*p4r==r}x@Du!mzBxqq$IRQ0y^GP)mZNBJV0idd=>}G8HGMy zRt~TC*gbyv%;^w{j7@MZl3AZp8s#iNpD!zCA+7yq8FS<-oUfBv&MF$^l%vm=m9v`W zP7xjN>1r%Lw_L+5`x|JV5_thbh*?#ye87C#m9 z+01+9%#*P~nR#8z{HXKS&JC(n<}{)8S$Pa>pPQW+KM55?*UNdRbG|e0J+pjX$1-0; zYdKy<>vQ%>*gkXltO3jCbC=AIIX~n4y7Pz5yq;y_8iZ*w52v}KLw71{pWQ`_YZ`eS z%6zFapH*S;C!DuA|I2x=^VhV-`z@{YJOLYtm08F6Xj(ZPT)dlePg-U6hB+;~|8}U0 zk5HWV7!)wBX`JSAc>fuPjV|YI7w0uF8}C!jTWOW^9LzfN-ig;;{7uDqz3dCdHLrNjm<{{A za(KNgfiLCMqBXC0|Ck+LHHPi@s-4T9?s6`5zT0`L^Iqo~SXNekJLi7RMb1|_Kj8d~ z^C!+V>bUZqhd7_(ywrJ(^GnWO(3(F7XdM$Cgzfk+3CqNC>eHIHyl2SbnY4}%JHvLY z*vsV%rZwzYF3$Uf?6~o4*p3@{&yba0Mr+s=E`BGi7n$o_wDwqwo#jH{lfId6A<+xY`p<^0FF1-5yMpX|(gkSudHu?Gw(~IOV&@y2A98-#`5WgHtVcH9F3w||&v#zw{CDS%Y0dL5 zX&s0E8@6Ne#1zCe&r_U_qBU&X#j~6j(kinIW|jl zw3g!<=dP)h@e^r%M>`p|?`xwO*Rm*ZE}~UtiHl$7d;_iJwc5r1=DgA6JVmR_Z7%0$ zT6O!y<=4Z3yVb3Ub8}kb&2;hZ&L_E?JQqKe*0{#HoI;m#wsWz|S>WQA(kkZ)mvg<# zxz*)7;ry;MPhML&)nG1{CD=q#8P{?-);Znfw{`hhF6Ts-bFy-d#da~m<&1M4@A3;= z{zES35tp;e`A6qQ_{_0sIl(#K`6A~#oVPgt%lSL!qncHgpW{5n`F!VFou6{v|ICKFN8M^Hk@>&bQF5qUpUIw(~P< z89ynCKkEDs=jWYwI=?|{U-7<+e?n_M@1xs9JWq{dE61Da+}gQ4tzr8+pGm9y zBD!5v{!G};|6I(trt4bg<+O&q&Be=I{6QE02d(n=I3I9sfc=V{FXBGN&KIRKt~zva zKFN82^ANgsG%cfDd;;AeiWkCm9;w9TT;P0}^TW;?op;bG^Ho~o{mkX;bMYTsJl3*u z*lM(fZSLI8<@9qN?>xu(3g^3=pK<=cIWb;Yhc?c6&S%iwW1&0O#g{wZ>-?Par_M>( zPuMzBpY9Y3T_f1e#kFNz%etHM0O!%pv8rZj4P6JwHazAJFZ|QQ{xtx=n$2re){*&|F&W}5Pg3PolG< zb)XMy=VMP}T+^HH@~61?9Ov^~&ZRDXrHfzh;*Zc8?_;!c|a6R24nh&?R_!?T}99Cw)Sc|D}unM0bng32kAOU!U$8#hbZ! z8~V&Be!PpH;ylBdnRb4)nlnxVRK)Rhv%=WCDvYXCxT7-{gO%COd64sP=Tn`hI8S$; z?L61{Qs*n2uXDcMd8P9z=X;$0;`~?VN1V4fKkK~1`Bmq)oZoZa>-@R%x6VH}S4+UW zt%(4-TFwoec^{7Dv~lJ&L5pWQcXJ-(JkwKQ`#m>C;XZ2a)ywv$d zXI=-i{5zcQcD~>FA?FRw8=aqa{-^Vc&M!N^;ry0!xb~;z!fSt4&+naoa;}kBnN!D^ z?XYavCeFOxXYn-W^SYj$hwtm0=gez-mc#3J=0fKg&a<57J73^@t@AQxw)L{| zZ*{)Q`CjM8ou71m-uWfx51c=C{>hp5D_R{AlPX=q`6%b3o#W1}oqIT+F!bLQ_7SUJ}^FLS=j`CjL>&TOA%<^0|GDQ7-M-f~`d z{@9t%l(3xdoquvp!iSCJ)O0@9InBAV^9j!3x$K%(!(Dtl%?~kj1P=Q8IToNscz&zbG)te%fKhwGtQ7SFl( zi_UwT!?jW6A8_%5&V0^>jVr~uC5>wg>{>Y=@7&4x1m|$gRKxaj@j=d`oX0qaYoz(g${)_WpogZ=L^GU3p;Tp8Y`@D<4JM-BnR?lz^UDJD?i$CK0nDdLyFFXIsna@nI^1pEY+WCMppQB>={OmPXcTRRr zagIB;cJAuj!+EgtDb8m)PjsH+%xA1v-IhDAa9-`a#(5)+^Lp$yIrI4{7JuIPP3L!< zKXT@CS8Uj?oxgSd+4&de+Ptqo^{MB4taF-khI2>fuFgH2`#KMF9_M_P^Lfq}I$!2| zrSqShZ*acF`F7`roYy=5-T5i!SDoK*e%E=A^XJa{oWFPe$+;#z&u#v*-GjN2a}(zd z&U_Ax<#%^J(RrlvY0eXz3!P^;&vHJ``9kMQov(0S=6s{`tUpAzpX@x)d5H5w z=gH19ozHc?)cFeM70xT2?{vP$`4Q*GoL_f-)A=*!ubh8y{@Iy7&RQ`)o$EU{az5Jm zSm$=m9h|#3cX!Tn9_D_L0V7la`Ahe*E+9r ze!}@5&b%Md=JN~AuRFi#{J!%?&ikDAJOAYTU*~%DE63Z=IgL(>KJVH%cXST-I4LLB z#RoW#bUw{_qVr_uvz=!<&v(ASc?sPrs^?PY8=Y@5JIe+T>rSrGWKRDOmeOW5Mj&nojqnukiXE>m(ru#Uc!%@7&i6a7bKc52xxxI6yb2sN4=b_FcoX0w!;e3vBvGaM(7dkI>UhW+3(^LI#bMc4h z_R(~$ci!k6?%z|+vo8LE^KR#No%cF_?);7O_s)q8E9+CkxxRBF=cApEb#Ci?ymL?I z-p&J^hdAduk9VHpJl%PL^Frrv?_Y;#J}+ZjzRCGk=ewNmb$;CWN#}46p~`&D#dkQr z>in_uXU_k2{?7Sl=Uv(&UWtRJji*d^O?>Qor|1jIxlj*-1!E& zQ#Ai?a=zX9F6Z^mk2-I1-t7Fm^GnWeIKSn*$9b>w_s%~#|LUB`dondG$<8UxO`V%N zXF7Lw&T;PLJji*d^Qq2bou@mW<2={-Jm)g!#m?6{FLS=j`CjL>&g-0?aQ=t$v(7I# zzvKLY^QX>VIw$e|QZ0*`&h?!eIj1?dan5w^?40X7zwzVjsKDbD9Q&v9PhywLei z&f&gXP2(*te!KHS&g-3@bbi|TIp-IhcRBBN{>=F+=R?jh-Uq9CHgIN}35y@=oaUV2 z+|l`D=YGzkolkcza-QiN?)6pO7P|Q5&R02ydwsK`{nZ_e%lA6p@4U`=gY$FFFFL>K z{DyP5mssQ4j<7L;fTf^3VGlTKE_y=7_ zyc)|~oOZ3S8{_z%&n^cqyMEUTwl-+FjN|x#-2l9-eOVrC*XD*Xj_s4(D7@_Y*BF>> zyV&L9W!GZH!`5!AfN@=$n98_3gK?cdnZ>wV!nn>Slrk ziSttD<<2Xd%W17MtDV<4uXWz&yvcd9^E1xdoVPpgc7E4+kMmyV&z<)v9G-=Q$5^&Zo6)j(09_ zp6Wcqd6x46TH7X{>0vH&UhKS_);7Dsd8P9z=W^%O&g-1ReSIo(ql<5H-bQPmu-$p5 z^DgJz&hI+!ao+3vx${2fgU*MXW4sSd_2Dx>%qh;P&dr=#IA=KXxgSLAmErjz@*3vovvRHTI$HNF zY;fL4YyZ5-c{8nT^BL!DbXru;?an)CZI8R0chmZ;eAjsotdk#4^Et`9=b7f@l*wEru9VZ@rE+Wd2ANe|DYL4) z&za@0s@wbcUA5NDiz-{FMxF^k-iH^@lH4l`l zA%2R?G(K~NIh^O?WUgAgpP6ya^C@yGc&3~M7t7sX-p|Z@PVYtXQ20{$bePXmWzJbJ zpG`zhhi{Z;!MDg4!FS4KFz;<<{xX=qb3yZ1X}x?e%zK_0=kd`~@`EsclaBGf!Y|0{ z;aB7h@Eh{u@H_Go@Q3my_%rz*FrVYfGB?BD%Uj`JWFBYL#CFXb9%nU_Uxb^>JmzX6 zzYJ%|ufr$EJQnLIzXK1awXYZ>CnJ8A%w@;>pP7SAG&WP_Hc~7f5A(ig=5YPLNap%~ zsm%5NDme$fPCf~~QSJ@jBC}b|oif(}-XqQOPl5US9rOrzy*wIzTs{-#J<`mX1piYm zgkO;7z`S>wIc4x0@@4Ql@?!Wy`D&Q=Q8WKqn9oO|x&H8;YWfEFXZa@hH~9{@dbKF$ z9=NW|b*!QMDBM)u2=l&cmiZ*yN`4A%FFy@u$y`r(4>t3;+)t9Z-22LJz=LHTJM-Rb z=KlzvCLe^)kpBZul7E4VjVr~OWtzl}oQ1J{%9gZT_C#`zg?wEPI%Qhpq6 zBmW)lAin^2mbb$_h*U9{>xKX|szD4He1D`F%{N?byGCwQ$yOxaq8D1~n4D-Hs#&3n6lGnihl-Zt! z_ro*i5%?8(7yO3&F8q%CKK!A~{rzWh4BI!KZ^m-?TTkE1bzt5b&v-}pH@O?kd*d1J z4)eLo^gy_wd^*f~;~75-K31Lpx02Z=roDU#%-;ZFei_XBu;q&DU@Wt}uFrUfBeD0gC zmY;-|$^U@=EN_QzliB{}F8NGvSZrnK19SXZ%8#&wQh~pZh_+6#lQg8s_ugn8W7+)|CGW z*OQ-u`TRHLY=@7QUxs;4KI1##HZu2B9ppFQ&NBB~J>+-b-ZJ-L{pHVK-k;Ahzko-| z+@Fn=x!*cV=EFG)W$wfHJUR|r9X?mC3D1*L;S1yzFz?l8{&6sWLyFFYua)!Q>*b;F z&GH%W?eZ-69=R00Up^0hSmtkLJt~*OPs;pFtt~S56VJ=fz&qsa@ayu+@LTeJ_yd{0 z!S#v!ANVV|HkR|Z@-gsFatrtu`8YTU)6Hog0N0jBzzyUv@KG|`uQZn@!fA2=%;)&A z9By-&av98f{u#dp?kO*Y`^fje17&VEy#Js155uR*kHX{R&F}>IMR&ly%;PHfrrau;L~Kb|2RV~fce|99QJ&?iexTNKG%`)%ki2cUk#rxvt7u= z^6ku%%i*hKE~{no7WmIHm(^|Z3-Dd?zu>>fdtkO}U>(>Nw4nCuj`D4)kMxKEF4>IT3f91L8^V}Qr zIX~F;f#&?ECtnBiIwa$_!$-?}MrKQSJ={j#0JBX5^En-Sz9r4J8a-rAM{k+a(O>=& z9wPJknrthpG{51Ms$y?E98w%z>hyG9UcJzOh-$%bTPN*=4 z&-i3}3Yxzoe4P9poFVfWy!>5Z<{XWFFPZHs2Fd)b;ZgD#=$|Q{h5l5z82#DuwdgO9 zA4dN&`6cw1%KOm2N&W`?a`{{I|037JNjQAPf#P?ee~G*reb$M?-jDt@GTTXTe2hPgKF2|?M}L*P0sXt>$I)LS^O>xF zm7hePc^vjB^x4jWej5E}Hp z#p=sUIZ94}TgW{3*h=Pk`{QMvhh!THmf05WF7q66FS#?^Pv-gLJelVqN60+)K1S{b zpDE|T1@Z`Znmh`gCG-6GTzM?KK%NL+B2R}G%d_BX@&)is@*;SZd#0T^Sokx`Bykq<~hS-Wd3$dT+W2s%3a`&@(D1X<;(i? zfOBO2p2o>?FL;352OcWt!K38U;nQVaM;b4m2~U=%z%%3`c(yzPW_u0R;cWOqndcJA zWL{soQs()?rSe_y4KmLM@|nXd=Q)_|IOuKgYMJNp9+3IW8@A(M&TjZI`6GCf`~$pI zPQtmPZE`*MWw`;oOXhQH-j=gqw&`H`Iq;`)FL%eRq!a6j97s{#dWpWdEiQFFkliUkl zArFFYmGj_oc@lh|JPTec^L*MPaw*LABdo)f@IPced*&H=1^lAC65c7_2LDT54YMr? z%i+1Qk7S-JV_Oo&H^BdvdA)_tg=U=3r}>Y}YcG68G~>MX!geL}OE8}oP49r&u7u`w zm}WB1xg96(gImi#!faQ<{DW||%-^QyE*}l|lAFW*WInehPwoMakbA>?)-=n^h0l}+ z!3FX#c$z#0o+a}-$y}M|>(~y3<;;XHk$F92v3x0fjm+yI%jH{Own^czcfhM;o?E+H zz8792KM4O-<~g?w@)PhAGM{I&S?0MlwohUCTj1?7e;?yD`9*lQ%;(>{FYku=d~6QO z>mgstAHe(Nui+o%|H6ml>Nt;-h!1cM%j+JsmIA+d*KJliP~U&6cO{qWoJk1*TIF#izzsm$|!`(&Q?`%bP4ACw!yY&*kY zo5Ix^M{Wz(kuzYnoncM~xQW~uZXx%8(`7zuCqo_$caqP9yUF~W4n9+zWfs7>GOt~* zO%3CGHqS7b*DglObK!iM=M^W)3*jR9PjHFM=kZ)5^W5VVGS4@%?F`5DEPRX1YYz9w zU&0T`zrc^nJeRmd=JkP>?+5~J|C3raT;+3qU+$y-w0qF zAG5K3G-oWjJm+CDb0*QK2fHHYnKE-0()@Cb?lKu4;jyJMb|o>kuVD^u^^29uZQuvw zj_^7;3w})IvfCv0fH%v1;n(S70CaE3`05z@K*nYe`$R@B_La;*zLj|%;3qi_|01`A zlTcrl&$`u?Io<~Hsqj&95!_rZh129Ea69=XI8$B&v#kxw=Y3o~Wv&nX<#2D6{2t<` z$$Q~5$q@|Q5%*Rag5;dA8u@ErLU_?GvD*Uy~_2(y<`vl(m%xO6v=5IdJ7sJiuGPsS*{YD3w>s2@TR`^7D z6`U*I2@jFEZy6~+2#=K?fzOgR!-euo@N{_>e6IWzCbQTp_2zOJ&}h zcZ1B|omnaKT-+Tp&#kSNhr$oY6X11n3H+G61l}aCg15@+;cYVSkA7L^{cOAB58=1v zgYX`?I?m60Djx;!liR@G$tS=E<$>_8GS5?0!_J1w@m#pBd@?DBCd=HH&X7~#xpEv{D7S~N zluv+{$^+pW|&7DU4Fh%#ITnpYJvwZ&k4s*Cq-XU{+ zdtF8^_NL4-zo6R#=)RG$YR7(%InVzqb6g3>M)`H%nljhzdNRk`SmrbyEpu74l(Ff? z+Q{g|I>=luo#l>j5BWs6x7-`%@B6UMoaaMiZX?5G9!pH2I{@fr$vlLfFY|Ni5}EZ` zEb}w#8X2o-jK2ZIa#)|6WF8N%lDVDUE$71gJs{=}gV)Pr;V0yLc(crH_Bpu_-Y!pv zUz550?v_j7_vK6Az48+HOZg^vzq}g$QRe5)A$c>Li2Wt&$!)oo{1#ka-UFw~AH&DU z`{7pdA-JPl8{2OenZKF9-z{SKyjPsRTSW7-X{gN4rcpAl6OEDiIW>dsgu>Ak%UoXb zWiGFUGFHvlva~T!OTt@R{ZaWL* z5%A^mDEMl5G`vjaGWxST5xzy90kccU4LzR1iY4@ooI>}D%z7kn=YTGbR{{?v(PiM3 zz#RoTPEx|4!07n^Jjg_si&sJ(h415dB@79S+WvFLf-WDggi``z1vEEybTjZu;L3)s z1g`{6EV>1FC5#M=mC>AVbW89`I5jZ*W7Cz)xTY&ii>9kJCS4#f)pZmeZQ9RkWsS4Xx?gKx?`-)0(dBw5Dq}T^;|R+l!ZZ zzw;sIT3F{Shx-d_)5`VI+|fD5ncsyH_<@UVl=FCJUhB1-Qs*+~rOqpzS39qB=JBqT z$!oplUCw))_c`-8*z&6-R+{ZJEY9|Q<_za<&biLRoOyg~!%lTBabD=W#Ce5tx$|1* zjn2GYYvbDK{I2uo&Y{h$mRBsPa@b_&X3njh*)GDy#p|zTUUM~%aV~J?^;gST;JnzG zZ51qMl{4ERSe(~T&6}OKJMVVh>%8CjkTcsMSedELac8zku$&y{0nVeG$2-q(E_E(* zUh2HkdA0L8=kU85T8`UXocH}(J@+{8b7mU=%c+L_ggM2zg|q*C4gZ@Oyr#%|G}#Sv zW*Y#DPjxPF_P>#_#Kl)Qmpii!fR(w?`5EV(&hI*Z?(BaHBUYobO#fRL&0M^-bGCCY zXWol%bql{|p?Ol^;=C8%auzr*c3$qh$~pXQh05IE;+vg$FTRz(+j*}u@5{HGL(a8o zR>o7E7V);Vu--bNo4 z{bJw2Tvb%SQ z$2(_dXS;v9ckdRDpOD?XYxg+2f;x)^4jYt^fP+DG39*T>%D?a(VjSMUaY9s`jM(Yn z$q$x|`!KXVR7U=f{&&uS^sQecSNpL`&AwRm(#!J_^9N*fJ0q#y{@=x0XQUn}o;M)5 zQ7kbxH~0D>7z*bC%gdKH-27c(tCVl!U5c9}7Pi}3*!H!;HtEI3HhE+O@r^~UiCO0-sFHd-F zM`C($v+VJGvuAY6F71}Ru3OtS3x7PJ_Nt<`M|HfCUlXUDkT|GaY}&xY8l7T;@?x<) z)5`apU!GB;OFN8)7ZyuA>PNz^T`ZhrFQrkd74Y52mQoc>Bmm(&<)mA$%e`8}I2dZ7HCwBB`4qq~b+ zJYuu=?yMGFUP-BY{PC^2B*q@eYTo6azjo;tLyse+g7;y)X)1K?A&NeoU2i+(U#3Wum2^X_O~y5_|~gmZ0XtH>%<`~ zckm26W@x%C@b?n8k4}F$<@kp0B_t`(h7>J$8Sl==~yx?d;i#m z1y`pGubx@&>X8@pIYYzeXXUgQUOjz>R;K*q^zs#WvTSlvzh_$J4oKTSpyBbEmAMQ0 zpzeh@C!GA!_}=x>Ck&lC;grn!Q56?{zhq>*Rd#$EFPx#unaRgCsP*l(4|l)%`Idw0 z8*RzOoW!>C^S8ewBo;Q_TG*)lvYwN6R68T6Z0dD*^L^YZB8%Ge@{Evkrp zZS(x=go;@E2A0>LGB(m;BXgEz6!)`bmXU?Yc`1EDV*5TB#d%r1c^3*QkDNsnIXQSE zzYp@#vuZ|fAGUaNvNDp=8&xjeChs;#PJQ9dAuXRfDW(B?*Uzkf!Nbw8C?~%U#)ME5 zz_=Pzj4Na0o|EI1e@$BO@N0>&84ZwMZ$V3}-dxGU`kkD_HN4#!Dlfmm0&b~=Sk&W&CO3L% zLhqXC<4ze~FH>9RlC0*Pde<6W@mIg?Lz`#BJC*h32{x=Y(Z5*l*KfOP_w}D&dT>so zE!l^y_gK^0x9r(qNY)vBW{$jI5;g;@{?T9+6MUp~+U;8=XC0M>UHfxi>^ZOD+0Vzf zm*=$1%gU@jA$jJaxy9P~U5CBJj71BIw{QKidkth?I5(qaMwj*txCTr}#x7u4G|nZ< za{AUHM8CXP3B7r3vs2W-tgoJHL(^KM*}V>MsPw+hSQ5jE(U`G=*AxgZ?zCv|V!qaaq25bII1 zI~tGSzuYDbdz7?|oqj?%k{_E>t9yRWqjS=G_UzIA#GyS4+Lg7BopFAzStmVz;w{xOsbe>>Dw$V04oo+y1BX zvY|H?9^b29ujliw?lx!oxM4fSw`q6Qn3G2JJF7gcTboN}>@8{5HDO=sNGF_^Tx;t>W1?7fwxm@`M*lnkK}L?%sFXq{icNhP-z1Ys2RZ zjVGQw6G^GahK(t62H8(Nw2HIeC1v%R$${i zgmRzOD~#cM{2Q)fGz|5yvG%b6*yp6=@*NhHjMs1Il41!9W7swDZ|iuy=70K|r#1AI zG7Q3dS^gJ!ZysM&b@l(BbMC#FfdF9&C^umUQ|16+PC`IvnGAziL6VRFQHGEN2pAwx zQS?Ct)JLmSsM0!AD_UxuMWu>ED|M<`wW!#FqT)PM<@@>Uv-Z6!0oy*m-}BG+_1$pJ ze($x{UVA+I>@(bxU<|PBE;q;~xFTe{HtmAE8`bP?@h%JS54ky)2hG3-(Vc;U7{#_l zd~CpE^pFfURV3NvxVNhF;_t-#G}Bt8!9}=96C_*~Kti3@KOpqe<@`W8lcYtOA4kg9 zIxn_RvwL}v74x6NL15e^*q=I|mUZea`t+tp(u5<0zaqqD!+RZgw**Z<4fi|jT@D96 z$GU~RD9&?ZehKv4xYJP_&kM~(O3#bsP5(eJRI{|f@q)3BAcYqfx`vu@vFY@Jp<~92 zWmdr;l-`0;C^*Qs#wjg^PnEY}i>>0$iQ_N|yok#nC+-y}2ZszNo&(k3nUsct_hKI( z3O)iaftC_`gpypo44QNo<2$)G!*h~8Ly}OsJC;V0_^dmWV*+tW)eMYu`TkZ?nw7D(B%LkPp)r=IwN6w!O2xkIJy1{PL!Z#k-Te?H z9DyJ)#ak6yif&2z9x+}cuhJ11hMl)MmNtS(qZzX%mc@!Q&FNiWVv>^T7}I28lAYw& zI2_i-ehstjQ{3~mBG{qUanC0>9V#7nF)7%gEYES55aT-3=F~XuQa&|J>d0?Ty33eL zGFsxl5lUc0+|$^(wbKx8|E7DaREhET8vLJ4f1&Ya`i*F3g}J1e62 zno;buxOyogIU2gouX5bijX|fIM`LN8yBdC{X+%TwQT{Z~Oyi*-3m*!yzzO`)TIV2+ zL-!B<;N{QkI!()E*f)We`-5wwwDE*X8(sJ#Loi!3^?MXyB~sB!*E+|2+8FA7HR9Z7 z-3usfaNIw+{Bd5_8sKv-TfFNE$9=(2kFLwmXYZH?;9XG_p^6BhAAMPmu53y7LqCUA zY?zOHV-2uy+~xPT;6lL)Kmx024sw>xbW@y@umBtivI|2&mMwDU@QI~x17^lKjX#QY>)ADdI;fv+hEzRARL@$p z%nJUv&WT}XlT2H9P6AcKX-GuJncv;PzY?F8C!%y7hVJxUKZ4hr1DSF@o^jvw(&9x4 zZ;QQ0wZmqhB2p~z_h)@gIS!i<%UjABX4D=wqt=~n#_iwDxNT|uh;QA$3Ek&%X857U zF+<05w7Y{}r}M3UXspkH)VKbjSnth>MGAb}lggONQM;dw`{C+c3N^a$rPPJvdcfUr z04KaO{-pN~h|+!q2w)JTJqS1(kj}5A#(cy5PR;%K_0wNNq5t0i?-Jez@OR_=KL?}{ zcuM5kw7m{MGJtvZLT>#NA)d+j&H%m*+dm9A3p)J=0Nw)hI|ya|Fuy;)QaTV@|6=U; zX}f`wu?uWFzHSibOTM^aI{Qm^dn~ejAF^5~IGKmBd!id&je-T>%@beXpU_yRW9Kv`~?w?5g)JO)`c zWL=GHI%V14LUuJ|cpWMeyI(UcU--NaQ0%7-Bs>;yGPziwkY81!!MFk^b1h`70)K^N zs_+|`JC4z~Cg%V8^!fLr#Ne4T^F9##p;d}G=C6!=?6 z;BKY1V_SBmZqe!C|JlgCOk zDe#xeIrVjzZC84CL+4J0&5^Ux82N-@PR1+EY{4J+=5i7)gO$9>6$>2qzs#}7uZ`xL z%(s|y8yJ3;8Tw)VA~p{b_GP9tcQbUR<6dFPz%OnN;z=hL1>kbi-R|)TS=tiF_({#Q z`2arWE*Op2kI)j4=5}+~8|xq*#EJDfzyw;j!7IQDHjO{1K9d%122=wEGq(Q&2yI7b z2*>DNNSd*EUwLMH-i-*jK|J){2V9HIz0Kouu{3@_?j72D3GfB&F}D9vg!*7S7Vvu6 zFW+=ivcTG_AaSzszNJ67`T{tP_+=#&x4HJo4Emygr(}^CUSacy%W>RmHK6} zYK(lvPZ?PEG*Y|(9KLL;0NLW44Prq`6jwrm1V zM`}N_p`1@3bFvGN%#1v9ZeypL`8>%<;4muO$N|QekI+xV9sIBX2UmgV*ac{k9E{Qe zGemxlP~W@#6r5n+XDo--U^BG%n@%&d?tzWGezq-dTE64{ z$OQRBnIq}PCKQWNlQ#petC>(AhGyc0H520Z?}qU#dlmBLb9r}~$G=sb#vj6OMr7Ix zfLj3tw<4B}mE}eoDzH8&1}zm>9|v!GV0~A3W%OW`=i_^jrUR{(c@NPlUt8hl&eB4F z_XyuWD*^pfaNs{T--G6PXfO>25&G%`&GXP00AuFR_%W@%gxDWAG=_hSxDT=M@4)7r z@3?1~^VqpaHh2%j`TxMq{fTMr%@B62T#DvD$AnFjF+JZ+cjtOn;GArljNf!KO?D@9 z56bxZ;U>dD>W?nz2Bv6Fo9BA(SeuVon=jL5r~ipfbNKVSF$ZaLzSpfSipRsB-*+>I z|961Fj5UWpA1lkG!RwjhOjYGgwy81@9Zkj9ft)nlGNfU5Hz5sgpt{xGE~FX3?jFIe z9>H!d*ovrsH-a301SO-32XU#!Ytk@HR(db982tG22o@s~z-}4L*#5;5!a<#mFpvJP zpdOhK1M9=SVV-JoM57xzKBD3GL|{E~&Sc$lF{_L>3NyVpoWn54Il3{(O%Y?)I(ZpA za|Sq>tTdJDTPpWxshsaC|5B9s?Hf)sVwonV`z45Ja@Gf9Qk{YaMOCRKN7drjQZ1v& z!4&Car(tJK(*ppUN&jK&}T?@r^W@R)WG4J`57uljU8IUc0oAC$^Hfk(K(j0pP6IhodnLNg=|On z9y7<9!*s_eOfxxE^|-jX$2%X{^P_*9bMG-r`wJN2ta^``Rd*n0W>u#0PuTZ+yh1;K z2>*orfH`3wMVJ%mLuRu4mLW`}51UXbW*l=mtVhB^mS?}W8ON?U9Tsvr;_2|mfWeG4 zr$c_Ou3#(lBd0@fb`R`K@AUz&r+x`DwpWTocAt_hhm5WFf{|gFi1As*Q&Z+1#PARc zqGEd1@z$C%ntv{9a{O}{&x;Qu0oR15n*{zj4@(Ev$vh}A`F>2G>1h=8We82Tm{VP! zE(p3^{YxMq?`pX_HsU;zQ%pIVbPuYWQ^L@F2=SYF{z|HAU>m~68OF)5n~6=vl;@ue zyP4P=gmYFqZmNl$iqJ^&!fvXGMGuWMmp7?_Vwm!_1x=rBNA_G)ooxc3% zgZp#`b?0QsYrcLq##|D?gqc=( zx2uskj|!ZCNplv>=VZvKm0xW$XHovy`-118+IosTxG7e#`*MDVXSaBg{MsVA` z>p8^*x9z2Gmav&W6U~FC*4*Q3axDJ_nrGn{{aR}VwiWp%AB>uONEG??2(#Q{=IA0S z2DX)&tZDFb=kBhab;8un z!{|%1rYuItKa9RKv5gFyBjro47^&|>*c>V}%0uO!CbPdnYz~QU%_Qlb%R}OOGuOqS zKErqr3`KH`Q^$1zl}Mb%gP=De``L&VM?!WOs%BX92XI)dMUY2X)W5p{3MV{4Hdr zjJ=%Ey)iAhQ};);ZUTF?;t;DMFD*-0Y1ZT{fY=K){eiT45tpOIb zVS&p6TpRh~;uWyxt&im$>EiRy5ni*;yaDBHFkG@2>gOYl_lVjN+TG1v6?XU}G8Nwr z-3;cfqjtP8(vJ5;+EL_;{S=A4!zP}$h+4;&Qpr0K;tD~<83Sgwg9@cpD4+Lfi1(5F z67bY+vT;iJ6-4iY5T{Y!!hMX3D72#mKZ0d*#$HZaZ<-Qu=J2hI8%`_3<2i+lcgEgB zoe}Y@>~qwiHK&w+m&F?v&qLg=-MD(zZe%YS(k2f9k1)Q5@=>40*~!kz8sYgtmfKQ!UUCzOSRA!jf;wW!FXigoDr2~ zz#t@aIOegEDWk{JYrv`NvXj6RK?mp2oq&k@-_brD_FCFLDf^REScXB^P*{3=E*Wr^ zA2G1o1aO0$&B{OMZS_zKtJ8NXtA|=xo!+9Ue5urHld}O{=ES5$#>w@N`)$TiWSmvUV6!6nJ+MJUugKUvmmVKVwVWiPy3?tfjm>kG8=o!a zIqOXWjx)U6p-&^wDPmIV{Oo2Z6G56P@l6Ej`^mPI+9dS-WHaeyLB)0E(6gnS8L4+J z6#moV%zzo};Gn>WZ zci~V{#2MEQ`%G+TZF-|k>|7It9ZUXit5#&v{6G(}Ak5Np3L@=6*|XTd`)4b$gyGSAsI4dRFkgD{WMlVmCM|Ax$vEQLPbD1!<;v6iB&wHU!P zgW}SA*Wes_A7cwRP3w0O-hi1HXMOLO+#Wk=^6x5)=!gr0(4_RFU~#HGakc~j2Y0ie zW1P*5Cnx6h3~ZwoLHd3zX4ot#mQ?1P&yk7dqbJ#QRoQj5*`fI+*knb3aoCWIp0rI5 zrOGp*aWk+#8yi&V#i1kAIdBm~OZ-@R-}m&f#|dQupZeHscsXLH~8u3Ndb~o z0g50tZael8f9j@F3a6~>J^#*tQuucUPT52U{#^!CXw`7+W4@Du^HH>m&x&^OkjO#G zDfd>R8JUZin5q~FaX{m&Om$8WDy`M5OsQQRQOk>DN?EH+ttf=={pDq}(DXCOkH}bL zUlv{Yu#nxcVI0vrWbj;i|G;+gxy;v{PR}Z|TtfN^Gw8jE4U0p1R(D3EFq0uYWE6fN zw`xSz8im=|8<&ASPkSgVz1I!S!QQwM>?dMFEImJMWLZ%U(G?~(a$=%rGqzYhlIw+e zl>uKTa;~S&25hZnQi?9ZhN+3(r6+4Z5^=pjC>6aQqYp5{>|Gy;1o-jO=^es`_~;>t zu*A<$>7z4LG=8RvfAAFcXW4j6IYmrn9pxDCD!SB0vHB}abQwLalU--_jqvX9k>}o0 zY#6xoSUuDfamM`{_YlZmHq4>NGIn;h1!K@LK{$&0?9#kR2XxJIE-^pvSW{YD>@RMkhcBCF7aQcmg&|mh`M{bba0r(jOUxIrON2 znqzNV2kdDAi<^IIsS0|YNfk7E?z#$D|8xoS&I28<7wEWLp!3th*X; zJ+|H0c*SiUFQ@pCJU(p;i(STXnN)-aLxFl;=BPQb>W>rTdI z-CS@rwuRWvQ}QP8#n>*zwpGckY&&E;gx8yl*Z z)>mXMZp_UYl3BfYLH6RB%It;n=bs!=kX4wKmtC`T{^Au?)&E<$os_+`4C)=DtVKNR>Km%6suzH9x&h-?IA9!zm1u(c`o;6A=OY|qw}i|w6L>A;2I}#` zxEp96k46l5@gDZ;%-%2vZEMvJL%qhRcmGe+KZN=`qu%Qj>T!?&IR)v3HGpnb~(SlC`4AYWlIBk;KG@ zAqm8HHFECPizXT&=mm}$<3TrY^*YKSdEaHhA`+xcHWmuZKF!!+16n)G(Q=}RZEyB$ zYAa_=gYkHsJ1{rCn~7x|mzfqAVe0F~w}r%`gx~UycE=YeiDMeTjYn$+x=_XOf^H1N z$Rj3jmETsbY5wDm>DR66jrS4%Fee)X#*xMY!G;hE<(X!7O%?ql>@POMoBVqmY=%8X z4#`1d+L!oE1qs0o+_>J9t*xZ}vylhRm)O!4VyOSZZo)%#%IL;-hf0T& zTH9rdwP^qUZxX-d&oMolVGe?MrUvy=G}b0h`h|7XHJfRM%;5OmM()=eJ&Zp3Z&Mf) z|2@-Mz9dq8$ltfa{A$0WmEL(~Cc`WmgJ4v>2=0hwA$ zxASjrQ^F%Gq`MD8DF$-1hV4Eas4+OcIn&rl(Qj%V$Loy+e-?4gVe}U}0{v0vk3c^G zYvK>nTm6m_U4*EBkgv!6ExyJp>*9lc$d6*x{aHYb&X(iyx)`eTgkp<|nOWfEQTXZ_ zQ?olmChtG5F`k6{xx_W&Ztr?Cv~2F@0=reltN=yhuo~y^iiTx%Efx`6 z$;heOX3 z^X9LpTUlN2)K@pmTeh^?F~NDY6?GL$>YbXZc@4{ajd@sAIF&UG^?prgZ(82qA@lI- z%`>LV437<)g-|$i3GfK8`Gm#mRSWlLhY*pNE}J$Z7^Ntf5J zsC4Gd8$WZ(*clV2PMJ54<>F9apZj@`n57Xdt8J)RQd8ehGk@Odn(D<>Csku9T8P5= z^OvELt67%%Md&FrTEzB}WmUDyR+*$23g`t61yeaY_8L~#Ryz&z@PnfT&NPgbc_q#? zd{d3RWrEY3Mq2h0kxT)lHINI381!Km0W_ySDmVm;;`~L`^Ut?USgqP~O?BNe=L{ND zLnqq2X6Q*Js!Tc@GFARTFpsJH+-jE8F80fb^0Eu^^Uwv7PWmr$xR`Xt@Oc&UmsQqO z7%S|8ntD?lzxi5pu^G7~rUBIu!k}F?-&Bxe3g##2kvZjzaBfy!PF7BT{}?h~K?wU- zGR|ysAu?~`(gn+$nbXJ3D=wKnb<)fkQ7Y6 z8){Zgo0fU=bul*T^Tr7s?UO&pM)}`SFFMM}{ozw?ZzBD>^4R|6jSk)fVOo3R=~QWl zA>PAAzXS54KJWC>ol3s|a_Z9`iH-WT*t!YZn_8zz%bPAtOP}skI+WW!`oDs+>Q^tp zN!-b*Z>aPAMV9KS7guD-@*sios@gm)Ynz?&UISG$|Ar& zgPkgh=hIWkU^I*4K*;S52pEhDd~NgNRTyfRUZL_9p5S zRaf$8y_K*We{tW7Gb5$ z1+ua&>*a_x!_?;3ud1$Gv2fl3EW4{)NNRZIm)MHR%DU>6Euy(%(FU+?U%C*BWGy>| zXfc;EVikv=lZ9KLORBM^&+>0QX8GBgl3^s`z!ZxJV7<**>_2s3C~}gFkp!F#xstHX zG9Tw!X52AM|6CEwz{d29W0*6kwpS=|@QkxIh9YE{5nm~LxHlTHXYJea(Y{V+d1`C< zl4$vOKb3kc-}%^d`HB#pgv~l@Zvh0B8J7%uufS({VzF6!JWFVMTM*`1+d6CGLI^A~ z?g;E{g-?6&*sQ(XU~TU~gv+s6XKnD2fMv!tE_KY~6xvIaIM$cxwLL!a=m(i~*2eE4 zu*|q?v7BgxPkU{!F^=~Bf=%1wGv89ktg|-wxWO{xk})Wsg-?6!uvvS@!P?$t1bRSb zowdQoHkKLpI_%LFxAxeqy%?m|_I4w{a$9F@@L_~y#^qpn(;GhR;YLHm-UyuLwY@zI zC})HGTTf(;UAiCA3qy&kg@30vKzkM*F>IM#n`D|-ii zz#gAwYkP~8J+7v$z1gko9YWZy+@Th+F};<&3za?gv$e+`!{C2p9^&%Ku6ngSK3>!1 z+W~w0TP>_F^SAc+cum`zfC#%1*7i2GvNxl_e-V=Q!ph#xR`#}HQn4#pZST5P_O`6R zm4%cqUD?~)%HA$aDt2|N?cLeR-W(j1-$H@q>#gjWkCPy5#|t07+0`$^kv4m>mA%=k zajZi|dwoTZGBR|4Z>#2m)6SOKG++Hc~XwXXKm!RveyKAw!S$~w)To!+3Si)zOywZdJN8N zrI!P}QyrI!TIo%LUfwC}t!|}vA@o=->ufzPYo)grdaQ?aR?qxe5JIRM$Dih(O3(Z) zCZ$)3&OMdh1FiDi0=*$(o1V@0=~jCCe?afGR(jw5fZowodIdO1^7ygN=F4w?>2W&e z2lV1_LeP2_{(v5TQAj=OZin72N?`Nt0zJ#r-H&lK5;Bg{G1wS~sySJ$?9IT*c`6rs z;;iZZt?W6?7|$uby<+HEd&67Vy9oy^e{*V`wKutyUKtLaG3~8Zw2u4)qOM1et56r5 zh**zOY&PGyt?X?>B^O1_McQn3D|?526P-`TD|^dZ+54J}hQ74U)?;xid#~T=IL#;& z%g6C*%XeXGduX&Ran@S2zWk;E(^xlWFZvf9MSDNOX6>23SVW zt#N!!5;P4E@vux970fyxZ7}&c~%LmJ^HFUog-Bc;N&?I9;$B2 zmkgh4bCujVavtia5?XsuYvHs!=zM%aM+VFXo1&6Hibr3g33ct8zsy&k=J6TrhY&3HY-)Q#_?KQAu)b{^E*k;HH+te zUQi^A9~5Ci0Qv0`3C{_xGunBwMR=t1rxxK+=58%TJa@Uy2=n?@G(5~X%mADpKioOy z2hAMg;z<3pMRiKJ&Bu`K|N|T7?I<3hOg2)3?q~&m@fJJ=&-X zL`Iu03!whm1zN1cn0}OwMtF3qFemG%3pmBm04QMo!g5p;XmJJ0c%BKOF3@7-!FbNZ zQ5R@&2Z8YzWXc5~(JtV>;S~`DTFksm&sitx0_KWdhjG$ZE?};xqk@3BBG%!K(Euo5 zK8X_*1zNmt$#~AtQ5V1r>!~VnF5)Yk)-gP&RhYj^w2tw-PhcIxQ(J|9(kiT9p`?Ce ztN4prg|BKA)@vfB=XI2I3_sc`{B*1EUs{C^w+i#A4IS6??Rh-4da50{b=vZ7IYZHx z3d{}R)^~w_=n<}w%k5GB7Hi}gHtz@PyRQD-WBVvwZr7^2!GiYDJMa6NXRgzH4-Z4- zUZ^~cw$G^LeyX_(3tc|4jy}1@bJcqFxE8l7{YT|m=s&}iR|HP=u-!hJm#4{md@mSz zc|*cdyGX2k=B^$sBTi>--a(K@$C6Av<%VRwd8p4+k>~ajK*jxs?X91@M;{}b(SW(T zrvSWDF_$*>?+kPKXaCNyIj_rM$MNY-!wxP5n`NHMT`qRuIPR=GOfJI?t~WN9Cn>mo z*evr5Wf`M2qR*M#v$QKGa&z9CWyDSq_brd_Mj%++QQ%7B%EMIQQlj*Z*b1v}Un9R1nDUYvrOc+yMP5j`uxWEiTcqrpHa`afIMe3BlMuFPnamYA zyVEk8!@Wd$N^ZA#(Nu zIZ@`=Ybl3)zKO9%I0yCnt?)kh_Xr<^f3NTn`1^#Pfd9B~71Aw=9O6t-h5EOL%9vK>EcBihM@&-ySeiexxZ=C=yb zSq{HSbdrT_c`gt+#}zqI&R;{jMJGr*!u%PN)qjT!{g0u` zDT#8nE!nm?%St(mM7C|tGBNF7_@>RF!}cUwogy%GCc>XYhE9sG)tMnWd_$?63>~&J z+3GB!9Cnt&Zy-a5ZBDj2O_W1t6Z|b?=!AuB``;vT)`M)@d5_51{$#8Fn8;aIvekc1 z!kwjbZ69A)5f^S$U4z$e?Z?WFzLPGl?R^IVph#~s<0fzJ;qFM^zGeV%W*iI44oultHU;; z&Sd!J`~sb1VOzFKsRMZme6sD++eFSWNw)2FugEzL$#(vHTI6B)WGg=?a*jQ+tvlO2 zg(pV1b=b(P`y;}v?~B5$muUy+u>7VS-yb1o5Wax*5t^O?{XMM?u7&COg$3}gYk!{GHW zGvg>n7Z^QT=F=$WWD94?3_)LT7BWYX63L4{|=GvYyZNnSJkO`^^4!xq~zILp~e(+`+L; z-2{W?cyOisCSNuNoXM9vaUBbNd&vlsscZDXbX0XEFP5{TaF`68-tf7(qTi1!nMDtVlHtgkAYt<91nk?Fq6~? zvxyqX$g2rHH=9>8S&sJ$!5xJ!QM^?+0H5MhT{#KZI1u!R2hj}FkGq0{> z*ylN!o3$S%cZC96Z|Vs5SIlb+%4vV7Fzxf*9Li~b61foPU-;at{TXB#&wNLxqcDG- zZkg91WZFMpnD+TiHOgtfnGE|E!slk~^ZhJWj*%_Y5#FYl?~_nY`y5*?Pq1(tPwp6l z{@=(yQ-)Le>ZP4NK5LlyJ+owa|VV)Gt`Q4=H|1@t+kRQd|;@+Idp(dx|GxklMWFD&9io0EXjx zS$6K_Uukkj`0~9<=U&l4_RfB#^9)(q>aJz4!4(Wm_;rL#flY*IQ`D)}`^eiP+le-D`lDBND^ z2tTfLo>lyk;x81RP#lMe#M*DKI8||PvK;TZNQ&~tN3qZ< zh~lTnGWOn6{H0Bk3@&VI#DDgC30KOjrm@05NFjzwGFM6&3lDEVn*DMOml$y7SSl+Gxn zGg;}(QhbimsZ#P9vgEZv@uiAyP<*rE{fb{z{DERGF>1dfd61a~oMB2nn=E}gk1T7j z`Cz*qTSd8ylTC^*B}>|?m3+72Tb0g(O8$)E*AyR7{DorvNoiY#He@Mhdoas+6{?n| zbOtESR{A5!S$;drSMr5m+PMc&t0hF@#SPG!}Vl&#_^bvKLMuA1F-orW3CG9LFU#{fq$eI4w_@$EHs`T$8OPL>2{G`%3sN{bkOTJ$#PHh*JpP{%x@lM6h zD1K4#5yjssPEL;6=ih^|Whhkq6U9x6`FB*T{)1#0V~>-$sE2zJY_Fl-pj_JIeZ}7> zK0y{c97k5aD_P{dlss24-ygO56Ub7ANn{x(bCgcC;`5YFy^=SQ#m*&)w=4dY;`qeopa=WU1F%WSJ9!DN%VGS!{MCi_J8}eU*Mb zIm|E%~M#pxK!w#-8npQU)U;%mv$<~NbM`(?WsZ0{#LK)KXw zpVEIu$zN6crqVg8e*Gm4qlH+foMDiM_xPUBWD+IG_Ls8TTN@udtIaBG(p*##_ zxcN$FvEpXMH!FTl@o~i`$kJ{JUBIXL_S=H(J(G0GrQLEA4<<|6A|)TE=X2mp`rKFOze8`5`4g zM$Y!-F}P7>>(zlQ$Lt^_A4ZlrVY-r+lLz^B)+qVKWI0D{Q}P?g^L+iAl>AP`4=8?8 z@nOY5+}yWi?ydMoiWeyUZ^gGOzF+Y{#cwMd~d_@aK&R4^LGSR=WNBik8S0=k8OF8;$@2K6*np7{cW3;&$TUIu9%-?wep`S z{g}=SCb}|(g zC@xeyM)6q1=3c$nJV(hZ6)#X+r+B5}wTd?=zD)5p#n&p{q4*ZXw=4dw;@>MazZH}6 zKdIz@QvAH)w-mpt_?Y73ioaC+PsJXeK}fzaip`&W6nT3k@2a?mV*WnQ+R0WtMDcLN z#frx%o~yV*ajoJ8#Xlvt#RLy`vEs`WZ&&;?#Xnbkr{do#zF+afiurenZN5({eqQm* zir-ZHw&G6|f1&t0#au_&yzuSM2)9v;KYkdIcT?P7ai-z|#f6H;C?2bLregkWLR+2+ z#np8}`cPqX}@k5FqReV74vx;9({1?S z$BI8!{H7`Ekar?{iyRK=$&&QWZhqegZ1?^XPu;(dw_D1KJ)>xvI4{)giC6@RMOJjay!#`0O7 zaH8T4iaRUrqqx7~9K{8SM=CB-JVEg!#d8%`C|;y^vEl~Bjfyub-lF&_#n&pnRq-8) zf2a69#pXGwwA&w*{3XS&Dt=G#hl;;Y{EgxSK64cNZ54M`oT_+$;w;5O6c1PYW5rVy zpR2f1v3ag48TZ&tiT@%4&#D!xl@ zYsGgfzDMx^#m_2!LGfP{A65K;Vt%8>wgX>cvmC3K?-yHns^ZfX_fgzmaiL=K+*#V; z$4Wj`@f^kFikB&_SA3D;OBHWZe6`{|WZrCp+pG8i#g8aHsQ5+2e^qRrWsA+@O8%MR ze=0tqIJr%XI?Kdkrqa;)L# zdSkQi0QUpi`-Foi$GMO$2b;Y=z{j8V{meqjQ6{>P*jP8ZB5Za|QVO>3;Y^@h&K;8| z7oJABjL8|43(uxp+KSJ}?DK12q@1`F7hznMMVLjmbzwG^*$$S&irEfU-nzcF?uFFB zyh+FUS~m3(IqPNRrd}dvy{z2SOXRGVm6t27QoKmor8qsYy3M&Uy0$Xa@&;v&VRiYF+Zq}cqvM(mj1*9ezWrzbQ$6^?Hshb>R;(Z28Ue5h-&T@4-qrlX%}x%4Xi@m-74swrv^sXFoegzWly18KxaR zrzR(Z=LzHWIP+&gDNg~{h#ap6IUEDLZ%DUMn07V`(+;0UQ-^jq2FSF-F+iprK9BAo z^}S1&cKAG+a@u)Fn06i)rky8+dw^dfOIxvz$Qh9Hcj@FzF#CmE0{%pJ4)`l!zNYfM za1}U+=b_X;AI$HDke7n_J0|j4aA)By;2y$PgZW(u>Rb!v_aDgDgR_J=7ZwQL3?43g z8@NdL4)A#4J>W^g2f<~+N5Hd%9hCiCVZH~kP&fpx6;1*3ySOY5e-q4S*5uQ`n}x&R z%Y}2mR|#{TxK5bg{owO!ro9;aD`CEm!0+Euei`^~;jLhP>zeZG!F-lY=CQtC_&)H{ z!aSz=+b-%n27X!iV=$j;6G;pO1v!W+P=gntTd7TyHDMEE-JcHtdhenXYz=WkW{omBEKz;_699P*hp<+p<$ z6#fnPG2y$wPYdq_zaV@M_;um?z;6pb2!2oa5%4F%kAlAv-Vgp>_(^au=$GMXaDwn_ zU_P5>*^Yv{2)_?LP547_FX4~D{e?dT^EoxsehnTh9E0&QLO2f0-|kU|zki)5%N4N*LQkcJ|UnE=rUM$Rah1QeXqX2N5ggGs56;1ZgN;2y@Qib85=@8{!GV z!@yI7dHy_0cpSJ~cmlXa_($M6VV?IIh4~)V2H{HZrNY(VD}@(=eXK7;J1YLf&U@=1o#8tr@)^IKLh?+ znD1c)upVH$@!KT$8>EK$Z5%$Qrkv-)PQqM|bQAstJcul7i9BH}DIEUBlX5%`aYhTn zlv66q^Y~QZ9^hHRgTNKS9M6k{$Agy&PX;##PX(_LE(13Ub8KHETnXMHTn*;$Ls_=v z;GYTCgLewA0RK|B5&Uc63&3{?ZvfvbycPV2@OJPM!aPR)D9m>uUl8Ve`cOlEV?lj?^koObr1I`xC1M~N% z)aUKW65;XSiNb92X~NUMX9-US&lTp}GGF*yFrTf{Cfky+OJ-YWbX@P7;Q9I-?AdGL+GZ-8$VJ_No~_$c^y!k>d55avApsPI3*PYSok z*#4t1*Euf;bKd52c9xCv_IqSb&Tz+txgOxNb;|Ktuvw>*!{9iqVaZ%uwi7M@cNXUB z;yr|igZVt2`bFS=!c)Lm!W{Dj!ZW~p&Q5){f2r_%@D$-%aGCH*a5ecf0NnY)$>8O} zsHU?@xG#9Ea6j-*g<1ZKg?ZkgbBm1Uf9IswXWDf|fp*=ozC27W^_h0vaX#meISAnj zvAJg$G;QHd@R^=F(P!>$zF4j~uH(t?l?Bf-zw%B#mc#Mx6C!V zKst~qT)k}d0l4pc`atIb9wz` znb%yFd7WjMYkJGPp0d~SyoR#O>n6**Rq zw$J8WRvyG~-%_6Ib6gP2lNwwKIp60nnUfXVAo5_J3&}%#E+umkhKqjUIzKmSS#~%V zAArsuR**9!FC5Oz$;nasAwvqn;esLg6vCA!tRFXNyz63MigPg|M?<(~Iuj8nvtOKk z&a4)H9muBof7efc>}XQ(i@exkochvtP4H%y_A59$(B}9_^4|SYP9>jEn$*GZii(Q1 zO++f3;~qVzBr7mcO-nj7DF^94w|GM2p zOT5CQ)KxXHnQfDTe)^5O3sX1Gjw?)>R+3Y;yC`+$q7V|4mr9!P9D9)rW+z3nShWio zq%J^fuo+gz)n}^CtZr&WXXW*XN zGxn4Z*;CuFwLE|8o|3JL;!F_J6M!Sc7(rf)4@!3Hmh$KUhb#exlU(W7_o|2`*u z7h1t2o}AFUYS-Np9VurFTM9}@3?*OK^l7+PPWX*vbpF5-v*sVdS|RDQlHCQVrTsWU zN_HLg^)TYDYah2fv(15uSI#_A{8es;N5dG5+kX+p;Cs8GG_PXh2f?HO^dGAj|9r)` zKYE{3jC~{IRh;3cpWP-Yc2THuao@_t9cz*ng)aD_yt=sj#J=O779Y=U-#z^w9lV%q zCp~TCH^5jsayRl+SnKe+BHmdNn z$)WT|C;0{^w5v-SU9x{n(YWIDUDu9^JyhC$K$;)b*scN#-K0_Ox;b@0|CnKMmAjiqdFeN8O+=|^E8Gszd1?QX6_vYDw1CWK&Qb_|jw z=Qr;g6!zoOe{mo+-E^BDmi+p~_4Cpzu1&AllwMKS`Hjx$ySJvMzv?BO7IPNX+!32d zy>a)o6ELi2$CwhWjvM8*&KOG2NHy^-*xX}K=WsR-)S5V)q)?31&Ef1&$xT~V$Can& zq>fB2-8V<Xb-IL!py?yA7Kd7XAa03)u!YRawvIe z7ocE|rLB2BZS~t}ji02g;*o%Rvo|^@?e??{k5#PO{?yS&F?KI$|9r*Trw_d0A=ArH z_NGrNF8CnuU1&hss5WzxDk~Z`R;=1yvC^wpUstihFaHv6W7?|iX)9;_$@yYfY?|YQ zf41vL{E^Y4+D?u`ucPBCD^~idm1!&A-gUSnt)YBl@~C#HS#y(M&X3AVTTznM4CTl` zd8VlXM^zRpJ~y_`ny5=#3Gv+6$w}XNqufk6hop{18-{yH8#H~o#5>+Ar#wA5b@be} zlif)EsiQO7OqMZ*vY_1MCz6{!_0rZu9jy`Wm;6}Ty64l@zMa8(0#=tU5XNyAYcu)5YwHskgFXq+g-Rw2>cpqhd1M$?fb| z%xuHT_|Y;ywLQiB^y-iRhc&L|u@IVqDj zkTKniNjM(is*U4`2h$07VgyHW~?Sp?ZPqXLo*6D4ZY-y5r!+(~uE4&B)oPpQp-ZG>-tDp>AbM8Ii|UDbLaMj z&0XV$)^=HtQyZ=gcNn(S+uFg&SeUzc*w(bIX}Fh&>z9Om?Pd&q?~3$~J}wxvCi#(t zFZK9#{2NC@ovZH}T64vy0T~y~Y%FPf@<8d{dq3^8ApiGOHUD*gV8Gr`n;ZLoop$Bp zxr2T)wc6M*5B^Tw1pl#=o!I6XDfLdMd}BqMUJaIDEK z4M_cOHvFsb>ClnOM5F&-=(8Y4f7>uW4}~Ib@h%Ho5xP7W?iv4=BPY6BHVUgyr0eG!7G@F*5!T5Ap5NC@jwvoQcHo1 zi0X0)iU?hn=3p=$f-Rm&f|9UER1bCrus}LpEo3d~fCS7E$=O{hj0auMjoSpN=Y{$s#`9tqKo|&y zYVcRvyVcu z3B>VTMF%C}vz??w{voN*9G9oPkvpu;OQ=Oo%=kzu1?aeh{^=EDF(D5 zp(q>7o_Qw`X|Y8-A3Y_pI5gj;0nmneZD`D=Vh{}RoeE=uS^J77=`>M?##o}(I#KN? z75lb#LA~ub>_R_x_d*o+3OPti@hRS_*x_i~gzjiMuQApnF|FmTj-{nw0)KMtt%=>h zl%`R=3rtK>0$&L5noLZx)0Ve4y|u9)!Fao5w`L6@@fXnD^9W9IrQ@DY3MQB3IqqU& zTykwrjpHt1L6T6QX37|dc>+6kDc@meci6q~Ciuzo9d{D}k9MhYAFx9ez%%;}PD~Lb z?nPU%?>J@Z499!Rqh5dy`cvjNEVcrtlevY3-^!y}E_a<-b@xusR6P`oK`3rGQgt%l z33$k3E4W1w#fOYy%3}NhG4~;l42Zvw6LxG$xR{Vr{Eu0S#{?_hPQbKECP+Aa-_ z`=mRRvK5Ydz-5nh>#_`e@UppO-37%Is)!K!#g}#K!d7zMGNw|^J-N4yi7pMW@Qynf zcHu(73_zS;g*@UGNKKzm!}Lay^htXjopY_U*y%V9e^l>NzhAaMoYH86DXT4YS?+kB z8x^PPcvRI*^#c46Hrp~a+Loz)TXr({-NVw=Mh#6D_VuQr>B63AP&QrIPttJ;OL4+a zVqQ@~Df}Qy;S)>Y1~`D6?%%Pkm$TUe{6%yRGhCK)w47FpmZ|4sW~V(n(mZgkLdbLC zsCqiz6rtk{S$7A2zudEjh{F9?x#?*voEsG=q>5-_nP$ z)Z3KfNi!O=5Yxwu$S2K+bf=p!`IH%xEv-M}TW1Qq0dWs@?w>u56gr+&-5twuUi7X1 z*;tdCvu zTq*SY6<{C^weasX60rNY+B3--Cd_wq2_-o&ekeNq-vWW4R1|hxq^`8LtC4 zU1aOi z%NOfd+_l(4t272#vmKp*vqd9cX_Uop!)t8m3FW~aPSy%oqX|>n!zTHzRVF!~^mjF% z$cXdYW~9dv@5XsYQP30|I&mIP1O8l-;19xHJ&>DQ?oR-~-cWUS{1VHQY)k;<=D_BX zB)h&2hjh7jBXk~R*o^*iW8@ISJmSmE5ub#9%c)#}J45y6FygKLTrX7^6T|~JClaR7!i64xoZ530WPCfO=MunafPBVgY(R)}NdZS4C#22Tystbn z;`qe{xB)zB{s`EG&E4vKOM5kt@#_ga=K=V+gnY(k)FbpegtCqx`KtWxQ62Tkk+A-Dm}xo`u>&P~(u`=Y7pcIJDLo z$P!XmYlXM3!`~D^2Xn$1XKA1;6#wT9*$>XT#iw5x*?a$}KYI&&Z4-GmE)@J*0;+ls>c z;z)4Y!L>WHsuA0|3H&2)MqpbJ4n!P}2iXYp@M;rJhwO(it&Z}%Bp|;jLaWbMtKofy zj$N=bYsY_TpFQjhb-ZVeP8xQklcuzvhggLx}+cvM+nZ*;+$>TeKI1Jc>h@6d1 znu>nOIp1+hykba>z(W4LfLz`LcE_0p=P%T|R4zpaj5lG^XiVP+n>)dKh5575_>=XX zY_(y4EWW_;?;36M8q;Vjk+I4&ymodcdRcA6>QrlWKCSXm`TxMGIgn=|%`3Dz#al}WZ8&`Gf&6QyM4BE=1DxcM00Wm z@-m5f{B@$zlm0^?2C`A6VBUG!Xv{R0aCGpnm>#tRv$5-)yo{bX1Dt_u6DIkjWs+kT zv`FF%d{y*%VXSiUVIgN|n<%jh8{=3F_~%E{0_JcwGb%N6e_S`B)K%qB=pFT={O?Y>p7U5-(Yih zgxjNQs_JnuaJ_dvBxBJ{oExtUL53SEaUpPnIU0{3 z?4K-mn#r>>rZ7%`yJU9!Y%M218`|1rPDO<<)D?~7-r`-7j4{GfQGd>TJQW4E-LiIP zKBLokF3Q3XmU(2lIYR~z57EFO*s@f%zHEC$-SvXnx&jsMAN2Ieo}r z+u9UKa3K>?4Bd**B8JTB zv4g)fvEDXkcy~Wo4Ab7WAQviMo1WrV-FXG*hjK8V`g9)TdF=3SOozL3@-PgGDZD!6fhp1kPUfrw$e4C-rR%vA!C4B(k<7oZR=?RE~l1(Q8FmGKw(W;)|f>gCLK z7-vr2&1gNJc`bUsnZ1vLc^xJ-$LoPScur#_Dp>YgBsEaUEdBCM*ry0tGH}f29;K z2&eJ%Zx&*@76We(ZGM_Ln(a2nUo6bv{Avnlt~|KXf6pjd8;jf?&cKghgY#nt3|`t` zVUQzh$0^meSk`yYTZ-ri|%B zYt1O;83?6v+(X`1s9{fzVp{2IBU%jOfy1E6jtryF(H1q+jm!{S`#S?CL67}Zto8g3 zG74F5Ak{sDN*Xr70dp}bH>_nXHe?uTAFaxxd|F`qnw3i!7pHbar$CN@gZ zD|SkddE|x!)!+seV8@Ah6l~csQ5N_VYmuxHL~$;}V&2TEGN}9u37*XS8%4E9X>Jk4 zJ0mddI&RtqNc_4F8I#$p?11aCgLLtcn#-3=V^ zCNg(NA8jR#r|x)uxLR_juCbWXMJ%>=M#M7TDSaRjtsrp3B1+F1(MtLV^C>^GrL;Yd z?gfyUGInuB)H2@}`GIP&I16aBwpgvM&d3?2%tkb3#?faW)@$~8BIO$lkGUA~ z^Re*`L>oez8@a2(&MA5UJFjc#8hE_J(T3OiZFs5Qh9akE77eADc;2{Z9bY_`>8}j& zRITESfvA<@%c=F#5N~eyCD;Ig$;K(Zm^u6=#F@{xz%#Lb!#!fbk6_uHqT{sH&XkDP zG`^Mp!`_*|S5=&U|D1boHWCsbtg?8)2*{F!T?GjN1QZe3#EOKFghc|0Nl-u*QR`N< zqE@X^K}ywHwb){{bwf+FtxKu;S8BDzwN`DbR;zV=f4@1;bMA9*f`r!gt*!I9=gfDW zdCqfY=FC}U=G-%*2ciU+H#T^KU5ufbAd~EjjvVPW;Z-!SwuSMDbd-G$79#agmv2){ z)Ih1X^$*U?&yMDH&7Ik)t=|SmBU0dHXCDC(u3dtBWXgjShlk!IT*%WqdePj&vJZEG zjNUMn+1q18R=%H|jfgZKfmW>pt+Yw`Bd~Qgf|-m9f;k=hK3yi|Q?YfL+c;OOLIM5m zVkw&n_!y1b6#Jv4w!R;1*sdowEP^Dz&<||WWZZ3o3EFjc=;1~@6P%Wa?}&IO;@&z9 zG0L42%7Lja**HcAKqb`gDk|9td)>sIE0gYG&jorE`X%{o{dVc4ov$qG!u%YV=9T0} zP~33`s3bjyK!WF$?xH$7n_VjhB~mge*+M}g^|W(vBC`=#>z$25%h}QT&@2`DIzZGR z+5XH9!+dF*?m(L?tgf&dwQcCPN&BU zP{i9Xj{ZDchJs|1=JTS282WBVyh(B?%wyx?cQf4SqxHM5^m~yC+T((uOw8RExU<$#i3m?#Lk_FHCunaH=W)U zSkmwpqmc)1+6KHY5#(QZdSQ{+3g9V;;N?L6saRqUN1=_uB0;|LUxNiZfkEd^#`>FB zeD8Sf=tlw4<37`ogsk@qHgTt&ut19*_peb*fcv|IcRY8_f8jxkJD%+JbUe&Bw-oD} zv7q?5rw0P0<%8WevuKF}!ca(9nw79L3tKqH0tzghNJ~#+@x2piX^h+aL|XcKfC)<{ zCM>bAoqG=Jm$Be{p!bHuS$~2T#pYRFJ^J;~VCfkirtJ_1S^Nr=oKtPsP!avUSRkSo zl-wM8Y+N@zCEGaN>GY_8>OK`1I$VNaY6iXFP|c;Mre=hR;|9TQXVNg)2ZuHv zl_Z!#Q&G&rfJBnwZYXDZ>%8=XMh`uB6GMBj;4sts1C~T20--wugla|aaEH_BEy99Y zGnqcmXk^%H3_3j-Y;@6$&Sx#8Dt*4?LDdz3Duevz5Tof2!@}t0K{SJWVTjQ%7&<3rjjqy!4W8o5-E9$8;V8ga?32 zOc>Fj<1SG(>5ayMM3&MYgT-W#!LcrSh4a}Sp(=e|U#MCiWS7Bm7hUiCb&fZb(mxxE zDH#SYa?#73|9!_BO6lK*#Uy~iAG+uj&VR!32G_t~B`{VQd|#sJv)95zGsw|kCZGN- zSWGm7atKPH>D&&iS*E-((PvrW3ITF%Bi8?^NoR83!Ge2B1gU0C0BVJZc*8ciEMUdK zi{D}~XCXJHDvL_hRE9GXV?Qc=w;4^9C2Kx}T?94Fsb>PEU0c_iPBgz}PG`h8jJUVs%0E@g|yA zHs^RD=EE3rORvu1tTphy=5Y4M@X}E~SSRBfW~aw{ZkUsvxMMzx=-)fdY4qN77(SC} zNkqK0Z4l$!aaglV(!IBjK)-kBt_7t$6XkjvV(AmQ4JlwN!t1q3b*ajli0XaD>P@5{ zV!=V6_dpmy`b7{y@6|AZ6r^+py`W5K3IXSKVBNyBQ1$cJCCu=9hCC4T7C1bKULBUE z=UZ>5;O?&@9L}Jpy2+A)p(^I?2)h@>=%%aCLG3uS# zX%j)U6K$d+AT7g!+|gU?a4tRSLW*_h;vk6V4R$z--gGQYi=m%Wm`-ns!*Y76n_LV7 zoWcxxlO4{br@G0-z&+x@fgVp0Tr%jXZlV}iTt_*DIrOMta>M%FQcG3PjbLFe)pZt7 zzlVg`jHP4ErQWd{~@R`yF3im%5_{m5+4C7s~qUuVI zuZ$Hfs$E)LR9#VDQ(ZKszH0g6Wwk|%D(b6FtEh*#p>D*WVZ$nGmns%D*4EZE6s>5i zUe-`Cux3R`@vwo_H4BPr7SAtQSXtRLVo2eL!a+rgmsQp*ud4pM_SR(gY9D^eU(_+q zi$lC@S#^EkBAzx4ja60E3&2swcr_o46KOt*prN6ryt)$MG#-{TS7)O4r1{YX42$^D zwpl2|Xe29w^;)-f3_{te`a@7(?9{uqME%!LFL&w(HKU&C`N`HFi26}4s{;~{lhq3A zMz?8>ON?^N$9dVqV6^BmLt^KUN;B}&d z?8hR}zx!Ej0DknmwOJWX@;=il67D7H_885==sFm0j3Ff~I%5Y+NwS>VuFGOBf>f=; zOMuG0vl(#`wL|^2E^Wb~Nwyi-;a-A6<}|wR3A_TA1&OC7#s_ydbL+)(ui;xzGMAC>(8`D|1}- z3$w<7eRmE8$#y#rY7jE`J>MP78kdRoTq7Y*yZVLLn|xMGNS-nhma~z3*BOUox2tj3 z>PDB#KoS%_bOJlD%o3WO)y^H17yPVl&f24a+^0NR@A8%BYVIkn!1G)=1l-n@QVq-A zi(n@U-MLfbG<u4X!vDS&&3mx;$pM1O)8yI7G9}0bJ|MM4iN5DuUC(ciX-k zoLNDIXzu9q`g2VX0bL34;Jp%TdA0BMvf5colN!a8xO$#^>b!^KuRq-xxgbzo?l#MI zn=N+E{y?33fEDr@IAJ16UoS^o``TC3bT z-BqkrZl@plE|BeNYmknhAhoVB9Z{Eppdh0z)5_RGaz>v)Mz1~HRmK-$ZnHGEpVNhz zq|=>=bXPHgRHQqdRW8}-l6YRU?7{I}5+f|bGiBN({ zg8DSS9{0-fy86XStIHP;F7Z~>E?D5^%Ti+Pxf8Z+W z7MF`g!{SxdjVtS_J(y{zuB;n8Vn}_7NB#1OswzrhvwUgovc{GCKbmaGsK7R91z#dt zTD`QgZl!Kez0B=0NL%Id`ctcsiUn@-+WM;MdPgp$Q}NxJ@-i>bsjH~3SlXaQXnQIW zRE|GpAve|a6^*s^8o9V(Rds!>SHFB&x!aYqGu5l9UA8dpR?Mi&N9CgG$|c_X#f=SK zud9p6IXoTQtqU(qNb(+ysUO$WA%#0fhg+6#kI=@)+}yBwivZAKJeH<@qr5# zEMFExi3*|?R8=%q=q3!q%E`-@)(vc|m|s)f;MrX#@*gHik9eX8lcG+psH~m8xMCR# zmNfv!12sSne8ckjt`Md2ByAYlE9dc-4VKnc)zzNnxnjUGY-7o=@LDsql~k|= z3l=X!y+jp+(kijSG@wwC25vui5TabBlJ@Nm0uILFs`AF#a#wkRs!}HP(p8Q?zLJJr zJ(|i|+ECpX)B~4nsnB|+)GkMfNTpt3R|QGHp{Q;wuVtRx zgFT+@6DMY2CCj0*vKD7a9g{SHD{sQsv4_R`R@T=xH1Lsr;FJmRlEOj7g~f*i70A8x z7!TSD-fZ`{Up{Hsf?99p^zr3m%BCMXdFG7q<&!7P7(Z>y+3&qL-IPdNuYr-;1V$Sc5uM9!u!eomjmp=^fJ4#z|3Xoq|-e2V57IhkDn6lqrk z_0?&)1tV|42pr3|7nTC<6s|e_UqMcr^fhg}z)Ux{<;Vmbw+r^9Wve7+D|*syXb?hIaGLt}m5FH)+nuBj-L zdrl!Qec?6SD{K-M+$@{Q-EBKrtassp#SQfp1tlrQlAc16H%#1$o0H2GI62BZf;1bE zvU5>KM!iDbdc8v4O})bT4Gp46X|sh9M%a=Fg{Bystobrxtyde0W#SAdF zXB=MuF?~z0*!-3v z%si`8d)Pc_KRY2{k2lkkA#t>KJ{D`Q5#cx%b!zWy2$UH&Z(-0QO?znFhw0l2w)QSZ zcpMgWYJ)xR%8c6qdyl}Uy=*LuWBTsKV(sllSRaXip^ZBXQ-0y1V1R`7T1y=5J&ncM zdlTUySk!5n9*01gaZkdYmLDI5G=1FO+T*Rd4L1;{HeN?qnNf8ZV=9Kv^l@BG?Quxc z+8crZ)2&Wzpyw*d-e%Ypkr?cii|<0nHQlyA%1K9`iw8^D!yK9{<4EoV{@=_MSEN4lwrSrr6_O8}tzwYGImA zNU`^hvDeMmt530a3BvjaYV9pev6q9PoNjnFV}7}R%`ZoR@C&bN-4LOVf!5x6Dfar- zB+jF_vBy7ST6?9qsOaOVwYNFN-aD}O24qZMFJtc~Dfajsczu+$_HIwHw`W=KJ`(K} z7<>Gr4t`;N`Df?m^809ty{cNzi$g|xy^TG-TVn0iWhEYwp%xzB7gOw=T^HD*y}riY zhbi{62ow6!v(1QKvR~rPvz>dpN`{eTDGV-pCYt{AK{_yE?TuJjLEN*wg%S|7veWiapL{ zjWLSQsl7!hdRw8_+u?eY8?Om9n_dfKRE0@hFdVO&dVm{QVJ$$z)>A2PH zMGv1NO47S?FM5xq=&=%v(4E59{XUnX$N8I^)B973Ufo{wK1$KM5qhle>U6*S|C+6* zoOii7J@>CzYz(u`y}uW|BC#iGUK}@PHuKf#emQ58GUMJyz2f)Oc^-|%!Z_^08r(9P#Df{X-A;QGjlC;V>@6FGE}l#%h*Nu)rr3Mr+ju(y2a5KN!lLQ>w%F5i z@zL>kg8?#iw8!Pv6uqxa3hqOxdUrsN&$a4qfu21-G=0Aid#d*`^rmV6zUu9S9@DDs z?roTd2m$6ppVe9ao=UMd6q)3=_0_38e*4JU8**EqM|;O%(Q-kR44J31D+Ya2*XM(3-p}jU(aGOf9_eK@wcGE;5&LBbwXXP>Ptxpp%wAaA~5w=%y z#&=4I?;Ji8v&?*aIZ{tioC?SX*9jNJryKf6Fo@@qTf#+gCn}L3?+uZpI}`Wc!#hmk z`3x3Gx`Qx2?&=~{xV?{ep;&HoeCCKC-nuBBeCCUQ_0{)=dU%X+j`tiNEr`=3%x9{I zdr}esyeOV@)=Q8j<>O9uk%VuBA8}7YB7hgglg!l;4E9&(ZIN)0K0fIrTohO2TO?Qq zKazBXroDdN?Ghh!1@=p942mXw$&=wiZ-;2$@`v;u;XRZT9_c-n6dvV0CE*cH|8VcQ zr0}8MOG)9w+@Dt{;x)#{nfh0W55mK|50b*eB@}qkq&qm%Yw!FF4^Gh^k`f-85+0Tk zPTe1Km2govLz4|_Z3|>k_m2V_KQa*jMT0;6hO#Ki*Se^?!zCn9_rCxe9-9b&qDd`m zhIuDQxM#c$=mXLupOBggA02>*-e`0{$?m;WIDA& z*9;~nb?Djw!JvZ_J)en=ZQExWNTqLAdtOb)uAmOHv(ws*bWYV#XC3#H;Y{b1g@fcW z1};6T&O@(f^2j{9WzFDjIBY8e{1TQVhOur?S3)xKE<>pzG-JDv1f!gQ#9*!jg7*s~ z5DqolV68EJ|9%zP}9QwGVC)F&ZSLmqAqQ-0=Y|@uuGeyzdfQg{Vr{? ztxFp>66Y5N;Oq|!xJlkczlnX3@6CQ3=6um{d6%@gybBMY&hf#1UEYOxN6~G0cTgQ( z>6J^#Vh0$`vE=e1a+ep$JCmX|U0&o^xUv#~eE56l#_@bN*GzYc-&Z(Wu2B<2 zJ^*rZw$#xJhL0&65#lo8R*AQ+$4lB5Wu#jWI*>Y~8ndr4geP*#t7G`~M#}WE0 zPja?g>)f$}oaISY`5j=|XL*t}4G)Q&g6sA7s*{1$3@G#M59?6=va*=b_WK9F}OPkCiS@o|F zIrB(X{p&@}Jd!n!J19pQ_)5iJ$gs)$l66~t-JbF|WMq{eB=Q2t$(n}2B4_;}tDMhY zv@-y5a<*LOH;J5ehOF|tL_P#^vhMc@k&l3!topBsd?e&#l}DtUGvV_e09xk#gqim; zGSXIxZONKuR`K@osL%9~dF;rlGg;(3c4RHvlSR&BN7nSa>m=;(*pc#=PFw?LZ3+3FetMg#)t5oE)PtKNm1TUBEQ32+{=OutV2mTT=w&i}ws(+5i zS!c-Es3&w+VWB?j30dX0iaZXVtohw3a@G^F%6Sc>9o7@FUQb>Z`2hH2J&x~*oMlhW zmU|qt*M1^aaD%asSw3XV3yRgrSyp6C^E8pO+{kK^uV}UB1qto|EbSra4Zn~KIqj3R z4zSKqPW$BSu2_llX9vJ-{1XDEp8u7Axz@QDozBoe?sSF)%wy>f37E%8=Y8a{3Fmzz zmjpTmh>k+cl%;tz`1>KB`$wNV2}D_>N9W-9j4KxQ}kUrB|SX$`NB*(^@qUc;)^~#O*6|pzZF(+rC6vx4n7yvpGam# z;U;6r7v{O3JX<&lf1xn*S4W1;M)+LR<_a<^Alzy!{4y=wdMwK43#Y@sM3}q&rZD^I zwvu80M)+LR{>@}L@3v7#_;$m03p35T$guMyd@gEdH(Ab?XQ?Cnyx~6zv)JDe&WHaI z88*?0rFL zXMI*)WB5$Ne6~@Ys|??3_+i7l4Zm#oQ^S0oQ=7jr{CC6Yk%UgZ;ke;}hS}awo97t* ziQyLwa}osA=XjTLcf)SXOOC~IBfr70n}1hyE{Y}WY%|Pjp4vai@H8?Ox>@k`+E`8b z;emXW(OD}x*u8gw(b+(jG;AdEDNS+234 zP+u7TNeOk@lf{02vgj0nsZaZ5MrVT2Iojx)VB{wm`C`h&{;6c1aB!=rBYeKmxzzAA zhVM4~nBgbLa&GQ1@;@4W+wg~m*+r}AiGi6OUhi8|E@|#)xUbP4K$iWEG&*HQXO`iU z4WDKBO2ao9{-NQ!4gcEkD~8`P%zC8x8e(`lS?Wfk;q`_uB+EVV60qJAw^A-;vfc1b z!%rA~(J();ulxP0k-u-`(X531wubwXB|QVkTINP)yy2sa{>g@yk!9PpM*m#H7aE;! z82PniNy8SSbF0z$iP5>&=sae0o;Lif(Rta(`E7jN*T;tAI2Tnu!SEczrx;#K9^g(j z?|QNv_gl#FOmZ7opHF^9xg6go4DTk(wl5m_+lKw@#J1DOVt*Ex_QxU_jYhtnTo|P7 zMkBvj^!Z%&q>(>Q9vJ9n;2c%^Y?sjfMnrX`T++|4j;qcD!$*rgpSeyl`t!+BHx`m5 zzx77vT(acrYhdn|cCIlxTMd8L=>Lc;`F+mFp9j;X<&ypn41a3$b6O|t3?@r@ zhLa`z6Ubs`s^OVNXReViB#Rw>WSr^YdxWPMowJP2xn$Ybl}2Z?;qMroJIG@HE->x$ zy}MmT|2KwzXY^ku4@BX>b;kLpcDjLS=YH53K)K|1sNutm{t-rhg3*~`bWSyVmEngC z|J85-9*Q+RQw`S}zRd6s$WpIQd%*f^{{-cdm*)+?X_%c5s?)}B2eR0Y8~J#$ z>}wKPj@=1HXOWTD8~qCm-)#6Ea{u7CJZI#e819MVqv;ty?i}bBgSFi;j&jK_Kcu5P z-*BDb7jnO&J$S*STtBm}5!@nd;8Xf~P4Y(zHzcV^78l68Fowq5ELmBSxMyDsv zMYUOGcph2uzJ%O8*tQm|ZP>FYm%MK3_ox9kB0wb_*27CJY#8kS{dfJlFHdpv42d`95b9}*!9baP7fpRW!Ux6i4Mou)MlySafXjJe5_$krJ>t$ ztXX-1;gb!YVtBdX^@cf>t=e(_UyyWiZe^8UY4{q$oK01AZZ&+nVNRr}Iy($=Vmy^U zZ1`7(pECT6;pYv%Y}oZ@O8Vb7@=py%(ebAHZDlyua0kO(495-gbDV0YzhU>E14)CM zC`q`?=u9%~{sSO7GmLz;Va`aa`)V+Jrr~o8bIw%l)A*+0&4#xc=ENnc|9!*v8~&N$ zM-1;WyvOiMhF>@Q7sG!u{DEOk;;QLsW4M#yu7-OV?roTpzp9;)hQ}J7V3?D`s{VT zUu}4c;p+|GZurNB?>GE2!%rICZP<+mNqN3uLw=&Rh(FehbJ z`5}fmN3+UD8Rm4$DxYqcvoEWBptnxL6Ij^$HHyGY*c&lMfu&nxb8Gg#}Glt#R zkmUW(M$T!J)lSTCuHkluyBO|nm~$tqoxz63lF`3I=f<9drx^J(!zUO%$uOt+RXYua zR~dHWR$`y?0IUAxhOaTa$*>#el5KA?a?T&Dc6Jzk$ne94A2&sP7yecwduB;-B-EBaD(B~46ikOrr`?> zUt*ZE1*`pU8@|c#t%i3P-f8$@!@n~8l;LL#a~@*d@0*6-GyI`pjt{DSp5cy$4>0V; z4W&E_jeMx#Lk*W29%q>2jJn@r4Rh9Gl`k{A-0(`noUK^(FEq@_idDYZ@C{^kdckcs z@;eRRXZWXve@%{KLpV-otoC0t{3pY1yi&@F|7%zMj|```PRKFwW2n>Ca0kN&8a~Ky zKf{HFOAU`Re6-(n&Y8eVC5jp4HmpJ(_|!&eyomf`CRbH-uq|94}f zU4!)8Yvd0Y{)OR34RfYqwezCk*9`yJ@VkcpZkX@es+~N;9St8~xToQR4RdZ}wR5=P zGQ&q2KF08IhARy(G`!4kz2VahuQSZqm^D4$Fuc+5X2Ula{+?k@e5_+4_Zt40;a?cu zW%xXsge%0_BhTk{*kzu|UuIY5| zgiD(FPPoe5d%q&@Ou5uyz7wt-H(X%2ui*iPN02)sA#m>faN$xTA7^-~VZI-(+s-!Z z#(>1mBFfSKMOS0ky(^v>$lbf*!YimF=l*KLXOMFOeZDuYd>&cq?S+OfAxl}gF(cut zD3@~EXm~SO(!AC1jbu6ZZ#KM*EY|@y#w1)ux#ag0vgFIzmwf$-a>>gTrtkX4F~}vI zt`AVs>H4)KZ9icjh@{8$X~=&0-hMmT?{s09_W1vP%G-eXDPuBTEAgs@+k-jN59JtQ zcT>f-lQf@6Ihb}>&ScuTSeSNLwv^Kj%a%+#-y=(YZxg1SJA`TH9%0(~sW9zuo<45d z4g3sQ%4&}=i-luwlphFwL%0|CZQ%m&`@(&|p9uE{b3BgQmVjFc4*|CkE(LcKo(=9M zd?J`*bKJH9+*h~?%>N-$z7Wh=KFKG84-;Mr=9nGjb>Jg~F9A;$-Ugl~yc^7kg{l8r zaE0)5V2;yK{wHvQ@H^nu!hZvwDg1ZvdBXg!?#06V@9pKnJcd^bUjg1M{7vxn!q%7laXRX=PVqZm z)Jfw1HlV~i@-I) z{BJS8^~G)Zzl{~b{6F|w;je(t7M=&bKzKg*VquQ!ZXwI{^Si%cK4Va9`oe!6m|c*W)nZZ-P0NNBxc9Ny3}J#|m!&&ldg;xI*{_@Iv96 zz)OX10XGWY170QkDEJKFUxCjNejLm(KBj@^JIDCQuY#`@ehs`?_+9V~!taA`5&jU& z@jh;wgF3mBEccOL3iF!0OSl01lrWFuv%-bo7lio=7RUH#XBha;!ehbj2v>tY5azM- zcyEC|%QId0W^j)14zRobK&LZCh?jhVB=`RpI1l&*fP;jyEQQ$*`dEXl?%>V0; z7oH8CBK#Hb@xmv8=Lz!~xLCLfTrbS~;pxIP;IoDKe#%9{XMwK}J_pQkM&|u|@QuQJ zZ{=3u%fNRC^V+yW_iAIW^Lq?PbQaCfpidmLo=5Mi3(f03wz+r2kbxE1(tVLqaa z5#}Qb|D#0xIQSUhgTd2xJH`$vK|2u}lFB|HPXNq8RkdSPCpZV|2q|4{g3FvloqvkrWpa0B>f!e@hjA$%2> z*d=))_%Pu);8J1!|NTheM(||eRp4pDYrrQ6UkEN2 z-VCl5-VRP7k9FzOq0bU`@YsFgO-Qcr@p8;PW{4Dqq;kUq72!9OTDD2@J*&@t$ z=x!9w1m7y04gP^J-=}+!%*qV+s4#|kyeEWt?0zGR%df{VP3q&c@?I8h59XLA$u8R#?G3f<<|^;g`tF9Ne2&ls_`e zx~p>DJC);x2N)hhF$wz_PfZ)8x5af_(H>M18N$!8g}hvv3a+V|J?ACWS&HD zdknu}m~A@M;d8dOm-#%c%x7q2-t&~%E>kWw%=VYc+2+#zfhxmwhS|>2zJl`%vpuEq z&19UvbZj>%v#q4e_L24>uuY`Qc98O`WM0_e*xvEu0JguGe6&7*u!z-)KuJNayD=zIHYU+BC2mymf=hTBNy z!#^B8B^Q2luCTT!UV@Lz4L)>8@vy=1cu8?_u~`orHY6S&JZSK+xO4Mbts6i2$Y65b zz?P4%uHf*8Zb&*1`{Ff;SCfvIQJ|A!&x?yc27YWwr(eJQ{D86v@8A8(%avP8-##t6 zX8pj|2XB7oxSo=dDnLA|JdN;mz2zX?BO4kE*gH{ zaqq&$r*Je$pYHBgKDgzEPS>9O*B}4#fsZN=K5i5e7Ndd}^W$LuJ)j(aeAF@hbp#`R z<`#O9wARpwL^61?M`LN65iSzTV9k$Yx@$`$Goz8ASQ^_4i0i}+Vi~+b!O9)*Vq?iq zmSUY2I}_{l0<1E)x)Mv~9IOuXvfBHnWxN1vbvIW2iVWU2yjFa=_g7}Dh8Jsf6a%X= zPJx%%it+yGE+(hd0tQyQm^NPa*BDxpLF+l&u!?qNiKO8GVCUyz<#x`CklT5wmvaq- z(Ow5bB3dzE>jx+;Iy@m|`fvjJ2j}KzM{~R8w&{eN6?oa%M<57YL0nN|9ldDoVcCag zPeQviEe|S$^xhu54BwxW?*lS>B3zV>8)v?soelLgN-^5$woRLqKLT<1LyQKIpCO^$ z2<{-Q6T#74C~)0d5hha(vO}!y!V+;Gt!-{H>7>aE|Mjy-%k*Cw5c#HJu$WR8GVbXIvb1#@dA<;Tv-n3xVQac#o1-{FLu;Vhj0=9we^wX+Yh&c^z3 z9k?d^88eloPSUlwzILh1-z9TV$?-~><7rCL^h^7g!6}@vDVXnRKWApzugRE@fA>5H zpSKXY;2sh%*En~a<0YKzu5$4Arq>g3eB|4gUVrG&UT`r9?6pT&U2qRc%n_n;50@;x z5K)HRok+K#ZfB&A&yCCr z%R$pu4c2Xd-k%V-mLN{!Rv@g*D1Hx}`BkTJ4G`GM_4;V=|8UCu`jUdbP0k070DEqmQBp9p8N{hLC*?9EYL3Hdxrk zwf3GwTZMI3o!Zl|`c~fbd;B(*_H9ZSwtHka=F&pjaV$Pc7LNwbjd5W;djnZCJexIa zj|AE1k2UNb6lGt>8To9(<%Zqk zqv$U+@_NJ98NSspAFMQ;KR5h;hF>)N7sDTtrQF>AASDeweaNK>xc@{k;BsVJXdTSF~v z0PU@DmuLdXoyg_W<)d+BUA6aRdr0PRZb5q}I5=T@h`}%0L%0A24(FnCe5NGplOXSP zd{$D&=TW-eSd+gQm=8$qmCl>MnQ_=d7u<#1vDN2p)^UB7chBss>~Kyl&-JVW+J^YDJ>-hV z`!}_R+*Cp>Y7Y%=`FIcC(@1R(v29CN7I@xQ;m5oOzj|@{9kJLSAHDX7hZh|5jqPO{ ztJWWyHv0CS@Av)wyd}qs`pI=i&pquge>kDZsI5AXl#$z|94eeK$k z2VTBsf#3PiLrz|C_2D~Wb1o>~K44AP-(20nvZ_a(E zcj?cj{@5RVOGd@ek#*;6sehpKyn8P{b+suuap(CPC)|2h?HxTfjHt?L(u(>s%(5j#hgK9@!)X6pLoXav;$?1ct*Az7 z#?m+r(_~cXyNGMasM6V{6~&fU*oqp=fVQGsXMwh&4rPqCq82a^wxYhqP|%8U<42z$ z?8cAAcsX~0qh0fmSQ$TJ_JdYbAJdBBy{+~0)E)U{E9(DKD=IkQ_t}ctTf^huHL8@{ zQgh8UH!mAnQOoO3t@d1C%D%>rHy9{vHnjuFc`|^DeO7hpDT2scoos*r+9K zsMSbcOWIJ=@c`eFHq=|tYe^ewHy$GS9LY8XA1k#@k=lmJLIa~EZK$8Ounom`lzU-+ z>R7g1Qrl1~q1Tc&)NRl!P-9|?!R=V|*f9JOGD|(?_p{ni{|9>ya078n8y$TVZRj%5 zf8LTd6ko&WA8r-cF~JaZKNNhPZKyKXvu&uay6_jb4W;)Uxrxb*E$L?Ej{BEwD9>xj zn9`@L57L(8d%;?6|N1smRYOI2MPof1P;mQtXKwhQ!GoyRk};)sctOMUXb3!xDIMtk zW#eB0qFKN5ufr_Id6-Pf_G3kYhiEmd-cr=oe_P4Vl>7zKc+sH_t_K_nG^Lpj@ zWt-3Fv%Oo{=JgZWMIIaqNu=zjA0zg`L0-<0IfIVGzRG_32?Xa9dO5>#di9%J7Q;V6 zdKW~F?B|_a^LV;fwt3yt+anM5_WJkgx3vGMr~NSU;6aEvGu`XmHb+xB+A*#B^$djdJajhV78^jRpSb~E`Xus`6P^50tTQq?3i7<09Kvy(FnF~Tw3S(1DTrWhFxoN*$ulBfw@@n{27sTSWowh z^ZaRy_Hy4s{PT#bm-sa}2&^fT@h^_tW-Zp!ayDT4z;5fjUagA#ZeANcnouXSNpnz( z@KwpS%r5uZt_tw6m;ZZsEER6ip3r^_SB&*K@Gk3QZgpW8Vc&F|*{QAn8E-rC1xNdy zqka1^qc<#O7W$*R1aCz4=`tz5t=}%awDXl^UHHBuzPK384BnND;H`;P2+FII3})jM zM-yvbfJ7``fYew#G3B0rrjPeCOWfO)c^BY+!I91z$`H{;BTzW{_GLSL`!YXB91}LA z%Se|d%!xA_ zl-78?4vJ9VTsN#Ej$(lTYaTJ{Z1{e}MZ9k#y1Dmdi>fRC&9BVjbsW9dRwAcK#aU-0cZZ#+FotFl zdq@)3*Hka_!v2=Tfpf;f1mS^Kj%vfQlJdsd^7@L?yrtDkE9+KztDFV*qHmIA`*tu? z8>;mkV%KrwHu|sZy=fySDt&v}>bt?mLe7(bKI8fJ6t7~(Vd;hCIxKm@+u*AXuU5Pw zP=|fQ+>U$?mJH#Y@M(*3Uc*qg9P9Oh+n~2-< zqnwPUfOC7(kt z5d?8+qZVOhMonxV%q2~GOt;$OZPePk5rGelKykfn1JAjQu(t=1wATuY+T&AzZbQXy zqkwqAs8jq71j>xN0|xFi0>#aUv-w!vG5972_siErb-!+K2Vr&m4s=`t@YNnqd~0uV zm*5eM_IPnndwji5w*h)zhdo>WG;XJCLmj$0*yF{4_S#}md(VP(8=(8|_Row!@oCwH zI&|m39{(>$dw3cR?Y#=-HmvJ(RXC_i)d<2wE`JqY^?r?a26z!ur+Objz>A%_ze3N} zD>cpk87ot_KMp?YlRAyd0@!lC3MVS-FZ03j(Q@gUVvpaA-KfUktG$jX_O`+v^=R(^ zENYKsuID7s`xWdJs1bw}>7!Uf_XrN|JP3P0qUFrvjbcc$H$bj0x}n(u> zkoIj!F^tYjPp&%<%MbyHGLPHrIv6}R{}QNArS!K(JLj4lhU|o z_~v^cj3)JDbNd6_xyx8y3)|reXX_-({g7Z&w`Mr$;kVfvs5}bE!xK00agCy5>FWPv zS#rv(kIIw5Xz{rw&n?2drr`8*@&n;_6Xx}-K)4_LK1Ny7+;;jhEL(8zhs)_q-Nm@OyD zSq@tb-z0n;e8y4d9{4{I<^$Dz!aLzVMV7uva<&|o*F_$KPtNXu6&>WQ2}JX7@l2~4gs z>xur)fj0Gj<$aA#kzv*i-FB4WqYY0p%sQd^^9-{-sJzbb8pCHAzTEJ&WaO7_3l=St zJHXn1d^cJ0{-BZnpWzn_|Hbe-WZCu;Bj@)lRL*}F>%Q2brSfh@?*9M43o+bi$|cR^ zh8qlDX_)s|wfTZ!+EP2LH_GV43YpIXD(`5R_ZyWDFwApb<--jhZuls}Qw+~E?2fhM zah{P^89vo8drNe`=NP`g@HY*A%ka&Hw;6VIK+%Mmf?2| z$IP+IG|YZh&7*r}khJwO^4^9A8ZI&Hz9}Kwjx=(1+^YR!4f8uqD(APElq(Ip`NG8J zG9zb)uIjHeyv8uU$D}$J80I&aRBr3@wMM?hu)AK#101h`x-GAPdR_xVxvlf|xbqs$ z?_SaEz(VGA?m^*B@E;N8HScj@-XD3~soxL&?}P`!e@S>SeAWT#@Sgal@M!pd6Fv(5 zN5WI#N03MAp9p4sAfE*0b0~Q}nDjrgh1UCxb1YRY~`{o(K zKLmeG_;&E6!aOgp621q_`aqjI!CQqN0^cP3EO?tR&$%B7bAW;EOK!{S?hav=C7q5X zT6XtA=+oKzX#v7o---?M7^|GmI?6K)&of+On8!)=c|4RaFB89Z!m%#6oB95Z_!(sW)C zf-$r7j}eX@$3u|LRdmfP;!vz&&)tG`23tJcV!z|T&wPa@UtAA~m&Mv2^Zg6yWsT*! zwa>RDGP4*T>+VlOAg5LB@zytTL9;so4zHZQ|YBgfHt#6XJ$n41Q?#;;@y z4Lj!iB)0cpySBWbr+v$R2VUE;5ID_cYZ}WrbW&b{p%(mm1La`o9;&?crKdQB~ztRX0?6 z;omh=zE5L|pW{@L#b7)udB6#=)%*^PuiX@dU zsa}~#z-Nq`C1vp6{U^@wV>%dAD-VueVt9{dkJfUWS67v}{4GH*@;<@-b!8kDWYo#`yBdlV*&cHfHklQN^vslua5{!bcW3y&BNx z_Ud$;jMoHKUcEMCQenTxu9~lZEgHqz%cf@NX}`y_z7XSAdSF=I%3TdpKBEn8bnq$X z!J{6-d~RcyPjz%70xw+afp&cgkjjm4uX;0}!vnuBy}8gy-LF<0M1}capM~a$@_8m7 zOta>L&oY`;>Xl-NV^OCz&VoRhaW$~V_5{m?=~jDJgRQ-J2!B;GW#ZUgv-WO;z4x&p z?eV-(d)J$7fZofn#kQ-FNvFJ8H z??r5cB!*7oeh!JXw-ff*7Nb4(S22$E_F&O%fF9?%WuJvQ#ot0;?LBMK*H+?a?+q;6 zrWgy|EF9E6!PAEeGmZ-%j;-Dr9IReWBUq^(m884EMQnnet<%(_W7|}j;isX8U+6TB zkKr~S9Kv9_SuP#1Xt}WUq1({N?_o^y#IVM(AHmwofj#Qc9?M(pv5ZW0^YZX8&{vHh zPLaMTE^i0=w@V@9LmZ0S+2iqM1Hsy3C17hpo!Zl|`d0qMA8)d`VR^LIY&t*cdZZGf zs5`lA(zw#(h0`iGBSx4}LBmfN-edR!!x^Yfy6sO5|JLvy4S!-d8z-%9%kR@GA8dHE zVfTGrIYwP@B8U2h>kO|V%MF$DVQ62iJMMCUWc^hgo(ZZ04CTBYsSf)nmDy*_K0dm+ zh8fmz5z9=vZp-VOa)IHZLBnmg+dkj$vtVGLnm6(7rDa+P1hlU z;z{bt`=9Pq+iQKGhJKa(%O3VA)nr!)B)#c{Jap}cXHtZuC0_JnEI%T%ul^Hh~ z57>O}rJUO{j^POs=Ce4R?Vn(nx^%~2A>;AgxxML4M=bj;_N8|cbZkCo&)!fp?Xw|Q z270qiKA2|B$2nk4EA>jT#IdMT8|xuZW?U8QHP`2M72>SDc?dVx=XM$7*4}2=Yp&02 zYl^+S^|`rc4d|-dTc6txpkViVRlDZ<+#ZIW&BxyQ+#XD^cQ@>HhK%*a_PMd2(As04 z8{Y*{r}!HPZ2F!w>9c)quR)L76pMkGIH+uQs$(3Ncg0t|Rj6dWR7v8f_X!qhQo7iU z&|}?FM;*F00A+@sgdXdyI*rQ)*nGT?eCT;(``o&x*n1YnG_AC$_ByB7i?y)NEeD-u ze7{GXB7IX_-rX(ibNdJfmHp`I)SiabxAHIh+&aq}GC}F!R1c3auU&iVa|`b0;ge9< zjKu~p%Fk?sEbSI@@MVar5e|CW zVzFx=PLIX5z{{X|W=`xckHgR6xLxe6F<5)8PVr)Yt!FrEJJ;{7!#WdPObq<(2CTEY z#qiM(n9XsIS{?igAoOzTsL;#jE1xmm@4Q&C3uNZpOwmaHRBqCmFLcG`_?r-DlXDMa zYJ7G-x6fJ3ZLap&J=odH-H6aEVBQ!&9tnA5T4FKoJC{g{N%4HH$YpY9K99M`qh213 z1vCZ(6RWAnDDFB?Y@+iW>d+Wdl&X`^PSBXZHs9`Rb02r}E&n-sv3yjA3?HjDt~;|X zQo#BV>xZ@50jCVlWA|I$H=rLR)XBmiv^lR`29H+TPFVTf+3!xr`^bL3)y222((K15 zFasCN2k&8J%6nJt#V&o5OJ3~KH@PI3ZC}yKNq*_8b@EGJxrrCM@`BgC+SpgR+J1ho zbRB~O5b;W|{-5nyI<0td=ylWMfLsG44QNPb#HvO;a_=)qrfQ2`1x|a6)>_&S~+pFB3&oK;7 z#A5B)HZr2Z_9~xZsJE~FoEgxO$1G5Co10^^EkT^d@tIATQMaPN;{(trLJQz?zkC%#^YJKHw*h*O!5-VI>NM`> z5ZHV?3#I1zefB_4x1o*S!QOF3pvb&gd+(U^*?yll#9lFt!4=`b=W#WHFpRb7j{XYBsu2pzT!d*SQSF__Mj7W$>QPQ1H4#byzKlo1}%0l}&PB(mp;jbCqX81wF zPZ<7#;dc!CsQ9|CT*EvERX)^k1osA&cQHKI@FKDdZq$JF-6r10cs--zxvDzt!K%YJ zmGhidK7wfwn-js>A2Zpo+m<&4aoRV->zHoKYmah);i3`6``I5eXhg8VzTbbklNVfE zTx z+kAh_U5wHGm{J<}Z|RTu5i`@YKjr~u_@C{Mse_R(`(seR#>s`oNqB{cxbKPoZ}-Op zqdF*zef`7kAM1|UYky1XzvY_rvh2N^AxLuAJ(BoLV<=)@MbM*@EW*FQ@Taf;ie8xT zam+n;rH;5Iy0iZ0J7ZFdrsaJxO}6~6>WcB=xDMjH-|xPdU1)o08v99h_%PK5SpiIk2g=X}=Up9E&>Umu@{4 zWrkmcz2^F2u0ou(HxJ?F`eH7F+}bPHOJB^^6njtLS)Bb9>U3XsK%mUHz4gWX0C9G| z+wc%y02$l#eC%c%k8kQbID6}hVOz!8dlL5ed`^4FQfM#r9US(>@c$6%6jR^9dBdcy zt+DqSnA;SKfkNEwcc~GHV=(m{oKJA@d&xHRsKX`o9h^AYIJT~;>C|^{W<#&JzL?Z^ zaM~d8dLG%nnC>vFwwa!Ju%~%qSmRRP!RZEj)MGiby!E)TjPzUsdY8anOWwgLZDC)` z8L0PDXjq)4Ps8e4`Imh$`~41%-shX`iovZar6(r!<`o=;FZ*G>?1#~Q5?&vaN8#jD zo&eTyPXI6q`D3%rCC{&4$09@?2W!_#Iid?V8*6(a6&1+nc@Pw`aewGXugsFODgFvtU>J zoe#@O$Mx(r$IFTKAMob5wu^lf!w!BS470bSAHxncgurPhqs{g82)X$u*bnX#K8%;UmPEQ9}dasQ25O0l20 z9AVc;jt2cgXET1-VTeq-h!}jBDtK2X^9F9SJ1zPU{Hzs3Qmc$Wd=5Ok*F!IR5>|e9 z3Yd3)BVRblSpg9@pvysH&+~imtreD34u{G89;X9mV`V zun$&2kcTM`-%;^KS(1El?&!VG$} z7WLMybY{6lCT3At;|)2u+a}$<6?QulKgyus9Cs7sWTxgMov9mK5UTJgvKEV(|Au8X z+KHyo;|?;gGoCBq-ZHs2Cqb-px>Xbt*|<4uf*ntz$0B!fEqkV7+CC#r_4xP|E?Qxy9_}~cXS3XmMLvqv!;i+?R*E9pB}CBx7q+O(Ij zTFPC#f9-d$_y|eo9wh^GYyA!uFG#4(u6a8SelIL~>bs`)et#27516YfE$R|X-r}F> z3jB|s(Z%!PC}3PjlllhrAVDn8ra@mr@SIAi=j}mfLjim~>~VX>al7Ewk+4?^nRV2q z8;^y|$78xuw@$27?`Vi@-{9W#WeO^< zU*qqg=PrPvsCub=jhCZPSgyVsP>=TbK&kdv=6db| zy@OCWThiB9fP-6yo%O&rTFyM)NKTTy%drEV`|31(8dl%RzxaKPeDF^=JaHugpr+r{ zLZvmXxj9{M`EafgYyRJ_uY~Eb+}W?7j^R-nfX{H#=gx3EGU+~<{1BCRV55>enmNlp zt}Aq`M>@|7>$T60ak!pXICn`g{BdOTIn$AKj*@9$%4vhFbB@drIqi|N#U}7`nTv#F z$M>9A?^$kS{Jg`2Szf${Bz+r<7f(2zFWRTZqpaM8oQ)M6^RDk^abK##eJKw!%wwf; zo-4{M6Xg>O&ojKxaGl}P46inPuHj1!Z#B$L8r|<>hMy#}px}06(RamO2kSf|9~jO; zwO6@&r%lR`*Cv&_>zT;=82JFQ$cGvEIK#(~B|Us6nCW2ycAn8$YWP%qG9#}y?COc=oMGf&H+-4ls|{ak_&bKbYuME*v45YD^O-=?{7b`67=GID%ZC4G zn7xT=C(Uq_1$}xB4=Nt$`3cpe+;VpNW;?&A8(jlm8yS=VfOl}e68WH z8b06frH0uLtlPS46rN+~c+FBdFU@*xGEU{Tt`-|Rhk-GJ4{n|e256sWx{NQ3fUwU=_;Jv^J5-W_E zG-7Lvb@1|pF_S|Wiezj@C^2TzADd&$gq`ykGZ{fImbQSJv5a>Ra$_c2uu1qmK~DT= zzbAMS!ty;q*00b0o?r(kH~T$7e$q0W$AfjS1>X}qm)m?nzbD8?g66&__$$i8?+JFn z5oq!~!Rb`d?+NlY)cp4Z`6u}1zbAMGWAuB1OK9M~<$Hp!F*CvU1k+;ua7BS(`cf#=5$hBBWu@}FU3oI}LNfZ8`K@%)}e zu*nC4_V`d5f-Fbg?>n#|JP{TKLeXJ_K+gU=Qqd z!3bRDC0^(8keveA2TnFCvf9P0h4w7OT!WZgEY!xi-MI>~A0b@mWHT^a*TtVM+aQOX zPDcC_i1Q9ug%#7*wF=PDYt5W@n~3U=epnXM(B11Xn4!b7m>s4d#}!qN4XiScM;PGV zb68F}ES_K{6qZFW6H1SvP)Y0SG?^wR4U8Pv3r1*{X$j;k(VQxXy!akq`pB&ADCqqi z0Ms$RbUPB5@&9*%6u;RCQaFT%2Mjx6h_;>`UhKf}#7X%>&@AehJha#eLxWyhj3?rV z+fl+UX87;`-w)<)>Dm)ByA);P=q82*gK@&{=+E$aB&3|}C5SmN5K=Hi1{LE8y^(CF z(H)2dLyGj=^RqXXp1XB%SZfmkp$l}U(^G}yal}AjhEMZ1`SO_J}tH>%9%&*+HT&{@@*Fz2T6g=}Zad+XzPT!r?mo<= ztBMScea5UeItGa6Ra|-8QHb{B_*;e>i^DKo)N^BfoDRp2MmcbYryD;V;(QNY)M-XA zR;QzUQ5oyYhQ!axackP~voNxkg`SL-Osdn&*FD3YBfhfMSnIwJ@fp+V{2RXZiKF1g zB+Yj{-NZnrR@5x7_RNeq4$I4roH=Fej7i5%DKAgFgvTDP@Ms3&{hnZ_o;T5d_rRh3 zo@Y`fP$hAwFx5`w66BleZE&`nZ;bP6sm&`+w|x31C&lx&Jvg_ukx_ z+(3W;Aq2QtfPgF^Y!RU>MU54NhDB^q2m}QMf)EfC1eCVeVimM*PYWVd`<@Fft=iTa zT&YX7F0HmMRBfO3xocZ%t^R+%Ip25gcM~Yu_5b=h$+`2JZ@&3vIdkUBnfYc06h4r& zYjBn0V#~>~Kw@nYIbQkc5Bmu-%Cob)Pdu}ksj7qim8Uk-C{o@Nj&;xs!=?9&ZhcX8 zH<y9ijrkns(?*Z#v06uR+2GKe`R7xz~^K~uO3*d)i>QsQ}g z;mLS8T&wZkVZs1G@R=BOa>FE1Zf<}29hEaKs0BaaPZx7^gtWAyj?FGTg zTMc=vrEeOqQ@YRN{Oxj!TXK^9;kd@F-9u0?*Y(AzU11Zp%50;OX zOY8kCE{D82_^VNQC9UMmh9L4$9;!qrk7cgUB%t>)!rcL4PtdiT zdB2mmth`Ma{QM?pYE+)O)wcA1&uj9IXG{+67@7}f*5Q})nuEkmi{<{=R_&s_$)=S6rPH1uZ-e$L>R4SvPo zHw}K*VE3$v{ErMh#%D_CPOn0+Yty8|#x_@Z*v{&+02tEkz5b$+xd51Rr8K7qrdZBf zlg>x)G{NZlcXO1+y;PBDfLw z4#6h_-zk{yAez6$obG7Kk-QHcGHhfpv-`>BcZbvt9X`Ub9(@0ySrv!~&-gGV9B-^Y zH^1vx{ulgo+_T}GhVFmzBMrS?Y$z>nYFE?LaY9pv4XvcZIa|jy7RW;Zf^D+IB~)-&1(p zcBMTM#BjHX;l?nA86!CBs2|+1d~k9?Z@*@6hx(r0xVpx9O+^92yun3P+vgsU-uD>^ zoGKbOp}K1On0A4G?UcIpI^hqzebm5!UN@y`4pvg)Ue*lmSUnn%YJ zw8T9~I%{y}C6PZKUe$!Pob~nIhT1d|P=0sB=B4h@s-~KI{kh}E2VxOsR#SOT53!Zc z@Q}%=y)~cR&PP6*#jmNjsLMk8J3AdyvkWe?JW^kv^Rg4>!uDdIs1i$5j zJ8auA_p)AzQ};GJ{rOkMzdxkoo^-)mUeGr`kdDTsXosS>ymlLWXJ?c&*radpzaFKU zhBpTdKi?Vn^?!v3eNI5}<6rvq&I>vk)A11v9Ssg;Ku3eiQlX>qIEWb?jjxd<5$jLC zMDAR=qOmW~70o@95kvvz!yW2qB#^-PY48eGx5h6)m|%5l{4~N~bt^wJqQUWxHv`6= zyB)u|--4jh*z+7$Nc@cCmp0?on7@3k(dNG9%AoVw;uER2bo8gz#^ITF9Q+j{rLG z6*|_7zYHtB=t)p=Uq!YH<0o_7f-9SN(?)oD2^L3u(`XiLVh-`vW66@3hCuNvmIJ4} z{6lEDAD17SsUh%+MMvVdfHB9Sj3J*gf&k23%0(56PN0_)nUN)4RK@AIIeyLcuoI6l z+1FFD*Xd|4ej_^r(M~hH_->+!i7KY^CKlEvFHXgu_${l!9E<)CzXdFWq7{j@-fAy5>Nf*Lle}BGs;$!bD|F@h_aH=3X>Q7&k5EbW*>gL)YU3q8BuBZw z4zy@;GUCjwc8)}n-J9Ie{>AV~h+i#E1fvcZ+wk14!kD7g zJQ?l`64}2&xX#o{$-Tn=2ocAk!yurb96zz>SVES2QBmZy-1FdaHz2Y)*M)Wk7g>`_ zq0!`35E3~(cO#OVaOE30!}+9=zk+{ct@A1LI=6r!vMzTbq;Mdg5;M`I1SrA|MGVD)G2YFfMwJ;q3KR_nR3>pL*Xjn{x*I&D>#d{ zJJn?>4h8Ft&P8>Z3f5?L>r44G_JqV9^BX;XPz6v0C_S($eh3pqmC_!|J->#IQ|MUX z`9taWDjir_Ka7rV)3LkQo`X5zdR~oCXj$ze6W`5`ptc23=ac$n!tLV&lE*F~51S=Z|GY z%Y~Gld>Q!T2O)nW;p{~%8h)nJ`2TTi-1E{mgESL<>1zR20+cNQ!z_d-_v>Tpi{lk= zR&cy#C1{oWXgnLB8DYT?Nqo+$oFKH#hBi}Zmm3;C2pD#^q47;Z+P#LhO=wRW+Ag8J zW@vnIFf2#FH7$<_tw?E`yvi4aR;9Erd6oQdW7yG3+w4^gMafmKs(o%syFCdV@ao?yvYUmEu+H^2+?_ui#}?0|SBh`m7kt|Ly1uD{o# z(46&^2yrt!$HDU_fu{BB6UFp+!i|pTK%KSU0LbmdrHAiL8(#h3dk5?%WRt z^~NfTz`)Y^u48bzWR+ABW&R&?v}r;99d|8!n8&vRaiC>qvG-A6Xphk%R{&Y5sYYrx zz?XM&pyQYpTVEZo@LjQE#arcN5^Y`JtHn;Q>%?n*TdzCdbsLi8)|&a#qw8B(KsM3$ z3kO%3Azl07;G_ElWZWHa*n9Q?yxxM>i_R;kSW?2SMA*w>^s&7C2oI_gN8i%u365|q zGbR2&6sk#aPzhLDaMQ32{i&a4^10d>T@bf-D>-aN?bWdJ%{lgx3)(Q`|b8)wOK#&o~lOT_)&lP8ZkI%7J zcshRA%)3riXRm-Skyx}Jehc`5i$&RI=~EB>$ogE8`&^0;kqrU95}uKb4)?trJg2~q zjbNZfI3BK4BYxaqwig+dWP8%j>;Eo;1-gt(MbLw)+KMM9GCIl1*v~uU>x}Zl7+aDQ z-wCF(*`MQ(k$vuk$Ob00g>m#BN9u25Y}r3*8!AN_^20-z3K*dO4NS%Jj-QWXz;MV9 zNWCJL_p?>JDN6SG=OHnXmt8R4j)2KU===})8ME0 zzL`zN25=xM{sQZ6;C~9-LFpXATO0W(#z(?LxrIsUdo_N@%7-F|({*B9(I0Xv)AM?a zwLJ)!>GZf%Q$*mwV)hO>2|tlnVyx^YBF7r?djr{QL|$~IV7Ocf{4Y`zRkh3xs+QT& zp7GR4PHK`vor>(CPMz%`O#yS{G{%mp=MNC53$66c|b@)!33m%Aql(bP#YHFX!_!ULMW|~ zxFX)EwY1s0i+Jm6X}i&YHfpayz-byV$2)belfV!;9$w=%XtqLZ5Olf;dan!m5}qyu zz1JhqShH1SgP=1sD3Y5t$xYihvsGw=fHO59lKZet?!#Hh&1lpffs{}v%7O#I&eY(S zqt+-kT4{J=3m{rm4o;)B4NZ*M7-%9GCk0_>iAdg4XE=s14;Mtz67K=d4?l}>t-=Lw zTH;*_=*$NEeiawIX^D3wpfeZZ_i|kDrWK@jb|$^`OfO#%*g44szzis={dvQS|E%6?v-j4!28F}tVKvc@~GU8Ahg&6frd4$ z&*Dlzje1DmbzWJRf)5eWcPXf+B`GLUc}&3~|6@C-0>glp?qK^Hr@#EK zr zmwSFr$|__-*E$ZmQPCDk0%;PZ?Z1k0aLGAT7T35?5tyFVlvom~;aNN}xAjwk^qfSp zBYvH_Id~%27K$4g5V@S?tYZG4b`GgI?VM8jdMcK~m%j(XLD<}65fX^4zck)y1-A4{u@)!j+ zzPf9r1Cg9PdHYE=6Bg{1<>%~K>CzCPwtcvb7FF@hmRdQv$(}9#?^2983gZgy7-a?}b4 zBvO}oNz>BiH5~es{lY?ZbNDZqpQTdIge{oAY-sJU&XFZdkEG zbn)k}T)t`nwh%kfTh-h!Z}9>zOHCaimMvd;l7z_UlV=Wr1P7Dn_64&IAhRqFyx9s& zb|lLbk;LXTEpMc1`?5yn-EAF4RtK`S56dXbuVh)ZUUSe!D?cmCZdpQ5n2pPtPRs0L z7Ho93a&bdrqn7uArEXKTfAp$@MVZ~*4zPh*xJ8+iJky+2L}YNAnSp`zV0g_C)C1vO zw8GsfxH6RyTbr$L`+x1{sEF`JyM-W>Xx2RhI(n|~+%ktOsanOo#ziMBSkatS>2&D` z??tc~3hK8jdM3DL_y{C8e0W@y<;`}XTz%EtoVdJcN$_MSMYdLv{Z?G9(v)W^ohFvi zFI}{B)sW#{o6}CsLKkE!^AMm8$xeNI#64ZdLs2VM&igwrsc4Z73T<{k)a-9b1-n({ zxQ@Z480iZ!`@>3S=eHv+^0TL_^xX#E3(S!L@;rl!U2x*Jadj1(K%#mG?kx$#fS^ZA zJA!MVp%ZgJgmO5^L@)9k3ZVSsNra)Bm}zqH0$+=ZSo><^`74%+P`C8ctrT$~{*@Ps zpghyKP|oOF2WA+o7QwW%Yu$RSNHxB~#^H{$LNGk}Qn;x5YURBLw>9*mIUEmYuV_dG5Q1L&O%d7Vu_^i_7v|pAH%?ke#6)ua9uyc82EB^#0e1 z6oQ%jYI4hh`lN34%LlOe*nC7#-Qtx!-8z=BSez%BLoo8oDc6xesaO9@EM_v6Y+SYHBENUMu(h2T|CS4*R;| z2)@|F5q8@%9rdtFO%~G+57q^@B8CfSvN*X?8H|~Zx4NVsoaLvTa&rIK4+jaw4zNJ^ ze1fZOw>v`#`}opdm%yf5pIOzzMBpQV-)+JceiDnDUqWIyTR_9MNZ0)&h}naMVSDGZ z*9yaXmbKPL9uZnf=Rl(3w851IquC011{hpzFkaOmPp!eDiDhPC95EYGn2ET2cC29P zaQRFK%p_bs8(f&FxO_I2Fw=4Qy&Meo-w-^T^fZ28=Hl|x_<>=8`DG5e=hjCXO|ux6 z%3MY)aWxZ*%+>g$Hv!F2xrT_a+tZQCxl>2ZK>~ z;om_zrz2o?;qqDVFxTSJxUMsJH?i>FN}R?I%=Wf|X~M@XUkVC_JTtm52A5aj`$UT6ofem1hI#;Q1$M>zuoE6?|Y=U&(k2v45RD<*<+TtndsItUNCZ z&)cxy6P{YZ%JZS{@WYk;DazzWDYdJKc@McZmY8*cs;A0BKBj*(WVjDmd4BmmAblL@ z#QE|pa9s%L6G11=m*<*_$fVbSPMlu~07K0sjq7ybnFKmQ7X1V;-BqL#%1;XLxFahjp1)(|MB6*Md%*FYVRo zLf-&7vEHu>g}w=NVvXx+p>GDASn0P2ozDkxekA}*i_p&(tn?oX{X)=*^LvvUbyet> z2+o%_FoL#*dA}TVVwKZL=sQ3s&X=~XTD*02489L4F*4AFg2MqEOojRQvpwLXM_1HDBaCobMOM@ zC_|^Ft@2bvGuW;Z<(7ELv(Vs`2A^dx$A^^Pt|h(2(6Op1`s;@Np~3lh_%-i^#3H}M&?|@$hNdquN2g&%7@n~PPc;0q3~n%Z zrNQSIe1*X`8GN6?&lvo=!G3Ngot+KtXYd$y$>4ZiM*c{Hry0D| z;BySV!{Fx(j-l>onuilheH(A^WP^`0c$LAM48F|ZYYo2F;GY|uhnJkjn>Kj7!3_ql zGx!RFZ#Vc!gWoo|4EfWzjx?ChkCp?Pr4S>TA?A3m^6;}@Yx1$F_?Wm<-gS6D-6ET;9CslcaVntp~3eX z{Gh>)8~js)UorSKgWomy_XcwyRpX5sTwrhqgSjF{`TH6?(%{1ko?tM)r8VqigFkOD zS9vH8*Y_zt#bACnDSef}{8myrmjo&Py20Nt_)>$pYDoF7H<+r-O26IUy#_yQFu$9W z|7Qks?UB;?-K6*(gMVi**K{b4&wh^7+l0X>gSnbXd3qV#$Kd`3k23f(1|M$lQ3i8G zl*;GYLdDd}Q@qe%u9;H$83vza@RtqdqAKOT%wVprQaaaoDCT#T;(HC|8V;pDZSV^Q zzhp2K36=kM26Lg7((?^=tKj5bbTRZE2A3Jk6<#XG?YSahCm1@vzm&)IMTO@JhCa{W z6Ak9#Fb%uLV2)KO{TzeOH~2z>(cSRa&!8#9rD2PJwJ%CPrQ5b0ukMhJS44=54K6i! zv8mg9ez|uAjhUMhGfaI;{J zUvk`oJRI-ZAee14pGVT`fVT+#9Pl>5lYlP~d<^h61y2RuC75Gi|0$Sl`EJ1tz~2=- zADC-i7}trwcMDz(yjSp-fjLe>o^yctToZ2r{<+}ufcFW$68P7G_W-{p_z_?};|%)@ z@cV)}zVwk`wzW|_3*_NF%oE%NxKJ?1rTDy)CkQmkB-_c$MJIz#Mxa z4>t}tOYql$Hw(TFm`d&BVf)H9f%tyl%LKFRcL@F|@YRB!2EI-(+t-@~zX*K0;8%cu zDEI^5dj<1*{XxOqU_U0f3ieM0vn-z#Oy&3&1&@aPir~+{enaqh*zXDEDmZSL&%AKi z8wcizS!Qv;ESr>ImQA5xww*M8>wR(RC=+R*nT|{GT!R-IZ2O;^4BhrK*&eAJwnvI@ zHMqs#hYfz(;Fk@4%is?UW*emPxigC5!9zwInl|R(=eZ244cO=Atv`Iy5rKX^B4S+F z@eZOxGaX}yR0Lq#Pfd`6?e`;Rx*RulQFx-uq3vIf9M$W&T!?MK!+K>p0FOjwja|qi zU2b@cN4ns!m!I977kH&2_oqCZd5>LLjvE`0u<1!bfZS0qW7kENqy}N5ji(AHqX z`6TOayd2EI886rt0fgLGbQi3|0Q@9V(KnxjoyS@heS189z5G+X=)28y=e@`Xe!CGk z5gZ#6{oS|WNR>uYKIhpBCXr2!Gbw1Kquf7%f!xP5_6DINQ7{Hch>rI8x=6L7mNa$( zxe|`T0=^-mi~alHC@MIf0xt8}x?_WgZ^FeFQsH=jLL%gGqx)st?FlI{%fFF6Tj1lw zGZ%&AE2OXhjR%6DGs#FVMqTI_+wfdN9tvZMTJvPMGiZDu`ysG*_!)5Y3jYOIv1n&x zGm(RzSd{Og1k1eRHTdy+Q9cdpmVf!ts5zb7r(&=6V5I599*>{C7{3GP90t0d-U!%) zt7sWEODHP=?P|K9gW&n)3$||k0hR(h3-Kjb$()BL(VcIyiN3So%jIAnJ6|qz2M-n{d)?;2=SH&N zDsc&p1(_f19&U`apJ~4~_uA<7ro#=3%92yHWXv z$x74w?1iT(yYRF?Sg{hb7UMWr66KC55oi0(K9@>T38OIP;^|-)s&))lRJL7xiVq7- zL!>LJTlVVHKXd*`_F`0?fg;DDbPLvx4sppTF$+$+>$=-gU3c3fOqi@4?aA*IIr#(y zBMU&8FFE^!+0^4u$}*v|7K)}J11sccZFcYkTCSyUvo@4WzBi55NL*N@>Ff;-ulH!P z^(LJ*g#b^56`C{~)|4!%WMNS?!5X zUchiHt&?$KB_J)=KzQ}ERygXh_;rSD&2U^O8(OXr%B-WLlW!gP(mK<@+4yy)6u)>l zV507qKTNhY)_uQE{?Yh7&;mZYcI994NR?H~Ph8{96bV-Fh0FF(jN!69G)=ll&n?MA z;p$31*Gc84E#CFzTn81bwu)j+lpdhM6>GV6bsm;b#j%zQoaju*`nC*$57&9=O0GQM z^=|E3u&PVfqXnz3us+KktpbfNE_zxyZ}Fn}b52>XrtJzVn_YWv?Yg8ki$2hEpb}ZQ z=mm?df)h}<8svbhk+N3b$nq?gKwa$>rX{mb$1R!(*0Shg7-Z-m=cqV2Tyl^V;{nzQ z{WA_t33JVDzIlcX6Khwhwb4b)B%bTNT&bMOwLYTvms#!w(Khh@wHps`K1#TP=s*Xh z{Cy8XVPi!@8!b?1bkz50#`!g}_fC zZBty{02J;H5PO2I<;?pH)r2g04;KY`v>-d9^3<)irT=@a3-5Tw*mF_X7XBsYqAbpc zbI&E)J2kv-o7DlEZnO3ye2Jp}9rlyBs3G(q+4gZh<+6^|$Bi$-W}b8%1gd1HGtZJ%{v&~@XU0!9z9*^kNkgpXrBniw&Nzwn zyp(Fv5tdz{(Sq6i8A}X)ri)n5PN^3<(@3m(^|OV}^b)JSH$OuuhiNBP9n@7qXFiBk zKH$I4Q9&8Z#ihDECmFoV;B^L{WiSUSH0;d=?=|=-gI_iHcLwL6aZ@>N?IT~rFr4F5 zy3;ukItS2|-p63hvFbbphdOmGd#vGcdJb%aVK{=Uaya*^tx5nd{1w4`H*FQnchSXy4+rKrKjrhCb(P>* zz~2@;5BNsG3xU5Q_+(&CCot?P;5~xZ0(1U|bk;kXzvmqE;30?B1oN=L@4@D6hYTMw zG6-<+d0T!{uq_(qa&ho^TgUbf{^_{q{C66<^4yi~cQ=$g-q7vEhT`WUhdz4L3$Mo( z-L;0*rzLah%6`s72~JbtsVkY&RDzROckWDDTGbIF)ntjFq$Y6xOw?Dmb#fd+Awyi~5#s>syp8UEcS?6qf;bTd}l8LVV}_s-^(;n=`Zg{ko5Feu(&O z8{DDp&Dw6|gQ-aX0kv<|otIzHzp^Ict)3!hglu2<@t9~oA1A>yg%Q=4dR0?uADu8* zrr_)5R846aEvZO#s>TT*Q#6i+A6ISXfghS4oG9{U-S!|p_)T%=i%5ESfQlYig0!7A zxZ|}))%Kj6x1lP%vx&V9q_OTz_#EY*8`+7IMUty;ykyC&^J?cTiK3_`=k@C_Fwv6q zkiO@5=*pDZIl-|jICJF?xq%RhkmZA;HGBOXdg98gDdnYJ-5i{@GA1=J7DOcZ2=i6D zzG_N}Y8FVuBax~p0b2X+W95Y{_f)ssE$JJW>d`(@*8T3XlE=%sy;xTKPFdHEdzKya z>=O1L0^NgU&N`6p!SU!9@!gJJ|BFb1zY_t!5As^HSTl|ehCoj9;`0T{)DU8Cz5qwwFTo!R)evH$hR^}cQcTqls8135-L2qGmBvy&OSzzu4029I z0Y4sN<^CeZSHQP&tlBve1sFZUjIe(;d;&Fu*lhngI0_5cxrr_IAA_T)fN#s#Wj@mm zHH2@&i~4VYngJ2AyV3nJZl^;)iCO+l^tl*JPJA;!pnO1KS!xL9s0c1#bm7RDU$zsF{m(8>(6?+O-~wD-sRvQs8?gXzKF+Nea2C)^kh|gBia|^yt4_D&op(B>Q3bfKMQ zXzVXB?AHv9{Ug%08`}9o}&7j6j4zBhj2M!1TN0=;n{R&>?@S5$s zW(Elli>f$?tT2cS$7rPA20xE^Sg(;)1}u^roMw>rQO_vy#y=;rG?RX+@=)aCDw5IR z24xDU7oTbtUix$Z-uAZ~FUp8{_&SKpUPn}n{TBcq267B^99acG&1ZTY69o2$xVTO7 zZUqDH_k70?MA_>;5LpksGJbioB`I$N=30mD%?qF8!4zS6{6)(1U?#tY*DoL~zAmF#@#{@gcE|Gx; zv*T4!gBzzW@V2$epwq_k`VMCkAN=6-0@gZ{Qpb=c^&}|I?(e7O7%Q~9;zUQr`xE9^#WN`$kNKe^pvUE zSh=c=RY*+8N^mSeWsn`K9M(I`p{SPi;ZU=jUy!X@W==5BGYI-+LX*Tg2E#`e>QS`# za)!bcE!T~2qgWR3PNOv(7nH`TX;ngafHP=4 zAu7BS!}E{p4nXupdqit;#iI}s=4kl`ZQ znwDd?!^4>m@!JDFzIU8Z+)QUJ94Kg7TpVF``=0<3$9mvPONx^N9nQ?e?_6B)rX}9I z^Uj=%Uv}5vO-sBBogaQU;IkPQylIJdC7?4LW4sI(ylIJd8qk@m@w*!rylIJdmGi^T z_i?r0f;TOel<&=A5d{S>3&@#vD36Y=OzLR`zSC)mNEVATzIeyHmEMrv+sVRW#-{v5 zak!POGm5a%72_9_RGpDFT4}7y^^UEcR#5QA)4BmyE)Ew+LmzlM9b7q-i#@0ufy3hu z;4*iKqP~DD0v_6p&U=Q9X%0w8DEq71i365;S`?;U8iaQkWEk`h#jrYAW8GYD67dd0 zHV>qK2)#7V>Z$!}=peS9|HQ0gpnj-og($O76A@(;Y9gXovosN7EZLYV;T#+e;3bQk z>L53tPg<2j+5R6&gBU}A_8}G^Pzf<>lm1UkiQ29GKS?NeAV9)x-Jfs@k_kyCHkLB2 zXW(|SO+J#1+%uH#jvvqi1gKV-aGZf}JXsoY#$;=MhEmM5WpA8M-}NS)`N{5}=*Iuw z-QULl%$jce|I?K&J-(!YUYa(>b%X?`rrz- z5!Ai(7d9<#PE+%+^{)EMsf0+OtvAwlGwE|OyXHH0mZB$T)-xKU66L4ZA3xX%Uv@-v z`jPwJ3jY&tfNyqA6b08H6GnYDR48>Cn3Cpy&KCGi)s{P5E@(`<)MQjd!&I_B!hP`D zQ2*hZ-|LR>L9wbnFN@u5Zr|n%2&eZEG>8b8*$mX`9J{^iKgGWHnGNrq7OmXK1MP7y z-hcmn>p3JtLmThF(5MD1yAW*KX&2!t$2G~|xdyYRq&(~vDZbobc6d7DqMZA1vBymO zJTAtQz_kw-zVe;>*J6{-o)D)8$oy!*F(<$e= z5dQ~tbG2fzytOCBIb6l0Uss8aFm4ca_E`Dom%=qx+`OqY_Xbw@s}=QdP>9hzappjL zN5hvl{$PCUcT%2>S1S(4VcMq}O#19TctDVN=7V81ADl1Nv;um&kbsEDy1AR-XXSBSbpu8+)TrOtAXs_cAy~7Gej3x4Cw?sF3vp=}K<_B%ld%7fxwSzh^+O@-BqD zTfs+p2ok36H^2;o;&5hN7tb5lN*?`xi_7xeiPn*gmm2!<`Un?>07LTv_`+{JP{~76 z2%wnmt|h^9Kun{4`2aQ_b)$m&#C))P=*MyizAypA^n$#%)B#)N6}OT%9rDOWc?c59 zW0{*`@Y75t((g` zo-u#TKJ;um|9{wro^zdQSWkYf4%l?R*UFt|Dg^yIw{rJxB~h8}=UZ4(8IZ-BBHA zzQ0umnr+bm^`52r(o%hBjtMDF8(e8{mB9lHt|mtNN;3?X?w?*u%nl6Avlght5l16#7EYiIqP$669+!=)}t3OX$l$ zC)Rv%h@9oX`bn&Nmp2Q2HR!~8?=}m4E$GCWe(Jtc&IZtlmA*^pn?NU4I!F7-zZrC5 zy+?NmeGBNsTF2o0yRF~gH`oZuM;%MRrrRfgN#Rm`diFmRb5KGtn>O8FxQv*AV5)E_ z&tQWYm(s@=%x#%!Q2={`9~Riq`}h-ZZLSM!D|g>Jye<74Zhi6&Mc|^dJ8b`HO)hY$IWia z_wmmS{bgdIziQ}ik8+`7CL`qGzH-WM_bcyZ=+r~hG> z((n~S|AxU=8GJ3VtOMbmZYuLOL*HZQ_ZvF*aZ~;m4CWqfO8-5vl>(|h9!$uDxW?c)1~(h*_C|-B z=4L~G#Nf9K?udp);~Hr2@dj@&c(=h%82qfkZyVeRAN?wSkik<7ZZ!Do#8NlhzTtwe zHuRefe$?RS41U*OwxcSuhrvS)o^S9PgTG<$%?7_{a1QFe%C9ik?I$kj=l#%fz^x8( zzQG(HQl2gbbNoT+0}N&#Na-UDKFr|H8hoU|Qw*MF@B)Ju8SL72)EgSUr!`)_gB5Qu zc(cKLk17xQii&p{{B47;H~3bAZ#VcsgMV!BQwBd{@GlMimBFtY{I-xYl6yGnId$!PNLwI{TA~sr;*WiNVbVuQr(a!OH(N zgSQ!ck-=9R{GSHjWbk(kzR%zv8BB$7jrU1|IoYA~R}6mB;CBtCqO$U{Z>hMQ!5s~z zDzoyqb(?a(1{(ShgU1_uxWSVQo@(&126O*Zjq7BCU7tbXU1{iR4BlYyCW9|D*sbjp zIae9_H3n1vTGPP3tKuIU{J6o?$W|V^&hvFcf7{^q4gSzzs1Jm43JkVuM0*-KwY@do zAqF36F!!`o9x8<^c6|~lhuMZc*Wi;3c6}A$$E(TvOVp5Xg{KM?#du!sB3c=rM334RHwoC8NqqL69sd1)#n7WJ?8UBnQV7w3Qhyh z7F+>5PcXmr7YeQh=CjGLp9SVOCNb~l>4Fyk^VuZ*RNyZQriT0$!CQd03H~}TpHuSl z9#WZ`m|FAv_9Uj7{C^7OJ=rbzSHQZ5_1nPwULd~@`)cc%<|?lPWm9&uLlU-=3wh@N7U$g-Gi^cEoH|Q~*8CUm%>{AaOXJ7ARXO32UgHiQ|4i!W0W~|keG@w@Vnfh^ zXVu5f$nnX1%;5rVAE3ld&!k@2xcADZx4wUB$34~iU5_|`NfUD_Y_||m_Co%8G|C)o ziJY5*rHS}hz<$UdLNxp4`1MBsyRmx?$XbK7h#$a>eUN#ZuokfhoLGza-*9EtA`YZq z!qp3`MO;BwH1?RYatAV+C>A9)(CsI_3oFL4mS7cP>;b@F>0vy2F>r1?`ej%N4x2`% z#B%P2ox~EgDX~j{@;E{ZOcpPnL$tw=H#6*C&Y{5+7J2m`D@}^3p?=S;fGnOAHPif_ zX8_K^Rp5qsdQ#STxY}WG%=6Q9GV*q=W9yu}JMC9MQrUQTRKn%c+G0GOsu{`B~|Uc-CWRCe;G`PH4c8VW^UG!y>pDpDI5Jdrc;>lR9N zoC}}V9Ccb`y;8l->|dWEfw~ZM8PA_a{CHjY0T3AxW3VnPfG*5-7iQKgj)NFEE*8)k z2C4qEJL1Ydv{)2?0lW5Iz5}^^ASy8kN|S*mez05t-|?B{3VC+9LVl=@kL3znQ!uXh z;$X2tO2WvZgM#d}3+=L(B(%?7uu#}~g+d2iq0mv+AE1QI3WXvib0$lcP}nsGSUJIL zb`4XDl^CPlnu_9Vk}Jw!QUmJXe0&zNY`xjESSzVNU%wq7G;RRWn?~zMT)sDxmhxsV zA;@zK(`of}@B~_X-Y9qacA^sl5B!G4eM5UQXq}8p_LJ2pG7AVerrO^zOs7R@Io_FT zoLB}-cX>dBjXo8%~(454Xx}lXJ3m+BtlJMpPVS+ggN;Qeg zVOd#!mS>K)Ji47Ah@zer3pdAG8{Mv@%=qdnqG5ccUPyb!w;bEjZ@Xtj}=tyd-zJ4S1XevnV2~ zN;FiKq2B#pd5+m^V;l8ze!f!Fuc^u$Ne27eQi0p4cSB7Zw=1LLO4U~6gpGW*#%Lyo zSqiUq%>V<4*1Re-FA!NSf~|P+)(z&V`ij3n;tf(c2G@v z;1b3;AN#_t0AAWOuzA7i=7G?vZC=#0bl~De%?p+{(Cei1z$xH9@x+x&1218L*NKe{ z%?%oaZb&(K<&tFsn;YgW#)9a-?=G<^d5me}5e|*&$nr^NYoJejf*gZZtXYE8!ERn2 z*b5aoZBWVgp#9&?Po`sP@Bg6xgF2>qV_4qW5O+72^xYjYI)l7<{EJn(50EKbG@_xNQ2~1J6;0 zpzxYjd}AP--~4J6?gYWcyQ>J}K@u+-?66#J1J*E<@e_PMqzS~R-_3Aac|~0_^@Vc? z^kY6A!lhvVy|*E+kU)(3-4C~wR||RU#j{*+3qyI&18W#SEQJd8nIfi9KX$vVys41K zu^h@n7c!Lh8wta%5X}#AvGt1zft!%mZ^c%=2F$UPgQiCLr~?8Kp*b6TwV^AMzCr|G z7&YGqpKAbxpnmxPHXpN4C@fdzgXN>;+*-%<9>~+QQl!c&ZY8e~LdZvX>@li5mbpHY zfZn^1$L}093TdMnh2}lne2z2r1Vzia5E#L;8VJE#%M%lx;IX;>K(Eksoo*$weF=_22A}V z*0~A9{Je)D*1c4x0+UV|#JZR27lclE#Q&&0P5GI_`FoZp-yxjKrQvg^bFO?|6!ZH{ zaW~?8{J=2p|7@L@)0hS}_%Lg6DgKJV{9aQ!2Zj{iWAKlNQ6@Bx;8H!3eZZ;%@utCS z7nPoahgxM85VLWBadVlHwo*ecGyI1b`k@9p-5N>H5uh_YtYb3_59dWRuKC2mf40F_ z7V0i^Re*eZAg@MVH)fp-Y5 z1HM}DOyKJT&jr3&@I2t}3T_0Z`Ag?x2GEq6Ecc_h9B8+!JAyrDO8)#7<$BB@B&WDI63CbMaUYhXd7 ztS^GzUDoIEvfh_Ij)1%uNi9pik&0*o0tiq9a|A+*{$w%uVod!`#HLos~O;Ry4+WLQF|K0hgPb z*oh$FK8b$-HO_>|8I7f24$f$de~zNp@$Sc2t)kCekKbJOK1-v|b7~~<5k~apR)fcH28t#h zB|YwMgq83*@I@TU^*Kje$Q>h(Ls=)Mkwp%!O!8HM9V1u3BkJDX*fElhM3R%bF%%W7 zR2~nm#Ey}iP%cc)pwD8Tv%*D5W)wR{c0_f@j*&MYrX>t99^@1elD5(PGVb<-PNMav z>WVvSlHya$M~ZwY3JVaqA?N}X!KeeqHawimb;6jU);t;R3=-M<5U#^-7|j(vD^o1m z9|8)B@e_-3SFHk;d&eK($M3a~>4D)x=3m|u&r+vf5%!`MEKSkE6Foo88(#)jr=R1; zPqWrc04iF+b1Mgfb-r`)+{!YR<0f34>%iq#P-f27eP?!g05rdHBYt<|>dJ2DAo%?c zLKpip$x`gk$ib9BF*d-%tUxg~kbBpkR*X&iININ}3IS#z03Ub~5y0!lMtFrI@aReg zadO<`m{-D@#yGk+0-WcSjz!VL&W|t+l$2s7Q_NfN955p(SKmvAgC$nwI4Ryy-5vCL zTEsu?4qOoTfz6rZzPs4S!(`dzJel0vX65sl| z=~s8%^sCfPp&ivJm{*enBy|$bl{}wVl)qO`%e^l+%@a=YkSAc6W*M?)&;o|(mLYqy zt$<;MWynmBF$y-xn53gM-oe?lG&z|~wK%ZJ!40IB7GDrJkFr0kK>?Lkt%Jwo*O^lM zqTa!vHj1HSYpnZgsMHZ}EPf9(Ph}@H{ra8fuIyr7y%6D^5dafckF)xK%5bQUj8{jlIG%w&fP)BOaI&Jy!>WeGD;IdWDT^Mm*k*3c-W8X* zIm?zWT7^Wr<0Zp%a!%_2GiU$Q0~a}O7G@!H42%{)>FMW0DDv#@CCA~|hweiIH& zTn(;8r{n%CSTcVZ4$};0-r7#+wK+mDtO;QfxETrVH1KY8|iE9Lm&ueBNNvXCWWcVe{R|uP@EVYG6$R zpj*GlTB%0mtpGtW{jP(&xv(jZ=~j9CjI{Dv;6B#`RKG7t7+B7vFd#wwOv=l{rSdKU z)-Yt8jPZokhM>@mNs&R!eaPg?>VU0$yMRq{yxTGOu@Ih&*L@wr=KZ|`mxclKzMboN zX#z3ocPrdhUK&00O3)~e=Ct-acRr z1L!>idFL5|!e7A8%9{;&n?R#H^mRjduK_bmH7=Tk_!^weCQ1zbc>P{%<+~RhXtrKz zl#k3vQfPh+K3lKIN5fB4#dP;XVX;1`Q9llX*nI3mK3J~I2g^sxg?zUUsngvnO#A<|3>bm8WjC zE&bo~XT0MXW6w`yTe!dT6DMZa-E((bE4P_H3*U***=pN|aQ(@)WOgk=s_lA8&xO$) zY)*~Oqt2rd>pU9kB@hg-h|d247R!2D>$Zl7@Tmplcd_VeqR4a}-p0 zIIg0&*kF#qDxCv3in%63aW^zKHu%%dCZpO~;u8SL5w zdHEL_I=YNuT>=c_wfBN^Rhpiez??s#nJt+2YMx-;ZuZ^C!}fBiVD{mg1+(ouU2qzB zgJ2FEeOWMvL%%ARZ7j`SI^`e1WRLx$@l)4}JMUg?EI;#nBxQrmWp z$&vp_KOOh%+qP@mGoSy%kmRX9YIt@0@?Axk?+)hXC?(|q^ODHS7YCQ`DlI9m ziq!R3zH2~zdH<5r%6D#_cam3FzF|!Jadn(9h1hMo29#X7FbS{8@i8e4pDG$R0rECy zDCJl7n6UFnhHY0kkrfhQYp(23GIYYu&A+KAnK-6hK%0O_C%$z;hx$fu!j(O6bl+oR z(j^lEzvX)hw_REA&dvdsJ@CQr;ngxaz3-TG;0I@Y*&B~Po`VD1+K0=XWU-71#K4l4BBBp{4m9;226KLdwGE>R8Fps+?ux$9L!C8p>!Mgr0~* zZH||m2C-GS$iw7B$GT?2-CL_QJ( zRFPsSOeA%3;*m(nP^IG(zH;WYWkNbbborXFr||Bp3K!-+crPR)RjDxrdQ@@3gAiBk-ja!2^9+hs3FS8=n6BE92iE z(s56^?fi3ESdNfCjqCt{4_21*sZl){Oza1fp zN^?^_*A^!?F{n<#Q{y+c++Pk_Gkif;_aOo`X+0{r-88;N1q@cEaw!x(0X+fSmb0s&~cQzxLD zb&GYP#BFF*&I->8)15j26`XZ10;M~KAmC&TzZ1^V`Hh}GfFj)r11z!~*bR=HtxuoX z17|ggW6PO6a5SPgTGsWzN?mchx3izMc3y?u4hY0T%4jYuLtHG8^#uXFN&>)C>22fhp7EOm!C z*08wFrgMJtV$XL@w!FREUR^`^faYx7eOmfzMDZTN)A;91k3)&#PLN)Nf7vYnY`x35 zufy?3S%qI8-@1E!oTXfO4nmv`;!=dEa4UY{9fAH*?%A6Rm> zzPHw^{4u>h zO1yIoC9Vr3?mo?{+yKs%;5;{w=py4;fXvF;ch`B9-v9%1d3{?3v2zxqnTs6qYFmBK;wm80ozb-Ym9_&O6LCz1E4>>Y!a{!n$F?e*nOJ~&sB0s4L!PbbcmbeK&!&Xpvt;*LG1z>oDP&^Q_oSE>;| zUO)a|B|n>k6kBtn&e#8G3fUZEOT|_q;X}dz3D@D z5h7bclxA=G(8DjM=98tg6K(H&WnJ(!?t@? zjB*i8qs5mx_H3Y~Vy10ZG4QZLvQ_a;a6+cjTHxRuT1^3!Rv>zg6+PXEo?}I4EAb6* zLT1p~g$uday`JD|Tr7ywf`Xv)Atc=S6Fi2?_|y5Z`V;slEc&kq!qdq;`CNDcErA(f zGM$%AXtpvT8!0Fg(&E5*#9QNR-js;9b)3C9Geep5u_7}%hb%Rw0kPhWeobJWfb|<( zNpD>=UfVmdzGOR{@8C+HYadYHaOMpBQiAXCzBt3K?FY=fS5J$duD*Ay`rZh@07%qC zrE#uho)c0}i|=%9fdXp@t^~3;r0-g8U#W1x%sBWcbTVfboDa#v{HbVc>P!`M&+~|$CyO84!r0nAP zIYr4NeiyraLyFwNjEbq3sW=XtD>|ATf#XT;3=(K(20M(TL{pRdlIRX2l;Atg++;EE z8nk z3qKB%#4aZfCX)jI{G8iXCA&GwkCL+QNz?`8W+;Bn?W>Yya7L18{H~WHCE*3kQVMoa z$xZfjIFmNt9b)N2nVg*b4LEJ6r0l2?99dc6czDpI#uAiOkc;3DOQyk3c6Gmu>znIc z5x?Z|UZM2xkU+1%Y*hl+!X*v!=QJ*#chVd=&T)a)=0wRrxsqy`U$nyQ_>z@EY}2yBZ4<+I!@_gArhito*XgFp zZZVl~k}faMPZka0kkx@KwOn@|W>${pwB15S3lR;2C?kh5oC@+kcuN^3=Px?v68U5` z8D2AF`4HY%r+m9|o~Z7Id6Gh!VSJm)tuw$ zMn!x;0}b`R@BTcS<#kJ&uTwR;KM(sBd>zoHe*)JmT%0~9o!vwl(uqIDRgQ}tMe-1z z3fur@V)hSc$WPn_HtG7NC;hKbU}i(|>GYRfh<|PMWiO2~<;}x@qBFzryIC+T?U+&b zK{4r5tFVVG0#Xlx;pvAjZ*Q!)Ro)NawuZbkhvOpF-rj-ujs_2J{K5EUh&&swRvdVR zX`gB^>91he=2{46J{VT>u?kqz3h3>E$7ljES{6_j2xZgj{DB#LXr^1`u}rPJeU!%n z6Qh1-!>zLE^)lq8kT9kXLq4Ir3xPEZpjX<#^SBgJjrv^!f@1ou#HVbr7N+sr32fti zYpCZjjf|HMEB%<<+i+QV=i(_%gQiCPZU({1d#u*mum18w;L|XaaXsXrYK2Dq?gz!n zdk^yJKx6ul^)P+U18W#S?hJL(0!iCZ6(7XvgWF<7@p(zAVOn2X&!E-=Nqkj1Swp?ySCFOl$ zxfJ8l`^I@G4Fj?_81l|15Tky@t>m>p9{DH_Sr6s0%uO+PcR^ks6#_qnv`w}2S}MIy zbjD=5FVd(&j6A?BV_1;3xA~3xW_ zj(bw9fBTHX`LonACdX-)S$F4*0|=iEt=y>0#^iWijf?!e;~DeUoH5C^bAM+{He|#* zeP<43s3`>4s1De4pV!L$tyb>ct=vCs<$kP{``4}9ueWmB3c&c|rU>aSYUQqM}!WMphiJPBu&Tx2?hEJF3qVwIS`#bR|IpDdH-QWqsnycp~mJ+kW z0h7k%lK_LJBgA}1_-vG52H;X$O^mjPhJ6{omxHd2Rhekg!nno}i~NbiB9reHKaC%l zNw_rqQ;CIty1}!E%kTp;8<*m_#PT9warqVafmw)4c@`5hb1=(r`Mn(s&ajcVR+BDx zEwS)#AeJ<5GWc`As`JluQqP~yD$}X@{PPTbfzYF{AH}mzehyyN2v03+Y8a8u&N;`F zi5ZT4K4QwAD46jdDVY3c6Jwf)b%9vVp8OA?^VuZU^B2D-^di{AdcIu?>5_)M#E@AG zn^@1@d(7}~_>?>>I$}LTF@fiv^fYM1dOjl8?~u;oC06<%p;v)Utmp7e5IXB1vC>Zv zdNt_8dT!$BLTBA1*7F6=6FSS8Skrm2&_{z#ta;?jIm>|`P`3!rIPef_nmLnB9)57$ zEj+wG#G1|;yquZeI?##p(*Q8_LTBA4*89axJjg#4bYhL`YeHvTBUbu$p|frf=a&J% zQ1OX!W(!vO{X(A$I&pqE0L;fiZxpQOICe+fqMU`G6RVuh2%XOsv7YZpjWO~s1D#mU zapV9v>CK=MYx++U`fAXLm430%`79Ev{2PS60d!(5=evcz33Otm!}&KquaVy||6V&2 zv>Up1gWnH|pD=iz!5lcAR+GV-epo^0^R25&L=27~t+{9A*&;+|{z z>kK~0;Ij%LVelw}KWp%j27lgQ zH)bdG=LAEaXE5K#njXG`6|Xn=Y=ggQ@YfB##Nf*fzRKWh45sp|#&xH`_Zqy{;71L1 z?-$9}&kg-~gMVf4s|LSo@b3-&$lwUyDI%ZWvx+%(qqvvB6$TG5xZ2>c27lIIyKZi( zp}Wa;NyB_YUu^I)gV!5O1$a&87K6_>_%eg3*{}T982n!bQ=eIR_87d^;D-%<(%`2J z-e>U32D^8<y)Zix!rq;E}p_;tn*A2F3 zI!1CbJaLQpT;Sb9Q;19D6aj0$f__T>f9#zLoD{{i|9fWk$95U0t*5=EQqL} z?22SnL|mRK%Fgl-a?vFVDkzU-B?gT~9wtIU0&X;n%=zg+B&&7LLG1PvK$U0^u_70AXIk#)ZEM9xi+t znEMO!tpb+{^SZc9xCYGc1X711(kBVCzAqH!1dKC~!aqmI zYh=nflANCWTZ9e5+_zp4eiPyA!tWv6FU;>Mz9r0Y=ZAzjto$Qk4j}(jm}A4aKQb@A zi;^YG@no%qIcBWAFh_**8>`gk5b%ib4ut)LcOx7u%=<;f!n_AX_eH!nJ(6}%2D&nM zW!|$;t}x7d2P$7|c$MLz;*(DLN8ZIAK6KbHU;p^;Vo&Em3F|)$0iTMs{C?rO+eW+j ze#bW?&TUGJ3ntF1-LmHG;J(mvY2n~iBZe;cN@P?2Wab|iNv&iDXHand5 z?u!Up?ZIE#pGxrW<$TRcdw&t*tsZ9vAFc#vc^Q1C)u|zF(Qramh@ohf~^?W{`N&9}__XyI{I$$-kxUT7G5hClnEtLbkZe#$* z_7vE}qf5I3#9nQnNY{>c>;jQn@y|`x&P`krSqWr?w_m`yZ@WU5J7;_Mo?DE%cfhxs zi@!jOy1U>zbVtDgh0G(gwtg8VM}-O^Ph;s$ZnoR0o$xZu`++H)_zGA3GOuF^RN_$K z(Nl$;Cqc;DDV;c9Zv8SW8eED9Utxg`UQ@x#NUo^R={gHB^vS#JLf-!(*768>EM*>( zz3%J)f$*8S{EH;4f`^kkypOD)AR%S{~Or6~(H3F*D!xh3zbV%GzxEb^&L( zxVjp$qZDX`M7ppVTx5qjZ()_p06;K!B}{{VlZ_xiTzKk z9)pPvr{do^_L$Kk;nLhc|CqaVHqI-Hq62&KLVL5D2we@`fD6= zD$njeYcAX5@YEwFwf+BM`dXe*dFWt>hUo@S>7gPE@&DZD&t$v${KG%ZBL54=e}-Ar z;`A8K;TXzH;^Zp@2>sKXpT^}z!{boyWx&&ocK@kArqS^nLJlzkH`@KD{#0)qMBMbp z)0+aFmicPap;axr>s(VHt`O_N=En74nW@M1aMybX)olfg&J)jQqRh14qHFUv zRWfO}gKfUuaWiWJ7G%DBEW$MA>+XvqRQD1pEus;Gn%54nwYQ^Fs=c(4G}?R4ECcjD zf<4~HQ>XTJLtyQ_0(+eyWBKwWjrJPhbs3NVYwW zW8!goFd5@?=*T*k?WthOX@jiu*NzuC?UBFC`D=Op_-7w?vz_ZG&&hWi{*B=`4S!@f zgq>BF%`-f}@JWW#aNtn=zJ}vuv3JafVrLwd3{+v5CWMQqJ?J>fm&pWFDtg zKF~1FO)5XhF!vXgml_^xc$(qqhG!b)F-GlNZn)a;D#NP{-)wlj;X4ewzKqnvHX~PI=x0;SS&_!rj2rg?TKj6pn!B3J(KcE?fd$Bs>OuwJ^6QZ}>7_9!u%Ii03Lr zL*wy?amSsHw)mvt5l;X3&p;Y^O2dA^^*h=#5GVc;{?^qs;@Qf3iTnQ++?jZwF#Wmo zX>Edu2OAPUYf9{RH1vH=Et^s2rk3r-sbyPtU-$;zG{Wq%o7^)wL^4p-9>UB^gV){a zjTl%szF)gw#<#t~!6SN}8;m8kVjj=fZM(~V6X+US@Ipy>;?By%-RlxR*`DA7-+DX) zi{2UQ&6i-nmC?IniMz^g+a0@Y>8OmZvAyR;F!O9Otz$#4*llqnca6O|+@^Ib?TG}P zGj?BaN@}lV|Bm! zd;dUX^seeH`&~)m#dTBa%EorR3PrKTDx-I9kKVH``jhg$gJWCvkIFeWTkRr>oX^ee zI#eZ?Z4~pWV#T)X?>ZD#be--(mc?84m-?$UxoZrIaIbL{gQB)CWsy{bQaRI0kEuVU zbjyAga*X7#Vf={hYtD*bQd`uyZx<_#LZ1~VY`wawylzT$9VV&0EDdvJKl@lf3$CT@*JRUH_l1^v%ALhH0)#E&FN`8wBeJUJj3&oo^DRno#;IAIEMeg zg;<+FFD&>5q7ll(;W^&(NW+|};}`_fIRXOD@lJ(q>N(zDn3k3P3DdGNUu7&Uy}b)E z&xO!E$LoQ3@;TmOET8dp8hNn{3K@SwqCcnV(VpX_`_J+Cv^+ie94}p-Lh z>dcjhWaYBfF@Gjg!nxC#vec#IdHFwN(lXbe+H+VD=g)iqVFx#VW*<<;Wxn`EXnLJ) z!e1cb7{taN*u-J5oqtA*=!3=1oNYD`y%jnveCK`mRL zse3zhdsCPFg|0I(pXLB&kpq+6FrVfL+@C^g4=n43`7|Z6X<0YSrzw%WOS^HROo^>R z3=?Ha?4fJAEy84*1KT?rA1&{;Xo(jXq1%7Y>_WYiAB6<*MJvRdm z1A2`Dl%Ze|_q;R02c@f*dR}xD7MczDSFl)wlSYotaES+&d9gJ}TZy#jJ%C#Q)lLc1 z5FS_tT|75+s+*R1QC?b5wk1v@a?i zO8*H|4ycM0@T28kbQID$;$Rm+2PqPm8d|$*X@n1VX+=xvuMup1v^;5(PvysAxf9)T z$Y>SH!cj_>LO9h4{k2OKg&H-YvCwHWPy0U7zJaB0cWFnIVJ`}X1z0|0_s}(7bQ>1n zM3YbX*-_|JWc7An^_~-(9KU{)^%9$#{JLTRIT(yKyP-+Djmi9wt*NpPp~C7M=2Xfv zF|lMT4=<|q?t%s~-w9EVJ5X0x2QG(tWXJFHYv>yC!xd8 z&EoN^E%z4gd+xy2)^i8C0*#k=1sq6;=_9#7!9~!;^pTD;DPQTh4{z4-nLpRhf4EH9rO zeSi8$?j*iKUtaxTf<|scKVN5y3wV7N(r;<&-Woi1(bq3PeB2AjhE198JxPn^Orl$r^`0M#k zGb}65Lan$J^W!gr(P~!$`NVKb&wy_hA2quav zG|urTV?u&R?a^}D#-2KDW3SYZi-;MC5mhl?CFazQGHqjTUruR3%V`_?963OvZ*ui8 z_o6=?V?Qg>X&Yt6M}N#la>RzaocGEZJb{)N@MbV@o#Z1%Y;f1ZXM!1A>+m85s@r_T zM#3pfV&LmuV0D|1*x+r1fH#@JU{{9e47R~@=*8sCr0sqJ1I@7cs184uDK?kpqdI(r zsa9d?W@PEyIrwKbW@^D%5PcOM13nn|i%()eMb2{wbnblo^L9@<=58F)XEX5?cuX+K zfZ7=xLV_ejo!cMq2NVaq3sm$Sz$SQP$3XHZ(`42NZ~Gyc0Y}(k+Cl~!;WLqcWU1G6 zGb8M`;431&z%D-$38-f)Vm4_WdNIkObw@IUaOf+DV~wk0CyC>hqwoXaSupmCth4%| z5bg28<5(kI{^_SF)S(!7gn(+8clqVBs|U|zB`;hwYu4;JVAK&9BOAb|cAb>)Xj2g8 zyU78ovN`!(zWevtbJOkRXLD{oopz9u*HGU%XS^b1GAEOk>BhRw*CESZRqHdi)KKs^K=77`B!8aZ_ap4X(O(CWx+;b&MYbB3g$%zgjc`Vzl z$O<=b$Q1zk&s`}|f9z0dt+j-y2@M0;EL$L(Wmw@RPYk#Zar>G-^egdof7(IZrEWRx z;E@vye#VS~c!tD@FU*7$$x$)Y90G&%W^)PpQ@vfjXbDH#rXEgFoSHGC#n2}{m2%Ij z{7-q$K(o~O-KwgY!lgfRdX8falWIP2#~%`fLSfE9fACRq6jHNsNp6-u8Bpby%Z$iM zYPw-S|IKsx`NO!r@Cp5@XBN%oujTM995aqG2uwD}=bh|NC()Cyzxx%c{0aSV zou3@3=D^J7mzv1W4ZD&89DO#wFL#DMo|owu;&7UDIz!*-knnuOkm=|+d!ylTjpF2E zC8V6ES3U%bA-oTv>hrXS9-foy$&C8{g|S%N!#?*+e0s+42LDr!#EPIsS>@a`bbQ{S zo0oB%3Z3J#AY}^nN6`1cf_yH-<(U?S*G;bWHb7<_b?MH8C*!p1+_Ci7E97QBo*uhY zv}g0xW&?4u>=O)Ao`-h#0h$`ugUjlATnW~)0=)_pU<^T=*2UKlS7uULAKZRGNP8@| z+FK2__HKv0U9LSN!K7Uaw)Pgl-XjpuUMopsJ>LRv?R^!(9#{``n)c%sdf&iJWWEle zPW9>_u=x%g;JdhoL>m^1Tk$Wq{s6*yESG)M?spA+YuuVQ&)jXb)F?NqcXB zxr~VIK#DbRu9zl-a4{juUAnMQ?O^)CXZVbH2%gB<~IC2bsa1-El zzPw3f$!nV7>4q!FJgC79h1cBOGt!?B`I^3@kMTeV%tn z&wG>gzz#LsNASx3l`*PkVwFwW^AV=%EHV5I!)|P;lbLu`QW78aw}^+pvsfX&9CzR4P&CeYu5J% zhPN8N$MF4zA2j^5;pYs$Xqf#6ty}gPl;1JzuDQ`(={|v19bOYFw=v8SN-B>T?r(UI zVGg8I{Sk&av`OV0bf`Sl@I{6>Zd!Hb7-pYD<;x9oaFoi|8s>X(D&J(7qo-8P;W)|< z8h+UDPQ$wl|Jv}&hB*RDZ5}er0a+^N>>A40-M{d;vDk-D`|PtSM+_Gjw%dq(MIH0b zAyZ^@pWOV&WZGuGk=z#iRbl3{K$w>^I`>u-yj0}b0{-y9N@Dsw9f}auoDtNE(Wni6qs|w8i zD(&-0d6V!J-~+;|!0!mJ0e>L89{d;K?|^x8hjw_sFGKiQa9H?v;I_htz@3FX*wDGR z^1uZm?*JYk+!@S!MYPX-bhz+9Fdw8-J_@XJZ*kj}iM$3pUikaqNy6K}7YcJ+T7@v{ zfPHM*+z)1diOg|kd@qO0p=Ha3`3#V;YMUBXil?h)pCGziZ`_=+&s<8|Sc2=@zfsKQ&qw;?kJfv5f};tnV-cpY_g%KmXNxiE}XX6<^bkd9cF4Wubl(gV)XS;%}7n`$2Hm zRIjp)_gw3K9fQ}M;~kn2$=TCwa>si*R;GI$`ySpk)~n3&_O+h!QQM2Na`qwRvUYyT z*splq_LXi~R=g$f@~~j>7B3!OG^M)rlrvh73_UZbxWqdrR=j0Jzx&%2-?y^3BoHeJ zh9`&52p3<+O%y8$gwG5Q4aWwQg!@*G@lF}C^9=8)U!HJbBAk6{Y~5IIK=jb*k;d_u zoNH`#;>_B_7&P#DPRTX4I(lYpbWBE;SASalh0#+^KR4V$2dU73<}*(|6Akw+F7+Bp z11C&>`Ik{x&pdTtHLcf-5bH_189X2CJ*j>|wC0r4@s0?rCevR1&7d};0_SpoA__4m zcWeh7IWlnIt(g;e>7`(|J;hs=#kK^V8j4pCyhvoxF7~-x+S?fq9QJN%GpKdAdpH#C zu?sQizIAiB?NdVo;UIL!{`l~qaJc(hH)q^&xaIs}??umXQ;fO$C3cRnLfBWw<7je@ zF|NeT={12gmcXBEj1|uQApQe8@E2n!N%j}K7y`RAILh}8DQy^uTWS+6~v~^%iF18VYKe^a4 zX!wJ~1HXc>6~=V;=HWYs_lNuhFYL~lLsmjU$2AUYIveYi>qeXp`4?aAwZ0M%aC*G^ z(&k$H@$i#ZdBq$raLOV?o8a?#$1QLw&9#Q9w!EX|N89qIhmZL)nTu0836xhg2PRx} z38L*5UADjrjO4W|XSZt4jwTC97x>Bz(CEOvWDw~c?ge}e;5jWGO1Sv~Wjx3`Ego^5 zR$J`WUdI>lw*VrpCa29>?xxLJfs~IW^Mmdkxna0u4!kZ|p1l_7 zu~wsSFR~;18&u#ip9*d+E>SoQ3Z1#xsi27%Kg_wi%7e(>>vA>zSf6gbuJ&FQH-VeP zi;Hxdg;bm{yR#$1Ez-mN-AHmtU&a_y8Qkf{YewAXy<4S5W}+fwcqfKw;$)v3?0Dqx z&fL^e9HQAewH%{uIJ)wzcEh@$9hjk=NXc(Lw6kq0iZ)_YJ7ep&9QKKUs6*P(d`COJ z^Ycx?h26WG&c!7YZ|PiIsBVA0Fm4VHMaDKMXW%-~-V6q8T1S2m+nwdSi41=27MseT z5uUmeH5wdwnT` z9ln&oGw^;%kh^p2AAjC8XqFWl8aqQ zdb{<#*!}l*Whkajc1Lb#8GvWEtesMBt_x{%zoCeL!G2#Y#HXrx6kjh6+-FB4G zf;z6xeL;H0jIoo)pE2pI^TyAZ;Uz65M`0dm@V|L{WpZq5^MRvos3+?xIZD!RsqzFn zHUHby$!g&`VbzmgUUu`cK**tumoA!%qwN`IoDwOVSzWbo;i9Ul`GdxPB{F1iaeQ#R ze`MI;5rd0e|2)Dy6n@&G*_UH#y|XT#Q{_#bc;<|f(uwDdn>^{v8RO2HbY^+UxQV0U ztx8JI8a1R9l;PU@feY2bd)#3GY`s(-Eqm6^OU4^cwDBVJ~17qO&*8oXp^iq?*}u9 za-Jrz-?=jAv6u3Hd>AK2ZY1}`&ozp(*#iH}gE%9oPS&@(97H$_UfVt}d3NPcjntVI z+{y2)@ZKhuXBxLNFI26)GQ_Q88Xem)nb%fy$I?3+Y24<=)0+gHmicO%K~l2p=NYDa zG}a>xjh5@dI?(l41lFoPR)DiRhLfg(G%%G5g>D>+sx)1++y+k6jUgLj55*Ms}D z=KC|SwYLU4ZUi!QnzjuBYcDJ2Uy9QnpLeM}_dG`zMz{_3DokAMJpq}uHxTw-fsFR@ zC5`RxHF#YH=;fi(cpp}s;>!?NduhFK|6S_2outv;0eCJGho?)2@Fq2aIFbH+2~}?$ zDh)+UI@S9W65i%fw*z`Shp1E2yal4nw1d!Nds3%q*#Ns9H}>)OL)J@Yc&2eZy0x(P z0qpVEtWL3G3ws-2k9xG%6<+PJ&P_A&Zp20{P$NiFWQb}_y44+UVF6)JNVJ~wz&!q2 zd#~WY-#@uj%AOH9)O;BEzcHNL;wi^5oY>6H@mR<)nYK-`-kV)FxHn7q3X47cNf*sG z;|1j8z;>X_cB#y^rcC?FXM#C4jD3t5!ZqMqh3`PPPdEU15j^$JL3oic`vVn*uMy_8 z>vh7FuyKnpujhU&Tn64|nCCOvk0NASB-4I@F#ApYgl~YnNccpA#ll<{o)ft2UEoq- z?$756a~*l5OdVcRP8Vi>?W@8I5VEY)Vc+aZ!(SKPgz%@rjR>D7^F|9CS?3gd4@^0? z4_W2BZ9)6P5cVZQhue*;I;A4#HYBTjqR6>D$tu5;a@geYp;~w`!fS~atu?6dMobF&9BNR2vC) z)&SOe`y=H%xWXNTS34h(MgCVKcjq0Ex5GA5{T^hI$BcZC;Sq+}epLT_!}G}4UUZj{ zanF>F&%{;#>xOSO`so+b%QC4B+p98*tIU3k zGEP@X=6O=(0}aOwpJez{!#sxQvSSTTFg(fdMTU7?)n(@yzRd6_~m_X*aF-v#~n8$Oq3hw}O><0B80$(o7`d%db zDEMmOMli22sL$)B>x4rH`OJ&*RtVP#^EzOIFwbv45axA1`{>l~jF8te%%?u{KPY@J!b8G4 z5Yqimk0o2oGN7DvtKgN_7-l6~>+((qTUnp~5P-gpAW}8=TZE+L^I-!@zOQy`20XJ{+>) z#luEKoICzlyS=;)!7-V~I1bzC)9kK>6DI%q77zIM((Jx%+xCrh-j#>_yL`}(%Ag3KBQY3UEUATtlyV5r#Tj0LjTAy4C#hyM-A^fX=pWDLY#dKwR$ znZ!Hbvt}{oWj~J~aOx`j)3MxvO~1o`t0#!3mf)W*hY$7wr``+oK8s9=XlhPqP z8d=?R!~-Ytm};c|z{seM$*JUEp^ca0MmA;mA0o`u$?vjs^1JNM81lq{Qf5{<4wcIC zKU^5>jFn1_WMb4g-o3)07zTad{Q*QI-o8Qt12!5zffV->7>r0Jka*(75)4X`38XXp z1O{g(6G-Fy1O^k638cw>0s}S)KXZU{-SN*Ig>rS&vd+eNBjPg#TevxW>_hqghT#@^ zd^`4Fi&Hr?0riQ&2i@`S4`}d*P#lf@K@w?BKm9ZGLmZTl&E9XI`6KqDj2vh-KEPIx z9kn2X8Wzq?U>czr=bbeMGZrO^i-#!=9pU4VLkm**H_Pa2?KKw(cDQtW3q@9No$mMoa<{Wp(!_;N=g z=zh)+`$5v_NCe)6;?CsmMj_0C$B8ca)SWvU9pz-6JY(=YM9@)ARymIlbd-}-?(SHL zoCgb)^Y}nVeX`1Vc%Y-4ta2V5=qM-iii+je9iDP^x{i$hr+DzfC6_HqRAR)yA`CcT zI9JI%)t^6a(d_EP{K3r|-*JWrm}WY-x@uMeW3EgqG$P$~j7aw}E0TT9i2VIV1-e81 zbI&H_c@b=7ws5uxI`;3h^)s#~i*AM~Ka}r}ALtF{^3)5%Yl~HTJWE+eUAj^5e1HG^uEzTul^W%-)*6{=NNiFX`%ND;_2|}w0ysWz?QEO@n(CwEbwd5lc;+JAJGUx zwfDSXCLcuojYP=$YYngU_ite4tB%)7HAbM=2nDrGU4Cbg*Tl5PBdXeS_mQa}j^hUE zG=fm=r2&+gJOB;n!K3IMhRo)>r@epAfcc^b$$Z^)omu`3*o&CB=EZA#YmeVWEPx*E zb%59PD1@FaLo)#+a6Q#&TJIM2M#CQWOWNxMulC%1Ze18*J`&g!SEo3TSc$6GL2`>RkkoTX!z00eU=>siPj9doJap z`)`GXY&%swUK6vd>IzU9VMMqd?2hYt@VY{mp>A8)~?T+iIxZQ$W-9 zk3^*QPB0|=Va)itqFL3?g$;_u% znECL$K{;)lDa?Gv3o{=&+GMYo`wN*mJXe!h!)!(5J_wmcE3+tjd5ekN3(H=^R&4G7ZBO!mCb^;o*i| zA4zQTKD_Fe8@|ABh2cvLUvBsc!&e*rk>PD*S@#`aUH8X~&eLSBDBNrCTDAjZX;(q) z4k~X==Ei|@=RjGnVU$aI<9&VAKby=B1>7VfuOR38@~;~Cm1Jp?Ox5zcwk_+zqlwCy zrLx;bqSM333kwtxNTTGw&CvZ5%@U#Xn1bV zV?86_YVcT@29N)MtD~7fULaeCX9Q0oj=TFeG6<%>;DXHU2vW}oc!WzmBN)e6S~~B* zzYi+}7?<;zaxlO5{JYN7vd+eNCZKLIl;^ggE-hVyLUE$At)3@0@S}9_x zpXcr|S1y@>o6E`EKl5hrQEq12cfri<-+#(`zWyG~28_*T+Na(FWv7Ezb_}V*t6gon z*n^VJ>Hp*RK+Wd*e78dF0&++6jEPexol#aWf#or z9^YZwC|S+CoVrRVw+pF_``@1bY&)fNSDay{5*)ODhKF$&!oA=iV; z>Uy~TA>w-fVH}v}Hg#&_>k#NVF>NkDHJ9dlE7;mwjrd*g z>NIT~1lHaj*khl8_IUbGdp`v0GC(&DsDdC)(;h%vnMvyqiHZ&bP5UX>=G%x}nCE)t z%M-BX%ae~T1N81kBtj6UX^$gr?d8Ep0c5ntK84zQ6|Bnuye1s=T-1bs3=d2SlDBh|{zKh+BK(U{BYV{T(geCtxnaG`gRl;Y?H`h!g4co~r86 z0FQp^R4*4`@Abu?XZI26(e(l-GkziT>=9Jcx&l~MbxW}xtOwRJui2Q!xa(gcR9A_F zGL0ZqdmO)D?X8AA>d~GaD`=1Vpzh;9kMnt+s74T1WT^WZ^%`4w?p+z)=i{X@^WygA zzGCf-MkWIwQ>XScuA!BG5%>DIZge~*1e(=2%V)O$<1BT`9eFQ~=fRZw$M3zdC8k`+ z-J!8@yY?&(`mV->+#Zq=gj|cT@ovexdEB1Kduh^7N}ei@+F|nT1f((ZvZ6gVBpkOl z?UZPYTgON5<_C4^rl2CmMDsavYMj(V~Jt0PtHN#Qf0_{FO*iZC(x8AK+?`cpPkYEO|3I_hBKQI{c7$CIAPzqL?PsL zOlsp@m0#B?XJ@!o&FVmPVo-Ioe{Eu5Q(|y!bVySa`DRvUwysMI*qJz?E)?1s3SzFh z%0$FlonINs@ZQOXVjGBKh$I;=K&VqGX_XQ)*yI=tqO0dH}B zZKzFgsC8xZq@9TqixVf+>bU<3CV%goNM)jLWprrG*8JLNyk<^*C2Hnla8W~a zL`^IbOPo-1Q+_NutRZ@0=h7(ZZdN&+Xp&)q#7**M~#CFq~1DD1=INFtk0GRTs=&7Yx@1 zbE^}>s)McG3wlk#KtnKXXE41w(bu~xA6vBM;XutsOyHJT9L%W>wy6vTOM~3Tv0&>h z4@YV?qOSYaMu%Y=czg024@YYDp*{7f-xsL?&&iKJ99e)hKPA69T2K?qk8F%gK+>4} zio+2kRYrR^J{@21a2#7@U373=w0QKsNX5Q*c{H|de*F5t&u`n9Kkuh^MxS2$+s7vy zj#oyZShRO!{Ll&ULl?)lM+Y@T2R22AR!4`#OXKqr*RNdncv-r7k*oE z!5eR$fAXJViM%CWD^29DOGF+G{3PoI&s&KZ^*nE_=e>bB8$Zfhur#mcrMxxY$%DM{ zU|tw&A6u6w@KtK&qgu`$^T&lPjaAltv4}>5;4A@i}qYIhsPB@-3cdgeRPc#(1QSSkgwDQQSOe zp?)Ue^zR363Z0ufC_E~?HZgKtf={5?>p+z3y^ku=znDSQqdLX zW@up}oc?w&7VZ5v6k!yH#$vTyZO4BfkGvBfl|Cr!3lWL$V_~q4;ZS^H#1~`zA9od1 z|8ZXZ#ylJ<5XDBTp9bz19~G}J%Yy_h2AeT5I6h%xr2eYBy-j&_(bLeZ>*wT+zB$tP zX5`IQ6|1r5kJ|g|yuGW@sw3CuoO9PX4`13fV{XpwR=X+>Ps{)KPm3R)n$@5JZ+boXtMpU2CFR6HEt`oi33{loD!o8r6QsMr`^Fe^U#?08)iN1(j=Iq}`+ zZ+R!ab!E-Ic>S38?yrp~*|IN=ikq-8e(0)r{l55`eepwg=dZanK4D_K=AC%`2wexF`(IKKC_NX6{<&S>vL_vIftkbmgP{6mxS zw>_3V`n>cto6`>+POrH+y`n1p(9rz&u*jiUe&f55ZI49Od^fUSab&`jNO7V|EYY?h z(QbR9{klYlrbNf;M5ppZ=iFkmrR%vk4%n7E-k5;9B=%$_?w|fbs(=Y zFfDCCEKqT2JkmEF=@V~=M*F9oGc@+AL+6Y+sYga(@IdIgcMms3JC;W~RYp5kN4wNU z3!4&s$`b{ZiQd>Rr|iCOT{PAd?Y-ueE7sJ1xaOgf#;sR0uKBQWbqS6;<u+JD00D<)KYIAK~z!+3A!_`vq@!SeB~u+k0Dg6(LS(LU?Or*9u0svDnHJ3eFQ z_{{3@S(W3n8^-69jt>`)&y9_5T|T}|F!~jot9M4nHbl>CijH|NdWM@+m3@-;-QXx^{CBVckUF z+p{wLXbGsDdnw_`mB32)4sJ%;r&xKaz|J>a;MaVGvh!boT&@dcT{E!^W1`Co{u=neiw9IU6R8=P)v^oa zPG2RmOabHvxXf?5hs3_Gk+r!Cblu2VU8b)M4D}ltO1Kb$G1pwQag%R8XezFvaJhfGU&f#0(|pt_fL#1@oD zrY}M~DTXh#e*KLPoSeY7RANVj0rh9TbY(-iZ z%6f5IFebV+(A`VjKXbU8zs(r8bd_MAn#QJ$i$ZE#diS*5pDrg5co#o zErhLrrwH2tZxi^!A#ZH-+65>l>;)_*ybAacp!`1X)JsW0Rj1 z;8y-4Q(_fZ!7E{PDiV7KCZ(;d!A=*Ln6`E`!}7GX`az8tg7c85wJ zj`U2XWA<4bS9laS1v&><6_W!$g~85)APcQMu)K5B0d{_-c0EaAvJ}5u6G8O`rUc%_ zQa!oUUr;)?lsfu(fomRhm;XF z-L#3~{L!i9ywsiDywphPk`tH=Yh8zNo@&IqF#!#qakO`)GV`7~k99Anh$SM%WI9!% zsVZOzVs^so-Z#_+ykO_GrO2T`6VP_74ZKb1ue(liO{4w%X|4;Kr?5T14TZ-GW(;_? z4tef8$Q0k@pv7PsW(Kaa=O(z;M206}cMN!w7^uP|Hq4~+6(%#_r}2J@}C_)JDJdgpCs zEHuC@F()P3hXz(DUV#@#vkGl&@WbL@Y5FE6k5;rF)mGPg@@* z4uj8PbTTAajIn}pL^1`!G_A34N;q|WnpWP?ORTk-iS=p)pN>knV0{{qvv*{9>$9e< zPlJT9Jop@MeHwD}g%rf#!(O?OQo^Y`T2s1q!wS`=j9V-(DPMaF5@DQDZWomCMo8Q; zE^X}^M750Eviu~B+sp)itCnjMf_(pSwxONyXyLltWT|I1v3eZge+N(2^grVudoN^I zgaIoIrdBQ2be>kfuFUN$$rk=`-I~?b z+JjU;iTkbHz`tAYm#o2(&oR}3 z&6Uj0;sdBG#I~UkHWC!`KW}L5Ay`W`L2l4H-~-+i2FxLf=`#GfbVWN_eQ80kL1FDU z%334LYNN|)5(C;mYexMaeI?NVo24CDZd$A^ZH*YwMm^+;uZcxZ5o=g#nN4SmuLf z%X|w7+4z!z6q(UG+#*vM%s~xekps;ZVO_XI{PHt;gDZct>Zw;Pzx<4z<+LubYx!M> zTOoTbGUHUmrve!Gr7veN-!IC+WKqt*;kgVx!^61-CkFBz$e|T>4xG%^eu_WM>VD7@ zP8Y{~oI!4a-g@{9&yTBKF=S($+_$OnS0Ve0ljA&y<;i&{P^NeFQYTPF9^wB6Z%zW= zM73{+NAqDIy@1qu@M`C0F8yK#lAhYKd{&Fo3S4q^oRSma4_!1jZh+k?K5ON3z0={( zgfD|14}U)VRQQYGXTr~cuZHLSFph1Az;oS&v{JZPI`x3+g6 z{wRDs{O{mjhvzzI9=sf89$IIdhlhE65B@gz+u>PvFT-;kInRwc=BeB6Wbi!r`S8s1 zL3pmyZ{V5dAK{r7-$^(Zp4ZmQOY4y9sChCEt;_eouBU10lX+=dDFri6ZbRnDb!DDh zSLS&L-sZ{spHtv3fakj156^XD+hATF!fVG4i#o?VTDD2v_Mz=h;Sa;}aRbM^=fktD z^o7^Fn8#!Aw9R{z+Ec`0&e2xOHqN>{nr*g8+Gd;QItHrqOF{}o>QoxXLy16i1f zd0gPx;Z?^oMh*Op@HfMA&NbdXc>wEXDl99_rd=GUL6mi8K_@; zAjG{Zsd9FFc*kTk{8{h`_*w9m!SklX3V43!cQrhZx$5jPyl1imekuId;Z>K%V0F~t z{gG+#%!4+m`+aymXHcg)whU^UWuZ+jV;v9f>MC3DxE@1GJN5u`-tDwww7>kRO}?Pq z7P}8_44S`qNPPI9+4JWV&AWW&{3~Y7_B=b(#EoO0clqVBs|U|TU8Fu+gQl@?(JYKm zhuod@(vga;$dduI>g*19S2-B^IOslF<9}>s#phywmX#28jTQ1i8lU+eau${uJHGwp zPU745b$s^a`l*|g9X~agoei7IT`qPhTUy_O=F76#HS(ABCCAFqTJSmOa`g3WUY51w zwl-LPt7G%kHA=0cTA;*gsywwW{<5|_{(AX&1+)1v9$&HoxA3$K0rvr(<=J@jloklB zUY3nJ=KdCkWk|li%qiq#_roHg>>T{tEPM{hCgvB6f^0L;!PGji^P*p7yRGfwM_Z%R zy89)!b>+7uKf4ufyC2!Q{0|`6b$2>gmtVMIpj1!!`8vyxKj_vG@~3^dZeNzf*@4bO z%iKEJ0_VBr>Py@|EZpyd(@(8Phh_~v2($XdrW9X;sfPH4C;rcM{}H!Tn)|=T$JO|5TgEmNtf+)|c*?VJ*QZD9Gv*j26_ws!vuT}$@aHKovECrLv`B@oi3*xG%zUoX>xJln9(u3*AT8aK8V|y5#(ANof9FpM6=+sT}ztVR8YM z2qWKTUp{kaapi2!y%)#~-IQ<5JBvqoEs)c1{dZ6JcI3*S@)pi^t1)Y~zZzI0Q}!?U zYjxA)l7b;FCz4Lz7vw_@_MaJY2vZE6PcZ2CFr2&zU2e+XmMbyJ$-J9Fd3U*Tp`83f zgp}(Q4dwsHm)UIX9Oo^=W~%?pUt{yU2r7|V5SPHt4a2`~T?+ILU^l~*-+p51dstka zdSUnx@YWv3KUl{!y3^pvXavq3OK%KPxuuV%$9s+~^VOEZ40JutGEDhW+`!y|*4P8g zI?(l)3)Zp%y>Tc6*G-+;n+bt3)4Jm(7w-$v9?Pxv+5Oc;dL3HHzJCAœn)WQ>*4|b$`YhBT?X{CM+ItP2%f#X7esF?+|I?58 zX-xkkywxihK%f>Y<6!f^lZD*@^O9+W!hK{J+>!xn)Wvc?0RgQ>+gqLkIs_D z^=Q+=-gU6I3UYO7uNA=Bdj$5VM|*BCDni<0o$Edc^jZx@erg19MTXeDlI~O7cwPV@ z@8N4bquSjYch=r~9AEHDI<=P+2w3?S@t&ZykHNAwiuE-O2`R^)lZ!1qB z%AO^qGbh~=EXHMZj->WvDLV7#upPSY@X8Ux1%?X^4>TM%%yX97;l89i((q`*V+@xW z9%p!hVII%bCdXp%9Z24T=lx{;_SsTlsCp|5a}+0axX*lDn5~LWSM{4{bw-EJK-K0q zkdN|rglV5c%+==I!nFAo8J^|pg6&J@y=@L%A@hFrNMZKCE+nID+*ahA4z!MEG9u@8 zBj?Dr<8xQ)a~qO#WIMhta&Awu$`6Y?0y$abd^ehQxSh!==kry{xy{KczewcV{$!Oe z7dhJkS>>BW&UQgo`C}qy8zHOwWs$SJkX8Oyk&lL)ta1!>bLAWZIa%eWi=1tWtnzY^ zvwe|OeyPaW*2pSfE^@Xzvda0)g4>b3O-H#48N(>)qVPI*61S`B6d6VrEGZvl_#DF=;iSu6V7S8YrG^(6US_z~@J)s{ z82%5#9dHQNe9tueiDA4nmwewfgl(Yj-*Nz*eq*k;;X-mQGJz{L@)E-n3}0z@mEoJn z*zR;|$x`Qc80NDw)p^v&e`EMSN@i40G_A>Re#t^9=LYq&mxt z{3gTSH#)Z&`A-c$ZgieB^4}PK!|(@W>G$SgUsfJ#c#>hxqo6u&Sh_6Bkc(a@kz6EZf8IAfq$H$V&{LZ*(Rb`E0{i7@Z|X zemz<0VV&XIjLuy~e!t;I3_of3dBZOoZZ!O+;r9&x)iB@F(z3NR+=VQ4HPFb5$ylDw zjrkL^xv}eqnT;Axr(dX5=3j{f~{jGmhI@wm4bJz!9%1=d)+E$>+o> zzlto!5I*-+=K81|G@m51=qhKgR5@a}!0-u%-LYEAR$}C58s@o8ZSs7kTxocY;mZtv z&9J*pmb{i5`PU6!Z+M;I?->4p;X1>28@|u*1BQQL_*ujMYWO9?uNwY?;XfMw!0^Y0 zIR-`RDrC+h?G5v~N_F}e?r)gmj#S5;r=$*N82L=YR~TMm_$I^l8;(CV^1BT`VE7k? zcN^Ygm}8){oNpL@-|(Le^Bp(U?_t=TLuDNY8u=-PPcwX;;faQ48=hyF{d>)KrQur* zf6uTxw@P^)H}Yo;KX2Hbe?|YdM&4wY<7>1G9~%C|aDeAEv6F7NgW)cQBZdnMpJ@1G z!=nw4F+AOHg<)RrXnC$P?9T5}PL5JlojVQx#PCywpEcZI_$9-CGaTS~Q}W__bIQXF zk1||h_-w=D4No?Ff#Dw*t~1Ox^fX_0PM7k0YUFqWA*pkw;j;{HFucj|4-Nm=usfe3 zPS;@Md@E4PlWDlMVRzn?Wd|7fV8eW$Q0+`Ie39W9hWSpR>Mt_<4a46w>_%8i8SXLi zhYdew_<6$(hWXZ?=KF7kk2n`gUYR_H3g;N^YPhFizC)<`92%|c&evjRjFF#X_&mcE zhB>ZF?JP39*zgL&*BW+x0LgcQk^k86-G;Xte!%ckhMzV3s^QlS^F2u|^Pdd!)|txF z4D)qLm3K1S&+rL`iwzGqJj!s1VZNoQ_NN%GG(5*JU*=T(TEpKmyv{J+`BeS84D;8 zdff_4%5k_#GK!OAcOO8OZD~hs@;;HWyVocB5hE`!TxfWp;kaSm(@~qekE87F^@;t_ zMn1-Hnc-vgS9#AxZB8>h-Ef8BS%&8to^N=8;YEgP46ic0+VG8r*BHLV@CL)13~w=f zyWy>d?=ig1@D9Td8GgiYz2PSe?>4;0@Lt0&8h*v_YlaUPK4|!m;SUUdZ1_{dd>EnI zG|h09;jrO6!^i4}cQ-l_!v%&54RhSLmLYC3B$V$?=igB z@Qa3DG5nh0M#K9JA258-@FBw=82;Gsr-rl4wOiP5p5gX}I~(q9_*mDrg+^zf;ke;p zhDR74Y4}*z!evHhoZ$(ECmEh**j`7^HS+m}7Z_e-xW@1*!>bM7Xn2j`TMTm|9o=U) z8Qx;}cEei@-(z^2;T?t_GW>|)dc#i`-fQ?p!><^A&2XdP{e}-1K4|!m;SUUdZ1_{d z91x-PlV&)}aM-YWz97f3_D0^>aCgInh6fss8y;qOgyE5fM;jhvnD41-`NtWaVAwtT zkTOp*^67>v49_yW!0;l&iw!R|Tw{2Z;njxSvlS`N8Y92O@CL)13~w=fyWy>d?=k$4 z;YSSD8-Bv@Uc)aMe#P)>h7TA%X!wxf4-9{7_*297ei0{T(rub$7<0}f<(NYz$$UPn z`VqqghB<+g>I^g-H$2Sn2*V={k2cJAo7E=g22!46c$(qqhARxuGCbGte8Ypng4=V|B>C0$(A#3w(|6(_lW!pboFgzaiWJ=2!yCe*<1G%k5K<@@UMh<9sjiO``~{S{s_$HBh>!{{5xS@)4w6i z@sWQNP6u-g1NF1O?+fRE`K*L;zTpUjR=VKh3L4Cfz&F47e+rTdf^Bwb-g?|FxC(QT5{~*k3oi~N~&iK2+ ze0TgqVP5O}RoFde!+Dc=y#RSD;g`YfgkJ@B5#9&pI5g_>TIU4ecfmu1`A+&t!XJY9 z{D}Izrr{V8GT%98|B9T3vXl#Ff~N_$0$(DW3!WvM2fj?W9r#LNzQev$n9uQQg}Z~< zUt(Upz~2&%f!Rl*ya3E`DdfIj_KV1c;2#O|8`10wQO>r!U3f5<{UXZa;9m-J+AsEn zC?5`fMwrhG*)O7eB={xa)4}WuQC>zt_3d?{yKP>@MNog4YUjDxB{L^BL(K!nc6$6TTJvb74+h z^DE&^;OB%lgE^Ll_UpiJ2;Twz58$ZNv z90$tjE~zsZ+v-%|q2M!xPX?bS%>Cv9VUF>fDSS8hGU1%sR6Zv;Oo%;%_23D<#N5N3UIye#doPsitmWR9`rbeZIP;Xe`n zDL8~@UX<^E&lP?U+)4Ns;HdDU;1h)F!6yoH8=fw_3(UDDXmbzzL}5PHy;%4K@TI~p zf~$qO&6f#to(s-3K|7r9;#hDI*!qs}Jn$yr`QSR?D)3g}YVf_nSAcg2F9!cY_!@A%FejqhCCq(y zk1)s6@fj$~#^?X92;TsHUHB&Oe&IFXw}jV&4+(Q-!jFVEf!f`i53+r2P`_R`Q{Lxv8I&>jEVOJ%1ZBlHP|A>f-FF?@Y# zGTczOHgJbA>z00tiSzXFdrVICOZ*#xOD1gb(!5BtcyZq7p^*u_^Ww!NCFt?T z@+S<u==F@wL zQ~wqSCQjd(I4xGy@wrfGRj2Z*b`AWt%t%}S*5g{B)(`u?yQjGA<6FACn-m=O1&37- ztIFL|3YE51xdVA+i-luVc@*t!Tb0)kPOA-jzrDF39I6fn8mc-sgoF5`Q$tmEeBr4f zoQ02h)E0GYsOr)X&R$p4u{JBzP}Q{|94^gHyMD7v>DCa=-CoqOW=x#X}K zv%T`{Kyh|@EIX?%C)^ZHFS~hNcJ}t1-0N?~A~i2UGqW_DdHrLI%|R@~o1B0Bzaob3 zHq~b3;NwBHRrySeA+c3yRgc=Lwunv`8>!7|Q(4rxwyHg%YhsADURTtmwyHzpzDR92 zqp7GHJ_>~oR!zIF;;Kk(RnKjAq4?dm7j>rhwqh~7^#_-?|n1h`(=Jp zIA_AtNK;kkCVa|j4xmd@xJ^@4*8`h(hFh0cb>CUlt?`LS+0EreJ!Yox}&zX7xmn-F^*5kloxevDC&kfSyvU^UKLyOz4-Q`ZWG>#?`??J-w>bh zaD4Cc@rJ72O;rVzMO~_kde#;7YADKUD#|M_%3ClezNIeS@Lb-r|Bt;l0k5h$|9{Vr zgoH4h1IP^S69WV#WD|l$1d zly$5r>+(CCkB4V<%+BhP*tttjsy-FYpY9aiTRlJA zQ0wHMbn8Yswa-_-5H6qY9A01bI2yNptK*Dx)_k!4_ilB%i?wD;WnQ`&_8`HM;Zn?!^;M0 z&B+gr1^Pc%Kfuwu*;(%Jtby)KH?P1gn#;C1a%#qx1+zjGv%-a6>4vGv>a{AX=ccSa z+p_xZ&Waq&N^^7E{;yvA*ArR&W+cu(XL+BsL$+M8W76K@BXi&V{*)}IBJ124Kd#B@ zu_~+kwyccZS^W=Yop&M&&3t~F*7F};{?yu+cD%m3xZT0x_9u!%Q;Ne?AJl%ewcpm< z+F(WicMn(MdktQfH#)RpO6WMQ*M*^?Lp2TAp%rUF4Yi>o_qvB`>MBA-J8BM=h071s z>{yRDYqERsYqkeg5R*b=%$A*NTd38elf5=H&Y7XIwX@X7s%c$K3qyxJVw(^Y*z>WN2Tg z;aI3>9@eU=$(t0~KfrM>a&f91kKyTHx8x0+inreBraAqSuiiTL2lKiIM(zD-&o63| z*7V){^!Cn&FGLrsnx1k0=-(CIzI^@Kd$&Bltt`CxpKGqmy>rhyC;EnuJidL@;Xl=6 zb(+#QH0HG_W#>4f-6>h&+Vurx9jdQ$OYW_Ge#QN6$>a5VnBlbu>rlPVMHXtZ&M6w~ zHvAn~*nh~adx{G%?HIN8x{L2T@~6G;oR}U)Z$R^}DjT$^EVH02tD-DtTiIaU{1sU_ zwfAnz8eEW-g*B6^v7*yFx9(0ivu#aTHte*~s;ohqvNDxbDmn|g45H=V>elUWo$*n` zaG!DW`nuBZl&s`USz$!U&T8#Mqj}G`8?Hk~>#+Z*>tZpcOcy!Gd);)>DOsHgpWl?# zrsxXyMAkVQM!L?RsC%>9knSS4@hmt8qM2>5&XiW8Rz;BagaZjkko$mn2q{g{#)jc&+i_aN})UX9`DX?cqv>b3mIiH+BU zaS&rQIi7rew=oB0Xq`c zo-+fT|44EFxmZFfBXH)*QyU(3w**TPLKS|ez@LA;i^Zt0{uEZ8;<8g%bE<37=HRGC z{Fnkx(_RbpOwa|KlGSlt=c*;OWossHzIOil<@c_Ae9QB9zVPMtC40&aPd<6=j`e%* zJ@WXw&lj#Qx%cGbMJqnZKRh?T{*(Oe(W1?Bi)y0{RdXAPK4~b7o_yY0kP4StwGP$c z$M@W;*P`0Kz91_Vi%?rzz*c%RXCZ(;&&J^I?VPrw;ltx}bMpV9j63H~Ud7#iF{ z!It2E761Le#6LPbYzCe{EKrp+5?RAKRrTBpB=X4=)~Q+xrMFHMA2(s0suG4Jx60>U zLLz@#8Axc=7awY!swbe1uTym&c9PCTkXfhdN?NIPsuB}^2G)yH@v%qBG+OD!sGhU? zT#V{P?8wEa_A*(s7!{ul*u|(G0Ncf==)l*ml9pJEig)tA&0;4?VrqSmOom36uu`Yt6?e15eTM9=FoAA7e|B8>N% zyK-T+Mc$UgzgSMjl_ujhN7!o-*ZO*O>7fH$~Rj0D73 z--AkJuXc^~Jy7na^+MiS_WUQW??JWap9|Ee9PzPW9%|5k`(239s{y;LjULqXW_Gw| zY##<}r|qJhO}w{R--Bw;I~UGT-Zvvg9!lz;chY(vjJoJSo$}5-WBW8fP41fC36-aE zax-nIQ?}eQwyyyA0LovLXKi^;x(9X2mV0=%zy~NtU~v<^$aYa{VSSH%f%iVUs zC<1%|IL{jNu7JitE%#msC?fDh+q}updj+6@@Do4;M`iDa0AmQh0xT!6|Li5~2DDBA za1QHV2!8_bhD7fMKvpWtcKVLfUz|miSZ4f{j=|_z2GOY{3*w=3>c32ar1%IBZf(BCsA@mbofDXcf zJ1am!;&(REb{pv}Mq;3f#61&< z>C4Y-q;_pgN|yk7Fi=I}o{97kOt&-ASG;?zvNz2}TER#RRFSxc+RVVeOHkr;7cd%d z4dStFl1KZ}qed4Kx&ot{D|E$1$BwDuI=*zykYJs!*SdryjXtb*#`zJ{K4rBZQ_H8| z)c(P0Kc$w>y{SEJwQoV&HxGN?MLvDW3-FJZEH#)2`C9Y(myrkMZ4ma={)GO#0QR4T zf4+>{@sBzdSO-S2rvuLi`2v@uunsQp4dCRNz@>OOs!px{QU+)8+#eX4aseth?C;aA zV`{Knk9L!~g#Do|2uR0jVwXXM^P@rJ2rG&H-@eA!n2vhkum|+QVd$cA;jpl`7@1wl z47Xyf1;#br(qTSdr!$u$GhWYWy8c*a#A-LDV@@}mZ#)NF2&}8v#eL9jV$CnLj#_uS z6j=|w6q#Cjj7yRAvTKg@wrh@^n~HYmki@t3IC`BjEIP(@%F^hRL4~O|D5vLXOLTO* z+887C5zCPEMF7?XVC;U@27RXKLSu~7UoSy+e!M0UhpP41F5pew0iKr2mg$g8PdOCz zp*9|VSj2-L9DXNYEwY03B#vva=nOx4L)tT7P@guutJ=NN7gC zp@Sjt!jFp~d1o`u?$d_%YP*X>q%R$q4X5;SxpG>-k1HTo|973{^l8JJ#NFqjSadiV zl7uxrSWNOb2*lV07ng+IFHy<)})9LocLqR83;BQJXG5r=w01 zQTM5+oH~Z6`_vq=yRd_$<@oWo)e|^3%I~|LAH13?djf}2Tr`ZIrlk91N%zG|T8=^- z(JqfFIDws3%raM_Sz;JUt3d5>+9>i9}*b=3Hc_hPFV6OR&QJK zG5%p?HfkBSlW)meRL8?`5n7$V5LPeNe|n4S_^8Ev;>+RLc5>l^GyAw~99$BILb#OP zl9TYl9nSD;jdkP@u5{ezEUq@tEqRYA(~=s_=V}k8WjugNwp^H&pYvZlh-&tS4qQ;K zSs3-Ebk+VdLPhDSx!@dEDe{)_v!%-h@Q6ll=LaJNd`og|Wc2Ut@unI9gR8VHKaA~A zVY@SKI|&9iYg>L8+ZIK{R%~iewJ5`nYiyQ)u+I!{}`Z>#a*HhIn`} z74W3CK20s#G`HkeExkpWS|&HQRBMtdQ+E235OsJGbU!cP;S+-ReUteyPa#K0YU2co z9j#Q&rtik*KEpP=ABLbDkKTcZtKfZh9)>N}_L(HgF? z3ZxBv6e>Qx#?p2lg1vm*1`%?l6|i67HZ14+ImLz5QZ$)MS2@}@E=;D<5El_pO>k5K@;T*nW7@}nriinecj^?`v=759R!^1_`%6tUVOc%7pTrMSP;J*jL3MyEDBoc|*9wk7w^}&#YohBK{Kv5i16y_tx=EKXessWvkv&EL#;M7I5 z3qRNiv#dk3pGetc$JBKNt93w9zbdQ+X?yOa-zK8*Xxw;CY_$&lS|?szgS^PLG^~%w zkk(jg(e^6t-w(kU*P6v}c3Q5_Q2gMukAQCuFD+{0H+OSAO1BpeT<0E&Ut+8QPV#3N z>80T^$-6LUU49sEj_|f2?v1t#_~r{1Ew6@P6-Ry;uNlJY=CgVInoAbFUaq`O;)n4% zKzM!hY+k?Sl9`UG#N`hg&KzdTH=n#_+l{q82f}aMoQv{D$YIEvkar;OLf(ULE~Pa*uhim6zD&Z|u85$Nh5J0Z_QUWEJ}@>fU$+(VHX2>HD=7qnlu^Y>@8N#%lhA^$&5VlDa!ZOAnwu~&B zO~ck1)3Rkf3ASbBZ*^E!{$7G*H2d6k$TN_7$nPM3fXKeh;V%2M-B@O(&0~mZvuw?e9p=TR zEz8tWT5JpUy+owJHsCSDHn1CqcD!xQ-yrbTcs~ele{&xHXb9)(kB8g{xfxOdxec-a z!r!D+L%s)D3t0#G1%&VZvYYjNE_7*-p%D7M9zvhR5c=eAUFef@;vazg9AbSv3bq^b zXnirSgCX=e5kjBL<75bbCqUn`AoP7Fguj*HynN2bXI|Gs?8Y+Fmn<`VT3;+PeaSM@ zCw;Ai*p1f~-Ua?YkhdUTLR#T`nF?tK2}Ag}n+m(CtdP#b5I=!Hq)#&wp_}^-{qE7->sbjPH{pv`@ zIkiDKOT+&*DKNpqdVdmDG{mxCNmw38ukdviO9|(IGU-*Vv|g_|q(kMxgVsNa1AE45T3dm*Mz8j!Q`adj zIZG+*3P+49OC(vRD>X8Qnq{cXC+k78)SS&y>(BJ8%VNuWrcYfDULVml*0k(iEL&c! zVcf;+9;Rg%r*sv}cGqj=El%kf*UOyfg$D!5!(zO!jP_i$%$5cQ?HjP(~FGhY}lpG*jS19O)oouK18_QqhBp_r8Tm`lT#KT z^z6$yGQ<9qcK9Di>45(t73Akvvd7Amvuqi4O?v(3%odcHk-gMRGnPLVdYvDm$( z{n=PA#Ah3ee)OVzdO1Gp*(=f4Yjls*X=$HQbGAHa{d{#mo!x)48o=2;p!>I?cNe#? zgr!=gPX((UqDZZ+sYq3oB5xT*Pp1ySW_Dhv>J%ze9XN`-7+$)n_o`5t15~HdwUq8+ zHl_+y>xDM6lS?(CLR6@#GDCKuNzYDoN)_tm-b=&NdF7D)(2Z1FFZZgkn(0&{n;h6& zc`-cCUTPkB{?s9i_oW_RbH<<_y^b zvD6a5<}74$PH*yJs;@yhS7+L2jcVLxg9<$Wpf|g|F*RpeYE9E2)0uhDmz%K48$)d@ zd1cgT>E)4id8x4rBV+i8oN(}<%OcytE-cJgy2fNlb*OG@ooz4OyvNqJ*>?y&eB1~1VPieBB+hReR#Qb?#%Mc%Gi|B;yFGp zc8WUqZ>&(-tgOgv*;Joiwp1;#8ZRDKHdX7Bp1ELXMe*&(1U%XGLVZ_`7;%Y{F}0#> z&Ya4!veL|PS2}|RX1fF3{3=#GZ@{PIUIp#C5DWIFW2$Fp0pL;d}@Q=NcYF=YO<6G6&m9k?%; zdOn@y#<=8F_@v(6;!t@TIA{J$G%^+;t*p?WC6-Lj8K|orAEmK@R) z9k6c>JTvzHs~0HctS2@io;|CLzk^_BvK!h`ZEEg2$l8qrv!mI~+MN%DWrppG`qX`K z2h5JZFiyc51Ci-IiG8^-jN7#kvc0u;Hak9RXQ%llyUE6%EeHMC0|FS&`;CIBe{VQ` z;fhZO!oF+E!8(xTNWhNm#0ZM}{f`tLc4=c>*EK4 z89Z&2evaUPQz15g4}zt?I{2Hx1kGl{)?(lKW>A|e@kkUE>VR>pG45|G*v0|+y5Y<) zj16lx8}=;rEi>pk%(VM08{TX-Y&-U4x_M~uJWS|xpbwcaM&tc>8wcnM;cSsXFq;kA zgMI0*8fUDb&^eF}CXD`$Lu?$NFBkqA@p#j2HtZ-A(%(+_%SFZ<=sTG(`uiAS;{bgb z$lNQeIJ4QX53n!&eLNHQ#XD<%_)uZ0nh=3;*yp%?GDJUv(|bCM;i=8+_F^6#iW1*w zL*es2_FKFC19rJ~2cNXz#%Fbwxqlvv*ba8HVG)2VN69iyko5T+2+t`DV>t%H&c?y6 zZ!r8FCYa5J4FpJk)$m6<2hs~-{qdq?k8z+c6;~?$9Ncae`6;@kZ_VZU*-r#|ThA;P z4+ZJ3FpBno&TiJ9-M61of9ATVvLy5`Iu;xR<7ZLrEr^z3xwz#+0!>v^e1bY``tWaP|(-C**<%S zw*}F{UCb`eogGkKd2F+thI!_yH1Ro6&@=poX5mH6_T@UOYRnoRur(bkG#d-*p?EW; z9w0VdlC_yhF~`fym){hO=L$a$5N!Og+*7b4IGt>|4eP@40Ku-{9I~nQT(YThp8IUv zJi#Lcj}|;uaK7M)f(r%TB)CZMG{Gfglebc`X#P&DBy2ne$vkoxOisq9YnbN}&I9a( zlNg_sa#C9-95l3l*f7wy*)Z)ntBp4F!}q0;sdrJYWNw_+X8mw3k+q*_nD%^E3Df0I zw79M>nR7zZ5Jr0zft+gEnqwg9+2-U_)9%^SBkslcyp#+Z29d4J2C)lxqIda~7X`YiQq z6SCEF?kv;dGuJ;E<`)9Ko1FISo8(l}2k?AM>Df=osiv>;{nNB(pCw!We>eI(=*d?9 zxzUe=o^180rmaUqPqzA7*`}-$e9kn?FDtDv7-YJvW3si+GWvYz$yPtb=y^<#t^Qu4 z=kYoEFM-i=Zc4J?Dl}KMi`a)vrR{nSXwfdWZ}gwlmq*?PJtK_@#=^ zk!e#38*-{R?)bbJMOS^7%)UzTgSoL^+VckcUq{nt95QUu@kz1v8Dyl%js2#h;X#7g z@2N+Te0hd>WxLWa$E~bu+AuG)^S8!7Y;7QZb6G=?;*4QsoY}qXI*k!B#*y4q-b~yq z>{~w<3g-32>aP~e>x|XkAh<~IErNNxS^GtTYXsjTc)#F(3qBv0SnDT;Z0etLTWnig zO+70O+jwFBp5PD3s84SH1lxAO4gPpswT`aw!*}u8bUCrx`p*%3v9K8{^fwAF5vpkQw}STw<~i4v<#n$YtxEs^gRU+5;lCNthE^{c&f0u zMd)uQo3h*?^vi^v?|-#RXeI9zU3i$L%I;`U~b5!1^C1^w$XHue_~IOz39| zUMg(94`y9)%yJ*~COj&eX)+CG@`+{71n@1-~u$l;Hmm%oDCn z3zIzJ+(B?RvZ?=GV3vzNb>{Wa#^sNQt<4RB`L05%=Q{~4KPZ^jN2}*M{VcyG_)Wp@ z3I0TIXXMGoJzp^218Vg#!Np|LmnzAop838{%QeD=@4K`5`^gY)yy0p6Y!Now1ph|Z z)C>I|$PjL?37fwPo4*NuPuP4S^c?V7KM7=0E?&27o;e@QazxnheVkT5hz!5nIDW7^ zPVf}Lw+rTbF|GXu!A}e3dn>KY3Bg>C*CzOTnB!Yi-mR#*~F~X{}z3XN>+_p+8SB-@#(-)p*9(=L!8t!Pf{LFIbIvOx*7Z zeX-yff-3~yE|~9-xA|ErSpBxt_~(NcYjeNgp9ucBV7~j^+VkBqmUjw%N$_65e-iu` z!N&!^E%=n+4+Wnw9y4WWC&n-x1oK@kHlG=S&ls~AKcj@rRf3BIPZPXYaE;)H1aB7n zYr($}{G#AJg4G&ICT~ZD{*>Sk1-IfD#@O?_s^v7neFa}8c(~x31Q!Xe5qziMdjzi( zyjJkf1oPEFHg9}~z2zN(pB4O);Jt$R)*&1BuY%teEXR1Kg(!y0e5$g7h zpA)=W@Ls{M24aN0zq;eo`=B ze`9T47W@and9eq8Vif?pQgAowl8{}B9vU^TwQKDT5shE!u(qwgd1 z0|fJpJvN_X1oMqNR?p`VmJ0=!3N9DCT<|@D?-RU6@S}q31n(96ir_{s#*lA^1wcd{LLRzfo{ZaIs*%lgir97ra#P_XYFSRo4C|f`2af zmxB5FDr>(}@C$-p7W|svKMLmiuB@MvfjX9@c-6;Aw(O1eXdf7hEa0TJSQ#wSw;!yh8AOg4YOMCwPP4 zhXijH{HWkM!A}a_E_kQldciLW-Y@u&;KPEC3T_bmmf(|u-xJ&@_+!DJ3jSO$CvMob zX1oJoAR^Lf*SHXM-g0*o3rwh&yJU}qtcxB_N=WDh<3%$GtHCpJ^b2nq3FZ2@y z7Ye>faFO6?f=dLK3N9C1DY#1TLc!I7mkF*Fe7E2gg6|W&M({ep8w5Wjc(dR~1=k6F zQt)=cI|bJZeo^p#!G{DN7JO82gW$IWpA`I_;6}k83;tB_=YlzD#`d2C!O4R8!Ypf} zUYuq6Oedl5Dp)-yH8zgWrwf+%z4RuHd19^8}9+oG+Na{kQoq6nvB5v)$_} z5jLfQ%LP{ot`fXZaJArNf@=leEqI0C`vk8MyiV{2!4C=EEcj8ub%LK1Trc=V!FvSn z6TDyWA;E_Q9~Imn_$|RF1-~b_QSirtKNbABVDN z!3~1n5`0qddx9GUe=PV@!JiA}^j_O834-z3-?+Y$;I4vu3U&l@4OQziLonCnw0h2C zw45V2S1{i&XKmzt?6E?hFLE`3w~7acELLZ*9(48@E*bY1Ro|txE&STAZ*?eJcwgdV=u@5L!svy zecXl%9&H$>PTx4gyl*klFz3YGXqZ#}iVXJ#PdD5TTx!?_R~Q})t}@K|dJ7GY2H#6I z=ZYU2PJ^D`FR0G||I%;{c$;DR;qzkJTmj~H2l7>5zK4l?J(#c2C*KU_cLDOP;CBp{ zgE{`Ez6#8_ZR9(^9P^VGgZaFeycC>(@e+9%xV7OQfJ27w0`qw>ZSDd0G`s?wW_UF? z!|?s!fri(Da}4wT!6k;*gYyh;0*^BMFnFxtN5BP!9|IQ}t^@NqGV}9m@HE3ugKss= zdkN)+IbVR!k!imhywLE=;2OiPfI0T2%^$&hj!ga&_&&qD$H3>v)bl-C8w@vqe_{Ad zFvr!jc?Z1B@F_6I($t>@KWCWt7&v~W{y)IKH_UmC97|Kr`we{7O#TYY@iRGqHauaN z@7>~4y2cnDY(u9r>=|0pJS_bI!$3!`a~BhKGPh8_orfGkhs{qG7)8jql-Ne)#UP zBEuuW(+%@|W~GMtj8|M4!erLEA%<(7f`R=-dhIv1OV@~Qf zga2yy5irM@)bo9De>eOTm}5)o4}kw^nD-bso}~US-~g`CWX?B9Hq7_$aXuvVC&8Tz zp9Xg~%yWrjnD3?QZ`gzsyv{J+wKv%?-!)fknCF|@ z40Eo^Y{L=oJj0x~vdC~B@b?UJUjK5#F8E%krnxQl-H zn~o0+cLsB;MLpk#_od;U-~?O`spq@r_}rhI1`ZkK@!Hui-%HoiFpph6_oqGIF_&SO z$MHbJgTWj}(T2zLC5A5s=NablJ<9Oq;IW2ztQQ#Od-XVWqMxh5-!;tRewtyvBkxwj zd{-XFNVMmB?rt~C_vS4$Tmt4iQrgT0|H$xiFvmjF^PPH}Q%e33nDa=c= zj&rEz`~5htfXw#>zHFH10L~?#em(e4hBtyao}r%a1>~Gk@-M)gOF(`UeA+P26P!yx z{S)9X4D*~3#DIl*&Z*&CQ!>vV?F~N*KF2W6B|Qwk0FD^ud8MD>J>X2kzXuOC%=68~ zhF=9=Zg@ZV3d1}PU2XUfc)a01fv-2r^V7|Sc}|*YnCG4uhIx)DGaLrbHOzAi*Y9Q- zyMQ?lmdx|b4-EGLb8T+wdG1+lxDR-(;eKGQyG@((!JMl=&IEITH1;d$AbT6cpUhB!{fmp8J+Qp5dwB{)VT6Ip={sXMl$o=K1wf z!?VCq!#vk=E(Gl>!Pgk(d3S>01>hSD^Bl~%&a~&eD$W@uF9UPF1etTJW*e>r&og`% zm~)9~!?{tUk%=BcpUgi!{fov8J-BNzv1tJvkde4Im9sM z-vhqJ@Cxt*!>hnI80NKivf=x|oV&vOuL0j?_^066hIxISXLvn$ zk>Q8H-!uG6@N&aj!1o&Fy^0?j=JouihMxp)H2fRzFAe_|{FvdL;9nc&HGhZU7r@UO z-UEKg@E^c`F#Ia`fZ+q+KN~&-K4$pO;5QBb1^lkzW8e=AzXATl@Coo|hB=PlZw^>* zC&8@@{~g@c@O$8nhEIXJ8EyohYxqNOAH!S<%<)LDjrRX4 z7;h9+Y3&EMH_YF{o@4k3xQF3)z!Afz!2Jw!ot8|)T$N?8;r{?%Y?$*dFE`Aw$rXlq zzmjv4Sl$H4c*Cv0*BfpNzS(el@KnQ$Gs7@{hr~Hc)SU~NYd8(eIZM>{fh;wg0sevE z3&8gn9td7-I0wAeFjt6KZ+IA(bD8Kf5AulN5#T2bUjhD&VUBm6HJlHA!Egb1ui=T{ z*9>0=e%){(_zlB1g5NdF@zF5aOzu($pI1kLtAJU)P_47y7X0v)UU0mOljB_ftbckhF z@K7@9hTCX}<%xoe1eXft{akCmOfc`mT0QTvTHY-9Nx}7k_X!qn`M5A=U|H6nA=!fl zU!3D!nBzEuT-O!c`cLrZ)r9hffI}b5=a!H&B$RiBzq~S9boY?*N+*9}w0>|HiMqLtGcQy>J?!)e zxoHj)x-gVi5UQ^67nMZas<}laPW7a)lM&6o-pQLDLN=-ghusUE{4^(&m*=D{#eaA3 z(zcB_*KRCY5v~u!uHPNI?qF=viP*#sV-qTZZPQ{SYjC}t7fuVN&L3Y98ChNH-xO@U zJJ`OWm9PKt<=n&$YLeToi7ww&eXoD{ftp~jdY^y!(i+@5eI~qo zV@5hcjm9?y87|>P|UT2ez-Q zp6EyV&WP3j z!P&mFdY?0YeC+|auiol+wmNmkoNbYC^;V~PUO4x3#zy3Cer#K$L)ES=vo{}KvD&G= zD_or&-uy)M1>x%7gsWE8?R3i5I@Jrp<@254u`Bk(c0}jLwvVrxUH^Vx5)d9HHr|G+n59 zF0^4fY`TM?oD%C6gR5VK>Yfc1%?xdd_1qTgWrKP!=&?}Uu~5;h(7{-w?o{XizCg#E z<9O8b$56wG(3Dv3O|f$i#?ns2&O^H?OfH5p#Pvg>1-OkYdL!pNELL2tM{`_sR0S9B5u-qMUVYy3Lo`?;k z@w8CgQ=$5oL;GJ3Z5SD9_#5oAw#Bk{#|9sakw|5 zM8esTD?$-Ih(bG`h=h9v8%EUsJ<=wqHEohI{ZnG$ia_eYK%3oxw%LK!co4TK;9nI; zs0k#_-!&!Bt|HLhw=Z0M%>Q8^`9vV4{+LsK%&DFp-V?j{K=m_z9HzdlVP9>y2->gw z8y<10mpj`Jtl8x|72bc;ZTP@hamuOwEPNz(cy>V`m>p;}JP>F+<)j6Y8s2xSM~2^> zoxjyN87&;|);iT`;k>PmQ|si;PKzW}|H$3&uv-&L*c40D`R%{!;sY7c?15{S3-RTZXnz32y-2E4LF61~tLr}FX0{#HMw)9oousiqex$|E0`~;9hm4iEPt?S& zS{1umC$%babxq_dXRYhjB1bGvS|m9;()vsronLLaKhvon>a=8|a;dzrPNc=6z)a*p zl^J=!*`gvgTIZo6G8(4`XP)a$M;=&lIuB>s=p1TGorjien1;5&$*JKoN7`r)Uj*I{ zvL(tdco1;&_a9^lyYskIK-MjHP9)+qRZ&?YehIyd|bcif>&v=|~i)x+y zABOh7i3WEHB9V-xxf>f!I(7R(jXNClkG)Tvhz-}dF#W81L8M31es(fiGCuFiP(kF} zym#QHx3kD~OIV&L&n8Ab2MvHwlV<~DEY2|K|DLsZ-VD$b=bDzjqiK9?g&*-J- zHcq;W`a#~^t#1F7!`fxGkB1}lL}MyH^=rw$K&=W`qy9F(c?GI#?UP9 z_wMrOMk+_3Za0h$)kH%1YeO3fLr|iZ;o`O>rW@_Jnpv_rijG!&H~ShC%V+1^5Q{J7GrdY`AKybsFArwnS@UDJNp)jHc^4tsruq zI$O#rKxTE)`R|AFKZlpT1(ANHU$twzyvYH%)Y?`b3svufZF)hZ&o}qM`AcVP93Eln zIEiORTKUykR-fnSAtRbQUiJ)qoK_a3*@aG)w~uE&^vk{MYRA_98Pu(AELc+L=0+pGn9d9tlt`H zg!ZIUe=M{mx_0A{@h4&<{HkS-1ztg!&M$~uz*^P1**Jk6DA|PzF)qi$BLfQ}SuLOI zHsWf!i(_G4XEq!OZP)|z0R@pv+s|+@lhp@9gv?(GYov)20+U7l;^#Wu&*(I|s{+ji(s2T@vUV1QMx>o(oA>E1UuVO#id>s7_{Y0JIj_V$GTK70~8Yq;F>TP*z z@g3GVd^+CO5Dgt|cqF$Vaxt3|eNA<=hRqHRfwfDIn0}@ET6RHXaMQkay5zX+YZn$o zE^4{2tvOzM8hOz5TYm(}TB7muMO6HZIoa2e0^QbfrsXO z&0aHEo^QIYstl`Z@0sVcrq@-KQj2|!KF-$HSXAa{Xf$ z&-U77bgXbTuBz@37Zr^<>L0y$Jcl~E?szuKcD{5o#v^;~32{vwy=%|$!qa(2-O&e7 z{JfW3T(i)#aAjQ{RmUfsRfq zuOF8bL@xcB>*^Pw{P)ncE-Q#!Zu(XGW&_=&whvaD>*~;g$gs2aL1bKq4Uedl(f$=N zj2GMMJn8ctJv8rw_FR^Sa(&bJPUZGno$pjiE%rhBI9nfN&cCS-s(k(@`XJM5+6U?3 z?0t|qKeG>BV*22vP5K}@#{qmxIIinZpXK(C4edFN*4Td&Z%Cj=qT3zEw+HnN0jD#Z z)Ns|@KQDx{8ct@oVwdc~1rrz3+5=TfHx#-!sg?iJU9sM6nB-=*8rHfXc4hp_-upr4 zLnrq@TBJ?m>8Ng5q+JlX@|EDRz_7&36s_A78D8}SzTTAI=!Rzb8;(cUtZaDOZM-X7 zH#u=rWJLA%9VZeEP4KU{+HL%&vu5LlQ!Z{a7Cqt*eaGMUOn67MaiqI_<-4&JBi-s% z(Y53E$D+z}~Ah2iCkos;8n!?F56wEptM#*txn zq|YmzPxSEY?c)n$MMa;i8ke|jTyWF4gqm?lyT`Sv7?(U{T*|?5sl&&$$sX4>ZCty8 zaqR<<>v1D>cjUT*kx3^a6F-bh_(`~JBcG3ag$>L7EcCVUt9R5wrMBJp&*vm|y9tx> z6Oypkt|5@X7tmGv@5W7pA0^zI==&|6fhH)!1b;O?{fp6W_%Nji4{YofNN$w?b-XA$!(2B#lU_v5Ss0k#r>OsroL_T;4K&d`jh4GP)fY4HeCMIyEKimw) zP7?1t1rJ?||49RAHD2Lo#6^AZKQV#NTUsSE&JIY*H2iB1HK(7qrZzQ$Np=ndKgLd* zX>*W`&Vk#=RiwK?ZKuqg?hEt?RDyl&Vzj?d1q6G8+hBDeDmKL}FAXp${dVZU#6WNy zt(519anBP255(tDdzIM4#1!a)z zz|Iit48cy3uhRo8>o_FrV+ZrE`vJOA2-zCPsxO3uO0dH^xT!h5U&^<;OW z#TrOpet^?td+|;qf7j5R%HCnKhv&&OjzD;aB~TUUM#Jvh=|LlID#gBlDk%JgZE;vS zOpyiePF;kla!;j9Oa2lA&Q2g@hYpn~l@U7So=JHW{lf~`R9W1@EK;Ge$USZ<2O|J0 z5aPdKz0E-@I7&J%d3|^4RW7VX<%BWHVT+t_Dx=DYHR#R&l^d%uIbtW_1Us7}RcTa+ zN;5gSp8j#N@!uH6f87e)_gaA#pF)EiaDun4Tq;cEs@k6lBTidsk|GsNQcT+e4QFp1cPegB-%I=noNMJi9hrNo`_Qt1&Z+{ONv!&(GNn?r4fjm9`3H>Mb4!KZja+%cPe}A0`>R<|GmzCZ{T0=ckz#tcYA*X_&(taz(ztVbOFv! z?GXm_;G4>O@aGUcvhWXe%k*|2^PIxzU+{F(^r$>*dYp)=()+}w$4;)&;~dPdNpCo& zF0O(2@92vJMER&ZYkFhoo#iVguzZ}dsM6#7z^_SfGtTe%I57MRe`3??#roWVXx$lb z)-+#d3QY4ffoZlyU8ywt1HLBBUU-duGSc-g>VQJ2GO9E=eZD&b&YC7))~C{3L|~e0 z32euw2yDj#fR@{G1E#0cG2O+RnxxBV=G__4oBbz|9h7}2LSR4Qw5HzdOT`5CCr-Rp z`B+O}KAs{l9|s7`2PXveW}o7$oZjqLQFa;Kx6Z3am*=(hW#lB?KQUqDTZ@v?{Sy*a zKDh*+1w0%1&g1V09)i&a#wc&GuP2QBE-X@3;-`set&99UeSJ80oP(J@JUSHI+|fX} zg=GeOT{$>9)(K63;iiAhF0`?85mc>L)-76%^zqNR0Q>5)Lz_s{?Dc#RM+IY!hBk0h z;2uUj23-)b9DEznaTpr;o7uw=&RB0CRyAYY956BJ7WHC`8&D_R8Pc0ExW`T9@$ZOJ zhYUux=QP@#$qqBI!xr^0h0KgOVWlREo??Jh~Z zRPD6t3y;Zu|Co+`1f@iLV>)W%_C}T3uiKc8VSk6Dysi%n??yKv;|5s>Am3qWsN;6(na^g)1+ z0ayo3myR`-(`~4#tbU2AEi#&hpxL#k=(C>8uX9Ph z!qo{AS10iI%`?>g^{W#mtxmWL%-k?=626_ZaoFSMRJPeA;>oB3fJJ&Cch-k8P9Q4_6w zE4TAJw-f&sVt*;b)-(AUoNJ|xjei;$nXlu=&y!w!w8M?76Bs{J$B)|_#>s@|OqB-O z#`^mQ{Jn&WLXr;+EZS%<^!p$-PvqC^KH8f6XSIKmYWu%}-&KC}zV-h$^!z=l^+RTw zNj_u(Ns>pPPSifSjg7~0-mdg0(+!@Ut&C;sNimVx|3NV0F`el#CS!M%UsvW^y`X5}IL zv$6Rrr|l3Mo6KJ(A@*S%n|t@*E(T&#v+}5jeF56>3rLdh=G6(PTI+Q_Qk#T0&Gpyd z7{3XU{Et)-f~#=VuUTjKU;X= zvzB3Zw;Z;DVfVEhwuWKrS`OR5u!mX>+sv>>TMnyZ*pn@XZD-idmc!~9_F}WJf1RZ} zin8xvynW5$nReLEutP0}9cI|kmctqt_Exj7vvqEfmy?Y5UbA>6FO3ZQxaF`<8TNV0 zVbx0zwhaGdyFZ}orGfory9oRIEC&?zzw4m-X8dGo{V|La%C6M^}nmfEy8igLp z(s~e-1rT+4Kn0O$n9R$Ex_DZj))E(9YlIX1&iEBP9fr6*VT*SMbq|#qdbAr6LngIY zBgd}&A=!{25Ds=Ohm3%XfsBRR2q}Whg3N|gLgqmhLU`4$fh>bO3i%bJ4)PS_RmdM9 z??C_O2|WyUqH4% zn%C`i=za^?33(o}8}d8IUI^=)FNiq>v1R5HRn~P5Bo{IqG7`e+E@L44K9vud0GR?Q zhLl2PL1shdK)w&Dh1><A_=b>&0SY8!?BYzLbs+YZg^nQ5^;Wg5-vlWCr<-hPTO)|=hf zhnY6(;Cjdm$SlZg$k~pyI}v94fNguW`BBIlkar-=qwRz2^Ud2{*2xVBpA4~We+!sx zz6eqcse#D0zaRT7L-V%Z0^M&QzlGSXrSjc|K%0N&`v`>jJ`Q2NdqHfSo-Lou-#o|y z2=i$-`u;ZcXX}k=v)+zFSZ_?brF!Er!FsW2ep9``mD<>*_8h{tW!u@lCHuTRmU#@n z3bAd;bIB>ll}MY%s%JyGQCG3c4HbWuk?Mk@-j{OWFMqYSuXZHmWRG&dH6;1wNChk3*nbPyK(rw@ZzO~- z2ch5Q{)(Y1f!K|{SeMcl^G;u^OY4hu$ow%s)`!d&@0mUb;nzjp?SBUHB7{F0J_LCK zasu)egm;QRfP4nw4}DW`kGCVFGo%}&Cxo|+(;;^IpY+)&1@#8u3n2PH`0@vSQ5_Ds z0x}xH8yMF?Zh(9j5`#>G%z#ut=0f;VhdUt4AU}ls2*Q^*tb;rVc?e>+{|(=K>aZ2^ z7=$<8pN4Qj3jS#P1;}2=KFI5kzd+uE{0-6w`6q-6N^o{W5+oJU7NUOCjZeG%Z>GT~ z7-^6`kn8_#MP*qjm{pPFZtl+7&8Dvni@7H35(rp=u(s|7Rarc1PAs#uYLI(jW^w8CtkM}%vTm6=^~`{r zfw=>-vu4biS~_=H@&8n6XC!a^`|M@>`Ld9#*Yx>BQa8&K)mJkZjXOZ(UVlcD#k zRICT;{VA>EdRr$tE$v6=SzAhtwrQi%(yYs?SzGE@I(4a++}uXzLD#>|rz}^%1d>_@Jsmg(?w6D$!=7YPXqACDTl&YDwu-V$DK5FETD_)Yz%I zRlH5royp~^LDsI)FOHL{0;N+&kLRHoEn&4K=-9tDt)@&~@yf1BY;2mO{92H)o2BBF zLY3Bwr&?7RBgfp)G2yXE2+CqYo{%9Tt;Os(#^z~N6Uyr%_9R6?c3ws5z*O|>CF}?a zTdI52_f_btKITW^HdQ+c)ls3S6;oGK6{qBQl&W}*B*)ugK}t^(BPj*lO~qZnqef9u z-0qHewi7X)*P(aB(@2byKPAnCw%oRu#i>01S3<8das50zj2BxSUZ1Lrm$ywk_m%M& z?RkW&xaA_xwsE|^of`LYdz{+F{Z$BmwtstZ7sWl#jmHhe<9a2ZAGb>uxw0h+#p71B zK%PG@RJNrp<$`$Jq&VG?(#_PtH??I(yq>K;ub%xWl_u1mvdqwnz7$N>Q`P&N*FSgj zU88ZW?LE-iqQcgq?Ef~B7wV<%>AX5_9rq&J%(m?u(PlO^@0>Iz9=C0rD&pjwSKEtr zv|hZ>@^}od|9JWHTGY$E7uRb?kG$iwRXpAK@ieO9Cl$}L*Q;d@u{F6MC1M)F>kSLy zjgu6oJ5qWXyTo{EEg$UzjGaHFI!?AX_~V_yA3tY!C7&Blt#!O?Uc0r4r&}4f^Nv5S zEv3$uvRyo`cfOw!_u|#Km#$YzS$}69Ei7@*IND*j4sVN*VeP=#XF~Yy}fn3cY3Yb zHm>`&EjT;gmfltFo7&AgBio#MUfRd~dF|Hn+1Iv~JQ{7CdM)T3q5qY3v;NeuQq`{4 z6a6WD;x%sVWR2VNsHbbGEnniVMs&kH>y0vA@Xo!^TJPS`BFBQZ-Mw_Y@rW7)t9&nv z_vt|VNb~%8y`p`5q%%7nqkX(rct@Xi3|GYcwTt&b?>gYMtarxs>d@<#UTe$tv^}Mz zvukoZS5@(`&;R`S^FMoq4aA$%Yd7!6SQ5{v`W~fP#%l$yRlRQv%|_DZ2)8}LvumkN zy&QO+J>BoUKK2{0$L#gS0?^t%46RMl8{GN%CEsMo9*kZm^tyo8$m)BR>5g{55{P#= zH8fYD?cz=A4Z&K)bKsq>yz#qNK(8XaF}*ir@P>XB@ie>vxHq^-iHEB1m?~GEXOHfP zA0*xZ<{fn2X+sWu>`Bklc^7u?#3l1=>pm$yMDh+2Sb11G zS)t12rRLSCcUo#GSJIzNV?n%)yck|T^=i#K5M}*YFWyPPtE-mc%2SJt>*Z=({FoUO zCv}fPm3N%_`W^^Ar|*2JF`&6?qwnUZEXunx2*nw}*r+Um^}RME4o26;oj6>P5R0rD z!FW*FG8)aQ!kcKcUj4@{lz*wRr*!5G#yKTr6_pNu$T?@mg5t^gqjG+Ev2RMnuj24s`qL+Ec#=c5wHZ_vZ`MjrGZ6W=${i zO`34UGd_?TgX@FNXw_Q}nYjBNG|`lz$au!Ic$ z*N+Q$yW2iCz;6!Xo3-KNZrbp(J3iAOT&Dwnm@KB}`aTlYdi&Tx`58E8{!BEPZ{VED z3jJAP$@GJPx{mQt8XIVJXH?rjb|K$D)e-}z%$eiU_S80UpcH4uR?eptPnmnm5N%OMhBzFzJYjbGP4*x zaG-u%F;FL~a)v^n<63QOS3Id!TMqu)en5qKpn*?LVUu{%!*GtB9W_qwZtT3gyMPNkCR7Ghz&Mw2f4p-uM{ zu#H0x?+?VIS%TSY*dFXlf1|&zr(8PFcQ9e>f5#y<4$yZFI(QWeYBn3jsZ7$}GWaXO zkG34>@gz2$zmLH-4$ybcP^5v!rgpPoA3!1fy@v`d#X;ymk4tgfADuA{`y97f1(?2U zonW6xNyR^YTD#5@^?4L3wOPAP05RjlmkYaGYlKhQapUw>%iJ%A9oxZfHY@^=TL^*6AYzjFAaodf9wvHozGh#%uXUjh#Nq1FlZE%H-z zOW%s`U`hj&5$J6_vs^s(>^TGIb8)`9oM1NV&+gk#sZa2o{>tk48EjHB+)tFj*tcg} ztq!7PST1h6A%P|>#rVvnw*}P^F84*pg*vEy879MJ3o@KXg0}@#PnP?vA#V$+N!M~; zmY)7(O>@7SXABDJmnXz^LDfUzy9n>)>*DRI{^po{o=ZER{DYc>%f72h*JPkHaH>xa z3?@&;Aa&Y|!5n}!v9P0AGcHwW+V{(MLRyw_y7c+^4_i-&-xSRun`TWH%yW|8RNnx> zuHYQOEQhtnDI?B#f=3D-EqJWpe8D)x;(iJR-z2z5@HD|Cf=dOL3$7GgC3vCWYQf6{ z*9yK{@Cw2A30@<3o!||E9}>J-@S}q31V1TwyWpLI>jl3kc#q(Hg7*tPB>1r4qk`BzT(O62YZ{%LP{ot`fXZaJArN zf@=leEqI0C`vk8MyiV{2!4C=EOg87GM+MgjMmO8+okHD+OO8>?a#$T2l&;E|7@84KNS3_VW@qd z3I5VBeI{UlV(Vm(VfxQ8OrIAC9%~qC-?f4Z4AbW%!G(tD=R1P=JKRnfG;&%wf2hYi zaJ%0y{X8V}hYizDEA&BI55L54$HslkFyrnO%$LPj8&0Dp(+{UoTR(Zoi`8@OL#yX> zXEJ^Ax7B2BoR)0$6AaTQr#@Rfr#)NyQp2oUPJg!gmkcxRX<_pde2=m=>kTsxT;qy* z+H;CBnLasH+1d|)!rDwSOdB7*6H-qcrA*c2Kfnlh9shHMl z?K>H!J%5HpJzOj1I*Hs48ht0jR?pw0v#;`8^^svt^IdED@DuptTCeok6>-U_1Z-Td zmHM8BQ_UEUzul+afu3yB;xEdnPlujt^*fC|1A20*83!IT`T@|Bt^O;cccCX+{Xlc< zVIVPdC-%sew)#cgr02mTw9NRMng}w`cpLQl5(8;!mYda~8eGWwgKCtLlUMqdOy+3FuO`f1RUt)4%rVE#*> zCtE$&E2F*?da~6|HTrVs$yU#`!f0O!J=yA?H2Ny&$yWcW(JzFaZ1o=+eKquCtLJ)L z^uG*xveoAreJ%84t1mG6yP+pr{q07-0(!F5^EFNMe;@Q@tKVt#YoI4v{U42f9rR?Y z|H$Y!Ku@;%cIF)Tf3f#2@Ksb-|M!`5P9QNs0z|pPNeB=iKtR-}C<#Uc0YyZGibA-f z;UX7B8w3;;6&1WxM69UTqGH90l~$}lse+A)iWU`ZR8+iE#TG3-yuaU`wNHLYKLb%@5kdwXqDU+{(ob2VFntUzfWG_D) z&!cH)9pq#$FEsgj$jM$l)Z`l=CwuutCa-{;?B&Z%z6o-&mv1onX2{82{<_I4At!tJ zcP8HoIoZqG*m-^%f`lf8V5$ul7*d-+u+&w`xn<*QBJ405uUKV|Y(kdwXquO?4G zPWJNeOr8rl*~>4p>uet6WG}zTmi1FYj#fk&u(UyuZmuLr(VcF(w}eIoZqE^@#Oq669nrZweXZWssA-{6v#ahn(!? zQ%yb#a8+7}m(i%ONLw`HLo>4>{S(zcTqk$jM%wW$mIxkdwWeL zPWJMlCSL+M*~>37`7Mx>y?nXJmqAYU^52+z1>|HeuQd5e$jM&*p~+W4PWJM%t^Kwd zag^43oeA zZ3S+E_6kD+6Vv7*=H&JB$XFLcJ|=e6Waxp(^D)L~YPcu20nYUdIHg4b)Ncmt#w7Ex zzn8Nq8Q>hjkc}z8@yy`XYiYY<-s>MFe7tap@KE6q!lQ*J3QrfFD}1@|^}@@9|0Mj4 za9iv%pXbwr*~QzJ|G8ja{yfG4T&ox^5`ES!Z|6AN^Lj2O+rBsn?DxfR%FWJr;q%E> zp0h-Lh44+n>xG{c-X;7G;d-cle!YhYw;@|TbI7)@dkPncPKn5ek!@Q>hB3pUIl>*tRt~2Kj})EJBEL-d zCeitY$R8wId9D@t??wJB*|zI>(Ro93J{39bdHoc!<@qqOt*fKR`;g84i6S2*JX>@w z6JA8N_P~9@tfRhtg421D*`D-rwkbU)gmZ-pgnJ1W36}^DC)>7+6do%)QFxAUx$qUj zR}0@Re5dd#;nl*A2tOwLobaE8UlD#?n68ifcD*nBiSQS~e;58v*nP)h<+}~MChXeew!g-S zobTg&S`Mw@neXE~-y*zB_5W` z981H?TM2g-?k3DpBE0@7!e-7WI_ zggM58x4%)C!!&sL+rk{R!OOoD<{%DU4xi*n=9ms%-a~kR@L*w%(%|(c3oj79QkY{n zc>TMDIY@(-KPk+i8NB=rVUE<`<=+T5koL3QM|2W-S78p+;Oz_$=I{(&K3K z;bP&FggHEew{x!W`NHm=!t!&4$gdW@S@<^LhlC#yUN7wKHOxMCHN5D!O|SEfpMN&x zo*A0HduC|NRDN4hEYjYYG zicW9gBH4K@M_^T!fS=s2_Nhpq(XEy32zpz6y7SlO?bQT z4&f@{ox;0>KNH?9yhnJi@IGO^4~lCWUie`5M_HoNO!#2;O}V0zCw#E`sa~Q}DBN4P zNcdp)UxP$vi15Mg%SMXMXkooy;{byGS~E*{j&Ql~eBp({i-Z>oFA=^)SnvB*h_X_V5M#qWd z{^B>He&7And)0)b%@xiQ&KE8a?j>9(+*`OvxJ0W6w@NnUg!lQ-92~QWEB|JyCTzJ0l zLg7Wii-ng6-y*zBc!lsv;Z?%!ovf9^8j-IRUMIX>c!O|-@FwBS!j-~Xg|`V;3GWo% zCH$H2Zs9$`dxiH2yLZI4y>WS#k}8Zr^^$b}BjY7GOSqYEE8&E2u5g}kzHotXFX2Mr z-oiz~CBprM2MP0=B6&w=LnYz&lg@OyhwPl@Dkx$gqI1g z5MC*~N_e&K8sW9V>x9<}ZxF5!-Xy$PxKenl@HXM?!aIbkgm((>68=nhukb!$e*EP3 zZ(KN4I72v7I7_&ha4X@2aISEkaK3PXa4+FP;oibU!X?7}g$D@_5gsNyTzI7LBw_b0 zgw^foBA+EZN4Q*gzVJffMZ$}Pmk8e?yi9n7@JiuT!mEYX2(J}hC%j&GgYahIO5v@- z+k~rxcM9(k{!Dnc@E+m4!uy2TojO@>g;RwygfoTt9imU05N7`ZFV7Qp--lqHp+Mxl zgbRgx3$uTdw^<_GUwDx45aD6M!-Yo*j}~^{s9>IfgLwP(&Jvy@TrNCcc%kqj;l;un z`rF%g-@0I)VWr4d39lAjBfM64o$z|$4Z;<|n}jzDR|;fnyi<6W@Mprih4%>W z72YSz4pqK<;=-xI?t31jVaODDmT)uSR>BG4TwxBM?$_H(n0-&YytiBZUM;*vc&+d{ z;q}5Bge!zM32zpz6y7epL%2$Kr|>S}&xCgi?-AZByib^JDSSPN3#STa2xkg&m>Qp! z{Wm?g5>5!`3Uf#sub(emAnd*YvpQKQ^4`Kl!X?5SBFEbwBs@fTn6UeP%+@thB6&w=LoxR&um@uMZQpYk?>;SWx^|jR|>BZUM;*vc&+d{;q}5Bge!zM z32zpz6y7SlO?bQT4&f@{ox;0>KNH?9yhnJi@IGOTvzgpSap6?q4B<>+{bsM3$Xf{~ zgmZ=Sg!6?9gnJ3IPn@qyy@iW}ON56A4-+0PT<04?t9#=_XOeK4@O0r>!gGYnh35+| z6ka5}Sa^x>EyBx$R|u~ZUM0L*c#ZH{;dR36g*OOS2yYVJEL=FT7BAk?>;SCBnA|FB4uNyi$0T@LJ(@ z!s~@M2v-Pi65cFaDZEv9oA7qw9l}+@JB4=%eg?xKOyaaDU-J!b60I2@e+@DLh(uobV*!GU4gMvxMghFBD!R zyjXaN@GZj2gjWc!6ka8~R(PH8df^Si6~dc@Hw#w^Zx!Aqyj^&QaFy^*;oZV}g!c;X z6Q%=2UpL~yslpk;nZjAZ&4gPCCxqE=+OI25IA6F>xVLbTaEWk#;X%Sfgog=_CgZsw z!#LqdqEjZ^gYWK5{|b4J&tZz$pNgSa_+(@H860ff27HEb0hs*|nYKTeL$i_xf;ki} z8E*a}7Z}sm5r;gcd=8kyIs?G)4(@mmxS{c>;KPhL6mLsomSMK>Sa3(<3E-~A7l4m2o&`R}_+oG$ z<4eHogb04Sv#i6Zje97r|SM zUj_4O!Jiv{2>#mmQ!u}2r_LAP{l@Hvk%ITI zlz$ISH;$o>G%~ISZfcwcZf(qd8|{oa{B3F_zL6W!Pgjb2=5z> zdA_;TnCF-~jL!n!ZOrq{uZ?+*dB}Jo_)%k?SAK8Ip}(Ip=CJgCGQJ-CqVdh(zZm}l z{I>D!;P;L10Do+J7x*h#_urZe&)MQ>KqMz z%=mclQ^v*MEyf(4`&HvpzaypbK@c4?~FN&cl~;y4*Pjz8M9tw8=nL2Vmu05 zXgnU=*O)_g4>D#QIm?*!g8dGdhpWIB7;{+f*~av5H_!MN;A@TV0N-lNA;9l4z6X52 z@vp&;8b1Vn(wOz=Ipg1f**AfC_yd^zk;xmt9~f^3)88HCAA!F${s%Y)8Re`;4UAJz zeoc)tz}d!ZyL2&b24+76raczi$G8YQz_=gy4C6n7&o$<|=!wScgMOhg%lqfX{lQln zp9;RwnC}(Ymx1f0&%b+(`7ZGxjm8{a{m;gm!0gvRJM7Q>S7W|E{Mh&n z@YlvW!0h8defIONkLT574$t1mnC}={8na(Wdt;V8`$tp%EATPKe6Ps9(v)*p_rb>B zgU>eR{wXzPKavZK>9=CGF^7PkXUw7CuQ6@~W`76TZ;R$`dy@b4olB|*5o|I7Z`Uz%%SHgrys|8#z!E&#`q}2Hyigx ze5Y|A#J@JC-^WLcIpqBl#{Ch~mm}>DM*Na7^Yw=D2*mFjpM&^wO(&Zfjfy?qoa-e1!1~@bSjn?vst@fKNC6Irtpo%fRD}7l5Z3F9cs= zd^PwAW0u+V#@B&wGiE>ayNy|v?CZ_^{{sA&@e1%$#=it_F}uoRAzo_CXJdC5Z$!+#7Nj!`?N16Y;0UZzKN3_7aQjzUSNC-;_Hm*$Mja?k%;dy z9)tLPV?K*|)R@nWo;1E0@pHz%K>V`torvEu=5wPDjQL#TOXFqWZ;k0cHHLX^7yYL; zFirV1q(wP2M`xxhd2N<^ppJCh?e6H~k;EBdZf-f{a4*YXt`f9z> zn7&$XH0}q!-MByaUgLq_hm21LKW=;mc%$(M@SlxGf?qQp1*XqBmctnE$HryguZ^dH zzc-!*u8)cO7b9jFkuOEu(zqNkx1VzQx9e_9U$e&;--q}_Ul(>LBD#`D1&jN_T8W5$!fuNcn+ zzioUG_#wS*Yhp~F!L5xG;Eu)}z&(uf z!N(cXukcC6gTSX54+W1f9u6LBJRdy8_*(GA#`NL0z&PF*=P~0&;9HI9xA-n&`YpcS zcn|nd;|P4$J!zZ*e$F@*{IW6q9KU6JDEI^8M&K`v>Hqj!Vt+6{ zYrq-C4}%Xk{w+9R{5ZI?@gKmwj4Qw=82<^}-*_{a{uOEedGJW%m%tN@w}Gb{{{?)h z@tfd<#yh|_7{3EvX8bPr9^;+hHO3!-e`owTxWafh_<7^MgSQ#)1;1nbPw+0|{{nwy zTt5rGF^vxa*TXVyS0*^q_%Lt_<7VJoawhGVTLjVcZwYeNX+9z-x_926MksehPS#@nG&qnehlP%a?XWg6U|IJPI+(jyw)=mhnWyEEmepN6c*|PeI(%cskt z0_PiZoktmO1NSkef6$YR=_7QY@lNpR#vg&tHvSBJuJM=PvBqD4CmZhtPcz;Ro^2dO z{Bz?J#0!kM9akGSLVUe(Q^YqLw?%xraeKsf8RsFs&$tWX2aUTSe#E#3;>V49A%4>M zXvEJLAB%X4@$raXGA=^A-S|YrJB<4wW(aVNVZd#BB)~b;2QNocIw|KnE&pyVSGYi! z@0t8N$Ns{@ghvaP3G;oMPa6)&XTpWihs--^P`@C+!(+jvN|| zvvnPbrZOLh>JMiWPr2Mh_1{Jmk3*>+=Y!O_h*FLqZ)1tpi!a7+{nX#$H};n}UvAZl z--X|_-{a?y3;1(Y^5^HENV*&OZ+>t+XArm%!3ylxp#7mu(qo6VJoL<_je<;!yA{oi zq^F+%5o{ZxX2cspicB1i+o)sHk4qnb6Jb5d2=zO_TB+XwoQXT(79vZGD>~T`Np@^MnuN>4E29_Onap{cl-N(lc$a?n>}uP1Tk7ZlS*e!8fCS0EGyg0S>wiypU`a* zx6Vev9YrNbQ1eihZmVPSV;sO2xlhCP2SN3?vvr1>?LKMR6lA}2M%no8I<#(bklyNH zZ0n9HTWz<-V6({?H-N4CahhED0miURj++*4=%|U~-6*(j<4xbC#K6DYR2#xJSt`t_ z8%Ov*Ji_n4cc5JE%y=Gu!#d3U>gzHN9kgl=K5%WFp=fIkIxEGjL&W~%acBQME)X}U9aCgSd`pV15J-IhC)mU zf(4(ZALc!C(P%u2Q-EFv3&(R)Ph;jB>TdZ&XvUkoM3_O4^$Y z_Gy5TJj`4{u;7=KW8O0tJ&2hE!Gd4LZ!UDb{5CKbGOia{NUnDY*rx$T{)`!GGH^Dz z>^iX8<9C70Afr8&2bVFv7n9oK`(pZy^uaIV6-({$`#_&RUOc_Mhrvw4HV6ZK0-ouO zV4lc{-(RR+Lm0?`%m=Uc3|9c+5}x(tk5k3{bfEO>j2-KE3i`M7xS`wCpU-G1S^xPKt7VXrrKD%b0Sx98`5 ztn#{Jnd(y7*PL)(w}A7^O?9X{_NkUM^_lDH5OXzA=UIcQLyQl2CB$mfOxlwME%fS+ zb=oAEf;nx>{MNdZALyFLRW`v1g=tvUB2m3`1QJTjphFak-KBf z-<^xbuiy?GrWn(Gv~d&D`(Tu{bIZN;u(d! z!@wQIkKSYOzJuY%?=i-4eK;J#>(_tp9^*Z31Me?>gGmGKG48=U?hR%#il)5eqWU)? zI@mqNNUFqBu5wZRHxRjdj8ixtq%J^|(t}*%9^+X^{?&U7o+X1{{9ka7!Lo@)HgI$P zKX{M9+WJ%OFn;kb-(mP0DBo@m*JSq>)#pKoUCaO9b(b-7a`m0e!ESndZuG9>fA214 zm5#yP#-y3EW;pt>y9>V~|M%VkhdP6A-E;*1pS-siAhx+4o+%Rq3%s^5lwk7A`C(|Y z^+wFLA}=Rg#%tL*n0#J=2fepA3(M3V`^X*W-ojn$X~@FC?kz6Ga$WDi?k#3RPuI)u zGIAl~b|4GM?Qm@d%=>V#dy8wJp!V1=iPv%3V|j2HSDvfgbCE57c9L6_aPq zkA+??!Gd4*BIdCu8TQI{{LsC{)kw4>nW}nSw2MtlhFmnq|CM`-Uf8LLWU6X=B68^S z&6)o{+*`0NF>oL0y+wFo_1Cab)BTBx7iPJZK_`8D*GoEsY)Z58VpJYCx2mD1*$kKCT}UTL$hN}KL#|5f`S zTH11GDNk6)TQ*+PXJ__&x@chW+*nmv!R4FwElb@!A#+i*VnV_43D-_|^Yvx%MU68D z6m5Nb!FO-(o?3A2HKV6wR!t~)e)IX2%d!^bWR?_FR4#b4a`zN2D$CqGq2QBU=YO#* zcTvyCX+>3EEO`Eltz}#^HS@c@TPGBpzdv$H(eC{Va-PooWPjgHnHS%5H8L^g>CCy& z(N`rf-rVj}3s%P}N-{HVUs+XBuq^F?lI10DZtEKjG6#m4SluMEWaaKV3;M?&sI0m@ zbNB59r&KPl>>G_{o*ZUnbvr2Zk8fR3@W2`?r>4F5h2KQgF)t$ROrxV9qD|dp?tSb>nEg9s7$TkXr zXl2Et1*=n+-*I^~c;NOo-+%z6keWFt%-izHo1)QcD+`VXvd*F+T+Y1VNAvcRwW)?9+i&CHe;@JILdly{0zv_sBWA{e}_>7=@Cf;;8$_E*l z@mxXq*C?Ngu?36byC)=AJ`+$r*G^bI0hz&$%E~;2xq#j8-mZdH>hj9bQxe!AE>GuI zX7*!FCgma}_SY3id;S;m7bnKBXtpjYxb}->y)q}P%q$KIX;HncV+)q=A3Zg3?S51S z?6-lEt&3gxOiJm0SYi9TBcs_Z-+cYMJ)gY){L^owe0$i(?YA8HN_O+7vs=8E-R!IE zrj0jFcXfX2#|z%eY5d00Z!b)HWXs)eN579xiB(k%JG@WIp!g?Ut2R{}UoYqB_;XK1 zcfXVvoH02FTpjJ%weh6j`F1n9HhKPwjI4_N70*vNx@V9PzqBN0O5?s$noM}-$$?#a zzA(h=XB;{y==aI~Na`b-@7}(2*MhwlHr`m^)<6Hf(pJd8)1_@*hz`wf@>OZes@=n0 zDQ!Kt;oGsEPscN}6VcMPLrb%4y_G|7RBkK^=f3OF_u=_{PmHwe-usG@6(9>&X#0LZe8V$%E&|^UHfYS$*4!Cf@f&ohh+&$ot0UHOr{9bRw|I1mAKey|x>51GgUVL)n!wt*7>HO@~CpYO=usXQ4 z-}l>>&7b`6KT589a>30PF8lt56EFEycIvtTW7@a*d(ops6{r8~ zybcdM_q&hJ&FudA8CfOK1s~qMee*wG{piCN-pzi!{?X4|-Qcx7pJ)B-q?C`}zklz& zU+#M&I&I>$gF0W|_n7bYFZla~SLc-8IVGd;gYQc|`QxhlUwUWY=z&lCefox{{`l-= zcjSH7@$OHqEckL;O6x`OW43O4`;|Jw0~Wfu+WnHkhekE9&ZFrId3EVV(jenv`a`k_I*{viz_ zv3hA4=~QGRk<$0u681K0ev9i_BYhPCnt=mv9AK=4nFcR9E9%p-NarF9FoHrRa#BWTA z^Db_Fpn07KNvK~C=lYRT+Pyw@W6JzsakNHzygo7&>dp^b4CQe9oME$%^;ypD$Cj}A z<2PX6z-WW+J;IAOfT^-6ly`VeNM%pGl=p9gB$D<7eo}(qG(_>Vv7BiT6i_McLe8`fhGHh;kZH4LMN;yE znV88;W67uV4%lHaEA2YYoE)siOtVOOTWa$MxoMB6Uc3u_8{FdrTzUFH{5XvaM=lrj z;=Iv1v|gP3Gt(zg!~HBmGMJbOL4(lRa9~3g2v=T1=@JOinF}#aMWknM%FNLzR|a$~ z&n`NVlxqUoiySg$_Jl~vb#6gCtt*!-4w$O{As3aFMN+O0=v{tDq!Ejc*mwb;Poxpc zD+Bw$&Br25nqXPVjlpja)r+^mf(A@cFHSv|*!6y9;_i{GPoWj97mcyU@?qm<;uDd2 zQEuvCb4W~bIP(=vk1hpAvU2bf?H7%)2Xd(2FR9-z%It>v14I3$-Juse$)wCgu!3I1 zn~lX|#3xA%&1TLTgIVqY9$wA4<-wD*G#pcl1b&V{IkgOi#l8;CXo>pWt7R}WcG*@e zs2AskH!b2y=3w3pm>jHNcV4%WIb6wn$Xl>A%F!`lCMbfD6rLV1H#AmGL#_H@^}%CY zD+4Qdu!6m9otei-YanaJ5(*w;0kLV`g3kfU%qntq2941sGRn-ci*5s#!yKCL2ki(? z8^H<=Fx89&8}w@iK^%*laW4n`cx`ma9RhVpXmNHH<@pY#=2tlt?zBT#N@e4xVkr-xE|_iOw(JUS*)YydpEV;AEacKf zm~G2_F$_~;5EO!IDE}?w*@Xb^BaU{3{S+-nzPU$MVj&B6t}EQ=Tr7?>{RBV3o%o6H zWEre@73W8n$2+;R{)8#qS$A@0vF~eZm#MpW+{Kp8pV!(I_evf}(WOOU7Vl<#rt-a);yL`v^;Km zHTwixenhz3)q1O+*x*R^xmbQP(w`G9Pf6`FFVc$jq5u|BmtxoFq|R#<$@Y7IeN?%I zrA2-XE6oBk{IQjb2cg`LpjK772kg%*Fq5@?SUU?j+6f5?;= z>rVsj@79BdM1m9QVO&gjcB@w7PVf8;)S_2LS%eup z=rXwT-Gw01{{La3$LEWV24EE`v;P_@}~ z|Ct>6>+&wP}(>f%H3hKiGF#P)eYI<8ag&l zxC~*~IloF=6MD%^({6!%l$YMIdGeDyt^?hKT^fAd7j24@3}$VcINRcy%L9Bk*aM0! zuf05oM4K(`i({#knv-w*Xt1@dmj~Mm<)>z}v;LN7O z(?_@sYnKw~;j)+O0A|~#V=<1;UR;3rj*`TcU7iY1L#tQUr#TaJPHqB|AqxX=*4LF5cZZ5^J)$m^a_LzhQU zy~wbe<7eI+CsV5)90z<8Z(l=?Encjj5w9^pWF(^=nCh+{m4>>E5)MZ);%T(5E*o~p zE2G044rSzZYvxt#c5%AH7`X;|oif0aW!hyF>Yk~()pofy9>+oCT)y>qEyOBBQ*d&C zv>cHe`zLZPKdGFnfXpa*O!z>+hh!$tL zk)pK&v!k&p(c&z(U$k5n?58F!3vJ3p_TbJJCol zVw~$lLm7SNa3mvl7g(nPXFG*67=7>XTt;5EdW&&Ja<_ljOkRA>cDh3uEyfg!%nR;f z)mj$H8QtsUh+TLXzwcwJ7dh|dI8Ftj)LKT^m$G5J+EF!dEjy=Jf?w=egk(Z@7NLaa z2L{)KLd;{8fd$LJ&GCV`*of&_O!{FOv?zX~Y4x0(9FWt}St>(bYQ<-<@KBe@87`BlE_-vG-JiSP`jX*G zU7il*FCKwJW3jZuje;c2qaC+2NJ~vpL!+O*v^=e~rLB*rAKr5Fq&=S(U7OF9E4Mm% z$vQyVLrhkl*3PIt3d*mo@c~l!t#rG%&N{GPoJ@0&l9c(SZnv18U#i>TW&gUB>e4{f zGRt+>R-T6Pi`B=oMyFE`HPn>qp{g`ZrmVK+ZMYg|TU)(`x_Ykq*C_#C%Jb6vmQ|NP zkXF64+8!$JLCdE+t&Q6X|@Vas*No%Bs$O0ToDa>%}=gwG! z)f$p;wa6+C1OCR{;Zp8?<0d%_^2;2D2l8BJC+2j*gEu_1!=>RlBXIg5$GEPVN9>(0 zJ6w5~9nD&bOB%}SIlk1bs-FA3)MYu;@hb^80>>4~3+0brZfJlGKIA@PC8Ro`M9eY$SEFL>;HoDe8;Q9-VEi0WlbJRh4+Ei=c zv_E-P1l^cs9o1_TVEQ;&hs{A$8ksqM)~GN8H9Pj`B}=;wjT=96Y^3gId{f3xfhFd0 zM(Navp7 zkL3friE{|fpm^B9mc$~%fZBZt7XQ#gIZ+F`y{>$ zp^k4EAIK)}JGfrPyiuY45KL{2ry=HcGcE5r(9&`GzLk9-n>U({kEyd16Ysld-?z*U zl$Pbpa&!9(EB0jwamYW=BW=d`veIs4lV^>eQCilmPF)SZ6s@(`)!YLv36JIjE(%Wu z2V7)lv;!{Vxu=^u*L52+b7mye@tx*)%B?;H)?FqUt&zl?vg@jA7FEAS{&a!MoGZY| zGp0@H#zn~CG-kIO9+8G?7&m^*?1`g(au>d`X=7^``1f?_!=AOZ%$e2gr}ghkpmMR2 z<1WpGUikGV6AC=H6sCL@9-wC+raseCkMn(O-rFn0ygx|+llG1krhGo^OxobVulCl$UVq4#KinH7?eRcY zdy_C<y-d@<_dTEbO(|rE;xJ&I#$GkfsAZGA3ekDwKCeE-d1KPtaVA9?M z7*l(EdZB^K7@opJX4x|wOz%%v#_jtty_cXBlPXIw^mJ!{!phXVH(9xP7U=vvF(oSxwmG}>c1dV74= zi2v&291Hx#2;!tYzRA`6?S#DwET_E|rpNr1nmt}X8G7R&%jXI#cpD>Y*;|E5&>K3m z$9nDaS60j3B%DBSh$MrzS8jTK!7}LO9$>u}*II8C*4qo2<$Bv<^6R~!mc0!)xar%} z2XFeCTK2Mz!mD9yGwo$#^7fY3vPWNEr}#pGp11c?I&$ z{_-$+dpm2{YmNu3+;={Bdw;EEZ+8jK2{_@&PRmBktk2+M~^X*3xT~ z2peLx_4rYd?DohJ&@1#xh-r)AaOipF`~``c_0%upH$cp*55opmpNG0b=(mIKPJJ5c z-jTrm6@f>7iK6yaz#jEjE;xlG?V%ba&&|Nd*c=>}Nb7^Q$5_O89fE%D5F814HYTo% z=U-l%{J9<&*^11sB3SVD{Jf7JY2Z!eD+6cl**^ zH<6J5XBut?1M5rRMsskp?k85G1;F$?(^ZF9jVmyhx2awTin%jNwJ7FFQ0LoK&p7?u zTJt>eszb~jIXcgpUmarZU7^lvX)`~%$2gA@m4sN0n$G3EbV8+=Ye7^eh_P}=h`D#A z)q)s4h0+j1jpQ|gf!F-Ts7W|HlY#Y$uW}f;j~d~Z*92ZOxs3Du5HqlDH^$#kHy8d; zhwVZJUb7ox|4(pp;SZNzZ1cPZH%5I}X!E>=Hpc$G$>wfSVr_D2B`bc;eKQMwj zfI9b65QL9d{9_c;sD5z7dm21bFuA*fu}2Tyn1A4Oz-Kk#J&dW=d~n3O6?@XdYz8^} z4MSknjK^+ZRgBvbNc9SMQnnD-Vd(Vvsu%&M+K88P9|k6Oc1%Bua$T?4cXm2qp#{HQ zCpR5uKR;A(_D$c}H@UNKa<*Z7o_SPe;kv;6SOnXYpwO0y*8virLDtQ^F(0w9hsb<+RW1C7JfO8Pf($Q_gK7`#k@KawI$k z@k!JN(_Vk$4UoTR%!eD}QIDx}0pdxQm-Wax7n$?3K)7E_K5ycaRgNLegk1hThT2&SBA$zFa6-8cCC$n^z0VIXiFft^-qH|RoX zXe;O#GSdgyA@jEhE=$}l>XW%%S6A(F<@D`Ti)Jnlz~RbA?$q zyv@nN7YWZ5UMPIMF!!~$bFVPZZ(jZf;b((-VVn!^2g?bV1GPTP;Pc!68>12EX3sbI^i3Ie<95FkJn#AM!7Jo#pL;M;U|Qj z7JgQEyYLR-_k}+a{zCXGVfMrD$3Cx>o_VeG%sM1;UGj7YnmziC^zs!oL!JK==`1ewpgiZV;{z zeopw$!tBK2)3Rrn=MRKG7Ix3jtep3V+&wch`F@et<2BCYhX}L3jF-0-&K1rRcDDs%zGs-zmR+=DlEdqBIj6=UT2}`Tr2V$g!xRt z+qqNZcMCrtI%`F~PMG6IdOOdE+_gQd9QaJm>#*yPzh=EB{IM{{jPyEtg!c-w&ym+T zRQNFA=ECfhMIGOu%zFncq3`EcP;!efQc7oI9STlf-Tc8~J*7YpAk ze48-GC-nOF3bQ+vm;X-qPh`8MZxP-qyiNEmVU9!S)3QI6=Wm2LW}uhzM$>bB;dEiw z?y~%3i=1OU`n37NM+kEaK(A9ITp~PB*tO+sU86-lPMAHlyiM1BGkw>7Grm!DcnJ(L z-Qno&sr@yYw?Mv4-i$hStz>)7-}5FYw`*T6<;HoG+p&{Rxv{&xTl=sV<;I27x4iYH z+!&aYBg;vqIj>Ju&n};qmihGZgfR2z1=U52>4cG zZYHnY)M5MaZe!lB|Js=QmhbMU!*xAs%zewgDU|cE((`01hpon(echOsAwIvOPA0g@ zm~GXs$+nNaHD+2~iz#O@^4oAS^OkPh1kCqNl=IO+Q)50?;dPnv*5G!=2{3!XP~HxF zwDB?EV&l`mZY*c$oB=-5}1$s#~|LP(vzOS-X* zA?H}a3rx;>dYv)59kF{Z)2;yX`bB0N^M2!1;75(w-h9${HTXH>2f;5Jv+c?26z#As ze_+gZ=%>bf4$bEP)NyT0oDj*Zzq}riS!WM3X8+H&#(Tk?jK2f(8btjF_QUbUG4RR8 ztkTY-3(x%)VGx7#D!)i<$atW8P-WHs;;NeZUVIvm4kW z#^b?!ZossB-u|TV6!0^~)4*Gd*{*!an05a(V|I0R;|jwLJGi}T@=L)S8Jz`TT)=Ie5P@+ox{qVaTrnAC7ZgV>_?5GDZ~1F@{KHx4oMd7kNI zaz1zDxU#gv^IMTI-*R$XS;`Y&KHng>0}nOk^@`s?P|kbh^NjgClD>2)?+ZTPxCA`i zxF7f;;{o7ukgWXy98pN-JwB=Akfyhhzew(Hb`#yAy69x>)K_Q#ER?q&CK z>ht{hj4`h@Ta5Xd=_O-cYhE*E`MhP!@_E-d7yOZNN3a_s8TNTC_}b(J;BSpj0Pi>M z4^Ba5nV-SnbYniRZDh>tZEDPOX2SSha0lau!TH9&1@|<53|wfu9(;oF6X27L{|Fvp zyb*ks@v~q)7h>MFfX5hDg87XOTe!Yn&4 z-z~gPI2Gq#-v-MPP6+1<7YdgM4-p+yGLO`L1BX7$NhfqB32H%I^OpC9tO*8`{V z%F(S@^c8549ncG3rJuS-p?;*Y;<2)5^6= z8dbbkn&(`abvBn~9i28e9RK6ud|d9!H7m9vPbk7Q9R=G5v3z89I;@;(h+x$cx1%J z5iegAgO4*hID?HF)OiaR$}+;qW;d) z*|4XJ3*Rd~=BwgkhZY|<#(6rsy!eE^#eMpgW)CfGJ*KqHjMBE3mnK5PmuDwtWVaoY z-DYTZ>%Q69nc0b+8;dS4K4wPov15vl8(Q4EZ*k#Q#mB!_e8SV}D{Ywfm6r2DCKB{r znG%|dW_LmHKAqk9mF!OMW#@gB-O;&D^FA2gXw)_KcC7EpIEpk{YW~}3qH=VG6;f)C z&@bcmM&5&CsViQ!jl0!jpa#fmXkJv6{H zYNn>}rVXyc_#P7;!&)G6V*>mGx+%_e7|a|8DRUHwZR0&$JwCLIpYD+Fb>q$rSv_9H z%&!<*D&DVH5tLKjUjRuYttr+CzhaBQ@igx0q+hWcIdee2V!RVg`W55t=7Ic*r8vK0 zDb;?(QsP-yS8cyyE*B}GU$Kj9x(F;hB_Uok2o z{mszLJOcPfK%;ShK9NjrF>ig`JibBXJRhsO`FN!9oRs%tov>}8AF_{P?Xk@KkbNBc z4QAqLxsarM660F>ryawYPh(ugkhH5f^I44cM@O3cfkpI1jMh`)+;h(9SW29$%=!g> z=wyty6W+-fHz{;7MiuX5Y!)~IPlC`tJR18|QvdL%*FQX3t=}>l>aztzr(}G!?VXZ& z{eDsA-8&@<^?Cae9TttDpRef;OWGeM`XfU7O;1IB0zP*LJBO_J8PYjlQ>{r1&Dp@Z z9j%=cA!tD#V=c_JSWDJQE}^uCFUWuRZW1Z_D3|8=_(^>9F%lVMC8p8!0 z`DN8`Q0Qr^;{xC%m_nykosNW=dpPSnZFT0-*Dt~J2!Vu zVb#1y^HWWs#1v4+q2Ou>cVeXZR4D93?I{ZtLPujz3JPGu9F0BPD$<sF| zBAJVYSjHN-$}d||y=oo1|kp3d4L~Toj5udSJ9OC$w=k=l6AfxJ13av&ezB>FV(?{7qQeG zFcW#e@RebBz)a);!>@nBN{`-gc<6&!cb;Kp9?{Ie>mYLLGQ+b?jm(65!eyo@A2kLu zp%FP5Q?TM3Y_VJWOrCAFbM4L<<4m4y*fwb8je zWaVM`gzgzz_QdkhVaY`2WpbCGe6Xwv@-Bm!najFhO)0R2s~6Af7sFD1r0aAni{2Bx z0&@+@@YA&+1@}g8@q%tV;8;f7p&5kGL)$n|q|WEwETaQ~fcQ5t{1BG*?GkCzm-|00r#Zc91q;w!2TnPjpd~g%O&lR_lHqOo?uHbH_yDC~+j*sqs;sB|BOw@YnGp_!Bz(<^S3)jfIg=?%{|L(wd&)0$A;yw3>7=S5Q*~Lkx#tGJkHzIvmN! z-RRVDMTJ#Sm(k@8&t-HSrXTdqAZ4}HV6IzL}W zW7fQLO%CxAM6_SaI~Q9p@K(i$8uZS^cws2UuM2!&!bg_yiWUmO-}X*4lo1~eVkskc zpH`s zb#-e5Y9(~fVARs#P)5BRp3BH5t1dM@YWr^_L#psI_sGyJU=b!%21dLN*3B7f8FI#m zI}){$QD29n82Mz?IfKwWiT5rO8<|#Zmx=Wu|8JP@jbu?w%&iYRCK*`W8Cb~}SZoZ; zqz`^KRza}W3lUTPEG9kxXRWHj^cf}}blF=Fa+#)Qn~FC9d;xi^t)FQrXG63(Ccm85 z*>0G6VDiE1=rXlKy`Qq34N*MNNH476KjN$HUmU4h-QfHWJhvUxGn^X<+&^0$i~3s2 zUt2gHc+8Cr9{O%WG5vtQw$^k(6go?bMSjTVTIeT zBc~I(s0-akWkV9BGc~w_`dy3=tLywp9Yoc12UY1@cp>d0G4o9oW~2JIt~F-?uB4J_ zpN^%`6_;2J^8lTV<#aR!`xPST6e%@~vHZ62j<-PfRgmuPU z!F#u0ELyih$U}Ry9i?ZxnqJ4gc1c-S<*sT*+{V{QRHGu|a#7n&R_N%+cU}BJ?^tjU zPG?#_?j_5)g+W(G=?FPyd@bKuG{#py;zY}PbV{aleKC{^{+alXa4i*~`s)bm$%>UyTWXX+k^Ax=7r;^m%A9e>&P_Em?s z0Mud3dw?8FLojh&hbvH_dRNl#~0;3czee{;F-&AfxTSBw1*~V(%yMswKo#;JYIe9Hby|;nakG0 z-a^E*mx77Qn2(=hQhSRqU*nj9ZySKpS=-f~Q8ZwclPWbal>gUE$p zVlNF6pTBcpOzkZ*eIIcd!+K0)mKDRn^!Qel`S~%u&Csd6UVkpdqGVY-BTRW2wxbL& z%Z0Ct{C2z#R(snq@6V&aq`h~9Dc=rz3lY;^CMIu>#?;<8%=mLF)ROl8DNOmut`X;# zhxQuVvJAv6YT4ssY=0ic;-o!(JIg%yP>!cP1(=~dJ{9o!JF1qwEEKpuXEUw0!P{8R zl&=wcyu{jjeqA$b*^A@VQ7%q4w8!o7_7>K%_c>bOd@tpLx5saR zJ#*PuRFdV`79aewn*g-!Lmn>pTX7=bdfQ_1>*e?DJ`Huh$Ah9Gf(5_qo?7yd<#(&J*Iw-Lr6<#{4l@*@F~mMqK5!YQ4{GUgD6AZ>WIELQ0zW(-`p_GCg?55|1(mpv>ptGPH<fjRBN8?6b4=k=`ZTaaMt}&e{rq(J8RAV#^!nLqd%#qZ2n|7 ze|Th@%`>9C4{FUPKTaL1H~9y02<4jYN#9V_ZTuSkp|pJ;-r3rN2Y&;u9-^G`k34~> z`E=!nZkDU>jG&6NmnV;%~xITjtSa_I@~vb*>USNJ8r$E!#e795@gfKC3nCN0*`<|Dy^5h zJgD3b1t;&~lDg|a7GJa=FmGfo=X%M^JCl*Q98ELF%sbCClr!(-^aOqom^aF~9b_-R zgmSbaaQSi*xg5;=lhF)v$66K*8vC>ZF;AT#h=&`~&NwpknP+mkmFF~*GymjtE4OJ7FoV-i37KW&`{r^ro@tsKL(Db>nMn%Cu+tkcr@(9$ zkx};;N-+6;y*%%GX1yfS=Gn%yIgSiFlMr+AHp|GUGYr!)`98t3h36V`)eDW&5MO89 z5b;gMDC)@V#w^~IWUO};VorX&tI4VOL0E&y_c?wBExgm1_CGbI{XNFC&u#X7EL=U|jUWQseBPf8s&A5cE(kL5gTQ_5 zeOcv^EiL!8=c9y=7cLPVDm+4XwD3e>?niH*`_A*_!q*Eg6TVlN$GcDa2Vs`Km%l1p zCH$Q*&ktUImvA&%E$8P}UZ<6CXJPg?^g0&{|5}*+S-nnu>{!nY$lSRIjlljGY)|>2 zp}e!`ln9rSZQo5Kvr-^j0QSe-Jj%_^LealLnKHymtos)a>&g7C+}DcEkW-(Gky+4kMpWINxU1NP_JX_Q-e zUM76K@J(b(`&;3c$Y%dFvYlh!0Q>Xp=aifMeZsWo)25S6r-g7^vf1n-Jd$kdokZpV zf-pzq*9b2ceq8uP;SYqPSf{t&N%$n;Qem#!pIcB>lg#Ufm-8Cwne7?RErj#Q*slx) zm^|b0Q<8bF<>h^a`w0&h9w|Ilc%twn!tQ!uc~~g&MZz}<-zY=bzVi z&l`lF5q?hib>TOK-xdBq_;caE3G>$9uQx8t-UI$PVh2%m>1 zg*ORr7Ix1IZN2QK9@l(J5+dXD$FhuUfx|;{b2Q_9LF}p0Acqn zxXFi!e7NxW!c&E33tu8UUzk1z{CckwW`7DVzgze|;Wff*g&!AwLilOnXNCD*!k<5P z2(tr-mwzPuh45Fx{4U??rwTU|rvDGG(?Yn7uxo4Kyvfi>73)t94U^B&^t9gIt+l|dAxAP<~KfWE9 zpxo+wF6G8~lv{n{dEQ@t-Fe>D+lz8zVA77erkEX?@b=yPh{;`kjF}&=lMrTpyxir- z^xbvGxKMO@3l|BO2=^BrBs^Srr0{6ral+GuX9>>{E*G9Jyij0{)wEKkz?{2Y|mf9te)1{F!z*7~g9; z=5u%6&r*Iq_%LHWQ)zBo4(1pm^kv1+)0n%y(3tyz*D~s`{7Z~^9y-OC&s&BVvn_d+ zaceOBJ2EYw!;CS`2GhSICH;17+rgTFL>3;d0775JaV?}GyzJGAp5n9mT%AA|V}f&3ZR`MUyt38vpi%D)2B zM>Y8ya2MmfVCVY^a(LbRy z*LmEy0oeP{Y65=7avg*h7hdn-uVXLg0DF`;Tu%=1LI~n7l6>&ik}HK7CrJ&j*1B z%!g0QbD~e%o6M6QLVrx2hY61+m(7~YF@Mb~&5!z|IqI0B3K9%I z?vo~qCp**!?sFU&c;?^9(f{NpJtxtlIB{ZT=iHvpJof=WMT>Y%Y1v`_d(htTkh`E@QtPKm9ns~JZI(B5MGE@4$XNu(YetJLH~x? z?j-x(-P3c%C3=p_{$yuH>%v33W~{k+c)MfTR-{A<+jea*{EU^yH|qJ!+7Hi7AJI0n zF}&^Z(f$p)W*plKIxXLR@5T6pxzC1+S~sliWrlgJ`1TRx>2F)!J*N8$(E$zLc=^53 zj8H$BuTE_%$GChoo)!$vPvqP^y>tGMA>%sr$!oY{XwvrIHov?5eojfYEGilWI(VOxU zL-Vt*U3|}$`FU-RPaS+nM$7awZ#y=~NMAPfXXi{FbTCKA9JX+Yca>oC|-M7G1 zRjlo=#opizWph#Rk}MDfQQTX+n6bj{oPGHM94CcFuSH-|v6nzi;? z@1QlT;3C%_teP$r$D^mTOYnbsT=R-P>6%*l~TtH3`%GNh3s5$S6Okh@5VSvXnlE)ac9#Ex*j>TZ&S)LvBPSJWih3BBP$~2@tPb7AFzrd%!7_T<0)80SU!2hskxOS%<@Ch^7jneSndd z??8rimMIMU{CPgZ$V+cj!Dr-!uRp=a%MVOz-t4dBbo$RC(bRcS0r}+S@SsH|Pa(>RquKANBe^HF1(INsZ?^L#4 zrbDW;wdo;K3l1r#ZtKO_)8spCt`=OWIft0*5D9DXJ|iQ|N<<=zRy@4}d4Q_C$p8Oi z>m}QHm-#I;5_VXe_nOqsw%y{qPb4^7)U*2cn-3!)wIx14F`VnnU%{4P1hd%*LuLaE zGlK6&5D0b=cNn2Gw(4AO?f{D`$N8nng{)mtgI>}(y`*pSlD-vLP!c82Rg#@XXgcD~ z^JWA{t~}?pete{2OCIT`)!}+SR!-Jol(5Mn>o8hmk&n6r(e9fpNnN{D9V#u+9OWGQWhm75Z~rP?{VAxo*@x)ZvP8rS(fhx

GF3&h~K5c&5et5&YK4jN&K==bUCnv)jVI!@=yrh79K&gBf#}kc(xrD=Qj) zg1p_h>x&Wa964gY18)B!$?jqv`9^7n`LhvCMzmw60>d0;Pbyd4fFwFm;Fc#5>pWeO zxO5PUKx;lIy%;m1e$N6%5ptR}xBL-F(X*C8;wZv05WBc=$Zw8?pE=&qvc!y`rI8qz zo%oA6mTkc5M+M+uP5`6W&dc1g7YjjK&IHPN9SL2-QAhrW)NP(&W_|>~6<4?UhB=AV z;G_~uz%UU1`BvkWBBnR9LfgQ(d|q;;7C8XE;#(P)R!o%e6|frW(I z@oG&z;u0G@xR_m!`t*zfcog6j$=Upv(W3~omq0UuSK>f*#h3^-TC+<2PIhvFSne%C zy1@&Hxn%^dOLlD+v9^4A(2I>~F5<(9{qWHX=PX9F7{p%?6>TvQx!4wYY>NVPL^ol~ zXUQjM%bko0<3st(^C_aSlK?mhB9YI%4!~T_G(M+{eG-7Pc{8MW(4==JGksbl>676- zY|OjanCA4}YydYWY4bjw*Sx6{&HFSNNq*o|fNb7=NbB+jXpNfpdk}sC3r2)r^CAog zG%`oThT#E5JbP6|0K2e=efID{=YZLcc$2}nXnuW@XW^oy3y1y}CI9UC!Zb5De3}k^uzZf)v|Bx2!uKvcrERe`xi{enW zMH&Bntf}a>Q-YOgl@MiGrLi>?@cIvKb+tclfZMjVO`O042!CU57jCv{g|t>o3zuoF zu16#Sk>*Tcq&(tpvQfHnws>7K{^eGayqNyn&c+bjUZN6JwSd(IO+C9fi@x zN$*ZejSdK-dv~%^nL@GQ#?t8`T~BQu-DxY*ypE5KP!a<)QxjFlMJgB=#KZd;OGLO@ z;6j7pdP!%v!N%(HYIH$74jv*Hj1+JxgE2Oh!QD0$N8vavCd2y~y|*$ffj5Qq7XaAt zgSRt}6LB2I!}G$daWRR{zfdp(UdCY^h5?zI8-;-ZE%VGyTN&f!u(`1z&89FWF2;>b z&Dg@mG2n^^4bhz8H3AnlXDIFk(I<^TUv za3MU*oiJc~`57CM)*@u1gUo=%lME6Yd@pV$xvn+4k%o29A$cQ zhFk_gY${8Wys3b~4Z+dw(+SjfDZFV+Am@`d;!(rTETkI1IIM^*K`nODQPi61~eB)CJ1j#G9Pci&vH?ajc&>21`aG?kv zmvn{{0v_)`AB=c8yfy^c{%mZtKZ7j-PRCI=4qi4z0A8u)Nllys59>BK3da+Hqa7p$ z*Tb{Z7_wZAll{PngEd!Od+|lP#8n`+z`sI682VXseUc45;9n|rJ_uiuw&Dx zp&vC_Of#@3^E*^dm~ByQ34)m zvGCiSWiw{ooRycKTd)GwEtbv6hkX>7HL*X*r%{XkeY2KHn<=!RK_eR^AXv5{Z;nAj zDE<2y%4UlA@<&;>@O?nU-y^bSEu67*DL+O6Q)0jVS&B`5lO#;J*r|O6_VuPpt}K>l z%v06?vU2Cn#dkr5*X)MxBOyrd*E`YBX8_%{N@J5CRKHK6vf_fQDB8%%8ZqI9YsX)o zenVE4&{uDx0vPXvmfoLPvZPrC(0sMbGQ2iXgrS%J%SKUr_G7$12F+?@hQ`+jUOm~l zjUue%?0(*Un7=4*;cwW^(Z|q?g$r|M8KTm{nuREdvhAKl&v+#^YDF~|8WH&knLSw0 z^NVHs=3XOS_0=h6e5KqVmnJ%xn_UA4#oqUS!(lC>qaXi`=Q(oBBMYXx0+6TqM3p{z$h5kxB zTmX`XA!S9wC&Tl?PplRPSIXNP>CDTJHy7mRa+k|5Vy^t?n3tG5UJXF%vf=9^zcTBo89*MT` z65TF~H~lw^zIfAr)9j0vLs(W3CxvdjMOad4I$_4-&B$LC<1uV~yvA0%qQq(QTZx*c zm*;Gx=Ho5O9Ew)$~Fg!5>;ORK%)Je{`!aM;KCjDX@o@*hDhi87KF`fjk%NvNe znk)dlGOpGz>AylAPY%k%QqU_e8(5delbDlP+_L!K%UYMt4FUq`%cH#e#^+LIhIAY4W5{Fqx&tsN~H0m{a1W1fJd(f z<*A7i(5w5gCVclJt|m{N?|m%~>1C)d`;G0#NlvxjcffkNPa>`+R6uXJ4H_oB3i4Pt z%H!mygOzV_pf1Zr{wn^&Gc=z4!-LeNE|Q(my-o{K6E#hyo_B@sxc(u$kN8;%oy4R~0OPVh=zc@ufP!t8y&q&RO`ziT3| z7V`Ki4dr##W1L!WI6Rv6^ zk21w~4+s@s>yGw?ntABRLw^JZ&LhgX!N<8$Ir7k*0Z^FndEm1Mq*H19u0pRzL6UF2 z>Iz;}5B{F5@=(M*kXNP=6#Nr_F0T^u$j5f!!yYA%=bqLKM&wm^&ru0Mnt}|qVQKsT zrIJ9vX(AR^l;?tP0k6yJ8)q21K~ql2Q*jmQ^vms>P^!;4#FJ({-pUsNq8${@d2~E? z{lt|`M8)B9yC|H|e9j?eBt6a<#pfK2W@?tF&&Z6o_b~%Ggry`O$C>R$RXZt^pPCmEn+<$>!q-!A!ywJzGTtw zTx8SnS`vaQM23jj2abz5P2ww?#2=7xUOPh2{@a?QKP%%;APnIQ@4XZ5HS4nbbG6)T zbc-d{nDVBqQG!@sf}-C~+Rr4K5bc}HCd4_vb!YB-4B=HZi_1~lsqY(k=`dyY^ZKXk z7qHFLyQG-<4Aa6vI>pa(PVoylmdzmKMB7-GL&|UFl|x44wd}kt5zy8K9dRp8_;7qe ztn6s?mYBMPNK9RbTgiH1iW2;kP25VnlwpV;T*AQI6SV8d1I(XBCQCdYA%Bf!S*!;! z_s^zV4p07Mgd9ucVLK7GvT%Uo1N|^e9UPnd?V2_z=!lhWRE2cvPpov~9Lc<_Uy{VU zVN4+gKkG=W%9=qs_~#;AObi~@m$;Se3*PLJ=XVGnm6*C!O8gImFG^g4@Ks{SVcm&U z-A|AXIj0c%$vQp>Jc4v|)HsCqOS}=Gs5=i5H>x}6P3ztre3a7{;b4hN5%L*7>DMD1 zO^m#32V$jLv81!^#HxJ&g-r*R#rn{`1N)0!*>~W2RgHNLHT7MVMGXEJg!GC(j#yrV zIfm4CS?n`~c}*tf44Fg>Il~dsD>J=k3uW`B`R`I{uB{BnsYpK~91cx`*07-dxcvC zPQzsyW;-kSJ2bpo!|!VNLk-t!_-`8KT%=@HYxuZ^g$+Ad-)KJ{{}2t&)9~#Yen`Xn zG<-zEXEpq*hWYJ^(v3UMDLhxh{N_Z_i!_W^e!XDbYChRXex3+$2Q>bJ8V~m? zS9!T#xtc?M0#avu8%Sj}U9BVD#R_wrW!_#w(mkI?W{#IhZF zY4o8QPSfy>#IoE8z$}+@z;x239PYubbXcVEFOmFDg8wd!PJ0}bLwY&svJJNqOPS9S z%X;l1mO8wu@xP<-9MX6`)$q?6ZjLdfZ#lK z*rL%NCzf(v(&+f2!JGFTjYrr4kuvK@m*sv2%yPLF_(scnQRDfWh8-BcDsQ-kV>LWf z!{ar)lvwIqs^P~p{IZ7kYZ&Tz=LejQUW`ko7xUVt=8y;tbM2w%y)>Mt;XxW^TPS|6 z85EwN;am+b)v&nkpuOm}z^nP^2@OA^;n#^#Pr5hZ6+WQhS`8o5@JAZ{OvCjWZqV?z z8va$oy!}+=itC!xhwu3*dWeSk?W3Y!rQs+I^F?UIBR1ZVGKXmNBn|WJXvIHH!!tE3 zY#d8Dd^=g4cPlhpq~SFhzE8vJHO%jvm7K>lyi>z3X?VYe`6-vm%jZW5f1u%$8a}Pz zuQdF%hWTE#l5U1 zVOCh!=8$>$4YQ)Zr(u4>tmu4qUEwnt=F7^8eon*RYnb0KD;}{o7-k?2a9ql$YY^|R)!JBG>*w1)|YgN0ljjdnio@?l1~*C7Wzn;)JK(NX_)#bx+quj zvs^_VsNo?RP9?^Alr9Zk;S6Hg4&ybPNi6F=Rm0iDvfSAk&LNg{U#Q`0ISz+Y%20J}7ZA@KK4c1wJA1b-^4o)7$!#QDG`8h|`2f&C>e0_K;1%GLm{Wy-!lcZoT^JQ8;Y z=Jks_d{#6>Vm^!G^^5cr;8clIfp3tQ_Z_q?MV`69lO%g>uS#4C{D#C|0q>Xid*E7$`Am}E>M<{W!{xOsM2^+3B<7I&Mq;oTyq1xNj~sdZ zB4+zLFc^t@0OR#Rfq5RgBpwXR?;FX(H8p>qBTfSDA~BzBc9(cQuv_8+U|!?M&-T1p z;(LITB`yWNPU4Ngbo^q1t~tCJCZIik;<+mw$Gx)qz_{WU^O)opJd$6`SFAXk2VTts zVqU^|N|y?+=;MjyIh(CvF`q~}>!#+7H5z7p6n%?^ISv&4Wny*;Tn)U!hc#TM;V(6O zQNzD#n7`L5IsdMmh~dnOKBCLe@Kg=wXn2{1#adnF<=my@;1#>x((Hsq=e0f257^^@ znF;T)fB(LgmDs0WUj%Uf+V(_VcPNT6(^qI5XY@087x>$5^NQ7zAOGg$;?Lgbxc=jP zGY|bX=YKv0HYpZ44n}=#9&vu>7dS3@f5w=A7QIgfpXLc!gR$Ft|KgD2i$iOp>Vg|g zWv}Am!KfpCQ8?3jV~*<{*lBq5VKzAUlVLK7xl$H}j9rLab`G37`$V3=@d=K^!x=sc z7|}gL5_>k{^VyvkcEs=G2Vd{A1xG*5TQro=J*Z$9%uej6vVx1+2jw)&437&M6WGbo z5L-8(cI2eUnYn)XxelARB&aMXy0&j-p}>_439 z^bGct_VFb3@wn2HJbj7>C6121XJcJu5Gpo0e%qn(^Yb3F@YNAC|qLdJE)qvj$@{rTc&Li_?gzEnbmQ))9hrL3-q%h(}w zezo}6cF*8FV1vrpk9oE~SMAK$>=}G|_xAGBWnrLa&n-T*y*dU0D-IQxL(hzdJcmy2 zK93|2DxURhKVR9G8opVay~Q(l!tV3OHhZ>Dpk{9smrvL&wXPmMcy7%Lp8D;c-E+6k zrFy?Bo)TRy6-+r0b`Nws1szi=DmLJGW9o|Z`gK-;6P($v7E`}|#q}?^GBRD|d+P7B zR_>{oU=;}co-WQVaZR35Kg(5q`p|^xnCud3oO)n`jGmDGvb5-}PSm-M6Gx_}PJ_W;T-n6oFtOc`JkLktrSG&r$ z*SzVPJaOgrsy^1>!IU_sc)_eG(L>&bAha>6FaT9Jjw&QpTr5b(C?7m zj8g6VfT#SCY6p6G)al)u*Pbp3g$TCu=ISmGTzU{%k2;@mw`yk)O3OUu=gayamF;}L zXB6AH#8WQYd9AOVuN^hF=21`mX0&s;Xy?1o&TC~mC%zrVv2f~AS+kPx)YyRo;zpkP z^3;ci_Ai(}IrHn-lLHQpoZoB`zZu6_1PdaK?Xnm=M~{77d^S4dscfb96%DkqpHj*e1suaqg1Q)ap#gzN)`||98`GM(F+-A;)I~ zpPk`4?Xb>Tb}4Cob_ioQDd2SNv&Qxc8GTJg#`rP*34vpCdF4RG5`Ul3X?Q}A9m!k| z11pn*q7l&CX6>@&HX;%gLMTPE<3OODXd^XDU^YH}=sS#dc7fQ4NZ zKBO!%`7=wSw=^)5czOKM$5lMW_fc&`CdGQ1Um@fTitU`i$i=`bZj8-6}hGWASr?w`ptr$3)Z!iG#g#Doo* z`QY_;vh^XR2Og)I@9mjyT$#tWEe0RZl2U|3N%PoJ~h79i-I{Di+WL_oti((v& z7F==rD;qMr_3&3VWY`Y=x(ykBWkZIGNPlHRhD$X6{{}W>*l=&5O2M-Mh8ZC_{$C0M zF)g;U0=lIa|8v3?jI+gUY!2Phi~qOMri|-;WC}#GkOoUHizwv0$pZYHyt8Y~^8B6T z3;P*Vzjl5OK1FOxLkEc5jD)rYL}Y14>k@t){gwe6VPkOc8}H}1*ULZN%RgS2hq3u5 z+5F*u2ftaxtSr>r!na2wX3YYPh%RF3vYCjEh9W%?ZO@vSRSyGluywF-xE;&*j<6zv zk8L}`ib%hXuoDxAdgD|Sh2*f1BG9?nno(wpF^5BlKc@o- z9qYKAf;vs1h)R}9#}R67xl4(uBzhjS2w@7Mk`2Tqe+S;CydtGSt8o-YnNXC<-G^+g zg@$*4(d0QHrU`S)eKyzh3R@)5KQWcKQU=+%f`6^X+mVC%fdFcV4T0>ASN z!|cOe;nRlBXg3j|Db3DkQxUn3k=ZhGh>7oRh* z9%4AQHd?dl;U9x&F2OQ?JU}E zDci0kvUV0GPnI$D8bqVn+q^IA@*)oA3es~xj~WQTQP2Ys3@F-o>A-Qr=cnwxJ4E;S z@#k5V@`FQVT#HPs@%3!WNpjq&K)BHq^Wh%!#%)u0qgE2abBSZ{^ZU7t#3y^}I z_G_MGL|q3On{)A@Z7?)ASfot3YC3 zd?1At3T6u9z$EiI#jHxHkO_ZR2}aZ(rIc`}g{sIVfj3Pc=Ehv|38<~v3St)V8{C2&;Wj+&n8`NCLe)iK zMz5YI&2LBxwwT-Ky$(Dq)h;oWXf_T|KG^KqCbX5KO~*D9!h=m$IC8}pty*0J5(cY; z5aJ916>2b`#gc$_Ub7r{b1M|)OMG@tn)~dW3`8D$G%GB4&?E|?Ev4ZT8Ew_pj1@*V z@R|n&x9%o_Hr=3I5Yw&?!tmosTH zL`1^9Ha(hJMu})_8Kr$=GbA09@e&L$%}`1wU0f5xBUjOKiETusvu3pfEiMhVu$q?7 zK1!4-g7j!*)1?cg*k)sB|0G6}6oILvsd1BT$|y{%vIV1?X%QA{y4yBW;x+Rvn3Q_> z${E()52AZ|tA=K^ZJ$V^ExP5DUOq0H$BnFp$4B*9PU&qERc?+(xDa?)P+-7uZW_}W z^nt(J$OG5)u!_JSQoxA}6mMgD4`E0NFvf3kPT1rmCRc#*7srpzu3G`Ut|bu4XV6o? zsSL!e0!)33ZN!VgOkM_-fKwTCg}+=^oK4h~0avKV#z65l)|E{L1_nt2PG!J_7fgRJ z5O*4vsbgmw$3QXo#7Lr56QfQ?F<7Yr9*zJ;L)5iS>aiNTOUXqp5p!X@HpD=~2c zATJ`OG4U*d2uwCmjdKn^o&j|Y0{eTBiAMn2WBvhk7y>@AH;u{nBRFYOzeNy*vcSN{ z&l7D3vBLGm(JplYOMMz1)0Y zlj^bFFn7aXy?~RcDeDa?gP{UWpwg^2s0@A*a1!+&FN&H9k;2`8V>Y~>k+k(XhSCk~g* zH8$@!27JPUVa!1B`f3~p29GV50iSJYr49sXxJaEa1pzw{?aW{)yaVSAIMC?k@yun+TSJ^#>W8lg5({QB+0BpyjiIx z1~#0x2yqP|r8f_7oXzPtaniAa=-4dEQ3cMN2jGvue+bV4mAg{fXDU&Kymrz3JLRsy z8V(k=*#71(ZD5@Q4k8#=HYW@ks?m*a{Le7IL-P^6@r4trs%+_?BVlyMHo$|v@*3bl z*ETW0*%4Z9S!ps5!_+N6O|7FeKx*&MI&7hss=K^v>A4MVH|>; znQQ|vwhbR&W&VeZSOxjY!vfeAsEM+5#8W$A+DDk9aY_q2 zR7M%~VLg;eqzjB(e#qYqjYwp+2$N`4iW@U_k5rI{_% zsJP8LdW1bHA>}qP{F}9KU8bekqWu;6QpvyaXi}+Hu9r%^@)+{9=RdE_m8AGuOtq}9 zSA9rtPjxO7YDThD58OsGP@;AGIn&5?q5-L9Enuok#C=kI=j4Ci{%~ABT~wr7c96P-DISGZbNS&U+n0E~n`zxsEJJSHR2QOi7SHP6cjg@1sFc@amG8r0Ui@{t zRU)1b>r%66Pbz=L;(2qjX3v?`ClN9lNjG%kW{pglUBPl0atguHl#afL(k+-NHlN8e znZc|0zcgUxwVU<-#5&phd5h=FwnWiF<;zWZdG+&I4(pwD{Y17cx=J+j(wyA>;8(Y9SCUDcDU)FqJY}wjCyo5npTA>}u5SIV zB&QS7Mce)x#>vDu^-Uj_87K3N<0~iG=f;)O>{;>3X^m`zX~xh*dBQ@NI0bvngq=uR zf-)p_MU5LJUcoq-ok?63t{_cUw2`DnS~g1Y88MrmpS!3R)1;pNLyekYY+3Le+X3)& zec{#I!nnd6HB5S5Km0s|kaGd^laKKvcwHW!-l#bX&@1n14U>L5am z^3r4)0^yW?e8QzL6Dl?sEeF=+@jSQSl~XeEK~R`!&qE&1W$K69ZLhpdz`DFV z#2cN*h|@g)ugm)k^7s&*@><9=wqF&zE{{*;dcrHGWIP9g!c6-C^41`vJUmtK>X#2; zy1XZmraPw5an2-W+td9P-}^{o{r(l-3Gg&6m%1sZbUy}y!b~gZ?`s#AOk=zJ8D5uH zhq$`N0D5J7r(x1dAukmn%MO8OS(Mk*o*G|BQ`aLTd*$(orLJF{rXR<(lGg=%x_*5T zQP&(@UgswAE@tT)-BBf$})MlztPN$n)T& zP}dz@-i=M<%^ryH2O8yd(Bv(W@_0R?OTq-=v7tDsHp^)uuXK=YZ;kO~zyS|CM2XWHIX(y%0{DZua!MZe;8K`r*JIFaQIjj;D(zVSRVVUgr(jQ*mUg*a5Lfl!`&cRu`MyG@ zay%=i()c@?E-w>5hiw59>%noYoJigK-a^RxND0y8 zMK+NaGuh^2JF|QxFBn+OxqwCzIw1jhl~bY_YGk7tljJcFcwJZLhYOh399>=s82$*F za!Q_xt5Bz3Za=QIViTbQyOik8Ay&>libH$>q{lf!`<$cE%7OZFhV(gynBnv|XDFZh zuiJm)ndoy@ve)KIrG6aAKIafWrt5LN^~kUH0OS5XW}wUM$+6db&LOV!dc3DE0^~3f zn#4Imea?XqrcPCkw-EG)-hvz_JtRBl>R`;+gAo$*+Q;~H2kJCdq z41c7CiJvAVN%X#&dw8u3LI2*Z5)m^0BTeE}P2vY+oY%$>jE4_poY%Gx)aFbRe)U6- zy2JO~CV8J1Xis{?Erz_wS2^tG6e303lr(vaWZyh_g{g-RD!2Ek(tphgo+w`4$tcm< z!wS37W~8t3re$N!CuWq5*}kSW#7%Y*oS<`(hhsmRaRQ37P08dKFty>X7rbTEz%`V46)Ro#VFl4o|O$fVr6%Z*96*p zqoWSQ)KQFWVCu-`Q}*RJ^C%l}#I0nzQD@p`qa$u5b+{KeESyxl4T7;qO!- zyi7XF4}~YD4B}R@-Gn}%vptAgv2t*%Htq6x5T+7?hwVhH>bQn<@MI%QWVyft5%!aK z1Lz-1{29WN67zY=X6gq1tq8YB%x5dt;5;RLIKpI!`J81YF?67g#I5AmSco`n=wVqP zJaHayoTPI`N+hQ8aKx%@M+1{T17W7blrxhU{A^F+R&os7Pde5V6$mLVjLdMvsy!`W z(wUc7wWrVrdD))B;K_q(3as==lXUhMv7%>_j=XHo#l*<#lDJh*0Js8p(%Fy1O6R*J zojMXL{&GoYdlD;py`)Vd_LWhKsm<5Tm<|A*4f25<+@Y z${bD{fCF4Ae5k}&ntJhgi7AuM4#-0_W)nkB4nle*b0IM&1GqeRWvk&94c{&?W!@<< zW!_H=nWYHnmCOf;o8tgi2CwWqJgVU*C8o^hB&N(=5>ur;5_45`fEZ=fBBWPk9VTX@ z!5xEFwj)kx_%n%F))x}9tc%2u`2#|FCG%%ujAy!E;g#J9z6_!;?^%f{lh;~e%H%gc z#MGbNW46Ho4#gNICpNfXc!e?5dNGEtVKNae3SQZyiX)bJ-5Tz%;h`E9<3#dvJ)-hX z(r~th=V>@k!*^(SwT9PenEk8dKcV3r8s4qpcQyQ>hU+!_Hw_EBPqHqxXj@g*Sq-=L z^U>oqOq&UcpY{zDE+uAX!SSOQb#7LYj{91=*ECGq1uE~m8eQ1ok#a6*Ji@MyJU9Oe zx;jr=W3VXsA;gj=hL{}=mq;w@JA_!Cn@Pax+!XI2NZhK5&b_;F&X^E1S9PN1ztH7D#PUCI}>7A61hHTr1{f2-kNG|UrS$#()% zekbUUU$(tEa7?MP@Rq!nzo&+;)A&ad%Q+_#v?*+-V_aw&~T=Pr)oGy!wWTBM2xnkTLZ7~eHvb`;fFNL^`YW_o)~RMR|T)| zYZ~UdLeckY_+1UxX_)H=#s7td|D<8AITg>JHOy}o)m+ClgTh=hC>*Nc4jSgOa>dhC z!`(H^k02G#Fb$8;@F)#W)o`|k=V|z64fAz*C4aew#moK}e{^?h^!qd{oEMC5sJV!M;@9&iU-1|ad-iInIp5e;8-)i)W8vaSc zzi8Nx*L|5cK*RjlRMEwU9g@e==;9fvr1Nud#qZWIKT%Y4@l}Q7PuA%CB2Mw7X*ff} zH)(i^hG%M+pHV6~i!{7M!{W;nsRKW-(8iR)@fz->VSePJcm`>h>p(^4GYEx8YdBrQ;zJ=>m&qD^hKA>8c%g>#G|X?E zR9Uxac&&yX(C|YVF4yqm8h%Q{J2bpY!>?;t*jsU$W zXWXh@KWexY*L#vDNW)z<++D-NG_0>(Cu#I)8eXd52 z&Ke!3iTWhg@l>BYP zQs(vGp>0ySbcs16CP>V-oFXyD!VHOd-@|n;^IE`sr-L{en4jnp#{u&@)DWo~-rxKOdRb!jZMDSlz+BTRJF6c^%yK`Gn2#1u zOU$vuH7)shZ}%5s*)M;UnD>I0Bxd{Y-2n3N*3u<0pF#3n0Mc1^ei%#4F-0>C#EHPP zkU`Ax#q}!jVBmfd^E|j(;%k7pMkP-YaJs~EfhS445_p!xYk;}_B>x8BBn|_9L1I47 zeobQDo9>gi6L77>{B7;1#7V#>B~AhULSp`=_MOC&fPa!$+>bhKJ+ndQx{Er`0d6ZX z&(TPUd0ukeMIPRp_L2A&U_L)2o$peOlz27pjS}-bo+9xE;5ia+0?w6qGcfmjp`6En z@07R#c%8(&H+@**gTQ?DNPeELeD+Ap`_307{v+@ni5r05k=Vr8;TnwmPT-Rg3iD{qsVTpSKKQ1vX2RtJ&f0uqiV%`_NB=HE~*CkE`-YfAa;CCcW1Abp(8Xurt zA?itc4WCF%GYh9B=I;+*NX+}ouO+5=hzk<)Uh_wZrvm>X@pNFWDJVZ1xS7P_H*<;k zJ4R<>xt55L7+q+@ON{J>M`B+4Xsd|)y!H)|nAfrtiFwUUm6-2=-5{|AJYM21z>_8B znl4*nKJVn7IF!%d*%nHi0-P`LaNq)oM*y#q_2tlr4mm8en{dR;Btxc zfL|b%>ztP)=Jon@iMgIRATjIpzQkNV&@dA7^4d+qNW^`B`D~fEAMh6vv%X(Td>!xw ziN^x}DDiaQUnHId%r!FQECX&P@haff67$;KPT~sSP7?Ea9WC)IzMB5+4JeE-|m^vnBo*c#*^>ftO1B8Sn~; z{|HL1>?bpvRC}#yk^mP6Z*rhYr{r)QspN>f z9N2I%@JbH*RmtIcOUX$k=E(v#9$w*W4U2U+&Plogc(wLkqv29w^f%oWc!eu9{4y~s z4OauN@L>(tY4}SGU)1og8rGkab1kA|TEucr;5*q0^PL`rhif=P!(yEw^X6#uWyBbJ zbVVAzU&Cb@ep16#8h(SA3v9Sr4dX?%#F_KwdCi9ZE1Thc2K61-*P{E^Hp3qrg~Bjb z_7$bZ8OdS?QoKiv>q}EteFfS;FkOk>H1EF~m-fA*@QY~g?t#5=vR9N^J&RH*lF%?U zcy9`qNSrCK3m!doVVBG7g8%R2``TRO_|6aI9E^(Zb;KEX=jE2mqmM5}Sw73F$>fkBxpIFFv^arMOF- z9Ag4)a^|JzZF%uscfFI>Jw5vU(gMGk@7JveDr?o&|y7p0|qbwesID%RX)vt@T*llJAY|KCGl!TzJMb z%X5vVXi0KLA5YO)vnVs!1(r$^V)9N~MK>i|Wy#i(WLJqZ@zh>ZUa;E_;1juC*&SYJYC@ z@!T$Fb7RKlcAc5qEk8GQb#C0o-0s^nk(Gz4Kdt???(ctqA(E_UH(0MqbVsMSyNq>P zGu=@u_U5}gug(qGmK(n-x5xh6p2u?&zIN}=?RY%5)3)5OUAb*H=7vV+c1X-^my#Pk z>B7uh*NXJj?#O!!%Pv*Ab6Ui;%xoXuEww{n=sZ}Zc2w`J&8o|)$v<&yadQ3pW+z zQP;vIdtkfQ2B1&Ix;t(kK6${X5rJ)&vq$pX9cH>a4PL(5-C@D-6}h9j28P`OK4)cm zS)sMSEX_}bP7Q^--0f;F6r@*7?N@U$cz#gLBUaw( z#b#IbQ?8oD!3~8~Z&>wH`!xjZcZXw;oQyo~c46oo`_@_!R2x}PSoN8wVzUL?>3PqX zIqCWCtEvmL?@6vY?~0$d%k9c{hcB32^`5IbsG`KmxXp9w!p^neMRo2@7H--xSzxBzhts z-yO2e9a@rAy|*m4VSUj^&wh7E)k;s&^)9qt-YQqka8Jc@KcQdUGxo*39JmIJvU zH*S621IgC5;QDB@DB3DnpSSTu={c+PJ+uB{v*=`U(Y6ys4&U?z%TdxHl z>*cA7ta#2UJ!s~=o?NuubLy6wJyv|o%3G_pduCRcBNP2*Rv2g9?Y7@^?(ElFQCL{) zHKLj#vqF;W6fq^(`!uAw4wrIE7tdhOeXy&@Dm1k;tc#2ke ztOVCacWB;9S534BomoC1K4!%*wzKG*>NB-l>qnb44oUxt@t`RL=but+( zU3%EmTRI6XeTFT4gQsrTWi34_MYJ?kVM8}uKs$f=^#v3bG7|0VR~DJGvvMaI8f{#< zupb&XC*4|MR-m1quyP{V{5xyr2D6oqvW+A2UN)022&4P7C+{t*VHg^{VuzKp^Q_yY8oM?KZJjULIzQJX8$0Ba!BA<` zsNE&k4_muBFyxuOxX9RTJ#TVJ>io5`6&%-W>&mS73EO?+x;D3Def8Fc zGj$iXp{UVp>!dNRvb}8T;dWDFNN0J6G|sWw3-vwN))>$Q7goDndSlxy&B3h=>y6;C z$90yswNFjJ$QI*z@?8?Z7VFgFg0cdPAKU&*!h^<|@Gw)AkK@eMew^fji z$+6}ctKn#EA=>@WvZ}XSIXfGIR^C$oE(i8rv^6xvoH3XhiGiKI_O8IT&tPKkkGoXh z9#yjTuAJ3z_h1%xmt2bPR#29@Ij}9pHrOk3M~&Q`Kk7PEXaM82TT9MVUqHXsWmWFw z;9ktZUA8`Zff(C!J>|pWW9R2G!*a^!C7}LOvu0ItP8KeznByM_u33Ge=xeL$U~>K4 zX6dUYCY8KZ$yJAWi9L4SQ?l23I=BYIEEiYZ(rPpN+2p*8mXAPTp`T!EJK_p6(@Qvm=OHZu9D#T<;mCyqXFlF zS-aEf>ZzG-HLTzMMA5w-bkM-Uf}>@*Rc~1t<6PTvgKGx3cJJDl+i_cNC-j78f)yCf zi&e8zpH4108MOAEz|hw)i90GURin)_pNrdG8?^S$d)H4++@ITFb?#L;yHod|Zhcs{ zx~-!|oa(}693c83=R!kPL2mXn9*oA4y_FX{16_k#p>j$+xuBp zn>7o9J=Ip;T&rS0GA@tLn+3xv`dF1gd7oQl>yMps)u5^GHM4K_)NBbp8Cko&I=yaK z<<6Sh`yG4Vwf*I~prRdU;$!!q+pW67JX~Ur?taD7-&4QHs*8O6OwAGK=z-P^>q`nN zk5+H3J5!PA%3ka`^!BdYu;aOHp>xJuD==cf5HqlOe9!KY4Ur2rmzM>GyvO-3^HPp` z)aLSy1K%l#%zStA&W*X@C6~(FlgH)fw#%uDI~f=@pdS|k7vj5Z?-w5v7LfV zK32gQt30?0!~Ue@ZTgCX$*4r>9uxEZj$n_s@rSC$pJ_M#;C>5cbI?N(=vCgWY*>6u z`KHaoP!ihSS-G=1vNn=!zp$S*#jIHwoKbCMFSjagO2&|F2r5bEIFBs)+_K6|w0zC; z!L>V&ee9~azhB;Mo|6}bR(Zx(Nc_JIV zT`W%6fbt1t>60gxKRPLWV{ZGg73L>{c#3*%?^iQB7{k0evLGl4E0=F9tBYyXT6s^H z^Vw1BMdMcu=v$?%6kq6D+TYt!vliskmve4?~**>>nedW&iS=Jh}eu0&Ad%uRP zZSG#4UCA|@f{XT882TQZ0L#ppLssb{o^ww@=j!z(xS+PL!eF26I<)`mtY`PCp&rYj zzF_mI&%`i?%6^&Y*o5iQ^zMZ#F5T14@9xmQZ*+H_<|rS! z$eDurh#|hq9l75fu{-*>8_Tspf!#Zu>Y7+#-jwK<$n{zjZbi_?k>CB5#_11LC4)ONF66&@fU%u^&%&^W=u((a~QQf9Duzo{HhVJb!l{d_1K~mt)6f2ZsJ6N*vWE z)r_7UjXUA^n8ev#x(C0JKG57>QFN-yvBNb(+l-EWZ?Aa-dt@Er4~Mv|#%%fk*nc*eQ!V&H7wc4uNcG}6{wPUD_x*c}b+G(=C1?irof)BD8a z7-R+{RV+ntnPZy2=gMi(JK{bmbFWP~GUq~<4Z{a4abG>=+oQkKyz<7U_ZC0(=__9k zd?ocSQ}$0B)c%-tg94y<^V4eCfp7cLYwzz4x|1FPrvO{)-Q_yZRq5eqPis2 z`Q_7#x35_?>Z4zh-~8;^s;RGx3%>JI$zN}M?#$ftV{g2s%$4|Z!lHM3R}PE%rK~pA zQT1h;3vazwIBDTjHNC?Icfo0jvscMtp3eSE}S zEnkc6cCg#jfl(cMeHVXV@~?|}jydzv?;Z_pJ#gITvv%G$erd}&mAjS?+0$~tt$*C{ z-N;@C_ZMH?Z*|yRJ@Yrtc6^`qc*EXprYGf%(Q`XgZg}|TV|n+D-tT#9e83YoE_^Ry z?1hipH*EaC_3WGpF#(%Dj<=TFbXUJNKU9CPCo!*Lfvfh|@#=Q_o@_tvx#Sz0FC5T$ z^EVHiNn4&8TbcUEA6|K*s_(4H2j6)qu+yOT*Cu~4YJ1%cOTU=4JpIs?DNj`I`uH!o zy>fotbz$21)$5mKyTh-|o%K{f{&N=}4=bo$^X;J79h&>ScYj>xSzZ2i>8;YQ-(3Cq zHw!bKY`fy!T|YhX*SC6%%m3of1xw!DGNaqM-(M4ZsM-FSsQ0Sx{-E>9*$%CBE_2!L}{mdTdBqYuA4E z<-VU4o;h;V{q2V@Y<}>Kzs&n%iv?Fdb7;+7JLc`_@$-ZK$p6dYA>a4EDr@kM=}&#I z`j0OZj%{;eWB&W5J-X-pW+!g%AK$%v zX87qm&t!AbhC!3s{8aa?yKV1QHJ9df>oYI7ZD!6rqh5aCne~62-MUxcr%$H;?X9a) zUl|#Qb3@-7i_g@R<8LBPJX1B=xcHMS_QtyMepmmDucs1*Q0L<`g?+2|6dGdr(78x# zxMe@TMHKFNywu?g0BBQh3O%qv7S(ATB=Qwu^C|(jgO#4I2t2ml9w*CLhfS#vpg5MZ z9-CwdGJi%DzXu@@E*W!{oi9%nM-~*vR$_7XURj-Nc5w{D(az%%LOJpOt8~4MW3~LU zjrlqX#Tb=%hEDx)G;agJb9ron<50J1Y*Etb1=bJm&lPezS*pus8u=@7o z;;-Y_lPi)ePJceuMVIm?J+UX(n@IKU$#pX#0c=&dC)aUu*?V$D5!!ol@l_SMC)aR5 zwI|nWB!5wiqtSxD*n0Qm%3~2~Pp$-%f8{;7Ix@f7lj~DP{u}Jcb0-Aqj4$cYY z7LE}i>CZ%*Gp;0wzt3orA`lHP!@)e~leAh%I!B!{kznr@c5XC^T!Uyw_JMhh&07WE zKAH!dXwaCOa6x5rAPZSVbvu1V<}9#?$;jMNhKa=9g)571l++=?-i0fRDNba$Dh-Dn zh;ZMmoB8u2U+wFRUAPvq%;}8Gl#yE@qVp^nSp>~H&z2D`m-1x_Iipeoqafp}^Sr6Jd#j%BSUfAMULHyL&S`z7|{BmucH$Ht_4^Oc6N5lB0nQ~ zIEWkx4+tW+`r=?nVtOGyxr-{p`3-Ijw9Te=Nsljq;`v~polHR7~g+q&W{L-;LR<3 zPeq(5A5riZs9;AS{38l)kISjO?b%1nejTE5FF`Ae1)~n>=EvPRe3pRToi7lT6Y#B~ zcLCzb(c=tazarM-96(o`$?-pv{2z!-Ml70V6i;xzYr~WLc9gmhG@f^8F2{!P0cbG) zB}PCObU0k67g>WHguK3*TNXpQsKE}RMUZ80infDIx0%t!w_pRi9jS=EgQz&6?ggv8 zN7_rvK>r8mJ;ferFLTaxY$%m`q`gv%)K2K61Wtl4Bf?q2-2X9}pjQE4_k}oQfgzp= zJyy$@+YLZ=4?^sX_89m*slZ0}A(ADYNj=8O7_1a9%RAuU;=pg3Uw5+K0?8sr2|%Js z6}d>E>qE`H0EmY--(HR`>`u*|XI5%=fLRrT(2x|NA*n0|8eYqM#HW~#N|Gy{6j2;w z_&JSYewES+MLCqVMKZTV&+|O= zsA67}32`dHh>pM*pp+Dwgu)avufc0j~1H*(+wov0q*kZ1KWFp13< z#i`99Cr)i_=C%Sj`~V6zxfrpHTWt9pL@|&*6%3IM?9xhUi<@r1NB3o+?>wc{%`YdND zx>$H~%Q_|gEY&Udia$&7?^1jO02_G#} z!#LA6!t2<0yFBcRXYX1U+dkL~2}p`~I7RIF_fPl4n-I>g!7bkocR0O$+v7#6g2~jy zC*NvC0=~C$G`F|O!*$Q63@*s6Fj%k~p4vqZ*HmriI}8B4O58h?d+Wv98{=UoJUiag zrwKR2OVG2iOe|-5BXDbUvB4hfarO@7MXWbdSpUpc{9Y?j?djJ?qYLf(>LPIdd$-TS zCWTFQ73}Y;36&ZkquAWg-nMUG<6ZWs=OC{*?@oS$eI$F^zNux! z*r|zuN5H8J!~=oLwu<_9crk5JE(2Tc^xu{nCV0m&h!Suj1Eqs+3n~!BtFvnNKfY~9 zt}E^S*9CNx&mcp7~nQV+hd?I`^;}&C+bJ8X!Bbo5c1>qLwCMRQ)1?5(-+zJX~Qw3!? zD9b@%jQ1wZ@do53X8|aTEfACypsWCeF&5v3$_8w5^4JA*(uQHd)Z8d^f!b-4vjnkc z;hPzSVVj&cZE`Y_ja~u^2!%a2IUmBs@iBO?Ak)}QPDZNX1B_`RPP|7jAWor-u!(%d zs0M3kY^Ykb$+_VT98|mHL8<%T1B}U=oKrSAi64M(C6w>dTo6g1_AW0`)G5%e6W`Tu zVH6HT@il0IPPmd^4G)b$LZukt6+q*OL>=ScZ60hd#>i8mR^!BWW5nA<9Q#Tlo%pzl zPu%1rJ_&CN0D%$KQ!7NPb{(r-uT}e2)P~=41Q=5{Ini*$55mi8qp3k8L8~@9ja`YJ zA$2F(u%%I0hbk9-h6CgLGy^Kdhf1=bMg2oMVUqI+@9z5pL!pjj{miBG^cXIuzj zj9rduV8jR#qq09qireJWD)uBRR;yL)c4$V!2?54*u_q^S6}+rigdmcjRSZN?F$^A3 zM><5s8d$L(aA15sJSqlGv^68Y+5?$ctxe9}sOA)S(VUqWGr)61)zQ2{2xGEhO0HHh zk|0K_SOqIqqg9Mw<-7zRU_b*j7jZSbtQc~GNP<=|5Jkn%{G{H8f#^H4UP29Cvrj(s zER<&CBm3lISEDtkVNd&1`VuPQ3}K8~qJK!?8LBD0rVvUW)|4(mso%f{7?6(+C#EJ+ zY4jzCBwP>GFqmp7^DqvK=fI=Qah4%7BfKAj{vZ^3HaRaMHWcax7&vV)T8UHO?JOWL zBAc99C{}B7DMi!%c{cemP5XUPTQxUO(bM**KSo7A!h!L>+oK+%6N)ktE5@`K!Kh*Z zVjsXOMTxo8MO7#UnleV!&;nk;nyTnNo;{kX2dL^tnyPBbSLZWT<#%n6_$^hvhy&vl z@Bs$q7>rBeS-7EU#&{tZ{*FjTF^bVE=xpLiViY4TL@*{5^@>%BVn{@Q?EnO6npRWO zFEvfwn0foc<8sJ=mpE(&JA@&X#)h#&0EOcRN&G-YD2%CJ(PM#Vm`d!;i1|^`*JC2? zfpMa)$cp|eXk{4OP4{xV8TAbm^+g|Gl2!a?K)XkD7z)+sQ!wIa@UE#oJZVk|I^;kf z;$`U0X1ql4vZVww41q`88AJ;>jsd>`;l8;Hi)_rRx!1XXu+1-nK>|)^Pz2AdLK`ni zt`ZF68Q8p8I`4Szk{|*M8t)X5Eo&Nr+iZxVa5&%X4>SG~3ZM)AH>yZg(%`W-D1(~> z9LHdVO~p|-3rE}(gK=6Wf`v9@uo#{T9)`3~v z50W)?uK|e-gKb&oBCzW>mO(MR!?@Ml`Z&PT@DRYDO3@Jt_d1T0>NIY@D7HHl)OT?F z1Rl9W90!v4>k$}#Ft!rOY`^-leF2^zq%=JfNSE9{U(T%+La`z67}Lli+?7jWQXo9? zGT^HG^38E=hH*MW<1YEHOTd&s9T?cB?NkP_|4N;3I~xPV>(h)+!u;S_CFOVrLDw|o zf}gHP9PRN#$OfTPAxlw?^XUxCpEOo85B_F&{(O)N&x?U_|BUAdRQnMA1pFuP{NVOe zcwYCE`)53ZF!v6FPlmr1{yO-P@Vvk)_s@8q!o1D90)Eu@B0N_u%3Udq&$h3EkA&|6 z-yOaOJXdJS{WG42Fz=Vc^HEg={5JUiMc%srR#BXP|GVcTkdOpIh;k9-Bt!`i!XX3< zh!PMnAP90%P?UsgzyOg12*@pp7A;o1RMApFMMb<6Eh<&4KoQZRqE(9*6kFS>wH9wJ zwkq%UJNrE6JUPVH+TZ*BFYhFK=CjW}^UP&uXLo0JXEtErrR&eIJd8!%chPNzs@EJ# zCYEe0?Eh1+A4tabm{eR<} z!|vNSJTm%kryc&ane-PkEMhW6I}K(qgCnPe)X5+@)go%1ADevm)Bo1Mht2>e9u4NR z3{s%+F*VCLLFs=oA@Vy=_ft>6Z$>H-jQ1AY?6#OfxC!Q`Z0aPOarihPKXs^(iwgRj zg*XTq3X&x<6p^E4sa;}WkwlRp6Gw&B*fS+i!38o9NG_`dstZrS#6vSraVr^58e@QXAL| zQlc}5(*80xQ)i$Vq%hdoYC-3_O^xjxKeZN>jC;cFlX%%6H&WJdnUbqQvUNhtitf+& zR#(aXAF&coy;5Vj^i!wBQm=Y8^>LZz&E`mDe(KaltY}ypLd(y}bkDdwC1s^YfuB0A z5zBEa8b{-4R?Bs%v&BkEYFx%z)6CT=Kee5!K|%9Gx$kD0bu%5uYA)xVZA=pA2fv)R z*5yr(18s0vqumV02^Kg7Z$q1CF@hK|%d}|(UqKr-$Q>B{+(9_V9e6I=;Zt0TI>^oZ z8yrpp=NTA1=v5|V_ z))~OwjJJzPP97YyS}uV}Cf2oH__eJNOFT$a$XO0?er+7DZ@GDUF<0+~CCpY#0_DJ9 z{8uOQjZ2&k!rtLFA?%y~d*%_oQ=`Tl**0I83Ek}1H{H33sncqM3_%^$3B_d;|M^`N zf9Di~CY0yAppJx`MGSlOEmIf|Ik#7jA}^RBh7$yT?}?0M&Y2JtNvhQct1d}8;%q&Y8syb!Re?A3r5D&{u_9M-qdTK_{>LcR#vS=OvJZMi!4(it7 zI^1eGVnUPlDCX^I%OUU-=p@ zI%CmYu6Cw@Zx;F2;BLZQ(&OdR2dw#;0j?08=fF5OyYwFfuNJOGmk4`Bn6D)O&EsZp zdy(%o{66>ukvBnw>>zw1nEl|iGY}jRo@8|D!CghJT^1qHD|!+aiY1_U-%XbP_xC z=^C@c@@JXQcZ>pH87xNvk^p=Mtdu$w{%7-)^F(B(_HH<7c& z>BDIo^xvBeXJ>S!!Bcw=O1pP{ZtsU_O{42c+RN}cK<7L!#-n==RCE? zv5&32tY(GKfXJ7e#P1bgLJ*J~80 z#qzj3!QKkk+mFJeJ$H_V&w6lMg1z)i&sz?;IxRDf`>V`t6D9@^ouZY{rGxov>_5LvI>9rEnVtM=~!Cs!RcapJpg4l!STm&}@C3+A*!efH2Efj3| z^@F`S$XR~*ShV~K#U4b?jXNe7e_hwrM&|^3TVO9L^`#4x)m~|Wz0Yy*@GBK{$fk3r zB-ndz3etxLm+33OqV|R**jt~A*OE+r)gC{PQDy{BoalLd!a@eGPTiMKWPsp87tUk{O zaToR?u{M$Cf)LiN3%k47xFqbZaP2x<$hZq1l^?cHaTjiI<;LC z*LftyUAVy+o8eE6Zv^4NLBhJN0o-mXsMBw7Q{Dy^*nbS${?NG zcGNGq8!nve1y47yvH4~ zxfQdgPo1dGNvKp?G5O+&)pO_6EyN>$+NpD00*tVts%p;UMB&uB88)SILoXfmv1sr} z!99+NrzM_2y?2jq3vSq1dT0yS_`$LL^QD>M{`I?38aSUPe7Jw9!;`Z(wPW>p>hq(4 z0#ExsPrh(2E(yzh?c+SIPSfD*ps!M$+HrERi#?28>1B&e9j2F@Ch2!}*x?E1 z?0{o-z%e`Em>qDU9VR7PnssuTl=)g5SJ@qC9b>AXnIh9ZRmrqZPK)9Pj>jA2jEkHm z>=Y7_R!Xu&owJ@JOjKe}5 zK6~J2r(`~RxLKIb9)2dwXAhh&kUD(!z_}X874SLdADPb~ejv=}5Zi?L9D;K^Q-{wX zIt%kT#ACvI4)KgIU#;Z4Ce-IMiO+@kOoDU2QO;))%Y^w%g7d3U&Sw&NxCwST@Hr0$ znXg-p5a#oViNbt7ajh_)Py9ug&nGyiFT?Wr1m|FI_TjG==Bt=b3G-RSi^6Xg0OssQ6bD{7>9-V3?ms8)}J$JmYC$KF{DM0t|Z){>3~-zImd2cKIizo zFrRa<{h$t?b3}ysoTHyGpL0wQ=5vlqh54N0dNPhRwr%7zX+LLUJsY-p<&Z0!51;Fl zUjl!K@Y(Q3kt6tlBWwF}Az1B9BS(Vvft-dk)2+pljkq6z&;HKr9Q?qMwcW@AQ;tKy zT^(w>Q9wDuvY9AZMAAb-(Zs%jOP&Bc~z#bWYwe z&MMD>D4WLN$ZDTuLnFcB7+68rZk0`W)a#x!mw-!>+H6I}46;cx!w0Aaz;?@}HAM zXE#~ymEIsrya&lVpy1vEYrDjL9JS-deiEHbR2H?9M;1G7&TMIy3L)3FXdrbYJ?9v9 zb6`u@awF%bMB2VxP8OZ3$kP5?1J<_a4$8&;LxvwEOW0?O{1wCR8vfYuKMkiO#qD$M zLyarfaCgJ~3=bg7aWUG+CmZ=ZBfrAPIhUcvb&rw%!pNUBa(*(U`hPZZel4u>4Accp z565y-xtq&b(mBA$IoF_;`T2%9zo5$bNv!e~vXuFAhB?ol%9GHzC^sWZo8KI)?SC%i zvQIl1{T@bMYIq1)>d)WNg==|L< zhe*&g@E(vhsgL*JV`<<(gQ~-M@3eeQGCJK2bACJ3In~I^$dX^qX{S1z$4>LhdrswP zMrV$Z*OA3ez2P4l{+Z!@hB?ZfhUKU9%EzMJRp#f2%BLIV@DM7$mMr!2$7H!yxdp7( zEe}vG^>dry9Y&v@v8x^47wdJ)2VlK!`I>UElaBUVxg}YyZTgZWJ%h+{tx^Wo>y`oFnx5K@<+V5?6 zkm2(UR~o*;FfHr(8qIc$p%UX3hIzfK`n=>)W)k(B9yNTj;ZqC`G(6bwI5PGh-2^Pk zlMPQdJlpVG!z&E0G<>b$8w}rS_%_3v4R0~L-S95M`^nf(bZ=o%W*edWC&M2b{?st< zB~;(tM~F>+pssTE2P(HW95LM4Fy9SP{nHE&G(6Ps*@ihHl7^jRc#h#3!}W%F{jXtp z&98j3;kyjqYxpt4PZ)mI@biY>HT(y|pBetUVGi!C=}9qstl@TsI~ne3_+-O;CqQkM z8Fudg$bLNE$S*QH-|!;CR~o+B@J|e{GyI6*Ul?}JsU;12jr?`P2Mm8?_>f_DeJ*zV za6G>mhFcou*v48WIflC#?qQho7^}X!o|m}X^}O&{qch9!C5D$6t~Y$W;hPNKZ+Nre z?S^+5e#!8whB@E4rvFcdKQqj^&s8Ux*UXZyRKslyvu|B>x)^3ZyUICuvhq;F=NdlW z@WqDb7v*Ei8-)nfQ;cbRrF}&aKdxqaP z{H5Wq4QKHBU&^7S;S&tIdm_<^8hNo{cTXfbgN&SWpR0X7k5Qgtn8RPGe7@mDhB?Z& z>fB`b4#RgFe$?>ehMzI~Ys0S_=Dg+_*9V6A%t+<`GbUzU2|L`#&oNwKc&gz`49_!snc*u9UvHRmjcXb<7~W`jt6_I&hQI{-TjpG8~llK;g1b}YWPdT?*2>k`D{_crW)q+MU`{N z809>}96eg)-3|9Ne1_p6hDRD6W0->js?CXpIo`U;=NVpXc)8&p82+JQ4%e=BZZmwB z;d>2lHoV0!M|)R0&l!Hn@T-R3GJMeR`-VR<%<<#ZKF70BZfcm%#8l4t?v;-<%;D!% z-q~=}aIxW24EHyDrs1;;b3l8wf05x?Wa%ro#4yMEQ~6@UmmB8ra;n3@?3I6N*xeV4 z{f$P>VTe@!=Y}~7zRI69ywC6}h7TBi*YJmiKQ{c0;SleOC2gsOGYoTRV%3Ql?qs;D z;UdHCK3(khH*yZwtu}`mKHD&diBz4*hUXbxXqY4JtNtp(HyOUwFyC!f{mq7V8Qx=< zBk!yJ+lD#5zREu_%okx)&MAeIIdqiv1#t)|}h2fQkZzW6L(QStBGJLP$&4#xa<{(@>0XhugYD1MW6Xqxy!G}nO~KU zGd#g?rQs^W)rM;g*BM@Hc)8&fhF2P1Wq7sW8x5~9yw>nW!}lBBY

|t%kQ5-fno8 z;XQ`;8s2C46~hM&zi0S;!yg$wWcYK#hYf#a*t7jhhHXC{-v`kB+s5#>_2cCk9lrCY zVG9gL4fCA=)hRLD&v2>XL59l=4>LT{FyAFm`{jnG7_Ky2Ww_cf-z88x?p*?@|L$D^ z;pIkWh2fQkR~cSy_(sEP46il3(eV9-Hyhq!c&p)UhPNBuWq6O_y@vObrOkZH@Ik}x z8GhgJM}`j@{>m^uK#19Q{hSh)>*o|sH#%*|(r&jm95Kupn^ecWGa&lKMqXl=lk=#) z>kAcq*B2^0(&&sa%=cF{>;%J=hN}!$8?H56XLzyUm1OjZ(5*7Onk?tX8x5}^%Q!Bugl1imtT=3 z{kDJm2kgg?bmsGZT+%i%1uW@VNtQG`M3#7m!Dg0};V5B7H%^$v!e$Xw+&n`FkdPMC4=nF8gE>ptNK_#t7&#pesu zVO)H^KxSMokfp3%5$5U}!nDuhlsdHkM`0Ehk4?&1M4t-txfzdB%K6-k-$|0&gL!O{ zbHUAo^T5r8yMS}ZQpflVg3R~Li-f7)N4N+0bm0>4aN*J5^Mrp2t`NQ*%qcHv^B(X# z;Z5LW!ViG268pun9m@n-wynH z;r8GUg!#_O4NJ;SoT^Z5mt_5A|j#o!8I9=p?p zSAzMBgZiAgqehtLw}rxMz{`Yr99$uMJNSpf_kgbxegJ&4@Xx_N6@CPKr|?$ry}~>` zekQyF{D|<2;3tG%1@92v4}M1YP4M%=?}C3T%;V-=;lF_YEX*?aLYVJo9T8@E@c9VK zfkQvH5@y*PFU+B!I|=hyP!C~#cW{a@hkrgp_*M8LggG4ac;VOK^Svp?#dn=%2_JyJ zK$zbh)C+S+=pPDmXy_jcbBO45!W=64USSRy{c~ZyPxPelU1)>&tpww}7yObihl^%9 zDCe-ze-P&TFMkzg|KFFw?EmBQ5$bd3XugX@<`B}Yg*$_DggK;iS78n<-AkC?7xWkA zI}SsHIh^!p;q~APg*m+RbYb@QTq4ZjrY{v{e-EFJFg*`r;X7UAW@uP%5#|uncM5Z; z=?8>4_6Bc%>IL43v(#ySB3e#&O5>!cKQ#({1)NQ!u%fL6XC63zCXtFaN-?4 zHzDr;b8<`aD`1Rr=$O;gv=Dv=e2nm?;Nyh<4$cw&8q9ahXeSdVk8Z-pg84lQlV2Sn01I;2tG@=2bj-XC@%q@Cp-*%q3}82$-?J>X9!n;`A!$K;?e-}C*Wa4GmB;elW`J{jUY1AJKIBfoRUn6`C_y*zI!E1#d0<&$R z%`M;ug&zfP5&i}Eabe!OZx?fcFdk8vL&C3*ZlhUjiQz{ymt_ zl9--9g86P9`2#SYC6PY@rwH>pq`B~?;B4V9!0m*2PahHfCz$W-(GIU$3WR-}r;3D= zz$LFIt7DiUR<-(|< z-VNlI0JvL(8Frm8!`>y#u=ffx>^3qFM!22A)Y&7$l%A;8Jp4!2H#?(7eaua`q)Is%l)$ zW&{GbepocFGP1-qhAeTFlO--5!+H-@XLyC-)npbF+*&Nk8x8X~(R;4#hW8rYPiBJ& z_Z}AILx#UHoPxTdI@yLJh6@ar7#?Jp*S>0p*R{&LW>u~=yxj0A!)pw0Fud9DHp6=i z^WIA1I%t^pP%1xcnDyM6;<*FPY< z-h_4c`yzMu^}_D{U3j0-f6MUuhCes#;egh>ryFi#*nJ-%_BpPN>i08TW|-gls!qA# zD#LY#R~Y8FAR2b9;f;p37~XDpuVIeYq;}pje2B~j3hpbz?)wOlXD7vVB8CeLmlz&I zMte>-((nYsm4<5#FE_l3oEg|zV|at%&17kl-Fr~NoG@PHuaKqfJ!tqN!-vW89ZeD% za^+0J?G5J}=5P-+voK^r;hgRfxE{TVdi3m59PQl;9F0cJZ|~m4kx0+to_%^#F;d=a z*%`wIW2)jHlla9%R#@V$louS>FU3xj?+tKYvB$T67h+q__UV7pW$idLEBtKE2mbR( ze+i{up1X78@FuA}UT=9I84+#Ad8)_G*;y~oZnY<8f6Mp%tR0ydhdhLNHs|?J4zB8Z z^zgjS=>?w>er;*4b#xNw`b@Y;>%kDIq7<*IeJ{Om8OE0?XAGoyRuwXeVU?1+1x zdOlVkz1l35?fQB-+y`U%#}wDj?LUYHX0d}dF!p2gG(d1 z^&2}>*F_@>qUYa|-#uC!*>p?Uh($eb?YT0muEnk0*7P5jy?Q~UPlts^&fm{yYU<1S z)86R%k`^P+iyrO%Igy-`@cV@4Tj9Q_s=^k=KvhTE@t3sAp7{ z*Uy}Ja8$Ie!~Xs-xrQ;7@2($tZYCltzq|h6*y!V1*54o9cV;G{i~gz}(UiYdzq%%K z-==8kg2?$#AjVBk?CHLL#G;jtuPi%tW52o1p1JzQ>!hQ7aP*mEB*dIG^qcd=Mdf4V%edTn%1i(m9Ff0g^>;L>^| z;NXMx)tjRGUdfCu&Rp4IPyg}*(d*}AzEKce8F{&T=JFr0)JnH7KJ4}Cy2$1yqpNR? zKK}5cTONNsf5e&&E4$zN#Kuwi<9^Yh%clGeBX>n-x@;|}uj~-)jD<(mwAlV@=40~{ z_4oEiK3G6^*RMQM*<$t52y@@9KC&iSy(F`|Ftf6Mq*G+%-YD|28*%QtroOU!ki|9A z>pE=O+hyg(X{C=vpR4S+f@!`bqu1-jQfg=JHKZ9+*Q)H~)~O z6&Y2(@1#uF-ZTjN2UYdzL0!fU9b3}_73b$edyJMGqwOFFE1XH(aW6NfH%?!c|5e=zj* znO8L%-)=^ig?&4pKV(tRdK}*(lylt9oOUngwEbO9n@@9EXYHuYIFz+xUuS<*Zr1D9 z9SE2BAJl(&$@zI-C#62Lv!dC+j;%%>98?4mXRJF-ZTi=1m|V1UoBM;LQEHA91yLW7cKuHS~lR0;U(7(?{nGkzH^87n>75?+~KDT9DZ8S@c!|5 z%C0?F7&+8G64(rWxldZ{%*lE=r{(W*G7o=}wPR#(-b$~HpGMrN3FoEs6$!FxBsD3L z$wvT3Ic^KLZ+zRD?pF`IZqUh>y!g-UkKFa3;u$%d>uYMUT8+ElD3+d*LtVe)G`V%kOFO)=z3b`N@tQGk)^km1q9)ue*P`qs89a z)AQyOe9&#virS%X-Me|h8!Nw@KkA&**38=7W8AOA86~5~)HIv=M6;Rm3!mLte?`IE>u-PmsXNY^)^20< z56{|p=Q&l+w0-~jm-3q2^4b->ntxuserD#eJ2tdUsXF?9s(&2$|Ag|M(^EQ;)!5?6k#RdczUudSY7=uAjW-nMqCHtqT1pDX9fu zxql7Cd05opnk1$h0V zK@{$JnFMj~@&sWrlXxgDhYjh9a4OmOP27GOl1*Lw`qj|)`B3*SSmjNfx=>2fudprT zH#y|Ilu7hL$wg2Ig_`zI!yMpj^XeK2AIL>5p68Ch- zPnnLDChUm_zcK>9OBLu{QG+Rda3V| zeSa0aq|_=#k>N+Fl-dfv$;bPA6r0|RgPSE6_%&F`Ozp@p{rqdNlAZcCSI+b|Vx^6j z)`8mmK~mW%m7K)xsEj+DfRU%2g&(Jp?x-GHpmh$U&6AUQQ-hrb>F(#^VB>5EG6HMk zfGuu@n2|S7S_nZJQ(=r#5yo$TG?NAQOF+vhfc{=qb@J&U?wZt}QRmDM?R(88&70;W z4+%Ypm84XTG>|+rL@Q;@=2ujC$!EDBBfU(PS2{L3YfbUq8;-K%;UPxQiVsAS?+bBr za#9!ka%58=!(_7;A#`jgJQe;iQ);l^j}0-K$JCLiaxBvjIxbWT_OjVa92ye}|2U>U zCZ<2eB`we&ALzG^K+n%(UOdL?uRRPwo5_~4I%OPyXW9Z?) zP$(q=JIPR@-BIDiwAH!*>ppv!)XLRrrNAfNj}8CUN^(*gB&I!Us^8w_g7$a>_-p^9 z_S*YIc96AUu|tu?o`f*%_(c81AeGGLXr_%xMAn(zzaU%&^L#uX@A`wG?HV(GEg!v{ zz}@8!&ck*dHz%;3_=CG+bplp9bi~ieP>am){842L2|=X7^G9=EZ{Z5|gYr{&ga*fQs^ zq2VV`POFkyBU41nt#NvFqzi>GTeW6TYjCP)xi!9k@8$5;{zlcBNiDvR?qYOn>#&A& zLF;kVx|mw?(M&rnw{{iQyqtZ|I;dJz)M}qDT5hd7*1X&Ze*Oll9bJoxfZrep>qRrq z_d1qhE02-mQ64x>LQC*F+AqcS&|(B$iX!Bf)n4Wz{ICYNrXtJBV5P~M2BH6gzY2UJ z56%~OIGuDEe*71BSe{rlbvCdbYMopK+s6vlsk(Nq=f6a0erG-_@qbIkar7sKY>t4Q zM~T07Gup>d&3y*o;A&m^AvMS%8XQ>2^t^ni7%0gMC``<75qSFw_%>s1knY z!jKEGM?<^`DBuU}VeHKzz(~og2{2`QC(83?%TKJZkFo!DZ@rXbz^iM`~!C8$hJc_6_Uvl?*8I$di zK4-F*Pb`9oz+^9Ha&)3echYbtN->$7l#6f~JT19Pg_E%+7arZu^86lyv7Q`ek7Y(D zV9y^gQ>XY{k%r(5+4CKsKio))pQp}A%UwtW^fFkRi&>NWg1EF7_h0DB5GzDFoBs5A z2;8-n*LwkwM-IzBoe*4uO#ykmE`f4rWr#yY1lt@jG|qvaK$^h{a5C3JeN$NpOT0d# z80eH#+TuQQk$ETcL>TIq%F0sW^*sn3Dg;)`NG?Y7T>B?BZ_!uD7%+`MnvDQ=}{D?i*kEsd+}&Q8gQZ7V?-Ow8$2 zlZUk8YBQ{+Kvh=Lj`2ISWvKLIkA^c&a$fV3kjNI?Hl!7|X8L{rEpxEFJM3h&@?Dh4 z+}ui%1EZ*vg-8x#=+rji5_C**EJ|G56`PgTg?|6Gs@&4gYEs(f=7BCbZQ@}(*4&U*4GbP1+m_a;ZG$Z*NK`0G+U|e^ zHXqWe7z6P{B(1U~C(R$*n%T`o^j;8sM@OB;_965b^0;SyKCB%p09mi5ATj1BVCJ#IdPf{D@`6=2Tok{)R& zzAT(`ifly8Lr+Ntc4hyz3|kyeS0LyWD@p9(er|8|4n(Xi#UeU6t`+E%z?Ro1E~Rp? zrEkN~P@~Jj;(Md$6*|0#UQaAZ9$Kw+fSBW1!uLkgK2^i8+k|ip8%%FmI{kNWn)SUg ze85l*2a?YAWS@j1^bwuM3Y3H){_}c$0Q0KptlD}Wya~dXUg6vdP`jN7tkVI-0Fq2 zdZ)8GVLv=(6}6S#*)GfkdeazBasdfVMLd*kVi!E&;<)H@|RyFy3k|o`R@#B@}7jH&z#}&t>{-yG@9NXEX`51nk?(rq}>89 z2YYWFWqhkTi&;WibFf*rQGNhRABHjcOKOn6B%8m6Msn9NI9sDrzL$w*+fmH9>u6vE zmcHNJ$O1I8L0-g$7D+qU;SHJZ=5%#ZiXzT@jTg^ljc0aZjc4{D3lPR@ymkS#LlPN2 z*O?thk3Bejz3*?1;UB?L^4)DL@+3uzJSIrs$y3+rmN-4m_EW%g7zw2mP>8rS=ylT zcui_NG_CEBNz@<|Btw6S1t&Fn{FLJR8`EU*!-wFcG=Uz^{HJ)B8s6)K9odc^vIUH{ z_E<5^J=WsIgQBr^C%Y6bG1*;Wv%AD*cd2VBmw4?QFuM%B4vX)NqsKFDiT8btF*L`; z?fsoC%=L0yYUVbmFSo$Yk`CdEv%qPR{bSBTE zcOtF@dZPly>&SOErAgwKDf}V@7cExQ0iyrlpqY=dat958DP{N^XLc+-UU&UB<`|xr zegBaSoQ>GJ%=Z>F*e}ec>*?`E(aXbv^CmrB@ZjRz`Sk&hgcoz>{-G~~xXPqQP2OuX zyni^sDU6{P=uWh{V`7z`&kBq#uM2%|BCqezyGg{abLsf~t_etn?th*|CS@2FH;Z#oy)=RC@g5E$H8M4ERfzDEFmwtj{c%Rj9=%@#_wD#=A=P+2Pbm(S$sbN zTj{xHuK(&jE5+$vL{D`amVaP(4887Huv;Va`SLq1SR?cqFyvhq+r?e5y$2Rt=F;P{ zC=>o{fd~e&=D~ zb-%jrqI*B|H)G+KxBQ~;Nh~|C@H+Q3EWEB(_g!>(5qJU?UcH@!h1Z<@u<)Ky-M`Yg z6ngy1^$INf!j;!V>KfbjF}5GV!c#uq&gNyxKd|sBNZr5E;n$#NVHu5uUx4z<&xu%g zdacC5v%b3TqPqe58?ii&<(F7?VcCs^XV~Yk?8Tz)yXbb09Wm^gK-Vl5)>1Z$Sy)&< zj>9q+i#pb^Vk{?PVGG<3i{1V()}O$#3(NCZctg$OOkHE!-qMZY|4-Iye!Ua&_}+r= z{}WHy@Rl=c9oK8-PVQb=QB&ywyzZ5AW=-urwPJ47)b0c3PMJ4j_8e@SJ7qz|T!?F` zONx5;o;+ukV)xoPbE;~(*VRs)T~pDms;)=0ceklk)4Es9nACmxOk;#dcKmY9Bt@(bx;&ctD45$7au-I=8Trtw>GnlqplEfl*<=c)bOT$}kD} zuc@h;$WnoXb;3(_l|8&6%`uI(dZ4^Nh z}n zC5w$De3bqoCrM`7!hvR>6Ic!;zKeZ{`_*{4caw~@rH(IkzfIlmQl}qSaG_jIQYm%h zrs7poT6mI5PmY^PL4MZp$UHo0*+Lxd<9$njy zmIO63sH;J3x5tG&f`X$XIO6PY5U)M@UgbC7ek!i%<1NyU(3G6vj;vGMk$Z+aB2IB> z9_+ZU<1<`~>Gn3-l1${N#_4Cc-&*$@98*DFY)-XJU;`PHOxTr%ZAyJ-A!wZonVyCX z*#|zGYgBf$b!_pR0qj=SoS{`}f&-n+LtrL|L``Bd5l`SS!R-U}UMJj!pk}k%XMSo*ob?$qye`B1RaapW590a(^6S_s5T2)6RG_6RbVK z8L7dkxA0g#S^hwIcIKdgfEKL%vdy)0(i9xtEY1M zTAoiQPOhq`shP-Cotrjxf}R+k#CCG^LaM~(%I#S+DZvCcGbGY6c@AdHt*iB98s5o# zVJNO%$6iEwmxy< z;IU_)K4!>>vnRStHJHqoQ}o7j7oT~zsHj+Co;SN@#`M`!r$i>>D$6_b?6Hy4Bkme0 z(rp&wn2ZnEYQVGSbYm8~)l8jSJ7do5ZdEfdPjCe{O^P^6q9<#^zv`s|n`7M5F1HOV;kO!Y!N}?5Cq5Lk&Ul8Wz2)5%ZA#_-x5E1U=ci z@qB5jWV_ZhQE=ZG$^_CPLUnXuyfaTfy>BFc^4vK!HM~gfcJ`T(9)(5G!f5AU2fJI0 zNN^4AjdK^!6Nk*6Hpd$~`izMK296#vZ0wjbCJq}i=8RDThK)Wo+HAnUA*c3e#%odD zcLz>yUDa1PpW@T;R)(%1@M7Uqk3R1M=xC!cwmP({I<&1!`^r||GE}^zeEtTv?7X1X zTO3U%x2XfAl$XGdVAbu%!kUG%(As!~HMMgCzfx)L)T)X?X~zoVM_jxm zDf|`(Fp>tO;_BOv7#QT(JRabeo(;3tdB3IH{&a z)Y#hpi&9D0Y>LEgX;>b1OG07TO-Gl6-I`boZd+qzkPs+d0Ct1s-tFlbbLY$|0L9j+dRWoKInqV`k zs8@(?j#*Q2k|+$i7Yc)DT}rWQP;n&|tW?jPQ_UmbySfMzd87uf69>%>n@V-c>~&J+ zwn4*#o~iy|hUYf+R1K7Mwa3Fz4|8D5#;JxW9|?PT@M({oW@>LD*rsn7)*G{TzJ!72 zT&=OkUK6#q7;Np8%Qkq#;Xu0b6XOg zW>A;*GPsU~_Wp*&+S@GK;5nx@KEawYH>`v`hNnHAYSdm9j9GhIWE(u^)J6uBl)2$X zW3MIF)m{&rSFF9Q&Px1;+vqw2$gFF0-=^0cN-Y0>r`Jd9X}zaCy`-RhO?xr)lqp}2 zeCU3|t!ykG;}YzBgl#uvZ3qnqPOyhA!*HJqh*}V_h$Ati3xD?3KgbMkuge@hPL`_vr+C znb`mL3LchKL5KDtSk&IT3HCS_s9xegEtcQ6671E&9>3P2Jzf^6y?-Rw z+ki%;v3Bi?1bgexiI-oVvBxhVp&Dz)Id@EB_BgJo<{j$ZR%7oZW3NE$!E=sdhSf0w zacZMeg1vpPR|g&DHy?}UmrsREaBmPAz12pb_D)W)S2hay#lc5=yp&aY{A$Dm_c#y5 zKsJ2hblZ>wd*x$M-w-$L6<|?&=O@@Z76&8aRj2l5CFm8l#hl!ksufQYzev$MacdQ> zmshq7;_Z%gjdw|cy*oO4UO5AZ(|GF=?0r5b7_W-?=z&G;U6)`lghJa7nL4$%D#70V zYMg_yk7VbF-)mw|H{1m!wv*~q?>N$OOlNDurB+ zUsgw6Q5Ah4GD`uzL|BE($j|!*aX5BH%iYjJOL2-wMS9=r@fqA&fuk!ol;vm?+%fNT5Dz zLEMGim7!hdm0jG0W2G0!!X9g7+=Uw)S+vhrM&d5)IvDJFKks;1WzMs_V;htR>*+u& zybj>f66HS{KCgWuvR)3Kj%{2P>JOT|m}B_)vZmpGfOWm?r@b3xdl0^zcc-lLS|tmy z{#@4S(cUgu=e0)`>fdi=ogTM;l(6oeU5kv{gYWEuYmF@A;v};RxxJgL^T^4<9nUEZ z)=?j0H?ZhOJS)DI&~F&;n!t_yQC-v0MJQdA@mqiNHpW-njXJs=rGJ}Ya1Y!t3(Z7uQmFU*!Z8`nN`r^E(?TnYqw098ZcAg<9XWGeWk}qe6oepr$ z4mf599J2$C*#Rfo;d(YBha;y&9eNMK%a+E8Z{3h-pGhavJ~>VHV@HuQE^?ae3nn)k z%`A6iUoyfn9&OVp{YFlcy217?J1wx6C(N^wiwkmg z-3}2sZvEV=blJQS64vs(5bJ7ZIvF~M#v`Xm9au#F&a&_e136WF zIrTH2zPrFd{N(O|jyq=M@`P#fheIpgA&!{lb*Y+>4OPlo*nd@gD~kDLw#xP0me^EyVEeOhGN=k*Mk z^o{DTyJ=# zFzv9c{Z{yaW0w3j4&4>6GVf-Td8+eyf`ZGz;LQLf1x2 zXT0HZ!_y5{8(w1gGQ&LAXuN9--)ZG9zYg_av<*c-DyAA)EEM@EN_eJMT%EitRql1?RV{KG3u(nYh zD3`E#M(1R5=OErQ$P(8uvb04b!P+iOrCjXHG&)Pja&5`^VAPHq$64B+^^j{@#JOJ7 z&eMkZhOxF?pOGa!Uy`N$`5LV4PgYXgPLAP|$P)HsBOhe=9K#nGc5~QE9(moO>2!10 zi<}=tt9+f|`wc%tmgDPJM$Y+HG%V+bQJoKr{O^XpHaab^&o%7vhTWX>5*O!LQJvEb z4-`D8hNT?E$i*IdfQe!bzJJ8q74 z(dWDx8rIFlF7|%|Iqg4;=Hhoo$IZ(wVL6wErss2`|FzL?g7!dlnvo^%oHIk??PxgP z==3o1eq>2osnHo`bjBKXbGJ)ela0KJEOzD@zRK{OhIbkMt>I4$H$$COn{M88v466W zk2Ac0Ec;?9S*{r_1MBs}&6G-b0ELc$gd~M`Qm0HcXM@%O*bdE@ZXJ2 zGL8vN&vAx38)l4penj&bV;)W_XI7P2EtK0CW|mYQHOyNSm7ijGpy9!W#~GerxYBTy z;pJqs9ds+ODF4v#wT5ppe5>L6$vF1tHe*qK%^&f2#5m3`fbRuXM$Rd9AK;er2Z2FU^$s#hEg%&y~v!Pd9wA z;TppW3@H~g02_YA*p_^*cD*b!2; z?wPLeH%6xkuQ^5D%XeHNyX$AMIl#!zFg)DwIfmUx4ia{Pkxw?v z;c_+J*@ovDUTD}o#}u3Vnoq-CW!OEN6djJvsycTY-emY8!yMN^^|u@5^FNil>wmHT zqLK3%oa+3}@CSzfV%W|5B6bcNxx04|IY&KEo4j{WZf=<4j;cJzaK7OJ!#xeVdku+; zLzb$Yp@z>f%&!?$XM*8!!_y6O{zlcGYk0olrG_sve3jvA47>XmNi*+X)c!q&?=$?c z;YSTWX?TZWepRV9_ZsHFttx-V@E;9-XqbaFs{Y>$^Il2iKJOzWFZggI#uS@2>fU-8H{3hXU3#j4|x4 z&qZgtk#n9o)qlY77Q&f+8Jv29K&M`FE+f~Foz{pJ6jBYYWQ!4zc%di znilJH9L8ArEW;doPvz$t=0L|Pztix$hW}vrBg2Ob7xJ1}(okfW1176{kzo#<_LZ!+D1D z4MzWsI!@MU}oz{jq61B>^8ZI*2 z+wiG|2N>o+)@o;r;R_5;G(64lOv7^x&o|7WvDN-nhB>;m_8Y7+lD!ww%YmJ@IMV7G29e4)vBLnn0*f_Z*7?4a;vkV%(%+bG9{}+Zi#<$A%8s;G1Du2f? z2eQ__pwA8e)9?|)9Ozp0k1^cdaKtc2wbnkL-iA*#JistVy;lA63}0k;l3`qWcsd^; z#IZgTc4O(Y4|efr|3-Vt83-km|vBb8fJb~?(!@8%&*E_enrmws(hT`35LrJPcd9+ zxXN&~;abDX4X-e~((o$7s}0|1c#Yw;hSwY3V0fe9`wee4yv6WV!`lq+F}&CCKEtmV z-f#FV!v_t&XZU@?9~nMm_;bUa>9=wHZ?aEa|C?~S(aAKNZMco$_J$*d^9<)3=Jx_x ze@YDZGhAwTkl`}J!wmEJyV@LMc%0#H>))GVbSe#38Rm0&wO?y^x#1OtR~lYrc(vgh z4X-i0*6@168w_tWe81t%hPN2rYIvLB?S^+5-e>p~!}|@tW%!`s_YA*p_#?xI41aFe zV}F#i&q;<;45u5;G@Na?jp6o&^9{RiKqRiHk#j~SO+$%c_l<|>mrN z7TP|u5T09h;*)RQ+N+`W92Bi~WK3z)}pmXsAo!6S2($1j=j@|_kkKPY?+nDw0U)!@g4uLo}zz7f1zn9t%^ zpQ+Dlke7w|TyDScS}^m7>4~6dl9}?zu%HM?V27e{I5gbAvFYRmsrwHE< zX1_h<4}r6Ve-3UZ{0KNA%;$k83I77jK759K5?my_1I%IPDgPDtG~s8!gM^<2vp=6Y zzXtQ&A@cL!bA?|7vp=8mm%x*RUjnE? z4?JJ^H1Kj^jy!p_@G`Lb76dl=Tep#6Nf4}fZ@Y}+p!0!o<0rMRy+UK(r zK7$~$zWhy?&sDw>=KF3ToGYkP4o(qfooX&T1)MEB4ctz+5*!ic^O=)`SqBS*`K+c$ zxEfp{JQvL8AdI&bJV=;z_AKE#@Caefpf`yu*BhK|j*M)0vxRxO;WH7+c`jQd%ySLj z4Wm2@e5EkY>3nWNIXenEI7_!Z$%V7_Ciiu6z03+eBX@n3&9@=mxDhQo(2A!@LVv)Ve_(B zAaH!&jLg@Aj}hj%H6k1VcM>iDcN1ng^b}?}^bzh2?l0U2e13K!NAR1%pM&2K{s;I| zvRs!Q7DjX8eIv|zo`ecc9f-UX;SBI`WVwFM5oXv#~Vyx#TOJM<#t;{(nopAc}AjBiZnO0f75{J@oB@p(Xr)3{JHvACRli7StC ziOboPxOiM?TxDd5YYaJpAGmTX8dnvW8HcOGqP)WJYBG)!y0uu8HyYkTW}(4t$D+K~ z@P0B25AHoI%7+YpMMhgkm*U4c+i=8if#DLvyr$9n8eXp`PcU3*xYqD;!>bIhA#;bo zZ7|I18SIJd5@s?T$zU38_p+Z2I(m_%=-eB4>Qbr0hQ0_ z(Q9JGlqrRCx<{Pr(W|IO&pyS`-n}A`9?@vj{Pyl$9EtSm*{dkfEN`~#jA4U=0h@!k zF)Y4^q{rL}?mrw@#ZHosb4DBQ`YiAIXFIIEG3TVVJ-d!7EiLcbGre{0dT-J(-es-4 z;}*?I03JB%FsV3?5zGe8!vm9wcR?sjDqe}T_@v^Oa$8DrYi>(vx{_;2 z$-Fkkl;X_;?_3J~loPS$A`QPngGt3)@6A(P60f(D&Y?7U_}Fn?=)=&p;P77jG?`pm zrGh4y#5&m2WTBGRlx>ZFJOj`%d;VJ99H(FwoBn?aBotfo$$jH90h zSQe@CJU_A!z?+6wFXAR4Y$CHGx>+Ne z#%2b@?1>3;H>Sj=QREDbsb+FRtTr>Ns2yp+6p86}%0uLfGbkcwI+0=vok=q@nDCMr z3mScI6suS%mS743(m*Vjn}8no-qCXt@X`X49MEIvuvfEmoi#IhT`9zF&&Q`ifF$@n z$s5xWSc)YHH{~6SE}MGicy6OX&Q(D_4+~PnOOet5=`jLoz;li}HVD~wi6;m;{glyt!E*4C2 zLoWyz+X{(u%m-6oCXLVp1!WPa1)VS}Zi2KY6JefH|EuuwX~&h`$(|6+5VV zJU19gKvo)z_-_Z1ojnD}{XnX>nXBxHy{js1Hy3ff=;q!Q=T#wQe zFh=$K*3mtKaU8#GR7;qV~pvt-Uo^=W_*hiaeQGdu6c4Yk%5fIjFsy1FM2HR}BAK^NGC2TTYUbAVuE5RBD=-rDA5rR0~b~)Cqy;@v$Yl}hd|iRB_HG7Sduw2?3^Lk75ykBN46I>*-X{q3h!H5VFW%Za2z%Qh zqdi{ea2xBv6Id9A*A;YkW2cT#BUmSL*)6{6ebF>%Fd%kL^o!KN+njTqM_k;6-4SEgo5fc^|NYoh zs5HiXm$Av*{SU$n!ji@GH+r2Aly5frNlKx|OGPr~yu{9+7)YE>I z_SBL77H-x)5Y`D_I-0m&m5(vZV?p~da>xt>mybpDyBp?3vC2<1e3oJMIjYWh!{vsj z8=h@=p5aA?uQ0sY@biX$OO|qY6Rc(OG3C4kf%_*GtP6(&_4waC@WE(Qqfj>=My*a%>Z2SI5N8 zSR;4+jUsn-Pndlv8un7d>_Jiaj|{uELQYg{XHHYGt&kwpO#tOGn(F}d~7s#=Qq=mUK+UmNHlMI^!jM&>Cw_# zG9$M{SFcNs<_}n1S{}`fM)ET8oBp@R;O&vxX!)dQ`GU++m|B(`88o1}ygV`}S~@rr zzv+ETXKpV&DY||`bbW4SIYM?%F1=$wq`bUzQ*`~^nMgzF&}g)GB-%f@v~v6Qu`NsQ zj-Eey`Jm{?TQ-*t&0M`;efgAVb?#~;dS-6Mp>ARH;s)1n-`0nF0NXj{E9)+P{Ri;t z&%sX?mi1WFp%3>$>~HkGj(`Y#xIMWRYT5;B@jl$ExGg1_X9)D+-o&+}WL_(x50{5J zybCGxQ^sMX8VvHAhH|WFNihw~MZXocI&pzWEFLWf>`aZX! zS2tK?uWmq1FF|bKYq8Z!J`={$9EaJH#%f}8M$r#en_ldNmbeW~Co6fFObt6H)<4Z%=da}pZO!T+ zCeWp=z>k0YLj3Z8O|M1Ivg?w*G+4V>R-eMEyZA|mLLLi<*TT)w^W;`qFvl$*iD27$GA&-^=E3D{o6du`D^OKhOo~s; zoX~Z0<&-c5-@)d?tA}fT94R%9MQyP9Bj(LJIjV+Boo)7Ky z0XS5u9jDEyTADV;X$Wu<4()bUr-3yAKAO@I7b<4qtKXu8p*a)Ybe#vuN*Iw?DHp`y z=`Pl>vVEFNgr6W+U<(;{%CFC#?~Iis_L8m88I5s@8}EK0#z{C#Y`IXp)L4;-S|C7)&qy za|ufb`0ySgQY@CagN;e9@#S_AP8^<5vuK5?^Y1#h)$)xDNpSZRh;0;lNEh(e&Z8bpVV05RpVVB$izM;ZEitpm6Z ze8thd)q?n`r}tVSaCPRNV5Q)Le-f&v%8(nvJ12&=({2`i!(o0&e&ZWKpfh$;(_SUK z?u5`?@r_m}H!vGz?22!k!hQbWvkE{|%ioa>L%&w<5&h)ScWIas_^RZdE^B!e3`!6= zKr|+Aru>Ep+9r8i8}b-F6NbF=WWBr*@_dh)9F2vYBfpndtU=RA@ga}*YLoYAVT&V} z{85b0i=Hxc89!PUU|19S*1YAr9%uOpFfecID*M7lE<8Y8G{dr z;N`9BF1=yVkf&Ri&mVP&ILrrNPSH(Zj?fGc`+Rhb@BTJBUt4%peAEjw|0Oq|852)Uocq?VQ?lJYHERy4K>aC>DCHHBcXyvX!qYy;f@zfR(H&D zKs~PE`rHIo_^3jwE{_uE6eCf3tZC4xGJXbI4*zd`Lpt&*6I&;_(BTaZFV!tH9;O8h zv;WNI6mJ){`Pv^q=V6d}*zrH<=>O&LpB#P*tmhC@uA66a*b8H6u@}a8*f(Z8{@l0^ zIi4|&C!8Bc1(9JtnaMfT@th8hJo6mSa>uj5@vw)?B^u4&#GZZYv!<^z)H^ ziKAcUFw>Zp?iU=s+Tj}=zS-gLIef3fKXmwEhaY$N7Y;M`WqEkn;lDVXp?=0|DR;Qa z;hqlnahPd6i_4mWVJ6=UAL}sFdPbk-@B)VyJM7n6Sbwm%%>Nm_%Hi-V$7^9DP=-yJ^q3V4m*lF#Wsn(~}r(Eyw6N$Fr;Yyr1K#cX+tNj6Y1~p$?CAc$~w# zs`HZ_&nXV?s?INPJc}J(;_z~Z*Ezi2;SCO7;qX?6uXT8^yI%(hvqpqrir+AE{9x`0 z>jPlg6_y3SjDM(CVD9ZFBi3*!e2V}&?aeuno)flpt-iwRB7LYZYkKfE2wxE~^HN`k z_+a5LMNB^&_B4zCKZG&1Z@^<;f4adVevGdtzCP^gzB4?SIcvte`Egso?$)~+>JL8P zz_8%8`#k~m3;;DGqb{=E#h!qgyB~S->PI^#58nFLFCY17?F$>t)gQ)>-@f4w%~K`}d+?2<{mAC=8_zv#@s{4}s<%y8b>)V2nN@Fhcx_6uHm7&D z+I16}uiS81_hi*Y%@>VYH(|rJ<_)jcZ`e}5dD^B?t2WoKo3?qvE1NoqYjgd!QLnt- zq4`oRq&2L%v}DyqxmC@Ls~*Z#b#H#SWWz)Cn=;MKjf(urmJW)zIkQ$3>8Y2uO=w=# zxT>jSTc)a;$Qw2^u6n!vm5Vx5b>FbAe)Tl%dFWYJIlF(4qO}jcyDii6<>uN^uMDfs z?Vme1v(J$BU2b@%s$x#VsTEaS2Uo1U``yX4>oS|FhjmU?<%+l6`oz`GZ+!iNVN+Cu z^*ip17!b-h{Tr*gRLoGgT|HY$lFt+sGvZsH`E2%5+M^HY4_E)0tMqT@L?^sNn9+LM zOnJ3ZHcTX~x6vwVy=|g=h4nUGXSLq8A7SNXpTbvMaw5Lsvc9P^5@M!&s(i(>gyVYK z82ssaTLp0ZD1{Xt15CG16w{@ZmK5J6r;KKnIZ^DdAhh30*fW3 zA}p@qtq6;2pf+J~EoJ}6G2@e>LFwApzL9@W*7#GDl&1@7P_wK#A@mO+J%pyHO;}J% zg~k=Tz<&w+am6l(RooZzaZ{93R*NgMSBR}dxO15;gLQMNSW*LEs?apg>~)>sAlbIe zL#8WinMqaJ*Rj|BVx$FcH~s9{N#?+t1kaUiKUja6gO=)llWd2x^4`qJ?dRedF-rdw zbi0K~=3uh%tSpUR(oVZa#t`**Wvbmd(Zf1^yJ<6&osYu3QQr2U&piT3cgkCx6KFR* z$&7=6aca#30R|=QmT0N(M96Hx?nv9;D0{Q&YCA+uC5RJof$1G zQ&{KD0vsLOg*pJ!c-f-C*}o9@d*Q(K8v(eg3GMoZ{_dAg6FtPbM3xd!tPo>6QHk+7 zF$f7U`YBzR?$nR(2=EkTrhkguP<=V8w=<6gS*|gLt_)M4bh};b&9d8MwH(02_>JFkjyI@6!9U%xXQ&b5KL6UqNdd{4tWo1OF_`R@Tp{xN}S0z=aHdXn_> zvL&*X^nWQprWZ*+C-Ay#W_C!rSoJ3)-3>s}`^Bo4loYQKUr8|^Eh_^iA8=ofEd`eD zBN=7sZW`7#TW$8K@SA;X%T8DXt$dFaPi>74g5naVcJbuB-E`jyYnv=xwwKqfhjwsY zF;}PSp*5AdPEHExm;yc;)M9lLLT6hR?c&xwO9<&|>!jU$i0Tqv1l!7L4^PmYb6(xN zUM_Yeg)dVltJPARusbc;I0=`wqbNCR5-esIacF%LCv*zQA2P=`Ss-r8Z~{)0HQC9U zY^*)?`LEs9S2d$NTZx!F4uqSDA4vab$D--RoUo2 z7`q<7jt=d9*$V9|=(8j&n&YKWR!p29$(AI`lZO6HK=N5CZy)&ugF%SZ&`1hB1-vHM zt)Tx(s(r+DDloYC=Md0Z$W3+-0my=%NQXeH#9RB&^ z$uPr!i}!YWT&+g?aO(d45L~^EiU%*^a*T;p#RxJTA*t)#3l>@P9_&=^PSmsqgT{vWiYY^5v<% z!{Ul^NjNufR&Y^D>o3bHszsb0h=W2x#{|58_)qgWj);1_(!hx%OI3Km8Cua+afut)l5jTi;a^XOrb(AOXwT?9XC_v)K<~9<5tVo z$4+@72;tTd|}`LTVG@C zC-nDH*x3EXO?R*U3A8f)nfGtnJ>!=6uvd7BCsvx9#B+sD% zrGF-a^%lc~%#ol*xyUP(HF?myyl=~MxQl3E40Ihi*(O1!h=4rmp2-U{Ao82}v)V`U zXvW}55eyTys7&A9b_rP6GKD#E(yzC!Ll;20l`)KRxm4ET2qt$aFb9an!Y-EI%Ujbg zo!>=X+ZcwtFUeXQ!Q?6AIfB72D$L8fUh-^zY5N$4yl=@`9Kqym5x>Jj9*u?FD!-Rk z-(TY?@sU5;7s8Ntk1TQOWij7UVyLH^0b&_sd%htOLVIGy_#PKQw;*rEi*H2USIGPG zq7lc;I`J`{G-F}E7QtUfw|!GSuA@r~<2tw|jc)Sh&>HP+&HD;zA=edGGDmX`IT3q^ zjttW3AX_2p<*n0mloQR2<>RKRl$xAKjnDnAB<;x0ar0wmSS(hrbDqdFH%clmC6k^N7Pgb3DItbQT3n&Toau z1N|oYrk2mFx(MSb1IKHr0b4mc+|OZ&%EuKsj}c)q8G9I3SDD8>9UkN`ZI|&M=VaAC@pW!g=w$aaZ_&kSKJG|E6O%88y_(q3scKCLO?{xSchaYhGVTT`c z_*sXabNFS4Uvv0Phv}2-dP`}eV!aCU&k=`p%7|HjGamX>!;EnZ4{(_N%;@aeG>mSB z;lmyNh{G&C8qY}%v(MP*(;a4g(&((E89v|P3mj$v(|A7T@D_)+I*e|H@!#k$E1yRH zp2H6~`~!!7;_%NLe#+se9e%;#-#Hxmmv~=ZcXZZWEk9KbcXXI@=#3}n4MsVk--&pj z;|cnNkskV>h(|h}BOMNXQ{-Xqo~3n?!z`2<{S1d$!!`N}hdGPe=odN6Qm@g&w`60w zLANmC@GaShSqwJ*2OSRmQRMllqq9P6{Ji5BX2IC-+YV=4yISTjOUlMSz+u*sjs78r zSuZyFaSos6FlWOX&*=`&b9jlvp%04J$Xc_-y~1IZo{fIJ!z?-*{a%MzbvF9X9d6yf z7!NDXhB*)3FbmLzIS<}2>(Pce58iMXyT+G6-l>evx;lNC8KWy|o`)f?(Rsf!+**#& zbB?EyO#!`C}}lf$<-%=^0K=i3h7eiNBfgzt`+aoP7HK27*X5ziEUEMmrJPey#Y@Usz9 ze}5bC3Ss(3ogy}1xKP5am;$I1mjrcj?Vm5GSVd|6dPja}?;kgbkad?fx++&lo#o_B6j(V_K0oucJ zU+No%<$~G09&9fjVD*W^hQKEDNL>x z)6x{BXKDXHFq`Uyau2gn8FZ_#ltI5DCshWWA(S4r-w4`rtTHV1%*e^$0iHmH)fnVw_@ z!bH2Cw55hl5^9&3ShQSEL#jB}{xOk@-z?D7jidGGw$H2I zg;Pil)hwV+1vyF)f~n@Bl8HF9-%_E$X_VdZI1eUFrIv&0XkX(hsve1vT=|r zDo&V}NKV2@MbX&>(@Fm-ZuRg>wHu&ZhhyU#C|jxHI~FH(Dba+qAW|SaH!X+|J|0=FQ=@{HFw&OR_Ab}w=&s-GdPSh zNco38sr!SUzmZb`s&&n;zEa|aM!SF+j(Pgx4(W)5y=cTIj1kH~(a+cpL(kz2yqLpe z!D_#P*%jYM6v|!R9Uo&We;vqclr>{{A1i`k!dB@zCduVG$g^F?Y+=i*V9*!keZh>$ zm?nZ@!hY)Hk#Cc?MA*yQCjVSVFt{kjkrT`S^^?~sko+;6H+gG>Ee?!)ljlc(Xe{hX z`3(~!rN?BGBN)6)Vg5QEl8(Uw$t2yjF^v1mK-l64CYu#02Z+YPu94r%J5&<|{X|0^ z-9KT-yHnQU2qt$Zz?ZXyeM@0pUZdnSiiSLf5+?7*!WKs`c|ieBJA%OnV;p!e&63C7 z8sv49HF>`fCXVIlK~<9ZCM1U86bSa_LeBVT#7ZQqg=U;ZZQmh+g9?flCZg=n=yIi0$yGR$%7AhJ!Gw1D06!z1(QMlGCw7pL4?jxt-0l6D-!5JC5%Q|fXx=#3mGx544Q5!08L-V0GiM>;+EvEZ0F zaAlM!_*d6CpgSuVV)+T-cUC%7$Nm;|sJN##d!#s23@2F~N z{N2DYtvW~V59Z}ohAATB54*17W5;~5#f8uE$x~_=5r*kE4D%!yrd=|;pTo4-MnA~m z4>^2{!xJ2y?C>cLpW*O)htF|%nZxTH-r(>ihqpNVC5J;_8_VhzNB^e7_d5K2haYzM zF^8XZ_&JAPcG$1izv1YAaoDdr&}UdVw|6+ylbHV=j^5j0=CCYogTuR8muIHS_$NDj zy2JAvUg5Cjl=5*yn-Du<+Ch^^Gi1+*V4m*lB>k}Q(*qc8Eyw6N$J5VYf9>cbFprI~ z^CIZIY+Z&RTbJQ6JTCI{eAv1SkD;y0@T}On4DGb7%W!>^4{51u&#%kmgl%1h_S@EF z_7S#qnSsK#F2i&7xhQ9-a8tze1-AZji10Te{ZQdMBBoFHUc~eX_eVTN_=geGN1&@f zJ|_wPJmM3D|0Cil!kEA1ITfUB_p#C8IB&mj)*hZ;G2-A6BldLO{vmFjZvJpNe%?NK zTm5ma#YUZL@y1zGG8MNzc=Zbx{H5sB>}QI*v@L$?n2}>@ADx&~We3&0GNyV;^+h~j z&H66*eWM=94R1cQ`nYDFqZoYTab%ZI}Gu{);cHT3hwP@;4tKzt2`BJs%qXa_;9}t$*}^He_7X=)2ctc<&K+99Ni~V z^#_(B#$4UFfAiq>PjAnq@y2Fe8Jc^#etYUGzjfQyPi%btg4fRq$5MnbuRrU3fGejm zMM>8j;<*&rVjh)COIBsp7k#!kc~%2do^SnU{;2;96`hAXCu>IQ5C1MXS~<8%B&|PO zgs-Sz_&yE&I%bZ~)OXYp$V!nrDLAaCw%78?ainxA zv2GK%DvgyrD=Af!iWSNE$=-Y^GDKB)XF7W}S>^(xu0@`eRf`b)ZfSbs&& zm5_K>ZdzBObmg8T-6j(Db_tnC!?=xIxdlo0M*S7NUXs$0r^4Lhl^+&+R5ktAQA=$B zNCzk=?`Q2XKC4-HFJUDG9{Zuxv_ zu_+Dd-jWo`GW~9dmYw>`JDtK!rsB*Ca3T(^ov1jW{m~H!6PrZOo4tj!7=^QcfG6M> zZ_9Nl-o7)*B%G9Yvge)DLT(rtCnw;PC~ z!Bep)sau}(YJxaHwmKhhelmRTUJ7l3%p=oTLBsbR-p^vz1&$^Pg;aJCtdL-i)IU1pN6w%a!BH{vSs4eITgK{@GzDx z$D3QOtHj4coo5jah6D*B#Dv15JQ5 zMTH0lLwRvQDkL24MY(QFx;TmN%PD1LO0f$l@F+N#UivQzs5m9)pNGKAnF0%CDOGwH zBt0bSjps*erYP*E`d9lfuhu~r=g!bQd0#v4duOt3!oK-)!a`sYc9yqiAy7Nrzg8KD zD+5DV3)I%~XBLN@=(gm@Ui@_7a3zb3ahG|Djfd^*DNdI$D>>gkdrshQ6Ot$jOPcBa z`*gp4`W0XHr6ZH2%2Yy8MQ>drd)&veA3vbsESd%smMsGc-x1EH8}R+Uep}dN!@j#P zNrw_n45-jpIg^Q}ySG?J_N$v=5tFshR%?*yZHV)7^Uj_-ZRX6Wi{?$6JGbR#a`P=* zH0Si$J6j~(=_+PeP|dGwhDFhNv*s?DBKO^QJD09Qh^TdDBti@$0;{g!{K$O6?ZgB3##U<-cA`vq}?( zTPj;8J6#sT`wN)y1@uqL7Rf@VVVy4vod#HSGGJ@&;Q3(7s&=#Ycy%=&;eYcYt4cE` z%Pr(KVR(bF+l$}&D0)%D&{t_3H&$*s0!+iI9SVrX6LeG8Bx#h3 zJo0Vw)(U%h8{~P8dLNC2T_C@gSEZY=ReZ>66T`^gWwI7WFgZt&KIRApuWQBET%wVR z6{ZW@D(us}sfW&f6))+wjbWtw@3JOaFqvJEBsoAd7RJ1=msgzI`8w-^;>pb3{ZNHgCz=`Kds~DuBg*}q_(nLtiEbxgnBcwJrS-{JEv!PoU&kgTO1`;o zJjaCL@7YS;V98q|x*3zlTB(nRnJXMLjJj&cvqvSft>t{j~W)N4!nm5<#{ce?r zyIW`Nr|0tIe5`^zM+(r=!SjFXtlaT}@$0O#g{-soEd+-%7xr!CAJNJ`u9e@`Wm}B+ zQiUYzGFuMLqO#I^j1A*xFiptTaH)ft&MA#{)G&29!yJN42ic6;Ta2nzo<0@7+OF5- zu8EkpC`t!9!;&Fj)maSK)_Erg!!up(iD2=N7jR|F&zwjnUtptegs!;v%e@J#xa1dH z8T0%Qbn#py_u+`i=XS98xh8OBysp*)J{ zqfGXY82|`X;~D;R76=;BeT}8uR&i=n>!U@M8{BrY4`~(=gdG+}>dx zKcmx+8LoABZ-@7Dn7-fmM>~9k!^b#G8)E#E9j4te`k4+dba<)5=R3T{;dKsQ;%zCl$ z%yF32ETglaW0(ai!&f={MTf6*m~~;}zs2EiI{dK1k2(Cb!`mHx&EY>e%u17`)!t$M zjO^{`evf&BqmOX-P=`O_u-|(=$GN{VGMSZo-gzM|K!vWK;ofdIU_!ANL6*ird;lhg|{UBk}IT|(xUCRy}*-%Z7(ow|Cb^U<5Suk_@@is95H&UVnjHG%>dM*AUD#>l!5gkTq-t2l zr03?O^T=fXs}DK%trHfGO(x#|`hq2+W|#iFydi9d4eusiH>DRMqoIz5jj-Ae%lL|S z_LF77`p>+n|4g0!ZpZJ8^ighN_mpgeX*rfymVh|=>@=`l~UFym}-`A0huiaE6e3G7cCa?3=uHp z>Bd(g9fB9V6WE&MsYrLhE*5N~&wb=z;tinka{Z-V1~qX*?3E%8k+<>%LhDB9{}_3z z$T4H~wwXy;Ex&RR4CmXe7rp(n`XehH!XI%u%+#L*yk9*CQ++7)3K3;_t$@}F4cdL| zRTe4=8VtIif`<=6wB8A8ItscZr^C=L)wYQHU`=U3*W-4<4&uU+i8zd+)2*+d$!P#i zsA@Z?A@Hs(H3S^0nbweT`lVEyRPREwR=u%(u0)YD8d1!uIZzE_ZG0;EEw2nE9%O`7SG3ng%J3=Asx zsnB|tgOhd@JW&DqZ~;zwk!P2?i-Z&mk91K$#VJAml(#qDPq$PQ4oKMLVzS@)_&?ZV z`VX?B)i>;6A$eE3S@jf$f@BLTn@Td;q{<3yY4}e!td@q2tSP-LzdoC8Z(SN!kXbt} z4ePGy3T?X1yRyY!)@@ zDPO~_*H4+~tx`DaD%?Ey@TYxAVLf()Xx>-_IZQ+_6#}y>zKu4Amj(5rMEbLDa!#I@^~Eo^xe+~a+!OC)cS_>o7xP2Lh=FK?UtywjO6xJU%c zD`5{w-X;YiPebIqyfwlWM=;q(PYUlZW-RPV5eyUdXYs9Z1cR3;%%?lErm$|ygKF3D z6=91bn4G7893UDCyGDL5uekHh*H7;hpT$AM=M_npoHrKsEm6F@0g~5EG|GkX3}Mv2 zAIn-C!Q@5-e9aLIKBzD+Z=~cg-;F#P8k6@6VdB)wVkWDSoNhwo2V#E{UE{mEEN!er z4#xOimQO)>^J{s0-Oq~_$YXK$RAr(*nX$09MDW)!NfX8PTv9%E9c^35>nmZ@Ni!yo zEec*wlBw?&q*>SD@2DcaNB7VIMGW%Q9eF zr{pCEIpgFW5-}YM{kq`!x&~WYTJ7*>9Ny&cmmK~o zSY?a(nyi)2J;Ju$MjvAMR}TNlVcHza!>-l~yX(O;p1xqca$p94V;(;0cnC8(ZH(bc zhpA&mr;Zt>Z8F@?VeY%psbhve?C?h&KFZblVGiCJI4u8_&#SYVs8vja% zKjrXxhc`IfbF(($!-UsIOj~_f#I)gzQIUU~@E0Rya_8EJY1glh zn7#w^k1!`bd)|C~*>3(&rn-0ct@H!;A66fx#B;l!6A$|abu%efKPQe)lj2WS|1zr? z?gwk%+Q0tV+8-6=4%txAP*pT?u!Ca@2qwArh-tvZRwNF&1 z^WW2ZWmfN%8TqZ%Rh@6SW&5g2R)2C%^zdz34Gk$-3e_(pfWc91&e zIMA{)*WH=x?Hmf|eaz|mIsB3xzXDwvC-1`!#t$;b&$ND<*1HrdZI`0Xx@7Ysdl1{Y zr2t)8yY%bN?QIDFmJV(apxOddD7GNcFkTa@^!E!4Cl{ih zY;mgvaa{-0%#7ltI6x7uk&TSmOHnK&!WCZZNQ zjsBOcCZt_rSWI}I--FF^cxCqdFwdXv2s=OQ1uG8p?-#5IYvu?1l5^=?kl8E?(MV7uVl*y+L;|7+fAnGq&DvqzJSGxP-$uR+d-B zI@xKm80g@7S?KokLw~>P3a%jbU~R#3{|l}!gaW3JWvsF8=`i$3)rI+8ZX$dPI_YQd z^KOJ;l;aIym{GFeEFPI%@li?0&+ho>Hd?1^6-Gh%>lo)S^trl@xpEn0l4rXPMv#_Q z!Q>HHpGPZ~(?vH7-xE$A`8Ij0guOgQ*S~NCgXhIKa)KG7dH$yrNd6d;n7sAE76(T5 zdUbOIgJE6*hG^bVL0)cwq8Vfi?60F=C(R*BCh4|~Vcg%FWi5_ivQdNP93UDCyFq?0 zZ+VxUuP@vyK8u5hTP2SN-i(EPR|GF_tK>C`M*dXf`Eq$&*y0E#&q&^rj$rU7F%CSz zX#C2!9eI9z;aT~KV|n^cnMPnHB!=PrT`Ru5G@nMJWdZw?pVh`g_m_i{1A zZ{}R_`RCHYvI4$b#%N5Qp%45bM}K4qSj zHS?d6$2^J|gSe_jdGkd3JzHPk{MUW+v09deBey7{|65<+ju#B;3p~4+jk2sS^a;N7 zuLBN>hc=Gban#@jU1=O!XP_P!=H-DkfltZ(Y{WUa)EVew<@N`M*W?u2I>UjHjy$l@ zkwx5TaxaM(IheoZngexsC^D6nejyKF>NowtKieLq&~L??em41!c$vc&I=sQ*I~@KV zm;#ZxSJu`dLi?&`9rJ5hTQ_*kVP3?H-p=7LmmK5vgC6BG=ZgHnlEHa^7WXj6Gb-{> z2TpT5w8gepXn~`j3y$*t&EfBY?V%vgktfvWhnL-fqci1Y>7MT}b4EtL++q5DqkqxiuQ`0H!=awUbpJm` zf5_oS9Dc&#ryLITC(8LRM}Ng(zji@iXZd7$(Qv3^QBIAcGc#vA108N~_yC9L|BZjF z!_yp| zexBuvBWC(%L&V1l^UT7-bFd|1riHGF_(b9BBj)+|dc@O&zZo&JP~VA|=it7GR|)?h z;!g=b67gE$pGJIpnij>)=bAdL|IBmx&v0{Z!|#mN8@?>BRtg$%ib@^}P8khTVZDJ7 zLqU(9#Tuu9T_~8@i-r(GW;0vsrj zn#k`158-9#>C>VjB`Gg{M*kISzkTQX@Ef9@I*89i@Tq!X0LIE$QEmRP@g8G5EUjl z!O%PrLCh8`n1<;CcLM2PKfV3Xk>HK@pP+~BUr!r6KISu2h9M~i?$oEBuS z;+@ZVp5wiAwd1=(8Y%hfDQ)K`O#jXkwSU`LQ=So+--UtOEk8&`1bA&C9 zV8T1t1%PNQ>^%7m6ZE<~8zT>ng`Fep(|ujVu0x{p^62d>j$rat$?E`!#=@?W-^;6NU$}3Ad3g+dEDj>>kUaFB%oyZ- z%ggI0A&sJuKgQyOQ4g34B~HC8rbYpDrDlNG2cv6zpU`-kCc}*JJt{(cT?s)KiEo54 z$u-g29VYm0@r?yUV|@Q9zrT((x(@ibjxI5b>)@K~84^siJ{aav!5EW=t0K#rdfoh- zh&@EHa^e0kwczEAS0W5a%$Pj$o9pR2&LR3x4D~X!vFl+I-T;e09h^Bd&9SN7-VB;n`+3vdl{KwONp@?=XqydjxMNg#I#kI4>~VL z3H>Y0vwfcHrNNQ8PS)P#zbb6=Y=1`YAzbJuA%Oy5lA@8TR^2)|vuaiG;I>M&>LRA(kUed3_26<**ghlw z$le2J#xoycJG%I%yz+I zl~>YkWcYB#XN!wzDlaW5ruOj>jn8BcP&oBW|C#WdeoiU#a9N{Bkmfor5?QkpJW`tL zn2E2b>}2^0a~+=}th{6tVdZ7l;49XrI&jLUn&Hd>`ccU_PX17X<2N+UBs~3w2BWTB zenVp^(RciY1~tCbH#B(8(vuD-hRhZ|R^Rd)8ng73j4vsSB5Su8rtk#~MvHtwqYp8- zrnW&Zv(H+=X1t3V6v&w4x4}0o`noFL?GF$s{es3p^6CtOOdVG|U7qT%3*fBAQimED+>CS4fJ{g>ElWZ~O520p@4#-z(VQQ)Y+ zv2%flO$B!RvDnL1i-Ht{9iIvdTB1o8Y7D^_1Zheru%tOs?vjp2h+*##|M)c1X~fcE zjzbEc+UPn@EN94ancV>0M)5aOe@XWX^;h(K3D?w(yV8yO=Ki>ENq5@1qJ>#<(v6}^ z#cTmFoKL!CI(Qiu%@^uH_?{O4<67BEzS&sNIk2oX8XF1$gIy$tR zpsPmzb)vrNKDlyA_)3R5lZK9H#&#@dv37FGt(^;Mv0aP<1=y~sW~&`}0jXQ6+1l!( z9E9}nYOs7IJ{bC~sQt=3slF6-7;Uhe|oDq;KKV5LbxdYS~QK)hDp? znO3gY3EXUczw0x7@eeq!)rzN$VPTp~9dM9(oaqsIaqQ?}&XBzUUOXpP|iYSOiD|Q!C z+%eAL`B7E&?>w)ZpU*C2FRuWstj(A)f5Fm3*E>VbP85Q7RQ~lJZ1B_f`6~anoyqPM z8yj3TEO}$I+ccPJcESf}8s*l>(tz@+3byu%ZsNUWw8I2;tB>5rTDJ!}zQ*}4sNZWh zi1IDwPo}4=Vf@#3Dx8zSO(cx>+Jj{Am&#(sr%wLgZunuMfHfKnW>Inm`%B)=zQ4e`xR*CTmHwxSh&&CN^ZEOQF!JhUF)MWw zZg2?zvA>C~@eNdFXspZ_-^(JzDXI{3wD?9Clia*$fjk!dQ{vO5BC5pd}w{-!O z1J}VVv~q5Je#j+aqWsL5ymA3AuUzYkR?fULm^{kdRo~<>$?IZ56lM@t)i-bMt4Z~E zBsO2p9fX;_^ztU@xy%oU6=w1TTNqE@acEIqlvIQ(2@&dMRCfpS1H3Edp06Q!=X^4`)T2{0)x(%MR18ab46mHl`c@J&xy9hdGbg(jD#aG>0`o zpXa#_9Lw__ho5&?`#keJ`#8+?SX!Y?h}X-d8l7>4VVViU^jn7abGY8&Fm8=9Kji2i zarj7wPjdL<4o`PDj3J}Ud5(UT!{9lq9K+8MjXTO4k7_&$e!=pKaQL?l|K8zH|Kl~j>F60(Pf8qS7T@ye&yMNq==~jLn&0?8S$JBcll~_n<{6zAaZZ?a4E}z?OC#P#cxA-&W84>bh6vkP`1I}E7wCrw zUls8Y!e5GbtS~2Kz{7avwup}r=Dt9mD13LsCkTH(;zr>gMf?fj$09yM_{oTQ)_)!G z0^#39OuPE$h*t_{)b5ei1;Tun1AM7)=ZINHv9s;35FQxm*9h+)@omC(hW$Olc82|r zg^!FpKNH6MwRP1CYth5PV)X9L-)T6gzTvD9k0`b$|=(Ut#Rw03K9)w!>%tFD?dy|%+ewM#G9JYm?@%!Yxvq-JDt@6|oW zHI7+*j)=)`n;Iu=bm@OnucK=2Z9m z<>2;D9~%R||ApVY-mocCm96WZyfs?u;93N)J1rT+06~%z(orGDRJ>J}>sR}9-G*Tk zlfmt(vIjS$;Y%7eT`=I*rFSoxui4Zo~js;(F%9WPgTtks+dnc zBkl=T_V2yn+~x&`H*7jr!@A6#V+|p44uU`A{WYbx9JqYI|{WsJ# zZ+bO%c*DdB5p(-DS8iT%cU6~xqpFHF>~s0%vo^iD>d0!v9(h7eu|K(a%H0F6-u!Cm z(aENUs;)`*k;%DNSN31Jamn3Es;G$4M=`FcHr8nsNp=9e$N~*Ght5m=-_Qr1wylKfZFN_*=<@M7R)^_;z z#^-N+;+d*$TL;wV8XI%7bB*&$s%mnx>$Uv>)rP9WDrR?W+jHHEn{VIri|0o@@E`9= z7o;N!_9KtzFn&yK^u%OP-Jt#Zf8mAFKfNn0$U=Qsa>1rs$JSnT(qZie(;@11<**)ieRa|;}>Trt;`6; zq9I>rvE@o9;W>p#m*5h7MI|@mD=OPtzJg8yLj>t0e44QGvgh#?m;4Z4aT!~Bf=b&xXAlN38*b$Efpf#Efp!V zSBND<`DeBqp%%S8TSth5X>Upqr^(adJNiqNB5olJr3hj)in)D3DPld|#q$;@6fqQA zhu8F%>2sc9(Q#BCi=bM(jKizxm{RXW^46eGQAbohN>sC03KhXOKvkidzAE+JEpLrB zv-CyGV2vMYbO=`Pa7J*A&OlEx{kXhK<*k054D3Bh-e2LR8%n*W=mI)YvW!SEnJHV8 zY$pb6S17C#sw&?Q=zO07CkS*w6{Aa3#pueQ;3N{%SzR-czn5xjjTAkC=UjQJ>C-c_ z$jW!+?Z|C^R-}<~Gn=xyj84o%y`Zp8==uCbpc{eRX>Rew92P5IljX^*{V7#kDr7FC6;e+2x=uV~?|VDV zp1acRVthf2&!)oAYSD!jZ`?xurO~6Tv{BAWbf-(iroxJ4*CI<7tK7+LF0lBZ&Qw@( z8)C*{3^}c!j5gl2vb0XKB*o*z5)^29^M=LsEGzbh2aCpYu z-&(kOvssatly@p(i+oW;lLDn(Lw5U6-y8!^Ym!qhgaQqvQb;4oF@sw4TnQzSl1VEh zoz(JnQS?qpfjwwosp|es6mQB8sr*nlhAkH~U)uQd_H)JiFY`ke@A&*nY<20iKW(1Eu zYy;rsu#6ZajE5A12*4L*QM|$3Y5~k`J!&4>wIXFIM46C+#Y!jmiWbac0`o~YpAB#-&JD84(3X_|yIChS6>ip4 zf3sTZFu|mv57FrVm2I3f+Z*%Q)*X@T)KtkiQno}2Ne%s)fMGb3OvXW=GP7wVAeA^7 z=YFG$Cm6(piMM1jPA^$i2b`Fv@dXJdx;%}y(ovqqi#r(J-v7FVV-ia>L%cMpYeM=_ zvZcw&;0IIqYXLillB>ucn#uk)IGuM@ClE zGDuJ`q;-{SCOH*{M6${GE1L?bomxn(p^4NGC*3j=R+J3O=bWWg^1!F4Bq^Bf`ls>X z8MH?l%rniys*4zD53TAZk1Q!bCa=^gaFC_H-H8j2iOEx|pc~bwjpntw!Trxweq1aZ=m-FR(y6xJw$=s59FxHcc}Rx#ftTcjI<`(0Ug z7YK$F^!fnzrr|i0U7!OfK-2fL!VH1did&!+o%t0vn4J|wCOL&-__{1N2KOFWk#QJE zW|QSBn*g+#qFdR(Zj#ACY*Ns3dy{)Q@shNz)vk}aeOw@&h{M;SJF0zL zmh=yQeKhD@nDp<{M8IU(4lM%f_wCaJmFH0*D~ZNmpISofDcv!SrCxaOPWB{3>RB|& zSxL?dbNZhj65A1hbs`SzrD^u^nUbIUoA4ebtIiFF0xC() z;mlYot5SLU$WMWhX!{mrA`zBx1-K$nfR)G&F)TlHBa$dn9RB&E`!#cuz}IDYwC*#a z+?QnEl%=}b^Uj^N%4n=qr0ufIdb}iSrdYhCvQ(O!teFwQG<}wFqvQH~-KF=jqV)Ug z|6&KxrfLDhhG^nIdID#jIcs75AcOQ!1C>nvP=jz&OG5c(r9<0B>ztYFIpOfwHsQZ0 zXu~cJy0ulh8JX2MyNJicZQu2P*_w5tT<;_=sMlp=(=7O!2NZ4c&K4Lst|jbV!JzN*PyJ8oKW; zj$Sl$O*a=gWg$09LyptW^>qxK^U=u7ekg8Y7yy+(dD>>CSdv;zUIOq?H z=uP8JoxfmlL0LH*s}c2Rc2tKx_w+NTBJ6*?^7HA77opre<9%yD#~a|z@%1{@`qTH73*;$ocCS=P>l~du!TQb&TsEu3g8O z!j@OTWQ;N}0uYUr%jxnPCTM&Af{s1;HhHUry}ad;*V{7d!k8NN@!qh&G{jfF9<;M4u%ep+*Am!`|gnO(=t!WIV+!}M_G z0MS?&lOSGRFI9|wqH!JVV;I+QudKxpOeRX+CO|Y6#{0IHH&XIw3z1hH!;ts5ti=&b zUX;9Mt2{33C&FIdl0!9TAOi94Uty*GHy&$WvDH@+fmxtjT)4>h(4u3Nwi7iYr-Dmn64{NLz2^+(B5?w}rgn{q$}x zni-R4esewj|8&W@;|0T6(L8Gy+Cp^6Yg2Fdr`#J_`F&j^d~B=m<68M=wDO4Ti#pM~Jrg-Vjf&LBpHk~KYc zW;IMs&e2t6lMD}ujGFDdPP>}Y#PUGEHK3VQ!u=)!O*!1C73!AP!*mU*jmrPe5Y`Xf_L6^+W%B9UWU45|W-v27nsh?oe z)qfkh;)XVia!`KM{Oc4C@x=RxmH|BU9fw5B*!jwcDF<{x;bENnZLs8U|G}2e2O^!i z0JiI5{*}0lsh^5GIq`rk?jItZ`U0+ub>=PTid!SMhteip>Jiwky$-r~xTnWQ%vhTR z1?Y^&&vo=QV9B8lg6+QiTclGT!Ipn{|EhZy7~)|6mG&m=r+Z^M^B-~eM28!}x?h-? z!ln<*^KLr)YaHgR8I#HEyYbK#7{1xz?>c-hIH*6Rda%Y%9Wpxg)9BAQ`fnYbnONf~ zQ=Ktf1&;E&IC@`)>m5Ga;W6MC_gF`#ZX5knN1qLj<@QOi#J_ z##n|~LpMybZn&SrVQirEFhgaHhq)rdhdDgT;js>nbNDoer#noaZ8GOM%s9>H=nELW z(BX?5W~^X5S2(=I;jIqe;_x>ezSH6FIlRr`ha7&)VZYDiX-D7g@b4Uc)!}y>E}|Wa z>}aM)iK)4I>mw>kW27kEgTRdbC5LZx_-2Q{i^C{B+x70}@Cb(wbvX2oF|BcqezL=-IeezW3mv||;m{{WnU_2I zl@6n1Z27#wVKlXke!s&HIsAyjKX>>)9Ddf}=Nx|7;ny5~%i(t&ZtMEfYKMC`+}mN4 z%Ps#64v%p7P=`P2@KFwrcX*P+r#Rf`@FyHT!(sH>Ek7$AM$z5qmplAd4kJ{*GIK0^5B@VB2_)`vF;qWGhw>o^S!{2cD zc88lCzR%$wI{dK1PdNOP!_PbXlEeS)@EZ=JzHQ~8rS&{!XN1vf9UkcLV26i0Ji_6T z4v%s8Xort;c(TK%I6TAQPdLn`4a?_w4zF=|ox>X){+z>G9Ny~iR~`PE!|V>RbnkKa zL5F|j@Z%2u!r>Pj{++{YB{BIKO~e~!6N%w24)=Dr&SCbN82Vc;aeQO-{A)xR<%l~ zPZ;JUEzit9@=k5W=xW;YJQ9<~RSt(a=NOlHMvI$sxSzuV9A>`H_?hD~Jlx@t4v%qo zti%2tlX+f~bBe=_4$pLWfy0X(UgGd_hu1m0-r*tcU4VJpnph^hTNxe`v4%Lw$0FvQ zjE|UdW&RC*)~-&8m^G;B5%caoCt{|H&y1L|UmWoeVdjgGL%FVs_z>Z>5g#hd`xiW; zg)fVkGTs#Nk-}e$_$XoCzu>35nS%x&E6iFM7+vshMa(<>T@jxtd{4y7gqeSa|Fgo6 zN4!CpcP{9ggn8!zUnTrX#McS)o&}w?+aitI!8Zx>&ISIuaCOAD3iHkd{SM(=#CHkv zo(26r;r$~1p)l`R(0?S%oD}#8;SWdrlrZy3(3#i&Sj5|f$4C5<@QD$>Da`v9{Jh^! zkGPGlV@|}(rJorwb%*ya_zx9c7V$@gS4Dh`@Y;wc39pZMs_cZfNsS5{2TrA8yBs`_UAB|Yb zf637iQ(q=T+(DRkF8I;vo)Izi<@AWD3-cpJgPA!=_^AskB0frZO~ky5GbafTbzxJ) zGliQXW)0-Jh*_(;G2)AbZ;hDE5w}OoTHBowv*v~QYoEQ~+to?PSN<`LvWDk6?AysT zj?VLJ{97Ep-r;XL-0bi}4)g4p9G)@5uQ>d+!{w?I#?#5+oWuJ$%=2daw9kfVlMT}j z8>a0wOnYlMJ+tD>#X9@7<(U-+=5h`7_4V%mzypWlYdCO34zv3+D|*%F0(IZ%7g=p< zeP#vUOPHYVB|P}dTlY8LSNr5oUby>>TPt3D<)!L@nZIO@YM3}N(Gdg7e>AABDtk=3 z)6aV3sSe6{v-VUS+EHgfl)d=EprK1gy)bQH?b7PW4I^q7cFs)is9s>fIjdjmo*7U* z`K&k3?O8Ye+|>iC7cAJ`WfK_J%v( zyz}BaZ&|f{^~B`0PDQIb7d5`SdcnHY*K|+bTzAX&M%}RPJL^_$-G0r)%x#^r*L2P{ z-nn|g4XamOI_f(&ym-UKH*8hJDao^)idT0oZhV=Dx78HCxNhssqrS85hBRXK=>0FL zQ-n)SxMa*Fn}7a|lGkc75B&1o@9$r>R+HSHX?s}PO_^8vRu3Az@4!tHJ~m}j!^e)g zty6MY=Y*s-ufC=x^PSB%Y`*xSRU5WnHZkeBzeMR|g%bviIcUq{14d1*-FMxHX{&PE z2c4jRCDnDuC#$CwPpLh(SJ4sQes@)KWAno$nx_-oj z0h#78R5lfFt4}`caIV4tZf7*Cl^5$CC;H|CL$vip;nNSF$)*P^g!^9{c#AXl$j$H& zVn&Al^iO9iFxRRx5&DXtvlZwmbhg65@)gcj_#$EDC9Ev#Y=s-~6_+rM(Af%15r?xC zPKKN*A1i;!IHHHITb7(eczU+NEZ_v%i&B610S|9k{_umc{NV@Xg~Ja@{mBb2!r$WL zh1H^PG(tNifTSl%KyA>&v zcA|OM3o>UgoVRfg3dmOL7Gi2fG3FtYBznS_=dUexZ(e@HD)RVi|lY7(?ud?$$+Ci@U z->o)_YmTb0KfK&;7O!Z%S)6_4VfQ#&$t&%HsM=Fr_@-)$FRHS+oYdl;@pdhDg}45k zL+efA)wW5z#&&b7MBOIwPPR$hf5^c$gm-lt!o!~UZYG3X-rdu0xW?fpM-8ka{oQe}#IO&ock19>x3=z_Y z9dJ^y8^<}Z#LJs%bOCO2-u@!-&Z8}c z#>FE_M%W#QOO@3|(lNM8WwXh`l}&&u#nZO+F{KT?n!xn3ArQa|oCSgx$Yw%Qq?j82 z%ks362=1%0DnlI9F|)~{?;WBIAsb75mC2z{HfUh{3eJ6f&Yq8DGfI zWMicu(qd$HelP`6_`EMAs;_O(QZ-rW%0CjnMd7l-@TqX6CyJC_JSdpf7ymg?wdwFC zId=s3@%!ccIHmqZ&PxHFTquyqtqbJ9aN(0FgYhX;lwk0l+>&&e0!S>AeEb$UB&Otl zD2K!{$;mIsAu+cTk_3?MNVJZ;N9i%a;gz~Xie}ojsHnm8(!bg>nY1ql@m!dpyXYaC zlcfu%`5z)n$#d__Pz|{Tigu=pPq>%2pOX1k-6NQe#b@Ylystfiy?6edjdb_jU6pKp z(>}BN!X82GExWU_f=y|e?EUGk!SMYJ(QmhXdg5e9T8Umh*^4H6xw>fESe%{P*;?0-wP=04-6>qw4#+0JJ6Qo z(Mq=d1zOn77-J~wt>W%X-uYxX#x==>&5j>Lo=FLtEraC0NB+*|R)y4x@})69Y=-O{ z{y!NvL+Ta;u5Nr7JD~S2@0IzDkcG1FX_>t9LMj!pGEi+YA;q^>1k$I{N)gh^il(}n zy*S;(SsM7FolDReA!P`Grxb+RRqk?|L}^#5n?P2j93uKxYLcXk+HhJ91+Ae(}4Swu7% z2LyK`tAcTvVMh@VP*73OxZo>BFzz8gK#g&Y7-JUWn+!$`CYos8EShMdiAgkzFWEI3 z`G244I`^I#K*;*fYf_(Ex1Kt6`t(*^U0qdO9pzzIk{CI+Uv6pWQy-~~TqiyuGB^DL zBil`iW&iTmUF9u?NhduMv%B;;i8PLIsea=n&WuxtBqjAP{YYCmXC+)JJe zYWs19*tS8KysF3{Ky+qrmg2@FHFT3#h&{I3?5z-cdwq1ZgmxRrahA4B?Cmwl-ec0m zUaOeKab7KN%LtPJWqPP^0>h8C(A%V)JlYPXOS?hr*L$g|oQq_W^|py=toI&yvn@=1 zUX>&{AUaFCLve5KcXh@5!sC-2moJHJ8BDa&PL2nnv$Tg5_x8G~#JE#3wvR%??0r*g z%LtQ`WiRg*v^4r@oH%KcJ;v!^uR}~@f9b1XnY=vizuM~CCuT%(5Km3t>$R!b`8#sI zkzVXd6={sD^mtq{XQoR9#-z=W9{I_frEQnM??=!6>2=6{C~FsvOKl5#3uSMu8B=KX ztU$J;0kVf4_ISczT^tvVxywe$cG>H0MwDhqsO(#Czw4~)L&Ci!vE!^ocX&r`vNnEb zVX2}$CkklmA@ZMh_!xyeq4Ew74z_oAxR0R2&3{2;^5)x-sZik2q2h34WGW6k z*&;tf;hf0FX}MLf*2Ol$_FfPV+{oEp*yM`-UEdetdKrREZ5w4d_nUvGcZYt#{&F*s zBR?2-a_q;W^KB9vUos3G-D_}%IX=$uG{>R8E$Y*^Vau+7<2KOlV)9+Rcl1f8^I2Hu z4)+DPb;@6LI$>ORT<>#E|Bp_;QU#)|x3gpaPSH>&9|_0x(vHtD;W|3j>9icfjSklW z;|6S9eysM{(GJI8mD6E-fUWBjj=u)Sp z(~iIG_<6@KJN}7ddiTuE8;&d7HOSZ#(`oNGlp%3ndOLYP$CMkkEMt<4=?OIUWk`dQ zGxo%E<~v^Gm@z4)bAjVa9Q(56YA0Xk*uMwD7#6eX-vjaGl7A26L8t$)<1ad-Z(duQ>jNh9p090X~*Q$CXMwtSl|JU2RY6=X3U8#Tkm+REFxyUj5vJ}mDKhsKdNYu7Z=F zz|V@?ME;hzOXTm0>mq+o%=L@@kHiN={)yPe6#h(1+Y36ci6=$ozI|%s-->M<;oIVQ zQO>iDjU(ha=)5TB9{!=o)c3BA+(*p2Tda%w_NK`DiEX^#2=PNvK2rRp$cKoZjLfz8 zjmSre`S=4ixfXeM3mz}#-7WYe@oSM!7XNQ#uF*e4X1wX2BhM6y`-}ox+xQ;F5FQr-!wE|7-kWBBW&rWT7a_IAQZ$0r^?HRM)%)B*4L;j{u zOvW#*>-<#dz)ugncH4Jrt6L5HagVz%>5<&~+3K?6+iIj(J-wUey;_+Ha}Z>34xB zYt2#il(NljYf5$cR0dz2*pmD#5M%r*Ms!uC$%*K&$$+}SAv*|HZy zP;r-n;`p_;2rHG(2r9-Al$I?IK?RqlhOtq?%gPxFO1ZOT!|1hAF8Y!%daZOJ7)Gy^ zT`WvTk+Bn*^+zk)mCuw2z?C;Da)KgtM5f2c35ryNN1t94!kLpQZzl+mMWQMV(h89e zDbi}N{tiPrJIVBA-ybHT(PRBs_-P_DW+a*ZB+(Ai>QF&X#2TM92ViSQ_SZ8rg~O;E|u=q8prJ;j|Zg%&E()PHbfl5C*TRG@zjhj%{ClTKDc5oKgo z^G5q_;L(d`s>5>OkhzVEXD(}8tlr@zi$)C_IdaCrvkZqUUAS=mk|E2N&RVdfasTpTSr}@tg7xXu2>SlZZ_&s(3*rLJtc6*D!{3fw*ER=QIJ`--K7Bjl)5C_$ zUATB@u9q&s#Jr`6qYp|6@Dj$#K^4o|a2#`P5GG-trU= zeIrj-h~t(Dx0OeSf=M|cuwCWoyj!RG(pk%wCWB`-E^SN(PhYYm865h?kq&NtI@5%i zv!bJ3|2vN)-2`c!RZA)I9+YnWNq-G#S1wEd+fpuTiWGuiL`!ITwKLNaCQ2J zL$RQ6S9<-G#_`^r-cada&#%|cm&BnjgOJ)vu^d;Qu}<_Ml68x6(yHZoKDBKXhQ4p~ z%$W_UN5&ydnX5s7J+{T{og()3wkiHWCorU4*4t~4J)VKF$8j)wbH%odFtl;s0YqnM z7btE_(yz06_H+WnbCu@TJD^szV(GHp)-jFaa+SO-BTSCbLOCEhOS@cgZ*RP+M13T~ z9@i6T*yDa}%LtP*lu!diXKA-6?(Hp=J=KoT|>g8L7C}SKyGR zr>3%!a0Gn1GL3U3VW!EVpd@@X+s8YH`w9}uruJ;Vd&n(Ljhf!=si)FEJ5ymU@*;)9 zBTrX2Ei(7Avm$e^!*$T%;0STPU}cTqGx0ES{aD*0=g!(i>l_b=%=sP~nWKb>|7(4+ z3)tp(iqCO;zT?XruXRj&oGrTv)_K8wT;7h`=fu{B__$-Pd6Ux?W_Dh2{JPV5%Q1z3 zt*cbbx;Ve#`GS)ow>LVG2RR<m2uWJjik0@j;GR zx7j(t@g&DQ6`BrhyT;^uf;V9lz)}oa?ykt4{uF$G>;{wqu_MXuGiWc68j+G3B-C(57iT&~X?i5VwamP1B(j z#F(~A<8Zyl8yDq?$thDT{|gIp${o`Q`7^F-fNau+iKAb`m^N0J68_-Gtg}8cmo3|d z4*Bu8$lQ}AMy52L8o87Bw8->#(0j6M5dhnTx81aFGij%ek}4?V(af9zvJu}at}B5<#rz@_t)Ja zPJWc*$&T&TGjryiwXY66V8pQe9=5OcO9n(0xW z^xm|ncdlkM7fO@1F4OzeO!?e|x4TDgn_qjzCB3^QtPJOr5a&fz_K9pPH%ZTRV5%)X~GbCTGk#xc9`)$r}@n$R*c4@y;##t1)=g zgz;Z!8u%+#c-y9=tbW_J2ad1WxAD-n$L_yzdv4m6)a1<O3jd3B`q2sl0LmDw@+^K zl-!|Z)uq$6#Esq3df2up`SIHt#&6H%PbfQhM0NXZ+sj5P&u`DyAD-W~tzqiu`t3FO z?fHS{9NMa1+;N4bezl3P0@+s0keWA-sOudRQj{_duY`hTdY{;K@=$@%fCYsQan z*t|MF{`9g{*Oa|9CBLe7UXryNMsK{oY|Nx&eD9iDZjo%@vVp_rJhFM}gtg#wXC=ip^d{0O%jnHf8#*@& zwV_{5th9nI+3*hd`G_->yvwFFYw`3QaEhn+4mdrq@g4BeTcuG^Ub;>}rGLTuD-u-s z7rZNvoSbA^m!Mek2NLy;cN(qI+u|v;IzP#F3o1$FxCu%2x7ncHSL;JPjiR1XE4^I) z`=F9k9zSJjlKpwAPcK%w?o`0Ck+f_|No!1Ja{S}!|W}6vfr*5ePbaE4_{0 zxz61t$V_glH^+OA7E+?MJv+(lgP|qz+y;^w_B?$fyY?={xkZKYalaR|ZSA>zUn`$< z2!~0)Nzd%p{$&N+W7|_9YbVu?RG>)g^b7sQG#1j#v>^~_brb{`0glc-w# z2M1oR^ec$yt@i^jQ_5S4bYZc~p_IN;wYOc?6rxWk%4_cL=johL6kX~`3(+1bG~3SA zP9Mg84kp%^kFnVy79;D3sIw&K-A_aZCq$kmGDA(V^_X~x*itEmSSw}lt{kK^+U4T~ z9HEqMzC5G~Yw@ht7mG1w^4msNXk0yyD4^(y_@;#x9ScL~CM=khR13)Pb&WvG3* z;ABBN5<8)_K(W0zMO0CzD$Kr-4d>@#CCJs1`KYpT>&skzpSGYqcljqUN0pW765CT( z30KSBs|8m`)b^}pN#;7XQg2x6b$exp5F1Twxus1ewxAGYYUr^2$IISEEt}aeOtyNl z{bAd$mO?uca%_9pZd9L`h@g?;qS9;BnHE;2g6}YZkLP-Q0DH} znr#UWeCf_9De6W-lyFdOsF*m?3gkIvg9a z#Mo3PlTUg-uju`XHU!b6(si3xmIsqMKR;0#6D^X1R_MQ3YEoXxWmH~zl{EGN`;60H zS=Tf5kHx+~-}U@)-6Z{P(O>pQVJ-u#_T`f7%hlJH+>rEdBt4z$pk>-$(5c5{1lkPW zw^wcx6jb!nDk^uJ`9R$f#hDLU#V)+EFtp{{ z>DTLPioJu%j4h`*Q2ljihin%WetyaV6?N8$*l9#m=)B9$$}Y{jBfA!(DlJkw8P&VH z7dIrUt?gk`BIsPZc@_3@Td32tw@tIqiw#xoWOH1jFhQU?qpL%nxK6Jh$>AyrBto^$$OZw|GyNJ0n zYSsmUx}9qwW?#B!$t6k8f{hTvjM9Q*o8!JmN!TtnSvzbZwg;1%N5L$Yrg4u}b!%nV#aoVHYFH zWh|QR_LPvMKWZrB<@wG#Azcp2LIgL-mn7$|+yLB{%5AZu1>XoF4tH=T>c3H5R|^5_ z(joZtN`T^4asrC@AQuNm=HA(IpOU{nU^=?Y|UkPH{)g^eA1L8sflwB}LQZpsMibWDVn+}? zC(qO$wq%{+hsnFr01*|Qs^pxc*E!)!-9!%zTBj2nDqp4QcnbmSl@;_4)k@Nj#z~l-I@*tPNVrEZ^FyIiMWPOlXA; zQlhE$l9t*eT^+PfzFxuY0m;3=?Lx#+)T|+1D-{*WOe#t{WIBW`&N1tIELbb7^GiEh zw2#)M8o69)_~)-a5|_HU3IXNSAbE;SbI7aYt-v-pd4fhd8pHa_bKW@HG<)Jmtxb4jn4H;0_eFkhZ?xLE!i`Q`E#$X_IXvAj9cZz-pC`))RDd2I0r z#M%FdJSWs|52u84aJT$}@}H6ay!<2boCtI8rt_%NL%%*Q2sI&Il-bay%YMuQ># zUV~!()rR1xDK8Ac*@LgPtMh-}f;sxKd&uW;WKNE;H@f8F%qZat;hNIokubeV$*4FK zhv7O$GNeY6Ts(Px7`+q5)oAn%lV^mFg~zcy>7*H{PMH2Aj^qiWdKko-$=Il%12ZLU zf~_UtKVbzWZNrG1bgWNF80C`*pA9bwv$gCMBr^l|3`?csgu-@fR8Xg|C&lqYHbRIU zNVhCZZ&Ki*W;!ORJg!j_c<6|vsmvr}jKo{Wgin#DYY*R9FC2w*S=O5#snmjvThchC zD9^@OYdDVSG&8B>qWGzEEM(bJot3vr5$YUVW8Z22wLA2ZfA|8dN%O_hup^zqE~FFb zEDMJ#%y}Zsk6%#Sa_K)4zxSRnyUl|apc=5WKo=G$9I2S9y$n?RvV7RqC<|L1_?@Dm z;tVbyEST(Dpi>Ier$9TC9a%_?dlXi4Z`l8U#TCY*7o=Yg;?i`ZH;4T!&4!d_N8l3| zkPCGvR)^__bW+nY|Tj{}Q#oIz&C;b><~pT9VnIqzIG?+hJj#$-uT z&&<^3wH#v>ij-yp%XTrI?Vmh$tT1M+xH(}|-HxN%b{tg~2HW|ud;i#hXg%Y7iqPM} zY;YR&1?n7x!{vL+A0ki54A;x!D$^kR+p=R7V_8BRI`C2Q$f;1{ki(D3W0ShU^^vJR zb&PEH(y*?FeyFi1><8Oy`!PrC?X6YZ zvZb(KW4dGHt7PvLg&Y^Q+w5H~wtW|d`P?~v=4_iTmcW>_nfqwIafR4xC2#g_5_@~! z%If_xwP%^Lw2w&O?Y$~{Go^<;&X?J{U2Mw;lO}C^iENs)w9iUlOxl;VQJw8%yEGoH z{d$kvR}Iv%$$IHDvGsn%Eh9{xuc4>5=xkk&O62X07?u`K*sG0c?9cb*Z5g53SkqPp z7-wnU5qo=!WN)o98TLBFH0*^jF$&Gy++Hm_Zb7s6niQN^6VzF%5fvl4qH` zJZ^}ZMmL%f#X)?T{s>L)8_J~0S_Nl%G(+&XXYSY18)XrN=;3k#W8(XEOYm$%VcaWecV$JM!I27St#7byuEMLsfj{zbGCgJx6sRX92@8@vb}!Kh`S3=1{n+3 zHX5#1m@Slwsc`pW13A(~S5mN+%Kq}Pf#k%ZD+zDm`ncbFwqKdaxsot4wJ2cD8t+PU zMwOj|qpWPN5^$hX;Ji?^Fh`sgZ*#;8V-Z7@uW*lcW7Z2d<`z{^YLBi4DpQ;t8?U0G zr|{i$j;eh_opqWH)sIZv0ror-cb}#e#z0mn2x7lj_$0 zL>=}Ow(oiWFv{6w*uG`1Xu`LZ*iP)iEE|p$8zvWyRos5AX&Z}`gQe3)A>PJn4uG{i zxIywAA`f-UaYoJ+$L%G<%}*|zyU^>Nmiw8=nc}Fgv#AAy>~7?sCWf&+$Eu zH^XgG{m=v%Z8Fx&~4I{dCj0!s*=LbojQ7t@lpHpLF_7PX2YrFF5{%z1AGmR;s_);OKDPA7cJGupq? z>EGvcKI7zD;JE#dJDum9PWWbL+)f6bn0{Mbi^jtok8|AUcpV(`;bzCrIHqK<>s_lV zFuP=OOc>JvY~0)NzK-{I%>B~z>m48E_&CSmc~0AhJ4xP_ZE!r(@e;?Oyp7AQbn*{5 z4&`msxxvZrbNqng&pCd?@&7pfuH&~IQ@OV7Z|As!?_;ANZI%X7~+2@;c#xoqxam+X8OlPszs2!gj_-5KFhaA> zH*SoX%fG*it}Dz<7kQi03HQn-Z(duQ>jt<86-r==d$ijO{f0Z5?-Z9KP)xk6WFS_jSxjP_q-h?H%=xbn;^z zGtSfWPjk$OPm?cpe6i!p9AD@7Cdc9a9=G8(C;z15PdR49sIB*_j-Pe>ZO8up{<@RX zq+oVR9W&0<$Nam;X2lZS6$NBiMfk_Q<%o@ecT%JVGGEV%GI z8})lCZqFv9nZ8a@f%S-6;P8Cv?L@|oEt_-P$8jEx>mA{kXJL~c;<(=NSjVAG743vN zRphBo=M={cj%PX!&#-aXrB1%w@e0SQ9j|e`*70?YH#)xE@tuzEb-dZ}ryYOJ@gt6# z96#px8OPsp{G8(#9KY)LmyWkN{+;7D9KY>2)C1%3RDW;boYpv|-Nw#!SI0da=N$KO zoOe9J@hHcKIIed**6~q}k8>Q_CF1s<;^YmEXF8tinBhCNUyB?sb-W6W*UP1jS38|G zjt_D=4>|eaVvRcvj=Hh&36XWXD!ikI+G$bFuCe{-Q$$c7hO5O(BGV5>+Y54@fmTND zBfcy$L$atFqccdnF7goZjgg0msT-q1`{HepM~Ux>e6aYw$cKo(1jpk~9T;X`z80CX z?b*n*htZycPEYZRk!g4Tab&icIxsre|KG@C#lMeyw3xavIupbh)xqG&;)=+$S+wnZsW{AS zDESrQDN(*g{K3dKiyI?v5s-!EPn`BP%*%q;tu_^QZH zh}T8lD!wuD*Tf%-{IvMC$dp6WtFiMP@%@o0haQUjqL_9kbY2#3iTpG1S0evP{B-2s zivK6_AH>f`rX2cVYWXiB-A}wlw97#9_Wf$uAani*lZ=Y0E;Nk*a(P1HM{(XymoxVr?~2kxQk-w`WMZXdSBId2qDilea&}~e2DQ?M^cN>t7a!z#+-Lvuaz!> zY;uQ^{~2Sg-+cnYSfI?%A!zYEN(~6qDCZJ(qAct+^AA$VWER47v?gElOF4{d)kx2; zmW83SnUc?@W0y1G6M>mHp7ty0XDBlz4~J9@uGJA}F%HpB^|!03`21MQ!Vc^>VzX$u z**MHXGf9{2YPpUX`$A9y>_Csc%c9rC$?=sK36^mL}vwE zz2e3st*=g>zbN^26^As5(ta<6=2i>p+zJdQO787Fr-gZ*#~xJ?(y%u}-j)%D=giLo z(OKHLiW`$OT{-i|QHQ|N&KCRi_Eaq*r$pB4$0}a#mJuf7bii{!bY|~j#l5{l+NFKr z*kk)`KW-7*GQwn*>~VZ_yK81|l~zJEz?^NL#Vz#m9mnMPRP6gLA@28pxZiW)TyaHL((Fi+&Q=#)Nyyng z&XFp*9mnXg=S5c%=J)XN4#kLQXY=>P;Y;D>P?)c;aI0>9tHjt}JLjHGZ()oUdu3xP zIETjM4`a@+jj5=E-DUtlCH*cdWeWQi8)*p8jXV*8U%^qj=hXiB9C-JN-9d<#QZWP}3o9Hpywms2Z!-C~!D#aU1$N`5?!6 z#|JuopW`u(k8nK2aX6lFU1vCXIEGQqlay`eI>#Fw-|qM!$DeoHOghr?5qyMoNec>_JuZz#j|FfGh^1CwNZ>b;DC|2 z;CA0eQO}NPr_;L80FB4)nQY(Qe0H?_3-|>6kpf?zM}n9(Z!on2E`+vM-i& zzOHguhvcot-kPMz%EnI~edL2fw*9_#;Pm~=2OhfZgxs`R?P!zQ*lWM?P{Y8(^6y`j z8?<)J#za$c4IJM8BY(WSeW;@~O=%i9Yrm(q&92?{RP7mu9$!6h@U+@_8C&+NU$4&g zJ|)xR@wu7x>!&~QPQ#0ZeBXi`}bndNuDR+u%%1SAPt}gj-DU)!8SAofM(#p`jl36U|@(w34`5}SGFGNrV;T!NaX^>=2}tp#e=^EXp}N&ENfuk@#7wd`^& z>b2~zwtkPBeD-8cox{4N-@$0{^$b007v{yGVW&7D4Kv-eZr231!+B+MG0@%pu*_Q@P>tYHcAnCE#fUr>9baPo`3Wknx+f zAxRis!_ce^y@a8(PfjH;-R6^(P^H)8BLv~Do}5m=8flxFyaBpHUbATsn33Y=I#_a4 zP?(JFq7?NX9NTb!yf%m6F!?G?Q5>fvVF5C*QVGbSE>*GMSVNtBS+caOUJOErLJ}qjx_3Q)T&V`fAU=$7ep6H6gqq5^sy4rA?pr z*y*P}Z2p08EQ_sf_Kgo(-73Oc`{#ugxJu0gpoZVT=Y;?2D&Cl18vd(eD_z=Fm;QHD zD&Ob`uWqY@3>B5}*>b%#PitQ5FmFJ%Dkru#v-J))D(QRKfmWgwW%lm+%FxmmS_3r$ zLGrHcdhr_|=g-pDGz#x($A^OSFxhJ{&0f~tMSEVOz3uIr1q(;}FKF%KJ?QYp_>N79 zdU0pQqVwXXKME#Uz_$wSs=cz{&Ju7PkE;$H>2>{kT&h`@uHbe#{ozwhF^D(IG%|=;0dWjft<&vq6JG z?6KWuZ@JjpV@y+%6BsUu%P0u$1=)K^iP)odVD>H*+cGG=q5JM@Ky;RNqvFOSy{rTI zEhjL%R%w1e9?=6LFFL2Szi zlW)tO&wrLi&EDJFDtkOPV^62BVDIZWzfOBBzv?uW3Pj}ZQu9A zER&bVeWOC}HkuK|LHti*XnG&4+Id^(>(Y~ng1b<9)alF>ObZIE#D}CuellliZ%N>f zOCQy(xenP6j*sm}n-=!|TlVHF-JIEDY>l^qvo!kZq_m;$tGv`~I)6Cv-t>D1IQbl`C6wuZ~WXHBuzlGTMdq!ND!@0lw+b109 zqALkkijR}ii*EPdKH+9pbX3Q@D@i*0sJ363*0~+uckW(zljCvF0gOF>faJ|*ef2g@D}G<&D4Z_$4?VtDigh|2p}bPX3OQQ?8lKP!>izU7Wm+<9*?{os8)- zW}KbzRdBR(r(>M>Ug!|kO$&1yuryo=6I9i2OWRb@fRIG>iAj5-*)_hm~?X-@=4Sg;N-&{GbYrQ9pm^2$23Zs4&yqFXF8tim@%8C!+36E z#$y^^;+S?$lW%f-m*e{!f7mK>};`W)Oq<+z&2l{p2zxu8G7n;UA zT3X$AddK9F$KK(yE;npibY5=JqE{AAO(rU*mee;aS~upg>`4!QKX>=q#V03iwsCCK zPqbZis})IgCe)R~s`Pi9{M+*6Q~hUttp5xTD4YZiq&fAUd|0f0k7Eh4WzU45;sOP` z>OWzJ)PFKF1Qp*)gWd$0%4rHpd%)>8z&|C7y(ec0GgQ9A)@9beDbiTf%w9ldV#R3$ zdyVFQQl)*(Td|~)DG$?+dsC0D4eDT;hMfgC3PSw{M`@7SI5A2>A(9P|QWJ$!V3C~Q0C~2B z!|xp#$=otsu>XFavR<4P4>NR-`F!tt%$0L8Y;Y zT8++{iZ#eq6h1~BMv(^D1)vxbi@$rLbDT?b$F|*FG%FWcd5gnDXDmENExtjY zreAwh3OoL{w+%0zp>K~b9pZ}G8UI$_n$GF^A$Jh=k*B2O3Z>2ga{-eM+vUb(|8C8} zyZ@$inr)kX68b;il;)@woUZ5K`s<(Lty^_)>HRuJ6qw%7$ecGEdUn2uTj4s$G4jW% z)AQaf%F&Z(hi^)+k}M~0&g_koz?igGwJ`M@?6ECo?-a3Zt1#KfpA#5ztMK;v=(&&g zxUk1@Fne>GFCOMbq^@Aj>`_%PCT*}XGct3QMmvUI@6xtO(j*z{<$2Q9dzILh5r+5j zazJ#JcDdr--UvO2_K^&G+NFX$x`J&PVe+K5ZvYUTrBOBV_NL0-QIcU#Sg=Qx#+DI= zZ)o#QnK{GzB=Gh&%E(&DuvZ(?$Om7PXBq0TIOaQ=XhswV@lVFk^uDNiF=d81)BC0b zR6WhTBt35J=FIdf5*U-#RhfzXHD_r*l)&#tzNUCwc-|+C{a~N$8WJWAviB<>Ie3tF|t`zg?Z2^1*a?KiZhKE!r<|ya#Q}yU#GT502bQO#c~jt_j{3fOBHz zU4Z+Er$^?|X?|qNS>8cLXSDd-$Xru6+n!x*zdtW|r_cS~mZc)CiT%?Ci(D=@^nhVQ zhaWT|KT<6dL-V{FTlgP2azrk7!0exuiqVW7(?9n{or1a;sixSe>t5UDGf(KYdD)8&WoK%D~~vZhlS; z71^DR1?3o+8z;C?$BOf<|4g`N&l8eYIKk%BUO_vUS{gM8%5j6;wa; z4s93GDl1kKD=nkFQZLW8O#{w|tn^hZtTg@FYAG2a{n~0N?RV+dR?Fh+wAZkbr}Ss9 z(;`S;rwtTdr-hP=f%?nr6P(sCJdDs_7PcKd}XcL>}L(DU|k==R9Wyw%MYf z&1d!3_8$E)h*Yj!>80WSdPQr%zrHEuuX=koqpNN=@9(^dw39#*)cYb<$NXO?o-q$>`vyOJOjZd|usHlvvEb0!Tb|dNV-nGQ zis1?k${bH~>?W(s$x}dj=k*@Q zU}rD=|1;i8{#W`26t{`caAgB9bvO%cSjt~wHO;j6=#$#8(vLo+FFA)#4XNPFN~-p# zK*g{06hHS9z6ljl!zYR~q@QKB#8;z3VVGtZ=BYuRI#ID% zYga=L{qV$CrQMT{-R$i3XV*TJ94P|JX0u zaOK&kNUln*T0-tLz2zxoa8$Eku4m+Sl_LM!n!7mp{|AOQE?T^B5&OEQjzU)DR%qv8 znY3O8rH(XQojlAv1Gg)^{z~Iu?@n*1bXu<0PL`6w2_ziknD`rN)8WL^#=%L(Q_nk6 z-nLa3`Vn(LbXLHRQQVlMnsz&H>k7{raan@(^7LbxGvsFK?Hwn3w=0qD<2cy%%@W%( z!Z6>}cYx?DZMovcB(>3j+~@>`)ZqMjx9MSLwXO=*OP$TuyIO3^2ovV0&H>R`+J_YP z_Li&K(MK}u`L-^OgDoRWp4LJGfaomkM#a6o^|E)AWZ2UoDs12VVp~R-{9X$^R3Hn_XX(?0MtmZp*ZguK^#Q_leu80JXBe?y)}1am!f zQb$=tAv(C1<&B9?k{i=a|NRuupak36qb?-p_&P%pRdmd%-p7 zWaT96E{Po%WsM!$x?a+C#QMycJ&RlD<^PUtUE%ph2ZOSy(AJgS#a*o+J-)PUjg}r& zMVN95_n)?{BspKl!P>blbG+8^(~iFj>los`FK=x(uZyj1>n+Evlu=F2L#i>4-^K^P z@q{v7#^e(mH#nXL$8BIN4BJ43;}WN%XhDbT+VokCG3A{x<&`l*6^#2h9^jY7VGh!SPJT+(%4*nd6HbU*dR;<8bcc@!^@u?A+$~9><}qkNTf+@`oL7 zas0SrnkCHs^NwG3{1eB&biB>+n~wkNxRi4mx2@7~$V*Yq+=!;LkK_K1X%aD=F^)qX zi*}|sd6-)@%0u3ZOk0ZCq3_3-78K(TJJxNkFoz!Hz3J%oQn+@61-Z|wy0sMK+sN?Hq!iQGv%IWo3Si%cDqv3uzAxNYs5IkAl|>nG-2 z0(7_rZ-`9$!N$lm2iy^vGWg!eqs5yeA1=n(_U~$c{q>l4`q;H)X(wHJ)&^F!XY{-M_OxmP&^z0BJoteP>^ir2Up{Pu4x!A$h*`t*2hgR1IxAUhZ;a&MP z*;0zI^j&#DR#wR~`p^7A|CxvM$BFY!ZKuN(SF7g=f^6AMA*i@jL9y*rH4inKhJ3EJ z(^(^5*|r8SoTf*r31X!+|2qH^dAOz0l0GBf5*lk`HC~u zzIl{js(dAx=2!AndO!U_{ZGo|t9VIWqE@Bnh5uLe-x{o*puduzmbJld8zgNos#Wgs z8|Q!dh_5c%V%O@ZXl3!G@hbN&d11&`>$I7%y5;-gYL`4()#Kp0v(?E&0y7aIRoKZ2_rfcN!7A}(#!*5&^sSzE`)6I zaV77vCCxY3j9xrbEfEWc%xzpeb6Ml!Swm(mSu|?c$dNM^o@F>>>B5EcmkilqGQS-J z^A^mQf6mNVe2+MNvm?E#OW-c_`gvFaRHpMz?v-eSo zD`}=$h!lr$1x>c3*dnx>_AWbyg@&WJ0ZSL2PQj@cgWr=c_F85qRE{n zIvvyxLOngE5$Ei9d!rQh&dxY@F*uYI3U{S9PHCL!-RYemotEphoT8+{wjbjd`Muf? z%4PP0W57PLA7{whwhGlX(!86)js>@9WAt8-y#|HYW4q1X3bD7hS@CiwFyuMI+dD)x zf>BDuUaOeK_N|t;WrWFR6!|0&ouz$LabuEZ>eBj9)FH668^nISOZ8y(oMfz*E6?^L zJhLcn?q{->vxq{ocZb;9JFX^eGsB)t7wmn>Eh9`SbfTqNaAxmeNxZ#9QtB!h_N*<3 z;}WVt3e9zqy>@0qLc^!U-rj22TQ3>*xQE;R{y@w!d3jtvC7f(V6bJFI#nALtmF>LE z>^IW$ZDzMh&*yzJ9iF+QYwml}3ng9@nBI29{eJY(!QeQs9~>Xsk6JBY%SfF3NcN5b zqO&x;%FxVSUiQ$#9wl+&r;P%tS6Xwc~60=80X>P8kHjeR*Jj>W|)}h~_4Q{?N z-B4Rdq1khyfL^|18=T)lw$~pi;yMV?3W~uwq=12a){k3g=bu1fC*?`EL;USSpq6~kpk9oU_ zeT>K9nz-)@l3S5iLHdS?=yWRYyot;~@yyV#7=byV@|Fw&28kXhjm(?`P$`p1NIImAMV837n!%7ZVjGC^4trE3N4Smv*7E3z?U0y&a%@>%6m!rt;4G)IuCE?FTAj_nV3lH%w!+n3#sUaL=S6#jkuW6GNU zhNIMCf&aIRQma&}+(lJ2I%DZ5HMQ;q%F@CYNjke7krrG3O43h!>@Xs&*buivYhUxm zxHxpJjV|4++axX8J} zDSvR3DR8Mg@_Kn3@^@?H)0B0y7B|ix%%e&?$GdCWGqv|}vtH9lTOR^)=OrNe1NN$HzvMF4=9MY%*eo)@F zRhTT7&jHbyjT03&Ch0oaBi~`KLY_42oh9$>-K04Es^$#mO5p81BYX6xVvpL8**i~c z%Lv1Jnok1JS=t)KjY;A=gf}^X;T1~r>s_UG8pgP>Ubf%XyIyR|2$O4+kOQK#v>O%o z_A2#&)JHPx@knp>Hj8Z;VRF9`YJli0jdntBZ;dxH zWzfNmmAyL^Vz0ft+53i=WvFQ28dR6#-4k;l{(CVry*qUBdz(^BL+{7(4!XJsxDL!&+BOONarve8gY(6Hbct!i=~K346iq5+Y%&m?rTtlPZ|@D+Ll1l1 zVjA|8Jqp*PFgZo`=uk9gNT_U7a9wrs>m}rgfXW{0;{1`f?HU&*yst}j)STI~xP@N6 zV|$%nGxq%&i2FSyP6<$SyZ>ehtr1}6VlI}!QF zn7uP5ui5yqI+%sz2FRPv5XU1OAL{s6#}gg%xNUYC9M5sQ!0|bb&v$&8FtkaoJ(Wqy3R$?DOEn)3n){=(y4G8E{;7ftY3c zYuOJu9YqT|TqUMYJ~7rMTHtWLqD`)C)9K?loV%!Vu#<=9+9)6A?e!>Z%07-FfBL+ons_U1irw8i z#v@0K7{$oBJsCT99p$oatL!VKb8Lq_Y`Z!V89z6)_2Hc#Y}cqtN!c00bNg(p?sjNd zzM&yMJGVUBu&`|H?ELsk6>nIyB){m~n$}}i&8}HAJYU_lVM@ODqi@eH{pM&L(}v&Y z`!wZm&DS5EufMw{cXxi{{bd_-GLmnYUZejp8@D&~X==DOUw=ft{^pw8&H1$(${GfY zUR&SL&^w>&Q=|XtKje;R$}QCr`G#dR^~>^$R+i<)j^szgN{4^0WRk zAJuUpkmFFkfZc*JgbWY4gW zKfKI6ugy}u&>fo1FGynyoa9h^Nj_8;+eo1glAp`BQ&U=q)UdY{dO7(_zYi*F)KV^S z@@mNdd&{>au|30kiFLSMF&3dL$i9)Sy+h$pCCJrqu=f_smCp?LFU%bjm#ZBjVCA(8 zygoxd>4zcHQ6&^pFZ1TACqpii&lD7 zZkvBsNFRnSO!n7Br= zpB|<7ed&pu8G7T=W_&1&g-<3Dkdbz5-zRgb<(`1@Rv!%_;KD6QmS#2poNLL8<|a!} zaNOBwnI{Z2uw)VoQ9+emf^>^6Q1ic;@GbdL2zN)b@x!p-l%1)viZSw8wd50iAmvg8 z!I92#-n`qas1??>k0QL7-fKxxcS7F{M9GV4{wH8RT&iNhnJr7o@3+B{Sc2WwjEyFu zDAqL~SJ=R2!+bbdo#nAQOrGP;UYYahTvj=G+c<9b=1kA_flcx0w(P!=vmUAq=$OMM zX{?_#mi61AXtV9UH5}ob{&zXXmod1$UHNYq=ld`7wtTU|^VfAn@RgyJe8VVx>0KWZ zD$SI9@qD@8T5J6<0!(yWgq>Bo%D44*No;$NEju6T9Od@|Ks7Bs8E;vtm zWXcT67Q)x%d&^Vu;aCQ)Qiz;#9~W#6UUJ@9OB?kn{F0@M({Qd)i*5>cIQF2o!fU^m zJ1u(XKyp0GIihkDns%~?TTwq!?Dc$sj9xq^p|FKZ5X$XJj{=$X>`w1E>9kz0WdJ1= zw(m&C$Zyv(0PF54&m$iD!LtPq0Jg2dz&(4 z{W)>H91mOX-D0yXOn#;ekprT$w2v$9?LDW;VIRrZ531&7?~7tvMwnFSpnVRA&eA@w zxVQJV?6Du%qbWNx*@}!PGP~`i(;0sb3aQbp}~yA zG@`Gz(0jbq&igEWEj{vuxt~dIltmPp=@Nl4$-PwZ_1BxFy`waLTpGIXyw9Shg}wf= zM?N)Y_UL!;_U6l;g{W+3;3(|^Xvf8h96j(-E| zTE%U5@>*S_wysWa)ae7qb?xtXnA3TmlaGbtHXr45COe%5r^7ohwyq^kXNBX-9A5)R z`yYYhcK$!7!@ijgdDj?K<93cI*G&G8=x-VC>{FK7x=wZ6=y9>@1P{*vP_JN}yEZ#e#rsX)MNHmNY}c%?AoqEa zd%EdU&oXXl$K*Mu)5q}u$AcVGZ?R=ZIHt~F@NypPzvMbuAh{awSvtD_F*>cf!_7T*||bH#vIY>p9cip+f( z_mA%TnmKF6SqtN92)pb18aj0N@R92I+LOMowY2D}Ldkx+zOR+-w>h1itD{HE|tzDhJGSg#O zkKV0k_wSx9e{%cQOpn)_>PBxHR+}51J1Em{aJ$ZTzf)Z`cj&2A)m`?lD&MkwYTfG0 zO|_%SR^>{!KJeV8SJ%C9@j+GXx8!&HCena#oYTLfly}npvb=@@Yx0b2Db>a`nGcsR zBrVD7k5K=aaP2Gz5j}XtOh;6GXY^C6*J}u|Y#FmgtMBXt#fp7rT+Zq{8$?=V1rMF- zJ3F3OX$6n33Jyh>sXS4!(&;RmelMv9@$sW2D5X5NZnTXOl$Vu$LP5nK{gstoqyNg- zu?CksqrdRNg?ic$B$a7LSxDSYV(2I%S`|9VpjM%yELA`J`0+`0VA_vGUqAW-OH4nd zq%!RsLs~)~5=y@f>%(YDtwQHmYSho1d^!5@HIrag%l^EuY)VP%P&Fy^g>lj{>j&t( zRMSPqdBIiF1fALI7U4koHsK3Vdz~lDOs-~@5tcYk(YDjinVn=tZW1n&Z%4tEIS@sP z(3%ewqM4K1%_A~uwEn3gwAE*(4q`KZB+qkT(pGP*jAc>oqHWKOk;OzBXJ~WAp}kJg zc60QXIbyV;Ul7&i1Z}4$nd4BXRNiYpLGS?5#^Oe?#47x$knLL2fc=_!9C45P_6V;KR^^yRsT2j0GPJdri zOpS~zb(K6vL`#JwUS!diB=|K;kP?>Yto6!uBY!+B-~!4_zlg0lOrm`O>LhG(dsFCg zbd+@cl+>H#x5}$~vD23o9-5l$PHsZZEhjU*(*<#vPG<`)!R{=<4MDjhtN(%YUP5>F zo20V(2LM+8xS*EAuxesGSoJUDxzpLIpI3rhPgeb!;0^iA?6B$slz+mij|N!vse<6j zN(T!oI5U59|0Vauiu6Suy)o2swrqP*D0E-8@_m`DchPZ4Mx zQfBoWO`oNG#Z1u}7nO2t+OgT*UP&Gl3rHgfVcJ(RBMMQbm zX=>|ftx@dm1v+Ogs?*lfE!{etiL~uWuMqWCl0&Hjt8WaTg5&gGZ z1lev^i_$&v+Hd^_XM5oL&5=DWU!~U+dMyu~=Ly6_Qflg}j62!1PHmYm1d zfp5u|E6UcvtftxG$Z*B=74vOTc6O@d^omB@j`Wm*Zg6sTPe{v@AkrT-w6@v;yT0ub z@abGE!{xKmGe>^CSe~rIu{G!AZ6 zO}|O-sJ!J2liLaUg#?@obDX1s%O4aPt_qJfcti_sp zUk77P=H%Zy%#c4l%v!d0_@5re2qa+!vtB{c7{(Ozt!kyg0v82&n7yo|L*R3R1^Xst ziFC46ZS|i@Rt5{%V4);fPWd7yzbK@pHp4dn((hR6A8V<+w5m1?WOz6XWYExtCu|Ue zB#e^Cgw3n1suM2^3)Y7JW5fTMVbz_&N}CUnc=PR9%O`|rm#Sn@;8hR05AzjqCWC=6gr617L0FFZbVQ6mA z@VmT4`cEE>p)Cm`D+&|G6$gp1k;PFNJHFVu!x#)bR54;hv&SEP_`$gWGZrsgvV`dZ z_y53=xuJuH8u4y8c#oZ!R&>}lu6@GA3bK$3CB&D zJnr=4j-EVj;^^Zh9hz@7dd$&>4y6xB&WdnCS4I`SXONSe!k(~JzPCJuH?C41Hu)HY za>(KL$)itY1cw|xO+G9CeRo6DE!BBwZpiNUFnU{lAOTwL3G#lXv%20UdsTi+_vvX z$H+H!EB5!R=n8t(3g^k&whEI~iW~w&XZB_)ZcGyWrozJ>u zgh{_P+7C*D=*-?ziu>(bJs?SbCq4GJeN4mNi}EZ(!Grs0yL390G?u23{;Is!o1zl0 zw<*Om(tj;azA(2;dOq)?gKIhN<9_Ldf-Frg9G7<#_xrJ8V0ymT4>dIu&RhCG9T!&c zS=nnUMho^@j{8_Gd+1?LmrB8&7B5_r!ep5a+MbO2sPCHW(YTLQT3HUm(b;jaxP@N+ zpK%|Y@uKtNJ}3(d<30+Nq#dhbgS9wgI(Q;GEbdT$Go?JoToMw zTY+;5i6f^hKQ=P&|Gv|C#qn!S=QmFNXE<(uMwKaB zFW+afbJI?Tip}93Iv_9`1CGb3DQ6PjULEIh{F9=S(;rlVwilLr&)k zG3(u`^aGsc+f-az8TmW0Y#0yp!Xej&qI&I3DD9xMRko*t$X|NIbTOJ2}0srgM_x(;QEC zOvkM0pX>NS#}_+pS?1fa>z&R<$DeR~kK->m{*vP-9DmhuxOc?;{kD_8;5ghzRIdAO%Ue#7a|;cWX-?YM*EE{^wh+}rWKj>8zqxGs9G&3?V(BOQnPQPiL0`} z_oJwDrjyfoZT7?cDC&gql98`;I`nay{%wx$cKk`l;eHhDJnH06I)2(QUE^l|WykcC zoBa2V-*(JHh3SO*QCx3#C*Rlc{*LJ=w`E5=9`AUv;}1GM-SHWY7dWPq-RxiPm_B!t z-{P3wc9TEknC^CyKj}E!YvTUC=;W_E4)>a_SV}Bo{m)w?}>i87L4UT6zp6htN<3)~_I$rL0h2vF@FLk`y@fydwy0>n0 zI=4H%)A7BIH#?@c%#Oq796#cCtK+8}KjZjYj$d;8isM%u|I+arj^B2ixbnQzacK95 zd9S0B@5y*i?yZckBug_w2c`;VV?U{jO^Naj;txjFD^p2h5a}R(xaRBg8f)^eFLdQGTrWuE;#I+#i{I{ZQl+ z#oU*%IZeDJGI{(fk!h5FI&!1cI&#Hy=H;m=IR=!hx^5&*(vvbeXU+b}2m*}Y#t;Zhok*m&W`rO9xw>Hf#eQM1CJyuUYGdXrp>rpyMO={;o zd*ABkCTwkdb@UsWb}w|gK#rgD{n z(mb4w+r3O!66d_3vq6J(InQyhE?J@SM*XFq$77E&>rd3-(D2#JUYiufRi%SkuMtvC zRuu=e9Q)+%x*tm1E0Q)d^~V;q)mQgclxkpLg9N36%Fw9U#2@x$>9707USY{^D&F9-5^D!Rx?PErP>rf$k*0=kgr`~tYnz^ z<&bXL7xxLip6paIkzjtnQwTz)(-6Ul8x$!xZV?(rM_>xg#}MX%!ejzdm|Un|N0V`F^BBFUn zQszG$l#>qSNyo~hpFB*5!f1h@pAO&QKOO$EGK|7miDeafnUeD~>qtsv42cP{pc%>Z zmW6Gp4*$01;+UUwyMlbTA5d&D>P2H|2G0nSmfN%)g^5YtW$?>Rrv9)AOu}fBbWRf+ zvr?E1q*=dF9JA7Fb$+H0pCQ@k!UXGc7cO3!W8-WbOJPjRKY2{fKX&{Kw`3flF5iN) zxlDRVLS7{#9le}<@94)U#36^f%9D1oJa=-~%80P8cbVfP3{hz@(Mft`C3`&BB^mr) z9_XTjnUm*4P=Ufx4-5x3#EL~Z2ftXXtKhClYY%%#&hn&H%Tpur_6||pJJN86%EKzj zg4>ne;YwwDcBgl|bXu<0G72lOZ9mE}@>8@Q4GP&0j)CpRY_V;tFpQq{+i3P0<1*;r z9&z^AZnL*s?Cot+e1Q`fE{V%12(D+XM)E3=?PH9Z*}GJ1%b<8#HXWo5<18)IGgDFc z=Ut(COZ@-XdlNV>iZlPezjF@^$8g_#XFvfXI2sX=#QmH7ZQRsr zdg|RzJ^gfbb#--p>uRTWjo7XU#jP6SK)W&LrT$>&y;JNCPd=-FtYqda>{bc9y$4#Q zV`8vJTY}jOeH(VL{3{et<@U|q{qYzJdP(-CXa{>rqMW@SitQL-@}TVPb^^mE<1y&q zhNyOOrUJ32+GEb%&%_*Kar&w<$xJg6!`OYTfnK?8K82MzblCXe5StA{P=DzS3Y7lK znHJ<&L7$Z#`N^Dx{Ye6!&guntD(WUPviF%mE6Hm7V^DCD&Xcw_xknC`gNVXD@^JA&*<61>E~8%oD6mui!xk3 zzekJ@i#$yJ=*U_5<0A87=VuV(ZMZwIeWy|QiH~XNk4?q1v3$z=Py3jb&0He|xZKyZ zS)0;*V(X`P6uH`Ra4%>x{-xu09q(~W+n?#vu4kNu<9QEp^21;fU#{B8kB8&q82WSL zvFMqc{9%j2`d*!oQdh^^mbu=ro1&7tDkBM%o_|HugOx1;<-@xzgM4xWrm`Te8Fl;1y&JVE>) zktxq#jyzrbtH?9Ozm7ahjQfAlJ|ElC7tT1q^*jb0ao}y~d~=3OLE1NLOAn$3|5|L@ z`r>mt3g6sT`p%Otf3Rgz=Iy+D@^3C^)45>SGhM5Xt9dc6EPqtxuHofhuDP`~Ux~Lh zNuGVQ=GpA-Mc%AFkQlcYRIcr+YUY+USNMWha-WdM`G;^q}PAvM<-% z#Z#pN%Zku@vFXa9PII3+V|9=6cMFqq?m4E@yHmz)o%-0DG~_SYloVC(u39%DGrxbf zchgA~vvp=WeqzPKjeC;9>iP4x>|WA*R{46JSA&AGtFl+j?D+HzL+<|C%qO~ZdM{~H zojkp%chf2Tx6Xf>mw-;)m-#8Zn^p~>LrD82?>zDHj_2Ok_WqU@+p5*#&ok=RweP8Y zbHzF&ZSSv6*XhVF;AhYm3sz^Y%u{>+BdT2T?CXE#75&eU*-zC*<=33r`@beTYN@CD zPVN2Q3|{eN^6J|AzlX4-@C-CdihsafL80OE%Hiu?GzPUs{f^%^e^w!!u)6CH_~Dkrxt!i6zV!+RFX2D{(1On zk6aUa1yIE`3B3Yc)(MBP8+rx0TqxuP)I^J2bm16c)^rvovKW4pT}p{`cL%%c*{$Hn zVWMVQMn3G&huJK2E>x~p7+sFdLKi|e4E5D+(+4=RdyRG(MAQ5(L5H|y20o_1@~zr^ zL1E?mYGY)kRyo&N7J`PC3|VTXzKc^i(~)|P zTHGU8ksg)5ASnvk61C>VyIyhzGeu$Rxlz_B)z4cYy*DKLruOL+je0G3q1CfFu4F}0 zMweFyvtLxe$k-C1(S|5|HXhOzXv>ASrD#jDSl)$&M5Qfvs4a)IkuCFlY7q|kYy%-1HjRD*Jub*QK>MG;SzkZ>#9XTyRDjbcAa zSU`d$?Zf)_e4n-~*D0d!)7I;I@#{tCmBo4yZh;85#yx92gjMeS5)O5%+}Cx+v~-;@ zt*o=AwT07j(pvp@iA1bEkXI8Hd+D;2C(PTfd*Db5IzMm+DUPx^-PX3XcjCP$<;NS&{)C!{TaG zaMXN4)v<2b2;SVowKdkH!BaadN-9?*oi-pCqpgVvS0;xa)M*1E9+L7PMs|4j$~34} zVl3|?NYdaq6Tjh_XzBg*Jl%@>9~3?hP$O~UoLE8xM538RK(Pwi7PGqZbds$QWU*_# zSL{Nt#c)5tI$3Zh>p$116${}4jQ;Zf$eQ0)cB zyTqS3HGSG668}n@zE2R;^pEm2z1FkpuJtS*N>E#yw^N*}*?mWRFZA-L~*xq?PMwxs>R~|1m-+S`+ z-<@YoE7UcoDOEq#9RDtK< z^`93z?$k+_>&k;o2b*cfTz=@JD-Ioo#i7G+QJC$XPOdKslHwp)8oTq-?m_;q3h^|X ze3~E=&YLN1EnX2;6(|Z_i$O=#sf@mTKs;KxuE8`O)+vaUz3t{PpTAVK>`W%MP0c-j zPVMyRlNZgcoiitiOZqmLbg$$;f7*;7_*c3s|A+epbN!L^=jhL!JR@B>IsGa^ysCwZX3d_tIGH{Lsn()HvB{4=*vdV0{@PUh{dZ4Jj#>7Adnt1Ve7ZX;vr16zW|1}=sc(0heS1fB zbd0=Aje;ZOch<)7=#^5Z3;zYgqKt`X+0 zgP*Z>O~}XVI(EzFI*7Af$6~R?RT$Q29RfsWHh5bb6Es|P_9^nQN4(A6rDAXII_*4> zCt-9JwnqEj-fgmXo%FEBk94z_R;c2^^3GJiiDpFmhPOLL`wl&t%&#+NdK)G1=N+W# z(Rv9uZ<83t{r#3UJ4TqitBcG6(OKBN+V}RJ?XvH_O8N}#7)-QKn|V(lItzP5``+Gv z$=(Rbh+laOBYrPwvtxwGVA&hHk97X2!o0m98a*)}rgO^}hP^kmVXsOX?#jk$ZgD37 z+1`u3>7ArRtCY-~>3t{xKSa#UlincPk#D9M^J`4-9nw=$=bVMnH07^jent8mk}j0C zgmE3AA3?skugl&gwji(J$g&E?zzWHAMkG@Loc%94F9n){CG}!lfvAM!d zY7kz(0$#69VsFe?GpiS7wU_#J%Y~C^I*t{eG;diyD0w}jJb)wr8WX3C%50pnQj$^m zh~vslezust()ZWBmDbhYq!&A4Vq5ufWph`ryX#8u)BE ziktqzd-3nBPj|lJZGELn9ItSEnd7@1lV|K$?u+pYFbN{JL!0%P{aS2&w10F=*=%yk zRpU?=tNg_ssMwm3|I<29~y9M(RF^03B1WX^5J^4uB| zEn|K?81u*(bDhQ&jt_EtsN*Wf!yF&)_+-bF8)ko^W6Bzn&vU%cF=c`2taN;dDWIDhdcRD$2E?bZ)SE*a{Nz@=^QehnU2qOyudN@%}oCi$7>z$_1&D9w)>m=eZM>Q zJC3(Ge$?>`j(0fzh2vj3rYFqe{CmfH9OtW|YC4S^H+9_Baag+~URPMVByvxuLtmQN z^z+8~4Vfv{Ke

kq*BMHY2!2Ed4L!%h*rq?oAjvsO;@#Y^SPg6RMU|c;`G!J2Bx}QFQ>k z*GOC|s*Xo~d}G{<8-zOU#z6V`$geE>h(pQ;B!UQYrtj%pDU_9 zh`gw3*0z)h>rCPu438l=5n&*z{A-Z-P4?wsgd;u)8qZrY9)obY+XCgMAzy)la(-2xngDw*-YgnuE#*v7q6E`yrJqPL1gFG61Ko!#5T6UVY=P{28cwSO3xi|Xb71npBWmcI{B467Ae zj&a#gcqu5e2LND8I?a!?g1&qQ&W}ql2nC=_8;#4@L9p=@kU1sXOMJaiT0R;yehy!3 z3&u_LC|;DR1al56TMH;f>YFUvHNJYwmW_JCHi!ZyviWlW7UOh( z=(~(;Y-CO=0vP4BU6_xoPAY?oWM+sRgV11^mC zjQfbByOEUzioemBjg0%guYV~7?~gmqFKpG{vFccE2>4%|vI+jDubgZlu)WFB!d#T7 z8_?aLnSFB=3UJfoxc3A)SmpdUo_?Z=1c?Z}SQPjH*x+i8`*h%1vQdE}Q7T;=MYgHi zz{2@(FUs|tD7%GCfZvPA&h%U9<;=J&;sqia@VYmvcv@oA5$Vy&@Wy>~X>~2~%L|FZ!H`IfnXGTa;aJ8PP913IxL*V+D3q}!3j-<9CLf@z0;OJ%N%q#6 zx&UM@z)Mjp)etLCLKCG>o$33cXeET$Vist(^AXe(BZTC3cr+R_&qG3TJG_vMb6mYu z*KF;))ol8%o{-j4q^$vu+j-__Pg+lrb_S(I7|C+d_yqQ5=Fem$lm9*P6Zwn_S~=S( zAvdiOBFg80_AeH4BCzlWEPUFX%0f;A7CL2ElTxDml-VHEfk!6Xb6HN=N)Qf=>%2MV z!Nl#njzW1$KC~C^V|bI!8<;cT(r&TzZHcfoVqYYdDwe)21T!WFm`cP_=OaJ7brl?_ zB#jRzUu5|&OgV2xK1W`j9GnR`=E*^sdU7y2<;el%?#AhkPn!gGd2-Odx2NVR0H<(1 zF3Bec*^;Z0CkK`G$wA5k12!uU3I}mTrGpEkgPmxm^w+e) zLh0aB%!AS9KVkkjEXrPa98Y0N8yF21$xGZ*nZE~d26-Bw7I`s1KeTfcAE}(2b_AgR zvh5ouPiG`pl6D^Wz6-v|@*7>^T@omd&tXpu^kz&3%ZQgcVxUC0iPK!lYbp~884F^ zgf+~J*M(}lE|MlrK$#gYm6!1{`C62xj@QL$tHb)OcM9 z5r-JBTfwWw>$5=D@iOygFI{$*j7Kf4+ zE|9nZ4PZ4u1fOp`li`xZDR-v3K}>q!osb}IIn$Xwf{Vwa(&Ob|ayu`X;Pv=X>2Y9y z?eSyM<6`E)=(r}olzHj#{`nU@|vEy#1s^ z4z?vjbOfI8154ysX^D%R>CZ57@R_##^rjz#NTmNzdi5ZhH=ep*di59P$?cka43CDS zR|Tjiz52LIuRf7pO$MLz%492%P4p@gRS(gtDQHa=ZH|TXifu`+j&wrQ_qd<>pwOd! zzDH@El+QU0t6uQgTu%vz!sh{C zOsLS?YXs`C%{~bQMND6hRWkkhn0k`wpKJhk%P2`SJs_zzUheklNOzA&wuQS9u^V)Y zC;7{f%`1Y5*bVk8F7@)$5{BUC>WOkwI;c#Q4lZ&h_p|j)`4E)%m>nzY$A>OMb-9&4 z4DzK(TBjf>zo(m%KBe!K6=L<_NhN&nildUP`mhQYUbMx9@4&;i;tTD3eJ|riq9`e9 zb}U8MNUIa?xlu1C9n(rlL<6NsrP$sm)-cY%_R36qB~W;@QVb~st&Iz7>%a)l zlMt9WwBJM-5FdIkLsl=3VxWu~7QYOda3^;fWxDz083c>u@Om3#^O9sC_iw3P$rfkDHKEp0iP0>@OJM&35e{J zz{D~nC9oQAs)J64liubG;6FH;rz1(zfMPyRb1Jbs$Y7z zy7N&QgCvEp7d8(lhvh>@$#O`UwP09<6TDK_yWpt^b!IXdXTWKDdhJdk2F8H1e)HO$ zM91O;8i{1($Z5sA}T`WGqDQK7wN{Y<}ZWc$iq}3zYN)T6%J^IvVVzs|l9^#eAw{R%VVH_MJ=`aHd+b z02GFEn48Hcfr&i;1KVPpKBqk4oR$WWC`lZBfgprQvB0HF%5a)+Nkk`3Z5{;kQjk-{ zniFy2Hw&0p-qfKnt;}a)CfG72mN(VrW&y2al8X~=!Nl6UQfz*NDPR)Ed7yG;v?`gX zZsDn+*DWHhHwV@n4Jz7XVi{8Vk}VALnM@YAjEUt<_N5o7!*J@kXlY#r;Yg8F$%KQ0 zQYIYvfU{w9(@vrllH*h(YR9RB#F71<)#M(9H8I-zd+k)s?spT-GR#*FL^1f}u$BIe zqL!U$8cz5b6S`EF4JqveqcbVO$x*4=No05vj?KA!P+l|8DZGX>AGH!kCJ+>162p0* z0~m%X&5-H?FW}E)bDbOfJS5a@G$>U*9)raS8c=>y%J#4Wav zV52G|-f9a8Xhd7{A>chK4=6_^u9WI?MkQ=+X=>1$z(V-nK&$6v0C5pIpY(JSejy^h@Lp%=u8+64xB2=ZOkTZDU)Nn<>i74VNBKvT*_nv z&Q!Ual#I2!M`h~WCbj~$;Z%2wMMcj4oVBQi6-DeQ`oVCUKmpYJs4) zOqL-zjmVIN6B3xv!(dJ(Yj7SYY=kgWF=-aKjEUt(hDc=epl`!%9mW%U^W+2bdO1uFtp)e6VVdMb!9&aRD>fYyw#!!s&*22y8Bs(YzzykZZp|?l!;#0@oR?UrkzgwzpNBR{)c8!ljd&JhLbRP80Udb zQYZ|v8(AdqBqo+O)ixuAVLlVXTcvqZ&BQ4UGcmEkl4b(Yldw=rSh$k~_LvOdI*XV* zD6pD|6}BkB+YaiP!Z3dmlA8_0RgTrTn$kr~*5eE~c#C5v(H5L=HzwyN3W$sl>Lv&0 zfe|9S*CLB*OvvbWF1wK7Uk4o;&(T8Iqab{H+Md9=h@eQ-iS zCLDR*sP*1yeZXwiK|o33P;LDLM7RtS8vNV3jOG0{E@OEQ>N1w$pe|z>4(c-ZOE0RK zSl*<|*qDil&auBmc<19P2XCJmaT-4%YQYJ6GHFW`5YaKPT~fXbS2^f1_u}O5{CP(gm$98nTFANqn&D_3au_Xdw=Tn)#$~Jzbn7yF zn1!~O&~$JaCbc*ZbQ$C8RZQ4NJYQyFc~e~`CJghLm?o;2Sl(2Z$r4_9{Bp9uQQ7o`PDlB8N9Ooe|uta#PnONR$ zV*$&1Pzx*;xu-C(ya%;FrSL9gVtJDm7zQe>fZuLoa-6^vV;EA3F%A*aI3l-oES zbtaL=2!tWN9*kpyaWd{4g_E|j_5qYv zpZg;{0%s8k-VsG=>DGR>%ny)*vlq@IaaQ2ehwbnG^Als0|B0VG4+Hz0J@8Q1{Z|is zWuf`~UFPxq6eIC#z7D^qqOrNo8M(4$Rl~@Jnzp8fkyG31*EBY_j9gjMR)0oK8_4ag z<)vfB)U~X#aAZeIOH=#EbsY`O?KLBs)|C{G8PU+RVq{Ze?Z{K>>JBU@D=IH49f_8j z*3>urZ?$$n^H#p2eyAA#qKLgvb8|ym(MryoT6B`dD{ILQ45y{E)il?qQd-+60KzOwZBt9#>8T`qIcO@Op^Mmcql?F-azIf-z=Y?l zcl;0dTtB{%*Kz%Uun$*PuA9Ps!MtwrC@l2}-YBI8yWy~K!W;Z)Qo6ybo0Mi`x?Zg` zhjrjQR)wDhC>Ruf7Je7O_4`F+K$J3#8v*_>eu&glFd#g>Z~(&4k)*I+r?V&Q&w3Vm zz4CiHk?!{z=_kV2pl(ECX*N~YS0O%4gq9XSsxaqJWtd$P^*oZHjF5+nfE0XG@ zdx{YI*avVc?QaQEW17Mh?e#c_{ZiTQ1A7|T13v$c*LzJuC=B|%pIOj!@G>IlUz*Cj%6J&h>nV%Etu@Y|BZ^ku^ z5@wvf>yzO!wT+wkMC$g9o|4ArIHvzFRisxi>=Qw12a`UyPCP0@Dwx_EgkrFjOa2h&nvZ03`${YSrbUL#&i9q{|_6DNcsubf2{K)Jb}~zpqo3A^{f}S;D5wq{%kY~3-*V(9&jS!&EJ&Zm<_s_z3E~W6P+%zJvBP<`k_%@R8DofYv4DIOqHNa z6}v7_LoqKJS1$Nf8rebd>@CX+wDK`zqd)1;CquM?p)kU#>NyAoo^%0u6Fuazk2mo6GBSg)dZqwOtbT#V~& zz?b4vPo?_XXwmkXt^9t2i0e)$)iS~8&Tbae4@Gs;FI-cd?b9x;n8^114c@r0tEnAG zw)NlLv~_Nn{0C`kD+>RGHFiP;Za*p1A~Q0-qEB+8#}CM|Nt?z~#dGSHd% z2re#C7nphZr7JVXEMH=0#50CwDw5d3Tz@FVZ$+V*B9ENywanRJ{NKzPtA){slhK$h zUHF4yl5Ae#Cx|DQR`8QcTv7D$4M~f6*7(${Y8RSuuok85zmO70d0S>2r2J5dL3tsS z0#Vc^9bd)o`uDH*+~151C0#B{t^cof+hIzm`fX+dXZH*&$W*f@B#s!8RaS@KO&$+h zH9r0`yLCy*e%iEZ23=b%U1rn+>%A=jh1i&4hL#jFz+a?`-QF?0HX72GZnV?tKA6Eu*O%6E#Wxiz1Yl<1dZBWxJskBX*6XSKF|}DdZ|vJ(G{gNfyJ+^ODSP7`sCvyh>9lFk zNO(uA?(eiCLH(~Y{_*Q{aVgspjb;?KD>8ZQa2jkpjiYI2jiFaa zTT-M^(r&jw$9z&D<1PqTEzvCI`7Em*Y`fhglQBm)&34;3NVDgE$r)ld+T2j~l*r)Y z+MViWFJy32__K|iiiiO(8l$&~_#SdK+eEVgH;Zi#QNi$-?Rii*jd{&%H&^2~KG}1- zT$*4bcFu6x;YdydI|bPZV@D&|V7=2aa{S?3aLO3tU&)kB&&_1Fw%Tr;XKeBRN4I>^ zE#o6bP1zg$n~s_}c<^rZ#yF*P=qH(+xSUsK%TStS1iz~TO1fN)HEp0w+SJ^n`go7! zSqe}0k_*=32MFebHI>Y8*ukPm{b;}pfserv!=OaIEF!6yS>;S;&lU%jjg}XJ4%FL> zuxZfTAp6t^%6HNV!n zwym1aQL5{jYTDbYo%Y7F8mfi55|44J>)UEit*&cn?r2!oA!QwBwl=U1p0ucN38a&Kn^(rX(bthTP9IZ4Kk>2x&m*;4hX4IPcE zTJeYtUwYZvRA0TKX-)e|2j9I=&F={@O;$HFpW4{mP)(ki*4FBpy3@NTQ(I?yf*N>& zRNcC!wy9Ctb7~vw8=Xe{WQ3=Lv#O@OqXB(ssB3FL_d04ibl+f|YJ6L}mDko<4GuI| zSG}%$Omm~{RO=aS5+X9IAtu z&}mrL3ez=qRL@@MK%cc76@LGm(a??s2CteW9W62}&N^yk)W$%!o!Q#qCJhZT!t&TsdXShur#3g# z$04K5X|Gw^06%VQZfsv^*y(%tor)B9fn<`=y%cgyT?d->Op)lXry;x?I<0ALZ%nq< z)N*RIQHOKbsaw;wR?Ow8XlA3QCE8T|u4`&(H~KZy)nm%6ZCi0BTtj?FjRoeqnhp@r zrSoKk*XjwE+Dyx;)-@ds)n?W?Yg*xw4Ngr{0|H0$npM?pEo++VC02-~X<|;!GciY3 zK^+dB(}=m-)Yt$Y5eu7s*g#~)O}g0CZipA;qW7+B$AF~xUur~BhM{}4uW9VSkIbMY zHLtA4n!;`-1*Z!eObmW2JWxhFlXO5 z;Ta1NzWBQ71>3h z_J(#dO+^C^lLY7#rSVaRgrd{dtZIdlaI}?(#U?UQtXTu$ij6B8>*$vZ+p^f1S)5oe zxhi5Ql}|_*63DM0tvA%o-tW0BK{O$lZ$D+5%(B z>@xX8?9+DgLIAxM5*ymkO>bKu_N2NZTSpPHkVr$x=;J{ zG^!w=RHGMgH^VV$WZzKJscURq3CE{ZWkH26ISe8+h3soiuWK(cp}OAgO!TLc{KV4x zaIK4B?dHi7rWAqQ+7Mg0&%q3+Lp>*ljvY+?Q2?FTiO_}WCYtCj2R;m+K@Gh-q6s9MU@geny~NSh8F7tnAS97 zXNLJJTCQRka%LXCAU-WFAEm}etm4qsVOP`++}tvPn~)LM`EkCDXhMu{t6|Zp@ewDK z#z(AJv8LG+c`PVe!C7gmFb^pVCnIEMf+Yg}&J8Sfy%K6fc`j~H)^iCj$l0x)S;|y! z(__I!89R0px2v0LR>6W;CLR2~1{Uc==typX?aZV*(VIEG+$^@VOAFQYEzJ!WPBZ_z ztJd6bYD-5WhrR`M#gO&bv3onOq(eGp3)#`;tgUIP9#!fj_hu^i+CfeBUM2*muDzc) z-Rz=ImC^FH_Of%N>azHXBXSmU4yeiA)ul}kC{%v3-4kb`ZJbnZ2P=%keGs4*KjKOCOZsHFmF() zOY-j5+o#IZUI|4^bfy3iZF*sc$wtf8nl{KoP?4RZH~Z=Ti5)aIuo&LvV^yb9Z#MZRzZ{#hPDZE&pKj zZ^NV8JsAJNcn(I_a{f;+%-{ru@oHYck zvQ3_KIC*p@a}em1$&?3qh^=jh1GAiRXmcLj$#el-#V^4OF-eDxlmj|hDx zQY&+oN23nM;Ga8-9zFr7wevjSs7L32tMKTq-8|6QE>j-lA?}5f^f5T`Laekk0jZTg5tuK1QwRRn zinUJzFpuuqV$7mUrdGG9z&yI+xAtdBKV(~7?L&E_Qx}Wlz&yH>$(PZ|XH)VF!$}*G zJ`Sht3*#7%?&Qn`o%~FBkcXH)myeS%!N!Uez_!2kpANc{Sp+`HWXgj)mPVNz_W({} z+K@+gav0kwhbfQlc<5W?VQO{Oah{klifxtScEsSE+1z-P9Bs= z%s5P*jW~IbPE5T?e+VZJ(ur-%+6&Bb(x1a={qr4Q9;6d4{ zZP|a6p$_)2aW4l1@-W3aBqGQDLrr)5*&aVr8!a2AOyC(F-Tu?dzmvn*L^;|%#8%FOz&yH>!||p*Oc`e>rxquVf5%@49`Y~8 z$)h{|d7x81Qy$&%91l8qnDRJ)r>OnRReWet)ZWo%(v=pqH8j-}dCz-`^wZD;(R_BD z`c%ItrP_fXd8C$i`H(5KF!8)0m7IFVoqT-beX#xQn4LqhCGXb{&6V;X;83jcgw}jK zdMLJ(4{{F0$kDJ5HxI?fr(WNNPd{t)GCC^oL@#Z%goFkLE-6R&nwX`nM43J;?u-oZnKY_q_RA zDx3T`x=0?W71iQdp;3q*9Tlk$Nt5kM3EeZ*orG*-jUK6#f}~psx!W+LO7J{YK4vOv zYoUS+btOe*T17jU$xmjL{?yWbim%AshAwHfOWYD#YS5C0tV&jD=>ZQQ56XFv;MYxy zNlxAG)ONduy>7&GdH8uy#q7u?-s(6g=K-Oyn^wDti`{V9pqLC!hhXaBLaBzJ_V#1u zgDP&B4k^h7)_*L_O8e5Q4e*EqmcXgbdQO9Yd*8EhsAu3 zV=>Df_>;K@y$P80S;l+P(O%xl<9=V)v)JC_TRz^C*fPKbu2h)x$5gxI=gD@@z^VH& z1^JY{Ir2Ps->2Jo7V>!S#ePs1EAI+mEpL`rhC~i4<5J`-X2H8kKelh>{TNuwn}a;{ zwuhB*8weJ&>=UJ5hF8XVFXGhl79*dF(;imFA3(5}W&a;*?*gaQw8#JN=Q7PR%~Lb= zJSiEP?$Q0CLNTaRLP$bP)67)E)QoAO+zKHHxrY!!jvS%m%&>$hIde)fBP_ji5Qb+3I}YwzUN@P0P)OFP`g^{-geUN!u` zRenE0uJ-!Co-e=VwvF~W!p``XkioHUyH#W=OMYatq=e&($v+PZRJ*J2G z<^2Jl-}AHV&BM0e%5Pnky=qAx%iG&qmSt~&ZNthrpT0Y@?9G?-@m_|vw;{{kBHI>P z%aqv*S@sr-J=Tl2w=2uuVr=`Z{C=5bZ>i*$_r|=vHqplQyTrC(<($uN3VNQoVYQ^M z2!3y`B+K4XY-7E7=WQI8WpBNt?*J%!d(*P)t*~v`_R6#DZISd9i@k+e_EuusZ>pjQ z-P`*m%ifFF_FL)uA-qsVS3Eh>@0g*#0Idz-pnj}6U83yN%{2MpJfl#)?h>J-JNA` zn%L_j_WqJ(Z`=Q{w;{`3z1Zs~_V#4i+x|c7{X5IvJh3-G>~%)QwSIT}4|~PXV;On3 zNbC)SklR=vf5DAQwYSp;ur;^Q9dGd>na=$$y>Zav{`&u?cb3`n=Owh~@AWYPrjPD4 zfM@!bARoTn9|k|SF(0!5nvWsyupYegHf91mbK5G|8-n$HScYQZHrl%$p!RCv;d3nS zyp4qb&)l{X_Bvrrdq-g5HriVOP-(^b!s6}W`)ZBS zw-ff>#dhz!4Sq=2Gq=46d%LivJw8|S_D;yM_ab(HQ?T7TZ)0?pz11Iv@BF1bwl8n5 zJj-4YHt@X9J8$o-EPKV5yz}-h%CgsETc-R@gtE8yNS3`} z*zkZiW_t8Km}PJ5w(y(KOy9{^yuEj_?Cr#cGqK$}>d|e=vbSejIDUinSl-^=4_Wrc zz+Z{&-g$ewv+S+>XZWHw+B+4Cw^xLYO55{lggeq3Gd+4+L(ki$f5=Cf{r5EZy}e;s z_V&PDF$0+MHjc=$HyieNykh#!z~b%A$g}`j=`OstfO2yuqEPI>a=W)$DpS~xv>`nVP)Beh!?9=ytmc2M08m7E4)1!Aw zmc2!==lehQN8Vl(;kAC-z(1G<%=z^FoMmr0?D^vd+n2Z3HOt=E|B=29kbB#VYMZ2Q zs@NNoWv>GME(~DK+c+l6-X5`61zn%MbF=I%f}iE-QWi-rlWQ z_IAPlTlH~6mc5m*=j&s-*n1|+UK}SC{&_jn8p`acEPF4)-h^nFz8bN&Ez90|ocHiq zvvUA-{mc1K_V&)svbO>D z7@v3EUS*cO`LH(+}JxzLh?V#tG@+Gj>32WBJb#m2D2B1 zjBXk1F&^)HeqYG4*A4c3`@06pKEGSco)5p0_Ha!1&f9xC%U%iW6{2miKCZ>$?R}AD zZw)%r$A@}rVcpaBNtV5_-vzWB;k?8#6unx*#y4yqkoi13d(TqZ#ehmZ!h8G3^oe3|mAGkbnh@-Cc9 zcn{V-AJd_y<`l7}_Mk_5_h9km(gKX? zY;Z#!!G{bH);n*H>!=rEUGZiRl%P+%A6$lo_6o6}IXAMm{9RoCO2)iBs5Npbj|boU zsvBdCN|yEy(arF4bXUg3Fj@<{xpVA`qHgq-39yRcj>7)t<@IvZ-C@w}M+66&_c*ux zh|ES%3|AO~Ou}`v(G>@`AMHM#NfloEM;m;UaQkp~4MRqkfbGMH4KC(JgEe@ee@w$Q zQaQv?H+oaIk8;m{DCyz0kIHNW#c)M@xk*qR2!CwW_TvKf4Rq*Mu${TixR|?QRX?vd zGcM+?7}ZZJ85e8FZ77QcyyD8ZSfeunruWRuMo`RMv1CNCMrXv_&Qi&^SVL)rvRE)R zvk???ADqaDV(yGt{nIlZr_VFijEe<4SAIoe6#TxaL^yA`BT&&TP32v7T&4t%93U2qk zMQ9}Eda{hcn0s=je(u#77jvU<)z34LjElKZ)#@+GctEj6ck1Xb&f2a=Aa3uJwOy|` zxxHJ~_Jgwg>?JZT)-ZxUl*JlmZ+Jg@$&8CNxf9C_3>vu0YN|5`nZMHc zPYp&(6Jvan%zvcYep+yG*7h6BU+lJ@5v(%*Fy}urcr{CZllgfq*%JL1pDWT0z|s=^ zSB@P_ary{z3%h-ZcMc=bssTZhrPWEzy7F*e+M>{O1Sznx8#eOY~oT%-_NJFAPSQpVxLR zafMuN{&mhjH<)XFUR$-q=Np!qf3ovm9;`9{Bo&Ty}xA}QIZyBKfYV>k} ztPz2J)Dnj_H6HuteH>%;Tci9!nIGTh#{y+W@zJs$x|cOxuVIiL2KHpl!)`p($Bor% zEc&kjdf{e{yuyea%$DYx$TF{b$mAWb;P~&?aQ)`y|2cygQOR48{7au2r!Q-i9yVrj zXp{6C2kWo4XBtYrL`X zc(?z#jRVMjbEA!H`=8tXXTZ!Dw%-gZ1J}?s;H``N4_$;8H|8R^mZ#&TNJI|b5q6+( zPF@i*E^FL#GWs0zpaI8YO~jbT4A0yau|vMIGmVnaHIkq0rO=mC%tmR`^jn%4s!^JA zLOU)l4w^9+u?td_yYy>*Ro_lyRiCCB*|Ae!XGczZeL1_ZmL8|0_O<-=TKoT!dn0XW z#KmLiP~+iP^U#n+-g#ETG?01Tz~b|AM(LSnU*z^!HzT9Whhg2?nA>@r^m1nt##qG# zlp7Zt_raQHSm`722S?7gdSv;ekD@f3x1L6XOiMp3X}~d9A0~Vf`DpyX@mNnCnmy3? zV60twP^XN?r61f0%<)NSlRrjAU2MSmX=CQ`MPoLvdK{#^0wRxUF`t;vVhE5!7az64%w-O6= zSYNFBG%9E`)->mt`z(1R*T#LZcJ&K6nYYoXL+)ryJG`rqW&?vG=a)GQ+Zzg-wpq>T z{la;8Y;&I3^gZ_?BasWRo@#tI);yP@oabD#$s_Ow=gJ4n{JJ`V4%5~Ni?_peK<0kn z${&0hc)ZEa#`+9n=DpgO@hl<3e!@5(`xG6DAV}{Y+UP0F_MK)!g>!8H%(RWc;`LoQ zAS{yM+BfxSAI&$&uf!i5w^5(xbnT64d!X^*ShENimSs!!VHt+_q2A+s^Vk@LAT!cmmQPJa^CwZ=WTHZI26mCvyNW4~{@c8IXlcjW_~0(RvC zW_cWq#oK50(y+t)l6~Lk>Ij)&x>`{O%zee>3xEBtYBj+=7a3^A+ox`zqc{zd7kn?jxF2gE)Q21H-3x%H+ zUP~T}Ke#usc>RxzdH?wv;g0Zool(Y|e~nwqPR=>hi;Vd>`{lyT%?@_|u&$9dvTJi- z*0np7&ES^#+P7SC0rvqi;bD@Wya5A{gClytRFR| zO_BWM(~aw}rd`U(u1^3D0JF_eP98$$!4r<`_Z_$2L1#2%uDwBr@sjh|px|8F zgU&?oBrLSUvLgHRvrlAPwODgox>wjIxwIL(eq$Uq!jXO7h|NKok-)irzjt^(*bRQl znI5w5TPB;F@sNG_Bq>KBG2aEoZLoIs`-c6BD_i5?)ESRIxDHs-kh5$$8^ar(xAY6Y z;_bqMheCc5bxy?}967(GL$|M{p)&{GIxOk_;aDUW7Tge)9V6U-g@w*6$X$9)b1II# zeH3w!MuoCYoemGm#*K6i4s~36;K>mj+3U0irw4||G^fMLg;O189|`Aik981fMvbt3 zBP?KZsYAl;tZQ-_Yc3Hm9qS;H(sk0j^e4{i*Wl<|qetOm*%Z>cepH;oLN)mU@!HfzZ|n8Vd$Ng2-(o@Y#( z3&^mu2x~6h&SJ8a=grhHUP6ZcQmnan{bgh;^X1@_@d`5ZS7Ob@>#rhPn_NvDL{WUSQ0;FDApz%~*5sc9xLY(ZVgIj`6+1D~xGpH5qo+V9mwbSxd%wKHYli z7{4UE(U^9&kYQ&l)?B=uZRBDoz-^~avBO{o8Tvc1=Hm5tk=utlyTK{rAB6E>*U1?# zzZgUvmTe&!Hq%&h@iyHYrw*abBI+2o7v>lb%4xH=G27K(GHh}jIu~!VgxoQ-IgC2S zBgxPogEbegKbG7n)E`G3_e49@Sab1qYRR2LJN48to=t}SMObt3`t!(L zLjC#FF}_-Ou`%OaLWZ5CSab1qmXW)Lc9v7ecm)~yE3xL{^;eO*h5D ziZRQ46B#x)W6j0e+(JGuw7Hc!#{U%FVN9F5$gr~;YcAf-9x_kR;Pz6-7~i04;Dj;l zq{*<;25Tx^;84mkgbHaSL%i?_Ln+$XfTnL5T>$k5-4H5aeHjm(oh zxb4(2{#Cl=7!MU5ZcO`QjA{R5W7?lYhW!exxp@22$OE7NS4|z`bA>s_iE?B+ zxYU^T7m;CeG1gqX&6~+M7o}T59pk%%mmAaOqsFxPl<~gcwPe^|k2M!>|3&gZD8Ox? zj`3fFHyhLbKa3OL?PS>8fi)Lzb0?W6>~OoNWBi>k=L}I!n=y1qWZGo8M-Iau9NS8y zgcRP3^V|x4&&*roaB772;v&3|gkx9eb+}7-X7)S}6+Tw@B;nJ9CkdY~JWu#q;k$%a z2tO(Oobao{n}xRt?-c$)xCxHkK3~PcJ%y9(lS>c?ZeQUp!u^Hogf9_x^Kna@88=7P z+x$p$z7qaHm}3RJehcCKg>M&rTKHw*w}gKbPO`X2wyL}RQO@xKMHRY{=4v}!n=j>>CJ|C_Yv+W+*g=$DSSFl z7M>(LL-=yx#lm+9KO+2R;Wvc;A^d}I0XlM@o+9A`g$D^ACw#i_RN+~|3x!t+KP&v2 zup1+9``1?@kKv-zr?XIaf8p-JZp^mX887m3;acHKgl`glSokU77lhvu{#1Ccu=_r& zrDq@9lkj=zBz%bQ3BnVFtAx)NzE=2l;Rl2t7k*awRpEDpKN8*}9LIsvr@v6RNVuEu z0O1nhg4-!6K_*&sRgnuvm zjPM5GcZ9zd-YfiSVJ1D>gpX~Jkyi-U2wy0?K=>Bn`-C48UMu{n@ZW?tw9KU89pR6K zzZU*cxJfD#wxw`8;YGqrgdY%oLU^6-!A;1@RPzlaY5qanj}13_!{A5!jB67N%$4v&BEUbCveZz$J;~r zXyFrtX9~Y0{8!-*g?9@7AlwA^ZhgGGkL!7c@P)z)gl`ePPxvw6wZb0@|0>)J_k(@B z`w1T?JVM8#Hj}($QE`qm|<~v3nox*VJpa{e-0Vf zJajc+|2%X)<)(i%xx}diH;epskv}Q&HDt57QFPuW$EAKjH;|19-R(O)L|kBEGg$e$7U zdXc{_@=YTDT;$)9Ee+p;nFid#2%2=xUuW zi~jMVf2!zIl1pF&u9}SVOS)R>8($&%3q}7Hk>4Tm2SmPF_-WC3Uib~+f08ZUPsoRd z>G_Uq?co>Uc$bWROES)_=_ZqLPDwWf?4N62M7i0yRCKN|9ahKJq2kJrg3TU`4Iw-=pmWHuhS9$-Jt;YiURA^InZe7wlZL_S62=ZgG1kzXqEg=9;^ zbzr6eRUX_eIu8jyD*BI`eqZRnAUYdFXQSyH4V`x=F9E=96a6nl|6itm7Ic0To!CK{ z@@!7FG`A#MpVmQix{1!AQ$8e=pDkQNE(zrqh3q=1KatV~-ZY1M;m+n@uAK&r_&B(=w2(AS)Zkey8Rxrn>%o33%{!D^UOo_=k4&c+`rnGqUeV#pBWMSrpb+fs z>?_=kZ1MIN9z`xeK)7+_jv-F~`!PAwDYvv;EPSQtFEssT2!5;R+#~!Txg@mzC>iH= zbdQ7mc%GL<|8K(o5dGcc5*IZ1m5g&5x>zsRF>V9)Y3?T6muxx*n?7#a1xJd`XyFsd zCA5y?I2q>C^YcBNmYtXc`TBU{=! zf~h|c`u#=c5YahFc)aOz&c_tduMwUj`WKr%$D&>ld zTVOv1?^DXHJ$xxT(f*mR&B#3Hz_kGTad%xPx3Gtb&N$(7$R#dla2^@`INb$cKkn{& z%FWJQ!haC`r^(iSUKO3c3jag&KNS5hMQ6A052Dj_KqhU?!Au+XwF4-(v~?BkA^JxP zpDA2VE@5ti;6gI`WxBawKUVN&%FX`mqQ6|^50fqI^P=-A8T}yLU%-Cc;7633&Cf*t zTao`qzvze7nfM7Wr13Cfv>NDWb_?$hl2eW)DtMTG8rfOr6R8od5y^HMLt*L^F@BW$Zr<; zJtAK&^0mURh|Wflzbo=jh5sWu(L*x%$|aY$tOqSc-df}xMBbfjWz`$ZvSNK5Avz<4 zPZa%AM88aQ&K5pb^p^;)BU?IOCZoTjdkyTz^nOUW)z@~>|61g`MgFVEE zPFm#cMBYi{LxhhJo$G_-J|5N0jiu@aq ze=l;5;q`W!kV{-tK?{-ZBl2FthltKd;p51b=6d0q$Y%czGWs35yTN`u^OKZYzSfBT z3nJej^0!64MdZ7Le-fRhuG8 z|5hfKiJbG=eA=!RzE$`R;YWlY6MjzkdEwWE`R+j<*9YX5VLiIJ2F83Jp_jXP2PWSw zayK8%?3Lh*yM7TtFw6Oaom!;TOjPdLuK-tM1F_x-NLJcR|`KQ z?7kgkHeVL`Yr^h(P^R;~$T@Gzr_;^bG9Av<^77rnoS)_8xx&qbTMF+d+)lW+aDU-L zg%1}VD?Cp43^L9&=_ZN1LiilfnJsdD8_DP8a^b6luM@sec)9Qj;Xjhwgz0%k_<7-% zh57v>ufJLN1L2Q^KNog$f-J88i2NtvW=%5oTL>2mcM={TJXrWB;Ss{e37;r@hH$Cy zxx%xAuMoak*v(_IJT4XaO5s()>xA80Cky*mk^fEjQ}TXceSIPPjqrEExw#pAzW2q4 zZ7sZ?u$w1k_PdDuFmh2C?-9ZyghvZc6rLnJRrnm?S;BLK=Lydj=J$epdKL@cC;XuB zqr#61KP~*M@SDPK3%@7)f$%57p9}vW{If8>C*;$g5N;{#=6qS1cNY19!iNYC6&@oz zR(OK&MB#Gbslsl)n5CgkbGPsV!Ve2SBfL)dP2snNKN9{_ z_$%RWgk!j-@naiug_{ev6n691_7B^CvBX|;bFq#h27jYi>plJmBKZ` zGlee@zC`#6;j4vj6249NZsGfcR|~HZUMKv5@Lz=A5_WU(ERXzlm9L9Wh21x3Oy?Vs zemDjdU26Cbvja0}s%!d-=X z3HK9r^BFBYLq+c9Hk$lok)JMnmT;x8oBwEGFQmLUte3gMR|+o_zCrjF;d_Md7yg~_ z?}gWs+lTSKDEzwco5Ft+eouJ2@DAZ0g?|ywNoL~B6W&j_op2Z7gM|AEA1r)~@Ug;Y z2$u@aAa@AMp-y;?@WsOOg%=3lD158%GU4UIPYVB0_&MR{g*OUs5`Itk1L3cPzY+dP z_*daP+&A*&&`h|4a2Mg8!hMAg6Fx%tL~_TloKF#Ub52b@N#r%cGlee@zC?I|@FHP1 zN7d}#Bk~7@eOy1 zli#H9e&hqga%d;qMff1$A;KlX#|R%Qd?xvz(0-ZlG~sIDnZoA_UoCvC@Xf+Ygzpo6 zQ20^d$AzB}UMKvr@N2?bgtrQREc}`9_rgC4bDV`QpB&)=;goP&;RA&G2oDfGO!x@l z5yGQ|Ckjszo+^Bf@CCw`2wx?9jqq*4cM2~TULm|%c#ZI%gk~SPyua`u;SuESVIMMD_(b7Tgr|~wg!<rZZmTrwf+}R|=m`?j72{Q1~+8D}}EWzCrkY z;fI8OFZ_h?)56aRzbX8-uzRnCrSk)ke3B@0O8KU2MYHW9wdCY@KM5JgvSb> zDtw0Ubm4P_XA55>?B0K3`CTaTrR08Ldsrs?kg$6%is?Kd@~4D12yYaATlih!4}?Dw z-YvXG_*dar>r9%P3O5%n7Vae6UAVXKk;21;#|V!Vo-8~?c)IYp!n1`h624COM&a9q z?-E`qyh`|w!p{i5B>bxICgIJ(9|(UW{EhH;!h41Jf_UGSa)tRl880sqE*5t0z_B*g zU*ty#j}Sgi_(b7y;icHiO1P_Vcj11*1BHhQA1QpY@TtOQ2~QTT7oIIVSNL+_ zTZC^HcJD8;@?0+RM}!{}{rRR=VXyj7M>zJOL&g(JmLAmw+i1Oe6R2W!YhSW2|q9VvhXJ1 z&BFf>cJGO@Jbo_nuY{v`9`45^yLUzn2=~EeB5xtwMz~10mvBGfLxhJ44-+0Ke7f*i z!j-~R!nMNn!dD6}6uv>&z30mEyHw=Mgr5+8O88mfKMQXV-YEQm@JGVm2!AIW$FpTW zraB>9Ak23Fc%8Pw2MG5O9w2;}@DaizghvZc6rLnJRrnm?I^pw#7YHvBzDf8t;k$+J z6J9O6MtGgDd&k$oVS9c}DnFv=;dR!X1PU6z(Z}gz(YACkc-i#xSLZdpo#= z*)Xmim%I({(ZcCT!`OHMO zDavtQn{EgezFUc|1dAWHISlOIcQlf6CJ=567XR*`v0y(oZye>g_Mn@9#gCVp2!r0^S>{(1CL`2D*kmVy0q$>o&Wv)UDu+jG5@lpC+2 zyc7Q5R%7w+Ls$d$&(YRWZqLHjQ*O_vUZmW31LgKyX(Q#vn<(#wKe)|U{M`R7VE;T~ zE9LfVVjJal&u}~C#ycptdxJYEH{L~g5B$OH#^UD!?*aS!V0$UI`*H!t%-emfIM~m7 zO;B$4f|8UQyZH-!U;vKu7yO*iHq^Ik@FL2Miz&BjpH7q;cca|SXL?X>+=uc3q5T1r z8xN-3`u`!68<$XSecCX}jYm>$eZ?5cjcM8MFLB|7a8kHXI4xXEF2Wxin~P^wt!Gw) zXBL@fX3292+1kS};gP~)geQ=#4NMfCBwQg}OSZbM7oIJAk?=g>`NE6I)&_1CULw3y zc!lsv;Z?$`h1Zj<&AceQL3pF^CgIJ(+sGKFOSc`1=N)8>YoyzW#q%z*_0PM7-Ts1c zCvz}#5_`cfhFGZm~_ZQy|-Ts2(E*ywuXFC%vg?JpNzLAE}5rSK}U?T@R4*O0AGUMsww+#|IAqVNW??WY@s zH<7J>-YmR@Z2RL@;cetTq5bW`JIJI}Bdl%W-bF-#kYr_-C)^6vJt*x#icMI*bLK*lr>Bbx$6v}&{Jbc?b zlWgtHy<^|nm>b(;?P^YQ=vZ5F@4dJ7GZJO#+ssR3YbQ$!!PYjWw*Xsvc$sYVzAwt& zAD1s7TV210`sF+pI<{3ZtN2r6Rx#Tr<*edwjgiEFZIW_C6L78{IR$1rB)0-LHEs=N z+oPP_<37f$O13x3JA*qIGi%+9nVnw7Og85OQvVR}p~i=SON@ttM;MoYM;i|ZpGmeh zTrON?46{LvG4sf|fz)SSE;MFdE;YvOw%{t`_F&Epq&~aKn~YiAw;8i4e@C``XO%IN z^pr8nd95*bCC(G1KB_s`V9YeUVazhzY|QF@&-hUAHsc}SPmK=;?=&s}e`|ac_jx*tG)A6C^W8Ph&K-puaH>mxma$4IE+2^ba>K1|MtO z5qzR?S1{)c(mu;@8kvOyH$%AI7~M+1d4kko+0HY@?i%nrbd)nV=Lxp7K5CgT=LS;F zJU(VjHO>>HobBN`W7Y-d22x%O{);i&Gv^6X-W|;E#I63oI&6~(W44Fp#x$EYX4lHOfz)T(ijCQYb}{CuMGs?kmHmu6g87{|hCL9> zIfG=j;bF#XW223a1dla720YGqB6up<`uXX?GmV+|ImTE8bB&qzD~*|VekYE0SpGK} zv!CI&;V9?fgL4VVY*!B$Gmj4&cLJ{^+p*>aWA4AN8nYd~Y0NJDZ^pgBTa9_R{K%O7 z59bonCi|bSjk$mEyKj^a1OH?^1{_5tQ+_fyVSGBch4CbCTjR;#V&kdcF2>WrJ&bF? z{fuXU2OG}@b6z3ix)40f_!97FA$B;PJ*wz!Qz{22VDA7(C5*HF$>cT5z55 z2JjVRJ2$?@7^~n0WA1}@7$?E^8?$Y%G)7ehe=tV!g6E7`U;K_3?Xx|WA;Da8xI2SHRf?YiVRWz2ynufeN=Pfqrqw8;o!E$tlwhei!4+qB* zA&&*;8ngV{l9>RwVq>Pci!syO!

KjZdb&Us{5rgNBa5AbN?Az;pbq)rKVyfNF% zna0O}IscJ5qrp|iCxB~>$AQl?o&dhUn0@}WWV=qe$(U)r-8col$CzCQ=R8uM<;gjZ z4l zbDpz}i@~+Vtl#sD*>7BAd>HsL*8Hw*2VkAG`ron7kGzpKk!dv?tpNSrXizS404QF z?`_DPse$)23U@MQ+Blz)I&6o1joA(d88dA|jf=rY8?(wr8FvMbHD=nz8MCgZlDh!l zrW-Sz=NdDeSCDB0?i%46jG4CEjM)b6GG@JVJ|n{xgE^m(%wkzfW`l&|cM{3D;Ma^% ze8DDT+UI;m>adQs8uR?~BV(2c=QdJjAMh??mcxIH8Sl@=JZ5n|BlQml^V^H$F<{PZ zB(p6QlMe*Ibuni79AwP$;k-q@^PO&(G1EWV7^`5cG27L6V|1qhzuU;L+)pPPb2p!6 z%r-W|nAKEo%;+vK?g5@>%=*3Bcrf@z;}S5x`N+7KN6u#?p9JRjAIZ$`O5-!ZPa0Q% zpEj-ruQRR#zifOynDZHF=MwN1<4eK+G`q{-@Bwf-|_pn@nA6LMN)nk_*vs4z%Ljd34YCZ82ByYvEX-& zPX@nld>VMW@g(pU##6z&jL!ytZ+sbeukj*q6gxN5vlyH(z8&1$cqzD*G4DO^XUu!g zoJYy9e9so=QIh$dtwYG&Q7LeoFG-GphZ}QWKGrw^<~&O3GzD`WCAlSd8o37mZiX@U z@p|KYFy~8Brw}~fn8)RX#yoZ`Hs-#3t8stuQsbfEWyVK4KjUfOfyV4-IH$5@F96&L#;nIvj9HJ9 zj9HIUjaiS=jad$yUr9SGhbzdunE=N*m1JZ!xWSnEON@C;xyP92SDar-eb(tp8}|Zpt|j$(4fT>S&#zuL<~h$>#wFl)jgJPuZ#)A0vGFMI=f)?1zcwBR<{V7M z#dF%9jM<<6YRt0bJ+PL20B~)D4=`pM>txI}#_zgPAFH5`G53ps#%;hujQ0nZ7#D+2 zCNtx3rwMc3CFQKgN@LdJImS%GxyDQbzb8w5WFz1lOfuW~<;G0U)yCZKt~X{~-(t-3 z_B)Mv%)Qr`ZT=zSZs13and~Qxhk&0pX4`(&m}UMpxgP+Ib2G{86FxFdgLfG7yy#!X zY)iY1S#CcXGi}Tq?Vu|Qni!*d2{=!a^4{Q<#!P1$WA2X!7!Lw>GCmZ{Ihzd2ex{Ex z`H&Ya(@8alg6xzr;S+`oXbfa*2PQ4tc%x; zSr=~^vo78>W?j5*%(~#bPTFBzd~VFT_}Z9t@tra2;wNL)1?PA&EbAiIn03+2n01jd zW?k%S%<^w%%<}JSJPX|2cs97N@rB?)#ymG0YCI2ov@z>ql<|D<3C28UJH_~F@EOL7 zz-7kQgDZ_60M8~f<8Yk&NoKz~-#7(cXw2)E#l{`Lw;FRFTx!f?4ZpukJ2*@PoCiu~ zng8CnFPL*eDaSAPlkq6MmIS;hu!2q~-jhVLhjhVKOjal!UA4+|u?Q3JE?K@+p z?I&ZVjn7o6&$Q(l_XRgIX4+a9j{$SuXiHv*!5w7GKCq8*0zA-|$Fd>D>;sQ7PJ=mz zly-QWI^LLN%lV{~GcTtb^EfrhxFdLqaThS>nNt5iaGf#R=Xu6Qfv+aBF~ePN%rxI( z%rxI=%rxI?%rtZUDZ?_&j~X-0PZ~4LPa8AM>x^0cFBx|Nzi!O)ledhSW`19r_DjHY zkt4%3(-dLi;jjw^5gu6Kc-)Hc#_Lq+(@?aba}M$+)lZb=Pt69=U%dvC$HsvdGh+rmuE5A%CiUA%9Gbx zzC3vy<;#=TQGP7PMB!<|^}_RndA;Pvek>8@b&;2^5?(93L3p$9HgX;^3db=9o;j|- zvm4W5I&SQWu^Xe3ABN>P0YCnPV*@;w2#*n-KxQWlS0P+0e39@1azUtnv+y$Em1Oh< zbZdlP6y7AfRd|Q+ZegCN`f)NzVfW77bQo7Bk@pdH@8dO{k(9I3gBvG2Nw`{gwlJTS z`>^i)x@Kpo$X5uj7G5vBQFx0mpNac1KYR}Ena{pG^Le*tKI8Vx=h~k6EZZ}mUwh^= zYd?;NCTF-SZCgPSJudNNPi;pPeR8MK%4xwGfx)PHK)6JBjPL|u_x@N5TPt$+&RCN#5c$o*%gDSSh2wKu&ufHV z6n5``HT|t3-yytPn1e68%_NxzXt*}Q?wzhC?<4XdNSMzMBb`H?<-)6k*9vbC-YmS0+$FTLQ+SWCd*5l-P^T~f zed8kGZo&hEOUT{Au2kMI!Tk;3DICka;z&la99yjXat@Csq~o=?lydXaAw-XhHB zSw4?$?4^a>EAm9sj80m(n9K_zxE{iTh28r$O^45<{Mbu3p0h_7cACiRh35$`5?(^) z#TT4=f2Q#&k@IxOtTrsIgYneNbVKJTO`~~cz|#TnHPp|V}vIN zSCDz)3|A|Bk?;cHn}wGN^Er;UvxdxzP`DR`HwkYQcJG-q{oNwx!)k9QN$wZgY$M!B zn9o_f4xg=f=JOQKe1_u3%JR91XFe7)Mx2M#DM?$@VZKdj&;HJv+r%!o(?C+6lN80nJn;n^w60_SXDk#xiLznuvA z09d1nJNz}-Z}I>@zsU!?{~qqYXER>=Aj`q8aIqkAQIL!{zYoq+k?V^w{=f<1k)N=R zY(Wb6VsLfQNR#VeC>lx3MpKGLbIwFh5{>5G0bwkjQ#GSLh{khYK#*u6hi@&9CUWN@ z;n8>w#{`>7|eAFu+A67=f-b?Qeq+g^7x|v*yfSMjp)PU z19`_S?_HeE$4_)pJ}Hl1%uBkwTKwg_|2F=c^4;)7IUgK~oa8?W`#B#kg*Zs^*;Gy> z@&q`Z+>W3*%_97MOd|O-{&V(^%*HC&tY%hykkcc=r&fi@mdIkxkjRtpq?7IGIVQsI zy0i(J567y2e@HVwPm>!z5&ww|PQb{UpNl`IQQ*j>A~()Y&=lszd9~R5I%>E--r$3Y zn;}Sq)-D0IcotGd-bm>l2%0k$Vw{Qy&z!j8+zxQ%eMIQr?fr9umJ1>|C&&4vmu8b^ zO$l;NiBma9o`fpP86T&mc}bqw3EK09T8doLxYzw*bc^Mba|C#DH@G~iid=_TzT?@g3RDt>stP+eU%@Ln@S4WP6pmiH? zI&WcQDLhH;dU@AJT;`HzBdWZc-Cd%1@+EriaGr$Q5%V63JkKD_>SoOd^8Oh43ZBBC zIVZ9dxIZoJKSG)te-{6VBONlf<{Us=;Qm}`Ymsw2aUu-G%f|Fw=#%pP9QhU8x)8;b z&U-#`JW?K}_!Uj@MosZwHN_uB>KPOE+zP7#_ope|57OLtd;BLJK%{6Qz!u!qPoTd0bNUozS_~99$TkrM z?*VMHC-0@`4S*yYblxjb)C61YQ-pr6KSWF-i7n4g3cm z_zmuze~eXxf!D|W+7S5pm?Zl}4g8W1%;BGTuf*;R178&9G_Ekum&7I6^Wu{1OXHU8 zTN(4^aeht%$-XAeYrHVm^DY9oR_ZP=-0q##aj(h3_am1lU9RcuUWI!iQ}dr8J*E(?VjAD7F|BACfs$@uBHyoU59 zb1mZ!L6&!>vjme>xoZ03$cZEr>|p4U9V zj;<}oXBf75JuHA!96OBs#k)IDvYXkg5?~f zUuXO7lNf{*&Q|lrCf)&sHF}aOKTg+?VR)zgmC*;X^=h{5#*hk zxX;X$COV;lLUU!Vkjz}Unyc{U(!3F#HzmPu1TZx#6XgxTf3K-orNJL>2)+>6&U-S^ z2Z0#;nZ$h!!JpOG*J<$e4Z&lK{rLpn_P-y3$MUvWEPMdkHD zUXwf~Fi7)bZF#wQzqgRh@>)0dA)DuMzi4|o3#K5C#bHe^kBJM?n^6sUE%J82lfDvF zn0HWKZv@VbAB=x@A}|3UC+S%y0%<~n6A|8FYB^U>mi{O@Qe5#+T;`Q(4kSKGHK%1=f(t|)m7 zl9}JiU7!ZZk5NDQ9U{>}b}x&#rH}I@lBc3R@`prIOA?Xq{T+t`DS@n4m9tw8(sutO2p+c zH{OAYG{LAt#sAXbtK*$9rYKt{qn#nMT?6&>5N77C2#1N`A{UaxLlkr9a(->}HE?cx z6aHNUdjJI-H6%^T$@CQW7i>?kw)QVf?r7fv!>#IOmIcW#*cuL~EDw@9xiM&!PHsO6 zTl3c<1<6lY&A9HYoD(F!ib0GEs!`ZSlK-NG^m){&jhqH`Q0Leos%8%ejsD%k|>CAl)v8J@yqKZbcaawt6MX63x$!L!kpTC4WXMPhRXAZ#+o5n>Lrk84d?d+;sYS z3$W?oEXwGv{1mE=SEA9~Y@R`KcN`o<4u(9Q24_Sfxb33xd@G_){*YTGde~WmwLmGAo z{1s5({(d`wVaTn}Y7>u6jPU*8?!Xv5E5c1k_h%@{XlW!LThjdGVYDW4D7ZCGJ`1C@ zk;x2#C5YBXSUQ2bq>o+^d5{}|=C@!~;Qn~XkzJBEFT~3NcV6V=PK3#g-;4i5FNcgI zU4R&)w?@{0TYrhtER5b3*#=J-`<)SH-C|!E>D0=_p2DiY{qayK(fuD{-xpzWefDe~vIaMP-#UgXr@So^=&fkY9-KC>yjK9F0B``7_kR;(Rv3 zJO#~WR-PL~*F|`fEzxXpc@TXuauAdXi>H^t^HPNOxRyjxU0KjCyEai2Ev`B*h`tix z0kk-p;>B!qgB!%tCmN&=V}p6kC5%aYKeD$Wi62DV>48h)hY_BGhDqEO;VFbm;+9AS zMjwPpd@sU`TN1ZQ68{>gn#ApmlK4qO68X{F=w~ir>08m?MfXJbZtK<^ zk@Ujo50T|e0!t_Qv$ml8=-;^^XwH{Y7q~y3c}pE$jKcCw<_#$2#y8_XQR|Ra)49lK zv~BcDaO)>sgWWHhYVD(I7nLT{GdhwRg64y;DsX@QhvYhm%!X+d;Ul*LjQajj-_v;qOrkz#B(Hp&*%CK9Ci zR)FYnF7EVA?3T)-&Dx-ZZeYM@Mf6~J!U~xdm0fyPw2~Ww=Hsv`aDVP(t?{WKisf`{ z&y7#Qe}aQXaMpYjj{dP<* zVta1gor;lWHbJQQWp!fIF%W#FLA$mspi)1Vv{@x#$~C=HAF z5i4RI@1rZ7R$(*ljE_cnTG}T$mWB8GDAP71$#?cdAB(ayO2UI#70lYfEzMbL(Z^k~ z+Ki7rA6?HVx1bA&zUT}G$ye!lIm%Ov;^Zb4)`sXqSanG5a{IXRbV|-(FSyZ#?-EAC z7ahB3dgJyw6Y-bmEQt0)7t}r08aIc-2G%3Sqft>gd!3#!c1=Z7%clp?UNN??w*35X zw0DeYc0v2b&T0tSFUEsGTfSK$+CRpFL}+F}jNM0Q=3p^1Ff`L98C?)t1S`!dYJ=$2 zF^)hDn$>|9I*vE10$&s3xkn;sxhEO@B-#`sPnuQM)dkTnqda5?uyO_$CE30 zGzvY5B%fMFzj3!elgZxLZl1#Ad=|qGuEf&GqnNWFUBT{?yp7%GPtMc2S=H<^oDIZy z=xGDbWbY}02c;BlDQ;FnwTM&e1P|0gPd9j=7J7Olc>xxU##n)UlKcv7H0C^glhc@- zeCO$x?8*G3oTq>CI;Ji33`p{cezZ8oN*|c~6VTwoGiLWB=k_M4IJZ?e z-_uP}(-3X6GRD^VUXv7O$VJa_R{G?o26J0=>>ya_o15Chd{1}Vp2|(FV_N1o-yd^R z_fqqM*rCu|lbgDezPYg{u-cScTwXgXh%R#NbaSpdTZvv9y9kYJTW*RoZKKyY-=suw zZCOPSy*|dX&25QPg8S3r7+ch~rm4HB8Tz(2O>tC_`F1o-UCBzg!PWfErl~8KhtRjH zY3dfH<;K`4NZIbDsWG&2mrM1Yrl~q~{L$sk_e0av@yy@vobSh`srMOfRg4eCg8US} zS{waij3@95lBuT|!*j7SU~^G2HH^M>F80OAR4>-pdbhLOoJ?KK`2Os+ElH-{VU9M( zrXbwXWNH;-c*oV|vSjKd*5BWp@4jT}L)v^l#=(Hglc|$g(;qnBie!qjZ=)YN-^yfa zJ#B7tx4Ks)Q`_nLr@ME(I+;3#t@|T)GkQ%jwT?DFcA9IGse!b)-D$2*rY5k3d=ld^ z>BVHqb(o*V*kNu+rd*HtS&TjA#$<})VWT@@JWtw`Oif~LKacU0WOFjbF=Np$Vmyd$ zNv8M(>FAd+9!9q&Q@>}poiX<8+mfkj*4S4u_U+q~#Z|bHi~cLdi@_bq)E6w5uVV>x zH#?K5qnWZ@vFET2!vx~o>)5JYPuewzFNB}%)A@f5ds?kxC})!5kn7AB#8PV6ywI+P=+{c~mmJ94Uebb!0< z-I1TVjUF7{v~ItXCH+)RY?}}8R2X0aOY4t0EW3`wn9DUe?qsf$8|bq?Bmw^-OD7j& zvI$~}?9Yhkx-fD&UhYOZ^)JR-r`DRN0lK{nNw-%hKJXI!Qx~-sM1~x64ZQKXdDHI6 zP`CT2eJizt?(0!KxKG6gcHK`yBg$Lr9))$^he>`j!jt^&ceBatjPR5jQ)(ieo2T+) z&G&15O6wMpLR50JQ;?s3I7Ao^UhNVU<6H?H)m9eUVP>=mVl~xo41N|-It*Xa-8A9 zE=X?+3d4l7Ohxi@s7{@fm_qi_mI#=_T?HsMBw-(m1j%EZts4^P%(O98=h?S)7|wax zW+K258(SKpF3Kbu^=@HYb`QwJg^OKRZb%zOy)FDrQy9sOdee ztghnxvO0)o)(-ABaA0}ObdSC3Yig=z_MTl|Ib&v7&+6HI`wZ+^Sv{q9b=BnFQ_IW$ zd&7WUgM0PsjhL!uRaE}JitWFm_x1y1tF&^))T$Ykr4^M^%4Sv9m*PsXd~$g&^bUBF z0WwMzEWL2?5Ck*pE1(C)ehbE^A215oD^4q$IW5#|kl>oOv81kSMnz*uZ5>U*ybmbDGCTX=K8J)F=nP!V$M%oJqp_vD=NgGc^78P%_maFO&V&CvbRUsO zMQ!QK`m*wKf^#`SqI_1}d6lT>8I^Uxx3RB4F8hl@+B^s%BKpoK{&8)YjG1*ObHTjI!wn zIb+uJVAhP8Ra0kFRunTW=T+9Zc*;xh6ks~*BOneO5LBTE&#RjB=k)5D8B@#4s;g&$XVmm$ZhOwGEU!nRdsbJ~SJstr)70XgC-f`sIc3VM z8Q~^V!KNt{W%Xq~2>q~f_N?i(J@IIw8h1sII~Q$Pb!D9^D%MzOIXqQUs>;jiQSK;% zQk>Ks0ji~T*5v9cS34-a3RW$WfVi=VwIARXd|5>W zC2oHSE4#F|tPZt=vO_gan^j*?bN-A{w2t$r7v|ozjp=2xOQ+P8O?3?`G{H7hHKS1z zDrG1%s5yQ6_c^$f4FpLqt)Ej{iN;lpnnE-2ts_9kRNuc}X+8GRvO3ok!}OvJAj{=5 z`*Sd{HckX;#Y&a6Rf?S?D66eSIaq#uVwsuJpuA?5-zN~Kt5e%ISW&YF z51dius?@b~wz^{X*QgaE{>HWHl)3XUX4FI(+hr+RoNw`^)59Dx+|21{$c^@>OorT^ zS&fdZVV}k}+_keN)UXdin$`T6TPmV~HL{KK%L+U;D6g)noKf#uPR;b7YO34!vf@Qa z`kthmX^;ZMWq8B3FqCh%Gto?4Y2czATZpyi*9~rz2FUBHA+MWKI)diJkRaLIQT#pr0*Gw&K)Ph|i zrj_+Ocp#0}a*wjm@HP}nSib`YG|C2AQcYcjYt+Bhp-Mw^{ea(b*)FVu{r}iI6ZojA z^ZnnM$p#E-5M;3oVKE?tBrHY+MO1`}qPP@VZ3tONG$b(z3e~E0*Sfd=+E%Q%v{HXo zty{H=qP4iUZmmnzT5YXX>RzjDE&u0v?|IL>nVFEFEG^FYBs0&w_nh~f^Pc72d*;q} zDjRBK7$r9YR1LFNd$V}kwW+C8P}8uqwhi4{#v+R7qtF?yg6}CjTUEEO(B^lug)e1wSRc%R&2686;osqm+OY4Co%NoTGjR7^fPh;=U6*EC(pJr7wBN(6&n6h8Yvt|diBN% z`O`fjw+8j7xHg+fnsNn%OA8qWmEuJ8lXH)pgu|;E*8r}Q+Ebe8H+~kxNv#%F{kR6g zH6PC0n6-E<%2|}n!LAVQf?1AScLfukLEQNi<5PPPhG=_3IJ-M%x^&?ssxM900mB;( zsXpuBF66~0;o$Lp;y7^y<)uGQJM8D~L~OdcR9l+^tzK3dG&C=3#_eR-+_sOiU&De7 z6XP2{rkI3v4*Q)N^%dfnGCSpxHoTyQUzj#|kt@@s+)v?#KL5eeM0g_}ER@^m%DGK-&B5V^?pL|@tV8F|JN&TyD(B5T zY`+D2&pUKRY0tf9&7HwzUj{7dN#Hwg<~8ILhl=T2{uZ!GD6n z1;%4I2mh+MT|6Bh@8F$zv)pQLHMF&NI<~)&z>5odjGw7kdo?h2JwA@0J&q=|cRjSG zfeZ$Z#8RQGws0$X>~5pEzhV^PQMjNseu{0IZ@+_*?aSvAG~eGqYZ{tZ1bYbz7xdUe z*tYg&!ro}?V?DTDt@d7l)-;g8O4zggPmjIm(l8D~4eVh-QtZJ!-rfh$ng%jB2lhTR zJ5;{o(l8FgiLf^Z?<^k{K)t;v5-<(>I>Xn-gj~XKD?G;Iy;I_CD948g8VT==!~a2e z!6y$sjGT-%@mpaWZWcRxdT0^i$+YNp&=$ie2n6nf>=Evab?`XjyYrb#6BAD-4a5SD zlw^oWPq*9jS~A4M19qDqxg-O=Cz{-ViV2M>xhp2LHM`9gPlgzNErR_(1N}TzH}KAF zG_McbuJc>raeirsfp!MaKjz}xoM&8vT^fFB!ew=#Pxf!!S^vB#fSDbR3h6 z#u;MtSfeK!-D>nnM&E2Szuc@gUpD%0Mt@{bG zo{Nj~L$m)UMhnBm#d+E6f6Hj$wzxPwaXFy&M;JZT=vhY3H~J`}Ta7;3=>KQ*RYnVk z#g&0y-_|nx-ssni{=3m+^lSVbjV>{I52NQ8P0qfi<&!zyH-D>nnMxSf+rAG6~JWcyk zqwhERRilN6;@Y$a-Zd?rNAY@$(R&y@$7nLvHEoU2UorYDqrYkN)kc$zu6AB9`aPpJ z7|pL)Y5X0H9&Pj@qaQQ+RiocCx(6=8)aDUJHyXXt=<|*KuF>RBtDReo{K{kIx@uhG9Y`dOp@ zZ1g)u|HtTKaP6%2k2m^sqc1l4dq(eoi(pMV%IHZ(?_u;DqYpRwM@HXi^g5%TG!N%g}ZqemNEZuCr}4>I~lqmMRvh0$jk{Y|5V(lHMo%~T^F}W;y3Xi!qfa&ZBBQ@&^z}yn)aVC{{+-c(GWuPk zxtOJO>0|V8qsJRvVf1XH4>Nj+(Je-wWb}DPf7j?WM&EAqeMUcF^qWTi+vsI@W?1WW zveB0seYMdy8U29KPZ|A3qyIvUdq0LZpmm*O1NY;ao1q|)j1z~}IK#N##TjjMg^54i z#mA{VsOElLuP`(xlKKRr&oUa(eA#e|>@_Yqy{26)KW-~MCz|VMx*w-0UuHv`_jj{7?N`z~2c#X)~`2u)& z8E%km06XtO7y{jHCE5|}ysyBWVCP+iok?~cvjaPiD*|BW$;13Px!*xdK_0Z@sC?@n zMt0r{xU~{?-UbNI&f^cdTXr5B)Uop(!#%HK=RJU>Bgf90fYgqicLwc;?7S+NQFh)9 zD6q2g{)XaucHW~%>e+exRrAd3Jl+#|c3u%TwqJJMF6e8Xop%J9(X;c0(^<;SyO1vZ z^y$|)v@#TMs~{1W5-Z-9{Yl_^Im6k$IfH7 z*jDVkGvNP?vGd+ST{gzfI|=p3$j-YC1KhFmet~*_YIYu1B$b`VU$pk@JbKu(^Mqcb z?7SP0uV?4c`CFHr_fyPC%Fg>YO7GcuQetK2Nr{!6CnZ*Po|Jg2vh%o_t?az}(J4JU zPfD!pJSnlV^Q6Se&XW>vV|E@pv}fn-jq&N(d3R!N@0^{-Rpm5xo)}Yho)}Yho*47& zyl>#FkjBoF#LCW-#LCW-#GakU-_uNE=SgB^=SgB^=SgDE&Z}glQrUTuSlM}!SlM}! z*t7GlWqYTx^CYpd^CYpd^CYon=e;M6PGRRsVrAz^;!_;KP7-@|9)X`}>^w=V>^w=V z>^w>A*?BdX+SAy1l33Y!l33Y!lGwBJzK;njot-DCm7OQ4m7OQ4J7wp+&oQ3H&J%0O z&J%0O&J$~%owtZ{S{ge~QY$-8QY$-8QhRoukkeAxdHl9c*X%sWLfLteg|hP`3(wBu zl583~PqIj3=ZQ&W=ZVQVj-4kaJv)zN{xo);m`r2miAiPWiAiPWiAm4So5jwQ%FYW- zdMce`=Y=L6J1;cp*mW-k<2GG^yOQ=j^=c>@{iZJTa&2JTa&2 zJTaGK=jF2EY3w{nuIxNXuIxNXo@D1;z@eYU&XeTI&XeTI&XeRxcHZ+GMQQ9jN!|rJ zZ!OE6#?F(Jj-A&?$2fLg*!3Jc@3%bnId&d@<71QAd6(lZZ5y!jz6f8Zv-8Gb^mumO z-%+x3cHRrzyA|1a1CU=TJ8v?I>DhU|!8ypY^Z3&#PHc-=kadVv-5`1F`k|GeLBOj^9G^+J9ge+y3(=p=zV49 zJ&ifhv-2)R+O5XUTf|a0cHX|MkFxWmc*@SZhE-5@9-rFU2JAeZA(HI8weX~}^PWJt zm7RALnjtegkGGp!f}O{QT9lo)9^TB%&Xe4?C_7L5(|vZHMBhYq9-oiwgq`;t9!j$F z_GX7kW9Lbp-Dl@X^i5>vNf9%%^Q4GLb{>CtPuY2^*tZ-zZybuAnVlzXxH;H)@8UvI z*?Esiht0&!lkB!3J5Sudadw_W*<9?r6WJh+o%c;nOOBm)D$X*Q*?HojPsz?(!Vd@> zJMUd|;>_$k$!VLg^TfrQ#?Cv0&Qo^YTku}z?7UYwDW~j8BrCcN(Y9EyK>^gK3_f_Xa0AW#=toag?3M-;46>ykl85 zW#_%lrd4*{&ls(1b{>C+C)x=+@5}6So}CwAAv`(MEwJ;>Vk3BV-kGd}XXo9^vUqkLpI%L}^Z4^tNp{{b zY*)|D>&auDowqNKd3GM3c}%kN_T!dk=jF4-JUfq1zb4sv&$33Io%aGu=Gl3-v)w&A z?^$Mzd3N3twCUM-_tBx7**m@z#&Z#YY~HQ9N; zWwAT3^Col8LAfzL4kGNlgF+M@KVyx~4}Yd*EQVD~RE7(}; za$_H9q;+AWGP?2pTtWv!sNMs)Lhc>?HMCOr>%co9ePq>zi69lK#|#g8_$aJnG2LQh#WeOkG=?ZulQ%Q5bSaw zUV7XszuL6RbI1AVNjKcMlrZ>JLWiJcY`&1~uO@-@$t+4&T z^{%&Yy)#c1xZV`L^7Eg~57*N#XM#DA{3fU2R)C4|35k2juZn`?LHvcYpC$2io5Yu; z>2*fa%Tn`zkl8%cyp3ZW!@0E!vR;yB(~%pd$fWI$pJ$0b=F9V(=ZF!)l$izT3I0)8 zM%xgi7oLc0i-jk>R!4CIl_!hXYY!}9FC$7Xh1bBY4%coWz+Up|fuIR<`Ji;Z&k%VJ zz6g747r;ICVvE!JEK~GSJFB8&>BuZykD$B%0lHq6qsN6X1};u*CXOEG?N83plhj#` z9$Eum=M;7jTZZA0J(7GaEb7WJEJFX!arFLe>cM4GEJ@3Ewl2Us>!qOvBB2|2XFP^; z@UNQN6Q*~cqjzh9DZ-$6U4~6-uO9a9>mPEg@Zo?j-}TU%h88MDc8{Y+?j54~pf-Mr zJvQG72PNAV4^sJje*>*)Xyhxfm!NP#k3EEKYwt+d8;yM&;#|(=G4_{N@ULkggYUu~ zzlW$nkG+T;*4`7}c;$|vGuNLuST6A%>j;S2ImrxJ-mGz*1)X%9Ly=Aah z>TK~%?WJ<`*25m-(H_25?(Na%G5l+|9QL}y(YtlGpj#ZhDHxaEQsa2n@|j&C?fxuB zk1d`IpM;}VolGv{kY5{RVEb=`qlXh^Do4-U#dLam6`!MlUjYvC+pHeTvcN8-2OaYmC0d=(~)5(CDX(e#z+d zMt@{eqQK@EI%*wLzbTx`XS5D3;mGg=Y@XA^7BGJWchia zAF}+s&<|ODUg(D`KhO0C!@A4z^Fp6w`FWuqI^*YEgU5w+oq<2}t@=TuEi> ze2T>HnyYu;6jU6G$9(IGt5;D*uHJ6)S}w1XyT#SJCK0Yx<2AzHu8Hv1TxPlkk$mw2 zuHGS7EC*MQ=x}iLNNNXH?a`k@4=#Hz$Zn3Sn zdJEzIjdAs!M_o3?)jJ0D$jH_EHl|R=)w>k+{?uH(bts5(^b;KAd#;|8Sh;#qV&&>diIuA-CEluBy&U*exq7#uQ+lqR zlvufXQex%mNr{!KCnes-Ts?MZ&(#}_@#(pG7h`VkoU7M^=^lwLMt|P%!yZpXUxbK@ zG3DxsG3DxsG0)Ze4o@S$kNzl3{HN$J7z-0CS5FcvS5Fdqt{$1MX>}G_IZ`R<52TR<52T_FTPn;^-8vo+MVTo+MVT zo+S2My{|Fn({f&f4S4(OIrC7B&|%8elf=r^lf<5@Hx^TS8dpzpR<52TR<52T_FTP7 z&_?N8JxQ%xJxQ%xJxSduSMS#x<7r$yv8G%-v8G%-vF5pY`*Ti96PZ&L)srkdSMN>Et-I&Z z#*nvr%+7lTVyI-1#?_NjD_2iUDpyZTdamAuEZ_lR2__fj?SkGPnoQ&BiAm+^iAm+^ ziAm4ZJB*zvm8&PET$IYy3r#w%UTD&B^+J=%)jOJFGL@?*CeyfjVp6$!Vp6$!V$yT< zPT}O*l>ay^qv9vzkA`o4Ukpp<>Pc3Pt0!4GuAXG&xO$S6Pc3Pt0!4GuAXG&xO$S6kI1j`TRV;I~lW=uobnxL>(?;{MLLdV|<&(ztq3a^>oYIpyk!xg=L_Fe{$M)sy7P z)sy7P)sy5&u3jBa1!-J8Nv>QyNv>QyNuK2Dy~$CO#?_PLU2yeoV7b${dXmy{^=8vC zj;j}TJ;&9%loO2O>Q!=P7~f-3A6#+fOvP*eo6++YLi9Zr-8g*VuD&PmWffk6fj8nV zZ5wd)=D^qKT)jaUJ)WyaJV82Fk6-cMnq0ln$S;+vmq0N+SMTRI2YIeuEsvB&qF5p+ zh?k;0GIRC#%Wa;k_j%^9y>Ru2i^;&%I|to#D{=MiMhP-<_4?vk)^YV#GLGZwjl^!x z)#G)#=jy$}SjyF#ipKO@y&`l?&((XGmtNOL#^BeR`o*U*jdJw}lK5{byxq4)X zB)NLupfem-F9$~)S8p6$>9~6IzH;?`g*nl4_0B-rt;W?G#!@)0UK#77TsQf}qdZLd>r6@^37m_T>vEbV?dmPx9Q-P0wF-WcVD@yzfZzhQ{G#~%?4T+2x@m8UIlaVT)nq=HQ~8>KVmx1 z)jOOqJy-8i7Rqz={={^itJlIxdamA7_6X0_Bj!5E)jN${*mL!!Go9z^9m->kvGMqb zyDY!(Ro2^c^-g73JXi1MjOn?0w{xpoT)mHJvlFh~AK5mZt5?PRJXepu?~&x{&1H=| zS8opM;JJD?u`Hge*OyiOIUHJXeoDM3&_0T}7Lot2df0 z?YVl_)28R@t)flO)mzK0KgJr6;MRCyf*$l-y;Et^bM^9R({uIqVGr?KJ((~)S5Ib4 z&(*t@K6@>887}W0ix(ci+Ip_uQEU~@)jN~9d#>JtOy{|Jlh|UNaP|1p0ZFc22}`y$ zxq53@><(N#ex)sXq2cOX7}D^>O&8^k!l@(}`8t!WGF-h?VI=Y1<+(iH1S8k537$4w zy{E%S`_PTgP>1!{Ec(kF9 zJ-Qf0+@%zE(9xeoA7XJM{Uc-g6!wbs8P@0U!Tlrsz}Jh84tn+46T9$`fRpH=Ig!ZR z!U%3>az_Sp3)va+`XU}~kN7qh2MWgG02ZeP1+hN6_u51D_4KH^UQFAow?9^aq;a>I zJGYRVy|Gz11PQG6Q@Y8Ap89SYy;;<9li@jpX&YWL`lq zLi~oZC6e(gusO0MBL2$Vc}PN173CUxqp(45N<~JOMD`jII(O$G{UZbNX6|_DEO8MC zw_2+xnsBTo99nvZX)L@zjw z@m5SN-OaW3vZ@u8b*)uP70BY~iy*Yvu2RWV;EJs*n_N1zvUPb=fYMa9uWYGBCu*#% zZm+GWY-w$7Z>|P=jO3rm<(2J0TYFWjbh)s+t!-76Eyq;1l~o?sTDLOD()H-nC5_G1 z$H>>M!!e0ngj#JLx?Yx?$1ZB7!AxIT5Bqr*oX6f6lD?!nVt`}js5%ZKyMD>?I&or6 z!%_vQBC?q(mQ=gxWNB?vZEIC~EseS3si&RFps~4WX+mCjrgGW3^G$7&%yezr8y?U0 zJe^35lQ`eXIXUS!2dF<8X4t^;2bdddpJs!VW0|dwEk^!_ubOnuJ`7V*Utl?a|y?Bi9VZVObj9e>)8? zoRIAFelAAw)W=c#)${* zpC~ISFD)q@mzctvUEwle?MPTg3)^d(aCthnsjfLV{LuX>_nvj={CS5TwqNDExrgny zVDEW{&M57<_pG@y%CK_D!0!+-$ajfCDX%%j;Rg9USPm6V5BFfjXmcR+oa;XsK~EEJ z&j7sy+>FIner7CT3SPCXxC2YE5{4Pg9X|)(sub^RH>PJitaJvSciU=jUu@gJxC{s5 zpBk&65;}`_1dg&VbQNzg;@Eo79?PbI@1SJ+V!7An`>06+88pFOg2Dy0_W-u7y_v8# z8vEELd_G3&@keM)0~uTZd$#}SvFBYH#$l*|J+42~9^B*Yy$`KvAcOD0UM7CtTP_Xb zFq{Z`bMQ`kSl{&aXpHvQ*BQPwCI}YOAujM3|9hpx`=C5CKW`x7;bQ|IcAT7gUNR_7=jP)(O$P&q`A4JqCM>M|&IN=ba6E z)3s2>9(S2;8LZkZ=oUY3IL75_q}5n?e>`?LH!wsJw5*olB1&)i6r-p6aZzJ0t`wygW+$cP z2Nn$M`w@I-$-uD_;g_WmI6fkSM9Ry+KB2}(Tmd!HagL&9IwqrLItKo5DdTXSqGlHS zkGPW_TS31UJ)CjyDGdV;N8BKmGPrq!^Ot^qn|Z0mLn=W8pD{6v#DByUpqSdFon-Vh zqh}a>fYA$#US#xQqmMWG6r;~K`f{V!7=4S;cNzVl(N7uulF{pp{>bPoM-R?G$a3^T zKV&(2p&zmwz0eO?j$Y`8EJrW&Lzbf#`XS5F3;mGg=!JgBa`Zw!WI1}FAF>?1&<|OT zp6d^|S=IZ>EJrW&NtUA*`r)(8(W3`+JxA7*+speR)3Wa5Y}$3I(WX3; zDkg_0JmKLb5}T8q_t+F<6zd*4Z;J5prpoIic`fZ0JMY3oxITy1$PVyH`b!rUSQ0E+A!Y`4-uw7`M%a0S zV9>Mk=Ak#_8+P7cIN!1J-o#p z^z6JpA*pBQJ&BrUX6Fq+6+Js|BsaESc3vr(%(L@a(Ttv*H=fQ~n8WYoytVaoY&PI01&SS?=b{_kJvh(s$Z)NAPTWl+K-jyuJkLIFDfbI-J%xIIYIfdlQ4nS45q9a>dGxSn=Lz#j z*?GT0zMh>&=Wkth-rbm!l$|#eZu0CrDY3Hiq{Pb3lM*XCPfEO1*?GgzX3EaH70vJ2 zc~W9!=Shi`ohKz$cAk`Y8?*D+p*=hA2#in9&U+ejd*|%D1x%O9&J$zG&J$zG&J$yv zo%d}FpEP!!Bvy8wBvy8wB=+pQ>FmI7ME{B|0=n6iF@B3UE{T<$CyAAvCy6~f?;EVt zn%K@rgTyz*{+~~*>^w=V>^w>A*?HGv*r&1cBxhykNn&N^Nn+2=>&u+)PhsatVrAz^ z;!|=iM#XaClGwBJ+L?1IJ5LfTJ5LfTJ5LgOc3w56_B3{$Bvy8wBvy8wB=+pQU!pYW z>^w=W>^w=W>^w=`DLXI9StX5~C)SjmC)SjmC)PYW@5`Li(%5;DTG@G$TG@G$+OzYf zuyd!f^Tx1Mx@6}`7Rt_(ER>xmS$KBdF7$LNJ5RDmW9NxUW#@@WW#@@W&(3>><1Ce( zCnnR_d16x8d16x8d1BJD^Y&+FN@eGTCR5pYp-IQi3r#w9UT89Z4o33(!9bD~(%5-o zGL4-lCY7BhCY7BhCOtdvQckX^>^w1<#?BLy%FYv$%FYv$o}D*>Js^#pC#fAf?*`1` z%Fe6j`KWIJr8=#ypO3JJMVao4#&87KXMeMvGXK(7wkN8qSD!UlG3sB zPNQQSJ1^{dj-B@u&wY-a$FF>EGCS{FTySp#cHRZ>bviq5e~cc_&U=}+0&9MOoBaHo z7}f#`-h~|a5cdv@48)H7oS}FXK;SHhzVfmPgVCsuk*4qI*oWA2Xk-H94)I=Zt-wYv z91MEBvo{Y9IyUI_9wX-PE1N;Dztd1b&|?E8fK+zgAthXXi=uO=Ra0uGk4X?1SNuJ$j=SlQU zWami{Gqdxgh)H%{6~~-o=iR}+<=A;gq3D^}dD4cPgPoU;SyztkUF(<`TcHUZC11W+oy)V4vh#MtZDMA2-V(Y&*?HqxGiB#p$?0>;u=9w__w2lU z&dbWqo6X`VJ8vTEqwKunST<$ny~(CkcHU1Jt!sAPg>*H-oD(rTljbv z#S7zXG0)CBho$!HynnDpo}Kp)bMWlEtJ(Q}7rPcauZkD`fi^umZx6P#XXm|6o1UFV zcz2SWm&bB?c3uNd&7x zb|YAcMb*{RDT8+%C;+#V*FMsNKjm)yZo`_kwg zxkLDD!{`su7#5MYBoPE-kW*wQX2dX-nKQsEL1e__1Q2HYnMVdMil4-u;`_OK+(~$4 zT&{9NipGB(n>nqg)L)TQ#aA)*w-`IvWdds5Ol(|HRyu8BZDZXeAqQ+zOdfd)ORBdYOx`Ms$@_7L$%}k?Ox|W= z;iY{)v#k>TPoWmofW;=jq%0+G^HTEg#o5mu0j~oC3Y|^AbX;9aoZj-*psJ+>B)|;# zsLG(adAZUbfhB5SYJ5XkyX%UIX-y4DyjK#$)q&T8{1pVYq}l_yno03N&R`K%wG(?( zQ`KG-Ci|Y1iQ#v%5g*CbEW8pidOA0?L zXj|UUj*_s4D1Wk{Mv#)p&A_qYnp>Hz=WMZmg`6$WLR#w}dmWH^P47 zpj_ktHP#9sGg;*Tkjf?^{#sGgmX_vL0xL0+j;n2BVQk%)JBCrE3>6+sqERb@hNacZ zNUs9Ps+{Bc!{ zmD8pKtu2+{&Q>228bJFCj}~d$gQ{wtw`hKg(=4S!;GONJN){`ry1T2HF zbrI2dHN=7VlV+B&*FYvIo1?9^oedr$N7)AM8prnS|8~ZnL+ORhZO?fap<5HM_t}8x z=>^0mqv-k6+cQQlNQ7%Eo6OOB!0_j|KEuTwEQbaMq}b#7rwxqDa0vdXu~aIdvv^;? zQLIyT8LtX)Xpf6f476vLl~_K8Bk`}A+aH>GFfEU<9v9$W%L>^kNADaQv-XOoXXfaw zMm%fpbZmbkffpC_*k#zZ_G)17`u<^Eu=ecBcRjSGp^3pG!CJy1t_D4JH+HDzv5HY4 zlPNXcPqD-1+ZjjiH;8BLErPv-8Z*cEsfV@K8AtCGlZIwi!XCeSs6q335j(8Cnu9WP z^gcj5O+y>!z+NVf-a9GwI^*a?VT|@lX$;|OV}jr$JjbAc$N0~ugKWGF<(WBpgAfU8 z@IH(Le~zEOX`l^;VrMVh3W7z5$8n%RSdAIws96h#pGGyZDO-&w_ zafa^V1IJyR-wMYeKNMqNf9i~*hchLvU(z^w$;E@@<*h6WbvPiWSu6&GmvPBkxa9t{ zTRVHLtTeGZLj$RPVpdZ{kCFf+P7nuEvj9zSXmZJw}AUutUOMS=()m8t^=#Pxf zjV0ssH+m?1&<|OT zUg(D`M=$h4mZKN?AFcl z$>;}+e#+=S8vPe)JZ#MH2DCEfHgG>4x@IUyB;&-PHO?^ZcX37=U18!+ck%grbT#+8 zHIQbbPcZr{qXPsj8`oD=7wGSd+=qyp3LnDSR3XCI7H}SWjh!l4+RGS(0D~p#LJiL4muv! zs5cE zyc@AJjbMW#f%QC6$d=kK%eZ-eP3z*?2c$xjQo(Pe5?fBex*J z!1(1fw*9j42B6728}GMhM$g8(5`Ok{R*9$GRscgK(C|H+lyvNYg zj*WLKJ5|WW`#1WNvhmn4l#R!}plrNTVP4sI>=xUKjhBN-Z)0q{vstYl6Fhi&&|@e% zfBr2Oq5XC!DA@ZQy!RT6dSqnd)xrsmjdw8W{i)e_ttg1H@otB0&&H#NJsa;;^q?Nf z#@ieDdNv-NzjfJod$BC{L^hzXga02&@7Z`#VrAn=iIt5fB~~_`lz6MM@g7HuDjV-& zPDMTb72!wnaVfE~@ubAc#*-2&8&68SjoEnY(4LL=bBs^V#@iKhd*^Jt+fdImHl7$$ zHl7$$Hl7&sY`oZY>s zB(bvbB(bvbB(Z1Xoyqq8NvsAo0M=U@djcXZiIt5fiIt5fi9H+dEOB%S8&47|8&47| z8&48@Hr_$ZIhBnkiIt5fiIt5fi9H+d4;=BAE;|=7Tmd3`D z)XK(_)XK(_)Sit;WN;cA?{c6}j*a(q%;L(%dkr03*?4>oNZEMLQ9Cx?yX=vUjn{*HTiJL&X5ut9 zo@C|Nc#@T4<4IPIjVD<-HlAeV*m#naW8+Cy%Er5bjw&j61bvSfzT$#!p_)S_E62u@ ztQ;FpvT|%Z$;z?uBrC_pldK#YPqI=r-u`r88XHftQZ}BrU)gx#{?6HWzoEy{*mz=2 z*?3}3*?3|u$;SH=`*B^tJ1EqEvm-sOFQ~>HZ#c0j8&8re8&8ra*?4g_Q5qXha#uE< zBv&?`Bu}#Oe#YF>*m#n>3pO567U^s}N$J>l8|WCv#tXZiW8?8V?8?UL#hGDzk4b%S zk(o0UuY!$R2+{XgbmQ>lW^~rRC-7wzUV?$A<1TF*u<_nRS<~5g_hR&THXgr_pU%d+ zk9)Tw8}B1{E|rb<2#V?1c=g;UibS#MkrVHalcQ(jJNNJ@4ak!W6)CiG(=ncn*Gy+P zHr{m@{f>?IA3Dsj@#uYJ<6VL|(X;WYkanxF@kpXqHr@*u+@6gm#Zxw35h~}|cz?xA zx((QPJVPYecvs;3qinom&<@JR+ZpGM%xpZ~Zf*%S-o^CIw<337@ptf2v}tBGp5(qo z*?8ig?z8bE`X;jRu15#ygpF6uHb}DZe#^#6W8+Dl-Dl%T^i5>rNf9%%@uY}JHr`;4 zImgBu#^O3Q-Y=jtv+<-2HwPPU8D?Q+;~g#?HWM39vfGAiJaPZV*?1CVbFuMuWrH|2 zUSCd*j*ZuVNi#DWPdxM~*?9YMHajhPJf5Z={B?BV%xpZ#X`8U|#KoJ&#(RV_owD(M z2k&*x##_m#scgKXILz;h5+)YJ50Wt-odBJP-%n>L8?TiUpR)1#p&NJ3#v98*q_Od& zYF)7LrZf9=Hl8GPY`ik|n=aURVrH|l@vfogl#N%zvyrm#zRAA(PLy{X@%SWqEZpc9 zKay@xHr`7twzBbtbNbveY`iK?HqjUxurz)$Cpu;0&17+ujrT*=N7;B2=yhe|HL+=x zjW>;z>za+%K!yEC8}DM4)3fpRU|BpH@7uKE*?5<5t6OZmHMDs_>_l8k zFD^*5RMiC03uEVD>!pIitJpT4jVEM2&&DI5Jjuq3vecf97h&B!8}B@p#k27qV1AyB z*Fc|nHs0GDzn+cv6w`S&-Vb@qv+<@f2hYY^%iKL1?@e|h&&JE8mpmKq3$)_dc-Jxq z&&Io)={y_nOU%Ku@!nzkc{W}xZF)A|EZTf2MnKz5@xnT8c{bi7^pa=e?LnKKjrSC7 zdNy7^Zh1DIOqiaHCo`sJE2cVH*(IN4dJKQyX*Gp;r8csdvMU_aA;Wp z!72&&=jT-6wcs9fx%`}qVQioP1v{|u4r4`L&yDeM4`JiIE~vYr27K)v`)@(ff>A#~ z{X)DQxq7}d=SZ^=l;9Vb0v|z zhQ#{p-fNFuI}hm}8IU(~$4h4o;die_=LWF??w?y29UKH>I>O|}3QP|Bcc#GeAYC!# z*jKt{$}yG=c3Vyi!Cma0pKYdG?RLbIdsKLGJW`Js<>CBK9G?6=o zye;C#=Y;)A^J%LkR;+$`(=oKcVx?i0>T9cy;T*HH-P6}x9Ba@slSn6WY$Q^F05NKC zUuj14EsA^#XF45ao0sh7tH(OK>V1Z}ZU4i3Hqw{S5z*T*qVx;+I+_6FZC%;o;ggOF ziIFQKwC$Lth7h0?q9YAIOb2#ymtlm3d4W&{L>JGne(*N&B#)yUrJg~V#CxT}@uUz0 zCbl$I0b#}q0DKsU!5H9_QrQZQW=&hrKx4=RW`rYFHVs3trM0=exw^TrvZ-nr0D>Ba zBeJ@orJi^+@(_g&7+z1{yu{hr%q&Vg2q&=>Q%iTNZeO9LPn|V3Lc^3xxBohLn`;H- zO8Q1H7gpk!RAw8}pc&ZpdMp_ zz)IoFbsRZilCb}|5nCzrI|bZ1@TZ(eE01ffTgkl5NzIRwdYMxZ-Zrvu{Xg z+aAGfaEi`>oR>JZ{e-1sIz$6%YjzkQW+x{CcX`WeTtt&S?i`8Dt&C{H;+F)z<38Dk zoZ?XOb{flbvT(yaSY!)=lD3u0h)gVLYi|wT>s1Lftr3%BYgJB-5G5o?od6dvX0#sUys3r^t}*qX540YqLu*+XZ(sZ;C|pn*Cu3VR z58VWN)A3G@5zEbE^vk#KZ|&7!`(3vx3F(h_CADWno|5ToQg{Pi3N9o$M_$^i;Y)TmYK_jubg$@vYm~1w(rvh!{?m6a4QJb zBA(2JZimJj0%84f4eG(-(a-b`k8yjK6nhWAp4JJ6z0by`*t-e#7?1Y&ts1r0A6myG zWbh&EP0>POTP5G4jNn2JDtj+tNq`kh+#JJs^TLGHV@tY?IkLKumEelp2WjDL;K55!eZGkS*6 z=srUX z+|LCtgojO>-A|11IbVd3Dj9)Y6vSc(_N3FC)A$_d*a1y)YjnJBL3gw00A-Qa{>&-BU( z`x!U3UryLR;aJZJ`#qfKIbmnP&z=)jOfP(LPS|Tq?l@uZp@BD*6IO?Ub;${P6HVyGNvxbONvxbON$fdc zAF;ZroG?kOoG?kOoG?l3Ibls~?^I5hBvwwCBvwwCB=(%J^Tp9AoG?kOoG?kOoG?l3 zIbqY7b1ElH5-TT65-TT65_?YA#~ksgoG?kOoG?kOoG?l3Ibr* z-g1bcSF=^R5Wm}HU02@{jb2@{jb2@{i^6Sg-Cn92zg zlWCkVF{zv|F{zv|G3hyBJ=mF2Ibos6R8ClE(s9Bnp93$501%HPMDZXbg7@F&Z{L%1j*j#CxFfpl|Ffpl|Ffr*lVOO&UoFbM;)QT7I z3!g(Jbp}q@uQ~tqEm(*K82TGt%l0eii(Nx4C+tI>WgRE%Eyh<)*iX2T#tDD+C#`K)9=XgXpVHcn=JtypMsK4ig z@r&c1ElwEkW<4kD3_2zwC+sGSe#Z%Wm9BK0FnV7(VPCIbpwNW2JGzB+u@1!X)}8a>AsDnK@xn#3UyS zzf$2jVIx^w#|ir-bY@PNwBhF9gnb>euyVrokPe%P6DHYhLr$2uf8(4miL$vkVIw#R zI!@R`PL7TfHV>0#W=@!RXftxcE=DKL%n6g6wh1RpT)b(Vu)lJqQ%=~O@LuPfuu4Wv z<%I3WVXmC8X)@+Bal%$`;!{r82i$lhx)zTLj}1Rtc??qMHj}WH$wH)Y!lY_laKeBg z$;1hhq>d9dg#D%qPMDb4temiO={eqTPM=$b z6LvBu8|8$Z!HG^eVWU_a<%C_x`Y0!iNP5o+<5P{E6LuIY*EJ{X5IUq2PT145=Q&~g z+%w4uTf%gn6ZSr1dQR9bER^Sjtz|mT2_wQg$qD-_t$0q@_gLgkIAMH3uQN{A@yy+G z!bZ|RpPCbP0d01|30uRq@tm-L`FT#*7uY|-t=D=MCRiiS2^+yWbixU{f%$d93Hu#~ zY$u$s8+pug!VYB)o)h*WbN8IE$JvQIC+rR8=Q&|V(Ml(ruv3`MbHY|K2hRz6mP5mH z!VaJ(JSS`pZF){vBey&!>_het&k2(W({sXP#_WU>#!tDE zoUp#k@2|064+?^3;)NA#zfL$|dGuMgIAO0ahqt#PC#;#p?!XEABKLH`2^;x6w#tmW z7=I&9U}7`!RzQxD^3TX4=PVd~J0gWJG5KoAs)>mp7*lOwVq+C1hK>_N61@>&X9bEC z3s7tvab-M;rVb(_$MXm3a#~NRzoPhOQ26rIr8t=7jm<5rKpz`i82Rt!je#mg+F0&f zd_Qe;r|_{c9pPhREqsh$h7#%+v1G*|er%kL0Fa*0$?zo1E?r^C*e$!pk};MIcKa_p z4+Zz&^)rtp1Hz{SV><|zfXl=0isQeep5IVxYp=nV#i22|K?C3cjR{#J67&9~iysE&JDT4@sIHIa~NI__#knL5P5_wPDv^Beo&9$c=%79Q@|DUuV7g=DhWQvrS| zB+>(OPZm%{@=Y~xA8m<=%bJ=e62daEt+u+op}A?IqXgj4(!|91<%x-Pb<3N=LoNyq z)zwtBS7{P%!^+Xim$gg;cc2k$7BDIVK~vS}@GBus0UHf<4b@eEv^0S3LPAD0iERWf zI5-iY434^>bPYsW-h%vUvkbDJ0k{#tQ(!bywk%)L*dW}kAeBK@>zF)_4?<#3hz6+! zUk5NNI^S_dNZMIZF|DZ~$vjDdkv!D|16_$4)$NYV6Y_*e?+dD0T2PcKcA!djjX+^0 z%RPgp8O%!0_+WQ=D;Hm*f=s1}WO=%RKB>*7+r$A)E%$8DG!w9MbZLVo)LSD=u zbeKy|cnV=y?X3aPPLs=n70q>ZI6+snqVAl6C)GDEtDS@a)>u1?;aSt%REsMMLXhOl z$f?nvk*ZdN_&d{&Lr9e1=E9R&D+cCL;XHW&GfOA3g#~r`$lIG&w+9T7;1|DOWkAG^c8c66Y-r+dP z@^lri5^+-V)y~8WSU!d?;$Jnl&olMFlCQ7FxzJix#yc4Q2?`g~#u?aF%|q9~9_vEx z6U)tGSga0K;osV8!S?P6yttspF2%OB_Y&+aL`7&1E3V$&8fZ-e8C;hDzemw$_7W5>sJ(UAw)W~_Z#4F?9{gUN z+WP~vrhyFNqwqN`g$sJ@Ic!^d=fNJo4@Y}!XSMe(w5EX!hQr<)W{1kZxipN!aE+-i zRw2E;|3EWMDgGJq$6%tOLtNl7{`bI(jn|_*GskQIB4G{Qhg}e_!fz$ZKHAySL)D09 z$0hS(7y)7Z@)YV3$A0>S{!zb_rPwI_8=l;haWy_=dvCYR_UxQ% zhBG0Se{ucN5p5O{X&cI>3YE69s;#N4%WG1XpK{OGKO_7StqaOP><~ zKGE+l%lz-=pB8vUBl zSsq&0E?FL0=!Yy1E%ZZ{hZg!F%R>wOkmaF;e#r9BLO*1AXrUjnJhadcSst3}54b_s z>)R|3E%Zs2hZg#wGalN{@o=p6nFoy~_e?osPeLn~>@VEU1r>z1O`P{loLC|mX8<+s zMHvPqLOV=e0tk-x@)oZTvsvWMaM{pm-!1Z0--yMG1ud&Fd@qZ7k{Ir*i ze${DL%|Q8S%uhAfMb!>h%2bawdeUxX(>9HzRx!C;5_HW{dw()A!g@j~OKreCZ}%vB zaAe}%1S+u>>%3*<&&P|Z_jq9BfP4CZs>X6#rkY*TLlXu$uo?8}m&0~AC30T$W9+2H zYlOd>5&0Lq@;Y0<1Tfa}VHk|HcksDFlCj1M`83AbHAoD`+7x8eIb&@Z>k%UJ7+Ci9Fneu*M8V=bRv_~eYW`aiQpOrPhBDUJ7nHGfGR!Mujol*u@^j&qc+h7b zy!DlrW3juhyzrAc^w_yLl%F#nuLYzzF115xi!%~)$jL6os}3v7GF8a?b8Yjqo?SQ%?l;%&@WV~6&PwclfWc9XGoGwPYfSQBH)SQBHLz*v*S%2<=c znHg)hv1g_-)+Dhq)+BLe#u~r+p2k>{#L8Hc#F-gur?I_L8EcYQ8EcX_Gh>b4FdEFEjmXl|!@q3GDj5RTt##j@R%2*SV znHg)JV`oZbtc5018Ec_Q$5;zZW@M}-I3`mWYhp5uu_h*!u_h)nGuA$jlU5pIO-!aS z*2JVT*2H9H#@aRP0cngiN$nVG-^VQ8qffz===4K7W30W8%Z48P3!X+V9Qqb}WcL|s zl9gkuNmj!PUi4XIV5~`2BMNpvzX-F+#8_KJN2M{=BrC^QldQ%U3`186Yn6eqCRt4^ z;D`#d%EVZ!qXW|zYm${R*2MkYWUO6_%+eWaVon)rVy+X$+8^1E(->=#Tp4SUyc5P6 zxnJpwHA$|FHA&tHW9<&+p2k>{hq9(K*7&Pmp0V~UN|w%8yN7$XB4h0XOaQ5jwFgm5&seMFhBDUrVDNgz z+Oyoq$XMGEQ-x=&4M&Z(8^&6HRwkXXwimkTR${DOj1pvIto<5um1C?Oz&MVv_7Zk` z#u~5FJ!9=Q#!|)_r)AGrd!I)#GS>2Wka05hNdC6SB zFy-@zwPQ~7$Vd^gk_+7=V{H}AKgw9EM>}-QSmW*HmS(KgpiMI~)+F~W%2?wWG}?W} znnd43#@Y|jK{{cqO=24)8Ed~_VbU0Dl4tiBYZ84E8EaC+%#1ZDVv?~okYnyIk$>aI zWC!lZ;yT9K_n|X0)}#$L2V?C#%)(tW)+D=a$XFBiZ=A6vQ8pK2Z3-L2G1lUo935k= z4wGhP#+rC&GcwlrQx=&SYm(D8VXTRZH;u9OAZI#dtUU?ubw>Yi8?&DjYXGn<7*-LDmc_n|r}&3TQpZ>;VZZ5uu_k6VD`V|S zdQKT@RXiIhW9?%0-HeR2MQjUYti8ZuD`Ra4r_U|JSUZK2jWX7ja-vhl+6)#)8EZda zeUz~_j$RKpro=li)+V!ZT{G6|=#WkrYY*b~F3DK?Gp{D*$9NquGq><~rt^%oR~geY z)@HI$p0V~E(|N|)SXT0=*id|M_?_HB!Do8L+E-cRP8e(N^4Kx43CO)PzYt&T2%?R# z@vu^sU)YhcRzd%4QO4T2Y#Yy5dzW?hjJ1QrWMavJB>cO zMr!*}&%*9A*2?K!&sh5f^Ye_gH`s|hW9)D_CQQ#*lNr-9)-I>dUW;9ZOVG#Sg*&i+z8)Kb zi-xD-g?Y@+Gu9@t{XApsZl+rw`yxK4e<@!0XV#$;#@fHw>)whL;PQEWyin+GTa&SN z2#ei;vBs~eMf>N)2saaaTK^EACI#)E$ASig13D_n0w8(;B93Q1%(qQ}u++*~-Gb+|2{Uc-g6!wbs8P@0U!TlrsK+}qj4tn+4 z6T9%~yOT(e6N$_%2#$_4FjNUQFAo zw?9TsS=?=c1IEqX*enRKVBGApLuBV6Ow~764EGz0!uRLSupk2pBfWANopB0{Da>92 zT_J=pwgV#eLPROTAeRY>_nAedMKM&yopWj==pQMA@5Yw|dkqPJZ1nAPUI8$$_eFvQ zeB<}|BEgY-V;9N^+JN4Jkied`(Fns40h15{CIc5}#s<6nF-LUpOT2!@X=)%f9oJg7 zay#Lv#jqM3L}C&A_6}e30ut8V>jf-uBqtI(znyy!W4mUorE@r38v{8~4XjeopxeMe z2nKEcgAPyZlbBLcQ39UYGEzXY^tGBA{qksAZCe|`VJ%gyAZfJMwzdUr^~>99nvZX) z1RCWy#tZpz0!`{bWD45?u>gLlRN9IsUXhkoHo0`FFpZ9>T`6>{pbd1iYNDcATASOO ztD75x2~YvBn!(#Jd* zr<(9Lb6l8H9f2(h>G8-GxLJ8TZM7tS)h};4hBnB96YPp1`c&7~Rv$x%*V1+=hexw? zgjYGbT$s>N!^rhP-%z#-@)t5thkm%-f!Bl}7=mxIXtg#n-u}DLYSnIVG`Ld?x;?ve z+cIE14Uz7criPGq<+)NiSIS)4VW#q&w@Nb*l~?DoYjR*olb0D}ZtSHHA~{f68i7Y5 zXEa#0yb)uQIdq&|F=7Gks;#R6uqkL-zO1qpsLGloKaEHw&eLVnFcx*@t|WUY8HYo& zx}l{W?7p_;4dCjL1=rAA+6KSa_AtS-dacDEmWK@v0Dq_H4e|pRn84<4B{q|7_F)3sh1Mrqy~} z0Ig+(3>M;0?5G2~e zVzak*J+!8Q49-cQ9^tYVH~q1@jpqIk#w)U=vz0uf5dtBpFd#^xi8pxo}D125+;esA}5!=?@W3Z>~Mn;s{ z`v6+g(8T9pFOtD8@3=IK!|)pHX}e*S(%Xx|80~4>j~Ii#n1Qp_J0)IGd1lVqAjHF} zlMnkMUWMOEmc7{7(?cgB9{ZC9mWg2$g!RjGG;SRG>1X;!{W3Mh-s!NXbwV`nv(glM zb6}70Xm2R~)gFDWV-hmB754VjLSb7a-;Mi&M^M>=v9l}A+HmyyFVnCKYEQTI-R{qF z*4X07K+YQd%)q&j9JQI;a6!hIxr9l%d1V|IO%+jLt|*o#m^cF%cfY=aTB5XN`W< z=%X=6G|urxpKkP3M*qa<`;30v=sy_!zR`TLNAv1q^l+ogjL!1a!gf3tbC~*Vwb4H^ z`lm)eWAvLw|I6qCJk6mt2N^xV=-rH-ZFH8e7Pd>4uNL|t%U28ikmaj|e#r9GLO*2r zYM~#pe6`RIS-x86hb&*s^#?qrrq^IuzFO#$EMG13gXODTiiI2PC)XH#9X0Od7;b>p zHIRF`AJ^*)51Tk-urba6?0?b3dBeo{JGEQ8V0yLBH9yr{B2mqCT-EqJYOlFYsQV`v z&2>cGzpK%E7>!%TPt0R`jB6CmC;T3P^4MN-8n>5$^4Pfk^p@Mtb+8YerhoqJw63Np zrwxZTiP^@bGyb4cZCgq6B(T`Zrk0mY-fc?huBFhWrS^5&v?+lbaXAQi`k- zTYj5c@?te*t^RL#57(A+A}>Nmmg0qrPU;v)fZFn|mA3*eeSz2Zu)O7e6K_dg8y@cl zs7>02yf$v-m>n)@}pM0VO6uMDH{A6fN#yyh*b z!+u6#$UhM;kr8j;l`BJ7D_GHR_ObI^`FCz8QXW`@eEPU_q*>{#$)_3vPG?#f3_|FO6i!8W;itfY#zR_vn0SF)17}22g z3chnR^a$F57`wypE4ax-vJ3CQ@GJPrkm>1aM%6%TTvuhh1paNX@&14V(ct@d?ewW@ z`%92}x7Of!kmgDCRjoD0SGD2?BHLOj%BM}MZeFHxQhRfAW80(^?X^v9RTCRml$B1K zSld`Psj*?nq@~r>=?CN~*GYIRsc|`e<18?vRen+0|9~`yO7eG_V?BH1$`i$WJ+VhG zyvF27u6j!%4 zx3#gMCmytaqO7F6w4`)g__(snW(oEu{4bPFP&v1$t~ogT(ETd+o^|N_d50giU*){H zhwZmu?|FyLDDAoTthqDF*wYbm!Z&$mdJX!70(&*P0pEG1I-Rvl8}>(NilbN`vkC>4pT{%ogG`1p`kz z+S1%s&6ZTn{cCUy#B(7hRi@`LZclgHYOey@HZU&3Ec{c;i3snV#pB6~y`igk@;MUX z*?dQ1TZ5MUKW4EFnyyjv(m{#j?3^dEf-pX(!{@JrNsEt#xL+iw2HTX|ZxS;XA zifz?A^e5y?Uol@^it-r!$4dfh?{sYQb9fDU>_Y6Y_7b>ysK7zm>*bEo-fH}78pvQd zHg2SFL66DjWV#dYqfzm8v#s%Nz&@MrLR{dk#XjcC3mC1(FQGLJWbkd+OHjC=$L_+m zwYMWKG)H3}?eUsZ?L7^xX&{3;V6T|M1wHlzwynMCFv31Wd%SK{dw+%2G?2kdu=fgu z3wrF&*tYgghrPwvM|%U^G5T4bsVIeJ_$4~*focTXl=6=kzH7XG=u}16)}ZlvLh$lc zLpkEvF~WEZ!y#02`)I`Dc+sH821D3-{0a47xmk}P_*cJ-OR?7qdn?o!-qjv|ZpdnQo6YVz7zsZ1acO^HVVgat8O^9{4S>bW^h-AQ>l8-SOyZvv? zb-0uYPnH?3r^FCH+te_S4T-QL{s+Q=3B2=pB5Ga}^V*o2zGWzcJGK3(Iqvwc&o0o8 z-qSL@-sf{ZkGQKB_QeQq#u4QC2B(>q?q{v_-hL#tYldPIXOhv=jF#scoXrEwemO6> z{fo^0#YXd%QOnR|^m3!WV)PkCUr6m7^$lpPJMTC3S&i#W{5z;!Tl~tzd59WgNrT#? z-&M2Ms%Di`i{D%sb~5|fS2T|J(8b~HrtaU<=-Ebp-snTAU75v)&dyOLPMwJ(?e2yg zyPD?3KBNAD^!sfc(Y^eB=`${`)IO#*Z#MCN4z24c_d3nw4>--P_-m)x@1Am+efBx0 z6L^2oX+1AQ+<3w6Ky_zjvpz3nd{_SIM$a+&Fryb6-AL_xE_Z$S)=XnVZBsjzY5W>Z zS>`pGva+eWm1C_Yk?4Ajrt}45gb95L-griz8k7ewu@OFH*c>*r2v5%+kcgiLp7Yt4~G)&&auG zN&nJ=2Ocbk5ATl^wbFwxKDe~z;Dg(T?YnqX;tRX}er`eUw+GyF(?{=o9EnyH-di=` ziK_nNDodYC%)RjCs(x_h+8~%$6uv(ieWZNAJ*yv$6sh>x0A;;zx-4@k9~Dv<&54h|2AG!QZy$zr)F(Vu(0Tv z0mbEu5T&SO_loG#PxcCJHZGZs!7-=kfW0R6Mzo@6uweCugAdtz=i5F)4kL=Lxpn-g z8Sw?p{AFMit|%TXyyEM7B@XYmU|uk1M0|%{`+j~Nxa|{rAACe&!M?$)lHF&Gj=)gy zq=n62xa7MPCl}8@FxRC;#*B0D$Al5W*WyV#^^J}!ym#b)Cr0*vd1Sv2 z-x+Yv!T8CEV8A_(eRS-{ksd#O@XBW|e*J4NfWF}jt54zO(5LY83-O|&qIhgpQ7~(C z9_lcsynOW;bNlXp3m?}-x=J}0`c{lLC!bAv&%K3>>& zV(%G!4s;R1Xz}PyeG7j4z?IKj{My$(Ja)i6rD54R_JiFjUx>~ks zcmvw~(a1bLVT_E&%|BuRYIoCs=9~p6_81g9rkEucv^_3Ijt9~$N{tPZ4!{npU_3wsi_*Hom0)#p9%U4IjU4zR1 zvts_lc=_t+tovQx9~Av~!o2#E2YryM6+J(C#4J|y{K$&Rc+UQVdyYgw@BdF?)M_}r zdBug;ykyKC6;~Xv^qd>NS}=a%+9MNddjx0Sc;3qu^G_*GpreJEU4K>hKK$l9xei*` zTz}!IW2P64+5Lbcs&GRwf5jCC#uqO;Wo6HxORqoN~$Pi!SQF_Ur-g zR*m>LvLbrUTc@s>aPFzms!{h=6+KZk^5v>TQFH&5f2b%rwRu2ZPB5eQx+q>A`~#bj z@57#a_QJH8@5sXvrR}@k8qK>qCy{8MaP_X2MDuKW=?j70n=4f6tQg>DK%>I%1 zliW8XlK1F_;f0L3J7V^WzsJ2}B6T-M*G-7zt=lksRCsLoWWLXe%)V#CaK<_FVMIT2 z_%|TeErU!9uZGN<&pgiDFEYH12M&o0KaKB)N6x%u!|-21&PH`74;X$mWkY26EqFik zqMW?zHw=H0^3urgS9s_Lk=fU7n6M9b?H7gd35Ae(Kd158KZ#5jg{^hZMkY*Vgg-}S zui7x7jq)JGEu3&DkM0wlP|f#!qwBu8A((I)bl#EC3E$v*Rdn5j8-ltgqO<46=Ec|; zWx;ew^(YK{dBS^$bmk?J?=K-|pAcoG8lw}QeQ)Id*9q|D86DI!M}+3N3DvBkXrt% zRdF5S%^R)dryZ<#iwp@HHmi6P;LyER#S4tJ?VfzF;uC@iyW&U0%d_mElMap~*Yf4a zFnMGhK(`8D-pEb_i)~b6b9;MaFY;V553xJc zc8@+d@;aiX*(2{{JkuUpb#Sr`aPt;qICSJ&1XtPp%4$Y_0?@tD9{D2~*Vt~~gOhs! zT>dE~Pi{-bH|@!thn!d7ix) z|LSbTchy_>mpi4S|G9f?=IAj^rKLYj{BB#@p_X$5?xV_v=Akd-Z}*3>hUW5>U82V> zSlB$Y19$FI*EM#xuNj+}htVj%sn~i$MkC(jtKFIUa=J7x|M!8UQspbV_FDe0 zmUKgN^%m4jHc<92;X+tSig`dbT|2c@~M8~|5XtjelVeQu`+_XUVh4Un73FfBJr4LJ;u0BBjYiQ2j5h>oZY0LiM@tkXK zFSnMJw3*Nglh=T9EMUr4zTCX|q66R?lqP&R`RmH9@*zz&NXr+83D@2RLY)wXE&G`EYg;38=C2g4>XSijmrrE|be8J;l5L+hG%xyrPCF=V zVY55=fGW%HkvgWq9^Q6E^A)|yruL|xT3S7|XYJII5#F&Y2Blrrytx))G0AO0tHjYd zU5g=YxZSll?k@nT)bbH5Bi^>UcuU-BXs+rcZRQsNTUY3tsZarpiYYu0v5g;*0* z_$!~kTe1La`uO>b{E{|r4D$OYgVIJNjD#*HyPkS; zM{2z7sKguH{e0ci;+?8r_g6vPs=J(wjOhN=JEC2S&w)2@KNZW77nYuW-LmZ&m+2MF z6_I#5ELC1^HZsvRIbyFnAlcc}z2}xk^lKIbKulTp(yqn9dK8KL?mZitU+LA9-&A&X zY5v(gUq*$?SHi9?`@^QK`%#DTI4qx^UxsDYmsWRQ@ef%W$Q+b_Jby`CzH(=L^Z)$P z&-L3#7LIPO1wp^wDvvYDIFzF+@>#G5-JWodmN_SPZK zW0c#G`pVYiifxpIl^U=g6ANR-13d;ywYn#&hA)lt3vFnXZZ*ZPLC^$i>K&@S(3=v+ z*5ZR|6p(*kx30yxcN(tZmF}M{^t50IUH0-Id{dw^|RfK)_%T zWJSMNV|9t|MDFF!Q1_W=XV|Fw)Xn?LEetTjr^W3}MG6kzke@#%yM9hqahq-JHs55G zS!&!6J-1(8YOjv@7}&43sx6h{94woYwX7to;*Lwptf4Ed{5#a8kGQ$>+^ev5gZQZ> zS#R#xTekU){2jkss1%%Fz^ME-{V%V9wa)J~U}oNg!DV+nHsDKay7GtWBl~twbo+Gb zoc2cDsU_{9{h;_ML-T6al^Psm)|O<0t$mb#dU6lFC z*8EXwP<(ffyz0%b)y_#z=FPu79`D?>c;WW^IT>)^?g{vOb+DAjwlL?B0~5B-JlJvU z#O)oojnBydYTTv+^(7fAwqO3<@*idHLtz+HP}iq0}_}ikN@-bpqrM*jKZhdk;Y-E-$!CEAb zgw5+=0^~;ZEz=4^AJ`8cHj3=9i)U|Zv-#frGn*TlF^*sqndxH6+7X}Pp8klQVsV?+ z9lYh0^*i>CigYcmozo7TynYV97>sJwm*nJ5EsLI9Thb0)zVmh2(7n8JR3xcCu%NyF z4!YLP_~_G`W<|?q7gtWoA6?hfrE=nIjAbiml#i)N*^a$AA3MdBwf4y!%YJ7;Ilq5p z{_z>P(+8yuyCDY!iSwnli~;ExQ!B*y3j`^wWbfZ29(3q zCiNO&lf1dMHMu4G5coou=FP{j!DNB3zc?DL~XUy_A28xKIx&$fO1W(oRM2D%Yem(iim?3-}#*lpu)djV*y(c$7QeD3jm`T0HK zcHY?a!`obuKd|PQUgNL*siC>QKV@wGGjwmY-{9JOm5d+vvd(XA`N^+#8U~Sgvf^EE z0)u(rwtb;-V+qEM)u``(9ybQT6vfA3+!#H*pF2 z=lQ72GB~8CurWeWWyfc56j@TeWAC$5tDRGFr*^&`cz=|LXBk75rDqf$2a9#A9&ub* zwJL_B)ch_>Xh8S0eHhPR-!9Ri(@<4*7;aX$#@Yl|NN!Yy$CFzXcj7*>8K#zfO5MIN zl6#bvMc>eozm+}Qf-?nM6}LuYwkmo;e0bZq-7h=J3f;XL<(qAd+aJP?z=`Awf4oqs zyk6J*=8!C}^rr#k@d%E#{x5s&rDr#-_)ZmOE*-nB>uJYca@lvYB17}`bx#vhlz+F- z>)*ah@wMyb-h8-s&el_Robct~y*=AJpO?0$;sw^2i(O-9n7DZ5tY%lP_aiC=|3xDU zciD%jPPkd>hIcM{;~k0$Ri$e1PRK|#8vo5=0^aO71#j)lRA;HVc;lr(Em9Y%>TC6#`bqt)4k%lDI!(9H?R2g_ zLKo>0U7@S=M18WZ*NgQ%`YRR_c;C4e9J)d#Rbj(E~0sR zuK60gwg_2(3JU??W|5bSIuil6o*M5O@FHB}odO$rABrZ|+)@;APC_*;m2jlc7N_N9Y;lq4%c34%_RI|Z)85Vho$nFs$}S!Hy7=j+ZFt25 zZ(_Y*siF?;TmFLrZLQ90=junF zDAH*OH(L1k6S~pCt{m@nB%tivV%M5c+{*=EDL40xB|Y?ojR`lcP-oy**WZU?1&;HU ztN-fgw;+;&HA-uDNhMZ^sQXPio~c!N!i^N_Os7<910LZNYRiE6P6urpu#J27Vat~t#i`+z!*6qNI%0jz2g?N3~=U&{sCKI$iO09XdNJsIO6ZDFq z*09wYr;pU5TOmq2xANiTJ+w|}eNR8P9h<>2W2;wN>R6PPqV0Rwf`yJfX$4%b#7(`pht5hP&dGcg z)hp6gn(In>ZebJD=+)1)PA-N*oBOU;`U#yXzEGs?gzG&=??l_wjD7CDBDWJBV~X7N zMbIf-RCHL&WtMu(QYSbwR@XX{RpLM%XQvkXlcFCwk%8MrMuSb;$@cgm}OnrBLR#`Z|A070Zb{Z*Jx{kJwdFr)HRmA zaYNDbQ1g`H1%NlY)~Urs?uElP+;^94-(frJ?8u$Ad$%3E-S#@$F_7ACkakQjwCsp= z2Br?%e%4vqD9s3D#79Q{;w(KwUvz+70cgiZJI|m$>NFq|g_i3h-KU(Rbc(@6eO&Y@ z=SZDuaGsCzo^smh4186+488%w=Wm{_tc2@2Y z8;jsiDK*+TN^FSj%9ly+41nb74&G^+E8TMMfzg+jdfP>vKq9D1sTT`xw^P; zHGWhDO=qbafK&a8FvGakN$NFczKl*A;d)DlY!u_-7V5%Ar-xoz1q+~aTy#J=d3xz! zle&1Ra@y#n)h4w9DH&QU)enQ^!TzfkblVc)eU~IcF5=M##v%q_Spo;poCH zfOX9#rE1D=s3~$IO@${q4Hyg2C=Vb9W|l^E(|CH%f^Ij#fiwnLJe*7udyM@77gKP1 zIIKO)(ZijkGsT%Q3gN36E!bL_sM3keOJWDfl$F2)Ae=`#dZ^Py<}TudPjJ~f0=J77 z7Bc4uM<3(Zrxin2nHDXqmIxG0tkHG~CIZ27O+;V<-gnh%9wxc`z{%CEPL^nsR(LMw z9L#4K{TyA0zlA*_y-M6t4(lio9m4A8;WD8ef)+t`U~kkei8Ds++KKdNIuMFE4Q@(Y^MN(-72Jqw!B%LWE3>D z%`9ljYE#hE>4=)9g8Z>fg@bFFimJypb-`$o#~zJGq$^c%wD&h894o?KMz#Nd z?PsJf_8ZE66pzSgc(toP+j@2^w}z!IX_T8+929 zYN`WZ6<#HbI%J4ChlA>^rHENDr2AnB((&^lAlLodjeyhmy$AP`Zs1Ufe`88;wPxW? zq7HS&jQ{wER{i9_*pD|9+UW+gsDYr4a9S0vi2jN3uV z+8Bec3Ko*|y8Xm%dcjN$x7E$Ldz-^+=Q{?!XczN&(B@nR(k!Pgw>)&m! z0+xlhV%i5v2DJzYCnNG_11rX>0wBga%A`jJ=|+{cLc4X&8X(fAo_m^d$2w$IiBfor zJIv-W>k#K0N2@dWl)t>BYn3(8nKw_>|F`APEDXhJUF*|9JPFFEj=CvS= zOSM%zMJ|q3mw}je0rEs^C{?*<&YPv8 zN0%a_19*-P*C=~F$kAaGW^V%M%^D6c9>*iYJL3|Hp<{S+q)F1~3*N=+fp*faM!)w~ zy$aY%qg!}uJ_j6E8EX+`%0rZD(JboR4N}zk6Y~rbkR@bLhRGoHk)oo`6C_b&NS06f zE3lCj-n~bl*tB)1ruSz`R_?LNd&pFBobuKas!5xSj_Ey2GhD1}oMZ`;$f^$<`%EbJOpyY ze>2Gf_L~rSEGTCvdR5A0`hLLeK2Jk8Nx59_MIu29r>xXcxkM^VoN~REfh0jiQ*M@o zCmk{6UVRwGvUqy^xwBQulX?Ua87dlwKDVy{kkuVx>32VG9tnr&+jhpow$l`1Ko!*B8G~S3P zQyyWBUjjDjyo#rHynrk%V-Fsg^7xI$|01i&^)A4iq0lnr-#FEP#(6MaR?0p-8407Y zlAl0T#>NpVWaCsx_%?2DEkhPx<1*_BB%tv*h%)67)|mfFG3qSF)6)X7w6^T(e*%yx z58)@O#bc1?VdgQ}`J1)v_olpL{T)Dp4xO^ak}r59uEZFg^0E+|#PzJ*E28R8W<2=? z8D#tzsB&;Zs8Y6B&l+KGTLX~Q2z%F}iIfqxBP?vEFD&O9^pcca7JnoQntW<4NM`=r zqLO~*FTEFF)`8!^)Qt_F%r^yiV!^GH77-=_g*vW^kT)i zUN}_cyoB1PoD%uomo_tUPEy(#kx)g>3QIfNmzFaXLR02MjzS*l(hzwlnfv@ms3wcT zxfchy>0~L5k;TY!$exrw?q30Pc#rPiS70+Ce*~;(`yDOa)8&HBRJWHKs%}5`88G_Z zRqp!D)P=+80GBdQ#89_4GMgfXnIa&v+MSUUS>uN4Jls7D1YhKcKqSARk#ej^g2)N( zrAd(!lOo5sPbEc;!!1a%15I+zX%Ts1Ao5<;d5TD)$mshmBBL}4D?TR5-^4T(9~TW( zd{XqqkjSWC@m2JaDIy6XXGOasv#IzQNs%+6CnZIm9t~Ce%xF6h{ED9yh#bqFI$I<` zRr^;cqQ}VrH z6u_d2y&sZAb&(<86xG#Z2QWn)>2c^XMRoHy9+;xKd+brBRy{mAl_{#kqn%aGYG6`I zz3Wf_R;wway`C5mjg!=h0sVn{j1Zh`nL@_$2u5A(uSo}U4CQEWvdUS)_89LS@Wq|% zElr9$RgC0|n-&%~JrI|(oa>d-yiv$RZ65G8CbK^n)@FS;`@_lXbJ#?WdRO|{pYaYP zvu_BOzA>D=DVe<&&A!Qd6`4AsbURiKdB&NX7&}ZZe_JFa5@U^Xr_EO>Zj1`5oYPtD zXe|3S%s%81Retr zTBQGKA&^r*$>+qHB-3U*Gk$KJA-O^eEi(nzNWMZSVaCZAhdQ<+_7dZPJS0e`sz^ra z+T)OPXRFlP+k!=<9Yp5TJG%jN+!-qMZeqQ(W8rwI_Yxad_Vags#1Szof3_m8IkolhM59~jRC?DfDS z>MSM5#>#2W2ApfH67(PNl-h0tU_>Ri51E2XCL!b{3ZbJMnvwS9mq;9jUnWv%U(WTkx?!Lw(-#8k9@+Um~_$} z(BC4Fk$4WSmG-pOczGf#@eB-@hK(N*IPzHyhD>>ILyVfO1p@njJiROdsX_)zFl;iU zM4k1-vM7U1wj1(pCW!?L35bsXx8+1e1p?#`M0Ny%A+v~&o_K)$2t*#O1{Wo0G-Cd! z69q!fXGQ^#G4yaVhMt7<;T%&BYSrFLTj(qUBC!>AO}hXW9LSt#gFcwHSlr%GIo;VJ zOC092k0<%N)d1r&&l;&*}F~lXE}VbKYUeg}NVdwCjnv zAdYtv&O$=mBGJ`%iwiJDBnIg}fZ!x9LroJW=*>uYD&s;#nevb!z%Sua60gJ~>Re0k zNC7EW6l?;JDUaV*(BxbLuJ%r1vi<~sEM^iXX_BD#J*Z~lWW5ck9K4RA5_9xE!0m8; z50{*)JLLd33$2ituW216=O&3u^ywhrbZQ);OnGo#4^62pJ)E{Sa{>D%YBCvlqRv!2 zz3)&~)L|hxf5%*zxKS?zjH^zT{s(BPLOBt0_ZY7@4%fN2T zxk0l|Dt+FJb5vrZz6!9HK6RQ(yr{ncAtUeXQ;~Q{^C0mio&6o;B{qvs|`IB&}tNw<1M6r+kC>J3R1|E6UPCMq^-F7%CxyYXUzui_3}*gjD4 zea(vdDt-`B@gsdTWcn(8+)Bky!YY2+O2yBTDsEt9z7WN7*0K%v>Om;AT@Q@g8Hu0u z45}a=^h?--QmvaoKpS3$C{rF>=ZD&GCrlwpG}lTnMV%Y)^m+qi)P8t;x)%uKT?j)1L0VU9)xeat8HU8f2yw>eA<0MIFRK*@!abAuHn6>us2&Bj_0a@$@!9RMers zoSq!oF0#sjZg&~rjKsy(DM*--R)pK)2J0FS&=!q|GR*_JW&Wn5OF)l0SK#S&6OaPY z40l^E05HvPPfIi0Yf&}R4EI^gtlAGx+-Y^dJZ(&TzjY(Arl0=FH!)}W!~?>WkCkP{DDv_eH0 zD$$q1He2ISd|u*@kdoMH%|IeQ(Ll;8k|;>$smZ4OPj_^Dr&=wZ{tI&5Ih5}P_p)}Hp^xk1)4o0CC@&K%`? z*_DZ1WF0O6VSEyo&=h+tvjFG9%ujfUyXjHi%NcV#QO{AvBr*~a=J{DH zmX&D3#J|O`If=tDaU}LhqFwr|hEuT`u)Cp{_DD<(61hmgN`{h`K8I{t*b0yUn@JQS z0XCE9mYB|FvTQbBY2t9&%9cdW#93J1B~m3(mbi<4(pD0^5;s#fljxoJ2Z#1Nn~mN# z@hW|zND}4g979U&HE5fvJQ+m#Ny9c+*>dz-CDPVAdH9iD^lY2=G>$B6ivNH%XA5@RJbG?Jad)Hs_>F+7sJj>?ah5^joQpTP#0V($WN zbtL-}di6A${b#kC{T@}GE~%&8?9m+RXV~=4_ucGlw$+&;r8JuTKh)(c`x{8<8O@H6 zcDB%-h-Ob`2@56lWHfsMCd9<~_C9bv70rH#nl;)ND5c(r=1rS>E{;dUPv4GaJFL-F z_8>UpPId+KzRSZQ;$x!cQroKmi_=~25=vaz-dQlF+|*RkCU?aP$x zAs{AJNy~qml6?a;GpRi(*%oQn+BrwyR6Qko4fR|jTJKHC=EZ#CE=m2IlD(Ch{ZUf? zPRVXho2|!}=umDd-o`=dNt;Xe74htUv4rRBT*$mKp8Y6O8>RGX;@Q8@ZqnsXOA?779vyXitEGcg3^+#J2sL zr0$Dnqv|TrEU5?L*)Oxa-EyC>KAzo?zWI?{5Ih#ozJ?`yEGPa?#k09yPkbVr&&IQ_ zWDomPIGf_x?WoyjHs_=lTkucE{=?M`q zOA<~(e007?AN3OAqKmw4&;j3R{U-}r;;|k%wKVT7US|kvw+1yYNZjiEk&=1)nph`U zRD%BvK5?J7nQAAhX_QC350LN@1IYHg_diI)6R%rHY!kMOL^j#pl|)wJ5c;zdEAE6L zJaIIomBof3k((Grwh6JhNaU#u8YYtuw8k@tqR#VpdL0F%UKuP_IAkjVhHb>Me1qjI z6_7qAsU0L6l0Y1kGV_5$)Atarg<&aC!hM2O!kekZE}- zuI0!Eaz=sPJ}WUJ)&#&TSx%3!KFYMqtQgzHG3|0jjP2s3&pQ)CZ;Yp7@x+~M@3Ugl zk;qUvcX1S%9XpRw3lfWB$G|C!)Fol5OT$tx3`t!U(Iie-0P9%FaRO-TQ{G&TT_P4k$ksDTix(wQ%z*q_MRpDOGQMePli-3BdV_%~Pr<9~T8 z`#FoYg9@xd{!JJIt@0T_*hhigs8HUbLVr;qe*(Iq&LFJM23s-SM9Lsgfd8i7hUhK@ z3-SFK>O#@!jD@TbD1^s@vwv4K zAkvh3HPZ+|&bI&#co33a2J=83+u|!!6v>vX;KE%OOZ)MQUIXQ~HM>Z9DAPQV)m=61 zdJfZ_Thh3!QG<3;-jSNU$X@kSY^vXX1Sdni>V=>gSs!s;{|zs2KIjBISe{f=`nU=dl&lIjk$_765Rb%HM|=-7 zoM#{{9{2?qjfX7~54#bBLE<5c#e=L>qos|PNE<%}s8`J{xAJwlng!(BPQFZZ zpPD~-L6UE})vRR~+Rh%;h@=?K?v8PY-v1_@pRb{Hr}Mu>-+!5@vuA?%4#(P`n4Ec@ z((iHhtc0wi<+p8j{0M>es`ZUS?*fP3N%?$ltb~L6OeCO_(trE3D+aL$BNinpgxuODw#S39CMCD+4IlF==lo^?-NmK=f*WIbd198;X{;49t@9Z=z|!p4KEu;Vh8KN?{)R#KrmvZP&irrt0lsVkkf%j};Y^S5T=ks_jLg(WAXSQ>4>2<} z;p9vW7?(eIcJYY!mU_eV+3yG@8HzlgQs*AJ9l1jb@9#RBqm0?sED zu+uMOr!QcKKc5}GV7Ag1&=>`C&z^_O>}tpH?p!a1p;ZBXc}M_t{4S%to)ML{2J7?g7189k<+G!ndE!lCOH#>{b;`Xy;W>)uezr3ga@LKv)`^=0;&4G zC~wPTgrekL!%<$v{8B7U{w?kE9R$?P1@g5j4E!f?YF7@^$74BCHvtVfr38crV<4=H zutgg{=+ywi=yM_Et_ZgV_Nt|gN8OgnUNqKfq>DO@TNSLQ>ehjC1w>TvEm?hq+<4sx z5l3|a8H`afcEaGH>Yf7Y9ZA*)g!M5H)EIikJpkSShi>cq3rv0J9leMUm-rjCVyeX* z+GAAwk{Nt=Al%{(b$IPv9aaj(&=~nqHp_m<77@RgInc_@He zea@3a%0i#>WJ%pGoJ)Mp%|7SpLgUpXWzLioZzfgc9e(M1e9pO29=IAsjo?7;^7ID|2itp*9@YkZ`LrR@Q84qV%DzZH zfXr|80yAQz_lQcHnfU{D((fg`6X^<>=6{k4=ePScYr^DCE*Pbs zbWS_0-1uIAOw6?axB@6dDV%9MOuD>Dxd@sJ795xGpqO4>&DV`NPn{;TF|r!-IZXFn znxm?3_n9sUGwGg`&o%RdKKZVI+%nODJaz}jc4Ke%Wg(AezOm4YlVL@bb&kTQqXzE= zlgw|Gp8+}w=85-)U5;YCQzPu+eNfL~_;$Uz4eBP>@-1UfWie=dz&HmPD`rhcD<3Wy zha;nDtvpGeiFEbRVBP>hqrl91EP?Qe!1>ECe|;}&)0QIY_!XfisFyT$7ZGEKx|wK&h5azBBmaq#e+(A` zCxCM)NP0?SDyXHsfop=`(k=kL0?>=pvZIhH#7?Jd1b}h^bpU1%m<*tS!07Sr^rAg5b_aMn#?t6m5 znzaWA@y0il%ZW6<(<89Gcw#lL61Y?PSvdXPVs@K;zpVlXWgUi^qUocQ;`PdfK*L6d zu0F+Q8f2K*^nTwa`KWauBd^=|Hl}fG3o!FT3Up}kcs1<%wn1aJYUlOHi&0Iz2+^jU z&yaRq41-iRf%tkchC3-YXvrPGhTXBgZlnhf!tBl- zt190Cgb`Q`DyI)&Y=0uccY9uBF0SLAjBp{x-y$BguML{(DbY+8I$z2{2OEJ5ELxO< zB`{=|-n>PM{sy^J9oHY{Bq`g4lITcEDJWMYDenoTCn=Q+p-l%34WqV_HWh0%p`8R8rF4?imE^2D z1=1@AKp7eEOWkfj{sokty!=~?gwe80vh1J$v9L*hgLL%{Fmh(-3@Ok&b+O{8lrO{5 zu%AKXb~0Hd438+a0j1sv{?Rc1D0e(ibdqB@n3thWa3ZBgyUV~KyON#(QU>z_C>7S4 z4n`w-jOkxoL;F35rBq%91~%dQ5F_3?)up#)9)={nb(%|WEkyFDTfvHMD9eS%0mB#6 zUSugS}a zkB}b5@92JI8rL6EDkCV0@=j06dsXD6=LPaix)akPZ=1+F0qJ4I$edmy&JxHg1q!0n zdr5gaMP6f4o=IQJ^i(Whv`OEMbOqmk^3zX|F6F&12M(w2<^anU?ZQ+B+gB&!jsdZOZ#v$}2;9*nJRwO6&6014Wm(G+ExyBA?fT zraY6L$owyX`HI&0xB2*TcvQUhorK0X2$fG0ols)8`NU6%Zz?lc&5pWKawOW5sXf>z<pQ1~2q!Sv*vJ01W=rGePbPB=STPlid9&E=W%5?@{Fb*=eZWiaXv|a9C!q<58xg|I z_Hk1}IF5kiJ12zWcbd3}xx(ODmcG^JgYrU+Qnwq5Y47SoG4s3w?2}>au>QdE$g|Z< zA@dGc%_ia(`v9`YM&iRxaF2i>bI%@NfSUqCoC;u|oZ;OaeHU<|0LvaZ#k*U~pvTH7 z-Yl@ne0Fzq++fJ%Dc%ua?HLftc#<~;80=U8@AVUtoz0FGaPu4oU4aUVTFP3#NJ?13>(k=&u0EBNt;qj0+-#)Z-ZHR)71v)6nl z$?_m`a97Wlp-%h?gC3Dw)tfi8c^R9@H&@i;Gr(cD@i<~-^0L`{eL@(x5K>b%pgQR} zg#cZ6jd=sLg*^FcjA`x+haQ#5TM9M#0}Ghd4o3nXvk1ecdym8IqF`EHV^tFeV|nO4 zCr25lkrXbg4)Zt%{+dhb^-=@`Bk&Nm{gEE0yWeGP+roN3Om2_zIJ5nVRZZrZhCR;X@bDYj zn=In*Q4SJ9QxiKusQrb^BHs|p2Ts7hN94(CIsfIC>?th#^Yu=FN=>aywb6o+wmLPH zzelgpL*2CGkJFc9;EJY$Z3OV1`Stl&@U!&z{iYFZOTdADQ^2oP#@pgQeYJ>5gP4T* zjeCko_{qqKwoIn`h4{&gY~A?~7M>Y_P)rTj?5nm!j%Z7C78Hy?ScHk}kSN$A$FCGb zVX99mA*}8Fib>*-cBYn+=+Ghr^9d+P@wqLkVXf@v5z8FrQ^XvHOZ8EHUJHLYl1GRJ zNon~#U=^ByRml@EXvDxWxHagVv^JLdK69k=A%?XGtRCylx^?zhC4sS1D56Uj{*Uvn zEt!Lojtm!`iOpG6`#)5Rox8PUx7y+Iutf_ddxVnhaaDP!?%9^vC!|i48k9y<&$eXj znF@z%gE6M8w~y(Ss>g!Rn^|fBG7IKdX24)iF5G5^HEpF93>egx;`<{>8JvxwJ3#GzW*k>FRqC)>lqa}UksLPh&-)+KLRhKW*%4)x=8uYVYCTbA ztf|p;)$K_h7b1&4jBhEqLfmTtN>LMAuylSynUqALM;O$J21TCUK5BB33tho*O-Z7p zD;Xq8L7zv^s+Q4k0Vm)oA1)&E5I~hQ9vF)K3}XTmGmhwtMQAcV@K8h0Y#U)mmAOW;`q zt;XUhpE-D*ixA3k9+Hb%qmVLhfvH+L>?)y7VRSPBo27OwfaHfvs3oK81U!jRz+0E( zEdW+l$f}mnO5sgfyBCs!1eNqk>>z#LtsMt&Qfn$wD$k%8JtU@>!icZB{8mlFTgQlH z(Q_F;24;FLV`jv^t8L}Elz^GxD<)gt8TcvL$=mao}b9 zhg#-pOf}<8M%~?xmuJFnw{6ZnjyJqoPLTom} zMu`7P%~4C1dTR->U=N)DKbNF)*9K~MYSnOqL3a7Dxc?W`E=Dn>2&fAq{69v3$w9L^ ziAuItF3LLs!BVAb8FO`}oorVx_5k5;uV;Ef^U>zgg=2I@?6$n8N!dD}}?u^z5SjUKab>?9F078(1@FoOk z!f1bnXg^+3)eJkJuMn540T!jBEq*_M6Lu?(RYy_6hxKz-S8S(#l5zY8w zgJ#5c0ElLMH$otvF#n|&bY=9QfOU+vAutEyHv~PN(f2-@F<%#ejT!An5ShJm*AhO2 z2M=m8qh1IU#F+00z}*>DAp|)HR|~0@5qFcw%&5RKnHlr`8<`n(M+h<#o+6~lj7~vd zag1jo1Z;#aMnF3<%83~^#=O&oU`F`}k^}vRF#qo*RAI#HSFVE)os1C3C49D!#xdf5 zr?6GyHUaqGZKw<5-3XAx=qn%1_*+3wV6@LiGgjDcKqW>!5GaIkPlIMu>!TTuHE2dt zd^F>81U;D%UmcLf-#_-Mxe6!dsTDRINixD7&3SHk%S@D@ge2o%b=J3_!l zxB>xejH(dG#&|eFz(#li0@xUxhd?&QylX`D8C{4VIVy735`I8PCo$sXAxz5XX$0Xy zyAkGvAV`cp3rKKH!XD00Kw{JtfkiUzF6i-$Dt$ELqY(my36Dg8!i;z`$lQ#_BLr-O zPeK42BVH1cjWNHc7^q3O9sz8O&K0nZ(G>{H!FZLRCotkwA<>NQMF`3x`~U)mQAQ61 zB$z^A9F3s9E}~R~AQ$0t5h#)I`3NvMqvbxDF>m+K#~Ja)j@*nlAOw;Kzk`5^F#0e= zBFxJ=kQnU`kqGmq4kSj0A_M{n_Yl%#M#mtqT*jjWJ)Y4*AI*3%0{&aMvz9<3f{5zm ztR;Lg0&2!+9fFt;@m&VZsL4k&e$k*A@z##qj6XsUp|C1p-oU}CjM5MS5@BAZfy8J? zK!WcP9xkM@jE+IT50EshCBT0&AR?-A*AkwK01=EX3P=z^c!iM0GP)c=L=djzBE}t;Bd*Kp=35PhiaZ zD6|2iYY+l+5#}40Z~{iR3RuU8*HV_+>9!HG-FHKL(f3%~Wm_!)y{L`^)P-IRj|JFI1mr%9o8 zjAkJ?YTmo}K`8&j`>z=Y@G4$=nN@QwZ@ca{*nn{*=DIa9?Tu+dWG2Sseu1m`3ItfC z9hNl32mph;q;SKFN-(NIu&^_q2d+iJSqF@KxVS%53Le`Zky+a(_xLMNw_6doE13y@ zoQps>$o-$_&ZXtxfJeS~e2=E<=$sdx=*RjNr>A$i0ZAc+g@#!4Ae3$PG+} zu+&Rzb}&hSOdg8h3nbW0xaUdCZA(bmVBh1*&I7fFaMw$0xRbJ(9E9M@CddsAenU9W zRklY}0ZVxTZF$wB=g*l;EN>4-Bh^RWZ}NcmqM^fSn4Gvd&ufc zzK-AvB*=|dSRh%rMe_v`{7hKtB_?~wLz(;@!52snGl|%du_psU((2^q#?F^b5Wi{* z?s|z0ce2sBWxE5xmraoSGqw@q#}PtR3pRMZZ0_&Y3wOQ5hC3-+c5oQlec2jdTt@tP z5@!Mq$>zq6s5E)?Y?1%=S#qS}*6n)9!Ba8$)F3%RP~#Z+vq@<{9s}GIA=ff8`@WL` z>TICSF;qr==H3DMU%;6yVe%v_*c$rP;m)uIf#Y)U8HV&I1k4SLxJwKjFbA7PUqG;D zB8_^!aPa%6FktI8FIDrW>Vz+8{TRD+HBn1HSgmt!GTE%J=z_7UjPy ze_FU}cO&{3!N$)FtR?WH;FCT@355v0<^)R+EP3U|lpgGFg{3@~+groZVjaGsT#f+i zFd8Ue9iu7)%(Ck6wZj3Ky>PNtX99IU0+u7|5f#dwb~2~_PY{3&s!vAllJT4556oRl zi0|2kY91^XLa1Nog>C_A9t1QX0L6&1Ft)rcYaoB|^LD^1jB5;YfO`wc?*uiD(dEdG zW=+1YygqX+QMVvuw4mpye6KWjEwL={R~Z7))MvSf9?xinfOU*6N3hjAy_UdD2G7XX z{*6F_s)BU>7a9B>@mj{S1#T>5JP!fm52K5HG~*i$ni0ie(Ut6Ltm|h8QH(OOj0(!( z;lxH^UXXMI-h>w*gcl+$xV~$705KK;#|VL#kC6OAveXAC#kZ0FEo{jq3yu_gKMhV4 zIQ9jf;5fl&2~HEjEWuHN&k~#@gjslYa0P{c4fwE5JE#6xi3aQJL9cdIX^Y; z)~+R%%>QA~V@4iJBr{gz`WcCB$++a#qb1*gHU}6<+c5b8g0C{cZ3tAE@jD11mC5}q zLbBxYpk!j35RA(6f|7~af)JNF!i{CDA%>EFD<)_Uo~MxGKUjcgEMFt|S`+*Ufo;JU z*}_`$1cs>pAS^g?@r4B^E)+Hrxp>s#z#NAshsfaY#m^9&y@Wl12QRY_d=`Q{W#I(M zco9O#tidsjaF^%ulxBf&*Gp`;lY{pyAU!1lY8kyJV3PVUlXCo#oDq3KW4L%lCZFNp z7$scE(foQOZ$SuGgD+1%C~QfG2~J}Cn(-iJlb?(6i^5&U=ye32D=0QNtMSo1s`(g! zMKb;z0ecHZe@FOL=HN8PNAoa8<5Yy18QTcR%qR`vSDAzJo}|lR8a2+ylb<7*>GxL{ zRUnxYpri?=0ChS7rT|8>5o}f8xR$`h1|L+ItOk{ApcYip^lyNR2RjJRUT)Mexfbm@6#v zB_?~QJaT6s_~jAIM__r34R^A<Z)Ic2FIpq3GP7_ou53^1|2(4=Q60$i|s{@aGf+MfEn)k=Xo&`AEL5E&D4U9bf zN<~vAktPGq^FiRN%D*GnRX;=r2YiTGAX({_j4zXHWBI?WdDa(dVb;ZxoHzvWKg0c) z?*Q?0vx($|2ZF&Ezy*2m=>XtRggk_y2*D>0Kt4htLSKa7!|VD^2t^3}0wiLzynM}} z3*v4FB?wI@C)h?HDW6~SQFaAFaB_DK;QJAH*!CAxjR#{qka`D!hem%#;B9pl0?%jg z>Y!XUPe9BA5FVEB)Pg4+yz_k#;R}SX5V*DHZ~gJd9Qq)PL^uxNQiRJ8xIKRaVJpHb z2>flH?+{9`zwL=|1~z(UAzXuSEyBlGtAC2{4}?7kMOa`LBOHe?8sT*Wo@5?|l~x`? zIl=&hF$m)j>JjE6@CNNcgjB3Z@S3ZtLa0XIoz*D_T=gtOSc0$=;d+D{5x7)29$^{6 z#RzX8yovA~!uJTgvMEL2Zz$9tj7B&S;ar3T2)82eKbSp>@EpS12=5{si$)rSz^j89 z2p1yoe{genT8FR=;dO*Rp@04vfqmkCYv-lDJ{Ah@Bi!lpe-i4i8-d@1 z@DjongjW!@A#hXqF2XK^j}Vd{*z(tY$&2dX!(CwDpS(#9KHT~R{>rQ4;8O)S@L%2) z2On-10>9<{Ao%dQH1O9$;giAVNWg*rE(qa!!~X(*a-a> zW^zuOHGB4qdVuI{^X5;VKI1gN=wX2I7p+Oh03iM8DjYYS{5X5)DtpP)GsGl${5Aeqht*COF{ViCYvV2?0(;YLAuci@N8 zb*uweoR|wETln!=yxoeQeZlWFlRdz|_goYd6=5h2R6ZN!shQU=q*02}F$b7P46hXa z4kv%*FUV`Pl0%t-LAe%kdZGa#mJpMt6^lu3n!=LOOqsS{GJXfnj!Lx`hO~2IslcBv z7}wXAa)LUc%C;A4ho@%sAvr@}J}rz9#G6_|$5?jQh9=lAX+5!eE48G}ePNBF zx^a{gv81>esPF>Ewm-3{i=*wei(+j=1**pX`%WA3XZBrI@xe zRSB#e_9?>B7QR7{4w**O0iEWEh-qvo)B26q+Tsg_y4d#!YUGGVSh2%=xuU~wN{Eu~ z+ejL!b=yA^Wluc7<6|0USu{rX+tDBmm%`FO&ZbR3J;P7uB-6j&QE!Wq0cH-h>`PH? zmrApbmO7M3t&AJ3HTPhQKc2+WbCM z247q33#(Cbos2Wxr8P|hxq=V#91}y=wfhUtZ>fXD`!^|{%#nVHKLW9UCDOvCu%{ZO zkG>l4a-0em^iZR;^Vu4#h&xdQ>bGOjqP;^t%-GF+-HekSh4k z%-D5{$t_b8CL~T3yA0*-FeNTc^S?=_s~G7o8X3=qWu%Jqa4S8vM8v*oxMco^rkqdK zFOd=F4MUL`$TkyVFyyg@#?6exC4Oz$I>As(_>ZR9-!+nA!qwIRyMM?E|!*j#z^^x3}GmQu3{=}2w?-5QOIfK za#Y;ljX5oU`M@f!jQUeJ6Jb4rr4Rd;Eo~l=`kLA;mew={hkegj;{qw(6>FPXo8`rQ zW*zZ2;|q64&26OEqIVkFhcU_Jr(7vGSgDzM@M-F87C@$E=4rZ`E#2T85!=pRU$!(} z$XZy-Y!&@r{wJkMz`Pt_o|2aO6%X4=c(80muBU@sTY?Dz1p$w|rbM$Q;zGa}!kE~Y z$>i>H)3pZimndN8M*xHv0j()=V0)_?X0KyJ{kPBbn7;k*u7Bx*7U(06NzR}1G zk82;BLF;xyab>Lgf4I9FFssJ?efWENq4b_4MAH;PFVm}{GEx+k^g@W4X=ZAMX=cn! zDMAP#6d{Btgph;~cgS5)=~fuT9pWyE+(HP?d9HO{v(E;<-*G(8aXkOy_%EjQ+28$L z*Sgl)>viw7uI2mN590S93q$g=*btZYL>!AgRg9CL_S(3f&&2Plw+%=lizp@aZUMe7;~~N^Dd2M^vChg@$pN%feN{t8_~Hd zmv??zSbg?Uy?x8H_tdf$H(eTSK7NeL4ttrn9`QWkzt>zEtwO*5&so)Z8i3D+Qxxyn zez+vs2;3ZfV-mj;YKT*8usXl?z}U#@JEDD1#M`1FBF4uk+b@Ye^80H>t7MpN)-yh# zil;36%Q{~c)gxYGK8p8l55@I}v*L2&&u7CWwVPp(C*t?xbuFHbHSs%3{GIAi$^X10 z`o>~e{LbD-UL3z~^TL|RH7(@FyPV{l{-5(}MdOU;fB2>;o=TPwFAeeTF#ZhVoUkQ{ zb1MJEe2tcpcmr7t%L^7D1hJxDp{-^$)${+N0uVG0J^9qN&TvmDH`{kr4_3rrCD_)u|iPrYo z(NVx>lcJ5p1M&N{!pz0c$$c@moN=u-#-%Ncvwb`7TgJC0MF*}+%T{Mb`fXBb0mR<7tXf+2Xr+#q`Y;7t zj^e|`XjuzOM7;J?$J&D`BZzHTbdE=A?TNN7*f-pM5oa*=3SZZcrvBTKXkYRF_WP>q z8blv0zV+gH|H6H>xYcY((y%!qRi0+zqJWN)3cDYXz=1L}>Vi}4m zEy+Yi&V`BGVouV;L{8?!?%j$C!lad4T-trFNyda_=jQV5Xcl6a$~ibLZ(L5vq|70F zGdcZX{w61eRmdsCZ!eWY;=K|)iBWUAfc4X-$Jt&sF1xUBuNhp1A4UrEGV}1uR(W=5 zd1g`exV+550yHOEQjA%f$jvU#&g2{{h(5OH6T_78^ZT2bnkY}tEMy~~c@s-8Qwz#7 z2b`Ihs1G6j>@j$0{IM4n7mZEjcsLjM8Ef&v0#G`sBnoqoFz&8%WPGW)2%Ztj0ewvCVKvl)$h7SfGMG=<%u|;{gsi;h80zVCwcgMn6mOUXaH**Ze zT9zLd!=(&Q>fLLBKuLKMQ7?>{ZpB=yT!9#Z@wXF{Utk zY+1aC#;4AW29|nNF#b8Wa?wOI+I*LA(Jsp?%*!dq5?NAOTwa`0T*!fv>seSiIRGD? zf;TZI@qefEXsbFd`@+0TJR*gwOqiA&Y>4*Wob&Ux)d}k!pG=)yQiA!(p^~e67<<+A z0ZGX<_L98PVkT;dixxNSZ!k}a@-8kYNfhV<=N2!_Z(2JH{_tEpE{v^8jmz@N;*CL6 zInIn|>%G@h;V1KGs}yZ=Sx&r1#8O%?rXYulEI%u3)JqfGnn(Me; zOzfD#@z}>;g)J_PK4z7MiQwm~Z56h3`B=WW`-`SMejRTgF^3?N#~KqeOA50wQXWG6eYu!bJS5}X%^qK#A1!2M ziGpYwQ^1MfCz4Z8l8*xyE`-sR5ldBKOldKXRrt9khvbOxsbrQ!yNYP*o*Ry1ura=H zud7eEt<+^5iD;%IaJ?Uxya<@u3RE*ZO(zCNgBrz5~mCvk$O^UbahT@yK($zbFi$J!9~UG z__4Laks{Z_c7@n^lxFj-v8nA&@08kZ%$V^-@mos4TVuE(4}fqxz=kz5x40-eI!e#MuW6aUm8Xsow-ba?) z+r-;x-_S(|Ytf3AT-WzntfS?w7z-Y@)g`z}8>X0*{tevZ-ERrScG=vYZkY!OtBlFqduY>2XA_4*6h`ZA^aTYraCv1|(&O=mIU8o_UfUHM17Hstts3zO zcjZ!kF%Cc~m-5WalSd3bY50KC2WMvDV5uB?@%X$o+BnB2A3PZCq|Y{Ndcp~JA2K3IiUJ2q7s%=};u6U^a)!9)#>C>7?lu1bA+y1LMv_lTdWS>uo;IRGi7s?+7>VHrvZ3a46?eIFxfa%z4N<%z=6P4~JzN zuI&D*&MgsVKKr~SgZbfhqQA=TfcKftK0D^nyds+MF8E`|IE}k&qB8ji7*>OE-WJ3= zD>$wU{FTa!(PtUVS%Satxx5XBVb{Y)!C@uo~h$2c86i=!+~^EM~u zXIY#M%OU3{JC;L-a%NhbZj1L>&dV03LpdM8e2e950zx_8T6`zWb%5n`t%iTlF`o|Q z41+^C!{JcQSc~Vwp+2) zY4|(S;&dpd+~Ra7=Q=n{FK_2zoK?BU;%wK6Wi$Q?%s%V09Bzs}-+K?n|52Q+!_v&- zEkIlrnZw(N*l}387y68|DJgc0)3_@oinH-6c8t@w>m!O^ZgHA-?64fRkj0MqbjY7; zaXREbYH^y|XV#g`IvxY#4|gbLf!s zvE{IVA9l>4L!I}P;<7G3i>=>uRww>*~ zvSXY+5`E^gu^(=KIj)(OLl0M+jRCRauyh~vIqZ=Lgu1c4pYDohF%cbm^pWT@|2jD2 zv*jJ$CC2fx*&TN5(VRx+v%MX5?9oHfXMP=Ck*|1NIFxgc#o59R_k%2l&E&9SIW%9g z9Nv1zj&VBdm)S~8*q^dF7~F;t-d- ztKm?8HWd@L!)zypT~sE_Wq{*&6AtUwS~%40-*700joI>8koj!EmL1EXL;mkD-)Ec$ z24Oz4c^P($(_wzHX&H8m(_z_Tb2IE1r^EjAB8$_!tB=!u1sv)*1wH{W*5e-*Uk-=u z`35-Dlef>ND*p$V9mh-KPMxTH-onU^aXPHyyoHe+<8+vxC%~aTyqz)RpKI|^aQM8~ zunaqvLx<&@&AzZ>oNkLg>&<3Z*fCBYgMKtUoU!N_XPdWS9Z!QfX=(UlqqppsLx*LL zw^y=boMxP5o(_j;VFN5---2(5k`~@&Z5luVWP+`Ym=~VQY!{$-gF;0hJ+42cH z#_3e_ncoB>4fBKzoUs0kceXfhGY#8hwqwGM<bWur6N(vpnXr6%*Dc z4S)0CFy8qVf8F9MU@o^Do=uUkV>$HE=rdj&6$s_C`H&Fr0EhC^;iHs)Hq4IY(A*EQ zKE;+_V)=JjJ{|I(vV1nz!S$N;VC%H(SUw%%y!DnH<8;`5vb_zObqKfIGKa<{C@PaJ zXK*!P4%_Bn#~hk{#@VhWms^^RWw7IWbXaHS!C{`TMT=H=zZ(8l!t67DHC&|lu~^{4 z@*HmaWe&~bSPnBCX89cNBXB664au_pj4y`6`tmG%1Y#WaBg?9Y#T$<5R8W|oR9P2cJx9V1FXi5FvOV`xqaEBar|4(^?Uvu;NB@!zAf7O&Hv$Ro&P0~UqrR%ZzPHKqw$qpoXwwE+S}LZ`u4`& z{HuwHhN^ty&r=e;|Cf^yz4Jd#Lout!IouIX)v|j0X`pC&3h*mjdlstH(s=O7-#p_2 z@N570vHTJq-wu1EfL|rGkKfH6J-Re+!d`FlcUMoxSHDI4Hq>K(5#o2|p;SyqqCGCh z7{{Lp+s8MJw~t2~Ef$#jSZY)vUf?^ylCWIIfPXfKXQFzS_ROmt(+>iwGz1b+QKl&_>D|;v}6ZZ1T@p=gULKn(7 z2Z3O|w;APaL7(OEfHagh8TRs4;PqZBGG4R07=K>giXHKEusp2WmE}DIdwFZ{dKdme z7s{B6Krr9igz^?*%f#|vh4SWA$(zweQmwrAtCV*Sj+Xd^Q0VY>)O}SY@5VB;wbMFeC8zO=D&yUq zk&Tf+ro7jDUWD>^^2G9Z5EbgzvPyZo?#1?&3zWK0Uh^vDC2mMb6ym6z z;UkE;pPx%4Quo&j^jIGMx>w0N=*{?GE@Xzh6OqU5b?A;qUia_<{ZPN~g>ZPQ40%`t zE4z?4xXN@CVu9?5EKWyz{DtYrQvE^!_n^GC+@Pro<(*rlyagzac`T3fAe4vW^U7^F zi&*&~8iB#Ep$p})Z{ftmFR&d&Azcs;pBt;eeNNaXfQf0_@Ms7dFqFslyz_XC#CL!A zd)1>;^kk%Zv?uV_JdI6u)v?Fmbg|>UrdqTIiC#wkRL35G>jFFOJE}!{g!nc8t&S~v zN4?~}pjxzrS0H-7No9L&+*V@^OPsE^xxJ|tovwO*)5;ctc_5#HQ=GAQn=Zgkh_Ah? zzSofr>vIrVd&T;M$-EQ&Kj&8+o?F0VS3Nql@z<%z7f|)+bR`+8UO9K-SoLU4_xJgU zC%fv=n&z+hwM(+Y-51FhP<8z0UG?ZlDjBK1*P6wAE>+2{dh~UVziyX&0acIIm}ICr zmiQ}^FQZTUjw-Jouk!jIRbIba<@Kg2uYa!cnosc!9oLIPtGw=5JH+>PgsT}UuaDU40(g{`ytE=*`J9YI*A(rQqw9tC zit);^y{`%Xt7|J*aaq@Id_~*ezW4V7R^CeT*Tcqdb8zl6Q?%);MQcaS z^N3)s3n@JCKo{*Bj*g8(;zWuzi`+V=w2kAb7H>^!SiT#^6^&QpipHy)XuK*j8n4QX z#_Q$qn=o|Iu&V!`>a6mkVYNB^Q=NGrf-V(*DIKWz93z-T1hXo^=`{aA*9CuJ8hN}F z;yl&~&Y)GFzO;76{b^0tKr@&~Va3r!^GfFH6dedeak&=b%8BNioNDpbw2oh+>5`-A zlB4O8yD*>spo^wU^EsL>O-lyeOXq)ls^=_=&!&6eA9Qo@7e3#)w3g@jwCb>cJ`Vq&TZq3DEr*L}&66dxmdT~&Wwh$B zoW{8jyA}9L;fI5675-9sMNF)rd&gc+pAdT^oe{f&R+*b2*-EQ! z+s!-a?)V4YiTGo?x~b@A(fC}ZpwD?okHG$y=lD%{GKvnT&yj1$b+o*tDP9YGx=tJX zgO0P3<*=$K-T&FF7?i9sSn2z}uSXw;Pl+Zi z@DDmV%r}mMan4UV%oCQyVYx|+<_UZz+@Epe*OJ4y&QYB6mJW3*VI0G9xJzja%XvtL z>AF&J&Nn)gxs!1$SMxDV$KtO^Dgx+EmRVGRRrwjnr^9^av%OiLbo9H(JWn`Z zE2P44KEA{wSXg({h(`7-JrD1|o+JIe3|9(vtt8&p(*URUf*3 z{Nq@(%-~DV48%D4CNk$y@KZ8B)-~pz%=@zr7?wHFx-Xw+ab8Rra&9)iXs$4CH+QO* z9CnB~*F4kwl=(ID&*lShDjVu^w0W5MBJ))9Y?%)*e2z|w*Hb?1G0ZnUH9hzM%=qA; z=F#R$%~Q?ynjbc^{p?WYyJoia9^%|D1+&ffV7B`n%(mZy+5USl+kg+=X0CznlS8~E zjcKoo&%K?+Pc~Og^wXm`~{rZi;|Lc!+F97pfUa#`n(t`l(|;s zdRYtm7UnF+PK{6V4(0T-_+X1aF0*}ewrkEZxvggV=Arz9_e;jpWNx=lr!g)*cWa8w z3$CuCHN9+aJ=9^Pd6Ud~ZnHQa_Z{+EVw*?v!Y4lOJH**`dT^1(HMn^MYi)X3l!_ zZ;)r8f0N9MtNEHaOVGbfz62j7)>@iSjD{}=Q> zmOn>-v&@UG`I1bh__ye9mw7SvcQTK0cFDW|dyiZVpT!?CFOcSImctt& z_LX@)w4cn2v7_@N(O5;Z$>@ek$GJFuFQ**Kasbf z|EbK2ioXmw=x>vGQ8BkQ9M_NNe=qZ5&fW6w=>IB5H>y;N^Y=l&y37k``I_bMMwmKs zBlP(jGUL1en6K%s=r@)5TkkvT9KT_sJ$o!3h`8*HkAZH+c ztlSIz<78eu%-784jXZs1{;tta<^{>8$~>PKB=dsgGv!g}pDpvk%;g#}Q z^xu?ufh%9LOx~>Yj$DEMyD~50~)4bV=4Xx1)(61}=qT)t!bnYngqT=Rq8u~3{ zUJTq?=K1B3@*2cD$X(IzB=cfgzUFv&1J`kK2Kv2ZUc}4S%;8O2{p8co?=SO$-a#_Y zWrxVTpm(HvKKkd%ys(z9SthTc%8?7uA0zW(-3w)&6Bo(6Sa*Uv8U0BzFUq}K=6Um# zGB3)#P3AfD?J_T5ep=@F^fNM#wO*&w;_tfXI@o8j`%O8#(X0pd<*YxCLq^ibZ-X2< zK=hxHd9zi8%$uqX#J-UE zT~Ow6at1uiTqg5-r<*PQip-ms_+WER7t5jR5a{@fa>n_c4IREG9H=^ zA^xG_`H0gYzKd~`$(yGV_+vc_LAnlSKDwh7FOlnDn%MEVS=$%$!?g-h{=cn;&J1HW4+k$KbB1erH>&6RnB*o!pEpN4X1 z-mJ!MxpH^|*E`CYjyN6W8yduo#>Jbkj-^q~4CK&ZIXOu={9YngIkS*MhjPjlpN%+O zrw4%U7RE6x%hBfp!D-$|HM?#+t~tn|!}quA6`zYZ9hS*o6`zkd9p+VI?7vwiZ)iG@ zM*SBchpuxRfUdLR3+3?LJ0IW7VdtWMubhFLXJkIp`5hW%E<&6R>(rOZ;mu0lD`yFE z=eB?3B z8-+?_-ay2M3Uk=y7?!ScJb;c5|7CoIT&HIgPVfo9EQdGpj8@JnyhYd1?}L1VFLQYF z&V$NXgB-d}@37-cKABxA{+Qnyeg1{~Hng_eZJ8r?GtR$s87Yvf>=%3>lLj{qE0kje_|X z#+5~DTbB#(FBh0gWRB}%nd7=#=D4QQD1Qd}{0rsJqP3jNW{!NXdA`i@AD3DFVwvUh zdm9eRX<0#ITwK5S7sj=Q#(K|gJ^uEWxy~@3>jnQpKG%U17Km;${`Qx@Fz=9Y_!E5( z!yHZmf4`%#sY>v@lxFw`U9_AW8k>twihO|iAo`FvrzOpW0$n@&g?w&ygHJT~HxDwO zW6m~@F<)e!Y`)%nv-uwLgXYi7-CXU-f{{H4R=HBMh%p=V_e+cDVYMyDn&-}Rg1@k&HpGh9d z{Lah5)K4l<0l zq4`jAXLHo(gZ81PS^O+>j=9);sd<|DKJ#Pd=ghB}*O~ddZK(g3=I_mTqD^H^Q*$db zpA#R-8EMWlmzu9M-)Ww2e%id;{GR!9^G-9*!9slwz;RP>4>QldLi}9wSaZ2~ikaW% zhGE;{d@7jF3=cltJlZ_be6#r>^D^@W^Jeqc=G2DC@#dL%E*9#u)cl6|1M_$0Kg>;V z@E6KyX>M;m-aNuQ+S~!hn4z5G&DWaw{b|VA59c+(2bf!$+nbL!_cxC)k2V*ZC!6ze z!V|_j-h8$B7W3Wahs}%4|1h`30dy$8ySblvs5#U8o_ULTr+JSV&rGQtS5tG5`4aPW z=2_++&4(YDEc0x0x%q1IUFKEhJ>~;(&JpIx5#~y*hHRjLF z-{4I;GxA;dE-)!-nW;PxWrkB4thv{l)@k1=0 zYVmaQ@s^W8?;FpzzA)!o9$ucsxaQj!^My2W*iAHFX};b3sClt@mHA8a9&?K}$#L~G z4>cE=Z!|wsx%dc@%GG3cjIgQPST27k9kGJ@#=F{og zaUDjQ3(c3BrzU5D{_+=Kq$>K8=$0imRxnR&hCSD61ztNbk%-$84-exp@>wGPQRe@_n6*pybzA(qqHaynQ} z7t85Ss}AQ|ywvh9ww&uN=U&Ts#Bv_DoMq-WEdNc5SJ0}%CW~)1|75P6o}AwLv_9*D zEZ&M%nMcC>?09{CcZ>J5ct6H94^Oq6!Im@1;#sslqeAng=9_4hd5`%4T6KE}X5DxV z|MQmfhWRbae_Qz#$p6%GzBT_~`9CY4*Yopwicp_}%q?iurxnclG{f;+SIarcJizh? zDWCTRWLnNRbD8B|tbG2acfIA@X};I;A5cE;Wq8JNUNx_@{I`_PdkQ|boUhH_S^f{o z=e-8|c1q5l1I&lem?!L7z??t4uc0I3`g~6?_oI=+ZUD@D-V1OpSo~5+vaHZwkV7|q2 zW?TGzTID=xt}y>%ZgFffzqdKZe2MvTn4b&p<++Y=eJ;1snpbyP{uAamXieAqmj55~ zcFX_K{0q$S@?MpC-IL>LZf;4dJ{@Vzhu*Ztdy3@@rB&yVmXmEcg_eV7Dp!_sspVX2 zIn!y4cLvNl^PZRamh&jBdM>f}3l?8t@psJc(<=W{^A|A3#rtS}w*1;XkgsVx$b1;B za@v^N!YqgP@?=dla(JK4vzGI^ zc{QzZy+f;RA6w36wCeUH%<=Mi-LEbGN6X*mIOHD`?{|3pZy2_X`2j{;bKc6h=E?W8#{0A7|EBzR zk-yLJ$^1sN@(-jn4-bJ^KJP_pZTTH6zpLf#rvejGp=z>p*5~+EIz~Hw_AL! z#TS{MwVdS^e}h(iD$JW;)`$0eeZjcuvy)bRez16=S2A9cR(?Z^r(74RGw90(Q;)^W)EUhwE z(TBvtZnB)O%->qhF8a_o{}0Ql(K}gYGjk7fFPL@aJ#MEnu6mwl&awQl%IE!VC5&sl zmsYtS6R-r%DEEd%(D1wTFc>l^INpmwfE@*5>fY^#eb)p#PNgrB=e7; z70Hm^NZ$J%xoVc47=L=FY~+RFU;G_Y~v!7v&USsS~6bS+|1nEe2kfG zP=qpj)A)XfT_5uRGuxL4Ic$?6c%+%_NQ8KiIl8AtU( zNB6|xxSHK8#^rm=_nV(KKWkoQUT$7xUSr;1e&76W^XKNT%-@)QH2-2w!S7^YT56i> znH!m#nVXyWyr@u4bU&cxPX~*4HXm<3!F;m$RP&kUbIjT1JaeJB#5~c=XIF(fPcu(9 z-)6qke4qJ2^JC^G%`ckS?n)T%8|Kw!w#gE5Hkvn?qkAVcpSN3lr}-!IujXnvUJK># zV{UA2YChE5(%i<}*4)M1-OM&*!g%|ePd5)UpJP7X9NpKcX)m()c=IIl6!TQ`bn^`J z9P?arbbqME`?$r~K5Uq-=ghB|*-mW8S!aI7{DJvnb9A4n#=F(xyUe@If0)_UO&ITf z=KAJ?&4-x}Hy>qAH+M1jG-sGkF`s5;8#|$HXPKk>UNyaJ7dPZwVCL_{A%2PZa`QFj z>&-LFv&?hMbIp&KA2&Z^e%}0w`8D%8^E>7b%paS-FmE&OG_&oXFdx`nP;d=1+q?;k%g6}ZjZGOP~ka?jwx*u6}TW0a)=9T8R%p1)W=FR3U=I9=0jq6*B|78BvTn)cf zhiTl$T;JT-e31E2^Wo;B%<1MX=APyZ^C{-&K5I?OFpHmMKHogre1W;hJl;IXe5Lss z^K|nJ^KA1R^8)ii^E2k>&HpgJZhqUm!Th256Z4nmugpK1e=+kIJbdmo&GpQU%+1Wr z&27wW&7IBBedziedt1DZd9a!7a)-K|Z9dOjU>;|V?qS!sCR%)od8+wFGuzY(<1%zT8I z?aYUAI-0whdznu(pK2a#KF55%Icn2D^Qyq&7n#SK+0JaJ+Z6LO^K|oV=BRB1jq84k z&oe(|e#ZQw`4#h<=5^+G%^#S*FmE$Q?JcNoyDa{jncqW%X|HE)WNv0|Zf09~Vc53j z&gNsy8Rov`A?D%csLcn}KhxqDnv2a7%xu3e)Q!&|2)@BQ(|o)60rNxVh2}-(7tAl4 z-!QK>^VtWXKJS@7F@I*>X5L}`+5DTi27U|+<<~MdFz;_Z#N5JsjJbokoB25NiRON0 zwpkqNbB3Ai9)@_fIp17pj@sqW@-W%rSDUXh-)6qke7|{~`6=@=<`>Pcm{*$LGH)=y zZ;sjqQT?}Ae7kw4`6u(Q=IXe{CCs;d&GpTV%?FzgGaqg~%G}Z1)!fsZVeW4pXdY%h z%bag6G?$wvnx~kjnr}4UV&?NZ!u+}09JRHg`TwxRpENHvzhHjZyu!T7yxzRg%(gT` zeg19!*8IKs7xVAtnz-&KlvCT>$b5jgxjEGwwF#s7(8=OG%)QKfrb!s@F!MR)^UZwj zNyslSPc%<9Uv0k5e24jN^8@CG%uCEm&HpgJZhp)Bw)qqDXXb6@9p*h|HW(SEy_UJI zxw$#j+{WD2+{N78e2V!rGoK?9>Tsqx&s<E{GRy}^JnI$JtDkj_k+a~xV|UUr-r$%xuLm*xs^F;zeweGviNc4-sVAOwh0^R zFv^@|&NmmDFE#U;r%=uf=9|s;nIAMiVSd{Dg860h8uNPdN9KQ<|6^u5x1pZDn146d z#`RDkr=Ix$^Fih|=Cn%kPw&E3sC z&8L}9H=koZ-#o^Afq9boGV?U^baT`enYNR&E&ho4aq~aTZ<;?ae{9}j-fG@$-eazQ zU~-=CYi?>j*xb?_wV$SG>1y#F=Kkh^=CjP_nlCgLn%omu) zn1#5Icg73 z)3U?jKbn6rryQJ|pEb=*%?F#)%tx5pn>(4Kb_i9UUKa0X9$+3~9&XMx=bJAxUum9c zzTNzg`BC%J=4Z_-%&W{5=1u0W&EJ}TG5>C^k8AV8^4!>bsJW%Nqq(a&YMW8>xv#~C zn@5^+%u$<-8n)QtW#+5Q*P7>;=bB$K|HJ&Q`2+JV^KSFL&6D$|j=8D%U~`)J2y<6+ z5A*5fVdgRB3(S+vQ_T07A2h#ge$~9jyxv@4-emsT{H=LE+`|!;pQs&6eU1lN{801Z z=A+EVn@=#GY94Gp-#pqp&U}%1lKC?8bn^`JJ?5zWOikA#7JuCQqWKl`8|KyK3iBrO z*XD1{zniP!W{fb;8<`I)7fYF=tyW`5he!Tg!| zOY;xrpUt&eCg*Kk^C9LI=1%5r=6>b@=CjS`ne)ws=5q5y^L6GM&G(q^H$P^6()^tH zMe}O&TJuJ8g?X!ayLp#+xA_lq^|a(X=d-H9wz`?Qg}IgaXmfjWFY}4!f#xCRk>;qq zS*_z2TD;hNiTQH#wdNblcbTI$X;uCLi!U@UF)uZ*G{0qj&-|hJEAuzzpUuCS>$OVG z|3>C!=H}*O%pJ_V&3(*gm`9lN%mwC2=F7}c`@NcnGcEpr`62VO<`>MX&1=mcn?E&2 z?fq)JyDa{z`44mb*2($V*xb^5xVa;(?@5le`0?hGEoZpJN1Df)qqc=r=TgS;T?xA@ zEGKGbSUERZ{1$W6{;+cHwm2@IuPhTk6;|HI%E@3GzwGdpK;^xAI2^8Qn>UqlT(8Lv zMOL=O+6E5y(X?e8*M6}}$6vT_r3)O|qU_GN>eiES8LX^N4Kpqcu8iYSqe@5hRGnGR zaL;e5ne`0us`UwVi|T{xA=t4#A>N->-3FS6n1`E3nn#(l%(>%+1Wr&8gpX$DF8U%fGpnxvsgPxrw=% zIl6yb%W$g2TbtXM+nUqOUCiChJBzUKbsf##9sQRXajt~uXaXr5@EY@T9{?oZcz zm}c?m<{9Q$=DFti<^|@3=B4Ik=H=!U=Jn={<_hyB^H%eA^G@?FbE3K}SLRygy5@%F zCgxOgYjYcOTXT1FPjiO3uX%`hxOt>`lsVsAXf83Ao2Qtknx~nkn`fA3nP;2lnCF`3 zn-`gvn3tNDnU|Yam{*zCnAe*(nm3!bn75j@n|GRbnG-c^`7zfr*EKgYH#eu6qx-%|pz?%~|GLbH2II9NmMjx=ptD6!TQ`4D&4WZ1WuR0`o%iBJ&dS za`OuFD)Sn1g?W>Cvw4eot9iS5w|S2_VfTjDFh}?DYrZwHINP}n$NA08ZOm=W>E-lLmK}4~N-q4CCG4zH$%vRJk`iL_QH7E}smKr8T|dWY%G#oC;qdw}o$z zJHj(%mVc+*558AE1)e7lfFG4lgP)SmfS;9z!!OBa!LQ2a!fZo^^~{6U%46XTasm8- zTnztPo&d8w84f!U{#w2S{!X3@|0G`yr{HsE{uH>5%yUP!C&T#7@PYCy_)z&?xRpE? zK1!YkcaR^3yULHk$ICCnC(5tEr^qYdLGqh0+m>M+-i6PW--p?@4C5cedGePq+m>N` z2YiwIGkme!5X?~+Hr3u&z{i)CD1pWyzHaa^jH zcwNTN|A{x{BVg|Pn9~k^PwotFlDUk1CTGCh_c8w@_`fojy*+Y&xEfY6<_v~w$!EfB zTZZv0xQSc_A1q%9r^?sCt>x?CV`*&%ddc{yIMH8j37;;vhtH9_!r5{kc&yBNvJDxQ z$$FN_L*YsC2>1$lBz%p`_2OnZ3%*m%hwqiSoX?Z5f*+M2NU@=Nd+@+}_VYWHLVcA|9_eb<$@G0^!@E|!IW}7q2=>(rG zcY!lywxgCO_koM$EO?S!0$(9dfUl7+hi{bUz%%6s;oD`NXFpEY$3&r9Vtz?(g7~X) zb9l9U82m4}CH#Th3jS2)I`|*?Sa^qg9Q?g}0?hVgSO+e{zsvn#wj0w}`_=sFE$!YLO^5HPsis879gwK$Vg3pqBru7fjW?wjtE&w=^83J#kE&y(lCY#)a4`{1YLhv8-N zqwwo8&t2Fi4D)#|^0qt=eplx9^&|Ny_*405_&+k+^x7f60Dmv@T;vyd1I#vIIIa)i z{p4s{D}RFc!SbhYs?2Te5%Lc(+ks&@zrda4-{2l{0_$-f`2hG-xfwiE=608Dzp$J` z;Vij5JVx#a7s}n>GPwuLwqH1GPxuOXD141P0=`i`AD$^^!FS4e@V#;oJWswHepH?U zKP6uUKP$6+ua{(=L%b@_g;&ZC!fWOE@CKRNW3~gs`acf;TYeJeGdvi75&l|U27f2N z0{++A_D(4di#>17x0O93p=Rx0FAI`798Y!)N7K za*mVPei++Yhs!)>JxAtwMwZO;j4|@T@Hm;<_;R^D%ywWnE}myh zk@;+$YvtqM>2fdlR+;An)#dev`<@vAtFuYrS6#iXa1lPo|49k25t}DL= z^B9Nm6>u||&+a))ehY3buY-@4--X%U3x}~5edX=&sWRIkJ45~sW_vFz zry90B=gT!+1?BD2g1+EgJHJ)!Z_O`dri)TSIJ}Hb#ejBwqKZE1b--VKf|_P7@q)t zDPIBakf*}C7n=K=y7K+-{xaJqJ6K)>r^<`rBjjh{cJgwV zZM?9|Rq%20n=spWVVv!goh)yF2g=+p4VB-AN6H_-Y~zK)a(|U8vkf!0@xu7$aEbgS ze6hR@zFg*hY^wY%e1pvAJ+WOEmh(G&hs^H|*scrX)!_%_CNSH0VVv!pJtZFmKPPv9 zm&qOB*JSR~R>^!m)H<2%oNbhQ!EED&<#S)RS!VlZU(4L@{Z~E<-YuU8|1KB6HE@i{ za=5SCPiC8E4drsUsXPH@yDrSfuIIr0D*a|rheoM}W-;voS*++6AyhUdFWM9cw zz&qus@K5qI_;;CYlGUsmkC*!;w(-I`@HtkEhXyh4RmEsk{efdoL`r z7Pe=X%iKq?y%)xt!Z*lllWd0E9KJ(t0nd@yRvFuS;jo9p3*>Z|?Y%JG6<#8r1ivWv zgO|(w;g#}Wc%96B*Sj*?E!!lY34bn+g1?e8;qT;Z_$QhBx8LL*P1#8S)zVE_nm|p!^=ZK>i4RTK)unUj7t* zS>6f1F4w^Ja<#lK{IawGUtxe5Fq`9OGw+yeeyX1i!V%SXb0$Zg@8 zIQM1w9pF0hu`t_pVVwKV17+?r50$x}Y$a#GN6BO04ssdXP3C^Dr#uhtBR>K6mlwf< z<;5`Dcwrr$h0l?f!ddbg@ECb5TqtwjRVr_SC&}E8O_4u?+1?Aw-vUpUx52l`+u^(A zZ{WG|PWWN@SD0k$I@lCTgJ9rSpL;; zPx%_Sk9-5%UuGL-gXNj<~ zRelz}L4F>dAuosTkY9)A$p3`dt_#at13xCOgBQtsp51eD1-wk=KJzvCQ+SoU6<#NE z|5+ikjkHhXeX$+=Lf#K%yDqH5Veo(DRCu?X2LCP}4%cWH=N}30Cm#(rlH0+}?jWV2KQY2yci@S?~mz&kAH)F0B6;m~FYxYU2O|@Mz_p!go(QmgHj>Fc#HhUj=ADHdEFdp{3G}~8era1S*hsjOg)^bz$ zXqo%ubom&#o7@gQK~9JJ$(`WA@=5S;`DFN9`80U6JP6L0Plt=-p)lKoVVw)$OXP7d z+k|19?XF!bUj$E=%ivq(@i5zmVLsbqn=4-hKP*p$7s}Vei)HS&m&!N8ugJ6D)$$y8 zz07vn*j5b3wE*U`zUaj;+lry1=QGOBBmRy2BFuJUn8SVh9(g@n4L=4l{tjGA=5rhC z%kRTYBof+1x4E{_W4{wz(hQE;~!Mo%u;9q4PJ5<9DO)Q7U z1-0b+;QI1hm~GB5XFl9q=CMGU{0hwWXPC1b?jWy#yU82jp7MKeADPd!>@R-=50*cH zhs&SBY?p@RZ-KMq|G;dQhVkFwLOFqbNU6+cSx%JM4&3E3j~%AU_23)ihVTq|fA|jh zXn2m?7Jg7phZo2^j(AdLn{Z2H9#gz19|td&d%^#d*;X9ewBfXz1ivGn3|Gkg;ZNjK z;Vm+cN4}K@!#~Ss!!-_w%glu9%NM{+Ir(4kGMVkwy(WJSuaduj*U4L9wui&{^A-G|yaQ%?IE?Rv zzm(ag-FEp0_`mXQc(?o;%yx1(Y<28cYv2b}n#V+JCx@;BHw=yD7hcZ zc5*oEX>d1r5X^RR7-ySyedM9=0GY=@Lu4KYohh?TyDa%anC;}S93B&u$ZX&4V);_| za`{Sls?6h~8{})?88V*%dWX#8rhDa^;Q2C-l^&Dl!i!`cH$5jm3NMov!mr6s!K-8* zE4?kRhToIdz?dVp~0|{|NjImb2jDat?fsJO<8^ zOW-jw+r}%DdAw69-waQbXTq1uv*D>Sk9}^G**4y-^5Zbu^I_edz~6oHQ}BHGS@Tunyi8`hdaubmCR!y|!0TilA8nMsfIpOZOte{MyLw;Bzrfq&I@rhl zSLU-&cgs8u`dw}c*Ju{kvpKw<+!k&q^BJj4<<2nM2;y{gh12BY;dV0H*gIAp0QZsE z#@;~rOqlHgv7C|cxiX(ynk(};q!-GU!57JFV~_0uaabN7T`5n6*+vlK*TOU9>)|`) zyWx9f9yhUFAm%>^KPEo}vt1y@7r;y9SKwFVg};(Nhj+?f!avH};63tpZ~_;*vCQ2xx)ffJgAQMhCsJ?^JUeWz6Dg_q2OS1Y zr0_x=bgB4D;RP`2!mv2)tsFMWPmL2=Gp=FNX${NkUBdl+{msM8S>{3-zvr-e z<{4&Q?-Ftrn3tHBo7b2t%v;PmX?*X?ZV&!~Yo#RJ#GGp8^@}0DySXoo@0QpNF^@9m zo6F5p%+t-Y&Ad)4l)uQl%pBdvq&jT0_-1o-O|o*L`;2hD!j9JxhijV~nwy(>&2YHR zxr;f&JkUJSoNF#IPc~08&oa+7|J{8wD=cTd`S0$F`MdjH>f#!sFpbU3tQW{syVt|9orms z-7VhN?DtuWvUt9^+&slR-8|dOYnwuS{5}X?w-n;5%p1*{&3||QLJeF~63S_4{=54T z{&e4g=1FvafgIgOAV>EL$R$?(Wb-uhEc0CRLi18Huf+-VUvJ)I-fG@uPT*RHFl=43 zKc~;1&ByCtLVizkfAes2mYLT{hGG3Vdc000#Alf2m=~Crn3tQ^m@CX%%sb6{%(bvz z3U%PM9l@z)UY8i+fA>tfA(k`BoNwm!7NMLe=IQ3y=K1DD=4Iwp=8fjf=I!R)<{CI? z2=!@b=Cu(a&g&t9d7WNxhIycQq&e4IVxDZ~bqt}*S?0Osh32K^73THkP3Em;US|-- z<QDgJB6GKGp}n3abC+5oNMMaOCiqR zcY}FtQZTPa3g&OL!MyG$nAaKwuQ0DSZ!+^Y(U8B(oWMbUh}ShYGq*OUoB8`?7`DHe zzh8!UmYLV{g!n`=e}fEh{=OJI$INSTLVSstzYB)=8Z&?Y3-K-Ho#s7e{+<`|`MX_k zs=2MXyScBKzr%%LN15}@#l{D$Vg zdwx(C%kk#~4Yc@3bFR6>JlQ5 zH=MgZ#@cFYMyEZMdUT_Pucn^)d#$v&t>gHPYHK>7kR2&)T8w_D&d?)9t$8+nqi(f* zj>Meret5gO1t*++I!=N|p5DE|#IEh?4yw0&U%Y5nw|~E0^_SO3b0wjQ-?UQ)4GPpY|~+L@6|h)!k1wel?@sPE@z?tLuNh z=(m)D4z-_N{lEt^*Vf#2Wse3ss%31foFDx52qm0XEx*H=LyB8-FEc{)r(&Z zs@tw!-RiO9e^I-qS3OWMbL*A6FKYa1I%?PW)y*HA@o}}Zcj~339kV)nZH@lbYG0J! zdfSO-r|hUcD5Y04w^GJc>s7y9y+ImFt&3J=SDdl+#Ky0t`t;R)`h%IJ1m34HZ9Vuxa*G)@Ht6RN)wf?!7b*nmcntRR4XHx36?Vg7E){pbM zH^A8HhpGDex<~Uho~zNATdb`yv{)ZU&uW$9?t_J?;isu-A9Esm)g4)FP=ld|S6f~) zaalD~XK3Ten7Koy{XdL-33wD$*7m(s)zy`x(n&}Hp@|Zj0NF@F0+K+2A%-L@3I+nm zqU?eSfe0GL2oW@*qN2Ei1L88wxC|;P>ZlPF9S8Sia6?>X2A6T15gk+{|NEZm?lkK6 ze_uaO)j9WU_uO;$s_LqdYsRUDaXN2cWuSU%adT5xzop3SmNlTb(mgrQu+<9t*PGF( z@Oi2Fq=D}L7Uw~@9a5E6B|WDmMOjtFRo8%4Rdr}sjccQSp>r+x|8%ao>|9g3;aQ>y z3$~7(d|J11dvplVpL@=t`Ae2(Em*W<(YXuf&r{wY-Icy}YsZF^j@`2hU!Ohjc(bt?;nZZG)H?EJjKpR_T%DAd%amj96KHFr)^k6(2E8FyqAFCV(o*fZOgm9@O! zjiJ{Xdj^;T9yHp|Qkip+s$H*P1W?zb(p!Yo8nRyaPBXs6O!qM7(qO*WfdwLoJN~dQ&Na`@(fYPkY zwM5U*Lmx2qH0aEYNVPA~nYR-*>)JndW_|*6&z~iqXDEB2&U^#V{-fUWyUxsSDENk6 zu-n-4scyf$Qx%*`=7Y$lxZotpX9De3(3f(FMnNgyo;1V0xwBv*(cVVET*B2x?RA|6 zw-bF>6xIT@?=cEC0=ECr*t5Q~;6b3Z4;lr}ko1UQuj?Fl646^(arO{ZAv)=Z=FEz| zlzju1vI@ST%u@zRXzwyAOfsG}DpCRM=Zrn)byiFy=|9Z1q7>+!w~Y$g-Sd%A+tgVx zmxBK_D$XV8do++vRq+Y%_EV8jam9mV`+#<<*huR4M#b%fM+|#bXT>u>_n2nI8zkkM zwbMJtr2@6jfI@P`H$=yn3tl(cCz-XAI>+@T;dFCcDd3(tX8ZU~HI71iK4hWBZ3J3- z1<*d@<^pYBX0lLcnd8ny%3f}cTT9vV%=VGcldSKiW8-co`!aLfgM>Gld&)b+D4SjF--Xl<~cRkh7M*BaHMxB5Qd8M_VbrB$3=I%WS^gW*(74Dvoe#Tut7xdcq zvCi`N?;H*7JuG_lMsdxWN_(`i=gly!-Y9d24K6n-ZTr=u%9A6lcyI@adtN+Rz4vg7 zRkHWUR5P^q&`Prf)Roq0M(wk(@5xU!>fPN<8E$G_Kkb^u#k0zd-9;IdcKhQonW)q% zHTX8M`B0QRHLQ2%v3mC&EfI&OnmMkUmettd8WXZNV*QkB!q2;os$XHR4YO;18}+N+ zh}i#`U)P5n=yLp62Wqd3u~FtKv#P52eu>eg$HpjG%5%|CG_mSX(cU{+|C8%h+GsNu z!pBfy!lV|nKJ|*yk~xLVbBe3y3~HEDG+G4qEI+ztza7fyQIgYrXh}j;uj#0&&Pl5( z*|B$Cbx!(@l9XYC>&>#%UZIkOJwpq7R4>dZ_w?r-bKavjrE)lH0tQssG&^Xs`W66P_uM{73 zrPJ7j68s~((FB?@))ZyDV61c2H1X9C=#-H)$xLG}*CY*3CyU*IR;63r6hc8fu~1VG zrJx(#(oP#+a=TGo6dLegYUs@btU|(zj@&c$;8K>_{bqujI$=~+M?qFp9lA)CY&EK% zOZE&FROgaxe*z!c_n$wDVOOrMZw3i-Dj%b^jG-Y9vzNC^Y_$H zH2a62)Ts!`_JX`ZC^j_p#ERTa-`x~^y{Xs7O_`ylj1PSOv|mbq?S`U^cXJX#)rP7} ze6gn22L}qXsz$YWrWRcI!S15q>qWgjF3N=2+E0JNu!Nzl|Dez|HRS<4(Co;r#6dOeJ%T=1<_m>N;Cxo!tz`yG3^dULN}56sG=;ZC4-{oz zXp|I%kVRqCI4r|H%&uhrxay~B6oS)1rJdI=3wt#g?`5x+g}qwV@?5L-lAm0&WXT?k zk86HXbM_ua3DEh_Aj;gS_Lx%!T94I4`yQiI)Z-=FZh@m~&>N<%X$nf9$_#{R${R-e zR5hV(`I@F)B}Ki~?C&h8pHUwwc_n$E4@E%3#~L3YgO_u*cFvkTa=^piUxSEjFZj)> zTW+i$&t1)c4draR$P$IRwyCcdGz<^OyV|g}kFTmtuCBHcE+2_V?>~Hb>6p?vrh``N zrd2J-s-HUNBnJ_=wy5u%-witJ%ypBH*S0ySm2oG>542$v4H|5e5iRtwM@sIxIaL4g zu%QLkz=UWF!7sV%(I*U&Lw}8n1{@lp{kq!u*ezXC)T^X=9O71e@|x;Xs;kF)LH7b3 z?zR*!3eIspUej#}7<2a2KnRs~=>u7n32jx&XC@5vN896K11%CvME9II_aMl@nRck} z33IlodZW^5&Ng?9&BB%z?7a=LIzML)noq8?C;cb2X76Fd9znba4?(WF{L*cxmuZN# z6fy(D;I-zA67-9{sVHz$u)3&cnS&Z$SN(#!IBrLN77C6sBGlWOLI}^cqR?U^XBr|{ zUxJ$3kekJ@Sqk2v08_`K9`eRkx=ROy_p1nfsHkUkPHJS+11B+N)c%VPR{USv)2Bz+ z=*nCfS+w*Mn5o^5k@E=p#rv=o+Iu7i^R=u+_96Xq`4Hs!{xNTK>ay_?b@yAL&_I+X zyw6-er^HY>oI3zO|$D*VN-pFj||{=Uf(gL^)3d8@aPt8d#=f8YApiIK2p@53lP7| zb(@Yf>^+3FLcN*eJJv{6VVl=syfS-=qH`5=FqeAb!&lVlDd%IT+*0ojRI;x*NQg0#d(~dOk zH*@A!+IzdTPdTz??~xV`(9-^Uu5*^2nT65l{0DG-0{v&r_JYg%mh>~P-G6viZB|U6 z(dVMW3L1IloRYXRyqF>C=!F9|_G~L`D;ol>(CZ0a*}y?%Knjh0*7+Tm_ebZ>#h{as zGi0SxHvg>9thpVzLl(_vn;nE0h?^Llx*NWnAzp;1LyFU-iH=f%OQZVW%O+)v_o_#iFEYaMrAv zHg8!{n+SgxZ?A7vTBuX6P?*-rno+Am2m9!^d1Q1mp^nty?!AZ0+%c!1CFEt7G@y;Q z|L`L!v)+hhNc|o9CB38?3bkMT$iC;xX;^P?7s2IZ?Ps8^DeB`|CATdfRyNaeLvByJ zqo`YzT6tTq(E75ajaj{F#+EK<{_He&bY`V}#oqS!e}s|x=AU=1_P2#T=NI%>=@0q} z*2Ly%=4iB}J%9NTeXx4(VT=R_Mw!1MRKC!yx4dQ^?S80dgy1E=-2o^6CxyJO={73A z^GEI2LfIU7aQKg)2JRjJ!^Z{(Z%dSX%rqGHW1%wS2#{&2t+1b^p`+ti~OasLmXQ7z z0tr_RbkU!^5H%F_?DfHvYX^jiGP@SN?>EmW>fL~@UX-!B=(yL5j{mqQ>ohE*+9&*o z33}{Tm)^R|qeBcVh;-n|kC=+Nbi-7`k``rPQMBJ~@ipY+*Uv?LpqXLtaZOC7iw$oXFEdm%K5k`jrXj3)|;(Kg+`We(m;xTYlS+leZ(c zt&)og3~Y1uSk12_cf_NQg)qEr{uoB9bMiv3Bo8b1V!8K$cHH`vj(Jn_-tx=`_V~FA z*tWd@qJOwArvc()Cl?QE+i_MK9xUj-`zIHxlMHkWtT(>@fn(bW4mx|j`vK*R8G_g3 zsF*Pri=QV_M&cEyjgs-n)%y?s>49o%R_2@m*JWV5#b}Gh*EQajBqhU#oKYxiuj?GVHfDQYeAG&B0 zL5p0Exhq14DXcOIRCTt2=D{*-iQ18Drn>c5VGT{UO74Ab*od&q4UkcNun>Oc&Wn`F zD&6pl>$O?MhlZ88K3rw}zg)e+pH|xzbiCTQHE+S#w-)(oSN$;1zIN-@TY5Xo{v3Gc z_}oJ8QvcyWk&FGxr{Zz*Gz||TAFukV994jCjto|1xN}#fYE-=%rzWULYO0!{W~q5< zp<1k()%mJbU8LI86>5XJUfrU$s5{i})qQHGdQ?5Bo>4ETm(=U(uj+mEk@~y(LVc~i zRX?asW$8E_(5X5@AE!e)Ul-|meTtr~&(YUw%W#ZbqtqB{+-lry+;4nobQ?U(Go+TYm$e}#XI{}29M{-^!V`Lmq@XM!``Ionz0v^rayN1f-Kzc~Ax ze>iL7*2mo(w=M4XajEeI@#XQOs2@}}Fy!hEE((x$pOZ+6|Sc|L0{N@%Dg z+qe}kGCf;)B6*k9`AqFPb>|h{mAO{C@F_2(9k=d`kVEAa#fB$!hD z#nx}UU2uv$NUM9`V3Ibr`HZ3YxjXL5dp_6dnK#o;$Q9a>{2f;O18_L^_m*-0y_Vhq zBQP~WYh=>n(rWDahtW4WWWAJYwP?do&qfl4(ibZSrC(iC*G=nG#Fn=7YB;%-gqgN^ zhP9%O&13bJm-4hfRjXl1c4DqhPPK8NXGQfhR;kt?<>ltCE7m$m>uu$B#-6VH+U7kM zamK>EzAcuyEI-%kEYW#pB>INJyEJqX8r$+>v7elqr**(KQOMlr=iE^8F_Me>=>+7u3~4jTcAjGEK?v)nJ#}ZE-500R z^6ZQ}_?;}puo#K8hT3VU$=3W$Q>i~MAWTLLL`)BXd}x9+LI_}9x6Q9HWueg zfhXqKIzM+4-rTZFCyC1{eizi}Jfzk6RV_MeX9s+M&eHt6tE#W8+Zi-9LZ?gvhk4P~ z9>W~dGJSb=+hVBLhPLDL&MRcjt4)(`CfV`pifv<2J_snzMfadzr5NglLY%HIOh^?; zwHxgm!y>MzZnG1#;jVNHyRORWo@@9FE5$a>%r|VqS7rFL<(NLJGYO5s^miblaUDM9 z<+qk^(&~z8z0PVIsV{D8Q>`Q6)G1Fwq^<5rX;)V6BUZVzB`fzKt4Oas%BE}OK5X^X ziGuyf>Z#)ed%{Z6$%6gC^5s6J6&mdjvC3QtMaa^%7Z@Y({v02qQ<)Fb;T%) zURQ1SG1BDRR)f~9{rX6oDsL-F&1)Me)jnfr9jbeVHd4zq?(4?27M+xu*E$lK%8Wy1 zCi?G{I%}}bx~h6*9;(K$6706od4+kmBN8!9`%q{+7;08{MUo zy(X$Q?+W)u48o3fcWzpXasesv8T0d%VIsbUx(U`)MII(T+nB3fv6ibRIi?s3@;mbK zX4Yw63OdRHbQ~vdO>u&qh_KYTC+4lGzPK9QAAhF8aK^DNHCH;sqWlhN!>A-HM;l=D z&ee%<2n_8Cgf}}c!wGII%D2o#`Lu#zCeJ>u!!{qY(xulX+HT$zj#hQmSJdsa^z+uN zO(@)>7}Nc^Z02xOJ*~~B>T>I#{yfT}Oqf9vV9U?(HG?llfN zK@u)YpJAQFIVNUOlIie(Rv#94la@}uw7RY_w=uT>IqAA*5uos}gb5HYavOG2U7qcG zI(L@UlFJG|ukaSsIYd%%vbuTDAq>wanB6lBWt(FxJ=SVlC}Th}YE~zAQ5&RMF|cTz z6{S{c6LlTP#f(Q%8^-b1F!hs2SnBbfbKTP8qDp!4Y zJgQ`E-9GF5T48+C{r1F!h8F*elPcw{oT_& zL;HKj8rrPW4rup7^s9XeQ?oV>U`$2dG!SjX+R{EuaL3_5Pr0}_oW|^Qc_FOK>ZARR ziK)uKV%&7{5Cp?k(h5NNS&?VkhwcpSf2{}{j z*H&EK{#lpRy@Oi7xa4Y(^!|&BwG(&1F!Ssbo$SfXf!JCRgCs%~V9Qn*&R#_4Xf49j z--hW43#eQ;j$wCg2a}kK>vHi5Y(w>99ERqb+KUm~cj42jVoVbl^c`(GA8PY}q4r<6 zs`wpvlDVM}Mvh|QG52HE!ph*ld4+#Lk3-0zxPPso_u*g4k+BdpdalYl0Fp+>`LpfL z9%ehbZ6pF)eW2F%pD_$!(g#M_4ls=8RR^$oK~FYS?Wl5J8oEbY>-(q)lh9BOxX{wN zCKuFEcDy!$fsQ>T2N-lc>jUlkK-(W^^8;;s5I>gU_a80Y+Z2rJp2P#Wve2ct%excszTSON}~pE5V!CJ0AGh$mEB>D%D2C@rRdROKtPQX7F?ZF8AL7}{hdY^$ z{IGkG?`1~Pd~6O~057Vj;$I`x)oA(viAfd)WYwnE8&{fF!6EFEqCbqb?!s zQGV+JK)>}qQ}o1?e`F@!1=O;9FQS3O2^noC9%~8oVw9y8+yo2AGDO*LQNVBY2G`j_ z6UQSa<_CO=(|rR5GR^%r08iY6O9SR7(n^ zIy%d|L@xmnxRMTErfE+l%~`QPnO6wI3jD;XT(7BBpLE{rbCh|dUImp2Ug(KR=ucE} zjMr6>w5ihD&;-q^bumb33(ZgUJ|JFB2V-;kJT|8 z3oS1-Pcll-Rz1sgMobw-8!TM73}cL#GK>|Ku;prKOBwtsy*t(|=E(;Ct(^WE{lD8F zJMC37VBQqXrJEU(OPVmkxul!SWt|tP?$Ta2c#&e$m0VV<}W%qhd122y$s zJvh%KJFUh1#O#Hx=auarvAKR`#+2=I$+bT47?jK}OsSs$--u&=X)@}wRQe-nNPT7U z^E};OHHTQ&z-$kx_7kL0W-OjJM43Y^R$vdl@Xjo=81f#OG*fOd3O!z8{~u$T&K;6*5|;y2G(dXp2}-rlP!j%Ezr)4 zr-;(i`wbik$BYY}8fL^HgIk|*gT703GFCkG_$Q|bGVHm6&+ zLM5GlDKP(Pm4NNXgCFQ34LGH+V|o3rs}uSz_E+;uFNw|2@z+SL+h?D96xN?$H0b4aEQPeIBfS@|s!)MT2Bu@z<=52|mS z^EN{~GZ=wDiw6eHS z^itX9%wMA7#xNI4nSa9s6E}7xWK6!9FYc-xK>gOkI46IIlNWsocMX9ld~iz!!xV}@ z{BHmbGfIC3y(IoJ{T=XL!+@v7U#>@CWDhXH@mFgpT;Mi@IQ}{TnfRDdL5{``O z@xRk&L&Z&MUa>^QKca6yB3UK#3nnRYijDRxQ2iFaV&Z&`O#K#fOXk-|QsgAjjtx0q z((ZU#%YdfOM-|6Et+xa3bs1bqi{GvJ(GSn#=VLwI8|(4wu^xY@kHe%E_V{1A9tn8N z_p+zRDc0j|GW})X>}*Cpev7#!S5j6^zwr1Zih5dofu_IAfc>EPWshE0q7kRX|ET$D za?fLB#Kag^a9Ph@j1wdgj&X+Z3RJ=#ml!6Z0FR#pEk#bT9`irNe(Ob?v85u)+)_FC z^NSfNauRuxx>^hb`4tVvQ-2F++Tr-;jA6)12G02B4c3DS@Y^Nve-?%n$VMZNe^FdL zsqF>W_wigBmO@`a0Wm&x!SQt1WgrSaR% zS3Tt&=7^~B17?idJ7bj}iYWgFYqa=B%tYwG?GE#TsPb+z#_eZgm7j|!-^6e}Z;tVl zTP?n?+H-rA72|fB7320rR@m(|R9M37geH&H2(u#5W>R9Cs5#@EL+xTm(XFcUj zRtW;=<$S9Zx-@CIF5nP+G=B;h5tIIK!9Qm!nJJcFa*_WxQIlsyP0sh<9W{BTKc?Vk`}q#wu*q{GCi#81 z_$6WqCNJ>66gAlzHF>`OXw>9Ne@wwI^z+sFVUw#OCiy9u_%^YWiMH%Id^fGE@!}I@ zChBnk#)bHR!-1~HeH`7B91br%cH$JD?6A-Fn8&iFIBeEEuA`IP95#|36WB*n9mY+i zPhv|*bK;Q!vkE$IMziWAQ;3&Uro(a5%j!6XgOQij@eX^qmsM|voy5y3%VFd3vg+e7 zo*2^DLP8GTmCLMhoD(tKd!@>iA>Yd?&*3QRWtH!6=<>2Ea5x@#Sq*g9qr9vN9X2X2 zt0ISSR_Xi>Nqn($09j$R8b85Vg{-`G*B}8558RW4VFhIhX>`~~E)K6ruj0Cdqrn*} z{W#Xg6lW|*GL0?UHj^r$R5y;PzoSn$;D<%AyC>`9?^;#rI=N)LVh1@S2Rb8t=mRX37*A$B;nHetMl~ z@{Nz8xh*1)LJT(fZbyg3Pv_TF6UORCf%~nea25r=i`vVoE0?GdTsw0Am59|<;#w%X z|Cahfl-zIVgC$XNzhwa(Wqw4F?`SU#FWJy_Pz#8fp+zsLMY$H9Z{a}7FCDwKtic_X z&TlZfew_i0v`p94yQq2}1_w7?E()o@RP1xykbWHuE3g@XbBiV61o*yLw?cmjj+?Z2 z#W~8Iq4^Hwd>9 z4qFe+OC|igcBGitC`L>$YfrE%wqcoGV2Lq$^mCam=`Jj+cOt~o6*6#d)qLG{`pv{A z8&`wwx2~sEI=_on<;1^Oh*w#iW`F@GEqQW_UOE6k1cFPcw5@rC)@RBGJ~DA(cJ|4K{J9eieAHUeL=- zT&ByrL!Ud_#1+y;Re+yONNm^Bz_0=d7)TSZ)_l#b6HpkN6K~U3AmIjXb&>k$y-qTo+JWSH*l4by=hO7-Tj-Kim#hLpp4NOKZbT9rrzr1CDnT}0Rkj7P6e zyihtCE-HS-z^$@+Ld+ab_P_YJ$yoidasZ(?FY^;@3iBaljO zW6u3F-!R+jK2*IM=&uK4fW{VrTW+3zb1@zVDmCBrY6U(9zOdC%$rS)8a*{zO zJl^nau}&RMe(PkSe}{d)MZ@CY1wc~d^y?0Kno}W_W(8*G-vW`vO5k)&7X1DviWxXV zUy4+EPkPs+9|qp*2$;!%rFuVA^3W3l%Qd5;91!x4;d0Fvz`LL(q}~H|iNkc)4%VEP6Qid-PT? zko(mDDRScK=l_=b_0aKKn{ak=1Z5^zPT^k8Tfk&F6?j^+I2p6&pQ{49H5bwu^N2sA zxo}cF%Z$L|x)QhGyl_6DStgZq?)+sc@RVFGcarAJRe@*qU0@_dp zu(A#8kv5TOWGy;R1)kTn7zMM8;00_HFUVwwYxL>=1U2xYI7Syg&@IT*b8)|x6`#2H zq2{*2bMb)Ys!&|qrw>G3d{?vJVHe+zaq%NP8bV&%5JFxp^PlC`v&F~&DgNYhzh zj5XMT@ITe`lh73cCrjSx3n3hsYg~p*dX=MD;GURqKXa5Wz0ip1(kqOQz(9mv1xS&T ztiO+4-6Je-gOBkaXXipeX)vAd(+jLMz5(8A83vN%z{N%{Ji6=Uv@W(Tt~bVlft-c` zq{!*lbE*R0Z`I=L{6li0K~%$?#ws9QHQd!z4Zkz!npX|m4Jxa&`oQhRTfn>!|K2#2 zR4>GLheOP@Mc^KhN={;Dyw~7Pqd3q5b93N6gT7S+-eg<*qrqrYdGp%eU@AP%rQgN5 z=6-Q2ZE|3@QE@!dzhy-{D~46Tq_I856l9+j;ESaKFBtQY2nAM>^P(iO1Cu!(?-l+2 zUN+-kO0p?Z>C@=MOUA#Eb0&tMd~+k1-f&Q0ayH7C%TZ^b$)PFZ%(;tIpwMIs>oJj< zMJ9a~)j{UFQPmQYlR=Mzbhp&xB;lDEY;ySU%nXS!bAo3k%?+$Go!$s1Ha~&OIQ<$_yDxNRJ`!h9Q9I;!VkH}E&3y)VS)H#e)m7e+tOF`=U?1im)BCI5$viU4a9}z%cY!REm3~5ipPdc#mqb|-$B<%kDk`KZO9qjlQn4*Y@HPyIfhw`K z!^&!2awdAV$-6>3t>9J`{1lU6tndZv7@+Zzs`3SU)7eR4zQz~)!G~0%q-uS^`$rp6kOlF!lfOoSmSVYOWCi~CLcJMcJd7h*mwSxin_xUDU=eu_B zQ>M-qE5-gGzx5b6$Gi(x2Kj@3CU3Fu9`*+f=CD#ykNAV{F($t;ABN;Ee~_#3z-sdX zl;~A|*4(8lRA9Zd(>MLWzp^!4Y5o(7%LD%4T6UAGBsI&)S~`243S4b+;d#Ib@~yjp z4JKREf%qV*Ba-?wKA6UMdc1@2!369Y0@p~*e;FSfPS3p5*YUyEu*3^oYrY204#fwv zFqs8z6|WD+2aji5?vT{?@j-r}FYpIR{SY6tI1=nId7o1y1Rtd@kC+!VBQJh9d7U+tlRyP+U^EXeJb#wr0#Kp{8m=rfXOw)4mUWJ%Z`ua zcEnCMcp>ZWW4XVu%MFfUtUnRSKe@r#^yO2L>~MqcGxaxh`$w_pd8|+J8zA!nBzV8P4t@OZ` zCP(%IZg39U;6F`{?Vq|?i?C}9d}VSEd(aIYVh;Z@t5L8o-QahO(%0t8;C=0?xcMkN zTeXa&15_LzJ7N2jbf-7cvK31DVlTZXlJ23B*$yHbW77TB2RJ+2zxeS8HzvSThWLF;_PQL0wk8I7DK7A)%Pw_FD?*;oaC=WPYn$Y1V>Tw2jP_kf(2|+ zDv|fED+0kD^hGB!zt%wT9agxJ2&egd)U@Qlkc117@TSS~g!!OjR%5v4B@6{_1*BUo zPGGlk0@ACR6KD*Z_`%F*c>?2|zJ@(zO~UoSd-3bR$$_;Af2C#FqFpK~DsY<#%JzhA z{lzlXKTH^egcEquheVt^4GGuVPcpJ8a?&8CxHzFTd)HVYbaIfF>W$InJ!~u zc`-Rog6|}qd$tN3@AC4U8<@{Qptnow$${fp(OE99E2ah3vPJZ9`E{2JmA==9R9|-% z^UDsDx~HJoc=-*9&2MOIeq}NFmAkyK6wYs0IKKi$dblLg0y1n?xQE~`=4$rqN|*gQ z6O9dGBiyw}WT|vssti=Qufmh`)7VbOxeMS-FMe*_4V>(5qGwW}r%L`R@K+Y=4EJ>~ ztUw{h@n!CRk-(mt{VPRIPZN6{Cq(sO0KfGooSkWcdR6xl37qb*c?2pK6#fk)#sHIG zdqVq==$;+;oAg_6jrMm5R*&v%;s20I>oJOL|DXia8>H9=y+KOOxP>tVM%nu$Jqq@x zAmQ-(mEYpv5$cOEz!)?RV&-LF_3egO7=ySw$!^A`)hOZUp!z*df%WoWk@*1R`p;e7 zLIPvnf6+XmY&vSdXpA@3er`6e43BT zjpSd}m4CV9A8N;Nq?3v3p%BZ(Glj`SvRm*UK$7#aS1R3|_E|J88}n~Mt?PbEg@ok_ zpx*oebPAx{kIMWFTr&Smr3cV?RF5izy&TD=p=b_@fGX$3P^I(lg+g&NNQ00Z6rq<~ z2ucko_}DQ|^kNXb7)6Gsxk|w>!2{4O^v00 zS4^Yyuc{FrfcAMf%@Q0$+K)>4)k6Op%;SZLSU8bbRQ?xa@kmxAtY+!vakw}I92aQO zN>6+mgSp-cNwo=w-aK<)q=ju|3%eYyO0Usd*`yw3@?$>)F@#K}yS=vU$LMS^9la0F-`$8a@@;+Ypg&gfG3yytDldnXuAtF# z30i`37?~4I4jSxOifvYJHVY%+dXC{*gQ9uidXC|`kI4sFaJ(=R70hIDJd+HUjrb2l zSAK!P;*c>S8_3_oel0`sCZc$1ei9 zo+r0tVGK9`0YD5KScS;&@Rl^&QWY2j@Na4yv&r!o?fzyoQ{#`g;T~3ld746fk zk_8a!suFrGRT5AR3wvTd`k7t^8Fe=fy?I%2q)L`C0_pJAi@-8QU?h`|;-s5d@D^a+ zpxDfU-+`pWhelX8D_A$3pnC21eCqH%e-UT7lfjF_p)c79r;7gq(s1yKp8~?2;-H8? z$y;FxO2cVHx_y5j4BczcmCzNd5!ImmL(-Fs)sY4;d;zHJ4i22+0N|jtM#i2C*(rVl z0d|T3BG9M@Q;Nf%G@#+@z-G@l#bb+pxZ#_tEg3J^fv$s?uO6S|6tQrhKm)A21q`VG z33&BBB=rHbWp4t~o2OvTJ4t4x114t~-B5ET`^f>59NmDECt7owU&x$)^`x3}F?>LX zA=Z=0ru{J9?tv3x=^#Q^{1l=;f)GxWA(GC8^-yhv@Z7Om6Y*tHJ}nRvu@IQbV(%V zCNF1LAcJnzNe5mkOQkyLy-Phy;$5@I_xg@G!3WEhXc2udI(n zbG+TlQT)1Hv~oBo+^IP#$(x&(i7`=IUEfyEjiawJzwFPxKmj596LM{OQg-QO4#7pw+ z{^R&h671&Tg?Y{9)hDlaU?Dm{=@}N9O#e*_-c`r^(=jYw=@ zpod!jhNU5Fs-+}I`{Z*klIm)kBjD_IDuml6@vgQxz5~gggW>iHr5ABMp#BIO6Rvil zah9JQ=@q2aFy`%pDK>mP*jfP<$$LY*(jyU2Y#mPK#UK>V|+M_}-YqiPD2IhOT@cjG)HVb79Fw;Y|%oPL@=QNb-weh`jn&Sn_n?-5!=aLsHLB za(pr(95)2zP2(W5KsaBCjZ8E&cKuRt>DM_@4Sf9v{aP$3K7^vm*_esUq$C>i3fY)U zp(Gl@d1CW?k(?B^d1=_@DzU=NEp4ur)Jr0{0+O5&?+;5}Dpn4MCD%!c50|L&>%x-n zg(Wu#uM9leyhc(}MRI32ci#!%p+q-Jel20iTO@V6NWK-8EDB3*6CS@MPMfz&>U)vo ze+TIBX_Q3S@0PM>ry+&1-y@PWNU8EH~$pEqAL05zs%j`Q-F;^AkKjD z*hNYYkucnhVvSrE&Jh-j3s*BcEYDQ=W{|6aT*XlCW@twGIOe=UoenT()=TNlRrn*M z8b1pXk48lsMf78e^1(Q+0K>jPv<;$p<@5tH$9!?*TS$&=T7Y;j5KX5$($aRkG{^5# zx#c_o*0$1_b9@;vAzP~kFlB2sABY-xacqVMF*uIr-f2kgV4X*`XDmsrsXB6j*pCHbmNMGiY`QjZg21ST6U-0P^{L1^F z4GsYEBTbQ_Z;=2D0N*R{CNbTB^vEg*bBT;r&L~R++04fugfm|cg9VxEZx;*8pfPFY zAS_Iw#cLD#4qx$akS3#e36QISl#)}@j?|qVHglSiWYd z;gw<9%U!g}bHcRBn}P63OhX5d3O(73S7=`d-CIa+2J-UoNa*gCf{%hrInq|{k2^x#4#ESkVLT+IOYI3W8)&BJmkp!*Fc^JcWd^K_<#O!|J_&4k3vQHXh^ z?kj4!y%6s-EN0liBduDE=L+X~s$xbgw=aO9S_rCgez6F3pzaUzMhb7a@Gb$5^Xhx# zVOAe4yz9WDl`)dqNy+hF!}_<7nlO?>-DKf>C>#f~_!%R>kr8=@xZDZOpqF5L6LdY_ zPZyQrGGSU`?xib{9-a&rICM{f6_h7omExoliht9esVd9B+`$m5@ma{J12W@K2`lX> zAhDUq68SffLQUb1{`T#Vkd4%!2vLT+3CIa?yEkkO9fs2t`-Oz?9!#m_hruj{)W299 z-g(zINpa>vcVuF+Qm?}iPaI=jc@8MdH1WhpA@3IP^O#lnNN~B#$&Yd$6z(?Ro)*>} z9pyeQ+?UB6Uxt#-28Ye<8427ELZ1Nojih6~{EIZh#N#}vz4lNjmNB(t#bPXdB+Z9U zRQYGf3w5C$VqUUV{X%S>F5DyFviVz8;Pyuw)c+RC%fOugdL+Gp={qs5>i>xC$B`bH zm7>&V#{^{{C~U%~ZqoB-vd(Xla}0ZJv&O@H1Crf#q$_WL@gc|#ON($eeMUk|f^eK<^ElNc z8!!Db(~^ys{s?I=8!vr`e97i`$%fC2RK5-4vm~4Mfn~wmtY|g^C7WIl^Rn^M!;l_% z2*Ot!6AZ4FslFwuUMA}Eqv~GzVyb6A_;<1D9c(sB~!T|S4SFB92Gyo50q%w6zbU*Ruafb?Xj6i)-P2uLY8CCx~! zMyljOAlDLE2jmSP<+nilT$pZv>Bj3o1tRkee-X+>A5~2A>NMS$biI!L=kRY#;pn z7*gI4yiuyiAHonk0rHz6;SIspOLY2y;nl2{9)mbNk=&xR0#}2`N0y8`We~p~F z*LXwl-TufBJn}d!mMQV8qv~idF@>S6u#!+`Px`q6m>TutDRKB5q#I^I7NfGaf-hf) z6r!LOM>Jm)%{EA?@>Ve6n7TZ|d{da$3G+HIdw}`72y?$Mw+nLzm~7~8M3@JK`6n>P z;+Zo2nZ)T;$`1eDLL6sL_TC3^mE{qCiX~nhCUzSYBYAI_I3R{Nf>#|+6ap5} z?c67MyRv&wo4kNODJ;wlabqlzcS91#;37_x zXsd>=F}0zpVl!8R-a=GnqR12EqUa(2+rU3X47|&tha@JtQ7(&q6b`*UrceHuKhq%?j`XOnq0X{Qw}fG$$jLTBSc%(a0b*@>AOMlp+aHvvWVE8h?o_=_E%F8 z2jPu+p9pjHm5XtotRU$c~=;T8VX6E5>Tz_)gEDx8fDcSJKs)%EcovKc| zt{coifL8*%hxU1YHHH5}P*cWX1i@dAxmKL2rsbl?I3GSiK{-*)v+1|^tljiZ6vS#a zd3iqN0_exsE1*}?|AQ8dKSguPkTL_coYId{lA#Ek_7fTx&GOQNr!5lV&Ez%6-%4P`WUPM()tu1*hP@-pwT_L3*3E}q}wBTdsA9QeE6&n1rME0-#2I{xOOtf3B< zDqThJoRvqdy-+<&sgoS8F#bPMr3~ot4i^YNmy*DBg9~02O`n6jt$c@zf?pM#<&TOQ zXy(?*4i^AF6IIh+WT7TI994e7;~Vs>m;D@Ex_D~(4RIj<)6d~W$ZB#W3-=G1Q4NeQ zDLmm;g#+O5QH`0S;emOxC4of`NYVWQsR?GFSD>*6-sXnE*~nH22_q6rcw=@~W?)#t z@PyIKK1@djxDu9-K)MFqPE@Aj36)_l?N5R_<(>YDAPzStQYjbT2k9b6;D1R80B))_ z16^hkVJ4gx%>=?p-{@2(lfs#Vlga6NKu;P?@ku6pR!XIk=;f6bcF;$e^l&Mli&?UV z=elrubY+4^EV{D5by^tkp->_g>=G+O>+2PDT)3IA7!^G(Y+fRBeAuFdqqh_v>RDa+ z&{`j{7BvtmL{u0}79~r}^z}s}gGVq1N286KPhnwSmvDawvo@r#1G@O0shqI3aC5_= z;$B_?dT@Sh<|(?HU6pZTwZyrgOV&Ue8QA3olZ7!!T!kn)P7g|@`qYHeqy)u2H7J#W zgA&l-x}o=%3=UID6LcdOgQ?O0lqy*LQvp*7rEnv*D*!Z7hTH<9Q~5WYa?c)Xd00%Q zQZK_VTceTNAZdIRm#@*v$he08W~u~3k->$W$WZ^puCgCf@+#)$HE(7E?i8hocb;urAGfUryIO_8Plah@5Vwa zT>DIpi%B8_T<`PT#Xa5#nu2N{&pKcXCUj*=^;2UiMMB!(6&|}t57}6qLA6P-a#(sx z-6Frqv2Kq}t&o;9rHkkhc&$yH=26*>2lw>o)1rdt3m$2Dl!SS_F0%+71lCZi z@w!c{^aQ`A2IT0^Q=1s0=ESHuF>09Px_+M8B!ZK0;M?5~BaJb6i|a=r0GAaZhXWKvpy&Rws;E8?&%|T`yo4Ek%p{0pH+f4$HXlea4n&B+ z5ZM_KE`8?&1ug+YjS|fUU^)0<^6)RhHPoOj5jOEy{&*z(h`8Oit@{=xJadyNe>M)S zCKJ$dR1CQMF2kNz07aFe-C(9;Qc zQH~ijL_Gi@9B64LrAV?)2-gd~THwuLIw6ffW&%L;=Vd2t=2{R@R|JvlCjClw(lj=R zY_zUu&a))7J_<>Cdu&yoAUX{MQv_|qIr@tShH?`O6LcoQNF2W`cOMa$NKhf@=>!qk ziN`pdDgu)T$^@N35RpB$fPF=P`x zC4$Z*I3LF^3**U7Bw&YNri2RxUoCJ&m`+F|v6YyObS@5LN3c}TXx|utYLMMGV~o)`Uj zYLf`I;?QaaK_rV~YsZsqjLAZ>qVpV?B2BybQCzh08 zzMyQN@?%|dZ~~X$4nd>g<-wPg#Dy+Usw;C%;pM(`dE5h3!i z&>IN&NCiX)`0$>H5cy8%4Fr5*0wM&xafk>Ju3X_P0Uwnx)#?L+R7nEf5W#|mLIiwD z0(J8fyHWGB;5D_Aucyxj(@? zw-8Cig#oP^2{LhrYgs_%34I2^nGrgXr9y8Y;MF`tn&5mKqDln+z5>00fVV^;La+{p zxJKk^p*Ill&t?!IxEqI9A@Zcq8whys6Cwn!;t&xcuM2%D!9I_U;Q+`79-ZJ6Tt7pN ze=10$Bv9i-c)t-w3G#7>Q6j}cZy?}JM~D#A;1CfaqlMl;z&no+A((+fM2O55dIP}@ zL1z#=i~}Op79zY=2vvekkKVF{NN?T*Qd0l&ijDHkpz+PI3Ps8$L>UkclYLb ziPkMdnsA_Q36=?cMavc<=Sl)@5aG=_xIu7-M{nIihPIlt>R8aE~A>Lg$NE_zzPUCE&w)B2VNGLZ3?TsnF50 ziF_vX83Yyh3Q5fkv<7wi!5PM7#Y zWVz6%608)okziz6*d!6&GJ-0>M4_YTL>h%Ym0-F@Z`nd*wnry;UFc}JMBb4El!<(a z14aq{6`>Q!#N~aAlmrzxq+CQ!6#5K;YC)$G)Z!2kA}4hhlLU1*47Cc&74HYGnlCfd zOoH$X^`#*EQyumt1V7<`IlM;`F~}8jGYJL?+DI_UqY{KO!BWNh)d4i%zO~v|x)LFmi@+mn@tO-u&{_!J61+Ler~H18-%7}}WUM~dxL zP7`)(DLB?o9<7CtYivVq zqI)8gzs2LX67KZys6P2OdbAcoF2G~;DgT(qZzbgFo281Z!edHB(MLRX3*k$GHw%0V zcuc97d{5Y|t%O{z(`sbd{xi{i9=nC`E5Vxu9tIxc0Fy_B-P%gXMLn%Xe&qk?@mmPv zh2JdD+XqA&Ad}ra^;W`c506+9)7&P&d<$W3!J7qAHl_e=NM0fCGN!m?N-9a zJzSu-tB5+njRx5X7>8GcAKr?NB7817Q??S(VTrqoPlPlhk{e&7e5H`45`;G#pGMf~ zCJ?s@zky(k{-tY;~D(SXkv zd)#P#5t5}=-D5}1MD|6jEpCe*$6=r{BEQ#=-iHG&5gZUST7i*W615|nBwqc9{385# z@NM&btiwZFD92}t;~^KJF&&VNQM9g^>@K8e3Ao|P!@=ALhk3X_Z|@atgxrpK?DJyS zQA^XnUW)_$t84Fd443;YMrvs^Qma6@Nj76sBgNwb#C!{niPslwA;Omt$6SabpYI1p z@FFTcSjZGBQBs%T$(z8r%i|I}DClGYzI!odG~h$U^gPBgH-3CuHI__~%t-1hr0E3Q z4aRYkAW!;63)Uqyaov@VMnXzDA;~9Cj;LKj{NxKFYd&~#w4}1K0Y-D5k+{UgGH(FZ>ulI0)-i|ifRVca&2gkbB7VkmTEhJFqR|i09aBD0Y%flKZ zL^RI-`H;yci@jZPv~e-X*L1T4gztH{KyTw5^^l^^;5f!Z5?%}w&yD0q!W%f^QI_RO zp1Iw^G>waPYuMXJ)o`00Vg6#E=U)8?4!TGfzk0Z61l>_c%<|ym||fM?HGPD~fug=)llLiWdDFNO>0_q9k5_;B!0% zZe|dA*CL{W52g7YE|j2!Fh%g?0zJ{FC5rN;U@R=5XSFrPYIH#4^^7qhdcMH%z+<*T zy!KHl?A8{-YQdKa^hBeXQncI?Z6)-qw#HbEX1W6G>v6VlDO<@uW zhOyTBMQFGp6CphWvA1x<*ncoeirVJ|6;CQ^|Bqo(to;Zr#y+pI@b8galMsG`BPK6i zk@;BIt*wNfXlsmU)CXRQ>4t-r2))ZP(K_d48@@J|6-nrcw#JA?E%8s7Cx~eAmeGKX zVSEwb*zyg7Q zdvaW(=voAm&&x^Nq(2C_3kR;C5b$aeWV?owE`9^~?~ABhbUNgrkxY5LDIW(NA>?%? zIvBa$6f@F9E=_^m!YflFM6_8TuSmr#Y?wSn*sZOEyc+fYc)J%kt;YRt{P#4Srb(hG zgwcVb!;~l_r6TPpDMH&c%}mX-rmsqI49cHcTX0G1(4J>BG`&So)?@Pll-oUC{ zO%w6e4D_-!F~pZctDe~<6AtppT#JO)g>eUQ@ND3@`(V_@=utZ#gh9th4vs~SADo|5 zd3Z_YS-HjY!R}Yk*Gx=Vm$-}C8nPYi6Fmc&6rx9E$ieKu$~~Fyk(Y+hP!4!otjdbx zO}02n<<2?a0K8>`UJo{GojS&n3$+Nb@@na(;q#1YvD@(Z{%W!3@cGTZj3uYR2X{Li z$eBCG=hts=)lZZyoYJu+?kMs4!0&aX<3hhO=%f6ETy~?Ee;}i1+P=c;dl8jqsuJ7#5zvVTjL+u;cRx?D&^>cH`q9{GpiiWzN5dddEMO z@^8f%=uboMT?Wt`eJk|GqxX(~g>8ZUNc3Gih~aGXH=_^t-B85$(DPQ+7WBN&^gH_f zaLL~YeOL4+qUXJwv(fVgO(}ZbI+=x@w?H06&s!YtqUTMC9q4(xpgwwD>mPwW6MZN2 zXQMv{eLnip=x;zj8~uFr_n?0b{Tt}{N5Z$!AA`&2cIZz;-wpi`T=?>(-Ggz3cPRQ+ z=#N6*2mR^jXQAiMM)6N|ccI^m{yX&iQ``^eccK3c{UNxFIuyNMu04f=(lh8+pkImp z7@QflL(g9U?2UdX`U}t(qrVvaBj_JT|1A2Y=r^PP4n6;3^aJ`9IE!k9p6x{c13mw$ zGYvgY>uyGWC;Iv5A4dNudY-ebM$gl%ThOmY{|5T^(SL}(8_o;5qvy%dx#)S~Q;eQ3 zXk3Q=TJ$%ge**my^lzYNyO3X^--P}@=y#zXgG!gx|0eX`pyv($+UVIBT?TsAw!P4^ z9vp_Ab;#e)^VWB7^xVh1n+G>(grvd&ir%_0aPM z?qM<>Z`;0up4%yJ$yRpQ&U`y<0(&>G>mB1m(DQD?F!WjIJ>42f z$CrG+K>ro`ZRoe7{}X)*w(B(X{Bv&u^!!_IK6>wXb?e(b|3d2>uWEfi;Gbo^1D}#OiSuXK%Z1=vO zTn>Au`wRcF=v_InMlEl#2w1Y3KIoIISIa0+#$bsOkRh)?9#%#4n0eA#}*V7cgW8!%^jazif~y; z*G|VDpHn=>*`d6+xUj54MR{IPS$4a^ijJAbx63OW*`cstM2As1IeUK5xqa96ojPD@ zg=2H`{$EXPkI8%f3CvnnepyyoUg@~J()M@@3kSSWW6DahbMo5f^O!yYvlP|h9R=eTreV}el_TL-3F1f|Da|g*tr|h&8dU=$3X608Q8k30 zaj6=}tCnrWahWGnO@T7UKv{WdLD48U)R(owX-aCVl+;?Ni&9c2;wM{EYSu{ICk#_k zD{$(MC-l=&@$WePi|=ZNA;*YmCsuym52+@Fv^CRe!70IYX{5zwl(6ajoRX57NZU6g zNyopbX|=JaYv5P65ytjbJGDkyUBqiJ1Bv4&TvKP&VSY7JQg>7^4Zf{`385$^zsLt;?XDe=l6utyjvi+o z-)jCb2TnIN%qp)aD`)j?%xX+Ng@wfY)eG4(gBm*94U@B-64IoFrI!-cK&`a>k-oMS zEfy0KOsg`fS23yDp=6gZW4I>%y(CPwcKA0sVG({Cm(=7CsS*ASO99JF=HcTo58M*= zTv4@bQE-C3Fgc%LxgmRcj|E$`+&>|SZw*|QRVIRYt&L5M*{7v7#=mvK3aOd;N!U1$ zH@?DJU3jT2E-Xi+XUhL!aeZEgTk|Is-0+dXeRaY}OTt!_T8{WX*2-{*OZlfr5+`(?F;4;NT|6K?&8(<=EU;Qs1bZc1&tY>e2~mTox%|3URzCOoQ?GukNB@ zLqtlZ|9(72_&=ESn?nhZ3-)V_{>S(*JOBHO?p7b4rSO#-_pMm!SfwQQ*P3C*eWPP- zQa3~<%UqrlHqUlpiSzfUxm7SXP17%ob%K4%y+XfbLp>>}FUOrGHH`fHl(1f2iLn}C zH>({MvyM19#N&)SIVG(Bb-wFWFT#UULf!N6UwyB6-5vA#@~_g)of4{yt^R%W8M;1x zkKg-^i-U{xugZO8oYwE2wtBg>T)$5a^LS;bjIo%j=eu)qn8)k=`|9P|Iyo%qx$%3i zo_QGfDo*B(_)Xkcdlx-sA;gHG({-x1mWnFM1bZN%wrDoU_Qqu5q%6l1iRXkQb@0DCKr8MlHX=Pf_j(+enPCWN|qzi8;L$bMh&1i}S6FxlRaY8ZitfoUV=lEq@!~qtdTvTsv+*D@ zI~?>nlI8F!;n`#Lc!|Sh3^6VyhS8v3S0yc%Bj+cfgdiBN6e_+SYk0UF)WqnaOB0*nSa~}YKC#+n)3=XE>f06t1drF z;J3c}@`NwiS6lL1U666^e3#`;88@hKfq>O_2qH^sg@WD~=M2l41&H;PuOAkBZCuum z$5R1(Vlv-gxy0<7w`00+>0xJwPt*-Fj&C^5V{uKci|O!*L44vMmel8fk$93_CsaxI z*A07rnq3%hmOUx0TTQGvQ^VmlF5V6C@@GNZbL0GdJSoij{V^8nF+cg@A`U0CSQfnO zh)0WfvKFrbybj>$Ofak{&J~$~cw)I1jhSZ@$)V z;-=`Uo(n%7O?-ooi!v@gR>89-g|pc0aY^74FL8Fn9AmBczmr!yIk_q>$6YZmeBxw& zk9qmV9!tbI_7brgiW~lvaJ>}w?Kp?O#BJr8n#_u|J})(q1y~b0EQ&`n<`S1@TqkkM z-5mF{Tf_KOw%pGrhP`q@{ASP7%MT}pP3d7DlO-DgTD+J=SWk z#BY{)KAiuQa9U9-Y=Je?T8Bsz{97aK;NZB$@?XDXjgjQK^PP(kUq5u+P{q}>i(W>; zDnZTrOj%ePy!d4OySjd;2ICUDJKR7>{XCY@D-!%RU*&pXPH`Q@OZ?j>h6Vn093yW3 zv*Vm@^ISNmX=#Vz-x^_8svD}cPyj1uoYK#ighRn~vEuPFNY3%LOTs8O@A=KwahyB- zo484Y8xh!kv31~#JX$L(GhMFn1S-z8|I1Rv183Y~ zV*HI*KRz8x6Z4Jpu`-tPg+0Gn7Qb1g-^Bgq=}SVTvL=2L?lr3`{Y&-4?N*q7|Sv&cN_>JLp=!Az?K=; z3-3Ph027Z7amoDuIo){9txHC0nmS=={4c-djA47ic@gU$3^;qqEsS%@bEe8$AV`Zj zXIk7g+A}Sd1;4|csoGdFT&nL*2!luB4IkZt;x^&yoN3)W^2R+q9;#wau_jL8Jh9ZA z4h~l=E6>MQP6+$ji+*E?TR^-)^U{P+^RJ5EgrhPG9_J*;=aJ()9?QE{%e!YCs@Iu| zCWPbPr*VuuuQTtO5bEPi{yppSyUIf)^+kF(N0?t82Jvd@%k=Qoo#kP<`R2=6tQ)2i zcVw?jSgqCy`G*s7R7gjKNIcQ!5ieGRaU+QT#@!(1Qzul_&!>lp#Vlgh*G&jj+YVn2 ztn*^+Uem6E{$JMa^+N6LH-+M~;%Q@Yx;4VpOWbe$RFO02r+f6)im>o*suSiXZZ~ls z@pBli<5W3AkMYzn{dj}YBRv198sW{actnUNwPEG>wuo&WOvP4-B2zqe$1NHEVtaeF zgzE{r+tPi*5}aQW3i*F}XYa#(!>m4B5jOu%;v8QZHuXJfwRrm!xAL>Lbkk`S5bl`i?wpb9*fjAs|rruHp`rRth=my{4J_5uhbV!4(6h~ zG;T75#YLksu=>Mt;U-~g6WdGagpv@}rKy_{x0GtzXMT1`aUnLEL}|&GG8CEZo9E<} zmS+`|m5s%!Q^1xkzZ@ayvI5mmm<&MC({B=X0FwOUx59ZI>E z1%};6X7nF9WgW9vs022QqQuxDEns2ssH`}jtWy#>WATSfPT%G|Rs%Ns2-+fEQVwJ=_HZisYTX0?inU=9>b*`77OMeE4L^z?5=U1$`Zw#`LI%|lo%0i zU6ln4`wBMYs+F7UYrc(_jV&n0O5zXg<#D@2jS&`d?!}yt&6(9pm_k9$gs|QDmJ{~s z;(}b1e@x}(IVQV;W6HLnyM}BNmEo{0=H`Xf#SN1?ef%)8Fnd&4Jc3|jU}Y35(r_Fp z;bvc!SD2Smj_tCfw79%Dr?_zMrLMAQVg*>a4Dz#&>)0v5EcwetC^{A={_m8TRXR2- z1eTdKL)GI6w*uM!P&@J$+p|kb@`@_AX|K{_{gcJa!!oNplw>VDIt^OR#15uEXym4RY)!$WZ**$?5q6s-$o2aj4HE?=LJH& zSCLa(T*_JkRRa>oLpnC=f{_I|+}61^aX2YWR90!R;;1|i;L#qZ2;mumcrb`NdMqyw z+?A`wDmJMeune$oRb-7U&5rv@sHQ9H16E`Os2amo92QwPn;6BK9#uFdixq_JIGeRl z*w8o+$thReV`RF1o)PynE^kyL`IS{~IN)*{teB96qgioI0^233(YU;^V}}D83dYIt zs8w0}`s&0o=-cz0zF7m#=$*h8kyl#v7_apb^VqX)LuH0Dn#xsDUOKj{JS)2h^?g`R zGA|$n|q7)a(DK@<2Oou>k;~|@V@lfb zkb$#i6b&aam3votad~!O!WVIvF&=@D$~GFSO#O()FT!O@WezdY>A2%7BYva_7ZYV! zJoUtH3FDl?vb86vvh08v>iR5O95|=R&8tWh;D8c0H9G;Y12OXo=d?U?E-nk_1zEYp zMPVOEo_}*2F7|CZ7bgwl!rUhcVntRO&gG8nl&~<5>bPXURR=d1mXhhLhWAY&xkxJO z0lyggN4$0z6;^9mUU|qZ5Bp(G*uZTo3@4GuB`2r2B%F?NYp!}0%;Q$ScNr;B>R zVIyI)8^?;J@{BVadBP-3E$kxBIj?VU)fi_j zTqrOS_O=RMjbU8bE#yR?gkv*XR4?4?aOQ&Rn{com*t2)mfYVOn6**URs547(@E+x7 zW8r>7ZpZ=oC--2xF32t%RUFQRc&i~F(+SHfj1)2pt1K>zunoxufbARiGEifNI#1SO z<>d=66tLlx;RK*OT*zXj;8K^HGfuL?Mv1*(LdRn>j|*qIIlNd42X`#EF=KF*#ubJw zynxC4QiVrfU!j;Ko3J0#W$Uhb+a@a>JXm|9TzNVF;H-^`*SX2NLYzrIvV_|&x+!s9 z%JIxCPO@=^H6F*Ev1Qq#c&8*(dtr^)Qew3csxfZS;kp4;l5GvxP;ikLi(aj&##p|| zgllsg!m4NJCoWlul02M3@Y1u&=_v9=E}`r;39HRUW*6XY5)Sy-H*h4!N(lFrPY-q~@C~QNaij3M(Qk8bIoe&Z%33VHj8{QCg~z#iI0E<$s;bAq1a8!D!wnaa;W!hv z=VZ-g%fS~g%9FhBS9!u4&w8v@=9yE+1pn>ir^Gmy4VzGTrd_M?AXEA9vR|+#P zJe>)@?UWIp5l;*aPj_dXQ8cnRG31;+Sv^lZXF&fUgZpIlKVxv8K|TAQb8=?Ao~NF1 za!0(rz^+*wR1W=-vzF~|2f^Kff==H>C&qAvp0)odM+fdQY7 z=8&Q0==-8)$ML=M^v5B<^c)_Jp6Lgp$D0?ySs3zrj+>2sBzmTK4L!@k_-gch&@-Js z!oRm^9dBtkQ>jcyk8PF+J_+kCQmf z*YcQup~Pv==NgIAUe4QLe#QLf0c|XwR~SUcIPKH@NaD2T|BJ+FPme#9gpT>p+_qTG zvm{P?K7|seJ)bEsC&7HC!d}h?Bt7lvmr0!FKHD7qM-rz!{Z`oX{~q?`*#fU)c$_bS zdO1&p*|9vd=QBj&^pW_!Ir@pP=QBytUoY`lu;^@2JM8(SqH^Q+%!fZ)jIZKn*!La2e#ee!XkR95b&Vb4v~NpSN}N6r z-*evQNu1_*jI)_HcKl3x`lYa!ZJDI!>wD~&o@SlQbZjk+9pg0Tk@2mt&pVqz^YrnR zm6)F9>#$6JFznN1Yi6E46UKWCq0DT$j2)*%H^GqO43;?U@> z(szY3@O^Xid`*%a)6<@Rv7|47xveri+vf86(_g3LxHRXBW#y}t>=>t67c;XqX-2bQ*@u(U(bjwk3QFVjQ1sbal5h8zjv} zILG3>keQc(?FzTDcmeFkyW3zd51VrAgEaiiS4P=!K>rOx#`&r!JH~0>X4v8|JH}~W zM}LRC3~XnsH@bZ;E5w-o zZ-{fq^nAUv2ZsF2#-|R!2+iR|IDyH)kml>A?3kYB+oMeXKJ59ksVg?l&v+3Mc=_2{ z)6o{c9rpBWFWA@n6EHjGPjkrWE`^yNKQDv%HYnq7NPG?K`FsicbianZuKPvO^G9L5 z4%r_YFlIUA$=6`naauI<CPB39osWv$2i>{L&gusLh$@E;MRyS|GqFb@8AKjPwQ;hm%|8&^YvSvLo!_% z?0K?9Bc^AZtrxLl8ECI_*fJ42#%X?J8SV!>AHK%Rb4cdHS9jSlJv|je#(SawzTb_6 z8Dkp0-g}m%c^c-TVE!v%&wmxn&64r8FguP*AB7>~zrda+e_-`U#Q6CzR&MB+p5~D0 zkAyuv+com?v)v+gOh>amWV-VuPJ8-N*z@6Q$b2i9pRbfS+bhEVVY+N?$k)*W5`T^f z&~du7*Te5foc8#)5~uyx%I1aGF(0}EhAhu9n5dVNtpT;S_=T`9=V5Rgi(dh=V?H#G z9nI0tlQ`|^Uy(TN>Dk^6JLW^Tz>wwm6ZYwHp?SOo->kFrd`;VzC!50Iro}S!W)L0o zq&W%3*)9%NeQ>U%p=(*ZK;pD-SA6xG9rL7*$B^Y@D>$cM$o#*RG_>y{Y~mMHO-O^s zze2}+Xbw3po3dqknyuTg<9D>@a{}z!|7kF%&opep#*f`uurHtCa2~#AI<^kOdWQMe zLxx^A?gO)~U>deWmov{s4b=kzR}i z&gM|)^;n^|Afcz>IKl19CXC@d$o9C;7l-+-(!9d#_VyQ|_Te6HxDV96N}RWy{N82N zZ|u%mVvnf)VPual_0MxvzqEUM$vaQso_cs3?0-neyJ_uX*+<~sWK7M!gSD4GTG%Zr z`Lg;fhcWh?-w>`kvmV-WPW_ubXES{BznsTn&H~p{NBlCJlyi@f!u%HCkE`vODU!x9 ztK2@1yRJI z!}75P_5AW-onI~~REU+G=a++sn_sR+e%&x+eyp86zbjzPZ#q8jZGNZPI2eSk>8|AR zV=d?T-2-cW^YOV#&4thG?m(~QD@1-x5o7syg!KI0gf+iK{Eh+ZJdaoL+0Cz}BfnLs zKA9hnaGu`=jH~%Amb^HgfBe?Wb;<6p()}CXasK|NbSTaq)9s6xcV70L2)OxO-`&aW zfF}b!9|u;OkDd7JcXv6S=fR&RbTd8}`SGXmxLmm1cz(xJ%MWibRW>Nb@jQ`FS3u z+YAeY(>(&cPxoWXk7pk2)}i9OkEg-bc^;dprK`YYIO`SfJl!9b&f`;&t^_gfJl!tD z-2Cp@gHjUfZ2xVA&-{+{VMD}Z^u%_YMmFn*FRb(L(veQ{o6!udNgfyHmuFv|U$biY z)gKodt*f42hid6|UV;XoT6n5tnU1bD-Hm6bBo<&Hb2($yE2n!(wfxHN#2vF_c9rvZ zVzvCH&rC_IK|1EwR`NTiT7GXLKQ>tAoi7*OVb|p{@SiCOw#Cc*c!lQ6Wn{Jdj$Mex z@DB3alJlEgEx(QU)4?pvDD%sd{7Nl9#@Jo*BJQ-vfs5s1e`&RJz2A#x#~g>9r@IpA zbbA|#bX{YT%5=nB%g?{M^DolPMmk+CC9lQCK{+4TY$}(_!fN?_i2OD-^xTunWq!5% zRv|y8V}4yEKVC_qDy!_C-h{jS7}q;rZyZWEv1&W&H5B+H#C^T77(5nheuIC;-BB6Q z^Fy*KoyKb>enjn%>{7!uu6~voMmRNG59{~)S4Mb@s}ZiL_4~%*>YEWBvuad1gJFIL zhQAW>``gji2uBuvid`zs6izVr#IQyLqBs1N_MGX&(+U<6pAstfR+3b zO2vQLrG_)sWF)o9p33yxN|Rk`IOEgLJY!3CsflBgAE4B5mY)ozhCNh2cS+1mehhcQ z9XCVP1r2hqJf%~|ao7klcDxmS4@CwWU`kFV^-ioHCigQUr) zSXqK z5uxhW_P&5T@tS-lNxtJ8?sY^ys=mjwQ~nZyJ;uKG5#ytie>raQ1qR!>Q><#`xkXBc z807V$o9DDCnK91&ETv;KPmMgz>mWD3{mVS9nhtqdl^OEv%(3G2UJ6fU(Cv|@RLOst zzm+ZIpC0oG`CIuJ`O9(tZ^~xponaa3IjEgKhPXK_TT2tlc5p0bm|u&xWjW0(x|@qB z1=mmPx}tY?6Za7JrfqrhJjds~KW*!JAkECs4Mv}GLSQ)8cMp^JaN3qx(WSApKsOrmXlO{HyJOqVn>#52XSXgkrKL)&&Tm$rGIN8=iT-F);Z zcKBXEbK#*|gg)iuz{Fy@d-P+pZC6WZE8Da5DKX75x<~YK+LpsAx@U~97O$aCjq!DK zuju#b-q9b?eWKUXr$uk1PmkV2_l@2{+p_(hw(@VMtvov={wr2#}47-GC8hIG1ZZ@3%|<8sxoXFgmuEIQNIHGBGAmWG$m zgUs0&4yKX5zBxS;KzB8I=E?7$rje$hIo;-WnZ+ApNc*_BRH_{JM@!QbL)z1X`E7{+ zx;^F>@#^#24(S?Wn>-#vZeBE3YnT_L=ls&?wq4~i4dR?HI^F8YQj2q5==9F`2i;`! zOwW0t(`}odZgG~M_VRP}G;W1|(9!9(zchjyAIWI^OOvn1X86o_O$=#YFPLPaG4>c#AkAHJSe@;z8mH@l5eU;upnloB0E&o9Q-j8{m(@`ZDJVai1hE6<;pC zReZPj8Sx772V(xXginhO4;8^mo;pZU1_aSS(~Jo9|`yN`_XM<3ZU&gqUebKm6;Y52JO5e@e* zmWKO2f55=w{9z3@e>u_fIT_l-YmW-t*)S zA8=ge$sa!OeE2hlo`ydJ=yCpJy~iIF^M^n@{+jr6b7$Na*dg(QP~Urc{&0euKbGJg zCN2~6$3r{~e>lX=UzKVylEi*Qw#7;B! zwL18R>G=Z@2a5R=j&HYzn=uH#o9_8}pSBd!q75jZ4Ukv-0`6L)WGfg3eXPVE!koS-o=hN@}OrMY8xn@2sf1x=W!;8#(Dn7@| z^I6_|=D3{^FEW>7c(IvJr}Hz@@QtAf<|!CXGV=-f%gj74=HI!Qp63@c%{O9ry_rw8 z^E1=%-1#OmpKQO=ya2;XQttsN=wX3F?`0%C);^1 zoN0KT{*swbw!db63&S_ee1d(gndkEFx^XV>iFqT2pPBh2IX^RhzWwyIc`Jrn%zQeX z_uH9<*96o0(6c4zEzSH}_EBa&RnE^$!@nW(@8R@u7v@d_Av9w_C97_1NAlY$@YQfb1~%KwwY%J%E`|(-w3fd(C{}{UI~|M#8@ZbKDh(KWXOm-_vG3&Hkd9&pWL!_rx~9&m5O; zx4mv&i{TnGpIYZRvn)^qU&K;$IPeD`I+&C817@{Q|tSin__r?nNO!5Z02?F zp=Lgvex$iAhHcDzN}QjWKi}Z%XzqexXY(+mIl;{9>2BtEi1#-4!|-%7{>Yc;Z{{`k z0CP*k&oloW!wbxOs+pfz2EP3_!kmv`o|#W&^E1=%&A~C|6&RM9c}+jo%qP7ko2O%V znVC;OE`~Rm`4luibGm#3@ecF77|u8I$?An>-alAm=9ATrnV-h+ zN%I`UpEdIy!}Df7LH)X!_Z!|c^U3xv&Aj)p$sDem=r-}~mK|_9j?e7c;2ecz=8pho znR)J1K_h)vq@g|i)fVrDIPLK{j3Xbuv3S3w>47w~r+LEC@GZq-Fny-y+k!b}zWuk- z%(wP7nfZ3!(Kt>seOC;#&3sF4oSARQy-1_Xy)j+d@0IZfEIBUUT z_IrJ^EZ!e++VAzvWgL0V$M8{0GZ1O$bS^Y>uUndp7`|s|1|v?V+ut~Tu=r5KX^-;+ zpXC|Gj9`y{r;Tv;3&AhiUnQnt;*N~p}^sidH9C13`{zmYr#VZh}J^hI|pI|vaoVTV#o{v%r#(K>;xiGa zJwBarlwlEuvn|amq@mNX{@C4TY53!iE5&EwT!dwtgEX|?_s+8TT*PVLZm+TUJjCgA z9E;f9XYu*wbR4(YeQ5Co=5+3)=)SY~B6B+b2!O6G#^b#3Exg-llx;EMbb9xYB(cHb zkKrTj%b@{|wM@SRaoU&jQH&!`z72Q0rFj-<=ydyA)wvd5hB%$x13w(CIw^bS0LCZ?5sjUYVY6x7|-8&(%mn zdwTu=EYp07;YVhcr%uC|evLW(Q~=!pj3YhYXq#ZZ6vKPWe6#E!Gv7GlkIZwr>o6{z z-YaAie*c~E_wlhG-|Cm4D>gsIf+grDo z`PS7uGvCa5l13S}vkb6rOK(^jzM1ut_)kl}6X|I$Pc5Y5beVpCGw&O9mN-&XlrEc4-8U3JWS^Q#GsJbArO zd-@fYhHqf;x3oDf-?U=a=#cm~BW$9=sj8l{FW*^fqTW+#6M;S~b|DhPN_xy*^Y4``-aP*DLdE!Dd^Di?q zf8LK`dggzH8M}I7CXH#$!jQdBYYvS%o!wmYjm&q57nnJ%hs>PT6K3YWj7I*;F=X%g zucA@UvSWSJ$o!W0eKYg_)Xe<9G;?0InK}AS8q@j}L-sx`ZbSY|0=JJwEEu|4;`(Mz ztC5-0I@ruvT{5t@sadQ*4Z$rk9x4j~>qz^ZL%?&xv0VehpV)_(Jhi@wMWc#rKFG5ib?L zDn1oEn@@LyIJ9ii92+CLX%fF(e4lu$_&?&BsBAp{{ltffj}hM?en9-Rc%^uq_%rc< zy2PW-m`Q}Gt@FJfLtdO4elTZxYqpCLY1 zoFl$We2aL2_;K+|Vz$`g<@r+lZ}IQq{c!;E^j*b$#Dm1c#bd?Siut#A&vT*pN%3m& z2Ju!g|EB2q)W%7N`w($Qad+|G#OI5P#M8w$i0>3H7OxQhOT0&I@9Av zh}(%z5cd)DUb&C^ckyWPRPjvlTrr;?@O&NyON z$BKK1&lU4|2G5h%*Y4}Z3&l@}UlPA9-X#7}{D*iST%7o{_*{fLQ+%?xzj%b0EyDP? z^Tdn9OT;V0Z;5N*gwpewAiiGA`{17DQ8BO8J^rcqCvh6CZ#@m4qj0wq_Yz+!enh-g zoPuju&!>Ty&s2E)L^1EJd;IU>(cEb)Z4~Z)pC-a;xUMoHkC+I%ibHr?&#N$)M zcZ&H;g{OH={EGM;@doi$@vq`qxL)==_ZJ^7ZYyrlB$+-_++EyHJVcx=9wWX)yji?M z%nNld=RV?t#W#rW5 zabNMd;!^Qc@pa;P;s?dgieDAKFaA=zUHpf*KCTyidpKC!T70~?w|J0vxVT6>NqmiX zuJ}Ij67kF8b>a=;@5TQW*KLuUuLH#`#ht`G#Ak^|iz~$6ig^>(mtlSJQR3soy~JmW zv&3V>6UA4HZxJsPKPg@z{!F}8yh~iCRdQYq5VsI_6rUkJSDYg*5l#AV`Z#7~O967LY#Ym=N-cX403Rw8u$VgK7i7UMYHuqzTzlk`_w`kF{{ zlcc##(%dO&?w2%=&>0vJ-Ev94O5*Fp8)(!E?6%N#qQ8gz?;|NkC(GPWd;o3Z9xn0r z;*-UvO8Sc=okTegApOG}nXe-+*;*Z5U z#SPje(;p`uEH0yM-Y3xMao#V5{cmSCGH&yJi=@9>;`d4XF^NAV@s}jNM*I$K)7>nt z**;medh|ZAYz<)lyITv!t!%9&eJ6=`k$4YrKS?t{;^#|zlz6Q8657ghx%d|Ged6Wf z&Enb}lJi)f#yu2v4PpO#Un|CK9*?GNeRY=j2@>xm@j>GABu&1=$4Gp<#HZ5x#_~*u zS)McTaW>;to_XTCX{2Gd5cc$sNSdc4&5Po9#aqN_naMm`iwB7F#p7vPK9gzOqhU7< z_P=l5E@>W+G!ILfCnU{s@w<}#LrK3`;#(#Do5cULI4%(r`*cLv2y~5TD`yj!<>Xfx zjN5WaixzmPQF)3%&{6W2R789$7+Wq72x z9c}q{lK4pyKLzG=amY*zVBDrPRMHHyG+1PbLP>M6q!}w|CQF(t=nRaA?mF7ad8?$k zhqiLwC+VLNFPHSMNc=t8#{HMXzY_l>uGtysZ64ETD^FvIA4XfA&0#JdzAJRB#Jfnm z2jiA!A4zkDq&ZLG7t$G6Am~Pk$BAdqmgmjld9;;nKFqT59ik^B&2sUplKu@#&v%Q~ zOPcS*+vyAx4Bal;mQT&&lI5vKTNxU_ECb&s%3$2e++N(7MjCcqVW#JMM*SGK^lUrO zeG!c`>_)&$&v%;28MpM)#4~85VK)DfSnyEbj<>%mOVcb%F^nxn;;lD@O0=Q~iRNt(gp3ncwTmY(lh zl}MV&;^}k-3Xkpr7#9yUtzCILx0&^bup49h}{zuyKN$HXt_W`7e6R|QT#9Qc5zEw=y;y(#hqZz z%XxM2yd&dQ{xc-aaB;4s=lfq{7`J(^pl#esCH?hu238`vxsv`~Nxw+aFO~FfNt(~Z z+r+=nwyge3XJA6;>Yb1*Pb2X`w530W&Ol;xr%0Ls;=z*s@8V)Q10$lVplvx^PTO*r zDd}gyT+YAadSjlXxm(gKlr)b>nx`erQcJ`4+Ey}d(|udgZxDY)+x+gPGf-f3wN6Zq z+mN<0A4FUFL+K18M%PBtbP{)wG(9AKhIo)TS3E{MPCSveGF&UZU;Mmyt@tDH7vdkq zKf_!Xd>-Ks#%&po?-oBL zUMqeN=DhG-$n}idylkdzUj8HAP202%=$7aZeKWpe_G_wB_@6Is*#_ z-AGAuF>U#bmo!r)&9#!|21#?9q**9w9+EUKNqm*0Un}wVCH}d@w~2qEZC-ZM8JH1t z4Np#%KSP`;K906=PZ9TmxjgyI#d(r`7;VdNl*9{Z%V#p3fdZhLC24M!G`GRbpYLfd zmNZXDnx`!d-z!`#X+9LMr!z1ibYIg}w(XMU7fJJ{q^Z{(>23Y)OI!IH!7Ll!YiP>2 z<=KKhEKciKaaY>L9U>l1XT=_I1lsbPEb*%)ejROj&Zjew54tBL&CBA|l4iZczZ3sk((I(IJby}> znx`hG+f;m_xI4`G;=8v48Mk@4NSrI_^DRA}Ke|NH%n)BE>2I|3e24cTi9bqbU?HG; zp0??(62C5K-j(>L;!WajX{}G zf6`X|8zueCFw4OAjBc0o_euJv#n01LwvWVL(HU`C|CM-?-pTZbz?>G}Yi`fDm8ZM7 zm!v;iJOt*reD^tD(icgZQcJ^ktFMqW*Gih}EzKOHxku70k~E7g4d0u7Nz%M6eqYjm zEB-^=s84d9}vGNei`QSVH-ZLF>dSqUD}rOza;)GjkN5x!5sGs z^uJ5`8mA@G)P_CHzKmO*2TPj6EX{wA&(V^mgQPiD(sYwFJta*aOS234oFnn`=nNDX zU5@xR+UECu`rw%6HHp7Z9~9$1Nc=a6A9#8)pBA*GKUw1aBtBT;qs0~Co5c5uSBbwC z*X}E25O)_}B)(L9qxf<0d*biJ4bMnU>v(atc&2!fc$N55@iuXTe#!i~WD)De)`f*Tw6^?~6Ybe=h!3yiL4Q{HwTLN^)5>5Fa3BJ5Ihlj}V7<#B7Mx;R73Hi&$gbQX6NpCV?vLY{tz_hbt1;3H1ou4%f{nRh{Jo7mj4S9UnO2G4)0f5`VA8QTKuheyEwd$ zY2(($!N$u|PrRS_0P&&XBgEmIP0RB*iFXtC5D%d3d5m+!7lN@xR4?ic@PR%T`a^Kzyi}?K%6rv=+A&pCmp-JXp*&A3dKe zagKN_je9EWCWtQ+Um>0;o+ZAE#`Oogd&Lim9}zz#eop+Rc&+$D@h9T1#GA!Gh<_6A z68|o)jq@)re?4({58CGI0Ex5xN>865ZX<3dX1kW2zN`2YaW8Ry@j&r;;tR#O;(YPN zV*dTu%P>hiReY8BTJan)+vf6o?h@ZC=C46}n#aV?iC++}60a7o6~8B5FWxBLEZ!>q zN&JiWPjPD9WSQB9xtG6zxQX}>aZ7P)aR>3S;%;KLh3?ZjLwu%quz09AOPnJv6qks{ zizkZ1JN34mUn%kMe!azKOZ+zRo#Ok&4~d@;KP`Sqyi)vz_-*kA;*Z5&ioX$W6aOgw zulNsfEt~`Tx=0i6FFsIwsQ3tRYcboC^*oOicMEeCGO~uW`EyPEOGsT_7Cy7Jb4z|quOMIaCeDUAKBgLb|7mLS=CyS?v zuNJetKVK#{i*FO(EnX;IEPhNJ+Ly3-d_m%?#H+v3c!iklPWrUi&Z9fD>0$HuvBWouH;K23 zL%Sa~?ynNxEl$PrC_b$^;s)Z-PKf1mh{O*UA1OXse5|;OxV!jN@!!M)#6!iy#5v+o z;u0}`E5zq$@hf7sKkj7+zklo7fW$u& zZxU}2|0w=hyjz^WwYyI%O}vlzK=HxiBgC!5?ZutMCy7rH^EXz!4E@CCh|d$Vy>d^V zEB=SLSj@K6J^du{<>ITvv&3`6cZly6FA|4#V{CmrCGqFP%f+k2Z;9U#eqMGyEvsmGM{>4w!iB6hqh~MUJjCYbMcYl(58*0?9Zvs+QYGUk;KP~CyMzyJD%s2;(v;75Z@-gQ@l|8fH<_VW93;Q@fXA^ z#G&mSOTR|qp&cHJe=PBh;!Wah;vdDoig$}^;a-|Ahcxm2;seEpijNQ&~}h5w{nS37tauf_Ju6{Y>Cek&lj^@UtewyiI<3<6^FKo zEdP}fe?uJFEV48oNc>~*x8iN$onk(3=Vkj-oQh}2Jf1GzSA3xOVDS;+R^l$=lf?bR zXNiZ1`RtvSCtqABE)$OzPZm!T-ypt89NJ>CWjkNukBXlZKQDesyjJ|4_*3!c;?3f% z;{S^O5ZA)JNna*u;-=ze;+A6m#+HxURoqS7TijR7-{kUfhlz8=`Qi%kB=L0d3^Ci3 z_Wb9F?-k!K4((al`g&60E5)yg*NWd0hxV^5pU)-EcB;KRp@f7j(;@RTc z#dnGC7e6FkDt=M?miQg<$Kub#UyHvL|0>=sJ^ypPM@B6Rl? zUntHJhqm?bncZlKPY_=!o-UptzEymOc!7A4_)+nb;$`CHV*XB|&)0k6FU8-8e-`t3 zL?5^Afl1dFHxf4yA0}=t=5OtIo?XSKh|iB|b)cthkH#6mc){Ao024 zi^L@kiqI;;rI;i~kVUXqsH+Y2wgUB=!w< zjV0bxe7LxUxRdyJaUby+;-TVU;vDfP@nrEd@zvsgiWi6%i9?%~HjmFs{AKa0;t#|h zi?@is7w;7RDo$XZ@cN;qxRJPt_;7IxaVPQd;?uMvc$VCk|H0y8#G&0$+cx@2yubKDah7} zUGXR44dQRa---V#{zJUap~-czpSY>GnYfj>jkv40oA__y0pg3qBg7Yr$BHi%UnZU< zo+F+oo-bY`UMvpn23x)HlEhyVzbSrC{4a56XV~)jPU1g_e-YQhiy~e>r-}CyhjxiA z&qF1Cgg8^&S=>$BL)=%~UwolBOI#!_6<;R4LOe%2SG-8PSp2;BC2?po+2;LSiGLyf zTD(*ItGMpr$>m&Me2DmP@loPq#G!p=D^GWcpC;}n9wa_joF^_2Uo0Lgo-Upto+X|m zo+q9!epLLV_<8Y5;@8A)ia!;9F5WEOD*j3Qi}(+5jf~_vN)zuRK0thsI78f0+*X_^ z?ji0i{+oD!c(^!MTqrIPj~7oA&lJxR-y*(Ue2@4(@l)dG#4E(Fh~E;wBi<<9B>rB! zUHq$fw>bTX|<%oBgIt9*wPw^u9Mg~p|M<$GJH4$L$Mab1+M@S1Y%^hhf2T9!``{mRUD5kH4&7k3S<0>ldVjB>H_Y}n z+4V*5%eFtvceK6pcV_Y0P364c(cntg7l-+(702X!`M4Qk&X>nS`K=5rzn3kP-{LI4 z$E%mq%RG>2tjvSOL&d|y!^OGcd~u<;L|iVe5Kj_M6;Bt>5YH6P63-FO70(mT7cUSm z5-%1%CSD?bR=iBST)axWTD(TQPW-<3Bk_9iM)4-`7V-Du?c$x{U&Xt{iIn8_P*Yr2 zTwmN!+*sUH+)SJyZYgdpZYvJIacSEpf0NX=RsJTayPLR&xVN~kxW9Oyc(6FU?`+c@ zCh_6oTyeg*P+TG|7gvZUiKmLEi)V;uif4)Ei06vuiRX(Kh!=?$iysp&5kD(lCSERH zC0;FFBVH$dU;L4Hy?CQ|lX#2xd+~PhPVuke-Qw_0x2^Y@HImy{U2%PJLvdqqQ*kqK zcpu#IZz=KC;Ck#trX`o4ZMx9^&5OzT*Dkf#UFcua@Ufi4PMG7w3xe#f9P$ zak;ocJV`uNJY76XJV!iNJWsqxyjc90c!_wqc$Ijyc#U|S_Iw{;rc!8iAoG=0VW#RJ8I#lyw9 z;(T$TxI#QhJXJhhJWD)BJXbtVyhyxQ{Fr!&c)56$c(r(q_#^Rp@ka3`@pkb}@vq|D z;<~uD@bjhm;)deJ;_$w|t;g`bzqz%fX)Eq3?k4Ub?kx`Q{#%}GXWYvc+5xb5Xa~R? z-u*WhO8OFUxp=C0x_E|org*M+o_M}Ev=v}wSS0bq;%CLn#LLC2#H+4%%P0}-+q|J9L@=?{Na4Y%BgL+XnQH?+;^-zqiHL{ z7qm^QpDfQ`a1Ob@<C*DMc8Gm9)v^HnJndatj zS92@4yZLyyxA_FPpSe3c(A*OqY(5PhMcZ;1W9Dp@nOUC6<_!1>b36E2^KtOa=C1I3 zb07Etb3gb=^C0*I^I&+T`2zTLb2hxzTnK+;o&bMgo(^v|Ukz_F&xCiFZ-Uug5a;n8 z_)qgAa4j5L8RxZo1M|yp6Em;Z4>i9Bw=jPQv%MgW`x)H9%ng0WyV&-)= z+X&*j-|U8(xe6{a^DCY&F%2H~OpG>jU5qtnz?00GFxw7ddM+!EepJ`(=Z+!{{B4#e_wh7Y7|KW%2_bdNGK|Mq6))7i{z_(b!ua1V1g z_%t*39iFQ&|K9K*GxwdLW^T`HM~G>L!z0Wi;jy&U8*E32=Euv-P2rhl{HZT7+k7;9 ztC{QfE^}{~=ON68`xM&?qR)h%F`om!U_KXKX=ZuYb`aBF06i2D9y; z{jIL!d4>B=b7Q2bg}ROLX7D~{&I{WSV*CjBP;(2om6_{;Z3i(;7r3MOM7WFj6u7&Y z+w-aBKJXCQ>h=rGT(;R}7JHPL+rt<$M=3LNpPFDk3Z7=>^1s&H5x&99GTdVB4c}ot z9lqDhb@71tYWOkpweU0M+3?Heo8i~ZE3l2PHNOLYVEz#P)XZy$FU+6Ao6TRs+sxdz zc9_3|cbR!@k*ICU4eOBS09=OrogE(c>AG-JGu!Lpai8&h;3Lh4!93P8&NjL_nU91| zFt>r(ju6wdg?SvOPl9>urn|#DUenzFhMRlABh7>1Li2fWsd*U8_JufZ7Cgnw{g3Sn zFF?n*Gxy_t z%|F2hnty}Y?hw=e4!1BTu)Q2@-Ve?+H-e8hH-WpEo581=4~P4jo5N?BkA#Pq+rY!j zUEvYt6JfSB#PaaBii*rVV74{HcrSR8c>p}kd^SA8%x{N$)-j#TY@h4|^OrE& z6yh@c5kAe#I;Ovw*BOJ%zrp95|A2>^*;d&|bA6a?3NcUCJ*DPG@C5UL@Kp2R@Req^ zXExK!YZ101#C%vMu^k~g6P|Bo{dAw1*B^_`Z1arm2r>Q1@Uv#tTQ8b>!mG@u!E8r} z>Cb@Inft^4G7o?^n9qhcna_d0GqcWP+d<4H7yi|p53}tc#z(_7ab8B3!1c^!a6|Jr zm~96!O$FS{JQZ$ko(8k+Af}lPw>Mu2cQ#)QpJ<*5_cUJ*_cgQbJj*;A9%7ygv%MhZ zKOY`pz6Z`XFNBNCY`=}|1u^}@@FnKQ;Hl;(;495b;D4G|!E?;4UvD?R0pDX@11~ba z4L@Rj2VP?S7G@hkEW=Omax?4HSIunKZH;+1{H~d8s(xf<{kp-N4sS9yfWI@dy|?Y= zrZC$G;&fT>{$V}_W*b3_vyHcU<__?F=FTwN2x6KO;ls?VgWH(d_8Z#;Vw%(7<9DAY&-29b7y#wxeNTLnf24t<{|KM^Lg+aX4W_Fo6F!0 z=5g>Aa|O({eOQJ|;N9j)a1C5@Fg^pWYn}(QJs-v&gd3Ze!v~vRhcnD;V7BMO^lXQ$ zt@$0ellgtPtC{r*+w)<1)+@cuU%>s$+u?y`wlT)`e3+isb;HaDz--Tl@g^|a^Pvxh zOU!J0Y@9g*zSP_To^EahUt>NBo@H(W-)v_4WOtca$1E}*4?k}11}`>Kmh@b~7y@K5H8V7Ar6^uysl%&fO+){pV&a6R)? za6|Joa1%4@q{Ga!;Fe~#XU6tXMJ>#%|5$KZ3# zPr_`UhvTw-8ev`w=bPVwi_Krac3eGdL4rALpOwTsVE;hdl zk2ik|Uus?tv+W(G{{p_+{1tq?`5X8q^Dpr2=3VgJ=33Z4?l-5y51U!%J!$4MRcw2Q z(>f4-$=nKl#e59>rkQP+vF#nEKNYE zU6^Zr4IXV~n`CTPhv`3u$CL$ zF!*OP+aB9(E{1C~jQO+9t7|TU8<^SlSYz`=1uTS^JaLq`8)VF^Y<{@-r=}E!1tMdgcqCHR@oEgUGTH!-SCU%1opF4<{I!D z=Em?kb2Io~<_vg)xdqJM-eVb9ckVDB4YM5{#{0rGaf6ob57#rF4L3Ar!A;Dp3lB3F z{C~{7dw5mF+4sLrJA3WywUdy&fdEl9$RTnFNeGCF3Wy3GQ4RtsAtV8!Aqh!9s3@rD zgNlOIQ(IK9sHmuTsE2wAJg8`~wTc#7RH{_5)ryu{Z1v&&erL_>eFtrS?;p>5UB8v= zwLUX*&pr1X*37IkxR2(Gzymb1Uo6+mZ%Xq0Jk-Aoe7t79lWeT!tH7sfUI9K^Gy6-v ztA}xK2G7uZE4WVcPrwbD*>|>RUJK@Xdl+{;c&X+M;Hx!11YW865%5i#UjY9^Gv8ab zRx|t5do}YNW*arLe|=0d-(mK&=Dpw-G#6kW+N!xf_%+R=!Eb10ANG#sQ^314p9%g@ zGyAi>nkRz!ZXf1xGI+n{bHV@AJPpim;8BL}63fxd{x8rx7hI^h6mi)%C=0P|fyjQbsUgXRSG6}}6I z{)dB~(9G|3KC5{kc#Gzd;BA_Z2me|#zt{P;=CR;in%QrCsCf!_uV%h8>CU6uNRcKoqxKQ&Y;KMXu3g-KND6sOH~-pVs^#_yx^-z*{wc4E~j7_MLoR5Yzn!c&FxX zz@K`Mx0fJJ|pBY36&*zSiu6ztx-uJGgL1`4X_NncpPM(_98lX&wsh zu6Z~(t@&thKg|=sgEX`6tkBH&oQ=?21wLMLHJI-gq7Aj+Q#H>4^Zi2fzYsh{^E@!$ zFGT+)@GQ;q!E-gYf*Un20JmxW5t#26VqEse*J{2Be6!~3z;|k14PLLA{qX~u*MK)^ zz6<=M=5^rbG_MD5(ad+PZPWY!_}7{r0`Jhwcd-3l^P}M1njZ&$toaw<&ouuM{1449 zf*s_E`FaT)X#N$ri)Qxm#hTv*_twllp6?@K+z-H|n%Uo1YG%KFjOK5_qcpQ$=evm* z*9D)hnSJ~@n%S36)tm;;(%c7JubJ;}Ytvi_zD)CQFyBo?{l|lE(9C}Q7R}?qYc)>< zKcIOs_)*O>z)x$g2fwKKBJj(a=Yh9tW*`5i=K0{An%ltdYv#M(_GtbQ_|KX-4(!vs z6#TX3tH9rC<~ZPV3G;OenC~xQ9&ZEZX?_6QO*8xcwC2s={+izcmulVv=KG7N=VS0O zn)zP0(VD*lkJId-4>(hE4tT2O06a@`C-7X&-M~$ni@^&u9}ZrkISsx-b8qkp&HPsE z4VpO)+^l&Z_@|nOfY)i}_^?6qXz;_DPXs@qc^vqcnok37)_f*-o95}@Uu))j0ue)aUwQ0>m!2L9j z01wv8cfVC?9s@o`^H}gG&Fpti*357Cp04>U@Hv{#0rMSAw4nyS8Jg#UYc)55FVwsU z+^m`3?Omw(3h)xmtHFGC6Ls>ty(={T6nul`2N|ZB-|hXW<|o1TXnqF#h~}-}Uuu38 z+^(7LhkI2szoq-8=0Ae@9w*wscfx(3ncuqoL^IzH_l0KmyZ_MqKj4F!ZS2Pp+!RJV zh2Xg6&frd(yMv1~9|q<-ohZ-#xS!?<@F30XgZX|Z${Y(Gq4_xQ@tXNQxiOmAH*>L% z2)DR=W7&N|#&piI`-TjYExTXHX>$LNOUPVdDZ|e`QlVNIoj4to(W&%kolM5)RB^RV z-uGs7jw5TGlgPM+&t)clh8qMg61<#@>v&vN<7aq{;0=PG5Zo?!yWpLI_Xyrc#x(~n z-{NQ3$Njg4Q-afi2a$2klFJCeV+BtjSW` zG(Sff%(J+tXXP}jXW}&P7Bcb~H~B0Z?>9F0JQoNq7R>vKjZCHBQG!nwJXLV5;AX)~ z1g{W$v*5LYHwu1Q@K(WZ2;L=FK1;P<_*=NY&EzW(TqL-U;4;A@1&TJyM3%vltk^xTt3?G^=MTG|v?B4T5>^kjlg2 z7(OTbw+Y@Mc(>rs1RoIW`B^&)1Q!dI-xK8hG$voXhsN;fg5~!CYlXl34j}K3F>!f+ zjNzLFuNBOD@Qe)ayEDvt?F{q&I>WmJ?-jgXu!XsRkq-nH3GO4fOfc_9F>!g%n_=EN zVwm@f7;X@}NHFgmF*3X_#PAxyytl*nKOwkXFz@X!GQ8i+Fz+!lyif4Af_+@SH!>-~ zX~Ba8j}Sao@C3oUPr~S&E136282@F0R|>ve@Or_U1V1Nun_%9rW%TbB{F&ebf<4UX zjC_IMV!(j=6uHZJoyxweNcrDrR?Sj_} z-X!=r!P^Ay5WHJ3uk{-J2LyY#{%8CP1oL{W@h=fvDR`7%UY9lUQw8%{tnueHSHnvL zuMo^@s78j@M-6Wj%=<}<|5m|o2;L=_*Eo&*e!;va#Q5_*5W_`+`v~Se9!6%Q;BkT{ z37#pqK`^gV8a>MeuNJ&U@CL!W*TTeY7rb5YPQiNw?-Ts3VBRBPbfyHS1rHKDLNKop znz$1L^ID+sm){cN^*`gkOfc_NF#f!TXPDRL%zMdr?alCWg0~6YLFR*6SXx^fs_L6c zn}(#rrF>XL`Ou>)%Z@5fr_0OA%EWs3@XB<0=&*`m6-snw?$VP^KiRf%0Ie6>nqg&K znDd^F031VAs_+s#OF7Jl{y*IoZhqs{b?@Hz>E++dk3IUj^SK)gF3v9rU|Ksavd(g@ z?q|JGQSjW~N`m8PJv@(drj9H*eVpAM0lqWK?mft=a4M!85v^F;GnBX*=b5Z7SNzMU zIr%RKagywc)BkbBnZb!=6$K^1b2SC!JR1_KD=rx{rk54!`_L*0ivJb{E&1x|sMW>! zM@G-P2U%u_^zu6g2fHWZ4B=P)qubW)ym9a42j&-UE=%mQj&{ZuPU~G?v3N{kUnXzw zIk88-nIAZ>du1P``=^c{oTyk^5Nf*hL#HHRvUb4!$8+wh_IJT?&KdcG^Fj#(=WDXB zM#jFMX5r?2ul9Pk)2DW<{B`eh=RJ3OW#GJ=W1SHkmoQq=+uLt#u?D<1W##|m95@Ia z<=cAg?6lV|+*|;waqe#O?pLedJ^RzquvJ<5x!XT=^x#BrrMB~KVdpse6xs>>85>9F z+9@$M&fiwO^X$E&3pb~={{Iadq2qO@#HmMM;pcSvR*coMLxyFgx|;h`^se!VR3VK38t54s(Fv)jEj9wd^Gp^oLonTM&EwbHrXy}?@*S%yRz&n)B;?Rg!K|ov8-)C8v5N6Q zJZHx^;vN*LJDgA7#@(c*ZvG21=;aC5Q$UH^ajZ zwOt16^gMi-cn6`o;E_iwgmMZZ{xk4Z#mSeCsq#J{bniFrrB>kz+neZ(MlmL4EtqY2 zlRXMs!3b2DH^rl-Wx--pqj#>7S`k#EoV}^u*@&_)c`{33npX`+vu$}SP6nvNiYyhK zValCvsiK*0+z~6)6OG0@&!au5%TdAJ@4Rae9Q9UVoyT`FUL##*b-7Z-~;v z;{()r!?6lWpTgNzn|~vn%8w!tABm06gi?G8(!a(&10G%ZCXtkXt-S`0fV-Z*%2t^R z?nMjoZ??JDdckO<>;F_ae6=I`_t{$*CDF2=(ej_NKZm2h%6k->e6^CL%~uITJ-$T1 zAFYt7<$Z`%zFMi$mPO9zj{PtePu->tqEGTS+k8zxS3VD(^0(M$!t&7KSER+;rNwVb zi$Ad27$vm$3;QlMEi11En|!sB7T3c!>NR2Q{|$*oJ*Jk&Q?L1I^*xLEb4GLzi)p(~nU?iz}SzaKPfu*yO8~w73U+ zqaGh*_3uHVXd=K)+|~I2X}(%1d3t4A3fN=j0 z4xi+NC3~D6P!?M9u|p$u5HiI)#|nCHtpVfHdln0>jY&2D4LS9|03emsYQ6cnUU5;*>B6s2r0MLm`BD9-AZbJT7NTR^@o3@?%uF zf11(+l~Z#DB66s5T1Mrh9G+(lRZhtf1u;FRGXk`g=NXlJd6j>G(nOU}KAfgiMp-D# z_@pQwk<}`rBIDDeJdbNsMs>z5?vocNO;A}M{cT3&g&CD~Q9cP9s+8qP9pFsV|X zjVerPh|hAiQhdzBFY}K=0+_A(6a2S9VU3=n3Q%|4lT?70R71#Qe;nd2*K<-nm8ABs zDl4@L3HaywcWZT3ejn%$)m5uP(&}oYx>}-kTGnfmZ5wv^yH(^FfT6h;>D~3}fcSxLU%}a>(Tc5G&KU9KDC^kIIUn-6)LF56=LI!jtNALmFN!_3@aUkOujkP9E5Pfw&)pqb`2JABe1>hakx zW$gh#KELKJnwIjDQ(Qjn<+HX9D~Rvygq8~x(z>{KD51c#%dY~;V1~o80Q)L7&ubFKW#YPw433; zd5AX=HD9f6q;XMiCp@Cw`_y=bLYk1r6hg7bLa|Tj%cMfzOt~ZOK?X5l6$Fp&;7;sa zX@Kz@NY6=F@t0r4)rD9=d^$EhOD*cv5krd@KkAKwM^v3PP^*=2s@=P1xO?9LcTb)t zI%r!(etfaVyUT-T(f;F?cxs0WI7-DYRgKrPQjf7PF7p^KHVW-O_+lq8w-1Uk2=>Ks zkFq+}5B9TpTESmEtSoyN{Jmf$;s#ypS~z^G6Wd!)V7^)@@un(bMPf}a(%*(@ChUN9>Y3c_ExEaOFf!_&M#Uw+?H+R3Q^d^+$@qt@hL4t`DI!3xeBh z-ZUMi{xh3d*Qsx``{1r1q|OhX7_cbDt=~QZKUw9kBU)M%Rfjy&(9;UQZKPI>C3c1;rhH4H|XGhbQvY ziZgFfhnJ$TOq1bL6;W>o)_$`>YE2!DG7Gvpe*t&pAxc5e!%5|z-w6zB>tuCCB5Y8nIGli4g(Y?{()l|?!WtUmoXMDBBO2>u8__tGYC(F=Tq_vw zuviLg)oM<4Y7rr2rx9?P!xmIzTPeQDGdM$~otn&Usm9?)n!EB8Y(Y@#41*&qp}CIO zr58AL46yPhVUw>`YO>aGDu`m4j_{~A6KmgANQJ4fuq3$BxftA)?~W=6mOFRB5vH_4 z*2OK(Zx~?Zy?{-=TK#ZJTM-`hUc=hINFf!X8t!o%TxATa;ofXD+~?4=uo^ZvjBFK+ z3x4iQgK${H_dEPFvo7KXbrEyC4>l^Pf&_QQha65z%L1Q;_pn3TMh4%a^nynmmd2=X zFyj}H_28D`T{pp_%B-R(!4{{TNxp?HB-pAHV@t=&&LAY84!&YxZFBC!rgz}8<9kgx z`UFqYv0cUQ7bf$DNoI(Z;*HV4>&^mr^*|Ri(Cvzo!(js(T-|>)l|CdK0-Cagqq=@nxY_B;jV<1 zL~XMbT;uZTWGm4EzE-i9s0Ux?a_-?Z3KqjRs>D*k6z1%os$jbW?d(4Pr5s%o^^2;}%3KaT zMR3eAj$$}aN?}Mk(L^y@iS>a4Vxgl14v2-0K>=@c2^^OdSQd0WigJ7B=cy*S;{pkl3dGpla%_gk>rPzoUB|YN0QIb zs3|V1Vq7HYGTyl=h1(;^2bjqV-0lebNhCRgEuzNd{_~TZ5&{GyQaPb*&Ywayi@F?I%aDZdSW& zQM+@Kf2CyT+LN37JKIO-+MAo?d$58VRn32vn`~wtLf5|B z!}y2lWc1TWfjU1@lFtRnGV0u;B-?{z16#D$*$&Mh&Gx))uT@IoGx4XnVbTVK5IC5;s9 ziOziZO@dz~{QeyJ*=JdUYvFYoysT3EEPl*1Ol2Wcc?-WVm5WU(d~KDzh^c&u-$2?i z3(=25M3V|dnaYIFkEv{g*QHEl@L^cp3>y3--~oD}^rC6Jw@BTf%wUW#NMp@TL@!f? zb{GrIKBt_G!akhs!=6~qMq&44-P)7N*(mH@Y!mk6ayAOPx1Gj%N;w;a-A9F-YgMS5 zc7Hq?a$M%%XRrBjZ&NuxW;%UsIBQ$mEc?fdbvB)e%~;vD z>H-?r2j0h~arh6lC=q+qAp0EWQWRA=0yZPVbHe~tAt%Fc7yPbJev_P~h;oi|8Om=0 zLcT!=3w0^Dg6~4I?;j21!mYig`w_`BfNmHws1Dwr{W_5VDDxm8IT7FX^wDv7pTTZ94_AT1OFF%CV zzRlj@5;%vI!9U#F-lfK$z)uw#YvYFtjqky;KcO&}{`lEz)@IE3gl6#K=0NoEYM;0k zVa$1%#jmQX!k}{;3t|a8Dt54me{B>_R0_GXhxz)N3iVD94iWofL`IhUh$VDC)) zI?B!@pZjQdw)&`*5Dj)l*-3=nG{PD_1w|5ktQ4_hkcvh|5cKyb6O=LdV*6l}x|qa% zL&dO;dXZy;?=ur3)!~0dGYvK>^=utN{RrN)&E11}4Euf7dwv_uI;xK2&a+XrGMRRF z4lS#cIyNk!?x^=82)Z-MauP9)c5>jI^pzLts*~L}FBy09dgM*++Q}}!5bgA_;_>6* zh4DnAkMYg6$0uz}+9JKI@yQ{`1>Td#S2#ww8IJ(J9|CYzuZ!j89TPuR`Q;{UH!mKi zlX2sTOxOsPgLX#7C+SSU=|faI^E%u8yD?UNL@8$0txog|4Jl08@d(8!gAeYiR2dif zPH7|H#5rLIW=!a!6M=b5vunmcrKU)WDo3}jVLavNo=pJ9TL{S{U7R%=XQy=>mEFU$ zY2j3*DmU1c&dSr&UZp4^W`p@kt9W?Ry(tKc+d4eX@J@DN&ZweW$Eb4Yqs5RF2la+; zVVHuavtJx_TZqc;U)jOGB=l#Y9f=SYxK=PgIMM$OyyglUD#}%@54!dW8*ePQaSQ?m zBfw$+_T#ucxhqu-DYZ}N7AD`nTWIBNp_Q0kW)eZd zCX0PF6Im7BNL4CFNzc%0MCio=tn3zg9o1{E6m6L?@JHkAxn>&-U`p>hE??a(i5_&P?j5<=%5B} zSoNq*ZpMec+?*Nuax)RXj(S<9m?A2FwZV#eKNn1b)WXKgg?hQL4!9UMt>r@PW@!Vk zlURh`CgX{15q_rSRsLW2Gl!fpu`M1iJdEe&-;Mz_>1sBdfs2D!HrfHtRA#F`f4Xr~K zwbeDYRu67iR9-fGa9zXfAr1AjhRms{`F=oU>4?&bA@z+l4GU`P{G#=Z4m7l)q6H6JjVTirSrJ}9e<53U?_^l7PXtnKL2+(MNi z(yWH2nu|Jm;qrG!kGezDE*e&LbVmso6nfM*HrBNOG5x@VPPJmU(sr#Fs?klvJgf)A z9IVe!YdhwH{TQD6a3iq@);3rg9MSE0YOvV-Ec{x_}s1j>ATyo9B~w&ANx*(y`Y z4t_);o2joMZY%MnS}?3HHm)31HYO^X7#=>MT4YiYZ;=e?N2*GeD*1%cW3<5#eo4i) zYn!WD+p23WvgY%sxn@Dj!a7Sed}~%q)m-d_Rkba%=2X=*HMZ3)YO|Vf4y%fibv3nf z>#CZY_?!$RvD38F)l}guepSuf>gJ|~s+xxC)>f;vuC=wksZlAzPOg0s0oQMT~%vcV=Z;kxVf#oiGFrN^&F_IURYOKHM_pCzIAS0t&UXR zlrgcnrKzo{1{O3{&qE@O3+7o18e8kck=$F9dB4zIN8(OWER znZ4MmYpiKm+}viJa^~dpiD}h=rU%b!Xlk5OQ{B+e3T|u~%<>rAT36GC{0(lXZ>wvm zX3(7U;Ik^ygJ;iP&=>}35d_Vyt!}F}QRs%23m4359*le48gQ8%1)-9yW&wwVihNz% z0^L}#uPn;Pq=3RTd&U{*uDsw5OmEo&HR!l3$j%?%dr z*Q%~HRe_3Abzaq6-GUlGxuDMGE@-Q5y120l6}pfy!yKq4GOv13)$Eq)IjUJ9NH?YW z#ttp1im}kH7MBk#8&<{E0Mo157B|VwFC~OgG`h;FX)_G_QKd|FucEAP< ztC`&aiQyIw*mP)&Lz;-rrP=$C{g%4MHg*nZD_RNK>7iOsFeZxGVVMtHqNv54XEhD= zRKoVuG|#G^qxLo^lidYcuIXKBXt^kET*=LZ=|XG1xMjqlHncUgqV8v-;h_=K%w5oU zkuex|EKoR8#x-;6YA#|!o6|OzGAvFlBYPoTG+{*5kyTl(^*^dZi>gXxGZTxz!cJhBH<(_cN^*&P=h;9QH&VG6t(Vg*w7=&F+`s5Hgoz8A}xTs#>V}U|nFehW!tlrpl}?EmbhG z?TVqU%F6ETdQfDtdW_4o!1~aZ7HeU3L)Fj>!w{ScFQH4y2d(;W^56ViUL`b&_e+N;*}=$kSDCzuiJ>Y& zwsXv_!Xm(Q2J^NytHsPZIZ~s)YqP4=WQk&|Y(3Cql!i943%1yGQb%TfBD31CK+Wb5 z-BN=%OGD51*dK?jmODg4)5R!l+&_T?+3d`)l1UMRU)>xF^NcEt^O*uPRfxT-tqS+^ zp!;OsBh1U>Q%&2b-i%IarlfMO2ZNy_D%Gf>CNW_=c06JKo*DPPKYgfYpPxxbx8nDA|MeC&YIW%j%$~dzZVsNg*aSP^g;XET# zHsN3vPGMMTdUzDG8kUfrv~`#!pkpz^82XmB`fwD|2SL!!c!x}>!iFCnL4_8`a%N$$ zoK=Z2!}^Fs6=TL=R;HTjhaEtsu(@mNJo2c9Ln%sqUfsN!=Ea#Q3ED1;k*2AFGnJ0! zR$i8EFtgQ8Qr|SM38#Zpf~MOKk2H*{V;;=hfq6jHsFXxqWcmnWLAXO16SP@jXCXY* zVL*5g!XpugWe*Hg=cJB6Iny^*S*M(M;xXxxnwF;4R-OqPeC8?X^3sa3(y}AN12uJ8 zF&&;`v!<%EWL4uEXE#}sC!SO_dd$SLPM0h_8b6%pQVV4bGrr+}=TBWmhWZQxEw6;@@RAEpK=C@t z82ozUcP@VPV|-rWz?Del&(o>KzaBh7yVqgMh4N%0{|K0A(ti_vI1i!XKZ7k7`jdGY zjOo6B9~b(Qc~+nP=5#6j&0_55sb1P-PWk?j3{SyQhT9(aQRig*jBPya&v5$lv_4L3 zDK@8%e@G`!2Qv=0Tqr~46$0wv1qv?oCsQZoN8`ukhjb2yKV`VZYsog&M7H2r?r1b=l=^kdD@(IaLeU~(q((2jA_S|A@e#K?Kh{~Rov3n#q&6_mbSLF zgxk4>TIw3AOZ7RB((IsF+QC2UP%s5hL)L!?Q$66n2@eOD{}lM2VuyX-zlj}=7Nu%J zS*i{$N@w8|RwzwhnKR|i#m!=L426ebhRub(GHj_2S2;5J7+=~~tHZESi_viw zT!tBNJM_^W>SHg=FuL3Dlltbu{X_OO!C&fIFYJrzFzUMzKdEogA@Pikm52E65cYBO zF!numh`uFocj$%S=JF7JMmOENp^rTx^NYJrGWvc4mi8@&JB6QFjE>jfVVGeDppVzK zsgJ!e!JvDmopHCQU3{t z=-UPNX!x7O=-_*!3^Qy3hC=QO)W;Fj=;Pa?@SoX#(-@k}s0r_kj&l#uw;n>qK3=Cb z`W7CdZyEHBrXsx5BT1EGrBUK(Xr|feJh~P^aqD& zIqG}(5c~K(Co|$oeY{Q8=%)YE(6NnOZx~=}mQiSkBM{dtM#q02qHj_a zzEgsw3g@i;`<6_(G##SvW9Z{|D9mEgz3>oy+o6wgEEh92bN}Fx zifC@uugBvCk{{4Vy~5k_aTqcI5mAhp{i6WPu}gij>V*#Jy>>eRSzWH zy|NCFtL|9Kdbw8LtV4zOJH*XBExWjCPmyl6^z7n>Pd;QkaKk``2`>KR;)b_#WW3xC zEt~SJ)$HP`8HjXq29aG{Ye?1sa#c^C^>Qt?=!F`|*slTq>9QzB=9{!-++))1Shq%8z#N9;~@o4xLqWzR; zH|;FM4P!@%Dxkiz4{=|l-J_L!4~s8_vQ*%=9heN&}Cp z6!4^*KH2xf0@PS=gRgGA+v4TeL`j(+q#?JzG7sG$hx~ICX30J`9>DU4x5837Nvh+$V$KHI_x7u zf37>k)w}ce;+6^dQo-5=l`ap?^kP?rApMn2ZJV@5UKmau=+ykmFiEdvEGzv8OdNEfy>N>#=1qF)nQ<$8~+3K!3Cvvpn-NnQMQ$pmb>ll4@9Z1R|6JIXf542Rzc{HTX{B%3^r(f-UMIbMbp7L~`i$RjwDM{p*OGzyCS7*IV{ZbeGX+PQIQI#i#d71S z)a{d9fZ-C&oE?oIBko9S`7?S(k)v2)8H-<1^Efi(Psf%&BR_%6jANOEUsCfl!80{8 z-HSA%DXMc>)VT=EpV7I5OaUy*@JnjGO7Kd})OkA@de&gepV70Hj5f(-J$^~e_Y2;n znR=ep%;dI`p>rFy{286w$!ru@-oP)Z`E9|wG*jnZGW2|gEq_MOK5~E+mi_o8HGdKvk(I&<)|3$VgMQ_OcH zxL+9Nerg!Ix5dYsxb(u$)(y3UOhGK{6AZIoFnpZg(*&O*nC-{N&lG&I;AMiZ7kr1{ z4T2vR{DRjTKLj|`8zD)3Af`2FYL&2X5 z{zfpLnKgEH63jQX8Gk+&Yxo(#FAIKG@K=Jr6FkPt>N!*Jd4lD)4HpRiD+KQs%tJV1 zTS9Pm!TkkS3cgn`Uk+pRyeN3P;CBUoEcim~Bqr{~f|m=vTkunYw+jBP;12}v7tB7` zq?ISQSa7-E;|24}1tu=vI&HX7@Fjv*2)9Sl(O)FERPeEa#|fSyxIyqD!OI1&7Q9CA2Ek7V-Yoccfz|UJ)i1wSwpjRIFZic|?-MM)QTA)${|CVvFh?_ac~S5HOw^43iGt4* zJYDb{!EJ&s7kq=@p9$U|_!oljE6m#Pgy1cLe=Yc3!G99`rQrV&d=ciGCXW{jUM~1X z!FLMojQOdFdxYR2f{ztEPVi*G4+(xo@XLbV5n?jg8DaD(7Qg0B*M zli&acA;z8)1fMSWLcvP~uN3?f!S@P&T<~uNe#M%Blv#7PYU+aSv@JiBL$yK#&IB*Q`0zqqPYreWBlV%o6hQK zBy0axvX;LX%(x6%LVxt{T&_-M<*y@a`Bh-bmq6xjA@d8ej{BnU-%8eTcMATC;J=eG zE^_g4;>Ot7gRFJ-75)RrTIcbC&lY^1;99{8$Xe$mWE>N6Sqe7i6>k$V>jgh5_yxhg z68x^5xx{+;0W1%D{`OTm8^{HkEeCf(r%n z9uOnbm#q87BL$ZUt`vN%V090vj?4Q*jGoDY)qSB_W~T6;BbfJ;n7Dk)r{T*5uMo`p zXpPK|1>Yu^_gxy9hXg+%_-Vm>fv4$ve zH3fqCo@+A(^$^@sFkfD3WQGYIDR`7%zTMQwPZ4~9;A+8h1vd!hYf+7!rGl>(e63)0 zZAj<$4&l$2pqlY?li;TWKPz~PV0B$dkHviVsTogq3I0g%CxZVfSY3zGWAQh_UtN>Z z{vHM=qu&>tFE}Z+&2+f6e3Qugl?d`fCPe>_-+eOtVZs zPZfq$zON+u9zre`y<3+t%q0MMavlc#l56WX$CcnrQ~d9r|;c`iW*vQ$N?t zsV2uG%HULj#e4I~M}QA%E&=leWAta;#xe?85`?f&8Qx0qh|Ic9KR^f>i%!CuJ>0p zv#a@yX4V(SEXr^m{Rhq6z<<=-AN+~taxm`)p!{&~-!vZs=Dh**=iK?AX6|Pk*XTb5 z%yEr866!%JUh`n^k2Nzbj&Y33vbsz2@!)$j zj{`rb`AqO5nptif*9!IixJ@&izt+t1*`b-X{a!Q6XSZgS&&QfsKA&kG0OlA+{VbmY znrSmXe?fni567}X-4ArujHYGv(9ED-n)AT@HK)J>H6IQ>o~-+;v6`vpRLyJ#6EriA zQ#3P==WC|US(l&1K+an%O3=*32?rsd+T`Ce0^;Z`XVhnBPmM&eOqM zY*sWDG+E2WbqFp6_}MIEEZo@KS+Jz>vuPNX68vnO%jQCx>|%v#WpuLaj83IT>+C~+ zty9I-I!Dr9>twqzIwz6Qhj5vRpWz0y8^cvx^`?z8L11V#a+nf6)8yR^k7KV0FBsW%!^3-nW4lXyFY+rA{awtudaogn-lx)u==$3YcFXZ&_1ZWw7smo z0ymb&j3UTWd~=pp}BUbDyXX{B?$dxN*kUWGnjcCYZBUaak}5N1cw zbMdoHx^ICO9!j%wjzt2F?e|3Uahym$w0y^jo&rzTi|{Qmju-tUCH=?-M0Wfr4=^1s zauOufr-s`Q8sW;N>@{feIUe9aKvW4p`(_vv^=^ZZe=SzAU!Ze!cd+YyM?V^F&BNiaC_5ql~t_zBF7*y@wOUa%Mm zM-uiF2>Ai`+Q?z{B5Z;L-;xs|qy>Wai_9Sfbxq{87 zVH5RuBFW#TJeYXie5{m2_A`r+x){C%QIEY(-VKyct4nBN)VmoTeyEL)Cv|!rzD&G> z&|UDzqZL9q1rh%l_^RUE15o9CLg?Oa+)Mf4?8roqGuQ;5@QF7dOAUNu+!a9%VRmA5tR0*ou>%2T?48P|YuZCecW2qJ24sNZta!z7@ z>VcaykF{cW<+YV_3YEnkW}~YA44AtI$rVH|JQ7V)HH>JJQXOYoh%TQ5Z!dl&)JJdR z)XtBySw!#PDF}Q$@kDI$)k+zawJhq5M^Mx|i*f#lbfO+p$fJ%h0_)a%Kx#UJs8Z-s zRzy9{Av>>#-uDu=@dO67=tIT7;F@)I)hFHGb{*7s9xZ5X-TeKQkzi~3BUj=WVye#u0>2Ewsd+;w5(C0;%(3G;lJ zCrW>rC(ORw(`FB6%2#^thmo)IPR~TX-V>$0N=9C7BJ-=|<#NNqb zSQ_btINkQehUF{(bia$WGF)*uAYTPvW$hO%tn!>EGf5215!pQ|rwReOb&bejcG0?a zvTr>mhdPkN$vK<|g-M(eCIOXW_(FD_=dn2=&*O5oWL1tgD#y~m)08HtoSHKbkwcZ! zGAbwKoS#uSB}Wv*^c;Q=T3dOZQ5j=nx!J>dC#>u_QIYYBqR(bkHW-z|SlNwA6I5Oj?Ssgn z$|V_<7e^;&R4$H+j9(hfLx8sOGNbZIwt!_y6TVCx3;cHKR6SrqjYQqALoXi7^V!jL z{|3!0mhZEB>HZs(O02-=KHL5Ga!=!rp+)2Wu(moqcm{c#H#D?@%dftFsUO|mmelIz-KQTCNa$UWNe%H?&Q@v> z3$V;T3LDH;V-x(hL1B%aqY6-WC6iQumsCT@WPcpuF4uF?KOu(NzpAX%UY6Lo{@q$# zmEQ;R!%$tdDkQD0Myjhd>QdX;j%WK{>gXH&noRVEr8S#m^hYz%k7E@*?w27FGxMx} zcP9GtGW8c_^!7~jpELC>eiI_$qx3O1#t+Vi#qPzp!xZzac(F)~IWDegvtl_h8fc|z zSYgrF!#ZXn))lAR!kBq6?ibyQQ1Y?-7>h$Uy%>$NQkS3_Vx3}p;Yg)Wg|Pv#A&4CH zhGDHH0v$h8o`1+hAl1OR_xxC`igY2?dHi5{IHgoGhs+F3Of!|A`Z)P$7!mf9{5ZI( zM;uEGg6H$b9k)6cms#giAgDLVy^sMj59l}Yt&*USfA^Rx6F;^eC&quw|wp=q6i_!o=d z;LZM4{7aRGF7vJU-zezC(Fm>h-)V(!#drZE{`DDTP|I}UwN0HTu zrhkiHKCKGBy%_aqOVnf9oru)fA>4LI!ju26U0;BvbgTBuY{>M$c2x8AHC*<&^XVA1s}7Taoovo*njTA z8wXUMW48mX1;L{`xYIbqqXEWqAU!8x#b16ER~KRh z@#)z3EVZatM+_}u{HQky9#J*RS1W!+T&vhKSVg@u;_FZz^{BQJt(gJHSF6!*ibIar zC3*5fI9cGziJb7eDNAonpN9+DdG(IqNFM z3#zTef7={ot-=vb;#qq$#KYoz-e#VxL~GrAEAgVulWcxsR*jX|Y7c-=K^kAMuo5rX zJjZpro#gYviI-KID0b5I3$4T}HV4qOlN`!A*k-dj%N$Gq+2&tUhS9|L>~AwBzHh7P zfim#}n{&|6#N9Th5X!`zb}g=0g(m*qX2!LNyM&20siYGA81z zw3YZo8J6lpa}U@{kZRZ0zy*nK?DaH3mCkpv1;w3r8DQmY!zN#?IP(^D$h)~rli}y= zquvgz{bq&Knz|G9lIZUI1>ALsYOp<=B(BSa$@O$ZlNs!cV}O-+6gK&4^&gTu4nk4y zM6CS}RC3hX%}X5bTmmTOXCV?NI2>?_@yhhXD2MhH^W1V`w8O}pt|v}%?gWMn>ST3B zB5Y8nIGkHsg(Y@kr1N)(gf%qAIg>HNMl{yRHllGV)q?b#xmIGl!(u70RjWDGsYQg8 zokqZE4qH%>ZKZm$6FftuojL~1B2nWcaKgVU&*K&(Y8`&zJ1n8Oj@YFaICTuL@+M)E zuU2ZZ)^RF`VwsNcs5cX9pBFwcYs5M=mZo3nTnz5I5*1mHSnk{fN0`zISr@lBzhQut z_X0NgYW2e@ZAEz0dkt&L!Xls>~{ylGx(3Gs%;SDYLU8`vP1qfs$F!(k-`yX=~Z@&0@(QR=dV zb;lQrt;7(QHmj)R?u<;-3YUXH_ik)ALtPFMp_)pU-AAZqm{2o3R8tfrR=6vnB~jaK zC9ZK7a(GCzfUi~TCF;S~xtx3WR^fpl@h2x2PsSwhjSDOB7l(bE6+F+9+vh9?djW6K z&<;O%k!|-&b^0?1hER9tC*H}OwZuw8;K>^}dc99fgja5?l8 z!7klS#UW!I#)T$174m@#Fe8W z*uwlIm1Ag-VyTCY%HS4OZQ5m}4-a@qpXjF?BNFUG%G_P3n^9@ii5#UWc9D}jn*}mT zY1`zb@tG3r*)A_3JmDqz1b*U7m&G_Tl6(W5QQ|D+8Wl;-V!TO8{n$vdKP4wC*U6FO zKpHj0WmSxeB-zS{J(H8HLb8cE zm#y>nImv#EcahRk7EO*|Sc5wNTFRrzrtXxk;lebgyNA59@d^(!E ziLRyYW7xbAP1iIpuo5d(JKYggvz5g4?h-Vz-O=Q4sPhKpn(3#Tt81;qDwng(-F|XC z>t?mf7PUJ!Ih5&zu06TQbJ#vY*WTRZVCLvXRr8se;&mFpXPXPsdWDAzx8lRFr1lgo=@Ry_H8?%PkfoWQRLl6;AbAzz zy`x-r2g#L8;XRi(?W_-y?{e38U%55}NuHofe4tz#gJdgp?pCL|HwDSt==!5Ncl|_= ze4VBAp*k7;bdYSI&X1Jjb3yVs>fECw+k+(U6iWQb<(RZJNU9F=W0xJ~wjil`%uihQ znA?Nol`ONpF6T*a1W8`8PkicfO0pwJx=ioSE(g(_LGoDE-(Oq~qq~CSJ&gC6%btCA zkmQ}HiO*g3?R$bWJ_u(e{_65zaBq1 z{VnfWxY<6H`(W79vK1=#^3Z*%ad)-y*bda(9|IEoqh2-EK966b-i=U}x`<|fr8>l@ z*MLBELgNO2(rH`0mSe|r-nZQs;Mcph71!0@w|P>e_af3b&=I_3>wILh?OJ_4M}^sg zN0YHUfuFr5+RL)~*3`g%5wvjWOHFnu6%C@3*8}ZRc6w9s>$eRhW|z{!#dLm-qPB-{ z=5i06|ANu>5DLGHU;kgBs=FeE5??%K&NK-+ctSn>Gr@Io1C#7^ef_V^^9*^2bC#wUlMa&qz^ zhgQVRcm(+U5P-woE|!~jO#E2ohfc=Li^u6?+&IQA9X0|{1MQ5APtuuy(}$>b=5@CF zcVn#lh*Dh851Hvi&(M&O+4cr}Mg1m-c#t{DTB znj$T#9NoHx@sy)`HUUgT5Ryr{IBPae+vqqdyN74f!s!E5Zm=z#m8Yq_N>N12M*nVU z6{~k7Qw-R#Duts@seMAXumD*Io$SJ#QAM|nQH9i3$3ngwRAN6kbxG6NA8PW(Co3`N zl@M7W5JYcuq;NuTfKE@V87Q0(9(0&po;=5%+;wVvnzD6p#41BJv=QoFWZ{T&HV~5;Ks;Kz6*}b5-OV_l}-5p zfpew6xfy|Lpl2n1$R;;;D4dG5TF%0H3Vx1Nc^5s`;%8e`SgVCz|A)Qz0JEaX_P(pm zIi2X!K+}XHf*u+~Kw^`TMrfKO1|%pb+H?Y1I?>%k5nAP%bDB|^!8kgm%b?Df#;hYM zMs$p0&X^U)G=Bg8s4B`J2HuGb1h^DP zqlgaj@ttt|cU;|gI~U?~JRW%14&0AN@Q+tYf-OCGN3ytGE8CsCufyXv&c-6qtD^#b z^rbcGARI2kA-~GVX>(@_5%C!w5$Eiptg#0!+SiJ;G)a#yj^~541$LrYot(|Aj%=|1 zoqU7;j0f@&+X9dE?v%+i@W9){_6rOc3qEuN;~?|N}5{Q$Reo1l(n|Nr^nrZ;S@mR+avXIye? zX#@^);f5SjAaOx$XLSDy+;*c}LU*~=|L?B7a<{A`_+2lVfxCy4ukN3B&E297%2U3J zArHrbuv=?`V7tOo=KmTO-2Y`xx6A3D`=2=2){^}RzuG%H&HmST$wv8Ezu20nvZ_UJ z-mKp2>D(HBt_Pxlmjpk4YE=cn5d8~XVYjU7#ijLi)jGzzj`c5ffZfXDb#-Z3Wi|Xq z|Lgr;@6x;VFY;ww#n}mZ#m_sjRl zd)z*UORP_Tv$5m-sM}MIPcrau(96fl=OQDOFU1}=bt1nRdoIpCS#17N55Gb4=I;bu zU->z&xx3JAsH1<~fi16r))(#nI`6belrift9V?e%SX-38Ncl2?edL6Pe0a)~fQ-Mz zW_Ui1ieueZkDa}-IJS#xFB2dn<2j2gKczPXXPKUVrgsQ*XwSy$+7ra#6Y zLaf%_SR5SP143QgIsP}s+N&Oqf5jq!%m*H(hxxc1?7{%O-=PDZ=`v-`-C~$}!}jvL zUzvaoH{qO(_vV@Sl^^UeUi_OPjQ2sX3j_2X?d^Fjc{^4Y2I%GOjW>sPQ7-S|oV9m0?D2Qo zwAWG3(ca&&(%xXKT%PQUF^w-#>B4hdqu5xz&qoAfUu!-5MAyTAkHV!R229(oXoJfh zYA-m#cLtzm`>)g64Pf(ez+pi-Fdw^Nb>*^8D|@qHui6>M-r4Kj%HCYqqaN+Kv4Z82 zi`DgApmz`K4Rc0t?2vm?{N9&^^6OFY;@Ao2m_D`#_7!Wd0{xd`gj<|FckK37zO!#j zYmxSCN%0tuVa*c7NWpw@VVm+>lsNTm4e*$$PA&i3cO!dJYT4P>CSy%4QE7?xxO3_N zgh#Tij=Quv=187eqS7Ml@$R8FO^&G@kpCg6(^4-xJy&me4c+-#tCGsvMR3Gk;%-{R zs{398Yr%cn;t()jg_(;z*N$uqSdv&NzZ82kEn&_znv|=sUrUBQ?UA!h@#LYZT-zeE zPjmIP3RyDlyAu58i~Fu_55s+w*@}1#ao=KK`*+{rVtaAS_UxE_&wUetHl3d&+H^X6 zamg`;i;&SpLY{6ILvkpeXLy0(6^5G)pJ7=38-`aQxLkwPrQs&ScNyMdc$?wZ3~x95 zjp1}OQD;ACc!1$J1_-CKn_=-$r0EnNMauGxKV^Ow$%PdkMJg8`Mapj&9r015a(;)% zh2=l;9p@VEZdkrUr(yZaT&Mq#;TH_cx8YP@z6YmVgof$DijN|di;p7Z#YShD;o}X9 zk0R9}2E*c`NcF`>k+S$GQWhUY%HpF)S$q^Ji;p5@@lm8K zK8lpZN0GAlC{h+5Matr%NLhRoDT|LHW${s@EIx{q#Yd5{_$X2qA4SUIqexkN6e)|3 zB4zPWq%1y)lpFXWma_OLQWhUY%HpF)S$q^Ji;p5@@lm8KK8lpZN0GAlC{j+~X28WO zK8jQ>K8lpZN0GAlC{h+5ManCU9r015a`925EIx{q#Yd5{_$X4o*VqvsMJg8`Matr% zNLhRoDQDn<>hdB!ic~H>ij>7ik#dpI7av6`7av8+e4o7ik+S$GQWhUY%HpF)S$q^Ji;p5@ z@lm8KK8lo&!-UV3kN7B3x%enj79T~*;-g4ed=x3)jH$k}BR+~$Eh7D;-g6A;-g4ed=x2*k0Rwxm>j#X;-g6A;-g4ed=x2*k0RwcCam}< zQn~mjQhvzjh>s$bi;p5@@lm8KK8lpZN0GAlC{h+5Matr%NLhRoDT|LHW${s@EIx{q z#Yd5{_$X2qA4SUIqexkN6e)|3B4zPWq%1y)l*LDpviK-c=F5Su%*98M%Ed>KviK-c z79T~*;-g4ed=x2*k0NF9QKT$Bij>7ik+S$GQWhUY%HpF)S$q^Ji;p5@@lm8KK8lpZ zN0GAlC{h+5Matr%NLhRoDT|LHW${s@EIx{q#Yd5{_$X2qA4SUIqexkN6e)|3B4zPW zq%1y)l*LDpviK-c79T~*;-g4ed=x2f$3qfVr{beX<>I4AS$q^Ji;p5@@lm8KK8lpZ zN0GAlC{h+5Matr%NLhRoDT|LHW${s@EIx{q#Yd5{_$X2qA4STs?x}o7ik+S$GQWhUY%HpF)S$q^Ji;p5@@lm8KK8lpZN0GAlC{h+5MaplP^ox%o zmGi-tt1t0Uq;m05q%1y)l*LDpviK-c79T~*;-g4ed=x2*k0NF9QKT$Bij>7ik+S$G zQWhUY%HpF)S$q^Ji;p5@@lm8KeuFYpBnzra4ea! z)0V9Ic}Cvd$n%Z7zmX3y@-c>|8J=bI=NfsLk=GeM-sqfefhI0*fGRz;eIQ>3``CAqz=l^&d7aN{xn7?mvI!74h&t06n z*6<3$#~8-z|DpbghVdu`UkAblOM9%&CZ=Oyf9E+Tw`~%S1VTA(cS3Ic?9_!7za!c& zUPc=Dy>c#ZC}Ya&y{F9hKUQYD{!$skvG=WV63l-d&`wWax^izYpBYl#7u-R4A29uq zP(A>>hw>nBFXbU%`XiyvP%wT;FFYJPTA6*QNO?4Ps`7qd{!*G@i@}F0vp+3Ro(5j1 zJRQu>;ZXlTFrQnJ4+gJPJ`~Jnn3Pw5*DEgs^Sk_%SAow~t_5GH+yvgB%;&zBE3+?N zqkIzhM&(n$^ix8czXkJKz2r;5TzobVT^#>Zz4wBit9Lv8@c+F|KGpDS!wbkdHuC$w z)eXz=<=><%|Lps}BZdwh_DjG2`|t^fD4P2I?{KdGg8#bZ+{^AcJNKUZN^74kt?3_s zCH8sgk^|$(&y!CMNJdKQ-YBge{3aiH--G|~J&}J|;>dXW{N|!3+6SV7%Mt_p_CuTR zIY4y=_=Rl`4o5+CpL%jZc{@8+V$Kk{BGowC3%*ic^M)RYQ8IL6q zE(o+RejZx>579pU>6^catoi&Q-y0A=5n zNAioKQ@fSjn?yWErVog{SX_0li@IU!{M7~cAvH<|<xo=?BZne$+^wN$=Cw}>( zw|VP=$-LfUfBQeNzA!D4eu!6?UH0Joql@rA0YuPzGUI^tqFCh8Ym#SQoNQj7+dK^s zq-z8S^w31_@(1T%TZGTrACDjx`DF-lGJ`aql3cJj*<74Eesc2M2Nx`i^|`pHEYMo$ zS3MQzRlQyoi%fm0d3~~|N89lyCz~hdj-Q%D`4v^SPfz#8M@xL?mF z=PrA4)PyGyz02^^MbS~+)_i{S(EN#B{zN~2VkCbeB)8v`Ki$ip?&nXBQM)vCj8(#MjN^?I-AfBxRcFx35GNqUTQakmUOiT|val zkNBwY7IJ`H%M=%U5$S0`%Fw z_irNUBVnmw>+IDP$8VjBPiz&W`=`#nJk85b^EanQ&rOdsW707+w=69>cwBO3TBP|} z-^1^F^AEeK1sFNDqpdtJd;cO<+TgFA>@#5|$CXGyvHvvBj_NkP&xBKl zj$gcN{EV;4CVDfa6%U`S@U)Ub+aH5YH&tyz{I=G=#2iBz+Zoi7BuZoQB zFfG5Tpz7&)Z_N9AW?B328o|2A`or~`@9CfXsXFK#X^YxL@%M~JgNPYP5J54TzFRmK zu-}^Jb>A(k0WtQIw)aG3&yUT=vLHAsEyjS&{+SqITYR7X1{`DfL72fY{2Qgk_v!oN z*e<C(x^x-RY4S@7#iq*~c(}K^%RYGWMJ=JG+?Tz^<4-GuG_W{ffLNC%>O;&bl=SXO?!yn+`x>)%kh7J@SFLM^T2&G ze-0wv^*8hRj#2o{{8}X9f512MJ1j{1H=j2U@xDy(DgJcUbnt!r)8s@fel{vA?R5Dr z*3_KkrPW^A8Gb&3%m`|WD7A$z?r%n5jA5?!^7x&Gw6pweFxp{p+FQPSOi*Ha&&KqD zjp;)h({>4hm}vQQXF2BOJ%`4S_OU+>q7Lo?Iiaz1ivAgC zJvk_;&QX52=j@=Qh!V@X;KR-H-7#YA&6pC=e=yeJOu_OfPj^_E_Ga{MKoIM@HrDr} zCT|}|tW)E~wE1CF>L-378}9ZfOMQWtHyPbE?c-<@G&(++Has>QExD6a#t89N(7C2! zxR*9E#tQ885Ysa%#v4SPGr4K{rYp6Z@Q8hE3YOF{ZQAqZo(M#>N(t`Laq{ zVT{T4@)k4jxY(mO=pqgnI1V}o3@lGCXkg9(!)|PchsCIMa(q1l&yDf>`ky8`FzR`+ z8*xytAG_rVDN%L6z;kk}4jAro$7x>Ph3uY3#3n$LSIJ2J8hZ|$5qlZiwmYy1zF;UH z%an}_1-rokLr-KbI}Ksf0Ylfo0fQ7jm<|}o#a}Oqyp(?#{AOd9l1x7Ne8i8%vqk!PLVG|R;@yWSv;Et(3UoW0LLIz z&UM4!=!pIvAM8Ps_t~ z!-?ST+mRHyZg>_4L5iL021&7V-5@D;t{Wu9ulj5$q3ed;u!$6Z09iZP*c5*XX+~@Z zwwbF18CzQ>qn&JaN^uXI$_zsB9mBjKXozs#FbdqAK5^)};UpXcDR!Dy!cVr!gT{r#NtOYcP(5u^x;L46PJCxyi>4)>xOp&W7{H? zp|R&8EFv}byfx-rH{?~Lm%w$yFoZ!$-illv27V{PL~7voY+&cQA@4gV!*#>bAn;|; zSHr+pL`^oXikfUV*A01m1_{>MZ2Nf1!b@~YLb1k4eVSud_t@;2z*-X znK1AfF_Y}GY+&cQA@BF-j&R+;SCkO*C9(Fn>;-xLP0S>FqYdm_H{`9rFb>xZuOe_4 zJY}Ajc2F4lh%{5&N6LxJpw+Z+-Eb7IvTQZoy}S)e2~94_Fd1KxQG^qkap$@rube%#RxH8fF&Wo|Cf9@}S7h*Gw?QgbWtfZ~n{h$P zq;uVn_eWf|;ktpA_CV{4XHG$V$?PyIN3KMjhG6i4>jn;VopRad+GTQh>BR3L!*v7u zY^VOrYi=f+btnEi2d*2~NIG#g2iFZOH!tr1wuFwE{Kh_`>YBMZjB0negalD_%jCEj zMAbc$gHaIG9+~XnK~#HYvXcZ+B{SK0f~b0AvOK-KL)k*|GiM?JLZrwD`tHhmf05~nk&h?E;Lsvg{0=nt+~*3 zL*6NzuPl`ByfgUqnID9~Z?vh|WP^vU8}dFz>A`iwpEUM6GW%j?6lCVlHuk%1@X&Qb z-giv=eVIEDd=JDP%_>Lmpx9$s>@c0xbpvzUxm;W~Fo9kkKKDh}4a1?&kU3eu4MVog zV!!CL0eW!Vz~a!Rm&L?+d3elC*A4t^e%^~T(=Y3f;EdRv*vdrURX{L9+|@)N?{r#T zn)RUs`V8B)y>Kly0m2!YnP!UYS{j~!L?oakBs?fWV2mi=uE;s+^CcCCW= zFBJF6-VZ&b%@&ILcv(N7pSO8rJra}=+a1ZtWS;Wq+XTKO`a_TrE5KGtogc+-CmRMf z)QKl(9NG)Onf-xze9OAcUj9-D;4=_gF>;#IZAZeHbFj-~N#y+r_1e>oWQKWrty zqktf;RMepnZ#Q_X*a3}f`utUo6(}(0v4RB_daR%u-s~N;*CC$m`TQDwT!Ka9L*HJ` zN-sMm-=&Pjk3_j-r^~m&Grc_CGi7J^{CZ#qI=i@xL3?7H2%TLFVH)!NJ8&WvZ$$fp zvkM+%#y6sJ;OydA264_V{(*z`@t(9=Enlqf80Y`M;q2n@j{MnbF0*iDKS4#ZOhEw(s+FVAd-63rWD7pZcSmYorM$(hJUY=PoVIx(CIYJC?vDeV-g?LJV? zi=z?2*~M7IlQ*4wXk;bi8L_pr%6#z4`0ZrFr!PS_yq+?4LnvMi&Rl>EJS`AeS$R=b zV149%5pTg(68IS)FcscKv=do)2qRz92ph_taF)>(KX6J0&NA5Clla7Hd^=BiyTMt; zzBrpLcaed!jIQ{(Hk@UA4-0UXQI7#B{xL1=mKpzQ5p{XH8~<9`zufM|zhMrcy9T@X zx09)xjQ@BU_Bj=`aBk`|m=`~SrlRsu)XexWv?lxykdeo|ypiZT@pQidM|nLkCc!7i zZQ$;B`Ad9q{&A%829pm(N0iPUC;s8E53b1P@n{yB)3UCwzxc|jA^9G~@9#epA8AG7P zb_eM+N*Prk4Vwo}mGBfJmQxU{2Io#iFebnWPowZ=Y`C_&o0~_lf%@&(WwLxSVh<97 z6ft~8>{1AfPY%A=D&w~Lbf8y)DLqd$(~QiaYvM;G+{&^<@q zXDq(8u}r9C9Rd?MpYWUcZN5eyhkK6YV0oV7+;i}Ed~nZkDde&E_b6bv=Xe4K>Yn3N zU_05cjUX{+^V|j4z-I(;lpxLKvPEqHw37|{S3Bl5xaHL`Aqe?9XyqNxnD_Eu2Y0`p z4FK*rI^z`=X(yq3jvvsn;GSawPQ>DTaRTl+>Tv+~9Q$C`PBt?1XbeMmas)Q;nMr&W z_A_EMED1as&`vhHPGAsn3bZ=VJ;xaUnSQ`M2Tvj0*I@vFdyeHe%DaoHtMjh{cfSWG z>7HXNgY1i|DBN?fbi6npDZo8P?rvcGs2jU>vf;GCT+ve_3(Goi{KGK;$xla^j2Pc5 z&b$cbGh&P+kDkQfo}(wk-Csdz(mls?90ajn;xp?S`}O`=JmIxni(Na}a60tMVqcFi z8L?Bb&Fmt`NH9x+dyWS{GQWa*4rZsby651`y0g0H;7rQvBJMf*4l9G|czHAhsdyc%np`pV)2NT95zTz)JoIw)* z=F1dN-E;6hBS_+FKBtM2#OM7d!X&=vGvm8-&oK&0n#4DJn?&cHLz4KGZ<83h=g7lb zA9T;bgyqFphky6q1$XDy{^_2h-R`aqf3PhmJ5tOOUfZGAwUZ6+u1p<10t0f0>KYBD zjM#qIX1)aD88KSTo6ged8aWi)eF)lC`<&e)YjF@XnLQ(>$qb0x#1mfI%du-0Y<@br zYoL@7yAj*W{RL^YBi(bn1L$nrb94^eb1;3K)jbCT^F9ggIkLLB+L|m+oq`56CBpkB zuZy_nSOArv5fw#lW5`{(=U}Yu^B0MG4i-y$U#i5p=g1fL9IPI==g6zUmyP&8!xr z!94oPgnN!Rz}@MqjP5zw;EEZ(q}S2Su4?2|6UYB@9{+<;9@WhfMC!C@&I$nPE{5AAy^sC$m*aGm$mJqOvj=ioFX)9WJcIhOT=N(=WKF&2e$&#@(SkQv{b<>K6P z@TpPgp5r)NU_e64$O~p z&+$2jcITesEE;I(o?{A%a(uqJ=U~OIj3iFumDjoF$XE9q{5R3fvBWLRxO2~uc$5X? z+;b#0GqKJ+N1_KVJE41y#Je054vn%ZrluwS#>6}K9ErD?;3K2|hI1FCC6>wP5oOP~ zC_QlrlUyN3x1}fUXUZz0Y@IKrC)Tm|JNF!kX4?UW*(Spo;bZWhb6yTK*K}T>j*EqMR|@6@3UcPmd>(JaX+B4i6@(+hwryQ$$4z@x$R`(pYxMR5IU^{TP z$CPKp9>X@1_b-8aj=U#X6ran0m=SxQC)oz_rm$oOWq%7n&mlsUk(0yJdwj{yg$BiZ+P8|C!S>odNjVd4=XUi|1RV_7VnRPOLG$U zG1J@Pn{jkyPT~SK%opV7nw$iGX`J)7_^XKQ`kcgC7UZiE!={`>6_fRTd_8R5oRhej z=RS@ZWvu(pX4sQIm&8`U=P0dwNz@E_V^+a_LRh5I>-Z%x}oQznig zITLWy+}7*RK4*A#HF6M_%jD>6mXH^3!{VyQo(hh|rCZfxvs-1xrB^j%(->~$KgTYo zDVyb;cUBts`0VxI?(2}$_BkhHKSay?e|64D62yxSjpE>%Y`-@x&tl46%}(MVGyXZV zkQJYXgLvTXktN$sHlLEd!v?M4ZR|2)A7Y!iQg8?HW26plTSUNE<>?6x2L{$7sC(3u z0jWHvVN}6sX4E`XV(wtAH_mtHmXnCz1PEq0UE_=%Z(gy0y2V*0v7k)4OW|kcG%oRS z_K5Q#UOavfbG~Ps*4xLsu%eT3y4>s-U&a>EBYq(c68JP<8jgC#4`zJ5a)!nW_jd6O zxABd%@r^R^jgIs2lEybi<9nV>a9=s-7?)vlZ2V267p}DMOem)?&VJo3E**JXyc!2d zFOOqO&iMG#)t7CKy!RofPnLhnq)WE*t1;0AqlMI2|bc1qU69 zbJoXK_Hl)EVw|?U_~on|yp{uw#ZPB1JtZit_=y}BgM)bd5$5&OxJ*prT~QM`r^R_& zJve?^CJs)IGYP}u{1{En8Pe%T#V>_O55|f}55{|WN7CF`@$E=L$6h&a%XkvZ9p8~k z?DS{`6yBA_)G3EX-;;_CJlAk+2nJ8t;>{tBKpYk1coOpcHymX0=~}Pz5IW;KrZxH_ zgnN}Yt;8`AYH59;#yL!HzR49C5!noJbQq+2)2jpod`{3uJQeL5;rQY8nuY%AA1#V= zp(qZDjuu*}au{Yo_f4QtL^?;JXVRYdKNU=s$i05gqG0`+=e2@s)8oPzEe`9_}0MyJAB&?dg|Q*GiOzO;$nNpu|ldin2xe;+m3${=8e9(X;P zmVblKem#)?hW2mt**p7`mwWyupNZ?k#Qni%@9Kkao5gYVfI+-9^Y4`S2lRobsi#HW z2QIGyLK^$NnTa&Q&(`OR)%e+B8w>nw1#L|IYz_W^4QDO0w;HRzVLQ6c5T;};6T)Q( zTfV=J8DqB^A}+Vqae$bMwP5iQoIQ?@W}@djzqVj8j*jO`anW<`Su+$hZxA_oq zm_HlttA_cr;Gb$3yi^^F->2b}cM~?}$oV;Pes*MCdz_~=Z|Ff#cmWDGSpz&J8uzU6 zh8_-$v~ixd&1wWuFbUr93MeF@z?hF^%p&$iu=#Mg0js~E?Ld5n?L&x|v5{W^9s-Pd z9gzMlw;L^wMyr7bQ2e4U3vdWv479z`c{n-+NBgpq!J>z2hUZ^)$pF|)K(ra>M&<(^ z0gP>f5*`eN9#pCxxjPO&g1pelM(?c>oZpxItQ?S}^6x*Q#YGUc$8a`sDS(a`#bPBC za4A4%5{u&@FLW}oNC}qV9P%bf!OV_iCQ&?TYrQpIzSa$XMR+Z$(f{6`hm6Rm_Pul* zG|2Czk4T66hwCl@lvbnX2oC788t;z>F5kUg|IR*kKXv_EoVoj*Ig#(h(d>Tdg{y{m z{)2(t0;O@kN2va=_$cMx0OE^+-hSD*c=$yqI83$KwKkkP3U{m01@7V(n2@?i6IEM2C@Ta zp%K9Q(UDbv6@WsgI{HLNPK9Lj*#N#wD?Ns%d(zThwxAD8Wsi~G(hm($itibml;R6| zOCjWiPA0`i36^O)uo;21Hxe{uBjOm#{zIwQ-#V3jNBYgV&h~dWY5L7wwC!YKn-VV4 z75k&TiK*wB5Jk!yU!|3#@}aLW_a)6anV6#lOCf(Cjo$1{xt7V~z(I-FemPYHe2-S_ z&Ubc$A{YgEp_7SSN`hs7^aJngVJPJTVfqNji)sE;XMQige}NYBR1QjF|E!kwYiZxf z#6BfhCb2+ofbt9+_+Xo{sem7|fEx&>#^z1&E|FXI(DnV6ykOEE9{{5^F(mHYay z(9~v{;%4Muuwmjy-U)aRAg%pf==0w${uk2PpQi#_J0BGmx|7n{DZwJKc<9>_%OHQ> zp*EJOj74Jjhl?Q_xB4lBAWdI+zxG1bR*2Fmz)hUbs+r=Eo4 zkr!k0S13$92O#M@7AoDTQX}c)8_AN+A86Q}lyp+UMXHQH0GDJG`a77=mJNfS6O?M> zw*)1ctD&EVz}he-QGpHPa6q9uDbY}ZW%y&*aNaY_pA$W2JX?!Iyd8%2#({sfzk(wp zBd(#f5ZGp#DPhaJ3?K>k9^p*Oyq5}0z&1dkJ1GgEgt4)*^P;$zGq!X5=NTI-o9`D( zg?~$6g}2MX*vi44>Wir!RQh1ZB@#Zp8p9J30gtd0vxa)Q2+s8jF*J^3EzM;x*3=RL zYpNL_x!4=(afH>{x{M0U#UBBM?xaLQ2_xZcO(8;cW2j5~%NfbVkZr;Fkv9NdCR_>l z1R#+VLtUEg(b6Q^w$Vs>01DkniG>$vlMWz({`MM@MQTd`&_knL=PB^8r#+M?k%q z>OmyOQh_<4-|{g$ArbHhi(GhXTrPg=FJ=V1@Lt7Wyzt&i;Dz^5faIddKREIOe5yr zxQ6pSiwl49=x=g(K z-HFlrszd`E;Q~DDuXO=Bo4epUc2oi`JWkdGOUV;QY^gk=&RC!7MnFRVQOS$`<*Tt;qz zjE`1FJ_ESjnL8g^*HCMTnA=KoJQj02!Xo|U5kOb0{&W7XX^#D62hFj+@Y%QY7yigh z`pXkgm0ln8mqIGAzZ?Z9bSI_1P=ZB|B8PK?UaIRKOUX zkO+8$WjaUU2@uKv`8QvR={F3*9Bd*m2mA+!7@r8$PiZ_D9G|BGjei6f!xLhhM_h)l z#)kdZ^-?&SMlT)O17Z#xbJ22xF5hD47(N*1^$NSwuz^ztrQw3_{5q#bRz6^0Jx zE!oF%OXkm3)z0H2rZnv4+P#$}Jvx{UKLnA)F^q;SR)U8KN-{#j{w*yF@0zpbXKqI4MIkU#lu~ z8ZyvQg2G_cvM?5EImtL0{lcHcJL@%i?$CLjN6~4|xOU+p{i&-D6;sPfCK9 zyp|%X?V1?d?00hUgkttHJSCf!FE`=QBOlGoz6z@8tLU4coov1(vGkz8r!^Td50{2a z(dAqs{USax33Meg(VcTU$~pa7@)(|$4O52j;~Ac&=2T(Rw(|r?dASMRnn~H1{WTJt z@#;FBk`2SVr0~(J_dnd9INgMcyYD>fK)j=M1dj1O@YhXe=bcl&yfJUI4$1Mn*s0OW z_iok)Iem%K(Yg8{-(ACrM{Rl&cP`Qqu6s-Wea8N^tq-ofE?9ZxS)%7LkVDeHk?pOjB> zJP%5F7RN1gHu?m9Tspu%~5M`Z4Nu5olo;IfsgZj=>(l&oD=l1R)BFO8=as7I>WeZdAWSQRKc`} zX?&_E>7so?D*HSvN|h}SCz?Z~sn|p*?RApz%r1h-l4__h`F*}*&|NE}~!-=Enb zOt;2xX)&fSWE{wn8TfJhliwUlbM-m4smu?V3mz<*luIR zoBixCqU^m@G{=hQFP=%4Wp|D{-c0V63zl%ltKH9fjBga(qquXrEj`A|3mJ56vlcUJ~d?ry-!l^G;Rd7ebX6 z662P>4-N;5Xyzf<%?WS;b}ItJR+fR-QX}099?b_*v_gPQHko?9H{YqyevydqjUi`c zt+&q0-{@4z0YPS4T5k^JL7_PPN|pOwSOPr7TRk)>?p};a8o1*V>YbYurx6Iw-M)fH zayJQU%saMu`9_ip*|LGL#rocC?p~8vj^fVgrkV$*F~2lL%b?3|yZGLb-0@}-$+&S{ zSVF9hdvUX8$~7fA5+`L@gYB7EkumPB#hUIlNl}y8{4%^Xv22ZB*9x!4a<9iSv|os1VZ1!w!j==F7z3?9C&*x!8wP8Y z=k>Va$lN(q@sFuiy7ze>HZ`|6If`^=QP?JTfHPl@6j4LU2W~HppqV?kfDebk&-Qx(; zs#u zUxpPT?p%SbZe3s$xS06Rd}|PfJ6dIGR~Z$`TGbX!{{yRuJSCdxY~vE(b(AE|;*P&@ ziF(0PP*LH-Za&w>Q09X0kacOwlh3dZ6j9iR`1JZn5rxAdA4cyDdc|MtLWuAfR zL~9mzCt~GL!s;TQf>j!ktv^1IJ|C;G%$~3dQ4rZYmpwjkz8!0eL4rblN(v2zJ2u-E z#l*I}Qy>cegw-U050$sc*c$eFihg#ur2?ND!wh$s2;L%Y3i&+P)JIAb)*3Zh#q2~a za!TRPCZ~%UY7vUUy|AKuTsiWAbE^oQs6|i;e>OrsZKk0Xp(qr8Ro)RULOy)vvte`b zNQuI6m!cxkn#J7=tPyX`C})IEodY9bh?FQSOlq{sn-jH2C51nmw-PnfB9s%Fxe*^p zw~COWGq9Q>r|4&+YuY&sMW>0GFn4_Ld_UF7Mjoxgn#E~YAi|L>bFr!BPZEKGJv6sC%I0>2mQhjRA>R*vVKB#>Xiy3?fKUI<%RPKiRx6ghJ%TbrW* z=Vf^W+g9c%`V1@b%-#1`V_w7csW}rBx}c0rk7Hav8-@xWV>MS{KFQ{TW;0HuMB(sB z(a&1`A~X|*Nr`6Tq%4f6RX$Uqu-GW-j@6EYxnamqjiNqSO=fu5%6>`|rXnQ@Z4C+o zhFTO&67yk>CWKmHdvc-{L#7j&(PoMUZJ|dYXLhJ#S3=yIj*kbEtQqbmV%>REN{GTN z?wmrZZs8jro3P%5m2*zFaMsWX zE9U{cpu2_td_58?FKJ7RydxBj$I8KhLzY`c0eBmKAXayt&8q~f)nho0BBx_L7wg4X ze}|RB$@N%o!FmVQyRhDi)h+*O{r^asIGniUe84};gVpChg$7_{mtos?3-4ywh1kyd z69K!d)`R~@`}ru&rurx>`Tlop@dI`&FvDZK7di-ExA*vd=%B@QHI;)ZOB<>y2Tf?G zSXNbAH)wHbL&b{H28bK$M-_}1QC?T$a8OfSU3KH2l}(kkjim#sR}L9GVnAi}!a>zl zWrG%#m+yRH*uYT(3kFrymRB#UsQj;rZKvp+eeChyQ~hv1{)q$+1+}%64FeaWD7?m| zii*mGV6z9q`rYBO`x*sy7DD0MffsB zOF?BTvnz)W9^Fy{2?_*_O$}AGi@-9Rq)CsC{^I8Y36y!m2_R6)~p~SXDB>_Qc*u1Q5QEsd~m!mt}si3S_)Sn*9*kJA^Yt9sU4F4EK zF@Je1V-vh_T~(Z2BXU%sQ<3l@l!OUMbqb}1b0(b$awF zjW~+hWiMUz zcC#HWOgf`Bn<7WbUk-$yxjxxqtodaT2bF?|(E*ugn?zUKOu9)5BHpkz3ty{>-Xz^1 zZ2dt`4$D5(N?dy1TZ=);kEUlO#3K2Rfr)FKB@WiDO5bMWCz6EHVbS~1$K`7BGvx@K z$6Q(eAu8jw$y$&V=zQ(Ufth$JupWut9L>s*l&4C>>7^u^SqvMI=oXDi4iFk8ECX7E ziQqxRoDr1JyCMzugG49_TaPs+P<=?+t^$fI73!ZwaDo)E1UiOevrrmiQsd}$LJs_;foQacy)VV^?ENxo|tXqlYAZ&1H55hWqDZS_oE-qASt8UbyhX!_Jixi?SrJCWn z|CvS`Hdr=w&SFdit;S=0(UrODY=57L}CO)izbGL>QcFT2)`kFqnlm zRF;=i)dm46!ncu1%9}pAY~nZ7TSiw_?$Qc5?jK6(mz7mli7AgaDkT#S)et3(l?}@)8%oL- z*Hx8QHhNX~sFX(R)s!|i;Z$Q~c|)a^Mpf++-2Id`+5DlXO7LM97h^+x2{g)=colWb z-b$~$WaX$4wN;FeIjdjMFseoNYnD})R#b$ULzu8M5d>$OswB;>h*Mc*%;nX%0kZ+> z@l6sfa8_VL)uP2sF4L&aTCa+UW&LV`8f!|ct6LOyBkq~1D@*X3?~2l<(jbu3oKzYz z#47aQRRJw#h*!C?9%WnAR5ER+Le)mGlF@4GDqmcR2C*1-g4LA`E(ztxM^i)48mjAR z7bS6f85W4NuSLiTOF^WpL2Zj@APuYP!@Rh{4ckq5WkXX*Rb%5aR3uAQ+UDZQ(h3i? z-dI&vi{?q2(nuPrmZNH^M^UOEOL!=ErjksJ8cn9IvC@N=J1uVfGP#7VCZLSAJ+z># z65U}@ZDmCgnQrhJOP5zxlq^K!ZCqR__06`1FITl_4HCGq1mBTuAucU%LSnt@I;7k+ zS^T&b+LH1m<&8s17@4=M*2Y;~w@4Gtj_H*zLt{6Y2|A(X2evB9E6`b%H!NI*N|ts( z} zXJc!utgb9?LgT1!sB5Y#ual9E4^_0LH90|c8!Bt+mRFY4*5QeeW-@5?VICKk4j)qB z(L8?*3LO*|{t5<{G%P~`N*kAy;3Z)8s9Fx$nr!yLmV+`Y({u@pMEuNJX?=ZVtu$Yg zLM^6nAgUHtm8ZsZlzL#S9HmxCFP0c1aKQBL(gwMa;f)o80!HgAWq&W>`0HxfT{pvqh2Dzv(KOl*2G}6k7;|Lw zhHZxA5FK6~Sm(h7!4)=AjM}MeNM&Cy*;OLSO@O%2N$n@UP+F(%rs zDimZ=SDhS$W%m!xGEV$su(q!EU%DZ zBr-P3m|Eec2KKozpC{`>R7@@E8Y)Zbn;N`wjF4>lu31Z@m?kuMtU3IJU8E*xbU|md z4OfTts=68u6)hTGc~$*l&TKduGM#L(GUIX$R%Oz0ovd+LeSKX6hbgJ2Mo-2rj0GHD zkcjeXTni;@ElE=UeoxNuo*a7tBhY9YIg3&LYqIeJ-5 z{QwNj)tKZVX}C^@y#g0&85krhyhP!=wgA`Wbco^!nIwl{ImL3LC{7g&9}%8nXRB|h zT#i~)aKpRIbQ?=>CG_xN9b9rX#$Ao~CGNUdRa;Ss$z*WJ)aw{6AWhN|WvJwQjPt*` zM!BlmZnTSGZDCyl66w{sMh%BfCCjCZysBUj!y9Fo)C?_?f@w5wAlMwt*r2_DQt4HxuHK>z*OxYw)-+;TxvZ(8ZbdB{-f~Z` zl$uEVKc;EO2;8ce;?f%(R1`~&c?jpf;SC9rhFK$PWmg$o(hv^jHgSkKTji@wdqjQ?BVdabo6V^agJ zaf{qcLhdswBoO`x}%l?tpMVP!UY#*jh1ZkT!>QylTkM!NX<7R?aD9&?}_$ z(R3wLLnSU+<&`y@L(6oqiox6v!FJ>7tYu~K`e<5k%e(Xv>FS)~Ag7h(OW4pBHOYNf z>KOoY?*?}%C)-%i&M|n`t-zSStg&=aFy8KbdBVI(M;WO}El?O@dFut7ljVBkC`c{l z>$ryr^3rOkL@1Xf87E~{B-a{TVOpDZ^Mewvz7ki#ojMs}fIZ0D*P8^f$Q{GV5h}lhD^?-w>B!>(v7(8%r z-{68TzbsA$|6KRx%D=`-rqwR2^XAN&R5GDx*1-qNnLVlGfN8TQ&75$+tir)2;J21IenNIf}1m$jV>6`=sb+|9VO8Zx0b#|@-ufo{>Iv?xZV4kAtg1Bfj6mg>rH`?5XeGZQ4~_wk<(b!g9~WrH6T;9qzg8WM^RGsv2HZ z2I38gV87T=LuGa8K%Hj~bWaNgwvdJwtzK1)4W+%%^IM+hJ+q8nJBwu!*;0&AW0#kQ zV2JvKx;mE~D7SC}WlS1ahNnY8a7tU{MMOW95joi^7op5#L1e!q{Xehh5-)|^P{-5{ zWbDCJCdfiXW!bVtoC)F~xs_CLtQ;7eEiEhK4Tn9A_i0)jW7b^DYqHhZg$Pq2L=#v= z!|(>;H6~6pyn(^%Lj!|oCBZ0KG#9mq16-TxgJ$>3wn?b5A8-KSG7PI5*m=xBm|}8^hTzCCPrL_v3{QI;1Dw4>!8Uyd;MiSg zfT0Zz;?~}mus0hr+GB@z_G-Y^-eMdxUbi?Klso3Rsb>d+Bkl3EZD(&i*xGB-bJ)q^ zY^=kPW1gsnJ(pkn6DYK|32g1H#BqxO1jk%BFj{*nVJ`t0)5k%X=V<>0tkzyLj_ty8 zTwcXWX4!LTmThX|^xlSu>G@}RpFpQ|ysJ~@!nA(?na#)9$OrSxe6-hd%tr*qtiA6c za~D%!XyXUNlxO0~#S1X)b-?P%WzSajuE(*v$UrT$*A;S`zAIsm-#w%~_7i7sXe)c? zqtUqwiM2PdmA%K#3toz)z0SrSU#7%g*e_#fbiDYu#ifZKA#}`hzdk?JuGk)2`s!QR zOTwPJKrx)Nv80u~D`9Uc&NF?C-`TrF?eRj#r2_VL)sN^P+u5excGz?6l>OM*<7X=I z7cTYeWJcg@@MU1fRE}K$n~*Vmd+-=5)A0agCb(CRMtkBooY2LcyBlEbeTrG!!}|pG zlF)Vbo@`}r$7KAx+5~j=-fX3}aJuJRz=o`g)B7911ov*e51;$)62#jRx-MS+n$d-! ziSLdG>O;+i=RR&_Z`g~ecE6Xgmw^hi_9o8vyz#CQq36y;AhYRv686TUO|zW$Huk!< zvUdVz(4U!x;Oup3Wv~5fp7$0yB<*pM?eg1O?G1*EOVbj(6wZ#T3+-_o(n@dZvB3ng zwcZ%$u_?Lb6X=a{2iUvx9iaBysl74Nc4?r@=}m#2EtfApPxX(1&~y3Vi|j58!yg8F zaW`lhd$U{F8~a6|$8ur(&R#Cq1oz61!^^%1>lPOm_eSisKi%{0fnXTqu3fP?@|t7q zJ$WWxu7}Jm&YnAVdn=E5pZ)0M+(+fMC?$!?w?XZ3yVQZ`x0h=bg{!efWW?uDutYIp z=P7fnkH`qF0_>s~f!VgXaO{q>n7QzLXZa#7&vPt}$Oy}$V2NTR;te4eHd(*L%!1)L z;-!}8PUrVXodiX_WUJ%+R>!P?)DjI-AIPH8v+Q~HjMNh4CxFd@7f8$zeH=lqO-<}*v%w|P^L6kPJIZ25xg&Kn4ZN;9re$C4h)vZOo2oB5G^We0^qHlO zy9Em5Yz@nPOF3#s%3UV!}^WlTdPZps<_43%%d z{xUMU?ycA-F$9ozfcIAB1D@lQ`NOj}l=;j2bX*IlpO5{olyArWa>I8jzkvPM%KWhv zKNH5V{DpCMO+!znL7BhFWpPty67~gT-Z)|*XZID9A6rq*y2JFy%hq;sIGA$Q9XT6$ z=du7RZE~zAS7ux_%8l69EAt@}%ZU0{VgC>rHd*gvXY(`4p~Ht{yJ`9K!v0|8IoQus zz8E%FE3<65GAw_vc9Jr6HYxK*YFw!!57@K}`5x=BtDfJ7RqaYhj9WWoT9jH7D`x(lNw}}iptY5NA=Ni>H9(&#=(+(fVy`{VzdoCT> z=&<0l*AY{RG1zl{&~XoJu#jDv^TCue&19Em>315I=lD)27pBRlVO{c2Fg(w?A+yZ6 z`YbRkENeGjvB>hY4finIS2-PfmKAl_4o53sLyiUK!*KGvFGaSUrE+-y9S)6 ze1qYem1+MDWfs@NWY~NRd#=vrljIz1ux!Jcr~Et_`Y&V8)#<-R)~V%N;5_B`4S%Z4 zG<>bhG%%k&Gl(UQ)n~SXkG77eN`%oz5W2)y@dRg@&gao@scV z;RS|Q7;ZLvhT-2BW?i^6++_GJ!&?lqoSpt_hPNC3#&A0Nr_<*($T5E)>X`Sqj{k0W zD8@A>pK7?w@EL}AZF2g&HaULR@E3+NQOQmx-!Oj^?BrF3*Bbt{;j0X9HhhoaXAOU3 z_#4A%u~fXdhPxZ?Yj}j=d4?AnZZzC%_-@0G8vfC6FEo5t4*29<$VVBjGTdai+3@Lx ze{J|m!%1{77uR^h2O3^rc$MMxhPN1g*6n{FdQw47bCz-K7~Hkqx=8;gN<9FkEK1&hQ$;ryAa9nC@a- zy!RP?!tg7GzcBox;q104J6#O-G(5=gzJ{k7=4Z!UdX6@{-0<;+&oq3o;olj)$?z7# z&l-N+@JEKfF`S0^luKK#;XMowGd#iYL56D#pJ4cG!~AZzi|cyB_Zfb|@XLljH0-xe z*=cKdcfhHDI;WcYl;r5#f?YYg9N zxF;s%F5a<*4>r8m@JWWxH+;F_8x7xX_%DXH8GhaH$A-T%oQZn{m(EUxJK(;-$@ero z!0>3p#fE1Xo^QCy@No>4pz8Tw!>r;m-{7 z`G>PpYPiPmD#IrlKF{!94ZmslQ^P+PUV&#PF5YVm|H<&PhCeX;wc!|^sW>~ihW9W$ z*6>Wj%MG7l_#(r9Hr#H{R9xK*_cc7i@I=Ei3?FIuR>Kb(e%kP>hPNC3#&CKvm9_zf zrx`xXaHZi!!^asu%kXauUuXC>!+$aStl>8ee`fec!#O=t>EGS(NW+s1mm01!e5~Qq z3}0mUYQwh}zTfauhF>-Ok>T$QXXU5T-^K7=hKCxSVEACeM;cyYc$MLk3}0aQ3d4Ue ze7E7PhF>!LzTvM8r}a$bE6;Eb!-EVL8lGo(k>TeJe`5GM!<~Dj;_YR)!0>p(2N|Ak z_-Ml`4WDTEe8ZO;-emYO!!H_s&+rbzvAt61?_fA-c$DEuhG!ZsFn)-x+?(F#k{Gu5rT+ml!_F z@a=~GW;m-~%FY18a}BRCe6``H4ev0#=RPT$(+n>(++cX4;rk7LVfY(znkUN-VE&(i zOKyM2G3VxzG(5=gA!OBGYWQ5kHyeJ|@Mq+V!2VZY_kWGpfK zjQk+7+Mfxg{ejRaH9AKdZZ!HURDUq^k2g9e8J*LN&iO{?QloRF>XgIIO-AQV!w(w$ zEvjD${cT3)1*7wd(Rs({d~9^uA)~GhA8z=MhW|{?LPS{Z1-t(Z{gra9_m_?SyGFj< z$iFu7^g*exJq?c~Yh2^OjB5qrondt587?#W3srv&^p_f)O6z=Y%)5x z7@gaU&V5Gb5u@|C>g<4>*NprvBma_eZL2>R9e+rWukR2x4t6@ZWX*dgqqB$6*~jP% zQXRf0Fwy87V031v4m~^^VRRN4oeHBmo6*_J z=-@*cq5a`xO~b)PP6su#Pk$6gQLgsOjm{#YQ*U(E7@cO-;d>bu8=Wf*UvKm`ss6jr zzr*M}V0eqs-)i)qGdgb=op)3RFCuzrLsNNaOV)Dk0A_y02Zqtv+vx0LbcPw7@kXau zb@CC{Jfl-)bQY>kFX${aI?IjDYNK<4(K*ZLoToZPuyc*k`J>UfU3H3~^Ptgr-0(9- z|F1^>HKViL=zOX={E&3oFjJmnSDs*&C*65;H#+%7r?=682e+_|?Q3-QQyseam|=8| zGCF0dL!TctMrXOU{ub4zACPTE=M}?m82xvQ z{wGG~YopV4xG7IC%aaa5@+t3#0T#vWS^Y3IGe{MHA_ZxoL=sacQuaMQw>tN=KA0+?G=zME9 zIs*DyZgH}PZ4YKx`We~X==3t&*XR#0`Xh`^k7hG!f7xkkU#=+qdUrK&?$C&w9` zQw^VG^v^T;8;s7?M&~-!p-YrIjLrjww;27cM*lgZ^NP{=hv7X&rOISK!)1o);l`EQ zugKX!-CY89?}=SYxt9M;hVL}|py6%g&Vij*jQkzLpBVnq=(ic2imM%2?erjP+V%o7 zZTlgL;YNRq(HUoSrWl=>M(0q~IRbVT8l5FZr_SiCG&<{y&Izis9(FD^^52p*{Wp@e z4F6>K9;5$&(SO3|Y%}s#jQoAFmdQs(=Le&cJ|-1!JF@EMku`057@eL*-rvYaku~gC zFw6fD=H1;K7p{yjm|p5>y7@&M*ke6^Bbdcnd)qZ%|95O+YR4u z_%X7k=SeWr^991bWOUv#{Jzou$ms7dI+1--Hq*hh$#;4?Q?B*Cr{O+^hmbWr!@&$o zmn!3p&NRaZ8U2|?{|KYA$mlFl9eP_i#^|g!e1_o*$(o*v$=Xh?GCDUJzRBp^Y2*)+ z)y`vJ=4%4d@VwD^-S7v7zaVSaugRK*$XKwJXSU(?WYyWt$n(i+XSCsYhF6gjXaHE6 z$vFY92fO!LHyE934c}(?9&)=N>;qu;j_V7QYntCP{5@IY%_vOiv?r^bj$qosZHd>* z=nODiVDv{A{r!y2WTUgl@V}8Y4d;^E2kHNnk>70iMZ@XiQek@-o@}_%FfF_1kTJuo z9w%qE9kV(ecQuU1kf9up6GFzNFJv^Ckc$jYHayqxe8c627a6WK++djFzI%pwvf;A~ zpJ(`D!@o7mXI{?E?+tGBrxQ1v zXSj=D`4Eaedw!=gi>!0$!wer~xXf^s;Tps144+{5RKsT)zQFKBhOaQpduErm+YJBN z@B@Y)HvEL)XAHk>_4wiXywUI#hHo~^`yZFDyA9uOnD;YI=Ly3f8vevEf5hYTV}|n#cQM@C za6iMN4Hp_d!0-&ihmkvAV8c>jbN;IzLjr?W99~ze5n5h0gj68yCrfb{sdlS{kG4eeO=Nlekc(~zW!&40(X7~uh zM;op+e5~Q)44-XSe*dCrzQV|_HY~q|QJu|3ewX3<4FA>eONKu%{ITI54Evd>@@#Lo zqv5>__cc7&@G!%Z3{NwBxZ$G=%kOkFze|n0+3I5+D%fK@I_AhJXwaLBgO6G6?}u(GVaE6$mClL4iQUf)!tss-;eV)ru9Bs;yM5 zMym*l6|KG^isDeGYPEH!Q}w&=wV!oz1GfM78?NtvUElSsE9>mve%7;|HSV?7-h1sG z;T^&|g&!4uLih#Y1H$hL|5f;FVfSv4m8BuJzOV9Lrsr0|#|ak-_Y*!vc#N=n7YX}x zGemx#aE0({;kCk-3vU$OCVZ>#?}Q%^-Yfi!@Td_9zZU*ZxGC-(`hMF|I3?UsxUcX4;qk(!3(pjuBU~kXq3|l< z9}EAN@FwBggzpf3K=@(dXM~>ic0*xP@>V;qJn{g-;e9E_}N1RN*hlFc|9~a&uyifRm@TdBRPETL`xi zP6>Au=5teTpKDA#7Yg?iE*2gsJX(01@Fd|9;pxI$GwRcwDLhAbiEy>>GT{}%tA*DJ zuNU4Re5LT!!kdL}5Z*4lLwKj~eZsqh9}=z=eq4Bu@IK)K!mkP+7Jgg!6XDNpOgzWo4+KRO@0@*vDtaw7{S5E#+Y6NpBv|czcFqK4v{Y7wg6`tw+7cY zZV%2k?g(ya+zs5$7>|~NPR0|!-Hp!z_copb<{H+slBEY1XD=BLD%`8ms&&yZ&t zcLC2e?hdXn?gd_ITnOe`Ql^Dvtic-N0pNAUSZWjSJ4nUj}Ysd^xz4@kTJ8b5Z{)@bSjif_oU>04_A< zGw=~)I~Vhr7dZ*}L}T2B2&NjdP0u!FA1gC%3+D4L#_a&++Cg$>FrS5y*~gX}vyEzu z*)EqFvn?(+o(sOpxC*@4cqw?BG3)I%;}zgLjcdU78vhvld*e&Ne0IkCtOq|~%sS+= zGs;GyV(s$Hwo0HyZy9e68`{ z!8aLmF2HAJwD|@2PUCOD_Zoi(=Cd>EgczUrtu1l_{Dg59n9t5AuLpk4I1hZ#xEYww z&Zxt0PrhT^2K~icm()( z<5R)CjmLop81q}0Lyh@P$|=S(z^57WJB_CsbA7}a#^vC1jOT-A8}s|}e7?qV@te#Q z#^-~V8D9uqWz01cYmHZee`;Iu(2folaz}U}cc`Rcb{1an-6Lo_z-+9?&+yK1U zxDog!<0jx+jGKdhZQKfcuW?)OL&gQ*$Ba1-+GE@q{3qjX;1`U0f)5&VPITD#1n@h? zCxZDLkYyPP{?eFp2R;*|oNHeAKO4xS!1avBg7b{WgPR#o0=F@q0`6oy4cx={Ofa7h z(&pLVlZ^Rp%P?ckK}H$R29G!9d}N9-*VLS8ybxS!TnV0UybOH4G3O~48uQ&2K2KyG zR)a4w<{F&KjDG^&XnYy?8siP%n~XPtZ#BLSe1|dLbNP)i=QR%)^Lx3q#cf&B5c0IS-m_+!lPcG3P{c zj5~mTWZW6N#JC&y0^^?G8e`6tE;T*@yup}r{A-N){>b&ld>@3*G?}+i;MUkRRNyc)dF_!97PhastQal4Nw>Ac2W3 z8KR(`F)zpRj2nTQ88-p9F>VhoFy`9e?#4yn6O1{(J<<3yFu&!(_% zZyEm<%&w_b>l=A1nEsb9Uw=+Hf?qvK5 zn9owF{~DOzu_V6%9%TGBc$o3K;IYOZf+rb&3Z7=nIr9wTufVg6zXi`X{vOQdtxPM% zxq)#8n9o=#PlA79+z7nExCwZZadYry<5u9CjN5{5F;0Q+H0}Vt&-i%oAB?+z`Mj0s zb^||a+!Oqwac?lcw@ID8;5Ur>gWokS0)J$D68H<_lfmB`^WB7GZe)jZ??%R_fSVhS z0`nOw(;5rzU_2h&!*~+7ukjRck?~Y8pSLpZS>TbzoS%<2E(4!U<_!(FGU0i~7*2vk z#+aT4RmL1o_>7ftIiA!QBe~#GW179(nBxq;7fOAOGe0-Z2VZZ@dntF3sSL;Gtz@S4 zfHBjmHD+47jhWUy!;Fw-`oJ05H?ZAB6j*Dw{I#O?)xxWVHwg0@&&TEUo9CUv4+-xPenI%K@Q1=*3MViZ^!D97TXtYL zy*KOb!J53E=obr*BeTQ9O&6XcyhM0~@Ot5^g|`ZG-t6t~BJ+TPdt7+G@T+7yPC0M( z%=xkB0E35r$A|xRhyPD{_N>{xDtf0a*y28%2GYj%271W-N zNpeBw--bOi1{HLLHH>+W?*Hoie}!WjX8&gIwwJGZf6bxzN3myk2Cl_L2G7da4vCF! zIBha?cjom;cYI%`)1B7oHaTqUQye6>XN;ejJoFF?vK82{OHzyl;!^`jFmO-+VI4? z$80=v;;f47$I6;LU)J=^GL9IMm#*#h^+iTnw)2_mI&|M~2pU(!3%0e0bi0=Bn^kbv z{%(yLS7dB&xNFP&v3qiso!a;2)aZ!?Pvs37bWZMpX0=(tdkqVEZP-w`ed7LowFiHF z`@~%hH+5fE@N)R%J@pD+{r<}5YhSLwt+3n%J+t4h*gi35-&2Ds<3Va%?UH`AOQsYq zd7*Isi+P2I3irRBk=tT#?1?!rFTai$@g}7th>!M_%#7jKV>Mt49_V4$Ua+mug*5cqp&)HP7W{c4>FzhT0*S zp*2>}s^PaC4?A$r?=B!}< zgLzx;NTrHrraGo>9u;hFn5xMb-fi8L7Z%REwQ$LjnXRYp>b>>Cyy8x^txs4ow=i|? zB?GVDc%Wua@0V+e_toz0ec2rz@YG?$|{>T><-*qb=LVt(&s zL&x*%1Q}wie|^U-%i3)onj2g3dA9}K2BPocwHdU^01Qyog)?Us4oDUDca3!@Z`7t& z`e2&cp?3A~!os4$!hU(F4uz@S8M*m|1%+sZeK$sSd)D6_3l40#%#M{V6Wcb7wQv4d z`)1F#Z~A8YCjV%k-}up)^*@ng039E_{=}M(Vq;35$yl%jM?qvN_xWhMGR8yT@X8P! ze)+SJtn0*O&+eP-I(^HDMH5DEDauFZKC$9JqS^DA!?$hj(yQp?u@lBTQn-C-;mpqq zrw?O=uKql=Ygpe=@q$rVqbs^hEP4c8VAiN`@~GIRQHdXq%D87#rnkTB*)9`@WaaYK zDk^JqMM3XG@!;BMuc%_#vxPls3m*HX>)od|4}RBk!swdZR(&6Tzp&dSsZ{ktZx-}g zS5z^&v|EQ?7ZgsKi9v4CjM{?SVDb~+7Mv2asp{EaQN!iW-dqt}`tkQ&?=IN3xm&N+ z`*IF-ePr3Qyrjm(=eEtm_kGi?*Okr9|YM{%+{ewB%K-Ki^wQh99 zphGzwQ#a;ad3Ei<9yuqD&;EtA(&lH;Cl;3SZJ{@${ePk$!%RiA>#^3Ke?tj8|~|10xQ zR&702_4GB}dJJhe-WT(#f`#k4Y8QHP+=X<#Gfq&fKDm@g+FqxCef{`=97fEkIseghY4+nm)W01v&@;Z(ey9 z3p05}j)loSxO|DlGBOboi)HbKb3Bo;0RO@~mdI)bX)Kw+yZ5nV*43?S zB@%#qn9WEqm$23dF*19C<1g^qD6=c9CngOezC=9TNiSjCmD4C44$L^T3z+pZe%fTb z)(-ZQo1vWX)*48H?7374L*DyIWUs<+M*WZ%@5yZ5+Rtbko`ap-di)oT89l;P*vZSD zjNgpG;bv@_WOrf?M}>UA(;~>>{exWoAlHT1WF!XQxBi_@z{GQ=;m2v@I$DDeXz{wH zK}KR2HL9rLe$I;mmqSoLvNjvo@Mega_z_ARqH~xFF-}Do=R>T#nHiUc{{&=z$P!-` z(q2$+*3!8_#^o*`;VwloHiV2dy50q43xkX+!Ynk;B=-r>XwAhO1P%=vvA)=HjkzBW z@_FAoV`KPxrZhj}?XV1CQA+P=N*`!Sf7O&ebWxBJEuZf#CxU#Qr!)Q*c7P~vNydoS zgK5j7Vp4`NF&56sFgA8GtXLUNb5YFl)82Ackk5DbGRDXFC?mfQ^M6N-!Fl^L8pPY9 zRipejj!P;{T!5w0G|p7kM>W+f-Um^xjB1MLYNjS=M4e%NAE|ORMn;SHTiE3D?oq}C zaR%ot%Xlk(3m{7MT}}1B!#HbwW{`g+gZ>uhz4Rvg zGx{g^;JvA9_5rR_Hd{2Oe~>XS!3J#V`c+YaRo?VD{A8S%U@bJ=&)ON3c!~UX++oN# zDZzX;{Rfj8oZyZ9rrW4LB*AP4`7@d7$%&oVX}&gd_!K0Xp<5Ivfp7WY1;Db#5o=4*jg# z!j_Qb)~j5)ILNv`9ElzLYhpfI&vid~#PTV7MuN}R>u*Ln840GAb0T%!50Bkk_v4bz zNbnJQ{U}yDVE$lKUe=@GG;r(tP)|*=9t&^9PL$&(HOKoj$IokyUk{%~6wC3)As;Iv z#}82Eel*9mkY*%y6oztYV2h* zmd{6qS+B&#APypLi{GD){L8rH+JjzM_8Ep9NaXxNFI3Ba}wep<;xR%BQuJ8MM6^E zsFAPqk@+Y-Yg1wf;8`49hVy z<07**KjZ7PwI5|jUKXmgMP@CZw`sE~GWH-&lTWhxXY%o8(|@vF2RM#~z8;Xe^gd>B z`(&Pj{iwJnWJ-nyW@aM5TB#^=wCgYV73@8OGHC-zoSMlelTi|*q9kB)cqZSGj7*Nq zlw6O_Tz~*GImVmZ$Lc@LS%S&wS} zJE8`%&T*DtazR!nM2>R#qqNELtZ8YJ^RgtD=VdiSfaP+bH+dd&x!751i+0XUK1!P$ zva{+ZnW3gL$qkY`nwnn2N^h9t0nqdm_K>_JyJXY9P^VFnP2TiI>NHNW`kS6fd47_G z4D$H~aaNNgA8InGR>>Zitwu?;PBNoWQf-nvIHRQ6CV99-NgbDD2ab|zmt+Tul1e4n zEKySJlPr9YKbePnL6YxUwpkx$O-l0Z#HgAlyHeTlUg820$GO2{YLeBA*^HYBT#Oj5 zJCz3cTvwNMMv|{e(p+isfwZ|Ymvb{WTg}b!=JGk(Wz9{lv*k51tAnh}Y-TXXKfqed${uMk>u2+MRur>AwrjAzyZ(^P>ahNh&CCV)6VN1Cjj~r^ zrxEASdjYOC8{$O3(^BRikgep$2O-az2h2@=QXiK*Zibxv%$>NhzeD=TAmkf;iR^dL z5t7Zqxl{@o4uc840hsH4oO(v0GX(YdoGK&1Csg(MI4vVVvkj}EKNFDaei%EKjUAmP znK>v%F^51a{~=UMvQxMW-1-vgC65pJVxBugCcD`gayuF(IV3!QfJ8Reawbm?vv3FK;kD-J zKQFl?9EP3j?x^@=b;zOzZfcRdG`y5{gPdw^+z;EX?jj(Uvn1JNZMt1#^CHB_NUX+h z{rV1>NIuupB(DvB4sOl=Yn+$-dH4u+qSUVsSuRU`M;LDab3x8O5T5IP*ykj<|B(8Z zh?9}{4!`v;cgRH0iIcTq5v;ndn0z#3ahjEtR|Uz(LXIiT=8*pwvbzRtiekwJ!>v$v z$A9t^u>27P&b*ZYgXhce@5}6Kl8N zf*|>1_O_}`*$gl*Y8$M?qJ5gx}$;qf<8_c->l=wZ5_CA_^dR)Nv<-JT`xsx)fPGo$uQjle(=do7IDr1f75efz)WCi;>7TVd4xr<`6G#QH_q zzt!^7FTMe#VJ-$lneI}Hks<6m3{tv&@Zk;d#zD}P?bDY;*KIx8Bka2d7*6S4#+Dz- zo%ZlOxHv5=c41R{aAlzFOhe6Q!$5sDeorpr4!ehl5KMp%Z>U62FQ(ExB$hzfyA#S7 z_6RxpF2#Of`QkZ#KP>6v((UEi`fh~wU0A+22&4Th8qP>8V{&Zm6PhxQTuv0Mg%59- zk7Wd1c?5)0*r3Cq-<5|;IEA&v+a_I|xhZR~yOX<%mo7pmcb~&>P1U} z@C?TK7v%ky2H|un9gm9ak51=yxW010M)aB42%!tl?uobqe+LoQMh@Ho*bXS#3JA{) zPUPZ%{PtK~&g!qC4!@<#-rD{#zy4A8y|9TVwWMq;3g)DV3Tk$8kHMWhsbxbrGTV$E?z z>uPQsfi-tN^S6$*4%VVeq7C+2PkHst2wSq8qS*A1PS_ky5=550L?M= zYY;ZwnQPb_R+xGNOa)x(?FmesQ?OvfGN_G$QvXWysakeqe)VAF%Mho8e4_m zDe;;_CJy|JmBEUj6O!TiA%SCcE0cL{1(TT%(KcG20oVs9X5i3D+e0Ltfa)WXTbS}} zOZ2;eMG$??NIe*aA-R}=Lxp184R4kK*nL{&`R4w(HN^E zWSCF|v2$Vr`IbGubl_r?Fa|?h4DQjn67__15`6gl1ZIvUTIr$zwlf+7U5U7dNIdOr zfNTjPy>byFT?x^1)TM0bb=YHb*>SoHGW5$JeCIdNJ(WE$D0cmCE0j+5!LB~Z=3_TG|5e?8i0qxrd!Cw*X2k4Vc_PxkXH(3*m9?*-|YY_&cmO;pW zV9M5Bf!~sNO&(f%N@h)v*s+w3&~7(+Eco`BQkq%H!Rg#L$qv-MOaN%>+)xzB}2_ZeMq@8R1e~iGV(A*D%_@5&O}k zV5FNQe9mw;X^8fdIL!KdMg3@hE%y7m)A^~+-d)`1h(9{ykiQSRr|>|Uk0@8NWV6EA zSd{0Eq%RTZj-))CZHpP|jwJ56BZ+Z%g2$26n{jwt@V_9tsWXGhZcfIW<5 zN74WvV+^2}Aua~@=*DnRFM|Iik{G)I4H919N*=#zYt2YL4td)(^R!q^)YqD@dBaiY z4H#>fQEcDs0hmjT5Lb>-on#p0_(>ly2=@D0Q|sv7>rXbg7I zxM$JYBidF*yE|;&))MQ|gqcKQCjp8X>SA#Z$5BW8xS3uL00)v25DzU94haSon`m?- za%0Aztq}5fKhFs>??qLi0CJKqIME<9^@yrzVLV>Ba#1V_2j1|GkpdcOn z9fal=VElKXCAr8E{`$088MH#qrsS>+QrK_T9zTo}#STVgqpGW1l&LPo5|`qX_$oJU z##ZG8Cl*7+O^V$lcpNW#>DI!BH~hXGn&ozgma={B1#Ba5@PCHD54C(ncmdFfbDGxy zrxQK^tR#F6xRDTG-1!4w%vjjQsWLc=)@k$*q^Hs7X*B4JeZm+t7U!IU#+ngmtQ&#G zP9`vSlK~^oghh`2I75WRsFV0r9H1x1S8T;WKB^F*%a9(=AD@O(8IA)M;jtAsa|}ah zUsUf_r!h5tRe-1^)<_%(U}keX7`X&`ys9|b{J2KQ4qa4jpQNC697N^JVOM~gX!QsD zfs$c>_X+%HOjFJp&IAl2lmiwK&IepUSP8fjkgm3?Xq`r%f%G&QJ&gvPvBQi(W1kXe zEEDHfXRH;0#(EK$yWxQULABkD^!{_Tz2r3h&sW>{{X7@`gSX!J8W%2e-5~V4khjAk z$;1Z{5F3=uqkd9w`WLudh@F&u9(36bxoa3}^0y%lbpZQubh~pJB)M}KI5Cb69vhs^ zt}!W?JQyibm7_zXIt+V}>J+Z;&0KyRgLpQ}b+m?7G7?)Mtp5tX>dGp*N|aj@)??!AG!oGxYH;MBWdIIQ0@(*`Ia3R#Y3#-qKnVAxs1AyW_4*} zq%o5&&n+wjGS)_<+|gp^_}HB+wrdc)TVB^Xoo&a}K$p6BWAYn? zjWdf|{Cv2pe=O^9iNHV%-Jn~Yi5P~1?#Pd|H$!{KE<$_OmE{PVz04+(W-Pqs?%RU9 zg%S!QeaxmQ_pPe|DxXl7@gtJx$5>vc@*GIMBm?$Sy8Y^{) zGMq*`SYh7F@}6$=@ur6=8`_dJGNCSFB$(JM9NIE!wZX2ROoCQ$dYzPgG76a-2`T8; zG7?Qm>!G7Yq7oJPs4$7c9X<>ubJGt#5qug>-U4tAqg{}K4}%hJI>RS|%AnmA64jGb z?~s?-f#X`*6@g%rn+fno+N2gHDNvZg4Z4t1n6iab7zJ?SV@^3DH#kuu=2UKQ0fQ^u zN+wQ>3|)ZCkua81kDFfbrbndhL_j@&bCjF}UoWT*GOL0%7X+=gaQ|d@6oZ=)M+IXy z?J(J<8aE{l&*f$Yd{l7K+9&|OX%|JC!p&s(FgS-BA8pE(x@hO5;{c*)CEU;`lPF1- zgo=^ERBi^thrtYPyzbPrE}O8gQ<%&RONb_!flZXzDIn(8%cFK_Bks?o)3=)SM5v}p9^8@g{}&@;Zo{& zP+7Bu!1q~DwY&pV43EsU;Py5rp2E$Y@bRFkW((obNX|PuSG$@k+`{cvcv#`)xA4w7 zfp@+jXD;dLQYqZRRBm+ErgHOZc-K7%yc$HejUq)~d0LAdbWc{?_6WIo7Cs)V2)7Ve z%uIYXAhSc5?v6_#`vp7>*_*JrB|`i<$K5yKk;Udn(kiiqRN}65CGLhEQ$Z%UVKh`$ zlH0r}yWBhoPcgTTIPnZ_%yLpJZ%h{!JXp`BklEb@pI(SqLz@jWrYXqG{ax!zrYPP1fOkPLv*gXfjG= zx=*DyU;sSYjT@`ogw*aW>Dn!Z!stks8`I4d-5qINpSM`he+x6mTj6MLM01YAEc1Y5 zxiM2s#MFIhQ>>deoo)$!oug=h_9^H{??M!U%54>ud*`nvcj(mkqOD5B|q*OUxrmZM|RXFh7h&go2HpIzmMgs3Y= zppV)RT42SViZ0(Rl36aiX)iv6Dl}pByl+ELK&@FtqF2?Wm!^E7pS&A9G~} zlYf?&^0S1>ErB0Ckuf5_!G$LDahN~%$gFNUMp0cp5=ZAFk!Y~wVU zI-5C1+ssMZaYslMWE;=7s0Hh zLnz$}|AXl;U>AJzC=(pZU19`h*B9$oP;wt72&QnuI7eQXQsTZs5KMm)_*Zxt>NtVp ztO{oXZm5{WsT#)FEnYn>@M-!;jZrZ;3hHKk7};s%8TeLar7k?O%AuLz&%+~8ZkQ;p zt%E+D(@EN{PmtRV@QA?8Bp3HwZl=Q@dut%lox;rt@VG2%!|gB}9Gt*%>m%0P8GwQ% zQX&zXFd`qoAz~BvAkI=e@`5=^aVj^Bpp3a0H*Mi@6;QK<&^3~C;}bvf3M;ZPO%m_O z#HS!ZB;Ju*MntC`39)nI@p}SfNRONT@Hm;*U1jV+_|x#HxPM}k<+3of9yawIPUeQ0 zLjqkoV;g0%gd0n@i=@kWs&i-Im&YD10ZbB5GzT6>Ha9EbGlEsTu|i}fkVXq`UxbGi zH($e>7SVFj!dI6CNp4#B+~7L0?h@z#vileKFgTN&kKpU`5nuX&TKeGT&71!4s1R<3 zI!sRwhhuk46v~a&K%S&ockRkTu7y8(2&A0J$*hy2pE%JJ{5r=vVQl0h5=1q|i1FaU zx&e;g`rHN&VcqC^3IylCADuMiRFME0|FjHLtzRxta+RreFISU$T1+_DU@)-%Q-~j#@jveuy5uRrg9VM zmZKR=cu${>eVvZCE9rP{r1NsWrEE6*VtC%tt%CRNF~H;SyobR%2;PyO zhkpV7pci6$2>xC8PvCh6;464uu73|7!+7Z(_1=a*TK=EnW=Q;=;NI}_;D03YV(=Jv zt|6KTKNX&zt>f8X7QA==Nv9low7E$1d6~Hk{$lu5B3}bu2fqP+BRsEDu7UTCd_DXY z_?zKxgXiUscf4cvJ9yr|`U5;~Ilcye82&AI?-FP`UbfVOuMgiAz8(B9_)+lQF{~kc zBY5iY4AK+65Z<3CP6m&K=k(CKABx8lj*mzE@uJT#+T~e{_86x27{<8Fn@?*B*t-qj zE8#c6Z-)OR{5|mA%?GT8=d55eymypy^u7q5XDEhmg!fLvRzt`zjXw-^Is%?&c=nO$ z@Mpube{k~3=|m+w+mz>b@4PN`IAvgeppJJwoP9&(s;~WqY0w7K_!+!+TwhinJ|CWK z=N-8ld=L0OB4;?CGSK~BIqvys&6sC4nq+()jk$pjt14&r#@E&YY=hqOD;Aaa zE-$NGSl)YB<(#Dp7FYD1UsgHi!m>(;tCke?9WY>a#UhWrt1BuNR`p(1UB0-gtmndI zeF_KkEMGXc_re9Ude56Z``Cbfy^4DE?Y&^}?1f9`l>a}K+A+y{``BWXlMl&ZF(#>ffA_eH=7j3B51#+zSOH6Ic@y-rK;dfAbZSqm#>pLe7P zQ6oWBb>)J^^T4o)`Mqn;c;7J2H+jQ&h$U=zfhRkT-?-ydj>GJXv^+Ekbt3)fH|F%i z>_!2#(VX7;ju?#{ZT`rpc`z2sZk{$7Wg*PYgd~xT&H)mWe|Cyl_^olN2HAM46S<*! zjK4uF5oX4N?1lk0aVL+vGOTp^nO26nSj)4U1Ysf;zbb=ji7@`jMcFw{a%BdiK=ScL zE>_I_u5`aq9XUQSgYUTPw8L*b%}y?}<0{i<&`Dedy#$5LM46ejsBpef*fjNA_AkVH zg<(9~v2PAmhSy}%B(oEB)qs+qGGG~r#53br78Z|RL>m;wGt=bqhf$x>pJcF{4qZZy zMzLBGk@Sv>)A5odi}y?-9WR??+B+|1ZJ5sfgo_Z_@geaiUCekB{Kx4q-qF=^RK&Ag zD@Gj2XSmRaM>#$*N-MtRVz=vi5o<2uJSUIpDe4Mwldwj8{h{X26@F{^i$CYe7n%s7tfVnnIu+2Qo_Savg1MHqkI)jupkf(nlpSt)+w<@^1Jg3?*@ zMRo4lS}pv^Yx4MybWWwUw9VhTLlkK}?KK(dG+}3_54|=zwj&FJT+5!~I&2vKC_3On zyf4UzIBeq?He|e>U|)ruZ5Oj3NCgre3Q{`XuiR&y@V^rWV7Kf8rW!;R_wGb;L=E6f)$x&3-&(RDrqSj)N4zrJgdV(c} zAvb=y;mH~B5)AJgp6bTl=%8ufx=f|3^=Q~?=p?Rhrduzno(Fwi(v5&#RmV~F`^I@} zm1}`m9I@(}H_|yK78>D?UKow-(P7Qsm^*44xdzm8LCA5@G7zDb1V*ML^Xuju48l@On zL%UmM+`$xeaQpSuQkQOYh(tB%dM0fC$`6^*2*=ZM)Y(HGzUcCdE<*xB>*_hn6>YiG zi8!jUsNnAO01Nr9bSF|533AaqOB)?+z9!kwK1*X+)6j4gff!?~JG1`XxjwsvcI5V) zY%rJ6@E#rSt`9-Z3R>k3gs7Zx*RH;5>O$joutb%GE{}3@c=R2YwG*?FM~qPPFFByD zbF-fRjTxC;u@tYoR?V-dtWNPWb(MTEX;x(^z8O$DyLv!Be#dwYK4*Mh`SPluYQaV2 zrPTpGlvY|bzpM}S@X3Qxe8+=o<%>-X;`x|vmd>tNTwT7bnrfI?@}tQ3s2nxZAqy5S zI3{>uSyff3#96R7ib8p?uwwDNl>1q_xN5`E{vO;}jpy(q?xW}4ZRy1Jof+Ok-7cPr~Q4^-7Mx@-eMylr`7ISvl!i81f#T7kS zl|8G+!ejLZ1#DjODZdtEiWx!hBm3IXDb79J!`?dBl3*GxQhr1*+*Q(`y$RO zckNc!cU%`cqSbuW{7^4oCvh!~FSofmuR;sBtj;exp$Og5`j+cW^UINYRN%bo`D~!R zSicP0?3$K~W4h+jC8(S7V7A6wgr3G$IJSFLl~A50Y`t6aXMIw&nYb?Sr> zC1WN|C@l?;kP})vS1m&O9bIQf9Saw@)(CKTR8-C>tzNza*(!Arv2`7VSGc^=rB8ob zeD*QzhJ&q=LU-)3zxq1zN1dzZ**si>s`C~v2%^U0LCt8<5r0HxFDS39LT_`$T~xNL zbjiXpbO$@6QPdOq&T>)f4m&qQSQ(aFSXqQ3pw|Rw3YTA|L9y>K$YoW4i**h()xk2> zz8&sSpQte=G<_IikpMO*&WDs z@FQQ>S?4ajln;tJ^0)nGJc)@3T{QuFLkakWjG6f-BTyQZ6pN3097wk!3m zBjaqkSak()E$j{#+Uq~S)v3#F`LZPo7tCHzT{>o(&tke$sv*~DUDuRreZ1Ez*|?Tvr88&TC&jfpChdvB|-|; zT5LEM2OR|CC-v%%ptNCMeF#PErCR`Xh3`zb`%f+b*T>SKP)3&f42Z@8T0MH~hsLp` z!@buLBL=0q%&x4cs^a~)o)bo;`t<5s*sHK>bPmMln}Q$(&pUq8-MzZfF^lI`1XHJ+ zQaWt-l!@b}mYh;LZcNE3lZTC)GNiEHu;F8d^r;7BICtj?+dQ`yE%+xE+CHX(&iO6% znGPM}c&7djG2?l;GQ>fm3xDxw6`uFbxXpqufbS&S1I#CNl>3{c-1pAgX$}GH_$_r> z!t?1OMoiE4!ChHH`=?fj&;kK*kpN%ccL4B@)>jF=kYvJjB$j$)BX@}d!@IDVs zjrkC2UdCLx==o%;VCs{ZCiRQKcNzapbjVFi9)t2G zV=f3{y)Z7<#L&?unKF9+5Q=i|eEoBw0i$utwx&K8Zmcrqng}|^B~OH>4*y3JpKVdz z7R)xId;qxC_zUnXWB&l`hw@Mcoftf~bkretfT#RFwb%chxI7kIJ@l$tzKBzYUbs0N zZRdNk*=R40Xh)u?dsUV%EbEmHm-FgTAu^#lHpGvTM~3K3;m8noI)p`cw&>+94tmYP z)kCDk35?6?5wpLe!hWb2QN&})khbSfGDn#@GWSmV*sMG8k@>v3%I%&^UPYRs{mc6q!ojOUlB@M>=~_NnKcw=oF<&kWlGduy@v`SkWGAX9tG zu>V8$egwJN8&{17j%JT_;O$)oR(spA&oRh5Z(}V4o*DKk>@i*Dk7I?m_e-$atHu5g z+2i=E_Hvij+2bkJ+v5XgwRZqv>KI1%dw4R(L%M&b_Xxt6-~W}~Ug#X1F3akj&->#L zcxKpOl%pfI)WxlsbUFS4R(rYF;W@)QZ{sioo*6b%>ZOr|v0rg9f!dpaowbZ$&fEAG z_B}J`O4#%LfGe07Mtd!fvUeE!{+xy2v<<#>rS?)6;OkkCvAj)9kM;_WviCM3`STBg z(>D06JGGa)49Ak$<9x*DZ`4ut_>TNq8Zzf?3_r@=Ez9eUBc30pMUSNm`5oq3eK zE_m|JbXi`GDc;@%W{<}{-AHt@l%wd!=kNTZ?CpTP(NLkiw(#EGPt0Bv8!IPak9F#u zx5ot-o*DKT?6IC{uN}O%$2yhh!PR&cdS(G*M9zotVZ7QKhgAkww~FkwhpM-C3-o*( zTKEVPvdbi*54-;;y$djCOqBt_>)iv8=)vKiqwlwm((NeeK6#YAr%`#6m;rO%-eX7E zE5-nEA9PqR$HV(_ymFMi)?@IcZ$CId&)fU&qwIYKd;H(HwAV%KagONYKpf;_A~!RK z6geOE{!#XF|A=?|@*;cPpz8DYwb?_pIaf6ui*V2vyrVsOK1Ao%>-}wJG#7-(Ij`3M zdc0QfF0U;5Hj>|`9$m`pMSJL@(DSw_^LnkJr|q`$&vpHo*AKoNToB{qF#a;w>-Yop z+~p{HU&0>sSkHaL9>+q79^5bo^IpXD&Zot#h=Y+hfu<0#Kjgk2pxWL4-c);YDzRY5 z8$q}r_UfF<6T#oPo-6I*Ze&gGBER+Pc0h5w4yG=SGX~EYbS!Tyz2`*GZxo~=bmxwk z`wyTdzy|*|#9ez)vKAg+?HT7!}(oFinNi@Om{_c=ngNZU+>1S08nvxI44zK3lNP#odvp`#h5B z+>!syhxWDgxUW5h`-!^9pm=)r7>VOSY`GhO z{wAQ?sk@`+c9Hl9_n5`+{o6ZY-Wu+JFmx2#_kfQl(XkC}d`*a!XnR-4C z$K=`a;PPYkU4G2I%a0ujEmPMtUd7=F#S?cr>7E?wv+jdQHLBdG&9%Sz6%zO;&R z*kRo3$(XC$g6&B-uF0I2{nhwUYNGNR*q&ssGlg>KoP+I3Y9XA)#D--G=o zn2vNse)*jO&oB`*vC}fy_d_-(5RwrEaRuKy^aih zwmaF^&vuiut;xQAerIyF7dgkq1lnRAcn|ayVJ?`boUV^C?~UF-M!IZAvQKx1$=P0H zpYAS`rywVL`5#Tr_9FZI95#6u$jQE6eMC9(!+WxW*e=Ke+lB1g#f=rIsGjQ~tO=O) z$(bCP?p*jL4Y7b4+mpzts1C_Fh4_IR4NsjiY~3-EijEz!&(Dvj13BxH?8ge1hxU>O za5@iQI+q7b!qa(xob7l_9-vbOxyu7|*rvzi0rI2szO+dkS%X)zkFj>J@xxx zOYilI$Tn6CrjGG2VYV0Lyat(Q%xrMJO*xa8Lx%nN*wTCZ3&~dYCDbuy+jw4KO#7D@ zXJY$P<0Q75$*_L|w)EcqRKMNv{GKt>`q-FR`r5b+wm}%#$NI;B-rMKretrMpJ-B@9OMDyGa|>hI=Xrs0 z+V5se`z%}73_ozLPqvPj=0fA9!aVnf{DEr^AGUJn#%r(Nn{tagKzNAoX~L6*&lH|1 zJWrT?!`tV%(({jnuMlQ`@H)Q~zDxM`!cPc4C;Xc5Uxhh7d;5)rIhK0)A>kGnC%xR= zPq4b;OEz9!DZEa2oA5s21HvB(XQA=E&Edimgl7w{6#l93&xQG~UA@f*gr66FP51-h zFN9->Iy()7`F|z6{ocYQ!mEY(zjVF+FNALuzDM{GVg4I9ANOTpe2*|KKSOwq@cF{4 zgfAD)!~y2*=L@HVPZpjcJX3g)@WsOXm!97Kjl#bc-X;8u@Ihhz=L~P>bK!azu)Vyw zF#p$`m-iJOC0rt0CR`zWsqiM@EyDa?WInAw3m+E#NcbD!JPg=A?f~Ht!jpv06|NG# zO!!*iUkd+5c(?GY!tV=zA+{)CxVP|N;W5Hz2rm*|E_|u*Rl+w4-!A-H;m3pz z2)`}-iSW0=NlgBHxta*4gnJ5)5S}D_j_?ZMO~PA*cL+Zy{G9M>!haS1S~w4L5TF0H z!rg>V6rLztC48CiHNxA3?-JfG{EG0q!k-HBmoe|Zb7y(wioUt`U8be6D}2A zMYjB`C*#trRaYv`Wd(Y^L3R+Hk(bzb}iOHbb5+TAJHim zoiW0bg=dh>{!FsjuMnMO!u&rOUgsww-$*t)KNFoTqH~An+$}l}i_Vk6`$XqOksl^o zT5pTar=s&O(c$&3&vPExj;WTy$B9m7k@qEAS_4Gq6w#R=JVkV7h4&rP^aeOYw=B0BGrEv+v_hxO;{u%0mg zSA*9t5P4^^r8`b|lIWL;{(NEngAs4@0+FvFo6So_=W5ZpQTS%jxkKdlkfayE~J9|avSbjr z6&@;lrtnhXYlWW_-Y@(YvYo#^A!GhZ_ZisVGt9<)FW+_z$fn;?ab#)S0)_m~6*FYvGjWbQO6&ve_vTospt5UU;(ToGtP>WV16L%=SHma-B~(Jlz`6 z*)F_;Z1u34Z25m$C#r;o@7iTo6@ z#T_F${1*t`{<*@lMQ5SNmy^xTO3}GObgmV?UUY5|`Q2o*bFb(;BRbEE{1uVEL$mxbRHewS={_$!!s7>oRTDLOfL2I%v{=YgKv z3Lh`rTewJg2-(s)TX?zfHsOcKxGtr84D6qMJV&|J&q3k0gg+GiT=+ZTtW=$yJmHqY z$B``$1z_fZ_0wB)h6|r2Tq1mq@Lb^v;cBv_wMlrV@B!h!lQE{y{VN6T?J$V7uah?< z_le|9L|!0VBs^7kw(x4k7JYM*8;pxJBKfuSGE6fl5 zdHHhTmBMR<*9-H5e?IQdgl`nyCcIPF{i_Vz@1}cDgr>`*AAba@`;bFr3AfVToAbgH+necq!g~AsL zbM26~dAaaL;qAgZgdY%oSojIyy}}2DUlaa{Y}Y&g66RWCFHZ{R2{#dLBb*ZMBHTlG zi10As(Zb_|ON9B)aedxq3eOR)7G5S?BYcVQ<-!|<-Lqh;pX)__hw$CPzY})Pi!JVB zBHu0iCt>$Y+4SEQ`Fp}23x6v7jqvxvS$xiGHgkmCb7zyc6M1Lh?!tqGi-kuCpC;^{ zUz`2uA}#1@LplJ zzQXeVg2)dDyR{ak^H-67E&QEueXeIP{YJtqgxd(awHc=0MdT+64-pB38emkVzdzD4*B;k$)vg&!CGv+zs8ZwbFE{H-wl zja<6C4Tbqkz}G`N;SR$5x7A)}u<$tHNy6s}&k{agc&YHOgnupks_2pNUll$q{JHQ~ z!u7e<$nwxgxTSDg;a&Gnac#)qjJco>aOgCS+Lbyu!BH>lS zR|;P(e7*1%;oF4o5WZLVe&M~s&j`ODd_efH@Y}*43V$LT!~Jq!51GRCg&PUC5N;#f zNw}+Up>RLpQ-#M0pDsLA_#ELf;RV8rgjWi$5neC6LHI`DZNl4ycL?7re82F+!jB0* zCHyDh7lmIIena>#!k-I&C7k4XJnPT7!ui6@g$sm_7w#q8SNKHXA;P1D#|f7RPZypo zJWsenxJuZqX|!^2O`|X4M&X|c-z9vH@b88HAiPg_zwk@KuL!>-{I2kq!ftJ(cqtj@ExP5x ztA*DJyLFYOzft7dgl`qzA-q%ge&Gj&pAmje_<-=M!fy$`EBux4zl0M_>&lxHZYZ2D z+)22raG`KN;gf`i3ZE`KRoJb`wEA>wGL7en&UwOaO{VFr5&31pR|wxIyiNFa;X8%@ zApEHCUg2ki4+*~^{E6^q!f~!GwESlYHxq6p+)cQb@X5l%g(nM76D}v?d_%WDc!_Ye z@WsM4!dD4jBYcDKR^i)(?-2fj@T06rAdkYT}K1JBA1+_f5wV=jlh|bxR zEe9cvH#$s{(`zR%1g75;fqMFRJ(g3Y-|0wEj{9G99pU}^7hS;qTBZl(c5PBfxt*K( zQEpsBxgFz!DK{>r+{!hQa${gRT|5p-Gj2ns8Mivp?DB7UVE%pHQo_u?m%DtLKJ)42 zE}tf6KD~Uj@HpW~!X?7fg=YxQ6rLlzM7UabneYnX^}-v3uN1yoc(d>g!dr!J5#A|$ zpYSf>hlKYC?-SlH{DSZS;a7zZ3%@P=iSTE_UkZOK%=hSh+qw7Xtxer~^u~OT-s|ui zE1vnSNY5$Zj>27pdk7Z^4;C&K9w|Ipc$~0X17rDgYha9Liq0J2`N9i@mkF;BUM;*< zc)joj;VXr&7Tzj+i|}^g9l~xcjg`f%r7_+mIu8l&5#A@fU-$*#1H!Kg9~ORF_&wnd zg+CGgOqicq^L+#Vf-22!O^%htt;sRY6P+f)?wbIn(?;Ye;f})mr<^|Be!@kORD3wk?yLC#Y zNp0^LKxwPZXqrh8m?5838L`-JzC?YMqH z_yF0;^{Vh;vdx9w7JiRxbD4ZpKctpybWYuvi!KdYI(Sf&$}(%$$YM7X&oe+ zeU9y1Lqm71@D0W=?fwZeb*RR%oy?@~GKRT;<2mI_;sImaLJDe)IR)Kq+ycz;ocef0 zBzWGq4VYs%@HfVN!1&*?PCfu!-*`Bxxjn{z7jMst} z8gt%VY5X%Vzn{ajwu09ga~^$_@vp#KGfAE8V2(fJJHhuD?*wzqq5NL(UgO8We>Q#` z%&~$xyTSa%4tX#5pT?YbClZnTd2l0R&bwO~9|Wh24}p(2ejD7w_+4;c;}5_^#+-wn zZ2T#Br12NvvBqD4CmC}-KF#=hFxNdY&oLaY<;MJ$64yOao&=w7Tn~JqF~5Dd(l`&y zb&u5Nx0m?sZgLawMq_>#@EYSz;OmV$gKshJ4!+a4C-`3D-r$Ff`R%>OjElj0j7Na~ zWXyj^|B~@IFxNLSKjq+ejOT$rHs-qZFO3(0dCs9e|EYLAW6s(6{RYY}2DdR@1@2_L z2Hf3v9k`$IPr*ZsH-Nd0k#@M|eVj4h`Q@5M%C7;RZG1hL>li8LTKGlATfkMuH-lFg z-wNhBM(W=N=68_DzXo4rd?)zl#`l14H0HU2>lms3JMitsTvPvlu=ghLQB~*v|Gjr6 zGZQii0m2SC30r~$LRbU@&9EpaDndX|5E2Lk4Fr-PsO-`f>IR4wEeg0)aVwyHHY6cQYRmLfp8Zv z=Yyi0-|SBpE(X^Mmw*=t_W~~#?gL&S+z)(>@G0OMg--=<5au`jw+Rmg-!07V{kI8^ z0`uEQmS+t3abaG^o)Vr5-Xr`Y@E?S)2EQ%LYZSkMq@A^3&OJq55B^s8R&W#-Qpz`h zTL|9{?jZaNaIx@qa9?50Gs-m~2VW@6c}e-LBhzv&(o2Nj z0`pr($~kB0eBt-Ni-dXazf73(%B~~Jeb>#xyq~#KxFh&JVcvWETA246zZE_myj%Ee z@b84r1@99+5B#d|81SEj$ARA!9uGbwd;$0$!n~e-COifFjqo&ZAmW$58jQ7COB5`9HNp>o`HdyhJ_cSO`~rBfFt39vgx>}KRQMoxweZJa&I3j}eE+mT z_zUoD!e4>!7UnhX0byR_9ujU0{*5r_Zrmvx19J{B+UMN1dxZOe_X`gI|511#_@Hnc z{E;xPO`i%61Ai%eCiq)nUZ?mCC-XWN%=v)Hqrpvt$Aa4kj|X=Uz7Sj_JPFMC%9wUC zxQ}op_!MDY2Zst*gU=Se1UyD~Hh6;Y9Pnh}I&hURuaB1q^ZGbfnAgYo!n{5%66W>s zN@2d=S|!YD<#ocmR<0N3GtjNV{7u*$!o1$yBh2d;zd>bve+&MVFt0(63GzYga2sML86{H8G9MZF`;-+{d+{1Ny=;eUcZ5$1cTBf^}U*TF*=ZDOTn zhx4$Jv%tB+yneM1<}*+`;pX51VXlkORhZYKQej?$1_*ZpmkIX-pDsKAe5P<2cp{k( zgK(9?xK(wkg>e~nW(#BJaTl{MzondYZ!R1Iw-sjH^MzUWF2byPu`ui2OPF=% zTz0g{x}PS@x(^dR6MU91>wcav>wdm4>wcjy>rThH4CpZAIBt7`{{NnM5rpIOzsrY2 zxEMB3_CbJ8(TZW$!u`Aa%`5TD6UbwK=BI2 ztI0fAa2v2$zFYA_igzmJvzgU@os9FAj@KB=hZP@H%;zGj!{;2!yk^*UP2CjpnqlQb z6^~LpQ8CA5tKXn_sbW4$Se^BX?@+u|@nedgQ~ZkJcNBl9_=sZOm)m@E$vi>e+9@tn z+*>inAge!8@p#446wgt-Q1ME|>&QGY;dpOq`98(G@3ivWiuaLmuF;uy$in6wvM}G7 zSRD=+mZM}20&sj!V!22E-hE@r_3TsHvseG#B`250Vm(VrO4Pn@-`=rUX|H~L`x*Ty zjg|}>dAjSOvBkNV9X%Ps`+%;9KwiB~e4%r)kW(fJtS`au^P28j{bWU(=L)Xz-mPfm zRkYn-(fX5$mTkLD*mc><_XlnX9_klu_H3ye4Xj=ezwE#}b3U(&H`%#hUR^wI=bXd~;F|YKwlIZStUXSlQ5--@*zB1mfvLbiY$J^t%`{PaDjW_!w z-r~u4%iH3u>f)`}#@mdJw?)-@%8X?K37rNBG8~@W|T2+yyTeH7Uq%H+euJ)5c1<&PH?#hk6wlfp+Dztqv zzs>&q*6-%G`Xs+)(_M42565xYeClwt>B$edQ7`+j({$I)H(q`{^yRkwdk;q&zrU+) zSMEolFWp($&mYMAcrWh`QLfTmxo?gfy(@NjNo;x0DZrXUy<#g%mM(2rIzQHS==s;b zzh}l9ImOW*qf}8Z^6_&AUVr(}t|Qx;?kYnLct;Z`44#L_(1M)>Paf{_uv?rlpr9z2 zeOU6oCh+`$XtTW;UvBH~eiIrLd2`{c?97kf-?b|KQBc|?Ua;ru<%6BlJxAXe9v?i! zDczepc+WTQ4s}Y##|Q8E_voQc)}GRlPUPeLdz-(}I6eQSyAEged_Mn;CVRd9pA4?d zU1p{WU&EIXMbTB=*46~N1q=4%PI;As7OGpYr({rebhjUf^n5P=^(IYs<+8m0J9aqc zYnLA8_2gSPtfjQjiMr;xWAzUKg6Q{7&K%=i?FDlYx;D7fy(Vy7hM70r>T)RX&ktWx z0nblc#-Yo(CJ^Km5G`7j>{W^iS6FBqOkl}HA!TwWy17wBFvgV!j;jY5K85HKF*GlJci-i`3VJroBA zUSat{f1}oU2D=j%@rgDgcsKUpNDElX=$iSk5j~21=GEA}jjhpbi5*3aF5zw&c21-< zvzwdw0XQSbYGrkR8I>TR>&uwRPrro}$Igkew7rlldm5mzALcWc31`7DQ-v-=R-u2E zL!MIvjD`;LxuY>(zJ@-dhLgLU?6}(?59abMM5u-P4gwJ;GmfaA0~?v$GOA|;H$%|m z7uaP4?<4ZXV@8l>GaI1rCZLho#Sv=6cJs^5!a>nb$yE&_yp0QWaz6n#or#R2q0TN} zH|3h*b#<2^-pS=Z972QK(eQ$~d@~+8&s~N<#K{^6uaVi&cq7Sy{|#w!26h?2vx$7N z$q3T0DIh0(Xk>PA7(2Freo9`NBeWEn>Rk`7DW73;L({xR5y<7q7OM7Gbtjkqu?Wrc z{thqdWW5Qmk=dDpmD&|hj&~5B5#$@2COFg3avBP+k=Y$Tr!x_s5gdhmlaEbKG}tT{y3<<;$ipJ=PUsijZ7`fS6L^=$ zqUB+2Ehluh$HY$a;i22TKZA0gKq$1u<3A;w7WGwgozT7B&%luuSf0xX-REnyn0cua zy5D2BEXg%z%mW_FHZZp{M4?}LY>hI%uX64L(^pS)_^GQC+GdK?awasr7G8k!9kiNO zkCV8C$Md1p0uoQ9)|K<7J6>Clz0GMk3p=me3tX7cFHh)~n=<JT<}1LwMLJ9R2#B)WFyR<$S&9J}6UmN5z zvS6`6j+SX-A4o#~j}Q zDZMqLPN=My=C~7>%P>TC?F8TngmyzL8qQk;9_uY+BL_Zp%h`ILx?|YLXl*v0$FAMx zYUJcz3G$!2H*}0h{jOvSO@qmHSF?pyu*g3`@T98Q$k_zl@@}S#KW34g!rQTP*VyK& zVrauznPP4Yo9h=eXHL$waYR4MpgB3$vLc@{Xim=6ybbesis37FRN8 za=(GO^PfScL-s^qCpLG(o2ZHDkeqnJbjX${LOvr+hhzwEKX_ga0pwtFZ{bVM?(D_x z7?b28DD|+>CK)AYaGuK2;28_CPFq1*n|q7V^65>^sntsQpfYYd_ZsBXlfza!woEA- zz-_+;`%(_gZhMZ*Jvo-UC)`HFNbZx<=HdVp${;lNYwiZFh+z6;8BHz5*3OuV)7(7_ z8k2FFd=0_2#_V94&0u$?X%p&XCdoz27|1R2~{JMsE@;D#Um8Tybf|xpPhiT`W%2L zQ6H}P@L$)b&j+l}#k`|nZ^qm2rOf(vUif`MUk;|1VDoRpSnx*Eu!B|;w^L5DtUylN zoUtvNxSTiH>*!=Gg{4bf3EJ_%Tx~?CQosWnfFq+fM4di5H(Ha#RXD3Yacl)^#gk1)kbT;OiCemau zO|zD+F<=5%AubSsHB*x2%~VW_WDIS!?2e47*rj#MWZf!5rEJ|>1=@&eR+rXI+@_(j zRzDkTYSUIypdCCk9{xdYn}xylFd?nvwZZ@*7Df5Q_HNH+qusGB$7fA2*~c=Rp2kdm z7Ni(AdP}&2(lk}z1eJo@I2$(t8h^=d3BC&q8?4+%k9x=i3^mZH-H@ z#d}ECIiH@`8mep!O&ChX8$HP@5j`AqBesw;@%rFJ*9UJ0b3ilUN!JI-{-d8CPd3k8 z)JHsm#{CHU)!00zWF!4sv1K}IoI0mnWO%!c4AQg}jcAvs%%u?fwf&BkqXMfIbk=NH zve8yD=*&e3V&hm1W^1eAOZ}nyB?ORm(~^y(-(z!~arDF}B9u{t5M`V-%J+=o_!z-_ zT(gj?5mF?U?ntqOkWs*HAvV?#M|>209tC#0hqI-2;=^eV6&Yrt19o!=^?_IO{RTw6%(=DxyMdVC3jwxVZ^jZG;I zPfr{UdKVbHh@RC=w$F)>{!qJ}pj(2CeUW}YY!Q4ZxW;MMp=2XNaV6=IC{Hqvam;Ew zHrFh83&7}!OPLprXDlj*jRe!7~P5Vcq{_WLU$v92?I`pmuN49u@XHEkE1um z;ADC>kL2-VXH|I=8QqEWx?@8gS8OCOAzBc7}<~VR0g#Ay6IRt1sS2@GDUc zO1Ksv)QcYb9!?2*!?7KEi2WuVL$3!m&sjK-zEw^=#{M~BPDU!B$U99ctDSn3sp2|g zwYk*O(N`EpkJUo=r)P~N4`)|Mf2b~BPx!jukuep%w^jcC7W@x~?t5EsB$}9`4*Q#R zhXfjn&jF2&Ll+&pF&&RSo%PA~#2pMCitSQt3$a&Is+r!SW@crN8B?bo8_~OazwV_yX3m~kGjCee|5k3tWN+=m$I+~>nOs*j zb@J5eiaE74-SJ8SKYE`%yQ;2xHG6V>!?bBt)4>75_%{w1ja7+8VA9H(+Nqa7l#vuc z>{W?;X>D7)MT-N4#~nfPxU zbp8=A$=0z0#gOcY#b+(dtc(R{Y_a+wWXxZ5bsyfZ)Rrg z1{Rq^5hSC;swgX5HxSH(1pB6l#Eo#W5^E8eVaj=hu@W-5+oR8tSY{rVn>>{J$S8%aus*Ywq z(d_+3$TvC@&ED@LF=Kv;(J_59P+*P_#;9b?k0vs?W63eOyzQ98xA{HH&*zW)EYA%< zM$gabO~+*Q3)>TU>io$`W>#HQF|Df3xwNXTerD}#|8#XK>n7vOOPV(VvKUIoESob>oJ!G_D`R4E(yztiNYH5K*slvT~1+P8OQ zl{2eq*3>zdISAHWHm4z7+YBInqREawoG_(PomyQr^^(bWV>_dv+PSo$qOzvSs-#3o znJ2S=rr^CwQBFPVayXX3$Em5EJtJmztP~3B*Qc~(a@{;M3&yj{d>uyPA8aznO`bV> zrY`-=M1-mFWM^7MLj?;fb?;S*x}#xh>!wXUUNiX>ms-uPojnyrpItw5#_XzTF_fsz zIpdtMu^}-txW|fTvA|O+YHI4ivulfajEd{4rZ(VE7T3&dsH&@A)Qnj1xuvn<>C@-U z_M=1vQPWvIn}lIlxp>~JImM=3>v1@fStpw)Q6ymDC4Ed6NS+g{CcE?G|IlmwzLHXjWa}KKIOg<_j-J*i{yhWl8&WT>&KX07 z42Ts@t*foC=gmR!IcLOrb}udIUQ*=u5A*Ry%)j+;#+w_5$s=Y@uXVo-1qso;239p>hpGo?!RT)uxT|LTZP>F z|61jpz%Q}kJ_0WZ{FhyQ;TK@DcW#th7nHPo0%uz5Q{Uc6A5Y(Zb>P23I1#$kKNlOz zNc~aRnqZ^60vp}&>@W!$pTa-Tzc47imrVbg#c` z7EXGndwoNl?^j!@tE#E!F2hOp!j)#|7Rk&Do_a7R%``Mb3qP5YTBo_oQbk8xp_y_G`(Bdh`Q;DuOHako) zY?%*(mMJg67!ifv2OHBfj^Tk4w)Xl-96aN!4gbYdGGC^%aa6R-hg-{(4^;V5&W-tA zicQy}3}Kzl@=a-aL%&0BU7CEj$`}9ZOyv8kG%j;3mam1fSD$9@Aj0+% zrtR^!Sk^Y>LzO+|Z_9U0nmvAB&%SD%wXrhI-bC0dhZ5Vb4K{1^&*=c&Vo2_x3SE{?3+>oi=F9S(z%VxUm;GW7XxvfQ%Y)21Yh!Pk zy^*k22wmEXVYBww{wleXi-?&#(Zt!fKLf07Mm69qTSuJWv{!)5+B=+P?=p1eoygZZ zYcBwqWyWz1T#o~WI2-qGfX;XQ5d7{5_h!tu6E>SKe@AB1(8MVi*hdk>*|;3&X?s)7 z!*3#?LwkH7Xzg`Lvv(Ej@m#XbVnLd{ywQ#`1%n9f6=AdX2Bg{h6rJP&RS;{hPnx}k zvH1OPhHvjAW$$#cS0V-4oR8mg+QADl+T(U!n%;$Iv;s*(&+1(OJ&ym@ErK4pOu|u* zu14(nA;)?6JM?BiPgT$9c46{-W0`HcT$X0`{;HT#C)wT;yD&f24|#LjLQ*#rTG!9+jcIL$7p?M*|5&qHRNwP(ZD*YcqA@wZk^KVTj% zl9GV=988Dx6@dD=W{jr>uQi^zf@uAw=3JnJDZPZYuM@zPw!e?&THvKzd1=2zVvOV1 z>Y3N%k^o)+BmN`_R+)HeC0zg`XpICpW_e~r)$#4jTrHIN@f;zOE?`DD9gZafpg>BG zWw>KnJUWeX0doYCf`B;_b(m*T(gn;fF?CoUJ?5u-0K>XxGi>h)eH($4Gl}tPV1r7) zeDS99!#Ibdst?y z%Rw6MyL9eDTpnz$hRDNnjFIZMiOyXb6(PnXC4G{Hr%jFcrEJ5&&4hWZsXq!nH>+Pxmhz9Mjxfhr%hQBehD(H5)H-3d&1J$owkycU zYbAVcHm|G6=qGfmvDrCt*O8&W9zHj#zk$ro1-A*CojdnV#rFxbY!3>vY`+m^@?F9# z+a5CV+6SMT&FdAi9J|-4Bm9=)gTl<~Fd23}gU`*{IYQ>eAMPkNJAW_!Q_emk$ka>?c;A{lqfwBPcfwuTgA{Dehb8?!jjB`mbzMd0u#z8D%=yQx&54SyR=k$X4i9%D z*p3_g$G+Rrm;X}fKceKnRdUYdW%c(eIp^}Sa?amn`E$izDg7YIVs-G(yhQo&O>=_r z1#Uv;RK;hIvC*AHmVSPL(wVBbTItMHa?ZzP?JQL~_^E0lU$d5|v=8UtvU&YN>2TgH zYv)0w^OVxrqxfZ|^QMyjm5hzGV-NKAkyj~~^88Wh|5eHVrR2N?wbvK^?s6vW#8d zDt*pDWb-xaV@lc><&rk8_#(2@cN$slD>z?}y{}kEx!75z^siF#)k=P|l5bJ`YsEXs zl9yRGQ|j`P(s^Am=ku{;IIPk(!MS4XbSFz)29OKQaA@Y(v2xCxU zQj=h)Cz#D=b$B~vnYTxlyD2VFe6r$G6c1K>y5jMQCn}z*c!uKHih0j$%dn7hOU1kgw)S}sZ27l}&3&(o|K`3|_>W4*+?$E~Z%Y1m#a}D_R&kj3V3IaV zF@GLxhMR*md$&1vCsceSouE1?<#&zF@M)=_4&Tpa)kGpVl%4PylWOY=hn13`HDL!=8vJR z&MAudlV>aET+NpGn`g@viZ4-It9Y4W&Ub0kUZZ%8V*WVV>fEJxn_^CbVRfD*PYZYIr_;SU|6#qyue{*f^aPDQxw<-RG;`a0?{TJbu?{9(Agw=vIaa=)}q$sbnCUyfV-7ZmST{Ho%& z6dzE`pPXAeUnu^!Vh`hr)iKX;QnqX*=Wo@mP6x$Z72^k)37tNQ`zs!-nDaARoBZ*+ zWzNZLxl-|T#hjnn>X_$2Df5*|{u9O5DqgGjCdKC2Q0$mzL*aXr4u6Jk^LlCk7%pdz(od*;@toRYdyA(gI zn6m^}JLcI|?#bU(^7j<~Q}L&YIlX|jlc_jYG2g*k9Zo=CxvS!yiu))YsJKiqCoHgb z#wnhpxI%HY;u^)A@4(twuGp-dA#HMvl5;WytAD%VdlWyQcqiFDUnqV-@k@$1pR?6B z&*PGolOkC8VZ~o4{#r5TaJKs9*<9>!HU%qhub8ufSb3r1o{IY@HqY;3lXErOwEQ)# zW%DdAI-ID%$~ix?<$A^Q6?1-OtFv4&Cw8#%^@=wtzFo0-#+NdfXMEwEN@urX^NcS# zFDdx}#eY@&q2j}eaf&!DUuMJQVzc*kc#WQTZ`q1+95cFh*z9|!7}#FBJ5nz91BH~! zHJZ-}@lLYzf!&IqQ@ls<>tyL0e^UI8;)9A0DgIFL zVa1;*<_9mfzXcWZe?wLtRh+As-&t9mR*KsxE+pH2rMQGF=NG@dv)qp?=hQ&OWn?+O zhAJLTmi8Q}cobRMtz0p`C$wdrsCWWd%4wb%rEItHxlGDqo~@(|<{3)z<&2AS;Du1>xFLz^V=)h+zwtO{0ewAS^C3`ifwuu5-@%M zXLty>vGD2O=ECd)ZH3PS=L?SlcM|6RY56{Z>u%7Us(7$)Q^?KwO>&N0NI95oQX$MX znITM5vxJ$XUYM6Z&f3YeY=kDq+^$tnmbSKA7(usM7(wNw^5SMYt!} ztoH;Ro;y24&U5Ft!b8A(&p~S# zv&?IRS?2Y^Ec30xEc2bhEb|s&mYL3N=ldK_T^fXAnOymfh~uf9i#|r?4z3WJ%T5AE zyDkeL&f4VpX>A%iVzVRV>}+r*ZOowg9>&__xnymYliB&xvI5KCJktVsj55=eW7n3&$|d+iP(*#pc@0jsa(`(Zc3h zENrg1=zDb4Oe@@=cqv)>;nj-QE53uw&IY$tvHiv0jH$D_*Y?0H>)$i)dM`}8j>*{J zzJK2JBmI#X&RJe>*?Ugo(JljW`yaSCPRpkbCFdhA44j97te_~+FNk@{W4(5s{IEMH zqiYA5FZ}rfd%c3qd6^%-@$&n-zTDQe+jb922)b)Mug(ix6Fe(Fy5gIRk3!qy&TVmb zZQQGi2Uf+=G&@n&kt^f-_v9`ZJjk6CnbkPju{awKzx_rQXD=8sDQA!y&1)BeAZ_~c z^#%US@R$#NFQ4s3$><0(7lZLi3kvi0-r6-}n>h;OfGx{v#2J2qc1e|x;i zj%}lk%-bGsIy&BL$IIh)ZI3q}9nagbZ2W=k@m8bbEw<-38~<@MvX(Q)w<+p&*}zZY zxufH)x5wM=kGC7Wsd{-oaJ$MdE8qb4=j%d zm&Y@f$3x5Gk>&BsZ_xb-G&zD96l{J7<0-0VQ0ue zc=#G4**7WXhl_ItHO`I4MsLbR_;_>8uMA;^_va71@$ywq?|<&lE#4xR$LyofHyN|C zCq-ACm-+Eca%|Se2Q@CvoaOEu8H0Jh3@guDmeA;@kHo6y9m?F%CAReQ%3)6Bo-dc5 z?!;EcEBAZ_sNC~)!RgM{>Ujlwj#dtKwoduHV9z&%YRp0ZZ$Q@3Xrt}tVtudv@wbA5 zGR}@p%9-WfRI$a~(qv2iZ54sK3Yj#2!FeAX?H4Z&Pl_&Te0KIbv!z<2U(8)!v8Zve zd%?ugFqi3UTTs%wr1T8b?fjp8*bljUS~}R-H#}at=d-~>oYEIt4c_zlewpe1U!#XQ zPwx4`Om+Y6i|yafOquE)b^UVNHQ{f9bFr3Dr~(%*zvkZiyJn)hy!&MCEdd;~j8*ad z`MEnYot5#r&3VgfhL&bKmoF^Hc2S7Y*?C=K8iGbDQppWgq@;bPJJEyYw)xReJ7xhOOf;tHbRO=Jn6I27sQ|9&_t+#OBQU z*9P&ylGf#O8NaXMJp6o~;Y{{M``X}A7rNabvu+W<*DVX;vaNL!ljUpMycU@$`E$zD zJoyGqIkfFn)Wvx0K$o^*Fc+RbwZ4&D8)QALW7=Q@yPQ~%pDOS=^L_Cz<2pp!*t>h6 z@A4llZ1^MCti#;<5d<+?KK})ax%W#EgSq#2dAMFA=HBPy1?Ju_qe>)vK10C_-h-Q| z_IUs@xC=lWo(KqWF8&`wEo|rF=RXW11F2)?;*Wd_^ylJ_6cNo_{NdmZaAqUyoQ&6k zPs0lbU%)==uh>Pe;BI?jw+4g>?NN%*SMJB)?6Xk8ywKM!%bD{QBpBd~Rt}oN31xW0 z;RSOJqAZ~-6Nuz+CC^YRZ#t4h8*}c5P^ot_0=Z5WKcbA9oypW#3I{KQG#sp;3QH9Z zGPfohfY(vq?2JA|ewiiZ4NT)FuK@N zd7Iz`bNK8SdfycNGp7+(KMnoeqYWh988`v4e&QzsD)H`sO8j(yjex`l*>KMWKJpX) zJa}Ou@hzr~lJmx(O1vp3iC<>o+k#xeD|i>|%?Frjw8yQ#8(NUDC1LII3{{kc8T>U- z#IMJq3|c$lH2R9xmSoU~=`Vc3G}iv<$)%|-3`v3Okt#IFSc1tb!rhVBH@PruP0kNbPMEwbtV}Kn^Ltb=xi~B)KcLB_ z#!?H^xiIoO+BC1ZYlO$N`BrM56yYIizK7f`!WM6yPo3fj+pGBnFc9h< zVa1yBZZp&)!V)=+9%n>Jg#XPp4fGzsG*Dwd%ttd5&O(1=Z;LcW*9iYJjD1T!r$)nv z2Y_4gqzHdz`eV)$WXGKbc`yeTYA4*ny&i#x(YML*@m&}!5byKpC$4@TMRQSoTFv->6j=9~?8b^Y@3 zy+nABn~}lt-Axp~~r&y8b zBiwOBK)LwMY&du;_PGNL(rP1K4Z>}_hr!uHz`5bJ-dhOx*`4UIB9dLP#~FE%9shF~ zHM{?iT^LH?U^e!-TTFJenimY8>T%)N*7)6!6F$vj*;-@ah;W(5^0me;hyq;cg` zCp_Hbn%ibZwG$rUu~~B6Hkflee5N-IfjqYjBF^$&g;CtlHW~;&e74EE?QLjMt|jp` zEVq-jBzQS!XV#M7K-yl`l2`$DPB71W`R*7zdY(8H6O-kWVpqVTTfp`@(adDtfi;gk zOlb!ms#pOU+U>}aoyfVsJ25`LVb&bS?ZQ(IZOLl3osI6nl`8n(Jij#Mo-Iwesjy#~ z37#oU+gGTMl`0-d=)dh+eSf72U;i(z(JwH+2t7594C#3P<8I)8=Q^+|r;_M8{uyT7 zQ(5qQhQq;sAtsk4>}0;3c!*N=Sa-we5lQ_JQ`2(CN16Izo;sBXb~dx~o1j~sZ|2AU zwK)wt)zCmKb`CG`?uHh4JU0cYWt(0JS;rk{QMZ)086#`OG$gfJa9Q}l&w4pU6>dQkgr7&a-`14R8QDrt>xAb65&VsI~%~U30q^S))qeqyAv8H?s;ROb3#J53cQMQ3e!7rms3fk>sV@)bb=uE9919EZ9+$n=uK-P-a zNmHv5KnWvFtr(J8tp=1ZQN^oB)R(oYHdW&Fu!J$DN(`AQQGXPqDBPV)z$*ErGYJ@F zO2&{JAvWe5CYj_J^=ea@d9+WlQD=y*@L$+HigV;M80Q&)u0F;s;R&!9??`zw-vVue z{_hS#Gk~q*TtNV%Xr3d zfawY`2e9ENUJ;f&;mE-yPdHpG#NI4G4TGQI zU&khRishqYpLI7(#=vcw;3+l%ucm$z>}C`2BO$*DcC!ii-H+b{yV(RkWzaOiZZ-jb zJ>oaPGt7eLH|zW?8=xg@`|V+Zk0RK`T(O>$I-66I|8rQ)Cf&OM|Eft2GF+9Wgb}6> zGi3TO)we>5K3q-x#2{nz8Dsh+L(+x$4~XZOLI#;;XfM-?I|E7>V^T0gXHLgQ0q-Ej zef4EzVot|OCgUK(A6k?!(wvSAIZl6$OnU+5iuhUt-T>HrW9>U(ilV+T`j7aY=2Og^ljlvN)h4&(KtFXBnV!0@J z7^T^dOnY#3n%1z=gFnU@K)_ogXF6dJU@c%k6F}%I?l)>4cm^cst6fWA_bpRo_R4X7 zuN*6eWBNUU9n4)*A71GBql}K`&Z!T3;Yk?0JDR(vzPx)nAHfd1vY$-dD-r6~ z3BWS~?dsQN96Z!!EWC1@cv#D6Oov=K3`IE4AU}T)TL&-(r9Bm+gu4Y+q_hiBc~jag zEG-vY_Dg#YOZzelU`l&0OTeX&{nFmc(iUOp^hpY0+)dp{}oHD+3V5A=rCz%N6hp+QuS7*tvtFwgs zm0!Yk6To4g=x)tFM6#SJP~t^mL7J= zni7A>nx1yano_l-i#c9;jTf|TZ?%97f_?0&F}QB`Y}O8k=44fPRJormJO*@?)Erbi z6Jy;Rl=77BvMNnteV&1)Jct^^`u1#QR>e6rSvP-SnbT4imSIDbrHata>3C(pZ2$By zDB(S6`T{c?+_BIAJt|<4j#eAtCmipVVSpYVv5qx>n$rM1tB|@b0LCO*pf}UtM0%HC z!vYF(HWGNwA8UCKq_PHrRYG`_j=~>;>^#*)}vGi(9vdQ$UZtBtlzV0}B zvyARV^sH`j=>Z7+=T2udtKOYMpEHr3dH;S)TR#aUREXXHCE2u$9G%IcjkmCibg10c0FSFJVJ6tX)Go=!e!V z*+>$T8WV!qBB`rc$ zhvoIFH;x_~I|EM-y*h5R?H)o;8Hcb=Ay&V$hPFgl_eEPhyHl!FgsoN9^FJPN)euT|6_~&jIVT|jXrxaEvYy00HE0(Va8^#EFi?AI#7WfKdv_k4w;474Ch17H81e3*B zdJ7Crre||Y9RS)Hg>m#QHFyy{tD8JUIOx?Gg^BcNFyJhSY_yhnV8?cdBn|;?|IIL> z*77+OqLJ9RLJ<9OY!PR^Ss|!wBSVvv4F?b+FuYbFZ6tE^Lah|E#`yy;GnRIBjkpdPhifkan zlEm#Gg}}J>*!wlOC|QFs66wqX_-!$U9!r8YT(D6!sH+<^xlU3t<%Q|SaODqfROS|H za~axPC{aw7?Qhu7pXsqa>`%!9PX#GngSNLw+e@xr#HZTdV?%8&-AJHCbTI4_t}_Tn zliqm-C(>JtE$A#fv}hw~Ikteac+N(`Dif7{-_rw9S%1hXq>cf2T!F$kdcJNsJ*%7S zcMzJFbU3H*u1IvpYu)5!lDa>^hI7jJw1#tv;)Lr6LjCA?LW=y__}rrsweG)BmmOK=H#>{DTsw&JSM%s=A`SI&}@GAG9pgsa(tmEgd+{N=FZ4 z1)-osa$%^TS^Wk_$4#u1bQt15CO&?^B1HkiSS1L|#ih)GMS+ExK_lnh&5W8ob=*w+ zM;v=B*p#}c(LRWyCf5eD9FJoZqlSG+RMsSVGJr3fXama(1^gwQd^UTmM)agzVd}U3 zIzOiyBmIoNzj~0rKb;1#?iKb(^;^5973_08Ab)8myQC3oX(eR6!jM@j2o`qQe0>XP zHks;l(^`H>{9KF#n*XwCcLhw#4L6#8IR_ZFEloQ<`{nUhDl)4w!H!>dzo=NP>9K&R zqp#`jby{5`t@9mn*ni5D6V>+{gbnC&5i0C+?LKu?EiTLC_cedvtdQw9{t8f+88ddV zEVg=t>rDj~m{Qv%vnUB?#&Bl%i+w@Q(2~sma^bAq=-E0mhbw`hmEQ1p#8JEZ{WZ7z zpcmM0AW>OeWu6$mvTN40QhV6BcabsZ1^%EcGx>bewKB~iUTnItmrO3zD@at2Et
HwPnA zj=0|lJXE$1_>w#$@h$tk!nfvYa&J$)tn^d=WX7di^h;*eA;U?I<=C($S;7jskQ$Bd z$6@^+8NlSaGdO@Imh&=Wr@sQ08H1f^wUhY|(C=QyD|LQejNo>yBQB$5R;;pXCe==! zie)~ak8gh_FX-2I_Dl*UMp)XkzinIJCtfa5{HFa|REUaGT$RcDZ>&9Ri!G@HT zvQpObl5FS9uj`l0m9;X9eCbuII2SStU>04X(Z0QZ;38lPu*4bK3UeCQS2Z|OCo?mr z{*u`<)w)lZ4>?i0^!1<^VH*nzOr@^^R?mM&O`TjhbB6Q(frY+i&zm*5u6Ew+Y4wh& zkX~f%yBGe#w9sZXx0HphjCzVBwNuIBS*i0(|KPR1YHDZrD@FR<8uL?|PMBPREO9)N z>$N5Gm*XXeg{pSRo}`X3APe5v*r|RGH_N%D9)7zN*wo20XU(a>txmGH(U6@u8|M9! zk>`j><4muu#R_c>x`FK)Jd@1a-ReA|Y$_JeOB0zB=NKt_cZx9CEPkFds{LXnYip+A zHp`FMQ`Ig{mR4TVy;&Oc*km5Eq-kP#GSnIOe5`ru@ij*O-(9jSB6s@MkEVsKoR5{b zX*KSLFwC+ugryJzdp-=Ze)yYL#)6V~4S+vB8Xz1)Im#)OBX2+fesSA_gYRqfsF+yH; zQiZf+$D(6n>>!gCqpo}%XV%wMbSz1;st2pov?*i3cdVCoOtq7Xo_$xv&FW<-wYHLE zm5t=s`X+drtM8Z_;}^p2f4O)M3s-%BgWC*Ke1_h)d(NY-UpCt zd%44t?Z<1GwP)s(N7(kOIbiLW7af0uNoL=m`z}4siOTYPpI&pZr}MSfSlYK`&xM|4 z$_rIJ@ui};q}e+JdmLkE?*wet-ljBrkD)`@`vuyx_I{pbuj2@OUW$0y zi-{hO?-ObEhQmNN$gQ*Xev@Xe9QHawiS`PxQIGasO|#eV9rj*Mv$sImqg`w7A7YR9 zJan575i{iPs7LpHn!OFMhbA=T>kQx8GjrrJfw-NBC`VfBti3PO>>Y%?9Vi6rTZqlt z%Y{rO$FDIlHu2_AoQ=zZp0&-W4I}YoevWUiE5g=ZyEJ?6w{)DL_N0fNwbvs}uNeP9 zcz^?>IICxVuxN$w@4Eo&aG`vxM=>^=FMqpX(@_17XtXH=aW;-?!RdOetMR|cp}ij1 zti3U5_D<=7;{lm<)*j~$*7g?6!nuhH8}0SPX6;Q+vv*|?=AE&F2=uJIiZpwN@Hs}S zOy6EFWv@=`@tmOh7Ye^g6@>PvUIlh#>#o6_vnz#jG3&iqG`ZD)2} z)!m%oC!=2-#~$q}v9oUo>>(k)MzQ@W7mTJ)vG>mD{y(Q6HqMsMhOMvV$F4!APB0`0 z9J6LzGi%29Ttm)Y1L+@c4Y`=4;MjeYpD)Swp;Essw$IG^@iFC@QC7Q?7sSa| zYLY-+GA89Vu|%*wuId_YcS?L`=Op5|W9K|#jAbL2>sf?yot76GIHRM60=MM&^1PTY zryZ_=$D_?2m6z|!X@Ya>@;;SgYhHmbCud3darrXq)$#l}Ozwak963wMRt?UB@!9Zs zhUIYwM=wk2V(dc@gv{9I013yB5SVr({7T^(_zTFLu!AFWofEq2uu)DsWNUvb{Ob$<5ktN0z=6qrPw_#e8n1JOVrXqMdg7!RKb}@S1M>Z5ef>4-Zp3QkZr^ z*j%{p&y{;T3o6o0EY8y(!{TcDV8cUt){#hkvx%BLv4RPl1f z*DAhQv01}I`q*|Q=X{#h{tJq~QOvn7txlfenBro^H!J>y;s+J)RJ>R5DHybDUS`cd zDRa4!S12}XEr`yql>8~h`xNsBuGT)ED=qI-yhrg-#Z56FS^YxAy%b-d_@|10qj)zN zWukiyY_Da1qMTm{!W~fhe^>IOO73A0ve&o}*k0q>P%d^(Buo1gDft;nel}UIcjtla zwXaI)U##@a8ggRatRW}%`D13A?^?w_Q)xFV`GaK1_xFlFQ`{2qw*2kMay`ul+v{l` z%B4K~NwU=+s^lY-e2kKhS8}~>++3xzRPm3LzF9*~>V6mHQnq`^GR{At((YFBy-NNn zS<=3#bpEMy%(`)6^BW~M>&8jiXrpAlt;o_Q`HDL$ogPX)kSun}l+L+IXT0J`N@u!~ z&n1hUc}i!6(z!JCx2Y#m^`mvlgAy{Y}cn&f8%2nb&cCeW22Q zs`!Y~KdSUIkj}Oz=UBEjTae|rbW%EcO}k!7XQ0wKgN%*NtZyfFrYM~%vdCvE`Ft`q zx+|2<8l`iil5bSGz-R`M5>{53K*y3ZB2#0`*@pQ3msS@yg{8z=FC}tULdHAem%REAH4O!}S zDOv8BF9+Lu=4&aJdR?#dZ&C8wl>9y=-=^e`D)~+&|DBS*q4+(;pDT{y;n0?o@1*T< z??{$%7AbkDlAl7BI-aI<%9YLpC9hQSS!78&SLrNLIzLu?mC{+KbkkWZv z@smpD1tou#EOy=m^LXt=e?F{qK36(lDjg5Hwyn%}(qgAC<-*g*@{Cgrw$D5BDVKI$ zs(6*+wTgePcqdtGzODEh#re6=kv`dlEYCqFf$cNVX_QMDhARDYlzfunN~KeymsN@|Kb6PiRr@vypE3opRip^T2 zV)I-j=TvO=T3MyIM)4fQ^A%sAm~*&UJ8KlLSG+;-or~~EE9cyCvr5is2CdEk#qTTrNbzTik0|C0f%e`wOED+>wel8<+bhmj+)MGv ziceKMSn-*P&rxjFBIS)3T&0rFR6I*@gW?5>Ihmm?|Fw#5P<)f(O^WYOe81vtil0>c zjN-kDUslYiMQwThq?pqxTKOl6zf}B<;vnBKO8Z0zY2VonQab^0nEp!h7s z=PJHPai!vV#q$-fRD8AKTNH0r%qb*o*`84RjN;!Z<}8p_|1HG_6(3UkvEt7a|68$n zXDe;XsU)ramWnx-q?LD7+)MGvipvxaRczktN?v@gYi(94p00S7;<<{=dtI^f6D41* z*sL=uI=3jfdEYDY?MnVD#ZM@HO7VU&p0DU$Rs5FX1BwqR*6WP^OUb`d9KgM~wQqh1 zD|vB#ODi|;oJHPI$qN;mcg~`7s*(>=Y~DYM&L|}>SIk*7ZN3*PHt(V(?K~x4sMx%t z79CE)Y3pXPS~N6faP`Q1Md5D-^F(e6`}$iq|P#uXuyvyA|K3c&p-v z6z@>{nBtv^cPrkf_!Y&kEB=$>cN8B~d|2^kijOEhs@PHQi-L;z`wx5U%zHdJrsh4K zu=y@XIHvSFDlSpnTe0~rNYa|`f`rYxK4J5&Pk59{TdsJ#;)#l{m|{+dZu8xvc%R}|6u+bRpyES{KU92# zjAu)_ql)>Vr+pu8z6+A^HbOb>Gw7m<&F?wn*m2Ec+m~9AWxO@N(GZSNF74S-aUog8 z*lvnT$THrVZ;*uhQ7&WbK*iOnF6KB&`R}4!%KsHv%FH!xZ8L(A}Vzzc-?sMKbGKgZVunSA=RR=tec{+)0P%)UXL0x*A9MD7g!lWA3Y>wq zwQC{sH#wI1ofsLO!*|Q%R^ax+{G6|Ya62%MDRm0KrNZ67JdTw21fMF*vJDkJ1$?$} z8F-xV5HP%Y3EAtJHkH#zbDLV z-G{(&nn}q)c-Xi<~_?N;Tfgcv; zwf9lse}Q)iM{wToT{msE0`pxrxe)v|S;oMFia!v>VRH@(<23Zw(uO{g`)g@~@$YlY zpyb=h1@n7C+T=K3*3t&^yyLfpl*hn)2Tm>k^E*Q_#{sUeMm`hFci`la-~qxsFUo`~ z!KVvP1CJD*4(80bOw04atg8*?c`=i68B1%0Sx3GbryQQMSeQdA--lDqp_OaIk@+v| z8-@Al&IV!rtNJ!!*6VKJPT&WGPXa$A+#CEG;Q?TNGfDeHz|RP??k@?C1-~wQKKOtz z$Bn-UPXzOwIqh5o{#2N4^`$V|7G~eOOSl+(ziaPYCw|KP}AT^@1>u z*UQ2ef?pG^0`uKF>&Wr^FTxzp`R<+aS}@5<-Q}P-}x#TsREP3(1#O5`HEP3%9v-hzJ6t7UcS~0JA_Wt&6 z#k_7=`A)@q$UG_FUdLwnpyI=14%Bc*v03Kzz;YfLVN6c1HAO7TQ8&V9OS z#SMy=D!!V`6Bcg0;yV(;kA8~Ne7$uXWiwb)$UOaLdd`0yS=+c({{>B))~d%eQSl9Gm4 zhfVt{n(r^T@ZE~MPb!*u6)isseiPa=DC+$<;tUGr=Ep`2`y{_v(_K@t*$@u{>Gb1D;z&%KX>%) zUg_^crOg&cJD&Wo7aJVw*RHTz|L#Snwipze)HoVy7w#4*ZSIx~jCbx8={%&>^bW(G z$#e=wb_owEoH)H{ztZMT=|xT`$B4Q@RL}{cXj2HEiBK46zM*4Jv`KSkz|ew=oDnBP zoAS5ZPTT2cjeV`}?NKkX?YYgbuSu31_htLDH{-6qx_du&?f$IN>fZMh^lJji;OZW? zRTq!0E~%{USyx@Uwz^kob)SOjlh}|l9Kf*eIF9J`zq{E8_!ZcK=mSp96ywSI-dMPs zskpTEQrGVv2*UB2?(3JZo8q277=d?fFvyV=$>^EYzWuQeA>$sw-lk)Mt3BU#kOTEK zft2}Kcn!O~$iL6Q-aQQm$o&Y0S0N<_PV2C~_B*(^Vtwr!&_%Jn_PtQT`r4mDm|S1` zGpJ*I?Ey%P^|e1oWwE|Chb6PxZv()rwP)7X-i2D5^|k*3NUX2jKg__-pc(locA2~Y z245LYo# zqAy`g@?3X2I2h%J#a=d6*+gd1UT9*ky}JN`Xf}TF>UiB;u3VQJy@2%|=st)*UUVh{ zXSgpS(8|f-PsJK@hcff?uW;}@>?6+^0W;5;i=EMEY{--%9ONfnx#1v3$((DcVRly_ z8BDB$AmUqF3~a*Z5N4jD#E0=5mO>e)BGNwsscG+n0Mp*5`QguOc!|?=rR$9e@)uIs zX1&?5K`J}ZeLQ62g0!?WTF1k9zR_A4y$S8?jSrrOB!`>b%O;%=tUzFn>jc@Hj4+wC za!hi@nJ|`iW@YBuaE6n2BOCF;Aj^}-C3(Hqf~yc64)P~hIa{!6%(n2GEZJ_&SA+(? zipZ=_adbmNY1L_QN&QSGH0%{{5L_!f)XAKX3#Bt?EVDB^)l5E%HkyF!a>ExFp`NB= zglo+q$zop!uPBE&nAIHh4zH;NN3z&0!ngbs9CdPrz-w%FrclX}g@b&637&*Ws zLFSM{8-4;)A36H$y*V_gY)KTqcWS;eeAm;SFsgR7Z75{ZAz^ju~zGK{5kT5zSw$eGL~=wwdENfkMZ$2#*S)H`x* zILIPrW1rI(JHPd*ob0uY*Dz>gRDt?HcoAll_bLjKxyn5of|mPXJ1_I6E}w#;JoPfK zb4}%<`_O|j*SW)4hUgW@H}hr_h?o;G^Dg&ECdua7^_jnR`P7o@Zju8M|u3cM&>S;k3B8JXr{c(C*5;Ua=*mS>JsnK zCEl+~{Aag;N&FK3)7^*wN<0-_W3$sGo(X9EG+Bm~gZJcES(#Ea4&P?K$xYWA<0hG8oyvAmy zOWYRHaF8G5MEHdfx(KidPxW)DZ+1qXqGXSO;#j8flXnBQI+FRcw+0Ypht7P~<8g4J z!*G6PK5rs|QU2a3^LM7GpZVj-W+X7<$0<(UXr|laP4SJr;=P?P_NvDw5@WAxV{eGD zyp@R0{G-ROZcvhg9zSLAOY)w_LQ3L8I`R89aUnbK-@Om~#G3=-6NzsRsA}99VEv>T zzX-7TKXdZvZDP zHu1d}+B4S%+ae9>{PQ61BmA6i394dm)QLCQ#4jVu%-e$Fkp@$lXHLj?Hj(0(I9C-i#+I!!-lGg9>-tV2{ob%t)+H0@9 z_S*Xl_pG8n+tPhS{28GseP)qr$$DM-Y*%_uD)+{s(I_)~M|wsv-{Tlji$i**U^5}} z*M-9EI~3NGV!n-Gs+d-+nmenw9tl>v>WbN1XjeBSy>BsTpo&9^p8+sc9BQfn$pyvu zwz(yFP_b(B!s15?Bo{f7SUP*@!-Wz^9$(BiEey#M@+6lQpOh!LyjTh1#A3d%VY&Q* zBl#jHnUjSQNv1XwNTw(hHhgL7M+K58)$kKjEsA8yHvDi-9VZJVkZeuyJqW|)X?c>( zsQ|riWVtG(8h(0;uTxkq+Z;(6<8-@F0?D&dV^P?UT%RYoHpLec49RsV)$p@ZWk|3j zH#m~-W2KqiB$P%%my?)3w;LfAuvBKE5h1L2x-6!l8^Pa5rpsfRml6E^Lb@X6m>n^J zcu-8W9zj!(9vo9iMm)p(*_d+ka%&jK#SN%{RgH-EfrLy|BV`IPRaM5co2IJWV;Un< z)u@;w+*Gwk%t2zRs*0&RrmE2~<>}?Fr=Z5f+iX=6S2_A|y+$QIl(OEbjQ^m6OjVX5?Owq$8~D9nZ_S(fIw81V)LQ=Xu7oR=Fy12ZW7Is&;Z=(hCU>B)#nMKf@eg~0IuYLPx*A&?u%v42LoNeZ2YW7)O+ z3*=X5YMCin85?J&LkUa1%h&`9PjFVUg=BV{RC3q3(6kKSPAj>aP4I?vdL{R;RFpXc z@+`TJrQ#uHcqR8UHpvXevE%{9Rt#xE<_8&_%e)sM`e8;78`6Z_KWB7h<`7g<@))D5 zhO{F32}Y02q%r(Ue!=L87`+(hCBOU^a^m_A?8IzSj!%k8a{kSTNJT%uQKbG`fO0vo zutHyF0*NE{v%oQBmE+^Dl5zfD5s`{^;3z~QOi+@yoCql;IK`Ai?oJ#^4);eQ0_#5< zr2v0DXzD6dohRb$mSo=PK#mOWrDfigu7kib?~|QK1eW=b?8aVtH5#7zJLwI>Yi0iT z01_z{_)@O4&&x!<6in`g-ernqIUaktb>J+M^3P<^%1q+(SAfa>=ver8mYz%aEr-k) ze>xJPDQRgdgb3T;=~3fnnYt zHnj#&bg`TWB4IO95$hgANQ(W^_hky%A$cR?0UagHOhro_307?~7G!Jl@W+a#*LRVp zkh_3vxf_r@cODyat$#P_0^x=0R`CBidaS2<8Y{}cCuv?sbxSe@ z`Y)He$tP?f@;0LvlTROH-m2uY5x8w!+SKkPzRzM_ax)L1y|Ckp{YjC}$`dd5B9n^! zHxbG`17Rke{!|nndKhZ2OwRDHMnEpWl3shs$cMhkm;Ik2Axbtt=aP&3rx1t}K9)^x z@c+gl$pTDw$*ums5vWKukn(+gHiudgeu*=A%3p*4ZZQ1-8Or5w30Q#u??6Nqz z6-gf^vnivqWw=FN?kVVJvLX5+vZd!@#D?$u6tILJ%1y!@?*PmFobUs7x|e(tQyU!O z497kHD7g(~!y*1c1Y&OxM@R@*E(gh;iqcFg!yy&r2=4&FR7A3a$jt)gmjg?ev$f`u z*V+VAau4LnwP3ys$N47$59QAtl5o6#5dxwo;oeqH{+msh>;D7^Q8J7C9qYe=K zgj2a3#Prx2zR$!T;gE{%COk?Y2@8XN1}K-qt{F5XA40BSQFxMHJOm7JF&duYGYNd3 z93fQizk^VYKVb+v{87j?l%Kq)2s`~lScK2+!XBT}@#MBm_$B`WCU|A*a4MGrmlbM8 zFIX1J+T22-O+ZUFqD(6K5{~g;fvhBVI66MO%)bVBXf+H&MR>XYC<3PTt9>@z)_$uW zW9mTdA0fS54qOg>zS{qVGN~v8f%sy9tOV<;@F9OLB4w2nKJ2qOm2e>9g^&1LSywg@ z|J>(F${So4g!lV5lL-;$13ug2m3B9u;e`+SypbB0u4weaNBuHns;FAsfWTuu?_*x! zXGc-ckBd%J234(VyzmL1i=?U``xuj+lqnH!m*rZhFuxSW$l~+<_B@L(__72P7GLyv zonctq?sJ(aEI#8e#A8jv;vaoB+_LzbV(}&ajslA>_ha$Tn#EW8vG{79Mg9mc{EIM_ zJC>v1WB*jtI+QLI2VklnEYSf>(AcPUUjo)s^Z){@PZ8=&n1FDHYv| zW4u%#spg)Bi4R8vzXl$9kSOfP;3EV~b$bL#WvYWo!=<{BIF*~jf39vcGNqykIL1Gh z>PU5X6z(6?Bd!wP-Sol(0;+RmE8x6<{8jS#K{!8PVP2Aj2M6Z>8ihJU?m8KTIyB(* zlQ(#xAI=G$MHbUT3xcUEX_V-oprAwxrPhk7RV`k)D4e9@Z2f+iHm`Bg|bJfH>* z^S#_K8o?u_?%XzZNMrCW2oL4kR~2DXFnolQP)neObZ@YT30_$pPUUit1$qDFKE$#= z(o@kvIL5DnF6=*G?l^D~o*R4tc<3mYn2K<7a4rI-FV53_@vY!4CU|8x;#4k&UDvb) z>8a>89OI(}k|4U_=HN8|(+#&2y5YM4Su@?RC17E1*uwBT!Q7FkO~&c>g8LY2MEnCQ zVy-a4TP0UTDF@>Z173R6Cj1mkcw0c;<|KSKEBsMFY0NY8+L0h@=egW3(V^iT!q%|m z;UmFKtny(fSoo+A_L4gpcs$^urV5J?1fC4Oi@=y<5)I!kB``L5k%4Vee!Qt>tE*MimRdU{P1W_52ane7YL3@ zTY;~>x44s} z4(T>fk-SMUd?FIdCI2MbpNe3IBwwfb{D%aFmbUgaU^NhO{uzeA3KytE08%n3Riz!w z=1aD*2q2pYOhf?LOkh&dMPn0$?7-Tjn07goz?9^dWG5qmsYyts$x2{a@+5oH1g0k^ z!$O5sAv=9$@;=hey%Le9>M--lF)s{*)CKYHiy*CKNe>nX4>gOr8bo% zOJQ4BHX5(arm~w@`)W!1aVp!({$3}cds5jSFz1=!DCE31mA#pvjUiXFze!a!cJ_MV zg`%fVr?6l|+SkHmP_pf*?DeGibqSpsS9LZtdErGN7oOYW>2e!e4c9e+I_V63wY;g8LN%l_Gcdc;!aY=TYkI+pL z`lKZLEq3zvCG=@Ywv1`FhkWqqWwMP-yC>vY{=6j1_u|5zg$ID_mq!;*GIk{v`UPlt!0+%-vd8zu2O>CNkt>|Jcp?mk=k zzd<>+_KlEBlBbjGS!}~!Lr$X4B-sa8`2+h0kl zT5;_dz8&&P_VpxN!y4WRuLQeqCE16`*^aOlX*&`x;;5rmi@~1YMHe7U{gm)$#?n#? zCA`^$Yg~A!S4KT>m&c4xMF-;;^ZF$f@hUC%BH4aV3}Px;!9?nSRJ;};A&lAi$3C)6 z&YX*=(R`?UURk&`xn~T`B1iYV$uUUrve!}QKTF8=$4Pb$oBi`-;yAp+m1OJKk-tj5 zgOFF6{RxiYwqz1c*Oz8Lrs6!Ea0uO0nth8@o|Vv+(ri6N`9jjNr{~>Tnq5ztFG>x! zmu6q&pm`(d1U}B>S@5L`0oj? z@g|mKtC;g6$vLSk`%S9f#}cY7%YK99K1nzmOfSpwGa%uol2%uiy@;LVmGS}ioU$x` zf*bm!tZ#i;_EEMWD4mbcrZR6>MK~k#A;e{-&Dj}B$V+NTyeYE~I7(!gtrG(T-Cp>cKJg1#TpyPNX8X1TPRELhh!JupvO} zBB0+Vac4a;7L|IBNA4RccduA%7ikBj7)YH;m4)j zr+eY3gg5n)RJ5{M>u^7wNPS|HVn+brGns9UOzkXjuy)_rf{)Bz!RF{~CdqceTdU6rprf z#?c?Xi`YFIA-JfF+USjWKEgXU7s_in;fV1}?CE0!WxQu=6XAU1^TzB!U3szeK;#K| z5GpU0lFFX&yvj6tdtw!ejy(+{#BUH4MCk_X{x#Dkc-}bvB*bsvc;GgUW7J@g?{if)hF$J->-WNBJ-`Eo(f#nZ_c#Iap8%j6z?;OSvlKB*JsWYUh%Se%{xXJRl-Q^U;S_Er(H{6$CaLF-K&9C#?MO$&sF4kQ0RGkb@zDwXzIs=Ue6yxcIP5`@>|eg6FiB*3)t&>ve)@q z)ZSD)sJmB%-5-A)IG8pQQN`~a59sZ)5Ab)9&zsH?Ct$xH@e_JbRSjdfZt!LxlXofF z=*_$xX36JI7QCt0{c8?Ith8YRNAMRSw1Jk--$=u^9>H0h5B!bf)?Zo&+vjhhDe{-i zqV4lHu@ZmzEcwdW7bS399nFt_4y{jci8qV($3KVWC&0InYCnt-?4@-tB5&U8VW{sc z0Cs}8Tgdwa6Z zz;#_P77ilzM-=qmLhumz{-P{jjxHMQEy_-YjIoxdWl8b02nq3cB;Y>k5HBp-H?yC_ zm1O;}ER$i7WizGuH2!8kvB9E6Sq4iHjFHs_%Xaf83}>nGA|YJCZW+W#!^q&QpDAK? z=D|0ucc&|bbgJ^euN_MfoZ0PZs6NCZ$7H5hO znRNa+J~U>EC_?oG=lEVQ?2-j2UtQO&EkV{sF@c(Fw!*wRo0lF^Z$(MX+olg0oFI%4z!WIU=HcHK|2e6S-eLQe-{{ z*9Ed+ta!e+n5QKIPvWTod*r?EFTM_--{wm;4;BOOv~_#&XCtm7W`Pt6EMbH$00RR0 zOL^K`;3+(bo$;3PMDyf(r|{%zUAhYj%Nzx=wd^_)nI$Ec@#IP_+eOLcuB7kP7m6)s zv6F;CJx`9p@;n8Y1NklP=aCNcelC$XqJh^ntOSLy5~TQff)aRvw;p|3*f4gP%u}7f zlXyA~`_8?yyJT3x(-8ts=E>zBq6q# zr^N#6c_LjPUp6dYwESN|6cCNoE4PkX(=r9sJO7?2E7{207Ewf9fOg2y|z zf7F)|yrO>;8N0cE6oYIwYT96HLMXpcq0yl{O~oF0UE7-aX`#{XB|I@h==I&}<1E{B z9I;x$hLwWd8tj?+#El)ujfLIj1{g=98&$YJlHXVv=6v}TE&E7spNIZYU?=eY06u;H zA7!OD@-{Tu>G|DVjgz~(+q~BHMsIRU$Li+E%?({`&6DSMHTAZ(cT8?+=xSQq(1qyk z&bp~HXEt`Mc5re}M@L)tgmbN8yc#{t@7@ zUzxrcwX;o3cTX3Z0Sq=;+uNJF0E?&%{2l_7@nz4Cg761%ItK8=Kd!|~M~t~8PKOfn zyR`x&kB$kwblUU7I33~Wvs4(Qiv*Y97^aH_m*aKA9JR<*_!Odx({3r|`8JWh5L}=j8n%Eq$&6@fK zVv`d|$oaU*=}R+x7Pob8lv0r#4Ilk^B4yLU3aMqa<(Tyb_(VL##g;g6QBaPWj%R*H znONrug{I*IZ~G0%X}D?@DObr+V&wDm`HsNq4~#%kVOj_nVHEE~EKo6hQmu*EAn~Cb z4Ga2c@<u6t9g`we{!Rz+M-mW#xMl(J56XXb~Z|YjHs=l$K zoxbe74*dG4o;jNvn_8OdJ3CmkyScuxrK6*}nPo8ix|$p7>4UJbrJ=KF@9R@*3$<)EwY>FVw7sc&cpdtF{{dw1)q_U0yO z?waNZIATDi`1?i&w1YFX8RRbmgT zs#jBnjSX#W-N5Y~)f7~9cXMM8np@olHoF>_w5qE5=&4oJD_8cmnM`95iAgMDP0G?~V-b!BTKn&64yZ0+vu zMQ${wzGq!0dKZGO$8)PjO5JOfey5B{L983v4C3sxdSo_zi2S{s;Ii3U)!b9xN!h3# zz|*bzj_!Jz&-$j0_GS;=-rBgXzTlY>9oyNv0+AxtX5<555JjCxYF*vg=HVT`hNh;0 zZEWdiZG;4nPo@H+MD?8wUFd5_7V6Q`+tbvsw!I!&w}$zQ6h!Abd7o@`Ltp*Mu7*{j zwuTNB6wWiXe%5>N*okKKkp$RZH)UGwjCyKeUT{cI`cYs>cSgO3S+{4})cPKdrTV6J zsTHKDdYFY8Fq7q5F4RtM?4D9D%GJthNmk+u(vn^THLszw6OywPyEd49YV7F6K$NcK zV@MF;ucuiUlwd`jx<)ohH1AXsrP? zuVb~>y2=e?C{s_XP=&sVdNp;@Yz<%yBf(j=MzX2W>8;hJnNn`taRk_US%c9|N}_XZ zS6x3QQLd*A@m(uX7DlYGrMLZb*CM)r)dKJ5R~98n(dNn9#XKWoOY0jOP^e%@t>{cA z+5z0%dS)|}u~mdF78Yu-s(u%P!Zpv1T?`S|eBr;PVd{*TRz3r=QeRzOaM($6V5>(k z-zRJk&1pXowRPYLu-FqjURv9mn)^I6G@Xs%PhRc(QQz7mL#hyjMZ!X=p$8Towe2he zuc>uaGiCuZ4IztYjv0`;0EKM1=Co(ErO+6!S!PHqsKHieXGd2Ldz2HVGf(+>&yGnm z{>YVRq9xu+&BE~M=xS>2@?=zXHp4*g)GZiR9cxiXZ+8P400FdNPC?kscV2TJM`vqK z{URATM!tpNZYIta&e*gG5Q8$vc7W0fauA5Qw1WJfrtx}ZL^$=EWdIBYTS*4&OrAF* zt%j>EZ%sp6{j{lGU&l)HrLlvYw)8a%uVw7w+$&5SPzC%?trcV3$374V?ri4N`T@*v zy1;YU)^-dKyLiDmrT@f)OAR-#l1*#LF#CxGlukQvxly;%+gm*mr7?U;d?Gqip|#0k zI*bnVix){-UMz=Bjnzo5_u8%QDV~&JM#+K&&C8hsy0Z;asw~rFih+iOQZ^{^JsR#RreKsco`izv@@o3R&-t(`5~NO0V9k#zZ;7Kn5o9DW~@)mH8QW0cX2UkFDzlitaY=!m>(DQ{p?EKOsL#k?5a+8 zlVo9zbY?H#WVL*jMskITmNd&S!HToXt4KqNCDV^$S4J5r%W{eBb5o{F+iZyk&*!TY%6cmQ4DCV}&nBfI1r|R?XQ3GghsE;sP1}N*SzIc4JZt+)+nN z9A#l<1T@<%u-O6mRT&6&c`fKK&J!XAL&wd#-B^L-?}zlS+6h6dk~MtD3%ziC&YGxh z(j}m4rbAhQB1Gk~<8#2OgCdqjxDk#ev$=RM3S-w`u3jymrTFV1$%4A$cznS<8Y-Xg2dd<%fxQ6BY7Ef_OcgJyl&)* z1Hy);HFnBmriOxA@L9!o%PAp(&Y1D1Eu^`u3opQY(edp#UXc2l%7*U2eZ;#AHeO{H#ICYGIs%oen^R8XS zbgBGuePyly?Yv*O;u2FScMXt~ABo|o@aNe04hn@H7#$e|o2W~7wJPSMH8?bX@ zyxSs6hc}N&$K6EURUUI+-`w9HjJ%|I3U+SHPt4oejOX2RZj2}9-Fn9J7CJY^6A#DE zdU*$&XU5-vosU=;-hv&E!=0Y;*6HN{7aGGoz+utJA$f~+#1#UZ;LR=K>T(^o<6}#AewMyjw zSf#Y4wX0)w4fEQ1o0?bjuHxMX7#PEeiD{*B*BIQeVntW;ntsW+$J{TByB+Pk1kfaQ z5!HspuA>U+do{S(zZy5oyc%5i?9>3ZQTA- zK0eSRKmVtEGz0_dZ9tsc$RD?>ush7~$7ly-$bMsgxpv$Qtm*OTqcd`Vc^Zt@^rj;d zA9|7=pNu(rzXI0u_^m@{n2?mG@wmc_KLYe#!I|{<1kTah4y@@tihwg>NXpaulfsOz zJ-)!-V4KEvr%;~sXbic1i~#F%n`>i$c!!y`5cJ04O#biyCePncOAk@9#UQ-Z1#osW z1`nXu273G&8R-qN`N-d11L*O)(BH-TN^V24Y-0z|d-4RlSv=IxW52Lo(i5MWQo zC*e81Q!+$3dJ6~Cd*)>GU0qkyM$_a4reP^@9_iZ4Z*;#bHs3V^p*^u zcWa;dW-#gTNvmr|+W>k;f!?V|cblWPY5=`q>&*8#NpBDAj^4%r^lk$^ezVwZj^3FA z=@BU$yjV9f8@Nw^}I{>2beoK)%(B%;fEgxqR0F(B8Q1BIMhZ{O+*y zT)roeugV2*COvMq0;uMBop^JPys{nRvAcHsYyiE#fL@Cuf_x6jH}4R3+x4Kwe55xK zyQ9a&iBdQ3=)>_2r6Yng2YGg5640w!iX9P9S8o({(xW)j*fqU*uxnf>xy{jYVRzQ? zk@xOrE}myRd(}aN?aI`~hVnK`Axnsng`p-}1CD`=G#i0a2#Ywz24U8aP77JsLbRmX z2Jgc;=x2dgey}V`nT2h}PZtRDTewr07NoF+VwrUqzu8b*C?mBH5z0u@VUCo-7K*0p z@ScSL5T2I~22-E9nW z{^!QIV=(^y!;1-Od267oD*+2PL;Bx=wAY*N28Uf?n%w3N*Z;KW6qfLsuQ~JR{B2X; z{VE*n=Dra;0pT3P$#oBVftVLDY!}|_l#MuJY3|2(;gc6z#N0&AcKF8#`_|}k4)Y;5w`DPenU}gm z%n`}mw?mtvarrBm$Ce$f@I;Hr3#M1eQ;hRWi+OQ4j~Fx$!kN3HzmVAS#`ZXWSH~($ z88V*q>n$c5D=jX?d9}q<1Imzft;d3**VxaZ@6zsGsT-EX6&|7R1cj$7 ze2c<&Donoxj^;LnpH=uZh57A%mw&Con-#uM;d>N*RN?xu!Z|d@ke_5OVG8O*=h3{3EALwvpf2*+gh_!UYFRaDl3)bR_ zxKMVS!c!GKK;a`57JsgmPKSzLukZy5U$5{F75<6B&nW!1!v9b>h7ES@9is3gg=Z^# zh{8)1ZdLdqg|AWgdkWv9@HU0T=ctv#J1YL43X5-1n`e)b0{=4<=C_z!yN*`)WQDsF zK2Kr(;@g$IQDN=N^D!0wCxu^E_(O$5%u9~uFopTeVi&)k!V48%u5g>eeF|?@n7{0F zG_}vmEh>Ji!VfF_2ZjHvFn_V`X#PXt6ed&`pH+Adg(oSzK;felK2hP73U?{IL1Fpb znbm>IRs0VX{)xg*DEykj|5R9BLbWvUJEeTP#wom?!V48%rf`$OXDa*^g)dc@-zji1 zyieih73K#eTps>d*WnD-K@Ja7c&x%FDEu3RUsL#fh53~TN3&AlsR}Pr_*8}0D!f_Y zs}z1w;R>wFTwO;h+^BG;!kZPoM&a)({Gh_y6n<9W*A(VL(D6{J@E;X^P2nkn3;C~6 z_-=)tRQM%@`E({-*PV_|R^dGqo}}<>g)dR~T7|!_@I49- z$AyclYoWsH6~0{ITNM7O!fz_P2QJY~)H!6IK!jCBY8--s`_$`G$RX841;BAP)V-=pN@H~Z&Quri=PgA&0;V&zEslvA_ z{4<6BsPO9w|6Sn-_ne$;2P<5qaE-!q6h2Jh;}u@1aF4?0D15QP-&Ximg@2;(lM4S{ z;a3!XPhqdB(5^CtD;3^b;W~v6QFy7sD-`Zjc!Rk9u};b6}~Tgnt3sqjRFXDGZt;g=PDN8x`eyxZ79U1JoUtngfg7b{$^ zaGSzkQurGRU#IYW3O}LnZxwz~;kOk2MB(Cb1^zcG{8fc7SNL}dzo+oX@dY}EDZG@p z$dm1OV0S;ZQRP`pjI|@TE)~CC#eY%7e^td_tm3ay@!wPU9)+JFw){LtjCCHjH&vbw z6#i7@A332=c3)zwy|^7joHBSJu)8O`MCCb|*tT(nif>c#XDNKX!j~z0HLr%JB1~!p|uD4zZ>42{G;+aQhdqyU!d?EaVwXZ27NJc$~^JS;fy)c&WlCsQis8 zzD31%sra*qEpHo%ZGT-%jB6xrSE>BhtNb?svn>me=f^6~PgS1BiLD&A5#zd@+i!r~ zz42EVZ`=Nc%KyHK|5(Kj+N(fwl)|$WUa0U=VqC9sJ3+;-QTSU5GoRDpNMW+>;wc)3 zv24#{EG_eRlESqL&r*0lg%4HuaD`7*xJlvD74A@YjlyRt{6&Sor0|6bU##$r3g4pe z4;8*c;rkVSP~pcF{-wgtDZE|bzbO2s!tW{kcZL6@Fn++Bmw&9VyvJni(kK-_Mqzm; z#paRc3l>jTdFmAAN1vPy9HsDy3ZJ4dzYXQ`uT@yy(Xe%$tKu(E`0EOPn>d9=W4lq| z?3*SE%?g z3d^$_o2OdEPf@r|;W-NP3smR$+cP%h7p5;T;NppzuEw{!C$cZk0BAwOd%AS*dW9 z!V?sxKLy7FztQFJe1#V&e5Atsh?mQMs>1x5my7RK_)LX2DEuXb&sUgV33YU?P?%o< zbMZe=_)dj?tnfn$KdLal80P5wQQD7N#U<3{8fdELD#JraBDMf>u@VBzb?hCp!}G^ zt%&?uu8Q$i_r@~bVodva9yp)6H3MLtK3K@(SYg~&&&Lns$Jya3=27)JEcM!Wna3@z zQ#9u&JdfDgtAi9?NNmd23a~ZkWV%*l0uL&|9w*|e6 zZ9Hxvd6!u{8u%KEahc)WXfgYCi^b&sHj8HhZ?%|xNSjRh?8Bc~d>Alo?_k@f&sj|V z`JMpd@fgE<-D1l5ZHw6!+F|BlTmEG+$3!vul<{0YCKj_TgDoci!z`WxJj&u}z+){Y z|9e|J8@SeDt}$m?JQsM5#RmW{uy{W3LW|knqbz27ms(8yJ<;N$foZGB^C`e9Ep7yE zv$zGg%i?z6K8w!)rrl=QHNcxKJ`0%MYZ<=*m_BETHvwN}@wvd)So~$+8!i4S@D_`| z27H^v7Xxp#_?y5#vG`lSwCALM1u);iAifHCo5eQ(KV|V2VA^@+`93gh`(Qf;-%~Dv!A*R5wvHu+2s_;V!Z&Uag zgxqB=__!zuzMSz!dtTMr>nElT!S`cR$M1h$(OKthI(Pn8X1>(d zKG#2|q2kEW)yYFC?;MnS>YvqdFnZ)8qenb7dicwuhrKs?=-`JtOLv?ctd1rwJ~FJE zaeVRMhj#=Gp{XvOGWg+&(jDI7-y(YZ;@vhpd+ZzYKbev~;};Dt|F-n`V9a-de?^a! zU4Pu2gU8hHVh=1PCHOM^cfR>J(1;{hxO-joqRF!l7}6HaElY|j)05&AS^w0w`4=u9 zKO}od3Euraa#eayxavvdn7#HubaioY;Eh~%__QZx zJd_0S8BaDmbL{K$KL&SI;Lh_d@w{`MDxKO=bJdtSAAtoelfThYy||@zMaz_~mZ?)) zrj2RY2RSPXV*igQed?DN`pqFey#?FiFy@s!MlRuRpJ-VnUqWSq+xXJIw7uN_8C+xBcDT3sFZ#iGf^kSx0MNl0O zAgxXQh2W7qxQ#Yx$6m-Q5s|+y==l7OHb2#G?T91=e(^li7x?i`q`x0)1n4)7P_GwZ-dpToQ;ZXGaZ*eTS9AqksUSM-F zlVIeF{!FXnC6gGH|HR>vp(vI~b>O9>6odQ=N*A#W8+TB3OCZ88}Feg8L)n;%$hER76Wt##;>K za^OUa#7hwo8)_Q>2R(pTR^BfYf51^jE);QQM0xq`#3Vp2YDL}$82NwT!W-$dv}j2* zA8jt>Z{3TQMa=9aoJWh6N2IhVxdq)=be!ZmFL@MlE;>Fs7DaYsODTmDq6P#yeJ{Eb z*_j}f4fCWp(})c2D`g3^1t zZ7yE$dn9J)g{b%-QiT`6?pCk(;HQBj;0}uq^3so^tBVgMvGlQ2s@AsvOV**fiqvU) zp`D@_sSY8Xp)RC0bIBED=7D_b5?%(!8LCC^)#yN+%H<$T6*x;pi;#rR{jPC0wMUUc~NpUh2D#;hgy$`S>9zdqWQQQa>_{T<)cA zCpsuIl+C(>V%Y4Zxq?mI#kJdRaXkNBmfwo>_+WDBi37#>FxCPGifb^a;=_M~JZZiV z6@Q&eqg2F2QQ1r!jP#kgpta?&nAX`FvmpB%oMKj#ig14&`zXX={sUEkzRATJO5p8*e@3hs01NBpC}x#9Q;&G9zP@l%@P z7yTXM)Kolqu85ac$+0RDC841Ka!1GcY@&d(RVHlj*cwy)ELuXlz2i7L}KM#rPfU|cqwQ1nE; z^cRX0-zQ5#Y_#T-qJ<#)v6*$~SY5PccQ5x%j`35AzGbPk6zvA7n1-BIq#Dwusjaru za+FNEqv+4JbYIbueCacbR7=+D(r3HU7gM=67L7(3IG~?V+zT+G5r_0l!Dd4K5+a1# zcPOkW#dHO47@StDnmenw9tl>v>WbN1XxAf@^uEQUfhrCueg?o)aj2;RBo`FZ<+~wy zP_b(B!s15?Bo{f7pQ5qp!-Wz^9$&l<3LBCqc8_OPs@{RPSL-; zA-O808h(1}{sPH1NAeUHk#xII0?D&dV^P>Ne0`qe+7$iR8~D5hGE zxQL@;a7-l`!S~41*_d+ka^Gg*T-<;-Ry87~S5s5fNSQ)RRh2RArm1T8n8wIdH7e!^ zH&yKsbC8&-s$wdSscLjgdBRO01vMt#W~-VQUzV?GFERP1s=Z@cSyR7mEO`DOoBBQC6mqW${9k z-E7ySucCyEuX-={3W%nUi*K~#>f^C6?S@=~2+5Lb)a05Rx!kX*$1CG^ZSh;<#(eSH zG&i^F;&f{FzA<0?0bTopy7)u+;@@WNkHj4)1ZT17Fil6WriY_6 z2TUbDs*)~Bv&EH-JzlyvO$NQ(h3v3Y`Zim#G)*tJres-~<6;CIWTnf~6o*y4G@0{q zC(*zRO23Xk?m2W@dhhgPM5Uq`ILbnR4&clRaaRk0+&nHY&qy~(q0?|Iqa#yQAiqLW z%S?%*pE>ctZtNtTc1l0uT4EAdd%%S=-fk5o*U{Pdkan-+hRsOxGQWYWOTHsZ-673h z$<2(7GxboylJ7D$@zM{1vyv?&v)iPSyUvBCWu`&_OYY`c#v9VYDg=h zpJ4RZ3?CJg{DRRFA%BeXl3)G{IdT05c4D?E$0ubaIsaxvq#}+7k-9klmIDiy7tq&{ zLtKX;_p>BIS>;Y3k#YWCg~$#^gkHfUZ#fYPl;9Lo61l-ZC5QVXal-l!N2&E708>|? z!aNagw~Ov*o#MJqFjKVlGywxVM*yU8Uz+{MGfWybi^kpMU0 zOsSPXobZ=YnK}MZEK-WEhm<79 zoVKwUsfcxp>o!vCm%cAks7NGlWIUjwq?xH`sUyLvO~!(3ZJx6oF>*98Pa$^!*>X1^ zdyY?DGS~WdLteSD6vp!4UBsuNk4TkF(e+We9C#UNh9SKs$$B0ctAOKYrOZBr?5x~T z=&ej=Fb5H-XaSDW+S33Gsr*$$xy0pz$lXaIRFvH-lGne9z$kuKG5IUieN=O!m%PP9 zZ?|0X%2uRij)C$fuThV2rH`+OCV%TiG%jIpMz-W_QrIm{KHSc{yxdJbqTZOx-Q*Lt z5P2U%FD9Qp$h=j_XCrWLzqF|xci(&#^OEa%2hx75i@@lzR`t zOgeqsZ}f)VgW4;TGyJO&kPEP+*IqJSO@_bh{}c&Pawl{yxyXMCfjHqK>f{FhZ!D7Z zLg$iO{eL4+kz7H__xafzYDtzd@RYv@0o-7sd(m<^Tmn`gz&j9;itfQN9xsqAl(7br z?M{>J5yrAA6Ps5LlzoOttXPr|@jmdNg(yb`Tx0}1s2T_E<#jw9hy$`u!zreG;4hlc zaK!TP7mWzG^ahp#-L{I|-ox1KH3;v~gVfJ_WLu9=%-$FlC+i~m+f1Yj&x)iElQzoe z?8tOt?!Ta)$%g2Q$d>Me0S?~zDPYMbhH5U^Yhl06lrnMOa$sVGNC_t~k4WCxL(1p2m#TPU~j7@5gHfF^?!ndD49zBj`iO_0KN)u!l_&iVtQ;1 z-)ADdIj5q#3F!eHH_UJp2LB9DE{9z+Xi7eWT*IQ^B%iLJW$_c7;xh?+^C!wdz5fnE zxxJvcL5DvIxrWZi!l@$Y^bcVX$ioYIthaaGwh6xEU%&*fY#mPJa^SK;&FBToLRrgA zFi8db^ckCqzJy~uSRgCO@fsnx%)bVBXg3T)MR2+QC<3PTt9>@zlN%brt$vIrU#R^f zq?gNq%c0L#JAKrqq7Ve)iv_Y0tgnKH{JDsfRZ{S<&*q4G_uvtqE9**pP0o^S>0v$l~+<_B@L(__74V*E7A~MW5FhhQ;kZ zmx;pSGd>-D8y5fQv*DJ-=M;-C`F9jpe7PTsf7UF%(vQVg^DM?3bAJ)Wa(8hQeC(f! zT8Ews)+>Tf{PW0yXwbj324#W=nBbM&ic`59cy*=vkWPr5%FvZ?D!LcPc&R{A%}s|v z4n_pO1|HfW3Oh3R2mw>w9@a;_C~S2w2@g?G-AJ6u&EY>+HyW8z(F7dhpG$S5Iy?&Y z59$#oj_QL00#0$2_&jJZFCc&7s6LnP2aFBIoPbFF?wN_NEg8!IB0mV|`i`E<#G@(GwuR_A%0X1kCKI=1) z9de}9og0j}pfPwCgopC&hKism7|thB(jhGY4W1oTy}=?Tcx81smCHdEK_C>I8+-wH=pq=BiePhaE&`^e^K@T)E4YgZUfGQ}mCIq*HPJ0} zD!L8F_-KJ7h;Fz!cn!dG!!3nw_-;VfOgC%^SlAo3F!)YDf9FQT-wWUQiQK!$v&B>L-WfS&B{(KkTOH z)R2?Gh%wZgX(1;GLuPtN^I^!$P-JErGQ*PKJaLa*imRdE{P1Y%QfU|P1%ji}R^YFS z3-s6<{BaVz8oXVFEX`eAUhrnXDa%U^q~vx4n}MU`P*`yrh?5^tci)v;+(|MS={8W2 z@cSRZCnB+2lCWi;ieQH%_tAX*LjprfTl*TY8W5-J@HyPK!UZZ3fRs#1RcQya`I2oc z0?1|p6A?f*6PT1dh4o|*gj|)@Cj3G|5K3T5@(Oz;BY~+2eq#xR}^Je zvXLi;|3=!CMOi+L2^vF=pDT;A-yq9P61uNATaRjk=8)R?$Kq@S%bhM%YE#)drnQA- zqw%UtD*FSrd$pwfIF)^bysVSZJ*n(1%z0)w3OVmhWv^#wW5|`{Z&Fo_oxSj3EPDEM z3JXT0eJxxDCEK3L{)#leE}>K7s?G*@JH9C7!gG6^ZDHSB9BxK|?Iqcntj~mADarEo znhm{Pk}YD3E|H#pt0X&%Z7`u7CE2T3-#5b9;Ov8v?DMSeTH*TRk}SV97u+PFPfD`< zGDPrw34L0UO*8HGkPkk+O!hLS-4k*xe_oR9VhukF4*<;zlkA^Z`-4*Z#Yy(RsnZY1 zV7WBOjv&_$OWGAl_8?MuIy?;Ju1T^_kh9-OZ(g5ddBZ;Vy@YN|vJbL`=fi)3*iA|H zNcQv#655hv|3R8BO6b-k`zCX4m&X~mC)p*e;U#%Ku{FtFN-4c84;=1I#C3h}XUX}~ zB+KVP!7GyUA<(3Tyc%*&dNj$3!F(;G!F)2wipBg(NQ=2G$@0DR;PsH}q~D+%Tl+@H zCCSrC_7=9`uOTPVXOir@to_Z9)97$R@EUJoS@s;JeIz+2 zm1Xaus(dV=+Oq766A<^m){NgcUQsHR6W(sJ z_3dlxd&vjU{Une}#Ei~K=*u2+H^=$hgyXz2k%7H`LWkW|UT$}CGA~&;7EC@-1bjsD z0`SnS(4izaGRZ8OmOKYSOldp1IFQ5m(- z8?%w5Uo0Il9*I0i;)|tB+>@>lkY?{XtU?3FR)=^gtXnh-r8i;6)!+oY6zfR>)tuWn z4n4nzDl>^e-puiPHUoZ}!KYzY{2o&I9rp3`=U{@q?|Bo>g*sJ$=ETlM&tJP65FdT* z)w0I(`)CZpOD^8H_X8xcjwFsk)ZW*|2%bqZ(tzMTdm;Wh9R7k9P4brpXXCgeSdZi4 z;0)ZzYC`%Xf4RiCRK%MZfOU%)OVItmc)bNZJoYVUg?|{O$c=B^`PY0A$)@RtvFRI8 zw`uF)Z0ipYG>to)GW-LA(xxNXrVtuegSpN7Dfk4B;rsp))Y1%N=~vE2JhyAH``4_T z=xV8CEt64lJo?bzoxSu0gvNb@hWn#vTE2szR8qxC_`9UZ-94T^nteO5*Yn3vWP?J8 z>oOpU7Y+O)a!ZRY;}GkN&?1^^|8iQU zOAwq%gY92V-uXDu;^6D;>BL83vx$|N&A-O8RqvT3^b^H;Gf8uDym|PxU-2vqPlvx8}=Tbpd962CX zJ`1+8v43ntP3>b`52}v5y6eg8Y3CPmwE))1XP3UlNy5}VyAQ?ALJ8`Ox#=i()JeqK zmyZNXwg=Quin*L}kViU&Ilk`!t^2e2BGhx}tvSmXD`4zZG490qy z%>IainpzlxP2XQ6KIe-@dyBG@A!~dhDuYvsr$x|@csvqtQ+7z+{X96z`e9invu|cU z@nWAT&8O9&Xkvp!i?R%sA{Zm94VLZZPY{>!`4c^2?dFXy42bq>ulC}f7&tP&VL)RdFJh(ZOpTt-U1>dFG!c${I& zNOMOO>VnM>xq-K;LjF1gM+*meYGZ03F}8}$tP(PN7Uksv8)4HkOdsSAE}l2+@&zKM zamdD!=!^i}INp}B!3oomx+psxOX!J!l(S9QO9f$)_GZRH>OSYgc{bur>u!up7Ih)M9_x(Bm^FNIRw!c~i0hicS>(9;anMdT=p2a5|`X ztOpjN#y?=V;bFq?eodUIng}|xR1*<|x2HVk2+lTSD5vSe=ZJ{*%~KZfn#lbIMncWF z;X=fNhj5<}=UZBiElcT=~39@=PNVvpVxG<%yYmZ@JD}kQOFSUf3eT z=i>p(KIY}=Qh_J)#5sIte)o|KOL&?o88&QMc^%QdCV{8R@(DzaPXD$TI!hfLs9k}` zQWCiWJ7Rfq6bdb*?tEUZ7a;GE*aNTjI-W1YjxNDbwkjOIf!+5`k}wV&0OSTTAtx&h zY{Q9qjaZ(}!CvHbZ8~TDb%bBS9(x<3;u7z(%Ig^VI(Fp6QMPF~8loqXsH~8@6HOW~ zL$Lb84pnd>iM;;@(XxTZU{8D9!KFdTXBc`6QjMW5JT>)CWvkZpk0SHu_m5(bas$~7 zmMlW~Edzw6^2CKvZiGw;n_5vm?8A~?)7n&Z90zBSeA3!CJQ)bxKUc%SlDe@ zfFam-$6ke9Z<}o3e=7ex7Dj=$4Se|iKgvpRuqZO|5e*g)jRrV*)Bfpj~5tfurBvJ>zb4f(`xV-23dQWnwnPvLs-E0jSMjQ z$z`O2Hj^_SgQtW2W9T)ne++!b^^Xu|iT$I`T+%eVoScm4JEl_k_hZXBybK zpC5v^6ftK)Wo(7NLSmGTa9l6hBRQ^@n8;Rws?uEd=L?PU!*m)E;aXuSEl0ulS=J*X z@$#Y{`Qgu+Y$_R6sR$zV36mO0o&e;?0Sbm2g@cr3o@GspuVRY9k89vs8&478RuGQ9 z2*C))m1U~bg==xY7_x+%ijm*YXR6CjSp>q>8A2x~bxG}MUh3qfaHY@wp%~Ulc0-_8 zu&MS;A#aFnka*V*g$hk6Iifm{Z*mSs#f78sqbRCEzklMvuc>PV+&EizwH?l%qw%}g z*})%#8P^nfzmUdLe4}`tw0>=c7=3%2SQN;6(^TGi7tUX@u>R;p2h}fGIDd-Q(oL`H zE87}Y!RImj(l^zwgcDHs*&g71RGd2YcUvn_s6-qR_H^~a^J7ChoN06wTx*hV=TZ?a zL*ZMLqm+D#cg3#OHE>@kPU@KoPpov6Db6wBpHZ9zA9~cXssoMR!m8@k^fKBAPtD!H z?H$$h{Z+_yVL9VwGjcA4=?jHE3#4}doB~yBX-e^0z>uKhU zL)!lSPe7RNFbmG^#jUWo;xtL({S>eBH8eTL_s$6_`c-^oBA*eA@rm9EXL+le;r$od z)6(11)UmdmE``^yiwlk_y-vC&-h~%*YBQZ;D`l>Sbm+oZoNg*t#%Rg9Dbs3ah-2!! zh*6EwBs)g(Je%QEFMgM&O@&)uxj|B8v-g>k(H$b%t-m&S3c7V@U>+qB$2WTUsSO8C}u>Jz}6pao4VSp&W6MU z7o@bJk^N4K|%ITffXxXUw$n8c>uf?8<_z zP8tQv4uYmTtjL_F?7Ya@I`GI>tco2ft?fM!DAOV?CgXCb9Qzw zv_*77Yn&aK#xF9t5-qpH#nU|o5qzA(kGqVm&Sq#_TgR&Uem#a6sADba=kgu2AhO3*LY1sTm7`DUSG#b^lwiCW;B|)eis6~ z9I>llufQ@ykN>H)Vw?Ne86wJ^t)4PSTC1l{olY(}$T9xlS2eG{xL9!WF@}H3@S0Y0a}R4yK5E~%7u85_&}?((_pXn+Sx`c*SxLGn`tBz>}fuh z8r0bax7Xsa7V<(5x4=eXP2pk6#aQv^2fYikMpL)fjx|FMYoSZ}DKlY1oN_s@>Y`L4 zP_MDIvjuu83jxtvk%&z0cEMtsh#pZ|#R-}dvu(&u7SV{C-o1rhV_OG&t6>UhZpAv$ zYgr?)x*umunQ9$>Qv+>}YWHd=jKL+VBbgJi7+Kp@hm}D$mJl#wja|(>Fp%x5sz|_k z8izfzwA}pa#)b5rot%tn$w*eY*EV>!}?}=>8;BX49?6_yAZcKw`Lg}!w=0cCusEM*FMp-jc$`TbJ>fNr_Dy%>l zEex3^a~;wwiz&NEa|%YYk4uYIcl{~4AW>FseRVV2TWLb_%7dmsK-M0@j`g&PR;UGt zoBfpWHytNaG}jAu&0~AO4tp$>L}F~Z79$o6e5&4!3(cOYyoAMGm^QW3|F^K^S%;5C z*lwAm7LayyxaAodFGy=jy_`9(u3=dShV!u#q*C?GPky5 z{(?nwr|=;JHa=hA=5EKjus-unDL3YEnCZL1l5Zl9=3x?V(A8n*?Yc48=VIr^^2EH2 z%=m@axiOxYWf;E+J2%F=Et+T$Z}^hFyYaiLJiH6fJUnw_9%4RBA${IM#}j11U%;7d zVjeypz*BjN=WTOtj3>skNr~sZb8d_$#@#-ti#N~lDuv{6H?x_?ZH|B5;3jYGM)$7r zu#C(9|BP$8*RAGMSkv9pWzH=Qbv3s&)Yuz4HR`@V%`Ot4m3`h$33f*4AK!nN44Ck0 zWZ_@4qPyEt<9co9%2lkY*~Rv&RwDoBI;B0WT^*}ynAuj`)j?Kj^2WJlKm_mLamlr- zc+R)Gis$lSm+@GF?<#%@V%Z5z%`19W)vx5;o_;Z{9LhGeVa1BB<~9A2+d3Nig>k#6 zotI3S=q{q#a1G$7LKnOmJl0sd7MyVsuj-AInWSG5do}|JE@DGbE`r=4l6#T zG2t#-k8Si zV(i3h8@Kyc+*y_*o{Hplzbh;W!`$DI8)A)hik`=fi=C~AnZ&x zV4lVu3N!vu&~th~Q|;(&1J?9*AneR7V4mI+3N!vW(A$bL`K!S0=)DB2>0OL~GtEfK z(|b-~#$Swi!|^xRrm@|85tQ_3;<@oDDC={ZlNrCC;V{#-fZkY~$se9N<@p;vfZme` zGu>^DMs5JTZJ@_7LV826GavcedjP%X5VorVq!xHuFd*OS{~_Or1M+?FAM$k#$VUO~ zs$Ti7J@|0)Z0RwMTMqdyHBgRDF4rTU!%T=V$5$baa@ifblgm8==$# z?rdY5$lrMEj=xgK)s@A5@PZY;yi<*PTdQmm>zy8*~_cl;VgedWR06cRlDaAL&7L^7ObARbus?JsiH~QPypaG|wv9J7&4( zZAS!OX4xA%`J*_~*fqV{6Y$b1;@sxwxv)Fy_{e+rGZ)V@9xdx2!rCG*ofis)ErbQ5 z&E=NE?!&T;mXPOd!Z{ENXCrV5vB<};lZ|6DkVU_Zz$rw_X4&AilCBg-(g%CZ!H_Tjt}9rp|uh5yCg4O!{z{&kJGKT2m!4gZFqdWJRGpEg&GiS=Z%;UG-E%T@tt^;*^pj)h-V!E`adOeurh- z!?>PTSj8#T?#Sf&wTml3DZjUq;FKI;#V9EpA!ipCrC(pzVfj}bmVc+qye8;@{{lY! zYLV|Li_cN<(;9y_VQ!}ql-n4f-n)R>KbLVSlOGP)B|g7zw~U(%yUd#ryUd%G;-i_4 zkLvVJDXE4$SL4$X*_`A7Plp?}WW$}af#X1Ec3-GXFX8SWV;o+rVOke|RoH#=@wq;E z0A`q`;*a5*<8w_i!kGs-ulaKvV;o*Xk5gtI{Baw@IUdh7jJ<+?&xRQ$a$f7kF|4XA zsmm|kOyLh>2UlpKEtb($K#W|nsHc9a$dK03d0fqIDAUoz_`4SUmh}? z+s^mjlUeRU!}}UOTABA6oT>&TWtA&4jAe(&hZC>kL(VY8_;c?@=W?h+g2dP1L*nz< z2PTQn3qnjXru9si^Fp7b9EOuQ+Q~Qz=EUq=S$)CIC&y93@la(R$!vdyv&>0k8hM^|%%*hA-4N<<%BW#AW|)TJ&&6Rscg%j~n0?*x z7KXPsjMJ}=v!~(x4KFi%yx}tquP}U-;hPQLWB4J%PaA&C@P~#=!(u(F4UaI)Ykar8 zay`ce!z7+3T_7$#{U466H2jF+XAQq@_(Q||XDlus{v#yE{S2RKnEzVX#rd`2 z#|*!1_!GlZaB#Y`TN@S!k8bZg6TZao;fCKe%u}Vyv)phW!$S;@HT*NfR~o*>@V$l~ zGyJ0Ay>XDZI_z(Fx#4pSUu*ad!@oEDl;L*`hqy?0WmOpNYq-|%28OpVytCnjh7U4) zl;Iy6zS!_}hVL}|py8Jc|J87mEpAIU!-EWuHoT$XtqjjL+-&$@!^apt+wi4^e`WYl z!+$aSH^cJFPVKj=;F8|$m*Ix_1_~Fxso@!hn+%^|_zc4r8NSx=y@sDP{D$F=4VU5k z;Oeu6;ck>XK+Gw+rsm$<24KqH$27g z)`oX6yqDp{h7UD-jNzXczSQuq4Bus#ucUYN{Mc{~7i}&a|D4bBAj9h!=KEJ%{F#Ou z4IgOu2Zm2Je4gR!4L@P{9mAg*=KC;R9eNucXn1GC_ZxoE@H>X_4={b6@{dKeZ;v+N z(+%%wcz?so4WDNCDZ|}x!RqS2mEi`%iwrL}e1_ql8@|Qxy@nq%{Gwrg_vh+RZupOe zUo>2c8xm5 zK0h`5Gs9OJzRB=Ch95Tktl@2NVeRtY)$lySOAH@w_(Q`P-1oSA3WnD(Jlya^!zUR& z)9}v?Uu$?(+;6$ErWroi@J|f?%l&VJc&6cc!wU@`WcUul_Zxn~ z@GFM*#*K}u!|{gyX!u3LZyWy9aEyB|m(R9_cQf2%ct68$8eS8RxLiIphPO7{V0e+? zLku5d_$P+1G5lM@Zx}AceW9yE55waPA7%Iy!{-|Qh2a|w-(&a>hHLv3%iX~67KUdT zo@02i;lm97%GFU;nxg*WH<}ioNJR+3=cFs+VDn(w>G?+;k^wnHT-?UCmX)p z@Xdz*X!s?=?-@?x-rd!|hv90&BMnb7yt(07hW9euYWQ%&CmQ}=!1!wgR_ys6j<}BmKt7e z_$Q$ zU^1Q;a2f`7&vnO{I2)36dp9xRTbuCR4ew)k5n1y;oQ&g^({W_nKXW<}?4AjqZsJ@( z)^e{he4UANn+d<)@ShF8X5znR!vAK%ONJK9Dj4od)_PWxF&Up)=X8JxKaz}lMNTJ}@YBh- zU*&YR3BSqkvxXVZ_4Bl0JjU?hEXKuQ6&>Sp)$?$}HHOzQyq@7HhBr05mEr9S?_zil z!+RTEXn2X?0}LN&_-MobYxrEl7a6|P@YRN|GklBT+YLW#_%Xvz8-CvKtA^h&jDLIX z+q}dubf!MMo8bY52OE~}DRg|RHQ^HsPcqDRzPbIrz2SPpa}3WnyvQ(L*yhHxBMi&$ zqq5jgOg}W?rx>OY)TQN{-W>nJ@GlMj%J8j*?=;L;#JPO_WcXRb^4lY=+v_I$EyH}d zoXaO;xWaG`!}5KQ=Go7L^Hpzl;=P<)Z7(U+cNrw40JeT%D!o7-Fl{qdCK=?8s6W8^G$xP+_8o?HoTePtqpH)cxS`A8*Vhr_td(w zS`6=R_(;P?8|F&|U0S;29iL~I#v>QbmkT<|U ziwj-+2qz@R-3|9N+}Cim;ZcUi7?$rSbw6%u!e<)Z*)U&?=&mbT4IgCqFvEOzqKkiu zVLDP>_}PX_G2XdrAv|{VV=NvM`s-(2M!2yBk4gM>W;MfgTLv;*8J8r!ES{I$wGhz9 zM-@DC7;^dW63VfZtLF%o>&E|TvW{IW*RhnVb&%@;Ww{<;#+b(9&$Yv296vSx&3O!J zo_5TU{;X-ANBkZd{}p9CJ`UbgW_{mN=H=zb%6R;NR~IK~`-Ax#Oy;vDnBy}UmqhYg zTQck3N5e;htCc5!`Q1I^tPdWpJPkZrd2{dtMJ|m2==rmGSsHxJsGVdK{mb zC-c8enQi-9WnNnUUbz~~-zP9W+x7`%w&!!o<{0p(GH>M`R~`W7 z#AivI*k8jn1(V-mage~oJ`@fTl$nc#F<vOHcCMJAaG8+;T&GwGx8Ez%(z2P#l-aj5k)_csKlGy<;oln+#)yv7;IhbxFvtwW? z{?2k_^Qh|T>e_LmYsX9+TeHq+a7|5(nU5bowz_)s*mY_qAYOI#o@Iwk-E!09)pbc; zA%0beto?NUhCuW&o-=}AD8`g(yr*9lx|~f$m%a7PIF;iKO&j`QZI4^KmA?tU9D=t> z?Vh@)f3Eg-QL=Ib@0bwjj0Xlho~aG^gXp+q`zhDD@M&=z#f6R5JR)0rcYnq>)qjfi6`|@~k(`JA)`!CkBn;jP|3-fq}!nl}+QxQM>6^_)I z+6g5bvnVXR2HPBkS$Y3|RB{mZeiUVHMPMpj!hgsdr86HfX11ghiKA@hJv3UBF8MiP z%KMdDu~y!DoMPM~&`nCyfC~T_iGbWoGFR6GOioSv254oTiDEMSxFoaR*m?yA#lPOgx`dIyr6>tq?eR&LC`Zn-3= z+JTL@Ynt_`8jIeVek9F{2B_>Xueb;^^Nwq2LD_pfmzPYTGcA7$_HM~0%oRq+mZqR& z>ObD z^rU8RHqUNRdgd`;7^-+TRVg#6RIz56^mMF(x`An)L6S_GB~&nvBmwuWXz#FU7p`KK zCNHT)CcOlqJ&!8AkoPqC1!(`$OPO=9$`(QCFOrSiF(|#9v`PLtZq^lShUG!74`P*G z#q)H}Y-aLXOh1#y(p1(mkzr;wXDN_jj>bWi+2Vf0$u;oc`(XyheqsuLn{4s_bpy)~I<>q zg$2~O0Uwnzvo&r)XeQl^dG;L?nn|;?ijx^vW}Rw$8lxtu4g^;Hlw0socm=o@?+U82 ze+vWDJgIRYVyqyRHZF-cGHM&=Wg#nrUAA{Lm`RcvkB)Z10&3h7AC)q*HC_#&aQ|YS zy#R%xivYz-vJK-_)9$Ar& ze}l0-`x~k1yUBQR4id=tv0hNMI@8@7?U`iuP(+7$lGz_3Hj!rbsLkv#&8+H&SfBk< zbZL_K`G{8XB=L)4;nTz~*~Blq#ILYtz8bxfBt9oaIeU`$JW(KN;tNvTKHZF;rP%!M z233vRs1>OpNP{-GJVo7llK4t7CTZfUZQ^TO;;G!<*QOei#BC`G)RV-wiHb=R-(eHq z=@Q>B4V^kCNqlgcqN^nFp=s0l%hIOW-%D$?ISgcvNK+++Y9E`X89qsTeA=}32{!SG zF7Yx9?b#otS3?>kK0Qs>dy@FfG`oaW`z)LIY?t^<6q!9YJqu~@;@RxZC3pGMyOx-G z?=CB{Nw3+XWE!&lAUW$if&|iQ`r)6faJ<>G5vV0on zhwSc>6SK_F>#A91*eKla8JS-cv&@(c-z788WSP+oujDbgyX1r{n=-%mS?=w#oRf*L z_mkZEZZ}vn$LzBkiA!n8k(iMG%0E=8S;~&hGjX*CPl5C z<^dj_SF71=vk!xkJ-WR#pbjN7 zWJS6lr;wT1X-KTYH=FqN}W95RX2Qklf&%K0?s#ff_?6BM@B+jJAVJ;T}?Pai)9WDf_`tsP{H`geM z_Qt$|QrhH_Qm!2Q6`HxslrTC2D<`88$v8;?tL#VIOAJTgO>Q|K^z4>9i#=tPg+cC| zFug~3(%C({VNmBGDNX+-SX8QfQF zI=MR;T)j#Yg70GRz;e1Zz${*NOEx2fs~R;qG~(La$AI} zApqBZm`kaf0Fttb1^P^ao^jb5&4|I@x(8)%$*x0#mA%7lO-qB7{gu_t201=AE_;vp z^^WnH^@{+pB#S~xSH3hTONWv$UXFfORw|d{*`TT#H7m=62Qq2jvN-J19ZAcuW6OHV zEqxIG6eC>OfN(5Uq~mS4rbZUB@l@tCDcqV#%JIgxplr8re=Ky1Z^!N|n;)Kzg{t^e zR_?U$K`itRx^q)$@RGjh1bp0#OqykjhL1V6TfZ*Xup=@1qJqinDA~+RdWOq_MJEx9 zZL4t(ahb739pe;Z7fI8dgXmR11_2$jIX$nNh(j0f`OaUupCebtL9M{pAok>>_ zsY1`BnQeF0W(woWjK^0cw>G)u<>-KjNy;@4t7;gIj(AYG3%HluYsQ1a6R;rtBp#;y z$-wT z$~MI6osM@4sr8nNpLmaut5EMf(g>;x-@sDUZ*VBZ&Ee{Z)r*(c-Qq>zrc8qN2;$Z- z5ykVdO?+f{3|9md2jHVpX1uI0XY}I8!nRHxA#qH=meBv3Ngs)Mwuc}Ksp^js;~$4- zfP1}y*6bGlB)kI)N$IDD-1I;mXvCLMa>F;BGrObFa^uiEuY;G#CL=hh}5kb?*b3vJ3~Il{ApO=gN69l(kJ>x)zHnycZIx2s*VaLaUa|* zr^K2F-HILNH&QWH@rm$hU&SXwxdfCdJ{9slBdOxkAuki9ijRhrwOtKxIEiqE&J;tRft&$9>pSt?cqDPItO5blXmd-XuoyTu=dN3jahgFdl6 zC?DO#6+y)%_^6Z_@2<=~q)=KGvAd{+&ZMuyJWB&wCe2){S}-8TeWLroy*`x=yIS-< z7LwxDh)kCm5e>(eMksDId{id0l^53^kuvEam}hU7;+X5I>3D;v4q<)y{_A+dh~2p_ zUXqK^oAv9qXr?T0 znX_*YZxR(d(KIQwTlL&|K|DQTvvdok*K8g&B0*JHjTKu&>_NTpIvsw~6K^GDS1sla zX^7rJ#=Smd!niS76%UP*7Md5CLwZRxohyQh3HYd#nOu;!zuZT&P{W-`Z-ROD1>}qI zA6T^sY7!q2?F#Po3OX@Qa7SPvDd{M?FHVWB;)kbQ^V(L(R?l-)$8k`+LaNn!$N0ABd=_~;5A!=D z;~+j%j`?Ufim#3{9QyB$F2ursIO4$f8(A0_pTUKDCH>%}7@C8nm{CF1FR=^b-$gqk zXf+H$Yp4DON;=r^6wgL|8#wBWNO5TDi}&yb@yHZ=SfBYUepHHemZY_*DSchi(J7t` z`uv>-@|YA)5=k~=Qye~$Y{r>v#wXeIj^m?5bzY9Uq4?<3Hay777lV%xPM0@J)eS`1n-zt--P|p`2q#O{xw1W}|8uMAnfVyEG~cWrJ)axm}*F#!K08WT*Hw z(beg~kD1@rDK_JzlEMsDVjEf7sH8BF>1Igwo0JsxWHn~W(xxSa7IuXlQ`{BPN($4N zZYL?>rzM4l*yg*Z{*HC0mK5$`E)6LjKc|)!a$MIaOV^hcmZI2rPKv$rkEMklbKO3Y zOHHOQf$Qd{D*EH+EtvxU^?bZQ*8MV57|HfIK$fn}6s};*15>Lb=5?9E#aucp#jDx- zGt~`?mf-S9`sqU%TrgtY@u`{UWKU-byE4xo%F>?M>P7X9L3~1r7oJaN3-5E^oS0gU z1W%V0?qkek>G`t47%kj71v#!;uoJmzA%yNu1)b;{;0U{G)uTSMa}VX zabY@_ZjsVYj0=}?d})(|<>a{VbC!3jtovzP_%p8p9!hPFbZ5kc2UxR*WpADx7Y^eV z{Xv$_jSKu2;_(xykCEB=ap6NA8c)j7iny?pE&r4(T@n}gZ^q-Ng!XENMisz&|;(`pAFQzzP-W?ZY z#QbxLBj&wvA!I*$DaGrg`;m@Y`*MnxBoD=f&A1J(q<9j2G%m=O2d}1h8ht!2jAXjk zQXJWzjtg6GkG-Da*#3N6O(%T(mlW@0Uy2K3+466sPQ`}378m4e#WzzmSodZeqX;oLU(cYE; zF_WInmFxpm{Jly%D&K;D{+nQ{kE)2TjxQX*VUS1jb@8@X6BIV!?zlN-H9v?8f9I~c zJ?=dSzaxwbAG0(3HvS(h1?7b{%;S6G;rKYayl@rQJrwhhIlsJcEOU8GmR6J(=CJ9W zjAyMG1ecT-Hek~|B_&*5Ubu!k{N;EK^1QmdP{q3cCB6ttkCqo6V(D+h95<^g3fFS! zuQ46;11qZOC5YdPc~3XAqVO!&y)Q9`R}|_vuzVm(H5G;3xbDN4H=$!I3j8T?{E@7i zP*FIM-6kmK7uu653NNzsu$<)`Tv2G?HbmuT z%ufTSV>zrAzl8=b0I9<xaF=6s`#3uc%yg%Do}LZEd}R1R`+Rn=*z0p@q?fQVZ=Dx0I!=^MTt0zEoi0LN&&6`%i^pO`&v1yy z%qvSI<8IiRpgRMTiu8cO-rMAH2QE1?s}dX|S_v%TIjFksr3!eDj&s7Z%wE2NC6u%G z)~K?usw(bfp--^@+(}@KFS>8B+IZ5dX{4;xi)G4kRI`L$dUHpQ?cqP5De?bD)m ziBo>K4Vqp^0!P@uNw}Vo3FB)3?K3}k9Cnt4cIqm87bK2?+d`DKGL`eFdCd#pYp!2Bf6l0Xe~mN6)J2uEyr6X?hClp}*!h~# zBHq`W>f~!qn~=oUY(l6f8rjbBocNke6wy(&kAp8l+6RcQ*`%S=rhN?j>NyGMO5oft zOl3Gqs}ner!|#Q`)C@bNaVMSfFv^FS#>$Eh69sc1bEiJ0^EoAwWG5?TNTNHAa#>-B zl*P^bO?!m(HM{EI<7;;Dlh(c9r~6WZ;qR2f{{*ElcAbjw;DQq4)4#hjxSeq`>6u;V z(&~cm9Kr2;Z2!HE;Gz!AnC8%NoRje1*#Z17?)=4EUQwy{uO<5ZR{g$s zzdtS@+?)IVL$tode;fx7u5KRXn;ksu|F)`MryHexwuA0B@on;7r&$RrzghWgiEnb| zcJ9ps=PYjiuk`v-oQ>YYKWz)#C3ypQ`$n?f&br_q5c)REYlf;>oxPg39)S?nw$|ax zLO9u}H8(Qfe+`N6f3&BUJ74$1yq5MO$XC+$eiPPSQ&(|T^H!XrxjV&~YpixQ-=>9g z=g)x@cO~-PFJkTe#&o>%o8XYF`=@GneGC4Zn0NWWj1!*H@}Z7Q$+I+Fz(;y$!h9aa zXJ_uY7}L1P#o_B87>A#DJ`xPTpL?z*@xQ1Iw*8PP=atWrye6k>wX1e%cwK3RUFcgi zxBp}_YBhEYcX%oOIE}?$yB#W_{81Jkp%$mJu{ZJEiF|9p^jyc~$@sJRO~SJ4TtJ@( z!)<<-AU}rn#~+>^`uz3)+x)i0vYoh&QzQP!Ov`Cy@%F|#Zr|s{Yek%n<+=`!Rle@c zh8g}6wqqbZ`{R%0xOVvw*ycA6%kF>x`uvVJ%y53kHy@wO58pxg{P^n+=I5r%0d|{R z+g^fj$Bera`SF_`=Ewcz>UTTX=EsG~AqdpTt-Be^HovOr_>l*8F!RH=Mn1p$z%C6i zs2rNS7l+Krt$Wrm!}lAO=&;G0T)Zd1w%jZ_27gDxa`E-1FZXS*O9KpUM}8>UPj21o z2(kGsLw>IR;hPJeUnvr}G|c2xIm&n>%88{XMBiSO>rl=7o+64==iPV`IKDJ4fv zF(gHigPBs&0>yxoKjkN3DS69~U2nIR^|LL;W&VP+IHlyQVwc$?ic>0BUB(oKu+R6v zh}yrnTDHa>+uXX1JFK6j%N%QapuKFLV*DdJ#6PpcvVBobgL}-;k_ZarYNY)G5M1x; zO1YX|P>J>+E6<^rU{xZZrWiXfH=6e~9toIb{uG38df3Lw~z`YBIo8#UEB;h)E zu_rml9LJ@0@3J$yp^D$NVq#AtGY@i}zlg`g^F|tXUM$f zsUainSbXx&<-;*A)Qh4?jH5i+@HAx}#azvA0y#;0>Y>MR$i2IXkd~Ij{(Ok3}0pVX2bUwe#r3C zhF>%Mp{zQe@%y zAD^=L_>{%Rrz}1`W%2PTi;quPe0<7(HD!s9Ps7E>r#vWI+{V#{#mA>{wld-3{%Rr+kLVQ+#|HE{9*2{ktH1d8G+caq%Hrcw zUTorvk59w-J_?tQ`1mwje0<8{<5LzNpR)M)l>ch-5g(t1_r?#?T>j$Y({SC zK0amf@hOXsPg#6?%Hrcw79XFo`1q8?$EPelK4tOoDT|L!S$urT;^R{mAD^=L_>{%R zr`#K#uKmTwr{Ut`Qx+eeviSIv#mA>CK0amf@hOXsPg#6?%6sA>(v>SdJ`EQipR)M) zl*PxVEIvME@$o5(k55^Ae9Fslap}quAD@Pck55^Ae9GeEQx+eeviSIvd8_5}6d#|4 zi;vI6H*v(rr{Ut`Qx+eeviSIv#mA>CK0amf@hOXsPg#6?%Hrcw79XFo`1q8?$EPel zK4tOoDT|L!S$urT;^R{mAD{BiaN+LSM0|W2E zAD^=L_>{%Rrz}1`W%2PTi;quv4czOv{Kdzo;o{>{79XFo`1q8?$EPelK4tOoDT|L! zS$urT;^R{mAD^=L_>{%Rrz}1`W%2PTi;quPe0<9FxLI=BB|bh47ayOp`1q8?$EPel zK4tOoDT|L!S$urT;^R{mAD^=L_>{%Rrz}1`W%2PTi;quPe0<8{<5LzNpR)M)l*PxV zEIvME@$o5(k55^Ae9GeEQx+eeviSIv#mA>CK0amf@hOXsPg#6?%17a5)$I%M@oBjD z_>{%Rrz}1`W%2PTi;quPe0<8{<5LzNpR)M)l*PxVEIvME@$o5(k55^Ae9GeEQx+ee zviSIv#mA>CK0amf@hOXsPg#6?%Hrcw79XFo`1q8?$EPelK4tOoDT|L!S$urT;^R{m zAD^=L_>{%Rrz}1`W%2PTi;quPe0<8{<5LzNpR)M)l*PxVEIvME@$o5(k55^Ae9GeE zQx+eeviSIv#mA>CK0amf@hJz@#eP^}xUb=1h9?-_)bI?$vkfmYe5m2$44-Crh2dWs ze!%e4hPUfqtp7a2t%gr9e5T=x4PS5gF2fHSe$Mb)hCel2KA>2i)eNs?c&gzY4A&cO zHhhTTV-25b_zJ@}8~&}~M-9Jd_-(^~H=JLyxGlX64>CO3@B@aQGW?q1l7YoMdl+8B z@Cd_G3~yt2H^WN|A8z;r!xtI8*6{6y?=$?k;g=1+XSjJ#aa#^D`~$hr?pfuI4A-=~nmC6V{*mGH$eL%H;b#oL zZvj$Fl4(#fH%SqpE@*J2E zG0AgaWiGq;w$9AXm5bX!&-aDJ_~MGvd>%u158W3}8Gb=Ig*;wWW|Fs*S^D%O*GTVL~Wj=deUwIAi#>xZ0e2)S1 z9}3<^c?4KoCkP)0-dV%>e4dkY5J{_fa&x71&?lqg0KU};)AVHE#FSa!q+nEacf)dt$Ut%?DxNm zUcU9iD_$@8q;&dr6DOl5wBZYt$4eHU7uE*B;_U}4J}=f~qr>mv`|^@QDt50ty8HU2BjQPXppI;i!GOo}qi6317(IJ;neQRsCyJe;-8g$xdobmCm7LWw1b zbD-4nZ&ukH&A4}b0OoM3mJ7T@I46`>s-jF zb0M2J7q&zCtZ^=6opWJ1PI1}9xzL8~&VE(r0^e_xQ|H2)$h#`1&IPt`&N&xeM-R$5 z=fclXZq7Lu*!Vf?T*!UX&V?;l7j-UNirQD@)VUxvcFqNnqR z40Ji?T*#?&K@vOXf+Tj%1xf6k3zy+4H0PWPIdv{bV&`0t#Ll@OiM?}y-!|u*b0MeB z1xf6j3zFD57bLNFE_}oWyGxx5Idv{bV&`0t#LLutAc?(mVRM%3oC`U1E=XeMT#&@h zxgd$XbKw~t@y@xBQ|E#tcFqM!?3@dd*gF?aW&iNbg`7GUB(-xcNNVR?kkl)6E*!~Y z+&dR?>RgcAoO3~PbIt|H%{v!vz=%b73QPZs%OcsdJ$( z`@>3|3psTzND6~*eRgbb)VUxf8U)VXjnM}{x!T;Pwna^JXfq0BiK%G9}V8rr(-JYLqP;an(F z=fWRxl~?AR3+JF_W$IigOPmXQSyGvIE|jTrf#QlX?_4M|&V{m~bD>O~3#*~6%Wh@C z;#??G=fWJcW7(Yy7Ux3QUCV(3^VIT|Ip;#ig-*_eqglRcGcOumeB;Yu8MWnbF4 zkS{tH^4__Se}~(eI2ZEHxiAk`uX%MYs-h?=fa2RFL~!&pr#=IpW<9Nf*YgGg+tgf zUypNP2s(8BD?1nBqH`hk&V|@H7vjXZ&>x*QHqM3EITse-^ct&kAx@kNyxonBb0K!l zg$3v~u{sxG?_7vObuRGV55>;8@F*_(V((nIm#fsd@E{r!ubvm@!eJ=AZ>-J*-hjo< zxj<2I?3@eygf)w!@1j@T%1F1)~2jS}YqcSNMl1-c3Gda1;@a5~aP-+7{ zAk}lug(tWP&bcs<_51dm3z0e(coh(N=fdf@#)#Cp@N2G7=fW6VICYDRb0Koh1wK-U zz5(aLPT290Iv2LYKJ6A6=R)M13sU+w;#`Q-xghOhoC}e0E<{D=LZr?GiEf<>k#R0W z*0~UQ=fWN6Adz)0MBce@JoiD-xiE(v#yb}xbuLJm#<>s~=R#C;E=1~Fkm%OA5Ea3t#cvr&IPGr(Yer{$DBGB7V#)h=fYN~dbh|p7b53ekbU@dI2Yc+5Fe>? zpRk8>&N1C0<6MZGb3t0@Yj7?^>Rfmoow!?MoC}e2 zE=WmV)wvKE=R#C;E=0z;5P9c9q|OCtV(VOptaBkU&V|T17x>oJ$T=4%Y>QUvTzHv- zqH``p>Rg!0!`wL+#>+7;Hh}8*FSx>poO6M%JdK=l;qP2nsdM3C?83-97b0~o$fga;#|;$ z#JLbz=YlRI&IMf<9@F_2Ip@OLxW$;d)-VdFKLOdmnk{!rz$AI~SU{&N~+-vjp#4prJSN&V`3LzIf*X-ohM2 z-nr0^xp?Qo^(?_V7Y^bUdFR4hmf)QWyYbNQ&V`4Wr*|&=4`X`g!f=-0oeLYXcYEi; zW{l~b3l+@MI~S_hL%efA22AfAOYhT##Ed=UiCEoSkz4 zZ!AWesdHfo7ybpE3z0e(h={M&RcMCx3S#!~0PP&TwW7gFr)U(va66gO%~ zI`y|ff%q1{v=9uGi-7&o(=cERluLkwg8`qSC#UvHr-lz^g4U&65N>J=Qv0VTGlBfr zXa6)`OM;(fQ6Dp4CJ&%&Nopra)PcVT0UM}iYk~-K$>SZGJ(nxo3s|S~) z&T)|jn@EF`NP~9b?hQ(5-bmf-A_k=_G8k|a`{zsP)Elw_n}7wbSreNOyLzmzeKMiBeY=#v>^95?}C0I_-vgS^P3ycA(; zA*>rxyArNJ*m?*XSPWa|CWLK;FpU$WdGeLL%wIM346^J+*?Mf;g!M2>9TIMbww!QQ z8Tj#pCz02~b3TM`%j53!g!%8PQ>7^hU%M2%m+-`%G749)H7Z4gGBKY)S3epp=kh%PBfmV)mDCSj@~pI-oKu} zq$_<1BqbHBEX6E?I=fB=dv!=hy$N1$;lwRbFN~3z5i~PgTx+a1%S8B9@v!0|Mnx=S zQKm*6-Y={zY#+|-H7mcf_*F)f1htaMNJ8HdytpQhZq=id8kCx1Vhn>!$~8=iQHJp` z?3qv`9%~jQ|8Z8UGTyjY)^RIvylREfE*nCvf`h|1gmYF7A##E=Sr0_=|$tv-sH}Jo+qt9w0pCEPfs)JoYSp9w|KTEPnE=5(VSW z;wN*Df^~e}JRf|CM*6B%Ns1rui)VgcvUo;M2L~@(WID8XprN8XvQ)8XttcF>b3oI z5bGf1TLOPW?DVwX7B*%xjA;`0mIV5u=d~QEk4As$- zn0ovil|X-LTvUg5GdJuL>^mQNYrJ85zd3;zhWMJdd1$A)#>KPe)-^OQFD!4^kMVfiX%GCCB|SVA=GBiLH{P|&5*#68M%O_? zuw-#v<3c%jAOvb@n!6BVQ~hE&V3JnAa8kEupN5v&y8RaKbwJRB7CeAkBjLrCV-dyI zwDVnyjdS*@UoyW{-h58|cf%ZJyJT@tzi1KK*&Luv3!QqYp?OJi=%USAn>cpj^^dKx z7n&Mo%c0D4e3|;v3F8+w6_p|Ln-|Wlmf4bp+>AMm)jA3k-@HC&q3q=r88BE4?Dl&0 z|2lcIwYNAV8_sks3+ge*qvS?(26Pa&zx}W>ALG6shfuSk)xxKct=M=+*1Lmhia|_( zzS^z~I7b^>>S2eI_o@<~lsRZiKskM(tKUl=k zMV(Q zWQoE#cUr4!YLw$y<#SjJzM5yKLld~;TDtmd=|I}Alg-r@;aOU{YO$e$IdVduhc4Q( zWYMDL#jSHN;PU+5`N*noX{m!GMUHbegB(Xr(Z+6_9HuL&ogDS3UGw5bi1_6AUNmRU z;yT(p+Ks+Az?=6+Eta&@&qXa-P{Rh+YSH56*5-!h`N5o}94DGu>!!;w?1mHg;$%Sh z$6ZCmlaM`@&4o%G8cFtbad6|9mR#j%S7LQ$H=!TSZt%lfQ&Pvp!Iv}_b(XD|i(Kph zbUFM#x~7gV++FI%p?URVCX97QUlVr>?KXNG=qPOtg!bLv9hJCMSbV@DpG?PH*Ty=8 zCf$0Ug-wY8#_xZQgYFz62Mj7X+E*zlP~*sO2$>7IR=aSXTwGnWhVJ-jz(&t;$N9qI zR^x=2Tx1|V8{D5O{C>cS;`zXbviB{Tk82FMc144t>hmzh&qqJSX%EM0K%2{AoC+IT zf`!<-tt^zM?Aq}-WxI}9w-8qvEkUxgrGbNnrbYA6$EDXupO+SsiyEAK%@)fgF*lh_ z5%9ul2` zFFSEWFHS5z7@*|Rwf(`sGk%NL{Uqz$2xbQVK!+p5J#dcS>ny1Wm)>%vjs#k=#Ng29NBQEgAj6stmc@&CGsGt6sCL&#$%!qw-7mJ# zJmez7gI?B4`zC{kZ*!g&^@@+9A}@~E_$uYjdUI_J*I)pwk>NCGYF^OX zDBFc|%A&<=-z|RUciyrpQMsU zA988L=1Q*7UG24i_7}RzfUdhGxd`nL-|S4g{S$GMhl|q|y{stStICN|p1EL^KSu_e zZM^Zi)k7N=H@CF3HaE{7vGr!vwIfH@jI3F!dhEyvBS*_i+pF<}2@eQ^S*>#x;x=;n z!o8Y=NQZMK{_V`|-&(`QWGe)5((tY1?$dCK(lYs(NB)0WAHd@{Y8oDC^? zh+BMaiSMlZBys*R8&bQ|)E9RiwNJLVnHQTQlPkA@<0fElCxWHMIkT6{t=o&w2ik=+ zu~kMUYwKsvUOZ>NcB|(%H?&*E1BQjXP_>zM5j4LEPdhZ%me$3=$cE+x3!w1|MlO|| zF)}GuR7^`-N6v4;8n=Kej77dZzW`Jt4tEp21eA&I`Ek3D0q#NbYK9qJvt1B8kI&Wd z$MlRB<8KpPcKI#CvYlL)*c^dmJW!QsnSQzt7jIhxu#0?Nyj>87X>7UdYHo7dF%tof zxvpw^)ENo69Zc)C;~+5elV_~>+!71J@#!X)$H@p_JU1=H!X&qVPZ#e5!(2UUhalJ! zpDZ_rKUeP0z&5|Dv9KGytaX!HcMbwv-duMb^1B3I+%Z3VmFDxi6713dgKpS}PuxbC zb;(yC=*!*YU5=A>KPv@rxKn(8poKRbE~#OJUgT^KTc}_Y`diQP3q0qE$2mhZD-QEzb2Fms#uLl#(OVF5?$RW=eU} zPZHSKRm7fLoKo$qaxCA~E{TJ$c8ZZfo!v$D#bI2}9#Nd=CbE5$`(a{nwd|M8IxO$l zVR>$c<)s~#kM6L1T8HHeJ1pPOVfj8?z89Z8uzz0Zu>O+{%d40s;r5K_u)Ix&<$XIW z|4)bIYdS1<{cWSYvcQF2atF{B3!~k43?0Lmk%sYMo%K1nX96ssxJo=w8e}e4^jBE#*29#!tw$dZfk6QcmBuHs6K0$6FJuE^l0KlP7PgCf&n-8}G24R7GZeR-%(F=; z{@nX)rN31o029x*?!BYznvU7+oL7tayLa0%e-~$z;qivoH@t;mTsr%-I~(59@cxFE z89v_dnTA&wzRK{;hVL=_km08dzh?MD!=+)d&eev+v88P&jxA-rZ`QSsIJPu=j0qRV zmWGRCOIaLS%Hr5k7RQ#dIJT5OGacpV0IJT6< zv861IEoE_RDT`xEd5cW3ZsOR|aB*xYi(^Y!99zob*iydO*@hPxKGg7WhEFrR!tgH*KVbN2!`t;Q)?XZ3x{c!4QWnRSvN*Ps#j&L0V@t!uv861IEoE_RDT`xESsYu+^#h9AB91K$7sr;eIJT6G+Z28%Hr5kKHS6?$CieRV@p{aTgtba_~O{oaB*xYi(^Y! z99zob*it@dP_dprFf5KOjq{udf5Y&{hN}k`^BH4!3&XPvFEV_H;ZqEsYxow!&l!Hx z@O$KvK&Fqt?pbIBo~?$sm*Z3*>vr`s;R8(ga1&l@!q+q5(+zKJ;_O1sBxTi^@D{Sx z;b5}Xa~T=;OPo$Haeiv}5)=P&Ft@7_@$WL>zct~1Vz`#|yy4eP{I^W}XlOBh-f%Cn z)^jy5%RLt54l{8knmFrgoRbh|OA}{T6Q@q&`~-0pnm7lTIL8}4kDNhdOusPUw;O)h z@F#}5uT`x7Aj8{|wGZrOc%I=_!^;dGXZWXve{T5qhMzOs8^6bJOxy`Qq z(}uZgT{t(xF~7Za+{ZA63LlQ<@yu6VxcD0wo@#iy;av^a8Q#nA-i8l0yv*x@cxDm zGJJ&L9~eHtFu&J!Wu0#LEW>;^iHmcU;a?fP+3?+l?={Sqm$-bMHT;_4Hw}Me`0s}K zmJ^pxFT<-F9$3WvM}aGpCxWY#CxiPbZvy6bZLC8hnEQ*&F=n(f&rN)9 z3&VL1nyk$45;s%60L*>IIG2KVP`(Ddlk!bqP9YmuC&w#mw}FV~+O3AH=QVg3$Bcnh z(M_N0VVp2w%xH=H`5wljHbX%vybVL@I5epCZz7U_uVp4K#+@e{8)LfW9S&%1_>J1* zC9_4vID7j6v(HP--hR#a-HuwsB<2%Q@;PhrRuzYoPbyu%azK61HeBVw7m{ z=-F!lM$aB5^DnDo3|8Dbs;#DNNZZi1LR(ea8Nr$OwtxL#6dayC+RD&k+`lVxFy4oC z&cVoIsiT8&C!F7TykQM=~!T2_I@RxNk@*C36bueCoU9Aqrn4KzdFg}Ok zoP&`a!#Nn)7o3B!AGX^$7}+iUSq?^iA^TYl#>+8Sf0l#sBy4t<4#tacfUAS?1#I_M zb}*iXiZ};jPc*Q1FtUZcgYmEELEgc5AIkL(MmGMp>tNi0bx{Z7>!`hVFiMS`gHdYi z9E?(9=U|i?f2$70w{T=S2P3a8yn|6{>>P|zW9ML$8aoH0)cBw5U}T5(4#snEe0m3C zUySW5cQEe4bR8Xxl9_WbN@mW%D4BT&<4HItb#gFDV&`C##LmGeiM@kyJ_fo@4n|4r z9E_6KIT$6ecQF12XXZ{0MoH`(jFQ+n7$vcHF#a$1cSi@KBz6u)N$ebqlGr;KS7FH= z9gLFLIT$6eb1+I`?_k`EC3kc%N@C|=l*G=#D2cs;@f9BN9UY94*f|&_v2!p=V((yl z3;o2czWX9gKg&IM&(0D5;%;QBpex zqono@#<}d=9UY7lxK}>c!6-#I2cs0>9E?(gcQ9VbmhR|alp;Dg7$r;RV3aJKgHf{d z4#uZ=oON_CN|v1*jFP2uFiMur!6;dJ2jfI`rj8EAB+HHt#w1I1FeX{5gE7f6GYv;F z9E^*2w&>_!lq@?r7$r;RV3aJKgHf{d4#tykLhR&Vlq@?r7$r;RV3aJKgHf{d4#suZ z13EbvCAB&j`P)qAV7!atpE?+O;2PXH82Q}AIT$zR(V-5;PZ{4i7%%5SCkLYxr4B|Z zN*#<+lsXutD0MJOQR-lnqSV1CML7rKb8M(i4n`?T9gI?xIvAxWbuda%>R^N$wnslH55MC3(@o_#ls>P7X#%{y7dt{?N3ugHckd zgRz2#lR6lauBQ&h4LHE4gYj~X3}4p4I0AQR{{#o)FVWVW9gKZ&^mqs3O{iH12jdVN zM4cUs`=D{Yu!C_X+PVt|<3hA!7Y@cAIQ+eXu^*1}&JM;4Sk15MVBD0Md>IELe~0x= zIvAH@!@sD5u?_vM=wLhsHS6SH9Ect39gHX9THZStkL4QYVEi6)>e9j36MNn}7=O;n z{iiq>&*H|YgYhP|%-7>!tU-tVmK==hqw{v@U_2S8*A5Ow-tKnkVB8Pg<})0Om*KL) zI~aSTnTig^m$*tDjBlVZorCdbDBU|4c?0GhjQocT-of~N^f~Wf{D^CugK=;4IqzVk z9>O~qH|D~BtAkN?p>r_SvyHri@lO~bor7^IMtF5FhBz}i2P1ccb1?n^W3hKIUW>Hf znuGBY+%h@`<2ZIn=U|lTIR_)fuinA95$pHuI~aKtP;@ZT^XwdqrCg&9#`SRF)U|_= zj}*QM2V)C%ymK(l#6IoX!6>DFqYg%CpD*rUl;~g5!I(w|S&4)3cU)C;Fn*66rjvtF z%KYLEMv49<9gI@Nt{se0#iE08R~~cfU_6CKfjStQQ1z}IjIs~E4hLgz49L#G*d!gc zD+i+#_fK>%O7nlVgHfVBxI@&z_%3&dIvC4vD(c$7C@u6gIv59IAnDq{C?)+< z9E{S$U(UgJJR8qB7_UX^t=z#_!KfV_j7Q?C!aErE$2l1J54604@o?^1 z=U`loS1q6KVEi5%WTVt@T#;U$uEslGab&0NL|42zT?lw0_7285tb}(k{)p+kgK;2Z zdI#e^>y;$U2#`^GyMYgnFlFuunA;T?>B=DzX{##Oit-odznb@2|yM_8VB zFh0z~*E<;R<4*Pt#$H_K9gN3vop&&9&Jw(X@waSG?_hk3=wRHJ7lPiwxGiIP2jdv# z=^cz)vxj&GqYRkd!6+l9cQB^e&%A@NhW*n!80)zW-of|>mhK&lwM^$7jKAX^TZw~l z9k#r8FivF6zD)!T4+G8qUGEjGO5ljJtEkc?aX|-2L9c z*pKVHgRzDeMBc%;ADhlQ7~7bqcQ9tS!@YxXTh`q>72csNT&cP^0m3J^+ z!6r}#4{>!co`yc;9gMO=orAGAyMS{r7T87q84gBiEOju}u%Xq#81uOQ ziVnuR*(O~$808{B9gK1b;2eyr;qd!B2c!Jhr@e#mU>-nSI2ak#I~XtF@zaHaQ6f19 zPGT2?X7Pc+L1K#RLbE6dRI@l}2}Z``bwl@&&gj1ueumj#HH$;o zO%u)Ha6}oxj+$r|XJK)$coox#vK&i8pTrOuj;uu{e3uE{K*zB*oH`x>!{}AqdNKkp zz~9>RD)Rj|oWhxh4Z$xy=~WET!99#fyow{#t2nX|aS<_i5wlVBD(*wCV$C_&Shp%% zSbHZHhyMz*0nF<%z+%AY4qnAtdKHJ$t0>XvRpig0F^zFvMGWvk*qR-Rc=Rgrm(I1~ zRUAXF;>lQB${0)dPb!AftH>vBwc=GAL$4xVXC^WB<3FevPOl>6rnTZ#9LtSA0`0OV z){RTNieo1r>=c9@E@3mm4aYgJqKmN+V%&%rKQ5*kzbV504`JiC2K*5)maXw3;30{% zQ*;PQplNYjI0M#2WD4J+%W(zbt}-mKGPkzgs!suYsuyxuHwk5)J zIY?iK0NMMkfQlf??v(fz`P*CPTfCtRtiHurWc4l1N1t)N#XECg^(}6TR&>6_elp@# zu$9!e$Tz9Lw|E6Z#J4DP1}cExM_$VcuvQcQhiC8iOW05 zZjUPQG4UuKj#DexC>=eF?C6!#kX=C2X)H=ZW|6w6{kIn@dA}%Ss+t z!p2HM*6YWR?-Yy>3eptatMG5FVBBz3F*0`aEe>w)Tcm!G;zpGy4lN26>031V#YDbn ze2Z&$^eql|zC{r)(ziIW=vy3ReTy|#rHG?5@hy%vp-61?i{e`x>$HmWH;yyD#qn4X zbcez*2)?v>G0g-=k;_kqY-$>j#ez>^p zRg6j88T`0g;_kr@7q`8YF^M~qA1*>s#mM1x0sg)Yy&`kBdPSZVK69(TYT-$N?S+b; zTOcDO3PlpL=u(>anfdU9`I!-TzWmGxY#W?LFr{VA8SCOEt{;FuTt@^WU7&v2c>H%e zQE(&9#sAGJM0y8t4OJ8x;zgMw|2Lht{1-MNnwO~-UvrN=&DWgrov5lF zD$34U=my$re*Ijil>Jba*Rce3$ z3f{v7@ElUedW8tq$vcxFg*19FRef=M>1az_nVu{;@o0A6qDzsR{9mI@MDyA)mhwn_H#Uax zz4X=J?&a6*oit2m#6KP0pZ%Rt(KTdpIDBVR{Kt)o=%nafez-9oFJB05#N|Y zvFHTE>)!GIceX_Cl=k|8cIOJO4ATL;LCyz0^uNNEsAhxj%!uMa_WM4$01*EjRl9Nn z@=rD+CL@e1A{c=FY{0l zZU@tH9k=5U{IPz?v-u#Hp>Yr-lgmTi3+Dpy*@}3R%(9Dj62csF_52<1H90<6ZVrF0 z+!bJ!>!!=Guq(b{b(33n9s+EB_aeXRdL{YcyGNhj)nJ!~dF1hfhpcN%v+gd#j8_nhy*p|C|A8ZHm<96WpAHLj2Od4QNQyT=;1f5)d4`A8m_x!@3OK;+d?$zaF}d`}gnob7_FVQsmd*cD7kZ=Z?*9TjZBTLgrVc z>zE&Z%FX<0@W<&-V}jtG?g?|wb^PnuA>R2oUN3GPhx|0nAN)UiX98bWQTG3H?!9S}<~Cgtx=|#hE2U|Zbg@8zwrnlC z(3YY=NRu=PO_PwNi?UR#f(xSH4!lqV0hO0sKt(}CK~dQhP*gx<5s<~@kMbh_-|v}u z=1%UCrA-&;IiK8npEGCXnK{oqvz#UKJ^!d6_#6VT#Bz_^#L>qF!CR`t(+9EJ=0(A| zzW$DXFy5_%EU#}V?&tZ@u|G&yUJT^`2%VDE7SHn z()Kr{?SDRP|LU~;JMI3j@k>r3--gzW`M;n$_~kxd!qScVY+t%@f8VtI6VvwDuj|J6 zUrO7*BW?e8Y5N%*Ma(wvsM1_@6VW`2H!j~r#6-@Px?hQI9WoL69PHemulGEg?_Pqm zYhimZ2TBol{PhHK#284}qOPsTo@KkT7TJMfn~qOdhA(Ut_=Mv{lyw-xy^PH9CA1Bl zeR(+1gfE~x$;gLLo@``}tIAqLcO8UNO*qw&J;<#NAIdy$zF$I_;}hFIWsVUWtjr|m zSeaw%$E}PPi5zQ@??ZgShL_=&FIZ3yi^}zeDYF=qi|n~q*>Ku`a#0z+uyMU%#;>q) zk+sPJ8$KJql#8r=c)pBJJ5g2!=3aTjU6I3qp?H8W;Ax#)!2+b#rs$|LL`^7klzj zPd?3)n>~5GCvWoPFM0A^p8RW1{=FwZ@5!U^{)d)lZ%^LelaKaf+DPky&s|hzHKygrai3Cl`70 zAl6+WzOdnOpo?D$S;rI}Q$2ngEbzjUp3G;Q8lTTNRrb&85tNe*KyFW1nY%nkhO>M8 zi_(5L7ru0 zjtl!*nf*Uml+26${9-F#0r?m!UkiDum2ZUnK`Y+@`BW?44Vjzr41GD54JR@_^5rId zmmNF6Hk>oJEVcE@Hk>!t&(4;nBqh44pnGneUDZps;#8DtgT{WgHf~e&5rNKlH*q zZ{9TGo&`f*16$BMgU`he{0L5|Cw|~x;4JiSe23GKb9gX3{1JTU(7J&icpL^C@B;_q z9YOE|3osOcA9ykXQ~bcE5gqGCZ9-!31LM#Ne&G8NGYda(E~ZMt4_pDk@dF!B$v!{u zM{oek4{RHZ^_%AIhb#(DKowbjAekeX{6G@TlplBy3atFVLNs>A51fpQ9Y3%Po|>H> zcni}jKaljq_b@;3ei+vA1HX@Ibo{`lVQ0q=ETa`pO4Pt+ZDEk$n+~MW=5<0C9V9pk z^O)=p4H8@rizHgv&kITi(P=C{@MLtw{pAOaN5OjK2VRV-w*0`QbSlFSJQ~?4Kah^0 z{6PAG@&l`(UipD^iyg%ee2L|_ehI217&w68bBMfKLBT?j%Vcu9)w0^`GF&G-doKNOduoW2Yw5>9Y2s3cKpD}=;$3k zkW1b=ejts%effcF;myhqoP*LkexQ_C`GHbmtI?S%KQM$-I)0#( zSowicV&w-)iIpEHCEmgOKsvPJ2cCoW>G**sqi@g654@D=()od+O!JgIBr zQ;-IUZ;XG@C02f*BvyW)BzFA3<5}P7{6NWB`GJyH`GJzy@dHoB)HZ`3D2bIHD2bIH zD2W|Ea4d69=Lbq+uR$_##>s8oKSs8oKSsC4|mS1=G|@B@v?bbg>wY59RhrR4`2mC6s?%yA^0A1Ep_ z_<^EQ`GKNR`GKO+@dL30UM4?KRA%r4MWylsMWylsMWy2hmeT_^=1;^xvpc*mS#UR` zv69;I17E|yt^B~hva7KCz<;sB8dfkAemj;|3d#?>h^@o&1NY+irToB0m^gzUC|Oy4 zpk!tFfs&Qw2TE3!A1GN_exPJ!`GJy^@&h-}P#OF{$;$ErB`eDhl&ma2P_nZ8K*`GT z10^fV50tEwA9w+Kl8S=&qqaw!9~K^0@Eb^``6@q9%&+`FF@J7;;81!^20u_ruKYkz zr~E)sm*NNB!A>!QA1KL{A1KL{A1KLF{J;sUq6~hZBv*c*Bv*c*Bv0`J&tvWx{6IAb4>Yc4`GKwMU@SlI4UWM5l=j=;NgzbM#k*x<|G!0yPFVDRQmOi`2v zTW9hESEBVee&EF@SsFjEfvIlel}s?QEf{<|btQ@}g>m}K4}1x=l!YI7If|EsANVhr z!SMq_?)?01#LQ280ghk5b1MA^i@CM@z;RU4AAaD=$bVb%19^X_ul&FmMx+!!@Ovm( z20ySF73=tc|G}v3_<=X^i1Gt}3=huE4_tJLI;Q+SOeeO zPW-?UIB!;dU^|A_G=3m2ceC;XuYue2zz@6#E#2`0&xHe}_<;}bkmU#73u7uja1(NO z{6JoSIeuU(3;c=j`z7c-lJ~*q96#`Xc|`ev--OROe&A|qzB4Sr&F9kO6z=S*{6MKf zWJmm-Oi<5Kwz=3vKhI z@Y0c3fcq1u)9m~}$$gvh1I0dl=Lbske)0p4f`jDX2mYOhQvARN>GK)WnVxa-#2R5Q3$<7ayoOTF5P)yuEe&7%2 z&B_nF07Fi0e&9ijn$8b=6|)M*4}6L{$`AY-W*Cki_yu-+$`9NdZk(GRcp0iNlOHIj z)(b!ISIj<>A1FyJKd^{?(+fXP)C?#;u!ELUexP8*lplB}eK#vV@DZBf-?3|8#nR+& zSnU4@m~mwC`|Liq4L|T!%qJZ`kpBth_<^^xILZ%P&+}1!;0V^H*_oZZnmfu5Jc=jR zJ3nv^JJ%fiz)D=Druc#Tvk;CSco@?;e&903bo{{I&=nj%u!89vKd_Z2>G*-ar548z zyqZPM!4Irty4AuttjI6n`v$S*c=32V?anW`kLT_9f&XDy96#_YjQQdC`w;Vv{1VQ| z`^FD^fjV>W121FUIDTLa^K<;b5uD;Ue&A@Hk>dv*&U0}5z|XKOjvrV+Esh^}CueSs zANU5_uj2>4#dMAz_zNC${J@Ve2geWmKj!ZEfmgGCas0qTnV;haZlD&&59A6ODSqJ7 z^mxY)+{_&Q5dS|YyDC{Sh&Ao_f&0)i9Y64wjQLcY{OB8#CFe7Tr{hg%OSdLVZlRSN zKk%cB>G*;7v$;8b;Is4)#}AYa)A0kP$8`L_7icrb4}6wq>-d4!@f;jKFrW43_RX34fEKkz^nJCh&yb(YHV1NXsM=imoEA+DkPz?*oQjvx40 zI)mc}ve!%T1CQY`#}Ay$36bLm3L4b$17DZwmmF>!QgS#e-0=f1Vud??;CYPc_<^T$ zF9$#Hi#+D|f!EUA-c0g_UPW=qP#$yqz>`_wjvsg#E64EzKSRqoe&By;i7fm;877q< z_z9l2@&lz=DL+tJmE#AVNAI!xz(q8UCRea?a{R#Itl4yapya3gK*>+}fs$V~ zexT&1{6M}H=lFrrZD!>MN<()1z~|WgSbpH=C|iEui|`@G50na3ejr~Gbo{`xcp^K3 zA1KDM{J;}vXv+^gfZo29{J<)nR2F`qOad%FP^JLN4gOjM)2M<*ew_E z-gMevnZ}rZBVv?afuI>*#8+Y(8GOUxoHI!S)M&An66K@;&L9miF^wp|1&D)nfJg%5 zA~l2X2^T)h>_`Ia!qIXe0aox8(KB#P&*505q4-s>fPC$qBPEeO03(50*Q6gJqDdX=Y(a4b|?|xxih^8h+p9|=_)-Y zU6mey_gki3-jb4o#t<<#yE|e|aCY5;==#`p$H!9V+C)5=KkfJ=g0nU@UQUS}VUG;D zwTKV~)%?-8IT>_pzhQ7He>84R2AxJoG3eOw^rM{Ylll>z9n=;?H;6djZf85YWdP&Y zvGyYmo-n3{*f5c`8_l8{kMD&KI^v*Q1MROL?@-P!1?IYo!ruS@s;{cWdWsk_xnx9=$W?dK+PSQrmNaNKTNCqgWKSCMev!uT&b3julq z0Pbf6g`*(E;+KXJ62`Chpl^ko_Jnn9)g7HRwX1_On(JGF+OGDs^+8ihOMN?6N^D$H zQ(IlvzOuoQbXr$-t*T~Bvow5LE3qbK)x~T8l%S)&qob*{MU>TaG*;I(*K~AnFT%K$ zud1u*tWokCh;OR^gFC%zO4jWZi=C!bO|>7uq`x%E(fQ)UYXr0=bc&M1HQR$}| z*GBMG(A^bbYPQcb3_%&yssoOe92;SwHg=9?u&bAWm7JN5uC}(;_D-(bjdyqpPE)p&mR`jwuE4eC z)IbCVE~^?As&4`**iLAIU50`NKS0NiPNI5E<(!}kBmLaj7(QxhIhxb0ykXVZE@GlJ zbt-Xm*1Xv==E}4>)!ZyyOq-j4AG^(`I%}$1YSy4fZsHUQ{)e7i=H_hSjtnV{ADC*) zY`R}3Y4>3ouAO6(X@e%Rw1Me0l zTA!$AI^w_;(Cl?Q(^1+DE9Sm{^GAapR);iAAZ>1GrasPs=wjUE1_I@h)m%>Uno>hj zLzvun;I*sP#kK{QO|*B|_$$v$?7qOsAoI=}@7n1dxB`2eKN4p~$A&ey6bWW@bhew{ zMwQy@n`>rRtow}aw(`gRe&WmQjA6#E1}}rb%kW_(@o^Tn+4yJ$a$j$(?(WG9pMNA6 zT=;z-K1|Pecs>*yZ1+{)3heuvI>ZtLQs%=-Zn@$ei(_<<-r}8vIR1H1pE?*scOFYU znc>&sJou!G=fN`Td2E18edhLZ5IpM15S>0g$JBFT_~ZD@r(id=-v!uLnTHNJDhN)) zFZ1P-OU?Hx$i6=Qw;tEr(oK(DjsRcZRnXUncebeyk4c=q8zE~Nh{4-?<3%GqDeu^i zJ(=;YpN?0Tyo4(L0LT1%leKu42KtyU9`(9>AAziCAO;_p5d>uv?54+lg?(S&7wV1w zQQt6ojDGbzKAHw%a0c{wW^u=!!7*Ro9niNJVbq7GpRRoWf$Z!1D)cSMVwZo~H25*w zsvvj(67`kh!@O9&K~P4075H#_2EsKw0lV=SKYY^c$NS_$^N1on-dIG+*FgM!3-RW8 z`_#cr){HTteE%8o*j{wgcvB$wc6k8j!E*CF@JP&^2RTlfhB{ta*xjG?*lY;CzQ>`D zeouYcS5QCKQPQ>xF_^L_2o|Xl?5oIM&-_6%D(xu*5<#;YKFo{eWLxp|9d!iOX+oH8 zs!#Xz*AE{Eei_Tejb+{y_+{heY|R(zVP@L?p=tZe)Amod`|Oj+8{3q2{L5+kH>U0X zGHu`Ifw}u5X*4kJ$_!Hl-gRr5Rf!w#wH=k_{xK&Iz`M_x>)mDVZ0@M6(qP=lv(tW^ zk@>TX?(>g6;k)d8iavw3%yp1GcU`}cZK2-`EG|)lZ8Sb18z?qD9u4`0tqdRYW{>HQ z$Z6s>2OrAJ^FS-Je_3W_w((P~%p@3sBtH8_%0)I``U~|if67I+3>@DX&SFq5vgJW{ zBH?BDrChWJzU&q;n}T2+Y!MDM2HEJzoM&kGWuAPkC-ZeGjq?LfzTcBM-_bZvdGgDi z{BKW|@z0j044ti}E%)RkI!g^7+mmnhe9=tx z5BKCfJo&4he5WV>)RUj^@Wb6@ zWbE+VUa7v~4Nv~BCzHFb{mE!gp5)0@p8T*U|H+eI_T;>YDV-xcc~4I+_vA&Me5@y* z?8#l8e6A;7=*ic4^6j4dZf7=~H92L^&7SB(<e1+d+<-@%AM?hvdd0+V?FMgvJ zhs-9%;XUS0cyTWD;#};-`KA}=HZRVdHV*Gk-{-}7#EbL1C%;WO-<(U~)YLi7_T&#z zw)Z(#d2+iaZ}Q}CdGhZ)nYpM96P`?yX*jb{nfKCF<}G!V;qp#~dMEGa$-Hl`@elRn zC7yhoColEnRi4aeII8CiPww*MGd+2uC(Cnk>oZ^S!sQ;d4d3jA%ROove!CYg_p5FA zkG${)Jo!OSe#VoZ^W;}N`E^fz%ah;nWO;6D^WBa2w5>eOljXj*4WH(P`&^*~UicxN ze2gdi{GgM)@Y6h*|8J~i*x<<#pHnf=dHE3}H0_*GFh4yE=NEyOW`SJM5N~$Ph#(9A;>b+2bukU=>9oep*(&0g)Qgli>;QsP-4n)Cv<>`C@Rc(1XXV9q( zPv_IfPI)?X4CU$27nG-S8q_OKhicseh$96j)K-p|wOfv58*j%VfRoP}Y-@^nVw zytkUCGaeZ!Pv=GGc03(g*zt6xprtyV4ky5lr$gg!U!Kl7c(d|!jz{SoPe)3uJRK>q z@^qxc%F~e&Z&#kqpV2avr?Ur~((!bp#LCl=5-U$fN~}B`De(^G>CmAaPiG_Ar{n3I zg1$XBPvDD=i&opV?#z4CM<3+3rZ7Ru9+EF4egS@x~zJRQj*gQp`Zm8T;rm8T;r z9ZzRC3z*K+5tSJ{9Z{(~9Z{(~9Z~6cI{VO>P8qZhn!=dZ3RmQx4PmTNnau~QK>u~QR#R(^%%4YTk;<=rTmCca7-yP zcsim|c{-v}c{-xf@pNX;12T9zlG^fg_->c-bY5atVRTr=TRok;OR(KmZu|GS)Pt$WqCT1mF4M3R+gtDSy`TrWTiZv+i9o_o{nT? zc{-An<>^RPmZu|GS)Pt$WqCT1mF4M3R?5@)EPIj+o{nUtJRLE=@^r-fxp_Ln=rtKU z9Z{z|9Z{z|9Z{F!>HLd+oWawPcsh+tmBG`w494j*PiJq~Itx$d3fM6VPiF+0 zzvJobfp(tB)A=%sxwSl;ogQxRJRIKCa zjN;B-;cVRhN+f^99p&l#1Rk87r?VV2?|3?wvT*Mep3diaGM1-v2#v8k_Bt$+pZI_H z9)2l?Q!Z*bRK9q_!Q7*m#4vj=g3BKkJRxcJp?DoewbGSv=lz79{#C3oo}F5usof=)2f!I!-`Oz z&NtB)JD$$%NW0y5I)B7at2`ZIy&X?Sil;oC{cv)Qr^6>4JAkLdSwM=Xa~70i;&Cb)2+_x!DN9@ygo{mKCCr_sd4w8eXGmLeR z;^{m@pU>dwNS=M?=}7c`@^qw#*?Brr#1v0wCfl6l>HLhoVR<@tqUhOqI#P!N!P6Ov z4q16R7l^}V(KRIzOa0D^KS-3^}=ZItv&zou`vzGyh5K0K6F)B;Upq!|`+mv+KVv zb`1{fmHZ+*KIQ35gB$1O>D-Ab%;f3FsrACsd5PI)@^mDr<>@S;-}J)M5j6wK)9Iw; zl&90e(MWkZ-=*(n<>|aiGbm4|glDEaohNAWZNt;K4f9FI(^?&Flk1(Q(?Nse;OSK1DmBH^IgvJTJe^HU=Xg5H8PoA}-k`x8 zPvDAXmtIe0poST~NR zvy%Bap3Y1Tua2iPhG*n>I*WM@Ie0pS)Z%zLzhU!rJe|L@{W_k`C?0b>odHG%0MvABNUwXXb>0HSi98c#E*0kg4Os8i$ zp3bir)A4jZ$s8O{=T=(D@pR5*Ovls7r%uPy*^3_HcskNyI-ZX7n2x8zcTQ3~oxSLv zj;Hfeo`d7*6tMmrPlxZDqG-)~NXfB0=6E_&I3aR8okp6@@pRsh z>X#hA(^cYSb3S7_p3Z9S<>2XjiN_pI=U%#o+xztVVjr(~(Ow z<>@>|&C1gm#ZoIz=VRR2iFrCQmMc$3Y@$3Ju}Lo#n@uafwbYv1> zc{(x$P@c{ZG{4?>I`Xnlcb?84*)+27bQl%khNm-)jk!0T&X1X*7oLu2Rh|x!TfOjf z=z$(jhd!8-rxQaBL_8gV;#BZO&H?4=oQi%@c{*>v(8|+UDE*7i(|MSV+dEI^yY#z$ z@O18BM}2CZAbL>G!^26%B}MV#-HVrv8XgWCg@Y4=qM`#4go0WT17IQymz0okk~cnB zQZf^z9W)g2aOa#qOK<>mBmNYQ4C2N66_M70XC@_Kytt@{yG&aw=skV(4>qzZS3 zV7CBK?QZdI;gm5zh~2oIPXSjH;PfKfJlC zu0ELA*t({ECg3*B^)nZ?*I}*Z)|psGzHVJjJAymf=2gv|Tid!u#hIP0t<4>oN;7g% z{TVBgHAFm}U4*BTYt4RofL%G*EKMh*7exn{1*|0qE6K?!zMbt|9i7!REwzoU?LoKo zt}PV;JcHWKU=3Fq=E8JBJZW!Q3nl>JG;(zA?4SwZfXM8 zT^*HnvD$=%X`h7ZtI(~iZ;JL}s)kZA1ctZQA@!Zq{Pc3-R+$cqfh2v?6LmZq@= zoDn4qfPaJ9UeDBI+*Ho0m{Z-})e>-xXI)6$bB$DKz@uu{RiLXSxZCoFT)%!+71pl@ zQDb0OJJt>!=b^5CRSlRrvKTm)#5R1Th{m&8mh^TDeS6pdfU8*BSm_>%rFYb5heA+P z>zbgcLHdHaHVd8b2`C<~qP7_WpY;Q}lq^Qx+QO#KP_E2w)*<)SW=A*{!vyJM6}+36 zmBy}?)r`%;W$+*x>uXnYx&4Mt>6tucggXK243=W%Lo=w=F<{6^u#1i9LFtr z>I}__v4-A7VLK5}$02GIK%fu<_9t1eIXcj#*1>I{6GlKCkmRaKmh-G3m=Jctf@$Og zuNI7LSj+1i+1W|&9szX(oGHCk1k{-eq)khGgRtj3T#y+`=t4R&8zf;%1k`EHGE)Y| zQKmQ;`aWFmu!;ne@d`;0lHzZeR#nUO685~wP1?kT8FXvX)j^#hf7Z*q+Rn%Tr39gk zSRxs=p)zg2mkFD!04^~Rf&GESNcxB^axGOy1k{OuIumij4-XgJCa@gr@%45*4RpK{ z-1K*w#MxS)PD8LIKpmvo^?*8MusrJskAP&Gjc?YQZg@l~8(*GNnE??`N6Zpjgdg9> zAE#~1A^BFDU4T86c_8BHhxn{DHS0OLeluuZa}x5nYMpu+Wzvi{nPC}$Np`?)8Vs=?aI^9`v`i6VVm%D zn^gbs65w`5Aft8J^6S~KFO0$^W=!9 z17l!|csj-oWAQGM`q>p6$us@Z_64`G=nTfG0oU$9|giJRM_)h^J%h5b<=39U`8N;l1BC1^29YgBM%G(=m2ff*)m|9OubPJ$aQU z^BIoDKf{x|Jo!vd-ss8loE-NMxkWr3V~0cVuu|=Lj3*!O$q`Qn&&*-2_b^Xq-+BGw z>CCAx@lP9k&Y?#g7KU&ZyM@82?!5p8U3xIS@PLc&^zeyPS+Ivly?u?i=kCJSPg;2Y z(@#9~%h-$e{QIU?5*2?hLq2y0!OAD|+P@yJ41)4x`|`comrqERngcaK@bHsK99X$# zzZDD1lTG2i!;daLVCc##%G$4Bv5*)?_j-RnV_(Lz;^X5$> z?pZM8wcxr3%(J&#Or3LZ0tr62D_)S`BfpK|XJQw`6L|U%d^T}mUhr2ud^7LbBtm&V zBE;KfuOOzrbb*Li>15EcSgHU_omaR*N-VDcqXU>aA3|V?sq-{r7Uca85`(F;C$xg8 z^M1t4!qgc9J;K!4AA)1*T!ythe5THu=mafOrwz{;GnqQ?Kzk-r=Rv4Zrp|%ndz0O^Eh|jyG)(Gz)u`g=eMXv$JBWmc6Ll1S%YB9nL2rN z8q3tV2!7aKrp}2dSg%Z-i%`{;sq-m1m0{|94B07DhmN649r}VYbv8i#&cM{k!}1|L zF?EjPY4yO=c?HL_GIhGps4P?G-*{@j)l8lJkdZQVo`!D6)S-nPQ)e==a!j2+bLVT} zVl>KvB#pm)nL2CX&C1kSjnX@&j+9uLI#Oa~>PU%|sUs!cu1uYK(3xgs>PU%|sUsy; zrjC?YnL1M99n93BLp!F<*=V1RsdF;=_S{UJ@1Q|uFm*(kGId0mGIc~*&rBUjtV|tA ztV|tA?3g+m>6z(F9Z9TA9Z9TA9ZBq%I)iyq=}a9-tV|tAtV|tA?3g-SR5F99BZ-x% zBZ-x%BZ(bTXRR1Iz8Ri9`pv>K6GLIZq$F0RjwIe_nL3i#F?HrL=X9oyBvz)5Bvz)5 zBz8=lvFO?}m^zYJnL3hKnL3i#F?Hs!o->#_l3JNMl3JNMk~$|-=SH^i45p4~Q>Kn+ zQ>Kn+b4;B}Fi>PNbtJVibtJVibtJW8>YPmHPG{F?F6{ z-s65tSKC9Z{)F9Z{)F9Z~6+I;UXJ%3$h<$_%ECs8pto zs8ptosB}!7>GXgMrjDexOr6&-omZyLU)fbyrp~`GCMr{hR}0G2xsRi)W$Nrj-&Us1 zBTSsZ)RC+#Q%AD0OdZL}GIb;?%hZvqEK^6avP>PxN|`!0&`=pn9m&cvbtEgx)RC+# zQ%AD0OdZL}GIb;?%hZvql&SL>_9Pih9mz_WI%0lh>WKMsGj)d2YciNRqE4AQqE4AQ zqAtbMd6a&f!PJrD%G8nM%G8nMDW=W@R#661N0KX3N0KX3N0O(QI$vk*8B85X-V0Ob z)2y%zrjDevOr3*h7|YZ#u4kD#E$m<{QzyxuVOrr#&X^N(@ICxycP9AKX$<+A@T2D_*od%}LVCq~7GVe0%3tdxbR^Di`Q$JF6% ziJgV1^AZ}~&cf6g2fs@(b-s&|WiWNFM8!I$P6cO6oREgMtkW60exb$9`m zovHH-r`;EZ4`Z#vg5=L}YsE2jz6qa;m^v`aSlDKCL2^UlYWzz=QmRmyI-6-D$JF79 z)XLPk8oh#L>O4fNTBZ&wLYX>OqAzw#olB5*yD@d{#wDXNb#9?c#wLds;(s8LQaokq z?2D6gOr41=-v`1M5vw35z6w7>_$Ea7GlZe? zwUDFmVt(PQ*?Q2aQC5I15NIbaLzy}&;ke4wITcgQ>`WcrQrH$u zom*%d%hdTe>NGo3M{?h$OdYXL-d2bcmZ@_ceZw+!?m*GAGj*g62ZE_H1Rb(6bv`2wn~kX>+3i54 zj+nn^rjA4zD5g$1J3-6TnaIwuSEi0wXaJcy=fa7zGj$}V9m3QR6Zem)vzgx9H>S>B zjGE5WnZ#zUOr4R^=3~>*JC`N@hHuBz`2ssWW$Nq=H|{S}M^3F5rcQ#{XEJppsb%W$ zKcaeL>WG>FW$G-a<&>#&6h|Xv>fAx!?VYJpgt?nz>b$|z+%`;|TQHw=Oq~|?%UPK^ zAL98aQ)dKgQ<*wfb4QsvNAl!)XX<=_2FbzHsl-)kE~d^(rgKc4WsK>VIz_Zm4yH~E zPtq}U-k=u8)VYd9&cW2FV7eSko%?v+j;ZqpmSwA%IxkRX4yMj!tQ*JFsbPMOsk4~F zt7GcC#kz7#ox^wzIhZ;H)Z&;rcXHfMvkd-1#@sro%w7Uj;T}3 zvvo|J2N=^abU2z+mdyc6i9cB)u&I`2J3-NO>1${7C z!dDMcOr1Z`BOOy`JnJt9Q|D=(Lk_0S?##h4bzWi)+morYg2m2c>U^E0npxB_J_yG5 zz|?tMTtk^UU*Ksvrp{;S434S8dQUNRj^Q!K)S1KyQ4Xfgqf-6K)H$3L?wC5?W`#SZ z&gqQlm^w#uF9%a+J&!r2&L8P+j;ZqoOO}JFb0;guF?9&cNHKNZrX{j4b!3=Srp_m* zT$wu3tdyxEttu;1XCaManL4KO_Zr4Hp#}+DPX-T zQ|ECRpDa`7M0QS&sdG4MHl3*>`6*LJ@>8acWHx{Q|AO4+A?+K)7!U_snf`l z%EHu&I0LQe5Q^NI(uj86wq5%7BlCetnQ%)jmH<~O+$qQ zznGGI2`Bz9ymdC`F4!sd?Fg)6U_PT9`A7IXqb-9+cE*e{Kpxo{nE11KWmf~Jfq6D1S!9Bv4`4|e1z zfkBgIga?f=5Thw$hKC~tEg1dfMS>!lY}0@q6vJvwxPVpG5qGD~PVJ(N?!8A?S#o^1 zY}AUPlO)G!c|oP5+lRt9lyN!*G&RO#MjCU5M1cFw^o}5Y#V5}Vfo!T25>w@;&JBau z=+7@gUR8Pk&B2xe?4yIm%pZdnjos=A%;_Ek_vN-bK4EY?f7raj;AH-+#fN~H z#>*+mTfV{H!{aZv9ENJy*t_;451ugInZ}0Mtlel9-FSR2 ze9#*QY?1(&nt?*#G&k*x zz@1f9wGnV9J8)-E5GG>r+lmU~5W@H`Iz@=be^yX9S`J+r78c5(>(>?{ay%?72*N_n zlES*SYOH8nyE>4ije^Q}C{!e9)pd`-9B8Zuo&-pd^d-?f zmWe_R7)4f|H*2NaHIY{~L9s`qXzU>6WL0xb12`%*Yr&*gg>~pV8tdzniV6jTpfMQ3#zGP3Il3h}7DrJ=gDqnc}GSJ$<+)CU0BG}UgXUfWr- zvbmn_fYr9!x>h2PWej9_eJ+S?56Qac5rU^}b!|tbS-ZT6C?Hx#$UiB|No_}fogE9< z;S%s2W|?>;XP^bKwzwi?gx=9H!UyA6RSe+kr)?X|4t{vR&u- zP=Kiy>v&D&9H|a;ubn}SKp?5!W79e99;1dmwTy8xt*foZgwD)3S-YI$qxY~~JA0VG zbqP@I4U=|0XdSSoxuKQhvu-raK%sa380v}y6k}_L%p}u>00G(w_b`I&z@$1~XRqv# zqiC+}K_hC6E+upA?zJQMnx>Y9=6W~_ox|6^4eME zY|blXJ4b8*EtEt+8eh6r=~uOFqw7qKtMKN^3Le2_UWN3PK~w9R);f0$<>6tq4@Dc% zmc(9K*|Ja~*A8+`A#@~#!NE;X48NiYLUN-Dd7*0!^)%HKb>Q#rIDWI%^Dz@RFTPx{ znkzkC+ ziRMRsd0$O8f$Lz0x8itvPjAT;XaxL9oUH@!@JgZo03J!T%K>=GU~*OwAANC~jgM9z z_x1iOZ%nJq@a7}&!SDON6xKU5aJN9EwX1woA4}z<_gev|3$NYTf*9O7)(8ql7EYaor2xLtIG5Fw&ASk0? zH$C<%?ECtDQg8f^`tVYT)Au}NO#?CbF!U{;U^hMX4EB9}FF@aVgi#+JQ9FJAfvjmD z2H%Cg4`s2-KW!Su;da`pAb1wP)K`iR^P=Amf->r>z=zvzSZn4RJOR7$7(eO!o$oC) zPcqWujYZ^q4aDys5O1EhPhH&7`8&HUGVR42O`T&pf9H?}Q*NFIo}9V!*cXabH+Ad* zeZD{IvDpxOJ0Ayqj7NRiSI{neV61HyVsH}lEm9@eSCPM-`GZUG(D^9@?uqc-@L^sw zC)eGGw^}{3n4j$op+d%Ml4)gS}o=!~LUv2l|9;b(Nf8oQb#wUI|4uot*p{u%oZh5&fAe* zF}4uEPv_FXWJ3+7!Hc}o6=NT$r=E>K3@-3eH z15du+lOOfur#$&(PyV+j%lL-}pxnyP*=iZeJvoUEUc<+D@?=k*<;m@ye6}aw?8y;- z$JjjL?-)BAh)I+B*pZ%mk|(!#@<%-Rd{6$8Cx6S6@9^Y%J^2w&e!-I?{*I}ah`(d( z5b<}69U}gYu|ve)F?NXfJH`$Xf5+G%;_nzcMEo6Nhlsyp>=5yHj2$BWj!{CJM4`7op6XL+euS!uZ9mRu{Bc0|9x?5hD=U6?=gSEi*unD=VC9; zH@!Hwd2#NvaaKal&cNS!YHI4<6wg!7m-n(&ra4sR?NpU{FI{EcQdfDRCqump-_Mf| z^yEW5S)RdLn;++e^BKA7$Ky^X^PaqhpW(?}o_wY!Z}en&PHyx1k{2%bsBQRWFI?_X z+wj}HaJgS?!++$3Kj6s^dh#=#{G2Dh;>oXj@>`z#jwj1=Tbu80yr*sDah@#qy>0k3 zFMNh4FYx4DjlWao+0*yi3NL)NC;!Z|)kBa+Sld2kW$ymL%K4E0Y-K)k-j=)`J_oDB zGYFQ4ZEHU(FNA!smDzV4W#yHSkGFCob@47>5fvCXWk ztlT%^_;lm=>~ptyJ~?0hopX2i^oX>K6_D7DE<8uPujmZ1JVw9`! zIcU%1_*?=t%JG?0j3Qc&&#NqM7~YJOiR5eWKF9GXgSW=_2-l-=C5P~p%=q;1tJoQq z{3_Ec$LELKdGB(3WL=NtiMwE*jmgcZM#u5F4R&@MpTDBY;#egUDGC(qwrS9!-{N4=UMN_v9G{EP-B^y#GCGyv__QKB z<@nGsl;cBRP>#O32LH>=D z4k_B5r_}?;hY#_xa(rsgs4U0lDV+CKbA0lUk#c-~3Eht4Lkl~O&k$tgI6gn;j&gix z{O!x}IRf6S9G|%;z2o>uiIw9cC034)lvp`FQsV8(@%b4#Q|0&&v{qX9R>)U5lTu>k z_(+MB<0BSei#;TqZ0j%9P_H z%9P_H%6jJbNMhyqNMhyqNMgtFX+TGp!SRvA%JGrJ%JGrJj^pziyv3Kn@sY&J@sY&J z@sY%i+ zpZUx=o#P{kmE$9cmE$9c9mj_+C1h}XB(ZXQB(ZXQB(dZ8@Rh4fj*p~Pj*p~Pj*q0y z$?@65Hhx;(7ol_nmMv(^+YMGRCRC1(Xj6`lXmcE&^WbBd93Lr*a(pDUa(pDU|4`0K9WTS$468u$468u$468;j?X`7|04%I zj&hE9t#HMleb6e$ipmU*kEm3RkEm3RkEnDUpP_W7bdHZvna=SsDlNyysI(j(qcVRn z2Eu;?rRQ_BNay&7$_$Q=s8o)Rs8o)RsB|2kB^b0aI6k5>gX1GAmE$8SmE$8S9ml7f z9+1KDk>U_|&5H zIF8T7DB0j^sb;t7gKzm5Jguk-jVP1j^D*=_edhRZ9s4XCpN}J(E#vrngvBfkuSWUu z6W_wO(32j4FjT&H(cnp+##E{S%#W-9G{IW+}FZK zaAb5aoK_Z?1`DQ03|c)uF%~g~Q=~@mRXx5RkMIry)f*e9Rg|1&eqyPrxWq+FRjZA2 zmMUY3jIvamY?4j48PQ9-crurTx52`tQ)!HW;rJYm+S*PWpAtB4@;Ul(Fp~fCnS7-S z|K5}c3ft*5f4dkvyA>q=`4oPOc)6RE<8uLOv9BDTt9WUV7v2hm$)NNBR1fw<~cgOMJ1(@Ub@QOeAiSYY~l}KI>pK~0a2YF<3_zI3BlV`){9LHxhHQyPQ z;GYRflT*0!aJU3Jql4maA@)%D`aErrpSTGD`H9={T`*b1OYmJxQjm#uvx)X2hB7M? z>Kp}WALpU}>LCRD9rEzSNXG(5d;}&S4==|TKSSs7>tKB0$SnL6&_4Nz11XvkF@1hw z3(r{p>lk>XrrtgpEmUHmgDmnt!g6pQ91RD_!SVSA52ZLh zm(b@kI6jhR-#I=Ky`LN(DPnexj}$S*@!`YlnC19zCN9;-T!a=Mt zb`yW)kw|O+IX*|DBgxM3k-FF+93L@p|2RJ9)0>s!a{-2&*bOm4Oc$7O?daXzI9Dos zqI8bWYnW9yj?dHF`Dr$ePc=I}<@mhKod;r9LHA^n&8?cv%%Jo#RAKCwv6B$A`@C3e zpZHsl#>%Pn!twbvv(M!CNK(u35&qMxIAL$&u(nbVn;l<_r?ca*vPTe`6Mte1vJy1| z%JDgXMpll`@f?km<8wKEH!H{I5t`xOv1{PFrOE$CcmIzVc4YD{cAwjZ@CPEX=FOb@tMzFxn`&eUr z;`qGI9JVLNX9C@>XO7Q4sN?gCW49)+*((T!)VDMQu{)B-jYk76`JuRma(q6*({vo4 zE>>I)j?Ww(a~z+^xI#^FeE5n^?2pM66N2E|LrT6!oqtk}&j?ny*O702qLpF;syRRL z7YR5B0dlX1ij9IzNUFDzHu5m7!K}>T#XKx=3LkPDAF0r+9G}aXd`ED6#8{T&Glhn>9G?mF_O0ajEagdM;rPfT zz;b+K3ZNXH*W-BmrWcNnyzJAR<8uw0Mi!0_qdJaHF&lGl9G`1B^!38=5v|JcNuurc z!ttR8dK@46U`~$DZ_xXNJR3IgcUe7VJ7@p+a0)nAU!)hI>m)QIB~aePSm z!F6oJ@j+*n0J|pQ_?XobBaTl^dGq?pin-+ZtSgx%%fQPoJ*mvZC^#m zOl|vyw$9-2W0sX2Y}O4fD__&x+R{*q_0T&Yx3rdXIs5Vszz>>QTgsbJ%=Q`{YA7o| zwyLar)vB%*bI3-)p;g2xXcF#2%jsQf+RBA>(}AUxO}1RUFSRhAE^Rze93NjAh;)YMWBU`!_#+h0}F)eI*`Yv5h^h~|^-#jGw5Nr1*gU{puYBnxEf zI_CsUwXO-83^}Gw$pLoRdah=U=O1o4@!IBktbcE6g9r^->AcmDED)Mn zf`_sS6$da%ZDUu19Vp|@e> z{|L!LfZfc-);0Ar(HxuWXA(uX5+a&KkOIY_lf_?Eh4ks`*$Fq%g8bJ$I4E1z`gwC( znzFSm&vP@DtyL!nI8!DCR+q)!D6K#V3Cy-*bxV`MnV|Me+t@XcJdP#9iBH7lX_x-n z_ypZifn^R=(;J&77lM%&O7OD?*Hb6$O^09M)eu31YX=O*jWx68%?5bo!}U7Zv!gzG z4UB(oG~+zKJBY=}TUc!Gd?rd-vZ8=jH7Z9qUi4O;~AL8@I1 zswqZ~pXE?t2TVW4;e_`J^K7T~Kc{UAysDoQN$7kfC?!BqT z+ft6t`=HPFXVtf*9G?$D-#~MGUNxqWZ!Mn}lo1|reBOf`A6}zvUye_My|&Q#-L~NP za0ZTx7URtk$H&-#ZyIyVVE0Oy|7gKaXs40>x@Uazi2p{zZ9G0IPqi}NQJQ6CyhJ1O zpb)Pxal<=VjtPSQ{&X_AVj*6M;)XZ(16`Mr`a`@M#f|zk&P-39>&XXr@{yi=yeD%# zIMs8SC$ID5jh@VThQ^OLJ}?Hhf8$a^ZIXuyS9!Q6@8QW`_2fG}`KO-zgeSk@$!~k| zA~>n$b&Mx}$dmaZp~mU*SU) z@b7x^wPuhlt~2>=1E$j2$A5kFi6<@iBIYI6j6m zA8~w)KOBl5Wr8g6@rw<1=So#XO0B+Te2zJ?gM9Og%XdgHzr6 z1=QV$XZ8V}Yp`zkWUDOLL!_R*M%?pY;Y}wkynpi(pZ{g-4~Z8)`br!b+>Oro$-MTj z$1AZ8X0mIp*&nz)FYtfoV|l;haxby`{Sep-x2F&f7_)GD zN})%%J#!)Sh1;_TIc9QuehlqBb9?r{vq|OlJkR1PwK?KuO_$$RGZ&@q(TLtoexxjp|t&#~>eJ+!dn_WTtdZqH(t<(}{z^nateaeJi1%I%R7E4N2VtlSR9x1VM zd!)oW6SqguCillak8voGoPoZ5Yq&k4Ou0RxtRLJSNvzx+N$j{iTsEy|ZjU5ZZjU5( z+@2@#Ah>64k0e%Zk0kB~w?`5yw?`5?ZqH)o+#|O~5^uEJ9!cB}ZjU5ZZjU5(+@624 z#b1=zozsUm3ol805`tmnD7QxvE4N1y_lMgfsg>I!sdI9B&Se|#ncE}Ul-ncP`ory! z)XMFV)Q;P;KL(!+ZqMngmHu&iBn##CNEVLUa}O<@&h3#bdgk_sO6B&5O2_RP&H|=$ zdqic=+#XS>+#XTcGq=a6?2+4JR9bG2QK{UXb2xOQb9+Q(&)gnSsoWk>*)z9CRQAm6 z5tYjA5tWYHQ$!EwGq>ma?Em_~?fD1eE4Sxr?(~`4BU$x>+apIb(+vQlo( zYE0F8;r596mD?lc&&}<5guOw}+#XS<+#XTaFK&+{S8k6aPjP$x$(GeKw?~pIw?~q1 zA8yYcY);v@Jx8;Hc^7hf9)qp>&+XY4jVP1b^I;fgYq>pV!H(}HZqLur@OBn%PaJib z;`V$MB^!8d4;fhzx93RQTr&8qNno-FJ_~nc${-g!F`PGO_Mu3~Qt3f(=pD`NISvKs zE4Sz4aGQbU_N+wij@!cvu>Nv;&VIET`l4JkGLgHMi%x)R}|Z)5^MW+@6D&Uk+~1zgSm}+cSyh zkb~Rv0Q1Yi?fD5SIS04rG9Gi>o|Bk^9{@3bcP(<9sxW#ZVze9xwt*QrcTH08N&+C!R@JMOvmk6%)K1ko(>+% z!R>j4rS22A=TutGaeJPmC9-gPWSCTLPaTyjw?~?la(kpzW##si(KwddLzp1JIt`oZmy{FK`x`E6fr&-dU%j@u&@y7O{- zCehHA+p{~peLHY_WD3w9ZjZd|)1BM%JvNOj+#W`C+@34wI6(58KRE~{)ON1t&QB&m z#xjGk7ZVFH+D()MisXqyt3mScm9_BFw*k$WTw9B z$Lb*5lRe)i>`i?H9a}hl$W*)^#<$-Ll7|ada0~Yyr%0Zwu`5U(3Ta55=_jJ_OArpH z3c~%Hkf!`22%6D`uf()EeE$?jX1;|2YP8r(iSj)er&Qt;;QM*R!J45JbPj5blrh7@5rY(R%y_a*LxK)gW13=9+1;tLjS}wS<X^7o`E$C&J%v9ScWD;A%NSQ9EOQaqz4TZz_9T6ZkO&M#{N@Brx(SwHJTg5~0EpK#l-!5w$V1?~&%X}|v zuLD}4b!KBtd)>O4cC7y0(KfGY?%dkeH7d^RY;A4sn7O{QzNKU5N7}SkaTPF}vR%BK zn2#BaG_MA5rCJlx(OC!P17r+|kb#(hj4E(3*VNQ@PfN5x_Yf?5+&w^G0o{YJj(_)n z`ZTrc=Tz)#Vqkn0Pl)ds#tRDbf-t_mFoy4-a4^0LC?{g^2MY=ZK?vjDStmj){&N#K zER0L|ZR;q+^9u{G8;{>tP&i5wUK$n_N`!B(r4W~0UIB+;U0XFk8nvr~Gq|j;S*5qB zrKMij42`fvbzS?)2DgH9E0$?C%Z=C8HP%1x7JT z1?v*bZV6`($I#e8X2`1Mnud-5yciH3R$=Abj>h^rWlWf5-Xdtt`pzJN*3`AGYpI6U zt)+LdEmaGoBUn?jzIs)AO@l5}ZPy~l%GFrET9zZH6IK%>gSExiGj#;50h%Qf=b+20 z%ew8Ei?_pYY{q82@A?)?g<%&F)U>rVH`UgV;8aaSf#Ra7*Q6Hdx10yB1AszXS!QW= zfGAwggJWdSq%AIP;Sj9DH1raKB4~{`dIYV37dF*Nf6!qDB(yor**4~0qQ%1Xb8Cfya!YZY0ZLRH{L>G0n zuLbo0db&BhR9CH`sqkQG%&a!Z6||lRTC)Yvn(TZJGi%%;pp7yQB6bZKZIyEY#cFGB z?QE?D?!yv2WNeV$J*aJJYpjQ_cLC-XM97+IHyox$!+s-c90G_HFn2a8phmEWX#<}d zm(BRdu^?dIBut9B))v8ipcB%yjFnY^wh`0bOCI+J6yRv z!jwl=Ye(naAZ#}8ybbt_28uv77!iT-TGQ6-4MJ&CrRwenLm1?G@VH^`iLMn4aeVy57RRq9=!wy+kMry6#M?hxZHTp zm$E!0!*8y5$Kn{>qqle`ArAHV`Ko&%*qsOS(Q{(>dYs4S@XPaHT0M^qkf~2@65{th zPlo7pTm)IqiQy06GoOOpG_MP=uQCr69GS8opUi2#S3&mm6=3H}Q<=hSdW?71eSMA4 zH+`fz4?KZz`fh}*X{h0U_6~v@^`yLGKlWtCJ7zi_V|WQw`~i;n`F^1Ww!uN#56?wi zzK=lGG!TQc%7dVcg5C7kudwgyJGnNH+wauJ2Xs6}zj_`YO#?Bw4Ej8?xMR=Yn6Gam z^esjh^^LH{sP8}c`1|;P-KdLOI+Nz<1*W~oL40YvbSBODb;hnd4?gzL^Vk;&G!1pU zxS+c~>#=ku%@?4LeouYcSJ2MG@rmQ3+oXj-pO`d_hX=uf$c&F;$bew^Xil~jU*9}* zB!5JhZdyLw*Iz$8V$y6qlV-LW7Qd{QL(}%zA9G_LJOVvyhwPaz#{WdxzI$4Ta324D z+VQ}<*1;W3a~~m%K|_pl)2vG1s+-nwO3QJ+8{8ZLxD2VR(qLS@NTlr7V%?_+TS%PY z)st1^&8X7}=;mbm&75Jw#m0Up94n%E8q5ZWjgLD+eqm!fDy3nuk&8l^Z3@jtMC!5a1CqLlHPk8cko_sncysBrNCvWoPD?Ryk zPyUG~Kjg`O^5lPbGW#~otJssrd2*#EM{F5W*AZLB*kLekEvWzO>B)0EnQQfFoMS!t z6i;sVV~9z@57#ao+p37lfUlCcY5+4Jo)dQ z{EjCV@daeO!pd#5Cr|X`lRWuBPkzpm|L)0y_>QyHInI--Jb8&HpXSNyJUL>^n0krW zGR6)OTgKQSV#^piL~I#jhlnj>>=3bKj2$AjjIl$+mN9mS*fPcr?{>D#nUhoV>Q8#| zg_LnGhTFxEm6d%B!}$OY+qb>=-|@n~=Y`+vg+JoSk9%>RrHp$k++Lw<^L?E%t}A4l zlFGNxlgCrG@h3rMIeE|cATQ2hFV0b3oLVnVix;Qe#^L?uk9u)F8K^|x2 zD#(+p%(gkh%4}b=t^6U#^Q>G4nOjIB*-hnK=gxBIxr=Y-n}lGY%&qJn3uR7KA6Y1$ zTZBCDuy?j(HBc-RAWaMmWziMRlxxu+(I4?`cqm81BOk?w4yYS=DC5x)frs)#blWK&N;v{E zcqku7;#ficBxsE#@^bJ{UP76LhcW~Tx15La5W32qc__nhuSt0*|6p;Ihw^)rpbtEh zO-!#mly7op7vZ7Yg=&nSm{^Fmdw#MT59K$gvaR5uJVqmKYaYtk=wf>2q0ljuheBW2 z*?1@~!~Xf#FF`jHj65>Pzu{4|{=~@TLH>=D4k_9l9bx`WT*!7)P{`Rp{w<$Fr zjxK|TB8k5q_fDf9JQPWMbKEO-KX@pT_(yTC*!|$4NaC{-Ua|YZLy^Q6B)np0=b^mJ z7N5>Tk;KYFk$UeB4@FXcD9h7+v$1UiS&nuBB?)|=T$&<9?D`m_c?jvaY-=d zwZb`rx*&`dz(%h;6v<-NAn$au^H6T3rTfN15tWAw^3Hjyc_^ZC`5?~_Tg^i;D)YS) z|6o=gN(V=azVT2*WkbGq;#LCR@$FZ+rU@j~!*o;1C z>^9(`NLITS@Z3#S;|kbsnydzvhay?+T|k?dtfm!kZep_9QXa~BOw}`aD3aCjVnEw* z_mPM4G-n?fJQPt^BSy07`o%+$p!~!fd=I}F+E+j@3#>{H$#`b}F5NE*b{jVM@;9(MvLzV2c@t9<4I~ex1;*K09!eXE z_io~$Jcfq1bMjEWfs$=059KHD;G+5AG5D{5pvFh+u?3I@DNNe~$ zJZ>75n}@<%3fr28aw6(9I}b&2-=;hivClmrXG!Dm&(A^ZN8vu4U*Z3&u|{>snN%=h zUM%*#@M`>5liZMq-4&k0XLLh4>d(Lu=iyzD3x=$$4PrkDixFv98J3L+V)ur>#ZA?( zge6B~njHIS$eGW$SXtBBAojD6lccg($v=4LzL2w^iday3C9WVdc_>oEKZY^|lp_8q zyc-i;Q^co2E*dUHd^}u?yZNSwzYE_^74b>0h);(%rHc4Ww<7-8FXFS^iue~-L_X+> zJs&;=C8Y$(_Rd3*IvfZd%D>UY_s&C+>~hRc?;84McsbOq>>g;M#)%GzrJQJStQrS~l{H|s!zHn^;6uYg@tPxIbx2Semf^sWF?!JGFeshH z3OPD@54@GL>y4an( zV{T0REo)+~U=aIu?10@-=pk&3*T;D2QIV9@-uuQwAz*xm@lfQ{rpJq6;c-}DC5V;B z*)@&B@()35Mw}it_Sd*dkIjr9jgt&^NAFb`Uo_5M62_|H91O-{QQ06iD?SL_gi$j) z&hEpgnd7OMYt)QR#?FtoLCcW3wjlP&__3_%A?=VqC30d&6XZ|FA3-ZE2u8e_jQu6{ zw=zVjZ*K?iASPFO$*Jrzvhq+qg-Y0ocqo^%v+13OQqJ?~orkgqPj2gYC|pRqZ#??UCALL2q;GwK#k#q1+VocX39?A_Y z%XZ|U$U^WrcqqSQT{#}gXr4n39?I`9yly=YWfgO9Jd|J3o;i3ZqiCfq;GukmIppA> zJVl+3hjIsFJ|&McZcLVR=b_xniQqHxz~PQ$Ni$>iiH9N`<~HS_+`<}rFY-`+BCer4 zlvO-U$3r=d6_sV(HjqC1(hogMVgiJP^495<)M_*IF^SpAL$(rMJ~~lhw^D^ zepm8PWEwCwdFljo!L@=(Mk{o|qR&CaQ39*X2Q$InlBD3ad}s+PQ4%4bD5oR-Wr*JmiXw*U#1YKVX?Y)tGV8~f z^%UjBh{sky3X9Yoka7w`1dt*UZ))JdPc1?VIN_ZAJ9@{;V&I=91O26tFD* zi-mXFH?(yIhaa=7>|nEOYgzdkQX^_>nwvWyx3rdX9n|uUdReHtycw&3x7YAcLs|K; zRb}O?R&}+QLpBNyt>U7onuPn%a(dUAwsO4Q(u}7rSY=qU?Y=&mt}Gi-QX)!9rz}&< z``xu52N1nLJV|{^om~o#;3BSkZPui&ZS68hBfJpO*(6ISW3g#jD7y*w&m&4oP^T-m zdy7faGTP>9o55}IY%2>*x3e`xG;HspGnZmMSJlaQf5K&ShN(wwrDHcKfdLoRPI;)o~ zS0^KUNEbRcfU-ueQ_mIg0gI_#D?<_^+m^vzMOV95+)RCtoke2iW~sD7KP{y zUBj~b@MychI$OX>lmNN8R?@^k6gOB~(_B5PDp=pTY87~QHS7YnfS?jlQfTZBp^LRO z*Psfxq`QF(Gy+}F3}haL4D>@mOV^s}b_^qR9YG7KrIY_?6;V=%T=TnL$4&AY44vL_ z2?myuf~+ylVU ztc(i`c>uWx{DsIU)0qZMobs80jOpCuP6u8rlU-TCBcO^@2x}^6YF*P>Co62DiTl^6 zW(<@;QRzdZLt2y#mB>}?>e`M<19pp$DRS$q%-%rbFaC|gZHi3cjWxU)B6k*fuz+87 z8vtYq9i#uq6iLpN%QPKecr9n3&^*S4=) z86vWd@Zyead^S{OMETa+rhK_eWgeJ!M2h*r^gM=Vcsms{#lL~8WnXH`iXYj&g7f$s zB(ff813ixoka=G8Q*IC7qcZnZ-$jraPqzml%-0?KYP<_PnTMwynX(@r1!}%mLH6}= zfsX&r-j@JYRb21i`Xfvf#)N!uO0)utTi$|i(lphxzn$46g;44IWaZ>g~n<=5< zrv0h#CE83`KgGLWc^;euk@HBjnUV#0x;=}$M4KrMkVihslfHue0jFI3IK+*DyrCil zM1l16{k7txL$jGuHWGS8B3#K+Bm*TM23l;Uv~5y7{w5pq@OrUD#GM~kG%p@B`%(2x z2p1)U+0W9k52no&&eDnFZLvfG@EN`}A^b=}IKgI$_q{_ur!g8+Z)gbpz2;Il5Mc7S zA(g+=TuSU6K-(W|&RUA>2giHRr7k-h$3!kyRlxB+a_uE!UAgx1u>biswo(RwUu>m} zwwU>xVKMXJK3?QuKEz@xrH`dEPhzo^g2$)fhc>rEEVfe69T++%V2N97rFhSK+1HQv zh2T1cIZhCIi>(w?23(7+6t5myY^8YhFgrPZk6fhiGKFtc_&$ZXg_Yc2PbvJO!n+jS ztFRB9rKHVLxSPWL6h1*=ZhWwAf1V>Y>F}idPRUwo<%$Xt9;z)kBM|6t5osn{1`@L`5&>B@?m$phhj$&x^_L{@1$K7jw(D<;Ta0wt}tbZO!FPy%E#+(jE<$EG0ac% z!q0tQ1ou)ns_?N24^nuj!Y3+Rs_-O*G5r|JYnsBGUy(9!g_q!^3NKUm8ilV@_=gJL zqwqR~*DL&Mg`ZRS1%-dF@Y@Q%qwrpZKUKKJZi?e@ahljoL6eQyO*sl!?51#TN9?BX z9u&JNyw}8TN(HdkO*s#kPHd%UZ04Kf{vwaXT@^NM8{bChU^k`EvxDLpPboOMUqSzY z1ER-*SP+dy)$cLK42VSf9bNdpVK;@7<_*TC$|2cJ=?z}i-9OE4N(3|F?}zrYn=%L; z5$vXHPlx9Vew<1#`6LkcvzxLSiD5UT7(E*7rgTAP7GMWegTrip>jybG2sy@XN_T*m z-IUvLagzf#fitumKPerOkoct%!b!+6c+7Exb1=6b9Al{OK>Gf6Q(l0WPX1SqLrta~ znSmm{z6$A_a1*;Jdr@mKyD5Wl(*DETg-8)jr*@#fmwO8WS>fB6UhJkk$-w`=c2kmZ z$@~)o+^MZD{4y?M%x=o_sAqp^U<|5hPtIR)$^HSmDIc&Bt=*LMxWN9G16M$9a^M>L zX551xZ~JAl8?*T_SFiQbq@mnzFs&2?OB&9dUY$1Q&zs>Sjqps0oIh`l#lxKxWjEzY zHmVu#B5CRmkzH2uc|Fm9Ov4bnDQpX3H|0WzPhQD37D{8YNdCcc;INZ13|^-BNhn!z zfYwct1E(|14kigOhYZT_5?q9`dfQ1S2hL;^MJie51d{``ptfF?eD_oE(~_W}^-XqD z#_+Vh!EVa?h;PFf0GxYd56=tvO|*`!!2E6Q$2h+2o#vTJcIOc2i7=#cqlzvDi&9 zCH}YCO?e$fP5I1y5QS{(qJ`zAeC|?p&?~XnO)(`FyD6r`VmHN<_&;nng$=rSyD25; z+f$zNu{nI~1RjD%a{}gJG04e%6gT94c2kV7X6>dJVcV^++*$}r`IGMf$b-?9H+8|y6M~29Go&Sbd&du6QF^M0R z#4C8cAN5c15;yp_#u7JcH^n4=N)lI?iuSMZ5-$p5q5{2hZq{y!NxURri(Sf`FAKct zCB8B+DweoeyD28|3Q3%V@xXp|Q%r?5Yd6Itu9w8eAg7c&0_@&fVHNus!KY(cH)}V= zq&_EDf-AhwF%K<1vP`Qv%*o}vWJ+1^1}klPur+GMtA%FmrWk3nthC&pqrIfe3BGPq zFAR>0rEb=4ib;L3q;A%3%2HmHgW63omDQ}>6q7|^5>NMIC-=APTNCZ3m@G~*W?ID6bpDt(l&Uo_EMU36cTqZBF~749G}E-m?yGXyD3KGSuv4p zOlKQO6q$TUTx2qh$*`2;lYbHy*__=JPh_$^@vHf?NVJ<`N_k#PdJ zkuyc)RP?GTvy)#yF;L2jlDi_YcjAj;A{Qi2h>2|0Zi*3kiHL08Zi>0M&Dc%(19DEu z43*-Z>+lIXtgI04*$%lFdJ zaZ^NG?k8-==Y~Fj#8$9Ba({?sNxb&etlboo{J~iAOkSd&hN4Ksnv|DiZq~1+x*h%>bN|w5o=2u$xO8x0&cxI)I z!xc(>m?ICTO_h`SC{qQ}mZ5SE*=|Zt)OG4cX3?(Al(|mouPCEa8h8Eu`|PIN#A4>U zKScSG1NY(ASgYag!kZ$f@Ku8Yk!LJb#$g;edM2Ja+ z7h+B1{;Tb#%*W_8?UUiiuU$CJaqj^Lql%m~pV@)kNnhxs1zc1A;lpq((~``l?I9=k zM=0KYc2n-eg-vVinkyGBU?ATe0R8_!mgG`{YJ|7P01F%ug8 zlxGOuZ(}#*k9?&Hy6Yh@?Bs5SfN+xg4nnzntq)hZ{h*%Swu#*ozU0R2rd-Jaf6sja zT!AnLk1@L`?=nX0rrd}&7rx*93T#>7%PIM1ZVr^(bHl?J*y@f%pq-O(9~d&t&q~%o za^OJ_k^_(8H*|!7x8XN~mRUTuhdj1Tq|!u-M~yWPq}|3SW^AHB_y{S;(JZ_yK!=cp=tLa^QGEuS86r9B26UGOr^kLh}B4)-#WyV@rQ9wwyq0empSuPNZ`0GZ~e`2u<=8^F~r;G5)fOMEkW ziQ7%NCxAj&yD61uxMDZuWDK0Ld{yp=OoIAwd^Ij>$1$I6{uOppR7;^rku_TV(q4w9i*+@lrQj% z$?{F{wZ{~)cR{B6)Ghr_w3~7n8gcV>Q_QvakJwEyRs8Mjrd-X|EOt}w!6V1_6CaI6 z7J1J#+90vdx!er0KInT3RoiZ&Z_&G(t9 z*f!yhc$%M^K-=^g3(GMY@bg*U4uJ{@bV2~uWxSY3`W&*khOH|CVDkb!5CEGO=oM~a zH|0$B%YI{Rq#*nvi<4#o{lX{le8g_bSG=@dU_f{!FKxtFFF7WBEKly>c2nlDLW+#& zb%99r>}j~O{hTIRAILe3kHXXZeDV(t=6r{RINgMbf;mf>ZoJ8Bcrd4!oH4s8Vb)R1 zZptX8JAmDkT(*cxKP?K~l9aQ8MLvMtlumeMI*{EIt_bnXGUxC}a?Z0X%Rg*4&q3gpr1uS*UZpu_jdC7lrp5v?v=lqO0{N7yK`fyG= zp3xsn=#FqsQ@bhW@YZ$)n6S3}-_) zC!a0kO+RgUJsHk19cIjKis>=m_Or*_9M0LrI@{%^eYq`2$M(6~Pg8C$g>xF&BLCul z2#@YGJAu1VXCX$kJ3O@;x{~yq2YA6_c2g#jGiEns zAVUYRo5BT2al0w6v1#lJv%igI)fC>W-4t_I#q6fs$ttKxV}0jpyD1ZqK4v$Cukt>zoAN_S z7P~2JS?br)Zb1!(!k00S65fPB*n6L3&1RaP8ALVsL2IDllH|Y?{DwY2zR7_(gwt@D zlLK!W!U-UlZ$%XB30R7x@~Nqg(X0(-#FdUAR|Ql*v5Ho3)!_ z>ZCclDJi_}ox_x#6@Jn@pTe)A8^i|*)=A86$_!rFF5zdGUsqrM@FTJOnzfr^@@vj+ ziplRdo8ODL`o2LXkQ+AL=HT!o)DoW6*v-HX8j1nlnzfs90xSA$bJ05V z;6vvhw41V=CsiBpe~yg0RHEu?1GHn&)eHhWTPa=55J2pvqzCXVWPZTk>j);OS;&CF z*o@AEhhjH{ z&Fg@6Q{F?z=H~rhw42iJpJF%V96#E|ZTKz)8!E4$p^Dvn9YgSxumQTQ8jnbcknwH$=q5vhEZww&NUT)0opeJf0W6 z)0%oi*&=cNLIm?n31ZUn`=G{nR^8i2jF2ut#~&hrr_vPx6U#uiKJE$az549lKHF`T zRMhUKp{B-;uxW6TK3vi6HkA$b7!bP(K8y={9_AM0jCCipEloSa&5Ed8$EkFtS7zR{hU&R3a=oOc`XjuiO!4xdN)OCFARt`m8{UidnfGq{i>xA}$ zF(MrhI~|<+U~?WvHzlzrgM%FGH#L^tYy(^DrX0w0OefS2#%XYPE?Kug0DM$?i`|r( zsk7&m_nx`1AbL#isWZ>*J7ad`%v$Uuny^>Z{1&?@0oVWVf)p4~@h7LW*iC^+iP_kQ zxjMeHFn76?ZDna0#hKM&H)X!rlGoZ=!1ley{KDke&df7rA7Cqd?{=%L!cMMJv2A|M zr-%&@*_s#^bw(w&ca3cy=b4YF!nUuorovjyJZIkY+L{)dDlIlu z>`u{aDG4o{B<^7iYY^PWn)}=v%K>-+pE9pp_Mv9uoiodsG0pT7|64Xy%$D7|#cj>eKS}=ugCW@T-0N0mOraGU6%->Oc(TOXm9kPpGb2;y!GMSC zfp40Ww{^Kr5VNf?8TKkFO(ux0V!!DnoyvU8Zus+RtE#YHJ8kaN;<`%LN25rz#$fyG z%E=20kC{D#r7{g)x^fz8K({)ldJ4>6aOZ8OYUYvEBAGlRNA#%vpdu zYUh=6_w0Gdzmj?W>#ePz#M(|#i$xV>n?_nuoTQ9z#4AqB*u-r(d0VUQXIg2pGn?%S zDY3 zY`UF~9NjHs}QKfuD{a;P_Ea zKE&bcddwM~KJzY^h4%)h4~&L*{&YdcR){s3+6SlRJ%jffihp~%DICD}X|bC!09PUs zyBhJ&rkI>mpHQ*?#>w73;Ixy#Hp0)VY%{}b7!x?gjkmsdoEr}S`5oxK zDTnzA6=HnbgfOQPrOB7P_*an*iC`v z17~8b%b_|2Fjm|-#B9AhTssgn^V^t3r(?1li}MujVKK)A{Vm2kym|h+b{xv_i0tzY z6|We^nxz=#1h8vwKgxIQtw;Hiwy(m+C_F^rQxqPnuo;&?5sR)2hsfmEL~xzLS1a6N zHwBde*J3xttA`f5DPBFyhEBKKJ1uroygJ#2zEkSteT6?)ID}z{@U&65m%;-TK2hQE z3eQmZ8iiLWe2>D9D!f_YoeKX|;V%?!v76#uU#>xvYu92o#jBGC@PL;(c}(G_6@E+M zFBDF}Ghfm|B{GJ)DLhEw5``xy++sJyyA~~WQ@na;v76%6LyO%MuO3?Lrg-(xVmHOB zhZegjUOlwfP4ViX#cqmM4=r|6yn1M{o8r|&i`^8j9$M_Cc=fQUJKoXkci~~DmV=qfxJYv*|t{b19be(gW%vOducY;Zt z0q`8B2kHXb95mxvZQS#0-t#_8;iMGw44={q5*wg7QjkA$$TNAZHfE*o!A7|o8+LDe z&v#1xvpcrG@acmoAM`AKCHSSk=*dW%5rHA$PJ!Mm2$JRZ8B$n$YS;^$9S#RhUR)7$ zs*|0L!^@^cD@HgSC!D+fFTFE|xLcp!<8f`;oHg-*&qE(Pvt!!}yEg87u+_#QW{GXY zy?HLJLx9gvO>C=lMOYlqF2G5xjI03Xmal?g6L@vV1!o_3a{)cRBE$FnK!9Se@?Gt} zCJ63}Aj8Wu;Pymfw?CvoXQzqtxk)#G02?f8==p+QffF`ZDiDg>V0oW$A=9_O21_fl z1cKQRhob!ip+JBDOhIFm1=4;8YSIx*W(=()g~03|Q({;+sg)es!E_tldl5+C{tUT+ zO)hWyRAYDJX?F=Q0{977a|x-hF<{Llq+ZFuYi?(V38z)p&UONSbx%eh3p>BUOE*6^ zfhpZc3I@3EbuiEYzZtiK91JkG@CoEKKj)Lz{MZB|$m*r)2AFvj7|H;$rT`3bviAjE z@~uQTwKu|nKlsS%q>f-%-`EcVSH877-v5z1zO_3J z-niE8Sl=QvhG2jNZdD5=msiJOBXU=L70c!bLOw}yX3Tfo?yQdcakN=MJ`>!=NRw%I zX39!z%e5SC&lsuw&J!S>vKVJMCcHM6Q5x6cni^Q|muJHv7N7K3~N!X0}8 z9EW262HB(NZV?LZTLd`Phaz_5oa=WG{gxMPV#fJbj!trNC)t!tFxMnl3<}Pa_eKU! zw^IkCa)+W>k$ix>X&0`!J zbh<%gN2V8mn!!u?Ew&Z#HW3KQCIZ+;Q+5czeZs30(o6YMnl9H*jW5dQVt#HfV3*1> z7?uqLu+ItC%V&5S6lBUy23fL`LAGA?-zv7|JS|~WJ?7z!c)N@~H@=p=wOZodrs-n) zwpixQGTB6E9&&zMncqGQ%j8=np?N4a%>Q>3+1%TpQ#{QH?YUzAuvihXQhsEPw^sge zk4VA*yL`U0=JU9CaUALgU;#ZnHc!`?L@ysl!1>4>yBZ+oS_8SxIC{b`t{H~$nqhns z2FzwLH+tt8cn-ZeIFcMR;sKpj6Z2k7a^{*aV9a?197k^^4%eAX&vgGNYty25yyNK! zL(`&o3=`;0G{VlNHyMZDxj1Vz!E}#~U*oVhmaQWr_FM!}U0xjS{aEb53&^{eJ)+Nv zuBLw$4%ZovU*o#s7k4TgdMfK!;dDG1?V6*1j=R?96yw)*KgXVl7*qfw2gjXPUD+2J z#g#Lvrel3p-|2H^P3=3iyn5!;zQxs3YG=%z(|3A#^^^tW)gaHS!sz6f$~m(H_N9LG zyuJ$)7s=0@QPFo=W##@61Ns#9=@(l=|4+(ozwBj=K76hpb{sD1sF;D3ZAQ7iPbJTM zUd@y#Q_t-)ofQj=)!D%4qbhLrRGcYd@E`8_-IQd<^)EI{ z-rW@Je+-KE8!~hcL%|GusB*`q?C$zuO#&Q2lRjY6hfVrS6wMd#K~lh?#VJWK8YG(7 z#n{lv_4`dqA36P(SSjH3&o?-ozbP0Yy6((5v!_MO57(eWCrj#si%u)2W0BpA+4HfI z7v(Dwvqk zuD$ijVD0b&REY&@^MGg1>0L8*VNLIOSd=(p&g|Y+%N|kF zBE3)V7wLWOxwW&sD9eJVbGh76k}wP@=he=t>TRmntfQ1GVXKH2#9WA)3#wwPN#ZRR z*9p~UD#@-K@oE5c=Gw3taXZ)a?}uyLTwAauu$R9{x6rp~DRKY& zYu8AGY=0KEKEv#<=tvXHu&kS4x5qn^KAp%Q79Mu(>**+EX=3&*v)S2aG!3Gy}B=DNn@QoZsnh`Ohdd@7n z@WX_sOs%M$#?`m8rrJzA$_y@K>Eq$@ii+x~^P5EDu4@v;t_QQZT-Pgwm#i7mOz4G* zRIFBU`rsil3#;#(K3?bD$II4~Y++3w++9{80$2cCg^O~CE&@Kb4-A`(oS@2qD3YD1^MO@F@>Zm6*IIfVI35gtcQF z-4quIbsGK3k&miSPtd|H5k(UkZ$06=|$Xg&n zKom${RhRP;ZpsD_yMo>Z2j%g+_y*TR9wL{6CQjr@SbR+nI3Ij1bozd8#2q8~W4*dZ z@;A8>IX&|$XZxNB~$NIaJ1)o0JJu0e)7 zX?BD;YKc3)!xj>EekT%J{esKnWaE5~ve9hItx!KhqhuK%f5^9*|+m>?JZP9jIz-U$B|?4NQFmR z%vSpyiz$<={|oC(rm>tH@WWN%5PY%1mnwXng*iPTJYy6tRd|xZoQ06O zGV|H?dR?ICrVU&AQbk{;@bwDctnmE`uT%I@g&$XVlfu7Nc$>n1R`_*=-&Xijg}+od zz_x17#f)Dq&Q$aqh0U1M@cju{Y%6c$ABOLuVngSEWa=syRToSN4^ zI5gdZEj`^+^0%+tz2wumDGxrorf2pm!T0=M2EMrAdzsF2mstIR%`yFgC;n3Co|>88 zWk_LmOvzwKX73D9OZf12Sy!EXc4j!7wCC&4gU_tlwsO~!eRErFjHd6|hqCgr@!k-} z>-04o#^Z||Xg2Wrh|32!kj{bTEUqL+%VP zu%p)w`Uby17#af4(enlSASLt-*kQ-@4SFLv^bL|37fNQw1$~2Jh62g&BV_aqwjoJO z-++c(l6q65r*BY*a8rE)cBz3YJbeS+vbllfp1uKRhXdDGeS^OsCUCvWb{R-LoJnpq zfl%sgB;Bp`4Icd$>l^F~Jmp)0BBZkA1)jG01)~^v)8&w3WUts!ob~NU#-(5w;5vyNdbVv|!2>J!DBh@$R7cc|&2>!CcxT~Iy zWpe}}pX_n{f?E)3^E2`p{eq_$8P_j(3qhq{z=vKtGpaD^25cJbBVb__QKO(wF~GT? zb{GNRN0YqAE39uZiVT&3@lY9HqdXE(I0qkf491zrvA#<{N0WLUDU9Mk$9ja_K^-8@ zQyl2@H^TFc;s9l*Q<-AV&m zMIcKw2(m?k;6J1^ptS@#CTa3=tcsssxSk|A#aJv|fpxK=$gp8HItwkAt>+_G6-%68%;> z191fbb<)V)Qy*yVjK5Kn-~cKEO13SqIgkISCIK&Dvzi3*z133yh-m@ruTXFZsssNX z6@ZZK$>^icGEQR>WO|<+9Xmzo@FcC~VZTZq`gG(WF2uof>}>gB+`XOC9 z*!|@HeX0SxT52X=?cb=T`^j{ussRZCskf4#JP?!ie@ZpLiQwX~5#e>-I1Y`QTtrLf z_lfv(72g~1R@4r(E;yK;abX-BNNag~e{W7+5$IapW+e|J-kdQJO|^e0Z(GSZ0O>o>~la6%(ypj9$n$HUYHN#ST8r?(DJ4uEH@2cOvXxu zNe^NEgM5_7A*RSP-yIS5;h=j7N3KEMkCZ7t zVZn^L3i8&%XZiS!FY>knYk4II4EKX*oy4)+THXK@?tYvU<;gb*mh(*S-$oo`;AT0361bI(D9v8h( z9*5|1zKOa4FXEf)$IPg6d2FZRL|&q90IhpTdyarv0;mN%5Z1Z@7-HbHYX8x3v$_GX5sT%IjZ^neZ(mnrXoQqzJZ}fAUV&uJkL}r2 z9gfWX8#*8IaJ*j+rUyV)&eL-cc&5d?|Jaw1J`q0qD`L|5nLu;}h-JS26ia9R#G)%O zo^&f8x9pYvhD&-pN!L;5kW z%nSaC^fa5V!aEdxi#X` z@z*H&1;lJPa5QPpd?Uci70)$_=U#=_!fnKpzvJ^b37nvf1>bD6*g_#%70eTwy;lC*S zfx?_05dJR|=0Hj4DGH}6%&8CIi74D%;iDAh+=%cWukZ+kM=Cs8;qeM{Hbvx|r|?{b zYZYdd{a>BezXSEad2~KA@3%Mt{D{Rz0CVg}o*uxzwwTY=%@+3umU(@?Z^*nppRqEp zKLS|h^*Ng*^ZIg)LGknrF7b?EKx znOQf~PnGVD`9&k5Lx(vX`%k;>-Cu{CQ{Azfv#R~hr2%YBP_-~x&8TBhriqN zUiyhUzkVeU`k;4u(_IPn;ViRo@OdDP*Zv>X54amLJpF*80KaWq<@59du14Knhs?bE z0xsWET`JyjAQ{0S4*CJpfT15SkDf1R=5Tz;*C7t!FImR;P&<-2=?=hL*U!(M_@J?;Fpzj^K%n~reDRM^Z8@S z5Dc7#c(pNsnfK>gubuaAwJ-RF?^c9UdFKS*vWf%jlY+Z^XCNYw$`3oi-KOXtJE3D3 zddEi@S-pVST^V8AnBWNnGD!7w2y)&B^tJK%ITxNgWnK*fEM4wGA{Mqa7ghQ?`f7lk zHgAK^?dBef8gEN>w;Q?Ja>=UOjVIXF%=UL%0@!W}v;df_-8{$b!D2Y=pTv*e6X9kE z>fr5(KuFgCuTpAHgbq#jMCiy7O+PffPTrmfoxD8}I>q)xU|k({GML={EIu6@vb(Ac z5_wtmC#2p&2kwh7fW=Xlo0zOaOg0j;$BCOOcj(Q(q);0wv>QeN25D~rwNmnwC_iMUAWJjhenW?$h z*nOZ|MoyYPqhrQ|w%Kl0Tcqmhq@^7X61ocu@xToH2li>;_6;L*xC25n3Kv=*Bd3pR zHdVlG2$3}M=h~ebg536@wcT351lm|u?Cs#OwvBJ(u^Zm#6mFR@F44n~r*W>VEGYR@PdSrS(v}F41)4oBK#7ZcQOBkmllqw0O5EOIl z#;}P4J$^~U?oIS41ga!)S>q||c8^NWbg(7`0-p0E8BG+Xqb|#Y)o}?ED1phm2rrHI z>!qB?`}rCierIvjY67nmljAZbdi>r8cbngG%jkD%vvhXC%F|hi17}8$!k`(mcr|?E zQyW5#K{LVagH9<8F=YMpsbr!Jji!WMw>avVk& zfp=apVUjY8a@IPX<~jMH(Vb$cyCQ+E-df@RkF7W2pM&vUg3&;HBMsC`Z2Jv76=U0P;L($~{YH?LYd3@AJN)R@6091Obt+lB6N zdUX8@o*x(<5TUMv-8i`Shqp7wY_nI#;*=~SFb%&RZf8|?$muETEHas9GHpsWZUDEb z{>`E8#i75M*Hn9oAPF>nL^mo2-&(7t8ND4(bI9z(p|X(=^NNJmQ%}($ffk<a85M`!29XkpqdgAPi|%l zj|1$~VQ#tqO&uNf{^%jhQ=koecCCC!&|$P`FuMiP`2aY~V)p%XkPboOE$U zXXx+I*O4}S;C(#6acG)4O-1derXzA%baa|rIC};8K8MFe%uUA!d5nV1+&G>zCN2zr zC=Q0rCl2_0b~h()2?(& zo$nX82t7a(CvkrRLCd=fg4p&cPwVLLI!PMJ=$h8N z&Pp1Xw7f7;yJ668&SyrO2#*Q_97hSrsKMcYDJmXF`#M4ssUL@nPc=%N%S z$Yc4Bv-t|&E1Avf=nMm2vXw>eYw#7SFlEtAu=2c+;~a~N&+9Kv_(lWhddWQ^-k$jy zCFfC*AnzmyTQ9=ki@dWFh_OBc(D@wl&KDsF3#6~A%ZcJ%db!0MaIzo% zU*4+&r_`dOgF1MM^rFbSNdKs~mGX% zq4P2erf9(!j>m8>g`)}|tMDL&PgQt~!leqc-X$;d4q~s1`D$zN1>~{#Vuin}@D&QL zP?&wRq+O+Oy~67h=2%Gh%{zk4_m_(Pw8Fnp*xcim{|}1(s=_-J{!rmh6#i0Sm-o1p z$;o%YVTE%PZmTfIz`~!ea8HG~;9qz+bt;gb|TMPW0BwPoYvwxlgnc#6WDixr*= z6<(sS-m~QUif;52ZCnwz_Y@w}|5!Pu9a?_fX4ocWUzxKk z=KEN=#r&o)&0>~omc@LR=d+k;+5cT&FJrp{6_-+)MB0o-$hC93rqzV;sL3ytNrP9@4Nk=;<7orA}Q^jl?}g*tS#TQW?*sM z<8B?g=mpu%vh2E7+!;&yrDjy5W>&otX}mA8uz1(px+@|#kEwe!d&Rwxg-hyg&)&6i z&*n(gvPjviNZlpbXB5}<&+fTq7iohj$-%PV&B$c|E0x&>f+$0;^YsD)5a<_z#emlxD}hS zFoquMhjJhF|As;ju=|bgE*sPF{Y9TP7Dl22qtO$B$9=sgQnn{Q66qO@^bJPyvyR-{ z5G`9<+|b`L-0|F=TbD(;WZhFdWA3Hp!N@Ch6QBENOOM)~#mmaKMEBlYJaEjlB~C-p z-iFfRo5wV)tsOb{j3w8WxObEUZeFr>?v@S3dluI2Dcg(lY%Hm5jP7mhQT$MeZ)=JF zj*{TDB}tn~lB-KX6(uQSOHw~9NgG-c?pKnYUy`x2B-59dvnj9D*1YVUd0G2DXti;) zv5nMf3$h}#s7TZiHD&qnZ5H@S-(zoE=_jwlbntVB0Zw{CpsO^ zef!3D3*9ZJMxZ&_FVBUFBRZ7^^j({?u9`e6{o-)aM~Pb@!RAxrv*n)_JRkfraBA@E zq?Eba$LubSY>m8^w74Iu(wJ~DLi1g0~KP@;r=}Z5R zz^P$R!YjVAw<3okVIOW3K5zJ3YR<8b`A79G*`IoPm!r+TOx%&l+ndSzHX!*{0(g8; ztDor^i~2qa*F%`#n|T7<^G-%2z;a*ZyC!G_Q*2B@jY-)5dom+t4JRgUdS*fQpaHR?4 zreSK>3I4!$BVyX6%_^^Sg6n*bAkfJP9}O?v{M>{TqUbpY)L@_(zt&_G3l-)E&~)#I zyywS$mH>gDiuoB{(oy7Reu?~+mDLw!5mdY`z$!!;mDJ4u##9yUUIjn)eTi@?M;5_P ze9X#8|XI{ZiG?2l#g?zUfPPK_Z?&ONd4mx zmqWD?5Lm2SqgXn~M*&Xj4&;O)>QZtkMbw;_BC5wPil~#p2SwB;;eAU*RFfaS*Edl_ z<$g|95tWec5EN102pJ_v8t2+i5tX&tegJ;l{*=bM+FkWC+)Y*qm5{He2v$3uqUl`- z9`=1Q8@{VcV*b5feV51l8 zXM0m&X98YKwOezPty} zsVjBfNobs=+Lj@XvoY?t!$2}M@M}tDwQUE;XQU|?LpBlLrp?>t__2~`pCn2{N%I+L z5;0^GvBj1$rwNx!qA1UbISpeXMw&znp^fmW{sM`rm}sIY+H^^95fd=NBwz?G82BY5 zXP6t)Bsz=KN*wO0#mRDGp2Zup9w`nxnlY2uCI5y&b7M|o*Y!69y&H4V5(L{Jfp=q` z!_MV21kL5iL!7xh71JQyT%MVT>&eU0a|M373x~NZk08!mmK^}NEaur{FU!SoE$j9t z+o zk{(qH7IzUJ&OtCjm!7?$)mG=Nk=_+yrLEpO8LUu9k1(zT3DONRS0xxY0@VKjg>>2W zFH5%lOEerPTIeHlJmqqH^%sMLcz#=DZciyaQDyz#shHkW`TTIDWZo8!$hcOx(M30ZLkFE2=TvX+rbM>G&Ap#Cx+u8!(9&^}ds^y8YAyAn;^pzQ)SGCZ z%f5!a|0`6|ALCu&jHUO4ffML`&8F|HET!-AHgV>bf*fqwI*B;c&v5Le_s3=~!GWH9wEsTgllJrPfp4XUkVVI;{iu8%XaDVcA?@%ko-jA|7C z2UZ+;`J5A0(?1?Z3R+!KHI@Wqu4b@ElQLE_$Tq3C82k>75R_ZIbW${mZzjiP+O|&N z6=>xs`pnMnRJ$f$W`estkr(G9tm)8MsCM#k0-ZvqcZwC3WYQ4DwF**Tu3(t&2vx+g zzzHptB(_f6kg@K;bz*(W^N31l?j$wWw*Ah+K&&DD0Za)u5lQiM@wSe1@rKShnS@)D zqJv6BgV2(<)w(u zI8gWW1{ioYJ@fSo50j>5fIZ%E^n{`5R=b>l!Q+Ttp@Ea>32)QN&om4Z=y`I-)9Yub zljupZ39Au^IgfWDy<>3TNkC6{CpO{ruGCn19`D)oPQby&()8TC;*6tr91dJ_dcxcE zG_wuEczRwIracO8)6+~dyc6ho^*f24@HRa+PuN6yUiFqfFAcU|G9-8#t79duEXBz8De?V&3}y|8;hi6?Qjkv03f=_b;`>0=ne^tYG8P zxlb;#OX@(ux;Ctj^A^?-FSZmcva?pSFEQIyn`L)cJ?GKARKyqCv|M2)R=4A6g`X6S zy<9wsw=T~$`3m-=@z=AbtxKh?YA=qL4d=D@qLhv}L7)Fhb6y?=S%Y##fSjN#S!5R& zzUEJ91^H%eAn0plIpH?5@X#(Kyo4(U5qposzN{7@#&~#kUj2B#QbJ~JBvXjbzuh|* zBeMy=mrAw^*LB4jFtL#HBX2R|xn{|vw_GvOcV!lzYcjg*KF(qGFUR`}blZ_*5s+sAb?E|mZOfr?X=F%+6Y+~vC zfU72v2y2y_Tjm-!zb&VN%mABPvATbq@yqP~RFTxAY+yqrS+TRHMfNZKzj?9i{^gd7 zSi#de#I>+y!ExpE@@l7v?RvZVHEyMT|J>M;zS(xY*F?BBft4IvH5+RI7_pu-Y}j#; z9+lN|=FO{_GiPS+(@u&M^ywGv6YUup(5J9ZKcm$j!Ki}+k96UL30 zTs(B#>7yo$A2E5<$nhh_7LOV?B$`@0bmWkNRBxCP^1Rr%TgKl)*S-vN$kQAquh2DS z7G~Khe2$LrWH&xMyjjMb@NjfV9{Lx1#hebmP+#P3rvZ=Mz1%xd6-lQ;lJ{0t7j5HJ1#7@C&-08Fuh|6f|296^i34TO)r zp5q&PlNM^}9pOt4K+?_lY|#!r-$9w4ant}BVZ$Pi@4-5q;GzWjI>=*s%JbVehG*c= zw&5UVUC|wg?^VRHJO|_31)juw+53r;vcC?3 zV8-pkd31%(>z09oajchA2-ETwf+oE)U`z(z*R{M(=#JTDC@;(MQQlDr@)n^>tpr`1 z$T%WFUMb|UZYZx64k;gXrSKnX_l=Mzy*S9RGI5GPWRreB!iH#b3E1Qjkl zKG!h zbeJ^|cYd>iQiplx#hpJk7WZg=)ADsZTW;L>%@=$f*0sg@)-}$sx>1nK-=w87tU4?c z-y<&EgnK50*#hIvj~2vd3S9(8Hbz88F#wm3qZR6Zs0n#LY!|pKjpMVh6|Tp08>Ywj zi)^?Oek=T~v|&D*TH*TKXTyB9wBq$qi`p@o#(Vz$@0#(=sG2e#$|87<&=cPCWiY*e zM&|QK{F?&OG5LY{WyEdI$+gXg_p5ujB@##QW1Slj1iEcbhCffyEjDz^!#*lE$Kzo= z6EmJT&F1w}($NQV&VX|ex%PG-PKzKCu84H-@U4^c`@~OyP7%4tgM=W%E*`RO*`&3%Ak)g4aEcJj z@)PsUWuHvUBz%TY=3w|dL}n2&>YQ#k4p|dEQsL1SQ)U@48dtx>OI9?-{jBq`02oJB3;A0eK z|0MKN6lQ-X^fMGLQ+S%fRSI9M@TCfycQ|`4s}=n|g-v~09@d+bVXMNgDg3U&oM#k% z&hH6+UEw_nf2AgRL`H{juQFuMEO}hbD(r#2d&nf(Z;(t%!4~T7DvBQ<}WA-VAGl(ruTSdoO z$5uVnawk0iD-qr`TcFaTJ_3?oUmsnxfBC^!bYZU4@qu+q@oBnBQSU zW+O2NeQ<9odJyS^hjH@!LRS>S9J>fTQ(+E;h0gJ?;9d$x6+TwsK?-w>E@{UoT&nOS zg=Z6^Ez(uv5PX5cW~^d)mMZ!(g;yxdv7*SiOX0N&|3qQFn+X473jadkUn~5a!WM)nZnBz*89TTpy<>W6Pari{-MIu6%(GHDcqp2`Tl9o zg}P?K|ANAe3csQ7I|_3@4oPdqrBPgmINFJ|RTQuH!~xk^>?ou}}H z3SXiy&A|x&4GOPS_lmtQkM{x1~f8dsrbD$FItLhr0F zSG@{-fWln%D)f^S9;fhk6gJ~+TemY6ovUF*ju~%To+}mo8inhLF-D=gOX2$zHe+wg z^QfXft}qwTik#mm{0D{qsPGPj-&B~ZZ$-}M3j1&#LQhhd%X5X^N#QOEcUQQN!u=E; zr0@v}bG@&~=Xz(sXDEEO!dwF^JXH!`qVS~(o3XmB+v^qm4uyZDFxL@_{KpjjmBLRe z{9A>$D!fDCHx>Rw;m;I?g^F0d=?Zf}vW#iXcpl?Ly6%d8l*0WKK1N}#WEMH26dtGW zcNFGQXW^fvaE-zX73LCf;lE5_u8|h{Eeh8we3!!aDf|`)!rw#Tz6$qO_&9}+SC|X9Mb3DI z&r*1@!sjY{p2A%DEpqAQvS`8`qE>Hvic6&|c`k;2q7khBMShaIhW4)i`dN%52^ zJVoIug=-XEsPH0%>l9w9@Ct>mSNLXyS1DYt@LdY8Rrr2|*D1VS;Rc1DRQMT%H!HkF z;g=NNrtqH?-lg!n3hz<)V}%|4{-|(B;REfpnyYx)DSV*!Yi=DP?If!30EG(`9;|SY z!owA&-iyej9+hD3kt2AL!et6iQP^yQWBbe+MPI1!B88U`W6Vu=mBQT3M)JL0;hTx= zGj5f_^~51h&Rq(xCAQDF`xQQo*UsjmHta~W1nDfngo)^jXok$8WR zo(g=P#bMwoi}_h~zQz1D$@`1^?SOfI5kp}i%XJ{| zUQ0g#m^y9b9|~;rR)9wUC!_vJF9GIvBx26}%3iLg0dv12()pd0o4*l{2bR5DCjxWM zlyuGy%U-T$0UvAWX9Ewhcrx%Xi>CsQwD^4B(=F!rTF$*vCZFg021Ps%xZL9T!2BLX z`XXR%_eER>Jm2EWfcb5T^xJ{iwu$S3S6X~0@U0f#4Sc7?{9b#H#ZLi0Wbto+AGi3o zz#A>z0{pbaoX_84@pjRi}@Y;Ym50z4x$ev z4|RakEM5!D?|7u&2i(@;9|Ip|@jBox7C!{s(_((l?rZS|;G->m9C(n$zW^?_cq1^s z?=dev+fTLlIbeR@Bc0#8&#-t4Fz4Axe-U`9#ni<(-{S4Sb1mj`o^$Txe+~Fzi>b4F znZ<7cUt#es;A<`BxAPk8Kx~GC%$j{5bGMWsSJ;aR2E^01aes)BqLt(rU z*kT_rU8{`^&+bV1;CbKn7j|#_u$+(02K21ijrrL<-F}<1!o%Mh>-+VI&NKdw!yES1 z_RbtwK5|S$W39(`v9EW=1;rj-SlqC!rm8yHJ6%y4Y9b4wy~A+|gPGOk0WZxgq@PjX z;pqis6-ZoB?w4@nTqI2hXU4*3BkdV^9&c&h=&?vUw%jM-$ONQK2xrE^U-}yRu;t=Z z_w0;r>1}c3)o4R6ix(D8FDT8cTi`n9W=DEQ%ceyl=SB+4>n3E6o){?^)5AT(e@g$8 zTKRsx;p@-`J+hzKvF(Lj8}~ifYGaYzw|m{lH4E3QU9+=1dsBJN*78;#mS^o+Q=OcQ zt>t%Sq+PJ`o;*hH&L%PSj?~P7J9cJdH1x|J=w488PjSD1e^bDDDBx}l1TGB(uMLDM z0x2H`!eayJLj%6uW7h7#Q)5E*UoNcs+TB%*UFK2D(O*Zf*F5%}FJ0+8j&0{7Ww%6@ zWlzsrThNG@&F-!->o!NCn?;jwA?MWZ6? zejcg2B2xd8NY9ng;nC5%qGf}kRnJA+>}*@=PT!IL)W>U}wmZM*~SL#O=Y)ju$Qd^&2KXPslUqexC_1;t(@GrNNRw zp}+pU`e){DTe2&o{_*?4OMRM`Y-d6&s>Gx&t=ezNBzTsk}NyYNK0f??`ouHq;*3eS7vT#rZyP)I9cR~Cj& zr)R;~Ahs!P*oI3{yED`I*~(~LO+#62!-kqazI^Y~MQdw{ifYct-aV$Ycx$?I+Nx%H-d@2-2%U06_eH1=0@dW`wml96*! zmXbU)Jm-<@$Yqh~*@X{&nBt&4IX7i*TjDIjU2>0Gcb8jsZ=@vLqgP#}TiB`Y`Rr|T zcV;*%ZjEd?H?r2XRj&W%(pjNpz#8(ll3=#*%~Es?qf5!`>v*1+aK zq^} zPk;G0M?O_I{OBXDxwGQok!L>m>a>oJb-Ov^FC%s|e08?3w(qZ6?HRS?&YMoW`q!Vn zc>ddyukqio>e|-tTsZ5Oe>`LC4ZSb>#Y->d)s*&}(KvGWGtYkiyel@p$kE5sSxFG%lF(;L;zT z|9GeRC0|{CROr*v=_OU|zZ`MR1; zP1XDVf6mNchQSQu`RNRUA#psUQPPkyq#Dm7PcsZg4aS&ZNX&>DqJ~sR8Bz@?l!{VO zLLx&dN~Kb%Bq~uUzxR9Xd+l@2(D&2t`~7^r*Z=ze)^)A3U;Ezoy4Tukuf5OSYp=cT z+^~cnE^D(kBeMR@nYX6@aiP+m{o`g=uK)hC*EH>LdHdAEmCHvzIXG>9-$9RD)v|re zhSBB2D}OWKfddbn-1yjnN9x@2*4EsWz9T7PZk&8;_1abHmVfzyFTQGCxb?cD4LjDW zQKw3UieZ(W*?I3zn~Pq&eAnvwQL}5E9?-K~_PSR-S#t8v?jx-~jF>&5OMJtJtNJ2$%(^qC$Lw?0ymBD2 z&2P_+UD0gkjjbN5_p|@GBPV*_U9tGfZIjchKY!Vh%^9nIPgoS$F!kGR+vlAxs(tOL z!b2_Y?Ehmy+lD)D?tag<{c(r?TDf~(`w9ma@5?*$WbCI?pJ;O5OCPOz{h4czJ$hA( ziVJfRAK5ePw&6ES@B2p8`M)0Dbf{qH*$yqwtb23jYq>*~PkW$v%<9YEAOC!n#`~^b zvUb-~ch-y;H)7fGJ6^f^e z9}hqB&CBn$AK&9(*z)f_n6|#zy60B4Zr$kG=Ke)b?ASVLaMPrl*8g~2-<#I#`7Gq2V_&|o|FJsxxAolA zpvATsy++;;^4-u!hg>nwJ2C5?-&=OB@W-w7MnB*Cz{d;Q_K*0sYPS!@&P(}l>D2HQ zSKb$OZs44bRlh&kboIMeyq)sW4`0>&yyJ#$QwM%_VA-`3f9f~o-Kd(cU%7MQcYDwF z8MNllVNv6+`RwkGyXNHmyl!`=?P;4^w2O%w7XSDgnQzvs9^UwiE%$cs7~A>5iWeq$ zi#mMze0b=xV;c_@Z0nzzGV7f?GG1)+e%9dhgf0U%755Ii?R|gyC*od@fBdn$pFjL# z+Ls+>KGN#KJ?-whuIu(szkR3g9gEsL`9`B_PWF7TLYLp)yg9VxicztLW1gEdXl3`Y z_wH|;dG6QLyVDj|Ke%e}o*^S&T$rAbkoe~hn?D*_?S=tQ&3|-O!J(%;^R~QK{_L@& zGMk>izHD)e`uFd?wsO$6b*~0{tIoasss)jqZy9~$yN7?;_wK2UUr&5!ZC1l?p1ET7 z7r$M3yl(bq%UclBA4Qsc6a z=`T!)Gw~_~4_f@$td_2iM03J5$Ow#U}Cb z(SusO_{di#=r^0+JyraxhBD>hab7aj^k#8BS zOA6i^S5hu1DvL`B_6B+?^r4OQG#}gqinL+Y!p8wRQzhaS8iUu0{xqb#R#bAmRyZcb zYenQjnjFhwG4Mcpm$5sf3T(ULs@xF<9uV(%b_qr814dJ3HgW@d3B2Q9v>S(VV>PCv znzPZQVoE&c-wH+VM4L04ly_NQb{HaOBmNDd>N#)_kxiwNWtdzKn#P)$ldohMa_GIq zY#e|*JT+_?z#eao*)WS6Jdwj#hG`|sa7fBv#O$4_p3~0boqll{a#z@F_R(6&GUUEy zH--ZOWvGc2Z=NZ`z1-l5Ol28nmn?(nctkxIF?)4QJ={YjQyN1hYh(_cg&MoNX}4r) z=JvE3e<)EJ)0uIvQ&l`aO%IO8TVPAW6W64L-tG8e^ezT!j1=9p!m1o%stkz;L zo3|hjs~rDV+jJl-q?IqRT4#*M`#@)`RKlrRXRNGTkCnPqSq$@aGCbZ#*|6!-vrYzl zhCIei>`beZ0hb|WjooH-GSDE*8avMFWWZsFS=++32}rk`R`!`Sq%&(jm^Gv`YZaK? z1f(--&9GLl6O!<-b6j72-0aSPjHftH1Qvm^>5vVEj7{`mk=+Ry`~G>dJuR|nkU`hT zURU=r@JlMxZJ(lll z$e72CB4hd3?@rk;WzUOs<~vc@s|XqMxF=w*K`pE^588(f-WZ~U%JGQ=n)jGz(%xhU# zJ<8RIILNQ_AXg~MH5_EK*2ApfAe%LQeNty44zgKW#_99= z^zQh?>K>skWk#24qT2+Jz+KTbWn>aubiM=mS_*ErAz zN2)UFwaz5${a)_<4KPxD683&S*Q!s#p1ntwuU4(8QxaRD=^i`87%iK+@% z1aP$2o0Nnsyhon1TF+x+47D5${vYL1yav)63F`P6!Ex7ErkX=gn&)>Grd6ISCvSEB}xz(&MF)YxZo zS&glx_FrW#o@m|x48>*-t`pwh<5^?ZLi8!NHf{^>CN<=yCfyB70$#e!K;}M*O2RUk#1s{BvrahaYH1dK*`&S|PYnol5;`M0z7?KsClwp+YB!a5E){0})ag zQrP99JKiXit?n@{N6bn&o}r;lJlqgwU6qu#u1YG1!;uP2Ygz9k_^#1-Co!oj1{{*u z?Rbw8@Lp0`TzVMqB@qE-$I(fowoWe~@iiarQj0Gx@Y3IALU$rnOS=NW3!2tdxuu%k zf>S@>LIlUGq??eMuCoubHzo3`Rnoah?SS_XW>P0$m8*5>!i1%)r#+6;pF7j*397lE z3+{#**bO*0b*?4yjMl}Yxr3Di`!8_xNCpKpzg#s7m*4WdR3+k7_hg+>SvBdf~HyJVp! z*+Nf}LR0&HP-v%SO}_u2(1D{>q8!|p7^fUu&}L=$CXhpbl44gVWDb`+cD9oK#j)c- za`NfN#U*xKwL@;b_;|6XIG|im;qQ-1Zypu3Q>ALBEw)CvEp4Kww%gFSg{J?<`@#aC zs9eMv9L$C3Lb%AWfTP=o3#(Aln}DNWPA01ma3N3=$vET*xpBc85jgzl$|aTI9-}M7 zCa@oY#R&4WTh3(*L^MAxu0ag;WX)L4H=lo6Xk# z92?WvZ0&Eieh)Zfw)SK1in+V+^s`&}KoE;q7WOl7c9O3`#6DXUE;k`U#KjRrWun%cEm^6K^htj)7vCjx7nYk=H zeX!jGDzbv%cOwBx>|Ow}FJOtW=+@@}C^|=Q@QqMfZxjb}CJpn96*x9sA>u$JuW_+p zGD*VfTq7FD1*@hO{S=i=h*_{@M%nn7=mm*o-h1GQp@A ztN0lNOY@Ckw^^|=%={jK60zt!>}U#HaP%DxW?wG3&+v%kT~6SBnKnY;xH%-?g2UaI z0BKFIhY@FB$Z~tk(Vmj%V9J&r4yMfdB@%^}N)%cuQNRh0$|<~5qVQ6Q0v>ow>&77+ zf-!&bjYBWgZWDt#!O<%l7Zuf@kuRo3KJ%&vLPB^?~QotV8j2doPVqQ>*POid*s7^o=%81@T|qtp$E?*W=OLS%NWG&i2Ubd z_Z?oldnO}JMdW|v48)m;vk~Va^7(TaB9Gk)#8rr|AijoZ18+1+=fTHCUA|UW?}*q5 zk$LkklzFpj%jT`~ybp5b^%NqXXxAb#&uxe{Tq=(?*w_y7N<`)rkI1|@#Ca%UGGZ#? zXv8sytOJ&Tb-+9qATC0D2=Q6O4T#KhJE9Ho0M?sw$mnjr=R34F+7+(Ku zSRy*Co7ITFBc4aRfLKQ9(Z+Jb7ZF(p_BgQqJ1RZ)SMinD>xkPBnJ3?DL?JS78`x__ zThw8lSH`wTM3#-m+XmhmBqQ=d#4FDoh|>{yx#9E!HgFp+LwSh2U*R?miMD~;Y+9?s zz9;HzP_AdT^vU+<;Y>Ue0yF0FF!*i>mMYo97bak%x{G8{8GZqd2GD>ADF3W z45XRgS{Iv{?ezu^{|9Co8UsVkZ=;LN6u?YaSOm)C4Wm;V^NTmpLBVCXZs-n7pyH76 z2xMd-G-&8fO#S7MaRFpx)5D@fW*qq#nWpVjt8f}p)MO{4|NFl&m69)E|qtilc_?pHOp;S!(F{P%-?J^XPF^$ zrWqRPZmsK5S=Vx)EP;j^kWF&+0!@3EE34<)3w6o3MKk%DS}|mrL@C)+H$|9hFOXt@ zD+`plqT8S+yJ-WZ3Y=1b(r3F?Qr#4>E+x4X>sp@ZrU;ZJkhX!F;!<@r#Z4PXajD$u zxVZ(6?;zK5V1Gkhd!`+k`b&28nzj^)>>wc4o@<6oH95ToDw?w<>)whnLmEq zE(Owtnj_*I3#Sg9J+k{wO{Y#A%jHa3a|MJQrv|7~!N{HZbmUHXvW`F7HcPe>=H=9hvtL<8$FXUC@n5#qTu|{Jci7Q!%5Q$L^$Gh&#s=xI z^Pj8T{5eUSYIoRf4OGZ~z4c=KizQBxyuqKCdT?%VCUPW{nwg&d(?+C?OvPOHlf(ty zm~mOgzuPcpku@b_q)uTcrFXrvWsZjjt-o{aXB^p?ADSK0XX04D$6Xzpo!-WSpAH_^ z8J=+#_rL7xZd~@*VVUEz$E8lhevckEGSz2F5h%J_I_^V>71SiA?>Bz?uph&@GpYO; z>AAGGL4I;J!eh)|!r!3r2qp)|9vG*#N@R*n!_r5N<3WKvllgzv)m>M4d<~T)*YO-> z0%evd2w@iz0-sX(0BxUEZCY-#I_!C)j_rZ_PwKE(%!^A74{C@dUpnEo->~iVyHpw2 z`@^(cW=LB0YqH0Kc5F}KrP5-vv%mihH+HrSn3MBw{mR)BvL*etd9+(O73#%-8HeCI&ygS=wYKWQ^wl79LX5ETWslY z%JAWtBPW$ekUriz-V>F~lyRd+T90{->=L5%G2@Vpvw0%@`;8bscI-%;ye)H#m&cY) zw#JcNPFBnGG1y{PGBU?=sP#V#KIowp;GLio*pX>Z7fM1Lv3YT8nWA%D@G=Wab}BPH zx1o>5bAzl~dpTGy(X6n}&>2zN+kTxhuLkY0zsTAf4%X$%#kvmM#*l_cwtY>xU>&R; zJ6~Czf2GG4xTW*8mjc?gWuIP3j~%b}a-j9*l+ru(H+t*{*7@@F?xpOlDy5eUJ$nhj zCbxX-M7L$7{0QoK7j#+AJYKe*cY<}kn{ausmj!HcZM>nF@>SP6--Od%CD}&1M-gcc zW=zOugHQ#rcoO0gdgVo6QU#LyRZ{H9$FQ+N(c!|{`%N+B2T{H>+21O%jpgIpHRfwW zEQHrEZwYo=1%S29O&zViw8u-bO@md>$m)1=Z+9N+c3Z1bdW&n~MF#f8 z2CLT`p!4n83qu@H!OWL0K5V|%ma@055#H=tV^~^ySCz82XPEPnh4wHE%eBW2c$)F=2G_3k}+Tu`$2nk5N-KJm9qCzEM5??!X#LGDW&YirNft8gkz7xI;_1+ zvFDfcTXDhq&>De^$arTdy@%U7e|3_~)w>&d<*X3P&Ct{58*MQx7JJSbULZgZ#dCwz z<4Y1%U7i@c;ld#{_0kYayB|-KvggIyqd02>dKL>y+3N^<)MGuzD0{pOu-7!8rvr9^ zUsKp%kxSJqJ&ExiX5FZ7w%YCL zL^Rt~LpAG_JUAVkfQs^>rkdGx?6}w5j9CHg>lVUw9;HC|zxU6^Gd~c5-Mw>U!RE}< z+j-^$La_0SsMqz;V)=9n;<_)O47%8#8(VZB1fxZ^kX8N{Rl$|9YhbgfjlQzZ{}%dB zEA@86-0Yd#Jp9O$h;v7Vp~`>v*jM_AL+RPOJCmzdipw@`eKD~`dF2AYqiyHj;E}U) zim;7Y=DBRs)+I|?ADJf&LJXp1o>w+4>&B+_lO-)KVJ@?s+O&LmZPUh+Rr9pIo6NrO zj}3ukj^f1^fm}iMmy4*1&Z9$PVLm!AFY40xo=J_BT!B z%#+Mdei(8PX@~Vkw(?mbuZbnu=DSGbtXHzlca_L}SdwkN8$}+2CE3ciikx*%w)qx| zoX3G|^F1nZKbB;h?M>yhn#Hl<-iFZ7aohw z!YuO<#3)t*0w2@JA>aduQ8;BN#c?#1fB!l z+6K*4-7+^@=6{cu6^{^&=#@VsQ@4_qgH)_OZYf;8M)8e`dn+EOI9c&%#Tklm>)_g- zshIm~%dl1PM~XwxKCO;<4KL;AAPg(#J)CW0Bf++fg19;y zU_m=9+Z9UZTBUOxS=s>4S!>7mj+3$tqg<|~Bf$3DnWXgRD4qFA$IPiIWqVTTtPvfS zZ8PPf^QO|_e1x`a2b9iXvXt#hvYeaWfbDtuyV5s)HbkcmP86%t9BlJ#M;4tp(P7!T zDIMcmLv;F4F7=kIbc~-3Dcc0fv3nzBsl$;-yTAgIYS&H)&FHubYZ1#A)MwaXF8(@1) z-m7#zBugD0QSz^q{Cg!oqvRpDh}*QBPtdYYvGM;P_B$#$zj?L#Ns31)&QhGGcrID? z>prrynMak*N+o|<$&Eh;No)K$NZPlRj`86j@(-2#3$mpBnk+hJl#cP?Ao5^b&+I-{ zB1>A%X=u|%E1f1v-b%@h-v+U1{5D8^j;D^;oT$>yRB7*3YzVW>vHj9+bOJvb` zg)BO|mCj+M^NG?qp>)nDzM%AjLjyKBSEH?;XtLznSn1F|o7K5a>2y;%{guv0r87q9 z6}(NXOs>fwe3D)=#9%!WT}&y zWXZRw(rK&Y*DL+*N}i`xEBSn-|A>;WBa1%2mA2*Ct@t#Ve?|xu&_!Uc zMK#Fs$R4fa)U)>WzS=Unf?U2@@ePW5DCQtzn|8S3 zY{gR)=PI71_+G{LD=t#JR`EW??A8#)_LM z_A73u*z}Q#{p*z6+`Ec=kdhBqZ2B)nhXa>wnI|Zor8r+P2Mt^O<%-!aXYcno$k*~_ z#jh&fr}#a^A1VG+@mGpD;Mv;$Me#Ys99V31A`~}L+*EN(#cdRKQ_Sy(tj$!#X^QVv ze81v{6faf0nk@H+&nVugnC~sD&Thr;Dt=$Fxz`n&KPdTW#b%lV(K)Z=!Mw*4c{#;Z z6jxX5SFG=c2Pio|>#{b7E9PfuR?d4}d#^P`vAOTH_kl`&uj2a^b1E5Y=LyAY6|Yy! zxn`{X4#j&Fn|os^11F=g`sUtP+eP;x>xg zE52T_x!)F>iArvKM2lSCdnYR$eIK5s+JsMtJ@h|UTne?l>*$FXTQE8ePjyW%~H zixnSLd`z)fY)4kkd4w!;-XqKASxNHc6i8M+NbzvRqZE%* zoT>N@#m2{-*w0t;d5RxU{IFt9v}DWkwBn75H!0q(c$Z>M!es3nRs5~u9~A$l_)o>0 zpvl^)rntW1hKgG%ZljoUG+8@66yHjg`~NJ(^A$g#_@ZYnspoA<=VQgcC@#-u5Xp=4 z?A!8GSKLJD#48@CI74wRS;{a=F(;I=^2LguBug30vy!BJN$GGlDVz2k#hjJN%0E-g zDW$CZXT`zl*@`nuS)C}woKMQiV-<52DJ$=&m~%&2d7@%Y6lLY9inGYFzj;bNTQO&e zvT2tn=KN4r{)}Qy7iHz!6z?ZXUYs<_>U^P?b3r<8%^v}N-tW;w0glt=EpSsq(vQy!7CJXW4SmNNHLoT#|3 z;v~g`6{nG9AJY|QD9%!xqj;L)T*b2#=PRD4xIpnD#fud$Q(UNcmEt1BYZb3oyixHc z#ak3_RlHqsvEqY@4=FyP_^9GzijONkq4<>IUlgBHd|ojIWw^)7^fSn@GyM$0;Y!Dh z3ln*ilGjvh#(Ig4Psw8x$0{~{JVf90Q3#tp3So}vvF)m(;snJ#6(=h0t2jyVV8zLb zQx&HvPFI|vI7@Mk;%SO=6`TGL*{^&hpQpG$@gl{G6)#gdEZ5AqCrFgyKjfyuZ-lBM`;_Zre zDc+;_km4hXk19T<__*Q|iccy2MX@I&u#cRK-tKRx;&8A z0a@;u7b#v$miy;riVMkdKfFqD5n1ks*D795ma=VB+>ZZEQXWpuV#~nEM{K@-k|nRM zytat_%T#;dyBPXSWw>7Pjlxhh6U9)6ujKfShRktQLxiKjBZOnXqlNuoe$vEu)eO8R zvCMJaWZLI_2$}X53e!ICJt&U`a|{xh_IbZSZVFx_+#JmJIFz>qZzD_n?^L{3nECSE z4Rx6BVPWRW@ko?MgZb`;%zQZ+4Vn3#7G}O@gqd$B>bZ*4c_qbB!pxTw#!!d(`h=M; z$1hPH4Q?UKeECj?a^@Q+%zQfvGv8ata(s<1R&WI5#uqENCU~Ui_`u_ZW5H8|Y4a}O z7GRERqD_v8dsz4iFlXkYJP!P{a8K|H!nc557v{Urw}n%{?+H%?e=T61Y&;zAL>(Mr z58nZid0d7Fa|jdXEu@?yxyJ}M1dkVP0_OW5>aadJsSlZTc#m)!F#nGzZwKZ$C^FwO zbAlgoM=;+3kvoB(7QPO=LHGtR$3#)5JD3yuka;ZL6y~vbTevrPpKw3$`@%`!PlX48 z`EH1IlEM5RA*X_W6CMq|AUpsgj{!YP@!N%Vym}4G|zf&+L&1xiR z`JBynL(FRdxRvlCu<>^a`9t7NB3}aTCd_ZD_`krkE5OFDDflVyaFMSD8(*f7uLbj( zPyJ`XQ-wEz`EH2v7s0&FlQ)5l|5EUFFt6>D?*Kn0{5F`^bISLC*9h+e^SVv>0q|?W z$H2RUzXcxZ_<@UP%g!hD|oUD%7Z9l~of><5F5Z&Gksa7~eifg1|*`>7Vf z6~XO=Bf#;(924C`xH`D6Fwe)K!gaxX*TZ}pfHQ?TLD@9n81UV~O~3`h93!w)_%iS+ z;mg6#3iG=xjzgpU)?ki3BlCZc?{UaH_dgKs0Oorf%C820C(Qr1UxYh@{}SdkAru{U z)b9r7*fVkua9!b>z)gg20rOo9b$WrX67B=;D$M^zzJH<4tzeExBM$}-7aj^u7fuFG z66XJBt}w?qaC{omjsY(cz8(CS@K|t>F#rGg4u$#?!CQnUfp-YApP*Qn|H&T-^Si8L z!ZW}ph4aAYgzo|e;Q~qfv%%rQ`QYlpbHP60`QYZl_k-IBKLG9|{1BM$R%mkxxVP|f z@L=H;V7^bG&T4Rm@YCR_!q0$b3A2ykK4FgISS-8|yi)jO@LJ(5;1`8o2X7UA8_cn4 z%$I!+blpIH7yPO4LGW?m55PYOe*``+{0X>hsFU_AI70Y$aBbo9;27ZxV7?P!UL5-z zC(L__F2dp9p2C&E9JfY&PBND)%zKU7gn3WFcO}$`1y2{|q=WgwmxC7yw*oH{ZVi4? zxE*-CFek@*S(x`A+l4vK`dwj84}3`YdN9YZu?z{|2n_3kLl`=c(x z)4&PB)4?|j=YjhQ&jQ~nd^b2*I3LWhb1WOj+N2BfJ}XoBesGTP0x-waQU3uj-x-lP z9%rubVsL@*BjAUG9|JEF=Kb1A;m5&6!W^IetT4y&Y!qfc%FDvfg0~8@Pi2Sj^WZ(g zFM33;zHfEPM()T=*w&n(!~+al*fX`TmP`egjVx=KXK3uow4ScMFGr=LweuFBA?1 zFBYxixD&X#aA$B`;jZ9@!rj2J z!acw(g>M446HWwQB~0fQ@xuMUHwY(zZxQAgu_WQ4;Gx3F;8bBgH;fhL*s+Pie1@1J z%x8!h!kOUN!gql073TBA0^wQUhlTlU@u)Drv3Oi~K6te-pE=eEbN1sGgdYOGBFtxz zZNlsi+bPWFlD)z!!S4z48Rf8W5%@DN0xWoEy(O} zK(PMmG1JgL@>k!+->yxZkKteYt8dX58Q}P}Gdab2eCA2ntaz$ygSYIY32&s-IFM5P ziz zCJZlIu3)LJD6&gP*$$_3PkM842l`2*XL972yy8!N!^@P<{Voz7m5Wa2d%G_fLr2YN z6Y>`n)rN0yI1K-(Ooc9GEA=i@IW2Gf7GGR&?yks{DUtcn$*=fw(<1XvAN|Bv6q`8N zcWQ|*w`*j69Q-41eT6>8<0t$4*Z7YP@)s`g=YHt_wPE?K4I>+-MBFe0`{iKT>CEVe z&bVw(YPcg}%I7}>7w2Zpi9DK{J;z(HJ}VK+=)|1tg52!*R|@BJ-c+GDH~VN&cKqbR zIVm~i@*@kYpV(;d>P0@*4vx?)gld`5n=X4$zxq3zXz`~-? z_(uxkM-|4mElevL7o1dPaajC4g_|Oep2{jdl(l+8erQoj{Ds2!J%xvRjp^JWW#ED( zk%ubBwLTXfKecd9>-a&1X}xmFC6$4X^7xa5@edWoKVLYdS6om|rGeXy=OwL3+pstc z4!=*W%fs){`|=Wh_5+f?&P%Eg7rm)UTEivLi#tP7yf@GPvA^I&e_Wfil%qfTlOOQM zEpQxz`$y!(Mdr?-k8uCbd2y{H;^Q+OrvGsNdwFraa<-j1Nl)R4XY!Jw3!nBU=NrZ6 z^U^-2;+1*Dd(7tSy!C7R4c~}>cE(_T!BW5fkbiWQpt7qkTvG`Z4KLw|vDpRr*=trc zk6BsXGj~?A$eE#dOh`=5E{dG9A@OL|ZK?kJENuGj7#_X~eA#nneH#sx<}n3FvsUMg ziNvRaY0}y7RsMQ(059c5h$0sM(6&f5|Mzhc|cxUl`^o zUXNU}+En&@+l%?WyfOET{dR9ipc1EK;-s{$Oxv%&VqLW(ZW_k;s_8pz<+qCWY z{`e(6&+N$9MoGcBdr+Ca+(#lkuSF(Q-3s6KZ42^!>nHniFGS{!iuA?$6NmWoC!AX2 zOCIfu@8S24f=~NwUtH%e5!);k^@rOSuhqeTEOG&+r-tqN{%qUG1mns4Cl%E8=4G#E20)W=)%RZpq}yC+FXB z$FCKC`su=}x8MH3hVkP+?fceS3ljbQvms-Q>Xqo@ys)wM;|=+ z{GTgV4*PE1y6azGwye?FRjc|ul$m*K(AKSwyz$aY*>(T?^YdpPc;K4bnl$NoYy0-; zov*!ideGUkXKvZE=dQu++NJ&S#1p;Ref8D;(9@@XdtkzZFD4#3^mL!rt%qM*ty=T& zkdV;cJ9j=fvQeWOhQ9gcqp>w>`d2*k(3O?Tlqvth(xt7!%9X3szDkvtM{;xPT=T^j zpEddZ`@LhDHobZ8bI;9Ko}K+&ov^SfkKJ`wy{r~3l3LcT-R|-_b=p5SZrqWRx8Az( zkHW%1zxM9E>ZYr&o|N*z2QR(*{PTC-(X3hTPG5fc$%Iy|hCV!NR@F0o`aGGofB$A) z9b5eH!?t9fFTTO~^Iz`Tuwlv%g9g3$+HJQTyy2a9<{y6Twb3_r=#cqoj~$>ai{_v)omiBAgcGRNTvm^IifBoEu z-+ueHY*0{0-i#T4ok~nB?Aozo&dbY}H~zAy=*FLW^;-GY{K zQ`e@Z?)qlPke4s3RjbW|6DNLMn4G+Iab8}n{kPom*o-4b9v{`PVb|%+oA-UXpy2Ae z^7AX~zTt*>%}$=&`QD~Yw|9(+ikFI}l z@85rIxnF+yx$$@3?OQi;Gc+{f{g+=JpP!R+YJB6yJu+Li92`@( zZrtf7pB%7r3W(CL#KZ+z&;tFNZqeeb;$XV0Bm zxgaCsXqQf%rfq-Wg$Zj$joNc4A)%m5aBx}gufLwHQmIni$5T??7koHy=`w3mT3Yd&ojcE5zhp_X$(LV#Yh>lh_1{^){*Lo~ z`xbrh$}3~9s$RVX@42+kY#$r4gm-xl$9uX;$srL~(2Mnb!S{#ELjN1OE)hb!PvO_g z4lBq!#Z;C6Ki2FsgCA>lo5PQF8?FVFV`p~2k2SmC;m5iGw}qDD%@_Pw_u*Pdx$0OL zKi1bk?E1039MZDv;R_b$)eEr|&a2s(9NGduVYBfAXViIE1nv- zdTQ4GGHdXBYSuV=KqP&|nzcl((O2vcrki5ckj|{l!&;Rrq%&*Yq)2*-HOyYSNO+1J z%5t*nt?FX{6w(B5N>x0?MytF zn0w?Aw_9Dl>a0eY(dC-xHU{{y>P_VvEMvDFpc-XHmuq-Ek&E>yXqb`o6nk49M6_L# zo?^{fO?rwI!d@Gyx(jMyNVpi$d&fy;@Hs?JqAAy6VLV2IUCmpmF+K_#j0T@@qNu^s z#L;5IJx;AD?XA`i0A+_$_(UKN@7Tds!;2CdJJonjncPyL6-TWJGcVHOM>dXD4z!Y~ zHIWZ(CCkLm+8wQF(8{6K8-slkrnP1Kmm&xVW!-I z%b;C|`6U+BAp?OGEk3apeRzDSR z!PB54OI>diBz#8-t?PmHctx88@Oh#;Lm?=o>`bhM-i{wU7kdBQE@1;cTdjjvR6@YP zYXxydY8jO#er00 z{}n0^+fCSsU-S8}XGmu#oi>U?*y-kE-Cy*~yeD}kEg$MlNX9C=(!8Eqt%$vNOzbuD zZ5b(Z;JyZVTH~a4f~_;-mCsgjIaaZD%U6!oOu;3Rg)T3ZEZ~?=l9lw#M{VR5UOHL8 zHJ>C4_~v7wBTZx%QxklZ%Rq`X=RmfzB{!Gy0XeQ-}I8c`IvWUL5>c>iTV0#5t(LEYJ(KtTcp4*1#&=mlhfohT_|T~tP0T+%0>-ib>p z)WzPQ#t`slEP-dS4Ls}c<`uq%ah*oI43XyrheutB*bT8e;?0P?5ZTo`0Fl?lVTi*K zM${z4YbKR z(sjWyvkrLM&3$K?X_IALg=lR(1EwwB#oNFG$QI&5N-p+pNCtIyzsqeW z5PwAEkUbli*C@n1L=JV}HomUsQ$(=Z589ZD$l(EO^)~P>c{*YdBKOG#-W&7omrn=i z@H4i`z+O#6){_m?;iDCYII?c2Qx1{!$SaKvyicZ%Et{3Ij+pmbh#cz3XM`$<%@FxI z-v-v<>xktcqmB){DdrG2{;{Pa@--A+Kk-!)Uor77m9Knk&^o-~%|WCtUp4W5mal&J zn#TsKLtE6LE$Z07G|Yo(?CT!8O`qQ_@hT?B!iC;0@)Y}IOiG? zhB6pgQnXSeToS}eoseW#50oPc@1(4AT zlsQlqgJ%YftB4_cxG-aeQM^1oq9ie-WA8k3jhvxp@TKjZJZLGY!O~ z9n6DhsHvMGP(y*-0*;?dbNJhQeRK_Ewgwzx1&+}`H@6mUSps!G*p&qwludK(nf54_ zZJ7f#l;Wms;HJ;j(I;fw;0!Q zpvGIcCFtww)eoyFB^~a{VqLvJ>+J7tt>fp$u575Q*Tj{DyA)`#m!eTj8(f#U z!$B19^Lo?yqhmE*$6aV+Jyc5<9jIk`Bl zpd1V4QWmUTZaJ=|99K<_!z{;rRSxSwoIN?YR5W{G-C%K#97kG?Yfi^~m1$ezTFc4N zu@hvh>3uZyB-c78l~YdR3{UF8oYleRj7FJR9^=4I++8{LonObYvtLdLjcc?L&bAyK zCl^Q4_}>(#W=?%Ndy%aiqB(w}99LP|ZI-TQ$8DBlLA%)sW=obb=(LWeQ=Tx>9-J~~ zntgQIK(J~jj&rW6rv4rK_89RfIQq`9Hl@YC!yNmc^1ZHeXWvcRhtAzjb26*qVa>@@ z{{uR^?;I@6j>P^yvKab+Y736ssX(oxtzE2dH1VJ7xCeEdbN!c|v`V;uGM=JbiSZ|8 z+*P?EDGHN5p>1;niH#;erdc)~dwo2vb25|0REF~Gr5%1{j%YP;%GeQOGSWt7wkmm(_@8yE z70SCz1TJwq>V}Y52j9bjccOMlz4sAoAT~tgI%V6%#qOkx zhosW}pImkE_+*ZQ<4no%zx4lx&!-YK&+13u5V%0s2Rd%?^j;IP`iMN@+!l`5QPweh z-vqAfU|UBQ2+8It1v!(QgRmK~jOXRy+Y-3?UXdBcYDvtS9 zLbUtw8ra&V;vG>QkB=b1ZrhA?y&s8j9`n5;?eX2cwRZq)(*Qk>z}`{YDAcySU~Ml8 z_BckJ_NvG>*2`Cj+TI;#%x!oeB-m|7v99ffpy3Wi9nv0(;Fj++m}&fo49`S6uOOT? zXB)SlN7Q;98#!0K(t2f}RL%;q911<`iW_Kyp$5P**B^o&&lel)wkiO*_>6dipBD>EQ&ZdP~$e zx9cOob=9y;dY++y5RATY9fHl76p&o(JBTeg5Q0rh)a%s)D* z$kg45NFClmu(Oxk4a=^=Cm?62io-yCnjmu@7`<|MaLT)5vg=Yu4s*2PSYfsh{y%uj z;|GCl+bfNLZQL^3s%6%q9dAvWcAPYATAfyk+bh0C@r{amD;}sgS@CGa8H&w+m6Um= zk}p^Mwqn+!EoWUcA`UAppvI4W(T^pGfVM8 z#f6I532ybbDE>h4mx|dbZ};UCSx&_ZN+$&E%E~K}<@9A|x=mYG>0G9C{7T+I$=OzI zT7H*i?eqIHYk#nkk5uvuvebW;(z#3N@Ov+7lizY#n~Rlvjgs@bC2P~ni7fSSOzHfr zbk34Rrz}nmYrnGMT4X6_J+kPxP&!vDookiO%}Qs0;uNJnQt4+YojVot+Z0=ddzJoD zrSrJrXOuo)3fMAlRXY5R-P(Ll>3pGdPAi==O2^E5BJHOt|2w39_>H>Fs|i_j`2D%n z>7aBHluj?jgOvU-rGJ~!nW%WW(x0jHA5m=P9hP!#Q1ac1KP8I}KCE!}g#)1Mewq1# zMTgf6D{rp2KUuC(!^v_JG+D`US#tA&d6!vbwhT03*<6Q_o`L^cRvx3+T$4rTDkblv z_UZI#TTy1&GeZAOxUCG~6 zyj$_RiuwO)?HpEoRPiyz-z)x6@n4FAcwLq9@a3%Kii*v5M50qu$vIlo>hoo;WscCb z++OiDia7|)>Le=et9X#&VT$>J)~3Bp@f5{(D&`ASt6!jax#GtabI_{Qe^K!c#k&>1 zr}#s~dnLuZn8Q`AKF3vA<~^9@>lOD_++Q(Aw_5%2 zif54Jd|#sYImNpbA0SIR`9Sg4N(VQ;u1)iQB=%b=Ilu3;cJ%+zjY`M-*GO8vaJJ>- z_luS}_SV{2qnIOZt^75`ymz+p1B#E5B`=P{wL1Dgg`;n+oO7U9=3rdQwG=lai%ky2 zwK`WR?xA#ye<`V3{hu;M>2N%*wKG*QN8wueeTq5u*2-5Z=7?J>e^D_<(OS9ruaWX_ z*sYc8|DBVR%RZX_9nrs_^v!>e=$QL?c{JlQg0;zK1ba^lbmcJPG9MwVzIhgqyh_`# zI;EdAtlX#U#3`Sv8ueht?1jRiSCo1l%I7#tf#c7Ju6=x{c z|8Y4=K2341;#rFG70**#pm>qu#fq0HE>yfqagpM+iq|XNsCbj&EsD1)-mZ9;;ysEF zDL$h3sN!Rak1IZ*_>|&b6rWRkUNO4@Y}*J?9I7~6afIT(`(HNChSL6hO5gM)iQKQ` z?G(o;?x@&2GfLX7N}iy&r{cf+Pft=hgB2$$PE~B4Jtg0CCC^Ztr8rmdEXDbX_5A<` zWZC*(rnpe?D#b;L*D7AGc%$O2inlA?rFf6xV#Nm)A5wfo@o~i`6rWQ3i{f*N&nsqU zpREV;d@Xg(!C_V&rTC&}ZPE8BofyTjid!hw_bnZjJYMld&*qX>Poyjbxv#f6GjDK1jHR`DjqTNH0qyj}4w#d{PND?X_BsN!Ra zk1IZ*_?+VNip_nU92b7;XWLAu;&8t-^jAn;aZ27%alGQLiW3y~ zRGg@|ui_-d{M5>plVAK;PFI|v*z|!&IXN)W>Q7UgtC)i#txmq;d5RY+UZ%KE@hZhd ziq|UMq?U{@yqJJjQ_26{?Prx-2IP)d7F1sxGI)k3$u5e|DjCFzJZ^F z>tf0OP0IP+fzPevhFFH++C^>*E-xGlju5^KTwS;&xUTROVD^_XZ3l3ya7S=U;cLO| zgu8T>`!=XfIz2B!)S1CJFR37#aJ2A&~&8#rHh zGWb5>Dd0uI)4&`|O#3sy{LdoK1V1S}8_fSH%Jac52+sw-COjX^!NSzJAI$$CGW$6W z3qJ_{LYVy=-wQ7X^Z$kVE5UrWCG(z+1E$H(fWw8?fvX8W2j;UabvSrDTKF|^Q{ipk z%Y}I#cct)7FrRaomTl)o;nU!L!oPxt3I7HjBg}R*QP_*}-YLvBb&qg4F#Bm~pZy|_ z2y^iI6T+3i>xB7f%Vyyy@SDPHgL{Q*f zB|HlJqi`DdH{sjC!68n0#(^seXMoMzqbO%4I9lXc;LC)kg3TPG(3u9lR^-#c-G%va zKp$a#BrrtyZt!Sfp1Tu-=Yj7KUI?Bo{2=&#;l#AzEha*yY3Rc z8$3riAAG;?z2FCh=Yt;+z8}0ocp;en;b@=t)XxY%41QjCDR{H+qu|$tmxJjmj%oQR z=sUu^*WNGu6!=5o)!=lJy2Uit-16)h^EpP*2-oG~%eg}M+F#kj7qmK6Xfv*(id%|mk-veJK%>LKz!iT`O z2y?E(e!@q<^j$}rpMg_^`M)$;n9l@bg}(vQFF5tT1y2#?e;0k%QO=1EW(%JN(_c8{ zd{?`8-mXYHwM%19qq(|gF_u|4#tpmBX0q& zEZhc6e|Xey2d*Q`i5}>)obnFfrowy&d%18Ia9d$M({vE-2EJCfJNSCxp5PmW`9I%F zxHou!a6fRea1wZo@F4Jb;UVB`;bia~!n{YACCu-w=L(Mj7YL_=9}*r9HuK41ANe8J zN|EP)i-hk0KP$|B{f)xB*D&+UA}ybjwu+qZlXnR71MNM+{J89ZZ~@rNKZ~^dc>Gh5 z^IgF);U(bjg!x=`N|^UAzY6nXwe!MHfP>Ii&Ev&qtWaTo%vMSGS#Xr_25@cRjbNYf zOW@XPS8=K);BeZc;-!vbfCr?ID@A^p=D zRg#u{+X!D`mM=aVldRp^r^j`^*sR`VJY7OO%^Nig^5nMnCbso?x<wI!mi`XFFDF2x78~1#;JS@Q*Ua`w|ZMhfAB{V+<;9PpBQE@WU~hQU6T=?vT4VcD)2~S#Qfp#z z-YrKOHZRD(;pC>MPls0c_-LD}%6BgtGx&}7)(&6r;IS#+?7DL7{P%BOo!YTwZy7-&fdWfGYOjU&0J2Lk*f?Wj-w95pxka?6E!16+JH% z*KN2Gz;niivw#quca{7h<*~^1&I_6!d|$}@IM>=EC)_3@gn0RU>K%_CT=z=^%vHr_ zdCXNs)0nG@Pez!lY5>*(b5-%t8*^3hNepvUt>jur8TJQYt|~slVR1c$-cUYpnM{KZ z^1Ka6<+@B)#Ru}TWkQx=QLY7k%7o0qubH{(B|umzelB>*Ka2$?vEsJi&+$`1Cb8mk zez;6x#W4(?iVg7Ny@rYm+yU>hP-IvMvst-fPvxfE(2d1mIE(0A#)tlh+lbv(;5Qnv z62JWLc4IbKh!K3A^LAtJ#ZJV?nOyBoD|`^HGREWW(HSeI2j(_eG2JM)%Zlm$7-!d> zWukGnkCKhsuv(RS-3qZjqIbxCh@y4@4+5%LdG&)Lfh+^q6R}Fx*bI+1nLEx0h#I+o z&k<`pCV*Py#){ZzYBkJLb2HYxb*Ns(T&K&i25RxS*4wCEK>8HaJpX)lo$BtaFtA(M zQvuV%;21Z7jdD#qKhF;fi}V+{`b01HRc@22MFRfs_z|8g$bL+AAj z;bM!3xnw~h#;*z1C{ximH)D<=XCr=XPF^!jg%JlttVgQCNwYR{koN(R_aeB)l>+u!*7X$_=_)AaRfY)$4-bt zIK=@z4voUE^AT=nnEe1dEDZB3gaqM#Iw<&aldD1V(WRll_tBqOe_#QfqU;B%hYuK^naXcL`J{oHgNY;3My7h)4@m#{XQt+x(h?_$`Lxn)QLagTnfb3j zIPE=R{5a45C%-y%KR88g4ND(6?w@~n`k(!{)L!wzX321n+HZd!f`w0{7dVM*btHb0*!=uVP~KYIRcS7g|Z~Sfyh7| zGERP@!y8jCBIUaft$Z(-fpRkUF$j@=o(z{Q2sQ%TnVP^p3)|o+u*`=`%akYLK9miE4Uy@&jqB}Y-P(&2ITj{Z z8?CWsnHvVfUJRDB$43ln?=i40UstT_z-smMNbHdo7TV^}=U#YcC&6dpyw?_)gCV z%v!+45)r$4fLPJt!sfMF^z5c(&`Yo@N^g~7Zr)T2{gYU-e3cMw`Cb9DNH(xv{VH1s z2<^5P!L|(4?N}S{?V(3|yqH;g_F_dHhWfZ#^|eN@ZjoazEK@HN4KeQ$`M!^BI^XSe z(PxTA!F=&V=H~kySljy<2UXXf-S$-}d&_*zH|4ZfO}6p;_zTgd0eb4-YL7$g2D|My zNObuQ`JC@eX|INCqdmTdw`s8IX$yONM`DBB77oz%LZk6qDD{j(=q3zzuZ7;1VW2ks_OTo zSBH-&2xB0(_00X^pS-qL7dzqf7h?m0wdbq_ezpAK?}+&q9tiwSScl*eM}ql>x?lS8 z+7@K4jDZxvxZT}Am>qk+Khgmt+1 zyJKDB+<%<(Dg?V<6+6OU)1m?j!5&{A2ONkk~Bs)}ts3MbfJESn0mPh=)J3O@+*5vfy%(QmRzSi8cUvwWR{CZgZu`TeS~SJzc9fhTk$}}$%;oS9;Y~4F^`eWcedh9ioZ~Nf-J}M z6xh~nFwQ0WZF(44_Nyvc>azye)@MVd!+Rr})_n8Ln-GL}rPD*{m~XztKCj<4?I^_) z73V5upS;z7RPmE!DJR~snR4=&Y*soPduVmuP&)4@9gaJ)Ivg6c1HATyd7-9L4MhwRY}O%xj>PFHpQ#@iN6vDqf>_gW?wy?^OJb;sc6#UA1L6 zs`!}V?-l>3_&3FWDn=)oYm;xUtbM*_vRq#=-#A%$8^s+IU!%CI;snKfS!L~*cU{sp zQk6VS@p#4N{1W{;lzfI_bFPWbLM7)|L7VSmius1j%AZrbO)%A)GRt_E?=r{TS$PM=@rt`D=GZx_KS=R7#hHrD{|o+3Rgh%B612f1EJHuD-q|@c-57oBu4)Z_9d+YskZ@PS}1pPK1H?^_KZ|m`r=T z4wHGk=_kxfH@|_VoPTpE!o1ZPEzJK$zB{H4_k(ST%zKR~!o2rjTcW%Xc(!m8@V&yk zZrv~32E39i`&A@d5puRG%A>&>g=v%5bIKcoc?~Di=KI3D{M1#Ei83-Z^h?qGXFc+uE?3-8-#i7>?vFT z=D1DjJOEA-eh@rVnAgZu;gw*Hx1>I=kr~44z>|cZ19SW&bvA-$3cm>Evpwa!FS}3p z4KT+&Qoa|wRCph_PV~Z4dKtgyM#Xn?-4!@X5foj z2Gh=YqDZiE)8<8P&K^`%$U9Pw@-QSITJEbjS#i4J9L2K~^Eg>M`hTiO z$ywJ{XRG2piVrD1rudZN^NRI)^i!|j{703L1>Gx2ca^;DFmaUeyBrTC34fk zXDghwCR90;xv5KWU;n^p_-#GjFh6?zbbnHtjC_CG@Wdp4TJNJz_!kEipY$h>@Xwj> zZD+W6_4o4^zvIsjTJ25#&JRzoQ+gHr>d)!C^+A99E&jJtzHPnBn>*KkbhZEZgzkB# z+C^k^_2&ewf8F1G+tHp8yMk7q&bT9@c%6UqiaGnIM6TYj^=*HC^xK~wPf0`}7VPSk zwC(8Xh@8{M_a~3>=e`(`+t$DJo`_wMiPIyJIv0Q7Pdwq@)jGMYKXFgQ+mX8#tZz#v zqB*U1eV%dBpR-~8tNx55&@RmPBVplMfBenob+01t`fvRHt0Ou@#>Yhz-W*YMx*$KI@RNw5ZF9C2J{7S# zx~NxvYyVaL4&I{3HqjBM&O{Wp^>;{#TTnD1_koDGlzeae4gSKD5%G`vPsRE3w-r3< z&&Bw%)=N?rN9S)SIO$*9+JDmjZR_0hh~xW<=lBn${2%h(J-({q>i<7G2_ZlT`-D5; za&`a#McqjNgQA`j5tE9V1kj+UIT0}^ViJNRh;l%xq23bk0+p6P(FW8upsjdoL%cM! z)B@ESs@M>HY-p7RycGMWd_SMrGv_QW`n13A^ZNbq`|Z3Y`@Lq?tXVUA_Uy~qdr#XU z+x?N-v8*+tZH8TTr`r)~t;;^pw%_j9;O?^9Ua~u^C7%W_f#Yu57I$BGvjy9mLmdST z;iefV$~{=n;csx-cDe2F=crpd$8CJk#g^`{I{)PE{-ayF+HK2nJ2J|axRD28zW5fm z^BcFL;LDQT@4Nd7F=uOjmbQDgF2xC6tgI4ehgLc>>uNIcwia2r1!%&iL;i{72mMX^{q+;bl zJZ4~`7-5_E^3(C_q^+YZ?@>wLs*QH7zbQRj6&Jp{IlO#tcv*Wm zawNQT@bXc3T=W7wF4{dg4iAjpbD=LW+n3xv>G$d3>M7^=+`{_hU96lgaTQ&Bct8|S zo)&hA59S8SCI=!jEW4sHe{vwNYhM4f^xvfKeP?XkJ)?ZdUB6ELr0aX%_;Q265z8vV zi#?}8IN@*>FP@A?S%W$5Jvc7TxjgmEgeRBujH)30vbd(Ro9y()qB#3(*mm>c@>0_d zr5*e0x`ebv?e)HQ)<5xvx|~PyrN=zW@0@*j8Q#pmNsCi;zLlI%+Iw_-WR6{yZU;^a zjOmg#`M#`6XS_4wujx+p8(n?Ly{2>?OWrt^6%00q661Wy&66%mo(C~GZpy32;+(tD zSk2Dzz0R_BCvwDD`a^%u&a|wyY5u3b-*mTs10LeXbKWbm6E2-xKg~ur=v?S`!=e1E z0`7#s%(#iE_od(aa2uXawc-+z>_9M*h8r+EUy#pW^4!2IJg4%WxhziL>B0kXyuAw+v%OJ zm~`GBN#MmoN^L?ys#1tP{7Hw*k_C7ZC+P_)BEedSwZ)5a77)}YJWRv0pgaY@Q=Ic* z8qb3Aj2h2^^1?FqENC1fle+NC1J8o;q#e(K^5BbyKzSL7RXSHz5^u1mLiMwt4^x)U zf_7bjY&-=`nvH*5@j&R)Sa%zXf8Mj9-H!m{PCM~g(9_}`LcI4Z=oxV|;On^r#;qYl zZXavibEry6Iij{A$|~$tg^4l8usklksxUF8l7=Y>lVd80r|rF}FhQo03Y9cYOX#pj z8?U8WB~8#0Pn~;Jouj2UDOIC{(^+1-l2C$@K35V-P!dnUdR3zYCGldrS2apd(rP84 z1SLJIB$S|}_mz~bB|PYYd=s_A*S}CYs(S{Dztt1rjS_hxk5ss$#OFK_{wVQ)C&D2m zCgF?>%J4{u=XxSsQsRxC2%nV5S0bPcrf_I8~EoOV2 zwE~6n4MK=0U5Qzqh~kyVcLD9i87NdU0x6MZ1(1%1}}YcJW@7C`L*5DhVYi>2h@PUX>_JNeh*PvXsPEf_mZG#h%n1 zS4O=mQD2pImXcU!myX=viSR^;PkSQVQQ`-l2!E6~8J7mVDp_wOuJ%NDq{J*-EFcvw zDe)#xgilIL#V~|aIHkl4jFb@Jl@d4MNP$*>R~hu`h$q4;CEn0WrNS#EzJY-g%J52w zXW{}7BD_*!&=cX65;uDyyi(%ieo7f$De-5X2(Ogb6Js$MeEiA(; zCEldOaqudOUhVKic%{U*JP}?g@fbvZt(2M4>eu@$f_m zKzN}Lw%~!nt{Bsi10Hxeu7(=QH)<$d;Tce~D<{B%@$>+Q(iLL=K*ox9JnXaHqZ{YK zK(7)l%!J@et--&++<~F9pE^}qM+qC14sQ?ywa)w0`K8uT!rMxx7CN)F&R?i=Q0pk+ zYo*fxof@rkfI5C0UFnY!uIHgPH6Jxm;|u)xfI6$RjuQT;baaYw2zSJ_L zeY^2vA6+aw4T=S4eVv1B+JT0JQtoA zTI;^V&^zd9FNGau9!#a-X*p{0^yxmxgD@^quEy$h$b-K}IbK;h26+hlORz$S?41q? zueo^ALzM7lizj_Si7&c%;u*u0ILF8rP*!iObg|er1(1h+&4LmwIvHQrdB?ElA)kjZ z8pl3sko9}S2U;Ni8p^#H>Aa;SJfyN5$ekhm2@M0@1F-4PBt4cc$r@4TOYd&SVcb!t zn0Q*)moytHi+sa>X`uj~(Rwp$TI=eOI7qoO(PBG&ff5I)b~snHL;n$`9nZC>doko8 z3w_okl{$yg?Z-*;jkFkPBe<8s58n{h=C+pa=oTck`s&`^yw-ib^*x}z$G->E53l6l^`(s7yz|@t2g~t*`hdC|SR7yy z@DNY*U7;?c2A=S)&>%e>H{L$tYeo2mgn2WGA|}XI71gOjw9{G~DpFD6Ffq$^7rGNL zlXW|0mhSY}3q-@EQ^&o&G@=J8#P^OyYWsQ)ZuKxB_Zz&|!qr7_7*l)|>}+bmUg?{Q zfR}u@;_HA&hGX8s!YL8v%na2kmVY#F7~qUx>YUAG7-ga!AIDMfqIw`U=^&I)c#6R~JmIYh0Q*YCT0ZU$U{m$9%uh@*q*5hz6*6u9JHRog9z9gxvE33k86Ru ze1q0AmOqpB#*y<5-zd%iueK~2Xi&6Jnx;}$DAi4eX$tD07&Sk&s>L)!U5S9Ph%3F> zH!U^Iht0lesi`lO*DGa?6Kdfg&;#`r@8j)56kmU`R7X}?jMAnXr0IsJX==QO&=u9G z%Z0BL_(LuBZC#Z5ei*G_*eEvsVe=Nt^ly+&^)VSaP}#YbEA7R0>BaV_7u;XDsYIWm zcu+-6=Zc-O8#ff2e9(H+M^lg6LS7oQ)j|u~5U}m1C)VX77bRXkSiY;c;t&{1Gy`H+ zsxQX2Hp3#imL3+>#x!GyZN?A|jVc8u)nZ)lVG6E9zh)&^gx^G(x{O+HN=A26CC5_e z0;}5ZI2U5+Ort-;j!T!lQZ-3zJWoH-=~L+HTBr^38U$?CO-l(p7@@s#6DzpCNHrb> zx}yg%ft97q3Zn%)ZPNmD7%kvM9$ya*IfG2nceq8{tqAC#TygN=JEq*fV@^?Ni&C1# z755fw*I?pOY*)x?F@`Y0s08fK>y5=;I!@b-4JgdSF$?WblvpfAJvZc>ls+a$-t~c95Y~+VjBXE(OmH;B2vvk#XD8NK?V6@=9q!Ec#)SY zDr5U=%i8Zz>lsbw`>5`zZA4Q|wff6c?Ko;UDq6)cQX$%fPEp&~_N0HkQ8ETiuBIWV z{!Tdl@Dr;O8~!K)wgFen*Tbj1U4l+z4D~dT*ne+!0gEsDmA`N{>d|9(_!FbYEnu*;45zrJ5}_D(X2m9S5+HC+YIcQE$qa zx*6+6P#vRewA@o_oAK}Th=Oe~|ga4aEUD z_dm!Vb?uZLmDYHIbLsy)a?2Whw^3|)wTSK!9j6!T?!m5&?s39U%~aFr2cMK`dWGBz zhJLG7Y`5Sx8-9{rbXSOVAG2}C8s%s`quccqxy)8Q``^iR;^yRj7y5THMqN4OcGNBI zW0Q0L!YH7QI%b47`yG#GffLeB-s_|_wK+~aV94#1c4Fd*n~7!O@NoPg$0&JQ$rSi8 zpeNLE>dh4&i$qTE{OTk(>n3B^qY4L!GkEqEU?UCE`aDvoBTRJrnyVyrK;Teu*2$S< zFE>6$^O@o0%;WN5oH^z09?fRPnJke_ob!EmX45Ap#SXCOjJl@(wiVMyFZ@reh`t)F z3x_Wb8U_D}q3`UwQPXBDntlq?+${P&0XFaP?fvgrH(iYVc?2qe!z)+3ni|OMqPmXR z;&$^B6wAzf>T-h{DAQz#*66rl z=ahNPh8_QJb25I1CDpra@_qH zHGGWvR`1O|V2*0v-5(d=!ixQiJJ2bPQQvxCV?J5ZK;*}z5m(%Ya=vvR`mUV=M%6vV zllL+1!HK>q-$E2i?uURY9j;iUNg{JUy!ijVc$Q>#>5~6@bKg~Mj0uC(pum4(2yW_z``yKf9 z_JbFHgUD2wt~Z%dAfBzFqQ6!!YLtqK_Dx3dhk-=gyIqPcL>{bEuH}jbOp-KApOe&G zFkUcI@+uas1?|$IuJ~pt>;|ISl?kj~58W!&GLa7@oR5HGF;{WW!_UB`U|cHT;cS(B zHCKGT6v+uDoyj+;F1UbXdc-H8)X#qE!oyU8%@a- z+w0s@w^uUX&l+^fcJY!jN5s70yPJH!62Ied#U_E-Q#FY;d#YAA*(~dnj=<50>k$a} zNwIM$JA_%(vrfK3uGov>d<&Lvor!SrmsqKA>!v6I$p?CkZpp;3K(q`@4<;_ zT=9V{+MKqY#9QCTbG z%5!NJS4}GRdaha!;(be(t|$Bn0b7Hs_q_Ne>j}K`g?O&IqY${q72V@EQwL)0l^ts$ zQy|k>;sRyiI-h6P=o6|UbHE?3x>9g5z*c9#A22y?W<^d zlZUTk<=Kc1zs6s2*oZ|%&neh?d>n#~lwj@EU^-VUr6(N8?$c-3@W6=v*u!cOwGIJI z!-9GAf8mvUyr54MnsJMdMt$Kk_tjk!ENhU$Zi0}K%J|o4u8~B3ivk(fpub)&B6mB7w+?1GQE}B)rf2$ zxx_=D|49fu>aYR>5YiAvA&fGtOISa4zyv~kaeLg*_O2VJc6;=0{$(6 zSxlX&!?OQ~z!A>;0Q7h8CkS67pu_pPAaq4AHw^}WdCX5o7=thoA&4*qfp^Nx!n&BU zcY#^Py9oSc{8I#;Y9u41AovkDWETI#z(c25 zSk@m9IMA?eEc1PY4-i;K*3I~E6wErtBe0IrC)VvO1lH*?gnWdn5Uxg`FJ>`inKBL{ zfo(|JY(v^+8?ugUL)MLLN86^3Y(v(OZD{IO!B5ZC;eocRn#ipWj8Gt$!hWjbMB> zwt22&7PgV`oqdEp%eJ9y`cB(y8`@@@7@tiUX|TzYX|tRMxDtU^Mm!+O+=PT}~Q>m#w10G+k;?1|l8Sj04+{<;9($7*l3)TN*q3`){sfsyG{qLgmyC_Z+ zWqGCaR59Ksxfdu-P@3J;|M@CrfcigI#q?4CONFLi@$D+!`+&G-?Pe9@eIMPcm#s8! zR{y)H|9+)&o8ms|zxO%xZmRWe7n*uSR#OTwaTLb-zQE;?*cY zrK*phYJugOVxjmJx@Fzx~q8a zi}If5UcDBp_$2k;E5++4Ug@5WSC+@#|K3X9`*^yS%PXs=iud%(6niClt?jjyS8J~| zy!Z;G>GcP1JC>=I@oMVj>Zw|+TxoXImf7b$e`GK9EGH}d3T4OJ3ldb!&FX(YWnsQz zuSD-7@&i@87juWoJ5R+7(DB?N-WD{Um1m6i^?h&aFI2gDsQ+G@d;Z*{%37f8q^nfV z=W7&?RPi^d|3g&F4eI|85ntIY0cCkT+}mp2zVG!4&vUP)o+sXR@!J1ZWv92Y>FM06 z{Hazpz4lz9V!S=w^V!>Ty}seKvo~&d+t=IHUR!yZUT^d?y}eKF1t)Jcv+cMYJ)ga8 z?X{to>Xq(|EnZpjzxP@HrQMQYLB*pEIEt7V58kw__@3Pmqq~WjDS#WzGw*d_uPWXk z)Jrv$oLqs^C~zhMFBhFP10>@;cf1(SLWiI&<>(p#_U zrm;Owq=$*ZH^!TtKGxXAD=!y2muKxxbzq5CCEh9OlAz{m@VdXJX?2Uu!XP!5DhuAm z_w>CE<<;HuM7D+(vsAUSNsYC+=cm^}8I^keN~YRc9yCC1n* z#n|L56<#T_|9Gtwr`p6=^X&6~g7VGOofb^H#rllbN?w=u`q&++7GAq~gNoTk%;ouM z4)`o3PEQs>&pjVJo1Xt_3J~mA-Ygr`_u9nlG%;_z-sP2OdSlF{*|Ln0ThNB6Z%6nUM%YbHxIhxcDK z4Z5euye!U&PwX}Tr6jAFK`Pa7n56o!IPfa7-Pwb25x~M8Q4Oz9HL@aAffM3lsWJLi zy#&wyzp2*MC9PH^>6A}YiY@|eugKeiU370}E17Y?0h>M$+jeo?{3<@SH+ed8Kk`m( zyb}$tk9k{Jo#LrdZMKmjwXII@N%gtJcwe^^PbpE%r=l#Kq>rAb;|#^@dSzE*_7y8W ztm^5F6ka{OQ?Kuu!Nof<&0@}O{p99<5t~0=9}JMF9Ej(1INB9-Hbt?m9djxc7u%kv zjx!rd9a+83tEZ4zF!!eUH_i^I31Q64C-ZKbe^WsHJ8pItIaQIIZD#($Td%LUZQ=ac z3w$aQXM#D!j4`~P_@@Rk^r=~Gj;oyhD)tSPvDtD?ZUOZn?FFT`Ra6GP zB{PyrZ}YKjE33;;&cc%G7jY(@sJd$CSYah|D;Lb0d&7;_Pb;|%4}ZYTtV~SoqqMw& z=s9NFDZ5_z9Lq`Z`Wvgt!t-b2`GAWqIyW%-hKk!3EZ}rhXI_3uAmgk|_bhizKutHL zJ_;1Tr7$k&d_|Qv&R-C|K5zb<+k7*oU3`5gXWA80XH38N`l)%-FD?vCop!$4J(QDo zenxli+L?FRxZr|VEk@>DNG_CVmkV_a%XsRVch^C8R#rT&P24e&)?a;KF$FLhKO9_G=Zt z1?!=jTd+>l{3h1%2-N4@uQUYO`53|I^M?v9)FI_W83>FcXCZK5S!Pjrzhf4i6Q;_+?&a+v$4{ga z-A#^&bNcokKfipFp@+y47W&%+IU+q!s7^AAh)z_R7!^&G3cfs15$8Ani3?7wZRpVQ;jy$G*m86YTL&VHRWKT&-u~8=<$` z2v{4v@h6nqhH^I{j`irH^;nOoC)kU0#SaAB5PCtfS}r-k-il)UzT3^S$DyC)(q7RC z_V`3Wyr~q@jlEk=(3^o@+m4KYf?kZ?9Du14lL9xRz5%aX{%~r_FSH@$dUW~mToM5k#J1RN~?F~UN_BNhi@1OW( zuZ<0+7h~^7C))cV=CnuK&>jz&#@^4gJ&q|{-kFN;J{u#Di3~5Cp!bu@y+bXM)ME6S z0oe4><#p&~N2OTXzNPJ%q_3eDFap-J$K?+I+0I3cv3@@S>82k1!NufZz9Cm2?G*jx zy%X%!z#jG3E~g25+^5W#2J|@v-Va=4E~YH5MKQkD@N15Zh|>{owwn#^h9K>|b&dDk z5JaoR*fX+O%lMP$F_JA!`*Osm%u-_u=P8m)yc#KEF`SpkXmE^-QzM^D@1^GaVhr`H zsO0Iy<3TXF#GjPT5hJ$5tCKw`%OfED=bjl`PM)`jEgW0oRnL~P6B9tZSe8rtaa)e* zvZqnTpeUAjb#fVth*v-7OPM_~w#1`HnHup}$9a#;e#T>3D%wA&)q`*?6+8SiE%O+V z%J$SB1ivA6g(fFSI_X65#IwVg96kMuMagqMU9QFRdn{}T?@OQF@!iBT&C=rySLQqC z?Bj;Hm8E_kj5}O7?2&2v3C--We1L%Qw8tN*$+X8G$;q^rLLGE>_B$L3e0_MZz(Ve! zedf5!c-klT(A{IWj%Qh9qkjhDv5W9BWxQrSJg}VHAOEn_B2Z@w*1yxt%bmZFp~JG; zHPb$i)70ms43F*PJ&5PCN#v1OkJ8L>aS-z&K7cjdCG+x#GWjg5M{1_OqczihiDufl zQS&WWmujY;<(ePHdI=dmvz^I3^zgwnmc=@*6}+AdeQpb~(Qjfr^jolIAhVo5k)hA+ zMKmUoL^j+$KnYt7WOlXjfusNV3_qc%n{zw z8<*S2;tq{vG=kCLHZsg@WSHB?@TGza1>M+7Ybf1`1^vl3+BFWeCQzS zzQ_J;`d$z8d5awY3&#P&90v^ZJlpU^f(r!mVIiY)t6+7`s_m~7@sA09Lh!SKcL?UW zma)HI@ZSaVVHTr<`~OiMAXq(>ul?a?28=#G6J>b1;2Q*22wo<*R`7bk&j@}=@J_++ z2>vg@p9(%5JB{&eqTpP?{P?obxmWNbf}aumlHi?!-x2&@f+y@C%2?i74XFuqn8Eo+G2v4YPN{5`=l1(you z_n(db{D!{aM+9#Y{H)++!FvR^3I2!RZv+p*U}wr2BRE^|C4%P*zEkjvf)5DhhvJR> zzJf;x&Jvs>xIpmrf^QZ4gy3J0^;rE98Gdm2HP{^2-e$ZWt3M*^ef(3wUkV+54%_JT z7d(Wl?eHVnM&~@iA)!+!;;$EcqtLls#NRD=rO^4Ii2teJXN1m9!G9Jye--?R(D_Eh z_rS5#)WuKMbv#pWp5QBm{v5Jy|1vV#kxM1m9P95D`t^dJ5c)3&{=MM$$=d!wG6I)R zur}uaM}kSdJ7&v)^>)A_|YPspC>nYLxQgme68Slf|m%sUvM2+m-_@+`@fm2 z+xZ2d|0@yy8xj8|S?7I6aGT)nIF~VH`N{g+rZ3j!JSQM@&LHc3!4>i6iTI$1zf{D} z6nvB5g@PB85xCriHGN=}?`OO&_lJUCChN9pA@f8`FXsFNLvr+71u9YIshiQ^eImod z1)naM=jTS}0>L?g3k6>(_*%hX!8{)}Hr4qU##}Dyd{}b?veBs({IKB11@rpF=>J^s zvw~j~{42q43f?QYUGPVOKNtL^VBUT(KHwpRD64zGx?Z-34+tJ1c&uPo@Hv9d6Z}2F zmkTZxJWucf!HWbh70d^sOLvs>^1!Rq{3`*}#j z9}&zMO^lsn!Mz3d7aR~gLNKR7F?KExJVo&L1aqzwqd!-$I&arLFA?!81lI`Wr|pfM zb%GlNKP~uK!OsikbS%csZowUbKNhUc|Fxh06!ED%f7bE+1ak@(6YmN>UvNlpuHdPH zO9ammtgZ`mx%Y|qHG>cwM8pui$}#)wP?} z$rSN9f~N?+LGVq27YeQx91*-i@G8NN3g(n2#^*-CI|RQj_yfV}`cBv7kcdAbm_Mf( z`w4>k3LYq!lQ3FiQu0K-Xr*J!Ci3OX8ge`8d1&> zJVo$w!S@J$OK_`T&J1Skj~ARL_%gva3BE<}1A^-W|3dH!g4+duBzQnd%%8!63k1&) z%&E+b{|$nh1ivPjbDbIeF9i3(MX!nPEqI*ZY{8r)&FJ4Gc)s8Y!H)=DEBLp9-xM5& zYkFfpQSd~;=L^1F@M6I)3vLqJ1wY0Z`*^-R%Ef|b3w}fJZw2oW{I=lF1RoWA8g5#c za!(gLQ}DHd9}&D(@LPgg1#@~jV?RT1Q1E2ImkPc@@It}Wf;qvRvHy(V=LByT{J!9J z!6~>mW9*~~o+>zB@B@PD1n(DoK=4`kfz8;@6nvN9<$~W5+$xwe_!&F7g69ja5X>q5 zjQ%#kF9?1`Fy{a?`hLMf1UrI93mz*tTks^o_X@sG@TY?RDVUQG8h^?KM+C1B%xMXY z{!4;C6x<#TEOfctEH2Q}Gb8Bu#vd zU`{D%;%5lHPH>4}&N*rH7YXL%lP3NLf;kJNiT{ycPDg3t8wI~CxJmGD1piJjC$cnl zJ`j9Z@aKXP@O+cePZG?jEKR&4m@`zG-|sFEe6ip>!JNd>=wB;%w%}61oZZssFA;pV z;Clr>D0r1%PK;^nJSmtnW19FE1@932x?oP8Y4rCA=Iog!{u9BRNYlhy_>sdfXVNs> zSMXrL0m0`8K2I1WyrM zBzTtKd1PGQaw!wMNbntk?-Trx;70}jQ1B+f4T66z_*ucP3*ISsx8Sz~zc095@Ik?! z2tFn_K0Q|V-h%rJ9x6Cp@EE~o3LYmoTX0D5#e$~_&KEpW@U?2*g3lJ5 zC76@u8asJ{^94^AJV)@&f;pwGv2&N;?+acjm~-tK{htWlBKT*5eMxSL0FkT;1U^4oQ&1lB!W5HO)Yjzp0 zx9K>>YX(N`CkV!E<7hl?xkXv|Nyo9!PjkFJ(N7Z}5IXeJ#4A6w9r|hFm7hAEewz4f z!IK0B1y2^7D|o8le8JNN7YUvvxLELP!KH%d2`&>{DY#1T62Ucs?-yJv_+i0o1g{fZ zFL;yS2Ek7YZWR2S;O&B67ThHGHNh={cM0At_$|S$g5ML|Cip|a9fCg=+$s1o!AAvu zB{<27^(FPZitc0Tc@@*2h0XxMe4oMeL-kCH)>qH8XdW$e)blMmUOnHUd7RM67CcFC zQ1E2Ixq_z(&KEpguzLScmpe1PA~+&=h2UDj4+~x+c%9&S z!J7m(2!2{{qu}QRZx{Ts;3mPZ32qU*OYm;NZwYP{{GQ+r!5<6m6#SXsqk_K@%vZcj z-{X6JhLZ#*3+B6fMn^sWqx*n*{zo&vC2w>Bg85FDi61R^tYBC0IKkP1CkYM;o-8nt`fXNa76G5!8L;K7hEg&VZmzzuM=D^c$44;!A}cr z6#Sgv?Sfwx+#-0F;N61X65J~IJ;7~)KNQ>{_+!DHfOhp2gC3)U#NcM+=>?g0lrr5*!pfS#Yl4se=f@cXX7Cc*UnczynRf3lYjtE{M zxJK~(f@=joEO?FJb%N^!ZxY-f_-Vn7f}az-UGU3-n*_fmc(>rU1h)!)PjH*y4+VD! z{#bCQ;Lijf75tT8zN8xMw}O)dCkwU(_Ypim@L<8C$>us#uq$|+;2;@+%Sq2Gn*K>0 z(?7}j`ggkEBC;-bmf&KtzUG}R_-vkQLFO_8wvGMM_*{*)e*; zGu^vba}xMc%`oBPyO7j}3H5F`8IKqEuGR5Cl)n} zJM9F(%XEA?_+HH;!4GI21?IEv)IS}(R`XaepLJ*a*PXfQH`9knc%^@(~&7}TC;I}nT0l%v`56o|1Q0G$cUo~G2<}>h&&j)|1c^a6{ zz%%|z@G;Fr;4V1dVEol!erTOM3(T3O$k&7WYc2tE@*&301`pRf2RugeT=3bN=Yhv- zo)6|T^UPZg4ryKhzC`ow;L9{uf%(il^%sL@YQ7VEz2*q`M$OB?w`g7g=Ckz7dk=V# z<{I#wn(qVOt@#1)O3e>}AJSY0enj)5;Kwzu0dLU!L-0>E{|Nky=JnubHE#gFpm`IR z&*am$pMqc4yaoI_&Ch`MX#P3)9nIUo`!zoY{y_8d;Def91ph~0{F0Ij=OxnfaRVC{#x_-;P?bDJ_yFwWtGlF z;9i$F?*Ee%fWn4nPp7_XKB6?JW=yZ@P(SM0bi{7I`E~M!{7qV z9OJLjd?WZ;%{PN@(9C-#E#<|^1}t7hK6d0z8l;8!%S1;46!9eAha4d6d${t5VP%{=S$7M1oItj=6wO&1#9w4;2xU!ZWiCCVEhhn zf6Y8z@jY(FzYZR*nfHOlX#O4eY|T85jn}*fe4b|B6AEem6ZjI%`@olJ=KY~*n)&V* z-v?*8ZQ$!Qe*nHwGba$aMe{*$x#quv`7Q?Y^4NH%W=_~~x8^UvD>Z)!en|5-V7^z* zygrPbd@q9>2i~BW$IqW?P69upna5JTdrp1M9LV=I$ULt8T5})p>zez4f2VmMnD3`k ze=wNuZjgt8_iIiEf1r5;_@HKfkAd&7Q=hXNey({e_`fyt_{?)R>SThuY90sfshQt$ z;Je_|nFt=JnaA*9nlAv4)Xd{K-vOciMc@q07lY5y%;P-Y2cb?L_#(}hg7Y+A1-?u( zkNL%91TJ#~&(n4+lS|c_f(c_%kohA)7SwyzvdqXMuNVcENi!^Bl5O^LX(4nzO+l zYCaeIH_hjRJ2mqh@(ax&@K>5I0>|Opoc>G!Cu!z6WQyjgV193jI#+=C&I`E^9MC)i ze46H~z+*LE1J2ZZEjU|qG57+_CE&@LZv=l&^UdIV&9{QD)O;Iwmga@v63vUirJ8w8 zIA8Of;7ZL)!HYF714lHk0NGx8(azt& z<1~K)K36l((}J2m1@rwN>hs)es^+i3{N@AWeHd?xG{=Ll)7%9-TXR?N&6>M`%QPp0 z`CSOwNdYg>><2H`%=5Gw&Hca+Y90W7SaTYf-;SW2A>ew=>EI_dj{)=jBkG(5-lm!7 zW7{?JeC$`6CxTzo90dPX^F`p@nx}yOq&W}#p61KI?V9t!9h$EK^W7!-a5eZd&DVqf zrJ3hZe2Si}T&0iZUf@BR)4)SD^W0-R8Dk2U3pHcqyI6AynD2j4hxcjmJmxOe%wuarGmowJXy!4L-wa`19z!41%wyQyt&G}${R+BzV1NPL+dn|)A&jgRq%=;>Q zr;Pg7fyZes2A`{$$47oYggU%WGDY(OFyA|4JdaIyoXSu`B&fvH8+7D*39D+zez&hc%0g#xdr?)%{&He*ZdZ^ zSu>A8J2k%teoOP;!0&73wSR}^L*OHtJHcOR=J6#l+4JEGu&wz^a6ire4IZqyJNA)u z&Aq^*HS>6JmS!F=#%bp9;#|$VmJezk3g&xxta|{QubIb-D>aVW8y@oP2%@7S5Bt3rjC7omh+wvp(kY{wSwo@ne~cr3Q=9IdM%L>KeUO z^}B2RO{GVg!&xnvRqZv)8*Gf71*%cTcm^uXXSCZB3Ki-7mR$J6aFqIQ?7Vj)dLde)nie?vB0TK~1l_t*JXR zg2&vJiX3Oq?swgNq2PON{U6+&hs#>r=J0@)4EHivwA(&*i}L^j+rv(7W=E){Ie5s; zaRxLUbKAq|!7JR3y?N!i8EyOBj>FB)z~U@7vck;_2ggoozO zatp)58V+xd>qu?f;zsVbn;kpH@ox;DmR-KlNiAB|whIoA3TC-2JL+e++YjeBBQnFM z7lzNsbOyCMc2Qi@OZE$vd&tgz&d%PGd!X4FdC=)db=SJV8n^9fdu@1mxNlKLO=wMd zOI-G{vKel1joY*q#SUH`93(cAkHg(=W#vxN^gC z=k%8Hc4t5^%dX9}*Ensn>>8`tIiua_zk8oMaqB8)SlcAK^QhbGoVMHPGgvd&9$Pwzk$qvfQ#ek!Z`y%UJCslFUa>w6V5P8XcpTmpk+c*d9KYE)p zc=uX&_ae9P&-O-V%r<9;TjQ?uH~tG=^xf#BZQmMP>$T0ookm(cFXp=`>e>bZe*8>&VVjg z|0Eo@>z}fl{%A*Daf?;QXtg#w?!Vl&O?Lj(Zt-n)gA=^Ot^JYP>Muk26I`_MTL11J zxNVc&#w;7#BX4W%hi+3A9Bc8f+>jaW+a68}e&u#-K)d9xfQxIkW`>6c-*-E#+_=WY zZvI?Ux9=(^t=SnKJY*j%Xgt^LNR4cE%htIqPHtV>E_-J<_=cUkr`_otoMX3rV3&k@ zmmWA+*Y5Ny&ayMZW83~_XFB~$oB{3Oe(laccOoMD7w6h-=h&r((Xrrm+b76{^ns;Y zJ2Kkl*mE;FLM2XLQmEZIqr^GAZLM9r#cp?omiifs(uS38ARR#WC~^9^7hpF)IRk=I z+`PjjC}xtITbBu=PVel3;>q0gN}RFo7QL7HuWT4|5To(DOTjAI>A$Ou1 zxdb@0rml>;kiXd(HgQK&m7Be%=74*QeJ|4)yxbX5iw(cuUBiLHecf(d7C8^5{pcub zchonytDMnob6od)cds*MW7t2puA#hkhQ0f7dwX5eZ?RXO)^^No+~s!oE5fPh{#6^A z!-HFP1b=4dX0$v0z3}uV8ymJJ1pnb*W_U=B<797*EOLu)b?blb9`sjlC}B0z(Xzo0 z?2Q-`P>qbTH(0^iUG6q#V5ZY2#~EJX1a^kdA)B4Fjn1%@%NzgZE_ViR_q$KqWwX)7 zLvlA%S&c31(wWYPT*ti^kt3IU?N-{^hjYuZ&$wu-!x*%3mo>gZ0Rv#}^0xEc;AL)} zljHQ8SYE%$%`V6dZ(g?1>5tZSpKyaS-8Fl%4@6eFE3L8xZuQm*r}rvnY%T^A><+ax zZq<(Lx|QKoX!66@gYyci>oByUvXKYi#-Lj4FMF_0mu0ytcdYSOE!%y}t#Mk*CmzY( zfXwcGx9K;~8@#f4-`?fU&{k{bMr^0XU%E|?xFybzqOC0j7&_bsFnVOy6)$vy^IZ2@ z427*3yQjJ>ds;(Zw(p+guC2f^<>0DjCu^^h+3sWZ%4vKJdq88ZT^iT;pxx1YBs{{MV>kZOb{E?2b#_PUT&MoF zE*O$a!fB<;+rxI}WPiu1ymEJn&0XM--MPzORvu~(57=2y9WK7DOG$X}?tgSC4R!AK z?+p)ajVqoXfc^c@hOvECtJ8SMw&z#}{UzZ+yANO=OlvLZ+~VK;r@+SWu+p4{LVKsR zub^>`-5PG(Vt3Z~YwJQQ>*hM>$D1=&g#!)cr6p@BI+u3Y{a&DDIec~3+VwvTU?9&g z2;nF&bHl#y+&ya#Y%XuyWiP{3CN3bhZgd8=uEO}x(!8dw!Wj&AP~^U4n|HMCZG4*U zG&}Got@g11HdNJywRMfJ*iChz*7lYoWw!^aH@LUj?h+gXhPGIp$NWwE1N$(zwT8;7 z17v@Tv)36G4238-Eg7u^gbZxbFkw&2fxV7WJkYwerF{2a0{afPE~^Ol+r2BWb6Lxd zs`UEz0u6P|&Y;E@1KYxVwr^Ow3SJs$3Wv6DY}w{w z`&8TR`n9d~N3!gR8?tw-4Fw*v zR)q)UXW7^@FtBDiy=#Ark<-tZaA0ovDkrrR1O33Z3;Je;{rPKcq_rLL&)u*p?36hE zHRv6KJFLcSp!fS7pp~N_XThvOBh}30G$zV};Yd^H+Ug z5@S&5vf9T3?ct$;MOMe*wc(1ef0Yw}PJKnFp}g(a{<+H{-`J%a+MTp*;UV>#1KS+C zsX4UDN#9)F98TxP=);b?q3tC}6*i&gu>K+~bXLG+N0(5i56GI~fy!I}-ktt}bt&Y+EspTdr2XK1@KB(hTF za4=kSaQI;ov;r;V*r*2&cPv{T?$fp_(C(zy9BBMipkvR@W!u83Ep^+R{@Aj`a|8K5 zgKK@;oq_rLZR{6~&7u75cH8n${z2{=IQ?mSInee|VDp|A4z!2+Za>`N&!1_p*%5ro zcHgwOFYB=Kivrk>3d8+MGYT;%hV3Bw*01aiC-}MT-fkB;^0|4J2baEIKyh2H@;&-VR%TP z)30f*zwx9&QL1m3O{8K6tNnFw{{HTxZok6+lIB=7lb^IowdUX4%04x5nDM?vvzuNEHHQbSMT@4P!^|w-To<_~(BhzNJGK_>Sc%iJ z0n43%!LRK4dE=XY=ilfI4*m*FF)UbPt#sVSYz$1ng?7_*{`wC?4Hg=@z9z6TuEAdu zdLf6H+Hkn00R4-+ykXgLXArs&g;mR)w1#jeC>@6j7svlCfz6o>fqpy{{%8V8#XN7S~CK>n41#ucH`1K6>HQ*8GZMEC3b zGT@$P*FPOVKMr0TaI*tAUQ`$EYyNU?vomV1b6UGI@`y8Hb4gys-1dn_^f4uMM`LpQ z)P&}6YM?oArWF_FO^zn~Zg1`6RhXjV*Ktno(HK5cQ+MR!sI+}V>W;QG3032EmNzzi z*4X&@!GhZQ&mw>K*VcZ%FI*P+EV9qvcqmZRXCICLkw5z*9e(WFUxv!cK979muYV>G zc`(pwp?em8*7S!!e*Wi?=l!)m3Pir}N8a|A-4O`xveEj*w*~UA4Mbk@M|Szq9fE7^ zV2vGIWY_Ns)V>smEb>Qc{J}Xky3EeF7gCE$1Nm2BUuq3^6dVoBji1>&bw>ccX5iN0 zBUa>jE7%Y!t_fiekK7l?UlS_Z9isE0e5J&lJLbh))QdJ|C5!Qf}b z#h=xqVIrUTX83)J{Jyn*UzQ)+srV)iHIcic{^rHaP2HTnGSl;U)rJU;`RU=y;=qz*T!OO3WAJu2TX|HupjyvtSxWos1Q||O7e>7=VNjU$WCH&p|Oe^^Y zZ_6eBZqn4Ef^Fgak;`(zg(cyF<>Be8!qdD= zh0av8SB_J7byi`#uf!?HFLakX(^omurr>s`@9CT~yF9rhaB@B$%W3vNF9`36271! zd|^pASP>4DgmWsw7v+Sf6oxO!3Fj7u^K!!9D-2)iRS~Xkb1s0lwLBDFR^eP&;+((D znX=KDROnoWg9qYk7a?gz@gf{BLM2Wxvc;}{0=`^=0@Iy~H-<0keA4dZ{x>5s*^Z>! zwOMxXnm`~6`g!S2E;4rJ*qvuU;j$7Z2jkT?=OU!0JKsazwkPd2=DjpHBhZ#(qc^mj zfuVOQl+i8b4uN`Lc%blgoJ(D?xo6&)W6r;HS7CVS-rw6dJstPPi^tNP{5Mj3$xn^l zg^e4m2%Tx2-}SOC72yJ}eicqZk5P7deNkL;`~%6E;i;EdZIAhH?fP|m^3eV9zwerO z=dn2Fdi1bn=eoVlwe8NVBhEF^aiJ+KYvXZvx4&5d2Cp-8XJO5rg|1`E-@KL+zGC%gGY%9-iKW*)vHNLhk zgu!lRLDMvUwm*<-1=2%JoBe?if!%*>s+}~x_J>VtHw4y=Ut69$aBXN!f%{LZDF?@{ zK=BQsHCA9m6GnnD8MQN-ipP#$?g(O>vEmYv>_9M*Ho<#d^%$0TpS6UO0=d|C%uG zNSpX?-G%=aZ{Qaq*woTXTvAv5wi9P1j#8_nDp-q)>#|v`x@Kb)pU{Q#6~`rX<(=8M zq%NOOGocHgEkNY8h)hTTI83#Yc)OHa#~1h375Lxfameun3g-~-6^C@D)zbConsOPiE5UQ64RG(k(BD(M_8@dxYVYLsv~%ga>~N>Eabl2C$@_%mp7 zHA+xYJEWe~C_zcx>z-S>I-zbm{`IUzK`Jt-E*EiAS0^M_qcj!O6BSRc&el?{k|t{D zb|qz?>SxfEO`ZtPl-T5na7~H){xsZ%Z%XWr?hO&nDe*KhKGvY zV4;iQppy7LO!8v*rzFnglDru1DQPOCl*RB)Nhyorm?pTR3En75Ud#qMi-pcs*)mYF z5_>MrK+y`j)qQmrs#J_BEoKv`NFa(gh_X#C6s)j&T@AP4{rCr6IH6*bD^cFrEHA?H zDp8!0k}FY~qBSZW#V9GI5~XNDA(~KzqU1{0Rm2xUQYukFt$_+^Vg+5*s+Fvq!sJR; zPGP&}2Ff!jD9}UfrEn0XniLePaD(@tSs|iyCGvd< zh$vl&^E?qAD3LSJAQc`c@y8HTDl_4Q5|IKA6#mjnffptPUMPH1rDVaAOs@^H;E6$a zp)k2J3mz!^$kT@hMhT@GC6uhN4@Mc}LFq~y3o)fK3#FSpC|&0nhmx~cGM|b|t{jKb zmAKs#;eis5dLq0~qK$D2%J4#oqdgIxC^6`X@J5M65YbKGjS`U$o+#uKSxA95N=&I7 z4{yeK?Jypm7=#xJlPkx=1BI`ttmENUNpDU}o8zj6g)u{ya45DLa~aH7obE%o0x3@3e*}XL=y~af=xv@`p{r^ zp8i^If_yxiu-5UJARc|*^o~9}tMJ{&O&0c9?=i<;Sj!SEd}_&(4Q;J>l~~#&@rKm_1_+{`G`; z6_=!rtk>|_b3Y%>vPN0=K$Q#6>#TJT!a{15iRZVGdt+OUv3`Qo_`1fWYL-QQ26zS( z`&!fEl7fA$X_nj9DvT@l`TC?o?-F=FS0#IKrz37B!kw|WewkWN=ks;vBT3dF#QJ#R zXs!Da%00@_Z4Y_iAuQI7Hl`bS(G(P|aQ|W~#@;RC`o?4}-)KVoP z)e|F1MCqQmMu~926B{A=2H(RfkGFX4$Au@f*1CTnX~?r)3Txg1ITbUmQga=&{Al|j zSpdj)U=@Zu^k&NEC`){VBWS5`4Xj@jnoyVylJ->X%VIQQE`(e&N0bAb5C&vn_8Rv-zTBmo^K5#5BR zbXXU5E_A+Wp1NME1HFn<`HzvN|)|J0hsPBsBrEY%mNh62Z#z*Y_YCZX|| z1*K{AE}vS{Ge?>%zJYwE&f@92cS&Ha+X(d`szOy3Tbdt)9->;ZTD9cul+~7~wy4XG zM5itES$C+^*D2k8oHXA^`;cZIg@3AlELHvE8|w4i+Y?7&Tufu{^u%H%qJMZIzwOMc zfCdyhfPF8CTl^JB>Pn!SZ&(&gLG2l!!w3FufyAarC#16%q|e4b-|$zE znDG6$boT6Y_MLQgDA@5^BU5_!h)+pNnbF^G*|;!^8{zBG;{rrsJ8Q&{gGmT zj)P)vZG|F?_F1{yLgh1*$9;dW-15Z@sLMe@Ka-$dPl%)WyySN!_`RF<}x@VJhA2)E4YFf-iLNABQ z(kAhtF7~VL*i{mJSFKLCa&-cE5JFeV6_ZvcP)NjaJjqv)?ZqI6T9~z;m*OI29FHO1 zqEdiyzKYQ%ZV;deA<>7+p_!`_$bUuX>Z=H-2nu{P2L&ObVnoawvyMW5IaJhJcr$cVFGh5LF!IR}hj|l!}3p zTKF&(U)W0Y%~+j)79#WE{y87yZ zs-Y?Hz5q-kqHc0bl}|~pMM(5v1HnV`FAAFQt6lWeS*E>!bdq8c&5x+C;#+o(KPjyLSPvsyP3D*S_RNLJ}YdgaA7sKtK{gh!7Mt zASfsTLQqgNdI@X02K4Al*Jt{^-WXcq6@wO=`(!z(#Z5 zT+(u{z(~-djD&lf3P6t9E_@*}hB@MrNw^(iT!&R$tOPC}h1*`b@mgE^+YR?fuke;2 zqIU8M=wAklQrHP~B!PQ-aWo+mO4jaDp)7@4Gi;;>#Y=7pk{b|KH1|!UF5G9}@**t4 zWgABSz`X%B+_qNjv_D4}Tj6HfFj|n7e{TI8Q?h@6($}!Yk2wvszE}!Rq3c2Vw=(_P zRr()-+rzL(6)%8rY;ccDu%X>{N#tVZFwaK}O$=xsWG=ss=8?8`zY3QN&sV@k@)(Au z3t=^68;#r^n_B*ykzZoU+{qt;?6c$OQ~pobXdYfBq1wl*#)s{No&0^sdZNT#SEc3O z8vXVuWvpE0*|9V!=c|5fdu3U2?^atU$CU3EaN}ZWHzv4PQz6SSa-<)nP9Ev@Q3Pau zOwF|`G8b3dcE!t7?j_h*kEy40xD7MfrczM;+fjG)k69vKQ3az}b-?5Yh=ewNWMY z%`dZQZ#%-dzZ^E&L%{8hdCmfjgLU;x=I4pS;{^94FUK5r^nE(48Cr1+k*C66oB$im z(b|kw+>;a@GlDVi=fax&U2;p1T#Rt-sRIPuq32^y9hkH`p$?Z012$c_0v0YE26?)0 z4JlkYoY&Ch9P5&Y;eSjx>vXxxhSuS1gD(71GeYYLKPm0~Y_onsa8V~b^z*iL$$-ny zu%D;UdA)$c6P0BKF!ra^rlFf3O%ZM!yUfU9U2xJ0t^TlR5}X4-o9A9GEVSEZ1)TOs z$hm@^9W1m}vz`fQnQ=j}uVw7q`x^FmDWZ0X(KZJl8Y1`jJU+C|A;~iX7b~|sbM$%B zxjEV39B#}VCcIx{`bO-u8QlJYZUHwBzy_gE(55gLlCiMn{16$q09>W^fySJN|4LYM zyrX-!Qv087+{ZEkIhz#Z({SF#SgJzS@^x|jjl|5 z=G8NBKxYeU!^$>c6=C1!6>`Jy=!@G{ScqT5hBK5vZWs+UxMe&L>*$znmNix2YD~xY z0!SJvWoy&%l=I-lWi%53+48=C8>&aL;pc>#no|#W(YYI`Po)ldwfURLO(Se)Z-JMW zl+>?(D80vk)QvYl#H6B9xv`}=y%qSem2zWCv(ALh>_HjQHq#e`#>kDi;d)FXLoWaY zzI4Gm0XE>(H*F+1?en=`&&4N80 zb}XzjE-%Rt^n*=6$HOx1Y~e+)OnWoz)v&AsruiT&=P*8kJp}tH?B}qZ zk)EEgC&FgIa-!~J*i&KiVaLHvf}IRI6?Qr-^X~G@Wy2iWd4K%h<^2HM-i76CpEIsb zT%I@+aeXkok8HiupAWmT9omyXThEgI~leB zmai?j7K{#;jzbKj(I7Ab!n~x zvyW+nWf~uY)oFVZ`^QUD3gYVvI|z0#Y!+-T>?qjLuw!7)gq;Md)A$1R`O2#|VBdu0 ztF8Fx#5b`2fc*~EAH<0-Y%FX%Y%**Jb|CCv*rBk)U~^!3qU;RomU(6$(=FoZIEeZo&8vv zf2=KbtXr2iU6;($kJTkFdiaU+d{{m;cka{HBoPD`@&+1-Wv#e8thnD&V}>3{W{p|VQ+!u>!H@e z{sNYln-9YN3YM>X+5!6%tTW65)8_JUA(&~r9QF#>rLfn-@)cx!mhLv#J7Agi`(Ph} zeGK*)Smxm+SiUMXggBU1zAkhG>`2(ru)L;c+An~e1A7VVJlJ~Jg|LfZm%uVFH^Ba< zyzogCzLx48*n_Zq=9P7Fyu9i<(s`Z_{aV-+u&g`Q$?@{y(s{f(U>joDvkkG#b=zT?x;Q$PE#qX_ z-U9n$WtEL`ngGjJUpey*;6vDtVIy%o#=vr1a)xKoe3c+?I+NoKu=Z)^IP9gT3S|~Re|Cl;~`Qodc?}= z>asc@8UpUMnkotO@dc7&B0XQA9QEW242r=Mz=3+h0rT%S|3&6MWL%djd9>l#G12ff z#JDaolAzLT5=jhn0wRwv9K`=pBeC*jF;S4rH2RrFZo^p;L(OGI5@~d0xOsG%1NP|9+$6GhA=j<%PcDOk9i1 z|5B5Z&PJz;`L8zr5$4~kWF*#Ab1;VG+|B&Y zH#)8inNG(n=b%Zgi=FwkY)h}f_>D0-0m&D20;c3$IJySu8Z;?iV)U&}xhahpQ-ijA zY?v*|nM;pl^lG4m*R~wlmeXW%VO#8_reu1? zbb^kp$2#M;r}1kgHYN2&Gt$VTObGT^C^M21Ogb+$egme3_crok^Pgh=ZQHXF>uU32 zW3lyaj{;lfHvKl8Hr{0>4OVW;#FYlymDRB!*njKSmWit=YTEL*y^1|Ht)@L5ZN6M9 zqJF@{Yjy0u)v>*hjn~$%mD?J$;U6n$G;PE6Y&LxU+hf*-Z*ynUxlHt_WAk!_DQ&08 z7G;l)D@{6WIoq^ZxvO`!6Q9vJ_K0)G0%KWZbZie`OVS>vO{RWryskY{-^wpHu0eAI z1!B6HRK?*xE+z^8Q88rK6SB`-8WW3uTeh~JtTGZ^ZvL2f=p-4xRi+i$*n655SYaf# zt=eO=NlJ#{yZ)Iew7FPjLbKu9qkDmA`Q0VuHZT0QB{t85-^2V@np)^?*d48m#kS{E zBe!KT*Kl8@Y3p&W2_fCYWqaT`MrWY;w>3V?aGKG)#BheGi&^I1j*Nc87l^A)Ge^Ku zBkyf=Y?#YTjDAxxCC0Un=}GK}u)t`h8F{7oxB0dCiZYr#OnR)u=F9dWCB|X@(r~#j`y9*hMt{Dki*CkszVYSS9((vDrp9fr9%Je;E+!H3 z1{0=jt4$^icGQS7Ay|nk2bPs%)}7zP8(}nUjoV|>_5+Je$adtlt;-(EwguXr*|Kd> z?ucV7wl}t}_NcV|iIY$#!h~(3Xtu*jx!y$A!t$ADau8TE^RC2G90#`dVsI zYY%-_dOXQ;<-_LeLbkD_8VS2t7d~}dBV}B+zFezd=V96DGaSn{M!yXEJaFxy6EKbO zN^=0&VeksW_JD99GhRC=+0b10OoP>T1Ft^%yD5)^n7w!%FtYz*&1D32_{VI%2wg>$ntDIXoo|v`LbnV!}P_RVD#zB#bVQJ z!?f+3AuNsQiGSC^se|)&BiC%>Vry}wYU`KbxE4iM%Qihe)1q8E3CHL{V3_t8u`SSr z!+32@?Z0zn2<=-7HJvY(p>rkM(<|E#EHnLymDqvE)}t#ohU5A`Tc<1mSCVWG?b94? zZ}w!zrqJowGUw6ij%b_raB6J_?`quELim`qVftc1CSI1R&-5fsre0jC=*#BLg{EuA zmZ8m;jn~$omD}{#T=3tuVXMQuyAzF$;kZ27Fs)y*EqR+ZS0*-v*42hdiQnYH)!MOb zMwhm|fU~KxrOJPIMCi0JM@=zl_;=;Qb?H(VanAmoGE^}osB;$?T=Es(=9qFyU z?JI2yu*tOlm&xcJj@Oogb+s+h_P_SR*7oN1w8ZxNuGQL_V+yTb+ke@q4}0?FE=g=* z@V~v>_G^^83sp$a7pkIKZAza-rJIm$X8(?Dw%Q-gHX%&7J)CXL+3Q7nm2VGu7iP!i zw8(T>Zq|pPxyIZvWY^4WTtD`&i}P4t_FPzZ1&Z4j)o)N#k*2q{ZOGQ5ohoWDZ6(?q zTlU1)W;fdO91BdgIvE|?ZmfQsX)6&%$6ms@5g3c-P=stl`e^fGwFKq%e21>K4aG>v zECyG!bX{OHyP7lBYGKH6FUubp@M8Kp^f6bI+JmnHUBS`Q$V{dFAChUS#;+MwBow4r zWayy`nPb3^nVdLA&-n=JnPbQ3nPbUNSZ1o+$V{KwA-u2;Q*Or9977%S%tgDAh4pl4 zxYV0t)aZpn4$H!6(V@5;nenkhyvHkp2-fE@X>p-k$+jjbz!+$#s?A3NTb#H`O9)h% z%bg-KwV==2ZR>R10{inyGmfX2i^Vjyb)4m>zT_XOCuj4sbBp0j2Y9V%A~#LjkS++9 zAk#;Po=a{x6w@R8Ti0-zQIQ zuHlrL!OqCcsiC28;}6FcPN^;pmvhr47{B4zv|m?hVOdx&T+YWMePFxT!l@6o9roe$ zgV{`RuIxQ&;mp)$%nvj%1SmwGGopa}EPEL;r1v3@LgyMYEv1uAtGk6=SGaX+d z4*`3YP+xgPSz&`$TvzDsvlQZC=Y`DQf@*Q+J3aI*DBheZ#@(p;`YNw_!TiFyng!LR_0}hK&zdqbbVkVBR0?Iz zXILdgRaN!i>YB`kvc`tY`m&OS%9`rTs!AlPh)(lDnNxE@ndRjRs;!f#z^S~nsG-Pt z;XXpSbiw@E%!Z=ksxpb!q?nPnyK^?oWgoYh+GXe13{EepsrKqCYU&z7?KE{6!m*+T zrFKPG!{XX95BK442Mgs~zo58qQB7TGI1W>!+AE5;zNDfID)2NS2cC?IjgaZa{kz&i zQ!DURS5!T(tgy7KWJFF?S-WbaMqycFZBccpH@|Ftec8XQ<;v=I9*Zj*>Z>YC$_i%` z*Wkg&v(7l<%R(#?;9(3nmm!o>VYl`q;@cPR;H#cHE>>hj-$AIy~@XH|AaDM05L2ZHIPnr#|m| z((vg;$MknRrhg~b`Vf0TKJ5j=8?(G&=x)$P8>#(sI=pF19e4BgcshJ2i#puW98c!~ z$f?6E&GB@84LNnVr8%BXCgjxNmWDcH7Hb;pC|Ks3@;q2RxJUizvZcHLb{s7AZ-u2h zXpSO2@Jd5D8N;K|cMnWb?u;vE-aw}} zZXbe8gWV15((pc*Zj|$(IkpFK3b?B?D|lJ;4Rv-~;Yhlg zEPYVg<2kFYtg0x>xwjq5Z4&JRN2=>ZaeVzJ6?U}kL)T%obqU7}Mjz-|>@>YB_Jdwl zaecjK1nsiY{_wVu(pNhronPY^&a5eeV?1=o?tfGYXZV<)!nr+uDDCoFSHrw!nLgR( zrL?Sg!Mwuqx}y1IQlwT=$v!E|a#3+{UD?8R&Q&!f?e_8hQuM4SK$8gT?Kq;U%4$So zozZ~2EcDLv%g{?_*{2$^Y_uj2lrh?lgovHmx|&+F)Bo1=h9a6ao`SZ94}!A&JLCG! zQy|cKld;df&l#sT5(39`tGLuYl+0tC#~|I}V9$ls;mr{@Y>aVXFfUqfF7}-p6&>?I zV69h*efHDNIK6ccIHucrq>p_T)5kKP8`H;!x^;MKuz$S#?(3kp3H#bG44S{flJQiD zF`H!THcsy#1ngJ-lO7)!(&^iTeK*zs+wvF>C9Rhd6&`Q29{XNhE{9Mq6QRIzVZZ0f zg%9xR@M_`c#wH!!zz*T%UWSKep}_DGU|o2pcL;AQ!gJ#o)Y{U-2e)L?qsgH99;#B(KAJ5aG2z#`N(4 zeV4xbJA}6qiFf0P4)5*`;Z2*5Z&*Qr;qhUA7aku>$Il#F*myfJU~#;5#-)i5>r>B} zJ<#KW@6I^A*C2CDw*!cGB@SH1%kk31d#FQrDM^SIb?1x=`tKdWtH1%xZ@)3T6j&GD zkq+SvOvM9nE)eKBj73@;Gp;WE@t|S?$r|Uz2kCS^S{pqtgoHz*z_SwZRs1=A-r2o z#lw}X2r(|aQ#*v0azFasEF0bc=(_y!A!7Q;7XP1Ifb>J=4BcpFchHN!(4PBr)GLM_ zx|BAP4ZXa!y>MMMNO;bv0(veDl(~G=Ku?#;3Usip9~uHZmyhKg!ds8<_>jIcF1#fj z!rP7TsKm;QVE-Y zS#G5FyPLj^5~jrG^$I(J0;Z=5ivq{ECx;!4K6`|)37E5Tz0V^zYyzgl^*)cBunBl< z`C$_IU9;TREs^_}*jFadHY!*l*8M40>SuJ=AKYP|EjnxhXpyc&IF@%s z?eKhzhS!K)QGaLJUGvX&cCPF{fNfWdglLY&@H($6>gy`m=a|(MwRM~9b3^}IWS?VD zSJs!BvS>R!Hz&gS+M)gFzIL(a`2VA+0d$KAa=aUU7!rV5`4UP9)@1I#V3)M>@`Q!?aC+vmbe&sV}s!?(iB zZwO)0FR$h22p2$Z@(6hzm`6QzGO;yz1T&4SD(Ck!GU8>qkz=JE3q@x=w)JG_pePK- zN}bZprGJCs2SlG~Av^s)iq4zZ?iYRs+qZ?8{@$!##1#^bWx`?37ddyyt}c2=-uqyi zEX;FqE<|HEY+q!TuMqZ=m@pVqUtpFw%ZPH8dA2ai+|)JXWR`nUXS*o!8R6a7{!RFO zZ2u+9`H&v4)aQH%7a%ylycQt$g)U9E1e*qiPi9@v`oJ_ScP{pzVbZ$^rz&O-NjZ-p zrk{-JHgiv8&iAl>$u*0E!De?B%+m{eFF9bqzHoz5`DoZoPA=HKyn#nTnfRy|62)9V?ev=z-=O#p zivOheZN;A|{$6n$`al=HxptFua(r@fE|_%8SCKn5*9@Znkdp6E{DR_riWAVdTsTdN zZ&S<#u1+U180L`TlNB#eyh1TwV&KBrtoUKYFDiadad*_Y^Lw)5Ns6l#FIBu+F<(sN z!nt2D7d$%oF2!6d=;VEH5IW{UH^;Xq-mLg7#YyNpo&H3!wErn&=+R6EyFR>vayfn% zlcj$7#%af^mCl_?e!t?aO6Mshe@XFPrSqPWf1&t@(!o=hZD}|`aSB<|JW|QWC^_dy zoKBt6X;ku6N`9;24N8aKsdwS*Rm`!)l`X#!@5Zl0up7V9DVOpbrF70$e5qo7huwv9 z6ItqxZ+muQ+3jFAe(j`O!hc2a0mTs*i(EKyWEq?IX$Ut?@xGr6CtvYY#g{0auXu^# ztH_e(8^|(dtp&UBYlG6cmn`Y$`;Q&(P&&^k`EDhDL&@J$%x{jna2UViM8zS+*@{mh zOZq2}rH#!Y!_r)%_-BfDD1JuqONtMZCH!y6G8TUacH=U?&Fysff@GI|ew*9LQ_=t>HVt%2;$@zj3$Gp$#I7jhB#gi3ZsQ41a)r#vBuT;ER@p{D@ z6r1^aN&iDi&X>ZtbiSbY9mRYpjMMp2@wbZk5)!A=MKP}fot*Qtj%zHJ@k5IFA{M9ftYW?p!^!t4-mjQ1{%|@+ z6bE@OC*{BwXgKDVWgMp|&Q{E~3OXIW7{l>2#r(L8lUFEiR&35iB@O%tjMLwsc$?zw zil0^dg5q}+zpwZU#os87L;Nn@M8*8#i<4(4=1VY~JYO-t>*D0I6jv$cOCy}lwTk(| z3@87&;?0VGtN3?{`Qi!Z_Z7wOEB;6^zg6M%`Em`%{KAXlo{IUY7boXSB^-}YoUeGY z;%SQKD4wghT5+9Xem%y;b)(`9iZ?0d=VhG!4#h7heo66u#RnAgyEHDGql)=~8Yef` z4k$YseyPUEhbqojJYF%sUE}oUD6UdmtJqv$NL<$|`K^lYP|WX$xbPoT%+K36`7Xug zT0_F$r{wP|{z$Q(=k}r>shA(Kaq=|9If~6Si1_7~Zk+x!#d8$TRlHE~6^d6XUagql zwQ=F|`zemMDK^(ElAdRj{CUOvbd9?nd{;5QV&mlBE9NzallM@}FWNZyaK-$jjgz0F zxJYrCVt(Gn={G4h*FI>kG`#k4I{eg)<6kT0S8tsBWySp3jgx<@nBQJ;^6wS%3pY;Q zOEEujFq4@{Dop(>$&iMP;9RCuus#S*GP;bo9jnO|20a!N-;m~r1&evM-=k|L@qtCig_LHX z=H%NHKd$&m#jh%UL-7H{2Ni#*_*=#QQtZcEg-b(s#k~}V6sIdbQSmUvBNd;lc%0%h z74s8KZvJPs;<<`T74s8LPX7wU%N1Xv_(sJyE9R%4TsT`4|4Q+%74zdzPXBqu{4kW0 zzoqz~;tv$_qft)ZkNZ@P;}v&R%&$s0of8$0QhbWyiHavHo~yW2ajoJ8#mg06qnO{Z za_PBK@qLPasrYw_pHTdQ;+GWj6vxNOFqn>WV!T&N(-YR6OQe9^9Day$oXgUr!@BwB z46qxQhf*%*0NIpdET_qZb@RY^V0T=MpA|IE8{@RGjnQSc zvB{U5%bB@8;g0!oVTP1n=F7=VzQix{<>V$`B4@sw+~iB-%$JkrD`vi&e4^sXil-?q zP&`ZV9K~}LmnyDMT&1{Haf9MU#Y+@7D_)^^rQ+3!*C<}6c)j8ciZ>~4QM^U*gNnB* z-lllF;vI@x74KBMNAX_8`xNh2d_eI*#UCg>r1-GnuM{6qd{i;-(Yv-`?$JwIGWY0( zL3HpSZ&?@-*Tc&FlBigzpCqj<04eTw%hKA`xZ;tv!bQhZqPSBj4)KC0N`e6qBG zpyFu7=J^59NmTMA#XS|LDCV%Z<_FH4U%uSjaY%8x;ta(@6=y5XRh*}IjAC<-M%tLUMww7R6f>Kd5-C z;%$nzE8d~FRq;;6yAqGG;q-uX4pUx|LYl4mF$s@U996Mb_}O*l{Kj8UAgc)a3?ip~8v3CG-z z6E09XvlP!!JXdk4Vsrma!l_d7TEz{D8x=26+^l$o;+2Y5D_)~`o#OS1&AmcN+a@J% zQM^U*gNnB*-lllF;vI@x74KBMOYv^Sdlc_gyif6d#Rn80RQ!SBLy8Y8{z~x?#YYu$ zS&3__LB-LE&HYd*&z?%2qBx}3+$R-%bDvarsM6uf^NvC+*cJIuXH9V zo~(G9Vsjr>{F?i)!gG|)T*ak|D-@giw&K^^w-s(sI*p2#C~j7~Lh(w)s}-+NyiW0Y z#TyiFQrx0=i{b|rZ&kca@pi>K6t^ngsd$&--HP`p-m7?@;{A#bC_bq81I33FA5nZ% zv4=Ww?JB4^T5+7>M8)QQH}+}F{chnDr4v$|t~f)nxj&A58gqYKI9KW9DITLZU-5Xw z6BV2L>DZ?+_tS+7l+G;0a}>{2T&lQ2ah2j)#SMxZ6)#cTtaydum5Ns@UZZ%O;`NF* zDBh&FMe!EJ4=UcOc$?zwigze(RlHO2F2%bQ?@_#0@jk`-6(3N1Q1J(f4=FyZ_$$R8 z@4sW8Ca5@CahziFtb*v9XBC8dDjlxRcVUJUrzv`iuWqsr+B~O1BwqS{y^~|#fKGt zrTB>Aql&qh%(cm&;%LQjiW3zlDekG*JOeLv9a8di#Tkl+D$Z7%t2j@wd6r(n&sXyC ziYF>I&%KDgdG1BHK;d`R(O#a}5t zqWGv{F0XHE=Zd2ho3#>B*IX;%^ph0#RGgwXq}Z&jkZ>}Te5m4V#kq>}6pvAyuXw!T zX^IOJ&r&=`@m$5FiYpXXDXvxAptw=-62;AmS14Yoc(vj+iq|P#uXuyvO^RC-Z&Cc9 z;;o9eDc-JlhvHVnI~DIzyj$@;vfPW@ulRuCgNi>;d`R&TvfRf!s+ccdaPpvHu90!i z*Ci?LNtU*kqBulGzfY5{ID?G%Xof1zCd1O?D$XNIe#a;_YjfOvSjvTma}FQZ4>UJX zE@?Z6MVl@?qp;4#rJ=YR73y~^Zf|>hPZ0IFezZ&&(R-H(a|sF8JW{78c#$xd(k~TG0bebg4qhcZ2+WV0((hpK zPlbnqe{G#x5FxOzxZvprX z;S0cT310|)SNIa}hr&hR&x9+$UklfQzY|^n_F?Xt;WvV#gt=ygYab}T8r)6z8gMV+ zpMd)b-v}NcybjC{o6_&kz{7>_1dkHl1m-(&sB;(i4B>mglZ5XBPZj2U;F-b?fiDu? z3N8|U1k4YpGR)tA=LeIkPr$DVe+K@u@E72>g}(;B zC(QfId}jsI{2lmn;qSrU3VW#k?}fPrD1dog>PLd{hGfHhzX8|PQr;EZU6}7q=q=2T z2d4_Bg8AWD>ZgMx4_dHwd#|;RjZ!&wk~0VXk4?C|nP| zTbO;!1H$ZM9u{UF^QiE(;NJ`L-tr%W*~dIDd=L0#;rqa^3G*KEUxc~l>2Jahga0nf zKIRi)-b4OU_z5sS=*zr31^z+!58w#Qc~bs7m>>Bi^L}y{;g`TYgxM$c5$3(+{=)2^ z1`D%);s=2l4%d#KB+NBfrwG3X9xKfI%x4LI3_e%*Q}7JoZ^5&L*@qPh{|j6u%s%Wg z;Z9(FV&{Q73OXv-w-YVza?A+epmQ%@Q1<; z;Ln7YfWH=IpZA^cRbYsOa4lq9gOMUjK{1_~m z_mJy_*}w9GyOi@?0!_l~Yp)UJ{p6nrv)^4S%yn|N39}ErQ+Pj^A01|x?2qpgeh18t z5L3?k%)b$SAN;uRhv27#dC&Pd;m^Q-6y`d-SA}{1`Om`a%ik703Vu)c2k^(j{7Crc z!V%zag`>dV3v+E>04HBeXJ;^86mB>XoFLo{++CRCKyTrm;8bCb34?_DfHQ^rfky~) ztQakv4nAF&;|4#x%QOrHpCddBY~HN}c@Fpjk>`Rh7Uo*R5@C)lmBM4dHNyGe1;S^5 zuN0mHUM@Tpe4TIs_y%E)Iea$)(>5D?yKo_Rqi_-UZefl^4+vL)9~Qn0{HXAJ@b86d z!G9302R|>&wT~|gbG&*@cq#ZV!p-2n3118TyYOo8C&D*@zZB-W$$tp{6#Rqm&%hD5 zwqPEA0p`1u$Xr9&Mfe$T58*$7`v|`W?l1f~c(5?@C@O8;Mu~N;6mZi;4 z;Y+|j6)p$=Ot=#K3*jp8y~0<3e<{2K{A=MR@MFRpXPy-1IP;9~&EOY>Ip+LHm>(j4 zL--ExTf%pO-xb~n{!p0jCizVGZt&N__k+I^<{0I}#TM(D_jRL$IbL-Z{w=thFvqT5 z!aKnIgr5Kp5a#{f6NS0nbht3@_l^?g_;#u=KQexXFvq${!o2r8Rrq!AOyNI+FB1MM zxJZ~|;5=cjVVy7hF}Pm%Q}ANp&%sT?ybpYh@KNwjgnt096%L||ZWHD>d8aVP$-9KR zfbSDd0{=?55BN92A@JkE95bI1&Hz6r%<=P&!dc)~g*le~S(xvS;W|6k-5A*Sgii;5 zEIbbUx$xQGZ-qIoa{V3sa$F5y{(yWTEWT@Ecn&y0xES1BnB!`1;TmwNa23Gf18uKneDK!*Pc>~dk=gS}3eW9$vWya#)W@L$1PCrH2V!fq7iy5YNpKLkG@ z%=@tq3v(QPRG8!N?}h&X{)6y$;OB)oK68yBy!Z~2Bsib}`FjAQF zRB^(br|K%qcb{;rCH2RG`wEW-rwdO44-q~G%y->Te+qb{@HFrk;hErZ!n42=g)ah6 z5$60A*JCoABJhR6rQo^372tB=%fMWxN&RYYo$%%0M&Ww!GU0__uHU47Gx&PptHEo8 zuLa*Kyc*1Poz%Yxyjl1b@D}0Q!4C;P1Lk^9>K_FEPWbQOR^gAp&k7#`a~&x4KLx)c z{5g1^@HgPU3Uh9U>p-c`H3T0C{{TKL?8mk6H^M>iQQ=Ntf1LH(85}L#6C5wx7n~&A zADk>a7|ivdjQ2z^-wQ;}0uL1)0nQQT`{470PX(VQoDb&uQ2HGQK3jMac$)BJ@cF`= z!EXM1?hxiY%qC&Z z!`vfW27XX@9{3UA8t``EI`9+1e9!Yv;YRQa!dHU#2rmb}F1!M~Uw9Sx9bwK%e;|At z_)}rdNq;503H(oC&b@dTl$ftaz>&h7la3R96x>yq^C~@sIal3R_z5uAt1_IYz(a&z z24@TJ1#`VBb>0Av5q=ZQ^{SM=1)eDUE_jMC=SB*IIfs3rFz2wjc9niPr%^5(1Xl@j zPNPmZ7ThSzIgMq)Dc}{teZkiYbN*qC@L=$*!dc)A!kly1EIbO#^{q?~=Nujq=A6Se z;j!S~37-jW73Q47v%;K1*ezTNenog5c%Sg4;J*rUet>IW8Si57N5Y&RI4pb%_#5H% z;G@F4#^>5t`fUM63*QUoI$6rMf|G=K?Vl{X0~`{55Z}({6}z}@EhRM zgx>^@7k(Rjw(!T`X~Lg^&llz#!W`jmz{SFxPpA<74qPql52F7Ujs{;L91Ct1jt5^W zoCIDi%sGdfg+t)=!UMrS7ak055grP@Uw9aJt8fnZx56XAJA^q$@wD)%;9bJ`V6N3= z`Hutd6`l-!Q+O))fbewi`@)>BI3#=__zU5S!AFEk!2c5FTzD|i#>F{`PQpvUiNe=| zPY}KVoFdFQiZo%)MPvwbE+R{K6F67+9`MP+_kr_;9|E5#%=v`L!kkZ-F8nljmN4hV zFA?S(LaFd>@TJ0>L#P$z^WzJJ`ONqd;lF^d68;-_r7-8eZxoINuM_5V%N@eK!JCBp zg6|RLwfuv^Y2ZhM2ZFZ?XM>**9s%AdJQDnZ@M!QJVP4C>E_@nzzwlV_JHlsyKM>}% z{HMYffWH#v_4_}CF9Gu=IolZL$RmY$EgvUb3+^h+`SPB^yq51PycnD=yaYT%cm+6H z_&V@NVZNhljPMQMal*HNCkp=*JVlt#ZWjpu0(_w`=hx>7KL{=t=KOk<@MGXQ;T_;c zVa~5F6Xv!53gJJ2uNQs?yhfPMR^KYjYxxbrpMp0F9|ms`{u2C<@HgOX!bics6Yh(0 zZx!Zz`Ln{=;N8NUBY#Dh*U0;XIWN9nnAgRhkuiTq^R+O#K<_(YI`O@p)WPuYMG2z| z@Hz`)<8>463GOA#YtMedd@f>ua2ohTVP0bn6V3sTBlAKSW}@OL!Wg=}0$~)1ccC!T zIaiq8%Y|{d;#CPFOJ1EYubmr(`CP{`;a=bs!c6n^!hG-j8sSv%t-|Tx4Z?%Kn}r91 zw+NpIen>bIyiGV8{5#hD10XPBjJhQ z!@}o)zY(4SJ}P`3*pGr?`SbaZXkk7d5-)r)I7xUeI9a$H%x^ByZxwi;a2gMTH=HuD={wwcF;*-oAkX8V6mnC;<@ z!fXSt3UglN&%$g2Zwu#x-xEFq{IM|W`g7s4!QTp>3;tesHaL)E%c>BJ?^T;}D+4D8 zUk2_jd^xzca0571_zLhK;iceA;b!m%;j6);g|7vlF1!jnL3lOz9O0Y5=Lz2ozCie= z;ERRVgG+>e2CfwTIk-lc?O}oN7VwqA_k))UKM1}?_#yCmGCK{Jp9`~oTZGxC-7n1k zVXH9vwBHJ|PuL;M|Zw}R7zp95zIKM&3lei582{73M~!h68^ z!monQ6n+gnS$IEqy6`*TS;8NJON2iLR}07Z&~FQ;g0B+hb3v_6yGezb{-2J}k^V)|$&=TSG;A@3{4qhYt z3-BGneD<(K_)j=eSaYImb0nnDbiM!kpJSS(x)$ayjl2s@IAtX;K#_F(cod8 z6y})qj4;o6UKFOFwHi*P2mw=l<}0m37} z!-P2=jTRmQK0|mM_*~%$;0uJ=cNGbr1HMd{=N=1$r-Pe>XM$G=&jQ~fdW77!XJHe+4Zvvksd>8mU;k&^X3EvAY6TS~zBg}DXvGBv-tA)3LZxDVA ze4FqN@Gpd)1V14BH262d&w!s4W?%ih@N3{#h2H?bCHy}4@4_E|KNtQ4{GIS&a0CWS zmfIKL1mS;xdkKFB?k^mR<1|y4_Y_76CxFKa_XD3J%>Ms8;SBIhVctie@u98LM8o<} zmoz+1SeG;u`QV2p1ncWfviHDzDVF)~!r^(L3&;4Ca5&z(aCpqPaCmIEaCi)GZh)o$ z*701$Rpdzg!8F1;=J~N>wm!_=7nJ>zH-s_$V3u zFikYd)NzvHkm8|=Io3LTj<1e6raI<0>bOEN$4DpV_~&@FVvb=>-lCY}laupVRmU8M z9CM6uYX=S}KBV}F;vo8Er_bj;9j7SHP@JncpB!(?aMyj?Bd#oO6u&+)hmsCZFl^AyHy{-X&gm5A&KBKRpZ-xyC)i8{nlmRqyBz zKb+pS^It;Orw%`#`bU2%t_+3`j{6C#wiT^lcv{tIyHdM8mDm{#rR!4%Zf@BWbNTZ{ ze?ITSvHuue+_HX6m)7L+!I7I=HdI6=-~ULMK6 zrW~O?(y}4>@wAraiLpac6O#6CV50&V9ZyU zaig|%o!+u8dFI53lz{c{EDow-D3ot*S;sghcAA?r);fLPIWE3+N|(%poR>pqPwxGx zmHy<1@+lwe$qd=OM_Se=KfXQoRA1VOr=81A2kFX`?I)e%5_0ZpZ5`HSV*ISW6*o5i zJbA>B{=I*Ya6T=cdLYg}?ylD9EzQZ}lV=Xe9Wr5Ja8}@)wEPL#lLFUbS2bh58Tfz^O zcHU}#FbbPy1Y@2}z{Z$#I9k0>5SO%Gd}~azZ?*r1z>UG1*v;OCKO1Mz$8%!ezwkE! z4k1`){I*y1`=W1$$nTHf9W}o{>UHb|f)V&wsfXwb;L{%+!LvMnbW|hvf)T&uUNDNc zF@r(CPI!q34rMUDXgvW|Uy@Mrop--c{xbSr6Sgpf$n4PTJ;e0?_qSr6T+ z%Br!u9C$8l5Jo!u$j@_H{HJ^n$a+UT{(r}8;C!T4a~QJk73$q z1`>I8*{yP+=NrWQKMH%oI{evP_K`NyL5!4FgFT8DlzYCx4cJ|S-JX0J+&5$qLJF*H zUD&H~;Udp>;(c)Sugy0nB3vGRGoGl`-wz;X-qT!w|=Q`_SS+7MoZF|kjdQ^J8 z5o4jqL9h4i_$$FqCXSvS=wheRB@GcKy$2WG(?HH6)=rDe8Nj@+ZC-}F2iEezr<7}; z$|w5Ig>%CUNIe$6?^b9SB6JqB(h!S~}^y45JagCpqk?=g& zgpt6|yneq$%n@D`>%c~0Vq!R6KL#1`O(g5WxOx3}?Gce0brB^@TY@2aL4-w+CYp5h zVuTS$ceI%wS|G~ckvB~?-m<~?;St0M;BjW4>bRDFE;ixh|uT- zaZCmiAVnD5OhN|`d4d;+KRNakvlGRmG}`Bz)XfK{m{f04w_#B3BsvlF5Zlcch>wkh zmk27wb+-QDmIu|&*o~%}-Hq?=8`O(x2@wbj860RfUAp;VBU}hwvwWxbvS}F9tBbE| zWPZ=v#u-oDB5Yttn;#iUT6L8V`5caLx?hiHhx|R)j>9Fx3DA-pP^(97J5N2a>s+DS zOSxh{q$ab_~_e~+K55DCUqNQ653A-ttix9#L9!= z#evV8&JFurpErk_G}xf`rEfYX3ENC}kk6aJjZ>I$9EAd{P|!|clnG%vH>VpspPT1k z{odMH+?p}bTkBnkBfd45!d>>!bOyGW6G2D{H(9WL?+UX$!|>WU+)jXv35Uep8OHfa zv*r06LY>2{4>2fJ?nywhRyHgZiLhr$_^Um0&YHljr7dmvXOk$Iyvoh0P+tL zH2?fd6JlPSVL@$%ZGmMzIi@ivZI0^?eW~9(1L*U87vI^#l@fiy`s(XShSe{gUs73H zQC8;-tEib@Hmt0uuBvR<*t*gMmDM%FDvIh#7Zue(Twj})Gje1}&3uQ$8ft2)>W4Kp zlvURkWmYu~&mNgsR#iT%s^97n>aH0R3CqbNjE)UG670uaDEi{R&*(Qvtkm(xbVIiML0_OYrk5dqAc^jf`E4qNkZMCF z%_3upgOU@b#3!-f?4g6Mk6Pj@OmWBPHN_yzNMu!%B9ZdMHlMMGBjB8n_8x66Xr6&C zCMETzd^(%|I;@n#XvHuCbtc#GF)W{Y!*Qa|a_DSy8jNdPOc0U=qf=r+NR46mKE`L` z2h*3UMWhgHYmVVJnb>^{)8u(6%UyEMkUEJw>I5Z*TCT60S6x;bD#2mnEo>+%t}642 z>k2!xz{1Mv$_B5VXXM%u`}HLiWu@(o3?8Amr)U=b7n6_TX zOPbQ6h9Yl4wN9G$TU^;tUsYLBR)}MxZgFjcS5;FzFVv>b>%963M9@K0c|{pgq61=v z3dga0uPdsaS5{b7T{0r4Ln$E0GW0P;3(E>?7BIef_HZk#N1$P^NRRQ_E-47u z9GY@47nW2N)z=r=G#{Jrv!=`poe?tqPAGFe-Ajt9s_MbjHJJ@%jSZRgWhD)jHPx9_ zl}J+&o#uryr{;t*%gYy3TPIP0Q#p&$dEq`nxpcw&+Duc^_3UoK-RZCnwT^y=`D<8Q zTc(oB;x(l{Xr!!BuX@4!!n&FT)ur{Am_Or;lS3ILbv5<%8~`$>oD~|Lm6M&7J=hks$LrV- zEC-ocW^gE+R9#-<&73izaO}7lQzy?Xm{2%*Qo)4jV<*ozHM`T;ag$CRF0-vTu{9=F zw%lhpG?Y2!elUaocC2Kt?8ZJ92Hl)a1(-VAhG40?5|-gne-$hzxGCrOnlF41+f-o= z_#=clgIgrbahQhTkf&nHxH#0)P)^2Ks0p7>kJE{Aj^7#BQs0gBlsjY6pM@bBEzHZR zZ>Y1|3P*KiRYh6ScC+-sDDA`a6j}dCi@ija=_ay@>+3zM&(`=Kg8X+XCOi{qWnInu zEUHPMrDeqn<`tIL70oYeC#hru$+E6R#l>}H3)?wkFmAVBWI7j@QtRzFqN>VjL}Q&% zVqO-`UgnqKILWeS4Ouo?lTu_Bhon95(n7{v|w-7oV%w?eF`bVhye-%=eY_>&!g~v>!^=j2|ID0GX zMHKE`O5o7k--50))hM)Su8<&fdf$R|yeR|m?488R9?#_?4j!BzhWP{%lR*&U+@b(F zysrl1xmM^fAG|_#;e|Sc$8|b+5*9Zuyxtwc%N}CyA2K}5GPH%qHC4_J{qs9-Rmg`k z&W-m^b^5j-ybY4yUQl-F<1{Y)WJ>_oqZ0U@3TNm>%c*CrSA{}D)wLO?Hv@nRi8ga1 z^p2O`G6~NqJ_|k8zcUPvW-dVIV>~7VdP2@}=?m-fQP&~7*AZT{3j}%&d4;aSn}hJE z$M8Zbye?o>tlnR7uyK~#8He1e;_}i{kPisbAwL0@aWP*pusXb4B%b%gol)pSW~=2v z@ADtDW58bPwTS|4y}A_z+SLT(XAc!N0n@|ieI9vX6EH`(-q$t6@c1-k*aXbEgWl(n z5HrvJLW=8tE+%`%>}3S*Jq|^d_1sV zcx<_6ISk8lAZ+FC`3<&c$1G3Btbg}h2m2FyUkbCaWOghtAy_Bp@$AD`Ps8!R7s4OR zP*`6Ge=ymwz7YOk*as$=3bge~c6~uCBZRpImTU1hVS6i@I+d^gUxKW2;l4B+BQ$)@(Ajk4V4yFv&gNkP#-cNsi^DGt4Wnl+z12R?7KJk%zD)JN+XfXW5furTp2MGp>V>^%dq- z&k$i=-AoYX6%c1#887RN92)|_+#)&^VBUUXn7jgdn+$!{E!pYw8APYk3HbCORdI$edqO^oOdYD_krB=q zY-xQGWisjyV-XXE}McV&0T<@>3M^u?in)ten~OM8kc5{FOL7J_!GsSEB=RK zbL>mJ9B*7WT+iURr{WaFLltK$9;Nsc#e53Dg~|7sI-aVS*IG_qrnpjZt>Om7OB6RN zUZZ%O;th&7Dc-7ho8ldcTNOX2_(jE>^Kg0DrGALO4Wyi8o!b8KXtV^c%vajfws$Rfe;{?Bi$(g?XOKwnup<@MXeG z7uU>C9uHn5%zkUBF!Q}!n5U^cALDvt8jcfW>TeY81HN0Br-Ba%GanBNp9p?bI0tN= z2tzpR|NbEIlfitlhT-RfUluL^zb0G({)_PC;J*p;-1+aq3&EcY^IZBn;mu&)fMxhC zV6HzQvp?heQ^*g2xfX@I6+BpYJ9wBd`#C;_NS&SFQ-t?{CkVd-o+^A0JX`qh;1c1F z!1IN_0WT6h0$wJ}bLv&X0q`xt-N3gC^IZEb;Z*Q1g?Wz6a{#7u0+{a#Ax{K9DaE(3A5ex5@z4lPx#m10m8oppD6qoc(^dz6yF2F@LvR z3y6zmBCP9Mcsw|stGG&Wqv92c*C^hgc#Gm~idz-$R?N2U(!loZ_^{%mWOhU_cs_sB z$WYk)$LI4$j?Bw8>i_xq{Jrd)Q5U%;ruNV08_|#a{nyXpPm8(SK8gQ)QE|%{c^1E} zW&Fy>R_MpRBqqJ98;+A$A+r^WlOY6&H;92}j~ zl9v`AOdc^fkQNVr6D{Ep@(fFHIW0piCFHbZlXBn@5B@(L?{Dtk#q3Zvu`a%IaeO>o zniqB98xP96JQ5$VIX<%W>CoJHq2~U+x|Tc!wkUZ-V-&O=@8aFxWzz$po8x1yitki= ze<-^=RM(QhSfDaJ-uogxdR%(X`#!$>V3u&kKg`4?!&>YR&!GTg$Vjt;{~R^YfiI&-WG253I_x z#f+j%UYWt!Vw8DK%NVA9dP{oZ%;t#^Y5h-293HYx#n3Cykh&R{dU$&3=f$Z<>QevV z7A0hKo|uWWhnl}mUR2x?S{0RdYJTI`$;YqmC?zIvR95>6;;=g zolQ+rUiQibX;Zw=k+Gp&3z8S5wPdV{N=~b531#?`7d1wuP4VYfEI=@6Eko<3#1v17 zO8rQZT*6kozu{=ro??Q#rO1- z!1O7>N2Ww%H#u$g#gpcb_P_H|;`#5s z^=#D-Z2QQ5A~r#?81_Z~ch?F09{pasbpnT@n|*eb0AEY)@q2YP&Y;f^f$tq8WH=o7 zQgLUnPGBn-PxkNN#vgGv9I;M-C-~uY0{6ft)(Koex9BK#`dBCM2kr%k>) z&N^8q&_FMD$U1>)I7i&8)(J#B`v2@Y0jvv%m>uy;q#^D^CgdVn7r+^?h>MLwblfLQ z?z&u^evoiBEbsw)2XJ8`cnk57gL7s{w4y7cx8vk86P30fxCkKKErW+rXgJ3fR zNqjKhf1;nmuGjqzxcVdg0WRF?R$7l$ACdmc;Lxp+!~m>*tiJ*5o$vyD*~#5B?D{tR z6#jbH#Rx>29+)dvixGOXUyQ&N;O15Bz3gIyUUo4;uXc+OPIw1OzJUyltr*eZeAq@a zkjM(_(QYw9@&oi?)+X?p(MCFGIfS#Y+dI4%;cD!r@bzfEA)63VVC|YkeZq?o0&6!l znd#L$xb?vjh2i%h2q-o6!P11B$IQ;2W&JqcbUSvkVSTwg(+GVG(Sxw5l%;(udpH%M z?p=_XG5@4nobGPwQf73yC%U|5-vjF#$;AOCT&~|rrOfDZPjsIGgs|%y#W#N$U7qfw zQf74R$xlBvf=?h@PuacVdq#;PTP5>T_ zuJO8Nk(bV^7&`qe&l)KfWmcd>cl@+R0c>0avyqFP&3Eh~Hae zUAdqH5%_YA!lov#=QU9HnF+6eQY3p*lW{D7Fe1p?|KSA{eEG6DIp8V;PMcz=)i7YxBQ}CA1v#bj>CARLWdrZKQBS8AEYAT6}ZG&0(YOjEEEC;#s))5v7=^QLo?XK)rbyx7Ikgvs1K z0?QQ>^;o7+8%*IYM=v@ZW}8j__(!poV8=sj3_Cg%*3H<( z0t=3c)Z{8{F%&TXh+H^WmQlOWx!;U}q637%jY^}TP2;CwjcBdW*rstuSR+nrENRo= z_{?b`)FC%EH|)=?q4SR=l4m!P$bXXrYTRccn8A%iz&_d-6~MnqAt#c4yd2UI5|m&t zsEJ9FE#q^BRWl8C2JA(!7sHmqmc!P-x*7o*!+oBjyaxLr>_1?S!bYG_c;Ut=_S0a; z!j6YM5B36Bz5=KW))|Ju(-($u2=)tDPM!S#%dlc$yTB&Fo&ehuHW@Yrb^z>&uzUoI zQ=QGQ&M?fUV4cozxaGo*f*lR3({?8IC&Ds~9GW=g%CI=xIP(;MdDUrjd1hLf=O0Te z)7UW$EF%{;<8)uc%JDU&+j>q^EJ)9g*g|t7`6(w29|AdJ*+c2tmCCkhjj`3>9BYP*9^cY%+pxckQUY<6?q+>|OTD9ds&AjpzX4T^RX zqb>?Dji5nMW4H*48Y4(hAWK9IiW*X?iN(Sbk2WAGraTH_+Ze5aqK&DoSf!2e2CY&` z#agxX|NYLH+5II3FMZy(|Mz*{=X~+}t!0WUSLpdz>5+aZ?^cO*BJXfV zgR^|Cr>hf+lYD2<)Ib$sa%U-;S}29Ee(l6rt@w(i=wYQ9uAL@D&Uz{*)l^=i)@Yf$ zb%JAsv2@wRbKXRZ8l=2gsYRWJbH$gDaqRiOXQ?@1Isf5`T-s#vKb96LLvHlPxmhz7 zi)TzvLL$ooX@60zantc}QnB<)_05T`WADf)8)$1)u}Zi>m8{a)i*q?#qN=V=^sc6I z)D@Ry;RC-*W}VcxUvvgVeSMfXvtlOI>hB}fGLzWyH2K}(SA3=j|7yLNT6iK? zr^Ob0&EzsVsZEEfRz3A$&vhr?eyv*k8_%AfL?VDMXJL=%^!ljs>lU(od3{#bNYjS_u98_v9=8nR4ei!$WHU`c;wlT;cxhNKm3=J@ zi|PA+X=zvh#m8!aR#{!+@xMngYI}aC5udVQkKEz$^%(R|Hy>~&AocNOKmah8(NO>k z!|C=a^p)d26u_7;rmqcL>YD+xyy(V@6GL+P<#jl@`EXA$o^v9uYXj;?DO6 zG9BYb;IV)m)4_1)#(d%9BK1XKHjfQxOvf6*XLKk;BIt0Cpev_LSGB+j9&&|^z8wc`nE#f zmPAbMdgW9E?P%eeJk7xvUR=X-4G<9E|0Ujn`K{Q&yf z`iS2^$jSJ90(~X;)`9x)o-(E{ua~~_j&Sj%X6!QY3(Dyy9FQheG zhrmAR6+i0iy)NuZe2f~5h3e!P<<7%D1QWaNfE?e;nTs;K_!7o&ntus7mcO}-TRDhK z$Et9=KJ#}klh0MX^!*0B| ztwpBr#l|q$9|ce!)0F~9eVZVVX_UZCP?+MEwEv%VVKN7qpM&BV1@^ylT^QT$e`Q@5 zf8{k7>%lLL0e6~T>t+6^m${EOD}9W><8ubN$wF)lBz+uiU6>gSN!hPk7xtwIN-T6S z6~VR*Qs+0Afk|QUv19LddkE578WUyd7U$RWeHlbf|y z{K#F$i1@$nk2L%6z;Bwv5EvOGh&kqD&FZj;|e?xFD>W}fu9}NuWcg~g`yYPHR^PT)u+NU8R zxMm8@m-5Db5xMremK@_MUd`ls-1#85Sr4_H_FCso!CxlVes>G|_XX#8()i`~#zvms z51aK+VR9XAk+46HT!&jG>@O4ca@|vIT2WO#0$iSwJn{#{|ueLam|p4Dfo|-QGT#$2MZ$iH zurDLmerE`oD}~Gg!50geT48?&xz@8<$oxdeY!deWDeQT6o$>nz!MQ)Fu~+NGw0_QY zj6KhOGyDREaQk{t3ai3(n6NjZBB&uM56M@cn`x6#O&6zYv^rL8HH);Kv9)L~#DF zZsboC{8YgU1m~BJMt+*$GXyUeoS!`!`GtaWeUP!Q6`UVJ8vA<$=a1#aUiP`I!v1l= zxjx9q^E+$9`FW(_s{hsX`7L4puHbb3|9hRCnj`3VsyTw@0r6}O6I``>T4ubk&lh~6 z;9X?5d0&-KN0+M!TDm;lnX!2 zH#}KzpWuhb&ij&=K*2QpC*ldb-s_587=Jd1?LBAMm{Wfk>C-*CktL8xSFf# zu*!t};ricMLT0Yu{J_n`r&90*f>#T^MDVEKD+I3>e2w6Zg0B_4g&cDUUYi8pEM&F_ zelE*e%dZsW&W{-XPh3Af0_l2;aYK2H1m~EL{CIG#R3gXELb3JZW5K!Ti1y>a`L2wd z@AJ6wf_wrv-*u34?(&xACE)LCejYeKq@>J6;D6QpV(`CfJ`0@VM#{_q=Q|VfYry%D zBl)%9{WQNB+^=~PIG+W|aK6HQ49Fh_XZ-W1Xix`?2#i|1&u2IqeUE^W#eLkHJ~D$vI!ST62D=%KA)uH`028=A65*4%40= zvEHJ22KXw?2Z1+eJ{X*JnDRkzjz!6Hz-`U>vFk?7Igeo-rVKv_=D3tR0{)cd=YY3s zUJSlNbAFWjisn^U;Cz=wzkF_P)|~5< z?$rEG;A=GJvvRNI{BZbw&Dqav(wrY7w`$Hlhrc&dzlA*hx#k{lzT={OBKQlM^Lgsf zoF5|pR`V=yzVD*^(cs;hbAGm0bADvJU-MDmeD_89G2owS&gYCT_-W7gor#*C1kQJ2 zwC9J<+^2|qB6xqz`79o*c_H{P&G}LFD9t0_+}DVH`GNC^nsY8VQS+(bg_`qujc8s5 z{(a3a0>4o6OTf!DF9)BaIiG2sro^yjf%Ehn@;Ttun)6v-ruh}%D>P@HcAMt>c)MP6 z&O4hluLfVI`HkQ$nlA-^M02(cTQuj#+D~fEcA`!5mEg~5&NgG0=68X2YR>j!x8^?t z=UP0bg>A|En*Rv=L(SQ){8jVy;D6V=8T<>)+1_~32U5?2;Axsa0?s9Sv~LB+q9?`K ze-70A32Xc->z|f2B+zb$+n$bA%yyxL zX~RSA^W~X?2P^DnBfk7WIivk^<|a;>JYmMj`IA;nSUYmlq+Ju<49?Fu>hS@upi6nh zle;TixIR3_=crJjRwwx~PB|_xx1b}KHSnzCPwJSH6%A%rmKAi|lNGKj2vrw!6lHbf zWd%kAvclm&aCyhHtY}kqM_pF5D7#}(Rx~fWep(y@TZn8dig+fw&&vH?DKd9jjyD$)dEtsE z+O|^c1Iv>Y3kzKXgO@ja5QKCv*KWh+1&B!Cqk>OQhsmEeDS?{?7s7v0jz{^gXb<=H zf85<4s1W9PQ7|l$s^_pT2H4_6o#p2or^v{p=kCQo1ezP{4u2l^z{pAHc?=>;I}0@r zk9h3jGx%TK-yjdqy9agNm7&i;Jdo1k9K@}7W}PrS);)-Wbrxj#GJQQ@F6?jcAUO6n zXywiAT?Vb#-+(Wb`L% zM}ybRCd%WRj5vDJlp)zS3s&C#Zhmy+oP+4ibuWYA+ns}$y$Wjhk~vfTYlbP4Ry__x zIIzWK1c)!ye|;TwQ|-W&AB2TpP5!HQeG)p+|9N18ew|P<0fS3|Ye&`=iv( z1jCnu9z6@22P`1D&Sm9v!l$eM2lywqI$)nQz}f16l-GcsTOADOxz&N6zv65{?=sNY z>R_O=)xp5nRtL<7K?9)6%40_IVx_j$R>G4LR30gRmBERLE^B-<*e050A`#>1iEq)4 z`49ZF#xr?;1Dt4#XSzZN;aIi#!HG=W4KNN?yB(Z#BlIS$?pPN1HABq5T^Z}IA5sgk z)et)o7K5?pK>;f!H$WJS-4F^LU-iodFSx4GWu3l3xpgc(cAm>BDu7`VdIgN5(ccvFB->rF~==%sHEc*jvkfIGx&TD zXTft2jb_bd%{U%*!#Ktqg6DteQ6NJ(LLFfwj^i9|0^E+{U~)Q$R>8WZRFq$BR9w?j zg^^Gy`177p@sv`LQx83z$h5oQ83pc64zs+Mw84OLHZh&*5B-0J0LNYsFlR+V3TH)9 z2p^~9jD*lpP`FbGaZ7<3S56p~Ik0@!@kvYSUR{5^D~GcydO$nCkWyB=mSNHG0nZ>; z&OA7s3#S2&QxXr2#Nm`KKW8^r!U3_c!VG^2y`nbYr@b6byKjZ#ROJiDX3oIw2Fe-1 z`KQD6e#a{|Lx5i^k5NbZ@N`}eFIlYA>g-2WDfQTAIxQMEHc;k8u94-)dTZVp5cQ%g zF&2lL*~(xSc&7T-49m>rba%EgIDQelv6eF%on}Xg%%aHXZE(as2Wg0%<6Y^X5#F4NL5EFgifD zTiwhzCtfNRD(a)z^PCym8xX_ z?j01kjR98Q^ER6G9tTbGega^&O+dRvBYQzQ>u9Rmc;)*%-q27&(Z#$`k~m2 zI7c~OukJbuQ(>j9#rSW+;)@!-l<~N(Z*#39>yH#Ax)!<;hlXQezYQNAxbf6V-j4vV zn*wj_Rn#GuBzy%2d-e%a0gCgkz8-L0${YIxb;u>jQveRR+=&}Q1$83moH6uETJvDb z{NX;%A^o5Z$saak9X%ZhPluNyVpu~hBccp(DN67S z^C-Q+25O2FR-0}(c5y$HfBI`RQ{tI#shRT3pRbNH^N1tVua=@jGQgB^!;ju6i`&Ih zM)}OI)l7-(Z>gE`EZ47&vnksLKz^pm_PSWvUMI?yZt=2p%d&OHQ`2YJ#)ac$EBy2< z+qf{QkdW%LY~#XxYVKLKap9htdzS6tr1~t|xNy9@MVxzGYXK5mRn|I^M*y_zz5RJy7*NK1nT9SItz?yJ(9jyy z*!fV?QrOrzRz}5cXxwXpAfcQH!YE5ujqac-Zj)mTifPP%HFU=8joM)#P=w2){_|f@ zGd9xZ;^c+%6xQD7jHR~Y6oq!X0M5PM0Nw*W0L(=h&Q_iP*t$`cFBB-tuhJ-c5HOdN zWtfzuZpyv|Q1(+mUVX)zzdE>G-$Q{W-$4~b~;r@H~%ovYfr1U|+ zJP!9pwMB#%OYY+PWN^a+vww!OH9`VxZcw{Hc=bjC+yK#y{747r1X;f@k+yiucqF#8|S@0U1sFW7b?V}($5 zdbraAY_{B}HsmmeCBq}$j=2$II4h>qXl9PwRl&#YV#gFS#m+&#Rth%DR1#|YgfD6O z@*&2~Ru$&J<4kBOP2uhqH9Vp?VVugxl9VwqoA2tpcFF*uVS^FmApGDl`j@s;kZ<}g zRofZhf$Q_^SXEE|ckZw7{o91x)cZQr~FV(ziYexcZtZzPD2G z|8gS!&D$R!6RulyS!G^s{E%OnFU%}1rH@Be?RpT~VFJ$TB;&r%0`5^;bhchK`>L6h ziw}GDuim-B=)F`O9{qp%slPe8`%1_L*dd!E;7Y*Jh({BFs5}xr`3hBg5&IH3Gl&<4%1Tn8oyQv?t>?3ubxIjaNB9PQSbkCpQOf zOyAeZRYInBxUBc)GI8e%R>SGG1nC%t`%r-4(2e<04@iA=Fq>xuG^XQr!D+u9`ikI@ z`sAJrkHSoSd(TcUmrRsT(#Ho{~$9o{)EUT%z+iQg~4sn1*;&^OB%a5p+QLN}bw z+(V%Scg8ORF#7QOa}Ryvk>Sp}e>e!YUEormor8H4ET}I_yD^@702#jnDbD&lSgXsp z9e~MjI-Cd3e@#>(>Ys7@6HGGPiTL=g1#%3RziXIuP?_;V1!uw$QH)*2?K9X&eedM; zy(dGzUiz+vzO6BB@vt%>C-vb?s@gu4@xy!8Sp1IbrEdf(0oVPR%fyf0s!4qv-|hRX z-aM@@q!lbiU|a)XF6tw=i6rkv?h?P#{`ZzU3qnc8689+N@`af?cum*(924>cax8yy z89DY@G9B~rUedHf$3mEHtS@tV>DvK)tZU{n`Y!9GZw2&Gj`CC^fUkb_X13$7dcrM$T#$B}e6bZ_S{GL{d;rYhdrpXUw*E zdL%C8#U={>OLt?4g^kT4)DCJ+#+Ws#e9kO347e1>^Uo_8F#9vGov?J3VP2a38CVz0 z{tQ%M_Gh4|u@8{*A1*w)E^COQ-)OIfB@pEv2)y`SockMa41FX(UJLuP0Ln1#SS8U%^nVZ9S6=4hH4q+0lC?q;bd*k{2)&o z41z17?U^^^Mt-KY55S&0jRe<~v_~4*jxW+O%s=w9AxgwKOBXVnd$dpnob!{tnsXka z%8nf&E>(5|9M1p$vlqnwy?a5dL)n`(=KOxf@NI%WFZerxvtu^$VZqNN=LZb9&IUJo zL0n4vG{>In2n^@e=2025HimR z8Ghex;_#}Fd0WVQC}jQu&Uo?}XM<%bRl0# zu63R-WG)pla|ORf$nzU=<5%s&p!K{U?B5fd^}@*GNQoFfN$_ccuO-*z*h0<$Bd&*q z{jUW-Ao$UUi}5>B@Djo23tlI&e&cBD#|zGNO2%IOCZ_dp z{$}jY5&S~IFA-eLyR_dcg#8VI^J`k8^A^Ex6MT)}Y!{5YYV)=J&BA`G;Oa{aE%S`9 zSN(#v?-2H{3jT)Re-QkA!TE!#iO)g7<+;FL2>S%K;X2$@!MXm&*z>ba!-ojY4|0wD z>4Ni1Ph)?T;9QGh?C%i#QNe#I_}hZNFF1bYiRt0GFr$;}xePB5e5T-BpJilL3Vw&+ zKNI|E!Broj^Xh$Jf3#><2MW%QT1{A!1fMPVJi%`loFAVWzrPUt8NvA#sgc4MJ|e4gM&rE!V3(jwMjs2;DpD8%M+B7o! z#MkhP1?R`T#{N3NmkWNg;A%e~n0c)i_8SC$Sa7}@H2T{F|Fz(+2@d*i+lzy99uqgt za|{m%K1^`FA2c$mA7o^4seVxN@h}^iu;4|4M+BcNc!}Us1y_Bg*01_X&C7+%EWs-U zUm$q3;7bIL3cf<{I>A>7UN86>!Pk?c?((t$!&}I8oMrzznQf_-m;D9Lcs6Ujx%QPj z2|Bp;l{^)EuI4`Qt2O6)>IIr}{KCG8@+@ceP2_mJ=c*^y@wr=b%CFUY2zayREOX9P zDL)FFpZSoF2H&FjIPfPmXZg2j&T-Iln)7#&U7E8lbZX9b036FwC&x;^*L*rS=Qy-y zng3Dq3h)D(&jDxOM49>EpKH!>lN)V5?Ky7Zw^Zb{;QacD{2uV5HUAMf`zhN07<{Pa z4}g!Y=H8QfOBOI`D5S(nsYpLmga5XQ#5}L{5;Kff=}0c7dYo-)blIw z*_!h!AkNWf&voVe_?`SM@TlhRf#0I}r{G+xNtw^V@7DYa@b#MWeaJ@5lfb!tlJa~v z|8vbb=6Y6hKRD-ilsN{RzoC$i1plq(Vel@^xxV|4nokA)Nb?K8|EW3OPbZ@vq#nLU z$xM_sutec}Xe+WERbJnSR&G~-iG|f52Dbk!{oU=9OSf*HW zzO&+G)`}*RJ=L5*ue<7#L5H@2j<+Jl0r)`zJ$fIHfr9klynfvFn@kym7-=i+?tV2-;g zBe6Ckr7$D4J0qbX)$QNjoa%MuWk=^^?@KFndvJ_*&W0up|NgxhKXbRFmZoJ!w^-48t<8@F=&*l7Ml(Dh zO$Xh{^-l(ZZl5x5OAX8kM5kG;c2UXsJR{t{z5V{SZaZ9A9hjc>!qfi!zJ$r1s;gaX zYVi!RrqJ%^FACa4xpp|>L1gpF+|>z3edMpe8rM0s&joOr+brOzI_iqo{gSMu1%|WV=u{rL_x&RJd_wO&XCq{3y>gxh~GyFyCn?uo? zLO6{*-xIvQt$cQ9N@m;3A%AdZ=7zzw*SIULNpR{J9Aj&dOYMCBv@&nu{cXYFr=4nL z6-8q*e*TDxyst&x*VQHC$n}OD2XOYfbMQKB$7K5Jnv%7=-LECH!S26zFsiSUv>f+_ zlznNPFJsY61;hsl@IDx*UAhf$6)OIMebz!vYP&9ub9*kO4oF;$W zzLdt~T09UCL}4~WTn+Ho)EY_Hn&J<(Mm&&gwF48}%*5u1wgZ+2(IYLB>^BZ*a!8=L5KK=|>+4J>U_F8*#OOn41Y9}Q7oA4C3+L3m9NvAz|Qi^~3?Prg%{JZ>n=A}*d zIT^D%9VJ_p?kY^TD$+f<>E6=xaJ@Zwo(GS5 z-s?&E2~bm*keG|Ag4RH*X1t>daiVf+p&j-YO-ItuK!iH+Anx%OO-PS;D(pIjKgYjk zapLZD*VOC^sIf!-BCZ+FP0yH)=#`Z+2Ur8E5;G^HSMUihffuYwUz}Lsbye9VrS=T} zH2OYOPLxoIc_FVdZmth`L6mq`h( zrP*a(WMZyeU8q9N^B3(-&rd*Xy=kR(rGFY`tLJ4$ugZqfPLHn;`CWue@Z=|y%n5Yb zfztci4tyT)@44{lQhONHXZoi>S(%qvgNC$gN&wGh$$~&Bp8jczz1{X`JkkFB{zbbp zs*}3y6=)t@+q2nXZr&D%-h)w^pH*m=A*n3Kh^Gr}3##2P|DNd7 zY}O-H*d6@2bR(*WW67t1 zu07};hWYouj=GzV1VMjD)u*3WP^^O1NusYXeMPG*)!~x zo{CN{Iu+efxY;i1v?G;`fs)4q{*Bm20$mBSttn$$s(B=jy6;Rx3XL8L7s^YY4HVjy zOAh*rx^hF)J&0(jy~MviXqWk?O+b(9J94*of*ajS1yX{_iy|qnE~r4H)t(1Ae0-K; zP}+p{x)H6w*0kuY=w7D|+~8l-ZUQ2N}IRtE4HbWKmYh)U0T6cKD0{cdeMZd^$FW7~K{O zVYt8t51mzD?6^>S7F^5cEJqziXEkr^3$r1GojJncXx;L8-j#!qLm0_a*%NE+a06;m z5l0nsP~LU^rn=hnS+8v}JHr_knLC^UCrc;lp6qQ{%_uT4h8f!}44mI2P?e;|YF13rww}dc)+*Mf^ z^5@mh4f&^SOWo(2lrRr1J4Q>@Nolt#vNEX_=|j$+-#-=JTkVPMcDU0nYQRIh5qXVH z*Wc8Vx;1Tw4~^Q+z?hUNnHw^<4cYbbu2$K zXy=#VS(sQow!#iKey0T5rr9p@rTI5*OTFdbKXdU^Ba_gNrawyPkS32d+D&pVY>~l5vtXiL^%IB@{C71eA3Vps@UwSaz zYE8$my))h0Zm;q0dfnHVk=Smp?aoN?@7m{U$0z}h13K|;UurwXUU9o_Upj_@JuEWX z?WkiBivAHp!+k#2zU&4xaOmU_P5-Xul!P6=26W#|8&Vp4?sgRXu4a2ylh3~~y2ILu zx<21^Pqu#}MxZUJd>+vJwx?nQ+H99JCHptlCL#MHRd&%%xJDne{7oy9Hl#qBfh_Vj zRVOv3)F!1hr=(Wd`3>mlVMmE}dqJ%|pW0_<#) zPt9;$hlak^E^oG1V2HFhk;49IRd!{Ww<(#yHrQ*BE11$W!JpUFn6krHYOktIO5oV2 zuF9^D7NR|kZpcPuTI9M91HsBpAKH~QlM+@YA@Dh``+{~Q9t4b9+7r>_R#$L9QHiGt z!?;{`QW-{aI}?L;BQrnf-!;L#!x!Xub8V-+))}Yd+Dk^JcluB~C;&cD(G}UR`wH!7 zJ6gaZ|E`D!UJxz@k9!!7YhgBqq+OHM=q8NO%}k7La^0Chlo!TI9jBqXMEv`AU;wg! zk0QpZ{yklzmG}$}Rxop|xWBFA<-irMRB-k=HxaYf@)dy!G+T34Cf1@L@!)i0LVer6zg8fK3nj@NSW%p&@QC@M6ep>E8X>UDb1 z?D&gTdZMRWC=J#2GKfhDD40Uj)Q$e4mQ=L5yUg7jg_8S#Jq0(qCg9tdlmVhy(+p9%3#=#+>Gc!%pY8T3(}|(+zbyJ zSEiQV2@8ycnCMvyH^&{_1aA`^Z)lTRQUluq>t93y{Kkpfw?FxGZi^o4FFg&z4F)-E}Iu#>6G=Jrz zSiu%eNLNF`@{aQIJpqgcJAMbftu-!Ob;SE(VOJB z=Xnb7D%>6)F3jQ>H0a-hmVJ`jKPLwxvut=r8Uz%G99Tv&lH`Ujb{+~ z*RmmHlH2tLp6upKZ$oBcZDvYUW@<%ddTwS0N)-=Ari(8>+A|YSNm}jt=1dQ(&~|^( z&a@4l_ROT_%(PB>Q>)#Ghm0*cYEL?yf|<$fnaGvuR(naIJ-!*0L%E_P(?+JZqy{rH zBObi+?nIT_GctXBPC>Y%eDm2^&2~OURcO@aWN+nQz1<#*npmwpA?C@do z6spQn&%ok@wmqo)Wvbq6LJab@rs3UfQ+EABf#@1UdTR7^Ow%}bL4~TaTR85R;a@bw zI z$dg@*J=@R_MjI^TAPcSq4k$Q0f=^kPU$A4C=HFH3h0Fr0qc9M(H~E8@WnwxRonh^8 z2UXI7`3X7hP+cG}5m{E|-?bYp+-BBWv^H&H0-Z?lo*mF$PTd%H2Wpph?1DAsRXfoe zt)M7sM%y38L3O)b2a(Wu7@DK`z~hIOa)&QJf&PNaLwm9|KNUbzHS#oAgze?+c2S{S zf`<}QJVbsMr*>>dIkDT2G5y$56h3AUfkh#Vt^C22C;aYaScSKT+L|zq3(W~l$;fRF ztn_XxZn|Xg)${mc6UJd^H8DncIV<TR&K7PCFWAh6 zp=k5gg(dXZUL0&K9@<&{;gBws>Si@u=qF<4cQ2w-%3SFFv8Fcx>=jS*4k-lA=)I zxvqg<{Ot(5^}yzRXMXxcF50%dc6%0@K$L0WGY4Ri_NKDJi;!ZJRP`l@ZR6Foc4X_a zW)#^j6dDGm{*ABub|*N4(`~8$aG!tb=5CZ6+EF~fUAq@{wH?CXvzy%yUn6!^FYGEm zgpp`B+C(P%`EMvK(zvacVFwtdUdD1M*f`@zlT z4S&kD6}B3W&Ka3lWj8h^`WMyOYbRikhWCTb92_-HO7?HOeG*>|mR{j$dPpR3tt<@yqWKKH)#2A`+XmssobR{4@Ed?}?qUm?ept2h#cCKf*CkKMksPG9Ch z4ngsZ$6cmbcoB`MZl^CJ+GJsJk9j{{M&rpZwWC$k65VcLhVR1c9dBzI>=m#3Fm31i z8h=yhWV{n<@!>r)Hpwih3q)VTs00JJHGyaFvN`%ic70JGdLf$L6&*Qfr=l24ZXcQ9 z&pYs5pgO5!R$yn^yo96f8MPAXqc-LpG$NhST+NdwFMYK`WLNCI{%Z;CVPUfc%CbU z9{AmxQQ24!cp_`yqOJ=9OFk-@8mhIUC6{7;-jv({mpig9+|v;*U-EHBQ6PLKCY^Tp z+;JsE_>pB>YK7g>wzVLzDeLTAZ6)Oh8O_6{z(rXOi*h*EZLbJCo`vZ7=WI)CwQV(Q z*&n?U$#21Pg6^X0lY+qhthS2+fiJS~f&o2E7hX%j0nKOE{^k1;FyBZ1A$$G%mwbjd zG8cscO^o(U^jMgu{yRd3;xcw=whbE}Vs-w0cEP zr+JaIZoXL$8N8gqz-uTNUbxg{%uU>IWbQLrm$$fYdHjpU4CKckkH4q<<@@0$ubE?77-@LUtsxZ1CK>s@K)N;u)3GV>i^dRCj@*E?l4GJPW$EOm^Rs zJEoN*#AdrL2URBb{W*82D7WIzyafZO}ptTY$(2%UP+UR(G~ z8x82i=D8;&+;aXGF4kc+*j{l*0>@`Xm_y|hVE7#I;CaAM7H`!mTNbwR#{&zsMMBw(Ni@!7fSNBPM2Jb3*?vt7vwN|FFigkz!)N_cX4Pj)A+1hsU}U z78XBPcpDat!FcSjSL?fQ!(OfY%m90}_JbStYCRpY@x59DFk!D&erbxmTK_^xk9UZ= zB@KtA+N+h{rpNYby&i@{uC&v8wYE~q*{hY`2!Hint*aoxuQ}Ath6&Ejhp!uRlC$&S zzPLG+zlD2Gbsxel?PbI&;62UFFCTpO(&2RXa@^EX5SKUNj(~f7c_=_{u`(q4xU0AK zBKK-~@$pj`?{)5{VaW0|(&ct#=$DR#QZDa(?ziC5KmDr9X1cIltp$NWt_)^)rux?m z@0rW-4|#D5Y`vaU_@Bk-dOeI(#^d;xss3F_+4#TZjxTXS_wjBjaDC?| z_~%Y^C-4K9Be|O_49txqvEgi@QsBs^xfj6Jb;NGUpXg}*G^Y7Pq4^X?^AV|tu->ya z;V5uwG+Wr_!>9Wwcfy&pSD_vi3-u@w>Od#dqdtK=w!FOs;z!4~ygfR;| zmIE-_by>C4#?d(s8U_sQUl|-m~m6hu`{pA)y9(`3}c=)UPiyyx~yCI{Hnci$3nSP z_Z!3so2@Py!iHi3+;~~5UO|HuycJdntJl{IrQNU}XcP8@r0kinQ(x)a!9DGjY!YM> zhkDixrM;3jHrh`a>`NHzT@!lx@vR$5d*R22&9ziGv*CwdMp<`W)zeS%x}mfeev;v5 z_yO2)cWiFyyJj0ab4OXFX*pc_Bj(oKk3!Q3rtWrNDD948>S)rT{t&WJ7_EEWFtQK9 zIFxoumL@IxC}j6iwlN9eD!ngJmUc>(CN0bLgHe`#Q=XCiGi7O~WNAXT^&hxhg{oEt zDO5LXpUc{|dU7IaTOw}B0qlYMFof1Xs8R{V?SBdT2VsAg<5|lq1@((uIeg6N?I%6G z4dmLTmtfBdUBd{o)fj|`1yC8R4Ie^0$bD!NQ15~aTh$FZ4tqwMw5P%FR83DCN1=LY zPn#T1rb-N@fbwW;v}Ya#vYVbCnr%E=7pU+YL6ke4g;$oliY!kH`Gj6K)yKR}8_B2+ zrS&LA6Pe3uz7Gj~1VYGM@9GG40Y<9%9JmJZ(>^b{Y-W3M7`bMJ)FTd0UQY+SWbrvy zt@*n!srGk~YXCFd!h0h;6&Pn&YxiNC{Wwr9TUjn1k3@GDqsANtv zpo|y5gVPMOE{E{LFgne^lWc$!lTjpH3~oD(39HxE96RrNv zrJt8R?db;%8103hSOdmS9P5w))~`>%pt5H}Nqf3qOq8@VSus7)uG+P`Z?H1_lZD3aoohMj zA#A<#D*lg5L)CR0&W1w=9p3)1r^EGd=${6M?nL|-K5m9X2_4=VivJ_1Dgdvp(M-S& z6l^0M-4>4TGYn)XU5{hKLzDK! zhWQivO0-TlzRokguB9)!Dql2dUtC)eK!I7w)?(x9$Hv!F^hHfLl?E&HBVAujr!u+#U1oxbN}rlc5US_WzJCaN_E6)L{nSK=qeoLcR0sBbU$4DQ>g8<oG4?>LFBfSFoJM0;^mmJT%=_T!dyeLK zcQP!?AZVRrjnBZtKNfZgt3O&6913FEqoI@-HbK~+=;-@A_+C%nCt6p;eShxwR_!KT zl~0n0aQa``>i$zhv7W@9IVIJ2-`7@O{VfCt-Ts0Or%UT8Zgw-D` z3#q|?W47sk-u39w9rJUJ8N&g`yq9J*!-y#VsoBbm!GvQT?U>=;F&D#}tA+%QIbrph znsI7OFv)TT1?#WR#h~D9%NZ4PEgj8n^aMmL8A0KQhLfQ|j{{cK45g*&Lzxhi8oPyY z5U!{24C`_VI|G6GnxVAR0|6W);Rv4r;c`e>7h7wMa1tf}Y9v4h-3vN4@Wkj`2v3nC z;Axum3O#XHl7t8-Pjt}Tx?`g~mBZ6kdOF`q#7%g@(?tj2Nj+T*X%0LEu!WR$fptnx zPk5;4AUvsuiW$Iy@1UnktV()f1~_R#NOTZsQX$b3>b$G2A3R-ZJg za{7Daav59#m^NEiTUm&xaNz_q3r~kN-x?KnVa&OltBo!vIZoU{g$I)$W|k7MZRqtz6{18YJ8R*AW~fG*KsARToT? z_H_w-g$BacZPr}l>rvzDW%{D4@gq*u@@2_LW14# zwMqh0IC}FUV(h~2aJwu21|C{k2{u#iECiKwlkAI)jgJ=3)#Vp zT4VhKvbsb6z;wxI!sx2IWYvVRBfkK?`a`|-L+cb|nD+Im=~Q(~LkZof##$Qso(bQT z^nJIrIPSYc`bI-Q3E?}|p)Z8*&Gdbb^+eqFo6)+9x@xaEe&(Xjt@PDoO^f?_$MF?wxGAAK z^jO19-$%lC7G7>!KeB4zTf~mGrb91AFznFpg9xfwY>}pD%@{0drZo z^YG8bcl_4c;n3pD>GRl|ACE`HnbWJ|sTRQKOyZR>fcoJ~;>WWEpAMrqt!fL5&LsY% z1#oq*jyQApe73Z|rL5|_c= zE!slWKOvN%v{Jnc40PT?=dc(O zR&Uk^bxq#jxT%A>rWC-iff_{QwBHd!bjmM zCaV7dhc-G)-_g_ISvc&aL)lv~hkSMcT-BR11P&Ld)_*F3#S2w7libT^I1JWxC!?7k z$yQRdkj7QDkWu(jE#&&R_a?}*y|k`h3h%0seH^Yrg^^GyI*f_~N<|J=yRv@Q!!sH| zE9A;~2UeUOannXT5UI;>cGhZFFu8*>Fn3KrPhoQSLXb`6OG*xH>w#si9PTc`wsoK5 znU<<;-Hf)iKiufypV9-jHDcT9M_EF%2+cLH1a3h@4zaMpjvA+FKY-_N2phj0z+7hQ z(#zm~BqvZKIe8jN%Tb&(X~AECZl>T3-0M*{v0G}?OpEoNZmNZI>OFP83S>b{IADB+xzXl~2OJBE*(Wk!pr;GKDj( zK-M|Gt$i0x`uCiZXSkt#oy8xmoMXgJp=bA~Bs{gQ%ORMl{x!p7e&)IdeB$+p0Zs~A z8Iw?AG~)H;UAU=}!X`ckGfoO)Nh(FIiPPzEKvFwx7)GXI^bLkVN6A4 zCE_Sf3Y!>(8K;42aOP)z)kTSlrHUZ3PTu7XG+iQVWTp2nwNJHp67o0=q+V1hlSzjD}7j)_KgF<9E+plCxKxs5kIyIy;SV< zD+u>E`wN>`$Cuu)vEb4p_ZM$=Ed#3{l~Y z8hDl&?-PLp7k+FcISrty8yrjX6lIb1%y4E3&V1vIzaK)EUBg~VE4FLkpsv%Pg1BP`uv=~+jjB^EHp z)%C-;M6#5qj!87eC45q1Nlb!@Saa||@HR=&3weuT8js9-s)nQ%Fco04XAq6Q!=PWe zlXL-e=aHmvr;)$>DR=0KUB`nVw|HY1Zj?OllNDd8?$3b3-`X0IUjo#-z|l+N^MD%` zyuSb_S(04dnzbRSElH3eXRu>hGx~TZpJbs-Fif4{Dr>GXI`xP)F-1Rji^8pb@ z8m|TzN8axQlq^X-AY^H504U3QGoWNiY(U7;_#i-8-sdAtN|vM&pe&nDq@Bhp0BeHO zotw%iSrR^Tl+{H^<4pjIlK0yIB}>u(P*ztF8t(>JMR?~%N=laGen7;5#*F~u!24!E z$&zdVL>y?`4loY9{|ZpDB)#0UmA6NS>L0+OhUn+-Q|trShs75x+i$ZS5M|W6%fgx zk-w)hIqG*+sHP}<$1X?f`MhzfJ*1$qhUC`(Rq2PFM*bMV8p3-=qL#&RSth!TvFN@A z2`AvylX>3=A@l-aJPQ1g3e<#8UD;^t5bo#8&I8d&|9qL0Xoe0*d?Y14>LGEtBXK}V zU;?QxhH{%D@rji9BqkA$@wj!2u@5muh%GfFQvr1XDDEqa0|^sD2NMnxa4YObyD(8r z4DjE$LH=_`tp0?i6*Y+g|GC5cNC&L>AI1^>b@Z_k$nDdYc|Q8~OMm?Q=b?hf53w||{IQkQ3)O`;RwC7bn`+dfH(!PdNh#Hv3-JZ( zgm}DbUmh1vUMIw>rFgubUlkYkN%198Jl^RyLwuBq`FX56a~*2ZMb~c;)%zfRoYF9r z$`(4*D5EQteWOhJ8-$-#!lfox#95GZ)$#f!c|!3!lroNX)g?51lWd|NF*ce4qvg7g zw*%0NmMYBqL4Yk0`-v{kAR765C!HY~yTr(c8aVRdy+rXP>dsLL9_m#!B)8}lrEwy_9+G#CuNht5^=M^P4M_z+f9z2Z1sdl9%o5(OQ2YjU{{gxL z6&}eC0s7;}1^#GcPAhk$EOv>Ji<8xhUA&h9>>qfa3J6s+syENj&AT4B)Yr&?i_YEn zz-5UXxYXA)!=tVBYFQc|1XvQh{}e!U>uX5<6JQ*)ER9b9l;vFyM(S%wegIIGgB&EC z#zvJ*3)TI{+F92@8Xr{7i`1QC5D^lMk16LR>i!D2iWLbzv!yJDk_d@LjxIQq8Q;7S$A=Kxi)kA^Ib32KzFRNd3Sl`M%Fk?72bk4ToN5edICRI(%` z0QKrP&{zs^hRJ)fQzzYfDFM*9@pd*s5l3?KN0=e#TaeyYm;FRH zC(2-=ONj#jEIXt`M{K-6i9AQgn^NM<9uoY06gmzpI|H%M*%BX>P{#v~#5>E*ic7rH zL&wXG#NK6-;u3pf5{&+Zkm$#>a8!Z+9969DT9)WvXVUX?NPSH{8PPT^ilfav>qMq5 zh-E5HE9OTo&ea|lPnP1oQz>~R-hQ9;Jcr5Y7cJ82cG_mT( zL}=iHqeX^h#u9Ec>nDdkQ6`pBK_B9AF`~#hq=(U=v`@7UgKF?g&ZF^=h3)1+s!XX& z*tQLdMS%&Q0HDBlJ6+M~ym9dby7v;^`D>SHE;~GfXq<^$qcbF9m+1Yefn6l;XDYr# z-EUNUb%gh&0JX9;gjO1Bl=BjG|DocmBfOheb6S+fCN0YQTL~&M5#G77!?cCaN~4Zz z1d_4qBrr_;c{?3ox6FGG%{P)YnRj~o@|!nGp$+BjfbzJyh<7=pK(I9SQ@R$ZyVhIO zo`At0kmOojl!$N5V+An~!Y1%d5a6$19@q74>eVCkI3DC=~5!S{aLO{=xc-Wb#dI+#q>1;z91m|L?H-8n`=n!Qob(W zjXo1xi)z-9JOx;;3z%pf@Me~>x)ws1emQ;Poxjzpm>G}Cz~3`p0w~4%?*YVwH~y}f z;96F*j)cEO!k)Jw0L6J9?^yH3A10MJ$yJX1ZMfax&@V@8b=cT3ddz*af?I0hb0+XF zw}K0xZUvx@lqX>rVvK(cjFiE{d?0?LJWKs?AbzC037fz6@`x9ukAz}EpYbWqk1xUb z@y0t(Y3WsZ9PlGCxZtL*puY1JGOv0x8obzL@?z!2>d>v8F&DA2zUheCGaBf62SSu>%g19Tfn=(hX9|hgTTiC$M#6MD*;Fc%q8Q( zi4d#lY=CjXPpv9W%W+=;d{x|9;Lf=5eg0P9N#GYiJJ36>zlEKQ>mOk@as34RQ$WU* z&B4(Ce-=Fk;CoSXnK(19%){jX z1N(qK0iOc@02p>Uz>zmMQ0KZzKfo}@0~}?a2bhatn6#L%ehIrBz>9zklW8?!egV#n z+xZ%jY3>IwER$xYbqv5TPXtZ_nAS6abAV!iahU}$?Nz`+z+5s8OgqzP^4O$R#zCf; zabcQS1}5(r7v??VV)CAGV&2O*F>j^;Wx&P2H2~vQ1JnZM;;%Sd5*7r80Xe`ZU<_~~ z@I9aqC<6GwOa%BoFcr7}m;qc0`~YCpY_rN(R zoD7@`d>=4naRE5%$hCllI3)t`!Vn!z|Qd@z+BAxi-0cRZGd^7 zfpD_{j;FpVPcKCHv)Oj15a1gn*)Fp!=$(fqF3dYV`+R1&$b`?#sQ{muvjCHaTfw&jPXo^azXDzX z_zTl-0CO?Uz3U3wG8s3vWqq|>j5FiFHivQGv&%TJ?O`67IQ$%(ao7nk?AHKuy$kNe zxHB2>0a?Hi0Dr;Y?>^?D`B-2G@LeDboC!pLvw0a4&4 z;BH_o@B%@Z>i~06 zmSIumLVz-J0m@ttR0B5x`~_(RU@k7sTnX@}A}+aX0M-Effo2`h3_Jil0&D@c13w3z z1)c|X0xtt^0>1}70{DB1xuni}Vc%P)k>kQm>gWQv9Fsae15Itx)!(|hyu3)KLi?q9|1oG z)&mUdF@RzH3}6`V0n}|Sqmyytd(|s}s{rc05jdP~rh&Q{$3Fw+k~$bi>R=q71-M@D z1z;EOTVOZvJ75pc1-uPV*JpsaWF9dM%p>aR?e_%CZN~xQffIo+Pzam}@D=a5Kq*iL zTm;MqxU9llGH#{}7)Qp5dB!-oA@2qFd4Uhe0*(N_0}KR?1p>ebfGfO@2TYtyIET~G zAF|XzKTHeLFabCXU|Na*nHDZ6VH(WEI8aCLI2aww3+j-0z%}{IgXMs^P5|N9cOt;C zZ!u5;@TaB=fv17}z+ZsB0z6=f^NKJ~2$=Z==MxtJ9Q!>0v;fcIVTAOUe=pPL073Gn^XAmCWQ#Pv4tRlp;_X5dNSd4T=xZ-L#wn}E5_0Eqxh1M`w; zSPp!XxN<)D3Si>QzM6B>cYyZ*{*uKp1?Pume%gCp%rr9ZhagUzzl{KLfKdSZ^s&H+ zzyx3-a5gX%V47Y4UII9tV4AuC_T%pZe*``N%*8rV4#+xk4B{04jsr#mCjcC$b56`U zQUS~c%$#QdILqQs0LO{90nF>WfV+YF0CSat%mMlegY%k;fO23KFbAM+&TDT4ZUY#G zEOQygPeeEjgLSVjoqg3o8O9F~Mia0W=&MeB(=zF6j?FmAI*2H$YdQX#XN2z!O&$8W zx^pDr7zBm`#{qc&$9<&$-xHW;`2vJ{A;3BPOyCND&$6s5@>%Gs&ioDXp8_6?gUrRa zJ`E%ztlo9_aB(|a8)WL3i96e*-gS*-b2rde-ky!P@fqlyR<>O-?)?#ej#c@)sku1r zEI_+@I=~-m%tiZ)fJ*?btmQ$e^MR{@N}w9xc(Vpr4y*uf0qz7=0~~)o0B{WY5WsQe zqrhVT$Ck%o3^EEB3ycHu0FLuc0}23+!6pIc0OtYc1Lc4hW0oUbKq&+b-AfWZLg6{CRBz&L=vs&jrZ8Mp|z1h@>i z9N^)&R|4Fes~z|yzssGe+DpatUKmn+|C5PDh_wRy&m`hzys)i3_J+5 z0Lnd^o#=!;%Z_njoi%acJg5kH!ZI}%SJyMG%>ct-S{VknaWi2&1^x?wb?`R; z>m2joV}NBOpCz_&e3ncb$2ztN*bK0a_0BWq6`w6WHty?X1q9d`7? zu+7E!8D;6lxEkHYonJt3srrQg=Lr1G?;c}CcK|N}F9RLG?|?S}`u#g#E*V#*opGgK%Dx4RPDMKn1JXUdmd;-7^zEXhXCIU=LAt2Lo8O%(BxfloP=p6^6gLy$6G7o0J%si+8%w^`2 z{C)Wppa?h<;JlJ^g{J`dd+f_FzXH4l{0?{vcn9F`u$*uH6Rg-)9-d%|IQ% zcdTmxj%691;0lC0i~1z3cYs#_W<_-_W}O_nD_QS1Lr$?&PzC-eINJ)Fu!^B6)wl|mjZJ|IMn$QU;^y; zKK%@U@iy@@@p%?9F95#=80L2%(;pZJ3-7>!xLWmXVI-v7tHwPGn1LI{gtj#a}DhNU5d5JL28WwC0lVXDFbRuERzQE zR6cU>c?h*&1GfkpZq`m1pb?*7$jlnwG7CR5TQ;+w*&!Yycs6`!A~Q{SS!QNdM$2uG zvPmf5qA+PP3)>__Qk=z@n>Wk4JFDd;2sR6oj|=l3kG>Yxf|I8jZPplxInA(rH$59` z?fLXLEk{$lStxVtAL3ayuW_M1u?=GW_>dn}; z^3%LnLT0E#jAv>|8`l8Zge{gCT4{V}w^-Y;VJYIW#AS?aJGNyjCDNKd(n`dTy zRKsMne_hNEb4UEY7RQ=LWO;~Sc3jKZEjxs%{+`uxYy6qjlIvw`_!*sAFD?atjt%vX zOBCBAwpH57nBx&|htzJ&Np00saw@HS_np`BwrQ%Km^7dE8WI2VV_vPIaCqEi#G+OZK* zGsZ@19pcz3ux)TN8xuCjO+yJ|!p}`xwhVDD{-&Y)F=3Oa3Y&48kP}zjs8EwOAt%mv zRIo>^5l|o2Y9vcQ`>boG{h~dB>#r})I<6PrPkoP0dnK!y_9Gtok~yQeZKTDIWyURp z&-&3IRxFhtGud2e+h8QFj?ApOFbmZGzs>Bp_s9JxE>YTU8%x-r9Bha@mDPd$pN)s- zwqdoz=4=~Q$S5`2)!`t4&EfmFIkXKcXB2;;Qg{{%7oX))hG&}^yHe|?sXD%h8*_!$ zd3?!f+R1EtM^nY^D>fc8(;~!q@xbGeHsK(Y8Ggo9ln#w7Kh=bb5aZ)oa`nc{wDLKZ zaiO8&rj$08I903(f5roOs%?ChKjUgo^V$NDc<@V`4C@@W)~qc;3ycgad<$*GEFo^` zsa8$%N}CdMDnfoLfjL`*a>j=h7u&X7$QcplvSs)=B1EgM^T)Yx+Vq0VXJcmEQPN8a zqqxmvhJ9gVXo2;& zE0#P`+nbyFW<^VG;jzx6TJ91`W6fi&+J>o8tvIbm;#6@x4OPkSHh8J8u# zR`{u6I;G;CTN&CdwN=y6WAhNN4BKI9F`hgovu?>v@y$d1D_ge1vvIzodG3=HOLJG~ znA7yK6E}&>tXX4u5W|+RByAfHjAc_J@}F>o!PbHtR3PRMnOVq*)!-uR5LV6LmO1c_ zVL=9mXLk%g2W#4A!oG=V|6Rkw7fSm_I-$TZ2l2%!X=glw`%6TxJ-iCb^<^LzeA4oN9jHu-Gk2Bn^)}I&WIKCy%XwuqwttPw-#nYBJ zqh?tsKi1@}G{^f>8#c~Sbqg=!sN14gPIl9hay4aUEs6098PD1({Jc1{N!*P6XWWFE zWlaxj2h+Y6TQ4qx|4hxrGUFjSJc|~ak)~aiYJO*Gs}EvL(zdt3wAcX|X&-*3b9wF# znW4Ed!>$p}e=}QRN5H%uZAPFy;~L~oUmQO^`+A8vY2W8exqitp zC(g0yIIyuY(=o8AhAA`FJZ>j+JZJEE#kW>zUyJ$piM8`)dR=%p9izB|V2!8v12Nt# z>^K&GFvOAhddQ56hW12$EcxwJ!lab>U5Z>2a=e}>=lk?5^5ar)i8j{eVd*f{uW70Y z;dqP4I*af?VUf#IO@4_l_u)-H>iny>RVw+C@P;Ek`^R<18roEt3-Y<(&9Z)v8+oV( za+=m`D*5O5RDAOh7dA7zNX65_bVA4%ix`RTV&nc2S4W&he2M>K6UB<93N#%+;>%WC zcHa}DH*L9P;~Z_#d@=DBEiQO$kPUyPH*g!qWBK8jkJA49S#Ky`qGUE>vzA+h8uATX z*njaeE?v{ljV+xWVZ07lUteZw!JA$g*8n2-@ zevHTS?e#Y{&ONn5+&AN@j4!V||BOexbYPF03Nz!eF)nG`EaN7f+L>=>LmjXmJ(%{R z#cAcToODcxWj6gx8+lVC)W5Nu_1|dzt691Zm>u3fRfjgt4sSH8wfp`Y8(>uUGc)Uk zSjX&e_R%cs+jyNToDO3qcouDdjc8SNZd?fLq*3; zAVuPQn@WhAf4q(m9Z%)bay4bfc1s&noV%Cij`fT=O+V98#4`Ca&Nr4Bf39EWSWeuW zneTOrHB2S&*|^)qwn^Z;EqFZ>M5C<6QVN9T;LAns%~q`lC0mu}!@F zQ@e4hR5v=de>mqwoRRcam|JGr5o3JAb?Q57oHnhCxE*?F(M?N{=CWaqZx88m9=F4E zY>sWtNStGO8_JU7+p^eh(SA`UzHN%9NNvM@7vJv0LtV<`{!+oWfY?tT36;T~`+hoL z+?669#3daW4iV{%Cikx`!n+fH13Ic@eyAJkJSsf9ex2D?;TqNd>TP9wiy4kQx@Z)S z0C6c&oUP&Q5S^~=^4Zig!F8J6AhIU$MW8Yq?vmqigKMfXyg81?sPtwr9wp+M^=*bF zr?t#yli9-SZ&z_z-x8YgWA8}XDmZOAGB78Z^NOn`Giy$Kr_wBIVS2ehgbDG_W?7Fk z;~K&GeP^uRV%{6}lo;V6gq4f+evid5J4BF)dLr}P@b)6+G)9Op6_+LK#W6EZi_&7| z($EyhoRP|ZFGU)2P=1{1?zk7HEfATFaV%6Uzj3~ND%34T;B!&Y^ahc0N#?V01CB?$*o>K3FOK6I zRtFld&B>&)|-QCBze`1R5wFJhE;|i;mqQ zE;^{$mAUqqoOtlhyUU83(D-p zOA2V9pV9&Gui;rlevF+;u}zz0P4ubK9ul_^{!ES26p4$IGP$+HLuZWpvoR+wtmmZd zkxdup9uK&wCXBB?-;HImslyJe#!nXvV{PMk!2e+>&>D5|O5^y@UHnP2@ay81JBFIE z^z`nuX-;0t=ssaD+cRtme|$DZP7a%AIDW>;;btKePN$~frQY=;e8Zd?I!+byxnRx0 zd1z{GR&V|0<`x+vX}jdA^2-Y8as#JLX8E48g%*nO_#P-`#!C-z(c-F#XRoO~v9?Vs zAjbdSU2eEKGzE?d-}1B5sh$70X~uf4zwyOo!B1>1v7GfUHx#C;4e3rJZmpYy)9==bGlu7cZ!9!Yu~z%bEv-c$|u9Aq+^nN!mu46W?i$3%iQvj1P+(BjZ|b7uzdc+W$Uoh3RTQy!?E1jm~ND zEEb>b`)3hWCNJzNgVo3-8-!rin3+KbBPOQd*gmYT3Lw++YZX6)<3w$Thb31%D=R=$MQ7Zf&7#kga|mA3wiD=v|T zj6W|4js2%3#XFVaMgFJ8x6DQ1<3pEieEp7I7|#&XCA+xE#RDa3jS2WO99Xd=_r&)a zsmFj%t>59yYvgg?^kZ4v*V4NW&LX}0i01uaDL>AX@jo6zQVyQQ`fBW^yCam3$cJg~ zj@^KbWwNw%WN7lnkE-v7a^g`n+!ES<^stMDWZ({2-dkFgF}iGIWmOLT%3z!U{HhvL zF(hM9WxR(}H=y<(Tt0C0Xhs|FOg(SNn9+mFhLmOu88NtWOhr}31yutFm4_)CbK>2r zEMvV%6)qhTCmcL-MAeY$s#rJ70tN274@zP+_uU7z8ak|UbXEUhRk+{RYk<0!jbsD` z?YqyQ^>5APZNj=6Hluvxh;wqn4=ySus2n)roFR?#89rqA=pj`xE3^d`Eo1a~{fAUn ztT#VAHw5<>54>PV|B>fcWt=}^^ssYA3@ObSjGK)!jynF7oE|yhR^gn^!#T6T1Ix=t z!y`s^=Hhi8J!Ejzu#qD=mvcb|@~LxjI-jslPUoRR&mR$=QVO0LS~{?5V48$~qm*;c zA70TpG;&xIafPNP=KAT6_19FRrloGIsTP03^)qb5Fk2iZjW~aJ|H_f)k0=du3M&Nd z8#kBrN*g?|vU1FNt)vQRYY1%<%J(%l8ZFG`9XO&iBW(ri-Phf9gDT<%Xg0{7%_wbt z!!F>rF^7d-uZGnlEBQp)OyU+g`oe(~`|k5+#c{LF7(8h3@PUI-*g4t@!fxYBprvG% zhX)O-8eKkYaM-rOPT^15_A_h*K7Z7s$3Z!HgDXdl9?d(_J0E{k&fZ=2Dd-~I5DPv~_@pCkJBI=ashCw1?2@*xGAbwB** zL-y8(cCs-IA06YbFc1Wpr@wRcn|Ums59THpnK@00bGl?Oqqz#?&HcR1oWJ>Cx#^K| zF2RJ%;qSu%=B5t={8|3V_<$et`J3}(4hQ-F0>3%!VF;vnG0gU2yq5~&FSVW z(|ES2{`^n|=f&R~;D_Zj*9R1sPhX{S(gzm)tekGj;qQD*$8t(xKA2Clof)sSIDH)c zG0uTCIJgAOK?P2htKe;94yM2d%cOBbXvn`A?jm#02hM^y{J_dI{6^7@1BU*g{$237 z3LIZDx{R)>jK9m0Duaa^&zXOw%Hi4jFX*IsJ!L z4jevYy~r>gCA!3C2M!ukIpl)%p2lZG*86*4csWe%5-0nUQ2DSCm`!{dn?*(!e5Pjj z5WHA)iJxWZ5@#D~il)WJqPgIYipr4{*z*3jj~pa&%f%;s!=n&C*V|eZ-vPg|vo<~| zp1{Yz@K;y-MqCD=2EDt+SV|o0TpO@Dcf3wW= zNM#H~AeqlCMR_yvo8|GNIed=wn}UB{9{ZsIX>RUKbmdD$FlIV=|{@@ z7$L6D|0$0j-P~}#JSwI~s{0BAlKEWkr{eN*IojwswsSia=H)fVAL$hcPdApqkB54B zRVc3>&$GOC%42!^Y*5|;Oq5<_@N{Dtoi`}25G!OJVk~b<<*~fJ8T$SFFsFOrSkZS!#vh+y2|6L2p_$6%*e5q?VSU^`xV+pyQ+XVA6#q9q%26KIWqPFY9@wC~?B_DVt0&9b9{*B#&u>s( zpPle=Wt5p7XjI)Wf(cK{#W-({M(x3l$%Y&moV~q({lGI35g$H zh3Aa;tLfqK<{97o-t-L1Yvq69ZyqU{9$6WiH~j%+g(GrPC@UOM{cj!-n;u#C`WAm= zg>&GhNLDza_}@GtG(ED`d!^_6aZs>FRtERHrbkxTbNp{^`Av_k3~sqikF1P6n*M-r zU1o#7y~X)FU-_FJS?g`7e4cBm>5;YG7Rl%LYwfK{#_05A4z2R}bTW_Ush&Kxru+h0XcM(V4wprT3%(w<*MWg;OLLxdE3NB&8E3(G(5-SP4D*8hk8$SHt+c*4ynK7S zN#n4Z)0)K`u1~s^*4@2|bKTOdRL^G>=ltnbT9#K7XEo@Q|Fz;=R=SmzaU0B=b+`m| z*#{MDzcmu@s5Ns~yAzPjZ4=J95IGx&u!*FrF zxroy#j!v^sXI@d8CKqGD7SYJhLq47AxlD2HLv)(&cZwGvPN#bQrg$OZbjsh7?Tqrd zpV6s492&7b-)!LVsF_3crTD{K7Ughgv1AS*mdqislQ|4wawcAD+GBnkwyP)R!8nQz zPV1M$moSc$Fbrf`zg-zeus6zhk;{b~u3tK}&wGk<{n9D^nc`f(bZUp+73cb;Q@d@3 z`LKMhUpnRQq<9YEbZWPK6wgJRPH}z@8SBg|mmIp1=GD!9+-J8%G9CkIJXed~W950+ zxBklQ8F5}U(5cWt|aco71Unw^W>MPN%jlRGe*2 zr#9pex||oU!XBfX9OTfg_5|=aT{&0b_XL?&YVVVIMV8BusrR9*Yv%5pGS)A1k7(8@ zGcP(E!|k+mE1Y7p%{eX2<>J3goqC69u|M#^X}6L)nOQXBs7`pFK{Krz<0z*Hzxgkf zSxjU9;iClqIBXvuN8?{|Z<%G5(kQ14zxgkfQ%+<1=A#1twvx{`*T^hqGL3Sk;5YxJ za;DPR_<=_q{%s}SVV)_ooOv|LsmE{rOXbX`u}=9|fPY)bubG#~EQgDoskbm;J?iZV z-2EWKFNH#d4TyGGut_pKh}Jy`5JR* zTP@20T&Ul)?e3x;?+YUVL8#b2g1?N_wgVGXT)ghO?uePna&xM^B` zMMlc!Fj^_z$>JP7E5#2oA8qE4y(x!ZQIUKTt@_+gt3D6W+9sbjzhyb^TKrq{W?0r# zP8(X~>~22Pat^on8RijY4&j>0oMiE7wAz2V#qYED99qjY*K%I6oP`$Wc|t048LerT zTh4cuv)1CwP1ClfH7$oRP3^F=<>Xqtv&9Q({Nv+vGlxY^@yX_yW)2;ja-O5r{v56~ znM1XvoF6Q{EsnJ*rz?%;_}JIt97Z|ioNGB84mZUwH(zHt51T)wwe78<@sE$y_??dV zEpW_E?aA|zQ;z;X_@IKR3g<#X87RL(gTA8+PRswroh#UC+qc+!;fZ;Nx7)-tZKb^UAZFe9I}aobDDs#^R^Ys^{sJGt6>ESo}hZUrKA*D=g18?nEN6)MT+114@o}`uxzuv5x14F_>6UY!#b?th=Rf9O%v<4HFXilGKE`~uxzc=- z`C;=S^QY!t%)irW=T6vulMkd-=R+)hrg^00jJEg<<_9h39~OVp{DtLwZSfXuo9eSQ zt@>+GNd=IDh1+CDQX?xzmoI`8c zy)0f}@q;aXtocmy0L#DH;?v9zn4dDgYJShWnpWMm#QTP{T-(rij*q>}hgnV!i}y8` zTTX?=uQcCbId@z98S`6~^RC6eGq*zBQ=Qw=s&k&X*m6oNewO)s%Nb+w>&^F=pQiDT zj|DWgT|PddwQYPtt3JP2{CA6QjccMQe>+M+1^DlF%G zi;uJTm9(b4#&T}8oI5T4fW;r9HSLp@^NQvC+u{ut|CrXapIOe2mXnDK5Gkhxt+v{l zR-5c(-qmvQEq(y4c^zyy$68Jw^XZl|$l}9kl{3n6F0q`e%-34ZREyt5tDJi+=W)xa zH@{#xi!A;Qt#aOnd0gVP$1g2so#kZUB0|c+$I=?xa7*)cw8}i#e3rS={5SJm=Euzo z&5LQR$FI!Ia6K~3cN1DUdFEovDY5ua^Ek`7)Z#PD^DL*{;%}KhwVag}&&D;sRJV?_ z+A7E5hnvr^oU<)nWv;cH+sseWICk(+PvbnBkNI%Art}Wu+80)szoa$oj~3qq7xGg6 z*5>VLf|(ORx)w3h33%b8>GxfXxT;;&o$Q;V;(`1iEx z!yAs$yqd$TGq3mVWbs`rz8B+~w$OZ-<@ZoNuN9wUIRh(fQ^A z^8x0A&BvKfH1{?4GmoHk{io7A#vHB{D`$emCz>alrSzv4%fHSH8hKdYu$<;Y4Kysyw56?d8)a; zd9b@Hm@{)W&Y9p zit{aLL=6`Sl(t9_|@b-SRAcfcao^5A#uGetl&sllSE%4>S)k4>$Ac=Tm;Q zxyF38`C2o-jwDUXuUkoe!2Gazu9I;hj}*@_?_u7{%zo9B-_0EQXjDGGf;{E)G50l}V?NJZW3Dxaejk;8wZ;E# zzR7&M`7ZM;GruY})$>_1@1INYSIzvImlSU>FExK*=GVTY{2$Hy`j-@M&ORC~SGJk= zucY`6=3UKum<{svw%qN&nHup0RFpo5kHeYP!*JP$T^FEN|>&^T+$`rrNe6RTd z^OI(NO=X()Me{4>H_dOGKQ*s3hdwg3KfgvYmH)e$Un`m7Tbj2q?_u7{ypMT*bLeZ+ zd_!NGe5~c1U_RSC$b7Cj^v$Up-h-6t%&%TdzRLVJGrx8)5K^Y`XWa7`t( z3GYu!=DmE$+n9GWcQO~43(bd^yPHokpK9)J9&D~MSDP;}Uv9q9e2e)m^S$P|=6UA% z<^|^0&HpjKZ~n-<(#-3IscnBVhrVg78$Jqg9U|p)Ggp|a%=eh@H~-iCsX52`Vfj^- zXdAWIo z`5W{1=1thgs=94v-om`KIoIs{*Lz!hKl7pH!_6m~Pcxrw9%LS6KHpqpt~Fn2zQ%l; z`A+kF<_FF5%=PA%&99l?GQVs7!u+*4^l_{Gn^`|^D|1_O2XjYrXBzt+AA6g-nTyOl z%tx6|FrRE5WFBh1zK_o8K_MW&Xtcx%nIO z_vYWs&DbZdHs8X$wRuN#Cv$af&6k)jH%~E7HBUFs zFwZj2Ha}s0+Pu)b*!+?C6Z0zbYV%t2I&*Vemrd&^+q|uL2lKAxJLURxEQRWlO zC!7132bjY>655u+JreT8mNVWw(LBjK&3wE0Uh@OyIp(?Mm&~u4!~Gbl+uIiZ)V$LC zt@#IYxMxG z<{Qj6n`fG5ndg}2nx8YjU|wQwFfTJNH-BmNdsKK6f7)M~o3}P^XAbwPXdUHRd@plX zb9eI*=3eIB=F`n*nMar_&11}C%~zPOGGAxD!92q})BF$fqvjXQubAI7zinP&USe^RDK6bAkCl^C9Nr%_o^JGLJJ~Zobld zv-wu@!{$fKPnw@GFEYPjUT$7t{@VPVIm_KQWKE`~a`4n@hxy(Gue7?EHTx-74e2saE zd8+w7^MmF`%};_gTf{P)}AI57slqH>_uh=U5Kwnc|_IDu?w<@la32SuvEq<}gm6ayXtt zDszCj)XcE~Q%8G0!#6GuNBv zn-`cDnirdwm>bMX&CATo&8y98%xlf-%p9~WwRv-Mw%PBC3*+u-y?3;n9P`HRi_5p1 z0&}66=socE+@ zo6I)1Hn%gkH+L|H`w3M}xSvqYwVXV2zPZ30?laW1;XXsT$a0F!CFY*yUgqBBa9^Uz z4EH6<{VZpIxzt={E;m=0tIW0L3Fe9BN#@DsDdwr>I`ee%4D(F$Ec0yh9P?cBJafHy zzIlOpp?R@+iMheN)V$2R+`PiP%DmdV#=O?N&dfn~(zYG$x74~0_gl)XEvKEiy*bC6 zYtA$0o5MYsDnHzlDR;A+B6G31#N5-|%iP<{F`?2j_BDt5IW^yKKc`%3Ic4T@bG5m~ zTx*_So@kzAo@}0Co@%Z$PdCpn&os|6&o<97&o$38*PG{?7nm2C8_Y}1%goEoE6l6R zYt8G-9Kb29yXNM0c7J1ga|d%rbB;OJoM+BA7nlpp-ONSiVsnYPr@5E8x4DnGueqOj zfVtFMW-d2Zn5)dy<{ERYd4f5NW25)xlPo^jJjFcKTxXtco?)J8o@JhGo@1VCo@cH% z&o?hNFEKZmmztNEmz!6ZSD9Cv*O=Fu*O@ukR=V!d+?;I=!#F%L$AC=Jb})A| z=a|D-J?XlN#W|K>DyP64#_&;oH;WgUi_InGp5|WW-sV2$zUF@B0p?P3nYr9tVXiV) zn`_Lq<_YGB=1Jzs<|*c><~s9C^DOgh^BnVB^E`9CdA@mpd7*i+d5O8fywtqRyxhFP zyvn@VyvDrNyw03~?I>+y&CS{7*5-C*jx(C3?O^U`&N1hj^UV3?0&}6c*j!@nY3^m_ z*s7^+99J~CueqOjfVtFMW-d2Zn5)dy<{ERYd4hSOd6Idud5U?exz0S@Ji|QGJj*=S zJkMNjo^M`YUT9uyUSe)AFEuYSFE_6+uQIPTuQ9JRuQPM-&a|$Zo3qWW&F#!#959r{ zM+b{{H0PLe&0%~nO`C7=jon+`&2l*QZ>n>#xy0Pl%rSyfei(C1^X+5tzUF@B0p?P3 znYr9tVcyt%>@}7%(LBjK**wKO)m&$uZk}PDX`W@CZJuMEYo2GWH_taOFfTMOHZL(Z zn3tNDnU|Yam{*xso7b4vn%9{*G=JI#IIeDTwz;*rotfjvru+`(j^;dbzPZ4>vHSds zET`C9V(w|~W#+iXscwDDea-#M1I(r7GIP0kW1m5&wwxMst$BiZqIr^evU!Sms=3ZQ z-8{oQ(>%*O+dRiS*F4W$Z=P>nU|wimY+hn+FfTQ)Ft0MNHm@E;>cndVvM+2%Rsx#oH1dh>kqV)GJngL$cWnR&T+g?W{EwRw$s zt$Cf9UpbSGSIy1Y=GNv8=8onZ^Ts}R6UL3yYkh&`7n-}7i_FF55_4~JA9G)GKl1={ zskzKtZmuv_nXAn;=34Uv^F;F`^Hg)4dAfOqd8T=mdA50ud9Hb$x!yeAyx6?N++bd6 zUS?iyUSVEkUTt1uUTa=w=78^w+ow6(+}hmE+}@mH&Nb(m^UVe3FeazA+wd7BIebP* zF1Gv<^B>0TRDN&E>0=&XE;W~#%gq($Ds#2D#$0QjV4i56WS(lSGfy|qFwZp4GS4>8 zG0!#6GuNBvn-`cDnirdwm>bMX&CATo%`42S%xlf-%=}8O#_iLbZEkIDXKruKG3T1| z%=zX5bNEbF+72yVV(w|~W$tSZpU+Y`;qzH?spW*vYAIfB@d|VJ+?H~}=eFb;%c(U_ zFi$j3GEX*#&v~iL=@y@1o@t(Co^76Eo@<_Gt~bv&FEB4OFE%eRH<*{2mzkHFSD06s z*P7Rv`BiX@+o3spj!bRU+T!iZ?adv`9nCrBTyvf|-yA-Jrul}?pvm1Vr^wvX+{@hC z+{euC^GwSdKBuPg!{^lGQp+hbmzyihRpx4Qjk(r5!93AC$vo9uXP$1JVV-H8Wu9%G zW1efCXRbHTH!mXe%+==bxj&Ut zYw-!@iRMY>$>u5MspdNKbn^`JO!F-BZ1Ws*y?MTQfq9{Mv3ZHP!MxPG%)H#Z!o147 z+PucR*1XP~-45F`u5EzB!D!t@##OyqmemTx>2e_cU+p zbB=v1r?0u6d4RdpTxKpeSD35J)#e&=t$BiZvU!Sms=3ZQ-Mq2SQO>fQ+2%Rsx#oH1 zdh>kq0`o%iV)GJngL$cWnR&T+g?W{EwRw$st$CdpUwYcOJvTRJn_HXPncJH?m^+$t z%(><~^Ts|OT4*`l%thv6bBVd9xtF=OxsQ2(xzt={E;n!NGpE&-Q)8|*PcTn3Pclz7 zPcct5*O{lAXP9T2XPIZ4=a}c3=b7ux^UVv)3(bqoOUw=CrRHVk<>nRURp!;^HRiSE zb!L1yZqs&d&NjC;w==glcQAJ}=a_TNVLX2ww>S3r+(OImW-c=KH1{(1Huo|2HTN?Q zFqfLk%;n|^bCtQ;Tw|^^PcTn3Pclz7Pcct5*O{lAXP9T2XPM`k=b7ux^UVv)3(bqo zOUw=CrRHVk<>nRURp!;^HRiSEb!L8Xbvh4eZq7EhHn%hL`)t#+Ip&Rh4m#g*3e1J( zjeSE;>cndVvM+2%Rsx#oH1dh>kqV)GJngL$cWnR&T+g?W{EwRw$st$Cf9 zAEHa!WOH-2xwW~SncugZrtM(vXwEU`n)A%zyEe3K6j;2_+|68ME;g5#dzyQhdz-^| zc4)qRE#A*Oz#KmFuKY5Kmzyih;dAlI51)&dYbI`ee%4D(F$Ec0yh9P?cBJafHyzIlOpp?R@+ ziMheN)V$2R+`PiP%DmdV#=O?N&YZ!|$ZLHyH)oq$o5L6g$`4~8$T^miYYyL=qnvz; zhp`b94`U<9-7KfbTx>2e_cZr1_cr%2_cix34={&u6;z)vu7X@{IThwAbG12)x1ecj zEk40K(LBjK**wJ@#$iyIbrzp)o?)J8o@JhGo@1VCo@cH%&o?hHFElSUFEKZmmztNE zmz!6ZSD9Cv*O=Fu*O@aoj)B^(xw)OWy}5(=58tn(a&j#v&zx^AFc+G;nTyO}>@d4&ibD6o^Tw$&$>u5MspdNKbn^`J zO!F-BZ1Ws*y?MTQfq9{Mv3ZHP!MxPG%)H#Z!o147+PucR*1XP~(ZRN7bGEs)xt+Pa zxr4c*Imeu9&NJtm3(SS)ZssC$vAM+D)7;A(zVl1lb03TMHTN?QFo*92)3jw4FE>}1 ztIXBr8gs3Af_b8Ol6kUuig~KJ&OFmR%RJjW$2`|O&s=YwZ(d+tXkKhyVs0=mH7_$S zH?J_SGOsqTF|ReRGiUJo$h7X7o3qWW&F#$X%^l1g&EY%RRDQ0-^UV3?0&}6co4Lr` z)7;D4+uX<8*WAxMz+7rBGnbny%vI)UbB(#yJi$ECJjp!SJjFcKTxXtco?)J8o@JhG zo@1VCo@cH%&o?hHFElSUFEKZmmzr0YSD9Cv*O=Fu*O|k2>ZR?O-$N&7n_HXPncJH? zm^+$t%(><~bH2I29KN$p_338uB6G31#N5-|%iP=C$2`DXYA!REn=8y!=4x||xz;?v zJkdPKJlQE;08s_cHf3_c8Z1_cISL zmzvAW<>qR0jk(r5!93AC$voLS#XQwqXP#-EWu9%GW1efCXI@}lXkKhyVs0=mH7_$S zH?J_SGOsqTF|ReRGiP+P?bDoXZf)*h?r6?2=bH1(`Q`$1p}Cv6$XskLF^BK;)c)1W z;=Rp%%ze%M%md7&<_dF_x!PP~t~F0EPc%<5Pc~06Pc_$>r<-S(XPf7k=bGo4>&^4c z3(O16i_J^S4d$ihW#;AP)#f$kwdQr^41T|AI)0k7&8^Mt%=E>$M=Beg7^K|nJ z^Gx$B^IY>hbG>=Kd4YMMd9itkxxu{Dyv)4Zyu!T7yxP3Ryw<$VoUxN_&*paK_T~=e zj^-S5t~t+~Z!Rzwn!A~c%*Eysb5C%*O+dRiS*F4X>z`W4B*u2EtU|wooW?pVyVP0ikZC+zu zYhGv0*tu!_HaBORTbtXN+nYO>JDPLMx#m1`zPX#Z$XskLG50k0GWRz3G50n1GY>GA zn#;`P<_dF_xz;?vJkdPKJlQ(00nsdy#<~(!0xxid#?q)7B7n@7W zJcfbGf;~TxG5{*O+U~6U-CMlgyLNQ_NG%b>`{j8RpsM zIp(?MdFFcaeDebHLi1wt5_5xjsd<@sxp{?om3g&!jd`tkojGF{+iuP6%go&!qJkt6ApRwBC2mG0&x2#&YJFPsl`E^SzSRyz)?XD*w8zVU?M& zJFId}M?Sw3osa%9t29K$a1R;h$@u7U#wZyd!^^l(#;pt)V`X%YWn3cTQdhO(@$UWdM(H^ zXL%I7uRIz)P`&^@OdbOtA=kji%H!Y@@>TFKc``gwz8*ebz5%{i zz6riWz8U_jJPp1^z7_tvd^>!zd?$Rnd^dczJQIFEegOW5{1E)O{15nPc@F$9`7!uq zc`p2K`APUc^3(8p^0V+q^7HU#@(b{n@~iN7@@w!<^6T*L@|$oAj8V*O?=85MycFI- z{s`VyUIFhYuY`A%zl8UcSHoT9Z{hvqweZ1m7Pi6eaxQ#~ya#-;{1^CixidUSE`ZOI z_l2wEgW-$hLt&10&E@I?Un!Tv*UH?#Z;-Esr^z?KcgVNH_sVy}56b**fk)&A;3wpV z;b-MX;TL4?_pi!N!LQ3t!*9#{o`Lt}f59KiFTkJ6{LX=|^6PLW#`Wd0 z^ZN%jmEVRpm*0iAlHZ57lX+a(S^h7)oBSEPm;5=rx6I?s0rFSyAu_+Opoh$3&(ZSF z@Ch=HL#N2U!)MAZux$>MTfyhZo5RCp9-l_b?cp)bp+H2jpzW7u=@@$gG>Z+NkMGW?Ew3jCqm7v{LlTz6-{ zU&%b?t&#h~zsiH)EWGY9zZ7mQp9AytknwZj9prMjlgwk}U*t--K<4psfB8bVNFD

OuY;>)9(TvdH^3YxnaeU2zDk}3PnPe1 zZ*N>UJ7s>q0mndQId8)c$?w7(_n7hb;V0!!VUBgo_~-D8@)z(z`D^$M`FogS z9W$Tbb?|}wE6nkY8E=Mtbfw%J=9tEeZvy`yXTu!FnDNcvX829FhO^~1a2uJ&>Gtwg z@Q(5}@UC)4cu%`H{VUGRF^>Q`*zWg`%WBKp!=kks4*K!^Fy?i_Ti+m@{^IVpBH@vAl z6W&~Y0Ot31G3Oz;qx=szN1g-kOXD9O2g*EOJxu2L>Jc)}SC5tR;6CzR@L4j?MF-1; z@G!X>Tqzg97t4pjm&nENRdNZ;adBC$nSToWkj!(}IWo^( zpOks-%JFZRKM;OVE`>SfE#v3FZ^%4f;6d^#xJ>>I9wGk(SIO((i{#(nS~(N1=~u|j;Yso) z@bz*wJXPKdzD;fobIe$_XB+r_c?+21#4^4M{FuBu%&}n^-xGdb=J_GVgJpbwc#(V{ z%rRgY=egp$axu(tUl~6f{!}i3Io2!VN5S99$G{xlmGNHiZ}RbQbG$cYyf?g=d=lJF zJ_X)J?hAL6&w_W62f}%BDcnUK3Kz=5;DcnI-xkXw;3MTqxR-oBe3H!fzJ2A3;Irki zaH%{VK3BdBu8=Q>FOVm~H8RhoFO?_56XomSzsY<*Jw?6|zD2$n=6I@XH-5+0J@Oqe z$53UQ@3a3Y^E{m6rZWB@{ER#s=2)qW^ZoZL@*J4sqcZ*k{Fcmfa*m10INz85SAGuW z_^6EYoct@9=j0p{mGPJ0pXHa~3|wqrd?CDv{BO9m%yaTB<+tDtas#}R{2rVu^ZfiT z@-nzU{uth0{uC~fSHOqMD`Adb%KEH=kC%C_-bY>ypCNw>50LrYVnbz~pL5JomeUO9 zGnF#W)vINmpO2Gyem+6o0=`P#3jVvi4O}O02j4AsgddVS!5nLp^W7DGQr;cr_@a#G z!7s{t!3*Wi@EdXg%<)B;zYqL@%=3JXDa!bP@JhJ|<~X8^9|r#*^E{tphcey^Zq_RL z1UOsfb&EDK&-2^MJkQ@=J`K*1d7i(!%=7$wc>uhR%yav0GSBS~l}EuPaus}x%=7l% zGSAgdm22UC@Y$I<6 zca(GBU1VNI$&+`7yU6))q0DP42g&=u#qt60kuuNQd&!5uC&@f-?<@1V%h_@dxKut0 zK36^(=D3<%u4CZ~ZQ;MjJHZ8VC-^{_*HI3W_k)j+c^&0g`5?HDTm+vb7sEs4 zBjIwnCtN8X179p32Xkymwh6DhTqE;)y8bTrg>RP6hVPVl-Q@xK0+?e(vYfH-({e5R zqI?Kaj72ImRQ)xdvV-Ukk66d2QwgncvgJF&>$JBiy1*^v!S^xejhG z-wE$1-wp3B&xE_m55nDKerMOA@*{AG{1|+U`~=)veg-~Ou7~@{&%=XcewSC7%qAe-Kf}+;8Mv0f zF%Oy341Qg13BN73h2NLAfIpVEfo(J;rpW6lNe zmvS}yoqRFOaqXBh4sNkU^d)c`c>=txd2YiXlYn*?TyTI4T1@PZxUi-XRE`)EF_lNJ6c}?^o`5>6%fN{U;1wSbdfI0RT z*e?1sWPw8 z-X?zxa~v(UA+OioFMkem>@3E4?e;O5*KRpp7USQ;&&z9Jj*-RqFYqGySD52sG5$OJ zuG|dQ{5TdC<1OG%WnSy$_*aa#hQF10-IrrtG2Q|GP2LG^j{BMz&w)3ScZJ)@yav3D z%xl0M<-OruWL^)>laGeG$h_`bD4zl!BA*E#Df7B-FL^M0k~|ddD-VOumdoK%c_e(U zTnSgm=ffAs)o_h`F?_i^4!%;p1g@je#(dlR*80MHxEawQg1u8}Ngj>nS!&}I`;cexU z;2q^Y@UHS{@SgG+a98;(ct3dne6Tzi?k*37kCKPM$I0dJ$?{0}bh!%dFOP$V$d|z9 z$ydXpWcE*8D9?t+%Fn@<$*;m!%8TG@<^RAp$nV0_)^KX-{Gxg_HFGTPlY?lx4?VI?C0t% z-v;k1v(M{5c?Nu#%>J(n!m}*I(sV;cMhY@ZaUP;hW`m;M-;PZQU(@1V11zhyNk7KkIRseOOP+U&8;A z*>Cl-{2lyn`3Lwv@>=*k`Dgeenf+Ox$(gv$|D~J-enAxI{$1uhX)U&k+W`B# zTFLD5+CpZZ*S0eIympk?=e4WMKCeCHo#3uA?@8NF<~?Z#%U$8_GW)HLlDomj$p^zH z%ZI|J%f)bi`EYoM%=_8SlaGW)$?WI4Q06^sW95_J%jCZBl``)`yH*|o-ypNEYMRWx zDvnFT<0tR$dQiR*eoVd@epY55(+e{Dm|m6dhF_Ow!f(q@!0*evul8g4HTZLx_kevZ zuY5oChBu z{{=ooX1`Alnf*RT%e+VH1etw3r^rR{nKJu&2Fkog>l~T)XbqQ-gh$J~M{A6H8a!S; z1HN45eOXt_ycg>_c?f)yd@g*eJRH7DX5Y|#GW&)emal>zl_$YZ$-J-WIe9kxlKdq6 zn#?|+H|6>8JMt^=hw^LiCo=nkzL41;^o{%${G;3e|0@3%&e|bv1MC}WDSrmHl~=-B z%d6lW#|^pRW*uaqx>zmwVD#PLR02j1J;qGR+Wa2t67ysdl%oFlXEX-}E=|8|xC z26vO$-_%`Zf73DYRQP217Pz0xdxVF`x5Fc3_B~xFKLFRt>~FeKo(o?uvoC3y%=?8o z76+GcKK!8kGW?jl5Pnu(1aq7X=D!ZVE;qn$%kRM)LxVY=z@N)2;BV!X@Gmm^lA7ZU z7V}rbo6Fz9+sHq_9p&HP-DLJLb&+{La-rM;K1kjaE|z(p^3ie|_#~P4ET1WF4VTL7 zV>(x6AJb@=_cGVW>|?rI=6%gq%lRzj_uYeDic`x>{GVi}WNxm6A zQ?7$KZUftYI((kY`?4$L8SogH_h?@#-w$6cKL}qhKMdb2{}aAbegb|#o(KO^eir8V z39Q5O@H6rY@JllL-8g0fb9hhp+wyyb8{dc@Ov=@=tIVnf++{$?PvHk~e{S$h7HS%0|id+v*lX?I9oih8;X3D%5 z{vnxtXLDrsojobP1=q_B@Qd=h@N4o?c!~TG{I1OYvX5l;k*$!~NA|VMez70qpWt6* z-c#SaQ(Rx{FKZ?L4sR(p+Z5;RGViJ1S>6WTO=iDX7r8ThfP4U4EFTIVEq8}|%O&vX z@-grr`6PIld{R(dxS#wmJV^d0TqZvXkB}dSt7P`0T_m#~tyX>-zCva{+9dg9_*NFBX1Q^_9}H*9hrn&*?r?j#2fV#}1e_xu1@A7iKPz887T!-j z4nA1!4R@E%f{&61z{kn#+d5fhzt!n7`>p!R?6(>svw!M5nf+6vgAC&pIhezZm;V0y$;b-M%;TPoR;8*1r z;n(E_@Z0jM@cZ&2_+y!$llWYI1O8h65B$B{0RJMt3uo>Y*E>H;v8nt4yt(`lyp_Bh z-cJ4u-dSD=?+eY$>+jv%ERGzc?tLHy8$66giSyUikd{!U?YYA8d@sZgkYi}gd{)^gqMgI z6fp#=!JbESQi@bsv{wJW-^??~aIy7#&iViU=bZgy z-u=$A&pdP4+1cCd6L6*Q0C0`)VDJsXso+N8IpEuc`F`+D;d=0W!cp+|g>MEwBzz0_ zQDMIOdrFw^{+<`U3;dce-|PKa_#W`P!uNyU7ycpmufh+2{~^rxbYBYdJzWA06dqqs zfy2VjfcpqP2aX8803I&nk4FyE0)6aF`Nmar3pbE0qz z_&VWuaGh{x@D0L=;2VYcUTlqU4{)>a5b$?}`OfQpVZQVFvGAGT$Am|NcM0=*u4jca z!7mDr1HUfJcVxd2o&Y{5JQ4hnFu(0ODts~cU&49d&`90>mw~$pUk>gq%y(f!gr|ek zgs%i=2=g7;Il{BS*}{BZc8PE~IA8c$@C@M_!B-2f2G0?u|AcwM>%fbIo50J2?*ump z^SiA^;rqbrgm-~kgntEY73TZ0ZNhwC_Lwkz&+Ha{7yP{NAHjQs=_g^Iu=0l>+$|RK z&xMD84+(qVe+cs(nRBLY^9*no;c?((VZP_;Eqoz(kZ=KbsBj&4r0^>67~zfJ@xl*) zCkk%^=L$ap&J%tNJVkgHc)BpZMf#@jZg8pav)~Hh7s2y|_kkA*zX@I{{5$YU;dj9| z3x5Q@O_=YMHVFR>yixcl_&(ud;O`6n3;ZMDFTf8A$AoZiD9rDho)Yc}{)I5VU3y8l zANV!lf#6>Y4*~y9I2HV!@EPDg38#UN2%iQ1R5%?RgA+c-vY5xy9Fws0Q!JmGJEbA+dWFB6^$o+3OQ%*DmLOfCrsZcl~$^ucj^ zX~q-)$K^#1mIwmp1DVC7O{84XDt$>ijB-iqlO^p$avXlJ;c`<%d-N8?i_tquvE=@kN_U!6qIlI3MM>mG6zl=1sM7Gx^ z7dPf)XMeJJY;tr>B>Rd;bgrAdI9y#HDV`L`zR~r^cxTMk9>-HZ%xt>HPkT0c zo4?UplM%Vc&w4w}E6>>el)w4MzJHrvzjk}3zj?S{o`3MKe(_>|Nly8!`b`J(6i+Q* zTYo6}pyHr>Q~l?S`BYg@f9S}+{UbB|^3R)|^rLtA^|NAvlZo@4+UN+sK0oVi7Bd4GZrYhhTu{HZ{Lt}H zA5Pr5jnSO?P351XaZo?B2b<^}R`lTI{`PZOeAIXEe!nHZ@lgG&3RI)1(O(ll-nh19 zQ^m@1*1YKsRC{B%xYV!M({iYOSz|_ZjSsygZ?D-_zo7B+mdfZgKE(Oell&;^p3^w> z$UpsqA5s=H&G1`hRlnmmrJ~*~m7BNvjUMuh@lx2#Ze#e<{EucGn7HK7n$IhC&0MRS z0F_VNIB=gAe%9;J<|QBhxW_XE-7uImZ%J+n@7~-Rem2O>3?{r1dT>KbaMAgpeL+rJ zkbN|`Fn6Uw`kY*DXUCly@j&rG>>?A$ls&-5m=zP!6@>Vw})4bEu| zvfgeTov7QlW1Se=;7y3?47QQ9A?Q_qsBzEUcO#pB6p1eO4=gCk-@om{T@S1*33_kcRqoaVsr9ptzg_Tc zzvc7D@JQo&e@?{tS$J>uG34m{I9wPE+ds8vOZ8#DJ~*<`Zw`j;ZSkvb^7rp4TI)X; zDR{>}kWs&>&>L30!mkO=sNa*d2mQM+7+&KIE%Z`x=tLMDQ4{nj^m^5Jy$d$_)s6nf z@EWfrXq;NT(JyH98-l*gLB9s?jFy%43(#$fGFo;u1Vb7>hbctsw-p8hiVigdUgII> z_hAU@KhJ(Lf~kP`D(j7~pM9(_h#WzKogXQ3o!^9;gJIF?V~wAqHCv`e3yw7gk&QkM zz2@MIhQM#x);Q|OVL!^sWHe4}*;Oo&%*F*RQ#a4mThba=wglBTM3mad#>AFMvt+TdkoLulp3y6=uk z!QhhMtW?h{@y50V>22P4G%AXGmxo41o2{)*^$X_u2j79#*(JgFrZm4iv1Ql3AbI~l95NqP?ybPk-*njjDE#59 z{mWX`Li2#Pzw*OPFuXCNW!XM24O=mMf0WbajcnO-z}@E!FM$4gdp|<6jcEGPZ+W=* zOTYR6VrNF*@e7ddzh5l)f+(E((GlldIN#2L9b>nv(+1c%GmA2S3y6nd=RW-r{GE_49(vphv-UKWl1XFa)D3 zHsFFIYeB)2+`1#^Ibmwi%1qDCTkp^CX9k5{M%I>sM`11#V=pu^gGkovxn6H>eLd4l zF7$>+Ci#d>UQihH&hqeB%3=DBX~>hta{Cn*F>5X|Hb_xMm{H3?JpUdA+L_`Au8>@|6eg@v|FzT>h<3 z3on^f$uAtTqdL;Zk8w@6pNpvWKOej*1EUFtcwkWfpk$J*W3Usy>Y#- zbqhkg)w(S<#JixiG3!DKZjTG`RxOH)j1%&xfR-|z)D**aZb-pTexZ04t#!aY(C?+Ou9b++^W9P(%;wq}@oS0Cj-*a0++){2! z=yZs&P#m8vVjDl3!0Njcx(RC#3uTgTxDvl{>c+2p2{86v{KVHgu8KLGUPjdYhWi4g z3qT5LuLHdTQ9^~|UY-MRI)|9LbLb8Hb|H4%iagvIASa68ZW@AkB23Jn2`=4`_$ns$ z5ID8dDWDX2f0G8X5pZ+E=l(8VE~q`=ZsIozG&6{1mLhap;5+V6rud;RLe83MU~hr4R|9)OuqOn2La-+UdqS`$ z1bd2{?#od&w+TNEyQsT~RqC+^b#t5YAk0N=*iRjIJ@<4qqHOl{tlaI0bX(}S8>sjs zA}Q=Oc(LFNL2$qG1w=g`0e(z)5WpGqNk*a9Q;`>NND0;IyWXU&(p6RXq`a%%fty6#QNHks8JtHZlYi!bhq#1p}ZZg^qZ}Yo$y#ONU z38K)U-cD@Nxn0leIynUcM!KsbBl=BFiFD<&u=qG9Ho@XRFa&_yl!Dv!fl)XnhhKO|c!hWVWCm2Xx)8IlW1Gd7q zG`LPo-}Skueh=7{s?bo%AZRdMQP-KODm~+zj1+F^HBO*6RSMl1eT+(tf|}3eVz?Qzy9jLSULhFh|YvPp%fM9Vf zZU}w*#74RiN}U{Jwrt{t5F^JBkYSdV%to^75KtyaP;5qchUri-xp2+Bj@`)BRD@Wk z#=VcAE-+5mkq|mO%3Ws~S5$~`*7E^#`!WpVI@7u0Br)^}u8gVa?L9Le3d{rT^=Gj6AaIQOkE;gIjDs) zU9wpsQEICYv6IrqNoo}RqLXTU997G#gNR!i^p*r{N$l9m-0~~EMS3&@YT=f_C>!?W zNxhX@QuP+;oH~U*oekGp(vZ)nj(pBRugF1&=b?n7jC=>q4d^<)5-^gelR~g;+=)q( z^cLxNCObZXzX&5iyi=&UpDoW1sRLlua&-4b{4oA)gaikDTuE&0sMcOf?I!#%&Tn)Q zXjw^YZ9dgcU`5uqK$kIolY_(U4yLD!@$ahi%#9K|eKN*;Xg^2A7p-kPy}yliFyog= z!#C0|B8?e7jr=pnKTvWUqBA=32%sn@!a#&k2=)?{$m!BANMuzWf`;q${atwbpAYp zW9sJ5udE$YUsqOD8;q{3&+x~OE~}h-s-U8(v~uB`G6%Wg1Y^G{DP<{Y>*nD8CA}Pl zbSkQ<%4&eItWTV3jM!g0ZftDl{!onx#eiajLikEf%a(V>&7Ionwo^6>6(XTWF~`{4Q2H@tu)xZ0H0XN){{q&Pu+#b7x3Yxg@Q& zuWAlCw=P%uG0Jj{l!W=}vYFf|xmM})mNK&>#v04-s`6;dT5h(orlu~m<4TQKT5VsK z(9X+MdEFqI+CG1^{aCBky5x4+<*Kc8j@p9iVN!-ADs61%1gj)0VMyh*?1UUCkC8pa z(k@k7<3xuope^e*SAFNCJ;M5Go7(;&)#hE41-&S*|o=l!Ya#FLhESzg|g9`{+K#k{gL`Ro%iYt=WTG(y@SZzgQ9+bJmfz-sR3=@zr1f<_mLGa`X)!$Zh?v2O`j@kk7of8ppnNAHv*LUvOJ|r2L+8X=#3Y9>o9;0fxT-6{( z^+a8JT}#b&8{2ZbCG>Hr`_~Pp^a5S@kSet~f>~M9_H139*5ppf4XP3JKG7C*j`~-P zg0eTXBtg|{k*Z4SbdZvs(x3aN|>a$PH{J7p;k%a6nBz_ z*1f|XEwoM6OZRa-@|m%XBcd*+?)$o@#4F1#{CY4|ME!C{n*OeH=_sw<^ST$;OE2J7 zolCv!%?^Ftew~M zH_nmRYf1RkM~~Y%48Fc|3V!u?v&_m-TU(||r7bK~ZL8baRlR$us-u?FtF#HK{7a>e z4TNR8OUWu{k*mtHLXLjg zH%AIBtdKLLw#Hw*-^~c5%hS(Fr7hS!N|#@2azHp;UewV?v~ExLg#M{Z!a>92t0kwG zyXpwC_q9%CdV)@+%cJw9MC+KkQ?5q%=S7=hj9aE*4pdJmN>QL^K0rN z3#)1?uBj@U6X9EmlA77=cK{_7b+wfhrDe0HmCUbqaJ#`7R9~S|QME{E+4m^Cdnv)~ zN^NbW)1FBw?pRKr3+86kEUB(@D(6>Sb7G-RxD6W9UOrCdDs_T6b7t4fUsyF~Hmg)K zzpiF%W=D3clQMX!)k~+$h+GsIm!6fL85uo~+e?GW%35&M{Lyt~^>w3b%S!7i=2wlb ztf(ui3ApK+$mlDeJ$LTHD!oZmuxaj`pe`^;7>AW>7tX65T^E#8meo4771x*5EvYWE zio?RG_Ru?mQMBXic@_1uOXpWEoL5z=;UCR0-(EUJ>eg`fyXVvC48wNnaLq?>w0Ru@Wz^>b13VB`@>N*#vs3Eu z5djyj$Qf8uUSY|dblikvH)35^qu1qzq;I5i$5}fny{4=(NH-f#dsLZ2=4+^$LnEEt z(n)7ebJ9y{YaN}I($g0}ZTT9xf3;qF)~Z5t%1RbqGkb1LFt1GV){+W#p>)kbNl8uF zq7yb(&M!S79@GR?*Wj4Y#n;JBBdV;ZLN6&Xp$6*AY*oq70%+}y zNOjHpYV5|Zw+w(9J1QPFsfBYnO=qVdq@?H|SlfDe);6jby|ETkz8Ad;PkB`5WQU|4 z<9Ob3g1vmi%|Qihw|BM0l)nvoKGwrTZtSf=+%8}HBUZ?{n1k_lVf7dX{8f72!8RTT z|4omNz)sFL3Yl3%mv=rXEj#ZF_GcZVrB6yNyRJrhGc=@rgR^ zbwx1t-UHkAKEX~f2RJsh+haaVW0p$TV;;1JM?dZM_$?IenWY$+Z8j0Cjg1hL40Ce? z9U}r6?QvExx3M4ayD8fqg)6LtW?OH7C3dpWQP)B+3^u}+y%8tbTY*kB#~6X0!E;a2 z`vZ(5nS;R6I~#g-zI$*WL@|IeUmhpi#(G?Kl0EuwWIr{F$@k)u?B!=;-$9A?aCy>h z@9LB6(O)A}+ZSVxuc_?vZH7`4v}lk0!IY0Lf=n8Sod6pbvf#3qZIvh4^K;P7C>ZVa zM=t^?~a1i{op&A&HF+y;B^TXAFWM<>}k2z%6{JrBXyV_!65 z2GEI3!?)4K2;v60=6Gn9ZDa5qJ%ndKVD?)wm}7%&Zx+TsTu!MuVaZ--kt6E;Eo6=R`s9`Q7n1@ z`xFZ?Y1j<=Xa#yL>e38SHLpJ)0Mb0vl zjs7Oep}Y!fzQ`pr-vVKC@tlH&VP32!ndbxs^DPduH|@##r${+Hi_?U8oR1Y|d$aDe znT<7ru{nt>gJm9=K7+Vij$oMQ6f$kH9mu?wnIp_yz?%fhdGyqgkyky|3?{E-WYn2U z6d^_UCW~(q=IQeeVfG8gU0#e}QGJPxgoRzl6=pv%%&y>KY7ZB-k4qz1*gi&QjK$+E zKHuVRSX^lFOpA*xzQ*Dzix*may~V7%DUZ7Tle!$RI3_pwUMCnk*I2yJ;u|gI`Pk^+XEA*{ z8~F~hrx z{r_}hlivj!{)?smH%tGxr4x&T#@Orxrp?u`*_(1HC%+vwJj~LkA6=u*Z-yP^0^kzx47Qol@{M(@dk@GS^RyA>F3sz^KpxJTl|v6{Epb@^V?y= z?_11ogiU?_4rZHh{$LCSOQYY_;$$+mbK$qZMt_i{GtAP-vY0bKOxj|L7m%e-(ylqa zAZ}+4Pe#t+#;|Ac85WPWIK$#>iziuJU@^yJV?VIC%;KeFIi^-v%>HNOw^+R1V&1bF zogZ5KBa0um_(_Xjv-k~*)i@^Q`GY0@r^WxWSdC+%&vDF@htt*!(?5n`PIoq(W$`5z zt9vW4S!~I9UuV*)`y0_wW16rU(}Zuf^zX1(O_CNJPO&yN?eUFsdX4;fi#Z9~$PZe~ z$#O=1++t3kFmgPXZ|6Q153o4R;!zfJ4z%g>msm`{5Jo=L;%{1fwZ)t~ZS?CbUTU#D zhI4+k(Wmcp!}RT7_+E>@Z}9^bb85EH|GCA_TWpW*`z-le7QbWhdlqwgx3N$E4~9Rt zm={Mz&RO7w2U|7TbyYz=Z+gY^k;6Ev&Ie2vY3;|jl9}oP9-<;8!cAjxr~!{ zS#nM%H~J4+tj2KBf6kI~vboWx&j-Vtdv5r+#hi+6UhKbl$i4LyP%YfYJHFVs$SdFH?9*Hs`^fU~_G(?v-R5R`*K65$a1H9!7m( zV7nZB|<1AL^Q?c`?HRcbt+TnTV zW0JpG_6qa<>$k$J_xr*TtPcwh#rnALaI9lspLRxqd7dS+jC@W?=6w?H7s#1l-XoCD z2J@Ut&H`T`d>%MY_yTaDa1NML%&9*KJXiQqaJBGd;Om8X54uXY0K86^_vk#&(hl## zT7_qUw+dH+w+YvRpC(KDKPQYK$$43roAwH`YrQ4Rea`bT)AGqtn=sq?Lt#GA;q-p$ zcwnBd$!zD(gwF)?Q4!^A&v;?pqw_lj$|r#7ONu-Z+*g=wI9QnNHca>u@R`Ds!M-r> zQ^yO>0Mj=VZGIE1zIOs&4W>UR$^-Be;cLP4`$Re0kmq{x0&uY~+jFk)B5%i+)`$91E@z?gXwA=JUDhg~Q;e za0+;}a4+y$VP4la3l9Xh2=f~MUSSV>zwj_HuTNMuKEvSuRUwZA)6W(8EbuPj(O~+s zqI^8~MPc46yeiCR9&ZZgfO&00eZFfsD10gSkHQ7uL&E%$=%_HCk?@*_X*uT6Zxxwe z!-PVb%fMZP%fY;FrOtKW-om^Wp|2{+`7uwb@Debumni3bNxCraOXz!wa(@1LuJEnk zY~k;Kc^yTayTQEYC2s=rnu>fcxJY<2_-f(rf#(SS0DP@5$6fVlCDQV~XOYPH9%7mB zBj5(%pMo2O9|x}!{u%fV;itfN3%>x~Ec_Dq2g1JsZxenMyhE5{`A*?Cz)uTvTz^h@ zKlo+g--7oF{~r97Fvt71g+Bnd33KfKQ1}q|u<#M^C&EX;p9%j1?BIOGw>>z9Urp zIT#-RDpuzQ;TVh=y@h$M7)h4vgfYVLFv;sc$~%M46ApuOgj2wm3iJGRxiGJfrVD%E zZwe0w2f{oD@fwo$F9y#Oo(f(pJQKW9cpmsxVLtC{7UsuFEy5i0?-kwzzF+u0F#j(G z^ZFimyYPeH$Ao_j-X**p{H*XJVE&&ArscTJ>re7d@SDOMw|^_lar>a~GvGf8KL{JQ2blkdf_9FB^MyYH7YcI>FA{dp->w$sxIITW9(=7Z-^*7E z_W&;v?hRfh%<;KFcnG*rnB((0;h|vup9q$11o&=Yj?bHgM}hf2AgGfL-X`pWcL<*i z-YI+z_-WyZ;OB%d1iviIaeJ@uB=B3p1>m=ZIaap`Uj_b9_?zIv!n44i2$z6A6XsaW z*PJYKB{*JqJ~&Z$5tzq1bvRb{6i-jbrSNB9e#b|-gX@tJVLqcO7xuta!o$FI!WV+C7tRGoh51}+weTG9 zTH(3iX5k8Oi|{J&y}~zx?-%BKh6jbWg0~C*2>h7vL*QM)Z-Ac_{s8=<@TcHch51h4 zO<_L!|E;hOJ}7)1nEzj!Z9*TMhlF#$M};SWj|*Q4{z7;vn7&S!b~>2Uo{x58D6wLpBOON8mnC104&v3;z_nNcb7>GGSgrH3;(=Sfennq1Fk%0lq_+*Hip| z0j$db@Md9NPyIlc|Idy8BY--*w%Q@g=Vv>Gd2RKyFt4qi6aF{&Wno@t?G@(#ZF@_Y z|F?}k{Ar)h-r9tdz#j^S!H0!8&)^ebI5}`W6OMrS0-SbI!STXpfD?sBfO`m^3GORA z8cZMiOv~qa!-UTPpDBDU*cZ+Qj~C|uWSc0=Yr0(F%fNZUeEv5@nE!`ux-hTxz9~E# zTrA9My}813!Ii=bz%{~k;Cf+R_bnH`9=u9;8Tc0AJHSoCcY^N}-U!|#{5ZH(_&4CK z!k>a466XKrdQ_PIJL_k{^TE4?YrxM7*Ms*6-viz!%kADUy2p<6_3I843Q@A_M8~ugD;D~Tf@NnVtz@vnD zuFe$Z|3}IaE&*R490gAjZUA2=6SnC_$lzc!q0&37p6;s2ZetL-Y)zS_%UI+AlN1R zD)?F9*TF9ezX^U-_$~08!f%6rE8GS?D9rQ!ABFz}J|z4R_^9w9@Nwaz;4g%agF}hB z4}1phBK&V~vM?tz^%jl=4;1G0LaJ~VaGG!;I9-^Z!;cf@b;P;C{5(Een4igCBFt-w zeBoi>Lg6%Uk?@(|*}}ZmC==%U^h#k~J5&o#19NeCQ;CI9mlJ-lBqPuxj9H8hlD6yc zKGWz7Bjfny;v*R5eWu|&i>H&(mRyPv3|CrQPnI&Svbf1&-e($}trqinpONpjc#p;V zEpDG?S6214{2ynGA4fOHSpK{J<5h!@5w2avVTIm+Ie-JPK7vPX-SvYvL;#5BrFrvi z_?9gSWd=jCV%vgIF~OL>hMo=5;dAk5aF&0zU+4|V>p3AQt5=CP#2@ER7@Re{C_V22 zY?+XrHNI#HWfx>!l6N&FQ?jlss-ooTthss1DXGd@RJ4wgz6D(}n>s~hMwQ#S^!fwv<_-4_fUorF7t-SB0b^ieo5ZlCA1d8tRep_lN+GXu{w z)HJ?8J&cA^%EW#XrcMqD1Fs}VtqF!6eK8x(4m(VI8ve*_H=!LtZw<<)?yXJU{AhCV zbIH4(%h`VaPpeyU{AgYFli`D<$=i2D;0C(s?ntyTT)Za-Ze62`-RQ>1k+I3uPeyjn zb$4%!>>e8~elp^3j64yuQJg{F|Dk(4+>*X?xw8@OUVCTV+p@0yg2wc%7dTIbcLaU* zS2@$dJHK!ygqyODwH$U9hojMBn>Qb;33|dK?gOrKLpW{u)_eCxk2UQ+=KL<~JP~gB zB2s*8bL3dl=3{V``#{DHuUD(rbN4He?GHxwdA(cQ)}UuAJiESwR*hs$iQW={d)@4d zBm070`;%Vs8iL*>aDWIGp21+>Kelsl+SPk^ADiI9h3@``obQIWM~{_1z4IaGov>3A zjuad_urlrG{qN>Yaps1%Z$DNMequq^yE|WXCWTQ7IPl$lAQF8!(&**}17_wljP;w~*7q!b!pbGBe>#v7dWkfciUC%m`h*=(2;Z@Zi@7KQyhmuH>8HCfq zS%+EfROH(O-aw1K@bB>R+)Qs+L7fi^x!xH?hckno1>=Cji@q4?77PRRFZ2fNebdj& z+5Jm8iOpNTG2F6p^ZkC&0(cE=4d8us>z0DW{^pr*LE3Zc!<#4jEzfLyy=ko9^4?~+ z-(ExKxLZGlW7pzq;gNMviI)rqqwwNd;Wm2BUKkE6H*fS2-W(GM8^p81+7;b<~SLND3U!Xk?BryV~xC2VOUM~%1B%{IW5C5$j(-~RN7%tCQ z^K`{Sjb6FC=G}@{8yA#kEVJo{3(*gjTu^^SiwlREPfV$wy)$F;5B&$OuAjfvE4a#^Syi-x z{mq}eJnwdnI_t9TdO~%j={ht{Zu8a5+A{FgU;_q+vBJkw; zVR-Y%@R?_3#S|sw4d$?!l+~jso#h{#m1+j$Ofw+ongO}c49F#BK&~+Za)TL=o6UgS zY6j#TMX##yIP2NGcbV6#S^J6(Q}S+JTh@_DC|wA&4J!+KpP>V|MJgeM@k#oiwG8=Svz8-^w1@|mN{m&HX0 zJQK0f(;3*I?zg9tu88yP#<$L9fVONd*@Z3&(J$XF<@nXynOK62~u@yQ2gp)07M zeSE$EbSEysZ@Z6A6>~a0!7T%0`Sh3mD+el|kI#Y6LF6PT*PaQXm%*Kxz7wDIx+7yh z#fk|=GC`LL$2}_t(6tLZc&1YintU?t=EnX6Wua!S(xhw5NmS@U*O)?ZWhn$#mO^l4 zDFj!RLU3g%1Xq@t=o<54Wsj~ggOQ^&I>-+_UbcJ=lNU zeuz4_b9foXg?rg?%h*8U5t2~3GFGk%q5DF|y@ra9ASB<5ANCC{Zbd2{HH9hv3qtro z{PcxgC;2t}yocZ;xC;Vm@d^32v9SkbDevQlJ)-AiTqyDaFojRMStu;Mm^>BC?A^-y zO>(}Z>1pK3L^o{enE`RTiBXVX>BYU-gbjRw>dyNXe#3EyUc&@Np2F*p>mf;DsqY}r zI^Qv;@PYM#bAotEkX@oIbj*#PQq%y4gz!M zYseJ7ljHlvl=}faLoBvx-p7D!Z?}pwbXD{6b)9P78mcL+htY6q&({3VXx(JAo}yN7 zzK7txeiES%yt^*P-iaV9$|UZz`_JUwMwb5{`Oh>iGdpXSnO!=3Vd9AEiZUj)d!Ot& zqTdN#FuR@T?h+4mjH6Eaxa{6xiP7YfJza*4Gt3^^s-kd zlPNj4eHjjdFGQ|>t?+8Dn37&Pr{70ncgKHb;YtnmY6IkI;j1+!iE%R8mC4lRlsM$L zeZ?;UJapamuawm1J72q`y^z8GbV=F4KSDrNxMJpLXBJCZ<~ekEy-=0g>AH>zKUHO) zAzRh!(i(`2Q$6y{2<<*e8R1;HQ+<*~&@3D*PzbI#7@-hcan2DMYj=AgsLBm21lK%| zSdLNo{)_LWOd-g8*VJAJMtB}PwGitd)w|_*ZayEpPTMi((r)goDO(&&!LT`JN+vqjbq~pwF&JraXN?4B{bs1cO(bKFBcN22 ztiRu~LhV-&;vIOug|kNTUIe7314u|1TLkM!P09K_mS0Go9r(1^b!KzLy&mhV$mWZ6 zwQ&1MU4f^Hi5M%;FS)uHA;DSVj30KrlX@RxJX|_s{E62hV~XhtunAq8t5XgtKDt0j zv9z~@Qc@!PAPq9Yh>pN5e?woAeC$+;M*pwABtL-9nw{Dq(2EYf z3{WvT#Oa8I5z|hbjKdtd1EOoj4tF|Qay`UD?f6o=q>53w+ch<=w)7s;u9Z4kNxO71 zPV%@_yAU((xR}bg(_<>l+Ch|Ym!)lLcbvM-SyOFOJLq!NUeoTN?AA7AW~z|r(6yCz z zXhUO-r7{liY}W0d+gYn&{51~nw1j0g4jr|=?wQ;pC)&|2<+P4&2YW=J+|-?XqRTEV zVJh44n5mI233cMtIH32qaSXt;pB^cYpc5G%GywUPnV?y^S@xR2^eA;$6{rkh`TZKLl(+qY_*8aDL7q=!`F)s6)*yHr)h8P>8BZhX@epLU*y}f;f%Qbx>Z+8XvRo>oC>wy7jm4CMrUBR8| zm(6y6c3S6dmYc11TmPr|c~jN?|ILvbFLSwYjjOWu#W-C18zj68Hfvt;@?LWULMj4p zocjs$wy!TPUn%EhE*I*Pldz3)bBRj%e{!bw-<_tJPV}EVq5a3+XS*Dm`+u7svk01( z`_tSJ@SUvL*TD9hngJG5{>f16L#ziOFgOw(#ErcI#O;N;T=EgfxRF%LSLyNl z9`=F%rZ)>Zc0Fj%^dVq-J+88t^2A|ypoul>!7`hAtOA>|0-decIFTR=^|-7+FwA(u z8IDtoHSMw7#@?M^+ur-IM;`!YG27NdVB0H)y(7@0Jxs@Gx7P|bX@Jhpv2m&;F!Ezrxd;?(29 z?|=+5z889GEMx?W+13wW*JICx`Z#2}@c865*5j;`?CpoWddSUU>ZgpR$0D}gse@&0topS#I!TIkou;>wzqAlcFJjz8ha*g*0%gq ze_ggkme+16#^a0`wLaCqm)+vj=MmVk#HyCH<2+J2mj7}8U3?KjrvB9hQy9GUui8y5M7xW957zOgsM+rX79nu5>>hn}*q=4DAsy)Ego*MI^Ly@=UVa{i!Zi# zip6RikhE$X5dOBMqmF%%*I4o;7T;j;DvKK}ZnjumSBuSiEcq6TAF=pxi+K(*?ehzZ ze`WD&7Vo$CZHxb6@!u>yZt>?9t7}Cmb0-`>rVKoP7#?WxP>V-coNjTZ#S<;gw)j$u zzhNzF75xhCGW;@M&$e+&u~AB)z~gNoMvNme2e)Fo{?u;eDZj1 zbT}W!@O2h*R*sR|V>riWBX6;o?^}(0hs7^iyvJhB=rQ_#w3rioj2su8?X1RFse6A* z&gnl!f1Jgf4P@j~Eav1OBj>kshB;TraD&C1I%MQ`Tg;h6M*f(^oLFS!`z+=>BP0K_ z#mZlk=?|8i(~*ompH~?kW^tOu<1IedVoqE#X|J^S+ZG2FbAFT2Ut}?-HW~REi<>OI z!{Szp`OTY2%b8Jz`JJ2L7cJgnvAWKbn^s=O8hu{Jn(HfIyBtZ|nb+k;UtOb0JD+UF z=$w2#Y~&Hk&M=F8i^o}~-=U7~Aah=8W7B90nYVj(I zn=HP=;wLSB0o+5{^HpK)E8gc&&bEJBnAZq@5a#8?N5Z@h=Q)e|XJUO!nD>eQ63)ch z#W+bFJPvSp&LZc4y9r+cP7$68=5q<^Oat?qc{1Db4B=8RpGi<&2IjRU`C2f)dnfb$ zfIdpdi^2T9oy_**`HOrrc&hL%V1D0D`R!me(-OQ1Tq^Q=!Pg3Z54=G5A#lC$!{Ft@ zykERYnC*J2@O$9z2=jb?pD@qi-xua}IL~V=59{}^Fy}b&97j3p`jjxfT5x_L%yT%u zd#4V+_vbwe`C_bpEu4q-?}XVN?+H)A`cJ}a8=eQ5mQywVF3fiNRG4$Dz7%Gg@xF%o z#o(^OY(Jh8DW40b-$il-nCCJYlwXjxgK%Qeoa- z@VrU;&ERRmyr!5bd^dQu@V($NVNNOK`IKq5fjN7M{1fnEVeXR~gt<@XYnM7tfY%6f z4jX4tQO^DF9pTr(-xcP4Zl&J=+GM|@ z-vRP;Fy}jxuL5rro(;ZFnAf)77v^(<9|`k1_hI1*@Z-XjU|x^WW(}Cr`pE2?FA4Lx z!fV3pr@t2FHS+I-Zw9|7%;yb%5^e_nRrn6@--X$KKNa2#{!+LVOy2=4!}r1T9YE&u z3CtT;{2;iG@HQ}gcv9zK@KE7Lz$1m904qOEh(85Zew@I&!OD*l_*dW@(dRWgzxk)l zH^It}6ZkjaX(DHTpDEl1=6C+o{}5az{C6;Yfl_`9yg-=O`-_GD1-?O;e#>qY=5eq_ zI1YTfa02){!u0LR`OvhV4BjG~0{)?JZ}5+Wc@Oc3Fprxjgol9XQonAApw&^H^CWdF4Yr;ep_v3e!KvE@2)AzYyj$-j{^=Zs9dyKJWdtFpq=Z z3Dft*d%{z}e-fS!{;Tj+VEScXdA^PCscDyGOVU{5|3K z!4C-Yn4`}K+WZ88ej>>KKzLG^$J{f*@z@V92q%DF5#}-XhHzi-0pb4O-wX4Y`#|_i z@Lz;Sf$6(}`SO_iRG9PLc~eL^kGW35oF=aPI6=0iR7I!z>G8~wm%LYEJX{%Nj7ZocWDc4-YpH@EvZS}o=tEw6JmBG#I+{GHz#y%Na&KA{nFjr7>UksBXc9sN$!!cksU!} zK~W_85+uAaGq|}hSd$yvR^#2?`@3Ua>6Dr1G$eLQO-wqP=(Z)sWCqdP#8~(da8kq3 zFT;_vh;tYpRY!A!m4%6&4*o3?JsjDW7}wyf+>sdHn%KEHu}fjlP?H#n9(SYfK(hhP z1EMJS#&AhuLSbUp+{DDp#O~XlioiVqoDmdnj6~~QlrB3p5*_PSFO3w;j2t-}@iSSv zwjf%AjDm*D;MTUFz9zW7Fj$ruEFbvk;}c@yN5b()azo;vn#93J6T@wZJyL^JnTaVZ zEPNAu8LqC^g$@G>*()>2><`S>5(5uh&uJ_OJBaJx)SNqwQ;G_GS{qmeh z^jN{cW7#`%vRf9G1h+K=jcxfcJM!b2^E>VEZf^E&Yx5clj^`BYUl?gzn7#R!UwzCk zUs#y$6nZzN<|iJ_clYJT=H`c5^W!t~6Poio*W`C8$?v)&zgt^=QbT_Cfk&^(#5eP| z)_4ur^UYqgBv@M$tZrbfSFO%;O1y?l?}i%h)>Ll=oDoDu_&dC48@gs=PNBCX*ISBW zvdG`^v!|fQQC(hLB3zWkKj z{GP4(y)*OsHs|-N$?sp1KOi-K;Ew!3ZTW*6@`vD z8Z=FFaP#vyU+!R|tSR&wOT3$R1Z&%Z)rG-LCBZ5v*LbViyw%aBW6|Raqg&x!U~TpO zoa)`js&_6tSbXeYea^w6h0(km9Ia9RSTt>6gSTqOl-PzTPVbD#H}Ht&w3 z-UjtGyPm6*jDZW6A?*vtY5N;@j?ZS{NXPf7PEs--FW}4e5Y7}1JC+*9u~N$t7}Vdw z9}KDap8N!UUFh~WXwpBN&M)Nh8IijgN%|oikrM(f;5+!$YL&oOclZvTX9Ii(zZa|6 zP#h<Yln1U|IF`3gqf!_=KR_X*ZsH#)3fT{-709AwYobd6uTSHqAPvowOyG>=_B=%(F z_E0f4gc4V>E=?g8{}ZRnVQy*;(MDY85&R~z_2NQonjRVWi5VV4j{OkZQZS2~0#>1C z$-=o#%vmu%hTQ43h??;+v24MVIknhh@i8oSN@%b-Nn?UOzAQvx)JCWQFp?xjP6G2Ql@kn6W#UDZK3W&-sP$C z^7eBGWlEPZ(d9E}HGk#8p&0Cx?q2FrrgRw--6x^j7wzhv&pS7z%UjSPlqp@tME4cw zmQ(iv-aRSZ&!|h8(q#;~JYereUVMJzUcQ~Wd}Q36a17h%uW<-B4(kdrW0L3xh;mY~ zoBx4HG|42omWjAgC1OkxZ9}36GIlTHJ&4L_tx0qr6LF(T#F!-d2@(}B(KoIziTI>L z6>lFCaidDam?X+U?)6M`74OPbPP~;;i8?_tgd0^N#w5|@NVJuSik>iuMiST%yzv>r zjVh744brVQ3yD5tq8apqta75mXq9LI6LF(T#F*q%hD6CIk9#F=epR9kCeaU=h#OTR z#_%{~78-#*UbCQ%;fqI#a|Rze)2S<+7ITDykRu$%2B+^bNnn(9VLw5>d`#d5Taacj zcXjOgM^_AH4b8F5?Gf&65lE4FMDwoSEvC;vNxEGp5fuL zlATs=7#Fy`BR7r12~MW_>|NIWfL*b4SWVr0mPl@FVD>G2+%2#Saas z+M_uz)L#pEGS7PIbhrXBbvj(^48Izw+-rD#jYEO)-1!^$iFrFd4=c8L_np|(ou?Rm zMo#+{8YkxQcs9M-=A@-l@<#l-lrUL$MNEgB--k4rBmPLfF^G9TUK?!JL+)SOT?ie1 zz^3v05#QU1O**&hd0i)CGH0jZ$RojZC#TSZU}w*noH7Q=T|_62I$cxT*rcvqktB{v ziQRO1Y@^4_Zipsun~o;+a!2%|8ioTVPS##V!YOWtg&yfJ$Rs2BO-_k)rFM$A5>XlU z6h|T|(yK#RtM>j%_auEz^haX*2(es;z|E|wKi!lJIMHj#Kt!c=V(@@r(8*3r1}i5f z*fK;rF^MQACWw2Cvnr{ULC7&iXQVKrVaDCb8MafC;T`#1*pE4mXs@1Xo{6e4(`=y@ zjXY6=-N>a20$dGn#fu=jWz{|(B6@>Q@ zT<2R{(KES{6Zjera;`YTQOSP}cpCv8K)B*leW-B7(kT^~QHwE+8qK0@oop6Y92x0F zMi!%qdQy>RJ6PJaA_;0E5fItDf-fbQ7Ln~MI*d%CEy;WP3ftn7Fhl<|mX-T$E04BY zp_XOl(G$$DM5rxSv;^Hrmc^|rSU{GI8>}+!RMtPh1|;T+8BoW{Xy<7%n$C=N>Y`6K z86jQ1u?;ThsQz?gj$%`L?y*70Zn*gI*lwJ8;Oqm(99#KA4p@J{BPS_QVJ5=Ytrc~v5QgF%Ai9hg z{fZ`_B3m_Ll%an5#xjk}{ludIBZWCAVx48h?T0yCXK@3BiT7C=mF*hQ4vmnlF{fSQ z#tw}HTcf;PgO|Vhpk0>SE*ysaFT#QC!oeNFp6x=fL)f=nh$1^(Rm}=bWhwg4l{pMc zV^pGPT=BIxoU=@dhku*+5$&d_C3e1|LYtxS0fOaXh$1HXs+Oivz5>QLXv%Bl^A%0| zT_oTR$CzUhQ6z=yYqxfNd+~qVo~XTLD3U}2?L^Dk6HS9g9fDOOiX>68ov6A!QAhFG z>tq$Lr=6&-J<%}K1Z{yOq<;C6D#RhuEWC0%2Z3|O&qtVnz?06m5O{qy2jLooS_D2u zXh66L;Z}t82zMadg}`S!&mp{mz(+#|5IB~b#m?g*2(Lh3!^!YT7-EBw8=7?vTg?3wrTTa1hdc<%SIcf?#33| zz|@^(Vx5_mb!M4ZXS1{cxLcn=VBa#!`+z?o{1xF-gf9_daNx!v@V+>V&}C&=nOv}14Ez4#W4raVZzZ>BP2-^^Tg0KUD_v3t` z@*Kho2rnZXKzJLWdkmh8A(-W>Y66Y+oH(l1d|XrSo8Kjif|*s8id;swjgjkH4AkL5Uxa+g>W4LPt-Rc zn6#_GOv`yQOv}q8voH;B{+VV00!QJ+2;V{AXlfSf&^EWxHf^#@)M1&-!fP$wng1Js z_sl-Rc!Y})rXZMwI=mh43|S9^!3ZA02n43#d=REF3w3Fex&sg|eu8rlhYy);M<6*hbKoFk z{+RNhX3pZErff`EZFN@W`0=Il=NTMRH-CO*?U?$yvZ~r(bY*>pKYnys<=ioq6(wV? zDJ?y9!?^UU^vp38Ri%{+=al`g%I%cwjeV>!-j~(RF0C`~sY_Y$imIxzn)GrW)wOkV z=9J9^W6yx`(gTcEEh!6XYHKTJmsHL#y$&Kg8NpDF1UQBUyKq#a-3-xBi*aeAz2j(S zLz=M_dT4Qzas(Ym(F4y?9Jyrv8fKcMo#|aCPPrB{a_GSQSVKs>cF`-D?XSpY+xwL5 zOGkSPJJsKgme>|fWs{a(dbCd-+vk&Q(@v{>AepVKrk2=gZGD@SPRNa2y^Jo{Q1{PN zzFNZ8>%^vj{O`uIm$uJe+m6m%m)S0f(P52DIW>1!(6!c@M!zE$yB6B=SLxejI5m~= z6vf|My*Q14hVfMw7#&sEYO-$@_x~J)Vs`sWjb~*}kI=SBa z)G@v2q{3jo?^bysm)$0p4t-tVQ}eR>fZhL<95$cQ<*!#`PPp>`)iS5;in==?_a{u< zpFgqgwp*VJ@}uBqMyC)Q49fuR8UuPBFkDBHtYUu%Ay zHnDfK)mGXji=?x@N*!xGa1H0iR;pIga{JdVswGFM4(d(Xzn#v->l+r+A=Y&GR!Dzz0Y@P^t8oqO}_Ra{wM z;@eo|iOjxQ;I)LDH0iDabHc`ELc6wneobA3a|tS{D(X5MS;=GxNovN@KhR81wD zE&0F*JX|OvbAr0SsjaxCs%%cA6qh4TySp$IJK-{B%*p5bQyr7(GPT=a;nZnqgg>mDW|vuNqxhQCC(IaMLxB(N|OTz7Bfj0hm~s= z&Z{1+c3~~r^7^v6CDo^?tlCQ*g=E{PHZGlC#bW5%*IqZftiGBprQ6M}qSbyS6?L_h z6{ThD4BBHH%#F=NS5g_McCVQ&`wQKqe7=>K9gMjIRdbxGh4W_D%wJeF2lwfhUUbp9 zk+jm9`L(sY_#8du(nv;nrl0PQ)Xk^-j6`sm#*5q{bzwSta@E}V&Wvdn&(6u6c18Y- z=@-w=pFI8I!kqkR=lfl9awngk(FMv_aH*^o&e!3>IPGwu%rN7|#~QD>d0ogg7h{8L zboiW(I$U$14*Bm`ry`8R)h8Fq$&X-7xp}@oIr$!}X~JCJpORO4?UH%e$MDToSEJYE zhEDI3O|FY)tNpHhs!0z^Z}%%>blAt!)v=gfQd{e2ZT5;&RV{O;S5UT8kt%BD&l4|j zDn6&IWZ^Zl{~z|w1~7{1-21zm?_@&~L_|fMSwK-hmw*b2HHlGz1c(t7mDbFHiY?l7 zC4!2uSp$Ucu%HA5i2)U@+H`9xt+tIRt!S~0scmViZ5nNBTWcv5rB>_v|Ia)p`vk;# z?|tvRZ{K?loa}F&^PFeSe4TS<&YWki|NqUUo6o{=Q~TVSt^3l&p76!yaSr9GTdz4rLrOP8+_%Q`TPA%aL| zUWTLT%|#lw@1N;Kp>z0pdG4EF_648$8D`paY{yXiayz&lrg6V)K-BhXv23mvV6Tm} ziYZ?Rd+qq8Jyr+C-dDi1$Lo%Pa}fr3=>DZ1!xM;xxjYUB*c>;O%h>x4nD%-DZY^ti z7g9F(3{u;xg1w!Pv3z_1%GmocSli=U1A!a}C785MENgp*V6PH8j`n!o7<<14n>;{Y z1S`|e-Avlshw06Skv-;QRB4>Ytk+wPhtY#jKCbr|NptrP3>(`J`z9R6H@{QCr180` zwm0h%&j%pw9V=lL2_x&>Ln! zZ(Q$EYTt4$G4q(P5qdoSCYZFD0KFXxXQ$5Rlc8+3hZW)h{j$KI1SMR`aHbF7=h3rf7R~tZN!f3gm5V2=(f7{xLv#yw7ogS-gN}A8;m`( zY<{);NFR3Y^B|)N`|8AkG_B8(;Bt1aF5#d1tm74)3Tb_g5cBs>C4$o2D=8&PbFT!w z%riL^(%hGU^)g$XRKT4;Y5|mne>$Y~@kYvYTns9txt;`5f;6Ay`h%oo0AdlY0322~ z@LcYX{lj+31Rghz`!KNX?vEPz25-^*%k(=BTV8Y6@(~aIj_A*%ZZ!JbGkATWl=ji@ zRM?40>FFM8N_u#|_J~d~i|ywLi@hs(g2V!|`N3@BW$a>(D)ud3g~ckn^MrzXDUA{m@l7J;)r(Su4!` z>=m?+yj(9iPs+x(v?yoU$$3)#TSd<8ARB!SOw&I5!W?Te<#e}KPGxSFpB1VEelo*s zFPY~Vqw&SZUEr6?maE4*Rc^2q4;RKNeP;<%jrAyPvX8}RY?hEwPKI(s&ckGwglPCO zVJ0#91_myCC+_zCKHtB1^aFQ%}=_A0% zzpwb`ia8!<^xswTOq`@9@3D%9D(3ZL@=hR2IZMdslQ3MVm}6*0C#vL26*nuLElU0s z#V;tGA1FCrkuvM$d~d_Y;lefBVv(hsu1_Z^=NP3kjx6$0C9hO@-4~oihjXxv{W&V{ zO-k;*+brwlR0d<8bFEF@CMDmjPd4l2 zJY=&EV`N!xgVNccbhapdK)NAqUQ+xMrSmH#{{vak!oe8nY7XOfanCnGYhz##4olJCGOqmN54ivOUP`_Z&Vs0MnOO^%UsHHNtw!|c)-9;rC2_*}*3E1sg5eH&wE zrs7$OZzjv}iYmTMvD>c@odzXuRNSn1i{kByA6ER7Vz(b6_B)jPdx~FF{F36=6#q`~ zTZ#`T{<~s6t1#Q1$v%mcAy+YwDCT=%#?IFie^c?ZiaG1g=>J6V zFBSJF{-feQD?X(7eZ}eQgUSBSR_yjOMShZ!4^=!|aai$K#TO_pRXj=Y6vb{IRn~j8 zk~@m8Q+$(RPIoff5?8GIv}=@nz2eP^`5v3G^PpnB(`MvfR?PRvjNI)5OZnTCyi@VZ ziuowQAY}KT-U1#c8S!mZg|eD9w7uD=tx7 zu9(v(js8`NBZ{wA%&C+{{|?0siW?QX{Z-ksn;Ikl}XAJJMAjvxz%f|>a&8!Qj zYA>VP)ywX48_{>|3%k#ngb%lGY+B0BP{qR)yZte-JXi5N#kGp(D_*F0k>Z%*2E~nvS1WE-yhU+~ z;vI^2Dt=6Ho8l)G?^67X;&#Qm74K2JS8=CeeJ{|hQc#-0m;s(WyidQRcQoK=di{c%McPf5Nahu{N74K5~jN*31 zyA|(IyjO9j;+GZgQ~ZkJZpE)F-mmy=#fKEXub2a#=D4IQ&Q=^$T&URnj)t5wM~u0c z^Hb@MR2)`3RQc#-0m;s(X~Im1RJZ&vJ%k;!^nlzfNcor)h* zyi4&jirW?MR=h{?Ud5e?Usk+N@hghE6~C@{KN*qXZN-O_&ijfv=h*1G?*_Arp@ib z9DCt&Z0h$1e@S=%_^ZNvzk~CUsWTkR=h);CV9tFe^Bo-a+sR|We5Oq<0kf}8z6i`` z+T=^X?4OhQ9?Dz7m0un&D6@=Rc+@HOC|Fz4R$9Z>2x;6cJSfa!9A z^3Q^Y3f}}iL%0?k7QO|1j_|GE3Bnu;Dih{&f(qd!;Hkn(!PA8s!F<-u^{xWf2(JZS zFT5T+Pk0kJDts?^q3~AlV&U!J2H}Ume3ygv9|1QBe+hh#a1zWuGj+ZSZWZ1IWUhq@Hd5bgTE)t=LbI&{t@`c!hB}%OW__c`?|FAI`|L59GhbQmhwM< z-x2;3n0;Ex`TQV&{sZ~1;B4V{!2N{(1|A^HX9*_=b1cge&cM0D_s3`_4?I%12+U{i zln(%p6Xv+qr-V-cmkXZ+<~(ugTi`0;Az;o2r=0K8&JsQy91$J~o-2G7nD4GozZg7U z_-yd)!sEa(;q$@Egg*slpObkxR>nEz(a!k2>C=cG;*m}3NFj;FDoNuCA% zn((z?zQaa2$JW?~B-3ZZOTrva`>F7q;8%rX;Mauj0{>ok8Tf$k3NZVJw8{F3-%B8G z1hY>_W?hvld@s0AnDy2`;TG^E~glFzdX}2-B|u`*%Y$m(@#UKFzdowh3UItkudAUxbUyQjl!%W z*9!jzyiu6-<-Nij4{Q-;-O2G0mfN9hfdJP!PU@cH00w0o3)3XIvE zE^{oAV=k1JgO3%i0-q>63v3H>Z16PUMc`4w94F-X3+*(5#|y6lUnsm5e6cXc3?~b3 z1Wy;<1m^b-XotQqW(#vHk$o!4Tfk9a`pH-*%yC72w}3kIOToSqneW!E6y_Ks`%#qd z0`r>$l1~~2UiKR zj=xH{6nw2P>-)LF6TuuCqD|KQ3xrws$AsxRX_+wFfz`qs%S{Mh3vL!>n{dA{{e0{Y zX8XV~Bd&|SKR9MYW?S)$Fnxw}2(#VTBfJ3o17WryFALuZ=KD^xL%$}k39}7(Q!2?^65%5Y(}KW7T_eav%( z*%n-7Cy7_7>qFnD1_}Z2bP!W5V>Sk`z7`yi0fx z_*=sCsj^#`zExfjrr(xM;i2H42-BC#E5c`hdxS@U-w+Oi-xB6Ks&5O^N6UM{WnjMi z&N9;{Or~%JI4C?B?0(||I`j#{cgd)K8Te%3>ENNlSAx$FrZ1SVFu%JsUbqH)fw1uv z<1a*6yyC!1s>l3mdgg!-^-6QBH;mM8ne+*C?K+c%kA3#Z8L0DBelN zK4nPF*}ydMPxAed@Y%&-i=ifW$;FkIcy4e!TYh*KL(|d zJI*`1F>W`8`uU>$G9&$Rs{7#+B>Bbt`t|fnOJ@7=%@HUhvI9N+(&O0~Jx&~p`0@z9 zOL9HFNOBhz@fi=_41R(nffc*iU$el9*emeSjLsQWtkT~yhF{X?dZ0V@b*p5CWsR{;c=d{} zrMI=rZ`(7!t-G#mS6yvveyvrPbn0t&&97ZpS5;CMcj8f}p{i+qRpb1sxpm>%x^UHe zl&H*Ensn}}c9w-J=11`%jNx_5a0@vq|4$jO7CfH!V%DeAJ_sc9bBgoxlTIv|?+fMk zgV|($S|Z<{bXFzv)8qMpq!Ul(XT`=8!BjFo8{a)iIt|JEJbar4U-d}l2dyDi(pi?w zFDS;gHWo$mGa~t!W%;>DXL)P|_CYM%XvML67VzsQ*njwDi?6(><_4=|vV~7#;Ik&N z>#f**{)iJV#%Cz-F%o-uY=IviI>BcmVz>Ik<=8{9*!ljXT^|csZOgb{Ys;;s&+)4$ zv6bPPdExNc{Bp*qf)xcfo;7LOcs_t|kMGJ0{Gl^1m{Q;^kCNY=1$)k#`S}*BuDz`; zgza=!R6sWP z#y3FhcyeM|&&2fNi5X=R^Ly;2)piUeD7KfC*~=3Xvs)+nIwtz7CuSxmX2mDw^i0f+ zOw22u7%ZFEFEkO~)Yy<{t?IB7UH1AOyXkp(r>@IL zxAEhBS|jG4j=Bd`Dnh#dG8`&@JN~dTWJPNNzN^7!2KW*N9}D2S8mF_z7RchHm(+JP zMjFNgBMndLP*su^NllLDT!lhP!wZewgDTh-(o2V_QrP z6w;!|)y9Ho@l065q|i zheIXIF@fE`5X=7^tjwZp2n)|8(dDjfL-b!T%jo`wx|F%PToPSA*yeTaKaYO0hTyW%FMGx9(mhw^Yn@A2Tu0&BP_ibSW~`FjK|lCKJD;>aMAinV9Hi;*w43>p1c}8&Hxrj669@M9F;nGJ5Dw)wox-B=w4mJP=6I(Ccfmm{9isXa z&hkmAoAZuoZWa;9TGAo5P!|8RVK{*g%Z3w#X{l`P3Bt8yAzKNvO`UaQHk^q}OJ(Dk zIIIL4#>p_ZBSYWMEwtU?8)l*Sqma7RO|1?rL5?tF7ee-kmjg2QV--*zG)~m{VIHWW ziD-vX>T3=BdS%WWB;aced{XYe{0x*j1Et1OpHJhDe64{6I^t^$H875kF7OUieRzS3 zSP$<--ET7tucF#hnJl6AQHRri$HVje%mP-#1-;p^_W%7_L*8k}7y0{VmJHfd=6=)Q zKjUi+eLuZ$^5GwEIK_Ot!SX)dV4IIO;FWCeBMn2$M;eAwf-~^{n{PF6Bo5zd;Ln9F zUdbQ!2jO#{{h;2!u{`-!gCwKjNrh9~}{!?aSgZb6n6()eI9-|7UuU|%^z-Tz_$d2 z_5!yy1KRi^1%Ehdg>MX?jOhAeOT6-WYhZbw;bzO$Y!zK_*s7e-3SaVwUz z_+!=r^(r#1BTX-e6&^vIm^rmp+48G?1lUhlR+LT|{C8w>Tiy;JJ))V`m=OkN?~(PSzQgovkSn(xl+ZRR}1Ldwtnpp-^X zYowg&a}CVu_kCJfNcqnnkg|}jEu@^~vtS={QZV`BR*>4R-koo z*Mm$)*;I~HZ z9@ZTu@SJ3ip2NWGt$zV=KH>tzI}u}u9ICw!@qWY|hz}!v1@UW$Uq^ff@!NU(x1A z?IW&(`-ry8zTq~Qz&o2#L=I`vbq7109LBsBF@ks<;#@=yE4CnV81W%Q4i)Y~G(p?o zJznFeTUdEFy;#I}wdbe-0m-@KLsn zEp7wLPFpNHZJEFthqpL?NBjrk@o8uo5lzr(yr;=UEEJt#N{?y0d12Z>#4{1kMKpnF z%*!;cgL$c=Lr4~My)y?l90Bj1`G2?@dJb32Mw|BE>V`hobwhtE27&!)x$a-jq4Vu{ zRl!JZ?Zec}6!+O=*Hf_kU68T^m&gA|%kjKOQ%$=t_Snm)*^_u~h_$O??Fw1v^4uS5 zea(H{B73f)`Bz)k7K{`2RB3g2j5}|pdKOH{Y13U7+$FCvPOINF?w(V7z_kV)xNe6L z?4P$?9Y|I$a*x6i?q|r~Nz3`PyT|AlT5r29t=@|NTRKPXTW=e+OL}iV7+2BW*72{- zYnbwYoC8PdczIKfs=al2mc1?Qdjz@D+EOS)})8-?DwflH|MyJhyAmBaI1uTyH&wAYH??f-}mbJykZCvsoT z6&gjb>%2VW3UGF0HWkF};L-h=AL$xm)^rEKhm;?&HY(zuGl9 z{K&(J_3RsK=Ux|8&fKwGXf;2=ae1#pMQFHQ##7tzvEIv5p6T(Go5S3aD~IE$!*{qR z$B*{+C9q)ipZ@O%Hc-fGf;5t43cR3>G zxvM;ff21RFbAEpUN92c@JJJz(udV+{j>s(>CmvSx$KAkpT>2b7k#oL7>QMp)k1^^x z2(lrF%+ItSV!13EdlRtS`?v^fY+R@q=o<-pVf@k_?;ngk-hAuw@rGXqrZGei$>!eU zXnJ#@!|nTLdQq`wwuAO~x|?9O123lZZWGgHVLOK6m)pVhnC;jA*4t5wWplXzdu{L` zh_Ow14E7rEOM9HJV(fhdOnbQU+|Z5<8X(LcW8(?Mu6$(bxCJGRzu!SL`;vMu!`>W% z1Y?g6V+=ECFzh{vUzU$m0@G-ZuQzCWUxQ5^ zpsy(p>1N|q+S`h$*OKqOpG;;jHvSCO>wUWz!^E=QVhI0XAv2h? z55d~rljA+#u-uMgC5`q59cJ(Eu(wcUH1>`GD6wxp>~&(BX^(GxFpc&`9A@tpB=X%_ z6O27Rf7bTeFUI!fc=nEmvaxrr*yFXx@Qaf^nIG~StiIO=*ULB=f7D_3t$^M*$W5RQ z!>0j;x%{lvx85*mGXZ)#Vwk*S>Y@^|X1Y?g6x3s-x*rOizvxR8v z@zuyQL=znQlldXvG91SZ>lliR0}*Mj5D~k+kG*+k{I4JKeoWev$;RLK?$3 z|7yO(XQIsXTgAE@KmY4j9Q(lSgA@P|dJv7DRkrLQGAEeS)$~eCu8&%{Fqr zhmmt$hmjxQvr+O^D4i)P?-fe!kYztyr*!5ko!gY0^ApW_*N`RedZp8%bRJalCzSl_ zWXa1n?aX%VRXRUb{Bx!Anv%ao7CU_T&e-weTsGy*RqXn2l>IYE$%l}|4(AUVJLf1J z&J#2?%azU)C7($aJF}F|=akNT#kVP)xRS3Si=FjK=MlxvD4ljCe?{?MmCn0L&N|p^ z;~8XG*O^Lwsp3y7ojVk-Q>^_Q{)BQbe>eqH|UN0ImMld`OM1b{6_Kb6}x={S=T#C z&Nt~z-aN(q71K9@(c#b-c03H~9_I z7lC2UH86}9k9(P>|JSdtJa3o%T%p>FO2t)*rz@^eJV)_d#q$)`DxR-+q2fh~V~QIT z>vnmyk~b;dsQ74YcZ<^5p?Ig_#}v0Ieo}F};@yh(DBi2MQ}N4+_bGlwakt{v6~CeQ zO~v~azpeO?;`bG2tM)FaxKQx`#qKj`IcJX6PZ+B7kJe`hE1j{5OBD0jin)F(6jv&) zQaoKTpY@u&vlQ1To}+lK;(3aX*7sPbbQUQ-TA!p*>8w`Vr1)t4mMu!BMez>BZHk{% zyi4&jirW?MR=h{?Ud5e?Usk+N@hghE6~C_d4aILN-mmy=#fKEXub6{Z=J@g@RKpzC zF+4!=AjN|fTZ)G&9_({dP6hEW5UGZ+kor+&p zyif5fin|rRuJ{ebZz|re_-)096u+iYpXXDy~vIU2%BI~6~sxJ~hsigzh~Msd61-HP`p-m7?@;#U-RD}G(^8;ajld`R*8iuvHioEw~~ zY&ctSP;sH+0g5ff^mk+I3|Bl-aaggw-zib@a>W&jD-~BM*7rd*l%ucDFh}uRr9V$G zCoLF#_ZhyNpI1WOU+i#vnT$tZ|IhmW zwu7|uEcn;LyTN}Deh$nw zjyjx3^^P#_W7w`y{v&V(>K5`(!2N`O20l)h_cSL7{|0=jFrRCV6fVbkR4mNva-47# z_*24{gUf~a?C?_ItH5l7ScX~PD}*^&XqGT1Bt?YztZ}X|`~Eizb3zf@9opgKDC6^! z6O3XapAY6UE9xu&uNLNbAjhF7=cK1*Vcrw)`4#1yWX1M{ybS!P@Cq>76v}yj@HJsh znqoUbIVU)E2seY-c2Ld_0Ubi1HgPf zMxB9Rj<1nfKP?gF`vOaaE$}K~)=3;|qy9MXCgJnIEyApyjQ`J1fgcn3rQoD+6?m60 zpA8%TpI3l)i~K6^3&OL&ox+@?_7h<~Gk!&wlh%5K=Yro5{v4R&bS(4D;J1b8tCP>! zD4!3`M7u}kgteeBC$6zQqwqopOfDv z2yX+kHRJ#D5%AR_e+*nB%*k!n3n#(G7wA{PQIYQgFBEeP91ET;axbIze`eDS%((6c^)kHNh*R)GD& z{@UR_20wJYFSrT4fBHYW|9Shx0CMGwK0P>jB&ySPoC%{t^Dfw9_kXr99}f`|tu3yf z!L3nyYlrjDi)rvQ*yTJ}Xj`wQ!_Q!kv*UoXz1mq5aaIHzHZ-u%8uTZEfp{<@8qACY zbE<>6@DB*Tfw4!6;54u-=qnDU!8722V0uq53qAxx!R%x(uXZ8*1~%Pml}xf?WBmIU z&_$p%%!)njhu=W>%xgWMV!0f>@Mmo zg(tx>XIZhc+}n=0y%j$6hF?(jQos`+lLrUv7##ZTZ!V444GCxM{-%QoXI-qhG~qPW zG?!M}%M#B0H59I|X|78+iK^z(GP^$EY^b7eV-k9Qu&8?dH40m4B+XHzw>&p~|#=u_KHyD`(>5?D6af)WZ=r;;*h)aH~Q+x zl&tE2uc|y;R^~e~bVL8_vNYd`V=j5`Lm!+#4i4OqylBL$T~6co`uUJ0{y_H$jVF$a zbXa|Ioi;GbWKs`uhSHzW(@10(|}b4O!vqkKPATzW#p5wCs!~re$ZbQw?8#=fezq{mp~W_4T(3 z;$B~WUxw7J%f#1TF$?{%zW&&q%y`f9^>;F~2W0%+^Y!;U6MTVsnD+(SxRQ(j>&Nt9 zI~VfYh3p`2_c8_r&VqI@pA*P3iUYH;Q0VJ-GJXo&KfLEDa4luHuJ|(2={2hG3Fb}D z0T!(W&ZNHk$JM8(;BzYHXP9Rw{$!+|jlbDcxDDX?qdMQ$|4_z#>5pO=)eUsEiqk*d z_hf8KzYz)P!8@^q87;=?AG^RAt?9Ipklj`-gGWgXUd#Gq4_b{2ZVEG-f;g7N38(Tb2{b zkx@Gsd<)Ab&Yr&zLL$S7ctP0bKbgk3%_q7BPo_b>f-{)!^U&|}N&e|+a71*H|8o3X zeiHnHEy8J@;qLL1c?I~#aElpusra`XhfLn8#t?5t0zCZr{A0PMW-iUfMvP^qR}oK{ zhd=(Y+&l{#?GU^VFrx)#VbrrESL_-q5^{3wAi1CYId~0ZO-c`23q{eg2D{ z!+O)!w=W*Tv+Y5owITYa+)ShWA^I}SxQSl`bThG%Hz{snDT?VE!n1EM%w!|_FKcJw zIS@V1Z8!tK_Z@~Y@zfGol1w8Yz1XfmAw$uK6mnYbjGMnlHB3O?b`=W^G? z7bD#@@lI_R6WvT)l1!ICwu_mjUu!ab&Sc`&3}d33iA$2{8p!rD(~ONK(*q{cv&_Uq zHxrj6Q!Qk}v6=oW*!^~k_fwPUU1nmUn~6)3X(=-CPRf7fKTM{40{7l1z%VAdnYbjG zj)kn5nP!f`v31vUk;ychnV9Hi;u75Hvo>Hn4h#NkZe=E(Bz!gTj5&Zacq2H%XqeP zpbo-6xWefavI@XOgsK5)%wUv#gLzGDaV66;)=!61D=+DGRum^eUdZ~{t+ihk>IiZ(~h5Xj33j_`XA%Z%R4Xc{0uG}bEZG7 z9~YPkXM7M1$nd3QQ#1(+$BH9AcVS>k*;74E1n?;632>+H=FMZ?<5NxmagTVW|H9+l zRUPhr5MKl_c>*|_2OCF!I7wE<{l37U^<}szJ6Y$SbW9%yhVUlnS)OzZEm*1bauL1- zb!td0!tRj6T@&J=gy(^9nCF`CRO5*7v^*U0{+ZlG!_^vK<8<0!+RVJG++B#uj6MrT zcsX#Lm~CR_QKLQF?< zRJ{$*8#q}I4h8vR6fXY=h3Q(MuOGn^Tnp9w8RO!W{9)@&CxO7;FaU&g@n^e>v-tBk zG+D08w~^Wq{k~cJar??{0*=-gi`il7P7U4>}`E5(C4fd_T%U8hy&qNZQQURA3mILo6q|lH`Lz7G#=Cw zcyu$3205j}bUt|;=(}@?(YSL-DxGQEoR72Nl?FWm0H1EcR&ROkROMlstZQ-ax)%3c z*TWx^pJ^-$?0;l_Q;y@&>O6!9AD;YS7Mu@gOeHX#!gL>ccfEU){j?T0*G&FMt~Yvf zFRW2xfHPxk%N+~I!vH$3F0M)ypv}h2l2Cr95`j(C5X(s3XyqPahOm7 zFnPI7otNuoUap&Y*CH}6>qrwG1n}h49P zt_i$YPC?}9&wH6wh-(oyB5p#w7jY|M3*sY)k0ElBz+~)X9{GAi9x)SWgSR)I#0GCz zOkkd|h`gZ8oerw2L|#I?xzRd5!ZL4Pd8P6SdJEA6>hiG&FCyOGXx$zx z^EQ?z4p007wLR3m1(BB#Z*i#0!GGE|dD0{g?`HU9$X5B8hx?RySSIS`APzz_x~D09 z+F%-GVZ(o;ml$VX%Bz$@E#&6Yl`Q$4eb zxoVX2d&a^yj;`~Z(fRt(b@mvYT}RQuM)huj9A$4;XqR-J#IxYB{;TEQmU>6uv(VRN zoIX;iUFvRi?-4v)?%6T>N2jJ(msXd-W$e%1{UH0woS(FC&);<2S=TwydDoqV$JA#*ohtX(Jc#{+A+od4u^HfE1vprAYAW- zzS(n~sCFBI1lPaZ?9bm!r)JmkfckFv+_l#&to1GYe3Xya`yNl@a&RuZfLQd3#{+t# zmp!+2I&%Hj`i}IF*Vq1GC&J;rMzlu~4RkB7cH+FC^Jlf>#`2N?7Fbm zV!ANQV}j9{4F&4(mo})w=O2amrJQ%B43v|H;WvcH8v_Q)$wm03=u!Mh6FKiC$RR}D zt>bca*>t6jD9^vc%^pskkN2@B*Z)6tu-Dhn;okL(mH$bu^?VkN7te`IM24}5eU6zc z#h@5|Q#XKEI0M~k{0u>4ex?NxOJ&*E<2x?qd8IGnGK^nL3pXtqm&f)9jIc|a}`wb8nW?BWdV<>*P9bAvuj+J0-Z$6gI zH3ICl!CO{sk3P3}8%le*lE(e~Fe2^Yl5;}|Ht3`Fb1PD{z48&M<3>BCe7pswJrkzG z9`}I>#s=T_HOw^n5^TpW%g2#XV~@Ac+Fm>CeHDWtCYZF{5NLb!)wdrf5ACsjGWLE9 zHhF-)x;*dQXEK9HdqXkhf6K>EfH@ge+G}9F-XNaG4#xrGdXJGb?w>=5#x~G*EOzp6 zf&`QHS1fCLW6%F+-+Do0FnMU=0@&*`2NBCAEeoLS)xw^I{m1ehhiLW-A2paf5c~3x zNdF-wn6wiPv)5FH_j<)1>uh6>j~keW*CNBcgT0RjcuQUy)6Y3fFLX+(4Wce}7%#*h zb=ZC7&>Keu3DjY@3}Beci=fBjZ-PnVV+y@rW?q^)pHGIe*$zIMFnMTWHSF;^GQp%> zb(pTvotp7zOn>&-bG!SdnEsqo+7TaR@X1MAKrv|zlx7($5sv475Sm%KmRT0W{|VBJmMde?Z1?q8+UV}f@UAbdgy&fpZ8-ssvqT2PdYBCe7g6Vk{;g2{lxzCcn$bZ@HT{J zjGvtW1fCs!)DH~YHY4ZtKET~rPfn%{it+~G55iVN<3q0o`;zYg^YJG~WytJH-XnY$ zemMd{`F7+xQ}WU#+4$e%<6Y{oPx_ANu)JjBPmlE~*UPe#jsLwuk+Y0sqtA!=w8?%k zpT(2ecfL`W<>WJU%GpPD_lca=wDqs*qmO=-u0^D;C?0zJ`26gEAh_E|1q9ZM#&?rD zEG%-iDaOZ?O_mFdZKu&cOEIrABfmiLWX08ruTos2_y)zbitkh$SG-2?mlQv(c#mSY zA0pe>qvU^9d>76ivn@@E`Pkpczo>Yh;sDMeqr=D9hNmj#`DWxB$x`h%gN+|QUIWHo z*)xj2ubBM~lb7%D8=D`JdB73U(CG0TU>F28HaV}#FyECoJf1B3=OQJqR_rLgUg_5= z`8`Vh2wBSTI2nC92F_P9>wQ+qUr_QNlO^xZl#V-(6@5sCKPmY;Dz6_EjLDlpmh}!G zOWxy^oO6zh{B*LccNCcWa68s@g_2)Q7MnMc#pV(Ib3|vE(rHq5HYz*Yl@90r7@J>K zI^R(8?~Zp<)_F*3}G$0!NM#asFc^_hQSZ5i2Sn(5z`Aop*JfpZ> z@pFp5ulQBPzgGN);x`rZKHIG8UB$csGxBuBd5Q}ZTZ)G&cJF^>UvXxEu{loh1jQUa zH#(OpzFhH@iup#l(Z5OYe8meD*DL1Gx5>L&vD?RxGH+ILx4$9s9ZJ4a@s|{TMe%OM zdlbK<_{WNWshC6hrksCO{I24ED0cfiQck`uVDc6!K2Gt8ibp9Pt(bFSjUD#k4PUC* z?NiBmwO_<*ln!5pHhFJR%=xHB9#gzpag$=+8yJ1gH8uQY#a~tYlHwmLcKc~k=D#WV zvFx{q{CLHsiZ52|_Q6E|Iwh}Hyj1Z6iXT+`yy6!Xb8fgP&pyS!SM2t?qzrt=-{_~Q zzC^C#ev0|>ztJC}n6LdC`FO=8ipv#qK7i4`N-<{w82RTF->Ud_#hfBw^w%kVK(Xr& zS+>{hn+dlmoo5y6z8U8W82i6a%sJOa?)J^ZCMOaY`QH`0{V~ze{tWTPb+7(l#hhDU z?2J}?k>ZJprz);i%;^Tk&JBt=(ZI;>RP6S_q?`#QzfbWt#ZM?sD&DPlk7CY1FzfA6 z{71!ZA56-?i3&!a^O_Aa`CrY)quURW?Ha4v&~b_dxP=@GJ|8pZ{{Y2<6!SGmqjR*r z)^MdWQgK-ESj9){gOwW&jIc{LeGgI*_#WjlOD4wf$p5j`?N9(^WQaUlk4T^RD zZKIMmE8e2GMez>BI~6~sc$ea56t^qht$2^(y^1>(zpQwl;#U-RD}G(^e#LJqKBV}4 z#T-yE$1YuQw&J7p8wV&Iz6NUS3|7q9cSb%^aai$K#p4w7RZ^3;L~*&|3dNO*s}xUH z%;(I;<}AgW@Mq-n6xS-AuXv&2qxDxCluo1K)ry-HZ&BQ$c!%PhiXT(Fi;Q-Z;Tgs4 zN@urX_kK$B_4P6x=SF{#UoDJVcVCS#A5&j190c>4r9K})M}>L6zEF4&c#$xNHu$PF z{e&>^dL-w7`RX>AHhB$_`TYAK;Q?S?ca(DofUk9v`8 zj|Klon9m7*CVU>4uVT{+jTG0=`T*4!&A=DVXmsQD-ff=RbKpI4XQE_zvOi;CkT)!OMkrg4YOt5xhZ|&og+B zMw?#-ZxenJ%=4M@Z-Ac={wDY-;dU_3Vd{Jb?2ZkB`3^*v$l0Fn6W#~@rSLDnuM7VY z{0CvS=lg~K0Dec9ZTS1bd=?VGeG}LF4mewwZMgA`#!0jTL_QE~e4}wD5TD^Q?_ls* z!hE0LY~c|2eBohW;}4C`NT!Hj~c5QfCwR&%&%T4hr*m%-@Ase{g((`rEynX#W8T$gp*BPG)-6s01x0VRA-dZZmDImO$ z=DJvi8DD2_gExts_1RY8_rM(Qpg!xiM}&R2KE5Q(dd~Pdqn}9LUsIoT-gCl1@QcE% z|9&J)R|h{6W?lFz;X&Zv2(w=NqcH2mzX%Tn^B$b*VjXFGopJWQ@pZ=fvHulwHE9|oCgKOOQv&WxfG1TNPxw!HYzaJ;F1i$YyzSI)h1U7!CL)b^)n`oomHz3>v zOoHw6I*=zk?C(F*`Ka_y=Etkk_2ac8V(%z+n&HK(%-KB3KlzdlC)wqExyNZc;C!jt zSr>4=g3W11!)P~0?dG!lv`~IlPkv@RKf5|VCz2m5&d=}24;;wP>&nkfX2Ips3TP&> z{9XA4ty$?^&Ppu8WmhyS1HQgOPGjtPe<;6S(|wk2Oi|Ka8GF6DP(^hVkToNvsHac8h*fg&2 z(#BX-O>73-lZC6U9bGb`uxV=H)o)eXtFd`aGYVm=)n3UW%q;D)S5-T!t>N$iwj$)L zX?nDY-efHLFhNK>|=^rv9p{+v2$qHRY(Y^m%>J^l*xnR%?!(%n*r%@+VMW+$)y{@4XG^Pd zcgVRP8H=5Jntlp}ZLM}w$X*}2vM6fb3(sh^#a79sR@A<))lS4dEUG;Ndw)&T-mw2Y zz?Q<25-U{SvcQTuO>p|wYTsS^s@3JJ>9X%f5*(;?-VU{Uz_knNtF8t&fvaZFv0BT| z>tU+Parx1DxKyilmUr2!;e0J>uYv+Rui@|h59?c~hw&;FPl)a0pwtxTa-aU6-?=W*?3{HfCcDg?HCbcu&`?SE_+R@y`ih}w_Wx|xPXK6HykH8eCw+GeV2VN{J*u*|J#;U zdn^3ERonMEFKlIH^UKJm%X#cX*_TA zpR%v6UXwQ^D-!V4h)cLD`(I$3yW#yldvgRn;I2RMoND@jQ);Ij+v@`^YOkwyHb<$jpth1l3OuCC2Gn6#T)n(Ml24z{!$jLob|O!l=-_D3dXbWP5zo}8Vqo4V}v zP_DK&!TVhI!n#<=!NlZ1>*TcP&Qf1v5%RV?ZPlRW+~JSdca_-C7!(lUEl=z;EF+8H*q$M=uT@pnIMjW2HbB6COVSm%$eSfzh_ z_4sJ36OUbGm0VyA{2J<&yIu`kkn!oPvVycwfv?P2RaTIlEXZgr$cz@`M+*A6m-Vtx zL3&w1UQdC)qactd$cY!^qIhM_aul_!Ac)d>CFja+u#)!DD9ZU(k#BEN8Cnhai7Y6< zwzU7i3Ke9bIjG%hCFss^S=*yfUS8&`h=u&IN&ebKD|VkhYB%EOTaQ{HJKnNAT(Z|H zw(qLF-iqDfZ)&sv?H%FR(s0e}@TmOf^B) zf7FS2g2w#jo09PN=)@DwT?c+xIBwL;DOa4o|IUn0r!|e|`Vw}1Rms7sxplRTrPi*x zGJ2D2h&!?5q_pZu>Cs8qwTJ4ec9z!G9E{uXq*AAq zU6cGBlLD=iGLn-rt0!eeC*?#YiMp`rpw;WAGj6X+*sF`Pb0XQkvTT2K zc6ul~qbEDND?8YcogcSXNA1<|>>RY?*?}p`QR%RSGynE4V*JCmEsz06`z@f)}#A1hYUpzaj!(J74mSPb#V>~+( zjc43h#?)XzJR2R1erWMs<+WIE(%BMsRwPj*dv%A6cDw-%OFY|`%uDMCrpIt2if+SO z=!axgTuShjz&i0O6FyE1oP0AqKfQr?(w}=1R>hqq_YMJv73sL zdBH9_h62RmMM-C4$i5p#ti!pxWQx^cH+R{aeU}$?|H<+d7j@b9wU5B5crV)O&hN87 z(`DDAKZ9B&X>aK)NAG0?8n>3Wc%8Dtv$+UY96Cbi@Wj4Z6h|Y0W9TgFvDemwEHuky zPJP5~Dr2h{@7{|utD(nEbS{9Md*DA6J1W*%gq{+-W5$;GV^jQakJ@G5-D7XGW?0?m zHI4H3*fEp={!TmJvU;4mdhB?Yy|m>qZ?V3|UWV(a?OVLu(78gJoOEKXI2_Khh_f6Q z9XeM7XN+2Opd}Ix9`_P14QFZ8S&Nf4VK0r%EbXi)Jh8E9oVDmZTn^#$*kNKr`#JWR zyoULVaED#*waqxp?aif~s|(NA+a9jzaO&H~Sc~58vF{2`2zM?hgg4mmg`=%8g(yPj z6NTulp-`Pq7j|wg48IlYoKc8gLe2H{*tK*WTV8}p0%ecdE3k19XHm7iJYqLu6H$9% zv)J=^lpTv$BmdILYY1Dmu-dsJ;@lZ^mc*Ug%bdkM4xb?48jsr>${y&3XV(k-h2?UY z!_oVoumfv=+=qqrcG^-_6JwbKwO$f_>LE}3d23vxmQxv{+{9DBBL zyCLGBFMjpAjS0u?#WjywIM3Tc;i^Zil3jJ- znRO*^l$Nv~jI9hOr=^8=q95E)HqF;F&EGLCP&_R?+;p&YS_V3&=ptJ+2Q9RN(=rpN zex~I_rsY;o%Zn{6jn%MyY<*#W(q5aGmKB>sLLk09{m6d5_)EVdFeq zj&3Vj%aXm}@LOSPMmTnTxC7^}v%K1Aj5sSU;WOB3`?iREN7TMEVK1qg&I-3S8g6P1 zSGy-!)MqGtJ=ODJ1}A|irP5F%h2VFIE_(f1)nDbv*XU%OQwF9uyHxmH|?uyYCqVttF(J( zU3b&L?#5DFBh_}SyP~c;e6V{s7FSg*tgEUyh;De-RA0wbe{yP|dTK5!0lOYGLp7@K zscEfK(-TuO;!`s_re?+M#^}`S$kd!DPs(LoQ}fEE28*ZWho<(co{A&80zJZ-_JcLM z>S~(~qA94|>F#sv`I&Xy6{V=n+*Q}%JnpLS_f+^gDgw!hv<`GoZB%#56BU`siuBfs zi~|)}9TnNpikwJAZgoXoS4FU_BEPtzU#J4j0=?cI?(#O#+U~Xq+i(j|j2jK!^KBUA zhuh{3=ZP-o@gC=~1I`z#o$a`B3OIafWH& zSe%=WE@sl+(36{UAUC%)Hy_8Q)oFncw{@+#{ZI|IIuEqk4WT?g?)6%o2Hzt^2|Lk| zpOMH(>&nkeILok@%nP8Uz~zI}A&&bDXF0BjDA$`A&B}^9tD??Is8M1k5;=L%tlW5Z z0h}gBozWpaPIeg2F=8V z9=idW9l;=Obz7#Q9&W;U+heb3DYiPe2iEeCIS-&^@hvIp9BH-u09E&<9{XP3(?#%X zjmr?HN82~8ru!jZ)r0%0g{TKs)RbGXxkW8^S+U29y1QT&?a{he4|;L;g!fvp1AxuN zxTg;JLrzopX(((dw(rAYcr!XVTSLzBkbQrcw`+|pJFQsMAGaZCshMM0XItp)xC*cP)>v?E0|FnWOEYh#m?4xT!=~&YN(E(R&s4&nSD>SgWbJ)(ZPtl z$r=`BLr`9X&U6AD3}-t|!ZMzOJ8;92us4V7`&dJWRMt9lk z&=6M5sNeqqPePn&IPtpdl`ZkYYUlP=yD?<1scAihSjSxP`|J}J?$v>=8>729`|*>_gkOY*Ld+UPQ_L_Zq6B2*s{ zr|HGO6;J&TS8ETtLi_4sXminsu=&6x(V&`-1o}!xwjdq$Qk;osN4o3=TtZDd>zbMl z9=#pGrMmKnc4Xr}YezPic4Q?Q5i}*L9odMT_Q~3jFQL)su%GC%AMddrJ79m2w-<-d zt`{QWarsAvAfz86z#YgUU(oO4Ghq`#fOI?$_4O-E=c8u0M(0p4J6(PBuFim7CiOZq z(ucWAH;cWAL*&K=qhk>vGPQr`wW|&VqPK$iWrG{JNYK zy}Iog>8C4Qlr%mVb|AuEe*^{h^M&x=AjXhj0{phWfi(DSpU$5^hK&^XZNCTwPWf%m z!xH?qf55ctEDoH&Z~N))PgXI6uHW_~lzRQP4@F|;2qcN$c2sBo#BV#NUS(Vm_y&IR zUP5jw<5Ph!euH0U!bO34{J3M}zKn_hpUtNSf5$aWbr-UOd_^JSn!pvz68t>#+!9!Z zg~H%QrmS)o2IRx5i!Wnq;31?8%D>5(?aOEjd=CqQef=)RPl5Yq6S5c7;}14yGNc*l zm*KCtcW0sc-GM&^?w`+5H}$99%T-T(FY7GobA5;Fi|T5ovj{3(7l31Qu7_a`e7PQm z&-WD_%J^b>KDH~knuUDaEu}A50ga3=rSHX0dXVEl8EwWjd>-|Z>9pZ`fjH~!TbQSNG z<=Am7%fLWd7zVuc4Gi!=aeV{bjq%oZVqiX`zW(2*{;A$pUd=r2R(cNcJe>nY)6hP_b3#vKIH9i-`V;y(p+Au?iVVPYIM{PSKiG3ZKe*QkJ&*123!vm5Lu;&O z{99hat%|prF~pmZfW@fKb28tI#gjOY<}L1Gs=L;)^}ydEo}BVIKLY2$DehY|=W^rI z);BFVIpuSH3R1CX{Lb(67LD)u1K#2opXZ>SV}_?NhkyJlC{^0}w%aY9Jm`A4!GAGF zO>MsZo`uz94$0mYV#1Iclmyp1^KkrWCZhi$zK!hWVbMaAx%ylZ-SZ&hM*7P++NtcP zZwpbb?5A&&JeNRT$f90yQQthlZ6V54o*?oJEr6^GM|5vC#>3&#{?hwl09&~D)GJV0 z|E0Y8IHozw^>9C#(*sb##TG9ToVmWaT-W9F>3-T$hA=Lbr zy?}(_%yFPM*ELAw(5rv??@ZzeJl9;4bCAd}QU5G95^heu9`7ac@xgE``9EWuM2@R_ ziA#~##KceY`$lfguk|LbLSifOs1!piHU9|E=i`H$i%^G z|1FzMrWZ}7KQR*%-Ar7POy5MNUCcE92PRV*f!j0$5MrX6iA$2{Ds1N=W~xiW3F#JZ zyvcMGGcnQ4#3gvsVO7gLIt&Z`g_kfB9@qOmkJQtC3OH>q{){jhr~e5{jYvD4?*;8l znfNwLu*UM=vBH@6R$miF!!@zbm^kE`7|D}wEGoPEkr`DSuOHvY@ep1D;Wu0%{P4Fe zW-W-?!*?P&yKV-f?6cSiypB=~!XEU;;dRevb3RJi`j;2m`2eqG!BtF!Aw!e|yN;QE zhs-6+yyR1<%$;6lw~Aq+n^CG5W_kyiV$2k~1DS?%jmM$5YK^FCsG!#9)-}xhJ~HoQ z=K8OhHTq|&tf&T=tg_M*^@*%DZ}M7(jP)h>;()gkZpX=-{!;?r1Uy}8<}H=CAt4aFL1 zDDJS>HuD9HecVwS_vK>emO_-Z{zv=t&&)1*pb-k|Zef@h;e-NJv3mR-r`tYcjh1M0lnPV0? zp9J^}qR!cK$!t%6Z5?fINe{L@8V?k~K4{G6B=|&7@aU}tZGF(hsFytPK;iQABV01* zQ&kC{!7Rr%lz$L)hp`M?GTTm3>}j;UyCK-_jlvJ2&e?LwYsY_pI|bY*}1zHxaNM_cNgEtg=+4txh}YiRq2vtc`s9eBdBx+MeI1-Z)P%7fT} zTV>Lz6Qr3=kKDur=yWMUI;T*FgJ|F!gT_)!gmoWSM<0C^&WF-j9I-=ir8shja9KST zmRWRM-3blbWi@)PxMHhtwYYMtq_AaiUrK@#&a`%0mJ{2b7DZB?Mfuq+rMb1|bh;cK zZ$QUhX{`5v&UZ?SBKXbDwYhQ&Q9VgmcW+#@lkN>i7Z9mT~Ax? zGp;wL&i3OrCw$zqqHjg;jtU?X>EP5@3ZXU6FW&91D__W zi#F!B^+7A6UVLKvJ|BK&^+eyVqL1&x>|~dE>o2^<%Fc(R6H)5udyQ>eZ$K{Rn zRS2J@^l9phYa5ad@XR4^^1qN6WEU`5YL@K(l80xh<lGcb|-5e(~E1}c^8+=tCg9j*KX0r zg4a*Mt3OIRh-;k}m&|Jb&Ke5o)g}66@H!r=U0Rdq#kJ0hOXf8aUQ6k=L``y38$?!%>EJ4jc~G4yRG5u41EXJ+SwWV4(D|cyqf7X zJlYo*)68pAI3Z*|fIW#8c8=vW=A91jL?jkXi{`|=x2QMvDO!j(_bHe5vG7i%_lW3i zaqnjJ#^H<>;?2XEYfzWLJD=W1MK{pfA9_pup*Qv;nHF|L3;l-kz6#z;={+*q3x^!@ z-m%z@hqOhxX(8V1L7ewB@Lo;tBcr3^-rK#m>wCG@dHOS9=T!->CVHhuuZeq=X^z=D z2G4Lhj?=|7v^G1R?Xs+vd2`zyO)4^sKQp4oMcE*EB{N#p2~8u_T}U}D%46ss(O9uO zFA_aIdJ(KX#_|!(^zzF;aoHV3{qg|py{YandVKT>*q?#r;qIzOMzjdacVT&iyXB-Lj3crk#W54_- zzYKrB{DohJzh54J3LD|Bon%J+A+`Rpp}Y`sBr=nTrV%|Wx_Mu0V}B4WUowbFJBXHZ zN1$;gjEiYJHrf|I)9lDt?%M%Z*b&QX%;|JEHPI<6I<~D78ZK9elWVw4DGN?n*#6P8 zqh)QKu=Tk@oZP;`E`L0n*3l^^`X@U1gQGu858?_tXn75?M<-qm&Oyne zrE}nt8Bc|ABaP3C_S?Tr3dj~$ND8rRO@~u1LPsY=v)Vdg@8Jq@;@*?C9l9=kv2E~! z=7Oj{kXA1q=?GnDxEQxV9XjwK)zdO zoEQB)jd^j)-2!pl%S|{eWT9%Ki=!WLEi*kCZO|R{mH-BEtvh~k2{CzGz7t-R^jZ?# z2cezUt-Cxc>OteeN8W}bzWRDFJ8lJp;t+CN$`rI?YbNe z1PtO@=fx$Q+14Y6iRd;_9$Y|(zC$C*|f4jQ!E-Y-R)RAV#l?jzTWm9x2%e4&qunzPfIO zN9AmIWzp;U=wLEUjzLG7wcbWVaK>w|3dF+@Ghr!MYJw>-__O|J0~r~J9d2K z3nQ!PeM9v7;QdTnZ*)_%5bxOWm7i^BruXlnX_&c&@mG3t&)FUQhPwz&3p+x_x*j&G zr{JB4`idv~O{W9nBRcYEk+k!Wk^|k4l30UhpT@!d zAUC8WmXqT{N**jBu?C|~>Y$Z}`T->ehp{OS3xiS~zVpzN|8>ks^tO^eHwb8(u_oJ$ zteG0$8Z77$Rt?x5TpVtBw#5;aXD*@$X)J6M{riz(2K`7eLy)7S1THt}@%4Uu%%fu) zPsYbQMwNbi%wyZCu={YrB@z4-{{L%yOcaQzahB?EJZHSQ*eS9s0~nil;KopOoN+aV z`{QMp_=H0b)@O6Zdt`2SNCJ&HIAz;$IelW|IOBaiSZ`fS_}DF6n!A#~%lpyD1kNnU z_?UW)n$EjsjN$E)&;$BOEE*RxC+9%$nj7CH1r1RsE z&W}erKjaGWH4;mSt;rcfpez_~5Wpa=V1%A7Ul(w;AH?YiR>d1)r3|@9jx35CxF|C4 zlE|TB4_UTlaTnB37q@h9-{K|3k)*z359zxy#QUFFhg^s4vR`CzY(UG!GN5I!3#Gsy znHv_z2igS32e%A`>uB)Gki%b!!HPHwGJwsX%Mty1WZ*Q&VJ zBhXHFUgvUVUJWrXt~almxYu}?UgEsY;mo|&$Go`SylUfKS3=7>-MjPXgPlEg=%A7> z{3qZuE-MKK;9#@$4Li zW5!O$4Q^#Qb`QfMS^{Uh+lym&?6^QnId*e38YORq#wYx~fO|G)KRTSu8BNL`uX<)XVzhmRm zuYh)PXzSaaJo@-<&~x5)!glA3roT9@`Kd5MUdopcyyG~|Cc1qM`U?Q{ZeN?onWbGG z%NzY3a%W_dLuRS^0fM;rfsfwCoZ_dRw7ADx;MPLiB0fxXJUizzJI{Dy+zW^sH^=&> zxbZ|9-{Ot8EGF=a7zvT$B`XQ^MpuPn54tJ|6(2x59x8{S_}x$xWBXzPuLEK1dd_^; z20g)jAT%yfXHV$ks^vn?tOnwPXEU9#5Og`5@$wV=b}T0NbS~tK*VUY!;L{n; zSr4Dij>QC@&NxXYKA3g9JlQNysgGB>gy7Q|#~HuJf^2{5@{bT`l4rNd!r6bh*f8y)YNp>qB|C_LuUQ5c57a?j7qYxt87?mtZv3 zz6Qa8HST{-NS$lVzk~A8;&JC6J9vsyM@2?_=_u2%h>nso-oL`OT^nl^%!zcAwm#k& zaXqeVvdTEK^=&&+AAcNYyn}!P{TR+^+rFpt#^X5~1tVmpYzcuL(a1#3Qd~oU{wx45 z3M2EJS>o{~9sHQ$X))Va?Q-=Qs5_*wY4HR=zN^S_oLQ`R_ef*D8vx@C&e$yCKRrWg z_`$?nzV3}1)j0lZoW|@a(7SQ=f;VnjOxWxeFz7vj`9cTU^|5alUo*N#7caD)K0wPrQZwQcfaw z|3jB+QB6tcQ)zl|U;4y7`^NgHc-pb15L7sM<|S}HiIUgk+bMbB+E1(!ejE+G-X`hw z!0}#>>qjErIR0?PhWAV6A@uFA*1)ghO0VH%|?iLN9Z z1i|hRDkAtun0sOIuD9Z>-5yyFR1SJ!I`a( zH*VhU*yQ}jb7t$~d)Ogx;`8XyhXRoeFDqOD`SU=??4QO%!Kf}iC04S z#sR-&$Zr_(n}GZlAiw*^@BQ_{Hshnr{U8G%heJ{!VdAS3qaYVTra<_eMZVs^H#!-6 z8Du$xvH4v@Hj)Gg->L5k=?>WoQUy9t-3O43kWV0+A^cIQF+*LBL|mS1UI3W}nFUz{Sq!-s!V7$13U$l6WEuDx8^0g< z0)*R6)7pmRqv6W~*GZ62HyjUx-(H;n;XcW_57#6^I&2fHD{ecs4b~OYdKB_Fgk@!# zp^W@qBfrzgvS^wtO96yWRV;w8OiYt?$zND38`BOGw+-72%M{Y$He#K!O|ncOEw+Ks zmb6S-mmw~%;_-s2kaWngkTB8bVF<75@eLTpRv+4)2+4$;3OOBeCL~PsVV#E9yRtnO z_Phefmt`)3%z=c7I$mhxiE3C^BwU8Sjw?XcJ+z+XNJOz0c(g0!K{u*RGWCP@V zNSHLu6QJY+0B1m$_63k)$ga}71^SR?6_~N#g1il38k->zjm`BE7o`Ua(;ARMYzk!75M*v^p*c;LtascEY$f*z> zMbw6><{S+39eGs0%@qDWmat7+<76K z!nE&&+z+XNJPcu)d>j2s$XAeWAT1DX1J)<&?RZF-mLXL*afXspvK;}ZOhcK@@*U=-;JqCFS@-!s06K!Ydl22|+ z=8@YXoU8NvH=JL;01ka7%Md|K=CM13d7KEj0K#p@JT8C~Lqgp#FKZyrLb&Z%hi^eX zhHQfD+@_fXC)OE%n(y3p{#zb9s^e{l)e4!1G(#R2ffqxrfUvHZN9OHa2=m5m9ricY z8Mkqmm^b~M#orn`?+b;{4MdDo$Os6x_2{n zgf@R7^1{9%Od&5OziGJdv5kkahqlgb$Tr4p$TrVBYF&hVkZp|Hj%|r`!n`pr z-$U5%41=)EGcRFcnL{5C_Q5NmW1hmk$i5-e3EOt4lh7B0x(RJ77dCA3+;;2(xNkBK zp-$KrFfZ)WSSP%i7N&4cn+x3x$QzJG$VSK~kS&m}Azg7UwihH!v!N@5TmmV9)IuJI zyZ~u{Fvfe3FkK7gZ=G=W<5lqMkPjeC>odq^2%jEiT48zsx(6Z8KtgQ#GB$mgNBaH; zLf%)MjQJiUOpFoo!dSbC!B>~6Akowtft&&v4GGf#a9B6e)}0~i zsXGBe-2~Bx^V~yr^XIy!VtzV=_s1teCPSt|E`rQ~go)?I!H4I^w3!Z}&1H}$+WZN!7V;v5F~h_>(}roO4bx;yrpYnq!gM4c6LJ~ka!4tp0`fb^ z&5&CmcR}uk+yhw!`8{MT`jK-W=R+=pEQ2hE+y|+J{0E}fOR(f7rgb`G4&-7;5#&+` zV?GaItUSm}$ZsJxK^Xf^$O;H!KMvUjX@!LACvbHWV`o7a>t)C~$eWP2A@4)}3E2+m z4BtHA>OCSp&C6FZ$rd17LTD%_c4CFaTKlCR9AVVOjkT5aL@sM4m`4RMggKUK` z?Vlh_dml(B>ufOd!nCi1XqvBLnQ0ERG)G9fO!GX*B*;|Afv_C}IT*t0Zoh^Mg&YA% zgB%4p267xE1M(ZlX^>EMmYLh|GstGh7D%Y;AHcnk_P&s0$f1yt5MF-?Q^-qbOQG$s z4nBvl4!8|i2T{ah9rTB=%vVEr4d@04+tTe2mi;{luh}te)&bLI9Wd=MO$AJcwl!{p&=!~nw!MErLR${ke!3!E)&bid>wwqQ!Zj!)<))CAo%f}Cu$KD} z>w;~9b-=dBI{2S#yHH208}1XV8{JmiM$B`_Yj@<0br&Wc=a1P9+aGckBuxArbS~sP z$Rr4l`_mxTK`J1Xkh>uFL3r#9*QsXU7%>Yn53&Gq4dgn=&5%mS7m%%xe?a~T8Pyr* zagZ?0MXY&{BFLqX-$8DMJOQbL@Yv4d`dRQj8`5eMDc|2iS zVY&)2u7R*DAq|#^=Nde>3D?{T;2X-a2+UhgjLmU+K7=$wn8r_#&JuqGVz6#_zVj&L zaY!h`b6}>y^O9uv9S%7fG754zq!hwBV_EKk+zoji@*;$3egye9B&4~!q|0+4rpeem z=ixcoHb^Vv2MEu9BJk}F;dvUg!O!FSdD##xoe}b%qFs(fxdqR3j zx=f4bWg#u5!Sk%H5T?a44uMRB+_v)Ipwsya9O!@&RNcBV;LrW90H4Vwlut z8uaujh6JBGz`^GcaF}R212PN3v~GjYwjRQJgkcIcjLEz(543#@@)YD*2z|oDG`Q|l z$XAfvx}d%wyf4Xni(#Vg(~u?zZM&IGSkHBg{T75a-#}U*-$NKPOw227n3mcwO~z!J z!^NI{gUop%d^lZ!_RfjVUvbj=m17U&=@gIH(dfT>?1{fTazwa{kJJsDzi{@nS%vx2 z=SBF*x?%ZqXHOqCeagIo>BCN(m$zWnoVmmDr_9T{bjm!a=NG0AA31W`+}Qz#70sPn zFn?Ha(eydkP5=KYwRXve z_?Y89-1PaArxoGa0EOUNQUf%Q>VC87U9gzo{w{HU7h94{I3({g5&!G;-m;U}tLAd2PjG+L zKI$}`Tw317M+j*#KOqm~XxF`*h8d0~+)zSC3S z^^~ufC~E-ruPt&LalWgruyL6gx9MU3Vu^>6EZCtYs#>jjI9Jd=_l( z?%3w@V6&oQn@z!{s$-kY!RD?GY+`N9=aYYZ^?G})>W=hU$-b)n{@8y14I3ifx_qlp zuVAC~wsYP>4?w-|b2Nfa*W38NK9zPQ!nTOjkJVu)Z!Cwf`6ATe?LLD4EBV~XW{_(M zD@$CTyQC}H8(Pa}30?cP(Nu}X>;!WTp|))=pjbfTPxl&yu#l_FKefK5T0yty@riHJTjDtoXm&LfZQJ?Gmeht5t8~{-Wlq zUBI?o$dl+odbloco~x1`?r&S>DQ6F!Q=m$I^tF%e`De-q&Ys zFQ@k!P1?ut@x8A*8POd&VQ&|0u8Xj@`>R#!BdA6#wemvq=MJj&A;s8!+$MD&Ut{`G z_>I=fwL8`Lw&vIRa``;?IR4yfPge@n`?9O=FLTI0>%4t^`n92spZzfpZ7qFk;olIAmOfWO!!6=9+KPN0Lg{?x zL`z?*g>H-Z2!&mF${!ecz|Qf=(Cj2FIV~_YP z;_?G~ulJo3?6DT-!ZE$quynzGL+B=bms9JyeAt^l-et}t?&+Vg*yDFzv$xIun*huwuranU=we> zK@+bEzeO&0*8|#Sm^O3V=I}=ZzqZh6{L!$344ap3>yBEH*K4~~jZaZi>1eILmY}6; z+v>EuWQ{4MM(eF{LE4^DJ=ZCku)Eu3!I30TE3swwOWx^S{?thup!f1Q_xezuzQ*|1m&ogVitRVMFR88#dGqH8jN@z4$5Hmad%L>z zr&K<^kKnh-O>|GJdQ1RJ{FM*X!)<{sv}#F7BF)zgph*_1v~jd>iwr z^RGWS^||#W^11S*&^igHT1?mfb`2VTaC^ib<#3V}whrQBH}ZO%sri#E9KO8$JMJXK zj&Ge3{9z6D&@&15YYiP9^!`^j4wYWdzpluBtxx4$w-%a*gZ+D=!4^bhwTT6>ep>1c zmNDO#!jDqgf5H2dZ2~n&<-+YbS6|4)%U-|PIV9X68wgf)!RirdLc7S`o#JK(+|VMK z8%erD_6hik^V`f<`WBxtpFowL`Rc+o^pHK2o#|*BumX7p%b#?(S_Kcfw4r%FY=;+p zye}iJ8Jo97v?Z)#lCm+Zao^>W^nYVk@oKOt_FJf<>Of|iLS|4n->jYu#jWv`g_O8o zSR|jIRP|0Vd=BEjV#G4Rie}Zj$rsI*G;VwiJDT_sV`GWALGifG7hJROfpTl&Agm_AXh z>JTUH8&05E%RYM{TKwcmBl!5iCLYJ>k^ia^ccSU8PA7cWsVnZeCM^4vPwLUi!>~fXuJibUB7bBkOVAEc+Q>NSOZPF)qc%jN?)gPe!>4(?&7Vv-Le9&*a zc)9%Mk&elF1Ydg{Y`kAM6D)Ntz@G`ao5GXl&$?`SWa_-hZEi46#@KE1BlGj;&MQj7 z&EyD;Ci_{@!oumi$sWJuKCF!^?oA__kL~YPPo7pVW&Zrg^f}Y!Ei5c*pBBGveo4`k zsRf!3q?|vuz3r?yvx*|q=FTaaUR)H*IwFr44sYD&FB&l%`J6Fp-u$A;vx@LIfIbSq zT-zP-NWt7WGn3pOmakp;LuRMpu>o(})@(j1X!7*p!YOm|B4qsGVr0Rb`LkxunVy&A z98W!KT++!&?rDLfA+wp?K#(Ub7dGi*wuTa~-Zu`X(m^!Oye!;A1(`SNZ$0QA&HgE3y`FuuX$XTZ*9Wiux>d@4~{8n|taVGiaP$D_*`H{(|&6zPb zGVa_{CZBlHxnswS%RXiDnA5UPIp@SN=N^~3$B8GMcH9wr@c9coj^k(ePKBR(+C0hT zK~FnA>%xh;z_bsXB&;@2M>-GYU;nrbAN?5Qmg4DiG1%}GKiY84iD{DuLP@_Kc)*0~ zsqYEC8yTSf5j<=X^!#|-!O&69FTHW1J$Wz8X}3xA`9<^mJU`I9=>=1US|>3y-cqfDb$iv& zU$$W{`(I4BxBM5Au%G@Hv#?JMb^Gzqsp$T_2RprA%>S+p;+fy|`gqQFy}oU>cWo2P zv#ZBh^XASTN<+(d-t?&pW=@_lZ_4cHZ8WpEw-5Der%atXZ~7%|R^z#=Hp^4yO_?)u zdZ-QWwhL9ktT{-=uSOGy48_xGv!|n@9_pVG8|ssFIYot{VOT0yD4aL95UuQgI3>Z3 zJ3)9fFAdzLVPct6KZxzKZh6Zc*l9q+AoSJ#z8#3sxc zkJ~xKOWr9SJLAy#!z>n$?-0-@Oj{AJ7z>Qo3lidG?i8;Ql@vO7`i2-M>=ZAr3hxhM zJ>zjZhj{rr#j8bSgpM9&v3PvnHN>VqcLko?#hmf*)J!a1g~j6mgHtOKOLFA@gc#TE z6fX%cDsi75SJG65{clQ~Zxjt%!F` z|JY(|-Ge*DYh8)$fs8R8%|pDWcZzq}aR0n}h#1m(V<)>?@dDSeNIOiyZXH0&QGfD zyc)#IIMe6vAc@x*4M5}7qeDEG1+Xcs`+28$TMmjwwjSl<9Sqx$zn&J4eJ!VbuEohp z=p3-jcoe?p#d)wh5*_CtEQcxB@m(bLhhdrkyY#StIqf*{U8TTW{vGTF6Ko3Wj)0wR zw+(o~F0|*vVH?VE@=o!dLOj-Km;&-WV~y8y66ysjx!qDAA>Q6#sfNgX6?m5%zF`XS zI2U!K@;2>guNLZn-a2?_3q7FQ)i z_KYvM_3V-3Q$m{~C;izY#;1ffM=q{sj})I0T#us5>=EKqf~x^t9uQvuB}Am*y5)g8 zt!K-RPYLd4gf1T%UjX4U$xh2!<6O@pe|$=4(^9#fTPZ#zv}uuCe^`7aC?UcY7@rc* zg4k|2B|-K^{REFeSnh=*;t80CiS6PXTi~&<7q$m>=h(#cd~YyJT)r_ZV9ws3ii&|^#9xVJa-6b;cys>$*c$c|28K3;oke;4b*SGD^M|pH%+JFA#rS#5KQ-PfiuY>aLtm&IcS{0bYJ||27Y+V^HcIA& z0v=;%&-x>GvwGuuXwkwe~? zr{1Wf9mxMv5Zb`pafr|NZK-EI$ss>H{!`CDlHKC0Sru>achY@6f||9jK3osxq+FMRagA4*Jo$24#k=EwAITO0RdJ)ryL zJA6DA(+1%jhk6*rII!V6dDECKY*-KEknW|XXFZTZKCd)A>wz5X`E^jnx1S#5_58aJ4$Vl$`I1?ml&BrDoiEbkL|^8E(?Cez z!N#aER}a+FES-A98HG6|#LOUL|KgMh*~j=a;j@joDwm8nd6-i|oP07n4@?D+eT**_ zUTDlXrN-Qp6=cL*ia903Tu$c3!c+;_$9RSC{l<*>xH0RXj*OUVF{gx>^<-=>P7RQK zj9(Le+n6yaQ9C7a+t*Hac+8F(vzrL~D>64eCT^D~4KXoK!G>)$@JQj~gwGJ>@jlp} zC!8xhQ@Bw0a^Wk5c}@^wJ}Uf-@H*jlg+CMK`DloZzOb3VkiBH6Y(-(wE@&U$dz zcRr=wVzvl>M>gM|Mc<=y-2MRJL1eS%HyuOF(}nph#-Ps^o=rC2QZgGdrZTd%&nn?H zV#9ZwgUx#3X0hS%GT7`8=5Z>d#bZOT!6%`VAdPY2QH-E^33nSgmRUNeHq#E z&v%?dS}R2Vxaj!}mtg-g*|rPcGY-D*h|OnWvsG;PzH*53v)JH)gjk$C$(FbNWJ`636B$-3q?PR zY;k6bO^MiCEquM$+#>qB$rk5cv3X2vo)&&yY}SeX9kRuFUu?b*n|}zmip_sSpNQjU zh|?X+{f_77{iwHkK3r^uip^1ClOcSD*pD@Pp66dEHnYX%VzIeQY_1Z%UhG#2KO_9M z@VjK&@4grAfn$3pZ!fah3==+CY)%#Zc(T<=zUWKEzD)G@2|pz^-;k|O`<9ID!RZHZ zI7jNfM?9^)$!6bA^hu&WT=Yi^j~1RFJVSVaaGCIJWJ~u!vgPv+WUIHAg+CITPeuQo zFrI0O#o3c=aSj$fPHavT{dvL{i_HSjmyvB7T_^gRMZbbiK3rHwmMlP`dh^Q zcG0g9UN1I{qW_0*0?vg)-UbREDV!xdg>3C=CK>xDr;EVhe7=-=%k%Gqmy^x+ZqeT- z`ag(%t?-|P8^!)_qTepOJJJt%*iZOi;WXish0hV5K(;*35H1v(g=DLT%gNRTmI>c4 zHV=yaS>dro7X5X?_lV8?qJLKSU9tH< z^xK4YLw$t$!F#T*o$y-6fz(^w4i%f>WC*8IMSq6qb48yg`h}vuT=W%W)FY?c#O6-1 zc}Q#?6@8uPUn1MKepPJV7n_Zu-z@qTviY`(O=tY340*#BBVuLmCHe!%<~vYqju4xX zqCY|Or<2Y1EU~#zY-S1!d9~tH6^bi^6Pn;eBhifH;uM&QcY-v49w(`C}w)%We_$#sbyXbevb=hElAlc#^B>GXp*_;}=B+(xx`ZTiTKV57_ zi_Mv$A20eTWb>UaHVee&GSOcp`kTn+d$ZWwD>k)avs!HG#pX5PH^t_C(SJs^w7w9V z@5Sb4;m)|&8tQOQvejW9vc>5yHYs9rr0_9fbF%2qB3qnu#Ad44TqIm5HVZ{xMz%QR zVD?wMXHh9OzZaW_#b%AzJS*HF_8$m;C)^FU) z{F3mi!i~Zkguf8}N_d;_cfvmjcjCPaD_1vRUds;p{e=4p^PAGaW|(lg@F?Lkh0hkA zD9rDEhnUlaX9@HB*ukbqc#-fDVLl`u?A`N(R^D4g&*%MuO^tA^@E?VF-#pm!d*Fdz z6n;(EJ+Ei!ZV)~1p$Fejgg+PNz4c)8y)eH=9rRJ&OS1SJyC!gV;eCWTrcJQnH^l=F z524I}_oajWOW`Ow)1co?c%bmX z!Y2ryEId>ABH?+$mk2KvUM~Ek@YBLC2)``+iSXybyUD#Oyhs@<d13O5OF6y7ZSH{tEV zJB0Vgb(c_w?mn8;o4bz&J5Ich7Ot5eDSWiByQgOMnWE1Y&Jmt0JWaSrxLA0Ju)Ei0 zX}NoC#y5#gweTw8hlL*%t`lA>{F3mi!i~Zkg#Rl1iExW>tMI>te-=)}Z-P+g-G%!J zA1Hi?@ZrKEgpU$FUic*8bA=}eUno3Pc$V;N;UeK;;cJC&5WZRXHsKY*_XyVr*9t!) z{Jiih!mkUzBmBPb$HJcpZxjAbc!zLA?k&3eq1Hb475xC=LBb=1j}p!h&J-Ree4g-B zVR!%3@^Go>7YScaM*HJ*lkly=cL-MtuM&Pj_)o(1!VSXj3V$HnEWAnhJK-ON`C358 ze`n!t!g~o16n6J>t?VhHPZd5|*xmCr`%KY~7Cu{eobV*!Tw!;Q*kZbS#K!I(v2nTB zFB861_yOUEg#Re~l<+#?^}_E6zc1V@yh+&IFSdNT`^Cn5s5G`+gx$Skv)NnpeT4@I z|5|vMaE5TE@EO8mg>!@_2~QKADO@OAB<$`@TmF}bzFfFM*xkQ2dw2iZxJGPhh5so0 zlyJRpgYch)-x6*T-YERJ@R!0Z!mYyp7XDedC+|U9S$Yfi6FyLQuyBg-2;rlIGlVmR z&k!CfoFhC*c$%=@$1fIriSSjz*9tEccK7$K?01QNrEraKt?(a(pAudtyk2;NaFg(- z!kdM^5#A>JFX5krd*C`^*p9t~j}bmz_!QyOgeMALC_Gd6BHiBVfT!OmFv%<|BLW@!e0u1E$p86usGXA@1FNC{hoY=!ML|@ zA7S_GhuIt~diU&y>5mcpiNdD{yXQd6{v6StFFaY;JriQ~g`&Sg_-f$_;ibZN2)k!R zEaocF*9iYf_*vmsgxzx^7UylzzbpKO@K?gygufI1Nw^d4|Ag&=Z^gxUPhs~AiREFC z=noSfB0N&~7~vCzPZ1t3JW;qvxLEjc;U|S(7Jg0mL*b8w{~`RXaA!UrV&zQ~9xR+9 zJVN*=;mN|&gnuhMM|g>_d)CGBaI5I=5Uv(pCH#c&pM?J`{Fd;0!XFBME&LDRD4##E zyzM63UAU+4K;eUh(}dH7M+=V;9w&UBaK3PX@FL+Q!q*62FMOBqO5q2D^?9CWME|_- zE5fe}|5f-C;V*>068^XF&%#~g`I$Y0`w1T?e2DPj!o2(!#rZuablb7}ut+NQ&JiAA zh+Q+pE#KICLrK)zb%tc>jR#Y2=Rzse8>dolZ6=L+V_+;kZV|+oZsA%bvl!Ur)2>@G zpFzKKK7&3ClC-k3#g;Rt%rh2eR6HXWI=sAQ;u^BBqMp&Oim?ZjK;XL7d z;f|h9C=#1u;S%9e;WFWJ;R@lU!pns#g{y?Cg;xo$7G5Jgo}ksgiD3XgqI307p@ep z60R0rC0rw1E4*5Gjc}dtTH$)(2H|zW>xCPIHwZTgZxn78-Xy$5c&l)WaI5fk;T^(> zo#WfOyKqn8-okx^`wJ%tCkqc2P7zKOP7_WS9wnS1oGCn7c#LqCaJF!+aGtRHK7bvA z3PfKhTqIm9Tq0a5TqayDTp`SNjKjWGC0s4MO1MV2R(Q4W8sR$OwZiqn4Z@AW8-$yL zHwrfkZxY@jyj8eGxK)@RVhQ!oS(wj)2Yq+pp2F?Et6kaWZ}WWDZ;73X~G%8nZo=oUC7TE;Vj{7;T+*f!nwlkdm32glrQ>@p7$#f zn^NI2;d0>$;ibaMg)4=tglmLrg;xu&5v~(nD_k$!AiPd^y>JuRu0d@SZWi7oyhV7c zaEoxO@OI%H!u-TyNVl_aqHuTNp2GZ&TJY^7++WyzKLpF1l0`pQI7K*B*nMLJ%beUd zMvO;^O@^?09@1>ww?~Y##U@91l5nnYo^ZZ!fpDR4k#MnaiEycKnQ*yqh4510<-(Q1 zRl?Q6tAuNWYlZ8C*9zAQHwdp2UN77zyg|50c%yK$@Fw9c!drz~gjca7WLYjux9S!db%E!umYwB+=&z=LzQv z7YG*$7YXb0t0kf@7p@RqD!g2{Qn*UET3DZPtr2~#@M_^T!ga!Hh3kbIgx3kL7j6{Z zAlxLpQMg%nlW>c0tMGQ=9m4#CZD^C7g*$qNwx`(e+lRrok8pqCB;jP?!NMuRslsW( z>B6IgGlVmRvxKvSbA%@e=L+Wu=L;7I7YcXuyl#oulnR##mkU=2FBM)cTq#^7TqCT{ z^sW~D8sR$OwZiqn4Z`b$*9$iaZxC)4-Xy$5c&l)WaI5fk;T^&eKEG=HYG>g@VfSq% zv*{!H{=!MZ$-;w$Q-o86(}dH7M+s*LX9{NtXA9>DPZG{2W54B8AY3S1BwQ?9B3vq5 zCR{FDA-q(0xp1X$m2kE2D&ZR8TH)2gYlQ2B*9zAQHwdp2UN77zyg|50c%yK$@Fw9c z!drz~gjF;XcCsg_DGng$E0F^gMQ&*rW@O63!6r=sE2%Vv{AD zEu16V(evARVv{diAY3S1BwQ?9B3vq5CalkaSBSn+xJtNMc$ILCaINra;Wff_!fS== zg&Ty|39lD!6y6}*B)n0$S$LE17U8YJEyAtB+l6-scl3<9`_`HDSKYhE`>vkCy@mS- z_ZLnQP8J?4oFbemoF?4Sv+kqCW{hx_aJFzq&%o!3O`dSRaDi~4aFKAaaEWlKaG7wq zaE0(v;pM`W!d1f6!mEU9glmOY3$GEb6J9G^FWex!PI$d=lki62X5mf3TZFd?w+Oci zZx`Mn%powsakjH?qHuTNj-KJ~BR2holZ2CnJ9@T1Rcz9P(}hO~cl6BvXt5b1oF$ws zoFlC70_2K5PdHz=K)6^~-w`MkeVK5%aD{M3?+#RoO_gx9@G9XN;acI9V603KT0@5I8%7E@EGAN;cVd?;Yq@|!g<2^!Ue+aTaK3JBGDHMcl2IH znb<59UM^fITqRsByh^x6xK?EWAm0i||(A z7U5Rm?ZP{RIWlOh-xf|3?k?O@xVNyrSCTCH!NMuRslsW(>B6IgGlVmRM+=V;&JphD z{ggbh$rmmVE)*^jE*35kE*Gv4UMjp?xKg-ExLSCXaE)-S@M_^T!u7%p!s~?B3pWaH z5N;CQDBLW(NqCF!R^jc!JB0b*Z>${(Ckl5L?kU_`xQ}pu;UwW?;laWw!l}Y(!WqJu z!lQ-92xkdr3+D(=63!KN-(0mmGhg%t!iB;`!o|WR!llAx!sWsh!j-~R!qvj7glmLr zg;xu&5v~(nD_k$!AiPd^y>O%O2H_^*jlx@mw+goiw+e3;-XY9^$YSkQI8nH}uzSzQ zwrPLSCkZDD4;D@lP8CiQ&JfNN9xXgZI7>KNI7fJraISEkuzO!A9N$G>EL-aFTGcaH?>caJuj);SAwS;nBilgtLURg>!@_3FiwJ z2p0;w_p_`{-1}L^C1O)5Tqe9!c)4(;aFuYi@G9Ze!fS-w9P2<=v~E!W{1|yi?OhxW90caI$bm@3N(eO`34J@F?L7 z;Y{Jt!efN9gtLWngeM8-3g-#u3l|6%3zrC&3YQ6&3s(p)6<#h}DO@F7Exby&Mz~gZ zweT9@I^ng#^}-Fp>x9<}HwkYPZWi7oyhV7caEoxO@OI%H!W;xHw8_rGiNYPdC&=*+ zgKr<<{=!MZ$-;w$Q-o86J9^)6l-OhlX9{NtXA9>DPZG`*&J*tFUByDNDH1LgE)gyj zE)y;nt`J@-yj-|axJtNMc$ILCaINra;Wff_!fS=s39lD!6y6}*B)n0$S$LE17U8YJ zEyAtB+l6-sN929U&ccbp-GzG!_ZIFW++R3JI9YhGaEfrMaGG$s@F?L7;Y{Jt!efMU zgeM8-3g-#u3l|6%3cK&g<6bzYV$qifmkO5&mkU=2FBNv*rMLK%qOTIJ7G5P>BU~%I zT6m3co$y-Wdf^7)M&S*@O~M<6n}s(CZxP-q+#=j6yj^&QFo#GEeQampMB(njJ%u@L zYVhqN++R3JI9YhGaEfrMaGG$su>0n}ZQl&hX9|xN9wVG3tm6gbiat*`U${WHP`F6A zShz&ERJcsIT)0Absqk{)O5rNuYT;GFHNv&RtA*DH*9or`t`}|)UMIX>xKVh6aFg&x z;b!4Y!dry53U3$QAspeD1=cn?3-=V}IJ&{6k8pqCc4IeK%)w%lBAhCmCY&xjN;pF} zQ+TxS7~w48Y~dW?Ny53pdBSdt2`fv1=nI95go}ksgv*87jZb0mmy1oMaFuYi@G9XN z;acI3u{_*ZC)Q>XMc-Yxr*LoKcH^N~oFuVH79K3@#!NB$RMDpi zX9#Bsj}{&yoF$wsoFhC*I9E7NIA6Fx*p0(tc`g!tv2clSsc@Naxp0N>QsL#o)xxWU zYlLfsR|~HZt`lA>Trb=pyiRz%aHH@B;U?jY!p*{)gji-k*s zONGmX%Y`e1D}}3stA$qy*9g}NuNGb-TqnF%xL&wHxKVh6aFg&x;b!4Y!Y#tB!rO&+ z2uEbRp3cIF!rg`Y2=^CG5>6H#ESw^oDx4;qE<8#&LpW17OE_CNM|hHOu5g}kzHotX zp>UCKv2clSxp0N>QsL#omBLlR)xxWUR|~HZt`lA>Trb=pyiRz%aHH@B;b!4Y!dry5 z3bzQi3U3$QA)MGhe!kjW*o_-y$FJU^?<3q_c(8DaaH?>caJuj);SAwS;Vj{7;T+*f z!nwkE!ui4l!iB;`!lh)qpUkODxSWjlMLAUnFD2W%9?OL*$#x&DO1PSA^}I^hjkRRy zUMt`8c@nWheEmlE7`YZS0rtJj_X1;PX__%!1Bh@uCfeYU)5u(7JjN7RV2q#Q5st@1 z8=MYCI35!jO((L9Y-Q)TOJo*dg)w8^XN*TuA`cqlHdy3QV`Mk-gfR}=5stycIKKw- zJ4@svz^@x01?IPvs6P(;o^b}4-&3OgWbkLkzX9_bO4OeQ{=4xQFu$8b{aEn7jL!i_ z@ckL;#{s(-=YYE#pAYV3d?C1x@f0w}V4`mxIN5k6_;BOjf>VuWgGU+{f=3x&0zS!j zA$YWL3HU7ICE#r1tHB(TnCX^-bB%8T&oEvAo@@LlxY+m!@M7aS@U_Mb;2Vt_!M7N5 zJh3~Bdx2LP_XgJ(bDXiqj1LAsWjq+n?-4Pdhl5`;J{tU%@hC9AHAI`^!Jis)KlsWx z3;eC|IbeP-i1y>ao$##{at=7rxDedKcs{td@j@`iilRN+b&_#8_z>fpz$wOT@57Ck zgVT-g1aoXD#$nsfG-lgB-S`1;mNCCKHs1Jg@FZjI2ONKjarhmwd}HntbBwu96dAt? zzRZ~WN2xK#DC2lljKh7U!uTEV&BoksDvi0{+-=OU%lO?M`f?xQSXboDV1BEI%>C&} zV_z7b4d(ZDsGk7- z&Y11}C*uO}?)bI|ZP>>5G+qGS&zSAKzwsh4$JL^J8Ti-6Y~x25-v&O)nC<;I<0|lP zjM?_b8s7^ZXZ$eueB;&NDaL;UbF40=`y_a_aUFQR@k`)^#xH}H81q|PR~x?vzQK4i zc$qQxiQA2PqHb0g?+3omcrf@uh6ZQ#+ycYx0_t^)JBG0e}s;0ugvz%z^=1{WAV0-k657`WK@ zDez+BXTfF0uYj*Nehtj;z%Z@#;Mnw)~b0?RNur!kpXEI&cGr^Y|XMwLV zJ{MeJJRW?r@p<4%{$s17s!9z4u=2lz86A4GCmf3kMZ%~hm21I zKVqB-et`_(^r|t>rQa~-x%4~6JeU5!nCH@;81r13W5zKKZbd}CHs*QtHe;T*|I7Gr za0I_aXrBt~Vmt!e-FPIpm+{fyKE|WK1B_1sCmWvv=6G|AIU1a5d=_}5@!8-}#uLCN z8BYX{HogFSmT@jP+jtsyqVWuHuJJ7J4C4ZDf$?1MJmY!bV&eti#m2?pGULTyjzh=% zmw}fWUk|>`_(pJ*@lx=;#FfhMIL46ANO=FIw%x_RoKOFp_@sVJDkAnJi@E6AXy~A%%P@f6@ zr}61ves_X;{to)dn7@NM<3~L8=Ysbz9uMwmd>(i|<4NHD#*@JutB$@?!Gn!CR`XEf zd~llaMc`wMF9v5AUk?6_aVdC=@m1h+jIRNoZ+sniig5+_x5mE%&o{mqTw;7H_)6nS zaJlha;AO^lgKsxp1zutNd+>e64}l*v{sZ_?V_t{gICrdv$H31RbByR0jQP9lRb!49 z{f6ub|Bib8=Gxb|1w6p`pWtNU9pJ-_e+H)-cf#+5k;c1$M;RxAPcrTX9&OwMe3tRv z;B4dG;EBc@k2=@5FL;J=61c$lAn-inL%_wx9H)A*aSFK1co_J4 z2h>jne{4Jz%zcG*dgN%9H zA8gEH{Sn4P!ABXVfsZpj3VgEhG2qjTj{|djJ?19^JkI!J@cG8S0Z%bL4b1WNXg?M_ z+nCqT<{R@`*+OGpE93Zjw4VaL+Bgq3Hsc4t zKNvp<{*Q4jIAKp;u1CRLjUNZ^W&8|yU*qS%9D|Sb@B(I@X>xV_-x}X;0eZGgD)`N2Id%iv~LB^GX4QP*Z5!H1;+mY zFEWmx|GC0A0nG9E7^e&PM&qvFTa3Gd?=a@IM~=rw`(EJtjrRpVY}^O@m~lTa$K#{@ z0PwTM1HmsDCxc%zJ{0_xF|SX)Ydi$}SK|?2j?>4OBf(!9^BN|{>7$<4FuyfE0sN!! zDd3-tM}v3k;qA`=cQZZD0#l|;+FEw5YzT9{v_$uRj z!5kluzW0NFXIulm)%X$cUB+v`_Zah7{Cne9z<)4)4g5#r_254lzYBien8)ImjsFVf z7=p|LkIQcxe+hoy_#5y?#y^5TH|8;v;|bE2$IyQm^SJq)F^`-7Hs3HVCmh2V1I5-`UZWLmtRaHlcvC-9wX>aPbsXuK5ss4=g*)*0Uh z<~W12=XF=UTTQ+T{JQbo;CGDg0rS0S+B^W>Z2TbjYvWpQtMQ}Ye;GdxPUz`ifF|XO4WxNHPZTvNu z;|wy+-@$xmnY;}=!BG>JJ5T{6X>%@Jq%gf?qQp1AfbREcjjHbHIN!&H;aF zd_I_C5i;h5;BSnlfWI})1OI3|6a2IBZ^66m?R{s1yBW_1?`?bucz@%C-~)`W1RrF4 zHTW>&a_}(Y8^A{zF9RQId?%RW6*A8&z^58lgU>X+4}7li1K{(FYr!0^kiL(CryD;G zzR36q@WsY;;LD7k0bgbO9QZop7r-|gzYf03_zmzX<3{j9#vg$BZZGq&5&Wd_C*bFe zKLfvPyczta@fPs=#$SU!GX6XGbK`B`zZw4k{-^Q3!2dS>4>*bwTjn9s8TWLI6Tlp= zkoqp*eT=(;e`VYqe4z1O;De2Ofq!khFF4J(5BNCae&Cah2Y^pA9ta+5oD3dkd?@&Q zU_elt1 z+kgA^egDqqo;%<3%rnoKGiRHbGc)I6;XPoEOXYT-2VW`t0(hw^L@f>8-GWbZQ~yZ zvu*q@!fYG=QkZSy-wCsAoZpn>w%7)qBFr}Mbm5c0Erf@I+X;^VcN884?jk%E+(URg z_-Nrm@NvR3zypM5flm^y1`ijW10E%O9+=;tWI7js3xyYfOND<5K1X;Nc$V;T@EqaG zzzc*|fqyD|1$de8YVc*k*MP4O-T?lU@J8?k;Typ>3f~OARrpr$ox+>JTZQig^ZS+D zmwUjE32y~IE&Kp@kMP6b7le0!UlV=|{HE|u@VmlKgFh1fE%}8dzXy+KKO9qkHAL>e+teO{v3Ra@E72G;jh4hguex! zPG(~Z+(conmI$M|?v)9n$mq=!#_i0TEey{)U$`}RiEt0_#llB}Ii8W*$^&01d>oi# z7%4vRFvl%YJ_vl9@JV2fRiu14_&(tgV2)3ud=&U`;j!Rd!iC`HgeQSHK9Tz8 zfd42w1I#grl+OacCtMBYI7G_lfd49d9++bfDPI6iXddt)aI)});3mS$z*)k}!L5Za z14o2cfsYWr0^C)2HMpnnufTc2*MN@~-T)pXyb*k|@QvUR!Z(A*3f~HzAiNnoN%&6i zG~s)|GlaK-tA!r`pC`Nnyh!*l@P)!pgO>~c7Q9OMdGKoC7r@sDzYOMBKj!Ca;G2c_ zf;qmA@;AZv2)_;Hm_Ewi1@91kAIx!llz#;Nt?;K{j@_gDbMVW;Uw}DYkMgg;Zwr45 z<`_N7ebjkB6%KbHN-dM?3StcL>i1b9@}- zi@^^GF9mZ<9OXX;KP7xAnB(9mXTP;S2ww%}*f+}8gWnLo4!mFZ3Gj!)Pk}l1jrz}k z|1SJHFgu4*{s(Z9@Jryv!molegkJ}@6y`gQ!-V->qm%F_;3I`U14o7b2JR#LcW^)9 zZ@>eEJ=A{-ghSv{gp%=Zho3G@BJy~2FI@Srf?FFY=M7Wi3Vw&(m_nC&^Q2(vwhe1`CK;1XfB=adPvJ*QHb?K$TQvpr|AFxzvM3EvIAOqgvutA*LN zvq6|`J2wimZHHr^m=A2**(&@5m}8wNXFJd1!ffZ^_$JEP&hwn`@4y_>L^<1h{wVws znB$lze--?m@atfXX`=iM@Lz@5M#OPUl(UT}0fh@P+lZ2d*+$evm~BK^!fXp_BkZA0 zoh=*!=Ljc(y9+l2A0yltoG;9_qZ5VMb~H?wZAYVo*>*Hum~BTz!fZR5BFwfUjxA#P zj|9&aW_!^E!cp)=!o9#Ng!_PhDcl!)jqnNJ>xJ2Okz;~rpM4ka6lUMWt-?dW4-20L zeoUDC7W|OmJeGAf1)q z6ye$6EaAD}cEaa_j}Tq}?jgJg+(-DQ;QqqPz&{aQ4jv+W8TeG;Rp4>LSAdI!SA(Yt z{|Y=^_-1gG@U7r^!kfX1gzp4jBzzC}QsJ%OD}>oc_*cRYgEt880B;h04E!76o#1dsfR7PA3d}JtOlNoS5Mj0>ohr<> zpfSR13p!JnZ9&DtL%~ypPXSLCJ`G$Y%yyx9!fY2>D9m=Dp9xO{|6I5Tyi&LX{7d07 z@YTW#z}E@0-R2fyw%gn-%yygmh1qWNs4&}Yo)Tue&2C|~+x$V8?K7_mvwh|bVYbig z7v}dlKNMzL&1b@Qfd4LhH`r?zN`*HUY{sp+N@EY(5!tB#MSa=-`Df|xjSz-1o|Gn@B;8%p% z$9$jgU%>AOv%mQV!t8JU7vb-~UkbDD`FFyJ;KcU9Il#W>DZ=UCbYb>GZz0?Q+)kK% z(mM*b19uUQfO`mc1RpKTzUs#bcL5I&X2125g?oTc5$*}5^U+R9ho&yiN81@4UTwLy zGct-5n^L)Qt5#*LCCZa*^ejIIES@@T_FWJzPW;kkyF z7+zs`t>I0E?=rm2@GiqI8h*?0$A-Tqqn{OBGU|cKS%xEqyONo~aCwFY86IJHg5ha~ zs|_zQyxj0=GM?#l8x3zZ{D9$|hMzaQmyCXabj77rg(cO6lS@mw&+HM2L~@VrncJ&x z@8~f{gQL-?`R~)GH`e<0J*E%zB9Wp-3kMH7(f46YobR3G#n(_*>wo~1hkCp49PbFP zBW_?=*+v0dL7DT^@R;ofxQy)|-;UB93JkdCxMsv+T?0$Ygg_Eq`m0r|~l4#EX(W4`M6NYw} zvgH1qxi4mCY)?yNDl)e3o|ds`(n~Anf0Nf?^}vG4EeYdBuD>-}G(B2$arDUz@76q% z@a3$Wp3yI(E8dE3elR*>Vsypo=;qncHU9ehqmf@mqZ^~qW1@5YhPUUR8jUQC7R`u8 zj*5;rBf6%1-uxjGmJRFMudHjAw&NRb>&g>o8=jfvn;Oq;J8eQ<*KxxN=I8Xo<|-C& zi;G^1R$Luje_=HGd33~E(cLdclW&Ll5#ysUU2#D)@>(>qB^p^1jpjv*&W^s+cKrOU z2;_RNq%`UD=DDJqUxWgO8 zkxz@;zZPyBI`;Hw;c((4*^$Shi>`_0KsR!DbkT*;x&4>rcGi`2Og!SxeKmZut2A=%V|hOBdv&FIt1cu{w9e(r8Y0{+j5rJs)2hMVt|{ zYxZ6jU6Z?P^N^RI~(Esd_(zPLDTwZAmC!Wqhj zN>QJh6-%Sba+iLxdQWs|ba8R|()6NTQEq9^>J1<7;#sh&IAdwM)v5Vdf$D~ebAs5Z++L=y%1*1enF(F9a`hghvZ#zHT$SB?+3jW9 zmoAu;oq<#>nu7dTTD&^9%wI7LIl6j46mdR`R_uyKPl#4#w}^ZZU78)i&fOecfgHIx zI%L42Uq%bk=bpB7CH8qpab#|^;P$08kq@JbusW+?`%*tLCK~A!EyzyG&o7!%laIVz zS+H;Ep0eAgyXlWlM_{y9P2cTHH{^Y?=&~qQ_kLTme?!55y}NMTjyny4%}>`% zE8bGGe-_fTEcd28w0B_*{#V>ovw2Q*#N{s5jGBU#Tm1dE=W%=aqigmKjc!TbzdhO^ zy7#!~mfZatKK?4Y?YGe_d)~;-?AxwqcGmh|M;9%N7EO(g=nzf$u;(LthopYl?aBT( z4PQ2~Yz5^l z`Pg2BYuP=&;W>8;Y&wM|D}1)OBjO^TvGBt21U$>bPAlxc3*VoEKNbX5J7Msb;3u)a zdxD=Fg&-jzak}#wupAHyCzj2q_7cJk9-}Zhv6!044W8p#IB^r#!VTE84exjg{bY6~ z46|on!f6GNB!=hVKgm7Ls)(VD_-ioN^WB=4JOZo!c>ftnXMvUws?GsX)UeF+&l~`N zq2J-Z5ly6=g+IRpe;%{dU&{`jjS;zok?B$qt(4KSv7pBtB-r9KM$YG&*Oc#mzIIYM46f7+GtDhPt$B819W+PxnVA%m*i51|5H%&z4!{%si&7AyaieQ`K-5QY3`b z2q7gxNQDqmAcU<8Vaowk!rpvmuM+lzU{474gkVny_Jm+h2=*L#OpG8pQwxv=Ljmk4(R>VmJs_HMXu(_p+w`vkv|wV{Xr0FdU*;oz z)>S~hfA=yO_(udLGjK&~1h!;g5byy4c&qVOvSX47_*Mf}4T}Z1?eGRRf-x>Hh#edoghXlrm7197BR+^fl!Xwg%G=AcGEl1cgO5*#CON+ zc|bE&aL3GZh5gni!_JFXzCsjUJqz&4VkFjiTWE@WP#IH5J?5>*()fOxda~}dxfO!Y z!%1zIz(?}Z{llANri7ZbX)>lox}SzSY(gh5CFOXCpeKmz#Z5ib?3 zgrx3%Ann|0NMU`91jmd8}>G#jgIhWBqgqt?q?+BxBTV6RidvOMqD?G)iJe>ZYlRoViEgJ| z?(+fadn4(&=co4Fstn zf!<44!nL-P3kj<}zIP@)c9m#=jt=v^q|WOu!pcS$b_P9GSrZu&iKUaV$2g6#^tdA~ zb{MgFCGdpvz0>JEgaxs~bz&DdjZyTbVoC7kCo>}NguXY5-curm=Nz{=4h!~@*1vqd4nTRDhgb(G_DqjxQCT1YQF zH8nbR_*pFCMzCRe+}V(~@_~hfA}o;8I}eeaoUjB7D&+KN(8;0WTsr;(d#9_tMojzB zomLJ?>aZ?u_VglXGP(_RCh$iqKXeaNmlvAGp9SEnDCA1Ml?5qhBAlbzTr4&!Ppvv? z6rJO&EdT|MvN3@yY-Q}so!~7;g?GH?=tsei0M0r_RsZ-kna5I}f8-^%>2F z>SCuliXJlpsx1$u`mj?SNssvh)wcDieh#Z&VoCAN^;RxlnACZ$*LfWU?GQ0lg)6_l z0Ji{&cnn(A&dfPp=X1TzfeM2wv9vxw1t}FBhV!jGjwrpRNZsMJ)oW!y=Xgx2@@VE9 zN*x9|zD~z0 zUL8->!>~lK#I8v&ua6PX8--;u7QU$F(No9rB=gL5Xb3jwg2K>YhkjUjGWib_cNyWd9Qw2v7wZ_Vl9#!+Emy}gZ zE3Nc;Oq)5qv`1-iWqE0j0hN?_3YE9Waf0m9@R5vmRI$d zTU|P%s<>PE+}voNZl&c@4iuElC@G&kxzxkfYBjT#Fb!4JlTj<~K8=T>Y{rbzN}$_0 zmiBQqzUld)P{USGO$aA|&>Y}sLBj;0#277X*jQwKOfOCg>yi1f81;oNXxLQj&Bv$+ zKh%&G8a8A`dXl_$eyBO6A(x6!Dbo^a=Kd4Rf5`DX_aA8bj?Z^-8@T@x_usN%GAuN3 zp>A(ORbro82_$ZxLN3LjBx5JZX)bX8^WA@m3vKWIgIEbp9&qq~o|7zeIzgI)v>og} z&`Cx<_@VQ}GWR;{*d3QppcCx%d?OFG7&d7*Fg9U=iziG?0F5F z$4*X_@nrHt_bqf@5c^0M`M~q#0+Z80GR|`e3v&GeVJ0m=09MvEV3!L0{^5EG0HKe&UcHSTqwujd}E=~0NY)erJt zk3x`g{@Yafay19`ndSrc>pZ6uq`A-?>ugCO^{2SdHnq;uU@O5EX*qaSv~~CU;MfJ% z_+)n-wR6_2Ji%?H*x8J@SVfKxbN`ypv^+_4c!LV|wAk5fEzcGnyF#ba+HEB`7D+D6 z!Pyc>g1oJrGfaOI7k8$!8Jz8^AM73fQ(Wi_a}@;E4)!11iymC)?wY}^@ELa_#cdOJ z!{5X3wZ9n>wR(a)hnvw#>rP%p??Fs;bJpm{JK!Fkbo08B=S=E1o>L zuyW??8IucXxNOF`g;mqarc^^Vr%JX%^R)^{J}uJ0rPcE) zN=>=KcSI(=bb{RIkY;Ix6%<|dOXHe z@+xOmSLXJ?NU@*% zu>4DT5f-MIJQqs}0?6#1s`{+@aPyRFZN+W3I|}wV$X@rV>dL^MrX*)h_d2J2_sY`p z;_ez)&(YWO`;dxynsnz0>viWj=yjh|RpkXSDXo9wF659~KA2W)vu;Nwmrj~JwQx#h z@$^#JZXhY+Y1BR7;z^S#OV6zpTt2g;)_QSe@r7}@ox(5{`>@PR#Qii=pF2`3YDrZ*U@cl5?25LO`Xe)M(?SFd0Q=paEJh0UpX2Psq zuR8J(N1`ztvQAhMB#i6DSggGfSl0^+7~3vSW=#X-6JRe2pY|x{LVG{MV(k@S-8zQR z@r5B7=ecu5;;W~6Ds6tnjS!<2skdw0R7Jyc?1_E_1cJ$0iK zF%Cdi;B&ilUt>|``YlHxKM|4k*h7h7JZ>CoX6>=x;ZLxr)37E0YwxbE80!E%+G8WA z+T&O>jYAuqks0S1fnv`(dK-|KtOkq`IMwS0u-o-|qAxrS7`K~+MYlV!j=j6_{)FeL zIXwINB1j$GS`0&J?^JE4Z9M+w5t1TSg;S=4@8OW2d@W>L*45T_%T78hH<=| zwbv3)aO%-sHWr5QeCD~R_Y9!-iwOGNsu8R!(&zn9U2i;f+28PR2=ut6fq8GR_TK6e zyyVh&YEReIxAL&}$#*KJABx@W18JyM&NJMc7*4+-8jk~41~0*-N(Asi?v7*EdB=#m zkh|jTI&&%RLY#2IxRATD;)0OJD4e3ct@>O`ma-T`ko?7JwXSnBxw1?ZP{-n z34o`4hq>3jTs%DDD(88ua-Mrxa=2JVATu7%OETk8pG=?kb~5)lLzwqT7DVxS+8vo0 zWCp^KQzUKU!C5fKLg*qa%7ObB+wUVOS_{-rkCQ~sG?P{T z9Fa5qWYxcjawyM*&lhUsBJeMSnNGS)WCpjzeI|2%xoDqaZeH`2g@2CgpyU21=Lpjz z_m_5h!{?%Q^2l_;8p0fq~NX@{?1sl#J6PPha7LSb%m8W{@Z@VV%=D#*$BgR91p zDLl_`jWEv(EMbj(MenE{7WA;!%N^N{;;Q(-=EzBM|gN#ph~+{bW#!$S>^G|Y2J z?GzcFYMAGq>dZELp5dPxzTWUlhF>SkF?|!P$Mmn1Gc({qew43`+5Wq6@s_i|Ly=ANm-HyNGV$a0Q7OqR6GPKfjQWH~n$g7rMP z*yvnN7W-?Aoa2a9zS;1Dh94)3eU9y={f@{_j@8w;Zy0{Z=yM#d>T^yu)&I`ugm9ry zhsQhvtU4Sgs~jOq8af$$j*V5FJfqW(Ea&!6qr=yFDj#p;lMM6SrrNAF%=?eZ+0RP( zGQ%7ns`3qnIX+b7cN*q+PnENaoie`zqx^#5y@uZWm{((`3xifsgYje0HdPJ}>k>P-6IO!|q-x_X>9}73T9oxRk$3>O&Y+$O3s+AuqMtDK#imCrF;Y4}{j7Z^ro!&qF_$<&T}UdXY#+Q>H;c6BMy zxy8u08h+65qlR}He#P+XhTk^)o?*^6qUrp~a02i1lAa{P?B}a;c4$%VWH`rg)NpUZ z#~D7sF#A#KHO~1%lsWIK@>zzb8a~JH0>d?imm22$9%_?)w3XKzzR~cn4c}q-9>eV3 zt#)=9=DZmyf5Grx!*3bp^H=phGW><%uMP8AtojWMvrD0n1ch6#Zu9X=%`+BL4doGL4Tq9@ycGbDmFnhME-1RGxxa{bza?Z)1?4HG< z^Q4ipqr2+7X83)>9~)++MD^XA31X8S;#J<#F#E@=oZn+o=CfEi-!Oa6t9-QKGYuCS zW+!{quQGg|VfIm19rndnUS*hF^HqL>;ad&gZkRpzRez6RKD$-^s^KpT+h=!(&uGa* zj=@o8pLONVhB-Vy<^2qEw1CPvj$V13;R%N48lG?Xr-m;we4XJN4RcJoZtD)i9FL%K zjvrTk)9^cn|8AIb^r=3_Tq|cA9$i+T!a&>><2=(P$>O_5EV9X9q z!x%GI?XyU#?CeWi+E<$q!?dsR9K&4==NV?(g6iiR9%Oig;n9Z28J=Kxn&EQ86^5$~ zFEYHu@KVFe4X-BST%=ozMR`40@_eJ=P2^vYNO^bg zZ-rUcd0x0T_+?=ZqSz~ZESTj<#^w3`zVHd)PlX49zYrb_{#LjE97ef?ahd0hgolCC zgjs)TF3fhRw!&k;9fZe$S$hpGv!SjXLZGExuA~4IMw7D33sW7isw)s$g z5%?~HeLpI^4$O8T>TCe-7Us3i zx!owg5&Wv~&0w|{QGP3Uzwl--=W3(;PB7bx$gE#-Y$KWX1`ihs`2iriTazCGHx}Lo zW;+t)JHRZvl6lWKO!#py+mR^W2|iNzDR6h;UEl#^xksHO%xBJUVP22yCQcn*cWhH4 z^SUb(ZU>$s+#Xym+!0(Q90ku4?gd^bJP^E0nCCg$y=lJ)e6{d2@J8WTV74_;hv&~` z;fug5-%`$VfbCA?<=`E{mx4K;809=4*ak&j1?Jph9sgW$Hp+rS-!d8}D}rp}|_ z?!r9Qy@h#vj}_hxW?7p0&w)=Aejdz`os_=-9x41Xc%1O7;Io9^22U3L2+TGy#{C3b zA^aKmT;ach=L>%cUM&0-c&YHWV3xgUhoe(27iRm%Rl*Iy>xJ1C!g4tEQ^B0$i`*2< zdA-OP;4Q)}z;6C7$lHNAXBTxM;HQMyUb0)b6PWXKQKtu(Wp#2c_zmG+V79qYo(KL= z_*n2~!ujC83$yJUqt~4N5O9+4sbCD=baK91=QEQw+1Aoh_)PF&!e@cmjz^uz;3I|k zT#X8|4W^H91(hrleQ1}9Hfp87@6k$GN*~fzVE5Mvni_B+ik?`f0;YnB@ic-D7YYu>0;Ym~B+< zyT{-N*nRgH+zITydkpRjcHcb)9|@iz+hyBTwJ-;l z$zb;lWY}j};~J5(t!tw&%N_1}$k5@ac=tVIFv}qBd&uB3!0vm<;9~F&iOcfHPGPo( z{Z@E7nDsd3;Y{$$!j<5?!qwong;{2KUw9t)Q(=~0z7Xbns&9o^mSLTa_Bs5nkub|O zX~GwSn+sn8ZY#V3+(Gyk;2hyA!QF*dgL@1A3Vf{aI&i-52Jnf(EE5eAz7;%Dcr$pM z@ZI3Egtvkx3qJrpTX;LTLih>rxx%}^^MzSfS}gn=c&YI7;7f(s&Ud-+%iyboS)N)i z{73K&!f%6b5oX!y4&nE}TZH+p=ON+0fFBk99Q>5<-@vYI zo$kBJV7`ZR-&F>)?bCf%89Wp0zN-wL1$N(62D2>bzN-x8xYXakXPW1L?-srg{D3ga zlG}u@1k?E}xWYl~`56v_2`4fG=D+GRCW{X1kesi8t`iomzq4Gc+|O`<;n8HAA9O`n zl*>-8({e=sDyb zZH)~f-+ROJyd3msYAdtFeT;S1CcJG}SRHmQWBZD6;l7{bg`O*Jl~CN~weXJO)^8NI z{1mfV9UUF_NkLZM)VyYMKZ*8^_HCEfd0e-G{*d?WmUqm!;gt2yJE>qICByShA2*$n ziFs2C7Em%hZ%&unDOvE>4tX2UTMiRR;=016g0rhQ?T+H~cenT5Gi0C6hK3o?!i%r- zCS|8pW~Z;-zG=^veMt+wyiaD~MX{>`1_o9=5^0<@vN)}>IQ^#WTlc)XZ^*1?8h+D2 ztxVhgMt0iVJxlk|Tu$iP>%8?N)Ap`PTd``u`Z4K|_0=QBM?PMawth@x#pMHvu1#Ap zCbI43^ol@o<$y&UDB0T~J#u)YOQ_8t%)+*0%iL~ThPxTqHlN8k*DCI<*|cEmfH#WM zwoKpOpR=M3p?Lj~HF@oZ04s}D*X+d% zVA;Tmi)!W;?>}v8F1YBP8qB~|MvW1rHQ37j8eo2P&E7$r)hqgD&AX@VUs*B6P4RVn z&3;TchAr*)G3OX;@6V3*j4rw~xj&Mw}iUKQX5~e_(XT z^ql!Sc44+boGp2`A9Gm3i9i1?Y2J4^I08jG(iV+O+qT0UzP+5ZuwqBrUL3VY2dsF5 zQxtCdFnxU>d3?a;4wUHOLzRwiV(!ExxaU`KZA=dxS9k=^ps>=qf@D>!K&?^|{rvK+a- z=RGB;xK2}r6{LjwlCi1FlSgL z*Ag0_%9K?` zJyt-RZfl^k$LY3&U{474gkVny_Jm+h2=*L#jR!H4in#+kvi{nQVbqVWazbV$9h*)) ze-g81FqS6Rxk=o)i?B4sbX$|D$To_!jrilaLFZ5DfMQVkR^Xqpq;JL_E6iTnv-n$% zB?pT?V*=} zdKd#za*!yH|0mcWOx|MVPP!L(eB;`43cPLhHgZycM;Dy4I)T61ls)}B~XEnEC9Dq_-Z6n~{jH6AR?@SkrKF0&hkkZ`K0~5fF21OU8^!^wwj+Bq_t_ zUylV7V9{e#iq%AdH)|NgF_#UJNtaxw3vVJl_e?{JN_^6#$)|tfWcsZ6 zBb~P_BwUS!Qy+^Mpck|0b%8SJG=(XplZzD9xN{uS3K}R2)%yY&W$A`(wS1L5g^D$Mj+J zc+17KNiY*Qwsfv?!K3K0;RnIEl;gp?jpFFjJ1GcGw!v(7!~vo=BnW1y#W@-u8pzVD zY z?*h9y%|cjce6R$wH5U_P(PPd+HLX6?ISA)-5T_13J{FM3jSC6PeZ;GGZYjp&2?XWM zu{#5Wzjnq((&I5m#j72YQF>Tlw%*C5)*#C7oQ3i9cw`##5GA>}ne;$q)ILzP=53;d zz0SfodOS~|ZjTC9;?q1)o#hgoxAb^yu)+1%U^2A0%0mSU_E5PnJ*#NpZ&+}+=<(Es zx;-vfiEoexBmp`&HuQLGpl**1R^saGpw0(5jt@N^7Nl<@(#Hw<^eDlCJxVT2({}?b zM4W|D^mxs{!e&_DBz>wyu^i94V#kvg&?Q)WZvwp_e11_Z62t4 zPvIPSNto1b7$&vT$3Y68C=kw~P!qw(-+LG3r3@Xo*p0_MGMos1*qWD!g)KCEHnG)$ zcg#X8e2}PPnfER%O#HsUpbO$_MV0fG%%)a0SE_pyzy}X+zAUM#Q#o(M?Tnnqrv;YQ zSeW_hm~o@9jKMMi%UM`TvG6&z3X3|;%_w&4XzrYGd{n9%ik<$in`Mg)Q6)GL4mr!# z8zwB&e~uz~J> zhv#M%Nx~Or{7}A|l_!{2>*$6@Kr*yp8g`pAhV|jBCXNQX*-t`lj-~`>B$#Z(&RtS_ zUYPj&DS?ig4-9j`FsZHF3^k1$SG)hl?mw7`X@Q$pC74ww>{2@0g$8L1=CY}DIy%!A zZ6?TUEaW7Y+Sx8{Fn3ZgqgU9;bru!Qv=U@vuq~YhhVo#}pkR-JP@S)b_5%ySEI&G5 z4`T&;dcNDcU~aKsMwnps8Q-Nx4;=O9JBgifX^Pv^HnJ}~xRafvt&>c4`iGf44Q9P5 zaXNu~lGAA~I^0Sy(@n%liW*YV-W~H|$H6Q%n%ZFRs1xLNF#lArUk6HpTnh3>k1{RT z{M6iz=bM!TC*+gCWpl6Q4flIzAlqVPPXw~9Ru<&mf&VzkISthiH|153&|nALM0awi zf<*tY6Bn042u7JVzX>KC`}bX~K^E2CO=h5#JRM}l-9hTHhFoii^8dl-`#IQX+JAN) zAUlao?Ky$!o%$!Zp_-|J{+p-tsVA?Hem8$leDa~#Y(K%|N?iT#n#@P*4)o1)-3#Xg zkKXn0_`If1#|qDSEDY{|g@pz7UnH||unk7YEO^jSpL`R1%Jrd6IVR6J=p;Iank+}N z`upa<`JN+WrXg1od;J3rV_zYtWc95*A zy%AWqj=FRwV)29uI|Sou%;F0 ztwsX+5yYvD^RceXpg}lsi{R59)2;T{7th*bzdVkeRHtF=+iAq!M%a5F0@`aNVa(@i zuxK2hcM&#LWCV)0*U@_iHGyrKNha(Tu-)#8&N#l%<#yT7&M(tX}DL=9-FDu-hQyg0eTN3 z@Kn}<#A(=@Shx0G?TNk)$V1xW>u|OA8JKafIp><7A@deB0tu1JcjBwweYiMy4^yXl z$pCp}?t)&0UY;t!rygBvfHK#!S_S75nNGtv2Hx(+?&E^v#QlKj*nV`bW3Mgj&7~o6 zYLD*~ti4xZk9xGn3Z&)>^Bkve%v}z9Q8faoB7GdDm|NRE=udwbB%04@U{+AAz4s&T zB{rmiQ+v9uzLg(1SBtes`*zQ`ZcYpsJaBFoUcqq}a#x^T=M@omA$O(Nb=MalCJ4DR zHMWZFF$dx<RJ*E}8w3VApgjjL~NmnIUl)07@m7C zLw(x$wa97bHeuSi3h`-YF?cfN;PvpAkP(;3CZ|aHpAtFugRJsw916yL4YJF{CT;&x zcqim+9MLpm)yu?vmT6`>$lL@MU+%vyuV9mo&s-h%lx;Xim}hdXFwZKQ&^|ESXP-A| zI9`{^ENdy_@{G+fLi;*4pY~O!hv7bk`x_o=c%f!^NjqbM$Uejn&y>8&TC9{d?O!XcqCc!b1azq#W&lfMu+|OREK@_sPh7J78{-AMrVcS@ICiBqjQtdxm9%7 ziqA0}n&!ui&QqephIco9S@z{kqvPJxBRzci{a0g$Hy%xM7|b-Y%{-HGJy(rRHd)SR zH-1@k@{CSDqr>m8tDVt?IkrN#JIUzJGCJoOUS#wyH+(%=?rFTr)F#9+W^z@|d!lmP z`>M)28XXjGWBO6Uy$ugGJjCz_!=nvPFkEEV-2;*Tbmw5v^zeD7Jjd`whJS9@)gi>r zl}65IrP|qG_)f$38h+UDBZi+g{H);@4Zmvm&xSuT{5Qj28BV}?tm#ZL+{AE(VU|Tz z{|LjbtBmABu94>%?q~QE!y^rkH$2hsWW($zqiJB@A7zd?QNGad#fJGZOm(g{%x*L) z-(;BGg;f54;inC|=a=j|??I~niedK(Pjq;HQJv2X^PZw|wD-oC_Xw4<$B{B$*eD(}wxXQvE+0=6FMuyJwl? zCp)33oMQ=<+ZlGxFVR2J$T^l!_1T9_`4q!$o(+jxV&rEVo?*Dg@Xrjh`zJy;Iws3| z>Qs(XCZ@wWv&volQS|HDQJsU8sa*Y0;&wGQ4_2niH#&n17Z@I9_+VwNBBL|e@HE5a zhUXfdZ+Ma6C5BfRzTEI?!)pz1GJK2S&4%wXyv6VXhPN4h)bMV@&l`Txuq~VIH}dxl zZ#DcFnD-94U0BGt1$(~}X3)#R4dCw+X4T*wVYUf=AlwfAUxc&ae<|D%KHEoW|8V&1 z-%RcdP7&@3P8W`XTL`0B)^#GG{xRT=BJT_CB8(~jiW%&-m{lPiHCxE*P^LX|a=J8~^3ghy4<_ohIB+H+av&$pL z-;z%Uj}+!{9w%H3W?7UvQ^1pj*$?q-;hEqH;W^-Qh3A3i3(p5H7UuD1xs)~+fiD&Q zDVS}ElwSzGN_Z)Fz3|V$Hwa$>X4#ecJYVh*UIpGF%-)a>3110jIhOisz)uOU1@9JS zm%2X)-vEA9nDvr3gntd*FU<3fWm?+28~mB@z2LtKv+a#H66!n*P7;0`?B@D_+?|gi ze+u%J!n?tT3I874N%#fuk;1Qm*$IsH*~Y^1FnK??pYVI&fxE)q__K1~tkx$NcuL0q28l_F=IiDhZpWCynkgj<7`2uHvd3-i2Y8xi$8 zfv*&1y=tv+7x1;hUBR1#dw_2f&IPl)O*^~}?h`%+yiK?-m~BebVf}2E@bTd1gn6yJ zC_E6%u@%%G41P=aB=CE}L%<&kv&$yS>eOeO<=4XOLKzANa(3`*B+QO}X~OLA*FyLV z@L|Fez@3D7EgmIY0`4iyIwISqxZSDX|cALFz*c~3u{MFo%a}f=P5TPLyxW{7UfQc zSr$=wKf?uvSw2vmBE#i|IUc!UPGw&AnLQ$OxkvZR?bWw;^q8Z;(P-5C_vzCcYk4vp z`3H9>Jm)2Ix*Cjg9OS$PEP%zw zIYP#9j(nnHoZ~563n#wsyat~K9vf&e&XENJJ6tKP1;m{&cSr*mIEi+8Gu_qeKM_h9|j{==Vv zbEykH+a}+Gi>1=-huN7}0M+Ar#kGIqSKYp+BUb(27z@6{b%<|$#lGzoX#cQpc%mcJf9Dx$9J}B8|ds+62xg(SF8uuYY@Qs zXtn`y`8YYlc)#k8MdJXy8?YQf5T{`yu&&IYU08UJQ>S69|Jdzv9u{tg+XcEXuCq>~ zae&@iSlSW9Y1lbfC-c5Z=VPU(26A1NbH!J^UbrcAfJ~k0ErfvSP{%R@?_KKDG~avc zv0&IG&|9ub@KujKf?|&IF>S*d-yd;5nHOnTSjV;YIByWc)u}yQSKrDH?2lqYY2T)V z>voG=w?~HSNQ7|*etU?ij=KZvxtZUx{?yJ7vbA1ZLwChtK%zL)> zL5LWAUK<*>yWyh^|HSaghEFp*&agZGWV=(0e7a%gjy{KbIRt^}OxXyKm1x z`Ox!!tmTGqsDgV#4z8u*2r1#F^yhS!ziN zFUNm_kxlw8m4Pkk(l7iJ_h6SsQoB5qvQ4Qr?Ms5;}rEc2Y zJE4`^8pa+E$&8Ji#NmMII*v!rAq=u%6&Of&T*vNVUp8wZ6kUpmH+0kk9Oa zFYivCQ(RfvqqM3buVl?%x>j#bEAE_m6lKGQC>Ew$JCON0|VR# zaeI`_C@G&kxfGwDEs5Vl3QH!H;LBOvOL)7js-8T#bV~PW+)McuaN#6;((@dM+%z`uo4=&ra8m1`NER&;;O1bBn@Botd%$Jv%xGI#uLh~ z?&`;KYi%r^jymG0vN6VtmrUbjvseMHWabPOhzgxzJs(WArBmr$XVO+UwY0kMT=#8Y ze#Q8}9W>uY4g!Pi=vRdQ!^PHrV}X-b0-TOA;6=eRM=y?K2L2<3Qv1!?gJk%>)a5@` zlr`VJ{ntNJ`wxAYHh8S?KFLQF-NDMS*$AVayCT0wkI!`G^r7^+LZ|L_^++KocGSj* z9%Xba(?tm4G!DzL$_!eMdoSzZ&9U(D$1px;r()rD)v@d_)(8|QL2m863VVYPNP7(= zjP|OqXdIw-8&>Wmh|@4W;FKA}cBu$KoQBn4-EKF6s&gmExZOq)#_e8(MdJY7yoxN3 zs?)G5Ah7lZ!Cp(qXpeRnM*mhU8VBfIf%NgYt4_l!B6uI%bKvg@vn!wVEH8;kal%pr?T55s*7ySlpQ3^j7TThzGY z4Hp@9_cMuGVdQfR&o_LjVRsLaxHlU4U52+C{;lDBoRFHfp=3FQ_#RFB6u3N;iSTdc2N;v{IH}I_hIvi1J(%uIEXrJ0eeQ-b?{CVe-}UMhtKA*CJ@x-e{f-YgdlSGa z+g_U@FHtZ19oJ&@yRWepuitfISgd|`5!b?rZ#yquznjfUX?rhn5BP zy9dBop^Jn1-A4?#%+~KNm--!F>V~e8`rQz!-DvA~_x_vfcWzAES`2*0mf_rK^JD$a z^J~>%{%_asf`LLfL_f5Cw>I=W^*dX$f#sm;7Oz#YDf?ixzMy&+RNrdlP_0^CkX%T0tRrl^5=rz)rMym6r@J)%~r6lD^90OTVNrU&=LE z4RKPKTWfkD{svOt{W*P#YQ59rd(S38^!C6sKL7ol36#(=d;iG4(HkW9YpOZ%UD zy~pgv?6vs+uX?>_D_{S@%ftiTE*|9dA+GfU-W{TziE3c*(y;D(M0YjHd&Hf!-y_Cr zmerO2bhXm-AFK7$f=N>?Jg^$+BnOIXy%DTa+l$psejT)lLw2Zo0l)29OMJIwd4SNCWc0a;MJoT6_EVMC<=L>5> zdd>sAV_@%31aWGQKC&$4Ud6%sA@2|0$NR&hVzFwc-H2=L)BlF|hk7paIMjK6=$>ca z^O$zo_G7)WcD?c<j| z2h=f}Vnet=XdUzLT6Zs|E^ry!KYlX%nS^ZA+;Y1#9@-VVunjG-xgE;;@668Fp2qK9 zWo+N}?)DE7hIV*z-%ESGyuINkT?V|C_)RGP(Ma>b;r@-=hP(Mev<}_-=M5On(HO8X zv2o+@$qOeXdX)`4eBx_rbkbn2&6p{7z1OX2fB(5>J`S{Y>`EJZ>sQI2?A-U_p8eau zxIJTgJ~!#+VB~ROzN=$C+WxJbGyp#D&0*dUo1}4=96r0nFN3<_ju?>=ce8+jUcS@2 zH0(atwLIaH&}E5>eD8eN2(}sanBk zte~dNDsZa%<1;+927gEy>)46m*7$G2*Q1GHZmlu9_@=r)wh;ssY>B{zi6%j;!+}kg zL!k(eHW_f7m;Oa~b7&>j8+E{X_>K@&y++4!<*pD*GT}x&xN>)h4F#X!OJkJX8={S- z%%@uc&RA2VhSoFsBb)qoAa@q{YqPMPSyGK}khLSyWu8+y&+`xCp3z2TdFc$S)&N;R z%i`0OGn_Q@M~Cpen`Ztfc%z!(J4yWBc4C+b&iEPr{3D?0@g(xsa>!b+nIniZAj~W~ z*Yi6wPj11|dWd6?8|}=EG80=&nmxtyyHo>vz;eqjfMAt%@mAcQfmm8sPp|O& z?#zXRmH933iM1XBAfAWyHjKgvSU6}8N%!-S@PzrmkqJm*n?49W9l@OQ48bmBRA?nW zO`J7BVlu)k7hxeJ*i&8`O}M*lx$gJpkxzsSqb(jLo|DAG!i}c#K%~acmBUyM=B{&- z!71SadECABIS5Q#p2X?PQfVR85!JC#e!#v752g3Rzd0qHskQ%flI>OfZ|Y3#`_k-^ zjXu^rQcwuX^y3}0Gh*L)s{55HJWpI-ZFKbJcc`-B--c>tJ{g6XQ?y?=wOZ8vcvVZR zO0RK-wn{-xW#A#!+Nj~#(nf8wd8lnX&Izp&5ZW%5MAsd>pX)JxSRiDZQtwuQsJ+z- zL_9dIqaeN|f+D0FdxI~L@GR|sC5+ERja&zaxn>}Il!~4zjH*Xrv{i_IXo_aor43u7 z$J-XZRz#2Y<0KC!aqqV4$h;PlyjgA?7;{V+wok9zVIe(t`$t-9CneAwO-~hSCnZoA zLvO4zHj!Q-mJmJ{vyLz=kmKLE*7!GOr(hM?6@&%7_kz$vCy-Y$Z;$-86#X-?m~TsU zazXerk4k1Z9e2jM`sCl>Do*fzg8%<@4S#5u3i|(5O)oAlk9Pn>Uf9khhiCvSn=zxb z63v6IkST3}hwEu#pZ$b z`^b#ifaajlWF zvBpH#GI?ODrsur|%wt(9(&h>p^TH)+PUL+$_Y@P+yg0>?DfCr7R$?{%DoXi!)( zt#opoakxQat{n&h{d&f7OfQ{YQZdgA={T_Mw^mXx%Eo;?qL#2E$XIun|GncelI5<} zSbVPIs&$SsWeRlM25)`|So9{SHmnZs$<(3Gg}S`w<_J%MkBi31_2znjo$qPJt?x?_ z_Vh1wc^9Nc@pJ6=fPLg%C*H7f|oKqVE zv8K#`0@&*WpY~7^j@f$@Y|~eOb?X>LHw_D!ap?}G#~KRv?@)Skp;LFeyb{!D+N&T? zW>~q|4{nEH%$K!Tti5uq>(v8{+4!Yl%2&W1b(t?LbE>_E!L*lvg>Ekvw%e%FG~EY* zGQ+-xJw0wrm)d(4Ond4+15DNx_-f-R!wk-XvAf_ieYTBxAJ(nCaadWXnQp>f1*>hK zw-fd_j}q-^+XvJ60TyeI^QT;81Th4}7;!k~-)bXJ{0d=qyNhswa~>LQ*S0aUomk@_ z$V17cR$GdOr2wqG)6B4VfT6I zy7p$(vG*wKt$-5qC4xndTRJ#|Mcq}fw-9mFDbhFD<-LWAavOx5Aa9O^_PAfH(OG*N z5x5*Ob!t!7)wl8k-!(`huP7gSt^(en;_kq?3UCmNJM`G245Q8cXj>(U@fRJ zX+BRvIG%^Tx$*d|oj8z7w)5;zIj`X?xghD0^;}L7J2a7n`|Tw7yneEH(ZG>Y#C{Y^ zIpdO3WLv{1N8DrKk0nEg+b3&WHZf3#N0n!$FQ*UFE&P~oBg|`*=LB_lb>)#^ryqPSYBQgVw9yU1!gpMBL$D~15T?!3g=v$jJ|FII zZogQ(hGX{m!mcSvn7gX;@-xjkmlo5k`b@KOAH)3(4>j!G<%|9CMqXris^JR53k)wd ze2L+8hJS5%i{Zx%KWF%L!|V^B`!&b#62q$u-(~ndGBX_RA+R2Ie%M*Z6!IN{@+XG> zN|v~7aD&%0WRvAs9}d=IeJtf@9;GWV%=!5=?&(H8#qeyyoHI}L*)KtDE+fl!InNHa z%j;s3(c#>9sa+ zQ0{7&_XL$6WB543!wsKic%0!0hFRvqj-)s1O z!#fN=ZumvRuNr>S@H>XTH2jU>Fwa%l7j_#}ZfZEwa9hI>!+a&9aeEm)*6{I$`OZf5 zPczK2zse^VE-^gSFyHH_{sP19<&*5!G9#x*=Q>Iw%XP|ozFy-kP5!i{Tr8Wnd3|u6TIw^si-q}! zyqqj)V7-UT($#ulUQag&^FDBka2GINv{FA0yiJ(TuBU_tf}a=Wv+HHyVc@;Or-I)W z9tD11cr5r+VP11z2=iI}weTb`ozH^<=kk^hH*qR=`7CmGyyQ4`f}ZBNy+3dt^gJmr zJlb%P;c~-s4ZG`|2MZ4U5svwX`Xl7_67@s(M|gk-8~4xNZc8~{ef<%BSYL$QUHqXP zURwEX&6l$p-u~o8c(iuE^m;JrM5c+(CY`{$*{IvwErK`Z{NA$#g+SOzL=GqyY% z0j&GSwT8K%BSG5_i9tsK+D>KP2GfzC9m|r5OOo0%j0Yjr(K&(L!y$Ej1r9q5Y82M( zYw%+y0ynwbKhlZ7_8MqYx7R>h+Z$j=X3!s?R#$?0I}-44!SUh$pX)QgCmFUz?`$jy zXlJI+J1%$xyqIHq2s#MRD|L7lJ$G+Dpo2i5JDQ#<)b1bjDsT2k;xR zYr$M6Ip1{_NNbp=T?6XO5Ey%J%-IZNlEZ&T7lB$0cqNlcxHnmePut+Reu>E(28i;avvm7_GOz2wOwXb8TzdlaG+$_sr@OkaKoxvtCqgNw6QCm& zZiivam$g`IzA(Ld=>TIkercHUPOwKk+GDX(?L7>py#y?D&tu7Q6#QwL?!&4wL)ibI zC4Aary42pYV9iUQo42uuAWm&Og>_{HZGyc`@M(|rezms`Z0&JO$)FH~;xz14tXq2{ zkhoj0Q?#e;6inv_STqjMTaHLg1~O~Yc#m=`%~O5+u?LS z>h>473irbtH3nbp)$K1(jz&A4`?U9c{RMWw9*>7QwO6;lz$VyZTN&*k%VX)Q+h5>i z*!xP2Ku@tJ!0zvhu-6qb+GDX@_qT3;f#2iB_7CYVa1;)by*{{IE_M4042NDGtoGQ98Pdq` z`~SfH0!wgFZo|epAr5YF&K~!xZhwJ62wV=iI!&Lht8e8$_7|{6gvY0?W|Q+n?hRU8 z^gr2Opd4oF>o4%L_~wH1x7O=_6fx@QFTjF_7UL@m>qhut{ROn}Qmc>-p)0vcsg_C8 z_kldGeRJc{egRI-hdmr_C5P-IKvllOXOZv>VP1#4r%*l?KJQy(%1yV;Qpuj1#HBPQElE#P7Lhd2G)0mk5HZx z$e%O3&oJMKY1|Z)2h=9t1?an}W?+5acqHXwGtaOazbE^6l9BUSs`{md&nAn0wUN8; zv-8A(2_XXhnS@UX{VZLin`PGIu8fLjbb$(;`PQ&ipmSgdx zk?%Ilvbx%N+wgmaKQa8d;jay|fTeaC8csEQu)YACK}+NEZI-foK_lt6eE|j=ogs$Z z`*YDBZRC8@qBdP0AJJiXOXaf-Gx&e&JAdB0_&%S{Ox~}^5%3n_BfvX^S@+l}%|Wu)V14J$H(mP9pU+r*=RXe2zEMmApXqe^K0lc(&u%Ms&t;Lb zNTJtwC&TvIXZrLUC@{=)sJzH9%UUX*Yj}y_6^7T6S$Kgnr71V*-J#|q=-W3h`a|a< zn4f_S;GWsrZRuZm|G(|YeeZ7PECes@=`x^i@i$2ygr7-ler1FI!`_8+$!?l1LSSsL()wZZqajA_c zwJNnptxMGws9J2*;#$}Gf1Ww-d+(b|BG}q~+yBpjx#u(Qyz`zpbIzGFbI#0USYfx3 z1LE0F=wbu|N_K3T$M60lcdY$r$I_A${Ci8XZ!T%Jq@?+-5)KEd<6nDj|A)cZfA7<- zhreffE&g6F{v>nz!s26NrN?;f`<`*l+rP}fUvn)!r# z+WWuR^G>tlc763)B;&mv&FZgU@ClAH2cFLZbv*a~>ezuhU?UhiP#obqjw?gK*nz81 zw*1?!!Tut?tK&Ghh7HLmygG~>=nux&fl6*dX`Fb7u>(sGN{$`)4dXJ>ehLFvyWmxZ zB5B>J8EJAogl_D>Y={$M2ev_q`v69Qu>+l;92v<=R@W~0IW*Ef3&sw#Kx|&x=fT*4 z-!Z}qEoSOWj%Yxhm@txA$AGR9$lEO~Kg8aCuy#ROpU@}-zS-IZZb1URVQJ=mZh+Bd zSMuj9{_;)(2v>Pz)%$qq8}5z4}TD=S-&3-ZxBod+33gPnvY;dx1vIS z9^KstMtSMahc9qTC>(J+WLQF>@JVc0+I0TlQ*q;TVy*uod?!8@SnNfN?EDuAdEUVk zPJoPkIKTKtBa}WIRo{{8d1NgekKjt;=lgW>UHzriW znHY~aXM)XIyhu9)KjkQ+FOeAK>>@|=hD?iefV4SJ zLAS$T${*Ga7!1WYWDPJB48@@BW{)9khGHE07Q!rT8crQ&(R~jSUzC0Y<9NR|b3}FQ zbUAnGPWFHGnhs_$OpMV}VQ_)g zqKb7O0@XIj1t4(aC0A^~y_XnUk-BI^yJQ-U#MjYtl|Kzj2B{+Pjo>MtnK zF}YtFM9zX0Bnpf?A1@{k^n14|_s6sumo?rUXQwo;w_CTOC<{_tll>%oFg0mIHM>v~ zSE?ON(hb&S-HKohibE1dY}TMSG!WV~D7ss{|FbnHI^bHycoJ@|g%4rj32v_s#N6B_ zVs2Tdea$cvu`n)aVU)2j&RF21F5y^>VZjG(${n804UPETX-Qk7Y3rsy%8jdFT?zyO z7g%zmRG5y7c8pn*v@nJim@J40(geRj%CWqkzYibw7R_Em2y!toX=7}lAG~;%{ar4K zVQ*fJ-JPoPaF)Ykg%56M45MZit-;ngJ>0Oje0W00>UKJO*qiIGAymU-JP&@II~l*! z@x76O0Pg_+G@jwj!{1ly(5Yj>*x8U?3h#^&g5ydU)0ElB=RB{&T(2-=M2AG`A|!Bi zv}x@XLPp2pRM#EQ3%(!x5%7cHS#Mg`P`aaFJmeLlw%x}P9em>3^%(wz6?6CV&u@N9 zd)xQ=yfQ397wFYRH&8N(kvMoRCYI{J!zXpE-ZU078@o8o|NQzK{d}y?(aiJ1k*1mW z4ZBr3LL5Ycbvbr~n_>};h#y|NkOOKU*%{_&8Z6kspdY?T<$-1(x4+Q&q0@m7LwT@r z2Mo$89y4X-kQ`?)3%`q+lJjLa4>f~@W7GC$g9Lk(pC6_x?a82oEOZhX6twV#^mg65r0GoBa-^|(LY5i3#Qb2 zBcR`1{x`?(@L9l{pWD{(h46f2&}G1rSw&FJ$H9TZd=k)6hl~b}v!fL|R^c1KJ6VKaXgOv6njNk4UcDO1wCu; z3mDSt03FUm{@k}0gw;)ez0wAb_uv$JHASAscWlfb-_hyu9xnNdiNTvNPKEQM)FIlH zM`?=QUt83_KU8lRpou2Nwi!<9028Jj-DzSk2zlPI(Bt`6r+VW6wp?NdC$DFAt@JqD zHzQ4q?HCx_Xu@i5a*Dk&*rOiHB?_I<==^-CFr~<9EVZEN=VHjNjpTrDNU6^**|}P;f1Cy$?R8)bYHX zBmvgl9KSP3Be7+?d($T}hEqNur7re?CP#xKceJe{E%rv1`H%+7*EMjNg>QSz&MesE zm>RwsSuV_bkM$De*J8`-UB~H=b(~I_$RpU2Q^)D>xjUUYu)}8QrNV4}vi|&EUgHCY z^xgO!l))C31D+Rj+u@b}Xqa`Y%4-c@W%vh%`Au8(KQZja)X2X0&Pcy4^BJk*diHzW z4fndl^VZOg*yJQo{kHsL+T=-w+e|s0#dO;Y|H1H|$YSRmBmcs17OFV4lS3B!d0_5~ z_njMeBl2F zl~)*^WSHM+Rp(s8iw$!Qg6dptc!l9rhB<#+_4(mfd4u5x3_oo63B#^lm2!U3$X_w+ zzO{=E#|P=Y{%)9a3RKPy!OA&?`Sn-j2O8%0VwJ}X^GmVHk1@=z#410{uv=3}^6AD) z3iD&K>T`^wGNb>cF=b-k)h)v4jwbB8_Ke8cR@D8nEvg(P%X6p5F#DjYI4{U$cbSr{_33%31%NC(L&Ui-hqCz*|n1Jlr76 z#}KbW%Gox&MVQYlUXzp`0{)pWkK<9{USM8_)aeKQwJ__{7le-hzbeeWHm^hKv(3I+ zxD@=J@UdWClhk3`^Go3q!5pqY`3Nw+5jY+V=AazP`5ff9UGj7=*Zd;$xmF;|wrUq) zejVdj2kKl2?koI#@Ic{f!Gndb2h;sej+MhP(yfQradTKVXJDUb((P;9T%W#&$-udN zubY#@iyv(OUKe~D)7$Im=<9y=ZylWtp?Is!@s``;xx3;ypT2i(72A0%5?AM}-K0DW2np^vtKW%ZJ%;uGuEoQ$K-EmiRLCNkpwU>2UVf_3F3P4|o|DKE*~F>YRAm%#(>DKE+1 zG2)}TsU_Ps&D*y2qirio>Xy!{oBdIFNwb`i=#FtEl_lx-mUuUp_$x|6+e^YrN+Q)I zX`4%$ykC-4ZiWbUoio_4+?<0pba@y9|2Q_V6k`OtT>tjck?r4I`00)T(b&LP?C7*3 zzSnOdoxSRiF+H2uoM;`eZ22$qk zdOYWsnck8nUSYb|{_JSiSmAMA`ze3E{_O$&wiBWlRoSP&$M8o~Ds^c8Z_T-K;*4hJ zXQzLVx`Yz`cGQli;-B{Zb=sGa6VgsgZ#w7Yk#Chmw@2Se57PE%Hn_zJ*{3xRLK$;@ z6@O{u?vhV>w|p!rc|`hOr+wP{wDd2-gCi$o2NqrnRlFJ99}A!0M&a{@&!vVO>;Hds zOs0=|Ef|wI!ma1Tm7Ib#oq~4*y5A~5pcj*|o53HQx*D0|ZLV%GAkd3OnC~k?-%k_6 zG@BT_Mt#=*s*7y!?_RNnLINIHtP6Ht zgH&532B`-6I!KihhW*a|6WDyiL8@+lZP_TXgH*W=lnhcO((T6})z>rJ07?Flue}DT zvQ+tb!1MdMUuJmqgSeYyfGTk&cf%_w7=(H&f(QP9N!*y!-!s+?jqSG>_&NMR$uX&e zVZS5WNxmDR$`<88RaG(1Kb(ywHVhH$Ex{c@u#W`)5d`~6umh|_55bSV()9<0aEBKh z2~jWjLKyTqaV`}@qT2;972Y4rmj_OlZ-WXcbGi(PE?*751n(btis~}Ig_Jp6hD5g% z&=o=ds7n&Mv`bl_>+BY7fnFW_ZZxkuyCJ#7Y<-58Z&=jvI>`MJmctzoMS1B_eKyS= z`zFoKfQS`cK^)KqP{_zmXG=&Dy^KW5nCQ6n*o#ZlLld3AM2vKa7?MPP2GlXpkP(`w zN)ydzB1XDI3`ru^i)?uN$6Tz5uGB<)DOAWvmxv+HJD4|03^IOk^UJm|(d`iNMNz>I z0J%KMWq=|;7uD=^4^M`RRv>R)~0HL^O%4UE&)SuX^~&Ra&vcMx)&>_Qd$M?uU>>6U2tQb${TYn zQXJTyF%wuNKf|EAF(Ig?48hVhK}bUAgw zg-q*mI*&PBkKiGN0A^tW0x8)Ds^lQ2F{tr?QdCS%5B(A<{z5*SgOTjrS@p?CcAkS~ z9EER2viD#`fx+rg#+4y)Ge_>Mq(u&f^nYNmx{grK(GlvYe}GU&s1I!w3_QnMfA^OM z-LUjL8R#7hSWg|!{+}GQUVmWvL1qAY8$2SDBgWl0_0;j`1v(zRFc^>CNynpOd^$&? zbLe|#V-ju8y+^9+;Py1p;^$>gfR}5Ewhs&BEDRR|?iJoQ zKeYRh+`a7fPUnU>4tp0YT0{5@9)r|%2UKM<80$7N_KN^*EJs{mSw_Zw7@&=H?~D^O zM?H3czJeD1x@B2EC@J%u6 zAiWyX1zN0Ou-J;4uVIkaq|suKub?w9`7B7MS)=&|_SnF+ZBqmpT0Wdx?kvm54nDpj-0aLScR5wA{EDv9dB z_Y!pq-(RO(?i4k2ZHK)Dk;H}g0+dp2B8rmflGi%YB`qqnw&KR)-z^FSdOeSW?9SUyX`RFE9{g^(ljAV?8fAmCOX2S?78XZ z@HB4NMrMK5|8v5D?kH|lp?-<;0}LKV+zfCyksH;mU-&JY!WeD>yQ8`3pNN5JEpbECTT4>Q*(jOHfT zg}WYAxBg*fIo&bb1m!z{8`Z6UY=N<{+yupUIyb7DJhnlQ;+X{JdXJ6@-7hj8M7S%S zB9;stt*B$h^Wa;@FU^J!qfI-_^I$`!Ow)B4POh-eOTKo5atVtmGJD}+yu{u zHTS8G`{J>1Upy8zm2_X@!Fo)3EP4!T`wr;PraI=8Hkg)W(okMmHkzlk;9KBX25gt8 z+X8qNejEJD@O&QgQL2uzSK)WU{~7*M_%GnUf)9yqC!obiRC zv_IGFgfw3Fd{TZl2d}!Sl1sCpEdCFt;bC&!F&e@@}PJ#oMa|7kz15ca9mg{ zJ#l7JuaF?;!FjjmD9At{31an#f=u$)l#-Oj-V&YF8RR7SYs)Ig!`@|RFLP*WDC=8I<|*mF9IF!+1$YV2)9`c6H#C_OhJ zRd21}L^e-N^pQ&hTXIKex$%zsS_7%mHLEJI#5}&UeErN-Xz@#)nMtb4IHoLJUvDBK zZ3i<~<*%6AS7aYhxkV24X96wMU{U7T&O9T!x1q0@#)|ylQScw0R$Hl8M$I|1 zCu>0`<_#p5)#of$ccL4eFI(><>G}M+#p~-OKsIvb0l zYP+6pI_~soHIu93(|a~_t+58#x0YVX`_|ODWd9}=GoR*g8k|>L|5zGTNgha}D)o<| zQMJS&d^eXFm#{dk3ECs9%&2X6y^)VC`>MDpT^vUW9WP;goO6!-Wt&d9G)2A}_L!db z!V<^u40zgCd&OY20Zi~z!<2t$?4iq*$lo8^&i`(f3g$J<2Wn7^OH zTYJM1ZphvyNrR1Z`NkeT8Yc3`mGZ1Tt*IoLizDxXryk3St}(sch+}^CrT0E`QukX3 znK~_tcOXz^Tnxuige}iob9lzFTw13b#{$T-#s(&Au)lBZjfOp5Gqjf@dbBq%#oj_x zvszmtI$@({6H@H$fIY3*5uLEdcjGpHuftvp@wAsGdbD?8ioGZb zT%Q7nPT060#U4JUChYNDmX@DePZ?ok%ee~Jiwbk2dAcpd-VoT+^5gZY_8yY_sfk+H zdtC#@9^ZecZARC^-mQ@Fc-x5{kC(&1@IT=uAyIc;$l^4P?@X+{BD~mIiwlzWI>0lI z_FhV{x2&1x4cCK5yxRL~ir%X&um-ES;Z*NUfZgvCM`0h>5%=2>UibTXioFdev|_}o zQ+pq$*jqge>p4J)_6p$D9>>0G8rs+cdz%_Kj!ejG{-VR7i%O36IvIO~DfZT*BCcSC zCQkQtV2Zt*Q5eICii-9+!)yL}ialP#bQ#F}OOUCfJ^FzudOMJ*LRAtS>R~){y}9b4 zqK4x1-QF-$k98=GKV4O)yjp0n1abXVzQ16|B8adVAjQAXBIIG^|@I-+Qil zma4gJ*xflvQP{&xV_ewP$Voxi)u=Yi8Zqg@^;W}R{#hd>UD!PVZJ0Ge((OH${Genc zDD3XMq$r$dp9iwAyYg*3uiT^yyEpwdY)gywZHY5%ZWJU7*Sk^~HWikOw^tFrS4jaXx0J#9u7oDr{Tg-w!3s zXH!e;?Li6i+0v5dC-sd4deIHF_ZyippJ<3nnndTfAsg&1*OP0*x}H!vv+jLL1Mefg zE{(RpB;=)J zM#7QRJ{~g(eco+(a!Zo4XX$DpTquv_<>_N z_`HbWc-Vd?hpqRfVWSDE=I^G@cyM8<#j zF_AV0f$4P)buk%bPB#Qz=aLUKJVKZ@E6A`j30r!#GnLGX0&Y5dE8#hY7YNhNQZnpZ zi7ma_Sw_yl58Sozt%O$@UMoyHcM5ZN8_BS_30r!#`3PC6syc8hVP0p-TZL)!x56y9 z-wVU6>qF^0_iTiHss3{f^Ac2fTQV;MIG!V)if~=wRfp$DxxZo7S1KQ7xZLn~!xe_l zFg)Av`G%JmzRK_#!*>~We(eUGjw;O(iEcyH+S+2czjm`%~{)Le@LB*qKv&fRR9a)aC zqmg$ta<}e*?Due^bDYr`X5^!dd?H!WRvDdYqjR>A*BbeyWJ${d*7 z{{2S(A+j9fQ$}aI;TMh04kQ07S@!!kqw^1=(*)O%mRmMi_H}@fN6BKR$msMnI)e!yCzxb`x0BK4x^D zHvF8?f5-59WGO3FxSD@_^h$7Zvgouia?FuTs!*?2;dyRYxS+3`2$ntFc4OpMEuN(chjQ$5k{)v%? zU_;9`*KpKuH!?h34{W)w0`MTprA`<|hNn9TTh$q7bmE4mlHuuU$#PtmkmXr_Iar_j zYbcj}{lxHnWJ&vTBj0S~oRpzyUopIcEcUEO zo?+zEjeNe5Uu^htvh3>~!+bBJHg}NO=!1L1$kUKcbr`45FH}VdX4^&OEex|Mta7%8 zmAe~`89vOW-oQNzD9{Ip@V2{r8>48LLcEyJH1{>pGV+c|QKnTA^$cJF~jhvUUmzrZku zGpoFZ;lYMW43`<^+*nQP#)r$k#u@oU!&Qbk`&QF(?GEKdhA%XHxnaAW%ymZ2ab{{~ zongMGRXN|WDnDqr&M?>UP#um@Q-03y4#Te-cJD}~9R6nHu3akf5ZjQ#oIR=B%rIw% zsyu3#b3s+kH9C|VTU&78*!=D@Gj8on30fspNRpqX|Eyofw@_vSoF?_t?lMK6c$;8eC zBd;*b*{!t!zUYd?QJRB=|;|3v}(t-w?*d)BmchPwPdtW z=x#N9mtoiT7M%x-{9(hKe5-bTWB3Kbzc;+o@Ee9XYgg@jZa9SFPFBoI9*KvkhNhc!^=xR+qB9*2r%*e7j-JKUVt> z8GhXGlZKx)yxs6l!*3Y=*zjkD@i#9L`)y{J6PdM5>)P{ZFVb}}@xG2GuUXF#i+ z;f6;UKG`s*NUQz~!!?E%80OS*)xXd%=T@tHmEpC9Z#8_E;h!45-|$0*UB5ueWSfz{ zXxQ}^L}!YFucO>^@cgsT-)WY%Bcv)ZW7-=&_&_(-Yf#Me@fRCUav9sceKCh`a5#I`cW` zM#Gy7KVrDf@DqlAWq7OMmkhsZc!%NF4evJmw&6X7KQ#P_;V%q(re6~=oMAZIaE{?T z!)~Ptxdu8Ic~`^T4fB1XUaK5yq&&dzAj8FmIqpF98|%Z4FglI(XWiH($#aF#pJaHp z;TppW3@z`;Ue*3^%q$Yo5``H{4kNnoEx8b;1R6l=~STV0e(>V#7lWml@`` zDz!PzFvrTMyu$D#!*0zTx%O&|e1YMGhPgDHKJT~^oHAFz(S2QOcqLh$ajOllC1;=l zfVB8CI zYGJ-s<^84WzH+P|IUn*R!W>6?16j(D_Y0YyR__$f19KcG<$TA<_eEr;eOQ>E=^qp3 zFaVCTqfQ~1?~BNt!M_#m27Xz%JNS>n{C@j}aBnc*9WiY`@O#1o!JN5I`O)Ang-gL< zlsVr!MX-4zYpsgu&07KCXMz_1M^)I zc_R2&;mP1(!e@a;3iEv}-$7BI&-2rS=Yp$*=YyvSF9gpLt_AbjX4(tEi-m6jUoN~B z%=b~$xdqJYmV5{JHetT6<+~}$w}3YaKLh@`@U!5@g|~s966W`OzRP0Tm%*dsvaA)Cr!G{X7e(Ei} z3CwTk)Ms5aSol#e-|tb*dTXdKpY43VNBPs>F~Y3FP8Hq;jtjFsJ42XbF=hy}ZsWT? z+TnBl9AVaTi-b9M`(oiY!2IS;{oUYeg<1ct6y`kdyU6l9x<|MfuKx#wIbP=H!Uf>R zg;|&KyFAmfF8z%#>(Ac_mx5mrW}UfHm~|%K88R*FM!qLxf18fq=*d~&NLs-BCYCA8 z{NxDpn^VbV+NJFY?m?F49lzI;85}4~`$r4&c#jq4b846{hn9^L?f~YyMA|6? zpDG*!({VK|Iv$3f=P>9C%a}JlBYi&X;G*#QH)|Nyw0zcTTBk2*izt`0+@Gc$L`FX7 zSiZ_EQ{@UWt^vB~@X8AeUu1Zh;nifhHr5;7Xt>VsR>LnDe%&zZVr`SK&Q;F9wW!Q` zQ`;)6ACz)!+Tw6-xtvAOH*dJ3!Ok2}Nc7r`y8xT68A4X^m3=J#1 zbj5pp3J&PuBeOwHhsCcbD19s&xvh-1Dvalr##^?G=ad)ZR2Jk8NGnS(FKAg=(5h?N zxb!{ul3RiXjxd06N}XhOviPE>#2MTFQvkGPHDVVc|5l=-ty9xq2uoUs~{4l*aSQ;|GkL^r!T5zcQz#%SxPEV~*oRuDf)!e(R{2)}&3D@W5 zg2L?u1-lBO?-z8uF&7tYdDAn07wdo9fL|2fa?|1uUi^IFp9U`ZL9eea?RWJtL!S7< zThEL>@7g}MZ|*es-Qm||m45d4i5WfDP3ih_(Y^Cey?N-2E1v6I{mI9ZE}6Qr_4Bt* z*m~OJ`&Ue#T{hy&cOLxx=?5Hl@*P+G@ShiOWSe{#Q(iyM*<%aiv^X#6DZ_d5`?wZ0s|M;+rcYS*J?hf<*IP>`T z+RZtz+m_2_Jy6;FNBNJo|6=S>!+yE_oal|O)cs?@uTS}~<7?~tE^YE;?|WM2jPFwW z_QZ;ji|%auv+p(Q@y5Apu6b(p-`4Ip@`Rrp^3jH0{q^BN7mivLZ*yqmf``t2;ozOq z@~XxZWS`GE+pdewu)5;_th?3ShxTZMb#e1$euQID%mV0qKI1=J#CKyBCIF9u&&Qpj z4r`C!h9K4+zZfE{JwA=0P?LiYO0GT5M>EzQAIrFmCQmXHNn6NJq{#``xV6WxfjF`D z_#{Zv+1d+@G+Q`h1E@*Y zViA7)0gNdCn&pFHU2QLO(2hW2#1L`d)$Zn1wzs6_VDab>O=3#yb zqFQCm#cI>%Fuz%IvCy;-)|eK;^3nm-K<`|qR|7pE=m|m35r&B`!@m4gu;}qB@K?7X@3|mn9#*TT zp%W3;nx}{HY-ssE;_Hew&jI<4Cs*b9uR_4LCZfL%a2ULQ+uf>v8TD1}^fv|iyP@|2 zyer4sU#0$s2)<2ymFKe;#Zd;Z&zA{&z%z6HdJcDOvjE7xRIbYNITGbqm6Rcne-(bl zLz2%I3he0QuLJymz$QGq9r)WJBcaD|2kMC}_6=M+X$5;Yfh~qb=RodnH*~gP z>t7SZlO-P1nkC4Ux?Kt0brACHO7N}>l!(e*34Qkbl7*2>@N#$U@-e$>_aZ!fJSgvbZoPR@UTQ;dNv_Nyf z1#)we78%UdrEOat>@mNs*rU%&tWJx3)iZWLa&_BKK29Ll!==KwtnpdgSsPt#H(!_8 zZEKgzr3$(yy|HN@EXUh{dUzLLwQ!>Cin<*yM~^y`zq}MXjA{g`JaZt3agLQ9mI&mA zwPwUS*DU@?jX+_PR*qqGCfBf*bakvZiYn@;6Y^qfxa|wy#GA`?8#}CFfN7eF0Bf(R ziG&WKon!y1Cp?zc4Fth&krS13bA-dO+#C<@mQf_Ig2K|S#pzfhk?fwDd#!UA7#hV5 z6|ll4EB}NGqDPzP5gNzC+K*_K0M)v|H}Pt`Kn$hFOemM-1Eu&!VOPWx*g1HKBuDILAU- z3XgSS_gt`s#Ejr-;NEKCg9ws)TkVx|6BH{`K-sxd@XJ;Qvd_)w4o7n{$>At&Xdb3@ zFJW)_-Fz53w+_E=!3X;z@i_)FK?T+@?=a7q{(;E%pp? zuw@uKN@qOmr3axPuFE2?%eh{cHMGVTMJN1I7P*IpEU%$S9!dE(Hp>jFS>4vlc;YPn z5c}Y}HLSAA4L=VY6YQ>U(O%`ia$z~pJj;jMpw#3Dg7UZkMM6WSkoUtFi$IMxU^KOm z8?Z&2K_ zF4ZV$S~C~lH?YWZY0PqJxqOY;)be4NW*ar1C>LfOH3iD0oSVI`_0)18@fxq-SM5T@14vI3+<$Dd~50Mxz#&>R|M;V0i6@YHu@VIPA$g0b^z;IVO|9I zHXc>9!-t%$t&3b3KX}ZjW9x>F4?A`239yyF37&88`R1NgtKRuMxmwI@#q%vWzZ9m! zMpI*lHtvSEHdqz0_Sgnb8|-0z2>%&;Hq!E|VLN!PW}%L~3HD-`hHw0thNqbO)U^B} z$uE)216R!GY|=B2e5Q9pN=iS1|t^QV;mP@crSfYpA?9dN|~*h1xz= zbhWDkmQ+ugH*MyuUQ^@Mlg^G;Pwq8&?(6}5`uDGzHAAsi&8%6|=k{7qGkNCRc#r7| zddK?rm^^*T-hyc}tESJJG&%J>Zx!wbZ*I*bEMC`hDsMw{KHP7309wsh$kMIV=*X?E zD3pn0jP;xDP3JVt_xx~Et^mn1?I#wDT;=;%OaYNDX%j9N>1dH#QBxPp@=!HI_RG3Mt}NC(MX}LN6ZdLE%*)6&NKTB><4nI9~{?wqiJ&+{zi6ZCH zrl&jZRU-f$Z$LUUCV}ge~UpKfFvR*N$~7 zgeJ4YT)3n9x-~v$&YKY&TFN4>y3C1PTlS18eGcniJ$Vv3`^Ow}M6_#F^{lyb`2^^3 z;_=bmJ^RFZ#=1rO^&HT%k6ZL7%Et}-IQMjzICSQeS>BjY$4)FM9d*+1F{6*2IDF{n zW6Mj1j~X1yEGZp2xVL-?%t0DDZkb+Pq-#J;vEf64+rjXK@cPip0IO5|A_%C@?V0e@ zzZ#x0>a!7&3s3nvc)md;v(wo}nBB_B@RYOTNyoHg+NFFsm|J>ntn8Jae`;|}JsCZ@ zE~MA+@|E?k(O@ymy_bZHk)^Ujz!r8+)iay`j3p0%DqY`n6v zdh+~w(bH$?5}l$_9iMpy?q+MW0nzknGqIZ>$y}}liZ;cJ$+%v722F{c!EW6mmkVlo zVv$g>h`{XXS+h~X`{|<4<3*(XeSQPh3k;ZOXYxgIgaUD2;H<{LQFx|jTsAyE=U96~ z5VnqSbd;0bYgh?mlW?l{JxF+w>`QMnbW-=L7d?$Ke{?6oD>K}^bCB;Sm}S5?9>)xL zYmXmK^r8hOY)myw`2g5^3EL<<^R4!lf@u%;fOEw>APU53o>n4k#9lEX%2Wwk)#J-I zWk%;59IRy*1@pZm<9HnIOB1&0mLh^n;R$6^#*6mnjNx?hf&(=D<9Ty(6nLW$bgiJ+g69Fc<^`yOs4 zn=eFb(SbqRi zRcf1aRQ*-$^f~Tq>ewot1syZSYg(Dtm2wF<52uIM#RxJh4Y(`dx#k-iG}n_w&h;fJ z9}8Iz(ZMC;)_ZevO;|}!suGz5@OzX50F`x(d&4#e6r*jw^(A1Ta*la9wWW#cO}C< zU3Yk$2*FG^Q!BT@jg&S6`EjPLB3qJ1!QI%&h1xjo?ZxR+Wv;w2v+$p z!{vs@8?G>XhT++U&o{ip@GXXaX?VNgw+w$|I1}ep^O-}I^3Mb79K()AryH3MXSkk5 zj(0-|`LTw-N7m~QOq;yUPc=F-$Wor?7~Wy{O|qQpzku~ze`IvNB1_&PxaQPmbF#== z89Cn;s=T}5-bRNbIaFsPS@OU&*_a33gZvPwI@62}?+w+NZ*&$Lor^_h9qhRIERxSv zM(2k{hkvqL_jQla`I+eOzJ9{!JY{r#ZFJna7P7CMM&}LD;r;$0<)Xv!|9b3S8l7}J zc2p;eEalSz%wwk=wp~=G!0;i4`xk&cQ`k1LBTIxWDelW%m~ z8g!y_l+i!M@YQ7AT;lY;gE(;y@+qxy9=39U;m(Fxuc}VWFzZ#7ySh&9@!>{3!tgl5 z?qj&+=-rlgQZ$*b=(p0CfVYXdWew1N16im{V8~G`QPd9v);aP?`|3vLC zHhh`ks|;Ujc%|XBhHo{@fo5u-pF@=&Fw8GNDu3KCzbL8vdBZOm{E=Uo*@xj%sI* z;m-{J!!XCvsXktWCzvB6Ro>As$3&{!J!>RC?)f4-)aY=0r0Sn$*gaoFpYzC6$F094 z@(YaoV#Aji=4eYz>(*tGw6_~M=ZL8e2W2X|XOQSWY2+L=sX83Hsl3y$TbD`FzHQ`3 znCFOnzPL4xM4#^#)Fy|7Dt~I2-At8po{{nihB@~~!><|MX_(_+b-#Z%jG{`cBh7A)KI_?E(|&>LuSx!0e@z%F37fby z5)AVRcKt8WclL!{e^5BpzUDJ(>=YU9YS^_~#ExsX2=_BO0}Kx`TxQs{XC$p_&j^n; zI<9Ra@(D&>VR(|^sfMQ;o^80s@B+gN4c8jJ$nY}5*BV}Fc(viRhHo{z-tgUqHyGY% zc$48r4A&Wc!tgf3&l`Tp@T-P*7=GRGZo_XI-edSf!=D)b!mw?pMNFH4eHgv=+&fY^ z*ZGvAZldd8IBN8Z4F4E^uzCbpy5tvl-9!C*^Fjzbwr66Mqu!i0wPV-LU;Y zxCGn33lG7TeSFq&bZm2y^T7uR7lD~i%6oth5srcRewy+D;QqoKT0BVjXmF`;DR`(b z@1c`~*+(8DJPyphKW%bgY+QH(_zdCG!F(q`oeJ<=;Yu*y4^Tb{yhwNo_+nw+TUQ95 z30^MD`;5~an06+Z;~dGe!Tgp$t_E}T5xEA;b}4y2m?MeE3&3oblFtP{CcF^Lb}8i- zfPXDq3+5O<%9nsS3W|IY_>aPufZq^a2WESfI=6s1T8Vrc`0v7ZfH^9O@;kvC!9>0b z+*Fv?np;Z&@}Gj;S_(I0_2Z_`Obtkd0o4;6u`d%pCnGO99M!VxGwPPU}2j z)){=4LVdpXxKem0c!lumU=I4G4)5cegtNf63O5J;NSOVz4Z{n?wsy}@h)Gi^Wc`@)BVKM`i1k8NP;3hJ0J3mV6KTuW<9Y0JBX_ebyhG#6{+a#Sev9XM85S8_bvJ)L}ir_ekV-!P&yD z4iL`9^}_c^)M0(VDN*EHFxOcn=YbCq=IBPQvr0MpyZwbZ+HsIDM?01ZbJSy*FzbvH zg;{6t?;X$%`@yFR^V`B?;j!Seg!xX4bN8sv{_8?v-s_hLF9%;K%x??JgntO8tG6C_ z%RrV*Ii8_(eC8<^8Rm0N<%7t`10A1X%A*Ze80K?Db@*&hzR2)0!>bLiH@wksonh9A z`c5zTISPLaX@BP9_da}J|0vzQ=i?XWVMn;e`eDN_90l$#5xGF(=i8c(-}15A&GCZ@ z<1PEdTZQ5sx5p3M74PtVygjB-Z^mT&f@pESXemC>^&N_N(oe4Vpie<72yube;kqkm z`5bEHqEPxNUOE~Rm~K5-X2CzX;=QRO$K|>?`MFb{{2pcqu2WFI!fzVSPz)-`Lu<6+4FJ)UGVq^I>eq zk8)yVC5ZYowBe!Hj#W9u#T5@WLCPINaxP1c^@|NmODt7@S>{i+45hz@Y2`V63Ub>I z!Eym{K8$e8OA2yV6yz-VRnE-?EtkY|?^t#IC2j42cUk@3F2oeHsyiz8hyhDSF36o) zFfM*s?$YID?_D->>2v2iw_x40byIha-#HHJ28@4i+?>mnkH2SJ?{f+&u%%GX@^4dk&n1nr(hKdm9rq8l0n#23^+3svb+s#y#$0qSx&_tt`=Zd`yI{)lB z&~44eDjUyjD9dB>GsitXS`LJ81%g+=`wKpx?y(RJ0W?#2-Uvw8jCGQWX@M`+&w?ax z65w*eOu(Il1pu}U^VnedGvP`ATVZ+E1NcfZk8KLnb#(5?xJ!3r=ke`jaAYcTM>fVO zyCdU!eD_RSI1EB}WYYj`D04@4ozue`#syx#BFu3vlsKw;&d`&fUdbmQ<}b*BIjx?8N2lWExIfZl)8Ln+Fq@Td<3e)9A$I-1-xj zTc%E2#!E8JL&o3f?cIvz53m!GIc*s$ECn%bf{DxdIun_ZZOs(rb{c`6o6h&{p!2;C zEIMEab9i}mC7f%id2U9sMDtEh zxFFiiNS5dk8kY^&kLda{l4YWBH>5ojKA4d_7c-K17je%aulE{m`IaQ)Ep%^4c!!dC z&#=cplic14pO{z70J{xl?lFU`s1rK(AW#R-op8Iw@j|!d;UyH20q2rR$(gvU@t7mu z{RK&<##bs8@R$?KO{K%p+)Q;iiW}B)W=`-@1XIjVL@hf%>{^6>3y;~n+#?~P-uK3H6GWdK#Nl@(Jl`w$-Z*Z8==q?)-H6Q-@R%vdO%OdVh{G@6TI`1Ry@}i~ zIv=lbFx~KM{&bn|rFQ{!nFqfHk$!!g{jBZ{Ndee(LnlLIc| ze)+?@nT~r<$8*jz!@O)Xay}#2kG=qYg^@E|Lw0_F8aotB6!$-G-V9ShST4ws=hvIR zQE#rtzhhP!_GSm*vBy)zY}lD;(`L?`T#ZR;e9Gt~HN4dPmM5wG1#@WjJxL8y*TRo3 zYMPUnaFd14lK-A5V8KMTU{YH!r7M{1mVu7HPI)`maTE8e6Vo`4&Q4wn($@dw{31KQ z&UZ&)XMbrdHA8Nm(FN`|(6qmMr_%XjESW$vkOVdZea%l&XK%UYfyX~D&zh$~!Uv~yhFlVN*Nrb_Cx?oOOPzEuU zy}O!2iOG7w%*d16(ROXhGdkbRHf!A!Gb4jJTxK3rV-vFK&58x`pt=;Q5TmfM>&qj}^-KIJ!@m?Fc&RkolOU4jV}=g!$;AqYjyG z?fB^9BbSbHvg+4~4(;&SOGh1YYiyZTACZ)M|I|D$J=_2KJgu-8uq@xmiBlNtG%nhdh9@NDz5f2f;j5YErnNRctnTb z+av8|N*wdM2Hx7^H!zMTQm1ijkXw7t!(JW)v`0IPm%5v+=_%?=iYnILN{P-LLBLJ10&-!aWSV0f|sD?_I>6MtuN1UZ3h{ zkFF5Fye3?aam=0DJJY8dC)DumM)BwFj$Qs ztjH}c^@N*>wSn$Gm|dt z-Za`U@1&#)CuWERvaq|7Z9GdT>B7NF)r5epSL?#=ZDmrj?>Sl>+E(K2hW1t+$AISgJ``W=whvNB6exdg0pwT>n;Q*f*kIM;~{mr{6Tjwd0r zQNsI@%m&bA;o(S!OW4VaubSuu89F>(de!erhJCv3@SF!h*Bf4WpfK-6K3{b%81t%gG8BbR(+PgvYX=|IXhT++U&o{ip@HK|l7~W{O&hU$d`5e+R z-wD<-f7|GMOvZDJ?sIrO#x$H)mA5p^>q>352h%3&!>&e$V^h@5afW|v_&&0n(+9wM zPI)hA+O1^C+jB;Zia+#9LuCSZmhn@`B_Ni^G(`w!L-kN^D?7zwb9}DCDn1`^QBDI8Xb;bQk@@D zE;{!c{)J(Fi&CBE40CLf%Kv28jma0A9D}6g_63;xWj&US8&TyPcck*RluOzoqr!5m`Os^Xb(1o)qD)og0>hmRv;I+?m|@mGDtC1P z?gcttLnpe}PcS^q@C?HX4c8jJ&hRS3>&bFG-))#3ZRXnyW6e3#)(h95EfgyCNq-e&lD!~DRl`+CRlmxg_F z&+;R;>T|r8GRJ}{bBver!G<};OXa-{A7+@J$yKM!Fh7>7{8YoPZj|%Iah|G^T2HE+ zU)GgvJ$apxuQGh6VOKZGzBU^9Cd0076rHU`{#(N@8s_JG&Cg#AbKIuNKQ_#-{wj|e zZfsr>#{{T8$5<-!^S`p4qcqLPXBe(Ayuk1x!(6#tZF0zf@+!k?4c}_`F2g@H%)eu$ zc3k}|W$W5(Y&^iR-KcdV+l|^*aqULYckM=Drcs-&ZWlS4k_maX;Z!@CHfnTS`%~=L zdcGfZq;4Nz^amM!#OO3P_ZdyvqJTAE!yjHjd z%>D@F^TF(Qkr#mP6+Rct`j+yA;75fo0JFZOycYbl@DecVTgop2a||x|67Z|SOToK@ zmw|T+vn}_o@U`F%g|7#HCcF~NmkqReBQRa~7BI)@QhqzQr7)l8`NBU1v+YWqd%;D* zKLfLVrhF4PCj1zv`Jbee;ko`!RLG>?8kDI0|N+Pkr7`+l4!WUlQi~u0IH~56yKFsL%V1^*@>I z5!V0Y5#UdR**5uyFz+Fbd8AGSSjX*Gf_2l>A3yr;GQC% z3D$A@ycdrUc{R9LxCX4__IZ!$xcvoS9k+ijSjX-2-qmsY7l0>;om#Mt+vh#4$v?(zzap6_d46{JeJGBI&Pn1IIkA@_rWWLSAcI8<~xV=!o2S}vW#|k-)|J&2$5{q~diK4=r#+8X zDci(!!MzeNe;G$t08i#EMc0^K7sO@2?@N#GQ`I)m*<;&EoyK*Cz}^wlkRaxI`(@Ru`<)2ZG(hil_yY;z zH0~^f$*jled<6L1R!5|tFI&~?hf1MPl_ZXOi{RxE;9|!@Z-ArVM@{oRw4Mvbu-|%R zpyGa2k6T0~+-f|J>JZ|4DjqkFHwT`52y1UbIz}x+rcUi?ShrTb_ctgTOZzq_4BI_2 zY|jkC$b@m>dL_en>FkNl-ruCy8%nw`k2v{Ys$vZHpnqSL<)QPTSiZ{aM=7)3)^7?? zBj^30Iz0^^X80Jx-!nYY@HoTn8k9qvV&pRnyZlQVqgU^K@;6fX9NqUbw{Jh0!nGfB zxYlwY8&Bqta>`=2kEVIVuP;4N~O+ zTRZ~=|MwKou_XP~w&}5df8fpjUAJ`oYi~^shP4cd!tj1n06_cp{I9r+h8gL|4dwBk_7hE0Y0b!lJ|L% z5D90)Zy+3UGrIR`Bh?!R_-&0Bo<6Oz*BMn+d;c{Hx5jxd{hJopnrdWXRb>@c=S&PB zo-}z%@TV;*C&#Pj&YeE75^H9kl`@d{_xRfsA>7%1Qyj1FC);Rj%G5iyWSc0tqk7Gt z#u{??DDCzv$tG4!kI$Vu5sTSlZEd!#bRc0pW66x9h|dsXOqtT`bnUZ5J50WXyH=d; z`i#jn6X(~&E2mHPs%Fh(n`xr66AW^!waV@aP#%w*y?n5 z1MY{e0r0-yy`%R>2F2f`Wop-kZ|v;YRouVv=)pvT)(k<^Hm(uvUqd&@$v0m8Jy@%m zl_einbd9xV3lK*=Jkp$NOpniXmi4~$xRGr3M4}rB;27CFC(H`w+ zx%>pIX@GA1)3*rXH11A>t-T79KkbXq?nCfQqwROD`T3w4kvImor0Dg>$tr|Q9d+oR zg=e{|8wWjJ3+mML4hWPPw+wnLKXn@S3Iz5zE;7e~hjXG_Qu_@XVXvWbpMC%u zav*F20nZEf#VsCUiF*U+&Bk@rmmp5_r(xY%`M2M1z(E=J&HD{J<4L#oST=iQ^7vV* zNf&l2^V@JM_a2B6mRn2yCi)@C=lVXLoz7q@RBT%I1N2<>TxpIHQgAETeTyA*0;R?fN7@lpI?RwqU zLc>=Z=64U(xx?^A!;cx}J*fJ{xFD5XKSeH~6CtlxhH}&L3ea+9`Kt~vA?JBgo!=SW z0oHGLuNwv?^xZj_wj-e zz_?H_Np!#ZcpqW@T%&zF+qZ$`pm&z+Sh0K4SjR5t!8QEeoX?UVqteAoeWY+-raR`k zZS^`}jr0H;%nQZ`T(2&p zNd-fZw4b_7lcS*NzT>^Xu%EFGo3znn*T+k{9T*;2hTrta4ft)s=e8I5%)b?zrXS-c zFY>wn0k)ZZV-WE|?z>thKgmbZLQELRyokS9E|8IVDg*hUwonK@=|%d4PCx*k^fIt% z=6;q#Nk8fF<6nA&ALp8{gg8CIy|uUmKc&=nKTe;bdf)cSm?lWx5tuUo3jVVc(6My? z+rRDcli$!*{5F{L?S1CsD;BIth2Q_G&wRH3_3v1ODD^WUZuKfQy=?z7u^HVSg+QV z&DV8S-S@!67f(Ivi4FZ#ar=q!yN)I=BG>u(S3f4!zgqt1dztM~EUcLM-kdIYUIxrx z#?ckPlW~JO*O=b7-Nzh-y=fk}V?Ilw1aYo*0P|I>GNYn+vE0yi#L0-W_QoMR%?K1L zAh-4=z#hk=w}zZe3&!!?^&EIj19X4OU^79S#$AN4GNUfUN2e%3oW^lnoZau;=KGfY zj>t!{rlE;jV9$Q7(YR|;>}_l0JK|j__U?nday4S&*f6pA+imj4H_}=z4@esAJEkGx z{uFx*vaGmOy@&BFpb%kojH7=Bp5?CYHR$nLP)8lQ*Wi^IJ^&YX5kZ{By@aqmj%;L} zdOW{)>?e*R7p&Jj&>IMQZxY0*J#JBC3AbZEza#F!cf=lvRQ2<2#PyEp|Ajs#%bkwr zDD^v{drE%YGu)-bdBnM5dfpe`eM9uTOHmHm*IZ@zHp843r8>Vbyw&i_hDYPVSAEXQ z(eHqqi=*EPaT*fyC3r4WCl9PTz=WLVOm)~%QXUG{?}_ZXDBHBGlT|<8Fuo@q_Km(L z_V0(Uigf$#Yj$A8^iT9PAH^~7Sn=zh;*JwPd>~tgzUH40Mj!ES+=S8&h7$Uk+Yn0j zHCgp0zbDRPD3Z3`ZJM~DsT?zU55s=OE!d>>CD;3&cqHtG2ZwlJG(80rjFRVE$GD;aa5bTIj)JA7*BFeqea{(ynGA@-(oGC5i_e1!|-WmVNwd*L63 zE=Ej#){J9)i%X zpni~)2bRtKrRs|+r?F=<3nt!X;0i>wI09DvlR~se=PuFzl>w@0|Bnn%t*ORm!M!_| zsU1q(sfiBdZz5mw@iNhu`?}AR4Ss-hIkCM;*PXQ8RpeBMsy5QgOzBwSwQBV_vunKi zA0PMbE7t3r?qlR>;sBjdjP7-NXmnhzmT!Z-$p#NDIlJk*0juBOW9D9$&;NWk(>>N$ zcd{)&*I56t0CCiFH|f{tbwM28iSA3UJ9JX_8$5Fn0jE3`Og(k%TSPU0t?G?5%;?7Y znNtyG?Ttftvk@p(L9Vue9{ZUS5SiM~tU;Wnp0r$TJGMp4v+Rc{Go zcE6iUKhE|u`5@OcH1i(pu??qAW3zOwx5|g zUiB}q_mtTIk$#J8W7yK&*GNC}S;Vn9r|x%+^fPxr!R*Fsh6}q$6PdVIz_wiSk$LLv ztDo5$_V#DI>Z|+N&wLyGOt$&d*}SWaTPy#6p`Xb<2p!MS-u=v=J(1egudgdzGd?M(f;Lb!(6jKb=5*u<(Dw?e?a z#6bvy2^N;%C)uS@qVHB(VOE(ZI2J$ z6(96|{K(RH-*!{7)1t?&T@mq@L_+whfwfr8c4=;DBwTx0boPR1?GV5C_~_8|_G5-k z`Ty8^6F4b~^Z&nlc6Qli7noh{<(gUUdsvV|L3h_x0WmJi;f2C1hoGDbC?LmzNKjE( zG>QggRWx`bF^R@#7QE14f@lmHO%P4KYCMQXqS5I8^Qn4j=GmD6&F`D!pWpA5dQEq~ z`{}2is;;iCuCA`BnsM2$^MVJ*=bznqO~9`X1Ta2d&H8-r;(X{81u~|bAFi&et10pe zFFyN>aJO*J%(5r_8H1i*6De->_Hnx~E?`~F`n)CWXZAUBc;Uc4!J=IiYht15SbkNk zpfc7R7pxxN6eF$HL|PX`TJDb&l*Rg$McRGDN!(f-isV;D3fIK??~nB@iw(%T@3cTs z1Uu2nSfAIMotyFZrqz))w?%qXMcQtP^xPe3z9!OZXJp`^NZ;Z}zoOVNMUi99e!bV; zV?Wp(8$9~!eUD-axoG|R=%ZeM zBj^Lc;JW6^=DLn9f`bGzStbJ-XI?w0pM`a>gS$%_YiE=-5=e!1=7AY{?9!Z z9UO&1NjXpD)t9VSMC5ND*IdQ3LLkpQyW{6_f)~u(9qR)r;8+J z9c!~D(yuzwzbMwSGFDg?YlqrgS)^}KBw7_~`%$d@{#XlS%iB1YVnK1N)uvd--Ld97 zW3AW3I#ul|Uy>Oru3J`KvbnUR=F^fTi_1>*Hl66NIWbUuVn(~7QzvvQ%Nm(=>Wq^= z{kpQQrfS#t!U-dqz)xA-vVqafrO}#Cqe~VSmwTJa{Wax*>T>JnwydGn&+f>;%DTGe zzCJv%^lx8j*eV#!IaIVQ))h)vSe|)fd@~_ zuPXC4mHBJR0@Y<1`*)R$?u&T*Fl&1t>k}kKRit=K;QXC|a85}=exzoY}i~CkBT{Jy>A=}>cf24JND24}YkOgwnnm~{Z zb2a{kfXq|)Gn8R`{$lMvinZSpE9z3uIkbZ?PX4*jEDW zVC)8gu}!vdFPO;&9yEWk?Z))EU|l>uPhlyfSu1G7wuZ6cGH7~UWCm}BxKTD=Ay{qA znTFK~UiJoT*x}ynXV`sK8_j+rSbhmRjp-}5BUXWK0s6>bzxO=6TT{SjHsO4If!+an z^_rfHqk*hI24kK#ZQ&yBuu&^-35f=*er|wo0$#JVSos|&r(^2+TUH|-Ll;h8iUSOQ zE;Q>R%!A0i2=}Jq%e$E*u?&0pCt>AxWGG8`aQ5`M*j)|0151IKPB6^S_zZ4-;l-XG z;c0U=!RE6r;w}TssI6O7fXM}m=#l??Xnx`up5LVwhcdCCqY9ggdthN=_`RCq1)}A< zKwiyOPTu-2A`$(G*zHRFzQ;TLd#LZ^MxPSMF2{;l$mAA3dcBEM{mKGN`Z%Bz$3B8u z+ZwF=;?>yg3WLqfe3Aoi!7ff`WeZ-Lv*E8L1pXNu>#AjYh=vmQZ!nHd(aI^bW(zDO z{LclD!!8+*XLG_s<8hYr_+5H*3dSQP;*pd6wZ@J=sSiysL{1rCLVSWAor3X53Euk{ z;;T@n^UsSpkFPk7e+RVVLF0*gXj|QZ6=!Mg;ExYvhdXfo!kSeb{K|~leJgRuWNBV8 zlZ69bV`g_Fq$eY6=5=H{GBZmjvtpj=#5)4f_~%Sc*bSz#-Q;{ZZgRfHb|%4GnUB!4 zWrlOvH75^K5z7Dcad*f>gy#SKO%uviwV9rRQ2klo^zacgxueV+gZT|7I4o#5!C`Z? zi~QCidB(z)ZbHIVZYIRmZt}u5GQl9jf!DTb7nz_id1}LUc1FYYiHQq4sQC;rwJAp* zV8iYpGh1ONJ2-*49&Dq)9CX~6V%PiFuiR>m$clFirkdl%DU55NU~WBcJU1tyXu))X zW4Prc)tGpV8~USIESin=HGvzN#^DMb#DoSxQa zDhO&bh=i{R%2$PWG6TTS7bl$K)+WvbZfr7)ABQ}?8w--`m)N|7CE$(N%54Z?AfdQv zX@ZMx<<>@$fAcerg_!w1;Em^o&!=o}u~*!s8dDx}kAXq5%1W?f9LqA^N(k4L!CBry zcr4n=^0)>|wzmjoICCQR7+*+Wh7#-;$9tQd_jrQbK7(66%R9EVB&+>a^6#-^dc#(D z?c-i}KK2|K2jf_{nXyg1@%+p0cd@7$^mx>Y#yJlx)b2G};~vC@bKW7P^ih_{u)z(J zH_xj^%xk@(#-5*u3X3=!mC4Sp6Jg@N9V_E;W|^0bcq7kn!^_afTjniZo|Q-n>U@p` zDe8>zzoDiKlo|%*%)8Ff%bQr<#_|Og?X=#w9NOUshTqV6k5Bl2QkS}K`5&%-QfNyS zO`p3k)_3-j0nx#Ir_Y`d9|we=9OCb=rt6-YGY|6>YiJ)t6VT(_%buyoQN|-!Aw?{Br{XpCCQGiw}Ml@VL&?u`Q;_?dEm@U zep!fABO6*)Mo`6PO;APi+r`IBq-R1g6Y&{J$b3#SXJjiFqQvLxr1(I=&&V({(q);o zo!QUL(Z@OJR?$1sj*}z?a(ao;mYB8InRn4Ov*1ZIkkW=snj1ks68Xk%(zRmawONxD-#EZ$fWH zJT8fF6K9$5kuEM~=0tODX8uP*!FUGN*V3hnw&Kz+AzL25mI+yA++N}=6W1egU!+Ut z#2KyRyp3`dT(}u=S;BH6)eGZS}mxmIuPvoHltw>WGCM+jtMLg}(g^`fWH>877iCE8~)QOmi3s zc@F*PpB363J9BCV1H*&ohbB|XM6D)P873Qu#IniOcmV8Ou2MS~kK2QZjF|om;SY%+ zX98`P;gYlyDJUref2fS%`Ny@daw5W(d&}jLM2=X+^n)LSD6`z^`Dac3!}BR|R7*x0 z`Egw5v}IMw&YP-hFzkIGJvKaictNLxfyEe5t6`^vhBXp1?P|lm45|Gh(sqR~!-F9d zWp6TvyNerR&yOSY&-gd@Xkb5+MN8*TSJ7eQ5c6uL6S{|(bec1L&eZu!)#zbq{(Ydv z&z;IfpMUM>UfEKm<`&iGxN{?Z*_Si>YS#xxi?Hy8X{a#Ydgh=mN%>!}#Sd>mc4Y9& zu%(=@EOeBU`9*|szM0TbPUdR?x{%&$X~^R0qkNy&UGK^`^i-UMjJITQb* zj7(<60-HT+(e&!r?0#wTSU;0(`&BJm=-KWa?qBW6nX%uj>Uncy>Qptr*grgQ8HN~; zknB*r|C)i!aK;kKKRl{g7)i?+1j zm}BYcaDX}1IcJaEKB?#24jkZJ9$SWs*W7rx$$d%QhNpUW^3Zc( ztr0)i7`FrVs7HIbSQr+s$F*3TAE37#iMc@u9Nw9vH>ferH%+*=LQkK^e6%3)oEdIY zImU2*jK$dodgbU#5+;aq#~#GKwioX0d0il*J*GF0(cW`doFAY!4fc8v#JOWnVPD%T zhrN-I(O!WZqrK$+ENp3ro(vtzDf+Sm;}-Y?F%V~qj&JoX)9)0OAJ64#|O z8^oO-+ISB34iLn-W37|yy#{;Kqdhi-JA3(Hm5sdH5Lj1d1jih5>+Ut6x2KbxlLZ^o z&`*2J54=R$-q1+H;h>y7s5Nj}p4!JoTcmxRQrypMV2fi%vtg8uaq=6aIQ8`v;J(UO z(9bY;D1BR((O@)e9_O8ua2X9s9v){-PPhz{6ZJkapK_@AsXhAV7m$Se=J`$A#eJ|$ zEx`HrN_e-iQ%_KI2R`wPF2@WVI+V2}b->i~q_!mfU0)HVxG&MZ9PH*N<>wvFTgq0} zZn#WNzKjex8xTGRaxm~rR<{)^K8Lg{?1bh44pTs)hT#ZGH5?M#H7Zc3-O z(&?{s`1#b?IYH^1C_2oCoIA;#?_{OVF?gJOu9B}KOME!z5#w_<^1hk3PSTch8@X_Q zp!Dxi`eqJ0(f_&9;a67L7S+eT*cEA&s4lb@p8qNDmHamIrnRn+|*4)eut9Z zrFe(phZO%zalPVa6#qgo`%}1c{Jr8oDt=e-M~eTVnDsJe$5;09m*DGeH6=&0ws}g6H zrB2Q-(T>?y#qsNkS(ZBa+ltwV#mVtCG0vvGk%OB6&eVM+T-IS&emdv;>M{-0owyyo zGdZ2)I**f^=eyWs{&)X9Ef?my2J<}Sox$e_cLg(VQ_kn_JmKEprNaHd%+J&r0KQ6i z5cme+A>dnu*~x%;oBAWbKN2nh^FJn(p9tP7%(C`H;gR6q37-!BlQ7HOPlfq>XMKQn zSO%k+-0&nY>jRWe26qsy0(Tdl4(9x})M43tobZLuW?w@yw;<$W!8Iah z{qzc9{uF}d_B0A@MiEJ;hVt63*QXpyB2M-9$hJXJ9v`t zUEmqQ_k!mO?*uOs<~_Go_$T12g&zZN7JdSJn=qd(_X_U;|5%vMnR?;p!Oscr1HUB9 zd-r$3FN4_*$N2ME^pWuI!Cwj=0%zekb>0Stgx>`h3cm;LBK#q^pD>?kLxou$lnJvz zWQ=eIc%m@NhAF~%;0uKLtXm|U4_+zEcZl`EZNZy_+k-i07vtOoe5WwWl^w!-xA>`W zG5ASgJ|}-E%<|@d@CfiB;S%tB!hC-IMfhYeUtAgP7;t0Z)4?r-$AUWwb1v>4!smjE zg{Odr3*-M0-pRt}gDZqD0G}<)=kPS)OTcr5S)MHsUJYI&%(88RFw3^{C*@B`q#2|ox9;$4&J_G55U;YYx2 zgntGu66QM==b)qhGvL9(&x1>ZUj&a9W*uRy@bAHA3cmq9Pxvr+rZ9WZE*54x%qn5N z8(uDaF8EsEDd3xhr-FYVJOlio@GS7-!Yn(V5}pU%E6jG7mxV6_zbVZ2pZA6NF8NpC zS}@yJm<}vobA@jJw-mk!+)4Oma3A41aIx_1;NyhZ{!=QH@fgxMSK zEa9iXlZE$yXA1uUTrJG)<-!gW&sw*|+W|!t7(WOZZRVUkJ18 zKOp>P@b84#ruCLE+qFIrZVvuTxHXugk25_xfb)bqfeVD$2G&NH&xek}eZgIXqu^e` z1Hn<@!QjEd!@$FZhl9(6*?)DUFngnZN0{wxmBM`H(D|&WigSFV`ezsDx%#Jmj~=e% zBNdNVJVo(r#rhq2t&(q4yhZVL#Sba2SG<>u{7n~cVO_Xzdhxdz)3bQ!(6Dje{C~GR zlsz8u1nb4DO@G@lJ^7AplRxO2cjhZ0V5M6-{J-RP*vJ1%?&2np$v1HPzl6=-iT{^G zD2&hBu!wuX%%{wz(I?oL|Cdy8-_QODHks#;?U&IU1$yoVsZzjX>y#AG=X(mR(Y;1d&=l*v<%;Ld=r_P(xfBM4t zLxKGl&6_uSVd`XhN9<2)2E=T5pG@^o)rxne#bYhrl@{4OdHfQSm8Ey>+YJZAOmtOY z-;gw2UK(_4IZC&i2GQf6o&Vvv^p4PB#}o@w6CG?2P_^yElG;&4f3RV%ob)4F#yiIR zn>*zEYkSR@d%FkM_8v!`kTOiZsUD^0$r0yENWH56*AFbx4(Wn>$9#LjMxG5M>v)Wg z1veS@lX3PLB0JbPz3yOCExu8&kNDvuiH`Q{Gsf)3c?@=)Z5|nlB}@?K{G5V)$2=6w zO+S9+c{rx+or(Q7=|P-3#&#QRuLSnkR>4n-d{pyT9+nHRI6pv-gJoSt5a*7uJ;pH) z)ng}25a*7uexbu1k3hOW#&8?UF^0?MoAU$o4q``DjpD~P;Fz|z1fJVKMtij5&SM)` z+dGV%N+oc(Rs3LM+(sC2@#CZ3+1ml8AJ)6*%8+r`uHhV!%cHV&diTRXkyDam)O!+( zRFTZleb8fGaL$>283M;V#=1rqr=*U(0EUUUdq|x}b2-NJ$;aaIJeB*v9_vHSxv;op z8ROhu)LZ$_M}D2>bzxZCLfpU}#~s{vw1e(9zY}en zi3sENu+Os|c&+Kp)A>Jg`EXmFUiRK;eSYv^<-g)-=$20utkJpatdiA}d9_T&f z+7Sc#Y|4wQ|7gd659il^+IW+KA$Qc6WW!_%UKmpB zAOp0iDUli%n{C#6;d02WV|o?r+V||OuhhP?`tt=nBRLPkLp>f$0Tj=>(2(SLZ+PC{ z10y5*`sbfoeC(iJU3&V%@<-+m_45KVGtLZ-2%Hw^bziS7y{_!F^0vm_rW|igwpWek zMB|c*x>_%%WXi@`FT13orq*jzGG%`4;qv^$1M}N2B`1fAV_i;-jPNUC{wUvuor@tux=zf?q}WP^=J)V#i*$=_ zUTlWwC=JhC9Ip5@JhF7tXm8DEzj}0_cyvb9=wRjO%(Bs0MWY)9B0~^cjP9~Og26`y zeH0nU@h~3t_vG(*p>)Tg(jA>kA9-VUtnL0-_)siT6e}u@bSb;F=A%fL(F2QPov&&Z zL)9cwwB(H`T|@OB<%j#%_x$tbKM&2mEfSv6Jro*KvT@XEj4CtbrcixZ{`NNE^7^`M z(Xpt4V91h41bONOG$}6%L9*k`&@Oyl`C+KOXFh}*H`Q017>bzg^Yv3h`<@6v815XZ z_?XH)OZRoApyC4>+xKGVm9Z5s@<81Op^9;#vsMEuW<+PzB6`3nQ$w?E1y(#71@4Ts zoAuzsJ?hWT-*Hy-L3|RqsD8(_A;69wh8|g9w>x7-us8Z_3<5+9$LgO5J-h3X7xt7= zWp8wMEFW?(rnSICRq%=i=subPSC_I z%=9b;;za9jq|sSpH^sWoTu_Tt!{|3m(v34{ZB{KrGh^6)_SQYS>SlyCUK@hAD%Ru1 z2cO+F^93B;9m$7o-QG}9q+nB|`K%Xk&M_0pl%i-|IRmh}MKKI?)N@m;d0C{zrbtWJ zoKnuPtwK?(U0JL}QKT0JM%ol>xhc}Rt|$bBgYO{Py~<*(4#j$xMLN8}0NWHr+E+z7 z9^4x(DT?m+F;W0Y(r0I^4UX;^dT?N6JzfctEc_>m) z9BCfc4}TD?7#JFLYjv!{jSs%FtJs`1hH=^*=~Zn`5SpW2u(pdMt;-^Ps$&H>`$Lgd zMUmc1nAUZ#hxWY~t#~q26=_oz2@M@v_jTy-SJ90ZM=K8D9F{I985mtsixZr=x;Pfv z6lq@^=}>oDsK>4IXGBLnIIFZ`X((D1-Mp(Pl3!6C8Z|aND$1A^)IT2$4~rg%;d1PI zG*rKOg)sy6^Mo<^}sBp}M=G6*q^@EIlxG{^IDqiP4#{aOdch4?@VW2aBRR zBZY_eBI!f*MbSNHPPsVbm6z=J?dpwpM@uF|=ieQze?5A5La5^GC{lZ0Q7GIsns*wK zZC_dFU~y;xu4-in=eDmr-|JA~4ZQVM&np=i4xP$TjOLexDh7t@%JVl?h8{HX`4jT% z%9ukTFFE;p;ff%XD<^$Gb? z$`~pChMq>!6T&Dt zr4&aG7SU3;TWPp6MigqhW>1^&z-V!-ZCRxADQ!CScq2Nt)XOS~PN|J9EFJbnWh`72 zYg-kIRL6?4c7NrqiFDl*>2lkxHM#5WzHv>g>!w(jZrOo#Kly5Br0t$J9?5^!Uw7kI zcor1wI$S?6|JebrL~^H&#jD;AGlvFqXGCjDqiafGxZ*}cG*q!ZRDq28Vt)Oz`SlOy z*Z&|tI--8#min42>*p`49~QW=;PRrS#Y6xO`wIJ-K>!BTSprI=!ZBK5s{b$$i~(=w1=|~3)-f>d_DwiGoDgra04)R8diP@G2;+c z7$V8;`$V=*P;m3B=9w~f;8@T3X45m>Gi)qjT0}-8C z3K)Zh0|l7@N?Tnx+w;fqB>ai3F06Jup~b=rqq4(jV0VD*KEd4!JbyfGy^qCfO>58L zmAnl`^!eBy*M=kdoQa&#_Ea43Zy8A?IA$t;%K@Z`jp;3nX%|G?#`G4(bUDxC?^yY_ zti~>{Sz!@?=~6gApdGs#Q8FI35NKdUHo^?7!v8Ez!jU%+m6_&*>FbE`s)X1Ffr`lS#wgX(!cuSGLxTI$ejk>^h}LgwC~@X(kVx#!Ws z!^Dh_aTn!P<8qnZyoDEnXu0DO$eyQ4$0fLWLd9_!7$*$gAV-gJv@Gs-Dd?BR%2HSn zf)ycH5rP#VSP>c=ry+3~8mD1#8h}84C4nFmhX}?Y!f}Xz93mu#2+ASCa)`hjA~eBb zgtpIyR*cXbA~c5x%^^Z_h|nA&G=~VyAwqMA&;$n}v=ecQbt^j`f)ejfwpRKV`h77 z2e)?RfgbeWB=E$74Yz~09gDxp|2soqKe9g|YF*d?jh)WA@@TjIvM0W-fUKUrYW#sn z4dbghGOqE(u4i3&)cE2as=+Kg7|8$v@h|c3MCx_<0!~WB_r~K)Dmou>c2P|FKqn%&> zd%2_CVvrO=((OXPRfNTWJ%m+&d5B`S%K<+lTnpeNK;77r;%WlByx&V;zllHP0v-iC zk4w^xv0B#&@GHPYT>-BEKI;x(M~0=n0Ph37=mYpG;MINrA0e;r56A@!jsn;_?GPaX z*o4xvTOYvj#egAz4+!ijaMM7*X@JiNX9C6#0!#($Aj}0c#lP9QEd|UZu+Q0U!Zm=7 zg8?@ImJ{v(93bof6b}JB3b>lUM17C&0$}7&z-xfp2>%0MGDz~1-k?0t{kv|+0I>&$&W6Z>7+A`!vJiC37LyAGnr#VAYc?#pHurI+1pbsUeP z1hczmn_ZM*cDDw*sKSmN1Ml50MO-qGYw#%HqpH=|N=WUUr??*BQ`erGS=l>gr`pf0$cHss?{bB4pRPGX^`?=#y^-zG#WQ;yD6ksT!Y)$2h z0M_&Uf~=A@HC_=DZt@P*yY0eIW7%_sF)7wh8 z(aN!oy9fwr#7z%_leod-h*ECOuu^U&TPZi|tdtv`1=FkHu#wj8xP;wv6L!ZX?4Fyj zJC1hO8@uOn8Mq!jj?DKD3JPODpH*6O^b%{#SshDS8bu)wxD>95>W}>W)ftB=W6M39Fo)j_0 zCBs9+^zm;U*a@hPK8QL^Gq3iwm04q2wCL11+@*Eb$W{t@-p!K^Eb+3sZ{-1on{sd_ z4!U?0`_?p4bNwo3E{8i=OM=RXh-NFVr@$-!Kj3?3aYN5-JPf0pmB%kig@d{zxP3gP z?T@6fBwIrJ4WfKxt@+U61>uPuUCW&z6Ym0)aTxKH8;RyN70o!?Xug0G!SI~ixC|e^ z>`bm>uw;9++gD{R_6oOhZ(Lk*5hUDWpt(lJCdO8G36ajPtz;Z*ewplINzr3ivb+`e zXxx1(`IlIH?_6%oe;>?M85FTYGUo-jwx=4P+K3EbRe6f3!51h)GPvnF$39>2a8=70U$dp=#(-Q}plM6PI%LwNmb z53bBA?0z(bjjOT>F`Oz?A2zD{R%X?{<#ucLkgi*W)kC0F-qCHn2McK;%}=w1`49Z& zwHudyyGV~=oIi7s=$>jazqan9UtCg{#}B&S&Sb?mB*PXaLk&;VCc~HRbYEgL-sY;| z6-RbJB!7kjrdZ%TmU6{VETmpB-0(-dVz?KNe#NNp&$?o?mF9{u(kWN$n<9PmD+ZIP zSL~Zi9_@-T>i_T+!#(P*m@Du8d&Q8DHp4e~3@-VPyJEUje+Y%;$TZLAJoZURQvl^} zzkbI9%L?<@O(juUbkAe=mF`<Cq^s9mBgS;pT~YYM~`%xAlTt2T@dU5gfC|30;GaSa)*MVIF%eDFgXWzp?!?JQ&kg^Y{=)snziAWKDqmp3=oKrRYYTGo69_ z#}4hNO&d%0oGQ$(|I=^Vmg91(IqY|Grmt ztzK1_zxR!w-|!8|m4CT{odv8?-6=1$fExBNGUrsnz1!Q8$L3L+V5zy3Ig~Zulw8V6WV&*c@|1FvHNoT}junu!WBMr6fI4G{03zYC=DHE_Jp2|K`%9#}zO6e{*T-^Zx&rT>7ov zaQ>n95%;Fx-f-?o_lEPI_NL&f=zP6lC1`TG*PC>Y7CygI9xX?zOQwCa&_eQ~#TfX8 zM@x2^N6UYH6+OA88T)TS|Ep@6E~#C0DJ7{{5U0!2l&9qBBRwwD=4o0;&eQgxe)QMQ zBR$m9y>>E;|CH*IOKSJb|8G+N%bxizsgoaEqtiTQ^8e2o!s3l{Ytz`w`**h>nI<b;E|pnX>%Ygr{qBU2swHVJkld1T@GY4 zQ*z*uqWP_I;1S*nx4kKk9&dY5 zrIFcHlKyXtcXAFqC0*^{|KJmrscsxG1E#C`GW(=deUFp@)3y}SLP{Hq&4EX6DKt6I zwiL!63u!N8x_C4Dq{RD388B_UX(1)vHU}O(-X;f1ypNgz|AXV5oB`7of&WnTG~a%t zJbDgH_kc(KNqxW{DF>!~z%vJ?Jm75(Jo*FP=0Nl5>gYKzUA&QhQsaH39GEuV%z-KK zwmI$Rh`Ua82eTb z&oC*`;bl!19cGx6=o~4-e5>fF3QoLQ_#YA-eR=sn8kO#%rK?%+W=^SD*qd1%`ZUMB zo+&1o@aarao?_D8XJYc(#5VocJVrOU8e?N?t1%{<94WTxO)|R4CT(oRWO8iN7T)O| zK8$S2L({}oJ%$R_S|( zFuEx=ZQ6>> z7L(%|NmG6`>?sqEM2ac{YfzrYyV^e}?~7?4ex@kXZ)nUtDVjXP2Aat+Pw~NvuZzQY z#8WhByMbo1?UYmHm9npU^2sS~JVlkM(oi+odZ#pLu1m(a?G!~uTos`y>7C+%X=2K^ zq=GO-k(RY$a-37rkd}1`8IN>|CQUccOtzhpgiLK)c1q{AxbYNKrglTsWa}yMVa#=5 z88@Dy$(T3LOtzhpjI?daJliEFZaPJgrnO?S<&?NEO?0UlH=Ux%Bx#_TY&#_pY1@{4 z`ANlOiYkpaR86*?5+A0CEz?TNsk)q zhMLYc|77wh7T=q|&1l3c3;!(SA7{w?KS>Vu^TK|hpfG+f^WWN>+XMen;btxt`nm+Z z$Z=ozmtr{Ki~rxAi3MSCLoNEc7`|L|Zh-7&tHO;_S*}#5T7U(A#N(#7MQ%>Qf`2du zw-QdVJK0+aqwG%JRs#Qd2er^v!VJ69Vk?3FV8)R)TM2WqAPlVI4*$1o;i*!H^;!n(LaY}!N1A4 zq5mBEAJCQmvZ94)=IA(XXaPr;%TeqZ$3I(^V8Oouxry5-HZ~wJt~b^vV!?@U6W1Ep zKx+^V;ZIy}$fe@=-&Q*QS(A?c;i6;0JIC|jpIN_;m>gX z%D+zz!!jJp30TUoFiIn_@Jdx+iT|q*tZnqd{7m|BtEXYC^?Cg<^7^!kW7X5$K=$8aO#9ihs`{Tlb!zHh_k;Qk?N{6%BiqkjJZ<_v zE3_kypzq0us%F^yS##%3ukJUKc`iPJKK`y4A3@*bLK!aqSHOm5_7EH`W4tOI7fiffE;70AfSX)LrVhcg>fmJz3fOcTNtJx8k; z7b9C9CqHf_5T}HdbYZNF>jmOgE{T&l7ZXOp-ZJ{g$T91A=FIZV+MerNlOB6K9!8QO ze|eIMw_wr%F9$geDaX_b_NYxw8*s7sW$Z^9?qSxA z&Dw@*^-ndDPG%i5>#k;P?O6RRBbja1d1k%DtnE>2XOWR)n^@U++7z)zZA#f(WaR}$ zf38{EyV;k^!#LX%2sFrb3Awc}!Gv{@S=*R|jI|kNU1-)ebZ0pSmNQH!Iu|--iQ;mD zy*m;in)_4dR9j}?YEs9hr?aDdrDq#|caEt#jEPM{dll?iXtt77CVgBw^FCQ&B-XD> zVcr1EO+0Og^9_egx>>*TjAWWww>RslCfDh3?X|OUu)gftNf?Tbl`D4{E30Wkw>jU2 zGTp?%k_fH+OZY+1{L~jT&St#Hn!I0`9??QRa?3q>8Lx? zzn?Zs$fcC2WWVSCGUl8nXVt1$8=#$3d#Z4}Ql95zR*%(|0V+sN4q)6qyKnRVFc z+l$e`@MN>@WY+f5TFaK3nv)-A{B}^5t^KA(;*K(&R_^>#a*oj{G%7w`>@(D&h#8|MG(4J$FoFlVNE5r7vy)gMkzuK&A#tj-? zX*BIo`>?k+t<|)Joht%ZWY`Pe%*4c=MN4C6iLqlJC$`}JxlNAUo_SI}Zuj~aWm})H zC4voFC#;RIl~{wzjB)$mwQ_6i0lWFNsf=V?Vr*xc^^fe4r#MM1p7(a|X})0i8I6sG z6-gd_&RVe9VX-;h*y!34M&Fe-`&i$WZF1Up1&uE&S#7)GZ!oeZ(xZ^?Yazi*Sky3s;zy%uP~V_)2#Ig z*z4}}c>?-qDyJr|)p2rL@+7YV=Dsp72@-wlOJ8Eg^gG|&v*v-Fg8|@te<8=C#e5@t zYXUBuI&=E8$&2UCax;XPxx!{Gn?Bjj^0jE`{OL};diq6^jrTdz=S-a+w=#86+>m$j z)OmAfc-8Y3&2I4C$9GVfxy)-gEt%P4m{qgqO})^YUp;T?^o0v2n>`z?q)1*kdHRz1 zE=JSlO&(Q|G=JE?dFHRVi|0(Pp0{}Jw1o|(BukuSgIU%Z?BFU)pF4G6an*D?=~Y<%Lj1C}BzWmpynyM~o)>^m0} zzl9LcuiH|mJ(gT7w8O?HhDkZS^v6Ou2PC7ToXl1{+Hs9tlso6b+64i1xTT{GnT=Gm z$+5Z`p|ObkCblkIHX!lb=oh7+ap~-{afv$IPQpSvY^_9jVAwUhrSl6F&&4w>A7$#f z>gls%{btWvG`%`DyI;fG*iJR)jwN!n)AEj_&@jKottTw#`=VdUNij)SP8etqm+E=bVvAz^#$xEsevUD?XPhw@Uz{;O=>KXmK9r>m48*EqbI+f? zuz@U%X!fkR)4hJvrdKUKfAYdb)m}fe0?wI^!nvPqed{-C?u>b21WAa?m)Jpaa45ZR z?ZVJxMwWbQ<}7lB0gbo=gY#8$MUf3#iH$T zka$-J;!xbiGm0r6xd<)c@JM@2+RGO`#;>Q?V?j$d8>MT=qFFl|9O;hXI=$sb z&?`;S+i(QE(~|VI96|3q(Q{F{7kb;>4z@0SXF<;~4=>00_JNG&+gkK^zVnmpjmLPw z$6;{}hmE^1$=>#5n4b)3O?z#zFf7{RlmpHWcD-v*7_4xKgnf7Hnk2nEMC#7t=)*dv zcLhM7$7^dmZ!JC_FfKNsUoN%p2}PLvxRmAxM(*?SlEbh&}U#&JAl z9lyP>w-4vb_=T~!_&uFuuW&p@KgZV|=bXJ=N%ppU9|M4+Afmk@EY9A3vBxi7bmdi^ zHvr)}M|)gePtsdF&Du%U`y=!kIU%+;KyRqpr!BhA#Gc*ryk9{t>~^qqdLIKASLYTz zWWUbwJXq=Cu{$}m?jA;(WP`#;>sPD{TCBvC77;Tvj}?Jm(ihZ=9J6ebEmqc@JbKUoJVHvA$evK4)9- z%@d9rGULLRSTf@h7G_*{8k93GnKN@%dovwm{B$MQCT|!%xJX$ufcY_VkQ~o zj62VZ%;=eYR?3BQB~5x`zXjxsC)vq|h@5dIJ2`u4P@nN9=SupF5joF=oGWR2w#XS5 zva^F?+Sp-wlbw97$QfUU_=aLjrg`60-8jmU3-IfgNLHh8G; zOJLU9C?5_UEj$U#dK%^1z!Qb915Xxy7|bcNsB%kuiZv>;) zgh}(|;3mR#;32~G;0eM(Fz319H41^Nh1-BRn-1kYz&8kw1ivU;1NLEnI@w?jgGv4b z%rUXapMifP{3ZBxVGq~v9pNCDWt*`BZX%oqE)oubPZH)k+&JMj;0uM@gO>{PKD%0& zGmsr5;{v^hIAq~@MV=3?!oqM_UXpXA%$!3xbar9OJVzbgqvTvB2;45Q$;Pt33UhL# zzX`tv9hmT1uyBPlWhq`fS!P^_r3JWv2jH3mkR0Y3keRQz_@cn;;mUtRB|h(TL@}eq z`KWPuOg)))hJ(2{J0)b4w{+!LnhTFo%=||=?MxxV&NOVfI6E`RJUO`8SegqjP>k0* zBS&(Z$r)&81DK1mWAZD~f$lmi&4q7NTqn%<(3a1Hfn$)qRMYrOam=24j(OPULkW&) z=|>$ddoR2D^KqG1A8Av?NRV7b`J|$=Q>EiH?;t!M#%Rr|Sz>Vs{VtMQ0*@`Ub&`EI@rPEi* zhmz%dhl826hmeQID4pp_XO_~bRyvm`UaR@gO6n{tYxr*6t?d-22%e(XU$RR$N zF#RQ&6(zV`WO=9l1zFDVkm64i=c7T&>GV)cTkbi9%NJ)pPMn-UI_Bv)=If~A-il3~ z0oRAl)ER`2#lF)YqnLFnCqGm1B*hmho~QU?#g`~vqj;U-TC$|=HYMM#_yNUie{*qr zLh&<-f2H_E#jh&n-ue1+sSWM ze5+zpPZRrmA9woZTY<<;{Y}`+TPeI->A$4-fa2dPHg!Dln_S0p;eMv{O?^-FO?^+e zG3!*q`HD?FP~@B@*Ok4!6`Q)Bl*xmYe1u}Y%R9d#6^~JD>WX6LEG3_!c$(rliWexZ zQM^|1m5Q%Xyjk%U#rG(FK=F?i|5WiW6#q)`%ZguB{3pe1D{$$LSNyW#KPY}j@nOZEDCUgA&OZ9z#koK+XZdwH9TZ0tbDmG#FyiV~C6yKwmb3Hrz^@@L~c)w!v-XvkMoyht9 zRPpDEQ{J1zFQ=Ave%mVUs<@}(sNzA2&3lvBtWa{kH#z%r6muqPC*Pzv`CZBBaKdZH zI}|6sD>`ku&-QOtR_o%}<^BcSW#rHVgQ{JG)* zsE0cJV-&xLdaINFM)6X7j&$-BiaX(Nm`>hVF{cH0@)s0$LY>#iJ1c%k@d3pnP+@iY zrHZ$s(a_27Roon(EuFlzV$M$P&kQH@XDi+wNyzV2{BBV~{(<5?T@v!B z;)}W_-DE^h=OM55uzpMDTJ_-2=iaArfv;Vc?u6+~oo{Aq*{IKE^`z7>GQOpVGo&Db_ z?u!>8Cm*1g^VB=}2F1Ts{CmZm&fe)Ct9ZTQ4T?GIz0?1r;=uzF@?#ZmQhdGQw-mpv z`1s<4oifFn6ko6S1H~UHE*Y4xQ?B?X#kVMaO7XLbKU4gr;-Wzb`urKce_C#qTLTthm+CM0^Sr zk5oKH@dCw*72l@#PQ`l_?^FDh;=r&(9C8#lQQTH>2gQRF4^@1E;u960u6Uf{3lz^) zyjby4#aAh=RlHg87R5WrP1st2@ArxyRs3_sPb+>-@r#OoqxhiWw-mpx_|J;}ruZwx zjnE+F;+d7@odEl6<@5lM)6w3S1GPl zT&H-O;(HW7p!g?>A62|t@zaW5R{W~sHx&Ot@kfgPqWJHM{o@kXu9f0K#Sz6_6%SH8 zRPhOlPgH!i;`0j>Ypfsyy+wZeYC45U-MP#_K|y^AwwKDS%_RF08O(hU?@eT+wH^ zPL66wobjlPGm6GI4_92GxLol_#bXp#C?2nPisEUCXDXhpc)sFAikB!}uDC|=TE*)X zZ&18Z@pXzfE8e1byW)El?@;`Z;(EnTD&C`bui^uWUsHTg@mq=ylcj9`MDb^ezf_#f zHqT55;MixyG5f5z{LDTpj@f6$<(c-1*=NOtYudLZ4yH|8>@Q|}o!ler|Kse8hOYC= zw(bJaFA;8rxScHA5!%#mS#O#!sy-guw<#YAo-d4I z3!_|F`EW4Xy{U6Nc%5(wc%$%WF#Ekz=QQv(;R-POuTwq_{IKvuFx#ssp9J13Tm^nv znECyn@Lce_!VAEk2s6L4{}}CD49-Rxl9z!CgxN=Jb%LBy*<*unK6sOG zdobIXsb2)XMYsoen{aRN-NJb7@pcH00JF`Reoq4bOt=!fTlfs{9^tdWzZ9MVeo1&X znC;KB!!&2VHF6F3E#Wobzmf9*bZ8ePGk<0Yw*lt~w*walqp8AcBOC#D6z&4=Iv93%fRD>zXLv3nE7+6F!SUr;j_T=gwF*p7M=oTdo|Ci z3cOmFdG))(^TAgMGap_ryd2E7Yx-RYzD;;7c)Rd-!S@Sa0cP7Z^{)c|RCpt}Uiez@ z)56z-_X;ylvQ3+Qw}1}_Zw3EO_%`rc!gqk*7v2v3Soj|B=fY2b*{O{-4*|1;-vj3f ze*|V*H+5Lnwh{g-xTEmb;4Z>G?%iI(8Q`dJ7MShcw37oKF5C=UCR_j>Da>z)-w|ec zJYKjEe70~0@DyQ|%`=2MgV|=zu)2Y(g?oaR2=@W66lVFoR+xQzuMp<{wKfV51z#_G z9C(W`zg6BQ%>KXIh0DSB3$xD`=Q?40MuR!mA^9|Ly)eILJ}o>B%r<%IOa$*2=Kr$} z2u}k4PMF_0-x96@zbnjV!eL?dFaC=#pATOO&jANehA}KYE3$j9tbWG9t=KNco>-9L8w0*Tq%44_)K9w&(9M+1w2jo zH1Gw&mEifp{GNP~@R{J{!e@im2%igHFFXazZ!3($RPc4e)4?|h&ji;AUkJWan0?Rr zorQk+Et-AO$n1yyu<$bQaZW>2g0mtd?I`knElqMQwR1MS-u^dC448Ceb}h89b6!M54er+ePH%yqYmpPU4(an zdkH@TX5TjI`~*B$_^06E!jFO3&y70u;E}?t%X~-pNih4oQRi9k*}{9lQ-t}Ao&Dda zvmZQL_}AcS;R9gyg`>`^;FZF!gVzcl1hZcpb>0MT6#gUldf|7#>?21V*70u>=6Cz; z!XJUzUyeGTf*%t84E$5!FTnM}{LcThF#jL0S2ze}KRViJ1U?|#82me7{)d2l>ZlU} zzbni>0*8fLf!V)~I&HyU3bzLbvaP%mn0@W2Qv_}*+!fqHxCfa1?x@on92V{e?j}3{ z+(&p2xL9}yc&P9QF#G1wP6@bNn0*sQ3!ep5y%VfJ^pR``7Ijlvgzw+hbz-yu97e2*~em=6js z1OG&LIruT*RbciNWVoz*J}Z1F_*cT~z`qt=5B{w%`&PUmd^MQ;32CPm{J!vY;E#oG z0Dmrg6ZmW4o57hm*6&tut}yGf`NG@4t%dIdv(F*JVm-IB@ZI2^!uNsu3qJrpM)*hI z%jYjF9*LYyaD{0@YUc$ z!t4k1w(xb}4~1_4|3#SngT55L863d7KCeq17{m4&z8xGAz7yP9nC~l`oq7`R;c3GirPzV}oJ^Sx)HF#n@AN%#eDmGDd8nZmyT&lP?Z zyh!+U@G{|p;2PmK!Rv(i|F)}y-veJK%s%8d3A5i*o$zPiJB9h5l6!@}0`C-N+v3B* zLGa_k9K`8K;l|+Sg!x~(eZnE|%ff7Pe@(a*_>gd0@Y}-e!5;{-@6{*5Mc^-l`Tvyw zt~0MS`@Lri_X9T-9suTl>8LXhTqryk92Oo1?j}4O+(-BXaItV1c&IS@d>t=55?n6K zce~NTr-3Vk`JOjXcpP|=FyHyAgwF!c6z2QiJmJaUi-h?uxLla;f@_5NAH?;-d@sCO zcs}?#;f3Ivgf9Zu2`>fTDZCtfukb4HPT@7+hlMW#KQ6o;{G{-e;OB&|2JaKD1^-6) zI`Hp=`Tv5qggLjuyTZ4F4-4N3{)_Nk;4g*m1qaXo$!oe3oGtt#Fb0V?a!w6q{^JOp z$H9dne-a!Pehb`9_6hZc$bAd^YgH zg|PTcWH`3}`W+0KmD5L-it8I4(eI-4qh#a@y5U$Hk5oKf@f5|g$tdIKmSAzbRx#UE zoqUVp?TQ~#T(5Yq;sa!!5Zqf>93NKvrDF5FN%YNkCE+mIZk%7XKRRaHqWd<)c0KF2c^FCycb(bbUoAqj2+nHLIfGnpSC;Ovkdlc!cqoi=@Hzj^%!98)}C;IKi_ zA%nx=0nunwtp^Vt6b=s?G8i(tDUDa1H0ESGxrDXld*^vD9e0Nr25xBHAN&VzSMznl z?4(^4>^l5xZDRNE)ULdBdGW0^ zbDEqz>B=$34sX9^eddy^%d?hduFqH!ygaxxBe&?v8I@0cc4c|-6Q4~Ce3d<5Pvk)U z+kU~WP!nFOf?WqUZL51W_R83IN`Cwna?CD^| zuO$M9>S~H!2p&9C)9SI{h`hYDeVf{-6mQ#DIB;mjX?aDRW1#_}d~RM|aCCn>f2sps zyYeaLN2^Zq+D(|T_T9eCMl{|3JR9_IPFL=oIN}S$;->uU1$$x##=c$p*?@vwVH3ag zP~m;XGSN9^ov-0A{>*ZIyzJo)U^@p3+XuX+A-*c$Thmn;LEaNr2Ww!ef$q)Nx4PjV zKl3-O&!PI&!D}*&ZZ{a94XpjM;n`g06R^vh*SUb7wFn&Wvun5sWDY{BMIg|KADl9R znHK=^T!&R~uTPJ`#?LaS{bnb- z@dXt9-e=VEa;q25^@1PzY>E$gdAz1g%<2XxHCc@ng5`ai8RXZ7rneXYL(4mXx@N_) zvWZ!V2mVp1srA(r*lYt7rT{|I0F%A^^?vZt>}w%tjFuNK_*gb|y~ZuL^Yd)p>cN6} zJem4z#(%BvWk11VyR&H}Ge~>Qm|kqPHbxtH&DnZvOJC*%f6F;A&|>PMB@hznT3}cn z&+o`{8^&FZ0qb{M4dkc6mZezn8QBx+t!8yHnt#ClxD$Nspseq~?t`HL%re;D)Q{n%~KGSKes!fpq)&HBeK zh2f0a`iuBA(i?}JPK)Nu_xzGOpc1Gp;R%eTl)0y=$Ax1Iy3RamXWieYYU7Kvhp(csU+POcE56fcQ%`vYFTilt9 zjIYh5Mx7yeo$sOg#H=jDtO;#4F+_F5D-Y79yxLvca({G|4K1#RsO9@zn>NqQXxgsn zgx2|fs5O$ZiB6-OQ$$?~iIuaVUcQ{_vOI+|SK) zHc|OBF`yCDJDT_NPiSkS)V*!KUyxPO=7ut3wMC{44N(o?{95MXqzkfWxYeKrM_St> z$R3xk@u4)pgx>awHJHbzO>G$p&q8+q85&k40cf>7OsU-tY8U=G=K2#_GsI3RM99PD z%n0HiN z9Xm(2a&MfH6mR9;6f5zmQyllr`ZbSWo-(ZCt}6)B#BmcfIFXw%SOQ*c1-IY9l7p@y z3%#Po^}+VsWtqjp*u-4~gwy0^v%$&SP&0@mX?VsxjKX+sMi`vLjnhq>F@zGU35*pA z9t3eNH!PHq?%7)j*I7B%#<8T?gawz#3eXq>IBKj|o>gH9c+sugUWx^?17dAl7pzf= zz@bDC#|uQqXgkMn_~OIUVa&8kr@sY816~P=uy2^I?EkH)$}lCGnSd>+0zMTg7om920rh(A-h zIn~_!YN+Ev&Z!HQo2d)zge8q~IGe+A6K^YVGl{j9IGfqWBv#N(it{QnH;woGEs9mmp6<=Mh}8@;^MQ;&m^A)=@|cD?*XpSc(hTrF zi!(29VDJXB2gJwnpNe_;(hTo!r$=Bck3N+D!pVr~RP&l==4epbZlFdb5=GXG)6E~? z-WR7PCR{KRH&n}P4dQ+3>=-6+P}4lbPlnq6=Ghr$&pTgYXA+AmGowXfdImX#2Cu}J zYynrrq&?=d;JELTU0U0e*Qe^qY#8?9rZp$|C_be^eA0`Bb~Xz&hs3{jwuL+?m_xGV zKFS{BD057K8}*-MJIfeu>9Vnqsb7Sp6iXjrSJqR;iXLfF0hRIlnR~Hc)j~H|e$uG_spirv@Fuds&8nU^M5il~6UUf6ze%qeI?3U>+XRQ==RuiHm(4hjDUfx>!f;%=TnpCr>ap)`7hv4R)ru+q z4EEMyOM7frclLe=raj)8bW^ay+t4`|r~4sr%wx-OA=_X}d%RxG-VUl=5oxW4-7lo5PR?A`+E<9ICt!8>}z{# zi)_0%?Xk}_kI`P6BzrA!QKOJM=j=5HXnXarHw8+xhxgC8z1~UoPJ+GvkG(Getg5=! zKIh(>0TLiL1PGIygfPl*34=)GnTvo-)({d!3z9IS3?a-G<$@C`TA(nOnWny*8U(xgn2^OcuTwY$Wb;i2A77fO z*$Td~>VZpnG;>8>=!32W_;~--DBo-VTaH@HN!p%I0<)Hbda@daG9HDzdsP@*4O^5Y zZ#m?VkM$D3s=PRG6jse8$lMwg0-{2?rnP%yGRKBRJVZrDeDQNEFUAPHLHu+WeqEOThAe-pXUbMfAX$aBqPwM0hMN6gkUptB!?GZJqTm`Q zL$p73)anP~S{~}otov-lFl@(q-YZ*?o(;z^{nqGs9 zEZ*LE^>8umIXYz!7qFAVuwRmgOIeP?j7!NiXFY{k3{`n{9+)Nh>3r}7Lpm>(9D&iYb3-C*`RrJrYT zy}?TiZZ!B3gSQ#XzNs?z8vGT5zisft1|Ko_IfF0qGcx(9L*-v#@C^ok%isry<^CQ3 z)_eT~=>_$Jbj1%Ce9-X!*w7Cf`g6n`T$Om#zg9U>G+1rht|EdZ|kPjlsp}#7bwbw4T|w6|-s-Q?z0Zsfsz)Dei0V z0E168*!35=r>p~8uxXBj~UD&`CRzIxOq_880R}3>)d=NWq0$PV8&7Tu1^U)-_YIM zB=qcgQ`=r(_$v(Nem>=S$K;v!u2}NPXB1)1BfX{JTmpSHkNAvwYlp$GCiU z+bWoSo%fM+_Vw!o_Xoa7FxQ{A3QhulMerHG)FxouNx=U{@R`8Wo*;cH@V^S44*aZO z&hxJbJ{$OVg69IiA-EnmigC4A>JzW_9p+foNig%@MKJGGPr+PemkBNd=6R!(!!q*g zHZj)%+(SluGBEdz5p(^*y<)`UfF}v&ILG;jbe4;I!iejEsh>i;5O|s33xU@NUJkrT zFvqhkg1J_|LhvVnuNBO7+%CbF1K%Y0O5o24z8aXuXG4Z@?T`y1F-muBQs}l#y0(XV zM3aEkw#PM_;wc8#8eC6|^3t$uiZ>d}d@FsY!ESt(xcf-wLJ=nOA|1bN{2_G9#*Q8{ zHgM*|x@GrrvWuQrx6J93Jr+Tep*Gp{A!v#RP_rYTOZG^aD1tdXu$`&}_GrWW+f$+k z_H54VP!sHT)C7At7RG+>*(-~@A8o10797o7pGWuTM1QGgPJZS;?UMcu8`d*yM zpzn3uIjZl)zKE>-5k#l&^?gK1>w9rQnLCssLwzr93T>(HMV-Ic)uFx@hl`TfHKD#2 z*PpRZ`CCEr+CPCy>;|jv^;yyP;;Yiwm#x0negFCTUU!B1UZa?ouZg}_lAisd@5MnU zc6VCe3qfA&9;5Hoc>);x-lUhq`g?NW7yT|m8l&Gegx-vP7l-IBth~Os*IoTu=xEh; z4OO+eLPd$YQbaZDc`*6?adF3H_&k2kX>M?ch!Ys;ZZc?{z?+rc5$5fWMis#ByY>w_do zWR|j(vC1ctxrLS$g&-sU3$?5=no?bj0#&z`T2rM)9SRGf?inp8>QwbGUQCreGm2Zi zR62F4daDxENg4i7iK>s)gid*j}L=Bzc4%X4(NI>N!x?HSLw`o0eoA$?g(aX6a zTeqn%XwYqm2T5u$52aWw1XGWQQnprgX(Sa4wxyuuiv$;Ifd8 zt26A)SHM!+T#W1Bj`TjcV*0Bc!yGzX)KJX{jx(H4(J5iVDUgU2PQz?l(-xhR&_8sT zs1(A5-bbXv{Q<0kyi#zKd8kGL>LV}t7Rr+>~qF~4vRSV&WG_C#s)YM*2-f8(#8symcjR4 zRvv{_fW}2lRKghV+pt#N6!@)S7|ncGV#cL;Kfa|1WBE?R*94yIblJ$&Xx{m-qnKe8 zrW{O%VJrt9dabcuLxG^S^Z-b+|Tv+c7ST_lY4U798DGmyvop+@Cp>jwpW!uN=jhpv~- zpZkWPk>P$7^7!pfjmpc`52}Vd?p38cJ`QO;XX^)jAC2z9EP0eU0T;Sl?$ZqIkeOiU zXBh2tTsU#4IU9Uq)dQD2G}-z=SAmcBUybtdErqS;ZwHz7%m)`ON493wg<vqBvz@B`kE8Qr5R9X9F#v<1#`C4h z*~eAShvg>LwywH8m84@l-UxS{;L&jTazb@@hzlgGgz#|jd8T0U&n8BPq18wax=SifI$&7ry|KQ;K52ER%yah-mS zdHFWoqUig<7I(2oFf4!l9($KFVmiET;DVc{; zkn~=|f4kxNKL-EYV4h#7Y4suI&lHSQg1At(pd$HnT%o% z6N-lz%yC2MESqBYtwZFWW#}^v=6Is~a|~WdEcND|4Fqp8bdLSXbGgCW4c=++4F-SF z;4d3|pTYMV{Gh=job)_#K1)VlclUX&JdjRm@K_icd1QpTUC+ zt~A){+e|X_sRnc1r}F0*yujck2J<78@?T=`i%Se3>KL4pM3gxLT3ZJ`F7lr*pbx}%zw@6%0*}I4(4^ICCnEam? zI;Zk43g%k+4#5HN*9G?lc6up@+Yi|3r2w^zpz>F9n#-{2V8lhckhH zEqEI6?*(4~{FdN_z<(CJ1lY&;!?-Jed5$viDqxPW#A|^0o4CXqfoW7v!`%z44b&*z z-4~&=zO?UG7;MKAH+Mrm%@kN|KeYze8@$|L=1KYO_+ZC`J>=m{hvDnYHR~E1S2eAL z#s*IRIl*~ABSxMwy7EKnY$P~%VjLdjQW}WueidFPn2|8Yz2jb;7-G^G239=ghX2v6 z?(7>kJ57nqj#e#9uEwsc#fiqnMF-Z$tIkXSS2ey>zai1s_y?T0<86pnZAi@Yy!r{r z#)*mQiAB%X#_Ja)fa_;7ZdF~Pv973UQX*9sudhpx(vS=V9(4kzMyk(AoEPnIbV_7n zv}$V-vKqH1s<#(4ZcH5A95bcyRgRci8gE>m0I_jCIja^ULq%1S6VES>HzH@% zZy}B9>OXkvm{&<}p`;fUAe|m`QXXw+xBBUsw?)1AQGa(dHX)j`EgEf#=G81%*6C@@Ek447&)633_PZd>^v3_}(kBlWz zYrBi8XBAan?(*4Gl&D|3b59bK1E{i*MF$r9si{HroMioyATcUgJuyg(34+?uyYPS- zj9!iC6N6x6P}A%ky*FO<%%r1zdrkcfB#uQFfN$vd#Q;* z{m9_JqWz5%iyB83P0c;ED-J^X=J&%BkBSfSw4=%gH`Y8DoABV~Z4Zv!7+o6K6j_Et zoR;Qn%2^h}=}p&`Ut2ffp|`L4^o!tS|FLHv(XXZvAln~kAl%=>svZox)Q(8XzYcBE z#yJ^u>SS?T#npcnSARDyU0_qNYM>9pu^lHCjROh#FnqfKeHac98GV?qF)Tl)j$!$E zKcFv`!|@XOFf&4jy&6(D=*F6GQRSCwK+nyIq1wH?A-LqkIQQpsQjUy?5JxGm9rkFG zzz*J?$`+B2MXm+*3WnkmDvYpV{5?G(yl~@k&~Bu^rf_4E;#nO)uAoes4xl^FTzYWi zkMq3Cpn`3<_#9-tP$=KCIicf?&=5PJ6DV{&YMVlxrz1ui3U!`Oa_A{I9~b`Sj2*er@q5Q8p30AJ6xneuhR#Wk_(cE z)D2TxoI@Xo&iM8Gj$8aycqpE4ykSXTyv&`W+@bK(Sw^^kK)%AH6 z)<1`r53LSj5825az0)5uaO4h;%E=#wb9Q(l4iA6{3aAc&ZE33(QL}npkB8go7A83Iq$^-|*a%LUq08|A zWI9z2o=c~}!CE?8DC9$fVnoGSZ@^yqT*t^9o)QCzlA!58hkeKQ&Y@EUI}z#Rj_S9@ z%N$}N%2 zmQ@3-ioBPxs$g+n=uCz^`vgKxB-2%6Wxow5G*=%z_EP8!*c-A1yX<_x4QrL%s)_+w zseiDyl>o^brD*P$vl>{mDLS)ZU;6Ku(X5h=I#E@$DmyA~y*IX>EBgko$6l6{6U8h4 z<4aq}m2i)}EG+x+_xx6MnMKI*wpEo`EFbJ`C7^XX%o6Z--QFx2AM9zvjRv+mB{eiy6yt(WOlM})6sr{aWWCG_Fj4_fWt9k*3P zH(sOdnT5*UHhKW+%9{=gome`rIyi@pdsJ(s6Fa~$%%Ye;`sQm$)Lm~VL z9P(nVfU7hAjOzhdsI)!`CuE#;1TbWr1>_7F_rX$Klx`TzyPP(KK*&8E_LZo&amwCw zAOHibwkcnKu;1fZ&s}-put1|OlcAwNHGEF#1lt7`D_y4^!&hcyuobYZlEJVE*fFrD z!A^ix^Y_G^q>;td{HfbkK6w~y#N(sU2~PCmQ>#^EOg1fq4&18YIOuHQhK8m^!xyb- z99ubN%z{-b6b@gzYSr>J!#A#7v~o?u(B&IPB*qL~w0v=E0?yZ4zHZ^7mM^rNW~v^U zhg)C|*TciLyD8D$el#Cd-BRf^(ykB`ryvRi&`>3nN9=_M=Y>bdwZ+3&t$9NJOP$)N zJBSXdqeg{wydTYNl>JmdK|1@J|j1DMXgD&jKzum(b@ zdYB+{q&zJ3rL3`-AN|5+r!U*v6?Tc!kqz~DOC2T5NJxpv$$m^C6cy^)hG+GKluM-Y z$rIAU>J78;exaLPtnjqJkS9!QlS?tAw{tvtbHfVeHI%PKW4fO-c?d(pe1BItILUlhJN3nmYCs6XK-v_$ixAk<0D;~{LpdN zzlA59OT#&plU6w_XI~o1B<>4Kx=t=_r4>%9;pEy!_;s>${2!nIynNZ(MNJLMhh^F! z8sV_k)Ub87c~W4@HZEuSeUL_Q*n>h@RuLFdG)lI+ey~{MI6nGUz}j?| z!*7lDr!^oFGcL{h@ohpF+wh6_E(1??y4pVxlrG1m29v%NGVV5*^hY3XBV6W>`O^IT8?cpkTBPLy zS>-)0ao{*p)i-nB_^w^$y#Y*lYIp|CLiNB^dA~K7!80K5CAiEV+o8&fLYS3z2=b`o zqDI61DshyasK7aG;G?`^31hjP-h(p1PBY@R% z+zdXA1G2Xd@?IhkqhX&0u=0KidE}!!mPh5`Hl@cPKyL>!cdH74Um;!7%)KcA9Q~p&|NHA7muR+~8+AP^L;Bm#C+wYx41{HTmfzMq z!)*=I&sPK)6Lr7tV*NqJ0~AFI=p>XzxYS4Hdp4TT-`*YZOh3o+VvNv9dSJNzD&~$1 zt3;C4HV#)nnKf6q>=A#EJm8_XWWm57}S%yULVF(-|E``wlVXxOxDl;aK5gJfq<~Qhm{Y7(5klX;sH;ATh>! znjx^N3z{GX|0uY$%Fi)N^@2_#4=WOe_gnE4!EAN4#E>%^F0IO$LyU6K)WcFInTA>M z@eoYIGW)DR7>+xNIWH;Zz0-65%7~?*x^hX};f8;V!Q%~{Zg7pk=NVjY@DhVp8obWn ziw*v~!9O(kF=Dx2j|1!ddXIFu>FxXs?rLx^Vkx7W@8v%B2VL*uOv8VH!5104npos) zAeMVdeH6W?oNtte^PuK!ufabw_z8nwH262fBA>c;dhh;fcz7O^(hG^D9;mCVaeEq` zN`rZhlk&_VmU6js1*MHG23_0R3d6I3Skk)O;H!xx?sdS7D{Sd|$3Cg|kD@?)u!#vGTF?)sp_Wgk>JpG_2h++dDZN^dZDslm$)cF!ate}kbP zH27hI4;g&e;3o}!#^6^B{*A%!8qD>u<~fILL-OPLf?%iLE7-Mv!GjDx*P|Nu;|6oh ztn_sTJAGY|LtRtlxyRstG5C81JH2{|>)NW|yV-sOf79Rx3_f7+oftTk|7!++4vkFd zdktQIey{W;22;IC$M%a2-fHj_2LHm~7Y+Wk!M`*3&juein3`OgZn44L4eo95DF%Pc z;0Xp#Hux-qXBs@);5h~_HF&wfR5H_iZZY^ugRe1okHO6b-(&E720v!-;|4!v@XrnY zrNOTl+!5oA=Cjz~(+sXM_)LSR8_YeKD(7y47h!%@`Z9y5U#DZ~W`i#?_$q_1H+Z+f z)SOc}`wafN!S@(U1wG||)ZoJg|J2}T41UgFs`jazV+Oxt@Lvp$;rUqk^9`m}pwfF9 z+}Gd%22){A=ZkR$Ck^KL`N~6`KE>x7j4qYlW5sDq`#9Hox=tu1os2NOV0GRPfHlut z@98`~kaXO8njx?{57MvvZZ1Rnqamx(Ip-;M`4JxGN9isCA8obot0pv5fhb8@!!Z z?$-{3cM?l}ZZP;};(T0S_P{Fs7h;ir8s{L9>Eb*M+P4jjOoYY zyEO8|;Qm~25!@FAcZK_^V6MAg7hDea4}$x_f1UCQ=7Q6&FA$S?^D8alxlZmBH_>NIA=Y3+9ceY@b_X5Ez??Sl=Ge@&vmiJ47 z8-VW;%<_IiFw6Tb!7T3~V!7`}1Y>CPo)TOL{0qTclfEPvkGI}yg85u^R4~`4e-zBO z1@8&20FI#YnAQN`e8D4u-JTcFPY34uhdh&jdka1jm}h{KJ{@?F;In{-3+8dzJ*3Ue_tAG~?ZUVkY@H*htf;R&5S%CTcB=9AI zF9p6#@K#_x7m(+2V4g!xd=>C#1YZNpJp-g)2Yjnw_Vq6d{xtAc1>XXEk6>zxd`IwY zz}){xIsXj&u;6{bJhzA1>Xn!tYD5AzZCpk;9m9XQ*Z$m_N&2(E{RBS;JV@|Mz*WRDUQH9s zcFS|rN$&`JfnfI2rGnXpn*^5tZx+n)>Po?-z&i!^0KQRhf8fsw9t2F|^JN1Jv*J@Y z4AY|;yc*?U{*;GlC=dIIj?W2$PcwK5F~$L!T3E&P2D9zzyufy;m~Bom+mm89N1&c* z_Q5KhZ9?aQ0|vYM%7Vi1o+%Gs*Wu?4-F~kC=0tnGDib65!|*UCKBxC6D;;${iivsy zp`bLtq4b6MXT8K=G5$LPem7`i9Qs>K@xjB7-um>eUvF)9_dBZx#S!}eI*R8V#1z!= z8_m6D#}EHCK7IJ$euMmX-sIA$y0vFH_f^#eRmo&xMDo7fM+W-KI-M8k`TFATeJ%g)M{a#;*Q;CKUR``J(cx(E z!Tk?56h|65A8Clc*iiJ&8{dd|yJP-svDmg)PE#ye6N}7`ea$0o$v{=owoC(u%%ctc<$~r$-R(zx^ z{$g3t+iw&ftnP4hpg%hv{P2q4xnwZ%;b3~QsH!TMzxC1N(+#Jto;ox5Q!@BvvM{!B z>mv<~qxOG0x-YrE>4~RS*MBa#e@AlXO^E}aOzi(wvUz*r@coIfs#B@j!`qv8?yNm< zOY5Aa%$>94B2hXr<)r+>?lAIg8qv28PtqV(+ z`^fRJyQXYyYEBi5ym;cNyQXgKAB{|Y@c4Q0LH^|1k7GRIUc9Ggwp;z{6Tx`fe99U4u>zLeyv<$D4%QO)d%7qNXqh(y?&86e=;^MjZVICO=vYmABxqK=Q zs7yB$n(9Th#w1y96yNt7)I|H=|zYP4C5nFSQ@x44#ykE3x9~2 zF@(9eE*`Oy3Av6=IZg(6jEj6YSt6VA5$fbprpuq^iSi6)e!_e*T_@bdbu{61d7?a# z#XKQ@t^&NE$O}+K0bF2KoM3ppB4AJg$D2<^&_DnkR~XWOoeVDsv6JCsQ6_jmM_3p~ zFvyG(rU%|IF8Q4d&0CA~m|vGS%Aov=Eat<>LUa>`v_p9=AIt*+!58K;1y2flGja2L z;4Q-(_ewO^I0D)K^$kgB38 z4}V~X1sx>RR+X~|O97=oArG%9T*yaE9)`o<8p;F;d5{J%>0ufo%h6m~Kt?{LFkOuY zlmaE?(rB6AR8^QKgn`4!VtEiFjUAox$P0t3s+7s8zjIlO(0LtdCFUR+bcRpQdm^s2&UL(Kez zoWdLOP!6~dwk;Kg!-)V#Qn1@NNWy^T0O{ldF%kg=4+F`==UNa#yA7C@;jkeuf*ddW zAk#1o({Kr-h!N(z@BlkH;<)sjEReuYIgSRelT8}qf}Bo|X+fBi&oBxmgJTj0@n~3% z{NmEwuAQRo3p?j@EGUh2D{5C-5-H8=;B|@nMbW&{l7i9>k@lrsb2@eN+jS`{&5d;| z&X0SY`3z(C&Q~~z;Uxtp+#8?Z>rw2D=TAhW{7>b0p5^;Dwr#G_J66Z|oEGk(zdn}D zw<|3#NXtw4A>WsC*&%3Rev-}p6+pgNkPb$K*)f;j1hF&z0DY01Ue3w;Jey>6T2Nw{t!pm zfor=yls6_q9DN#>_Oj*vCg1|ua{mQj4|~19*)9zoXk9vl87f+r4!efl3-JNfiFAo}?gH94)KW?K6A>l+&4gO`yYTgs z{|h`mVZ(GIB>sZ@T^k|Hp>8hgzhE$bzTtUhvJ`ADFh`}}a-e%D_OriC67LH)-sjWP z<9uBF#|Wb}OrR+t-mYu7so#YFLX3l@O(Q)2Cr(Vy|I4VyaPinc{XH|#zIv5Hh<}W? z_IcP|E^o(}w==-gs}?l>7%Srncze6wsrUnL%LDM9g!JBWIoWmZmXna8c=m7U^L4Pq zVQKug`EDgR0LWNnq?I2MA6|x#w;L?;;J?!a{l@XWNnX+%FMW7n#+JpFx)av-{OM$7 ziB4t;F9ZA&Kp8{J-xHt2+6wPJSl{=zYOJ{$tC6u7>SED{4$Wr9^j?7V-|LRb3VsF> zUug9^4B*e~_X9XF6n<}iWi0;{NOypx{B?lm3H}67f+WihKv204(iHdx@TK6hpga%j zzZy_ib2aD#M*su^aJh?d7+TKvdr!dU%%BE1Gjs9A069Y2i>$^KP4C_;3D0PMIY zj}S0uynqKKJD1>xTiox844QEUc?Pr zE}#dpNuE$HUOT!UMxoqcE~ExByv`}%cAQ155K8lg3<3Qd@C{uE(9;`M562IdfRf`X zG@rFFY&xlfFKI~~!lu1j{WGdj6UBg+$~@h$B7!{6irT zS0Rq_{1q>RM3i2Lqp^hjV@O1XggD0YKV1N6$Ri3N#8W)~OF>A)4G`j3&;QQokciwm z;_&T2kx{v9BMA;Y2@Z^g&F4XbdC-g zLfkLTtt!1~LU+E3)H614PzQhdM9M6D@dS;|nG-Zh%n2G@BvqXI z5oV)n<_r%EaGCQxFvw?)^T3PY0@Q1dOk_P{q-UEaa)tQ;Tm&G~bQZuyy{0XD36_R*T+@a!z)EM4gLCKzBb|F-S!%l9 zba-_w-TPn>kq*~+WO)>>TN7Y&y)j{KX3-I0)kat~g)t^1RA(f#s9DYu*i}qNB+NDv zW>W&wg@oCF&J4u$?}&CDqEU1%MCIbRAx$RNTkZUsl!m*sa9In>Fl=h_r*YNl5|UeA@QV;z58Y7Xy_U{S*r>O5%U%Na zB|Eb_o1#d@(I#|0<6sRPE?Q6&I^hjX=P?tfhH<{)80+YSacVMg>NI;Fnz1{?obM#g zqQm^RN7at3*j1fd-Zw@+ivZddrD+iNl7#VpP6y`I}?P7PE%&|kAWm)a6akn=e-?n^Tk3=|z7nG6ck0b5k;Bs=( zTm8AeU5^7GcA?nz{|&dzK8!`#;SPD-MUOfI&pns0^3pt@eDe~wAwSP$ZF!daV!_bh^=EpUi^iP>(@^5n$-dwFZ@`RGZn$hDDSnVNCNZI6ak}EfbCEet5 z(%D_ZoL}O2!kX#aZUA_~n|P_CD-LtTtE*LXJ<~A1nC^|fYb+7|s+&}vEv}w2!M^IZ z|Xz^OFX@=J4F@!@UBH%|M-0=&@ z;XMAxYg*#6l_(0&fB669c!m~54v(s6eNKb?NQJ2>y*2oqx6Ci?tz5TaUel^|D;KVT zvf3GEj0*-XXj-*q4bQ3>`tdV^5yL7I!xDo6H^;f%Bmt&n&eXHrIX3gAu3WsztD7}x zUUI^$vuD)RPMSAkYVD+&;V(+ zmr^#5%JGKTpRilSG>4_fxnWIdf*a%hhaXxI;LfvAv2oDwfkS&Q{nD_~`_M_Fc^eN! z>`83dj88tsJ5Bs5uL^$hs8M-*s8P(YUU=G}E+KibrcKLR0BrNO6n>_wMrB+8f?|f< z0C~&dQXV@2!Au$A``Mi(8C5R{hph{2=> zBl%e%l-E(hDEAdu%HtqKvym0ViV~ywI|hFXJ`A56Mb#)@6ik-yhWFv4u0HwH><8a= z^}tnmox!A-!K2XdUxLee=?u#-mV=*Zt-P@yenlHM!Zoa4mb}u@_;Q4XM|oXfRo<8^ zdA}^i#|^C{BX4RJ-#Q5Sqsg$QJ25NWhcKPYMm;lKyd+PjdtR2ji!g2Ry@nc8pOs;2n)35C znsf1DBg^03t-45LoASNl@KpS?Kb{^_QlLfLND3e(ik?20n8_kz&|30P+;CD9ziUUV zVDV$v3nv!wkD;GN{9L8FiV;8OMOUHXKb?MH<)>Fo)a@!zAH}eyGbWn;rXSLxD6ciq zbm=vmBT&Y)KHI~#P^QP8o-wU|JCHpsW1?P=@c`i|HOp^X2*XXscKl^o{N-7GG!UF%{E{sHb>in7$Fo3g%?iIe%kRz#2_G-@={LP()OBUJKE>y0 ze2kto%9}OPn>E&(HQJjs#+!AD{+MA)X7j|>;z3WjKkzUTu6tFSMo6DUVt=<#Zog~3 zC1JtXqkMK`G5q95<9Gx+9>JUom524MnBo+(6)AT8P~rxp55NVc0@mlCB*vGf;L;WB z(iQB|b)6HMKZxU>97c5M3Xe-yuuE6?1M&--)bWWKhq|5vBZ#b8eCeHQ$>t>K{FAS=hM(kg;iWFm~!fgA!i|6T9vbu z825#SZJ@K@)dp`AOgUW2>Ul-1_wYw}Lai~yT@1ZDG1g`@EThjG4#P4kKi_mH9%C>+ zU@3jN!8Hb-XK=m2OAKx_nB%(2WP4T2@m=wLgMVhQQ>y9>0t|OyrN;_jy>|iW!gDe) zD*)zW2D`Po&_7PP-1iz_%3<^^hW~nl_ZWN|vBbTfSkisQV5cW2bnYuv9_}mE_CtL- zZ8J*^PZP1^lY2=u?p8y;($IGrI?o5xxDOIb`}_g1w1+1Q&(92<`#Ux6>%OX=sk!f?n#DcnBh6a;L{AxBtx$z7CGFko zn05X%?)5E(=j(>&9>ep1;d$8L|7-BS5=%Y&+|YkTEcySn;rWB%iNwGo_d1VQL%)ewWHuXohr!=B_(_A`Hkf@y z<@7XoxWVTVOIa2Wb1;KhVd$HPIk3Zgfmqfp_Za+$!Ot3e%-}o>rW&`G!6OX*7_sE1 z#^7ZJrwrb0F!QJ51F9j73k>EOMtL}=E9UK2%;{6H8>>+U8aGx89tXejaL!fCIY{wr zgXb80k-@7B-eB-24ZgkYoq;LjR-hrwSp_?rfQ$KV47KVpODE*HHziY5t8%RAv6+6vOZGMegYOwpwZQ<{0=z|S*YX;#NZRn>O%>4l> ze}=)c3_jOjo&%x$^9|;H0;R7rc(cJNgLx)|^50-EcOoc#zrptze80gD8vFx;xragJ zJZ%^^HIL-yN<+WS;9UlP(cmu|{56BWVekV6A29fb z2LIULCk%et;O7l~$zUuoJfDjNm?Bu6-?=2x=OFi-EB%F!eENJ5kYCDPLAqeTbQ?ob zY0PJSZF}x{Q)Iey1v6dc$xc`4f#G4gN_WqpB4>!9Ck!5C@K}T0^SH#FV(4!DBXqa^ z5nO9{+*(NJZY?CZ-ta6mc&Wk54Q@1et-%`&-fVEn;L8o(Y48mO-)!(6gZCMHm%;lD zzSrOb20vu*BL*Kb_^`o0HTZdhUo!YrgMVxAQG@?ru*dmY)~+#w^UXZYZ=~8ziioAH z^4*CX9?!ApWorg69CT>+z)t> zV6M$C5VeM%ensf#19MjrdFBHDS#UkDk2)lM0WjB2#EXGD2xdRv zI*RlQfx8Q4pXe=^@2*A?OP@Mba2)j01(yI%63n4&y5JtbGX=B$&lMa1*9-0oyi9O^ z;8lVL0jbmjZWKHnc#q(jz_$sW1-wr%>+oxW&jY?!@F#%( zMQ{T!*Ii7Db;b8B#7)3I5xf?d?_Nk>5B!W^K4ZNg_)_3k1aAfYonVd`ZwkH&_#MG~ zCOaf#6RA#|86Qt()LmfO`w(7}H~uZv(Crd>`;w!A}GKli+87 zCklQR*qy(HJUj=?cR0)s$Bc6XzYIJ_@UMZn1|tuj+uXTaz^?H0mB2NE*8uZ973q8)y+H6L;Dv%O1-?*l3YhCU@?QqL zUhtK`n+5avmFqh4TnoHiFrQ_w7yN198wB&)%4Y@hIkj2vLEtY5{yy+sf*%Iv8jte% z{Q51y9CsfjmbvLCf;qo%T}L{{y=MgX0)9boIq)ljId=U{Fz1vv1#|3rM=-~(10m)Z6&K8L9vdhfy&kx?V2;&&1#>JKBsc{;RPZ)n8ehJ_k|f_X7Ch)YYna^MxE0z--_+}>T*Npc&9w?w_du}@EjmU zz0n+kRs58}FB$CCGs6F#p}Td9(CzvpK>JXc?DP7*ajd};4X!qLj=}6#8h5S1>>Eno zL0p1N!Q4zN?@ou07ocz7dJ@+L4ImSEa z-wB>}oHk2h5Bl%G)BXqpe&}yy?Dkwt#16Uh7Gmu=d&iDAPkwtYjbhLFoMj6On%1rK zV!!vN!Bd127~ynqmz%)U!AZ)Au@C0Ndf?je3n1sjm|EfK!xSp5Jy z?EphPK+!^gd0u?GADfrY8Kiw42(bnn*8sQu7U#t24OmhDt}xjVu?X)7Ry z_by3XIOGljdsiHb(vO5IVY?AiBymfhElA7{VtJP_k^j=byq_?SdFR*8_y!B)nnH zPuU9Me0aOMLs3p$3opm2Uj4}Iyli9Ldc&K9?Y(wIqv!wAKZ6$8RmBpXPV$TJmkt8> zG?FfMnXUE5q9BpYF5jyW%)D~hHZ%-&A+w^`S?l$fBQY6awTrL?6qJ-FqjY3(Ps&C0 z_-C;JaVd>Tt_C6J^jzLt)=r1L22(a;M81Z$c1@jZ-IlA!Ayj0&9SpVdBIC$ zug*QhFv{%U5ZRH9BcOKVJ^M%xiI8I>a8d($VP`+uv7i9w1h_K`+II*K4M5n~0<0$B z4$WTjXspGwXj`C)@>+sc&L0eSDr(O66Yq>O+c8p31%O zI5P>?dRRZLsprUCiJ@3@mN|F<+#US-IXEyGYphI3$jZ!Vn+U{S;QdkLHpihIQYPpA(aX2FSF1QPCx z3&I7BLJ~c32065hgXQ@HbUy)Weg(e51>qu7G7)bO4GUvUTl5teY9j7c)d_Y`+g*VF zj{VI4O?FRXmo|U189gREIC|cK`3tb|FWgLxUDM$XYSc}72Q`Mt`HLEw)~s1R&+T`_ z2J2X6-!%pu45r{mlQ@YRF56+-Wwr|z@uj$6xL&~8UQ zhd!!b(C&y-3b=E%!G2#e37cAQeAa{y94+sVf^Cuvh|#@&7Q@B9kPrcgk$Gg*dP2UI@tY(_l3B34Va=L({~!EHIQIQ=J6*cyu6yY1bfxe_>@AsAn%iJ% zcV;eH-Y{(8qWSBV%=@4BYvBRz9ov(8%!SMM9op6a(-VD9gGn#x9=`wT3(WYKo?JYx zudKW(p~G>8d^AI~1e&&2yErCT-s*<)ADv1O!@9vkasU!%Hu$y%Hw#Y@_q%ZaR9v(7D4wKg2K16_(tKahOd=m!rlb7 z=@#OBu%?U0$aK2y{U`itM&l7-pnBkHx={ctuc9o}t7kd*x>C#03w#=fV&*~~9?Q~3 z!}vYM%BwF6_eoM7SM(}xIQTRUg{*_T)oqlQ`$w(3osjoa&?pa0EG>`Ul<}Y5lld~9 znipotV>rLbSiWhv`Q@OiVHhpH(cl)O&2sRKP5Ux=ZvY?p)!Ys~-hVY3#&^fI91BqZ z)*s7(TbM2fzsqPG%D5Nu*iO}G*s?5nn;}Tsa{y+o=QwawBg0*aiEo1nfnOnAQ(fM^ zuAX-o#0t;>ojjHcx2c7^jVQz((A20r^{Z>?t@kUsCj(`Ld>z$8QnbaLVEP=PGA7!_ ze#A^D`B90+wB8RW9}0x$Z{PpNmY6Y7x7*+PZRwdGdq?Q+m0<>ox>ZYt)cUu*gY=HY z60pTFBAzVl9P5iwKNB+1U3)wy%g+}cG#tx|QGc7AFTC(RUzX)>{S4T8o$|qtD~3P4 z1{GR*)1Bd25I*Vfxuf;zEG-`xm{r}s!*;Lxao9>!uio)+F#zLuq{V1DCQIU5bW!r&VW=F5HMe}I@34s!rl@B0&^vva__ zWbm5?^D~^rsYg^h% z9?9pY48Fm{{eq!?)nNC#%@X&Z;s3GWIZQ0+{uG$$vadNEY>E2^!_yfJS^1s5w8WiB zx|C%uaaY!CsBfe6ZHDItgYPz&akPHim?m}0tSFtyC}uK>IUFeNYw!SrPc_)}3z6^o zvS9XQm2KVtBc#Bwj5G5AG; zUpDx62ESqOUkvuy{zWD~wkhVvRmFk96$YPduv-_4oTQ;oGI)l;PCr5T=NtNBgI5^5 z+F&<6NZiea?#2qCQ;$dU&+meY_Za*|gTHLB8(TyU^?Nk#L4zMQ_>jR|dn*5n2ET0Z z>job)m`SS63FkO%hn(YdOmlObFqU1`Jbnmo(~rcNde z_XH7h?YvMh`zZGWk|biKsx*G^@95Y^B$3YI`D0R zlfZWgJ_DHdg*=mhInEQG3H&3$Q-S%6Mf!B$UkK)0{i@)zfm#3LnG4MNC$0ykLIi&c zm!`d7KARQ^X8t+;lZWGHFTsO=`wJcmoDj@4#W=wefF}y(IK;2!l*9EAzX%gEZ|4Z+ z7qvNpxmMylLY_ImoJWW`R&gF7ZUCn7*>GUoedj_$jM7~j5V~tiC_7CBthR@Q!7PK) z?U>0mkJ9Ujkq4UPu!=Vte7V6p4c=q$K4LD$V4!PsY9h#(6X_a_9WhGSPpoV75F2jv zgLRFZj?rV0GPHhZ7ft8uo&%`W5zsAqq)Zfp@Oz$v{ORTVMbCFux4Zk%TL;CT&G}vQ zFR}NonB2+x(WRpMb11F*v*Wd~{#l*M`!tZ z=}y;gcu$e-wBfz9IzhaLYRUmrCkRah3O+H`YzpOY_Zp5f7vUQ6CERZ%@fVe-2($x{ zCLpnxio-)hxVhHc8%!%aD0l@x`0^G1bXUJ z_b0vsUh0t)F9ew9y0sTO*Xap`xST(fwi4UAVsb z67$&W&L5`{NRRa^Lf4I+^~2D-qz-b_TFT-2&U~5nO!d zeVBnR(E+?EFT<8PwH^0cGQCi|?rxlM-f{5u2*5IuY*5r0mIPq?>p2O4S~On?GaK20 zEJG6qzxvc=CW3|_2xWkR4#+Oh{WuMaK$Ur?kJIZCF!~?M=;QRRLXha=Pbf3d3o*5X=whxH{7v zS0i>Yyil?U!@@OP7<%FilCRE1pF@Ys7b?5Jai#)S^gkGkG-6o0G%SoYZPBS3_YVyh zr(c1iuRkgc7vJfNsBR0jTJ(H-9!;)C@>AagZP`yB!#}`J>zk-1i8~AbLur>lEe5jn zsC#OcgqkWFosP*To$g5yPhJm?I&b;L6=ioPqER^`t)W1o=vlPXOKDpH~vS&UqPjfv(-O@CQ6&N0A-W+*H3Zjv`*~IkJklfgy(_>Lsu|- zLBsOpYk*g-8p?0_L)R=?uy)z1l|$u#Xap?@hMrv+3|+i<-O4aXSP-d>cgEe}Un^3bIr5Ai9mjK^V@Qw}kQUmEfd^DP_cI@Gq3 z|MzK=q+9m~X_IL0_%PZeSpwV8CP_>CU!_grc>(SoTTU)4%_!IwchOO?c7~goVxb#= zML(ba`@%9l!}vVOCAO8vb$MIzszA5$jv9Gb6Q|`p0Bq$=gx?y5(JX`|W?Y*0RoHq0F)HIh_!To~ zKjiI$%lz@Rh|1%`yp=Zvp2<-V#b_AwZRO2I=I%nFD37nARNk+EH4dQLOUZYBY81W= zf?|gCM}_mft{R1Jf?(5)p@BC_x_C}Vr<<)$@)Zn)163GYl@|rD^48)(fNh`U;EG<$ z!G~3i1G4w8kjML>M#Hl8N%lh?->Xp`syr>vy*Jm$aDM}N@2C*?6=v&`JP&z%DMfi) zt!w_W^+{gB%iCIQWFn6;C*wkwd7|O@=H(%DSBBB@RSmL~Hs^zHY}%K}Ujz8auVy#+ zc>mRC*c<>`&xL(5?U}QdmSbg>yxSm;?Np7*%ho5UfIMx_0hm=DUwK9~GTdn$KAb+u z4s^-`NUQ>JFvK}|EElS^g}fOE+yR;z&7blImkt3QG@2G){h<+xz}0dx)eB+Sh#5|-x*%kw?!_Fq=Lu#%h`X9uq+rgI$Dj!|ArEUik5%W>&b_|DHelx?r8?Pvz<2kMBc2p6|ggy~izsFBC zxLPnVJDF{`H2= zvtzW4Z2@Mw0gAxyE1K3W!^5?c^7CvLmH7g(^!=9&Jr@mAd4?LyTGD!OV}jHtt54~y z8pRZ?m|a@&5Q8}mDE$*HjAIvh z0$``F0Nfw=fY1j5|3EPN(;>klfq8}j<8qFAN-*bGr^f*LB;c2X&c5}UV9v2e1)mH2 z2f^%TH2UoyQy{)ZIg-05-ObBFXPLEcRv2viKJ%yTVT!@E2G<+B+~AD{UvBVDgZB{2 zL&xwDqZ4B@Y5>8B^Z-VVtQ;HipI8rIAqOsunWNzFsj#mX@OwI^deq>5j$wLH*y9Ia zPd^IS$$K}2G z&387BjW#tDZ)+&JX52#z)MDR1a@-s4k~r{210 z>(w*wXjrzo>*%w#KVJB!tM1F+_Q=tzAHNdqY|7(flZEYv`gizu#P2A(W5gYgqdE?t zeJ3|2x8-%H$!lMpS8!Wi-tN5oZ4I5bCsTECuRI>~3sQH+YtYDUi66`JU(Ac_{A_Sr zS?BqA?JDzgkL1N3%***kUg3FnH|2GlkRPqd@02HJN3f!RASBskL0Ii0^ZPLw|s;KSta))VIsb=*e%?aJiu z)}K9DJvw0hm4x|Qfm)Ai2Ge(N@Fj(%xQkD^+WEIBD8bN9bEAi!O0~Fu-3MQ_VXR-+ zPU`O<^7nMQouG{rb|1X)Du`$|ZpA>{-YG9!xXk6Rg^<$0Pa>ra<8dDfbEX^|x0tQ) z!bif~eIB{%QW#wkK?{3+Sb+TP)&``FYuiZr-f)?C zjjQ5xBm3i$(<4o2tFN=g4{Vqlef|~BatI$hys+d?Xn(Qockf%>JUhO0YxBEx<6b}d zRt?&NvwU-(%EGjIy>U6N7cW>M^Zrr$0&9mZ1r`1(W3bx|S%9*L-MTv2B zg$2oI_kCkqS+{+=mTuiR^N##wrTZF|u8x%T#VGnl-_SeKaPpCcK`%B8Jk~IvyrD;B zL(jAF=lVl(n;N=b?Oz?gy6ox^S0}H=D021c2g`;WXy@%N8@6Xqd0CIjvYs_%z2=vd zLSSJD0_OXL<$j0x4Q03a?dSVgOB9qh^r`VXZu9*nKT__uo8NE}#?Sd>eK3C3V666I zFZwx0{Jd}Y`Kj%3jHMhPzZ7rW7|bsVQrrCCmY}?>tkTb&;72)5x_I52tY3%eVN8gE`#o}5}< zR{G+>Q4`8~*OYbNot%z_TG%Pro(z_*yR9MKl$_Go{MPu6LE~HH2ZP&^({?ATwjJC;1>Sn^!owap1-y=uxz z5r2Hgkl^5igHw9tg#N9)cHG3n3yTtq6V;205@Qmlg1u^5-GGyF$40Jv`#6*`cTL$^KgOSSM*ZSsVeu(w zwUKRpywWem&GSaaoBX00zcZFHjU!pb)gyy(qb{6ZSbXM4Fz)udOz^v=Zi#R6OT3BT z?KbIIzyIoZ;Oz!{0q4vTa86;_M~{w|kgQ?8mqk zkmGgO!rRgpk_s>4Wh*XTJ`?^ctP|1+5vl3cfz(j5&@u3&G{?}#>v%DOBDs+$zX^0& zxMnRql-Fq^5ycl#t1nUzSqtpNKYn(t7kR-2L|Iv#7OY*a1h4r2fD-8+hTgq|WoKAOgJ2BwG+=exiS56l5>-cG{$<=wdI@ z-LZJ_Ni)63n_)is;mr!!LoeAwRJ7WQyyaND_*r$cy~t}JKTj17OBE6rR}kWcDEv`I zzk)?!EA{t0j^1{}Oex<8?#Om5GLVRnHwXO}7;=2sZzH7rs@f|@zT^mM;?`z0Z*Ct3ANhxd4Il47L zit|NxHE-$G1S#UX3qD8@-@Wibit|NwP3*P~(MC~7WY?5#>k!L%qPxDmrQ15h65oFK z5KDafw(ybD>$(9Mn96(kX=I@521s(ggU$z0&Uf7TAjM>gK1cu1_1 z`&;so=6LCY;^KB(ZpYAdl0Pf9E43x}B)^7b1~n(fpHS++!t}Y0l5POk_{UW@<+J+^b ze4gOmGO0jf8*KCmtTG+eK&VP?xMR6Ut0b}X7lFozTJ%G<@vYV z0gmXd%eQoMT}HhBkGyjMtg1No{aSnPgoFf=078HWdx!84d4v#=Drgc>L6Mh$XhE{W zTO&js0*VkLT2NGisHoUPq>73yQd_B73&^o(Q7Jx(&m!6uD_TmyQXl31|Fgbt?=Rq^ z=iGD7z4zRK$@;BtzWLV7tXZ>Wtu=e*z`~ZifbM4Ap2HDaPMBROyWw=~PQ}1s7kDQ3 z=6e1;tQMSbjC23p%cI|f9e1+h*jd8kJ{3d#>cEN-seN-{T`q+MtQl@sv?oHF4{iR_ zLzCL?K$}9*#;#~z0d4*s#DDVIr1nl|Qz+Wl741dPUQX>_aII-c$s5q7P_(ft+OgcdM)Zr7!ckvKs%()XdJ?`Fng`hr*tE?@%PuB7lb>^DfE zL|D71u8W3AB#4;Cla9bn52UR1WuE^!Yme8Jx1&G7yEbL-6a=39K6d%`rtR+lk21%q zkoPep&$=9Uz)rKnmYnxoTzgjuZsl;?7>@FXLy`p&;O+7U|`QO{At?US+-aC&e5?_-iNK1B7SP_(fN?e?&L53~nT`?H&&?W)p` zaCBGlXd`kN=E@v9a)6zPQqCy<_(k#n`)~jXn2S}~;QaeQI zavAOpA_6&33@3LLqkfUk+7mPY`*9!&jihczq;~%3P+GK|KZ?y|JAb5K z=-T~fT)Q8^tv1ywjEnx~fqtZR149v`1e=k5uj69$x*unVotXlZ7&IfbPcX*FaP0tW zF2vlfdQ<7OQ8b6Brn3!A+HRn^RW#=Wntq8hxN1>DwW3>4Cd?c%_T35fdJjh4E{6|# zvTH~a@dss^<9BS@JR{t+ZPQV$a{TO8xJnAVjEplN!Vv^o>N&aI;v49=1nN!?Vb z*)j>K+sT2dn;Dgs0_A4O*eb#=E`sSqb*9rh%iR2_$If)xaEj7nXFHYSB7dBbG&jQ^ zg|gw#Etmk8>ozC)y_%1Jd`!m0F5#H;v{!Tf37(jtL9-yO1lABt#69t^_6=_6|wKHSn;XHQHABvpBjIq?a z8cmm*lbtT^k=?9OG@Hp8Vtd#)Xd)Q{S6-0m+skrkx0e5brq{r-?w%etFzCxh@44{qGU>v6y9D0d1Yxlx6Nzv~DTMsZUKANFe3E+SO9oq5@H zgdf2B-k2rW+yo!;O6qzcHO26lla(79cX1Ky+&KI#hsR8$+%PJ_s~4$_h==ZF9j(!l z3rd8BlS)3?CwgxpR^L2R}+ zupmZ}6T~ukr)-1Bsrhw`TY`qB_}k(qqh9Sbh|QRMe*cdiopC3?pZQ%!?+|uL|Hf>r zK%>tk7JP3sH>j`}eOkM0QR-Z;O&#~Roo%Olpu~=;%Kf z+e0RC)V>`{2B5jZ#T#VQoS=Wjg0q+D>@_gO79gnaBTao@mdL~?oE4@X_Y`gg~{0b~Z5xZvm)nWI0Eh|cc&3-J88Cbt{}fM$0uHu+_~QgF0+#Aw$5h2+HhP(CjNr?fPh5^hFrhvyhrC{i1n@;gJ$xf1>+jwE-m#85 zEJ4&?JQ_KXCYHMHy@Xf0YEd0&3q0CUZWsssB?MS?T0`d5C~8Hr+-Z(4ArNczqB@e; zkXI43Ln$LS^5!3xJUovzNS^BY-o@s4$!fwk6u}9-P?N~PL@W{Hfg6UVdzpN(G0V$K zWQ0K}@a)rZn+A^<+(ZNM0yRik(;%3e3Gfkbt~ueVkdFG%9^H_k9qXu=1D{UCxlY90 zph}J8hGtBt9*k9z^$}@N5qFQTWm=`sVzOo}!>K|?@co6_%>Q@SZXINz+W5?4o#Riw%2q#+3LyxTvUr4K(=7& z*bFU$zYYEl_sb1b+nn3wU}uL*a}j(EJkxj|d_6qVW^L;^VH)3r|2_O(_$=6L2CwA-k#lPEF6_~! zp5HCtZScQ_*E+~F?}Pss{;%+d;MFmYv~g^`IM#+u(;qZ4wpyQiA&tfG--ACB{(Sf$ z@az^>z+VP`1-v$?YU1A;U*qu@W$--4aQF-1FNU88KLwu0nh(z=_g;8)|7twd=k4|l zc;2LVzg4GqDs2Z<&Ns2Q!Pmm`J?jJT55lWc*~5@=k#}`F!F%C9gy-wi&)~Tbs5+H> z30azHm-xPv3#OkAUuxuhGs;(-ybq6uuYl*RT%CqdHrL1*{&nr&pEB4^mZAi{WBn3- zI<~*x|DUmjiB~nFa(=Jgg{O?4F#C!*mH6!uN@Cjd>62z+eG;6K#8M_G%EVG85fu9| zOPQpwe0hgPD^%czx%8wTp6=#VXr3O-w2++R;aVq8k-rR`>o}MJLe~%pL%x9Peqe18 z{+;XoHWE!rf>lpKCa%sQkvvwp3-vIggCEXub53M_gMQe_)7())>Dka<Gfe#y$SH*Cy>p{P22L&dAXl!7?nm084Nb{Dscr3tSY{d_Bm!(?sZo;7kQ) z)}29Ed&OBxh6V`>G=q!;e}f{@LgTp$N;};Z=~XUkny_SOV+oD8j8h(1(;BieVMotk zP#}SYAXXq*ew-$CG?p#ce_eBhvzbhrtxFl{3=O&3803A9%S*;_RVAn-vs^vYddoD2 z(;MS&P}**F9i*0Xo9L+z@<>fxC5Y?ye4P$+7wCl2Gr(FQkGB?-a8P2@)HR9%N$@u) zx8S(6e2vRdU_YoZr7owZiJbZ>CqL)8U|(u8MSA^^wf2*P({pWlvjhhc_ZJ1mo}V;G zclv&~u~c|Q4NBWf&jn{V`5gCGYZR}2x7JZOHJKdL=Oy9v76=Nijv!M3Yt?1OwE&Oh z;MC~kGeL0$S1$kRi3{X5ZlIIYKVEa8oO)~R+ibda16SouE-}d05tkQ8mZ;>j5DNs7 zn^khW&SBMAraF)?ooekym4B|1r7Ah3ac@z{--5VtTEKDFIk~JSr3KD&r|r*fR~Ml9 zaG)9NhQhxK>}b363)j#gk1qt(H8`9f-l)fYC8$%H!bep8YG6m@n^eACk835&b&$y5 z?3lku;ZHQ~%OQ8!nov3KPC?j&BJPtK6r9i;9H_CoH@UftFyb$aXb5w(fR~M<2(K?k zF1e1}EyB???ld)ZMI8$N!YRWHFZpwMql8i@+(Jx*5Q3$>oa}Py;E9Ie*SRy{&{cW- zN|2!xq=sD^?84-{IIa$E42k%nj-o?5=`@0SLsJ$L4)IjTEiD$5h`p|YvesKdaBU?2 z2F2}%f34*XJ8ZD59ec$(Im-HZ)!!7<33DdGm%1Xek`tw-zM!%03TlkiQOkdHI?|L$ ziG*>KR{uh(wyXW0|9evP8;y0xH>Yaf*QE+aIpJGUWy{Sm$}Mp$NnvnkKm3x~=c&Ly^AU*C8vq9&k~F-J?dlTr9#Z$_(g?oo-a3l7ALGqEdAz^|KC1|)|Ba! zCPv+%zhPRhMEaQ6uUSwJ8EaTfE_;(_%$V)D`O1!;D9lY=5ENoio_&f@p8vHIYVj=$ zT|uyMZ)NmhnKEStN4f+`<=F5+h}$gqeE1pg)J=n@%@eRg`3=~1#FqRBm^R5T8$Jj= zRpcjyJgA@^jjjobA>sO2yKb8sc%tTdj8c( z%o24zXoHTMyetv!nhtkO^x#xv-q%lImQc6mbn3E1pt0qqF8d$4@Ld!q2Im={X98D@ zjb6Z%ppH4$)-VN6l;HwE#2A?Ish0`gU-s4BTI?6Vt5bWtc$68o|Exfd_E29E_Qrx~ zU+rxNTgNcE3V1T((tVTORD`keeV5)$=p1`oy_gV`NIPHc+I(aWz^4!hVvzGV3}d-0 zgSYm&AwzmGAShwu2Zkvx7?>>Q#u7$*kHOQPx}A7=RIWSNYMRy=X7JcS!TMTEAMI%R zeg(Gn3URP!@tRMahCKy=+Gf}h*vrMSX%EBs683%r);K`#(-ZJpUbYhAG>o4ylo@nQ zE?#dlVd6B5ubl01voFMJSm?zd&yg@j;|O()1N81Lz(_QLI1T#<`_|sR@xkx=X|K72 z(Ow7C&z4htj>-*TQ zr2STban@I#l>?4-L%D@v)^U|H7s^q?1%}y1sZKY;yk1q#d$TgHN#%ZqOAHS%jN3>; zf3V?UhDRD6V|c9La>El1Pc>X=*p-8{m#!Ryqtp?mehctT*z&Wl&W*-T*g7}b^|%mK z{;1)X40Aw|>TsSI<#A%49pj0@RoK>$aRSqXGvxeoI2+}ekdrgyT+b3Yf;_Uyt0{+V zKA7AoI;;z1)mbY#d|=^F6xwImkX2{9=}g9S-B6 zyZ~~t$~gdo>Er{^X`;h=M^>G4MTZYc-xr;3&>^eNRMFuB)I!lIgbrDCc(3QN_+Yh0 zbXb4Ms`I4CS(nKw-$ps&@eR;RESe zWa#jkCacac(cy#Y1kvHOOIDpLM28QsD~0(0yGfW2upGzA^zZ@pD`7ssawrYu<*@k& zc%8TKkT9=P4%eWZ*CvNrkm)$wf{bLld7N6H6T=7CKZ%^zV?Wjt$n&v1AN%Auwj2_` zxV#?88At=&dXe)QB&+-xkw+mXtNb^V%W*k8fXoMKcRhlA9QRa7Ln*dHg-2pLPnbgn zIOvIS`9RI}0?8Z_z+rV{K3wMs^OHY6*;CF3ZMy%AIUCU}b@ThN%z1r&<2;QxF5Lk5 z=E8#v4;SY18~y)@c^a8Eor{m>UHM|e<%Xvit}=YB;TprY7+z(V&q{i%DC&Xobi=C* zyEzQ`_6zP(oNv89R)BS`#krKr^TJ}oOUV-Vb|YtdtNM={W*t-cONQSz{E^|m8%{wz z)421?OwOYKZCJjd{2 z!<)#Go?jb&-SA$+e=&T7EP4ErEay50jf*npCRd%VMt-JYtWA~B8Dr#E7_KoooPSO2 z-)ne-(RsqiUoiZh(b;R{e&x zom!)FkI~`m3!3JK$db;V8l9(&&ac4CFZ(Jxjn11!=Uvg^&&UrNov(}z=l-M}_Ay$5 zH4SZyyr+@(CQI4|8XjkK;znLYmh!yT$d?=al}7%s;b)D`RwMr{S#0h#@_!ipuZ+AI z9`iNLoyo{A-N{CN8d+?fZ{!t5f3lI!G5R+e`Q1kU1;bw$?ug@P8ipFa$}oRpuWcsN zs_i+N>I6e2!EB~gr@i40hPxW>VYtNb0K?}S9%?vlc#>iE^)(HyUxfCTZa%!qT^~v0 zHyZg(hHDMqVfa47_Zwbkc)j6Y8s1`fyWt&%UpLJ6$(rU54FAdS0mFO-QT;CrA2rN( zwyMLa4VC#5Ic3)ml=3;r$h#Y!W|%{lHSR-(A2rN&O?5stT*y9~9IM#y>4y0+PjxOZ zJlybj!~AWB>d!XJ=NFYPGJL(^Wrmj<{EW>;TS2>3?D^D;y#qe~) zGYwyFn9u2I=T^fj4D*>?b?OYiVfZb>ZP@RU^t-;Ou>N*C!PFe8$$ee>VK7;r7r~9sJ-w!6OWhHhin$6^8FNe4k-XWTo~u8vcdhUmAYi z@Qa4i*e}99U8dm+4PRvVQo|L7IhB^$nQM5VVb}MQV{zsy)xXQ|j|@L-m~&&P{=XT1 z)$s2O|H<&jhFw2U(h$ZyO>Menw|rOKR5hO z!zrdOicz77xNQx$H{8i^SHqkLOpkk};X#HkFwBX;RDXiuD#No4b4oDPzs>NShVL=V ziMv$)Cx$tFm&&&qw*B*$jGXg$ss2902MixFZ2R^{jhwT8sh#GA+Zb+Vn3IC3ezD=R z44-RwwBbt(#|=+1%z4GsezjrFCZ_V+4ZCL$sc#P(`3A#J80NHHYUfMCoMlVpS%z^d z!!T0Uqy^te5`*#-S4I?1+8Z(YR5=1%|sA z?q;~qaIs;&16P~<43`)lV0fV6!G^~e9&5PV@I=E?4Ober&tJ2Re4gP2hN}%PHoU~} zGQ-OauQa^M@M^>LhSwV2VE75cn+!i=c(dVchPNBuVR)zE*9`AA{Ep#0hCeiX!0;i% zM+|>y*fY;r{JFB$jWomjKBe++dN$-wg;nR9o)ZgO;aPjA&G$LJ~dGd$4n zV8g=R(O^q?~v4+bHPc%H$aHZiY!?O*~GrYj?60)=j%M33!ywdP0!>bL~8|Jro zwYkpldczwGKVf*2;b#nQHoVR7cEdXi?>797;XQ^wG`!F7e!~Y0A2NKz@Rx=;*h%vq zG0ce`RGw)#+i(lRxrRCZO5;WibG(7d-Ma`mkM3QBa9^Xt@3X33Vt9bzfrdFoLG_0j z9%2ovEk*0R~lYrc(vhr!)pz% zGrZpL2E$Jn-emY0!I}N{Pc(>tq4DT`gq2Yao_ZvQ9_)Ej?yR)P}5=oX-wqcI{)-udBoM+fg&?|P_ z_h{ilqr)dt};B^aJ6CgU0c$y#K@N! zUS)W-;d;Ys4R0{~gyBtwpE11I@HWFc4Zmi1x8ZjT?;}f}XTRYCM(2=WPC26bzehYR z^D&Tf3?d!J5Gu2eL`Kt=So1Co%zhE&c)U!kd6x-ZAaah}tr5-!vtLAg4o$pOI2X*m z5ak?MdynvmVD^6~kAfc*?f_<=hw@HfP9aP_3Cw;D`DF03!u+Phz76HQz%L5-2JaNc z@N+js3Ux4q+hgB`{5>$oM3GMivp+-b5B^kmFqnN9$}zm(`&@Vwm<2}pML^EQP3HKW zOyTc?n+cBt=L(mD+X+{J3xsEby9!?gE)<>z<_z4lUk&E>5i*~X&KAB2e7^7sFu#>h zhu^X;5?%!!CwwoM-%Y6VL+~`=dhiV42f%ZL9|T_`ydHd=@K3-$5Z(yp7)#px8JJ^! z$eX}-3qK346W#{?k?^mibAelW*vQvMh4C&CB8e-l0e=2SP-;di#9!anLk8rosXBVdk&BR2xK z5^fAWQMd`XgK##un=q%K;#g0{<@n;$h4a9iGKcbZU{0Asj)8{>7l20#cLI+W=6AfQ z!rj39-o&^)!Mqofi@+QgO6G4Yc>g7z3g);e^7p{Ygiie< zo=f@J;75ed1M@yh`32yg3-h-Vyth)$X_B@Ij|B5ROF7%EmxV6@^WIANSTMhBk=dT{ zeoE#zn`IYn$Dr}PNjb;b^V=f%$Jp{- zN#20%USZBO%KIkeKgX8e7Rj{DdnK9U^gkD-ZT^Oe@?Bs~5K87$x11=H{FdmFIj%of zW)g^z&y2!8?Q7&hAEG0TKG4sM_@!-fc-fbB?O&i;Ifa2ssP zh57AtvTzLBN@1pJrf?^0=Lw&L?LuKrAINcWJSOLRy-Bzywza|>6MdI(F}D1!O8xJ_ zKOlTMwhs&U$Mz?}XJY#^;Zkg$7CsBxEy8DG%Q1Mgc@g|e!W`50s_^%*{hjbQZ2wG_ z{@wv$zU%!=nEe@!&7%%p6JrsofIEQs4VQBEF`5eZ1amEV%8S5lgv-ED;j_UU*GHX! z;GV)4fKL&QgHIQp2rd<#0zOyxGVle$SAhBLm^RrrxL9}=c)T$C29tz2&gF991>h@% z@e?$U-;rsj2Fw*@$Txtm7rq(1RG8ymZWCS!zC-vfFvk`$?mgi9h3^ADB>VvQG2sWn zKNV&_;TOW}C;Up7{RDo4rcL$}ek07j!Ec4Pf%!d}I_wX;E4&l@f$*!~kA&X<|3#SN zXbubWJ?lS(_ktV29&P>soGrW$+*P*&ldNxHEXYa98j~ zVfF`}7G{57n{Y4ii^9d=SB3k4-xOwlV6SjL@W;Zu@BdZ!eDLSOd=?4g;$xZf{?4(H zWKM_JOn5YyEBR1<1-mI4ct#S2Yilj3-ATPt-xINhx$=4zkQQA zj&z1FpMe$#bL{Ai!h8nexJ~L8gZaIid@8t3n7>=$H*U&Df*%#;bI;?#mw=xX<}=VQ zh0DRu3G;dA1!2wr{E9H2jri@G_A9~f3G+GWPr@_7p9u5!GJg}U26K!k<8s{DQQ;fG z{3cHMQgBn@W#CrAw}DR-t_61xX8-df;k&>+h1uskMfg52zm?N|J$Qid17Ln1r<~J% zUMT!9_+sJpV175J&QHKog*Sqy3v+5vemAGili+KGIZyKS!aKoBg}# z-ABTFzxx+qKIa`44xyj?PhtMnB!W%^^TOx9#=?!k{N_%1Cb+dQe-G7OxB$$txYX$k zK3TXcxR)@0|97fzA-KPAZ}2(7d`93nUfSXGs-uMY?0Bj08Q_V+e2%%S!;#)+enXhgukQ%+cV>Hq=Y#(!tiL<+`CF!ZpE11M@N0(m7~XIAh~WsX zZ9P`D;hw!tDe4nVI_&o9{k`JCQ%{XXdleQIn!kPe6i1`I3k&;V16SU7(bm)$1iQ_O`g*KA z9*TF~8t=3#-f?fd;9$JNh+!12yp$skj_6Q_5m3`e$`dzc~Hk)+45cMobIC4$`|BPjsQLLPc4A zewJ5_Wz>5|3!~fKTJvybSynhdD>Q6C&d&Ut!v3Yvf@ooWG+Mar&p-V|UQt#g+PxI3 zt`F>1Si}hDl@02apOsP;&o0YKJ&>PMH6R&hU_Zn<@2o-nMr5Ux#dFHC8kLO7**qYp zm|kdTTtlEY@~wEc;+Q`(P|*oWHByn;Ac$Cf=%O+n4#<4lN1K3-ygu zY&(*_?LhU-HC2mhrluC2R?{VP^}O=Rn$zY+d(>PurE90RcI}LAJ1OP-Q9Iu)J%7Mm zcWgNr%ibExT@!1Kb?0ZsPMF$wSNw#sSesq3=3C>i>EJo0GanKfM>IqkGRf3PPw(wx`BddVl7w zc>ja()3sb^l91-hP5$g`+%oYg9_phGmUo*mAkRR`H&|jGESC{#VyiqyT zb908xjgE-*$d4D*`130K`QCsWtY=^3Ut4lCil8$8`Vq0BHU69x{#D-O9IQZ|@6RoZ z7w__~+vwMnFNs!9@C(n3Rv-3Zq|BdP{YXyvl&E)i&dgY`_jJzkd!kY3{K!AhJ6ip2 z4xaz2FY-6M8!ew$T5@;vaXei^lJD0qi5B)L9rkWCdQ!Byru4vP*&BYEy>oYIblkS8 zdD+qEw!*?~)wgUbFQ0wjtI`b@l%7<(bHldp{dMQN6ED7h{^LuxO#AIW-p6Ip-QO6` z*%fbAw54F!sQQbsNc^eIB4gI1etEPe)-6BQeP*oth*-C>Sntdx)tgGI>kn72!aC`5 zqDxAn2M+i5^S2D%SbE2r(mPj_-ZisybxrAg6{U3}N>}cRH{TU+fjYG--f~yG)vkE% zu6XNR@ix2SZFj}&~k`T@h>E3y-AtEq}LuXZ5z~ z4x6jX&@>hn4nP%d0hQD4iw-D6`PIamuZXuO8Jd#6Wn};K%$8MXL5GzWo)RrQGo>6n zAiHy3YG0Ur{>ago=am$eckNQ0Ul{F>U0qX%$Qc80^pd-??}kd}yvV8$%B#q~q0C>r zBGzI=ta*+91GHKB{*Abn3-8V;i=A-E-KYnr-HkI_J|Jg#^l*iL^Lb0UE}7{s&G&Cw z6KhrEFDZ+)#G3Tc$RMGs3^+k;%ABs|ycrjOCs;x6EILiy8`}a;gds z*FU;E-@mP7RP?mTmt0ch-?}E&22D$O$>EKDEgG0%kK~*;>XH01fBBkN+hK)=tDnv} zEx+XHC~6#<~kfvorvPKW|kGcBF>U~^( zq1c(Y%(uqQ*cI!)H`ec9?DXK;XI}}+=^e$4p9?tA0sBbmIL}5T6?;wVeJq-Z>%?Cc zx+Q#TSP+FrG z0HH`Dc8NlM>hn+w`DshI7fQLAd!a@{u@{b{aL&q5T1q*Ek(5nt)94~>A`uw46G|zO z)0~;KEs&^SSj_(YV6}P9D;2CZ9|*i=d;<~M?=wf?A25^)Awa+c z2X_AIGkIRK0r(T@6xew@q1h>v)I2%lG@Igz_d@4{!tYaS;w%*QIf)dW6XLtW!1DQ$ z!gGl)<&YBINBUjbZ16>+#2LzXpFx;Dc4s+g}Ha!?)zQ^9xy!zl3iE z@8!Cs=!;pA!dU$-x5D#J;cNh5tR&QOj_3E`*~69RwY*ApqTIRK^G{`=@`rX<>b#fi zrXyF_Et1_5?6zjTxQs^N{c~@})!2rGz^NVDsyy#%k%<23*me39Dy_qHl``jp^x z1+TwT0Q|<(auym2rfV(3PUPz(*7ko$&{78R-GSF`GXC6)Lo`8N+hb+mMV=Ssmu<@0 z`y)eXT_9y4wD(7Z7C;%7Oc8Y5a`hRsb1wGWb(8MJcHuz&gVbVc{>mOp&f!IA^55RY!{6Sy7TfTlB<6<@H z4qF(w?qRnV>ENCg*Re4Q)ut8vndy3j-T5#Ugev$6RUZk?^~yy&iH|ZTcfe>as?noN zcDS~BVXj-t{?VWw>~!R1J_$SS!S*-&#M6n- zSdrSlFRW`tVP`&Oxn0qo3Sl|C|ML2z_UF*1P_(ft+PIy2tEm0kx02dlL7PI+#;$1p z5W?NmevKboBqi00>RM4K+SnECwGgtq;cqX7b{nSq`+!!I-~hBGd-)$lyN zyIliGcizk>?E;UL>Dvs${&UWt*M*II6?_T2pXT#7aBcV^Hj6M8(33C>a3#R&!p7_l z?2UoqEbtKR>Cy9O{&cI(DJXyCvW9jiLGp{?DM^<|fEEb3`Y$ z>~5|45XzJ>`Tki15|?lD<}q$_|09k27mbT%u@wVdJnTrEsSqt^oK}9v#&Wz6)0sG4 zq^=belE;f^TKSf69pkq4;~Mvb260pCT2UbxmkV>ceBKE0X2xyn-=}dOYY;aLr>jBS zG>y9y;ysLeqW`AGod!szxiQXNgSd?umlgFkh>tLC)KAMuoa_}i9hA!Hz^)|oaR{?< zQ}f&V1EB6sM;YTKiYK$K6%~?M+n;{^rWX?TZ#68Mi4aL4&wW5x2)+ zoSSfMB=yIL)ZQN*N{hDlN8x^pTd-f~?!YCfxC3)N*Ho_u?<~~*eV`rTVwcbl*ABpD zq~Gh<2<_O&@cL_vq(CuJi{&Sw8Ll0S4Q}t%yuF8OcP#YU9Te45RMpvrDs4AZWs5|s z;{sK`#F<>V=or189AV4kB4gi~RL}J(*!ysOie_HnVkGEtWH{*1uOUsuACz&9-?3@) zjBwMoO-HrL@w3s73l(@78D~I*0}A3=z*A8MN-Bk$LCtXmwe-SGPs=#n?KJ8HQ)wbe zVQ~5he&^PMnsfR1#wi{p8NMIvXU4GK6SkUkasf?y_|8&F=hjiThJ98FzPZA*Gn8Fy zc5HZV6wLv5TgrhXv{i;b z3esF7%|(auM88*a8Xc2yu}dokuJm%&+Ge0Ao8hLIS1ghf0|}4ZZfT8=;9jmg+TT=z zRYr1a%V0060qAn~@Xu@=B=Fj(VpLL?ypv3>&=bO-pI*)LaDp(J1^`JntH2oDtqELuK{jqL%Vl8C#2&8WAXhwJ z#jX3bc6Bb8{toMg_QfvSgNXMxe*~`Jq+n)sura1K0H zo!zjAaGu+lmt99-3xFllr($y%e8?-Qt3Ya|!ei-gZkRY17s1Z8#or)p?%<4y)q&Ll z*0IIik+yi>MgTVl;9;YFQPTE!XA6HWN7xPUTzFVz%K$6jn|O;tZh6+;1z4TEj-rR) zQEc37c6cE-&%;AG#VPl4$`pMF4`psX3N(T>(~Apc!W>0yaAXuRH|^nJBUsYB$l0K% z*lCR5=F~tVSgrdMXM=+vCcIz*CUtsxuv~WiqSOve z5(#Hgm<}XIBl3_uo;enS&WA@SbHk@Kq_p9p)+ zM{y(8lZz)q=AGrjM{^_52UDyrIQT`}@MEW|$pq^1nz<;E;cR5KBYZj*IL_odvNmj!w z5$DTfoUa1p%EOx$rN)XoX7Y1Vo4WH6XAgXVS9{$eU9q?(ARcR2Dx&m-_R%b?xXt0~ zE!~M4SAfm;0(=S^e&of{(A@AFukT&N4L|Yv-e_*FbU2Ee^$suO=Ev~uyxQ9nhh7m- zjO!tvQjkB(%dex(2k-~KMX$CtVPUyi*uOBfFBVq5EfI37hU{CIdOAXGNrWuZkUa}i zdm-e*g{fy?b8|xBCRKQ6VQMi#mL@`$Xvpq`siz|32Z@jyHRQF0siz_2hD69>4cWOc zwLe03VD0CUj$iXXQHR)*NrPu&#w||-E+C!@o(OX-orm4)ooFOC_riz0*?z(j8y1eL zqNSwOUUiH&9G=UUUxzJ6q1dI&*`V{QyYG$VCaC6kSCKHhS!z;Zt@AxR5>&C)`LTBYtH9q_@D=Oj6vJd{$8Qbulsm0R3O<=mm#*Q~9sx~P__)u7!w7n$Y# z2zM-Qn16($w<(U{Zn`ON1UJ-a7wwZdq=j#*ZEO$t1c-v=hL>@v_rG(EG(LK?O`^)tI!&VC z(JZso2}BpEh^^1tPHQwb486wtKXYw2NIjdvRW4nlxM8~Ly#IR}rQ_1h-+SQx$_>;0 zjQ9U&Q`;b8{DI0-E@LCOVaDF{{wLmD8swU96kd0^zL1;U@Lzkko#W;IPb>@EdtGrb z-#p`={r}g~Xiy#4Wk$me7jb|2hc^K_-eJ{s1@OV+`|x}MQ^&pnpWCLx^FzQ=_}kzg zf!_fC4E(R)x5NJieh>T~;Um1A!>dypS3__k{2lPC;O~X!Cj;8p3jbU9*WlIhm>Nfq zZR6gL@U`%a%QW!Vd}vcg+tm3fJk$C+_;=x{vmgF1@Q2|WBdtwLdTCSh$hgd#rcG_^ zf$RwU7w|sfGS9TZrv!DAz`uxZ-KuPz7Bp3{APG|Y1Dm}zUt8?UxL%-5_q*q zTW`aw`!+p(B~ZuD0`1{D!}o?i9ljKv-6g)rS4U=FNP8_R=L`K=@a%bL{bCqj+_U4# zkAn}vKLY<4ygGJwY}n7RzX_fXBEN)J$5-^v!@mT-6P_cAe-E$jMKHrS0+}O^_rmXk zSI3v|pTd6u|4;ZZ>V7IbXZLJot^>Y(r>rG>Yxq3)_V69yyTGgCYj?_e!t)n?ec?GO zw?BLdygI&bXU~~E7j~Q2Q{c!}b(HZPIb~NHIc0qRO(Q^rm^Wqil2j?DMgyoK}I z;xFMh!>eN$-%V5YoRL$eaeipzyp8Y$^ONwrdos@R@ai;-vK>awa6SLFeYq!t?a*1M zalZdW(|(2>GbduT*BL#h#%E5P8=pC;=cHLxeT(|^nK0uD z#h$Zg%&45zbKdMp(`UuISI+BI*r)rX%E>(|r&aWvGGW5;0mVJ~_9*H(ZTf`DITI)S zXC3Xh!>fI4@xg0G<@{c~3r`vER(I@O)MEnk?iPaTF_kU!tl1MMPMQoxVS+KH1&lUZ z7MdMjQ8{D6xU_#mQ35admC+tGIZ1DykpWYo=0a_=NO4(RT}$yO=47 zn6A{FY@sZB&XvkFCCTI4P?W61P(61}oh(@@?#wt@(q2;UU&uu`(_KA{+?Awt3P;3Z z)W{>w81fvxD>!8zap;I%S1t|Vl|jf~JX#5suGZ^wo$sSIv%=10RufDU>8?7=b>`BI zQB43Z%B!5bvAaO8;_1L8PHU;6kL00R{M{{@{WUAv+d3O0a*>PfmY_%JGa2?O3_^oi zY2~WPLkHYY)5>Wxun-(E(7#rW%g{g`=%}@%JdkKC${pj9s&iEc`TfA8(8~8ZIVAT7 zm$<8j(EmfAA4K=V52&4YRsX&qc|oIM{|4o6qT{SFNzSrlGe~L>E6~q$=Q>D3#PMtw zE2u6(lWf^leyMEEnybvIEHX!~0wNzzgm~4X{1AX#z7rf_p4$zDA5)WwGQ+t|oEhl9 zrTP9*P_Ki82Y&-o0h{b1)@vGTeJH)1o(-u5fqrm4kFPH-6c*l8<3VC_Bv%=@RD%5Z ziH64KrRMS+#7SYfA?Nk39fPesLCO2PFd?sV@ zbSDRrz3yrZB)sN>;&;Uvga%fjACv|314+F~_NWCb32sAc^(gP?*;u2o-c!lf>adE1 z!d8d552~2UaX2V?%{?@OR0Z}C%H2@-EpwE>LXZn9=NWRA1O33xI!)(pweX-y5^DbSU>!dp7Eb*8iKw@A~b0s z#2a34!)nk4@A)--Rjf@qVQL)ziwfN;=h&Y#eL|n&%1Iu!Gv`;$_8^)#X+rNJh-OWl zF>`iw&h%N+rc9qSG0O4T=)=$MQ#^ilgWfg|EB#wDU8S5BKfX=a>3Q=;967Dc;Ho;+uI5F{!Hn#@FN6z;>yWpl2m>OMPOQ8{Ur z$K=kQUp2`ji)9fMUavkVsQ_J}T`}p3303o@>_iO(>eLcvBv?6?h1t6Z1>tf^T~}UG z+>T*55lJ37+=;8YeA0Y8)t`0NY0)kdX3m&3i_cEohnySj)uX7eN8w39;kbc?Q9NSs z8EuSvt{OjR`s5kjs0+^?Us`tI(7~fdo;`l>ppj>fC>?xZ|H8(lWrOF&u`L{-+=Aq*pm5`d!F!A7-%W1 zkD!dJPLIV`EKqerLm5UL${xU$a(mAyoc1c9*L6{oar770>9~`_F&cZdbmrdN5!mJUJ#Aa zuQ%vIzR{XH=EO-AbEb@+JTrd9Brz9Arm-6I2smC*F>}&Y4TABM+F(CEGd_I^E`=aP zLA0+CRZg3Z!vw)77q15%@2{AIirpi4tnLvU)};)YLTQOb=5XeWDi-m-=%UcW+453F zzZhGsvJ~N&+c}P5QKsOvl3<8+49xfpW4!*dul7o?&uXqtZLn%9Gi-lJphtVCH3@qh zqhZrG5&PCLjE-_L|yL*!rm)jjYGY|%{`CvMX1xTy$~of zYzo?ob7@GNhVd=6J?{3w5FmXqY}iC~S6&jRUdw2JDrah#KYtjM$6d!|gDfuo&W;VC=Pqp2nfQJ}2RgKi&qa)36o*Yj5NP z)GcH*21Sf8Or)aa)l;*C%MwkJbAglyK@3?hnx8wW^Lb z=s3JanfoW6iu4i0Y1lacn~#aOuyUajgU^F!7^|84DFe3Zy2DvuG9d~lTH!zxZg3{3pN4@|fn!?~axF|EI>OmPBwg5*tlc*k7R2EO zXN>zSwWJHXE5YuwCMR7u_yJc!5cYJaW*|c6IuS+)P$OIY&|r z#XfZ=VapN!jc%&)a7-)NY91(mNcypD`(fsS)F>G}E<<#He0VfeRX zNyFPl{%6CS3rXYtliVb*&$)_JUTnD3Fu!Q34!>$D^NXdXvl7g7vQ4#YTto z_^2HYpi(=lMTd`mj~bl~Mu%S_c`WMitEbx8W^}fT&dtzy)9C!(=y0?M?Xb-`WOUfh zYI>UDB2(ti)wP_5kmb4<0oLont+y!WXbyFRuQqWP8@XGLTXfbK`9ntkaUol10CVk$=y`?Qe7j8y)`IRO3!J`ZJB(t8=bd}&hN>Rmrsq(S4PhHEwxN|Pf&fgCZim;w~-Gt z`do*RY2Zi@xAr2Kj%zQfd=XgfUr(0wa9&EySDlfsGxDF3;pv{lmNq$p9`J~>g+K(9~m94$E|7jhtWyF{Yvd{{z=toO_pQj8$Q|aDP-89`yN^HIMncQYb=V+ zLZibuA=S=ZM*f)Ltw!g0BY(&6UyaUTBj@~$nzkre(p+HVrx_kKf~w`HFCFhwv@wVMt-%? zckBI${WX+}{)0yU=SKh6M*g1B-)rPY3^zeJsm&a+94khaGAuIkL1an81x7xO3{N-R z$gd-dKIhp}-ecIVh1UliTh+PL@M^O34R{Q_m*EzXV3fdG_cR4TxOW>FjRhl;o*iS z8s;cN)t_OQbMLDBM#DE5t~JcrYgB)o;q``pYWPXRoDV|dzHIno!+cMqI-eQ-+%P^L zCUlw@KEZHn!%@TT2Ru^#CmVTB!zG3X7(U-H?~$6$OAS{To@SWOhpNx_B+500Z#I0J zVUE63efzAzIa^fzv|*04)VAei!>=3W=uFjd&mGcsaRjEy4;yyRBcg*(o(Y{MhFciU zHQdE;H^ZDqRgZP5;emz+8|Iv+s(+DTPXD5Ej=of$Y4|F`iws|Hn4>Z^?%jsh8D4Lg zBP&(^MZ@lSM9S))M$VaXRKJhma>El1yY=72&I}{J%CLJ*5uNLd{076z3@N&5s#&&p4vjkL(A;X+dN9BzSH#N*3tg8;^ z+)?gqnCk+lytm=g4WDWFT*K!ZcF!P^_whzP+3;nCIR}m&x7zS6hTU_D*yQXts=wYa z=kr(jlZH9Njmmcz<|I5Sf6MTG!v_qzXBJ5V<7r&Zb)%eTxP#%&hB-@(>bv#ju}{az zb5wq=Va{Wt^09^|80K94sx#a0Jj0ynMs;pC%=vCq&N=y&A2a;8;pYth+VC5O-!gpM zvk$`P4jG*zhB=Lnrh)J9l-n3?XPC3?s7`Og{SB8I9%y*5;n9XKG0aJP)IR6iS6*Pa z+AwFMQJp&suQpt7m^09*{@)C9mKl|&8s-c#DsOH0xaTP;XU-a<`kZH8d6VI140EO! z)w#m3U4ML@k#o8i)#tq5%I>*9(lFe}ImL_W^fP>x;d2e2iDwbjKg%#KO$`5WRq4NH zjcmz_`;H(SWg3JF40kcy&9HmE5dC5!=lg24bIhHe7Fbt>F!ZpD?`1@H2)t8{TGkyWt&%cN>1k@E*e-8s2Ak zzu^Oh4;khMb*(cI!~BM)ayQR|oQrHDZ(%ssFuzf1+%AT@87?$jY}h?x%CX!trtm09{S22F9$@&Jo~g$eow0_?4No*Y)o`WZd4?AlcHa}FZZ9_S<%U-pUS)W- z;ct2dci$Ps{u4%jv*B%qw;SGJc&Fjl4DT`gq2Yao_ZvQ9_)Ek5_^;n z3cODETJVpBtHHcyQRjN_Q^Gfbd7q+uDfoHeWnkW$D8CK7OPDj4@jgZQ-Qf3x*}vnx ziSjz|pM}?ec|W3jEtu~!$q#|Q6#g+dg!Y8;$H8gB?CUiZeiGb5_$hE3VZP^%3U3B? z5`GTcP560mk?Lkc!f%6z3BL~>E&L&v_aMgoBbe_z$sd8I z3bQ{rUHEU{*}|WJuNLO}@@ip@3F6ot+Toa>Wx^>aCywo*JPo``I0O7c;ih2TYp9b0 zenhwxnD-aT+kk&AoCkhJxIK8Qa3?VDFVyF{y?l2{?gr*Ph1?VTmT)gH?=O@WgFh1H z`}>2!e1Fe-2X)Q`|5Nxpa0KlGxH?kCJK73T%cX_yylh(uLa*J z{2;hq_+juP!jFR4KGP1b%V&i-zJ_fw<-A6B2|o?yI1tKtjk4_}zXtwPnAaBDTgv|i z4xwEl9|mU%9|5-%{tC?YlR6yF)m7NXIboYgc`En}VSZ;|J4ty4nBzvsye`KIXM-mT zHwRY<^IHVp%~C%XyjVC7e5-If@G9YsV6L-E{jT7(!iC^RgwFxsDOJLkgRc^v4qhO9CAdbI?+lg*&jsHq%=^wt z;p@To2=iW3FU)(*gTlPmaEf=PllPa6!ub!Z+k}4z=J*`OT?^hR{1EsJ z;m5%52=iUSUg4jE_X+<3{HZYCCGg!lZT<@Ux$ssnPdMfOMil-HI8*p#FyF&d=eOWo z;n%?Jg!z57K=>_iSK)WTg~EHleS|*%_Y?jj_-tX`YlaB#2ago~3wWIHK``IRGd+jF zGlcn0VvaEHI}3$*-&ri|qkZ7}dB%-^?-b^YId#H~!9Nnt20tp?9Q?R&OEBNn(+t33~+{U2{=cX-<(?s4*;Jid=8lJ{~326_#|O|i|#GVKBKPBI~uI(^Kwis z$2BqTB(Sc}%X``PMLr$O@lMp44ZckHDzL8AJ0EfpK34eT66EKL#SEK60w&x5(50Bybq=GZXuPVmjbuYy+!zX85anBV^&6#hN< zC&GKd{BA-!`@ma-KL-C=_*3vp!Uw>w3jYoKrtoLry}}$j@Uie0;J*s9FZ{W%hkjfb z-&}ayFc`n$cZ>;4yk^22chFWi6C4w62IiPF#%%%aEzG`iKVi-kb+$13(L;pWgD(CcL&cA=FC#p2(#b4Sojq1Ey8`lcM5a%sXAfKLiHoz67ZwKXMrCV zW}p2j;X&Z%gxP<8L3lLy72%7)yM@PsIWCT6!ZF}~60QIr5N03$Ghxnp^`-D^a0uVC z7>Ybv0tmqeywsp!vhVEG+b`D((pXPi^<3r z-Ew$kzNb)LXPECARKD5p4#T?*e`xrC;V%ti{np|>(WLv%^;?Sz`v%(Iy?*O#^k3Ls z6l23*Qs&}~Q)Z~i0hYI27mxeuA^`TMxMh!y?+N@Hfjyic`3Ec6?ZqBevU`x5P|Dxk zrV$@%bS1k;qZoy0?tEe)yz$(Nq-=GYMxSEi*0sBU`+gdWH{~4iYdotd>~4pL6H_C1 z;cuffp9$-lzSfBz!QXVI>?QcdwTV9z1*=|M1M<@NwkvXF`kUCKMt+aK8O>nEM7SKX z#?%dDj+|^2Wu^GzW&Q?#{5O0aijJk@uSR9||9xv|*d;VlbzzN0onY;|*3#hW8eD22 zvxg^(Mqu@fL2hLVx7-CxaY`UmCcrm;xOW$|^hhuFD3Y{A+YL}YRhXQ#pB zAW8EL#P;WqGv`d_%!55KOT&a|RZ}O;JZ2IU<~0%7O|aqq96u3|rsXh>d|1!PGfAc&g|F!dhxGSnl@=D^>rq@~;#osbF#&Hu{eErN7 zK_S~YCjQ+MSNzvZRPpbeo1!gB11*bt_r;P4?m?u$F^nz-PnNF2H|lkU4vYA^^ty?? zRBY*ZTs=kHR~`b^G*I3bK1vX$dV{d9%%CdtZP@>43D4Ua!+8HJhqv~|V4v^C)hT`- z0&8zQ>_rhsd+ds+y-Kjg0eaVA=T?F^4O@hLWd>!TPDTmhG>kJ3+vDy)q6;A7anYSk z9QSsx#sPXgVK18?PQ#cMYmc3ZT*zpT<)Qg_5Ug>4?sv~4jX?2!i9;Q_v?j^)HO0Q# z+X!YH_6O;>B51W5!9J0m-+Zhd-?QdJrcU*qhd{c3F6b2Ku`Z~i9^GzuW$s@AJ(iz3 z4SN*=TQ1#9K5+X^wJ4v{n%Cyzp4u;uh4v9@k*& z3Yj{!r~A6K^5f??u%WbXQ^I|l1Mb_Lb03*9?)W(onChha&z}RKS<*O&b0Y8@&@rXW z_%|`ZKyZ)4-SHc4d@h>T91V+>Ik^SI^gfu5*ML5!utUarN5^3O?K!UxpMT(350v>m zSh+Qs7baW`UVlr)yN~MhG~CB#Gt*2c_~{!K4v(mm_qtc%-U z-1Fiyp_zpO+l+5m3oEv?$ZzCj%*{W?Ydd*L-NA90MO#|rMY{We!ib#o{QJG4Sax(& zG_yr_f5hhvI(}y9lwGA`x0dpQIMPxU%MSe_>wV_WeeIiNkMc5#F|%R$+llynhVe8mab|g>FN8AU%7h&F|Zh zRO;3H5w;b#gd@D?E(_fnxhIdjh#>0E?^YYXr<6x@x!k%S*3U8p#**@zC{ZzB6u z{(`ODz41R3`TZyBKu!|(`4u*^vgm2B)q+3@r6wv1HceDlC-r@>7xn`D0Ol`GANIZv zMJ{F^_Gs8&o<7N|13T&GPMqp^e>M?;xlA*!Zm|_O8Lva)*19*q%QS1x*D_VsBFC+p z2sk~f-f=HwNpX<97=hcIWYpS!~$QZ~;Nh&RGR zLFu)B5OSAKREMXIyNw;d9jYN>0y?gJK8(_y2y~o{KkhKr=5)q!s!n&>#jtQ$r_Kkvo=k`6aea zsErEN2D@?2V7=dt0MA#q`hJ`WU8X^_7Ms&`0{*PWE7ao;Vjq)sVNQ(FF@N1F%r>_9Dg?-!Gw_ zys(+13>#K-Z_hNnA>$XB!d#n%vBez7MGKD8i>dhDo6J-bz1~b=)hoAmwo#I#5=oFd zUbPi>X3XB%abP(o)8(d9^#g@F6S zB<7BXs6CEVXDc^{sKQFpp=k~gXUc&yCLTeWjtID~+zbX?=wSm|0=q?T%pU0+P}cPxNg_S zpv$|&>1dxrD`X1YdZVCyT&24joUS}yctMXhn)afOC$NCK%P!ts0-LuW5&NNe6|VHn zduy>1tekCb0n{*xjZmx>#ciUX`=H5NAb*m`lKZznDFpMzQ@9sO9`hBjI5_vlJ)@L(Liari1s)t8n14~(P62N$ zZo$Q{<5yP-?-4nZOB}a92L&i$?C-Eib(X<@Wb>ZYZa)4v{eFu--akToQZVQ3_`LET z^XnjL$0wH4ZxEHFn@TvcKUOG zp!a#GwN>Ho{r~*?iTz~qzilmYEIb}HtApcJ)vh>>n?dVR;<$K{Q2*JolDApty#05q zTHc}62A3(vsKEGg-w1YUHOg4M3c1}g*Zw|3E#Pf(*2S({-t}6wGUyzVs=TMtG)tAAv=TWU40fsV ze|rUTel_bCFOT_ZHq?AdE73w<)c<4=PhPkJY*_M{-eGK5v$={s+k>97q6%Kz`KnWt z>QtpVHLeHnRj1OUrBjzQ_Z6nm>x~V|>C!8~7I4<4Z6}QJ<@C-rIQ3C@FZfdYHICg- zYG)M)Vohs$ewry0fCqgk{u;Lde{aNwV$~aWP-|GqEM$M+cjoocvka8Db~6mCWAG&|)Q-Wf}z#m}T|uf{$D)5CDfB$tg|I|BJ*ztrEpY-=F_l|Riadh8o;9IJ}unXM8}^VX_jV``$YwaT}}0IMS6tn~%9UTFNhlZ-R% z#n@0c`x>^BR$#;NqbGHP2%8tXD;z<)6I@Z&{K<=>Gv9od!g9;y+X*y>fZtrDMYb?j zVZ+XkUa_6TRvu1Dda`pw*qu|IF+4Ezufb*y%qDj`gV!q2W_LS-w<{5}tg&?v{{UOt z1H&c=+lAZ-{l8*Eb=YKVOS26S#)8fIcy@yViU$`ofBAlxA=a0SNcpv>Aukkm`#Ug85%P+{Khh*6>HxVl+ zVj&o;U*oR_1?JjNRsuQt!8|M%hSmNIHJH@?GF7fwYtAe%6%WAVGTFC6*OUy*tnZ`mf|6(yX9Ck+rd0d6n&l1cEJ@qD|i6*JP z;+bEhL{)(LMC=O13&yi!R(T4fn8K??Zcs>O`P9GudOv;@`0GdcYbp8b75T-|D|h)z z^4Kb&O}{dH%YItRtc)pUzj`4bKlXC2S`{cWu_2ZM751iCTnFp%+;7*e`_7swYJ*UkZ(5d>r;1V);`1j9(-qj;kk|>{x0RUnanN52FKiBwS+6i~M?)eL2F+3Ywsg$b`;J-6$UnRu6UZV& z{^CC0F$~AQp5`v9GYk3PYolF%2#B}~tLM*;FGch%BZ&Ovg)r8}EJ9Spr8rNz{pf*2 zVsYiFxoyV$oI13~tVAUGSgdE+{F)1wESrDQ$53XD!;3^~bxrLu%S)Cmt-EZ=s>Q9l z;b5Tuoog8(`zH-iimz?d`u%U|(i&N`DL$49Not+Bm(|s*ytI0Gzkw_`j@!4dcf`R| z{RU!HBdIAUqCU;aQ712Uqz6;||FE7>)I1Q;Q6WCVxUU;WnPm#>8bf?@U@L%r61F^S zF>I72VB>2@S8SBCwZBUE0DRm;jodz7sc)UNKLY~VqCXBB?d-(HG-NiH_=SYbR!vV~ z_NQ>L3FWq#@@@7J?U&_WjLkY}X`(h~!FR7)WG{#R`I<#>OSQ{*b@xGMPai@5`u-n{ z2m4>YkWmze2uBkwQ{R=siwe`T?b6PQDX;H=-?PEb$Hw&3OU7o#Kft&4sAErgVBB7r zV#=R|y?Xex7ru?_ZvV0n}+rtLgnEQ$DNJ)1`=(r!(e}`BFn+CMb=*XHum0yy`yn! zt^3M=p0+m?_R3LS+C$f4++J}Tdk3+zGgU&Hzk)XQww&qzW|;OmDtiOP9v?GwDV^|} zur~Efn|#}&Z}rYXPgfojh+`Z#zKx<<<8Bf3cvGmA!Ou0Go9?&+t1UY#3&YqpzyVd9xeJ z0RcR-Y7g_ra`95o_CD_J&+h@Tan_y)%zJ|Cq?pG#6Z2m8 zZR;elDMIJ#^U7>>r>>iXi&VLQxkI!HPF+VSqcsxrKVL_QPpwvm*M`;r=+rTkI7yTX zm>B?C1p#x0>2UOzU&Li7|C$tHl*Cu?Cg!ydXx=fe1iEkYT;y26ZhdGU&~HhHbsahRvr6n$e;PJ3fh*w_?~(vIYZ*P+c1@8fP1 zf8f}R&Z056-q^B`md9#08FJ=@HYq;d^Ao}> z&ArG z#Uf|9$X33Qa^#1vD7TAF6gp&^hr31I4RW%r+r1($gq)njgmAA>4x4<{c}tkDI&_&R zAnS+aAv6En?AY42=bjxmn@fGvKOOf+=6%163_C;NbF+5J$;bm8>zu!nr{n9HWu8yu zFnk^lGA~1hT{gntcs%&^jgHSQ%RKy+`P_FI3CDc8a{DbLOIqH~ESqu8A|IyY%%{~k zTk%ZAa}@LZxBAN!uT^}d;_DS}Rs0jhzgB!Yj+wPTPchGDD}Pw=tBU`k`0r#ncAtao zapb+(u78oKm~-e@`*}*k54*h$S&I3y4 zfZ~r8C*uUP`{nP(Ess@vJz0)5f9GM($y>noJiLc;w6EzNQv5Jk(mti+hZX;);*XX7 z7fO!)zqlQa=CL*l6q|YEWM7=u$mX*S%zW-d-maot^0`6jY*acwP&&6M9nN=T?dbKh zb}O9+$#NYXAj`fEDfx#=|05;;r_$$db*-HoGV)Is1v3x)(!#lhto%$RpQPlRQ^?v` zrR0|>`3AD&lfQql{6nR)UCDQmB|n@C$lBkhbRJi1*5r~pd0EN-L>4=o=ZEFuSEOS~ z=PRZ2wbBXW250lh-+x#;?ZLFeXF+$R(^KhiUVW=mrgVlWosmjsywaJjbj}x@N3gFY zO1?tLS5q!^+n{u=5*TAlSt(6^VEqfob$Ono4MKLx?4cG2ZTer%b|EXzF=_f>43YdFv7hG4V$qZC&t=ICOpbH3tg#WjjA zReZVPD-|~>HqSfB&t@gRP4SNv|5WkM72l_rZ9kjmM-@Mz_<6+#6~C_dEyeFEKBD+b z#s8(4Uz2Sf!irNArz?&s?xxuMY+mYzgGa4R^SxN)qm_J;;%SOa+d%X$Qu4Km*D2ma z#`#LOMKRl)R=!>F&lI!$X?6A~ZdUw+VvZQF`Ue%8wuh0XHf=xAc}~d>DK>3F(Ro|R-&4$y-Zl?kDfZZQlC)vPrmZOQ&Ps0DjUq2n@|a@N zo)n!5B_FStb8OoEPFGx`c#-0I#cLFsby{U#w)2{#>b z`x{~Q`IFi0FjqJSyim9R%%5RUrvzLlTngqq!j!YU)+js*+$1~(%;zt2H*&fdk=Czn7%+aAm!ta7(!XJPK3LgOv75*!jbNO*! z{2t1-1o>0&G~r|53xrRA*{+~Y3wV(*+x2W?P|kPxRl;n)bKQ2z^TF$cyMwP0W}gQ8 znyAwY%)TaaUohJtW-8TTT( zZrCix6c1Hgsd%d5If~7*Qf%^?w9ozZiuJQ^o09KR%xl1=ZB~5Bv#A{-;oiq)`yy82 zXQ=Y&tM=cSQ=gwN#-uyJ@>uz1$jZx)4H=UhhAkLc@GlI_qoElY&cO7l z1v}23J~Lx*cw8PP0myjdzWvo12dmS+`t-2(wfAI3Szg}Gj>Ubw>dbem(~3soSuiZr zdCE-u-my&)dSyjpb%XYJ2gbV5Xx)Mbyrz3`2kX&)$%0z1X_fQEl|2@ecuiBBFGi&< z$ne6$oGJZ#xjZ_*yu7Y+|EkH+vj)ELPCz{p@1X2y93HpVkl<|2RB#)HtUOnI}8uUwAJ zvyp8qEpx*SEmW^q+v4OscbsCcEM-XPU~gEcqF&2lrOgzESGJ6L?s&;_C+dR>19{IK z3pX*{yU(3i=vAgBXP)&luc@n3(M1_^GRvLPohI%4mJ+j%g@MA9py3QCg}4h!9LZAp)b zc~2cWCtTcj(YnhvUt4|aiaV;?`5CF-T;?LpuAN&~Y^YwiZd8wnbMl%m9y98qiFp@Q z-S)#<+s#?nyePHl#5btl7Y>!=RXzKYHJ=rw3=5t8R>ha!IHU3=CiU+;zhrLJ+_@8b z2cxm9m^riir=v=vvCXk)ov$4J_?uBYH;(z|#)-=U^(fC}!9`xv2e6Hk=HPS3v4^t2 z!jw^Wj2%B}aNZ(sTn3KQTi@h8ceLcWkIRq(C)GmyIbP|lzWI*lPF#HLu6B8Ml#kzA z{9f^`#T$M;skrAIFC2Q{jcyG!Dc^`dr+illf_uFZaMA^z zTyX0J8wMBuw$opRTsHpJ^A}xw?doyY72S<<`q6J#_k|vEQkGKOH*f!;l2N$uDt?a~ zoWR+K(>SmwFb?@{+ROSl`SjV$Q>EeoMC778kN#<$<3#&!I_3TujU5|OW^UcM7cBVh zd%>K!(X$4<;dD=LoYvgDU`O$^vk%M+H{JG4a>&cgeEqbiFxk-l+>C>{>F?&I9se}r zkt$B@;*3Ny;*q1tfy91K^=BwuaalWihB*-SM=vcIGWh6WbVXKbF1?9vms~V{W$z^8Y5X!@t&8BF;KXa@oT?gJTXh0 zfp~u#?u^14+SyJO#*@y(8cNkp4Sra?0&iPaI8Dw*{OIwRGsqq1ZgID|+uVEI2i&jR zh?nZ+c*DF3?`-b|?^f?6?-lQlUb{fIKvm#^!2H09z^cGyfvfR+#xF@C{Da4BCO$>D z1=zY{E5z0VTQ_XE*zkVo7GuLV0=EygB5b%uT{O#Gl*U~@mVd@LPX9{4l>mOJ;7AfT z59RZEW#b*p>y5u|8orIEguK4lcz-hfnT+a@&366N^IUKEwEVCa%RbKyqQi9L2*(RJ zQ?jxGZe=RP{U^+D8#<>tRrhH|1;wE;v0Lne8?N++cRa>ESfj3AkC|z&SxQ*D+fh6h<%$Q!q77 zV019xIprf}lS_guxSvr!pWg5>Bb>;9sw@^N-wh=7Z+})K;7pu2;9TZA;7!U31TdLS zmZ4yrLP7y_0C=t!z;B5{UbqVyx*btX_& zx~5K0X(($r^UN_N!5lXTPRK-qe`LR4s+)#TD09dtQw^vX&nfMCJ}Y}{yRcW3ofR<4 zRXOLm;o;LA?l00QE9_(!wRj3KnKvA}vkQAMn z6A8}2tX|_W8~o5Ijyna3`ee6e1_{F1co)wy6=?E@WH?a4i?DmVvLoBDmVj=TfnAZ^ ztbttz=1p)LkQL4@=!ViaJ!~wxm{DjUUz z*RcPh?ELfbLwMA~X(&l%Mi3LL!1Qb!OVsrD{F>&0?${|26%LnJ+*H~0Wr~aI67>8q zREzNgZY0!mUC_xhfAjf%qUVuf*g9N+W_*hcBP(cux4KvG-r>(PRTV^?W8SFi12^Ij z0UKQ`Y!q!(bw-2zxu(*B_~Zx$YWriotXgO4@LrOd7Gy;>qJ){~SP2@1pt}TNmx~)5 zgn%C}tixPV{3%X=A07jT2H|fo7~w4?=tVZubHjX13tY>XViqIlCX9wPTqvs)j2%xKz#&UjY!!1rmugJzAzm#Rx zuB>(<*9Tef%$j*lNxwJifu>Vdvyq zc{k3pH3kyLp$Uh%FcY<9k98jJ(#k9T*wr3MLfaW3X~uBXX3WcVYPT(9kNj2 z{+*J^Jy)>|6)t1k$@x~bXBuok%u~ai%DV+aCfn0{v9{@Wr-1Y(B<;}yGLxFZ!V;s= zoAr(Mh=ZmJ75kivaQL%xpzq{cdAIW*WbX1=J7@qoh1HOl(&Zu)!{&DMOGl2E4jc)- zioZqoQ)QwlCU3Ovwri5mU1th5(G+tX6k@#hOmZIwKFT2PKYs8&?5-d0L6c2!1Do$_ zDA`PtO>Td7^t$^!jwveO@r~8RPa}iBmRbB$DpuB%GIZI$V*!;wV z3K4P!^M1rTKrhk!!o*dI=9eb4&}fEm24p~UIyF(E7E_`P)I^CKkEii2qseZ4)^?-V zOz?PIUKX2)CiFQqOON7!-Uh7!yb-(QCZ-F*PH6)2^#Ic&zm-Nl+{mMl|ATUK6-+ZR zixKuMOgCZ9ay4K*thncytK=qxhj1L`pKzM{SI9Jk%oVc2>y8$axkB!PTE2}iR|wa; zLSD+S&vIz_=fmY@AFncM@FtjH?JZ?2pUUn!v&X+6b^xE=?v+M60rAe@d!bze_?X%} zanVfURm|nB2K<8I>rHqH!?f?-V8RO+K9k`aO_)nj4Pd*(-DJWW88%~5Hk-Zu0^!)Q z1q&SaCKLZE!p>k`vpjz7cxg`2zL~31!SDMg|gL3#^X!b4Xv_)T>gwQN#`G_B3Mnw z=3e8z2wiieb_4QlggH_NAc1T)@;MtYz&wi{Huuc;5#>LP9ya-O{io3)sG6tI!(Jio z{ds&EeM!4EqFV_hMTkQGAn%9`NWgu%4|{pM8xBQOz7?7~*i=f^L9GYWTJK`(A*tfI zAa^lx>s<`0L;3yFoeMH8d3W1U80uo4xpRqEU^|ni+1EIKpFv;{W}|CYnJ@_R!^K!x z=&wJM4>~p^-Zt@*J$%m{SO(cwkWq)dpvGdL)ba%$#zJpmuk|1u^9eYcHYAVx>%cN?u zm@#vgrAQp6dt+RxSe4*uk`pr-9Nv4!WwJXbJr}#^3+;^deuj)Cyy}?@8Qm=GBZOU= znA2Nh%0g&>s9hr1-dF>4Xq{|sT&6!)otjtGPJ1bp&5)K;|MeSzij4SYGhU=~-ghQ?LU;30OCBXT~EDx6~Fo-OV(CNly`m^Abhs;?%(vRaZQ>7h;vW-Ir8)z;}rdMfj z2L2k?34f#5)NF0If+fLJka0{%O{K*bgIsK!xQae6D@>j?3f?(B;&0rcON@!>aUoyK z=ths@`x7u-SGZkAH)lITd@)FHR*1wVN0*7ih9~C!qSqfAX49+RPT+5hVVNFVoKT_1 z(I-ZQz-6PMLXV9}sLiu;2+tY$6ncjY&ZhSoHlso~V&s$Q{ng3|U;1(=nn^@4Z64c%3D`_h!fDu$cY16E zB9HXA_M=fDbT{(J^u`&SO>Y7=sI1vexWUN3M{k?K+4Qz!Gb#iQnZSu$T*Ka4BYvhyZJ!5b-J)Y*C(_nm_;1PSe+p|4l&vtvVv*C5WF))kXuMJM8_oOeS zCuW28D)P;q?&h3q76NN_1fU8VPStU^y-mi3V@Z!A+dYgwpg+eK^BnU}t0`>W%`-cm zLXR!AfU`1h`$GWp8=lr_9@*xECE87Zm*pc{nEu7f?l$A5!+Zla+%L3fGekkBVXL=Y zOR1Ph=@wVdfY%5y+A@f$bz((`>3UMC#fVbo8C+&W@p~Fyp3Q)LXWFg6`%THG**)_$ z`1ihuBk?{xIhN%ah|R;*L!Y-CuuW{r%bOEq_4L^v<{_i>{kv2=8w`#&(QDVx=gY7* zW$$J*#hcj_6JKk5>Z-{C=OV~En<_VhOR*vK8v4A!dH6nN9picbqjh^9WJax{K1b9s zJ^d{{+h}92(U;ZJ=O{a-r%zp#I|gqv(QDVx-{W)K6ytC4W%cxVL-m}M@p$S#b`SJDi{rJ|ZVE7Y1ehvLE4Y#IeJnz`7 zN_*$lRmp3LU4E=e`Z+$w^Kb9#OwZdoyYHBuK6O=9GMHzg*RG)-^Eqyc@m+mcJ^h}B zYmHA`WojFO+f6i{1Mqos*SWTLc;?#P;2FOUdd=8^m}s>1%HvJlzmLZo7=Mn7X4?Ew z^bt1PC+PVJ;&%e}1}wy;GRfdFBbs7uT!A1y`amn5kT?IkeJy%?03fG)r#Ft#cN$si zb;{nmH?iTlLywOG7L@)mpR?%m*?@^<$5>NL=07&#mvO5oo}X6Hc{(9~RF9i5J>Tx? zcox-u&Hj&LKdy5DJyErWoFI~?VN1jna;cMdiIcaTL0V0Yi|Qb?`$=(DCxm@Ximf5q z<JY=}$LY zYkcY|Q+(wgf(_MVlQZZyT_;m{j!6)Ips-7T4g! znYx`Y8XKpxog6~u_{<&N zar}=k@TtRghIMV@IZk&4ww2f}!N$irpXIx;{RSH!GNoX9+gmzplo14Ypm_c#GmVeqNuvx_V(7hHV5kUK%s7@f^18tnVs68}c?kY`j~i z>th@0z&h5?YHV!!+@R#TzW5=~I@aGq*w`52m}2Yr;IQTAL&G{gFl>GBAz>Zg18lvp zC2w6F*w)K`C^;{yCTzU4Zo{S>Zv=Gz&Ux7*k>~YHQ6F3?d4A0TFb+$6*<@6|T{aots(nQ(sF`oj4P1^9N1Qu0#rSTZ-ptgSnixRbCH#xHpz)c)*ELh)Vj|d(nZnhdG&h(S zLJEKC*#t6laTx9X9`|VI*jnxrDK~nU0N4#Yzt+q}+)nJCF8jGy!rAdKr;0swKfBCC zxtLT|?dS#14fN$)#(_z+5{Q|<%#9oPsqfu=g~{uyu9(AP2>PqxIsgqRbEMr*$x2!eh{%UklA$OZFD&*fS z@(F)0uBrLO_-OP0fz1|clXFK~_UCkF*=;E(2_+`uubn}foM4WiKcTXpc8Zbs^&U1k z)Uo5ujJ|_SHTV-MCz$D+wN9d$by`byH<%s2=$Lf=1kF1B?gn$(zHZ}rY;^oiKmOhC zicd`BG14h+Y%r4*AG0ZV^mKfapQEq8EB@;%OhKFcQ!c?A{m*;@n|zsH`oH-n#$X_+3Bx$6OuVo~22cBiRiEOikIdk;l%@!vTMP z57|6$rf_ra2mav4?6)zj!+^27*N=Jf+w!REg=dRDmGk{qmIuj$W1?eEW*T;&JWc_t73eA~8sESZ1rXfS(CF@I}~X1X~W zmKjbqfBj?QPk!znIsflc6MMS(d#U;BPusml>WMk^Evz)L<}M!aHMN~fRBWAMU#>O% zJoq{H<+h$!&!@7l^MQX~`>|gW{-oZ1O}w?%T+Bc7WBhaewYBE#_=PVEo3hwr$`ZY> z)?Dp-tTognj_rS~rWEJ?)gklncxAOI$p71i$4>vOj~H8aGW6Cmnv&wqq#iBrnhJnK zPI7ywnaD9SyZaK)T)sa0#nPI7723av#wJd5JhIfTJ~3i_b@*o{)UhKd*2OMdymZwP zXZ~`2dR(-EfAwV7h@Xck!)xm6AYNUAsj}m;_c-!z(27uMEP z&%f}}WwrA!T(orYqNO$STW3-?GmqDq5dm>cPDCEpJnP(P(b3V;K4pDMqP>@JNAs!| zFJ1{=x~wu* z<-J)I7-qMS_1aqORZHc-vd&rEW{UGuq;@{^Q>w=tiMq>{*T{U47gq6DpQL6_m8BPA z)_m^WR7tHply;wWF@AJs)tWjs6XhdRQ@;qO*TQABb@wx z+xIZ)Sf-w3>RJXmcHZ_Vm~D0Xh1l}2*_SE1Ux?!RxnSzk=gT|w?Mv6U>E|P!`t<3j zL!N|<@;YpEl#@@xMw?e*V}2=LkBwg~DBppNj`AJYm=DSy!A3_pnS(zlKZ1>pa z6jp~X*n>sqQ!2nwhivP|7!x@eZzskkhZS=_)XxHB!DqOTf8Z!5b6+M?v-E+T&b%qZ&bQSyUI zehAF+Qtv}0KLTd`Q~nkHV7Q4XBm2?mXp?O7kfY>eTSj(>(@~#HpEk>soXlRhJZu$U zMp17ZU^IN{^J5hIDX7CQS#;DP<2h{P>@=aHoNV*JP7^xH$vp0~`7qcXuV%2#!}DPL zH~Q>YIZO0A;KFA|9P>~DrVZNUrsM9z*FI_i^Yhw1UVhqxVncV#CZ z^>7g|997`X#22iZE~El zbcKF|nU!4rwFWI=A&Q#C)qSMl(5LOrOp~jRdD8ZoyK<#yv(3@x)JLOl%0#xc(>BxJ zs>C+ge`Dic#rt_(RJ&}6tk_{nhDO+`i!NMHTfL-468n-xe8~3kxq9wgF3Iih+ZX+B zUsNNCQ;C-jMpPMBioYkFdLrj(DOaD7%o^|ane$R+ddBf~SSev^Zz#guuvuqq@KUhM zxH{Nd44?LJX2~X)e$19fmV*akjrtK}4IC#d{JZ(V8 zG9!X#`{`+qk2Y%$KTtc#ULBQ{rpm$ku;n-m*7o)xY@1!cxQ&+;Q=S8R-Qcrc_^7b9sx1H_CI!I_lB2hmvK6kDwhm6+Z3pk#6k`ZDWr=1hBVWsKspz zYGZHcD+o()@H%THaq zgjQQ!05b+?7ch|CD6KAF?g%=p?~F{(E4S5s+gc;7vDCMv^QD24S_F*O zwau_TVhpPj3MK+4o#_l0=-naQy-k>BY^w|4j2kOKKI1Y_{})P_&G-z|@5)wnbL`f% z312PY(eN|y@3uDaJ0;AT%V7QMHZ{71PHpu<;`c`p;(dMywDv82cWbz944c4QR>gEG z`Rl8EOMjVZxJwsQTMMQY>=(kW)4*%WGGi=jd4iJjEO$|#bUgnp^K7)-K{3xNHy3~4 zqS#zHZH)bHl=^KWmlrsku^%;P{!T=YE$ezE|-lioaHT z8uDTG1;0R;cKD-dTb6Rg9D`!zHNxwVx7ETNTFCJ!R)=F$EOVTS<@bcmP(+m3$~kt$ za&N^P!(!#56;B|e9(XJ`hQ#XJD$MaW_bT~5#m^|_xDK0kjN%oFImW~4a14xPo+Fky z7REBi!&v5+7|ZMuV4iu7b6A%>jt?rG5s0JySoouanU42;%Fl(5Caz(26;%m80v}B> zBj>2a>B8(XW0+~z!=EKQ7e4P@JEEPM<6EyC>1W0*R;o_NnBv-|H3;a%{5 zD$MRVhN<&Q_`eX|0{MNye3tJPX1Cp5VP2!Z6K1#Fqry+YKOo$U`e&H-*+u)j@FDmw z39}oHVd@-#|GMzo@ZS{XxymqgK7jwOFuVLd5 z!lnxk`J+DXF#%zA+wn(Nl&8Z_6=s(i!<4g&Ia`?TP#uN&Zo)8ic&{>(tbp0I*F)r- zAE8*7-D(U|zd!t#FuUOxrhG8`fx_%=J5!kVKhASW9d@^I)IXWsXME4$b;Nr)*{+#% ztLU&h`*mS&&}GLPi7^+EyTukt>~6uvs@>P*FdL{3_I)LbF+3fkn#RZ zw-FoX*rDTn&+=Ab=8d-OIyBs+D^2=z#r&jU~53#(K zEZ5OGu)U_XP%f`^9RF*XV}Pyx??gX{I(}N|yr6VmRyuDgo%hIczWqb#f2HIh7`8f@ zWH}Ezk>y(M0=C!nAf+=_>5Nl4=PI39ikB+=TBUE+$C7<jl>Riuv&eEktR~B`TS1od^!36 zFDO1tmOQ)(W*KMVeEC@Ee5!Q*p>)1cIw9N~t)0$_yOO0`F~x()lDFYXK7lOxsZ#P; zikB&!l}f%|@%3b}f0L5$AdCGwmHa-%4=bHV!K@Ru;a{O#Y`&-XFG~M!qR;kli_%HK zxop$&yta9052k&#tD}_5xz|(a_fz@Z&y0^D*0|D ze?rNhC5xTcl>AL4|4$|Vn2d7K{ZsKbV3wCZe@jh-j^sI$Ec)%iRwt@-_!|dXt{7SJ zbEeW6NftX?Pn~x7ZgQ^DpQ-e}r{s&2d>L8ntOU~z-#gYQ{cDsyC(5z;xkbshDfwMW zevgtrsO0;U{0Sw0R>@ye^8Zx)H?rjUQ!w+)cc_0-E_D@x%+`4lS@chXPkp{ab)a1I z^T~3IipbdLdc&ta->pVaE;{EZo2Ts7yRR9dvkrC^DEY-?x!x~Pyn!s`y@4$69XEmPd&garOWoe1be>iG zj^Z!LV)JXVyo1oTeFw<~TbrH9qFbpO2y}q@%*5>0Gs7`iZ4>URB^51 zb!0gYuU5QKv3YM29rNBKe7n;5x#D{jKdSf%#q6`P`#q@m4aMx6vN|6s{z&nsivOXQ z{ZKZo$9E{nGyBUdrzqxkek<>wI9D{U^(u zYuYlWkg$B3;!MSCD_fnYV$REF<@^n_$tj>y?x zZ}neM{FdTBEB-|BXNoyxt+kV+m~#zUdA8y+6z3`~QrufHzc*MrWr{~A9<6x1V$(+? zt4(?=xoHZJW}yk#Zwi}P&`NRe8qK&>lHUD=C=x) zhmDFiDc-L5CyIZe_*aS_R{W^qXB3;hDXH_80FA1VGs@z;u7)hC1Bz{SgwqL|bF z+A`)UE>hfEF{cE!`Xd#OQ+$qMP8w|Ws}(O&yhQOT#g{4Gpm?KVvyQve)mA0v*h{AEkJ_;&T;qT579*zG6-eZRN`qbCPH) zze+JDi?;F~D*ln;or*bYwAJ6E_)*2Ck520RRVDwUVon)t?fgygF~!Ffb4qEepRAaZ zNn5$;my`YWP;!n>wL1M34^lir@o2@IoZ6;6PcbK{w(^S=bFykHH?w0%eoSAS@Ft~m zi{jfAb5d(-=U0j!RQx-|`xPHh%*n8=oj)r6i(=hJ*P`SB_pA=5$dW8#b=S_ zJ7C*>JgYxP>CadEeZ|WZbHZ-hk9VcwYZYIwc#Gn#igzmhsbbF1ZTsSWr+B~O1Bzcz z{IX(B?QQM+MKNaqxAJ3(Irq1fw^N+1_;kg1T*vE{Rc!m^*bQpGUz@Qac$U!dyKJU# z6m09i8|8AW3n|Aw=z3wZeWWq4&08tu(pL$L?-$MLIOA3tXPUElYddzu%A-n$`LS}d zU&%A~Yx@b!7!{EZRq{%*lx2eAD#cS3&rm!|@j}Im6)#s@r?_768pVx@*DKzjc%$M? zinl1Qm+TJ$sHt6`Qd%_BvAX@9JwURXSyghbk^t z{9S#p6O>Ms;;D*fDAs+mW^9k-d9l)2uDDKdz2Y^B8x^ltyh-sE#ak6`Q@l&@J&NyB zyhm}f;>Q#}srXsNhZVo6_#MUXD?Y0DnBwD#Pbf}MeRRo+(-dbZjwpAl71n*TYn07Ka4+s~4_X-aL^BV#62ZMPYl81wz79I(HUbq6xbBxO+(fv&^ z&oRogApfUu4wz$WDd+dMcEY*f4B>n*`}wKU9nABJJP6!fnBx|CE>S)L%;~DhqriiN z$Aa0PpCR`IonQNbHINRUJ7QvJ#|)qKNemI{)aHn!LNnu!5r5@{ng+U;k97)&r{CtSNt6Zc{8}H z@DIV=h50S3moV>_Ts?>S{C+i9nBT9;g?EEFuAMr+0Z$Ugi751n}L$ zyhpOHo_2D;zY#73?-P!J_Y3n}eo}ZKnA2u3E$4&fQUv63@E?VFk9Vrjo@No z{vIeMyahZ^nBTI73Eu`DBYZD-yfD9CRSEMtm@fPvc(yRFiTT3(W_7Xf3*hC#hrpKz zzXo0-{73MW!biXxggFiRjl!RRe<k~p)&sv^af~QA3H%%3_F(q& zQ_kySzc9aLJt@p<Ak-@e)j^V=84lv2*?EL)h@8NU}$J{4Rb%ykg@2=n?IAiNknRG8nsI7JH6@|vp@ zz68v*CMf5%#cu~>{(kFx;mu%vJD~hl@I}Jgz)OX9g83bRIvmTqTA080S|`kFZiDcz z!8ZtVyz>@eUVpa>H-kBTl{Oy-?-J(R$iEck@5c5B^Sc>;e?om;m(9Yjfe#434t`Gf zP4FS%kHCKv<~90`Fu$#RD9qn?a2zb{cLskZ%<<93h4aB22TPsqU@qcF=JnT3xGy+O znBUOa3l9Z%5iSRJ6Xx8{#lrmk2*=IR=GowZ!smd83Qq)&6`l+}SD0f0rwK0va||u* zECJ6IUIym(2+H|8$K}GDTlo@Uj?rEt%-`W%DZB~HZxc+*Z*DgT^LpjC3CeE;-zLm4 z-5h^Q`H#Rq6Xtcy?-Z2Z3EnNt?{yCe^ZITUz8ic%m}3a}&4Ov~10NLrHJINlD1Q+A zCt=@NH|xR)^RF(tx(2A2uH4<0W3A$W}N5%73n-iNA$KL$@1{scTrnD?i-!u*EG z?;y<2G4N91FTnf`LiusaE37FUhg2xZ?L(-94E=|Ce-J+M~+V>uLTbh z<~YU?!n}8$CCqQI6NNdaImazC?X}?9!nc9v3I7PZNSOCgenX-DPr;W6^Paj!cpvym zVSbz4Ap8jU24Q}u<#!g^c^v#xvb;C_Lh=2=xP3Yg3gfbIelHBq;dd6MWjp^VVGfmi zL6~j(SA;u*-wA;bs`yUDx?gCYlI#ATLrVUR;*S*{ zR~$t9)$TVseVKc@Ia z#cwKR+uhncrkL$@D^FJ3L2)<5Y)@PLp^7UNvmI=8<|t;{*UIY^uUEWDG260Mf0yDt zirF5uI?pOTtoVJ!M-`t?oPcMfwUebds<@Y8J+_MPWj1Y<;#rCpDrOtb>NhIhsCcVl zwzsT4+fSC+PO{84kmW;)-%-pqht*-b!7`uymd)?xUQZjFraOH|8DCYCk z_WR9Oyj<}bvV4o&pm>Yo7M<1*+A{2H!Z}cC;tQQVm9nPrCdwPEb zR``r`uDi@FM*+q(R|fq8lt(w`9E-;42JP_u z7A+|8DkeBzj7nRO;e`h}U*vgBy`69w>Sw`ZuW6?9#aypqsuP}t-^TAo>H{m0IxYET zV0aK(vFQ9*3`e$Va&*wZH{K~okM?fP+kd>!8|N0Kp8ZMq z&i|9-?>>J57Rpj#W1I^sgT3&Ucz!C~;xQGQ;z8(^rM@|j<5_Kvjc8;4O1G)0h1v(! zw>WvvABVWoD@z?xI@miWa-c!WVx`R#Hmzs>Wn~gR&-i(vRBpZW?TwIfpa3^`7L;#IyL?( z8$YYX-&3Wx(CjG_9gipN`)6))AQqc5*!x@PoJd6#)uli<0Ohg!P5#F#ajZ1W$i}un z4`myTxD$mar8yqu$d7}PRfcf2<-P3=DZR<-&^r)q%xW~pbwj$7P#$gE+}K!$;~u_c z>lvN-_U#;kx9^=)9{c-5Hzb%$c(&RMC?=Doo8=HoD>> zpqr`d_`Y*x-*aC$x;2#7ecS`jAK#U9ec~+-U?KZ+BKJI0(jC|6(Q^`t`*LsBR^K}E z=aYWB!tS-wMUuTMc1_wkazpiu%}_>;uj^m3pfYd4xVv}#JgM>8=4(R-A}ufv&1WB2 z^I1{qIT4(L0Um?yl}UM>M?-bgf=ZP4)bqH`*KYdq8*?rk^UsA7i-HT0xkZ7QUii~* zFel6N$5E%BP^U65_l{`Z3rA7K_S<`w~Qb8?F$SO-Yo*T~EP!r0O>oa3zz|Tn@H8l+7!~@8QB; zPyBV$&ctVtkk>mK&j#b;8(P>a;3_mu)fCqoIw?2o^~s*%28Vjih+z)8ktb$l1>CWz z6!#l9)otjI5)Ni&28-M%C_A%kBD(RznEEg|>=kBX?GJRDr?|OBt1KAklbt!!Lmv9z zM=~C=2PFEgI?;2(fsw(0=L{b< zlN<}WeK7}0W@go>VNRg`*~l7Fo)hq3+{35D4joWNj`G>q0abHNOG^U_g}j6_2ak#c zbKD>}A#%@x#(>kqLAQM{V<7zw!FGe_cVzz2Bg*PboZ#SKBaZ=Z;y?d{ zyp(WKW>zSeiQ_jdxXg32LS9jJZou`tE}j<+c&LqO!G)QuG@Kq;{W~Xg?HuWPw&NNr z?ZU1DV+lyrJ)2VtVqFs_HQdp2axoF2dld?f1J)zkO-SlGt#c$e2c4d0p&&yhI_^Xy z>XqG^86*g2FojGv@B5A%g=U$_^FiJH9gDiniBT9W#cT*3Wbp62F_oD{rAYuosPag)Wc~gNoGc{ z&Ya0JaoVDi&-W`ChtcWKF%fm0Slm?E^koX#lM&GK!%!#254e#~&vij3&-~42v$zEg z6|%-jcFjCM5E)mAztU_r;q&kp7fRd>Lc2G}YcjRUcpJSSTgTT2ZV28OYIL1wT+^SE zm;KmIYFZH8A5NpY(YqdLalyqM`)7Q6X?(?n4%)iN0Gj@cam{b}a8fxhW9vW-ab7UQ zr8WY%_?^HZeo_twBYa~HdXdG@3%X&P5KdqjV~Safpqo%&;zK`UM2JcQhZ8G_Rk*D< zfj?4Xk};PM`YTf{HgO&ATWP_mo&IHckE%kerwa>BL1Bw{d(#X8*NXMhP#BzQUe zNbn_wxcdNmYTT6D@i!O@ePz4|ZdFcV5INrp}OyXP9fwp{P*SXlkSEn{3#3Pgwb04oT-9I ze4hyagQ*g5<#9h>jK$w%X8Jz>DMtWZon+?db{lT-!}lPZ%J`O$b6Q%YYv?%$(y-Ew z6N!eH=d_x6P9!(P-8<>Yk%ADvu4bUhBHcr#&N5JEksgMF8K|^KVaTtw%w7qRoX`!( zat0UhiR6X2Gbdx-@>Ncx$lp=c7Dyt+q014IlT`@aNKX^kc6v>1trO`LVqtUKY<{0RGB;ic>(A+MAO3h{HTWAi5?3p0RU7Q9nI8_O zkzL%KoX$9V(g>aE9XEsGoKBY^Y7hun2(pUKxDWQ+g5^f!PbKJX+lMq=khp+}>AEhh zxyW&QupYW#i^5)^+0Eo!ex&8ag1;xo4HH!x(pRzE$ms zXCjqYOm`};42Dd$r}tuQ)A1UBbSRSccnLC-n!-Z%B;h@R_01a$p7m7ha~$FDXJ5j! zlW*nS@Dw*Qn&-22(1dUbd9Ik!IT?k<_Zm0wLWB+c0%ah?nMpPoq4)|Dg2_^~iSdm{r9;@z$v&aNH zqTXU$M96LL@k-z)MOyFR6(BSop1u*42rRR zlY430wiO!NoargwN?L8-ii8`KZE~yavNYt853`*x8k_5&eae&X3D}BNJMJzM`cIa* ztQ$1>_2C)OywAk(TM{+zH=z=QoU$@#rUCu}%>joHaQB*6e$R2rDk0#>%MsAr;~)MX z*3JaJs^aYb=iGa0_r6YHX(#X2ne!MP_f7+S~X+^G$b(ziW(M|;!=Ixm#P(9 z+G?$>+uOzZRy^KmGcu9 zYd~}2cI{B!(1ZM-6nl@lMH7D@`Q^ynp+DQD+^>{_=)dDRF8&np6Qmu_b*Bb3n8Fn8 zZXMgnX;G$~?@o*3QxD0SJ1x?JAtAw?7X2jAHlLK~mxRe)U*onhlBCL2G9$ZDch2EO zg1E_TaT?lmsd2N@J{IkXZ^{n8(m99=eZ0|W@?>X48ylnX(Vv+FJfuPDPv3UXDdlq2a3l!MUq7GFieVjPOr*<0|4 zTm$!9PXu@N7D_w#6wKD>Pc#R*u9uFK{oSRm2KqJv*kJICvk=Dto5U$-u|xpi#rBW-S4 z6$Nf$q`|L}_IJm76FvQ5icX^8yx}~3?R|)PCO5*{sO)aUH$0lYQ#$bm-b<60W_G!d z%{Z-_1#a9oT=#$l6z1&zbZQ%vrSLM;>P0^nIAc?z=`7ETpL^bEDJd$vS9l07QBAEV zQ=D^a2Bl5@xRK5wQ%PRVSb>I{0VK)fh-Us($xi0}Ae-?f2~pfDF6+^!INf7lkLCOH zihJ%OGee`|;zNo#Nz?tJbdRaU2Ny5YDV*_goe+6_;^JcDOa|n4kJ5#SQl*Mku$Qu< zUpOox(04zJCGIv%TPv2Tw})y;953vHiSC1?I#!Y%4)WA@?UQUFkK~?y3whY<<+trp z^w`*KTPYaqqqIB~#ijN28}n&<8&z$fpGj48A74|qiT>qrQq1A|F6@(amE1QkS8|Ot zC+2Fb<4P&M`a1P_pYVP*d#|{6{>=VY&EA)aXnYcMQ)=l0I_(h6ny5~J!TZJI`jCBP z@zJgfrFqe~J}3?;)^6*qUVrFBFDWaImn&fyS(XUNqH~iBIswtr30)q~*w@u7Z}`4@ z6iW*0{youC=wmQg^LfI#sccx|lR6U*I=bx!riT;<&mYK?=DabHI8hURt8dHNZ@`H2r zF78rqE!a!;b5g?Tev3MKsm>ub-@-oA+#Z~f=ML(bNgBt;#C@kRbik>YQ5-EHSm1D_ z{yN7hgRHz#U0i>3M*0lPf{2W08ZCz3gXL3E#Wq6DqBvSHTYfKu*yon#ZT4=cx#JO0o*k=T0&4JFBO6j z@>1#822?xwa)Q<%2evr*@dRfDIlyhDwn}h=!{Z5VmUkwBTb+D4!FLn+hHU_gF5~D+ z1Rn-Dz)h>m3^0OHISFcm9B@ytqvHuq4szf$dFc}{NQ$GS1XsyBlK=}0Rb+zef*h!D z$KLS-9Dk{3vkN&6(;SE4FyvV02aa)c9Kk*gR}hRzqy*kVCLGCmSQw(MByPHbE&_Z?g6=^8i`w6QfpK(QYi=I zlCb4gWVm;AyP^_3Og@fsoej5xRj$0tneXAJF*?jc#kirnJ`vrk;Hf=RshpWe?rULAovfo=@}>^L%7k;KNT)Z!6yXHNtu8!BY)s8o zH0fz_)gXF=%dx40ke((LtEZVMLHcDra}joGGE9+|C%JdgOI+=<|mzAkNlzcv-#2gL6Y7<_*2K7 zO%eJ=@`tX`HU;`W_xTCwB5hNWPS;8P(1qIkbfAAo(mM$0Ep7Qj2TT6fmG+)XZ*}3{ z#HK09`iV>4)InIHBiouH-SxjRMW{y!O4kIY!XkGTL&=247u};J6gAXsPpV3>Xs38ig+8-k@Du041F?1 z4PCNWN{KVFAadPv(l6&u3A*YFo#kZ&q^iRDo4C+@vz5?$(;#%;*UPI?1g!kF8~>i- zZbeeGjDRkbT)}bwS1E6HBGLIyv;^%3B| zVU!b+gnL0oUUGJG`#adpkN(O_Vsj2Tx224r2;X+uRurhaPp&HW6L&Rj(ld1;gke!nn1N=wm@S}X}7j)0|v@}TALJIFs#DTTraP*WXdF3W)+s@ z6eyAoemT{}JFbDaqmsZ4`anvHqa49;-Q7<xU zzC2CMAa#Fv^tg-$*EM~Zt~E>LnbYK|#B3uMkgPntKfONvEd49PKYmQb7>^%AF<|?h zJe>!fMmXd5(&5reeqZ^4@>~lS$$we?9QiBcuaf6{y;puOHCZqD>GCt=`Ju*9@||Y|!yeuB zH>MWE+gfYKZaAo7O0>4AHX6I8d0qY3`s&uk`mwWG>(;MrY970$y0z|<>Q;%{S}Mm+ znpE4oF5uYq=H|w>u^Za!o7$?!G;SDIF=SX{OO5O6 z>i>Uj?NeI`_M<)4E@~E5J9YKCwwCJJ`tmiLmu>BJb@dHm?Jlt%xr)`yHEMyjw#F(w z^-C0kpuTp`I1QIbG}R)5>Q2hywEL-a`gARah_w`=y9?v=hN3=^W-D~@i_<6bS7{j+ zk|WVQJs0mKtq!M~(OdH3bnLhgmacYS*xtP<4DEKWBFe<+Gg3u;rT*N;qCy4TyxqOM z-4lGgUoQUH+xc1wg`(beLqAQ$>0if1`7-;hO|CRiQL!Rpv8nQP{{4Cqd0~^2<+*L8 z(%;`mUKR1@sUo(z+2^1=60@12*BmGHWkZ|Yc3feSw({+e@@>*XI?Y~(?Qh?RQMJea zw!(i&wh_CMHU9sw_mK3I;P_E`=6I%Yf_?*KQH~`O|GI_lQt}LHT`R{fr}GaQu{w`atFv|p{;4J zj5~Bwd$eqFuw3U(G##0LNV^KZnpnI(cI}*;dBsKh%SPI@lsjv+AK74qY$|=z>9no(^otqSO@4fuGxmS&CjXhVc7d~%)G#Tr`K$BL^wzJs zLQCRzcG#utj>zqxM3Qm`Yr;v(T1{hKO~9$|4n}n&W>bH5;?7n|3^;XdNQ(O6YGc#- zby3^e)lKzv*;-xbqb8oIxbLzywbyTGSK4XyRY}l(YD;}|66yMas=cyS@eS4uB!scV zSesm48`YAi!9;tdY<11;zRjvlHnF|Bma4Y)>e>?{_p5{I_Ufo@O>=8|meo+Yc2~95 zSJzdY(%f2CwYI5ot%^-yJHH!i$1fDdU$>*i=BCwI_Xk5csIIGPO=??LU(?vE&8l$q zwN)+aYZ}+qRc}r#; zzI1v;w^_3nP9LX7lQ@mQog3;y)=l8TsGfAjy*^07Sfv*o${M7~`f zhkUy{kJ6FfDUU-AGi8DNS$Q0CIOxBHP!2g9?6X7=ha9G?*x|Moha5&fCC{WY4mlj` za|?_^4y)UA`rIZmcY;lBk8$Y0L5EvL)={Cu)GZDjIJD0zMhBzW`+JFlKJ&s%Mkt7e82M0fuv1B*9Cl!iF+@zo;*i6X2hlP5Lx`N|Sms`c zx9LyVE_0_$Eg-*Ce+bcMPBh4w-^3w@gMH>LamZoXAJH@Vqle_Kj;|OUIFx~jMjUzJ zP)8;tamZo9Qh6=Jc8)mAJP`6yF-geX^ngN4Gr`YH2|7F-z@Y={dh2wU2EZYQ*}vqy zNF3USnar>)-o>N;PM@iQ1z!IxF;hNlEA2Z5Y{Frm_7h_pd4Dm>AJAv=5{Ded4tmEM z{Z(Spku&9hBMy&Ji2PEc&qQQs=i9`gF08f*E`Tbnn?NTU4Hm%_x9OZ@K&{h3Og zCH~B0Q{2x?Ps+NswRv4R>AtKQRjpsGA1GF@tKUPimWyV2l3HC;(^`M>9?2Ss?GdkT zt!`SaAx~1rB->|*7!L-k+M7|iW~$cJYdBP%%n+3)n{_)*ZK!?hEh^H|+T6lX_CIr3 zsc|kaZHk*HzsIrXq+v?gM-+T8H(5W(IZJ*{9s0KgJ|65%Q+%j=aOmMU7XlOSIWKvq z0rqrg=j@#zw&h!;co=U8b2jP?Bkzzswu?PZO}0h(E|jqx`hCJ$3L+~?^rR-pa=JG~!Cr|WiU``|)7z9&Io(!Oo#L486!7>ihY z_bDF6QNo;!Ul~UJ1Jll26N0^u#nxV5MM57*zEGwQ3?qL5dpdY%XZCZjH%R%dy~Cx$ zF%(>|w~v$pyR^ggq+EbKuF=8Xv@Z58mc7vTk}uep+{NB9+3T-#?Dh3}B?^!7_UPwv zyx-{IuoD#z_S`qDoJR78cY|*?@t{}JWxI{q?qbQ0ythM8V#dyVyHi8(V1V5$s*vMehn-qq&8+~Fj9>*SIvtaMOF7{^0UKkT%GuZon7khWe9`6sp zURFNX`$ZRf=V@@THz%rh!5;7IwDqk#NsB#85__f64fdY*_9}e->&L2Xy0kMk-{_+E zo$<*S$!Bx*K<{1sp4) zts`!pk8+Lct@f|-ajsFl)xK?=>Tch4bcui2$LA>Qt$){aNx#9zX}R9Cf0ud0PY-(~ zNoJb>y`m(U#Z#nnPVn=G!(CGt1Lx+3a&uf=wcJqH&m?tCbHm`I65+inoKt~G32fzb zi9ya$9^Pri@gJC@F>rsw998jP{gKPc$NsQ!_WdE_>~n(4Ir~|M?oaG_mSVgk&PSuZ z{_tkIF!pA{I*iyH*Nwh9g@-6?_RJi~7SGIEe9bf0knecrzW*7|EJ1j~GxyUe<-sQR zyF)w=R{B(!O3Tgga<F z^RE=L1S06L3?eW~Ap$?(8GV*U1Ubti0_*umj#(xV2nzd4>+y3s)0Kw)9ECGI zlW&3NBNQIynRy`M=rg`Q(ldR}GSAF)5l822g&HO~UZwCj&&?808$2`T zM;slFFD>%`@|GcYFS!Lay8BY|*hm9DYmTk3IiX;RBwT zCnJu|vkD*a{0oJTd1j7{I69oiPkDYt^51%XS>cPGnM)&%KIi&to|$`l+w)%({@F8g zSH#h0?)LAVKT`Nl&&-(-M~6Oxfd&&+QTN8U$aPtU6)-`n#*h5bD< z@3o(2`k}06=DoPL!4C6S{6v=HyhPiFizUOcm=_)9iSPByeDKq-^y$~(pwDlgkoT1w z4szb@jh#ZZ?ccqQ)Eoz$SZP6LnP=ure{A?k!(UVzq0hYLv9Jts4S|aX3*_$hI$;SD z`piu}<@K}Dfs0Gg)_76vf)4YMEZ2jX|HJj=MoEs*6^s}z9;!cbqvVm(Z@|U=IyK(Q zX4>s#y8bNN2eE2@lI>YUr zv9kr1owF64=)7;3{vpWA z4Igay2*Y)Tc}-Nv%NQf@7{iQ{g53SM(6@Q3k#8}~cq8avYxp+94;p^T@LPuW(+&@I zhQt26I8YqUkwcJk;>xjXGjO%hulM>H>9iZ2Q;iN|6>OrTSBd59TnPK)XPeQ#$;kN$ zP0;x-*tgG5VSjEie-zHsSB%cPM&~`F^MTRHSD}JU`m$hikT}>JW8~wEoN-jppXcTD zF-wut;maLubdEDR4aj}lo@jKMy$)mTjYfV3?Ayw%BlmnWa^EKId5!OjzKb2tERzj7 zjMKt)pEmrO;eQzY-G+Hbb?EE37KQTgKIvdHYvdzgUpDvtN?+e8M#sIs(#yYO?3`%$ zRKsV&zFxfhnK~Y%{duL)xz^}xGdjHEIh6CeM(3x7ANKmpQ$AvCJs=MJV?CZi@E_Gqq^+85H#mHwP_uKt~(K*cM9Bt(8JG=fkS&Q8B2BX9K z>)9^jYTi>H>|ba2Mx)QW>CtD5`U9iGd*?%5-a8-a^`zHltos~te>}Wy^m*5O(Eqd7 zcXN?Z)^xUFB^Wt=>O5{Gxq+-=yWUW z%-a)Io8bD2X&=V$!;H>E!&6~@Y#eUnON_k1$WMg*e&qe>q0FZn`Bo$U3hc}CRl|Ib zma>(pkGb9G-(_^ZXLRm2Iy+%sX5Nz?%HzIA>(7ywk^AkwE@oSd|Nmt4-S=p{KJP;h zcHFmVy}UbpGyjxUc^Zxvy8g zYzLdgu$S)#%i{(sqzsQLFYBg)e%Ei!2Aw%Z=LlFHw?rX2ugK2v$bDUEVR_tYg+Zsq z=&Uz7r+OW(hvyjiS73jAhbm*fN28eVO<$#ART zGhpo}+?VA8UtrkXYj_=Zui^PxqjS6AI}QK9@O_3KGW>|)Ck;Ps_<6%G8Gh67JBHsg z{13yQ7-pU&)R%W>1m4SVKf?nIGlvrNhZ}bHP`-V}8~GH&(+$rz%sYL8%_9x-eYqe% z*6=FBYYne6%=6xmcZ1>0hR-s5f#Hh{UuF1O!#5jt&u)F)ziZ@o8)oh(l;_8We`fem z!^}Sh{a+h?(J*tDLFbQ#nQIF2zZw3g;Yj0#pp!A&-Ec3%{S6N?TxNKr;R?eO4eOn( zx$Vv}?CzI+8`^I_EHygJ)rT^#GF)f)M8nO7HyG|Pe3s#J3}0-RF=E*6*9_la_!h(V z+Ys6HGG8O<%W+o?B*zZIhmsfW!PZ2!|+*#`Dtp<=lgGg zFExCPVb*pAov$0d)$kpL?=kG=G<-Q9F!Co2KW+GV!!H?r!!X})3+3T`iGe>hoYBQN z$O{ecYj{7yV+~I*%qtdy9ezC@xZdzu!y62D82*Z3o;?LSR~o*?@U4b#H++xb9~kDX zhruRe&A@z%Ebwm(^IpUtf7|eThTS}g-*;}F#Bh4>ml*aMyX5(6(PPI#q^O z8$QwS>4rBOKF9D^3}0(_o8fO7zRmED4Bv0~XNDg&{Ji0p4FAFK+lD_hyxVXAa}@rV zDK^ZTFoXO6!@~_9Xn2C*$%c7rX0UUp;U$Jw80Nj2LH`89t%grF?B;xY`Oh?R-oqK} zTw(ZYhHo%@tKr)X^VZH_=O>2UT#(=HuZ^6ycn1Bq4DT}hzG2=J81xGa^HR?sA7FT- z;W37JmuJwQX?THQH+SUA%)35={wl+~=`+aN4fDp&AV0@2-`fjvzPA_nM#JAQ{2jw~ z9_d~q|FPkR3_oI+w}^&qy=a(uq#%FOu$xEnb^pl7c_C=f-^(!H*bDLjhDRD6W0<+4 zpg+^_VX(h{Khnr~XKK)2Wpv!!kuPVf(cvwkLI2B!FM$2C4BjgmbiQWz>xOSNZ0DWs zF>>A`8s&Ji87${SEWR z(I783e30QOhIu7v(Ep<06^4&7tZp*bwlr~=_h6bSJcD!3uXR4-c(xRtNoB=hUkpVq zySNeZp>0Qt!yHrva$nzx$UO^l+ttt}$2x>_Ow)(5x$@}xilaP1o;6H)g4}J_m!Iv1 zd6-JW(+n?weO(SWyx8zE!z&FRYj};}M#C+J+YN6p++lc&;j;~&Yxn}g7aP9Z@YRN| zGrZmK&4zC={B6T`7{15w4-DUDc!%Mi8h+UDV}_qJ{Iua`4ZmRcWy7x9KQbJdxrmJ6Lc=A7S?3dupT36Ob9{eX4Ki}p`2_u;hDR74ZMeelM8lParx{*g z_;ACE4KFji((vcaWw|v5zAi0B|MTXuI*iV_hCgpE>vE&B-SFqlWqsS|{J`*ihIbhL zso^ILKW+F~!!H)`Es(z|CKU{tdb3EbRNSp@v78yrT`f zd94y1$Z~F8%X1|HN#{AaP2SK+f}lZk`8=dwU)t9^iSHnEi$RWbrW1tVLoUA)g_h z;CZ%qvgdhXUP;M!opDP%bFE(KS;LFyc+ZrRc}4VjL~?@X{^FB7)3zHtQ(*HF zjGW__IYYQjyr1U{V%|82ob{Egg@!q{U;7tiy2rI__g*$x%su8Io_K+e_wpE=X=G>A7baf#AkZ`h4@_0Pl=g7MCZ5S%RSSdF@K1h zx%us$d6(@sJaZm=+w(`_yFAlxu||`;J;guv+(*osDCE2w_UE4W7c-ZLoO9yWp6SD0 z@H|}ns^?MSH$8KH{Mj?>;@|g7ANDWL3&bq!!anB>>#5))#3i1O75Dbc>spy(M5jia z^~|dUhk0%hkM`Uy9`E@S@f6ReiD!DgP(0r=>*Eghe7Sgu=c~l5#bUeHh*<{!-!5h? z7R>tnM$fF@X!Xq8JoA?5{6NghKjEK>&-VN?F>{#6e=fe%Gjs4)d*&SCEuQGGeuK4J zFz3^4o|&7!%QNQ_bC~G-P5fieABcbIne&YKOmsdGKjpbV`{!BD{LbJd&&=7s;dw9d zJDxcgncKupU-7>@^XkS(eK~So;m8^=n0fsY&t+ozd*oxp{XKJz4)#1=tXJ7P9oB1& z^SnS@>6zCvGS7*fFN)`SULt0m6M2hxvFBFt3eW4s$9moa{$(x!JO0I^UQh7 zyeM*BfBB&2`^2n6L;jZd3D56{nIlEc+Q#2{=DcK%6!|~ItWSeK6f;K(bB_MiGrzU@ zr{`iZ3xCnsOPueS*Kn42?l0zx2IveF_xH^6f&D!nARg|yR9xYiwLOzPSBekuJY783 z^9=D}p67~}c;>a4D?RfX(BnPxo0WRcoX3rxYsIaedH%pUH_FU!0XBJFCqCPAi}-xc zZDM}gj6QEzztZytF>B$FpC)E49L%$eTRgKi^E;l;65r$b%i?=IpCf+2^LgTjJ=14A z;hA-vPkZJW$ZtKfUg#CiSBc;B{0%Yd(q@gF=h#`_l> z=44bTSk;R1JyXsS&#awcjUPIUKXEaGc{%iA3M|)CK4y`=9HN+ksCPl1CJXvb$LkM8 z?)52axHp+*c!A+%hF8I=53W%@@CL(Y8@?FUzQ$cAANUr-_ZZ$`_%XxJ8h+jIF2f%g zF4VXxY^$%~tl`myD-F*z%$PXXVT>Dijp25~TMTnA7WA(+e6!&@4Buz?VZ%=we%Y|S zNB+RbGa4&|?J|xGJjk%Uw{`chejm*=I)@uxX}HcXkW|*-{kS{a5%5bA$yY}F0BWKJJ z>|AH~7Q^=#-eLGL!_OLi-S95M9~rjK{rjqq4rRz19&MQGchKQF9eAiMyHYkBk7?6`x*kDD-MV#Vai+3dKAiVE|0(xi#m?8I@El@iLW z>b7~_;q#L>cdO%~?~0C>?{w1+6>FbPbfOVax!#CCpL>V*AE+Gv7q=jFVQPA&BHK4R zVMk^9$-Nnm*!0ZBHN7ep_g(Cgm-mYDW>ze|WN}5^;>GO)=dK!( zJ!(6RlA(rwW2hEGD|<(idM$3)e%Okmdr!$i+EN8*{P!rUDT zGD#I?W-l3Cm#t`@d{1iUf5h2r`=AMvFHP-yEE;}yYW}dOAwJsrgq% zf4?iW^P*@_A0_O(CK@z^aC@}#vE9)ily|-(TZ;yrCCvYkaPXj|!uj9AZ2nErpju)r z@t`(zZ;f{TSov;3`5`ps-y03OTd}P_i3a_I@S$k__jZpSBAnkh9zNlKLGKB7{?--p znW*8x)Xo>8(S0P#e<|8|+wN%e9MZ?e*cu*>UP{LC@#tE@N%8!fcE9?>M4P7PNG*&eISnUS(KZ3io$Gebe*6PTMr10x&#vYN z%BseKBS&TymF#TTUFy;nq$;~tOgwW@$&}R2Y9pIEaY|}YN&az0R55Xfldar6{_ziH zKmO60^vX=>FT9e|Dg02 z?^LE&cAtIY%0p+D3|m-QGdt4RK3?VPo|JDvy5`2k(o#K6s9V|ngqkyNTzUSPUuh`W zcVX$Jv!nBRuN{B%>_sInrsv1IRiBSmrU%mrj4I2jn{o%4>!z~mrn2oL(>wq1i7ctC zfBU3VEu-DU0XF}ypJ-xAt(UJ}s`RCJ>cmS^J;$W8Tl#KsCeG~@70%3Vxn#?hcJ&7( zS6w}D#H@i678R~NBiUoem6Y_!EJ61iCKmT{1MB2=V?i))=o9E#XINbmzG^|vURr;}HP?N$+l~!8 zPR(Bs&)@!uimc?v?&|pK$nJ|ubnafOx|Eh(KK_~1z}e%|Q)bs+o}Jlurfb%@y`s#_ z?95AM&&pgkq^9iR3x2I~9yadiOJ;A6cjQOD4s)+7ttq>Vv`cN;__8ZX<4o~{@%2|E zy-WTXpSW}D{p8&GXl-VVntW~g=+xHJC4j3BzgEgRw#NVDxig|DJK^F_UEy?jJ9I%we(C?@@;3hYXjrc; z9Xnob*goo%!`?VGf9sK-Y%JNT-Ck0V8rJu+)F}xi?he-$v?|k@%XD@m4j1Nxg{Xj+cUA-UJRWxpV&E>Oe zt|)zwnn!({8$3?yI}XK~Xjus#OQ0_13G2dfU>pXl685Z}&JnTC8_= ztkgR>YNFK|k+esr>H}V9Md#|xf|u&87uQ8MMBmUGEbf)zozbJwucGIpSE6^K5A|k; zOk5QAi2KC-<3aH-eIfYF)WxZrQ@5qQpL!_ubn0)ZU#4G5?@IqOJuTCo*^ueToRPUR z^JwNDnN(hJUjMv7dD*<7c_Z>h=T+oQ%wwz;#oP+(`;+<;vo?eQ;Q-y-#$)8mYfNOXVuM4UD6>=95qA8s-k2Gqhp$&{;#5#PKvI)!(M-JgKiAlt1Y7nx>g+)6q;- zt4O}v+H|}`kJeIg|IGeh8kFC^KAl=pGccVVICDt%{M3Z~YE!9HdY=p%i=!E3t?}Sv zjs<@XO3(hC&yQ0FXSN)53X~Qt+5lxlb50$UpBLvHoSAwWkbiJy+zKEyH8bKUAU!p6 zz)B!9HPi2CAa81>`!PWN)Qp-gj*`D$D4Sn)dd=xe2E_3pW$o;n_zZp4WVvcJem_m1 z^XxKeYIOxKtc&BlXOv~)15ek(!Z`oP7J~GVjcxg<$;vrwV1B{if%$R2%*h;t@sTIS zanJnJ=>6JsjJl>>FepD0@001hkg$KI+o6Q}(ri&ijk8bO-yH^Ve@*Wn(YQJl<(I@; z>I&2G>Xg19(PLmdzPmDPsVj>ALtj9NQ*nIexbZiV`i<1!si$vLxHCrv8y2mKHZ(Bc!Kv>H6EPq8%0)EQBq{M4lVbZ+#@ zFCH*3FEc3Z|?@=_s>W+f_!DR~8F(a?R8E7!90PHg9BYyjjIbv+caTI&$=AFV63)BWdsa zls@~L(JKbk(gWiIdgZ6e_fuCeFfUKV-W;6-s&u1t-j}KY`lvPo`eoXaKCD=WmU^1_ z0D1a1y_m2=eWQ-OjmfbmS(F`ItV6J9)Yb)C|IuChKSy~v>XD=39F^p#dx7#kF+CL* zx-cCVDdmYgGlYaLP*tY+s(iy|{ zANi8x9~W#Z-n7?@KKu83X~6yaUtd}^?2wVW)64hkqid;Jb+?>$UWdMI?cx$Sw?KbM z5AG;|y6l`|J#$9)*inzgF1R3->8aR->Ho-Fl(!|`LwA)D65WbSMvO{^iRCTv1u4Do zg6IFi4HP80J(-S^iu!Zul23o*GZl|@DRD1KT7!mnsZ1W6edD8E%$3}*86O@+ARQDI?JkkNs!zrQ5L=F_^+YAWSg{mo?Z z24Ol=FhjATj9|Hp7i7>Ypc9R{<@L2{`Y7+~NDGVA z2Sj<_L|PK1XA`+ahrCLf|1OIPidiv`{}(D3<)0Mgzelc2@!3fKMy|pr{ROu3_j&qT z(zD=AmIrj#2PUF|KT?41^|evKJD7^{`WC!?ub^1HXjJe9rH%6WTu8y6be3wLrO%Vu zf*3f}cCi z^j7N@Jep3Lw@+QB;DPiyZLY66xTxTvGzE)#*S4&W3LZ;ixNqO@Vfpd&LyBbkGD}{VDw^Y|f1y7|Z?a;U%BfWxW(v){-s^5>W{%o4sj7arcg2f~@ zI@OPb5CzY7@y+iC37n_pmcRTrBO}{H+(^CEFu=!g0 zObKVE`eljz!D-G-_3Mu2n@)2QGX2R7^G$Qy$sENxScYfQ8rTJ z4p(BDCK*`f;$#`rs+W|f#?wO40QOF*vR;4FujbS$JJqHnYHljJCmi?GslK1io1Va+ z4N=@1@&1EO)o-aMizp3N4{%e^Wf~tiM_a_#@$t{BGMAAVH@K;ObrcV0$L=p*DtjZ` zW|j=OT;)MaJ)uUlTZKb!mPlh+_x1%RANE~I=1QU`x%{CN<0!=la%Tno<>QGX$vGSz zMGoA7Eo!ZpXBNrZ`Qq!Y%F`MSJ`N)(4ID2S#chx*Y3KQrb zzZ*X!{0UL|$Rv8YHaC%e@(x$s^d)y}KIj@uz8+6{j21j1{f4eJ!`Z(R+AGv}uez3C zQOD#p5-u-^qRIwsKYlajU>KzanapD*9y3p<9v{U&OVN-^C7)0|E{Y#^(Ke!dXD5Cn z#W8*!aasR)s!Xw)6)R^K^K9H5AdjVZwC#?N`;}N065J8;lq69!g~|H6dhnvoCFx6M zO8sE=!6{0*nDTuP^Tw8u?1$k9T;u;0sBAQQXVL4p%Ii{H!wG z>$UbxacrLAwFbD@RcKA)C%e9aNHHWy^Z=5FATwUj*9)-!44|Hifrk_w9 z#iL!URIz9pkGXmZMoY7DnHnRW;8JN z@tU(;8ZV_mbB>GgGoxr)o;Je6?{A@58^wpYW908>>WDeqZJi$vMbidJlXLKCZ*!Tm zGK-jOE_bnNr%CU{B;+Sv^EhYa46k{-i{0Qf7kkYS8oshm8eG}~UURjJz2Y=m{MMIv z&1SbfZtvN8i;E3bESkpUp5Cg%Yi>x&=`~MH%IP$3kS2Bi25GAM8LsYU5L4aHbecCf zO_uJk2cINO@i~6`d3`+9jD0yI^D}fpD0#IQR1uJIk=DJASxN3#9wvV{MaO# zyh}&g2vQi?#5X(5>BL7UHU7GbFLs)R+M~^+a50MSbScEgawhZCt`|A(PPw!AA|;ds zp*xFzjuCAzD>J<3gkt}}734)yrtxfz3f@VYD)_ETD=tnnce&Vsibd1@B+a`82ax7E znU7uS3dNJced6M4iC-wic(*HThvL&q)g$~;CrwI`sqwN@hgJyjGuGan@foKn?$e@a zKTu?ij9e~-iP|aqyK8y+l6yA0E^Mcg-Nj=6^oi1NmA^(%77|?LZbJ5XyKw zZfd*~E76Q@Iz{)8M3XDkNZ*lSat2noL62rlRrzUBrlB7r)$NH%F7;O~b(vB*p8l9i zJ;bGUQ#T$>W7!h@MIoKKJGbY#)LEoX|Dkp(AO0DnnEKe%Ns>)dIgnKt8ACf{b30{I zj`uR3FX`P!%Bnjiejjg@u4|fAg0hg{nx;(>$uwu-UZ-2>uFi+Kfz~BTO0Lg`xpKzI z_4z`nx+Xs?{X6V(eZCpHAz>KT=wCa#?mB&wGO*3~u=G%_4{xCygswm5p=;UKr8Zn@ zo&7l%rNydRxK_ZO{kc?UHet3#f1*{;b+5`$){R1HzysxH)sa$rrZ!whl<{a>#}MUW zq6&x|8el(TXlo zbPA2`4d=ZVFBzh^yU{p8iSEYZhtcd;u>IvKN%GP>3NB^)6<+q(jvKD8#ZRaiQgTX#Z%TrNYT3^30 zpSHJAm6?7fRndL+j)(7y#r}D&)cg9HE3@u7%JqF|YB+q~g?+NF(gX8yHBs*|G1mgR z3@ODohwcz~qt5|0d#|{6{>=VY&2}5hcIu|o@`F3=5G^%PU0R3i7mw>h_Lap)yD|*T zi^laqv8-6Tk+q}4CVI*6;&{0dMv!HRkSyvC$e^wwmRuqC=jl%=Tp=s*TRE`4;w>=JxvBM99H3ao=fvDWDr9$I%kmaIbBT zqm`VWIL#AAS$U=EuX8%veTHRT;-Y98E$+z%%cr7>ZG@bHakOH#f<+1HZ_W)7DKo*p zbS%YD6~V{yg^}((y7h_&Z6n4#Sz&aNmxSzWnz4Qy9Y@e2pN=+e*amEN@?`{D5_!iq z;5;Wkj^KhszF`}{tbj^F;NI{P9Y?TT-kAixDK8a*I~*QIaJRfu0q%A3B?JuNRWO3z z$U7C__fEcy;EhDyu?^Ve1#82K+`oj+PSaa(EoUC-P1O zNa>O->jYVcO9_U^I~8DdA}2V`;c*13rcr`4R%R zk}W!pfW_ES*{}`Z#$Sy@z%W~7B-kbItN?#=@)ZOhCh`s2fWf+S#L+PXUzK+zf$Nh< z$2NfBtBexNkatFbSx&x$fJORF4ltmVKEY8z4!F0@MoS2e4RU}L>Cz|Qj7>$GUC6mw z5YF6i;ueGxH=MWh5zjaS#}l}>$3`m%K1iel-fSjx2#MM5@t{4;N)XI4?R==bj)`m3 zSKlPBCMNiXd`eHL3GYnAjDyc{TU$!NkXDbKhHraaz*LQL2D=Q-=gLdOnB2Y0J6gg} zJn4LLiYI9A{D-^>K)~@Lo13=-p=2EF#n|w;= z8{ugQyD;fpb6XC*uT(d*@YOamwc=;(8Rtf24#i2;9f2Kdi6yY_FTXX5?-;|_x z5Yh$P{Grz-|8}MEd?Tfg8WY|wAG;5ZICEtEo=e`?LCBPhHAVW}iEIPm{f=8*_<-1$ zdP32p!_PGz(ciip8#@SJPS}OXH6Yh~;Tl1ixkMzY?M5}%e7ltV_ry{MA(w?zbaJkF zNPjO$-$0n8cQzmKVwY!Q2O-xCTjy|@p(tEs_HpU0F60+urp{z7b;%n$2rC?S7A0Jc zFcq#w?1|vepXBosE>1WkJ9`rn*#<%`S1I#ZD)d(*=^cbE3Fq>YzBG|-AmmzR^P_)q zlHNhch0Hc3>1|2+2Eru0v;4%*PtrRGFLT^kf6}=gQvYyWwDsqz_{}7}gOE$0-4)@g zN&cIacDGA!b>V-C&8{FTzZaEi2O*bAYbsn_F~!C8XD+?fg^!4hsm`lu?(lq08oQiU z?%?jcpza|W;Ci2B1X+32RyTBsBhKZPB8JPZ-5Vjjo6_^$9c}40^qAY~roA3y#QBMt z>7R+tbD~^f!X=rlg)1^`A1=umS?ugfxjH`~k2c{835TM)i#Qi;nvd`|j$2*$oY*uU zSL@^go$G@?&WVl=77=B1l~yGPxM0WbqajX#8Li(WsUZVV_d@#4-fNUDQe)hODp%`p zwWl88Vo$BP+Am11X#|VprJ^zj(DF4q!9IUz~7>t*1E zJ&gpr`O#l5a&uLQW`vxHC+<`TZ+F>NJfa{OoUHJQE*Px8Dl7r*t=&a%l)T1JjoW}# z@|j2zHo1$m1a6XF7is4Dza+0)9D-Hy=q}wuSJNC)SVq9HqMrm1tdd7}*&ez{ftC{l zh2@{2u)->=*h3-N+7g03^699xaT~z2)u-!0it1q%_AGp&u*@oSmUxvANQJM7${ zfP}Wgag&Ez<^Cq+@aXPGnQYI>&ksT$FI8A3Kgr0c^$_`C@{^66O=woaJx0wcM2F#C za9z_+QNn5RSHwDARe`PYSIS>4ABGf+3m6alQT`oyu9;jbxnLb8&xPkidG3g=m!~7A z1E&|J_kBzLZTbFc8oJIA@}uMz$R8@dM1Gk(W4kZQ-zk5$Jii*>Ay0QiH}s19Yx4Xe z`A+$9s>}p=&i60Ma{{lCKTSTIv0=FTdG$X|_QG~=5eFCAg#qRp^1%`RsXT*D9?5x(h^=q4&$F8YvtvjWP!o>2*^6_J}rN;Gj_5Z)N_NlD|`_UdheA4qYjlNc|Yip^l ztuJ50dEVAuS6AO4)@~GQO_Nx=rA95#*49|1g*b^~5Y*T18D|5DL}OTYT%^n5be>u} zPM=lqZfI7sArj4h-A7 zDUG2kH?qx4oc?2~sISy_brcmU=;rP2?d_i6SmvV_K2O?O-1G6l#_qI z!v&AHf~cLe%urfMOHhQ(Sd}h+T`T$)N_m|gu6_T@HKDfoKdtz0lkLTnP|bSp|2F@N zA%AaIx{UtDZcijlk~Ci;$t%+8&Ri;ctFWj*e>a($Ep;tb;hG}f$!+SPPJfb1O@EHg zEVuOsqt8kH!RDeOZS&D2Jt=%)QO_>L_||48dM;R@TDBlXdXllHrR)X z^GLb{wF0MBa$s-tjO5c>NG$&-N!XFZ3SEwjzLywIm%EZ;KH<`JkZ(zPsyMwR&mC?_ z+a|}ttw|-HOKc^wo0I%6B(jvVoYW)b4z{pYR7P3<<7re*r{Guf+z$L|lKcm)|5k~T z_9-qJBu?5eDe2Z^8~;kSk!TgVR{A*Ud(KMQH0@gP)2GJ!8{NLUC}^?o|D5E!G?9gJ z)0rgQh$*-4Uh>=llIZ6Z4bufArKPRqWj)J6zN~N!G?JSe@T&k=)jzW2**jZkkt3kd;JvfJx z5`{8y4i>nE{LhW<(0FvuwoAHWYVw_p?(};mNw=4*Z)|j(!;7I7?Dg%5_Nzu)N6NdW z(%dThCHd|e_QYfr1MN`m%NTk50gmX`Xa zI;Yv(UQ^%D+*)7Nrk{#8)wPARx~51U9k*jCsjrodHO;N{b#<*t<-=#%-F926v~Ie}RbPdyudQlXU(>j@7HPD;$ri1> zqPd}=vw$_Hw%6wh_=O{uXXj+yh&DTB9fhc^ZftB5H#Lu;t;eVx+t)TXjcHulUf)_x z((3G(FOJWSX=qsAlq7i-B{fjnkcGIcoUndf%b51+nno@1ZE9|>Zjhba-dRJVcQ!z- z;8dJ_F=4#h&uZt^sx{SZYpT}Pb=EE@jhiH;*05KcwLJ{khWgYIP_?dFN0|L;{T?bh zh}AmzPJ0ny`p_x%cqXpmi29GsAOAxd*@E5t3I_Y zI*DzE!`y9^wpiCvwV2H{)t{oJwrgtEH-z%lHM#O>Px=$hS&6-;^E7e&8s?m;j(#4 zW*xqCdPTQcvlmY1TV}X0v&pI*T$ox4H=m?)D~LlUFnWQ}4J?c@BlsIdS$S@H2oaUa zFObJ!H@KibSOWA3nFT>V+`WF5{t%_3Pl!VYZjeWQo;(gY%#08=Z62ha8@w5cvcdBMCWA$8;rea(-nK{CSV>QAT(PmlKYa-Ia?(1-U?h(3>XaL8fmj=Wq0aj3n4wLW zabk86y?J6B`Y<8378yCrlqz!GXBX@)QynUTYx53?=wr-})Y^B|+2m-EiRAm>R%*w-hD zL%XryHk=omjXuv0SZPXrX8c0m$YTZ^+k#b8r}LUP*koojoFido8vWox-@8fz>=WWX zODEVN#C?{|cO=K=9SRqyK+b-7+o|g`Oo__d+FO%wO`z8L#_DoE04fjHO8+h*H;haM z5#|3@kD=qg*Kh;Uf3M=Mn%3HpTtS z^rWn7TbtLFlkUr^LG1d~RSm7x>+1KAtYt7zo}^aS)U?*0yhn0lbL}4S>elL})f!PI zbxg8-hKON!u&TWom22X6UA+dE<;jF=d9qoz!bxL{+B1c6C=O!m%Jh%S9muy=yk z+FPSI+X*h%sFxrxX^ZvjZKy)*aqb3t7mBUDcAuuexnSd5#R8MiE_-Yjdt9f3y<=s} z+S{Ns>qx`hCJ$3L+~?`tsWjUEztj7Xbh>Vrwhu0p{d*DwCT)wU2lWZ{cvfuf?NIzE z`QU<$Ur7*{v94k4-6x}L-sn<0JJmXl3~&)x;GL44V@w>% zfZ)w4jlracy?y0_y)SpM_b(07wuXaIdcoe+UG%n;Mo|+7fOkRfGJ)N0|7MLnQ~|cj zwLfgv{SGi>R`}F!5(Y%tiAWQcJ>=8YR=w$(hGSoQ$8+vA{$JGwC{JZx8WS^ z6YV$3mz59YopA&TC#Qr#uVz*}fi24||JcFSPSWV~?@CIozV53v|3IZ*ajLp%F)oM@DWH z_ZZ2!x1@aZAM7G)@13O@A4?WouovPXwDL^!m)${5s7YuWRovh3duiIOALvv`>&ih{ zaH@{VUE(LZNtVvTGMRCtFx<2>TlrDctM%a3~QRru+2db&=Rc0HAiceO{4 z(&^H!N3e0*Gg5!f+)kHvcXBqK?Tm=hx!NV-w7W8Qs%U1mGvf5^9wR?j@J^TB<47mH ztTR!Rc56C1MQL}$+W5$5o{w^k>#g=zcbIeRt2Mb;avYuH<6OgftNp*+CH+6T#IN%4 zRSJ9S-?zJ@-|geHY;X3DoxUrt{fs#?4V064J3y}!tMD#kRYCnItTvfHMxvp*P zgs7^jZtclHS6xQUxhb^IomX^&XFnm=)q)#1Q?2kGRL;S`pC>OgI-C`;-_`7cz+7ho zbL|bxQ5a|SM=mQL4~CL)Upyq?5enj=3G+7|mar=u9fh1LLpT8yk3G*4_f>ha3UPh? zX+n8mY|Mt$@v`YGtgfI;;a1NS;|9Zz8h*#{&^XD9{(QqNhA%aID@N%v>6A^j9d(g)2R480r=&qQhJxarkD1)t*-? ztnT`GxMz9@Jt_mt7qmriKG9d!aF^GU*SETnOh}} z&VMQ7S`9N7OC0`*!X2KObA8A&{lvqbnR8_u=>J;buRJq{N*wtM3ZL`Loa^sAzpn5V z&&;j9;hDbYEziuY{?+pb3jgMrxklpHXRiHY&uMWakDNJC;xO~{g`RsT3(No{v;`glFb5iDRGps1=^MA7fn~a^_iy!`!>^jVqXWS>o^-h4r49 ze?7r7ef&Dl%)g%OxkDlMcjRThlQ?{)!p)wulArDQe1+$DW*(I93!u++<08+@gMPy^ z^OtwS{gb&3xL9??z2vgyWo#u78w!_6)f!xbpp7mTj7^zl_`n+6cc6;VIzzBJ^3wId4*f8H^L5I0^eqKer zhRP;fJj9ug_W>_^ z@O_zZmxF_xcpu%zVuyVXyK#^>7US5jc5K#1WyNLX(Wi;zt$?LJ zQ6WC)SHh|{-OY}!>jePiKF4v~O?Vhp8 z^$0n|J{OkF3l!pm&5Pmg`XhI_eE8n(R}F9Xj7`cHbK@&VQDT34hA8mfhS|+=U;UBe zG~gAExH0lUf2v{HC&+1^z>5qYW4PLIgJJH0Lf#I;Tz`Yy)!mo>DkJ}m;nxknZTNk| z%ohfm<%a3QgPi_3aGl|k4Bu$@M~26$uLyY;8fM%OehT6XhI!T*^sBtSf~d*p@GY*ObBfW~Vsz-Y!}0%BqyIG{zt!;f zVc&-Q0wDA`4~j#d^Sse{%jj@D4my7|I!s9fo4sM*kM$D={ozJ_pphSJz zI#;=+M&~G_vkJLy+j^t3*6ZxAyr&rX>9FrB&N0ljHkAMCud zptFydGBXAnVdSHY{2=6hTT_kBAx7tLBVP>rG9PRBM5EIzc5S8p=?vuFKHppm%s1D9 z9los=1|1}7C z=s%7A7^6SV>vR7#$LJhs_$Z_QC9ltY**c?hy5Td7{+GQz_l#E=ov$0d&FFvE>vJFX zfYJGd;b)Bgb6&qf`fnSZe;VFx^wUL2`z)6J-r~^yLky3EeS41a`YqC*VRRN5UTXA@ z^7_mttTj5P7?!OM&euiFb{`zGx5Z}a-xSN@mLdDQSPjs7!UpKIFh zko)7|Eu;TuBmbw7?}q(3QmE~Ryp%VTt-p~EG4heH&pY1e@KV2!cRnnSJ5(Wd`2q6^ z+^b%X+}r=Q;k#gY-1iis&oz*D1_u3K zz`hNCYveB(`5%q^U05EMF7D($hO>r;irFsrL^F(hj+gW6=cUMf`Bxg9V~tL|(P=a~ zXBxf&_U(2(?CW(a?CpQo=-(}-Y}}9EXY_w&^dC3+zx4XtkN?)_|K8}oZS>#u`rM~~ zVD!_vF$m?+QvF zh5B}beR=ewOjn+-%g!Jp&%*xL7;X3v*w=S1tZm>Hh{HYOaman!))@UpBR|Q=PdD-{ zMt;7LUu5K8HS+6WUxptWe#-D$urKqwusrTPh2j3RP&fRc%-vzHzmJjsKl0uLzN+Gk z`#*E;xl59pkcBmDmrDWx0|@~n5CREH3<3%PLO^x_p`t=S0gbF0QBe?gOARP0woyK?t>RYKT2xe8t9hR=!^F z?Sg+Uc#Ghzg0~CiHCt=*DZ#r0?-l%#-~)nR7yO=JUI(`JKNI|=VBTl6I^PR+F+R5P zkl<9o8G^F~b3O_iH&<{M!G(f(pULW%3N9C1DR_in&Ou@0P7pjz@JzuM3cf_}62WzX zR|~#I@Qs2u2-eq^OnYk(^7{q>*=p?U7V;Mbzbu&NKeiqY3f9-Gj2-=5 zD#N_bYxQ|9WcfS6-wXCI{&a+GELokC+XOUSbYw-cK;2DBv3%*G30>PIHUMBcz!TP$K$q(;M*gWt{-j;tMnCD1VzE$u; zf*%$9gy3C*pA-DD;6Dp~OYmO>|4s0xg84ybo40QT9~Z1}z_vQcg3|;y6WmI0TyQ7B z-30d#+)wZT!MtB+^Ds>CXu;zI^LYTPKU?q>f|m=f7kr)In*`q~c%$G=g8A%$O_%p# zE%TnD<=+cFAoz8`?+X4v@FBs61%D&>s9@d;v*`wSeb2PpWWi~ITL{LNi4*#qxx&Wn zF1WYgzJkjH4-u@dk(xa48mYC(du^6y2wo^yUn4bfuNCqe1aA?%Rj|GmYT`aC9!#oAvi_zJVPFrSmLHa`;l zcfnr?{#r06>9BD_f;roXm1hd(G#*yoNpN?;MS@SgW^3be!Vk-%1y2(^Q}8^&^93&v zTql^*gjoCfx~^&4w+s2t1>Y-JU+*>goKnQv;gl(scMIMln3IlJowo#kDEJe>oQTBg z|3|PZu5E?{bE*=npDj2pxRc=Sf{O%~3mz(Xq+orm*wn*xA)h5!Un@2`3xxdCYsEIt zHwc}Z1aB6suOSI;^=kOJ zlnXg0qp^0z3O@CEwbkJiHI^3&zC!SF!JN6q>fbE*7i3%y;&QK$KOmTM*I1q33iucKZb9qI`ISYcA5xoA-J{RGX!&T2^+VM;1a>S9&UBc z63p3mtbC$i&cb8m7YXKUJXXF!@HK+37tBd@tiHZxjxuxM)H+uFu;5*SpA*c9a;*Lv zg5MMTk>FFWliRr83Z4H5=2SaYCrxm3!P$c2f;$QBCRko$FBfuoy?um`j}kmh@Jzv{ zUVFEBUM6%_3Fc%xR_9j1TLfGWF2Q>Rza*Gb5?TEZ1RoN7Snv;ItXy2Q14=G9nwdP;ei?C4xCyk<}k9xJK|K!5D5Q+7g?Ty>8FjF!uQ({hT4j ze_Z(7jD6lF2DWW4hjP>Q@+e0e<&uxp-lHi5+r0In+>{-dNEfHP3C55o!8B*{cItDF zRvr^N%#W4pbWQ%5uDy?-pKmmBKHq5Nm1I+v5rRhv9xJ#;@Fc-=1kV#ZU+^NqO9a;m zULp7@!D|Gs6}(>XErRb5yixEb!CM4x75tFk9fBVb{J7w!1n(03oZuG(?-RUV@N0q( z3VuiM`+`3fd`R$N!AAstBlxJ`V}c!VjolN>XYXx0!8F$iP8ZDQ@2!r0#?rK_HbNc~ zoFh0-aK2zZdv9&_63l1st-QbBGQmG}k7k6>86|kE;2Od5-pw2#pC@>};Gep8Qzvv* z2);`2dcn5{zC-Xv!SdeCLqfho@FRkE34TuS3xf9vJ}CGd!S4(HSnv_S-v~Y`_?Tc$ zH)*$HRB*cBrh;RFa|GuJ&KF!Pm@}!^w8{hz5j;xpSiyY1z{Z^ORg2>O_4zR|#H2Hph;&f@iZ1O}hI2nn`OQbW@Z*Nh1pmQsUohJt z;|>7-(QrBV6~h%^wlQA+;_`)HwlT_^LeA$G$!);AKS<{N`DDW#z?p_Sf_YDnI-S65 zSL8n6PKNoMJKGZFeAkWN<020N_c1&aJe+Lmyvi`g8f-I^Wx$LVG$=l17)J@O{-TZZoizi*iD1AStc@0A`l%)aWMh93s= zULNf{4G!R*4w>%<@p*MJ+X(O9k$KOV&#sf%KXG~&^4s8C!|b2(4f8%T@84196L5)P z-dpB9JIdL1h8t%8G{*1=@C3u`lla^_^|QdU47UW&Gu#?nYnb<$ml!St^FAHp_5$s7b(9Me84dKn}deefq9>fI&5nn8@>blnc=&@M-21%Ti&Om{wDA-!<;lJ zfKG*S&R~E~;cDInZen-`nD^fI5ZX2E#qUe3y)J-hbX^co>+oF;LF-%lmiaQQ)Ty zvn}s2Tn&EN@Lce#hA#xaX?Q;PJ;MvZe=~d;_;bT-zyC0N4Vd@xm@eBg@8yx%W`pS0 z$#;YKP9B-}nKKM;0k<^#0Jy#3o#0%5%l+>o!SQEVem7CxqtJXBjx-~z$=Eium8m`-#y~}N9ybX ze_;4|Fz-K7{sQ<5!<Te0Kd` zhPi+9Lk`s8yT4(>?|@Sce*kW2nEQ8o!$-lnhPi*AVVLg)_b}W9+{ZAV7brE%{dH1?&}>4 ze+BMEHs^!=4D;Ni%y2rm!Z6QMMi}OKN|oU_xW;e}c#7dp;F*TIfPZEbMHySPl-(r~OGItp+2X8Vw47|ngXz*{z=A4)JM#*T-&a;M5 z#mmE)KjbkEUY8Nm!z>!qBwn)fV2qTa}-y-BZ2ebMQ34UBK&z-E! ze!=euJ|y@X!4AfwHf~gKOTjsUd2VC%`wOlVJXY{D!93TtahC|@If<387tHezE0@o; z@*LU9cM0Zsf|VZ>{IOt;*R9Sm!4a=f&T+HV;W*eb$GDb@1rHHCO7JAX9FN+#Jm0j; zF{tIWg6|N#Meq*6PYLE2(b{=U@cV)f3+A}Z>T}#?IbATnVPfTZf;on>@-o3A1amxR zb!G~lFSt%H&$+DrErK@*en>FKTUP%$!TSYs%w(_49ulmdt7K=-1;u&_}4pLu4lSgdcK z-bFFJOiNxqbVP+e0id4-Ch&C7Jtda089=mE9&h<|nS7^@tTe}xX&%>>rNQt zhqXzhayqd3PGG@z8ta^>(%&etTIgQ>Px;X_Pm0fO(QYoL!E3A1&qMikL}EPrEB*e< z?|>b&pz+UDq0R8QDzc4^8|0NZ*9{MXFW?0^35)B6`Kb^$5C&;6Er~_lX#sNWS4uS%siQ#mw;V*C_7dzf&zWC)N^`en`uLF9K zS&nxfrIDnuls-Ud)Cuv*zPEJ~RlHB|AEXJ-`v;M!hoix-m|RjB{(}D~hscR6aDrdc zmX}mO>Az?z;)Fhe6a4mD26%i^D#(b*>7he>-6;iAuQ;L4Xg+1u`A+CC1D$Zw(8s*d zki@I~p--5i6X9$wp)dMC>^Y%t81N-6L@V$Yny+qvllmIOZ9)swxA3I#@@VK%#cVif zb&OE2TCmR2lIdBey1^4k8&9>(suE5#jh7ok4=KKRldku?&=cxnc$%j1VrA%n+5)Gg z(M-^{~fdiQ?-$Su63UiXd4or*QUYnM)5f*PQ0X{padVuMlmQT-+b|eGIhsH^EDJ^HF+8Oi@%c3OHWJO2I>JBT+O6OJ?Dl=5p^7cVGTGL=6i!M&Gn!#(b zNN@ATSi`bTiq}HKLrt~p)o2FZR^8RWRzI3vHWW<)16wf(y`V|p5X+l>x(%K_Z#Al& z3Ut`^Fw1pa1Kh;I^K8s(O^1i0(`%^5Ea!mx|Nh*>oNd|v-g06PhrYyVoRSzdl9-Yh z`>&mW*q@RZb!r8AN@C&Xz_7cX#Tfgq-UfjpPF;wawf?@R_;+Da!IKnTI92e9!|6F; zgSQ774gCdTk79ooMW|qQ$CFjsahgP5gR>bfqef!BO*x4oCc`~BW|vcAa;ii-Q>Tmx z_G5A)LrgY@Iq5LTVC|x*=g+FeEQPZ${afwSi#chEY(jDxLCzJYrvvn-G_;e;>A4N< z7pCoI@+Ym~@a4h_r=FIgPW`kfb|ySIwO}FU6+@C|Nj>->4s7cQJi@5%EO z+HgJn+>gxPcOfTSOw@%x`QxPvr*r-nJ$;>?AM!Fi$Do-h&sx+e`t$2qk`Lhd(=`Itq zD{3n=fMLl6i{>zvscqd3;5Bg*<<$*_Mo+6!e$^b?)}Oub|JpeLZI3KnbUk{Z%rXUD zo)+t)1$z_Sqrl~X$}ay;=rEtmi!H;Ce5Yl)^T#6RAc8_ROi99O3oL{B00|C7nCVrV0JsPSueE5{md>l@7F;f^~&J?F}=G_(Hrs;dcQtJkM;Ru_I913Hv)c}Ct!jP zo}xDje%t3ry;nsX%7=*U!CO&wdwd0!<(&k-?Vo^&bUzbJ`6ywJ-yyR0n!=d0SBEg$ zmoc6#6TgvTnes`(9xo4Cd-}c%{I<^S0Jp(v7i**EDfZ^T9_zX*R-DQu>{Xil+4zqD z)?1I!qj&Hr_IAMDTF7XRS0rryCZ1xC_m23Sgk9j(3oj`NvC|*t?z}fZd%V48?ae;L z9-nbpVvRu0BEOk#nF;V&gVhAH*sw(aneM)r0Wz^y??@94Z`hW?Ok<> zy|o?i%pR0zkK4uC`^72t&c;s4?O_*dkN3r7{%Ycl`C~h@_I8|NkN46mY@>jlwfC!2 z?6vHO`41pt{$j$OzSjnSAyzI2lkv>&DfVbne^&^u)w>5f53-n8sKa$X{>*Jr9rhgb z*jL(xI$S;kSf>9N^wJ4tv0?85WWDUj@$d7p9JyF+y?k|wy(liVjIu_cXOZ7ElJ;JJ zJ?hb3XJOA=nuo++CSm73YK=f-k*=sNr&mkZgWwFvSwBpR<-)mHqHhK|SE12uC78w9 zvwrJJ`RQ|0VW$vFAaOMDg{RM*6w&kNGL(6CPa0h^e@RY^fmr--=DKm=+*jR=*AGWy z5ew(SvfJ7Z$8{yKaBi$2#?N{=eQvB&XS4~YWmnIBYXootde&R%=T>T50=kEje)dp} zOF;K9(r+FFFrvUoJv7skJuLn5h(Ld=(HQ9Txv%8bW4Jv!`_TgWsqsb=r_Yte7T&mU zZmY@0%baDPygZ(BVa_s9KkKy5@6$55wNJi*b^ec>JBbt5#xp5UVytS}o@^zCrl*ZZ z&H3tS^2C_?$3rm6=Az;z^QUlA?0Xz1u{Aa|n*`m3(^Oyg_4hIRyau|%#IqP2w<*(v zxeqGS9GjA901I~4#JBwE&qAQxXUWvn`uxM9_04X_tl0MyV`S*$z~yScC7DMy9b!Ip z46`4lelNIOtv>f3o9F)2G5IeeLw^Wdu2#R2Y|6#4QkLOSWay8D%hl@FkWJYqQOEE! zGW2J{#)s{~IFJWcQgf-e?) zh2ZN2-zIpc;1>nIF8GAtX6R0AdE+cSlI@v1Zj|$!`_)mi05&Ws( zN6_KhygeiM6~X$s6_f5EA^(zW_9?!DV)v}*g&f;0_KsM#&QOt6_VD^DlUQRY;94dH(VD@QNX9n5y6|)6j zBzS>f-Jh7@Ksx27y`f7=v^U+in|7u9cEd61n>Ld}eZ#tMG3|uqvTa6}%e0MNlpEH4 zyQvf1w;L{ljxE;^>YI9~q}-H|^(*Ho4o1% z%H)UdFWPkfLN@6(VIN}BnhrVNU*y7vKKPCx7xssl#{SJ@W1sKD+2>OAyOJiY-&1bN z`>fy>4I@eCWy5S={FZ8_$ zQ^xj!a}CozpKhTJi_pU`?dbO-A!l@cGnG1Q3+0A+!;_0*L%^cjk{MsoZ{@mO8M$sh zrk-^>F|6BzVZGf={p5v*pNB`vVu@$U zipA4p{*z_?Gi5#c^eu{U`CmU%_Wr#{0LK*WhkT}N6lQ$nx0|>WV&n1KQ2)&mGj%O> zHwhWPS8tbx0BulKyO0^5`b>KT8WYoH`YT2&XX}69If0Q)S9>;TWB$L}t#og2OTEHa z(^$`4#ex0t496`ijNKIL36>R(x@lD5%u%BjwH`99 zV{Ck%w}(Yij|_?r+xObO)%hKZW(?!AdQQ=dbLbX9esfX$oVA0CHpLNE6hF6h&!QRU zny`1yhXBza8rCfUVgHW|4SM$ds9Vy0%o%&$pEh*$ z+UM4uKj?rOXuckDl@8b1H1BLyMj(px2$f_%E6^+yF5IR_QLdoqYss5J`-aWowEnExuYV& zr!Qs%oO_;sdc&Tlr(G6%pxCW?K6ZPtTe~OLI^MeH;#)&!ZFno1nRWvH`U>Ew#tk|=w zBR#rBU+9qeOgioC|M!C9D(T@DH@|t)rz>A}zXBV6Bo*WFi?`OJ=Yl@(m%?i&O_ z`t;bUcS7+rrzlbri}mW974`M|7ggjV3!SopojP7t-`S~pCncWSuX$Bcyk)l@cy~22 zscX+}p$YBhHd%FvNus9xnu0k^;_pN@Hi9Gzm=7TpKT6uIq<}-zQyXd+(n&a0@(!)oNc+uz=-n;JJ z_U@kcPW(V}Jf2mV*)4zs$|`5}EA?%?>{h#|m*_uJJ=RM@b*J{hP6gd7vYfnb#if&1hli3O}{I8`54H z(9Kk0qG24&c%j1~r5gvfqi*Z(dgXYFviyrcG?295#p(a<@v?h7=-WWq+v%{f0zC=mXFJ z%>JKr0OzvE;+j(b4dc4r#V1{2qna`}>Jw5xM z(_8G`edxIAvTlhxC$l(?2Ix+2ePDX452v^6@-#MAX=>|N-<*0{7uf%~SmB~RkGOjl z1Y)s8Z9eL=!418tI`4G%6gg4)D&BHB_dIX*3^%mJ`L;H9cH9jua=tB!Hs8>4cBUJe z>+Csn!kInDt-rzfw#u!jb1F9A9eTuj)QR5Pxo7(9Rc`%OC%U?GPq+RT&YoX7v+r>$ ze(OY^g`nbLr{eccoAZ%O{XdXQew&WKJ#PThXaB~n--DOC8SiPQ;w7ieVCL;zgt-;3 zIrZ;5ZSJM=#R|%8Rx>OPbn8ENLe+sb&oZozf{F#I;(C?;Dg+gmx}AH@%pb$BZxEKB zpT&5uX%k;lVTYQ%8|kY0ohR~pQtd5mbHCd2iORp3f~GK$p1+XsPH6L=sQRdzzmtM4 z2tzj9P`=xL3NlckOGt zrzv}dw|dsEGIBU;j_osr3Iy-B#_Kb6jr*`dG zQGUYtaPLtaDKAadLYK7CRGKTutSCk{j83InIAm36D)QFzgfFXfi^KhT^>s^AE4o`f z$_jh!qA=9u#Gt)Li}oH{gU9;gd%xLpf&0HquMJJF+Iy_Vt&Bvo&brUt)6uDqn>^6A zlU3&Q+N{&e&}l-s(yh_TvqBud7wP=g1oFbsrm=CmqVA}in=zE>5-3fr_fGss=xP%h zI{t&7xUrYpEab6?oRlFI4HOnm>+4<_DNWsTgb`4II%9#dvciXTxjz@;!d~fG_Q?+) z?)?Ud=cN?~7$dx7U3~YUqGu2F>(jL}D&KE^SNb(y|JDykSZ)$~h=14hH;g&*Z+IsX z?~)x&`}>ASJb&2i-Dg!?=qzoRyS=tcs~z1lx-KpbSGMRD-9I_D;gSs5$h$>LQ%8pV zG+TeUp&+BWC>4e}4|sk_!<_9Ehfh@Tkl&{HzniUkCpn&%g*~P+GoIVJUw=PS*M5b= z>Vy+GT7O|OwC1bk@hoT-r{TDpicsIUPAJXi3Ye>Y z=&rmc<>{cJ5HQ!UYB<;GjMO#L7i}dS1YG`c22^r@G zHyV$R@Q{yd`!CI}K`%C8#Fc5tZKyX*)b2fcC|u*hNW#R#b56Aozo)Eg_pbTTtn1@N zBfM+#KkeUTgtj!vFL*^94Lt8@^bJ+E71B%&vP$Tt6j@SLO%K-F$UmkY`p?W=Rh|<)qxiOqF=|hD+Ws2dH zDYmGKx98*I7?ELUTAG@d8Oxi=!^EEVj$`{_t5l{gNvqm2YT~459(I~0tIl)i#{#T-$zF!P0>f&P5d{-S)erUFmQ3Jue)u z-FpoE)SlzI?4_wpvEtd|PVu@`dymCmRW%Xp*&E!#e&f0YPd~hsEy58j_4Zrxir2+A z_vqTOb#K3#ujQ?2>|_|2zPftNSGG3x@1OQ&WY4dTSMB`<`OOO!ry=!|JG!b%nk2Fr z4WNJSwYug6`_rK5`9d3+<-9ObJb!SgtBU83sCK=g{E^4*m75s3jvX+&IvPH<#@TVm zx`geR84?`GTVNYqzc_Tw@h;(b{zw$R#r2EpS087e&V$Cf($uqu4tnm;pr+0+xBg02 zl8{zZZkrh2-)1#|Dj29!yI z6}hTOD=LN9|~aKgx(!R(6WtNgy{H zce1BwQq!0jYU6^1U$mn9(Q&+O)3a#a=q};nso1YyKE^{qWoqjj40qojk`e2+tE_a_ zAy+mMy=!(aA-6hInJxyKuxQW{s;h4z_SudohzMH&NaBxe3NsV^K)mDbDy)#`Hk~i=PBnIXOHto=TFXS&YRAc&ezUS z=eU!tx~T4|m+GemsMiqDd+WSgygR+Sy?eX| zyobDpy~n&=-t*ocz1O|Jd7pVly|iGf;ELe(;Qrtlp&p_6p~az_L)$|w!-K--hR+Mn z4KE3gjm(HFjMPP*j(ivSK5`=BCG|==C+V)FJxPB~>XbYpxi+~jxjuPa^2X#%$y<`Q zCO?$CBl(f!$CIB+-k1F60h3$PYr z&BfXYYa!OYSo>hbZE=-{wFGNttc+8HwI9~5SkJ(Ui?#}v##9%qIE*L^R2A+b@M4f! zMZ;?+^KTOWCgN}X6jBZTZj0e>72~cMrLMx|3blS3#r#`EGpj1`cRRFRTmV?Hkbiaf zTM7Fcg27&ckVY?+oR*~SI`KH4_f)HJ<6o^}(kt;Y4xX^VyDI_wT$K?DyDlCf@`CiG zIxYiqU6obh;$=5RSj0DXs!-gJJBEc$UySDqf^Kyl0=l?PgIKRXVBw#Z2Muu~}6jf4Vs(L3;xPK;apf_8eW z*G|_x+Ua8DV)(qEw5{(oVr%tCmjt%|nrr(K|SWxdThoDkrM|hETl13zGVj;TESF*bD_NxXp3VupBhb6%%%<7?Nv& zwt9DtTHZZ??+U~gZ~Kj_+M{t4s}6c!xb!il+IbjK!0`MeT#j=J@L2@6otLFL zS*1`rFF5Ge%E|Fgbi|&84;DP48-3({wxUNo{N*Y)BNWZKbjR#7%8_MA)pERUUY(b- z6zaL5Z0sqyp$t$IbZw^~8tZOv0Wx#`QubOqRba`sCj-h=DvSnE4TG$&V9v-qubEQ7 z{rwrrzb8%UR=hB8#RnF`#iu3CXM^(^EbE!74C zbkO$w%q@4G?3G)pcL&8Rv(>xlY&6RqG!`^IZ0eMIdX;;Nb8v+8D?j9p!@gFM8w&S8 z&)3SkY!KS0TJn%m*pP$so*dwK=<8ajmU^#LEi(enrQ5b*Gep&jnUR3n>f+VOv|Lq$ zJr0s2b>qAwy+K!9g#Jebl9U%s0<1Vc3Bl21;OZtxYIS-vDS(Zjq7RlUl?JI79!RyB z;Q>@h4-YKhhHaU2OVSm&D%cdq4Cu4QN*)B4!-FS^9#k9CBRB@)u>PRxA93+=Cq4Zi z)Pyb2JtLHw1GiB1tqlcoyhUooL=>zN$BFBhDt!NT1>Q?tb zy?DS&`IQsEzR2V6HoZ}^Lhe{L)r?R|PHs?dizhwYDnkn!l~<0^yM0`@Ea2vb0#AB# z&}LnXQj}>A$lgjP8LH>xVV85*?PP}V{6jf9Fl_S^%dsPzo5$nvlf9C>X^!*It@wr` z+BEuYN3j);&1=jBB88ei=_2Yih^jM&s5pvy7a(0kL<54w$Zq9azz<;LUeM=)vir~= zu=%5USG)8vZ-C15@wZ-2m1QwcHMQ7QHMf|l+WGjX7iRB(eG)~(zT;pcDb)<$tw6g& zN6{?gR^%x!4gU7ca#j0`kb71h+h8z=Sj(NAx-dcH3awKGoCcPDSw^TidW`f<(8@uc zVHTfr@GkOj01<-RP)dUpco(6dxv*L8o7zTWFtOPx7!yCP_2mCd%X!jl27K7Kgv`&{ zVFR3-SN=PkL!bp@;e4ro`!`4_}rpeKINSF67tg=5>)+K_Hr=AeV4h3{w2(2SLZ*hyXME9<{Y#g3Gq zV1m*Tl#-xmf>MKLqy^mUq-ph)YF5B=y#%QQxd{q{ktd*sSa5ta;f31%x}bJao9JYyeM5k0 zpxaL@+d;m~L>!!gAWu|Xp-$2rozP9!hHvyZLz~ux=E-HnaOl*sh9NRhn3r`ySyl|1 z(4RCetAVzx*h6e3-4H-ZvdnAoaG9?+-wSCyl$sGx>ZWj3D8I~Yz;=lNq-|!t0>?$x zDgMAB(OuwgwF>WR34hfq|nD~p63 zgJ19pOvQ%wde5cA4ZeYl2Ie!`nFDC)Ff_bT$bb`=g&=RVwj2q50F^)m<6Lzp;f#6_NCA|%4Xy$xJC6k;`Eii@Xh2{dI9{?jx*sF&d_Wn*EGZnZ1xlySY;UND( zK8c88@T0#;9^hga4|~)Ld%x8GF=#}Hfvr#qzFP=?^7HVw3I6qVa7sVs=Of+Jqx@J~ zP$?$qMIS@Sf~oo=SCJ?`r5kLk_=ICL^^!{$Il+AW(WUh0tq=wKt8|pNX*7oh&Qg5n zucecA4}zNT54quU-C+-h9w&kx7|6uaUcsN%Xrf8yBJ8~eX?oauf*O2Qv5Ee}!GiJl zz+%L=_BJr%4oI2!NlM2MlEz#J<5Wca=8$Gi3tp`*0Yulckk=~Ob5i-mq2Tp8z|-wJ zxK=S%W$If52%r2%9LlPU*)T=LA1iZzfVY zBvblKru4Z?>9CH1lxX==YuR&}bwoacU#g!&lsP{**zJji>zCmySCnCx%fgv5ob8G- z4A)VNWzKD&%Mf;&_232`>HZ7xnl)#W_?4@tKG+{j3*4DVB{LvWX{rNED$N2+WsP4` z%>xf2%6h-1h&q+!P8M~ZuzsZaCnOha88{E3X1lm4E(`_BV<`$TW2p~C^z`ZTB6VI&#+GQj8Ho9_?y_BOz53%%LT)Qz&`MKgOl z!9E^0V2dkQzr`M_yalTw*wF1qGKF+jCJm#~-Hv9$qd(V?Go^yhw9<%K< zOQ+HRFAttpYgBNI_c_RKVBL7|JC(B?GgIVtTS z4&BS$&I`?QLibS`Nr@vfp$909I)NLJnb6kGh!^%Q!heJ&nthJ);Y4Mb7GH(`3}%cU zPHgf4pa~-jx_|*X$zU}66~8^5vL6=0|Hy@&6I$Sezh1*4>1bm=@NJV|YVCq0^m z!iDFl7vO0c<%1*PyA=gwWvk7hX`Vnre*6EQ$E8uCvZ#zUjV-skDm*gUc z8R!I?Mn2w*(3G1{w~(ol+*{OB0(HLC-UY3F{yT-Unx}^vr-2{)5772)H)MABeaB3O{Ct{!DkG8Hj9f*(UQab#!%~5^iZtd%@vj4zB zZ`N5aQ`yLf6S+s%#}L(S{&dvaeJ&?HCcin-t1^hw&bD`@qWNP`1mk$F$~@NH!m{{mR zMV<&zCzt*fw&K}6HKkK2#h~(@N+C1R$2s9kl<1?`Ms+=dca$ zvFLFeD^3eAkyF?^2fhfqoD9lYRZUoX{$D<#L1zr4X{iw|_UMfDIk9Veic)NfTT zShc`qgB<Rp zj%vk#5v$s`4oRG;t3F+^b5~V;R`@#15qp;6^YIP8OkJa@%IUod4L}uW3%tyrHa?TE zP+%sZ__K*Xg^7F-I!)`&{y|s*Qu2 z*q9>~4+gJ8+J7K}Mk*c`)EI5&Ty2MePVcAKN-ouT9!bTGFC}bTs@0kxtRD`b*S;5dUj zz)b^G!U(rdq|6zNJL_6DsZmxwn)=WyzY0(UDBS|MUTchZuSDExcNs25R|V?cjXLGO zHtK_)1F($SwdNSD37s`fo${BBPU%s=>pHxeu?MJe+SC|d4OeM(%1#!qU$C&cCr`)m z06c^}CztJ5)y6wA(GMJgs26&!?wl2T8i5ZVtOfMKXK0_w*omU8q z{sExC>J>5;uK|@$LoBw!a@<1n;TC}2h7O)^^$|@uaOI}vtc$Pljbmp>TSVtF8mrpa zE(>XNhlt;Q@6HLtiwS(SW+q@LE+RYFIh-K%7`)yF-%nsno)J~xmZif+sP`OHS{3RR zVzy{z$j?QKL@v&njRL5{2z3TyRU6mBeplVR4zqRbgUw1F$ki7-dE_}mB}WzNOCC^o zU7(V~3iV|^V$X%QA_f?ZmM}n#4J02;L4vA~*}yLD413js?gwa{e%GirUewffpC1Hx zFjZA&*V6n40fwlm0;_uVI41K!-~$NM*t4fF+aCn#>8l>jBNrD$p)?A&=M2bnYzli_ zq%}tHaK#ITU3|rn*TNtA=U$ZADX{Xw4G`Xfq7?Ap(iv;7jgaVrLkIXqVO6dCg9ABn zZ~%urR^>S^i^=xutj4M~9zh=bNz_I-Tz^Y^YDMhrH=ZZ zHChAD;5-0p^gUQXt*Rl7b?P}4LlMf2rt267t8;lxSaDWG$Z?QR8=s1!m(jKQnXY5b zfKA5aCc%wN7llnGvG0f^dW*;o~ zm;)OniwbcNZm+LLUWe9KwI0IPP+MgmaI@ulJfgqB00;f+_qd}{vS>Pv;ZuV8sD?eZ z%_rUWHPRYfy95pkzCh9nML00i^RO7{{CN}Z9 z7op$`=jI*;;zm@xz46V_F1X1HtWa<3ClNa#Y24N$5U~ua-PYvBZLMwBTieCn&V+3% z)V2@Owv{y6z7`Sngg^LvJx9XfSpz(|PWVFy?Ks_D$28zlA2+gY%-%T&}~e zH<~N7?^jxrGpjJ^uc?XMWsR2$-%Hd)Z6>%^_my8?^6C zDhxdeO&;~mGMaa3E7eBx=h}Cf*5urU)LdXR@6}=wjpjo-z1NNA zHtqXXYgR%NO3w2}^HD#a+&z%b$NYSX6HBt6I=(1N+6J>u|YhI=`>!8Uk z*b13t+4t(4Z8kPv(7tE1=6Yy$g61@8>OE|~zMyrOy7>06qyFr1$4oT1NvUL#;Q%iZ=ZZR9#e;;F~m9*-1{!dtcoTI#Rb#$Vwdx)7as9I{W4 zf#TX(NZ^PrmYO{HY6Q{ziwH6Yv5K1@<8d8*pdJ*OVS_%hl)sEz=%LGB035mmkR8V4 z(4`e(a@gBe%f|V`4aOVH8D(g*j}8$Q2lBwEyOK@JDrf6!kGiO8?H4kr`=(>Ikf9(8 zS;SpI7cwcxiaQVfp|jBemLYHNvU+qOTLyFCzY2kaIguQTxx-`@$LhiLka29VU&~G_ z>cC$h92r9uU^8q+zI3r41hCluF_u{DFCb&Fn-!_x0w)@( z+5`)&anvs3_*{+B7WkT2882L`(c0e%{))?g!otuDbXyaU&N5i>bG}5!%I98o$!tt9 zu{3xE!Ut+U4p5itf=+?A$Kyy{AA+vbhoCE&&k%C}2g-hBJ*xeEY~;rhk<0&$xExP9RfkZLS7D)K zI?i8S34Q?C*@#dw9cMd#(%#AR`W=b3cNzWYp8l+}b_;yNS?caMO<^~!UJd>M_H@a& zBe1{*=#uY-1XVf%%D>W8S`}Iz3w3-Lxfr?>!afLXi4mHg;3qo4zc4{&@9#Q4{6e12 z-XZNRgtvSXqUw=(m4jB(mj;l-{{-(t#->r>9Vq+}2|86Rp)dvt{-$dlVvAe`6{o5Y zAr~b=+UbzHbqK%Y^firMj9Tdw%7^wJ5KwY4GUa<+wE3aGOvXSBVSA~HKC`FRj3KDv z2!eQe&0cQlGTqu=LYW88g#2&F*V~A~-FO*vuTAKh(`0|(Q#A*v0FvN_fRrRfo8l_fbV}*YR5EbNcn};rp}D zzAKjEq9`ktZGSoMHaJ7?g9s&YwlGN?iWcgulyhf8#ujPcboiX1FF=zghlMel(n=k= zHnHcd(*DQjKNFpoTCH>PBK(7oAu{(mg~+Tm-OWXoIcP5N$~Mm69BkVEAiRwX*S*j{ zUeZfM3DoV!QF-XKkX`7YVxV4(wsCi8Jbc`f20vmfUFcgU2NRp?_xR z;9h8k+n~XBoY(@FH+2THd!uZDkR3L%tA#8DrJ>%Pjk3~%Xe1A7KL+gnnK8FO=@#hi z_Vx58sdyfO5>$$6k{1nGz3S`GWZLD4WFAxtY(ODTCMQCIUYutbJrSXcAE7(XF4!{^ zSfM@(xSEpQQ0ok}#Vy^|cM2Wa(=gS-6%D?ma@Wt>e$XScxlo z9qlEdn7$Uc9m)06GbF|IWu|xO*ZXfwUuOCNetrHn1`+kezK;4T9^+N8+dYEvqq2iv ztE!GT!02pHS7#&1i7-KZfqX7NUm)+QoU@nWfTK>RDZDL?%;8l6b9w!yKc-^U0L{NxXtp?TlRpOYS(T z@U+{%lCKTwG-@7#G6UJ?_<@u+`GFazNrHU_a?B%Q>cH{cJp}$ikB@mwYjPJV$-iIB zD9%_8%iU^P;}J-dgdMdrc0v%BhYEP4dXK^U!xabm$96^`lRM-?z@Dy&zQZ`-xQFEK z_gFPe^j~AGggxGN7<(6To7|F#bN>?gr6p$~A8!cW>FLO*^`D+93L7IJ=Y#SZr;rND zsi8uR^F47Ir?8z`RT9!e>H(x|2#FpX3Jl5QsFplWWWs?t+Q;o6MOg`S~=vs92DK2F2OG3ws$!j}$cy0Y!{b1!NR-uZ)0>ky_~e8jE;RrZ6bb z1wd&yzgC~dk}|F0#qlOb-{^NjJz5Qs6iv^=5aXW)8NgZ!-`Pt#~+RaCc;=NVnk{REe7GN z0-`Z=IB4-_Vk6-a0t4`$SoEmIsiMPyh(9kJ3FB_srNd#3A3%!x0dzVi0sx7Hy&z)J z$-}B=k|T8W<#gEP`xXI-#T123N35PxyW_$J(h%*dgO609eOIoS*FYMneHcA701^vh zp`>)I!k8aX7%LUV{)oajD)`%G3LR@~+)27Pva!T;dSN}iWWK@}sc>?3xN(&;mJXF@ zVQd2lM_4E7)H*Q;;wWXjff5b@Q=n5->$G7&0|nhrQ!Rv~=u}ns6ANu2kXJrg>)27ymH&8%>smR|L2q^EUbhep8W;>y46F5l-CB4uP%cY!g z)ML#8@vj%QWxpv_)A1F@H!6GCHhdARXWQNxN8k9XgH}+^ZPdSt5 z@Mi4kZHh|BH61=Zh&hz$Sl!0v#TLwc4tDAAfdZw^PvG%uwLe^h(ix?(n*GpfAO8a9 zQy-zE$D0ZRSF;R-%Qzutp%Xcg-N1Ym&3%pmU3&3Jt!G)kYzIhgGQ9gscie z6H5mWGD~NR#>sTHV?Di!&d>^D==9cDMaSwkRuP2y>NK_?d#$ZlQJr+GZe!n20_jGq zOs&y^m2xI)vowl$GN_kw{4;LIS*~l#m-_!a7ecw{`2EdfI-{|kUM}ul*z|M?H0pbo zR<|)%2r~zRu}Q!YT6YQ^tJ_$vo{$d0dUCm}RFtbxlqeUX>5H_;KU;YrRy18Y{jhpY z-HQ1Qq`}%(i=G>hSkgf#4IRHFPN73x^gH|DG%oBCu#xB#Yn)7nrUOph#~Mt$kLw^z zEMgZN0HJcG(lM%s5~^(=WW#cuLcNEwF`%)tTG;W6b`Kx#=tHFM2h##dOlLLL)3+E8 zoG2q5e=AI;Gslk0ZEDoz5tLX{D@SY*`={%|B$QXfl2(k6){K?7*ulsU3A8Q;> z=kHi`QiP*gUPb47D<|;r8Z;6*yaR|-^^HKFj@k-Ppygxe@YWwx==8y=RS3M%hm6q~ zZsmmWzI+;-SsH8T%)zRo5-!p5DmuKi2kUf}W7R5zdM&S_!+UyAp>s1M2p z!zaeI9l{hXucD)`6FK8~f8u_uT7~d1R#Y{eqZ-FYB1jc0GDfEDx)Iey^@^N$? z)beF@4TK%OoX+DKr_gy@tysm*z zpygF`iZqU=(;KTU2w{kpSJ63N)QYka%|&R0Hu3x}^pB6&Jttl9=4UCXQJG}Sns zPAjZhg|I}+YgWQpYvqI+eL0<5G>)gU$(PdM4GE-4XDe11T+%?;uH{v9cqalXbY8-$ z(*tyh+3Df=$hPGu$pf-jd;V0oqNzKIpdG-@VNq$ZOIIZO2D+p1W` z!=pjKSvEgWL_VxFT9<3wMR4>(){W<-eB6q!s^L`imvEl((b{Gubj6CI*3s?Zvv&PP zn>cl(Do0FET|(DaT_#i$CF7`xbNSFJT@I1JHc>se;$VuV=uXgFn+T`=3_rY%F2_$Y zz8!KgK1WvLqo==`&Z4i+NG{2Grgbb;Kg-xIYyLOVK|47G-Zd9GAq>o z!4I#a%K;>G6IroiPR6%GP8a9ycA@j0Zu&=0Sp%kitsza8>2K1aNZb$G3IsVg=G zy{mNa;ySt<=Souy=ZKi5=w7e6R=fVtIMI^n{e`buM|ZQ&+Vu}gC#l|s;AB2huy_fd zDrlhpE-PE;Xc_$vU`?XlLWgSf{@SW7^R$}Xt{j&)hWRFJ*vAO_3MH5QiL}$Y%&p1>N$G7J2`Xh%#@6|3LN(^io&ruRu6mftd3RH+g zkUz*sXz^U6BUYqHhoQ(Ps@h*#!{1K_kD+6NZK#t6*?1kC*tGV{g{8G8F0QjE5ygfl zBRr&UxyKu*$4AJLp=V|E-=Iw=`d4~y)uKf9d9vf5-y~Xo<0(&~c6f@zvl?;Pw^5Xc z$Va*S!B)aNMI3mAxp#Ej;Uc3!Y6ARAlD3e10BjM~By{eDU2w6o{Yeqa5hSug z?+`6YWaWPl_cm}|P3!;n{yxleDVi8bMupJBlu9T{QAnZ?Vw#%ifoYm%rc_EHgrY+T zA%q+`p5la1bO<@(gpec8A>??<^Z)Z%`?_X6GdjQj{r|u2*L|TYrhcIpg)>EB{-Fl;Q`+Aq1U;i%k*R)u_Cfwb8TdUQdRA2uC z?E4fR1%v?`oYL*aSbe?{8bWe>BXE3nouu5Vv24T@Bn2q{A4z4bR3^ zb=2}!a{NZdF5=+IA&L(??ONbZ@QE-)GVJBBwMXGuM=*RX>^_+RZBxwfqad!k5z$uW zn;p~bZ+J|%zv87)QtK{iD`>`z?9=A}<5#xYmL>Og54MVKWf*Iod>(KSyp)7q*c=%| zCo!O6GGbR=>`uh?Sz-4O1|#6}kf!sZ*7b|uVb~Ezas~swW}>IKZD!||x02)c%ro37 zQ+qEwPnF?gG5hXtHhkg4{wWNX2d)Ysb>&g#Z<;tIzGrR@d(ULRS4#8=wsouTKsFvS zshlW^k2uMXkb?FTmBVYwPzHQsVIAr&2ix(>X>CQ+8KSQ6lD~bh$#+zqs=ur9s`6#^ z_@H_cgOg*G+Dg#hS$UYhvhpy#vz{Fv#$ZB&!)mb2H&!0zZ>~IyudWxutn@-T9{nbCiCY8`8ZU&^V! z1_kiwogaHEp%DJhUEbV-^H7Dl9&PNiKf8viLfzjH3!s2kC%D=S4*!c#!oU9L*v(D1 zUmVmflXbjpceQYUh5T=fj(_UV@lO!CzHw07-Efg@^F5iaF#N_pjB`);LinTM-4z0u zv-`kzhj+(w;2Ge79_zG?6`!QTv@jYQ|d^OKYL@O+3K z4bPs%hv0Wco!$(-4g5avhrk~OKM0?v@! z3fs@XuYqSTf;)B|41#9|!bo^`>^8Upo?QpGikz?Ze!ckG?vAZZ&+kECckHF|{J%lu zt&oN@;YYypy13Kp!%k{{d{1$V|UqJxTdY)+rqo!!^g|T;UZ^k zcqlw;#6fcXdE5Xy`2Wv(=+1oBk60@rN+f>SsWE;NU{tsm`d&4v6ThSxjjI?Hbs9Ti zd|9WmlB)8uPJOCMCylF^&}nQ*Rq44URS;KK_UO{R`=|-y9Xr)bm{4BbX-Z95MRiGs z@+qB*x_2lmAKj^Z+{jL2M!{~w9bG&2=-8zbVk)0hTK4}|Y=4U7|0DaIs;5>*oQ+oh zOQe{chKg*=`0C1%QDq&+^0`!9Q(9U!8jM>Kj0OF`r~*eKr>m>Wi^rB!kBv25f(47} z3(7{--{vKYB{fqk%c_BRcdf3e8dos}4BO)>D$1&Wc>SyyH=YTB5F;`|ZIRk1kz%iN zB6S`*aTDoes&NRhL~>3uNV%wMA~l)6*q06=kBD{8tKHriTGNAWIwu312%JrZE{d7Q zHy^8KrbC1&Q-mp~^Ppr<=Novf`u(mRC9%L^DxwA!=r#3BSVx6Wr~ZVin~E!9A>34E z4iZ^EF)xcc&vPcMd17XUGtfjPbFxDs)8QA%u5auI7>nbZnS+FZd1f;)+M3LRoZ~ZQ zgo&J{;kOZtp%$q-5vbxC0z;-Faf8%yFmk8?Zz#bU&@nn^~^oJ&m#(k9_| zMo3JW*6W|aMTj)A^fHa{3D30ipd>S7fk3Cc#vORKmWB9~(m8vA z<&;dGw1nqlZ%$4Dez8PG?eFNEUBLVNIdXiX)fD545Y8`keuy?Mj`3wlg=o{f3h;7q zzQQubaZH}3xZLvEN8#$mB{|MMy&$1DrQ&mr<)Tx+Y;VSr>B-bvQ&%!n z(2i@vxVnM;`ghRh_-w+DaS6FBPF$yOVjewD6|A*fnajt%NZAoxQ@}9KCUVfIlBfsby+gOPK9au`CPk}|EJgX`s|SH zEUSqW7JA2Te0u-a7H@QmtbUW0dvTq_lqQkkJYz~Stcs5JGM}&%djx7-S= zK;54cPDmvSXXc>FO?}}kVV+yQ#TB{M_2;5R>_;fefqe%OCWTo^M$_UQ3{w)n;Q zA=L~2+Yuj}AJTZ+f7}1o`5|xqs{6h6V(Q{MI{uAwZf3aPT9jvo`)++)Q!Wpd!kw8# z({{Haqd=h%g6h{EQ>jLws7$i^mUnC-r#XISguIR~_Y8Z?B%mGN-@G!3oYvttE^06t z;wj)&{U2k@2{BIDL5wWSag2$OC2>8H2-!D{M=||)p8PotZ1yBWH5_ZlxfSOqYai}q zT^QdsslYiF#~vY8KAqB`=z9Z%PpwqQ>2$r+#MgwsZog&VxRR;6V(~5hR$OP@9dE_; zb#}Ok()K)xkBDnb-n{9YR`{J^%>YX3*VmMI%;cBi-H*gEObfPiLb=TeH)R}W{2Ym! zTX8A!rWb8^t}`uhF2v9J@Kp3tgPm-;BKI3e;!=Y~N@{Aj6?U~Vi_fVpUy{~5jn4pe zH>|~bcMHtxG&vmGB;@!FaZ7Jo+zg1X%at?2A^!HO`s1NfqzWCx4um;gtZj4bv011*TiI$~@8h&Iwm0et5*s;;e8~eDlR|`GbmQ zdftDrqc&4^w=qxNi!aO_@imFB)!WlU6nDk4xWdm2c0E?6((5UnLty03$2FEei}OOo z_DXF1!MJ3{`H+{hKaPlP$2H#nY5nuqbha#0FUB^!Wb>{J%^EK+ackAz~bWF? zeE!5~Nru;&`bWiAD}KHm2u;7od2D>;woMBa-~70Ic#gy=~xHx?)r-jGub8d^VJUT5@ zcrUsh&nDCwsIi`};$=gP{#fJiM8B;nJktJeU#wnl9G-<);mPDBp7Hs$AkU~*QXs)C zBQIi$(KQm^O#1Q_7moOH`7g2sMFWS9nlK4pyBNzQ0V*bqFCJA^RZ|^}FB?B&iPK+q+sC>dW?TviVA?0ti+euF|pl~Wm!b&7_b(c+ zi}+WME$Li5YC=U#*_4`S3fC^F8Ce~UkFZ8&mk6uCBa*1B0%tq6WLyOgt9J~~tE{vT zJCTx#IOcKVE6bxP z7qfGbr&d!Ig+qBn&_TwIsTmvfA9QkI-@?$XTi9VdRYsMRmsf);CUoE_b*L^IRWoiv zMThcnHDy&L+%=}K!wFpqJB%JZsUqHGD%dreS?Pyx8&=MqG`_M!P07e|T-Y&XHN}-& zqMeygQ!?tD;>xNCQ>GS|O&M218GA)N+j08!GA-=0OIe%YEGeD4qomXn6^{xR(+@*N z&>}iwiz_FMEFU+D`N2G`O#_N$HI@d$M>dMPca7{)MrCCog~g#z#MkPe9$jlAth)-# z%G#Xo(xq!u@3Mrm#I+xT0?f2cC@mXVK4H{3Q5lOgI(iw@R86X`DK4oPHFiQ(ap_c) z$Z?~XXdG8Fju*8UB^MWLY#DN@8ePNXxPA1PzI|Z)zga5gVw+kBSiVCMXON*6zqnIP|;MC zRn*jOBcgD+;T8||Qn*u)6_x1HFFW|CVn6>s+2tbUB?xs@ zT+yJWDjSak)LPTa7>#1KcvA7#LvdAENon!96RJv40LsUqdI&7t{OcxvdrKG5A_3X)d>}))uD2(t3ku@QrfETBoB3AMBP4i6SXB?hnBgc&iH3Ob`m7$)C%h`nSl_j|S>^Z^OL2DRPAGQ0W493-b zsG<0|n7SgR_aN%)38R=ttg+%c2DuwoG8L{*;icwGIdppTqdQ&wBhVHW4Axe*=?HAP%;8aZ2A+gn!F6tSAqQi^jOR}s<{ z%2L$7Z{I@;+l{K4P+iUcJ39>OU)Z^0m!ghE`^OKy@DG1s{C8?JEd1qJd`!jY3DLuZ;(^BuJ?f-B1Bdh~%I$OHF}*t5zuVzYIUMU@doUgTuni7>MAr-b zPj?SD*nU5rA^+N?Q>I;))3!71?}%yN<;slDDO`?80QYns?ap50| za4bje(D7KZ+uV;rxEYkcsd?ScDY~o9oak{dbG)qZbv#Cyg?lw z#6cZ$b9lzf$;$XEI54-F*9rSXriXUA!qe?2E|wYUFvR~z!Ok8gqdxP>&uecm zWsGZoc;+v;7d!`CkO#oi?I^ATAZJ_*@h?x%?}?E4%VST0=YAeL4BoF@37C#@a({U0 zFNODb9|kAjsk0ou6+CrbgZFayI+*FE{C9YdiwF8hD<3IFJMO$}4~BrpFr=dnnb(^( zISHJOa&jR&<%{6yC@0ef{VnjkH>l$y({>auN2^hvA>EF2`a(_}hIBj9*&A}|Fyu%z z#_J=lccgzT_EXI{VU>owZ;Q$7}+gJ@`T58L{< z4o{mr7MCf=XCw5odX2~zfLp>-{{eV9+97*Buci==ax&wf{uX#T%E_+(6NPY;lihxE zCI*gjvg_|FaxzE!(f%-zlU;wD$jNU1Vv&YZNP4m<7eAI#>4uHoTKbmk5SIa zZgjLs_Giij(dR5S*Pku=+);FDOz-tlU>fKS9Fw<-OkZqx5MdGEHm8ZM}PP{XbsP4Q*=C* z>}lg1C_2i?o+q5}L`ONfBSPAI3XG%%Ij7;aF*)Z5@mR*iDM)lYmds7cIUT8wF{dTb zQHRX>i#iL~TV-<2Idc1)2ITfR;fRjMlHEQhA9aO{b~t6o<=J2_hnz!1$79J}*Kwv2 z9p&UIgtT)9*y~A7Fs7pp`9Or!*#h=7e+F&`SrVQjJn5)U?u(Fej_{JOHxR+{c{^>G9*wRv)=aIr(ISw8bgSbPUL@KLPA%<_OY#u%G&zbBI-K*jFWPXs^z(Gdmz~J;TqBBNL$*YKIg_T>!{B;DsiwjEnQn~Om}Q&sz6bX5{4Lni$&tkenLbAo(=jeG?|s_g1Qt5V$$ZXIema;T<(#eJ z=gTQ5bd-}_e;(N5y%M}H_Vf7VqEGg`;u-*Sv_s}*Yj`fcOh-A{pK;qoPWJ1*6E2XK zC60#Q563ZHj*|B0yU$9XO|n0Cd=>@e?!3L{=fx1!R7hK)DeXv~EBNx*l~Arh1x@Da zzXzH;>R3H>Jo-Ek)>OseSSRbQ?&zJG9jnU9OFFu=wwtED_)q^d)ZhKz`yl@ZJ?)t& zMt^O6Rqv^(*OT|ZSBd){>+3b>c&)#)VLa@Usjq>tDnWW9?r?qSoN52EG4sNyEPX-Szyl(vB}? z&}*2(p-)v3x1;@f8H16!d~BFA4G*uofPSD~y-?7{RZSS*k$dc7;NOQyW6*8OKD{_m zv1ALA{DV$qI}owU+O6V-j5=b@LFoPN7?1Vu7)KjY zilT+P(kx;Fe+X4to$&u4V7CRUNVKGaW0Q_eId{&i;#IE)wtXLUo!bjjUitU<(K`st zDv)}pfkG2Y?e&C=$GUTSY{ofr-*niUf{^wocY9;NYHuvI`S@|?Hbz3=%zfX%UJ*jt zV;;D@tH5e+I<}c^cW&cy2%NdE?TYxZM0>1~-QMG1wKoUbJF@qP9fKgao?;KJl3IK3 zg4NyvY%@N0o~DfuICI}nvB&s5eOzcJUGZjT?tb7ou%knucE+T$yn+uIAzXQe=bNVj z$b6jB{WrZcp~U?9-|3Apdw##s-hf~^{_(Vrgxr~X7R!0;hHXEO*$wQi!8V&A?%c-A z2KJW0UICPtFKkY@y_*}@+l1{FZp`$!xv+t~HDZr-irZV>z}|LjvpM9>(|3OZdz-|b zcc=0?u4`bg5M`yk8$;;!o^N39JJ@TB{XAd3>UsJ;Y+#RFFvnxRJGb}m2KEY`s4G`{ zL)q>9(7@gz*khgQ&h35Ez+PL}V;#u!wSjkg{3t3^Ys)DYjM`Co;j|{V4fSXQ?3E*= zJvPbRUaJQ73Q%CZ`xa`oHg<1dZyoGCfP~N-QN2R>@9)46+6fF_ik!@Io$%pOF+O>d2Q*o{Nt zHuh;?Z!PR`MI+if#PnFdaMCx=*WK*4=*s5}WX|^;+`wMZ8+et+I~?sD2Jh)(SE(OE z6aPF0lcqgU*!F#AG|+nhhW27bWzO|ZX%O$a?@(58!5Hu1@E-3u4eY%#9(A@GL+JKK zH?X&`T_T!`owU~*-tBSHyB`B_G^PR*!FO;T(;C=oi_gz+LNe_gDfX^zVDD@60p5eM z<<8@p*T7!aZi#65-m$%YV(%8S$9tA;;iXt+l@DZdv`2qW1HA+1$FI>1^&Wy=mJ1Oc z54|3;?de-%_I%gH&>QR<2wm@K=t*`(TTV&TwqsEwYV-Nk2KHWuy(0EGnR9#W@>Y8z z&`_Zs^Z7VxKzCs4fpRB(n1y13CYmGUUxtWEt=N0$+l23 zv~YC)9-(fhgl(H-_$+ko? zbl~d#Hnl6tcMbd7)a?YN@WdW%lKA|j0t);0izXoSuABsF#ObEbXL+(-3yb#lkLKC_ z`w=F?6W0U?Qg~wCZJQ^C{d|Jfxm47lZUdCU6Ksu1S|UEi|1!48>{5TS&la@=+cspwTxZX&15dZBHD?H&!b`(T@0wk@H% zGp^q-+us-4yP$lHZ=hde+iY9yg7S7{gZsn+oG0cMUZ;hM7jf z2=s>ibv6*Qp*Zvs+CbzT?TdQ|i;KrkD6JlM5JuXTj+;zqsLSraIBxE$8$ZlJweg8z zR6IwB`q1NgS~jo{ieZRgy?r5tp{OPJAT^h;DxFP~gjG*`UMJXygJYR=X0s@91f}si zd!l#1a4)&M5F)qVmTda%g!v42oe(eo$AAm*8i#l-oqy7|$8wPOiH{9-coUoR^9nlh z*h-jAkoR+Kq{npF7vaojs&f%JBi84$(wS{BXC~LVH~A?1z%iPHRn-H?{DB(??|D9$ zY$Qk{EPmh?!+RN6LS|zTZYjLy)iSc>;R9r57~FFB1RIoa zE8v}1l6z7bMXTUFoomR);|Fdnyz@FT8>(>Y;S(nW3_pqfF|&B(c-I3LEc6IeLW7>%%KJediDdjQ^bcpWL{`Mo0Y4@Lfq$)87vqy&BDF*(o5 z{2nG}`pJ1#{@YNF^c;Y&JsEK|HFlk@ro&ShU_1;VizD@Uy~uf1k8vMumLNRC_;rM1 zjCsE2lW{DsEjh0@e&Ftc=dnERrDW*v8j{`qQzkD&NcOyC8RoInWnS=DmJ_lc`wr#M zVH&m@Q=i+^Z)fcK+|KVzVcgf4j|ATWo(k`LgD}sB@>U2#o|`^Q2RpouWKVMs%AvCe zVLxNq?{7R9A*%!GOh-(oX0$e%Yx58C}31*OgrJehMfB3yuSD` zm(KzS$8tudKGTtpn~rG=c~uzSL!&4M(?*r?6ok7O4@AhiAio=a;K&{qi!bH0PtNOy zA2?R8v^f^x2xHng$9NLLwqzJ%oiNLIKZNs*IkfLSV-CGzxurgb$$f0hA#FbxbI2J# zdPW@%IcQ_dVNoX=)Bb2<4kf~OF@rvb`dnko;Wv*Pb2!RN#vH=&sWFFJ@HL2W(Pj&B zcL3a8Cg*we7M>~mr10CqKN)k#N+HhE^QWIM7yfg3x$p(Te=+WgbS@Y93&y7+uQrSP zTaj~-N4L*~9-aFd^VpFh=i-m9!v!FnpAi1un2T!TOQ%7HtBemMBj140Urf$rxnD4* z{@(Dk$!prtnCpf2CgWI^|HnTt>Ios3xqMj0~=<-(K5hzr$7_yCaGze{wUH{OOYiL&TATo}{2KzLuW+2n$Z zuEURtI6q^|eA{IDd@gJ;E(C8AIi}gy9?Q@1xE(Iw=*&eMolg?JiH!8Lh0P_#?Z8i) z4i{%$C!D~2<#xhq%*fCEq0faoU4FYT7w~lX8sSE`uznqT8uMCDCY#Mmgl{z+UiTM_ z5k&k#j_Y$lNM|kr>C8n!ow-n`GZzbWzK)E1pv?zGzTD)D_jQqTfl)t}i;Ozw;hH&z zm4RWiJ&xs4zqC(xj_CBoHuaA|c(gH(8)Q5b;fcn#p)7No`llmg9|W00(}x?6L|AOh zzF2NkXEnky<8u&>HRf<@Zc}Fg!V2RWgcFT96r9`CnT_yVV-6{wW;_ew3}X%{rylh$ zM|i36YRI`wIiD5tj4y@tMQ!(Z#U-u7zq|hRSU+r!yR6 zdHQ;ow~{>E&Na4ZA$Idu6_<9P@# zH|DTmZc~SCmifjUX1vh&7KAq$bBHOossB%ecNpJ;@GfHxujMv%o<#UJWA-yXXv`tI z+@=oOM}IeFpZL?p|3LVRF^9r(oBC`+tu^Mb+x5n8ApDmx>qu@>pVLp?F@7H*$0tx; z108OY*%tfAn0>EXjsJu2Yhw;))VBV@lOnZsXyHfB5SH`jr@Iku_8Hr;NP0`$T8zV$ehOVA{qK!p+k0k{)bI@56H?6xbC=@`M)%E zdP0ZnI=fMBI=dUQt=QG{dqba`cN73_iOKsJ=kehH_pBYu_TY2IoZ_)fxHq;L7v)2R z`Q;dy5CevUtyyb^M9UJC$R635Ucr<^n+ zK>az!9&e4w=R!_)Ilt7#xb}mb3#f;9v(cUuepPsbF{h~T z`)|~L58)<}e@jLh=EEl09oVCD8tD(mTePq-myU?y3yo|u}Sv6g0+<6SWYwfr|=u5zXbZ^yyId!ADDb8 zHpzbP|7h}MkdwWxI2LwkpVLgvA|q`NK!=>in;NdlbU6LwBGXw8IXQ3Vpc3)(EwsZa z71Sg1b1rua^Ls9ob1KS%!jBuTLHN8er?>EfF>dE`GSapJ(UCpgA54ew@@p;B=k${v z#+;VIZ?jO&sVjX&evI%?;nRex$%uC);wAfaxmgUnbTE%Aj8fo z*dcqF$;CeEa2iW1GIZ8Jhn#mj0IrMaaC*yhV@^@I*_cyQ{zk^JYoSl}V^^6Dr>-=? zbB;RephM2%ivrx!CSPxycR~{7;`BZ z_Y>V%GLEGyC!_q)Rg#exbbQ7q;N3ObH|`&33IRDEA$klK_ z`3|R!@dz^XOA*q${#dd-2g|8r%=awkDaLr5D~T9vfayz zsAIgC4E-et>0N&*nHL{!8GJM22ZdJ{Gd-)wu(Jjsz1vw!wt8|Mb&OvX-e^oad=H`y z&+8LoUdr#tu)iH4z1#nlT!0@swD+1Bb8NUX-)qRU-^`fy3(2s_aRBsg6T``B|J!O$ z9eYN17Vcq8n;gGQ9opnO2yG5VNbfd>l3PLnj_)najQI}YTxv|4eD9!~Hmi&qf%%R> z`?CJz$E)G_A!g7Z3K+I-!Zx85dWR7KGiGVE_fNbmNyk=sB4?mOxj|0K+IKjpNa z37=?3?YQqI(II9QeP{{|16%KyM*r({!;j7VfF*~vAM$g3bUNMPA_4;YrFguVZJZBe1yAD5~>3o^+?ZS@;|5Nx&;h%*$4c=|$3l|D^5Ds6}v~tp4 z&Eq{!_-WyF!k-9#E4&lhz;1{ALCyyV_Ygi>c&PA5;Y#7T!Z!*p z6=r+g<7GSEnQeXN&B9*^|0P3>b#@LD9wIzSc$)CvgjbMpAJVM^dz<+c z%J+}u{}%p_=>K5)s6L_$JcM08muxn70@EgS!Uy8bW-IC(7~3xr{jMVKEj)c zjC+-i?<3xBuM(XZWQ%LQ$gd~kKB2n_>}~jGMCWBPt{L5{)G_{)a?QKHBJU*fu4F3%eMNqf@M&bTSxUBdim_mS zznCHV7mEHokuMUyO>~xt{6VtWe?oMgBilR3i(r2r*-W|R$=AZ)kuA;H$V=C0Og4Fe z$oCU&Pqw(a2_GYTrtoOt3Bq%QuN8hk_%Y!(g?}d7JJIi8ejy)Od$DSoRqeQ1%c#`le;hV{L&!W2x?C)g{P;S@mG2v%~ zpC{X~FM)aNL9nw?blw;KT=;9U9h-?V<-8Z!%D_Hkd#BqU?C*4kQ*LSNEBeQaoS$2D zJHtg@BJy)YUP-pN=84V%vc2~$1p7PSgQD}a=sYVrYenY`;Vq)SRrG%oc_P0quARZ2 zhUO+`Qrl3zAFmw71c*)t(dkaP<<()LbA;)%!m-DT{6w&HgZvmyj(_CX&tmWRcGl{mVt?D$%(^Y>YN5M zPmW3Azd4cbF7notTl)7CodZSZ5RvyHTN;iL9xgf~z>Jq4%bh6lNg_X=a*OvO(YaJ~ zt`+$WWQ+Gs;pL*U0?c^Z;+^tE%FX^p;eV6O&Nh+%E}Y&CINJR~}+gr5`r7fqkzLpF)d=fc}W|2xy?7|Tp_ zetG`n3%4L!{m=?i|8CFe3I~~WIMJ*xC~4?99wd(=wBjy1=-5mbt1osY&LHN z(+>MB9u@hE!k-Fn6HeoK?si%U_Ygi>_*gLG;y9V%l-s>_j&LQ}(tMuCXOS(d?0hKtUy1&=BL7|FDKswJPD|lJFwcc!fx1#|=h9Dj zi10A7rD2T7%gL6`nW8g?Z0CE8=r0oe#bBmkI?}LAbRHC)M?~i-(RogEUNoJ1VCP?y zTfF}k{SQU{mB>?Q4|@8uz)TOvJ2j=;?Ce3d{3#Uqfg(SGZ252u+45?*=$s>bp73SD zSCh@obzr8aV-ChFiO#*EbHC`U5S^z*XM^xY)93iBt)l;na4s5>e!fk}mY&_oc3uaH zPLb#wDms11mWP8xf2io3DLP|Cr$Tft5cz!JYsr?j8^Fvf{>Of==sX}gYlSxne@C|S z%G?WV*SZne&&Y{9TcMK(_QG3+s4K;m*R{z)UCqe;+9Fa^Z`~mTy;*Ej>4oEpKlT`8^{4 z8`;vcf^2qHlg-XLve|i!Z2E72nKq97dr$N~7yWIb|DEY`9NllCpS^dT{hi2We-|+A z^S}B%DDMyjx3B287yTmB=XktBM8BWtA1nH230DbUB7CFpL&DDrza{)Gm}zEGzogvq z?LVUPgXsJrI+-}m&pj7RI~-r#gmOFg7G$%zm&iMl;pw^|qieQS2UU12<5JXe zXW?$b{e%YypGvm=_A`V>3Xc}96s{4zh|I*oT?+4frSR3li-Z>o-z|Kv@FT*H39k}f zBm4%rF@E6QhIf8n_+#O(g#RP_lkjiCO%kxl3j)_nxP@>l;V_28^xKQPyYQjH{e%Yy zpDuisaGCHp;q!z!=G@bKiE#K|-qN;6xDTd!qaoR@Lj^33*kB|h5sr1n(+I=9}9mcyj{2v#|xpKi>|5gZo+#Aw-(-4xQB30 z;l9HCg$D_rB+NM%o}RJ76NIaUrwN}gJYRT$Fz0o+{l5x7CLHGVS)Qz;9Q{6Y>xJJG zenQ-o&a0}t~!bQRd3m+zYq%h~sBnlA`+%Vzc!llAv zh0i6oj*ksv>WnWG`6a?v3STXJqwp=l_X|HP{J8K_!v7F{L3q9J2H|&v-xK~s_;X>- zC-U?CQTTV^WKNwf+w-Me?n0>DvZx`W1gnJ1eEqtu-iNYrfa}Jc-A0a$W zIE<6D>&rP*u0KV1rtn3=bA{&%UoU)<@Dkyr!uJb5EWA>9mGJYzF9~lD-YEQ@@Q1>m z3x6fdIb5C(zX&HemeTSnQ@Dw6Ghu$R$n{$Z?<2gwFy|q=es|$s!hM7X2oDqvpE$B~ zo+k1U!llCFg(nJ65uPs0xoMuxONHkPFA(Nh7OsD*@Lj^}TX&s@h5s)6lrTTbZy^XNJ)ggKwi<@*UAC>+M(+I8fd zJJ&x#m~-x2eys2y;Zudr5FRN!T6nzhMBy;L*V1#o$S)SYOqgqrc-lBu(D^3eTZNYj zFB5)P`0v82gt>-^+kZ*;72!98-xmH*_*3Dpg#RP_lkjiCnH*Pa`NO$~&N~Y?7v?-f z*J&-hziITw%@&_4HpT%>Qp(K2P{M;Twf- z6TVZJb1mJ@L&A>pJ%xJ<_ZL1+_$1*|gwGT%5e{=ptvrXhrN-5wbFT0#;n~7h2wx@4 zwSD}2Zxp^m_-^4a-rmyikjS49=6qYX`JC{J!mkQ*?I73RB)nPpQ{gX!zZ2%?+}zF| z!YTX@_FB0aO%bw;ir@+oV%qcMDoC4QbBD_@ie&L6OR|>BZeqQ(`;SItYh2InY zPKGCj5r*yTb1a zZxP-q{H^eh!oLeAImf}yH%GX!aF`EbIt3yRb3;ttM&t(wcNFd>e28#w;eNu$37;T* zity>eCBkLG<-(Q1=L(-Ee7W$I!q*DlAiP+3iEx;cV)^rc$p0=J=BJp>Ga?UjRZRY- z$lnqEK=>2kFNMDm=EpVsTBn7%-iFJY2=6AmhwuTy9fiX@7fbUYA|D_;P@J8WH!XFBMD*S_Rn44pHmE;@~<4ob5 zgm)3%TX-K~&eL%_orMn(?j;=N>{z^mMLtY;xNw-KWBQdMpCUY6c&_k#;f2DBgqI12 zc|8`_3X!iAUL(9#_)Xz=gg+GiRQN~XUxZWm|IPC=OSp+J=dQU3McU*Rz4$nxq?ksm31wD2jyrwfl19xXgsILt+|xGog= zCBoMU-za>$@Lj@>3O_FVjPP^9ZwS9F{DJT%!aoTAES$uDn_lKKg?ANhA>3McU*Yb; zhYBAle6;W>!lw(56do-c<~>=SPZRlt!j}kNDSWl?ZNhg7-zWT_@M__I2)``+s_SbU<@%k3j}Y!Fe3I}f!WF_*!j}tQDSVyqjl#DJ z-zEHr@MFTOgx3haB>akSm}6z-;RBI>Cj6!FufkkB-SdibubdkR=L;7I?!oLeAWnR_J!p()- z3bzwJSokpEV}%C^pDCKP>!=@N>ei3%@1&zVOGwUkZOC%nvg7 zwbMCh`64e6E)wo4+)sFb@Ce~j;V@6luIU7kpD%o&@a4i+3g04pyYOFy|0evD@H4_M z2)``6L3pF^d%_9&TqxXDxV>B1w0 zM+;X7R|(G+o+Esf@HN7>3*RODH{pkb9}|93c%ATi;Wvff5&lB>YvCV+e-`F?34XnH z6K*BkTDYTd7vVm_M+qMHF zEWAN@qwuG~UkLw4_y^%k&X2SEC0BTN;XQ@h3l|CZ5bi15Pk4av3Bp5!M+uJ+o*-N; z9OfHZ`e%y#65-2*Zxp^oILt#dJAW1VL&A>=KPkLg_*LQ8g+CJBBK)Ipn5$@MNXk6E zOyTCjVcw$Yw-b4L;e*N69_S_VKEeY<=X8;uB|KhuqVN>*esO!_Vv%1a{1;)J+sJQF zd)Zqod_TEOZ1Z8^$AzB~eqQ(`;dh1K7v3VgRrq(|B#;nPnXXZULd?sc#-g8;U&ULg_j9GAiP|7h44z@ zRl;k8*9xx_UN5{sc%$$p;myJy32zbJD!fhjJK^oZzY0g3yJY#F7S0xKB-~UuU${WH zrEsBeTj4P8%;F96&Wwvhr>k%e;hw_1g~Qx5vlHf~84nbl!NNm@hY1fC9wA&RJXW|| zxKg-Ac#80J;aS47h35#*6`n7=KzO0>BH_itON5sSFB5)1c)9Qj;g!Oxgx3hK6<#O2 zUU-A>M&V7un}t6T-XgqJc$@Hd!ckJnxp1~{BjKjP`N9RlErr_&w-+uF?ke0{xS#L< z;eo=#gog`{5Ds$yTjS=2s}y;S@D$eoDL%63fzX9et1BJsH(U#7kA|EEqb+!E1vBKrTTuaM!!dykOIZNcTh35#*6<#R3 zNO-aE65*x7%Y;`5uM}P-yheDv@CMKL~pTYI>@a1q(tZ^Avu_& z88x2;v{?uqY}^_=%y=L0S;pPLtpBNh2>5K{!@-rteZYJcQ0HjyrDV(JdBWEiLoMQb zaOzO)R^vwCJB*ptkCN>g@%xC*YmI5=pT?LH5WQyH6#OyS?vXEqzcJ>q{5BbNcT<+8bjCMbyQZ#iNHYuf^fUydC-(w*?<-+zvd* z_yBMT*~;MFcYkB1xsx%ATsLDJ z5*=pDLpW!g$MTx?H|9NcyfM?px{f-`+hXH3V6IC@In#NL@qyrp#vQ?vjC+CSkgaaH z(wN0yficr_t1NRv7bMe#*Efc#ZK9V9pI^Tt|X87#{`xxAAe{kBm^lmw$RL z`_5!^nMIs4PCg8LvoY&QemjryKHz(d`-AT{9t`I9Ca6;ie!_Shz?E#QyH_T2g0nCG?4m}UD1W1i!$#w_Rj1|N@Qx#BnQ$h;qSGCl~ri!sZ|K4jjQ za0ePQE`I-ya^Cy=P9GUVv7=tby!ScZoO0Sf#+b=I!MG57vN7+SGmQ5Iml(629AnIK zKHj(km~+o*pJ_hVnB{*SnKvxlb;36r^ZN2TfYia^(Y?mJz7HGk4SvFyX?xaqU+@dY z2ZLWRJ{0`AG4Hia#>~Ub#z%p_B^LtVelkvh|1d@nWgvs8!@SKiX1&UJ=#=xC?qM*R)yJ55%Q@-PVZD01G3(VK#@)cD8TSAe z8#5oujC+D781vkx8V>|>9y;w01pwAGDsz?^$dohIM`#=C$A8FQ^5e#3=2 z{0{8t#(RQC81DlfZOm^L@tg0|KO9_T%(mnd~jzzZu^SPN9HMem9ukuP6T%+|>9!Fz23A&h?5~8nfNn+IT&zcglh_FLn>gMTt+ zd-e}wu7Q++ik9)R4V!2D3V0V|wr6)YW*c@dc5d5w&*HZe>cpmsO#z%v%F&+!%H(qIn zYl+`s%r@_R#$5M%h4F3Rr;Q&5|HGJTAaUL|?K}&9)p$MlP2-K=ca6UUbKW=ge*=GJ z{0I1JW41%TH*O66#dvpc1|HNrmfwudGiKY9bG<3&H`aDD9uD5qm}`%>G3L5Noa;^f zOTe9s=YYEzUk*OZ_*yXMdQ+e6#Qw%yujqK=<=`R4T%+hT_2#kffy<1!-uOAj zTfq~J(`Zw0t~d3w!8456*1O1fS1{*#Q)hQDzsW`B`a{?ZV(@Rqmx5Dh@Y2rZ;2h(*V1DzL@+-l+8qWuFemCV;gWDK$eWU%2uLE;_ zH+60RcQa-iliwqw{0?v*Kg(fDleZ^o72 zG+q{IzZ#rp%=Tu!@iZ{k8m11{mTzM`54^uI*FfU8*r;Ay_6}pNw{(y3yI{`CrasqRdc>IR-zSVe2Cp{W0_MDI z>VFRAH{-}#!T&P;3jCJwHZbR9Q|AxxC&n3QH+^ZG4gS`c?d6}18-w}31dnBZF26BH z&IdO(E&y}<4&`h|?{3@*yqEFb;C+nSf)6y_AKcZrJ-C-K+uHml9c}gj^P6ae{$$(U<3oo9Rj_yS|D+jOb%CE$6+mxHe{ zo(I0snCm&+X8Zv7ZsUi*_ZhDMKWzLA_$lLmfL}1?`b_^aUJvFRYNmM;_)}x9&-9J) z2jE|fw}CV85=?!zm-&r6^7r7~jnimPaqctaS>XMRbHMyY9_5X|-HrJ@&tAqmgZaHY z>TunrV~zQp&l8Q?fKN4MoBB-SPT*0-T({|L<8I)I#)p78$C>sI1M~ZOWVWv_GVTxN zd}qqJhSOh+2Z66Q9t^(O_$2Th#;1VqF&+(GZd?xLyk^>*1m;|3@0mPIQUWHx!@;_uLM79%(awW zFy>lH>x~zI`OQJ*^J4J3#Q{qu?|;oM`hgaGvo~ z;GKZ`=rcym5Q* z5aX`k(~M667aOz9TV^~Qe2(!*@I>QM@VUlZ_h^RkSnx&0Y!_c+1Af<-ZPHJS`Mr#=IV4!=p!$hZeM-hRmbLyRYZPcuFjTx@(1xXhUC({aX^f~S+)pd%XYLSuAOMRSbt3L9N% zjOJmqz!;B|h;zDmEV4OTY>dZPw8S{{pJO}G5kGJ|KG7*)M7=~&%=oJ;N_397klZEa zcI1O%rfQ;V%={lB!9OP8dc!C9XAs-~_yqr~G3W8(Hmr>|#AWferQG5T_AOripW*Qa zn-=d-$}QdzWQ(_)Z1M6x2_K^}TX??kBH^WEyxY+&hj(5jyiRzd@JGVi$Y{sW{R;2Q z|4N=zliJbKM!Y)tMRc_982TO|1g}x z*d){!baO<$KzOn6GT{}%Ysk%GJN&=Fd6V!K;V^d5^dsEFuHQ(wK$!nGxK5EU|6_1D z|5tDxDm+4%{{gtp6k+!1`#g*J!i$8%*gxKsa2$)``m2Q5U+;2`GjV2Lyfep>IR8rK zAE0pA=x=q-7cL~XjCI18I^!N9??<-(mj??E7iK@W>(r17W1F*t=L&~@YSUpKbi()n z;g!N`g*OOqCby1)+bXv#;58iiE>j`ldfXjtOJ$yTs{m!oQk#Jb+-gJHyIs2MjKVP^|xV>-> zVfG#Sv4e%#=j-yZ!ZpIPgxR0#`eFTfOXm`iKOnqPc&#w|N!`w7;jO~kh11z}`b~vf z3bQ}dZFUvzEzCYp*BK^UD$Kr4*I_@V^Bmy?!i$C3FX{U1b9Cl^;?C=ZHwm-9&vm{N zj?flxc_U%=$GMz+ZO%o)J%!ni<~l=#M+lb-PZ6FiJYRT`@KWLB!mEVW32zksNSJ+F zp3Yx|v(Zp>dA@L=aC_k%!t7V_W7%iqJY0CJaEGjcmigdY%IDZEyg{Xu^0 zX5p>E+lAS`9rn364-+mGt`wdwJV%)QEN+K=E6%z$HUF1% zIr~AJ+27&3NqCF!cfuU_B4h_ z7YHvFUM9Rkc#ZISa+|olw@G-5@OQ!-Jeb%g)^8+SAlz2CQ|E5oyA{^C&fU6nKIo9H zMF;mNEbLrVR3yLMyLZLbLER4O9@IzV&OB=1(TN0Jyv!w{v!c2!ypwUjCEDciYjit| z`L@QkAMihfyR6>!*3Pe@A31eqx>w`lGjlq>u=mSJSYH)Icy({RDX+`OLjl>HyNo;x zVV99TgE+g($mxLBM$YUqat2`S-d#qXk8tD8T}IAAxXbFMT}EEen72*z2V5#jOph8R z!n}1)&Imvn>5g`4%2&x~UWzLZ5Op|HBmC1bs@Bq*%{Mta56iKgYc5+432-nzAq7^(|}(9 z8R_;=%}CGU0f}r5|H??u!$u}0SsaFz-Y|f8ATXmFyH2t=Xg#Alhihg%k8I00F(`02 zOU4Wi#LVi6pVYe>@SDvSyq2kd9|pag3y|W}hgU-!<#M7+Dv@{?oX*{XLsN|tr$Q+^ z_XPZ=_DoDg&?s-hq?#zzK5-*9n&xsqNUCRIIX3chzvV{%#4Fe+h#DP@pfP`t{DBBE z(kJ0Jli8S&X5@{k@Dnr|2MVdkNKb)ur;PNO)VPWo;pZG2hU2b>0Az~OwCR3r~!GC zOUk3vyaYecI5^swSBJPuDd31`XXe*IzMaA{1I&f160b9+v8j&|Gq5j?X^Y16xyJN` z#8KfdZBkz)j)1|Ym8rhTH)}2TPs%wQljOVwOLJ zQaFdKs2Rt?q>fK=icd41OX}VvcQ;+1+9}lwnG~mgmz2bkA9h$Q%~OnJPMlM_rjExU z^W&T%hFE4sJ5%RO-$txijHw{?2VXz<~z0JdA?;Z-}uH#F)MX7_+Jn81t zO7%!H%R~Q4>X0;Zp*d$Nrw&bjOWuzL4@)zh%?D84GtCb{Hs6k&sa|O&J8IUEN{6S} zqp{nZL~2O-DnuI>u#?lw&nPZnr=*!BvvMDUD0OPknv=VfCon9{X(HPSIJhfyTKax$ zR3_pQ!5tw-3*sE*zOdaS+L_nqY2VI>nsJO)>WuV}5bfSH^VSHPEh?hS+iDPPl*3+- z%sY77rCXFmnRil}opT5hlX*9#jiRjYVK8&)OHj;6?~J1}X`y;0WJmtZ4@-K$yO^uce`Vq%o_Efv!_A0R)ozNew= zD2vrY)(>YuyJ^d;MhVV_$nA?{W;GAB6{f0iqjjPw3PL(}6gP^(Ms_YQNLJ6p0ocR7QZ*G%U$H^vk-)Tz_1BRg&e)SJyq;AC!2 zaH2~_`guq)AEB5ZKg_C3vTq?H{crq+)bcZVjaOrWLhUTf>I{0)*elhTR8ck zWmR=al>D5fp=H^qD7lq8quuk9AF&G|=RTw$`3Wy`)Z(17sZsJvj(|%?SvMe}Fub?y>kurV@P6 z;q{M3G7^luQPgZacV#9x@~qjdOiE?qpWr>&-O@5SF>x?np>z4@OHN8KvM84y`b}Pv z;Cp{M_a8KNRiXkL*}1Jy5R{MAU%sxMionIFE4i0a2F#EyCC3L z{U!r&7!%+^b~rS70YCJOH}Hq!iJ<-pf=uR5M*3}HoT33?-y;w-ZJInR$+0+j6ULQB z$mPkzAN$y3={1DknwB%aYw- zx*&H7FW=?ikhZz31Cv*TjU}zhs;Z*o+>o%giGqGCMOP(x9oi)dj^a^QCs{JvCklSx zVb>;^fTBdfUUget69xQ?EFOs5*CSDI6@ug~VXJ4NVE0fa!U^W-1l0NkKDnz1&?vxzrt~a zdH<`tYY&d=D)0C1m1NoSQ&Ma>HqJ_xpRwMGqCA}V6|lh}#*&Ev!)m>|dVsVNyDLX# zc$g5HP?**kC<%=lr@(+=G6N-Phhb6(NjhaHP@oPCkd`Do3Y0)v4CN6f{r%4UzI(r2 zNp^t3KmF``&+mNaJKuSqbMM*j9yRg9xWrlK8>(yKXBmk{o$sEyrk^mM-$-mnUY@9H z`U=bbO;?8R)HR_Wc!?(xD-r$sbxj{&yeAXfIsH-Hx-m{fPbD~)JyRF1m23sKHeM1w zjj$b@|GCi58oeY7op=;+4|c3L$9T?1&kT@-8csaR$Y)h8c^!nqo0~YQt7^er%z6vC z6hzETU{qIeI5phH;(Ry3KOdNUHS!i5s|rpaxH(grp~qnix!|TMj-?j2~641qisUL{dOjC3$D$7g7|!EL|u7)_wC5gmUn}77T&G2-S95uU$oi) zK=OM&ONq~b^)q-Qu=QWT+4@hE=V7^CD-voOMgIDj|8~|)57-Ryuh`1HlPxq>UWvdh zv}WdCuuJ#OtgA+b=QCebpkQd z;+3}!(W>dtkfdg#vnN@w(hHVeS$CD=)i(IS(z-f&`5P$gxHXJ_W^a*rtM@g~TL*6~ zM8&)KB7f6r#=?X_{YzPdWn}JaAbWX(?=)A_v%>d7ZhbR^JD{yW@&RpFY*!gsbXu1S z7XlM!J#A$VBT61MpTepdr^9j<$YOMXkW*X5MpE0ZqN#ibND=pS080^91~VJ)@AnlMhR z7zTv#qL7{MxY>N@V^lrgJ4lC* zalUti&JeCDuW(|D6HG+ts1O*S6Gr2~v?7afRwldL$qv#9We-`|!AQ0T0^AWvcwMLI zUgvQ4X}Z@t+;f`lA%`zJP4_hp_noFYY@NdT{5B>*gC=mG08w7VJC?l-!+ky(-x@F+Q0e$)v}}i@^EGwo-1U z)K<)8N@J7xw(+r2u8?NXNV4sQ?qu8W@N_;55)lLqXVay$Mxh^CUOPQ8)mBO$9nTe+ zF;rbwDl?gm;4clH+=ASjCV|m5xujnrFjZ)~8A_JWD;@DVGnh(NEKbQmhrNi>zdd zU8!S*VV5DtiSrN^r>DO+D$pqRXVX(t$eov&oJQLqiLO2*5y~=gEj(*G>276>X`8v2 zLeqL>9FGm1LgR-$hE=AVe6GN%2@8t{Y4*Wl`dBU-HMiB2${t5ILv0QhayhR!_J$mC znVn39UFh{x9OfAr45YZ6|LVsBsa0Zr{*$skd_)7PUa*)Ry zWb-~t3$yLI9|j1NvLm`_1Z`FtlQM-fS?Ore719ljRM>692|DcUuC>alt(e1V5Ki^d zk2_rx&=c!NvaaO0oSPLx&DmTrQ#LE;SQbTBL^CMoJ9Iy-ayC0EArf;FWD3^YyLVri z+?**)7K?l$X?y95l3nfHo$Z}l!nFZ=XP%eDg~i`H>>f%|`|`t+-l2i(Qag7I+_3-9 z;B~3}`v$K&xO4x&_Rd8+ckSEG;|NH64kOWJe5EQ07y^SUK3!5RZ|%k76Br+GONG!K zRaD50r`u&YYOiejc&Tf5D@?mx||{ND7t8b zXR0tc#rk@_l!PD~fqN>XUR>Hh^y}j^-$)db{~o*w&%mV#D&sSZonp86Ro@Z#Eop=A z1Ctm}gO28ty8)r>02h*b1!QbFsBZ|DlIDF748;svyeZtoVL6y*EytUIHLrl)1GxGL zgjC0I_!TqgB=ilzr9S3c^_>K^`p&`sAm0v!H0+)5TYb+!A8q`okK;%6odVW4fZqN1 z^`AD}N*eYtFcdRvZ#~YOF${$tMVL+Z>Q2wQ2l|*Uwwj`JKLf0B0KNZc@Vq2}kcNE< zeyi{CZqL~-P#>}y>H8O8jRWZMZw&H9Oi9DO1cueex41LlQQry)WB>aeE{y}|-3Wa= zr$|Y|o&>|{I|F^sf=7KQQk1{{24);ohoj+@;dxu)bzuzu4K6Ep85Fgskc2UuXT@>< zQ|U&?*?vVCQWJn;`u`kq>`zJ>)&OA3@xk73975b}6*7$VvY|rX9T3nmQK#xlR_OaU z^ihubXtu8USm!z>0lj~OK)Wh|Um;yn{oa??V}BgXb>M3~F9+t{snz#!ysbOkxGDW@8nB8!6V$o*q-+daCua z24V`rAMhgvUN0j|5V%w9VphOElxHY#Egmxhw3ssq5EkosV;taSa}9~@=1WskRKF!@B9_g`wZt5tpd>Dz3pS_~mwp4n-p;cvNR%gL`rI5NX8LV{ znSPI8rq6yt8K!@oV5ZOgM)IkT`;Ej&xXd~+(>x7 z-Uh+V25%P3Iio``#i+uUiPF^}7cUU!EB*e9V?r^jPro&zexH#*)UPtsuei_P?FPTZ zU~VF+yn8N@JPaBBh{00^zs=xx8+^CHA2IlTgWcLJX?@=CA2s+%gP%6|R|YTe&!#@<~dzuw^27|b)^ zR431LQ~W-IKVf|}Vit7ztXYf{odG?vgztZ3lgWb1UQr@>3 z{(}bdyj<0D&R`#dK>4c-cHcvZ&NmqTtp?v^@EL=7W~}Ob$YA%alj!_`;r|^5p~`>J zVE6rw$iEB^K`N6q_)P|%GMMKdsXWivRQ#~P|7`H%2LHg|pBo%to=`o@4Ss>aJcmeS z*5V;W@m7O*Zj17H4vXTu40hj=NZB7Y{I3|yvr#lI&kt1mYlC^#iSkz&%=1c=zti9w z41Tr2Jg-mXj~jfe!GB>e&)ie_zcKhT27l4uZyLO! zzun-M7|gTmRA$8BX@lQp@a+blHh2%_e${ip;F7_&8hnqz_ZjTIgOIl7`3tI(XNW20 zxnYX&bFIg5OG*Okde=)n+MaZUk>73jdkz1f;qz<-)z7oPRFC@(LeiQ6pJ{Q8z17IP zmsn)}k{ESF`iPPFguxFPnXeN|T%OaVai2EwKR5U}BhO#=Ri4idnrEJOpm+nZ=;zs4 zT1K9irFg{PqQN{1OJ#Wem13TGrI_bjDQ1~9EljZyW_2i^Pxy-YoTHeJVv4sJ+-dOT z247|HE`wia@L_|G7@RS9#NfQa1%q!f_%?%28vGuEPZ@lV!DkG<*I@TdB5m|Z!++4= zM+`n|@M8vl%iwPt{4;}pX)s@xw9cyxriqO5FE+Tv;Ee{m=N!p@x8YxD@HGbWa{<-= zVuNXsqx{zxoHKaLV4CKr{96ouhrzUxRT=lJi}j4eXKCd(0_z;YFy-4mjAbq2V~UD! z<+HcOO&Xb2gEt#IUqA0PGCK_3WALOY7r)rhzeU1&AZByCT`=?hPQlFk?SfeccL-)3 z+#{Id@3_o1%~-V6Mc;1>h`r{Dv?=LGXT z;5ULfc5Co_OPw?>SR`1D41CNxN{Z)e7hC`MHmbib8Pf&7jq2*@#V1mr3x6BM^T4p_ z5Pci9-Mdn=_y=)chOMfqE!E91$T{fYzDw^*o}ss;-dpmFx?PY>Yzg4B47iW2?0q)` zkweICPMo?K&Q7RIcxk9?^wtav^_)Do%iA?TDTM5;TDhkRVbFDOrB`V1UfF&5<^8Y6 zzE|hDn^$?=FZW*Adif_4-8XujQ;qj7SknXknt{$8jRy{#d)MIh>Y8V<>jbGK&$LxR zO)RxVrk#Oo0{iRy2Fhwp`e`wlqH0xnrq z(HCS-ky%^)x0I+|@DuogO}w3D&&S7PS3@zrA>*eE)%=+39c25p{1B<;Y23ntFjy7- zsW0Kaz`aqgB_!2O;pVTsj`snWfouank}h=1t0CXm&SH~G&Wo&Mtn3VM9Rz69CL-5W1?Qd-%wz~ zhqn-CYlqxAwz;u)LW0iqxT?IL`Ujm^-3?&?9nS1w01?|3G3c;=gaH7KR1XA{wI2Ze z4pimtys?9m*jY*HHiur<8wr^JiCxLk?-TzhhoHBH9cC_LHkxIWSw#FEhHUeimi=)J z~sUYF3(B4doF>t~=&CYyUl`Ta3 z`7p*0O*({<%`=FOyz~C!IJ4*JxM*IrD>H;R@W} z;!5E1BsktZ*Zp zMkiryr(jlwU&k#co122Iix?i+{$MR|LNk|g!-=VM2KE?6w=)+BZ-zUOo=I_Xo^4`f z;<{f8Lc7ee>^j4g3KJ9)%_%O+Rcx44#-=Gxe`x+SM;}ZfkAG|%Jl0cW4ri(>Hv_wZ zxD+%fvIPdlv|x-`C=eMcp|R&Gp0gjS=m;=Bgkje_5wbZKB{FF`db|Yt2{CmH6Nh;g zXDBtHwXKFB{f9MWSuRts&g1Gf3SYzLaxvXHVw|}!bts?lFNCQ~O=!3paO$aC6|4+b z7|Q5Mqwa4j(=2-ElIGH5Wte6QEk!HV*HtR#=}dvReFb$l+;B=W-r zJCu7F{H!zbx%4tF^>CS1tg9(yl(Y_8!JwSFjH|2eT=I-xg$EC%dGTgQ{1)a+^Nyp? zipUr~%_YeR<#`E)6WsF>l|ea6)=m%Ms6MYqxB{G4#LYn$Fx;A})NaxUHLHEsTw-zM zoKMQu%=zTXszn9otCP9HZH3Gg9@Yj-*I)z}FQnl_OpCTMcDS0(V(TI}D}XEGET&sS zE4gLnYyV$t;&cY*=+;@Dv#VnAAAwOzC)}%Wapqwd-ygX@L_gkH9PPo~##78!IK>n^ z2YrlBeSA$}82x!Y1?;j)%97lVhPwS6Ad#JvrfvvtN_~+91eTf6d(Tvf@J$u!+ z9LlV|69}72Umb+B>{NKh=vxB6>T9decap+}m=>u=uNMEKar6LiGcG07abJbLWHRojT%c9olaRyzNZ%8{`cwiK<>~PXeMge9 zKK{<5`g}YtSbh8rLZ2|KzGo}+-3fg&5a2lC{eMv?TQXL29kb`JMipS=V11loMH$P9gJD#T;{{~`ZIW+G~T=Bz@ z)4Y<;@}3|NQn^n0gw7N z8+}iLr*XjcXk(Hv4291Ag#tqSJIJ@G2d>Kfq$1s0HsEgpBAn@7ic8DEbHg+a*d7n1 zI6xqzVLal%gV@F0IHP z|2Eq&@}i{rHdg3+1o~)yM19!IkMvzG`Z`4c4=_1ap^rLuRmgn@yM!$ghYn?U@o!ji zy;G{e;?l1kxSBs6x1^ZC*UTe#7;?5=ez7HdOJOmTDb~+ z`?rR2)W>|Pz7@a_jpz+n)QX0o`skYK@@6pUB_YSPU;EW^V6NFFx_2jR{=r=NbA>kKFgEM)>-e7^X$Xv z#@!q_b9l88L@tuX3=}-kRJBA_>`v{WvGXvoHk#YjYgTK7)H#v9NEO=xwL?(XE*s!#vi7u1z!)BRY^W~|L|zw zFrQmG1rNf#R`6c9q(%-xkjpc0lxJY3#o3uMQJ%5RUMjztm=y-vhKqlP;^z85YpmG38(>5pqOZ7NASa8Z5_TwW^AGONA& ze#)?bpaZxlKM0qX${!|18pZPGb_L)x@nFoluIDtNkOUv@8!QUd5{_|~M z?Mpv2GUte;&-{Wif}b-o)jnjTpDYB{KI8UOq`c1FPWlGz?X;gXGp@*7N-X`MgEE4h zjh)Esp^TJkpOL>_cDu1oPuAhtiiw%F!;KK%|49*xlZSZk}-S}l=ftZYzr4d;Ba})W}Ki85k zI7z>*z;V3beWF16%K-k79f zS1!pL%cXgC<&wOyTsn4=#F96bOR+1Lg`~ZB8O=61C=9QRh<^jP=fCmM02n-WT-o_1{ z5=@;p6HA_NGx%MCDRVcml;wj4e^fB@@NvP+0}rO7JoE4=!R(4(AeMUgs=;3qOg-Nx zmiqaz!Op%DeD;N33Ey?^L@3X8cDA07;Z(3#_#ChGf;Rv+3El+UB6ursn_!M(9`VdP zTmgKg;GMub1YZxlNAMsp&G+i1pS;@Ov|yHtqDF*pPdxs z`X@6F>cr)9;t}$bAz<_PqSNUSovxpYP8U~nayo^t6K~{ zY49mx=~rhAzTe;niKSnC!QjUX{tmJ9nP&`s*5F$72bF0gUXDOe(qQh1D4*j?v0Lv% zp5sXQZd?n0)bL9NyR}SYI9@dFoy5`~I9?QUj3|D<;Lj1u+H{tGx>&MVUZ literal 0 HcmV?d00001 diff --git a/tools/sdk/libc/xtensa-lx106-elf/include/assert.h b/tools/sdk/libc/xtensa-lx106-elf/include/assert.h index 17b6d85dd7..83801e34e0 100644 --- a/tools/sdk/libc/xtensa-lx106-elf/include/assert.h +++ b/tools/sdk/libc/xtensa-lx106-elf/include/assert.h @@ -15,7 +15,7 @@ extern "C" { # define assert(__e) ((void)0) #else # define assert(__e) ((__e) ? (void)0 : __assert_func (PSTR(__FILE__), __LINE__, \ - __ASSERT_FUNC, #__e)) + __ASSERT_FUNC, PSTR(#__e))) # ifndef __ASSERT_FUNC /* Use g++'s demangled names in C++. */ From fb44b74ecbec5e48fc56dbaa89064a3b2b714bee Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 25 Mar 2018 10:29:19 -0700 Subject: [PATCH 02/17] Fix crash due to chaange in WiFiClient Commit 95b1348a71e6cb1a5e125e0ed479809c872d196e call ::stop and then unrefs/clears _client. However, in WiFiClientBearSSL _client is unde'd and nulled in ::stop, leading to a crash. Simply don't unref in the stop (it'll be cleared in the destructor or the next connect anyway). --- libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp index bbff0433f9..a50b46702f 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp @@ -176,8 +176,6 @@ void WiFiClientBearSSL::stop() { if (_client) { _client->wait_until_sent(); _client->abort(); - _client->unref(); - _client = nullptr; } WiFiClient::stop(); _freeSSL(); From 71b003fb1cdaffe4c342b744737de366fceaeb79 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Tue, 27 Mar 2018 16:07:35 -0700 Subject: [PATCH 03/17] Pull latest bearssl, save 160 bytes Move some state machine code in EC to PROGMEM, save 160 bytes with no performance impact. --- tools/sdk/lib/libbearssl.a | Bin 4278774 -> 4279154 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/tools/sdk/lib/libbearssl.a b/tools/sdk/lib/libbearssl.a index 391391b6ddc008bc8083efe980998235c9ac357a..5b8309ffdf83ab0cd99f3b2707ed7ab2123e785b 100644 GIT binary patch delta 33388 zcmb`Q349bq{`RY9l8|I_l4B+(2}ig??t=sfmw<9aZUH&uP?1|eL1aJ|@IVc6^ol5W zp&$Z^(s%(Li;9TID!M8xi;9Sdh>8lXzRy!#H7WS-zQ^bD_9r#{t*3tVtFxC1PKN_E|>}m%3BLwYyiu^*Sr!mdqD%>uwWq2WN}8-;Rm+hKogf z?)@VE?l_T<@Tf@m_@GGmvP>kLx%YpBpeZKSWAL0@I>x+bc{!Zbqn<4zq zG#381vxWb3o(M#*5`ornB2ar=1g@PT0=H$0!2J;-uyv#ee6(2vzWYO@mE0@Ry6qKd zqasAwEq95u;5{8h+M}L}!|8`bdRfH9VL_fqx64HOlh=s!?dL@Lo?{~YP_{__c817^ zI4LqpT8WH7vqi?ly&~iGIFa$(W|47lzsNYzSY(O`BD48Pk=bpS$n1YmWR8ALWKKCJ zGUweZf|(E8B{E;k7nz?m6j|}nBCA!p$m%jdWDR>xWPO}3vit0G!?UMFqo|Ie(Y;0g zKSS{U$ysh7Pvl;EjmX{pl4u-$PBb1=BpN@`S2RAoS~RKdE1L8jYaEQ_PF8m#iC8$IMHV3Nzpd1 zy=Z&SU83#J{YC!O=_3F2JkhTCNYQTTs`~Ius%WRfzVo7;4nIL>2x?IKg4!}6!~Wx< zF#EI{x{VZtX80vf6#j=$ba1ZFq1clyLZRz?QLMxKXi;p0ppKNb+Ad_c9s4)CghE-1 z*F`AI$rEKdytz@7{fAJ|_?VDkdY-6w0pX1ZQE}k7sQBmQ_2JJ?MTHxJqO#Ga^`S>Y zQTd<3V-rQ?vGbyRV5exG_o!%JvRJh5a#pmza-wK|$1u@;<&;pUy5g(|g&BQCl@2RB zqRI^KoD)^=1kZ`;wE6X+!%0!C!_{X+_0clXVbD3zVeD<9!xM)t3LQ%qi;KdJL!zS* zI*r&ULgBVQL?vvYS?T4*p2_Z|$ z4&;yOB@{5k9+lt;cTW6ar6q<;p$D9t1kb{H>ApE&-QwW zHFg^H@m#Jm7CDe+g<`C3z}~me)6?la%`@g=-GRQLUV{68vtqetkal0>K)N~FDn!*d#>IZ2h?zP(H#c$;@*FIDLxd%@q*1J3X7dY@UTC1>lHurUi% ztk|x*yehDy;8>Vba4h_9^Fs21U*r5v(x`~J{|-sA{7oYotcxMaz? zISmjZopp1f7FH_55|-j$(rH_i(`j3D-olW~E)6RzC@iz%_oudKI8+GX6`}+?AzFz3 zqM!X*iSH`=>9VvKd*9p!O~da%!a)1AxebQfo)MigmlsqehYf^g=iU`R+U{89`>Ji* z*qoZ=n#Q|Zcn)++6k#ObdceHgh0Z~OW(OUzhj&6pY}$`{VY3g72Z)^uk{7vFFzxHdzGFxFOtSsqIWYbjp( zBYFUPy?LyNjbM)zS&7zpJmJ@PxNG1b<_!zKe#%VY32X2sa(E)c*U&PuL1XU1!hevv z2Fs8kEDT1+VH6(L#`X4~*B;Z&=l6$w*b_qJVWyR}C(efFaJyY(c-ruY7^@``Vzxt% zNU@&8PQ=8c&Jm5Ru1E-r>By7<8HtRU$VjzyHM7J{o;68CjIb6Xk`QwUuMv~1jo2l} zETozJ=f~c+$Bac;5f52!LWw?sL|?M^rUu+XQT*Oig!+f7r|jMSFz=D z8!SU4QdY)$i%f}$xrZt9WJ-ca_!(}zcALw5?bBWXT2q-L0X?t^v1oQxsH8^B=L>i_{8b5`J9njvu*m1%N9+e(NS{D5_^H_7RPpKtJ8atL4gow(&5BK3= zix7!^5SYFPFP;jv#``S9j7pHF;yJu#&KQ5A@Knk{OKrr8{>>f1+rTNcg^Wx8<7$h@ zQf66uESBXzju&tp3dr)}5#G?_2Ecz${_? zT~Z_ayB@xl!A1f0r*+oNJ`X0=kFMp+X~O!++Kl|z!o%(WM6<0Ca}j6J4aNZ?Mf5%3 z@Gv$wJd6cLa6<3Y2AxH6_bY|>M|T9jgPd}+j;72BY79&l-k+t7NOLd_RvV8uA>8ft zHub&U#_jdg47Rh#_1RULq4$bhJ9b`?C)9aGZkFV}tj3>imK&J`)%bI~jHk@eDXfO& zl_Qkimfd|Ld*1s1>@(!lx{)(0a~k?))&__of@4mSz2OnjG|kCHCT;-)Yt0Y#oL;`X z;4x2bl+uN07LJ~*0`d%SI@+)*KAEKP%mjfb60&o?e@h5+r&Zr|rxjUcJlC%y0cE3TgqP8W>v_tmE|f zEwq>{W3`1HeGKjRd@M5KVtjl4AV-mR=X$vAo@ZPhMRTQ-4md;$xvtKY zOT$b=i#YGr!%OisvnB}ZK6zZOLqf?s5kv`fGUGl9AFxC>eiHFwEWXQRb^guRmBLys zD^ZPOtu@ayg{Z+$wsDoGA{sMhGPGex%;l-}7C4K+XtP^Gw{G5BS3nU3S$L5%EDyjL_5<9p?vY1C z!9-{r;{1hx(EvaC7xO7RC?c9zs)hM%8xz~e#Qxs-dy(T)h@3e!6oc@GiJAY65(g>E zTWQ%8_29C$REmScy}aCPXASbqi(z-pV}Z!+mR8PH2%0D;K{h%4>7xRp3R4cn`;a&G`h3BxYEJ9NcHoM}?TH6>^@OKrGL3vv9>N!$BbDSEZa^3lWv` zD>@MqWcplTT_NYoi_nXCvg#v!o{`aFVfB^K=IDIRrhc9vuL=4yI#5`(GI1JXgM@XZ zj6H=|CC{uYPKTtl{$1wgC>>d;+=T6ke>6 zvd8}pF>uWkjKC-vmz~D^NwgW``GUo>(~h%vcG`JBury3fvj5&|I9Sz$c1MCaFxtYp z##0`roW^2iNvFAh(v<&epO}Ag9T4Tn!n2HZt!FZwav3P0Q!WEN0d1Hnmx1Aksa(AH z46$pynun#Sc-e8XF zndco=k_*LT)50ALZxBW2v-OLxysVZ6gX9?vQ=M}hQ(e}v!L6dGd82|>BA?Bs@mm)g z2Qx3WE_SV-P}XNJwx-VkZWSVM@(7Da7p1Q#Q!Y$Ar=kW4^=47G(yaMBfrf~JT)fCN zwH1JCYOo43o3jgxYCg{u6#E$(MonsC4Q+zbZZfpFO1s<8?uW(>d`4>Oj34S^tO5Dk zIsa(#{(m&VVVwUHnn#N>riC7boCr~H9tQQxE!RQ0+(wCLuB#P%7izsEm)oyVn6+jZ zmYc$HH{xx}OP(88{%TAVF266y>-s&6@dW;oTwuROR4%a0=AOWJdS)V55*9(6z~OP1 zJb#xU&NcNlxoq}e3`^?kGBzGDd2+lF_Pivs-u8Tsislvvv2fmwRC#t>1!%)$d3JmW zvC=wZ2%Q|k1(|q}BiIbU!TJq;^Z?c53 zrgKiCTjlx9J+sXd?wO5e$(=~&b>a-=i)TPwOIRZRfJ#~7rg-P=MO_a;lp`Zge9iob zTAA(}AmA13hv1q+IH?qNW&(Tl0vcV|g)zRH&cK@KUR-5*mmyxoI8KdOGIcm&?x`_L zrryHTIl{`8sjCsIzM3b_Y?+Eds+RA5vb~+*%Cjtt!x|LFQ9iG;8q12kh+KSg>&A+) zn!EHX^bVXAO}u>5W{oJuglXpG*)tUj9|t~9#!3)t&9{JkP{_WtIEGmweNt4Xk2sZbzg~uqO}kr3K}3x(gZC zv7FA{0m+z1TutY5E#`{)EP<=)n}E`TFuinT{g2l&XaZ09wBJG3UA$}QnrE+%>5*rz z=y)7ErQet?-E;oM7e<&iqM#XGKmfmGGuFqFoL%Mub8P2-c zP%ggSW!+dd9R~A%h9Tb%-6aiieTggA{6zE^7y6AVw_KCuWg=H@k)MV1cpS9*WV-Gx zd5)JYyYvE*6I8Bf(IT1$OS4BgBC;92zd|$t&uzmJaXP& ziL^@2`*M`dnQeu6x2IyRaNbWvVhf#6Klx!*kb@UFHCh5VHU5rFdTR8ACZ~ba2FX=l zbr{aC^&>kHb{yHps4nLKI}@itUV7q0%u7%ADt{X6*!5kd-9TxluHbpT76r3m;I3E; zLCrX!t$2AXg2Vtu*9-`tEBiwa$`z{)ZDY?S$W`YR#N3`ukl9W!E_*gXE<4F6J%CYa zD6QRtJxN;DAf=LbNZ=kfE>Tj7HwE072YkfY=TK#lTLc~n!xl8M=MVS!3)Gz-s@U>N z@WSQ302aKgkxR7qM_hfC@<97G#ZJfw&kRPaL1Zj!Dm`A6hGk#Y(l0uG&di4soHG4Hj5LTSS#x<)(&aLk%(TU&EC^y(W29Dm~6t@VEt3t z@uVC5DzK&nt324tD;~Ffo#&!lZ?FMxHFus0JMRLQPf%Ydxyy8z-+(mU3yLSiKgXAG zcoAKB$Hsds{7Eox5ykWNM|>UMcE(c^U4KPx@0Zemw}P~RPVYt|?}>1p^^G*%JAoU# za2|Miw;ndy8XW7q<_SI!)S%pdctwH{wzN^A5B((7%g0p^!C``gX`SP>FGq1SwHcKSJ z4vR;)@J6~mJg_R#{;~1`jg*r5!f03u7ZzPOZ;kOCvs&#yOS}TN(+KRXFoDB!P09_;B>WQyIfG$tZAxD7JCfMAKM zxpRHoI)ANMi@_luuyX6*R&VfHWRcqxyfTYN6w0h$aNtDns0c@u<=8W#8$&CZ&3=8H zufUpU|2Pge!QK1?p~5_(AmsmPn7@f&i2>Ywj}R_y6xGev{to0@Y8CAUtgVl70^M34 zeE|4KeUz1pN051g&DNHHdm^9|c$M2uyvjEoVla0sI06Mn{n}KP{3qg;7|b0jp_5n( zdHYce=8hH8NvzTB2*}0S>~aw`35rNr^kD8-E1d(r<@Oq0Pa;@i2zQ~X{O(po{#Q~A z;Vx7aB(W;JWg$bj3snV4tjaBJ5_Un^QL<2^)z@u^?j@8f>wy=J!7m7w7|#Arl1_%R zs8KG`HUFCk1McoZ2p2O&r*y;d@OsC?;UtLQ-j;s~d(5wQ^v!PkxAorkaWT^D7&=row_>*lql+r4M{I`w)Mc{p`Bx%IXZz`AnUvc9@0 zWvbGU^LHD$kzC z@qRQ9|7fDJ#Y^zsAYU`08raL)wn(v${?tCge)ncycDC1h!itKQrVq@QdA#1Qt*8iB zu^Y_s4Jd)X&GVwtq-2&5esKxNNX_e6aY(4w9f$q=594!rToO}X;hQ|7t}ulB;ZzM%D@ zZQbH?P?!6ys0Okwr{^nIP|$yjkjL1H_!8(v>vt}xYgG-^`p70qIX-kY{PqV zy>7N#kv6T3nKIcA+oM8yt*T*%*QI8Ru@vd>hHB9f|NELOcR(zCggVmHL<1 z=m+!oHm+t{9DrPc1@qnDQ_I+_-J)#1k z=&q%{9#Kt0(fE51EkN`WX*`P2NSrk5WONIoe?>G0&8)TmWOT<=A#Rqb{qAMnX?V*i zqiY%c9Z}Y}*8ZN++UY_xmC;W3`F6$5L^QxCLSXsYa~XDCov%ggQbSH(xi%@oo((zb zaV^`yK%(E?S?7zvBJ^&ZuSwJ^NZNs}thIls^EI+&+Wuv}=20_ex+`j}-D4TlSL|!4 zZkmM;!$@13>OR|{IuC8&EU2}=ruw|y;C`q#&k=&dTWgo!?`wpAjoW9+TBX`k?)N1` zCEVivhpN_I!nCDGyDmD_-pRB#k;eH{Yk$nNqtUB|cvJ1T0wUe_7JJBM>-nzn< z+HmwG`ZQNhoO+4A!~PR)66aqcpOJFIdoPh&#I9Ni=MP;XkB+q$+~rBN_pIH=@Q~_eV-H6ec z;_vOPLL5Z_tWP%tU7rfqpL-2MC#O)_UamxH(+-O-arhLjx_U!2*?k z`xQuMqT1+>q2EPzF!;Tnz3yu(wc$`CG|<-AXV=E+_^Me$Pc7iaG)slnvDIwrwBaCOW&dtYfy zg1wc|x4l+FXYj+ma?7f4?p^Ck@dPh-eR1Ac?0;-LR5d4%dsD@KSrIgIt+)D6#RrfO zw4Oumix+H75v+a^MGJ%57#x&+tuk;hEDj{L3IvP8hOHWb{|)3;gJ7xmO5Mn+a5 z@_MscxrC`9tpC=?LBc1kWGe?^@r(4^?e2_>NmEX9m|3xG%^-VpLR4y;bx}cfLigtW zUaE{3W>Fm}-71!yr&xBLV%d3$-Qw&6V`KbQZ+mpxD!(c?HT0emF;1}v1Q8!se#LZpa)U* z-@xTL^ZoXg$9*w{YJ6mWDVF|KKmO1DvQItk8_-M*y__DZd2)KBuy8d!WGS)Akvp^P ztjVpi{73=ovy|M))!!$h!n_1L zYVfa$`JRg(q@oRZrosH|l-32(G*>I`j(w}pS|b`Oozscz zQwvO$s|V#u!-!58rZTia2C~+tD4qRD)&<$v$;hkD(5m>DZ4W*SK?wtSf}8 zW2q-&PoCl%j8|+c5SW3Ji>&nzmCo@d>lS~Z^c?KTTE_`c`r&w!b>*_9ZlBqJ!?p%@ zOp%(;D!-*vb1>wBg1NUTAyXRiyn7(0Qdwoqb8x zeLReHV*)#ntUH;NV&+opWhcXi2PawE)PQNz3;W(=*d!~)VSaQY+6Rf32Yl#XOL?n zG88}~>v8%D%t{=$g!qFDn-c8FI&VDEsIyeCfvoi*O78}p z>{Dlm*-GyTovd}UCAFc1l3-w?ZQlds*F&hDowPg9~Z zZ2YGTeUDJAXQqvKau-^-*OBBf#d=0HLYz8h8W|HI=NU`{NE{#De$a!=rY7U$$F=(g zGHenQ>#E$P^knSGdTcf-os)~Ko4-TpoKR%F)CKpdgdFV2I^lrQIg7};t?a+#u6V&V zAA!ua?o!P5eW;iXlkJ8L8z9?#IRG1HA@cg?3$Q0^{d=Wz zz6Tl6rvM-41`4R42G-NduXMJD?8CrvQWICNl9P!M zJ#$(!0qYo@^mL8n>>}$P8Y*@B%PqbpW8ga((TPk}^_nJ=-7z5RdSy}Xju&jQUJ&@^ zC?A13>qyoUl(kYkPaxR8zcs+ zWYu%NQOq|FF$Ne-dd@e1(pE$nAf5RNZ*z}5=j%oN1T+Td728}>u4xRA{;DMYw}b)G zuS)t0q70CRKJTjvmca?O7zC?IqWkGi#T*;0_=@+*P1&R z%&P{i2YG#?BUc$b+Td#qo@Vf^2H$V+Lk2%(@P30ob2*5e>PgjtpWOth^ZcPJC%abJ zd}HXmovUpU49+sRmBHl(cbA{QR!;w7B&;!5-WyXkzZrV8x4z)U2J;q;t`NUBqWNxv zAJokDKc^$$FAY9p@UI3p2&;E`y}_pqP7JTN;kOWUCH`XYHgM3w3pWS*B*lBMx5{1p zGqTeEi9Kyl7x681WpkFSdWc_Dup-^ORs`%7$AGnspX}zv*P$6vMjccJ7SOBSNYs*5 z0mI4BZUK0xfJjn2(Xg3CR+U?7*w-n0`hQH?xbsguWf*NTj9xPIorb=bx+>sfGLK(u zpV3C~NyFwxgMT+TE7+jkQJ%r=46ZPkU!l+iUqM#u!B9gVWAH?SZ!~xw85Nc7U%-fR zRA(5iH1vlJ{Ry&ag z(g;;FU~m>$*>^CwGr3az*ZxW)!!UzKxkmEPy3Ww2la*6`pF>w-p<#26VYAGzdBm{U z7(Eb~RrhW&jCL4CuaZ?^9~pea;Ijr_h_-X~woZ+0>#NV#+3vTuwLf?*rB<>z;vOS; z6IqSgHnP5U1t%$fm%6IzKMX!XR(ZcM^j{7Bw`=1rb_qCIwWCG`=NnvY@Z|;%HFykJ zRgNEVXGK?_ZL8unAkYVOY@t04$V8++1DUwV*vo-*=0 zYw&h5{BnDPtSWxO&`*I`b{H;qey6VL9gf+kIhw5e_{qvobsX1Ll~BV3RoPl2^Hm0q zG;FRl^ciI3XSQLp*s!_J;1wYo4EK6QROXGL1bhqB&<~PTt$#E0e;f9(@vu>?Pc=A$ ztQywT&|8y(s^C71D4t^Qg9g8C@Q(&J!rKg;w}rvg2G<%q&fwt9Mr5hMn+-l-@DBzj zpu&1i`N`^CS_U{taUpfpE1eAP>#}>e4`4)1&T9>$Nrrxtp)WFcxxs75s^E2G)$Lmi zn->k=q)2*A6Yp%Y_I*al|Ojikm4HFC$})TlB}l5Rfc|}!FL#JlU2JPCG*|_ zw)Nm7#V=7W7yV?y+ipbiCk7uk_*=4add|?plB6SI*OYP#$Nc$s(%?ZQi zlwtF4L${LaE0;)C{?n7W*sDkrBcTOZwXBq^hIFW*k07fSPa-QnvkabV*e@X~KkKy4 z*}p+Yz^@wofx#CHZiZ>8E7#ZH*#_Tj@Y4prXYeU-Pj-OaeQih%aX}z zm>L;+TZ4-Xn+}HF#nAiI>p{`qNElb2Ac6+pK~@!73TEZl+iMJ)M+}=M44bXgb6||k zF>H2Ac2^(qp^*#&K{;->K6R9VSmc7Kcnn}%)g#luszS-+ zwyvIS=&i_YsAK#~jD#9;Yd6C%L!Ura$L<0{zsJy@H1y{UeZQf9X6Rp$^*gJxj0|@R z{>8}P#l1}3ns|dV46ZPEsKGZI{IJ0<89eNy5fK^ng~b`%)Zj9MyBR#j;Kh>dgd~4o zd*Z^FGtRMheCxu~_*4`9b~DG|=JtK><3A1U4XLBS-3{(#FrQqa-SMd%UfsFVLNI6T~*c4thgm1xI*;Pcz}-x(9Ii$3rLy6`C;IzwlJdm7x^V1CV9+Ygm& z&pXsK+dlYYK_E70B;IcS^T~oH9o8Ar;|6asc&ouX41UGFZ%=E#J>{u_nBd2TF7MN+ zKH$ScbbU@6Ebq-J8{V7KHjxI)`*g}C$>Rudo$3F4}g4Y{~@)n&cMc$QDyvVRwYH*#we>HfG!H*mKl)-#l3To^2^s7d~ z-wb}o;13M`$lh`Y^OMh5(Y^AM!50kv)BXjfL3wjfHOJ3eXo~q<7R{{7ACw9%w8Y$-tmiJZhmX4ccCzV@OX(hY~siX>nd)T`^!)F}&8`5Bdc>`5vyWakK zPF|DX?S{0(U_K{Ao31waNrRs@m`@VX_B##!z~GMz{@i7E?LKNG@aY`--7%K36){ch zlb_==n0a=ml`(!h{VcJMv7z5( zFrW7Ud;6WkSlga35;hpj$9rg}uNwTO!EYP_@oh?_XUIb;1R9AZ7`oB0v#7y*gmu0sIr;_f2Wp%IJRis zf>j+BXD}aZp>J2@8r;I*HU^g%Tw!pH!QEW8E06lJf}@RuaR%RD@Kl3m8$8!wK4U{y zw9a7LV0r%;Z|Jx^=IU;TJZXP+)Yqf~pUa_r@VQZ%_ZxiB;7<)cVpshOpM2q?Jao1{ z?6L2KHwh;2CbKFv*&WVU$qIuXGkZzRz>}fM%%^o|-fi$(2ES|YL4yw&%%^;4Kc@`-(coV+ zv;BYQ2-t(uz0S;!R%#9y+{oZ22DdUe-{2a9@o4Li&nv(wx`2L0!btni2~GWF*BjDg zgJ&9iv%#FLR;gWgW9td_r(gKa*u&aZ71)pR233mIhd^z?t55^SO^S2g^wm*Fk z7y5C}76j~$e2G336BDtIF5>KxH8Bs`&A)G%WPf_x7qIuV%}cmkpS3IaVIP#rt=iz8 z2Fq`#D;xQNE5!q)js4}Lc@tvqAgeWHslDrKUlTk1;h3xrO4?*3?=bikgLfPJreyn- zDe+D0k6*F^_Geu?B{e)j73WEArzG18o-fEw|COvN^}E5sV=wqDFSVEa?!Kx?3_oO~ zSbm~OAFb3C2gqt3XBu2+#EVT;7e``=9d7-UBLWy2YCcALh&fx+vFfIVH^?~D!u{CfuTMH%&(1*Zv{73 zycArZcqN!$AfU}t;4X@v2KQ9F8O$#h(B@e%zd+D1h{z5^_^4YZybK<#cqe#*;@7}@ z01Iv21kX_XCHQ8=zk}y1PDac5F*w@uBdhl)=93XtDQ*D{u2m5}eBdd?dx-o$$TV4y5cf$j$#f`o??EDrVSt9!wmeI51+|I=D3t8 z=CJf4(TaH-U#GYgm`_QfeIa<3;*Q{Xifechxm`uNfbUe? z7rb0CXY50YIY}Q=JQ2J>@pLf0V=D_=2!28F?ckk?7lGeWyc&D}9Axd*Ao35D@G$t8 z;zz)I)DCSP2mhdW6ZpL1&0v0tmo}W$k&2%OCo0|!PFMUQm^Zd*{|f)Nz=tIUL_}@ z2H4(E%oUqYZl#_J{z!2?_^4uD^?$9HbLgz%Uf|yp4+e*EiHD!7!9K-7PNGy5nGViU zJRjUd@gi_b#Vf$=6mI~RD&`nhDSjKwyX`FOBXAGJUxE85J^>yO&h;NgClR?yC7c3} zQv3sWykb5J_XfrMh8aH#%e)2PTNRgs7b~s=FIC(Hyi##@@WYCG@{3_ls>tO?;Jtb} z?E~Jf_-gPj#n*t}Ry-d3f#Peyyob-c6TwFn&jWv>cnSD>#r#&wuVj9*g{M>A#AoLF z!3`AiyNR)i`5al^#HY=w=4QKe9imw6lL%!6P}G+3oi#t_AZG#ncCYA5_dm<`Kms!A~h>?`~1N2>gQL zJGuVzChV#E7WIjbIQ8Cx>6vbS_TadXw^-->EKR^ zbHJA=<^^h>po)|rGEi|jc$nh$;L(a}z!Mbr1@jjjSTJY)48;S%{1`NK4#91T$AbA! z7V6W${3i=JI2)127~!Q0HvZBBIRU&yF*-oJpg0fwvf>ut*A%k>{3i?Z@+8E~s&@B~ zh1J1j`n5W`48QnnLnk+q!-N`_>DcP*asgR+tRQ!F^%`}KwsVbP=stX=XRs~NYceh8s<89|Wea;u~23tYFw%dyY#rq8A zj|*sBenX_SYcIbc!sQPefAmCuB7>Jx`coUpTh=UUTfK#0wJ6-=W znv(Xlj=ern{m$9Qvq|aBzz(s$1wzhIl;62waO~?@Aql@khTm(O8GEotNRn1nuf(pd zx2o$I7jS<1N9>rYkQILWEa1#ciF>x*z5F?}uK977rE4n(85eahD^#*L?yFD^CueQk zcZJ&6KCrY=n$z}!xZcgRFKBKOLtG%AA6n_*vKMm_6;v%z*Reo$<34 zY01IQ>9u?-6vNN6U9Cr>%>A*rQ^yi2L(-}VxdEr!_X!L8=`6PFp)Wcn&b~}b&geyn zv%2V*y|sH~n)CBpiOD0BRPH1+Z8&|kj=8m3x3l4##aeQ5x+i6&sD9b`v_IV$F)Zl= z-EHOUiGb64R?;{6X93G?*|`JOC9U>rC-&}rDSpSdBdL9pkR*S8Z|rAD=Tf!gj6Rzb z>hW@SGL7{mpN!WA_R;cG{A6B6^5kqSIY%p#pV19ewb?W;`6E3p6*kIAa~^p-xkmr; zUWLs$vi+sxtE!ck3I{(f_>lh1y9&1f84XfiO4A1NM+u#ua#B`?tem>Sl-zos{AEDr zz-1{b^*pbz@tcD#o$jR$-&p0#5DV z)ZDHizgz!-30e0*>eVHBu#ab?J2CrHOZBX-bhC{u1KXAjRe_Zbx@VE@nMzhUVAsq|d)MhS-@jM)a;1}SpMQg1b1K+&*NIT7Fan};&G6Yz?tz_6Tp32G8wKy$X^#hFLL4{7uR`r0ywmPp|oi;wx$d~4z z6IUi`<$L}L<&Sr#txtB_U0&dCR6L8h!K^oofkB9?pTKIp5u>6`a)4oWrTPnfTfDv@sf3k&75_KdH?uCE6#$GdEe*;6gz14Z$m<9)AlvL^_-4zV&N?KMvL|z zE2)HM9vr7 z9Qgyo^S{$0Um}&ycju>#*Ey)zP@Z&N&TBU#WT+P9yW3r(kG&FCdiUved-T+He{0s+ z@@~67^3+7y+`Tg6$@k8-8=?Hm%h!N&s&BzE-DRbi5&>t;dj;R%Pbo>y|urjRTTj7cp^|1~ru(Va8tw$jNpT5^uQUOGqjRGBlndD+#q zI?bKCpWjqA{t7*CyY{67mW+C%%o+7YdHP6YSne#yt>~bSl5%<3<9t4~VtTbUa995u zHdXX*5R$Mwb#Wq|udwwJgex&h$6qrgtZV4s_ba;VwX576x<3zB%+RB$r2GD;IHpGv zmEb7cmtC2zm(6kq$H0|(EX!rrIysM4PVW?|60VT&)6f5^EX)r{@>2KD`1XVAD_+yA z{oT&j{`UPt6?Y&V4#l_@`#zyMJCLU9SOt3nzZ+fK{(~}APKEo%C~-;qpJGB1 zPybGn740W%*OG%q4a(Cowb9SujeMNNZBjJf$F|Z zwUO&(ZFTiY-FFpE-H7TAw}lMkD*Ww{>PKgVB>ARd)4&dsb)zetoNGGtQP;=ixME@# zEPcGgvinq?N?X3qt1jtSs8sLIwk_=BY+G2f fd4isaTmF%m<}5f-^Y4;SUJPHF^H5gjtJ?f8(RHWU delta 31259 zcmb`w2bdJa{_bBrv%BnW&*m_*0oXu>4Qysf3j%_Yvt$rZ3`iCb7*G*GM1s%;6pjHD z0|-c)4k~&Lh>8h4sE8R1h>ED_(f|8aSIrij^ZVa>pXc`T)byv``qsBXS6BD+boczU zVX5!*x~0C=IStyDx2q_vu6e8=WQEU+5P|J8MBtf$BJk=25jeC(1b!|M2{CtwgzR{c z&>HKGh!3q53A3_A!ZXnRwNE5wbQOuksUorG9Fcf~Pb6-N5s3%Sh{WF}i=>ozk(8Gy zl9sO($w|#b@}Z$3`Lm})@(-#15yGaJ(rKsouVHBqkz$6I_lcDMpO9L3TKsRr-l-yW z@6<3q{*OXh_ZX2jqLoOSoh{Nf7l<_Xut@u`Or-tPL!{efB0Z;8q_=xXq%W8+((jup z(w}@oq@V5~GGe|F8F~9eM%y_eqsQGMWB5Rkaphr=apNJ8@pyQI$T+Y?WSsa+WCpGk znaz)g%<7j!=FmnW^Y$?!^Yz0b^Q&SJY}r=?+g~7pLv9ekOZJH1!mc8?>a++xv_%A8 zx<>@R+a^MB*&@_(tqAqIOoS%=Btnbt5uw#9MCj4aMCjcz5&G_0kyV~5vd-%(vPQ2E zS@RP`R`{lUB5U&vXNT_#M0UlBv%{ioB76N)BK!WYME2wJMfU%iEVAFdM`RyAEpno# zikz}XMb4lzB49tT)jF`3asQNFVCV#S!;i_$-W*5TqD@4tkmx-E>->46NjS)3o2#a=&#?*)I z8$`SR7XEQUwEJ|Cs10@%wN0Ce+VXf&+hvZZ?RP@d-f%?JuKOtx+Fvk7M8dSUMSC6A z-XPkW;g$KK{VU=5qC?16A397G9dsBqM|3#yl;}8kzUVk1Ms&Py#95(JMZ7pGxFbX- zBXk~FEFxjawW6~T>W=jlT^e2{x@7X>Kf|tW4VJg^juVyboRbgug1f$Ldm>FMyN-5$ zY@&`hC;za6yS8up>cNPz`J>h$clTgx`mBgl8k-Pu4xS3Ma;Ls(l|($r%+B`jt?qk1 zw$>y^%<0pGe5hX9oC6Oxj`4MN#wPos-D7`QSt${FCc1gaz9sb%Y8`T)%lBQG5wV)~ zVvCU5yW017y(9~2+{br;%2-wENM9&u^x2YgV2Q7%+k2XC{Mot-{lR)k7JKVD-w;(s zRjCVUbR_2V{~|f$Ua{A=e7;vNl(=IyYM28v(&B6VqYY_%RM7q7HUFdQwUxVL zeAM{G(eik{?nw90vf|I8+~UuoUtXXr+B(mTObfbcV`Jw3J0i&nJUptw`ancF`9!CX zJ8nvYcB;Fp%9d@O*8m~b-8?UDNjqg&w(e;6%w?T+#krk!#W!E#73`dNz?bDKt#Z2D zl+-e9?l2*QUx*58LKHmsXU{swj2)SKFhkRHV25cxc-37)u0#Gp-8NB)W%c?2qEC?(VLx_DCyyVU7?{ zvXCh2-&kAAEFt;;9>7{JJ}c&au+NHZggW_r(W8A_HQ0!lKPr04)LFt8)!dv$>lc74*N`6Kd=SFo>$EC60vq zD5oSgI?MTJPlMPNk3o#iu(o0)0;iA|U0|I@^FTYMl*&kKV3HGX8)PND#geYDwqcbX zSRkA~-}k>Zz9)0tWxWXd_+v=1(|uPr=!VJ#{z8gxZi6n;IsN(OHFy%Ms6Z#C%x|y; zkyu%*?;4pB2+Uy00-2I5k`J>}oZ&s}+AJ4nUBw*9Xzd2X;x{t;e&?Ycc6oRy@>w@- zft=pA-(cbU)W5zO2UI zUY6d>f@=IdNyang=@eGO^2;5eVJiE3Cd>2BfPEu5L}qe?G@gdOnSCup5pySMLXy4V z6Y(_7%V#CAgb=Ka`<(;5>}KI3zWg|)3(@o&djCQWta{59F+wzx<$NJWSTT~C%Te}) z9A(xZInKV4!>kF1H613flw+QE=79HAlur1#&ABu}D7Q8~6mfq-x*rAEbALj)Z^D{K ze4cdfyTC5e6<m-Z()9Hzx-za7Xb<$1H_!+=O&X| zz6a$Y7_|HZ@Fn3}fFC|v{sPD+a0aamg9=}P)QW``qPUhe^dU6J1iVhj0}O*r%T|C- z0WA)~xR!1!p|nP5*##e?8R>%$|C*DF+Hht`hmG7$zglY>pxkevO@o0b`T`#>Wr?uZ z0=?K8?2ElXln9uAo`qEA^JfdO&r7sQMM;s8ih3(JqSD%ml5r|u$r3;z@)bP{=mm&E zi;As*zHqWA`VQJ8Xd$T$qE-_A6XJS^0wv(%A!e=uJPGLHW%kGK^NS)LUMLPx9%Cy+ z(L!iwgqSWhwBbmxH7F{4OvK>qT&3N7cG^*Bb zK+juAG15Lo4w1DFA6BN%It?rAWi~a*iAbH)RuM zPZriqa#tIIgmPK>N||p7;|Exx7vF?<8RpZQWp#EkHXtmlTjb30Bcg415NL}Ul(LO$ zeP6_3$Xp363Hw(5#eh;kMJJ^GfWDBUhCObTauY9t+=f%*9e|$naJLVq$s+$TXaneB zD_|0!lBq49Mr>^u(JGGA-H;X|_Y$as&FQj1;)PoaMjTDDQ z`%ylVhxir**qsYlAhLU)y;7h=tJdO6mx{BN1e@l`3uR~5QZj;}p%QZ{|Qu+EnQW-9bD z9)EgCr}xWfxv(yf(T^A%Agl{ztN}(&*`_+!V}`LZ@SVpKGW4w9`X$n(=?()SCvX zk>enJUhK1 zTTCxKq{R?C~%f+(Mc)Um!49ijsVM$Vs&ofRpOivVeh{Q;T@0p!SEM zVWUYcDH)v*#$HOp$x1AwsI>V?t2VT?(AdWpNlhK`BYliHpoqIaEw1^m7TAl6PN8+Q z*a!>szjC6tLSBq0IRlIO>6Y`LoNnVpJSWx~cBQpPPPcMz-PjTHP3gp$_$so;cR9-M zhjGH`caJ<%zlJf+uY2VDx)D)1zcN?YJAgmsn}uwzAjLa?KP?a7#}Vh8`cFA;{>d2T z)V(s6jj2Z-9A_e94J-7b??&vx^59s*d5H(d3jvi(l?TVG5UW@Xdv9{W!IAS{NiGz* z1)Bo6weE)>y%Fk^_N1XrhsF+kM`~XG4dijEXa`cbr$wP@=JexRC=YMmfo*~C4s1M1 zhW8=|PZS%;9NrNS=Mt7EI;c``*&MzG`xop-T@OK&TSgxEng$WILf&^8;Dzjmjo0Fs zQrd+&J9P&dUD}ngClNcym^`-%`PU#GK1l(`#w?kfjLFYCHfG7>Qp8K=2`gKs_Cu`0 za2`3cWhypO2l<62+usGgd~2fQc3q3|d7jls)@v#<@%yS5E5l^&(Ie11UL3}-Xzb@% zpf#!tBPQR^FUhYVjT^o|#*QP_hTrP?ppbEFVk`e}90CePK|`UH)LLJHhOF8`?v^D#E$>7E?YYdE0~@~`Q}vgt5f z^a~96eW*$r;`|b)u0<*6F;4VDRc<*a%hNHM$H%>$mI} z*m29gVcL18o;VQm)KhM-qG_;W*Z&~x21|eH44%hpQ8EVx-i);b)bu)hShn05L1GZ2 z8~?^URyq)RSWa2p;g3BVkh9Ko#Jrvj$ZU5pE_*g0r=3?34`C}MN^5U#Pm-3uAf+8I zdhikeSXe3k=TTGvclel}#sEcr88{6Sc?%jje~rZTJ9ROKDwd)Oe7uC|{v+7)aLGMq zp#Nu_eN}KrbL5~KDu<))&oE2|@rWQ|HsT`*zU6pJ6`kHkc~(Il6mPbQXX88l0xPR! zl~m;*^yKX{F717`v2;0JyUZ4y9^#Z-J)_=g0I<^_=IwmrIqF8*o`3h*s`R)Enyh5F zP;_d7dCBVcV!heDz)trv^YFvxs10d5{^Z%JbQz6alP-gz)AP)GC=-fm_bsWH2f@j zE0|Y~l6X}li5EnYD2elaMrPj^GM!h5&Q0$|Bj2%ToC}1_MCn0(a3G0p6H!Co&(XY& z=Hr2O>_{czgAb3eh&rhtb!jq185Rpfw~o+`cH9*@~85 zYgs7}87W?IttEV+HC zeQ2^@;Bp)x1MP_tm^C($vJqqwp}W&%cE=3ok3SpRRh?y?=|=@YIXHTjgF&W)qta7% zXSx-e5pIJlmKe&_KO~Ok%5$=C(I&GNLnBTsFZ416H`hm5tv_@$+;md{s+fy_Qs7Z8+wl1g0y>E+794|u<9=%* zOa9hN;)<2fNvuUV0&;Q13h5-)=qfLXwc#aiSfM6i!N~>86>Ft)z^_~$!RH|aOAO;G zQk6fws+{nWxQbK-Nvw+evLl9Z6{!l6Sd~i<;1H{@>?m0%((3CrO!pGZ;9D--2A?BX zVkG!GBBn?A{NGw}F`nY&&9?{T`bWoQNhi_L3DW%Sv<=N<~d^4}AVi-ng&W%-uW{g$S+*TL0L$;RC3Ln}EB@Ybsfhag z?^TqqyoL58Ymf8ELi-!*4rl)&yD0Nt^I1jz_GsC>x8}>$ zb|)ch-(vmh+!eN)$Nu4oOPvE@`$B7_6IyIfa<5%%-{^DmuCv?tn|8%ODp2DJ$1BNu zvBqqHA3cS54k5{zn$sj0#uP7Qd7%T$WbP$B5$J-u2^Z>eqQIK^#n72Vo%>H7*3_>z zbnZ+%*P#9b*oQUkxo0)O8u4s7(}HCJC)-jlL3DTXm)WmbPTg{B$Z@>_gWZ$80@;?c zX@&i_lhiwq;q1D}&UP>C9eBuczB?1F^?i4RQ`$Gs*Z12M&SI{ku5=Fe4YYE~R@qJB zlCQ)yeYhU%j9q1)A9oDV)iS!B(YZJn#*6Qds? zI#@=3K-5<{eZzo2rqg$|y(3}pbnj%G$)RvPWd>A7jn8*A<4xKU`upR%f7Gt-SugLTL>d>(#pk*=!OA=A6KX1?6ZG<6*^ zot*FeTr=2NhGgHkc<1D$@tMwErrmdqH#7!2?=x+8{DxuvOegVHBz=b@Zq>m~^IMVh zT)eYme_Ez9hH1$Qgt$VcUCp#V<2NKlWjc>CX#tWr*akZx1Hp!zRc8{&(U{7UvFoo%I^k-&p$ogIkDbO zwz@e<>+N95)92(}>5Qek{~Y;6Pv$RMW-b4ea_aGOR0UAeLX9T7N5Q@*qJ{Vud`{f`(E!uU?pK}TtSd5CKM9d;>;EgtB#dB{(xDhcz*`Ks)^^9Mu2y@-0=88-rZ!VBlvkLc&*-EL<# z+bvfT&N;qgmpRYfZlA!+ zwEYe{$0-{XNOz9hVdpv%Mg^KUjqU{9L#^+f_Ld7fiI-J)@r91NTSo_$`P>`swwqf{#`wT;w`#L}vz5@-GvGnQ>gSxA5GWZxz>{(* z_4hcBJkaANWOahv!r(RrbE|0k3Nkk{mKp?Wh_iT3e6W`~o9sqO6~n<}4abLCEc(O} zgAVk87CvLh7t zM%+>!Xlf~)U8frxu zxf8hG9+aTAR}FKIbXIT9LFcW@TNFHJ2t9DWU6RH6sKsjRf!v1uos;+5LFdCsf%C#E zp{JkcB|c3?8+jgcz~Cw)Z8bK(QhEpIUs+*f7)oV)vP7MG7}*{U zz;XpbdLkxL_)egIX2il_LXJZDGJ>Hampptjfg^`(t4W~+bvSB^HCsd*)Jd{^5dh10 z1lml;dLkJ%$%=J_u2DM27I~_zX0=;YLI`WJ*56e+w>Me0_;aP_VNKRLjwiCjQBZkx6?!=O`lU zwz4bId2qtA2!YJDKC77Rdsi_VCff}gHbAypO=28{$ZN|TgAsJdxJT_^Q`oZd93Ohr z%MO9a-_&J?obPOW)Gi6bG!N1`nqp4l@&E#>#A=gmj8iTy0(F)|*7^aZx51jM`-{^R z?MtyHYyAhMbG(Nc(MJGY+-HUwY8)GCobu8ib+(6WW5aUc#74bNvF=|wPVb2iEZGQT z_AgnFr9w|{F9#DNx}#b%0n-?r&<8VfBan3u4VStTwZkrK3Oyas%b2X{HBBaa+kk8j zcfPnHP-69W(yt5@W^w3aVU4WO5@jW8@r4EQbQf}M6{0=jSkY#6K>XWCbGrgP6uyCd}-&={b9x6>X= z=@_C6kcRKV$s#1qD-4jHP*Q(H86bsrdse)8Ue5u-t{9 z`2mC9F!)1*Wi3?RUksh|pY|iGrEHEHI&U|JO&Hm*uXqv34GnH(aJ9km{&(f{dPA4j zNR-YCOS%%j8yxSi*9-h8UmKMh3A~|Q>o*zvPlI1I_$`Bv8r&7*M*Df$;BPdu{e7bA zjYb>1l8nG*HP&g0d8@S5-qUxJmHq_Qv_bjeMe54tHL~iJL*!U5?_qE_O+~&mj82kO z=G2(_44Gisvw#BX%BCe*6;MHr_X?o4#Z(Z&==Qtustf8CbxAdLyxftQ;*h zY}OgNW9au%SC!jA=A3|KH*FNZAZ^(HSPmE&-ZS{L!G9YZ+n~OH6oa!3ZbI(p`EP6J zwFaLTHX^+Z9za$#9Rg;p55m_N!{!o$=Na}3$*SO+4V!g_%~r*gtlthJ;RS;a82pLB z$DB`Q2ZG^f3!_d(QGmM0*jSSZs`f7vkHh3#pRqi3O+Hy}D zHZK~?yTzqFhwgD50e??cng4BMh{2AdTWph+O}e2sB&$l~8#YCTO*_M;BRH%b^)ZZw z8a$G$3Y%!?Q^=~YB?hlB_-=!@8vJ5ChsD3@BjS65eRh2TY2-F?c!+j}KAfz!>sYcn zZ@L()?ky5mQ&(eUslhAAo!S3b)*A`;8T_C$@@$?l^w$hNZ16FIPa7PCJzrNMfvhT; z5=MkIy%lBT8%C`RE-^B6AQyWTy4cV!0n-n!hFncuwRo|?%MD&dhP`b6os1NDPWPz< z#$E!`=_}wv)Rogu4F1Bf=c9DGWl><}{SkRHsjIv>WHp}h5>US0eyt6oIx;eI=?2!0 z1{*e`4W3}wUqx0ubgQA?2Bx1VoWDFkT~;Vhh{qxkbf1yo1#+=-bg!Km*-QR3Y@;#y zb*tjZs#Tn%wBCrU8d6}`lo>Yd4X!h629mwJVKLN5m|mYC7Lki&M~V9l{XxV2NwVtx zeFnd5*c>$U_sOc#ze`qoNp@0w!ubZzGI*20uNnNV!N&~#)8ORfdjGupQdgn|&+$bf zBMe?(FmGDa8J;1ldEo`J`kL@EI8E`#)K#y1Yw#I^|0ctaY(EE&&JZH20tyYit-<{H zN!#}%tAcxz)mRy2*i16`GQ(zO3ilFK)45Dgj+Ps|*5EA$KV|T{27gIz?Twr0)Ow$d z4X%hV+J7D+s>OZDAusblaGK)D)Kx`i8GOCLYYleD%I7_XzQf?h$zf&mqLJYpgTFK~ z{M+DAT789@8C*hEl`bc%&2hfL1Ic+_Bf}RN8AgNI;-yHNOkGuOI$5=TzG1(}uwP-= z+-lg|X4pJv=#P*)dgD+0lMz+GO9sDb@VjKyvQNosZivEnT&>5FRf|Jp~>d^Kv*)3ZU(Vd-NS z4KR#GQO|<`mWvIWD-2$2@K%H0H29>!f0I?;#0RgJiUXV_as+(`UFFtO6GXPGS|?rCzpHrs(L*v?qHIyJ93Gq$7F$315(Lq=WJu>?Z`#!e=LKHgmL6Ho<85u zmyy*WVU3~RO&;sn-)rdG4Sw3-mks_RY(%1PHBi^OiNO~bJlWt420v`@QwAS2_%nk~ zD#p$rL<06nU2vIX{Hz-6>rQ^vULBJV;$!T&bca>l-e-^mkrsR<{FTrv#Ka_)S~E*xKBNHqp`HuyY)`IZ6g z?jnQ78$8M2E1e&TOM?kZ3~8xz;Z1?|PW;A3f$$zf|EIyv8~lpF2Mm74;P(waV(@1M z^Bo7e>c4o5(-ACx8VSPbysb3YHjS5}RIg`<&`j{FLAC~6$n~4JL^^j3Y$J)SUqg; zZiAn2-b4;(%(pF@gx@#x4-Mw)33SOn7<}5`GY0e8tG1Wd&s6Oa4L#N1MjoS+u@pG| zLw5UwK1TWg=fXpFVHRJ1pxw&LY0B+m*O2&z2JLXA!M7TGo52qn{D{Gi8~mif^6Hza@avxL?WOM- zM*nhNScCJ&(}r}$V7}c!*D=xHOoQ=;)rbw>-=OV_4X!e{)?mKo0ruYUyPuK3_c&-r z6AYFY^MmGH2JwHXKb0dSB8r;%gKDn>$J2;&`!aaTcoX*!Y3ucWoQurXhwwmd@ zQ*9N7*BH`zgZcQo{`R)p;HM3K)?hv$ukGJ8_(Ox`6-J!!a^dsyut)D;IVB@bi;wL_ z34D}ZJ4$y3eT<2PPt$9u!nqDoM?O-or9lRdFnEl?e41X{&v2SMf%XY}3yPN3IcZ1i z!XbRNUQ6-O`7jR0eiFG$40`Z1|K*0dxL*5SYE%xDL)sBml_pE8_dVdwa)jZXwFM& zUms~=B(yfT#9%(5t}}OcwjRYzki!jWl))1XzSLko)UI7DF!(xyml=GE!RrjZ(_`hSZx2KlCh*~SUEC+mc35@%$&gMP%xC4bX}rNH24^^%UXKns`*%bK zoIS5chr->NsIEEmGPu9NgAE>O@K}TSgu3=K+hBPCSovRU=*v9z#?MVgg1kzsGW^5P zA29e~gLfJ18vLrkuN(ZX!5<{^=&1_(#7OwuU_L>wZGJbHFH6#Tl)>^UwDK7=^hO33 zXvSK!)Ddt|ihJ;mzy>R!CwB+zCR}vfDc#?!VU4QG7e;2jhgA=F-Y2d3Bw1~NQ_ee^0_{8U zW(wV%v-tg3H94Q(t8fvKOMqV>R59{*cr_D^a4y^&_%+-dCcHH<6$iK?FiRwN1^=X& zw=w;ucr2K&=%dXd~TP#9*lc`@uqx4ZbO7O z`I7Gh^PPm``@nqp8+j|ZR`E7)o#IEpJrr{U^;XQmGf?p{FyC%NKLV8>qu9^8mHBKv z6ZnYhG{t;!mCsmF=Y42=4IP<}rQWDG54=h-Zw|jzF~`*%ig|zcX2r|Ee8(;Q@LtP@ z$^0FbPdf9hbxc?d<`ZyaK2f_@@x$O36+a2yulN}-Z&srHKJX#Myg~mX#oR2PDdw%$ z#}xDK_V5W6;obMA6mwJXfh{`arm!*0Qq^9Yq8Kx@;L}*taqUwSDCPidrMMNiRB>By zwc<`-zNiCv!=et6?kb@x_(H{f!9x^t0FG76K{rY9W#G#dPY3fsC{}0*_-e)1ffp-Y z3SO@G4)9t(wm&m$M1)T&k?#ic=_K+$z>g^AVBDqnVem7G9|hwzp3?p?@P5U+!S5*E z1O7ha)Sig^!yKgF5gp^CG>qZIQt zz6pwXC+DS#EBG|~6)IANgfKY;HNdh|F{i85iu1vI4<~Jk!S^WU_3{T5a}4cP+zb4) z;-O$(lVsk};MXOi|2c?0Pzlq)pD5=2x?d{h!1-43t>7OOKM4L+F}E=k#7*mQT!b^U-6IN=8E~ELcXGpPWeW@D#e_9cukXfHMpnZ zcHq8>yMl))?hYQOINTGFDJpUSm@h)6qdwrdibsQam6Q4e@CwC~!0Qy_%>?3h#g~Ea zQOu*}Ly9>AKBky6;8W3@|KXIg-U}*WE%;T%>%ng-z90OaV$OOWD&7nJRPl4*uNA)p z{$BB`;GY%02L4^~dz}CMI9Re0pCAFxsY~X=5qvc)bsilv6!SjzEX914UK_GH(3UC2 z@mBEWMe4Y4BRVODE746ce;(*Z=37E@5gDoy+JMI^t^{AIxCeNu;y&P6iu-}*D;@}5 zte7MG2E`M=D-}-y^TtP3ZaO%8yNb+2WRv3A;QJNN1@kp%%y13(F~v*3Pbgjuepc~X z@Jouhr@XG%0l%Y|Q}1Dq!}7l2PgTMuBpg$GFZhJwE#Om%d5q_EV^(M{m`{gtu0b`SrD{;vV2$irMY`754`ZQ#=SfS}`Y? zixrOnU#6J7%j?YazZ876;^in`@Io^ac;<7RV)n#x#rJ?$D}EHbLGiQTjf&p}-=p|r z@Pmqvg10N?ap7^rzkr_xhgmS^{O47|AK;f2r(lG?u9#;&?}4GQ+zSFui|Oofs(QR%t2%lBRqA%a=GGUFkin-9Ss#%D{cl}sJI3AI>l_j zGWUgt1EYNI*x&7=R=713EYIQCt$+ADKt{W{d_d-549gef5|2-kOFjOR+}7h*99;A- zy6NO{PtPN>bS!Pil^&B+`%6NM(0K({x6G*|7E#I{Uu9PxeIAZ zeGLDGvRwbW3DSxZ^k1x0m3x0K@@A)mGa>EIJvc1kUkxKM{ISXL^CPj%|4eu+lIGM+ zuL-%+K1>+jUK@D+e#lJR8S&>F?SLvjSCZI0J7Og>Hn|}2%8n69{>#bsWr<(aXT<-P z1l?Vm6A!i3R_^Mz6DKuSu?qFiC}$FH(0MA{&8bPzN!kGabrN)6$WIzGMJrD7Rk$kbCNel+j&d+o_8GK9uD)+>&0WD__N-ljSaaI(>Ktok#wUko)tm={M+qu&Htv$7Z~xcOkgp zKMGw{kg*|RAph6MEiBK7ulFqfWa#9g;Q8*lo*8}hxR;d(?HQ3VC1UALyDH-s-GNmb z8h6QZm#)Z|*hW{#J-H{NyY9a#2mKdx2fdNes6ZPy*i%C8>XR8u^e$254at(k%ueb* z`l_m&WEWk1bIZ(EbSGB1=)}7%_e^c(F1;I9IkFdD8fcH=h7{p!)+g?dv}^G}A{zOMwoZK}&~k#S0Wo*nU_ z>3KR$T6bz4dOBjgXFzC4ruuK9y(81I+)bB+*48(HJ?fxGx4C~@8)~GxwVK^JKo3i= z4y$&A%C%QKu=Qpp2K{@XQr&|!-v2h0o(N6Xdu@$3=%1^|YN&@<4SVns%e}BiR%G9( zar4GzEz}LFkzM7Wt6p=LEy&s*$>|Nyt8UKPlCD}?uQQ@I+QG zJ=4N{Rd&_|+Q7x`8mEV1jf>r~X?+oL0$H~;dyeji8W$b(WhCa!FljGmM|!HpSv@4@ zkem2^_SN;(lDq%C-)4`{Bew>-M99r;kdt4e>e0^I2}V}r6z6Nng{wXpYFkZxGc()$ z^Rk?#x`W$!W4QBmIoFox98T#YC74xq=2&_JwDan-_nn-p(+y7!Je_g-9?xm5n-0Ub z6SE$_J$GVrW!LFMu$%M7>R_@vv_)=EZ;y5x-olY-Ww+dm5+kM7Jzmq*EgqEX=!0oH zuVX$Rm)k62$nB8S@JBt4+c}H7HvG#iYu)htNc&t!-BssRmwJCR_Qi;XqZfE?C>`y9|M_~q z;q*CL!tR5;v`?cH^?z>FrSiDfcxR)sVcN!#rxMfR8ozgaL}FJio3yI2J84zkyUVrg z)`jvb`{|g2SeCo~lKh&pq^@qJoBwlPZRIA%6qtE9z$XqV`1gg{z#H?6|4~rX=WOY~ ziGua@lALcAcPLz{=9}ua9D>W5^euFo^lkFviz;th*}cok)0(>FY0dV15Rv7ckoH}( zx0idz+v;_nplkednt!G{Lj9YX|BdF8PpfQYF8)()!23Gpl%C?~ytCy+qqXGXZ0)f{ z%B8cN=V{4vTQyy*)4k3e{9CJ~*J;T;dQIym$3J}w4 z>J4_RESabF#%i1*K2q|r8s63Aa&~U@ddc6-lmn!nD#;oZiS_Sa`rslR+w*3r)n7+s z)<%un4pLKab-8!+xusj%Z9BD*TlZ_*J|F6s+_Vnni`MR;x66j9Ndp<>xm0godG{`+ zX~^AiUip=^N~&;h7L>KD<+=_*6-b+x`4@HF{%JdfmA3-geVF>pI9;zRlj#2c_Ij9ggengcpAOYBHun(`%JgwTs#J$=Q)u^3aY; zb-VF(k7xV4FYZ{WPJ^qf-IMoseDIctIsEm~GX&C}==A!%I!#vS@Tkt!x>+?;mK9&u h*)6`VZoA&Oah}2NM1LHw`%9e?R@dxl++{|a{|{Ow5$pf} From c91995ca2baf4ffbf72ede31a0c7c48cb72179b1 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Fri, 30 Mar 2018 12:11:37 -0700 Subject: [PATCH 04/17] Use String instead of fixed char[] for SD paths CertStoreSD was assuming 64 bytes or less for entire SD card path for DER files. As there is no hard limitation like this in the FAT FS, move to a String to allow for unlimited lengths. --- .../ESP8266WiFi/src/CertStoreSDBearSSL.cpp | 22 +++++++------------ .../ESP8266WiFi/src/CertStoreSDBearSSL.h | 2 +- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp index e5424e2767..4245366ab4 100644 --- a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp @@ -23,7 +23,7 @@ #include CertStoreSDBearSSL::CertStoreSDBearSSL() : CertStoreBearSSL() { - path[0] = 0; + path = ""; } CertStoreSDBearSSL::~CertStoreSDBearSSL() { @@ -56,19 +56,15 @@ int CertStoreSDBearSSL::initCertStore(const char *subdir) { int count = 0; // We want path to have a leading slash and a trailing one - String cleaned(subdir); - if (cleaned[0] != '/') { - cleaned = "/" + cleaned; + path = subdir; + if (path[0] != '/') { + path = "/" + path; } - if (!cleaned.endsWith("/")) { - cleaned = cleaned + "/"; + if (!path.endsWith("/")) { + path += "/"; } - strncpy(path, cleaned.c_str(), sizeof(path)); - path[sizeof(path) - 1] = 0; - char tblName[64]; - snprintf(tblName, sizeof(tblName), "%sca_tbl.bin", path); - tblName[sizeof(tblName) - 1] = 0; + String tblName = path + "ca_tbl.bin"; File tbl = SD.open(tblName, FILE_WRITE); if (!tbl) { @@ -100,9 +96,7 @@ const br_x509_trust_anchor *CertStoreSDBearSSL::findHashedTA(void *ctx, void *ha CertStoreSDBearSSL *cs = static_cast(ctx); CertInfo ci; - char tblName[64]; - snprintf(tblName, sizeof(tblName), "%sca_tbl.bin", cs->path); - tblName[sizeof(tblName) - 1] = 0; + String tblName = cs->path + "ca_tbl.bin"; if (len != sizeof(ci.sha256) || !SD.exists(tblName)) { return nullptr; diff --git a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h index 0b95f27cef..77a7785c7e 100644 --- a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h +++ b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h @@ -37,7 +37,7 @@ class CertStoreSDBearSSL : public CertStoreBearSSL { virtual void installCertStore(br_x509_minimal_context *ctx) override; private: - char path[64]; + String path; CertInfo preprocessCert(File *f); // These need to be static as they are callbacks from BearSSL C code static const br_x509_trust_anchor *findHashedTA(void *ctx, void *hashed_dn, size_t len); From 2c31676aa47f4f8a1e0720231111393c248df176 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 1 Apr 2018 20:45:37 -0700 Subject: [PATCH 05/17] Attempt platformIO build fix for SD libs --- libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp | 2 +- tests/common.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp index 4245366ab4..af76c9a9b3 100644 --- a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp @@ -1,5 +1,5 @@ // Removed to make Platform.IO not barf -#if 0 +#if 1 /* CertStoreSDBearSSL.cpp - Library for Arduino ESP8266 Copyright (c) 2018 Earle F. Philhower, III diff --git a/tests/common.sh b/tests/common.sh index 31fd7e3908..6b22b8b1dc 100755 --- a/tests/common.sh +++ b/tests/common.sh @@ -146,7 +146,7 @@ function install_platformio() { pip install --user -U https://github.com/platformio/platformio/archive/develop.zip platformio platform install https://github.com/platformio/platform-espressif8266.git#feature/stage - sed -i 's/https:\/\/github\.com\/esp8266\/Arduino\.git/*/' ~/.platformio/platforms/espressif8266/platform.json + sed -i "s:https\://github\.com/esp8266/Arduino\.git:file\://$TRAVIS_BUILD_DIR:" ~/.platformio/platforms/espressif8266/platform.json ln -s $TRAVIS_BUILD_DIR ~/.platformio/packages/framework-arduinoespressif8266 # Install dependencies: # - esp8266/examples/ConfigFile From a6f0042562ef479cec171f7c267070948a839f3f Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 1 Apr 2018 22:32:54 -0700 Subject: [PATCH 06/17] More PIO build attempts --- libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp | 5 +---- libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h | 2 +- tests/common.sh | 6 +++--- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp index af76c9a9b3..7ec4873704 100644 --- a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp @@ -1,5 +1,3 @@ -// Removed to make Platform.IO not barf -#if 1 /* CertStoreSDBearSSL.cpp - Library for Arduino ESP8266 Copyright (c) 2018 Earle F. Philhower, III @@ -19,8 +17,8 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -#include "CertStoreSDBearSSL.h" #include +#include "CertStoreSDBearSSL.h" CertStoreSDBearSSL::CertStoreSDBearSSL() : CertStoreBearSSL() { path = ""; @@ -141,4 +139,3 @@ void CertStoreSDBearSSL::freeHashedTA(void *ctx, const br_x509_trust_anchor *ta) (void) ctx; // not needed CertStoreBearSSL::freeTrustAnchor(ta); } -#endif diff --git a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h index 77a7785c7e..7b3d462ea0 100644 --- a/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h +++ b/libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h @@ -22,7 +22,7 @@ #include "CertStoreBearSSL.h" -class File; // Defined in SD.h +class File; // SD cert store can be in a subdirectory as there are fewer limits // Note that SD.begin() MUST be called before doing initCertStore because diff --git a/tests/common.sh b/tests/common.sh index 6b22b8b1dc..f634fa78fe 100755 --- a/tests/common.sh +++ b/tests/common.sh @@ -145,8 +145,8 @@ function build_boards() function install_platformio() { pip install --user -U https://github.com/platformio/platformio/archive/develop.zip - platformio platform install https://github.com/platformio/platform-espressif8266.git#feature/stage - sed -i "s:https\://github\.com/esp8266/Arduino\.git:file\://$TRAVIS_BUILD_DIR:" ~/.platformio/platforms/espressif8266/platform.json + platformio platform install "https://github.com/platformio/platform-espressif8266.git#feature/stage" + sed -i 's/https:\/\/github\.com\/esp8266\/Arduino\.git/*/' ~/.platformio/platforms/espressif8266/platform.json ln -s $TRAVIS_BUILD_DIR ~/.platformio/packages/framework-arduinoespressif8266 # Install dependencies: # - esp8266/examples/ConfigFile @@ -243,7 +243,7 @@ if [ "$BUILD_TYPE" = "build" ]; then elif [ "$BUILD_TYPE" = "platformio" ]; then # PlatformIO install_platformio - build_sketches_with_platformio $TRAVIS_BUILD_DIR/libraries "--board nodemcuv2 --verbose" + build_sketches_with_platformio $TRAVIS_BUILD_DIR/libraries "--board nodemcuv2 --project-option=lib_ldf_mode=deep+ --verbose" elif [ "$BUILD_TYPE" = "docs" ]; then # Build documentation using Sphinx cd $TRAVIS_BUILD_DIR/doc From 67afc4875050227542feda1d3a724a718e6f5391 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 8 Apr 2018 10:36:50 -0700 Subject: [PATCH 07/17] Move axTLS code to a separate namespace In preparation for moving BearSSL into its own namespace, move axTLS to a new namespace. Add default "using" clause to the header for now. --- libraries/ESP8266WiFi/src/WiFiClientSecure.h | 73 +------------ ...ntSecure.cpp => WiFiClientSecureAxTLS.cpp} | 4 + .../ESP8266WiFi/src/WiFiClientSecureAxTLS.h | 100 ++++++++++++++++++ libraries/ESP8266WiFi/src/WiFiServerSecure.h | 24 +---- ...erSecure.cpp => WiFiServerSecureAxTLS.cpp} | 4 + .../ESP8266WiFi/src/WiFiServerSecureAxTLS.h | 48 +++++++++ 6 files changed, 159 insertions(+), 94 deletions(-) rename libraries/ESP8266WiFi/src/{WiFiClientSecure.cpp => WiFiClientSecureAxTLS.cpp} (99%) create mode 100644 libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.h rename libraries/ESP8266WiFi/src/{WiFiServerSecure.cpp => WiFiServerSecureAxTLS.cpp} (98%) create mode 100644 libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.h diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.h b/libraries/ESP8266WiFi/src/WiFiClientSecure.h index 7047fdfec0..00d6514095 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.h @@ -20,77 +20,8 @@ */ -#ifndef wificlientsecure_h -#define wificlientsecure_h -#include "WiFiClient.h" -#include "include/ssl.h" +#include "WiFiClientSecureAxTLS.h" -class SSLContext; +using namespace axTLS; -class WiFiClientSecure : public WiFiClient { -public: - WiFiClientSecure(); - ~WiFiClientSecure() override; - - int connect(IPAddress ip, uint16_t port) override; - int connect(const String host, uint16_t port) override; - int connect(const char* name, uint16_t port) override; - - bool verify(const char* fingerprint, const char* domain_name); - bool verifyCertChain(const char* domain_name); - - uint8_t connected() override; - size_t write(const uint8_t *buf, size_t size) override; - size_t write_P(PGM_P buf, size_t size) override; - size_t write(Stream& stream); // Note this is not virtual - int read(uint8_t *buf, size_t size) override; - int available() override; - int read() override; - int peek() override; - size_t peekBytes(uint8_t *buffer, size_t length) override; - void stop() override; - - bool setCACert(const uint8_t* pk, size_t size); - bool setCertificate(const uint8_t* pk, size_t size); - bool setPrivateKey(const uint8_t* pk, size_t size); - - bool setCACert_P(PGM_VOID_P pk, size_t size); - bool setCertificate_P(PGM_VOID_P pk, size_t size); - bool setPrivateKey_P(PGM_VOID_P pk, size_t size); - - bool loadCACert(Stream& stream, size_t size); - bool loadCertificate(Stream& stream, size_t size); - bool loadPrivateKey(Stream& stream, size_t size); - - void allowSelfSignedCerts(); - - template - bool loadCertificate(TFile& file) { - return loadCertificate(file, file.size()); - } - - template - bool loadPrivateKey(TFile& file) { - return loadPrivateKey(file, file.size()); - } - - template - bool loadCACert(TFile& file) { - return loadCACert(file, file.size()); - } - -friend class WiFiServerSecure; // Needs access to custom constructor below -protected: - // Only called by WiFiServerSecure - WiFiClientSecure(ClientContext* client, bool usePMEM, const uint8_t *rsakey, int rsakeyLen, const uint8_t *cert, int certLen); - -protected: - void _initSSLContext(); - int _connectSSL(const char* hostName); - bool _verifyDN(const char* name); - - std::shared_ptr _ssl = nullptr; -}; - -#endif //wificlientsecure_h diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.cpp similarity index 99% rename from libraries/ESP8266WiFi/src/WiFiClientSecure.cpp rename to libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.cpp index 02ddac5795..c8c083587c 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.cpp @@ -51,6 +51,8 @@ extern "C" #define SSL_DEBUG_OPTS 0 #endif +namespace axTLS { + typedef struct BufferItem { @@ -905,3 +907,5 @@ extern "C" void __ax_wdt_feed() optimistic_yield(10000); } extern "C" void ax_wdt_feed() __attribute__ ((weak, alias("__ax_wdt_feed"))); + +}; diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.h b/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.h new file mode 100644 index 0000000000..e836d7bd5f --- /dev/null +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.h @@ -0,0 +1,100 @@ +/* + WiFiClientSecure.h - Variant of WiFiClient with TLS support + Copyright (c) 2015 Ivan Grokhotkov. All rights reserved. + This file is part of the esp8266 core for Arduino environment. + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +*/ + +#ifndef wificlientsecure_h +#define wificlientsecure_h +#include "WiFiClient.h" +#include "include/ssl.h" + + +namespace axTLS { + +class SSLContext; + +class WiFiClientSecure : public WiFiClient { +public: + WiFiClientSecure(); + ~WiFiClientSecure() override; + + int connect(IPAddress ip, uint16_t port) override; + int connect(const String host, uint16_t port) override; + int connect(const char* name, uint16_t port) override; + + bool verify(const char* fingerprint, const char* domain_name); + bool verifyCertChain(const char* domain_name); + + uint8_t connected() override; + size_t write(const uint8_t *buf, size_t size) override; + size_t write_P(PGM_P buf, size_t size) override; + size_t write(Stream& stream); // Note this is not virtual + int read(uint8_t *buf, size_t size) override; + int available() override; + int read() override; + int peek() override; + size_t peekBytes(uint8_t *buffer, size_t length) override; + void stop() override; + + bool setCACert(const uint8_t* pk, size_t size); + bool setCertificate(const uint8_t* pk, size_t size); + bool setPrivateKey(const uint8_t* pk, size_t size); + + bool setCACert_P(PGM_VOID_P pk, size_t size); + bool setCertificate_P(PGM_VOID_P pk, size_t size); + bool setPrivateKey_P(PGM_VOID_P pk, size_t size); + + bool loadCACert(Stream& stream, size_t size); + bool loadCertificate(Stream& stream, size_t size); + bool loadPrivateKey(Stream& stream, size_t size); + + void allowSelfSignedCerts(); + + template + bool loadCertificate(TFile& file) { + return loadCertificate(file, file.size()); + } + + template + bool loadPrivateKey(TFile& file) { + return loadPrivateKey(file, file.size()); + } + + template + bool loadCACert(TFile& file) { + return loadCACert(file, file.size()); + } + +friend class WiFiServerSecure; // Needs access to custom constructor below +protected: + // Only called by WiFiServerSecure + WiFiClientSecure(ClientContext* client, bool usePMEM, const uint8_t *rsakey, int rsakeyLen, const uint8_t *cert, int certLen); + +protected: + void _initSSLContext(); + int _connectSSL(const char* hostName); + bool _verifyDN(const char* name); + + std::shared_ptr _ssl = nullptr; +}; + +}; + +#endif //wificlientsecure_h diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecure.h b/libraries/ESP8266WiFi/src/WiFiServerSecure.h index 2f78970a0a..baf5a154d8 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerSecure.h +++ b/libraries/ESP8266WiFi/src/WiFiServerSecure.h @@ -17,27 +17,5 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -#ifndef wifiserversecure_h -#define wifiserversecure_h - -#include "WiFiServer.h" -class WiFiClientSecure; - -class WiFiServerSecure : public WiFiServer { -public: - WiFiServerSecure(IPAddress addr, uint16_t port); - WiFiServerSecure(uint16_t port); - void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); - void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); - virtual ~WiFiServerSecure() {} - WiFiClientSecure available(uint8_t* status = NULL); -private: - bool usePMEM = false; - const uint8_t *rsakey = nullptr; - int rsakeyLen = 0; - const uint8_t *cert = nullptr; - int certLen = 0; -}; - -#endif +#include "WiFiServerSecureAxTLS.h" diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecure.cpp b/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.cpp similarity index 98% rename from libraries/ESP8266WiFi/src/WiFiServerSecure.cpp rename to libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.cpp index ec7c52fa10..4cb3ae5cf3 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerSecure.cpp +++ b/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.cpp @@ -36,6 +36,9 @@ extern "C" { #include "include/ClientContext.h" #include "WiFiServerSecure.h" + +namespace axTLS { + WiFiServerSecure::WiFiServerSecure(IPAddress addr, uint16_t port) : WiFiServer(addr, port) { } @@ -77,3 +80,4 @@ WiFiClientSecure WiFiServerSecure::available(uint8_t* status) return WiFiClientSecure(); } +}; diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.h b/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.h new file mode 100644 index 0000000000..b309eb89ed --- /dev/null +++ b/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.h @@ -0,0 +1,48 @@ +/* + WiFiServerSecure.h - Library for Arduino ESP8266 + Copyright (c) 2017 Earle F. Philhower, III + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#ifndef wifiserversecure_h +#define wifiserversecure_h + +#include "WiFiServer.h" + +namespace axTLS { + +class WiFiClientSecure; + +class WiFiServerSecure : public WiFiServer { +public: + WiFiServerSecure(IPAddress addr, uint16_t port); + WiFiServerSecure(uint16_t port); + void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); + void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); + virtual ~WiFiServerSecure() {} + WiFiClientSecure available(uint8_t* status = NULL); +private: + bool usePMEM = false; + const uint8_t *rsakey = nullptr; + int rsakeyLen = 0; + const uint8_t *cert = nullptr; + int certLen = 0; +}; + +}; + +#endif + From d2412d9c52c20be1be1f9ed79f3eeaa872ff4db5 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 8 Apr 2018 10:54:00 -0700 Subject: [PATCH 08/17] Move BearSSL to its own namespace, too --- libraries/ESP8266WiFi/src/ESP8266WiFi.h | 2 -- libraries/ESP8266WiFi/src/WiFiClientSecure.h | 2 +- .../{WiFiClientBearSSL.cpp => WiFiClientSecureBearSSL.cpp} | 5 ++++- .../src/{WiFiClientBearSSL.h => WiFiClientSecureBearSSL.h} | 5 +++++ libraries/ESP8266WiFi/src/WiFiServerSecure.h | 2 +- .../{WiFiServerBearSSL.cpp => WiFiServerSecureBearSSL.cpp} | 5 ++++- .../src/{WiFiServerBearSSL.h => WiFiServerSecureBearSSL.h} | 6 +++++- 7 files changed, 20 insertions(+), 7 deletions(-) rename libraries/ESP8266WiFi/src/{WiFiClientBearSSL.cpp => WiFiClientSecureBearSSL.cpp} (99%) rename libraries/ESP8266WiFi/src/{WiFiClientBearSSL.h => WiFiClientSecureBearSSL.h} (99%) rename libraries/ESP8266WiFi/src/{WiFiServerBearSSL.cpp => WiFiServerSecureBearSSL.cpp} (98%) rename libraries/ESP8266WiFi/src/{WiFiServerBearSSL.h => WiFiServerSecureBearSSL.h} (97%) diff --git a/libraries/ESP8266WiFi/src/ESP8266WiFi.h b/libraries/ESP8266WiFi/src/ESP8266WiFi.h index 4cb96b9d66..2ff5208a97 100644 --- a/libraries/ESP8266WiFi/src/ESP8266WiFi.h +++ b/libraries/ESP8266WiFi/src/ESP8266WiFi.h @@ -40,8 +40,6 @@ extern "C" { #include "WiFiServer.h" #include "WiFiServerSecure.h" #include "WiFiClientSecure.h" -#include "WiFiServerBearSSL.h" -#include "WiFiClientBearSSL.h" #include "BearSSLHelpers.h" #include "CertStoreBearSSL.h" diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.h b/libraries/ESP8266WiFi/src/WiFiClientSecure.h index 00d6514095..211229ab23 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.h @@ -21,7 +21,7 @@ */ #include "WiFiClientSecureAxTLS.h" - +#include "WiFiClientSecureBearSSL.h" using namespace axTLS; diff --git a/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp similarity index 99% rename from libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp rename to libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp index a50b46702f..89498f8222 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp @@ -33,7 +33,7 @@ extern "C" { #include "debug.h" #include "ESP8266WiFi.h" #include "WiFiClient.h" -#include "WiFiClientBearSSL.h" +#include "WiFiClientSecureBearSSL.h" #include "lwip/opt.h" #include "lwip/ip.h" #include "lwip/tcp.h" @@ -42,6 +42,8 @@ extern "C" { #include "include/ClientContext.h" #include "c_types.h" +namespace BearSSL { + // BearSSL needs a very large stack, larger than the entire ESP8266 Arduino // default one. This shared_pointer is allocated on first use and cleared // on last cleanup, with only one stack no matter how many SSL objects. @@ -1210,3 +1212,4 @@ extern "C" { } }; +}; diff --git a/libraries/ESP8266WiFi/src/WiFiClientBearSSL.h b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h similarity index 99% rename from libraries/ESP8266WiFi/src/WiFiClientBearSSL.h rename to libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h index af56781519..6deadcafc5 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientBearSSL.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h @@ -28,6 +28,8 @@ #include "BearSSLHelpers.h" #include "CertStoreBearSSL.h" +namespace BearSSL { + class WiFiClientBearSSL : public WiFiClient { public: WiFiClientBearSSL(); @@ -172,4 +174,7 @@ class WiFiClientBearSSL : public WiFiClient { // The local copy, only used to enable a reference count std::shared_ptr _local_bearssl_stack; }; + +}; + #endif diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecure.h b/libraries/ESP8266WiFi/src/WiFiServerSecure.h index baf5a154d8..4b88a20916 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerSecure.h +++ b/libraries/ESP8266WiFi/src/WiFiServerSecure.h @@ -18,4 +18,4 @@ */ #include "WiFiServerSecureAxTLS.h" - +#include "WiFiServerSecureBearSSL.h" diff --git a/libraries/ESP8266WiFi/src/WiFiServerBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp similarity index 98% rename from libraries/ESP8266WiFi/src/WiFiServerBearSSL.cpp rename to libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp index b10b759daf..12fadb28d8 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp @@ -34,7 +34,9 @@ extern "C" { #include "lwip/tcp.h" #include "lwip/inet.h" #include "include/ClientContext.h" -#include "WiFiServerBearSSL.h" +#include "WiFiServerSecureBearSSL.h" + +namespace BearSSL { // Only need to call the standard server constructor WiFiServerBearSSL::WiFiServerBearSSL(IPAddress addr, uint16_t port) : WiFiServer(addr, port) { @@ -87,3 +89,4 @@ WiFiClientBearSSL WiFiServerBearSSL::available(uint8_t* status) { return WiFiClientBearSSL(); } +}; diff --git a/libraries/ESP8266WiFi/src/WiFiServerBearSSL.h b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h similarity index 97% rename from libraries/ESP8266WiFi/src/WiFiServerBearSSL.h rename to libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h index 646f79516f..c6562a0028 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerBearSSL.h +++ b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h @@ -21,10 +21,12 @@ #define wifiserverbearssl_h #include "WiFiServer.h" -#include "WiFiClientBearSSL.h" +#include "WiFiClientSecureBearSSL.h" #include "BearSSLHelpers.h" #include +namespace BearSSL { + class WiFiClientBearSSL; class WiFiServerBearSSL : public WiFiServer { @@ -64,5 +66,7 @@ class WiFiServerBearSSL : public WiFiServer { const BearSSLX509List *_client_CA_ta = nullptr; }; +}; + #endif From 65103cf676062e1466d19a35bd576869bc1011cb Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 8 Apr 2018 11:08:14 -0700 Subject: [PATCH 09/17] BearSSL class renamed to standard Client/ServerSecure --- libraries/ESP8266WiFi/src/WiFiClientSecure.h | 3 - .../src/WiFiClientSecureBearSSL.cpp | 80 +++++++++---------- .../ESP8266WiFi/src/WiFiClientSecureBearSSL.h | 12 +-- .../src/WiFiServerSecureBearSSL.cpp | 16 ++-- .../ESP8266WiFi/src/WiFiServerSecureBearSSL.h | 12 +-- 5 files changed, 60 insertions(+), 63 deletions(-) diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.h b/libraries/ESP8266WiFi/src/WiFiClientSecure.h index 211229ab23..fe48943d40 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.h @@ -22,6 +22,3 @@ #include "WiFiClientSecureAxTLS.h" #include "WiFiClientSecureBearSSL.h" - -using namespace axTLS; - diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp index 89498f8222..77698208d1 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp @@ -47,11 +47,11 @@ namespace BearSSL { // BearSSL needs a very large stack, larger than the entire ESP8266 Arduino // default one. This shared_pointer is allocated on first use and cleared // on last cleanup, with only one stack no matter how many SSL objects. -std::shared_ptr WiFiClientBearSSL::_bearssl_stack = nullptr; +std::shared_ptr WiFiClientSecure::_bearssl_stack = nullptr; -void WiFiClientBearSSL::_clear() { +void WiFiClientSecure::_clear() { // TLS handshake may take more than the 5 second default timeout _timeout = 15000; @@ -72,7 +72,7 @@ void WiFiClientBearSSL::_clear() { _oom_err = false; } -void WiFiClientBearSSL::_clearAuthenticationSettings() { +void WiFiClientSecure::_clearAuthenticationSettings() { _use_insecure = false; _use_fingerprint = false; _use_self_signed = false; @@ -81,7 +81,7 @@ void WiFiClientBearSSL::_clearAuthenticationSettings() { } -WiFiClientBearSSL::WiFiClientBearSSL() : WiFiClient() { +WiFiClientSecure::WiFiClientSecure() : WiFiClient() { _clear(); _clearAuthenticationSettings(); _certStore = nullptr; // Don't want to remove cert store on a clear, should be long lived @@ -102,7 +102,7 @@ WiFiClientBearSSL::WiFiClientBearSSL() : WiFiClient() { _local_bearssl_stack = _bearssl_stack; } -WiFiClientBearSSL::~WiFiClientBearSSL() { +WiFiClientSecure::~WiFiClientSecure() { if (_client) { _client->unref(); _client = nullptr; @@ -111,7 +111,7 @@ WiFiClientBearSSL::~WiFiClientBearSSL() { _local_bearssl_stack = nullptr; // Potentially delete it if we're the last SSL object } -WiFiClientBearSSL::WiFiClientBearSSL(ClientContext* client, +WiFiClientSecure::WiFiClientSecure(ClientContext* client, const BearSSLX509List *chain, const BearSSLPrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta) { _clear(); @@ -127,7 +127,7 @@ WiFiClientBearSSL::WiFiClientBearSSL(ClientContext* client, } } -WiFiClientBearSSL::WiFiClientBearSSL(ClientContext *client, +WiFiClientSecure::WiFiClientSecure(ClientContext *client, const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta) { @@ -144,12 +144,12 @@ WiFiClientBearSSL::WiFiClientBearSSL(ClientContext *client, } } -void WiFiClientBearSSL::setClientRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) { +void WiFiClientSecure::setClientRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) { _chain = chain; _sk = sk; } -void WiFiClientBearSSL::setClientECCert(const BearSSLX509List *chain, +void WiFiClientSecure::setClientECCert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk, unsigned allowed_usages, unsigned cert_issuer_key_type) { _chain = chain; _sk = sk; @@ -157,7 +157,7 @@ void WiFiClientBearSSL::setClientECCert(const BearSSLX509List *chain, _cert_issuer_key_type = cert_issuer_key_type; } -void WiFiClientBearSSL::setBufferSizes(int recv, int xmit) { +void WiFiClientSecure::setBufferSizes(int recv, int xmit) { // Following constants taken from bearssl/src/ssl/ssl_engine.c (not exported unfortunately) const int MAX_OUT_OVERHEAD = 85; const int MAX_IN_OVERHEAD = 325; @@ -173,7 +173,7 @@ void WiFiClientBearSSL::setBufferSizes(int recv, int xmit) { _iobuf_out_size = xmit; } -void WiFiClientBearSSL::stop() { +void WiFiClientSecure::stop() { flush(); if (_client) { _client->wait_until_sent(); @@ -183,19 +183,19 @@ void WiFiClientBearSSL::stop() { _freeSSL(); } -void WiFiClientBearSSL::flush() { +void WiFiClientSecure::flush() { (void) _run_until(BR_SSL_SENDAPP); WiFiClient::flush(); } -int WiFiClientBearSSL::connect(IPAddress ip, uint16_t port) { +int WiFiClientSecure::connect(IPAddress ip, uint16_t port) { if (!WiFiClient::connect(ip, port)) { return 0; } return _connectSSL(nullptr); } -int WiFiClientBearSSL::connect(const char* name, uint16_t port) { +int WiFiClientSecure::connect(const char* name, uint16_t port) { IPAddress remote_addr; if (!WiFi.hostByName(name, remote_addr)) { return 0; @@ -206,11 +206,11 @@ int WiFiClientBearSSL::connect(const char* name, uint16_t port) { return _connectSSL(name); } -int WiFiClientBearSSL::connect(const String host, uint16_t port) { +int WiFiClientSecure::connect(const String host, uint16_t port) { return connect(host.c_str(), port); } -void WiFiClientBearSSL::_freeSSL() { +void WiFiClientSecure::_freeSSL() { // These are smart pointers and will free if refcnt==0 _sc = nullptr; _sc_svr = nullptr; @@ -226,11 +226,11 @@ void WiFiClientBearSSL::_freeSSL() { _handshake_done = false; } -bool WiFiClientBearSSL::_clientConnected() { +bool WiFiClientSecure::_clientConnected() { return (_client && _client->state() == ESTABLISHED); } -uint8_t WiFiClientBearSSL::connected() { +uint8_t WiFiClientSecure::connected() { if (_recvapp_len) { return true; } @@ -240,7 +240,7 @@ uint8_t WiFiClientBearSSL::connected() { return false; } -size_t WiFiClientBearSSL::_write(const uint8_t *buf, size_t size, bool pmem) { +size_t WiFiClientSecure::_write(const uint8_t *buf, size_t size, bool pmem) { if (!connected() || !size || !_handshake_done) { return 0; } @@ -267,16 +267,16 @@ size_t WiFiClientBearSSL::_write(const uint8_t *buf, size_t size, bool pmem) { return 0; } -size_t WiFiClientBearSSL::write(const uint8_t *buf, size_t size) { +size_t WiFiClientSecure::write(const uint8_t *buf, size_t size) { return _write(buf, size, false); } -size_t WiFiClientBearSSL::write_P(PGM_P buf, size_t size) { +size_t WiFiClientSecure::write_P(PGM_P buf, size_t size) { return _write((const uint8_t *)buf, size, true); } // We have to manually read and send individual chunks. -size_t WiFiClientBearSSL::write(Stream& stream) { +size_t WiFiClientSecure::write(Stream& stream) { size_t totalSent = 0; size_t countRead; size_t countSent; @@ -298,7 +298,7 @@ size_t WiFiClientBearSSL::write(Stream& stream) { return totalSent; } -int WiFiClientBearSSL::read(uint8_t *buf, size_t size) { +int WiFiClientSecure::read(uint8_t *buf, size_t size) { if (!ctx_present() || !_handshake_done) { return -1; } @@ -325,7 +325,7 @@ int WiFiClientBearSSL::read(uint8_t *buf, size_t size) { return conn ? 0 : -1; // If we're connected, no error but no read. OTW error } -int WiFiClientBearSSL::read() { +int WiFiClientSecure::read() { uint8_t c; if (1 == read(&c, 1)) { return c; @@ -333,7 +333,7 @@ int WiFiClientBearSSL::read() { return -1; } -int WiFiClientBearSSL::available() { +int WiFiClientSecure::available() { if (_recvapp_buf) { return _recvapp_len; // Anything from last call? } @@ -354,7 +354,7 @@ int WiFiClientBearSSL::available() { return 0; } -int WiFiClientBearSSL::peek() { +int WiFiClientSecure::peek() { if (!ctx_present() || !available()) { return -1; } @@ -364,7 +364,7 @@ int WiFiClientBearSSL::peek() { return -1; } -size_t WiFiClientBearSSL::peekBytes(uint8_t *buffer, size_t length) { +size_t WiFiClientSecure::peekBytes(uint8_t *buffer, size_t length) { size_t to_copy = 0; if (!ctx_present()) { return 0; @@ -386,7 +386,7 @@ size_t WiFiClientBearSSL::peekBytes(uint8_t *buffer, size_t length) { combination of both (the combination matches either). When a match is achieved, this function returns 0. On error, it returns -1. */ -int WiFiClientBearSSL::_run_until(unsigned target, bool blocking) { +int WiFiClientSecure::_run_until(unsigned target, bool blocking) { if (!ctx_present()) { return -1; } @@ -492,7 +492,7 @@ int WiFiClientBearSSL::_run_until(unsigned target, bool blocking) { return -1; } -bool WiFiClientBearSSL::_wait_for_handshake() { +bool WiFiClientSecure::_wait_for_handshake() { _handshake_done = false; while (!_handshake_done && _clientConnected()) { int ret = _run_until(BR_SSL_SENDAPP); @@ -712,7 +712,7 @@ extern "C" { } // Installs the appropriate X509 cert validation method for a client connection -bool WiFiClientBearSSL::_installClientX509Validator() { +bool WiFiClientSecure::_installClientX509Validator() { if (_use_insecure || _use_fingerprint || _use_self_signed) { // Use common insecure x509 authenticator _x509_insecure = std::make_shared(); @@ -757,7 +757,7 @@ bool WiFiClientBearSSL::_installClientX509Validator() { // Called by connect() to do the actual SSL setup and handshake. // Returns if the SSL handshake succeeded. -bool WiFiClientBearSSL::_connectSSL(const char* hostName) { +bool WiFiClientSecure::_connectSSL(const char* hostName) { _freeSSL(); _oom_err = false; @@ -800,7 +800,7 @@ bool WiFiClientBearSSL::_connectSSL(const char* hostName) { // Slightly different X509 setup for servers who want to validate client // certificates, so factor it out as it's used in RSA and EC servers. -bool WiFiClientBearSSL::_installServerX509Validator(const BearSSLX509List *client_CA_ta) { +bool WiFiClientSecure::_installServerX509Validator(const BearSSLX509List *client_CA_ta) { if (client_CA_ta) { _ta = client_CA_ta; // X509 minimal validator. Checks dates, cert chain for trusted CA, etc. @@ -827,7 +827,7 @@ bool WiFiClientBearSSL::_installServerX509Validator(const BearSSLX509List *clien } // Called by WiFiServerBearSSL when an RSA cert/key is specified. -bool WiFiClientBearSSL::_connectSSLServerRSA(const BearSSLX509List *chain, +bool WiFiClientSecure::_connectSSLServerRSA(const BearSSLX509List *chain, const BearSSLPrivateKey *sk, const BearSSLX509List *client_CA_ta) { _freeSSL(); @@ -857,7 +857,7 @@ bool WiFiClientBearSSL::_connectSSLServerRSA(const BearSSLX509List *chain, } // Called by WiFiServerBearSSL when an elliptic curve cert/key is specified. -bool WiFiClientBearSSL::_connectSSLServerEC(const BearSSLX509List *chain, +bool WiFiClientSecure::_connectSSLServerEC(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk, const BearSSLX509List *client_CA_ta) { _freeSSL(); @@ -889,7 +889,7 @@ bool WiFiClientBearSSL::_connectSSLServerEC(const BearSSLX509List *chain, // Returns an error ID and possibly a string (if dest != null) of the last // BearSSL reported error. -int WiFiClientBearSSL::getLastSSLError(char *dest, size_t len) { +int WiFiClientSecure::getLastSSLError(char *dest, size_t len) { int err = 0; const char *t = PSTR("OK"); if (_sc || _sc_svr) { @@ -967,16 +967,16 @@ int WiFiClientBearSSL::getLastSSLError(char *dest, size_t len) { return err; } -bool WiFiClientBearSSL::probeMaxFragmentLength(const char* name, uint16_t port, uint16_t len) { +bool WiFiClientSecure::probeMaxFragmentLength(const char* name, uint16_t port, uint16_t len) { IPAddress remote_addr; if (!WiFi.hostByName(name, remote_addr)) { return false; } - return WiFiClientBearSSL::probeMaxFragmentLength(remote_addr, port, len); + return WiFiClientSecure::probeMaxFragmentLength(remote_addr, port, len); } -bool WiFiClientBearSSL::probeMaxFragmentLength(const String host, uint16_t port, uint16_t len) { - return WiFiClientBearSSL::probeMaxFragmentLength(host.c_str(), port, len); +bool WiFiClientSecure::probeMaxFragmentLength(const String host, uint16_t port, uint16_t len) { + return WiFiClientSecure::probeMaxFragmentLength(host.c_str(), port, len); } @@ -1012,7 +1012,7 @@ static bool _SendAbort(WiFiClient& probe, bool supportsLen) { // TODO - Check the type of returned extensions and that the MFL is the exact // same one we sent. Not critical as only horribly broken servers would // return changed or add their own extensions. -bool WiFiClientBearSSL::probeMaxFragmentLength(IPAddress ip, uint16_t port, uint16_t len) { +bool WiFiClientSecure::probeMaxFragmentLength(IPAddress ip, uint16_t port, uint16_t len) { // Hardcoded TLS 1.2 packets used throughout static const uint8_t clientHelloHead_P[] PROGMEM = { 0x16, 0x03, 0x03, 0x00, 0, // TLS header, change last 2 bytes to len diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h index 6deadcafc5..aeb374b170 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h @@ -30,10 +30,10 @@ namespace BearSSL { -class WiFiClientBearSSL : public WiFiClient { +class WiFiClientSecure : public WiFiClient { public: - WiFiClientBearSSL(); - ~WiFiClientBearSSL() override; + WiFiClientSecure(); + ~WiFiClientSecure() override; int connect(IPAddress ip, uint16_t port) override; int connect(const String host, uint16_t port) override; @@ -152,10 +152,10 @@ class WiFiClientBearSSL : public WiFiClient { unsigned _cert_issuer_key_type; // Methods for handling server.available() call which returns a client connection. - friend class WiFiServerBearSSL; // Server needs to access these constructors - WiFiClientBearSSL(ClientContext *client, const BearSSLX509List *chain, unsigned cert_issuer_key_type, + friend class WiFiServerSecure; // Server needs to access these constructors + WiFiClientSecure(ClientContext *client, const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta); - WiFiClientBearSSL(ClientContext* client, const BearSSLX509List *chain, const BearSSLPrivateKey *sk, + WiFiClientSecure(ClientContext* client, const BearSSLX509List *chain, const BearSSLPrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta); // RSA keyed server diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp index 12fadb28d8..0c367a37f4 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp @@ -39,23 +39,23 @@ extern "C" { namespace BearSSL { // Only need to call the standard server constructor -WiFiServerBearSSL::WiFiServerBearSSL(IPAddress addr, uint16_t port) : WiFiServer(addr, port) { +WiFiServerSecure::WiFiServerSecure(IPAddress addr, uint16_t port) : WiFiServer(addr, port) { } // Only need to call the standard server constructor -WiFiServerBearSSL::WiFiServerBearSSL(uint16_t port) : WiFiServer(port) { +WiFiServerSecure::WiFiServerSecure(uint16_t port) : WiFiServer(port) { } // Specify a RSA-signed certificate and key for the server. Only copies the pointer, the // caller needs to preserve this chain and key for the life of the object. -void WiFiServerBearSSL::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) { +void WiFiServerSecure::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) { _chain = chain; _sk = sk; } // Specify a EC-signed certificate and key for the server. Only copies the pointer, the // caller needs to preserve this chain and key for the life of the object. -void WiFiServerBearSSL::setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk) { +void WiFiServerSecure::setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk) { _chain = chain; _cert_issuer_key_type = cert_issuer_key_type; _sk = sk; @@ -63,17 +63,17 @@ void WiFiServerBearSSL::setECCert(const BearSSLX509List *chain, unsigned cert_is // Return a client if there's an available connection waiting. If one is returned, // then any validation (i.e. client cert checking) will have succeeded. -WiFiClientBearSSL WiFiServerBearSSL::available(uint8_t* status) { +WiFiClientSecure WiFiServerSecure::available(uint8_t* status) { (void) status; // Unused if (_unclaimed) { if (_sk && _sk->isRSA()) { - WiFiClientBearSSL result(_unclaimed, _chain, _sk, _iobuf_in_size, _iobuf_out_size, _client_CA_ta); + WiFiClientSecure result(_unclaimed, _chain, _sk, _iobuf_in_size, _iobuf_out_size, _client_CA_ta); _unclaimed = _unclaimed->next(); result.setNoDelay(_noDelay); DEBUGV("WS:av\r\n"); return result; } else if (_sk && _sk->isEC()) { - WiFiClientBearSSL result(_unclaimed, _chain, _cert_issuer_key_type, _sk, _iobuf_in_size, _iobuf_out_size, _client_CA_ta); + WiFiClientSecure result(_unclaimed, _chain, _cert_issuer_key_type, _sk, _iobuf_in_size, _iobuf_out_size, _client_CA_ta); _unclaimed = _unclaimed->next(); result.setNoDelay(_noDelay); DEBUGV("WS:av\r\n"); @@ -86,7 +86,7 @@ WiFiClientBearSSL WiFiServerBearSSL::available(uint8_t* status) { // Something weird, return a no-op object optimistic_yield(1000); - return WiFiClientBearSSL(); + return WiFiClientSecure(); } }; diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h index c6562a0028..8d55303e50 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h +++ b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h @@ -27,13 +27,13 @@ namespace BearSSL { -class WiFiClientBearSSL; +class WiFiClientSecure; -class WiFiServerBearSSL : public WiFiServer { +class WiFiServerSecure : public WiFiServer { public: - WiFiServerBearSSL(IPAddress addr, uint16_t port); - WiFiServerBearSSL(uint16_t port); - virtual ~WiFiServerBearSSL() {} + WiFiServerSecure(IPAddress addr, uint16_t port); + WiFiServerSecure(uint16_t port); + virtual ~WiFiServerSecure() {} // Override the default buffer sizes, if you know what you're doing... void setBufferSizes(int recv, int xmit) { @@ -55,7 +55,7 @@ class WiFiServerBearSSL : public WiFiServer { } // If awaiting connection available and authenticated (i.e. client cert), return it. - WiFiClientBearSSL available(uint8_t* status = NULL); + WiFiClientSecure available(uint8_t* status = NULL); private: const BearSSLX509List *_chain = nullptr; From 99870191c25bbda9809656ded170c827d133dde2 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 8 Apr 2018 11:20:27 -0700 Subject: [PATCH 10/17] Make BearSSLServer source compatible with axTLS code Locally generate and destroy the cert and keys from passed in DERs in the server, allows servers to run w/o any changes. --- .../src/WiFiServerSecureBearSSL.cpp | 27 +++++++++++++++++++ .../ESP8266WiFi/src/WiFiServerSecureBearSSL.h | 8 ++++-- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp index 0c367a37f4..e7c3321bf8 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp @@ -46,6 +46,14 @@ WiFiServerSecure::WiFiServerSecure(IPAddress addr, uint16_t port) : WiFiServer(a WiFiServerSecure::WiFiServerSecure(uint16_t port) : WiFiServer(port) { } +// Destructor only checks if we need to delete compatibilty cert/key +WiFiServerSecure::~WiFiServerSecure() { + if (_deleteChainAndKey) { + delete _chain; + delete _sk; + } +} + // Specify a RSA-signed certificate and key for the server. Only copies the pointer, the // caller needs to preserve this chain and key for the life of the object. void WiFiServerSecure::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) { @@ -89,4 +97,23 @@ WiFiClientSecure WiFiServerSecure::available(uint8_t* status) { return WiFiClientSecure(); } + +void WiFiServerSecure::setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen) { + BearSSLX509List *chain = new BearSSLX509List(cert, certLen); + BearSSLPrivateKey *sk = new BearSSLPrivateKey(key, keyLen); + if (!chain || !key) { + // OOM, fail gracefully + delete chain; + delete sk; + return; + } + _deleteChainAndKey = true; + setRSACert(chain, sk); +} + +void WiFiServerSecure::setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen) { + setServerKeyAndCert(key, keyLen, cert, certLen); +} + + }; diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h index 8d55303e50..0f165d2f40 100644 --- a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h +++ b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h @@ -33,7 +33,7 @@ class WiFiServerSecure : public WiFiServer { public: WiFiServerSecure(IPAddress addr, uint16_t port); WiFiServerSecure(uint16_t port); - virtual ~WiFiServerSecure() {} + virtual ~WiFiServerSecure(); // Override the default buffer sizes, if you know what you're doing... void setBufferSizes(int recv, int xmit) { @@ -57,6 +57,10 @@ class WiFiServerSecure : public WiFiServer { // If awaiting connection available and authenticated (i.e. client cert), return it. WiFiClientSecure available(uint8_t* status = NULL); + // Compatibility with axTLS interface + void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); + void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); + private: const BearSSLX509List *_chain = nullptr; unsigned _cert_issuer_key_type = 0; @@ -64,9 +68,9 @@ class WiFiServerSecure : public WiFiServer { int _iobuf_in_size = BR_SSL_BUFSIZE_INPUT; int _iobuf_out_size = 837; const BearSSLX509List *_client_CA_ta = nullptr; + bool _deleteChainAndKey = false; }; }; #endif - From d317be27f28cf6299c50a83efdd018c9962ea8d9 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 8 Apr 2018 12:23:27 -0700 Subject: [PATCH 11/17] Add axTLS compatible wrappers to BearSSL Client --- .../src/WiFiClientSecureBearSSL.cpp | 83 +++++++++++++++++++ .../ESP8266WiFi/src/WiFiClientSecureBearSSL.h | 35 ++++++++ 2 files changed, 118 insertions(+) diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp index 77698208d1..f0e194bf9a 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp @@ -70,6 +70,7 @@ void WiFiClientSecure::_clear() { _recvapp_buf = nullptr; _recvapp_len = 0; _oom_err = false; + _deleteChainKeyTA = false; } void WiFiClientSecure::_clearAuthenticationSettings() { @@ -109,6 +110,11 @@ WiFiClientSecure::~WiFiClientSecure() { } _freeSSL(); _local_bearssl_stack = nullptr; // Potentially delete it if we're the last SSL object + if (_deleteChainKeyTA) { + delete _ta; + delete _chain; + delete _sk; + } } WiFiClientSecure::WiFiClientSecure(ClientContext* client, @@ -1166,6 +1172,83 @@ bool WiFiClientSecure::probeMaxFragmentLength(IPAddress ip, uint16_t port, uint1 } +// AXTLS compatibility interfaces +bool WiFiClientSecure::setCACert(const uint8_t* pk, size_t size) { + if (_ta && _deleteChainKeyTA) { + delete _ta; + _ta = nullptr; + } + _ta = new BearSSLX509List(pk, size); + _deleteChainKeyTA = true; + return _ta ? true : false; +} + +bool WiFiClientSecure::setCertificate(const uint8_t* pk, size_t size) { + if (_chain && _deleteChainKeyTA) { + delete _chain; + _chain = nullptr; + } + _chain = new BearSSLX509List(pk, size); + _deleteChainKeyTA = true; + return _chain ? true : false; +} + +bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size) { + if (_sk && _deleteChainKeyTA) { + delete _sk; + _sk = nullptr; + } + _sk = new BearSSLPrivateKey(pk, size); + _deleteChainKeyTA = true; + return _sk ? true : false; + +} + +uint8_t *WiFiClientSecure::_streamLoad(Stream& stream, size_t size) { + uint8_t *dest = (uint8_t*)malloc(size); + if (!dest) { + return nullptr; + } + if (size != stream.readBytes(dest, size)) { + free(dest); + return nullptr; + } + return dest; +} + +bool WiFiClientSecure::loadCACert(Stream& stream, size_t size) { + uint8_t *dest = _streamLoad(stream, size); + bool ret = false; + if (dest) { + ret = setCACert(dest, size); + } + free(dest); + return ret; +} + +bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size) { + uint8_t *dest = _streamLoad(stream, size); + bool ret = false; + if (dest) { + ret = setCertificate(dest, size); + } + free(dest); + return ret; +} + +bool WiFiClientSecure::loadPrivateKey(Stream& stream, size_t size) { + uint8_t *dest = _streamLoad(stream, size); + bool ret = false; + if (dest) { + ret = setPrivateKey(dest, size); + } + free(dest); + return ret; +} + + + + // Debug printout helpers for BearSSL library when libbearssl.a is compiled in debug mode // This is really only for debugging the core BearSSL library itself, and not the IDE // SSL debugging which should focus on the WiFiClientBearSSL objects. diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h index aeb374b170..9f23f5924e 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h @@ -104,6 +104,36 @@ class WiFiClientSecure : public WiFiClient { static bool probeMaxFragmentLength(const char *hostname, uint16_t port, uint16_t len); static bool probeMaxFragmentLength(const String host, uint16_t port, uint16_t len); + // AXTLS compatbile wrappers + bool verify(const char* fingerprint, const char* domain_name) { (void) fingerprint; (void) domain_name; return false; } // Can't handle this case, need app code changes + bool verifyCertChain(const char* domain_name) { (void)domain_name; return connected(); } // If we're connected, the cert passed validation during handshake + + bool setCACert(const uint8_t* pk, size_t size); + bool setCertificate(const uint8_t* pk, size_t size); + bool setPrivateKey(const uint8_t* pk, size_t size); + + bool setCACert_P(PGM_VOID_P pk, size_t size) { return setCACert((const uint8_t *)pk, size); } + bool setCertificate_P(PGM_VOID_P pk, size_t size) { return setCertificate((const uint8_t *)pk, size); } + bool setPrivateKey_P(PGM_VOID_P pk, size_t size) { return setPrivateKey((const uint8_t *)pk, size); } + + bool loadCACert(Stream& stream, size_t size); + bool loadCertificate(Stream& stream, size_t size); + bool loadPrivateKey(Stream& stream, size_t size); + + template + bool loadCertificate(TFile& file) { + return loadCertificate(file, file.size()); + } + + template + bool loadPrivateKey(TFile& file) { + return loadPrivateKey(file, file.size()); + } + + template + bool loadCACert(TFile& file) { + return loadCACert(file, file.size()); + } private: void _clear(); @@ -168,6 +198,11 @@ class WiFiClientSecure : public WiFiClient { bool _installClientX509Validator(); // Set up X509 validator for a client conn. bool _installServerX509Validator(const BearSSLX509List *client_CA_ta); // Setup X509 client cert validation, if supplied + uint8_t *_streamLoad(Stream& stream, size_t size); + + // AXTLS compatible mode needs to delete the stored certs and keys on destruction + bool _deleteChainKeyTA; + private: // Single memory buffer used for BearSSL auxilliary stack, insead of growing main Arduino stack for all apps static std::shared_ptr _bearssl_stack; From 35ccf9430097db69c36984874b341da454f64ee2 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 8 Apr 2018 12:34:47 -0700 Subject: [PATCH 12/17] Update examples to hardcode BearSSL namespace --- .../BearSSL_CertStore/BearSSL_CertStore.ino | 6 +++--- .../BearSSL_MaxFragmentLength.ino | 6 +++--- .../examples/BearSSL_Server/BearSSL_Server.ino | 4 ++-- .../BearSSL_ServerClientCert.ino | 4 ++-- .../BearSSL_Validation/BearSSL_Validation.ino | 14 +++++++------- libraries/ESP8266WiFi/src/WiFiClientSecure.h | 3 +++ 6 files changed, 20 insertions(+), 17 deletions(-) diff --git a/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino b/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino index ffde679224..50246a9b31 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino @@ -61,7 +61,7 @@ void setClock() { } // Try and connect using a WiFiClientBearSSL to specified host:port and dump URL -void fetchURL(WiFiClientBearSSL *client, const char *host, const uint16_t port, const char *path) { +void fetchURL(BearSSL::WiFiClientSecure *client, const char *host, const uint16_t port, const char *path) { if (!path) { path = "/"; } @@ -133,7 +133,7 @@ void setup() { return; // Can't connect to anything w/o certs! } - WiFiClientBearSSL *bear = new WiFiClientBearSSL(); + BearSSL::WiFiClientSecure *bear = new BearSSL::WiFiClientSecure(); // Integrate the cert store with this connection bear->setCertStore(&certStore); Serial.printf("Attempting to fetch https://www.github.com/...\n"); @@ -149,7 +149,7 @@ void loop() { } while (site == ""); Serial.printf("https://%s/\n", site.c_str()); - WiFiClientBearSSL *bear = new WiFiClientBearSSL(); + BearSSL::WiFiClientSecure *bear = new BearSSL::WiFiClientSecure(); // Integrate the cert store with this connection bear->setCertStore(&certStore); fetchURL(bear, site.c_str(), 443, "/"); diff --git a/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino b/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino index c9375c1f00..e0d4541f72 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino @@ -9,7 +9,7 @@ const char *ssid = "...."; const char *pass = "...."; -void fetch(WiFiClientBearSSL *client) { +void fetch(BearSSL::WiFiClientSecure *client) { client->write("GET / HTTP/1.0\r\nHost: tls.mbed.org\r\nUser-Agent: ESP8266\r\n\r\n"); client->flush(); uint32_t to = millis() + 5000; @@ -33,7 +33,7 @@ int fetchNoMaxFragmentLength() { Serial.printf("\nConnecting to https://tls.mbed.org\n"); Serial.printf("No MFLN attempted\n"); - WiFiClientBearSSL client; + BearSSL::WiFiClientSecure client; client.setInsecure(); client.connect("tls.mbed.org", 443); if (client.connected()) { @@ -66,7 +66,7 @@ int fetchMaxFragmentLength() { // sizes assuming you can ensure the server never transmits fragments larger // than the size (i.e. by using HTTP GET RANGE methods, etc.). - WiFiClientBearSSL client; + BearSSLWiFiClientSecure client; client.setInsecure(); bool mfln = client.probeMaxFragmentLength("tls.mbed.org", 443, 1024); Serial.printf("\nConnecting to https://tls.mbed.org\n"); diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino b/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino index b49ed3e7d8..8e31c04faa 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino @@ -41,7 +41,7 @@ const char *ssid = "...."; const char *pass = "...."; // The HTTPS server -WiFiServerBearSSL server(443); +BearSSL::WiFiServerSecure server(443); // The server's private key which must be kept secret const char server_private_key[] PROGMEM = R"EOF( @@ -142,7 +142,7 @@ static const char *HTTP_RES = "\r\n"; void loop() { - WiFiClientBearSSL incoming = server.available(); + BearSSL::WiFiClientSecure incoming = server.available(); if (!incoming) { return; } diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino index de6df054da..ecf6ba6139 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino @@ -69,7 +69,7 @@ const char *ssid = "...."; const char *pass = "...."; // The server which will require a client cert signed by the trusted CA -WiFiServerBearSSL server(443); +BearSSL::WiFiServerSecure server(443); // The hardcoded certificate authority for this example. // Don't use it on your own apps!!!!! @@ -222,7 +222,7 @@ static const char *HTTP_RES = "\r\n"; void loop() { - WiFiClientBearSSL incoming = server.available(); + BearSSL::WiFiClientSecure incoming = server.available(); if (!incoming) { return; } diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino b/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino index 2f543ef886..2ef6d102e3 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino @@ -33,7 +33,7 @@ void setClock() { } // Try and connect using a WiFiClientBearSSL to specified host:port and dump HTTP response -void fetchURL(WiFiClientBearSSL *client, const char *host, const uint16_t port, const char *path) { +void fetchURL(BearSSL::WiFiClientSecure *client, const char *host, const uint16_t port, const char *path) { if (!path) { path = "/"; } @@ -80,7 +80,7 @@ void fetchNoConfig() { If there are no CAs or insecure options specified, BearSSL will not connect. Expect the following call to fail as none have been configured. )EOF"); - WiFiClientBearSSL client; + BearSSL::WiFiClientSecure client; fetchURL(&client, host, port, path); } @@ -90,7 +90,7 @@ This is absolutely *insecure*, but you can tell BearSSL not to check the certificate of the server. In this mode it will accept ANY certificate, which is subject to man-in-the-middle (MITM) attacks. )EOF"); - WiFiClientBearSSL client; + BearSSL::WiFiClientSecure client; client.setInsecure(); fetchURL(&client, host, port, path); } @@ -101,7 +101,7 @@ The SHA-1 fingerprint of an X.509 certificate can be used to validate it instead of the while certificate. This is not nearly as secure as real X.509 validation, but is better than nothing. )EOF"); - WiFiClientBearSSL client; + BearSSL::WiFiClientSecure client; const uint8_t fp[20] = {0x35, 0x85, 0x74, 0xEF, 0x67, 0x35, 0xA7, 0xCE, 0x40, 0x69, 0x50, 0xF3, 0xC0, 0xF6, 0x80, 0xCF, 0x80, 0x3B, 0x2E, 0x19}; client.setFingerprint(fp); fetchURL(&client, host, port, path); @@ -112,7 +112,7 @@ void fetchSelfSigned() { It is also possible to accept *any* self-signed certificate. This is absolutely insecure as anyone can make a self-signed certificate. )EOF"); - WiFiClientBearSSL client; + BearSSL::WiFiClientSecure client; Serial.printf("First, try and connect to a badssl.com self-signed website (will fail):\n"); fetchURL(&client, "self-signed.badssl.com", 443, "/"); Serial.printf("Now we'll enable self-signed certs (will pass)\n"); @@ -140,7 +140,7 @@ YA07oFWmuSOalgh00Wh8PUjuRGrcNxWpmgfALQHHFYgoDcD+a8+GoJk+GdJd3ong ZQIDAQAB -----END PUBLIC KEY----- )KEY"; - WiFiClientBearSSL client; + BearSSL::WiFiClientSecure client; BearSSLPublicKey key(pubkey); client.setKnownKey(&key); fetchURL(&client, host, port, path); @@ -182,7 +182,7 @@ can also be used. ESP8266 time needs to be valid for checks to pass as BearSSL does verify the notValidBefore/After fields. )EOF"); - WiFiClientBearSSL client; + BearSSL::WiFiClientSecure client; BearSSLX509List cert(digicert); client.setTrustAnchors(&cert); Serial.printf("Try validating without setting the time (should fail)\n"); diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.h b/libraries/ESP8266WiFi/src/WiFiClientSecure.h index fe48943d40..6d1d4df845 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.h @@ -22,3 +22,6 @@ #include "WiFiClientSecureAxTLS.h" #include "WiFiClientSecureBearSSL.h" + +using namespace axTLS; +// using namespace BearSSL; From 50e780aa2c5892e998bc9c2aff707488ec79f238 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 8 Apr 2018 13:07:41 -0700 Subject: [PATCH 13/17] Migrate ESP8266WebServerBearSSL to ServerSecure Use same method as the secure client/server, move the SSL servers to namespaces and add a compatibility methos on the BearSSL so one can be exchanged for the other without code changes. Also fix ESP8266HTTPClient to work with new namespaces. --- .../src/ESP8266HTTPClient.cpp | 6 +- .../SecureBearSSLUpdater.ino | 4 +- .../HelloServerBearSSL/HelloServerBearSSL.ino | 4 +- .../src/ESP8266WebServerSecure.h | 42 +----------- ...re.cpp => ESP8266WebServerSecureAxTLS.cpp} | 3 + .../src/ESP8266WebServerSecureAxTLS.h | 64 +++++++++++++++++++ ....cpp => ESP8266WebServerSecureBearSSL.cpp} | 38 +++++++---- ...rSSL.h => ESP8266WebServerSecureBearSSL.h} | 22 ++++--- .../BearSSL_MaxFragmentLength.ino | 2 +- 9 files changed, 116 insertions(+), 69 deletions(-) rename libraries/ESP8266WebServer/src/{ESP8266WebServerSecure.cpp => ESP8266WebServerSecureAxTLS.cpp} (99%) create mode 100644 libraries/ESP8266WebServer/src/ESP8266WebServerSecureAxTLS.h rename libraries/ESP8266WebServer/src/{ESP8266WebServerBearSSL.cpp => ESP8266WebServerSecureBearSSL.cpp} (76%) rename libraries/ESP8266WebServer/src/{ESP8266WebServerBearSSL.h => ESP8266WebServerSecureBearSSL.h} (77%) diff --git a/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp b/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp index 676cdf33e8..28a3503484 100644 --- a/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp +++ b/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp @@ -60,12 +60,12 @@ class TLSTraits : public TransportTraits std::unique_ptr create() override { - return std::unique_ptr(new WiFiClientSecure()); + return std::unique_ptr(new axTLS::WiFiClientSecure()); } bool verify(WiFiClient& client, const char* host) override { - auto wcs = static_cast(client); + auto wcs = static_cast(client); return wcs.verify(_fingerprint.c_str(), host); } @@ -83,7 +83,7 @@ class BearSSLTraits : public TransportTraits std::unique_ptr create() override { - WiFiClientBearSSL *client = new WiFiClientBearSSL(); + BearSSL::WiFiClientSecure *client = new BearSSL::WiFiClientSecure(); client->setFingerprint(_fingerprint); return std::unique_ptr(client); } diff --git a/libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino b/libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino index 994fdb5fa1..1a230fca57 100644 --- a/libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino +++ b/libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino @@ -15,7 +15,7 @@ #include #include -#include +#include #include #include @@ -26,7 +26,7 @@ const char* update_password = "admin"; const char* ssid = "........"; const char* password = "........"; -ESP8266WebServerBearSSL httpServer(443); +BearSSL::ESP8266WebServerSecure httpServer(443); ESP8266HTTPUpdateServer httpUpdater; static const char serverCert[] PROGMEM = R"EOF( diff --git a/libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino b/libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino index b041f53997..acc466c77d 100644 --- a/libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino +++ b/libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino @@ -11,13 +11,13 @@ */ #include #include -#include +#include #include const char* ssid = "...."; const char* password = "...."; -ESP8266WebServerBearSSL server(443); +BearSSL::ESP8266WebServerSecure server(443); static const char serverCert[] PROGMEM = R"EOF( -----BEGIN CERTIFICATE----- diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h b/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h index 730860324a..fa248c1f1f 100644 --- a/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h +++ b/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h @@ -19,43 +19,5 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -#ifndef ESP8266WEBSERVERSECURE_H -#define ESP8266WEBSERVERSECURE_H - -#include -#include - -class ESP8266WebServerSecure : public ESP8266WebServer -{ -public: - ESP8266WebServerSecure(IPAddress addr, int port = 443); - ESP8266WebServerSecure(int port = 443); - virtual ~ESP8266WebServerSecure(); - - void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); - void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); - - WiFiClient client() override { return _currentClientSecure; } - - void begin() override; - void handleClient() override; - void close() override; - - template - size_t streamFile(T &file, const String& contentType) { - _streamFileCore(file.size(), file.name(), contentType); - return _currentClientSecure.write(file); - } - -private: - size_t _currentClientWrite (const char *bytes, size_t len) override { return _currentClientSecure.write((const uint8_t *)bytes, len); } - size_t _currentClientWrite_P (PGM_P bytes, size_t len) override { return _currentClientSecure.write_P(bytes, len); } - -protected: - WiFiServerSecure _serverSecure; - WiFiClientSecure _currentClientSecure; -}; - - -#endif //ESP8266WEBSERVERSECURE_H +#include "ESP8266WebServerSecureAxTLS.h" +#include "ESP8266WebServerSecureBearSSL.h" diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.cpp b/libraries/ESP8266WebServer/src/ESP8266WebServerSecureAxTLS.cpp similarity index 99% rename from libraries/ESP8266WebServer/src/ESP8266WebServerSecure.cpp rename to libraries/ESP8266WebServer/src/ESP8266WebServerSecureAxTLS.cpp index 21922497ab..fb62b75ef7 100644 --- a/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.cpp +++ b/libraries/ESP8266WebServer/src/ESP8266WebServerSecureAxTLS.cpp @@ -34,6 +34,8 @@ #define DEBUG_OUTPUT Serial #endif +namespace axTLS { + ESP8266WebServerSecure::ESP8266WebServerSecure(IPAddress addr, int port) : _serverSecure(addr, port) { @@ -144,3 +146,4 @@ void ESP8266WebServerSecure::close() { _serverSecure.close(); } +}; diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServerSecureAxTLS.h b/libraries/ESP8266WebServer/src/ESP8266WebServerSecureAxTLS.h new file mode 100644 index 0000000000..abc351ea43 --- /dev/null +++ b/libraries/ESP8266WebServer/src/ESP8266WebServerSecureAxTLS.h @@ -0,0 +1,64 @@ +/* + ESP8266WebServerSecure.h - Dead simple HTTPS web-server. + Supports only one simultaneous client, knows how to handle GET and POST. + + Copyright (c) 2017 Earle F. Philhower, III. All rights reserved. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + + +#ifndef ESP8266WEBSERVERSECURE_H +#define ESP8266WEBSERVERSECURE_H + +#include +#include + +namespace axTLS { + +class ESP8266WebServerSecure : public ESP8266WebServer +{ +public: + ESP8266WebServerSecure(IPAddress addr, int port = 443); + ESP8266WebServerSecure(int port = 443); + virtual ~ESP8266WebServerSecure(); + + void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); + void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); + + WiFiClient client() override { return _currentClientSecure; } + + void begin() override; + void handleClient() override; + void close() override; + + template + size_t streamFile(T &file, const String& contentType) { + _streamFileCore(file.size(), file.name(), contentType); + return _currentClientSecure.write(file); + } + +private: + size_t _currentClientWrite (const char *bytes, size_t len) override { return _currentClientSecure.write((const uint8_t *)bytes, len); } + size_t _currentClientWrite_P (PGM_P bytes, size_t len) override { return _currentClientSecure.write_P(bytes, len); } + +protected: + WiFiServerSecure _serverSecure; + WiFiClientSecure _currentClientSecure; +}; + +}; + +#endif //ESP8266WEBSERVERSECURE_H diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.cpp b/libraries/ESP8266WebServer/src/ESP8266WebServerSecureBearSSL.cpp similarity index 76% rename from libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.cpp rename to libraries/ESP8266WebServer/src/ESP8266WebServerSecureBearSSL.cpp index 9fb5474619..63ab49ceb6 100644 --- a/libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.cpp +++ b/libraries/ESP8266WebServer/src/ESP8266WebServerSecureBearSSL.cpp @@ -25,7 +25,7 @@ #include #include "WiFiServer.h" #include "WiFiClient.h" -#include "ESP8266WebServerBearSSL.h" +#include "ESP8266WebServerSecureBearSSL.h" //#define DEBUG_ESP_HTTP_SERVER #ifdef DEBUG_ESP_PORT @@ -34,33 +34,34 @@ #define DEBUG_OUTPUT Serial #endif -ESP8266WebServerBearSSL::ESP8266WebServerBearSSL(IPAddress addr, int port) +namespace BearSSL { + +ESP8266WebServerSecure::ESP8266WebServerSecure(IPAddress addr, int port) : _serverSecure(addr, port) { } -ESP8266WebServerBearSSL::ESP8266WebServerBearSSL(int port) +ESP8266WebServerSecure::ESP8266WebServerSecure(int port) : _serverSecure(port) { } - -void ESP8266WebServerBearSSL::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) +void ESP8266WebServerSecure::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk) { _serverSecure.setRSACert(chain, sk); } -void ESP8266WebServerBearSSL::setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk) +void ESP8266WebServerSecure::setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk) { _serverSecure.setECCert(chain, cert_issuer_key_type, sk); } -void ESP8266WebServerBearSSL::setBufferSizes(int recv, int xmit) +void ESP8266WebServerSecure::setBufferSizes(int recv, int xmit) { _serverSecure.setBufferSizes(recv, xmit); } -ESP8266WebServerBearSSL::~ESP8266WebServerBearSSL() { +ESP8266WebServerSecure::~ESP8266WebServerSecure() { // Nothing to do here. // Base class's destructor will be called to clean up itself } @@ -73,16 +74,16 @@ ESP8266WebServerBearSSL::~ESP8266WebServerBearSSL() { // to know the size of memory to allocate on the stack for this local variable // there's not realy anything else it could do). -void ESP8266WebServerBearSSL::begin() { +void ESP8266WebServerSecure::begin() { _currentStatus = HC_NONE; _serverSecure.begin(); if(!_headerKeysCount) collectHeaders(0, 0); } -void ESP8266WebServerBearSSL::handleClient() { +void ESP8266WebServerSecure::handleClient() { if (_currentStatus == HC_NONE) { - WiFiClientBearSSL client = _serverSecure.available(); + BearSSL::WiFiClientSecure client = _serverSecure.available(); if (!client) { return; } @@ -135,7 +136,7 @@ void ESP8266WebServerBearSSL::handleClient() { } if (!keepCurrentClient) { - _currentClientSecure = WiFiClientBearSSL(); + _currentClientSecure = BearSSL::WiFiClientSecure(); _currentStatus = HC_NONE; _currentUpload.reset(); } @@ -145,9 +146,20 @@ void ESP8266WebServerBearSSL::handleClient() { } } -void ESP8266WebServerBearSSL::close() { +void ESP8266WebServerSecure::close() { _currentClientSecure.flush(); _currentClientSecure.stop(); _serverSecure.close(); } + +void ESP8266WebServerSecure::setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen) { + _serverSecure.setServerKeyAndCert_P(key, keyLen, cert, certLen); +} + +void ESP8266WebServerSecure::setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen) +{ + _serverSecure.setServerKeyAndCert(key, keyLen, cert, certLen); +} + +}; diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.h b/libraries/ESP8266WebServer/src/ESP8266WebServerSecureBearSSL.h similarity index 77% rename from libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.h rename to libraries/ESP8266WebServer/src/ESP8266WebServerSecureBearSSL.h index 0216a3016d..86785f81b0 100644 --- a/libraries/ESP8266WebServer/src/ESP8266WebServerBearSSL.h +++ b/libraries/ESP8266WebServer/src/ESP8266WebServerSecureBearSSL.h @@ -25,14 +25,16 @@ #include #include -#include +#include -class ESP8266WebServerBearSSL : public ESP8266WebServer +namespace BearSSL { + +class ESP8266WebServerSecure : public ESP8266WebServer { public: - ESP8266WebServerBearSSL(IPAddress addr, int port = 443); - ESP8266WebServerBearSSL(int port = 443); - virtual ~ESP8266WebServerBearSSL(); + ESP8266WebServerSecure(IPAddress addr, int port = 443); + ESP8266WebServerSecure(int port = 443); + virtual ~ESP8266WebServerSecure(); void setBufferSizes(int recv, int xmit); void setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk); @@ -50,14 +52,18 @@ class ESP8266WebServerBearSSL : public ESP8266WebServer return _currentClientSecure.write(file); } + // AXTLS Compatibility + void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); + void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen); + private: size_t _currentClientWrite (const char *bytes, size_t len) override { return _currentClientSecure.write((const uint8_t *)bytes, len); } size_t _currentClientWrite_P (PGM_P bytes, size_t len) override { return _currentClientSecure.write_P(bytes, len); } protected: - WiFiServerBearSSL _serverSecure; - WiFiClientBearSSL _currentClientSecure; + BearSSL::WiFiServerSecure _serverSecure; + BearSSL::WiFiClientSecure _currentClientSecure; }; - +}; #endif //ESP8266WEBSERVERSECURE_H diff --git a/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino b/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino index e0d4541f72..c609e085d5 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_MaxFragmentLength/BearSSL_MaxFragmentLength.ino @@ -66,7 +66,7 @@ int fetchMaxFragmentLength() { // sizes assuming you can ensure the server never transmits fragments larger // than the size (i.e. by using HTTP GET RANGE methods, etc.). - BearSSLWiFiClientSecure client; + BearSSL::WiFiClientSecure client; client.setInsecure(); bool mfln = client.probeMaxFragmentLength("tls.mbed.org", 443, 1024); Serial.printf("\nConnecting to https://tls.mbed.org\n"); From bac5c9c70e1f6c3a1d4a8839726aa00924c3bf01 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sun, 8 Apr 2018 15:07:47 -0700 Subject: [PATCH 14/17] Fix linker script to place bearssl in flash The updated linker.h didn't include bearssl.a so the linker tried to place the library in IRAM. Update the ld.h file to make sure it ends up in the right spot (flash). --- tools/sdk/ld/eagle.app.v6.common.ld | 2 +- tools/sdk/ld/eagle.app.v6.common.ld.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/sdk/ld/eagle.app.v6.common.ld b/tools/sdk/ld/eagle.app.v6.common.ld index c81477152e..f0a020f01f 100644 --- a/tools/sdk/ld/eagle.app.v6.common.ld +++ b/tools/sdk/ld/eagle.app.v6.common.ld @@ -92,8 +92,8 @@ SECTIONS *liblwip_src.a:(.literal .text .literal.* .text.*) *liblwip2.a:(.literal .text .literal.* .text.*) *liblwip2_1460.a:(.literal .text .literal.* .text.*) - *libaxtls.a:(.literal .text .literal.* .text.*) *libbearssl.a:(.literal .text .literal.* .text.*) + *libaxtls.a:(.literal .text .literal.* .text.*) *libat.a:(.literal.* .text.*) *libcrypto.a:(.literal.* .text.*) *libespnow.a:(.literal.* .text.*) diff --git a/tools/sdk/ld/eagle.app.v6.common.ld.h b/tools/sdk/ld/eagle.app.v6.common.ld.h index 8b515c7e06..c9f6391378 100644 --- a/tools/sdk/ld/eagle.app.v6.common.ld.h +++ b/tools/sdk/ld/eagle.app.v6.common.ld.h @@ -107,6 +107,7 @@ SECTIONS *liblwip_src.a:(.literal .text .literal.* .text.*) *liblwip2.a:(.literal .text .literal.* .text.*) *liblwip2_1460.a:(.literal .text .literal.* .text.*) + *libbearssl.a:(.literal .text .literal.* .text.*) *libaxtls.a:(.literal .text .literal.* .text.*) *libat.a:(.literal.* .text.*) *libcrypto.a:(.literal.* .text.*) From 6c94e92e2c2c0a52d9fa2b637bd062530c98f9b4 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Wed, 11 Apr 2018 07:55:58 -0700 Subject: [PATCH 15/17] Update per code review, remove old dead #if code --- libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h | 7 +++++-- .../examples/BearSSL_Server/BearSSL_Server.ino | 10 ++++------ .../BearSSL_ServerClientCert.ino | 10 ++++------ libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp | 9 --------- 4 files changed, 13 insertions(+), 23 deletions(-) diff --git a/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h b/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h index c8ddea7b74..72b42853f7 100644 --- a/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h +++ b/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h @@ -133,11 +133,14 @@ class HTTPClient HTTPClient(); ~HTTPClient(); + // Plain HTTP connection, unencrypted bool begin(String url); - bool begin(String url, String httpsFingerprint); - bool begin(String url, const uint8_t httpsFingerprint[20]); bool begin(String host, uint16_t port, String uri = "/"); + // Use axTLS for secure HTTPS connection + bool begin(String url, String httpsFingerprint); bool begin(String host, uint16_t port, String uri, String httpsFingerprint); + // Use BearSSL for secure HTTPS connection + bool begin(String url, const uint8_t httpsFingerprint[20]); bool begin(String host, uint16_t port, String uri, const uint8_t httpsFingerprint[20]); // deprecated, use the overload above instead bool begin(String host, uint16_t port, String uri, bool https, String httpsFingerprint) __attribute__ ((deprecated)); diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino b/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino index 8e31c04faa..6b72a5e23b 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino @@ -153,10 +153,10 @@ void loop() { int lcwn = 0; for (;;) { unsigned char x=0; - if (millis() > timeout) { - goto client_drop; - } else if (incoming.available() && incoming.read(&x, 1) < 0) { - goto client_drop; + if ((millis() > timeout) || (incoming.available() && incoming.read(&x, 1) < 0)) { + incoming.stop(); + Serial.printf("Connection error, closed\n"); + return; } else if (!x) { yield(); continue; @@ -172,8 +172,6 @@ void loop() { } incoming.write((uint8_t*)HTTP_RES, strlen(HTTP_RES)); incoming.flush(); - -client_drop: incoming.stop(); Serial.printf("Connection closed.\n"); } diff --git a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino index ecf6ba6139..9580ef53da 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino @@ -233,10 +233,10 @@ void loop() { int lcwn = 0; for (;;) { unsigned char x=0; - if (millis() > timeout) { - goto client_drop; - } else if (incoming.available() && incoming.read(&x, 1) < 0) { - goto client_drop; + if ((millis() > timeout) || (incoming.available() && incoming.read(&x, 1) < 0)) { + incoming.stop(); + Serial.printf("Connection error, closed\n"); + return; } else if (!x) { yield(); continue; @@ -252,8 +252,6 @@ void loop() { } incoming.write((uint8_t*)HTTP_RES, strlen(HTTP_RES)); incoming.flush(); - -client_drop: incoming.stop(); Serial.printf("Connection closed.\n"); } diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp index f0e194bf9a..e94ad63579 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp @@ -87,18 +87,9 @@ WiFiClientSecure::WiFiClientSecure() : WiFiClient() { _clearAuthenticationSettings(); _certStore = nullptr; // Don't want to remove cert store on a clear, should be long lived if (!_bearssl_stack) { - #if 1 const int stacksize = 4500; // Empirically determined stack for EC and RSA connections _bearssl_stack = std::shared_ptr(new uint8_t[stacksize], std::default_delete()); br_esp8266_stack_proxy_init(_bearssl_stack.get(), stacksize); - #else - // TODO - DANGEROUS - EVIL - // Steal memory from the SYS stack instead of allocating HEAP - const int stacksize = 0x1200; // Empirically determined stack for EC and RSA connections - _bearssl_stack = std::shared_ptr(new uint8_t[1 /* just placeholder, real space is sys_space */], std::default_delete()); - uint8_t *sys_space = (uint8_t*)0x3fffe000; - br_esp8266_stack_proxy_init(sys_space, stacksize); - #endif } _local_bearssl_stack = _bearssl_stack; } From df612f6039ca6c469c0fd8587e817cb4df02d4f9 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Wed, 11 Apr 2018 15:28:27 -0700 Subject: [PATCH 16/17] Add EC public key parsing support --- libraries/ESP8266WiFi/src/BearSSLHelpers.cpp | 19 ++++++++++++++++--- tools/sdk/lib/libbearssl.a | Bin 4279154 -> 4278574 bytes 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp index d964aa444b..38fcccd70d 100644 --- a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp @@ -413,6 +413,7 @@ namespace brssl { } const br_rsa_public_key *rk = nullptr; + const br_ec_public_key *ek = nullptr; switch (br_pkey_decoder_key_type(dc.get())) { case BR_KEYTYPE_RSA: rk = br_pkey_decoder_get_rsa(dc.get()); @@ -436,8 +437,20 @@ namespace brssl { return pk; case BR_KEYTYPE_EC: - // TODO - not parsed yet in .T0 file - return nullptr; + ek = br_pkey_decoder_get_ec(dc.get()); + pk = (public_key*)malloc(sizeof * pk); + if (!pk) { + return nullptr; + } + pk->key_type = BR_KEYTYPE_EC; + pk->key.ec.q = (uint8_t*)malloc(ek->qlen); + if (!pk->key.ec.q) { + free(pk); + return nullptr; + } + memcpy(pk->key.ec.q, ek->q, ek->qlen); + pk->key.ec.qlen = ek->qlen; + return pk; default: return nullptr; @@ -450,7 +463,7 @@ namespace brssl { free(pk->key.rsa.n); free(pk->key.rsa.e); } else if (pk->key_type == BR_KEYTYPE_EC) { - // TODO - EC public keys not implemented + free(pk->key.ec.q); } free(pk); } diff --git a/tools/sdk/lib/libbearssl.a b/tools/sdk/lib/libbearssl.a index 5b8309ffdf83ab0cd99f3b2707ed7ab2123e785b..5c11926617761827278b352780c2a278a9b5add6 100644 GIT binary patch delta 16286 zcmZ{rd3+T`w#TdbE=foTApw#=NWx8kkg$X#Kp@;sScC)!OIQRI3?K-~BFiWPAs0be zR9rwQP{ug=2J9l=7DK07PQ(RiIH}qa`#QsgfwWR#A*`iriJuS*DsrYiO7?kng z|0ipP#;h9}BO8atIB|`pjUqMn^Q5$O^PY1cK8PO@fCM2ikXT3@qy;1%k^pH5Nrbe5 zBtcq3k|8OOHjuWEc92vEeWyd(Lpne*ARQr@kSs_xq*LR(=R(`=FkLF%k~Ju8UGC_d z#@x}lKfL5=)dRneNnKZ*(izeP(iM^i=?2M%6hOK|dO&(YdO->yy&*-AVn_+352P=o zAEXr0A2I+^1{v5`oD$x@$!oIl^uyslHFrzxneIU-!Gn=h=lz`#s?d>makUmnQtwZ<90ZKGC)K%GryZ;5_lm>Ta`( zoZtxY%iyHh$oTtEed4t6LiX-z_ESmPR+BJ7{qf>YUF*+uagJo(fjc zTMhad=q*I(6FHz{wUgGvmtEVYHgq7*IXb(w2v%g*-c?(>v^pliS+}J_hvMpBkAx|A zNfF^FCbUWLWtXg(d{?C`%&zSgI9Spo&`@4tXyK6Hd>qaBQnXcASlizT_C#aoaC77N zrt#HBPHzo_@~R#`eD;y}`ElxTIUjX)K3$Yo8T$L_>R^7aDR<4CzTw7ggZ?z`sYTJV zxBkY;Q4)2YT=dAet%K%FpL`dr(dTQ5i{?~@=2Shp<4^Ima}Uf798AJ!964PSs(SsQ zx*xkGR>zDybuhk33=UPs7k8LYG^46!Mr9Ab`r)r`ib^VTV+V-nIXM$OC+Fw-=b$%p zeN&v^zb^<;bol(g4xfd`Qs3mn!4GyDF}Nyuiqk(-9W(4l6)to0`W^i80*^b-fn9#D z(!|gUr;7#)%z#g|9w&UVQ|X)HtAg8uAHroPczy9xwfBHq)$)b|M`u5ff5XUkejg0J ztbQnSJF4?L!x<`XpgU*ga4|}Z6%)l2F;z?#SBv>#u~;rvi}hlwcuJfXL765qWVY-q zYvls@JGn;wkNmSdEzikfr=K&>ndGc?ZgsXg+nooTosN()M&M7Z5Xs4a&X6u@ z$_%^dkzPZfSe=JIDUb|ENQi)w*H(z2(+z)R65>umz$s|k*QEVel-pKFpBNW(y0;xG z{R12k7LHG(_@pC;w4~ONy@n@C;lLR(!jT<>Q$38C@oj=J6J^9F{p|)v+8`_lpG*n* zD*X;f_+e2tR{921J2L1i_xl_%uxui^r(gCE(I!V%lnGz&s+1HT>W=g|@b94Ssj291 zJmj`C9P+xRrpV~A(n(DS29x_$^z>&)KR7nIpA_L9{zRFSnh*&FlKZ-TU-!1jK2hd~ z!j3gOvOz6^PM5au9_!%J87qSW#t4y_5{yYp3Ch;~>v1ymp%k|X`emv=xrAw&zeOLW z={y7>+N0?KaU+CJchcunk4up^io~Fk-!?^xgkXGfO28k%5Q%aAg^o-KI9=OjWBi_SY$M8jB3ijEad zhe%C}>!ey%xU*z8wWPwG*}g@B5Dc#PD@UM;M8CvgNRm2T;bu?!2|B+Mb2WzFFM}8W z;k$;$`IqvqjLp{Nfj_bUT^9bnE^!EPEatfI9izoK%vIr!4V=(P%yZPqSXV6=zD$a+1_^6;>9ASdw`wEknMuFbI0@w96~NzwtGtT7~*z_bfPF7)4a#DA8m%la;*+ZQj>gFNobcs7H(pNXu zEr5dU^(}8zawH7KN`VNHk{&*q!$r`5)itapj)#yuCy0}qx2m;SSm*XjO5qiZEI`lMo@z8W( z+hb924i7B7E1T_1&O>w2pZ2{``;NfoCV4}%^Qcw`?ffn}_cRxs--(*5Ea&8l&Py3B z6VcEg;k0muklXaA?}o3!=|bMCb4Pg4r5QZ_R-i-1^g&(tZ)5t9&b7zbiPAziO#*xk z%RWbtk&o)qOLS=k6r5Wrh)8U5k3OA~QN||s>fADIIRTakOd?FnnV2I_@n$Ht(iErg zY3=k$Z8{I8=_tF}IDJ8veMU<-eNpFp=#D7eXq?_Lq9r=|v9^3sTfPlTj$$iBNFMzO-L+H3=a)K{ z2rr^!E6+Kt(5*~|7iXluF4%*DYgnMCb%8G8ara@2k==EEIrFoa@1dvtM&$cHff;uU z(>6Ngd1dG+Kis(w-t?4z3}!iA0jIop4jOdkRkZn+2+X4AbDVDE4VIM-gdYymXDsET zj=WSi`8i7aJPa3dvbO$})+NW`s3orDJ`CD&hPI4nO&xA#>U<{hqVy*C<=HQwwLY}S zLhUH5i?^egGq;MxdXinQOP8{AKn0p%%$bT(UZsnmd&B4!Svq!yb~j(t^*v*Bre1Wk zy27h!7~uvY3*;*>*2A?KZRN0}HAD~B4z@0G_M&rB0ey6!t#cUjUP4g;OJ$wzs0p>t z!c-r7os)%-8hQic@-F>)1-TzW6Ne`8V1qal5pSVJx2T^GgG>g>ay+Gu1truRgBkmF zF&4ZB%~>3r7ih>AV*yOd7Srtv{1HP)+rLDQGW8v025}nvwiv*ZeFoF$1+{aeo8`RI zLj7Z;+o}9xdY;d^9dz9xFp1Wk&$*?4mR$u+z?X}26ibf@ywxoSB+_ahR=c>@1;E8azeD2RYb*ijlYa? zfAB?e18^>`WWt-HU;HF%8fd{Ehl^oWifK%+D#HS(epv$ni$&;bm>|B=gh>`en-IEa zeGL;vPM9#^vPqi|A`Fyp!{k!0fG{npXTku9x=a>AbX~&DT0fo%BO^?h+zHVp1ja#l zXY!z@C+v#q8y(!27yzZ1$mDs5u1h$m^)*Zw`QV<(yAW+c_*m;}bb_-C6W%NR5SY|8 z5X!WEB9l>`o^ZL=Pm3^}<`odG)&(_8R%)EaWEDjFB;2g^6Per^)h}xx?9=+onY`=i z2_Hr?bqxf@Jam*vxgVFL_6icib-{QhQ#4Lvay3Mo5U!2tnJ~mjF`mgfh&CZ?(E1uC zw|RO(NYArrOgPsV444k#r1Npo=?RBF?I8gurI^YjPU9pdSy3$$8&}}9RQa-UHt055%xq?GYuM>>7??r1JM{+WXjIPnk zq1iAIBU%W-BgJ^8JkM|%X}*MLFcyNL-s=39wlB1C)ZQ&)o7y)Q4TO4xio6nT7hzpS z4|Le;7_(iqYLcho8f>EO;6(0ZY>1*)%0<*YQPo}~ul;u^k0ue~V7fBpB@B*M#CqZ z>(X;y0o^cNrM`|SBZeb>=N0P+!-&G3GL4q=t`Pk(&lryKI;IRKcK2A$z{C1XXS01C z>TG1@K&<|;?qUdiF=gDbeR-jZzPw1~h$UWEwEbpNpJ{{Ui^md;W4itNWnLU(U%VeH zaDBoKFl9Wm2ZQB|bL@Z@@9g>vb}vNB>zKYBWzW5iiO=_rDwjQv^swf|Iz0-u27`6q z*TwZ}|7+o_Nc}R##?Q2Bu};4LTQ$6x$KHD(kG*5en+Ne@sInTo&M?eHBij^DwXs=+ zJ>%$)s=FcBM66*Nt>r2)ggJ zt|MbKBu-r5DH$f~Avkg-EXGmdZ}jJdPL6^XIXMapowq{}j+ktLzyyDzza5~R5O`&> zS5-`LdkkW1dqQiQLlc)(3~koHdl4{REScV$p#)cKLo^nuabLNq!w;j*8`@3tFnMl* z;>V*{_%#2h=c)|bSPe`+($yyYh9sa8E^|M??n~iRw}Yzq#vP@`T<#{}Fq&K7(G66CPQU~E^bKJK=9);+EMjE|SL=S>@dap6w z(7hkSaSenac{arRF%WNpFc|N!^t>3n&hi5Ae!S~@o#uVp`*F&m&wX{L`yu1~I7_|G zud?(!IqySwf=;QVscx1zGqOYDsHyJzGHs_L{f=*AJx;ImOW#j2u8oksFITFC&vp)H z-{Hhz&o3?+g%bO#Y|gjek-mS(xFF2-sr#;UGqbl#?CD6~7xg*`unK&>yplHX`HU)j zJKSFWQ;mE(+&|XQM!Qz3H%__zI(()Z@X5H=a4;{>uw&ubD)XIi zl6vM?IO(3siX`R@o87DMN1mhKW4c3u`kr?PQ9p_X1JxvJjke*$LjSFA5+i08}8Em*gROe@VIE~M(VBc{XU-0Xxv2{h9qZU2exy%dEL{V3j)s%@9q3iPv!$WReSI!0qyIf;SHWY8j-!m-U54#@y6{P%~zH^ znf0hTZRyF}wg^EkfW6K!5>^@e5fNl?)6qs_z+Piq1LHYV>lyO+V2jeIT-)6o?)>POuLuCd|U`YJ^`~WZuE%b$ngBJ;3rc+{TVPH*{Nq7<&SzY9nt9k zFjMOJkkrxW8D9CLo}7=Ac5A@iLE@HvW%E$qXBBJ*dlQN~lwJe8A#!s7sywYC_nr&ox$5ZscoF2!i@unD0vF}EWmty#`?>u%JL`w4 zJHHC&#LWrp9Eu*RUc?G)5)M(*7iFZV%&)^q&dw34@au3F=cb@q6)f-Kh>>a) z^1%mSH_E4WejN@uC*#yn+N6zCXIXX|c486})To&9P;d_3PUM2W35SCBw!`%Esd-nn z4+THNMruq8wVnFgCJV7NNhSTx4LRTBsH9l7Ggl>j3!nM9TPEkVQ=`8PCk1Yri_ufN zf9K`|ujztElvs7!x8YFW4AyZIR1?&J4Lvb;)d$~(bDX<-Z#jwj`+KXgaqxEvDf5*p z)C0%|5{rbGtZwa{n-f@uZO_T-&`DI9-A|o{RotEmA!>0Nd#FfUt1KsJh^qK5e19@` zexzupci6}{jie=NNp z&9WKR<+{#euI)Sy8|IRGjA1^>%!zVDSLWi+tFYZN;$qO#AGMf^LQl_yp~vSe=KC=o zE85k&GM>$3>d|TL23+k!DD?_%FaXB?v!;z%(28;QvjTa)F zXE;NRITKDz=N`v$qgsV@rQz391jTZKIz(TE>ic>(HJx|A2aUlaNFO%5QDsF?%zM{9 zqk0PIe#7(Bn24L>oOaaGh#N}h*d8%OoTG0Vep~IP7v3k18x^PRXNINv1jTZo`W4P1 z4Djbo2`6-uVcs2L%q(n)w1r_lYcbC;OF^1sn1P&m>UlA=Gt7A1!!YCT05Z-=0@?vb zL_C!IamR&~xoYA53Yn{uLu6FoIV5}b?;AbuyJS!Q1@)-QD1XY>pt@$y=C@`W%*;_R zWCh;!w^{s{#RV7*+KfQT-6nR3t1xnWCjfqT7#r_VgZ8|y?lSh-up!5XXpK-peG-g# zFZ~U}#0u{e(8R{`6h3W$)6)OG~BokB_lX>b|CL7g# zOd8Z7CeNsIOx{)nx4PL8jyirJ+*T!*Q~2ePjeek|A4JBTg}+gjew?Mh!qQJCn*&{F z@e(i(hZ_))HCBc7meFmN(LI*UcCzW*!(`K;J(kUWvT68fFdO5#aMYeF4I$pL z3OHzlo(1mOUu{+t=7aDtBLj5iKp_cs!%bqW0 zyt<1mj;ysZ_gUNkW`}q*yQw#wc*3%I(z5xRW%H_K^SZHNJbi!lP2?D)GFd$^zo>nL`E;Gv)kQ8D!e1Uz*5S@c3H7Gq{mBsi!bm-vVV2EE z%VvzR;ajq)mVSB*1SW5~%x8g_Iy{x$(cMgD7{hM^IK}Y&)SC`HWZArE@w*nEBAXFA zLvBfr2ux>@NzoaET&(y#r^#efA;Z!aSX@XpbthQ%wd6!LAjAqwzs}PCk=(;H@Mo)_ z(W>x{#XrY4X6KbB%f|QbboWR#V@qax47Qo zn=Rg8@g|G6sORr?uWfnAQXNsf65LcZ`W|;e%NT@JugQ3|FTpKSgL{^zbq-tlK^9k8 zT&)@ov@Q!@Z>jj`#^M((e#PR$7Qbon zr>db>d8%r$v>+kE1(WBKA<^T2#ingj zRW)pbYEw~pnreSVIVSae$qDNE^=^{-W}BPcnV*+<-oLc?dy9WkO-1E7kyh5tImO}} zi@RFf%i>~-hgdw^;xQJFw|HihxgCPlxK*&w;w9?c;_{r9cUY>;Dy9Ug-Ii*f>POWP zOZAqD+~?+W;nyqPIQ(ewzb(EHRC`LwLy`6|7i}{w?qYGi#r)*O^Uduok1w&f%HnYr zPqdgH$e?a??p|vZ@JkubX}!f8Rl{~Swf9y_wcTQVDdSb!ZSiyJNT2f5&6jOW>%tFU zJd>|1=7%tz{#=ZzYvT@3tN-Ap$?)b@+fpZ1aS35AplXXJT0F(#T8po;m>b!;Izf(qDI<= zpSyUDTB>tx-Mk1N0`TLfEnZ2f#T6FoRgxLOk(Pdp#d^hLZrd}cH$2zk`4&f(TA5`Q z-)J$vBJv#Zdl&CEtXE#z2EV!Kon>M2$*s^y=b?c_w6g4T^?U-$bw>$6Hh6~B&h)dM> zJKSE0xAW34#lOWg-r32$OsZ*><=JY-Bkp$n&g%)(O2*0MrwUIS?g~C&nBOfNG|Z>Z z*9~)P=1s%J;P(vk;hx`~(C0Al=Z3jO#P?#RyLbHN=AF97rPA#L~soNst3xX>^+kNBWTn+^EfTW|%#%&jQ6#4sQJ zstxn8d7@#yD4S}SFU)2d=8LnrhW`X!Xm}Tx%O3jYV|bn6C%|0xBy$POEv)sX;5G2= zhTj15@t2j~0^e(xnhon4X**OH_Y!u?l8>D ze2ZaT+S?;0vjv$44Q~ZMVpwl^8GaS|Ck!6~KW&(o>H))Vfe#wyCw8wJ=4Jb)VQx}# z|BDA1;dOi5WKM!l80Iy6(lD>#9}WKsK5O_l@CC!?z%f{y(&+_ol3_kfr5fg!Et!US zIp+pV{O8kDfhpj%U1Yd7xYTel*fq>;?4gFar!>MaKNlQpcrbX9;Y+|*80J?pGYnVp z`k!Mm{B(v(cpgCw_ zQH}`i7L}QT_rOC8GYE||{1KQ>A#{2Qe5v6dz*7zX0=~-dZ{TYTp9f!On0x%!8%_b& z#hCct7MaziAQimUa5{J!*({(MEPmK9CcEIH3vDn^Vy|JWy+xzpR^Vq1b2IBj!)a(= zyk;_dnR>)9pDvFX?gak8a1QuW!=1rj8tw}I&Tt|42g9XcKYEgE7KJSg$#@9vFDnKp|AcQ&Z6hz delta 16566 zcmZ{rcYIYv+Q(-gqDOr65yUt0!E5pXo4(N5m!V6)U1YFY+#or zqZC2cf)&IPL|0G|UERgHwzcbG!Gg-Vs4RJZzqxb5>>uy>Fq!W>&oj@=IcLsu=gb)% zUVF9k(}t^^)j0{36}1&L)wPdA-VKi4{kCweR5#;((Vnh2A?mC&^y`R%U?bXyfUt*A9}TKAv# z$BUKW;#HO59!MofrAR%I%8+^?^+xK0)EB8AQaMruQYBJ|R zMjFyu8IHEDRkzHGc54mZ6J2++#z6o60|pFS_d`WVWal6uginYnWI~jRzM_{H3u-cH zn{Qp=;5-!>=zbSFT2Q{M`Z4D~o-8O>7W%n*tutziDCs|I{t_p+Nc?g|&-s&Mt}|+q2+j~9^eAc{Sc=+dp>@FE0-&>UjyQ0x z2)#+&r4)?1Py|BHj`=<~v<$Emvx z9^0OBW0Kk>Z$y;`_f+<1h`fAcTw+;2Hh1lu+lJkD`jZ!W%{E9>*?r;m({CMi&73pV zz!+V=u7BnHs)oq?Q}5q?U&@MW_gxz}kkAJIF#X%E=AU||j!VE<`_M4#QzAJdU^;w$ zLm!`dZ;+c){GSv0?i`KZo#W^F7oa2O`ldO-A5RGJ*}-GDfZwaWgWb}B!7m`umlEQ# zel@9)=Z;hk7r4_Oo}e6#&Ttxh(|o7G#esKE6r#!JKT$Uhb|>YneD*{r!6^)X-SNHr zKlOXAF#V0fPM;N~9s4o;*$EwvC^^KvQmuF>8mXw0r_0H5nw%+bllRJp<QggQz@=Eb&`x_ zcL@5!VSi6q0Ll#4j34cYV3H$3L8mm+j|x$L2U)1CYW%*wnc>(pM+8vY5su6i&iDov zrgjb{Op`I6^k>$04yH-rlNmwZXukszei%e2O5c$2jtu&S`F)OXqtnRce%VimiQ({s z;Zfo1KL&k6&2c^l&Yf;TWM|_fQ;=@R7E-QiYl}^o7?Tcq6Aaf5FZbt4KR7X5D@9#D zf2vGFDG;t1sym9VJEAgg3NOcqZR@iTODR`D29CUXp`Sz*!<{^~m%I zDIBEKU>8Re`b37j5~q%PR+1?bV=4KQa}xZsg*fdLoXVi_LXJnR-kB$RgBroi$qwrA zlIaf0#FPZwiF44tz!;F1!(HMTQdH%kzZq3|RRyQY82aL4!+|s@J7ocaX&IoPQQ>9fD5x%mh>m1kmZ2m`Ft53a1Fs6<4Ao&Ly1gUxr&I#I!K9!G!7Y>x^3| zvb!Wj)VYsD&z9BdaGg7^YgI@HKe~m#ay+U?+#B&GQnp$!)Ge5K3^Koyun=AM%OEbE z@LfRTvZ?$l6N|Mza1Rv$8Vz)b4a5n>#P?}&dNs`x1BZ2%@H}NQafI6Ql2e!01wz?j z6IK4euR2TUg)GVM_b1${MhtUn3)jJ6;NISlhJ^1q7PjL8h(IX#!(!wq_p2?#+=$Fj z`-Zs>r>=)xLRsK4XmT@3Rr7GSYb*sn-wFK!uRv8GGoOJfp*%o`-DT&+bIuY8{R7uS zSSm9s;67nsfM;0hWNx9a!GTTC^>jqm`&32)zoVFqp)Z^Y&I5eULfi#U9Lk7hqU(~g zmkOuyGN8!bi9b$J&DqF&U$xuSoV2Tr+r?DP2)Do7sTPiKw+2&TDF>@g^={|UgXIsX zEE{`G&_cNdw@fw`K_=MCUI-Pil{_~&iI$1}n}*@f6*tZ_UnFW0Mx?Z7qYAKF#JXChwN-9 zi#$d5#~l$9O%Mq&a4xJrNx_wnjZQNJy?K|WqAw+MakI<`0*^sfPCFtr@|=$9Q~I5jIHiAU z%N%$SH5@;@-nF#Eb^5Q2@!pJL6X@v)-P8Frt=fj0dOFP@AK=i6XD6z5L%yDJ{QwNt zn!V5rVBnD>bomXI{|IYYuOASeLhZX4P;D6C@rR=r1Aq@lOwM#(fIIzk_y9$ohEIpc zganPg2Hzh8<9B|6ZlotwHM8LdjztGN%LB#%YRBv0m;+@p&Gormrybp?wGTqeF}{>qJsj6)?R(S?8jWUh(W_O^ z@_D`xGX4Znw#kxxEzv%OJ5CA*9yf-jV*GNIz-=ca*(`sAt-e~v&{mPB&{r!3D#-St zbAJE~&>>mrnAH=icu-clqb4Z75`(QicjcUl=o@(*7iI`-i(WB`?jJz1NIUMskn}0! zJ=qiGL^zx-r?Ds0QR6mBK8G3mb~0)lf&`O`_K-v_eY_Tby<_ktAUT)C5v0wXFkJHH zEyEz5OMD)V2l0`}3kmV9`faqE?}!wYGsZ2f`y5wIp3kZ|y6XAuRnKSDoN+j+9y1zo|Oesd0&qdt{)p@Mjv0xCT zllfcA)2t)ZvCnlh6hnV%tsm?D=nF9{N->LBwHh`7?*)vzQp{u)M)HZ4rmcjoTHeSE z0hcDsN|3Y(p|6%VGGi!(39~Us+JwNsDMceQUPmn_%#X|GJ9v^9F;SPRXSzChA-35T`3 zkr@Xq+%x+fNt+P#!y+1)6(hlfSt$}snzs_>X!&GjOFTJY1?4d@llhgNf^Y*BqLJAh z8fP-Q3rYJV+^6M}neB+no3;|((eg8y{qD&LoGI(d1V%q}l-WE!$yzZFupq8rcCjZX zTpE`%V}O%lA~S`gs}gS0@d8ho6boysKQPPE zIE7iCxRjZx>-XvgShooN<3|)(0}^`H3y)S6A1~3!tQyG?%XL0HE@q&60SU&;5VG)c zCYBa#%|%0;`=P4wD;R%2jaNh16-VR9U>kpK+6^mlktZR+DKp+|_>67!98rG}5*oYJ z`5)i#d*1(ypid z+_=7(IRg!B|3}Z5#QMw^v3)vNgu-GZtADI}DH3d(nKL5UzNlyHqAxFoIbvyhTeRO8 z*Ecg~xU%b0uj1{uGFUVbH#q)V~;u z8#H-w(ssZg`DI++%$yO?J_9d^vIAd0_p{b7(fPl@*2QGi6I$KU%shnQtzB{a@t}bY zvhc+mYY{M5qVpvEEVPfo6(}-xqJFa%Lutw&x*Exkn~=XX?lvAi6 z@AN_0ZX^T*W^r}<wI7so_UDN5t;`SWYEu%>VEpG|irV5-XQ}do(R9^)n)@IYhF+iMULx~U;hC70 z^+3Rzh{V@ihDN@TGKdu*F#<92cuzRz7&jwvBC!LBlY)VlMm z#DF{w>1w1^NVgyfjyx1(<=vUje?Xdk14bmwg!jcUW>hC0<|oWOxVX7aZa2G9H!ogJT(8 z9;o|#rlsKM^!k3YCFhO$3W+!Cxcc!-H$Q$?a%890J~Q0+W%eFNVtu%6Ic~M|OW);A zQihPe_m->6f2)fYY;kazWl}nn66?k6h;P3meQ(R8Ak6Mp%`@G+g1aS_nx*f97M%rH z1wLDs(*{0YR^@L+yUNein75*}Ds`3{bha&5r~m9$%O6#@e>vIh#iMH5EVs8zQGcK1 z-mSjWwLg@z9p#>RNuyBj&>E$nj2eK+xK6!ZLT}%%wL!53vz{{vqb&ZukEBZ z`*C?vM_8|o>*M`DygVrtG8LEkb!QykpD*Ki;97p@*Z1eY>h<@cuJfy3b$UO#UrjvA z9qDUYcy{ZCv)qmTSRrmx1c{Fv54>V(&PC39$cYyZ%E^2ur9B@{9+Z>u!msT)tZTru z;iJogHe}C+L%bF;*u?bY#xvqXhpQE=%&8j>RwiRyY5C7!swn52j_d*@pHin-BIuy)liFraxxd8DB@g(2jygTh@$EE!<=%?SF((JDcEb6 zbBjD9Ukk=RZNEO(Qt@@(7qJ$VcgyqcJGZ_hLv9#kCRV#5`D;j8|H1!$`%0ax(9z zqt+ZQ4#zzIw?j-TnlOMh&;;pga98B)gU`e!+K{<;M4L=7bIP;9e4nR110D~`$@D|J znJ4XI`u&LpR4@?oV3}Noobt6NE9f6)@8UiHxpzak9OQL~Kb$=1hs;$F`e8sFh&+PC z9|T>4Ml5jAf=1Qqk%jKO)Qf@s()g$SQlGl;_w-72`}uAs)$vF)s0tRjLACE#aSCM} z)Zj&KvWorWgj%s^zHD-8ojT7RtIZb?^eWyOTC@L))NC_5Gn}jnh0* zg`Bz`>a;JTrOvjIY6c5?7Q5S=2S=)*Uqw%Ic8^r6zlxSQ)d985R~HFfSLkzPYHRo>T8JV9es`Pb1N&g!7rIoZinizu8lR;_?A_#l=bU-GF3zm7(nWy$I_ z$N~$;3Nb-_?5`^dW?+cagjDY0x=8S8tldotsqz4LEH3e>KDBUG*GTXd+_#0vYV$YI zNHA?WE>zhsP4jE(YTmhpDEKo6=@xu?9 z5$0jT3bO@*?mAi*M#?Br8+#s-^hI;vo+WQqHJ6#U_hc%aeyK9%eBoSDp7T^KOfJH`c0w!M4SMP1+Q=4*8WRJ1=0IpZ*Szk0seEs|;KOJ-|T%5r4GRlntK zmh7R%AB|?oPt`1z-cT`?W~iHCGKW8C%J|?=+h~|SfOi_+j{I)Je5qxbZE`q1V3 zj~adw`4fg$sBjA+M#!gXTHMGS{sz5jR2;!?82%LU_YHr7{6oW>EVIn!ILbda%-^QN zhJQr0fT;9$`l!H9mFkiO18RjEY zV3;wUYfyB@kj)R5ygmF8CZ|Bgg9|vc;nZi3VNP-0BEy~&2ym>u0++6-;IA{;bM!ss zaK!1$FUAIDnmro{oo6%2FlPqOSp1sB<8e)Bzt}em(-Ripk&`=eN+AHpqsGX4k6;D< z6u)8Y3t&S|iO`zg$m34=^UIey+8=5?Z-skFP!3R^uf#1Gpb}QO{krfC?mbvYSn&7| z90pHS<5$6Is#?0r9V|Df9jh=@H>ejW+@KCqn5Iguar?>cYAUlDwTfATYDE^{JgZDy zu&H~Na;|kV&Csr;cE7rp+E3Lx*SZDlD~}93aqJ0)D4v)t z-LqnYAd&@0^T?TTn~N>^WtM!UCBL3*n!nBBEnsvdCW>)AAF?X! zvW%XH8)=)pmdydO>GZ2))1mh*n@`B5;V-~EZ$1s*S@y>gRqyNFl9+Lo#g{zeDnd5b zqQsI{TJjpQX@Z}V*aRP}k(T`g%YKSwKi$~#fs4(vD)1|m*YGl{!Zj9ews@z-FIfCn zFgwJV*?W|mlljQ9`7CY|(?*9aqn|9JU*bl3n)f^9<_ZPj+;f^jHu7#{Bp!vx*@;(h zmKBtnP7EX?@fehhA4Jb+gk^M^Wz-0!4OdxaS~l}6n{zCi#g@%Qmd&4x&FAp5%9Epg zaXkxW94L$LBbzhZL1rYx@hCWK_$A8Cnf=|e`Oad!!OPfZr=0Ye2ad@OaiNU@u?-}Z-93t@>^dCx?!ol zNpM50b8mLL%vSxT)McqDYu(u$CL-o|w|uIqOL4Q* z^s>51>i!frq(=WGJ)}mhgW2CLv)5I>5X@d)=T1@^Loh3wS{Et~BPe^0vMlEO$CDSS z&qMBD)wg$DwpzQdQ+A9WI6URq7B^YkY%$klJ$tT{d3=+_Yc1YrF<PKGz>ROuN7LT_0G>f@2 z$Lq%&RlO;_NPVN+kX)g5q`~WY)$vwL(zaPv+=S!Rcudtn-C>_4dQI)vl%C~&V2M7l z_$!OQwU`@rJg;p5m6(|x8J>d|Q%{y}af!vfEFNreoo4mgDmSyx^Kqu7pJnkm>f>Zw z)XOYUOzp@_FY2(#5^YtlR@7y6dB74qW$|9s2DLh|8G#_U5dmaSWnD-fR{gf57oD1r zaPmx2EarY6uXp(tmss4(;{J#`=~-pm3FK89ZE>T;Q#7lBJ)JW9c(zL{{lylySbT-* zxXI0`xWy7}vG@*)@3Z(J_53bb6y=^GueG-==H4Pt{y?o|C^?%-uwu{6mX5Y4hY?S=Q4eUT`dK73wag#SUg0< zwzyf*F%+2}&eJV5_ey!yW?MFT;$|-764h&9T~X`?s`)B}gBymtYFjM6+v58yw&!(^ zS#s_V@+KiKT71yrH{y)79~^q}XJ#HBT1JN~{zkKUa9d@bT5?Bv_Njbh@MaU)7IROL zC+};(wFP~R3KwWTuR=LW5 zu5W^J->vQ0`aq8RildT~@YBCB&mE!$k*43z5bZ^r~d2~sRQ{C{6gt3r1&(Y0F-%Q$8IX+hmP55X@MIqF6R`)T(ByO zxsKqS`w;cOU2ebBtN8pG(;pIA_tn>3D%IS3+|BxP-eahcjx*;Tk3EJf!21kWfe#qw zOZVRla~%S+@IaJgYDtcih!*J7WLh?>HBC`KCQ zM@@c!WMwWFOg7Aqe}6E{kAU+G^JCz-hIfH4Fx(2h*f5tLICZ1XzkshGbB&9ud)F8R zzp`-dMx*z^>kWSZ=G={PesS4mn7e20F?)|Crv_ z7K|74c9f7|E+eEH=JpXz|JWgJH7PL6@60_6bKSDHVXlBx8s>J9TEmxuhZ^R$=}~^% ze>&wl=UAgy4{kKfts>J5b6*Kx%xTXL+Vc%_U38&gu5K(b{5Y6%P}=VXb0Y$IKlm!c zdP@i=q*QR<$Xdf6fNwR-M~OQMXv4+1yA1QOdcZKZjO;Ru$4YQMN_#HIK4bV8c)wvj zZJe9NXmkRFH;jUx%TS3N0PHx%DEEwn_+&+7ntl(&QJP5 z!+iS*8ODkto_|y514XuBKC6X>E5T)k2Y@RKbK_QxVSdBsjF^paQLWx^BbYN{$`^wt z7+wONq8ay}EA=ysVmWx8;T7ON8onC5*f3wSE;h`i>E(u3gRe4t3-~(2+_)xG|VpoXB(c) z=YOFo%!6WyVZKu~8RqB57Q^R*uQI$Ce4XK?;MIn?vvY&tCh%s%+*Wj_VZM)UCo}$E zj>5x6aV7XM!&ig%7+wW_*6_99mkcv@95l=gFK-#ZL29|w;!+yUeWSep>OkROPRYWT}l8`9gB6`r-AIES3Cj_mEoqgd2|k ZNBQTTa8q8^xayk~b*FT From 3c5a97c4dfedc45cfc10adb48b6570c2ab9f6fd5 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Mon, 14 May 2018 12:01:19 -0700 Subject: [PATCH 17/17] Update BearSSL lib to upstream commit 77b18d97 --- tools/sdk/lib/libbearssl.a | Bin 4278574 -> 4279046 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/tools/sdk/lib/libbearssl.a b/tools/sdk/lib/libbearssl.a index 5c11926617761827278b352780c2a278a9b5add6..3a350c9a40c86a7688b8caa6fc3077e6072b992e 100644 GIT binary patch delta 9716 zcma)B33L=i`mgRxCYfY1nPg^qdNPxc116Ara!isT7fL{`5CRAyN5Z9H1p;yi|Bx9# zg0S33YC%?_EFO6n0>PB1i$PcrbRi;wAR?d(1{5RW6%_wpb$4~bKKDKQy|3!`{ran; ztEy{$Q{A{}1z%gYg5O{daA%}vrnz$V##Zs(x5pv#&!>?^w*Xnk!`?>$X0#{*_KR3w)FzC?YwZmbu2&;*_ZCOrT0+8Rs)K7)q^75IEfNaGZ@(e-$iyekL+Vgko}1lk^Sjw$iBbUi|l7!LiYAfsEplAEfg+7pQDow66xqK3MUG#MBF}44)bKjlnvbF$ z!2;^BA?Qz<_s<6Y`M4O{Jrq;vK{0P^La_lSQS6u?6uZ-jVms!dxB@4N8-7BvUgis^ zmlqP}H*fw=i(lA);!nxe`)CTH*5~iFvUT1=eZUeHwV;GwI#J@1=ViMz5hV@3hLT#} zMajLxQS$o9DEX%Zlrr%)N;!NFrS@^7)OE8Y^Gcxc7D{Dy@-#|i_5<*LU}3;%wMm~T%tJ9GO4^XY|uoFl!F9q|QUAE-{>f7DkKZ*K+ z<=G$Zvch*!9}~9e0DR&3hWIy{a+5GEWl+;jK@3 z(1iOb{J~QGAu_azuehHlz`xo>NzFdHnIEmTL4cYdd6{WxX}I)Dqez}O$gf&V`z29L z^P%_VT)$z1?x%dq{3djxDl}Gd_kF*{Ei8&ORcI=F%)`EMh2qMzs~VDa)&F1B3hlzJ zkD9E+G)cSoH2xl}7Z1OAqd_VUc&>Bm?gff~bJXC5y4rH_ro?A5pGS&=;znh3%j)OU1eL=yVG z-Wk$W?3Ps|qdw73aHterN(7eDBho5@o~9F^Dw&r-U;6%6~-`tapE=yGeS zp*TW~k_z@5Y?zs^QqrvKS!uY|RS?G8N}B5pXI(6cY&dP07SB9oCOZwaY8g@=9_k;; z0ybYRwvxj!p%W_=CKDTHJ490S*Un6@$Rw~tMyMV( zp6F{MhdPYD;c7L~qAf29n?FFM+LmXD&ZrK2@`QLRczy=)#}(y})vi@=bzvoXygO$$t1q8cs@=cyM=+pLTtRR>HX;+Thv zd=WNs<)Z11pi)wq@4q*lWW$+-OL2rqF6+(hY)rFo^d?axUpdS(qtt@ZL_OKpT*sa> zix_Ln-^8<(UHFsB#^vCO%78xJuXG3@KZG(NL#Q{hBN3IE(6Vqe*^El7GJU?x)eB4i z(Xag3e#?%1w{4rxcc;3ub!(V!bz1nLj%^El>tl|)Rxdms(;oHx;g>4UBw=Iss3>}dBfz5g&nvM%2rYQG(heE9j7%=YkFXnI1xg+66v zDDkbttuJqX8=rW|9E}UkrRlx9;HD-45`$3_3fUTNEx*ohy=FECJou1ut03hD1M%M% z&uI&Q=D9!-Zt=XonRRS>&xbd8B?D?Tr{m(H}!D^y$N3MXh@2{bkh-+vL3)C>MTH9 zDy`r<>P(q}xHNhz6PgR23cx|>#fZzI>2)JOuA@aI8;WnU3kO>KMPJ8Xbv{~4SYXTQ?rAD zU7N3*vUuglQBow38uUFkY6k%68UX1wFb<8E34|y`gL#y;gXUwvI5duC8^Qe0V($(L zXbZqYDqXBtIGR5vvscjXzeg;Pa_{dEv1)TPS}r$MDJE4w$B8ya^Vwh=8cDNiFhBI9 zcLxQlWu9hhz-TyR(nV|SUd5B(b7(XzRf~E`_>YRwFd74)xWdFcBI)w!es%YMAulwT zdvSQu70%!27ohV)oZn(8)$06k#jS8N{<=6zSJx7%DSlEH40l7MyHD!;CCo$mq>iTk zIxVDL3G1ZvDJjw`rNL6_uM5RtyUj&n5aP7Zng&YD)dfImr1y0pxapr_Bwp_kLvVDJ zn1oA2dpcKvzYBG&#>Rej8}1n7h{fAGEjpbmYtqd5PgG2qf{mZ0R^U@@dOe;rHb|cv z3eOq~Mu)DKf~9vGa3B~RGlRm@NefZ%E<9%%UyNHD&7a|vr}#D8E?hCkVZt@}79&4C z6qh!co!mwI&IyMVcbd&c?r+%pJa5G{t3@Mk~+fZAliRHqQ*}jKfVyQ0y}H?t{3(KwPy3;wl1h+di|C-x`RcwI%@@n$1T3j0HzG z1NloJHm-%BXhU5!@8pX@N%>kag@Y$Nw%;6=TMHv#_LmnRUGEgrk)aEaVme|z1=CU8 zqTtc^^B4J%9K725OyA?x8%=ubydfI#rWW&ftqJx7PKS$Tg$hm+R6^gmJ`x82E_XNF zUyf}J2@rHNmNqgD5BKuR@ddp>#FvQq72M!8=<&8`@jY?FBatG$HPx4xoaAK{v@33jm5LvbYRO5YswtEdAT*sId+tn;){2Ff}WMiY?&+nLx*K4Q@U;23A)kF8)@hj&)Y(MnN z-pNOMfO;C;uY6j+Mf@ZE1h;NT|3NWBV*9vy$6PKB8fW81!EPubv&NguA6+pEPuwGO^Jt}r+4E>!8TnmXTb_jLjftTH@;Ogcp z&JW-ONfPL32~i0|Q84Y|Y%odwP(}w8sPd;bbyWHDkQH1##GoLieE|DwrclMRL6SHF zyGxv4ZZy1a-3882hzEf~vr;fWG`D&O1+*7hv~j35)3Jl%_Ad1kMSTzq)zXa%a^QFx zNO8NQhN!IL&?uUX1oK1ls&`Nz7lk&YI)S)fC(%8L-T|#Zv+H0y+E_|+IuSgYL;EIO zG;}N&hv>XX7c0#pZn?iO{UG#wpj<+Z zr+bwaP1>xPxLHG|nU-b#A-bFoBg`ET1w8DGV0P2avx~OY0Ja5?9L*pHKRj8;lHT_ETbIqj~57D`H}TG2NkZ2STxyih4c6;*d87~lI?$l#3l z-#0yW+%(w}gsX0Pg8Y`~ESnvbcI-VXq~dwo;D@Y!yfr|pXq?Xlp+8PJYSQ7TUrqLI zk|>m$Ohu6u&ng!5c8U6F1j&@m6MJ?jN2MzQT4z*a~@M60l;)$=BjQsvE zT=kmCsV#^1tdhgVS+-a{FdQ4Nf_gd5Nz}k}#3u+HvA#p|7_V9@|XyCR_)>sGy>Yp1wR3)1jp=3dM9$*H8@cu%sm% zYytom2BR@_rgkcr&J1EO)-2Ngzh>InuSA>NeZgB<})2YIu5y>#d zoK6Zvo^JS|Zg?2Q!MJ0WwFDRZU=T@7yZAVVXB^5CsqPYS=La;I6)NI{*^rE*i6O<1 zhf~6JX*l7wDG4|JM-aVq(;NVmQKdx};7|qk09>ZvSioZyOc&-v1t$PzijAHzFvXS) zm?^egz)Z2xmBtiXAz)B!vg+yw4wGzj{F!86qyOUTl}^wttU!}Pt>E?0KDwwl^e6Y4g6Xc-pFYqF_4l z4h0_q9IN2tfO{+WL%>NAhGD;eaI3|z2{&99n7mW8%%|4{zDvtU^6qYe^%9e0*#yq} zvX}tNmgQZ>7;AXAB6fg+vr!Bu(FtT-rS(Ck+_EK&M?m9kQR~7*^tkgM8>}0dpvtED zu7M-h8m&W^hRl}EV9D_JtT%eGMhKLw>?+h0B+iLu_vG-xMDa~Eyk&&ARA9$d?>uS} z$&SawOA-R4&4_VKRl`G3y>1V%$0oCm z$O`?@OnXWUqX^VBjIEm-I>sXTb%wnc8)K!K!sYg5sY;n#oc3BO9A)mab8H>t%3V76 zk$s_=P5o?`E(}$5l9G0NB71y@JZ-SOzSS|c>qzsK^+9}cgVjhL?(ML$Ny)AI5KhF` z^mjaBP}?nfJ?8J|6+9n2lbp zeEj|8xX20BYBi;o^F&g9E^^KSnR2DU;krmVhDC)*U%ucgKV__>$G)iaF)T)Y(%HHm zXP;InI+QD?t?NOit&2XhiqWJ!YGb>Xp^JR# z=-A(eumE}8`(B7m9(F(V!L8UWU6k~J%a<3oLfLm*E@>IAj4O#FaV0%(A5jV`bcU%H z$uK$J{Y0hZ)&8~f^eTBGT$?|KvGH3Ff0d1d^3}=jWc>6Wm15}xKEI7P$2<&Q24HDC5F#KHe!4#p_i{4Ba)FnC)6%iOI-fH!~^B32j3l+&S9Q3JB1}l z2dnO5?C&I{KXxDU7iaQ+F>kF+Zn!T71M>x${$uj7>8vO&dN;*JhD}KMnyrU)0+ef7 z_keducJI`=T>(vNQWq(&qYJ)Fy_Wi!vbtRv@+O`5@6>xvr3MIqk0;|*ue3Dn)f(ot zoJ!+LnIo6&(Zf}yY{XEV^h342zpG&%iy}ooxrTkpJZZ`?Y#E8wrH?p6 z`HbRz-9tsv^kBwJk3wZ)`1)d7nO~DZ@@q2J>}Iqy=GPOlu8w64f$CNiF;9Aj<{inZ zU_+8gS3Z0*>g_IOPm@Vt_g=!*bQawR#FZD1xXHyM*|v#FO>p!=SHC$frx$xYvIv~U ztjc2nr0unw$^g}aUFp2C-?*|!^xO0#Q}3ikkm7;4Ic&bNxI1ACw`Heo}yCFO*ldd^NeDB zbz|tO4S($P%q3H7o-)>JnJ2&>Q7KZN>6ym*?xveDhRryElsxE3RcYF)NVbpgeCSqM zb<=$c4s)LI+)+O9xukO`k<@STOlwi2=m%xeb7Q;-StvtZoBJm)ecDx1J2d|$#)`g2$_#ot}{Y=leeA`>MO@H`UcW)kpQ# zHZPwiwk@3}w%CGm^E~;vp1gIAI|-e4NB0!%B8f@$w?Fnzlk%xSy9T(|?wBSbLQ`LDIl03MCsvNN&W!dEw0eq?E}AAmuYZ-MoD` zFiL%<%}>8MAr&d@;S-Sds{_)f@9@)?&5$uD3NkjIhwe@vbbovybpN>wGDle<^Ft?O zrBp!HqU8!TD$JWE$l~u)IMz%<~L zD_R=?3qRf30J)qR!XWo=C_k+o6qMmGjyT$rBHMO_2^YT4m4`o2)%Bg;%}Sb7W<3;i#GHLUXT`?jHX&#lw_fada_4z`&BOP}A&yQ8z$UIy1fgNkH3ET#K%) z(p5F7QZCW&Hk;>Xozc;(Gl4s1Xz9rx0_Sz8UoTb5vTj%73kNcQIwBves%-dWdI98b^tc&=7 z_nFTi3l%m;baX=5;qfxne-e=#sW!|f`$j~X>Cht)6?P3`Ylz|+x|=Vbe2P#_r_^eT zT)^i9-*u0irAee|pUFb^7e)Rmb9)rK_##%5a5~Q2rb(^uN3PS}5%h_fK6EUyx<`SyIf{LPa3M~&~PK{yPVuALwCwKk09^K3GGt2OF#7gwS! z2cpKNbg^r=7S*h^psn4a1EW=Kx3bx`B}P}&@D^*VJ_{{=EPC=huA}T=`X9Z%8=oh) ze?{t!==<_%a8q0$Lo`XTyQM=vdvK?f%d(YL7spKOr$LHmer%4Z=-mlDmnze`T`|%~ z6)Ip;Zl$(0o`Xe&WqEUC|@|S zhjBUo!UC#qFkVbi6+EmP3&8^@wWKr@00IE=umZRlY#>9K0jiDA?Sqb8t}ha=?>HAz zJN7r>`mn9r6RXRhbW)<}Q(gL7=}S8f$3%pspS7)?ZG$%`X@A+6Ciepv6?`szW3I8X8tIX6CZfdnJ-N z&lujQcpZKe?p&!f#3BKy9!Y?aSSn8fmdvCG*(+I{jU+%ht7?z}U|Qo!#xUE6W2roB z2K>-nDgq2*U&<`8x{-NbfT64!h7+K;p9UL>ZEmGb<58+RZoz%bUT($D@~ zE2hO%P!mh#L3fjcc5@7QWpt!n*hNk^%U8(nuN!ld18^M*0YYd1mNS%67aFYaB9?)n ztej2~2ZtEQv+1rdvi6NkwVLMXZLhS5fToolv{6aCD=q~nC_BMGxD$)xyS zHeIMIzw*J!4^)jALk71QO{D&$oJU%^NkL>^jPU{)R2>rGjm7~wkeH8>Ri1qndqR*H zABDtpn2RG-ekPePR_sgeUSm8?W;7y3>;3wB3U0e8u6W^67j$RBEZXJKC;3OWbfm$nQU&A^g%br;E5n& z6Uia=*OBbUWv5tbAf@Y#PO(-;nwUJvKw41_oQC`NGeWvcN#Y^{>9|!ik*LM8KIk@F zzm)lF`X!cviOhK4QD&ICHdD$8;2Ktvxg32=&v1P+>=DNF8p1JoymCqz6UlfN%vJ=RK zWI)wO8r^QZUm)jW3iT2L*y4}DjVLfJeBwy-?f^4s{#`HzGF!dL;6`x{sd&e@mAK#Q zp(mTSg_V-?8}M7sKWC81i2)h%Q@iciq#-R9XJDy3nhd&PNDv~)D;teTjRrJv7n<*e zT}jASs60FL?p1j!^0g`-i+r8RCm=sX<=HT2s66}Z*(#rp{34b2BEMYa+0a`B7^HN} zHp*)CMH%wzRG#_l9hGN3+^q8Bkl(KI%$GY=zK*PEGY=qboA9DszRAdMH6H&h;;~J} z@sOBdk6+%9L$q)vp~ZNO&j=4P#wgvyG)K-wdP8gwmoaA z$WtLNX+11k$muT)sp2DHq-C#UCD#tiH^mi%4(M}gY|Mb%njr%m#SgdEjwwm>PDpjt zR|Qp9;qKaRvIb-iO&}xpn`{9>LpP0(5~j<0rBB%7T>`f-99(!9!W43v5=ZU^N8a!XzQ&5v+79;;JEdCbIsx ztFv!m{LJB41}cFr2u~>tu2{e>vf>LlzL5?;|+O9{D4g5tuX{CbnPftJf?;I(6N zc;v^ZC&Ck@tlmXFI3^o}Jo5Q5*-^~GV}B$8hO>$p6k!6E{)fG0E@V;i1*})8JXXqc zI~nw)Y|fs7LJ(9g(^V|f5#*UFmwB@=c%H=<GMXXsT3y~HfJ&knZbEBRl zlK7G4pUC%zOxYy-gj`DI9yU3J7&2fSUsg<`Vhteg_q8UwJ2Y(Wj-DH8n^BE@)Xo=&c3 z7?XlV;;D{-a`bk|A-qQ_+YBkfT#|LpkRl$_k$n$DnaKFR%zE)viEQm|bmBDvhb}Ic zB}ZTf#(;m3!5>LUf%agGlw`1sW0)R763%1a&ykgD(8%W@%ZFQ1$YsVK4a?jx<9+B4BinTNJdeaeBwIg8 zD$jhz)*QpxB2mIC>SIV(_;41q@L`*r>9A>-qw;JT*fL=_TRK$b*$!ZjAqeQj@8lsO zu||ovlihvs3h;b%bOc$k03&9@g8?#m{!LjXZRe#&$igg}Or|~Sk;#frqhzvYz6rV0 z7MWc79##4eLow|Kd{Mqhe1M#&F?)#Pk~~+rVDk7k5c_;o@W>jV#Z6OrGe;%tK*QF*pa&alfc3+8OUe6PM>$JJGpe**bGRGv9X zC;A8X0`g%h{~Gdom0yRvQRO$1%ioz^?hFp>C;f(VCXt5_FDdQklIg(=^Kl*yz5Y10 zx5ymF1E8uEakn|98~?q1nf(C7bW<7~cfa{o9yq-e!|R)!rj&%n^rhydJdAl+WL+)L z&1=mAc;xm{Oy>wrZInu*tPXRT*2o`VS4PO?30$kaySzX7hQVNBqD-#kKYG1%bdCI) zHhzk6_B0Q%UM<9W`43(%EnP2{By-yogJ_AGc__%H9hc<=>W_bvn%tIr^@355t@)}{ zph>q|_Gpd#shsF4%Q*ETP#0ZumR2@cc5BUP_7cncM*mk7kY1}C78>!AW#%3JfnaAX z9hNFJKf?^LFPzQz|}s__H-6kqOEV)Eb4q0xaih{Hf=C|0~8G; zbC0_SCXg(2f@r^2%~BM&lu01ClG15hnmvWjgiA@ykn4SX>2z^FdsYQG@)d1-mA7dyJ*Sn6YNtpCECi0+%3)>BPW7vvEo z#hY<0ZQdNNpm=ic%=8yWcR`k%NUxp1k@nJz&+E9LH286AM$Ua*kXvu=-W4JD{L=j_ zozl|%<8fUS5nin|C8eoZxTq>KzvrtVk3n1L;q96A8blFtjpbIF%+7iMyE_<@s;zaMQPT6j&-$%>uvX_cwWx`Hm^@4?k<7r@m0rQcnJ@Ydk}O zJ0U!)2%c4`w48bfKZ`K!tl_?oy5KAweffZ=A3w+n{4+cBw5OiWEcVT2_A9}AI-Z|a z(YwtuJ)7vY@?#a1*u>gPyk0)B>X;|~+gsmD8=&I4fUmtdnHr>g#+?S=Fzqua4)=JM z!9PahQ+;JOKy2Jg+`d7b<5tdOJig00r2IIR>7=2){cg20{GreOav8hO_mi64FYwUO z#5c2DQ(%80(dz?y6!9hNp~aJWyvYNX`inb!d5=T+sxy|I#JT_LlODBvv3h8ot#Is3 znn}fdKlLg+$2W$@e+K+sS(rRq)560Ucfpy$7ba^Ex

iO2FTxAz5McC0VELY*h-hdNJW-uI^8$?->xrQmSh7mTYQN+Tmv zE{=^%)nZ~~%EhxIXT|44t`yt&i2-68KXHV3S=6Z!uZnzv_;Zm*iEaD@Wu%Rtpp3jB z>WmlP9GNomE0L+k-4(f3Y~w2CioX@*{QiD0GOgx3*Ie)UV%}3Q@Be2a(^>fMkuMUz z7opZ@vKrmII}btAW`&f8sW2bFEUQc_kp>c4gtmbE=Jf9m!Rw{QRR zecS&s`r56HZ!IfWa&%@yvyMv`pHl8`CeAxCsSB?JN*x|{r?SHA7 zSR-g$*>6~KXJkfrWOOjG%kaxipF=4+ccl^ z4taIsJDMUa3HMdwJ5Fb>pz!A471JaV#&;YiC@eS>X+{GBl(zKD#oHY8p{-q;3I3jb?4|QFQIWE(g!*Gq$ zDW05UFuRQVK#f?GrSm*hBIh)Pyl=IHW!`-N^Yu-IR+({m7inj#cE*yjFDR@vCusAk{&DFIM^$|Mp%6Cup~#PkDApG= z!T^UJ?bG28y7TELH5lltPBr=B*cKN_NG-S;q>rJu?O z10u$1LMq?1P`VW+eOoe6Lc?KFXldgflwfXLMC)_}M}vV7N-8%~wVRSoeY|)*wH1UB z3=pj(3cw2w)?Py!czQH%6)!b1(Hj}J0VCuR>EJyO&_8aWK}^$9yC}rYJ>DHQp2O_i zb;BQs5xGf`!}~_S)9}($D1W35MNBZwwJrucu)(#~|E=2Gw=wFDs0v4%6@t&=g?oL# z@x1HOGoDp<#_Lk#cPcAL&AX3mA$w1L`iZ;$hVsIjJBxtp^W3{12M5b$-scp8lh1w`Qh|TA;dFRi= zvJ83uCl}+7FZPe!QLj0-yc{$6VPShQUE<5b|Dv$ue9CF3dfLgIiA%`S1zr%k*2COd zb$BC5yTF?Vd6-pOkeC0@{vcm|v83?t}T^ z{DGE-&iN2eS$N$nr%UF`G7v1wVD4OLmwqlLl5YrSl;mZzz=db(#sWy^UqU=}jSMtM z2P33&jMM+Aa#+`&m}_3KuAlhp%tiT?m`XeQ>vu`#`sC?6-(SbQT6A?s`}dnV<73Yg z&e;!r{^4J)dpkB1rpL&;U(I5!%WpysqORH^0gtSP;I6S`AyoWp~AOoBOJCO zl6_b&;b5Oa9fuq?J604T|G0hkF;5&or@d)@ntSWBNMV1jJ%a9 zXJzu~!{d0u*gqofo4rBW_s(+DPzhmj32uLSyePTLAEkG)bo_N-&vJ<{7xxj4k!N)s zo8@yI#M!Qc7qZ1w7>9B@?{FHoWs~b@62my}o!Z>tNmnIW zRx)!IcB=&S?6p^4u4LHbDJBei4{Ebxgvl|oHw%c)!uU1i?ah+C-I8IiJceQKhuZ8I zVREPJU9a>rXJJoD;O$N9pr5KSoplRy@%x#WW2&^_hN}4btQpZh$o5+FO>eVqR;6U- zOz$@m6q``~Q_}PKDrZ`dW9j9oNF+a*v#>u&;IHFe)lf+X(xqJtW4}oQdyQm|d~eR| zF-OeXdr0=s!=92TmoB8aJ(I%ZKG{2vdBq!b;DO95-rXXp*RO2x<6Pc(`9J#Vx#M-t z_tjGt?sr~su9{Q7+7zog!Jze_ch?^M%MZxEEb=$x-|ghzip-Cpwvl_v=XWT5%{bWl z#19dh%@ZP@B%g8=IW>awB7Z?X8**wBS4X~G{+7tZ4fjc|v#-;I_ru?FpY=*zgY}1A z?3na4`Fh7sI1c41i6Hm9HtTozmDu`)fA2V752ndmIPU70u|0O)K2AQ=@i3=zl9SU$ zX6?Nb#KedEHq+@)PFtVyQYT*n$7`Wa!E~;6I<%`<{Fx$TI(Itxy>PViGq{N&5S_^> zOO2`38uJb`)~hVXl(Q!1Su^JOF&^yrXvfDn9_e_rW1cCqbGGBDj%Pcb>v)CZ)s86# z%;pu2zvMWy)Wo#f=;XIK<{fW#zT+%MVcxbloaOXu9nW$+$1$zNcI+z04aaGiPRR2y z4mUe}+LBGj=Xn~FP5!WBRk=R#{>tX=9;r&4J8#zU{+^dZolceG0geYb9^$y#@o>i@ z9P_TSbeQP)OvfM9uPW7CzpARCxqek{$EiwN`r}H(ly$JGN4Yubt;OUAtm%XSr+wq_mVd_wzt^&So?~tkF~#eUDTnBy)iPs^)^PPOtOB}q2l|ZyjpC1 zsmF>Ri}K^d&qY2_{2!4?OY0{+MQr_~lv_+ZC7!2?{}}lUvGt8k7Tfx~)5Wcokm%18 zcZ^KgW^3|Nr(jKdbQX#SMqVr)5_ySuSmfnm#z>&QN<1d=#bVaPNB%kSS&@0KPK$i4 zcy?s!Ew(1_?PA7Aa4dDGRgv!ztEVo=sn>iV^1q7LMYej*|E9jzOB6qQ7Or;8HJhCN z*_m_Co3}Xap3U|>ykFn`M-HeOI53;-TUAx%{tq0ep4ov%4$yzxNB7U}<|V5iCOq4; zN%?hhgGm20pa00dgYrw?>GyEgs>5rt(>Bf?Q&#lk%P&6n=C%*E^vWDrKC*Up%{kY8 zW>DXrnKDKnZB@o!%jfUt{`zrwC)!+n+I7-i+%Fc;kIUG*0?G70L*CS`D%;xH z0nw=+_jCoQ=au3>{kTW5msdPNdv*P|YX~bTb+%K|MP#-w*zLMZ$fdJbZ`gT>9Zh%-JHapm4mG-`%y{2;nyegWhAGa4$_2OcX zSL(lLE6 z6LRm0wWBUXy!5bjC%MB;syl2QueF>@&o;j9Z0jbv!zQ}J$Rfd2>VJCJICt1^ci3=u z7#SrvJB%sQg#S#NK3G2*KRh6HQq{1h5v!m&Q0GhXbH8yUQPNT2M*Ap$GKj{&^`Izn3p_r;dyiQJ@R>r zm(|(&Uq2Z+Tx@JhTy*}_zxn}j-}U;p?bPHaBo1FWJm;)abDSiUALdg4QD%(RMnOuQ zfZ8Q|uQq;y!P~Xr(1**kA^)K^9CEm|Hsn^;gaYnku8Zul!vS<)dhJhhC#DiLtBspV z+XIgJzuj>5?Ug`%*BJSkx{KZAhjzCZ#tl45o3}Sy``%dws*w=RkAeHsJ3-;x@Q>2t zjo$FQmSH%B#r-75$XDw+cF5;CNCWh^4(hcQS7AaM)gT}`vo~A&#sp1Nm1?|v>=AFX zw_5D&P0tYqfQ9>2-Gy))a@<(FnL40{i2vtxwGQL@()h|a?J z$>Qy;mc0>@kuK#i40}J(X2%GVX|mT=*I~}Wo|C}adqVaeQXuw}6kG6j5z2^2v&*v*MO@E>>x<}~dlb_6482ttQIxgvu z=3lNumz2AX&<<+{%Rff;u6FxouXzJ|SIZuH*c0aLk>>VH3X>nnUKcZ>eM5Yg{K*r| zlVpm7T_m@3mMDyF@%DP^x$G~wIkRW`=6m@+`Z2lVb&h^ao?UaKbDOyHOZoI``e%*s zFsIn6X_F^wj_~x^{cXmudoQ|LO2`u#-qLd9QDdGTeq!RLYO_8}ezzNcA69d~Bl3R` zd5-*Dk@?kjaAYbKhrvzLdUYMT;RqrK9q}`m&(akBi}2ZA4$l! z%YQ8L59R+X@-F#1BNHFoC)r=hGoT_X`FraxokyHwW;@^Ua>t)@e6?fpfF1iNtn|k{ zsm=OJX-l$x#Wx+l@0cbg)1jfvxWaLm*BkBAcWV8gL!HjCFf~@W@lHO~F?|IVPx?!- zL%zMx$!~JJ6?PA!9ZT75%qfj|M;fOg^K37bWH2Rb? zv|PiyODS96YsA)1c)j@PDF3pUv5V;3B&M$d<{kL+$oGj~jm$gnH<7<9{$1op#2-d} zQp_A{?C^dpiTtd%Y2@d{Eh4`l#{F;YbE9u<_99lZJFvNr1FHJ=%Lez+eQU4sfat|O zAf!M~P48=`{?K8Mum<+muG=-eyevQ4edClVQ>u>54jwzPu;0TUjvk&p=h}Cxvs0>v zWmmjgU0Ibqtgy-MvKIUNek9M0xg!NTwDFATe}=kBhJuic;+^`U{#pC#MH+>dSNN^q z70;Jf*B8|kVQx+#7ofhVbAngQYg=7Xm3WyFGI0TKr}&LXUKsHkk#`Ey-XcLl3^O;8 zPl}iU2;hpg0Z)&Xq0VHN2^MKfN(z3W|D^=}cl%;;-58nyH!^gZD)9Zym^zccwA;0Ajmn2HF^s0Kch|4tnhkk zD^Op0*D$+_Ls60!9A#uE50fzSEF@rPWC)>@j(W)C(t8e};+@~0peHylOr6|sGrez~ z{gkXz8lUaZM!&yL4(ja@5|Zx>7V3q;TqP~>sZ5@yW^*-h2Ut^6 zeI9>h77w#sKF+87>NkJapQ3Z1^Ktx5^hnu6N8ILlK2QPiVQ@K4x$p6~(nZ+}fE>8MPuU%Z5^qIP7QT)gr(mwT5|L@@I zd-E5b$1CALUHE+>WnOu>^qrS7|5f+|R}q=tySV-7^-vhe{ZV>-rGssMUb|fq=gP)I z9V4HpmnT`EeUwv%@;*ILo5fX_kOo;GIxB0B)4nl5^L6kL`Pd^aX75a~w|BMnU(#mI z!l)N|dtZ}1>b%$^9n9V=u^l4}_0u&#bQX4@_KgX8TRZ&jGG}2INZ`-AL%&sbOU8Nm zU25mOLTtwflZ#aJWr64{>{9J}drzn)(Ooj^@iW-$@shJ+gvl+k*Bpq>!fw>QxA&Ip z*?r@;ve}~^YsX;X>#{e=2@LOv$Do5NkdZ0!i63p7X777qj;YdyD^|csW<>iS8}(tY zH%|3piV}0CN1d48CFahT-XPnNj~?z-ZN}{1BfSwobQbmt?GsmX({&x_aUJ}&vFqTP z>=_a!zmvVUf#}R0zLG5GI_c(TCF~%Hr3?2*ug7}!hA5v>6ESD@Y~Oq@-@ComhhpEy zgnfSn?E5Qc-=6;TZ294du`?5{Mr!BsL(Z-feFLHdbq%x(Rb~pC-O-i@s9Y1#o>FGj|g? zPldJ7P_EcoSmg21QHMNlZ8ZFx!dZNHKO6Hr82falyf!)SV`Cn-x#vxvf8LS<`<;Kp z5mkc@^mqQVyx3GkrFEHf46P*lbsA6m!InQ4PAu$|8T;rlqbJntnoxe^m_eD|#cytV zyWr%)(sw46&#qv6?fl2H&sWejw^hFt%XS|_i7Xt{Y(!>aW>oiK57U%zWT8H#RYr#( zL78VyDKBf$_&0CX^lCY>Z&}k{wVFJ!X3&^j-DpqOkK)<)ualpUrGgxnjy zeKn8pzy9s3xg5Fox374Xa^JoRPbtMhSkx$U6Qj}VfBR~NzHYT%;RCfbU9Eqa@a3yo z5nsOQ$`M}+I}E?=dZ};+yNmm3?<*qieUrug;@)A}YexM!{qhx;)m-Z;RdO8TY|HNw z9IGvqTLYQ7(qgN2zYN?j__m-W71x_|Vy$$PsnSA6g<)u-9^&~5n52!_zs(s;oH-K9 zG!VAAS@3Pi-_TC0%xU@SMijNmOvqcMo$>l|m2Bn949h01(>ptSgo;H4S*THZ`Rj%& zY&>C6GimePXz|FPvM-ClZfdY4xrHY&SizVE1c&oUNzo&L30@wI=|rhY8YNU()<~gq zFfcB}dTcmQ-#*h3;lo*Nmr3KZ+PKViKs%0UH(mdd_Mg+gylV@&rgmRJ%&l|(NT{Se z zHMlkS$d=n}UcddVyx|~cy+Ho@+ER6^RJF0;%ydGxO`8DySGU@wBbgg~VhiOCx%R^F zAueu)9PcVM`{D6=it9)16f(dWpHhv1&+>9EyrGhDc&X~T@lJJoPEU~4rWQfG83E76 zqj1rOj4~Sl4lUA1W2!g6DCtJxaYhTWvunQ^RRslimHywP zEmOBBUnlMAk(Mh6|M^EMc<1-|LSNqh$#thi5KoP<@NTE!1F@wuh2DwSGt zZ)y~j?MqB3hbG;0bh8Fizjl5YB5faR$`8k?%{R3E<`btt89ql9D42>eooO$bEX2^J zInsxoqRePn_&8N5_T#|mw9(kU`n13H+_}uYso!9HK;xxjOJsU~?3btioYM>p=d?7E zT7!XXfAM*Lw}Y#vO*?P?GCo-~Oe|;APCHEb@-X+4VOqTvul}~ft|?-0 z_^JowoHbmhWnx-3PEly3Hp)gS$gmYZv?Bbq#_D~2rzvKN0~ji8nxE!j(pe=Scfj5$ z1H^WBgt=EhN5{yoY*jZFnBytl%Czx&*4rDceedjU50wyB5gFY6^mxT_mp@AHWa%_K zujLX>V6QUX_{PY0={mN`@2rh9u@5|0 zd-Ju^*DlJ1(XQd`@%<~-MaLd3d}i+wcZ@LEq=0{NCosIBf!>Gu^~XB#=1lJz3H*7l zQ=M*v;>UTL#4zsfo!aaeVbWL^nFXS=uv@k7?Y*Q7)Lk;{@e~t=y$7|~F~a0Cvez7l z&cg23zPCpvrP_%-YrDnX54G7b!sIB~<9kcyEbK`MyuEg^cdr7mr%G}zerW}>u8sUW z-GohMM0z0GYtgTgk87^TRHhjIo8E7<7n`Aiyr1+2HPEvI+-Z_?rAK};XJLPmz+cA` zx&YFF>mYqBooUUmV2tDla@{Trk@AAXS4t0|JTnl()GVgxggMV-RD5Q~%L0;l` zh2zT{-|cvtZ_aJ-iAU6#nZoLs+Xb2?odD@wU@g>oR~VYTk%*O;W&v6{`XN-TypOG(gI+r+J>-ajy>m7g1@x6{ITkKjM zbiCd1V~)w&rvH-TUpoGk-M4t{?VY@{V;c9(PJhQoIS$WD zv_tE^>HG2HXE^!Ujv4!G`sX^PIlj~}W1mfj&IDt67>sXoyxB2*4yN;6$IMwY z`7@4RaLl-7(|Oe~y$~j+d%~DXmvJc1i*=*qnrkyT?;$JG2s62V)_OaeM~JQOb7*AD z9vhjW%=$ZdM!7HOa~?)!!aSptV=&JsJ#sMh!E+*K#d9O`>@JGjUA!#vA>vh$tHhLV z*x{M}V&od}b&)9>Z;X7Lcw^)f#CJqKRs4;}Jl~Xu*gRAGVC1vK+alMBe-L@L_{WiX z)_)QCVlm|>c6h$ui~M=F4p}*=PGe|jDAO9vlEL7$X2r>WYe&wLHkAG_mTWq`f;wO$- z{kfXeR~LN#%ah8-R&;u$w%xn6ZLg_qo>$v(du@m3YuoSsa(Tbn@{wz1SG=9~=i;)w z8@`qI*v4dGMe|*2%Xcj)FFWJ%zEdljFTZNp%a^aaYfM?o-i?wL)ycz~I-WFT_{Aq2 zo_G8u`e4q?7HMH=^%Q3OVud;W-=HZ0XAr%a^}5tD@u1-px*q zVUOSZ`umx+>c;L_GHg4&+UnEp)pS&!^vKQSWvzQQD$B3j-Zgtr&92Iglk!e()VpcF z+JZ?;PLb`k>o&iGJ2+u6e0sQ2B_8-tjDDEsocV=f!t6 z*DM{g~U?jTlVryuT4e&l&oFz(EDg!Tv2|- zA@eJ@ZeEi;rtjF2WbKy5cW3)=UAnE87Mt4G^V+-C+*(n-`h;>FUp*nK<2&9xX?A<*h)|pmJquPmmH)f}7 ztjuc8fDVnyOE;bNhuuZr+q1TO^SYiTqn=7rx0e#LcbU>SJ$C7W`+IzS?K=-F&<%cb z!P1vE*Y0@djV+_rm$lp2vno4!N_Ika^yI=_6RJj!o}%vm(%&Ck)^Y9fFaO*6U%atE z3uq;mXV&JA>c9H9=4r=Y(l z)jwG0MnBy}KPB`t`N6zCqNHeRaKnjF_te6#NYX@&6o`Y4e#j~LItLb!=$V^pR8%)( ziU;brW;Vcq7esRgVWa~b?j?)?4jeH>XK5DJ7YhR%zQFF{x%1X4-MPH~&~EuoB5+WRb`MdE%fs)auzQgniJ*0*6zav0 zpNVak>fgVRcKtZ^a^mrQX?J*Bz}k<^5MR;iWqHqIjtAp4K}QR0|7%H_m8b>%E&%N&Df#qPcHFb}#g?ps)27BX!y?EZT zb(>ceb>&~hsR!u3o}Xh~NYJj-b2P zSEc!?G+#1nAyIV3ja)){#zu;Kq6|a(of0f2V1rmG^@(w(pi?ib^^FQ6#^KnQm?5?$ zB$Nj9RLXq83DOATVY;l-sd%135(8ap_%~hulI*|fpT@&rFAP))PrCa@HcGniJAfle z^RB@JMx%)h3e;d3q8kbZr@%9tWXXXV4@0`tog>Ne<0bFHLXsjCbFOgeq~bNgzEW7H z9xN*Z|4qixG*|<$kzWI_aUAs$zSmaP@Y8Nh;)t0L+B7#dW$(Fc&Far(YhHh(O}S3u zM%w5rZT{nLEg5NJA9G_6jGEQbkv6Su9F1~=TP?7ytuojy{Tf_*`|4W+7k~8rBUA9oe z$EL>8jMvdQ$KW}Q_Q4}+`N_I_SJlOFB5|B*a$rW-S)SPdoUg5zBRDZToH3XHZq>$k z8T>me;Ol~)*v_8?g^E--gaja#VaKAYQ8f3eWUX_wFl$H=UR1trl~ca1o^oghN>0Oz z%Im%I`g+RM!Sd;NUko@IkM{!utMKh+oxY*&W=-}ttNzd{#R?uB%e?kn88v;iuLQhB&pnh{o}Po(JG19rR*%y$|$J7Bz&>CVfdK}(1ZF$K>`ky)r))2{p4W^)Tphvm|IY8nSQLbxfpCx1nw6}o;TC&-GdY*Lc zhK7lt5s;+8ecHGw_>XCm81Gqa`N@h^8vx2)$t`72H_OC;8>hs-Z52RmC)^2ubLyR9 zg}HL0C3{e@=!S#MqTMhh1joh1-t6v6E|fC7z!Z8+$P6C}qt|0v9-;Yy4*#D~j)9%Srusul9e{ad#t?gZHf7C_} zvj>!vwoId-;JD$mlmDl--P+6*OIPD1!_BRfZ;snTvf3q>9N)+9hx$F1msH5&epegN zeDivrx%`x@IFOEv>(^(RvP<$YN4_>HReI%L5C*C?3d{4RUl(0ms#OT`%fk57#X;UC zjEFrqaN8hH2evK^BVTQ4UyYK`GQS*~F3+1DTNaiV4r?65C45Utn@FceLu&eO12mK$!2UCBQvCAu0vds&EgP9nA3+QAB4dqFsBCdAJM;j$!gaTw3LEW|SX zvTVyBnH&DM3~6y*IQFO@$%OH;Cq-)q%YrRo%!uH03FB44TKYfz8mlo;O3z+g+EH9o zsC=IT= zFeFu8{##)^=TyQN$WX$}%4rI2JK7UT_^y!lq&8?j?Cw%O8@v`|d($Dhd#ww>PN6%iohymKu z4tRv~>~rSLn4S#>FAgbgpXZIIb_+iKZ3jE2U0Z1vmwWrmd8qMS7_7Q zB@FqaroKiSaymS)K~p02JdQ)oEAZgR%=yEi10N?J9qL{< zuHz)f$R{c%U#CpQb#Sa*$2_scRhU#O0)v3)EL~=6-QlTFw*%-ZQkBG)yR0L%^C7@!I-dP)iCrT5sS{kXg~1h-F>LW zlQm7x+a!i@Uh467j4)9L9U2FG9X3p%{zWHAMkFn#ta_byp$9dLpl!c5PuSj>pf6~2ggMFVD2_MlQ z{L}{f(;Dob-(WwiA5&Lvwkl&-;UcY^FPzNSBtNp8iElZ@IIpk4fOB8v+`BF)Nm|ED zBV*&o$=4ry9D4iI1}SUf)~TqNovf29%O)8f5;+yyxiRdA!YYSwln-|7S}|k8?~-4p zj0{uZIXp6zqUDZhYeVM_`CpAph3(%XQ}N5wG3d~scy?rTmPMW*|JKM?ONUVh=u$aO3~1Ul*5 z=#YKi4{)o1D(mj(_7gtAgL+cB5uH+gr*p+2DV;SSSgI{h8<-ZgoR;}MQe za(uSqsg7qmp6i&pnb}|F_;ZdgcTD}j^sjS#ljDt!?{)l5#}7LGzT+nxKkfM69sktv zF2}Dre%tXoj{o8~kFqPKe`Cj?F)qs6Iys{eO~1S2o{sxErp{*iq5O|FhdFt87ex7~ zPCmu)bjP1{e4gW_j#oHlEULv}o#XY6Z*qLQ=Y7HPOOC@k zC0;vyc%~oTFH!zGC;z~4c)vs)=Dpjod^gLOITps1jt_R+$8kT$!yF&)c#LD}&1U~h z$5R|Lp4W8FckJIstDT&oD5igf<7*wWpqJ^e_N?)(j_-E-b;s20O@F)NCmlcI_yxy1 z9Pe@*-gog{{Km<{`!32qaB~0dV@$Kfr={ac#|Jw;-0_i)k8?cI@oA3Fa2(!!F>Z65 zJiPCs{30j+yyGuAW?Zqwe}m(D9B*;F&GDm-8O&{VUUvM3|&+#7|?{S>3{Ae~c0yoD^9k+4Z z!7+pV?btq!2Ra_?c$nkk9iQrWoZ~5ur#qhGc)sJMj#oIo#PM3k>l}Z{@okPbJN|~_ ze|7wjSO zp^j@DpX_*yVrRj<0omgX4{kZ*%-r$KPwh><2{arj@LTA+3_aF z_dEWMV`al6qwB}frfG4b?b6za2s61}7de)h9Meu}I-$KfmPNEtnmp^cyW^gYX)82+ z+6RpXIHsS#lIQ9ho-#dn2DGzCSW)xi#_^ z#k6U2Ea}H@I(WVK=aFv|zZ&^A@!OH_68}E(SH-kxbL>50+SB20i1|$iKOk-u`8(nc zk++Mpk)IIrI}ZJ)#D_-yv6$a+$X^r>icFut(UIQ}50Cto_{7M&#SDn$SjM297Wt22 ze%~Rd{a|Y3M!Jq!k!hc&?GYXF&f>^J#LFXBi}|gG4r?o18hM2H%E%{+uZcWXygu^j zVt(s!>=f~Bk*A9Jt%saG3)(Q@E5!FlrVZes$XAQ`-G>hOh4xJNdhrh<)0f0=J>*{( zzY_UA@mrB;KmL8>N5pj0qW_p!ADRkG8vwuWkpD#7F7oT*ipXz>4~hJr;;P8I#RDV% zS$s@n@(b(NVUuybV1)G% z(rZ6ZMp#+Bzp{6KW$gaS(wm&k&5pn6c&p>59q(}bs$-r>i|2=qOOz)}-pX;-@u7}+ zCQY9*+<3HO%4(BSJ{wae8?SbpuAeb)u~s>&zkbFM*=*mcsw($?;J^Xe>)-!~fh?bK z0PAP8YNv};9vC2x9>1;{3a9T9m#$;-3^GUV3;H_Ha;kh;^ z^jo^7tmvu7N9}xBd3C{yTV}7D{m$%7OSdd7URJ(z+pO}QZDsx7i{Ed%tFpNkV_3TB zkCjs@FYdTx*(M2=*7mAsb9#2xnx)&WnEAw-*?o7sTvoI!^TC*vMYC)ET-LL5S>dpX zywQher`EPySj#QdS)a)tl({)?M0wAaW%+02UsGG2im$0CpIXr}J972HidK~yGdB## ztK67O95Z;x8IKI^SJvW$AzItw+&SRm1BJVeZ$7fw@c+Vgi`?mSE}iI*({$Rh7Uvu;i?jL;K5|6S;C?3_H+5s? z^Z^+q%OitlDk|aByH098vg`7h=T6o6hU$D5ln*VOa$e!q9~H{#*2mrXR&u`noKG>y zolhszDGxb4oNo!|8*$9wBTqa|7u1%M73*Y6>@t_k>dX0x!quIuvz?=}>Ed)YuI@2+ zws3XFHoUqKH9Fa-;fI_yvZkzsPOYJEn_C4~Lv5z*d+}?ap&4}7bnO=PrgXf=V{_c;OpYX566T40tQ*_y$q-V{b=Z@&t z=+c9d5w&GSD~m?fOswg-X4j9)2faLE+o)%rdhch?KlMn@W@UvVDu$9&xomJx-gonR zmX+m?C_gJ-E0f$;%iC7BOiP#CSJC2-8wVeyODOB8$lrNn-hCUB5uM9goH+8_@w;ws zKKi`E!AIS|1t|LMmoGX&$yvI5*~A5k{asB)?NsCy)lqv!J^j-!{qvx8gAXoic}~Af zS^lhdb`5KO?vmw;b{|nLg=Oz7-7;&zs3lsSWMomcTXxx&S(}zV*K6I9HhD$I?8$DO zl6^X>6u&gl8}+%RFP9bcEFN0CbWPE`tNpjsQ`GWH4zsi$gfkZ$tA z+8`5yxst)!FQlFs*9Kv#Z@M-}A%$4M%G30}sDQL7_Um{&FF{Fe9gmXSIv%BU>v$CV zMMQWNl=wwN8l6al9xTYGw7}AX1-yb9)0ZaZgh?5d+YBSs5|S=+(>Ik!O{PnPDlUA_ z1ZkF?WeQ%qYFFNgdIL$(gmaUX=}^kA;SinO;HrmU3#0E@-0}xD6pDp zS&pzXo1N*il1#-q1+nr}bFPWojmsSLo1iU2Cm$fOHL{Q5zJg`ciFc}+`cSu^U zk1BhGC|`U>hjk$49mnY3XSHFh6VR!Kf7A6Z>3ocmC9fhpVV$^jowzZb!ae?^);`b@ z1`XCb&{u?0(MXL;EcNRhG-|lsLF2e?fvtvcO#5`*f*$S5GcAg$+g(4bJ<9;FECMHK zJhCO9>TOzoJ%eWTS379laCw7rmNy8M%8&Y<$b`0>txdYhLEE~s=w`YV4H~1=-mhuU zA^l`<$Gw*}(1IJJLTA5@!N`_F;uxxsi#1V_%*=xpW_fbs%pEDv*GKTU&zca5ceXZ7 zPhPPBn5W}d-C*1XXudXS;bAZhkXFtO6lpC2ym-d?bN^{Q(X2eI0y{4_km z{e)vKs#gdeix&_7X72E#B}@;WV2A61>lO&$spX28o{E35wlFOfpft@-maN(U&~K#~ z%UY17Z>J6H%+nTB0WRK8aiu5zHf_l8d+8aF^3|&t>cYrv(S#-(vwf zI5>-GqvVznlM!R0qPgz3t-7{g-9!4vKI2PDQrYR(7O?kE4YVxI-kMphOS7@ZN=BN- zsoHg4EwSrUM&k0~WvpFgmmxV<5z}aG?tV;{@=R@-xsAuM1F3DL*gPfsD za)vAd{sOS^ZEZ!#Y1bC$!gq@Q;P$gBnGVucl$;sDj~CB$`~2i)cvc9PiTlM2&$Ru& zi1T$-c6=Z4Shvr;B?0XGmKZ*cT+CLd^K0=Qw@-I!FKuQ+(GQN{L&paB*bsMs)8K^O+sq4OeN?jl;V}TVb*|>038txsz0Npj<)t z&p+~pISLewNlYrW@htL#h(d(yG+diGGVKH%H%S}W(j0ehj!v*x+sgDrA&4h|4(Ha| z4tDwk`tvs~B7POR*8h8xfzzM1AA2%zmyA9!&cxjnYL$VRW1E+MV=41FHL>&cbdvB2 zb`@G=n$o$YwBE#9X=3NX(&AuYLn$*`W#Q#iUKk7p%bX&U|K0s%(CU$;uGh{P2GjlT2f%P56}^Re$poW1C33sKX*l8s&|x`-o7VoTdbJRo7&s=b!a;AUx{;F`YC?| zy+ZDGAfL__mrp9rZE|ro%O92Y`?`*O$t?Ey%yid7`J(hwS^J#{-f*@{ zy@SIf>b+-=*Pobf#rFxPOvoOa9nfb`pMKfib2)07re!Y@&pWU8;u%X9_g*w(+Tz*g z&Fej9_Tm`}YY93h+xt{$&zyPwyfi4PC}`&N+QqeY2>Y^f?)h`)_g-8(b{X>Q%_!5x0(9q&kwFt6bbI z${CDKeGL6Dh+IB)siRlRM{e~gQcAV{XKy$QB_ftJXJF8Swj!@-0bySHh+aj@w zG=0v-$k%t-_xx;bpSL#$W#cc`d7O0*gCsi^j+Y zbWIlxpjD4FAdJT;H1)|h*GU2UN|zZ@@b>Pl*!TSG71Fb7$L4q)#5h)S7PdqJZ?8ak z{yOOqKOQ~8h~HXmc8oANSxpnGoxt#48t6Tv#2n&IV0za}&xw=u-PKR21mV0*Vi@QB zsx~`DnCShPWP#``><;aFd%F%v_BlWM`_i*xFwsl)Rs+#l7=8ENUcqOSFBC}p%3~Pu zqjk}a5hi!ZUNg(wF6mZeB{!(xwurD zw|Ax#21{nn?AgBgUjC2y+1&9u=jUf5C7n%!vXS}PJ?qp%IQ<>w(2w)0t@<~4vO1`z z&+h*b^QWnkrFq5XB9nJ%AjXj&jX8&LE62psS%Rjs-ujJ;apTlX>Nn5f-=4drmFcMESuba*le<%Dsu7yY;qbiIhN{ZCf;AFqh*n) zj?#pO4%OGgB2zV`DG+(B{IesUE&Hosor}B%+dOPqD3O!zV3TY26PW`|6DH#~WjfSd zGGsQn@O-dnpDKXN)RIGz7;I)&uj7$3%=8D|~S z@Ne?|aJ<*Uot&|XCO;dF@tG;|~%(a;g<)$%FG3F<# zan>eS@T^5U6P!FecTvt52aDTW$LBkyGs$!=b{w9^XooSYrnAoRjgD_| ze1~J+eRgbkPNU85J9&6!qnyq-)BmMoI=M{#JI5b5R!d?|r-|c(9QSfu<#>SOk&aJx zOvjqVVWQ(&$1@z$)n)qg9j|fxImf)0P5)}gzN}!}vFY6D_^Xb;<@no<8FOOCGQQaO z=Z+a)Z1UeYe%J9|9OtQwGySHHTR8UXCD8e4`h6Vtb9}VpVUAC6Jk~LF39~uXF?C9l zFLZpdW6EgLxyCVLicNm2<2xKPYR7cG=lFTYKXLqu-hJM{hZMvy#VZ74D~VY z;`kuPy&UuN{ga-*LLJ)TK)u;G{O*X)awjJb^`a=JPHFno`HZRO8CN?V?s$ablN?WU zyubI+bf**QPBA`@sE3uT$6G! zbs^+!#S0=+m!w{Vyi&Y6a(6N1F!EmFt0I$T>m!q9l)dQCc6evxA>w-@^LvYd4(O1U z4@IW#$?p*4q}daZsgwUOGHFIV3LWa0Ka0FfyeslW;@2ZzEPgBU=fv+urXKo!Mc_$G0q$hU}FMcydx68Sc9&&Usn`$hhqnE3+O*(zq80GM|^zkguf;b%nt zgLr!655)5#^FCi1xlnv@WCmeSK4Yhu`1;5U%-9&2_x#~d33aCq||&z*;rfyhKbH3x8hBe0`XD0p%*pZ{HP>$(xj`$f+Y-9r-5ljgiTlw?!ro zem(Ld;s+x0yLfwK>IF|n{;`;H75hII?~44I_&+04U-+-cZ;SsDdAGQvAU!tZ&B)|U z+NiPlC-K3N$){D3iLw3GK3)7+Wb*j4k*SaTEb?OUuE?|vydIhMfwv;l z4)bp0>%<>MUN0_EyoejW@%5Rgz>kWV?~eRMarely6)@i&`Fr9)k^dlOjyrPN@=uEV zq4>1O44j%0xkUGnHH6S-xX|Lr3>&&AGI^gl>*#b6e=+jG;_D*QHg#iUo`a2%S;OLv z$PC8fJ7U;jblrWCM~NSZOnu~gkw=RkiOkTary?^1>eIOg+lxzTJC-n{`wbILtj7*mvNdY;Yg_?cSwyTIpW$o^Lq! zXkz}Xf)?AhE_|%(xiiK-+O_nZCtrT?xi`0cux0dwn)&C~%+8xs)8>fMQNwr5C?C~- z_LxzX)k`*>J8fjekqdhDU07Q*wKg-WVph@Y%&eL=0}IQVJ+WX%-`&5>hRGe7s&S;q zR&`=EsnuIy*dND_dV0#2nvdR7Sk|tGrf`%D9#q!iKl?L6l_QdeF;Wvgj*K?`~5_gBL-i)4&qsbWd4AhTQlGtcYao!Y2~n$tXsK4Q(Y zI2SLk@QL6RUnj5b8?2oWYLt2KipSv3c?^9n-P4(&7=rhn%l)!c)FIPqKTXtu+_9Nt*wOQ%gsGCi>I8SRDUtTIh2 zI24IoVZo^qH{sBaF^0cQVqXN5g=R@(4W-vL=Z2;03xoAW+!xm$abHq@h`kN!kK^$h z*?0dMrz7Xf{K)wx>DYK;8`j9xpw_-Zk|94?xMBkk^37f!;_Iyt4b8?&we=w{;5*v% zCB8F@^p!8zjvlu`J2}@=q=D{u>CubppKE+hyIWMzuy-^c*QR0Zqwz7VFJ6t77aXcQ z;O=8rcC;UHP6j(MsGWvKB>8TZIf73MvZ@W60k|;-a=HoO<4~?s1gq)4#Wz=05p_d;% z9-~k6Ajyv-@EV4uqiG9EyGkeh9FQM(TQ^p=04pl{@}#9vyMZopG8+Ty#}L{PD|2H) z!${+BtRF+D*az7P#y%G1C#hGAm%lLlZ_aQ(jrdhIs2fve0vYdt20?|2w!d|e99#J+k4!b2Gr>+v(8(%IGfYw>>oJ{v2H|Ny)l870f=n) zB+LKs*ucN-*u4@mt{gs(vpE~PN0~_G#&4yqQX3^kkI1}Jc}XE(tF3+HP4aQrg-uRr zs9Y2Dt#k=-=(A|qT#bg*ShvLsQ-79G7?~EwS@x-)zYb)CTbdL5{GS`&7Lrv-jkBV^ z;rO;Eny2kxou$L=M~`-~BjUb(rUW-6`sP_y87cuBNqpS#OI^*PL>Y#{CO># zNSwQl5ss0+pzENz$8~V5UB^tZ#Z?%7R}2E8vvjG|zA-^3sS$9zeC!c#v&T8Sy=v`D za00_c@fdl*ZInIQ^RU-Qo7uZWY{#JZB|U3j1){SsUiiiYRVyJcbOJ;A=KOV>sd`>d z+2p)*UD|o?6x%Vvgf;uJKy(&%tM6{Z8f25ri1tCY*P?HF z7wYC$N@mXVej|ZQ5L%+O~DiWxE*0bJ?VUy`3_4 zNzPi`x%mC;?Oi8(=#efRv=N3q(%ha&VN$E=OB;)n_6_k}@+YHJhV$FHi{zHhdIa|x z-?mZ0gCsX+_H5sLFaO8*Htu+xV|*JwPtB3ex}Cw1{~6zwj$gB?%3j0Q(pR8#x$ic9 z>>M%Uc5tB`U(eWA#ND(p{)bmJKVaZZ@+ZU6#|CU;jVKe*Std7yd2s zF!?yva>NeT0#mhM%ZPELfVJW91IEU*R56L^J7J|Wj(3Np6@4u>Hs%M8cR1b&$2k1T$=`DF-#dA}9#pgG+vv(9=e*qC_D<(u z#{(Q62~%&3&f*{PXS^1IO-_~3xMAKfc^{|K&+(CthdMsqG5Or=kYA0@a6HHHe8)>1 zU+DM}$2<>a^G3%!cP78x@m-F$IR2L7M;%iRn4NHcV;a8Xq%= zenDPs+wHY&p092FN^Pr=3wqVg&2RJDicTN=;mFFKEk?9T+E*w2HcjcD%~sT$MJwJ` z)z&kcYkPGlx=2P}`BB$huhnd>-F0^P8Ot{pzge?;_wc*cytQX@?XX8b9QD){hYT&7 zv}N|TWpw=N$j!C0woTkJyTj%MOP@RAj6uck7w%ZIMp-|b^sK%0(GTywZ%5-1wS(5| zesim&Ntf!R+oq&h^|Q~e8}&$bXLe}W72Qv6w0dXr)a2za-?i?(+D576|Btn;8NzO&}p`#A@WP_OlQvv)pw_Wb6VXP%igYu2n; zGtYX~@Uv!b9x!#|+7oZTTc)Gtbh_oHk4_v=GrV$kyRqdGk-?Yt*bjKQy7-t+I!?t9Z$}D@)xPtd}C97bbjmeh1y*jk13x&y0Ep- zRMXJd*tAtGGP)4ZX`?O#B*e8E+#ZcDJq1mv3k&B)f4;TNi6H zs%hiM#>4V58g^1`esSGLUK4TL@5eoS&37)C*YTCg2iUxMrE=pZnht8-(7$=Z#f7Gc zg$-8}R!**4`N_J%X6=*&ExZFEZcjR zAN20_c<-(+_U`g(@6MezH?{u*W0kk7#hl9=`WmTSt)>usro4>Vq;2~ouU4dUJpE_F z{fU8whXn=}o46DJm z*6ENlRbNoNoUu3B*1DARuT@Y}v(#%t=D^ z>^T;%o_l5y&M;K7K-CKD;ZZ-yc1-hf9}IcZc*q-}@}`Kq^=aO!F~=s^KV?I)G)lFs zb*0g2+5JjUjqHB?Ij|&EM@>F4$^JIw-vEC&h?GFyh?F-)N!1aPl59;b6!7C%KpLfh z6xA$CvbzSBq;|M?(k(L1d}iIpb$){-u$$B}xc1to+8uEx6Pc$7ERQMDVQ>9qdXdH* zw8I*rdCvIRigwf%S#M@epCxS=X(7tx+Hq2MVy`yhBvjj{Fg+%(#8`t&5zmxP0q(5XS7kNn<>bkyn2 z3?k`V#X8ef`pV-nL%aN5!5yM^`K161U6_eICZI(LJyyT2znrX)?Q)O+2IISDCTGtg zDcO~N)mgriBAEqf2y{UOiBDE^=_OFFiA5JS!ugoQZpPV-DM%36PoN~SduCF0g~T7H zEziOIB(ev651ugJS@;ZMPg3+W#4-;%SD-72J*UUm?%aksSp|jJ*Rx%?{eE6-azPx^ zJe7KN#+xry@{gNEwfn1 zC5C2+-tmlLbXj1Vn`ACv+7b?$dD2UYWG+L4CQloN1HM+QT}cQBjD`Nte&17icX?~S z%}S8#!S(qS`GS1rvLg`1Osfl1uONzq-b}dEEohyG!`PXrHEEM`KHYNLGSb5C0)On`+r<69JR14-PWh_VZdy^XeNNuv__nx?44krs zckhY{`Y)1_UC3U$H6AKD?^o_vR~XZ@#j> zimck!x}I!nl&tGHgL+4H&IiMEHF5L(uQ#dJp=4nXlX}kJUR^1wfk=_as?jRl`e#9@ zv$wmazJt|0to3zGl>)jABd!5v7qgtFv-v4KrDVIW9VPOvtu5^BW?BV3ykJV|8AM6+ z?k+|Bb`K{)(Owh`e?Bz;*qdxx%(e1K>XT|G^erkvl<&DK_W4Nbm)h>@Urdvdgr)6S zB*qLnS-8IP(r_RcBQJAucdr17BoDglDBGIB;pjb(051As{+1(DP< zO%Vu=ycf$$49xGOQ2)W5s>_tYGn))vPq<1xlbrNP1Wm*#u!Cw*!e;~bM+sq*F z_bDNj(^;j3@w8UN`pWBEdl9UcmWxT}4VZEqM?hbRDV70JdQuAOJ&oy;&Ne|h%UY0W zkv>!j)oPz!3zFW)^jlAK|Bz)8!H4CekwM^S`3hZhy<~I{j6`M5EJ*TXwsM(Jw%sL3 zZPnR{o*^$ArPenDO&qCA>#Efjz0M2OB+B$uEk?leU%9R*RSU?3s6tVy2}ZQbY(+Sd z6=lt&7W1Um4Qp(6?1jCG$4--^hjN^i3-sIMvMNcS<#r^i(tJs|Ro=A` z7sa#k*<`tKg?G}Q32eugE|kfZ{2rvTq%8(6GYw5;TDJ3~cDCO^| zEaI0d3;+Car!!|m0OQ37BPyit@_a*=a<8O#WnfhDmc=bu0Ooh1UY_3K>qB?o{J$g55^$wF%fIdA>*RUe zo0Dp8XL!AO0QvlR=5xr|WS~m>m$OK!tzRupYe_?U#Alo_b3svkF;!*M<9Jb(QH>;( zt2t+!CZ2G;l++q)gOSihL9H>t%w?{9prmF%bC~>-BH~XgVUSVLTbBfo%{@^W*fP}} z96g#H%mzb&y9b8p!L(wkHrX?%N2WL%O3YO6q7qZXg{cZ zo>J5@H&lk=etjOML?uzmnYp=v)HTRGJz}^sxwn?ZY;Oeh%v^0qT@?O3UL0D`Y{Xu9 zE|pMWze~->W^$sWmBwysWvF^eDOrvz>63=0)5<0Kq-Mo(Dft7flp{2Kpp`UBLw#HE zmC^8l7W7~PDruXBrqZQPd8)6DJHWn0R8mKsQlynq-S&tP3MHB~B2;-N!ivostcYQmDWwH%<$A(B{$o$Vlf|4+kCmf_#HKbJ=|(W@DIX8g!GbAl;^@LHTDXV2VUoVlx1_tu*(0r1{t$WM74o>^lWrO< zb|<kmup>y0<7*wI}E+5pC0R#ad%*^16!;dF|v)Ub?E6^6>v; zb^1=dQLL<+L@-R+qgoBVDlD+4oR-FFlRu7I^|Z2Dyp-EMrg47nl(#&B$@I=ik_SX* zXlo9J_n^Gx5lk+WJU@xIv>zzV%R5o>W{ZHl`k02iXXGu9U~;;) z#lGt@TG~&Q=EzC2PVVyZRGz93(vbHXdGfG9g&VM2`hb(h(lpZlDDU}xrVFOQm|_~~ zZ_2yoPu>up4yEYe!PN>FCO%kCnPKQ7B4=rp0{%EgjM~0VFN;2whx`Xh-a0^Zmd5s< zmp4}O;G>;&=*4!S&Fz{LOnxeP4JJf!gM?WaqT8xQStH^eid#F^39I|Ikk`~#J7_Tv zfyr~E06qQxbb7VP;oN)a^fET0)4R9h=REA!Dt<_-_}EtQqE2v_+HFrKxOgKiP2FT$ z-R6wwHZl2elcUhbTG+bmmKMtOXf`LQtMM>JU^fLv3uLr!gHxAGGO%GCf)mc{pyc=}5Cc4i8f+#!xU*F5b;RCQSjZiS4t0q|;8| z8rOZ^Pu*$836{pupX8Q@|7X*qo==^*5y~x=H@w{8OB}w!Va~7d>k+Vsw>tbJSnY#j zoz-+ru~%Zc&~G}-VwTZs!Le>EXc;{$d`5adN5@W%@u1>jc}F_>F%F;X@aYaOb@)1m zzW|QqZgh0)gBX3Yqdx$S$NnQ>j=e$c@T}wcwc~jithov9zZ}nB9M=1!#bc}iNB&*G zv8;l_!-Offv)Y&sFIoGHcNkk9M*k={%E2Cv<(=#3*t#*EE5Wf2H-Wj~$=&KO-z7Gl z?>PE>;8@m!j^`(i=XuBTOUD!JiN&(sa{LUkR+iRmiuLIPj%9Td=D5bIO&T1}zK&-I zI3CwX$MX?~CpvsGILe<2j(O)ho}~_7;P7h4|2ap;?v1tQW`~~u$FiOR$Fi_#WBh+~ z^fw)ycfl;LEEN><(jJz#m*eT<6q+VFL69;9KOo& ze8JJb0+z?2?quz7ujBcl!`Q1ao}W1SGhlgKR)e_VfewGf;d8)o9QeG$-*NaEhmmVC zbt;OO(`Iy@9SnzieXLKo*GJsP@$Bhv!C~&#Cg)&>4|RB~!{Z%3+2N@U&vtmO!wVe_ z_l{W4PdNHT4qxi<8i%iO`11~b(c!N+yvgBjIDC)8-*@;ihj~7-_IcLf7aV@s;a42~ zFNa@uIHPgIWR^P|o^@iIFb^}H@XQkF-fk)zWX3bZVK&8#eu%?k9A?AIcqTf0g2T+U zj0Y_&!)H6Z)Zvv5uX31;GRw={%xkr?9u%nN1_;80&z_q+5 zIo#y%42Q#9CCWe3(NWzsITtv5nZs)x#>ScPuXFe&hrjIbZ4Te*@I4Om?O>DHdj4Z{ z>;W2n(qUAKjs9DQUv>C3hr_%mwnN6v6R@FXa%vsMo|@5jaTpzDqob*87!_v2A9na~ zhp{DSJjXg5=2Wq6Qyjg?;nN&G-C@+9P38)RFLQXU!|NRmbFf%0`qU=pE{DJ8@DChD z+uHbl>hKE=|H@$$td0M_9mWo!(X-4wVtvrVHr&MsM4ARycgI!`Lb`9u&9@uXp(C4u?5gJYF`=ji0qT!&@AF*x@jji+P`Q zbTq>)?|(b|j>B2yGaeMk4R>`IRdS;baCnfzLmeLF@Zkx4i2dMx);7w>iAo;U7ATg1qs+;4rH4 zM*ow;D9IbWgTv^|8@<6{wC9b!pTi>@Zgd!ZdgDLIVbtr5KG$Is?TxO;7`@`l@*s}FZPBOGpPu0Fx>Omg@{ho?B)SMa*^Z$B60sW*`1! zVK!GOm$ePn#=$d$dF}%<4t0u{>jQh)(B}&GkC?qA*36;L7v{MSe39_zh%XVw7B=)x z3ZED;*U+?xFBfK=93HMGY+HjrE4(sd#-vY0`~_jw&*9l1d_%-sXJ3sN<>PNg%r*D@ zh#A8kikRzOV6@e?8>$^5$gI;9J77MQ|2Dw*0;jRNkzhWYa*qzSuO-KQ;}<5R{c) z7J|x0(qJe-rYa~N(ZZ?m>hk!e|57M->8~Qb=?|eIyy+iMc+(%0R9>yW% zGLKy%>5c!?N_B6gwWBPwNN}0{HD4vHy+MDUmT!NR{wn^IId1T7>xDA)nSLEQ*W^0% z=rDPg`b^y}s&Zew+4^CTRKEyy|1a||x|VPIYO6j~P3ctsP-mmc=xlXK&`!x+CG5psyL3VZ@sodK%?-IG7{yeIsTVB5!Ig3^P*RKB70H70 zVI}WydDWHxF}(WZrSudn9U9Ues%YRN#BmT^=`pt({^zTnXcn+^%{e8aND-RjNW@tE|)E4 z)W5U2AC;rvEuHIcnU4KK<*8_cRp_>C z4R5PoT@unlfY;709($1^=p2W??U+AaaB6AL-JTuf76zDunPjT}!L)8{7XqPrPSKgR zG~Jy`#=1R^DetAh+{y@XdS;THP+K<653&(rZi6&(1&t`jec4U`al?$0o{#a&J3CS7 zaHo4nOl*tq!%FAG?TBxzcv_chC!Qj#eup^>{mS;~ynykQdjfpS3#Q6jT?I83CrKU< zoylX0V3?#0k~cyj@|ePyys#IoxVb9@I=KQ2o*}xI_pIa%S0eIICoy?U8!V4tu<`b7 zKy;QC^r4KX@Kjw9kGZ(?W-uSw7osr{U za%A$D;#eNRWP;=s0MS|6?TUMO^ChoIG~@{u9c?83AP2Ld<-XHV8gWD=0-%yCW zPV!d2p9+)5>a;-#V@ya)Bl<$b#`kM=rUuc>!GmY-o_=AjQWuo(`zHD=F&KvTQ1OKU zEM~N{*A(~dvPu&H&KJkQT)>W_N*OGV$jK3sXLTiRX*mHeZ;j-^hdfQtitau4|n(|hmUo*$>A9eFL3xAhd=G`XBCU8g(z_-&Y$DkA>iN`PANKp^Uqh>}}E=FUwtChRx07c8R9n>Oa#(II~ue zPT`%_rhcfnR+Z)wWXrj-Wp9&_veyyUoYQC@rl`2(ZK9UHdZo578mzs~{B5F6i z7=4-Omx$)i)qgK#XcwMCLX;Kn8X1=i5te{!c~)2TP{&WsVG|}TE~k8>%OYL(<4_spq>*@KSO^>r|0!oc5Zn+ z2U`z&JqM?H@AUH7&X|ikbl224n|;qsD`vcXqxA}J(5+p`h8rf@%w}Bto?ETAkk;PW zXzO4JI^fiBT3xzIhhel~yQXH-q`1Sk2u=*}6oQYXRDxSl zDgm9O<$9b5VZJA0Kur5CmzQN60^@D@4LEMGG9E>+Z-A!~P$F_Ctp|mBN^&ZJ2`POV zj-30;O9;Us^4aA4Ac2cVWP-(!tROh*#;~Mn5~R7#3%Nd?k_pmW=Lw~bvU`{ts!c^7_&F9T6B(>tB?hGh$AChWw0udPQ&LDktz=vYX;wi@ zSEcfm797{lczM|bn{%YyVN58~2a={EOgq=BP_S6M47EfI;bI{C%^M?=FfB)%c&NDb@(V1t?T{vi)RmQn< zrVTo6`t)rRhV46i-yy|C$oHwVZHl)=PObN)^X_=V3=5rYeQ(a}xP-Pu`&SLGPtTPF zLlfyo=h9EL1@j%bs$lq|idD|s+1fPDY{#BR`guD0#|}ycVsmGPh7PY_aVMYRO$uM&o)8{YU(UNL>UP`mt)6+a}<-qqPN}D!w>Vky}oo$ML zu$_#*ufYmt$+$3EPGR`BCD?Q{Nk^4-N@5v%$HG$@eVp;Ju_YKjq*I{fNki2 z|Gk!PxA!5rc%pV<4c9n7$ZNQHH6Zhn3V9rNFgt_9ZTM!6Wf*#MeY$qHyD<4ltCc?> z#!cR6#l3?Um)?@Nfuyc2zQdHvS>6#}crF#6FV}hrC0O0ZIt=|+I*yGBIS%sLam*67 zx(X(*%Z~s=XY!^hZkVJ?^}x`i5P8(wAcg2}s*_ghCW z_)yFP4{o%Cq1VIlYC2n#_lz)k3i7y@wWe^P2~iw~|8)$FZ?5Kdj8x`~@Ao3aWr>h< zx%h?~lft5Cfg%?D0rAnF%vsu7BKUS*t*JNHA;&@cSUaOnWqCwS9+kYgfaolZHDNFB zO38x{d8{p%Jlfo@Nx|eGbY7D2Kqt3J#63i@cIJGmIxXa_RsoD9=1iW& zE%fwl*Lr;ok?)U;xH^Y(x#H-N5_2tD9Dc6AlG}D|mn)^@a^ZgE|2@4u-6sku*Yh27LW}0 z1;=`FFED(H!z;m2&h-wf*djmu)$+1zX_)(-VXkDujH`xwJKWFVfesfO9_8@i4j<+4 zu?}-xSy@vYKEq+I9phQ*@Ociea(K1F%p)u>*O%ez9lpWgJ01R(!{2lG2M+(p;YS_* zsl!h@{IbKZI2`&+JlC%~IyWw>bD6^|f*QS}!=e8~Iei=*9c1Gl;_x93k92sv!xJ3# zeQ%nh&vW=Jhgku&a?$fOe1*eTI~@9Otp5#;j;^ld-Q+Nfsz(2j!;d@sq{GiS{0oPf zlbM{~I~>NwI6>lmWIPQ0Hf{(O>Hb>V$H_TB*!Eaxb1-6A2L?0j92qfpW%RY7GbfoG zG4~~Ox1n>5PK}s*=xGtNZpXQRr$KmO#QlVqM$CPHHE4MD7Dh)K%-Y(Th(99y`G~of zaW3HD{`TdFxpu!6@e<)XBVH!_-H2BTKNvChvd1F6QuyZ)b6s*Skk2^%>xj88yL>^ZX*?cCncu>B6)>Aj9R&EkCX z;<^R1lOB`B+BARdsQb%K_|9|rTQ)3hw`Fjr&C)1lUg7nL=_}?q_A=U}LtO|iRl76x z(1-P(`KA6d4A!^Ecb7M(J)AEHYwv}}Qtjbv4MF9n6|}X7a}X?LL#>GZ zuzl-B(boFI>E~*~9JIgclud@LCk*{JnM^QBK9`)mVm%=A+DIuNB z($l0xOonhHPEN2?&Oj>Tcq7q8vLTXo1R!0-9M$1$QkOACjG^bdO5G_NHhKR=*3i>u zm2}W}&-HWdbA$#?7tM8Qq#ew%xYHCChLSFbr>4JyvF5Oxozv2FYDhYxowXD#FVaeu zvd;~R-Kpj8z^MiL_tqPpe&*Rx7uQS-7uT#=5pQFGyTy{V9e*+7doFed{of*MstA1A z88c_(L$0<~s_i*2l;tcY|7$7{r{hHWZeoKjL_F6tLpzvDo?8ysF3>9B_gblLrD(h$ zZRwp^q>h{)JJ}yEX%~@J_9yFrD(OJFY>EgzB znP|S;b$VEC7L9Ug4=eXZVap?!V7n&|h|bb@-t_XO)a{(EG4FB?FkuQ!9_wdb-b%^i zoKru+V*SE8hT`Tb)p4#fAtD;QU)amrA|VfphP+NOjpGi_wF(RJxDCp5oC#4Jh<_o5 z#`mf^Q-f&cjF0DG`h~eJx}bdDH_>m2!7#kz#m9AE&eC2J!5_z!dYGc#90$)&q!Dke zYdlHv{Pkh-ShMl+Hb|cJ=UtsVk&D-)V6sv2P~B-SJ34*d z>a&Li6T<_9S)akNmS~uLV=yDjK@r2omsMoiuZ(oAS=`@q9f|cKeZ3`JEXwEegZCRUc<6z{ z3i}@*TqqRW|Ni?A%jfqSw)48i?AkuDodET?2-!)nos0`PCa5 z8=J-rtc6t(`kh{<>Myj2bEuP)pJ@I%I@fW^HC~~ zb=vfp?8mWXmcaO#@1l zl+zWIeMo<~bUkQ3@nboq_KD&q_25VSU=56lM?UO)#WRhQ~7vwOfo zl#^LUzo|y&mz5-3^)yAG(!;{%>(eYuR@+V2BYiIfuteDorC#dJe5jpNg+qjare-(& zu?pL6s+O1fk)fX?wwq=#c5>RCQA|8j(b}uT#qn~YGkdqcS3!G5ybfQ|ALeG{%FF26 z9m65~&sVC_H{DU3&4=$c+agu?ZnM7oTvFscvU71Qs|{6N_o?O@`)YEn`xvr@;qcbG zj>q1DkNUgez-TZj=qx4 z2>aI3p6#a8v`Bqw)bY|cgUjk4fqd+hkP%5WI#2=m1g!x7IatQLG}qvwQ2z;9(wXaJ zk`oDF<;$@ZeGZlCs|i%1=)o~250TeLCVWs z;HW>9SH)988ZEVfQIW~P)9U7ENAG<6dUefgvb+AuY#^o<1I}k%P-?bXLzI8-HNWEOTUc^q2~BH%en~Gq#BCK{+gJ?@Vz#vl zP*RhPt9PZ3ofT`av+IBVn(KV&n34_{eRU-^$aCr97*o>AIHivY)Rg{Ltn+bBc4Cn) zuzjFc_`+OYZCDZ8k&(1C6qfKH(KYH7`G!Y+3rNH5ClA($5L{b)JTq`Ecf`kBw{^L8 z&MCm^+UPL!MVf5WcNpL`l@5G73w%u8>M9t%?wkiiXY!6$+%QSkO5O;C$m6kuG~~^b z_wv>$&OX06gR@2O@}7{qO-e)_vmukmT+8wZCVZ#lAwYDN7Up?IRQQ(ouC+wP4PGMb z%jKQ))#9aG>Tl&zZ_6VXY-!~I(ODW(T`#Y;OR1f;WLcEAN!aor;!b6%14L(OUsc@8 zD@Y#m9O?(Z)$cxG%OjZFrv&!u%^Ccj2wvV;$=fIz@;b#dj{C>*< z|4a;x?-rf>24jk8@cmMreqrumMSR~k(M+8U!&|0{fa}1VrTsw!e;j|%aZqoLgJ(x; zm#i{a9+8t;37Z6n&eHy(xR>{~too%}`-ceK7Y zMg5-Xs5z5oaSJ{D|JL_7<0XeJ0X=I3H%kA-^}Tcg}l3dS{38 z4hQ`yZUS;cphx-p3nQO%6!an^59>)LbE?B1cX`iN1c*Cr7$E({? z@tP7W=JkDbFDJ*=W#P4TSupn^TbKPv#LO!=7U*14=y-y;2c8~rf8iw&bL~)nc!mh0 zHwNBcnDs(1<0$hkF#Vl3*TId#xWD&W?4o&R$}ZoTgR~U8!?oC9!wwh%Up~KMo1ddO zH=3Le3rCUKeE>>x@1fpXa!=R);Ne~`XQ~Iwvcq$^SF+uDW@;YZr$cRS>rsqs&3d)) z*>|c2Z|VJ1{Y#mkpr^ddFT9Q(}W+r}fz%D6W;&DFoSaEf*`Omb z%P=9gb@NVCq?#`EihMhnJUCDP6ElT&*gX)byzC|Y z*HA<)%fz{J%iANdJ(Tu{Q?Y*!%{^8-ZCNy$Ca99(0=L>(T{1|}&e* zA0EIwU3C2iM|w7(wDSNF=$(%<)y*bfRC1f^d+*cQ-j3f;PcLm#u+x%}%x~&gZ2e6a zr(b8wg_W@Lf;L^MM|WO$5j_`PN_UvmGhQ{%shtA!FO9d?YFhfzxaLQHU(1`t#jvoB z7ALKX&ODU?ZE3Q@#WlZhXDyX3y%hzwUS*4Aw0ME)|5n&KsT(!OGgvVx2HPc3CH!8i zYTJ9yyLbwBVtuW|`$1l0%c~JJt`yhK7y(PeQ3-Q9^K|T2a?cF&?wCfLv*YFYbp|Dc zG{Qq84kLwdTYTICInz7hJ0{9w?uJ92^%UY(cXR*@Lr15Fahc;FFKHY{xREL}w@6@w zMHHHhnGTbT9nL0&$fMpSZ@Dn-Vs4W_g(Dc`xxr+^J3?z0*!4tSyO>7(R?Ax+!Q?JQ zz7B}a(wK@ECTWI7=?fzdfu&t7?8{}1@+r|Mmn+YXBRqpBZtmYDFK-crChtqaUY^q1t)$AvAAV8ZwDcsI+O!AC^!@>WaU zI?<5FJ>2B|n=p9_^0@v=_^1g{9Eg88hQ_zDeEVy0uZqvF#oZ`A-}g;)c%BlkIlk>0 zM!ZNczIPS($I(}fVb>+?W5}EnlHAtu~Qgl64IiBD45XIVAO}~w<-CT9L!Npu9d5#pIl|y9PwK!ix>g$h;xEjH^ z58}JtT)Q~NLf-Y}Jes53!~UtwQCd%Qwl^t>nKNBd!0I1sbpsXl0c*U%f$d#u=DzR8 zdR}kIu{Es$5p#wIMaiYId|ICkBugsn|BLa)}J+&AS7|G?n~!7=ae z!PY?>ovXxnc+fS>xNW$b!;A|?rym$*EHr$8!v{M&%HhKuKGESR4o`RZG>7Lq%)Q#m z4gDbwxb%0U(|xVo1dDWk>~}c&y~3=W;Al@U(Jc{E#G?^&3Z96VvG|#YDgT9t8T(i( zKn~Z?YZ23y44%+?3Nl9ka}BkNm^Q|}-|IJXh7LJ(>WmpXtv`3bkm1sz+qpHHF7z{9 ztiwXh2WWYudlKKZJT$y(dDmX!#!b^(lTmxFcGnXtR!e{GQy1;Edcu;z{7p?0RyR-B zQkZ{Fe*VLCo4#KzWx6%@6jokZm~cWNzjxir&y=53F>cn%hWwYWzF!@wHXC2QRC$~O zzqUiWnwu%m`u)pK>4ufwDatbIm7bZSKORL^%bU}B&R)V=iDAi2>p84$YCY$8#Y*cr z=aN=cj%8JS--Y~I&tX0%eY*~6FdAZ}YNTSJ(5P=Wh`86cJNlSON%j{(sV;Y?@}&B9 zDIuvCb8M3RQ=0f9iBiBzqm@#?OOZZAll^mGNh*$zteV^^apssAz@A27PmyeTW_JxN zEp`2PTY87Oe!S$Sg(eEX(aM>17pPs^d0oGD==woDLh0?$A561cu4v74)Ai#L3kE!w z3cN$abp23{t>tVU1huHn*CcXHQP+>RtZPcTezz#vp7yg|kQr1^4LUp`(r=X3;XVPF z810g}pXm>Up?U^dvM{J+U(W`uz_Ch@3kzWT3XGM{3<{q*dt0yrlf7o~bR?m3I^FL= zdmo~B7_kbS=nOKHDeeaSJ&{T*FJm9PYiPdz`MTPB>lw!7w4iiYU0g0}`NbWU;o7-Z zXf<*@2-o;~t>~p)t147yn-geD>X8Prnv?ei||T~q<0P3KT6P3 zzNFMhjLcPPuT;&^if}I~=f!ZOyexwf94ntq&e4DB@(TLOqvlB1UtUU*1SxAt&2fNe zOyHGFfV6f}usl0ySh&2RVLfpUx<=9~pe#rl7;A$g?|al@ZzVU%OTm%=&h{nIXD53W zrFV4FRnDHp5)i>fSS=f@y%s0EkLkCb=wb4iV&zprFLKy1^lnv3>4+#Z zuu52P9CGVMwUb_^kB9Us){xVc4hCguR{hhF&DrUstr&Z_u^u4LP{^S)%5xm%jK5I? zPj8)zoHguI(7QnwNTFutK&hnGYhrSREq;BqTauZJOKtx)u^BPXgLb4fgE0452%l=siy)1ZAy{Ww}?u#MMc`; zB08{$CV*l+?u%d13PNA;+Ob!Llt3?O$DU1A>D%%pt$L0ieIq_9y@qGb(3mYWm040R z*+?zDonBl}4~z2K>c?(x*ZIydN z3;ccUxN^~(&DQirl-^T5EP8`HcNAQeJh)mOx(yJ}-)qf&(aa@_l6_}PT{Jb>ciO^* z$-ZIf9qPWWU!>F-GpC(>+NrY^Or19~@}-nHXUsZNGD7OqY103K6{j$z+)vuxkA*ic{9cK(7hncwZ4V{Kh? zzp!>ej`SG`lseLIz2(6f0C zm^_Zn@(3m$RRgtm1cOUj@tr0Czuiu`3&rQl9ji%Kl?arpIcu@p)ve?mtB0e!Xy&Zk z3q|nqCP+|U(U8Z~jx^eNoxJ4{OwN+LYXQ+&+BJ%Md5a{7wO8cvbYt>v6Sh2piEba^ zyU$>prQIUz<=wBvirGo4tuy1N5a{YFq{-ry&yDOyMYG2Ik*AxV4}3(2XW2$B94oOlnc6e5g)BCXX~iwds>^!gia@yTj1~~ z9R7^M=%X3`R~-I2IJWa0!pPSpnlw9}M;(67VU}<#?{C4e^St4Bvbsd9+)8ldsdIF` z!EJJOcRU|*JUr?c&w-BTD93Z0qfc}EvmBl8+gp8TJCn(kYM3e-<_a^+x`Scb$Z&s$ zS*JAmV2Af}INZBqn~!t!;~eHXGC8L@Jl)}W4xi<4xTi+>%N?DiK9hNc!`C@{y~AI2 z_^S@z;qYA!Z*llxho5lxDTkkT_?Hed?pr;7@9;YgqX%d_tkoOt;IMz6p9MeT@%peq z=Q_64!H(xphmUgjScjV&p5ZV$q*j*Khh=rt=s_1dmiuW(57%s@^Zto>~(xT9a@@LGqP9lqaT7JNqd+v$s*=gFFoER~;&Z!YIFFYgSp2ABaW`1%} z#Cc(^JLC)y#$FV7Z{eFFX6f#05i_oTD`L*c=7?Dm{C^R%H2BkqS0DKO`7w}_7s?i=w$;k_c}UctT!{G7vK5i>W#*}3-p)Az%+`r8PX zmucX%Ig4asbm#2D?mv9k@O*GP)-k`5ifQUhTXF{W(2gbF7JThiY~Hr!UeAul0?rfGHhAGP7#roPQhR}>l# zFEn0Pm%pyCW_@|nfRSq&o0=L5`M!1fuYE0lcyoS{auk{t*EKFK%wJKSA3bt@Q&WDl z^400T_Ta|Tn;ZKVHhrV8sewE)KhijDWWKqnaaN(Qsi|phUE$!o$|xLKzG-rO9Eh`>Tf#-}(L3quF46H{D=mUcioN8fC{cMQpHU;*P1? zVC|%m{+bO|rrJB)VD%fmywgGf@3G+<_G7c>raQijAMmG9y#$awFC`$B-$&r%@<|ui`wOgw{X>D35x6U?U17uhgLhzqWn#UqU}j<3wXrFy zMW&WpvbD~tvG!Nnw|r5eL%RLiu|!pK`CV2vYxU*EbaS?o?b3F3EE>yO@5`o}wxO9g zCEBj#Sk`fO~&&fU6U&_pN1o4^o^DrJRccXEl3xlA~0%^s1{L&}xRR5V#a(y8Oe z9DT&3v2AbZxjnf!rHfyk4@Z2e=6I(qnqAtc+xgwTC0L*@?h>+xR@zZ(LH;M%;9EGS zwE6k>-R!I4qLU+3XDd3}0A$QyY$0Sxq(PpM4@VwwwL<8O`?w%;--S!(Et)DLH`+)` z!`X&fn7nRr>Ua3YPD}0&@;f`*+b^_}MI+l#zrQf;UI9_g56HyhISF)d4x(IJe4~^` zIXmLx`LK1l)&Z1Mtltq1L%&(i0F>QRUQ><0$Fs#8d8?~nc-CeO!kiuN3=s^I_JZV1 zQiwd}7NjAM8LF4JT#-%mN26d(P<+`o%&xJ4A2=$wFIl6z?}-d}H)_Kwp0 zaWw6g_BW10O;kLNx>oY`lsx*WIg`f=zh2&4$+P~fCMwFS7q)8>8Rtsgt|mlrgM_Y| zC!>|IQN-OvXIGB0IDhnQFOU8HylCc3p2aQn^lkSkeaXo8B@p*VN}Lg(HzY5m1ihI}5>vgHv`e;{hAE^c!I->rIz<(ho?F`+u^wmhdD$%_7#qPiNl|E z_zH)wcKCXSZ*cgl4&UbR_Z_~^;s59Gj~#x};b$EFt;0;-tsP!-_)Ujdk29W~+0SG> z&iMCpnB_jBk9GJMhbKDBGM(|WXJVLDI>VoIIE+#8rp~?0c)AGNH7i)8`##A%-T0Zm z7;Y`c=y}J}R{tF6cnS^=bC@}Y$sFPESck_u+*Thx(eX@ixUD`s-|;MRc!|Ty9bWD5 zr4Fxg_)3Sbb$Fe_8y&vY;eFhBJV2PeBOFWhV4{ad%zheu20G{V#E82IvwjS{yYP&N zS%9K1LC*`%kGPNU(un&DUl8#S;nfjyt}c(5@#dO{Iak+5JWBY6h`BH0-tYJGe1Bl? zYsSp!^UjQ~>+Q(a{ek-*u>a2Pea(#%N{*YouU=s$t~K@YPMfzrz4qKEAG+b?Pi+0k z$OG%EZ-3*gIhjYwUde7fB!9$rGl!IQyRUL~ePLj8zW>VFs#iB;R&Huqc~8D(sNUEs zG1{lnzCtwZaR&W*`_Hx!2D56t#>`1tewQg!=2RaSzS zn+w~s**_q(Rr<$RnZ8q4DATP_bt>Z)cWL(WvXz<7lqaugGR3%~|MdOBNg=Y${?}Z| z(asgOLG6EyBbE*3pGx~*+=jIO)r+*^`-Sv>?SElKV(@v}KBR8m#DP@{1(3Zr-#cvoA7kC)*N>-LF_@&IZi5 z%)#GLckI$bq@T%$Hxd6sK+6l-1?VS4Y?p5+MwYz1w%5A+P~kgDkn2qAj}sU!pE>wt z#GNM++Hzgkh8zf>!q*EV-8s4RzHoOuxC>qQZa78?P`zF0Nic9r%kGnF)Zujbop9iK zQ2?&4q;_Lw^8b*U>_V=&@+;+)E9Ce$KexbcJu=3)0z(0Y-u z57Ol-fdd43Y!<@{0zEU6s?XBL0DA4$Z%E&sSVHTGB{W^MyFVtDe)6H64__<9Ip8w+ zxxy+4dmN>|)8%`GzmcFB`csqbw2d@AXsQd-f8?~nK5|;wU!tngHzM`MX6x5G?M2P- zMyI`|86vWVW}A!o@WlyPLrV$RMC;JTJ|p{r9b4`+>K#sRgRNds`<$v4Iy$BAf|Aeg z9)=S2teS2xc1^bssow&lO9A8oP{Fw4_dKQik9cct_#1R)pCRl&iU9`3|Q z32S?SGdY=n_Nq#_>?()$TW_r=%7m0+*`^AdEw6o2BQb<538Z36L!vyt4-1W2y6<`z zsapAaEeZRuVhC=5{#$WFqUfH!pJ0rB7M0k1~kzmv zlB;jc=rvs(r;5CIF|YnA+Cl&JL28;Htwc7+IzMDd@wq`r74+(QwOGa*1@*7d&TFwV z9(L5@;&c3(bBpcqxR*a~=DdY7{ikV)kD=4kjrA6pT15VL?7K??K#$Hk0)1m=(bD-d zojL%@0dW;x-So^EGiC2{hEbNyTyUoQ%5@vB-~Quv=gZ>QLg+@s#CGQy_B6_b;cp*> z4f0dv4~zI_g}5qta9??NxD)F_3z%VgK*Ws9>P~@fLm7GB>vi6+3Eyf<-?i*cZ0URM z5Av3Nl2=P|8Y|>+oIXyiIm10fFihILns3)CWRZaUq!B+j#!cRE#l3?UH&PxPo?#TW z#dn0#INdwqJ61f%^W|E15xH3R@eV`ZqT^VlkmDe)9mg5MR#(CB9vXLhbJiBzxeb#x zzI&21DMTLiHhC+By}Xr*ylDsJ(zxq;dACa5M)4t!eL0hNsmmjnEYtepm97ATOnnT) z*FkI4>$X$w=alBlozzp`?-qe_+s8D{FG~qt-Yu$BUNm!-c8dsJ-uT|>rH(unrR+HF z6Sh2p$&V!OZa{RF_C3YDy!n#H-aqmf9!%bo!j?xcxj+wb^B9k!vowYnFR!YP`o8#( zr>DB2ycdPZQ;^5~ry6642~iw~e$1y@{1e_<1LtUqM99>(5v``@UrSHyi4;-TNHkcVyXRE5(cW~{t6V(v5dfIH|<4s3Qi?-M5P7KJ~K zm}vml4s@syxhWQXTDe3rvY91hoSY|jfFJzUF? zez~KE>pIe}bM)&SzRlq~9sZ8P%(<-2TOEGF;h#JFyu<(Q@P9b`mc#ElT*>$l>s;e- zCx_WsG@d;iZg99Q{f`ljr_tdf9X`roUIDYR*yA_M9+TnI9cFjT=;u4!mc9sk`Nscw zhuKOq`ZpbBKg#G^9A-n!=s$Ou9W|r>r^9Th89nR9nQiP&#B;&Mn(^~qt>Iu_BJv#X z=w~~;)M57JEbk2tv*Bj+dmU!S&FDXNnC&*BzvwW#Z$|&K!|cNuy~<(s-;CbF;V@># z32@K}eBad@J`Qygw`n9V$szr^8BI((VKVSd6yMNU)iVqT_bjG5+4 zrXL%5jxahiSi`O57(MTJnBy6JfWv;AhM198azN4-5}f{4j&e=x^lu8 z1rMj&bdQ)ap*;beTj9qd<{VCqn0p=L6+GRA=SAF8_?(Cb3G*HTJj|UKufW5E+tNK^ zehAN@;`vI%qlE8>c#JUfLwLpsZ;qIqj|U^>-uOtwJS+Sp;^T#%j(Do@^AS%MektNv z!oQE0dC`AGe5UZ55pzCy@T3mhCo3cVlyF_dmkBfO!NWQ16*1?nU&MC^?;G(qgqe%N zzghU8h<_~H81ZAmhe!Mq;qehaDa@Ej-lv66jQE$rr$qc4VRT{Pc};kB#60`p{+@bW zlaQ}+aZU1u{dKg&(c@#I7OQv82EqYDh7|I_?brswj9L|>v5r3I^}xb+_NoUzUH?e- zwb5g0dyH#%t#7-NYr5TBIZBW2?UGr2>jZ}6GAl>d7e?nV=5UV7C8M-PGPz!~A-Qbh zn7mS&58lw@V@Ku=*Tr(&{clgWW8}DoPv82{iSx1>zPjP@@?=4I=8E#%1?Ab5dYV~W zKmWY^n#K8*tLs-T&M%d%_v3!}_Lr~zSz}|Dz3-`b{@t4W)Z?19I5YS|wNKS==^a1p z$02yz1bM~Hg|#sqU(%tjjB)(Z?8*#ddvBfZvcOc9347lSiaaA<2*mVH_6hD2l3vwH zf^7M#A*kG>proJ0Q?>N7^pAelkpyMsUk*X#+i7qBL8gicVp$LUMf(I_ARg@#TqRsl zUdEVKIZ%J)Wn5NO^!Mx=nXw9T^!IACkVN>5a68nDvhQTB7EY>|m1g%(trsx!OF8$? zmN*a22F{uVO3kpyl+Zevb?wy_wWvDX08OqoRdpigD59yV(^5fd**?{7LKd}aFNLN& zX-o~00DE#ctRi-#Y5K@>+A@Q05vlHO!Mgqz^|l;1->b8t>aRrjLc+Xyy#r{7146o{CkbL>gCCjDg(3@yIP z4Z^!{JQA|gsytqYr`&XSD*8)?6nRj*sVb@E*gOB)-b~ecNN*RlZBm6Eucd>6Ok?+J zM(v6Q46pyY4yqm1bd{=2QZM}+wN9}%!C(P; zHM=;ynocxSavVVz*pev(Q&K9y7XzF^5U$2;^lCm77$y=h3}HK9V$fANEKMLlW|{z^ z8%i~Wz(lsR*q&Bul2wYFlh%`SO~^Tkz;c%KZg`M=pDTmNSQ(0^8%j-s;8XGy((YK8 z^jr_-V5-u%)1t8an1DZ890<`6YqB7dkzvE>RB&uMSTu>e~C^A9U!t@+agvjO| z3sI>j+_79r22dV#6fKyyq9C~pl>{j=V09pyySOZ9L<9@vxm0r@C`3fPhLoP_P6Sio zD(f$)UG&qDkn0{aE;1N1h?*EdV?xIum4}k50eku_v=E{m1Bwtz3r4`xWp=e$$ku|p zB&Y>>+jsR^=na%gOtmT&psGJ~$h4X7{prvaMR-jD373Gu`%6Gu${eYkbB?yC*zgZF zXz=$nMquLvp}Ka_nYu$>6h;(6T$OxYo{^+MeuzBj(1*#hUjluiJo2D32-eF(X9Q!q z2WAk(!2@Pwf^H)Y^uJ9FBH3vbh!!@>|Cbs)m!?Oo=3i?8Jv~>P2j<~8&XJvS;)a2?rP*GjW~A-FK@Ww-jRmmP6Eymk!y>OJ00hFM|@%3S$uXJ$g_STSgiY4 zhoNuLaja6vagf)JW0tVhRWSLLJZ)nRKHOA!!^FpHaz=kf9`!bPON70=?uzh?ZO+mb zis0pKkUXA=k=HJ!(ax*nEstPwh#IK3BN)7<72hcm-g7(UULihTZdo_&^Ghb>vc5tZ zI-=o5oM=*JYle(SbeMn?4ue&xwcn2AIYVx8y9zT)Cn1p*qClx+(K>V*`XnaTO zWHlI5OoNX{ok~ZaFFxP*i=qXJSo|BsM}IPBX*^Z>Niq8q<_r?L=1)c_;{*|T9<+9@6V~*hg}h63 zUG6KIIg@8`3qAe+^dC6mC706~>ky;2C`A8(CjfJ_d$8$VoQSoYO>H~dN^@qqq#=C* zeFUCF201(-V(!_DEAZ%a27B^g#z*4dyh5Hf!0;0XGuD18;+YB=$4plOY`PMH@2egJ zeVQTTpH27S4C>54EqAuO;bjhAh*!EShabo%l0~}^8-{`zA zY&g7E&IK;lQ?09Z-Ja>X)S>JO! z_c{8*j{X!l*5O%UI5wj*-WsNghPh7~ z*6p~68HbJD+u?o=4|JG&lJSpn_;82A{3#yqv5x*Rhfj5Qmct)+c#*^0pRL>#4qxan z*Szsu=kNxHZ+7_W4&UMMw;lej!>opy{GT`+?(6Y*|IN`~a`<-+|HUN&P?1LFS=tjlk zVzt=l>m0tx;V(PP3bOHk$KlNm|IlI9jg8;$=l{yl*#|QoR-6no(J;(@m*EWx+!+jn0*CY2iWB{#UK{Zt!i>G} zFn(Mg@sYw`ikSQVtr5=@wtdmr!gojd>B5Y|$l>0Feh2t0;U7iJSh6+ZWx}>Ex>DHo zMHx$e9eJ29Fg_!PapjK@UoZUM5w911E8-i3asQk46<1Lo)gQM;-f-M+TrhJd?M@6I zvfq%f-I(9;e&ZH8P|lujOLixygLkq*@y1!Nmp^pF(`#S;MD^_lW?m_OF8fH?t?Nhq z7^4qwWNUNd8f5lC&D*TkEC=QLjI3#Ra7f+o%s%apVn7u2jrQ7sIe2bt zv}WyYHce?Bo;j*~pY|ukq!a7kXg{yKp?A{s>dFW28a%CIGOA;yp<`}H$LvZChNJ5n z56|aE=T(MmOdvC@)9}o=cMF4>9~|;X)$Og!O@wDDzmGY(q(>tYOr2$9f=$k7Wa47M>hF??4aK-bKqiWR{I zL04=Lbd?Q)^K>G+ovd`~!$hurPLi28QW3Nr>b03Vi8``W(*^KwDkgirgekWuoxY;K zP4ar8PBL>)DSj+geqW-J;x8RCzacj~SQY>H+A%@%5OYzoh3a`pYga zqe4A6k3GoJgVU7k&O{?Ssw|~*R(o(Rb(A~3SNqqPUBKdjH`DI7Z2wlX3oSNuw_|j{ zSy{m7g4^!x)OuT2vxwBvLYI_YF}k`&rMN&0aXlH&-%%r-fhfXi}QYw&#n??i(Cl$ZI05W*}xK|#@lSx&+` zQsH%S8BO?&pouMQ-jZP-dF@9MaK&YkQwWT=WIur+sa;?2)N#q55o#QnRNs=QU6>|;vrZrU#U0V^XKR*+{oS_uQUS0wQq4n7o~87 zFUoU@%rUsp2r?K!a;ugkl}@1cDq9cWbm#yH$dyaZD+>pX*bq?|9MzmJFXjabsIj2_ zgCq4Kd2RfsgtQ5s4Wv^EQh_U$7c1XWL`Ds|pgDSjcRoH)%>S}`%FOrv>OJK>GP&}w zcbtCPn(vBca_yq|`KyB2cx~PC!oI!i{^mLHWp@nKr!VZ=Mz9Rer))AX&pvWhc;&q! zzAK-;F%SK`Ah0sN5Z^82(hha5GBsVF@Zszy!(MfOr7vWMJ?KCS`_KV}ZSYonVNbd& z{l4~BmQz~H)J3HP!PS~u6^-B9EA?${+=d-y_HF0IZy6=6wx-jjZ?PhJs%U3VpV?}g zdE4FV?R@+?zDL$#t2xS^clO+=GiIE+aNg9pb9w9C_N?331OEqaFBiA9OVy#(TC_{L zy&g$zy|6!T8Y*jkd;RabbKNBlD1@4y6rJr{Gwd-A5thq0$TM={s^q~;)u1!X;h=+g z`iIWIn2(s@8wU?KFAvWq`5_U%sE`K$=r+c||F`X8TX)>)&Fo@^5A-Yjq2)Q_6|}6} zFnQ|@#LM`T-|p!HXL$56%&hYm4tAO5?2Wh;Nd3 z{Ba=9dW~SQ?#DO`{aPKz9~5#N)Y*<>k+9WOFd3o92tah!7H2AMn55NOd~Q;RJnC)o zE*AFkmMD_3gK}w~hmc)h=q!yZ*~{A~L48F-9#=JK$a_fM@(3nhm%KVa zbe49%;$Ggv64YHZ4X<<}e#|ECxl-?hrj$Ysv>-WGw`ySeX(Z@5JinrN0=43qq-_;e^mXKB>}{y0|m zO52s=pnXW=IC`{__oj#&MK@>i*q8S5u9Q6Zkhhz>$)n9(_f2k8C+TZKlxC37HGhJR z#(WX?5Z&6D^Ia|P<<;rB950$VlV@=YJ^laov^nD?=l8T33)$1|Q%Vlk*wZz;)QIOR zyewj#0C$Oaw88=44*HV=+aCCS!pLF9!o3O}>H@Bb^_d7=JZlu57BOWlj(CQ`m0;zi z?%TsjOW5C=r~b_t=wINDVP4)A9^g;f1?^(48}9u@f-?{^>1?ca)&p8W4k@#@XHRX=%O61Ta#Ji zF!Kweb6FbZ{$+Te!v%*AaQI+{4|Dhkhfi?$V-8Pqc$UNS96rn83mp!9IJVX0j{g7I zI~RDZigN$2ckg%KU;}$|zbWtLA{*thLBx%h+#u*iyl_=W4K^1A<0hb7L_zYFnM#ArylcIscF$wtu(Xpn8)(}`_7u@eV@Gnu}*dB^qX4>|s}nO&jjbr6p z;?5=7Dkf(T!Z_!+zvBZO*E^;yZfP0gH9p#LxYlBRraAcx$Fm*NCNVwB9iQXa&$Zzi zwD{LL-t0JBn=ubto%~M6_c;EBV+LYO{|_892xIa$9RI;_m{SwCTgkN(nRi)@_w){b zUl*s=@leMHIc7x1bROe)qT{KK8T7IEyt8V|$d2(jj@LWB$Z;v>SegE0s$?xK&#qQ) z6J~N>SL|)>0L8_5#n?ETu(<=&E0dzUi)6Vup7&%MG{k-s74-huoYi^_77c7O^SxOmf zHf*_a=8{Y5>RziO^wt~JeYC3eX*)kvwQfb-l?T>s>76_AyMJhyy}jY0@QwIOs%BnN zr|(=;c5G;@Te3W-PsA^2m^pJ!Ro#fXT>so7L!YgAxq76&(ow}HDnfhT&l%_&_AmY0 zAty^4L+?J*&b};@Z7=8JMVA*RThyTCn$~~j`_m!4NiUK+nT0TfIcs4wP11d4Nz#SIni^p zJbLvy{os0LYNcingg2$)6-nM^4pImy^xx$G}$=?e|v{-0^pU zr0Qk;Q3WNPs90I7rR^C>rj`t4POj7}gaKsuY{jUYy?jCRei`q)`NN`@}i z@^GW6xtoKPCtn9nNYpA)|+( zl8l}p=wcBY&~-lfA4!r z!|q={-}SQ*Wq$rbxqszc-3gphJg2tE;qj1+4|L;ri060V{RUY(_gUv9zQO2A42yCCq5$H|&{>`*d!&K-S z2ffY?pH{#do*I*raJtEsX!nNp-wgJYWp8`Q53_BT*s{_t%}U5mubLD3^OWW+ z1X=DnSngsbL!i_L!|t+Qdo2&kjK0FK`^+f73aDjf6tw5exX(IJxzRw)B-3#?mX#`# zbCSNxRF3+(1QO20f;1zk1i^5_T_KxEK8UkcHmi?S^x6!O?9jY2C0m~K)G;*eLC{~H zph!2ChU<$KYlw1o%dO0lvQoYKc23f7Gfa)C4{P9%#rFB_DAU>w(JbqQuyh-QDM>Kw zz%1DcEq<_Ed)&9@X1r(0YRV1{T3jgJ3k#x*637<}Wl5p$@zSGblDsS5IH+pZBH#H; z7Xs2u=eL3q4pp@ZL#4TjzwRsf6v$@8$H{h2gREpjiC7%MPm$FT!yzB<72WbVtVKTE zag6GlZLKHSVgEP>3Te|_acP5KH|IcpZ#h2baP=Qvj)0qd!<}#2uA=um7}Qd?gfu7O zki1MMf$EgP5hV^vs&!^4*PJ5#yX#9V+BwABSUV_)dMKo{KmyXrbDAiaoAuu!i-`7? zgPw|06cl8`KYwWUh6m^hS#INPWvT1T!06almipVwKmiYq9HUE2D0iML*A!PX;cI0n za5IG2RbgQq3~zk?dMNWn={+X%-);422^qze&BTc(Oh9S2&cLXpbM(1`#Y5&bEuFKX zY3bY{bC)ftA2wpd?8OTWhb&*bc)_wEE0@n*w5(~+f|Wz-Mhu#};Iv%@^B2utaMql; z{(){c^NKXHWAMCi8%jz-VHfYini0>Hs8pE-q=`OS58|`-eU9htiydCVH!?mPrV3Rs z35m5T?3*7?+BZKWVa`xG73o}7zR-h7k>(bKH7WxCx4r``8byX8nyAa<>n;C+=s^^kB?;@T6%1o)rqEsQ7pG)e&~= zXfmli*OyEvf}&!5$s{ei$5%5SN{elIT{?XwLtmR1Mmc|4*3t-*g%WN7qOq{6<@fp;rEh`)(MP{FVd(p!tfdhq zZL~4gx-?^9pO?VvyS7h~JQMX*$1wEWElZj@SK|t$;_BOTvuF4 zS1HL!*j;if7bOi%FR!m&=e>S;WBT%f2wuMHd>0=|etk~x`z_-4dye0o*xFukxMB)9 zC=N5wyq`0>VE*UdwCGq+CMphZAQeQ#IwG9=m>sh1$$z2KJxouD_l3|rWxfS>Ak1HL zE=7g(4MC^$b4)3 z-|l#q_nqVE^r(yTwBzr=G0sjWr_a~&_Nv&9%O6}En&=isEy=u|u5iphV^PL~T%2)E zKF#szj_Liiv}<9V8<>xX$H^$*XIIM9V^_=J8tdDVSR-BI`k8!Sctf2h9P{Y}Nu}j9>^NgwIjj5-N z2RI(&n6{S1;of6>wBzxPCpkXR@jS;194~jg(lL+DwylpizQXZF$2U6utmANx*RjL= zyR7N_n&bN%Kjio^$Im%_(eY0mzwG#J$Bb>*b{TmyW^lzg%)5&DWW2)U`#IjoLp2?_8X> z95c9Oal(2jQU5+p&RDy}8R3}q$W6Ydxf-EPi#k`k_~$#m&@uDMO=qazVp>M5O#U^; z+Z{jP_({i4J7x&X^z?Fkfa4*KM>r1Ou8H~4I^TIcp)QK@vz>gkw_>Yb=YFt{J(9VnxKRiR2oK`dUVlyUJ zk>}&^>}ztK%ZyvFc=G@j%D^K6sduH#i>Sc!J|8j;A?3#qmtXa~v;myr=sn z-PN{V>l|O;_)5oDIrjI*Z%EGkB+P@d#ype4x)hV|Mdn!Tj7$^dmB^I+uOqjW`}@c| zM{rL>5ABgM)$?#qaaClx<9R;=d5xGklyDz0_e8j#_`t{xIk32)nA{lIJmUvTS+A`elke?~0Z4c9b^3BLRTRat+V-gmdP@D_J zKZ){7#M}o-OWX3-kuMi>??X=eFr)hde52UrncXaAjwAAI;?9xp7I%+)uNY(JgTEHK zI=MgRdBmK%h>tD5zwcKZbZ}jLE||TqClem2b>a*Uxk~4CU6MWLl64;$b?{x?_Fr~t z(Yh7eXKhJljZJz?UGd5PT6f^~LwX-Y+xO7=b?Z9T4I8yzZL9t2yPVc_I8!l`hS^)r zExIU+dumZ>3GSrMnI20gjZSJydz_T39o75jWY&I3kABiP?3?fI{7ChsV=i64=|AhU zqaS#uZsl2ZGk;$$D9Lh` zOWS5SrH%SaS8^%6NtmwWQg#tBIu{i`EVq2lvgLR_3~Q=X=c3C*6=B_$9!1n3Nvjj| zm#)deUS&2-*M7AoU1lGWVOpo3lsI2_2wuKEL9~11sZ75wfvy+uY8F(Eh+LL!t`Tq@ zbdt@CX}eXt&~zCeJ!B(X8dfuHFGmeSjY}FX5LWkX%rvFa#&d1gWGnR!$~+~M_(JrgnXb+ zt9}&JPMRXg$w7J&&S_}`oNz`K)|5bPS~AlH3qwy%VR?xa5?v+h2E7q+;i-&q2-P|l z@4ey#+w{i!AJd6h^e_1pgLp@nt)l#MzhclzErR%!0Sy$hF2vfn?u5p=;|db#hX&G> zC5kHcmAp87O`tfgCZTmIR3~PNZFLEaj%w`m`COA_XAR7r;`LV;g}t|ULlvjxcI{v(D7NR)wdb-3qFLT9U00tQ8FFl;>@l*IS7GwF zYz~OVbc~hXn4q_$kCPC6rLv~)6tUO$EBP5`Fk^U<1YX~8o&7f{5Pg(`>6<6EG{S_w zukQoVSlBu88xur-_XSR1c(%g)cAu?Izt_ihTgNcUg=ZN{BTTj`Q4Wa4!Y-2E>#Nh1 z+*dO6G4@3m`e^Q28e#I30=VGKSlD$Eczsi(kLMipsmSyC!gH?tW_BtO?*W-Hqz&%% zEs(x}3PhiFJ+JTUV$#&fV!o(@O5dv)5X-ZGk5{6DMTKF;;yo<^jU6-n6^}j#GsMIE zRMr^(48^+>h{nQxD8Jti)&U_N`#}Xs80E}9*)=3gI;f_56^O?4;ZoU|sn^4OPQvaI zSh;X~s3^U@X*vi!Es6kP1-#^=U z@)Gh)1toK?tnqrsA9sAM<3}7n39HO8T=Uki`I6Yi`rdS0tP8{B?H%`WTnk5?)K%zQ zEgc8DI1P@+y7=QiGY@i!bl_~9PUpiMCLpt|H!F7 zPmavFN&g=51H`9Crq_Y-QsmT)>3vsyk@Z$m(35E#sOhiyNyee)H&$p8NJIJN~e3z{HWG z4!&w&{m|Yu$>=RKWwxsk)v;l8UH#D7OzJKF%_Bd0_S-M-cxzkx9S!PKo|dU?dbv|& zyPZE?|3tf2YF=#jYPJ>5wt97+%97fm#+t)RRxt=KRgIaIXI6Gwy}Yq(>BH|F zGy3@{{fB2ND-QWoW&2-z>ga>CGz;n8XLfqoQQB^=Y1JovBl|?Vqkj2r{ixcB zJq~QFey(WbsG~Q2?4j?zyGvg-$J)$)2$&C(v~9@N$XS<3mnpwO=hU;xN;X8yX0Df; zIW2gSBo|#A^>K3#QLpqsd_^S#@U?vJnA2Q++>Gexz2l4VWlLDwLhl{7NgeJ2(n7_Q zogt3jU8ZtM`?j;3ui0}?)PMTHWqTW$bE}v}xV?>xASn;k6!)L->Eq0%JEf_D&g<)t z$y8`T@qLieaH?2X$BV%vT_oEobb9w%CA=B0KAapp)akAC;pE_9;Hvc&Nk+=5z>>_N z)RUFlghK`C48GN(R(eyo54tDgnXQhrzFegj%h&e90xm6ehi3*L)zb|MxwJnmTb-Gb zsjJo!-y4oCtc8 zNWVJ$Dzf_Q{4&}0E#=nZIuvzLY5IPW|l$)>qv(_Atz7;a%*WwkY&m~4zoHpV3z6Vm99WZcbot(EXc z18BDGV6!cj*y6%(x zhU^a62W20Y^@i=6`EOk#MM-E<{~g}PS}=dskke<+-u1n#;e+c357QTM)3>vH-}B$> z?XUE9`S0$udu#n?1Fs2REzXAbo4V0uufF?RN-Ek4GR4n^H=*Ll zz!?=)p+jHqZ^ds2ryn9dFX#zxMMZh4xwxWF*cLtenF`i>&crVyOQKs#rg$}Pj+GWC zY_?QB1`OH-ZD)r6b|HRXjY=f%@xGN_kQy<3Mt*_gWoOO$OO|_%g9U!H!HPZK{m-jd zg~5qt;=glWetrz0kR37?h9(Ll4Z9hnn1A}BxpQ(MUhJ+oZRz5LGicB0j(YTwM;?-^ zoxODNvSqxcIOzDJb3+FYs~cQ5AQw*i&|t~wg4Cs$Obf3t&KS4ow8hEP$zx}X8a?@h zW2a6TJLA}KQ^rmjb?oHB>spN(J?`+Ktc_8yvU`m^Uht`w15}9LSwg3K<{JSW>=j5 z1h0kt4?aYkQ%Q1|N@X#$+3gVHw@RNe1!Lq@IwpPP(*7eoVWc}W`b}Sh{NC6pGfG03 zrZJ`={1^T#9(Ozr_uk@7R2|55h2Ssvd~O z%7SN5V}f3mzA19iN4`zpI>QD zPB13y5GlCB2@JU`{dRkHDy$VvSDbD4OJYkSOkP#9JO@N$VYkZf^*y6&zOQ8LN4prt z`SML!OCwC$=pgWXY{tTP{P6nTlD?Uep^uiA7dRwB{2*y{rEoK=8D~qJ<#7s8`jJY#q;NtsV)~76Za2_7plFO z(87uZzFdCVExisY7wuAhKSG~XOpBAz$#jADM`nJY*Y~>g5f6Pdq6y=;QRa3{3X=<^ zZ(qxl{D!zx-DcKQ>9|R_uLM@k674dU@q#vRpe2%P`kW}Bm+v~3;d4lS{hs0HnX+L1 z{CCzUiGul`zq6)`&KVk6-tf+vH^t4~@?(EE;swK+&9NIj2q|aNK;6h1&b5W;>6l-k zV`z3VV}{mTo-_YI`|5oNdCb<90uZTso=WwnV;J?&l+Kll$e!_sM-UGI_xK zrQ=(@0$UP=QCS^E#Y;1$;$(XaiSeIY^-79ov;wgtti!;RW2*-yz9`AUP z)>B3g=ju65&Rk`SvmJI9n#sep5c9(( zP0sz#n5M8XZ7kzHj{7@4*l}oUMg3e0mi8#e$2$(kJ;wi_lYhu@IMy-FQYT;K_*};q zI{v8R4UV}6EpInF{=DO@j%kls{Cgd5cl?NB>JW<`&ZU_DolgF;<6k-co#Sx6#kApk zi`?2B>kf{)IOg7GdFbt!Zc39MMfDyi@z9|x`nP|;$JSNhZ*J?qHck27C#i3>&D)F zxJ~@MDCge#gUEM@e;S$l+AktgAHN=XhxpCN4~pN8{ID4FkF;hk&64@c_{P=ydv9WR z-Oyo-R=uC`s-JT5>*hQ>>~;FyL}StD2l%+|ZCCA_Q(ak{>$_#<%$apZ<_?)Otz_6Y z-9M^>y_h&eEZ;(orIGuximOs&!o;+oJ{!|Ia$u?qGvdt zv*+tCEjS-4|nHa#UOWiSW8lxg&&*9C$@@MyRuEZDkC9(~*AyZWyn@Gl+r z$PXE`Znokktw+6h;s-R!3ZoJXXq4M42^DVQe|s{LOu{)xHl5!Og}Y}m35Nr*>%{-A zlF}=WOVyyE1Drv!Sxx2dwHYlWC6b(AsQ*Zy$QCS2!_pa9MZuFEa}W*Qct0cNMH+XK zzCCr2|CPF{|B*V!-Wuj(yrH~vo$iXe2A-aX6plbtLLhFIw;9Ue~+%@ z_<)q|SK6h!n~vOhiO~Eg@xQMBjoSZKm6XyffWw>|GAmrTJBdRqf0D2hf+%EJr7C^ zVVD|Om}geZp5paa7{$G}ctaJZ<#z3GDJUF5+<}hqPt(nlQ=nUvbEvtW9wTdc73RMP z31h6TyokE)-jB7`IxMw5hmxU>dOJqSlC7Kdwq|n zCDB(h^zkTb`_Z!h_;<4j+^iArI}-C(D6m-<7G!PhPO-L^<|}G zrex%=I)<^oUza6Koh+tIiHA%2t;G?eki}+k2%^8;;|n*pAg1=uupak36tMT->X10rVm#|mNzT~o|BO08!H!% zk8Y36^c|*+^vtI!?1vKtwC&*8wLjH|qTlBPzuyD=e$Vl9#TCpy;+kMIs4*jD^K--V zjg#g#b*^{%7P$p+F2S7hn7_2&kP`Y=>K~-uuxI}3DL0iNW}B?_*@bJI6I$k5vL?rG zX*tu3sSk~PUmMq)$!SU$_jO$Bm?s^J!;_QoQI5lXDCT*hlTUR#!|`m#JUp4s6^_qy zyxws*H)7?)HEwA;imlv)dATnW-#=BW%a}d|4E?0W^^rSCZv8COE90V^b9_Q%&Ux!+ z;c*IM`Jp~D=6W#pZ9ZC~m* zW7??ti97p@%Jtj6f1mY5$W@k_IT~+>o>QYFUxWAYcLFy-%Pk~QJrhvDz*F- zCD|@=F3)DEA=6o`gA~p=rvJ=C`p>M>rn%s}Q9s5fB~}jvr;PeB7UC-^n=4WO0(1?VZLl> z_99^gy?{mcWQ(7Wr-~m)Zz_e6gGvh7&Ga7U(`4Y$+8g$Tnv!wqI%83dwuiJnGBn!bqOR$z;coeiYcJD~?#)Fi4-EGzb^GB^*J#2m&Wo~4CdTE;7B|Srn{bCp zr~0N*H%xI+r{v=aa{^_Kvc(!K*bI=gG}$nrv`=QUsVPm)41NXW4b2&? z(}DARz!^B9*46SLQ#Z?#H|frtSlF2jjiy>V!_!3Gq)|`8c}6yqoPuL&Pim$X9YuQB zbh;!-4Y%r4SLo7=QOCHbV=U@?0d);MqPS1Vs$}#Z442x8vN{?#C(9NyRatH@gpZR| zAu)e>GfX5MNF26kLAG`I8;Gi)V5qq_$?B^nsbKe=u9Si|-e0Hdzvy3b>5-Cd&!@ONhwb@PY@^026i4UR67svU&&A*wR9?xWMvyHt+KlR_a<2c`8 z-Mly6N@Moy#Ya`%y?3~WD66I)(|Nu4|mKs2VKNq%F3wscAt;z1wzHhr{cy}l*# z47HtdVas9~Il)wR)+e5H*Faw@S<`oc*z3DN0Vg|wArE!N!sH!2{k02sA$*0fPl(ZN z<|;Mq8kIk`+eX&5`#G`K*IGN7lgx~T-6(eH~agj!o0q&(zjI!(WmBfK7VNgv(QJrSO?(- zw*e6Qv*^~z#Z)OXy;BVT7VkCrVmDNf4^zDQ7V#{B+e~tX;&DEiv9SM^!0*Q++5yUe z{h)lToaxQ5G!iFE6{!)3#=^=4Uf(lPL_GBIaA5i=xG}!X?1afU_iCoNIIxbQ} z+IXthM&`;G5}BY8kvTuO5B{@_qfkaRk9dXSHI6TKe5>Ofj-Pb=3>?etS+SMjFOgGW z$-E_N{70CZrA(Lu8{>3TC1r8?I1ck$W1J(Ld<-1*FgMfEa(_3T1IN706O*?iwcRj} zHR@dF;$P_EU+UCdRmQy?@8_6v-r`Wt8IN*2*70$U{diTAlh1X$z;QS~ zWB$YW8TlL+=K{xNs34Q4hWU7T?bSXXL`uZ>(MrhX$1*YxF)M~SbBOx<{0J>#a+CO5k>`uQ6PauMhmqHdsXx)f_5It(mx})w`7&{t zju&yR5LZY3H!+{!MSi=uU*!A52Sk2UJS6f{V$5HA?s?jzTeMuQv@o!|xAl%j4j(xz z7tG$*-QURxsXBjn$oZbfmD}&wGW|@ACfD?Su-D3(T)$EGH+6oxsZ&u?mmfEEe50wu z&iktej2bs_dfE8?FBTtHSy?>)+bZ4ddMRO4=kHaotQr5}V-HuBJ-Xw$4XbWgwQbe; zD>qcOU0L=@^{SyOC;qW*ZI_ibFSfm;%gUjzWODu2ul)9T`&e)RU+X_{+)RM~0&0rP%y&9Ka=ZGJKOke^j{>aQh~N>)~{ zeyy@>RrSiuFMf8}S69|N_VE3Wzca4#B9%>L=ar*Ye5G<_&HT)g{kB}vzV!Kblehm= z+2N%ll)2jK#v7hrdd!g3%PKqk*Dwhhw;i)$^|DnrNZGcP8ya_vUojxNYD4X)mFM^G zQgqbzcURu9Wc$n|kLR}kN6Ar1^2n(AGiz%qvuWnig`yq+ifX#tU(@;Nnod8i z>G(!XhxR*WYP!DinU624W%adztl)ganR1qa zDp@9utPB-et#+otPB8TSTcBGo_8s6QthqRYnzON^3DulCtAZ zn35FzD2@L*@fk3Vf~3_k+7iR(Gy>6dPj-{ywB{b2A3hI_4@xRL8fP~By9%kz91Win z6%)qNkq*MMN+EdG;?dywzIbR1v%ck!PJ`L~(A9X^<)yh`zby}kc zDCnp+DTWZct-bbAmx;$E&(EXj;nE?reW5iTOM3jxnd#0aCgkf$pRDo1?#^M~(ipq!pR!&VlRBVd;)n zS^DdYUTeg7$HJD%>fCY^yo)Ic}{%aYhF`6^B!}I5~ICX5bX1^LIAeJdG#~Xye4l_xi~9Hj7*zBA8Jk#WHlCy6ZLNOdbj5Faxt@$j6>scxk+&Y?jhQUM&%nyhxXhIv-^ZuG5EK6 zPRpmQ+Z=R+xYU(tx=iRxQKWQ|D4X)@XyG5BsO8Cq#*Ntx$8OBB!NX+Bg5;!)Sv+hx z6==CF%ZAs3ehg)h7T46^k0Q!L=|fGm8BZE#k`-w_%*wTl^Tm&v+kSRTG@Yk(!<__{ z?z=MSylj_8_b?`{Xn7Ri54i^aMRk2+26>=fhk2I?RJm~F;Z>mnq+J%lT3eB4tW<^ zD77n1be(B9XUn!&XRW8AsxFjCZ~YLLjhRY;`pc4>Y#-VFvK$xgc3hJO%5sW&QD8{AXu}ZiYJ=0s3N~dSl}Kk?ZLK&=l1SHgTN}U0LY#CCM0p4;t~f{% zzXsfSL7uMKc3w!8a;Bnp*kVDy+qxQ-nc}l42wsuXT!zx(HeoN)@4}>8KO=lWX5WhL z>0XyG^MP`(wdC|=8LbAV6Ln8>9vGv4@73I5hkAbIL-WCWJ0W&6`ytM{h?5?6eH|}9 z!QwsUJlK?tf2_F=Jfemv54)M`ke@{I_nY6K0~`#ltLO4B=B4-A^qza7;`EmNtZeJZ z+vE<2{JfL@Ox!)n-<6AQMkoNag@T?ARD)5@Lq|oF?<1~`JXkz9GPOAdJ@9b39DLcUEOO(w6eN=<|Rk~L#tD8HZhFt zenHlB3zHIMDhEVkVbmI4-&46{xAQE%p?H=C75${I0f@%J?v~%{`&~}^AsP9j_8^S> z@w{zmgvng#uZ!g;-QZko-oRpGIys@@=!a4n-YZ?;=1Bb?$Vg~5((*7w{or$b2sq%YIR*6 zBAFS}XMS_N{Qu9h;D{FtYsKlXvV5J>z%8%rW5MuSyoC4xJvE9*zTvqw^R8+Z>5Q#l)x8un|@q zwh!AHayP^{)Kj-b-X@nvS>lsN*y4W&xpY1+cW30E$^A`aPI#_a;?TP38kyG3fXK9N z8Y3SscYNdt(lH0tb}0|o=5_GYikz~6O)l?WeclE4zyIs=D?Y(Kazm5h*cq3rY>hiP z?g8tVVtR>fTyhw4DlM5X<{Oz8*-Xy4YCO-ep9^t;lW%am+3_uK%)@Ok&2bsV{!IS^ zjvsaL8RN6GuZqb(=i8rL{4jSS=D)itYtvcl_+U8Z;ZQMpxE?3EIH$NcGh-Y&VHUeM zXSq1nI{rEwkIVNRv!AxzP=~}kPy{BYjx(lyGw$hlkmI3_>m48F_(;b`JErVR{}jiJ zznXlOGYn$#aew3$pz>$T8#lCLiT^oa5shhifoy>r^M7>v+Cn zhMi3RxsDmfH~B{$hif+K|D==O$u7BT*r*1S=x^|{)FSJ9dCC08OMymnI6Wyj306Q zxZ`IXzu@>~$G>t+CaaYItIo{v#2*-ywW;oDvPH}v);~9<_Ahh^;T{X|E z9G~kr+`G$kA<9(AT3Vjv?Vd%L$$ecK+GFt?4(+kXE%jL1J=L)}r@yb`I>*Bu(;hON z^BfdZK@#04!PY`pB6K9h6naJEv zo{voL+s??-#6OSxK{3}pX-^Tq5t;kXTajmpxxW)h&$Ty1F{|KVro2TyDfr{xN%>Pj!m=VW?w=%h8#X|9;%G;(1xE$+7gIUT4gm z^kA>T$Ktd!$C9%~%`cihs`E+ZIP%QgiY><+IBw#qrjgZ+ zHMOG}v*R+IM`tVBJ#yx=Ltp=Ou2vJR8Z&j1X;Ey~Lsy&ej~_Go?J1R=`wuUgwIw;^ zG<_28?C?pr`s(RzR=-i%cKnM6Z+hhRc1LM7*HMi_YbWkM{PV^2HRH#OKXBa8#-?FS zMMrP^BsrSdC3Qe&IUxE9* zJgr9SZx&Kb!|BIK%*9)w2|)X;l82|NirE@K>`(E`kS{#;RBEQpKqN9HS*CKfA?cqn zlf^HvXtmOGC51TeL_Mp1afI^bOD9wm=8mv*X)BvO(wa}N>2bagtc<$l zOgR!7n8xAuSez_fvl*aFG^^p*(&0Tf!{I#AERIQ=<;k0aL~$vE!-U1jvNfB5+hmpc z6jH;MdUCVWwF=Q35FAd9;$-=n%>dgA8SxvQl26L5lMu}a!J&rNe2WRVY)6wkCddhf zsPx`xhCwPw!uUDK{IrZ?G5e4986FB7X?Z$T96$!gYI>*>t!#M^~T5hna(0j3Z4Q8j{x#apfBIFka|0L0QT3Lg=@@-UMK8s-k#t7hi^ACY+K@K==2>CE zfGkqgokbdr-#=0bGYx{Q5N{201Q=!4+61M=WnoNxX~;(voGv2J{5AMygV#+=ee~nK zap-&3G4FzsW(sVKJ(OyTl?TEL_xV@p3&YE9>D&C#m=!Xz>r%CQ9sMs1WanS||2q%4 z|8185uxlJw7i`|x5&&r(mezzF71~>t8lYF?v*a>Zf}C0fQ!Wd4mqkvE)-JNu5XAYj zmkdbHg7-6+9b^7q9?DK~DnSlesVru=tQ}7L#yuP(zpX0mcjvH?o_LkA2S>l@tC!y! zJ3S7U5LWXxm_5ZiQlT8?y~R6Dar}Ou&rTCzem@!=Bfm@gu|O{SL7r_tP7_;Rg<<-$ z&!d$~Q%pk~OyBC=k7ch^nAbN@o~ce?xJ>a(H~LmeAJ4|*uT>1AoG*~IG{WTkqI8@Y z##q=jj*$;kLGoUV8AC2Lzun;-3TqX#iD7K_bF!93n0#M}azHc|cBA}W-@To7KbFlg zvNWjpZzZY)qOq{A$nW*-ls=9n<)R`AVdU>gSxX~K`sn%a6(=x!RAF9UZD&2}D-eC! z^}N34#iXH~iK*1{3GHe#Aogd`wRj)aNlUe5#^SvufmGzp#}&_?S9#TfJS+Btil<-R zSlE9{;`if98qkulA6;V@{x&W2Jt1YBlV(gG{m)+CCg~#{`lyNtLmy>s*Q78Rt0qWi zQzE}1u1?Lo8Lm2ff`oe;%f3L@Wxsr?f<7k-XxqW_|Hra9;swK4HV?aIRHXSYrE%Rc zmYt4OTYIzRhtATbkEOTqXPzV(v*jV8PvqO=@{oa?x?~0%HxApF@ZuPUTmCtb*U9A} zfV4CVcwC1^%fcq+ zY-5<;a{R307vY$Pmz?}pPX4Bohj)loFJP!wtnaN-%yv1x-H^vP`#B!&cqAM;GJ>kS z9_k{~Nw6`^L}RW9V;)M4YaI`COy`WnA%Di>9EY|>EJMy$i}OLpq5Tl!oZ;ka9ItbH zvEz?9<{C5o*E+tz@y(9E>Nwn6V;=5z@`oHh>G)~KKX&|c$G>;{2gh_nSw6$PCT^Gh zWRo+$!#L--uj2z84{=P-mZjw#Wn<=p7}K$3%stw8w&U<}L(E&4QxKUk4U2!V8FRhBMUwNP4a_zh zB9qmlBGZmMHZt3v6q)O0TI6nG`u5Sobu%Y2k8JewBd-xJiOhX~xi-kTZs_xe$B5TQ zK1zH^WbPH0N9KCED)L0}^^qrwZ;8xx_V1C`iD?s~f4%sj$QOv8h|K-unaJFaY>enS z@y;l}N&M5uw}~JmD%1o*HdD4(E!KWo&uQLn!~rpJnRhSW~nIi~uUSv$X1J+E~9{m;K~c;)B^-uYPXm)p%hfBKG8 zL;b{QI~vcN-r@P>_3hp&yQo*9G%Kp>M~(m7>h-sNV&{?7FIU`E{`z;fA2SOTNxO!v zTQ>wX$vzFqYd3tXH>y@`_~;Fv`u69yZGDYuM){J?iMMQ<-f`uIX=h&h?MrT0eb%iv z*H_e*Pixg!CLOul29h6m1OIbxkfh=D4Y>nzufLfa)b_Y`RTHC{T-{8huhms{tvjM* z-GOyG8)mldT~{}A=a^jXz^aB5N^*Vb){UuK^V{6yx`u|C4P&cvW9n*0jce-sO-?iZy zy@_7bSb4~>byK##-mh-LyW1yxsV;Zr%yo0?8phV;ZmnuKswy`i_xjs)>n`BiYn2^e zf44-RVOw`a$?NxM@M-2D*XHi2x;-0SW1n6*ZPdb6l8=9J{NpbjRCLh~-d*#~i>#=3@2v6;G&b-BKEbu&t|neD@> zwv0_b`1aICa=AyUbRsZ9!znPa{>ZGsDJA7c>*e{@;Z6GD z|A-q%y=)+*)~l1EZt2VRt+r7P7o_{blIj&rcmpjy?KBH&eO6L*QI=0B- z&7P;>yWS`}Qr>o-WlO<(BHl0Lz4P&MD^5chu&)N*9z#q#6<{*Q z-HMuDNOUT&Q}8hXIZL{~Dc=_Py3_dhjv%I9DVQmnnY2^F9;6N_GrESm5zv#AAyrMd ztiv|XQ@~bIP3$aTA=N>oBA}3JVMx`UODHSLlS$@7^GLP7yghpH*HM2REws~c`ND2j z3;b?R(dzkKGLwqfdeW5(ix@l6IOD6**kQW7=L07QJ}Kx%V0W69`1awMmAU*BY|&dq z9qyL1xaQRC+79?g`K`aI;kx)D}SSng`E!N_Z3CxMnEUZFEc5W z-W|e6WVPEpC_S03R6C!L<%G+u%qdxqyM-OL>MtlEpwk0{&WO=JEl;^l#LU@K6}oUy|e~*00NknS3ilk(TR%=s}V8pg5!A-wP+8_@XbG;vR|@6m!{j zBQPi)B5_RgjuNdS(Z%0aqC)0JD@r#4dXf`0rI+h(qlDaOx@4x5Z`iuFbXecvJ#|Iu zlMXsH(>K%0lNzc!VzQO@j(L#u|GQ!x7htvciT_pCB0eLU?8`N``L6rSj4jC~%&W)wem; zZU$aW5#-`v7U(}Mv=gn+SXbl$iPLgA z5r<@mg~7DU@bZwclRqMd$H7c;av{4X?=HJ!pP7`Iq!>Of#gV3gsqj9=X!3olg5dB?08HIm(U4Og(f7C^io+N4#%=h zUhzTw^o+om3eWV$49{y0CCRQE83hBiBqW3l5dQ z(~|u>$fw}!vNNP(TV5CKH6pf@(a2Jzgp;<#mKOGpG`(ai_zL#Yq~?TvoALIRRhDpQ zdzPr|hxXqL*2$L2+e>~JjY^zZn&e2VECqw!X|lRr?Idy^k0JEHknp^u*Lh*9ct?f= zQ*cJf#+6#YF|wtaq|8=fR97VV#I^}1vW(bXs{p*HWjR?i+m*Wg^SiZjWxkx&nNsn|pmm1jiz|_4o%`Mmq8ox}3eMBAMd6*RGz|^XXF~8)oEKv- zZaUL!4d+QPro1$nwlS;qc})J@y`*Ckd&xnIJfo2v&xAp?PW;`)v2fxZEz1?a zEyc`+E=bwdh-tefyV-e3VpOd{+mXqbnvUkby@}e0Ymv$#N9h`$V$)e+S z7uV9W4U5CJh{Lwn29HB#;0I*sWPeoF&VLK%ROQrsSC+mFK8r*HzpX5%Ye(5GvS!{- zTwbX3hW3@2`*m6ug-=cY%dHQkQF;vvsQX8w_Iv+AmDY5bzvy&*#VXVT92T|N_Q@2t z4ogLy6_$ibSOBTGGEDL;W;&-Pb3RuVB4jG`=_f6A^ttrAR_Wx=eM8JSG3K-7%;6E{*WqN5=!#>LR!hc8RDmsGK;BcrTN99 zG-*_!_lEVL^7>N=(Te!^mgL)4gbfuHZ#T`7kl`R~1tDpt z5dPuFY3^QH9n1COVP35c6dPF{{ynD~x8=Upol~LjcWImJLMr7#5;lHbIIv}GR2|Ai z+Pq3KP}rY9=Tz(yWreA{#S~}=4a;r?ii?Z|USC3v0`|>Qn0p*#r{raY&{J4St3`@a z@)--I5JE?i@jyrCwT#Tu1V}dvcIMJ^(y|YpH`DCpLo9ol{8!P!`5)r8ViVb-UDK)5 zbZ#(lSyw`7da$&it?997zJ?ixJyZP4)fGL$VdXHTldm&wX|xPGoh}%rDamu@pRHNV ztLM&GZr}OR)txLpd+yR^i`%gv*sQrtOP4KMkSv^`6}y;(96q6@Ayh7>bC`)k;^@_zy=M*%tw3wS*J!j60Web}Y zgwKCy@7VqxW@P`JXFum>T^F)L)(g|J^Xs(jIuksUmY;q8x1CB&^9_TmdOmM#D)pg~ zP?h5nUM_o>>^RxpvNW|Y$l>Q?iO-Yl{&I=K7<^;or^L+dLrx_Yti)6=k%oQjj;FO|g%m$h>Nf4GUu?co^tg#8NhjY&_uO4-9@ zy}k+ZdqWuJNLjcTkIbIpaei^k_ZE+5la|}Hb4Ee={W#t+@|(0D1C@|-kutFTSSq%> z3X@xOF4hClSh*~e-H9SuaM4)UTKT=czO`D_S{WmMtzsDE ze5I_V5hnkkz@1KD_?Z^*zNEw_?q<8!E1uu(vx7A%BAslP0WRAQ9=%MrFe%XmnggP- zurJE*^=%oMgx)6fG2h4ZJuJ2~!la+{ZCBZtv9S9k@cJH*zFT6sRL3yNg~vNfBTRnQ zS&tAdp@n@%VNRSZXwbP|lJ0MZ7>2%|%aW!}7V`yN2>x-1Fzj!lYw=Fgj`o(!jKzCf z0$2RWC5q?IE8<})1;+TdD_*Gk@W@zLnZWPIma*w|NI7?vC5-*()7?rhowS1%$2jaCY;)NeryvgPsc%K5JwzaG(Kik~*CFGf#pUetb<28;ic1(Ar#d*Xr=b6blPR4Xk8Sew@ z*kNkKHkUUH7Ew9MaPHci_2V5gxMzA!b@DSDFLrTOIr+_wA9VbT+|%Koc-;seLTR$8SeOS$D`p`R!4~~tzWC>Oc&=YSVPH}3*cCu zA9wr-7w6MXev{)b!Ew8HxcCpdIFCE|^G^OVIHrBY#rdO)Q>4nn@>vDPeD;82+FoMz zmvd^QlOOKn!i*vl=lN_Jw;xBgc za~*%o@pX=Gal8$d#e5l#d3e;tdD6*$0Lx;2?Bs7c`P)w3Ru!x5ZwEN)?*~Uc1Dw3x z#b;`jr9H~UIl;+42uD31a&hLnIOn-I>s_1;F3xq1H@i5r;Vln$z;Rn&b#cDs;ymT# zFSz)nYE)a=I>*O5UJS>2>?+51IQ~z^90Sv-Q!>vKvB`OsG3GvM%rmrcAIJS2*Et^U zIP|f^ayY`tX?vN@V;!IBxXJN6#|s=Ua~$q#aa#;|nf~>TFLQjQ<7*s$+VPE!KkIm_ z<2xPS@`LUgdb5;|m;L<(T0<+sDn0KjZi|#|+U~{I5FZS=i){ zI}YufSXSS2^6xvQooZ=ca{QX(Hyks}XYorNGvsIT_Kv$b_U)^_PG0Mnwz26s&@pqR zO@6dvW?!28gO2ArUg(%<)E0l8<0~9*bo?2|pL2YNS>% zx_Ewm!O49a?<-Dzw`1m-oBrnmu~UD=J*lEk30TP$KP}OW5+*t z{D$K<9W%q-wp;DEtK*)InfPw;hdBO#Vym zJ5zql=bij^$IQdG_&Xdk1>fW^IA%t^$$#ybhjx=^9fx+N;$gZtITQCS{xHX(of+eg zb#f;2Tl{H`XE>hic$woBj(2H)#%*2d;#}^S_XKRaH#%l!zsc`*e81y|95cV);y>^B zM~;8yn2G-u{|}Ct_HT05`7mahzi}_e%)mGKfsUEnZ}OuYYg0)^eoU3D#i2ilXD%}) z*QJw>L%)^D>8mnssmJ7dY6It7+P;o!9S?L|=h(N6>z$mwIooc7<1vo+)MlRG;!JTo z)A1a~dumHBadDPAUg+aKXv@F<6k*`%kevo=?b@F9s1K^c~&|3p4#n9zq7PC$9)~w zIv(h_&hc=^4UWe+ZghOC;|Y$ZIG*Wvj^jPG`B%C)YaFk0e1YRj9ADy@mg9FEhbjB%rsZq-y_AW#eiYj zD~$Jq$lUUHzDBNL;N;}UjPr1g;bNxG!u4X_?1m2$Umlr$ znrkAD6>}XCr&0Xb$j6Aec90(@{&Hl-k$8?q&eZ4!A~UDqiOAE${~7sY@e7gZ`(X+> zX=jLec7~h8{}p+j_>Ym#5ErXFiL*e=IS(%vcZ$4Hyl>>y;=YmBhzCW!P&^{?rQ#zZ zbMI=5%y+RxKE0_NzD0)e2bXpW%x$%(#W@n&xw4y`25JsKe#yZm&KfKr2VS+ zQ;~Ow`8EM^?p?P;rVnXbHj?DCN#!!%R9juMaz2&2kFBM-M z`7$xj+QesiIWKX;OcB2`@+ZY#kIcR3k;tDGKOOmV;uj*{D*k!ot>V`sGadcy$Xrj^ zY`QJ(KW!s(Z83&I9+*~M8=32jXKLh3Ge06S)6K_4eo8z!^3&p(k-10lyi8iArZ11o z80Brg@IVa{Naq_^sX7@!t zNW3F5V}_Xj?e%4-Q>@;;!10xisTV8`>(MNlzv%1(hrPe`XolB~9FYrV@9WWY<;I|M zhI*YhAiHZGMP;AdvhBIk*XPz{XU^Wfw(`HtsC-rd9`lHnK(ry z-waOK)p82!hG>*NDXbm;L44Vgj|ZphiPYgvBQ0y?WGUfv!T6H6n#L+5U(sJ_TulQ( zX;@7oP*_a^O3J8KGy4Ptetea? zwcbY2^`5>Yr1MN~quA2re7-!(bbfurT>qM9|5!RC-g{b|+fSR%XL{FZ@deGzwB|iwet7uXb?*3XrquhHtTZZ#%P{<8HIqIe9t3?Ic!B^PaQGm(N|fJQ+NvX?asJc-FFINtir7xOw>v z{>PsnzGUg*CG6?@G~A+e6@@ulB(c(hF@#}iWZ`gW$=y@D{tBa{_ZE*zu;q5WPOFs0 z#&~jqnWz6;is9elHOOa7z#QG650l$fmin47iNbd;*shsN1nr%`aFXO+-xejVS0MUm zQkcHkVoM`Tu9N3$Kr|M1w*1BfP1dRT^B4!m!e|)y?LOP4u-#TMjQzOCr4c40Rp2=w z8q;^a{9a#GyL4_g`+*+YkL$#iMwm>OzA7LZ3*#Q|^|976y0A1{Odrp2mPVM&m%bt= zFuWzEAr9tP>7$*9KDKZAC{xnZ$zndNfU%}Teh~XWbS>Ui9sJ&snXz~@q&SXdo>shi z^T;*TKXgoRtJ1XmV2s6kUQAxiyx_{YlZ3V()_SsdjHA449=WCuH@!WlfwgL@ zC$v4#NBLC9s%Z13Q3sVIBnsu;W7=k9K^N-ckyzu@>@$J-r0?D$)b!}%5~HtGl4U(QuKF2cOrmo5Em z7XLmmeGQmz${If!nV|oOTrT(7$Q&PzHSsy7FGXhiuSVuc>9>*hllzCr9IHP@9wHZG z`Qct=?5{O0+of~ooHcvy`|CRxG2)>2-FGm7ol#XcoQ$aNpqFY^^#L3ayz#I7j;H=` z<{z_-+2=OAa(>0OM{gKc^lH(I#hsUz*B9UaK(9&P?6v*DQTk@y(RU2o`TOeevj&xp zKm53M)9GT|u7xqGAO7-(#vgIW2XX_qRA$E&k3X>g#yE5}cwES`Ats^&4{b)X%|%r+$vhf>ZXUoUlGB z*R1p~U9ltwhp*(7d_xgFd;abB~@P$02Y_EcK zI`L5Bwd$|Gbe&EvgjUn@-dFH$#v4}Zq`S9OXg3G%#qw(X&@_y$#mWyTDt)JnS+vQp z>|-0Puy<~@4U0c!lggDboH>AmuhD-9X}d`wn_Q}NvB=WwYRTGNq`<1X^!MQys~V`@ zz#mml(*7p>W!Ge@+1YBMSF>}<_xtXOc|WV%9nr10Ez8i^_xRNN!W%hyNcPLqwbBA~ zA=a)YD2mOsTgNP6w3*QyiqMFn>cBz zb3>{#QZY`N>ReH3*j6uDE#lPcAT25->=(Ri5_v(g5JN3D<;qQIAL3h{Vg$=qA%YSI zLxnU~)}WM0$KIV+l$&K)v$*^>HU zBSy?#ywGsS^2Li6EE}>*=hcGwvxc1h|JZvIz^aPtfBfFJB_S_6ARx;l1d;$DA#B02 z1Oy2Jf)EfbnuSC_0zrrv6bx9bSha$CTUyZ8)>;>|R@-W8wAQLci`FV_wOX~U;#zB4 z+uHj7d}ij{cd{UM`ELIHlgyjXoH=u5pF4N%+;f*N?;0?6RK=+BU~lU`lv~P=y6YVdiE~BPixtA89z6$K0QP+q4%-$x0jWUvOs@Yw$dSA5i5Q{}y z1$W^5v^?|cRCG`ShSS19Ef`R20v$5Y90Elv3H%zpE{G#qMSN->G1@eYdJ}_^`bFBz zE}qdf^HD$iXH;YasxLnB4qcrn%W&I7wqldYD~`Nz$K6AtX~Rk2*KmTjDDm#(@^zcs zu3fMjXw*uqTCujVAz|d}Zlg7M1Y3N17cyx2kJY{(SGqKG%@xo1FbBJ(jh#*GtkMHv z`LIi1*{xGyIZJWABb{?SSF6O=!}2bJSf&p0|Fc>tT)+4T`Y43+fB!~f(<*G2nrybV zjQXc`9TTWPwo(k1hF36YLHcF-<{C>d>Fqgo?_~fm<1;J{JHh!y-VFG)kse_$NoGlJ zf)B@cEJE4JTn5t|j?df^B3!2{y@c_YKbk67!Suh3a@+`){Xyw3bz+lOAqJiG3Fw!)hgzEEMaMdSEyAe{w=`8urB z&%MC1C;f=RPb>UOVkhS}ihfAZ-&OR#D0&#fN91!}6FGdwD0FTh2`(UZ`Q)`gFwf@+ z-b(E9^F@V`Y{0|*D*W8G6wK?M;NA*zUKRRag@-CUQsFX%rz?D%!t)e9QDKfNNo$$H zYZd0$5uQy7Z&7%=!aEe^Izr-dd8BMMVjjL@?bHvPxR8KUT;6fReIvcl68o~tm=iAq|!@6{{%8imhP zm^+{n_hN-FSNLj$O&@mozfRG4URvbv+^1k}stSHo;U^X5xlG}CPT^lG%r%+t@a(i; zGdH>g60b)>=hQFr24FzfV~yu`g?|FDJSSnD6H_erfr+`^khAN&D$Ch*u1OX<9$uI9 z+4VX{=QVVN!`!!HTTo^`@CJv60?RpeUI(}bO`Z|Ja*myQYdanNcwnBvB@eGdl#d0C=E&zx%?%7L!edS8if|OP zkN53R?)`7y@#CqFjNbRHX?Km7H)mnup1t^l-<&b=P`uyD=ng#p+4|}B#E$mb*0QZv zx36ojUAI56^`f$MJF?q<60JNt8=ukJd2Lzkin7GW?45g}tDKzCs{FgrZXHE&tk^Y z2}OCj9nW-@z?Xccvx;G<(I~@GQ#R5UiSpbGzIpe)@uke5340{d|B71sR z*eyymUyZZu?jWt<=jgR*A2Pxi*CBI|*2GBTnDhr248&UYcb|`X?ZM|wm%&TZqaGeo zXVJs**eDz{>C3SlJBR`vrjHMlcpdx)J$OuIJOh!HI9qcPsde~J)=);M1v$N5d>r-Z zYlFa>;LTwDNiXnA%aDW2$3Wr^c;*iP$i$U`m;DTWxZ9htOw|Ty_RLxIq-YD#6z*V4{&7 z0KH80ee{P_9nKB&$rT?8#kw9KhAyGxXP8p;Hh`@y81DiG_pUiR6SsT{Tf9%#|w9c(XnDSbQH5_Pg2YxEvDlGuRe&62VQh+2Jit8 z6|-8$Og`meGc#3w28Heku*fa1E|daDrxsR!C?x}a8w(#B3c{0L5@I-SU-1ziI;^2o z+=a!4OvUphsjpPjm!*gZu!GZ>1b*kh;`}z9MX(`r<^=#I0b2kY!l7%rg|PS%2p!A1 zVKbmHoE#^@BA5=P_3$?G%=d=PvHpALXQ9&}Jw^%wcpWr`aX%y%9BR{Hao(H`IWv-? zH+qGE^eiPE=@bSjPy`2I8lDLbI@^5Qh2EL4c(O)^QU`R98e|?R4B~fWqzr>QrIIWW z(=@CQW(0%h}el&EQc83?@aF; zmvJ~hIhcy59pCpG9@{W4=Tes%p)F`qGLE6{JIn9Cv|RjiwaTo+5O;&pLxvJ^`T@pNB@H;d`Nhh z*9!idpZo=nA(PoLPcZS#0l1~I2w$#VPU!lUgQC)7Zx|enO2HIi_8(b6_I`-S8ivsfh9$-=lQDSj*cF|7US25hG!YtL41{d2_)>d8`MK*9a_e0KHRCK^cl5u(cE4 z3J5sVO}ZPvr_&va1y(8uOgG(yv0iq-iflmd#1zj<5I7@YpMqb@<8iG5&?qm%g;Cya zScwDZoe6o@5;!Aa*TApk)j|;WuqcmrG7O`<+h8RQpoc>x-q3E!dlSO6ynR?Fi#+bt zh`f7%DNovdR1eQPP9;D{`%ovo7F1e3Xkvu#Cm^7Rfw>xd6@f3A_g{m?IAR_LUzK>^ zO4zf&x*S{-laKY%+l8@SSSA@mfL?D94-q&c^60AS@+uH90U~cBq+YUtIU8zuOVLl6 zo*0oQesMLu>$5Z+O8Gh`^y?Jq?@)61IpUJ$$j{c;vy&!ldZzZ9d*px+HZ>4k*tyb5tKP0TA6&42P462zJs{J-|x zXf5(B&r8ly_#A~VP}n?oVWq;HfG#KdxeI}1|F@BJc5;~Y3U5=G`VWMMr+5W_UEy1a zS+Ov808>71RoWHL;|iO-Y?m&#Yb37O%XXcIx&$Px5Qd206k^Adt>|5JWjdZ>#Y4RU zlGa2ehg(1*f1#q+EB@0Joq9clpJf)A9I1ktykL$n!F?2F9SMDy!n_?6`e=p6DLhNz zISMaSc!|O_3NKf9jlyRt+^X*N#H}q{1}{oAK-T&36SHzEtt-Qn+2=2NmY# zuB3HPVP2L0x9TY5x=!-Udl11D3Qtm)Yb)WItMCGaxrP^>r3x=oxK`l?h1V(EqVVD7 zoE?hi5`~AWe#LWud=5u*jKY-;qp8fAmONzRb7JCDU|ti6vFtS;d?x0lv(C}EE?ny{ z=j>L8xjwnT;RG_LE8%c0Fpab+md*k0qi})3x?k!3 z!|jijHO)|4(OjBv4c=*7)1Zt@rN2H(qN9yQ@2OrFN#kWru?LC!#wpc`g&P;@B z-yO>~?~Yv(ity5I-yH+sHN>vaBmQgf`@A{h27xws&iFL^ctXhGf#;0djFa*MILYUX znIuBvi*ZtB(uqVlCh(l`MeB^Aed$gF7nHI@ck{2qLEkdn@-mF#rO$tj$~|yn?Z_s zY=*=>^2=Cw;UGlPSFwG-{ zrywZE`|%2selyC!d70&4o~0bTyh>gHjc(CN1kOlZG{P^KLC->7EnLcDzD3?vUVNVQ~;Nrpu8h<@g4$!~yhv2YCqsXC&;a@N0Q=CO1L*O)9bgTN zgnbtjEpHu|`hZ4xvR})3c@kFQ0D4D3UX~&Vd<quuX|zXLulU&UMxKHc|4v^g&;OmKezJ~QJvn(%!9zb;1sDnrI4 z>qpAL(@GMDB3^{NDgtLDEDoUMl|df)STCHB19`xx+Q1CQ;OQqqKov+AT_iC5kvTqp z;C++SGpfGJK6?{7-RK}zQl26iDCyACb)Q}5konamqaT%^%s;=c&YDh|e}7*c52KXf zDoC4u<((CdT^i1Xd}oF2D2DZJPCUqZr1P4kyLF9=?Dw?bC^+1w9|?B|G4Ehth~=FT zu6@bF{zLPh+{eLT5h^%(+nT1cg7L@N|WbQ+TPu%M@O&@Ct?3Dcqv4 z=?`wgWq+6au=`5A0S0tk_B#~)USRH*(6By<>3!H?Ch@q#X>gx%m@~vL9A^42ILx{4 zHHSHd{^YP3BN+CS-ybxt5r{d4xIazII;QzgpDkZCz8p6z4eOfEwhD`nv}ZG}{G;m} zDq^Kzu#Po3w>pOiuZ`y3|H9>uOx>|9?aZB5O}ix&4_#A{@%E0Ki~POA6DV*yu6xk% zlQ_cp?-7t?&wnQ(Y>Tao3TtP4r_+ZEq`|P-U|;4{__3qXNGBBin{iUOS(DtCVRz}W zFSCurNQ${HkEC$*04W>bL^#`8jXsf9K&#Ow!hRgyvIM`;$X@)$*pSi4cKoJ%20#9j zJ~0i8gM-#6Kx*rl(G0o4(BW^S@AL36c3LHV;NJvi9&G9wa{tt4%(d{R@x(g(lzSP& zTh^?j|5A|mG5nACfuHf8fbEe<|Idv7_kigI__+eiasQ<7AN-Tz{t`G#;{IYdi{pMZ zoa(s02+pFozYxyCc<4+oy331=MpT@CM%)-vk4Bh&#)J5Y+#e++lSRs8NivyyCi9$` z3?L18`8Ri!>^4wRyE3+cX6FUkm3gjN^eacLLLaL8p?)9d6?H$(o1WZlimTnG486@X zJCBDza9ldrXyRbUMiU)g7k%#(I;P8dS^+bNj$x5zNbW8r8LBly@;q{qVXSfW>#V`Lf)BybOO$LIG^lJEYrtpN7UOyeLRFV3nv2^ z!e{}l2D%ng-QT)4a}|3Ju~?VzA{FFqY$BuUXWN zb{9Gm^9b8;EvA^3iDK83t->Vx|K{dg0lE_V6J1_r^I>IRrUL&{8*)Ljm{vH_mRu+9 zkMpJ+>M;R}>CN2Fz%lEl z5@QxI=5Tzo5XuHW65om7p*)?gbQqA``pmwksmrkwEZ3Wiyu7v+VMG$zdiv!1)R4nH2MIhzreYs2EmpEkPx2^6c za7My-ITg&HzNpBdiXf27BVCRMbFgqjAk*coo0Q`=V2K0hO+i3{z!?d<34SfF1&fjb z&?pa86v+Dlu*3oMPD3Q#zlf2r?}MP_T?=`AK%+clHIT>Uw8R1Q)*=$0p^Fjt1PEH* zKFHe%8s%~Q#4z^f7hxGk+Wxn=FXCAkF@&^lI9K>qVblP4>z-9|^u$;k$`h2{8A-%Kj4PG})JXUg4LC-TvEKivEGZ<~e}l;d2a;Gf3eA zV#iae=sXW4baM`odoVCFNO$?XQt>cM=$uakrz^~UEA-w9a}E;vNQF7?3jJ_XrwJFA_&ScQ$(BxN-L2 z*^zZ$tYk)UaUE-NTZ9cb?t}dM#_C%4Ck{G!YTE78x4tUtjnM4U2kN-t+m7|hb-c_1 zJQu1cT{?Ateg3U)56{VdB2kn%FZyt9ymv`P`;W$*Jk{%8={~xiq69Yr)+160Tk#ry{c?vtmel*np*D+UF)FXS7F+Z~BmE#h`ZRsWprPvN~&7 zuTSx6>&xnAc}Jgp;WfYi^sAh!T>hygp1Cj1dLul0&~w~*WajrCu;8)K{)PFsC5Gob z=FbgT(y5{S<+=CoJJm1Bis!u=dNp1&Fi|+p%dPZ=T=&c!#TBDU;tQKY$Y<-6ib3-- zO5*J)-qO;l6DCL7M<$TTrKJZ4o;>Kl!G@}=Q#0m_tr`S!{oe6bcvV(Oy!^o#RfA5= zSoV-5+21aOLjHfg>tOgVXD%J^_sD{i#>IPjy(+yK*S)&!jc`SYQGV|~#%!!yQ{^Lx z^2Z|!_j>IymTmaR^2cY)se>B1?ETnw~p4cqlu=#pGECIjOH4|fdM9i~>*foIB z=WfAo3a?20qrd8jBvKEM{L(i3dT9+PY1H>G0gj|y#w0R)<|8$23Vx#ld>)UE_h>$= z#fy&gId5mDv7bgKnI{Q7(_W{rS^kZn_3_fVIEnKIS>;V_G%^Ce8P^*E6Hn*m#Bjt7 z+J+Et@xqcBjc@>`uOx^0S#1M(`Z~i(TMC%PV(~FX2c}IRq%#*vI2j?FPcgDhE-7V zWJ&_u?C=aPwg%E;v-pYMzJ2^y&G`U*8dk0FVs*^8XPN66@j$;7AjFn$!*8|^g;Ml2 z@&ms|Pern!j2J`0{MxRW@jx(X56A`C?{5O1K;S@%_xm$!P}2s_A6SKOFVRe{VT9i! z+C32S>EM-k-Z0FJXwU|)2KO)y%L&HUh;OMDavXDEo}Yz0_=QY`>+Zqz_3%;hKG-31 z!NpI56`1FcBU?b@3SuZ*$uD7~0%(XbfHTi97J`!{jbHj1EIJGC0cktJibyMd2)=9K z!y6X~{$M&D!BtrWz>Q!ZiHDNZqA{Wx#1lZg*Aj8U-5YTxXsbbc!q66l+q{@pat?^U zc1-7aUdayl|8D&JqRB{p@q|)&F23YSg!M#mKn=G=VvanVHx{3PTrY>hSY9&@(!C5; z=BPz1tSMDHg8ki(V$WyrYSi##qHm!zgH6*+Vbi=v?`l@@6jpHo`jV~UDccZv1H406 zsV^XA0bA+V-vHeNa_M*R`&P^h)YM8{_<&QEO}9Uts)v z(LmK519=lyn`9nwHT>+YI}L3~D0Tcuf3b;HZL54y6wNjy!VDn(h_5?-EEORd{L8xK zpW*n2-v)luR#ANH$h84*Wndbc@oA)u$ZSP-3HuG^J-#~w%X)>@I#f5&& z4oEdk#yCX_KsQbH0(>|t$0nN%fS&64%Wohrn~dKT_ezTK^DU5Ep-b3GKQ{hF_;Qb< zmNPns$Vj{Zl3K}jIqyM632){SJ{sYi6pj1|@iKy{VsT7W#l4KbA!Jk{@;kyYnb`2lJtz-^Ak2hj$3O^M!~tCJqYn!XpOE42~EuGk9R` znu$y%?MyF&$&BS;RKJCSXt;#)clSeqZ2B#P>zE+dF@DQxgnv^K9Evd8EUj#oL!g`C zbPk8p-{~_m)@BZ;qfy7U&9*SDp?oRGH_)`$T+mj+`rD|;+qBq3#3&-owAfs>k!>-G zLu}9AeiC`vVy827cwhb?Pb2aHILKNM&W7S38|P>{goZ)JRQDJ^n$)zKna%1!zRj_5 zcrn38EL)7@=78^7zvO&`Jg)_CIF(!q>K{8(N9+cbJtZ3!O(O|n={@{<1iA5)KxhU# zjhXhw%?zQe$E2|^#MM*@whQY2#6wANkOT`z}MCr-#eM`+9j5wu`lIOC6 z!zZ}T9Hn@%V3E}EUSBe8tU8=XljlAz#O1j!!lF{1eoh3#(B+PXenE5Yg?USu*!`17 zVep{Ag&T!}Hhf@GlOUE5PX8dp;Tn@!4bxj&Ot=++l=~>gZ014Ip_`aEhn%H^54h z=`%ZJ%G(DcnHgd^m!_X=Dz01-!z5-QCMPYt(-EX`L0Hs&2y8s0dJ~dVwuud?utXB% zt6>uZKGQaq@0frHkq|~R2o}eX=zPV%)9Bm`Yu|Sx`koEIZ(wY+MRYK>FkPJ)q5D;X z+ah!si(j>Z6Brw2017@?(`uaQM!vxZLXw?_i$_J>8T>6F6qq!r!U z4Q?|oZ>C76+ir1CaCn^v^WC@a!0UUb(P@WeqjWr7W|ON{$wiplCRo&Ygzotkr_$w? zIO%lT4erI275y`L=Hr?CIMWd~55^7-a!M9EgAjL(MAv`e5A~HaST?E;qb2_XYNC1Hu z2!t0$=`amQq9eQ=E8pCpdDV1m!D{FTZ}OBMmL%@Oe@xdHlCT6q8MbsP!)#DL39G6Y zKBJ%qWx!R&Jy-915RoCsxMt{>Tgy2Ungz01+*e%s;> zUDt|Oq(nq0;+uxGEkf5uOLn^%pm9;J%3A<$u^}y_bBlpNmzn_Y6dOv1BTKdSTzET) zBgyuc&UM|=m3b0KAz1beG2e5b-MMUG8eD^nVUfg42ABqWEbMWxoIrTTFNVb>ojp4k z2f*jTZh>us6y->{*nW@X)m zl{mnO1z13#7(?06vVPUt6~LzFxO1F^R3)0`CBGer-HqTof??pW`gLAog| z7bU0u(6+R6k94%W(YTGRs3|_Ol4bb$?ZXZ^L=TA}Klu70Vw*feFeyy;lO{hy&9BY> zQiE-1q01+8?o(GPev!7#8*=hMI+-JW`1>seD9ZgtQz|%n8h-oDMwA6*R{1`Nz^KWH z)#^ISBtFsnS{yRfHo;VIig}yeem1frW|hlFBD0aBQ23VgGy*^Tvlb&iVu~W4gG7N) z;VL7qLqG^4*AJg(61T|;4#e9-x>D=!np9adBVDTZFcmHhO<|G`;=OIAa7Hn$OZ`Rj zf<8mY@Pg->0ZoXKU6Rh8fRg>mRJv^p{Mv?LCkT;0tvAbueUQctEj7!V>NaeEp47V0 zUVT&Z^3^pwT+4&H933_I5b3%)FyS?NC>2ef6HcDUb*GCN0fQ&t436mHe!qsB4EUPg z^2QAtYPg-&P}fq&B$#RtBl%S(o3hE5Wx~5I0o%rwy80%QLBt+YF*XQrdF+&bN~!TS zG`7@iXsK&yWI@M`F7KccSF(QAI^?Ud!|bS!Q74a1n-kNP+2+BksX1=(3CC8?o_|73 zjVV}59cmIqZrxPV*ou!DN*XAAkYSsl;MBA^Z2jM?ZD8dQ&V*BuO!7=P%Z-9y?>;C4 z+eeob-DJIo2RCHu?i-_>`0JX`+pp#`BLt&c*cd?_ zGOD}MmAXrU)I9f{m@&jdPj|i5B)Yu$EJS0=ur|;Q(OZo8^06L@ArY8hd9u4fgd0J2 zz%Z_er7R=5p>cyb^zOt2h54`5^3c<*A7qJPE@7Yvoi5h}G~^LXKEaxYe4-&@A~2U! zbl1b?!+ryn@ls)VhlY9F&}HdDx)_l&8U)IrEBw=e&x57Rc37J3;+_sV-H9zsx17ko^p>*Z~f<3`X}FRULa2XBtGyb5^QK@%e~ zZU;dy!>%pGdk=6aFB4YeJqfJk@e!lUV+aalJf<+|bIZ`T;8I>TtjPNfu$EVg2~Fla z1O@Uw=)~6oKAGP%-(OW6($^u~op6~h8gf(-!^J|Co0 zUN2aYR|J}h?u|vjRlHYrM#6>wXnC)f;{XIY2IUHA{JwiR}wfQVLa5M<-LC_o~(n1<=~E; z$Xne>-c^vd&&i@A@=ot0Z|e-toU5X|fv_U)yiW3F_Qmy&fzF6L9_CSGv(ND!2$YwA z6?va=^3Y9;SwFz@Hg~FL$~5P*;0oWH344t-k?=zv+AraU^N5)2!S+eG_{l@F4?r;e zRp3hyI3r=-0MO-l?|7RBmSZTal!M=$lQ4pMv zx+^1l6X`4~ak|SVmKG-NM7SpqgNJoMobJ-9AszB>hP#>=JS-n^x~rcn9i90iPIq<1 zhe8sU*VLY@02pG)TLPGL=8ahLRzy061upa67-H}+Z^XibOQ+$P4tKG`=fmAe41VU5 zINjC%mmQt?Bo_MD9i7=Dmi!+}x|>RfrA|y;Av4vWp*p;t*axE_mU6L*NoTo;CC>$< z_ptYhrvAahauEy91joZMdo?k5SQcW*!)`}sS%@XifLkszJNY?o?j#10>sne# z>t5nC{J^xs<~jUBh4(v5`A-o;&Ox}eBIj9R^Z}X|VDlXQjl!=x%sl_WVaoig!>p4S zte=4&m^iGDH75<%41(Ex1@o%svs1vZt$i}W6u}A)+gdQ&TJU6r=P0~TVYaF8*DB05 z75X}bwuu6AE&U$~LsxV_ z=lgDw7S2Tl^x+DZDxT?zK1 z(QhSodANhv)z$rq=OIP^iK734*v0*o;(0^y{6X=&uW&ZvN!$X3$12Qkg9%Ta!n+i{ zU*Xq@U7fr`?5;b10+#DeI%rb2eH9)^?BW(FdWoV}D*8-CU!ZUuF)U3Zv8&G(V%Mgd z6#aZfzmyo3W*1!Mc{cD~(p}uI62sEmrSN`*b8romvK&S1u8Bv(mFr^}=}zW2VpsO5 zihhE^ixkf?Vpy6>75y4wcisE~uv|m;k?zvEPvHlNUAoUG`fn6|SK+@X{s_{MxJ*aV zJ&M@X`7mOa?g&L6tLRgSVQG$qOIasRar1!9~Er$n>e1nik?u|=r3?QBNW}} zGH`Uh4J0zT4=VV0g-=kJI+}&&G=-ZKUZ*hMC=&i13SX=6ZiV@lj?DSrQMg^<2NmA0 zFyE$-xCa$}R^gWwensK;6n&e$b>SoT+fG!UYN!DO{@X7==Hf@Kl9oDLhBv zMGBv!u=yU7%ja@M=Zj2||Fac7PvP?wzDQy7{U#^#8b$wt!h9o2lr6ak{&QrKrVYB9U z*WwyQU#>7;R}wj!6yB=vc7-oi_%en0o|DMoOOS$ZR(PMncPo64!hFX`;y$793ktui zFyC_${(mUU_l;x?kfU%Ph5IYa7m|d(T;YidPga<3ED1kf!4!Oo!lxXgtqzY69zjs)W!nE>hZW*vgHAk9eFU`-1wc^FH&D+^$dE~+iS z6esyHdo{>6P3L?HPXb|*Pv%Fk$&br3^CR>Mg(oRosqhSi7ZAHLRx7+z;bjW1Bz9$N zQh1%hEedZXc4geI@D5^^|4S6!N$m1-rNU)Ep%=Dyk%hq<5qDTle9{j9?YU_P&;9PVR( z!QqL(*E!7f?AILT9-DkuZYuCM9eo-w*C&*7Ebx5}bItohhpT{p>@e5APdHoy{EWj5 z!2D(_<(vuplEdc!zv?jC=PifX4u5f&Yg?{Q824siu1|>X2IeA;H}X8--9!z_E9!z}v>hmQwdor54znJ(hGASr-{No_cqg$NvsXKu2Rhd+r1u5B(P5VBn+}%%f7fA_ ztKDHfXL-osO5pttPY33{C}pzm{oLWXz}zDxo%QfrhdHOd;qW5hcO7Qmb zZ@!%oe%7h*8y?4BK)T~EBW44^OoA0$r7-(}&}$WLQn;0vjSI6KR`5=R%{=dTZdCL; ziCH+9c38pt6+TGp`rFG2zpe25#Hd3Wo;4Cotu}(qy{+RJsp#eaN2}$-2QW*0EsiI5Q(Ey^5Qmi;OD0a+_nK(<{HZ=lXqBvQ%J>c88u&h z-zqQdm0ud0F40#u@AAA?V%K5R4~$>6^UCbKU&+3_Ij4W$y(eF>^0dke$HfN}HJ6w6 zgq|v|Po;P1bqkyOPH*mg(Fg4@uXX;y(!S?RFC6Q~Gmd$#a?Q{K&*dDLk#k^UVtRAl zqYrGlEZ(zlk{^$>esIi;b+xtW&(!YEo;4;u;mXjD%43g(KFxlcXlmavrMxt|sCixt zqU)RcwWoUZrTy|tvn%FT?KvaAc1(NijCLfH-<&;h{_H&~=eK_Fi^T`_XP+{D<(_qk z+DFHnvLrDk`_aYiW7;P^pBS3mp5MOm`PS!)Z!3B${q*%edM_TH8+o8PrM~&7O}y}; z?pA&fzp(zH_g4J`AYOZR`}*eG*4ut`OK^pE^4lLs~y_9PB0+iEiCO-@z(UAGxAIOSjqOc9#uSS#^rn0eST2tnGe?;Jn@xj z??KfVKA-XPnw5K2+?%()H2dt&nYdHbZC^`&`4Uv8(m6vYC;@ z&;)&DyIP;GEdNw|`?`Ym*83jKPn=Y?Zf;rS%ck0+xxlf%K6c)7nL2DQC7C2tg^DUaz}Pq zMcK7e&@1M9Xs*dw^D^4g*kr9WE3O$aeN+^6hz`>p0qv;ir9EqrKv`{KNFq@ht$1r; zY3~F1WwxGLZ##Pb+5JPuefNV;@8zBr`@`Y%nf*P4XW}t1WbX7M7-Q5f1`-vTWy0AC z#bgm)SE-%seT@4EFn;~@NXq{lIR6T7HaudW5A01~Xz*$P75c!ql7l|5ZQxDn1B<~2 zePFp{Nlp1Jok;XF5+fGL zhl6VMgQZ>r7=7-0_)VJ+2IvPXfYaju$uCh7z5;?$Lq8ZN*GT%wOfti-1XF5y0>97? zRu3m0=NTF32jhA+JDt03&=2-SI6c#!qp(^2x8dpIWpHCJlRwD%I5^P=Kbf9&haoWW z3@*hDN2Wn07tu%^sM*oTapY(vhxu8JXb^E82w7IzO2C}2fy%@?FkJ*f26Lf=lM(U1 z3~FvI^n-C*EuCvq=m(=bFYfe%F(8uuYZm_!pRuaqPCpoRNG-5cPiU%ssuyE@^%p<% zgXJ;mW&Zb>67_>o-IPt~6`j%{lLeR3YdWRZO%$X=$s0v-Qa>1X@^YyktUZuCE2PRW zJEY2Rd`OjHj)~$V9}vmV)Wr@D{a~0b0{vhN&ZT}ZYWTAG&kd_odYS;2|6XCHvcuL? zZ=>aFr>!Y&X_=aW9uo2#C;p^zA#^7A)2m5-E>hE-_uNp02F4aRO)v9#f zE3KcOTCer;xJre7u+!ie{a}MIY(+m93nTi$*nqtTk+~wmD(}T@Jm?2w zE%f>Z@iCESi3<@4`oWmbUcWc=z&m6V zepW-SRSGnnHN^XOqZDYyIs{xrUp>CYG;x4wQcY4f|c-9m;!C8`2xy zYUmyG9^V4SQhM*EcMiS0pBnaSWYnL_Iw@r5xEz4SU-k^Ha7DL)bRpP^NgMuM__&D+ zUiLDUAOY*2`Yw671$ls>Bi_Z&XxL#XNRJvT{U#>xCIUyMA-xiRQKYTii?==&QfJ!!^4VdsY0ybhKl;CS%yQ&aSZNnEucHP)UzP!!euDP*7`#Wgx z{GnUCLTm$!M55Oq-o$YLHvm+kCxD&0ttQTPv}&PMdJ~s9+Db)ZhrS1KFE%tNEIVL& z*;C10Hl7Xf6%&l^cOV%sk?Vtlh|352EOcrm;`(LCLb$C0CFUyOXErU}giI9a?*#Lj`AQ;>ILMBJ6H)SV&7>`w>1T>hyHxY$_%#{tC24AKLoXX`JRBuf}r~8*x zZ;AG+6w!W_s+Do2byUVhbz4p$lu@_kyik-yZ``T9a^4J4#^t`rmSvT3We-CEa+1op zaMfOFjMRQmkY&_`CADo~UJwmpST!aUXo)ti0ZH9im=Kftv68B{ zjG8d0-kRFi)(vIt&(=aPLC+TI5U)m4v)32~_eZOb?W~4t978a_B{h6a zNGj&40Cc*+CJL2_E5%ubeXTC7PXtx!)N@TjX1vKsYEnJd6id|Vxuz!h0!>^a5FeUx z=x_ru?49|P0o-8^dzfJexXghLs~KPjjE%TRMQk?_2iu749sv~?LOLBMusskM_IB;# z-g98A#A=ZUB|X{9(hx+3lAdh3R^B3!N3!G(;gk-4pc@d6TLngI4O+YASFIF2J zW&<_RM`fpv%Fd1;I~RkITdS$q^e-Eg`a!=v^pUlP*Y=d{!aJiJ0o*H-j0VdXXXeb|_{@QTPHE+MUX z49*jKGyZ&`vXJw zz^34kol(g~51Xc|j<8!mJ-nblGY;~M?`;AZlYw!~M?4_Wc^5VV?tCFIflZGeafA&^T&-zYOP)CKTzr3;l^!ZiS1bI!+GM2Dg1f!}V6ZN$w_0ZU{I z=}Zx0RT2(+o7;l$R)l@VgfFB+o>XRRYg?=^$SNppmLg&q?Lycz=x7+U-oxr|554BF zj&};3ov=}8Iv8EJhme&KgLe@8QZadwkV}t?$RJGw+BBVG0(J67DpjW{l!8i*%ZBff z0(Z>^0;RUP<^zF}4<2CRE`e$nl6V)9?P{iM_@GT*zgFCkk;+PnqZ*P_Qkaph{G{?N zfqq@8DH&TbasYg9!(vhl2CmSQg1w)E<#||)Av!O^M!XH)pgly4pTe}Tst-!oA1Qzi z6O3lldkqOcyv4i*mJx1%{RS)tjhNj447(AQVPej}u-O31dGB0U&L+%&n9kum-p0Nx zhL{z)9agH4-A)W|^3H-~C2D%-I6D!31uQF?ySZYd3+piUC^4+upTa&3`=X*VoTFRJ zG*ny2n~BnO`!U;(xyG~_JP=!s-sY`ZyS8yXl%1hw{vD-hm{LsLhRdjPYnbPUbE$6% zo90Hjn9+U}qe`m|6j5ZBR6rIpdby%bZJE`Ig_m=oyo~s~G-9ig%&Nf>m0Xt2-yTN7 zOv7(Ot>&Z5i!vy&jN`tgv1oAzOao6MEnt+=<;W@q zv$?Z!&U2y3Tpwlf)u!lL#g|pECJM$FOEA^4i8PxZ{^lBKP3G68n`cV2+UP{Hd9c5E zh9})9729YO+4V4#jV339P1T5^IhIru%~9o@RY@l$WqD799x>gLR?i%oHXH-DZRIc! zb1fRqh;4mKzE}cV;!xT&k6O$gi5UHMwm>~yu~-cSCd*jf^I&deGc`JX;o-;u6J6~pih6ahoACp^rr<%(o6?7 z%FV2Xw6)gxClsVDU*5cK6IH2=_Woxyp>em9hAu91fr%7ZI1LW3Sah-f;N`>ePAA7< z-pQQg@V#)k+#=6GSRS?^egih@@H=oR4?DKryRha-GhE)7(U49|9>(ReiU)Ow{|e0Q zXY%|V7`wHG&fABdJ1k2V^87QO`!=UvFlS)q_%Qup9p@OU_^Y9@{;U->r?0PD)97i+ zsd=pJir83om9P9i)|S+S1w@{vpeT&QH+^jI?%j`S8%WI27b!lYk0-1C~? z4uEBR^2K4fiJ|4y!mka(XePrFv!!Wj&2REY_>KjMt$ZZDdEn`suJjU0m2y-mOu9D$ zpQb@XmVK+logtJ;LK<6z@din!+m4RVil+@s z7Z>*+-LI)QfZi9d4VfTtM$)<-el4#8+gJslQC^k{V}H2^R^kA9_fVc92)qknTHZ3q zTZb8e@;FN|jPf3bl{kRjFZ)7QjEX2>k04Buz5SKY(SYfT@;C#EJU*pmoHAIN#6WD) zb*g8E{{~j`EgNiSEykf?7%gW)G-qJW17AhpvpmKNX7Y=<3w-QPVkGQuAn0;b9cSx- z*i<;dtH@B5Hp zN_;r+XINtHj{X&vcq?eb96!e}v3&o$)X|xD;&gX*nb%Rqod)+7M{~chnz;Z98Z+Pq7kRN?sPZl;Ni;drw$*4`?ACD!u_4YT;&~7^m>*TGFg|z z>8?JvkPew#<=yLe65t`0bRTeZ);Dpwt8*SRWL&QPc#4IX8)*X^=1TB>hq)Pdh!}Zb zTM?(b_Tt_s@ZiFGlEIiFxLx`?iUrlQQ>bY{C$NVRrqOzUsCvOh0S~2uDnN~{Ulwk+XS%p$8m{~v}P&1Na2+VpRcfaXVsN!x1!&q@O=tDqwq@# zzoqcs6i&h9BzenIIHB-7g+HnAc7^vUyafGPWY!YH(lo%8F+#ne@(#m!#IB4x6#W{7 zcPpN+D*87R{acFupu&$Ro@W*PkizdN9K#@#yzxVrf=4QBbj@%e!&E8yVuep3cI9eN z^i_)9qVRc&=TnM)siI%5=(`pDIz`_{jPlUjN$f80KT!M+D>~QuQpRVAUECKG&s&P; zkBa9nz-&{_{~;_|rMz)sS3fz#PG%vo%TI;knW^wXgMT&j}v6Fd?;<-)n+^Oi_ zQ}l<3U0i<2RPyt*;(1Z={8sV&L-B-hp_aIOmsVsRrRc+mT|JCbc&g$*7MOL&hcZhQ zeVL>4OxqVNq0|4`wl6@Euyz6&Pl4p(@V!eCg@3NF(HG<5a?D6tn9>5w zY885x!kyOu!ZTFy6e~PYVRQX;bv{GUs}$y1T4XL(m}@qn*DJhA;WY|xRG8=UB<{ru zU#9TY3V&YV>lOa0!nZ1Xhr-`c_q3g>P1PpTd0SMEJQ57tC|xg8AOH;O7;7N#Q>z%=;bT=UQEG zp29~fJV;@lL>GRuPIL7$QPC$WJX7J>3iAxR$l<$5g87n#;4>6HSK&5=Kdmqy$V=SI z73KqYp?^(bbG*Xk{|-gJOX2$z{(-`LKrb?%QTTaeYK8e)fbf4^;ky*(`_jV07X<`ArSLBm=6lh?!*>S+zoRhU6A*e-VZIA3bfZ(! z<$s8x7b?tG41}K_vlh&^4FsDtxs$`!3532@VWXSU@oZ9bzE~jqS1G((VY9Y(arx?j z@PA9;dlhb1*yv<&agB~khxw+0$a!7izbX8I!ZE}X{vHbVQn;_eLlrJo*yy{2pXNA4 z=Nl0sf3?Ev6*l@V;iuu75yG!^T=EqOp?^u?TNJ)s;YSsITw%U6A#(npFyEmNy17q5 z7)^ggPbgfj@OXviD!f2pzJVd~H!I8+GK9WUVZNFn^e-!Xlfp(PrpxEI75!d?0X=z7 zKAYI_bH7FI836-2x<-JpL=CXnGjVY{%MqCg#b2Osk-{Stu26WA!j%foP*|_uxc?^U zE>(D$!nF!FD7;ePCWTuS-mLIeg|{obL*YvlzEyt&jWtI;jO^j`y%~(;Kv=l0Qf0~*)M+KFz*9iaCj#$_g5L0dw8!qd=)U) zb);VdEP8X;cRp}*9*~S-jX|CpfcZu%@r}T_4u1ouOmg^L;OP$k8Mw+}zSehw!&$)94)Z>MYeJ@#2VCng?+LgjB)t!Clfwgn z*E`Jn1D?Sp58pfBIay-v?QeH@1Tfc!r1KTcoeq})bA3p9IWX_}i6;PG@9;$68y%hm ze5=E}=eX11V}ZZxFz-3q9i9XHki)$H*zYjkn19mY6M+vpya@PL4)Y%6Wrul>a>(IR zfw_myeAWX0$zhIz_Z{XTSFR_?vjI5OVIGP#dU-(SeT>n|1H2WO>rC=r1e|bqH}Eir zZv-Cc@a@3m4zrIN9X*K4K5lgM0JD$Jc0Am}pYQPRflqOm4;mXBP6g(glX=JhUgt3T zDc78&9|g>B^bq$0=H4tZ_m6it%=?wkI?Voijl+$=Uv!wyCcfgShN#Mvo8h6~J7tQYQP|Zye?U;ny5y zA2fP=z_SPVua3_96)$4r-Ub|V_zqyB(+B+b0{3$C2Z4~Cm5}%x5aXbo~HGQwYaK2|L6_=I7Em~?sRbA%jhmkNj zL-;MD?l~pDc>a>}{uX=e1Fu8970;j8HoZB9N<$4=_MqOLV-?+odV9|AuG)&` z*XIwOlmANZ$*~t+X*e}=UZ}XHBx98;FY8EZtZ4qc%=`yt6wj}iFNL)g7w;L=TNSEZ z0xM9%HZLnLtE!nCJ2kV!)wh;PVe>LAUs7;U^UBM5*QZ#<`sUPRxbVh%b#Ai{OZ$b> z5(i2WR?3l6w|w2VVeb709=YzZ&|sWYx&7z6UfuSWGmGP|qYZ2<9Ye}UH@C^KiM>xd7c-w@>6er__~9;UfK5EnYs6up?BEtzUYC=dGK(0fVh@0 z`hPMPL^zcu)c~czx7DZqAL@Je@KBR;rI@o18;@sD81ItMXE8??Nd&kj!`igUOj=IG zkWJ*WsP{SSt0M}zd_Jr9n=mPHG0n+X4D<|50||PD-l7wVa)%mvhNx^Xsb^>xe9$w* zRW|et@q!9HL%%al$`=s9=ovZ+;sZTHd>|X+%x(1w#dg4N^$Nvm7-7p2{KkHOpXhU3 zh^BBg4820U2}t$v6MbnL$X*&X`$DhKCBTt1UaFv1h%33&v}?#Uz~`+(yob{(#Pv^h z+N%tiXIg)HX8Byv^uc$G;KccZta8y9jc~b`alIih@pLZZ3`g9cZ3qF^iJ)di zBjd@jk{sq|wGCVgLWY&L6flb`bSB<`X%h(P%!Lw8MhL$G)a=^m1wNPiX)lp>kxzME z52sg%0g*KB>Orp%V^#HVdWGIc$O12CBxr=W4FFTU9M+e)0iYjxg}%g^yUf28EZNj6 zv;=;e(knWpLnaF@rPp*yubU`HiIUASosywfh{p(`Z~DBe$fjPQeSzdzAytOiAytOs zL#hmOOcW>CET$q&3|rKrP9*`xcv7DGnE~- zrg|HVLpyCvnPo0hY4dW(Gak}R%^}sdm{OlGSLu01kIzPW=yUJtX@YrVXu>3cJL0vw}PC@X@M+)GS%yy=vpSBMSRtAzB5 z2&=r;Hb$HnVI}oSAwDL;yNq7Eg@s-r7NgfN;z^O|#9SsruMo5C<#E_UuMoFokJ=ua z&MnPUOc7pehN-|lt2eCjVlz!ifSVnj;l-#NJT~iS@b{%YqVoZqJ|bpZ^bs-Qfqq}1 zz~$TUiz{A?x3;myMc|6@Vv@4zTELXsAul`SjGqCUp`OxAelL}yJ7qgh{Y6qU!IQF! zicnHhInYzSNaZPUFa0gViklxZJoOm;BZ8t4ZewO#Y9Lccrwki`qcv`liblApnQlZT zWx1fi2s&y<%Gb_>oB9&sq})QuUY|K$%5AoKmUt=qh-RdMjsmd)w|lYk;iP64DIhjOLGIp6Alb7bX0W zly?E_pc|0XiC|3_%}r$#%X{_2>gAqaz61eWs3lgyHt3Ti^FX_k!*Fi zEy2{oZT*=)qlcxCcO5JMzt$5J0NRKof7=nx0<5>;R+7qQAs^k6fuHrEfYB^pTTs5e z2xj?iHo-`nS+GUtLtJK(2O)}}Ea&i<{4O||Nq!2byG%ZWaOQzWAxt@0T%E}SE*GN> zg9<5r8X-%N35+6k{v56a*vZV)*vre91{{rW;)q5#3k-M&&EnUA%P79`cYi)z`f(lm z@x2Hh&Ra^qj^p%?u(lu9Z9|li2r&KlCd9J+xRL#MIq0SzuV6pkNFV$0D)!?m;j{ht z42odKT|E*Y=(zLYF*m1cGqB<^9hdUD={Lg>&e~_c;c)==C4Mr9y}|UG(?MjD)EeUA z(0R$~T!>EV6|M&ZTcXV{*#541^92ZIL+rJ|CO+CcJ7{z1E&PyBH@)S07ys8bm|Zm4 zVaee#bT5LK`2kpLqCa)b{KH^i<|i43E}4JIC4Q<6?wWa?5MbJ^ zhM_~b-gTm>YDjvhsuvG!%zF9u;Y4%lBEvH-ey35y{Xho)#Rhj%FGb*B-g=^AnJP=x z%P|OIy^J$K-PFr*U|_ve8-_0R!qp}dKg$Mpt(Rpk?VXZ#(B8%M2r|RV3@r9~GqCc! z433)tD^YF!0Q{Jhy}$cBBx5fM12~wt^)sBI{y>fr?i|{&HIQSg2d+1EYz^E797Gl=JfqP}0s+s@YC)&OdQhwz?H4y90hGvSNje_DW9#H&bB++2p3d7dOd`VPI-s zlL_-+XHS;ek!O|+PQaY-IzHnqG&~ z7rcOU`Wv{I&R|O&4Tr+O09Iob;+Oj;C=MN#BkXP2?h~vu^hI=70_swdl4!*!BM@e$ zQ*R+1SBgG#U9>(bS{2B~RN|KlXrxSsmrAtsAO81@N|kHA9yXb#NGZl6QEUJZht*QXo!iod6|FiczDaMr4|&7~{r);FA8x4yBoal^Wb^6}&G9<{*I zmgeTB4W;&l>XN3`(PiUH8k7MG&*LWE99wk>MMbkkegZz2!)>(%FQiC6H3TvjOm>gMl8{<5;vHd zP}+<%(T!rY%2@3rnO*oTojl8_iKTz}gwJCBQ7ZH((be;76ZLS# zMd3PBK*VIwDCj|PcT3@3mf~uPEuvMHV~c2&%GiS1!dV`REf0$obt-l&g}>1>(oq9mrb0$rRw4u%jDPdcwaYIYZaw<3R;HlZzQdi&9*!h)E`<|##ogwd&ayZni zXoRMwx)#I#p&Dj7#9Fl$iV{A$t{KrT163c(p}>Q0t3roI&GKfvyxQ7AzfIbd!G@NP z8y|$b5-sP>nhhOOF*XQwQfiE55d^PWzjlSIjxM@pn3Bu{Qc)XLtytUGkT7~+B>b#( zP=wQQYNGBFH{Pw16Qh%66;w$`BvYSKCMN;qL|(m`n&TFqaBTJL`6txWm?E^)EnkhC zHn(o7X>3JZc97xXlJ+svTSHwiYZ}J6t`q3sakco7wAO5BY;177VBF~PpckN`(Pg}# zJDb+&oPek;@dBMRQtzfichE;8A*&lVB@;m(;9OrCbRwubW6Drpi(;`;yR3l{#DXL@ zNV|4X(;JL5rekvPKcm@(>oOWy)n;3-Teevb!`$-4yhAORp`rn295B~Dbh%E+hn)?3 zy~D4;WxP~auBFRh$-~t!*D}Pih9Qp_kv|rM5G-Ah&xI+U2r}+6B}dj;-O1tli*jTg z)`e%(hD~cQlR_&_%X;gs6lAo;KvfJT&Zbe)Pdd(~R#i>6JZ^M<2#4tgql_x9QT3SB zEi0$W4^6ErLx-fg2HSK@X;!UoUgI?R82`sqOONLz(B|kOxYf0W{Yd&gDY9Z`UldIG zjuM;`gj)#9_za7~GOm`_3crjYz(59Xfwa8pQMS)g9+u^SywicTyrxF!CjDBJ z;{`-yIe0h7I%7TG0juTp$KaLmji5l@Eeey4PfU1o!Ap6RBl7r|TFbi<1(LY{L4mye z3X}fe7<(s4d6_PZa^HldJkBXJZ$n;p?e;3dmd4WN|je#dA zgNh0XhzZ_6ZlYlf0s_e$R8SF6Q!33% zR_d`-G((S-nx$o)z{*=zUb@&hT56t-b?ihJ(@vKE-*>(1+56dh2Eo$)r*eJvyVq|$ z>simbyz5=}%O6DZ@}mzPyoD;r8}!1F*If^G z$fLYAH!>zi$TJocm@>P;WqdD7$oZCe#B6-~3wVFmXr|{yWn}!-SX;s0!^-5XQ74!> z#FWWn`oPO;JG}VbdW+fOF||zI7Rg&^!lawL&LAr$AwRBSr^6dK^ z#CJ}ayo<+cy{-abe2l*k28-i=_R$@!W%96JSH}09d|DsMDkyk(F4SLDN(%qm z^Btd?bXAmRtgS8Sc!Qadg-i?axJ`#3`!Ek`e~_eDOt98NOI=X4I&t+Mj#Gmr+!e zWur@#A!mAfM#PFr{nnyEsInwQF;g=YRb`Sd8iXp7mNK(ms#BH90aj#Dmo%w{*vr}T z9!Hj$k1aD729`yK|FklDX3|Yzf1w$qW4@-$d_y!-7d5G5{9-i2+b9M0sQ!+Buaa&SU-!poH6Q9g|p)X;C(9$!5>t50qX8B6F7j#LBo%KR*XLgy>(B>_U zHx&7TfAL^XBB}2&W-Y$oOmiTGufZ^7XNH1Qigd}SoI_FPq;sw5_i7mH%pPzgNnVe+ zrHnAQeB;Ki&$+-q1RS%js>=dDdB^xiIsP%=y#AtkTjCPtlVe@7RT}6=yn1)`gIIA`Zd|{Pjmb;!S3_V#7{N6Uji;gX_tvOyx*2U zPDbck;XJ9uGLjX#QVYn;O zNg}ZMyEW2VrGriWBauEpI@sht7U@HzgKOh^`AwvckPbHae~xt03~chNc`r(bQKErO zevkORX!Eg`3!X9J0oUdQq?qio^yF1_Zwlo0?^N^-->Eueg!7>2mUjxacX}9f@l253 z29_M&DcI6;ailj$2U~pCM|yYZV2kf%kzW2DuZ?uxBiQ(Fj`X~Au%*wJBAxdLw(#5^ z>AXjN zF3`t_4mNtfNFOgc*uoILS;-;&!4}6ck^dOc!4{rlB7L&xV3W`OIl?ndbg;=MZqR3n z4z@f@3#z+TAE5Tp11A4~Ye{e^b;$yqJOeg5ae%*0I=Hq)e^R*5>=j^IM)gWDe3{4t zrJI^(@RFav}9KO-v&pG@RhaYhGNr#_xnD5l&S7nO$9*3WBnEjW=-_PMu4li){ z9EU&d@HU6P?J&!_P5x^RAEXy<^urxyxw+9-I=tTDiygkkVfJ&HTlQ)iW`CyPaE3_C zKkUOa`YR4s>H{@;I4dOb_jmM(4xjEY_n?|v_UstG+Tl+-e22sLIsCB0N9cnvIrAM} z>F_#-KjQGeID7+G59-s>tvvY(bUrevaAse`PdWNC;Fu2E9sSP^*Xg4*IgQ}RzmKDj z0?Q3*47fhUlN?Vt%P;brC_3SMNo=RU6J;)T{42nb|8j@#bofz+f8g*>9R97t)heq@ z<}ioD8F|sKRgQjz!=H8dhYr8uaIb17-{HC77{^6mg$cDp*vjPdpvQL<&Yp|>mpl6P z4u2XPdG2xa2OR#M!#{HTFN0$k{s4~et6Jr~g`plCd3rkhE{DfBJjdY;4&UJLR)?Q= z_)iY+p`i`)ceKOrb9k-8;e5In&M!OqQx5;H!@JcMp+?zuxQcT!$Apyv*TM4u8Pm4?29A!?cmiFWN|kuXFfjhi`TG z4u=^>GPhrKc&o$TbvU#!Vp;d^j{akZ|I6Y3cKA0A|K4Hxh8Bhj+96SXlf(24jo#Pc z7KhmrWISQ9d6aX2qaW-rd!US;Rpy4LIXu(h*$&TjIEbh`+Q7(Xs^aFvxCU!XF0sl;SV^>9wXzw z%3;puF#3%SvoXWU+b=nMpTnVT9Lr?39T@+k4zr`f=%LLV`G4-{zjXL_4!`O!TR}_? z+b9k1=5TL^^A7iSm^~!s_7I21I(&q~Y$h@OaOPkP|0#|h&K!*NC62zrVP0ECbufzR z$G(y7!q#35edPFlLmxTfJp55U<-FCif(1Fg?oe~4Kv$Jjz~%Doz31VHeua7@;vvwZ zzo8z9IMgE%k8(T{z_AQzSHDD=)0|&3o!eOsui`t6a^{c+qT8h|J(u5mO&h z7D3Moe=OpG!q-R4SmOluO_Xh5s1wCBhlS7drK1Rm2|`raue)df{#ne@?h}#9tBS z+#q-!5Z*iD$AsS%@ehQDM*Na6Wfc6c3XhJM?W~kh(3uCH7%}_PD5IcLUrmpg`s&1p z8P{A4j_->-?qJ@_x`^|_7evf^xin((7yWMd#|mE?F?s6K5g#iY&aM*AB;mUw{dnQ6 z5l?#65(!MBGdGa}hJea96}k8GI$;0m54&K3MpH zhz}KhG~#y)KNj&(!l(=bX;PsKBrsA9df1g^%6RIaM;^jtJfRF!K1U7FV`Wh&>muEk zb<-SAo5PD8=KD7}eE(Lak+%$A>+lwb?{avn!;gaFdwI&?7aZOWCNZQ|tzD({zVUFV z{LasZI$-385n_{S>%9JmW8Ra=C^JOGwxgnn11V&ocQGQ^w`%se#aM$L&a&YUo0>cF z&*vMq<)7G=m;0^s+Kztohu8jQWc|SUnZpNUM`yO?lIlC^n$i<%n&NpiaVte~@wlP- z5KcjQILC%}=+CXm2j9{^#y{;W8Is`Q3QnroVBN*Q)J6Z4o7rH>W}cRw`GWppx&|_T zI#Y(Y=}eh1Xcf836nvd2(DkGwAFvYWK}@JH^e4}ZaVF1x#|a@iLB zcfw~KLZSaI$VeTWhJ(mEK-4aXbh4t=k)n3pDBf&CW~p#4yITJZV?`mf!GVZp%iMUI z2$?IeLWS|`YyU^Irf`hJ6@(MjP1k28nJaG;thjt~_eDwOV|X?|&u&yU9J1GA5I`G$ ztMff|Qost~DcS_A8JzIR-AKWPA_HWu#YOLXMatYrpvGX+yaMy3q`Zoi%-;3gYAfq^ zub@S>ln-O|~7o?EP#WlpNMOC6w&E>`uBSQ_w~R_&&7o(YD*L z2a^t$Vq~D8lqk4I<0Y1Ee(Nua-f5r*O@D|+!R=K?^b7RvE0X@?fXpB3wWlO4{4le- zA?*M92i*G=tBAQu*y3&EN=MyHu8jxUtED2oY$sPJIddVcE3e38v{0*7t}C>2C&y*Y z0j&>ve$u;~E7_rw?#HohP&dk1cLqSUWrvMB)$IM!jxD7++W=;-F4_3zcb63QFoab! zamkI}rBc||5caIJ-|5i7^}Sl)ab5Q z35iy+X{fl7Nn0IP4 z^Vo3{M-Qd7ArOcw@@U)vopSx;wksnaz9cn>`NSm-b?Z5FP(VckEP2+!pIw@2em;@dAeZ#FM7Pc zn`E}HNU-29{c8&Y^ij@VYI^hctHQ`Lb(O$)Ge|cXcRP%Ao8(;}op|8C$@`A5m-n>H zdsXN!Dzkf7W|NK83zGLeSt5^l8k6_$!sbRWd0nz5JA%PqmhnxJfH^pb%J^QC+53Bs ziZL3p_^Tik{QZ-#xe-imm!nodRA%?8%wFCEEjk$`8uBP1u_NC%%7M9&F?mWBJop}22is|k@A z$aARv(2Z}TGAUs*WqjiWeAn+J@r^Vl>F}Xgk7XG172<0EL}hlz3;1*yuf!ny_}y2J z#ba)nyv>rgCdxuHdG9NeH%s#1Ltg0QNe}N$x|IcjNwb<)i%p2k2GJ{Eh^keQpl7?6 z%xb%b@DVRLFOheT%1QEzDU)Yr(>=ZYnt$rkqH2E^vVRl!Umf;2;es-&qNJq3J~j)Y z$jZV^#3|v;-<8alRa86QBfy(2D(*t|YUgYIsf~)NGCg3iKs0qes|@t){fqA1&% zh<~9GTGn1DY3Etfu(VZ+9J{MH;P^Vovo@ARS-~1t6xilIPT)&bi$ z(Om>+sJD6z;fN@6q;wuzzem2cF|jei+_i|JZvT5;n|CJRkA+aEmm|Ky(eHBjYYuUY;#*-&X{4iG=!-Ibo9-nV%OBkJc+c0&NVZL6&0~{XW@EC9m+jxhMc9^*e z;|X~z7E=V#nzaEQ= zPyg^ON1h4rM31I9+~)9NhX)TIHZ1Sd&hASXF=XVBlzr#p;TtF`RRNEXmL#pJ>(jcR zMMd*=QHZA>x5jLW=#Xx_WBq5g>Obrs86)78#-#c7G?qM5WQ|EL!cUpAt6io-Cb8BQy2ctU;$bNxQ;i_Bom;K_0 z#Gh0zPqKHf#C;X{A^YX^5UW=t*?XbZRWW{=y$@~0sl$t;%SgdYU%m|#36Qz=O^*9A;G6R!y`ADYgW*uXs?q^n z&NbxZLJh}`)Yn&&4itCx!@A)#!-?G(^|kX1OUF_R!>$S~B?Vuc;vD|@iyuaZX40i1 z+!@sI2nzvU&bnxQA)-t)tJJUqV#0Z3XbCmQoS4R`yIMLo{;BY4{ z|C({ZIhq&I5nFNeF+CWi1JdF}OXnwpQfrM@CWCZB-V*KAO$MbW(+yh00B|}$s)JlK z`du{WAgJXb6?g3~FE-Mib{C5JxL7_GarrplRq8-dCqu_QZZIDi%_fh2g;(~Tj};ND zCO}X-;+ra4-uuq@P8N@k2l6c62o~Z*L%_%HCKnIFZ1K2I*upB9jM0>xld!pg@xNsFS3p!|$M~LM ztgg@pl?Oy+c6Z9`<1tN*{{EujuYyqU_gli|Mlc*uO*`F`**zeFm$ydpdWnWS`V-iZ zUw*8|+z2N3D}1cAF=g;aB6xY1x$x1wHhI4g#tm&?RCih2X+mTM^1K{%<9k4vrJrb~ zjPK7P&|EUbIU?jOQzp7Wz%X`sWv1BF4yYSM$e20i8DT@#c^juYLK z$uqO*p5A`E%ZHHg`j}z%Uo>V#!m0LWV(`TjRr@nA$k|0z8FHpK$AOzj(v3PrOQH7T zRrCytsxr}_tW%X?q_;?@)En|6V5FlwR^K38lFqR(BCi+^@5p!r3v}M4@f_x4P84Rm0(Gpzm@_Uv7!L0=^7}l{AO1)m zJbc7RH&n3GyA_8YJS_6>e5{}saaPeVf&l&nV+C}4(~=~c*_U*fAu$w?UTLg=x`>=2=cY|OY zD`?1GN9L(onq+SXJ?!cuWX#@3zdKtsKgoU?YIXJTm_HMG<4JBfhAnB={y&6k5YhRY zP`hVdLd*U}|DiwMtnk!@zu>rtzAuinQ=iS|#T3Q|wCF@B)Aw1~p@`z!(7$&b`to}V z-s#^jT((4KV$WH*c>dtOVl?5653g=tot&}q)U|I-|GwCHrYBm`uijDD-Kwk8Pg%TZ zZrb+@LjmckrulC?ED%Fp^tQyyf+1a`qeI7&_8sB&!vq$hF!q5D9UU<1S5Or@+wGi| z^wSI7`M>cn!aqtMo_A4_pu60MZ}0M*K0Iao5Y_e6?No&-{6igy`N(LdU56T(YK4Dz zQOD{5TdRFXd{f2qcJ|>%xp)v}>U!dFp&kpXU@}HeUXQ7?O^}{fY8X5EGP~M`XWfJ; zgC7;a%ez4G7(FMQJ4ZXhcat7-BbfY)4F3v<%IwPf@b6IvEpJTHjqgrj@9$UDTInwu z{wfHCborLBxe*K(d(xgXWp)pU;N?9ld9?qKr*39JUU?s$y_dVvhkw zVI`R6Z+RcSbr<{aoX4>%efaBZcdZZqtP=k?0v45p&&;NK`a6C2zo-u%n=Y}%Q0&8p z2FDw>Bht6X znEK>Y$Lf=xjH#mP6q$;B^0Tn3&K-qab=BUOvbobSWvj-f+GG(6ee#*2g*O@d$!YSqdw6pY@xP5E-?{P0tIvc;E9{Vo!w*RU*c&q->3F+kj%iMcu7)rXG z9WGNy-$9{^UreNT=HwU8VS?K3H}Oji*hXcm7%Ap_0Xn3G2ZR_ zUxw*_8HR7B>P?z2&~c9)=JC;N@_e61R)zitRTb`b){mza-Iad)Nl~8nH#VJQQw;lb zhoN)3uEhhl7LN_WgwNC%fxH={TUyWtG>r9f$?K>ee}(M4yf&GaID)}TMECM;le~`R z;=|mKculcp_g~E*-Q?ZjFxG2!(2u`OcHZCa>JRo8jrXe{1Uu5{n|e&PU~-k@(FQeT zc3Va8@bL2*{#7!mu3(xeA@4SLGw z;+fMOC%P$j4`@ATc@eBV8k zv3!hDcj>Wy`6CWL=P+f3@$6{+JR-vl+%ZGYnKyD0-#7{!e69U!Q7ReSJ!2 z_4OZ>so2-oh_Rc0XC7aD{Z9m~ir1_z|MfBz`uZP~!Oy>cMCP|<{ynz@e_nW&|Lo87 zUqjFQbv>QwnRjN+y)#Bx6O~$WYTbY9FVmL^coYT8+t59KgGu&ckGyl*Bd<++bA@*O;n7TWiSm6D%H%9HU`KqD#Iq~??Xccayxw1`7E@{6 zo8I+d7`qo-JaCI0@j6$Jg;g*aqbIM&l*w2tf?@2o%W+5j?aO56<+aJ2cLakU7TwDm zpneQv-lTKqXh-<2)njf1lMOP^J~U-^pBKR}c6+EZl?Oy+cDKsx{hjCLrG0<<>*6yv zhHK9bqRwV@%Vurb0e4>CwWIZg2BgS=jC1R!sq+j&qsMf z5GHlCGT22XL}nn*FQaaJd1aP%F|kBo991k>1!Lzr4SFr{u9%)09DUy@G<8xr_bn ztK`XH1y{xJIZ}Y;4~BR8+r3Iw(>Ewh_716(HjCS@eGjdO*h~l$=Am}t)UF-WRYBT2 zeeE~j*WRL(v%WB8nc;6a9Lg>}E~zl*7;*S^^?jjwE5pAPeP`+b>yM8Uw!ZUw9L7Ie zukJCyGPjfohWk4_c*M}*Z)WZK0V9U&dfzz?&RO4iPj_ZX)3)sow|qM{Gxwv$nxW5h zQf#)Wz^Xi`sdjYTz%HqAbVc>hft3%nJk{8=twB5EiI3kGPdrS8#o;t6>Kn3@V;5Is zDTXhp+>l9j7a=Vxvzbu-A19l=^mwH{_-1*lKKN-Os}H^gQ$^UKUhIQY4Qjr9K6cer zk73HDr@dyYWN7Jc*6Dv*|7>N8WNO|8#Nkv1ji%IoIX zbI~i#(f<^&su6OF{&H?Cf{^~?;PT3wIXI&t8Lj_+qTv}0OQbvLiYx8@f@2L9EnPZ)rA{~qg;_k| zU{B6utx7VL>%+;cNljKbJ*73nDXo!SS)kCaLrymXI`>!&Z>pQAtJ_Rb}*>)|7Gz;VVtNKs9j%% zLDXiadr%fEoj)%h5-kvyEt*$oZN{Ytf5XEPtV4w!itPA-+hGa&$V@qaPJPu+kA3&S z?VB7jD$Pd8F09Weck$N@6)j#ix8#t7|8oZ?pU+n&x_l4EeDUd5P{v1})yLy8#e;AY57Gy_U>2Xb5h>iq>AyL%V_wtCds_1B z`(Tg1$txd=xT`a1~aB{0R^Tvycb4kqwWg%lx1B%w+I~!YO4(BwK)_|G=?6_gqVUx_cg9^8RzT@wAJ=RCAXj*aKEMoj%O zIAYqx)CDDHK~M-vk?(DMhM*Yk4X)Ln6!LAX3Hio@e8UGiJlbLEJL8$+@QDt$IlRE( zr4FC%@CJuJ?C_@?zRTf99DdH>R~-&(QDT~evmhc49kPg-LAP-#<^wFvIib+vNLgU# zwK5W8^kt6DJu*gTABFK>>~I*Ppb(Mz6!g%!QN8H!kHIl);Y`tpabx@;e@3^wPNS1Q z4YxSFx5Io}#zQ?|c$~xUarjt=k9T;k!{PnL@PzjpF{2m0t+;g33ejl&@i zM46v<^jjPb-$JakD67pcK399Ef(5!yLw2(m|1@D6^E@eH#F7V~^ZHJWm{+qnV$yzP z#C&s%=D|-nL4E*JH!;ozrrbc;-N7DH7g~5IEe-c~*uT5MBZeRFX2w(xJoun^*67a9 z1K}=W8nz>(aUO^tQw^lDKi#eMhZTRy)ZFp#4cxHxOvSe=C+>OT;6+{6aw^JJH8?g? z9}4`k;?XJnKD&MY#$RScd+<(Hl8RhcabaCDy35vM^3M*+r=$s82iA|SOL32te~QFC zXAWL?Ska+pOH<+?H z+Rd^fyM+6=W{I4$(@$>{wG*wRbTqfqPi0O=b932GidzKO z-k^b^B-0=I7||PB1O|!Tw7$o-(*)WCz8-9+X|T4NhHTft z$t_z=ZL;Ui#}`uj%JqrPLS;-hGBhrVlDbn$eNvp=GBYaI*NJO-<@#!A(<;|zOWh>9 zoh4oZ-D94>Zb>Z()bl&?B6mm)VeOUl{xYURYfg*en>Pw1JvTxfRYQn-CA)8t2?he# z3~2rYe+W%_)2hubso+fztY%UsNNFZ1lRj7LFZcc`?3+pX)UJr&S4zLB0cS}pTo~rh zkFDBAqN@ENvKn2p!D3F0?Ob}MY+$1Zyl_2-ai+(a7uOMyR`+g5_%g0r@aUT_A;Zj$y@P z326-@(&;Gl>8q2an8M*m?YfeuFJ*jw_U!jeKko2p6DJ)vdv^OyXgFk`M7)Vf7yL1* zT^u?uVf-7fyey35D}bw3&zXCgZfIM!X6@|xYjosoF^GlH{U!64%w29LHbE_Or|aW1 zuv|ve!MeJ*uKn3iZ#)z5_8zN5se(e+CsI&0+JAs3lsf30^z_qns2){$0l!B&N~22& zc)T8XtR#Y-{KYc@Ap^as8G+QrKlF@1lH`@9yewV_YJ?tpk(jN5*xh01H+4(L>}XZv z9=m2P!=PUJic`qn|PIClaWp)q9?Bz9R5P-HO@>Jaw0irUyc5?!f z*Crn12^Qp$=E`yfwLtQAWlmtB99}Qa_K-_UXWn;>9xtz2me&-dmxkSuOXBp-oB(gU zsQjG3heY0$Ie{5P=ixhif0>!`&J^$Md^1Q7-z^JU+ch_1TdkDdahs;Bq0@2eho)3) zH+j*et7{9ZKhpMP8qkjBCit#0JyLtV9lIZm_+(;|s#q`ZK+32*LmjS%JJHrkr;fBa z4zSH}Q102h2H55`20)iv8bl)_evfn-Meq|YaBU15gJRGLBiQa`J1No$FSs^_xedDH zBV#UDZixrjWUh*IoPcX%yabcCbI#>JX6XrOlu+HK09KOWiI~;z{ z;qN&d>X0at`F$I&u2gwxWA8nLZBB&4lPnB-JNo{P&beR4f3Tw;?&!xmyesoH46>Tc zbzr?m)P)XnE~L?Ka`+n#|EI(Mj>G3V{3(YClZAnL(6Fki0;Vlu zbUrh~)OCjWP7M!n_#lV*#*Am2!+g(1pXu-{hxs0jXMw}Z9Om0Jp0gbeqg^rm86Y;E zk2*{}YV=Pze6z#1I!xQm_`l@v0}emp@Z%1D-{EH*e$HXWRZadc9S-?F#^n!=9_9-o zoh9bxw!6c$Ta2D}xWB^#93JBE7>CC@%si&aoaAsQuVN!E)Dbakl&$ui3Krb@ytlJC zGV)`a{9eh9cG+*{^!!t%V$SaO&uQ+rtkbY%4NuJJ{rns<=hpBJQ}FGID+V{r zIFFZ_Z`^SIwuTq?d#d-v-|5#Sd35FT-+BFsZ)axg@%n^`BM?7+GY{^W{f4PXA% ziChP%7;Tx|uTSRI+isbi8uzi{>DckD#6*VlD7AtNUp zTT#SvojR3lh4ktPx6GV0kWQ6CbI-44PFi^Bv9+2UjXPUfXOFHsHu}}NY~0}7u)$R+ zZ~8ys(lys@d3|~RhJ5~a`TZOEcCBdH{r;BbCt7+x-_q+hEj^pIE$?7I40VdBeN}&@ z^Qp^&R-8|55=(JDb!exwFQ)&@Jb9j(BWoH}UTHq{y^^Q-)E7k7d}<}8imI(L73WiF zMrb~Dd(f&{(Xu%v1et476LP zD*ph?Wxt^Rs%l*|d5E0Wd_+vyFMdL_q%&7dt`^AF+`|8tH|oE-GgnPQt*iNWsP{o_ z=p3$^gxtO6M#$SB_v#$3nuOe^hNR4X6LP+DxM~t||C-$(KMc7w>2x-}KXR80IbA5J zCNK4SE=$X&mf+RVw$2O-!4u+*WUk$$LY!&aVF*NZVQb8=$>Kj)ruyIL?<(#8j6^IoQpYx&jyEH*eMwK(?dJeR}_o~ z%GmG|(KCm@OnuUI^%D6y>XY)GBTBoTm1IVrEW0Z)VD)aS?hGb{D3~6=v}$NHy%0>p zqUjY(tIe)f0qeTj>{!Rzb@lMbISkXvBy$*v#S!0)d4U_{Tho35EXe$#s9~yErEViF ziwChKxxO#(L~5%!WZguX}@BZhNRhBP(`8ZSU8-%F`iq4&m%OuCz8@FDOAsi{Q>Uo(w_TxBQTU`h@?1<}12 zQ^~y$OF$L)}!?g z!AgHP2(9hpeP~DPsnqhh>j0Y+hD`E4p`Z{HI-|)nH0YJd>dbY3)Pre752lG26gg|T zo{D7Xb?DdVQM_-HmO7e(qbKyhAuXsA<@Fh9Qsg5kVQ?cRPk*DmB#_2vI$E^uW7h8y z7@D>)JkT0~zK{A!Hhfq!Z6r76TIQ&THSCWPE@H&MFQ zH0i$+n^W~qNYbsV8A4LigG}DxOhUSOm4y?_SFfBM7F#eYF=yVqcxd;oEQyJG9op?+ zP4k!hMdXrY^Oi3=bM~_31y5F;ehPCQSk9Y2cbPtcbYttTU;Z7J?Sz}X!}6NKLYJ`R zvwR5+KCPTT@ASFz&EF-bFP<}Z?k;VEjUipVOfgxydaX%FLvCXKkFTvMx#ui>DT;~` zAuOF4dSIFXN>=HFg*7qm^OuIV)P9*w*(q>HUb<-M8AA_9PCb)#PI4a(cu6zL-|~L) znX&jsr+7DIi*ODRfl2~hO~)`tJx02wh61MV%g|;&J=BwR5zmos^o7FJkxu2$xFh`k zss}%@qa{$Q2m0N5j7}}QOa|yyJHh`KE$oTk;jXUgG4_AtB|Uj1C27sOMbSXAJb~HT z3JlH|hW>(@6WgWt)q{KNc=w~C+2ma;vsdt<#_0j8uNu^j_$J7f_q{Vdnx#G-$g}(+ zSP1*E4nzN*B5-9z8V|y3@gSdCSmC=%JmUdTSz6FwG>p~4e8=l~&Xb*&_p0O_V2R}H z)(Lxg-;=zNB9P9VqaEq|5j|esK#kFMv`*)SGQJN>$TInD%4A$Cg7>#hozbmIbo}iS z?eI5ktqVl;zar+%Al>BMChX-s+S>7Yo^Lugh-sE*g|@Y`+bZnkZI`@Wq7lBvXh-;- z(qmx|O!k+&Uw05+MkBqvYK=dQit+6h?U46^9^?(tgW6qz`$U;M?0==l^WE8$mRYz# zVaM~To;VdGr2HqokpZQD@Sr*i7{*+uK=B=zGP|6BkH`1{>32xFkUrQEkDg`nx=Y?& zqMI^#O=a>XOCEg4Yu01(NOSup1(Sy)FK@h9qfGGgO~Er6y`Z*kdB!-W>c8gnL#?{ zE6U6_m6`7>Gv8NceyGg+RGIn3GV|}t%*8#*g~qj?E}XMEG;KR18Jre2UFR+E@=}4a-I=D9Gw-+P*7}3GCc>$^4M>=^B zT-y@J$!n25O-8W27i{0I^>8#BnYv}|NVRm#e{bgzkiTus7Ilc>^Blg!;j0|J(P8Qj zbNi&jKX*9MdoiBS4pN&CHOSEqb$FJ;r-GHvsP_xodYyI9X|zav*x}2-QT`2%{yB%g z;CSwH^!pwCQAdB=(f`BIf8p>S9A>)R!Vu0fh~ez1vd_ZY-(hBDjXuU<&T2OLEQjCk z@EV6NboiqVUj>e7c!R@Va`|k;hkxU6wbIGlj&OLP!xuPwlf&O|_&*%ZsDLn; zeH|w6TD%m50%jb>=&Ua@Omo37#kAqQ9NyPq7CIQuXotr;O!;d(Cpk=AY4jxyuW)#c z!{<2sVTUhu_~Q;=kVxhri=6Z4L|nj~sr+Vd`t++3xVG4!`Cw zGe^eHG9tq)FfvU4&2T@5nG-WQOF|5@fW`1p4joZY{x3QFfWwbC9LmoahVMH%t5{49b-m$N9R8!jtZXr! zt`4)t#pruE9Lm+`?}3ia!WZK|%HiW3p6+lcd!w8-M-TOW9873X`kGAIf>uwF?nd|D z_;?pD-Zkq%QPU!(e}7WM$ZLz3X5ncO=Y>~BOuL(RjhsV-&yARN+658QcK%SrM+j3_ z!cQ6S@rY?hUmNjp!kZ(e-L)lR+Sk;lxIIbuu83y|eBJQeXO;U7m#dz^d%KjqE;L`<9I)rfBsrp|@uPGL?o0pBCc=^Wt4gc~BJZ0Hg3 z_k{aI{6pb>5kD>58u4?&;W!S-`GxR^NT>WbB;wx)Q+MOn?}W)?;8%o?iI{%Cl!z%y z*sljqqwxD8W;%IZ#N&ji>)|24ERXm-!e>N0QTUvQ=?9z_G0UYkMSOxVOZbpO`N4QA zn3Yu5M0}p`^%0X_ZjSgu;oBnKBz$MY7YpALF_Yc@7BLH~*e8j6%85rJrk(Xz#H@z; zLB!7s)5d_Gcl&(AwB=unxI+3%5z~J}{jJtIx8awS0c_0vt; zw*KJ`on!RthoAe=<3HcF-=ra5&yV?DUT?+0UMN{mJ#WWWF5vS|?4=8sOAT`hU-|fwej` z>DLcE_tfJrZhQ5Prfp+(vc{KhI9=mAhN5MMXC{3}=}sB1|IF_4EJLB}2b;0d8ehsJ zt?|7XQ$_B6acYh40-1_ye1C#nb$Xssb=99S>4rDlWvi&J!x~@4F$!yZ`M^4fki<2< z6tZ!RFXd!h<4f^hy2e*0DbZJRCn?<}WBZeoz6|v<8}+Y~lqmVKTVTv(|5yLDh{&aP z&l6A%k${EEETg$}Us~-L(Yv+yY}*Qi@Dg%yy&NqI-2} zfiLMs)pWXO6z>ubWA|{ZQ*aelmWqRrq=z+;h~coN#-x^akgoRZNlQ$tJ&A^nY$9>v zkxjU4-Y9d@^IK3y)espS*>ohP*K$OlnN)86tOzM*Z|c*y+LL%SlYm<2h#xP96_p1< zEp^olO~GN_C#?AFeHP|)#V0XL`FZ!jm%tw+rxqcMeSU!-zs;p*NI^=)zO9QV-D=6d z;ptDMYbiMaN==8Mn#Jj6XFg?Q=wY?bcGJ4yU5Mq({s5(2TdZtWv~ySjjYa|3{AwnL;z(;#CNY&z%?;rnX7@ zKnnFA6t;)y(LqmWWA#*OrQ>yg)YXhO!MS?Gg0@nRRw`z$lO9y7{s-z&jL~SPYLzCM zK6F@%iyFz*KTGZP9~8}mkLl4GP_&pv-GiO}zM<#4dUT4Ekq89kBI`5J5vrw;Xldk1 zI8)LLSq6o?=tr+ea(=wmNTjO1W2v+n1Cg{|c{3fOiX?Pr|5=wPzUgZ?J33&he?})s zr3Xy0QZMJ%CWZs1>caZF(shT$3n2nsErSXUq|$=CPL)|NK_XMjuqF@~*WOix6@KYT zL0jj?dc|~&qOIqHvO26a>>mEl3TybP!ur3pVa;Dvpx1^lp3Q+)m7Rm_8R5Tk;5j?^ zm9C$Be^|5FBhYg}TDY{Lup&^`Tf`%=7M(R;OTKnxiC=n@K)V%wcA=MB!?#OkVcGOv zaZO-Yz9(|~S<2EieZ_OL%2)S!m*H@!g2Q-ERvg?z;YnEtq|Vyd!w zvZKSYiVOOX@OCWVdwb8w8W4*^+#aS2xlbJG%2SjCQu}EgaShcD>u~<6t2)D`GAnfHaruY$y zl(RcKx{(&tm6FGJ5c2$byNhM^^7hvk!l|5A_V zYgD53!$DNo@%&zo9|9RJzLAj!4IWgrfMLw1iI4nb%Ip|7_3_w{PrpOrLHb}vJVF;= zx~Wx?cYztCo4kfHc^BtXKIAp)F?po9%f87glDCHmk)1(wmt4tqCGJ)cmE47N=6%=b z@$zopO+yQ!nKF51Hr>KLe|^06s^N|c3_$L=rS`Evnk%w5;I80 zOnGGr^Cf1Gj=9i3jOOBcIBSZ!(ci_3c5qN=hwaQVVrW9fc52+75=|YhhNFQN?b|Pf ziwoBjX1=+%W$l{ES5&JWTQ|lx##$oO{(8WCZ?nKE-+v~(XQUG@u&ou#M>^j+*w%_6 zAGb8fc-LSWUWZ0ZgKVs$zbE3+(vNd=>Q~&hNyj~5Eu+ft<%~Z>2$flwl3p{nLZQU3CHK89j!7;V=^*Mi2E82`JTDbekt001uUd)KJGC)I{Z0s4ChxJe!}5r9e&N>CRM=ZcAUd!IL!O7a8foIrc-B_I>#_& zlwpcI!+SZruft4y7!PHT;qeYnaCnl#Qyre~@FItoJG|Oq>M`?cy~CF~90n+3`d{nl z*E<~A$C2j?j{X&gY0H{l;d_bv-*WUP9Hx9T{_ssj{^uP1HxB>a;XgT?@%hbRrUOkr zGew459A?tU=p!5s-(w8VVUEtclJQS<_!NgvbvS&RQ4VW3%8bF46P_9)^D<~v}00hsTAvIyK) z*w(DxfSmekJ0wg#Q%r zg~FWZMEExeYj`x^4-2!N2|8_r-6Fn9c=w362s57u&#l7yMtqy_z=-)4he!NH;e#W- zNBFRaw+SB+@i&Bzj`%U*<0GaWaYDq;3%@twp9!P>FRi^8JmP?Z@=ocfxuL@k9x>#= z9jv7|UH_j6EmwaBRMWQY54U_fH#7I6#+sqebkZB%s*Y#nK~1%z z>+H0$(G}H02Ub4R@>FBfwuTPY81xTv)4$=;(lrJRVU5AX71?T$E~(s*33-6;P#l>T z^`D_K8KcK5tt;59P-tDjOp&#&U=5~Yeh8*&4hLH)kgYlo>X)fms;fC1 z3~F7~Dya8CZKw{1gF)_Ib*lce+aUL<4u^w5?o&nH%YGAbzB(KZ2DyI~rC0W0$gN3^ zvMu`vHI>3FTtmRK*@J)tPt&tXu)ZO9LL_tM+Gk`@`#Jq(`tGBDRPC4bm)Qej3&yLl z-2+d?>8a!Jusw&0Mj273MGSiqmP_??*-d{4d_YfqW`+)Ks@J6aZ!^>Cb^6tBGgIp| zm;c+$l%y-KyGoyu=vopWGN)7}4L9j8*H%Rcv27#>=^wr~LT|*gq=~vY`|p_orI7$B zm~ZNopo!h&oxk5mheXxZYIe7lncb?=yNs$!PX?;lC&78=!s$A-oV-(VwNY*9T}E}K zHyw5H6V>%@qPnYDC_xI+bx_a5Zt3Ygjp?~QP33mPUy9mG6R~K#;cUAp=9FQoXDFRl zP8p_ohT>$hM1}zy&9_n{ki|4fjb^@0zfOjNN`=ip8>B~*)M&;#qrlroRK0Sk^z#P6 z<&`&6DgG1R>oa`l?B#Yy_|muFV3<8Qgrqo)nuKFaGGWp(J)9(+aIFjzm0^lf*Zm~A zsVAM5Ophkfm`WJYDG40s*bEk#XZE5JD}{SU^O=SDz;HN7de+FU&Q=yYiiak|U=`A9 zHdpp=+srPVB{DCZSn@ZXV=T-pc5vxV2v2b`F`U5C{+N$9zD>uHBu$~ez%*8+SEMQ*A%WLSQ2Q@;Ey&}w3 z7}I|@41Jb5OpN2vpTRwLb$SkqW|KEcX0Pm(A0Z-GP0FBl#CNo83D3^>ri;hN19_Hh z1PfuG>@f7ziU+*JgD_h>&Jeb+3WfvYMgpR;v{)gtVXSVKyf*2`Bitr$ldzY!MP~MD zm@>QbMey<(8nqBimdNWI?MUY<^_UyMq0TJr4sc%wPMTO`l=5Aw1QcI3Kjo@~*)K%0nrh;Hf3`;Og9p;T3i zIL!>wEqsm?pr^kx2gn;QDu0I#W#O*ep_9(hmDGT0rFGn}vqprqLqogDv&QxpA+mWi z@}r#rK{;S^USONgV!VvGqY;#+JZ`+=BI{DNEe{b_RO9?ZDwNx0>j(CI2 zMrVA@@TVNU%i%{He$L@n9qy_R&*b!Rc(lVug2RYOdM<;Fsm^dblm#}2GT+gcIr?fx zKiAR2I4}i=R2ZX(_*3vie;L~}{9`94%(=w$!M*W>{2ATWIy(8&cv>9Z+u;EYQx6#b zIEUZk@Uadb@9x9G=Un*2oDY1v zvSQ9f=WR|#S7-;?gZJdLgG@E4_K9Vt%-Ohd&UvTI*`U~O)h?cv4FfZy>)PIvPt8+W zHm+pX@&DSNnIwi)d&M>v7RiM zp#J)7&@ZmIM8l{eY{-mM<({@bvYBs-l40Q0H*iGL;AtoJ)M^a%08ACR6__fjXtWo{ zV?Tjib&f;LH6HsVOxYa!FEt)JN?O?Gb-2ideO?q8gv<7Moh@@ZBAd&8Qsk;??dW<^ z!0qUwVc&j77sX{^N7qdlw(w=-vM=br77@AZuYi2xb^PVzSC@GLn#rx-Q+lTF#rj8) zUYTp35<^#wj`sa|AgWor5PIK@`aeQX!`H-+*#lcT5e=6FBeq}A({(wctUng|C6-I{ zm)Uc*{`VDIqt5V5GA+N8vGVd~&u$`B@s0^FT~x0TRSvtCP11x#>nPLY(y4puc!0eGej- z+7%J}iqM-Htd+#K^iFy^TD?m+T3xxhzA&KLekiwV>DX;U>Bw%QJLp|auwA;3KK0Ds zCEp_**LC;O7sq_t9q=9!(6#`DeMbF6N(XyElz|!rMjH{}R5WsC`vKt|DFfR40B4~Y zZ|T@@pTH3I9N~?IbJ6;zRJ4%ElatX*Lh0afDq%XB1$p{)pfsG*eK<>pl2ey6yvrHR z)=68mq(;?P)PrJ&9zv`@V4M|sqv&z?n zLFdY_v&MGla4L7EhSRhwYkCK)bF{VJrZ^%R}u7BUfVd#!$1Y))c1J}zIscJp)@WT(ux6WO;Y}KmO%a$!3 zc-)csp@W7E88l?Sd^n9i3~c1}H7chiGgr@FstJaPOHW;vOrLth?6KpfPC91#v?FF8 zGjZAxQ^p=Mb@Y(VW5-P#J(N*2sk&4PI_^!`I5cHNg&uTO4xy}Skq)oMI)eGAs9PZb z{Y~#qDfG3|JKI;!U$Z(HG;hx8Imw_?R;@|~h2dwYgZx`4=G>HF-uzQeUoiXBm2;NN zk4{p`BGO|}iszhi%F6j?lvpobHn+q)XXTuw3+9`zsk079ix(}GH>vfi)hm-hbC)ey zGJmN8p5ACMDD^f3T>)RLD{s?a%CLOpvgM@HuBp7(Nb=CklTJx(uTC(wJ=6OJvk;=% zszE`jBgVmSj~(vH$EU}L<`ulCBlLjPJP&G2)J-$KqebAg?~IS8E^aIyV}vc+2o~Zo z*$XWp9^p25n}of*7i1nq{*TJ+ z&X?KCyIt~Lk|px^vP|BU!sbRW$t!^la|DB*DdU?h0dvgK*=-i~{$ATXJu?P>=_{JQ zcRM$N$yR;4c|cSqx_o^4cWV9g7Z392Z<@Ss37Z?i8r&Tia+^-GQRTh=`D%}-y!iJeJmb*<-pvCoZKLJ(*RMKT`vKj z&UZ;3e8_vF@#&W(Z&${rf2WtfTz>2!d6v$+Z#ge~25W={1-7wm>K_}=2HSWx^$2okZp?^0_yc~c_c81z znT*9!pA3tbZxZw0+nD!q!b}AqwN8)W^Blg!;X53D(Bbbn+({p;$qD70(hAjGbQ{BF z7{TSm)_=L6svp6eaH*J0M`TKIqO zFz3=3o$#5Qkhi1ET1TfIG#>J{Vai&={T*&~m^^Phe8Yy1aCoA_lO3i!H~#lJJlkQ~ zHO6zg!{<1>!QqP>{;FhwpdzQHLLM_=gVvhr_>g_}31< z>hNn0hrAl!U1ygE8XflgY(l<`{O@u+!yFEIIP#2f^zjZK?XX|(AIcE5K~R*>_Kqk< z?c2f5=sxf5Y_336Zegwfc{W!--dwEkF!oRRX>$dX!)qd)AyS(wI8NB+3T6qT-io<` zQOJquHo@US6~#3G{*Lg2-RX8i0uE=~4b`&kbP{3ba|j!DlSgV>kC4V9VAf^7po-%~ zJ^^eDX-d|>vXyD|f-b&TyQzgexQle5Co_DVtlH z`>otOp!w9F*Pd80puW!~YdiI+tGje&XR+zJ@VR4~?_HrAiSefS%nw#I-+RSr$&|-y zZproAMvbsljpvr!Dcc&h|9(Si6yxz>Aiw$E=IPC6j;x)K+plVh7zXE426?{n@fxvh zscP=md~a)oTtD)_$g?JVXkqQTI&tooDew+WlCko5c=LG4ysC0j_P&bd>0i!`uGugl zKd>&9*Ka^Z5+3_O^nYVG6K;iEZEC(+{#Q?^*{^Erth}wiSGa$1-sMU1oT~iCYsB(D zTPhdUyjU;N$de|#zxnE)XFgc-{Npw2s&A=3xv*+~T}4ZXS98DCiecLt_Wx<~^tHKx z^;?h0k7fc`$uPQp-1S^zo|=xWD6aS)*u~BooTI6%$7{CKG@rVu)5vQk+`6GPuaKoK z#_AY>y5{klvIFant==ekU79y7WCOfpA6q}Lt9(rjY1j#PYt6{|?URbhIy6nKe$B&= z=N!(FmCfTPWSgfCc~`@l+?ak1%lkFR?KO?nD;}Ej)bTHleRXKlw!C&Ar2P;-=hZ5j zsryt{rgL8TEM-mo?M)jp%zJ$#dnupz&HAJ4(tqY)g)sAo;6Z^<{L{QwxV1b}Jx@f< zdp#^p&3j!XQ*qvll+?V}9YL#NGF|gtF9oe?i?lHBb)lRT=DnCX>h!OOOz$xNsm!JG zUfPh*U&I==6K217u~_|WU~g4ZYy6YLI<~%E7i3j0q&C9%4r)E zZYyUaPxg^diImG8AnEb8@-aYym!7^?M_)XX4}laSQMCq{{6&9Ap2Dg7hTo!&T*buK)Eoy@lOIrDIgqe-xTKh zmL%OM8BP_kaiG9C0xSw_(ly!&ZBu4i_VRnycWTN^&0c;N`jm?GVm(o;Tf`d9m(84@ z`N4vNlwqA1@QKZ$I66o5_{HYYZPBB_3X|Lg*X{jTCx4!g{!Db7Vbez=TYR3D2aAFY zla~sk!iHz(%4L)6UzPo))IKv5>vMxOg7=VhFMW)ggEbSJIK-w^HX~*8)pj=HWkdQr z7Hq<$>y2%qO%nI3fi@$1`Ryc98l|a{XTez_zSG6mTke&pAtY1N6b=d2{Q@yuE(R=# z#nj4k6Oub5yXH%Iha_m2N*z*>^kjNAcVLb;*NYs~>l5PWwNZab?_cXLw<(7k0^AFb z^qd5BagIB~%Utw=rtgYt?9*c;Y0&4k1qq~b%FmY*d`DA``<}1k{+b*~U9?MjJ_q@uIa0PrPD2+wPb0n; zT;I)+yk%TT^BU~V&-FS@dNFSLfZxVh=C}IdaCcicmxsIC!nr)$Y&D9)<>89h&~6zG zQZ>2FLmYn@Pr~eOJj!%7+1joGunZA zDw0(}r$VbtRLTH)>Z#FrwPz>&IuEJogK@Ii142dHZjTbZW1RVrfBIi8? zB0eqFqc?!`&@&D9J;{)Eh;ZUA07uFzda{WsgzG?Q*r%XX%HPxi#IUVS`$VInPAxzK zg2i;Su>}jz#9%Q4?YM#kh?-OhfOdYt0`%cvF$3-M1q;yA!D0&9uL~BSKL?AcXbTjz zG*qC)A)-^!h;wS8NCjodthEY8vP8}#vyJqEgubGuBDtKm8q{xPUKK>Y4-L_^%F36I z@6@kzzNXK0#@7}tow&tvdZr$|9JF%+d@r8-m!2w}p?dkWPR-Y0z}Kqe%#>gv`v^#? zlnUXf$o^h=^Pgl_ksKsZ|CBeRGnPy5dae@uuUmDH&r~*s(>v3L4HklGQGy|*<5H>7Ye$g zoeJ9%VTt#Mr~CTeV3i2Gr8kBbmT_PCFa&$-Aifg|HvCD^GZtIZznyd z5qj+1W42m+cZZ=j^bJE@Vg4HT@bSJ!>GATemDwxoP~-G~)oTrEM|=}x%lqCL-xTqb z`)m0H4=f(XIt=|W#p5Xnmlo2%;;~$23oCrH#6#RnnLK)JhOyhyQk>T(+$QflVK470 z$-7nEK~rY8P6RLSHOadxhOcw9Bb`5@$J_`e<1|)$f+HBbp^Wcp37IWUVX#PUV~8GdGCnrNV^y7gJ`pRRk|@ zfaIw^8N$~X?Fipfdd!Vr(kgj6nZ2OQ?nzO+yz!E^CZ@AGlfe#oFX+L|5Iv~<u`0AjJ z*QxXrpSeNCHzd!0b7t36ChsB1gO7ahM(b4CR7mGdhFFF)FUsLcMFGV`rv=6lM_#eJQH)})`7jCYY2o4nSbENxzvHiru>(s|35ojH5i z^3~?Z-6pO!scVwkZQ{PAT9C4I^;)}4T=ub*9&HPUvbHK-wkBr)nE6jB$_rbQL)~ll zgHt9L|0rTms89sKY zd3rK@s8O;0r@t`ukgX9~88KzhIT2G%T^=!I=)Xive%S(6y~3Ch?L6c_zdd63zYsBU zz85j_e;jdl=|7E_DA%bFu<$T+2Zo=r3{2FRS^y)HxfG)_j{ru_tca06H{!hT#Ssf8 zmqv{ID7oqBF63I5fjJIo)&+9;TAo-3)=1bI?V7Qba)t71Ro)Nl*8j9rk#Ie#N;~$ z_u%K@<3$IXe8%*kPY@k!X9L&8G$&2Kb~bRY zNS`b^*vUpSmm-Y}kC4)5*oF%HiF>)S!G=h)UDF`;W~ z>ex1Fc$32)bNCu?4ChUbev6}j!O`z=^!pwCafhFE_&**0uN*zx^BdRd^j3beaPI5y z0S+JTFy)@{&vuwH(CBA5ydE6WihEHFf70QH9R9h(e{xt?FBRMlaoFF7{(eXQpu;yh ze4oRQJNyTSo3ll~jt0kfw7}tY4&UPNGY_pIN#|WC7PY z+|}Wp4l_1jZu>h-nQruh96r?H@eWgl8vjWSzt7?M4li+m-me#qe;I{Y6FKkx9*9R8KVzjgS39saY!^!qF>H4cZeMeh~W$I<&c z-0JXPhiMm?%)=c%(qX2lJ_Ra*}%A)@N&$;)UyTAo5`wsVBRu$p0 zh-jdQsJNhrfYwig%Oa3$!bNdG&?uMO(E6!G0&ZDZxln1gKrX3aq4_K8m!{^wRV%f{ zmS6rq?|J5X&iCAV5iD$zd7U})neTk(JM+vl&pfkypBYC-$;5bg&lT`_*sWTI~L{t+|gfi_zw>AuD5F`acv0idZSl6+|^Q;@f-p*e+#vjP#P1X4 zS%znk@QV>M2KhzAPYN^d1kba=d|v>5UidE&|5%u38T$VTS45mByluo~!kr?n67CT( zW6hd~(OVxFad+V%5%&}x5piE(_8=iGR`q$V!HiQG1A-Zw9ux8Vgr`Kz{hSdoYHp`S zyjGa!nz*#J3nIQ;cuB;JS$VGEp`S=U3Veg`+K4|U{K1IXn&a|_Hw$z4F#LB2^IU@| z?;9ijsqifkQ}#UX@X(Il8F5zb7b5N>_sbCvmizUHDT7BMo+bBN5z_~x9YE$fxj%@Q z@$PdG(+>S4V)FP>#2e(k8u86?Uyt}Uxj{`(GCwJdc{}y$sq6N<&vKZ$YxGqPuXFfn zhw~F*yL$%x@ZCRyzENXHCS-Z;8J(k_|6w&aSIcgq;c3B0sb14Qr*ujc>MPIu>O;@>Jo_h||FCRI_S}^xO24`c74FGxqz|r|v{f58YMfk~>v75Q!HIOO z>;JGRPhMQoB#wuZt7Kk$<|3@#|#ly z&BN7G&c5@~jB)SZc3hju?Y3^srjhrrI#N$&P8Ziq9lJ{9;B~QSOU?XNAl(nXCQIKr zRl{DJxk{(3%iET3y%}@R=IcKb`hC|5b`ONYpY*Y5C$$gJ;UY>Oo0eGm*k{UD(8s2W zDt+uT2&*XnF1~E;W_;Q5*>ZwDHhM#OeQZ>ictM#y_DAI}*2iwX57DJ!Z@v%Fl~6x% zq5gHUJbmIf+lMHsPoJaIGW{+WGls&-Y@oR-K3_gm{(eZNXw&oMX~37rw$ril1Ai`X zk8CwL%M60^3EB4HSoy&SEM322Njn`YzYl42QmXBAtbFiXiATrE2M^6#^~(s^7a=IC zx09~)ey7R9>!n>dR(=Q>eg&@-n}a7D`>be${E zt0d`08!ZK0((cZscfXFm3-y=u_@w@#f-YI=9&SUA;ZTnZO0ah~kJTNTYR|oLf|70z zIyO;Bmu#h}a6>{Wfj>x2147C@PbAL!bKTDfs2}y$B28D@a=)k7iOnDK-cKbj{XU#f-IMp?gx0E= zLhGo&8#ZC$sgo`u&T}ah=a&JVhGP;6YOW%Nk4vO|dZ1vKC`(SoK?*xMP1{(IH|;qQ zO-Nz$rQV`0l9gU(fp>-o!4Nt~R;rpf`^c6iD>EAbN2he0_Xhfkj7x61NWsv@oG&Z& z%NINjv}Plqw5_^Fa6UBP+DfVW!`xIBr(5(kC)eipuW}L1L~bRUcPNmEL>iR zGGuzxd>f}8Y3iMX79A!p9maT=yi^u*Ayg!F3Pes2S*ES1(ru|wcPt5ti>U%+dWd{^ zptKEf&y~_*rZlD4!SSd~whj_j2F}(YhqJ$Zf0ee^xwVo)mLIdGf3v zA>~X@ZkQ5M9FDY9RkEOe7}OyP=eqBnG9;&G=Jg1JCS>s`yr*pmrT?G3byiZNvgO`| zp^4m4vNf`1?9J0t1jB?KCmo5ga_JHfpRg*~cSXO+n=1()KH*%{wa3gdq7 zijSTy@_f2hUqsI5ojT{Q;}TuRL`CE}h-=rukOz5YCdo72JaSFOLWc?Fy!csikw?Bw z-dbTVk2SHZid>~)QX$MbMS zV__ea->!+Ebs87nuKbZM&#tBWIbn+BGb(*Vw{qrwSIT;MoGGzXG&3g8{N{T4UY$hlc)|Gd-DwM3I^TU*fjvBT z^B5mV1MI6CbpJkb9atakJ{xmc6QGXkCdOTUQe z@9g8~ls7yBba7Vo`jAy9Br-Ea-t#bHEhrjAD>rci{dM1-+*znGDZn`)g z-h0MB#9{gbMyC!N4t?NwjT0Q5=h=8BJIr%!^iv!@)!`)$FL(GHhgUni&f!ZOX1rx- z(GD2?xWk(rzQ^G&I{a0KzwYo84*!qCKXmvxhkx$y%MSCtvb??SaK_aW|6H)tVEo-2 zu5);x!>s)p|8R%j2$9~JR)!kB-y4#BVk>W9}jv#T?J{@u@2=l*4Q;Ntr@ z+ywp#=c@A>ES#&}AYWnq{93{)atBC&*3UQL%cd*s+43O}v*pzG{JHA0MAMyDz#chQ zy%E{X&sFEaYvEjV-g|%dx#|NXWOvS0zY@NG#<}YBBzEsyb=u18NB5qq&eltD|09(h zhPRYfdvQj}Ha|uuW!QVJ`m!-2MvvBk5X0uJ2yhsOcdQteo(!@7qE*A|NAEvx(dok$ zEu1}U{+v0@1H$1R!xk=?vuNeqc||9LAGUn1mPnQkThOq4?%55?=UEcFky^9lO}<=? zD3?lSIG=pPzu>v*Z?Z1eJkw3q=H9~5>EU4UxJFgj3;o~ru=L_J#U}UF)-Chp7dNRW zti|m;SABtwc4=&w9hb>;h|9d?4T}n=(D)MFy>r!zWBey?2a?o;w?$#iYLxtbj-Rm& zhB1j@{Cm$;rxem75q-JrJy$&~m%HWoa_OaBM}N^6&$f$U%o~4GR$aNg*{n#6xy@ME z!y*ZP<*-UJy)HzzA&7lngmmtU%5BGZwcYo z!mBf-p=1k$(k27Z(ooZVI5o9kO2g`-_e&AL8PvACDNUFWE|}6VYvlbr5e4JVtzjt8 z(z!K<71-0~F5l6x)6$ptb83p-j4gJ-B5~nJvBtg%N!WTB&#$2@W6W@MMRXOSL>`jF-pr z9S-+5=52S@U#@a-nd~z8A9Xm?fhhAQ!samd5`W37_rm=FxBAn zh`CLRBBpIv9x*K>>lEFy$t2xzo^114Nq0Hy$ zFV+?AK`@$+WnDqvGf9(&`B+wz^gYv|@)hP|?*O_6y^_zN0$?S=r+n7FY66q7L8cS)yI>O&3qobQcxG<>xl1h-TMB@Qb<*__z-8Oc>X3maOGLaPPV5 zDg(*|JqcefTQxSU5zUN+HJzW{d#-v~Zhuul`QclG2IXU{@Z?(g@r{OIg7==Q?h464 zUq*Ys4cYnpG;Lf<^V7^*n_*pucG(R6CfX3O1J-iqsOh=tdX4TqS6xNOyew@e@0WkK zIqzlUInL>>c9;nrqhI0hT@HW4;inufqiu^aLp!JP!Jyx5bJ&C6iSyPd3mX4uM-O`3 zQO*&L9_BMjYyD#I0N%Xzy@mheN%M{QEij2!}%* zjy&TXoo|$_tXR)6e1gNF4T&8H+Gpd@a(({U5zN!+&l=CJ)(X@W&aV|9&(;dM3)@;j zFJW6Ns1vref&+wYt>AcJTPrwK7_%qV3dSNQmfIwU^Gm86X|Oxzs@K;aFgh$c?D|~w zEgh7Q1|Os3Byr!i0RN6Z?dx{UZBxE~B1ffjQ2H~a+SP4RzY({M=e+bWy|=F`(;aR- zvFFGQ6YI1nJ>reJ&DpBXM~%o-<)%z&JW@wxXCImTvvJ!m4}9Bu{%XT+x3{9hS%Lxv+uSsr%hVC{MIoF62s!QJ!|QjWnVrtXN_CL&A+ zmg_pQbvNsDb)C?y4dJ4o+a~s?TTn7)^`t8#ir}*qRuD7d=D`y-ciX?JdgR*biECq= zTk6ME>1^@px=5H@G9u(bsl@A2hD6e7>Lb%AV?I9VGj$=WqQz?%aZCM#lr(*D+x@G^ zVw6uNM{KK}T$TF6T^L+CLF9>cxcLO-TW5)nA6i{glU4ComFWI8+qy2i<9D`q9p7u% z-gUe>t|;XgaSjnr_pbYmItX7?-A>1**-RhtXXv!mH>qe^>-nR?wAS-}g=nqkF?=QE z_sLgS>-jBV6}kT=tfHK|q_v*k1gHE8Ibp5m6JpA*_1rBgjf<`I{8awpwH`Z5oUJ&U zpC$eRQt!J^0{mIxG|w%ZCB7c=HkiA$ntNuFeV|dWS7kS3JOsJuEODB<{8{3BfU+BB ziGNX|GJP*sObn%;*)Uy&%Vv0eNevUu67PGk0#BEZv&3tM$-_H~v&4hvPI=mKahbXc z1;2%tt4h6WXqcV{-Vf=e>o={a<_Pfq^hdJmZ(q5w?P5s^Uec-N4DcAZ^}LPM90DG_ z_nxz{np41|_mS1|7DDelTV9<5USM`-mT!?{cV_vM^0s?|JPy22|38tp{VD-YmS#U< z9YS5ItR?L~5Q*yp(T>~>XKHgLNyn?jaFJrQrxdOicpz|UtG(M-7S6R^KZSFxOV@8b zFKPdz7#|elYk~3P()Ew5?vR-gPREY10%M1gGn10@^~(BzrSQj?!T>e4;pp*AE1IWp z?>R~P?z$XOI3X~`6eJsd$-eg-lO2vf|E)OB44l)_OzVtpv1pG!rQZG!$*R^{p0=bYPG7$X#vH=`L}6QXDF-^xER7>7}|a@tkq)d^l(PLz$%O zE#l8j$Z}uP!?Ukb(RaI0e@S;0O-|UtuHG4;o-sV-az<`A)GtW zG`#C~34bh0X&1thu3T^K*({}6Ag8$ti3j0bbE?6)Em=yo30KmC7Cg5!>&_St8Gc*$ zTzrS0F+Na5uFr08(6!O=%u{ebBFnMjjoR36Sy?ZwZz1%(X;_lf2n-IP({T2c z4M&RuQkl~Vv8IU_3^J$4>Kt#Jsj{UyPI@EY^C`U$%X-~OXN9bh)mDs~R%`^V3%pZt zUdso7!U!mtj?+%poW=n0R@MfHI3LLefHs7HlW@`!A`L|kW`q7W%j%xtkT(@a2+|*| z1SH*!{1p--Wt(Yiy#(|a%BVSshNQgl{yAcPC!cV)or?GgKCN_$s!)@Fip!sdg$ z!dc5D0jH-*hb<9{H%8RHf@Ru#u$y9~p}WJM4ci)4#tjqG6Qeo%`Mj{vVJ@VYZeMtA z*uF5OoEPY2frrfu+4QhZ|Cw+;bb1Xg8PLm!nGoDPRnNd`8ix0?qlkc`*4*MF8NcY7VQ8*@V#7vIK zYqk)cp4*pS)DCOG>Bn6$?fl8myS4TnKK2T`FvjTlqoecUIM%Q5HQAdSB%L0m{jae` zUUVbU{S`&>Qw5xLSoq8<^2Z|!ck}z)jtJ2ZhNbHq zr{+V*2gNrgp!5$OOjt)qVfg>5_^3~2j4vnPuVdN3w7yX;ln-HCM_2J#9C?$6C2u<* z8Vl>tMBe$52Oshn@t8cy+@49ndA9HH zct-7PXs+A#t%TKhxVy%~sMmOE!131i2kY6v43^FC(8>&vwR5QJ!E~!+M#*LnCNoCX z&Y=$P@jihZ+A+QboFMO^vfznwkBOMx+gDY;pfhb!6X~S6Z^XnM7O|R?uoo8mq%$ef zr^)3#4jq{%M@$cr;Xd@aa_2`(?+`xd;N@Vo&ls?M%eY3^zF!0z{jx}>T?N~Bjh~8i z?g`lT$lM<3+#j&*k@-}lbFaWAhZz&n<<@{rPDkYxI>in)IjjpquMr(=du@)1bnY$K z&NXJO7JlwC*v>V6Poz`+U^~}%Nu+cC!IqzkBYl+UU_00Nx=5#9fbCr4Pe(fU4*YhV zYs~xQKw0!XDDyJe3^z-Ldt>?)yo(GonPr&AAfxv`rdBpXBpJ%fc&L+xM>{;u;bR>R z{Y*MUGVhkPxU(Flej0t5!>b*>$l)s-{)EF{ahU#!$^3=G8I`}$!z5hH+W<#D&fytg zl_!R}VY)Pnp+_B<^BiV>a-%b!XZWMwm==o#M*pOv^SznTf8_8%B?bBW;g31|pu@j)*q=K*P?gK%OmTR*!`C?cS%)8U_$Ll`&K6`I=Q&y%L|tJRU};Uv604v^-|)XY_p? z9_ny-c9b6GU|Hjz=5@7;mr=;>F^eZ z?|1lX4u8wxCmsI2!_PSU6Nkg|8_VhyNB^C}EE-#$!yfRFpUHNk^X@R*%VGNAM&~_Z zct3{^c9<1T^WLLuq4T_cDPrDrTO(d9{BXppgttfh0b$CSxR(e&9r0zt&qjQ; z@QV?DM3^#%|2koGQouI||32ak!heaFXSYP{JUl#$6%q6NwT<{WVLLzME&K9ynq| zeN8aC*1_w<`&IAaQF7?vadv7=h30K!TQYBcZt6!WC+OVNE#chM|EY-QrXDe3^BYwq zM~z%_^2g7wyRFx_vK^Ca@)~EaZmX{QQQ6=Lx_w*2j#N4k_3Wv)^{Tt2+ro0rMeQ*? z&wHY(&=8J9oitV)ItO+6P130A)?@m)YkJiEF_Vgza7#B%M6I5<)*XrZL0!sQKNEF_ zVwqkU@A#%?qVA~HbEW!6Tc!WZ&-I^Kp}*M9K@CQFWp^rf(kpwH{L(A?Fus!V|B|nu zS9T9!6}bk&D$02vrC0U|eA)6-myfvNZT=v&M+QoP#>Sn>h#sL&oX2YQ>4%EPUH_D4?yF`DP-WTeB zf^0Ywwa>FcJRF>fT0^NlDq9^Mi&{8;D%)O%pw=O-bp7`8+UpS1eyQh?v)czvuGIJ7 ziuNdS4M=@km!{{Q4!m3fdaE!v_cVA=XYVjY)Dt9;w$=_amBP{X^O8>QRnQp<>Ttfm zg#v#FJkl=Oex9+$b5Es5bav8Vv-s{3U#)D%%*mx|)@8#nsjy4tBWHI+3rnNs&OFu6 z2QE~Q&Tio#RPq!KLS375TdH)WKtx`eorAi+Bt-=xvKY@ny@(i7gQ5O|)&Op@|VUL`F zdXVmbR6TIM6ySStzMN8VczmP)f)m=TW~w*L21thnCzWtoLBdH$_(otj4aX!D6mmoi z=dtKy)P90j$VyWN2Px^vs0DeaBF}^rpNx7!h&iLcJ41wEdh36XY)dDjrm?0MVoguu zB*`3sGeWGXIOheJmuaE#yinta=Y@V&%!t&L=s%cV`sZokn#^z^-gtkNnBU3gg@$j? z_JBf6pFMeAs1!-`!VKqyY7aWj3zZ{f6jV}L2Nf27^5=O$CB@GCRNPWK^OMs@Q+h7M zJ*%=+o{}of%nyn+J({Vm>_Q`@SeYfxw->9N?3Qv#&?{-C!D6RK1@(z=>Sz*nbO;+i zXgc2YB{`ijpYB`Qzu{k53xx}h%N87nRZv1{e(tB&IC*>ZNN8CwxO!dZO-p(tbja&u zN620r@qKcMN2i=di&hGrFUxj{*jlF0aevFFdxmE@oY&bnZ&hP5bZ$dqLo#&siWPBZ zVyH#i634SZ|C6;mYE-h6dgx-y9VKgbQZWCP=;<)@pLI;vXLzX*pSMYsES-NZZ;Jfh z5QaHS7OY`eFgxQrN}=5CUGZt$)GS@AEhJ!XyW<>&-d|PgFLJpK%D}E8bm`?cQ=`m| zH;-JCx6omNYcx?aOD^)rx5-;8Y}YOrzLWbCRXiFC330f<8)#5{5s~AQ((}T4* zg2{UniFqJ11~-aem@xKRV2;R)!Hl2;9g#=^cTzn9lv@>n}VUi%n^yzk0d9KqyNiFUTUVUKX>cQZ1580Em4#y2dwH9pgID%oyMAMNpRV<{0s@ zhGxb@hk0Ei%DqT@q1B5t<0}>L*YRaNsN|dLpnM3!-&uSXN8aQz$y)@7#=@$b$a_Tc z;6t8@C@+sPw`Wo?`Mu=zF(L9B#C64=yrhU%i`YkWD`)PvinU1I`3gKkG&3g8{N{T4 zUL6nac)|FyJ$Hz_C(iaftsuUM4u&mpKeqqWI)PK{JpiZ0a z1NFyr7U(IM?gOP^x)0P<*28%omj0as!6}i>HGxe>;H*gJ`oOj(|FKBtTEV6x@YzV`y1}L+Ah^f( zVrH1lnnnk?yf^>T*WT~q8hH`Qd_&goQx5;x;hY*KoBys9w)LN0&}r;sYQa%vSbvN3 zgB;J14j=3Ir#t#b9cC`oCw8jByCBM>eYEFJ zFfYf~$-|wT$-=C^VOY}!Bb#)=wA(WyR`>WHb{-_}6P|1G!2873T@Mw$C(=(6zAs|l zZ>(v<-yr-@#MJ9=Mtr{T6A`Zw{$9iv3O^I^2ZVnd@nynx9^@6mzmD|H!oQ37)53p_ znD0cJc{4>@whaE8LfEs6ZwQu;y(W6GC?7OkvNL^HiV^p}h z!Rm*1)|L-#*rFlv`#az_L!ErT$_`imnJ{kKSA@QSQ25h2+X9ib&c-WP>ug8iD=DXA zR#<0SNmxa$D`6Go7van1sJmKc_k+-(p9!HZQIaOzVglb z%YL4EkW?&7vR|YH%$A=B^*(A)MTItExF2d&`7*+qpPhIF6-2FMRV zuBlikA>V-9zq~u-Mh~QRdlWGw7&fv$Ptm$?BN` zRRi;X2&)>7mn4!ltj1?XjnzLUvn8?o&B1A$qGAJ%^`t=ggq)M~AJct8yW@&Cuk~?x}o2+GjeHjqi5d1d6AZ ztR5zrwB8h>5a2>mP0*5LC|8~Nb6b5UDI+fYah7#Y9h3Jjv;%UgCO%rTfBwi6UGr}5 zeylqjO1X4YrnE$zv`nRnJCj+l@Z5Pb8=Gw;yd+6K?A+NLd44|HeR{cDv*F=W%Y5vA zlkX_QMHWrrH@y>u>FeG5YBCHki-gRaKd*2b{_$T>hNo_D;c26;*z-uA;my8CY&H{J zGzs1ODu@0(lhF;!8HfE@#Su(CC3*C<%~;ra5xl$~N?te7kcS+?a6c()aRieuNgi))GX`%F!OQ!t%U|0V zhP=wR3fAA4 zT-bMo{dIIx=Ha7U^w!UpOM79f%YsS0$-(x>?NKGA`l1kQT1qRz>n& zR4>G?T|q^8$8W~c!QXsd)rTVA=LEmM0{s5U@$-ZfOleU`6HcxRX4mJsQ4s+5{J)o zc&)=9ayZO$#OvDP=#M%4yu+_M9Q4{_+%SI@@iv88DR3trm zqsWK`O}jhpWDv!*>Oa$0II}~L7qvGUchXpB+$J6L%#gDlL1}s7{b$WCsSi_+$ptADo6Q}B)d6`)+&yWH+wTe z%w}uE6vmouW{8?O_&NP!LfzQ&V?{SOWUT1+?Akk4^y8_w>j3vA&HmqTQcixXcyQ5J zF%0m+ALF*7L7cxX21>K%H7sATVo`ov8MIK+9bq`PCXPD&88!>^?;|oCMni@4iqgt^ z!mup-HP;zxJ{XNkRp|gaoP*Nxh%S~_I-<*`#T9!!q{4uYYiT@Z*}Q-Bxj1jHCRAu2 z-rn(G{yy&=4~FJA-;W(6@4v!$@DBB}cXvEU-@=T+rsKh%N!}O*GG3qy!~2ImM$_>i z-^6`dbTcOJA`uJ|#3Fcljkj8f*V6rOVT*$ZzE`48WyZqRi;(s$(vXR} zIUZahdAl#pO?#)FSY-iru`#x4n0MV2>%a8<%~^;oBXidu}}6bohCPS;H}&da#}Y%qU?S zyM=M|KY4tYpEh7in%y`{VB`V2Kfe3f-#ETos4`01nr!ACm09Lo{i(evG8*5VB|eSs zcx`EXhlYv9ceCXyjPGd9HNN9hMvdQ2q;S42CTY6DN zLp2-hr3-1vKX+4B|AtL7)MR+e;4)ofT(ER`V-4QjUq)OOMV>M5oMg$&*$W#PVE;Q0 z4qXxbyN?XhDM%VuUVE5yUNgn~$A&kZ1DD@c9d^dIr^klJyF8E|#sf8gXwrAC=7{At zOwe=cbGI}$oTV_kCiqT~<=tw=;D3qW<@M4)u%)%aMdGtK$UqP5(|~9!jOkCq1TE7* zq6QF+h0$&B>8^8Q7C$z;R(uu*5m!rIH6R)byHb8H?{>*!uADJ0V_U*-ZQW1PUGzvso*-#jktJHq}tUUb*-W@E#g9+c->kVhU>WO;M@ZjKG_RXydIF@v0z zjHka7#)ejxxktrog=&7AtP;8gITYRAF=3LdRY}-b?n4gK0XO;#?J;LhG&Dr$Rz!4ZcmIM4{$Qa3)>nYdpj9cmh#k{=l+7@&lzG48w6I3_ipUy6egdZ?_kY1De^yRm3`tX5SR>>m zr7`3K!6`47XbmN|%aIcrT#tYX12vx-GR42AMG4Ex?>A+RvgYn6`lTBjqusy(MCN{uZE`;5LL z^+dy`Y$}4cKG1tz`zJUJ(ZU#R53Tz7;ZV9Ri0Wfl3oN8nG@5HR;`86>#q*W(5#HLW zU<-rHy~})|Q3y*=f1lcC;qLz159D}F=xO?w9mh?M`Acuz&c|_+#E`xNQ_i_N8OP0R zBJULWYbbzd48BKxFK?6NwY0`}hWIQFB38*mU&)MxT_A#C!Z=U51`v&fog=?b_i1%R z`isW6OGASYM&INbS&Ji>jFvp>`{K8-D}=qgzbG>OnWp2oTU{K%r48!~7CVXww@2eBd3_RF}Wc@g9nE1vRQ{=(>J%{mg zJ|OusV_A4o1b-c4+;zO!IPOD|_nZlnYw~baWO*}0H*0s+_{OSU4amnT$aACsEgd}X zgmGNESODCk;&GgRM+W7ZLTeo3>>bA?$y$|#ji)~3@b0YbvHopwTdU$3?hID_$8;Co z6XP=02ua;lp(yVBh}aOCLv-PPT^nncxp*|>~7 zN}HMv+jcy<`TOh7n_hX>&oBJrna`A5QMx+&c-fSb4*SdU`}@D#X3*zL9zHM`|GTYK z9qNwEjM((XlSd}|4V>`p|2t>+MGYmo*sV$Ory;FJJb8GsYWO9!5AQ<)ua+cr4|e`j zT~%8}FB_cvX8P9g)3??=^t*jBRUIZg^ja$E1teWsJGCLRyrDFev}*V%?Z;%^bKJ74 z8xJ1x!h~eRgTEhJ@}W=G9iDvZb0Z%7!%c^a^16I=5B~AkLq|+VCOr73sSo|RYIfbk zWL%q`C%k9KIm54M$fU9cXa4l+pT<^AtvkHDYC_%Nl`kA#aee#y-?--RR+rSS8vdst z<0>XIGF1Mn`c&Mtf7?ekKfV5E7ruUGhi&z3eiP;h{dbkVE#?czbbr(OEJe)zrfV~t zo1K3DnzqmJyzHaI@MBqTv@S|}uQBZ+oRVBt616V+pnN+U)AB;nnD&z3lvAa{zNXAO z=Jz#aGPR7JQMxi(##l2Q)#kDv7cS3bZ;?|mM1PemyB4+~<(e`ZHt4_AoDg80fmXcL zGJWt)kZm<6crVmHuku!Z#v9JGenF_Uon*}`q-tf7sf97DZm!Zn(ZTn91+}@2Xu;K+PBqzx*;e24)lRK9LC>;`b#=~T7Q8S{;nfnE&)lVeP%%0j;%}E_G~-7 zYx_*KK8PskpR{g$h)62o2rDGKov6AYIDB|n=0D;rA1F~3>A1RbXr{&QFZsSxBXCpF zEm2BZdbRI6@m7s0^0tvTF6R>3_R@@^>Ma3}*Gx8FKih+!mB`bAA zaIcMa5%|xR-^5m_WTy8kA35N)%(Pw`mnp__S=|SmXJt#0GlTp8giDh(6&nFBr=H4< zfLBsa>y3av$!5aAHUjBN5KgF_cgFI6PzKL`G(2-z!`wID2vpxnE?hEy=mOnfnfS@DPQp!3znvS- zlTE^gn!PG3!bDNJZ6{lD`qO4}fhRqMwj`WdyE<&}Y1@2q+H6T>d;O;;*e(w|ZG(J^ z%SpKD`MDQ_xFzA=%P9@V(ze|LGQ?nQ$$cAm2{TWn(6C}b!rx5R>I?k&IV>Xj zNw20iFvMNDaBe{f|IKE-Oc}yH9j6u~VO!G0^A^upc21gu;>3d@LNRIK{3Y||)`Wz1 zrtY8DKPafjD~T1F-uutglDC-zT-VAZwqNK}(P^G=d7$*l4lkj*{8+b9$!J#RQemQw#e8-5w zUEdYoH1QC}r)#xFHM3g|B}4vxvY)nVxKl%b(%uK;hJ zZ@_Tt(yQgz#$YWl{$_2f9izAra zBYD35S=fUy4m_9_C6BQ?@@OSY-VcQ>j$rbD+0U-9Z=o;S^-7H!$Gsed~@^g^i6`!wHCOYlKTWs~}HI$(~nK8af0bkCu z)a&CuaUGP8l?w{376%z!B#(M(#=`iB)5}{Vc~+n4lA1iq+@48fyifAzI+`(v>xw^F zpop_XWc*^~%>Aaf@8vzxq2+QBTamGJAU2=V^b(QpuMEE?37jd-w;n06w5Y`4=LsyB z(ooXg&y!LxrJ<&KKc!YMrJ)48zjMJOq@Gw4KQrzHQyO*y@P6)i!LUE5Nu(`gf6#pk z!QnX@-o)QxpSZ|Tc)Dl;D z!wi-MQzO+R74HWSs|~fo_GIL~8CKJj-va=dHkXP_;~D1gXotr+e5}Ltx-9Oy9iHXz ze214gyxQT59KOQgPdU5=9LwQeVJnjd9M9um8UdLnWi4-^J&*L~9sQT!NdJwaQ=g2^ zl%nBI4%ayx^oL^kvvHX5j|Rs)&v5u0hxr!Ics>q}a=z@avXkct&qb7}<}y#`eQ0uc z!VU9W7_N1AfWt!^=G|lb6C6I$;mHo4=G|J&h@ zJG|N9+a12c;V(G+C5N{;{E)-j9p2&a3l9Ip;g=nL#o7;Xga9$&x&O8;3au(ByP; zIJC*JV^;0%FRwIfuLSdP{j==v-Mf?rTXQ-rV#FR5F-_LwhOrW zh`%a4AmVMp`$hbq@bHKq6+STH9|(_&_*vn@BmRHFM@Re%Va`h<541PaBc_e{uZUSF znHe$t8O+)rO8G4PC45c=xu2Pdrola>@T?4;))wRr2r{VyQw;u2R8lO_CYc{8fvg zj}6uS)(2jb`}+3G_cpxp(p8hTZ5_9@Xa7OhZh!1sbydlX34a;9ZPK=yaa#vJaquB& z#HtPt50I#f+9g$`AG>~X<^GvVpTFUiG;GYat*33h{+0UaTQ7P3x{u`cyZ%T$^7juu zxkJeZpMB%9+NzU|y?(@m@=4pSzPfRIP2;h5FD@C|s%rk1?i<&x=cF@gmmij!+R%34 zD>ogMx%;q^n+_|z<}mK4GJDGNBewnZJ^iW<*OF=L!xp^qp2qz%TMt<~<%pWuN73IG zOP2}1``|-wl+!P!?5N78-UX@!b`Wn?MU5rdN6W*u1Ou7X^;ZN(L*Nd!m(RvZJE{Z0P)Y^D4=T^9|@P`xh~H->A< zY~X~~R?-PU?hvRdXKWw6dh#rD9wt z#_t5ilQQ)R(IJgVyXT{XU!?&$wK2rGZB5diibu+%cYzK>sEcuu4nq`)3-35rpi+A+ z2?rwVfw*tdslCFoT@H)#J6|V|{#_`Pbm1jOiIS_%fHV+^NmmLv(83=wI){MdAHRwl z6|QX+*R9jCifdjy1+3ya=C&?WFX?uEQMcMH>bAE46=5cmZt&Z&RtveqT5BZQ(lT%7 zbeXqH@iH$9z+H<;6s1h9tX3Rxc+2asM4XW+6{m}Cg{U~;@o%>Bn@TvTAmKD5Pz!Xh zB2LF3;WQkRP`uWgN|;uVFcS%MG<2{cPWK>TCXPucUfoS4Og9N7$@(dU%b3n(^io{N zxX94bDveIw5H*v`z#*nsrxhg3a1y3D3DYe4!2&a6wIodKY^4O;@rfT5iB=_(y!#G0 zTT-b1V9wV6C9+x$PYLNlc}fZqo(rMVagf|f5AgX(FCJmq#$c}1|8ufh;>Ot-8y!DA zQZm`_&mX1XjrVf^bxAUi%Xvqx-mYBoH?QATRCdr>@0Y*+sYpv;Oski*sCKgDZee#q^4aV-~|uGXgiX-;e{7da_jwmM%YGVOzjf?F#(O%yJjraIYyvUH;=WNDS@JwT_~Z5#0VLqPF{6r>gHK=Huvj~ByA|ei=k2&yJbU)?d1n;`|9h?{TRq}l*vqWxdh&z1d6N|0 zN0!?PUzO~5S^Q{~xPBa-=BW(1n+~Gd}3li(T=hU4-IvtzId5{yI){7sTR7{-~drMe;BTGGpa(nF#QiLCbQCdE^@32OK7Nq8_4Ya!I#R*3#V| z?By{x_kPQS3!__avIUdtCGQmRAx|CHyu90my}Xf%RPP7|?{C64M-9ZQ7U;sh5M|2= z<~OP=lXP=Pm-fQ0Lim&H7; zo65YK86cMRUtHrmS2wH9m?9719rULx<;@21`FaHproVt;{7;F`x1$!uoVLG?t5qQ6 zn{r{j%C2L06L~+ByzL4%WAcVHk+(sD;6t9Z70Bm(V$ZH%a=VBJn-KX8;=1BbUewKE zfZkVhJ)$9h+;5&0FRxKIVX|muOrH78_4GZl?yR9@FtiDoq7o;6{tn1>+ z!mVIR!;|FwzNRCOnp`lY;Z5rOY7CrF57YUGZ@Ev&rA;Q2N<)n(L@CuBt&LvVRMw?^ zT_ksh7TCjcN&9Xl^N#*YNB@nZ|H;wcaP;sFQoD`` zdP`A0JFeR^#rwk29Sx5B6CIxF@X3z9!O>55^f1F3(AO)4my|y)b;M!=H5cPKSLRe%R3;bNC5| z|Ht8H9Dd&6pE>-J!@qU-b%$9Nusmy7C6B}GXe_I)jvnfEr1x|5eH~_n#AJs0ANlFK z82uQBk9T;w!|!&OH3*B#c*5`shtGDHRSM&|%wd)*jQ(+lZ*ll`hd<}=Jr1+ZVRF9h z@OK^lfy1GFj$N5*SN^p5)^-WzW%_4rq?0pFn6*^Q;StlLIXYtGoe*&!VagN!TH*hS zn0GGi4DaWS!i>k@IYxL*#M6X75HZi$haz4q%yJL>jl$POe6}#<4E-G8 zn&P|Doi=UbEWX-BfeUgb__bt+_s3X7yd@XJadmne4FrhBIaH3{fO@n{!zrA z6aIe@-!J^jh`%DtYA9)aP52KHZxjB%h`%9Rs5Is2K;T|b`kT==^Qc7YtM+E z7Ost${=%S$pBH8Y3YjkpkBs;=;e#Unv+$u2)2Fa?cKThI3>7LG!=Vo#nV4>}R#*Ew zT<`E$hq?F0&;2$$%i%>1uX5P8pWHu-yTRex9p2*bR&acm4I4djWQ{YsT%#X7e00jb z>oxi;<)u#3C^@Xr+xN*GwmnyQ=A#YYKXL4Bt4pd%PX59$BtP$ew3?!rhdfs9W~EXA3RD)Y+`z0t7=4> ziZdT+c>2T++iF_)Cb))dM{}LrbnUw)OB=H`!&kvtU6rK`(SPQ<`ValP!2;YYGg|j% zy;$qsJjz=4ZopSkevy2Ib??oDRpe-;weEcczHIIseA)6N(1f-n=k1O^VOmo1dIJ(?6!uiZkRR>qF%0I9`95K3opHs7_4AXZl5H{@a8Fic0;vts560ce5_p)P6n=ypNfZw z?W0aX@N_6v2FRcH%gVpHJ(d|X6*M~bx(J<%RTH}O);Hu+Gt;}C()!&Y&91p*ct_%O zYb~lO%c$t@;W+gI?1`6j6;a+^&Kulcag2Qy0l2g)iY&IH-4zGCm27Yzf{N~kN7+7kxkg97_VnQ<)V?4G)Q#{sQ~SQj*+QZpK(yijnr;jM2Hpp59U%x*cY?)FrZH z_G}|Y*XLt`GFg%wnNgwaOur=f5$0q|7z!p>%g{|bLY)je$KMSbd!LEOP0)A zuDt+MD*0_BO9Pggg6O)LQAJ{=rm96yLz~|~Al&J=fj}RWPAa9Akt(262KA1hIASU$ znr| z?u(b6H7_2a?o}g-OL%8r(X*PqGbNC`-bv8Icne1-#H|OKpT8a#5nR^tr}m{AKmU_Y zPbg@^pc@k|yP$WnlVcL*EL}dY=(s*xDT!NI{{zoTum%rT?MmL5g2^;dXc}?H$kxfy zQmZBfY|Rq`n76tufWN1^q1aKx?i4ou164SZ8kHuugV6(Kl&sw<{Dylv4EnEknRTY`Rll(hw?81>9&bs+~2!oO}1e2(aI#L z0YqbAcgXMMp)=55G~_W#APjjA$yyx2R+k)Xe~~zmBf)9oV*I-Hg}8 z7pM4y^c|S^eBC$E%xxNmZ@u`aPi8DEC*ZGRT5aLE>?UTyD3`9{vpC4OLGmU6qOq_J z0$$#%+LVuSR+Y%hqs(13N}iXz8WW;0gSf8vlOJ|Uk|`qU_Pyzz07F#ohlqM@Xx@poL>^QGG}eb z_%nLAGitLjtN|Gg-`>W2_HlI9dW`2_hmUf23OJ@a4NMq9j9sNmgOzXSCl+_W+^9zpWSB^(pwFaIreWc23Wzx#w zcHk(pqcAez@8x&~IUe5Y@GKI~!H(x}htan*na4T)>5k{Uj%PMFmj4pRbC%<|#^Ia6 z@xCh?`LuYaSh|QaOdDcYO@1Ept}*%$hk3sm{XmD`fvd^=u2ScM9eFAVZ^krOCzQ!J~v|8+6yD@ zAdFrRaww;3BknJ}A>#dnSsU$wHKZl!oP@^$$k15(8K#tbqw4fy6x>iSyo5-d|}SVfQPc=c?8q0+kOs>!nU8o z*}}G;!@0t?p95{Y?dNcr@L^HT<-(Xu+tl^A3cAw5__{|q8ol0O%E;);mY>eC(s{Eh z9gpE7M~oU3xOc7N(Z7ch((}l@qL*ws9>Kc@{yJ>C^N+9mU#6s?gjmmx%V+9s9O_JTti67+ILqX8&9by(-RVV$bVUM_nkH~*TRV-B@|NqwtIsydGEcWq5g<33j%S*B=h zCiS*Z#p(I04?Q#J#-D%i)i;V{A3CY8G5K^xD3P{L4(t5WYkQ3uW(+VvcH)ZN)heUBRP{Fru= zPN*5Vb>E2xwLAKRF0Z{bX6Du*H4`?)avS3_mA}FxpLiq87x=v<(mIp`^S>&gRNrQb z77?T^kqb_nc3E1QwV5kQugqp?fG#gdzFA>&3E9lUikG=S^nn63a?MBwr?p7Z!MPWw zBsWeW(!se*(hE8`C(0)soI_x#C}-dx9h@%*r~JK&5Oi>UEPq}HhYox$d$GdGc*e_* z(qF2MQ~nAOf;vt)mzG^k<5Rv_f4OJw)qe#IO0V3r)RM{{K>l%P0$Q!n1C`5U7)xhc zeUSv(1dW-BR>z4o*E>VYT-AE1K6A|t$yV>9$$I<@)}!j8(&Y3Y_!?JK7Z zf66Fhuv`{x(X!730*P1AlL{Pd0t&gvWl=9`8?|&+z!Cn=P&A1^F{vz-#=D{2O`?)` z5fjf`6}fQ2VO0DZMXjEd`#^>kxYagjmu8Tcw4S~4^d$G85Rh%vm9n@zL##=y&uUnd zMsBI(qe|R099_c2#cMdGcEBzItz z8`zmQTy9L3BJVtmhzDgUh0Z_JU+&=S_rUZ*a_`EL&(5^1xv|;F;L-4p%aZM+V{Zf< zlD$)&uItJsoTNmho1>aLF%)38Ggd52%8m$EBD^%>iAgy+wq-{R6o2<_nX;Kz2y~mP z4Pwd~$as=6&nDuI9%mtN4i8OrCMl=4Q8w?r;_6yae%O6-D+ww;f=4UqhBjFFF;KEe z`AH&`AA7xca@oi9Uj} zM^gcPg34LgB$AKQltUjR`Pd>36mLBrMKh2 z=S2Ft!jeG)^w&iK2k$S?Utk}F@1q@UD#j;+4~evKj>gCxz7vhME*U&8(oRolrLDSU zl0kIU4o31r0+R%;4x!U@2+2M=isS-PDP2FYEE)WS7#4`(&XgfjuW&-h#`zNPjKZ%} z_>*aP>H6aoB#udWj^B&plj8VQ;5aF}{>y9fVVzWr#4gc|H;Ma;Mv8TTHmzBT46TWC zWE!4bzXf^4a*v2S3sRmIa>XEWY?dnq%*6R& z8s1W__I*00*(A3~d)~HGzR;#sC1pGZxhzk3F3aP(-(uB=l7lO`w?mTsKaTHRl{_Nc z#5UBjWWUvtUNW|lyE!Bo%EVLIG;-XA8rp^@#=Q}TGT1CT=lujxXWIl61m&`qicm)C zL%S+g*$tFa%2jx!4*Q)lQT8cfJV0>xi|^A%iBG=&4yD9Yaj@JUN>kA>Q`)w5Yv~aN zExZ;K6WOLnI)vycwvKv=(Hm3~QPL|YChA3B&{wREDvvpM+S>+29c+W5j$X~NQ`bz$ zMd0lm)gy!IVwXaqYBIeRWw&Cr$?giv*@g6oB6JMTn4H>7DNBY6DJVYBfbTzaa{5MGq~7pPo)8ZtCbY&}Q^{UCIhCmEmOrwgW1 zW9%=uPFA}gjmO<2o2pfUYI#%?f*X40%@i()FGV>Vs(5L#{?0XkkIQnF4eln{(&WrL z*8rGc3tV>zd_h*RaS$Kq;>nv-`ZSz%vf7jiXOk>>oVF44Q&|PzSQd*lI#VIj3qnrw zLZ$~HKMz7q!!aQRtxpld`m!__O^9;3WsMgzBZ&E$I71M?1QkvRDhN6mK`^LvCqc$g z%9IKvj{9XYFq{V$SLbewAfJav;CINd&1yy7W_lB7Nqz%3Eu^17A){RhJf@FiJTD6F^a8~fc zwo!AIE?(9krlm{5Zbs}pHG0%c9YPfL=|YV#YC{r1H$TsrKcy%yiF9Trn%PJB$?kfOQ$H! zT+!Ij7_Rkz;p|;jIFN}{xsa91l&N_|k2?CNwvkz}E@fm^+{Q&KX6l+|u9!D(?#ww0 zRxUY%0#)vknKO@^e*EFnjy~b|nKQ%HG&amRL%d5@oilUZDjmvWDNCg?e<>!Bn<0f@ za#XCh`VZd9YysoX!nNn~LQN?0DB~LT`|D8d3)idav^>$A4@|K#HI4518y2ybRnS;n zxI{%2au8~tiaAyd-N<}$X-!Gln#v7#mkBnKr^4k6K8T*PbS1S~%G;c^6`Zufs`8B( zl_L$H#ej+cixJiC=&(dv;OvO(so>Y^WnPpWMVqB zbTeqCaXZM?$lA#b7*i z8Po+2Jaio}$OIoHm%J?y*1#a}(0{GG@we zn4p*Xr=J-kk9-qGxtt~I<=rBA-wyRx0WR!JVJ~m)fFxO_X9jt#Vi@u+lJ)XdXsTd| zWSX%szC<=m*z=lcWlGtMg110^tPkdvX zA0EtKWewwhMSQNh*yB4C>Pe*yu3e39+Q@443-IadACa*e8}q| zYvn?jyJAS%sQqq99&%mrCx20Uey4~u>sHRXz{m`iHTn>6yiN6vKFZ-S;21Z&C!@^q&|}<*j(?KlUn`7W_MLKB zfdkV8>k~2U&-)@~&gT6QGsVNSzVY`(PSkk;o9_0YNT>Y3c77TYUc}}7PyUHZxq^*n zJaqAp-($hzp}fJy!^9UnbXR$|!oz(48_#^`;#nqldBp4Fu8w$Ql4zJYBox=%w_ z+*{;+4J;mt6m0w0eKXRzw_w{F?|YG6BNyB{-WO&ikx3W$H(<%^FBjZ8-p96-t?1MR zu*K~e%bd7_A`f*0Z0U}S^m@_37WdFdr|y7_J{h|5L$`WbK)i*u8lm%+z>JKXLH2FWlj{ClsA*2$Qd88UCSepK2dbA$$v7^sT*L+r@VXo zTLJ1Sx`+CO`U<9EJN>fJR5}&oIZ57!KbD#C#s*=*u0x*x}6%Z+G}ALi zKkx9b9R4ks2Sny|Vbj&svZJOUQ@U33@_0Xo>%s9p9_;9cI{ML$e!Qcf;^?P2`WX(N zl{?(i2Je$e4Z!7-oTarCDh{g;mZTd*wVb#Utxm#eX`GHC;jJY5{#*Wp7P zp6c*?hnG3L-r>6({*J@HcDPiHndPCM!$&|&tlHvStNzR%%j9PX+YyOrAjhu`J! z(GD+k_$r4#%|~!)yR% zJnwdRw!^18jDD5zpYJgJWTRi~FuGMn|Cqx!JNyZUKkM+_4x^T1avpa0afhF9_yvc5 z;_%B3zv3{OT_(TG;WiGpcevJJ^yn?_5Qpm>KG5NJIgHYn#Xa8P84kb4;n@zK?l4Mb zCg&W7FLd|=4od|&&wsVU*E_tyVdmpZ{_PHb&f$9;MzPKKA9nb0ho5j*&2wV=J65~r zg}$b}TLtqneH*A|GEZl`Wa&1QWAqxw)8FBlu0H&K_O1lHs_I&wbMH;=y~)V{_X-gs zhDm}lgn$?o6)0+)2SBl+A%qCgKw=UUC!DCosiM`Y6)Re;)~a=&Rcl+pdB9h-YSn_` zQ0KAQR;#w}|JPaj+?4^b?`iwm$NrLY{=LrHYtQ=(d*A)L-;3aK^m~ylfZgv!IF6nI zeg2k$W9Qk5`F{6Z#gl-!WSBa&z*j4t2F!0fl=D6AHpNZAs}#2aKcct;_$kGUfnQL} z#eJ_Uz6zM_nKn7*{Z;WTz;To_EM(iJ{(Znh74zAa&!3d9 z17>?B=KJzQ#VN$e=Tge~t!r<^e7~Necm(jlinjxU!-^`@D+;B2fjw}#lSZx=6f02DsBD<_zuO_0^g5VtMyL6Tc_99KPJ|N%-oD-;;2(!tY7mqA!78BJh+v z9Vhuc$vG7JsaxUCOPm5vK2w?G6ii5Hn&cPNkkB-_7o_pW#*NdwV^7dd7 zu+;usi1PLf%lHq#`BcwKyidpm(t8FD;ktU3zQ1e>w1Q0Mb@iEWT|F%_NR}r2{)}uo zz3+&ZS5Kq2mw1l{Tl@%jd*$c`4rww+DCi-fH&deN4h>sAo2%NcUO4( zRsw8`?d6vu*4SXLuy7}c z&;=Bx5Pb=xs7s!>e`@}}Xc@FD?d{ch&2p!GSv##e#)FvMh85p3?fT)ayRzn%6LTxp zzHUh{m-UvJwZfaa3z$IDAXxsqGZp~L66u{cjTdu?@K{|DTpq0m#wN4T9;-uH_}&3L zu{N8u0 z!#~!m@i}X@h!L}6sto) zcgnSq`Eoo?2vcQaOvtg`6AW45RV)Ivm{;9OOI{6ETE^0w;8Pviitn4X zgjj9Jm65VY53`AQK66VdIk$*}hifhCJh${KC&Q{+tZIu^SLUW2v4m)J6&DnGvP9A@ zRE*ZOg&R3W3-cnmtdHx?r>ZPgwnf>6jYw;5-BKr8>sj`P09+C0@+#{sy?^quM7!El zQr~$6W-jF{6DhAwYedazR<0-1#edOyQM1~Rs{+I2fL!0n)qX5HUC3&h^4GhHFRLR7 z&vHjqzgxw}!G#^b4Klcu{-Z10wAF2Rg_~3Sk6z(cf%0QP=i{GlEdE*e&be`ZGYA~! zwH3IFkH?woUKpO&0{rv)hqYG=zjdxs8I~9$pt$wvO~O@H@`m*IiqSP**GL$FOZ#pH zQ~o~kF%xIzgJt0IF&o&W70~-7{wENqbN1@scbJ#-8lyzfWX>Y4SNhrduS3-`s7;%{8jj;+b4}jS(J-& zw8#IK_3ZQ-@#rTw3XO*YW|Zy{ll4dbGz!L}!m>Zkn(67ud@>Be>=u&!)J% zR}k=I2>V0s%DEI6#oEc)*C>7jfqG30?eM9&Eck4cZ5$@PSKjqxx{x=^;#Q^No;>ZOg4cV_SFY$=IIVdNQWT z;ZeX`Lqm4}{)uUW{f?M6h~3(zom5VH#BMzk$8hS?HnEcfeywY3wx@lJ$D82Hd(Xe~ zdYWUHe%>hHzKwr}&o}rogReFCR)g;{_z{C;99H{(F!H|}9AGeT@p8;}m~$r%|JmTr zh*AFHFi5$1CeDkv^$LRx9!9Kb7-Qr$Mn1{NITzye_cwBx+fzF;jhyozPM`B1E)CpR z#o<$pj?Ce4;DkGma?Q(42ESu)1qN(qf4IRl2FqTTnl{>XHl=T>eGK)Hoa2kr>0>bO z6;94E#^EZ1w>5YNgC`lhtHIL^o?&ohkkxRQ(`Bg?P?N;SK zHF9agD!2L=jT~h{#zKlrNR7` z?R2UQ9%nGW>pGo14Bp@1X$H%frVl$ZZfkn*NE`Jvz{sX;W7bX`Y;rD*u2C_~@;R1r zc7dZ5vuz%um~E4rWl#r?v$B?#m~Hb6m6rqaGdtxKz!xg61in=9WZ)|l?*`2E3e?{n zn4kBF_Xg&NdgA?n-JEVCFx~%j&X3=b_;b8%#)aGAZE!wp^tdXS4y)MkeAt65EcE@c zlEUuuVLA_XP9ir8_Q}ofBI%wiC^99YRl!b6i7s#m#ZC5B)pMam_+{ zdz|C?7E8D599M5>>%tPr&6I(KM)&F#aW;@8r*x3Jgz?RUgh>^)Yi-zn4n~VZy2prmarGk+V;sMjxH8 z!W&pSEF~_L{na+*@P8!!8MNzEQ@^KiVdGR&{)DoNCdtMx8<=Wxb4Gl1=wl|6qFE-C zeb>pPO~aWZJDJq4$H^piG)yM(w1>b$d6Lno+hh`lP)sKAR4Z@>PfoYUeUxohOz;-2-{rOLPz8$?109z9rN>h$pAec{*u-T){M# z$1^p!3668TS)%d6g~Korb*!`gQ_!Je-frw%{|~2s^tSyq&Hnhpm3ETM_;@n26B3`1 zUyQRn{oOo{zJ*u2O(rK9M) zbo!3aDNJrkq_dd2W&B6X-q?AWsEvKODV?u(@`m44=y*n-kDQyl35S#1kddOs$o6CB zVS5&wJKDnYT!&=hrMU?kYScH6?5P=li8-83&3@#6^i+;lf#PJj=i{G_&-JcO=y!wm zW(HF}9gkasapt!{hNm9G?WlfdZvy<*xjOy^gv59}7dJuA?&S3NzQj7;kRIC!!`OK3 zZN=q-cSMH)y%Ug+@i;Rd4D0gI2JF%R=v{z+>N)3Z%!9yTUb`LkX5vhHOt-VQ7}(l- z4E`dQDRb>44TF=ovJA=^_fOihb2&@lxAxY;7T35r=im>!=#9;TEqBpe`vI`cM=L%s zJ_tR=%ZCq_k6TR`K-o>Sf0KKD738e(;+_k&m zxAtbh9=}}E9;OE(d-7cbe&g=XYl--#C}U8qYb-o~t|I4`q zY}vSRF2T+ve8w_;7lk}eiZ^$_TmtW{m;qkm8R}fZ)_^*ffTy=;F5xoT)!)mo zi9~Y=T)z>`CGerE=eY!V%yx4L(E7KUOW=E7k8=qfEZuH%2{%JM{E-YR^GnSo+yO&o zF5zYIo{rEQ3bTKvnf1;ktf2DOF_*9sh7;=9|MAp8_|DIQ&@INlc-p}H03<9wG{9&x=>L$p1lKCQ>|8>mzi}>sHKBjdB$Li2;Kg8iLP)Sobl``ZsT0S#<>JG1hxl!I*Z)KxrC@FFc*`_d4S^b zbtosoPj_=3xy~<%ITx4JuGatc%_ZP=h=+o1&lPqq!QC-8&LyBq@H4Y$U&H~#IzeAa ztlyVM89dJ59Sz>o-~$Xk*x;E4&oQ{w;A0H_w!!Bce3`-58Z2YJ`zCJWj~KjhE&+uB zw{b2ZEQgJA31K<>yU!(z8n;b#_&bB}=zf>5Eq;A4x~j?^$Bi3XQ88w8O;wGkZuoZz z`|W`;!h(dcQdE^#voInov@S>P=LI_Z=)d=><#*Tj`D1a8T=DnilSUn~?5gVJX9ls?Zrxs1 z4d{FKfId$Q*yN=F**^}*^j6WS9((ADM`H_5sH}eDly?%-2hNQ>dtPntwef|! z)fA_1{^Y0;MKDlv!soHd@wHgRGz;!uO>b;e_-YK%Gl8FZdNm+ym#T4s#)Ki zGqt3qymEMucW}`Oe>!;c?M4jSaYE(9(D2#SHG3WOa>=-yxr}?%8K3}%p%!<<893Tu0wBY5{l1x8}jr1=iE$y@OL0H6L^ilerM0ghp~QXB4^IPBZB zGF>O)kdRObpL2Tt8rZ&u(HMuhqU(xfj^_Y0OUxDB4kgSL{T#yFTu}zWF;_GTfiYK< z2dkJXN)^KXaM;_>Bvt2+y{^p1 z-UX);9+2ieaY`ok$1(Mw2pDxYe{em$~iVY!5@0QpIO8rJvdPh4`z51EKXjK$jUqk&THZ? z@uX;ua{fFodmsz(kOb3{CGU6acZoA_Ihi;Y$KoI3P{OhZi!4`en=HrTfsggpr zh5W_bCM{7&uJZizT7Xl9Y!>;Kar^hcEB*#fC328Nq| z!T^#Vt^IHE5=|OgdT9Zqn=Hw{=02PY?_xS`pk=Smo?iY>!%QCN<=;d!x$p(#CI4m? z!(uNz0b2RDE@gOd+<(CE%h;E8VJf{o++`@a2V+TiY3{O~-19N$q>pFk`%V%)HJK>F zv3MK~Vd+yj*J?}7qgP~9f%ZcuVos7*@!pweetBEBc`tL?`DvqwgvOO)NTGd@RWMRH{(qHt-uR@LO!AZ^hmW178uJ9tHkk++^eGIP<63_)(n2|B;uy zl$p9VJ``b41~hH_2XM1OLngCc{JOw)pHY@XGiTQQ*7dCfWDe!1uYpqZso8 z@hif>CnQQxfMK2&B}}qUPMBn$lF($AGv?D0&xe7}O6(N{J||(4eXb3>)CE2gLwoA{ z#AXPCJYSkPBMN+3!X*208+f@3%si&9OiV|Z-dMtTaNYw^=tJ^Mx(}5Lsj$@?mRF17 z{y4nr{0;%6)oku%&txB;nRlUDo13=@N+m3XBl1i}nys~YYAw4fDm2xS_p*jwm^UQ~ zeO#W&$q6>}i7xc{Y}_a14M3Pp-%o9mzW|`$E;yvd2@Y?_--19=`yLBxbpFrb4-+^h z-(+{&{5o9F)>V_w?4oszVM%YFPaBA0*ZgMy!YFnNqkzdt`Dr|+g(fHGn>^R%-<>nL zyEFL#GMm~{EWzaT{H+ljADi3ic-^2YOb*NaP$>gG( z$s`Mf8K0W`Y0hNQWc-`SxyEEtGrlwXc_SDsp1p|x_-wZQK=G?4{#-J*r`(ZfVn3@s#l85y5B+U9lcX*B>kSE zekR3o^Rlz($)@TN0i)`d+8QMkMzxvTLc*xZQye$Ls5Vb=FbbpUpJERWquL_HP7+2{ zkz(TsqZ*K6d3xFNSx^I0t2L_1)c2yOhRKj0MzvLnqih(})+u)DFsk7xjt5~>BU0>9 zVN@eiY*b-Xqf#tqFZ(XrcU5XzM1ZH&)PAX_fWjI*KnhR??x}Jik&#=-v{Ws^F4kw# zKOltkuR1UL1dOH*N?obu>QaO8Y!aHQmqJo=4c6RjXD)jS2gSovA87FFQw>q@8*OTC zvcYeTg0DbUQ@5t75Qv$%Gj(MY{8u*iyKL~4QSdVu``xJ)1lkP2@em0 zZCNTW%^a6Eba<)!G!y7$=d;3+=^Hgw!u*z1f~O+hx9HF0$Fatk~%6qTLK+{WASC314K_~<}p)b zgQzzVi3rEZ8{n0C#Jj|B2!G}Lh2AEm>C68JZ=d;I`ijL2QTRQSb^3>V9!m6S^wL*T znkwX7IDHMJftNm;kG|K^%qGLrx1NTsTKH#%`Wds}^=b9ew=q>R*>`;F=%-~;P=OulVCI|w_p=_tw*26C|5Ahufc^x@I79s z5>G0)h?d6t2QWy{yaml(!3_U+cuIp;P^AUU{^jswgI_Rl-}iq9Pnp+?S*-??_ElMCpEW~(?y#_T?_%1DE-#{)4Tm9bv_q_w+^1`G1 z8cZ|F+fm^HeV?04OQ-t><3b`>hQ?5MuHOPrD!7JMuJF%fkYGF9iwdvzFNLQx_%1Eq z;ok&LHrR!pC;V68!PlQ!oJ!@X5r_AxO%% z8ac%9ja~-TEy6)H1OFEMI`?grH$iZW?@HvFI-3j{3aOe?;j6O3g1L1RBG5UYv+SGO-)s zI@rexGoU1J0YHfydQM;%@&IU+C4w3L#Q^d+5*+6964E^{0a2ZQ3VhkWGudlt~g_@cHB)CUKq5 z2RBLLGyZc?5})&#aZTbHlf)POZ$L?t_)@1NzHF2DN~a|LAxdHa``l}iu?*uK2r74L*oi5&R8W9pE5_K6qOH5p3D#2z@NUWM^w zf>yJQ7=?p=v3lUXhf9OqEOrJwVRT!>Op_TA`!z3k#W&zoB8M-C?p7$_BR7tzX##0= z(*!=?e*jQE2Om0vonvgy&e8^IHryfNQ2oUkdolE*gL>|N8z?t8Z3@&f}co-F)gumabav1Uhs;?;#4As zo@3e`*OQ3}IHq2dm}n5yaCK}UKv)ew%2mTPF(xgnhHGOC?3L99KaBkbC@kV1$M&Q& zEaIPN5%Yc@TrXOsMeK|>#P~8$6=Ya=H^!K@@d0N7gP+D&8WX~s*$XhGH@EEdsL?+iK@M!EU#Jm}XpsnNQ;9}UohR1m~DsSMZGa}BRseDeuJTDj-XAA2$ zpV5zsGtClobo|LEXmy-7gMNeAZpOrUlL*a>jdS=2&1_@Lj0??_1;LVdtQ^IO_mkj^ z_}hFuC~5;fQ*ffF3HYoypFL7u?~jAv53!RgpwigZ<^^xXCPLi{e#eq~KgQc_BBLs$eL`<+yl82mA$5P$-`2 zU=8z=5zm<5FqV4g85^905h|#Nv(m=}*RgGFDV~}ljv-a?15hCoDr6AZRw{O3EVC^O zWP(_`DN)fje-3(foD(-I5}A)^Z=X1eaeQ8ejBvre;+v3{sb#pSVt#U7ri^KtCca(s zG7Fff1LLfU+Pn-I6N7^!hKutu53$S-jW5NuOY$<$(Mm&{{pXVW3}2pt+2Xq+Kl3d_ z8#Kn*I-kqWoWg5Iij}Hl<}hAsjxUFm(aFq}Oy@kg_H$fgT8=0#Wzo|4*J z9%Oc5xTnQ;B}ObZ(zWr=AiOHb6tJeB7vHr(=3?4>L44N-neC~$P9_*`3Nn2e!;3Ow zup-EO8{>EIl1u^I9%No(I$sveUj~^6*xg143`K5ugCeE^jMJjEmQqQoR1_=2AS`$R^E*BCi)C)GWNIPyp662GQ%0} z?KnsFbwOrV*4R67j_t1m6-{`P3*L?Mz4G-Svo}lrz4$%I*xQJKDSJOY7T3TGmte1B ztCo>;sFyes{^id9_i&_TE0pVtL;p(W@9Pym0_yD6@v;byNC?ffyx=G7m9tKT8kCrBqR-otk%wFI|-3C;H&Nbf3XE6=jZN z={=nO4$1`I1KCP$ zk8B;Q?9$X4;Jz23@eIbhZXHq=zV9rTAYQNqtMb~^@l19QV~e{rbsjva;BU0GDs?@B z1kcd^YEdf0jg@^`x)$b2gCk<_EEZ2TkkRg2Vi>nrcE{7x?2hGu^uKSX-{{5qNhb2p z9#b3?vnR8D&q$wwv}`&!Se2fPE8!!|-IAz&y*Sq1BSp~f9OnAobOCg{fgdqDpGlX9 z*F!R>0r7p7X7zXj-%DVP$Jw$BBz~q`>{v(v^E{|&HX+O08+;iO;g=Hv;J3^-KzYbt zM92o@AK(rC5q-c;Wo@J~FjU!67y$>e{QW83;8#%U{;-^Wzah@#uuy*pKXLe5v5omt z!oXWe;HlowYLth6Bz<%<@$WDD8w^xRnvRr44PhmFso%^zu-{iMMW^$d8EiVe5<&A~ zz+>@0OwuP;uZDN4n$IR039FSHUHo%6xNv#V5RUu) zIV?zj>XsN^{O@oe@TU#oNZ@~`mKP2j!p)xjbH#JemhAlgQuh7WdEOBAet#)Df9yQ4 za3(ldj(Iu-;UW&qdCZBo-R}|2@c=CL@WYyX!|mY3?U$mx7nSicb89X$S>6tJqx~1p zm75l`Eg$E+@ddd1F-WM+LMst#-j}D9^!?p4+?pwGfVX>Q6pAiCB$`Y*qRCW9G@0%b zQ8(g?WX6vd7Zz?`xP#C^7J?44n4aA;H5|><3sOdUi{MS+s(Onz@rTNWy(M{w5ko9n zYA*`Ig!In%g?UtGs_=*xDx%?L?qC#4u*!32{rqrwQ-ST&UeMox)X`aCoa7X2QX{6?Qsim7ui9w7IqM!s_sx z7sKS{{%A2hz3^a3_Q*VMw1gUEw^Xh&TPlwZFQB38hRPbv7~@4WV?#Ao^ES>DhJ~CG z28Kd3F3Vd#k*AX1uhw9U`GrLMR;HIWU?c9mX&Z`#JM;fWR3% z&BTAA+kVdI^w6Ec6Yq(>SI5&#{8P8{e$InLVJc5fq4Orrp~5tt_z3{4q&zv@&YL)g zx(D(!U33rQ$?4`caYh&X(iy^i>x*+i1>QPh-U(%U;Jg?9QBpWYj`2anQ;onGJn{b5 zz3?^{g(*CRmJa2~>2@wWG*sA~%F})V597({=E@Ocw)bVzuoZNNi?IWE3M;#gC)za` z=+SzvT-3q7>2$1a&-nzymfZZD;`o2dYcO8Qbu-patgUT zLg-bC!Ze;*1s=+i)6KONmIo8~WzxyJ?LMLI44jS#A&%nMu*c)y_YMpN;W6w12k?Yj z6LQ}6QRC%S0rxKEoF^*8yoD?Tajb4U48SGi$V2Gwex9istQtCIm5w&8``?5wLo#CC z?|7?U-v;E|X2Whs{lD1CiOJL zJrRpvno8#b`0>|{k^R-gai?>8CL@j0lTyT*L&1NkHOFgk$}9N=ShhYEr3JAc=Gm+A5H%Aq8+k z^ux{M!|br6{P>BgLkqsd7s^vAPopix5`KQjFq{t^rZ`Mx!svIl6Xqm3Vyk+S`lUV% zuujsNWR`STIIbviWgkkyY{f)>kt8jwr7*Gf7}l6bkUT^?yR{CC#tlb$NAZ2LVL{u` zjbYQ0Uo*4&G&eQQ@2F!ZYC62Bp}wQB4o$dD`E{u^7d@kHcH68uk+20n77-TR#)jE* z8|zwIxQji19o^pC*4R*o@8fmY+orXJ*6Z8bv71VJdsEANF&6PC(}$VSx>-#yJgZ?g z0%Dq{-D^N(Erbibx$XQFz~RmHb6}(XXfXC34x;7ux#0M1oDcfm`gx7mH>jnfr2$dV z*DjR4VM<)i=790Hy%G6ts|&Lq?Z3lRLo7*asB7r(=5e@Sx>y3OZB0kBG&uLft9Zz3 zg8b;V!;eMm4Qo`cF zzUCvAuCb!9S{KY>GEuca%}r9nQgw)l32LaDkDyf!j8^5Qd9BSJ7G~AYo=piyd2K>< zt@UlFXKa>_7BP20$LyA4=GURk9i1x;X>qL$__Q>yeqr6=ZS`}csfKpgJe%fsYMo$! z(B=jewAo`vkEzU&Hz=)w_}q~4?r$6YAQ7VJm^IJ#L(2j*S*cFWL21{OK)TZr zqF|p|STk;ZlTnor+k=+DS7i8V{c_W@Dw8=AI3( zWuDhG$Ms#bn~o+S_&~FjmNdJSV_%oVp-Z@=H87#(IwobKYns>AW7=vuB?s~zh{`qX zSbRX`s7M>;HZ~l|Rye0ah8I?m>O{jHf@(>G0kuz(86C~6Ny<)&S`+GqH#2afp6Aqc zYV={Vas#E~Sc?YFy5^>KshL*xW{oi%f2C0)O;NEj%^U(Y)OWSN|u^jbD&5oAt zh6y$#m|*wq;Vy%o=qkW3zsYgAaDNJ&k zcXWMo-I!``Vaws*=LyG5-plN}37KE?VcE+KYp5LjRaeQ#96s~w#f7XpDOqM-i$_O5 zGdSfoW?_RwUu>G+7_~sWAIY6nL+j9nTceDh?MKdU@}zjf(NBwrHxk$Iav~W$!dB9~ z^mQ=EhSIgKTj zk!b<$wwb$Yx-m2=DDw<0MZ+F~XU#VE;La+>aI!8wdmRM%&*m}PfQqn z@o3M2lv2rUdWu+B=g|miDjlPb>%O_iESG5w*X0Q>Y~JDPMD&q{5B%DMq^P9v;W4^# zc7>E`*!!cBmVO()!pS=ybWpfxN)4@ew$?`@B$EZeq)P$0CJ^3b^j-1r(N$hk%e)rs zYzy7o(>Q%-clMpn4Ux2qv^F)M*SIk9WG@wj$it1na<9Ifno_R!xb$cm!*Rd}%d6FGD3!i#qgV~WfB2{(vj_&NO)|mM`!w~LOI*ivyO)8zVQxZk^h3S(V zHnp|P)BSJ%lXtbPKzm_(%f~<6Sp2&_OuxgM87%T?m<0zIiGPNt9{t;?-`V5Dn6m*G z;jZzN8hiNW9@z`$t8(e%gbO`~vo z!2Dqu&a}4){&|i4W31Y9b#N2>gCTd$*%;Nu-eB092_@R=i+^Wtvf6`499My@aUPtV zy`8(*TMT>aAfr9rW1Kzyh7Es_y9o(B#bnrB+aJK$rt<9RsAD9I_S{&({LboPZ}iq! z>f;(Wt~+}Ry682-(EJ|sTD!!1RSV{Z(ZLySfBd_Ae5;GS=SGKf>QE8q;yt;Gy(}8b z3TV(?1^%5q?&{^jKfE&p0BpHD2z%E;hxP{I-`Tsqi@hUYk9(*%=j>h6 z#a`>tNEh^IZ!rFyz1!7Zl^QsG9NGapnmXF!|2=y9BLZZY&~oCjyx zqI+KLg+9;wCG;ws2WO}EEP%)gLj6712f7F9Lid>%r^d8$E%gZ4c1?T>tt^x2Fj}-bIzD{A~{=m zcOFMt&AGTRp;|u|d*oakBMHXT+q$Le@sSf`a%~6Bk7KcIabHuw~l)?qnO2^`QtiA)STnq&AhMEv26V)HzGp$ zy4*QGN2r{O%LrrrTwRlMaTy7$zar-Wic3$-iQ=6`U|!!ccTx0h?eV&8QS|c(Bj@6s zdJeA-&0PeFce;bn?`k7di=zdTT+2DOyThFaXZq)N@t@MgzeN3&IQQlqsOQgK(WAG5 z(Qb0Bn!r6{hfp4@0rhFR(^pk}yLR7e+~c+R3WrO04d9FFdS48fWS;u$io`?%IUu<33EkZf7M@%Pq z&kJ!1CtnBXfH)n>*)}XUpTm3>@ewZ_i^lD%T|sPy7ydAx@z4%2{^Z{$fD=2K2HJ7l ze-*^gVNvtn>9hU0bh7+2n&v8E=#Ryj|4yIx7?&58Z$|Sqff)Leapu3%uO-&>vwSm( zF?>gu^+-9(wO%pJHWR~UE6)6PHam!Q$XrMr#U~oPSTSv$rI^KXzG4QsL@`IRtB4WT zwK((N#dSTg*2_)QQT#K5f2o*p-J_UsttN)e$8hGqv-u>k4$03@M{z#oY{+l{{(U~E z!SS-g7%3vmQPixyr;oz=T84%gJ&9ijKL=xe2&4F z87$?g>ABU&e{JwX221&<{yHOn+u%fqK!9Ozi7K86Hc(uXL8vLrkN1&6qG#q2_VuP2Q=KG@*-1|M(m5`($Dk+b;|gKszZK7)U2 z@aqQu$>3NjXS3AcAqH0)ytBc38_ZpxUD{d?xdtyY_{Rp{X7Fl*Uo!YTgFiF4pdgp#EezhqU~ajwYH;5hEXE+Th&{o@wwg1}`@FT!Zg5I9r;FYk!01 z7~Em-5`&i;e51kl82p&QYYl$WVDbsLGVEpW^9H|Z@HV}3`pXTz!{B=je$3#t2ES?W zUkpy*(4Bp4!6AixE;ME5I z-r&~^{?K5)K)QH~3_j4{Sq8Tle1gHB8N3DFQJl?YgBKdS*x>UF{(-?S8T_unpBkLP zJCKX(RD*wJ@ZAQlGx$#i$1uJ+J0%8}8$8V5-3&g|;8P5~*x;)Se$e24cxiX>4mEhJ z!4nPM$KXQ@o@?+u20v!-T7%y-_%8-0@G-@ur9AAZZ`NhgO?cmJ%g_@_!fg#8vI`duQB*d zgFiMnAK#W-`uUy7;eiHM8N8Fhdl~#qgXbE2w84uFKHuQw2H$A#FAaX!;Aaee)!>f| zj#cFHQfhF2gNGZuy}`8x&o;Qt;Fk@4&)`oD?t_met~>`DTy5|KgZD9bhQUV|ywKpK z2480Ibq3#N@O=h9Ztz-z-!%9y1}6sQ^3u!T{swPtaE-yc7<_=i+YHLtoMiC62G2G4 zXoJr(_+o>vHu%>DKVtAR2LI7uekXSIRblXOgKG@l#o$>6pJniQ#Q45IcOkI*Ub@`q z+-UF$V!T(=-A;YQ_ZXe$4St0f?}T)(Q(y6iM#meH%hzTG4o>mcb_ytDVz`@h(C4ZD99}`cld@FUyVobw>VEBY)7~rwo4I;JnIQyuFC=&Oq14 z$j2CbfWdPOW*FB#69%)%IysBRVLWa}7>|At9&T`z!P^?VgTa#w-qqmg2G20K!QeRt zA8YW51}`>viNWU@{9S{uHu%Q|-(>I#gYPu>E`uL8_$hdLyQaf44W4cAe1m1aM$^Dupj=qt zuvIyU=$!n!26LMzC;zd*TwCSjD-6EV;JXZd+~B7SUSse&gI_cFErYo?m5UcY`HyhQ z;J{#RQ|0uxFqj)nxiP%j;Oz|F(O~XG<@Bc*OlmtPKg{5K_G^6mpu=aX=s60XTcYPE zd>D#dv-7c2~?Y*jF+0%|1^3k-t~Wtcnt6y#p8hI zDc%E^yBRX~RxyP5@UElAI^?e_We;(U0Z-oCu{iZL~m(8j# zjn!{9;gyR0o?@x2#3JzlrOWoZd-dObJ_DNy=NEVbJg;K)^2%UW&l?d;-?=95_%T)Y zOnhM6iwpPN(cimx9x289RDV7qhz;26?g9Ot7_jL}1Iqq5pl|P0tt9d8y=vVX6W@uA zNIX>k?EasOP9ODoV!!(|soCUV2qS3`PT)5zTNlS;=+x|6UlphL(Xf?3{9bWuj#Hc&Qcm$oKGoGv-^t;5`A|3jE;D zU?>DXI62mG{NR5<2=IeXMqu!RzYRO!2QNT>7FxFsT$Me(g&+JpBue!MV7` z@`IC*Fc$KIbD#8h$Pdm(+xY&qu$Sfvfq0G|JQ4DP*TYPCBIE}@3kgoV%#p%KY|}TVfeuljvxF&6l}urgCCD-OgMh< zi&=|~AH11G`akCfKa_>2{NP*QR-5<-`N5w??QW1CoLqUz5B@3QP=4?{K*tZxhT-_Z z*%ll>_{T8s_`%sM{#E?o*P;Bsh#!0vv-Ji1;EULodg2G)3Y|*%!H;6+``_||{{#tf z{NTsKcEk_P5{~%6e}fhj@q=^mOvDe)!vE*;gO6iclplNzQXlbyONt#oxTM(egG-7X zKe(j$pUMw@I_@lvAN)0p(h)znq}cI;ONt#oxTM(egG-A4#r)uG&=EiQo#>wtKX@Et z`}+C84`8^}UHHMpnBxZ*V~!tOjD0abxCD0m;1byJgG=CuAN*Oi%&z?464>#BOJK(j zE`cL{@LTb)+l?Pw0y}jv!CTqKXLjWW7i*3mT&y{MaIqHggI97)>&6c*p&dWCgm(Pk z5<21sC%tPoe(*zCD;wkomna-RxJ2Rj!6k}_AAEb3bXR_GiJ}`nxR`YO;9}D8gNw%WZv5b4((!|fNyiT^CL?}u zt|aWv4=$mVADrLi9Y6Sa9RHLbJfK|p!8y<2_`$bh?@)eluG5Y9!H=V-8$Y;2rTpL$ zmGXm2RLT!7Q7J#TM5X-T5|#3UOH_^@d^QWJ8$Y;2rTpL$mGXm2RLT!7Q7J#TM5X-T z5|#3UOH_^@{7-D(-T1*JD#s5l#qapRrTEv+4}LpGgKqrbV$Sh{i#f*+F6MIl;FoYv z?8Xl+!5u%i1b6)45olWUuVH6KX};mlpp*NKD;SE_{|&{{!xB#e$4zA@PprovhL0gj*WtI{NVgd*@Yjx z7@ep)KX?_!nlH@{{xoW-2Y&Db8gdW(;4h+UNBrP@=?VG42Vmg%hxx(zo%XBb2cO17 ze2x6zd!T82S$^>ULfgyngO5VWy77Z^=}p8Beg*E_5kL4sUUB^3r_xf7{NVhpM#K+( zDiimg!Vi87Go$?A|HYE|YWTr_g~8#U#1GDISv~TD--xE5{NOhumyRENCBzXwINy#U zesIomMEu|++Kc$XTX@CsgYS=_AmRt-%v8h=UPRCTD}Hc(Lx}jnYgsT6Kloi3vm8J8 z5$He44}J=Y((!|{^c_F=LAVn|{NOhu>_3ek9Ar2VKloteC*lW}Gzi9Pd!OA>SZ;A_}| zlpmZw6?6RHCnD)R^Mgwreii)S%@~CpKlonKV0+>Rm+1b5{NPgjU(63KDqj^p_-CvT zfsF;NO-$ul(Q%4*iZFd1AwGHrt@5ku7^MgxJ zQ#7J^bMP zIM_IT@SQm>JAUvVGC7VP{9)$D@q5kL48 z`XYYt!#Tc0{NV30zK9>Zf>t7a@K>0!h#$O&;Ua!;?j@At2Y;JgBjN`?oh1?RgHNPp z#1B4-F+}{}O?*U*_`%;`IwOAYOK3CV2mcLQNW>2=17^ezE+b~d5B^)0OT-WU3#K~a z2XAGqMEu~tW$Y0@_@@jP@q>?Ljje|td^9y9e(+x~W&ccm@L_Cre+>D-_hB-XAAAI| zvmSo%cUU74Kloo*=Mg{nAYP03!S7*tMf~75F>et+coQ`ve(?91jEEn65_@+K{NQ52 z@q>#2#}6)T)bWE$6OH)6uV&RNKlnsenev0*hQ<@|gUkDl;|KRym5v`g%@*hQ!5^b7 z#}EE{wrIx>{uf?x{NQ^tZ;l`QZDz*tgIBUd{u`8!KGdtKe*IOPyFClvEh9& zKe$+R{NQ5M@q>%ip7_BpVP!jh@M_kA;|G_~u19`w>3==(gU{marz=0WBue?gxdz+u zgI~b0$MJ(VBIa;WApm%e=M46|L9!ygoK($V_8ur}^ntOUM^r9~RFv6!Flh{Y$Lu}u zC6t#xET{iuq_520gZOd6F?)xB9kch4EOO#E%Ay}w;PNSd*-wUmvsTj7$TZPy$^PXZ zJ`r#@y|Q1*;S9EjUWwrF#emo0f2gESu09QK<#AvnoJ*rz_B4#l-c3(poQt2g^rWrY z(7XI2NIE_UqOC4LHw=l!C&Ifmb2Wb`R#_qNaByBP!jUxI!$TVH5r^XXaG~+eT|El2 zWMaV}Yy$cNlzhmGy*GsZvc0x+853UYsfc1|0}>~^*jVx9ZFw|$q%XYKSJ1mR(iQSz zKMJp8WE?Z{34M+in`^$eE=L4sA*EG_f~h+RYk|2S^a{w3Hh)4c;U_>m>QBt~SwOPH z*k8sU%Sl?!B03Bv2eDoIXFpznCqvJH$oIQY zmqlbGEtf@Pd0y2m3|9LvCCDEp8-5HZS}!=Qv{$t$MqPie_j6kOL0*;Y{IXv@vY}x` zx+V|0Q_H(ZZ(v%cS9g{sSh>4V#&vB8uS)hZnK3=5wJl)PDi+9zIpXcnFCoXrBLqv; zFl*C@SN#&&Nm0nG%@QuDrF0Be%D(4^N^Qt}wqSr0Z0*zgWnFLO32 zwp}>u8DTVzwgc9$yw}7YFsG_Q+b*%@Gzd7ZfAbuPjiNgX z^k$+vg(s)bxrjoAsXWz+ZXHifw{sDNy3=?H6Fq|`r<*IHB&1(9k^DIV?n}%NPm=^5 z$`fsa_dDU@$U}pfHYfpUrd8={5T`#w@z6wI;S3O7QoD@RmV}*k_ zNe1Wmu|f~*$uX4pB994Yaa`~s!Hd91>?nsjb0U}Gmp559HODXwuH}5;P7XPoJ)wxs zR~FY`ZB0Y`E^`o14OUb2%X$K%xu zBMEttyO~jAsE~h0=HuFlQ)=t>-FTSktm}pB$V$RY5_Z_mQ(ZmQ5qNB5L2w&yYDy}lPh%mAV}BK8DF8qh2IXlV@eX0p`4%j+&?AG9`RSL!_V7{ zi)YMH2`$=oIMXp+V$98od@{~-loMCue<1$d=g6MY$vHjR=b8J*P~Uy->`9-WK&kIO zh4!R_%TYP}kMUPQh^#bdUy}EjPgGwg@o}frd@;qbB&A1=tL@IXWHZJrnC0~u(ekKj~i}r zDYEyR!IW1b!pO|?wCBofJUoNpcg~e_404BgZ367E44J+R{$2X`n?-AH zCOlbOch1@9-NoJoFvhk|d)#-=*{kegk9%h69a~H~dlS0ooxC2s>0R{BUXNaD7rl$u zqqn4s-c|6szQ+W*^!-rvB+)or5C65!WAuIixeLR~kD*+cXO>I3>apH_*2UgbRN$Rh z9O4`(Cwtby@7(#YSK~Z5 zJ9{5?v3K%O*gFu{X^)f2&R!w%=E6YiJq&x>yTJ>7cTIMRqJp~8HqYbUvb4u)arXME zy(-m9jKLm(?BMEXkN*R^=)E>6eEjOF$9*?BckW#J8$IWDN44klCPI(nfpab&+=rKG zb?)Mha6Di>P}NaB_*-2UhPnsC9{Y%M4(`&$-Y;Q~dbBqZ|E^qm0h?m=KA7xzQxMiU zXOCwi_QvmvU#=h^A7@A4pY}@e&$R^B-d+cI-kXp)=j=JZJ6m~oo@ZOqv~TaM^fT6+ zBM-DIW2QOQY2>1Qq4WiY2(R;DJ?F?1jczC|yw0AVbL5Fe^AVTD(Z|TiF_ez?teD)1 z#488#Lhq(t-h+DLh2CGU560Q=#{0~XKIg~-eVBSV=J|N)K{pr2G1|wjuP1c!Z|a@h z$zLXYn4(Z0>y?b_&LizgGgOLqy7RF-xoc+5b?2Gp2%2*n=9wOlQwEC5NRt!AWu&lv z_Vk?V&I@f@7wy>=N5RJo$T-390 z-i~<7P(D%RyW%`Z<+MRusP>0bjDLD-7nCL4C$cTximttqkQHxrpf`kJ|Jo_md))_W`#zE5}r~ud9qTs?Q$jBMo#F z_;-7=((m?=75m!t#6Dk+-~#+RPGYfd9%M7f9K%sg%s3@pW*Sc7)ils_MsWo(bOz(h ze_!>PRhKW8zvE@8B8Cpjng33|hFFL5@zhZ~ff)Leapu3%uO&u((d~tQw=X%zQ-`N3 zX0K=aqnu`&iD9!9XZ|~z9mHC;3#p@+?@$geR!o~`DP~bzObnaLaOS_Wxty4V3U?L$ zxt5wv#_tM&VZ96qF-8Q>SIp;fhgnrV8#UYj{QH9ihRYmPpUuwcv%fgJqrrO`j9YZ1 zbFjfP4VL#zwSTgapJVW4248D1$3mBeUmN_8!A}~z&fvEV{={J6me%xC_&NK+Ev<6l zmR7teZsaZvTN*6f(yAj|1&W1RTJbGL|91wzWUz2ctNtfO&h_jrUg4Hj9pRQ%e2LNF zUf51wxTRI+StA#2X_X7NwBkvLTv*|jR=IFXD;92P#lkJE_*4^CxTRI@<>hP&x3tQI zTUxPjODh&`X~n`Vtys9F6$`htV&RrnEZowHgoe)mR7lNODh&`X~o|& z`ob-(a^aR%EZowHe{1xGTUzD9Ev-0)LEq&?xTRG-#K@}+7H(>xTO^fx3ps6mR2m>(u##!TCs3TE8YeV+O95yTUzD9Ev;C%r4>xTO_ycQ=i~_fHpA zxTRGt+|r7LTUxPjODh&`X~n`Vt(ZGUJDV#EUS+UwORK(cODh&`X~n`Vtys9F70WM- z6brYsV&RrnJSoVfLAa$=&aGQr+JswL<-#qkSh%GX3%9gl;g(h`+|r7FVQdPww918B zTCs3TE0(3ZiiKNRv2aT(7H(<9!Y!>>xTO^fx3ps6mR2m>(u##!TCs3TD;92P#lkJE zSh%GX3%9gl;g(h`zsFK6+|r7LTUxPjODh&`X~iGn`OB5Ra7(LPxTO_Wm*jMWTUzD9 zEv;C%r4>xTO^@$Mc;_vv5nRT)3qb3%9gl z;g(kXrU@(D(kd5jX~n`V?ey`m=;9J?X_X7Nv|{0wRxI4oiiKNRv2aT(7H(<9!Y!>> zxTO{M!aJOcSGc8BF5J?Jg~P#lkJESh%GX3%9gl;g(h`+|r7LTUxPjODh&`X~l!^a_GuIxTRGt+|r7LTUxPj zODh&`X~n`Vtys9F6$`htV&RrnEZowHg>xTO^fx3ps6mR2m>(u##!TCs3T zD;92P#lkJESh%GX3%9gl;g(h`+|r7LTUxPjODh&`X~n`Vtys9F6$`htV&RrnEZowH zg>xTO^fx3ps6 zmR2m>(u##!TCs3TD;92P#lkJESh%GX$0~AdxYXeO1`juQdxL8Yo^5cO!7m&9p243Q z+y@^`Tt5pV4{T;I#$| zx3uaDx3uEKz+7I0TUzD)jeKi^YYg7SVBwb5u-gpE*%WSRmG5iha}5@5Y1KK)$S*ed zYJ-JaTJ;|>@@EVdZfVsKZfV68_}1m>PPnC2F5J?JgYr%Be$QaxpH`jwDc?M_zs~3gw>0kMbbmJT*ih)Z@AJfJr;J#q*9IE- zNMikNUu)!3iFIz}Fe5*LSm#h$jQnhauQZtHbM>1rm{soNc;$*P=SQ5J$#rjH~3_O7aM$*!RH!$g~3-F%=JAkJzRt1@NEX)X)w3kaXOD1 z{EWeC41U>QGXJ=++^omp&kZK&o0F#uE-^S`F!%X!`oj#aGI*@PI~csP!Mho}r@`Fx z$BlKf3~n-*+^$Y1pKVOJCpkpA`zc<#qx&gdAEWywhcg)JCo^r*2QF>&I%A+J)=jiU^_{kEmrr)Kl zf>_hQ^gAr+*EGoZrubRbyQbj{;v@pWN!!qP@$34?{&B==|9w;DFCuJjwetb7+VP>| z_<*y-nr3o-J6xf-2=Q{Bi*n8-4p+>T9^9CWa*oqncSOuv)lQ1>DCSL8JPep?j;J#d zct6Fgp92+d2RuXZWMH-{>T~>_tC-_A_Z*{~^NpNqBc27km{`lvnBW5+>@ofX?wds(}hx?YiLU;MQGW|4lQ7j zB~6pG4Na4f1zKdOP^2ss5EKxw1!NUuQ$hKFu*o6_A|fcrsvxo|D(lDpdER;F+{sdk ziu(VM^UFQwnVEOq+2_oebMihr66>03A7Wj19ZaliGvS@(K*PcBN$na>?svnCKfi^w zYeo4CsHw35)>c|3R#jDPh>x~<>eT7eAy-wkVLsaLY>)KNPuSmS7-^JO1%sR7*x+dv zy5k*h#$jeMGTVhY7A&t7U~&a#?34RG9me7PweL=TDEKfsB-}H6zBUSKQ_nwDWMoHf zJaXj0!yepwdt((|gut$bu#HV&jFd)_QE-5S@NI1Z}U`P+{=A$|CLwNLC@V4`LJ zcDY}*+TjcCX8eT2wX7nFfY~nN7@)@`xVrqUYr-fEuhW9li%2B{KG&8031iGRGdRNt zAKLOhXyVIG_W)<>$%p{X)&Zz;aJJGIC^%cc0nY+wYX;H5+1iQ7;B0*njRnru#~~?( z^g5uhz}d=IQNr1}8X)0p-57(>LPeId^#CMXWI0>&nE8ra&ekH!*-DavBFowO9vzbb~rw$5TL{NtRhwD?`5oUId!fj=o{Yw_&I(M;JC zGFH6f?&xgZz@_btUhz(k0Y|_sig)xfYthujyIcwROqQLhk!EE}s*qeo>afjF&MZ4d zs)f_Fmt|i_ts<9Gl-&&KQ)iOKC7orrNL@&(_}DAk0he+)9gg(M%2k$R_GMJ*=+dB0_zqZ|y8IqovyU<#*HE)JaCa|tttlidSYAi8 zW0oI;q+HI{)Q#k^ACOMZdW-SDhGM53&ers9OeOL%`(se0cYg#jnVnJY^gqkldJ8g= zIoaP6^Tr^4HB*^6#lHZKm^GX^-Iv0}=c5N@&i3ap5Aj5#oB5VF(lIMPbGd&fqm;IF zHhY9@XD^orCd&KZQlgnRCFuO=~)7qTG{hBmCH$L+pY4KDQaSIcB>4S7v*ey z6}hj>-0AOyoSPh5&Q{5>k35iketQ0amU-tjv4<^}vI;BCpKAVm5Maa%?$UCC8StRdQ@OTP4RX zXKSW9_!8nH#{+OFmy?_0q3}&bBXCaBAap8XYW;3N>+MZ>If*>Ij5Sg1#QQUji9QZ6 z|4!zf;7ov+9XfMwz;^KBQ!zd>_e($&zlHTx=7E5H<83dZMlx^7&0-s`@&v|vP&r#O zj|IO?lv&PJQD!+?MOnhxdJB|geiK|{a`Iv@6r;lA#B#PuWXstqkrU3=@3CiE&eqID z;rt}BQ`t3*yXTeoC;Th7)@SNLcW z*>bi@WXstqkrU3=sZ7~&wq}lw%29!)%$BoNBCk}=R*9T&w!Y7K!E&}{PL1|RB3sT@ ziEKGrC33>qx*w+Y%-5r#h=VepADx^;ww$dJ*>bi@SM;>vZ&&Ov2fkSza_RiETMs zCAQ^kmDmYqYa=`NaYZ8#XYiYusl}ZDLw3h0vtG{D%;e%9CP`S%R!PEgwn`ESXRA;F zTF%zY&c#n8NhF-Dnc2k|ESgN2EoZB!w4AM?GU06f8>%~FIa@RHi?={zlk0@DHM3vw z!HG)C*(xe6XRD}8I9q?l&UA=qLPg9^9a~UoIa@Qz*($Tc0m|8GR4QkyQJI<}vqR-u zY*)+KnrTe^JW-i&wq_bqoZ(HuEoZB!w4AM?GU069786{iSu`P+UrvoiWK-~jvo&*M zYX3x~oEY-I)H$ z**cTBU;0;Qm?67zbSP)*9hA?duf@fyTtY{}*_s)W-U73hNlH0eB`M`>m86ujRgzN9 zR!K@ZTO}#wY?Y)eXY1*#sD!gMGdBIrBq`-=m86ujRgzN9R!K@ZTO}#wY?Y*xvsIF^ zoUIRWCP_G3Gy9}}iKI-6TFzFfe#_Y^)xUnuR({2oNjO_GHR;hXBk9It=Hs3vn{bW?4BTE40E=+AJhS zQEnFUZyp@4fm7B3<;H!hb!WW+6(wu`1n0nJujHatjFIJcu_c$tQg>j3S8^$R)7ilo zJtddZH}*1hn3YPdpqc^WN^U#>Lp3X`oj>5p!yDM@mE6QwQTA0-PRWlLD?RXVujCf` z##tobmE20-ih=bIzMbBcS#Bzo+(GaBz-3(C9c=8NUPA7tI!zInqSMJUNRr(LZBNhD; zXNg6t^5t@3G7d`AK{~`XQF@%{DvFbc5B9$dv5NQ=G-kNXDrYO#&Dl?fv-Nm%>TGMUeSdbiopF{9*9=g;F;B^pM7j7SPDpnk zJk5@>QAPanIdE*u|Er5%VMpG$p$;rS4D<$6#xLHC(CkNOj`;WNp?KPFSOH$374XJm z?6K$y@$1x3NzT@|)qfax&>8R^79Z|U$9|?f9mSpc1iBqYN&Hp+Km3$0w zY0yEzVL4m3!~HbA+CLv56*1o?#Xs_|gQGGYPRD-*XKTD7+Nu(TI+- z63*72W6p|?jdBpn%*Xf%-q;JUKod<;4YtQ8?XQLAh^Zf3OnPbI$h4z;CBC3h@?vw z)_K9*{yONasDjydFSy6&&f>X#E<^_jej*dbu%N2(2rszT=dz_L$nl?XKRXMPB~kD%f9iB|0gIMv=mvd2;TLF;C-2C!w=ma^l5Om&crMn3<+wH!XW-v zPDS8wwg$rkr^|dQoUOqZg13;?u*EQK8*CS_I}d}w$zc0nM|!t(c6h<8;6`AW8}Ngj zf=ayNGOguswg$Tde4_FCkM)C@!BU8rPULd720I3YPBceSt*BbO#0z!}jzJ%)@TJ%6 z7SuyerC)`B-2?WZypMmcW`iha>(1y3fpWI;{cS~1AAFZ7%Ai^jI79kV;A{;}2wsEo zL9;QDR0OMn0eGutQd;e{#Xrm08eAGIhi20Zmlc}f^57AqZkpkWUL1P?PC zGVQsXt-*J-ig~{et`@0^QVzyz0zM2(iXUfh{$9Wbg_$6-gyY&^J{;SdCxmC9R-PD! zdzCE|wVbWNox!xBNb)i)g#ydjdJY{w3C1B)RbUc_!*aH6#)w%c zhk`#M<)N5@wg}fC9n--a&emXj$f;=<%%gh2gpfUK$O0x`;A{;hhmR#um9upO`;Eid z8cYc}eHb-U9W@DOYp_}<3QO^P5}X{qisg$}+6H`z;Hb0__|%XO2WhYWJ8|&4U}Y6V z8rs^t;E%y9hFZUf8N+K+c5%h~!C`|eu-?;LTwKhEl?h;K(v4lHNuE6nzLQn3T$ zvp9XaoUMTuQbE47arr_l4a6}F4ot_!QB~TqycX{qC1f-l5HpUka6rsB#>HGZ29~pR zJm+PXvo)}st!r5x%h^hbTXjr{Cu4>RENAO77S7>p4JL(i(IDGb$t1FsH0<&qH;@(5 zjk7h_Gvte#??<`Is4wAc<$q}h31{o3jF)h>K0wKYvvn~um2kF>WxOv6E9|*NIr5eU zhlFQTdER+Nxw~1L31=(+pDjo@TQ6mUG=w`N)4wjx@yR>r#@QM)h3lYYaw@kUQ%^Ws zD_B1XXX|gNCE;v+g060yt-)#1PajLMZ+XF*@J|5GrgBTEvm0k?aC#VEQhPR?+lOtF zaJD{9$%M1@9hNBJY~7kAGAymHmgH8l3<+oJqf9U1Y(0ir63*72a`+~kttWBFCY-IK z7?yChE@0SA;T+_8b)5S?Q%E>lH=--yY+cRyCE;xSG1E&pTg#{=;cWdYbCz(nrWr5c zY<-nFpAJ8O=Xc^(lIK31_QJm+e`E31{mK%yq)qx{|GuaJKS)or8q4wUqrc;cVsqcm~}# zTZ7j_J`BDb=XPKU31{maGL?i=5cX#5MVF(}*sEp2-qedufqR{Ge`F@~>#Tc~ad%nw zAg}DFz_Rwoa+Ut6=vO$W`TUZK&h&5>9>i{^oUNmnP33Go6vdfd8l08+>Ilw#&5OO@ zoXqox?B(ucizJ+_cd^YA&emt>N;q3@VSOc>t$eu^B%G~Zpq7NQ^|#DM!r4mOYk|Yr z8q7`KjcmlC!E&~W0?XMdebjQcN*7HyTgkH;C}-=wY%=9+{U$ok=-`5M%}8kG>)60@ zwpOz#EobX<>_?Wf^?mBHoUN~+G6Kul+Mk`)a<*nzHp|)i5({HFTeo73d^R~-gN6)g zGtH94a<)plSk6{y7l*SoSehXXWgM?y?RVpB4Vp7sKv{ltaCGLQM62a&6|I)DRkS*s zt-Q$MVYfo2qE)2f;agc%4EJM!x{&iq>mzO48;76L<)YJa)*fjd@FI9{eWc`}&xL|8I zo81)w=`jevuGB!!l2&40D(8n~+3bw$Hd)5amL_4-5j9q4(XKf7VnnMHHt@&QVo_dyi%Us<5XC!6Xa+SNKPTd9zAtjnt!BFBrwj zG>UK&3hL4A2Adk+bZ|evfARMDb7o7ujnQ~$9g>S~S|A4<>yU?T=EmPO*Gm59_x&cvgf99X=0po-*$(^qe%%uz;wmvaRk%nOHB6h_ytVvwFwGxQ1$e ziQs)p;32$N+3s|k*tdi1e!P5JU=1%;wm`QzAHIu4V83O!aNHsq&T??htH#eE2IXvr z`wWgq&OEW8JgDA1`ts-Z?}7I-A4>iA%Sv(ffsumeE9aL-e#g%iV`YJ@(tI5)9F>-N z($GJmT0m4;->?WbfzTnXL@irEC9Q;H;$uiF9UmpFbbJhHrQ=~qD;+PIYs5}fL9vil zI&LMcgpb2f+1}CC*t{4Kr6&|25Hs~gewacJwPcg247nIr;6F#`Z%7_NMVa9}J|T15 z!Vg3E_~9`k5ekLmF+yA!2`S}qqQ#I^$~g+c7b__o`Qh57B2yxim4U=H)RKYd^zjjl z57tK#U>a=cF3aH)WXi0624nXB7f#5IHZsJkkxHdq0x?s~!p=pD8rr~0)85|LA_BrF zRo7Gt4i$*kHni6)1bI-MuoTr`1FijYmdG0R-Wr+|ZCun?CyXwrpBn5B*Ris^#>2I; zWn|RUb+pw;h1PhDbxUenTbd~PFJ_5E+kso9aan7Vx2&_Nw!YprzBYADYi%27?K&FT z+P(HAogMWpM>f}hZRrTgnes^=SXR5dW>H(Mp^q~Chn!4}%{5vSEg5XCqH`=~Y!qL$~@T}?B03D=Ji#pI46`;|!I%Tftw;-1202VDHLXkQ+9%f>(Y9!X z*T}RIe_@qjHt56u9np@ysJ5}m6AQ3)oo!xiYimQZtqxljmbC_?L7mMVXe2ZyH|I1% zwVfSHtnFAR=8#xEeOhy)G^~t>rk3W#RdVV^g{s1J$p6B+hUPjmd|EK(m1=_5%W`AO*_ z(Tqu*vJ+Ttvw93V>1$~HmbQ8sQ>K&3jN-L-Hg-UqearL`JDi+piZg=kE_NDdtQTUq zg44q*uZFhTj+Qnm(%xdauemGKH!f~yM=!It2t%3$hB+CaNd#tC=LRe)BoXNQzsV74 zXQtZb`j%y^7Sl3?37~tGAJx#-;WUD+Tr5@96_k^`^YrMjQ1g3JEVZDzh6H%inMcb#u9l4x0y+#uCaqiSg z(uvYpJt!ljX8dyo$bS<9WDn-Y9{r}Ul(A#BeMw7OM-_WdT}|teZPUHa`5l$nyar1m zFB#YWAfIFR?vJUoqXzFvG3Pe5EY?Z4z4539PgdiNvRdhAYRB}s$gJran;SdqJ%v{3 zDJ*wuqnMM6U7zXtp!f2mkv9wXc2Zb+$W(!4tK4z0Btfs>+H6TfQ&Wpft~ZeYmrt04yDftX=}JNDWL@Lc%Nk!>pAX5nG5jmo9i6>0!AVx$(vA5W4}!IQFnId%}Y52^~oKEFqUsaa(o5UGhI7G z5R~M-#liGnfO3q+bp(D)hh=2Fd>ubmAN5~?pFM0{tbvEc3|j?#Z{kXQCHPr=*8@|Z zJ@Cz*x4=4ZwK}eLFoQdG!)HIZQXlhW_1y*R>RS%SNql>xhYh<8ZmXL?V|NFKTcy#5 zw_l0Ahk@_FRBbLHtcC&H{Ew?VDkonBjDdp!&sg_ z;b-FjdRJ_LJQC<(!(M~i)wiJ5@bgh0Uce;f5F1|_mzPJNFYmamJ|DoIrxc%sE#NhDmr2 zxoy5+rsbY;TSE>T-pO$YDzB-!I{353A3*?bY?~&9{cvuFerAvz+k^yR`(<=ZsP~$iLqCVDA;Rt*2p|J)EM{m9|`zF!I;PpvC7^pY@7d|<4j!(j0W=p_6-yh{4 z;lyXVxMQ2{9eRZGr6G??@avEIY7&<@QJ!B5*n{p1tpiuOzth8gQxErTJ=}(0%)UD7 zWBt;7lL8M3x&tIj@MXFe%|%Zkh@0KrHJPP}`t^S2(mkNCxW`+t-tTH;3%fhjSkEUI zl#%1g$A2N%!`GXk`0Iqo-f3-UvL{*_Osq$rgB=HM6^RWdMzg$447T>~0KH0`!`Q=# znGP}kON7U6_*G(2a5S!mDLxxly2&TN<2d|?8JBYdG4n{A)vmZX{h^1ij;9bqhIuE> z4#f$_4E!iV{W~e%3)g*!A&)=7SuNv1D#NAlLY1jhoZScj#}W83F6)3e%S_=|g&+N? zia5(PwjQ+i$FeXzV(R42+69yP)G3AWtsP#D8H+hyh*2E5XHd@+VE(M0>BJPkF%!R> z;#m%!qnLB--in#@e8r`>GMcqVCjCJNGiM!Z|BEw>#hgui3gTd%eJa7hJX@KG4xZ-V zZ5@myNg_Yj!3R2cfrF29@Ja`-aWLlvn};hLe4~Ro7g(A59sHPspLOu74u03cvgXjb zs`3ju$2&O2P0OYwoLed{oLh>8b4xMp09yHD9ejg>g>y^gg>y@>aBe9U&Mn17Xndy^&g>y@>aBe9U&Mn2X9%SR*;9%k0QW@dgQY@TXihu9O3+I;lABh2D zb*^%-aBiv0O^*NF4yK7E8&^2DRQ_$ppX1xglsQ;9w^Uv@w-gKKmSW-DQY@TXiklrh z!nvjX!nvhbIJXoF=aypO+)^x@TZ(_-=oHQ^^%u@9#lpFzSU9&73+I+%emHE)E1X;E zzo+9boLlNIoLh>8b4#&sZYf^p#J$GB!nvg~!nvhbIJXoF=aypO+)^x@TZ)BqOR;cn zDHhHx#lpFzSU9&73+I+%;oMRzoLh>8b4#&sZYdVdEycpQrC2z(6bt8;;^DX%+qxCb zE%g`9EycpQrC2z(6bt8;;?<5G;oMSx;oMRzoLh>8b4#&sZYh4*(IcE&>MxvIiuvDt zHqXMjrT*JE{=&JX{=&JXSU9&7FL&gHb4&e&b4#&sZYdVdEyXlqVe@c@gN1WTWrTA} zv2boFe&3N7&Moy9&Mn2lxusY*w-gKKmSW-DQY@TXiiLAav2boF7S1ij!nvhbIJXoF z=aypO+)^x@TZ)BqOR;cnDHhHx#lpFzSU9&73+I+%;oMRzoLh>8b4#&sZYdVdEycpQ zrT7x8FKk-~=a%{l=aypO+)^x@TZ)BqOR;cnDISfh)hV1?>MxvIiiLAav2boF7S1ij z!nvhbIJXoF=a%9HSQp#0gmX*%g>y@>aBe9U&Mn1UW7@dFxuyP#9sdpo3+I-~taJQ@ zb4&e&b4#&sZYdVdEycpQrC2z(6bt8;V&UAf@>nd|d@E6W4^%u@9#lpFz zSU9&73+I+%;oMRzoLh>8b4#&sZYdVdEycpQrC2z(6bt8;V&U9UESy`4g>y@>aBe9U z&Mn2yVR3KE{+fe@b4z7}b4#&sZYdVdEycpQrC2z(6bt8;V&U9UESy`4g>y@>aBe9U z&Mn2lxusY*w-gKKmSW-DQY@TXiiLAav2boF7S1ij!nvhbIJXoF=aypO+)^x@TZ)Bq zOR;cnDHhHx#lpFzSU9&73+I+%;oMRzoLh>8b4#&sZYdVdEycpQrC2z(6bt8;V&U9U zESy`4g>y@>aBe9U&Mn2lxusY*w-gKKmSW-DQY@TXiiLAav2boF7S1ij!nvhbIJXoF z=aypO+)^x@TZ)BqOYx?7D7F1rIJeY)mg6s+Tk0>ITZ)BqOR;cnDHhHx#lpFzSU9&7 z3+I;N2+!X(55l>n{=&JXSU9&73+I+%;oMRzoLh>8b4#&sZYdVdEycpQrTA_q55l>n z{=&JXSU9&73+I+%;oMRzoLh>8b4#&sZYdVdEycpQrC2z(6bt8;V&U9UESy`4g>y@> zaBe9U&Mn2lxusY*w-gKKmSW-DQY@TXiiLAav2boF7S1ij!nvhbIJXoF=aypO+)^x@ zTZ)BqOR;cnDHhHx#lpFzSU9&73+I+%;oMRzoLh>6szSf2aPY01JO^y|{r*CKjr*P>A8k_b&k$=qbB=$N zgEu2q{o{eDe;m@9>BtCImdZ3Z@+%y?#=)04_znj@O04;L!@>NIIO{*g!P_`^u7g_~ z%zCl)7C9J?Wr;tQs$#QMv=sQTaO`2XC&e3xeBDe7Zy zg$EurlKR9FIO)%_*R48buUj$W^wmaGXZ3T7+2Y^$1$p5LQa!(ezvYJcql4d4974z6 z6f+9Bh$zo=!oXk-nUrFdgZs4n$8;Vv&_;}{E{|M9#C*rNgz~?JI8<>aBfr3NYg_Wa+^_MnMe`#yfEf1E{w(led&m`8m zo#WvB9K686O%7h};8hMj!@(1$ZM}7sb8L_=q`G?RYLVYCUr5Bkjt(^i7ryNnE^mL( z9(TN%nSB3WQ- z`{2(gfga({;C@uXpYa_umdl^90~%QQGiZ)n`7_=_w^9BKTE0>K48E9A{*1ptjpfhS z2>UsfKjSuJH{s8C4^b2TjCWA-zWFoGWPHn?v5t<7QP@Mnx*Wm*1= z|3#Di6Z{zuu@aR(;|FNqzn4Gb4D_!J@@I^}RHFPDXR=cn{tUjLvHThA7?wYSeZlf) z+yM2KKZD)kKgFMM5bFQq_%pu9VtovM#&ndUPyUSGV7M!P#w#fIKh2*p3mLKe8RJmF z34aD_IN{HjkE9a*j9<`U`7>Dg|6cx#+c76u{){%{KH<-h99#Yj$+6|nkQ`h749W4o zl|N%Ew3+44coLm5;m?p9TmB5mvE|Q@99#Yj$?<=fKZ6}Q;m_!g@tN>vtijyAe*TP@ z@p|%Sh%(EcA<8U&hA2z;GtS3dp%;IKM7I1H64~-+NaTb+V<{%OUi=vn+45&dWXqo+ zkrV!mZCR+E{23D2@@Gh7%by{U6aI`>F%$RV&ydKLKSLs0{tStn@Mrv7DmuIf698B& zls`ivTmB4*yi)lyByz%^@qMP;lRrZuTmB4*Z22=Ja>AeSJV$&_{tSt1`7=Vq5+U ziEa5aBzD4|@g~+8z4$X;VykSBKSPqR{27vj<-R{o5KFpFFMjG64K%AfJSoUoKXV;E(WKjUHEWtBgJG$aXs#wK+1;?Izz zls`j~QvM7{O8GM+Ddo?Qq?A8Hl2ZN*Ny_qP4B)8f#h)QbDSw6}rTiI^l=5dtQp%qp zNhyDZB&GZrl9c7o*pC(1i$6n>viuoR{gyvNs(=0b8MD}Hdhut7I?JCS>MVbTs4MVi z?8Y9_i$6o6TmB4*Zuv7LdVxRV0Nx6E@n=YM%by|9Eq{hYFYsrKVCud2GbH*3_%q&O z%wGH%5>xpz4rj$Ee}?IL%Ac_(Cm7|=;P)_pH-E;%cuM;Z@Mla%UH9hCSc}n<@MlcK ztki=)<6Oq-#h-B{D(4gPXPkt(?t?$$7}R4Q{29N%&`$U>NIa?h88j98ck^cqVu3zI z{*0@ciGLw~#!PgLPs*RshQ3$e&-fa0){8&mN;Gc5pRpAkmOrB!ONxX)V@qo4lRpFO zrUm{C5-5LW_%pu9!YF@6J!|IE;m_C(o%-LzpYaSz&?kRJ5uPBFKZE;=mOo<HxSv@5jPubBmOtZitoQon&)`G;zk)x5)Ww!RgP+s&&7UEu z|4aEZq<%g*e};(vo%|Umql2u6KVu==punFooE@eYe}<&_$@w!x{O{z?kSzAipCMT+ z@Mn;8)$(VY&rzWK8MJTLH-Cn-;iti$aTo5>mOtZ{(qa4J&yeK)gZvp%{U6VtAtIj^ zf5tUz5arJZIXNnS#?`pX^v$0kHS{U+XZ#eMxNrUpN$EerpCMKJ_wi?(#olcBGd9C5 zXZ`#c{0_Poe+G$t6aI{iWXvmn#$Wjk%kpRZUdFicXPn4caJ~E)jcCH&{25ZT4e)31 zA3yrw&yc9fpK&?+%?9{0M9rtlpCQKEEq}%XtYpidaSr=#pZpnXSq+vyqm?DI{2AMF z`ux}MXRP34WBD`g=S|e|XPm(7SpJM1*b^*&#^cPJaZHI{XVY5#jLliN4fAI_%nDf# ze?}c|#0h^!j+sdKGoEFWjOs3qag_%2s&34g|pY}bT8BV<^@pCP;y34g|H zrjYPw+{HRe_%mj)#S;FEBbi>ppYc=95D9nNGWkpSc3_F#vDo}{29AZXTqPcl078h&yWc-;m?p6GvUv;hxL;1 zXDnrD6aI|N*(wQt#*s`t;m>%D@e=-wpRmQ&!=E9x{1g6+rOerz|3?0d8<}n8&v=&E zRQ`;YP`LH*XBCo}83(ZGl|SQGyqzh3#ykvwgg--`cPxL#Eo@lJpRt7f z$ns}=g}N+%#zXAUmOtZMhFJcLpRjC}KjU5&#`0%`tdY+)e}>$gEq{izi{;OdcIk^h zV;bj_kLS-2t(HGSv|9cQ(b^Y(#ymEo<6)5*Q@YZ+f^6^h8<&L zc={J~L2gVP42o~W7(6y5uLJ&*hyRI-fB*j>Tx0jeX&juJ9Si`HjLrEK7^8YyoQKg} za%muGe9ppPX(EKoA+LlD;ut*0us4WfNP*@7W}Fa`5I_tokVk;yR^tdO!NwXQBo)Jj zy#g&%Rgj+!=LjLHNVJXY$+FO$gF$H#gk9p3^Dp$IOBieE5;hZnF9SCRMT6H5tP1EK z6FjALP(B3o86NDC%5xwl2E2oLVV{h=_LYm)0?5IR_OSx|&=dm?Mw z^uykbG1djb&3AENZJsV7O?~@N)zF4RviRT06Yj zCK#$MSa2*@tu;2=VYBjc1N`VSf42etf6mzcf2U=A)bl@TO24}~akZiUxtaXW&E)?F z&E)r{cj&z?5aaHcWWhfG&KRMsXl-a{tD(*6Zag92t!OzC*6%ypYrz%ZH7qCD1&kN( zdH^SHW2LuXxc75Q`K*!Nmhw?m1p~^kOx z@axcub-QN>4upHat7~jsg03nw8Pavl>a4k5czm=*X*Ru^oo|oEqw6|^)`pFw=D`yR zg*rph0;ZUj_6E}DG&F+s!M2ai^X|e?txkV#UElEW(9j{*yJ#$Hy8Y9zuK%AmqTi#R znnx=;`F*yn>;HdgM&I6Z93qlW+g$$VcJe=6JNb6^hF9!JB!{(k&pjMI?c2Q^Y&&}1 zKW4MOk6Xznw@=?!) zcT>03Hyv*Gu+6^@Jc;o_Lyq;y9e_}FhYiUsfQ(xX>a*PmFv*XkA86JK^KJEg8`#yi8t#Wi%n_zd}?3L1)gx%_3`X9Zip_L%!VRhUL?56w3{-C6WAJfI_ zl_XuhwX$&lz5AiBia-w=b|2iXzBy<}7MJ?CKg=-pm*?=aaR9wPKp*#o?P0^7f`_ZG z3Hofi@qhQNzPEvG9O`%%`g9MO&Lr#&U{~KN=(FvH>Q3}A0`=Lpe|Iz3CuRZkU>JYd z9&%f5-M77W+L=$;$hhtgx#^CZx_FFHea7W^Yaqw|WDhGh0>CZD6DWrrm#iOKFI)D| z_YLT?Wui{2Z$b}!FG3&X*lsl8Z1u6u?U)4g?t#9URtek|^6GR;@2TxzyBVGwo3@_W z-gtG@P2ad#X3W7`4y(_)?bY?~ZSUR9A@#d8MK@oA6^`Ea;N2RhJV#*R=xzU*#5g)I;KCc5E-bqeR#Hb;Rw-UY&RaP@BWzOzaTDiV!eOt+k*{0rLF(D zma6?qp3S^fiFcY7XVsr>+N5EtFfYUm;?LTaV2P~#3BC@p_H{-$c&uW!Hs^3_%Y@^= z+O%fPTTJ^N77r%I`*t4GY3*TCrvFbnpTPiw$h;E-M}XH4eVe z!B;r=MhD;K;QJl?n1i2n@T(4f*TG@~Tk}(eZfDCr-oau6TV-fl#ma~cZ1oo#*owsl zwqmh?typYeD;68rip2)DVzGg(_+2M0v4O4rVgp;T*uYkN9y)@}+m9S9Hn3IZNylGo zV5`5_z*a0auoa69Y{g;&Tk#TfUYnNKz*c{;fvs3Mu61 z6^jjQ#bN_nvDm;?EHZ`HwzK}+lDC+BrvZuS{mRoN%O=LH0Pj~xyNC^9BQKg`KarVB4wo+^3{AGu%R&+j+KUpRN^D9(j`dwlHq{GfE_^E6 zw&>uwPp6@%t>NhEMTd+4du78hBNrVyvfaI8Y9yaixv7gt5>^DF(+f;FMQudz?xj={n!&i;3N^r-`}sl<(nC&bg7 zV8@uxKCojvt{*NzQI7w`6r`SlXTgr~c8Cr;#?K;4uw#54w8D<@UXbj=j&T*ng4i+M z1;E%bPDN)RHKaik5vhn9S7cPdk7hjlTvHiO!8CM`DQK`QeLg|?1 zxucEzli`R<@vRxk;9mttMcf}{j%NCI!%-Per(+kN13&MT9e_(YPsskkxTK{Fjtihq9aqEjUxig!ZQMyL6VHK+85+9oer<8#A* zAJcq7_0I|MH!ns*7DGVB_#a9W1l0;deSOBB`oHwa0dQ(mqb6MeL2a3#EQ zG(i@9H(+r8N20QDPxL2KQ~g6Hl}ZWFR0f1hWwoiPf#D&Da)zlXLP_N~FQUvc>qe@7 z29EM!IWD;y(1D{PLI(F=9=#Ag0$@^o$xZbSp;NY3B-J@FcLAb5hSEN94t+j)HDs+X z@N)OCf4?4{2yK;*L{p=kQMdup?9-%E4qR40)r+=5Wy1e(jMZp*#46{DGcVdYVl52# zA!0`}BK}M2fOfX-HWBkV;6MaMGouy6Kf-M;+BRagz1-I*^o8gtI0miuqj}LM3C}G zQmN=>22rJ>OM`v^-@&WXmyg19nq`MbUqj8_klnrXwWg2i`e7eV)2q;95QjDi(k43JqV<2L<{;p0GoO5f2r_?cq~yWiHlysZU?w`YQTBMiDpF-nxXP@R?A)UWFZoT7 zMI7Yh#b8Ae`S$@csgYlHBU>xkx$D?7{}{|MkuM5=m_)uLbc%6l$nt41td;ECZCLY_ zToH0%gOsle#mF27b;%8(lkM-jk*$^N+y|HnOKuA9G?BZ)NvH!;<~u_t+jqN>t(END zAf|k8_>qZxbhIpqd~D=odu8Ng+gi!aUB{G9h-l&#**-P8Dv7)%aB+^F5HQ8v zve+r^R>ikMPg31&t zg$3U)Rf^%SDpO9uzm%fo70u;AY9%{&25%jQh$g6POie^&Q}DwQl?|x{iOR((r{GId zgAt%At(EK?&197{izcZ2a_aa*<5b7HWsO%-DtDp*w7*$WmgYn^;5X1vQl94YGT>0$uuCe^9J2$CChnJJw;r$?0!#X* z*+~YBXW!1HS#MtMZbq(5-;N8D8j?OaNouIvLQGP_(wsLW0Z2Ijasm)}{H%V=t<}7QH+9J)V%Oo`}&H2D2 zH9pM|Ws;hZW~VYqO-!?%z1)vkfs@kTKmu5;mh6+>676m}$y}*Gow)atfG97wkb;$L z-j#Mh3>jZFUTze7%@@=BB9Q88(#I$2YNe7?U7f2gv67u@;_Y`)dT)(>b^4AZ`uE)2 zT<1nltYqhYh2oXmn5H2QrhZGB>n>B6Tiw)eccUj(vU8J}`km>A5PcY;hnX3OZaPzx z;eZ*~QM=G9Dax?K1M51xlHv?A=;d~2gQYStcnMF>d9q}wN4xU4;JL?Uu$gbT7&LPcS_M%mck-Z9aoxOzXp=d~h zm%Ws}>Ff}6$n53xjlIls$XWIZsu?^kd*gGsX8GMg_6ID2H>B0e-o#i@_EgkL_D77B z9&)&sy@kGU772LSTj^Udq#nYz)4MXuPrtHv&^te*9@2Nwdsy~&RDTb>tA;ef`(ApF z&dv+qeLua&V$THQJo~^wkj%_Qzt6t-H^5Z%A(sOF`)( z`Y~tT;5dHc=Wu1WfFpiOnh%v0|CynYR9gHOW+d%p9!KHhzfxcSIL7y%NG_IWfiLk& zmwR#KOT_qe^u4%PmgH$Kw}7H4pSxQ9hsCjfG~J`oxbXnlBl6-km{8-9{x=a2#kVnJ zk~q@w&eSy1zm8E#mvuII@xlI+a8$%8w0_*=e+Wlq`~frfEq^K&sClm+i+Tq9r9YMv zp-NbcRK&FV5mIBf@Cz8i&P4T2!xidHikXUjXjL$2BiKvk8LNyr>M2u@E+Ew%LOk~t z3v;1A2s(27UM)T#m`J<^-PJEO!L-8c~aVSFYc;NIlIHjUBglw$bI`opb zHTbr8e+OqN?SlYDRq`ZJE`Escf!^TC z@Wp}H@W^r_Bm6yks5fM3!wN5a?N^9|$JkA9316p%!RhcXvnk6*-tceI9p#ZXe3#7w z*)Jf|;d>(>Gq@`J=xAI^>zlpM_ZiKL-@qvh<=HeH^WiNl@|k$-b;g9@II4WcE3x<#S{Hy{ymZi9q%ZZQRsK6XNQqf?X)2op<`>;4x%vw)^ia(PsfSB@^A5UDNYdo1}gq!bfv_*H>kX&dlKf}_$#;MI~q8mY7FgWk!8#{^%&m*sMY z4UY|&KhL!5@d5K4mDaU(df~~z`v}R$hp_ohktm~MA9H?qsyMzgyrHel3r~}bjrQ{? z_M+1Rw!>IIe<|)#;n&5u>Nr0?o33vJ%)lf+zbEby>YC!`%h=TCN!WBhzXyx=ZE?-? z^P5PYkOFM)=fBFPzgTKzM}K&0Eo$%5fZvkL@$;N}!YhJ{=nC?;qDsT>iff-Je**43 z;dPRi`NjE{v1kgf4{k|3tbbbuGbyvVCqA8t!hdH}5cnOlN>HHL?es}O8 zTpj8Bt5|`A_e<)_)A>4<{eghHfh*Jb@3Ra)m5t$aN&Z0A;3FbArzBrW$)C#(@*XAm zR~hzbz>U&=zQRDw}_TxqeJs3$po}SlVBTYh5;fBJ=s{AjE6PXS4Y$SoYsY z8D7lhG0eU2*zC3)$H&_PDIZKoEG2AnjHzYf~-P@n^g$gLEIl1 zH*2)213FWI@nFS?$45ST=KXM`Iq~$PKdZ`Ynk0)L$ovexWvn+7L_zqzhD$2qaLN_2 zIKK-fVnFmyhbyA3QLb1fy)Q?rAne5}+0~Ab8x;2D$*3CQnIB@A8R(M18~Xs3Ohz@r zlKlz5vI`o#eX&Gdh_-?y`)lAI#W}=6j#oy!R9)%zQ!VK z>+gktC_W9H0G8~Jfg|meO~<8NPE>C1(_diV4mhQvT?wC;6scG;cqBl%ochk7iMb!7 z`bX%A-vW>+1(xg?gnW}W2$t+mfGc+do^4>s{s!Qo3o!<0$^O@jG8vLVhtJya8-0roonSDK6!5;$qxc2N&+etZTFE<6RUb$srErf1J~oL47J>BDt@l;bF;s61<1* zik#4r{d_n~>gW3`x~6`$e*pu$vQu#>mlGc%K3VE#A`W;=aZZmG$VBjL5p?-K2a>0f z;0~X~8Hj%s_kufpK93H>|FXltqR;0KZ_xB0xW(TZpFWxDywzu!ywdiD!(p6O-a4gA z7uLZDqkl01Duyqsh2tKdyZ`6<`N3#mSh8ou3=4)g9^nP|`h2vg3i7X`?-VTA=lB&f zEZH+-%;M922hucI{H-q!PLjoEd_J9ei%NyGHv*w+k>*fz6|in zw#TJhPTZ4l+K^nB;zV=p453uC2hQo2p&XA6fVqoVk3)hw;Gq{thaDQ63WrHDN$v*_N=3Keoc^LfYORcdF9d%E7zooJUa(!j?mQ4SaDwdv=5HWh z;Rdq;M&|B9uv0K_xNWVSWv|wBs9gf?I(UP|`oYX#8AMDcnjQRvF-<4hQC={bPBceS ztr)&|i5Kh|uv#j7={36r^@vdE4@bc60eev1_i}$?gX}43=XeK&CHoVR$k3g!tfM9S zYnY-8=_P?Pq&tJB8Q_&Yh)cPgqquxHLElz%;{Ug=V-sVAf1C zToEv`*MClMN$_(ZQ^i*Xd(zib@prX~xh4;;7O9F-4#sN&KCn-U-)3+AUckJ~jDLgL zgC%>`#`fm+_#9N}{WP~3MX#4^^*3`_PuXOc1BPXs@a#X(if_xG@5 z&(;|kw{zlqKpdmvqi{2aC40snW0IKzD9KFpa$>&sq2M)W9EK@qi|}*=n(1I%$ots9 zI?g)dLrzTt7uPNGf(ape*np8teq#6>VoKD>;p0iv>X0{s0k5*(Y#H(@o_oMtySPUkX?DN+Ia9KHEzmh$oE@THjuQ>llX1QKmKPt|%B4Np%z4O<_`ERqWtR?&W zml@U+UJNahQ~4*D7i-Br{{r)3E!pS)Ldm1T8z6aeD*pyu$Ax#{@cC3|^5fF*lA zAb8n4sX&99LO%Vjj`KNoq1(b=K<8<3p5p?R?3wx*aef$Ex=RMj*>V0rrgw*gog3%p zQ_ExFZxQc;I6s$t{Fl<2>*D*6>+ohdvWeyP~=z7yw#*WtI~x+2aGV9$I; zTvx~WHcCD#F9ENM^NX3nbMjX2`*D6FtkPl0o;S#wVcr+#WyX9dmeU>1J3qdu6Pc za-Pr{ZMdYOC*P4n0hnZ$ByH3*zuY&hr?0f<+eh2(3}}ht)qjZGd?>7 zU*HGFx>{GdTEF6GJwC&I)Hr@7gDBRL{cQmp){;H9LxK}UF>bNga|phg;cy%lb2}n9 zDYFY4RVY~sNvAm}=BA_(aB}7ZWU6v>a7SimgqS7Fosy{mU*!GbE~$b6SD_%VWFJEY zN;qmp?hYl<5m9&y{6^6p9~^?QQx_c>v0_Kd_gzQIcUy?YWJex{nhAFZ!z*nxIEY81 zyLsV`GHpOMg8@AfqF#7V7(SQC9%SOluFAnO;f$93mV;%2@kSoNPTLuU{kLGIPz{|C z%Qaf=!$(AOm?^mn8|;lNLY{*2qi`!5;d~Q8ZW!lBykU4FOHq0F*fl)Z3Z;ugD~ktz z&hp;KpKyo_Dhj`1g$6l7gH-5ySqP0O3NN!lV;rF|Mre~X^aWlq+b_J!3VOv%(%a-a z3>;g`*)@FD29DLhl`Q@N#hh%z4{hK9CU7L91TRP7gmKzna8TzcG+6M5LW2Qw)4&_~ zE}Lpn7}nSba7eRpFLrX6v@ozl81n{FFuVnCA-;dXS0`eqp%wg%h zh11Ijo4f=WU&CUKW5u?@dpdsp8RsIfdIU-{ejrZs8M_4F3V<#5fEp_q{4uI-g?oGh zP9k<7!2L|bo5ChJ4qzpI{+ZQtscsjX-lV#10Jg_q7j;%D+%hbv6EUi*g&2;B*8;Z# zNZD3ZO@NmFf!AsT7rDR`L|XG3!ktdRyN|ReKb(*3^e)C4!xb zSZC_<66dQ!i&$go^8mU`a8wcN%lORr31zM>GA{4`ID1KUMs^z^7r~pPu#Apfu^Ov% zX-5XQv?H)+5T>ozAW)SgtReY=7&%1-D~*Y;kdV2AvA{wy9W6do_(qbXhq+WHAH!Z! zNSX;$Su&GD_ICyLPXtyV+G_j)Z}M7R&lFs}mRCNL1>Tlxd0i)X%35Bp6g+h;uh$Bmww6~W zA9!0Ox=}kHUsT@1Kel`nScaeP&Ew@b{6eqoWx4YL%Ua`~$-T+(v?Rx@4YrE!t*3FU zK;#|0a^PBuQbmdlI0_!XaxkN(;>TL$^=!e_YkB3WhqcP5E|hBR;m^07%^Uj+5c12<+pSg-bA@1)Fd{6^x38@q@5cyh4Z?f9|DSsr`1{;YOZ z7wcy=eqY1yO#Il+95ol>w+_F{@Z)G<+uGwFiR>6CP)1i%kJJd&JD@HrtZpu10m=OrO+g5(EB zW{Tm=Fk%?M_!5KC$$1$u{*~-kMHGYll}8DP!mp(T;9>q4CZP%=e7~Yeukka};D6R} z68xGcmvTKDWgi?NiMt6pSS&&L?MrH_tEYI4{1!~uqhQ*SEmO0svAJYEL9RpYYOCR(~D2SZImQ^T@`<^pF^M_XrmM@?;W z-IA6zud}(madC4)eHF>Enmd;X6+^-V04^td6ugZ6n(9!;HLY!pN7QyS)bQ;cL#LU# zKca2X3J;tN!V!gvZbOPSnjLSKz4ou#p=!#6=@Y7}#xHAXXQ*vG`2L4Z))slXscz=;;Qj`LweDo&Sn#&A_!VU+7lavZfH5Ib6M+ne9YX0uLbIr zstP$q@0gqrg8hBeRfsxuay5(HgJY-$OjoA8@cyW?6`5)9mhh`I(u1_JUWDPIy$03E z==h(^nj<7@9$qBXw6xc7tk=}HG&gvS?d_eQ#6YB)juowNql!TQ$7tZe00L=?RCNPc zGM3aLMH3_~j89Q(>l3OAlNRF$#*~pE1Q=d7wipEU z-5YB>5K|$0Lcj4zNv)_2!*c30TkcNut}Ux;I;f2O4H;vw2hz8;jzYPle=V(RpIjr| zsgdb1*WzEO3!{F^=~I%HHQBFGG8T?_7S!-tpfh?)_}|dAt*xj<>T`Yp+*r3z2uVB?Ve&K-0rAOXpj(s=En)fCy%&#{|V$*J2I)97_5 z_QE<07*=k(=Z;C!amZfBETaR|a%j}B(|4D%S!u^Khsnd?RVb8Es8pI7YTMkpB0Yr3 z0EUXm00~mqG-m!_Z-$N@9iLu|ioV<}H5<3t?a8&B9ZR%N>+IXq$T@+1zh#+c2#4$h z@#*kyk?=#i0EZ%W#kI0qk8GRXEywWhXlln?wg~MElBBvNoy|*a@p=)=ENQ4)N~)U0 z9Wo2D^;IURzCvZ0MztI>jYl<@F4H4#=+UN&OH)Y8F?mPIr8H0>j-F&Lrf6?+8?P4+ z6t&7sX2+r#26AfvSr00}3`I^ba=U11Y?n^nBQMGgBR##9^OzQ~d#+8r^JWYG#rD3z z8snX!TN_|nMADNznK8R-am#L|+K;ImX%2jG(OZR?hCS7wlQM^uiuSHPPP%sd_QA%b zi$XimHr5M)QNf8j0LDOV2kxs#LPw9&A-wuVaB*SebJn4Vj0`g)_RhW~Rx-oKRmg6q z)o;h1rtxs!2N~m%+BV#eT3cJ%I@r-W+m65;(j=BpE$Jj^=CmFRPWCR=cYiAs zMJ7$nlqD%!f0?95;FFnuhQG8w6)kKckU3jdhJl`Q74%7 zwKP4r(WKKBgt>aNvbOyj^v2e6JS7$GEca?`)@*My?4>ojh`@lhw-Kc;Wnq<#G`W2s zJKfg2whtTjt&X;C_l=tR704LY6?};YV<0tKR(s1^7A>-OWAb}WT+*_vVIpoDO$`${ z5cHYH({&8eL&w5j^`sj9-@UFgJKDYFdh0+f@dmB((joYTjj1;~OLLs-6a--gvT%K} zuyrdQR`xwrB_-A+sOr*NqwN^&OPd>IF;HU`Qs~rd6SkoYNvttjn(NK@K;f#B0+@WO zEWYoueWRPd^aCZI)z*}|pjJY2p=z+eF$==(*>n~J2q@g8lXm8st+ffOKrWiWcqVsL zrr}}X!mlG`I?!7cSMzOH*q}Vk=rJ8ko(nO%ig8A?JKy2EL;loJsK9ZH8hyf#(~z}*u1z2baLiS=JXRg)@9r#Q+zTb z7dX_q^)N2OoNi-@){KmqzRc}0X==>+OBz5Ui_FN}o=o&I(emG8ICSy!)n>Vq*|t#9 zAptT=)yk6-$Ca~eOHweIZ^sfvo=Z5W%tJ{XS9nQR`jp7w*c%Jege?v3Pc5MBTmQVk zrvyApHY}Evjgw`m2GjxyXP0tjz0SG8nN(Old9;F{HltY(B)zY`77Os+3w12E?D7;* z`4DI47&Etdja*8&JN3YpunNUS|V7-zgC%bR{#motCgwfeD3!c}W9kJMFz( zvul>{Trt@E@c9#eT5COLC6DURaj~vI)7ocMcK_r-1d(Nl;!FWHt9+8>>?oC)@N#RY zQE7WGRiZfEre@A095j58l_xz2m{pFfcj01J>|^BL|t2h zRD>DF-4?lK6q}7Fol@{v(y_2zp0i}_YaZ;R+F7Bx9V0DdC@PayxLtYYd$m}b{Hk^E+?LO-WDMYk;#*^`6ijCfyS0)E%h=M*?Y|910`^Wba#C$r6=l% zp&}~}?b6;2n6%j4<#82lEiz6|PG&*IWsON+up>eJ%mZ5wPxAy}J>4f}yP}~=){e8v zbBnpP*`1+~xw+ex5ARBx9Zc9>B$wyv$Ey}hHQ zrRme<-`hv`=Xp)uUjbYGJ@d-Py!xSNnkPL(<{#tYD|D+*PQmBIX=`EQPcRQ$qo+=v zzNI(eGtI_Vg(_$B;9CYcrr>Owjvn@1629zR^KYP z-NSZ;UEoQKZ$so*pWL1ZW!Kn{+!rC^mV^4-w?fPxkGc3+O!v))c-|63WI32;hOr!- z_)(v{iNJL^9J}Fa537T3z$j-Ann0Xs9k^P#lO4?9sv6H*fGg9@;Ahia2kh!&2JV^! zPd#kd`EXm^3|a|&PoR;g53lwUeS8CF;{bYhRl~lkEtC^>yMrlr+f@7~tF3e=?8m@v zy7Tej{`?}7ZkdL${vLMX0D9G1qs#<)*gQP|x2x~El^(t@GWsesjQU={&&C1t=0YD| zhuXu2{T3dszQ7`%*eqx!S7b% z%%9r=bTik5Ba{*9y77&gbA%p8QsD@tI-CaQ+TR1A;qt754czsoA#3|S_vNh)+2HzE z9e9$#J3#4mJ|{37oWp#b)Hy@=I!rlF{y+BKJU*)G{2#w}W|EmnW=P0{Rn$pXgCQg# zK-dHVvM4AfYzi2%A<>Y8Bp@oAxKt4~4EoaUW&ta-%Vq%99`HFyp&8^l3X_?t^SutW=Hzgs=besA$G`^~q-$j>U*c$mxP z%^qgI`Q{IKDEk2q$C3WZ!&H^=m^@U2IMeIDh$+BE1YL zai(XVc^;j1BF^+|wb-N6X2hAE-JbC1Q;-s8dN%x>N2e``Gd+7g@6p*Nai(Y6*E~9H zOq|IMdPgjjTo;LHH=ZsqkG?qV?+4I!_V)wWRf{Q(m}@HSL(J7G9Vfq=k_X3$|2@fr z>$$~rYm4co_O}x#-~MI*d{B z!ZQ^XK2PDx6n<9WR}{{M@7unNR(OiS$0@u>;W~v|6h2$we=6Ju6U??XNa3*x z&r^7b!Z#?qOW~g@{Di`PQ1}gnE3pNXSUK_=rCzK!T+xRs zJXYc93iIDEteih8yiZ{UC(F}I;e3ThDm+PH{ui{ZTdi=D!e=QgzccFfh5ry@>&owp zdUW}nQ4h=SjC%Mb#s6o8KT#MjCMIO|R(PPoB?`|_xJu#W3O6f!uEN_DzE0sEE4*9b zXB2)};dd4OTH#DQbg=g6tMC|w=O}!V!YdT+PETK#hrK2qV)3QtvduEO%0 zqn@oA6n(YA8x-EE@C^#@QuqOdA5&O<)6{G06-DP)&e^{FL*Y#DT6$lF2P-^X;gc0U zRpAbW&sF$pg>O^%9)HJQh0*GvlOmXxJBWK*w9-&XDNKS!e1-g2b*%sKV0Ey3fC&!qVNWVFH-n>3g4vg zPZfSh;a@BKyuxoOykFscxDU2E?^k#{?ujjZrouG}H!FOR!dEJMtHSpv{D{K8SNK(h z|Eh2hH&j-iUJ4IXxJ2Q}3eQz|iNcKvpP}&i3SX}9jSBx%;a@8JTZLaz_%90oLt#H| z-fX{mDlEVM>dp5NiatT%*$OXGxIy6zJh!m&k5sr&;qeO3Q20cJmnqz+@LGl6QusrK zzf?GkXD3#l-U?r$@U;rxuJAny?^gI3g$Lti+sZFd_-KWXQ}_;rUr{*w@T8oh6dtee zJcTzYe2>DvQ}|Vd-&6P>3j2;owwtB!VukA!Uajy(g}+uf56@$)O_~)xOW_L?zFcAX z9aGN_-&XYf3V)?=Mm*Wpc?#dJ@M8+^Q}~|>2lA3~dMbQ`!bd4QTj6Sj&sF#ug>O^% zHwq8PPqtg2@EC=sDLhZ%WeT6B@Z$>aRrqy<-&go^h0_Nn^@%AwUg3ob*DKtn@MeX- zt8k~nKT`Msg`ZIPIfeHrykFt36^;x_>fc}CVG2)IxKiO}h1V;*RpF}?zD?nK72c!p zvkJea@cRmXp>Sw$Qvcox4^p^P;VB9qukccZPg8iE!WSrfg~B%}e5b;{Qut|wUsm{C zg+Em|FeKTp9EIZw7b!eZ;bRqEp>T)7?w)W!pjw2L7e8uaT>7w zj9??_nTEbi;me4!=wZ5^-ZwZvZC(-rPe{Oc6|MT%#K!q+MO8x{Xu zisu&!KdShjRQxY0o;MZ#K=J<_n0;?&*NT$*hZW9I_%MYB6MJ?jAdVXQlq;T@isv|B zwskkyPF6g13a?W9t3Cb)z`t4XT&j33_jrBh5w}RN5r0AeXZy@Ba{6a zqVRZyk5{->;k63iPMl?Ia*x6fEBsr9Ur_ihg+El-El$eJS9rFHrotN( zK2PBb6~0E{>lMCD;U6hXKel%GnZoo%OW&jLZxsHW!p|%Gvcmfm{R&r^85!Uv1t%N0+(!YdVSQn*#&4uv->e4fG= zD!fhM?FwI^@Kp+TDtv>&wIpK+rT{d8JImRj*yPN z@aT)v;z0@*6MK8ka6m@#ES8#}HPjPd0en~s?? z!{vhS9WLIQP3G`*>FhjWPMMSsb8c~NG@MgRl5$mjxq6!8Jou|`zDX(nPcu`#U4`YL zB%e|tN%T<8BX9h=CcOF?->{0(!t3+*{A+Qnz>QSp-?VOA&*6o~mCSW_r{Q~ThxM!& zkP)xiz35(dcv(fHxS(^~u7ZbF3<^X_^XC+YRzFpf^GH0p-*GB@rSH$L@D&fq^{ps7 zd{*t^wnbO;URk<$%aj?rXWr+|O`Gj6&ly%bd?1)3z5+k%hz`&AX6+ibBfNTM&Zxx? z&CB0i;65Ge-R8?Lynbcjy8O~eS;c?>(CXxc!wXlryMs=7VR8QMa<`y!d}+b1aStgK zAa6f32$!rVi!9EWl|S=)X%#p4Dk_Q>@0fMd$)m>Ym^mtP*r;(gmEOQn-HrG3OL88` zh9blK<$)6&Cq8QT*!u$cd#4lxqWkk7|5s^+GiBY>(#OASo92{0{#C^^r#!vl@vn>5 zO>LX*WG*N@2KgnU#-+0>4*sz#-mtE<2H%O)(u}KY3wgQ~9vQw>d>!dEbaczgI~HFz zZ^-W6mFeq7oP0)G)3~;#@!PIk)H}HHm&+IIo>z2ve$&Lt!b!v2kD4Zw&iM?Eg%*03 z1}Y23l@^X4+bd&4w0QJxGbW{l6aE=1D4x7~1piZGH~L*Tq4%So&R_`G*Hj+Kdg9G* z_BD;$*EBxjoAKT^==)PQzIfTY=X|!>*Z@B8>%2XC(`J1cF8T7j%DtJTgR5V;ymavL zSEiK?UiS3IrM}`_qap+072|vtq(f-ME%zRq9|rWw+x$pC>T$s7Q>B#|EAO6pU--09Gw%tEz0VzY6YN_a2||Z06~&QIxMWL3$(g>k z%EQ_!MzvKAXsakYTo!CSHEuXA=z%YI zPAk3j>Y1Z56Rph%J0L&%4Pv55`$9Y|2i*R@>0)de5MHF zz4w*0{1MsPO3S}`0$=?m=APv1y~D}B<=)|iyZz4773E){D^6tKxUV8P`Kz)cIe#9Q zl^-eI))w(0+(fn%L?XUW$y0eR_O#<7{DLoygm+ylBVHQMN94-!ttic!b#5eQ+b!jFKdVZQ_%P6s9L^Q^6npY& zAY8J4de5c4nRn+vt{;jiy7orW*wY_t$QmR76OFj4Q&8QeLu5`qB zn&uhb*xXQY*>1x=W$ z`a{cNKkyEY5)g`s%HVFP->| z4?eM?G;`K~VTD7l2*4lb6c1~9aog~L#joxzXewC$(zZ`4eHYAdhE)3S5PH~vQlC>g zXH==rt?>CakLo#PRJ?fB)FEX(F`B)%^fI1OS`bOEaw-NK)>$?)CMEk~rlbNsG{-4j zde~l{ztk7VkCbeFwP*3G@m*U=3$yc|o-!-;?4FWg-~xxQ>uyB2aM zagM%lPtQ`&&+WnKQVE%S9@P7TG~o3GO)qUjr3?DQASF*<4pI}cPxN-2g>%!;%HjbK zylx=0D~*gQaF;AVv$Etqy^k`dg(V>WAK&F`#2+PAokG z$|@h8fxV0w(jhs0R^(&!&DhVtf@u1EQ$d6S`r?VQ3&D6IyoXD+)kR{4(|WMC*9fon z#`Wn^tR5K<9xV0UKP2||{QR=Wh@qFfHzG30^RI<_zCy-ZgCaSq6(tL;J>!ey^nNR? z^wF=!mi8}yXjtdiyJNEo(a}hB_@HraWMKRcmrG2GzT_sQZ>z|^ArOBxJ|dD`;>D(I zrI9T{u^Mcv9pHUD$!~>OJ=vU$_L*8Y5qc zkWyK&?N$E=ffc>X=FM6YUQ==V8w!T7@D6y92=_q02g`)VeBR5Rf^zprNU zq(H^Z?pMKQU#!P=XK0yk-w^lZO=lfHB2xKCc5ThrwwkgnHKTXbj4@ucBX3M?-q^Oh zvMqU|JNu#iH->KCKX?1f?Z-|VK2ZGpk?i=~?eU@8+aAd-eI*h}D;-$&#^7^ba$o9M zkayK6%%e%^%d%F5c89T^T4+-o%gcCS21K#`(XY|F)O%m9iK3 zoi5$+)E}+YziHj@!bArSqI=FG+xOM<{ivqT2WemVm${Py$IaMN(|>PGKVQvZ%b$;9 zZ8o;d-mrbHyKVBzQ`?>lb{+BVjsji)F7M%s84ZHzT-pdTY9_1L{Mj%Iv$2ettDPWqi zAZpzx2*uqF_AL;Z(9!EZ_ZarzeepLq@V}+&9mGXGd$0$e6YzgcoF4H2>umFFcFAv# zQUKmR+hZ<(<>$S|HXr|^z}d_>r{!`jF?`tp?#IcX<>rE>^Y|DnrG6djV}I%NC=T!$ zO4s^@pz*ZF3jn6Q;sEu!G)u7HQjL^;mw~AJh1Xsa_1HbIr|_5mhx|jpul1@) z$dB9c@wET@dVCC!^+-+bhCAC|B#9YW2QVr1>{Fn}1K$7Y|j0f*-t^v3(UflJe* z4PEEKZ&^q8p_X;T-&>_Q3J%a&=(K2|5YQgW0S@5J29dm;vudB1r}#NeU}BHOS2f@9 zhv2(o652#LuI{G@4KDwA<1hFy;0+;~i_c9z4Sn#rq34vdZcaO^W5;M@DTs2e*nyQ4{Z+czcwB|l6f=i z=YOjcWGC_q1TVkq@{w#Hl7_1OsLP+G4Mna%!~VnFb;v}b{5mLqp?ftl*^$Ax`X{>l zs4h2hFKpwV>HZFxzD|#0kYw=!osUBj44jB-=qVwv@gA#j5soZDqD3%p2B_IV`SGtF z-zA4!&PFwe;Ae;-BW)vK&tHPd##5Mfg3yCnDB)y8{hxy>=6oAK>^<4!`EXtGo1B~r zU4Kc|3j>t2IkK32T_ju=MjoT(76(p5mHn}4wA@JnerktL zP6IS23q*KdN2;?-@>!0UX0^?yIk{J&E&q}L^~t@Kjl2-xgYaO0kHCBIvpVym^J223 z-FlsuUhzB%GsmG$`gEGe>3w>8qmzEjbHD-M77tH%!W|%`&!n*MQ-Hz7_W?61;Jw+w z(+ZG?V+31dNHXaQ!Sm*W9LSs)0=}#TIFw1Z2wt}p7{A^;4M~<-u^h!%xZKqcn2jry^nK(KQ*0P=mhU1 znx2`3SrEL7W;o9Y<37X*-m@Ldxfdf61hd^&fP;a3xb~ci!oLGZgHEqdXlf4nmC4_? z4IRV2IKBC0YoTMQM!*UG7u+Cp9BYJ+!|VxtcbH5|{x@rnMYx#ZA#>8Lvo2#+Xk z`xdK2`L(Cv``sSsWwz5}FKAhENjeICs~gl{;5A%BwF22%4?n78$wh`kk4YFsAyex; zu;!i*9|%9<#zF4$IaJ9F?{WE$u}0%3wZ>0tjrVGeUw6O9Dn{cE`H=uMJ`YKjT(rhp zK@A4B;~L5p$kuw?hf9`R4$$~PvYJ}g0_Ijh?eG`wUf@0pMdN?Dd5DNcW5=g#oaR$D z&XkO2A-_;KIe01nf!HJxMbs_v~DF{SvWbb|>s(xYu&K^{d05ieK-3WO%XDc^i9)<7s^S_!=dAI-LMCCnxrS@aG^5eF01&k7Y(!a-4ULPoiyPH05l)2;e zd2>LieUAL7C)DN(bK!FX-TjImJr+Q5$zm9GmZ zwRh^uH`vO2y(4^6fIrimgZC9qN_#g^dr6uy_cAF68Lv4dZ5GV^nOT-TLk01g!=2pw z(1Gysw4Zs>R;G=?zQtJKv^3R`CM|81CoOj+goazv0;oe>)}?hMYM+&+da_>E-e7At zvF%N16{yp1e|U8I_W}BUpYA_KuvxKh168#Bkj5%We<9JtsC3ocvFV#p;CWYhI=hQu z`V+(H_;kuZ6Eo632QW>{G)+KcMfz|!u<7&kbk*ls>2D=P&bA`oq^A#-?{NP@`5;719OrzJ!-1P9`sLDTV5gR0}F2VY5wY_cL3aHckkB#1macnm6= zj;~LMJR`U^A@aiCA>NECP--)Kc<(3YD;(qZtQNa#(aLjOz5CdKR zQH+0CA%>U!dtjDuc8GJfKVNzX_YBdk`_HA4IUzbp|2^c7g=jY?_hx!RZfFY{U{n1= zb6|AS)M2uOn5G7V7&lE*hld!9OjAdMIKxd-M}{~_OjGd?oyRnl7ot6#+%@b~eu)3S z&ZdTi?oTvTAR*s0H9W*9YnnPL#L#7$Dhx3mn5IUAIHOEcMIkzsX=-GMc6M?v2PIq_ z;w}~2+3>v3r$A;zE5(3b5SuRrftV~I3qrF{_dIXYn$BAa-j-B5xxZvoTNHZK6IUHN z28BjkjTp%jSEt3*TXDIabh;Ix98{t;CXpKxTvkVNRF<{9@@aek%&}0d*a?g$h$aC-*jX zI~e}GS2G$ehbE?Gk1*#&|6gKj9L@^U9G>fisT}r5>~ha=7!`7dQi0*&dBDNILR@7d za3+A+A$GSB$i0J-SBKA+N*CkW<5#H_5<4`t%@o>n@=b*jCQkkiSs6#%Y!rg{n$2fA zy|OcQ#?VghW+&su^H?MEVU%Xv%>7WHcY~90E2*K(-f+B(+ewW$;ZKlc{D5MDfkCJp zqKI66Lq>Ffk+m# z%Pf{mDDpg1&z$H^VwEVqLD|V%>aIX0J8}|6DznMmicD@~6+%YlHSQi{`Z_(?iNgWK zvROpvCw0NEgd@|FkP=hM3s}M}9>q&{%}qekBGSiTV44-drVZl(JWW;@HR{Tf1OqQ46MBl|!L(wl@2|kYz~6BdZTrD=SYT{?EOdJ1M&7RDP>ez#i~O0xj2lyYqjBVeK_KIXY9A(2 z>D=90tY#k=5>7$jClDvc|i!$bj6)1#TdRBfACDEpn;bADK{OImRz? zqdOXzNMsEnVPuy(1DWi|18|MV&)p@+(>D}3Gq4YY2=8ViX9r}$ zMfk#CWP>G3lpS#sf$qoyRE zZm28`E?M;CA=C*5_TU;iK_DB+eFR}V`hE8$;66Wx39_SCx^6Gq`n4{*?zO(lJ%$BN zk1`}#a^X^`nma`6<54FVn1XBQ8EKu3VC{|WcFzKm6*T&Y%kB)o7cx50JuY`$1Mt<0 zPV`ZitE`h#?u$O??gP6q=PzCM$%(c%tahRgyL<{4isEY;qmQ}AfhjwVZIAs`#pVI9^*YD!%5* z_CQp8-Q^zCsQ8Aq2hXW z<}adHZZpU5Gxs{Q+GherBs==K`#4n)5Bf@bP^Rw-7C1fLLy{#I?!46)Zh$GQ%X|o? zVBjCPhAtCGsk!SBYoq;rkv?edDEM1;^e|r;GN!pBeadA<_!?Q@^jM4}OD>0K?i4Tu z1NFFu9D$VDFAzQ2*9kCyKN}OB?Bjwn06!ZLo#LZ@1NiVcI@QO@+(So?@jVP^Mr(#V zkuVN5)5pEFlQYbXPW1K0r*LM3Dts-hX`E=fFX=?Hq}A;BsVkl6Y#+^%?TXhN>#IkF zTsMw_<9zg>zOIwI4Q7nam9}%~BGEcu5gO@pAEN7!U7&r&lP`*G4%srf;?Ofkgz2{3h9CG?+37ngdb95=FdGy9 z(Dx~+#>7ANOw9E@x=XmSqnwO)__!@CjvR|+Ir-q6Tnzg6W0W7|=OSUml=&GxjF{0%%oro4ZzOu5{|-or*0(y* zi~Lt|d5E?FZxtMfHUeMl=iVda7`At0FXQFEB-1C_xUL4f0Y8_X zzR1+t%m8FyB~ucQwvf#gwn4~%&18ll12&T>jGV$@^7%P{#StHE<(EuJ2Z#L1e59>^fiU7Pd1* zq}>^a<2M8`v;F*x;od+jNa4rxeOJ5?9s8Ufc!K1nq{S+!?0gYFJuP+(*0SgV$<0WM z@oV#=3;i65S!pqTQCoD8v~X2gYybyfnSTPxu1<^b%kQFfe$Jn((__D&%Jq`_d3x+H zhWZ9Sz4PVt*n7;KE>envF}$VgM4SA_K}tz5_7clhN!ibWvEFRqOv&9JjIE_j&hjq- z=L5mmbJT2;|8Df?*GVf+n*6TlVv;n zYoXaE8L@k)=XIj>XBn|;8C7qQ+~*mwJ+$?YB=oxh)bqk-3MZ_3e?^o%EaCGFh&O#Qs7lk4V{7k=S+A)GBL@~HdH z2wuiS?oD}ieQzXo0>^KkJdA!I63e8m-xAJ;BC)~Lja5XW0k_(XY*vZSr z$oZZNGUMm>4CU9=F;56tpCSoS;J_l7#XZV(bK~G?t0TUJJOlZ;jC+{h9cK#;^RpnI z9}|KuH$DUTjikQUTz?~(>ha^H$nfz@{yL&rK!f<{vhOXIv&hM-Ku_>+iWzrD+-osx z6coW>zuXe#Wl*h=hVenmI8rf=^cea7S-y`=KVS41k(YiB{uqPi9_hMYSqVo<=kmF5 zfNm@`0QPqOC>eK99(01GkY{HHt#sTMT;2mXd7HrI`&|0uKb~y(ZAKEfc{82-+T{x6 zrbHu$$Vz~bUTlFf@z!~}xJj2~8cgb$=e6PP-1L7ny23rF%218$m=eyS% z#>tlPdc}CXVH|i1rn&nY*Ii5|cJ?>MhlZBGtKGabMiKWMDN z=;y|*eYY@ca;MRb`SRns)UGB2d@i^U1|3LgtAKNT9ZGw1IjpL4&I}YDv^+(kv zGs_DHqj-cn-?tjqDwK|JEB)&~gL*|*A#}K7WcvUfrxd5#d5RT2#z*sT$sR5y8snph zRv#If3wKqU8&o7I%RQs-0Uah|J#?=vg8)= z=#|Ki=I?xad3Sz^SnD=v=^~UO^sGk35ch^f3~TPa(jAmIBPgiz6bz9xaj&274mPov zV{@OFg)h96a@UJI!wbKDyp+#C^VR*OUuyl>*7_A|*;1)R3JyH?L~je0 zGNMgOBc%?f+gU!u>*+L^5U+uoUPq>>NczI=r5}Rdou0;Edph#NPlq>8Pdg9UZODr6 z&4QQ-*HZXQnP{Uf_keSxeT*R;Gy)C>$zIH2`x3KyIw5u`!1q0tS)%Jq;>yB< zv&ZecA0M$fJRp1t1(UgL^YVN{WNc#` z_bgzkT7KfQ#8zk40pv6Hbe-NOICBnu&aQNN7 zx;hwB9048>|AekdKlzlOPxmL#&gBC6nDQ{z8{&r z6!Q)M`Eis@!DY%MaY#m|`6fiIzjqV5PXRn+N_M`2rjBM+xAJI;a;u!_|9}qe9G6Ue zak`!H0z@gU7;|LBa4SoB8;IO26#p4*mNetu%{^XLkYEtR>A&%T;bM_-tH>BP9F9gA z7mJJu;40+}sJl(JKTDbCZ71@ayEidUH}=YZ&phu$z4FhIAIq)`1v7T+j(erM3u=lz z28TR*j012gN^n_(lP^Y=tZ`iPhSVICRZIh!$ndX zTR&)J|DG()M9#Jg0pd8_J?>DnAv2EOVDFS&j|*4l#0oL}ZT9ITG0ZYn>HO3h<|HwU zA2t{+%ht(an1#rfmQb^kMYDUEPe*;^r$Rswov%0opa|!K?BN-X+bXPlv$Sju$Q(b! zBCJtWcnzFmO3M3SM(83Hfy*TGO(LvT=VKOn6`UC}bI|UWW)}!z15USd>rq|^`BFNt zjtb?WWDw3ul$Eq&c?fo>%cRce9-Lmo3K$ z$WLX6qtv(1swcUOtLu81MDr0jxck|dRCh)l!iD>lk3+yCj??WticQnWzmnb0*%0ka zFCZsA&>|MDA6f++iMhMMRXU7r;Raa5@2)SEFL8Gz)E*Y`tiyO8ql7@c9~YAaVNxluF#rM__QK#&KaFE=9RDXDeuW$0VaS;~NaU zTW>yq0s~#b?Y!0MRWDm-e!y==tX{UyEy$1O3WC%b%o?W!M2l-d5G|f$i8Fl<%UZ