From fe4f611e73e64735532cbc55af14e406b4bd232f Mon Sep 17 00:00:00 2001 From: "Deng, Qian" Date: Fri, 27 Oct 2017 19:19:40 +0800 Subject: [PATCH 01/83] fix text of bar chart title --- .../result-tip.component.ts | 21 +++++++++++-------- src/ui_ng/package.json | 2 +- src/ui_ng/src/i18n/lang/en-us-lang.json | 3 ++- src/ui_ng/src/i18n/lang/es-es-lang.json | 3 ++- src/ui_ng/src/i18n/lang/zh-cn-lang.json | 3 ++- 5 files changed, 19 insertions(+), 13 deletions(-) diff --git a/src/ui_ng/lib/src/vulnerability-scanning/result-tip.component.ts b/src/ui_ng/lib/src/vulnerability-scanning/result-tip.component.ts index f729bc1c3..41e6d97d3 100644 --- a/src/ui_ng/lib/src/vulnerability-scanning/result-tip.component.ts +++ b/src/ui_ng/lib/src/vulnerability-scanning/result-tip.component.ts @@ -62,7 +62,6 @@ export class ResultTipComponent implements OnInit { if (item.severity != VulnerabilitySeverity.NONE) { this.packagesWithVul += item.count } - switch (item.severity) { case VulnerabilitySeverity.UNKNOWN: this._unknownCount += item.count; @@ -86,18 +85,22 @@ export class ResultTipComponent implements OnInit { } this.translate.get(this.packageText(this.totalPackages)).subscribe((p1: string) => { this.translate.get(this.unitText(this.packagesWithVul)).subscribe((vul: string) => { - let messageKey: string = "VULNERABILITY.CHART.TOOLTIPS_TITLE_SINGULAR"; - if (this.packagesWithVul > 1) { - messageKey = "VULNERABILITY.CHART.TOOLTIPS_TITLE"; - } - this.translate.get(messageKey, - { + if (this.totalPackages === 0) { + this.translate.get('VULNERABILITY.CHART.TOOLTIPS_TITLE_ZERO').subscribe( (res: string) => { + this._tipTitle = res; + }); + } else { + let messageKey = 'VULNERABILITY.CHART.TOOLTIPS_TITLE_SINGULAR'; + if (this.packagesWithVul > 1) { + messageKey = 'VULNERABILITY.CHART.TOOLTIPS_TITLE'; + } + this.translate.get(messageKey, { totalVulnerability: this.packagesWithVul, totalPackages: this.totalPackages, package: p1, vulnerability: vul - }) - .subscribe((res: string) => this._tipTitle = res); + }).subscribe((res: string) => this._tipTitle = res); + } }); }); } diff --git a/src/ui_ng/package.json b/src/ui_ng/package.json index f8f2b596a..971f2c857 100644 --- a/src/ui_ng/package.json +++ b/src/ui_ng/package.json @@ -31,7 +31,7 @@ "clarity-icons": "^0.9.8", "clarity-ui": "^0.9.8", "core-js": "^2.4.1", - "harbor-ui": "0.4.91", + "harbor-ui": "0.4.92", "intl": "^1.2.5", "mutationobserver-shim": "^0.3.2", "ngx-cookie": "^1.0.0", diff --git a/src/ui_ng/src/i18n/lang/en-us-lang.json b/src/ui_ng/src/i18n/lang/en-us-lang.json index 9089c6c01..6d4ec1d8f 100644 --- a/src/ui_ng/src/i18n/lang/en-us-lang.json +++ b/src/ui_ng/src/i18n/lang/en-us-lang.json @@ -510,7 +510,8 @@ "CHART": { "SCANNING_TIME": "Scan completed time:", "TOOLTIPS_TITLE": "{{totalVulnerability}} of {{totalPackages}} {{package}} have known {{vulnerability}}.", - "TOOLTIPS_TITLE_SINGULAR": "{{totalVulnerability}} of {{totalPackages}} {{package}} has known {{vulnerability}}." + "TOOLTIPS_TITLE_SINGULAR": "{{totalVulnerability}} of {{totalPackages}} {{package}} has known {{vulnerability}}.", + "TOOLTIPS_TITLE_ZERO": "No recognizable vulnerability package found" }, "SEVERITY": { "HIGH": "high", diff --git a/src/ui_ng/src/i18n/lang/es-es-lang.json b/src/ui_ng/src/i18n/lang/es-es-lang.json index 8b1b40078..66ca37098 100644 --- a/src/ui_ng/src/i18n/lang/es-es-lang.json +++ b/src/ui_ng/src/i18n/lang/es-es-lang.json @@ -509,7 +509,8 @@ "CHART": { "SCANNING_TIME": "Scan completed time:", "TOOLTIPS_TITLE": "{{totalVulnerability}} of {{totalPackages}} {{package}} have known {{vulnerability}}.", - "TOOLTIPS_TITLE_SINGULAR": "{{totalVulnerability}} of {{totalPackages}} {{package}} has known {{vulnerability}}." + "TOOLTIPS_TITLE_SINGULAR": "{{totalVulnerability}} of {{totalPackages}} {{package}} has known {{vulnerability}}.", + "TOOLTIPS_TITLE_ZERO": "No se encontró ningún paquete de vulnerabilidad reconocible" }, "SEVERITY": { "HIGH": "high", diff --git a/src/ui_ng/src/i18n/lang/zh-cn-lang.json b/src/ui_ng/src/i18n/lang/zh-cn-lang.json index af643351b..fc6c0c178 100644 --- a/src/ui_ng/src/i18n/lang/zh-cn-lang.json +++ b/src/ui_ng/src/i18n/lang/zh-cn-lang.json @@ -510,7 +510,8 @@ "CHART": { "SCANNING_TIME": "扫描完成时间:", "TOOLTIPS_TITLE": "{{totalPackages}}个{{package}}中的{{totalVulnerability}}个含有{{vulnerability}}.", - "TOOLTIPS_TITLE_SINGULAR": "{{totalPackages}}个{{package}}中的{{totalVulnerability}}个含有{{vulnerability}}." + "TOOLTIPS_TITLE_SINGULAR": "{{totalPackages}}个{{package}}中的{{totalVulnerability}}个含有{{vulnerability}}.", + "TOOLTIPS_TITLE_ZERO": "没有发现可识别的漏洞包" }, "SEVERITY": { "HIGH": "严重", From a0172bc0c4875bc63d49635fdad107fa60daea9f Mon Sep 17 00:00:00 2001 From: "Fuhui Peng (c)" Date: Mon, 30 Oct 2017 10:29:01 +0800 Subject: [PATCH 02/83] "add insecure checkbox to configure #3363" --- src/ui_ng/lib/src/config/config.ts | 2 ++ .../src/app/config/email/config-email.component.html | 9 +++++++++ src/ui_ng/src/i18n/lang/en-us-lang.json | 2 ++ src/ui_ng/src/i18n/lang/es-es-lang.json | 2 ++ src/ui_ng/src/i18n/lang/zh-cn-lang.json | 2 ++ 5 files changed, 17 insertions(+) diff --git a/src/ui_ng/lib/src/config/config.ts b/src/ui_ng/lib/src/config/config.ts index 383e490f7..fe024927c 100644 --- a/src/ui_ng/lib/src/config/config.ts +++ b/src/ui_ng/lib/src/config/config.ts @@ -71,6 +71,7 @@ export class Configuration { email_ssl: BoolValueItem; email_username?: StringValueItem; email_password?: StringValueItem; + email_insecure: BoolValueItem; verify_remote_cert: BoolValueItem; token_expiration: NumberValueItem; cfg_expiration: NumberValueItem; @@ -95,6 +96,7 @@ export class Configuration { this.email_ssl = new BoolValueItem(false, true); this.email_username = new StringValueItem("", true); this.email_password = new StringValueItem("", true); + this.email_insecure = new BoolValueItem(false, true); this.token_expiration = new NumberValueItem(30, true); this.cfg_expiration = new NumberValueItem(30, true); this.verify_remote_cert = new BoolValueItem(false, true); diff --git a/src/ui_ng/src/app/config/email/config-email.component.html b/src/ui_ng/src/app/config/email/config-email.component.html index ab24088b8..86726034c 100644 --- a/src/ui_ng/src/app/config/email/config-email.component.html +++ b/src/ui_ng/src/app/config/email/config-email.component.html @@ -68,5 +68,14 @@ +
+ + + + + {{'CONFIG.INSECURE_TOOLTIP' | translate}} + + +
\ No newline at end of file diff --git a/src/ui_ng/src/i18n/lang/en-us-lang.json b/src/ui_ng/src/i18n/lang/en-us-lang.json index 9089c6c01..3da2e348d 100644 --- a/src/ui_ng/src/i18n/lang/en-us-lang.json +++ b/src/ui_ng/src/i18n/lang/en-us-lang.json @@ -395,6 +395,8 @@ "MAIL_PASSWORD": "Email Password", "MAIL_FROM": "Email From", "MAIL_SSL": "Email SSL", + "MAIL_INSECURE": "Verify Certificate", + "INSECURE_TOOLTIP": "Determine whether should verify the certificate of a remote Harbor registry. Uncheck this box when the remote registry uses a self-signed or untrusted certificate.", "SSL_TOOLTIP": "Enable SSL for email server connection", "VERIFY_REMOTE_CERT": "Verify Remote Cert", "TOKEN_EXPIRATION": "Token Expiration (Minutes)", diff --git a/src/ui_ng/src/i18n/lang/es-es-lang.json b/src/ui_ng/src/i18n/lang/es-es-lang.json index 8b1b40078..729f89fb2 100644 --- a/src/ui_ng/src/i18n/lang/es-es-lang.json +++ b/src/ui_ng/src/i18n/lang/es-es-lang.json @@ -396,6 +396,8 @@ "MAIL_PASSWORD": "Contraseña del servidor de email", "MAIL_FROM": "Email De", "MAIL_SSL": "Email SSL", + "MAIL_INSECURE": "Verify Certificate", + "INSECURE_TOOLTIP": "Determina si la verificar el certificado de un registro Harbor remoto. Desmarque esta opción cuando el registro remoto use un certificado de confianza o autofirmado.", "SSL_TOOLTIP": "Activar SSL en conexiones al servidor de correo", "VERIFY_REMOTE_CERT": "Verificar Certificado Remoto", "TOKEN_EXPIRATION": "Expiración del Token (Minutos)", diff --git a/src/ui_ng/src/i18n/lang/zh-cn-lang.json b/src/ui_ng/src/i18n/lang/zh-cn-lang.json index af643351b..933e01bdc 100644 --- a/src/ui_ng/src/i18n/lang/zh-cn-lang.json +++ b/src/ui_ng/src/i18n/lang/zh-cn-lang.json @@ -395,6 +395,8 @@ "MAIL_PASSWORD": "密码", "MAIL_FROM": "邮件来源", "MAIL_SSL": "邮件 SSL", + "MAIL_INSECURE": "验证证书", + "INSECURE_TOOLTIP": "确定是否要验证远程Harbor实例的证书。如果远程实例使用的是自签或者非信任证书,不要勾选此项。", "SSL_TOOLTIP": "启用SSL到邮件服务器连接。", "VERIFY_REMOTE_CERT": "验证远程证书", "TOKEN_EXPIRATION": "令牌过期时间(分钟)", From f6595bedadfe044e9cb01d4eecafe8c84a6c29f4 Mon Sep 17 00:00:00 2001 From: "Fuhui Peng (c)" Date: Mon, 30 Oct 2017 10:34:43 +0800 Subject: [PATCH 03/83] modify test case about an insecure checkbox to configure --- tests/resources/Harbor-Pages/Configuration.robot | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/resources/Harbor-Pages/Configuration.robot b/tests/resources/Harbor-Pages/Configuration.robot index d10dd3b97..c870c5602 100644 --- a/tests/resources/Harbor-Pages/Configuration.robot +++ b/tests/resources/Harbor-Pages/Configuration.robot @@ -147,6 +147,9 @@ Config Email Mouse Down xpath=//*[@id="clr-checkbox-emailSSL"] Mouse Up xpath=//*[@id="clr-checkbox-emailSSL"] Sleep 1 + Mouse Down xpath=//*[@id="clr-checkbox-emailInsecure"] + Mouse Up xpath=//*[@id="clr-checkbox-emailInsecure"] + Sleep 1 Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1] Sleep 6 @@ -155,7 +158,8 @@ Verify Email Textfield Value Should Be xpath=//*[@id="emailPort"] 25 Textfield Value Should Be xpath=//*[@id="emailUsername"] example@vmware.com Textfield Value Should Be xpath=//*[@id="emailFrom"] example - Checkbox Should Be Selected xpath=//*[@id="clr-checkbox-emailSSL"] + Checkbox Should Be Selected xpath=//*[@id="clr-checkbox-emailSSL"] + Checkbox Should Be Selected xpath=//*[@id="clr-checkbox-emailInsecure"] Set Scan All To None click element //vulnerability-config//select From ad38106642883823f7b14ccad85511c3e6f6b09a Mon Sep 17 00:00:00 2001 From: "Fuhui Peng (c)" Date: Mon, 30 Oct 2017 10:39:19 +0800 Subject: [PATCH 04/83] modify label about project access level --- .../app/project/create-project/create-project.component.html | 2 +- .../app/project/create-project/create-project.component.ts | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/ui_ng/src/app/project/create-project/create-project.component.html b/src/ui_ng/src/app/project/create-project/create-project.component.html index 23053f2fb..d674fa7c8 100644 --- a/src/ui_ng/src/app/project/create-project/create-project.component.html +++ b/src/ui_ng/src/app/project/create-project/create-project.component.html @@ -25,7 +25,7 @@
- {{ accessLevelDisplayText | translate}} + {{ 'PROJECT.PUBLIC' | translate}} {{'PROJECT.INLINE_HELP_PUBLIC' | translate }} diff --git a/src/ui_ng/src/app/project/create-project/create-project.component.ts b/src/ui_ng/src/app/project/create-project/create-project.component.ts index 2ec6cbcfb..a3ff35664 100644 --- a/src/ui_ng/src/app/project/create-project/create-project.component.ts +++ b/src/ui_ng/src/app/project/create-project/create-project.component.ts @@ -71,10 +71,7 @@ export class CreateProjectComponent implements AfterViewChecked, OnInit, OnDestr constructor(private projectService: ProjectService, private translateService: TranslateService, private messageHandlerService: MessageHandlerService) { } - - public get accessLevelDisplayText(): string { - return this.project.metadata.public ? 'PROJECT.PUBLIC' : 'PROJECT.PRIVATE'; - } + ngOnInit(): void { this.proNameChecker From c4024f03a133ddef3843594893a586e18452cd76 Mon Sep 17 00:00:00 2001 From: yixingj Date: Mon, 30 Oct 2017 10:56:18 +0800 Subject: [PATCH 05/83] Update UI image oss package to latest Update base image to photon Remove vim from the image --- make/photon/ui/Dockerfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/make/photon/ui/Dockerfile b/make/photon/ui/Dockerfile index 6b1e067c1..3d0050336 100644 --- a/make/photon/ui/Dockerfile +++ b/make/photon/ui/Dockerfile @@ -1,7 +1,9 @@ -FROM library/photon:1.0 - -RUN mkdir /harbor/ +FROM vmware/photon:1.0 +RUN tdnf distro-sync -y \ + && tdnf erase vim -y \ + && tdnf clean all \ + && mkdir /harbor/ COPY ./make/dev/ui/harbor_ui /harbor/ COPY ./src/ui/views /harbor/views From d173fd7256caa2411e4686ce8c026bbbd174aac1 Mon Sep 17 00:00:00 2001 From: yixingj Date: Mon, 30 Oct 2017 11:06:48 +0800 Subject: [PATCH 06/83] Update registry image oss package to latest 1>Change base image to vmware/photon 2>update oss pakcage and remove vim package. --- make/photon/registry/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/make/photon/registry/Dockerfile b/make/photon/registry/Dockerfile index a966eab30..e6e54394e 100644 --- a/make/photon/registry/Dockerfile +++ b/make/photon/registry/Dockerfile @@ -1,8 +1,11 @@ -FROM library/photon:1.0 +FROM vmware/photon:1.0 MAINTAINER wangyan@vmware.com # The original script in the docker offical registry image. +RUN tdnf distro-sync -y \ + && tdnf erase vim -y \ + && tdnf clean all COPY entrypoint.sh / RUN chmod u+x /entrypoint.sh From beefb40d0d28eaadc88ae3051acfe50e73e00895 Mon Sep 17 00:00:00 2001 From: yixingj Date: Mon, 30 Oct 2017 13:12:47 +0800 Subject: [PATCH 07/83] Update Notary base images and oss package 1> Update Notary server image to vmware/photon 2> Update NOtary signer image to vmware/photon 3> update oss package to latest --- make/photon/notary/server.Dockerfile | 7 +++++-- make/photon/notary/signer.Dockerfile | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/make/photon/notary/server.Dockerfile b/make/photon/notary/server.Dockerfile index d0e682a47..740a3e26f 100644 --- a/make/photon/notary/server.Dockerfile +++ b/make/photon/notary/server.Dockerfile @@ -1,8 +1,11 @@ -from library/photon:1.0 +FROM vmware/photon:1.0 +RUN tdnf distro-sync -y \ + && tdnf erase vim -y \ + && tdnf clean all COPY ./binary/notary-server /bin/notary-server COPY ./migrate /bin/migrate COPY ./migrations/ /migrations/ ENV SERVICE_NAME=notary_server -ENTRYPOINT [ "notary-server" ] \ No newline at end of file +ENTRYPOINT [ "notary-server" ] diff --git a/make/photon/notary/signer.Dockerfile b/make/photon/notary/signer.Dockerfile index 3ef8231cd..e9c67bc13 100644 --- a/make/photon/notary/signer.Dockerfile +++ b/make/photon/notary/signer.Dockerfile @@ -1,8 +1,11 @@ -from library/photon:1.0 +FROM vmware/photon:1.0 +RUN tdnf distro-sync -y \ + && tdnf erase vim -y \ + && tdnf clean all COPY ./binary/notary-signer /bin/notary-signer COPY ./migrate /bin/migrate COPY ./migrations/ /migrations/ ENV SERVICE_NAME=notary_signer -ENTRYPOINT [ "notary-signer" ] \ No newline at end of file +ENTRYPOINT [ "notary-signer" ] From d8919f4da9d1f7bcd4c92f0eb81a6bf3c8a82d03 Mon Sep 17 00:00:00 2001 From: yixingj Date: Mon, 30 Oct 2017 13:50:44 +0800 Subject: [PATCH 08/83] Update Clair base images 1>update clair base iamges to vmware/photon:1.0 2>update oss packages to latest --- make/photon/clair/Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/make/photon/clair/Dockerfile b/make/photon/clair/Dockerfile index 90bd10608..9f5d1185f 100644 --- a/make/photon/clair/Dockerfile +++ b/make/photon/clair/Dockerfile @@ -1,6 +1,9 @@ -FROM library/photon:1.0 +FROM vmware/photon:1.0 -RUN tdnf install -y git bzr rpm xz \ +RUN tdnf distro-sync -y \ + && tdnf erase vim -y \ + && tdnf install -y git bzr rpm xz \ + && tdnf clean all \ && mkdir /clair2.0.1/ COPY clair /clair2.0.1/ From 2953ca996783c8875190d9f422f944c2b8a9e95f Mon Sep 17 00:00:00 2001 From: yixingj Date: Mon, 30 Oct 2017 14:46:33 +0800 Subject: [PATCH 09/83] Update Notary base images and oss package 1> Update Notary server image to vmware/photon 2> Update NOtary signer image to vmware/photon 3> update oss package to latest --- Makefile | 4 ++-- make/docker-compose.notary.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 3bf2d2187..6e7d7d66c 100644 --- a/Makefile +++ b/Makefile @@ -84,8 +84,8 @@ NOTARYFLAG=false REGISTRYVERSION=2.6.2-photon NGINXVERSION=1.11.13 PHOTONVERSION=1.0 -NOTARYVERSION=server-0.5.0 -NOTARYSIGNERVERSION=signer-0.5.0 +NOTARYVERSION=server-0.5.1 +NOTARYSIGNERVERSION=signer-0.5.1 MARIADBVERSION=10.2.8 HTTPPROXY= REBUILDCLARITYFLAG=false diff --git a/make/docker-compose.notary.yml b/make/docker-compose.notary.yml index 42d6a94a0..feab28a03 100644 --- a/make/docker-compose.notary.yml +++ b/make/docker-compose.notary.yml @@ -7,7 +7,7 @@ services: networks: - harbor-notary notary-server: - image: vmware/notary-photon:server-0.5.0 + image: vmware/notary-photon:server-0.5.1 container_name: notary-server restart: always networks: @@ -27,7 +27,7 @@ services: syslog-address: "tcp://127.0.0.1:1514" tag: "notary-server" notary-signer: - image: vmware/notary-photon:signer-0.5.0 + image: vmware/notary-photon:signer-0.5.1 container_name: notary-signer restart: always networks: From 1eca12ec280a374ae14f376efd628343104bbc43 Mon Sep 17 00:00:00 2001 From: myufei Date: Fri, 27 Oct 2017 17:20:20 +0800 Subject: [PATCH 10/83] Add delete project auto case --- tests/resources/Harbor-Pages/Project.robot | 21 +++++++++++++++++++++ tests/robot-cases/Group0-BAT/BAT.robot | 12 ++++++++++++ 2 files changed, 33 insertions(+) diff --git a/tests/resources/Harbor-Pages/Project.robot b/tests/resources/Harbor-Pages/Project.robot index 7a2e70b2e..b29199afd 100644 --- a/tests/resources/Harbor-Pages/Project.robot +++ b/tests/resources/Harbor-Pages/Project.robot @@ -98,6 +98,27 @@ Delete Repo Click Element xpath=//clr-modal//div[@class="modal-dialog"]//button[2] Sleep 2 +Delete Project + [Arguments] ${projname} + Sleep 1 + Click Element //list-project//clr-dg-row-master[contains(.,'${projname}')]//clr-dg-action-overflow + Click Element //list-project//clr-dg-row-master[contains(.,'${projname}')]//clr-dg-action-overflow//button[contains(.,'Delete')] + #click delete button to confirm + Sleep 1 + Click Element //confiramtion-dialog//button[contains(.,'DELETE')] + +Project Should Not Be Deleted + [Arguments] ${projname} + Delete Project ${projname} + Sleep 1 + Page Should Contain Element //clr-alert//span[contains(.,'cannot')] + +Project Should Be Deleted + [Arguments] ${projname} + Delete Project ${projname} + Sleep 2 + Page Should Not Contain ${projname} + Advanced Search Should Display Page Should Contain Element xpath=//audit-log//div[@class="flex-xs-middle"]/button diff --git a/tests/robot-cases/Group0-BAT/BAT.robot b/tests/robot-cases/Group0-BAT/BAT.robot index 560710777..fa2affb7d 100644 --- a/tests/robot-cases/Group0-BAT/BAT.robot +++ b/tests/robot-cases/Group0-BAT/BAT.robot @@ -253,6 +253,18 @@ Test Case-Manage Project Member Close Browser +Test Case - Delete A Project + Init Chrome Driver + ${d}= Get Current Date result_format=%m%s + Create An New Project With New User ${HARBOR_URL} tester${d} tester${d}@vmware.com tester${d} Test1@34 harobr project${d} false + Push Image ${ip} tester${d} Test1@34 project${d} hello-world + Project Should Not Be Deleted project${d} + Go Into Project project${d} + Delete Repo project${d} + Back To projects + Project Should Be Deleted project${d} + Close Browser + Test Case - Assign Sys Admin Init Chrome Driver ${d}= Get Current Date result_format=%m%s From 651cb81389434dcb0f8bc762d49274bcc023985c Mon Sep 17 00:00:00 2001 From: yixingj Date: Mon, 30 Oct 2017 17:04:14 +0800 Subject: [PATCH 11/83] Update Clair base images 1>update clair base iamges to vmware/photon:1.0 2>update oss packages to latest --- Makefile | 6 +++--- make/docker-compose.clair.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 3bf2d2187..c062671c8 100644 --- a/Makefile +++ b/Makefile @@ -92,7 +92,7 @@ REBUILDCLARITYFLAG=false NEWCLARITYVERSION= #clair parameters -CLAIRVERSION=v2.0.1-photon +CLAIRVERSION=v2.0.1 CLAIRFLAG=false CLAIRDBVERSION=9.6.5-photon @@ -247,7 +247,7 @@ ifeq ($(NOTARYFLAG), true) DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) endif ifeq ($(CLAIRFLAG), true) - DOCKERSAVE_PARA+= vmware/clair:$(CLAIRVERSION) vmware/postgresql:$(CLAIRDBVERSION) + DOCKERSAVE_PARA+= vmware/clair-photon:$(CLAIRVERSION) vmware/postgresql:$(CLAIRDBVERSION) PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME) PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME) DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME) @@ -375,7 +375,7 @@ package_offline: compile build modify_sourcefiles modify_composefile fi @if [ "$(CLAIRFLAG)" = "true" ] ; then \ echo "pulling claiy and postgres..."; \ - $(DOCKERPULL) vmware/clair:$(CLAIRVERSION); \ + $(DOCKERPULL) vmware/clair-photon:$(CLAIRVERSION); \ $(DOCKERPULL) vmware/postgresql:$(CLAIRDBVERSION); \ fi @if [ "$(MIGRATORFLAG)" = "true" ] ; then \ diff --git a/make/docker-compose.clair.yml b/make/docker-compose.clair.yml index fc2399f46..888d243f8 100644 --- a/make/docker-compose.clair.yml +++ b/make/docker-compose.clair.yml @@ -35,7 +35,7 @@ services: networks: - harbor-clair container_name: clair - image: vmware/clair:v2.0.1-photon + image: vmware/clair-photon:v2.0.1 restart: always cpu_quota: 150000 depends_on: From 0ddca31355c5ed92e78fb4a0baad3a3423d3d45e Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Mon, 30 Oct 2017 17:03:28 +0800 Subject: [PATCH 12/83] Add column id to table project_metadagta as the primary key --- make/common/db/registry.sql | 8 +++++--- make/common/db/registry_sqlite.sql | 7 ++++--- src/common/dao/pro_meta.go | 2 -- src/common/models/base.go | 3 ++- src/common/models/pro_meta.go | 1 + 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/make/common/db/registry.sql b/make/common/db/registry.sql index 446627971..9b764e901 100644 --- a/make/common/db/registry.sql +++ b/make/common/db/registry.sql @@ -97,18 +97,20 @@ insert into project_member (project_id, user_id, role, creation_time, update_tim (1, 1, 1, NOW(), NOW()); create table project_metadata ( + id int NOT NULL AUTO_INCREMENT, project_id int NOT NULL, name varchar(255) NOT NULL, value varchar(255), creation_time timestamp default CURRENT_TIMESTAMP, update_time timestamp default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, deleted tinyint (1) DEFAULT 0 NOT NULL, - PRIMARY KEY (project_id, name), + PRIMARY KEY (id), + CONSTRAINT unique_project_id_and_name UNIQUE (project_id,name), FOREIGN KEY (project_id) REFERENCES project(project_id) ); -insert into project_metadata (project_id, name, value, creation_time, update_time, deleted) values -(1, 'public', 'true', NOW(), NOW(), 0); +insert into project_metadata (id, project_id, name, value, creation_time, update_time, deleted) values +(1, 1, 'public', 'true', NOW(), NOW(), 0); create table access_log ( log_id int NOT NULL AUTO_INCREMENT, diff --git a/make/common/db/registry_sqlite.sql b/make/common/db/registry_sqlite.sql index ce2cb9c20..7ccd6bc12 100644 --- a/make/common/db/registry_sqlite.sql +++ b/make/common/db/registry_sqlite.sql @@ -94,18 +94,19 @@ insert into project_member (project_id, user_id, role, creation_time, update_tim (1, 1, 1, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP); create table project_metadata ( + id INTEGER PRIMARY KEY, project_id int NOT NULL, name varchar(255) NOT NULL, value varchar(255), creation_time timestamp, update_time timestamp, deleted tinyint (1) DEFAULT 0 NOT NULL, - PRIMARY KEY (project_id, name), + UNIQUE(project_id, name) ON CONFLICT REPLACE, FOREIGN KEY (project_id) REFERENCES project(project_id) ); -insert into project_metadata (project_id, name, value, creation_time, update_time, deleted) values -(1, 'public', 'true', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0); +insert into project_metadata (id, project_id, name, value, creation_time, update_time, deleted) values +(1, 1, 'public', 'true', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0); create table access_log ( log_id INTEGER PRIMARY KEY, diff --git a/src/common/dao/pro_meta.go b/src/common/dao/pro_meta.go index 5ccf7b885..1b019b0fe 100644 --- a/src/common/dao/pro_meta.go +++ b/src/common/dao/pro_meta.go @@ -22,8 +22,6 @@ import ( "github.com/vmware/harbor/src/common/models" ) -// Using raw sql instead of CRUD objects as beego does not support composite primary key - // AddProjectMetadata adds metadata for a project func AddProjectMetadata(meta *models.ProjectMetadata) error { now := time.Now() diff --git a/src/common/models/base.go b/src/common/models/base.go index f3cbfb935..115abc2fd 100644 --- a/src/common/models/base.go +++ b/src/common/models/base.go @@ -29,5 +29,6 @@ func init() { new(ScanJob), new(RepoRecord), new(ImgScanOverview), - new(ClairVulnTimestamp)) + new(ClairVulnTimestamp), + new(ProjectMetadata)) } diff --git a/src/common/models/pro_meta.go b/src/common/models/pro_meta.go index d3854d0bd..bb54a99e9 100644 --- a/src/common/models/pro_meta.go +++ b/src/common/models/pro_meta.go @@ -33,6 +33,7 @@ const ( // ProjectMetadata holds the metadata of a project. type ProjectMetadata struct { + ID int64 `orm:"pk;auto;column(id)" json:"id"` ProjectID int64 `orm:"column(project_id)" json:"project_id"` Name string `orm:"column(name)" json:"name"` Value string `orm:"column(value)" json:"value"` From af88cc11a969643fbffc8202892aeac7d0584947 Mon Sep 17 00:00:00 2001 From: Evgeny Shmarnev Date: Mon, 30 Oct 2017 12:17:45 +0100 Subject: [PATCH 13/83] ISSUE-3463: fix docker-compose command --- docs/configure_swagger.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configure_swagger.md b/docs/configure_swagger.md index 6acd8eca4..e2b897e39 100644 --- a/docs/configure_swagger.md +++ b/docs/configure_swagger.md @@ -57,7 +57,7 @@ ui: ``` * Recreate Harbor containers ```docker - docker-compose down -v & docker-compose up -d + docker-compose down -v && docker-compose up -d ``` * Because a session ID is usually required by Harbor API, **you should log in first from a browser.** From f3a4cecdcbcc9cae73ee8fb912208d51072ec1dd Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Tue, 31 Oct 2017 13:51:49 +0800 Subject: [PATCH 14/83] Add email_insecure and delete verify_remote_cert configuration item from harbor.cfg --- make/common/templates/adminserver/env | 1 + make/harbor.cfg | 5 +---- make/prepare | 2 ++ 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/make/common/templates/adminserver/env b/make/common/templates/adminserver/env index 445813509..7e0a9e242 100644 --- a/make/common/templates/adminserver/env +++ b/make/common/templates/adminserver/env @@ -25,6 +25,7 @@ EMAIL_PWD=$email_pwd EMAIL_SSL=$email_ssl EMAIL_FROM=$email_from EMAIL_IDENTITY=$email_identity +EMAIL_INSECURE=$email_insecure HARBOR_ADMIN_PASSWORD=$harbor_admin_password PROJECT_CREATION_RESTRICTION=$project_creation_restriction MAX_JOB_WORKERS=$max_job_workers diff --git a/make/harbor.cfg b/make/harbor.cfg index 4fea2b573..34af8b960 100644 --- a/make/harbor.cfg +++ b/make/harbor.cfg @@ -55,6 +55,7 @@ email_username = sample_admin@mydomain.com email_password = abc email_from = admin email_ssl = false +email_insecure = false ##The initial password of Harbor admin, only works for the first time when Harbor starts. #It has no effect after the first launch of Harbor. @@ -101,10 +102,6 @@ token_expiration = 30 #Set to "adminonly" so that only admin user can create project. project_creation_restriction = everyone -#Determine whether the job service should verify the ssl cert when it connects to a remote registry. -#Set this flag to off when the remote registry uses a self-signed or untrusted certificate. -verify_remote_cert = on - #The follow configurations are for Harbor HA mode only #the address of the mysql database. diff --git a/make/prepare b/make/prepare index cd40f01a7..3702bea46 100755 --- a/make/prepare +++ b/make/prepare @@ -119,6 +119,7 @@ email_usr = rcp.get("configuration", "email_username") email_pwd = rcp.get("configuration", "email_password") email_from = rcp.get("configuration", "email_from") email_ssl = rcp.get("configuration", "email_ssl") +email_insecure = rcp.get("configuration", "email_insecure") harbor_admin_password = rcp.get("configuration", "harbor_admin_password") auth_mode = rcp.get("configuration", "auth_mode") ldap_url = rcp.get("configuration", "ldap_url") @@ -234,6 +235,7 @@ render(os.path.join(templates_dir, "adminserver", "env"), email_usr=email_usr, email_pwd=email_pwd, email_ssl=email_ssl, + email_insecure=email_insecure, email_from=email_from, email_identity=email_identity, harbor_admin_password=harbor_admin_password, From 31d92bf0c507a704d9c8ac4eafebf5a62140e249 Mon Sep 17 00:00:00 2001 From: wangyan Date: Sun, 29 Oct 2017 23:55:03 -0700 Subject: [PATCH 15/83] Enable https support in CI testing Add harbor.ca with certutil into Chrome trust store, then can use Chrome headless to access harbor with https And also update Chrome to latest stable version 62 --- .drone.yml | 4 +- .drone.yml.sig | 2 +- tests/resources/Cert-Util.robot | 12 +- tests/resources/Docker-Util.robot | 14 +- tests/resources/Harbor-Util.robot | 184 +++++++----------- tests/resources/SeleniumUtil.robot | 20 +- tests/robot-cases/Group0-BAT/BAT.robot | 48 ++--- .../9-21-admin-push-signed-images.robot | 5 +- 8 files changed, 131 insertions(+), 158 deletions(-) diff --git a/.drone.yml b/.drone.yml index 38303f416..dc4796fae 100644 --- a/.drone.yml +++ b/.drone.yml @@ -11,7 +11,7 @@ pipeline: recursive: false integration-test-on-pr: - image: vmware/harbor-e2e-engine:1.37 + image: vmware/harbor-e2e-engine:1.38 pull: true privileged: true environment: @@ -35,7 +35,7 @@ pipeline: status: success bundle: - image: vmware/harbor-e2e-engine:1.37 + image: vmware/harbor-e2e-engine:1.38 pull: true privileged: true environment: diff --git a/.drone.yml.sig b/.drone.yml.sig index f0ca0dd60..63363d6f1 100644 --- a/.drone.yml.sig +++ b/.drone.yml.sig @@ -1 +1 @@ -eyJhbGciOiJIUzI1NiJ9.IyBIYXJib3IgZHJvbmUuCi0tLQp3b3Jrc3BhY2U6CiAgYmFzZTogL2Ryb25lCiAgcGF0aDogc3JjL2dpdGh1Yi5jb20vdm13YXJlL2hhcmJvcgoKcGlwZWxpbmU6CiAgY2xvbmU6CiAgICBpbWFnZTogcGx1Z2lucy9naXQKICAgIHRhZ3M6IHRydWUKICAgIHJlY3Vyc2l2ZTogZmFsc2UKCiAgaW50ZWdyYXRpb24tdGVzdC1vbi1wcjoKICAgIGltYWdlOiB2bXdhcmUvaGFyYm9yLWUyZS1lbmdpbmU6MS4zNwogICAgcHVsbDogdHJ1ZQogICAgcHJpdmlsZWdlZDogdHJ1ZQogICAgZW52aXJvbm1lbnQ6CiAgICAgIEJJTjogYmluCiAgICAgIEdPUEFUSDogL2Ryb25lCiAgICAgIFNIRUxMOiAvYmluL2Jhc2gKICAgICAgTE9HX1RFTVBfRElSOiBpbnN0YWxsLWxvZ3MKICAgICAgR0lUSFVCX0FVVE9NQVRJT05fQVBJX0tFWTogICR7R0lUSFVCX0FVVE9NQVRJT05fQVBJX0tFWX0KICAgICAgRFJPTkVfU0VSVkVSOiAgJHtEUk9ORV9TRVJWRVJ9CiAgICAgIERST05FX1RPS0VOOiAgJHtEUk9ORV9UT0tFTl9JTlRFfQogICAgICBIQVJCT1JfQURNSU46ICR7SEFSQk9SX0FETUlOfQogICAgICBIQVJCT1JfUEFTU1dPUkQ6ICR7SEFSQk9SX1BBU1NXT1JEfQogICAgICBHU19QUk9KRUNUX0lEOiAke0dTX1BST0pFQ1RfSUR9CiAgICAgIEdTX0NMSUVOVF9FTUFJTDogJHtHU19DTElFTlRfRU1BSUx9CiAgICAgIEdTX1BSSVZBVEVfS0VZOiAke0dTX1BSSVZBVEVfS0VZfQogICAgICBET01BSU46ICR7Q0lfRE9NQUlOfQogICAgICBNQUlMX1BXRDogJHtNQUlMX1BXRH0KICAgIGNvbW1hbmRzOgogICAgICAtIHRlc3RzL2ludGVncmF0aW9uLnNoCiAgICB3aGVuOgogICAgICBzdGF0dXM6IHN1Y2Nlc3MKCiAgYnVuZGxlOgogICAgaW1hZ2U6IHZtd2FyZS9oYXJib3ItZTJlLWVuZ2luZToxLjM3CiAgICBwdWxsOiB0cnVlCiAgICBwcml2aWxlZ2VkOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQklOOiBiaW4KICAgICAgR09QQVRIOiAvZHJvbmUKICAgICAgU0hFTEw6IC9iaW4vYmFzaAogICAgICBCVUlMRF9OVU1CRVI6ICR7RFJPTkVfQlVJTERfTlVNQkVSfQogICAgY29tbWFuZHM6CiAgICAgIC0gZHUgLWtzIGhhcmJvci1vZmZsaW5lLWluc3RhbGxlci0qLnRneiB8IGF3ayAne3ByaW50ICQxIC8gMTAyNH0nIHwgeyByZWFkIHg7IGVjaG8gJHggTUI7IH0KICAgICAgLSBta2RpciAtcCBidW5kbGUKICAgICAgLSBjcCBoYXJib3Itb2ZmbGluZS1pbnN0YWxsZXItKi50Z3ogYnVuZGxlCiAgICAgIC0gbHMgLWxhIGJ1bmRsZQogICAgd2hlbjoKICAgICAgcmVwbzogdm13YXJlL2hhcmJvcgogICAgICBldmVudDogWyBwdXNoLCB0YWcgXQogICAgICBicmFuY2g6IFsgbWFzdGVyLCByZWxlYXNlLSosIHJlZnMvdGFncy8qIF0KICAgICAgc3RhdHVzOiBzdWNjZXNzCgogIG5vdGlmeS1zbGFjazoKICAgIGltYWdlOiBwbHVnaW5zL3NsYWNrCiAgICB3ZWJob29rOiAke1NMQUNLX1VSTH0KICAgIHVzZXJuYW1lOiBkcm9uZQogICAgdGVtcGxhdGU6ID4KICAgICAgYnVpbGQgaHR0cHM6Ly9jaS52Y25hLmlvL3Ztd2FyZS9oYXJib3Ive3sgYnVpbGQubnVtYmVyIH19IGZpbmlzaGVkIHdpdGggYSB7eyBidWlsZC5zdGF0dXMgfX0gc3RhdHVzLiBQbGVhc2UgZmluZCBsb2dzIGF0IGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9oYXJib3ItY2ktbG9ncy9pbnRlZ3JhdGlvbl9sb2dzX3t7IGJ1aWxkLm51bWJlciB9fV97eyBidWlsZC5jb21taXQgfX0udGFyLmd6CiAgICB3aGVuOgogICAgICByZXBvOiB2bXdhcmUvaGFyYm9yCiAgICAgIGJyYW5jaDogWyBtYXN0ZXIsIHJlbGVhc2UtKiwgcmVmcy90YWdzLyogXQogICAgICBzdGF0dXM6IFsgZmFpbHVyZSwgc3VjY2VzcyBdCgogIHB1Ymxpc2gtZ2NzLWJ1aWxkczoKICAgIGltYWdlOiBtYXBsYWluL2Ryb25lLWdjczpsYXRlc3QKICAgIHB1bGw6IHRydWUKICAgIHNvdXJjZTogYnVuZGxlCiAgICB0YXJnZXQ6IGhhcmJvci1idWlsZHMKICAgIGFjbDoKICAgICAgLSBhbGxVc2VyczpSRUFERVIKICAgIGNhY2hlX2NvbnRyb2w6IHB1YmxpYyxtYXgtYWdlPTM2MDAKICAgIHdoZW46CiAgICAgIHJlcG86IHZtd2FyZS9oYXJib3IKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnIF0KICAgICAgYnJhbmNoOiBbIG1hc3RlciwgcmVsZWFzZS0qIF0KICAgICAgc3RhdHVzOiBzdWNjZXNzCgogIHB1Ymxpc2gtZ2NzLXJlbGVhc2VzOgogICAgaW1hZ2U6IG1hcGxhaW4vZHJvbmUtZ2NzOmxhdGVzdAogICAgcHVsbDogdHJ1ZQogICAgc291cmNlOiBidW5kbGUKICAgIHRhcmdldDogaGFyYm9yLXJlbGVhc2VzCiAgICBhY2w6CiAgICAgIC0gYWxsVXNlcnM6UkVBREVSCiAgICBjYWNoZV9jb250cm9sOiBwdWJsaWMsbWF4LWFnZT0zNjAwCiAgICB3aGVuOgogICAgICByZXBvOiB2bXdhcmUvaGFyYm9yCiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZyBdCiAgICAgIGJyYW5jaDogWyByZWxlYXNlLSosIHJlZnMvdGFncy8qIF0KICAgICAgc3RhdHVzOiBzdWNjZXNzCgogIHRyaWdnZXI6CiAgICBpbWFnZTogcGx1Z2lucy9kb3duc3RyZWFtCiAgICBzZXJ2ZXI6IGh0dHBzOi8vY2kudmNuYS5pbwogICAgdG9rZW46ICR7RE9XTlNUUkVBTV9UT0tFTn0KICAgIGZvcms6IHRydWUKICAgIHJlcG9zaXRvcmllczoKICAgICAgIC0gdm13YXJlL3ZpYy1wcm9kdWN0CiAgICB3aGVuOgogICAgICByZXBvOiB2bXdhcmUvaGFyYm9yCiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZyBdCiAgICAgIGJyYW5jaDogWyBtYXN0ZXIsIHJlbGVhc2UtKiwgcmVmcy90YWdzLyogXQogICAgICBzdGF0dXM6IHN1Y2Nlc3MK.pc3_vwqOx7Nf2Yz9LnFrIzik0K6o0f5Dpv2Aludl3B8 \ No newline at end of file +eyJhbGciOiJIUzI1NiJ9.IyBIYXJib3IgZHJvbmUuCi0tLQp3b3Jrc3BhY2U6CiAgYmFzZTogL2Ryb25lCiAgcGF0aDogc3JjL2dpdGh1Yi5jb20vdm13YXJlL2hhcmJvcgoKcGlwZWxpbmU6CiAgY2xvbmU6CiAgICBpbWFnZTogcGx1Z2lucy9naXQKICAgIHRhZ3M6IHRydWUKICAgIHJlY3Vyc2l2ZTogZmFsc2UKCiAgaW50ZWdyYXRpb24tdGVzdC1vbi1wcjoKICAgIGltYWdlOiB2bXdhcmUvaGFyYm9yLWUyZS1lbmdpbmU6MS4zOAogICAgcHVsbDogdHJ1ZQogICAgcHJpdmlsZWdlZDogdHJ1ZQogICAgZW52aXJvbm1lbnQ6CiAgICAgIEJJTjogYmluCiAgICAgIEdPUEFUSDogL2Ryb25lCiAgICAgIFNIRUxMOiAvYmluL2Jhc2gKICAgICAgTE9HX1RFTVBfRElSOiBpbnN0YWxsLWxvZ3MKICAgICAgR0lUSFVCX0FVVE9NQVRJT05fQVBJX0tFWTogICR7R0lUSFVCX0FVVE9NQVRJT05fQVBJX0tFWX0KICAgICAgRFJPTkVfU0VSVkVSOiAgJHtEUk9ORV9TRVJWRVJ9CiAgICAgIERST05FX1RPS0VOOiAgJHtEUk9ORV9UT0tFTl9JTlRFfQogICAgICBIQVJCT1JfQURNSU46ICR7SEFSQk9SX0FETUlOfQogICAgICBIQVJCT1JfUEFTU1dPUkQ6ICR7SEFSQk9SX1BBU1NXT1JEfQogICAgICBHU19QUk9KRUNUX0lEOiAke0dTX1BST0pFQ1RfSUR9CiAgICAgIEdTX0NMSUVOVF9FTUFJTDogJHtHU19DTElFTlRfRU1BSUx9CiAgICAgIEdTX1BSSVZBVEVfS0VZOiAke0dTX1BSSVZBVEVfS0VZfQogICAgICBET01BSU46ICR7Q0lfRE9NQUlOfQogICAgICBNQUlMX1BXRDogJHtNQUlMX1BXRH0KICAgIGNvbW1hbmRzOgogICAgICAtIHRlc3RzL2ludGVncmF0aW9uLnNoCiAgICB3aGVuOgogICAgICBzdGF0dXM6IHN1Y2Nlc3MKCiAgYnVuZGxlOgogICAgaW1hZ2U6IHZtd2FyZS9oYXJib3ItZTJlLWVuZ2luZToxLjM4CiAgICBwdWxsOiB0cnVlCiAgICBwcml2aWxlZ2VkOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQklOOiBiaW4KICAgICAgR09QQVRIOiAvZHJvbmUKICAgICAgU0hFTEw6IC9iaW4vYmFzaAogICAgICBCVUlMRF9OVU1CRVI6ICR7RFJPTkVfQlVJTERfTlVNQkVSfQogICAgY29tbWFuZHM6CiAgICAgIC0gZHUgLWtzIGhhcmJvci1vZmZsaW5lLWluc3RhbGxlci0qLnRneiB8IGF3ayAne3ByaW50ICQxIC8gMTAyNH0nIHwgeyByZWFkIHg7IGVjaG8gJHggTUI7IH0KICAgICAgLSBta2RpciAtcCBidW5kbGUKICAgICAgLSBjcCBoYXJib3Itb2ZmbGluZS1pbnN0YWxsZXItKi50Z3ogYnVuZGxlCiAgICAgIC0gbHMgLWxhIGJ1bmRsZQogICAgd2hlbjoKICAgICAgcmVwbzogdm13YXJlL2hhcmJvcgogICAgICBldmVudDogWyBwdXNoLCB0YWcgXQogICAgICBicmFuY2g6IFsgbWFzdGVyLCByZWxlYXNlLSosIHJlZnMvdGFncy8qIF0KICAgICAgc3RhdHVzOiBzdWNjZXNzCgogIG5vdGlmeS1zbGFjazoKICAgIGltYWdlOiBwbHVnaW5zL3NsYWNrCiAgICB3ZWJob29rOiAke1NMQUNLX1VSTH0KICAgIHVzZXJuYW1lOiBkcm9uZQogICAgdGVtcGxhdGU6ID4KICAgICAgYnVpbGQgaHR0cHM6Ly9jaS52Y25hLmlvL3Ztd2FyZS9oYXJib3Ive3sgYnVpbGQubnVtYmVyIH19IGZpbmlzaGVkIHdpdGggYSB7eyBidWlsZC5zdGF0dXMgfX0gc3RhdHVzLiBQbGVhc2UgZmluZCBsb2dzIGF0IGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9oYXJib3ItY2ktbG9ncy9pbnRlZ3JhdGlvbl9sb2dzX3t7IGJ1aWxkLm51bWJlciB9fV97eyBidWlsZC5jb21taXQgfX0udGFyLmd6CiAgICB3aGVuOgogICAgICByZXBvOiB2bXdhcmUvaGFyYm9yCiAgICAgIGJyYW5jaDogWyBtYXN0ZXIsIHJlbGVhc2UtKiwgcmVmcy90YWdzLyogXQogICAgICBzdGF0dXM6IFsgZmFpbHVyZSwgc3VjY2VzcyBdCgogIHB1Ymxpc2gtZ2NzLWJ1aWxkczoKICAgIGltYWdlOiBtYXBsYWluL2Ryb25lLWdjczpsYXRlc3QKICAgIHB1bGw6IHRydWUKICAgIHNvdXJjZTogYnVuZGxlCiAgICB0YXJnZXQ6IGhhcmJvci1idWlsZHMKICAgIGFjbDoKICAgICAgLSBhbGxVc2VyczpSRUFERVIKICAgIGNhY2hlX2NvbnRyb2w6IHB1YmxpYyxtYXgtYWdlPTM2MDAKICAgIHdoZW46CiAgICAgIHJlcG86IHZtd2FyZS9oYXJib3IKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnIF0KICAgICAgYnJhbmNoOiBbIG1hc3RlciwgcmVsZWFzZS0qIF0KICAgICAgc3RhdHVzOiBzdWNjZXNzCgogIHB1Ymxpc2gtZ2NzLXJlbGVhc2VzOgogICAgaW1hZ2U6IG1hcGxhaW4vZHJvbmUtZ2NzOmxhdGVzdAogICAgcHVsbDogdHJ1ZQogICAgc291cmNlOiBidW5kbGUKICAgIHRhcmdldDogaGFyYm9yLXJlbGVhc2VzCiAgICBhY2w6CiAgICAgIC0gYWxsVXNlcnM6UkVBREVSCiAgICBjYWNoZV9jb250cm9sOiBwdWJsaWMsbWF4LWFnZT0zNjAwCiAgICB3aGVuOgogICAgICByZXBvOiB2bXdhcmUvaGFyYm9yCiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZyBdCiAgICAgIGJyYW5jaDogWyByZWxlYXNlLSosIHJlZnMvdGFncy8qIF0KICAgICAgc3RhdHVzOiBzdWNjZXNzCgogIHRyaWdnZXI6CiAgICBpbWFnZTogcGx1Z2lucy9kb3duc3RyZWFtCiAgICBzZXJ2ZXI6IGh0dHBzOi8vY2kudmNuYS5pbwogICAgdG9rZW46ICR7RE9XTlNUUkVBTV9UT0tFTn0KICAgIGZvcms6IHRydWUKICAgIHJlcG9zaXRvcmllczoKICAgICAgIC0gdm13YXJlL3ZpYy1wcm9kdWN0CiAgICB3aGVuOgogICAgICByZXBvOiB2bXdhcmUvaGFyYm9yCiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZyBdCiAgICAgIGJyYW5jaDogWyBtYXN0ZXIsIHJlbGVhc2UtKiwgcmVmcy90YWdzLyogXQogICAgICBzdGF0dXM6IHN1Y2Nlc3MK.zJ8m0va6puda1z8zxRk0rDeqPYZxfv7E8TRVI3d_1Sg \ No newline at end of file diff --git a/tests/resources/Cert-Util.robot b/tests/resources/Cert-Util.robot index 50c96f2c1..001f3e9ad 100644 --- a/tests/resources/Cert-Util.robot +++ b/tests/resources/Cert-Util.robot @@ -16,6 +16,17 @@ Documentation This resource contains keywords related to creating and using certificates. Requires scripts in infra/integration-image/scripts be available in PATH *** Keywords *** +Generate Certificate Authority For Chrome + # add the ca to chrome trust list to enable https testing. + [Arguments] ${password}=%{HARBOR_PASSWORD} + Log To Console Generate Certificate Authority For Chrome + ${rc} ${out}= Run And Return Rc And Output echo ${password} > password.ca + Log ${out} + Should Be Equal As Integers ${rc} 0 + ${rc} ${out}= Run And Return Rc And Output certutil -d sql:$HOME/.pki/nssdb -A -t TC -f password.ca -n "Harbor" -i ./harbor_ca.crt + Log ${out} + Should Be Equal As Integers ${rc} 0 + Generate Certificate Authority # Generates CA (private/ca.key.pem, certs/ca.cert.pem, certs/STARK_ENTERPRISES_ROOT_CA.crt) in OUT_DIR [Arguments] ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA ${OUT_DIR}=/root/ca @@ -24,7 +35,6 @@ Generate Certificate Authority Log ${out} Should Be Equal As Integers ${rc} 0 - Generate Wildcard Server Certificate # Generates key and signs with CA for *.DOMAIN (csr/*.DOMAIN.csr.pem, # private/*.DOMAIN.key.pem, certs/*.DOMAIN.cert.pem) in OUT_DIR diff --git a/tests/resources/Docker-Util.robot b/tests/resources/Docker-Util.robot index 16ca3eb51..c3770f3c0 100644 --- a/tests/resources/Docker-Util.robot +++ b/tests/resources/Docker-Util.robot @@ -40,11 +40,11 @@ Push image Log To Console \nRunning docker push ${image}... ${rc}= Run And Return Rc docker pull ${image} ${rc} ${output}= Run And Return Rc And Output docker login -u ${user} -p ${pwd} ${ip} - Log To Console ${output} + Log ${output} Should Be Equal As Integers ${rc} 0 ${rc}= Run And Return Rc docker tag ${image} ${ip}/${project}/${image} ${rc} ${output}= Run And Return Rc And Output docker push ${ip}/${project}/${image} - Log To Console ${output} + Log ${output} Should Be Equal As Integers ${rc} 0 ${rc}= Run And Return Rc docker logout ${ip} @@ -53,11 +53,11 @@ Push Image With Tag Log To Console \nRunning docker push ${image}... ${rc}= Run And Return Rc docker pull ${image} ${rc} ${output}= Run And Return Rc And Output docker login -u ${user} -p ${pwd} ${ip} - Log To Console ${output} + Log ${output} Should Be Equal As Integers ${rc} 0 ${rc}= Run And Return Rc docker tag ${image} ${tag} ${rc} ${output}= Run And Return Rc And Output docker push ${tag} - Log To Console ${output} + Log ${output} Should Be Equal As Integers ${rc} 0 ${rc}= Run And Return Rc docker logout ${ip} @@ -66,7 +66,7 @@ Cannot Pull image ${rc} ${output}= Run And Return Rc And Output docker login -u ${user} -p ${pwd} ${ip} Should Be Equal As Integers ${rc} 0 ${rc} ${output}= Run And Return Rc And Output docker pull ${ip}/${project}/${image} - Log To Console ${output} + Log ${output} Should Not Be Equal As Integers ${rc} 0 Cannot Push image @@ -74,11 +74,11 @@ Cannot Push image Log To Console \nRunning docker push ${image}... ${rc}= Run And Return Rc docker pull ${image} ${rc} ${output}= Run And Return Rc And Output docker login -u ${user} -p ${pwd} ${ip} - Log To Console ${output} + Log ${output} Should Be Equal As Integers ${rc} 0 ${rc}= Run And Return Rc docker tag ${image} ${ip}/${project}/${image} ${rc} ${output}= Run And Return Rc And Output docker push ${ip}/${project}/${image} - Log To Console ${output} + Log ${output} Should Not Be Equal As Integers ${rc} 0 ${rc}= Run And Return Rc docker logout ${ip} diff --git a/tests/resources/Harbor-Util.robot b/tests/resources/Harbor-Util.robot index 95775bd0c..4a6424ee7 100644 --- a/tests/resources/Harbor-Util.robot +++ b/tests/resources/Harbor-Util.robot @@ -24,81 +24,53 @@ ${CLAIR_BUILDER} 1.2.7 *** Keywords *** Install Harbor to Test Server - Log To Console \nStart Docker Daemon - Start Docker Daemon Locally - Sleep 5s - ${rc} ${output}= Run And Return Rc And Output docker ps - Should Be Equal As Integers ${rc} 0 - Log To Console \n${output} - Log To Console \nconfig harbor cfg - Run Keywords Config Harbor cfg - Run Keywords Prepare Cert - Log To Console \ncomplile and up harbor now - Run Keywords Compile and Up Harbor With Source Code + Log To Console \nStart Docker Daemon + Start Docker Daemon Locally + Sleep 5s ${rc} ${output}= Run And Return Rc And Output docker ps Should Be Equal As Integers ${rc} 0 Log To Console \n${output} - -Install Harbor With Notary to Test Server - Log To Console \nStart Docker Daemon - Start Docker Daemon Locally - Sleep 5s - ${rc} ${output}= Run And Return Rc And Output docker ps - Should Be Equal As Integers ${rc} 0 - Log To Console \n${output} Log To Console \nconfig harbor cfg Config Harbor cfg http_proxy=https - ${rc} ${ip}= Run And Return Rc And Output ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}' - Log ${ip} - ${rc}= Run And Return Rc sed "s/^IP=.*/IP=${ip}/g" -i ./tests/generateCerts.sh - Log ${rc} - ${rc} ${output}= Run And Return Rc And Output ./tests/generateCerts.sh - Should Be Equal As Integers ${rc} 0 - ${rc}= Run And Return Rc mkdir -p /etc/docker/certs.d/${ip}/ - Should Be Equal As Integers ${rc} 0 - ${rc}= Run And Return Rc mkdir -p ~/.docker/tls/${ip}:4443/ - Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run And Return Rc And Output cp ./harbor_ca.crt /etc/docker/certs.d/${ip}/ - Log To Console ${output} - Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run And Return Rc And Output cp ./harbor_ca.crt ~/.docker/tls/${ip}:4443/ - Log To Console ${output} - Should Be Equal As Integers ${rc} 0 + Prepare Cert Log To Console \ncomplile and up harbor now - Compile and Up Harbor With Source Code with_notary=true + Compile and Up Harbor With Source Code ${rc} ${output}= Run And Return Rc And Output docker ps Should Be Equal As Integers ${rc} 0 Log To Console \n${output} + Generate Certificate Authority For Chrome Up Harbor - [Arguments] ${with_notary}=true ${with_clair}=true - ${rc} ${output}= Run And Return Rc And Output make start -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} - Log To Console ${rc} - Should Be Equal As Integers ${rc} 0 + [Arguments] ${with_notary}=true ${with_clair}=true + ${rc} ${output}= Run And Return Rc And Output make start -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} + Log ${rc} + Log ${output} + Should Be Equal As Integers ${rc} 0 Down Harbor - [Arguments] ${with_notary}=true ${with_clair}=true - ${rc} ${output}= Run And Return Rc And Output echo "Y" | make down -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} - Log To Console ${rc} - Should Be Equal As Integers ${rc} 0 + [Arguments] ${with_notary}=true ${with_clair}=true + ${rc} ${output}= Run And Return Rc And Output echo "Y" | make down -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} + Log ${rc} + Should Be Equal As Integers ${rc} 0 Package Harbor Offline - [Arguments] ${golang_image}=golang:1.7.3 ${clarity_image}=vmware/harbor-clarity-ui-builder:${CLAIR_BUILDER} ${with_notary}=true ${with_clair}=true ${with_migrator}=true - Log To Console \nStart Docker Daemon - Start Docker Daemon Locally - ${rc} ${output}= Run And Return Rc And Output make package_offline DEVFLAG=false GOBUILDIMAGE=${golang_image} COMPILETAG=compile_golangimage CLARITYIMAGE=${clarity_image} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} MIGRATORFLAG=${with_migrator} HTTPPROXY= - Log To Console ${rc} - Log ${output} - Should Be Equal As Integers ${rc} 0 + [Arguments] ${golang_image}=golang:1.7.3 ${clarity_image}=vmware/harbor-clarity-ui-builder:${CLAIR_BUILDER} ${with_notary}=true ${with_clair}=true ${with_migrator}=true + Log To Console \nStart Docker Daemon + Start Docker Daemon Locally + ${rc} ${output}= Run And Return Rc And Output make package_offline DEVFLAG=false GOBUILDIMAGE=${golang_image} COMPILETAG=compile_golangimage CLARITYIMAGE=${clarity_image} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} MIGRATORFLAG=${with_migrator} HTTPPROXY= + Log ${rc} + Log ${output} + Should Be Equal As Integers ${rc} 0 Switch To LDAP - Down Harbor with_notary=false - ${rc} ${output}= Run And Return Rc And Output rm -rf /data - Log To Console ${rc} - Should Be Equal As Integers ${rc} 0 - Config Harbor cfg auth=ldap_auth - Prepare with_notary=false - Up Harbor with_notary=false + Down Harbor + ${rc} ${output}= Run And Return Rc And Output rm -rf /data + Log ${rc} + Should Be Equal As Integers ${rc} 0 + Prepare Cert + Config Harbor cfg auth=ldap_auth http_proxy=https + Prepare + Up Harbor ${rc}= Run And Return Rc docker pull vmware/harbor-ldap-test:1.1.1 Log ${rc} Should Be Equal As Integers ${rc} 0 @@ -106,81 +78,73 @@ Switch To LDAP Log ${rc} Should Be Equal As Integers ${rc} 0 ${rc} ${output}= Run And Return Rc And Output docker ps + Log ${output} Should Be Equal As Integers ${rc} 0 - -Switch To Notary - Down Harbor with_notary=false - ${rc} ${output}= Run And Return Rc And Output rm -rf /data - Log To Console ${rc} - ${rc} ${output}= Run And Return Rc And Output rm -rf ~/.docker/ - Log To Console ${rc} - Should Be Equal As Integers ${rc} 0 - Config Harbor cfg http_proxy=https - ${rc} ${ip}= Run And Return Rc And Output ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}' - Log ${ip} - ${rc}= Run And Return Rc sed "s/^IP=.*/IP=${ip}/g" -i ./tests/generateCerts.sh + Generate Certificate Authority For Chrome + +Enabe Notary Client + ${rc} ${output}= Run And Return Rc And Output rm -rf ~/.docker/ Log ${rc} - ${rc} ${output}= Run And Return Rc And Output ./tests/generateCerts.sh - Should Be Equal As Integers ${rc} 0 - ${rc}= Run And Return Rc mkdir -p /etc/docker/certs.d/${ip}/ - Should Be Equal As Integers ${rc} 0 - ${rc}= Run And Return Rc mkdir -p ~/.docker/tls/${ip}:4443/ - Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run And Return Rc And Output cp ./harbor_ca.crt /etc/docker/certs.d/${ip}/ - Log To Console ${output} - Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run And Return Rc And Output cp ./harbor_ca.crt ~/.docker/tls/${ip}:4443/ - Log To Console ${output} - Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run And Return Rc And Output ls -la /etc/docker/certs.d/${ip}/ - Log To Console ${output} - ${rc} ${output}= Run And Return Rc And Output ls -la ~/.docker/tls/${ip}:4443/ - Log To Console ${output} - Prepare - Sleep 3s - Up Harbor - Sleep 30s - ${rc} ${output}= Run And Return Rc And Output docker ps Should Be Equal As Integers ${rc} 0 - Log To Console \n${output} + Log ${ip} + ${rc}= Run And Return Rc mkdir -p /etc/docker/certs.d/${ip}/ + Should Be Equal As Integers ${rc} 0 + ${rc}= Run And Return Rc mkdir -p ~/.docker/tls/${ip}:4443/ + Should Be Equal As Integers ${rc} 0 + ${rc} ${output}= Run And Return Rc And Output cp ./harbor_ca.crt /etc/docker/certs.d/${ip}/ + Log ${output} + Should Be Equal As Integers ${rc} 0 + ${rc} ${output}= Run And Return Rc And Output cp ./harbor_ca.crt ~/.docker/tls/${ip}:4443/ + Log ${output} + Should Be Equal As Integers ${rc} 0 + ${rc} ${output}= Run And Return Rc And Output ls -la /etc/docker/certs.d/${ip}/ + Log ${output} + ${rc} ${output}= Run And Return Rc And Output ls -la ~/.docker/tls/${ip}:4443/ + Log ${output} Prepare - [Arguments] ${with_notary}=true ${with_clair}=true - ${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} - Log To Console ${rc} - Log To Console ${output} - Should Be Equal As Integers ${rc} 0 + [Arguments] ${with_notary}=true ${with_clair}=true + ${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} + Log ${rc} + Log ${output} + Should Be Equal As Integers ${rc} 0 Config Harbor cfg # Will change the IP and Protocol in the harbor.cfg [Arguments] ${http_proxy}=http ${auth}=db_auth ${rc} ${output}= Run And Return Rc And Output ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}' - Log ${output} - ${rc}= Run And Return Rc sed "s/reg.mydomain.com/${output}/" -i ./make/harbor.cfg + ${rc}= Run And Return Rc sed "s/^hostname = .*/hostname = ${output}/g" -i ./make/harbor.cfg Log ${rc} Should Be Equal As Integers ${rc} 0 ${rc}= Run And Return Rc sed "s/^ui_url_protocol = .*/ui_url_protocol = ${http_proxy}/g" -i ./make/harbor.cfg Log ${rc} Should Be Equal As Integers ${rc} 0 - ${rc}= Run And Return Rc sed "s/^auth_mode = .*/auth_mode = ${auth}/g" -i ./make/harbor.cfg + ${rc}= Run And Return Rc sed "s/^auth_mode = .*/auth_mode = ${auth}/g" -i ./make/harbor.cfg Log ${rc} Should Be Equal As Integers ${rc} 0 + ${out}= Run cat ./make/harbor.cfg + Log ${out} Prepare Cert # Will change the IP and Protocol in the harbor.cfg - ${rc}= Run And Return Rc ./tests/generateCerts.sh - Log ${rc} - Should Be Equal As Integers ${rc} 0 + ${rc} ${ip}= Run And Return Rc And Output ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}' + Log ${ip} + ${rc}= Run And Return Rc sed "s/^IP=.*/IP=${ip}/g" -i ./tests/generateCerts.sh + Log ${rc} + ${out}= Run cat ./tests/generateCerts.sh + Log ${out} + ${rc} ${output}= Run And Return Rc And Output ./tests/generateCerts.sh + Should Be Equal As Integers ${rc} 0 Compile and Up Harbor With Source Code - [Arguments] ${golang_image}=golang:1.7.3 ${clarity_image}=vmware/harbor-clarity-ui-builder:${CLAIR_BUILDER} ${with_notary}=false ${with_clair}=true - ${rc} ${output}= Run And Return Rc And Output docker pull ${clarity_image} + [Arguments] ${golang_image}=golang:1.7.3 ${clarity_image}=vmware/harbor-clarity-ui-builder:${CLAIR_BUILDER} ${with_notary}=true ${with_clair}=true + ${rc} ${output}= Run And Return Rc And Output docker pull ${clarity_image} Log ${output} - Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run And Return Rc And Output docker pull ${golang_image} + Should Be Equal As Integers ${rc} 0 + ${rc} ${output}= Run And Return Rc And Output docker pull ${golang_image} Log ${output} - Should Be Equal As Integers ${rc} 0 + Should Be Equal As Integers ${rc} 0 ${rc} ${output}= Run And Return Rc And Output make install GOBUILDIMAGE=${golang_image} COMPILETAG=compile_golangimage CLARITYIMAGE=${clarity_image} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} HTTPPROXY= - Log ${output} - Should Be Equal As Integers ${rc} 0 + Log ${output} + Should Be Equal As Integers ${rc} 0 Sleep 20 diff --git a/tests/resources/SeleniumUtil.robot b/tests/resources/SeleniumUtil.robot index aa567217b..b65703e0f 100644 --- a/tests/resources/SeleniumUtil.robot +++ b/tests/resources/SeleniumUtil.robot @@ -26,15 +26,13 @@ Start Selenium Standalone Server Locally Init Chrome Driver Run pkill chromedriver - Run pkill chrome - ${chrome options}= Evaluate sys.modules['selenium.webdriver'].ChromeOptions() sys - Call Method ${chrome options} add_argument --headless - Call Method ${chrome options} add_argument --disable-gpu + Run pkill chrome + ${chrome options}= Evaluate sys.modules['selenium.webdriver'].ChromeOptions() sys + Call Method ${chrome options} add_argument --headless + Call Method ${chrome options} add_argument --disable-gpu Call Method ${chrome options} add_argument --start-maximized - Call Method ${chrome options} add_argument --ignore-certificate-errors - Call Method ${chrome options} add_argument --disable-web-security - Call Method ${chrome options} add_argument --allow-running-insecure-content - Call Method ${chrome options} add_argument --window-size\=1600,900 - ${chrome options.binary_location} Set Variable /usr/bin/google-chrome - Create Webdriver Chrome Chrome_headless chrome_options=${chrome options} - Sleep 5 \ No newline at end of file + Call Method ${chrome options} add_argument --no-sandbox + Call Method ${chrome options} add_argument --window-size\=1600,900 + ${chrome options.binary_location} Set Variable /usr/bin/google-chrome + Create Webdriver Chrome Chrome_headless chrome_options=${chrome options} + Sleep 5 diff --git a/tests/robot-cases/Group0-BAT/BAT.robot b/tests/robot-cases/Group0-BAT/BAT.robot index fa2affb7d..63530f2f9 100644 --- a/tests/robot-cases/Group0-BAT/BAT.robot +++ b/tests/robot-cases/Group0-BAT/BAT.robot @@ -19,7 +19,7 @@ Suite Setup Install Harbor to Test Server Default Tags BAT *** Variables *** -${HARBOR_URL} http://localhost +${HARBOR_URL} https://${ip} *** Test Cases *** Test Case - Create An New User @@ -84,7 +84,7 @@ Test Case - User View Logs Init Chrome Driver ${d}= Get Current Date result_format=%m%s - Create An New Project With New User url=${HARBOR_URL} username=tester${d} email=tester${d}@vmware.com realname=tester${d} newPassword=Test1@34 comment=harbor projectname=project${d} public=true + Create An New Project With New User url=${HARBOR_URL} username=tester${d} email=tester${d}@vmware.com realname=tester${d} newPassword=Test1@34 comment=harbor projectname=project${d} public=true Push image ${ip} tester${d} Test1@34 project${d} busybox:latest Pull image ${ip} tester${d} Test1@34 project${d} busybox:latest @@ -227,7 +227,7 @@ Test Case - Scan A Tag Summary Chart Should Display latest Close Browser -Test Case-Manage Project Member +Test Case - Manage Project Member Init Chrome Driver ${d}= Get current Date result_format=%m%s @@ -278,6 +278,26 @@ Test Case - Assign Sys Admin Administration Tag Should Display Close Browser +Test Case - Admin Push Signed Image + Enabe Notary Client + + ${rc} ${output}= Run And Return Rc And Output docker pull hello-world:latest + Log ${output} + + Push image ${ip} %{HARBOR_ADMIN} %{HARBOR_PASSWORD} library hello-world:latest + ${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group9-Content-trust/notary-push-image.sh + Log ${output} + Should Be Equal As Integers ${rc} 0 + + ${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/tomcat/signatures" + Log To Console ${output} + Should Be Equal As Integers ${rc} 0 + #Should Contain ${output} sha256 + +Test Case - Admin Push Un-Signed Image + ${rc} ${output}= Run And Return Rc And Output docker push ${ip}/library/hello-world:latest + Log To Console ${output} + Test Case - Ldap Sign in and out Switch To LDAP Init Chrome Driver @@ -305,25 +325,5 @@ Test Case - Ldap User Push An Image Wait Until Page Contains project${d}/hello-world Close Browser -Test Case - Admin Push Signed Image - Switch To Notary - - ${rc} ${output}= Run And Return Rc And Output docker pull hello-world:latest - Log To Console ${output} - - Push image ${ip} %{HARBOR_ADMIN} %{HARBOR_PASSWORD} library hello-world:latest - ${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group9-Content-trust/notary-push-image.sh - Log To Console ${output} - Should Be Equal As Integers ${rc} 0 - - ${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/tomcat/signatures" - Log To Console ${output} - Should Be Equal As Integers ${rc} 0 - #Should Contain ${output} sha256 - -Test Case - Admin Push Un-Signed Image - ${rc} ${output}= Run And Return Rc And Output docker push ${ip}/library/hello-world:latest - Log To Console ${output} - Test Case - Clean Harbor Images - Down Harbor with_notary=true + Down Harbor diff --git a/tests/robot-cases/Group9-Content-trust/9-21-admin-push-signed-images.robot b/tests/robot-cases/Group9-Content-trust/9-21-admin-push-signed-images.robot index a9ab75822..8902973c3 100644 --- a/tests/robot-cases/Group9-Content-trust/9-21-admin-push-signed-images.robot +++ b/tests/robot-cases/Group9-Content-trust/9-21-admin-push-signed-images.robot @@ -19,10 +19,11 @@ Default Tags regression *** Test Cases *** Test Case - Admin Push Signed Image - Install Harbor With Notary to Test Server + Install Harbor to Test Server + Enabe Notary Client ${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group9-Content-trust/notary-push-image.sh - Log To Console ${output} + Log ${output} Should Be Equal As Integers ${rc} 0 ${rc} ${ip}= Run And Return Rc And Output ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}' From 29cf632de8557f23ae8b306e8ab0732215db68fd Mon Sep 17 00:00:00 2001 From: "Fuhui Peng (c)" Date: Tue, 31 Oct 2017 19:39:07 +0800 Subject: [PATCH 16/83] modify the remote cert checkbox value --- .../create-edit-endpoint.component.html.ts | 7 ++++++- .../create-edit-endpoint.component.ts | 5 +++++ .../create-edit-rule.component.html.ts | 9 +++++++++ .../create-edit-rule.component.ts | 16 ++++++++++++++-- .../lib/src/endpoint/endpoint.component.html.ts | 2 +- src/ui_ng/package.json | 2 +- .../app/config/email/config-email.component.html | 2 +- .../app/config/email/config-email.component.ts | 6 +++++- src/ui_ng/src/i18n/lang/en-us-lang.json | 2 +- src/ui_ng/src/i18n/lang/es-es-lang.json | 2 +- src/ui_ng/src/i18n/lang/zh-cn-lang.json | 2 +- 11 files changed, 45 insertions(+), 10 deletions(-) diff --git a/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.html.ts b/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.html.ts index 382a71905..8f9dfd10c 100644 --- a/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.html.ts +++ b/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.html.ts @@ -40,7 +40,12 @@ export const CREATE_EDIT_ENDPOINT_TEMPLATE: string = `
- + + + + {{'TOOLTIP.VERIFY_REMOTE_CERT' | translate}} + +
diff --git a/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.ts b/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.ts index d71f8e730..49e00d741 100644 --- a/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.ts +++ b/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.ts @@ -115,6 +115,11 @@ export class CreateEditEndpointComponent implements AfterViewChecked, OnDestroy public get checkboxHasChanged(): boolean { return (this.target.insecure !== this.initVal.insecure) ? true : false; } + + setInsecureValue($event: any) { + this.target.insecure = !$event; + } + ngOnDestroy(): void { if (this.valueChangesSub) { this.valueChangesSub.unsubscribe(); diff --git a/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.html.ts b/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.html.ts index 43eb0daa9..e7bcaf757 100644 --- a/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.html.ts +++ b/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.html.ts @@ -72,6 +72,15 @@ export const CREATE_EDIT_RULE_TEMPLATE: string = `
+
+ + + + + {{'TOOLTIP.VERIFY_REMOTE_CERT' | translate}} + + +
diff --git a/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.ts b/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.ts index 61e037094..602828011 100644 --- a/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.ts +++ b/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.ts @@ -46,6 +46,7 @@ export interface CreateEditRule { endpointUrl?: string; username?: string; password?: string; + insecure?: boolean; } const FAKE_PASSWORD: string = 'ywJZnDTM'; @@ -99,7 +100,8 @@ export class CreateEditRuleComponent implements AfterViewChecked { endpointName: '', endpointUrl: '', username: '', - password: '' + password: '', + insecure: false }; } @@ -169,12 +171,14 @@ export class CreateEditRuleComponent implements AfterViewChecked { this.createEditRule.endpointName = initialEndpoint.name; this.createEditRule.endpointUrl = initialEndpoint.endpoint; this.createEditRule.username = initialEndpoint.username; + this.createEditRule.insecure = initialEndpoint.insecure; this.createEditRule.password = FAKE_PASSWORD; this.initVal.endpointId = this.createEditRule.endpointId; this.initVal.endpointUrl = this.createEditRule.endpointUrl; this.initVal.username = this.createEditRule.username; this.initVal.password = this.createEditRule.password; + this.initVal.insecure = this.createEditRule.insecure; } }) .catch(error=>{ @@ -234,6 +238,7 @@ export class CreateEditRuleComponent implements AfterViewChecked { this.createEditRule.endpointUrl = ''; this.createEditRule.username = ''; this.createEditRule.password = ''; + this.createEditRule.insecure = false; } else { this.prepareTargets(); } @@ -245,6 +250,7 @@ export class CreateEditRuleComponent implements AfterViewChecked { this.createEditRule.endpointId = result.id; this.createEditRule.endpointUrl = result.endpoint; this.createEditRule.username = result.username; + this.createEditRule.insecure = result.insecure; this.createEditRule.password = FAKE_PASSWORD; } } @@ -267,6 +273,7 @@ export class CreateEditRuleComponent implements AfterViewChecked { endpoint.endpoint = this.createEditRule.endpointUrl || ''; endpoint.username = this.createEditRule.username; endpoint.password = this.createEditRule.password; + endpoint.insecure = this.createEditRule.insecure; return endpoint; } @@ -362,6 +369,10 @@ export class CreateEditRuleComponent implements AfterViewChecked { } } + setInsecureValue($event: any) { + this.createEditRule.insecure = !$event; + } + confirmCancel(confirmed: boolean) { this.createEditRuleOpened = false; this.inlineAlert.close(); @@ -379,7 +390,8 @@ export class CreateEditRuleComponent implements AfterViewChecked { targetName: this.initVal.name, endpointUrl: this.initVal.endpointUrl, username: this.initVal.username, - password: this.initVal.password + password: this.initVal.password, + insecure: this.initVal.insecure }; let self: CreateEditRuleComponent | any = this; if(self) { diff --git a/src/ui_ng/lib/src/endpoint/endpoint.component.html.ts b/src/ui_ng/lib/src/endpoint/endpoint.component.html.ts index 9b54f93b3..e5b3cd606 100644 --- a/src/ui_ng/lib/src/endpoint/endpoint.component.html.ts +++ b/src/ui_ng/lib/src/endpoint/endpoint.component.html.ts @@ -30,7 +30,7 @@ export const ENDPOINT_TEMPLATE: string = ` {{t.name}} {{t.endpoint}} - + {{!t.insecure}} {{t.creation_time | date: 'short'}} diff --git a/src/ui_ng/package.json b/src/ui_ng/package.json index 971f2c857..511b7f317 100644 --- a/src/ui_ng/package.json +++ b/src/ui_ng/package.json @@ -31,7 +31,7 @@ "clarity-icons": "^0.9.8", "clarity-ui": "^0.9.8", "core-js": "^2.4.1", - "harbor-ui": "0.4.92", + "harbor-ui": "0.4.95", "intl": "^1.2.5", "mutationobserver-shim": "^0.3.2", "ngx-cookie": "^1.0.0", diff --git a/src/ui_ng/src/app/config/email/config-email.component.html b/src/ui_ng/src/app/config/email/config-email.component.html index 86726034c..8e26db59d 100644 --- a/src/ui_ng/src/app/config/email/config-email.component.html +++ b/src/ui_ng/src/app/config/email/config-email.component.html @@ -70,7 +70,7 @@
- + {{'CONFIG.INSECURE_TOOLTIP' | translate}} diff --git a/src/ui_ng/src/app/config/email/config-email.component.ts b/src/ui_ng/src/app/config/email/config-email.component.ts index 93f18921c..5f709fca3 100644 --- a/src/ui_ng/src/app/config/email/config-email.component.ts +++ b/src/ui_ng/src/app/config/email/config-email.component.ts @@ -23,7 +23,7 @@ import { Configuration } from 'harbor-ui'; }) export class ConfigurationEmailComponent { @Input("mailConfig") currentConfig: Configuration = new Configuration(); - + @ViewChild("mailConfigFrom") mailForm: NgForm; constructor() { } @@ -32,6 +32,10 @@ export class ConfigurationEmailComponent { return !(prop && prop.editable); } + setInsecureValue($event: any) { + this.currentConfig.email_insecure.value = !$event; + } + public isValid(): boolean { return this.mailForm && this.mailForm.valid; } diff --git a/src/ui_ng/src/i18n/lang/en-us-lang.json b/src/ui_ng/src/i18n/lang/en-us-lang.json index c5d2ca74b..35f2d4851 100644 --- a/src/ui_ng/src/i18n/lang/en-us-lang.json +++ b/src/ui_ng/src/i18n/lang/en-us-lang.json @@ -396,7 +396,7 @@ "MAIL_FROM": "Email From", "MAIL_SSL": "Email SSL", "MAIL_INSECURE": "Verify Certificate", - "INSECURE_TOOLTIP": "Determine whether should verify the certificate of a remote Harbor registry. Uncheck this box when the remote registry uses a self-signed or untrusted certificate.", + "INSECURE_TOOLTIP": "Determine whether to verify the certificate of the Email server. Uncheck this box when the Email server uses a self-signed or untrusted certificate.", "SSL_TOOLTIP": "Enable SSL for email server connection", "VERIFY_REMOTE_CERT": "Verify Remote Cert", "TOKEN_EXPIRATION": "Token Expiration (Minutes)", diff --git a/src/ui_ng/src/i18n/lang/es-es-lang.json b/src/ui_ng/src/i18n/lang/es-es-lang.json index 4812095ac..433111e19 100644 --- a/src/ui_ng/src/i18n/lang/es-es-lang.json +++ b/src/ui_ng/src/i18n/lang/es-es-lang.json @@ -397,7 +397,7 @@ "MAIL_FROM": "Email De", "MAIL_SSL": "Email SSL", "MAIL_INSECURE": "Verify Certificate", - "INSECURE_TOOLTIP": "Determina si la verificar el certificado de un registro Harbor remoto. Desmarque esta opción cuando el registro remoto use un certificado de confianza o autofirmado.", + "INSECURE_TOOLTIP": "Determine whether to verify the certificate of the Email server. Uncheck this box when the Email server uses a self-signed or untrusted certificate.", "SSL_TOOLTIP": "Activar SSL en conexiones al servidor de correo", "VERIFY_REMOTE_CERT": "Verificar Certificado Remoto", "TOKEN_EXPIRATION": "Expiración del Token (Minutos)", diff --git a/src/ui_ng/src/i18n/lang/zh-cn-lang.json b/src/ui_ng/src/i18n/lang/zh-cn-lang.json index afaa86f7b..4d4f18bd9 100644 --- a/src/ui_ng/src/i18n/lang/zh-cn-lang.json +++ b/src/ui_ng/src/i18n/lang/zh-cn-lang.json @@ -396,7 +396,7 @@ "MAIL_FROM": "邮件来源", "MAIL_SSL": "邮件 SSL", "MAIL_INSECURE": "验证证书", - "INSECURE_TOOLTIP": "确定是否要验证远程Harbor实例的证书。如果远程实例使用的是自签或者非信任证书,不要勾选此项。", + "INSECURE_TOOLTIP": "确定是否要验证邮件服务器的证书。如果邮件服务器使用的是自签或者非信任证书,不要勾选此项。", "SSL_TOOLTIP": "启用SSL到邮件服务器连接。", "VERIFY_REMOTE_CERT": "验证远程证书", "TOKEN_EXPIRATION": "令牌过期时间(分钟)", From 0045b269dbc10d25214da3816baabbdf368a8a96 Mon Sep 17 00:00:00 2001 From: "Deng, Qian" Date: Wed, 1 Nov 2017 10:31:21 +0800 Subject: [PATCH 17/83] fix bug when save policies --- .../project-policy-config/project-policy-config.component.ts | 2 +- src/ui_ng/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts index 1dfc4768b..037ea4da1 100644 --- a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts +++ b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts @@ -107,7 +107,7 @@ export class ProjectPolicyConfigComponent implements OnInit { } hasChanges() { - return compareValue(this.orgProjectPolicy, this.projectPolicy) + return !compareValue(this.orgProjectPolicy, this.projectPolicy); } save() { diff --git a/src/ui_ng/package.json b/src/ui_ng/package.json index 971f2c857..9653eef0b 100644 --- a/src/ui_ng/package.json +++ b/src/ui_ng/package.json @@ -31,7 +31,7 @@ "clarity-icons": "^0.9.8", "clarity-ui": "^0.9.8", "core-js": "^2.4.1", - "harbor-ui": "0.4.92", + "harbor-ui": "0.4.94", "intl": "^1.2.5", "mutationobserver-shim": "^0.3.2", "ngx-cookie": "^1.0.0", From 9e1049e3c9385b8e404eee1677823d382bf00183 Mon Sep 17 00:00:00 2001 From: wangyan Date: Tue, 31 Oct 2017 22:17:46 -0700 Subject: [PATCH 18/83] Update package offline installer with vmware/photon --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6e7d7d66c..5a88c8fd8 100644 --- a/Makefile +++ b/Makefile @@ -224,7 +224,7 @@ DOCKERSAVE_PARA=$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \ $(DOCKERIMAGENAME_DB):$(VERSIONTAG) \ $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \ vmware/nginx-photon:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) \ - photon:$(PHOTONVERSION) + vmware/photon:$(PHOTONVERSION) PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(GITTAGVERSION).tgz \ $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \ $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \ From d3f9d0545dd8df87ccb2288afc6d6cc9f9020a3e Mon Sep 17 00:00:00 2001 From: myufei Date: Tue, 31 Oct 2017 15:25:35 +0800 Subject: [PATCH 19/83] Update assert of keyword Project should not be deleted --- tests/resources/Harbor-Pages/Project.robot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/resources/Harbor-Pages/Project.robot b/tests/resources/Harbor-Pages/Project.robot index b29199afd..b4fc01962 100644 --- a/tests/resources/Harbor-Pages/Project.robot +++ b/tests/resources/Harbor-Pages/Project.robot @@ -111,7 +111,7 @@ Project Should Not Be Deleted [Arguments] ${projname} Delete Project ${projname} Sleep 1 - Page Should Contain Element //clr-alert//span[contains(.,'cannot')] + Page Should Contain ${projname} Project Should Be Deleted [Arguments] ${projname} From 091f68e5b03d3a86af44b261c947566becee9182 Mon Sep 17 00:00:00 2001 From: "Deng, Qian" Date: Tue, 19 Sep 2017 10:02:36 +0800 Subject: [PATCH 20/83] fix tag vulnerability text to uppercase --- src/ui_ng/lib/src/tag/tag.component.html.ts | 2 +- src/ui_ng/package.json | 2 +- src/ui_ng/src/i18n/lang/en-us-lang.json | 1 + src/ui_ng/src/i18n/lang/es-es-lang.json | 1 + src/ui_ng/src/i18n/lang/zh-cn-lang.json | 1 + 5 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ui_ng/lib/src/tag/tag.component.html.ts b/src/ui_ng/lib/src/tag/tag.component.html.ts index 228bb8136..a0720a00b 100644 --- a/src/ui_ng/lib/src/tag/tag.component.html.ts +++ b/src/ui_ng/lib/src/tag/tag.component.html.ts @@ -18,7 +18,7 @@ export const TAG_TEMPLATE = ` {{'REPOSITORY.TAG' | translate}} {{'REPOSITORY.SIZE' | translate}} {{'REPOSITORY.PULL_COMMAND' | translate}} - {{'VULNERABILITY.SINGULAR' | translate}} + {{'REPOSITORY.VULNERABILITY' | translate}} {{'REPOSITORY.SIGNED' | translate}} {{'REPOSITORY.AUTHOR' | translate}} {{'REPOSITORY.CREATED' | translate}} diff --git a/src/ui_ng/package.json b/src/ui_ng/package.json index 9653eef0b..6b48801c1 100644 --- a/src/ui_ng/package.json +++ b/src/ui_ng/package.json @@ -31,7 +31,7 @@ "clarity-icons": "^0.9.8", "clarity-ui": "^0.9.8", "core-js": "^2.4.1", - "harbor-ui": "0.4.94", + "harbor-ui": "0.4.96", "intl": "^1.2.5", "mutationobserver-shim": "^0.3.2", "ngx-cookie": "^1.0.0", diff --git a/src/ui_ng/src/i18n/lang/en-us-lang.json b/src/ui_ng/src/i18n/lang/en-us-lang.json index c5d2ca74b..ea23e3e06 100644 --- a/src/ui_ng/src/i18n/lang/en-us-lang.json +++ b/src/ui_ng/src/i18n/lang/en-us-lang.json @@ -348,6 +348,7 @@ "FILTER_FOR_REPOSITORIES": "Filter Repositories", "TAG": "Tag", "SIZE": "Size", + "VULNERABILITY": "Vulnerability", "SIGNED": "Signed", "AUTHOR": "Author", "CREATED": "Creation Time", diff --git a/src/ui_ng/src/i18n/lang/es-es-lang.json b/src/ui_ng/src/i18n/lang/es-es-lang.json index 4812095ac..ce3263d83 100644 --- a/src/ui_ng/src/i18n/lang/es-es-lang.json +++ b/src/ui_ng/src/i18n/lang/es-es-lang.json @@ -349,6 +349,7 @@ "FILTER_FOR_REPOSITORIES": "Filtrar Repositorios", "TAG": "Etiqueta", "SIZE": "Size", + "VULNERABILITY": "Vulnerability", "SIGNED": "Firmada", "AUTHOR": "Autor", "CREATED": "Fecha de creación", diff --git a/src/ui_ng/src/i18n/lang/zh-cn-lang.json b/src/ui_ng/src/i18n/lang/zh-cn-lang.json index afaa86f7b..0f6279d87 100644 --- a/src/ui_ng/src/i18n/lang/zh-cn-lang.json +++ b/src/ui_ng/src/i18n/lang/zh-cn-lang.json @@ -348,6 +348,7 @@ "FILTER_FOR_REPOSITORIES": "过滤镜像仓库", "TAG": "标签", "SIZE": "大小", + "VULNERABILITY": "漏洞", "SIGNED": "已签名", "AUTHOR": "作者", "CREATED": "创建时间", From bd2bb0a697a0764a59a8ed37e98c655ff93b54f2 Mon Sep 17 00:00:00 2001 From: "Deng, Qian" Date: Wed, 1 Nov 2017 16:40:01 +0800 Subject: [PATCH 21/83] fix project admin can view project config --- .../app/project/project-detail/project-detail.component.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ui_ng/src/app/project/project-detail/project-detail.component.html b/src/ui_ng/src/app/project/project-detail/project-detail.component.html index 317f03b8a..3feaa5d1c 100644 --- a/src/ui_ng/src/app/project/project-detail/project-detail.component.html +++ b/src/ui_ng/src/app/project/project-detail/project-detail.component.html @@ -16,7 +16,7 @@
  • {{'PROJECT_DETAIL.REPLICATION' | translate}}
    • -
  • +
  • {{'PROJECT_DETAIL.CONFIG' | translate}}
    • From bcfba78615c9985cada874a940b657d286e96b5c Mon Sep 17 00:00:00 2001 From: "Fuhui Peng (c)" Date: Wed, 1 Nov 2017 17:29:02 +0800 Subject: [PATCH 22/83] modify test case about email config --- tests/resources/Harbor-Pages/Configuration.robot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/resources/Harbor-Pages/Configuration.robot b/tests/resources/Harbor-Pages/Configuration.robot index c870c5602..584d0ac37 100644 --- a/tests/resources/Harbor-Pages/Configuration.robot +++ b/tests/resources/Harbor-Pages/Configuration.robot @@ -159,7 +159,7 @@ Verify Email Textfield Value Should Be xpath=//*[@id="emailUsername"] example@vmware.com Textfield Value Should Be xpath=//*[@id="emailFrom"] example Checkbox Should Be Selected xpath=//*[@id="clr-checkbox-emailSSL"] - Checkbox Should Be Selected xpath=//*[@id="clr-checkbox-emailInsecure"] + Checkbox Should Not Be Selected xpath=//*[@id="clr-checkbox-emailInsecure"] Set Scan All To None click element //vulnerability-config//select From 6c092e21721b4a12c9ba67189b3217807c39ba8f Mon Sep 17 00:00:00 2001 From: wangyan Date: Wed, 1 Nov 2017 03:09:45 -0700 Subject: [PATCH 23/83] Return error on packaging offline installer failure --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5a88c8fd8..432356cc9 100644 --- a/Makefile +++ b/Makefile @@ -384,7 +384,8 @@ package_offline: compile build modify_sourcefiles modify_composefile fi @echo "saving harbor docker image" - @$(DOCKERSAVE) $(DOCKERSAVE_PARA) | gzip > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz + @$(DOCKERSAVE) $(DOCKERSAVE_PARA) > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar + @gzip $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar @$(TARCMD) $(PACKAGE_OFFLINE_PARA) @rm -rf $(HARBORPKG) From 48cbdcbb08acbd31519c9b5c62d8e7f69c0a6e80 Mon Sep 17 00:00:00 2001 From: "Fuhui Peng (c)" Date: Wed, 1 Nov 2017 18:45:11 +0800 Subject: [PATCH 24/83] change package version --- src/ui_ng/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ui_ng/package.json b/src/ui_ng/package.json index 6b48801c1..e690d16d1 100644 --- a/src/ui_ng/package.json +++ b/src/ui_ng/package.json @@ -31,7 +31,7 @@ "clarity-icons": "^0.9.8", "clarity-ui": "^0.9.8", "core-js": "^2.4.1", - "harbor-ui": "0.4.96", + "harbor-ui": "0.4.97", "intl": "^1.2.5", "mutationobserver-shim": "^0.3.2", "ngx-cookie": "^1.0.0", From 5ffa192b7994322e02e3c89bd35e8f3707560d65 Mon Sep 17 00:00:00 2001 From: "Deng, Qian" Date: Thu, 2 Nov 2017 14:23:45 +0800 Subject: [PATCH 25/83] db migration from 1.2.0 to 1.3.0 --- tools/migration/db_meta.py | 43 +++++++++++-- .../migration_harbor/versions/1_3_0.py | 63 +++++++++++++++++++ 2 files changed, 100 insertions(+), 6 deletions(-) create mode 100644 tools/migration/migration_harbor/versions/1_3_0.py diff --git a/tools/migration/db_meta.py b/tools/migration/db_meta.py index b447e5a54..63f102511 100644 --- a/tools/migration/db_meta.py +++ b/tools/migration/db_meta.py @@ -6,8 +6,10 @@ from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.orm import sessionmaker, relationship from sqlalchemy.dialects import mysql + Base = declarative_base() + class User(Base): __tablename__ = 'user' @@ -24,12 +26,14 @@ class User(Base): creation_time = sa.Column(mysql.TIMESTAMP) update_time = sa.Column(mysql.TIMESTAMP) + class Properties(Base): __tablename__ = 'properties' k = sa.Column(sa.String(64), primary_key = True) v = sa.Column(sa.String(128), nullable = False) + class ProjectMember(Base): __tablename__ = 'project_member' @@ -42,6 +46,7 @@ class ProjectMember(Base): sa.ForeignKeyConstraint(['role'], [u'role.role_id'], ), sa.ForeignKeyConstraint(['user_id'], [u'user.user_id'], ), + class UserProjectRole(Base): __tablename__ = 'user_project_role' @@ -50,6 +55,7 @@ class UserProjectRole(Base): pr_id = sa.Column(sa.Integer(), sa.ForeignKey('project_role.pr_id')) project_role = relationship("ProjectRole") + class ProjectRole(Base): __tablename__ = 'project_role' @@ -59,6 +65,7 @@ class ProjectRole(Base): sa.ForeignKeyConstraint(['role_id'], [u'role.role_id']) sa.ForeignKeyConstraint(['project_id'], [u'project.project_id']) + class Access(Base): __tablename__ = 'access' @@ -66,6 +73,7 @@ class Access(Base): access_code = sa.Column(sa.String(1)) comment = sa.Column(sa.String(30)) + class Role(Base): __tablename__ = 'role' @@ -74,6 +82,7 @@ class Role(Base): role_code = sa.Column(sa.String(20)) name = sa.Column(sa.String(20)) + class Project(Base): __tablename__ = 'project' @@ -83,9 +92,23 @@ class Project(Base): creation_time = sa.Column(mysql.TIMESTAMP) update_time = sa.Column(mysql.TIMESTAMP) deleted = sa.Column(sa.Integer, nullable=False, server_default=sa.text("'0'")) - public = sa.Column(sa.Integer, nullable=False, server_default=sa.text("'0'")) owner = relationship(u'User') + +class ProjectMetadata(Base): + __tablename__ = 'project_metadata' + + id = sa.Column(sa.Integer, primary_key=True) + project_id = sa.Column(sa.ForeignKey(u'project.project_id'), nullable=False) + name = sa.Column(sa.String(255), nullable=False) + value = sa.Column(sa.String(255)) + creation_time = sa.Column(mysql.TIMESTAMP, server_default=sa.text("CURRENT_TIMESTAMP")) + update_time = sa.Column(mysql.TIMESTAMP, server_default=sa.text("CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")) + deleted = sa.Column(mysql.TINYINT(1), nullable=False, server_default='0') + + __table_args__ = (sa.UniqueConstraint('project_id', 'name', name='unique_project_id_and_name'),) + + class ReplicationPolicy(Base): __tablename__ = "replication_policy" @@ -100,6 +123,7 @@ class ReplicationPolicy(Base): creation_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP")) update_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")) + class ReplicationTarget(Base): __tablename__ = "replication_target" @@ -109,9 +133,11 @@ class ReplicationTarget(Base): username = sa.Column(sa.String(255)) password = sa.Column(sa.String(40)) target_type = sa.Column(mysql.TINYINT(1), nullable=False, server_default=sa.text("'0'")) + insecure = sa.Column(mysql.TINYINT(1), nullable=False, server_default='0') creation_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP")) update_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")) + class ReplicationJob(Base): __tablename__ = "replication_job" @@ -123,9 +149,10 @@ class ReplicationJob(Base): tags = sa.Column(sa.String(16384)) creation_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP")) update_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")) - + __table_args__ = (sa.Index('policy', "policy_id"),) + class Repository(Base): __tablename__ = "repository" @@ -139,6 +166,7 @@ class Repository(Base): creation_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP")) update_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")) + class AccessLog(Base): __tablename__ = "access_log" @@ -152,9 +180,10 @@ class AccessLog(Base): operation = sa.Column(sa.String(20)) op_time = sa.Column(mysql.TIMESTAMP) update_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")) - + __table_args__ = (sa.Index('project_id', "op_time"),) - + + class ImageScanJob(Base): __tablename__ = "img_scan_job" @@ -165,7 +194,8 @@ class ImageScanJob(Base): digest = sa.Column(sa.String(128)) creation_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP")) update_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")) - + + class ImageScanOverview(Base): __tablename__ = "img_scan_overview" @@ -177,7 +207,8 @@ class ImageScanOverview(Base): details_key = sa.Column(sa.String(128)) creation_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP")) update_time = sa.Column(mysql.TIMESTAMP, server_default = sa.text("CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")) - + + class ClairVulnTimestamp(Base): __tablename__ = "clair_vuln_timestamp" diff --git a/tools/migration/migration_harbor/versions/1_3_0.py b/tools/migration/migration_harbor/versions/1_3_0.py new file mode 100644 index 000000000..5983dec1c --- /dev/null +++ b/tools/migration/migration_harbor/versions/1_3_0.py @@ -0,0 +1,63 @@ +# Copyright (c) 2008-2016 VMware, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""1.2.0 to 1.3.0 + +Revision ID: 1.2.0 +Revises: + +""" + +# revision identifiers, used by Alembic. +revision = '1.3.0' +down_revision = '1.2.0' +branch_labels = None +depends_on = None + +from alembic import op +from db_meta import * + +from sqlalchemy.dialects import mysql + +Session = sessionmaker() + +def upgrade(): + """ + update schema&data + """ + bind = op.get_bind() + session = Session(bind=bind) + + # create table project_metadata + ProjectMetadata.__table__.create(bind) + + # migrate public data form project to project meta + # The original type is int in project_meta data value type is string + project_publicity = session.execute('SELECT project_id, public from project').fetchall() + project_metadatas = [ProjectMetadata(project_id=project_id, name='public', value='true' if public else 'false') + for project_id, public in project_publicity] + session.add_all(project_metadatas) + + # drop public column from project + op.drop_column("project", "public") + + # add column insecure to replication target + op.add_column('replication_target', sa.Column('insecure', mysql.TINYINT(1), nullable=False, server_default='0')) + + session.commit() + +def downgrade(): + """ + Downgrade has been disabled. + """ From 047e5e9d05521976fb59d9a65f1eb541ae539384 Mon Sep 17 00:00:00 2001 From: "kevin.xu" Date: Thu, 2 Nov 2017 05:12:28 -0500 Subject: [PATCH 26/83] Update kubernetes_deployment.md --- docs/kubernetes_deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kubernetes_deployment.md b/docs/kubernetes_deployment.md index 463ace58a..b7e5dfb5c 100644 --- a/docs/kubernetes_deployment.md +++ b/docs/kubernetes_deployment.md @@ -166,5 +166,5 @@ After the pods are running, you can access Harbor's UI via the configured endpoi ####Limitation 1. Current deployment is http only, to enable https you need to either add another layer of proxy or modify the nginx.cm.yaml to enable https and include a correct certificate -2. Current deployment does not include Clair and Notary, which are supported in docker-compose deployment. They will be supported in near futuer, stay tuned. +2. Current deployment does not include Clair and Notary, which are supported in docker-compose deployment. They will be supported in near future, stay tuned. From ec8216a7db4016f5ee0e7191ecac74a1004ebd06 Mon Sep 17 00:00:00 2001 From: wangyan Date: Thu, 2 Nov 2017 23:10:25 -0700 Subject: [PATCH 27/83] Update migrator version to 1.3 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 401d0d5c8..337fc2683 100644 --- a/Makefile +++ b/Makefile @@ -214,7 +214,7 @@ REGISTRYUSER=user REGISTRYPASSWORD=default # migrator -MIGRATORVERSION=1.2 +MIGRATORVERSION=1.3 MIGRATORFLAG=false # cmds From 6f335bdb1a7d4099fb20cb743ef1e0c0b5c80b32 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 1 Nov 2017 20:51:32 -0700 Subject: [PATCH 28/83] Deprivilege harobr-log, harbor-db, registry image. This change involves using non-root user to run the process of the docker images. Also made update in Dockerfile to make the containers support "read-only" and introduce "HEALTHCHECK". Note the "read-only" options are not enabled in docker-compose, to cover the very corner case when user wants to update the container filesystem manually. Remove read only option from docker-compose template by default --- Makefile | 2 +- make/common/db/Dockerfile | 2 ++ make/common/mariadb/Dockerfile | 4 ++-- make/common/rsyslog/Dockerfile | 3 +-- make/docker-compose.tpl | 2 +- make/photon/Makefile | 2 +- make/photon/log/Dockerfile | 20 +++++++++++++------ make/{common => photon}/log/rotate.sh | 0 make/{common => photon}/log/rsyslog.conf | 6 +++--- .../log/rsyslog_docker.conf | 0 make/photon/log/start.sh | 7 +++++++ make/photon/registry/Dockerfile | 13 ++++++++---- make/photon/registry/entrypoint.sh | 11 +++++++++- 13 files changed, 51 insertions(+), 21 deletions(-) rename make/{common => photon}/log/rotate.sh (100%) rename make/{common => photon}/log/rsyslog.conf (91%) rename make/{common => photon}/log/rsyslog_docker.conf (100%) create mode 100644 make/photon/log/start.sh diff --git a/Makefile b/Makefile index 401d0d5c8..6a728badd 100644 --- a/Makefile +++ b/Makefile @@ -313,7 +313,7 @@ prepare: build_common: version @echo "buildging db container for photon..." - @cd $(DOCKERFILEPATH_DB) && $(DOCKERBUILD) -f $(DOCKERFILENAME_DB) -t $(DOCKERIMAGENAME_DB):$(VERSIONTAG) . + @cd $(DOCKERFILEPATH_DB) && $(DOCKERBUILD) --pull -f $(DOCKERFILENAME_DB) -t $(DOCKERIMAGENAME_DB):$(VERSIONTAG) . @echo "Done." build_photon: build_common diff --git a/make/common/db/Dockerfile b/make/common/db/Dockerfile index 89deb569c..1f6024ec6 100644 --- a/make/common/db/Dockerfile +++ b/make/common/db/Dockerfile @@ -1,5 +1,7 @@ FROM vmware/mariadb-photon:10.2.8 +HEALTHCHECK CMD mysqladmin -uroot -p$MYSQL_ROOT_PASSWORD ping + COPY registry.sql /docker-entrypoint-initdb.d/ COPY registry-flag.sh /docker-entrypoint-initdb.d/ COPY upgrade.sh /docker-entrypoint-updatedb.d/ diff --git a/make/common/mariadb/Dockerfile b/make/common/mariadb/Dockerfile index 4afe6e365..c0e669a01 100644 --- a/make/common/mariadb/Dockerfile +++ b/make/common/mariadb/Dockerfile @@ -4,7 +4,7 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y || echo \ && tdnf install -y sed shadow procps-ng gawk gzip sudo net-tools \ - && groupadd -r -g 999 mysql && useradd --no-log-init -r -g 999 -u 999 mysql \ + && groupadd -r -g 10000 mysql && useradd --no-log-init -r -g 10000 -u 10000 mysql \ && tdnf install -y mariadb-server mariadb \ && mkdir /docker-entrypoint-initdb.d /docker-entrypoint-updatedb.d \ && rm -fr /var/lib/mysql \ @@ -18,7 +18,7 @@ RUN chmod +x /usr/local/bin/docker-entrypoint.sh COPY my.cnf /etc/ RUN ln -s usr/local/bin/docker-entrypoint.sh / -VOLUME /var/lib/mysql +VOLUME /var/lib/mysql /docker-entrypoint-initdb.d /docker-entrypoint-updatedb.d /tmp /var/run/mysqld EXPOSE 3306 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] diff --git a/make/common/rsyslog/Dockerfile b/make/common/rsyslog/Dockerfile index 8616319de..cd0027005 100644 --- a/make/common/rsyslog/Dockerfile +++ b/make/common/rsyslog/Dockerfile @@ -6,6 +6,5 @@ RUN tdnf distro-sync -y || echo \ && tdnf install -y cronie rsyslog shadow tar gzip \ && mkdir /etc/rsyslog.d/ \ && mkdir /var/spool/rsyslog \ - && groupadd syslog \ - && useradd -g syslog syslog \ + && groupadd -r -g 10000 syslog && useradd --no-log-init -r -g 10000 -u 10000 syslog \ && tdnf clean all diff --git a/make/docker-compose.tpl b/make/docker-compose.tpl index 2f907f91b..18c8d6cf7 100644 --- a/make/docker-compose.tpl +++ b/make/docker-compose.tpl @@ -9,7 +9,7 @@ services: volumes: - /var/log/harbor/:/var/log/docker/:z ports: - - 127.0.0.1:1514:514 + - 127.0.0.1:1514:10514 networks: - harbor registry: diff --git a/make/photon/Makefile b/make/photon/Makefile index 1b7673ed5..fd94c6eeb 100644 --- a/make/photon/Makefile +++ b/make/photon/Makefile @@ -75,7 +75,7 @@ build: @echo "Done." @echo "building log container for photon..." - $(DOCKERBUILD) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) . + $(DOCKERBUILD) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) $(DOCKERFILEPATH_LOG) @echo "Done." cleanimage: diff --git a/make/photon/log/Dockerfile b/make/photon/log/Dockerfile index af0d78da9..1d34c93a0 100644 --- a/make/photon/log/Dockerfile +++ b/make/photon/log/Dockerfile @@ -1,16 +1,24 @@ FROM vmware/rsyslog-photon:8.15.0 -ADD make/common/log/rsyslog.conf /etc/rsyslog.conf +COPY rsyslog.conf /etc/rsyslog.conf # rotate logs weekly # notes: file name cannot contain dot, or the script will not run -ADD make/common/log/rotate.sh /etc/cron.daily/rotate +COPY rotate.sh /etc/cron.daily/rotate # rsyslog configuration file for docker -ADD make/common/log/rsyslog_docker.conf /etc/rsyslog.d/ +COPY rsyslog_docker.conf /etc/rsyslog.d/ -VOLUME /var/log/docker/ +COPY start.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/start.sh && \ + tdnf install -y sudo net-tools && \ + chown -R 10000:10000 /run -EXPOSE 514 +HEALTHCHECK CMD netstat -ltu|grep 10514 -CMD crond && rm -f /var/run/rsyslogd.pid && rsyslogd -n +VOLUME /var/log/docker/ /run/ + +EXPOSE 10514 + +#CMD crond && rm -f /var/run/rsyslogd.pid && rsyslogd -n +CMD /usr/local/bin/start.sh diff --git a/make/common/log/rotate.sh b/make/photon/log/rotate.sh similarity index 100% rename from make/common/log/rotate.sh rename to make/photon/log/rotate.sh diff --git a/make/common/log/rsyslog.conf b/make/photon/log/rsyslog.conf similarity index 91% rename from make/common/log/rsyslog.conf rename to make/photon/log/rsyslog.conf index 8b5c4fd84..056d4f271 100644 --- a/make/common/log/rsyslog.conf +++ b/make/photon/log/rsyslog.conf @@ -10,17 +10,17 @@ #### MODULES #### ################# -$ModLoad imuxsock # provides support for local system logging +#$ModLoad imuxsock # provides support for local system logging #$ModLoad imklog # provides kernel logging support #$ModLoad immark # provides --MARK-- message capability # provides UDP syslog reception $ModLoad imudp -$UDPServerRun 514 +$UDPServerRun 10514 # provides TCP syslog reception $ModLoad imtcp -$InputTCPServerRun 514 +$InputTCPServerRun 10514 # Enable non-kernel facility klog messages #$KLogPermitNonKernelFacility on diff --git a/make/common/log/rsyslog_docker.conf b/make/photon/log/rsyslog_docker.conf similarity index 100% rename from make/common/log/rsyslog_docker.conf rename to make/photon/log/rsyslog_docker.conf diff --git a/make/photon/log/start.sh b/make/photon/log/start.sh new file mode 100644 index 000000000..558098129 --- /dev/null +++ b/make/photon/log/start.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e +chown -R 10000:10000 /var/log/docker +crond +rm -f /var/run/rsyslogd.pid +sudo -u \#10000 -E 'rsyslogd' '-n' +set +e diff --git a/make/photon/registry/Dockerfile b/make/photon/registry/Dockerfile index e6e54394e..6845d7127 100644 --- a/make/photon/registry/Dockerfile +++ b/make/photon/registry/Dockerfile @@ -5,17 +5,22 @@ MAINTAINER wangyan@vmware.com # The original script in the docker offical registry image. RUN tdnf distro-sync -y \ && tdnf erase vim -y \ - && tdnf clean all + && tdnf install sudo -y \ + && tdnf clean all \ + && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor + COPY entrypoint.sh / RUN chmod u+x /entrypoint.sh -RUN mkdir -p /etc/docker/registry -COPY config.yml /etc/docker/registry/config.yml +RUN mkdir -p /etc/registry +COPY config.yml /etc/registry/config.yml COPY binary/registry /usr/bin RUN chmod u+x /usr/bin/registry +HEALTHCHECK CMD curl 127.0.0.1:5000/ + VOLUME ["/var/lib/registry"] EXPOSE 5000 ENTRYPOINT ["/entrypoint.sh"] -CMD ["/etc/docker/registry/config.yml"] +CMD ["/etc/registry/config.yml"] diff --git a/make/photon/registry/entrypoint.sh b/make/photon/registry/entrypoint.sh index f8d07d800..873f62001 100644 --- a/make/photon/registry/entrypoint.sh +++ b/make/photon/registry/entrypoint.sh @@ -2,9 +2,18 @@ set -e +if [ -d /etc/registry ]; then + chown 10000:10000 -R /etc/registry +fi +if [ -d /var/lib/registry ]; then + chown 10000:10000 -R /var/lib/registry +fi +if [ -d /storage ]; then + chown 10000:10000 -R /storage +fi case "$1" in *.yaml|*.yml) set -- registry serve "$@" ;; serve|garbage-collect|help|-*) set -- registry "$@" ;; esac -exec "$@" \ No newline at end of file +sudo -E -u \#10000 "$@" From 795d33a45a0dcd45408d468c7e1e69831ca56d5a Mon Sep 17 00:00:00 2001 From: Daniel Jiang Date: Fri, 3 Nov 2017 14:43:27 +0800 Subject: [PATCH 29/83] Add filter on API endpoints to mitigate XSRF (#3542) Add filter for all API endpoints to allow the POST requests which have application/json header. Make update to UI code to make sure all requests contain the header. --- src/ui/filter/mediatype.go | 43 +++++++++++++++++ src/ui/filter/mediatype_test.go | 42 +++++++++++++++++ src/ui/main.go | 1 + .../project-policy-config.component.ts | 6 +-- .../lib/src/service/access-log.service.ts | 4 +- .../lib/src/service/configuration.service.ts | 6 +-- src/ui_ng/lib/src/service/endpoint.service.ts | 14 +++--- src/ui_ng/lib/src/service/job-log.service.ts | 4 +- src/ui_ng/lib/src/service/project.service.ts | 8 ++-- .../lib/src/service/replication.service.ts | 6 +-- src/ui_ng/lib/src/service/scanning.service.ts | 4 +- .../lib/src/service/system-info.service.ts | 3 +- src/ui_ng/lib/src/service/tag.service.ts | 6 +-- src/ui_ng/lib/src/utils.ts | 13 +++++- src/ui_ng/package.json | 2 +- .../password/password-setting.service.ts | 20 ++------ .../app/account/sign-in/sign-in.service.ts | 6 +-- src/ui_ng/src/app/app-config.service.ts | 12 ++--- .../global-search/global-search.service.ts | 9 +--- src/ui_ng/src/app/config/config.service.ts | 16 ++----- src/ui_ng/src/app/log/audit-log.service.ts | 30 ++++++------ .../src/app/project/member/member.service.ts | 7 +-- src/ui_ng/src/app/project/project.service.ts | 18 ++++---- .../top-repo/top-repository.service.ts | 9 +--- src/ui_ng/src/app/shared/session.service.ts | 23 ++++------ src/ui_ng/src/app/shared/shared.utils.ts | 46 +++++++++++++++++++ .../shared/statictics/statistics.service.ts | 11 ++--- src/ui_ng/src/app/user/user.service.ts | 16 +++---- 28 files changed, 237 insertions(+), 148 deletions(-) create mode 100644 src/ui/filter/mediatype.go create mode 100644 src/ui/filter/mediatype_test.go diff --git a/src/ui/filter/mediatype.go b/src/ui/filter/mediatype.go new file mode 100644 index 000000000..8d2765faf --- /dev/null +++ b/src/ui/filter/mediatype.go @@ -0,0 +1,43 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package filter + +import ( + beegoctx "github.com/astaxie/beego/context" + "net/http" + "strings" +) + +//MediaTypeFilter filters the POST request, it returns 415 if the content type of the request +//doesn't match the preset ones. +func MediaTypeFilter(mediaType ...string) func(*beegoctx.Context) { + return func(ctx *beegoctx.Context) { + filterContentType(ctx.Request, ctx.ResponseWriter, mediaType...) + } +} + +func filterContentType(req *http.Request, resp http.ResponseWriter, mediaType ...string) { + if req.Method != http.MethodPost { + return + } + v := req.Header.Get("Content-Type") + mimeType := strings.Split(v, ";")[0] + for _, t := range mediaType { + if t == mimeType { + return + } + } + resp.WriteHeader(http.StatusUnsupportedMediaType) +} diff --git a/src/ui/filter/mediatype_test.go b/src/ui/filter/mediatype_test.go new file mode 100644 index 000000000..d0d9e84dc --- /dev/null +++ b/src/ui/filter/mediatype_test.go @@ -0,0 +1,42 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package filter + +import ( + "github.com/stretchr/testify/assert" + "net/http" + "net/http/httptest" + "testing" +) + +func TestMediaTypeFilter(t *testing.T) { + assert := assert.New(t) + getReq := httptest.NewRequest(http.MethodGet, "/the/path", nil) + rec := httptest.NewRecorder() + filterContentType(getReq, rec, "application/json") + assert.Equal(http.StatusOK, rec.Code) + + postReq := httptest.NewRequest(http.MethodPost, "/the/path", nil) + postReq.Header.Set("Content-Type", "text/html") + rec2 := httptest.NewRecorder() + filterContentType(postReq, rec2, "application/json") + assert.Equal(http.StatusUnsupportedMediaType, rec2.Code) + postReq2 := httptest.NewRequest(http.MethodPost, "/the/path", nil) + postReq2.Header.Set("Content-Type", "application/json; charset=utf-8") + rec3 := httptest.NewRecorder() + filterContentType(postReq2, rec3, "application/json") + assert.Equal(http.StatusOK, rec3.Code) + +} diff --git a/src/ui/main.go b/src/ui/main.go index a9f7fb859..42d967315 100644 --- a/src/ui/main.go +++ b/src/ui/main.go @@ -132,6 +132,7 @@ func main() { filter.Init() beego.InsertFilter("/*", beego.BeforeRouter, filter.SecurityFilter) + beego.InsertFilter("/api/*", beego.BeforeRouter, filter.MediaTypeFilter("application/json")) initRouters() if err := api.SyncRegistry(config.GlobalProjectMgr); err != nil { diff --git a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts index 037ea4da1..dbf623534 100644 --- a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts +++ b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts @@ -85,9 +85,8 @@ export class ProjectPolicyConfigComponent implements OnInit { response => { this.orgProjectPolicy.initByProject(response); this.projectPolicy.initByProject(response); - }, - error => this.errorHandler.error(error) - ); + }) + .catch(error => this.errorHandler.error(error)); } updateProjectPolicy(projectId: string|number, pp: ProjectPolicy) { @@ -125,7 +124,6 @@ export class ProjectPolicyConfigComponent implements OnInit { this.refresh(); }) .catch(error => { - console.log(error); this.onGoing = false; this.errorHandler.error(error); }); diff --git a/src/ui_ng/lib/src/service/access-log.service.ts b/src/ui_ng/lib/src/service/access-log.service.ts index 08e85870c..bfd15c6b5 100644 --- a/src/ui_ng/lib/src/service/access-log.service.ts +++ b/src/ui_ng/lib/src/service/access-log.service.ts @@ -5,7 +5,7 @@ import { Injectable, Inject } from "@angular/core"; import 'rxjs/add/observable/of'; import { SERVICE_CONFIG, IServiceConfig } from '../service.config'; import { Http, URLSearchParams } from '@angular/http'; -import { HTTP_JSON_OPTIONS, buildHttpRequestOptions } from '../utils'; +import { buildHttpRequestOptions, HTTP_GET_OPTIONS } from '../utils'; /** * Define service methods to handle the access log related things. @@ -67,7 +67,7 @@ export class AccessLogDefaultService extends AccessLogService { url = '/api/logs'; } - return this.http.get(url, queryParams ? buildHttpRequestOptions(queryParams) : HTTP_JSON_OPTIONS).toPromise() + return this.http.get(url, queryParams ? buildHttpRequestOptions(queryParams) : HTTP_GET_OPTIONS).toPromise() .then(response => { let result: AccessLog = { metadata: { diff --git a/src/ui_ng/lib/src/service/configuration.service.ts b/src/ui_ng/lib/src/service/configuration.service.ts index 18ae26c1d..2137bae8c 100644 --- a/src/ui_ng/lib/src/service/configuration.service.ts +++ b/src/ui_ng/lib/src/service/configuration.service.ts @@ -3,8 +3,8 @@ import { Injectable, Inject } from "@angular/core"; import 'rxjs/add/observable/of'; import { SERVICE_CONFIG, IServiceConfig } from '../service.config'; import { Http } from '@angular/http'; -import { HTTP_JSON_OPTIONS } from '../utils'; -import { Configuration } from '../config/config' +import { HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS } from '../utils'; +import { Configuration } from '../config/config'; /** @@ -51,7 +51,7 @@ export class ConfigurationDefaultService extends ConfigurationService { } getConfigurations(): Observable | Promise | Configuration { - return this.http.get(this._baseUrl, HTTP_JSON_OPTIONS).toPromise() + return this.http.get(this._baseUrl, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as Configuration) .catch(error => Promise.reject(error)); } diff --git a/src/ui_ng/lib/src/service/endpoint.service.ts b/src/ui_ng/lib/src/service/endpoint.service.ts index 66d797349..6eb6090a8 100644 --- a/src/ui_ng/lib/src/service/endpoint.service.ts +++ b/src/ui_ng/lib/src/service/endpoint.service.ts @@ -7,7 +7,7 @@ import 'rxjs/add/observable/of'; import { IServiceConfig, SERVICE_CONFIG } from '../service.config'; -import { buildHttpRequestOptions } from '../utils'; +import {buildHttpRequestOptions, HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS} from '../utils'; /** * Define the service methods to handle the endpoint related things. @@ -136,7 +136,7 @@ export class EndpointDefaultService extends EndpointService { } let requestUrl: string = `${this._endpointUrl}/${endpointId}`; return this.http - .get(requestUrl) + .get(requestUrl, HTTP_GET_OPTIONS) .toPromise() .then(response=>response.json() as Endpoint) .catch(error=>Promise.reject(error)); @@ -148,7 +148,7 @@ export class EndpointDefaultService extends EndpointService { } let requestUrl: string = `${this._endpointUrl}`; return this.http - .post(requestUrl, JSON.stringify(endpoint)) + .post(requestUrl, JSON.stringify(endpoint), HTTP_JSON_OPTIONS) .toPromise() .then(response=>response.status) .catch(error=>Promise.reject(error)); @@ -163,7 +163,7 @@ export class EndpointDefaultService extends EndpointService { } let requestUrl: string = `${this._endpointUrl}/${endpointId}`; return this.http - .put(requestUrl, JSON.stringify(endpoint)) + .put(requestUrl, JSON.stringify(endpoint), HTTP_JSON_OPTIONS) .toPromise() .then(response=>response.status) .catch(error=>Promise.reject(error)); @@ -189,14 +189,14 @@ export class EndpointDefaultService extends EndpointService { if(endpoint.id) { requestUrl = `${this._endpointUrl}/${endpoint.id}/ping`; return this.http - .post(requestUrl, {}) + .post(requestUrl, HTTP_JSON_OPTIONS) .toPromise() .then(response=>response.status) .catch(error=>Promise.reject(error)); } else { requestUrl = `${this._endpointUrl}/ping`; return this.http - .post(requestUrl, endpoint) + .post(requestUrl, endpoint, HTTP_JSON_OPTIONS) .toPromise() .then(response=>response.status) .catch(error=>Promise.reject(error)); @@ -209,7 +209,7 @@ export class EndpointDefaultService extends EndpointService { } let requestUrl: string = `${this._endpointUrl}/${endpointId}/policies`; return this.http - .get(requestUrl) + .get(requestUrl, HTTP_GET_OPTIONS) .toPromise() .then(response=>response.json() as ReplicationRule[]) .catch(error=>Promise.reject(error)); diff --git a/src/ui_ng/lib/src/service/job-log.service.ts b/src/ui_ng/lib/src/service/job-log.service.ts index f35f253ca..c912879a9 100644 --- a/src/ui_ng/lib/src/service/job-log.service.ts +++ b/src/ui_ng/lib/src/service/job-log.service.ts @@ -5,7 +5,7 @@ import { Injectable, Inject } from "@angular/core"; import 'rxjs/add/observable/of'; import { Http, RequestOptions } from '@angular/http'; import { SERVICE_CONFIG, IServiceConfig } from '../service.config'; -import { buildHttpRequestOptions, HTTP_JSON_OPTIONS } from '../utils'; +import { buildHttpRequestOptions, HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS } from '../utils'; /** * Define the service methods to handle the job log related things. @@ -53,7 +53,7 @@ export class JobLogDefaultService extends JobLogService { } _getJobLog(logUrl: string): Observable | Promise | string { - return this.http.get(logUrl).toPromise() + return this.http.get(logUrl, HTTP_GET_OPTIONS).toPromise() .then(response => response.text()) .catch(error => Promise.reject(error)); } diff --git a/src/ui_ng/lib/src/service/project.service.ts b/src/ui_ng/lib/src/service/project.service.ts index 567546205..6220b7574 100644 --- a/src/ui_ng/lib/src/service/project.service.ts +++ b/src/ui_ng/lib/src/service/project.service.ts @@ -6,6 +6,7 @@ import { SERVICE_CONFIG, IServiceConfig } from '../service.config'; import { Project } from '../project-policy-config/project'; import { ProjectPolicy } from '../project-policy-config/project-policy-config.component'; +import {HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS} from "../utils"; /** * Define the service methods to handle the Prject related things. @@ -49,9 +50,6 @@ export abstract class ProjectService { @Injectable() export class ProjectDefaultService extends ProjectService { - headers = new Headers({'Content-type': 'application/json'}); - options = new RequestOptions({'headers': this.headers}); - constructor( private http: Http, @Inject(SERVICE_CONFIG) private config: IServiceConfig @@ -65,7 +63,7 @@ export class ProjectDefaultService extends ProjectService { } return this.http - .get(`/api/projects/${projectId}`) + .get(`/api/projects/${projectId}`, HTTP_GET_OPTIONS) .map(response => response.json()) .catch(error => Observable.throw(error)); } @@ -78,7 +76,7 @@ export class ProjectDefaultService extends ProjectService { 'prevent_vul': projectPolicy.PreventVulImg ? 'true' : 'false', 'severity': projectPolicy.PreventVulImgServerity, 'auto_scan': projectPolicy.ScanImgOnPush ? 'true' : 'false' - } }, this.options) + } }, HTTP_JSON_OPTIONS) .map(response => response.status) .catch(error => Observable.throw(error)); } diff --git a/src/ui_ng/lib/src/service/replication.service.ts b/src/ui_ng/lib/src/service/replication.service.ts index 791340cdd..9d722798c 100644 --- a/src/ui_ng/lib/src/service/replication.service.ts +++ b/src/ui_ng/lib/src/service/replication.service.ts @@ -5,7 +5,7 @@ import { Injectable, Inject } from "@angular/core"; import 'rxjs/add/observable/of'; import { Http, RequestOptions } from '@angular/http'; import { SERVICE_CONFIG, IServiceConfig } from '../service.config'; -import { buildHttpRequestOptions, HTTP_JSON_OPTIONS } from '../utils'; +import { buildHttpRequestOptions, HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS } from '../utils'; /** * Define the service methods to handle the replication (rule and job) related things. @@ -179,7 +179,7 @@ export class ReplicationDefaultService extends ReplicationService { } let url: string = `${this._ruleBaseUrl}/${ruleId}`; - return this.http.get(url).toPromise() + return this.http.get(url, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as ReplicationRule) .catch(error => Promise.reject(error)); } @@ -281,7 +281,7 @@ export class ReplicationDefaultService extends ReplicationService { } let logUrl: string = `${this._jobBaseUrl}/${jobId}/log`; - return this.http.get(logUrl).toPromise() + return this.http.get(logUrl, HTTP_GET_OPTIONS).toPromise() .then(response => response.text()) .catch(error => Promise.reject(error)); } diff --git a/src/ui_ng/lib/src/service/scanning.service.ts b/src/ui_ng/lib/src/service/scanning.service.ts index ab4e2c035..7c297211a 100644 --- a/src/ui_ng/lib/src/service/scanning.service.ts +++ b/src/ui_ng/lib/src/service/scanning.service.ts @@ -101,13 +101,13 @@ export class ScanningResultDefaultService extends ScanningResultService { return Promise.reject('Bad argument'); } - return this.http.post(`${this._baseUrl}/${repoName}/tags/${tagId}/scan`, null).toPromise() + return this.http.post(`${this._baseUrl}/${repoName}/tags/${tagId}/scan`, HTTP_JSON_OPTIONS).toPromise() .then(() => { return true }) .catch(error => Promise.reject(error)); } startScanningAll(): Observable | Promise | any { - return this.http.post(`${this._baseUrl}/scanAll`,{}).toPromise() + return this.http.post(`${this._baseUrl}/scanAll`, HTTP_JSON_OPTIONS).toPromise() .then(() => {return true}) .catch(error => Promise.reject(error)); } diff --git a/src/ui_ng/lib/src/service/system-info.service.ts b/src/ui_ng/lib/src/service/system-info.service.ts index a167c6e8b..9e60dfd47 100644 --- a/src/ui_ng/lib/src/service/system-info.service.ts +++ b/src/ui_ng/lib/src/service/system-info.service.ts @@ -3,6 +3,7 @@ import { Http } from '@angular/http'; import { Observable } from 'rxjs/Observable'; import { SystemInfo } from './interface'; import { SERVICE_CONFIG, IServiceConfig } from '../service.config'; +import {HTTP_GET_OPTIONS} from "../utils"; /** * Get System information about current backend server. * @abstract @@ -26,7 +27,7 @@ export class SystemInfoDefaultService extends SystemInfoService { } getSystemInfo(): Observable | Promise | SystemInfo { let url = this.config.systemInfoEndpoint ? this.config.systemInfoEndpoint : '/api/systeminfo'; - return this.http.get(url) + return this.http.get(url, HTTP_GET_OPTIONS) .toPromise() .then(systemInfo=>systemInfo.json() as SystemInfo) .catch(error=>Promise.reject(error)); diff --git a/src/ui_ng/lib/src/service/tag.service.ts b/src/ui_ng/lib/src/service/tag.service.ts index 6242bcfc7..c958d8502 100644 --- a/src/ui_ng/lib/src/service/tag.service.ts +++ b/src/ui_ng/lib/src/service/tag.service.ts @@ -5,7 +5,7 @@ import { Injectable, Inject } from "@angular/core"; import 'rxjs/add/observable/of'; import { Http } from '@angular/http'; import { SERVICE_CONFIG, IServiceConfig } from '../service.config'; -import { buildHttpRequestOptions, HTTP_JSON_OPTIONS } from '../utils'; +import { buildHttpRequestOptions, HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS } from '../utils'; /** * For getting tag signatures. @@ -103,7 +103,7 @@ export class TagDefaultService extends TagService { _getSignatures(repositoryName: string): Promise { let url: string = `${this._baseUrl}/${repositoryName}/signatures`; - return this.http.get(url, HTTP_JSON_OPTIONS).toPromise() + return this.http.get(url, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as VerifiedSignature[]) .catch(error => Promise.reject(error)) } @@ -132,7 +132,7 @@ export class TagDefaultService extends TagService { } let url: string = `${this._baseUrl}/${repositoryName}/tags/${tag}`; - return this.http.get(url, HTTP_JSON_OPTIONS).toPromise() + return this.http.get(url, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as Tag) .catch(error => Promise.reject(error)); } diff --git a/src/ui_ng/lib/src/utils.ts b/src/ui_ng/lib/src/utils.ts index df76b4d38..92b5a526f 100644 --- a/src/ui_ng/lib/src/utils.ts +++ b/src/ui_ng/lib/src/utils.ts @@ -48,6 +48,15 @@ export const HTTP_JSON_OPTIONS: RequestOptions = new RequestOptions({ }) }); +export const HTTP_GET_OPTIONS: RequestOptions = new RequestOptions({ + headers: new Headers({ + "Content-Type": 'application/json', + "Accept": 'application/json', + "Cache-Control": 'no-cache', + "Pragma": 'no-cache' + }) +}); + /** * Build http request options * @@ -59,7 +68,9 @@ export function buildHttpRequestOptions(params: RequestQueryParams): RequestOpti let reqOptions: RequestOptions = new RequestOptions({ headers: new Headers({ "Content-Type": 'application/json', - "Accept": 'application/json' + "Accept": 'application/json', + "Cache-Control": 'no-cache', + "Pragma": 'no-cache' }) }); diff --git a/src/ui_ng/package.json b/src/ui_ng/package.json index e690d16d1..d3c626567 100644 --- a/src/ui_ng/package.json +++ b/src/ui_ng/package.json @@ -31,7 +31,7 @@ "clarity-icons": "^0.9.8", "clarity-ui": "^0.9.8", "core-js": "^2.4.1", - "harbor-ui": "0.4.97", + "harbor-ui": "0.5.0", "intl": "^1.2.5", "mutationobserver-shim": "^0.3.2", "ngx-cookie": "^1.0.0", diff --git a/src/ui_ng/src/app/account/password/password-setting.service.ts b/src/ui_ng/src/app/account/password/password-setting.service.ts index 5247109b5..42fb86cab 100644 --- a/src/ui_ng/src/app/account/password/password-setting.service.ts +++ b/src/ui_ng/src/app/account/password/password-setting.service.ts @@ -16,6 +16,7 @@ import { Headers, Http, RequestOptions, URLSearchParams } from '@angular/http'; import 'rxjs/add/operator/toPromise'; import { PasswordSetting } from './password-setting'; +import {HTTP_FORM_OPTIONS, HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS} from "../../shared/shared.utils"; const passwordChangeEndpoint = "/api/users/:user_id/password"; const sendEmailEndpoint = "/sendEmail"; @@ -23,13 +24,6 @@ const resetPasswordEndpoint = "/reset"; @Injectable() export class PasswordSettingService { - headers: Headers = new Headers({ - "Accept": 'application/json', - "Content-Type": 'application/json' - }); - options: RequestOptions = new RequestOptions({ - 'headers': this.headers - }); constructor(private http: Http) { } @@ -39,7 +33,7 @@ export class PasswordSettingService { } let putUrl = passwordChangeEndpoint.replace(":user_id", userId + ""); - return this.http.put(putUrl, JSON.stringify(setting), this.options) + return this.http.put(putUrl, JSON.stringify(setting), HTTP_JSON_OPTIONS) .toPromise() .then(() => null) .catch(error => { @@ -53,7 +47,7 @@ export class PasswordSettingService { } let getUrl = sendEmailEndpoint + "?email=" + email; - return this.http.get(getUrl, this.options).toPromise() + return this.http.get(getUrl, HTTP_GET_OPTIONS).toPromise() .then(response => response) .catch(error => { return Promise.reject(error); @@ -65,18 +59,12 @@ export class PasswordSettingService { return Promise.reject("Invalid reset uuid or password"); } - let formHeaders = new Headers({ - "Content-Type": 'application/x-www-form-urlencoded' - }); - let formOptions: RequestOptions = new RequestOptions({ - headers: formHeaders - }); let body: URLSearchParams = new URLSearchParams(); body.set("reset_uuid", uuid); body.set("password", newPassword); - return this.http.post(resetPasswordEndpoint, body.toString(), formOptions) + return this.http.post(resetPasswordEndpoint, body.toString(), HTTP_FORM_OPTIONS) .toPromise() .then(response => response) .catch(error => { diff --git a/src/ui_ng/src/app/account/sign-in/sign-in.service.ts b/src/ui_ng/src/app/account/sign-in/sign-in.service.ts index b99dee504..1a233bc98 100644 --- a/src/ui_ng/src/app/account/sign-in/sign-in.service.ts +++ b/src/ui_ng/src/app/account/sign-in/sign-in.service.ts @@ -16,6 +16,7 @@ import { Headers, Http, URLSearchParams } from '@angular/http'; import 'rxjs/add/operator/toPromise'; import { SignInCredential } from '../../shared/sign-in-credential'; +import {HTTP_FORM_OPTIONS} from "../../shared/shared.utils"; const signInUrl = '/login'; /** @@ -27,9 +28,6 @@ const signInUrl = '/login'; */ @Injectable() export class SignInService { - headers = new Headers({ - "Content-Type": 'application/x-www-form-urlencoded' - }); constructor(private http: Http) {} @@ -46,7 +44,7 @@ export class SignInService { body.set('password', signInCredential.password); //Trigger Http - return this.http.post(signInUrl, body.toString(), { headers: this.headers }) + return this.http.post(signInUrl, body.toString(), HTTP_FORM_OPTIONS) .toPromise() .then(()=>null) .catch(this.handleError); diff --git a/src/ui_ng/src/app/app-config.service.ts b/src/ui_ng/src/app/app-config.service.ts index 0d73856b0..28c9c0e6a 100644 --- a/src/ui_ng/src/app/app-config.service.ts +++ b/src/ui_ng/src/app/app-config.service.ts @@ -18,7 +18,7 @@ import 'rxjs/add/operator/toPromise'; import { AppConfig } from './app-config'; import { CookieService } from 'ngx-cookie'; import { CookieKeyOfAdmiral, HarborQueryParamKey } from './shared/shared.const'; -import { maintainUrlQueryParmas } from './shared/shared.utils'; +import {HTTP_JSON_OPTIONS, maintainUrlQueryParmas, HTTP_GET_OPTIONS} from './shared/shared.utils'; export const systemInfoEndpoint = "/api/systeminfo"; /** @@ -30,12 +30,6 @@ export const systemInfoEndpoint = "/api/systeminfo"; */ @Injectable() export class AppConfigService { - headers = new Headers({ - "Content-Type": 'application/json' - }); - options = new RequestOptions({ - headers: this.headers - }); //Store the application configuration configurations: AppConfig = new AppConfig(); @@ -45,7 +39,7 @@ export class AppConfigService { private cookie: CookieService) { } public load(): Promise { - return this.http.get(systemInfoEndpoint, this.options).toPromise() + return this.http.get(systemInfoEndpoint, HTTP_GET_OPTIONS).toPromise() .then(response => { this.configurations = response.json() as AppConfig; @@ -90,7 +84,7 @@ export class AppConfigService { } //Save back to cookie - this.cookie.put(CookieKeyOfAdmiral, endpoint); + this.cookie.put(CookieKeyOfAdmiral, endpoint, HTTP_JSON_OPTIONS); this.configurations.admiral_endpoint = endpoint; } } \ No newline at end of file diff --git a/src/ui_ng/src/app/base/global-search/global-search.service.ts b/src/ui_ng/src/app/base/global-search/global-search.service.ts index e3a81b284..138702432 100644 --- a/src/ui_ng/src/app/base/global-search/global-search.service.ts +++ b/src/ui_ng/src/app/base/global-search/global-search.service.ts @@ -16,6 +16,7 @@ import { Headers, Http, RequestOptions } from '@angular/http'; import 'rxjs/add/operator/toPromise'; import { SearchResults } from './search-results'; +import {HTTP_GET_OPTIONS} from "../../shared/shared.utils"; const searchEndpoint = "/api/search"; /** @@ -27,12 +28,6 @@ const searchEndpoint = "/api/search"; */ @Injectable() export class GlobalSearchService { - headers = new Headers({ - "Content-Type": 'application/json' - }); - options = new RequestOptions({ - headers: this.headers - }); constructor(private http: Http) { } @@ -47,7 +42,7 @@ export class GlobalSearchService { doSearch(term: string): Promise { let searchUrl = searchEndpoint + "?q=" + term; - return this.http.get(searchUrl, this.options).toPromise() + return this.http.get(searchUrl, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as SearchResults) .catch(error => Promise.reject(error)); } diff --git a/src/ui_ng/src/app/config/config.service.ts b/src/ui_ng/src/app/config/config.service.ts index acc380777..e95050390 100644 --- a/src/ui_ng/src/app/config/config.service.ts +++ b/src/ui_ng/src/app/config/config.service.ts @@ -16,6 +16,7 @@ import { Headers, Http, RequestOptions } from '@angular/http'; import 'rxjs/add/operator/toPromise'; import { Configuration } from 'harbor-ui'; +import {HTTP_GET_OPTIONS, HTTP_JSON_OPTIONS} from "../shared/shared.utils"; const configEndpoint = "/api/configurations"; const emailEndpoint = "/api/email/ping"; @@ -23,38 +24,31 @@ const ldapEndpoint = "/api/ldap/ping"; @Injectable() export class ConfigurationService { - headers: Headers = new Headers({ - "Accept": 'application/json', - "Content-Type": 'application/json' - }); - options: RequestOptions = new RequestOptions({ - 'headers': this.headers - }); constructor(private http: Http) { } public getConfiguration(): Promise { - return this.http.get(configEndpoint, this.options).toPromise() + return this.http.get(configEndpoint, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as Configuration) .catch(error => Promise.reject(error)); } public saveConfiguration(values: any): Promise { - return this.http.put(configEndpoint, JSON.stringify(values), this.options) + return this.http.put(configEndpoint, JSON.stringify(values), HTTP_JSON_OPTIONS) .toPromise() .then(response => response) .catch(error => Promise.reject(error)); } public testMailServer(mailSettings: any): Promise { - return this.http.post(emailEndpoint, JSON.stringify(mailSettings), this.options) + return this.http.post(emailEndpoint, JSON.stringify(mailSettings), HTTP_JSON_OPTIONS) .toPromise() .then(response => response) .catch(error => Promise.reject(error)); } public testLDAPServer(ldapSettings: any): Promise { - return this.http.post(ldapEndpoint, JSON.stringify(ldapSettings), this.options) + return this.http.post(ldapEndpoint, JSON.stringify(ldapSettings), HTTP_JSON_OPTIONS) .toPromise() .then(response => response) .catch(error => Promise.reject(error)); diff --git a/src/ui_ng/src/app/log/audit-log.service.ts b/src/ui_ng/src/app/log/audit-log.service.ts index 6cde48bda..f6c0852e1 100644 --- a/src/ui_ng/src/app/log/audit-log.service.ts +++ b/src/ui_ng/src/app/log/audit-log.service.ts @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. import { Injectable } from '@angular/core'; -import { Http, Headers, RequestOptions, URLSearchParams } from '@angular/http'; +import { Http, URLSearchParams } from '@angular/http'; import { AuditLog } from './audit-log'; @@ -20,45 +20,43 @@ import { Observable } from 'rxjs/Observable'; import 'rxjs/add/operator/catch'; import 'rxjs/add/operator/map'; import 'rxjs/add/observable/throw'; +import {buildHttpRequestOptions} from '../shared/shared.utils'; +import {RequestQueryParams} from 'harbor-ui'; -export const logEndpoint = "/api/logs"; +export const logEndpoint = '/api/logs'; @Injectable() export class AuditLogService { - httpOptions = new RequestOptions({ - headers: new Headers({ - "Content-Type": 'application/json', - "Accept": 'application/json' - }) - }); constructor(private http: Http) {} listAuditLogs(queryParam: AuditLog): Observable { let params: URLSearchParams = new URLSearchParams(queryParam.keywords); - if(queryParam.begin_timestamp) { - params.set('begin_timestamp', queryParam.begin_timestamp); + if (queryParam.begin_timestamp) { + params.set('begin_timestamp', queryParam.begin_timestamp); } - if(queryParam.end_timestamp) { + if (queryParam.end_timestamp) { params.set('end_timestamp', queryParam.end_timestamp); } - if(queryParam.username) { + if (queryParam.username) { params.set('username', queryParam.username); } - if(queryParam.page) { + if (queryParam.page) { params.set('page', queryParam.page); } - if(queryParam.page_size) { + if (queryParam.page_size) { params.set('page_size', queryParam.page_size); } return this.http - .get(`/api/projects/${queryParam.project_id}/logs`, {params: params}) + .get(`/api/projects/${queryParam.project_id}/logs`, buildHttpRequestOptions(params)) .map(response => response) .catch(error => Observable.throw(error)); } getRecentLogs(lines: number): Observable { - return this.http.get(logEndpoint + "?page_size=" + lines, this.httpOptions) + let params: RequestQueryParams = new RequestQueryParams(); + params.set('page_size', '' + lines); + return this.http.get(logEndpoint, buildHttpRequestOptions(params)) .map(response => response.json() as AuditLog[]) .catch(error => Observable.throw(error)); } diff --git a/src/ui_ng/src/app/project/member/member.service.ts b/src/ui_ng/src/app/project/member/member.service.ts index 33e7b0537..e868afd2c 100644 --- a/src/ui_ng/src/app/project/member/member.service.ts +++ b/src/ui_ng/src/app/project/member/member.service.ts @@ -20,6 +20,7 @@ import 'rxjs/add/operator/map'; import 'rxjs/add/observable/throw'; import { Member } from './member'; +import {HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS} from "../../shared/shared.utils"; @Injectable() export class MemberService { @@ -28,21 +29,21 @@ export class MemberService { listMembers(projectId: number, username: string): Observable { return this.http - .get(`/api/projects/${projectId}/members?username=${username}`) + .get(`/api/projects/${projectId}/members?username=${username}`, HTTP_GET_OPTIONS) .map(response=>response.json() as Member[]) .catch(error=>Observable.throw(error)); } addMember(projectId: number, username: string, roleId: number): Observable { return this.http - .post(`/api/projects/${projectId}/members`, { username: username, roles: [ roleId ] }) + .post(`/api/projects/${projectId}/members`, { username: username, roles: [ roleId ] }, HTTP_JSON_OPTIONS) .map(response=>response.status) .catch(error=>Observable.throw(error)); } changeMemberRole(projectId: number, userId: number, roleId: number): Observable { return this.http - .put(`/api/projects/${projectId}/members/${userId}`, { roles: [ roleId ]}) + .put(`/api/projects/${projectId}/members/${userId}`, { roles: [ roleId ]}, HTTP_JSON_OPTIONS) .map(response=>response.status) .catch(error=>Observable.throw(error)); } diff --git a/src/ui_ng/src/app/project/project.service.ts b/src/ui_ng/src/app/project/project.service.ts index 9948b279e..5c4236b6e 100644 --- a/src/ui_ng/src/app/project/project.service.ts +++ b/src/ui_ng/src/app/project/project.service.ts @@ -22,20 +22,16 @@ import { Observable } from 'rxjs/Observable'; import 'rxjs/add/operator/catch'; import 'rxjs/add/operator/map'; import 'rxjs/add/observable/throw'; - - +import {HTTP_JSON_OPTIONS, buildHttpRequestOptions, HTTP_GET_OPTIONS} from "../shared/shared.utils"; @Injectable() export class ProjectService { - - headers = new Headers({'Content-type': 'application/json'}); - options = new RequestOptions({'headers': this.headers}); constructor(private http: Http) {} getProject(projectId: number): Observable { return this.http - .get(`/api/projects/${projectId}`) + .get(`/api/projects/${projectId}`, HTTP_GET_OPTIONS) .map(response=>response.json()) .catch(error=>Observable.throw(error)); } @@ -52,8 +48,10 @@ export class ProjectService { if(isPublic !== undefined){ params.set('public', ''+isPublic); } + + //let options = new RequestOptions({ headers: this.getHeaders, search: params }); return this.http - .get(`/api/projects`, {search: params}) + .get(`/api/projects`, buildHttpRequestOptions(params)) .map(response=>response) .catch(error=>Observable.throw(error)); } @@ -64,14 +62,14 @@ export class ProjectService { JSON.stringify({'project_name': name, 'metadata': { public: metadata.public ? 'true' : 'false', }}) - , this.options) + , HTTP_JSON_OPTIONS) .map(response=>response.status) .catch(error=>Observable.throw(error)); } toggleProjectPublic(projectId: number, isPublic: string): Observable { return this.http - .put(`/api/projects/${projectId}`, { 'metadata': {'public': isPublic} }, this.options) + .put(`/api/projects/${projectId}`, { 'metadata': {'public': isPublic} }, HTTP_JSON_OPTIONS) .map(response => response.status) .catch(error => Observable.throw(error)); } @@ -92,7 +90,7 @@ export class ProjectService { checkProjectMember(projectId: number): Observable { return this.http - .get(`/api/projects/${projectId}/members`) + .get(`/api/projects/${projectId}/members`, HTTP_GET_OPTIONS) .map(response=>response.json()) .catch(error=>Observable.throw(error)); } diff --git a/src/ui_ng/src/app/repository/top-repo/top-repository.service.ts b/src/ui_ng/src/app/repository/top-repo/top-repository.service.ts index 684e7ae8c..50d32e759 100644 --- a/src/ui_ng/src/app/repository/top-repo/top-repository.service.ts +++ b/src/ui_ng/src/app/repository/top-repo/top-repository.service.ts @@ -16,6 +16,7 @@ import { Headers, Http, RequestOptions } from '@angular/http'; import 'rxjs/add/operator/toPromise'; import { Repository } from 'harbor-ui'; +import {HTTP_GET_OPTIONS} from "../../shared/shared.utils"; export const topRepoEndpoint = "/api/repositories/top"; /** @@ -27,12 +28,6 @@ export const topRepoEndpoint = "/api/repositories/top"; */ @Injectable() export class TopRepoService { - headers = new Headers({ - "Content-Type": 'application/json' - }); - options = new RequestOptions({ - headers: this.headers - }); constructor(private http: Http) { } @@ -45,7 +40,7 @@ export class TopRepoService { * @memberOf GlobalSearchService */ getTopRepos(): Promise { - return this.http.get(topRepoEndpoint, this.options).toPromise() + return this.http.get(topRepoEndpoint, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as Repository[]) .catch(error => Promise.reject(error)); } diff --git a/src/ui_ng/src/app/shared/session.service.ts b/src/ui_ng/src/app/shared/session.service.ts index b6ba8755c..bdffbf504 100644 --- a/src/ui_ng/src/app/shared/session.service.ts +++ b/src/ui_ng/src/app/shared/session.service.ts @@ -19,7 +19,8 @@ import { SessionUser } from './session-user'; import { Member } from '../project/member/member'; import { SignInCredential } from './sign-in-credential'; -import { enLang } from '../shared/shared.const' +import { enLang } from '../shared/shared.const'; +import {HTTP_FORM_OPTIONS, HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS} from "./shared.utils"; const signInUrl = '/login'; const currentUserEndpint = "/api/users/current"; @@ -44,13 +45,9 @@ export class SessionService { projectMembers: Member[]; - headers = new Headers({ - "Content-Type": 'application/json' - }); - - formHeaders = new Headers({ + /*formHeaders = new Headers({ "Content-Type": 'application/x-www-form-urlencoded' - }); + });*/ constructor(private http: Http) { } @@ -72,7 +69,7 @@ export class SessionService { '&password=' + encodeURIComponent(signInCredential.password); //Trigger Http - return this.http.post(signInUrl, queryParam, { headers: this.formHeaders }) + return this.http.post(signInUrl, queryParam, HTTP_FORM_OPTIONS) .toPromise() .then(() => null) .catch(error => this.handleError(error)); @@ -86,7 +83,7 @@ export class SessionService { * @memberOf SessionService */ retrieveUser(): Promise { - return this.http.get(currentUserEndpint, { headers: this.headers }).toPromise() + return this.http.get(currentUserEndpint, HTTP_GET_OPTIONS).toPromise() .then(response => this.currentUser = response.json() as SessionUser) .catch(error => this.handleError(error)) } @@ -102,7 +99,7 @@ export class SessionService { * Log out the system */ signOff(): Promise { - return this.http.get(signOffEndpoint, { headers: this.headers }).toPromise() + return this.http.get(signOffEndpoint, HTTP_GET_OPTIONS).toPromise() .then(() => { //Destroy current session cache //this.currentUser = null; @@ -124,7 +121,7 @@ export class SessionService { return Promise.reject("Invalid account settings"); } let putUrl = accountEndpoint.replace(":id", account.user_id + ""); - return this.http.put(putUrl, JSON.stringify(account), { headers: this.headers }).toPromise() + return this.http.put(putUrl, JSON.stringify(account), HTTP_JSON_OPTIONS).toPromise() .then(() => { //Retrieve current session user return this.retrieveUser(); @@ -146,7 +143,7 @@ export class SessionService { } let getUrl = langEndpoint + "?lang=" + backendLang; - return this.http.get(getUrl).toPromise() + return this.http.get(getUrl, HTTP_GET_OPTIONS).toPromise() .then(() => null) .catch(error => this.handleError(error)) } @@ -158,7 +155,7 @@ export class SessionService { body.set('value', value); //Trigger Http - return this.http.post(userExistsEndpoint, body.toString(), { headers: this.formHeaders }) + return this.http.post(userExistsEndpoint, body.toString(), HTTP_FORM_OPTIONS) .toPromise() .then(response => { return response.json(); diff --git a/src/ui_ng/src/app/shared/shared.utils.ts b/src/ui_ng/src/app/shared/shared.utils.ts index 6f04d8542..c34dc29a5 100644 --- a/src/ui_ng/src/app/shared/shared.utils.ts +++ b/src/ui_ng/src/app/shared/shared.utils.ts @@ -15,6 +15,8 @@ import { NgForm } from '@angular/forms'; import { httpStatusCode, AlertType } from './shared.const'; import { MessageService } from '../global-message/message.service'; import { Comparator, State } from 'clarity-angular'; +import {RequestOptions, Headers} from "@angular/http"; +import {RequestQueryParams} from "harbor-ui"; /** * To handle the error message body @@ -155,6 +157,50 @@ export class CustomComparator implements Comparator { } } +export const HTTP_JSON_OPTIONS: RequestOptions = new RequestOptions({ + headers: new Headers({ + "Content-Type": 'application/json', + "Accept": 'application/json', + }) +}); +export const HTTP_GET_OPTIONS: RequestOptions = new RequestOptions({ + headers: new Headers({ + "Content-Type": 'application/json', + "Accept": 'application/json', + "Cache-Control": 'no-cache', + "Pragma": 'no-cache' + }) +}); + +export const HTTP_FORM_OPTIONS: RequestOptions = new RequestOptions({ + headers: new Headers({ + "Content-Type": 'application/x-www-form-urlencoded' + }) +}); +/** + * Build http request options + * + * @export + * @param {RequestQueryParams} params + * @returns {RequestOptions} + */ +export function buildHttpRequestOptions(params: RequestQueryParams): RequestOptions { + let reqOptions: RequestOptions = new RequestOptions({ + headers: new Headers({ + "Content-Type": 'application/json', + "Accept": 'application/json', + "Cache-Control": 'no-cache', + "Pragma": 'no-cache' + }) + }); + + if (params) { + reqOptions.search = params; + } + + return reqOptions; +} + /** * Filter columns via RegExp * diff --git a/src/ui_ng/src/app/shared/statictics/statistics.service.ts b/src/ui_ng/src/app/shared/statictics/statistics.service.ts index 874aaab69..451949814 100644 --- a/src/ui_ng/src/app/shared/statictics/statistics.service.ts +++ b/src/ui_ng/src/app/shared/statictics/statistics.service.ts @@ -17,6 +17,7 @@ import 'rxjs/add/operator/toPromise'; import { Statistics } from './statistics'; import { Volumes } from './volumes'; +import {HTTP_GET_OPTIONS} from "../shared.utils"; const statisticsEndpoint = "/api/statistics"; const volumesEndpoint = "/api/systeminfo/volumes"; @@ -29,23 +30,17 @@ const volumesEndpoint = "/api/systeminfo/volumes"; */ @Injectable() export class StatisticsService { - headers = new Headers({ - "Content-Type": 'application/json' - }); - options = new RequestOptions({ - headers: this.headers - }); constructor(private http: Http) { } getStatistics(): Promise { - return this.http.get(statisticsEndpoint, this.options).toPromise() + return this.http.get(statisticsEndpoint, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as Statistics) .catch(error => Promise.reject(error)); } getVolumes(): Promise { - return this.http.get(volumesEndpoint, this.options).toPromise() + return this.http.get(volumesEndpoint, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as Volumes) .catch(error => Promise.reject(error)); } diff --git a/src/ui_ng/src/app/user/user.service.ts b/src/ui_ng/src/app/user/user.service.ts index 6768a7c82..90a90c837 100644 --- a/src/ui_ng/src/app/user/user.service.ts +++ b/src/ui_ng/src/app/user/user.service.ts @@ -16,6 +16,7 @@ import { Headers, Http, RequestOptions } from '@angular/http'; import 'rxjs/add/operator/toPromise'; import { User } from './user'; +import {HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS} from "../shared/shared.utils"; const userMgmtEndpoint = '/api/users'; @@ -27,11 +28,6 @@ const userMgmtEndpoint = '/api/users'; */ @Injectable() export class UserService { - httpOptions = new RequestOptions({ - headers: new Headers({ - "Content-Type": 'application/json' - }) - }); constructor(private http: Http) { } @@ -42,21 +38,21 @@ export class UserService { //Get the user list getUsers(): Promise { - return this.http.get(userMgmtEndpoint, this.httpOptions).toPromise() + return this.http.get(userMgmtEndpoint, HTTP_GET_OPTIONS).toPromise() .then(response => response.json() as User[]) .catch(error => this.handleError(error)); } //Add new user addUser(user: User): Promise { - return this.http.post(userMgmtEndpoint, JSON.stringify(user), this.httpOptions).toPromise() + return this.http.post(userMgmtEndpoint, JSON.stringify(user), HTTP_JSON_OPTIONS).toPromise() .then(() => null) .catch(error => this.handleError(error)); } //Delete the specified user deleteUser(userId: number): Promise { - return this.http.delete(userMgmtEndpoint + "/" + userId, this.httpOptions) + return this.http.delete(userMgmtEndpoint + "/" + userId, HTTP_JSON_OPTIONS) .toPromise() .then(() => null) .catch(error => this.handleError(error)); @@ -64,7 +60,7 @@ export class UserService { //Update user to enable/disable the admin role updateUser(user: User): Promise { - return this.http.put(userMgmtEndpoint + "/" + user.user_id, JSON.stringify(user), this.httpOptions) + return this.http.put(userMgmtEndpoint + "/" + user.user_id, JSON.stringify(user), HTTP_JSON_OPTIONS) .toPromise() .then(() => null) .catch(error => this.handleError(error)); @@ -72,7 +68,7 @@ export class UserService { //Set user admin role updateUserRole(user: User): Promise { - return this.http.put(userMgmtEndpoint + "/" + user.user_id + "/sysadmin", JSON.stringify(user), this.httpOptions) + return this.http.put(userMgmtEndpoint + "/" + user.user_id + "/sysadmin", JSON.stringify(user), HTTP_JSON_OPTIONS) .toPromise() .then(() => null) .catch(error => this.handleError(error)); From 8df0dae5ca7d5ee2f9a1db3f32e2218bc5e73ee0 Mon Sep 17 00:00:00 2001 From: wangyan Date: Fri, 3 Nov 2017 03:34:51 -0700 Subject: [PATCH 30/83] Add OVA CI scripts --- .drone.ova.yml | 36 +++++++++++++ tests/integration_ova.sh | 36 +++++++++++++ tests/resources/Harbor-Util.robot | 13 +++++ tests/resources/OVA-Util.robot | 46 ++++++++++------- tests/resources/Vsphere-Util.robot | 47 ++++++++--------- .../5-00-OVA-BAT.robot | 51 +++++++++++++++++++ 6 files changed, 185 insertions(+), 44 deletions(-) create mode 100644 .drone.ova.yml create mode 100755 tests/integration_ova.sh create mode 100644 tests/robot-cases/Group5-OVA-install-config/5-00-OVA-BAT.robot diff --git a/.drone.ova.yml b/.drone.ova.yml new file mode 100644 index 000000000..2a7b1f782 --- /dev/null +++ b/.drone.ova.yml @@ -0,0 +1,36 @@ +# Harbor OVA drone. +--- +workspace: + base: /drone + path: src/github.com/vmware/harbor + +pipeline: + clone: + image: plugins/git + tags: true + recursive: false + + integration-test-on-pr: + image: vmware/harbor-e2e-engine:1.39 + pull: true + privileged: true + environment: + BIN: bin + GOPATH: /drone + SHELL: /bin/bash + LOG_TEMP_DIR: install-logs + HARBOR_ADMIN: ${HARBOR_ADMIN} + HARBOR_PASSWORD: ${HARBOR_PASSWORD} + DHCP: ${DHCP} + PROTOCOL: ${PROTOCOL} + USER: ${USER} + PASSWORD: ${PASSWORD} + HOST: ${HOST} + DATASTORE: ${DATASTORE} + CLUSTER: ${CLUSTER} + DATACENTER: ${DATACERTER} + commands: + - tests/integration_ova.sh + when: + status: success + diff --git a/tests/integration_ova.sh b/tests/integration_ova.sh new file mode 100755 index 000000000..473904df8 --- /dev/null +++ b/tests/integration_ova.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# Copyright 2017 VMware, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +set -x +gsutil version -l +set +x +container_ip=`ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}'` +echo $container_ip + +ova_url="$(python /auto-ova/ova.py)" +echo $ova_url + +## --------------------------------------------- Init Env ------------------------------------------------- +# Start Xvfb for Chrome headlesss +Xvfb -ac :99 -screen 0 1280x1024x16 & export DISPLAY=:99 + +## --------------------------------------------- Run ------------------------------------------------- +pybot -v ip:$container_ip -v ova_url:$ova_url --include OVA tests/robot-cases/Group5-OVA-install-config/5-00-OVA-BAT.robot + +## --------------------------------------------- Tear Down ------------------------------------------------- +rc="$?" +echo $rc +exit $rc \ No newline at end of file diff --git a/tests/resources/Harbor-Util.robot b/tests/resources/Harbor-Util.robot index 4a6424ee7..028ce0375 100644 --- a/tests/resources/Harbor-Util.robot +++ b/tests/resources/Harbor-Util.robot @@ -148,3 +148,16 @@ Compile and Up Harbor With Source Code Log ${output} Should Be Equal As Integers ${rc} 0 Sleep 20 + +Wait for Harbor Ready + [Arguments] ${protocol} ${HARBOR_IP} + Log To Console Waiting for Harbor to Come Up... + :FOR ${i} IN RANGE 20 + \ ${out}= Run curl -k ${protocol}://${HARBOR_IP} + \ Log ${out} + \ ${status}= Run Keyword And Return Status Should Not Contain ${out} 502 Bad Gateway + \ ${status}= Run Keyword If ${status} Run Keyword And Return Status Should Not Contain ${out} Connection refused + \ ${status}= Run Keyword If ${status} Run Keyword And Return Status Should Contain ${out} Harbor + \ Return From Keyword If ${status} ${HARBOR_IP} + \ Sleep 30s + Fail Harbor failed to come up properly! diff --git a/tests/resources/OVA-Util.robot b/tests/resources/OVA-Util.robot index 88cb5be4a..b7eaabb7d 100644 --- a/tests/resources/OVA-Util.robot +++ b/tests/resources/OVA-Util.robot @@ -17,9 +17,9 @@ Documentation This resource provides any keywords related to Unified OVA *** Variables *** ${ova_root_pwd} ova-test-root-pwd -${ova_appliance_options} --prop:appliance.root_pwd=${ova_root_pwd} --prop:appliance.permit_root_login=True +${ova_appliance_options} --prop:root_pwd=${ova_root_pwd} --prop:permit_root_login=true -${ova_target_vm_name} vic-unified-ova-integration-test +${ova_target_vm_name} harbor-unified-ova-integration-test ${ovftool_options} --noSSLVerify --acceptAllEulas --name=${ova_target_vm_name} --diskMode=thin --powerOn --X:waitForIp --X:injectOvfEnv --X:enableHiddenProperties ${ova_network_ip0} 10.17.109.207 @@ -32,7 +32,7 @@ ${ova_network_options} --prop:network.ip0=${ova_network_ip0} --prop:network.net ${ova_harbor_admin_password} harbor-admin-passwd ${ova_harbor_db_password} harbor-db-passwd -${ova_service_options} --prop:registry.admin_password=${ova_harbor_admin_password} --prop:registry.db_password=${ova_harbor_db_password} +${ova_service_options} --prop:auth_mode="%{AUTH_MODE}" --prop:clair_db_password="%{CLAIR_DB_PASSWORD}" --prop:max_job_workers="%{MAX_JOB_WORKERS}" --prop:harbor_admin_password="%{HARBOR_ADMIN_PASSWORD}" --prop:db_password="%{DB_PASSWORD}" ${ova_options} ${ovftool_options} ${ova_appliance_options} ${ova_service_options} ${ova_options_with_network} ${ova_options} ${ova_network_options} @@ -41,11 +41,8 @@ ${tls_not_disabled} False *** Keywords *** # Requires vc credential for govc -Deploy VIC-OVA To Test Server - [Arguments] ${dhcp}=False ${build}=False ${user}=%{TEST_USERNAME} ${password}=%{TEST_PASSWORD} ${host}=%{TEST_URL} ${datastore}=%{TEST_DATASTORE} ${cluster}=%{TEST_RESOURCE} ${datacenter}=%{TEST_DATACENTER} - Run Keyword if ${build} Build Unified OVA - ${rev}= Run git rev-parse --short HEAD - Set Test Variable ${ova_path} bin/vic-1.1.0-${rev}.ova +Deploy Harbor-OVA To Test Server + [Arguments] ${dhcp} ${protocol} ${build} ${user} ${password} ${ova_path} ${host} ${datastore} ${cluster} ${datacenter} Log To Console \nCleanup environment... Run Keyword And Ignore Error Run GOVC_URL=${host} GOVC_USERNAME=${user} GOVC_PASSWORD=${password} GOVC_INSECURE=1 govc vm.destroy ${ova_target_vm_name} @@ -56,16 +53,31 @@ Deploy VIC-OVA To Test Server ... ELSE Log To Console ovftool --datastore=${datastore} ${ova_options_with_network} ${ova_path} 'vi://${user}:${password}@${host}/${datacenter}/host/${cluster}' ${out}= Run Keyword If ${dhcp} Run ovftool --datastore=${datastore} ${ova_options} ${ova_path} 'vi://${user}:${password}@${host}/${datacenter}/host/${cluster}' ... ELSE Run ovftool --datastore=${datastore} ${ova_options_with_network} ${ova_path} 'vi://${user}:${password}@${host}/${datacenter}/host/${cluster}' - Log ${out} + + Should Contain ${out} Received IP address: + Should Not Contain ${out} None - Log To Console \n${out} - @{out}= Split To Lines ${out} - Should Contain @{out}[-1] Completed successfully + ${out}= Run GOVC_URL=${host} GOVC_USERNAME=${user} GOVC_PASSWORD=${password} GOVC_INSECURE=1 govc ls /ha-datacenter/host/cls/ + ${out}= Split To Lines ${out} + ${idx}= Set Variable 1 + :FOR ${line} IN @{out} + \ Continue For Loop If '${line}' == '/ha-datacenter/host/cls/Resources' + \ ${ip}= Fetch From Right ${line} / + \ Set Suite Variable ${esx${idx}-ip} ${ip} + \ ${idx}= Evaluate ${idx}+1 - Log To Console \nUnified OVA is deployed successfully + Run Keyword And Ignore Error Run GOVC_URL=${host} GOVC_USERNAME=${user} GOVC_PASSWORD=${password} GOVC_INSECURE=1 govc host.esxcli -host.ip=${esx1-ip} system settings advanced set -o /Net/GuestIPHack -i 1 + ${ip}= Run GOVC_URL=${host} GOVC_USERNAME=${user} GOVC_PASSWORD=${password} GOVC_INSECURE=1 govc vm.ip -esxcli harbor-unified-ova-integration-test + + Set Environment Variable HARBOR_IP ${ip} + + Log To Console \nHarbor IP: %{HARBOR_IP} + + Wait for Harbor Ready ${protocol} %{HARBOR_IP} + [Return] %{HARBOR_IP} # Requires vc credential for govc -Cleanup VIC-OVA On Test Server +Cleanup Harbor-OVA On Test Server [Arguments] ${url}=%{GOVC_URL} ${username}=%{GOVC_USERNAME} ${password}=%{GOVC_PASSWORD} ${rc} ${output}= Run And Return Rc And Output GOVC_URL=${url} GOVC_USERNAME=${username} GOVC_PASSWORD=${password} GOVC_INSECURE=1 govc vm.destroy ${ova_target_vm_name} Log ${output} @@ -82,8 +94,4 @@ Build Unified OVA Log ${out} @{out}= Split To Lines ${out} Should Not Contain @{out}[-1] Error - Log To Console \nUnified OVA is built successfully - -Remove OVA Artifacts Locally - ${rev}= Run git rev-parse --short HEAD - Remove Files bin/vic-1.1.0-${rev}.ova bin/vic-1.1.0-${rev}.ovf bin/vic-1.1.0-${rev}.mk bin/vic-1.1.0-${rev}-disk*.vmdk + Log To Console \nUnified OVA is built successfully \ No newline at end of file diff --git a/tests/resources/Vsphere-Util.robot b/tests/resources/Vsphere-Util.robot index 7fdccd9c3..6072cc9ae 100644 --- a/tests/resources/Vsphere-Util.robot +++ b/tests/resources/Vsphere-Util.robot @@ -18,28 +18,23 @@ Documentation This resource contains any keywords dealing with operations being *** Keywords *** Power On VM OOB [Arguments] ${vm} - ${rc} ${output}= Run Keyword If '%{HOST_TYPE}' == 'VC' Run And Return Rc And Output govc vm.power -on %{VCH-NAME}/"${vm}" - Run Keyword If '%{HOST_TYPE}' == 'VC' Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run Keyword If '%{HOST_TYPE}' == 'ESXi' Run And Return Rc And Output govc vm.power -on "${vm}" - Run Keyword If '%{HOST_TYPE}' == 'ESXi' Should Be Equal As Integers ${rc} 0 + ${rc} ${output}= Run And Return Rc And Output govc vm.power -on "${vm}" + Should Be Equal As Integers ${rc} 0 Log To Console Waiting for VM to power on ... Wait Until VM Powers On ${vm} Power Off VM OOB [Arguments] ${vm} - ${rc} ${output}= Run Keyword If '%{HOST_TYPE}' == 'VC' Run And Return Rc And Output govc vm.power -off %{VCH-NAME}/"${vm}" - Run Keyword If '%{HOST_TYPE}' == 'VC' Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run Keyword If '%{HOST_TYPE}' == 'ESXi' Run And Return Rc And Output govc vm.power -off "${vm}" - Run Keyword If '%{HOST_TYPE}' == 'ESXi' Should Be Equal As Integers ${rc} 0 + ${rc} ${output}= Run And Return Rc And Output govc vm.power -off "${vm}" + Log To Console ${output} + Should Be Equal As Integers ${rc} 0 Log To Console Waiting for VM to power off ... Wait Until VM Powers Off "${vm}" Destroy VM OOB [Arguments] ${vm} - ${rc} ${output}= Run Keyword If '%{HOST_TYPE}' == 'VC' Run And Return Rc And Output govc vm.destroy %{VCH-NAME}/"*-${vm}" - Run Keyword If '%{HOST_TYPE}' == 'VC' Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run Keyword If '%{HOST_TYPE}' == 'ESXi' Run And Return Rc And Output govc vm.destroy "*-${vm}" - Run Keyword If '%{HOST_TYPE}' == 'ESXi' Should Be Equal As Integers ${rc} 0 + ${rc} ${output}= Run And Return Rc And Output govc vm.destroy "*-${vm}" + Should Be Equal As Integers ${rc} 0 Put Host Into Maintenance Mode ${rc} ${output}= Run And Return Rc And Output govc host.maintenance.enter -host.ip=%{TEST_URL} @@ -56,13 +51,19 @@ Reboot VM Power On VM OOB ${vm} Log To Console ${vm} Powered On +Reset VM + [Arguments] ${vm} + ${rc} ${output}= Run And Return Rc And Output govc vm.power -reset "${vm}" + Log To Console ${output} + Should Be Equal As Integers ${rc} 0 + Log To Console Waiting for VM to reset ... + Wait Until VM Powers On "${vm}" + Wait Until VM Powers On [Arguments] ${vm} :FOR ${idx} IN RANGE 0 30 - \ ${ret}= Run Keyword If '%{HOST_TYPE}' == 'VC' Run govc vm.info %{VCH-NAME}/${vm} - \ Run Keyword If '%{HOST_TYPE}' == 'VC' Set Test Variable ${out} ${ret} - \ ${ret}= Run Keyword If '%{HOST_TYPE}' == 'ESXi' Run govc vm.info ${vm} - \ Run Keyword If '%{HOST_TYPE}' == 'ESXi' Set Test Variable ${out} ${ret} + \ ${ret}= Run govc vm.info ${vm} + \ Set Test Variable ${out} ${ret} \ ${status}= Run Keyword And Return Status Should Contain ${out} poweredOn \ Return From Keyword If ${status} \ Sleep 1 @@ -71,10 +72,8 @@ Wait Until VM Powers On Wait Until VM Powers Off [Arguments] ${vm} :FOR ${idx} IN RANGE 0 30 - \ ${ret}= Run Keyword If '%{HOST_TYPE}' == 'VC' Run govc vm.info %{VCH-NAME}/${vm} - \ Run Keyword If '%{HOST_TYPE}' == 'VC' Set Test Variable ${out} ${ret} - \ ${ret}= Run Keyword If '%{HOST_TYPE}' == 'ESXi' Run govc vm.info ${vm} - \ Run Keyword If '%{HOST_TYPE}' == 'ESXi' Set Test Variable ${out} ${ret} + \ ${ret}= Run govc vm.info ${vm} + \ Set Test Variable ${out} ${ret} \ ${status}= Run Keyword And Return Status Should Contain ${out} poweredOff \ Return From Keyword If ${status} \ Sleep 1 @@ -83,10 +82,8 @@ Wait Until VM Powers Off Wait Until VM Is Destroyed [Arguments] ${vm} :FOR ${idx} IN RANGE 0 30 - \ ${ret}= Run Keyword If '%{HOST_TYPE}' == 'VC' Run govc ls vm/%{VCH-NAME}/${vm} - \ Run Keyword If '%{HOST_TYPE}' == 'VC' Set Test Variable ${out} ${ret} - \ ${ret}= Run Keyword If '%{HOST_TYPE}' == 'ESXi' Run govc ls vm/${vm} - \ Run Keyword If '%{HOST_TYPE}' == 'ESXi' Set Test Variable ${out} ${ret} + \ ${ret}= Run govc ls vm/${vm} + \ Set Test Variable ${out} ${ret} \ ${status}= Run Keyword And Return Status Should Be Empty ${out} \ Return From Keyword If ${status} \ Sleep 1 @@ -215,4 +212,4 @@ Enable Host Firewall Run govc host.esxcli network firewall set --enabled true Disable Host Firewall - Run govc host.esxcli network firewall set --enabled false + Run govc host.esxcli network firewall set --enabled false \ No newline at end of file diff --git a/tests/robot-cases/Group5-OVA-install-config/5-00-OVA-BAT.robot b/tests/robot-cases/Group5-OVA-install-config/5-00-OVA-BAT.robot new file mode 100644 index 000000000..ba58e008f --- /dev/null +++ b/tests/robot-cases/Group5-OVA-install-config/5-00-OVA-BAT.robot @@ -0,0 +1,51 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +*** Settings *** +Documentation Harbor BATs +Resource ../../resources/Util.robot +Default Tags OVA + +*** Test Cases *** +Test Case - Deploy OVA + Deploy Harbor-OVA To Test Server %{DHCP} %{PROTOCOL} False %{USER} %{PASSWORD} ${ova_url} %{HOST} %{DATASTORE} %{CLUSTER} %{DATACENTER} + +Test Case - Sign With Admin Modified Pwd + Open Connection %{HARBOR_IP} + Login root ova-test-root-pwd + SSHLibrary.Get File /data/ca_download/harbor_ca.crt + Close All Connections + Generate Certificate Authority For Chrome %{HARBOR_PASSWORD} + Init Chrome Driver + Sign In Harbor https://%{HARBOR_IP} admin %{HARBOR_ADMIN_PASSWORD} + Close Browser + +Test Case - Push Image + Init Chrome Driver + Start Docker Daemon Locally + ${d}= Get Current Date result_format=%m%s + Create An New User url=https://%{HARBOR_IP} username=tester${d} email=tester${d}@vmware.com realname=harbortest newPassword=Test1@34 comment=harbortest + Create An New Project test${d} + + Push image %{HARBOR_IP} tester${d} Test1@34 test${d} hello-world:latest + Go Into Project test${d} + Wait Until Page Contains test${d}/hello-world + +Test Case - OVA reboot + Reboot VM harbor-unified-ova-integration-test + Wait for Harbor Ready %{protocol} %{HARBOR_IP} + +Test Case - OVA reset + Reset VM harbor-unified-ova-integration-test + Wait for Harbor Ready %{protocol} %{HARBOR_IP} From 512384722a5b123d4193a365768faf7988d4448d Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Fri, 3 Nov 2017 19:52:20 +0800 Subject: [PATCH 31/83] Make the internal URL of UI and JobService configurable --- make/common/templates/adminserver/env | 2 ++ src/adminserver/systemcfg/systemcfg.go | 5 +++++ src/common/const.go | 2 ++ src/common/utils/test/adminserver.go | 2 ++ src/jobservice/config/config.go | 9 ++++++++- src/jobservice/config/config_test.go | 3 +++ src/ui/config/config.go | 18 ++++++++++++++++-- src/ui/config/config_test.go | 4 ++++ 8 files changed, 42 insertions(+), 3 deletions(-) diff --git a/make/common/templates/adminserver/env b/make/common/templates/adminserver/env index 7e0a9e242..a1b21104b 100644 --- a/make/common/templates/adminserver/env +++ b/make/common/templates/adminserver/env @@ -42,3 +42,5 @@ RESET=false UAA_ENDPOINT=$uaa_endpoint UAA_CLIENTID=$uaa_clientid UAA_CLIENTSECRET=$uaa_clientsecret +UI_URL=http://ui +JOBSERVICE_URL=http://jobservice diff --git a/src/adminserver/systemcfg/systemcfg.go b/src/adminserver/systemcfg/systemcfg.go index c599191ec..9cbb5d4c8 100644 --- a/src/adminserver/systemcfg/systemcfg.go +++ b/src/adminserver/systemcfg/systemcfg.go @@ -123,6 +123,11 @@ var ( parse: parseStringToBool, }, common.ClairDBPassword: "CLAIR_DB_PASSWORD", + common.UAAEndpoint: "UAA_ENDPOINT", + common.UAAClientID: "UAA_CLIENTID", + common.UAAClientSecret: "UAA_CLIENTSECRET", + common.UIURL: "UI_URL", + common.JobServiceURL: "JOBSERVICE_URL", } // configurations need read from environment variables diff --git a/src/common/const.go b/src/common/const.go index f8786c0a8..ae39ee3ea 100644 --- a/src/common/const.go +++ b/src/common/const.go @@ -38,6 +38,8 @@ const ( MySQLDatabase = "mysql_database" SQLiteFile = "sqlite_file" SelfRegistration = "self_registration" + UIURL = "ui_url" + JobServiceURL = "jobservice_url" LDAPURL = "ldap_url" LDAPSearchDN = "ldap_search_dn" LDAPSearchPwd = "ldap_search_password" diff --git a/src/common/utils/test/adminserver.go b/src/common/utils/test/adminserver.go index 5ae720fb5..a5382ce5f 100644 --- a/src/common/utils/test/adminserver.go +++ b/src/common/utils/test/adminserver.go @@ -63,6 +63,8 @@ var adminServerDefaultConfig = map[string]interface{}{ common.UAAClientID: "testid", common.UAAClientSecret: "testsecret", common.UAAEndpoint: "10.192.168.5", + common.UIURL: "http://myui:8888/", + common.JobServiceURL: "http://myjob:8888/", } // NewAdminserver returns a mock admin server diff --git a/src/jobservice/config/config.go b/src/jobservice/config/config.go index 243d212d1..1d82393a1 100644 --- a/src/jobservice/config/config.go +++ b/src/jobservice/config/config.go @@ -17,6 +17,7 @@ package config import ( "fmt" "os" + "strings" "github.com/vmware/harbor/src/adminserver/client" "github.com/vmware/harbor/src/adminserver/client/auth" @@ -107,7 +108,13 @@ func MaxJobWorkers() (int, error) { // LocalUIURL returns the local ui url, job service will use this URL to call API hosted on ui process func LocalUIURL() string { - return "http://ui" + cfg, err := mg.Get() + if err != nil { + log.Warningf("Failed to Get job service UI URL from backend, error: %v, will return default value.") + return "http://ui" + } + return strings.TrimSuffix(cfg[common.UIURL].(string), "/") + } // LocalRegURL returns the local registry url, job service will use this URL to pull image from the registry diff --git a/src/jobservice/config/config_test.go b/src/jobservice/config/config_test.go index c66a746bc..746096d0a 100644 --- a/src/jobservice/config/config_test.go +++ b/src/jobservice/config/config_test.go @@ -18,6 +18,7 @@ import ( "os" "testing" + "github.com/stretchr/testify/assert" "github.com/vmware/harbor/src/common/utils/test" ) @@ -40,6 +41,7 @@ func TestConfig(t *testing.T) { return } defer os.Remove(secretKeyPath) + assert := assert.New(t) if err := os.Setenv("KEY_PATH", secretKeyPath); err != nil { t.Fatalf("failed to set env %s: %v", "KEY_PATH", err) @@ -76,4 +78,5 @@ func TestConfig(t *testing.T) { if _, err := ExtEndpoint(); err != nil { t.Fatalf("failed to get ext endpoint: %v", err) } + assert.Equal("http://myui:8888", LocalUIURL()) } diff --git a/src/ui/config/config.go b/src/ui/config/config.go index 5603622ef..4bb25e09f 100644 --- a/src/ui/config/config.go +++ b/src/ui/config/config.go @@ -244,12 +244,26 @@ func RegistryURL() (string, error) { // InternalJobServiceURL returns jobservice URL for internal communication between Harbor containers func InternalJobServiceURL() string { - return "http://jobservice" + cfg, err := mg.Get() + if err != nil { + log.Warningf("Failed to Get job service URL from backend, error: %v, will return default value.") + + return "http://jobservice" + } + return strings.TrimSuffix(cfg[common.JobServiceURL].(string), "/") } // InternalTokenServiceEndpoint returns token service endpoint for internal communication between Harbor containers func InternalTokenServiceEndpoint() string { - return "http://ui/service/token" + uiURL := "http://ui" + cfg, err := mg.Get() + if err != nil { + log.Warningf("Failed to Get job service UI URL from backend, error: %v, will use default value.") + + } else { + uiURL = cfg[common.UIURL].(string) + } + return strings.TrimSuffix(uiURL, "/") + "/service/token" } // InternalNotaryEndpoint returns notary server endpoint for internal communication between Harbor containers diff --git a/src/ui/config/config_test.go b/src/ui/config/config_test.go index 5d37c40ed..8788b3f84 100644 --- a/src/ui/config/config_test.go +++ b/src/ui/config/config_test.go @@ -17,6 +17,7 @@ import ( "os" "testing" + "github.com/stretchr/testify/assert" "github.com/vmware/harbor/src/common/utils/test" ) @@ -39,6 +40,7 @@ func TestConfig(t *testing.T) { return } defer os.Remove(secretKeyPath) + assert := assert.New(t) if err := os.Setenv("KEY_PATH", secretKeyPath); err != nil { t.Fatalf("failed to set env %s: %v", "KEY_PATH", err) @@ -164,5 +166,7 @@ func TestConfig(t *testing.T) { if us.ClientID != "testid" || us.ClientSecret != "testsecret" || us.Endpoint != "10.192.168.5" { t.Errorf("Unexpected UAA setting: %+v", *us) } + assert.Equal("http://myjob:8888", InternalJobServiceURL()) + assert.Equal("http://myui:8888/service/token", InternalTokenServiceEndpoint()) } From 9382cac934ae4ba2bbe7db18a35a0e76a5459461 Mon Sep 17 00:00:00 2001 From: reasonerjt Date: Sun, 5 Nov 2017 21:52:23 -0800 Subject: [PATCH 32/83] Remove the Dockerfile of rsyslog image --- make/common/rsyslog/Dockerfile | 10 ---------- make/photon/log/Dockerfile | 12 ++++++++---- 2 files changed, 8 insertions(+), 14 deletions(-) delete mode 100644 make/common/rsyslog/Dockerfile diff --git a/make/common/rsyslog/Dockerfile b/make/common/rsyslog/Dockerfile deleted file mode 100644 index cd0027005..000000000 --- a/make/common/rsyslog/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM vmware/photon:1.0 - -#base image for rsyslog base on photon - -RUN tdnf distro-sync -y || echo \ - && tdnf install -y cronie rsyslog shadow tar gzip \ - && mkdir /etc/rsyslog.d/ \ - && mkdir /var/spool/rsyslog \ - && groupadd -r -g 10000 syslog && useradd --no-log-init -r -g 10000 -u 10000 syslog \ - && tdnf clean all diff --git a/make/photon/log/Dockerfile b/make/photon/log/Dockerfile index 1d34c93a0..c82bf07f8 100644 --- a/make/photon/log/Dockerfile +++ b/make/photon/log/Dockerfile @@ -1,8 +1,14 @@ -FROM vmware/rsyslog-photon:8.15.0 +FROM vmware/photon:1.0 + +RUN tdnf distro-sync -y || echo \ + && tdnf install -y cronie rsyslog shadow tar gzip sudo net-tools\ + && mkdir /etc/rsyslog.d/ \ + && mkdir /var/spool/rsyslog \ + && groupadd -r -g 10000 syslog && useradd --no-log-init -r -g 10000 -u 10000 syslog \ + && tdnf clean all COPY rsyslog.conf /etc/rsyslog.conf -# rotate logs weekly # notes: file name cannot contain dot, or the script will not run COPY rotate.sh /etc/cron.daily/rotate @@ -11,7 +17,6 @@ COPY rsyslog_docker.conf /etc/rsyslog.d/ COPY start.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/start.sh && \ - tdnf install -y sudo net-tools && \ chown -R 10000:10000 /run HEALTHCHECK CMD netstat -ltu|grep 10514 @@ -20,5 +25,4 @@ VOLUME /var/log/docker/ /run/ EXPOSE 10514 -#CMD crond && rm -f /var/run/rsyslogd.pid && rsyslogd -n CMD /usr/local/bin/start.sh From 28834fedf7251771034ed4845746d03044eaab12 Mon Sep 17 00:00:00 2001 From: wangyan Date: Mon, 6 Nov 2017 01:16:17 -0800 Subject: [PATCH 33/83] Add description for VIC 1.2 migration scripts --- tools/migration/export | 20 ++++++++++++++++++++ tools/migration/import | 20 ++++++++++++++++++++ tools/migration/mapprojects | 21 +++++++++++++++++++++ 3 files changed, 61 insertions(+) diff --git a/tools/migration/export b/tools/migration/export index 76f746193..8db251aaf 100755 --- a/tools/migration/export +++ b/tools/migration/export @@ -1,4 +1,24 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #!/usr/bin/python + +""" +The script is to export the existing projects of Harbor into a file. +It's only for VIC 1.2 migration. +""" + import json import fileinput from optparse import OptionParser diff --git a/tools/migration/import b/tools/migration/import index 16bd81435..c96cc0e59 100755 --- a/tools/migration/import +++ b/tools/migration/import @@ -1,4 +1,24 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #!/usr/bin/python + +""" +The script is to import the projects of source file into Admiral and save the results into mapprojectsfile. +It's only for VIC 1.2 migration. +""" + import json from optparse import OptionParser import os diff --git a/tools/migration/mapprojects b/tools/migration/mapprojects index 898919053..5b8a4ce12 100755 --- a/tools/migration/mapprojects +++ b/tools/migration/mapprojects @@ -1,6 +1,27 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #!/usr/bin/python # -*- coding: utf-8 -*- +""" +The script is to map the project ID of Harbor and Admiral, and only for VIC 1.2 migration. + +In VIC 1.2, proejct is managed by Admiral rather than Harbor, as part of migration, +it needs to unify the proejct ID of Admiral and Harbor. +""" + import json import fileinput from optparse import OptionParser From 5293a9287b0f50a6c8a300e04aa992703815b605 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Thu, 2 Nov 2017 17:00:51 +0800 Subject: [PATCH 34/83] Fail earlier when found database schema dismatch --- make/common/db/registry.sql | 2 +- make/common/db/registry_sqlite.sql | 2 +- src/common/dao/base.go | 10 +++++++++ src/common/dao/version.go | 34 ++++++++++++++++++++++++++++++ src/common/dao/version_test.go | 28 ++++++++++++++++++++++++ src/common/models/version.go | 20 ++++++++++++++++++ 6 files changed, 94 insertions(+), 2 deletions(-) create mode 100644 src/common/dao/version.go create mode 100644 src/common/dao/version_test.go create mode 100644 src/common/models/version.go diff --git a/make/common/db/registry.sql b/make/common/db/registry.sql index 9b764e901..e2d364ea9 100644 --- a/make/common/db/registry.sql +++ b/make/common/db/registry.sql @@ -230,4 +230,4 @@ CREATE TABLE IF NOT EXISTS `alembic_version` ( `version_num` varchar(32) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -insert into alembic_version values ('1.2.0'); +insert into alembic_version values ('1.3.0'); diff --git a/make/common/db/registry_sqlite.sql b/make/common/db/registry_sqlite.sql index 7ccd6bc12..a846e124a 100644 --- a/make/common/db/registry_sqlite.sql +++ b/make/common/db/registry_sqlite.sql @@ -221,4 +221,4 @@ create table alembic_version ( version_num varchar(32) NOT NULL ); -insert into alembic_version values ('0.3.0'); +insert into alembic_version values ('1.3.0'); diff --git a/src/common/dao/base.go b/src/common/dao/base.go index 86f107a1e..1da44e0f2 100644 --- a/src/common/dao/base.go +++ b/src/common/dao/base.go @@ -71,6 +71,16 @@ func InitDatabase(database *models.Database) error { if err := db.Register(); err != nil { return err } + + version, err := GetSchemaVersion() + if err != nil { + return err + } + if version.Version != SchemaVersion { + return fmt.Errorf("unexpected database schema version, expected %s, got %s", + SchemaVersion, version.Version) + } + log.Info("initialize database completed") return nil } diff --git a/src/common/dao/version.go b/src/common/dao/version.go new file mode 100644 index 000000000..c3dc8fe9e --- /dev/null +++ b/src/common/dao/version.go @@ -0,0 +1,34 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package dao + +import ( + "github.com/vmware/harbor/src/common/models" +) + +const ( + // SchemaVersion is the version of database schema + SchemaVersion = "1.3.0" +) + +// GetSchemaVersion return the version of database schema +func GetSchemaVersion() (*models.SchemaVersion, error) { + version := &models.SchemaVersion{} + if err := GetOrmer().Raw("select version_num from alembic_version"). + QueryRow(version); err != nil { + return nil, err + } + return version, nil +} diff --git a/src/common/dao/version_test.go b/src/common/dao/version_test.go new file mode 100644 index 000000000..1ee432208 --- /dev/null +++ b/src/common/dao/version_test.go @@ -0,0 +1,28 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package dao + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestGetSchemaVersion(t *testing.T) { + version, err := GetSchemaVersion() + require.Nil(t, err) + assert.Equal(t, SchemaVersion, version.Version) +} diff --git a/src/common/models/version.go b/src/common/models/version.go new file mode 100644 index 000000000..9fc892799 --- /dev/null +++ b/src/common/models/version.go @@ -0,0 +1,20 @@ +// Copyright (c) 2017 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package models + +// SchemaVersion is the version of database schema +type SchemaVersion struct { + Version string `json:"version" orm:"column(version_num)"` +} From c66ab0d142cbb319e41f66a2fe1352a70ecc4c06 Mon Sep 17 00:00:00 2001 From: myufei Date: Fri, 3 Nov 2017 14:36:40 +0800 Subject: [PATCH 35/83] Add project level policy auto case --- tests/resources/Docker-Util.robot | 10 +++- .../Harbor-Pages/Project-Config.robot | 50 +++++++++++++++++++ tests/resources/Util.robot | 1 + tests/robot-cases/Group0-BAT/BAT.robot | 31 ++++++++++++ 4 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 tests/resources/Harbor-Pages/Project-Config.robot diff --git a/tests/resources/Docker-Util.robot b/tests/resources/Docker-Util.robot index c3770f3c0..1fb4a3bfe 100644 --- a/tests/resources/Docker-Util.robot +++ b/tests/resources/Docker-Util.robot @@ -69,6 +69,14 @@ Cannot Pull image Log ${output} Should Not Be Equal As Integers ${rc} 0 +Cannot Pull Unsigned Image + [Arguments] ${ip} ${user} ${pass} ${proj} ${imagewithtag} + ${rc} ${output}= Run And Return Rc And Output docker login -u ${user} -p ${pass} ${ip} + Should Be Equal As Integers ${rc} 0 + ${rc} ${output}= Run And Return Rc And Output docker pull ${ip}/${proj}/${imagewithtag} + Should Contain ${output} The image is not signed in Notary + Should Not Be Equal As Integers ${rc} 0 + Cannot Push image [Arguments] ${ip} ${user} ${pwd} ${project} ${image} Log To Console \nRunning docker push ${image}... @@ -123,4 +131,4 @@ Kill Local Docker Daemon Terminate Process ${handle} Process Should Be Stopped ${handle} ${rc}= Run And Return Rc kill -9 ${dockerd-pid} - Should Be Equal As Integers ${rc} 0 \ No newline at end of file + Should Be Equal As Integers ${rc} 0 diff --git a/tests/resources/Harbor-Pages/Project-Config.robot b/tests/resources/Harbor-Pages/Project-Config.robot new file mode 100644 index 000000000..a51e01ba2 --- /dev/null +++ b/tests/resources/Harbor-Pages/Project-Config.robot @@ -0,0 +1,50 @@ +*** Settings *** + +Resource ../../resources/Util.robot + +*** Variables *** +${HARBOR_VERSION} V1.1.1 + +*** Keywords *** + +Goto Project Config + Click Element //project-detail//ul/li[contains(.,'Configuration')] + +Click Project Public + Mouse Down //hbr-project-policy-config//input[@name='public'] + Mouse Up //hbr-project-policy-config//input[@name='public'] + +Click Content Trust + Mouse Down //hbr-project-policy-config//input[@name='content-trust'] + Mouse Up //hbr-project-policy-config//input[@name='content-trust'] + +Click Prevent Running + Mouse Down //hbr-project-policy-config//input[@name='prevent-vulnerability-image'] + Mouse Up //hbr-project-policy-config//input[@name='prevent-vulnerability-image'] + +Select Prevent Level +#value NEGLIGIBLE LOW MEDIUM HIGH + [Arguments] ${level} + Click Element //hbr-project-policy-config//select + Click Element //hbr-project-policy-config//select/option[contains(.,'${level}')] +Click Auto Scan + Mouse Down //hbr-project-policy-config//input[@name='scan-image-on-push'] + Mouse Up //hbr-project-policy-config//input[@name='scan-image-on-push'] + +Save Project Config + Sleep 1 + Click Element //hbr-project-policy-config//button[contains(.,'SAVE')] + +#assert +Public Should Be Selected + Checkbox Should Be Selected //hbr-project-policy-config//input[@name='public'] +Project Should Be Public + [Arguments] ${projid} + Page Should Contain Element //clr-dg-row-master[contains(.,'${projid}')]//clr-dg-cell[contains(.,'Public')] +Content Trust Should Be Selected + Checkbox Should Be Selected //hbr-project-policy-config//input[@name='content-trust'] +Prevent Running Should Be Selected + Checkbox Should Be Selected //hbr-project-policy-config//input[@name='prevent-vulnerability-image'] +Auto Scan Should Be Selected + Checkbox Should Be Selected //hbr-project-policy-config//input[@name='scan-image-on-push'] + diff --git a/tests/resources/Util.robot b/tests/resources/Util.robot index 1c3bbb9df..ae1012734 100644 --- a/tests/resources/Util.robot +++ b/tests/resources/Util.robot @@ -45,3 +45,4 @@ Resource Admiral-Util.robot Resource OVA-Util.robot Resource Cert-Util.robot Resource SeleniumUtil.robot +Resource Harbor-Pages/Project-Config.robot diff --git a/tests/robot-cases/Group0-BAT/BAT.robot b/tests/robot-cases/Group0-BAT/BAT.robot index 63530f2f9..044d94e54 100644 --- a/tests/robot-cases/Group0-BAT/BAT.robot +++ b/tests/robot-cases/Group0-BAT/BAT.robot @@ -137,6 +137,37 @@ Test Case - Manage project publicity Project Should Display project${d} Close Browser +Test Case - Project Level Policy Public + Init Chrome Driver + ${d}= Get Current Date result_format=%m%s + Sign In Harbor ${HARBOR_URL} %{HARBOR_ADMIN} %{HARBOR_PASSWORD} + Create An New Project project${d} + Go Into Project project${d} + Goto Project Config + Click Project Public + Save Project Config + #verify + Public Should Be Selected + Back To Projects + #project${d} default should be private + Project Should Be Public project${d} + Close Browser + +Test Case - Project Level Policy Content Trust + Init Chrome Driver + ${d}= Get Current Date result_format=%m%s + Sign In Harbor ${HARBOR_URL} %{HARBOR_ADMIN} %{HARBOR_PASSWORD} + Create An New Project project${d} + Push Image ${ip} %{HARBOR_ADMIN} %{HARBOR_PASSWORD} project${d} hello-world:latest + Go Into Project project${d} + Goto Project Config + Click Content Trust + Save Project Config + #verify + Content Trust Should Be Selected + Cannot Pull Unsigned Image ${ip} %{HARBOR_ADMIN} %{HARBOR_PASSWORD} project${d} hello-world:latest + Close Browser + Test Case - Edit Project Creation # create normal user and login Init Chrome Driver From e9d1b89936a1e04cfddf3bd758a2d708b8be0684 Mon Sep 17 00:00:00 2001 From: yixingj Date: Fri, 3 Nov 2017 18:06:27 +0800 Subject: [PATCH 36/83] Run clair with limited user 1>creat user clair 2>run clair with user clair --- make/docker-compose.clair.yml | 3 +-- make/photon/clair/Dockerfile | 21 ++++++++++++--------- make/photon/clair/docker-entrypoint.sh | 4 ++++ 3 files changed, 17 insertions(+), 11 deletions(-) create mode 100644 make/photon/clair/docker-entrypoint.sh diff --git a/make/docker-compose.clair.yml b/make/docker-compose.clair.yml index 888d243f8..5cacf9a74 100644 --- a/make/docker-compose.clair.yml +++ b/make/docker-compose.clair.yml @@ -35,14 +35,13 @@ services: networks: - harbor-clair container_name: clair - image: vmware/clair-photon:v2.0.1 + image: vmware/clair:v2.0.1-photon restart: always cpu_quota: 150000 depends_on: - postgres volumes: - ./common/config/clair:/config - command: [-config, /config/config.yaml] logging: driver: "syslog" options: diff --git a/make/photon/clair/Dockerfile b/make/photon/clair/Dockerfile index 9f5d1185f..eb319e85b 100644 --- a/make/photon/clair/Dockerfile +++ b/make/photon/clair/Dockerfile @@ -2,15 +2,18 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y \ && tdnf erase vim -y \ - && tdnf install -y git bzr rpm xz \ + && tdnf install -y git shadow sudo bzr rpm xz python-xml \ && tdnf clean all \ - && mkdir /clair2.0.1/ - + && mkdir /clair2.0.1/ \ + && groupadd -r -g 10000 clair \ + && useradd --no-log-init -m -r -g 10000 -u 10000 clair COPY clair /clair2.0.1/ - +COPY docker-entrypoint.sh /docker-entrypoint.sh VOLUME /config -EXPOSE 6060 6061 - -RUN chmod u+x /clair2.0.1/clair - -ENTRYPOINT ["/clair2.0.1/clair"] +EXPOSE 6060 6061 +RUN chown -R 10000:10000 /clair2.0.1 \ + && chmod u+x /clair2.0.1/clair \ + && chmod u+x /docker-entrypoint.sh +HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1 +USER clair +ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/make/photon/clair/docker-entrypoint.sh b/make/photon/clair/docker-entrypoint.sh new file mode 100644 index 000000000..b09f4a6bf --- /dev/null +++ b/make/photon/clair/docker-entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -e +/clair2.0.1/clair -config /config/config.yaml +set +e From 05d8b1194e84a0a38b56a35f5ddebf6c1e431432 Mon Sep 17 00:00:00 2001 From: Henry Zhang Date: Wed, 8 Nov 2017 21:09:36 +0800 Subject: [PATCH 37/83] Update README to include Twitter and email groups of Harbor. --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f019504c2..ec9bf16f9 100644 --- a/README.md +++ b/README.md @@ -33,8 +33,11 @@ Download binaries of **[Harbor release ](https://github.com/vmware/harbor/releas Refer to **[User Guide](docs/user_guide.md)** for more details on how to use Harbor. ### Community +**Twitter:** @project_harbor +**User Group:** Join Harbor user email group: harbor-users@googlegroups.com to get update of Harbor's news, features, releases, or to provide suggestion and feedback. To subscribe, send an email to harbor-users+subscribe@googlegroups.com . +**Developer Group:** Join Harbor developer group: harbor-dev@googlegroups.com for discussion on Harbor development and contribution.To subscribe, send an email to harbor-dev+subscribe@googlegroups.com . **Slack:** Join Harbor's community for discussion and ask questions: [VMware {code}](https://code.vmware.com/join/), Channel: #harbor. -**Email:** harbor@vmware.com . + More info on [partners and users](partners.md). ### Contribution @@ -56,7 +59,7 @@ This project uses open source components which have additional licensing terms. * MySQL 5.6: [docker image](https://hub.docker.com/_/mysql/), [license](https://github.com/docker-library/mysql/blob/master/LICENSE) ### Commercial Support -If you need commercial support of Harbor, please contact us for more information: harbor@vmware.com . +If you need commercial support of Harbor, please contact us for more information: harbor at vmware.com . From 66b9699ac24e4416f0cd35c2713809bdbaaee027 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Wed, 8 Nov 2017 13:07:27 +0800 Subject: [PATCH 38/83] Improve log rotation configurability --- make/common/templates/log/env | 1 - make/common/templates/log/logrotate.conf | 8 ++++++ make/docker-compose.tpl | 3 +-- make/harbor.cfg | 8 ++++-- make/photon/log/Dockerfile | 10 +++---- make/photon/log/rotate.sh | 33 ------------------------ make/photon/log/rsyslog_docker.conf | 2 +- make/prepare | 12 +++++---- 8 files changed, 28 insertions(+), 49 deletions(-) delete mode 100644 make/common/templates/log/env create mode 100644 make/common/templates/log/logrotate.conf delete mode 100755 make/photon/log/rotate.sh diff --git a/make/common/templates/log/env b/make/common/templates/log/env deleted file mode 100644 index d0c9d994f..000000000 --- a/make/common/templates/log/env +++ /dev/null @@ -1 +0,0 @@ -LOG_ROTATE_DAYS=$log_rotate_days \ No newline at end of file diff --git a/make/common/templates/log/logrotate.conf b/make/common/templates/log/logrotate.conf new file mode 100644 index 000000000..bc63e78de --- /dev/null +++ b/make/common/templates/log/logrotate.conf @@ -0,0 +1,8 @@ +/var/log/docker/*.log { + rotate $log_rotate_count + size $log_rotate_size + copytruncate + compress + missingok + nodateext +} \ No newline at end of file diff --git a/make/docker-compose.tpl b/make/docker-compose.tpl index 18c8d6cf7..0bf52032a 100644 --- a/make/docker-compose.tpl +++ b/make/docker-compose.tpl @@ -3,11 +3,10 @@ services: log: image: vmware/harbor-log:__version__ container_name: harbor-log - env_file: - - ./common/config/log/env restart: always volumes: - /var/log/harbor/:/var/log/docker/:z + - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.0.1:1514:10514 networks: diff --git a/make/harbor.cfg b/make/harbor.cfg index 34af8b960..f926c0429 100644 --- a/make/harbor.cfg +++ b/make/harbor.cfg @@ -34,8 +34,12 @@ admiral_url = NA #Please update it before deployment, subsequent update will cause Clair's API server and Harbor unable to access Clair's database. clair_db_password = password -#The logs n days before will be compressed -log_rotate_days = 3 +#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. +log_rotate_count = 50 +#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. +#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G +#are all valid. +log_rotate_size = 200M #NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES #only take effect in the first boot, the subsequent changes of these properties diff --git a/make/photon/log/Dockerfile b/make/photon/log/Dockerfile index c82bf07f8..7b31c75b5 100644 --- a/make/photon/log/Dockerfile +++ b/make/photon/log/Dockerfile @@ -1,7 +1,7 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y || echo \ - && tdnf install -y cronie rsyslog shadow tar gzip sudo net-tools\ + && tdnf install -y cronie rsyslog logrotate shadow tar gzip sudo net-tools\ && mkdir /etc/rsyslog.d/ \ && mkdir /var/spool/rsyslog \ && groupadd -r -g 10000 syslog && useradd --no-log-init -r -g 10000 -u 10000 syslog \ @@ -9,19 +9,19 @@ RUN tdnf distro-sync -y || echo \ COPY rsyslog.conf /etc/rsyslog.conf -# notes: file name cannot contain dot, or the script will not run -COPY rotate.sh /etc/cron.daily/rotate - # rsyslog configuration file for docker COPY rsyslog_docker.conf /etc/rsyslog.d/ +# run logrotate hourly +RUN mv /etc/cron.daily/logrotate /etc/cron.hourly/logrotate + COPY start.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/start.sh && \ chown -R 10000:10000 /run HEALTHCHECK CMD netstat -ltu|grep 10514 -VOLUME /var/log/docker/ /run/ +VOLUME /var/log/docker/ /run/ /etc/logrotate.d/ EXPOSE 10514 diff --git a/make/photon/log/rotate.sh b/make/photon/log/rotate.sh deleted file mode 100755 index 5f102dffc..000000000 --- a/make/photon/log/rotate.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -set -e -echo "Log rotate starting..." - -#The logs n days before will be compressed. -n=$LOG_ROTATE_DAYS -if [ -z "$n" ] -then - n=3 -fi - -echo "logs rotate days: $n" - -path=/var/log/docker - -list="" -n_days_before=$(($(date +%s) - 3600*24*$n)) -for dir in $(ls $path | grep -v "tar.gz"); -do - if [ $(date --date=$dir +%s) -lt $n_days_before ] - then - echo "$dir will be compressed" - list="$list $dir" - fi -done - -if [ -n "$list" ] -then - cd $path - tar --remove-files -zcvf $(date -d @$n_days_before +%F)-.tar.gz $list -fi - -echo "Log rotate finished." diff --git a/make/photon/log/rsyslog_docker.conf b/make/photon/log/rsyslog_docker.conf index ce565c705..a21cc5078 100644 --- a/make/photon/log/rsyslog_docker.conf +++ b/make/photon/log/rsyslog_docker.conf @@ -1,7 +1,7 @@ # Rsyslog configuration file for docker. template(name="DynaFile" type="string" - string="/var/log/docker/%$now%/%syslogtag:R,ERE,0,DFLT:[^[]*--end:secpath-replace%.log" + string="/var/log/docker/%syslogtag:R,ERE,0,DFLT:[^[]*--end:secpath-replace%.log" ) #if $programname == "docker" then ?DynaFile if $programname != "rsyslogd" then -?DynaFile diff --git a/make/prepare b/make/prepare index 3702bea46..5fb7c3380 100755 --- a/make/prepare +++ b/make/prepare @@ -162,7 +162,8 @@ uaa_clientid = rcp.get("configuration", "uaa_clientid") uaa_clientsecret = rcp.get("configuration", "uaa_clientsecret") uaa_ca_root = rcp.get("configuration", "uaa_ca_root") secret_key = get_secret_key(secretkey_path) -log_rotate_days = rcp.get("configuration", "log_rotate_days") +log_rotate_count = rcp.get("configuration", "log_rotate_count") +log_rotate_size = rcp.get("configuration", "log_rotate_size") ######## ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16)) @@ -190,7 +191,7 @@ db_conf_env = os.path.join(config_dir, "db", "env") job_conf_env = os.path.join(config_dir, "jobservice", "env") nginx_conf = os.path.join(config_dir, "nginx", "nginx.conf") cert_dir = os.path.join(config_dir, "nginx", "cert") -log_conf_env = os.path.join(config_dir, "log", "env") +log_rotate_config = os.path.join(config_dir, "log", "logrotate.conf") if protocol == "https": target_cert_path = os.path.join(cert_dir, os.path.basename(cert_path)) @@ -273,9 +274,10 @@ render(os.path.join(templates_dir, "jobservice", "env"), ui_secret=ui_secret, jobservice_secret=jobservice_secret) -render(os.path.join(templates_dir, "log", "env"), - log_conf_env, - log_rotate_days=log_rotate_days) +render(os.path.join(templates_dir, "log", "logrotate.conf"), + log_rotate_config, + log_rotate_count=log_rotate_count, + log_rotate_size=log_rotate_size) print("Generated configuration file: %s" % jobservice_conf) shutil.copyfile(os.path.join(templates_dir, "jobservice", "app.conf"), jobservice_conf) From 19a13e8575776afb699b641f21168875dbbf6002 Mon Sep 17 00:00:00 2001 From: reasonerjt Date: Wed, 8 Nov 2017 05:22:00 -0800 Subject: [PATCH 39/83] Deprivilege harbor-ui harbor-jobservice harbor-adminserver Use non-root user to run the service within these docker images, and provide HEALTHCHECK mechanism. --- .travis.yml | 2 +- make/common/nginx/Dockerfile | 2 +- make/common/templates/adminserver/env | 5 +++-- make/common/templates/clair/config.yaml | 2 +- make/common/templates/jobservice/app.conf | 2 +- make/common/templates/jobservice/env | 1 + make/common/templates/nginx/nginx.http.conf | 2 +- make/common/templates/nginx/nginx.https.conf | 2 +- make/common/templates/registry/config.yml | 2 +- make/common/templates/ui/app.conf | 2 +- make/common/templates/ui/env | 1 + make/photon/adminserver/Dockerfile | 9 ++++++--- make/photon/adminserver/start.sh | 5 +++++ make/photon/jobservice/Dockerfile | 12 ++++++++---- make/photon/jobservice/start.sh | 9 +++++++++ make/photon/ui/Dockerfile | 13 +++++++------ make/photon/ui/start.sh | 6 ++++++ src/common/utils/ldap/ldap_test.go | 4 ++-- src/common/utils/notary/helper.go | 2 +- src/common/utils/notary/helper_test.go | 2 +- src/jobservice/config/config.go | 4 ++-- src/jobservice/config/config_test.go | 4 ++-- src/jobservice/job/job_test.go | 4 ++-- src/ui/auth/ldap/ldap_test.go | 4 ++-- src/ui/auth/uaa/uaa_test.go | 4 ++-- src/ui/config/config.go | 2 +- src/ui/config/config_test.go | 4 ++-- src/ui/proxy/interceptor_test.go | 4 ++-- src/ui/service/token/token_test.go | 2 +- tests/docker-compose.test.yml | 2 +- 30 files changed, 75 insertions(+), 44 deletions(-) create mode 100644 make/photon/adminserver/start.sh create mode 100644 make/photon/jobservice/start.sh create mode 100644 make/photon/ui/start.sh diff --git a/.travis.yml b/.travis.yml index fc1e3c3f9..d35e31775 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,7 @@ env: MYSQL_PWD: root123 MYSQL_DATABASE: registry SQLITE_FILE: /tmp/registry.db - ADMIN_SERVER_URL: http://127.0.0.1:8888 + ADMINSERVER_URL: http://127.0.0.1:8888 DOCKER_COMPOSE_VERSION: 1.7.1 HARBOR_ADMIN: admin HARBOR_ADMIN_PASSWD: Harbor12345 diff --git a/make/common/nginx/Dockerfile b/make/common/nginx/Dockerfile index 1c63a5e3d..1c85bb5e6 100644 --- a/make/common/nginx/Dockerfile +++ b/make/common/nginx/Dockerfile @@ -4,10 +4,10 @@ RUN tdnf distro-sync -y || echo \ && tdnf install -y nginx \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ - && mkdir -p /var/run \ && tdnf clean all EXPOSE 80 +VOLUME /var/cache/nginx /var/log/nginx /run STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/make/common/templates/adminserver/env b/make/common/templates/adminserver/env index a1b21104b..0b7c555bc 100644 --- a/make/common/templates/adminserver/env +++ b/make/common/templates/adminserver/env @@ -1,3 +1,4 @@ +PORT=8080 LOG_LEVEL=debug EXT_ENDPOINT=$ui_url AUTH_MODE=$auth_mode @@ -42,5 +43,5 @@ RESET=false UAA_ENDPOINT=$uaa_endpoint UAA_CLIENTID=$uaa_clientid UAA_CLIENTSECRET=$uaa_clientsecret -UI_URL=http://ui -JOBSERVICE_URL=http://jobservice +UI_URL=http://ui:8080 +JOBSERVICE_URL=http://jobservice:8080 diff --git a/make/common/templates/clair/config.yaml b/make/common/templates/clair/config.yaml index b8f23748b..c09dd2585 100644 --- a/make/common/templates/clair/config.yaml +++ b/make/common/templates/clair/config.yaml @@ -22,4 +22,4 @@ clair: attempts: 3 renotifyinterval: 2h http: - endpoint: http://ui/service/notifications/clair + endpoint: http://ui:8080/service/notifications/clair diff --git a/make/common/templates/jobservice/app.conf b/make/common/templates/jobservice/app.conf index 21439a8e1..d238cbf6e 100644 --- a/make/common/templates/jobservice/app.conf +++ b/make/common/templates/jobservice/app.conf @@ -2,4 +2,4 @@ appname = jobservice runmode = dev [dev] -httpport = 80 +httpport = 8080 diff --git a/make/common/templates/jobservice/env b/make/common/templates/jobservice/env index c5e37fc0f..e5ccac91e 100644 --- a/make/common/templates/jobservice/env +++ b/make/common/templates/jobservice/env @@ -2,4 +2,5 @@ LOG_LEVEL=debug CONFIG_PATH=/etc/jobservice/app.conf UI_SECRET=$ui_secret JOBSERVICE_SECRET=$jobservice_secret +ADMINSERVER_URL=http://adminserver:8080 GODEBUG=netdns=cgo diff --git a/make/common/templates/nginx/nginx.http.conf b/make/common/templates/nginx/nginx.http.conf index 820544ca3..9e4123a9d 100644 --- a/make/common/templates/nginx/nginx.http.conf +++ b/make/common/templates/nginx/nginx.http.conf @@ -18,7 +18,7 @@ http { } upstream ui { - server ui:80; + server ui:8080; } log_format timed_combined '$$remote_addr - ' diff --git a/make/common/templates/nginx/nginx.https.conf b/make/common/templates/nginx/nginx.https.conf index 703e41c9d..d0b295b7a 100644 --- a/make/common/templates/nginx/nginx.https.conf +++ b/make/common/templates/nginx/nginx.https.conf @@ -18,7 +18,7 @@ http { } upstream ui { - server ui:80; + server ui:8080; } log_format timed_combined '$$remote_addr - ' diff --git a/make/common/templates/registry/config.yml b/make/common/templates/registry/config.yml index 9049c6fa9..72c0db59e 100644 --- a/make/common/templates/registry/config.yml +++ b/make/common/templates/registry/config.yml @@ -29,7 +29,7 @@ notifications: endpoints: - name: harbor disabled: false - url: http://ui/service/notifications + url: http://ui:8080/service/notifications timeout: 3000ms threshold: 5 backoff: 1s diff --git a/make/common/templates/ui/app.conf b/make/common/templates/ui/app.conf index 8e8f199b7..6110364ca 100644 --- a/make/common/templates/ui/app.conf +++ b/make/common/templates/ui/app.conf @@ -3,4 +3,4 @@ runmode = dev enablegzip = true [dev] -httpport = 80 +httpport = 8080 diff --git a/make/common/templates/ui/env b/make/common/templates/ui/env index d87c93105..1fffc2db1 100644 --- a/make/common/templates/ui/env +++ b/make/common/templates/ui/env @@ -3,4 +3,5 @@ CONFIG_PATH=/etc/ui/app.conf UI_SECRET=$ui_secret JOBSERVICE_SECRET=$jobservice_secret GODEBUG=netdns=cgo +ADMINSERVER_URL=http://adminserver:8080 UAA_CA_ROOT=/etc/ui/certificates/uaa_ca.pem diff --git a/make/photon/adminserver/Dockerfile b/make/photon/adminserver/Dockerfile index 9028ce526..898881411 100644 --- a/make/photon/adminserver/Dockerfile +++ b/make/photon/adminserver/Dockerfile @@ -2,10 +2,13 @@ FROM vmware/photon:1.0 RUN tdnf erase vim -y \ && tdnf distro-sync -y || echo \ + && tdnf install -y sudo \ && tdnf clean all \ + && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor \ && mkdir /harbor/ -COPY ./make/dev/adminserver/harbor_adminserver /harbor/ +COPY ./make/dev/adminserver/harbor_adminserver ./make/photon/adminserver/start.sh /harbor/ +HEALTHCHECK CMD curl -s -o /dev/null -w "%{http_code}" 127.0.0.1:8080/api/configurations|grep 401 -RUN chmod u+x /harbor/harbor_adminserver +RUN chmod u+x /harbor/harbor_adminserver /harbor/start.sh WORKDIR /harbor/ -ENTRYPOINT ["/harbor/harbor_adminserver"] +ENTRYPOINT ["/harbor/start.sh"] diff --git a/make/photon/adminserver/start.sh b/make/photon/adminserver/start.sh new file mode 100644 index 000000000..c4d9c4d8e --- /dev/null +++ b/make/photon/adminserver/start.sh @@ -0,0 +1,5 @@ +#!/bin/sh +if [ -d /etc/adminserver ]; then + chown -R 10000:10000 /etc/adminserver +fi +sudo -E -u \#10000 "/harbor/harbor_adminserver" diff --git a/make/photon/jobservice/Dockerfile b/make/photon/jobservice/Dockerfile index 2db283893..ee3d353f7 100644 --- a/make/photon/jobservice/Dockerfile +++ b/make/photon/jobservice/Dockerfile @@ -2,9 +2,13 @@ FROM vmware/photon:1.0 RUN mkdir /harbor/ \ && tdnf distro-sync -y || echo \ - && tdnf clean all -COPY ./make/dev/jobservice/harbor_jobservice /harbor/ + && tdnf install sudo -y \ + && tdnf clean all \ + && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor +HEALTHCHECK CMD curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8080/api/jobs/replication/1/log|grep 401 -RUN chmod u+x /harbor/harbor_jobservice +COPY ./make/photon/jobservice/start.sh ./make/dev/jobservice/harbor_jobservice /harbor/ + +RUN chmod u+x /harbor/harbor_jobservice /harbor/start.sh WORKDIR /harbor/ -ENTRYPOINT ["/harbor/harbor_jobservice"] +ENTRYPOINT ["/harbor/start.sh"] diff --git a/make/photon/jobservice/start.sh b/make/photon/jobservice/start.sh new file mode 100644 index 000000000..3fc4a6199 --- /dev/null +++ b/make/photon/jobservice/start.sh @@ -0,0 +1,9 @@ +#!/bin/sh +if [ -d /etc/jobservice/ ]; then + chown -R 10000:10000 /etc/jobservice/ +fi +if [ -d /var/log/jobs ]; then + chown -R 10000:10000 /var/log/jobs/ +fi +sudo -E -u \#10000 "/harbor/harbor_jobservice" + diff --git a/make/photon/ui/Dockerfile b/make/photon/ui/Dockerfile index 3d0050336..aab6038ee 100644 --- a/make/photon/ui/Dockerfile +++ b/make/photon/ui/Dockerfile @@ -2,16 +2,17 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y \ && tdnf erase vim -y \ + && tdnf install sudo -y \ && tdnf clean all \ + && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor \ && mkdir /harbor/ -COPY ./make/dev/ui/harbor_ui /harbor/ +HEALTHCHECK CMD curl -s -o /dev/null -w "%{http_code}" 127.0.0.1:8080/api/systeminfo|grep 200 +COPY ./make/dev/ui/harbor_ui ./src/favicon.ico ./make/photon/ui/start.sh ./VERSION /harbor/ COPY ./src/ui/views /harbor/views COPY ./src/ui/static /harbor/static -COPY ./src/favicon.ico /harbor/favicon.ico -COPY ./VERSION /harbor/VERSION -RUN chmod u+x /harbor/harbor_ui - +RUN chmod u+x /harbor/start.sh /harbor/harbor_ui WORKDIR /harbor/ -ENTRYPOINT ["/harbor/harbor_ui"] + +ENTRYPOINT ["/harbor/start.sh"] diff --git a/make/photon/ui/start.sh b/make/photon/ui/start.sh new file mode 100644 index 000000000..6acfe61ec --- /dev/null +++ b/make/photon/ui/start.sh @@ -0,0 +1,6 @@ +#!/bin/sh +if [ -d /etc/ui/ ]; then + chown -R 10000:10000 /etc/ui/ +fi +sudo -E -u \#10000 "/harbor/harbor_ui" + diff --git a/src/common/utils/ldap/ldap_test.go b/src/common/utils/ldap/ldap_test.go index a0a58902c..9dae96da7 100644 --- a/src/common/utils/ldap/ldap_test.go +++ b/src/common/utils/ldap/ldap_test.go @@ -72,8 +72,8 @@ func TestMain(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" diff --git a/src/common/utils/notary/helper.go b/src/common/utils/notary/helper.go index 772ba2061..63f9ae1cc 100644 --- a/src/common/utils/notary/helper.go +++ b/src/common/utils/notary/helper.go @@ -36,7 +36,7 @@ import ( ) var ( - notaryCachePath = "/root/notary" + notaryCachePath = "/etc/ui/notary-cache" trustPin trustpinning.TrustPinConfig mockRetriever notary.PassRetriever ) diff --git a/src/common/utils/notary/helper_test.go b/src/common/utils/notary/helper_test.go index ee8065e01..2a898e8e7 100644 --- a/src/common/utils/notary/helper_test.go +++ b/src/common/utils/notary/helper_test.go @@ -47,7 +47,7 @@ func TestMain(m *testing.M) { panic(err) } defer adminServer.Close() - if err := os.Setenv("ADMIN_SERVER_URL", adminServer.URL); err != nil { + if err := os.Setenv("ADMINSERVER_URL", adminServer.URL); err != nil { panic(err) } if err := config.Init(); err != nil { diff --git a/src/jobservice/config/config.go b/src/jobservice/config/config.go index 1d82393a1..674cd058d 100644 --- a/src/jobservice/config/config.go +++ b/src/jobservice/config/config.go @@ -45,7 +45,7 @@ func Init() error { //init key provider initKeyProvider() - adminServerURL := os.Getenv("ADMIN_SERVER_URL") + adminServerURL := os.Getenv("ADMINSERVER_URL") if len(adminServerURL) == 0 { adminServerURL = "http://adminserver" } @@ -163,7 +163,7 @@ func ExtEndpoint() (string, error) { // InternalTokenServiceEndpoint ... func InternalTokenServiceEndpoint() string { - return "http://ui/service/token" + return LocalUIURL() + "/service/token" } // ClairEndpoint returns the end point of clair instance, by default it's the one deployed within Harbor. diff --git a/src/jobservice/config/config_test.go b/src/jobservice/config/config_test.go index 746096d0a..0f5743a6c 100644 --- a/src/jobservice/config/config_test.go +++ b/src/jobservice/config/config_test.go @@ -30,8 +30,8 @@ func TestConfig(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" diff --git a/src/jobservice/job/job_test.go b/src/jobservice/job/job_test.go index 2fcc3e844..ab52c9487 100644 --- a/src/jobservice/job/job_test.go +++ b/src/jobservice/job/job_test.go @@ -55,8 +55,8 @@ func TestMain(m *testing.M) { log.Fatalf("failed to create a mock admin server: %v", err) } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - log.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + log.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" _, err = test.GenerateKey(secretKeyPath) diff --git a/src/ui/auth/ldap/ldap_test.go b/src/ui/auth/ldap/ldap_test.go index 6563f4f68..fdbda990a 100644 --- a/src/ui/auth/ldap/ldap_test.go +++ b/src/ui/auth/ldap/ldap_test.go @@ -71,8 +71,8 @@ func TestMain(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" diff --git a/src/ui/auth/uaa/uaa_test.go b/src/ui/auth/uaa/uaa_test.go index f79c1434d..629d8bd77 100644 --- a/src/ui/auth/uaa/uaa_test.go +++ b/src/ui/auth/uaa/uaa_test.go @@ -33,8 +33,8 @@ func TestGetClient(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } err = config.Init() if err != nil { diff --git a/src/ui/config/config.go b/src/ui/config/config.go index 4bb25e09f..8d3d9c8bf 100644 --- a/src/ui/config/config.go +++ b/src/ui/config/config.go @@ -62,7 +62,7 @@ func Init() error { //init key provider initKeyProvider() - adminServerURL := os.Getenv("ADMIN_SERVER_URL") + adminServerURL := os.Getenv("ADMINSERVER_URL") if len(adminServerURL) == 0 { adminServerURL = "http://adminserver" } diff --git a/src/ui/config/config_test.go b/src/ui/config/config_test.go index 8788b3f84..60d0d8609 100644 --- a/src/ui/config/config_test.go +++ b/src/ui/config/config_test.go @@ -29,8 +29,8 @@ func TestConfig(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" diff --git a/src/ui/proxy/interceptor_test.go b/src/ui/proxy/interceptor_test.go index dda580cfa..0a5756c78 100644 --- a/src/ui/proxy/interceptor_test.go +++ b/src/ui/proxy/interceptor_test.go @@ -40,7 +40,7 @@ func TestMain(m *testing.M) { panic(err) } defer adminServer.Close() - if err := os.Setenv("ADMIN_SERVER_URL", adminServer.URL); err != nil { + if err := os.Setenv("ADMINSERVER_URL", adminServer.URL); err != nil { panic(err) } if err := config.Init(); err != nil { @@ -129,7 +129,7 @@ func TestPMSPolicyChecker(t *testing.T) { panic(err) } defer adminServer.Close() - if err := os.Setenv("ADMIN_SERVER_URL", adminServer.URL); err != nil { + if err := os.Setenv("ADMINSERVER_URL", adminServer.URL); err != nil { panic(err) } if err := config.Init(); err != nil { diff --git a/src/ui/service/token/token_test.go b/src/ui/service/token/token_test.go index 7410b506f..2ef32dbe9 100644 --- a/src/ui/service/token/token_test.go +++ b/src/ui/service/token/token_test.go @@ -41,7 +41,7 @@ func TestMain(m *testing.M) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { panic(err) } if err := config.Init(); err != nil { diff --git a/tests/docker-compose.test.yml b/tests/docker-compose.test.yml index cf5c3c6dc..80a41289b 100644 --- a/tests/docker-compose.test.yml +++ b/tests/docker-compose.test.yml @@ -33,4 +33,4 @@ services: - /data/secretkey:/etc/adminserver/key - /data/:/data/ ports: - - 8888:80 + - 8888:8080 From cb47b44ee829139b1f02cf6a13e32d4243b23a46 Mon Sep 17 00:00:00 2001 From: yixingj Date: Fri, 10 Nov 2017 12:10:08 +0800 Subject: [PATCH 40/83] Fix clair images version issue Update clair image version in Makefile --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index f80e34c7f..e13249f6f 100644 --- a/Makefile +++ b/Makefile @@ -92,7 +92,7 @@ REBUILDCLARITYFLAG=false NEWCLARITYVERSION= #clair parameters -CLAIRVERSION=v2.0.1 +CLAIRVERSION=v2.0.1-photon CLAIRFLAG=false CLAIRDBVERSION=9.6.5-photon @@ -247,7 +247,7 @@ ifeq ($(NOTARYFLAG), true) DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) endif ifeq ($(CLAIRFLAG), true) - DOCKERSAVE_PARA+= vmware/clair-photon:$(CLAIRVERSION) vmware/postgresql:$(CLAIRDBVERSION) + DOCKERSAVE_PARA+= vmware/clair:$(CLAIRVERSION) vmware/postgresql:$(CLAIRDBVERSION) PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME) PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME) DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME) @@ -375,7 +375,7 @@ package_offline: compile build modify_sourcefiles modify_composefile fi @if [ "$(CLAIRFLAG)" = "true" ] ; then \ echo "pulling claiy and postgres..."; \ - $(DOCKERPULL) vmware/clair-photon:$(CLAIRVERSION); \ + $(DOCKERPULL) vmware/clair:$(CLAIRVERSION); \ $(DOCKERPULL) vmware/postgresql:$(CLAIRDBVERSION); \ fi @if [ "$(MIGRATORFLAG)" = "true" ] ; then \ From 12abeb0a36389d6607f5fe348f0dbfa5af6aa3db Mon Sep 17 00:00:00 2001 From: yixingj Date: Thu, 9 Nov 2017 22:54:27 +0800 Subject: [PATCH 41/83] Run notary related images with user notary 1>Change the user from root to notary 2>Update the images. --- make/docker-compose.notary.yml | 4 ---- make/photon/notary/server-start.sh | 3 +++ make/photon/notary/server.Dockerfile | 11 ++++++++--- make/photon/notary/signer-start.sh | 3 +++ make/photon/notary/signer.Dockerfile | 9 +++++++-- 5 files changed, 21 insertions(+), 9 deletions(-) create mode 100644 make/photon/notary/server-start.sh create mode 100644 make/photon/notary/signer-start.sh diff --git a/make/docker-compose.notary.yml b/make/docker-compose.notary.yml index feab28a03..2999680df 100644 --- a/make/docker-compose.notary.yml +++ b/make/docker-compose.notary.yml @@ -16,8 +16,6 @@ services: - harbor-notary volumes: - ./common/config/notary:/config - entrypoint: /usr/bin/env sh - command: -c "/migrations/migrate.sh && notary-server -config=/config/server-config.json -logf=logfmt" depends_on: - notary-db - notary-signer @@ -39,8 +37,6 @@ services: - ./common/config/notary:/config env_file: - ./common/config/notary/signer_env - entrypoint: /usr/bin/env sh - command: -c "/migrations/migrate.sh && notary-signer -config=/config/signer-config.json -logf=logfmt" depends_on: - notary-db logging: diff --git a/make/photon/notary/server-start.sh b/make/photon/notary/server-start.sh new file mode 100644 index 000000000..62083adb4 --- /dev/null +++ b/make/photon/notary/server-start.sh @@ -0,0 +1,3 @@ +#!/bin/sh +chown 10000:10000 -R /config +sudo -E -u \#10000 sh -c "/usr/bin/env /migrations/migrate.sh && /bin/notary-server -config=/config/server-config.json -logf=logfmt" diff --git a/make/photon/notary/server.Dockerfile b/make/photon/notary/server.Dockerfile index 740a3e26f..aa2c633a1 100644 --- a/make/photon/notary/server.Dockerfile +++ b/make/photon/notary/server.Dockerfile @@ -2,10 +2,15 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y \ && tdnf erase vim -y \ - && tdnf clean all + && tdnf install -y shadow sudo \ + && tdnf clean all \ + && groupadd -r -g 10000 notary \ + && useradd --no-log-init -r -g 10000 -u 10000 notary + COPY ./binary/notary-server /bin/notary-server COPY ./migrate /bin/migrate COPY ./migrations/ /migrations/ - +COPY ./server-start.sh /bin/server-start.sh +RUN chmod u+x /bin/notary-server /migrations/migrate.sh /bin/migrate /bin/server-start.sh ENV SERVICE_NAME=notary_server -ENTRYPOINT [ "notary-server" ] +ENTRYPOINT [ "/bin/server-start.sh" ] diff --git a/make/photon/notary/signer-start.sh b/make/photon/notary/signer-start.sh new file mode 100644 index 000000000..c6107dbac --- /dev/null +++ b/make/photon/notary/signer-start.sh @@ -0,0 +1,3 @@ +#!/bin/sh +chown 10000:10000 -R /config +sudo -E -u \#10000 sh -c "/usr/bin/env && /migrations/migrate.sh && /bin/notary-signer -config=/config/signer-config.json -logf=logfmt" diff --git a/make/photon/notary/signer.Dockerfile b/make/photon/notary/signer.Dockerfile index e9c67bc13..b6b3b0b76 100644 --- a/make/photon/notary/signer.Dockerfile +++ b/make/photon/notary/signer.Dockerfile @@ -2,10 +2,15 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y \ && tdnf erase vim -y \ - && tdnf clean all + && tdnf install -y shadow sudo \ + && tdnf clean all \ + && groupadd -r -g 10000 notary \ + && useradd --no-log-init -r -g 10000 -u 10000 notary COPY ./binary/notary-signer /bin/notary-signer COPY ./migrate /bin/migrate COPY ./migrations/ /migrations/ +COPY ./signer-start.sh /bin/signer-start.sh +RUN chmod u+x /bin/notary-signer /migrations/migrate.sh /bin/migrate /bin/signer-start.sh ENV SERVICE_NAME=notary_signer -ENTRYPOINT [ "notary-signer" ] +ENTRYPOINT [ "/bin/signer-start.sh" ] From 19f3ebd353aa582e14602701d044de64c2ae10bc Mon Sep 17 00:00:00 2001 From: int32bit Date: Mon, 6 Nov 2017 21:10:33 +0800 Subject: [PATCH 42/83] Add CLI tool for Harbor This patch provides a command-line tool for managing Harbor resources like users, projects, images, etc. --- contrib/harbor-cli/Dockerfile | 10 + contrib/harbor-cli/README.md | 574 +++++++++++++++++ contrib/harbor-cli/harborclient/__init__.py | 13 + .../harbor-cli/harborclient/api_versions.py | 274 ++++++++ contrib/harbor-cli/harborclient/base.py | 41 ++ contrib/harbor-cli/harborclient/client.py | 374 +++++++++++ contrib/harbor-cli/harborclient/exceptions.py | 194 ++++++ contrib/harbor-cli/harborclient/shell.py | 414 ++++++++++++ contrib/harbor-cli/harborclient/utils.py | 165 +++++ .../harbor-cli/harborclient/v2/__init__.py | 1 + contrib/harbor-cli/harborclient/v2/client.py | 73 +++ .../harborclient/v2/configurations.py | 7 + contrib/harbor-cli/harborclient/v2/jobs.py | 11 + contrib/harbor-cli/harborclient/v2/logs.py | 7 + .../harbor-cli/harborclient/v2/projects.py | 44 ++ .../harborclient/v2/repositories.py | 27 + .../harbor-cli/harborclient/v2/searcher.py | 7 + contrib/harbor-cli/harborclient/v2/shell.py | 607 ++++++++++++++++++ .../harbor-cli/harborclient/v2/statistics.py | 7 + .../harbor-cli/harborclient/v2/systeminfo.py | 15 + contrib/harbor-cli/harborclient/v2/targets.py | 18 + contrib/harbor-cli/harborclient/v2/users.py | 72 +++ contrib/harbor-cli/harborrc | 5 + contrib/harbor-cli/requirements.txt | 10 + contrib/harbor-cli/set_bash_completion.sh | 1 + contrib/harbor-cli/setup.cfg | 35 + contrib/harbor-cli/setup.py | 8 + contrib/harbor-cli/test-requirements.txt | 3 + contrib/harbor-cli/tools/pretty_tox.sh | 16 + contrib/harbor-cli/tox.ini | 23 + 30 files changed, 3056 insertions(+) create mode 100644 contrib/harbor-cli/Dockerfile create mode 100644 contrib/harbor-cli/README.md create mode 100644 contrib/harbor-cli/harborclient/__init__.py create mode 100644 contrib/harbor-cli/harborclient/api_versions.py create mode 100644 contrib/harbor-cli/harborclient/base.py create mode 100644 contrib/harbor-cli/harborclient/client.py create mode 100644 contrib/harbor-cli/harborclient/exceptions.py create mode 100644 contrib/harbor-cli/harborclient/shell.py create mode 100644 contrib/harbor-cli/harborclient/utils.py create mode 100644 contrib/harbor-cli/harborclient/v2/__init__.py create mode 100644 contrib/harbor-cli/harborclient/v2/client.py create mode 100644 contrib/harbor-cli/harborclient/v2/configurations.py create mode 100644 contrib/harbor-cli/harborclient/v2/jobs.py create mode 100644 contrib/harbor-cli/harborclient/v2/logs.py create mode 100644 contrib/harbor-cli/harborclient/v2/projects.py create mode 100644 contrib/harbor-cli/harborclient/v2/repositories.py create mode 100644 contrib/harbor-cli/harborclient/v2/searcher.py create mode 100644 contrib/harbor-cli/harborclient/v2/shell.py create mode 100644 contrib/harbor-cli/harborclient/v2/statistics.py create mode 100644 contrib/harbor-cli/harborclient/v2/systeminfo.py create mode 100644 contrib/harbor-cli/harborclient/v2/targets.py create mode 100644 contrib/harbor-cli/harborclient/v2/users.py create mode 100644 contrib/harbor-cli/harborrc create mode 100644 contrib/harbor-cli/requirements.txt create mode 100755 contrib/harbor-cli/set_bash_completion.sh create mode 100644 contrib/harbor-cli/setup.cfg create mode 100644 contrib/harbor-cli/setup.py create mode 100644 contrib/harbor-cli/test-requirements.txt create mode 100755 contrib/harbor-cli/tools/pretty_tox.sh create mode 100644 contrib/harbor-cli/tox.ini diff --git a/contrib/harbor-cli/Dockerfile b/contrib/harbor-cli/Dockerfile new file mode 100644 index 000000000..c5e37bf3a --- /dev/null +++ b/contrib/harbor-cli/Dockerfile @@ -0,0 +1,10 @@ +FROM python:2 +MAINTAINER int32bit krystism@gmail.com + +ADD . /opt/harborclient +RUN pip install -r /opt/harborclient/requirements.txt +RUN set -ex \ + && cd /opt/harborclient \ + && python setup.py install \ + && rm -rf /opt/harborclient +CMD ["harbor"] diff --git a/contrib/harbor-cli/README.md b/contrib/harbor-cli/README.md new file mode 100644 index 000000000..50ef6fe6f --- /dev/null +++ b/contrib/harbor-cli/README.md @@ -0,0 +1,574 @@ +## About This Project + +Project Harbor is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security. Having a registry closer to the build and run environment improves the image transfer efficiency. Harbor supports the setup of multiple registries and has images replicated between them. With Harbor, the images are stored within the private registry, keeping the bits and intellectual properties behind the company firewall. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing. + +This project provides a great native command-line experience for managing Harbor resources like user, project, etc. It can be used on macOS, Linux, and Docker. + +## Install Harbor CLI + +Harbor CLI can be installed by one of two approaches: + +* Option 1: Build as a Docker image(easy, recommended) +* Option 2: Native Installation from Source +* Option 3: Install from pypi + +### Option 1: Build as a Docker image(easy, recommended) + +We maintain a Docker prebuilt image with Harbor CLI. Install the CLI using `docker run`. + +```sh +docker run -t -i krystism/harborclient harbor help +``` + +We strongly suggest you build image from code manually, because our prebuilt image may be not latest version. + +```sh +docker build -t yourname/harborclient . +``` + +Run Harbor CLI as follows: + +```bash +$ docker run --rm \ + -e HARBOR_USERNAME="admin" \ + -e HARBOR_PASSWORD="Harbor12345" \ + -e HARBOR_PROJECT=1 \ + -e HARBOR_URL="http://localhost" \ + yourname/harborclient harbor info + ++------------------------------+---------------------+ +| Property | Value | ++------------------------------+---------------------+ +| admiral_endpoint | NA | +| auth_mode | db_auth | +| disk_free | 4993355776 | +| disk_total | 18381979648 | +| harbor_version | v1.2.2 | +| has_ca_root | False | +| next_scan_all | 0 | +| project_creation_restriction | everyone | +| registry_url | localhost | +| self_registration | True | +| with_admiral | False | +| with_clair | False | +| with_notary | False | ++------------------------------+---------------------+ +``` + +Create an alias: + +```bash +alias harbor='docker run \ + -e HARBOR_USERNAME="admin" \ + -e HARBOR_PASSWORD="Harbor12345" \ + -e HARBOR_URL="http://localhost" \ + --rm krystism/harborclient harbor' +``` + +Then you can run Harbor CLI like: + +``` +$ harbor user-list ++---------+----------+----------+----------------------+--------------+-------------+ +| user_id | username | is_admin | email | realname | comment | ++---------+----------+----------+----------------------+--------------+-------------+ +| 1 | admin | 1 | admin@example.com | system admin | admin user | +| 2 | int32bit | 0 | int32bit@example.com | int32bit | int32bit | ++---------+----------+----------+----------------------+--------------+-------------+ +``` + +### Option 2: Native Installation from Source + +The installation steps boil down to the following: + +#### Install requirements + +``` +sudo pip install -r requirements.txt +``` + +#### Install Harbor CLI. + +```sh +sudo python setup.py install +``` + +Or + +```sh +sudo pip install . +``` + +### Option 3: Install from pypi + +``` +sudo pip install python-harborclient +``` + +### Verify operation + +As the `admin` user, do a `info` request: + +``` +$ harbor --os-baseurl https://localhost --os-username admin --os-project 1 info +password: ***** ++------------------------------+---------------------+ +| Property | Value | ++------------------------------+---------------------+ +| admiral_endpoint | NA | +| auth_mode | db_auth | +| disk_free | 4992696320 | +| disk_total | 18381979648 | +| harbor_version | v1.2.2 | +| has_ca_root | False | +| next_scan_all | 0 | +| project_creation_restriction | everyone | +| registry_url | localhost | +| self_registration | True | +| with_admiral | False | +| with_clair | False | +| with_notary | False | ++------------------------------+---------------------+ +``` + +### Create harbor client environment scripts + +To increase efficiency of client operations, Harbor CLI supports simple client environment scrips also known as `harborrc` file. +These scripts typically contain common options for all client, but also support unique options. + +Create client environment scripts for `admin` user: + +```bash +cat >admin-harborrc < +usage user-create user-delete user-list user-show user-update +``` + +## User Guide + +This guide walks you through the fundamentals of using Harbor CLI. You'll learn how to use Harbor CLI to: + +* Manage your projects. +* Manage members of a project. +* Search projects and repositories. +* Manage users. +* Manage replication policies. +* Manage configuration. +* Delete repositories and images. +* Show logs. +* Get statistics data. +* ... + +Once you install Harbor CLI, you can run `harbor help` to get usage: + +```bash +$ harbor help +usage: harbor [--debug] [--timings] [--version] [--os-username ] + [--os-password ] [--os-project ] + [--timeout ] [--os-baseurl ] [--insecure] + [--os-cacert ] [--os-api-version ] + ... +``` + +Run "harbor help COMMAND" for help on a specific command. + +```bash +$ harbor help user-create +usage: harbor user-create --username --password --email + [--realname ] + [--comment ] + +Create a new User. + +Optional arguments: + --username Unique name of the new user. + --password Password of the new user. + --email Email of the new user. + --realname Realname of the new user. + --comment Comment of the new user. +``` + +Show details about API requests using `--debug` option: + +```bash +$ harbor --debug --insecure project-list +DEBUG (connectionpool:824) Starting new HTTPS connection (1): devstack +DEBUG (connectionpool:396) https://devstack:443 "POST /login HTTP/1.1" 200 0 +DEBUG (client:274) Successfully login, session id: 2642a18db2cb0fb207bd721899da9f8b +REQ: curl -g -i --insecure 'https://devstack/api/projects' -X GET -H "Accept: application/json" -H "Harbor-API-Version: v2" -H "User-Agent: python-harborclient" -b "beegosessionID: 2642a18db2cb0fb207bd721899da9f8b" +DEBUG (connectionpool:824) Starting new HTTPS connection (1): devstack +DEBUG (connectionpool:396) https://devstack:443 "GET /api/projects HTTP/1.1" 200 316 +RESP: [200] {'Content-Length': '316', 'Content-Encoding': 'gzip', 'X-Total-Count': '2', 'Server': 'nginx/1.11.13', 'Connection': 'keep-alive', 'Date': 'Mon, 06 Nov 2017 12:24:53 GMT', 'Content-Type': 'application/json; charset=utf-8'} +RESP BODY: [{"creation_time_str": "", "enable_content_trust": false, "Togglable": true, "owner_name": "", "name": "int32bit", "deleted": 0, "repo_count": 3, "creation_time": "2017-11-01T06:56:07Z", "update_time": "2017-11-01T06:56:07Z", "prevent_vulnerable_images_from_running": false, "current_user_role_id": 1, "project_id": 2, "automatically_scan_images_on_push": false, "public": 1, "prevent_vulnerable_images_from_running_severity": "", "owner_id": 1}, {"creation_time_str": "", "enable_content_trust": false, "Togglable": true, "owner_name": "", "name": "library", "deleted": 0, "repo_count": 0, "creation_time": "2017-11-01T06:08:43Z", "update_time": "2017-11-01T06:08:43Z", "prevent_vulnerable_images_from_running": false, "current_user_role_id": 1, "project_id": 1, "automatically_scan_images_on_push": false, "public": 1, "prevent_vulnerable_images_from_running_severity": "", "owner_id": 1}] + ++------------+----------+----------+----------------------+------------+----------------------+--------+ +| project_id | name | owner_id | current_user_role_id | repo_count | creation_time | public | ++------------+----------+----------+----------------------+------------+----------------------+--------+ +| 1 | library | 1 | 1 | 0 | 2017-11-01T06:08:43Z | 1 | +| 2 | int32bit | 1 | 1 | 3 | 2017-11-01T06:56:07Z | 1 | ++------------+----------+----------+----------------------+------------+----------------------+--------+ +``` + +Print call timing info with `--timings` option: + +``` +$ harbor --insecure --timings user-list ++---------+----------+----------+----------------------+--------------+-------------+ +| user_id | username | is_admin | email | realname | comment | ++---------+----------+----------+----------------------+--------------+-------------+ +| 1 | admin | 1 | admin@example.com | system admin | admin user | +| 3 | int32bit | 0 | int32bit@example.com | int32bit | test | ++---------+----------+----------+----------------------+--------------+-------------+ ++--------------+-----------------+ +| url | seconds | ++--------------+-----------------+ +| GET /users | 0.0146510601044 | +| GET /users/1 | 0.0146780014038 | +| Total | 0.0293290615082 | ++--------------+-----------------+ +Total: 0.0293290615082 seconds +``` + +All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless `--insecure` is used. + +``` +$ harbor info +Traceback (most recent call last): + File "/usr/local/bin/harbor", line 10, in + sys.exit(main()) + File "/usr/local/lib/python2.7/dist-packages/harborclient/shell.py", line 404, in main + HarborShell().main(argv) + File "/usr/local/lib/python2.7/dist-packages/harborclient/shell.py", line 330, in main + self.cs.authenticate() + File "/usr/local/lib/python2.7/dist-packages/harborclient/v2/client.py", line 83, in authenticate + self.client.authenticate() + File "/usr/local/lib/python2.7/dist-packages/harborclient/client.py", line 270, in authenticate + verify=self.verify_cert) + File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 112, in post + return request('post', url, data=data, json=json, **kwargs) + File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request + return session.request(method=method, url=url, **kwargs) + File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request + resp = self.send(prep, **send_kwargs) + File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send + r = adapter.send(request, **kwargs) + File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 506, in send + raise SSLError(e, request=request) +requests.exceptions.SSLError: HTTPSConnectionPool(host='devstack', port=443): Max retries exceeded with url: /login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),)) +$ harbor --insecure info ++------------------------------+---------------------+ +| Property | Value | ++------------------------------+---------------------+ +| admiral_endpoint | NA | +| auth_mode | db_auth | +| disk_free | 4991021056 | +| disk_total | 18381979648 | +| harbor_version | v1.2.2 | +| has_ca_root | False | +| next_scan_all | 0 | +| project_creation_restriction | everyone | +| registry_url | 192.168.99.101:8888 | +| self_registration | True | +| with_admiral | False | +| with_clair | False | +| with_notary | False | ++------------------------------+---------------------+ +``` + +## Examples + +### Create a new user + +``` +$ harbor --insecure user-create \ + --username new-user \ + --password 1q2w3e4r \ + --email new_user@example.com \ + --realname newuser \ + --comment "I am a new user" +Create user 'new-user' successfully. +``` + +### Delete a user + +``` +$ harbor --insecure user-delete new-user +Delete user 'new-user' sucessfully. +``` + +### List repositories and images + +``` +$ harbor list ++-----------------------+------------+-----------+------------+------------+------------+----------------------+ +| name | project_id | size | tags_count | star_count | pull_count | update_time | ++-----------------------+------------+-----------+------------+------------+------------+----------------------+ +| int32bit/busybox | 2 | 715181 | 1 | 0 | 0 | 2017-11-01T07:06:36Z | +| int32bit/golang:1.7.3 | 2 | 257883053 | 2 | 0 | 0 | 2017-11-01T12:59:05Z | +| int32bit/hello-world | 2 | 974 | 1 | 0 | 0 | 2017-11-01T13:22:46Z | ++-----------------------+------------+-----------+------------+------------+------------+----------------------+ +``` + +### Show details about image + +``` +$ harbor show int32bit/golang:1.7.3 ++--------------------+-------------------------------------------------------------------------+ +| Property | Value | ++--------------------+-------------------------------------------------------------------------+ +| creation_time | 2017-11-01T12:59:05Z | +| description | | +| id | 2 | +| name | int32bit/golang | +| project_id | 2 | +| pull_count | 0 | +| star_count | 0 | +| tag_architecture | amd64 | +| tag_author | | +| tag_created | 2016-11-08T19:32:39.908048617Z | +| tag_digest | sha256:37d263ccd240e113a752c46306ad004e36532ce118eb3131d9f76f43cc606d5d | +| tag_docker_version | 1.12.3 | +| tag_name | 1.7.3 | +| tag_os | linux | +| tag_signature | - | +| tags_count | 2 | +| update_time | 2017-11-01T12:59:05Z | ++--------------------+-------------------------------------------------------------------------+ +``` + +### Get top accessed repositories + +``` +$ harbor top ++----------------------+------------+------------+ +| name | pull_count | star_count | ++----------------------+------------+------------+ +| int32bit/busybox | 10 | 0 | +| int32bit/golang | 8 | 0 | +| int32bit/hello-world | 1 | 0 | ++----------------------+------------+------------+ +``` + +### Lists members of a project. + +``` +$ harbor member-list ++----------+--------------+---------+---------+ +| username | role_name | user_id | role_id | ++----------+--------------+---------+---------+ +| admin | projectAdmin | 1 | 1 | +| foo | developer | 5 | 2 | +| test | guest | 6 | 3 | ++----------+--------------+---------+---------+ +``` + +### Show logs + +``` +$ harbor logs ++--------+----------------------+----------+------------+-----------+-----------------------------+ +| log_id | op_time | username | project_id | operation | repository | ++--------+----------------------+----------+------------+-----------+-----------------------------+ +| 1 | 2017-11-01T06:56:07Z | admin | 2 | create | int32bit/ | +| 2 | 2017-11-01T07:06:36Z | admin | 2 | push | int32bit/busybox:latest | +| 3 | 2017-11-01T12:59:05Z | admin | 2 | push | int32bit/golang:1.7.3 | +| 4 | 2017-11-01T13:22:46Z | admin | 2 | push | int32bit/hello-world:latest | +| 5 | 2017-11-01T14:21:49Z | admin | 2 | push | int32bit/golang:latest | +| 6 | 2017-11-03T20:39:04Z | admin | 3 | create | test/ | +| 7 | 2017-11-03T20:39:22Z | admin | 3 | delete | test/ | +| 8 | 2017-11-03T20:39:38Z | admin | 4 | create | test/ | +| 9 | 2017-11-03T20:49:33Z | admin | 4 | delete | test/ | ++--------+----------------------+----------+------------+-----------+-----------------------------+ +``` + +### Search projects and repositories. + +``` +$ harbor search int32bit +Find 1 Projects: ++------------+----------+--------+------------+----------------------+ +| project_id | name | public | repo_count | creation_time | ++------------+----------+--------+------------+----------------------+ +| 2 | int32bit | 1 | 3 | 2017-11-01T06:56:07Z | ++------------+----------+--------+------------+----------------------+ + +Find 3 Repositories: ++----------------------+--------------+------------+----------------+ +| repository_name | project_name | project_id | project_public | ++----------------------+--------------+------------+----------------+ +| int32bit/busybox | int32bit | 2 | 1 | +| int32bit/golang | int32bit | 2 | 1 | +| int32bit/hello-world | int32bit | 2 | 1 | ++----------------------+--------------+------------+----------------+ +``` + +### Lists targets + +``` +$ harbor target-list ++----+----------------------+-------------------------------------+----------+----------+----------------------+ +| id | name | endpoint | username | password | creation_time | ++----+----------------------+-------------------------------------+----------+----------+----------------------+ +| 1 | test-target | http://192.168.99.101:8888 | admin | - | 2017-11-02T01:35:30Z | +| 2 | test-target-2 | http://192.168.99.101:9999 | admin | - | 2017-11-02T13:43:07Z | +| 3 | int32bit-test-target | http://192.168.99.101:8888/int32bit | admin | - | 2017-11-02T14:28:54Z | ++----+----------------------+-------------------------------------+----------+----------+----------------------+ +``` + +### Ping a target + +``` +$ harbor target-ping 1 +OK +``` + +### Lists replication job + +``` +$ harbor job-list 1 ++----+----------------------+-----------+----------+----------------------+ +| id | repository | operation | status | update_time | ++----+----------------------+-----------+----------+----------------------+ +| 1 | int32bit/busybox | transfer | finished | 2017-11-02T01:35:31Z | +| 2 | int32bit/golang | transfer | finished | 2017-11-02T01:35:31Z | +| 3 | int32bit/hello-world | transfer | finished | 2017-11-02T01:35:31Z | ++----+----------------------+-----------+----------+----------------------+ +``` + +### Show job logs: + +``` +$ harbor job-log 1 +2017-11-02T01:35:30Z [INFO] initializing: repository: int32bit/busybox, tags: [], source URL: http://registry:5000, destination URL: http://192.168.99.101:8888, insecure: false, destination user: admin +2017-11-02T01:35:30Z [INFO] initialization completed: project: int32bit, repository: int32bit/busybox, tags: [latest], source URL: http://registry:5000, destination URL: http://192.168.99.101:8888, insecure: false, destination user: admin +2017-11-02T01:35:30Z [WARNING] the status code is 409 when creating project int32bit on http://192.168.99.101:8888 with user admin, try to do next step +2017-11-02T01:35:30Z [INFO] manifest of int32bit/busybox:latest pulled successfully from http://registry:5000: sha256:030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af +2017-11-02T01:35:30Z [INFO] all blobs of int32bit/busybox:latest from http://registry:5000: [sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971 sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e] +2017-11-02T01:35:31Z [INFO] blob sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971 of int32bit/busybox:latest already exists in http://192.168.99.101:8888 +2017-11-02T01:35:31Z [INFO] blob sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e of int32bit/busybox:latest already exists in http://192.168.99.101:8888 +2017-11-02T01:35:31Z [INFO] blobs of int32bit/busybox:latest need to be transferred to http://192.168.99.101:8888: [] +2017-11-02T01:35:31Z [INFO] manifest of int32bit/busybox:latest exists on source registry http://registry:5000, continue manifest pushing +2017-11-02T01:35:31Z [INFO] manifest of int32bit/busybox:latest exists on destination registry http://192.168.99.101:8888, skip manifest pushing +2017-11-02T01:35:31Z [INFO] no tag needs to be replicated, next state is "finished" +``` + +### Show usage + +``` +$ harbor usage ++-----------------------+-------+ +| Property | Value | ++-----------------------+-------+ +| private_project_count | 0 | +| private_repo_count | 0 | +| public_project_count | 2 | +| public_repo_count | 3 | +| total_project_count | 2 | +| total_repo_count | 3 | ++-----------------------+-------+ +``` + +### Show Harbor info + +``` +$ harbor info ++------------------------------+---------------------+ +| Property | Value | ++------------------------------+---------------------+ +| admiral_endpoint | NA | +| auth_mode | db_auth | +| disk_free | 4989370368 | +| disk_total | 18381979648 | +| harbor_version | v1.2.2 | +| has_ca_root | False | +| next_scan_all | 0 | +| project_creation_restriction | everyone | +| registry_url | 192.168.99.101:8888 | +| self_registration | True | +| with_admiral | False | +| with_clair | False | +| with_notary | False | ++------------------------------+---------------------+ +``` + +### Get configrations + +``` +$ harbor get-conf ++------------------------------+-------------------------------------------------------+----------+ +| name | value | editable | ++------------------------------+-------------------------------------------------------+----------+ +| auth_mode | db_auth | False | +| email_from | admin | True | +| email_host | smtp.mydomain.com | True | +| email_identity | - | True | +| email_port | 25 | True | +| email_ssl | False | True | +| email_username | sample_admin@mydomain.com | True | +| ldap_base_dn | ou=people,dc=mydomain,dc=com | True | +| ldap_filter | - | True | +| ldap_scope | 3 | True | +| ldap_search_dn | - | True | +| ldap_timeout | 5 | True | +| ldap_uid | uid | True | +| ldap_url | ldaps://ldap.mydomain.com | True | +| project_creation_restriction | everyone | True | +| scan_all_policy | {u'parameter': {u'daily_time': 0}, u'type': u'daily'} | True | +| self_registration | True | True | +| token_expiration | 30 | True | +| verify_remote_cert | True | True | ++------------------------------+-------------------------------------------------------+----------+ +``` + +### Update user password + +``` +$ harbor change-password int32bit +Old password: ***** +New Password: ***** +Retype new Password: ***** +Update password successfully. +``` + +### Promote a user to administrator + +``` +$ harbor promote int32bit +Promote user 'int32bit' as administrator successfully. +``` + +## Licensing + +HarborClient is licensed under the MIT License, Version 2.0. See [LICENSE](./LICENSE) for the full license text. diff --git a/contrib/harbor-cli/harborclient/__init__.py b/contrib/harbor-cli/harborclient/__init__.py new file mode 100644 index 000000000..2c70bd467 --- /dev/null +++ b/contrib/harbor-cli/harborclient/__init__.py @@ -0,0 +1,13 @@ +import pbr.version + +from harborclient import api_versions + +__version__ = pbr.version.VersionInfo('python-harborclient').version_string() + +API_MIN_VERSION = api_versions.APIVersion("2.0") +# The max version should be the latest version that is supported in the client, +# not necessarily the latest that the server can provide. This is only bumped +# when client supported the max version, and bumped sequentially, otherwise +# the client may break due to server side new version may include some +# backward incompatible change. +API_MAX_VERSION = api_versions.APIVersion("2.0") diff --git a/contrib/harbor-cli/harborclient/api_versions.py b/contrib/harbor-cli/harborclient/api_versions.py new file mode 100644 index 000000000..9a7315b45 --- /dev/null +++ b/contrib/harbor-cli/harborclient/api_versions.py @@ -0,0 +1,274 @@ +import logging +import os +import pkgutil +import re + +import harborclient +from harborclient import exceptions + +LOG = logging.getLogger(__name__) +_type_error_msg = "'%(other)s' should be an instance of '%(cls)s'" + + +if not LOG.handlers: + LOG.addHandler(logging.StreamHandler()) + + +class APIVersion(object): + """This class represents an API Version Request. + + This class provides convenience methods for manipulation + and comparison of version numbers that we need to do to + implement microversions. + """ + + def __init__(self, version_str=None): + """Create an API version object. + + :param version_str: String representation of APIVersionRequest. + Correct format is 'X.Y', where 'X' and 'Y' + are int values. None value should be used + to create Null APIVersionRequest, which is + equal to 0.0 + """ + self.ver_major = 0 + self.ver_minor = 0 + + if version_str is not None: + match = re.match(r"^([1-9]\d*)\.([1-9]\d*|0|latest)$", version_str) + if match: + self.ver_major = int(match.group(1)) + if match.group(2) == "latest": + # NOTE(andreykurilin): Infinity allows to easily determine + # latest version and doesn't require any additional checks + # in comparison methods. + self.ver_minor = float("inf") + else: + self.ver_minor = int(match.group(2)) + else: + msg = ("Invalid format of client version '%s'. " + "Expected format 'X.Y', where X is a major part and Y " + "is a minor part of version.") % version_str + raise exceptions.UnsupportedVersion(msg) + + def __str__(self): + """Debug/Logging representation of object.""" + if self.is_latest(): + return "Latest API Version Major: %s" % self.ver_major + return ("API Version Major: %s, Minor: %s" % (self.ver_major, + self.ver_minor)) + + def __repr__(self): + if self.is_null(): + return "" + else: + return "" % self.get_string() + + def is_null(self): + return self.ver_major == 0 and self.ver_minor == 0 + + def is_latest(self): + return self.ver_minor == float("inf") + + def __lt__(self, other): + if not isinstance(other, APIVersion): + raise TypeError( + _type_error_msg % {"other": other, + "cls": self.__class__}) + + return ((self.ver_major, self.ver_minor) < + (other.ver_major, other.ver_minor)) + + def __eq__(self, other): + if not isinstance(other, APIVersion): + raise TypeError( + _type_error_msg % {"other": other, + "cls": self.__class__}) + + return ((self.ver_major, self.ver_minor) == (other.ver_major, + other.ver_minor)) + + def __gt__(self, other): + if not isinstance(other, APIVersion): + raise TypeError( + _type_error_msg % {"other": other, + "cls": self.__class__}) + + return ((self.ver_major, self.ver_minor) > + (other.ver_major, other.ver_minor)) + + def __le__(self, other): + return self < other or self == other + + def __ne__(self, other): + return not self.__eq__(other) + + def __ge__(self, other): + return self > other or self == other + + def matches(self, min_version, max_version): + """Matches the version object. + + Returns whether the version object represents a version + greater than or equal to the minimum version and less than + or equal to the maximum version. + + :param min_version: Minimum acceptable version. + :param max_version: Maximum acceptable version. + :returns: boolean + + If min_version is null then there is no minimum limit. + If max_version is null then there is no maximum limit. + If self is null then raise ValueError + """ + + if self.is_null(): + raise ValueError("Null APIVersion doesn't support 'matches'.") + if max_version.is_null() and min_version.is_null(): + return True + elif max_version.is_null(): + return min_version <= self + elif min_version.is_null(): + return self <= max_version + else: + return min_version <= self <= max_version + + def get_string(self): + """Version string representation. + + Converts object to string representation which if used to create + an APIVersion object results in the same version. + """ + if self.is_null(): + raise ValueError("Null APIVersion cannot be converted to string.") + elif self.is_latest(): + return "%s.%s" % (self.ver_major, "latest") + return "%s.%s" % (self.ver_major, self.ver_minor) + + +class VersionedMethod(object): + def __init__(self, name, start_version, end_version, func): + """Versioning information for a single method + + :param name: Name of the method + :param start_version: Minimum acceptable version + :param end_version: Maximum acceptable_version + :param func: Method to call + + Minimum and maximums are inclusive + """ + self.name = name + self.start_version = start_version + self.end_version = end_version + self.func = func + + def __str__(self): + return ("Version Method %s: min: %s, max: %s" % + (self.name, self.start_version, self.end_version)) + + def __repr__(self): + return "" % self.name + + +def get_available_major_versions(): + # NOTE(andreykurilin): available clients version should not be + # hardcoded, so let's discover them. + matcher = re.compile(r"v[0-9]*$") + submodules = pkgutil.iter_modules([os.path.dirname(__file__)]) + available_versions = [ + name[1:] for loader, name, ispkg in submodules if matcher.search(name) + ] + + return available_versions + + +def check_major_version(api_version): + """Checks major part of ``APIVersion`` obj is supported. + + :raises harborclient.exceptions.UnsupportedVersion: if major part is not + supported + """ + available_versions = get_available_major_versions() + if (not api_version.is_null() and + str(api_version.ver_major) not in available_versions): + if len(available_versions) == 1: + msg = ("Invalid client version '%(version)s'. " + "Major part should be '%(major)s'") % { + "version": api_version.get_string(), + "major": available_versions[0]} + else: + msg = ("Invalid client version '%(version)s'. " + "Major part must be one of: '%(major)s'") % { + "version": api_version.get_string(), + "major": ", ".join(available_versions)} + raise exceptions.UnsupportedVersion(msg) + + +def get_api_version(version_string): + """Returns checked APIVersion object""" + version_string = str(version_string) + api_version = APIVersion(version_string) + check_major_version(api_version) + return api_version + + +def _get_server_version_range(client): + version = client.versions.get_current() + + if not hasattr(version, 'version') or not version.version: + return APIVersion(), APIVersion() + + return APIVersion(version.min_version), APIVersion(version.version) + + +def discover_version(client, requested_version): + """Discover most recent version supported by API and client. + + Checks ``requested_version`` and returns the most recent version + supported by both the API and the client. + + :param client: client object + :param requested_version: requested version represented by APIVersion obj + :returns: APIVersion + """ + server_start_version, server_end_version = _get_server_version_range( + client) + + if (not requested_version.is_latest() and + requested_version != APIVersion('2.0')): + if server_start_version.is_null() and server_end_version.is_null(): + raise exceptions.UnsupportedVersion( + ("Server doesn't support microversions")) + if not requested_version.matches(server_start_version, + server_end_version): + raise exceptions.UnsupportedVersion( + ("The specified version isn't supported by server. The valid " + "version range is '%(min)s' to '%(max)s'") % { + "min": server_start_version.get_string(), + "max": server_end_version.get_string()}) + return requested_version + + if server_start_version.is_null() and server_end_version.is_null(): + return APIVersion('2.0') + elif harborclient.API_MIN_VERSION > server_end_version: + raise exceptions.UnsupportedVersion( + ("Server version is too old. The client valid version range is " + "'%(client_min)s' to '%(client_max)s'. The server valid version " + "range is '%(server_min)s' to '%(server_max)s'.") % { + 'client_min': harborclient.API_MIN_VERSION.get_string(), + 'client_max': harborclient.API_MAX_VERSION.get_string(), + 'server_min': server_start_version.get_string(), + 'server_max': server_end_version.get_string()}) + elif harborclient.API_MAX_VERSION < server_start_version: + raise exceptions.UnsupportedVersion( + ("Server version is too new. The client valid version range is " + "'%(client_min)s' to '%(client_max)s'. The server valid version " + "range is '%(server_min)s' to '%(server_max)s'.") % { + 'client_min': harborclient.API_MIN_VERSION.get_string(), + 'client_max': harborclient.API_MAX_VERSION.get_string(), + 'server_min': server_start_version.get_string(), + 'server_max': server_end_version.get_string()}) + elif harborclient.API_MAX_VERSION <= server_end_version: + return harborclient.API_MAX_VERSION + elif server_end_version < harborclient.API_MAX_VERSION: + return server_end_version diff --git a/contrib/harbor-cli/harborclient/base.py b/contrib/harbor-cli/harborclient/base.py new file mode 100644 index 000000000..881d0cfd1 --- /dev/null +++ b/contrib/harbor-cli/harborclient/base.py @@ -0,0 +1,41 @@ +""" +Base utilities to build API operation managers and objects on top of. +""" + + +class Manager(object): + """Manager for API service. + + Managers interact with a particular type of API (projects, users, + reposiries,etc.) and provide CRUD operations for them. + """ + + def __init__(self, api): + self.api = api + + @property + def client(self): + return self.api.client + + @property + def api_version(self): + return self.api.api_version + + def _list(self, url, body=None): + if body: + data = self.api.client.post(url, body=body) + else: + data = self.api.client.get(url) + return data + + def _get(self, url): + return self.api.client.get(url) + + def _create(self, url, body=None, **kwargs): + return self.api.client.post(url, body=body) + + def _delete(self, url): + return self.api.client.delete(url) + + def _update(self, url, body, **kwargs): + return self.api.client.put(url, body=body) diff --git a/contrib/harbor-cli/harborclient/client.py b/contrib/harbor-cli/harborclient/client.py new file mode 100644 index 000000000..be1bda534 --- /dev/null +++ b/contrib/harbor-cli/harborclient/client.py @@ -0,0 +1,374 @@ +""" +Harbor Client interface. Handles the REST calls and responses. +""" + +import copy +import hashlib +import logging +from urlparse import urlparse + +from oslo_utils import importutils +import requests +from requests.packages.urllib3.exceptions import InsecureRequestWarning + +try: + import json +except ImportError: + import simplejson as json + +from harborclient import api_versions +from harborclient import exceptions +from harborclient import utils + +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) + + +class HTTPClient(object): + USER_AGENT = 'python-harborclient' + + def __init__(self, + username, + password, + project, + baseurl, + timeout=None, + timings=False, + http_log_debug=False, + cacert=None, + insecure=False, + api_version=None): + self.username = username + self.password = password + self.project = project + self.baseurl = baseurl + self.api_version = api_version or api_versions.APIVersion() + self.timings = timings + self.http_log_debug = http_log_debug + # Has no protocol, use http + if not urlparse(baseurl).scheme: + self.baseurl = 'http://' + baseurl + parsed_url = urlparse(self.baseurl) + self.protocol = parsed_url.scheme + self.host = parsed_url.hostname + self.port = parsed_url.port + if timeout is not None: + self.timeout = float(timeout) + else: + self.timeout = None + # https + if insecure: + self.verify_cert = False + else: + if cacert: + self.verify_cert = cacert + else: + self.verify_cert = True + self.times = [] # [("item", starttime, endtime), ...] + + self._logger = logging.getLogger(__name__) + self.session_id = None + + if self.http_log_debug and not self._logger.handlers: + # Logging level is already set on the root logger + ch = logging.StreamHandler() + self._logger.addHandler(ch) + self._logger.propagate = False + if hasattr(requests, 'logging'): + rql = requests.logging.getLogger(requests.__name__) + rql.addHandler(ch) + # Since we have already setup the root logger on debug, we + # have to set it up here on WARNING (its original level) + # otherwise we will get all the requests logging messages + rql.setLevel(logging.WARNING) + + def unauthenticate(self): + """Forget all of our authentication information.""" + requests.get( + '%s://%s/logout' % (self.protocol, self.host), + cookies={'beegosessionID': self.session_id}, + verify=self.verify_cert) + logging.debug("Successfully logout") + + def get_timings(self): + return self.times + + def reset_timings(self): + self.times = [] + + def _redact(self, target, path, text=None): + """Replace the value of a key in `target`. + + The key can be at the top level by specifying a list with a single + key as the path. Nested dictionaries are also supported by passing a + list of keys to be navigated to find the one that should be replaced. + In this case the last one is the one that will be replaced. + + :param dict target: the dictionary that may have a key to be redacted; + modified in place + :param list path: a list representing the nested structure in `target` + that should be redacted; modified in place + :param string text: optional text to use as a replacement for the + redacted key. if text is not specified, the + default text will be sha1 hash of the value being + redacted + """ + + key = path.pop() + + # move to the most nested dict + for p in path: + try: + target = target[p] + except KeyError: + return + + if key in target: + if text: + target[key] = text + elif target[key] is not None: + # because in python3 byte string handling is ... ug + value = target[key].encode('utf-8') + sha1sum = hashlib.sha1(value) + target[key] = "{SHA1}%s" % sha1sum.hexdigest() + + def http_log_req(self, method, url, kwargs): + if not self.http_log_debug: + return + + string_parts = ['curl -g -i'] + + if self.verify_cert is not None: + if not self.verify_cert: + string_parts.append(' --insecure') + + string_parts.append(" '%s'" % url) + string_parts.append(' -X %s' % method) + + headers = copy.deepcopy(kwargs['headers']) + # because dict ordering changes from 2 to 3 + keys = sorted(headers.keys()) + for name in keys: + value = headers[name] + header = ' -H "%s: %s"' % (name, value) + string_parts.append(header) + cookies = kwargs['cookies'] + for name in sorted(cookies.keys()): + value = cookies[name] + cookie = header = ' -b "%s: %s"' % (name, value) + string_parts.append(cookie) + if 'data' in kwargs: + data = json.loads(kwargs['data']) + string_parts.append(" -d '%s'" % json.dumps(data)) + self._logger.debug("REQ: %s" % "".join(string_parts)) + + def http_log_resp(self, resp): + if not self.http_log_debug: + return + + if resp.text and resp.status_code != 400: + try: + body = json.loads(resp.text) + except ValueError: + body = None + else: + body = None + + self._logger.debug("RESP: [%(status)s] %(headers)s\nRESP BODY: " + "%(text)s\n", { + 'status': resp.status_code, + 'headers': resp.headers, + 'text': json.dumps(body) + }) + + def request(self, url, method, **kwargs): + url = self.baseurl + "/api" + url + kwargs.setdefault('headers', kwargs.get('headers', {})) + kwargs['headers']['User-Agent'] = self.USER_AGENT + kwargs['headers']['Accept'] = 'application/json' + if 'body' in kwargs: + kwargs['headers']['Content-Type'] = 'application/json' + kwargs['data'] = json.dumps(kwargs['body']) + del kwargs['body'] + kwargs["headers"]['Harbor-API-Version'] = "v2" + if self.timeout is not None: + kwargs.setdefault('timeout', self.timeout) + + self.http_log_req(method, url, kwargs) + + resp = requests.request(method, url, verify=self.verify_cert, **kwargs) + self.http_log_resp(resp) + if resp.status_code >= 400: + raise exceptions.from_response(resp, resp.text, url, method) + try: + body = json.loads(resp.text) + except ValueError: + body = resp.text + return body + + def _time_request(self, url, method, **kwargs): + with utils.record_time(self.times, self.timings, method, url): + body = self.request(url, method, **kwargs) + return body + + def _cs_request(self, url, method, **kwargs): + if not self.session_id: + self.authenticate() + # Perform the request once. If we get a 401 back then it + # might be because the auth token expired, so try to + # re-authenticate and try again. If it still fails, bail. + try: + body = self._time_request( + url, + method, + cookies={'beegosessionID': self.session_id}, + **kwargs) + return body + except exceptions.Unauthorized as e: + try: + # first discard auth token, to avoid the possibly expired + # token being re-used in the re-authentication attempt + self.unauthenticate() + # overwrite bad token + self.authenticate() + body = self._time_request(url, method, **kwargs) + return body + except exceptions.Unauthorized: + raise e + + def get(self, url, **kwargs): + return self._cs_request(url, 'GET', **kwargs) + + def post(self, url, **kwargs): + return self._cs_request(url, 'POST', **kwargs) + + def put(self, url, **kwargs): + return self._cs_request(url, 'PUT', **kwargs) + + def delete(self, url, **kwargs): + return self._cs_request(url, 'DELETE', **kwargs) + + def authenticate(self): + if not self.baseurl: + msg = ("Authentication requires 'baseurl', which should be " + "specified in '%s'") % self.__class__.__name__ + raise exceptions.AuthorizationFailure(msg) + + if not self.username: + msg = ("Authentication requires 'username', which should be " + "specified in '%s'") % self.__class__.__name__ + raise exceptions.AuthorizationFailure(msg) + + if not self.password: + msg = ("Authentication requires 'password', which should be " + "specified in '%s'") % self.__class__.__name__ + raise exceptions.AuthorizationFailure(msg) + + try: + resp = requests.post( + self.baseurl + "/login", + data={'principal': self.username, + 'password': self.password}, + verify=self.verify_cert) + except requests.exceptions.SSLError: + msg = ("Certificate verify failed, please use '--os-cacert' option" + " to specify a CA bundle file to use in verifying a TLS" + " (https) server certificate or use '--insecure' option" + " to explicitly allow client to perform insecure" + " TLS (https) requests.") + raise exceptions.AuthorizationFailure(msg) + if resp.status_code == 200: + self.session_id = resp.cookies.get('beegosessionID') + logging.debug( + "Successfully login, session id: %s" % self.session_id) + if resp.status_code >= 400: + msg = resp.text or ("The request you have made requires " + "authentication. (HTTP 401)") + reason = '{"reason": "%s", "message": "%s"}' % (resp.reason, msg) + raise exceptions.AuthorizationFailure(reason) + + +def _construct_http_client(username=None, + password=None, + project=None, + baseurl=None, + timeout=None, + extensions=None, + timings=False, + http_log_debug=False, + user_agent='python-harborclient', + api_version=None, + insecure=False, + cacert=None, + **kwargs): + return HTTPClient( + username, + password, + project, + baseurl, + timeout=timeout, + timings=timings, + http_log_debug=http_log_debug, + insecure=insecure, + cacert=cacert, + api_version=api_version) + + +def _get_client_class_and_version(version): + if not isinstance(version, api_versions.APIVersion): + version = api_versions.get_api_version(version) + else: + api_versions.check_major_version(version) + if version.is_latest(): + raise exceptions.UnsupportedVersion(("The version should be explicit, " + "not latest.")) + return version, importutils.import_class( + "harborclient.v%s.client.Client" % version.ver_major) + + +def get_client_class(version): + """Returns Client class based on given version.""" + _api_version, client_class = _get_client_class_and_version(version) + return client_class + + +def Client(version, + username=None, + password=None, + project=None, + baseurl=None, + insecure=False, + cacert=None, + *args, + **kwargs): + """Initialize client object based on given version. + + HOW-TO: + The simplest way to create a client instance is initialization with your + credentials:: + + >>> from harborclient import client + >>> harbor = client.Client(VERSION, USERNAME, PASSWORD, + ... PROJECT, HARBOR_URL) + + Here ``VERSION`` can be a string or + ``harborclient.api_versions.APIVersion`` obj. If you prefer string value, + you can use ``1.1`` (deprecated now), ``2`` or ``2.X`` + (where X is a microversion). + + + Alternatively, you can create a client instance using the keystoneauth + session API. See "The harborclient Python API" page at + python-harborclient's doc. + """ + api_version, client_class = _get_client_class_and_version(version) + kwargs.pop("direct_use", None) + return client_class( + username=username, + password=password, + project=project, + baseurl=baseurl, + api_version=api_version, + insecure=insecure, + cacert=cacert, + *args, + **kwargs) diff --git a/contrib/harbor-cli/harborclient/exceptions.py b/contrib/harbor-cli/harborclient/exceptions.py new file mode 100644 index 000000000..e6ae65428 --- /dev/null +++ b/contrib/harbor-cli/harborclient/exceptions.py @@ -0,0 +1,194 @@ +""" +Exception definitions. +""" + + +class UnsupportedVersion(Exception): + """Unsupport API version. + + Indicates that the user is trying to use an unsupported version of the API. + """ + pass + + +class UnsupportedAttribute(AttributeError): + """Unsupport attribute + + Indicates that the user is trying to transmit the argument to a method, + which is not supported by selected version. + """ + + def __init__(self, argument_name, start_version, end_version=None): + if end_version: + self.message = ( + "'%(name)s' argument is only allowed for microversions " + "%(start)s - %(end)s." % { + "name": argument_name, + "start": start_version, + "end": end_version + }) + else: + self.message = ( + "'%(name)s' argument is only allowed since microversion " + "%(start)s." % { + "name": argument_name, + "start": start_version + }) + + +class CommandError(Exception): + pass + + +class AuthorizationFailure(Exception): + pass + + +class ClientException(Exception): + """The base exception class for all exceptions this library raises.""" + message = 'Unknown Error' + + def __init__(self, + code, + message=None, + details=None, + request_id=None, + url=None, + method=None): + self.code = code + self.message = message or self.__class__.message + self.details = details + self.request_id = request_id + self.url = url + self.method = method + + def __str__(self): + formatted_string = "%s (HTTP %s)" % (self.message, self.code) + if self.request_id: + formatted_string += " (Request-ID: %s)" % self.request_id + + return formatted_string + + +class RetryAfterException(ClientException): + """Retry exception + + The base exception class for ClientExceptions that use Retry-After header. + """ + + def __init__(self, *args, **kwargs): + try: + self.retry_after = int(kwargs.pop('retry_after')) + except (KeyError, ValueError): + self.retry_after = 0 + + super(RetryAfterException, self).__init__(*args, **kwargs) + + +class BadRequest(ClientException): + """HTTP 400 - Bad request: you sent some malformed data.""" + http_status = 400 + message = "Bad request" + + +class Unauthorized(ClientException): + """HTTP 401 - Unauthorized: bad credentials.""" + http_status = 401 + message = "Unauthorized" + + +class Forbidden(ClientException): + """HTTP 403 - Forbidden + + HTTP 403 - Forbidden: your credentials don't give you access to this + resource. + """ + http_status = 403 + message = "Forbidden" + + +class NotFound(ClientException): + """HTTP 404 - Not found""" + http_status = 404 + message = "Not found" + + +class MethodNotAllowed(ClientException): + """HTTP 405 - Method Not Allowed""" + http_status = 405 + message = "Method Not Allowed" + + +class NotAcceptable(ClientException): + """HTTP 406 - Not Acceptable""" + http_status = 406 + message = "Not Acceptable" + + +class Conflict(ClientException): + """HTTP 409 - Conflict""" + http_status = 409 + message = "Conflict" + + +class OverLimit(RetryAfterException): + """HTTP 413 - Over limit + + You're over the API limits for this time period. + """ + http_status = 413 + message = "Over limit" + + +class RateLimit(RetryAfterException): + """HTTP 429 - Rate limit + + you've sent too many requests for this time period. + """ + http_status = 429 + message = "Rate limit" + + +# NotImplemented is a python keyword. +class HTTPNotImplemented(ClientException): + """HTTP 501 - Not Implemented + + the server does not support this operation. + """ + http_status = 501 + message = "Not Implemented" + + +# In Python 2.4 Exception is old-style and thus doesn't have a __subclasses__() +# so we can do this: +# _code_map = dict((c.http_status, c) +# for c in ClientException.__subclasses__()) +# +# Instead, we have to hardcode it: +_error_classes = [ + BadRequest, Unauthorized, Forbidden, NotFound, MethodNotAllowed, + NotAcceptable, Conflict, OverLimit, RateLimit, HTTPNotImplemented +] +_code_map = dict((c.http_status, c) for c in _error_classes) + + +def from_response(response, body, url, method=None): + """Extract exception from response + + Return an instance of an ClientException or subclass baseda + on a requests response. + + Usage:: + + resp, body = requests.request(...) + if resp.status_code != 200: + raise exception_from_response(resp, rest.text) + """ + cls = _code_map.get(response.status_code, ClientException) + kwargs = { + 'code': response.status_code, + 'method': method, + 'url': url, + 'message': body.strip(), + } + return cls(**kwargs) diff --git a/contrib/harbor-cli/harborclient/shell.py b/contrib/harbor-cli/harborclient/shell.py new file mode 100644 index 000000000..f38ee369f --- /dev/null +++ b/contrib/harbor-cli/harborclient/shell.py @@ -0,0 +1,414 @@ +""" +Command-line interface to the Harbor API. +""" + +from __future__ import print_function +import argparse +import getpass +import logging +import os +import sys + +from oslo_utils import encodeutils +from oslo_utils import importutils + +import harborclient +from harborclient import api_versions +from harborclient import client +from harborclient import exceptions as exc +from harborclient import utils + +DEFAULT_API_VERSION = "2.0" +DEFAULT_MAJOR_OS_COMPUTE_API_VERSION = "2.0" + +logger = logging.getLogger(__name__) + + +class HarborClientArgumentParser(argparse.ArgumentParser): + def __init__(self, *args, **kwargs): + super(HarborClientArgumentParser, self).__init__(*args, **kwargs) + + def error(self, message): + """error(message: string) + + Prints a usage message incorporating the message to stderr and + exits. + """ + self.print_usage(sys.stderr) + # FIXME(lzyeval): if changes occur in argparse.ArgParser._check_value + choose_from = ' (choose from' + progparts = self.prog.partition(' ') + self.exit(2, + ("error: %(errmsg)s\nTry '%(mainp)s help %(subp)s'" + " for more information.\n") % { + 'errmsg': message.split(choose_from)[0], + 'mainp': progparts[0], + 'subp': progparts[2]}) + + def _get_option_tuples(self, option_string): + """returns (action, option, value) candidates for an option prefix + + Returns [first candidate] if all candidates refers to current and + deprecated forms of the same options parsing succeed. + """ + option_tuples = (super(HarborClientArgumentParser, self) + ._get_option_tuples(option_string)) + if len(option_tuples) > 1: + normalizeds = [ + option.replace('_', '-') + for action, option, value in option_tuples + ] + if len(set(normalizeds)) == 1: + return option_tuples[:1] + return option_tuples + + +class HarborShell(object): + times = [] + + def _append_global_identity_args(self, parser, argv): + # Register the CLI arguments that have moved to the session object. + parser.set_defaults(os_username=utils.env('HARBOR_USERNAME')) + parser.set_defaults(os_password=utils.env('HARBOR_PASSWORD')) + parser.set_defaults(os_project=utils.env('HARBOR_PROJECT')) + parser.set_defaults(os_baseurl=utils.env('HARBOR_URL')) + + def get_base_parser(self, argv): + parser = HarborClientArgumentParser( + prog='harbor', + description=__doc__.strip(), + epilog='See "harbor help COMMAND" ' + 'for help on a specific command.', + add_help=False, + formatter_class=HarborHelpFormatter, ) + + # Global arguments + parser.add_argument( + '-h', + '--help', + action='store_true', + help=argparse.SUPPRESS, ) + + parser.add_argument( + '--debug', + default=False, + action='store_true', + help="Print debugging output.") + + parser.add_argument( + '--timings', + default=False, + action='store_true', + help="Print call timing info.") + + parser.add_argument( + '--version', action='version', version=harborclient.__version__) + + parser.add_argument( + '--os-username', + dest='os_username', + metavar='', + help='Username') + + parser.add_argument( + '--os-password', + dest='os_password', + metavar='', + help="User's password") + + parser.add_argument( + '--os-project', + dest='os_project', + metavar='', + help="Project Id") + + parser.add_argument( + '--timeout', + metavar='', + help="Set request timeout (in seconds).") + + parser.add_argument( + '--os-baseurl', + metavar='', + help='API base url') + + parser.add_argument( + '--insecure', + default=False, + action='store_true', + dest='insecure', + help='Explicitly allow client to perform ' + '"insecure" TLS (https) requests. The ' + 'server\'s certificate will not be verified ' + 'against any certificate authorities. This ' + 'option should be used with caution.') + + parser.add_argument( + '--os-cacert', + dest='os_cacert', + metavar='', + default=os.environ.get('OS_CACERT'), + help='Specify a CA bundle file to use in ' + 'verifying a TLS (https) server certificate. ' + 'Defaults to env[OS_CACERT].') + + parser.add_argument( + '--os-api-version', + metavar='', + default=utils.env( + 'HARBOR_API_VERSION', default=DEFAULT_API_VERSION), + help=('Accepts X, X.Y (where X is major and Y is minor part) or ' + '"X.latest", defaults to env[HARBOR_API_VERSION].')) + + self._append_global_identity_args(parser, argv) + + return parser + + def get_subcommand_parser(self, version, do_help=False, argv=None): + parser = self.get_base_parser(argv) + + self.subcommands = {} + subparsers = parser.add_subparsers(metavar='') + + actions_module = importutils.import_module( + "harborclient.v%s.shell" % version.ver_major) + + self._find_actions(subparsers, actions_module, version, do_help) + self._find_actions(subparsers, self, version, do_help) + self._add_bash_completion_subparser(subparsers) + + return parser + + def _add_bash_completion_subparser(self, subparsers): + subparser = subparsers.add_parser( + 'bash_completion', + add_help=False, + formatter_class=HarborHelpFormatter) + self.subcommands['bash_completion'] = subparser + subparser.set_defaults(func=self.do_bash_completion) + + def _find_actions(self, subparsers, actions_module, version, do_help): + msg = " (Supported by API versions '%(start)s' - '%(end)s')" + for attr in (a for a in dir(actions_module) if a.startswith('do_')): + # I prefer to be hyphen-separated instead of underscores. + command = attr[3:].replace('_', '-') + callback = getattr(actions_module, attr) + desc = callback.__doc__ or '' + if hasattr(callback, "versioned"): + additional_msg = "" + subs = api_versions.get_substitutions( + utils.get_function_name(callback)) + if do_help: + additional_msg = msg % { + 'start': subs[0].start_version.get_string(), + 'end': subs[-1].end_version.get_string() + } + subs = [ + versioned_method for versioned_method in subs + if version.matches(versioned_method.start_version, + versioned_method.end_version) + ] + if subs: + # use the "latest" substitution + callback = subs[-1].func + else: + # there is no proper versioned method + continue + desc = callback.__doc__ or desc + desc += additional_msg + + action_help = desc.strip() + arguments = getattr(callback, 'arguments', []) + + subparser = subparsers.add_parser( + command, + help=action_help, + description=desc, + add_help=False, + formatter_class=HarborHelpFormatter) + subparser.add_argument( + '-h', + '--help', + action='help', + help=argparse.SUPPRESS, ) + self.subcommands[command] = subparser + for (args, kwargs) in arguments: + start_version = kwargs.get("start_version", None) + if start_version: + start_version = api_versions.APIVersion(start_version) + end_version = kwargs.get("end_version", None) + if end_version: + end_version = api_versions.APIVersion(end_version) + else: + end_version = api_versions.APIVersion( + "%s.latest" % start_version.ver_major) + if do_help: + kwargs["help"] = kwargs.get("help", "") + ( + msg % { + "start": start_version.get_string(), + "end": end_version.get_string() + }) + if not version.matches(start_version, end_version): + continue + kw = kwargs.copy() + kw.pop("start_version", None) + kw.pop("end_version", None) + subparser.add_argument(*args, **kw) + subparser.set_defaults(func=callback) + + def setup_debugging(self, debug): + if not debug: + return + streamformat = "%(levelname)s (%(module)s:%(lineno)d) %(message)s" + logging.basicConfig(level=logging.DEBUG, format=streamformat) + logging.getLogger('iso8601').setLevel(logging.WARNING) + + def main(self, argv): + # Parse args once to find version and debug settings + parser = self.get_base_parser(argv) + (args, args_list) = parser.parse_known_args(argv) + self.setup_debugging(args.debug) + do_help = ('help' in argv) or ('--help' in argv) or ( + '-h' in argv) or not argv + + # bash-completion should not require authentication + if not args.os_api_version: + api_version = api_versions.get_api_version( + DEFAULT_MAJOR_OS_COMPUTE_API_VERSION) + else: + api_version = api_versions.get_api_version(args.os_api_version) + + os_username = args.os_username + os_password = args.os_password + os_project = args.os_project + os_baseurl = args.os_baseurl + subcommand_parser = self.get_subcommand_parser( + api_version, do_help=do_help, argv=argv) + self.parser = subcommand_parser + + if args.help or not argv: + subcommand_parser.print_help() + return 0 + + args = subcommand_parser.parse_args(argv) + + # Short-circuit and deal with help right away. + if args.func == self.do_help: + self.do_help(args) + return 0 + elif args.func == self.do_bash_completion: + self.do_bash_completion(args) + return 0 + insecure = args.insecure + cacert = args.os_cacert + if not os_baseurl: + print(("ERROR (CommandError): You must provide harbor url via " + "either --os-baseurl or env[HARBOR_URL].")) + return 1 + if not os_username: + print(("ERROR (CommandError): You must provide username via " + "either --os-username or env[HARBOR_USERNAME].")) + return 1 + if not os_project: + print(("ERROR (CommandError): You must provide project via " + "either --os-project or env[HARBOR_PROJECT].")) + return 1 + while not os_password: + os_password = getpass.getpass("password: ") + self.cs = client.Client( + api_version, + os_username, + os_password, + os_project, + os_baseurl, + timings=args.timings, + http_log_debug=args.debug, + insecure=insecure, + cacert=cacert, + timeout=args.timeout) + try: + self.cs.authenticate() + except exc.Unauthorized: + raise exc.CommandError("Invalid Harbor credentials.") + except exc.AuthorizationFailure as e: + raise exc.CommandError("Unable to authorize user '%s': %s" + % (os_username, e)) + args.func(self.cs, args) + if args.timings: + self._dump_timings(self.times + self.cs.get_timings()) + + def _dump_timings(self, timings): + results = [{ + "url": url, + "seconds": end - start + } for url, start, end in timings] + total = 0.0 + for tyme in results: + total += tyme['seconds'] + results.append({"url": "Total", "seconds": total}) + utils.print_list(results, ["url", "seconds"], align='l') + print("Total: %s seconds" % total) + + def do_bash_completion(self, _args): + """Print bash completion + + Prints all of the commands and options to stdout so that the + harbor.bash_completion script doesn't have to hard code them. + """ + commands = list() + options = list() + for sc_str, sc in self.subcommands.items(): + commands.append(sc_str) + for option in sc._optionals._option_string_actions.keys(): + options.append(option) + + options.extend(self.parser._option_string_actions.keys()) + print(' '.join(set(commands + options))) + + @utils.arg( + 'command', + metavar='', + nargs='?', + help='Display help for .') + def do_help(self, args): + """Display help about this program or one of its subcommands.""" + if args.command: + if args.command in self.subcommands: + self.subcommands[args.command].print_help() + else: + raise exc.CommandError( + ("'%s' is not a valid subcommand") % args.command) + else: + self.parser.print_help() + + +# I'm picky about my shell help. +class HarborHelpFormatter(argparse.HelpFormatter): + def __init__(self, + prog, + indent_increment=2, + max_help_position=32, + width=None): + super(HarborHelpFormatter, self).__init__(prog, indent_increment, + max_help_position, width) + + def start_section(self, heading): + # Title-case the headings + heading = '%s%s' % (heading[0].upper(), heading[1:]) + super(HarborHelpFormatter, self).start_section(heading) + + +def main(): + try: + argv = [encodeutils.safe_decode(a) for a in sys.argv[1:]] + HarborShell().main(argv) + except KeyboardInterrupt: + print("... terminating harbor client", file=sys.stderr) + sys.exit(130) + except exc.CommandError as e: + print("CommandError: %s" % e) + sys.exit(127) + + +if __name__ == "__main__": + main() diff --git a/contrib/harbor-cli/harborclient/utils.py b/contrib/harbor-cli/harborclient/utils.py new file mode 100644 index 000000000..1c11c94a2 --- /dev/null +++ b/contrib/harbor-cli/harborclient/utils.py @@ -0,0 +1,165 @@ +import contextlib +import os +import textwrap +import time + +from oslo_serialization import jsonutils +from oslo_utils import encodeutils +import prettytable +import six + + +def env(*args, **kwargs): + """Returns the first environment variable set. + + If all are empty, defaults to '' or keyword arg `default`. + """ + for arg in args: + value = os.environ.get(arg) + if value: + return value + return kwargs.get('default', '') + + +def arg(*args, **kwargs): + """Decorator for CLI args. + + Example: + + >>> @arg("name", help="Name of the new entity") + ... def entity_create(args): + ... pass + """ + + def _decorator(func): + add_arg(func, *args, **kwargs) + return func + + return _decorator + + +def add_arg(func, *args, **kwargs): + """Bind CLI arguments to a shell.py `do_foo` function.""" + + if not hasattr(func, 'arguments'): + func.arguments = [] + + # NOTE(sirp): avoid dups that can occur when the module is shared across + # tests. + if (args, kwargs) not in func.arguments: + # Because of the semantics of decorator composition if we just append + # to the options list positional options will appear to be backwards. + func.arguments.insert(0, (args, kwargs)) + + +def pretty_choice_list(l): + return ', '.join("'%s'" % i for i in l) + + +def pretty_choice_dict(d): + """Returns a formatted dict as 'key=value'.""" + return pretty_choice_list(['%s=%s' % (k, d[k]) for k in sorted(d.keys())]) + + +def print_list(objs, fields, formatters={}, sortby=None, align='c'): + pt = prettytable.PrettyTable([f for f in fields], caching=False) + pt.align = align + for o in objs: + row = [] + for field in fields: + if field in formatters: + if callable(formatters[field]): + row.append(formatters[field](o)) + else: + row.append(o.get(formatters[field], None)) + else: + data = o.get(field, None) + if data is None or data == "": + data = '-' + data = six.text_type(data).replace("\r", "") + row.append(data) + pt.add_row(row) + if sortby is not None and sortby in fields: + result = encodeutils.safe_encode(pt.get_string(sortby=sortby)) + else: + result = encodeutils.safe_encode(pt.get_string()) + + if six.PY3: + result = result.decode() + + print(result) + + +def print_dict(d, dict_property="Property", dict_value="Value", wrap=0): + pt = prettytable.PrettyTable([dict_property, dict_value], caching=False) + pt.align = 'l' + for k, v in sorted(d.items()): + # convert dict to str to check length + if isinstance(v, (dict, list)): + v = jsonutils.dumps(v) + if wrap > 0: + v = textwrap.fill(six.text_type(v), wrap) + # if value has a newline, add in multiple rows + # e.g. fault with stacktrace + if v and isinstance(v, six.string_types) and (r'\n' in v or '\r' in v): + # '\r' would break the table, so remove it. + if '\r' in v: + v = v.replace('\r', '') + lines = v.strip().split(r'\n') + col1 = k + for line in lines: + pt.add_row([col1, line]) + col1 = '' + else: + if v is None: + v = '-' + pt.add_row([k, v]) + + result = encodeutils.safe_encode(pt.get_string()) + + if six.PY3: + result = result.decode() + + print(result) + + +def safe_issubclass(*args): + """Like issubclass, but will just return False if not a class.""" + + try: + if issubclass(*args): + return True + except TypeError: + pass + + return False + + +@contextlib.contextmanager +def record_time(times, enabled, *args): + """Record the time of a specific action. + + :param times: A list of tuples holds time data. + :type times: list + :param enabled: Whether timing is enabled. + :type enabled: bool + :param *args: Other data to be stored besides time data, these args + will be joined to a string. + """ + if not enabled: + yield + else: + start = time.time() + yield + end = time.time() + times.append((' '.join(args), start, end)) + + +def get_function_name(func): + if six.PY2: + if hasattr(func, "im_class"): + return "%s.%s" % (func.im_class, func.__name__) + else: + return "%s.%s" % (func.__module__, func.__name__) + else: + return "%s.%s" % (func.__module__, func.__qualname__) diff --git a/contrib/harbor-cli/harborclient/v2/__init__.py b/contrib/harbor-cli/harborclient/v2/__init__.py new file mode 100644 index 000000000..e86082e0f --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/__init__.py @@ -0,0 +1 @@ +from harborclient.v2.client import Client # noqa diff --git a/contrib/harbor-cli/harborclient/v2/client.py b/contrib/harbor-cli/harborclient/v2/client.py new file mode 100644 index 000000000..3c259a177 --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/client.py @@ -0,0 +1,73 @@ +from harborclient import client +from harborclient.v2 import configurations +from harborclient.v2 import jobs +from harborclient.v2 import logs +from harborclient.v2 import projects +from harborclient.v2 import repositories +from harborclient.v2 import searcher +from harborclient.v2 import statistics +from harborclient.v2 import systeminfo +from harborclient.v2 import targets +from harborclient.v2 import users + + +class Client(object): + """Top-level object to access the Harbor API. + + .. warning:: All scripts and projects should not initialize this class + directly. It should be done via `harborclient.client.Client` interface. + """ + + def __init__(self, + username=None, + password=None, + project=None, + baseurl=None, + insecure=False, + cacert=None, + api_version=None, + *argv, + **kwargs): + """Initialization of Client object. + + :param str username: Username + :param str password: Password + :param str project: Project + """ + self.baseurl = baseurl + self.users = users.UserManager(self) + self.projects = projects.ProjectManager(self) + self.jobs = jobs.JobManager(self) + self.repositories = repositories.RepositoryManager(self) + self.searcher = searcher.SearchManager(self) + self.statistics = statistics.StatisticsManager(self) + self.logs = logs.LogManager(self) + self.targets = targets.TargetManager(self) + self.systeminfo = systeminfo.SystemInfoManager(self) + self.configurations = configurations.ConfigurationManager(self) + self.client = client._construct_http_client( + username=username, + password=password, + project=project, + baseurl=baseurl, + insecure=insecure, + cacert=cacert, + api_version=api_version, + **kwargs) + + def get_timings(self): + return self.client.get_timings() + + def reset_timings(self): + self.client.reset_timings() + + def authenticate(self): + """Authenticate against the server. + + Normally this is called automatically when you first access the API, + but you can call this method to force authentication right now. + + Returns on success; raises :exc:`exceptions.Unauthorized` if the + credentials are wrong. + """ + self.client.authenticate() diff --git a/contrib/harbor-cli/harborclient/v2/configurations.py b/contrib/harbor-cli/harborclient/v2/configurations.py new file mode 100644 index 000000000..0dc15dfb6 --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/configurations.py @@ -0,0 +1,7 @@ +from harborclient import base + + +class ConfigurationManager(base.Manager): + def get(self): + """Get system configurations.""" + return self._get("/configurations") diff --git a/contrib/harbor-cli/harborclient/v2/jobs.py b/contrib/harbor-cli/harborclient/v2/jobs.py new file mode 100644 index 000000000..033bb719d --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/jobs.py @@ -0,0 +1,11 @@ +from harborclient import base + + +class JobManager(base.Manager): + def list(self, policy_id=None): + """List filters jobs according to the policy and repository.""" + return self._list("/jobs/replication?policy_id=%s" % policy_id) + + def get_log(self, job_id): + """Get job logs.""" + return self._get("/jobs/replication/%s/log" % job_id) diff --git a/contrib/harbor-cli/harborclient/v2/logs.py b/contrib/harbor-cli/harborclient/v2/logs.py new file mode 100644 index 000000000..ebe7b34ee --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/logs.py @@ -0,0 +1,7 @@ +from harborclient import base + + +class LogManager(base.Manager): + def list(self): + """Get recent logs of the projects which the user is a member of.""" + return self._list("/logs") diff --git a/contrib/harbor-cli/harborclient/v2/projects.py b/contrib/harbor-cli/harborclient/v2/projects.py new file mode 100644 index 000000000..dbbf3f1d6 --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/projects.py @@ -0,0 +1,44 @@ +from harborclient import base +from harborclient import exceptions as exp + + +class ProjectManager(base.Manager): + def is_id(self, key): + return key.isdigit() + + def get(self, id): + """Return specific project detail infomation.""" + return self._get("/projects/%s" % id) + + def list(self): + """List projects.""" + return self._list("/projects") + + def get_id_by_name(self, name): + """Return specific project detail infomation by name.""" + projects = self.list() + for p in projects: + if p['name'] == name: + return p['project_id'] + raise exp.NotFound("Project '%s' not Found." % name) + + def get_name_by_id(self, id): + """Return specific project detail infomation by id.""" + projects = self.list() + for p in projects: + if p['project_id'] == id: + return p['name'] + raise exp.NotFound("Project '%s' not Found." % id) + + def create(self, name, public=True): + """Create a new project.""" + project = {"project_name": name, "public": 1 if public else 0} + return self._create("/projects", project) + + def delete(self, id): + """Delete project by id.""" + return self._delete("/projects/%s" % id) + + def get_members(self, id): + """Return a project's relevant role members.""" + return self._list("/projects/%s/members/" % id) diff --git a/contrib/harbor-cli/harborclient/v2/repositories.py b/contrib/harbor-cli/harborclient/v2/repositories.py new file mode 100644 index 000000000..1a0a0c9de --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/repositories.py @@ -0,0 +1,27 @@ +from harborclient import base + + +class RepositoryManager(base.Manager): + def get(self, id): + """Get a Repository.""" + return self._get("/repositories/%s" % id) + + def list(self, project): + """Get repositories accompany with relevant project and repo name.""" + repositories = self._list("/repositories?project_id=%s" % project) + return repositories + + def list_tags(self, repo_name): + """Get the tag of the repository.""" + return self.api.client.get( + "/repositories/%s/tags" % repo_name) + + def get_manifests(self, repo_name, tag): + """Get manifests of a relevant repository.""" + return self.api.client.get( + "/repositories/%(repo_name)s/tags/%(tag)s/manifest" + % {"repo_name": repo_name, "tag": tag}) + + def get_top(self, count): + """Get public repositories which are accessed most.""" + return self._list("/repositories/top?count=%s" % count) diff --git a/contrib/harbor-cli/harborclient/v2/searcher.py b/contrib/harbor-cli/harborclient/v2/searcher.py new file mode 100644 index 000000000..55bbb1ef4 --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/searcher.py @@ -0,0 +1,7 @@ +from harborclient import base + + +class SearchManager(base.Manager): + def search(self, query): + """Search for projects and repositories.""" + return self.api.client.get("/search?q=%s" % query) diff --git a/contrib/harbor-cli/harborclient/v2/shell.py b/contrib/harbor-cli/harborclient/v2/shell.py new file mode 100644 index 000000000..7414be893 --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/shell.py @@ -0,0 +1,607 @@ +from __future__ import print_function + +import getpass +import logging + +from oslo_utils import strutils + +from harborclient import exceptions as exp +from harborclient import utils + +logger = logging.getLogger(__name__) + + +def is_id(obj): + try: + int(obj) + return True + except ValueError: + return False + + +@utils.arg( + '--sortby', + metavar='', + dest="sortby", + default="user_id", + help='Sort key.') +def do_user_list(cs, args): + """Get registered users of Harbor.""" + try: + users = cs.users.list() + except exp.Forbidden as e: + raise exp.CommandError(e.message) + # Get admin user + try: + admin = cs.users.get(1) + users.append(admin) + except Exception: + pass + fields = ['user_id', 'username', 'is_admin', + 'email', 'realname', 'comment'] + formatters = {"is_admin": 'has_admin_role'} + utils.print_list(users, fields, formatters=formatters, sortby=args.sortby) + + +@utils.arg( + 'user', + metavar='', + help='User name or id') +def do_set_admin(cs, args): + """Update a registered user to change to be an administrator of Harbor.""" + try: + user = cs.users.find(args.user) + except exp.NotFound: + print("User '%s' not found." % args.user) + cs.users.set_admin(user['user_id'], True) + print("Set user '%s' as administrator successfully." % args.user) + + +@utils.arg( + 'user', + metavar='', + help='User name or id') +def do_revoke_admin(cs, args): + """Update a registered user to be a non-admin of Harbor.""" + try: + user = cs.users.find(args.user) + except exp.NotFound: + print("User '%s' not found." % args.user) + cs.users.set_admin(user['user_id'], False) + print("Revoke admin privilege from user '%s' successfully." % args.user) + + +@utils.arg( + 'user', + metavar='', + help='User name or id') +@utils.arg( + '--email', + metavar='', + dest='email', + help='Email of the user') +@utils.arg( + '--realname', + metavar='', + dest='realname', + help='Email of the user') +@utils.arg( + '--comment', + metavar='', + dest='comment', + help='Comment of the user') +def do_user_update(cs, args): + """Update a registered user to change his profile.""" + try: + user = cs.users.find(args.user) + except exp.NotFound: + print("User '%s' not found." % args.user) + realname = args.realname or user['realname'] + email = args.email or user['email'] + comment = args.comment or user['comment'] + cs.users.update(user['user_id'], realname, email, comment) + user = cs.users.get(user['user_id']) + utils.print_dict(user) + + +@utils.arg( + 'user', + metavar='', + help='User name or id') +def do_change_password(cs, args): + """Change the password on a user that already exists.""" + try: + user = cs.users.find(args.user) + except exp.NotFound: + print("User '%s' not found." % args.user) + old_password = getpass.getpass('Old password: ') + new_password = getpass.getpass('New Password: ') + try: + cs.users.change_password(user['user_id'], old_password, new_password) + print("Update password successfully.") + except exp.Forbidden as e: + print(e.message.replace("_", ' ')) + return 1 + + +@utils.arg('user', metavar='', help='ID or name of user.') +def do_user_show(cs, args): + """Get a user's profile.""" + key = args.user + if cs.users.is_id(key): + id = key + else: + id = cs.users.get_id_by_name(key) + user = cs.users.get(id) + utils.print_dict(user) + + +@utils.arg( + '--detail', + '-d', + dest="detail", + action="store_true", + help='show detail info.') +def do_whoami(cs, args): + """Get current user info.""" + user = cs.users.current() + if args.detail: + utils.print_dict(user) + else: + print(user['username']) + + +@utils.arg( + '--username', + metavar='', + dest='username', + required=True, + help='Unique name of the new user') +@utils.arg( + '--password', + metavar='', + dest='password', + required=True, + help='Password of the new user') +@utils.arg( + '--email', + metavar='', + dest='email', + required=True, + help='Email of the new user') +@utils.arg( + '--realname', + metavar='', + dest='realname', + default=None, + help='Email of the new user') +@utils.arg( + '--comment', + metavar='', + dest='comment', + default=None, + help='Comment of the new user') +def do_user_create(cs, args): + """Creates a new user account.""" + cs.users.create(args.username, args.password, + args.email, args.realname, + args.comment) + print("Create user '%s' successfully." % args.username) + + +@utils.arg('user', metavar='', help='ID or name of user.') +def do_user_delete(cs, args): + """Mark a registered user as be removed.""" + key = args.user + if cs.users.is_id(key): + id = key + else: + id = cs.users.get_id_by_name(key) + cs.users.delete(id) + print("Delete user '%s' sucessfully." % key) + + +@utils.arg( + '--sortby', + metavar='', + dest="sortby", + default="project_id", + help='Sort key.') +def do_project_list(cs, args): + """List projects.""" + projects = cs.projects.list() + fields = [ + 'project_id', + 'name', + 'owner_id', + 'current_user_role_id', + 'repo_count', + 'creation_time', + 'public', + ] + utils.print_list(projects, fields, formatters={}, sortby=args.sortby) + + +@utils.arg( + '--project-id', + '-p', + dest='project_id', + metavar='', + default=None, + help='ID of project.') +def do_member_list(cs, args): + """List a project's relevant role members.""" + project = args.project_id + if not project: + project = cs.client.project + members = cs.projects.get_members(project) + fields = [ + 'username', + 'role_name', + 'user_id', + 'role_id', + ] + utils.print_list(members, fields, formatters={}, sortby='user_id') + + +@utils.arg('project', metavar='', help='ID or name of project.') +def do_project_show(cs, args): + """Show specific project detail infomation.""" + key = args.project + if cs.projects.is_id(key): + project_id = key + else: + project_id = cs.projects.get_id_by_name(key) + projects = cs.projects.list() + for project in projects: + if str(project['project_id']) == str(project_id): + utils.print_dict(project) + return + raise exp.NotFound("Project '%s' not found" % args.project) + + +@utils.arg('project', metavar='', help='ID or name of project.') +def do_project_delete(cs, args): + """Delete project by Id or name.""" + key = args.project + if cs.projects.is_id(key): + id = key + else: + try: + id = cs.projects.get_id_by_name(key) + except exp.NotFound: + print("Project '%s' not found." % args.project) + return 1 + try: + cs.projects.delete(id) + print("Delete Project '%s' successfully." % key) + return 0 + except exp.NotFound: + print("Project '%s' not Found." % args.project) + return 1 + + +@utils.arg( + 'name', + metavar='', + help='Name of new project.') +@utils.arg( + '--is-public', + metavar='', + default=True, + help='Make project accessible to the public (default true).') +def do_project_create(cs, args): + """Create a new project.""" + is_public = strutils.bool_from_string(args.is_public, strict=True) + try: + cs.projects.create(args.name, is_public) + print("Create project '%s' successfully." % args.name) + except exp.Conflict: + print("Project name '%s' already exists." % args.name) + + +@utils.arg( + '--project-id', + '-p', + dest='project_id', + metavar='', + default=None, + help='ID of project.') +@utils.arg( + '--sortby', + dest='sortby', + metavar='', + default='Id', + help='Sort key.') +def do_list(cs, args): + """Get repositories accompany with relevant project and repo name.""" + project_id = args.project_id + if not project_id: + project_id = cs.client.project + repositories = cs.repositories.list(project_id) + data = [] + for repo in repositories: + tags = cs.repositories.list_tags(repo['name']) + for tag in tags: + item = repo.copy() + manifest = cs.repositories.get_manifests(item['name'], + tag['name']) + size = 0 + for layer in manifest['manifest']['layers']: + size += layer['size'] + item['size'] = size + if tag['name'] != 'latest': + item['name'] = repo['name'] + ":" + tag['name'] + data.append(item) + fields = [ + "name", 'project_id', 'size', + "tags_count", "star_count", "pull_count", + "update_time" + ] + utils.print_list(data, fields, sortby=args.sortby) + + +@utils.arg('repository', metavar='', help='Name of repository.') +def do_list_tags(cs, args): + """Get tags of a relevant repository.""" + tags = cs.repositories.list_tags(args.repository) + fields = ["name", 'author', 'architecture', + 'os', 'docker_version', 'created'] + utils.print_list(tags, fields, sortby="name") + + +@utils.arg( + '--project-id', + '-p', + dest='project_id', + metavar='', + default=None, + help='ID of project.') +@utils.arg( + 'repository', + metavar='', + help="Repository name, for example: int32bit/ubuntu:14.04.") +def do_show(cs, args): + """Show specific repository detail infomation.""" + project = args.project_id + if not project: + project = cs.client.project + repo = args.repository + tag_index = repo.find(':') + if tag_index != -1: + tag = repo[tag_index + 1:] + repo = repo[:tag_index] + else: + tag = "latest" + if repo.find('/') == -1: + repo = "library/" + repo + repos = cs.repositories.list(project) + found_repo = None + for r in repos: + if r['name'] == repo: + found_repo = r + break + if not found_repo: + print("Image '%s' not found." % repo) + return + tags = cs.repositories.list_tags(found_repo['name']) + found_tag = None + for t in tags: + if t['name'] == tag: + found_tag = t + break + if not found_tag: + print("Image '%s' with tag '%s' not found." % (repo, tag)) + return + for key in found_tag: + found_repo['tag_' + key] = found_tag[key] + utils.print_dict(found_repo) + + +@utils.arg( + '--count', + '-c', + metavar='', + dest='count', + default=5, + help='Count.') +def do_top(cs, args): + """Get public repositories which are accessed most.""" + try: + count = int(args.count) + except ValueError: + print("'%s' is not a valid number." % args.count) + return 1 + if count < 1: + print("invalid count %s, count must > 0." % args.count) + return 1 + data = cs.repositories.get_top(count) + utils.print_list(data, + ['name', 'pull_count', 'star_count'], + sortby='pull_count') + + +@utils.arg( + 'query', + metavar='', + help='Search parameter for project and repository name.') +def do_search(cs, args): + """Search for projects and repositories.""" + data = cs.searcher.search(args.query) + project_fields = ['project_id', 'name', 'public', + 'repo_count', 'creation_time'] + print("Find %d Projects: " % len(data['project'])) + utils.print_list( + data['project'], project_fields, formatters={}, sortby='id') + repository_fields = [ + 'repository_name', 'project_name', 'project_id', 'project_public' + ] + print("\n") + print("Find %d Repositories: " % len(data['repository'])) + utils.print_list( + data['repository'], + repository_fields, + formatters={}, + sortby='repository_name') + + +def do_usage(cs, args): + """Get projects number and repositories number relevant to the user.""" + data = cs.statistics.list() + utils.print_dict(data) + + +@utils.arg( + '--sortby', + dest='sortby', + metavar='', + default='op_time', + help='Sort key.') +def do_logs(cs, args): + """Get recent logs of the projects which the user is a member of.""" + logs = cs.logs.list() or [] + for log in logs: + repo = log['repo_name'] + tag = None + if log['repo_tag'] != 'N/A': + tag = log['repo_tag'] + if tag: + repo += ":%s" % tag + log['repository'] = repo + fields = ['log_id', 'op_time', 'username', + 'project_id', 'operation', 'repository'] + utils.print_list(logs, fields, sortby=args.sortby) + + +def do_info(cs, args): + """Get general system info.""" + info = cs.systeminfo.get() + try: + volumes = cs.systeminfo.get_volumes() + info['disk_total'] = volumes['storage']['total'] + info['disk_free'] = volumes['storage']['free'] + except exp.Forbidden: + # Only admin can get volumes + pass + utils.print_dict(info) + + +def do_get_cert(cs, args): + """Get default root cert under OVA deployment.""" + try: + certs = cs.systeminfo.get_cert() + print(certs) + except exp.NotFound: + print("No certificate found") + except exp.Forbidden: + print("Only admin can perform this operation.") + + +def do_version(cs, args): + """Get harbor version.""" + info = cs.systeminfo.get() + print(info['harbor_version']) + + +def do_get_conf(cs, args): + """Get system configurations.""" + try: + configurations = cs.configurations.get() + except exp.Forbidden: + raise exp.CommandError("Only admin can perform this operation.") + data = [] + for key in configurations: + item = {} + item['name'] = key + item['value'] = configurations[key]['value'] + item['editable'] = configurations[key]['editable'] + data.append(item) + utils.print_list(data, ['name', 'value', 'editable'], sortby='name') + + +def do_target_list(cs, args): + """List filters targets.""" + targets = cs.targets.list() + fields = ['id', 'name', 'endpoint', + 'username', 'password', 'creation_time'] + utils.print_list(targets, fields) + + +@utils.arg( + 'target', + metavar='', + help="The target name or id.") +def do_target_ping(cs, args): + """Ping validates target.""" + target = None + if is_id(args.target): + target = args.target + else: + targets = cs.targets.list() + for t in targets: + if t['name'] == args.target: + target = t['id'] + break + if not target: + print("target '%s' not found!" % args.target) + return 1 + try: + cs.targets.ping(target) + print("OK") + except Exception as e: + print("Can not ping target: %s" % e) + + +@utils.arg( + 'target', + metavar='', + help="The target name or id.") +def do_policy_list(cs, args): + """List filters policies by name and project_id.""" + target = None + if is_id(args.target): + target = args.target + else: + targets = cs.targets.list() + for t in targets: + if t['name'] == args.target: + target = t['id'] + break + if not target: + print("target '%s' not found!" % args.target) + return 1 + try: + policies = cs.targets.list_policies(target) + except exp.NotFound: + print("target '%s' not found!" % args.target) + return 1 + if not policies: + policies = [] + fields = ["id", "name", "description", + "enabled", "start_time", "cron_str", + "creation_time"] + utils.print_list(policies, fields, sortby='id') + + +@utils.arg( + 'policy_id', + metavar='', + help="The policy id.") +def do_job_list(cs, args): + """List filters jobs according to the policy and repository.""" + jobs = cs.jobs.list(args.policy_id) + for job in jobs: + if job['tags']: + job['name'] += ":" + job['tags'] + fields = ['id', 'repository', 'operation', 'status', 'update_time'] + utils.print_list(jobs, fields, sortby='id') + + +@utils.arg( + 'job_id', + metavar='', + help="The job id.") +def do_job_log(cs, args): + """Get job logs.""" + log = cs.jobs.get_log(args.job_id) + print(log) diff --git a/contrib/harbor-cli/harborclient/v2/statistics.py b/contrib/harbor-cli/harborclient/v2/statistics.py new file mode 100644 index 000000000..9f4c47451 --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/statistics.py @@ -0,0 +1,7 @@ +from harborclient import base + + +class StatisticsManager(base.Manager): + def list(self): + """Get projects number and repositories number relevant to the user.""" + return self._list("/statistics") diff --git a/contrib/harbor-cli/harborclient/v2/systeminfo.py b/contrib/harbor-cli/harborclient/v2/systeminfo.py new file mode 100644 index 000000000..ff803455b --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/systeminfo.py @@ -0,0 +1,15 @@ +from harborclient import base + + +class SystemInfoManager(base.Manager): + def get(self): + """Get general system info.""" + return self._get("/systeminfo") + + def get_volumes(self): + """Get system volume info (total/free size).""" + return self._get("/systeminfo/volumes") + + def get_cert(self): + """Get default root certificate under OVA deployment.""" + return self._get("/systeminfo/getcert") diff --git a/contrib/harbor-cli/harborclient/v2/targets.py b/contrib/harbor-cli/harborclient/v2/targets.py new file mode 100644 index 000000000..29a4b7d62 --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/targets.py @@ -0,0 +1,18 @@ +from harborclient import base + + +class TargetManager(base.Manager): + + def list(self, name=None): + """List filters targets by name.""" + if name: + return self._list("/targets?name=%s" % name) + return self._list("/targets") + + def ping(self, id): + """Ping validates target.""" + return self._create("/targets/%s/ping" % id) + + def list_policies(self, id): + """List the target relevant policies.""" + return self._list("/targets/%s/policies" % id) diff --git a/contrib/harbor-cli/harborclient/v2/users.py b/contrib/harbor-cli/harborclient/v2/users.py new file mode 100644 index 000000000..4d9f8a064 --- /dev/null +++ b/contrib/harbor-cli/harborclient/v2/users.py @@ -0,0 +1,72 @@ +from harborclient import base +from harborclient import exceptions as exp + + +class UserManager(base.Manager): + def is_id(self, key): + return key.isdigit() + + def get(self, id): + """Get a user's profile.""" + return self._get("/users/%s" % id) + + def current(self): + """Get current user info.""" + return self._get("/users/current") + + def list(self): + """Get registered users of Harbor.""" + return self._list("/users") + + def get_id_by_name(self, name): + users = self.list() + for u in users: + if u['username'] == name: + return u['user_id'] + raise exp.NotFound("User '%s' Not Found!" % name) + + def find(self, key): + if self.is_id(key): + return self.get(key) + else: + users = self.list() + for user in users: + if user['username'] == key: + return user + raise exp.NotFound("User '%s' Not Found!" % key) + + def create(self, username, password, email, realname=None, comment=None): + """Creates a new user account.""" + data = { + "username": username, + "password": password, + "email": email, + "realname": realname or username, + "comment": comment or "", + } + return self._create("/users", data) + + def update(self, id, realname, email, comment): + """Update a registered user to change his profile.""" + profile = {"realname": realname, + "email": email, + "comment": comment} + return self._update("/users/%s" % id, profile) + + def delete(self, id): + """Mark a registered user as be removed.""" + return self._delete("/users/%s" % id) + + def change_password(self, id, old_password, new_password): + """Change the password on a user that already exists.""" + profile = {"old_password": old_password, + "new_password": new_password} + return self._update("/users/%s/password" % id, profile) + + def set_admin(self, id, is_admin): + """Update a registered user to change to be an admin of Harbor.""" + if is_admin: + profile = {"has_admin_role": 1} + else: + profile = {"has_admin_role": 0} + return self._update("/users/%s/sysadmin" % id, profile) diff --git a/contrib/harbor-cli/harborrc b/contrib/harbor-cli/harborrc new file mode 100644 index 000000000..49cc472dc --- /dev/null +++ b/contrib/harbor-cli/harborrc @@ -0,0 +1,5 @@ +export HARBOR_USERNAME=admin +export HARBOR_PASSWORD=Harbor12345 +export HARBOR_URL=https://localhost +export HARBOR_PROJECT=2 +complete -W "$(harbor bash-completion)" harbor diff --git a/contrib/harbor-cli/requirements.txt b/contrib/harbor-cli/requirements.txt new file mode 100644 index 000000000..e65bf0f4c --- /dev/null +++ b/contrib/harbor-cli/requirements.txt @@ -0,0 +1,10 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +pbr>=1.6 # Apache-2.0 +oslo.serialization>=1.10.0 # Apache-2.0 +oslo.utils>=3.11.0 # Apache-2.0 +PrettyTable<0.8,>=0.7 # BSD +requests>=2.10.0 # Apache-2.0 +simplejson>=2.2.0 # MIT +six>=1.9.0 # MIT diff --git a/contrib/harbor-cli/set_bash_completion.sh b/contrib/harbor-cli/set_bash_completion.sh new file mode 100755 index 000000000..fb1dae7bf --- /dev/null +++ b/contrib/harbor-cli/set_bash_completion.sh @@ -0,0 +1 @@ +complete -W $(harbor bash-completion) harbor diff --git a/contrib/harbor-cli/setup.cfg b/contrib/harbor-cli/setup.cfg new file mode 100644 index 000000000..4e250654d --- /dev/null +++ b/contrib/harbor-cli/setup.cfg @@ -0,0 +1,35 @@ +[metadata] +name = python-harborclient +summary = A CLI tool for the Docker Registry Harbor +description = A CLI tool for the Docker Registry Harbor +license = Apache License, Version 2.0 +author = int32bit +author-email = krystism@gmail.com +maintainer = int32bit +maintainer-email = krystism@gmail.com +home-page = https://github.com/int32bit/python-harborclient +url = 'https://github.com/int32bit/python-harborclient' +version = 1.2.2 +keywords = 'docker registry distribution harbor python sdk' +install_requires = ['requests>2.2.0', 'oslo.serialization>=1.10.0', 'oslo.utils>=3.11.0', 'PrettyTable', 'simplejson', 'six'], +classifier = + Development Status :: 3 - Alpha + Intended Audience :: Developers + License :: OSI Approved :: Apache Software License + Operating System :: OS Independent + Programming Language :: Python + Programming Language :: Python :: 2 + Programming Language :: Python :: 2.7 + Programming Language :: Python :: 3 + Programming Language :: Python :: 3.4 + Programming Language :: Python :: 3.5 +[files] +packages = + harborclient +[entry_points] +console_scripts = + harbor = harborclient.shell:main +[wheel] +universal = 1 +[pbr] +warnerrors = true diff --git a/contrib/harbor-cli/setup.py b/contrib/harbor-cli/setup.py new file mode 100644 index 000000000..7028453df --- /dev/null +++ b/contrib/harbor-cli/setup.py @@ -0,0 +1,8 @@ +import setuptools + +try: + import multiprocessing # noqa +except ImportError: + pass + +setuptools.setup(setup_requires=['pbr>=1.8'], pbr=True) diff --git a/contrib/harbor-cli/test-requirements.txt b/contrib/harbor-cli/test-requirements.txt new file mode 100644 index 000000000..9dbc01102 --- /dev/null +++ b/contrib/harbor-cli/test-requirements.txt @@ -0,0 +1,3 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. diff --git a/contrib/harbor-cli/tools/pretty_tox.sh b/contrib/harbor-cli/tools/pretty_tox.sh new file mode 100755 index 000000000..799ac1848 --- /dev/null +++ b/contrib/harbor-cli/tools/pretty_tox.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +set -o pipefail + +TESTRARGS=$1 + +# --until-failure is not compatible with --subunit see: +# +# https://bugs.launchpad.net/testrepository/+bug/1411804 +# +# this work around exists until that is addressed +if [[ "$TESTARGS" =~ "until-failure" ]]; then + python setup.py testr --slowest --testr-args="$TESTRARGS" +else + python setup.py testr --slowest --testr-args="--subunit $TESTRARGS" | subunit-trace -f +fi diff --git a/contrib/harbor-cli/tox.ini b/contrib/harbor-cli/tox.ini new file mode 100644 index 000000000..f744259fe --- /dev/null +++ b/contrib/harbor-cli/tox.ini @@ -0,0 +1,23 @@ +[tox] +envlist = pep8 +minversion = 1.6 +skipsdist = True + +[testenv] +usedevelop = True +# tox is silly... these need to be separated by a newline.... +whitelist_externals = find + bash +install_command = pip install -U {opts} {packages} +setenv = VIRTUAL_ENV={envdir} + +deps = -r{toxinidir}/requirements.txt + -r{toxinidir}/test-requirements.txt +commands = + find . -type f -name "*.pyc" -delete + bash tools/pretty_tox.sh '{posargs}' + # there is also secret magic in pretty_tox.sh which lets you run in a fail only + # mode. To do this define the TRACE_FAILONLY environmental variable. + +[testenv:pep8] +commands = flake8 {posargs} From 9889896e8a21ce4f62692967b739242bf99749d6 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Fri, 10 Nov 2017 16:08:13 +0800 Subject: [PATCH 43/83] Add content-type header to the request when creating project during replication --- src/jobservice/replication/transfer.go | 1 + 1 file changed, 1 insertion(+) diff --git a/src/jobservice/replication/transfer.go b/src/jobservice/replication/transfer.go index d9e76e0ff..ed003e6f5 100644 --- a/src/jobservice/replication/transfer.go +++ b/src/jobservice/replication/transfer.go @@ -290,6 +290,7 @@ func (c *Checker) createProject(project *models.Project) error { } req.SetBasicAuth(c.dstUsr, c.dstPwd) + req.Header.Set(http.CanonicalHeaderKey("content-type"), "application/json") client := &http.Client{ Transport: &http.Transport{ From 6c07689d85df9dae0a20c44b02025f804126d1fd Mon Sep 17 00:00:00 2001 From: Evgeny Shmarnev Date: Tue, 7 Nov 2017 09:47:22 +0100 Subject: [PATCH 44/83] Fix link to Notary repo --- make/photon/notary/builder_public | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/make/photon/notary/builder_public b/make/photon/notary/builder_public index 132f68aa3..cd299224e 100755 --- a/make/photon/notary/builder_public +++ b/make/photon/notary/builder_public @@ -35,7 +35,7 @@ cur=$PWD # the temp folder to store notary source code... TEMP=`mktemp -d /$TMPDIR/notary.XXXXXX` -git clone -b $VERSION https://github.com/docker/notary.git $TEMP +git clone -b $VERSION https://github.com/theupdateframework/notary.git $TEMP echo 'build the notary binary bases on the golang:1.7.3...' cp binary.Dockerfile $TEMP @@ -56,4 +56,4 @@ docker build -f server.Dockerfile -t $SERVER_PHOTONIMAGE . docker build -f signer.Dockerfile -t $SIGNER_PHOTONIMAGE . echo 'Push image to docker hub.' -../../pushimage.sh $PHOTONIMAGE $USERNAME $PASSWORD \ No newline at end of file +../../pushimage.sh $PHOTONIMAGE $USERNAME $PASSWORD From f2868f2033ef5ecebe85fffbb51d89781b97334f Mon Sep 17 00:00:00 2001 From: "Deng, Qian" Date: Fri, 10 Nov 2017 18:19:36 +0800 Subject: [PATCH 45/83] fix issue when upgrade from 1.2.0rc1 to 1.3.0 --- tools/migration/migration_harbor/versions/1_3_0.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/migration/migration_harbor/versions/1_3_0.py b/tools/migration/migration_harbor/versions/1_3_0.py index 5983dec1c..cca5f600b 100644 --- a/tools/migration/migration_harbor/versions/1_3_0.py +++ b/tools/migration/migration_harbor/versions/1_3_0.py @@ -39,6 +39,11 @@ def upgrade(): bind = op.get_bind() session = Session(bind=bind) + # This is to solve the legacy issue when upgrade from 1.2.0rc1 to 1.3.0 refered by #3077 + username_coloumn = session.execute("show columns from user where field='username'").fetchone() + if username_coloumn[1] != 'varchar(255)': + op.alter_column('user', 'username', type_=sa.String(255)) + # create table project_metadata ProjectMetadata.__table__.create(bind) From e4f2711f4f0fba255a71c58248093cbc263bf63f Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Fri, 10 Nov 2017 15:11:20 +0800 Subject: [PATCH 46/83] Update user guide for release 1.3 --- docs/img/clair_not_ready.png | Bin 167231 -> 69386 bytes docs/img/clair_not_ready2.png | Bin 47659 -> 61083 bytes docs/img/clair_ready.png | Bin 107750 -> 59334 bytes docs/img/ldap_auth.png | Bin 74868 -> 95955 bytes docs/img/log_search_advanced.png | Bin 0 -> 75367 bytes docs/img/new_auth.png | Bin 62274 -> 79695 bytes docs/img/new_browse_project.png | Bin 50749 -> 64083 bytes docs/img/new_config_email.png | Bin 62541 -> 87382 bytes docs/img/new_create_project.png | Bin 39286 -> 45597 bytes docs/img/new_create_rule.png | Bin 71663 -> 114191 bytes docs/img/new_delete_repo.png | Bin 47832 -> 66357 bytes docs/img/new_delete_tag.png | Bin 70274 -> 86261 bytes docs/img/new_manage_endpoint.png | Bin 50415 -> 59385 bytes docs/img/new_manage_replication.png | Bin 51762 -> 62178 bytes docs/img/new_proj_create.png | Bin 62412 -> 84259 bytes docs/img/new_project_log.png | Bin 68275 -> 92001 bytes docs/img/new_remove_update_member.png | Bin 53329 -> 61498 bytes docs/img/new_rule_list.png | Bin 87034 -> 100243 bytes docs/img/new_self_reg.png | Bin 50563 -> 67544 bytes docs/img/project_configuration.png | Bin 0 -> 109145 bytes docs/img/scan_all.png | Bin 69838 -> 62330 bytes docs/img/scan_all2.png | Bin 77555 -> 66824 bytes docs/img/scan_policy.png | Bin 81333 -> 67596 bytes docs/user_guide.md | 22 ++++++++++++++++------ 24 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 docs/img/log_search_advanced.png create mode 100644 docs/img/project_configuration.png diff --git a/docs/img/clair_not_ready.png b/docs/img/clair_not_ready.png index 85fbe9f13bf5b6fea8c43cac113b6e5563f32f8c..5dd68316598311e1b928def1d36fdbd39cc1c32e 100644 GIT binary patch literal 69386 zcmeFZXIxX=_AQJkf+9r`P-%7)1XN1sASeh(QF;kgYJkuYLJ<*AP_WQDA{{~v0Ya!E z3WnYxiPQigp(nJEo9C40o_p_Kec$ir3qMHqUVE)M=Nfa&Io9U2o{l=p$qOgx=;&B9 z9^QXKN5|+-M@N5|={W6^NsP)!~muV?f-MroR&XO5#DwJ$8mp`fn!e%v{GiB7>EW zGx+k|8q*tRyk+A^ULlT$_K=CILG`QDCVwmv7euE=^nBT7U~>Gq#J$8DU%C@GIr-Y# z*pA%FK5}l6{z6pRO`j7dH;xuAd~IHC2hwTB!QbQ~4=Gftkf~+Rb#A&FO!Lx~*8wc^ zvrg&LCm)#7U38*DC78B3i>jwwQenQo+b1E|<25SLiP|8f$k<$RzY#~Tob4g~=|0`J z)qZ*5w6s@ydgpGWF+B@9(nY)>=k-xqK7LcrGC46(5v8s-60*n>oze(Px9<%YjrOEbwhxy6TgR6(@t|vMj17G%d(qlg= zbk=Lwy!TE=#W5w%{)pGZ?#j4-Xne?fxk%>T+|7W_njgCpb?Li~_SYf;dPmu>6-9Bc z5-)vcZo9S_VG2E?Yva-vL@BcT5ai%jIET6A6OQt{+bQUT5qwys*uwXWPHC%?e!At9 z37!7dGMlo|LGh9T%hW)G%;gZkKUOfS~hIX|gJzq|06<-Cf+JC-@70Ob%prn4*^DzD$s zolym4qx3Er&>O12^fk!l_WRf+jw2(QT9_V%ov%1qdQ|L%n>F_sH*0uO z>uZnW>CCv+$)8?ztcu6rt+=0{HNI!;At!V%(p|dp=sw>a6<2n^Rrc5S&aj`ZV!f%{ z^-lIP!_xi0cjn(NZk*hG(`vJLj_WIvUEKQDmv(i@r+&yjI-P%J@Rf7BMaxv%DVwi% zu$2a-cSqPkQTBGZ6|ct<#)4eW*B*h;Lry~&kNH$OFAU1DNNW3qo4 z{!;v9+DqI^jZdc@r#Y#gy1Ma7=8Nr2h^^qdtmjK&sA-Efc3JA22TXPz!E#w%+hRx@u|FQe$r z(5+=D7mjWD?GxJ{&jPzlqD4ABnu!@+8@}$VzYLRjY-T?3Ah6yC>XWi{X9+)0{`A#d z*}Lv{c~gAv8r~JOKmPRk)1|8Xs<0~Oss~k!_T}GV2i7F`QW@W>cjpcd_6$ZYF#$gk z)o=rVLGqy3fciPS;hCx&3Z}5FxNBH8+sXf70e$`VbYKK?vQ^sCPh8P zKgDX!a1J;(I}h)If5XO83oDdcO)pvIDCZbX$F^}lNcM5Ynv0#Jc%8BHOyPpMfpj#{TF$`}}a%b{DdXL#SBDQb;A?WWuIUxj{;CPx1HS zykbX#&Y?w@SeGE!6Iiv2n2FadZX=Eu)HlpDI`+B0c-`dV zXXo6MY}4ZLG8t%I{(L!1t;7@`CiQqyO-=&>_lqN`^8qs+W{AiVWOEx%Hn^fK&<<$z zKm!Fqqa&k{Pn1^zfqOb=zWqnjD{A##RI6kr>C*cy-BhH4ZvZ68>@gl;PneojH zHBq&3HI$m_*GG0rv)W$?U(30jMWRh>>>l@iTD_ilz3BSBHh=2Cqu@t?6u;CaN%7mW zsfHnKa zgJZ*WmUVawWD5#)E;2o3B%TW5{mc`8dJA-0RQg7p(2nUV=WnU+GW7x%qx-^h z1llaxquco-@ewiYh%2A3B&ta~2zuiack4Cp8?&=8sb#a8ClX2xSB?vCoE~Hsul!>7 z9eVAGmPpcq7!vWwf4tbkQwF)=ZY5^ws#QZ?4N;B|hTS^3oL23heNoHQvBpg$Ryb4SjUtk<7ch z2^Uf(Qq>;DXv^KqKJnxj_kiJ`aUPkOC1SU&^%UX_@cis$tH-L>FYa+AcGRc=F$l>cA z=^H9fq-?b6*2#~J${0s zgLmnC9cg`;V~c~qP0w6s@)_jGzO}lKI#nau?UWYsDQpR^V zabGF&%KfAY{BZpj?{>6sgFt4SZ0NqqT0~P!6StVvMx#$tXC7|FKB~I_ItG*p7+!GM zmn;FfArp~;A=L+j`&ouolfHO7AHWstLlPq@c@Hiv)SDCGqG$(flb_&E9V&VaK|Y?y zdI~d(=0Ro!Qc>Y6j33zm@@~F=GaCbX5f7uX{{ee)k>8X2Y&kutWE4mYX6u==H%ykk`EN!RQ8f4=dZe9}+5& zASHQi?v=E78QqKH>F?-T%xiSB)s8ARAEDE5sa4NBEipOT%f6#4KdIjP?d0=4QMxuM zx}Q<8oQs9wku~CU_ncnJ937joI78KQcu_xI%3aUrrrnjFkI6w^vJ`j@KB}+(k)W@S zz0hYXK-afzQwzvSJT*aG?Y>ieiWS+>{ycOTd!+8_vFXfY;|MxBWjc-f_Y9sLSwWu& zGMGnF*TvqkRIwYWDl;*?$Ueu-Rdmwm!4;#=?hjl}mprLS+!#&#gcL%G`a0h%GcKup z;*!t+94fxC%xQ7sveBvNi_v$KUtMIcQszpeZpw)ZK2k|MaqNSQVlPs|p(mh+q$oW& z8iXUui}+xA$*&^m=$S4)|Lu>yQU)_AeD&-cyE5I8W553)f20j~cX@5N{jbJu6-u;2*wmQ70SiL?LXN?Q(@BsA*~N{kLXf3Wsn%UPpY zupRzM@Xv01O8*j}t=1cM`cH2B|25_vZNI0iZ+>qFWfpoq{WHTz{o;M+0{)E20EH$@ zond|2N`W$#D{-iTGlmt`az~v%$6I%~;N!jznUyj=5u|V!s%1}(_VYN#40(`! zk6w^0GXM!+#!{GIuj2;u-8wMLSh+0dIzPb4(MRo<4!o$sup+*3r+~M_TW6(&V9#lp zygxqi7Bf8NxX5+2_I2Dah-#WwPd)syeKW34`0c@SnDSPPX z&Zgw-E`wP^pxd0)Q}IUnHnhVted)Z#(-nZC*QN!9p=62G2kuMDzM@0unM{G4H&-Tv z@pE=tQxF0CFq^R&+ezc-Um1!$f!-(&f|5~=mZMiQOF8SY1{l>)zEC!ci_y3# zLUBrSgOM&!ywst?vVCiaFzT{U2$d`c{~TC?Pko+Zgbti%nTjPwl|N@dhzrK9V?MiQ zQmXhf;ol&qYru8#WXswRCI2w8-H~#n^1!b*m$U`Ltuf?mv^UHPt;W65o zrwFCuk))Ai4#-eY34+v@`~%aqoMySXcU%;;IAH3Go)FFro9w5oaqfH%Xm89(THV1N zm_=FEW|Lz>n}}bFl?L`@f+Xwi{%ZGxIdN9l-Y6M^ti>l-szhmf_&`khSm=pna@C16>u0Yka}M9!)Gu5OdZOVPca^}ShU=Is?kH|b90 zw(1^94?t#vtatIE@8Bf!YBc(K)!0V+Le86!-NG>b-Hyn^Ccsldf+O4d;l#!$wR*t3 zsaJ=mp@pU0vY{mL?MbvOyx7NI1kY1f=aaOrz7lJ{|M`-&O_}yx#og)pZQHQ}gwZf) z7@=jXWC*7Au_6a#Z{*u+aT0C}MwSr;d^zBXOMI}rXHims@Yh6r4vry3na7|F0HE?@ z)UUwslX=Sm&2Y(XtU!<;|1gRf>m|b@jO+1FVLqu`K}S(>nx3`BGHa>Jj~IO)LcUt(V?)r=hm@W zP}=T{9E=27=9KD~yQ7{jx#Vn82ubK>gP%=s8c*G3QRJQs`PPpnkP7iLxf!f`O`ZN2~kPXA;{Y$%Y zOARFw&U$S2HK4L%a-W!8lY-Z3k5fsopX<7PplVU0Uf*sBM^M9c7DBOs+t3%SRkl)p z%Klrvl3sOzk~c3+;H4@IJR1_TP1JsLn9WT1{`-8&ftmLC3DqJ?r6TLuKvaNV{`Fom zVko54G=%$5%KS*0-T^_ksdVFQZiCK9-{F&bPUaMyknE7zUce9>E~zrsc7Z-3#kZ_n#sr1Eyn5ryFi!}`o2L>kWq{606U z!iZc0%Xe2)sJrUngcPZM(~o?9Bez^+q(-X=Z@50;H(kp~-1M6?W+sP*2$vQ1Eqo#z z4j$b@c#pahJikx7lkuTcq(uSCVjkNRj^Ya&h|X|NQxL+Mn)})U%>^2KrLu_if_$^6 zP}c`8IjDtM7(Kj`x*Fcs@%Hc;0^xtW(HpLciE{{B+t0!U`YSzo0Yv-==OQYSF`bt4 zP=;zQ%-)f5L)=~~^q%Q8s8uUS@M%KB$o0C<=u|hWn%p5bYNhcwXt-s>H8}Sr0^t|9 zKZ!H$k9CP@SZ-V0(r>=cYzA1)E#s8U_cyj@RnX6(HjBvak;6i>foJRzJf|*dSC@7B zJIx#86K45YVK`5qB;l^{1^4bzR|A(o<2>J`oTX-@#;zzGNp(Dh{Al!ZQyKa=XV-2Z zQd57*WFrINGT`ekBtqf>lBx)giU}rRumkrVdXgI#vn$U4EeQ@o-j|9^X?tPaWm|(M zzgQkL`xq8QOlsMyDvj|x4JF%77)%p;fRILT^NJ5P(B&a$*lRV-WtiY%ZV5AX>-A%> zTHy&)gc0KAf5|IYxGQ$O+?cFNzQOcHQ#l_}aNXN3)6w3g3{(TfUbMl*5)w?tp9B4_ zhg4rrXjkd*Xa|x{H(<=)=lUy_83p6`9yd%w3IbJcf^SX{?G61{d1|?q;-IM`Z1f_o zirp+Z=>yj>lgq-!7KWAHa9caG*ZAEj$V{$K0uRcZ~j`ve5bfDJP;*DdK7jW3N?xwrq z!V!gm#{Ngh>2kET?UEa8wSWl4 zsqz?2Wk7^jgDzDF%=H9?zwQ(yZJ;!Q(o(#OgDC=A>d4r6uD6zRA<8R{;ka8A^(mA?+zwm^VF!Qbx!)UGuG05e{t^^xlLx{Wz)oRq)9D6 zWHO57bfxU7IhgEs#LRu?G5vmBqMNjh%s zJ&9<8cEpa4Al*%_L4%pQEQ2T~Z6KAaGnUDONuwnqL;V1W!bnFb31`$C~|Ua zvB_qOB$z;bkJx21gOoq^%ODX%_G{x==3T)pBQ6tUVJ)T2k#*)@RV&%NXBL{7Lr@y30ptp5B?00vuXX|Z}$~uf#UWg>KobV$P z>s7q@(L5^?8|%;+0G`|)|1NpOH_hXTwNqF?HTgKA*0v{H+}Ayn`NgF37iUo>a+GQL zwh4x~GyI5QB~6t}O=?d2E9T(}LuC_J;X}8aD`>cOY4FDO@l_tJL%?g-l!!{Hre=m5 zE{6$#;jJy+6?*i{z+JH#H@sz^Sv|KzC}NBCW)--{)z5C!-@|)&BE}+c-(;0VxR;@b zq>?m^8Po9r7m|QNX|toG(EBb`vBU|DaVxh9RS4&f6r)FzIk;VTvhN$$nNcZ;D&*;r z(b52 zWg90Ag_CWY@}41FUoq~FyrZxkL)6AiyhoJpm(Hdd_Jepk2iu-fJhUQ}w*RxTdsfJJd3yTvH&8aU_*f zpF&o$BJ-O^ti}N^hm;J#W<>Xcs5RCVAVWA??>-z3mqS~0Cq|eg+MvX^ zAa>&}6m&$lBR{qijs1w;KsRg_0g${i#@wN!-HtjQ-csguAaZ*uXXq{}(&aEK3A4HJ z1~R1p_c-{R+Yrdv9FnCXKS{ou14nmb| z(!-G+CRC5e+utUuv;*9~c{AT7nBOPa4d-(Whl?=1E^r6ve6BvfV z7JGq2AS7G;lBJ-`S`^Jm>KQd0FlTzo3qj^ke?&{~$&`acczqwI#I=BX*@ln_$2p^8 zbMTdPmMR$t9#k^rlxFY#8D$4F*-y#>E(afXJ5nSyE<9_eK~uV*C=&rFy7hFeQ4qi*sAP!g{LBk0(dGW;dq#o156VJT=U;ii(ZaZ*TSDrfw--jsU%t#)X2 zpj>=UPN!nwG}N#YdDt(ML5Kvy1e9R#VzgwD~m zE5(c?%bv6BLq>P(8mZS0z?{RrYKJ>p(;<@`kyl9VKptaEWLWLH(a5V6eNtap#HR@1@RFaCf+sZDkau?`uc}sI`#AT(1sUdUp(_7{VD+ z4EVIg4^BQ|?v5(9r+_<-C9dpGVtC7{MuqGt4&YRyB0OV>6ju{+4ep11{W16%fQjjk;n->b@y%K%nrcJD<#Ww9){ z5VAWtDWsHEDAFxG)+3pYX)T+A9W{FeYK2Oc{H%5`MC7R6hA^k?mK%t@!{)$MUI3SP zGX^>$G<+lK4WYtDrn6%253%A2S_SBk7b{u8Ma+$5A|^0HjzFK0$5zsmu)gg#$AoJmx@ZwL3i_BP z2#fW{VWoTkm|2CK?>-&`9qz?Qsr~DTl8|6{5(L37*V|`wnztDnOMs`62<5Y4zf5r` zdak}$`E@679_NV($1*k6WBk-p^Z%CiJs=c|*kOnf&XLFrjj5&=sqI zKk=2JQHnAv=7^m0tqz`&voV;zo+wh|BlGoLlfsKn}n^BQGsd}bf(x@g>9YlL+15B@gQU>Ow{5)s*!6NevPd2WnzMK293jihdo)8Z?4 zm=kL8Ii(y3q2a2G;&DAx=Sh+VLGob)TONqG@m3Q*Y3{gH;WEXSx~+V1Eo1X1FXiH< zti3O>?3(U@=BDD#lRUnu%2@mgOM9d1VM#;T!j%e%wqur*HF2=wbHvv;ui19730wrK z$@eKIf@@{s%dFI!d(x zI=e3`GkZ0QOc9H9bUj0ldav#!G-ga3SFwb+2RA9LNSB+9Dyr9>zSYi08R!{08C0dS zjC*T)-fXWPG|I2AVRrE>4Grg=wo4#G+m%I(Zat$Zqp>6-^WgW|9~Y%c22^4)T|0bp zn{qF?OLVQI%YzrK!DqGMk4+!kepJOL+3s+!3}v%F%?(0MeYy^24j?!#EyMP(4>T;P zH@RayC`x*6hK*8^pEwO+zURMa+o=`yao(SZk97c_$%E4SKOh1u^VY~fCdC$(64xtW zvv(HyB}AZp)^fMXs<-y!Xie#!BJ1#GI6rYB;?cpZk}r0cJ22t76dTxSQJktI>`Qu0 zX}rBy?=Oruu#Z!3n3wvDkA8RQu^Xg>uC`CwXZP?qgNuFp}Mm*jvX$v4t`MT6T=S!(*brqm=F#3EWbrM8MnT-N3g^BvXa$ z{Y}YyV~G7*rsL`ei{Z7j@}+b}r8T(?@@@7CJ#xEP?3U0oL5J_ipKhLD#cLSm52#9z zs+4&Lt*7%>7uxa`_HeFSwtNb6%=Iqmz587}^8+?4g&q$F@U?HO-mwS1rIJud+ z+^q;^DYupVQ~r&9-^;d%1y%u@Ok;3US4*=rX7a0{r(hFY1FNg*g-Q0#V1(bs^_$cw z6pM92t2zQ_q`hARncmiP!%t`=wvIFn$mS_|g6+*bUOvevkFXT?H?fE`2-BZwiU z_MU-JXUPweEWrE`eZIr+d6{287`ryTk<(^sn$B9PcjV$|T=R0UrCXME)~w=e(|!s- z;be&mY=KQIXfw~TA=@K?S#31HI|t+0QIAnn!4+*w72-x8Ln{gbtEc1S>Uy7vSivfW z)#^^U8J(MlI}blkH;%HLFygh3O0~{3v+Ko`UT;OK>5iU}Wan)379=D?^ zPLhUk%uwf)W;guPp5{#HD?`a!jhn8|GKS79GT(G$nW~X~DwZBhOcW`FF9d zCnzH^hHDcsR?=eWq_>GgB9Cy6-Tvg(qpeq8)Gi3GJ@?<$vU0d_toIwy42uuo#- z3G!~{JgJwi-Dyn&kFh-^gz|2Ag6sTH1a#wmnm&YM3H z61weV>RT$p%;Ha|-U9WUFQ$@{xEn)e)zTLYDTjOO0hmqI?QXS-gKf5+k!D(-K4kGA zW;JVCQCDYEQ9X;+quY?gTMsz=lZ5b0 zRlf$v#li2hFg>hazHA0?foIxX0^5rE$`q>qEtg-ervSqyDv{ZVS;rhss z>p9$5a-w_idptMq#-*|Trghud1svk`Aaz7jd%w^*g+<*4>sNV6lGSh$Yd4Wr!SGe8 zxtswmDOvr-S5=}MZBP-X??xd^nwUq|LP}Jr!0{%P(cv0}?qBFwVNPc%oHq_mTBOO1 zMoz(glAs0HEg@M{n@~_$Z*Dnql~d!b%)ALW!|;H=tM?PZqV)D6H+RN#^rvFh4{12X zm}biNU5sAa$f}3)bYwLQxEkheH5roYDf9PY``Dp9vD!6NIY+=88P}tJEsxW*POdde z2vHAwXu<5^=A$JnzkxH_R!7u4zU_9-(VR?^tJnf6cmf~ODz7VYV33rrjoW5dq&vs! zI5vrNg+9WS{uS#C@8NO|-qPF(t7Gg=5=TOBL3je&LZ_VM9MykWh%rgLe{P61%Yz!u z=^*A17^YYC?m{{|spF|A@FZHBGj%c2vsTD5lnHlT7Pwj=7OLlK)|xM$6dvH37B!;Q zQsZhHYL>QRBI%q^OXP6F32m+Qrx5IJ$d8V9+&?#Jo`HR+cQM2q(lJEs|6oX z)bR+8dw;W3Mv_DSt0D(PmmPW|T)u4{^=wxchARErCZN2UJf zJO9%xsg-|C)-RZ=_)MwPtQ@N7((jL!JXgNYEYVf*#Xnxk9!Xo%xraV~3aBH;Qq8g-1O)76<}04~hXGdN zl>Pi_kF)aDDWz4h{O&>Qp7aJpwJDL=mw#I0#S1jI<*q}$QGeVMp0p*N_V1Rq`ICcR zsnPuF)QGnb|J@w_im?0XG+TT@-_<$yKY8juKl}9fxd-6Fs_f_=PRh`NT#yzBp71vu zzdp_K&#fHhboS!Z+pmZo$v^EJBK^PZu=Y_3qy+yc-<^wHYGlytD$~4%(a)CbyJP_@l)z2Jy2x}5Wssb_+ zPES2PO8r9WcY|X~Kg0%KsIx(#g*UjCA^?`7bj{nW-}7y+8JqN3OuA9>Cy^`3riL4>{aJJMddS z-zp^x^b9HhvI_2xf~K+jL%HBm54>%HXWMwg&cJ4Tz*85GsDt0|p0KZHXw>YM1}U6| zBRljD0s<-Z&Caz9nFL1X4KROSw&iw2#(qys+88DRZYkVfuqrml7(nbC{*mcF|Mac& zK$);vj@99o==@F9B&^5Bfo`Kku{il6D^ZJbh@(~RmeDmc%E(C(IXj3oAdPFOV36M+ zLaqShE^qF(fgSuINF0b40pP@DMT^~5FLet1Qv*FccmNPSn0oIg}lyl zlzLi$?sjYRu;yxf(U7u^S&62_3+4!Hot9Eiu36H{>4sVEc68gB1Vli9U2j7LO+2&b z+05J05@S7%Xmyig8JwGrTRzMyF|?U>w-+`JLlF@3`U<;n`UFIjrFG-(QF5Vjw^5Q) z%LFgHT}$Hfxs?XaCnaC3rB`C>Ce1&cOyib5ce{Wra1{js>WAz!-0f|+kIM*1+%q@4 z!}6bG^WXgcU!Pq7KKFq4Ym8r_5muOT!Mz5uKy}R?8Yj8g>z+B)tPw7nQMzs#?!pov zQfElr^g*Yb7oDda+RL{u)Lq>|dQUfWyq0|V#j`Rj71LrAhV^u_s5ARXKiwBWtQ@VD z&`p!-WM~KC-{<_`m?(}bxgAUSrl9SlKc778SJ^u_#PJnB4PkViHZMm61ZMSD0Wu$d zO-}Red?58h{I}EAr%n5g2w}I~WbO>I;thF~q2=HM{E9&L?21 zs)Dc8AjmyzkKA&8Zk2up*a7ZoBpZD2)v)(1^P6AX4PekjU8wL+X*OnluUlsUKuiCy zdNL2zsY>I1hQgaYo?95whE@r!eV+Q@Xk5h;cmiRun2xc+)yqJ7d5m)_Xw;zaac zGy4}|%Ua((_YNwg#|Crivr%y~WRWrh$at~;X7k8N!0oN!++yRN>&vBCz{|l~*&(}& z_%81RBtt;ScH8Rp#VCIyk@J+}Qy{@%4K+x60de4ym{if{i@N0p&Z~Q0bj}kEHfjP5 zV~s-JvP#qJO zrSO&+!R<7#D-e{VPz1v%;yx&FPp%7~uvOsK$>xIoKkLn}Q@el%8{|n)M)c|3=|GW!*wBOGBFFU0$8L-(H%dcypC3_=v5=CXC+V^?( zgr%g6h*XeUrD$WBoA0*WxX$vj75<*d@7^F``752Ub7%aOwZE}1dVWo4Ab!(!86-Tj zCl!n2zkLImzV({|`Qk-(!)f;pD4OQ2d-;1{T7za2J^jZ)X%vTUT9kVBPYIw`j`7t=K&ojvOF{LS@A1;^`#!L!?glNUxF6fa?hv{e&&c9dG(EL z>_~v%kPKHsSG<7SVE&LfzUY1U_HBrjG|pD20yd94WPo@i0S-l zvM_YOu2-!5NgiTp(0{8OZfqYKf;t1$qTQe5QGgY||YPjsSF^`X1iu861bzF`t@&_Gu)*nK5ex+gj-CjF= zmDcc80+gUmFF&0OuGF?i)H+XdfEU?}vx)>Pf)TQB<*aU=crx7?=iFzC9TmvjQTym# z4^-X$K-^tQxgbq>Yi(^_EQUk%RmZ$&zX5)xdQ`XiP^^f`GU#I%xh;^#!*6aG5Gl-$ z(8K{1AM`d2t130yr_L2efiDE7bAh9cHNToBP!1UFg|qqsIA|v`&+AM0ZtV&|Y$M&z zZ6`|+wjgWVzk!W^xZ?7I=Qb(rb^3Uz26q2~l9#?8XA=|LhGq&ZZs2QqGJVr$%r$Oe z6njQjsPg$aQi0VapOKDzvsGh@gi8Q{In%CMz{qSh>5F zlTGwS7Fprbvb(Kp3H7{tzxk;1at6F4E!5cc#$vLya-*=G z=l&OO0jHhM_gV>Bh9)1f&oT#vCm_}>XLv1u3y~j*KIx)|^^_?nXRmgD@^^obXV2B( za(~!QnYt69e?r;pfRi<@nFYg*J;j7O zmW3SSkU(z4F1V!j7)!Hrr1@5M&yVC!p~yohmm)PAiduv=4Wi{6MgrpoD6^j<++WdN zhYL`NQ3^7SqkKjj-$q&pjIW_u>qBwPhgFB$Q{HCNi6Vz?0xVt9`f&>6NJTFSx7c?- zzBv7Yo?{3#%|D1Q7e5?3xX}Ml7N;5rmBP8(I7zy)sFxS@KIX^FtDkI zFiW#Tq&sD}?&rI2hDS%@XFHeB+-H2c7d0B3+c+#k`Q&s$8^*G(0PbNC-mn?O6qJXU z^(i9sq)&>^s&808Ffd!5i17?0CHW(!lkzmGb%qUR4~;)cP31$bTk$Whgy?2$Ln9|n z4F1X17e5^{i%&{geO)N7`1~Wq#jf>;D>5ssK_;NvuYNkg{Mrpn+<=y*p;2N<)bY&X zsGiV=5-ugGvaLpfY8BVlMK6-bOXcuj#C$?$)qLw=anlrb;Wl-$ z+I!h1B%&V@Fg`whLE6K5i{9hcZ=NvG7zq7vZfjw~j;dFsjx;6<0C?8I8M+F+<9|HU z!gspJ@CDG^3{=Q7g;|&`JA>KlCV)SgbMH;@j}A8nT4ny4m;94)D_7Hc;BGG_y@u>p zT}aR0Mz8j%3!akxbfV|E>aV*l|GM`xtt&3o$`=C;t%=MG@!{Z2`Tuaw$(lDq9Jt2c z(5`_4qFl!WW*-{6`Vu;a?)e7sOW?T7%~)^GduX zn(cQ*9lO&j8hui&S^O)zzr3bbEc5ZWu&AhxIM;$P`f_O4arkTf=>2-ae0nk7pwn+S zaN~FD`lL%!RrZK7#xzwWN+sJm#Xp|G>a2mxL>B;eqe87=e;RI)ZeBKA1%z4t?p5@# z8-J~$Ev@I;mFF!v91jcq3PV(T$}H|KROuT8Bb%#g=MMu9e-lv3TQus1z2@CPqsPh| zC%5=>H$-?0^-{BkV(-^!KNI{Nt^Bv(1GlF;`|tk+Kofsxg6u<0LzgFCtQffeE-(M) zKL4ABN0~hLAhU;iOVa{IIWNy0iavHtBHIIQjn*tXxNBt|<6r2j0?H#T7W}|CZ`%=l zIw$H^D_uin+(Q}M_MPuLi0pe#F5u>FP|Zin?@v5#G%VAH6l2#@G_}fbebfA-c*p$- zGA~}fO{X63CC=4ZM|dV!@-aH$e^256`YkGs&YQ@uNd6#vk1p&X`wd`G|IM448m|YZ z#Fmw&4?4VkOfAx7$rlO-d-;p{?bJX|M;@{eu|QAHTuD4C!FT1efp?RD^vD7sw5M+=*O`x^ zgst*QqE7XfZEh|vcgWI=d@<;VvHkMscdojVmV!x4Y)VYQ@yETOw8J1qv<}c|cXTm>u2UChuEZC^-9x9DvOrIbVNL7? zOv@LmZ48PxSDJ$u>b%eW6ArF(f1S1V2wb@3`Zn6KZQA06n)kTCIXXHqLr_*iz0tUb^d0u8DA z8a-;Dotjnhb~4GS%l=Ay|DCzI{NxE;4t}8_SEZl6!!6Uts(kqX-c!0ltG(!IZUaT= z?!B;usq;+8yrl~tO$i4sm{)oK*Dm>wKY6+SYLY+WNjltip*SrIzzVZtM4L8joyS29 zn~`@Kd@XgXd()DZmt)HP!-!tK=awQR`QER*z~FsxgWWKvdzoDpI9QoJf=6!lPDF-uLEbQ~95w zOg=5;;>WU@AG@SJ0i6n=u%5U8>1ICUptwzUb#+QA6q4(l9T$tNO&VSIRAFq}D}I&@ zUYYsFW8wwn74yAb;ZtL~fBC{atrr8JDG*2Nb3s;v+i|y&boL`KJEK-xF&fQ%SZshM zw|}A~f?_0s6`gO~bu9DhO!lB!P$d6OQRYY^t$M~`It*l`cXQ4D={w=#c@vaJrkwZ7c&JQvm&D-IX2yh zjGPqQaX^u8o0Yjhk0(dGkUiDnmo)k)Al%0 zVX*@ep?p?W*}&m@25taKH>)>|Z;DEaR($y90#d|%)!-hY3ili>6colh6AzJ9iJ!MG z)5;tb>3!y{@6@MZ4rm#}Tt+q{3ybu9Pj5P_+h!c0o@xAnw$Q{fi=u&p+a&G}?vFB(Dd8HmP(Ju9z+CG}w{Izuz-*~h?VPYly zZs@lr(hu*UUtECO(7MI{^XipV8J2mURp-dX)E>^uMNeJxH}Fbxx#!AL(#cY@bp=t! z$g@?(>?MBSj)<;t$u&>Eu*l&*CliPpXAN9f;@+McEMHOt)NBS*eJdA4_ZWr|M=pn4 zVGpKn7e7dP6_ZIl>K~4ew$9`bXWCu&jV#{*mK`y$#Z0>h;*fBGohlUlu%XiF@xa8!lmM#|o!d+HZ=wgH3oQ z6ex>f#3lIN=Af1;R}y}>8I8;IH|Xv8u1Opj#d}kRlt2NN@1sw8ZLJVSLGRtBBkf5O ze#RocU%p@Pp9ODi?62a*0Ic3IS;L>wH>?>CX>_CJ#GCIc=MS%SN*JXYWt(EzSp38# zDLDl-b4ufTK@V!Hl5X`M)K^Px*52$oNnL3prug-k0A6`#YagQJ4Ml=P`ljT$aI&BCK4-jReA~VMet*{*W39Wdd0lf}b8*yLBclw4 zQIH^{8*vPZYVdJ_?WUq?NtrNs>8;h_Nu;f7#)Bc$y}9pdr~L?%?-6c>W_x^a)~!Sg z%o0{jaBElO5IVOd7t5+WamrI`Ji!|CN1|LIL>rlX5*7XUcVXALd`7l;XBy|x^FEZ3 z-nNi$3t7G9I6tr2EwdxQYc<=Dy=#&)ojJ>PCX*V^L638v#& z%#4$R|G4)Q{TUBNyb(e$lRU-dUJw#A->jf=$%;*+|BC`}i_8ZZaVB4+KX@qlV#HLZ z!M@>ToX+645TRfy!5yppV&7@#gGg`2EYUlM7lz#I5)u}z^j+=_$l$s9DWDr{+g9OR zLBaxA{WU}{rA*!j1c~1VWF-Rc(YAVpgp*jLpo7wd_nk8cbQ9Wb~8%g8WDIR*Nq9b7=<%$I@@-K$op%<1b*wyb1OECRU*+!!!3eglgwS zZBvHEuOWS_noOI`PcVnm$S z_#oIGqW*kjjhb*YCjDO|1kh8P4N~H5%J@w8R|?lj@5hioaRTeyTk^wKtG=kGB4550(QWC zXhQeKqDLXg9u`*ahdVl)Wow!{mQ#Q_%bW$*u?o)nTF!Xg`zUQAebZbR=9|+aSc~s3 zm|0$2hdfB*%U1;Hg^^{Wj%wzZvx=7qX^4;H748AqmFcMUSsZMjSexL!iZ=`TVMfi+ z4g8LU@(I`Qptpo3FXLCG*sOk@qhOrS%SAt~7qF!F6&zDy9V%G!X|<$#gu?32uL=<^ zkZX9BT5vnhxX9LhXws;dZvw(i)Hrl4&{wVj@^E}MV)g;QuOmOe)%T`fx?g>c%*x7l z79^)r&puoWJcZKAC0+aQ`|3}&i&*lN+{fzgM*2KMB-`1NEF4@$A1^-3U|1elRCt-( z;HMr7{z3~5a>tjOnLK+w0Y@%HJd^(59guB#K)4n-=zGQQr4@`vX07C*Pfz<=aifK5 zg@s6yju$*+mB5?8m}c{nZo@#~Vn9!&Q4Y;>kSYB@-4aSrsrUh#k?CX zj}t0iqTR*`^=YkmkvIYggIV8OUZ@7GMG%ZNiOZ<~wIV?)VR`>dDX@^CSFu-0UD;F} zg)_M!q|Vx(@%3s^5-Vq6ss)cjczgOUv^a%-Z(EGkzjN@4P0&G860 zYnpW39Nf*tGc=vm;hJu65ZfwV)Fbz+;^Yo|4XYh8bYjNq*|Hb7_JJM#1+eOUF37h6 za$XE?^y|12jnB|(XZ4CqTOSr+z7f|kBJn%C9)5!3#)P8&<1m^G7jaA?c2kTh*lfI< zAWhc@+om-%hltamYd^YAo6YhyT)Ts*ODZG0V$^L7-u&}Wy(SrMXOP8FE0w(Y%j5)K zx?A1s2ens#BO!q)Ql(Yacc%9afOCvB(M2~6=-jC(Y>xK__6>cZ7P$=d)q9L%=a zhRqMWH6j7GMCovFaJUs$IAb^qzm{2(gpllMNeEmi%)2R3C(@<;1{pV#y7tcB#v#0E z+`PhA5X7j-T)8|KL1>BFj*fKul=~|%f{@<`5W45>ecEB0?J($_iPs9J*o5d-U)PJV zS+?*k@`QtXrHi_@6QMf_C7SXgpcc|5>M4*hA$VmK=ZDuOkY5!tMS`eL=PSO{srGPE z^nomd{VOKpt9*;@-rm&CJ0=XXgQmKl;|Rxj38&w{vpk8VV=PeIXc-JnzA)#Kr zPRx+1tMGC9;o~#Lb<4Qw<=c{r`E58z^cI)P?6TpBEcQ0?8`~O*;kZtPagLSA5I_Gt zlM?Ui#$%H|J)09&dy)8Cx}~LHi|;%WalD%{g7c^0dS@C%-2}aE+P@zw6Djf~Xia>n zk0sy8^hIh3PkuF!e&&rzz9ao~D-bC(spyyYvPl&+R55hXq;Tc>_td(Xlq7>>i`D25 z#2@u@NZ%3Vt%W-^N2m2!IWTO062-&l1Sw>pmcI(>VX@=H$ zQ1H)wCa5RZL=jWZCcs&x8I?2SZsNQ~zFW5SZcg}lk-}E3nooIfgB5#q`3os*C;PKO zf}Ut}IFpU5!pw%Nj$UT*ngfbu+=M))K{W*OKAZy+9?BIUMs39PWc9IUTB0-)FZV>yG`~J%1dD;TbL~po{OiPDTdzW(rWIPK{pCib#m1XVZIbThGb^ePx z(%0+8&+-8F%wN?YexDK^jk}2W;RPs@IT`^EEP{L2FG!n{)$H!!uNCyEz$=~F&dE_udjdr{lz@Jo zn}_y}B0!pQMON$`m))t+zPfS#CuH0O4V-CZi?)kR{8UyBlFw)}`cw&UG{Ow&mt<_` zJ`g{9OPb3}rswpEu?I zl0r~8)?;KUN=GDaV+r=Qa4E=V9bP5XC!{kl~vNe<-C% zh+l?Dp!%%O<2o6BKG2W^H?4U8tx30Tw(Wkx^g>OXcl)2T6ewvFs$FfqI#I#qV(i$l zXjR%0_vOn70{UJ9X}4G zysf7`?m3BCh*F|Q;(fy%9gom4Q>C-BEgt=vnxjt^V;?Z!SF5P|8&|x%U3%sUvQ1H| zOiFrfa%<+dS=LA149ozo@Q>bl@<({!U&;}v$=shS`i;*D@a$s>sPgwOAs&6$jM&`F z4psMVvr;xyF)?57)lN7mKU9&@XNnim{h0JSS-JWvFmKQVNC|O(!~Ipl$g?pvVdO1m(nhT-%JO~{+`7M@BFI*$MrcS<}YF7 zz@OpnT=&F6zIHy#uDHNG6d{QGamtpG0l{T`9B(`^{52kwGBT)a^AGfa$NFCmr`e)G z|6yBBtK?1(hXtV*`p%y51#2$&*!Md(wcn5Nboz&yo80G&IvC!Rq^$qMR1!uvcD|m; zIC_6c!SYb~%D+qPFjy4$qxYMen~E_z9A2J`GZxEY=iuNn z-4Y%{+VQmc?YYdj@rWT_91u|WH^PX)QaNTbQfIweO&-So^t}IwP9JeF(uP7;75+hV z`#-c-Mlpj|+G-U4!twjg{m<+4RT*hz7WFx0L2)62=X-}_X>vQV)-k~Hv;4iGO(vLA zz~r&3fBw8Zih%}`4A2Pcl#Ih?M0vxpe_zV?$Tc?~mt;F=bc6=oj66A@;>GRoBOX3Bzu}TCk zACxJ%qF1v$yU1(_v z_fdfUSJlVwI}TLumE15@xo~j1`}z6C`$GDvkG*iYv!F+pALl-Gy>%?_0x2~@OXAdv zi;7fo20_Pf>yKk?kuwiNq6k^_3mGnx4_ljd*T@;cy`ce!&2uLcE)-ho(UEucLM%x< zr!X78_0jz=a8SRkFWyc_OuRV1urRhXi>Q~1sd2T~eyX|!9Pr%6GD)@%pSRIdO2*@JHb`!?;!m&CF$z+n1&|N4_SV;VfFiyjcMgW)Kr_m_N;y`-V{oY1iETj1-)UKk=1qE3!)u-oyZ}* zV6`uthPDkQDu=m0^Y5p+aw_?xMYH7;1w+Q@3d(x#j~Wf;I~vzaA)NO}sk{m~z!*LK zml~t%H~XPaa{T{!jhz0HczoxkO`8Y!I8_k9O~Oid|1c7X!Qg{RsDkTcf2`z)1nAB zA!Wox{xN*OOj{{iaT`5o^p>o(;tFXZvC$b`YhS}xu@3zMAQXi)WJPYbFS``AsFHa+ zAj5e11si%pVICTw+DuZ^X(GD@rR%^C7Glg%T`tf@Ra?oKbZMW-I7V6e+8J{i&XrCv zpD+w9$?=wlwv)kWNR^^DkiLUKzovEz!?tyYnHcV)q@f**l{lsdp?$c? zWSO$^_891L&>DAxvRUA_h@rUKsFDI{E3bE!IS*PJT*_%&hni^fhLqbrg!fMSq$C%> zmDA4jnupS3zf4kz4LP_CW}gu#hHf076C<<|rnY2(hhRDqN~n?Pf&N_~TD$2wE2~A4 z2rcYDdKPMe*7(wNotO#%7A=o;J%Dcv(?*0RfgHO9-=1LEN%RgL&&AWeA8IZTLUN*@ zQi$QgJUyK;6lh-?iIwQ1Uu+D~@;m7VR(ztJbFFOm#&aqS{<4?;a$zczP+m+(sr_&+p>G|^`&mw_A>82>7i6AWNjEY>`pOxcvJ){B8*tU z6eJ#ppcG-&BNlV@{3n?&Eq(sCN?qOi;eo*Vpg!5fS2rtIy+I|sJgW_0xMkCpQ>(2@ zVbN`$Eq<}uxS<{Dgab?}#jBDyq7<+PUI}lQWEktB{a3eK-Wv;xFAB~mAAf8=!9;wK z$vgEbifgqYH4bP@DDYx8vG97lSH>z<-xg%`s>KQlY-;Ts-{@Rfor~Eg`KCExBWre| zQ*fQ9a>8lQ<`7NIdAi6h8fBtd>7rP-$aXX%eJGeNUL%+ds$5BZc-)HZ-d zu5g-E1(~*1khVICp4m5KQ5*Be`$Hk7X||lZ#de45RZN=%pXOQU#j*D;tQPGb`P-se z!>6U~;1fn2ljo{p-9@v4)NZWq;C3U21{PALXeuKEAwtOYuz0epnRcdS9uvdsSJ=G| z6GM48)2ZxCuY(juTI_XJ9eM_#gVSJD^x@jE7sM$=g(u)yt?dqkzvRphlLJFlldz>q zI6t$+D?B!0Udz_)m71wMH4m|9Y_D$okKe4*H}w0Nh+sw!8<tpxXskaPx*|ebSpbV>Djwd9RGG#WcPo`i;e&A{hfKQHFPT@L?rFp-5qKyGZGCs*b z-yB?ppy2M4IPrR2s-lA43dUi%3F6w1d62T$$@7ZS&B#ddn2UxhFtNFVVX(Cz;NUm_ zzc#utB-T*j(B&NCp(YtpAH4y^kLTpLP}Vp5<0o-PL{2LDeN_-2w=W z>IAzLbhMM)PS0w+N z04+B#Jn~r|kbbUs2q)S@pIIfJvY5$HmEHa|C+GaMSxPHt?+lb)3#&l+yvYtL(MKw6 z$MSKnID-f^F6xe?q#EIrwN7CKC(#B_d2|6Xu#dx@%F8*3WC5jlRDhMyRiTPI{+o)F zH${rO(aoQ9pb7yqH;%SK3NA`4t%*q~@wy{Mge%^!xh%VLjs>}@>txFr(YyLEWb$Uv zc7tunp*`SdE5FbT3%#!mFYvPsAk<|U3g~)*Au=OR3h%BcoJGOc2-6KgJWn&16 zD(q+1F0OV4u_-1@M-#`GkpG4}T1s!N7bGSo9w`EJDRo~K{rQDF?Gco#gnL1pv^2pO8%#4s_--APz`FDx(|Guk)%7_PJ=au%~;Lt`KYC~x1`s)wdi481{eUWIrZNj{dQ_jU%D~DHYc;s{)u@x zKMyP{Dywlq>bLaY|6ARXr=N~gW{;}h(+~Ver^JAT2Z)Q=Lla0ZF!<|5x$S{oxIhZVzKi!S>0vY-qU>J3s`*H|3}Wht%vn?&Rj3*Nl%=nO<<~{EmjItO9 z{opc7;NpjLMttTQc@cym(%wRQ(d3DB$4NKfxxp@hw^QSF^_Tvac>&^<(&xOeS({c+lz0JAkN-c?X|HIj>|jUdC;c=!A&j#JV#Uw83) z#Eb+qRMITuNLUqP@u}oWk)5BM$ZuNk-%Wim&Gb2S?}|kmyuQgf$d}QK&L+=m(T;ru zbCQ(~0`rY<)8)D7m2eaKuvn0dTa{i=GnRLEub3kA_{X(|Qa~f?YX~sI@%trjiO_G4 zd}I3tXB~zlgTJ5X_MLD1x0l~okL1erLh6d!dw$m)^iAb4c*PV01O2BGOd5`u~| z3WCXD&h2MizLZmv{CKU{$YpUduQ=5KvQ)IiZ&Hu9$yJ-e7vcsv7y+#_kh|cUuwi44 z!IU}S{(>NQw_M|$rzBIG+)YCsTMDzqomMU zKF`W|PV%LBt}CANUZK*GYovg*TbX4c#dnr#t_dm7f;)0THtAN>Hjn@rd(JRx;r}}o zE$mMiHE(iF&p>YIo?8>Hihl+-STK<%(Mr$|--f&BFOWJHHNkNjau}TJ6(3=_8ca-wHeoOJ3fl9>Gd#(cBfQ|P5kVcH!zLc1cQvCvQ=^gv?%GN9R^?*%eMD-I8tTKRK~ zbKVhGD;Oxd*kZG~-44#E*|pIz{j$}r7=HU&fM$HrhwJWCgWdi&rTxULtSEJy3!FA@ zr!!nzs%=#Az+O=j*x%u`@n`3(B^S30lkVyQuU z>nfDcvE%crkjUmgd-@^IgkL@zjwt8oHb*=XMlKRJ#`~Sesv9>s1&F=jAhKiYkgwn3 z$<)Ngq?fL(H~$WQjQEEqkynnCeKzibBwVT`wl<2ljRJ4ntMb-bQ`GXGOuj0Ex=Zx* zw*rTG<=ur^T`^6|#S0Xh*1GgWm1cOtB$lhr#+hX?O5U?_!>M=7JXW*2S5gNAcC|dY zDEd=92$z|pq|2-K4>M57UN-?KKCZAE9>C=h}rRz-!vT_`{QU_Nvt+MkW7kPfD?%7+d z8czi8Eg@W%N1v3aYFNtZ77EtEko`w=#(J_@ea$lXt-XqYpM*PMj zymNq^eP&*78!Pl~K7bl6R&_=TO?zHA2`I~_Pb!4RdTRd3@OJv5f6SyZW1tC@h(8tc zsl4x~UcEOz!+Dk$C_3RA?p#%E6=;6Rof|Sw5!@>(4P5vk!7oiA8-7G<*jmLIn>$zC zos@j4T~nCdoc`65T3ouNCuA@j0flUDf91~DE!#<)06rvNFP1kv5e{7;Wqo|X3lBjv)wF1uOg`(o~tdKbh#E(apoSZ728A*N0)QiuIL z=7*NqNYS>4+{0$RuV3#TO36r*%{lH%#`|QIhY}JyqdJZX2MO6KU zCegp=23%JDE8gADd9P6f>Pa)5z*ifxv(>&XytO93>*<}^H`eer-uZfZ0l)jAV8DRP zj<(Qnw<>GxtV+&~)9|)bvxZ6Wwtm;bO#$u)Z<6LoO<-ZT-LgDxBSkg$LX{SANShAR zW2tAc?+&2z+gJ2H&kJa98G!gFDw#GsHz|tK=gm|@4(xw7b$w`Os_OUj*=>0Js&nB% zegV&@ri{Oxf!MH8v5o^j{M@9TU$ZZ{oXJ?W=_Os4)t_!9hJ_0nro-H8t58Wbv|{r4 zoyNLS|ACO}VuOwTy!Q$XOCO{`xB8k}>qSQk$d7#8EIpAY)$0V@3#t)PfcKn=2h>Cz z=EluY{y>MVbL2zt`6)HUpq-ka{P1(TUbP3%lkwxcKAKh46 zyGXH|-@$)m>60Rye4gHgLr)gyg~8a7+zWg_2{4941Yz0==1hjG@Q5?;CU z+OJC{-=3@`js*`O()b!B&%2td>xi$Ee$^$w$&Vs8gBJCvi=C=9wYt3=R>{S2lT*j4 zw3-k(`=IfmrdFg%&Go>sCfyfQ#|0mq@2>fesb_~LbtdM1a_TRd z&@1+@8swLnn0O;S+QrvY>d&rT$-t-64LBv56uR7u+!2T=Y&DV1Pz=gSJQCInfH?@k zWX2COhxDSZSB%7tt|TvRVZ5ZBJyT8*aE2Qc`I$> zI)q)#cln{6j;rg*QhhUvx2#ZV-lWDI zl2|rHS(r|twX|!HotQOuNmL+cyY4Z;u~+nQ{lD!*!~s1T@P8n zKm0-0?zKHDA#+pQZT$jg@HPE0$cm8KG_dq1l=cpyJ>d0NCzTqa2v8FS4R&<*$ zIS|eh0#`||DRv=DR>q^*qmFP+Bs#5uWru&b$SH~m)r%@}9MD0)`Xd@tg&Y4wx?06c zxrx@^s7{DJODx>#amAO9<95)5f~pN7wk<@krLFNBh4^Ix$NHXqGK^gkXKN)@DX3?> zf6%NF6hb)|6Zfip*?tVRa5sJn#~#VGVLq*9V{ z+w_1(D8D_CFQDSMjz#>`v5*njrf1`3{X*WEM?EZHIrw(yqHP#X?V7lzaqzQJN^q@S z&g#|?^4Fuji@oNxYDzRbe+Rd(lQZ=-oosgv4h!z zQ;R`sO{O0Or^bH}eG8NorjVlyeO3|ChJH?qR6d*KBC*1Kw3DC+i!;w&Ih2Y8Wcpo8 z`EuEv+}?GUHLmzsPo=d>;Blkc4>UdnOQLm^XBgof77|gTZcYI zO1-%KSBjwJ(;1_Y(Nh#;t~5>Dn7-d2;b!!3xu%dPCx|an6&rkwIFtf&rIeV#?&(+{ z06nMbQ#>c5WywH(SL@KZUvQw&KxI}@os`O~#Qf0BA*{VnKwWWj(l0xb6L)bD2sWCZ z*+ki&ME|&jKU5q=+g8Ih$Eq)K%{Fu#Kf&7_um+w(@C-DgqMzZQlXT`1@O1M<$X!rb zAx|-wCa@>$K{#w;6?xNSTwqBmP1_f!LxVMkQ(?tr;OTGg>4TNj#Wnj&q6oe+QQG3k zeVs9F8nUE0t7{W_;@o|;FtWgc9;xGTkK{U4A^lCI> z`v>NFs%!1={KTY6Z8KhqnZA<7T*R;=Uea+xx#nljb=T!bRj8HG>h=`kl8_}hD4|K< zupDxbQ%z>Sx7ZtnGqo!Y&L)U*YBhgJDaQ81I8KP4pc)t?nq$559zMX7^mm|tew)(X z`~&i{39AfxWe~HF@p1+i3y>vVl{k}KfthGda39si?WXwbRQ@pLU$siJQ)6a`;&NUj z?F%X@))jD21is;F9Jm|_>QT;ab4y#SChsx|gbjmAb=FrRV~9tIQr(~b)E2h=K3yZXd4mO8SRbBz{$+-F0k@W;b$NTvfge8}y_Xc;qk@-q&=#r~o6zTV~Q~;H0I{ zyiBV8{#ytgZ84!1MVVNO%k;xd@oF~6?Px)3%H~tEXeST(ss^ZM0}>WIW|m@=@#NR^ z5RWOW(&W@lN+v`*G@~?zs~jRB)cn%J{^@u4X`doBKXC#VgVwY$nDQ*E`{w7KWwx}F zX)>assc8bC_4!gd5>ts=J=1WOYnip1QB0JBg@yfImD?jjWg&&}M8})!Z@A66ceS$# z$X@nzax6}(T{eU_l>5a;s1$C)$dKe7@tvA);@d}FD$n#JFgQ*>whUUNxXH} zX%wOdX~~)C=FfvQi)H2q)Wo7akS*pvjmQJc7@W7)aQ0fMUynuRxyj32+)^E0OBXQ# zB}L|68id@DOvPu2*7%y?1|jD!I^zdzS;P<(e|N2gfshH>i?ErrqwCY?BP~;V7)S3; zsEy+dEZgc}9V$CLv0U3EV6S&Sx7?+_e&?6NcY>z*?TFGu-_%h4}f!FgHzPqT1m-;vM3nbY(IpaKJ`8 z8^AAK`6mJR)1!F&>i6EkW8xE%)|py$Uj)md%*``TaG5P#u;_CLNmEzCD(IcF;o3DXK*xj0XvXPAj|NXZYw7IgNAd^=P$E zLK99dU|@C#cgtN31YBy=^9FV&1MB_VP)=eX0_;}iam01HaVO;vi^TZ!Gun8fwE{U_ zW)SIbo9>>q(Az&EhRT5ekE<34c_RzfKVq)e8rCy5a;DU-rNXTG9vToIVD=Q>a%)@_BdWaP-(oH%*JJdnCn6yUifP5Va zE#){LLGGS$(};AQ!fg|pPlwKYn`%LZzRLz72G^1X3SXSHUzZsWipK8v-~U%n-|Xo9)=TM{hgAf#4?xI++#Eq|3B;b#`NsZ+TyfQ ze}mf`Vbunh$p_CBb3(0pLX%c^IKRul8CGo*<=@=|5tv_9b0hTp9H!%skhdCco!yqM zIgg!foz_M4g`Bm@AN_f*hR7S%^`jY71R{(%?N#sbguVw%n9qHnQXL;TI$oW8j4iG! zW7hZiGD` zg$pi=h#n!Y$ewU_`c0#CZ>K*4wv8p=EDOvjTYW-M;8FG%+G(`dU1}(oww6RM%dYH* zlWA%nr3B+mGnJ&(g(vZOr;Ni7tSfP2WpxAt%4nKUt@!C(Wvu0*l*!i7Ta!!LHsDz& zRQfH*N%spCuEWpT00*FxN84@*r^8a*JV1Mp%3IeBAa0>aNA)PDE55GD`jlo zP5iCZPq$LiPO-UWh3s`iwT+6xm5+#&mw#iNnr$n~I307u&!4l*u^gzb$1AT%;KfLsXH}}n8EYV@j1ngI(~gT?Z!r2{ z*!jag)NLnc^1Ctlk>e_S?^S)Y>Dq(hkccp@o|74%5i=D+!Zmlbw1td~3c%01sMaWv z$%hf5^@2y@Zu73WqkgNHt;}4T9rh1Vw#r zx_QUd!5sns9>G;1Kde=9X9+~^vgl7-ven2stu43$slt`)$DjTR!sH;du{_{r|wI3I9u znCKA-P>UPs0AfT9oQ;xGLpkMAT|xNZ^05$$+}Vg=(ZF@{Opo!h2zN)9JPlwRFr%o@ z-?FTV^0VVOWQ34~HY$BbFI-tHp{jCXFP9G&vK6dyqgTqc>adV(0yv;Mz!L!-x=2_( z4y-ZCJj#Yaf&M|jAmxL^UJk{l4g{nIP+45R)nPniuo(Wb1bLTWXIs)SB;}i^=;@!I zaqe^8Dq&5*&xN3UiGxG(If~G{dcE_Ci)Wqf$TutWN)ejGAx8pFJ6?c_epkk1cgfqv z8vj}~m@x@TMowl&ISuoPPjT>AUCr9@cS$G_;7%g>MADn)I6Aqc|pzFNN&E<2F7_8v<4Ee9hFgC3}?8fE?@FF{qWv zMvYU9-7qV4PqmRnTKpaoyEEgZlaB0sLa^J>@Z!j=BKoVx(w+Jjv!ou+^@bjdFyZjE z`FH%Mip~O+ReMD5OgdyYg@r70=txz1E6==_=75D=&SGY-DS-|g?|2sGvDkOCsfJ70 zse3Tly^#=tms6CtX?%(1;CY|w)KP9`j`U7op_23$R?Q}po3F{o=(YlP_*?@(*U7I~ zi~5G-@e@s`+Td*NKJ&Z>tYcYy85omphnGQqX4Z!-$K5Sj<%=F0rrpKU(~&9x_$OU+ z$~nY+tBr%p(7m>Zy(YycLU>4g?^OGlgRRv&aaTvio9>ak>KjV0Oe09( z^@q}YV@e(qXQi<;$WLE#NLUu(V2rOxXMN8C7j}rctL)HE-Kl771|)5*@^I}XqlYUt zD!Mt)7bvSlh$~G^CmsGYAc$(_izEmbW~cOr-VU-f+=%*6AbT|ZD&TMYU~~cDNz+#M z^#Fl=yvI)JGKC8bIz4@;(;cE|DDo<+s-d{k_xg4j{X`=-#ea#>-&ac^h3x<;K%8A1eHQ_JE8AN(H9;D#Qdht#zC6(A|BFJ0`di`Arhor1`BMDKb6N*!XD@2_pEw8x){ z6N=ElM7@s!T27i3@;=z9qu24zPT0lOp-il=#>lxjk|)V}|noSC>du;7CkXMCXc z?VT%Q4@K^Ei&JZdE@!XrU0`P95-XbE1* z-jEfeUz`uw4X1pZ?7|}A`O!D)^a_IL1yNr>jDdY$ zkVQC3^@rf?5s2@41sj@~6taF8?_7F;n!ff>TyUknD`nny>d`e)dfkQRy^?n%$BRgC zaqi%{HvCYDscN4x2Da~qeX*(xEz5{6)R>iY9Amd_^d8l62-_aVR9JNti-&mdqc_vipaDYuBvACy`TfG-gb@^4f8S9SO%Ilkg+x$H+o>u4Q=RX3{?~eT?5D`GOq>2JZDnO{D zppP*R<*4Mvif-w)!$IX=RurU|M>r8?w0Zc4J1R&Qyq!MN`e@IlJmCc_T&M8rkoulq zkl|`}t4o*6$ebtIZ>+>i8BS2%{tTEzdE)BTFn_+4lT}NJ^C{CtM>MVl)~4iY!-8n+cx&Dx@ zu=MFY*N~Ab2d6TwIR{lDGjOA|N_AFHOM(nU9@Bo+78>uH&!akS2d5Zf-m?PsEUSig z!O{f(DX^C7>{RhI`Mo4P?h4z1YH2o&+_A|4{D{v_ik?tTtWYpRDx(tjWu|1@D5H%Bx)67>Ht_HCme*}@gy`7DVn&l+eO zRzA{mv3yPgP8?Gy1zke_NtvckRTOcu=w0`YF{W8qh>++aKqVm3!|BthNqI~E9c=^3 zX0e2zHwu}h{J$2>-%8S^*O^Kt6oYFb*9I#$$H=kCv;_rGnt>LgG(%gtcj)I%A(1u^ zTzIN1=+gBpSltxcsG++XraaT!td?hfCvlS|%k%0}vw`%+;+a6}r91YG=@8w>K6YiT zTG|q9e+Lcjs*X84m##3y_$B1Z#fJ^1P>&CoTMs;QErUI+_YMmVWh_<58kjN#))$v9 zjZ&j2=7`C*DPF@-;`XB&l^tbR%ECF`g8Br9(w>6S@J~KN1>6Of$@@zmOX|Yd0f9w2 zIs^#EC~AJcu{7cM^CS~Y*RWh^U#Z;_WRkPO+270Y!sqxI(#WnMvD99z>taX0Iyths zd~2NEp*kVI=KRqqys6?wk6o=%_LaOM2co7~&|9qj^NLVpjKT5N3XD*7$|=eR!~OlM z9DsBFCkSeF>ArPgHSwilNN^ZOB zEs|(>H*-4n6um}b)NevuwQFV7TE^8SqgFe0j7D3~`?rHjCYYh5XqT2>;&Xel@GVKVCCKtvR6%3v)eSlv6L=#j0*d=BZToxusk_Z3B|w;Vya2 zwrVZ@X)qPBM%4?ksFFI!GJ&{|8ZqlSL;iaiQZI|VNZic@*Bc(|^jB6=k^ovcAlcZ8 zM%#|XjQs?KcEFXiSM88BtmmTCr`7S+zeHj!gDkG&)$@)h>#*OqpCMOblz$LcP2Zq= z)t1TMUzqV*je)Wn1=Hk9^K{e|y!X7j*LF%0p#~V`nd%WLWsvwXz+p%G3satO?Vz+i zVK!2f;yh}Qa|^{L0&8P)I};N30UkmMK-NboCSNH(droTCui3TpB|-Agk01CD`K?Pp zSd5V+@SLfN`aa5EizwVb)Q0ctah_K%UJAyKUMtwV_`OOPw(#)yj_zy0$Q1(r{F~qJ z8X2dPy7EqH205n;3@+IF?eE;yLezQhxA!!b5x%n;jv%8Xq`@DIf9)IDaWvvF;=|ut zBU5&q906{n3-Owm=&T@s(MOnlLfogI#Kkxhq)-}*@v$^mrSuuan1C+r=7%5`Wk1?} z^3Jcnqr78;2 zrFT$}PC$AIAtEBuEi~!9L#Uwy2uhQV^b&{=dI>!tg>bj{oaa5o+7Z?qyCFBKI+Ia0{BmGw*Xe_pob2G`dhH3=#@r(+%RHQYfl7E;eZ?rxjFIMv zSM3#=H95t5L2Na@z&ZN`y1sY6Z_a%EOZDWYeZfMYab<6*sX!@O4sRw`s z`LLGTL>5qMWuL61KliJie19um#J5icl_Glk-yQ@Oz=8mHV$1zd?4Rwxe>Cjd;gbNo zllDIItCLlJu(<#G7Km{5vVY?VkS_o>y~mztoa_0;*!(tn+R2zEoO3{3fo_l{riCbofq}*jz75Es~v?h3Bp zp5-7(=8ogX2>(T|LmD|HY$2ke&2F0P&0T+Q?@uBbF9OJ4H5`q&XVz=cmgTX{#BZE1 zD)6qZZ768YlIuDoJ(U@vHa@j9n=HCI!?h8+9t$-{9eTPjvyWv1f!%6uWc&}9Wz(}Xa)a2z`_n7w@28XT_1)SIDL2s}ra&xED$P1HmdXFEcS5`_Z zgFd$%V8L*8kN z3mIODTLHPm8}d94N2_XOjl<@1I@cN8-KqJ$@odj5R?Q{$EgI_FyPRY1C%bU60Pdq9 zSZ(=o109>Qz;eT8v6g}xd~_s^ZqawfG4`%x6Op5*WNSga+cyYR`It&4+KPN9e3AU} z4}f?{v@TBe50E(F?PRq&N>r%Cg45WvnhGd07w%%SdWN`1NplsptL z=DtewkHtl+yE>R8Hz^7aJ6?-KZMuz%X1AZ9hK=v&s+{rVF@R?qA>7zop3oopmDWEG zIpQ&EZ*&kEn|68-T_1QT4+tu6&3v+dTG$*C|Ljv?c`dk17X4MGZh%VAV&0HY=gbpa zCLyd-<-jvo^7%n1ao1{lcf`lM(?_~p(yhBcv^QKVgX`+(M015sxN(jGIh>vrQgV;L zvh2$Ah~zA2tyFykQF78$toaS&cI(Rp1(PSBI@GEl=dKOnq~ysm{NSTHR5{o1!j!fF zjHy!Cmw zs8}x^;emS8S^lJAHyI&7nHU@BzdyNPhV8LQ+9NcArP`yq2YC$j(|v)J4o180BWlT< z%55ln$gkHX0b2?zp18&1%w)Wo>R|Mk0rtvb!q38X*>n5Df)L2LgmMd7cCIF~HFmr7 z@M&eRLik<=f_cUK!zH>gER+3EFy3tw@BCGh_7rpB&;;Q@4jmg;v8{=#m-)w&qwYF3 zFm2$L+9ZBGRsY8Sh--LlSLvs>6!dPRs|4dP(sFwlIFG7*!j{b_OLtq;VZyYDt*}}Q--o^MY4ngJg zcdJm-#ah0Q{|M}6a2T~ZD_z7moFz{ex+tX6Cv2~iL*)(%w6*A7;xRFe@c3AkOLl%& z(?Cn&Hfq;7HW3k}zr7+l?ovm$d{kRV+(dp(*VTTeIba8c(HVN>pOXPBJR!7vY@?JA znSudO&If>UMs1MBnswcQEiJrs(UQZ{ZVn1axWLEGkD?cAlb2sToS7;qMt^23mTl#I z#x`Y;9QY?o_E)d}qCN*W3CtisM?6#h<#trYY3)z39$!D%DyCga%e^d`o3dioJyXDW z9hdmj01{=80aMo@Adohgb9*5jTBAc{p9QJ&R(5$!`kFg53xTQSEg9kL9OXX4wN|c- z?ylUNV6LTFN-E=P{8E_n>pR@*ubJFBq^TX}^oLivf`3+x_4^7;z~%aCJbqz`9h`aS z&}*Ed?ShyJ*N8CCt-@TJp^Oi7$Z|Gka&(zc3MKS}pB49PmCqarLfqucR}f0~&y_7t zF=#+1q3eQ=r0B(d{Af^z#?7eOe)LcKWU9~i8!vhhjYjg;z=~ASSUeYWl>v%)&ljRY zR>eemc$Q4vXN;_TH>#GaXa!PymR}B^TX@YFX|tVl^GcY?AmP)2*Es7{MJ~wfe#O`? z_?z_}SbdgYyh6VXv8p+@Y+bS7erDivMaj%2Az}|-9!o$>D(qqC3yQoeTHg5fMz;%y zLyF<6JdZzRRmH~PUI0-|RfGMbn=ER&I|g-dHwRN*hHSN=MsEC!%V{QYUB4B}-k092 z!(|uxalfR?#>SAj7=oPKR86tNK zWHd1vw!)&5aQJS@+%53IqVAC1avY|Xi)+og2_?XT;>K=+w^&R9W7^}fD40-T_a zNM8`k_B;n`Ktw%dCw}eRAj8S0esV=Rwk#!zS!2ut@wOG*?sLYG&5b#bfX#BRj^{jQ zo@Md}3fs7Juf$R|TtdA^T+hP}>uA{xG<{-C7u(DIqFp_Qy%6f@RM@ObzZ~_d{Vu1| z?&~0iZ)|~!WB2vREywI^YuLJ={l*1ZPb~ik{WGd~?E(StAD+AV@ZN8>ms#j;pM!Fb z?EJI>_zy9c2<;IcO?CARWY$z5OSCgD&-Ou8VMRx!hQ+jzYk58c3qo4Xr^mv*qe33_Tu{I{ZFZyjKvfRLJ#ONeQ% zl%VIFMK?{DsDxd25p@P>H?-|d#6&C=u~nyjmKOih zyS^-S0NSSBV{kh9FOcub^OHa-G4UYXM~#2oK7#i90$-FWMEC#x>e&bVq&w4x|Bc>n z>2y2uY2jOGEW3|7NZAFF@wM)w)lO9$-j8Nv)O9j z{OOE)Vg+scvs78eox3HTress88R;&<(T*)l>}BuWfn{a-)h; zX7@n3tq$KSx5#Gu4k^+|_vfy(<_}VzPrpLQ9dEJ!*I{{fkhjwH>HPI@adi;=;{9II zD$>Mxw&UxaZgGr1QqC$gj)kC97G4Gu<8^7@$AHz5@*&75b zKy%r4^jv*uKqrlOJfuaZ<8x+>FqgENATtIB)&5qUojo5D9^5u=rqXfXPZIeTE%Mb+ zeX^8<)4Zws^EtKD>TE}7Gtsj_S|Z?B;loA zByB*Mq_VS*qwi~D!iNplCKhON>BWm2m_ZeWw>?GPwO|ZO(iUZ&JK}O3XMVynvlx3! z@NpKCqScgWcz^s7ci1JA=w1Q7-wPCY`{-yfUq0nG1Cu*xJmw1aOfWojfUDA05QerI zNOBfv?h+Pzwj@%jv}7Ko_9^lJu;e|d!KAOcthe8GszE35g(~(EV#vrn!B9j$uIWe~ z?YdxdDxkD>fZ9eg!(uXNrY zurS`)sfGJ!=U=KyvTe3xu?jy@<(R^&<@~Lu;OVM6?BrpDTjSCbcEw5p%hkb-Gru--aGd#!G!oFoK?AJ{!H-R>vT%zHy+fglQ5*O60pG|@N%QOZp-sp&4X}=QJJ$A0_#~F zndd4)as%O3@j9UhH+!xHzjEqv{3G;vEOX9f(yy0VU%r3kzRWRq^|7}~>s>m7^S!8p z1?2n(wLo7!GpCl;&z=KK%yPM1FPm|Xj>L~|5*^B1mwd_#E-Vw>PhOH)D)CNQ&Q}$bTFc2?^T3n#`a?D(+P1dFfV^;_p_W1F%qIDh{b&ZA)#7$%JANKg z8xd72V`Joq+6X<}-CJo=&bQ~0EzGh^kwxl7WmUY^{l>f!PE8fm-j5+r3&3<3%N^Wi zQ>wGK-RNHXPzZD7g`=)ai25?m&Dn_yt-R6_%)xmm3C-UUqN3cyU!QXeG4o^(V0uIS zYgNrkmY(lubt5`j5-~Y19mtUd0et5&Hi5l}b+d`6W7?<58Cn(9#$B3YaOJ#}!f%X> zuOwjFtiCK`pGw;A8br!D?ab44c9j);didXHOv|*|^Uz zDd6S>D>m{)luw>;^XrUd1vd9uwD9KT)cAxKO8iEs*1=c3Zt|}{E|JZQKCJs1W;330 zTdiAeaRs)xX*kAh;0F^tmD9Eu6BDxm$+Htb%8k0vt{f{MdQ^hNC>ls=Ca{2iy+v6+ z$6Bo$bT{-|&6RQ`gu72J=PH7lrn-jkPREbUJ$&dfmF67O;_AX4=USNL7Q5v_SA>v4 zA=}F3xb2i?3oYR;CnS3Ii~OQ~Eeo#vknpxYCSR;juRVoW{pZpy7h^{=Om>Oogs zUE-U^huO%}ZFOpWQu!xL=p3W!n9(VzNoxhw<&Zm7CyjLqmZFS7UE70NHrnhg)D>(EoYd=}ecR^OX)NlGP3Hs>eXtWM_L6H6#1$igfR7*?tI4?+e3}UZ0r3~ zm=p;xq^(xt)6TGY8ArW{_Zm|JeO!S7ugVP+!tcYx<9UZv&PIqgL zc9uhD?dP%GnefxQ9!e9`%;LJ?;u~+O-B!H5*cj>*lcs|C7Ad4vDK@j591XmkiTiSc zXY*>jsIvgzfMcukKWtB$sAYfPT{!$_VfhU^o@C@&8hdRCDc+uJ;KTQQWI#}(IMH00h8 z6&o=hKJEn%({Yc}6HSK;Eq^i4ffO#+#}Wu6!NFa-JS&MASdwO$6p!(tbK@sy^M>|X zbNVddz)iv{9-f-*<1g zfADsGf17zvT1Jv&Xqkb``v|P_a5NX%-Hh7RU#vb^MkO{+feEe?wx9OhqKk&WEDHE~ z5_E*9Y`sz?D|5$VV(2?#_+@w>xh9Rlw{=b<>W6kK>-+ud?Z+~e<6K%@lF?ti!7WAnI1rUjH3@OpIu zM!{jC5<9zk`%PSrQ{O9C>HnIQ<2-w28?9~HT|Tbi^X;RN!D80~?zn=oO1+dk6BP~A zB(M-trHuq%92Z`-O0Se2W&mk$=@_51^O_;RZx^(yHgvbzdW0P{9C@5Jfr34RjulK} zKb;j)IfSixKt~ppLy`=NWo!4$lgIi57Uq;)EfwO5&JH2h!OE>L1_QigR%2$7q~}Gt z!Rj^?ow3Kg@8aOLvY}&!m>W-oQV0{89oPZ?Ec-Sy;e=8uukazKcAg547FUh?h!;bl z85;R*^06ud6WtM72j*X(MMdHcn3+aav3i}FA3U&5}C{0wOr znRAVS>n>M*S^46dIzF{^VIdx;M(ZGZk2f3Na>0AQ4SB<+U_52zsGWWhbdcioL1TRU z#Pt&%Mv32|u6JHAe8Cv+Cd$vR#_R1C*<{Z!+Z@UW9%u^Kw3`Sjy-Rj~g$QtHW(G2i z@4rW0H|SnI{ad!`zqyv@mk);te3KY`F6?0g#$&g0gU3Y-W5#;w9zQk`bST;__9)P& z_PH5$|DXHxyKvO29Y369<3?M9^{j2#yi{X9Y(Hv_cdiL%RFJJ?%>A@q>HI6}B4T~y z<$+asv3fJ{Tfmk9rR zRqx^bEN82_AX0~cgRrGv{C42r|6JTPl6I=-lc#<3=i7gI(6@{3Eo#MEgZ12B-~ZEt z$$dv|xQiud`u@-N|MdTV+L-q~&^q2Ftaa^=g#7)%|0V4Y<8=J&{~@m7R=3W5mkwWJ z-p58pOngYPQw@cWvO0v`f`>3`L}wNBY@~=s`%4f=@~mx z(rAy9TI`}ExjMKH`24AV|07wCgAO*;+_P-5*PrcruXzTLlK0X=rbGAtQAEESzANT% zrE01An)C~4_LDI|RpAO6GR3Wmw0n@8UxSbgptPx_NC{6z$PC$3(p8WSVxasNX{ zf4t1$2uSm}Rq4s|SEQd<9ya!v^iL4AgR%5!U`ChDa^3i$a14jZ-aXP!{rBH-`S_xH zj5kf|*1iJFI{_cyW!FCNYjwaGN;|oCpN{;C0{@k0-tU^~WJ>$>R+PJNWg!FcfcXoM5{RZ&e-x>CVe_WP?Zj;)w<^6SsFe=sjj)0FOh><3X@z8adix>9CmBZXu z#{?qiLmETF$6i&`u7K8G3)iHKn^oIeqO&hQruCzKlkI6|)Sn)d`}$01?$-7DP-iV5 z=kfl#^d-}s>~Ct0UNm(k-X2&pqYfRVOA2zOhP|<6E(~0XQVPr69c3HowbR*j?{xE& z`N0nt4nTgdzB}~2$H`eI^Q)h_okDC^(;M%+e!h-qh)Xo2G1(p6$d*rYyT*lym+zaZ z(a24mt&5uqmg;PB+#PHgwOmSFj40;EHFi4oeU4P4o8c$+-I@B_cWfrkU~_F_XY?g4 zfw6H$E-cJC30bu3aBZ#|IMm=fTZZw6&xo(pTk(AYZ+(?>H!~I9k>6p%-s`;K1?Frw-Y6e#)y}kF6>;mLtGpwp3NvjqLW1| z$xRFH_L!$60@nVbiVhDgVT31O*Ye@K+tiQF8U!aF>{Y0ngVGvdrmZW z9*xdw5@nao*S#e+n1O&-NomR%byg31cMQ|-`A({Bu9Z~!Oy<(xd1@LWe@7ffY~C*B zh4_k8*n4_kWp%5F_fS!)^Y*^1Q_58+zy0j`YaXCMVDyAf#=DJLzhiYY;2nY6nW*Y5 zp8Vj^zndffV7FJN_Gow@cb)ikw#@Fma;X|lZL$zu9JBF-QVr7z)A^Vfacl4XT~jT) z;c8K*a_hrue9_bA5ouEVqHI1p{n-=WvR<&IYVS)~G?kra#+omJ2a;H)yLU-Xtq%I^ zj!gj{mee<^oAe&OWMT)7z{;T8&LRA!KFfd5P#2ye2yhMm$27a#d@^m{A{+MIl>0Js z+}ha^Si}{?O;J_ALPXt9hdf<74WuY|toiV=o7E)Y2TQ{=4 zPGX>GQ@zB}&?{%@I;t73#tmt7tJJJ3zRgs6Rhw)F3L%UYJ1%hgiHWxy*dM$X(yyiq z^Y&FzLH$Z}rePt&HlcD&CnxWN85><<<|{{D$WrCh+E;$!S{qQ8;3EnW89Dhw z`;HwcIlQXKR~xaXp@hRNTg;j^MI+C)+m@)^Gc&7C8f?~B(w1Er+>(C%nXVxhniQN8 zpw*Z;CnO+{F||X5nf=&cy6uN=3a?9$CHjCLckHy-niVA-VF=0pu4I6V|Kj7!t6FLt zq8cuc3znGrmV1w%JfB-82vMt^TrGQV(Z6VQi5SR;8GTCKv8#V4~i~_1~ zLQhPEohhve;SC6&4DyDN4r#{d@#UDdT(y?o;eNoFE;W9v$W zK%6$F@S?42vDYWT;wgU$zZa@egq>6g$&tK=nv!<-fh2q{9+btxe_N0G?n}Jj(r8H@ zdyZ9Mj>1ZNZ$q5_Lu*a@pxV7}mCyT=D;L0}m=9=MJ4J}G(60VSvqMyq6Su~tNV%}k zOG#gv1S|N0Y&SHNBU`?hl`bSK0q5S`9AMa&f%$}k$Cy2yblZ7&;+*gI!5p+2FJW35 z+m5tjoRbVE=$&zQWMq6AKIo>92|mf85?P`cE} zZL9uidQ@}wS;8Um4_M_DD80)LTF+BgW;CKPlLSA_uk(_>84FRygnd@J)F~xf>R$d8 znR|QCdo^<_i?a6heAg|T3bn2ulv!yc=fmM{;5hKgcVVKw=rI+@KK1In%Dfs4t}*6z zGLW{odPZ!yh}nE##&KY#H*_>8d-%gw_}Jn#eAa08JbJA^nc0%#%D&PURUGlbBhXD_ z6F4|;9$eAKz7?98HTN6NVZ-kee0x2E3KrO=HrG@nJY%|Dp_ADnuGu^t=MY9Sa{aeH z^$J$H@)_{X<^zZtg>B!vODH5ON;+)vC?Vyt7Rq8Fvu-^bhQyi`u=K--)uB(mZUE2& z?Atlo`Q;klcL-LmtHzH;h3OVFf$qrIDpC-J4u2bbr;2Wwb=Kn*uQ)50el zZNUcKDb*58qyzxBWr-`)7XKQIG|id{(WH{2xmH($;@o+p+*4@&t-Bs`58#{_tVx*5i+`QA#=| zA^>U-e9woU2CPt8jXW$=L-VNO@~wUll6>fZ6pPDm&xH4znm>FXsUqP;_VN8cdz68$ zjUR^T|B~k8%Rw)uv4vKm`}+Iy?tiCq{04x(l-F{9$)^|fg#gvqpr~Ubj={h01z`5e zh~o-CCdpl+_WOtHCArrc&#Nw%g8FX#6Vb_}!y%{@NwDBAhgJGX){zj@xHZ=?z=S@T zJ3K+bRji_X!~O$#|K3fUwXYltq)cPXa@s!2i7Vu9BJiiNGP({hL$FZc*UXU4I{66e z#+CK?@6G-3PLCikPDYqq&423hkEUI6U;O`vH0iA4H9J$m@BXUWf7F;8?nZ|IMVe1J z2&>sp@Wz!Ug?2-*&g+YLFgI`na5jNbMa$z;SMUmjMf!9D-2gUSH)_C5y&ESHr|}j| zk!UXwQv+TGvx)7PMW+QaXnRi32)+Hjni3K=I`WlL82o}Md3FFmS(6btu z%7IB_-VFCXT>Hr}gw&S{_kt|fjZ|f4)Eq)lP}C(lBX7$K8oh{%CcJgvuMdm2a+a4f zmk`=*#-i2o=rVm1Z0q!MHSsF&*@BDK*Y{b%aZ;Rs@plB~j_D-t1RK=;Cv}y;RkYBm zD>6eCflgs5VPiR8Ietj)mV)mt*gQ`#7La4sD?M4NNtNr(jNk|9T3TA`h3>W7K9tR* zIZUg4yxUx_6jz$~k;jtL5Pm4m+HroY7eQVdFROKMmmSn~-&Wn@%*E_fl8p{sPn2KZ zUSdQr>Z5&fJV^u5<1V$u@WfK>8y?12S zEMB@YV!EJ}cM{v#-InBqCDwyuz)y)69TlXLpp*GKtr~GugH@H5vytn5axB4OFvN`& zItnF6W6sY}3q+vjzR-Bra2-x3_}jY4O_eJ%xO8J?wL$>)vG z+bdZ|UuiO- z)Y{j?am^;~@`#HB927=E3g)GBC|dA_W|>$!Jr5q3^AQ)$M8#$X^76(ptGIT7Zoe0z zlX`Sfk%gzfme8tuxAd#UAQN7AIQ?lKzk3_mqjFwiCh_$`ad6XIqCAAZSl%Sx8mled z#l6p`;XA%EQ)P}i&E&W&Ik%*$5zCoG+U4(96L5aXf%PeJ370i2I>Q&{GF4HZqjO`I z;R-*D$1*D*)3t{S7=UM&!|DeM46c*5J!7MQR1}7=GFm6r~-$B-F$>0`3CDN zv!3K^4!be(yz11X!2Ru)rLQl*pP9W$3=xA$-I$&5Ht5(z9m7nnb_DtR->}*CqcUp? zb#Gozif68XY{FwGIWlJJTZ&VZMK-;q*Tf+1I82v(bmQkFStSLeAzzFXx5}88suFUi zjjeTbs(2d~aE5_?fEx8t)yC2wv2L#`dxEG--uimqRw%0xe~|Yf#fhGK7`=fZMpo$>OhTFpcyvl64(qWI%)p`@XkdIibnSl6C4* zj77#q;284<$dAFy15#QDeO&_ZYgpO$W)677Jh~}e{)3m@OW`;nB6JTAbuaZ#aMjPWrdc@iJZh{!1PgI& zMV|=?-CKVq9xZmGi%jxWBYiVd_R(5l)bVlliue3Xqo$|EEEiJ8kpW@}11DzhnZvOk zlNu!qNX@UPFPm6BR>1jivx3o%YVjVAi$nErgpSG;DwdGzM>U&iRz;-PY9*$kZTIeg zx|@*ROO$MJcP~Si=5@6Z*zGWAcY4fo!^Wwkffl2i84I@9g*`f{og`m=$oiHD&#n_> zzW%D?r{%G!+TFxp&jmf?i1Qn?+%tTNh0rKBq2uSe?4;q_2boDQp$g-SK$~r8qzY zEPW>7l~-x^trp1@2CaHhjh&B6WzpE*@?lQ!s}#SPpFb(*QN7T633Xe5;kLvb#KYt4%hsgkU- zCfkWIp6fLp8u=vUoU@|dLOz9s=ExuveHNyoyCiLS&`e*Xy&>l3npI#AQ1us?mqF_ z*`-hAf=9|3Z8%uy{d({5L0#-SpnEiGIy!VS5cP!9juxCtOwlsOvfh10dvZ~n4H!!n_i{ow zSM#a8zc@lLUFE8BMheG;kEg#{=TjF8GK;uQ6vo=Bsp8-`bno$bM;V55HC0(GwvSF# zI8`eD6q#J<@qJzIgoU%N_b1T&tCU5QX1)}mRZXvW?oi0NeIB<5Z3W#61#WH*~E(_4Qo^t>W8 zV~P(Q$L8g8yD+{?Byl2MG5pK~Jsy3RHIxC%7@aU4;{)>aB8;gh&Sj_}R0o;~P^gj* zo^vjfXAk$hpLrWPwR8VHDF&%{V%ajP+1$EqKD4U(3rK+<;-jsJ2RqcPR$4Up8)(0S zLOU+8gzO}-G?G^{4m&95&iUY%BrF0mC$;Cf6+(kh{tz6xRBqjirVbP1zo;5_fr^R;vYO$HAzvNg zAGz^)`_5J2E0ed23usZ2&7oS|?tC3Ai!~y?`g1XBLtCH?dP|%^bA_UO(0nNlU ztN>wi*KvM?T{xtXhs8txW}*>YX(msIycCZW^Y%mxX&^Xtp>aq|TMdodsHhd5h1#1b zRRNyZMQ2yd(q{{@zTw{M(tB|qK=iO4glw8zy*r)!TD6@w=V8hZ5tJs@I($nZpo{hX z6JUc)_VXR237B^1ckkrv%bw_QO+{q#l>}e*dBrcLUZk;7QAfP@2pnW!=tGzxyqxV$ zVu27{(9fs@1qB^3p~ASgjaZf8Ots3Yg7UAz;4V-@MAJ%qv@D>>E)BHD%HKzTFlCF! zW}71nmQ1lF3;x#c^2{g%jZ|DO!O>jd?CPL;2*M!<@pfnYqtl{ORW<}NG==`?6x=ec zPFOfmt)^B?b&pn+7jA7yO7%$G&vgGS_+LJBFkF&ol{I@Ch!l_Uo>T@RMf3%roL$il zRmqR8wA-yeM7<1ut*xci^yN&x9yHSLI8Vza)y@kQjH?*%IGKB9P+raTREQ_;u`x;C!L?5fr+khJV}@8 z#90nCU%xYVIi&RA`T6+<=MfL<-pemvJcLah3c5Pig3`-+h?Y6pTz>%kc569x=K>(j ze+-&_4=hQAKvZ8hR-rEoMAcW;GKFicS*)5Q2VV)a;on@9!4=C|f1iu|{qa9sM7)&7 zOVk%%aB2LPX>{gmKoBf*_dfj}UjAzm2KdWL6-bKwp6mH3t>548kvV+B9sEe{xZgiM z@*lYL2n)|LWBEDlzc=so28flZ7mh#u{l-uF3H+5T0ia@>%kuR<FTMU^6S4%l(7T+NDTV{;C?x+_}}UI;~j|y z0CNLeUfue62Y+v(ClTNW_%3cg|NoDyOAY{%H@LT9XOI5lBl{m5Jr7J6sFI(tQ4#;{BIn-!G)W06$h1hUI>z^`~Ru`@h2W$6-Hw{C|b*Pcr(y!uDq){J)m% zPX_V-Y0CyA*B)K|ZrJK2uYOOic>q-b_&~VT;XeuGAM9L_ztZDOW+vWu-PJX z6|5623m4$eHI;tG%a((g=GfscG~dYr`AXXQOgzUftx6i0R@`d<=BvkfpKtXH;|QLo zpGFjT7CjyRF^Bz^A(qep{I(@7I2-tg&SB$;{+{N*0y@&f2K3q`R@y7kyg^-iu&5f$J=SME!ty<(dRIPqVJ|wCvX}cINaxhw zxqjea0yh9wsuC3d=p#LJye2+zjI{HXC}l9{rp)xu(;8l70FDU9GJgW(;>rm-u;|pt zI?b`rka;Qbsi9T*F`+b|2Y+@{zbk>)N8nYyrRSZj(#eO9&G~$(#QK98ju|-sBJbZkM%~wjoByxv83`N>`HdQn!ScuF5rdN+ZeeeR!UI->B|(@M-Ynq3W@$=J)JkR@S!- zTvuUtaaJ%1@a2WX3vYwXlgOGk7n2iKw!xO3!thky!SM<%p|V&H<#m-r23v#iA>I3O zwo7#qf^5oF;=H?~xlDUZ0`aJ6;;6w8L}t7Iw%j53k+c#N6G4HvKc9gc`xgA!W$cfe z+u31eRdfZ%xU+t7J3bzc1X_)~3l!nF(XDEm<2Cp`UWhjFvCj8SAtWrr+wHtyrM2J? zF@d6I!oX~$-O!16ptkbrV~IPdtCKWPe%`4W#L`}kr~2-ri8&pY|p<%w=yun&L zk{5(wdd#-)LkMys@1K_@QYlQ^^W4TUBT{)AQKDPKURI z3_n-mpMO0ZB&XHrS%G3m5)t~4XTs3cI&smjRVG3Xy-a?oI=RMF8!UDbrZ>>pW><~8 znrQlPq-&)Zhhr^XtkPl3b?{PvPY7=-7k5OFN;bzPqM3GW@@p&Dnmcy1QT!m6^wi$< zPDRc-5YEhOvf9DZPTK^mcu^74t8EuL7RQ_*#dpVMCf07HlDuACHB8Q57-j4%_`5k? zu9G&(PlVj-&@Z_wKN*wh7<`4qQ2W(T>x&j@>iv^l5 zM~#2tzPS=LvSn<^h^H?FgZ!nMu9Xf=!JEOJO_*5bfvw8fF~rh1Wn8P+>wEeW@HXHsC)0zq%{wR)vGmS_9RJWN zUB}H>dj5skh%3r0!@}PDLWy^-cZuCqB+i)5gxFqdhO){E^}mI8CNfYz(6S?J!!XpG zpIm$Wby}v?WH#h#$o*|Gl5=9~0VP|$?q3%8ZM$|vuF;lHPQ*=-_)fp+-1BxIPp%dQ z9mzQ%+)1<%-!K`8Z_5cO)@hn94ax4+i)A#GLSEv@@EaJ!gg&Y@;csKhOE7vaVN z6QWPZN3gYwfa`(`WHz-rh96?pQDvd!L&|E_YSF4t4k$p4pGA4&3IJ^SJ%hlD_!8eO~gdv@MUhgj<8koB61^=$$O)+(rs!!8^yPQeiK(U z{mHx5L6nfj51NW0c8Vn1!#lk{;4WLZj zSqEnI#%7fn5>!9SVXJg+J6NFbhKr=a zi_uV?)e2T0Pkd@6MUI+{wBoo-;tTIi0-L7rnS@0OD}}G-D}z)>DlAgm%}G8FN;id3 z5*2l1TS?j_NpIH<5g#LOEbfixo$l6_$WZSDVlBlHQ#OSRWy?aA2xUU;U6pD;PMR5% z)+kqWBD0iNLlgf>{yhSI8=7H@c^zlEnS8*}A!su{?_%?CN;#-;&}~nSap)Pg)trBu z{SaohJ$Ub09|tB!BhB=4&6b0JqP#G{w?bZXznbtbUTry6+Vd3YOL_5=`lw1uu&w(_ z|A7X~sApDl6lt!J&%|M+Uk4Li(H-hPvWqUeOmhD)b%#Yv^i003SGOaix@BxS(F|cO zG_iCUZr>G#r|;vKinHhll`9FnRe@yXt(#q>_w4so+YElV?mxy7-X^tsmGbr+GL6lU z)-P#K1x4)c&Prb`b|jFk9j8(jcnL%;$4)`_MrZ~&Yh?GU^#b#Hk3g%1J1;P;npIZ~ z=x|S>^mhImKb7z=@2hyC?QS>-rQ+QYLSF9kBb-;s!>PI?1&FU}cVUPYzj&7zD@h*M4hI2$2+~kMc6kP6`gOC(TN%+ zvTe$sk!s#S=B*Un_%_|OnN8Csa!zqBTd=#L_;&AWyNstf5Z0y*yV%h*@8?Qg>@~8@ zH3q!_wtH>#j%`u88wrB`W=m6b{@j>Ke2CRMN^am%7V2zVcVZOGVM6Xq=s@@2L(j=R zU~A*Ajw?fbkGi*%i!Y@KHN`ua&uBHypE%!V>!}o9ab+UO9Oj-ULCe3@q1rfvbd^ID zyF3l?d@Ap~`R?$?%%ntT(jq;yp?5mwy z#+!>e>MRuSXJTG)@hw6pY3qfqfTc>~vDv2HF^zLxOF=P&wB`8G;jN|EFVF?7ePjR+q?yHt$u7?e?qiQT9@;(&M)-}Z%PVC z7*Pe!HN9zxZY-d7Pyh=xr7C8&XtXGW`B!8uS#~w<48>(Nr?v<+B_oqAr;#3pJPK^P zWGSq=JgbPV7S)!DA4Pgt->fs&-`br#y*@zNppzwDoJ`lH%x!~=y~fImXBhj;JcBt+ zVk4o0-?GPJfm1DR^C$^zxQ=I9q`?{WU3l1l7{k6TaUmc?UC*>@#|gp2o=hE zZM$AZ`5jX==8g)>+GXbr7QwR{EbY**3I3{L389++L_&jf=$%s$wo&LX8P_$++>m}aJ?uvMt2JW3{GIMbhQ z$IsTevB>8Uuhs zvHpSYaYfi+%8qm+H}zn62WV;dI#N$c*;(kbyJfWB>z2k8*Y!?B>0y(`Llv+$xztdO z(1rq&w!VPvGm62gLDgHRKK>*hsAk5(JMLcLOxaB5L}IsLK6I^xMynweOOP`ifaGBa zqkh+o^_iFY)?Hl>nNH8#G4;TuB%1Ud!(!0kd=NLAjyl(enpvPFTlG{PNH$K@>}*zo zn0V5w0&y=TB}OggJm!(NQh6S36lI(aaQN6f^fA2R+LZ_@?Ua`23h)dN zzHK^gAzo)xI~C6+ma9d+Ut40)i}Yp*L@{!w%?418^P#dyqBkE#S7Q>=G|*uo z{OlGdrrPMYzY0ukX3R>36hNPwM})^-ydIw4p&x}}Yl#s)#c@NluXwjBkiW%pPN&f^ zD{GU*AR1Ph;a*DLtJyqb85%x$Nd3YL=Su-o@0Ig$so0TYrmh=_>&265?|hEuir78q zsP%r3PkBn51R*IotJk^E&!79)EN9M`FS*J;-PqbRl_nmPCft+3^a_-3R3{ZG4-FD` z)~nxWp!Mm((=Bm@Ueg3k*~TE!5|S|VSfza<&QOeCreEhE!f%lChX1^5%jnh--~2t{ zy``Y+90tZLi)TDh)mu$3xqG9}<(^USbvtX2w~L+-{Fup>6ho1?NmR3Wu0QDQ?x_j6 z`SFSk*VKo_(-TCn7S9>$T~M_N zoIJTfBw3Dh)(cq8ezs+oBP>R$mGabr9K$QN?~jg*PBA|jcYuDx?rArrz+kF)O`WFe zdwS6mpf@HIHbi?g_D-Uw>@Eb`prU|(z-_iXG6GrH5a5`LcM-llZl#Pr5)dYS!)G^? zuPGIwBS%nM4f%9zMs;NnsgEjI9n{s_FL-?DYu7d-(-pY0IklD7#H4Io3K{t_5o;S~ zx9qXqPu1K!3)X4u8$brJc564YcQN!oS2v1^uzlpT-N`P_=q99>lgHz;lq)24$qvny z#8z(52d`chQad+Bvz5V3}==nX!_2yB19 zvN zKlyT@m^ZYnP#N-pr@Y+N6TNZ0J2>!z3P|wd&{{@i$jWKX0|`=hc3q`q<}Ow|n0e}_ z-doP5Y+ai2K-X@aWv~SXVzt7C-%*-f8(Qy;H|q`mNU+36&K(r_y*cl=^nt zGApKt=J-Ci0Lt$s^T;LGwtI1(#8($71n;<5$4nb$RZ4=t%R^&Q()t59W~3;M(nJck zPF7s!MX#+>ncj;Hs@foE@w-kPDfTvkm{#7I8XLbIiwZ-JUyI+LJxJhML%XL_$DtqA ztPn3YWyP?D9D}G^?xYi0r2Kqa%xV$D3L8R4WByjwTrb9LW164Sgo$6pP{4_oEyoJ6J; z+tKeq#Tyhhv3c%tj*c_2nZb~N*ST`yzThG35s?0O2Q%(r*oHRKWRWtWP(A{pF=BnC}dT)@x$rcX_7vsHli{%0r z_tMRk^Fjx<@@#VlIk2=-%APGhH!bFM@~#8k4#STb@)5|kULA%T7>*Q1p5S{d7ok#b z-cjn~Jhiz@PpFQVgkPe@8r$e4__O5s=^muG~EpvH&d34X5TSN6mFE!PJZj;mQsj4q$*wd}Wj5ofQnkh!J`}NLb%Hs0fsbR z$TGKHZdRa@uoUjf%OW|Yik4#O^9IN6ZNOwNtNJxD!39HglAe-}-0Q-S-YShJ(jDH21|>4FzPNX+J)Z6MbHWo{{kG#y@M$k?ZtFYilj z9aFl9?ze905AtYX!`91qdD2+c?RO<4Dl&+{>L^hgigT{4Hv|r)7Wo7{tLsVa#7&sh zL~1+=Mc{0*$pi_CWko_CmStpzSr~m~s_8r~MQkRc(?&)|8|2iAL!)k}04Q^y&bv7A z{8)h1xOMvg*}bzav8=zsF^=VhIpfG~FsO_tsGDIaZW<%CqT%dMvG3=X`>%NhPHZeM z_lqTg+113^wV`GH6u#uH{NHlK9;w{w_UzWyW|Iy1i{_*nh6CYS4gM3zaka_|IFp=W z7q2Hd3r_>A$unhif2(YvjSpc{C(+30p}Ditg2^ybDNSc)Z9axeRauSk(4?@ zQnVJ-hk7_F)Cbt>7Yp`E)4PlL^p5p_0Njs3oo~ptTB^S(I|crLe|wIPO^VnGdF|l9 zPavx)KWEODR-K`MK;w{zSs|Xnz{XNAwoN`|Y8{s0Z|@Q|0fC}WHpj=;6eOgJG*w#O zP#ao>P+J5nzVKK%WL({W;L;K5Y)Y%B|JgQ&h5X5#mi>ChAqh}JC(ar0rH};j2$D~7 z`b393^mCZp=jowzMbj+|wg*cJUwaqqIb()Xb=XFU=%4q}h>}6dCs+m!=xUfiufexk3JdJcfA=Zjb) zP6Pyps4)s+if=R2tdQ?KTTmI5mPsw5h-7L}(qxgFWygT2Aii~_a}c2cOKgSvglzdJ zN<(etB@h>Av!~3B{{uSW5F#2uoXU`|z)V$?hIL0Tl*vZ)lgRIz1cYnKvTDVIS?=5H z>#t`SQx8y9gw@!}#{-3_;DITT1sY!dlwrl^o_=sXXp(-*lm5Eck6w72-e4UA0w_8( zH+qR(9%gx^_b;sISHo8BaC91E)dygWr@!wx@Oe4!>;MrKnD7cLN`5K3d9kRWe~MAjGSZ(=0&s ziqkw>2bqI{#um=8Q9=qf+xhrZci+)wQbCKR3}CuDH^~@&+e3Z!;n~f;!=}uVifXp5 zaRRM?a+1Uco5qZq(?m3$KHS|yrT)5*QU2?T;w>1NWVV1pvgZ!njWpS2%d8jy4pWE> z8^ilADTl80SHV5sOpURpZ)*_|mIW^=6?*6_3gx-IDu>}a7fF!L;a|*X52RZ0d<(w= zxLO#85ByS(G+?`Xu!~GUs2)YJNA%i?aN~OSHR68sP+#L+9MABMBS^C#aaxksw^^ZW zwj6OHnQddtvFRur?y*VNtd>&sQ&iXXqmRVWh+3tbq|ZM}0|xw=`NxlAYEvt*yEXze zxt{;ol;JN^>l6gYhk|tblsP`wM>@xJG8g*k`Haiky!%TW|CI1kCZd@T*cSa?>#9uj z0kuxiuq^~&@jCaf%uPp>t71}je@`jK{6*vT2VNHu=8ev>XfB`!#l0?(m=2&V>zImA zdHOa9#1|(ta=5KAr+S6`XQ#5zd1Yk)%^cG9@@3?%f|i!Q=fjt}gIS*lp=~@|-*IL@ zcux&K+8UzBd4y;)DJ#2&(@Wz}*Oo4s$gbV{9myPEj*L{T`!*~4-`Bd>sZ-6i+x%hK?6eck?F7C5zp24XHqR-6*+{YB2dBA! OOHbQKtMaPTgMR?8$>(lyQ?gF=G2u_czAecx6Izk`7!Qwx-16qlyK*;g(%psInOoYJ;o;qR7OqXCp)PkhL0j!4 zF~|91EXj}=>XeNjME(U7Uh<>!Ct01Ks`bT5_oY=oYF-%D!_(EcHP4B^UP1TjRrZS$ z?CHCq1YO7j_`Z8b)z)ad`;x~-O|-K)UP!4aF@bJ6KHlK2$32aQ5WcHC&*WwaZ#~4n zZGwl;nHTfXhC;7Dvyk93c%;M*rD9)HV)2W5T1sCZmTnJQ7Y zPT9|4g5bRVvap!M`{Aoj7HNe-=bfd+SVTpM?z^(SZ(tewAh)C67PcJ4t~DeSF?H=i z0T-7_$cLC!?}%}41*eDyHfIe7(r5mxyYA4DZ|lzIc;h`eTsCHt<@1H}Y|n#`wrN{V(8^^KM<%!iu@IL?E{!Mb@sUFiWZ^Sws z60j}7s<=T+TX^C5tM_r(t6q_;Yr&`?lgvR^Q`dW!Y$BkXnoq@7dra}))ac+txUM1s zjz5{3W1f8IP_{duYD;clII8-(hS4{>N!303dF;jWj5&NxLV0vPu0?UV|+hheyX_iqJ zBs^sNZhT|DWe@^coaUgI^u z)hJqZFB`2_v>zkM@2oM$1gx6e?AOgFKDIRW^@d63IbTrHSnU95qJ=k7l!A(SY3EW^%Bdtaf8LkY~yu_vA(CrcS2}6-kJ@l z&f_}~Rz4EAhkf`gzTrxK)_@!jjWMwb1KT~DlIz5!isVlq=BAp~eHPd)+QLE^ij$0E zloO5?(=Q;8RDw)`LLws)I@f%?p`3hAJ4>S87riZTB9Pkkj@*|RPKr!gkOILf1IfSo?G39vq3k1Dq6XgWi^JEPTioRQCR26!Ou{UmZkt0N6{HI<$ ze!x>fig~K_dgr6a8j0J9>Ss>LTpy)LObW=4_tdxXFt-uCs6*vzC_d$=lYe_E`-u@~siIh)8TO4_<=gj)Bt)7D#Ysu)oPwcS%#G}^|0|Ns-}>uj$G#nBWbzcBGV$>BHVJkMPFA}*HG7D zkflIu@OA;E*|}Duu!V@dJDRUz)I8IB(yz_R&(c`&VL7oJfiiq4uHC2yTSehTSB7+l z=!b}eE8-p-giy)aCL6plh&MHF$WM1e_)aPrti#*3oiLg9m~;jGM>73AdaLN2^-x}SZY>fXqGkC-Ik zdTV^=KUau}m=Ve@c_ONP>fu>>nQnKmsk6)isWFLqsY6$a-HM;gmQ`eI|AEz=)tsH~ z-C<@`LBuyD=!h&gy?4Ko?w=tO)?g4Ae??n>P@tIqIRA;5SpH6{b!(m?v0~n$e#`jo z*`8GEO6%1kv}IzySG~qPH=e>M%IKW7W7KEjrKn$aoQ)TZzh_8~(ZO89+^jfJ)rv*Om-nqm|(ANdmb8cRv3PFbS# zru~e5Oit~>jbXxJw3E4$K_zRY=sIGDd*{tM$GR~U74@UDMAX|baZ5Ls)`Zpdf2Q7(~a!yhf`ik_f>7(yb3&z5pJr@9yH zIBjsAqdpfQTij@>BCZlNZQE&K#AHNav{P;5s_%NbI@rB-!(lmksb~Jh7U5>ZcF7jY z)`xA_y8A@lT;i1RoaA{ET5d>^aL9Rb(lVxRP9f&!Mbnuc&<*goc-dQ@6krg6IyQ~p z?YVpJfhqZwOH?I-^U`I~LXuSy__qjdX9v2FTmBJExi$R9m#`+5aP=+^#o>nrpW0>5S{B+9Q5=RiPlI1dFGOv(QqVC8!$W?|C zrfn-3N)|iE>=mIbOH(P862~Y)2)6wApXWa>iZR%^8QrYm6`M7< zNb$mp6nVMqvc@HksEd%fuQneBcL%knqdIgYrgf9OKXW-Qm(Q1TtRkj3642sf*84#x znta1faGb_oy2Lea_(%SOrTZ;k+CJ1?*1Z^hxmusJHs!5Op^K_Rr^+$OzKEvqlM1$6 zNW%&kMNL3yHmrPMMX9wm0xr)LsT-~t=4n)K))&nZ%Q|b@Gon?p(Bm|^E-H%e)T>FUr9IEE$Ud-z&>qP>T`RPw zR;cgkJh;f^zUf}EF0%m3amdaXOnYmm$)U%VxiBmV^WHf&cKi%c`?*D-_d*&@;+UK*haMLp{8Ig>&UzeE+>o0M%DIzF)bw)HqBvG@C1IWc|R|)^0v(#38fi^=cb(Y;M|) z08<9%+cj^@8PIpORjI@vpEyo$VX`apmM)G^*3^DI_E~!7=Hn+9gZXJR5ALlrCUZW? z4aL-8v}t7}YsTI!x^6KnHBXOzNh?ab*jbd=Csyh@+B-dl-oHQlVl>h>^4%VzH|u`+ zWcYHHskiGs5=nP2X`}cXwkh_aUEk=UtHnmH88`gf$GhuY-*&psS<$Y0A+}vUtM8^+ zyepIlm9X2rzw&0;x(Q80KS)oH9}&VRe99z0IU@tFYVbH7$AtvyPvSw>n5(_z2wsj- zFrM6HX0LuN_x{*J@dUj0ocMHqB&cSZ@I8z=<-WWu+CY|6QZf$HSW$z)Qr@P2yL5At zn|DQv3{Q<7&-f8N{X2bGnVNZD=n{Tc99#9qv&SbpH-|Ysq*rfT+*I8^@j3v8kdWV^ z2c-hB{T*FLJiJScxc`sIsWE)R!^0=E)X+ibC@G4V+QB&QLGA9Fak{|lL2EobF&7c= z5oU(CN9O{wv2_%25x@3V3lZ=c_chlwy1$wrti`YCDBY#IX$Lo>6X4|M z3=TCHQM)Dc<8kmW@oNtd2zwDOE@x+FPG>$&JGccGkFc;X7dI~#FE0mZ!Qtp?i@4{) zVe3f$y_3U!Zkain!Y%C)mUgyuxPI^5w?iVtuU*5v=;wdm$7$wb`Rh%#jz6XaCdh^R z3l|S3H`jl93}I>hH;>`|^8K;D=Jow`Vz|yk?pnH-+34P~gqhhof}u(9@CxvX{q>%I z`_r$H{`RQOuSa=#`GtOe^tV6#_9$*FA}Vl8Gq6m!#gO0;ajLH>C+ye_(~rRt zGzk$NrJYRiL%e9!YIhjbe_Jfj@k2a{#{asgpj}=1rSo)rna+8E^hcQ4dAf1(AEW-q z5tH}f<3nYzi^UE{*{;w)hWZ{ANy7y1{jHTD>%8#NQ8#M_ZL`6nJp5Y21SQABqOK&M z8Eu&w-7;U;De*NYZXyseO1|C{UK*)OQ3g-fC1*05k;ZwNv&lV1`&-kMhNW&tSq%bz2JR^GaNJW1#c2QD2YeTfGUcyYCfq!% z?`Y^&`}OUR!^+ry+}*<-N#uS!#g}p^_SuoF?IiKZ5Q?ihFBp$tY*9i41Wk%mJJM`N z8I8;xsfTSR>-E@=vb^uFf>Zxx;GEu3c9Q!B&X`Y@41bVVX`*NJmUqUls&G_$@%w~3 z5~+^=*dHHawoe=AN7xd;NGfm`48n zS+c_&`G;rL!hrWk7&5$~a0KJ!)&UOG@1lC*?{oYc`%6j#+qBlZ*sXJv`PH8S29O=K z{WqQc%h<#j>7-KAoFW@Yk1#(HEwKM4A9|UOU|C;T!1Tn6EBPaiFh7%gu>FK=sS-yp zEGZRW-!mDQH*b$JKfjB>_3H3okFwQn@=^~KRTek{k8*Ozv%y~1KhIG4m*xD=L+Vn; z55;O&3q;fr{NXYl2x(bvq%~%WhN4zl*z&^8d49cVwlx`PH|$%xw_rCJS-Wc%ZBx+P z^5o67A&#hc!oy#dTa%~hH{g{_<;rG=c55#YuzJ;+JW6jFuWrx^Q z7$zQiU!RZHy4)5jdYs~2zC1IFNA|NM?ysda&iQnB@68zpYBF$F6pL+)IQAhC$9Qvi zM}HhmvRJSq&tSn1I&aZ)&!l*|)3wUg)f3Sg)U3uYX++he#x;IciF)=JDAcUNL(u+z!LQCUzV{Iapf+p7KT zxxR^Li-dCHB&D=1BbU#QXYYGyQY47? zSt6Z6bJ>M0V4rniJ(Xj7iz^?4y^0(p!d{+c&zGuQX!j!)Hg0xRugGr~?kKY@>75qB z^mob^CPW&!WmM>fah`-jz0VEiexs;ffMfqGFlwllgRzgk4lHD5lRFp0}3UVDj$IK?5l=Lw)ykRdHxNj;b#AMW?1ToZg8Z_JK;;7wS3B-%u znu^V1ui5&P>Zk$gpQ zZ0}yb8Nm-bG`W9C$Kk_81>RURV{L1{j%i@Q#;CjYv3iOFkdZ|Y2rLz}a`qu-5j|^u zw7W^CvNNXLSDKl#Tt_`t+h?!169mwZV8}sgT>be;P1{r_=7nM+XeLpp`l7G zL=xY88U&UlE>>Orap(i`!I8Q^Sh6{Kxrtbc^Hu7^D@(7DgUv=s&eL2~_R-+P6OGh~ zVK>|Dyb5Q%iw!^AS{}o>gSzAAvN=amJFN4n`*n;H%4|5E?JtGZGkx3~+iZYj<|a)6 zBW%bPzOeQAocDmsnAkU*HyHuroCJ1h8;$JOjb)}d^gZY4xKjz>$r5Jy(!9h$8PnA2 zCgTGGBZ!Pvsc1o3k8ky}(moZotJc0cUTd#u!)0k)Q!Y%PX3k0O+7DVJdd6gFy%Tm8 z#rCRGj`MlPf8gsOy&L+3Mo*z*wL^G1&T8m_EY)X!CAN@_?+&W&7Dvd#h<@HiD#tMA z>N&$nU?w?ClLAYtJJ-=kWKRu@H*%+y2-miqhsT2@jS5D3DHY|qwtySeL|v>d20O_& z$t<}ghwYjM{3cH*2Np^pffC!T%S{?khN+F7Ab54%0;OEKn5 zFld67qMW@_w~lSi)|BU~6A;BIK^qx~0X_EpJCa908oR)UV zytARPxAsa28yU*dwr1LGRAzfuds|oJe}*QLY+{Bk#$#NVOZ7Y$d1P*+#(}V`T(f%n z%yUZ+j}{&IrXaOjO0Hj?F=vXDTRMKLC(?e0m26He2aYO|Jxg5HMV=3T zFkZlpZTFX6nR(}U?d_P?PWbIhx+!`Gk1rePC<{-9S#7?FG_tz2aj;%mo6|6vXuyv< zgnTLjoR_0&_py1}DkQs;T;43++dYZf1jGF1{J%o52?=p;ZF^(5oQ!?jH>y9%mkU-q zL?fG-VzX7WS_xV_wpxujRV4Qi7uyo|c)-eqi$OzH-&UkprywZx$Li$HD;9W_L^RU4 zXD{Dcn+R1gGE2&+RBtJ2<*c+(bPnyCo%~V4bW!5FZt@taFb%uz;X!>hP{LdkjdQ#^ z^MzT@e#HHt5VZtyoKmh_rn~9q!b+C&zFj;RM|p`LYoO4 z!F~%~Tgt21o@L!M17*)r8K(SGj7Au9q6Zv#529;E`XCftF>%9A8LCIW7wW)N&%;ta z5SvE1RJ}1e>zR;kbGAa)EL^jN%WL_?tgqd6s8UE9qDM))xHRVTf;XH;nEAHzh=Z&E zE9}nj95XShq)M1lNjy>eSL$l2WMUxA>uc)2@$}ARyqRq*x^^FVaTnznZWd`+(kZOw zyIp9ETCC;dYvaB-2>b~p#E{pkxKAsq!xdiBZva=ne(uV|2%GK$5D15H4n)*WA+(T2|9)XpPsTS5{PzqWFe z8YGUv#w$5j4>N+poIlvohah9VW@m9y!FXFO9LY%T%FCm|)_++q)~EY~y0S9-YH7KF zGX~jir;uQjo#u+h$ zZm?7u9YsCQJNHKuEMM|G7pwyvv)yKLrj@W;o$4y$n%WsgbIa}Yj%4WqQs%foyX1zh zl;?FxoiOiS@;=y^rpX&^EjKC>Eu+| zcu-ctjqJurfy?^ABD3id^*qhnC`GPzAI=PYqGD)SIdri7jq=Muv0NHkNR9x#l3{6& zwOS0@?=wx5@`aj5n?*D{B|-b}1->NoXAf~q_T0dfs@S)wDR5|N8903C&Y*l4r`^Xm zD6)z+fZJ+VjM~s7O2t&K4`t2P2u54zwVt?aaQCd}e7+2tAg8DLuo6+s#_v(&QwmoS z%iD?t!K3vQTlU@c5ywtAaAh0K<`Uh*A#>AX2m2eXZgV->CnovxxT1HxRzefQa4DT@ z(Y-?#O+aQ3@$gmE|M-Bk>BO*-;9yD|=#Lu07Og*<8=z)69q*j$YdTBOo%2y@&|ubW ze06A>!K}h&=>7|iE1sQ9bWEx{EP1v2Zqcq&(Tx_!sl$T^f*9+GSzDDthxT``;ik;r zWW=|>z7AXsjf|V|7swpZ<06paHqonx;p>U%OP$_6&yU)~tx#*x^GKb-N%~#6nCbie*XGR~Ean=R= z7qQdL0$)B~Z+5Eb)6&-*-0BveDn=XWlLi<_UUwTbi`2w$o>@QE`T0St*^ivaR9}iP z`fc?AY|rJS2S~QqX3}cZ<@h}u<*b^gx~ar^#Jq%_q{YEoP&I~gsI||X5<50n2J?i5 zHucbF{k5RL$#URr>Qys3Je9yCqR!*D>+(7JK|%Dj$rg+@!9}`;9XC1(;n=xJ|5m4A zn0AoRm#3`5)6bX_bhH;%VceF7 z@zxD2(ah+_bEq*hFf92!r>49aHA|4DW_dMEZeT!$p)EM(v05;fTPYY3{X}7J%F6x_ zZ(~Y&NWx2YemGMmQYt~L?c5%h=Zu19w+~uhcxxgQQcwsTc_~Yyd%KPKB%=zyktenf z*>}Mc14_EAlY4RBCa!(cuHEiKkqABeQoB$xe8uqQq@3RwP{Q3BzW@2RvvB^wr6{K% zOG-P(8k7yUFqbPhk}aSb(B0og*9xYhj|-=5uK-$euMgt4;peT~Y7yrk6MjPcob!}) zi^w~Lw5>(~3283oc!U}-PKy@j+8s=0Wtyh8VX>k>pT=ZnR<2cBf(@jgkza`9hXIh? z1vNjx`;yF2(g#YA!CdUt)mjj@!j7L4%O9H{Xv(f!tO&G?+6Utev-6zO-ig0KQr6+{ z(@i@|wY8zBD{X8)@*V(`3*rk)>X`VP7*gcPjF)m`is)aBtnljaK~2K3ecE}l0!BTC z^8hj!aT&9vsGKiQz?o%hFi3jgZ9I({(mb@=T~FjIB6Ad`THQ)O##69Vvr{6@)v^|c zhE-$xu{J-CAqb9RJbo-&;+3EowsJkLjW-rnqHC(!UR#Yimdc6U-0jcGb4SCP%Ai4m zmTB?Zh-bQ;v2*>dpVq{eTvfzd4##ccdrEP|$vF7kQ2F{o>6j6$4g_q7G$ch^d%cN1 zSVKvLcDAMLgj*lm%T>7x32Eexq}<~Hd_nG}vgtCf){Q-uKV$}@i_H8f%*m4lbbn!s zJ|C~z1EfMr_cpGel{xRpWuu!HFInyB`AWo2-YGJUPYIOE)X~Q73&nq>Um!H(SG){$ zoE^z_-TeF{i!OR9HyW2(qim1IDD;Qto`45MPznR^x{`=6#)srbxW7sIwRp@J=eS(K zQOkP5Au3KM!tnGUKBMMRybYggk|RSukHiAs4>+J}2j4GH<>Lpnr6ouGuH*R6QaVqd zpCwORTa~&T!|X3;b^OlTxzQ!25piwnC{Ug}<(*fhWniT!`Ux2lS zASn!Xc3|+!GjD}Ro%_$cF!)6!A{jfOf7U8*jfr3mYmi?L`MhPM^J^Oz8Y}r95Zzi; z9S(Z(0(ox)4(Y+wKOCT7)CpHLZ(&Je2PLbHE2y9KaYbChm@?(By!f!<;PwEOy?d-^~@P1%QA#L2v455<$I{Lqw)s+z--tu!^?fETM{O%!s4IQkon;s6VTapMoOaXos z@&En|c_c`J9f+fq56AcKBmVhKR}UDvo7;w^*w20Z`ww8qfQ3?MLi|c@fA{nMG7_Hz zKm+ykRH}?0Wqu6+m^C-Jk$RYu{*Q(Hmm#ecf$1fTdR{pS7|G2E@TqZ9-uQo6&i~wf zQW}8O*VYz$T#hn72ORMb88Y*?EAZQ(#Q`Unn&zC?aFqE4D1aDL_DJz4Tm9A2r`fFn z`#NcPwNvuo`oMGIQsOG6xMG3dNSdx;{EkF7_XEqrBFi1$%Nsi?(R2U%G)-)Xo9OsT z)=P5^!^uAwSAZ~BPgC2-VUz#9Ms)*#didXtajW_NaVdP7WvpJ<)$Xmo)GL}igj)Zz z(f&B&U-dxdnwz2VJ8=GYCja#|*u&~FbW!x*wfOBMCs~8WhUyu2j^a#S;D-ikyw(P# z%~1y)aL*^!w!-qRK9^rxQkljt4D6?e`nL~X1#rVJX)KC7!thP*0{=$%;SKL^r}6Jj ztW+M3Ybh2_t^T_fzrWBAXWZ90!;j+L+?0U(&RgJFIKl}#Pmbf&q#ZI8kFw&{IQI<; zw)}Dap=+;V3Bs(CsAc!KSP$j-Ui|fEK_M-~Lrsi0Ipvo9W(v#>gbXvV-+@YW6$R#KMOg)p*E>e_n$B8B}D&R6v9hQ#Zd;+wSenr z1$=@Qj+iXyRZ|GZ)vawJbJ@o`ZCHPtag%_P0U3DFGiix6W416zuJIdHiEGDBBOkUI zg9^0(6y*^aX$fv&cGxn=Qcme;rmrbn)%op*OV(}QHphdt>v8H`>%3MJnMq;9 zl2P^O)$+Xdfq%HDtx?aDJOF^sR?*SrpjjvfGmHgnu{>6UXV0{De{A$GvX7&5L~Wsz zKv*dq<@xQ2!ptbdl&)O!}9Ff{cSTq!RF?gZe&4!5=kV)iX#3c#ciTXRc3(x zVGC8{mBU7U4xpSfOK_dCJTLaG?)c=_*TJ04=aa)qE;~#|nFg_LOGqH?6=9PZO?s~m ztnpbpBzESlZd7Qtgr2Ten@1lEs+X6mMtTG*r=yUQ8RKD8qV315DI#r@aZ;o5nbg=T z$8;#h*vt%u(d|yVqJPczokP{GXlWLuGxB>Z_o>0h6=LC*-1R)J_scoSR!U8)mGgeM zB%il*A)lfE*I5f7Ljdj>ihmM3*jHc%YK>VVrmJmJzzqC&cC z66t zP$4l@{IIF~bE9563xRE-l(uE}qCHlcpLkMV5^_61+O znu`YNg5kwsx0+>3>*@d>BS(@+F54buQP^aEplhWW;8b7qmGnVw7o0PXb7*kV%yPic z1UJ)!rWwR+XzyCZva>I!G;jJySZKa^HlOG;43SWx8Z$-Y&(X{-qxK>X99ITgdEr$P ze(JBvWTyl&SXwH)GYU&p~zKcTYhVk2LPm~PXR-(op zStPhJQ62_Mp9`c-#Q}*2yVHH$tNQZ*%$Ro;cLZQMhve?(bFG(aH$P-%?eKL7y>5A) zV4ZmC&;U(d5YdInP>0NEwdU#wc~ zV5L{XN5v?_^+1+!h+8f%!C%B77b@l!QmONvh= zYy#HZ*wbm&0lNZchZ?6cJe^ANJDX|Si=%P+%FcOwI<85X34!g)Ni}zfE*UJu+H9C4 zq|QvaU(Kre@|-QR(+OW_cA;t0O<%9kV#uWBZtzFj{>0AdX@G=S9SC}FAS)MghF|W5 zcW&!i#P^A0WP>o@R}%*;ZAZzPW*HYn64UyZ275CiU)H^zQY(e{xICe8dvNiobFZpw zxGb$_QD(%_R8GlIrt775-#weuW&Ex7h}F2=#a6qe-I}{U3mX~bq^*i?fbZzy5=u34 z%oXrnbWCKErE<81ygLu!P_f zl_o=GL>kuGd5O>GzuP|12z4ug)L%$T^m22=S_vJyBneojZGuKz=niD37xv!(dQ_Rr zk5ealk1^ti*Q`BFqQ(^ERkD1n*m$8anL$XBuW68Qs-1G0g#}+zHLjg&K2K+2a@5N~s?lOw zxzNAvUSiaMYqp#-mgpTJD=xKbKJLSUW8)jG8;*0l4JpZPg`$v4 zz-|N0pav1@k;#i__Hog%EoJ(r%*VtA8`g;8JlDZVEpHKA15s6Ts@dwLNsOX3$MNFg z;zg+?E|BuJ@FDM`K80&)>AopY&brjgFZ`p4qTob>io$?Ae?WIez9GmOLj?xNF-nu1J(=&Xs7@ z4d{h54WrExJQhj6qNGyUCCBuMBPg$P^VO?tC1feAJJb+?^Rvx5z`ny<4;f6D-+}sB zZ4Bn^d^NJlc$1mUQ=y%C`=L<&iPHbFG}CX=WQkl^GsgtZkP(I$O>}?3c5a}vAC28DC3~= z>_a~Qp}W@wTx#|xz&H(Se%#Ap7M_t{kUlnSQ>Y|RUE>g+^l;?7t&yx_i0s_xgVG>& zHWlyG3BpxCHV%vEUldX!`h#KaRwZ3r8=_BBTeG#vzQQAuFL}b#T5h<9*|xiYx$N3P z)7z+|Cly8Jlg%sLwYK=dq+;rJ&QnTww{7FnCj7SnbF9skI%bXUi&A>!O0maUEq?#{ zjzIlYT)J6Ymd!k)NJbI@Yx8Pv-y-*YW|Hx;*TL?dFu&CHD%AF#A4$!!SE=&`_*w}7^BjOT@7YN;p< zUyWh2M1u3EE8rR2wsC;@iTfXTeJ-;oaF#>IA4v}Sl8W`{k>*F7CSW<(N<0{R;B8%P z1qN&e8^e$n%)9RIfyIZm8d~zb@es18KA}20P zhPY!JkE{R-T8ps4XvEU%Cj|Xk+NAA76BV*oRr4|vP?e}O=XdKS8HOk({Fz7JBid;x zuY9-L^A0sb7dxtH7f~CAqO5A}{+P>fS~k8t4YL*y3j~u_LT6(?P`spUoy)8B65udI zR{`G==+=Jxcn-ZZEB4GR)Yj6-D`L5guan1oa_cV5nHDL*)KBQw&t_N-a$6qGO8 zSFIpnq{yx`A+9TRI7j5pBw%1Qhxhtn`g4M%?n>tI6)En~1f@k0MHYZU<7!UrhGoR7 zOYS5|eC#MF8Fibp;t{?yd?FqCMXJ$M!10N9Oko25(oTh&Z~ClM2DB){FMM{!HAkty zt|1&%;#%_z=5oF9>!VTssZV(xi?gOR<56%WyCqyhIfQ+v6N_bKwL2nTo@ty2i z$O=VvaN|@3@s#`&%fAsGT?+WFco{YQ!eNR{NP8tNSYgQ_n&N-cL=pKmESsm<=x!tl z^Sk%J7wQGC3|+fR^q?2RF)8buFrotC$ElSRV0P9%1XS$#b@E7uF8!4bH-}s z^Ap-dh&a6nW-W(p+I(p;(%1+y;0+($;t21D5!VFk4`vIL+0mnKgTu{cShKtUb@ znXKV#r&FX^Xy=uLA|G2r}0)de>47rBubsF-mK0L*sU7CzPC7n|sxW z?xa{JLCKoWtW4oOcT1Q;Z%rrG!c3GM<4Mk$)iPl$E0pEs=srqiD3Ar9mQn~Vn#JN2 zue@OR+N=EsB)$F6<~ya@?LO+!T*HZNLZ_?aH5nU~s0~6C>6@W^29qFB%dUXQYs+E1 z?u2M6cgJol+zo16hK&QlTF=a&#e!28ic^m?s0#|q0PV%L)kTUin*@^tP*|15^p7kC zs5GE}io>EV`_4EB_`U{!blmgpERb}xDLpMj*}@|t0i&9)65j9bGmz&cV|=HThJv*% zt9w7`#dZf8czT%8iUG04BnZ*z%n&0os5;TeBwrK~vh+^FW215mV`pG`?B6dKk!46# zkauE-4VY0_&ubXDnA_hgIK?o0Q&uVSS0l%-2(X@j_c$lzJ|e9Pk$P645UKSD>T?GI ziI=zSU|yB2{1gLH{}NpO9&Zi{phb(QEx)7Pw-*KsY9?6@0gPcs&X#-n{ak779;`T< zAnHwQY(FaYBXT_|dybxV>yCB!J=a8=KbmcN^+?;oAHMXd(8`#0MOTjY^(n0+&!gwZ z3CvQU;^VCCg9dtbQ|Q(Q5Q(0G9O6H$wBfI+aDWl?uAG##JbntHi1IK;8m4T14v~kb zKXG|2Htv)ERKV3e*4?G2wn2@`t4@3pK9`8^wm8IodMjqe2UHfCh5O6F-Zt~E4>p4j zz803beBf{Nu$GJM>C<(TQnHR;c1=tQg4$VWlNz9;%8HW9NhZl*3EnqI(2WMZ`Xbb= zma@K?mkjLdy%Il9<#sCzeSVZ16Sw3C<;p}Gb{2tZ5$*Sr(*B8CiqnTYIqtZ?fX;^J z%mF3rr=+2TIoIFHGaN)T($snGgUIS_f3skU&HP%BV=2UoGYPD|(_fGBY3CIfBpEVe zOP_8F91=NxLp*mF&A##N-8nmgMut$8ioE8)33fhRAT*tL3CF4Fr`mWioVDdfyfIY= zdrMr}My_Vz*sByAe}Q2e7-vXj;Aerj2^8J=&^0R%@ zMQ3lw$;9^uFqL<8vCOFiJsB!+^&1MbP8eOV$Db+KcRD7tMOC8Txk>Z79Ro!UcMu!q zVVr`q&TJ_+O>-r*o0Ul%Z*S%QH$a};(#L={gO(t(Q2Sg_hr#g-T81|4OM{ylhbf7v zYSL2tD;~OUkGVXOXa8h~Wfe02L_K3$(CF8$_9u* z0_S@gZ%EpE+J&8v+?7xC0{ zu?Vl9mDv0waZH4`O|JCr){Zk#6VPN(;VyP?foxX+sb~iTjEvI8-aEr%nd{R+u=Xa> zJWzBO#7J~WZh7?Xu<6E$g!khGDr0#i4DZK-g7P@H6$iWC_+a&h5pYPlS9Z zhi|7>i0(a2n>+s2X!Nd8At>$(~U9kuoK1em@pssdPUz5lj=1@;zw< z8d<@p4^G*!p*bSQ6)Wt9OoPQULoA4xcyBQV!V+dFnt8)a`4=+$23BC# zrP$*yQ4Z;t4IQvFIfinP+Mu{}&yw3pXg$zfkRS2@pj+T7xh*8`w`(uoU5d{$L%L|x z+?+vk)b8-uehDm;3!sP%0vQM%iGjI~u*+5qKXADuS)7>RYY=6I`RO1EiNTcO5wMh* zHHKt#A+-pe)el@=Z!fgHTzn2MbmnG+e3_$rh=b5YmNN=JGHgzP3s$Tk!Q03`@i+xG zlllPYmA>}0;RMSU$Ull*^^2w^8c zSdlory_pH>6#mQVv%M7n5;gxT-7v`^PZiC@WrkISXZk2ZkuY$7rEgeg(jAAp=dNq_ zI|HU60`X*k(_PX0IZ}cP=}tC*{F9iOKd7=TvQtCi06+rmM zbMS6CW=(V=oP+rsgE)?c0Pvla*jm^&xaaFWJ_P?IB(KvUjj~~fWy7d-K7mA#bvnV_ z_O)7ti(IL^sj#CWZ)j1(NPvpDuTRU3(;ONnM8!aPLv8n*tGHLq4Dcf~4|rf{jP8oI zG_>IIa^G6q=7b%C0&g7ynWF6tG$V#>G9|NkLdMzC)E$@qLMttEv}^PHC}%hPTn)kH zrcAtK#BwNIkT|$x#a(!=ViACwaiot>c+YT}sqju8BANlGy_pUxpgpy=9(MA-8l-qB z8iB^*Fm;iHQ0f#ze|ECQ<-^|s2$|mzF;!j7ob8k<;W#FV{G?qYy8=PIF>jKr_m7XUeA)R;d3rJ1ENO+C6TC@ob zH0GRo!$kx0($1}k^qTV12+N!UD2~;#Fy{(dX=Y0FEi$%b1m4Q(!mYJcla3y)szJ;| z)@3@4T_A4RZh+LN)@=9XY4zZ66I87es8Y=>33`fRZGT*k=U&0jsXZa%71)2MNg$`h zFHa38Dy{(xiza0pNyA?Nqpe4-@YK-D!(AtD1;^Y^(YB$q}GFk!q*#ES^?y^vb+sytr?kbJ$y~h`42d_XLgzlLEY?@_fq13pM6ESomf&bFl zdL0h4UI&-IN(L>=!F@q1J>>v3kzxmfxpZ^eZ3_^0t!dQwN4@)Ty7-EXDM)9QM!-;B2^>RAz`=$p$hZnUVKDr-Ko zM*!(-)T|zCFA}#bv z(m08sIAnTkJt{qTBQC{aUwJ2~XVZ-unPgNUZIwe=2|aCzRFH{wf|#zjb}So2ex4;{ zUwA%!#X4J+t72KCoxeu|HUdbfEQg$7p00I)OWhypHmP23)yUV$RgODOhHG4b3X}N#4V=WA)m!tx?0Asz; z0`5+~(f-)Mj`!qK`k?E`l8k=0oJO@d#L{;j)+hONZ>`;mJ_qLgulo!1^!Y8USsJ?W zt9p^!r8=W&Y^erl%LF6z>fzNRa%=q1Dok}_T?RKH3moj4w&Mih{(GI6#OEp-f?Jex zw@c;e-3d}+fx6Zefc12`jHKB-aS*efc=?D})M5;&JufL^w95Wm?S7WtnwCCH6Gfd` z%#W6XNVl^{=+B+q*g>?f0MI=Wy4T#kww5;RrtT$#7OvS5z?^6FQ@|IJf!87{+lBqR zFW#;2Xi*9v_&_o#)DDMNSyVPy2xCer%Z)1L@iazz=|B;1}bKsYAqO2Lp6GE*$Zap7peUDMxf&>5qNwvBe z2`Kkm!Oa6TJcMR-DchUV5jdLZ?F9-WWS^!&#WZ;P*B^@OlQv!vV%)Nz`2hm`SCQA`dv~{M%KLusS1VX*bf&neo9B9%_5Uo*$U>!ZiTcoYo{Z~_ zy)S|d{qzWDeRwX?sap&_@VAEKx^C-`D{uUP?b!zM*AATl=dnJuI`iEqk;is!i?K%W?j@Pvb7Ca4!q zawc(if|+vZ%=xb;d=RzRPk!ej&_?b#Dvr*8i3_SX@?>@ULCpXDlEWli>Y-HUX6JLhkud^20zX)^N~93NI$%S!O8DB5|8|6m5cPQv#+>52!97vp;W(Lwy^=l^{}W}3?#`ecnu zy!{fJsebL%KkTQ!E)d$@BP{F`{LfAK%|XL#KGr_- zEVai$t)N6!5y1V}4LcE)z0}yL(F=6kukdjapmIR-wb~T6Yn}Z+?7d}JmD}3)y+lxK zkPrz25Tu>l$O6@%#TzU=F!~UsW{>(`wu2vELeUdpMdKSx+uYpBi7;&& z?9pAIXg4buPS0SyjXFJ8tz64h=tJp2EjKc!-7F&nbeM6GtKg3kqI07oZxy-J2#&up zKn4ReFLZ#@>H~|MLFF>cXECR#@ut_hV$R2tk zR9*j;EU*=kXFumJTkMV7ClZq52~pULQ-KUWE%zW_YXE??Rvg$+5GTq z3{-aeAc_CsA;UB%GLq~zycOlFt`Nn5>y6FE+Jaiyk{THHaF>%SuddJ}5&gXEo=WVK zT^nm%P4?@k-&hRw7^C#GWL9~OJQWSd4yqtz7VvrbHF@)-EIdS|yp0>o-`qqa9D0^< z)O`#GpIzMf;fJ{aU~d)?@DE8ZsRp{t93%w3QoB*-+VgVi(?Woo;;v(*7;hQ_7IAXd zQ<*iw%G_qFPbP8DYomZKojluN*DxJ$qc}l8qe@l_?r-s>5`|QcabT^c5r$Db`F2m! zdPd6^Q&(ZPM7;^9;SBRRgCcV!*F3T1%h>dbSWfsJGd+btw`L2PrY(QG#RcNt;=xS< zr0M2rzvysk0^x^M7l(U!Kf9y`V#mtLkdedmG19um zx@9Csb)H}&i1UiywMl@>v;e_=!3{bz6_3L;ub%5Z5>DVmeHnh}^2z7mPbQ5?el?tv znRSz+qgB>&V$BI1+=zUNfnJ;g&+!h{zK?f2ZXghp=E8>saUB6DumsMU&saBp&3dS7 z^|Gq=LV)3h(qF6N%pS(qF4-mXfEy3nCSzl%JQ~iv{Br8&=@+L)bddJN#`?;_u7C)a z@q&z%yarVr@RYksFU&qOL;0)z4WS94U69y?>+-g25XsrcUjt&g`G zCPx^vqPp7>+z^d}gHP<3uR|Wr%RO=J)%Uwe{KQE`CsKcjwO_wyy$%(nu=D%*6F(Ox z&TUx=5K5_jgDdxAE$2PbwnAPzRo%W^o$97pD;_hCyPh7of1!C4EMZctJrb2ZZmwal z%J3_IWJk*rvlck{3#fX5oUx%R)gJru@EKk3u$YEbq_&O6$%p&l%68#%OF%YebYUWw zUPJ+9_G+wnNN*n2b9P~|Y*7x^92;sDq^uR1!8Y+I@ltL-Ye-Ah6VCavzWQQwNU1AGq${jH@#KEw-;on& zzz>f_h=y@QQU*~8Vo_b^_W6KCjP2{Q#*gcb)Mqf%4MO{hzunripQ^R-YX#w>YJi~K zLQh}3eNUfX#DXrBV{6$F@70Z4T3AM6_G!UcKp$vVZ++VG!mA4r%W7MLyfu5c|79yu zmD^m%Dqt@hjPC<#{K``Ip)z%Qdk=7YP|^4dwUPdQvn^u_1F6f{9UuH6N(4XbLmO9y zALa*O%1`t$cPBRP4Jr^uUmOJ)HR?W1s98svCa2wEvYEDq#BDYr=Jjnwa6T}Cs^)OZ zfI0p00w|=p-|amejH&{C&?;mDf%mn%EcRZoRdPnoM;U!5sE(6vAU%X^oS3=nA$|0% zD?}&lUIYN{lBf+`0bE=SAP2gSLSHD$ev?;tI_)K1I1mX5<1)^z_o1|0;e?z9Y#SMW z1iFWG9(njw=m%Qb;{6jX<-eW~6Vn1f`imU7*K+3G3y3jvr_7uyblZSLKMe8vZkNKE zXOh36?Bhv<0P{y&~W(vm310ZkL`AEiCfcdP6 zoX>_6`6^9q(*nl`Ptrlf7k9HBIC|U>=(D722DJU)F+*8zvaFn~bT+4HST~FZ)p5x3 zr-oJI)X?*$<}=QJIfm`c7OPR7E)p!`IRtv`ig$ZCH$WEjH+`+*vdD~Pb|ij9T7iDNg_ zfPMtq4jW3nQJ@{aAoBq0gXKOS<_2s`Mg&>#GXShYQFB>f=oQpQsutj1Vr9S*&_1$p zg`IKYWqj1P)geWX^ondi&5S@Zo_$Mic>Imc6#tAHbSgP$u01=a0WB7J1ut%q2qVP( zKYGeBq&A=Y*pe0bj_t?`cq)2WuD$|#+qtgYWU(eRe`1q_=MotwlPvXS@Q;R1M_m5} zn+&oy1m_V>RC&oO&K3O<5$A9CN%rg`$L2l|0$CC^8LsIqzCDD8Gg#Z+iQE?{7#NQ+ zx=qD^-sHqk=RM7wOwb=lkYTR)4_Lm14T*0SBkX_u8jqx6_j52 znGn1-p`Z#nY*=58{mC&hww@bOIOa*P>#oy)V3!6FS1;oUW;TQ%r(2rl1RHiyeXv6( zGl9UtjxOg%LB}2t9)o!FEbgY1g3YCa!9jbOknioB$cW5q`ILG~It|sBb*${Ma>O!P z&9lF#*&8$-(oXc~Ijpw>%7{~}&q?X}n#)kBUzn3FZySdDm=(mC zda3^I(X~P86N={zJA>J|wsF`uN7@NCa+=HG3Vb~f<-)qifP3-DP+fLG*>oUSSwZ7R zb#E+tEQsZ##-)lB!wn`PGav&W9YmDEH9~3>X7&N&HU7e}Q=>1FOAHG^}NGcHlY0bUs#Ho{QR>NS2vzn;5Bldg#Xnv-> zOYtU-_E#W7GKllkX3NUnIS{GGi^AH}^uEGzu@>JVjZlHj09BV_&^4t{?WGCrm^u0 zd4+qB609PTJ%jV(+ec4Nv+N>vg5@_N>!!O?Q~H)lPE_y@tgu2DLT^+E#b4Hdwp_b$ zIJl<~*!@Zt?)a4~v_G@+_E$KS{cna4eztQSKK_P%*Q88E$n0~$;QFXt%oeh$(GDlx zuXj;?A#~PGintVwW3J zG!K25a3gR40KImWCYJOgLGUOq3+$sR2^pzBt}5>Q>TgQJag{{%)h;=FDZTAOm*wfS zPq!{@nXJwhz78MOXVEZtgn7bwSYd$&tOiYl@#el_ba6^IUIriS7!o&5iFRQ9iw2b4 zqydK_nKh&yZR`8V0!9`kn5rG$b^xq}oC+Yi#^2uflB7Ib4GS5!Beb7gHd?`Pho&?E z`$6?fSI-rIc?kZIJZGDU+?obH2P)iS6^s3zgd2@Irz~jl5i)2THmJyCJKD&DILr}<9?`?~SvAP2lIUzwMwY-UmTiirS}$yioEq*T z-x|7>j;|GHYu-NILa2DcRxzN3D*18dRNl4ffAZ5ivZS=E%1yNo6J;71OanSWIv##R`&9jU#|-xc$>B?51aeJJ^9MVd%UG~9HQcMT>|sFBbvQ@YEKD%W^R}1$xv?n zeB+2pN2SOH zxvWa1WF&v*6S3Nb>^YRHUO)eo%jL zcbO=tBac*182^w&8FK zEGyluGxpa@WpLrxVZ5!yEQIJ>yd8GRO-W8!I~@>G7B=YQ!kZmFy1%dlOtdqzIoTKBX}<(@@Gt!WOihF!;*R8uo9dEg=TjBdWH`rH8b{B zt)T2tQ{mP{%Ywd8YfjtLHyDjc0J54|n~?=F>Fj6Aq@iV&4z{GHIe6Cd`|+kPM?EV} z{E?((-A*%&a-FECD&Q!If1#C5`roF!KzF~u`+7%}{Gua!;_IjnePVo;V2DNjtTJS+Q zkztC_1cCRLW*YB@8eOPH$06_~vgcWzp=-|AUbTj=#W{eS4 zeV=|#`&W5(t60cz{2Bb`Y6s?w+MFCG5wHBE331rC&kftE!V88(|&KbuZp zWq7o}Ve_L1*fzuGbx14xLyqL!dVOX!QeR3<$`rCeavQNDuRgIBdrSh4!pi8y#x|3K zuC`DG41pZj<@H|X+nV3Mgf#eHxIMOokCn4 zd=3qc({E(p88WA!Y8-uN`2<-^;*9{~I?NRY2wXDh16xG=A{DaG;>{SF|^K5@i(*ry~c*v#iypYlTj9u=@9X!T>>F z{4U{$3?A_SDb(D*%$eU3F9m-0Oipm``xND~ zL0N|c0(?M6Wh%=QPNu;3MCtUO@D!uD%q_`FXWLB@r1Bp(JI}3b)OJRTeZ+;h^mOWb zo!TKoMMl6IM@V`7#FZEk;@dmU9VVc*zw?Ux{T@8yA;RMlp}QBh_q-kyHzwLUO+@0g z=k6)*lUImI-d+}CBsq2L3KQ$P6K~8+_IOshoqgeP+}voMfc-EC!1xFFn>2Kq%G_@_ za>{+V{%+sQ$eHx%_ip@9hMrN&!x*Hem<`annRhhc=SUa5hfhsaoEGOJ73c2{H%O;r zm0bK`@>pnbg^f+`Mo49Lp5ABXERMHglEiGKDLolnTC3%<*aCYf(WbmRAX+^91i5=B zJC>;BFI44Bhlg%H!-OJKp4|gY2l@vCHhCBm9nUA{?`|t9@fI z22w{j-95|r@}ZW^U9Og!I!U58)``t%e3^YSyxq97*oo!V9?aY)NV;`-!|Mjy-m55J zEOW!NSO}QiKBKCm9RQELPf$UwfA~~%pmN()gkN3keqq~H>U^Zh9Mw97nl7?S%Or4r zYkXYkAJ+jf(SsB&p9gY;_qxrkO{WU)x9Adv(G%uEJ7a#>JbT8z!cGCjS(;#=dP(KY zu9flp@{XLMmM2GlJ$e32(>xEz9TV|&hx*RUfX&Q6ZLPfK4pSqof^^-UTFCKwK^EO1vvuQd}GonjV>X&G>}5ay^ACI5=5KmvbarpM+$%sLAR!NlBZ6jJ4xVzQrV}^ z}}`jw@EZ!1pz0h`rob#l-A-5l?b!5mL-+_sv3*AnMG9h~^*kcy@ZwqBCig?4MDDYXFK67{P;YSq#bXp=WH>>uW zpJuDmv-u+OTwEprxAl1@g{bgkh3LqM>QtqK$nQt^r3sGSe+_+#AWC-i2mRHL!$LL9 z(sCjGPI<^6-Omy%@_@|d;(z+T>&|=T@A=>rbQya7sHO0h|ldQ6RH#fV#eaF_f5|fZT znED?!p}z*7zuqAe({0-#LQ6|H1ODB2{Bj4x#45~xA|1cH`}cR^pzCI+xjbL^->?na zwjIv?`*r#IJD#DGBo9o7zKnGL@-hGIzX2EZcTvFKF4;d9_5b#Zx;)p^R2?H+lzsOs z=ii^YzrW*YxhM5lg9R(yR=o1RJdcq|akZ=;_R^evdRRE>^xuEk-`;tx&w0vidG>D2 zMWTqiuk8LC#LMI?EMem!gPQ-w#xCwSeDgoQ7~QgeF2&Z){m-TN z&2;Nf=T<9(l7_MnDvFu{8#Pu}_IXNRbajH+TG4%Dr7HzIzD28JMMdw0(R(3iC>hYC zly=VMO*Ds?B$c&}Ml@EHu2pU`81qagKoZgEfz?2fWfQA7Xa$Z4s!yYPz~OWeOEX%c%_A#Xd=r<8Lvf z`s!9Cb9g!^bQI7AcvFzZwZYUPWkR-i4=)3O1+E*p50WoD4t)px4C7DXvoM{9uS~<2 z*Wxq%;*@(nNK6=EaF7B2-h&I-CV9<=z8vbq1fY>3$>6GW>;Tygger({=YDauRsk8g zbuxE0N)g4F2-9&*XiwEb*D(~0+?fS<{e`}TTtkYYqMD99&i%C8ds6AdZQFO)wT|!F zI!ip|JUf?{a&53xTajKKQTISLk_4lQ$$0$`d=6RQzhtR}o$aW3Ew$Hai{zQNh8bEg zPU;qToh|tG=Jw7M=;d<3sI{Ybz2~$e?In_Pe(~j8-+RJ(m2gt>xbu6UeP^c7bx)Br zfaNKrDpBHKOF*C!k1;-&WvSjkGl|&AwQdYGMxAy~ZHRw1%jC*mm<3Qw4-1w~cKa*e z>s=?$oNg^I#8)~7xq#jxECUUoDE`_oh4)-9xenTa{s#)A0UAIROov{1cQ-_b;f&pf ziIM7tqUNqz@1~VysnaoEXHO^0`U7ZoN-0UT+gx9L0jMVyyI{FxENnan~bU|?7j**`^|x*}ds zV#EH|?Hpr6pEf@`j&0N1`3&cE7;TZP@xr)|u4kqhs!$j-mPwg7;2ED60pHJ<) zJ|*o~J|T@)pxoR|EEwxlDGYs9sNYb14;Sw#sYHy(P($pxT|o}<$5ck;M|K*6E!i$h zIjOHmL!9XEPXcZ!uvXLiHFi)^28ymbzT_wrw9Iq=z6hvKaAl;Z zhkKr-lTP2rkJ&NpP{J^uA1nTj>Yn^_pP?lhB>#jH?^wQQt%r;hyG;e)a)T4zSmW{4 zgH4902|Vp@U;MBXlI|)u_P@4KV$aUSrQl6b>rJr*qHfzd$fboQNJM?3tt$@qU3Dx! z2@HefGSG|KsuF>s!MU7dyX_`;SI5#Dj9W@zMGW|0z?@jJbef(q;Ssj-khqs( zJYGsjD(*5g_QzVkcU(n7*_>g8Pd^SsbDiGJr+&gXjJA?D^um0nN;3i?(8>^S>nP@)oCY^BK?_i^I299DOLTh-H>Mdm#!ri3?x=g6@{v1MoV$F5`9ll(ObR+OnJEYzmd^M1<*$9*hk%%r1tSeAO5reip!|w?58`FRouNX z2#X{?7pkul)d2Gq4;Bqjo(u9OV{VR8%kRX{V-IpvlzzWUGi{US5no@04pv^^pUikt zdVMa%O0rdO#;A$J0BWT37V}&8y$s{i7#nQc zh)E=TU(2araR6+1iAUEb?-kHvv3F)cq02f3=1K)teWFu42B3RhlOY0zjLDx9 zqz9h+q`m2WH_$qde-v6h80(^@5`WecY^J=0Wj5=O5bnt*6txYeIG?D?P6|!aQyuAtB@~(TwE~S zV+dwyUO)~8N4RQ4vrfO|P{J^?MtfcTjKUjk6|%}eIcDU{yZ@0_IgpXD^uz~kr;t$u zOET}Usjs;(l(X?ZB1)1*5C$w&_uV4eW78C!8c#MrO`*SIFVzFIzsDTm+Ng>dK?ki=e~k09Emer%P8yHO{&CLQNfegNJdPsvM4mW9 zH@ENqu+85wh>Sy=Ux`22V`F{EiI(9lNuFk&!FzS3F-A=l?&%LNKIq0Mb#^B6-uML)_!sUXQ_Rh`$Wv-k|e%Ia9y)oq)0pC--nzNwJwn4rog5hPf=qUhy@LjG>k zB`S{&5(KdX9~Q+FtO{M?hpUhK(jB9~X<=?CK&wh0aP%2^(CHWt)~OMBKd zaFieDz})!+Q(~ibVkKm0rY}vImE{B z^g3{Oi8NNl7~#1ImS}w~YzW!+P&}(_Ugu<^pcJ7Tz4|4UbKYi5m~w^BJ`+h)F37(@ z^@gM0q#}l>0b5K4IAO0`N6W^r2jl`j()1pCP|o zjnIL=#hOS( zRGF^6;Sy#2V)y%8xj6!IrKJ<;(eI1D8G{7w}-2y)ne^3rPq0FI8_Qq#ig+rqi z(=CQZmPHCV+3de7aUwiC>m&hYssecsRSg{c?hmo}Kp)|Ey zAaAlNYbI>?Ma~wj)Td&~*?I#OFN~}48Qq#tPp@~f4I99es}dU0o2anGH5#S(P+;g( zl=7~EDaZI{DvEbF9Y5asDQZ_325B4e#5ubyefw6P^lN?f^$O=R@I?;uAffU&d04rO zw?2LC;T49Jkyi7HB}-g8a&>@1I;mSoR3qP&sh0>@1vG8Y;p7j=YpY#O!IpItte zWq65=id6Xs#rJ!Ww;NkYtaQ<&N^V-R5V;C}nlLuM_u)$W7+EtQ;@C&WTGdFEH9kzC zs(#!87{eiuh+H^r{OLoJnktM`oCSyB;E*fOD9%p*?$39x?ZwrBDQO6N(EOvq%HfX{ zF@yqzg3MNmH7PIWy@vw3*Cl;t{C&>5efAl88t;QGW;)cr1esUxZNRCH6g)UgBfT z{Iq1}{HA&;SIQkNa%`$l{8hLuBK40M({VIhS;xmca#L?MMzabOyzuyS)7?DGfNxxM16uLh45R|UK-R{Hrms09M&x!nagb9O`-yliAN4AYMMK3<*1n8$} zrV-zJ-*^GlCeZNOBLZ(vlPU~-)$jZQoh`QPfVF%3XqpS;vxPPS!BI^}!RsQ}gO}b3 zXluBR-HT$VuombphBasYL9Q%XJ}dVbg1U^m;{2o%-lm!H<$AWG5IQ&&aIJguzPs}= z&||en$X+$GM}p!BnBucq1*E;~{<@hd{Es$Dr-$ca&&zJxcZ;`65ujkN*p0+FqAN5! zW-1+}XE&cRO^rB??cABJ=fSGQ?2bXO&Sr8F4rz46)6NEN5+1N zfl1Mg8Br%KsxjDza4SukOW+!jQeZpKUyUhg0=!2r!~Fb6hK>tiC)iCZ_FC(^cp2)a zC)IHDW7Yxpj#R7UDbLm1YAyeIeU3)GhEyhUBbBS>*t+8+{DBN-?v0hQjmK=&?<-)| zV&?bSgpB=WCw^|cak9`?ikz*OYckzaIU92=IBylqRvxDO;WK&8wcPG3LMW>yWw2_w zke;8lt2-Hc`1lX^;Bq~(2Cvbf zc0V#;|IKq}GDP%AfR?nRc}Y+$AWiiGgoUJrsV#s7MQaoFLgD60bx7CoN`VVDo7^g0;3bqnc<)K-uOU!K zwP@&Tw&Rf)-+Gi!t_t|43qdju$lxl@;#2r=T06gVm*zsQjT@nRya2X%%8#T5{N5e` zH63ntPma{R9k#a&%aP(7KB;2eBaYuZi}{l~(a|km(;FH&N zPtG^MpzDXIN-G`CZ)+@o#z_P?fTdWO01rw8!XX=%?8{tdChf`Zsg)H;ijGg2n zf1yrPJiJ+H$(XRI{BsvGNu)8YA09F^pc$Td%b#9*ZlB3_G$7Ax=I0!xDu3=%i8Khs z<52WVBu=)ooO-hm%%VI!{Hg}lbCPWsXD#FneKudmqm(g8m-@soP0EC7>CwuwzNap! zxOiVy@^bT0^(xcJh~#;6cuiHGC6>ib&0&E+`#L)0u+mK!5j{kHJ+pGn^O(l!s!AnC$Xya_sXT1?vpI**GF~TOiv4D57l zD8h)1qk-*k`V`~WX+F-#XvkVz=KplKY(W9^X2o+yegJST=9zue-W$k(eu`4mLrBzk0dby|ZT1 z$Y;_Wu^`E*IZEDI7CL?N4(gp~#18q=|9kEvtcCzn4d!+_jZS$3TSe~Qzo^?oU_tTV zFy!Mt*-#!eD(rUR;yXJ>@{skApXsnxD>L)aE@n(e4JZ;c1CEAB{==XAn`YNPsKo#6 zsKh@|&;Jjk)Ia>muZPF4d-y+K%U1d2pG)z7&!zZ3#-Hq%VEuN)j_3K^f42b9HTP_$ zG|9M$B{cB4j{Vx)y)^m#oz@B`SMP8ql#cD7bTpt_1f3*t=a()0(3%lJeI!#*XI((X zv!#n_dTu-@X&!=ZnWEm>uv!CPx^ltLG+|il=PetmEBk749A#_ZRb?p$dfToBXt-P| zb6=~E;@yN3ln)@pW z%fm4S^+-%f8+ZShWG;B_Fo>4wZ3s<&U>E}59eD(@FJ$vsX3mw*OFH?rd;~2@IFdjL zVX2~=`Xg}Lxk)P`&zN3vhJ3b&mYd)-OvO~)KR*h?f^_m*G?m7VNOYlIa5N06S~^lb zgVIhYBnfsUICe%;wm3l9EE$zubPBs*YQzxqX=D?m0~LBI{HwZ7>j-H4<=in#;J;e@ zW%ker!RDp&^}JczOL_b8H}XH<@k}Ol%+?lfh#HTN9t8HJ0gPM2*yts2Ug`n%W1aEN zQlE`$W1#F>Tfx0OU~{c60Qx>#zT})~`M&4APZ(%zp+@OITq!Y!#!WJ1K6|^nK&yDk zf1(9R(_1sg4KiIwnsQ6wAsV=j^*hQ@lilvrBp?=5^$T5cvs%+U6E{wIJO|l;4}k)g zrA6bfO>3X0lzXRzKbr%^&lAq`fa>e3HbK@Z$1c~HM6qF+~RM2<}F*Q2K@+IpN_tZiklDq^yjQs z-9EV=nI7Av+6D94EvK{#L$lodVOHt#aL!f5j74pzvGkEUSX)79>HX~UK)0u~yz7Dd zOT9t1i=3>p?=ij`zEyv*C4`ZxKUT&(eKgAGQDI%4mg^K@`z#DRD}Q zFS*WfV(LZg+O=gEt)-L2F3!#RF_=+@5>z|7rR=Pp5=JrM_yHJFI({ldG3;EI&J^OI zs)o^`aq=UUf=XxED0q)Y1d>*!A1b}S=3?V#Ryj6a$TxvxDK`QqN|X|$nmTw`qlM-g zm6J5Q9u|Ii+YL0pM84#W%FJdi+E`c<)9M(Ua;EB%^HP0SX)y9f*3@Z0W0US)xVw)g zlr4+=dw44gYY`d=Vfxl*!CS2DQ->r5_kp5)?owd z*3n>@BX#dO_L@3)Tqs8wDDhvN?)}Iz->|tH2sO{6>!sD>qw{m$5c_tU0<~<22ko{bH1%O`u`8f-3ec&u zKEf$}TIr4fU?{lTq<=yve@IyG@8GY1NeIEnv5J;a5LAZB*brrep}gI%#KV}pq5-ne zLc6spz4b@iMV?>j{qPXMk2=fmeTd(_SCT&ndDf!#eOzV`e9;owZf*6HJx zs5)bpK3y$T52mBmc7*e#0aZ`;H|(M~56-v9i=!SXe4pY2t-HE~r2MEJB9;o-mF@rH z%S>vx1Xmy=wj$5Hho&p_@Sv~3`vnV?ASclE*vhb`SF4!kjlV${k>0&2XCxFCR0&Eu ztB_|OlKtifZW5AY#*uti0C1BAgkh~lMxV8aWaVy(d%7vRIP*m8hDWExTY1~fna`f( zmtZaX_E}h8`tv>k#a%b`a>jS*qd-aNp?{@P^2DhnvrlrZ=ViNP%JVVhOaDQiocCi& z?GCMYMV08K&V|x2Hft5t+bpbQ@2OIvY~*~7$v@|;F@^DK-W|5SaUb7%lQlqRS^4Sk zr1}IEDU&y)K^N+j&1bkC4AISkSw6*PAmGa2KcN=9%&v)Xm@1yeBvTB-*)nEbf}GZo zE>yLxL_5ITf5;{MjzPTg=ne3Y4^iz45LUl`OwLQpeQiWft;3}zioZ>`=4DR#S{w8m zZ1|FG+y?qyae<9)?96a#t}<5?c{DnqgSSO?!L;P)du*{Sg*!19)Lm<(Q=x7)egPw_ zRlEcG$VG+ku0gC|3Xor|8$wbevug`)w{DdRpSA9?TNvmlAAcWB@^iz8+ePHc)Z)ck z&GK`X^u2R)H@9!Og?h09y*T%0l}AHMZr($l@sgMOU^&VwH8I>`h1Q@99Ek^PCBwsa zv#{P7{jZpmc39#KXk;e&cQ5s$Aw~*d<3mny9?hyb1Le3}n9ZfOKQ?TH4qD5NBGv(D z0&c?q43A0w9tNB8sgm{O5rDQz$p_S&o}HXK9CAH=-(haXK&^t3nQ7?OKHd*zBWQc= zo$6lg5ny;qMq!HxsZov58*sV@KZ)d9hhq98WGqj9qVrw%>P)R7sd^-jxhiVKC}XV} z8z@_x!5%%B!c7GAEuf(|@VfH1e9GPZyf?AC-DPNTIwdDgt>`N*q zz1`WfgTk_tc<*7FY<{zI5Ezfa2?|GD9=&Viqn)au1}OT%Ddn0(tgnDVgLkk z+^I?|2siB?3e(q7q4pkTYHEk5&xS9tJzu{A0xk`9hj5XT>CYsZB1|wwikYUN!*mSd ztQdvd)UO8zG}};d+_)wxLTwC|9FFai#AOC?vCs5EN`FI9D5T@#FXSRmZtaat7{$vX zkMc?=aUD$1-H>TWzL3#u^kjrJL6WMEL`9U@(PV)o5$mi%ZAE51zlbpCk5$?)@~Uc)W~? zm=kz#30l?EA`NExh;N9J6B-jN3o){R^Kh54KzTld^8LHnLvWAG?vTJWBRE0I&XOL7 z3>-~Cu~`1SYLh`}QR9?YObNeb3XQl=$3yUA(P1MvEK7Qh$~akr3AEMPh<)BKNMnVOCH-qBzZgQ;w70idn|3S~&nh z&nt8=cS~4^)4Hu{=QGSRrMc^|bJGJ>hv!>+<7T5BBFfkF#EV!<(#g@E>ge1&F)bp) z_GN{l#Rc54WL)~8xchi6r7^>CNH=QPSnE(BANR5xpXvoDoywk;V%SbP(lv9Q8N9a! zS~2B}({wMb`+d1n7#$@-efquD;La%-Mth1)oX)AdY{UDew30AWKprTXRV;OT`=~a6 z`(dw)Kvc4})sq~83nlK+FRLSY*s^`h4|5yJ3{>mHRFZ3vKJcED$-H?fEV@%iN#%|A z@M+Y>j1kGuEYlo$n`GkVcA%RNm~^|tB0d*Yv8S74GK9LM<{N$^V*>nk5u2qmQ9SZ< zN20_b%tDEU$=yjy<)ODxlfiJA7n(j`2NUOmqq}!nH5teSMD79E!iNy784-g%KA}dL zvWfO-!(C!>Gy}#6XoC(g|J)0+7(O%2^&=`Skh zhUq$|sXtw!x{{U}1-urPv==bix(Lyj}n>w}>?KSE^sj@WNBn2ti)k4n%)qB^Ul9R`M05e49cDgyurloR@Y?&gqu5E=Fhn5c1AaG}r)10>xwJ zxhc{09?@w>QgP(}L@D5)_zr`aL~?iC5yT6_$+F#D{(~38=N*8gok(+%*(*54TWe--|ENTR3)0jq56h+zHQJ>(~5FrToNhBZ-va{13Qf+ua(D zTYEyD+`VwNEzvftuoex_;7*-_JB}M$0e&wfO*uuiqj?bT_yVVL(|hP~0FWiL*YAr} zz|X7LzY4El7iaqnUC7wT<1y)iyw7X^d9P_w)enQg8w?aUErA21O?LX}&m2cheTS0u zHSVswSP>*HL25u+qbBp_E%I_A_gGaT!#k)6`m;WB(4`(c!>s^Q|XFJFI z(~L`}{H=OfZqloe=y@!@J6hiYX(hMN!3K&$~S=~GO}JA5dWPg%gs=pXcu8C%zCKkrN( zsgwXDk2a@L>lu>o2n@#E&Zz<*^`#6avUxuIp#T_j2*sm=k>#-vs;b54>wKM|r=9KN z@+cU$JD-Q8ADo8iQ!G{i>Fmf3x)4mF8on0T+8$#PKMC`1H$qT&{gpWi?F3=(=E{Zd zj|ifa=9P6%Jxs@FyV9OYtR#6o-GuZ=B%igubGJA1C9hYgx>5>8l3`6o@f(PQEe-Hp z`#o%nf71>&(Nlv7{ zlb~W0=R^Cq!2h%?$(+IC4amR1MinL$-Go@5V%8(ReesGy^CK->YiPWWEmfL&*P!sp zdEZKWi))`#d84LeUSzlk+bwQn$WSoyD<{%Y9mRi|&SQ0|ZytXKyiSD57w&H%xOGRs zZ9^@;lA>r+yY_m80aolnW!q2dW6x$%ld9d^Q+t*q*OFXEiU~W59)-I@ePl$3BRyH- zRJ;kP%t_W)66#5sKuA~DD}t5N8PH?c*#7V^8Knu4K{%-G@Dt7B0s7C7?Lj(yQ+n-Q zTE0_OzR$#SH3wcjGa#>IJpx{%U#1Ip0@O|)USCkYvr9P{`!NHOliugg@*&m@>v0(P z0g7>+uTW7W)lPFz_{{%SMrrKCElJXO7ERK19}HWdj=9_DA)IY@XGNn@`A8fU*AWIU zTL_4dbS&G(KCBOK@IF@~S}Uq{ajK^Q`C;zA@~GRM{0qZndzgsYJLKa7rJ4giZavTW zvZ2mfb{p5{rU?$cRdNC$E0)NJq!0^6Bvf26(rqo_yEANDKG*(5lbG)!7u{J=+uj5P zw#*EBo~;6#0xGaYl`w1-*e0J4?V)Vsy7T!PPxXJrl<2odp#rw#t2l1I=c&?xX;J!L zO-RGNkDb@cg{99Pef{k&r$H|FDc=GC>_Csod>fRO1+Ya81y*{(fx|qgrW|vSHI(6$ z%Hiw7)jd*m9rWUf%ZkK4Fvhr*#)bR$Zu*@M+=c(J$;TA^NHLo=@lMqg#U|@wCR9i;%|HBW* z@eqZYR9D&Hes@Fuc8xm8z+gn~*T4PmdPx5mjQr!;@{eoF|L0aXgDq-mye{*jrPS@O z{;L&R$Psr7`!db$FWmK)lES|%UK1%#k&I)fueClip1of4-~4*tg4aO((+HfWFr@CT zkNB70_q%-}t__TjBF6&w^?s+W*^JVE{%y~@@Xi1HVsstFZRtMG#j& z|MbDhm;=xs-Gdd(bOcps1GF+@xSUWpmm;q>n1{3zLm;fgB6Tuq%-C-H79_!2{~z!y zaX2he%8O?3AgO2Kq6e$EA;mb$=18axTwUeI-DZ#qN8rTj+|lbHSHqMJ##{10dn37;u7CMx`~yHPeOj&cOCom{vXva z^CX;Jopg zTyjyRcB?&Po)$wOYmx;moT#8(w1}HCc&uhj(~KjR&wW&<;@&wZZXE;d(s3`{=dT^b zsBKz;s-N*(TpEG7R2R^#DB5d>bcQfgg%Ml|1^l6|>k-hA6tqQKoIQxplE>PUn_P*= z?2`k1*;`;q_o30LJ(H>0Pm(yF+&P5?LfI~hg!*2`vP);E67`mFtox^9P&8HMpMpJQR`E2RwwL8ChAlJq(zr03x;ELwlyo*9j&0>#3>Y^`18voT&1ftX{e5+DR3X&a?TT2<~az z@HgLs|H+o~liTANafI4DO&BAh`1~YqnGcqx; z1S6Za7X=hin`qUyH3}qoY(PFs=YI7$QKT1H5Csxt=IHy1qc6*kwo;TGWf9y0aB?4t zY2hBQjGGf0cp2>WUpN92<7<;q;iM1$!@@(h-ss8|3Sl3*_(&<0e(wiwKvh>#S9f0N zNkXgW5dfUZ`Y~oiO!RS+Fe@Y;*=Hv1L zrpP32tWRu=*QYf5AV2)RQow!`Im6nc4VtO5)sHTW!^COMm}IamKMSVR3UqI|lrHpp zktv+)a;h4z( z@3{s}=yV`#zXo$jWRd5p`;0XhrrWn3!SRBk;<5hjs1u=s;Yz*|8%TSP1`E;3y#h&j zJ@A5RJ9JB-qMib98eia{ClNBMiqQgjd!)Bd)@dvEVF!QVSNLZF%}MrdSl_PS`y^DR}19B$O{x(99${xiHFq2b^RSf##iu zF26D;RbdwFZ-lj^%7_K+Q_7dfZTCv!61sWXqW>TE-ZLtytZNr-X$%<9#s&joA_k2?AB*q-2mFQL-4&RzL|=3haK zKhC)CKZe4ts#SZhHRm&*V0`@2(k8}NtLwkJpbQ?rYzUKU_==C&-SgNDM#>q4>)(~u zjoDPi<5}j-21Pq5gAUJMsBm#x4uH^bKI@fL@^5j12LRg0r*c}l+?j3Jj0sBFV9NAo zIn>BN#pEN_#Sr%8@DR;QCq>nBNfu}1WLYC*dWtJ=E;mV4-}M=`HdKsx!TZz|)3ZkG z3Y1!zBRt3V@5Gv;+^Qn$`+zS<^E&ht4os{ zo%RgAq4lT0*O|Sra$Y0%nG}%CG-)d_>7zwO;Azvl<6P>!p%LXpWQkIfAlrp3QKoHO z?`e zv+O*_8WCF~D|}FgTI1ov3Se)BbvYs3+A_Gx*V12jDEd0Xdzy%>fcr{tt1lU&ZyoR! z&RBpXj|c=(RdOb6xVt^hxb(o%$BiQQ$No_9Jp79B!8aZXR`((y3e1O-ktWq)u1Ifm z_fwnqPcGzNlUM4PL_t|rb7UCHDxoBV{oL2MU(I9pA5(CVWsSBt<+ru!vxY6KBM@hk zV5lZwlUc>)RwTUotbSA8=~vN@FVe-HDFhNi_4#xAqzK`sU$e*@zJQ{xk~g`%)GGpi zgv)mZ0^Hj^>D&VmW+rfyp0 z@N%WQ0kx&Jrg&V%pDE*kh3d5V$1>k7OfE297ZIQ*T?I-?+8zEaOmZ84)&&waBX^WR zM@-0?J4)ccb4RiH-*HDV4Xn3wI7|)ZC}9bp<~_Jk;L|zf>`i1C9efFgII}CmHAgE28v%dZCnu7l>U;IO>I{0d%iIcw@3od{; z$}T)k=VGm$*O0E;LW*!hc$)=KQu=w4?J%3~+~N0XiR$n%J zS6b&#djDsNh>~)QuC7c{DJEaH!EUd z{$Nn&D2CY&t`JuP8^c_9uNSzXbQtS}TheJ08R*F1wFO-zkgWdtthrkx3Ar4mpjvGl$lmM5m(*x5&i zbtdFI&UQdm$hiv)%|_GMyF!_-Fe>AIbLw#mn2h~{&|@g0=(YX)oX>y15aGUYytg1W z(B@l#_5BA1{ewwvKG2s;N{_c%K1$ovB2W;w^7a3H&30K3Ip7Pc1tG3RXO>prfb}~t z@N$T`8AuhAtb6A`f$?TkObMp}DUnIcLu2!4xr_ac56F}CTYfundo#D{Ix-@$7Kun9 zE<``1?^5KQf$6hO>d4sc z?zoGalTbN%3nS{(Kb7!!smapWTL<$p~UHuD4&aeIRj=} zR_wfe);SFH7N~T!ikc{(&{IxZJQTw!GPw8)H^PuP6qSwF52@0yB^|vZ4RY`TC{-r% zPxBZ1dbm7T989D%}%z^nrQ~kqm6HeTHM-E!AN+9 zKXl5^sq+KbP3b8;bfSAnn~ylRraY(THN~j5t{I|)e0~`LnN*ON2E z){fY@)%S%vuZR#t?LM46JrnbU`=W{L$MwIL({lQ~^4(>&gNpglu|V4X13~&bcHG{2 zx9DJC`7d|A@L!G3+(NaE+SH9k&SWRg=2P#tZhCEYdTEj?)qAnisp~^Y{%^Lkj*@W+ zg+%2Tf;)jKZ_#_v^;_e!_CwhYY7`Yxv5RW*OqJ4dr@Zwv>kH-F779~_M{T`3=fM!e zp1zH*3MS6P68H0urFlT`9UjF7z2QK{E6pD*7ERi+EwQX2F3)c(xnVXkw$V13o#`x! zh9Opfy%Hzx3*v`O-}jGDIFOR+0MwD$lw-|i&(`hYeo{tddVSl8BPgmS0vdm;*IMij zihg~>R|_PWX1?$s<8ZL95nO?tpc?Eu#6On!WjY+W5b(UdN-XsAysmA?z&(e6W(VaI z1%abF5@amlbx%o5&^#PS7$(_~W$nv#=C4HdhWrIIfX%B+j_$R&-E<#n@jh(bE)mDk z<+HksEyc9e_bpM-j`&?`Yp|sV=5m;3PIA7z((i3~E8XGLye=Kinx#{=D(|!=`ybt- z-F;tveK_KW2CT%0%g?c`!)1dGIS&PY1_+(f#{W_S$w69l@u;26vPf#v(6zy?H=!%Z z2fNZ57@+SZ8E@EZrUxZ-z_J-3soU0VXE?{hiHhS`9pqtS)kg5032~HLAO0ZQ-95#B z9Q-mg>wgWH1UiK#QQgK|!;|^*>PpvYd$>8`H)oXa@->ccHP!duX+YvJ4%Qq9XLv-OKch8MIad+7}Z zP3!KBdx4`Q;Y>{DT_jeQmt(U*T)UltDGbnX-w^hD1cV}oMA};>gGn6fNukK)aIa{0 z#0~X@yjl+rFkscVo3-5k=Fy_-9()VRZzNo%lgWo)GZ*eX|AKeV6*y}zMGry!FJ!bn zUTHaW0M`UwFU5y$IS|(AEa46+B$X)C2uYrRgv!DB)VZT};nsQRL?lh=49|opoI)%d zA}J#FXyy0x*dHcUJVjLV7j>5-j7l1zy7jUvV}g*A)_{g-=tsni43APu!H#2%A?qS+ zOX6Q#wjD0#tv*g`Ahgc!^F67O1U02q{Mc)7tkmIB9y5X`VzkS&tR-S1i8iqa3n24J`X?26qwSyH^(Ad1T#cXT~78 zH1>iF?}p&_`gbjGA6>28+VVaZry_G1wQfX7?YR3&NjigFd@bW>%5HVJUQFHYJA&~2 zfZJ5N*B6av7t{=88^SgM;kOzuwos+wt%i-Ps)mT}ho2iB>C##q`g)%k-PpY8wSVIl zAtJ4=u-Tl6`nw55!v!_L_2;jxpASi~LXNGnS6G_qxw0E&n1%(&{5z%P#Gt(*3Q0N( zM&7XV21X4Y`1KZLo7tI$$Li`2EHvIypgLT~)g20&3_)%}Ec@xFyOEwEaZXt5pnZflX-ZkIv%?;ml`gM#_~6#j&4x$95z-j z418157MiVUm8RbghBxPR2-+CLmZ=b4^aPm82(RUOL&>E(Oki0;y!C9o7M}}~k_#C_ ztD>`SVJlYWs-Myug%~J!!ru<{dX>Q23*aEoeNhk$ch^bVil3~H8bIm|l3U+yBuT+9 zB7VePdUG9@C-*7)e0(2uq|eNk{1Df2N`<9;1Z7@@!PA-?4erq-gArix10HrO`@`o> zk5T=J{2U6Mrr*>zHWiM(*9~8|$%Vs7Ra5-syv>HB0xJb7D(5J;1S7|yJK>SL{_-;* zG+>+SQlToFe#i$-H`oUCWmftVv{FlBx$4_cik^kMdo4Ppfv$w-$}M)MV)sdQCVVC^2C*CsHbFjAew8H%}|H z5K+5SW{cboM4TXEi5dDcSs)R>>Z5eF3ZGKsurwtyqG2q+ZJpO}EJNSXhdZm5uPzEc zig%9WsJm&FcJ3eJs5Z>_Zo$&{f@;`%=F0`TWaY0T1E`*1e>OnUEyevq8mq_fEfIG( znwy0(G8Vtx=2MYng#nhrt&+BG@|GNdDTXd48f!ec$Th>Pji$ zj$*kk(#7O-b-(Y5TIGJMkWoRPt;uE->WfLiHF4vd;2ew9cJCYxeBto3)^a6IS~A%a z7~;f+(}vJ*4c2&1?-E)yYHpYS&Zf8K29ze!5v|?Wxo0~ZWdHe?Cn-);&u%J$%!Xf@FB8DM_c(=Az z_*a{#lq7_3wA3Fr(3lU7?n7U9ty8uR%ewc57c+d|2;t3V8c(a=7(-3$Ua~nvv1xRaH=|S1e6O$)svOEz(>to+a`xp z4P`2UBeWC$Yo_|o?vEc|iRZL$?3ULr<$26*yWXvHS1@|}Sk?5yv&$0B^~!k4Hul3X z?uX)xx=J{A~Y$5u`)H&cI;JP|yGL8$Vu!+T_Ep|K`Q@xegv|CWWy@3?bIe75% ze##&I@Xvqyi+(EzTuCn}QvR0#OA>#(!cShMkwitsr|;z!^DX23r{DXZU(eO6{vJQM zh5q&z@kDUfD_EEi75QI15a=zg+cW#OEBxeD{;#@Gc@|Se3xOlqKzI;9F*W_k>VN-+ zj2fvR-6v9kQrZ2}iueW{;i=(#?Z02boyA?)>|d<0uj{ii5PFJ<%FvsL{ySEUQ34GV z>e)wouTZ+1e|khk>EL<4t@u-a+rKku(r!z5NSKH3hJ9>|abRfSh#zVAXh#FNLpfi-Z^INkB99_F=sjXC$M*j7UNPk_ ztpfOzf65Eq{PO7`oQ6({`SB~noiP2Cx}={gUznxfE{`PK$+4dlF;2?)Ce zEz-JFqwX5bgfju1nWfnavs5l}rPRvhxD|=JEuUUOLi#HQ0E6%-9mfq zKMB$z0@&xvHcB>LtkKTuN5Q%fZQ!j9>UyGe#F(5;A^C;d?`S3tTI#c$*9BYjvOvbX zuX)>nM@#KRFa%z6vYpnx^z>CVG_dL`EvpNLWc^Y17N_=X-5s<3LAhmATc!r^s~bK* zH%*2)@sat_3+0M2xyadt3_T$im?c{y%X-b27O>dWL5O@N@JU>pQe#GRDYoXn_`1fH z8F_bl^)clzQ+PQ3dcH`wPBQ-kl8`b84eR>ATqYB#ACMNI$5AwZvaQF5#%_LHE48}R ztUswylQi^}yk+9APkx~aKDyPU&(E~J3gvwHqA!@>rgK{+z zt~o3ZzO!{J_BPv}6$epENyxy3#KS8LU0m{(*C_6F4Rg36ILhDNSE`R}SvF4ho_HR9 zDI^y}et3lV@anBDBRxFRMiXQvSu&H8fupur$Xl8-Z-l(@bJGJ#e}1{Ab#lT$>Q zkx%DvX0wav*Tcj&@7zHtAFw!aBLh?#KC&CBjZi!?9`y$ZMke*WZ+6b4?5~ZdsO)fx z{XshoAc(aZfJ#FwpB(w7ctfUvT}rHK-qOQG$jGsozdKT(!Yz?Y7<>w3ny`e?=0STU znQc%q4HOs81r`ltp?)ldapM$sKXxz>^?DuEFDS-f0OC z)6d4VL|o(a4GB*~iOr@E%aX=fiP_S*bQI^0^lGx$aCbLiB_MNY<96=Qd!=2IN5j); zJBh`r$$~_J3Og6crDOt^AyA?6k=+|XF*$MmI4i}0X1(Xc5U>7k6#@?*^@hdCk=MeE zXDRtoSNgWF>~n;0rYV}rV>xftNPX}~<>`Hl)N~|6 z#6bR5-L<;hB~*VXZt(zY3#71iH9@gB)_0``ES)B9e0}2J#*x6DOe#r7K=s?bb`rh2 zzJP=G>U%A%TP8Z^BAWW&epcC_Ysrk0REuC&pBD!>)+=ek^32>?_R1^d89?A|Tfc{| z^b3-8SsiHAEF3!{F?N1N)lMw5a^EZhGi)M#Jir!($vzyTJP-Lh?L5}$_Iw}x?9%;T zA@!EU-8}(9jSIq(APf)iG9@Irq|JMSM~S35GPS_#?<^y%GUCRnVCvtJT&^Ueol=nr z`xU0$eD4#DmaP5acAjydP6CDPc z&#wY%`xq(6y~K*k@>wW#7XJL9h2L^W=y&eS)g9uZMZ@< zQ=iQTec(|dq-SRuyuIS@O0{n|*T!jIPYA|#9#*95v42yMHUt`d=#yNF59obG za;~|IP(f2*QgS0OHg0>zsWt|*q3k`5o9^Ct?xWkP#95c%9g)BO(p53rV zu=ijj`3fCjFgww`7LE%;8~l@cgaWzTRvL1Gc}XY=muTw^iCaqG|1rL+_NO1?!Z zdukgBnJ2&O6a3m&e~e*oT*@Cq0QW?MArap&vNGJYl7`H9(k0KLxIAo-<$BXSfBt&o zPAUoQlS%C9Uv{YQHFF87w5Z)O0Yj86ZO8AQpH*-h=l1O0lISDMHndY`ZWLH$YY6Jr z+yoUu{XVa$H`u|_{Jl#0)6B;E08VB-iFelyw0!!Cp{5tB*k}UbH#U7ZCW`|!Aql2m zh#4gX?wx}f80vgDR0&ul%4}~urQr20ZGWM6$I_Lh@k*6lfmI99qdvaml+nFu+{Dq&G~TOMl!G;XaY!5)Gbnc28(e-x&y|Pr(#f%(ZEW);k^HH>QPHt$ zJzz_I%MQy;4%BX9O)D35>#$ucup?GNxJ~wN9~N5RRhyOq zx>uIXA+l|->lD843ffjy^ouBL$sN19sbZFj#L87j-ITMf)5X^_))giI8kIo}rpPE_ z-93)xbZ$`jV&gCg-azf$@Wt+%{k-ma%>99PN5yvb;qEI%D)5~;TRSCfNt5~o#^k18 zJdoPygtlYP$*8W>YwJ_mf;g;nu$`|Nqt|9*pAW2bAE;)~y`&m|RoRB$9+%Z21fpXC z=W8gn#)E}qv}3FJA|lzbx_rg;(D&8A7(_pSwA3QK___chlr(W?)L0YrU)@9eG*;Z{ zCOXfQdl_z09McgB!j=F9UJ|sOTv%yI8q= z36g!2&L|^NrH-y;eR`$WQK3cJ^C;_~ zB02-SWvZ?^mh87LTZe_t#(%}mfsRT9-VOp!)e={S#!ktIr0nBI1A&c^UMyox={ap@ zD-_}nbJ0tAgUgXho?Aug(HAC>aTISv~DLoCQPt!=x4Ub9zz20b%m3vGc+ep#R_sBGoFE zAXrW9oD}Xeig>6&$AYBeLXz5f&ibvcH6O~SFSCe~sNrsVq#X?=>pJC6F; z<+fFV&4S@gx6I?Sp_FL|Wp_dSOIaiJgqxmZm|{&|@O8_(+$C2?TyaCRQ*Pr%6-~Fk z9b1uTUr~8!wL3sMCa*D%=Q%B3W6@-35#$LKIKXqu67^n9VsT!*%({P{Zch3 zp#qI@#JP~IdCdTh?uMK+JD1(twwo3NTDuk8lLqKgG)pguvwaA~;?0)jD!6+NdT zhW^ACg8a@qPEhs{e`(*?$cr3UWABCLxD&_KW6c*LXG>R?159J5==-HQ)V%xaf9FFH zFEudI>&VN}+~#|Og)dR55TD|v*3G)k4;Tumrg;!Wkwczvzd*H7=!5;KDgn{b<)Khz z?L0WCHR!b>i7YuDFZdfJ>5j-hNl3po0qtZMYVA6`K6j~AbOLvKZ%tGj%aXdvb7V`Y zc?j1#y&TtqGhESH4Bn(DtyIQB7tlA znVWi~&jAiccVs`s5av5IIZcq80=cq=Su5nhv#&ln5o!xvi z_5At-wLrmjslMWVj$IX$KI(hZe6Vqd>h7^jxoK@{$qdYNam(n2K9xV40jI-_>gytu zjiy+6_^Bc^EaS_hIZG4T4z$izO3pk* zqZjP+`XM~Y{xPtNX zQ{zfJY=s|efQ^^#=Wh-?ql{Y~QWZagoZ~afpcd$ulQAke5|Pp+W|>xE^1fhTG(}CYk=iQpp2WKUPv;W)s1>?vAgF+_19!6UT|%_7%Hg@fNY>=N<42 z2IwDvz0xMROJVhfWs}1yvabjj_M4Pn(Y=rN5ScCar{Zf6pHzDEWk|X^qg!0o_*-H6 z{TAq#_4ORl^f|Er%ThP?`(#A-@@$vkv|{4$LRRq}+sD6tEqUT=s1bF^I`5~not8Z- zhl`eP7iaZ?BM1}E!H~^7DFwWt__1?ToR%n$3^g^3c7B=1*5N_5@N^06Fpoi&t{Foe z1{tjot}0PUAj79Uka7FSU8$Tc;y3|Y2*YK@yZqQ@`@ABW+TT^(jKes&P|#|PWq9Ol z)c;J~VYidM1vSZbXkTO-IV!yY#K2s5?DE;P6vavsNFu!&B(FA`_Noc2hIZm$tYaaH zXEK+Zj94es;ACVu?acTj3->cbHk)4V=7i@7ci;nsLEt1_X?tA5&Gwud79+q)vYLj> z#OHgw1KVu()ld#WW__dFAaANuA}dJJumNvPA1F@_--G>Q_m#Ju+EG?}(vqYI>pv|* z5rO3vE8Yc@wfW%tN^O8`w6gD0=UN&vq`AEHEcm^U6_{w{cU%NtHV_+(5dD;|uyu#7 za7}hXY;qdu(xAsaK41h4p*yj$=!8WaRN7SWE z-4oGnWGD9^8s@=x@Xjp$EwD-e%uJk`u6Boi8D*E6m)}pw1@%u(>WF$qTtp>x@5Nvj zsFX1e9=Loa$F9|vBsi|-t~TGwVf^{@wv+C4SmPQm=*(Agk8~smj0$`B-)1XSrBm)l zcPs+$irt@X^yvJP*`x6ULw^eK-h&l*mvzgTA-~BgN7y$2B7cf~!qyo!2z7Y|#8-fB z>TRZ7xd`BX7WwJTH{G(Znpdl)&cWAXIBmvRxq{43$@UQysopPg!2LLP+j#beXV-5+ z7p@Zlun3WhZhs0fcj~}loE9HeYyYh_z7C8;m|gi-Y5Dka8SY1&oGvY%`)y*AQX8G( zu{Yy=Z@4z*P>2~kGB6I3?Y|j?y~VYU-!qfLI^zDRq+b+xn0=7wE)!C~Pn0u9q+2|= z$uMY<%n_%(aVtvk84OU-4`Az#LZni1{B_#BPs-)big{)^CaEe&C*-q6BiOU|3~7?u z_&B7l47w#5=>XRs_H4Z^YQ<)&%d;7Nin}e5zt**rb^9Y2tl&%{>d{KheT;CBKbSz< zqX)<)cI-3C1QzW58{5b7=q&{5Ag%!y5~9#&R|`q2aU6N@=tgYhYEPZbO5Hnk;Y2GH zuMrwH(yTmjd8>=|%v0dP;82iaGxm?Fs4)~czL!(o&#QZj;bYGC3Dv42uVBAPM?s`V z5k-&0KC4>Dk-x!1e1USe{Wvihdxzvr+;v_Q$$DCDG(LV^OWmT5z+QRaKj&mJ4#OQxgV zue6h$Wq6o#Uj+ie~EmTWHFLL;zxsoj~q?*?VD?H-kZ(}y8K^c=v%NaJh} zw{>q;frbrOA0MCpphG#Vr!u8gH11b%UpAi!o9J+9Hd)xy9X^m@r7y_({B}Vdlo|n{ zUe`9IwILU0;LeR=a8iTQAoJ0j7V!1M92NoUUAwZx+v6`)?+JoCn#21Gw{lV?vrx4* zG*NLRt%JAT;=pvtU?uhO!8VS_(u6Q?{a5j^w+I75QDHO~;~a&N}x_od{n z7trnLxiq)}7F3!eaGx$kwz-3(X91X6IW~<=FXg|kNnl^+Fu(k+8D|>6A&#r?` zN%T|QFXv_W^7AGFf)epMR$8>o#^Bg_foV6R#m5g&^>NyjcP*_d%6~K$9-Z}_vH7Z@ z`j3XxfZ=stsEX9G({w~X0^hw_Gv*a-iZ6Zs@aGBaJMw!tV5`m-p#ocoSALRQQZEJk zpo-sF-c&iUfM=ICq(GT&xJgQji3JW@MM@gTTamA5|9~ZK@9q~#V)><_1MNizzV*#N79QauzMc%l<%Y?s zg9+tRwZo)$6l_0;8CB>7)v}Xh%bZj^%)Y#T%G|wIM3&0#ZrKLLOXq>!rhyvMUTD6p24g|>j8Q*Q z%(c-Z`Ny^T+2xIHQ%UT)|3`>X?T%4~sOiu$h&8B&ZrFV=I_B6vf80$@$z_*1+;r;i zQ07Yi!@8_JmSwsy#U7#l=MmuAQuzLtzVl!D&i|k3JO4*`W=1pG&Mr{6#bQq}{u_qM z)v|a%iT4QL0{>TA2zu(7RgLi2`!I2xlAE%x{WpIxYVQjTqKnfF&eu*a6Dh_K|G0z5 zfmzocOU>GG3L5e4y#L7$PAssDzlHrP*B|C{($Z!L`n;9jMxj6Mzkk^U8-svdcUDi7 zg1!IbwZHA?{sKVr337S0kNYnd`PucQ&%zGLba_DOpB90FcQygdN4AaLvFP8dH4~7j z{=3L)U(|mW`Fj=67$mK-!35b=Oq`|k7vFB(pZw78?b}+o`uk#RH<$<;pfQV8Hv;J( z`ll=Jx+e9eS~XvUUH~U&n<;RM$zZ6?3DbbSV;ynNyXeBfClEp0)li0MpqVhA%NH$y zf4+bF_xJ);g=M$;En|n9LoKMbYS0_gV28-o3_NNsb#frjAaAfKt0o=l(g{diNxcM= zBvW81r0#>xT`Cl8v57^1l$p+UxQ^}=cm~C4HHyBLT=rndc=bmqP&CK@E^&c}MqD+x z5mW;Q+#pFQLJc_!6J}Ao@r3Vo&-hpPEVDNV{Hq7zOeUzNG+X$(gR)&}ZcQFR2DeBu zgV_Ll7PAQBK#?Ryn9;6!K%Vqwfkkr_%>=E%OeJ z07{^f?i_kF%pv{)}@b@uevO=WjJ)%-EuxXHe(m%!g>phF?M zneZmVJe9wj4Tm;Cy$Ob$J_XjDR;^Ak1)e9pFB@z$K}i~6KuF4|1$;!``yIbz@lrWZ zfNt#8(7XJqVgpho(+5^vqqabp7J>8Z0{gz^QXk_}D%C)B(zxH4KAYK>>0acv1jangI)HlPkX?yAxP zN;|<`NhXz`oS)!T7bchin?f&XM@nqSEIL##*~|cx{>+NK)&lRkC}bkNF!<_9KVPlw zsS2rS0lH9d{JB;9YDq1mkB}QrZRditr;*Y&Yf63Udwl0^m}=|0R4Y?vOk=s5d-^f} zxz6a}f3Y$Qg70I{HP|94P&HD2dj)os-fQ`KKl>WcT_Nhp+>0LPt2w5g3qiz$;FFx( zJ#P4Ecg1P{0`jg7gxS>?I<_lSH7J+?`PHN+S!Q0V)}OmR+YZNxFXjG zMh|7yM@YBTb6FPPJzMLgs7`Q#AR0A6V`s3etMY`kVF*uxH%LY zMe^p;AaEtBIIho7o_X-?_$qt711$^lXQh3VX|j>Yrk<>qV0QFSMc53iwFr{Pe4D(N zJ&4<-*Rc$f@{V#s79VSDwUa57=ENRF0w9ceuwjo?Vq`ii&N!G&#RFguf?+huW6_jP zdbKUHQDzGc+_xWXrf2DYuua(r0wn^f#Zclh{lncK@Evae$Qt29>@Y@lbrsjQT4OEj zVTRsr`QQLS&;(m{t@(+tQa!w(_q=Q#+{`6QajTO)1cfs+Oys&@L~hXPT9xl)S?xb7 zMPOiG3LYp&JrvNoN-IJY2lzwr9~CD>$Wcck*od^dP4}iD5%Ty3uu)#_szJ61tNMF3 z=h{#{9TYUrSBe&CrMBIo@a}i3!o&7-<)4^BSmIFEJpoa-Z{{6`d}9d*)eTz^8g3Pk zw|^CJnwCCGtr#0$U<$SrG*x({eot!8rNjWtoSbQ_5_$5y@xAGY>SX$EG^-n6ScS)n zSYfftY}L}S?zyi5#-%XdweooYQ>JbZq?;|Jt}kz=_s3>gkCWf$m{=KeRhLTf}D zbviDXK#`-mmdxVpl}^Y>AGLGZrDf!6wFq}WVs=67^hdYPh!Th82FB1m4RwC9)}RfH zhVNkxMHl$6--B_$_Pw)hQp?R!IQ_2Z*fiQolV}VE&W0F*mA+fdkUR2KPWd(#ZZxI3 zzU-D)quf3~IiEUD_TX8#jo$O;5p9BbQE?`J?fN3tZF2T=cR3i`8H z+xixk1%R+VaxU3}7_@ zyOHTC3@n>Mo(}Sy>)_}c<6fQM#%ZrkrYs_@G>!z>VcOhQ;uT`+0$tiqh|*3}A*$R2 z@-kE1ljxSE)INi(R#G#oIqU8chwz`ZV4o#6)&MB+&fIJHB5cCP5hK<)wXW3UaZ4ZX z^AORVU9&EII3u;2Z5e_$VJfj>;pa+odOy1ht*Wo&6DJ)LmaozsSVny!?0?A9XS_VH(wsw>* zx0mAVd=}eDeXn8q^@x)%E&kZoO2u6!p8e?Ssh2pWPx9$NGh`*13~C_WP|BH3_e;Cv z9(yDf&Fz9frzWX=A=5NmOTh4R6#-yYXM=7NJJvi9tPwb;yY#jtr7r~WB2{PbLB--@ zm7yGNgZTI=P++y!9~FbSHJg0RdnC-2=yAH2vdICCS!_+1*2O<^AKVIENY#~aSuU7I z+W5HR@H!%0s|y*coQO8;I9o9pZLM%KcXMTedal@~y8J8F#0tMtS0+F}A6C>|1e97G zTM5A0swFDhKR9>+RXS>bvs_>{C60Zn>G(eNS^01-u9kz6X>D)5@o`8KaK2Jk*C8n_}Uui=XRpXLSkfix#`%}OfBkCCvb{rp^|l);4Tks5XFUZ5ho%aia*8T_DL z%!JEo8VjxpHcDpNPW8Vb@g^zA72Y|3SksD}e$JsaW*_^LndR&JN z_Pd5l7q#IWB#t{Qi8S2MRpW&uhIc9AL%e*i&g)-hTkL}Af}iXV@zvtGTuue`eGQNTpvvA-1onkU#@LIE$btO-AikN>0P z^P*NO7LRLB1`bhS!^WY2iF_l@6;sX`&ng~Vth(vvvADvD#@sqQ}Z3-o7DFwDNt7&Oqr5^!;+bJX(#4z9EffT}Xe9 z8CVrvx_@4ov$7V5?Id5b12oud>$I7mr*x0y6kpv#r%SUEQ{E>$b8 za5BhZ<39WfrN3KEcT}>p!ujObNTO-qp=188I`ze?#jRG)pmHsZ+{-!Spz>4CfUV~a z##NFX^RqpVi-hMw`LEeAkv}3Gw`;rE_rNP=Z2Ynv;q2g^x{uGGtnG0ad%jWAXF|`K zyOEQ{5lWR4!2`p2*=%;_QLv)y`A6C;RZB{xp?IskDYi`nFm6oWd@EZ=lRFBUfx%?2 zr0ojycub6Z4MqVC^Bx&ahWO3|-B+lPS0v;2Svy8SbCeIRTEsKoX+_VNe@-h>)r@rm zi-Em0>VG8Arm~!F9?{)Slf}|FzA%&#R{K;e^qn3Jdu1>|G_4JxxuC_?OuM6<^n9;X z4I>GqdXj!uO}Q}%4rI@MlaY1n>e|B*@1rX+OSnqCiClM2X5>eWo>A1xX zSa*U%K?v{Gq#3{Jq&WXTO#QV2hjXBsL*r%1I=uzvBW`J9a(3ms5VYb8Kt&J!%EIV=2UVaTsrz0>hHv+BKIK z`cw$0m=zPf>@=%yA-)8fCahedo7ZZeGdXOfX0jmtc5~73W;qg9`wBRGTFwvOO09{b zcA@*SN1?{)oHIE@$xiS*YjhDuUFp40kz(X521cX8Jy#Xd&C5kvQBrKnreYLQi)|de z%^Vm$qI)=BXwWj*fk_=}F07kA|9>0F2;AJRe4dw9i9Fi4^=-y#0ZM7r33b$l5$<9} z?1*#Hdj)AQnsHf|IB;Sx?_hf(ovLHazUR9Pu3V768IEEZQ19FGA!>FUg4YB(ci)4Y zFxX7HZPBbu&_rB4@v*nWheh7~Ki)x<654D1f7%1pm=nM03;wjl`O_Ncj?$Vnkc|&w zyq5ZBc&zb`tO924pcGf?x ztmb7Y3pxR_Q*FBV-A8U<4xC-B1aqKvpF-E_A?jpw0&-pnS;a$4;wduhMRs$&E3ZSf zEb~`Sba_r{JM_=nozxj2f7rsm`L#IW1ZQUadb8B5>iOPK%31yWIFQ~&)8kmWko5)= z6RTQd?uX2HNnE(xp@tc=?3igvw`sd`O*r1U-{XtwIbvvEIj^ck*TOAhx|i=^G;Th3 zcWj1vralr_#!h8dl{m{11}o0%lnc>3PDn%80SuXKi}qA!Qfr|`egb&BPmw4`TR`0g z2{NeoXr?|~`5b`6;sJxaG*Ko6k2Qv2UTt@*9&_$R#{?UX`e|~2J|P=byH4P3V@>PHZje*E^fqJka)lXB-iRoUEm93Xh*I+#u@>zZdf%dVaSMLofaC+eqxJIDBh z>U@%S^^}4oG!q7AA4F3tuca4#IQ44|u#Zk?^ywaOUPP`oQh%B&3`z#j@{hCl=7%Tf zL*) zgYV{1fL82sUIE7nGf3cCz9lCZgF0>kq1mUy$k4nX#r=5Kje96H8z0rX8#dx+R{H+P zF9yG?!=)t5Hd}}ECz)VEt8pPgW7$D+%~*r8JDgra>w$ahpX{T-`LFCF(zS@Wql-gb z4u5iwKJA9+8_WcDs}GVW~NzPB=zwq_GOOf4SlvejV9wXYqkN=hXoew5Ybcw35;+m!T=o&@hH0I1Z%Gz(CG*|eeY9vHUTfXaXs7HKLSp876RA%}>XxHU z(8>TKp~BM(%bpf%zBvg9{2m38FLDl&tY^Sn48$ElYx~jew_k!R9{}`|S4{@Tidc>? zYMDXldLT0Bub1L0RxL>kvRA;9BU`%T8@y+-e#M`#A@d+6`CWcl8NRON5mzEdDBlWj zA+!*cT(d8v&obq(063m%HUK$Ua+W$|a4|tg}YBS$F>qza2T1mTYppq2xKK^BF8Zn7w zw`!h}rF!z0ou@5G;8>J45i{zUOc+tk$T)i4r2YRT6KT>`$V)|Xt_1c>!nr0_q=FQ( zTYUEV@LholrdnPSyAl8D4mC6`tgD z&X5*2i|Cq1pC+UyFzaeH)HF$LCO=#sUm_IF2rteo$=_)E2>7!VnHd<4SMxL-~ zD@)`N{T(?M=A7~NT~)q>puDQMY|NF{aRzot*vK5$GT`y(ARLpy;7WI}r3La-mAv2| z(c!`AVe%ncsU@_mD%ApE?el}0r8?U{3GGurpl$Y%s`KKTR(AZOVa3awG^BK93br7u zx(wNk>QvpjJEQVFvSnHPQhP}eG#!0uTqsA^3Ld!KP^3FFm=Vw+Tz7Mwa@V^8WbHRer z6qIO>OTM%$CFVZ3cS(`5ql&2;!4XgLO#@xfbK&em2A47Ov6nkl1Vl67bi|t8>Am4*oXCEP?lu`fEKQqsJq{DO>pAa_&`U)Uy|erI zn(y*?sYuu;Upt6+pSpn&2hURNO=-$RMBgv`#9eGJRX2+GiKRBJzE@{8eRl20a%H+9 zdpO@CFP6uXsQKA4vpgFTFH7)hcn$wH=8aN&gwJvpged#)V>{@_ZuE+&J77D z#9+clG`9Cq40igtztWfZWr(JALmu7pP=LM*-)jm7?dVN)m%!^g9?{~6{IU!6+Q$R2((CBd6b?GDl|lz4>i)5^b$%>9luIf6&s0f{LM#-ATp+I4g7yO?Bh>VN+8Ps%0qMHR7v zMUL|S_&$EP#(ynx{_ExRUoWTsuf3ei;;`mIQ0i$5W?%kUb@;a@bE}T@`iPV213#(T z|F-+_(5*MqULOIf)O)A5SN}}i6zPQGB~lqWL0)MJ-T+==SI%55 zJ4P=IwktId267%88L%iEoDURE^-asu63ms96HmI(Vd9EVgf}r&Q;E zDNQIZf1Lq=a@TmBh1q1*{ERFcjXK_sBlQ64N1d(E6hkQX)BT14$l&HgQ9jimC(&B7 zWr#)-c2nR5adMX~IkW<9RP+9+G2`d1@18~hxY#vYhP44QWB{p0oUqY}05rb_!BH?n z*BI~|RFC64Fjuy5#Y_!#aw5>NBRQ|Weod>H2l256vNSRR)$eExa(w`zk|7RFTG0py z*+^uJ#6Z30(pb1qW4NMr{MpBA!IeN6N<_37uUxOel;mp2Qc%;*K(-TsBE9`t-aOn6 zY2f^jI|0MDheZ(RjeX2l`6yj0+oT;C(}HKzf-m;F0;2gaT9@UI=9RBUDn2jhf# z9alU%=aAqpP6&lcnSx0vHwbU~l>%%it{>8Qn~(?R3gD|F1vxq=^plSp-Y=73x<3y= zHu~U{-ogjcc-MLDhPf#^VL4&8?rTU``SdxOjo&oRJh(0rpQL?XshI&VI}|y;ZuaU~Af(r;RA|J2*${9BxI<1RTsuR$CU=%0Kgm7+64w7gpE&`Y@vE?ZYl|sa5UoU}+ zEEl2z%|oh>UV!?lAaZNfnq>1pJvb`ki>oQhDhS5ivbCk*frL{3Tgp+$MDvxD1i&qQ zvrSk7BXXBV)74P$Psm@`=TV@{K&gY>)-}_}jHbIe%c%Y`VQ`#RcdfE6ZMx8#byg(g%Er<47k+@36~Knb;c-GC6rPfiqUAIJX+N5x<=2u zX@_mjn12;y@7P@=EqOp3^n(jGj6p1uGI-Y&Srr+_dp@1CHeA%fRuw!2tC6oQ!1m2k znDr5QU6{1Fm+X?N`hyruqk=ZXjwx_fvYd;>Tm4Q`<@q-%QW5l(Bn&@Sf!14@ANWX? zv=6fTJ8^f_1lgMH6BFG@!1`!2zwn<0b3w9}cke!-k-$>nISW>G z0i;_aqe-`MRH!Y z6W?|_W=*sbO!-uS6u@^ZZ`U&*Jk}tU_^@zX-hMEGCXcTA%#8e69h_Oqc%>?{C!R-+ zmiF1;=|8j>v_Zs*W*l+VXIJ(=VHE`yQ0HzkO%ZBfi&H zKT;i*+o9!mB&+aC-|93`G_P=Uc)-^EZOQCxY_r#pM)9-;DZ?tB2-?EFxRsRFAn{o# zFfyu{tnhrpWtdBpI$$XpK`Ga!?n|qf-cM<;rZT1mOC%q+<&PVsw2EOTvNL;kl8>)S zfaO=V-WXSlanq{QpjvSn;VVFN=nJP$sDJmS;5j&r+%xs}WRBNYd{PePMtZqHHgz0F zF0!;+|;=d<8A!m#?N_dc~B@Up@sodRz&xRLXjf0%b zI#bY66mZ5CT3tQj*T>p&;sQX0j7TG^P}oa+3%9oYoZX5=G?#|eV5k6 z1UZ}H<7>Po7@=6#>^&7#J1+{)c2qr08zKcRP?xeq)drp2-}=G6Z-dxL3Cb+%s>Nvghyvo`;SPQO4Q62K2kz z*q4e4&Bm3*08--od67g$O(j~lBfAqs`^@0d{Mk@7@53nte5UxpG#PV4#MwR6x{~vR4 zaI)-Vc~cM*x1@SD#74AES4f-In*UR6`Wn?<$50=$**(^ z@}pxdW8cE29IXW-aa-xQTDgNt6@=@SgUTX)$dct%>gxDguV5Qi4P+1|L39h4-6%Qc zyN==9tqaOUfL)VN0)S+S;?N#`D4Ig(Pf=6?p?aG+Q*@KhZ4~zR%-p9v z2c+2f)Y3V+csJxLSLyh!pdL;ZZM8>c2AP#_yWZD1KS847kKylDUPRPSN8v9?0aQF2 zPh=aaLsI)Dc5NScONl2Jb-%S_jWKJB>sl?$Nm<$B41j~oWoAp%F{4S?hrjTik47$ikz?0iU z(gYvG;NRF1@2~lkqo{#__JyND!mt(FMNFe1FbaR&Lp;6>f2%=z6xqf+r-2cPK92E0 zt%}+I!`^#_MR~1l|3b!sU92bwDnn5~7^GK2q&Go20+HSk7!;76SRx?8F!Z7{smjm< zq)DXr-a(NLqBH>o{?{Tx+}UQw=RMx%!}~vWKEyc=ae#a7d#!6-*LnWVkc0BPkEGj( zgn|$V^~?f_K-ON}`0d@|L?2p_LIW2mswmiLGc4a%!yn46A@Y=qO4GU%W&R}25Su2H z42ZLum|1N`lkY5$cBsK4=RkG-Q`DfWjSOy>K1ND#0!?JNE^>9c;zBK+m2AW6(H}w1 z`at&wEpLRNR!b((95<~_M=Q9Tc$9%m2t?E5=7tM7J5=Tcu<&=b8(3)o)H0a{zCb-p z#$ArakC-AjrCFzt7Lkc5LsmyarwguzliEC{m2(-;KCipp0R?CQMjHErBJL2rikGw8 z!+v8?-l!AMHmm1LUa6yF>@IIK=1^~_wY}1A(BQK(5Fo3Ab|ccfFO{)oJEz>2BlRe^ zM`R6Mz&@MV82ph@f|R&RQ=QRD5WOC@gdHjPWCoped}YF_VH~c=s`F#Z?{bdO7*_)kTh@4jO0Qeb`)3gIGH(^q6UcJ;s2v8=W1A*R4zn;JKh!9of8eh}s z48m(+E|&miCMx6GUH(E0?Gl=0lZO_YG|5e&Vmvt?*11fLWSU}K^Ster&&*Tb4F+x= zg8qEr@o?8$jq8!L@%XbteQt9E2Ziccf%^B$6F0w9Fmu0&)^Du{2Z~iI@>jUxQt?Mj zj?&wKqV&SUv559edLAZ(H9GjD@vOh*GiDGQ$)3UUg|!KX^g)D|w2kE2QtGtU563jC zw_|t7km_RN2ukGVyRu5MAJPSS2M}vmQwNRvKuf5MBFh3=L6_RfT`KEoP8l6QJdq`T z@j_f_lpD6g7~&ri`?;SkIf&u9VzY?vQP@qGdmyIKJ}DzikBDiYFO@Qz^o`9jdRbXW zpDdqGOgVRl+E!BIPzIsoxOBCg>1r6k`g-guGdM!fJ~LZx9g46$_+n+Dd*A4+xY7Eu zj`r-^k_^H8>PF8vdKLG@>u(H1zG~8VG#)mo{V~Egq0|y@Q)|=S9QEaTvbSw@O8Q-i zRE7|*wS3j~RqZLz;I9=t=(2S=NK1Mwh~T#bAt)Ls+s8$~xqSz{~t{Hz?L*9G`M89(W$y(@h!A-c=8Y}OOrys6bn;z?E- zJRUSto?Ijr5sD5ey?RN_DlWs7OhV3a78`n=xTTK|FC>VpE!8K3(!pGGTXdUCg)mAD zmCk*Vi8kbA;4?Pg+7+8M4c40OmZNoU`3U3J_R9JuzlSXIoQ-p93JD3j2?V_V#WHL6n86q+JOS4vcP!p zcmyt@rBk1jnwry>*SXdhEU8!tt7G$SJQQy{&0cbuM$uF$x@(5$Fd7o5ukrJ*hnLTv zd@qd6rlboHjgcpl)?hCG5O>}sF_c4Joa&5+Afm(xY&#eydnKaQ7z95j?I+0uxPGU~ zEvd^|0_l0Y0qyZg&698Z^1cPIV3#IGXQ(T4>`~o!%qfve2RdQPXt>Uq7FVnnjxbC-i zm+h==lN2LY2}k7>5^O0!vZtvyHAMV1keg^KKqJ1?#;Z=AApjjS^T4DevqggRbe*9J zXZd!6+nsPg@7iW+K#NvE+$w88r%fX@}5E zOmq0HnMxJh{w#B5H^OWvaZr-sac<){POb8EfH_{i4$Y7|eYB_T1_kSV^e-@M-UXX4 zJkrnljo8d{<|E^Z@12LnRh-6kEGsix3j{~nH_lcCOfY%E@s%J*40AHUw1ngGXwUNY za{B%H5Ck41rdsQOx$I0#q_+_=vhm6C={i-0os%VIE`nyR8=o9&(KD!;>nEU zr8Q1smOu<(BEwM>=8i!)6im}nD^GH&`;|d)(P_aG7b>1V#K4YyY^xts><@&$WJ2n3 z3jw~{2JTc+$<;E3-iS5EyN|n0SwTqU2xGT=zO_ND{Cl)cR$0X9liq*sE?Uvb0?P=V zdI33e;vO{p42G}s{gh)Jj=$`B6Y3sMxa|ar|Lui@%3{{Y9qrR_w!Zql7kC+dSWnYQhZFR#UPfD_#}Wu?(%s<7+m0EE4R3-5SdaD( zm6%z#wdpk)_;L>><{N=TYsWvz1*^|ha<-OuklF_NYer-TO#X-tPa5I=+MPV#nj?DT zGWwm*ZLQxv`)eVrQO*rMh`8%mmIF?^yy+O1K(e_4-_1I3i~rUm>e0VR)F_*srE*r{W-2+C)o=3=C_W2`pdX4-K}}0M zpw?BH!vm($#?_VtAsZz-2P##b0 z6;7~DuLV#ml0lgfv0`u zLpg1~17`q(oEfezb4qV>bAd3V%vGAM=KXs&c&O}Ed<_)?BiW{zs8cZsg(djl09Y6%x(29SParfGfGeT3pAA2hg<3G!x^m7kR# zbo0AC8zWqZ)Ntn{a#{%d{V-fUN5Yj+Jtyr5byt|+^Ps{nd)?I28!)lPko71=pX zz`qG);oocyZShd`kaxS2y}+??wxWAqwsl?T1s0VjGnzTe*6A-4nBxfv)>m~t&Tc3r zM!7tAY9oc5-(NXadME^nCyg_-18YLrgvd$-O`PCc2stB3+kM!FWOxa%agn zRkzW3@#M`LtW`WWWo{?92jn&)Zsa()nOVf#-kzal?)-V#Iw7kb#4WnG)VXQSoc;v* z281t?{?U-1Oe~d5J|=eslS;2*T6f)3mXenc)o8(Y8}_$m?0p&XZ2!v)-N$_vM%Gr< zn1c>Q@vFx-Kj&+MW&iP<%(if7OqsMi$ZF26-3W{SmosP`xug8jx-joCRJmt$7i5^7 zHuj)~RPyEoh4XNwy3F^D?Uxu)ZaZZ;Zrwiyx9U@bWHXY$6@aHHt2VsBe%#|88mQD> zPJ>BBE0XgWM3@{2K9(-}cwP-!=OkD2Z4VCY>#%->I)GL6Jr>MdcsPs($Tnk{6z3@_ARoLWjw#?YiRx%CHJG=f`dO2qj}KchRAwOd-W-(+jKL5)Ec zm6@nYcG1h7=M1JYD>t8vg^`Hp^uD0t@M@L;^0XBAu;}r&jL~! z5y*8v7Pb2{Y|?78eVEPK@^4-o+qGU`AH=~9Vg`{LLp>JIlhuDs-6=utcF+S=$Dz>9 zn6KfizXG&vH?Z=VtDyW>EMb*Fz#!(UYV7MfWAg{s`vm|-bO#wdIL^G#OlealA1w1p zMs1ZyexvOhRsOg78|WQ+nb{R?oFvA41O58-r}W3K_Wmdt87}R62}Y0=me5}Ets}`_ z-+71M^*!JG)i!^}KVH~py__G$Y_I^_w}hk#7wr9(gzm4Ogs8i>`Cs1ao8J!wXF(X- z7~bZeE;@QQas%z}%}s-dGli#K|8W1U|J3{G29N*UhxPRjg``#x9OgvxUBO{nsM^2m z;(xvN|8gBr#uwzqHBSs|9EHCAmVf=RFcr_Yeb3iH#2et8qI9-zxWfPXMqj@PooE@? zfBYH0{2nMc4KmK=_<6r${*7+izuptyx*rgD>wn|6{olD&haZ4_$lp#Ou2zLxd}3Ep7l697Bv8IXJLos2=0EE@>oRFX%+cg zDnba$>dB1577sq{Tt9>(n$bmCJ~#Ztg(96*aUC?F9nWl*PksljC9+b3KBS>3KoTS2 zkGb`SqsStbYf&>IX}z+7vrE z_T2==$`v@+CoMq!+zhp|C?n^_Eh|L-KFA*QLd7s#zm)}@pCF4pl^uR#H52p1Nh*Bx zov9^uK@G#qBun-Zt^VaUN+cKJjn6(V<>2eoYvm@VR|E1f)xDgCfs{2La;(-fuO@$7 z4O7gKpPd*w<07~42+hG=JoS;E&J1K@$*MrPFzPTcTR&MN9&AXv)oGq0ME1!r0T~fX zGg1xVQSW9T_?B|4Rcg6<{fWtWz+qWYBqe(3_stM<2=5@M&{|c7y%8A?hdMT8f*yTG zj-?ifIcqgGZnSJ~v-yp9l~dcv!l#SO4Yxj6K?aV+wyL87YxBBmc;EUHVTWZm*4n%) z(FwSUx6};guMqS}-WYe*L?sJ8Sk+2uW#ddq?%yz#x8PYNNX6G~oqPfjU& z^;6NBGag3qM1Ktc*DI~hV5%iZauXZB%nt9X9*xTa_LDn1>^A1`y1D~keoH|aC#2Vc z)BX&6-0-Ji{_^a@_yCG8|4MWp#oU!`AkQKw}UF&nab3~U|bG))9z}*Wa9uW$u*ww4O`L!gfQ^o82gOgRJOSfWC*Idi!YBZ!{fY))-5abi8bL~$B~GT z-t-lqj#x?4PQk)x$)+W6PeYFlqFP`EuEpX<184aP&P{<_f4 z_r+fShf?v=zxoXX7&KRylW&K-orpr3)z4Odt4~4_MBCX9(D*0S&tRlcev?YoYiKO? zAIth_jutK=*5)+XPNZN3I*BnC*?H7rOh&1E-a*kJKYdn!ZIZ&@q*qb;E|&Lk-Qwl* zC#tv+rGFebQ%hJXcl&3CM`)7k+Uf^dGttjBoW9S3i=LQvTl+*g5U>@_=_zF(?1@$| zqDK*CB^U4s)TMWX=N?^aTe~?fTm&8c`>miqxm<6iGq?g6Jw5kJ%|8bpM7+CsWC&Ck zZ*sazu>6F`FLCxtYYV$v zS!=Uk#}5a2KeQF1Fi0FRj6zaHBZ-41s6XP1Hw1Z!r&JSe0Y1rY?@qVVAv$T`a>F?T z@8g}i|G7lr3DpNzi>zIQK#;s0?q)~dkFfBn;vrKe%fUL{E=B5a7aK1_1WCv2Lz`;t zZ)bvUg5)Bp$EK}>dF2j@H@ok=kaJZFcD(I-=t6{?7yPOeu=%np)3{FkaqG!p{tlQ+ zO54chPwg|*N$bxvASGt>*=t&d7!ngfGV?L;Rps(5On>p?X2P4>%+Xy)&vvzDuwi58 zh=D<49E{S{s5rj}ddm9^0_2he%Vm(0z3D^9hiEVL4LuNmg{S~5MDM$Bie8dIjv?e> zHG?7@E7`fqwDc~s&<&>7~ht1jB~iit1$+{ zCsus}er(ioP+-;PJi~tFgFHhXl#35nDzbu=RPpAuRRNRy%ohWRE{k35g{ni4O~xJQ z9pp~rH?Kt^e(VlInDIRvPhq8+-KD$uBeO{0ifl*>%35_XTV_yJ#MRlGEfFPfjoNUJ z8Ws?YoIsx-^U=V{vAesk&7rl8QWC~xAD;Brw2hd6h{`;FWtDSKJEtTqEAN5Yw+^V{ zY<|YC=4S^4gQ%sQA*@m}Z)hpP_@>x_<}bx8Bnd_C^5Yxy=1cUOul$9b12Vqc*QK8S$Q+8!$4G|x=n7g*vz?WBso;`RB&rKi4=9hZrZp)WwJd&rWKWQLq%qH|(2iW7?SS z#@jE>KE-@uAyu57?;hsrw~`bO%WR_*Mor{{&;02^+e~pM!pVA~X(z~C%C|_wC&=QZ|e}x(WE*;=GZO?n5Y~?91Z=OH1 z->4ADH<8ZAiQ%9u4GU*SlGT&#&FPy&vOjxJ#iKi8Yn)du6$%Q_SS5Rz-_DQRgvF(^ zH7H|={#?UEEi2PHjdt2F1m$EZ26-G)KH)5$7h8vQh>ujzfxE!$X@ym;ddz;8FON+JdYr(1!PzX zmc)!`dUGl1v6j?TAPD7vyw=GfsvWb|f(>?nxg2F|Q-W9#53J#?8P(nVXXGbHgojC5 zZE|`N`FcJq)e7VelpUP@L|ZxhSj;z7KFJiWi8&D~rh7&!7xDX>S`w9$k=+@ydtT%Q zDs7c@dDo^iVP~H>B{9VHr^e@aAjh5!OypMwN%!JW3YPTWDTg%7Bh{*wg`LvGzqGUS zbkQ6kZ_S?nWzkU&g356g_tPP|l++JHpH6Aw?xFOssUv}omB0AU2v30uOtg{NTx!DI zu1kE`3M!pe6sb!t=1;*e^c&@~hbNu_h$(4z5S7LwvW={xVl-T5e$1z&Yi6^Ps>&061MyNO3;wYtu>IW23{&HID+EK&R)csLL%4bL26~A)iqs;H^+Rk0hvgwVW2uk zC8xAHf^y)+7;iE_$)+{lx6U+jXoFVttu?lonN>?`XDuqmi%bZ9IKn$D>7|c*50K$z z>IrDMbTDSftnEpdQ?5D}X9>78ImJ4p0=NoKgjZS^-gYGxs~*=kf_WUc(J)8>x~1-pNlm-Yjz5B^?N2pyq13K2feP)Xc;uf zx&#NiVF}(oWq#_*#f=Wz>Vy-G4^tR5q1H+mIA(hEPFk4WZ8#338~ip_r20Qq{J@z` z1<6cvL#hfH=^kIrhdx#4i8KST#AcW5iBICgfYsJ)g+OoZ+q{t2oXl@7v&Io1#~Al= zhQEnOlEB}~#?VH<2Vi-pN;pn$56BUM%tB832d|M5p;Slbv@bZpvbw=snNdz(}80`*X_)6 zww8NGS~O|84s%8^W8EnY{Gte{OF?c+K@2zPhkhHM;S=k%Z8By!c8axA(soeUI7aGy zE$Rx5gQx5>bp~NK-g)dJ!fs2uOPb5rpnw-miBYx&lxG8eiYrB!)LS@4h%2OeXzk?n_R z_TaNjScZ69#Q7g`C;-OS47wI<9s={i?SoSQ%dAZw&XcoIu*y6*ItzX}g89={PHvoR ztCP;g#rkRrQFGNpkg+C+YJzxvPA&u&w+wh=t)csYj@y=yqNS28U=_)zXT3=}^&6eC z=panX%h9+Dp*#A}d)2DmzJN#awKQpsIGsA`W;Szi&r_7z?CM%z43Zuw1(}k?x9cq;+g6B$5yD%c(|&2U*`5JTa8e8_Yc4Vinb#)68cX5#=6ba0kRao;Ikj zC``th+AaIO8R@obfED#?64LbWFOSB^ETvL^%qg5tooTi=3#rJ%mxXFepps4_)L$E( ze_NUQM+(^|WvYZ)4HGHD11#8q663_F?#so~5CsY1Rp~~w$Yo;WIPrU|R6wXVXX>on zMt^L_{=1?R{f~ayIND*v74#5d5h1C@QAD~|9W;*l!FktZH2~W|%FMsUl^OX}ZigpE zY{@F$M9Gz*lVzNNclbOdzKwv{)nW#QuxIr!@(w%VZhvOOh<<6(1{) zJ(9mjJ+Ftl4al0C-D!-dHY64vanp!}>+;=Ca#V_}z%NpJ9k~Zp$d#9K1Q!bd_f$1W zJpzY`-lA&vj|k1h`A%^mku9->Ur|~J3$bOwak`!l{im=Vmr{rE@72mIdL0s$sLpBF zDXB7%iQ&bAYo2O(+8{Wv8Hh=r8go6R@UL_oHoCA@)|Itx6?-Yw7UmR%z?8#98X#D* z<1Ff3UKz=PYi-xcI%{67-Hdvt1y3C1s#*aB6f!S7PHz1c`Tz^vVa2fk0;1OPKtJuEi z_FxKiLIa~R4Q^IIVwqv!@VmqBVS=EF=snCL0W%j+&g?UC>fy{Am8%c0H!GzvlQG)G zpq%VhaI0zDUagQ2Rw9+o^~;+_!R(+&;WuCcjkJ9t@H;^-sNui33} zy%6~oyAg}d#Z6B)E+eTeRVtTPIny3p?4TrkzA}l4@QCMIoc5qY$(G%6pEJJ z##Z&RTO?>EIdXpB^=QaCEKF3`jlwem^9URscZvb0)VX z^*7Ir8g%uKCvehsPVacD!nil|40^IVy!#ka^#^PwKnIlHWu-GQqZ5og2cb+eu%mbr|TS8Dzp{gF`T`-M*wA6MoQ+-^uwQR11nYO89xL>Mjya(*?a%%?r zJ7Fsb{m8JnI{eLxV)gy#ZNvSTmE*4frt{p05$fdb8mSPbTnyV`@!~^S>tts}GSa4@ z>DqdeG89M~%#Y@HI!~SW$3ga)L!-G{00`tw^}6+1RwU&yh|0}^gY$d~hk*LGuKZU& z=%~DhW8UmD>cjtVY1Zp&kD?tQ*};BQYya(Z(LU>cNBi(!na+P@I{(+zW&aP|s_fG} z{CU7*FtOTWsr?Vn_8+Yhu_NFZt+>L!v3Gv;@PFM)S??owU-HN$UNizah<;!Qji`fBOje8a!KD5V5F4+~qw zH_F|=ekrCb6h6sxhqB4d)RwQiBY*jB#m_*`v-`fxcS)Sm89>gH62bB5pLCVzo3OKh zo~QIpQ^MhzykTXS^=Q5?C{=qi%0HRcKmqDIHY%>L8ltf4z9O? z)>=d@r~RB)KeYc^nG?d5SfQQ1UOT4(uBO0t)Hh(`&iy_XcL>!&n6j1fD&ZC1bd;JB+>d za6eH6zQ&{7kM?bRGN2xS`C+us??Z|k3!Jt3fXLdcNVVN6YWTKBtqd-X`!1eC(6ExucMtmnZ_ko80hRgFB`xL&14{zcZ4heogX|ADY)UDQ>j z5YPFvU5jMg!b+Pt;`M%6Y}v{6X<>GC=7+YN!mOYA%VYQYCc1QiO>chLoK%LA-G4m= z+MbH9v_1KMXnSH-Lc=-$wv=06l>bOaM&l#G#XFe(n}A0P33xRAR=^{=F5toD`)_vC z8uH0w=6Ot}ck*wd+}~qnEZzs}`;Hx?&VW-t@jL^HhO5{}e?b#1GUPL0<~gvxK8(S+z5l&K8HXG8Zz-I*n`FVNvB0<{ip%6c}( z9rf*%74*%1yMu#o^gVhNgiRL5&C+)aG)mC28d`7L-G+;)YiYzKF9VE4y{v+VyekWH zc0G6FM5n4*&E7U~l21ulSTkwz2JT_(P`^&q_C0O>mc!6mFs-5VzR+^yK5D;J91)|* zxmv_43ES=&M+wOnqAtL=)2lK1-jl{81rY$EGVX-;b2b=SJib!m>m zQUYss$76-}GNejs=v&vy-LN8Q{ooQBD7RS~*%uU>eBRSFFS*z6%gW6D8_Y+XK&}{c zU^b^?EFr2-Fd>;Ifbty*z6v-Xq*9 z3Lp8^h~0<5u6r8dxyiUI9Fc`d({UcF9(Uo8hoZsWD%+b|B5ZflE;royO=E2^@zZCZ zg|qz+!8`ng!^fq~nll&CR)`&V3$5RG&*djPCnc_G@fs$Nn{%{F`Z^*uUrY`3eH-(- z{NfK95Z1QEu4_f1H}x)iV(3=vizd`xCXV#PStrc4IPBkSdt=I8pwEhb_yG0BCOYtx z>1&Bjb;j_zMCYJ=VetPs8Iw2dOL9b5@GFcUJjd91$1lan{CI=Bk1E76jpK?wB2JW){#B|Uxb>Vv7so@H= zA!f?35ri?l>GWz!E^VnN^IiLwoggV_?+)L}8R}`&o*joYIVnY7IHT3e9`DnAgZ-)c&B{* zr!R|(NA4LvKy!wgPhhhd5DCF%3lJqVcbl(t`+n#3XK7iQTV4OsBo)qcCJwy zdusV}Fm}qm(a3@RP%1@I&cdz9@i}6Txck2 z;i=#({|*d~ z_5T5ehw9%jJeRkt(larJ=pTVhN0LmZIQdEbEQjt2^-58HA`6EIpyRivKp1_5U{(_>XFo`zzNWj%Nt5gj~|ErAHCrzY%x}Un* zlWv`OTo>#AfwDo#I5iiX+tLn^PARVoBX9IM%9Rnn!tnh5FBqQX9E=2F4AjUsC`M!@ zuJOGq(wX?Qso8008!<(ionDLbF?AsFO#Cg8hvF^YwG~0$dhDGh{{nv2`gejwCw>bS z{^O|-<$>|IdkvLw_+=Wz4P|WBH1=?~h-0QumWaQh)9l|9O%0PlxoGiZNwbpp&q|s& zpO!ca%})kSFc&;ma%yEHr_g$jjtMI*frX`#KY*wtjVh4|v)VbmZproRuVG@_2hM5O z6B3Q;!b2)Su9IyR_A^5X7e#|qwU1^3U1-zm`Xb873`ja?u?}m$m4AxLvPrZ0BMOp{ zE0*>&;cxAfW0xT}@$aSQa*$}!#veK9Omesbs)7d-!I@qOvOp!oob_`O6b3sIg{uQBz_ z((BLrQ*REVG`s>mV%8sqJI8FaXtX(d=I1t4XWn>^$g}B$6b__Ux2wZN%y6L)FV6a( zbUjvwh%*v5q$`j{It3&>xrGr0<`_!)^d{+ZT+^Qv=tt?Obo|MNpxl@$dj3M8GNMG2 zoYD%~!{dm{aB^u48_^^(WJB506pBr3-ct{kQdEjuW}JnoQr#cNk567>HJn6-*~s1z zt`ZSEMLg_O>6pa1v4&~6h^4sx$(iiByUlqlhOy&B{K1w+HpMg5GXd@qm<8|HIBn%N z1sTWW5>Ihk*K^wYuaVE9C|y_{8faXZbGf+1FGQ-=h%{Yn|p{lCMk zpu6Q*om&wi^SBE2b#!Am;{>m)7SxAwP5A6Fviw$yN?b+n9+t>duQ~fdsqN$CIId%V z9ETc)kTIlrXr$@&3JpbUN|PShp~}zx7L18YU1``qz&uu$LxNpjT*)A2 zo-hG44?hS{F5y8cN-Xv>@RZ7ZjQRa-*#r!l&z3TX>aVky?qR$(_&iRcQ9QUagDAzU zc0Wpn0vXv)=G#I`Kw#*ww(>DZgO5nK6sjz9FBMZk-|%FwVje7P>--eMR)%{_QCj;JFC^hbHY65k=*?tb$~1u zq@gz|Py2HOd^i)Lg3_dfLkx#6Smh6)eBi7PWhc~-LWK)>asDobNW+2#tqi-WApE<9 zTlCDQ_uw!L{FzZcyn|6$I^WXApik11`?hAl4f;=<9sE+x{Lmd>uu~MAz=_X0ymtEi-kZ$9 zKOZni7@FCg=Bfh_+xpsvr|SvEb>SMz*k*^w*+20K>s^HKfiD7{%zMeagEW zjxz?dt~VIWiJxKWf8v5D1C^c*aN^?EY#1nidblMp6Nyv#;rJRB_NYc?3nG)MV*TEr zZCE*dD%!odf?R+2ynCsKu2zKx)2+d#72)7W(C6g*UI;dhU`n&3Aw9QslCN~h1w@fD?K?0 zy9NG+*0WoSu72PTS`SnGe&v(G^}hm=vT?o2z285dcBA$KpIO57ny;6sU4E4m2aj=% zRA)muhAY3z5|we)Nf6W{*wSi{bu~Hsy4dDHSz2)NUxho(dFhzz-r`!IKu^ZpiTzzs zn#VG;QM?s}v)`6~4|)($ig(Z9gOQ0!5pn&z*w_(BrvGBf()!%&AD|x6WVgFKE2sEz z>VQ*34Wkg-l+HHj*Qlq$ElT5MskF>I6xf8I4^8L$Ya}a^Fj1N2AyKoT7D5y+rDPl; zF-ol()|7Ys{nbpVtfAp@zS(Y2&5AG>=)yOZ*_?!?ms7cQ*%|eS-P7qqt-m0*se%8h zywH2M+K+1oL@=x@G7BwLL$WIHG_kIBo7g<;~}mW_aj&@6u(taX}l;5C>c zy{@aNRRwI6D8o?LUdZFc{j?xdvLEq#T6wfVktkD67wIsu*SHT3K`N}kkB;kUhSQl2 z`E??oamd8z!|ITwh+KYLFMup!nElL9yb^H=66>y4(%HemTMa2{wx_^RUKbM0t3DsI z1bTxZfA>m9xiELM+k|&806h$S{1X|eu4#57M6M8kmb$%2v6Y^nZ+$mAO7=tO2A1YnDfz7TYnPk}yNjYWHKUIhQiqI%XG4_8naFl5 zNmYh|#>dUnQ-Tunut}iQR4OV&^p{Kknnm}tOTO#aU;!+)bed4!nnn4}x3r?`e#C{R z3(UKG%7PeFwD!9_&hhickdG^#Q5q39!&_htB;kct|L(t3)? z64Gmvum-*wfW&B(b;FYV89o$NG`>O;W8OYP&iGYhtZy`^37Y=fiN9TvU$*V{$Dr zh@=&%HZRgY6aV&Iy7Mj7&nt#y7R5uhjZ)h?E2q9O7NK?YsC(8k(M zNKO>EvGdK7Acem&dI+Ub6PXV{a9ohOj1Q3GHuZIej?7ca;HILXk{i-gaYMWyOq*D} zy6uH7U<^aA-ytb5C$<#DwJ4LTbxkQRGaO^?)S*--=tbqR0`AHXr=M+=-~8ELzAc<^ zNV-@tqB7y+`KNzidbSfJ%%+-6^X9vx-8Ieg;kXgHW;F#JK$nG_EZzLEwn3?TX?cdO zQz4c>ubP>EJj`XPHZhoLoULgX(IF2$QJu*@!JeY6W7dinHXr?%bI;%nRgJ^1iwCyn zwYuFOa*^hU6LguF$&1?X3&8#O!gOJ>(<|ZSvG@uw0ahJf+OjsCj-J%inE>Jp_tMyW zd`eSK0l5xz6UO0Kz#M0+6bff~B9*F5Y4`$LhzQOK0Fu}N1FK9_L?FX)bpuLEmUakU z?KYjtfacIgsSlk+(>+d6N)o_=*Jh>&9K-C++Q#cM>~PTJBczY3@s(4sOARQx0(Fm9 z7>;p4ENm2ANYY%rAg(Xqw(2G-m3utq4^&SdK~=iQpg{xlX2Vq<9J&gZHh<}_Uf3V0 zu&YA&V8MeCT;{4vB;A!)wRPqi8+Y8X{B>B5K+!s^hYsMKO(+)hDsX}K$j0+@nZ#sk z91N8gV*da`iAQ`@C}|V53_`6xaqW`zR;T+zrlV2B{&nRvj0{3uQ5H=EgmQB&Zx)X*Z#otSVnNE#p}X1##vSgTM3y4L#!=A@hdO$KH24X+=8XtDq=8QSL(b?q@9bNou#S9+8NMNe3rv-LvW%Q+{LZyAX$;M&#h>uM))m) z;&RxepU*#ya6Jy7bG2+Zrp)`jS-K`fcL98^3p7nmxLjSJ-g@SKb(e#S#6S|Od zo15()p6&H#(c{#v3OY`Mvo!y(_N_nVWsi%stLZr5fR#S_bJX|zi`BZV0CE*h5h7gt z|0kGcmDc$Nx%I2hYu7)Ydz2}alPU9~z% zrOQv4u$qVNQJN|zvY1|GqBynIr&~B1?EJ1q!)m07Z+2PuWDckCut0x^V_nZl<6+mj z5w9)eJLud+PSpT-rj0*)RIf|C59^M+o8hsQ3E6|L6btnUZ5F47#ZF-41-m zyQ42rf~|)E%f^4k{h!|*eThNn7BXCjLs^IJcl`pQTRaGu9ez^x?$^Nu_^xk(oLRE* z5gZFgzwa7}(m}epfzq4Doah>V$G7i^(l@Q_@G2-S|>x&0j<1Nsub74ly* z*7n=czIG@3p@w8wJy`=L+|Y|&+lJm13t;v$DSEsvy%Pq`vas-QYCFJdhoR1$XwK1J zOL#213_!)Mzw_`}gF2D5Tg{Iz-DjfaF2DPa-Y!lHa>nm?rJ6m*?*e(}L|ZRJMHTG$~;!jsB5kS(S6 zN)uT^lJi}QjUqR z5!TQliHODbhYm##9206uy&Q8p=Vcy#!otSeh{-)3+-cl)cb3obGGrI!oIYp-2_)RS z;)fyxZg4{rI;TLRSuU(=VXAv-LS(+aDNd$#W~jQB$f{+r|8BQc$E_T}qNjP{(4@V@ zdE;GA?Cs}pP&&A+f{ERzioopfLMcu<#A$xqQUAQoi;f38kC0p0xwb z*zv7hzjLqjUrtfyumfyG$argVIoq(%=F=gH**X`Z7Nr1$W)0`LGad zD!!~V@9TGr&bC)PJW~s<@&+xfzmo%Spf^>b~9ydO`uYTI~o zQjAX%FRiF(=)5%;=Cm0o)-K^VeD=z-`gciJ65m*= z>rS?0{Ad^we`;ePzI;UTb9*~W^X0bR_R{co#5B=5o0eU$=xAWF^L|{}3dgJypUUT} z+48+*ab!m;K;WPk={QVv;%2nyK22NlT}RpGaMPKV-EG@6>2r)6=4}nb!9)esPK95C zS97h|WA`JyTZ(|d>acrWh4~pgrI0+cd=neg!YCr=aUS|XIXOv%hL0)L*=|Z=NrXM+ zE}TPvVu^AD+QpJc=|O$+jobMyu^2`=go)Xhb7aR^xB4F0_=`p3tzeYln!a!DWQ79K zg2ABQ(@i1tu?WP2lSc;#T+T3F@9UR%AuqeR10A5edu1Ed4Tzl*v+-_ToR|lIISx60 zc$&9XVggk@@L#%h`tp0v!6l#=`QT=s5bEI>4@o9Gm>6_hfrI{M>!~@IF`Ad}*yW(; z(%G7<)@^B`b?>D3i17(WhqJ#@bxo)1mv?c^<+sDi_uTwkcTFglxge+85yJCx?=+e2 zA3mo_Z~4&V#m(xWMd;i)cS~ahysgydWuOZ5ZpM$* zP2XdTG(qI(n_|DPIm7&`U}6*)%Iv*20(I<4I5ed?{n26@c28y+UnlR^MN;zvRGs8jW?+DABHh07g{P| z*g`n^#0EY2Fp}!{aOgtJ-8DG8JCYq(-IMrB@JZ?NcuobQ6UqtlTy`UMStTdDw(sMX zuBK``wD|bMxvdIMQWQSCc{OXl0#-2#_XkHVm^2i>h5yE4sCNF+sLmE#hHv5klnGxO z%fe0Vs7v>cXe8q&+Hy7el3yHtdmuZloul%euG>m0Qk&>399lCw+wB0&yfDazY!VTu z&m@rmLS2_<9s@Q<)<%t}Dxt&c*v5We|jhA>kmq8qW$3 zPsk$|l{QmY0*xlxQXL{-t`Ww9d!)&-SrL-dL_abw_oUWGt0b$=3nv>*AFwmnsGW+7 z&JDP+-GYheaiOET&72Bvfb=35i~|+I5|JGG+cXS3ql52!*<&B>ziY59L^8bd*2&l^ zR^~8ob2iD_vN-v-PuqX;I3j%>kT5}E9RtTwQ;ToIeNh6bks|ERF1Zl!!vITqc6n{p zf}M@?ZrO8?5_*$s^axHVcajXV@+@~=pt@k9XmYjlX15~yz0k5qK}S-=-erl4C!teI zx_<@t#H8`@#a?eEm%QOJhv}84Ads<+95@D8dtnGDFlu>ndG%dirmsrkk6xboEm9ME zdQ|SWYdD@8*1uMIdyhCzcv`07OsR~hSktpDY_wpM$g6zyDGYi;A^z9~w#3u7szV+vhn_VhtDRSl5#Qt7oNn{_M>`lecMtp!_@fe4So9=yUWvww zo9Q%zKu+L<{U=*Lw@J@wF=ZYaXTo88Z$T@?m3N@&mLU;E6Zw#`pJ3`gFU`uui2F>c zue!al6st~Bduo;OfGI#yUDZ!PWTl0v`)(+?ZqMpcPRy04s$XJMb8QU;(%c*;?bENl zLQ1ut$J#c++TE68r+T&Db)=UX^oc}#*SZ?6vAar zWM#zK1xhyYSO*4HL_HQZ*{++ik$M5fTA7!}2a}H8u+|_3BFfzJsUI_I{`!;)~EoT-O zBrejSYT&50jfcp+`l_M`Me_K)II=)k+J6WPiYU%fkK zM*8AKUQH=7y5nMU*eJqv`V`ZCm4j-gormcjuQX&mQBqA?%9vrw_mx&mG^GXVz=0TR zvF8JnJ_+teg0hCemQLz)>`_lF+a=?udu z%y#-JE#VA98*{h~QlgIr?;eY0;2${z3A*ed)I z$zQuA*0r3Ge%3E`XD=62p&25f@xSiEY^~f)h5P-!>^|K9Y~DrWJbfX$r|9nK*{f2= z4SN(F0;1b;?Tk-QQ)brG+Fhh@dYZ1SeB_8>#ARjXIH()*F6HVBT8dpfdt5>;MCB+vAA<}jj1Ey=7%@$Qa>hb*>9M6xjWl3 zj7PUqTD$l+Pm`C0^U-=owz_N#&Fvz=HcgqzO$Z}Gb2e`m?vN$FMd+ZDOtbVx6kRKi*iIlnEugUt~~m2>-6!v zJbQUsKG>`Of9$<=RF&JeJ}&4s02LKP1O$UlHzf@QlF}fJ!lp|~X*RY}(jg(;-Hid# z($Xl>Akxym`FakVxSqK8H@O00@^iB< zk=>gU7G!vIayn1z-Lr4M!&Au7moBiMy(_L;VA|apHXAAX&6}~RJzbNJEcUbZ8NL~G z#oMMX$Dm_16;ha3jke+xm5d`B%l88(uH*3GP1njO6ww4xTpLOIjCtK6o#Z0qKe`Al zWHz{#^F)}k<$0K95|~(vz8nw3R?jp8*~^%{u5ezQfq4l`aYpgnTI?zL>{2zajfs(3 zw|3`xcO)z2RLMx>B@ZRvs|jr~V?VjGsdiG%Uv9DsCoch4V{#SeQI33pA!=$x9pV}FGa^NdxA(K$9`dyUsck*T0Hk~ zT3e~THBdB9k)4W`Vq;K=-GkSE4-ov8BPn}wBmx*lx*y>3Xe^&HlT?*&?dI5mOmFfq zk51(t3*LbTLVKl4U9##mxJW1@;Y8??jM--#SI6^_BYfVVp+HKrxsMamT?E998R;}! zlYGB_}Ix=)<#v2LwY&*d(dVn3{`>4ZQQo?fJJuA zJ@Qv47-C|=2wZg@RODn^y$xiVXZ7YzyK~^^nQ2rFoq~9Qd4B^~N1E0s%05J=NJa2> ze`l|MOU7=hTI)+~HW7)G?+@`wdZrmM^?{stt(GCTdI~Hk@4f7K49Q0KD>As&sYFiB zx%<5KqVEnZy){L$=%mR`!E2KlVvx%m#Gus1yTWicF5V?gEib!mV(WUvm~rt9+lUjW z_ojV?Expb6u$mJCGS$D;D!&UqRL^i7xW*$qU7%<`bZAlI4m?zTB-*TG%=M5;?B1Q7 z;)B6`f#=gwG}WDxz?>3mgGRKt%u1rTMFY-!)Qs;Rg4!UknOau9< z5nj2R+cPzolpsAjP*xUpwoze^q~~c)kGds(Xr_hcsi&Fs=8NK>@y210$fJqAqMRTB z(JC4S65@8Gc(BNq;EXGoppm7Hw$V*sVn&!gI;1q)cD4j{d;B6t>m-dlVDtCz){q%M zf?}7IJu|+agF;%@1(f-AbTcxtqY*ZyV_>40`^K;$;YPS|PS0C1mALZuKAxvtL71KN z?T_F`rXy~hY`Q@Vq_3O{W6j(QM>ED=-;x$V;DYSui1y(@v)r5NTY|eQGlBaMy}4&T zXB*Gs>?N9V4OvSMbj^jj3&&jB$C;EwJ)`EY-w-Z`Uhi|~u*tmdPzjwv)h2diXbY)W zdW5g82;qGeyPhH+_v}v9S-ilTC3a~)vJ$l_cDx%;&5|AY44TOK)Tbb27s!`X8=$m$ zf7Xs1^@{0cCe^3l)x%ybl_T{*D_*u=-oLoRz9(tXuZ}SZwD}iQWSf9OJgh~gcD?(q zdk?rxPc(joDnn=VOvW3e^u1A&!iA|LA|oW?dYS%M+>fUF9UQgi>Zh4Z2}XYdKX#)4 zEST^-?pm}O3`v>BTf006lg23SjsV<5CU8Ybq1$e^t|3%HfUT=bdbEyxx2i72YDy`8 z%aBJ#qGrg&2Y-wodI6Kx8k&?VMWN)^EqUv#U3%{htE?{EC0J+Tm+T-&sKmf!*BDs8 zCuUw6cwAZB3Oy@OUmrMf zNj#k3tdJgw*I?F0QNjo(YwQ&xN}zC`DUlLoR?lBtqrWr?ybd%{4Uy=5Vcu}O4M@Z& zsL*m}iJZQ;`zcP2BlW?8WB>z3BQWUWl7jPW9d@;=ji&+>UeipN7o?Xgqgsl*&3X$g z3hMhdU;rzd3Y$+@Gvm(A_+xa9Rf*Cna~KHfTO6r+dV+Spxv+MzLOf|6kbdY!##*rV z(I zI)r)qB}LA&P#M5jKCVl8AhENP zLS-68G!@|=L43SR+vD*#?u@*!F$Y6&W%hgDbYhll%}o1?I|8#?FBUFAT5OYXCKEkh zI4u9+Mall-GuEXe#XLyO(Fm0KFj`3u^Gt7^(NiVGby!U(e?&I}s>HgwVKf*9q<^9R=M6ni4)O(~);5*;ne;CcElFqSqdjznW2DtGjFhO$LpjV_} zZYJ*MvfphaprxZM<7e2`)h%&hL!-ef>l;@Tnvo%eXr$pH-`%f^{CyAH$%v*2Gaw8% zrfOFV(2+ecmvC2uFe?Q`^Zk?W!V{u=U>K5vs)Wt(iNMASUxn$Jm=qIzXnM*c7+duDKZ~< zmYP*6y|dqpS1VL8NCvTRBL38_CkAreBOxQxn=Q*vS%}|5hH6cu*O3qsk*=cAEVjvd zZbJe7rPVj4HUQ@3Fbwb?ohXDRlzCSRkL(_=-UxkTSK`#R3RhRMw=see9jE=%mC~Kp zmk;Mj8`b=-TjFDjyVcyTde@SiaA&c!^Gb3QK~Ua>)VJPeoV>}no6@7p6JA<9Qx{lV0%xGbYH9sQjr}CsZVXGYl>wRA zSMWqn7p6%0;3^VL4~OD!wFYmQJ#OrBs0)p;CJTIbt?C@YrcKv5Q6OM;1@q)9f>O4`Pr({lJ#FMAqGO03%&bQZ^MGJxmOX<0t2qJglqe+by#hk*eSh{SeV@n=wxmD2S1DJJsGm-wyeV6C~ zx)jAsl}f<1O}PN&mk44pQ%sI`TAeR)zi4-NieV)7PKRQ;I1VkUC6HCy9LO5_e2W0^ z8sxlrYhE*WeZ+o)UQl=aWV<6KV-@OOQ*k%%dxfu-G zUzQ6rimZ&v0*B4Q{^I5(ger)h+w`MO~}8R&D-w^zMJF_?S@5u?CQc;Z+N%Wm3jQhGt18qry3g04Bu8T{=!8!1r}s=MAu%^So=AXVS$5J}>&Q^$hl>j6!AE zL;@I;rVUYZjp7*8oWXwaHuJI5qSP)LMieM_L9<$%)kHO8>e5#+v?Icgr8m22*CBW@q6j-%$~}^{PpUq3Z^Nv%<&2 z#k(Kf&dKk%vuQ^Z& z^-9|QqSD+ciI63w5=OFm=;d&%$t4}_mycmxuMNT3 zV&}7)W`oucngJC%FL?MgMh`5%6fUV`weX?`Xzyq!JuH}B-fOR!*^;qyu2pI)}}>)so~&7Hlr zXl40t-VBmi?R#%|`1cvsA0GEl-_Xm0PO_@A1J9-1@UioU|Kb60^$Pd@{xkpcr}g_E z&sKxZd8%L;Ir+|}++FoQJ;%=f;-EG5{@eGd$_zbfFk%a`uK zrk;eJe2NU~fgPCjpB_utjiBrAmU`zcB1<8xj1MG)j)b85KdqpCvZhqRk4%2@<)3~? zR4J%~KDCo=^;NqapnrIHLaH~M|Mb!9e1tw72)$uxVr1xVmiiBm3fukkPapITulnV; z{omg1QI;YU{g5Q$85>sbW`+N>OjJfV==T?-uU-F_M-VGTM3+f`hF(7&H52xtgoY(&iYS%eZD!?~5Vkmdfl7EQh!przX zOhfn*L?42bPjuJ*aI!bAd)OrB2Hvnp3zT9h3f!nX8 zxIdEbZaOJi?+LwDX<^aoXjmgM!zSR$*rlCj&0lUE>;ohrmDBOS_j=*ss0|hJ1KIAr zPry^*f`4Z}{s@87RIuIO+pINKd=z}KIe|!k%udgm+J+=G9ougZGM4`~~R*v0_+5-HndN_zhyU0N)vK`zG zjfjRsxfrQ;&xmJ=m=wn|V%2Ufw3X=suRQ_5$?TyI)POYoK|e&PQ0`>kmMC{VW;+Oo zEg7*~Nq3;(ZnjwLyl$tEdNWI7Dh00tHxSq|&$z>v)Lrnm>-gAlu^NL92k+cT-1%CiIldD#6_&;42Q(-Rh>7zZ2|!!g}`+Kv}|{?#0+kRAYS`eZ2vlP8I6C6KKlf9ap}_0~W37 z(*E?QOx1ooFF73%z)MSsfgfdXUzg(w4hNtw?0BiNuBe)~%PY!yuN#6dzS&>%BpT34 zeOQQmZj)jo1qI6*p>Dv!jgd-kub|DA27cIVV8XC1proTPO)Lj{F>4qB;{BP`JE6Zk zsF)~w*6vQkN{VtC8mXPaGsv_sV{&a5!Pxj6g4HgUl|DW~5o+bu0KO2qAicb}P($hZ z@lKx*0+E6>)3dS`u$M}aPLhx7JE!&A<~qmVlinP4Y-Bid=WAGh)Z(fMV3ngluxQTt zilFIFj-8i+#=A5i<JAjWz_iGL1CGo zYw@w&=2;C@j3Eu1PZX4wTx(i_ESIWPM`+m}t8@2i2XN{`gK?QnNm(3AzHO&aeX?t# zTkZ8|NqNb7^3W-iKb?t3D6Yy4@McmdFxRv&WS(kE@RqBNz9-FH38TGMigQi6nr>JO zly)y7Ey|kl-gD`z-ffM~S9tBFZ;~kvyXzvAb_s0uesyV_YcS|WsxV^!?>A1%LA^NP zV!`|R)JG0H+<8+(Zf+5WkC0zt1N^t#GGWY9DOqtYKatfAL`Z4+V@=@${4_gh2$l}- zD#Lw`8=2Y4Hsc?vB21jcVoBQoJ&9?!_>4wHfd&s%ix?#7`5r11K5}Vj56Ekpg9lx= z`vXG`jlWLagN4?DL&)8pd^3~!Lnxd2HPvDx#CyKfl!>7Q8Kl=6rc6=l-uCD)nSRa; zIZ#dP>!{!1Zh|gvU^d-dIaxW)7zUu9w}$?Jqh^3Sr;v2FEwIjXRg`o*C7#jKHK4lb z%%*^vqE~;Fevk3Dp(_1KH=Kd_4O2hcop*t=53N9@87acPFy3vl6NrZfkKF^w`wtFd z^-^2~sPx~BheVq=e9d6$bQnzpNbkAb*V*&wM>BR#o3Q`Ba{(gN;Wts$gyh2)qht4WKU}^sFR8vv)2vfY%A)YtBCwGo`XZ6W zv38=wOot`olEX`qM1(IQ&GwmbciZ<^V9v?4%|^Ii{>+I|PgTvSW>;X7&z3&PsGKU+ zbFTZ&{k7UT=)f=M=K&%VWnMH2qYT>+T(C)@^Asxl`?iq0eGd3A_vr`A1(F8LKI;Nq zrWxzUcmS*OE4F(;W{NKjeTdJ8j}=OdO#`WBDX`!2&Ea@xniaWg`%90GhFL6|7u))6 z0>Q~~if#88P!UpKZJhRddY!!fY-blum%ByWhswX_NNn@%qe2^*D=(WoU0`5cC>S4o zsDF~q`o>6L_l^NX{>#>DN~Q286f0m8rNds0D1nyWYx)p`=viqW#1oX0y{|>gA)BF9 z)<;%w zeBeCa0G|>?VRF;sI>x2Rj(V1^B89=s1)@s_*>?gO>}@S73fS9cuzPni)h!X6ZR=0q z4&6?-U@zO2Gb+ha^j6=!lVl4Vv_(#aP|=P4TI~s6*!MYs=E**s0}~{&MbsF-JB_GX zAMxs^8%v?%-rEwa=}c5vz#>x*;Q@~s6acu}m6a!#8(nrkLf;#^X=^Ky6m)u+d^H02$(KRu@GSxf}xn{Ho$oh@^&#o)mHnplpg zjGXjaoS1^AB=2Jcp=kv`b#6;+<3sa$gS3Xh0)8Nx9CG0i_{AuH{DU zi7#C5@ljZisVSE^*oG}#qjn-{c-1PDH3LmDPNB_3zwoq5k^(2|ELi|6sgs8E7%fqNp(v69Z)>Wkr2ix{n)+W0-h*R4``rO3D64z4>VcMbwgk zAB|=b&~M+Xim>3t%G=Xmuy9#F6A)E>XQHOkdw5FcvB%56(@el z6fzF8On;zeNXp%;4tcP*1?T4}<7YfN$D;bJ)YMjyX3XZ^@uDpBR?=cg`P%}(DL;6y zZ!HCj?jQ)+(p0{rdW$vcn;%}IUZZPeBRTq*?4IH(6A@U0DMWWAaewT%{s;^>{bpS5 zMaIoy-q=;{yx!w>1T+4mtX7WjJ!A|GC=v~wy&N`vG4WC47%zJH*eA{zW^_YmQ&DDD zbm{j#4b6UA3LQs#<*r~Bc8@wn6zY><9Pp>RFLI>$%4A{UI0iXqN{l}zbNILm=28}) zRI01vbX7is>5@Cdz&Y~6dWT7~2mZ6E-5GA>I4KTf{ zB`~tpg`sc+ni&mBZ7Lz|{&%W5gPw}-2MTn^;dHq}jB!_#sC-@$2X`jOP=?KkQv1IS zt=QKJrk+8|WNLRKmLYe})O^pW-I@NbWI%)RciGc#*C(L0uDA}$(-8-ziuBNFkn7}! zMfA^Yu#jF{`xUAZ=EA$mBCJ3D;Z;1)HkYrrm*Syxs;Rp!}+{S)lCStis=#7pZ$4oyu;^5SME`c4OOkz^2rU zPVCxn;(AwO^o|z*z4dcfr^en~BfmSOazAK71nhX}azCdDS#Z?i_dKCgmJ7C$rHt=)EG}_irg)=jyDR(;DIM7vzPjE@(FW6 z?9qOPv)0|1ppa+8jH6#0_+*4djw4*qftnk14l+N*emIcWM)Adfw+c{PRQu?mkba!5NT+Uo6A?Q@-$hd^oaT+;u1{6Fa;fM~C z-*lmCoPg_J2k`n(+Pyy2E!#ryb|S`FUtKv6_Bq#ed#iH>QkZ-k0X*UP0-#qqaz0wx z?t-dtTD!Ej4NqU*o^G=|W%0!CdsaIM8!Y28ITmI@eGpV=Uy#TypXC{QC?N97>i!^E z;h-J2CUlPGToc9wd`8LAEj-T-PaHLoRoEX2nv;FZ*$e)Mu8lamyPFX4AM?+)149Ur@{T383r4#o~Y!PtGt-WJ`hDk_xoNf{vj_J?*vr4xmfm*_WhbIe_Y9Ith#|RAX zEHDAQC;CeYY+axfowom`EyF-Og081aq%qv!=kxze(62YOrbthRp_;c4diQGFYbV|M zJs`XX*NBKtEjMxHp|G=@eB7Xdk%%^03gf)C+kpsSK=d-3XSFGbG)M8J{RC*X;`l5E z_>qCy4&jScVbd4STpxeyMZst4CU$ek9ruWa+m&&uv-ma(Xy~A`UJ?zF0MUnj&J#l^ z%!aIfK&>C`SRK;|v_@YygmMlrIDLuqW>gC;Up1D?!<`>9FT}!*w59j%<;Xn>m0b2P zH;}9SSu}aS=FjJ_35k%^c7ADW-nyVx1Dvf2NYqfpMj;T`-%C)Z_T|N{8Z)@YTBpS8 z%5g=z8>Y7hWWT>~f-1*p)vAQ7cohG$2FcrtXqp{ddAFiP)+K~4%E0n#_c&aMLEi`$ zrBs_wclaBrH?RKI7bZfTBc_Tu(U)T&quzP7ZC{Pp+0u9WYv>5Ckg|RszFQcgKL3tH z`|V*Lx&6UVhqu_uOeo=;z>}3T=_|}? z97sXcR5pEa4wvHxbEt%&!~bi1m~g<8R?qP4Tx7IYzNu2_%=jsP92%j49*wE z?wS4I4Y}X$<3?|U7;u^Qow8WcsNcXU!w{lZD%yq6d|!UVr834*+Oka49y>1!okvat zCb%=w>Her|ZlXt4!S2HLot}`5U-XLqWw#ie_`rTifDA%xI+7>I*?+&+%t(AS$FSvG z$!3ffFT*G6_S_k|y}Q`IW3ccm0aMql7yWWN1XUO3l7Niu&+}*~_`A7zk~^h)9c9tT z{3iHePWLKiyo2Yg(kE`ITbk-xDW@N*w#)b(nTVl37Z8=4dvmw>a@`GxULNmNT(N^G zI(GS;kmWm=2IZCteet<6eF^WfYNn3J>x&CySfk0S!aXS6R$dxNuT_k{cR>)drsQxHsYM#N#MStEof#&xIlD@ti5$9L4P{nzbyaFpzkXEpJsr^%$={%AzNJ_Q!lPbscTg zm{b@Sv!!Y>yKT-0x-!v80b!vw`Y&r%5sFA-8Z>xb!6|&Se{Nq|SY0Wo8iH@Xd)BQ4 znu}Y*+4*n1US(fpAdc_a;0g${%5x%iS_Jnh)R8#nLXf3Rqe=6C;W?!eef1Dodo1bc zHyF)1-VK3Q&bBz{;uc#{cjeTZw>mSlEgX{;1F9vj<6FtG^}&=Gy!`znuJwpo^!BFo%{UoqL{@^Iy92`EBK45CMg8wRxO8WAj0TUda0hxqrw` zrY!sj54u&aXw#$Y!iItuYZ)p(fj3(=wHuL66lFka5m@<_4IK+$M4Wi!dlFj>7zjno z{=^+ZCJhym-jMGZN^e3YXv_Trg-8||AovFg5tTnu{1h)vby*Z>uoMpAvi=|t=?_(6 zxvZa+$IU@nOxoDSbGJ%_MAJqt9Y{o6yim-Sz5%L#O(U>pOpBNUnp!y*fYA|rXSljs zkhfepO|9DqrCEk(m(+&g_TQeXuAO~QP0oKW6X9VO!F;>YO}k;F78#hE>`|iZH%;OH z2!V8ZX^cDIsA~MnGrL&AAC4-~OSgz)lmEmZs&>qu?i?oGNr0dD?y+Tyw#h$1J_TsO zkJ?cS6hs`qFo;A**@*~VRl45;x{xtfTMgWDGt%O++5x?_GWmy5(u>pGZT0feWRaPs zG$Or?&HNZPIhs=_>%#bXiQ=SZW|Yp0FAkq<*#PpfeYg4T^`e#ezHmDjN8a-bZHUMw zIx;F=UPfd+wfxptyO1`HP~DLjG8xn-Ce7k@4cE;jkuWr#3orOiEik1hCix;$*cyR~ zWE@lm+DlQPEa`P5r9F)ykZ;Rd1m@dEqks`!kQdF^ByWHBHh{ZC%ZLFrMn~qsm=Jfz zwzT+ZIn^-Q9b8a9iY`lfb(a2wIro)KlW)on#fkpVpZO=9d`_*TS0{Lhw~r#TFD z%)wo(a+)1VnXGyn-Pn`)-cR#C<&S6q{a}*fE)+l>P|1d!aVnXngX&An z80C}E?7|y(Y9>)K>D9%&pl(FbZ8tm6&pf)j-+)}95t+9cDe~&qoC`LhScY2!HOK_p z1r==0myBT@GUTNgWHMZK2}V?txQ;UnQ^$meMW0=UsyEkU{OEVb+ho8HZ}ARA^N-U` zdS*+Y98nvHm={#L`HLPBZT_sogYCUs{AXF;7!HF zCpB%i;q1jT8m#dvbtr&$?JucAGzfKwL3->)T$bWFiIJSTK;|$5S6lM!71wQpoI*N7 z$!>$(G8>KnJNY^#(juLZOxSS@X|XPKQ90XN>j_S!w{+Qm(+%yW^a$i)C-Z0KknJDdx{UMo5Y_(oWa8txY-jl{*GVY0RUuz{MkGV+f z?`J9-kgp9=p|rocCk3R0o1-;Jsw-H<{&ed3bo@p?mUzSO3VadUY4Z+gawFh%ZdV zhr+{*-MXW=bKCym7Wre1@XJd!V5As<3hqzy=KuOj{zEnS!@>UD`v2din*4`Z^@oCS zXXF1L-|i3bC&wWtRg%5J&hjr0_#Rwwd>;`SBL?1GtYBv`{vwp^*;$fv=4jD~b)2a36fAKWCf8f^#@$m&p zBK@6~e@kqlY6CuHZ7zHD*1vuKu@`_iD4}7qiyr?jDEur?zvn>26EhxJ75{dv=n;>h z<0Rob<>qd*|BKZ^OT%%N;?tdG{g)rQumq6s{_`>X!)pEKWBBvo`bo@;y+ByICj>fQ zq?;f9;UMfDj%@8H%Vo;jU(b`X>A0yPC@GKis1&>5hp0Y^dq9{)F|av(w`6x-v+?uu z(***#T@HBS5RWfMvwa6GFe2NPdUg3>1B|M$K#-Y-Z$?l3<5|JR{y_XHPmz$HKf6*6 z0Fn58jBX7WTz7-%M*SHz1frZHTyU0xb}V|fd_CQ$CpQV+m?y;;a7#GK9G1{X+iapG z=6br$1DGoo#yxQFyvnwd1wXz@U$JcpSWqOd0^6wp@EfU5uOBvobx$L>fS7wP14hFM z^H$yp*?p0O84@7aM?+zrJ0_1qV|;7j?%kS`%xZf1X1#%nY`|{uPSUO@M+VG(PCwtK z?XvoAnO-$pFTH$iQ!7&k+g)Ux(6VidCnb@$2`eDFE(m(O1^Bx?3(E0Qq-|h%pip8r z^I$z_a(Uc)H*ET>;!bsCaDx;nH1kbAs)LZEFh1P3!o< zfS{A!lp0kn1q2}$NRxzB%k*pM!j0w)0E47?g!Q599|Z?!PQ2WwW@{BOpwSzR z4>L!ou-=*tj=NV9_8{K4b%tQ%WKKq?;KES~UjIEI2et6Y(Z9xv4R+kM4Nj{sVhd|i z8Drf;|4qh_>4CcUzcGetzJc

    6`bbbQyoG`{g4y(=~Wv#vM6H$cLre*Ge#Qu1cK< z+@!icK&h3RWNRj#fEmmKavwC_bzWFVo&)3|xHb7J@AHDz-z)Xk?{P6c~AVN>{sd#e9+9eBiLt$3B+Y=S=h#WE}RIa}8W_ z?QDvO84=svB(B=RRTuXjIMP5&t^gYN_33mVLJb_5d>-zgoXFJnTa{mjo3xq7fgkIi z7Y*(J%VLW)TA^94xhkWluKA@ngLV6|_f(Lk9chRjE{o6JBbO@qp|s`tCX79k`(@ur z7L9St0MaNvoGWJDI6cvkXQI-Uq(IABcwzbdqHF8NEZxT7i@MX%0Af8}Ryy#De^7pg zyS5^pDPRVO*`Zb~^%6+ehw7o9Ig^%b5t6ts5dVz)(^Qxv*iy2(HMqTH5aBd0zSaEg zZSZbvil+Vs42zMqjd2M#QAupfZVk7kiiL3^jq9I7BYOL->X}EOZe6jv+`MT~GQ+iw zx`b&wBji%LvT`ir#EG4YUiiT;^dObZW1&N*66U(5R1Ly0H$Z@B5s&YCh#}>(?X&M! zv%4>WLil=213$ya0s!fw3?nD5eutRzC1evh))!y9Qz&ZNAuUC+9_8rAEvwz45#bWI z9xbb5DUH|qO+e4mmlt3LA&oO41gxa`i0?A{13!_`H(!iHt8~OlvGzi^dQpm^LUcUS zm9N`TA5|y{>gn1M+D!X@XEj^95$wno($UOytRD7!Fp|EL3L%hEgkwBLeEGy`D~0a{L=rI!2$ zJt#+rj`2Y#zVBH-DRTi-LENm6ttY+!h6JH-*#v`Ua~-~7;Y56xR5-8g^gX=LUl~Gf2Y)bx zx+QM6h0x}BLPZ~1WIfg+>{WID09o7!feFj-Q+Ha$h!n7#urGF5>QLcwyNZuMd%$&_ zUu+>jy&k7&M70&(;C%$PK{cW8&UjBD-4&BOh=APnjsXSk{I5HgcxiYL?p7!WTWjkh zK5I*3dJ%D{HQ=dh2DF@;fLl4J+7V@*)SK8Z|DgqVK-20JDu{tyE}C2u{Ls0A;}Gwl z5_Q%P6^yq%zz=3Bn$Hn^*|;&o6bI<2b8M%SOPU~3N}mjoWj?uknRhcrtrIza?KJoR zjYx+`rJR)~Jm{V1H#A86O^Bo%+>AUU@b_~H43@ye$p(Z?7kR!p_~Lygw1{lOuOBv6 z?BG@OeW?pgrh-SaZ@qaW+O4NyjnLlioO3Os!ON9(m_yiSZ}-<2nxVK5wplzhe6d*O z$(U4jn4|XCb8W@o{+$pJj%v-j{TQP6pGS=%0f$TJFjI)C1-;hgsk-XkNABY79Lq3* zYR2Y+(3S`752}#Pga5g05HgKusOMMTAjQzh?c!kt{Sdh7-f21m%XVN%3H&l*D#^QG zh@9y*+pCpq$vkHuCThucg6o)eSOATw$K{83-6qiZ|6w4M%DAwz$#M2&-xOXs4;!%n zMy)volkXDVGOr&T4;e%VL*?T|)4->ryj!6dS_X>9eDCtu1cMj9#m;BAdOlA-tIAk5 z;Q7j(_mjd+y!2e@jF>bIBa(#ti7zB5D}E**>rh?OE3%jGo|E)mgc&XzZN;`Ge1W*M z?Tg=3ry%}0b6LMf+B`PrV^`~#5b7iu#!T)|1jrY|L_JS;FKukU?R^xe1hi3oN;#Sr znW}ZlDwfrJd!tvb?gr+yT#80fHbqwjzg;nMbv|QEX9Frt-muZO?Mpm!x$2j? zUOd$f#Y_6l5i_U`!*w8^a^MllsmZA#v0W5L5~$+rV9owgu6SjG3!_|w5QTCpNj5`Q~c$unq{jXhLPo8E0@gy4j7^ID@k>=+rP`FG7A;dj&8HQ7z%A7uN^ce5T zgmJNX`xjNn-5$J|BzrxXGQ9Q0Po|XV`tQ9W{+PDLGDS^~tXZXmqF){m2wFOtZ1A}5 zdxF)>n(wP@k;j;qa~U-pJC%Wt8SaY)s+i;KYp)*SKfw6D5;Q7QojwknkyE4KH}_u!QnWMJz#fqs)%Dlbdur3_GJAjOq7hSgY)^S7ke(?bg->eKg-%sfuN7LaY# z7#VQA+g8zCLVEoh_(_~{Cc8Y9Y{ZYsEllOKC|e3_Y|AypTx`2p<&UM6wZwJMPcXP^?7$Kt1qtTMnRtU2a}gx8>?fUfGY2W+ zgWHm}@n_`RH_w2!7_|J6n=Kq*$V4ZGh`6=%9KMG#wH!t)@P|>x->(scWXww%*A>2+ zrV&X4K$Pp!1;dcAG56z(TDnE?OiXpWG4b*ex9Hjbm%W0NqvNIc*Onitfw12ypbk$> zh16bSA`NnW8sfLdIc|L5?Knly}CLPJdh7;N&tM&VP+*F{wBbUDbhM{7*r zQ&O6wg1?~lP#q2;jfXgg#i8msK=K{pChC~pG1i0h(|i2VYRU3lc*mwR)?6!^!01F+ zvOs!CrHGMJQym)5R?l14k_W9hH4}K7pEmV_6>6D(`W$XaYq1}}Zr^n`Q-N?Jd=<55 z`aysUNr;X!j2C?d{S8n-d+eIGkEe?r*hyQc>h~dh9_ucI&!a5BLKEh zY`~dW&aR>Rcy%P&9V*JQ(MIK@cpL8ieaTn-&8Pk2M&O3UV|w#tFx^XpRA;_T!=B!A z4n!sDWA}zlKW0|3DCbl3yY1&h5f(LY@ESbbl4(V#MOhRQ>nHq+Xbt(2n)rYpKEu#6 zi=>^1f6G@whNZaCCh@)|rmH^%|FHeXWgl7np3ienfaHh?UbJei;R{WtcDd`+PF|cr+*UZG+AHeQjci*@9FbbeR4NT-{!=wd`=SI=|DJGp{< zXq~IWWDcBc*dP~40U~Gm&?&x!Sy!UBFT9lFB#4LIuMjb1{h8K-YxqB-^@!`pdb!Ie zme=Kh1sDLhYCEV6&`={>C3%f*$-ocM1CN(c|p@rb`g%-?{`5OegF) zP10`tLF52wP#$&WLV5^;?IMWldf!2|B=J$m^ySCZbn;-=@}^aUjch>gV*msf(J{e% zv%&Iy7VCuoBmKMXK7E&dv-0@El`iarMW7RHt2XOu#1kkzinSlC@j@f6#IN!5TFUD0 zg5;zOfPz1YD0J^JbJuO9P00;Z(XgrJ4VD7!XY>)7`IE3u7vc_oolHeb;1SMoqY}V;^}7MEYN|abg$8b< z>;tn*&-q31E&@zO5oqXUEb&C))(JXHFz=Yi)Q-$q(}d!+K%E8e^c@@?KUx`}4kI)# zT?V&n3pP!fmLIN>Xc7hYD2mYHeY`URq=J>Eq%e~8WDowYg+w-A(y^cnsMzlE@xOu+jk@eo>=N41s8I6G)+$tr25a@a60gEEauTXBL+&v$zWn?1bbW zml5_Y?wW5{dBb>U`3E39Qsr2UNW`!zCzr1O|Fr*+S7xX@s|6QIs4AHLb^}yXMt^8h z9n^hoz(u1@5C(exvm1#^H(tF)5oI+Vet z`6n7Jb`5}7oBNIGN`G$vbb=#ZLI5?Bv-T)lVcQ9{K?lae{KTo*0LWQyE_EF+tE2lq z0lD@Ojd&*Zuj*uV`(xx)=R(u3sCbEwRRC@}S4^8HRl^A=Zm-IiFwQ0L1e)s%@Wb_5 zTbZ@cAoP*X+aG5VU;_TsSIo*pLUs`t!Y8qA+w8U%a4s3{ME5ASeTeJ}5Kv=qjV3I4 zh^Pm~>_x(+fH~V@ZL(Wr5n`}n`aUg`_wTNF&v)Ck(1oF@F4{LI*M~+|9_#`e_vvfh zj5p6Fa)Ns`KiFs%;Zi;Wub&czg~#X@1gF@jau;Q95igqF9 z9__D}FSc;?<@cqyqcu8xGmi^7d=oJ5yHxUQEdop<&6hrOAxva4?ht1yQjLwh$?bl) zDzEE^=ua69rK3ggnB+6PO<2B5>aG<~aA{A`n|L*u-8@NxdX7+Zirl69mitl|(_&W; zdi325bNlHj@Y44{7bMb;{~}|#JXo@ju^8Q~>04QKZBa<}{a!)PA?XoxzQVs3fh)hzV3Hhf0ES$QgBVC#I$I`6{ZL39mZIm50Gl;2j~a)H_~hLRI=?}JP`872U48Sguw zzl{hu4It2tn9zhN9`ETw#=`3&XguSV z0ucuAwF;CrG}R27zf+|%x4$zleqL_7dB9m%Tt2{cZ~12l(N^CWH#{*PCOLPv3#dcS z=!WEuU88>Pe(*gdF$#w|S&xY5syo%eK?x$cK=ME;@xU+cOmfO^EnFXVEH^ASG&MA3 zO08HohfGW+s~1cPDhae{E-gDQ;5dHX_Cf=3`{-m*UvED1&t~^U-NkAoNG(rloS+bL zaazJujIx$5mFLI(I)w`RiI&Y_aoji|2toWPu7KVaBq`a%DB_ysR;eN?C4g<8hbc2c{@7nze1|g)=IssoP#AyPm@RTP8>^AvD zF2RgLHSzpF7%`cTmzf+SJ)!HR9+vf9-cg>bvv0yZY zMy(q%wCYiY@O9Mtc2%y>qbe!(jrDxD9Nrw}HYJG6ZV@H3y&SZZbriRDzh48jNm`zA z5xB3PzOrGOT}#9K*iOPvyv@FeXKeA6tA^-F^$iDp0iHob(v-WM0{AVBduRC|=Ti}K>_V@4b zmmd&T$3N&}H1#IM`cJ>$r$3CV_j2#Qd7T+E48ux0n$ff~u<`Gf;-Jr+BfHD-H~+}Z zgEo4;U@7nQe^`Iy31Lxr{Y z&e~6p$}h*H(vs*@HUS#OdVjQB%xwNQXUF0W7FyUVCPy(o6C^=(|K>;DNDI3)Sn}Oo z4*Hu%+4)wKHiVJ2cX8-{_4p?Uso49xf;a!o%8UoW0d={PB=s-OCtDv3K_nh-^@Je*8bUi`#=38*5%N_|19%P(EZOc|89GX2MJ%_ z|K8&?XY!ZpXa6~n5*oT}H*rn{xpwTJ+ElH|xmr^4tkz0F`H1bq;Gt^TQMbHk@exKJxKiPVHSnl)>4LRz@ZZ~ z{>RRX`U7ei2p#F9*6v%6De4>t*9W+zkrA>iU~FR-0(Ltox;%{>78g1ujka{YeuPe= z2BNO8f&waVZn#E8n%2+|{+|)P;bdRKH_$TH7>8Ig7bXk6Az-&rofX<%mB|Y?wE*oB zBlxG^3mS2D2K>$2UubL2d&I(ZUEOvX8A6=>8jsOmNkubH3iv^lr;m(v`p02HYn{$lfFXg@N<7s>I_V=t|5 zgokG{xVS%>PT~(vF z0JTn|h>*>#Mhh2(#%E)Yrgq-sH}5N)FPnAFz%#CG*k`@OElh)R>pF$4ViA0}r)N4( z917-v(j{dm8itT(M9jR{y&vwQ=C?Rzjle#=UE=JloHyUsOE_o>ryJwEzuXvXxw!V* zFi+kfU~p@>z|V9X_Amp|*zVTzldglIGdDGBB4T|>f4#Y|M~>e+uX*{g%{?sYBweq0 ziJ5(G?||~A9`6Eg*#$>Y%`<>US$%#=8>kl`CsF^r5X_wJp4SznAXiXdRn}v^IH8+e ztpSBWhdV)vzXglbOzX=yYFCoU*0v3YReydho0e;u?z;Lf?^H9qX9&4zwLmoj+>yJh zTPqdXTZ;)o(sl~oLR9 zRxE_irsn${9a;^$1KVDudGp-P*&o-y!n=$|OrVr3rK|(1Mpt^mQ)0$;-e(ob`@AA> z+b)!}l*$$xa~Qge&)oh|r~KpUjD>57UZUN@UzhkpEiOfX2+aXrRmS`twIjZE#~mA-ESU=WP)O}bjV6>65>4gHOm@}O4D^A$cCXMqbAR*vTv znm~Foka70GTK>ZVmoz;a9@w(U6phmE`!ZAWI@Odawe&~#&O9X1x_Nlrf2_92mkHg7 z!xu8B;rlL;Mcp*(8nFg~Rw{*fOs*a(oUo`ZM{Kl|9z~{xF-ZW`O(q1SaVhcH{2>YR zW<&nkTk}C3-((xR1CvoMyScs1gGxXRG>!;ud=u67>(t(jmZ#LPaBvGjF%uK+_jSh$ zAihT|{jAHB`XIxseY4|fvPRo&;4kE^T{g|uAM4R|c8!&*-S=y95_NwcFT;H)XN?o5 z&R>e}yf-{IOu2mz28#=}2CE*ZeSe{iDn#%0+b8Akf~fJYqZjn(A`$%|o_la?Ry=8% zJLwke0u{3hbgz_Zzh@r>I!m6XsfiUy%z2ul1OxINWgpcdpaDrvWTTG4`|vMX@Pyr7tO;40)X?coLcKtI^YP z*U#^>s;_1fp8!xoAm|#iWK$XvNY%KS`4{{>=*b7y!lkBUh!m!S#tRX4nA+ zm;P9#UZw8ZiDLQBS zQky*&_1wjh?(6CKPB@&q@cj$E_V>%g59T4rm!)RD#?xe!atb_as0AivlW(r$9uAen z#m@(#r>`kxn^YU8DD$yR0JB^_L{IbcUL1#>P5~Y9^N1(EY_2J-)K@|;tj3PYHeMrqw6Fuh{_BwOJJnYo^#rJZfpFy5bx7# zF_(pCkvaAADcYOKl9R2)PYHULi<+I&naUPhmr|>BDT0FpnEZ*&jY>I0t1(CO2fIWR@HeArk@d7C2JY)6+`R%TXE!(_H>uVhuE_p3> zE4Ho88#7{DA;^SzymsGf@g=^y(O{Y6y=A2RU>QhE1L6D?>KV%Id6%QxUEN>At3vh7gHexK`(_WtGL9Y2UozdObkUC-McCj3ZUf-9uB zT?CD;Z9iwhzf2S>*CpXF$LccoJkHTlDv_KH}~S?5_tYAn-I>9m41)iqq{Baonoa=l0$)Ntq(b!V1uU4|gpS*jK^q34kF z_`CRizX)`|g$@JF$^5CYMsL#A1my1|R3LXH*_ET58GaLsoJp6}Q8jw2z-7|J$S0+t zEuyGJs8%aidk44jF(<&zDy=W4LLgv~7DqrJU>|MVg&|B8io{fvS@kxIy4x^Tb@%JM zsp~0Pwr|2Tzgu5PSayxSXdy4_vn#EYIX_(b9XWdI6U@R40d|lziSB8PguuR?{~7yh zL=}$m+czJ<-c5LdJZ2}EJxGuyoX$D`c}|C@l_uAl!WHFC4eLhqZ0UlsQaa>YXEI1v zIv-(n!nYlvk4QX)*JrAgvm$7EbS(in*PFd@7j!Ui3$xZHzHoa4CW&R_&WkNdo!)wi z;(=ZOj-@B}ZZJ|>BKlV2&c{LT=A_t13=Lg?^s~ z<33DYhccr$Ds~d&I}Vk>~*at94BF{livtTH%n`JO5V%sMmp?>a{>o!FRz_Q!UrwpAirlJQZWG{>U$Nz<-MLVIMI@1& zTSo`CRx5(FApXJ|d*}Ybgifo?i(RL!H(9jN4Yuzh&`pc&k5+&Cq{iP9ph<7j2uU>K z3SfLM3K})*_Xl0jp{`<^by+D%+4ICntoCsLw29&`j!r?R?ZZ@X2Bf(b#2;QnJ^M;& zb$p){%u5Rlx9ds5D^9%6bUe|g;o?$ZcDE?5mIFgt{)_zinP&fe5*u^gt}peLa#al; zAqN4M9=&*j!t}-2NC*6v@5>FO`eHFMZj#IA$8JB$PL{M*j?n9>B~+yEehjqo@-MxF zs@&8w)KPIwYJQb|de=z}dB7z~B3zo@%w?EtFflttPbeYGyf_=8z71&`cNI(RC552& z^@{EF3gZg&>|&ctMs|i?1-rizuH<9`$Dw$Hbbh*u-ImPW!&zXTeADy8+xPThmEr_D%Q^}?b`Hny%5f|f|I3fW4dd!TB3GCVtW6c65M_sxhQt@Fpo4yA`rD~?aMG3ZK^_sc@g1%17#$r0Gl zCi_w^Jc&=R5V#Objl+SU;L|LNDaRk# z5sf)@peNVd0t*1{(RU12M3)vnaSa|37k%mfv7OSK?6B0QtKnsIW3$oES$H3&sfPb- z>8gm{v&}A%tXer|R>U1ipO|%++`%Irl?Y!yoaLW-5ge1Ghl4S^SNxb@wvnejO);Jg zr8&JtG5doC82PC-3VMe000EPO7sPIVdPriG6v5qRlmB_ zaCLS2(@|GC=yBTHf3LX0i|K|rm#P>YqbA?>wgV9Z`7hjj_XW1A%6_fb-pU4ay%SW( zfvt8jq*BK>6pmKqzB{R|D8k^mUrj0(k1jc-gY?ein0*7AylrhUk_i2O?7d}FmD?Kk zjR*pYf?$AjgCHr5gmg=Tq|#l|B_W^^vgi)!5CH*c5Tv_1q!%UK@XXu2@p$&}oU=c? zW4zB8&-u3YMp)~<*SzPv;`jewZI*m`YVKGcLu(T}!_bEm4MkhND_7}%Y4Pi=Id{5#l&m*pwYK`@3_;Ux{vu_9ysWkzaWWrcjl@N zlsJu3)$v5mW-avKbVq~BT`Z}eVGMZT2(CWX_QTYIb6W0(WuWeJhClw5=L|`=94Ot) zz8h|{$87#6QHA`3d|R?GUax&fnF7}cgu2zrZ?m0Rd|)$f@Rx5E-hjBOom@>aCUU4R zbW8*e=JGkugEgJUYea!9CzwhZ3Kq2UlS~pMOyew_GTh5TfQj*GWjsCOF{?|~RE=+Z_cP%IbVB@QQpns54 zPOjT2f@j{}{4lJ*o8^VPubRX{q8>>rrhG@804@;+uAzKk;C|)eBRgB~JypYR;#cAV z#N$Y+j}&aoZe8T2zZTzoMRa^|4UAk#7`4ONyEjg0K1}V3N^1V`Pm|(71k6v#zO^k< z&`BCtKP+oRNO)n(714_Q5mFO#03+bcvolWvf4>v%N(00!>R}NWk92o2>?S+G> zfH~k!J_>ASe5B7PZXXFuqCT3qr-duu2jqu~W$eA~!bz`p&L$r-p1pO>=2P9a9d|$5 zPE_fbujBxh5EXiJEnc{WaRshNeTnpMW$*`=fKDY3F$DHtL6_)QRhJz)flb^E$m?Yh z?XOgjXJ*htLG`1NSzW{uSQQn8r{-l&`bTUQmwvrd7t2W#$;Pdq`pQt`ibEM&bo(Gp z%cuC2ldBg=12!^r%TOG_n3f!0Fy(SOih4(*9HogIQx{Yp2x0tw3H#3->74+~?R@>6 zIKKe14|*#30p+FpG&y-CPe;HM?t4VO%nX<4a0{vGcOVnLXjWl;fV$)(>S1-;4k)RF zgN!UaQn3SPSEF+nYfphwOB0p1wHq)Jd(zs;U`ZyzC4$kAkmva_(M-&sI$Ce#ovuN(SlE zgHUsqq&g;Jj(YR~H^{BkxdS0AIgzV{yQh}7WVVFci5+N|MxYmjZGj!qv6;6y zJ(1{S8YO3qyn7LfOVZU(B|Z*;G0UnC-dJ{u|BSnTJqVMrnXT*SYN z+49$c4?a{Sk>3Rls|AsyMv(Om7p?WH^<1bN;NbLa$6}(>2iv$Rr zsv-(H*4Z7;W2;t zMb7pP8PTB_*+(j(B*?u}oGsjq3lxCx1h|)Th|9&J+J6bhE^ZX#5+ZHx$H%*A)eqws zFtor{`k-_ZOz5p{eHi)*O4OD&c9$XoV=huroOIAz@Ll%A%bvJ{&*E4pZh8o%O7{?{ zJ#h~Yw-e7bs<*=PA9{&0YxI~EbqwYQQo0!+lFN63jU4VR8y`qn$Byf@xT1aToR2GW zR9yEuoFzaWQ7A^zO95npBRn}VVB8Era|lTkvqtxma6K-Na=2wLV9ynR@J_{3po0+i zjtS5$WohgIPh%RJ5#x;bdzU!D|54)v+fo}Crl(PS2u`f<_BN(`Z*Sh?kuEm*SjuiA zP;E7TGN(=;O6a7A%VHqK8YahFua}v!Itv95*;=+QrI~wEEhJ?32EMqT9D$Gcl=pO5 zHj==8IGH>%tBkyR9!kzxX$2lm9SxSYf;UzM@}-vh#FRwkH9Khx;h?lyogJ!s+9K;- zScV34%|A1hpD)lu_&=~Ov<29;+&zL4vn^m|6y{p61uU}YrcT!#@J96IJwVuFqM`m_ zXj|;huW5klLemA8c$(vFO*!ze($Le_MbuQ)6 zfiY}K#C0rPJPK~q#!3!ZX%Y89DxsevT-7Q0q}ifkZLnD$hQa$tpJll?*_}@6N|c_L z_)8&8@D%bY+A*+Cx!T_T9&!lPkI2TP_nmjQ9c9GTK(3Or{ZP%xMni^cITfCv6pIVb z8sN>akZt*ZcqOt8>v+?*F~=!uDcD^}Mv|J(P-=0f zR88+}?mfBwF0W)XyUG29Wlrffs{noRIZ$6|4T2gN{hIrdAW^n&fA(ejEmc`|OG98t zHIKq~An-c)@x|ihPpaVGc7d-@+_qImotEJi zH_iq(9|(r(@$aXKI=M^%53&!tHU*{`3$SvZO1=C#*NSi3-eXkCaIA>I**|XK>nt%X zk>e&&g+xX%CW-hq#?K|&yQbG*yTm0Xu>{6S)x>s5aM$VGp`AEpCzw|_N}(=QMHjqV zO-U=813NvKM&VPH;h6C$Y-es$RDx-ycYcRG%!F3Bdfupw*7jixLi|D@7+A=bKv`^3 zByeZ$u#^K-8RV{j36oRH}tgk2>R1EbL`8QXIN) z8PGtq0`gpy^)yS?ExYwbpBs0F9h4K()9_Xd5o9mo!k55qk>~5v`U256=5pK>+X}Q# zE@01>46;U)!{P`_td2nc8fHs2VuYm;#vczXb6sHk;Yj(XAZ^Hxk$%?&49EJ0q@_x< zIulo2I^$d7BhmU>WD7_2IPyUivGl1!A)egNlElwt_!6{!?l#-CLRF%2N-p=419+SJ zZsdfo>nz(vDjanc@x5s9hmsgQ1UDK2)&@vH*#;q3&MrNZgUWYce^WyY~Cs5*uf?;7*?8C7v(w=kqECFEO(WK z21wW`r;R!??hC8`cEi#j9>TnPy1^&`Dr#-Dc!iV~F_<(IgQa&C_PElicbIBTqV?ff ze14YozL|a0=)KHRA@805@rcfi1P;2Mr>1#IVACnt0*|GVsW~X2D3ydLOOs14f&;D3 zB*aO9_}#Oht$$Q@e(sn5^rE&Fij)mnC?e?&p&dL;iH`_J^EmehX|!g`gOWq#6t9Px zoReQ&-ZSTQjb0V1W;WVl|L($m{mVKWs4o;>O5FgX`|#z#fv!Xl3$Sqy4t%m>F`aDG z+=9k?`d}67gV_Q4ATXzGqpvW7x-!`$Vdg+`%O7 z8}w6I{N=rV6CnJtevz6vQ2x%p8+{6(WOX8~`2RwT{kQ;3;#vHE`;Nc7n~^EFD04SQ zyP)4B?SH)${4WD+|IVFC%0otK{H-1rR{}z&64_AO5#Kek{O;X6zeQ8UDtd;jaPw z(9T;){lD>idd^T1^Ba67U^@P9Kl{&=#veCl zM-ps*|GUk9e7pa<&A&XKU^R0w^BeSM%2DwB459zS`r|*o7GQKvZ@)GJ3YUstx{g9e zB`~>d0|82Jv6mqdDtcBeu$t5Ys1aXS2$^UEL~276v|xFajPXe$o+TZGf<%KE7Hv?> z3>5}tmdoA$^D5RU{0D2q{DU>JDSWb~G4qo(`Uk1rjVMIa7@QW<6UarB!)dvBzB=X9|F2kApQqDk7+(ra9<#K?|9a zt;vEOhGxY6y!hU}tjCc;8K7j^4mM|VYSWQsasjrX-y?i?O%faaa}Rv+u2!cKWsR6# z^MaL>DyW4}B{CfLrBu@u_si=8V+sb~Ke2eLH2-3^983aE%5If!^fY0M^oWg~$7N#)Zp zjLMeIP#AAo6_gS>6K;SxQ6Hu*F+*JtPVk|qMy3GD8VRgOYL1esKsprx{8fragS3Ah z9r3h`sv82_Do?sDP6!}eIL-&TaL&nIX-&M|R}DYNouG{})=b`h+`0+QwMQQQvs4A{ zIo>iBS89FPNF~UKl%sKB@g#k2RhK3@g<2BiBFBxo0>A&jiuk=iHdXPaI#?FsimsEh zh*nut@KKsVQ$e2CvDDwEc&BR;iImcx#;GeQyS-Abu;mCmJ0hXFVxUf_tII4@wmt-m z!BgbM)HPMNHB;>z<~At{^+N<#kdv}yn}cfRzz$SYfhKeStZV8{mZUA;ic{621VAb% zJ&`78X8}l!%D`PvIB7INqaHOcoscM`rTNcyqqy!5rU=T?RNR=XlV9C2c^JW9?+$=5 zddMq7Hv#R>Ly({9>I=my(fHGPdBY|-dD*)0W>+O>K=Nz@>bOFo8RXc)UV8Qub}G?& zPveNel2GTI4^wCbO-1GFEPW|&)E*#V;lQ3{$+Ll}ZX%3gZ?nz0X;1k;{~hmC@<|Jn z{yJ7q*pGz+Bl>LT2MZ@h%d#F%s{t0c&o$l)3OhrNYm`R%;C9eMHKK6ObPEm|B@}s> z<|5RVQI^(`_Pr(fM3q1<^iv-6XtV)e5hdi^R7=P-ME8)t#F*gXJolWTftH4!;l>*4 zpHGMm9908Ig!RD?yMe~-v>Hpd74`W?8&0yihBg!Dz%Dtj8Z(xmZ2qnN?rDe!#YJ8R z0JNn{bmm=aX`O)SsHd}mO~D=~v-40jRM&uj92j_b>%m^%Bs;pJ9g%ylr9D)~8)As= z?HRxtV+{JExnc~$YtBzMl<*Ek_;XASj%4edz!r;us`NvIF6Shr*T@# z1Eu4t4>9QX!F(;Ndb&DNw+98EK@auVtY^qxec zW*b=ep%R=KU?gFpyrEq=c#J4xg%Drn7^Yh>i8YlFMn7VN(BUPNTa6_D++G?ZIFlJz{^$;>kE2SB zQ4k5H)U`qk45G>tP|{}7k`hhwO1Af6s!Ve?$ro^m-e7}e@ z3fhVbf%~zcJ$cyapj?N>K5iv=IMU@lh?;${z+R&kp=m#25{}eC{>=j%hJgsL7fP6Y zR1wMGW<C`7pDeAZQa}Luw3HbfkV3x7kYa-6d4lx;Bwl`k=rqoc`_R3+(^%& zO~Xh$nWLgDT0hNN83z@c@BwUD9=R?Po6FcNQ@E3MSzB6O)^2!xF zv+k%Vo)EW_{tRBFYOpj^n(P42F<(z~W@Q`R_+sxpp*lys^1$Nr&X66aueVilnOijg zrWj~<#1%sP{^Yut8i0J-Kq37sBFDfZ6wMGYCixMI!)fa}YNg|u(LZ+tOHSyUJBnBd zBe>uYD_6rT&8Hz^s*N96BlAkKjdnKBgNp`G?P3Eq8%G!!;*r*N*F*((WHDJU(dM=_!H#_ zLk)spK^uyn@DOCNM-JXB;SBoB3=k-6yW9BUC`K_k&r4UHW`%&qnr?D5yWkrFWddlr z!7$?NKt+_YF^E9D%+RAE@~AQz9GW@A+3Rg9i-6nG(?!kJ(-S{e53f0yXHatPr<2@^ zI#RC~=>%+y8gkR8r}+%qHa9ZJXS+cEb9m)GI7BUfpwC<_C(vw_y{A);f9^PY*f;_E zNoyG?qJQ3h&*YoUyI%mIk!8X&q(21eR9ftxz|}`+)JsC{I4+e2&Hw4iZC9asVntu4gLe4T^0rY{yL^XVuLh!)# z8+M`*?g@F9!y1TheiUyL07^=KNjgvhn+h~N%jAco-;IKv2=8n2 zAW(1&Lu$;eST7&g(K(SA<8+XRtpQjplokyx{!y_IfkIMF7T1t+C}{rYqw&j&9r|~x z^LBfSdf^s!nk8kgG}vVtYrycR!XwxW#Gq8#=oA(Tz0f;0* zLQNxoNqIa0|E#A~(x(B}9plM&LQMtANZoF}?!hMGQR58rNweU-f)A28?gMQ+7Yq5< z#GX+fu}oP*o2A{Zr8*3Xp|T@P9RQ#pEcNG6okW1lMbE$Rc{Yd^!a;XKjnfQ0l?9lg z1cQvZYLWFp3rZL`G;(fc_Rzr!bXZR0B@ij#$!0Mtdd`0^L*-qT?vwbH?@Hh>IywMi z!ji*ao~cU9=6GoG;@mVXTwxFlSil~ew)Yr#Rfo33%AYB-%7ck)&wjjkZ5~(*}tOT>x2ffe_cfQiq>kLq& z<8HH42vVg@LV|%c73OZ}jF^|yK9UztPo9+EtsNBPnfLw<;q~gf?hGyesoG6WoXCY(e6daTd$e)-d9y( z5Xw{1t=pO7XH4&aqqva=TNAk)qcn_t0{5}Okfy@}u$DcBS`%22u*eGl3&5V>kSNwI zz+6dwxfOEharT#Sc z2We{%N|rD&&s4{^iz)R34NvV&dt6Fow-9Mjl#^j661Sj_E0RsG#x6jRhsat;$A>m7 zuG7UY;cJ@h_ox-HL&$-1g2q}z;{w{u$gosN2+HViACQrvvRU2n21l4tBZ3b!j5~4^`*72Z!H!7}jzgjFWU9dlZ+B)z#rPgW0H45n&&aReuoB_bTRefL z5$2!^RmFE*9`_me^`X2d9pJpIMQ3U6K6tECO&x9e=9Fe4pMB3z)9&ZWQu`rTA>*^W zwbFh!I^t3Ke&0SM*MN>oyzs3?^}VPoqQTg>^i)L5F_+0=Xbqd+bJZq0xofBQt%ryb zj-UpKr^5h>TF^=gV+-9R`w0#m_1f=q;odL`WF4f2bWW_RvW5BWz#R-yt{Ch2jsPS= zeUIh%JIEH5r9XV?mCy&_?Z)KEEj}W#ZV~OKx%hAKD`}ocqHADR2@GIE^AewyX2#Gz zhpAgaqZ_$sb_Cl#45Kxf=i+G-0>t#Q0i3_=eXc^j|9_ zKzG^9`uWIt0`jRDp`VM{0(*z%fMoib#-hr_os6f3cr(sg(0Wp5&6Q6_ZW2mf?0v*R z>50=~HnZT+Wv~kaI6&$ULbTpXsPPDgpE^r@mqt{SS5`MKE(Ff74|&n`wGdUI;~mET zMvo@Cw-8KPQn|#8Rt=@ztxy-InXpg&Wh0nYHa`5q*W}(R48s$b^ghulEN$M9?^uo1 zOv!RgoCwRG`Q0y^P^mo>0GU|lpfm0|k8CJMdojOI_R^Eb(&*O!p?A&0#=Db1A(mtL z<{<-7!1Ay`1uh{Rcswuw2F^6gPu+CDomXdZTuj_PwOVgD>;CcY8btgx$TrvM|05zK zyT@fByA~z;XWoFbj@XC3e*<0b{D&aJp-j1ssRbWMGaO2tm%)gpiRSO}U8e2P6Kw3Yh=H))B&O!J9OmqeAoILwkzbU`Rj zE9R)T(VzM^WFE1$RZjl(g==mgoUqBq;{x4%yrKO;;6bIe^7I10Ff#NELVstxc$o{w zZH0zIWb|wG3gx>Qf3hIzmRo&QyVsh42hq#fnzi&?4?p`V9$)YgHcv*r#Y4 z@Gp2uzp~NpI-Jc?t9OtN3Pu%2jNxvwj6ylEXYE*@U|R*jZn;gw3Cb&bhLb=!pl%Rj zoNf{h63UW(HTCk+5Hl{^`*gvVAK+SK6SlF}L4L3zZRv#=Aj#Oz(PtV3W~>$ck}vy! z|D@t|wE_LQ1}aWVC>Ry_4$_$2Ec&ShC{=9>mE~2-i%8Cgq;>1k=u1wtkx2FC03uUz z0nPtt^y2<1y?|LLks4UtVHdQxND_ZN?*MyWdzCi#iCY$fdP^h!$Vs? zrsWH$I%Z4_y;o;5x#$+_L|p}S^mG)9OnY^!_URVNym^(HqX84tBqW?UD#1b5d0K5_ zq+q?zDZqmvPa9AAs2zzk6&k@ifRf0CC+%ekF>^nZD?{j1r=!yitsB4#RPrz6P&*`q zk~Tz5R|1hUjLVyq%=0lMavIR^3V{r_?=xnOkO`gx-#+^AHjt(A3DcvQWnH#`SV

    ~fM_@)k6NvkB}QcE{^^baY}KO$dW8R8+-ZT-gbxod8I_%>or)1D|2)vAY3g${x` z0#}){YCycn`r*OQiW3-&@MEWZ0efl9$hB-Fo1PEFqGd}dZ|@aDWHRhoI2Wg_R89ac zny;9SfF)Gp%wu+g3UC8{FlD>QrzTmK^vA^hnGrHBp73ms1jiR+Q77$L(J3Se78Kf<=zZ9VYJ%T zAZL@n0G0=|Q5Ogsad!b?2PjG25oo$NMFojJf@muenB^7W+x5#St$?Db!w-p#g>mqs zJ?b)xyo)L@m)eiq!uKR>GR(3xl(N1HH7I%~b5KnIi~304(NNtt`x^utjpR~L~FY&RB8eKn^NtOvC7KX;I-JiLK!nq{akb| zxPX4Z5)5Q`I(KTY?egT|&!y~5``r`6HK|oGzNx%_=<+s?Ad|l1(Zaml&vox9gY7s5 ze3qSMU-ig_I6J-@ul1mf0118m91w~TZuKpH{U{;mas_fOgHVitZWi1a1Mt>sDpvJ# zd-TzKy%r!=m8flb5(Z$we0;}gPo=)ZqyCKSRmO?ZJ`F>F^{&Cb6}e0#J15M%fznkI zu}mo{olMSJW5&{0{)&u5_wqR$s#T#R%#L!CHwi!2#imoC`+s-GgquAtdc?R4UkW|%uw=~1PG5nuID;S>;p@XcR0y+Dh;-?@zgrf?M-LaBS=o>eb*f!kAaN9B6}wdDl9M|j+c z%jgch_e~$amq(G}feebY=>Ie*GIbrxFQ{#JiHwz3)BX6G(h9~`cB(~C(19f;)8U%H zArzJ^1R`FNl=N&3led6PAbY?&eP4O$|4H{1l zP2LknkOT`Wsajd!VO8GLSRvpaOS%MR^=0Q232u=NG z+Mg>y^8y@_>Ne5Z-ja!$1Sc0>{kh)3-BB@SExOqHXj6~zdy~w)L167>#~#x{F$>DnR=E^?Ut6T zC;kUJDqjguyG@1-{2eN%R{b&X+fo0Uoh$K!;MLFxHIH{Ei zC;a?{6O~#Q>I}qxx1;duSRtVoJmd)a$w2?I-TceW;Q00`y4sa!(8BuAM898>+Z0ZB z(QkV3`Q`o-0(Zov-#XJFwG&YBA|UX}iVF!Sf?c#5^E05q@%r4Nf&P|3;vWt5|M2eU z>VVOy-|HT+{%_kP_}re=sKDdrEsX2$Y+?1v;H&-k=!JdUZ@$XE-nk?O$Vw?C^~PU+ z@aM|AxFOJ$)PB4TmVp^YJi+e{{lEUg(p$hnRa0jP{`CjH{>eW-A)^_<>d?mo4Sxo# z|LH=HNP(5o|8Dai_wN6e+w6I>-o6XPwn@7>FO14VqjkG9g87?yTIIHPTKjp&>%OAv z3(B8qXjGZGlwR42%j=sj#lh<;u3KQLT*B!O|Z@&#abQra9%VSi z;kXf36{dg2yt&wVj@%Lu%P}YKt1bWEqA2Kt`sVQ)qBQett(_Bm{wm|H>)c?LMrS{F zzQ9-Bb)GK$yTI}=Fa9s_}c2o3hxwg`%7wa4?pDB-iA z5eN5=VR~UsXGE5IQBG&@*IiVd3Zq)nfWJ|JiZyMZR={&s6?Rw4F}V`-|MWo(YAr27 z7}WQtiOvs1qo4WWwnD+WW1z|M1Dfw3g$;*bfl45sVAyaTs%Qmp&sM~^Ecd_pE-f`Z zA$uiA7hRrM3@k>&K#5~9uc8Qhe-*Mr0{>;$3dw*c_W;I}wm;B$(}>E`0|+nYGx$!8 zTXcVDP-G@zQyJoMiMK~>(|C^FvolWeZepx@O~oLkw|h)COh;8sMkUfQM5+=3znFO-ZHB9OK;|?*+@uy0J*r*ziV`0HnV#0JUs44$W=*SluQ*?65Srht zGBTtAX^5lkM~zWl;KSLjtZags3oSHwU<4%BZJ=$zC)}|h-4C!V1(ATLEk4}Kk9ZaO zJ)c$EXwCi*+dwgM5Z~DW+&W29V)`pYv27U~R7{;(*l8S(DtB(I)~lDH&#|h;0v`6x zJg|*9P+Xe?p26}#JX;=W?O5a>L2g1{+OV0(U(lT}nN(c+t~hz1a~j|71! zz-xlJPl`o)K4FCCU!NGy&YPdXB4`6*$VDh}4~IOFnz<8>@oNAP(*~*ke%SlG4H_|8 zI0tkCO-sW&7va2CFzH^A_oyeBZO~ZBka2;cTMsI8jDMGjg^E#5=f_l(*Q2D$z|i$J zs9?3r;CUZP=GDL#0&!5ivv;{r3T3t}8rA{0@xa&+*htW5pTbq}_D9b^jV zvXS@33%o;{Gtjuz0>Yn4IMv!G+js3@Q)`5oJN+6PSwxXrqaH;~?Z-VIMs(q)5{*%M z5x5SfGz>Moo7T@8qeHj{B~eb9&UHZQ=n)5LTF!c;=$}yFN`bLjJFvTY%#u>#5B1MB z=Q1=Uyxfn*62X22GWOebkeSpKVTagCC-IgOy^YfOx_ms7NsmX$U9eQ=^;!I_Bb<&AGBYW^*L^V5uG2&iZ4L*H5DoPY zpvfSCwV^;WQX@$P#*vk50Uw#-w#s!`8(lY`QC{J7=}uVWva0TmTnRtKS^%9Bm32@T zY`HS8R|PJ!aweLfwGwFzLP(UX_^Tbcf!PN8o*nVZL*;cgxv6Wftw-}VTo&F2K}5yj z_#&^$AONc@Or1v85jpRII^a~e_Q|)qfghlO5A)cG2SRr4>;^Yx8Xz74f*|SDo2x*T z7p$S0Y%P|9?1js?yRu@n)iDXT!-Ou;S`%ThEaEdpPlJO$oxJOh{Y?h)Ylyhb`D zCk2BI&X1Eov@>^r{+Qj@9Q$>v%o8cE0?NA_?27U2hw-rHVWh=@ENLN@R#}zGaFdA#IMfH`*hQp-j4j*f~t(9e% z&n2i-)5SBirR$wTeOMLk?ix@-$$1(3X%jL>ihI#3P9ea1SuG=DZE@HQfH!miNh5+Z z_&v{`WcnajyRnZFT$xSga(pCX|umq$@c= zt-P&1^%kOWBo;dc@GNk1fsd1<9HMhEtsl@}hl(nmI~HnY_X6uUM-sU6j; zl50vEZF51g+q`qGQjNi8w76`}TjJ$Fu-!L+MhJb<7p&k`Tao2y16XYvMa5EqG9dJ!U6I{|d<@5E{PWZDT?HdLmfIyaiC zPitzUrD_(3Ea}t_n&rpwtNroqx zIu5bX<_;iIuo%~KUrP4-A>vFEZ?mGFV6p3OQ&D~Pst{^n46aOin(@h{sqyVX+Zb%A zv>c+g2j03vnt4N3!Xk@Ctx5o%;cYXAkO=lJK=yn3XJ8qsL7F}HgL~NbG#okS_=E2K-Q*W|3RdM72V3Fb#SLbdbqHB(LEJpc0=z zgmhzURlB6PN9c2=OU!mHCD^BNbkY-+!x?7)WAEDn_1(dNoTf^eHr13}cL%lMHSx|g zz)X%&ST+~Q1bN8g4pJPKgC?QUn7{5e-ahgj)g-POW{YQPsg8bE-u_t+Ij$df+@g1|^c#Kt8ayRjM2yQz(kQ)}49Inzk-^zQrS`UiK>Vd&y zRWjS#0lUZViB2=0QZ0&~eV|ODxTK2vIQxuvP`k8}a@&JKZn(pvt4~Wyc0wU~@VGy* zCUkddChnZmVTHZiPTi?}3KplmtgbP6Jh{)tVBr+>B5NA$U!%xNhzjKIRvOCoVqCDx z>=Tc#fF{Gytzyoy@a?ZdpeCGF&Q=Db9V$Z@724Pq7VmGsjS|?qm&X&^SeIHfX=RTg zgP<0-((;E>Lr@>m`2=RSZaB|70g!wpsMqGa+o&s|((G2fD)?bwL93B}(D>o-^KYQ! zPXh(g_x2ycU1ID8pf>Tqqe@rLau-Zlj}PoaYYXmTA7%~xDzU|P;u06y3{nzP(O9;DX*PEIu7i_dyJ&iXzGYQKk&kZ8Sn_At1$JN)}yNEsB zZtWBA_t<*S?9-Pg;#uyU-Dun!eI%BCKHH7%3-31}^JK77`$)qi*jkBM=%x3w7v)e%*TCn? zTH>F{JKxWWoJSKAdntN$xPTn*;Yef5SBHP-J*8n&&&d8|Wjad8kn)v=#F_CA7cO7l z?4cHWLid9i_<~tUsK;Zw#1*_^C+r^lmoSf7wC^ovdVGai7O4&luY=4jSVA&huS>PW zMgXV9_eZ(|m0G@-5?S#vkpq2bH^jp%;QhN>C?Ctny-GVjhjP88FE=XYI3JJoz6rOJ zr@Hiz2GaT`dg)?S!q{ocHsfGnuFF$^QBj`|2~5eanJ?dvhJC0E5YqJK zzsXNX`joExz}<%~<&~Tqe;rEZOaG@4B3I8p-nqs0>cAiQO&SF?1(Q%%#)xJTwX!|0 z+jd3tSbH1`MCwa-o}Of{KQh#sc$B!l9Nky5aT2qKX)^K2X1m56z6j_pCoFF3PR2!& z2S_SV3%S5#ARBEhrjY5bk-x4{%_qFp&NH(dEfmyZ)w|ztI`tn+VPJLGyKVNKCm+hh4?N0~5`hd|R24>|J13Nvw@XO|76||7BN9X0lB)&6);<_>0O|mA=?TJR1C>UQ0L#C1=$MwE1$~UTqeFJz<-O+XDRU; z$0+S~^I-8g2QP0$INyiT%IgiA1y$-(gvU)(Yq3j`ab#{1@ja9rvQgc9b}S#bSAm^` zR7&j9dw=^oizBq`oxvqvSS8fTO09^JPUy(61W}{a^H0flo1C_Y@wV?Q8bi&j8r;Qr?#$#kC?MXGZvTJB7uHg?I~Xg$5h( z7Jd|tR|sU@c>o+$VEFT>_rJ{$lX6eLoAdOgX0e|Arn*PweEE4Cn4x^zAA!-r%OCyo zCdrkVOC*LjjZ?_4UqXLPxoxP&+h`trZY;+(>SQjLF=3o0x^f~_v1nj*G?7HZy zctXs;mHNP^|K<9PLNX)F%+x*Zfx>?;t*Q6ehpLMXgvHr)^PHNZyMk$AWpk zHqrG--xl$$9&RgY77Pm4*GJe21T&d@fTQTEzx?HLO2you>1p>B$j0jhi%=HsF6K?z z>Bpb2N}ll?=rE>SZ|GRT@Hh}GkH)eih2slcld%u5<(cupZbVl4giBh5c?nsr6)6A0 z_Dqjd%*l8HzFd++UGsDntRwhV2nb0791jBgsfds7l?v0dc)kG znhcBvH%rTV^)iqv$gdZ~Y}~?{Z_InDX~>>awmv4D_)u3~IKT2OhQvlm=xuUhvSznK zvdk2Sw;IRp?jm6a>;-?MZeZ%K1IcEn&mEr6a@9upPSxf|?@pp*+N2Nr2`*QFD2h}Q zgAWu&8aw5Brd~&Nj)gzdgCR($k1ZU~QJW;fL1*Ipt-2IPAge!%@no@loKR z7S$e>kBHvyzwy>D|4Fdbh<8<8GZa4d4%ZIEM)&zSJPz&*`gbY|7$#ODMhR8}fKwUO*^KSEdMzCY+R|fi0nGUdZ8iE@H#H z`lhhK%z{6QP)L?Yim|P0@Nu`bX#ed=|HW_FqrhD{lFI|%hI%l4GzyD4?(5tu?=Ue& zoagcWMlX~6sIPKhm*KwR@IAHqj3w@gcO3(jZtXp1ATs)lgU4D~7Zugth8a~52P;U?!u{kG@ntG&|L0a8NN;4` z^P(n{vHBn?6b9deJB$hn#m@MiR_|9?j+3;zzfeY1i^)}q;6dqM}h8vwqN^@p8ZwQ$F{(f>_)OZJejR~V;?MM@VMY>J%dx-gU)%*E~n0e9oC6k8KB}Z z-#*6CV-j^lahFT+t=J<{#%tE-W7D3fmjuxjl^%*t$Qz#2g&rB1`Va__-^TF8mrSfx zl>HQlx$QIU`C=wv2zf2mww{BMkVkd>#r49fK$5FmA8$De$9H!<>BQ920Mo%|H4ZL4 zJ{Kh*E&+e~@Ci!h7aD9nA5tut3}*C{llWfC(Z*sy^%+rNp5~@%>ODatdyp9g*}h(j z=QY;dS(f^GmuI9#+XA&NYKsBx_32wo3PUOZ$(uULK3Ng%K>r6RGpRyt9=U?(;>UqT zmS(dWIlDy1$29+Z!u;dhX~#z#V6tntrF4$Xg3YLet~<#@IQbe~Hx5cJMqd@!Xwl~% zJW9ZaMt%*%wvL+3+%Lzk)+Jhj~Wjw)w%7e~j0Rf>j>qlo#C_{) zfw$2D$ML|pBrc|$6=C?i$>|Al7sjuGoR(=yva?oue(Wb&8j=7YA-1^wLp3#SfTGENS_8FmuwFI^t5}BeZ z&!-pn75qIhldLXxU7rz-105di2q&(AdCW&7%G2B!q+r}vlio=^^}^=c!=k~r#Y=$_AK7@ z35QCcJvgfb?bs#ZLH^u4xijB`_cW!wxl%1_{j(K@8fTz^69Y2b_135paK%aBMu-yI zcS{ls6X>Lvn*4MEi>#cpj&*$EgTaUO`0%*Nrj_-Gr!!WJ9%z9urm4TacJzAUPlV#l zNT`LudobNZA&l#YDdI0Qu}$V@Hy11yOt4NsLw0}k75bLksWTV(xep{i7}hL~*} zQ#X-k@Eg%OysyslFTK=_2V*@AxaLtX4xUN34>t;`T7*7}&bZyy&wlff%?uK|uLX!s z#-TtpnMrmZB#JF6Y5Js|#OWjf1aX3jUv5d{yG*Q53Z?iXMa5*sl1wi(@CGe%%{(hL z>F4w!Bvf7*HP=x8gtBMOd~_){)QE)e8@$(O^vuTx60L;q+?h|w&0kV8ODT!ssaLx? zVI^DhEtG$aN&m7kXt7;bLHF6^;mkX1<6Sgwq= z9C4;AI8T)9GEW9r=5fi$KAQ7wMw7!z8NjO`5;F4QTvg~E zY2OZZV0yaTe2&!~mh>F0_Mt?9{o3d^z@dxDaYoso>6)OBVw(l}-YaTpX?M1O^Su0y zdu&~8M=~+?zHcJ=(z#P)vKzy=q#G|YfAe?5F&nkS zTme1CQ4+$Ldzrl5U+sCh(|U~6Sp%0(2v6%@M38K)lh-cy8+=Yb2TlRk(>jFIjt_+p z8tShPA*bLVF?-Ox2e_}V{dr+zRqmqR_L8_0VwDvnsN|pz5-@7EYuglhJ>xeAJOz25 zG-@bFoxgGn@n=1$op~0y;+qu)pCo@xq@b=)(GmUc7K>-J41)F*-N?fz2KO9+fVB{j z_NyU93$Ij!m@50<<|pS}Pth>nesc<$o87vOOmg#(EQln=fof$jN@jVtFt5*%#a+_% z&E_|2hUJoxyK>j7sf8pCQl2+@$y8^uEthuZl)3saDB((owU4Ijr+ zLJKJ2U+A%c9V-q%U{P}!^^>%2uL({o++3x>Zhm*^@jD>=XXZSGCM~2QQrIA~ zlcvAPDtc1MChUjPC>=(_iYfi6lXhO=$+E%k^10;*nM%V)#1WPLGjUL zF8OL0is0>9Ca3%MEG;KB6(-}{%J$o=jMK;RD$NnV@$5SeFSDsHQ&HJX?EC0s>enX&Vz5Mlbf9jmW zQ)*7KVkVePqzYgbB zzD@%d`cIDSx1}6qNLO{nJ!bKH-*lWGSjX;H46M0F{%iLBM{Jdzi16Gu*maJqPx)Pm zoOrhGd?oeptr3I!jjcI7Co~LlmfsIw6uJj3hiQ$OGbwWiSRYyFf6=bf4rMU8uMOK! zW-FCVKw#*H<}|esiJM5(3C~4+R;EgGai4-dF{`v?vS-2$zI{U>z{kt zhOC~_v?|ZVut*no^7A)9+#a>9)F#)0%`WQRaNv@g(Km(k~; zMrPT}LEQbf*GN*{_s`c$C%0VEEah7nPDH(8*MsVh-z&cP`b|E){1t_@20_6-L16_a z%Ay1r=C}$TIt}{~{biBYM!rVW<_}W*80W>}vG0jm6H34OL{(p?FoMa%1B4B(9*bxBIA+wo}$~T#ZCg&7gjGy3r$_$@izzQXcEJiLo~VY4o#~8ytj0 z)ZeZFB4W9G8b3NejQZX)sYNibxz$so-~UrA(!Bz=!o;_&PrNlkcW#3*R>tNYp3P{U zxNOawN{1l=sjzV)ZOA{R&t#MnV_c(6XzL3m&A={;nJLyrLEc?Fk*Us;DE|YUb07>b z*BBopZ(dD1DX^>=CzYaHBV!-7oodOOa%b*+c298h7!r}Wf(n4NCC*3u?bb$jR~s#; z!z;0Q|5lCUKjP_MOFBBfHywd?SPC>NQ66;Tdd7o&C=0?7*S2JW+Sx;#2ch1*3RQW3FC0F3Kx1X)IeO|gDLz}3`HV3->uT*xC^s$fDRB={AGCwxa9HW+I6SHx);*6+KXkWa zbD`4YgMO1SRun?lbDB~1-pGA^I+0)f;iHT)AfVllU~r|pGH?zqkQ;iBmc)K)7r^-j zGUR>Xv&^_efbR-$s`XJahpBz|K&DLEPJ*56h|k6k6x@wxJu&zI`1m*gd} zDBE>pQ$vV@=nI58DTnZM$J!Qxx8GAEM>9!pYvL%?m@^bWhb5Q67jJ?4nt}4q_?Kvr z`juy*nxOYEFQD&<+VbVd948yZEXOxNPzp!xNXKypnxag}621~WKy$6{avERd(XEQelr2^ru^z(ZMENY`vepzcDOdGE#U%Pwj5X79h@j*DjjqUB` z^tvh`o)Y2_<57CRZL3=ebwvyJESo}iIa#coFtod&0C9TT#jPHr_?LhKPp8 z52Ej7s`NZrQ7w;T>9apvQrsY35yX2@rVjy#dBa)&JRx$pJJ`TLXmYlT_uKGI-_@fO zg~MoDAWk*oQBDT>OSSp(*qv1J;tqI(+1_;2VwuW?V2T$u3_=3vmJxY| z*U$MS$UiyhrAp2Q%mbM&Kj=`QwxVKLTcOu4c;wKW#lJ-(Z?2^u0FMb;Q~{h;Vv#zs zRcrWM?a7&{`GLunW>=OET^Hd8ggBK{0A&+h2s^)~PmSWLH5K?H$G5(c%%~yKpJYv} z#9(M7JMLVsM6R~pYM~^Oue5a-$i$jp`s}UdI>*J^2x8^9JSHjRR9Z6fk)!+SCZ0B1 zV8^A*Jc*U%9W+@MC|nGmi;M!e4+r!5mt0sp)EEm*5N;fI-Vu)Zjfn=^p{0nDY2v%E`8nw65QthHb?sCzmComD0 zSI}P`ThZb<9K|mIlw@1|?AKF3nhHS`pv(k-lm1=PyZyNvUkV)h7uOXSsnY<4tzCNr z{8WNR>3-52#@Ru|22Qq+n^$;~lQx9cXK!je#Z$K~aM#*vp!&#TaxUAsC`-Sf!{|Y!Q`<|P zGmCs51E5hk5=e8twXf7NA+MoOfD&qHhBxVf5;};z&$x1Xtlh3MG|!_V z@L<=4gHB(sUo|o3TDQlsuZ$Hp*xB~1_M=NQpgf48Lja9@J*alSmE3b&-dgcfER*_@ z6(UwrtwU-B@k%B#ma8XWK~|*fJVAFDMbE=vD_i|cfvtnJQ&((xpPEGFXcP_0F`A_) ziiUCZjX(4Emp?$rRBpWLi+nw8*-TAe&rd|G+mPxH+xaQ7rIVp`u%5m<^x}sLP|>CX z0{?s>9#ri@=_))>XOX;IQy>(Dk|o(hGbv5IxE4N9IR6PZkfJBsE9~1jl%^UimX$2a zyZOz-GN*V*sNLv++B~~i7aijzTPQh)&(!*y=c^CFUI05H`=II(O?%H*N&2%?mQD<} zRce)z$Ydr^%}mVtVL$c^qb3vPJijO-8l{vocL3Hn_aCQs%KQP&E%&sW2y$FLnL@m+ zSDh_Y`V|$?87O-wJQP<9)J_eu-mC@#OFBZw_G6dAM{#JR(pc~c+Ac-WGR!u9Zm2lb zt*wJ1g3tpajC4dm@P+!LiK$O2l(wewBe%{-?bK^^XvB+XDL)&F!ZV7a*H@M&wUW%cICz zAc5`r{8Lg74Ps^-=RCign3+1#XDxX&1sN7Z1_m1IZE@E>>hs(oCMe`Ifol};Ibg|6VB#Fi5cGK^I)PdF0*-Z% zdeXks|C)T5?$c)=QcIzG$%xJ1R^pDL`2B?1R8ZTGZ$Q1}cDYeOjUj-z&tVIjm-;d{ zc@bfro4#HIjmH5b32eDW8e=UI2-0%PC5cTWIBIXmEW7? z(^pPDS_HDE@Qzj3_2)1VD*R#2jo&|yK!`qYf$(m%x2_41D-Nbyb^BCi(V28XjL9BZ zGDK)7d5`5oM9}utZ3lbk6>A466SD$l!6-)$+bQ!bkG*1%eFm-Jy!oqq`RV4lvp+_; z>P#;TKiK^e&p;X{T5LAH)u>4G$y<^Jj6-5+6;etj=Z1VToB4Jmvsfo{oX8)j#kc@P zqL=FdB0haboUlgAWIezC<7&~|q_ojt+P4*xBk+E3?Ds8%+_EP(s#-4nQ6;`&U=e*8 z8N8M6>ig1a*^2Fo@^#Vti!|n&FPmxgcK5m}b&OcIn-=+ys$Lx9&DoU^ORFmdZ{B9n zz3UXo*7nAcwwnaNmzv+LalMgo?-~lMsVz)dMkAEV=$SarIDy{E&o0o^Qea!tnd$Y% zdVE$)br)-Wg~?}W4xUnxw76w62c}6=R6X2sb4W9&oaE<|(Lqi3rAjtYWx*#%5E(Y_ zpPc#j(s87_E6$C)yYt4^E)=3})$|E7@`)Wr8}A;x)>>EXJ0o!y%Wtw%{M|k z&#JdtOS8;wg!1pxs5A$idPeqk$$xD<+dMHROP6<0H4g%MF81_YAke?fxJF0O66rgY zzLX^_V8IVb`XuY~JKe@$ZSjeYt1Hn`gyV%b<}q5NYDig$_~dW((pAd@GlSl<~q9Ee$E<=MDHUKj>p$m7+XLkd_w=2E<1i&OkwA9s-p!G^Gv}>^3y6TTBLfD_T-oRYSg5gPrf$)($()D%gE^ zG_n=8?@d5eMKC+pimN_*7+&oyXqqrx2(e1QbZH#-AVrAPin*P2u%BSG%QXz{^yD(E zn-^Rg7e2gIgH@S1KasE+YJ5~vVnc60D&8s5!qB{{(IF7m&NYw@Q_HW;yq~so1x+^g z7-$d`fnC>inIK~z^x867*C$e-WzQS~!cbqN>@?rRF+V(GSa>f-mX{R2N=(Eo?Qk7c zH+M73Soz)+TE|6Pc{5?_V!SW0)Jg86IPJOdCx43}|5X7JIEjW)vRQ0&XrAb=?g20d zoc#1it!q-E4=Kj{NzY`PA6;|6q?E>xB3lCZ&cX1`XnRhgh~PP^+;`JcsG$ucDxs{n z|MilT8yP6_Ay9d#sZ5fUWsI?bm6$b$PYCGvw08!NB~rzlat!y;qz33HX5Zd<(2ICd?SViA)YlReX_$2>@VHg{U;b*E%qgb-QT$fBjaG^Kd;>%C=^z$+2fwso6Lv{YC~V}Y zZlc8a$fz?Z=z6~GmXD4=boD`PNq`r)nBUW$sXFWa+!D{fHUt|fc*f{7Bry{Tj(>^A z|J9b!jUY1l{gn^RbNzYbV4tf;Kw9xQ$o0}a21&p0H%9{KO4GFq8^9V`bt#U%Ytac-kEhYw_&q&?4H4|c>oY16&^9KrI86BbxVZ6O>=geNC<>P4$x^t#bH?< zM&+~Zu?!rkvoRWIPjMZ$tNHJ5r2lgzB+6qzqXfJ6qngFN=UYKnp9{pX?)$;^ebZ4x zPKS@?R>t>QP%Y8JwT2XYI&Lq1FATr^)<)G7Lo88KC=`AKF5y2cLU2F5o>f&u9}>KX zIaok>xa|T1k zAI(&-yY6tjo&Ii93BU>x>>?+bRs_QzXC%B^l<`4f4EEniO* zujLqx1^-6^@|5P&0#C#>Col8~?DUvej%G%cUvh;^!fm=+%hC^sfXl`9I-bPi&d(%5 zZ1j}TUwDIq)uR&?g94S5q#cHI7l87Y`{*`|K<3`x9pM_QEpv{d?+DZr?9S|Bdbpg0@^aQfdaA{TgiLRIzWO|wBuqR^#V7lIT z^+fti%C_l!CdC9{VM z@x$3rcG?^OdGoCqfZavY$ww(jKf0uCfzLj{`8JZ#vOnn@sdmF+Zq`AOXSww+M~7+d zpG1428{KIV6z(%67oFgL9}_=U0+d9IKN)_4Uo~O~dg?gSWpolLVFdJ);%TYRf9)oK z7HKjAvVeX59l`U9F#T0`|6T0=|C0WE`uac4(jgnXb$a$@Sjgp5z~_dlHndRL^vOQ} Dt*i^R diff --git a/docs/img/clair_not_ready2.png b/docs/img/clair_not_ready2.png index 588747e2ee0bc854dc6e8453476dfe17a909d59c..8da28622d319f88a5b9a396563a2bc7aa5c17083 100644 GIT binary patch literal 61083 zcmeFZ_g9na(>_WOL=iy|5D-vl(v{vpL3;1K_YjcYyMTc7CS9bLPyz|PN$*GrkkF(` z4K;Lf*zfz@-*wjeIqdxhocEWk1<#Y`p1Ef3duFbgClM-2(gY7F9%5i%5Xj0%s$pQ< zx5vQ19KplA{g1}YISmHJ!wOpo2^CohiI*zQj#jqzmKYc^5y>g{HPm$}dXYXHEh-5_ zkx642FI(g)b5E^k>5^1F;N8P%;^fDojr_v>vHd*}PA^uU4iP>nZg-fUI4+JG73+-3 z?0r^K>(iaR*?^JLJ)~~~65Z;t*s|e^p|a=n`KN{sZXoyjls8?2$s{CHoj(aNS-)dG z|AR#lp26h$;Nc;5@p@0&R;M9`Vr<>l!j_wBG@4o0$d`c(;|<;#zYzl;!P<&V=I@6e zbunJrU<@bg{n!9)Sa5qiB^p(S#SS<1HpZI@BV)P+@3A1Em ze7R70{w4#@(-(7K?~RaiBEN9bk&4l`loZinX%$%1C1Xxkn`e)#ut28dgVEN(uXuY` z3Z~4A8)$>^ogVv&2|@M1`)oTw~>D94E{mm!XZ}p`71z)gEUrT)5`V z*1z>Soo1Ok$<+_OaFIMZJ*=5Abzzkwj6cIy!@i=sIk11wYwi7c#0hILQKYv))->KF zb2t|7+saUq%Hp|zLqfC6i`OLr?^l_;dTWQy;q{s4)|T|4UZc}Q^d;eB$h}wn_&@27 zLUk*iDx2Dk`CgY8CHPvo7q2d`x`qrparQFWEHKJ|Mcb)7F~p90v3|Ed(!o$a-Xav& zx+>iiA($Hv6?pA$rbar5Bf@jQ3JnA_$5~pL*%7oKlV@IcA@_ze*}lkr8-1V}pzpf) z`sApApB@AL%P&_ZbJUg!LtOA-Ae6wM`i&27cv`Co<^vgQT$OvJ;>3S2X=^!IOb9c7 zMf!=q#KZn&BCr%p7l$ipLa&3(8|n_~UR}q=5@4UolgR&p@=J_Yv^WQ@zD`Qynjmc1pJsud>~FRA7@k2J5Imv z<>ABguN|g;o|E?Ana3XVd^WHD_Gm~@;Ys1si7&RD2JLe{ADQ;NTddY7=Y$af!Y$47 zsv>5RXMF9+p_o2cK2Ln^3k6>XcK-gxZHQo$i(rb5uS>FDUg6sG7+|kXPCGrwK2{&aXP^Cs6lG% zICPv@$+VcuGTnlBDk{qNK6!drr3X5R`L=m!-*ro8K>`&8g=>`% zsWRQ|AYN63l#r}XoqH@wn#wRsCW}pQS1_;fVWa)L!MxSHw6}%`W6Pr!!4|{?zaQoG zvulwHzDFk5@*#8~%pu!hRk_Kp7C*(BqCf0>K!gT|y5Zmd`bLUfYF27kN}@->Tx>u@m51x?O1fs+Ja19DPkJRE@@;^* zsm&9|>gnZd`uXui=P1j%H9i&qOT1>()Hg_qTe%zLB#@w!p|7xS9n1!UO}V%1G9gCY zwcK^xrFU;?`M}E6Vm4xpIv!3}%hyriRNOE4A4498#IW}2^!mkwC~YadC=x6x8c81! z-oV}1V83ARXAd_pYD%wJ--fNl)cZ7$)t`Ee3I7yf7RmOs^JMVm^@;J( z^#-A~4tu;Wy^;IWCS_F(I}E7$Sjebe4u0#iMU_Rl#Ug)P|JQ9w0W*ue0Y&IMj9rZP z;yy3&Ebi|;@_ms{ne^ls@RptbO+E9O?ibs>^tfyl?>~`aA-Oa^4LTz`sl&EIqdJ>t z^J!D0xIg-Sb&X|>c=1*58H9IBuU3s)tdSO%hWN<@5m$AWd4B~xtvp-mI!8;Bg2!yB zrFIGno3f$5cj)oMkx29EnVG(skZNOrpiIFL$rnNuf)1J6J@dnU{Vwathds+w%ks-P zjQn&-bYB?+>Gl*}$UDn1%X@cwtY{xD()ln>(*-CzP!NdYOr}VKr%TC1DGD)tf1q}c zY+Q3fyWkX`AoToa$D^jNhU6=+ja4NWk{VcRXrqF7g<8x+4hWZX?R$4hca&LZwW#&! zo8+oW`FdYk14fPvM(1+0&9z*#Jt|d=Yn+D1^im;^?eA_*+l|wJicx(ra0ftQMQXe! zDY^~FIjaHQyk74c&hldRqC5->*uTgXFlIJR607R=mmiM(MsqHP0`e^CRiF4^Rxa7) z%9`r_o__7{Ybr+}fEjITr~eb$YF4(~f^b6MAdq{X;JnG@QHctdt>ob+rem}mh zAZe;d(oLG$Vb~=_QnQ}2AdAOJXN(RYoF#`!$pB3N#Q6la73<^a&Uuzb zn(SD?fXfg2p{-G^WE{qa&91Gz1sgk-;e$mLGll|QQ|oq@JY@i2OG*o)f6djdWR9jW z!fkt-iqGEB6~(b9<}$Il-k`r%$3Abh*y_%>q=cT|Z#uE8aJ7$^EnFyZv;Mfpwx{HRd1 z=9jv8wmF{>tJk|jwKL~K&6`CFwAQsA^5j4)3%x@XOF`pB>&UHS)bC-d^quYTd@0$~K>X2xN( z>(?rOm%uMf2r)Atdi$~)Bl3N` zb|^#f7adkYuY1hTe;pEjc^;zHCC#KKm#fAqQ=)UDQxe?ujN}colr4Q=01-qgUq-Ep zNb=Q>4{~1lfmQ@B(JodV35qkrQFN;ZP1kg@Sq(18EF^1_`)H=mc3*o=*3*YrcrODn z{_#V+06$ZGQ)K+rKi>6U&j_RyZ%-k^`qvvjrQE}t$)@*g{D^^hk4XHVKJaD^Da6Hb zUQ_UOVgB>IL2_g-P4qWcUBCRZKDSrT?rmj1==w;oEsL%EEmOT{B#m2r-Mmf6O)kdE zWo_wKCTCqo(7yuHKKt~IOFJwW61|lb0PWd51_YUTJh}%Q-75I*@-J!;y$KOdE0Tl` z!AsRj$8}00AFTW%47VT!m2#-82ky?M;|e^t)ufQGI;bZ2XGCtV;xXKQ2UyiJ6ZWs5 z+!julSWx=99}NF$Ka~osd-j9Li9P>pyT61^z$dC=Yaroy@~`SSlN9S$fPOvym(?wa zY~X*eY)@J~UE8vz@&I;f_s?%S!5dz=4e{g&{Gxl>B<=%-coaGwifMl#Ql zR3?s!0sJ0+QD-6#bJE(1u#KQ`5T~pwb}N1f}5EXUJAM0O_EEmK_|%gM)OurO{orfG55IOm$Mc zjtoyyx#RoPsHIQRS@tJ_=Cf>Li_n&eeYUY|oT3{>Wj_Szmz#Y z6o>j2BN7)b#?shP6|K_(0l-WB46e-GA|5?Bfgq^i)Z$A>%pcMDwQKgS8#M=1_9R&$ z$`YtXRE1H_)^$C0wQBaxUPOPe6~c;86iOx07pwZY_JmA!-en{{PhfGNwe#YK=-}D_ zsp8sL^$P(V9MTZNwsu-Y3Zs`z;K$jPB#qK{fM-`12+{>iyhNneYBd@-MG(i$ALVow zb32lUBHC5WI=U z-}BF(>4etpGPT(5n6?TaOOx=pb7!v_^>p)O2%fX}Ij%j=zFjv~RVX%;wA`<+ZEQFk_25KeS^9_VkE-cpV zvO|$aBO==VbCA55di=`Yh#&o-hn+}7G!;5|ayP9TN>ctanXQ$PbWF5JiR#>SF~~&o z?x3R5fu%@k`0~1`)+IP!q;*km%a(U*3dsIz)4eT4ztM2**kR(8zEcjuwaNXfAMz^N zKm2NLi-2?l zdQUl01OA*|e)n-ENN8?GnvcJC!{HEjd2f)9>>*?&KUYdpU#=1<;UL~D6jeE_8DVyc^ zTg5@>ZWBu0Gb-ijuPe?pR8u&;d`P3icelNATTZBmC*|hc&amFV%%zn~ zmsg_YOa|!ae;~K#aKHJ6a-kAy& zkX4;n11}5)Ga=$25_xa<)vUIfG_gbZ8G2P@@hHc>y4*m&6NQzfG~3Eo$IGgsGad-? z4`oL>4kn%6XuioC*;HK($_V(QVD9^;k58$5pr;DCuj(aNV>G{%jT7fMz8OV1CAKJF zSI3}0C3cXNseSq)t#L*Xb;M(%{zBUJ$CQ`{((P$H>)>?Z5kZ+x1+|Ns=(LNsra8dj zU5MB`p9aMrz1Br)F(w)di-99YpsPpDNt=~}Q_Ml#mCS7{>Tba0eS<&wxFxsdXl|K; zo{g7lGj6+;V>p9*fNS=q+dnOwXQDl^$47UYm@O8G@OfQhjndcy{fUg)=6NvQT(yoa~=$7xU}5ju->p-=$Su_W8IooGm{o!J#f4TZpyuI zZd!JnA}J2I@oMx3ZgLs|Bg2t~#U78IsozGo4PQ^cRxu%tH&^}IXr~2(osk!HGs8q; zHuDCH-+gK5Qu@;iX#$P^C_dAw08GoJ^EuFM$NvDks3vL%Rbnoqxpr8Km)pL&AnN6m4_R3xwtqt5RQT!ZZLMCrSS z*vO@H#rA_qmxa6?;azr?rn3G*RVbk*O9$Mj!M3R;*7(j%@eyCgWIXGFU$;hu?Yxgu zb=S#%b5;1!oK=URejBV+sLl+i!{Fc~tE^;+=7>dKBHMv`=9J+$A=^9zE`rXr+_jYw8VJHk-WB?E*?P$wZJL!QD}#pF#^RGj`RE3Y!R^bq#8G>5J?A%b zt*MT)#~-d8u3uaG6pHoDe!x!Eg^%>+SZ{jFu&qjK8~&!V03i--e;48l*I}HsU^n)! za8wT0RPzM0VV^fl(X8u|@fUwpwil4bAGr~RS_hHZhy5a(1~ONH>KVzx`95Ktq#W4$ zvz=TC0UoX7c8Fw_-k+n1lL z+li%gxyhK{Q*>R7wrh|Gxuz-ctA|y$?=&0FbJ~)ew7kCIKFWh0)hG^ zS*`b6rIbO1srH?|dz{@8TP_l(zsadmlNhhtP&H^EA66e8Y+PmvMa>EM+h^eD09$?W9rOan_uf>CTWJ%F zQy=+n-!tQw8bpwf9M&*rmfbAJ7J;)Q)1<5TNe$<>CiD}kPQAX<%SABFX!7xiy`glmm*CN zQ($uKAMIvN@afcu^3pp>vGWhvH;Bb+b@HeozZJucCX=$GrY77?k1m2NWI9mJ3Lkc} zHqR}4{-)FR=TqOF$2-(BbGOO&@4n!$6faBi;-dxMHgPI_?Wst5nQIh>qd+VhG2i<{ zS~j2B`rFM>!4`L2mUHYB421>a0H*W()G9jktW7Qk!GPO30RYmu%G-a|KN4f+-*O(i zo6hR?2I;Lgw!mq}W;)oqi2O|m({tasN+QgJS^a@`lj2wFgpu%J?x4p#2Jk7~?j41& zoLm^?A=(nj2VsIvUyK)Eh=@_iZHhk9D#*5J_tVBXvkAJ+u{NPNPfyf?-_2wMO>y)eWBL$YYooSY zS4cB!oBVcq!5`T68&wxA$_)@GHO8g0+`|2hMUeUSPiTreTSi0ys`3}#al11J7r<6; zx9h)qGXK%}YE{-tesPrz&u;DFas0()5_KD+V>t@BKzjAKO#zIk*Ef{(O*#x%c-{GE zVKJ1h!28z1?se)(3lIyB2^}d=29ABl-i>yh3#+?t0s6_4d|;8O|Es&GD-B!BONZGk zs&QO9`Qrvz1=6u=r4Y}Q%+-{Z`>{3&YS@hR*1BmZss?&gy`}uRXf@BLC>9}CtszG@ zsi87%jHdmL9R9`k`ePGNp^rj@nQ$+Fl~z!onbR(Udz7>pdYkNI7zs{Jj&?&d=lqSY zemEKN$cxsn>hc{4I7+`GWSs$Gx@O37Rn-S+w7gI%Ux_B5+1S0=?g1W7eA_o$|I*3^P`9mh1QXHPbfE(Knf|hNGjMgCU#S#;FzPjC4K)Yq^zmFXgQJMg&V? ztf6p{h7YfID3F(RHDSQIxciZh>gT|pVh2$m+ly&31$J=dYq;6;EJ+oU2Mx_s$2s5c zg=_W6FLUP$^4{8!ia0yC_P}iSjNn+o$UN5!WvI+r$lp2XE10<1IB1?|nV zw6YbUp@hPN?U1ipbu;&KEhig0)H3uJ7KVWDF4~<3_=v+6N>+u$^u=30IW5)$n@&y& zT6GZ_m6ixSALyH_HZ1TJ8}=;La!MM&!<%Hv{dcS9ot%h@N_%i26+5s{{pBSTak`{P zx#>~a{S5y*4ugO$Wl&mU_lrH>>6YcrfHitS675A4&CNwdGjeG6@)Q0(Df`|jGPLf# zs8~6dplI!qTZ5yDM}yil6rxKNaFUqeN`PSV8YI=bbf~7spKmW{0@b%gO*^_5Nl;Hx2D~DSn!bDww@1Go)P*`Fi(T^D(4(aWzqf1`0eWC0{wTytiJzY`}k8fQF4u26^y>~gQIG%wI^ zX=a|&+^i8maijlHiO^(%2;sZcrgv;rqBOPl)CqYH{IXn;#>AsgXT4Z|XBZT7lR3^; z*623kv~FA%kdgH|LkMjIj7M=ie&H@!&-!NTp6qF{tiVtIQJ zr&+bp4GX>g=lKFVH)Gp;?u333XO)L3{d^tx|U)7&#~{@zPSTc+JzLaK14whY&%;FJ5V zHYQ*yrHk?H80A?#U2nE*)=(!S_p*U~YQkacXqQhsYN{lS z3&;5)U6Yf?lh7Vyg>}m)?hRF<&x+p*E_!d-I%>Il#96}hs$irWP^NowYW4(L8B!gE zH*Ph?Y!Xv3b%YODQ0s1T=+o2Pw2}16k)A+fRM_^;B6P6d0b;n3omc5GXvbE_J!w*c z6FRuPXkFE0_;U;HHKThLiK7H$Ga6)tnvJrx8zh*~EJH~H^>_FIvxON|e(sFJYmF}( z*u)*W;n408wzx~=PTshlm^jm&S&k)f6+|3pD~u0Ajago@^7}0H@ugFFx7?h7EVr%Z z{E;7wmtfiYS^7;L&S1M;ABzlIaDI&jT!zh-aeWIlVxJhql+LJ}oq$v37o=3SV&zFH z+O$y{!**#6C?09?_)>##4zrK=AW|;=K*0h`bxP3qzG6a`w$5VDt#H@Ps%bK$Rb-El zL03YvN@srx_WAmjmd&jH_|_4B4nA6#W!wiSA;`Q~aoj99LBGlc1A)39CbR$8VE@Dvv6`&^jEW4U^vc2(9|) zLvN#3nEI4+-->QtD}Qb6?w_e~17c$f0C=rs7TI^RFh&pCHr5g&MfQpiK*1>>=0rUF zAf*HlwA8+9`F?+`Hf5);q|IOTM>aLnJBqc~-HoP@PMui1}F0ljSsX3|P?hWAq^b&i1nkm=6d!PDv5l3up65?h}?kqsc3eY(> zzqM8!35cr1ccpWTwk+T=5l{Sxh4N|M7z;UaLajiGsrG3QQu{0+2ACJN@9D~Dq_B&R zc^%H+%s&*aH`i@ZRB9>Kk0xh_~VLaS;CG2DsiH7eE z4LW*c%?MUPp*!8b39^`yqqb%WiJ_aJ2*_1-P24G?;B>3yK6Gj$<>Z3HkIPNXEXpqb z^W{TjACnGsp^cGra{FxpgIRD1u?>XpU^%kkN+x94n0hE>kfXIv*ZQ(8-O~QO!zD(Q zn_s|KV?$z=y~n8zf>$KO@~9E>;HTe=j{i(G#AN~b=LGy{iIj|IJVP7Bzy0*y9*ZyQ z=pBueAUK^#KUbL>Q`=vZzq*mZny)c%QSo#dS#RA6hUHf6sI%-%wzgf!(h%J2j+tzv zj=+CRNI(7r$1^yc68QejSlb4y^xI6G&^UkbKyPRgtC*MA(xlpgu})zeiDVOkDn=Cw zs;|frs5m6c3PRhFRUp*#1(mPKY$;$K`l}@FR+rEt^GjCV{fjVA`q#<6k}aiEO3%4j z-<{j+u|m}#^Cwjijw||>`Mujp`r^rFo_lTY#ety%$%lkh0!p z7JZP*8Ukyb#_z&%!S&(p@jCWk7eTp;Op(2(ag7G>;gYDTHmS}WLiEK>3<;ofp`JC) zmQN$!VU$(e(ytEI6gemKWv6qOt3_yiF+5hFcL&ys9uoqT>p-`bwp)>`aHD!E#OX=} zRTjp^fFjOfJ6j*T%!P8pfY-v8eR2Be%)jhQvnbnJAk7zEB_UYhM;q6mUfs570x2tTJVXP|uZEG*b5mc_Ny5#*4UB{>)gkYCeFl7Fg-u14CSE3A<_&5rR z!ExFZqi#i|8{UZ48Q;9VBdvyLwp(S^zAUGIH=F)l>*lTZ7ah_vApWBnxX0${F_J;d z_$*A_QF4@B$$c-0Og(cW`DD;4J@Zh^Zw>o8W{!YP%o)IOEh_NyoZ4?M@-&i4ZZL}7 zwY3O(??=Gig1-HAjjrhc`q-s0=O&fMl0r&0woZ~ueh9298A8IGfIvS5qu(K!Ire)5mXsW6-Bzl4N%Xa@!8ftPaEhBB{oPbz@<{U|#$Jdg2B^a$}7e z+&-B%6uhfnWhYT^AAqgwItHQY>H&7A5Ilk?0hZoP9UP?L8jK#FZP{qS-jOxqd@l!m zdVz(fQ5-15*Q|KCBw8`{*!IPpJ?9`fqAFJ1!D7hJtZdz>yA|_X-k=G*wol8xWk#z} zVFO1n6l{rToM6=cIrhQ*U|sAX`z9IKjAzkwyAiICOq%gVzT}obRD<(`4UQ`-@`pV_ zq<hy#J&Mq^O6&PzuibazYguO2qD z%2MV-`;5Xn&f)(zI*~-T0}1yYH~sSi|LT%QKD)g$zOgp?&UWtK7oNQmZ-?T&aKE$k z{lDWJBusye3wRVMX|C4GO}XDr43yw1S>BcX{w;U$6qe=V8S0~TE%N$O?iA*bpW^=} z{`Ud=Nw#e~Lh50s$H1iri7s1{OaLxx*UbM)@~8&Md3rkTcGv$SuQ)w^l7IG*trwfttHqjsh2?gj0TwwpBzxDX{r6YIHUDxllFEnXAMR+x{%zA$H|`r}rm zQcun2#QzBAEryd1Z>LKj%bYF=e+zUMuqq@tTdV8q*`<-#=6~rg{x*nBA1bpkk`=OR zM)^6P@WyKYr+=8KALAMcfml%IPVM^)NzK|x1N6-Ha47r0LbobS?IpZ3`B!@~ z-P#i{ki07V_a3?n*zfQMw<`Uwi~g^R{)3e>T z^2~DhNqWbL{T=!+&QxE&Qh4Jw)lPo7l>C*TpVMuJ=s_6`Lv%X#;WhWe#Hy+aPA92^ z`~W-5F=nG?a?V137IIGaA48cu>H!P`#otDpSFT*Gmo|^WWXc8+a%BvibQ0JTNk4G* znc?9rcNk6__*ZyFRPb*^-LCvP4q{vK2p>R~<@kbui&#DQIE~$!^YH?+jgh2F>VRH!x3eke1V)Ak#Vt&iMZmF)Qj z-??F$n{1>fyi4w~l=rGxRqHSW|HCO+h_=lO)LoeiMCCRTvo-(8wA;S? z0mbJmcReB)@e`(b-0nf}d#8j}`$AVL0rmSyubXOGC?0}>pC||HACMZ>@ah~Gj4Spi z?~&S*A%gLiNbZFy{!gX23>~n=DB=#9V!Z!=px(R8PegGEODLvdHB=Dh9 z0Osg?IK2&`L{FpT=jB!QEaU5ZzsseVg&q6;@dGQLljajo{MtG~ONZTzYV-VnHrQtF zNo?<~HjU8bZY7CFlaHaVzA_p#&2l8a_*~e1-tEy7MG3>Iz)pNfjwAAka>%EMug8`? z_g{2K+_4QXf@|;{rNGBdN8Sg zt4BuXT57!1+?lUA#BhpwZUir_!%m@z(Y`VWo=>)3ElKg^IU(Hp~Xu8H_L-l;aG`wWu!qUY;N1MvA#%df|v)J6^ zo#r+DE+HWv$b%i(<_NK!wEXILS^93AbyRNDCH`cWquW!L4Ov8KF)~vza^l=;G7Zv< zl4=y)layUZT7$a7jRy~*+wbhX!m>xa({$QfYh3qc z;g-cj?y%4OT^||b*NSm?sOoHBWm z+u_>PqfH+i%4MZ1N!g2Y&Ca%(*m}b5Q}8=5Nc1#q<4em9jb%Tjj$2FTY)w9W{=!+IyctcEl z9TNAPCrX=Z<4wFKh05N7T;q)(y-k&<(4dFGVc*Djv8GtsN*%`;T-L)#sPph*ziyc3 zPDhp_!#hiF9KS65%h$j6;90b;;D<$a$@`+eaEVoNsIT_0=iR=y)PI#kMyE6#cXGA} z*`OJ`4J7J3XT=?J$0g(EJ)dUVoa~K0O$fYQqFVUi`Hq;Z|0=@i>F=B{PuLKvY&Ne{ z*zkBYKhlj3mzhul6tFs^d>x@~>2Qb@u}w_!*6`SqV9p_~1my4x|5Ry5NYgB4C>0eGB)x1T z`np=svifv|&bCmuzLeg_Rc;55z}E)^ocGXU+9@D;SRVAE0Ps>wOxD|Ijk2xJcleuP zYQC-ETCQZvPEA-})xO7C^n>|_JiD+{VD|B{R2nxoGaBOZ(y;LH4l~!p#{`}zzRfM# zr!*uMzM*=c2xX7GIVQ2o+0j){-9l+ZQLn%&m6dxV0vj(jCyHXPkm#FA1FyAYp1mvn zSN~zQ;ub868Q20~G>tY;T;QRFfBNrQQXU>9`2BlwgRqa#p$0dZh2sGL$|31Y^t?l_ zXc+g&Q!aa(=m+^Xf_Ugnj(@q?#b zk8F;IXdZtn3);1P9|BQYN$rwx*png`dh=FidmBdlOVMiAaAojb3SE{OKUaY8L$eOo z-XZAYsS~eVHxtD52*?C2V-U`VUE@Do)|RGNV<*Smq)IL=Ke*@29V zi(~hqf}MEV&fCE=rRYLc&fR%7Z$MCG^NngDT6OnQq6&&KbQ!7l#`is)_ZT4{MLDJh z|7WEzN%vQ=y=mvnj`#BRWvXT{(%d-AX1i~qhF4ywc!xliQ?-T$G^A)qCld9|NZ?1T zRn*9_;&cY5yH&@Dj-TQmwK z+->H?30)*RvvcGh2MW(@p_k~fNS|jMl*a5yp$71gbX3x!@(GT7O;kE>KyR<3v9L~pdZ&YX zEnu+Vs39hpOb`Sx4eL8v&i{`h`aA03ZPnZ|oy{eU5yZ^AkNOeO8c$$IXI}Y$!#zo) zS8*b)JlVoaNaXVPLREx*T#VpwQ;6pQHzz#6*L}a;xGE%ac76D;GKZyloTaqh1uxa8 z6ANq~W!p5=6pl(t7`e(gIl$Fz)Tyz_$)t5z7onAnN*%cH7^i1Ju>5`k%6dgtgk(Qb zQ4-q!tVAf%Pj(!un9k6hV9W2ZgT*&?L-xRXHe7PUQaT5g{m3$GT5_lZ>A~WdYdPKos#Xk-2TGM^@pe#$!ZuhSjU=hDF`zyO^-MN?*Vwy2 z-?JmWHiq?B@Xcf?qp&0jnCmTk=SzCUI+&*{Cy~3Muv;Q0h=QHSDH#WQg5FXMY$5WD z{>j?Gp5F3IrSwmZeN3`Pv**7?t#H>$75W8p2d79^;;%Ie1FEbKlwsZtsv(fgn^!X$ zzs&C&BEO1Uwl!HAOBI$Iw`e42HSi2Lm2auLdh*B^V+NsK`V`EK7liPRNd3pr@;4Q9 z_|!yh^)P|eRLDonTVJhikIfWV`YKS|?TJmm2?koldSF~}Hd)xd(!y_j8{GA7L5|Wi z%z}ocwPr_|E3#6fgGVjfH3V`1wwivTi$YY7*XSon8WPisTz1LL)gN#MbW6=1D%hXL zN`}A-{HI;*Y-Nx33tuyOP{<+K8TyA0ou(+E(o^yHSr5Ouj7g!u;(`UXT45%Kl0{SD6QsG z75AelM_Xu)@Eh3xg#?nE)s*!&TdxDfL-9V#UmZnVv5m%$5VEofwm*N1>!=lGaj)DD z0r)KD{7qCfVWIzVG5OW+3*FNTY>$K6O^g*B(b05!cFv z)^A7y!EejAjpm*sPUXb4kgu;lKzqT5g`6Wo&?G|N@oML5&D;RkbMYuZZ6I3SQsyN+3EVv6Tc8dwSV-p7Y{2Irt)PsQKnYCVR$hlKh1S8JZD&zMA3G`XWf zl7EeF$Jk8%!FcO8h?zv4#*NR9r|SddZ;YE{4-Dz;_cdf^<6i0BcV%8wo}l+y(0BlV zX|6w;f-tJ#p0QDQFQ&dv{t(z9 zLXa`=5lVkl?0X4P`gpbQ*z1IE#bVAeVf6>KNWt%h*V1Bg2^o7A1*n1uzF1w1c)rwHxbgVL4K#hV8cgqT$>O|GnUn0thAV&7o}F;H@X+hHbz`l) zKlsG+_GMfWTB77CnT2nEV$~R8;`XdPDA zhid-gQ2*7>U(tVm@9=F}-o&caeTABx;gQ?wEKFttas7J)^T_h%3yQ==&C-GALr+`N z$HH^$3b0+_qlW65TDxBgdTu++ojsQyV&17w_hqvU`nLEQ)^o)ghz;>IfLUqi`9#6B z;zV;kFC`Ls7T$EOUj)NKW7!W}hVfblbE*V4P*Bc|;YSC!o>5l&70Q{+*K_4sfcidG zc*LQ*H*~@eid)15mV29ks|x-zuiF~Asa~LYZJN+rvJ^C%;}Dk?Lb-W^dDBc9Jqb{BaU`H4gN4Js8*KRROjmb!#2=Yku+v<|toLiKtyfPH8$?O{NTvQhV*_>@9Onlr=*l91Af5MlH0K`T`q6XoI5h)X@Hx=Fp@a?i7Gwkvg|+QgSpibgW3XI13U$(c87Zia?L-NqN~TsQR$RFWlPAubz~ zv;6mO0hm&S^QYwzJ0h8hA<^G*t6%5P%gdP%W3LZnPcL^bxR)9n)TYX^IMe%2c>P3GRhX}_(ee&UrH@vHlQX17q zIl5XG|KojAvk6e6d}w;bMf)q8Akoa>G4x1~Y5!$&JJ%v{>}TU;A#7!*;d>9DjRaB# z6Y4!^_txfW)sR_Kjak}IIuY_70Hm}oz3r!|JXi%8rjF2WG=>e4Bg^vIu&I`d*b}cS z*%F$b`Zh^C=30FmQ1g3!HCjU7;zpu1B7$d zgB!-?{B3yHbLoAp*~tH_LH?UqQ(3@rb9Ql2PWH%~YHXRK;%w~A0z-O%oaf=KOXZ;V zh~@DS=i#Y%ir}f`N?Ky0u_3L1tf8rK^O-zn#7^>|3?ZW-toJ)$IA-sif-{Zhd!zb1 zNcr;#2`k^DFU_f*(F)VMq^rA=c}?7tcvb7ia-CrmU#EJp8HN+w5k-Sli{&Z331X9* z34X&QXS+1vmB2-Q`+z;NjMd~+?Y@Lm?Lo|qKm?t@$rIc6DL_ooYz^hVyUAtqOD*@o zbS(OG1}pBf>EFl~xIg@i!heaIU7$3Y0RmcBTSwJZ;Hq}g(*3ZtrNFZ{n>4i zZ08O7YCEZ!P;0ltrOyqh_4|VfcOBQ=`ZUCn-T3?I6Y|^u32ly}Z1dTK5_OGmKFw3} zbfOok1OE1zf&}jMy=CgU+x&yxpodwG^)Y!}K{K2=zPkc%S-(=I+l@}GD*)01Zvwuh zyUS$~{zs2;(kv+QEWJtUllzu;)1y{;aG%SAtL!%l(}}zJ5M#rt4|{u0korii9P0{S zqa#bV$YtmSD8S?a;8hkPviv5$O(E^%n`C3hWa7ozL_;e_oQtxaiXDX2-#qb{#wQy6 z$3VcFTLHW2VzRB(OlRi&oGl;^uw&#K{q>uPSZqHmwRi9jqjB=&Q1~j8<;+ZwCQ=$t zqasimyEgu&F6d=LN;jd@A}Grw3wNhfQ6QdPeY-BHoS8Xy=A6v^ z?!Wcyr&+7Js`~A!x2lWcDWnY3`%&^hpz9ibabzv!M>?G>ky7!l+!<=TD2xc9xtc(kgc|)$+ZXt4a^1fn~j46ZPXu>JJW*c!QmyM4rdY z*pA;G+1-oLbH-!iyed{jd~UCz^248tLetF3uW$WMy6Uzb{wPkm@-fZ1ueUcEMR$VJ zvKto(Fs7PYdWvc_-4K?etr?gd@2=n+{7*a1U)Tc~cEFA9NU%`TtC=*Px&m91p$%xC z)~ih%hcj$PCiEm9%YS?Pa{Jo#f%sbwbp*E!uaUM3XmyH$@+N9~fSJVoefqUaVOfjW z;$}sL^QnAO@#<__m0JJJ6Q3@z&kZf!Q+-+g3W6`)0YkonZBDp*W<$>7iE2^|6DxOP z1Hb#sk;(DnT2MAU zD~-j`Z;rtmOv!4_d^Cc8O#EAcUI1p*IxnUyBb*q?wYlULHcuR*_Efs+yfzC0-1@)f z_nj`?w>@SS+r6k;zMfuvSwuqqvG|Oc)hlVW~I*p8C8=; zfme-()#w1x>7sTA3h(~*=&U#SUzHUBg^a=>HsU%YxJ^EvVqkA>=jaS@ zyhrhue)P{*q#Yo3EpsKVD}!8XaJ_arlNHU3vy}rpqr+Qhpte8CJlN-f#|yS!IkOrM zgv_-q^*(Qr^|moGR>Pgt2S;W&8J6dMhIZWOIK15pncvTHn-=ebTg9ZMk7U5Xn9>BSjw zV&9@v38JgmR4vx`*yv>xZVZgMLmw}fz1lc6y`m%~X6o+GA!>5!=71WzK_be7FM{Kn zI9 zO=iaLQ;*g~|6weL9+g!|gIhiS?!jC7Fx2VW5QspQUsSMQ2V#>R(J=iCy;^U9^GwcY z+pl;TtEN^Spx%oYe+KKBu+WxlBnd9{uuh@#J<>johP3HX^Hzo^|Z{sLZ66Mgi9cvrwOw0T-4u$Gv zv6rw8=F2pjLLD#rQ)H+6v)1dG&8s5mwXjR)sd;#&6OPQ)_uen!E0IgQ-mz2Pll8ds zT23WhCnnqu7qCyQi6msYT4Yn`yj|dKx3uo;SB|Z+E1@i%{poWQy9>vg#L(b)u7eFr zw-IG{t;}oY7T$y2cQ>K6eZ;Uw7!*^bcbR^U?wl4cpy~4qutNrnVf^&Q*HoKQ==@+!odPr7zX0JE9#82_0q6o2*g_ z2+jhJ=5_NNnzci&E{KQ(cB$rE*pHJ-UAn(*7eUQW3wiUl*!bu+viG_9UgFE{WFA!G ztu{7KKQ^xv&3L|jblKrLy-Vxop#=sXoB$N`u$Ak z)P;mmd2c~f;(#Rj6E^Hp@|C8 z)Wy1vQ{~b$!G2=#)F7n6aD`4n#^#*1Fg-)ldrH;3l5A=OI^Z(^J8^zaEn4TTKXdR z^1<^#UB*=m@WmpN&l!J3SC(4J`C3r(e)hrf2`g;#m4e441N&-eD@XB^YuTp(5X5;)MuB?k}z}0HpKfJ4xZ>9x+nil3}XnBetw}$ zjv!+A@3Kk^xo3|`e1cemVeBN1N-MAEnev{k#T`N$@@Diqn95|kgI~-K5Idj({AAx{ zot#-D5l2f)W*Wmci4WIfefQDiF6?Rm)y?YC+BtdQozj(EIw?#KdSa;lIZ-9wjqk2I zgnt?9!6y{N;S(_Zg@Epkl@oBRkk`?4>A6@nj`LceTp`(+c%!HcYS3CY#ckmNhDwAu zAr+(JJQ(&MnjIC_HV(;w$Yh?)t=D4cEvV8Pf{5pEhG=6PQi?UN-Q9)FdZOy&%S>2= zmres3*xAy(2lQL{p8$1FovqIrwX#MG^+q2j4)@7fZL(1I`QDRPf(8)gn^=$gnRtm` zxk2x^v{;b`ncdcZKXEIo+Bz;d@tn4!!Zzeo9Af{rkCZsA9x`z5h0yoS%f|*q-@d4N zT4{H!fjNKNO*%@yC1VQ70TUMcj%VmH^-)eL;32t`!mFjq(hI^=53>C<2w0TN zolR)rN=zME&uK7Y3v;sZ!7+B1!y#%j^r-ZbG%vI&;-xsC>Ko(mTU;9hT|Hd*?ymU} z4aT84?wu?-Hkm<>cpVx_`xvA;=hw&|*1A=DNwu|fHKK*O9`8WxtDVmk;RKJOluhbN zySxDluz0@aJ()8(1_=DWYAf|trnNae>wiiozDXH;8I+x7kQ%Z|^Ns5L2H?QRec}Mx zww;qlp}j$Hsg#L=+oCv3U>FL#*ik%6;p4S&#jR6Ph+vq!r^3%XPpnpd&N*S`DPsd% z0mh4N*R6&HGwN*aK&&GNKT{&eYMSL?*6{MoW3zU*Wp^pTEJHclEY`qn_1fc9sN226 z&+yR~Tc7fNP&wqmR{=*{m|?jbhCR#+g)|`5lxOME@pBcA&#gJPS1uusQ|0?x9lQrl zwdv-UhJ6J^a}5cr#XC3K&Kl!tH@A+yEkH4tIV8-|;jSbB9-0sJ79o%lbU8O)G&_Bo zDCd2Ou^F+QHe$Srjc*&F3O+v7k6G|Pm$kON)}9VhuPW|e&5b#d%W^gV$3L20eQ^N) zUoV7ZlPVU zhoO<1XRVI@gngw|>jy)B`m5^ROpWJ)8K#8KFaM+*g`0)fjy>>)$Nl%1ml8YYT^vUD zT~3b&{VkHQ9_Vmg0k#uJiIv571}RQrU=m5G=VnzoiYDFyPWHQ%oyVE3fu(Jbhwt{AenUS68ApuFrD3R@5%3 zSmb0f%00h zsYMt_c!Vec+F^Bpwxdgh2|up&LWy@V%S3kkSxfVpBhN2XGS#n=VJFvr)kaeIGJT2I;eFJupEJ>iaBp zFi$e&0_`1B(_hMgZ0fE*gsE4lNqsebq0iA!W$gg0j3B+cGOfcdusN}t0s+C1M&>?n4)#fW^FkK8nItAzHp@s-C z<~gECD-6>nEz}r{Hi;eRfj^ijCNm%n-}X@PwyXE)h2n=tO#?$`n7%VKUAO@47n!7Y zasX6$43|x|?;ELQ#*kJ2J1Ps%VpIyey9EHzX`=p&M^mZaWiJC*4<}(QeHrAMnmCMzvi>;Y)+`1jeZ4B*=gUnhq49q1#yXF>1TToT-)-vG-y#KvYlcV9}KW{xm`>H=_X6w1x9zJbyz+CTp?>EP0px`NR?`S)*B6MP2;@n zmf$N$r=ava9utxxqw6#f$P0P=zM}2Mo&C1zpwa^(h&KlK#4t&cXOj0tKF<2XEj4<` zz|wM5bl-EWLC}ug+~ds5OW5PZ53k=jb6Ks_*q_voT{IF|vYz*Q#=bkCLai(s3pj|a zorH|k4vmyCeFvnum7lHLwEVOxZ>f=U*D0GFilC~v>wu$!B}$p@^&;XVVFb7d9>6wu zK~z@MT%SEKCKCRRE6PqldrjQ(pYZgjihesax{xOOhK2-Gb*L_Xy9}W!ZZMF*I9}(p zUC2t<{e0#AZl^xs`!uHJD!?9y8OiFrpS1eSNsa6WNuv7`F43F zw`n~D@aUAlfV8X2FS&!?#Gz5IL}?mw?x6(JHHK8_J%;57$n)eSauUFMP}`wE-v2T^ zV|-Uku7?F@h2XcwwN%pGrl*;w8@E#OZ9whe>D}fyTEzdHq5pnT6?x7Ssn)&>f9@$O z!|+^{)v2N)_9DOtmX6;*TkeU&+%51qPF3RN)@;1n=wo6`4WCbT@-@Gc`(b(mQmIqT zOCDy{llD3Ety^6hO&Yv$0c=q`7i65(JF5MsE+*A}E4nOEPe1!NdC)IT`XPO?z_skT zcP4tehXy8cUTK0X39#-}8fKlbz^fr!A~$&el28H_{nK}Mtq^+~?6rkoY|cHVXYRqJ zB`};MK#ThMk+ESVl?nRI+vi8PwQ+XnHw?c$!A$V~8EyQVMpG$l<%tIqr2YSIks)q8 z-&YvQUV-|rcl=wJf2>%k?is}CXHu5_t9s)<9ozu^=P1bI^&`R`De-K;CH7Ls|F>nX zaHb9%;%vyu;DR4}Co$(ASA2wR-t71&28ty@`p^>-)r#Y}^u4q~aOUl+QAQv_#}0L9 z`KkC}37;A(5|rcE|BU4SrX^w2H_x@9-N+5b4@P)Gj?p@KbG2@f&pCQ)hVL;ccU{yT zYpY|dQdjzJXBHk8P4bm%ePgVGEUJ!af=;GA$&`3LRR<)L*(B*?MMC}ONA&BN+$eu! zi|G_Hk7Q4`0)ttpO7H76n%O=`EG%flcSpuK)V#*3IN%e(Zg@ZtWNKOcrZ4M&Ws()? z@?N_5mg(DbS7MWSWTed*A;w=SNhtz$Pc6GbEh)?PITyK(ZT-e_TH3auD9`%gtcZ0z zV5)MLYha_|yHre2ipjanx=Cnct!|5Z9glY?yj{;t_p)o5H(*)P)=&KK{-SD}-KxA( zGFZA0bh6{MEaSLmJiex*ulmgA{R>irRk4m`h67IVmF;#hc4HQ0B?mS;uw*Cm)vNvd zhFYIbm|9kP)6bEU+U>*w&7OK!gEH>8Q@^x>e6r`XPr~JU-wH5J@xjUG`(=HcehOof z7@Q?->KYC#&4(08QwSG%5+K7R5O`7*w;8(L38I>$n4lG2yQTrJG%#Y zk$lV0A|Pp|p;uQR)6fP(M0|cHKIk+vZ)SmxJJ+;4KQ*)RB1vMe^pBUnZH62Fi^8zW zIQX5yU~qD+wH9nt4s zm_#cS-0vk5VPX?+S+C>#v4vGsp`y+s4;VFRzc@YxDfZVhL!_@_6bJ5Fj!Iw-8J|X$ z(pptjOZ;G-RKI2#a)+pVdj9_qvy%M`+}pjR3261?m)+~)2+ zeS7+z9U9Cbd~Y6By?)Zd5%kiPi2=JxAc!NwMm(XqpBJPGa$5_xo)@w}r}08a39AVW z@`0J<0?nzKIDOd1n{Bu;TKyCV1EGd*6%>LAHGX-i3EKbp1b+atGS3e)Ml#ej&OE)| zw7AXUA?&5YiyLuL7A1MU%5dFy$31Dms zsE~w?7mg8hv{mR2#bnqZRP>{6s^3>o;L!WS=@ikWHIb5tO+1kN} zodYbW#UnVETJb;LDLjQ$TfNQb4jb7%9+kUtv-RNc-t6%L?^?a}s0`6QP8D5{AZlAe zY<)0`)}6_q0M?X%lys09pw^IsrNQe!%X$js(~lh4j>gqrNqq&S%}P<1|{${wI;dxPm8)#dB;ZL7p6;t0wGP*JzU7TKpk*C_Q>j=R6vv zvi-@gh>kCFku45!0`-O{F^Uy-rlG9jL#K?X@>Bfavy)v~zum~P_$ncUFT08W@|xrM z1d$}P0~@9#7XDLKe=ZRf)1VdfEyc!M9m5}3vNjHuP1kGt8j(vIA>R{zZDsSxnp5H| zH`3m_Izr8S;rtDE!GHuv5H)2PFVtOCGgoZ7A84)PS4;7pdZaB;GSc9}gk-Ks(^uMx zU3~@SSv>*caFtb+(RY%&Jx7Bv-aEtTqL)N`M`?#o!}%(8dJ&r3Zh8n`V4(dr$mwMt zvOY}F)jeOtcjyCL6FEx&Fo_H3R!$D-0r)O%5*dhrFxPn~;7W#pOjRfxE}Xizp(opj8sz`bH@>j$!C zC42YXQ}>iN)&qF@gLrr)CYZAN4F6?=zsoiM3-q44D}y-fq)N|8ShwL}S9r}4!-8Fg>5&&OQn@`9I5+rU2FM1@iG>t zm2J;;l7`(-5cw-2mi(fkKJx9?vTzshgNk^l3CExE%iysZ@oSZ zeuo+Hq>5TEJsjcnLSx88G!ZPIJB ze*de^-kbf|+B&5!&ZuCi)@e8&94WIQnj`7aOVLk0wuR$v?M96pIuFq5Z}`rW@2Q%J zlS3vmHo0menU1Y2#l&h1_U)ZN^)DV=_X}Zsrwv#VXEQ|F4QXzG5~NEB4u*c6F9?mP zvq;gVrHXc_@M$@piOb#QM(UfZ^Z`Fh?|3C=wOlpW<o#VQ+ht8!7#dVKX|>86 z0OYh7-MWPRa^(DkT`J?FBEmAmbXt{7<%pU)6TnG4w>)`q$&KCAoZur#(aA_)L-`_E zUHjpCB92`ATVAm~68xMQC-Ieh;p&*`2`9-*!=8X3jfyI`EflpX6M=mMG2O138Re8bOxnkMy}}^v`wvO(Y?$Zu{?x2RsR$_`iik7xcUmY9&7EJMVBB z*qLyC3!@3o(R7O9eGi7~oJVi>Izs3ro71#S3iCTm3CC-Krp%u4-`QLru=${5i0Vol z*}7rgvwH0*kSn$yJTlrh>qz>-d`lqeQT<$NY6}Ltoy&m+95US6o;75uVP5_4bnn-* z$!jVl*6-OvI?$zR|hQ6k_(RsW%bdtboD%8je^qA$-G(Iq9f&t`g^7x$&6S zESaizx?Q&E0T{R+j7PsYU?FyS0m)aMsgNQ8JvgL5zphn>8$MY4VvUsHY<=Y4iRDE( zUx~~ssAA8t-K-aMAyjYFk1GUm&eUAC>Ffz5VlnkrB-A3qOWt$Z+K_1U!gRN~ehpin z1lAV-Vtvr3B)>@Xp7iW}(*!>Nj%9oq=)b#s&>C5WnKclDX2l^~(?+qnTv||YvI#5Z zO+Htt*g(o5_)7C**H{;U==;#jpRl*XK26XcXePh3^xW4iXMa&g>^@Hf%r;@kLxBGJ z$jas1kbObxMOVb_NBXv2Ei{Yu^(e9j-hSZ5nu-p?B@qu?8ZR|ZJ!1xHcP~`B7U*#3 z;s{YOLm2jo?IJ+PdA64OWnD>AjNff}c$Nvm1f2SkTd0K1%C4r&yK#3k0Qoe<6^r`D zUlrpIds6PfCJ)LE`|E?^Y^9 z&cITnXiugr^2BQ7!~4++ZB9p`4Hp2&g7w-C(OUPIw|i6c^YspCqon*4>txj?2M*9O zsYI`kV1J)MY&cJv~_>-Fhfo=IsfS-JIc8Jc3=@9^51km}H{n zD+D(myX-enK)KQhHiKTD(?^lXV5rxhe+`&LwuEPQn=Ujws@{G#^T2L~g8ONzLEcZx zakUeV9l$K2oAMES?TrB2TI1uzendSXQO0V10j^%B{<|ym2a3IbD{Oc%Q{EKMXH63T zt``pij;|hBjjyYCbDP3?ULA%kLA8CpzNZAE+#q0IH@p$dK3{#SSrZJ?99(pa2lv)K z>g9b*q(EquQjzWpcvQ4+}uX6?_I|s^5;i16OHM-7!f>0=$1aD>eE&aR0IW~=;Z3TQ;dCWDiw~;ZPrp6 zWr%~Jl6dMyf9AA{FCrlEn`JDAqAz`EO=knH(3CDN09GfL-dYO)`bHV&IghyNYM$gn z$;vj^)WCYu=c;A-o$?=~xB+^`>ZrNt6oiv468p(kM=_t6G36jfg~lHhe3}%Y=a}4O z$3!3<%Z5+=Ijf-Fby1X}i07?wT&26XiwHt2L zewC@*s)SRY5qs{1?H5tQ#IIZFb)H^sYpm9-1cGfXkXuONe?_?BgvU`#{y1qarmTavqB?Af>qFt;r54VQSOjjl?I&|Fh&9zG=VDfu-jmoJ)U(!{%Y?hT{I1iw{p zg-nxAm+wc;khtB7so+r&C!uXl4b_w=afyiH-UjUi^TZMrqiW{b9D-?Z(9jFaBf^&qvG!_RsTU{Z$x5lXY0tS~SY z6xfHxX)M!A-J))_4&EkqG2x)$M|MB9-OMZB1Q!)q_p*(=9;48ED3L_N#FFY7q9#`WJ#+-U=MZfE2tyh2(T;)2ae8ezCqORwv`E?rDOYzPGo}=iTqcNqnZ@ zrC5lniJj&Q&|ILOP}S0g{#|nuOTv^LJ*(7o)_)w&e>!6qnC~7gD?N3UfJoEZiBf!HSl3gOwI55iNQv_HQir^rwW{d|x||ky&Uhjb4g>)N21>Q^ zRV9t~)#^`e7#WMe*|IYjgMf@+=oybg%GF)uyTQ3%Coj>D%~I*>`6p1D>b=@O+`)WaJBsH&t8Xhn;3U1} zQ^whY^U`A-b5hJ;J<5kiXL;&eFh{lL)M*{Jbh4vW@|I*TyuCi`6|YkMWsD8=Qbnir z7P9=6%TWGb1Kuh=Bj=pl$C%o4F{I>Na{ZKaPW2R9Zl4;t6S@HUcwu*0su6ssZ?=TM zf;gbGlj)wO>gki$n>pYhPb!_`Z10;=^oGnYRJnz81rD0APo@G&^P+q99zRJxYt)+6 z7Y8(4d`GjXM}N=EjI;5O5bSplnZV(VJVSq^dGdI$`c|lJoa(I&<4+z9dX>WvQRF`8 z1Iyt^CYQIIS05YvfXHy|HYtlt+Vg@(d!WW)e$z$G3yzH_hEAri*0yUuGHqy3WaVDz zausU1L~h;iH~)i{wT&oZ9hjAyXwy&fuUOY@Qh8s8exeACAuTKTw1|qq>O#jq;4X@X zGS|zARaEmHOC9OE(8nc#iqtbb_l2+;>ZSK;2ShEMg@Vm|XsuYkA}W3ZIXNhJ>w%3` zk>7;KMG+k(+JKdl1*4PPf1ATQ0M7Q8rI6h5rSyZ z1$PgA!naZH z1j*=?vJh1?IPdUe%C?cfFEF>w_YgUZZn=zAdNFeoE`4PN*?hZtIqJ|lA$@GogR3~N+pC|fLTGaenFCR-d|1tg#f{sZzqp9lG3&vK!Em64bG z?7I}SZo=-z;dyDpM|2mByhi=L)qk6GM1E4ljdFS}iHwfqnl2?aiNlDo&_w0j<4St_ z>63B^UNEao#bA2s^^r;vyhdPN1h`do++g7T7z79siT#NSJcAL#dyg^O_onWNCwSI{ zFM8ewrF#Is@(rzga^Dxl9TPCvDRv6{+9uUTtH9~H-e73S!dr(PL)2TqP)g`i{`a6A zZZkBk{1;V+q?c({0g+MD?{B|oJokRQtfw3}p}vz8u)CHn*Dfj0&J7x}rw1srY@{oQ z1s2Ik+7Nt69NeN#*Bu?_J#grf)F^@my*WBKoEm%}gF-;3Sax>O)P~&C$l$@Gx_*5iRqB3x7k@W#S)wq=}GnN zSkLkxiYWrK!u-U0BlJ_|K=$S6PfCOJOV|S!&#TgO^B=#)*ymrB>V;LGblr9-wqN~b zm8vSF7o#G0N%Z%;Z&0TTq4+Y@g%l}mdBQsxkf=T2jg-8IKr#}BorW$8>_CSE`M0M9 zwz}nPyifo&n%0U5sZUqx7dg42BBZhc>Lfeh!GY6RGhy8K7{L}u`4ao8lAE=#UO@uZ zGs8A7ykuYgD3HlIlAm`87#Oy&)@_oQMmq?s$pcm3#lz-!MR8>qBM3$dSJ9!B60OeV zW9!_7w%*;p-2d{3>opmm#bmMj5qaA>SFCyNvFFJ}DQh=pz)>l$^qd?5e>D5iyGdmv zlz*%;qF9k0hQSjxICGO@q7}b2(Muajd!ne#anp3!T(*SoVP}O0)(_dzKO*C(BmKKm z?o4p1N|Ral{Z!c~mD|A?gKH@_V&dWA%S8x$N&OGmun6v20hwkw3Ri2K7k*AkHM3r( z1_ZDn5eR~sK|W*j^Qlcy z=_k|ueBDzBtAH)4+Wxd9WXdz)`DSr90PSa!dibecud*F0!esrjiLtqxvfbB0Q7Qyyfb@&{eG>MX=_gcO8IB^IW}B&|mGSQMTXEPQXal!B9|`9} zGdm4Rcr|{X+T@*Zv&P@p-@l1gg#+qwtFmzMRb=SzJh74}oKD6|VP*s(LSoyX(gQls zv?J=zHB;qZ`=I{NQ&RrVUDur1JZOLC_yW8%Tid3vd{4XH|LseE#rI5Vr0?nuMbe3b zfS>=R;=d03%Xl}F)-0^BJtSYM9^W$zoSlv4;!3E6@EGa*_VsO0Tqf6~wm;8sZ!jHvK3}@$xIFQ7?yD=d- zYrxOD$V}r!g1yLiT6;xgN*bEwiS_N3KjeIs{KD^Y3E&pK{@+@iW=A zQe7%+e|@FD!Al;1^gwB#Jx$s#WM(ec@il_}-3c7htku*3My)k1;RsKASR42hN;6vv zX`wgN7Fchuhw{5>GcjTB@9$ePn&MxKDF0$d+V{W~4t?vD$bOZln8EZ$hDh1PHixoX zYOC;PYD8;u_1b|SPZhG0WK=8L2!GIH_O{WoTR|{%NqtZZ?ujEVdBR8+V!_#<|0|6O zK2!-GIyE_#8ZVFB^E4a5xL20acjdd$mR5$wV5V^VcQS$5DX+4oj-p;ElSf-5LC<}U z*s$YVoj)2FszvYb2E1d_KEKJ(hpHcHn^}$AA;Ji$WBG!Ja#g{p z4AtYWZe}&&6Y}ZD$xr6vDDY0fE6vl zZ;UzzoJV35Yi@1?+i?XNz<75D@=Oo3i*F)_6`SJP#*a9Qg#)Tj&Cy?bN4Sg^L?}RA zBmT0@a!!qRl;Jj|#^I^V9A>;`zU0bpS}?vwy7KON!L60mt@iTSjLwQz+Ow(lf--U0 zCNMJaqOQ5tOwEn2Q9Kj|Fop#iU|s>-GLNEJ5S_=#*05ZLRf-=yIl!|#?cZrR#lN16 z3#RhFok?Xz*x<#S32*1dLrw;D$d;XV_5o8^+}fEao2#Il?ic+}OAi9bX;%IS7+Q6) z^YvQITfWc7G-3-{2r1nOw;R8szHgdVF!wrLOM-_a+kvYs1(E_I#iQS=*^dW=LCui% zcZb>TCMmHW43qKdShlQ}LYkxcZbDr1+)e>Ts_w(Y(EE=@!8K z-} z@WwtBU<$`qNFTE~&k=etLEADBEpYvbg&3hj`JD)RN(8k2H4XkNv;X_P==Q;;kiVb3yTWqXw)(p@ z#Be7M4j|vahjv@^Nj5CO%-(C3(A(Jxjf7|6I(WPK8S3V0O;51Jz1$CXx2AQ6GJF;0 zhliVN7tO)tqCGgb{ae!EkUJEKrY7hH1+$K^%G`YyWuNQ{3qGVR1w;nKX&H2@hovh$ z4*AgHTrsuh49MPh(fjUY`B%FTs`Haepli8a z7sqq9c-O#yJG+xoDvX9)xC>`<1V6aYC}T;AUj2|0XTU4cLR2d|V7gY5g>$D`(Jb$& zHch9-#cX!AL}f2DMq9Cx44YyCK+oTw&RueHjI+d5~I(>fh#^OAR?3BJqzG)Y- zr)Rz$LK-Wt@9?@hM{eZ z+_+RbPb287o_0mZg2?X+s)d2ZqEYB<4@N!`9@&rmC!J>sI|Nw88v^S1e_LwLfpS_$7>U9y!%JkjUJLmZodw-eYDP9(85fuQwopL2$J;wc5+uKWt$R?=UN^3*QrF!>^qHh%vAE#}%wDQ6nc%jm8X0ppU z4WMSQ>_+o5g9!J{vD<**#5zpw;9Qvs^-;I(_2yMz$DY=K)@2tV5_VoGQRu6)>{ouy zBx-VapX(aBF5~fzEmf2SC+j`xmrCxw|3JMcWriSqW0AH+jeDnW z>sU;?!t1c(luH|BgO|!{G#Jf^IDbvH#*8MhJZyZt%QuI6GHf=OR_ge1N~_!$<7wO5ap!0Q3B;dV*N_vi$B z_t!ZRm$pOq_4OT}epI$ST^;8Cvll?sZ?mZ7fa1Fm;WlV}!Kk4Cdr<0PZnUllKv_3iDOU)6`DWa zAMbNhFlhgTq)}}#mc|F=^-P5P8qVG-K|z_#s=fH4`n)F!DOyqH3!Rv`G5^VSeixsu z?#iR~QJ}y-3-+&}Nb3;dI|DB^D{IkT;pu-)YlZW-(F7QC|Cf+MI3VSfLF=X2*ly!NPk{D3v_ziKdRne)gMZmzH7*CBYx~$E6dn(U!M=Xg9_q$eXP_7v=E48+AHC3 zWTG~l8a$a^mo-xC0J~jUGNgiFdlX3Gc*lL$Jo6hDQ%SCjm&B%)?LR4aBY)7R5qW9= z%Gy3l%T2u1|9gdNc~#ZJ%l5S$?j5Rpt<~5V|IIO^H>K&AQ+OAN)T*_QO)4y=@((Zd zwI$x87-6#7?w+F1#^f)*!$g@|!d!0}yS`Nv?w0hwBhKuyTFIkrJ%SSoJBkQfdHYYu z5U@x2Y-+lVDfP3#8W%t`kut@$6s(Z8-Mlo7Q`KZk*u-@fL2t54NJc9lZn-lDgM=_F zJ+yph0(_DhmKUAF7eaNGuo6lQ^_@MJX73?AD?*;#%E=cg!VY($gcW^5Pr}=8-=m9|YyP_jPwu6F6U>jH6&pK0n2V#V z!pp}u&72PfUAQ-kC2$M-0NNfaD-ZO=%Ldj-zY!?H2AB)47ZH*#T$(5?=<#a)srKpF z0_dclZN34qtc4B=?oMH6Zjpd^0%QXpn(y#OeYz04>TSbfOhx__T*uvjnU?8rK`>GoXm zbcmGyy|^ZiFEuS~b-JHO_cqk%4(QCVTZ5}7YE+z*Lc1(xn>KS?oM#2lpfdJelYBW4(@Sx*$&1S z^Zh~~##NQ2pU1l5JjoYQCkf~6iWsTun(&@^$97EO3)YYVxGTf@@G(y~$D_a=CW-JN zj=^P8W1|93=$1o-Qg3+vW+~qgncR|F&kdUiLExX!!ru|>Ur_YS8sL^Uq3&3rYOlMz zQDxMd#0Mp;t&u@C@h(Z_a+&pNUHKIBRpRiAj6Ug!dzGfQ-vU2qQ0ad-1^PDJ8{zR% zJ{S~ie==;!P(qdaX^Z7-g}DFp7NsMPvGWopFQ#KRnvvH#M|cx?(y@Eil)%62v4(Wu z@++|}H5J9#jDCzSJK+R^r=dqI@ultKH6^P`H({h=Y#htzL?8R(J;SUUim2yS*)_+* z+tiMr(H>URN|PDt;46^~N;gUfYmBcq-*|iA==niyAb@$(`_%B$cSE0O&fT}HWoG0z z9XQbm?%l7;n=nHU8S5zuAl5u(=k)90aSp?*2rO@PQ7aiw&0mQ* zdQ$r~B}X2sO{{Jb6u`+Xrjvx_tD6!|beve8Le~~?Ziee;)Z&&rNMsLC*SXd;E8hOh zYIt&Pt^0;DzZ{FPFe&?f*Ke#lI=ztqmws+SR6f8xsMxQ;X2>~Q&Z$SU4&5AG%y4=D zb3Lya_74z1@4Or>Oo|Zh#JuMT>fcH3shd6$IZ$c$Z{su3Ii70R6JUoiGU11HhN=VSdHmi0{T30LYu7!+*Wj?+`S>ia z4$IUuS zGK?{tNc#iGq7<;wz zSu%b*AGJu=QH(YTtEN0qSOx5Tm)uG&r7ZP4~Y!bl1FX_`JlEGo1ZQElln3O3ED zzUb)}ki`IZ;F)7mMc+v4-gNYB->{_WhIJ)JOwQ0 z)TUBL0o6j}s-m>CR^auvAD2I18%U-oq;uJ@V*=lp4_#FEWAZcF-51`@ZZFDD4J|L; zMaFMzy(dbF!nI$6Xj~&Ozva&0U7Lh6#9W_B0kq8*j5?V2eGh?c*DQ?o@6U8ee=!-8 zQ70bOU#pr_Q-39gS0f&E#`Di^5Z~Kp&wJh^r2CG^GVdM$PK_@zI-;XJ2_yg0vrjjCRmD129ECd*u1VeD4!04`1=FEft zLD+j1?zP@#;kRSugsi`S!}G9}~a@!YZNk?du4w5)bqZp2nj@IjqJL zw3~gqL;s`pX8MR8tGM~myY_1Ub)@ZH;Fzx{CEE+)>Vg9W*^h?Sb!ax=4UN?6 zG3++~4tnD;xjTjl;}lo`PUirwF}8tgr;K%!5FMFaP{K^1OK!8Ji#)+*gud#-eFMAd zoYr`xH`51G0L}D6;rgX+(<`r?@FBsuZwA-f(wq&}H8!qJRbLTxZmJEMz~dn~tahp) zj8)dMSZn_nJ+Gi4J;x_}1}WDo>pXU?*|wMoLn$HU<(3*CMx-Se8pAgFr7br0faOnZ z`CcXhW{Sw7v(+`_yVV4GciR4+08}RPbckUz=-t4F58pX`*}D}}BIM19+scI%k>Isu zbO%B%cP9JMgEF9|{n!cCdm_85#Zy+s?@(c@ja+TW-U?>5>S8Em{lE6!G9apMeIJ%k zL{UoVQbbgm5s(HE5fKoP?iPljLt;P-P&yQZAw}sPx{(;9y9OA#J7$0h{-fu3jy{h* z=l6blKj^3J%&_)acV73k?!9(xa8h4*M1)`Qh1g0IgpPRFwfSTI=kRKu3>wv9-&P$P zj(b~=PTn|oPwDl`m^$Ij8y+fjK^Snmb;+%lD`p@@2)Qel~a<`>q~KbzO)){bpPaqzPQ zCx5bB9TE+?z@lfuMkA^U1-;3tSTfB? z17_>*@jSQ5wIAIIyLY!dpH^4ot#Q%Yf>}@v_>dD7oIa8@j8PIt$=2@= zGlI9*S_*afbr{p!3pE$Wrf1L5__*d4%0dg`jDr$Ou-WB3i(>_5z;8Gjur|X1K7u20!dLc~0 z!KD#*VN%Pb)nZ>~NZ`vop(hFLPwyX4v#e|9MuuHvd>*W4@HoY1N1fuayBLi={Ji_J z(Y_TQR_A%etD|ec_(y8aYEL+V)h#v{c7h<$qCT$ceOh!~{vdoE-Aq+g%UKA2XeQ~jGC z%9PL+pzfyeQmc?TX`=NEIQX`-Vx_C!SkJ7Q&N}O9+Qzsl$myIF0|r=6=&h=Jt<8U< z;Bo*V*~lcl7V`c#F3OT1y+x%sS!Vw9z$QV)^-!MGk;&F;i6h?ZB|0&`8zZ@1`7AyK z^t;&J`!}J5f5*+kenyeg#5)!|aK`H;b75pFQm*Vg+W()%pf#QpjJMkN_{aE?QSl|<&p3aU0-*4f} ze{cD4_G?eTHXi}u?{)Iu!QXM<+YKzf>{kC@rV&DmXO37rN$1R0Bb+;LPD#|9x2}vA z7d{f7IA&(N_04&IBzS9-qY~=%*v+Y$iSi~9! zl=**4C9C2q5PEo*|ovC~hz zXcAlPoK_ojg$xZON_}fc5^or1dyG%w?5PE+e$(vw1L=u>o!~c$?U9gDVUPmn)8f7l znL8as36*Fzn}er0(pyo)wvy&X=Of*6U@IZ$lo+cL15e|X0j;Utrh&W1*sI**8sv@M zy9I8`SC`1B;z7Nn>_&{QRKhNHr_{tVgza35XXx?rv>{#-nrF&zw)tRMS5@j_$7u z3SjlGxr~K8a&kOu^}OR98<42FTxbm!5LE>|Mc4TkUXm)~$jCVtj`)4}_-<+sJBiEv z*Vijk?!MCl>e-~`nK$XS6^6B#r4R#?=nfbrG3YA?#?lL~UQN4{X8QB))Agz3z^dgT zTTMYxTMI8E9D11>Be#}sxsCQIHJEj&J~}pvCZf7>jx|h!DhGUH?p(E~&RF7P*eh0W z?#U-9s-N)(SrJ!DorF%t6WhOFg3#a}1*NKX^(L0>E?0z=Y~LZ5CU!;j5aw8*jv3$EpPl`&805tazhxeV6G$J*h zZs&?GhWJ~XPCvJc_iTMzKVe{u+13Ls7LM%qh{uH~>F>WMcG*Wqg|idrJ;_EKU8-lw z8MGPnA#B7X@Nc$WpSy5wB(6%0{3ys;kaO2~?s_dP;HEB{CBo#&Iul_uXSB z9RGS}6>nJchwe{%eAyG{S%!(ww9JilyU#yP3)N4aB-bIVElPhABjV6BAX4|+POu-e z)r=2`Ja$fvUIXT>EI9V*;WpA?9CermV_3tNV`Xoq4?}qx*~4*xQfNV5h?R=)eTRYE z8W9%H&;3l=8U)>A3lB7$i99kue3S#gH0yw~_%j#!oNPWNBDD`Fw!9cFr|~pc>j2!_ z#Ie1_p~S|%fsNG{DD;bh8;C4ljB7QyzXuPnf@culYE! zqiG+}>6@ZW|6)oM7%Y=OvH>$16Kc+?7ZzHG^GNw&Io~cFyuR^(p;R`nPyoqZMaV`u z^-A00dL`50%h$KSPnGWGS{IoaZvoYN+sTF|9jz1VFDK*pWoi~4 zoAeBQ_^j~PEtrhg_1KGnUl%{ES0yxKd7d9HU^p z2oZ5(nelxLaveETyXM~we^EVFQlb+oee5mmGAdf`y?s+NB%Y+E7}{jDD&!btC58!) z^Jn$pX7S|7JeJJ-v)GLr(KIBJUR8&*UOad(}?F`~IdC-EFHp*ovIg`+*YD=ax0(-u&chyJ?r&^x?{a zRy7GcChDXIWA2ecz}*6K%l8#`LBzoxtg^WS1C64(X&db4c&wrn+ATpM4-OBMbK+?I zEH<^r#4bH~&S^93)_}N5Y&@or&A+~?p<8Fy?Q(ma9cFwkUwFHRunmISj%IRi$hk+K zy;41nL%^muJFTm-ih`nqAll*)N0#;zGpBw`svB`9(q(Ib0}^VK1hvS(XIs~Q{Pt^F zc+2IG)cXVj9oNlqKojrmgvW3;=;$1mAc;;+;0i1xEMZ8Qxs`^DgqRmhI_SYJwUrBx zGkY{AOPDh5JooG?eRwEIE;{`9VL8jnyFTks^QjMcOl9<1DN=KanONG~*2N3ua{t=o z-KmtTf$Du1a8}T>2__+}b7xQ9P^iBJRhW-|Z}r!1KR>TW&*)3t(WPH5G?&b0KluW< zS1{mk&c<|ptVD@Ciw2~%=K&%ur`a^Hk$kB4yqtrj&`piI6)5?rK+Wd(q{iNVQwn8e-4CMsR~ zk%%^rkzY0~J+|^gXYV#|kA1a=aUO!kZbv$hRlw0X$Or4jqXOvJmeM<~ zbl6Xx_KXxdbyCs3_@fs!QxebIuxLtw23zg5afis>m4{hbYss@j33og< zm^j+;U^jAI=l7L+loCPz$drXiDPB0Z`(oQgd^ zh3yJfvp7PcTeXq9B5g{DW4xOx3$a=yY(E+Nf`t5o`{v}+{Xwmg`kXUkQn-WJt=-+m za>v>MGQff{iQn2-srN#p;_Oq6@UBZEYQqk zVdm|5gm+3PPcbNa(5Ypcz9s_gE0$cNoNave%~nt?+k;ridsnqpls2=WxwoA zWRn;lB#tAryIFU-Mk_I@5Y+_Z$*n4|tKO5W(whcTTVMcU4Q0s;Wq-$NgPM2?webRa zm|RG%H=qtT>QS}nC8383vtd{A4>a6q7#D~dq@uzfDf-c1adaJzP5|#-MlN2ailn?& zVVjmv3YX8?zJ4+*;a}U6CDwY~i7G9AAU-zUV)D45gwVHvO$NXUGt{BWoqhMACu{rC#&o)vR)BtI>Q9cTfC-d00xofpc(q@eHTfRN{-ZD%SBe5`-Rg>iWc8`9 zU%DH~q)l{$D|T9`vYxhz?dz{CWITo688PymIN{#@IP=i6i6_CXbM35;IMsEn2Xe}X zSE*8ocyxRd3J=;ZtO|VuCB5nmGNm|l3$Fn2n?|;sMJ!RyiZJ7X%Ghlpi9?l6-_TaA zKX+z;jo^iTc3FB=$CEX(GR=*pKIsea{7+_zbazof+`P z(aZTIrt<20$!cNqaxW;ci;z9nyx{J5mJx*Ip&_YTTq38>^7j)Jl zTsQk3H)2Etga@++({$4{m0#o(JsH$3DQ)iUr6iX+NM7g7?NZ{a`Dih#J5RQ2gJcmqALi>5whfQ!HAPx?UrNr$jLt(!H_Ad>-D2*_ZJJ zU|96~l$AEJE1YxA$sW6Dx=ILKh>7AD2nfyhV+v8N$rzj#`Grx?7QCd&Lc3}n9PRiV z6V;g;$>kMl$0@x+8#jBYCVQx-d)fCeISx{Wt3I+K&2mA;hMuF8+g?+rqIg7bdX;aD zY}6?t1OQUQcjmoaHpfXofUw)=W3O9gROqS7MkrbZo&CA``C@LzHs5 z5-wzn5|+dZxQ(9r5^2Qc*O0QMxe0%Sh(flGaP+?+;k$0WFi=Pv=R5zZwJGKFrm3eH zL!>Fcb&zBvdoC;StFa8u>w*>zR5Zp*yOI%h|?nea;vgM9*t6OKG${yQI@W$ z7yA~x6{%Lv|4+mBpe3KfQqLux>~f84%~wc7CZ|8Esxc!*04;jx4ZYqa>3=(qD)Pc< zltKdKn5vWrCpWD3%MOfJP+fMe*m!F2TDe~9UJSplG81Moz&eWX@kgUF#0@7qi0r!p zodt03iqhN{aVBU|Vpwvfz=4ouhOm|FXR1Se)Oq=9mm@A|WI2m^A#-S6YK%hV+rux( z1#a{uW?M&UY)$r+;@^Hos^8W8N%~por0V4|3+E=Ij+UeH%}$-PbK5y>cd#5p-J6v* zsh=A4NQG57l-zq7BNL92f}ToMNQI&$UphukR1PrhX$WZuuE&~t06cFsmZghKq8HeZ z(YtlhSs~NXu_GS7W@LSYHH%x`DRtD>LEiLFg{B3VHkV(Qu5hp~PI!D_UT1aw?6otH zYaw~a9%{=isdsi(!WManR z+>YL{4hg^bh#p$rJto}YrPAv~2VLu4JkaT6&MjH~Kovhuayg5YpXbJx0oJcYUh~O# z`2DAa$!`x6xid5iIFbmU>{x+pv@mc8v_^OceRDW{vH|vdERE+KkC?D#(L=eC6S?T1 zX+eJ-s=YxypqTWiVNq9HN==#g_&hW<=flwa{{H?TA@qg}@Orc{sLlsl%nfeGiK8>5 zk~}}_%-nw!=$#0PVz$;Aa3me+3W~IbbEZH8xb$l(&4#q6H&JN{8#rH5n`_hl$iM!R^OM5M8fmw?WbK$q4(`ji?labG z=L%n}VrIxlwywS7(tZu#4f)__K5Qo%9!O2nWj&e$O7hO>@hr)zs8J&c;{(hmXpjKX zJW@SGu{I!^`PpW2-};lJ8%M~u`?jow%u36%;@gPTS9dX*MMpVN))7W~&%z#n<6W;) z&(0Q^b1#4e6QI+NXrgIsnmK>OvETSZzZEXFoVW6s$UgtLi zT;BB-{9sNn8X=X3fABVZoA1r-J+Fqh6W*x#=0UMP|+%Zr*3m&aZK4IMm>Y{M_lwhtLL6DG6i1w(x?2$kqlp5C6~*z(8s_Q&LLyZX?n%wPyUDBR}RmlxNO6DTBEj|+S)oib^Ka-N1%syp>k;iG9 z9mQ({dxrb^9;ysMJ{dOppGzTxE-x?ZYUY9pG?}ZsPBxG37kxh_HHc!^VTT>(1h-bJY-dV3j{j=Gt%^>e&F;P_0#&Z1< zWxv4jy3~#+>#K+MB6K(&^`7V+ch|8`X+l0rDFJ~7k-FWbOBcSBzFQf{OwF~ntqOxT zpY&cee480go;qFS<%lRcD+sQWjBEUvH~daejTFGfKhK>a9`b4!D& zZzte$ZfklT?jG4f``e7z7XJR58G;`Qw-Pam&K$&vvNBf`YqgJvs3N%kzwBPW> z9a`xG05JlH+U_YxUT8U+b3ndg?HMq;!aDg0Zk>|GSwRZ^k&{s{7diMW{p(|8K?6zF z7xq!B@6pJz5%{qHCMnq&u?xFhc{^Rj&dN$MU`@iKVrDi99xiR3ext1h z-w3q7jR(`TzKw_ZzO%l=Vb;081=gdxY!v!7d0Tm}{py8`tAsZkBDU2T1h1qD@o=0} zL^QFL=W$*Aa@6-_Rat#|vdycgJzG$IPf`|Y z%`H~ZV=fY$=0AoOqTzgWg-8o>w|ov4xPgCaiHL}3)3ZR6F(~fx5%giljFLUmIi%?Y*;=5phlb*vc>|05nZ0 z^R~msgU263Gf}1pE^i}SJu%k?&LEB@32Tv4r8jOlWEw+t?K11vIv;>?1fAR4>T{#D zMV_j8x#Me*n7mXEXRB)3Ilr(fVgH&-jGG_gQj|PHtI1-m8D-$mYeh1J_h(MQE%Qh1Xg4CeuRW|GzVcAOH#r6gyO4Hv zH>SkOU1`BX^;Yb$y!o;D=%ymvJ!ZXhDCt2&HesHu5{wfZ_JH{v}ZHXa$+23A4!4YN(W?sJR=0h5} zZ{hg^S@)RR>Cduo`50AZ+@(q_xnNH^kj}{MYhgz26}wQ0ebH>l9KA9)v%L*tRd8|= z#6J{jx8x}Z0F=1e+GnVRWXJo_##pp!h?~CGk~E*2Gv2IN`+Vljaa|3X09l!XBE|_& zv`QP_c;cTCloCX^oa|x$wCbFlke}YE{tZiaE|_&uP1gdMx^QRZSm^9nc`C?#&Tb;Z zve8<%Q@3QF!Op}DFfsUYo$dB4;{DU17uFNO?ByqTQ{4@sJ!R^2R4 zvp0y^V$Ca*pLmggM2Bo3vxib`q&3I<(kKx%Ti=-drAAsp;`7z@wK&O944Ao4Do@<@ zZq6|)aJKH9u@lAJ%G6lDu_H-~TR3~SkoM38M99^-DnT^8@8Tu|i^0X@fel2S`8Zn- z4`)f94zqgf76GuR+t0NxA%yRA&tVpKR|d1$!{(y_*4?6u@f**OoYIGi5(iT+9G5@E zAP;eHA_CEkvs~nN%8st^v-ufl)i}#6ioW?#I>e_xKI4cWSsiXbhB(6ZW16fvRf9$W z2nJ}n>YM&aFV`H5MpVxEnbP@)Q7L}%ck6<<&d;+sG*)iwxGF;?jo2^cde4!UN3tB8 z(&)I|Q6P^Lcx+}b)eMeuq=fS1)GnU4X;RkUymxVmt-~YT| z{96u=h>y@_1-+bw((agXImg4bla8wR*8tW!`^LK;IZ}4#hIrLhvPn5MbZ&PBh`>D5 zk?Hk`Kye=z=MK#08b>q-RLmVWh!p^@IyyePy1Q{5qnqS|j?#7-EIMeYGq}(REY^j; zGGe%F=9OD0uJX+ukxIt5F_7a5Vcg6ispC#2Oa!Wk$_CI<)6ozvCVJV~j+YBW^BJ+= zA-zrK#{>bh7DKb{WMSVOZ9_BmpG_KX+ar4TJ;WMiq+>Ur@Mhx};MjS*&PPZ8AO>K% z(;H>FleyT`JZv8tASS#)3M|V7Sxy^LrYnOi5h@9+!+bT_u;77E3oY1wC-r z0b*iw&kNRLe30q{<)J6nJYrKmSQ>PUxyMZhE5@$pBZ-#~o|SRwn|S2z8-L#Bge|9^1qKYr3A`ub zEqJ;;^IpW>aNKh>H+M?-#b^MFXU4wsVuE|ia4oWANU)Vw-$8b+LioSY;@@Gzul6Ky zDY%Nvds97oHf>>z&lel{ejFAY_lCM^=+;E77;lm&U$l3HC<@(4Hmb+_#&y_7Vj;oX zS?fs^`;g>QXYQ(%BJCnqJ8v}WW(ebC3A@yBN=2@5sm=gj8m_rd+uKszwyU~)D=Ma` zLqzp8XjQ8z*WJCA3xD27NO#f%af4BaWtzSEtawtOYfM*I5N{2ySmLU8{z4asyt$3l zH38uoqvzwHm4ne4uJUr1>hB;kWKp8&2y16epfNhcy%PXGaGr6_HvLkf^y1?iV^ zB^+ugy%Q1ERBYXEim#L$5nxn_Pa+=44&{t_Tdg<5>4^IT9}m#quhYESuZ28^!@=hS+NKz3ejZaVXFNk5B9xRcyfU8yh;AB zD`=Zuu`cO5*%<(N=DHp}?LXFKC=)iT0CyI>_ju|iz?Ekp!gW<8iFQ?2GP-WhQ_WJ3 zHDcPTobjMyS zlP*{T0v=t=qqO;+(TI_!=fpwnULe$(IT}638EC)$JOtY|5ZX==k=Cl0Iyb`93S zWNW(`tVTTmwh7F`@ja1>x6Z?=)I)B?t|d^6sJ1mcbRGtRXo^%I`!)(ncefl1500|g zH>#zDOPC;NacA8J+G$U(Jd=6&K^N&n~Gj(!Pcb> zFGNA`r<(0fjs;1*-OQZ`0QG&WQDKpmLV-dy>dS`dsX2uRkjJYf{aW8VpeL+eq;@;R zCv*gBL&%CAff=rE8NzOD$_wVWt*!2|Xo?I23yiFvLotPvKUn-XMfn#!t9SEF>gsi# z^|z#2ibQ$ycIi5s4L@r7)X&_z-JUD38$4_3P3<&UiNTex)PUN_L}Zt8lXNIIF*Adb zM14+&Ql;vP+)qAta?PY|c7}HQ7;CPsxVj_gl;Y}lCqCsrFl&D>!Gdm!ks6!mM7u&J z5SW>C(}kw4*(lB=>P=he{ZC|pkorpQ%yFNbLkV2L)%S)zN-p}YvgE1njO=eC0QSL| z%D1aChlLJHgvOjmVIo5G6J$L>h`Vt8-M+vrQlNpt1s43>WLJzKFc_5 zruNwn{R^;MX?t)&8)~RfKG@7q~St@!D?gSNXROA+}XATyw z%{rUu>~@W+@~wHZg3ep8ayBCAum=F%PTXf)AzDKbk^-K7X^!67Z-#1>{M%yu5kez+aJt^ z3Ne~Z%pMvd65#`{w3;kBAIt@*REe=Xt&UZzT94JP*lTn=+<6T=ZvVXDgFF-Ee25P?R$3U6K$EmlE`8N!q3B@A2r)jm zebTWJr3HIs_4ZRFWOtFN#2stt{r3#|gDlw9ros)X+-d}=?AP`u`|%*$w5^7OdLOspzM@_E|m0K-?1on*#`iSciVnCIf3-6DovuCq>F|PXK z%)!F2IF4X(SUEX?qqDuZyRaE6BDf|gqt4Yn->F(CD=jQR*=Uv=5io{M-tttDv}jYy zUlbf>BKE_x`^{^kQ1aUr9Hf6Y&wqdNg0Dw)P59u|UF9%?57?7&%MSI=+pfNx*iqGL znIASBec`nov$0M;w9rcyjM`roSq!t!^C|(!prZZkq)m|7`|ET+EdFnX5OK92AAdY; z)p3NYv{_hC&@p;J8>7E_ej+`NBLdR=iZkgJ`&CsYow8-S{{;MBTm)Yr@LRv<5eY&G z;Fe}hJ$HWr5`PFS#!t>xn>-=!Ui!sQKS+Y#36Fbf64x1Fu`c65P5+8!e*>TY9`}6s zv-(onH30<{n%i*0YqdWn@1JtcR~b0S5I^8tZ}wbzFVeKFz}ySW{~^%-YEpFG1OQtS z#N)8PO7Lgl(%~oJCi6h$^6zH(ZS4A~v)WW1TgvR zUVdxlb%Tzn4<4p$uR*(8+WAi84=A2E!TwV5j_l*QabH=5ql8e^;4vCYh!Zc zk}g|fOrInzo-&+*?P@l(6PR=_Mz4$uAd&HueV{$jkSAFTGP6{X&jF%}PGDb@Q+UH`NEjh~R7whb8C<^K-^{pFx{Bk zSkLNvs3=Cx=PsJu{L2?VYbN+I-UY9Dj@Z5X`STzA39mZ86b`&Jbh{g${L0GzvsgNL zylB<-3MOt45H`w9&BqvpVhYbC)^AKyk;g4JV6>v<$5co;Fb`G~wSSY=%Ex!ppT71TQ`4wD;*3^I0o|xv?TDoUJe`T6H$- z(hKj+Dp898(zxxgLi}#ht^EOYc61k8VQOmXU}@6R)=L3Rc$=N=ks}8oB)O&SC#yyA z=RGl2xvkrT9B(y}+fTqF6j&;Tv6!Rbx=>|^a5LV)QuAlSq>i3omQ{TNox3GPT7v2O z!C3Y%i9RuD19;hR78Z`c2^U#z@+2Jw(*ty?(5qD_p<3$yNae?i`mKw2tstzd=I}1S z=0|n`kkcu%{gPVcHJKrx$LnZ0eReKNb#hh3+1GB=k{@yjXg3QBv)_*}neJ6!ov4ux zlick92)M0{3~gf!OBJK8HbW-&(pUfw;Y44YCLMsjs47HroDk4-rs<7i3%yknew+V7 zm?TnL0<+cVh&x<_F-{g(MZA$f4ydb^eBN>CuCGKz6QGjtjaiyW>o9bjta$hsea9l5 ziuii*#^PJ_&alkr(MlCl|F0dPz7_9x)o30)T{M8ZvjClI4_-9{1PAH)&xvMx zw7tDPfi3kNi5WX2Ltqv}%8WJuzx1Hf!GeC0{Xus}L#hn$21mx>7k?P1=O5fHiP8s> zBJ?B6^JDYsjoM>iMZ!DFkAqCJRjD@GMKA&`vx!7CnYA zfuxxD=ZmV}lpBqo$DgUCT1q(SINMT^*KRC~TBNEIbrz9pBlB=xo~0ry>z~_S*El+@X zOJl9^1sei~EZcPLsvYQBJe+z#j-=}opWF_WlACAYJiPt4eEBWtv){$XK2w%YjF)7L z%g@fO4P(C0$93a-Pk{?-)T$Dc=}A7G?$_Q=oBDf;1_?Kgd@VY1V?WZ*u=rxOCy41Q z@hsS))#=#w6N`N?FsOpexpq;=>f^$YSH)Cq9{mb>2M55gwAv1OBWx#~Pt6|kPLnkP zrn;=cvBmbIM*j6yi5`}i8QQuhC#!1Yw!oPQm(X~(u3C3)aW(=xgTtnNXC&PC(Aesk zxZ!`o&*Vn9tTC@rysYi10Qy?X*Y7vgL5MaK89TgeJPB%}G!m!8!Rj#=k=r9o)J#SI z7+KL1V>E8T*)1kHq;}pOu17xw>ESU{I$g zUED+Bry<>?`HMO&$-mBre$(vubR*T>c8`>Tu7ME7;$_Pf-oC{vS3mAVv$VI|U-hD5 zJjui~5zdlkDf52X4ma1=!qM73T1kJ~^4bW?9MaMoIcnv#*0u^wLNZ9I&|Nj!VJ;SR zE>BHmXThs!D5L)dLKcFGzGNLM4*^)h%i<*=exSH$)FI8Vlc7%%z)A&!?^H#!uawxt zNC_@=QdEE;Vy-ss#*o?W#l#fPQKz*E7dI)r-_%QFzJ79XIvNRlJWM#$%z1ohJV}_X znHx9?wIa_H??l1QFGNFu05YZxKWl+yX8&j`5y&}n2A^NtlhaWihH?0>)q(aTP`6Dl zX0rB4@X@~r*uSM;G$+0!!yQ({;nVjEUI+f$&9ZfGE)7jL+?0G@5-?)M&-9(n`q_S# z2GcQ%K-ipZld!ioNWmSk~=SIP8W))KQF4> zXX#sJ7A7f-_xdZv6XdOAz9gg^At6tyvdhEHTvOIZzBYX4sVF+R@m(>2WT*X-YD>`GP} z(SD^%`D^>h;5JsAYny8OA9})@PteQge>Spr_;T%C!@FNg@Vi!IC@Ds0NO`{h_tzud zIE%N|7hM0t4llD6@KEXgdRgDG+G84u5zSLtp})S*cUzQ~G1j|M{A-1MFXb}0@#aOA z$MnxL55(K^y(hn~=fB?Lp$`6b^!lRzJac?W4T|XbHCFq+nq)jZS1MTU^v^TDhWFRY zDZh@;-&Z4Jfxn%F!~A!N{CdQP`1l}y8~?E9_dol^gQ97{ zdG;se{YiOvu$=q{L;b-}c=Y!NL;V5erz!q`a^gQ#9`WfvRUY9V+JKPw4{h*=Ho$W! qe|V@rJQRMD{ts>N|5MuFn3YUT>Tr^Reg6dhpQ60VoxIz|&;K7qSi`me literal 47659 zcmeEs1zTL(wk0kh1b26*u;3cp-8DGD-626ka0%`NcXtTx5Zv8@yIXJ0$$RhK+o$^n z^w(6?SH)hnSFI^)&N0VaAqsNhh;MM;fPsM_N=k?*fq_AJfq{Xe!@&SoG_gq9!NA^P zTL=p)ND2!RD>&GiT3DHYfk}jXSBF(mmc&X|SAv6QKnADD;@BhjaTDQGff56j6@Uy! z>td|fQJZNfq&TjMvZw{7sUmX72yxv+oSj_~3Qb?|7z_2w`NiScbF}4dCC&51>!vNq z)f6nM-UuE_vj75Y{?Y5B%4ZH%66O%eeHf9?5TXWPP8x^2U(}6_sXw#KyyynmfQu~Y zb71w|@80@ih`!^9LHw|_$wnTB}A3})wCCzyx?mPN3CWx9>feM`_i_(1|0j8rph z@`r|SnDUP~DMK{0ZOBRxm@#cAg$$&i9Dau8PdR`4EhuE|GcI2K?nM$8v;1mKWLF_x z8Xg{4LwDNlUYgY&$p`J>xU)ohwFS=j9a5Ak5J*0%C;7rRe$!XlCEncXo$g%0UguA0 z`_T#;Pgchd-PjJ|$+tA?D9Cg|UeSHgbD?LgPKpMH1>OQYW3V%CnZO?B@Z)Xax+~(T zh2wAz-hZ>!_z(iB5$|%p6JpNc6iq~Xk4wa`W)>J6(W@Chiiq2#y2RW5n>j@#-50sr zE;p<1&7{#rF7NmZgq{v(w*zwhu8CN1*gZe3%ndwIHOjZ_?$j$1p9I>=$e0C#qIq{C z_m7xX@y3j*U->R3jUaN{G$1%YBu-(F!3PIa+n?BPYh-88DUuby%FJA3<|%OnE!`UDiNJ1j^kYhoNYgdf)|#u@BAY|MaDIP z8`1FTA5z1MH;)_W2;XF+SIn=;HC!YTDf?KdWfP4jU`t$5C5K%Y2+wF%z=NNx{{CPv z7C0Z$c-rT1iy3(u_e;o4ra|&I=@PX4S_t`I!L*EC^eOC)3^GiU0o%*?p_0LH8#CS# za#dYlt35|QkwYI&1293FvQA7-tCUc615H2vy0q;LveGWE~0Jnph@~5_&it1t;&xK1DAs<8ACQfqPGsKwcw1=SvQ$)XrbQ4H zrKjMpJ_!H9cH&MB+Q|+yXKq4W{;HPqFwTAX)&sgV#3c(fF7(!*3LA2=W0;w07&i20 zOofWfSB9Tbm2XOLdA`2ywDl%9=)A9tSbby&W_h6dM#8 zWwd7p=lGK^oGFJBojjP|Z$O@-CPxAl;YRC;Y^E#dyUKF2?%9 zeImyEuI76U?t58zdWaathnnr)x{* z8s1u#ni-3j`iFiq+!{7vnX@UgNqwmt#(?05wEo&^3 zE(nTWySUg>$rX z&J`Y>GG3i*?g*lGa%ua~heephSr=0moo3o*o@=KEria{XhHHI%e1d>?umtz`R|K&H z^_(j%N-p1=wAP)*lhzK8T7ESS+~tJ&OScW7B(&>{=(6hGH1cOyu_f`i&u$TN=yJp_ zzN=?+&GW2!aJgYbB0!24ukACE=aY}vwHY(hqtwIEduY{j*LFu}jr454u|G>XnLG@= zgSm~rue+nU>$$hS_S`Bz$k@?85I{B{V&cf;ibBRlZJ<1Li84jzDWEhbo?~|Nv9pAG zPtI-Z*uSYTsqoR<2pbm@zmEM-s6mKRpoJeo1WL3d+zs0TJqhn_5q%@BpXR%Ax|pW; zNN5wXY-Bo4E69Vom&a6f_(@|^L(xh))oZDyA-Un^tnF<3Ocy>L{sOIxyol-?6)#3Y z(q6JT7AF5*R#%|bHTkI~#-ctCPd0<^Y2xh_jwY+zXk5lXvO8N+6n;hv=#G`nPjv)W z23~4DhUMq=M_YsTEjNc5`}+o)C5Pi`mHMgksa*>j3(Lv-3BC!si3fN7mXVfOoG&WHr1K-BD<77wWM)^C`H_Xnp9cvs+cb(vdp(y;ybP|@X8X-H8*N=J0Z9Vja z+gNz_bue&3eNdgT8n9F_y%I4v4t`tp%so!^Aw1w4|ST`P>%MP{2J4k^NG{39HdFyrP+25HRWNr}Q>w3u1XEi^d~JLev(lx8$OD+TKI)FH+pW+Uq233ISpO{~^d| zV-onBS)P~IM+D$oaP2!?t}*)?X-7;(Cd`mHJMP2mPaZVmqT+GOL1ma*I9c;Pr}Wr* zCOak5$`_^TIDc~}x}ECZ>zwo-@!NT3wJ`J0GOb$@NU^&XJBXX9b0pbiOurHEz4n_8 zoWxpYWY=|QblRwz+`gxKr@mjdpwIW*{B+W{h`+F3#-(Rz?rLLun7CwLG?{ZT?7Vug zYYVm9;K2H5+E+TK?P??6yzCt8xO=x;(p-Lmv4q#w{u_K5xIo)#*RlH@`N_cU%0_-oKE_y0#x!re`^wbr>g==Oe&|YqUqaUtg)i-M zPkC`{Mr&s+c7`D?Z$L?k~WhP7xr{fCOzfK<}kUkMz`#9aZtt&s~ zn{`$5$MV}g8lLB#S@zGulFgHmLBvN<0hLmk!p=2tkaVu2^Ki`Z@89=h+!gFIr|@-KMq5xstW@kII5mOyOH5 zmUA^UFeNfD{QxquE^TqKwnIPT6Nq1_bgefbfpBBDiwr#ltv49AiqFtFVb)IkQg>uP zsQ_;$q3H+)hDq`I0+&=GKLx6YbPE*?Ck zCQcuT-K?!_9J$^2NdNiy#!h>4?-gN2=wg{=+o>%1QgZJnL?NJ(FR=)eE|UZ;th#sB=0jpHA&00BX- zBOqo*CeVM+4cyB6dX-zj!p+1=L&U<`#KsZ$4Sr^3HcsBZZusAZ{^uwE3 z{a^3=mythr@`7F^_!o)(R@Yxw0e$hm;RXG-?)l$n=xs;<=D@cQkyioUAzp0*{Cxvn z)PLTA&l=Hk`&a#7V1i(hB0?%|;D>35UIeO1FGNr^ia%$N8W<2HKA|X4?_kM_)LZh9$hKU*w zxFvj-D5!Z7sJ82y-gq;d%H?W$yp%wGv&}(tG@Ql-8oNtpO-Nn!9(8=@dD43Gwi6tJ z80?>(3T#mC{MVG(yhDOMgTej7^RpzF9}*12KMjGwq2qwV@r%x6nZNtzalz9LY%p-- ze|UZ&B?Ifo@8?Dz0sqHwU|wv<|HG1vp@?tMHG{Lc{&^g%1J(!(O7Nea-@?G4GDr^; z*kJ#8ocPw@?LX)MP>f(S%I7s@V}frx|2z%`MHKeWf*@0~Kp=a4D-j;Y|0hL&BY$4= zXZ}aqfI*0gf%(ZtJ5wh^{*&#%fO(l<{!viD%zik*Q<|!GqK^MO4j8rfAMO4BjruPJ z{(sM?fitNbt6s6(+}yvT#R;?gVUZ>tR&Mz37u%n-i;9Y}5kM_bc``{#=CXdR|FFH7 z)}f@-PUqWw1zK-6LfJSuCAzx0(8I+BnBFSe-ToFAkRp1y?X$SQ+{?SQ>qZfmaTCYL z0bi`Q%^zZH9Vo<#_w%l*mg9{rQ=g~d< z{Mz>NQp`L2pxGREhBGyz7@@&2E!yrzZ1W^Ad|MoM<+u+@s!M7R5fN(~wxtd(#>I(b zJ#UV43zhS=ZtTDzl28q7tEEA$Q_-!})v?ddCoe1ZNJRg+mxwdq;{w)L+1QLd{0m5h zDAOFS=glSwT$jLYV`SE7-1R(<-qV6W>c`z6vyo&`s&qHf%H2rbcm{1TI<=B0qP=C; z)%OV=d>6y4Gkk4s=L1xGC(p+x_&29nHE{UcPW||>!2~Xe^LEd}>H0;k8pxzqS64Nk zrfJ2Mp1nri&vG8GL;j~SwphPpV|r=eubBvNthgD;J$!EU_PL+TNFEAt(6S3bpP8Bx z2@emCm^q%S^k-~XgSc49czHCt?*aLIWbpykzgLhGQ8jVykkS*1HJK-yQsU`#w&Xab zC@LDbNys0E`Q_!I{Uv9<+Dv=Jvt`M4ES=Ay@5@GIt@$`9Y>Ve{WALX>p8yHK|1-p% zCkc+f;eWkZTK~2atDwDo^}7HFas!)SH_eqW&1ph1ui$4oc%??z9AqG$gqF5;=|GMi z-0o_VGu=oUkGgNb7(Y}Z$aACM>3q!}DcL*M>|sd%`9m;~PlHd2&&$JVics1%q#o{d zb;eT|vZW*{%?N8`sl4y~WL|$46bpve?GsXP*G%)6P`B&Rf@mM1rsEh3B>87{+m%%Nwdn+XpQN(3`%jJ!cCFPJzR&LW-BkQptG#Ae z5WbI_M0;_{a+T?ilLAj@PY3PKbS{EbU)M;LAsW%WSZcxV{x^r!heQ9q#>&F-VK?2g ztQKAPLs@Y#t3QM98YEFvJqx$vV`B4h(-2C_6-WCWV&yDygaOo?k<{{0Si-Wilat^n zd=OHh7m!-czW9s($NDM6GtHrhFpb*or^`|M{1qb?ZJNVv8rETAcy0>DSXzB9$Hhky zS&=;_sNg!NyiNO2UbC@5YSf#5_moUFIP~zfu4Zms=V{dly$2vv*m_)VDIG>*v^-re zIt?@T^+#%^ad9%AFm*3V3~l-oJrc_%vq}2k&$8CbE_5=>xFwVjpGEj#7lQWg&lB2Z zZkAp3<)9mhT^e!~7e~gZs*sirQ~EuJgP<|=aFg~rn#=92@G;Hq){Z8o3FcTB)OUE? zPBZt``*79&pZ(k;qY?`S*SJ zSu&FvD&xx+aPFg;NqpVGj?eRGRQmp<=UcA3qiL51`Y*}HZ4WlVN9T|rjONP;=@Ej$ z!J(n;qp;DJGolxvoSYof6(sN9!k0;7UcDq$r{tOo=e>Bg8FH2*a{E$aJppdT`s>UBQgw3B33 zqzS28UC`4EvTx?Pted-}>U@x}5I*aHSTf)Yc#G2xM81#q z8)x0HC*(cNnRf*AE2na1^gGP{^4|N(Y}N~G;+U8a=|1-s3sokejgZM+iKEwBOS3O` z884FU56dSqV>}#fEsF#fPmj9-w#ROL8UBQ{(uCSptdR_wNC`bWN0o`BJs6sG>do61 z`RN|tRy+62Y^VSbrTZo33{J9M!(C;#8=Xh`=~+NUef_M? zc`t-ul>hwskBq&ks2UI4a^3h#-8rB0*o+@Nv3KDyg zk>)laI zIl^;4*qrUt8$1REhAm2~0*mD`%>a!GgD=8iPSSlhmo9F(7ft1L+Oo0m z%J17fmM15L1s>OtWWUI^X6z>i(jG&u1TroQ?~*PKWD~bH?|I!+oL+1ay>Ln*%gj># zfcnBZ+#Jc^kfrQMTBh8@!`st=C#jFV7EG8<4)H z_E)RVN2|Yqv|zQyo2szeY4p^MCjSG0vElRm!^0$PC|WhaVQx>l0Ox{i4pfzpI6+dv>_p44(7zlfMl;*+{ncews#&!aJCV2f6lX0&}869(jzVdqBZ-QCNU zt$+j;Xs%26L)W$o0!P$6O8&FfS9BG@bIj?;1qX7!-}QYqoBf1~hqni8Y$tC@TQzm{ zNk}AKVu3v8(b}~xo%!Yg>0fIhS1s-rzipp)Y=V^VNx%TZcq^x)EY)sEt zACWC%&nAVBz{}kjU+aj5ar6CtF{C@6{hi0l^L2gu`*u$!5dX2`^9mP`{6^fQ0Bm>( zWatU!7Dp|;jbI8r8En{p3zO(DU;Hq=I3?)%vK3q3PlPbD5bAatA|a5CjEqQ5S5iTG zf)^~t6^FQ`+?8tAPh^XRPA%@dm;cGh{{}Ws*7-M@1|MHSt?39Zs~Yl4aye1U+wg?M zC69yBd$NrIas&vyzKrKfstunF{~r2lCb-}(HHQe%C% z!g?~;Yj1T}f6U4%DjEz!AU}CX)AxOH4u%`3bpK>&Sy)vy;c9`3K=}UsdrF>KFHE7f z>)P_ddi+_~clZ^CSZCPl_M^;pDj>{b+hcVfq$_`;hX!b|+0_K6zkompEiLV3kqiju z+G#UUMQ_u;?_Fr;Ax$oktgP(Lg!EI}qM3Kto`nYSu8DibZ8z1W_>P%gP;a_c6LO#5 zas&a7l80U+=C>44q0b2r7clTGIv2IGdUW5|vrzs7#3&>vH@QA$b9bM9U*AozFFGjH z<{jcM6lp!*b~AkW%Qs{jjtF~WEmkJds5*t-Vd~5|`t^Wc8B_+eCMosY{i3S)gu_c? zRvGO2L(2J-=&prcgl`TeA_3j0p2GXX@P{D)KMsR+eroiYO@iaMS)ppd4{eQ{%c1J; zApAgYP%(=X`5qJh764ZG2!#sJM6E~kpDT%@B!2>^eTd$+?aov_lBAXYdDssh7J7G1 z>Kv|9Id8j~fAmfub&T&uXQ6p-ZyO53OCyu-X2~%&0M)dUkh^e2c^>n6Wz)ph!;40b z&}H5vVZb=uOrRqe8t;j~h3@Nvf6wo_I`%%J>!uB#PDKx>r8Z&dNC>UBf2wRF`L(^3U&UCI=DtR?q*ruJjvu;H` z&iHqr#)(#gDYknkHU7<93i`Sq)!W>jo4=Vw=U4;yu>A0wG|-$_O5;ltq6ejWONlgu ze1WP3QohsVspSC0Q8^I)j{d7)mVB@BJmb(cHxLX1@@*g!7(|ORv;7kI=9gU2WR%?R z3a<9({Vs!(_4N+6p*{{0imcwx)DJJO7;|~;EUz-QKRR5gWm@X#^{j+8CCKXQ6Ez-T z=40;9v_CFc!lxvwx4PgRv>e8X);P7XPO;eQCPK|s2d_fn|97I?6gF6_vp&7VA(|4^ zmli_c_dqtr6mgsQjs$yh*<~;9mK4P61~HgU+#*9W*>$8oqcT)<2~R&e(uoFgwb$<4 zHp7#*;(|d2rNxRPk4xrF_aqa?S|q8bU$H!jpw%Tn<9atLu|NIngz}UukPe=!BZlzj z$GNH2t(!e5xv@r0Z$h-<@Qf|dt{=TLI4`y>$*_NmbIlzq&OP+i2~+4^cqS+P%7NwM z;I_$Py$$%DX2BLkfRA73O1qUbcPCDMLh!NZz|AXi>&1(;uw(RrXxTbfZ@*VP<3MMC z`a9Qs;U)Q5OzcKRiccKH@M`D%gM$%HGSmnJ&Spq> z&O-+(Uy7~(IWK?`#Pl(=lpkKkY%h#)1}aJBKk#fc+cE^b~=CWzqY-K%!k7
    (5O2-X|;dq3foZ2X;95Wf;a3(MlDem{zO)ZSUow;3OD~-B+2qMqFA`Rb<=;wz+mw zH&1&9Fvdnl90wKMbc=nuJaKscHl%eqPWmPilKdSR%toWoAMX>8*6fBDq)e4JMhT(+J4TB~gXp zCu$%f4>xn$>%{8dH?4J=xHvl}H4`^}FPAsCLkNJZ_JEFbrW0=M+s$J{55Q$PN_moW4iEkE2wR#Rm%Je(dUSQFr(Z{US*8gb;p`L_vjPy zg2y#O4|vX}yGx%=7prUc+%gnTP*ogy|6EZx0dPvm0g4` zxa^tS%9=Z$5hpY^G|FBg*e8^!K=^4Bg>Cck{c`_xqeZm47bacH=fUM;6t@b^=OWL| z^QrL4L$}$z@UG{492z$QrA`Ius7XNdz|lifXkErH|Ju_4z}$}F-!;bwwF(S|NSuBwt zP}(xJ=li_tJG?DIuhnuf%44duf)e2>#`Ao;8Pdma16v(yZ{bA3kO6qePUn#B6xr;G z5fRGxT*d;-75DFlyqykb`&TYh=P6|7Z>kI(24HIg$K~&AOn^AiR1srg zFrnibLmOl_-}n_LXR%)>OY=1Pi@)aZn*RB+%jtj!`mcjYfnw{oq)z>h_gl2}e~CDgZJj=5@w%Ab9xJM-Ka0EkQf)6Rf~4 z!-?kHZTZVRsA)T1yM$f{8X-+I>bZhek@3>uF|iFOt0Hpkg#2jfRH56Z{53(^bzy2H z8tcjWC##u{ItXYS{%y8;clPb4@Bmr*$S;EMH~xDQ2^6NC2i0CR4VlmxUQ4+{3}(iyz>vUw(iPbCTK6v@Ajsg6L5s`#j?MXt$Uvg;pKY)&9y?fRK53KIzZ+CHf4Dv>lbnMLcTL&2(6((AEpNLo z+Kb*v)@a6=;!hLJdn!%X>{Bt@tDlmxRMR55V$O(=6}ofB`7xVzlz3GHdvlQh=<@Lh zPXp$!h-p(5oSYgv`)vVNO_ZtZIff=`Q3SOxc4WhLX+gU2?9O56hyJ)Hr`iG zTA!!Td#HSO(k|smW8e3V4`KMr?RCAR`$m7jG%x*XgrU*Lf@`sIEgZdyw-J8L8+x0) zwI32vY`%n=RK>?*-cKa7i2&4FcFQ)WqYhC-AR7~tpgi9dy7gQ|$F~r2G?-d>Gn5|! z#svGCpuWh$QB=Q3Db(4X55RVT;DK3YQ^{>q#JAS7i2M+Yc}BR<#8%QY+=npK7- z^gjaJOFf~db$e&eZg@rb$BfT23TGPzQKm zN=gdNr0yOI2ECIu08pmg2LtsYG8$s!tO#*pBH`iwHtri*76!IQR zI%^T&_;I69AK^Okp?C;nVgAa`iFQDPgR%wTTjys#EH6FZr>h?nI%r4RIk3v69bZH< zbqHHVu4wX84KemO8fDEOEHM%{vK63+_zG;w3~Bdda1!*1BvS8xg+?%xZ@7s@>D~I@3pWPpL%8U9$Uf! z);2}+oQ{Q0Y0}!nr2p3HdGM=a?}dJ-`vGtXLG5054qB}qwK+uh_xC#W)UM>XIY{jQ z;XIrxQsste>W1pJ6)g^&Y|3yR%LBr1q|4!)kT|}*h|>I?j6p1m=Mpt~hncZ)_Y%ob zILAtbRws|-vfF0(%&rXMD^sM^x5={a z%ahY9&@E!&J}}v-Uh6th4a+1vl3nu_K@DfuQt{1vFkQ5bs+#rHAepnUXLj!g%CyF~ad$*r0gL z*!smE8*E5E-|c4DT62uvoiy$e78MrSGZe)^6TvtvTGuDNsINOYJEMdeC*jkt0CZ7? z)F7_N>3ppv)|uMbdH>AAL2iOx_P1|uG*fBVoSd8*7_Xv3UM1=@VyttU6|M9F4vOrh zxvogg>bj(hqS$?%{L>Pd2IpWvX~-3KpQ)RKL^6NF|U}jy>Sbl z*G!3~QSV_ieieonCk$p^{(O^jG5rK9cH?(q`>eHj*Ke@CFW^JT1Omw{av77 zX3;lwZV2fsLF^R7sF_I8 zXoe>&`c*csWWTes=3o$kgbPf6Inlil#QGsueS5x6oS zu>+*qFBP2iXm`j{*?`I)$R*B9==m`6$~u-&=J-RCML_-_6yj64+_nawda1bHfsQh> zGs4uUA1SP22D4ERJ^K-B!b7R8cPMG}*Y62K-p7r*zXQp!30?1&&%=LXHRrx4SpKvx4(kz_A{9+bDQNDX1(KLpm7jBXiJey;aY-yE+L-J`GrG5Y`%3bq^S z%XGQVch1pJ-npFZwufWs#i2gyLM>W*zk}gi;?sVz$X|ea)24g?w8_dBzho$>8N$mL z6db(AnsFEA&q{?ztMQv>_N=*Mqo27Ce^W8%;Yel$ivz?`mXUC3g8S1QpxL?&%RC+d z=9Hty^eWvaZRmNsisbfpfb~zq3aZz2%qh zCDy`C}kmAyM5~^2R;2 zinH*|P%3o+6VOJ0r?D{xPAJI7gGCekX(O-@gLP0rn)kBUdLaYv@SWXF3Y zEBN5K1IZ^UjVGc8j?66*Bp6f8*|nrBey zty*$?S5xGXRhjq=0+(rN4IlAuZvaLi8_DO?-y^nk>`>AH2*%2mmc`DIpavU4BO$jP zE#zPIZ_PaCShsy)8w>*!=UL+(BG&M9R=8DqEks|b8*?|UWvQEejz_?3Owf+QPHJ2>guNL zz3*yoyQo6Cehd-Ix!f-HdTJGA(ZElK!!x9!cKm)lpKk z>n|qQ>ejP@38fZvrFLZdLP=BLOG@Mgu&UO&tk;hgIBb?A=#ing8hmY9uhdxi!^3WJ z91#IG@II_`2AUO=sv{p@L%FbY?7+RZ$cUITs_Ri;VV-Y%UtC|aEg2H*=@YOAO~Nli zkiC{55Twa8e;bSu=+X9NBZL;vpP%w{Y&PfSic-EGqc70)x!ZmRDsh4$y8gY+Fg$Gp z^oMtphBqU4MlZpPv*LQx%F`|`eGofUX8KmR=&2o-nCf$YelouBlANC5Ag>#JRew*3 z+g+y5X@g-T%P88`=QXqd)QKO$fCqBdL}C8%K!?}=Z8+mSXhi95?fM*KB7xSnR*ku$ z+=Kf-48_itK-wH}%T(BA%J23iGs8KM&ly5dS=qbP_keQLDFPX9`(2*y#(dd(P_Iko znqA9j;7-X?U6oV#y_;wTPcaW|R*1Q0mF2j4mKaJ)N@OrkJXhMhd2|7$tIgt(&<7}P zSp!4402eM;>tb($*1oP@KEgr3!@md;#e2`F!0i{Q9Y$W?bW1q9Ti2YnQoaYrU&V;| zU88^GdM!~Ge=5})(F5r9Nxj+gLj^>PL!bEa_hAviV;~g`5DY0X78XDg%~t|#s;QY7 zv7rP|0?<9YV3fyKC;O@%sSQmpcvhxRTU%=rsk~w&ABaJxMt*c2N1L+<#hz07v$0JE zsMc>-(q-~3rQ7J4KaPbtj`7WY<7Ffgbh2 z5ZRt|*6(voLW1NOwsWW>#iU!BX3PCqq_34noN|&n-v#G3g$MoI56_DH+54*l$RpzXgtUX_k%SvrTPprYB47t>_Tj$& zBkX5#unzH0fHU+=|qf-pZbu8N=I-)az(IA)GaA5j=)LF1${L6 zbo_Z0|J7rkz;pCmiWnjO&&2w2!V}?}PXi(?hAHkkD*&|X&K587-|VupGizk1U#S-o zq0&WOn`5dr81S+SQaOMvvA`J9C(U0q& zTTwLvIM4gZMiO!Hjgz3mHX{XAmb@jF^R!1YiY+7F*VwM|vnDdjv)vhxm@d>$CN-BNTWrZR^yB_k06dX)&BWNTAit7dxOkxtHh0y>fyvJGRPU z6}!+*Kgfjk4r=s-58!w?0F--PDsF)EH^QKKEuY@B@?KlhYj&6&j%NoMQvN*inZpw% zN!XYUYzluy2@b`8ZGx8AIj#1EJlp`E{m-=7))s$o?#R%HCsA8|wbytX+4Bku>i zqorafVKRa1NwHbZ(0go#bNrrdf3C$Lqln!(Rl;8pl0uSMnw=E~+PD2bB(`49(|u{7 z1ae?`Gi>kQu8dCe8rv5tH<#!E4}Xh4E&KM%cRF=c*st+@Jy`lO^(!89s%mO5-^jYY ze0PT}vn+2_!~B@WwdTOSSgZ}b4)Ge;&ZB^WhxZUY5$f+s{_?dT_Qr~oh9tQSLoiig ziH73DzNQkm1E6{i=k>c#&K5^(&=vPiqS0?iqTA1nYzF|2&r;WO53I9Ym1{w4T3oLy zt=HyWf_z=_2MR!y3ZCy={Qn9y=q$jJ1D8DSjCfwlECdafASkz++TyaNZ-nk!(W%o_ zz%iJnon%V~HNrO#uM>Cy+m(vQ6Po>x%sjvZJu6+ClK>mD*@aWP1^-2y$U82cUUOsr z2yLnxAaqgy94qYA`&WhEBL@WS${VHy*uTV!iUh>lGAc(;mjz5(K4xJ54$kh^HgMQv z4&8<`$}!46FgrOJ_w^W&AGtX0>sFwC16coCHr_bgUmN2K#Oo2qpWO8FBY|tN`2>*F zy^%kkpC0zEX7#C7z8nAtQ_xx;j+;%lc?Xh!>H=qR7XZMS05}QHP%MD|OXUHtD&K=k z{KG*g0c(m=agEe80#uHph5la+i$Hl`?dvxrT7RD-RB(GWjb6rfP7mPNmFfm)f4mA% z!5OmGCv~xcCI{M{mA(9+JLv+Bv^tPgwzYcDFurhPd7fy!Yi{f!h4oj`RsuHPUN&5h zw(z_$&5f8mY};w2-8Rf*PYA`6Ans&OXU~Q3utS`zeO5}e9+*P+QKwIHBcg6+B{^-7 zr7HGu68uY|j`_NAdhPkv%NoW7Iq6xH)rhS(#=TbbB~qF@oocum%F>gRh>DAkdo^3* zaa>WvWDrIiylZ7KbL?l}@Zer!>oLVR(BJJp24o*icauMyXp69xn@dkVYIRuW41}{@+Z1HYt5=$Dbto6gN9EOp4w*+& z@CFoC3w)@KOcN3ITrf9v(@d@lQ+CKjOk%#Ma-dE7t6!wYTbN|7S9&+IEa(`zu2@)J#GPWU_nHmMyzkyx{QnV>5A0Z#s^DmOg64vrU z`TfyuD0&*QWGRc^w>5oug;iSZ-qhOG<)(8AxAVG-aETAcXtUKF)%QTa@edq2diPm| znW;xE2PYx$2ZF33k33^^k+vy0pfZ;1=&zK3y>JgF`0%IG@iX}6EgZkd6;Dt>AuZ!d zw@baErg?Ov>SI9!%)2_JI~1?9p^)Mma#9tXNDPr?Pc%QV#C^P7#k;8i^w4mnmr=OV zWqdm>E!A4{6P;vk%>tbb-<&5Ni}@q|p#qU*5=F~$00LWMj@x6-D2}8e_gt6c1|bey z1!2xi_$fdGg{0;oTT=Erq_b=nceKF4{5NPuY`k;Q1f9KG$s5;pE$Ipr`o%6D7v$Bl zq>Vkwam430$8`z8118SHZR$T#z6v|+lzj_-r{wC%TI(p_#w1-;S(UuMGnV(JnrKi2 z$Gc`b$h0SCU^Lp|p%`m+{7|`}oGQBD%e{+r)(&D*6lQrJCc@NBFX50O)8rcA$zxq@ zNHN>OZof9oeo4CgHl>E*ZkyhMPyXs{m7_YyI=ivjP3N0%iziP#V-CBeWM&#;|97wQ z?b|n?vi!TOKf!&^C&Nuh1H;hKS^LfbAjQR$xW;y;(=#Ac`SLu7# z_CC!>nx};*(o8+)14UY&n#e_zdxnm&^R)t#BA83Dt5)>4z17=6FgH%h7imI9U*PkG zEDN%Aywss@%LX*@VsO9fa{$p+-50&&y&*BqtpK*c+y8kqgoB^KMldtJlv^>2y>$=6 zX88Vm^^KF9r4nU%cD+JTCJ1#bTg*61o$F%`kK)G~f$Xhvc8~0{!-xk}6f*n8uh(K> z;XL;xWAP*#q}+4XQxEfP6$8IsQQQm zDSe~ODz?WxYh>=DuX7?oL10SPlq zrz&14^RN0sH98(+HtT&hm=+$=B%`0#L+kFZS&e>n@gKZiDft$8lzKacoXmXzjcH#W+r-M&RN} z0h+C5Iew@U2}>uzLfvSMJ9#^M(wnmS(Db88x3_^zwtsGJ`Z*wg5w4iNXK`iest;AkGa448AACEj+TtX>ks5#P+lvL86#L9RbKT7|Z<1aGV~hT> z)!fv6IV2cE`b%ePnd8aSTA}qAV|5>1#|K-M<8|9wr#>)VuWk;UcYlH%7`Q9M=JtA5 zt?eNOcp}}%>fwL@ST*Y}$Jt2JNzwYn6{73%)goB`75?&DBtk-(ZydpTN)x*pAO_kL z*`{_m^E>u^J!a7H_o%pmwsAT?$}txx**a^(NWVGqXAB)K!zUGG_Sj+M0X0FrD|Z<; z6fOsalQhzTswT9AiMF|v9JW1;_0~1Vus5I*nq;ha3_z5P^N8eyw6RN|AHj z$j2^X25u|vTAI3;0?TOg=27l+Spq5_qYlN8JCdn6Nj?tvyPqe>=}a+}O215}#WZ`f z5>Is#MPg;jYi?!xl)5vI?id_A%Bh@VeSS|Fk&9C_6%NXo;qp&B%d;6RoBXG$ESrhDx&`wt3wp_mWGk8o&I8fBk$anFthmsVfVJSeKQ7?a``JC z$Zu>+3Mxb1F^mGkbh%>Dboso+Zo!74*ed%=+LcQBn=f;%_5RMWMfX!PqLe#MZiPNVy+Q*uKu!#3pVj3Rts_-C|9!UBo`6~mm_14^o z+6EHg&f+|uk4wG#xuwbZ(o=JZTQpcKEEYtC>0X9!ZMD%(CKXg`$7|ZUeoMQFAX=fM zTMgc#pEc1N9zIQ6C=@HEncH4DtcT=sHfRtUN%_>$_to+rtESB1*|sZLZ^W#I#*6sQ zlpU(vE4fWoz^1E~KdtPuzduq~Bs)KYetA%J83|fcC_}*-}L0?u>Q3e=bLd>ueSGC`aa%U)<~0cu$Q<8`{$nr^&#`x6YR^} zqkW6@uk<%J7Jhy;xn!cao-A9bTWRC)`C!$8SzQwcoN@7gkZZ##@I-7M#ARG}U~U z)jiJ7{4x}kj>aPVZBi*v4on#3hB93?xdMxIam`m4x( zfV%9aODQ7`YfVU=j4h}(WK#yyE1>lI$3Ak^o$czTDf*^j)oKC32ec;~Dbz>u94*U% zRBZcRF_VzEC!cO>qB*7fX(CXLFv>Lk$%pLYu!Vg3zCG;|emTp8#m@ABVP=2W{2nTfVg@FMd+q9cBzih_T!KwpS>XYPK zQ-y?l?t3O~gPNwAdNp_ToYtgBW{b!RtNL*9@n3SXYwUdzX}j1~`$|v@XS#dH8QZtn z9bDsNPb9$*d#${ycND)V3R##;!i9?xXfaYDQqEw`vL(BH8M7|6 zajn?itwS6*ihcX$Ar<5Yen@S#4$ll^I)s1AbU0m9HebFX+7o}s%Gt=cyyYz=9hKMp z#wlRtGcqsf+e(UAiW-Oapi5y9{0AYJhbuJ$gMMKzE71V(O;I#jCeqJ^dcn=pm04R@7} zX1D?W&At{^DgQ1JjQk!~VaM(?_&I(?M*3TqWUn;s56yLaY1sS|YGb@=5Embyj`R9w zHtOrt5Frf?qP8pC(_Wur($eW?Qd9^8sktbRT{#Zpy^CiV z=%n0lX^h_)MQ)a)vG;Tnug}5?HebNO*h!Qily~u^5{M1#8Yc;mYQOK{B577jNnpnQThV#^>OKsrGG?dBDaRZA767($@hSU>Y2Jw9J5q-RKeSbPmg<9}pnD4~mfP~BpfAdlUOdX!S9IE>!tT=ZlWY=6 z2W8;Ep&->}%ud^4>SBPA7;p2=Nw^2VLBFTIh6EYAkxS(D!NKYV`||85mGSDO0I^Xt@^BJ2+&Mf3@#d z6JR!OkIiL^J&yUBW5jHS^YRM)Ci<*$U@t*T$78Dp|8a*$zliNtb)vyn{w&iSx=A9x z-VQ_sae>b;WawVrg@W14X-{*GpAS6mOPWvsG#zET)LyEkF7Q2JhoiNpCb_XO+qb2Z zn5T`Xrtk~y8rgzSxu;37ZDC#F`o{m7dI8_3etm|m(~Ultvi3{SF~aIueTcTK^Bb$S z4c|a8*~YtE&!NSME!)dSm&L8FO}O$)T67pWC=JZ;fGU)FR8YZbV&!eq7ZTxIak zR6Jwan?ER)?|9^S?m$;?fMzd*_JDG+LeTzh-kzSt&!jA zO!etdu$QQgDy~(_vO0z73-3Z^W`=Hu*A1FHYjiCA{vgX_HH9UNN!Z-&ey&LY8H4t& zqiet@O(5&c{*#7Bl?c)VpC^i-{?@X23)?gHPqVriiMVR6xsDuFNot{&Ox#9lw0D&N zwKLkY#w{O(>BWvrg1JiuIb?gB_8bB*-r=buxi4$yZ0^8#n{7s>v3%pun^#{SXW{C2 zo%5ROt23l$aN8g=5xIbb9qU9JKXe_SzjSWJhJ7Lewi)ulT`JTNoC5(rf@K$utQ9lir_tZK8 z^DZI>y+B0rSKQnV!3( zKU=9m-^SK1gmvxgg~^=}s5J0lEo4;LTjfYGkkcI8wGBwL;j7TyJ|5~kKdy)B*v?At z82M@Xn4RQUefujNxN8b30PG#f00CU1J_iPkhr!F~7ZC_|S>G|+6TcC7`LqnAgdfK{lJ=_%Zy0W{qA3kK7pWiKWZuXB zvb#A+>9&-Po2oDTcJ+Eu^DQHBu{SJ*I+zA%*F^prd$?gNCoEu;J4>Hn?~|8uP{5TI zHmz4}yENBSo*-O86gnaxT-AgEohHmIy|N z?Iu9VDIjrNvC2ua+x=$Nu?{pon*N_ttG$9{Y?jTM4kOMbP$r*PM8&fDlF2pFEgqUg zCeagNnO(}7apYLpJ$=y|q4dc$opPDg7tcqp=psa8&QhO}Wa}#>8zo>)i=6#2!Wq3O zy<0s_aIxB*2wJ|&n0S7E`9!!@ZRxhZ>%1*!o4~7VHP&(aJ{IB2AV045NfWT-RUmiS z0Cdoxzxoh;)qeVp8cKpsJVm>M7!+#p;|y-(R>gKCXU~}OUGB;>`cIPk^*HYd!OII% z1ugwg`}WsdkOihc2v_0Fo%rr(V7R*d`x?d{Ymqe6DDSBk0r8Q|npDZK=;gr}@wmE5 zZk!`bg2ZpZyx)eE&PgxIU2|@f8%tDdz7bkha8MupDznPB^a-142Fp!0iy@gE8YXZC zpgHQc@LZ7d8YIal&54f`$%$Aui4;si6Ejh?b<0CdR&w;J8j^RktSuIWn>=?&Xmcj7 z6)aTCO1(uyIG9*gPEj16*;FqCv+%Ggcg8M$0R*S~9HhR#Z|t-m%|nJwrav0(g17|O zcwLu>sCS(%;^?r$HKZ<^xTAJlP8h`(F-e8Rb&V+o?zcD#t-4{QDjEDDkzJ_=n^Dn& zec}n*4AwJkKnV_@(RhI@@tIAl`fBTxC^u2OD5ILs_~jJVU+OINi+9o~q*fP?Qh3DvekfO;ng|Bcmw3i1F$<4|`SK{^C`$(UXg{ zO1~cT%`{!bHqR({xaG0BK8gRG=>p>90cKkzbgw5^MK8UaFetAzgTXRT#50^bN5kCQ zM$UFttYsby;b(nnE(|O`NV()2Y(ONSpWWuoZ&X`EuWHh6h$I&E_t<^^LmeQP!n&M+ zQ6Q(Zw(u;^tjLDDjNVm|x`Aq1A1{4?SEUyb&bWWh+$?pIX*H^&3E|yGJ4yyB-}$EF zsA038u%tG`s+H^wov}r9+Rh-9xpG{WRZVFeUB+hXrjG@@HcIuW3syBp1!3Q~2pE#q z8*8~FET?O~kT@uDUJdTE*|P6sip7SV+TN|x241v%mrJy;bvh{_71yrHmPR-|c3Ig$ zF~TE`*fE`dS-c`Exnn5yneTgtV?_PsP!EkWh|Y^DZXld$;3G1hMkFHWQ$G9I_O?O4 zooVZhm0qy}ttV}ensg)G4OIGayS6ybXW;c^v63x1NYOaAd8S0Y zgLd=zM1N*=%ZJ8CQPbWTMavi6>Yz724^*OW!JOdW&Q6n!EMVO$ev>X|++UfxAAYXk zc-K&yOv|%;I-uM@yHU8g%?wg1_DFM379GtMzn%SQIa?o&VARNIWpkx; zv~zLS)f|Y53eZK{h%kVOKGm*<5k$sE!;vRpBIhOJ4-H=Ui7Govw)({G^3*p%u9a(C z&t27nyV$DeUO!a1(b*xA*Xu-W(r}4RmZr*+;p)lIiH@#4c!I!;MI;(j<`t$?>JH<% zd_x)InloFqM74ZuW}9if=XqCq05B76B`Bt;^`>h@*}7R?V~2FNw0SRPBeIZ6)?}+_ z&`D$pWrub}$A!6CYhKta<3we~ODiR-8ySvjS)NY8tg7jsfJh!GbYnO2iz|Z0*ZCjF{aH2n|6_Wz9w!SC4y{T027|%~!hz65}uX{K5%Hc?W^6DJO@vCPg98^*cP(fAjqH7le(YTq2;p;@U2s+8M-) z!-dpPg$g%Yc~B5a-^Z>RndC_>dcOM_wlF;^opK<5-YWVx3`~41(UzI;IiB%v8lrzG zO7LkAWLfyMldP$;ESpz-R>8w4taPeJ&+4h?gI0!6W*%8la1qwK_puV}Z@sN50FEwY z_2VqV&)!`b%XZ@w*vjwOaj8E2Wf`#0QCvfqWIz~XqW_S=Qb?hd56R!1{7+My3JZZZ zsRBJO=HPmY?;kN4|HE%HA&6oETOtkYznS{*m+XLxh5iU3U~GMaiThWLn>+hgo^gZb zfBU~$m4Sj(4~9_Z{bBIBvbRqp_J8S)|0O5kNn!qvpz!WP0OUQmXm~gu$oK!hfCUPN ze_{0h2OUxcLh2$SSI^r;_?)&2AQts+x+Lb1|7{~u{zEVLi#Pvl&VxidLzjU`D@fe5+ zO~Vh>=O-J!iRO#E%sO~wWWUS#7hxr_hUBwOJp9Ao`p5nBe^SA0s6pxTQoWgP*43HP z*JfOEN&2EE+1Rq{K?7)?A2c~+0m8MUoRVWsMaq44J9^70q>YR@ zc~I3)mg)+5c!wqCB@uM7WQU!_vAcR%?TV`1T|vFd)XK*{P+xYLf32ZYMw>y5Aes=8 z17l!QqEzU*vQ%eG)Bh-p{$JDoW+mcUqV$n{gA?PZSj?1-_U+lss+74co-Q~dR%EeV zbg_Njk!=-aF7G&8)AcySm9D(x8|J!;;OeC``%5pZ7^pm=z2dD4G9O10#FWt~p2oVj zQb6U1N$hU9Gfn{{>Vv5YFw_`;yQ98t`S-Z+AEV{+(#)ZFI}JGC5S@ z%7f8%cnuj*f2iAZ9le(2=}j-j-UV-2tAO@ftkoeJ1hUVlh69}5In5RsF^i*_4a%Gk zX$RCT^5L9(4A`WGFi7s7-1)U&d(8Q1^8fQB(kMV$0-dlp5(b|sFHPNLr$z$8j6f~Y zOONx@hep%Z;6FZj(gNG@P>T7C(FhH@&DSCjLo2BNw|e)fd?krG9@N35G3AV*Nq3 z`*rkmfFEPpU47&#Iq0W(puB0gFd3a}^>ovu@Wv23wP>w?b*W)cyM*%1G*vpEby;h$ z)Vty=?G)(aY6y<3`xUELrf4XydS*nL!ZyRkjIiMJ*38Nr1e7{2wfXgH?Z~36gzUCM zBalm)sVCtjg6*#boBUZk`l6yW+^A==l>60n0Ko%yuMvy3xz! zBPC|_+Q}>~an92OQxyi%%|AnOCx`70TYcp^&QqFa40rS$%4vM3ueajFWLzGj2Z-( z0cCT96QX#vxM+M28exC5$uAFCvxH-^W}TE5rFK1kVVX7TTj~!!AAiYw*|&nW``dfJ zibDoflVGH@zZ5!ll6%;HSXhv~hXDqpJisz7_bnUS{NxPK=njvI_2&}93-8(v`uKH1 zQYeB-`1hoT1czwarqtO{lm;NK2Bp5aF(XH%@WX}X$vXPJ`Q*cb22e-o!s26lokgB z_1a;pAR{UD#m~^D>L=(HLvN!pPedw!+Bj=PNA$+$W;sM}aI}77yfpS7S0C=+mu`e= zl}U1+af9%gTYZ739ICQ~Q#h_lCJ8i8x13I1PPfmRK2D8u3lNv$)U}mMSS8ixFNb54 zs*bQPv%Y&)P8ABOgpAf5v1Jo6SMjzAPkdg!oaD`}L%fdvP!DbXwtpzmr4*#TDBv>x z9i!ht{e+c?UdPBkQBRq|Ih`FV#USFZOoox~M*Uz$75vWYThgDcL&aWGj;XH=*~6Ob z-!;?wY5C*IVvOid`!92mILIvOXZHH5z!OJ<(lnBHU3BiSta~*ktiUFTb$3q=*|hr6 zddqQ`CdSV6;^hr7E@hy|$2E}g3nO6~+Fs?aXB(47=s{YEKeORx7c z2TL959TWOyc69e_ow7SqR))gQwd1^~*!Dl3R3Ifr{(7=V^JKdFbM6}Ge3|>DXb7it z^RK0Er$c5h9Sp{?OUR^c)}251@4SN={u{D7>Wkx=X>bTC_xZJBL^~1Luav#P#A~xG zMwWHB$|hxtBmYaxjx12J)YI))#|3SyQ)n2rYHo=OE1-{-s6S!x!-zX9VEH?v*nOln zx%)BBnjG+wTF`5=H0y2I=o12u9z&rU^49Hqn&B^FybVI8vH%u4#`0Rp<(9>*xznyygFoUsAFH#a=|Ee?z2Uv<6l-^GE3 z0%PYF()&ccocw|Rij(^L9swYnD|rc}IM%qez9{TZ_W@BEWNV9=k$L`3u|6`Do!z(# zmW2SNw<7AD)pWrTKZf@o;K#uW8x1Je>|KmSp3+}UsY2=IG3o5n%>AjN$JteU9!r_n zM?e{dP1b?ogSMlsK>0duvJW2I~S|1CeUQJ+f=dl#gjc)n{1R?Ps4xw~w1?CD{5#|be$Up_ln_duQREsTPkYc*u_m!Z+ zBZ>NhJkZt}>*3GhHNKF$vAOr1sWJvl>sy^WEsX93M#t_|r*u?JoWzSBy51gH&*RDBv7e`S zMgp8uY?k~(6NB`gJ?dTGDMA}=N1eAc{QF4QA94$bc39eF`iHs+`3!}~&EH-jhI}Ze zT8jfJJx=^=_&p1De&sXD{ILf7jz!D_jM%w{P@-m!>0wxwxZma-&+VqGA-NZR#K{3l z_{l+>Q~~z;rgoy^Tt>d9h}d-Tot+&O*8ITT@ozRaOiyVE^e;au*AtMsV}#F3Aw<;u zubGf`8Vvj@1P|yHVRMx{ZgN*~y;|7V%PxA2|Axt1J-uwxW0Fae6PvodGIfz<==qrD zo9=8BPA7P}xxt4`s6t|zT(EvMe0Ex>|GamkA`Vk(^Y}sQ`@@09g07d}oMgOSEmx_= zjh?a}Th{BZ4mQ@XPcaJHyQ&T9-aO}ujn2@z+>E}uxNq2PFCjua^z>k_h~-xvVS55a zaozZe%-Rlr` zWVamk)X$=`$%{x_%-nrA*)Nwi!D=qYF(3yctjhb-5DY66I_l4EJz>VX^9&=pL#_5jgPhD&SHI5OEw-E}c=$Os5? z!=?3pi(VEsZMfAIm`#9H<9{v*4{>(IcEBB5>sn;h&P*=D2G}x zbkhR^!!gxLjDX4<_Sn4*8!c#$H?}7q9#F=Wa>$xUqa_fc29Lb}bW?LWV#Chv6#9JU}k0zIF$8zEhWz?w%q8?$;mf=Q~wJ?7eK* zA9RAY!GW$1*F)_GC%WqC7aQDbD{W2ysfGSGh9Yp+C6Ok+q?w73qbZ$G&z_6blOlbm z$<5Z3u!1HaHgK5K(^;2X;PsG{msdq(M4-P&kiRAJbd`gwg24WXfrY2teW$j4zp6?- z9N^5ksza;~JfnH;6r3#6KBKf_B+jYOl+))CVD*Rrr%(DJtiHm9q%bFSH>cQja|pvs z*O*UVU+wdO(yQ0uw22abhC@H0$gJeTrv^Wb+Qch>E=xK zkyFX#!xlZE$DmUh(vWow>~>)ns^H{p+kVq;jO<1_)OoA0NPQau38m}g6a}(Am=B)( zR8#BobF+NqOtquZuwR9_ui*6<8KnSTOPey9ca!fL_0YkO-se4(>^`qr<{xt8%go32 z=PB8Dlgb1G>khIyX z`pvvFrojQ2-=3NeFjBx6)He^Z*S8}2vao!@=id_L5&B=oBA&wZa_#-jWu&%q+r7X= z^zt}@*fhXCE}zJ*`-D}^r9w<~g_JjaNVws5Z*Qmj!pQ#x8b0Yna>v?fJ$nJK#)mF{ z-Gmu*keO=u6qTwFU=)?CfEI{FM)1I5-;=p0EN5tJHPeBHFIBcXTy&Zksa^ns92i4G z6fmidS`%7%j3mY&l=0a@F&fMG`A=X;MOIPvU3MA=+r()4O+1QZ-Mn8_RD~wn#NL^Q z*`KQkAMk`ABs$=;e*e_etrer10BC>TaTp0f@w;}>)^h99CUCwCo&bPE5i=yQM3~QC z&f8>*#o0AYb@%f}cL!oV)3ppI2@?@Wjn>B!CNx&e42zxIhG@2! zKjuC;t(rv1!@G?azY-mze7Vox15_Rce>?a6jI` z1yhk6T~Bg7?GOrPrwc+MWJ6zC>GdV|#;;lzcEim<7cM?8FmD2ne1kkR1MUQlFIjCd z#*b6YE9o<`%f$~SxVEBZe51k7MtbXSRP~;G`fZ?s)dIj(5hbS||6JaPvb z&%ccd{CYfYR=lr_!(ah0^1y_34AkmgSioMW%UPmTg#E{cmrfBw|CBsfz_%^zyyIKc z4`;=;+|Sd<$LkXQ z5InmZ+cOfaol~qmqPA?r?r2=T3`uen$Ar^?u@uF0_ZPYxvE5=3DfX{72FBtxd;Hq< zr)37?%vK{bo57Jo3q^-NUS!F_b!MQ2MA4i(27-j2AC7r-FiO_mHqiJz!Sd$`Z*!r& zk;EGkf`5Rx%E%fMd_yo+ps<-@U|H#P|Q2;4|$>^@rlfqMAmw60v=tV~->aFx?>EIV_jni7QF| zldE!!B+lbr!6O})UK znzP!#b4Z9N-^vSEU@^5`^J%ed0bK(AV_a3 zEwmhtSP)#7%`0(o#=jcb41ObFiG_RQ4mK%q9TF(^_ z6q9|H{4T{X^&WIbq|6^;xh{U&$|(-Yo$w-{d;7DRb_4wY>^%I|-TX5VgBHOU-jia! zZg!7sR^9gSy1o_NrYxt}@lh~;?e?1Ly?l?vYn+Y88-@2JUzGmSj?|hX`4@5VdqL%C zOUp))hq>W}?@Gg$?^B}t|7;MwISuhO?BrwLdjs;Tf=x=TMN`{^Vd=Fp5hFh$0cSS&XNpqbpjsltV$W%++0V~Oms4Y zmXAXzEp_Lm)wIAhx9F*%RL#KNa^$V9Lr-HG(P$bBRVN#izDiZ_M78k`vq}KqFQdn00y|u97$cm+y*c^s#8c z-PP!f9IM2y8Y8rEisg8wLIBUbm()qwVd3t$r%f8mW{K|-R<4%^BP@U-?eP~m@iIp0Lt zVwIdCl92_tP9wX2{sd!DD*zp4(gHUGog1jwxbNmk>! z@F;gj%WE4Eo*~Mi-McwtVyGBr4QtDpA`5VM0 zVo+<{GOzK1w81&I*77l_5vCJCshY~fV52kS4}q1AjjtgRk=N9!UoF|soigJrK9!0% zse#8o4CN^xFwK?%{s1?HPJGZ)WD)lOwWV@?zfjrSCW)9!a5jpfY21M5DysMK9=FE1 zr6AMQ#l@d1R?BO|#L*msD&>zRCwFqg`?a|9-nc-yu&``ED{7SexB~_JDxlrl-nxkM z*uCI0jF>~Dv&l*eYDnuK8$6oS{K^~dihP1yVL{q^x-ipDjF$O(8EC6GcZ4eOpO_5K z9&le^hPd#`r6QUO#$4rl_MFM*Rpvf5lPjdW#QSHqpYzrNF^y{=El58bY(qwLX zbCum~Z9IF!0kRqD&-y>Q`F=bj^!PYrTqQcP_T=J5I?+IcbEfn7uFLU2v*Y5uXf!HL zwQk&|ST#6N;PUo*I!jO^);_vRXKl~7<1R&TvqvKP*fQSmvi#Hpz|T(wEyyGPqJqz% zxl&pb*Ggdjyd$9FA@=3<`BIJ_k9BYi7c+TmFmYNU z?=iP;PTn^E&ST+0Ho2AK$U1`ivfD54#^?8PJ8_592MSbaD25&hqvb^8R^+*OUM^dX z^k!_*Im$e)x$zzsXi&Uv%V)vY!z&GiUCi&_Dc9t5N!H{>oC?X1Tdjx1oBrU(s;?e5 zTCD12w8D#jLeDc_IaKo0Gk`}H@8N}k$=s2TUOdsTJtHsP8)iD2F6-G>8^FC9J=iVv5^E)-!XTtW(+Q{KM!7}yVqBw1VM^T_Oaz4 z6+nw{Ad)codTMC1)S!A6Cu^R)3^QzTGm^771fo^xJ9yh(Ue@p___xJw_H&!Re9*w8=TfR9j1p^jyJ%&m8*V6w*jQMoHArlA0; zq00;L29z_XD3+M!?#5F@zZvrA&AUv^5f+OvAMuzDKQgVzmNv<-RU|VySc8Bu`Pwzx z?gfL~jpwc&J0dZ3;yP)r{B@4Op9=glsAAN)&*yMP?bye)Q-c=o!A5a)-|&eqhI{wp zCqLH@6Q33fq&vCvC{fDv*FIS;kX>E=R<4dts@GRaHp?Qp@Q0fVKnrllTsRmYUR-`-J?IkjjgHF6nGur)3c8|1R4>*)kU zSmBusaz7j^_fX5>LP#5BUWtNI<(b*@c+w9;%*o;jKBNJQqz15n%~*DkmH2FwYkFx0 z<9RGn^I2G*&TX$J601o2UihomI$r0BVVAEp{ir)ur*(5Q?MJRA<^`YCl6TQ->Y)qu zrEnZ+aa843f*!z~J>R=8IZk^~fTOb^xRoWFwqqr29ICW)*xrdzC7!#KwA9)R`WPEt z-S0uZHzEvLs|J)ymxFlQrZnZ65N4?MjLLLU2`SMZGN7oxq)F? ztS}sZmZ8=I_ano+^aEw8X(@?o`3ul(SWfUM1_38(-KCn*ed%S=j@n>TmonA25p*EC zLOQ&#uCb2tY&Ru2V%cgPaU&OUJZ;(~-{7@tc*7-mZkcrHXPT75ZkBv(vy1liZU&=d zwSjoajR`TbaWh4O+^<_>(=*j(RH{)v$*`AZMLC|hfm}ImnRzE=1UKy#MYH~_XXPkp z)rl7jiVGuR1u8|^leII&G-+ykH*mU{11ugk9~7`3*3_7pxN~xT8{bt+)cb1sFo&m- zohrcyewi+gke)=Z)~zuqE(H>;;Qq;>n%G5uT2g_+%TE-Qp>0FqiCna5+O2_|)BY&j zi2YI8g-)i6CPyD$|E?DD5vZrDbJ^BXqi`+3rPrd*?!m7`Vk-N{eTR})T z$i+b!+Lis`W}3}>Ehq%+Ja#iNpnK%or)zzzi)EyEaKWiCIK0HXzTWoz*q!a1JwkO& zz$j_2Oz7~m|5X;n&^(vW&MqA~zR@_NKn{n#XrKryVeR`?*fLHSZbd;viZVRl#jyY> zDv^Fb_PBH0M8~p~{o!IeD=5CZRj{d5urcEKamJ#Ck>cxzH7NET;CI#OpO|*S)-hf% zbSI(2AZfeaO#kq@ol4|wq=hQ{Fv?J+)izzcEHyP@}_e>@OS-HOsS z#|uEPrmd?vD}nM%uHC9(1ci)djz~t7YybnwAWLggVC9D=l-Ewm`_!bNJ>@GHy!J5L zAFF+r5_E2(%7UDuxPf95*5LZu_8ZjEF_JON<>Irs&xq}YX}+|~CYn~UU4n54J$tiV zK#JFI1_xC07+6e4a97py%MQVyc%YuM7aY&6!7>7Cwev3=V^=tTT^tr6Y;m>@Z1JBP zH4HUPhY0xQx>h-=QB;k{S1V1v-`h+fR%xUgyw=urG8a=f*I66x%skn^ThRp-!DEIX zTx^*DeMsjN;CTU+2i zL@X$9EJ&Z%{FLD5xnFl*X;7-49P0bUrv1YfZ;u-~Cy9(9DFib)Gg;b&Olc>*R{;{u z$F;rpWO@gr9%0yAG5K_sB^TV7N19r%CylO!IgJ20%V`r5b&%=%_hdjYtyw0X6Ui*J zKQ^XYYYS9sr6omW=l(7Br_s&hkW}?Hg(z0G<_pUO%9Hp-$l

    m2aeewSICK+Ous1 z$RqGVM#lUkwX7W#+M{$yV(D!xbx&xdUGYW(dAnRu&5zTjJ;lm_6Uj$C=3a+tQ&dcp zNJv13GFeyhpF6sn>phZfDz3`I9iLA&zc;F)jF*35*RGECQU`$@KUn*A0Z^?eFz&+J zwQD#6b>qy^4DQr*6s7vHCz$_EsKh`(#8`n3#%d}_*FP00xRF@b2aGUTk%AzutyXfh9#}*zyMkIlq+5vAX&=z?=F^2$h~WVH z{IsVw>M%x>SX(WyHsrJVH**GK8!KJC*R9NU10C!6uStZ4uVmGye=rD~`fxvcO`R|z zrhc?w?(dlPU>+Rp*fno(aUlXnUIH6`4_oQFPO6=7^@v7{p*^;|`*AXiM2$!*X5^X( zZREQ60*l5!$Dra!e5KW|>2pwKKvub|r5e!psDGf#WNo$@4;YxU-b%kg3)=iVP=a_8 z*uLt^!EFEwfRmXIfv-Rx#azGuF@GL8%4*TkW+ zI;!{qg#O|O`k2h)07c#meveD1W?i^ZInN7T3Al8Dx$#ulAich_Od+Q8DRI;JGY(~! zx!8<$bO+fP#ZQ;HXj>*ZD(p48=<~tFi?1GxjJV7yhL#hAX{RW4nd4UmcJOF5Z|w&M z$`c@QwnKIVUq4Vx+QVj|^#E5)>GB{-h!n1(eZo$J~^(b{7AG%cGpX8;b$ocKH2Az9! zePMZ_vHH)cp=R>5Db+zr4lC3BVt0-8wZs^c(CdxS7gC`h!Z5R!yf&+^t~@_&0kSZN zY?Ymh2;KWlI7WI0$DASBHrEwQ?a1{fQ@&JxZp*Q*Vn`}o1v58A6f}oF3|pg_-xT5p z#^HIZY2&K@>E&Mez*nN1Bkf)EGZXXo@Xm0&J6h{Is~?PT!e z61HBHSbYh{)I(H!eh}z1xQqo4sO8K%M)~Vc{PFuMNiIA<*ScEcG80WY+n>lV0ykb1 z7j999_I(CYF;)IxhpB0cVesO?z1HMqGnYcQZ+o4#I&Kfp)O35vS8VZsIS>V4`Fk{K z5T7-2766-p)mx-=CW)oR7pcpa=y6-4uM=(CBjM`SChzKYI3CYaFZv<&)3fCV=tYFs z^QZ&4rMgxfaNQEUu5(nl#ZeuOkCkqjDdG&nP_>ca4V7;Qzx za?OuY{Ip9v75%kN8o?Jh7u&2$gd^d>R8Cj(!lN%uZC4s3ejr1Ys^zjX@8YI8I$b;% z^NdPNMa_Fr*W!fB0wyOfH?4ab?{-J2o?`sT)PKBA5XY0Jdp~ zW1dVC4A(1}{dP0X>c&YL6hI?m-2Xv>zPrke#PeH34{k4WiT0@5cJE~H_ zQK>?=g&$ZBgAJ&gnfbhQFtoS`0$GhN!7TO28e!w{eWf%~v*a241VtBR7|xl#vuIp2 z4s&Hk;78{)`_!tump;nLu^SaA8$*tfw4b}(C_mSFu+}poXPR9qG^MJ};8n3YQLNjw zydW20scbjc&}sxv7kO;pYo_}PFxNJ1uNgRyuyPw0kQwP!tktYq^#xfM%Uk6=mks`h zq|z#fSc7LNe14Dx$9zV<3ty}p&3*rrL4En(VejjQm(Z_3eC_@n%h zIKoAZ%ruHuIn6)!e7ECJ*Eo zRVhp1>u##v1C}2MdViJ+%rCe#8&4*Ex;s{a^M8pVfSc#1L9NjIpz6mEP$m$}LhmQY z7opp;cWt<2XlhNuDU1FEXi8Rkb!PbX*-uEAS`Kokul83S7v}xr?o(JfeW-9kc z&2)<>DThJjZn7d3sI8nVvmWy%!)hln03FR+<_Vr737f_P;@~Eu3;E0}c77oKgwLg( zd+S0jtW@Aw^U*;XLAO?y0g&x9d>SucHvV8x96rNl8XHOgLkT%+^ZR?%_)eEFnt z$hTC>T3?;xI^Tx$at&49Bjf@F+%RW)MA!+UrRi34~=6yj?xt!p}nL_0g#0Y z6{ZBe&`PGlc|^u9Gl_5he;vG!XaTXYYASK~q0{+V`EAVX!8jtL$e_G%s{4k>bz_NY z)*0NKcBw(*qAqA}?j9J2aPD!kZSAOQMuADLrHeAnCLx>&))(%SKzSAI(sBlPhy5E5 zcZ+Kk9~k!VceA7)Ccp9;sh!v2{E_1dmkgSra->sBbEMm@UPqzzgLeDmpY8u;X?&qm zhxa0|CA7n0u=QNa859L8NdgW_mbhkW_2n_G&i^~ZbwBPVVQ zN&}{+$paePwC)7UacBKyz&q`W;KAJ#~zpvV!JKi!*Q0ZeB-}23W*}Q7-)p}5|)?3jpXlVawKblXV-TJ}l!J526@XQcgkIT>S;c(vHKN5kh zw#9^WI%tI-RNHKZb?7psYvmGAZ1s?B%l?$#uLYkoK8#vVjp=RVYO%zMPVyd|B*0e& zvXA-5Sf}dlX;AJUqaCwbDJFRXZ}s>M!^&47Ht~teFuN{vvTeboM?y4qzVXkkg15I{ zNly)aOjcv>*>vGtCZqLe%8wMh=XSG~J~q}yo0Mc&hjza#kscVu)2c!(V!Rl3Upvni z#9fbT3E3I&xUurNW6LymvuZ5&yI2jZst)u7)48BVG9jqgU->`$_MA<068+=Af}tsH zXZ=%dAEMXoXnJ5cmF)L&?56G;6nrt2IyX+K z4t|6g`%bj96y4x)Hv6sLU7d?>ZA)_Y0n?i^K@SEo>ipUNUwdB}l~vUID+ow;igb5L zBi$e&(%mTCDE&x^bcckrG)Q*|(%tzWT@Q^Qa1V;g`~SZm?zj8puJtU|-iLGM%=~6% z@7Xi^oI@)rmepA=_7d{Gam*e%{K}&dXHYUZeDo-X!m@)^XXp*?{&f*Xp#EFU1=z1C zlhu0O!hQ-&JPlq`pbu{(F6Bu$U{$C?J0UDkB)vc9>a7EfU29Xw%jg^0u1N%MqvU;H zPcu3BE~^A(KDV_zs>8|K)o0Wv6TR+*%GGYs$!mKKVXmM1h6|_-;`)|9gscLe3&wto z*7V`oAu?YoHPu4IgwU1JiWZd#X|n|`X0ra*YZU?w{3#+O923wYfBCp)t(7xLXh~2U0ImmlUVPQDjES#$3#J$)_(3XQnWuWAu?KcSq6oW~n6+W7Sw!>()@e=Ok@r z;&^ndNIkq*2dM}R@=krq+y)M1a7eBF0SE&(r0*xq&jQj;js z{&#(({k~PEMUvYL5@aKfMvmLV6RB{-bP%4!VP6wnnb^dxt7%jTm|T^dSu1HdbX=dMRch~YaW2GLSAAbY2@WqW zmKQN3Zdce6Uobuar&~c#iLn~Mr`GzQ$`(NEF*=)&MD)y zc{~o?IZt}Wm!1O+ygc*1Bb}J0WwV$PAgq$8rH;7sZQTej&Rw9O+GHJL1Z#qXK$l5F z4(xq@az!f-<-l+>L8WnSZ9ezJz3?5AN1ws^g6E0xex0|(Rq|(n72W371RJ=_jgC|5 zjoWG~A=9raD++&5fsLqb9}+NdOqEYw!lV(mUwjVb!8oW@XgkiPN^q-XirVC)cWk}# za;@qnrrB@eQRzD52BLg{x*ft_QNFM@6_9S$+V*h!Y=Mtk7(O?$W13u=`$8Ofbuw*( z(c{D0*B$;=nos4V8tF1%(?DBH36NY~4eX45Rre%i0U71oFAfrr#G~wOC%n%?Y#tNf zzA)(CZHgBpitiJgE2+#jL%H87Il^lrR_r46B=Rdx5117;OpmKkd3rw!6={_U{YGBq z^1g@28z=lV=@V~%V*jZ39)Sfamj`dHJj_@WHr4oKgAwQwc+PC**uM*t^1RMl8t~d# z{0Z;Uw5P+I6PoN#RZUooIRUMIjo5U)j%hblj;gd3t>QjR|z>AMKm5;#rS zlr=Juukm1v`)Pq2AhQ^DWrM>-9C7L&9R0A2a;o0(k)Gg)mF7{x^P#Gsfh2*46*T!s zmbI5}2)ELTIu|IaU_%pW3@zYnYK>7PJ?ZyeCRcK6TLd%?d)>H)=FK*VmHlMZCLh+! zV&Yw_N8!!1YVB_-fH!JnBN+p&tm-6Y%B+~w+l?kszPwq?k2iO-HAv0QRAO{upBqf? zE4p&lE?bYqYCTf^{xPPYyfey@Pf~Y}%UIP9=2@8f<5MA(kdN#o^MPC}IlWIl+NnY~ zO!wguf;Kx>6WsC>wR^m4MA5E^ic50!7DI^m^{beE_U#-dI!WM~{XCn-cg{bY1?kvE zyXqHB)+=5l3$EdQA0+nw7%Q2Q9^vfzG_&f0?P;nSeauf|bC%Y^ZPRN8-!!pC#V^e+ zoJ~rBL@Y!S?h%m8N~%W{W@`o-5%uw7`F;M#2*SGf^bab>$}(knWckHTC3Z!T(^MeA z%dMu9K$LYGXfZ))L)en0zUcKJj z-F>?cOLc*4rb2*clRQh8`AT(9%5mm&0pZJgt!P#rg!aH(GB(N*NcN`ntN1D>mu9AA z%Ozbz!IX!;mqL_w*9bMRBo(k;`bZvW)Z_;tUg!K+ksdPTdkdxu`>}%x{h@MOk%Jw6 zCY1Vd@4xTu$y1r0FW8Fo(irJ7n`WP86%xBB7`q;NrVWQJkL0q-8G2`05ek|4>KVJN zl0B*8_G2Au=lZz4gY7ZEX&9$?yZ%CjCW9f7dhA8!doAVzQoJERs`9%vGHFsTct1=J zaGhOtd6Uv!r9Zbv{!8J<<<>NT#fNQ4z2~}hkz9Ec^V{srRjvB4-^2D z8U`Pnru`z3&H}Fl*+kkZQ>TGVn<7*>4Z5TJHWWZZPwX4$x6ewGz6NgfNwU+=5V!#0 zVPN&2;|mDDD(Z}&2;EtaFC-*PA?^aIMB}Px*iS7eaCu^`XRi@kDc6^7LF!VDj zK#{pHmrrk&8)5{D77IOEIw2WL#;8O>zk!rqngbYg+#{%fyVJ29x^x|kM%A=^us$3v zApAqihAFMP{{_iGJ8i!2H8jt?Q$s{c3a=w%cJaCjO}pi@v44wC1tb^;vh!>EB;e4< zFo40pwb7P^{${C6e5rOlwLOMT#VB8HM~>uHY^fzpraQF%*Xg25=0cYQU%UmR)46Xo zi}IfF-5rERF#v@4L>ex?RhqttjxXrJ({xf~yIfqq_sLYTnILw`0v_-%e5q5=-9-Zk zz6-b>lHtUmT_oO5W@ymv1pBqhbd>S|4b~d>M%_VU(1Nw`ymh^5)@HObH7hF%YS5qP z_QX5ezrOWqZxXVq@H^rc5yC)fP%fUivmH%nF7TP*_+LFxqU+xp@T6Ns_1&={D(FVC za|_XM>T}3HqEMJT-oS||LKB6-cU0k?_@=@OCT+*zmPk3Sg8$grEg3s6!2Nie8#I5% zodDdl(DOJR_$hCMQ8);H4QjWip})Jm_fmSf+@E`E!_-lnv+_9F4x97d9lNb3cmm3* z8w}&Ulb>`A!ATWjXt$P-hPgv}r=p0K2Y|1e`ygW{|1n8Vk#q(S+B=T3PWUo~Kkz_d zLIBt6N=7QV9ixB!;C+Eljlr3(y(GH_B7nK#4Ix(5ABVj_@s<8XEIGqS?5}A{w}=3b z6+e8`{F@T+HxH%_K@fSMFbd53hcjTqE(;*R#iUy)=O0N+ZYL!Clv;fhEJCqAP9+R2 z0w4lIwha51+i0KorS_#hY9g<{>_!OR+c&!-IbmS!ng3&4hFtM`KPqMqu|}8 z!ap%sfp6EDhc%a(hu>l80|Uo(>rC!Hr{3P(lqVNhLI$=b4$>LnD*R(@-4C#9M^LQ) zA8JTt`W7T%aR3T(awF)!BK}7MUjsk@x$wZq z@-Kt`z`mWy$pLOLFxa5}f%_MFpn=SI>(>)*WtIQT=T~a>u8STC2oV$nY}o$~s(-rw zYhd{Y<}cF-k_N0oTwMM>$$RaGApmt>PCctX6Ets4z;RTbgFT=Uh#Sr8*)=#n_YHDhV zlk%5YIn;sDYfU{!C(Jx-8#SAm3 z^0R&%{AE+(?z(kpVyQTdsdOZm>*a^nPf^cHs(o2<9!?T-v2%N%42hHU7j4e~J2yz9?~g&p zIJY=GaYq!BoXuICKIFG(ABN!froKU8Fh5;roBiCs=*KHo{7#x(<93I&y!p$ehYs;J%9+IbfUr6BJ^>IZB z?_ju{;rW~@^1rks9^VQq)`cUv{+*z^b#`Ab1yX95wDFP@5#>0`%FVNk`~&!^t8#3H zRO`|JvXZq3#-@s*{YHn8X+H`5I#lv+K!|~pUZ&Jti|qjoy<}B(J~QWvs}BUhKzSyxdT$UbFEbHtGB+`S)R*v8>k@km5`*-f-*Pbrf z-fGmm!`lLM&Y~q8nnsjV-kQ(RFXkpkKyjnxK@k)Oz4`cT0?0Q*oyP-2XH&<1*>Pu{ z1c8bl?4^mB<&X0*vzI7-c#>Q!U5+JK8cxH^6lnoercAGO^ zl);xv+MLQh`OGZl^4S^o6g1hCld8J=O7eh`|J_YHwbfz`!Ht?)FdV1hlE*4mpb{51 z|3(6EEHa>}YseVY5bBjY0);nv}k2Gd)+z!$k6aS@$! zuIbti5+%0Ag(OJ9{jhY$NkYS}|Jr2!)3a+!S(hCrcCh|+U({()bXooPH^{Xw+;i%- zN2qq)Z8(VQJR_Oo_+CfyO{l4*FRev}_0HhAqhhZN<+Fbo|2D_yAcQuZ_tp&S{h&XR zxl)LmFN~3o4{pVJUdQHem|PQ@4iyVa$x3K4ly&{7cbu#1sr||*15wG{`sP;%am?#m zgW>UXWX(vQU%xgN$28iitQA$bV4gE<=T&XXQT-EeUmW)UDGP*0Ar>+)z{<-{GBPT$r<*wg)4-B+nl>TE)F- zb8xTL5Cu7@FGhsD=+dauN{J2G$^1HJUkwF@=26jkKt!I9H5kiKAHyD!#vArIk)jY( zjfXM?aoRKHoD1O-gF&gd#%!C&cgn1FE4-EfOr|wQ-lUh+SyVe!($c4$&tCLFJg;H zS82!?(wAOqi>pGTbTf&D%VG>9?_jU&T7!IM-`}*uy}SuO(7@36S!ax?N$x+cRaWZu zLqF2BaaeLO7;X%E_6J$WcaCyt)b1C)I`i8k3-kUW>H}lF-MUo>1@VI%F8rg$lte9S zu^gSylz1$a6NaF2`VwzDft+G1)~(bkOcqrma3%9t1;DYZ$`@ZCO1ZINKa; zUHkP%m`zuky(6@d5;Ll&PN3DOwL;;0Ey3fJr5-1-^F%fONiPnPZ#P3b-X^2P%lQ)t z{4-Ok*CZ3h9y2fHHW-ViL&3GY(&IA+GDt4gI=+dWS{?L9@Z7j&k55#-=1K#vrh|hS z?J0Fv#c*JM8UQAD-FfhNzkL0XtZU{99-33zi9Mni~lA+FVV` z>zlZ0z6kEQo&hXiR_2CM?U2z$%o4K7viQL{^b>1E;41zw>IdG6PUYdS%MN=dnQQIO zdvQJGP%aEu4x&77)KJCa+6Ai|kRwthNm61R%G{O1&Bw|jR+|rFy>NU%(AVoE%Ou+~ zROb1GN0_XGHg_qS2Hb-iSYs5!f=k5F@rj!BaZ#-B1ni#h#Qa9u7Gm|~3hMU+@VgPZ zv>^0vvVAyRpt*LVZ{75`#2nDL#Jcc;R`Em%CP8YDO*lD;2Uz@UPrcRF95SO8zIo8% zAQ6v#>z0Ec;H`Y~UbE6XfA9dy;r2ztP7eb=0V} z%_xKGTfNo4k=h527D!E30riJ*^okD*Uk9U|vuiF;3j%d#vI|!Iair6T?fj3hX)5_V z*o6W#afJ)ezI@tvE5_<{tSDZxq8;*aFEMKN<~2&dT&cXRRV!AT-5&f^iVzTZ3BX(6 z@+WN^4T^O>mn(FC>dLgM=onD#8u8Zs2m1B#KaGs|g7%o%&O zI}j@m-p3BcDh;E(EhmV$l> z?a#m@l5Q`P3pK%0YJAII+Y;sQ9KHreWNN#s6_UJ)1XG*L(428;r z6C;b<6#|3~Ua0XpDIDjgj2SQ_yLz;Eth>bjIh%@*?!k~SpuP`u_G`|Dnw^wWT8$l# z^SV_E=>>ythIhTDQJ2L?q`iq^Z~LwamEO>`M7e*1 zjw93eBG@L}CubE*WU$zt7=rpbrpN3l#pYVi=eN?x$q9=3JA0C#=LD@WB~j6S;!M?G zoWBaeNrLUO><3?;<}XHy-bB%=DKTBzIUAgPAC-uM z#MwWsJ<8Jfp;M&&!wnJj8h32cM!4U2w)DzEjI^M`De2?8SBr$f7tjdhiu*Aj_dNL*_t(=O-Kc9WKJ;Isn zqyVS#(0_0Tvms~+)>+m&<*$}_Nz8pA-x)Eh51U>oio-Z&)Ix8ERF6RXV8AIpb^RBr z+mx&omRKM=P^D{8Hx5=U8n|cxRy=uJh)4U1+Sqvad#~ z0rLq$&L4=AJJ-+J&-P@VKAH1}?UbC0OqVdj1`RS#8@|dR$Wp6vTfDj%=t?LF^8a8J zzjxCe7`^}0VDbXCoT}mJZ@6YAX35X}>^4SbZEKJ6K#Gc&xv`8;?+8zyh4*jYJTHu% z8&UMN3U9=nj0hhO zx=A3XExu8;l&NuTVLe`D*KE5$`JqPMFIJJ#;6RGWZNKD^5{34(?d0BMLjaS%kzURd zH4>d8am5j_Yp%s3(sNq-H!*v>3Uuc@b`T_lV`iw)y7iDv;R*eBy=t&T)%Edl7bJpg z?N~@;T0dYaR&f5U(>5N#fTbb!aK5Upd#|EMYbIZb*qIvd)N!Xu7T5098T%+04W}14 zlV$dT!pq?YW2g8O<*bNU>Vt7#N!3lDPKqvQExC?n7j#`Y+C{LW1)V#dzZr{RYzb&l z(AJ>lrz;vUf(xc4KQPC&h?DnsF2_o$`CMy+Qya3~Yu-b+7h0Zn{a7n5gXgmzzS3&y zOqeyix@dD&+KVtr_!pT4%(|G4mJPU$A}>EtrjY0 zXnd@aU4Db;zf=~bT`GJ>@X|_GaoW6JqAFA`_GH}7iBL3C$B8?`@Qm`>E_-%I`DXbN z1+&0Pr@vG|S=M0gM>$7AFa0;f4@FEPLUA<=#Qg65jO-(!SVp1Fp@yM2d=~Z(VGT-#(B#kw)-~6o>LcXyn*_00ZQ>3qlJA8Z+ir7 zO6E6p{%YMsU%n(^AIM>mQ#B1pv*3(c#hm0LmKYIGt7%PV9R5Hx8YoRhJ`?UVdXAF~ zN|h)euJ_bKE;11y^L3+4*Iv`H*4Ut&htW9#al@+iAyA!L@P>P-f*)`a&Q_RTb=EWL z-OmT{?86v|LZ*-FtfEsl`xTI0>Zk}1XD88SkhB&HpAN{GmiGhSqOh(qwXbjdPTi+z z4KFDYBHsz>Qh`w_d@O41h=RfXH6$Wqa!IRO8_A>bs@6@0QJWe@vnmhiRW83m_{F4y zl1|NxQYr0Z*eDihzUNZ``q^+e^S{a{C5 zxE|D-Fh+|jo@|$6rWaB9Qp}p}E1pHGUptaul7zatrl@$O2>E9MDT1(G4+6ulEQmV( zLDbpgN%%~5RjrG(+Qs3Tlynu!XA@+DAHOL~6h$x%qMV7al(i+HwN;5t!4WHu5l1#bnPbCcPU#6=YQ@tvIj!tGnZnLn-mKrQ<_;>m8!xF99#D`TaiSmp9hJ-_~YP1*)O4 zVHuFiq~y@mAj6p7jYd=Hzdy&%k6-3jX4z9!DHC`EE8`oxY~Fu z$JEst*tL>V-r~_sFF9Xl^!-U_=Y8oOZHido7 zQ2F0R#1>^<8B?vrOk2mOxyV2wBQc?zgW&TdwaJiOh4elUns`|tDbk-|L8X$x#Ck1szMqJhtbbL~ocj2@aOTaEPVR6>4Hh`6=AsWXCJtDx5;KKfvD2ejXN*DMGx1upt33>vM@jr8E|XQ54mrBJ@Sr)4>n5SG zZV%nH!j=;zTNkdXZPC0&(>ey3jgmII_OnqG*OsAtA5$Z;s-9P5Id#3TLLp{`PMhp9 zkZ71EFbj+@f*x%(S+)9}2Ml4e^VbfNeVoZT_|xs051s3w&Hg3LfGRJ&FBHSM@U(qz z#i-_VH(_$f+^gt_%a2dW6d>}Z`Z2nBz-R6{OS?RlZNTC8E8J7I)ZNRX&(1LkfO)r-Cb za%O>1B^F#66Qbwm}LG5DOa}+v=cx)Cf02 z_9zyaiTRvQMFVFxNMDNPumW?)PcZvW=*}VDQ$V)xEsAuL#umDIA~T5=|Kb^$@}XFj zvton%oZ%-;yR$6ssL8VoAbV-b@W#GLCXO%q8B-3(J+rp>$ImFKx~*v4`WMmJ^TS`b zYiPT0ns@Nmuu$K+e=>N5Aov+a)m8H~({O_H6@C)(&8xHl%Fp&gM~ES3509wWl)t`k zb1|itUQ~STEVnQQzp{vR&9|aRY8~C=LLHa_JZ82D#%uH>fn8I@UYY6yC#Jwi3sa

    ^ z`^k5Em!9(VrN^}pH_aeM@=Lo7ODGLp1HHb{APGVg9l)5^10Vv+d=}G4(?Kn3E9Ma4 zE>q>mnKqIb*BZ5mDbkmyjMSa|sw54mKPA(Q+0>(uYMqG1`{b=N1=NT+JK&zR%xd2B5Yds!cX_ZQuO}v)-^Q0X;iE z=S;zQclPvfZ#O&+7lPf!nnKqXh;7mf0j57rr`42d_b$c*MEWz^!m+}u~Ba^=V_L%y(32aE+O~L+jpP&dq7|g9+XQQ>y`chXRTXbTI&pf9=Z9xZm9{ z-uH7)nIi8K=|P;asATXmE&^7En;rvQw~=WvC>U6bJZqak8!WC4yUw)a8zS3gHq%O} zdwg@n>qVhk#0KxVz_n2?#LvO>6q#oiutCaZ_6kYC|N!h=li?vMYpko_&u(f@96X==5np-YF;IRtUfe{Fg7)Ox&3Rg zx0RO6_T_cu>yBY#O^w1d*g36PD!Ub@gw6i&(k;ONi2#Yry_O5n)Zz9I#xF+v9AiA@ zx0ErqH`iBHzUofae!YzN#MiA}X*YB8Acdb6P-&J&EIIK{>-ZRJ~?5kMB%~;|F z{KnP+b9fp!-99#9O+2|!;HP#3f7wY9<)EwUq4cMOr&_vG$N-t|5R!4GYNxGEuYt^^ zveTtZ3G}z(TL&eK935hV52m~Nv|PgGMge}%2xrvL$ID1;LO04q87M3wHE}uFlESMv z){e)Bh@O&N&VokFD{1tw>Jt2d{%9KphoACLI+sMhP3l#O?fwPR1P$~ccUwd;?x8O%y`iyC9woN5B)>Q0b{VlyKw&}Blw{LtXElw17?`)nvvnT((k|5Dl zU%M?AF>8|)wp9sJScAPQZzptrZ6BzWW}vja)ll+iPSSJ@_&}XS+RH5)8nfiokmDDv zj>_*jV%{k@pE+tY?WSOX`$D0E|_*AA33{#Q6xuVVPlwgd8$x*@l(Ub za{=#x5MyZYE9wHcZz#|;aFWH(9n$s<4o&eL*{=qf&1(rBvVui-`M2$A5~!C8HI*S| z^L_98_|7f9?Xz<2;mr)+`LWMR*Azu!dq)%RH*5k^=#j2gWNn_u(17;gicFu{9`&T| zfTZAu(A6nGJ~3>ee>C80Mm68AOsOMAAt6wkmL`_EJh#eTCWfsqA59w>u3&Iuwhx%o z@tBCF5u_N}4J%2(R-c|LH=+;Cc-sb7CswQT`2@hJ^4MNXs}Dj|VBK52xb$~TfXQdr zb~M|C-IE-yvK>vvv#AYS;H70HW3IS3ZB~kStad&~(ls@cyQeA)Y!o?#5^z_BDW*BI z8rm|GMNxkE@YiFgGOU|nu+%x%>C$zL3anvZ{Ws3-E`H6$ybzu6_ zUB0uozQMA;O1O4?Xt`o&_yy&|v!<(m$s%7DH^pN_i$mH3Y93wY z?3$^@fXKH>zmXq}y5wx>4HQZJ!XTKlyRABdd#Jt2;`-Ny1F|`df&FWc$xk)8j!{hVs+jKc|$SK@wnX9@&7 zRsh&JtwI-_O4p&QbEQ&FJH8Na^#wu^7nkY2=^Nf2T^K#?j7n>;^o>m>(AYDVU?IIB ziuaMwtnCg#C2gsi!|#B(Y^iDLYVs!e=ePU(VGS1*sZR?ea#8XV!Kb|}XVX`B>@DOq zIAK`TuZzxv%0*YggQS$L!i7w!p&gwl1njUmSGEOU+nZds>x3QpYPNOjBz2s9{jA9)J^0#Zqw^)Fi5>S4 zU_Wbsn&&5RIaIdRK$QuI8zs!QK5v<3+SlPNY2RE!fgewhsMJtOdALzF3kPcrp@Y$< zWHdmfnp_a0PWjsP+^~%Q06G7GI^R%FySJAEd12OU#41CC7??k&u_Zb6U+Idi0lZjm zs4p4H8jR01Wp5N7Z+Ll4p@)exeW`nCHnwn0e+z?pUsP5&=A@mpN&X5L!*1u6uUvag z6^1UH3(Fnt-mp5Oki|2+CemfWiY9N-pI8TBq+HPYXKuMeFh|)vl(F%b@R5GQTi zQs;9eK@K4chpb7bdN()%onZz*(As)L!b{OJxn$`CJlh04+n$S+3D~X@?OM&(Ho(0a z9H2vagkUll$PVc&x`XYzO~T^nS|2(38M01G=Ygt&dy%i3AJd)*TpS|_u5@#X&G6^! z+MY$9>zBtJ>AjT`SY1^R>?+%%au@*dUeqyznn96ng#?o=tT$qvQv!W9$vRw5(8ij_TdX02-dXuEM@b=B-@-Hu>)}o z;{%ODP*~;ycmC>O(u~C-17Fd~)_0We2}n)_@ztgDyw;Whi!WSe;M>T3jUK7j1-Hzm z3_g1I*;9IT?!(<}5?jXyb|`5cZ|O(hd72K$kjdGRV#mLbx+A28)A`D10H~o7AcoYkQGD*^3JE*fV^RqK{j9V*>u2m&1htb{cda!S#h955x8`Il zJiB*&qo6j2+GVohV^wnAFJkw7maj;u`vF`j>&ezLC24HFKn z3>{z$*4u&xM()R{AH#-uz@>*U-`VEwG=R~AiefszXV)@N4o0iZMD5!18KtfBAHUA> zLV8ZAq01amGU76i2IO%z0o0kpvTp=njvb!Ers@2&BV@TFWn1eN0RMir)#G0PFX*%I zzLgE@jUR6gn1R5U<*B)WQUhJB&|tIm>e2AQ2IsJ8j&N|8N0LjmX)A=QVWGi9^Vo0d zxglq7>5is;(sl!uE3$I0&Y6QH!%xxovsN}GBCYxI!tq3NOaU? z`E2*PB+y>w#inx``FwUkP~xbO7* z6`KCuAq4T{0`zWvdsu~eLiuVKxnHZ&?b$P$)e+eOFuK8)LYnJF+3|_ zE|^*_%ysG{U|YI#agH?9PRNZkFV;of!+s-RXnCOmg)syuiDMHuhKGjsN z)ip5;Nh`N3{2igT?K{;&koQQEY|qd!C9&S2v^BWQrjDHE0heeA&b|X&u#u*Art{kk z!lX#?>9*=O!{=No>%A!as%1U|kLvBU%o?Q_ZYP1VW}@&k{UYY(jzLHDobCdca$L#s@bmz#T+vNf5yE}(@9ej{@sLh93Wx%y9i7RNjgx|KQ zG9&uf@5Wzz6TY_eW^8P1FIitKrHA5idGl~9)s{V`vRj#UwAwpwZ(lJY8g#BAvS5lAGkh!_G@rn)kiSjs zebZ=~yEftj2rP_L1{(?QyLSl3=TMo5HEj7S|73fcd0Ium>fpMof{BdT)}97r!I{>zs`Q*BNs#$M~>?yWYgx8xP~l12fUM$&@KPGpxr z=A6PiIS_^bEtL-4D}SK3+|XBnSoDWV_Mo4yi$etNSZ3m4;py4jzCk9W!hB#g%I}4a z8=+VX%$-v-Hzf0@Q)-wgl1H3wCBBa*ymwk~Pdm9#EpDXA{uw09bOC(Gyct*y5;S7=Ntb_|2ic9%^0o!n5=k}G^+$2L3nmNvC#dpx z*cB{^yrp`>x$tuDiQ=U~k0Pq!nHQNUwCQIq((9s|iQ0ULM#Ot?T{IY5BcS&Rw9Xv% z*@vSMq&ggGPwaZ*LoaW!I`L9PMt zNkF~-DzQdhQD}_s2eS}$bn<_*LqZHJUd5EdxB0V}N2RPo)D_NPj}05(qEu8yDhK&V zPy2JoN0C?EgmO{#kqf zM>yu>zDnn@4e1vOxvXhK?+r$?=X1?(NePu_qoT6YuuQYq35O@7BoE}9cb<`9Q?gQbF%$8 zjLcK_gXQZDS!==)BRiMHk$b~q1~tQ8|JURiUhOnJZMeC)c_B=}hmbpQ(G%ZmPsa4C zmmkJZqMg9neXF&bjHE=sww;CdfGy5{O$x!JB9D)PhTcn20t~_gv|u?&h*n$TU|~gp zr=fYdrsv{%s!z|=0>-O7jUV`BWM2zkV9yzz>8d<3s)EASlkMLt7L0bOq3eO!pQf4z zsF=Fe7W&*<)2Vg7PfKFIKI;Tm@dStf&@I4=Y&kMiSY}}_>i0|{u!f;UQ67A) z8?2se4;pkKt-a%r;|g#E4RJf0kjA4$3@l;;XnrKLbzTr`Gk2v1JDv?tTbZMg3`gP# z$RB5=W(Q;-L+GEl9IG-wHNd3S@;U9E*u&|E#{3AN`Cm5EF5OuQuEeYaZ=kY#h0sUN zc}wIYL|YfL(P4*QHGp{0AC6Hl^?dv#jJ-9d+jwUYO{%d@;)vbma0a?nx?u8BWVlk` z>DUu-RouSAu-qr2o&kqAh**vF)ieKTaQ>$PhBS(F-h>-)96Qz}5wy&XFhk={dO+z5 zv?1ji-`d*R`qJ*dnTXA!#+Q1eD>y+~KUf}DsC*}|_PFQPDT=p=1jKV%PMnZ`;d3F* zb8RGpM>^|Gsb|FDT{*SdAg9k9n+HsX3-QwqbKNIS?!;IGKa`;;E)hw6;-;dOfK;(JSC65R%q@}<+!wXi8)Xw)e93fS z1=EfU;&f_wf26I|C*XOsgM}aCGrmNx+5)%MEtsH~+wz`uo97k9Uq$m}rYFdcI)6CKw5w7goof!!%i6%VIVwc; zUXuB?-Zw6=l<=<2e4-<^uC;8=%od#&+igGQ*ipQ%LO)5zRWChxH3Jz~;BiIa zkBwLVeS-yJ{`$fry9ZwnURHhItMCnNH|x`Am%RL14#5FqB{&iq#$MYgm%!1xIjjt)4*}Dc6Ubjt zVyuI)5W8q6)d%^<^xupPj3wVEqTumBS_cFa&yGt&tEplGME)p zteGxRMOycn^_iHxi_CHhU5EMPZ@;6y{ad)9a+cd+?K0BS6?TapA=#cw2aC6x7ToYr z=;7bH&o>0^c-@(nDwFC?bhp^<6$$rO?cG~=Sup$+C#%*XiFKrDMvJ)DcRQi{uGWG3 zojO6jwMdvz{_4^?xxpvXvIZhDpiymb6_b{L-pS4;Ewp5` zbkLRA9eHM{)2}Pc7(|+J2P;z8+zp%5UX3iWn2gvAoYe|k4&1Vaqb~CwcFI50Txq$9 zc1bDLO~MrR4MNXKgV6&+D=bo*g=LEUziq^SMQHzaO$riXcD)ZgC#6r&usRCu_>ju5 zQ|7pSY%%9fgS_x$_6_vxXFjQ-rt{3@(F3@x(dW`nfbq zYeQ;<^>G0SKEmD2IFw!;BclT|4u@p|?T0d}no?P3d{obhzBIU^VRc` zNcOaK4b^(6W55xs;^XL0NKfzApS<@jYte^iSI>JqD%k~RemVeryw(AUepjZG_)c;~ zcHW*z86h@~Y%_RsLL^NdckD)AuU^X1w_JtEEiIUCQzEO``pTp0m`5+>x>${zkN&rJ z{q6e$LIlt8@a(~hA#-mxrWr4|6dLTnF!Cv&DE(!BSglf;DnK4^%NGF*ZV2PNScG{m zoYn1tHX?zU@=LVKXjuxL&?$jMnnhJYxRatK<5r(c7-Xa7Wo-|Zl$4y~nSM%a`#%*< zN+3i&;uu&FrX;RZocB&Oc{WTZL+tx8V~~T+W9d2L+7+FH7AOd(SnVrmx9|E-*K zxajQP__dtNomUCp!MxZ{mVZk!w>fp`JNSf8%)Q^q=ijfXWS(ZNl)`?B`uD59V@9j| z|IhsYRGytcKizPbTD@5XPGbc6C42$5tX^FOPqZ=8EIsmns}8FVC3oLtmjlC_Q|MkF z9KWbAGJ9X>-#7qP2R^$LXocj-u3G2ger-40e(YW@qYFy`V=2Fj~$ky*_zW-*z_p!lW?Gtj>>D0mlx4s-I_tPjJw^VYYKYq98 z`OXf7Uq;&vU#Cbf-(k0x=tc!GUNuI}Wh2<(qPFR0H#LqZ4_tN~GHy$`2NXo}7rNVQ z=k?L$5|@_(0=@3PUZ~!)jI6q44zes7KN4WH^2f~cpRuO)$^GhMDQOJD&FsjclQd*d zprR89{Gr`-h0T%lxf@2_gzqPvV~Q!+ zaiCa_ab7=U)%`c9a{XduC)?0)qh~KUtrj{nc#hNJChRa)&S?90D?whJf@AMN6LGuy zh*2|Zn7JW!?tO3vil_i(sih9LGF|NS!w?_E@jLA7-z@_?f;CV>@C^{{Xm5!|%Y()a zk5QJ8PZH_P2Y4?GTPO_qoA%s@A}m@iYbDIT$Ef*{=s)i5b<~#Wbgg*N3c|0z(pa={ z#HW;G_>sm4LwYB_|JJ}PFKkVL=JkHMQ{8hVbKQDYFL$Vf_V3ZTk zXKB^Rhum%)MpNo%3jZW$DJ&#qB2onmoqe_HT(#DV{&+OmzZ4>trJH=uYKUz#z4v%vtbHbU)j5lHk1rF7lf2+5 zYT?&$vYX-QHM}E@7gfxyuZk|4Uw%oE4b&QVJcMr(4+yStsan2=@Ld$*5|GUeOr?3Y zqzIT*Tt)qFr0PHI!N^N)7OC#k-Z%&V5RuU`igibi7i3^W6a! zrBu+d%fR4V?wu99g7oGC^--Mp&Vzr-<@Yvb+B_rwlNy_hf!5lK!p27zo zx++rC)9xIVLeIvA*9e#7b*pmue+pnuy#(pl`0Df=IhdI7tvg$Dy(4(H=cFTaZAMQl zWR)J&mMD!IdCe~6HPh+T^845#r19!fLu2oS?O(jtWOKHy#M5Uo{wfZ?I4AkzpR)jL zmqAQScYs)sUGa+M0XUa1LJO1~^sFgSqf~kj3Bw_7>)wCY6gQ5rP>o8nutoQlD%nmi z9}GDwp&MKM?DFM?IE#iRVdzf>1((#AwA5qK62=?TeORSE+69+^A4Vd#^c(xb)@30a zsdlL}UZe$+i+9n|{vh(~$dK=Ns->2}$z`fdmL=3?r>S6wWyZlbaa?NXB_@^#0G z&e*ZGejGtp>(4qcf?;BR)4gd4V{%c+z+3^c=><{gRn}pE%WX>q^7?4%Mba7 z(eKO@yO>#`j&&pvjN0BOeaoQ?3gA=k1udK{^NgB=roJKdg3-MsBW;%ng=B~;OgQ$) ziSxR))#Re0+c5XW3tR`2*WF=y<$M6=n?OnIgZ-BO(wcuN;xAj<`QhMEcfPK+EK%0X z&b!B+6-hpSJ!UUvur2GjIo}!hT)OJf^WIShM5{OOl=<7~qse#KQd}&! zPM=Qyz@9lddjTcf5{?cs&iFL;NhD%KY%o6O*w8~U;AinR?N0nibkaJe+47Ok2R*N+ z5ijPOdL;EE_r@Zw!V1ww>I(u^DPvuDJAC|?(R zz(iQ`rkj|ENH6{nmuh=Phlvwy8X#X}8lj(}mC&>+VXGZ)XDK*N{Suk1#iyWo=d*Xg zC0A^BM{1!!Odgjy)%e^8V(W#Ei7~RK1G|o2*=694Yof-BU_ivi^R%)Cosu^`zdEGQqYf-8wN!!)sMwsL zxJ}orrKx0Tn&?ilL*$nt(gs`@ z{$4S+c`mFLoO9jm>#^AZV?vI@f=%X|o)n{%H01HtNwZj3dX~{gQb};m_5iwG=tXR@ zS=vB~6s77muzlHm$QQiT^3boH(`0i?Kx@k*T&)#=?*yC17)SZcwRQK4Dgq`w%N0#@ zdYv?j7oiOm;(Tn857SJ`w&h#{_ND>=>f|Q>b%){h@3X7(s{YYc_cQxpr`O~JedCzc zm?{>*Zj1JVmy#1b@ilMr{P47r?(lMu7h#(DLn3HYn~(qEgnWmmr>C?-=Ov#tX0cO( zBy8oYeTr$ezda3TKR1zxVVU>bw6wIGhWXzX8`AWS8uAHAg{5@;Dyok>JQje{e}Z}} z+4L}XX*GcF9Z!Dh37vSEfgI)C^)r5RG30Y{LJrK}JlHp>ortv04MOJ@57$aVdfR1% z%!ENXxiBr7qL8woWNdEXsK7h%V(%^N4yW;xH%LS;((OldxQSUhmj`KN%hm670$fo@ z-9`-SLCWgBXbb!ceOFHV^3V3DH1KOr*q1bZMYWN0+(mT%oN6KsvFHM_S1|b8Vdz!* zV3G_}T1!R(^oa#O0b<)FJWk_$lP?)|-dHu#5{;~b&;P~kgd257Zc8R2tM<5F* zbOj4Rs0KW?zm3^sO%Hw1-g;RrS;jhRLt87PLlV;W6g6e)V89A;MsLUnsX59FtTk~L zzJDJI+-npDTSSG0g~gVN8wK8a$#lOo?XEf$=dY|VtiEb|0!rmPi=42xCp(^v`*e!m z3x^ugOg+6h!iTTsG9sbT% zYjtW*bqnz6p1lsH1Z(Tm_~F$0lb^cV!`+juudDp(jN-j>K*8A^e#_WO+f=VMe<64w z(qQz-rDp!SFPq(ux$%Ey7cW=&6)VZGu$K}~)*k+yp^r3WS*JV07TYW+rpe+Gqs=f0 z1W8dhl$;ZPG4d?Q2@=okTADT!z}H4!c^FyRg+lAf!oYmW2+{=KfAxTSkJo(QW=GxharViR;Ulnm40l0&K*_CIOpO2 zfrMU6Z}n6R<4Ad3Q6<}PN;aJ>-M$~!2B5h=h-Q68T5i;WPI6$(7Nh&eeBMVR|XGC}~y;c8?og(cDD0vJb1NHA(s#J_{b3Y@&ucHNMp)k=_Xl=8c|$rkY+DK4C~I(=*e?Jt#x%M{_9&7o z)Ch20QO`k=d98pxYvQH$l@Ku?rW~{!#VgIK{0|&+h6UD_YE6!eVx2i_(zM(L6?_SAy z?UOEo$QM+Tp9ykiSg)9=r=+2@Dl%=N+z5n~EtO@BMm$FXZWn8ox3F*xv*0Wm31 zM_8q$^x}AW)>rTd7v^YjAcUbMG+FG)ImMc7C1cqW22lVX6Z`U zJEN&m2{(34cop(Z-W+UmIq)weDN_C0SAnh9?BZ_3TIRI!-t1wl_H?@v-P~slAqm-K zIqm_6ZOuo&%~55OSzc)LZPbKsvE*TyQ)BX6Qp8z+2cQTXI49l~gnCFh8=So#rcG1` zPDacM3(kb}!nydaPtr*F$@EnzW?DtM4mhp28V6^=QMJuihEHMR>*yUl&EbJU zt~SBEh~aBGdfRibxqEZ3!%U7rEVmzwSFL-CvAccF$r;GC8m{SIvjl8lnn9whQvPF~!BW(K*dq-^F@IKxe(W9Cu%Y7VK4oOYLnir1m~?&Dq{B zUd*S6ofm*VhDRZbkMG?w?MWcVcC$DQ{F>&3iz&a&ul|)bu#T5I#LBcb#YVoPM029! zUG>LS@C^)-SAF0WqpE3spJ_r|xS>O)3#CoJ1Hrw*ja;2edspsZ(!-xt#{$w!rmjRr za1z((-ZRf9PZ3SR8I?<)FD7+t9bR8OQohjMV-|M^e$5Xk&EPDZL{p8h{5#6SL!VSP zo?VN<0E|s)5h>6H6vK%!4qQi_;iDC}W_Lb@T{s#7)*;JAuce?|g8rMP_ zfdt1A;>{YNoSz%8-xGM;3V*%Ov;MD-onio5%jl<=nPMAMT* zESEq(JW$)3942-XVSPuQS8<4bA`n@gN6q6ij3O>3(e;l z7nS^nooQtdx5dCsCp5@9eO_5oI?!dZxnkwxBnp&Y>&I>%04^q1%^~@NFm3z6AjaRq zc`7uPMnap)cXLbw-Tht;FbR$;&kDEt7ZWNn-IAf zy+eqUgkD4urI&<2=wK*;5Ge^l2)yw*d+%rOt><{XzrOE!uj4N-*2*el&N(4#HmIZm2HcKXh54wld`- z(WUJ9=h%C?_f2=V$cbyB+|E~=6i$U*L*1DfSVJ6jiL}+#Tu-sDcxTO{-yYsq(?LIZ zs`&uL=Oz(&T;7=n8kiNLyji4FD#JqGcfz!N5`t>-&kyn3elWR>44T{?396l1>TW38 z2?QFm*CV36RTfeXzRJn*lzes=F)7-3KXUM!OWmka6Z-o3b5@eL(dO5if;Fq>bbso} zf5!m7BcjyiK{z2)0nC1t~SKfOi))%@>Y-AR#)7j z{#7O9@QrdT0{rCT`zJO#^Wi&>?L!^8!f}{Osy3?&s1Zk3tUBG5npp3@nf7d?YtcAl za^lWtDI8cboCbUg#K%<$l+w1^sCQ){%|iW8W&Y{Je;RgBHE0y5K468xNB$*fz^-Wx z&&gBMvbtU;fc}eBeu~wGCETVm{vOvcC1D0|R0P5Z)2a2J-sSs6>^W(aoH!@*Q~u4v z{BP}`t>hAwdFVL75BQ~0nf7-OB67mM;g@F?y*LD(8}Z1}Y&lR0cAo(Tn_2+0t}{ze ztHHHQu1=P@-$i-;_ZfcpU(stSh7Ybcr>%p}xE=d*lzwWS!?ZDx)QXyLc~l#eE<)u$ zUzm#A-KU~>u?&JqKLw8e_E744RLeYe$@pbC?AUo$D$r%!u37M_yFY1*qaxEhsldrT z0pXz>3TR~@r-4l=-hk}mgj&!B!U@@s<^!={fS%V?)OoU}&H{p)JmpFEi}A(@DgOqv zD-Ad!|E3IWH&v=LsQ>a+^F4QNOv!L|1YCr?5@6);J=?H$5G-hP_9m>GA{DSYndo*oUa&h zq!`3D*XS!)_a(JVKvA2p5pL5y{oQFsWVPjcFSkXE%uC2F;+6}3uIz2Un)kO|3%LCo zTx?UauH@2`MnAZt7hMKzO$OU$U3He*uyW`7#RGJzQaQjUy7p2HAcwZ+lfgYrkK$OMg&ffbphdgttbTr6z z019Zhj-JL`hNh3{_zETZw1}(t9_K7UZ=Z1hk<^4O5b&U@F7JF4lseRC$*}dkQaq;K zF*(x=TedhXQSH^)Q`^-I#FLfGiscHMW~aB|R$1}6Xr<8#REdt93rdG;A@CC}Sb_ME zw}FT-oO>gKF`se8C`}m@g1lnF5(WgENUO${&jrGL0aXF&{pfGBpO9ss z)b_wW6i_ES|S``PvTJHFUo-D9SnS?PHjpc||dl70ZCL5NV zp?)hTEWHP4CbJY*!Q@o^fYm8|lj2tmR)NiGCzj@7j#mswno9?vRW%!2Uj!&_m)@H4 zGv=OZp2pSPNvAyg+LBQV516Gi1WurLd%0W%Da(RM0n^?M+wjT#pc54Yz#y?m`GtVIl#ND>S?xEsIJH0t+%5 zBsFF2`KKwRKH5w8ksF%y(k1{PT@W)7|}?ccG6!#a~17BDd`sm*KhT`k$) zhLcJFj?SM)iA|4yG7*jTm?;s*$(&kJL&1^Oy>}inHhSD1G(bD9q|)+Kbc*iqc`?mK zMenD8X-Sd{lZBi`j(6Z1df-h=1K&FuT&Lo&F$20xWrmyGh|ogx^dcN+_Pbouo4!EC z{RY=>hthlN59OQIfY*roY5bVq7S4b!hG=lu?2(0e``~dON2Xa7ZE9M>e^vS(7@&#z z;CydzsKLl~n1>Ko5fG55)JDu2F03t77*#EsrWBXQw{H+CQZv2I zgKIQp_)xfiiqZpU!P-cUac4Y2deh=Mthms^1UhbMt`(icJcfZ|Ots}m#sa=?QgkHP z0D!czRHbG>36#e~ZNbNRqG7VoG1L1Epj0MkA=TIiVL!V{2H0G3D>x19uhApF*Oc@B z#fMV)3M-ZI^N9;nn9fuEF4vG=2dQHx`-Kr0=dI6wEZ@ve90Fyqbd)Dancgs6PvA;a9r9LmxK{h(&#dyuw}I+nNe}LNKR6KSa^+>c{SIY zPBLlZxwr$~tV7#hHL!ILKt5=;?C19#-bB2>yHdTx^oWCr0)4N^lE$mPysbGT2)EN% zaV?$X_Z2@bfh;s+ex9>w$XG@`;PEqJvN2Vk^#Ydk$Ry8dyonvCMg+zJJ4n<>p z-+n@qmZku9WSTMXgS#7jmi3s%PKF9Wm&Joys@BdQJRTKA!2M&RnICTVCaklZ?Iv}gsj}H9y!#o zFCTj>xk)NV_qCQhmow4M~;H0EPD zEOVo`Dyj8q6IHG&*y%^__qSk7-1he{{ig3%`(0A()Al?WO93Ket$ZDG`Nn;?L3D(Z zcv;%mnQn>mFry|O(bf?h($s7JE0Ascqc5gtWpU|c91D0T{epv$xtU|9)2=m$YvmLt zaGIIB3Q_wOf&OZIsMZyJ-WO=&eZHyzP*d6oU&(R1sv0^WvUg8sK7;k*>!hTDy1F`6 zHye@vxSr0-g>lZ+TKm4^Gp+{J7QP;?l(wBMpsOZJPQn_CCP86AORKelN9+3Z`R`T` zj$04Qozc_zA)QB)~KmMO1&9DSucFW-8=SePrsmQ>pMf9#=*ozPc@W%dl zp&=qNa(ury4|7x-ZDIB1SG>@RZdJ#q3jxe#>xl)j6JZUEs|TZHx(BIwqCA-eu+|>azQ8eol9kViD%m-7 zn$5W3LU@zJLY=B+^?b>N5wq+ZpixfCs*RX9*!cOQcF3e^m)}JVLD9X)%U*AMIQ&r! zBO%6hJsQN^YjVAqOxtFKJ|O9lYKPkO`QiB>OOc;SqqjYzCh{ytK0Ks8Qnn(ED*LhL z&ySn>oY1&SiXZfm&u{O4-pL_2t~6J%0pFO;oK3d0D7eGq^U|*8ckTq(e{AoyS+t2^(Qkjc+NBL861T|*6`~cm;@sAv z<+3S#stTsw@lVjCsAru<7mXILw4%DFwQ}@sVPJTcJi^)~KaCm=qGTwneCOy&2gxnOgQ?GnSlGfAOcD7tVNcZlvq| zZR)Ge+@p28rw=J@sdSKY)iQN)si33(kq_lwHU1=@4qPUlzXUR%W~McAf?DRJ>i^|K zm4i>P2>Pi z-Q2tTK>~YX<{ZsCs<|^_biany=SCPzPnEZ4Z-e!H3i)DBoM#za>NG9A;kKW7JUZl> z%9Qsj)cXUv-=0@e>)e7DvE^EZPY=vuPbI)T(h1MZ>SVN8dHRLOPoEpw%*r{W72GX2 zz9n(dbIQ#@uVJo?;oK{dS>uautv!R*Pf_Gp<+6!R3h=!fI}lZuOi-gjAg0jBG*+OrEryixtvR={)# zl@6FaQMoZ{{i1y}JMeTa1Ji0i*n4)b{am zm{NY1w}aRC>^opxFAa}tZZcFO#g^aRrsMuyRg!FjN>r}(qche@nVFGkJ1N2=sLueP z%@>zo+CD>5UH@jv>5q<-!qlNNOod%{;&zezY>NjfmxgPv)c~v7LDRVxzHlUm%Mi;V zhmMKYC{tH}7jns40gj!gVGG(T-cPkl!tv09UPCTVxvKm!Sv9fxh#H_aM z zt!s32bOAnkF}ojhUtiu6t_@*vR(|OlHF7EWDxaK zV9qMO{@!{*Qk}oYa6P%w=ArvwgrJRn5zo0b_gK4edvjQ!{d4{r%?s7SPFn#B4wPq+ zFQxe{1}D|*iG^cqUED2`hKb~*V;!SAr#L#npLNLXpL)opAVKNrmd=O7?WTdQj~~Fc zrP|{`e=zvauBIxyqa}pHp@8DN*@MZA zWZ(&pi0HP)*7kfQjx8&bPIH|A=f!TzIlpqNKr*F~!2YC2-nf#cQ{ zJY`;T3NqG+IZ;HQ+e2Nd7*OslTlzKqy3?IwTS!UV$V#t?-=ZJaN|OO0nbNEP>*+1= zrKA`JQRjo*Tw3IY&T*un$^AYupM!BOVzrjcV-4!6+}7@Tv|>2@8)N70*v&k~?g}YzJ|snGfqOwb{d{^3}m|tVR9Rv{;^l zPd7p8LM#S-RB83#H^PJnE9a2FO10W$Ys2_HqoDh!fuglZP|0?!d9ziK3+z@(kHLyn z0yfntOe1NaZVfKWo5wnbTC3TGs5sEZlssXr3fKo`iao9HctKZ58myKdk|f^=haQ=f z70?m0GB4?4uol7U6G)jVqV1eHX#$SbZU3Qa9?;v!-y;M&3RkE?EV zx4+N!TwU(6i_drOMiR~kJ~TYquW411c$}-*s?uysuzxAb_}i_!bw#b=MXKIl-#FqL zB5SN}EL*st3qE9yffQ@ftIpqI*gNU{?16(5jf1`bgP;D&NnW&4? zNxG;kdUX@SnLGyYNmtsl=k2X}U=QuI&g*X4@N@Dq$2qcHC6-BUF(_Qg)v;uT8)yUv zm<6{4KoS<9W6&=xgQRkyFgKs-O9RrhO|UVeSxKDO*VdOWtB7gAJTUKo?H$__S@@{F znq`k8w+Tx|;S;C62}x(Yfv+7y{?_IWw2=)=!ZsNO%MS)8z{{o0seCndB=fLwVm5~n)xX-{K)yiMz=a~>sK#BxxO(0^O3Jdym!GS zh8$O9fm$a1N!En)E|5#fzFFLq_A`KV8F|t)rZ85shf=?QF6N9yDp6~(za*I zTG?ziF|dzbEjs}%%0`via~2zwYbX-5h;?fxp9 zwWEVncc0a@TDkBASltWfaAnxa2+_#=*#A9aE!6AT1%5Mk#APns6e83x3q@W(J>4hv zJ~(zyEjy0kIR@Fr>TF^AogFAzqhJ0%^uYI&`*oHl;L9O+rZb@jH>M$+^=`4@Pz9%< z`Lc2re+7tv+0FSKziA&D0|A6N1%Hv877I4 zl8)}C7S16;^-0gn)06sJh(gCEXmq+PLf*_rE9qeOV0Dtk3rU0!4orQ_-vAgLR>CW> z&ufT7%ecsAWjFDbmzsfLPW?CULSJJf@>i*wv3ze5%TERZKCKPjBRtA)?iiEZ^$$h7i=6)f(G> ze<)!)Nby4do(=n5p~2DU*%5T6}<-gdTJjW@nF z=~VqvMU@tb$kAxoCgaYd%xzl`(AVt29W?b!<)9RG&&DkjP7|KIP`r$N>!2Ih?9nCM zw#;0#KH+qDra@I8=-Losn^IaYq24>?EzojnsMX&6il0xtupfDYhbXN?etH;=PI{gU zslui-@47#}jz1-y ze)VSnoP&t+NvYoHLtfO)P9o3S9&%5h3o>gPkZb|pP(+uDCULOE?0_jkWnjn-$i>im z{cdlGy~%u8bk2-M;G{gTaG3P0rmdVcBU(XGKAVw=I3kZ?69kL%>kK@E)Ed`k0SZX9 zG>jOJ(tQ%2c6xO?>09|rT9~lY1dpxj&+skffcBvO2!;E&8%pc(InfNY4JsJCq>E_V-C!ThdtM>UZ^P>jIxf919eW1^40c!@lMXp z+(df%Qo^JiK4kk-ZbPmkCQm342iAEy2IO4-h?$iu_KpiGVcc)hh5F6rvp z_E2m!#y7DPtdi=X36X&ZtC!Fj2y{7JH(iV+7f}FS8ZjGkG2@vT&-Tk<70I`HcVDQh z2X>>< zagt@V2xaXKL!*sN`?Z!uZ-b{lU=6h(cKO-kGbiWeh73-pN{9Fa&jemE`r@{&2H;=*S>!ZiKszAS($NwfjeeK2pWI54*`cW!zMoMrVwqywtuSICa)@5_r`M#i zWqVp>IV3jztmel&5w^}aH@@g~JnlZ?&|0`-Me5@~r&L?!pF@7qc410#iy4o9mb(5U z)V$X~Z9tZvVDNJsNv3H(aTvN}v|Hn?IuW{7Y zbl*OGF8Mc23FEJ}d30$!%|H8dll{dk7tc{&G$H5SxnI9%JhgEiA4B}3zrEB?g2O{$ zkB^=Fp#9>q&0p>Gx5~|*2Q;XSywb1UdwKiEoZug~iKjL=lREb@@t57$j$QrUkS_k> z^`k#~w!i)D-V5q{czn&^=ua}#zd!HmtJL;N|262Zrqh27`v2Mt<-1yP{-3M!Yy^#Z z%=y8vBlO70N#Vr_nL^#Hit=(H>Q-VwFGc1??UaA4-II02R4*ecpp^7?1;G-*fx*EX zyR2ZzGsWIC2((oolutYD3?t6R#|KxCVl_lWgDx~=HZ*73{L?)}DTGB$O-+ee!^UdP zQWy2>45jl6U%n{c1cVLWrqiLtre$15ckBx2-na%1v#1!9%-s6@5?}Qh zKApK~3)^jeQee5+_|*e)DG!l2SF~*@%8yoSk-*2-lO~!km%j20bqjluWo#^AU6$LQf&4 zy#cz?od5k5Zk#@BceH}FjWSZ(Qt<7Ni=`z*(q-bTVEfJ;NWw>rl`pe@@$mohtYKfi z`{bA_1>aq-JI(v&jJjL*w766PyS!W7mAU1BUoiT)8U6Q>Gs@1&+DT=1u*pd0SV5&A z&LG{=Z{`uqqsPzMvET3P>+N#6u0N9KXfFILrXm@eW;&SH%RMO@vRB94RA*ia$gj#G z(-$<)a9Gf7*v35KToW`{)|I>CLO->H>{|$T6oeExq?DgMe*7r z)tl=l#2u!NkhIcafgZpn4=^nr zIUF~Z-Q2hTRDFymR-W{Afz6>8203@5tR{G%$1**F++tH)VGxIQ?mpX?7_1#98R};t zTE?>c==<2}92?w3Z&Y#4I$w zhQ>%W7$@Ql+Du^%GMo9TawrOD5@+9MXl?_plP|(}+u$0ix^S|k5aO7?XGqb*xw=Z9 zk2-vH#`|x3`KB7Kv+w!Pj7PJGm*!#0s>(QsNgQ|;A+bMpt=&j`QZ2p#M_b7)k*FPn zyr+Y=mn%DYxV-x7Z-7V22dcUlTs?k7y3}~7hBC6a`aL2OdENHh2^&c6V%|+Rw(UM} z5o7`hHMlkl2k)_Lbo54fo8L!(VY>UlAv>fUxVR?mqSdpkSm#{?Opse?v z6J(F=RU$dXJWj#gnZ=U7%^w2`E#7jVltl~F4MFcSePb^-gE1PHN!%(!R~O%*%R13T z*c5bIPC@!r8y%!q*sqhCbkxCG*yah_U7cg4L^&IQVmvZ!eB(U7jxYFPWzQ6(j>~KXz&a(k`HX@{8B058FEyryrwbi!Z4V`01D zC|x7{<2l~nqoEJ98Q8=k9SCP2w}LyV#XDJt2lqzY!ChYedgR%bhJjkZ*L&_Q1dyrZn3aF|XM;wCLjdO-<{( z2&WBR^U_MNrMl2@&Mk0~aCJt~CbxtVsyr>!A}2meE34WjRV9MXrWplVD?{&AcQ9JW zqgh+BW$j4FcOCGYfo`DDI8)aY38LWYdMnBB54 zH~sGenqk?-Fe0lZAlH2*cEQc|E3=fLueePdHHrV57YXy?c);h<(0XJ^i8|be!rsf) z!L$@yy-NhQzLu>_Dwp$s`fn4PrmeU4Hd-eNadVMrhJ)p5z^+jSH3WK0v5MVIey!(C zbZC%YTe4JzX|JJWWtCdUX+6B169aa_*m2yBJd5cWYiq=p*5?2KE@74_rb<aEAP8c>3WaDeRihdfkn@7jxf_0;npDY1wCQ6l9>aOl6|gfBXWjP z&4EiS%>30$Fqt&UEdYMHqBB#!_&SyJCVe_N7EzGLF?N3z3lv1wS4y9Mqm$TgSbjvQ zOs}k$)5liC^Y?tEZH&&gFQeoLJ#&V_?2|KnirYF?KW3%Up<()cY;p&T*S~w-v;8z8 z>9aU^cqEf2eUHU@1$sTkU_1l$GzZL>1TWOh@iNYnJ%F2KYT?uH+CW1aF(D)HN17@D%Z)(?3<(E=n>g(-iI<^<8SlU~08f&W^ zISDJDK3Cf5ZBxmaf(G|3UfE_hDs?Og_l|IQ66jLETx08KayuqjT~i1;R(PM>JO8{! zlu4T*##o}RHMllk^d3r8Mv_Z9;7oC8NcxCq7fTXHGwzJcTaB@BaE&v{r+1uNyF={v znR1+erl$?Rw50bhXy=XwWRn`g2_qKqFHUfI;o<0ywkwJUdz*~3G?iQLllm3@K7+o0 zrW=)C^lm&F&aIYy#q=M&sw{+{4bqoT!Y)E3(3XFpN*iF1IcuB_w25x^fQ|Geo;B!8x! zuWzkO%g(~36b&ES8Ce!P(wcDX#I2B6OWizYh&o6 zIwQkAk1nco0wbLZq)$6bQ9+zMGA8DWLzc`JwtCV2bLkqLqAuOiC|W#~E~C$MgY}PC z;BO23e}5Eq^Ws-K>+ERpA3u=){KY*kYM$&MhV-Hq^8R`3?=i^7r&I$~-q5W1)oBV=K|_hufXaqnf>Qscq2d_d{o?E$u&k zRh;;lh7#2fNVW$uSR^+W;6F+>e)j|p)QKW>f*vCB_iW~m;r-uLdt1O z8O#DFk6rWIy(~-ntm?r11Jh_7t?rZ4y6rOm#wM>TzB?c9FUwNYNbY1xo~e^rqlC&w&Ix-2eixm7PgG8g_A|!grS(mrGCK9I)|?IcPkL+JhATWKf^Mk} z7iteDYGrKozR%a4D12-|L~9QwMg(0E#MOWVkG|2)cvFTufgj0R_oSsl8XG0M?x>=5 zG1;wuexd&Oczm;`g6knQQ%I^$cDQuozWw^$*qR#s$;nAv$ovyoAH*kk-d&lj)Z%wx zm?vohrr{qnaR`=prWStVy>b#2;e#P;FoTuuhdndEk(P;jSsolEhz>ikhtA2HO6;Y!>eA7}iOPXc#)HZd*JP&w zTl&T1>zK!#e1QEAT&5+x)992Or(JkSlNFv|&O^wK@%#~^_&s{Kc!D|u3TLy2ZD>!{ zeWIEDX4|UvB?%hWD~uxD`#NmCTelO##vThbdN=V%LgY2$3WkhjXnu3!tHIOuD;gFF zlLj^wCh|z3X`sTag1bt!(t8FBx^FPUAgk00KQfp%S(;X9EJH0iXD&_E6X+9bn+(;R z*5EoA-!#qP~JvzE7ivFa-!^KxJS#XTM@w_mOHpr#nSm!f(aHYn7FC5!p2yD@#v|Y z(krBsb3R%{TGIdX}Pu+A@*g&reGPN7U?;=ur(W z^$MCu9&?iH4A>;PpJqKZ9_A9~!Pr&fS2Sj}GtT%dEk#UQo7`?4H?V-^?5&c-j@@@G zIyh*_*79U@YMNv|-l=~1+Ns`ulYuj0k1h4vFV&Lb`|H^-tb~cr8R7h?x(J0-r{0j zZS8iCG~vpm%AqiKff=Do83_pq2F;$N50Ln34M->Oi^j>=O*9*hG{fl~gcd8F)Rw#= z{&k6(3ojegWt?^q6%$Jvj;2oMeh$9)TqXi9*Tvp;Eae;HJZH(F*(C3Wq~Re^|f zyrtU}gM%@Q=0WalrxIZWR%I;@4}bmy$)y(CYje$9c9H@$V!A*I6$WLXoNS|56N`9W z-K{k2@;Vu5v)ArE0-b)6mzo0Y$QFFB2bX8I$)c z8FfAxEi7Ah?R2qwk4l@ZB+BusgDA^7#_S6vu563hIA}C{lZ*ImA^!-i@Ry?P0hok8N z1@&(Hbi}U&$#nQQH|OdD-CX$;hNvFQ+mltHSa6R z;MJkd0?u?w0J+xHbPZL%8_}iRRWVtZC(6e-BRgiXfw}cTxVahUZJR0EEp9r-({Rv9 zqi-2l?p3miyFQDJ7OmucA^Zerjc$lBLyjb~SlM)+vcm?c_v(%bA^(B^so$_aj1t|Z zi-9Tu%iB6U6=ul{`$SvYkCxt_=iw>OY}q3cq~VD@pHcYw`mV~(Nv=J>w9{?my+df% zZW-M@qvV!qggKPUv1TsjR`)C;y^1A|!hTP{POl^8%t}i2guA_3fmVmoSmD!V-ZbL5 zqUrF`=|Q%N0Z5TI-%vyUUg+@E>6aJ4lq1my7J^T@_p+%9WH5Mg*VY9pFqA@nceQy_ zP$-`3c#6cp#|l~Bu7kqXXuFX58i{!RjD%37%V7_^`0&fp2buS&+U3x%W|ol{HmLl@c`Yt*6gJl6W~tAK!Rfl)N8ZtemXSj-g_iC_&p*(t zzXr=slx2?{UtiqtT9OU^UPBkjrs_*KAYh=J0H&ipRxY!e>2v`5+joEirqzXGryJMR z>+wWDm7+N7jc*9(Jtr|`NNVF1nLB}VR*vLZ*+_o7F6(Y_Sm?*(#O8NTKS)%oj8~d8 zJrp|)k-U4v_2F2ILcCSY*#vsVpK3#1 zB+{Dc$Phn1XTS7>iZ>eg%3wL+Uh)-Vh*fv#8x98z6J42cB?GtGExVD;K?u4t!hW1f z`kNSkfK4@kOZegnZ32b>DVAxxqE-J9IJ!E*MkUJ5*wNRt3~&P&rO%p&$S9i6Z9Z{y zs-I(<(sT~2vG7kBKixwh8*T2$lu`w3rw)MGhzs|TO+{tM^;eAk&J2s0!PEviirEry z_SG$vqozx`Ps?zze66-}aJ@$LLSji#`*MEV9t>XvemiH9?Ks6? z)?|BF`Ss9?65F1p@( zeCfL?+-vc}DZOq)z$om7ugSr!<`w5qF#Fr`lB#nE z?l|)&!JqF`1G^z(In(wdoa2Ebkzy~NeOQltA=_`%L6E~*Ro~gH=zGb#Az}$z!#y2X z`4J9GRYlh|S$Qg6sISd7FxDy{J>;Cp1eP3urluLc&cnu?)&e804~J~ht`cpI&{Q3< z`iOBOu>#ra^9G+{JjFXquKL8hbX3`^7xl`dGR8NE+}Ou5T0(LWrqSFPlq(9)UpZj*X>8D8fF@lVbEn zE{7*_n75~m9PFI+JX_*zHvJ%ZM$yD1fiZa_=8AudujD5j5_2DRs96@InZJLL&2BD+ z;n8^dts2up;q?{GEn^&bPE~#jeSNYg<4W|Es~wnQ!e0dc^4bC#MSCaSU*| zhpp`tAMF@5hb!T-6mR9e+Tc^@+gKJfX|_C~yYol1@{b{P7k<6eKQZ6%-iw)pkea@dM9qxi6aKoD@`u%?It@)_9tK7w``AVzalmzlW|EcBPuzGmKX&IlunUXr4%19>4!pH#(E+o{iQ^P-UKeshuh)YcI>daos=q@*5NLk^TkJ!1X#3q7d~*ks`8 z!r99|c-JVaCkpQBu4>;)rw`1+#Oz*>U3$*RY?BpU2y5rmFeDro>hy=)csSh=LR8z> zo}?`GsbQG;E!(Y&SKK362&83uG!Lb<6tprrNWsaT{H?M3I?cTK#p2x(L*qu#H;FpC zD}|0Ym6rTO@7qjNiV<Rnp6#sBCU=7P^@{UFJssOF$k~KQ z`YRI%4GPYuzGC=D>qM6H`|t+G!?8Aq1mZ&1N3$*KrMkz9MUy3+{HU5?4BZ_ZnY&5(@5> ziTJy`qUkk*_vp#NyE%(3HG|Jp6guI98u3Ded)~qLv&T+Ku^+L3l=l_1G*z}gLSHuZ z<1G3&oUeej|2xiCdfSb6?W~f9UGDJn*Ocv_iiaU+diuo$A@p*i6!0s%} z5vy%lvJ7pJ+@=gF>YwBl8NDIRbCNtC^3+ecl_ZA;k5UTZv#;TywTLqz_X{?g)4aA5 z5KiE|+2M9U6UU3%An^P!Ny#^O>dO1-SENsGppjXmxaF;S!4EH1+77RW`5gw zn1hI=bWF=t_w7d#9ijg1EkSP^+~9jf(ReRq^7iWBKAP02uu9zj$`32Eft$Eu3h-RJ zU7#J;)}c!K^_acS?=gOaIWtQ42&px6VKhV`V7q;kl5|knEP4R!1(4qJ!;7FA{&Aun zLQV4z@v&vu({^8kyosS#GLWPLGww29^GVVGhlIG1a{Bw?cVR*_411?&9e#KRK&}$R}@onIskj3DLHpn%wT*<)n zRrK)WwgXY>eG7W>VOH!kx5*|;9^rFGz%5y`V92b~d4}`SZWqrqY1cS+Kx?N;xm=sv z^;{v?L@_Zjl|U?W!{;Bx41Z25L|~ zqFGd-_qwB9XkQZAa%ERNASIddiZ1z)4Xtq9Fh?R_?>%5AAU7vB0YfzN7RpZaRd=>f z7BW$u&kBa zLsu^*?ej z98<*7fTe2M{`-4+8(y(IZ)B)?F53hbCbZ9^Sa#j*QhDo25{9A@ zm}T^|yOIx$dj#8ELT549oP#$M?wN5({G5rx2MD?wD zt~^RuM3E|PI6iQ#=Goi7WZbm2ZLIps!&*N^2u`$f@{Od#kJd4T_`?2D8`ArH>){dqZc@a0{cUS zlDAi|fTk;}jW%oP0be;<^sekq%6Z(=<;WbOA$U0l3Co+jV^x%Zl^KvcidX`T_dwVN zT(uZnrut5V(~E_e2r=R87NNa@7w;zLx};CKC9AcNFkpJ(V>|}lKxiRvjatW^Xjrs( zBLOy9dgb_UsE@A)$H%#pL?0WaYJ3+nwzwbG*QdjqcFE)B_!ptW^1OBlvaz+FSYxhk zfn)yM@01yW_HNL!N$H8-M$HSf4t+k0%&RvvvKq}XoZc=iaf{dV7)O#RqUsywCp*{Z zLmw^A3&?IpSf*_)2TAyZWY5*D=oDtRPGLq0CSjt6w$f+vE4WXjg{r5>#<(O)4G*n? zO?uaKOScx}ZH@|`ln^t8vUr&VHplG&Yc?Tj{(M`-#KEJ>ACstiAq^Y%c};hw51J57 z8`&-LDj4FxEjAO&f;E=1FPSGDJhndDinD*;DrWnI`vG#;ps+k})2k`Zh}xU9xw9ZI zHbiGrNzQZ)j(6Odu7+ejC-2)M1pscji#*LlzgXKT913)`p%-3r=2$2@qIABlnP5$L z_r%e&sHCObkek|Vv9DWvY?X-F;$OXi`=-A89cue+%x!8@0|Xdx7{Y54mVTy$o19Nz1AWZ zIA^PcpSk!q@+ekxf!l55lvq5itO}Bp*!6%G1{d^(?7NuweDJHg$zvJlWVMo|)79D!W6`m(-!0O0#IkuN zDYZ53X@-+`=JQH>sxOrGt%s!Zg)FQMjBYniukMC##UwTlOo3A>mF8A1*jlRo?({HP;dwN&C&%E0;jqBUZMYzp8hLizo8ix77Dmv;}ics z*wR(i2X_z~cvo!Ly@$6C5&#R`0|-#~!4oSl!WDt~fO?V;fm+d#^b&c+yc3LgzLJ&k zx}4(s!8P!fNM+J9g6X>_hg|B+_>u0d8x>8hpaiid`0gXys~v1i-it+)4RSE$QW7v_ znv*H-M0$Ms@|A&V-?C;6j*oP1kQTer2mWEWybJBK(o@?dw!vk1OI%Q4Zba}=vDWgg zf*q2=kw6wviU;TrS|eUz+y{I@RCA&l?aGmcf5p1K1L;rk`bx>B=|_}47))z9RFR-0 zrprdUd0eW$tF~ZJA+<01(?fFAg6LZ^wU_qfS8oj--k}mzK6I|)WhoCb zeu9iWm`=y;YbW5u1W?Y0CzfV~$sVl@x0*rlJ)p{t`mK+74zZhJ{$0lZhrPE9i*oA% zh800PV9_0lAdPg_Q9z|cnjw^w7?2nS7(z@WMJZ|NMrwuz51k{;%+Q@fHv{jD=Q&4@ z`uMy*zU%s~>-!GBhCB9Nd+oJXuXQ)Hu2NP-Js=@{06?aatKftxR6pedn5mC9GtoB^SLpNi@7?M66j__vu_@dh_<@ zDy38(uun7M)Qh55bMjUk8pP+sRQV8N{%ubUcq?Y3V{-|4u0rN+*J1+?#VYeVB0RAP zBi4`^;b}B(RW&PC(xk#0s-iiJ>scl8?K&rBLfJgH(DO;QVOAoON)#a>$=($FZf)oI zar;x#&^kQmdwBKZIUKff_GXAm1?6u;;z&q-Baec8k(kd;@U$#FXRVh4TpDwI|GC%2 zV`}$7D}hHLcn6goM~f&Mukj0*E+MQ~*(hE{SHJj{-N2{a3n@tY2%l^tIG;v6Q{4bX zLU-p)chJ^?!z8f?6|tVljFz>Di2e=9x@~RgK|V8XW3nQ@=+fWW@_r+U^e(%~7kg>< z@~bvbP9IH&&Hgm6bQ#=0L6&2gih8G{67BGQ>)nCL`Jhlu%3gBOW%wLR;Qr06?{c6Zo{ZvjB4H-!i-iopkzGf>h|QB zps~86lda=I!UVAoa*I;dA6>Fa%X=4jQWf;i{Kifb=1+&d8+>7;zzyGGD(Vh(-GC=c z9_FdE0`}b_Z9Ipci;RdD1?+T;Q#;-|yXFMZQ<6(ND+L`Y_rHpGaG@G3Kcp+;$6Z6O zD%5HfqZ$si^=)NDpx`g04Jtdc<7!s!8Jojb-XCv$WD8d~(vp3cH6sBVK(nmobyQYy z=myZ{!&9x|9{3h}juP(A_#n2Gp5C@Pl9DQVoIzQ3mO5^4n0MIS_Sq4<`l?Wc{evg9 z6~*!wkot5o71zjTd1@Ro-j)T|uHto4kz$ci9LNsAXdxRH_ z)s|gHjZ*=9pHZV4XTK(`ovbu+kYI2;Tq(bEC}}foRIaeIqBrW`x{JErlYm|JvLdgTKh#4ZmUMZ&Z9V|b@WOB62TKR+W?u`t7xocQ55P~U21iD^_z zL9xol8wIpz*u1W@GF~Tfm@wWHZ^fkD(w$pA4@Zf_+|Vo%^z@i4se|uK(l8u=V<>0! zqpk{&4d^27b1lL_mnT!w)DklJj=~A7wOfsnTqIpgdBe-;XIRavBt7ZepG`A z#OU!@vSSXRMt9NXq$O4L2ZKDCJ@onxWpjClpqTrd|4D>Bd&R=;LdPM)Rgy>&v5F^N z?jI(eRe3yidQoW~qhZ@N%)5JJ;jzEP&>FDB4_ZyGDxdY^(f7>kV1vM1=A!$y_jb+Q zj?qPZm(Mp>WXT7FaKAVM5>+ff|PZS)@zn!y|^mXw)3 zlrHKo5V?W}-bzwtqnIw*%;XoM_IySyz0uJ5e7PD2yPaYW3BElY(zF2?2PTbNPoIo)BO z4#Z8E=-i1Vk|sT(un0j)P8X~hIJ2vd!ppC6`}1)f zNexlY67w(-`-o4oYR@`fhGYJu>m8dzHY7v2i z->Q6*q(92&(N~N<#4)v$?zGhf@Us9VRNNpM8ET>_MY?5th^XBl^Ywd+Qn4FArNk|V z#l6`CUFOU8)YR0LX#Xn6`szvpGUjNis;Y1U`jR_^%_nga&lJ2)CNfRzr57vkg>pV_ zdV2Fsv_NBpa$m{A_j&uSUb5-;iMNOL;!KGtQ5F~z*R`hn?xA6kx_-$qzB$*5Y>W5R zZi`fqDXlVt{Fp4c;byCevpCggkG{9w5J|qfOl}63yay}~P-PBvHby(k3%8^3hJ6y0 zxuBE_&mv3-fKawR{N7e|GdRY&^q|=WGtlD>7CgNIN@~!~?TX3rba|yS5+UlQ6S?L1 zeybqikEi#A59{JMkLc97eLkDyXR;ENZM}0tbOg@YzVG;*7h=ik#0;E6%9L~HB}Xfo z)muud&tJ^PT0B*{oDw**^LO^s2vTito8#kEQYNdi6?~1H)3|lXgdh$|mic9#3mu-9 z;^DL}bC~mhOf1xF!DpEeij}zg-q)Tmw1%>S4K+IF%LdQ0n+`^HR!7SpRI20tzyo{F zhWT4wyKQeqwNO)JzH!fNYSSW$U+vz)o5;=zBvl<|gsBt5J`VFNh27+Q%wmKuAtAB( z2Ql9q9Ai(+6S{Z$#4 zFwp(JgCW?hPDkF=dNTEliVBeEsHZc#UQ9+s=Xt}~@%E9b6E`&L_&;6iC*&9V42bGE z%drsSol7}s1kg)OXaIBTp| z_}S%nZAg3nrQBU&u_A{!=3LCO4)A9;QzLlL?=GgyE-C2r-Z!SZ?)Kz&YC&TnFcZJn zBO#j8_GCMh!|rtqzRU)bpsD>U%xpoB92S4)r&m|5z#UPsQa#T?ya=N?|5KPV@Y5>jyo@ z6qwkIJofKZ{6G_bopdUb2Y)m;;C&tPE#K$QpWht*&T&!!LVX5LIf9$!Om52SA4a$l z3*c!ka{-DG*tH%R*FOU%nB zS*SSBsZ+l|@0T}kvjTyEOd;B0f*&yT-6Y*WIg0(iVE$R2{$G&wFE;*ih%1QM0Jt&fF_)bb7%X9)pEvd+8!aTU?i9FD(wv-#&d^os(Lc z39e%Qiv$t5!jm>dps;lyUYSeq^a$v)QLK0L!1V0#jD_ncYh?CHfzz_$^0Cpxsx7i; zM}PkgTI{5S#Y$Al9mi=g3*KsI^2G!dL#S?Bt32ctM&sJ(Z#9&L@ww~i9^B6NwlveT zTuoBQq?bK*3szwX{eSfW*sg!!MDdF)e0$POZa#(lq~XSSl24EaYI<*6te;(EkN`q& zHJQVb@HsO{<>|PGzG&Q;q{u@$E4=zD7}cK`2qE6e{-M{z{L!o{2&QX$kodl0+}=&v1V}%9 z>~URv&d~x+VD}7N;$0FwN<^5L{BUjz)X}=ZTh!hbW+mvAoe&^2G4&8!33aqnTq`UA zVt;eyrfo$_uhebSL7MF9dzQqEf7LAmxcy-nwSE9W1V{NlKM|R4@smh^`r7qYtZrs> zi8SdgNQ990dIeW_LDqc&=YYO@Z$7+$R7^PCQe!EyNEYpkb+p{Dyk&CHV;h31M)-)O znKfMnqHR4b%_9hD^#QIM510&fU48py4Q!^hY^pkjc*?J8N(?6xrgdt~FYcke=KO*y zt3ap_D(n4W@Q3}U>0t30;Q-)MiuwIZ-kLj99%oCQ{rnTTe=g)kF`yEB0GB>HF&A9$ z$O^+9l&O_M5|8ijY*@_A7p^uW!I(m`B5aYb9}$7DgFKME?MKJ92PLy5(&#O_cM(R> z`GKgN?Apl%Wol_>fx}0>Ly>6i2Uct!H=@RM9Ft|EO;661-WOo zHkZZ0Tt82bc0znsWms*a+n z{Yx2jtrF+s{Y13qeWBokMTm0F{(EG{f{T?Kyq$FlXWiqE$ZPio)VN8aV};>kuKIa)UxRnf4r7k6NA zOm_=SYjZ~N`}}aPaQ(2&b_Nj)q{YKM=Wq-|S?@J{254pApP2{G2hUNf9>kvSnk$Se z&u@nN@T7Q}R#lt(Vm?2d76(m8@I5;{+sclfx;FcD{vUq%MxAQoXkr&T=@Ryq^|9Vc zrR%*{KCpX)H$!j|y9pnfEi>>;kdhLI6?Lu-HQP1CMt!3$9LIS)Hg2i%ot({ox-{gO zVkJ^F*Ft2gGyMZS`VI@Z^e-^zi;Iwn*3Axh$B=q1U80QNBA<&7JR5%4^G?EZJ+Sj| zK5E-8v#a%_hAl+v$5Zt8$-0qK`)Jnm0*G1^NW}qqBRp2^>|F}1;%wd6Okb5ry5t&Z zfWIkVahP!%CA&~zRGuXd`?KgDZC%rk(|pM|WF+Lqo4p(ZI@(2SHGpDDX0*x-MFgR9 z3U3ZtS0sy2RbG5&$*qP^5u^a?YT$;FBG?ulL{{@Hy&i1qZ_C5Y19T;CnCs?KJonT&ayO zH8YES^ecAz<;bVJ22Q*X&Hu&s9nEe6Ihcdg{}$MgxnnPER*SZ5P!4)IFAQC-P-<|# zyFBttZHM!IK2?EwX4DIF2KwGzv(_iH=dI7!2t>6!iFF(Bo*5PN*_}NvhOC3`xLa-) z?HJhRZyCYVy?2*OC{N?zpS#R_j~ef3>5DFPn>$ZV{dq<1CqHWCuQL0=-nbN7k~077 z{(oKt275-79R2rLgQC9W<>g*&%)-FX{zQ+x z*@aHa5B+I_BT`czdn@@?r9*@{(1Tn z)$w9P!2Tt+1C2oUm#Y{g{9)b82FE4_Di+1S=H;DvJOQ%rn1wVxz9a07*gp^L``SW_ zwu$jqOq~QaMNgLJx{}RS$3B%MVzacfC)S#nLIjagg3ws%zk&Yq$7dfrRt&;n6y?*v z@fzSfglfzOuj)cslo(5i%ez6OZp+Z@N#u&Sc(6MX)XGcddxr0$nX^!pA#D@Av);8*y-5%y! z(_i~1?D*S8wb7*q_H2XzP_A4booBHlK`0v39&f^M1Z7!q72CYA+IH2z^JT)KMfeI7 z7iThih;!M>gA7j!OSE}ylx!7vYim~S%YlXR9sJYwDGK&RC6E}F8}|rky~RX0In$aN z8L9?8rj7?wua8J3rS9|u1MEJL9lwyIRR7dYw=!SQ;VJA;nX}nQr8@(--8iGI+uXWH zO5{5>o9F}J{-8;N12_lGzZDA&#idclQeUX>!wMZfwvjNQO-+qUpb>2k0LmsAjfQtu zbB4lRYNjrUDwSTtK0TPwJly%GE} zYOp$?8f)uSVYo9IJ-KxZbF({2hb3D~tPZ+0t-BQ|aWLdS}K&^Fcgj)rkl*a%|~xeVNfGxwZF=}N%(@lhqeaO3ue=)PaxY_|XvtI?$ zT;N3RIpAq?eAG8KW}LpRb4z=xG^5G^#9g-L%)i&$Vx+h#BI^xn*WmLZrM%kQ+4JK*lHh`|v#0N0kJa5G}-%48Ft z%eW?opT#6ufOfR1$=qQ0I#N+ji{0giA|hto9@snQ380P`L=jj~S#Psg7i@8c8lQ?e zOHZ{doZm)9k|n8fb2+m#8zAMeQ|HVzSwa}4%bUXOfk@{`irSF-Y@Bqb1)*Xfbtp_D zci`Q{?^T?GYrt~V4M_nGlgNZ$ejWnm$=_ElGP^rO7m#2piy|e?izQ(l=nQnUQuQx) zWaan9cE?j8W3a-KWzJS2(TEhQ@@jhP{QJf<(u*bO!Iy#61BOmq!ZSij$W(}Py$`X2t@Q!#`YP9CbB9}Ob zUl^(L@;psQ7t}j0<>Vt#?^dH?02V4&rP8o96+%bg9lHc-q96G8rB5fs04owm(mgF?*C- zxu-hq7;NKLj#LYNt5IZTIPJ~II+$BsG3mB4KRHoVp*%+Kdz$-ARo#u{ci~1hdhZoy z8rzLW?C0LLQUNT299|0tOQ$27@k;d*U7;Wc+u#-6D(A1l@(Z|fD|m_%+t>+qfXiLX zsSSp#HT!oeA5F}(%(p@K4;f;TGp(KNyd1P?Gb^sz%!<0Oc|hx9+iXnNM^%Ftda@?7 z@{ezD+Ut|YcuPySN@zls!WrX}s&OTdYzH5TYO&PD*KQQjQ!7Xaiab2`$rMh1B3K2=nNmLC|zZ~hbDu?Liw>!qV$ zCYawY5BlI82p~Uo#uaSBX*6`#%ft@q$*Iw$Vybb5q^zuh$pX1?AdS#|WNwDqtn!2} zm%aZ>I7A8*uP#4y9dXOc%ga33VquZ0vAxYU$&PA(S2k1Pu1}jAX+PAIU8f;VQky~%n) zGBI+RhuBO=*XB~WUgSYeFr>x-d%MVVawTbgI?cr%lH={^Xb5$*?lr8su@IjVU`IKX z>WmC}>j)`eC9o_Svum0~+M0T_FgW(8_d~-<_#{)q$xJ&l2$T1#N(wenLgmoKe!VIe zyr*R?| zj0Li`N?xw3_cy);Rg-FVX83i7!IRQt7VK--s?7NlK^acKrp>*p^&??PN=;?e$u;QH zP=osn7(u7|D?6T+puD{kce<3Af@WrBsKuSkl^7-exyw&#K~#ecZn+5K#8}{tSQNqC zOMC$u*3UJ*G4o%>~oN$Hr;B0vfXNcN~o)s!FhF#Hc~R^ql1?p`Nh;|lR7V4 z-=wFB!Bg+?-fR$?Pl8SEgL{&M6hgPb+MR__@D%>LHT=RhYV-7pZXL_YN!xF;f{DVX zl+w4gMuQDq&yh#S&2x|?$y8nITK7=q6^rTfwuF&!rq{#wxA{o=B9X!1$d2F$1`e>b z?PF*+YuxNI39xYhqu>ZdN^P{e?T){4?qRVSEvoTBc_5USyj=3iP~Hdor6{3R{mVPC z&YiEX+++4GtV?c%-?H+=D1ySVrPc8|=fzPG5s?`@gg&f@BciAafy!Y|yT>~tDTn#WFaZpV zEtB3L-C2GMHNwN+=YDX_KH)ct?+(b<=g-Ue-aPvtPU}QH{El?Ky+W7^*t+tVE!yuH z^gl3OD@P6#oBCBHsr_Oo{B!ihc+W1PBW%U~obp~T9s~kW7?ueFP*U$cH$C6JZZfbwU{?Eo__FH89&L;S7iM6Ll z0W{0Sec=4=#&=L%u7_Ou*$iLdd~oWwa}yU6JMU5a8c*jY$_alB^^GTh?o4>kDud{k zbOby!eCF3sQ_BIKoiiDNTHkA|-y!8`DfZV>ojcDAsJN$lX|jI*^&ZO`?tF*2@20{( z`vxHYQw!&{uYASbPsV)0oCo{K{F}F{+FXJUEb3 z82srO;q24$Y@J;HCMF-LPCzORtp%&N{^U%Mm&vtkFJqvT?sUQ-r+lwcG#@$oOf`p| z$%9Bjv4L;jzBTH#wMywRLWH^MW)?lK;O3*~t;%p2AC3sW8xZFJzqPT*qv7GEA6D(G zK3}2JCyLi_?Ts{uCtp;_gEk4!A%>+8(x9p>bson-l2mDRu|oAPGD`@M4Nr^B8UyEr z9kvliR=`Fzyk%{oSeoJOC0l=QYSqI!hY=TxBjE&jn~Yi8)#FhtwUL zAMM?9O*2G;Cl;??vAZ;p-D_ArHT|=V)|S@T-DUT#;*uR(CA*-8(YR>hk%-91*{3>W zHC4>ft{MYI;S*xMrk4lz4;uJ|r2{N(wk3N$^7!z<#gyBv(t0Jj|FP0}_Z0??-HJu< zq}hh)h#4I;uJ(Pi;+W;>A!WWQq4hJR&a<6C?i(|Za~6Dy=GKM9`iyix9(~_u@_;OU zFlPb21{h4lOKim(9z+X<#*xH|LNZls3z6J`b>8BvS-}kS8#>UCYLTW&TN~%(GuM$g zg%FYAN@{+b(pG`xbgSNbnJwj+rZw4k(z;je{v*FDEv{5>c2;?4w&yzp@_^v=(I&`{ zw+^cQ*2n1|lu@X;`fc?{vU%l$wI%34u9wzhs}U@R(>zqubzt3-q2m8k)!mEF;DY}8@> z%+TJp;PRfcJNlAk&CaT!i*fQmIw#Pq9EI$!>PWkH)SE8TXI6z_2^PD0QTA|^7u?d{ z)S);ovp<*2U_0Y_XY9lv_>NG0ubz0C3orK3EOJ9l;!q4&2^(ICEw0 zQYXbQLrKBLIAM;3#_;;xGG&+uFEQIRSQ2WP><%+|h}c{;OPX5joleb2{?}H+nRQUXfktxjXJ?LfeNz@0R`H1rX!lUTVVI9 zD|rXMs|FhBQ*fCKkq4>s1~z72um9-4ZO?NY-r(5(n{dH;Ao`IC%PQ@nRpVP?wIK8> z%?BvOF*)Lt*_o)f;TpICnu4*=>8@gTTl;!D|6Er)E=Esg1EnE2qm8w7FyRcmruPkL zUMXi5(uhVd!9Gwmh|6p#V%~A#BYH4OabCyM$)MLLe%%XfdH7&@DT7;?Pa~yvjbT8& zeY&jLTeV%LM!@tEvY}DQK5$%EGs#lN%Wi)%EyLu^(~k6u0S&m#L33ZU32s4`0c=0o z5}d2owZDX5T3i`L^)>^n8>_K&L3HSHk!6R!q#|TIp(+dpWUR@SO{J}skF-D${z&BOeWs4r!n*4I3!0qh{(4p0x$5_%<}8)@*Gs3_z9_G{5gKQ>IkA)>!=KA%WK7d@G|;+vwGraD z;?Tq3<>nqJVP>cmo)AmNYBItv_*lF5*wNLazh@(ov1?eCif64>*Q&m>jLUT4x?0ec zXRqor6W)_t@)mD+>4W}UV(&1H`S6O7Het8^x@q0Z3r2Wl`lm!CMO>E#o4c3td1BPu zo8MfK_DA+tcciI}^oh8wj=9aJM!G`Kjz8NO7GP(Dj54nPJ5zk(V7Wa~i!d3I5*MB= zr#=eq=;|#NhgTyw3H)?YI081Fimn7lIqR#c996Vvco{$px3-uR8+Zatd-Btj^z*4x zH6TaDdZl2HopSQNj%AOKkFC@BW4@iVN2}{@%xv{a9={!77YzH#dU_t!!!O$@?|bbj zB}pBZQzV-jn)`l?(8Jxb8G5F9e~eR=I7ZbZ##`6ZRV^&XE^r1ee0!q^ef{GoL2I@t z8cNv+mvsnGMdk;Vqu)jy7K}TtIK!N$m#P!u=^kQ2B?w;HHl{f&e;R=+B~N-{Aul*I zP$Zv+>zum^WoWz2HfpD}b2Z-}q(#k+Gq350Y$NXtB?n7zQssazP0bKKE^?t#bhx;)e4He2O^grSIzXJvuPrb3G)fc`GW43azDR;Kwt^zCehI{gM%J5%6 zVt(QFS?p42Y^D z@U~_>oF3*Bc(+GfwkU7e6IA6q>gs5}Wk%eSF$#aq!A|GwLl%RnwybfjKCB?8w!aHY zbzJA*7$<-#IaA81$rlY-ft0hL;INgXYIg+`>*pFgYn#cmG@%zxIyU9Ut--m0cLs)N z=dJyM^3&&Ru?n&VA$P*DOLed*9X37yTh7`N%JU30q>4J!=m@-P**$!oez~NM`Ae^)mN~; z*5EkYkgDOl^+yJ*khjqHqw;J#9qZ(RsWRni`|+W>stR8ji~WAfesJNoce=Q}w211s zhX4E*5IEHdtKnRH8Z$3)2~y4dvYJ$G+#71J4glVK+t1V?#iW&f(PzI?CDfDMABy$(zq<^&GM%x zx-V5M`wne%O7dO2bxJgQ9q@^m0ma(~h6i?>)7<$%-`ZJ!YCLiU#MH-HOVT-BfY;%k zZ@17N5G|r3mD`K0uBa^g0G=()`*NF6?0cQhGj`QxQ5*yP4Xr+%{cly9y3xg=KH1l1 zdJ%+5l06CrqEK{5HT88P7YD-{ut8Yb6U`7B(8gQnFi*g|k0H(U=z9_~_3Sw@?JX!m zVKT?DY(;p0`?bQ&Jb&lxR>@9e+3|!?0_>5hN_OW{gte`8a8_^d>ln*h?kN9$Gpe*L zs6#?8?Ub~up`C}5x5`n>LT6@tQ)eJ+B;;(Rf#BYq2gk%=aUz2KQd*3}BIc^vz#|3^H1i`~+Hq#mn?f~U+T4IH923e5(Pzr#pSE5kBW%LBKOs!h=qd+&)| zWQiv%7gvp)T3E|C-WG+Hp$ZO{0VS_JsIntXBVH0}54ah{`7PU{4zF$h#EK+O1rpaa zT(cEP#KcZKA!@Rso_s-+c6V$yjE#gJbEX2##m>9=!mwr63rpPi{^MH=s_l?L`3({C zRX(mo+#&eMxSOwlaedf1pPd4{nSgx*ez<~50!%^YX!bHYS(Od+0Ra%1P1M6L>_X_j zfmc>a1xsQ}gEcz-_BA#O<014s3?+Zufo;V^#A~4)wgjOs+momXB*6|<3p|>YhXEG` zi{vO{8Du=&%zHRQ|MWZN0nzJe#ZgP!nTs?6=177&@;|D!iGKKj^*l+Pz2ta=F;7BE z2|*#Yd_OYHFINCmT@)9K&J6zvd3*yd`+2}Z|6}fY$@h`vZ=M0%p3Ed4*|756UD1E0 z1YHz4N#c2y+d`OA_3pa5%!2`^D?iaH2$N5;cm@~IDqq%e5%08bi(s%uP5%`Q~58u_{vxR7D)fHi~s+ziwE~Y;mTiSxWC~8 z;1ewcKsM3f$A>q~4^SdN_*V>DI%!((M^c8ndi}H155gDl>jQGRJGhVgKey!giMc^= zZbt9jal=Fr;=y1>X$c^&C6;(0&!B{p(dTeY4EUI?b5j6H{-4p>FWQ5@<`-R9GN8!X zK;a2swU{5@mUWtHK0VMLCkZ>!=i%U(*OV4LuI8ACGMkVlTo!dkugY zH3>wwmxP0!ePt1UYdB}Ko(MY<+8{HiPUF4c_?UdfG9~muYHF%`LeFHmWMpGM0-dBa zGf2i|idGk`?jx002YcEXx5MnzrTMqGv-9w++|TSRww`(r^5I$L zQt;_d%d^nNnbFSIEj-Dl-Sc(jhN3lNeH-bDeHIXYT!ccGn>Qp(!C4CaNG%qmNyCbC z2)NT^xz(x21vgGkj?aA4DFFfN>UbZO<@~{*tww?Cph{P4d#5?E`B2|T*{nOMF@vT! zdwW~Q)itN6V-M2m5aWdh1ZBE#;vEd5BpQH^8-Y2Bf~Ps)-VfKs?dZ(n`lr3s?qD`% zuzO3!4zh1d^o+~5>-LbhXCZ|}V5A{uI<5fgQO%<|+tN9kUA203FD@4rqx#_x;d6kH z?yr!Z@MCe}Lr#ebgP26=Uc>|qbtq0*j)H$e14Qz*w}*b8V})FkORU8YeyyP$uA!k% z6F#r$47kwN7f~dmmBO^H#r0JtakLwZCX7%YGfyHh73HSFndQK~OQS#zpVDf)30;7$ zgS{}?Ef+~lp=D9^B026;8)7VN7pcg2KFcXSl&RtQQc;;A1tGIXup zt=~VeNnY?5YF*`uOszce)ua89$6G_gjtf)^rk!t9`485k*_omhuV3T|iB`63ijcLx zb9$)X$!3->r~%qHljjHpRXHU?voT7{>OlvR3kgqA7ea0=Q|QA$NOfG(L2?P?y%I!4 z6;isezQE4lqiLtYxEMJ^g1}XNNVbg8J0U2OM2|Y{txl*jsi0RY<#}-w`{RTw(0M$A?La6m<^Yz+okvCqpn(YVM z^_>TMFI{92vQOu|WA}py3JyanoRM?IOh=sdRlA#|{E-Dkl{2Y``rZ7I7+9Ct4$@~) zP;`rFwt-a%Nykbt-Q!RRaL-t>*PxWdSYaX+hgcgsi%i`hb<16xpqE135(2BWo4 zW#pm}3mtKn=8Yq8XlreCvYp-*oBx>{JbmKCl9N;{0i0O8zWpTbxnLXj@!%*=MF@9h z6r(Mzm6Am?*~5QC7gU1^<_^L9a2vgLSeEeP3db&nu2|x2MQ&VEQPRwMxW<9G883Lb zAYh_*r+?;YLg*iA8@$w%X8F9YS-I$v*Y@@^ypQ0eJM%#rYc19qQ1`650n5fqI%$g$ zTSE4F0PWK#bVU0u$V!;epv$o?PPdlC?~`CRlTX({sl? z7g`rJnhb|c`cfHSMk)`tsda=!?#k3$n;s?SVxnd0kpWSVtr*6I)AQ&*@C3fi+O0=p zYdl158`0Y!TJzXrX!BO&WkcRvCVUA3M!z&jjM?H$M}hc3Wh`zaTGGgSztnB?>1JWW z`Zm?|`^;OPVkXkUwKarY%!b6w-BjGm*%s(T8`3rdwGSWte*R#ArK}Q#b8FfnOWq#} zcl5$VM|mC5@Y^4*@lW>b$&W|qtxjhrrL0di$7e}P9|K>rYyv_eYhmckb_ah}gl_#* z4>E`X#Zzszv(=)VmEiNA(1`Ti4j?d6kkqtxB=tr$NXlb#j!|Lcaoq)e;5*NyfJY4$ z+jj9JN-mn~lz*M!CwBIYQv`RrAHCi#U^(;ABkLAmXBiRa0FupvE~sRYo^VXXpl16J z8Wf1+%M8)TkCGWP#}fp*gIW)6}zq zr4lAZZ7U6i3l61=hr7RTY!xiEwg#K+NnUX7*}FZy=(S7eaDt$~imtnangX zX;V-2pdsQy(M8)OC9=995jpV`WpLzicUCE1zFLR+5UrBW<|n-^w3kM~QE>0fjGOhr zCVW4|_PFL%qi)-~wQz8weghaEP0%g4le$UYw-xou(=cbK@CIj3QPIT991H2UyQ$ci&IIGhYd*RmCCYaZH`c+S>gAyZI<{Qe-%B80>~R)%nrs(hfI&dM z9gfQ%l$7=gH${_+x89Fxdlg3B+K0im`gA8h5i$i%221jGicJO@uIZnG0udX2AXFo^ zkdeH9@RniP;uG4=W6I72d=x=|@L7MCP(N18<_^DTzrzC}6V0B~tzHkurh8uhK`Jxf zU?$kElU=^h?3x86%Hdy(k|XM>4~t$X7O*G6PgU<5Slo1LLg$}~B^Iy1#Rt)>RXXgk%;_c76ClU$e5LW?J17sh7Z zLb-Tr{I+ovJ2(i;$l0CoM}sq!Vyt8}kA*TOtdN055_%s+tcfB+wrjc3gX4 zRh?C6c%xL>%)O!X)^J}DE_M`Oz&B|AV%G7bmvlln{8%8Xd}*Kk{ocG=%HBkV`}k1? z&-=^Sojf5y$LUw5t3|U~%STM~rQD37;gwgRx@xamw@=x-7Ie2}R5@w|mbuCsu1y9^ zhBB!HzvYt!T*F@WEAhu!LJW^*b!fx2t%tm_78}DW^3^Tet@4i0ZBL8!KZ+1f!9$v* zFP|RT-gm&jbG;CgPvUYelqGo0l+byp2y~4yS_kbBl$GQ02_#PqPlD(VAO7KeO zXs^0o!=tL0J0Lk?=6Fkbdy1MOvO#dsRdJf|{e>a&--DrV!8r+gYDV*0Vkw?*{84S{Ws?t}*T{mq)pna#nyb`%4ZJzAhaOaHiY7#&o`3 z6wSkpdq`97(>HBR$ER5xd*T8n`x-O(7aA?ftjecvQgHNz>8!Q5$#ZWRPEXzQ=l z3wDL|9}l5H4C=AuT*m`cX8SbL8Zl3GRWk!~V`5C_57F$ZESFZiJ|ss~#&uI8#-jDy zP_t&A*3-1o;|j{G-G^Kn0^PWSR8(lpv|9Y#W-?u{9WGcDd2entXHuo$XYJ^#pSj{e zaiB<{{4s9lzymdKuUEBzy}KL4u46sln4T;_TK0%f8^n6 zlw*6GV@wreveNFf9l1F1DL*#G_;+dwQIq@Ok{Sl$ym=g%0d3VK%+c_)NV<_B`ZlT& zazQ6sDd@~{fvyf&K(!7jnXIclH$4obB38iDP%U*VP1F&;htNwfZbc8={4w84b-tw{@YuSbuv79`I ze%EJMbdB;t8E0oMr-LlHGot}nPgYy^PJ|&dQ25`05NSBp;+7PU#QmYKKY%a4sHhC5?iCQ!;Gh@cpHP4y}n zrx4Q!iJ*)5!^Hw;OpBn8n57 z7+SzEjfDQ^2eY$BhR1LOtrg4TqAl>oz%ArpR!|MOIRIZ2Pm*iqG9Fp)EfC*eSXlaSIbf$pA>wwsaxlZb+?@+AkR)aam1 z4D~=2%&pQ2Wy_zNg>&O%4oU&vnOELO7wO~^r3ec;hvm**Hg^qTNaZl`o*3By6}F~; zBM0WPao~w#9bi57m%-B;`b9n z>dV&niQ(h@y+=R)0i>wQ5Bc^`+59>=*_XQhuVvi}Jjs)97|eNU-!s+nj=21YQ~j@d zUv;iAIUuu)k==UWKdH(WGoCydKRxZr|HC!_aP4cxlL^#yp;cR z{ri;seTs9EVG$EM&iJtg%6;I@3iOx-Iv!o?`h2pC(|EuHY zvo3(eYNFPkAmW>OeZ7Gw+Om?0!cQ2+*RkXh^MTBBFN&~)|F*4vK8s@q3Oz!i{I7lk z?vHQCnVevQlU?@b+yB>M_B8<1GVxO=d;{)}Z}?W9U_<+!_y5=@AeLz_Ys%^WBRJn) z@dA98%h`#C|6`w&0MvTdYn^E9zu1I*z;A%jmEZeG?E0@Y0&jl~0Z{udq5TJy{}S4_ z6gBrRp?!N&{^e-j5Xa{KD;(`cMm|CF7m;E_;OdH70L94Nk-f9J%yb*qB^!K~Mh_1M zF}akZlX>9>-dOtykPfgL+vOr;%pXVb3r|h@?5{;f9rr31ERP-)j^=6JCb;C?bcKH{ zKP33rapX?dz$xXKgXx2Wpb8zZ{{Z3`bcO$XR5_#foaDsY(7K5kq^F$E`6y$J&}yR1 zS+C)N@;@Q_21x+*B+BC7g*%Me-_!KDeUdA5hWDdQUlvdjI(51Ri{;&A(mb^jZ)F@T zOMJuip$C+R-gx&@jsNj`yfQD;kuuR3d}&v?U1D~$=`*ydh);o`*xkf^vZHind{kjR z@#aLreP#q-%+Xvxd?k+KbHWb9r(aqBpAdYJUn3{MqS35aPvG910yCX2*AomGn_!FG ze);fw#WA9>ZB>3^Z>yK@ElfmlU4Ya$P)?LxSv<;m=kya1vk4?TA^1GjPntQzJmCnd z@SXBnz7%6eWWn-y58aBwY1Jc)q#f>jkJL!%8<=el0&g z%ATwsJ+JV8Ja!^x56-cPe~*E0W(00+rvocE>eUwcACCdL36$y6wO?y$wMXRC#j?b@ zUk0lb_I=9@Y9U#B?Q`7eCu$sIB2*Glx>l@xk57AL$QNGLthH7|CvU>8exDPTGT$0l>wqsyWu#yS#Z$e3z$-@@dG6pHhy z@l)2_64Q80*e?wiuslo>r%ZD*fya56TMv1TznWlaVjS^cUYYIQ3u)B1JtieS?opZ$ zoaPW4w1BZ-kFb-D`fU|SYh1~bQNiLo-D~0@O^0Ma6N{tmQeN?Gm*tm)k&Vq3mvBA3gG{}#Yo~@$P}cFj=SJYV{crb;ieQ}5 z{tWW%^3NvHLaJrc`sfGTb3l1R1Iu)i+vQef=tlDPPVlRGRVG=HYCUI9&@hanf@c~` zg;Q0@Y{woOce~UanTRw(j=`!!APvU0>c{s%zkzFvVKR+K_bZ&T`@W?|u{&GF#-MJm za?642UBE8<{y2;!0)@8H8Ra0e-!8MC^9}JS6@G$QpDo>Zt$Q_?hL$RJ6BwsNS^EmL+9Na&1>a zgfU$rSxZ8~6iK#`bugH?g{+nATO~`fG!bJglQK;RF&M@^LyR$)F&i^xzSHCT{XXvf zey(qS!F~UD-jByQ=Y3w!^FHVGe7?@>%;r4FMfVK+k{WsA^5@8^Gu3M_?WR~oa#n1s z6ED0WSL%7-b$=Yu9W}*#z(RMI!yfe2w@JS3Eg)9#A0@D*GBXB>#{dsG(Ubg7=o@ymWI=lG@zVt!03h4#aupi*jL3ODg4Rq`5Z?y-(9$>!KKX^%+%8-xQ zVjCDKU*o2J%;WZoP&+Rtp6~n8r2osQwLi+?OIT7|&y+t2YUo7mXp6q(n-SxzVW>1x z(@d6kkUMC?jd9}?=6a(2Rm?{o73=x2ap}~vNEqtOiT$$z(IL2x`G&hg=;j@9fe$8k zueh#T5Xl=5pUU^UQ|Q3rEdGb;M}W7v}{OgBj@%KGQePecth z>Wopw9S{)bwm`{(Q1SBNoiOCSY3^ucc?EPnfVBhQac9y}O0|V7DgiRa+D=H^FiL zC^#*VqH@lg)rkl!uW{ofA-vHbw8RyFX-KUqa|^F}JI^BDuDXB!-e&hQM4are5|zb= zB(9e6Xr@O?6A;;zF$&f8DZ44LZM;qG}8rx_VHI^8Gj_l`ni;Ky@yzj|qh?J~5uU76tFl6xeUo3AAH zV2_8j(A45|aw>FpH1-pjwS8r{C?a6BM{lJ5{3g)kaPBs9VQP2qO!A1p!-EZVAnlm4RuTA>Ae;!m76xBjD!p^LKQhVWyd-G zmCKL`soyU_|X2d3SlS2*I>3Ln(h=B>kS~9u`*N*#TErpm=p_+${)$!u>xbP;e;S8;$ zb5SzIld=BM;h{CXt*FuVha-q?X1b91@Agc58#GjImDqG=h1w*!@;Cp z6|~QEp>Sd$D24w;C-DfTO)y_+Jmd7fq^=p(8_^(-6d_b=Twv1=I{55F{dNe^hY_{A%&Yks40D)}?W=H-k~`I%~9u9d@rr&k2)C z$Nt;8Uv_u6vdC;0q3TeZW@ZC$eVRT0x-+NViULRWiz6ucZ4c0cU3=Q&qa=*SVc-jUh1i7^jX5FON@F!r>{*bf>oP0OwNT(Rli zlu8P^{8U|35CLSgHiBSb`m~92i^O4YJfR&G5it%y7pR+vd;89NlOrsjENEWEN31Js zgg+6-0V(K?pW<;H7~^(`l5PnVQ3qp{lO+!coR2-``u@iSk%GrBhPl`9W)7uLiXNgS#MfMa16ZuHpC6L-9@6OLwlta8Bkcf@wFfpEXlb5BM~-+&mm} zN~gc7TN3r)g!SoDD%yqE7R8NS{pheiq<%V%9X}bb(D6%cjosPAy_xRgv0FTgA4`)= zgW^<#N=g=sLT7MmhPwA)Ya49`QTUTIsFEyDjyY0swpNXafxu9jr>BSWJRm_yVwCju zJ(XQoeNJR~PP8hm+K)$2_b%L52Q5$M#%X1M9tpov4n4wQio|G#cP@HOjV=;X7=iAc zn{OL9Gk|3{mROs5FN!(*a$6;nUXAprQ)Y%&KUd4Kj9ju3vH7FUHzCvK^WZ37= z`S6q5(Z(g28`q#_>(je{yi&7Mn{!e!cizqQy9e_NVo7l?F93IcnW${^4BzgogWle} zJmDENAdv!Hp0f=?15~?g?NwH%Q@%7rIRzk3)IO!y=-Di_TdWBw@mm(N@2!)r29G}R z9c;Yr%Dvs051*T+xR+)D*3(E?{mCycTeP5lN<%TmQD`px%+SUnvk&~Pe8`W`>rY@Z zS_#n17ZM$$Bssa3$QQ(+fhUdupM^d^cgWE@d+2~Tq2yS)(+MGA;`!N5E&Z-^tV$Ol z5$Vzz3t1^P(Cdh``#H?v6YUTC!`2ySot5AL69HUDFl)enURJPJWNoD zloaE4w#_rrC<>hU%EL|_z|s?q<5GS|uoh&7;KU)7!S(>Pt>I?bg)#S8**%_&#K2&u z8LP?us#^X{x6{qQNGOt0%u6<7m6m64k2)aQCtVnk?msm$o9bmpPK- z5g)f06JGX#J}a98Jhr(je7jQjYqj#m^A4Y%_kg05a>_Y#C0eJuhAJAXTM_z0fVV70 zu{IF!Q*?OrO&UvUX>E;ePzxPBe|Xk{)Q6x9;t1W#&4gy>a%g#np@&VWnA>M!fnq%W zHB_a~dn@70pzf^MJt!u~RaeU?kOy_+e@cZ@`mK>2xG?(~4r@FYhj~lpONdpLvJgvL zG&i=Iq}iHao7HbXhr zZnY#B^Nh{VDdfDzU6WD4%za2AJj*U5V*d0~LuW(uEzGcKh*J?3)&o#6z@Qw&ZS3Lu zybQKkum7L@OWTAy(Q$s1an<8Stq^;vk58Lx%<-?0qQO{tp`^Ry#EEw4US6A)Bo7R` z%b8VzA%gZ(>xzH)riGr5`T|jL$?}KaCPP^T? zCtk}(WNlpG_t54x)MIjiI1_gIgYrnN`v|n~*tm0FX1FXrP2FQmR^4OuDxf49Nga(+ zO2n6?>qS1KUs;~B+;(|n%9toX9^`q(HNS0S6eGjFJ{dz8{J6cX8iXUZyc!C~`Mqca zML1o2skFqo7MA1N_%TSTiT01D^JY=4l zOdN7|ezI_xodZdy=iwdTM^6Rnbw}7VA3VccH|=e~gIPtR6%3IkkX)%*0qGPmTLMF2?%@)r8q_YHfl-G0t^tNiOgm-@| zf43Uh8181rJzf%K)okbT1#%2y^5B{SbJ*{B1i@tw&D$PHld8(kGhOKcjY{mW5Q-aU z3szkm&dche*dwsmKmGKc4^#%$`&XyV0UB3~%30IlNRzkaO&!Dfd1 zSPZ%lZ#9L>F3J*!`~Pqn*a+dF#7yjz`}^za>t`}v%b%Hsl;9;Z1HqYQvgU4HM(xq2Zv1hi%jU?(l5P7_}@STNqI`uV#UJSA9%Zw*;`?~H^0p~N00-4)l*G^tMb2SxUG zG}!FEhsf7;IJ`s0{{qOoqC!_+S!VS=jrO+^g@Zzh;1lVNKYbU=QG53WZ!DFm{Z;u6 zAMxqj+2q0tO4&OcRsO5*XXONN|97bV9V!97|3#Hx7X3Q`zx{dU71v>EmqZ_ky)$q8 QLGWBKw>wv7dOhL40Gz6y?*IS* literal 74868 zcmeFZWn7eB+cv5QN{FbGB4Ggn(%mU24BbP6n_c$ zTNqc^cY(hw()hf(b?f=94-%p(uDaVZ1llo3^wpJVpRkG&^vs3Y0w?>mtju=Az9x=Z z5B*Ox&6JXia%n}IJXRUOi=NkNA;)L;w#{7qm&m<44 z(&+qxQ?*^wnf8{mLiwEs14zr7){~PKgQ&86QVR!%mR3*$1j1$g&v_Uyu%Carb@K-g zvDvVG#h*7y8V(;1Tpi(SLqZEfLyUJ&CO5tbp}i6q>Ao(ZAzNq^C^@lKWZ&AVdj@tJ|C zUZTDh^}BLLyh{4Sy)R~*Dh^V-36rVgTmN0zsd|cJHQqb>D$LY3F!1ySlc*%D zsxtBjdq$bYANXLfQ9k7trQ_b!CIpgn2exe@D8qJc`KMaX#%kJVr*)hU!-R72Wy>h? zm)y8Od|$78^Fk*0a(oW@EXe!?)GXN}y7Z-jY?G%M8r7f3S>i(AGI5O1q_jAaJnB04pQ^~-sszkFu? zf{L;@#|OV1<$7RlEdxVi#xSermhZ~cTH;V8WDR<Tr zFe_YKSq^8BdTb2+d_g9Z7SVvp9z~roBsvtbaW~$_|8+TiA>aV_uCL+Ek&9z)aJK4t z%s`W{G`Vhb@EwF=jL7)r_`J|?-XvGBZp0cq|4Uy?F#e)pAO77 z2$r9Riqi|&7mjtd-nzk62$`U3A~cpPg0FgogV4S5J{qPT6WdQfP#+(|VXN*7j|QZ% z+7@1kq6_%Sl7N%!ak=ndL$1*|xR#Rfyi#|zO7=WqKJhZVx$Rym2?xj9t&^0;ASmT? zm;3cAOBo&{kC+CCKx#d#{i% z{`m{n;}8o{BQYF85guz3VM3+RKbxp(oVSZt+X83^Ouyx1ycQ|ehQzHI)*64$AZO;& zUt4otZAD*5UM08?Xbsnk9w*FYMgA;pC zLu}DiqD)UijjnqzZ0|(*OncFoIyvVOK}8(nnKOeGqi$X=Ua z+WPVQYL;F|Et}$AgJVp|ls6_}nBmg9zp~FD2qW8~;}?`w?TtbAop@6zaoAzx;+Qah7d)1;Z zggT>7gG`B)pURE8!D4GddE_&(Kr_`51fFhcAM)J7G>>EI*AVUl(_ICA)(sUA-u4Rt zY7Y&DcYu^ZgLq*+>oARYcJjP&h*axL%s1G9cp3Tk4#Z;hZeow@qqqx3^3^1vvyZX| z{JjdEf}pAVyGGIiXuBzi0)q;{y4-=@7=6Rtw&~Hc$ILMr1JIhS7Cfdw({^fbVti&s z=A33wqnij-SS_8%j8`2pmCC!ML1TKCmUJ_S$~cC^{yt5w(D5%hn)}sjt6Ln0?!pB_ zE^h7SJ6D?}T$a-Xl*#o)N^%}}p+zFAzhsz(8|BqB7$nGL|16}OB9pnhfJ{0b7qS!9 z)mK`jH|JJrY{#W1#|7u3G5ZGFa0{s8D;w!j&Or`ciWS^fJIfmxU%7m_Y)ZzOn`&%A zmYS%_#(mtFpC26+U#c6Ym!A=7!#SV7i#q6}0>Z>g^it@{E$;(6!!yUDC8bKu#4G2~c(F$V~KTfrDpNfmhYT~&8K& zdnm_Rr1o_Fmu~%+sP0T@G@3ocQDa8G2wGK?h+9GPd$0O}offTGcIZQzX2X3c%6)kN z9o@0saW(MwM2t8Y{W(`8e~Av*6r%4b=yeudZBmh zoa)P>kYuHiudei@%1+V{tHLlCbbVo|=(f6(GU=YoQ4}8YppW;dB36)08KTrj(}>$> zXVL2?GN}3D`y0A*T|FYIa%tZ9vZ;&os$6l8ErK=mIZuceH1%@f-d1^>OU-*Yaw7{C zr(=j-;PiQp2n|<3+qpPzqc&ev{KoJ2@K>~NTEYay(;z_Yx)oiX)3XhzW^Yzb8Q%ER z#6#I^)(SfGM=s^rE`cT17w^Oq3!43(!smp~m7c{T9y`=(txw=6lVC1>a8?@0@S)%~48w3B%nx zKB8!#n^ZP7bEe6{&MM!$r&idgKdy3|e)@AX&muZNHD0f7Y_zxV(`2NA#_F+kIHW4XdF_}qR=v&!xA7*26ssQYY{@`+cgh}Zd^ z{SKYL>%GuAqWNhZis{PAZtM8xzcKOPx|4nGBqk}sx-$q|hV?uiG!-Ph>AOv1WlAV| zzcqr5#DocQmv9wn;(bg+(&PEa{hJLz&-T?7BHIG)TG0>WDd-SyAl~uA7boqVMfYM? zGcc&!v%v}mD8)k8Et~NG-n&o2Z?|0uT#Ah0hGt{aba*zZj?4dkjf8pEBl}!Bkq4iPlVYveUIb{W8VG$AqT~5UT}*?n z`*Uu%gWA>`?+y{Ix01PwXh4Ah{f&GpC@!P?W78$5Kn#K|pKlE>jZ;PJ$t9ItK8#c_=s&9^NT&<5VH&*l;bhGNXe~+tJqbkFQNVqmD9D)m< zDcK;Ioc1ZjQ=oq-_SHkFk2 zE*p;DW37Hyq=Z3t(rc~9W7M@xylRCE+mJO*3VH>_0cR$SlfCR2<_neUwi^fTemDs2 zj-xRay+csJ5c$+s#=|vnQJuP0`*K0mND--n&ZT+gkUIhjL%s0oG)h{qry((;;9ou}kJz~_-P}dWKNEjVEg4(JT^iOUD z>7td9J45ZLu>(S46l$6cUAq2^L4YL@2d~#2MsVzwhTf?}|? zmUA`Y>MYCqLQyT(cKfuk!0X!_*C`n!e)ekhvecseGx`Y)_7nR)`J!7*vl2O`rZzK! zSM(61Z)xBJ4V0yTeRHaT$8*#?0>^!Dco=D= z)XRKzjA|?<9)uEDA;_Zouh0k|Rhgl_prQ|%eN>`RV7Nd9gG0B_UnRz;PnjYREJA!F zl%=`NnAD|A4Evmm+7XIekwdT(DnXyOc}C6ZTKwKN)itd^0fFC?b7ZeU)zAF|z%H&T z@|`|f&Y7Z1OIP99qJTXFZM4ecY2(uLp2_YTFn=!JDlOIqf3UA`$;NpFqGKA_YgL(H zNz{zdM|ndbWpOU{D^=mfKYK4%h;s@fckVs#%B*xaw%DX-EjpA%ME3Ve^-&Ub%nG=a z24Q#f)$I=cWP=Fxnsh_L$QFxbYY&s|5{4I74w&|(^6Ewu^fLlQ{%7>YckF=6-Z`?& z`tRkMjCNavYpTb4hvRyz3l=N}z5!bDW?jo;Ar22y8}?7!VK(0(%@XW|&?m}kr#jVr zlR4#>y+LDCl-MrS@lK;w+!`x^B-xhEZogNjFTHB?tQnCtM~mTXIA!&gO8aTv7S&S@m&&uoHs;6)-tKE)4n+=# zR~)LE;H}TJqFOC3ACftgT6|oBp~rH!&!J5%r{e+@JyC7pfA6qJ)+hcrdkdgXnYHy; zA5#a<&2ryv363ImH|}{*uo=F=dN3>eKqcT|7!J+-V!GSL6`YBd=&(c!c0G-9;Y#*S zjxoMo1Y2o5^JxO}v&24ubNj5qTA*1{J7YrBb$Rmg>=nFH3m`zW&-xZeR6DUORG|Iz)u&(8EBGVu7IevUGb}9NEp;CkdhFSP!`ELeAvm#xwiYny@(|H z<9K31LK%|VWhR4Gw~wd5aqJ)jbmhNr*-(>f#9!c6LD#dq{kay+nOz-DxAL*2%}Z~} zA|(Fq6b+gSdC`waXo?YV9Z96|m94u+TiK~IK=THFdUw_N_8o5{-oB!F`<|fTG%nxfG%;v2`zYM&8EbAaG6IN=fQNT_fp~LP&AfH=SXj@- zMdIzyyjy#wI^A8Apb6%Vqhgi<*2_z`@1UiXY+RZI)GW(qKb+UTcVHD__msV7E?oLz z9<92?pDk`Bb8ACXXHHL>;!q>CRO6ElEtB1MjUGQE`H|5*_5c=ZZ?Qp42qUZ1U@^G6 zJVDxGSMGl{BUq`cS5Oyq=B6VE1VsI>mouqH8_kPgxF=U%@s@XqUS_m%6LWOqzWbTy z!Oz%BYI&@P#o`% zv24~`g~N5)Mefr{1*zGy4t`>u;dBQC1N7Oy^0=~+wCiVPTpEG;J}OYxAqM$brPRg$ z>{FsGLO(#;B`osNB?#GUY-6Z0M;y;4X~Nm2PCchK-B(D)BFs%40(weoN*%JzTvE)! zLV)aR^(u{5l7k;@f=yWrj#+Pi)-*V1&e2+Z8hs>XZ=@oskdPVrEO zjvKw8cMBtsI(wOzUiRXW&tBM8UMgjBOX{2?((PEMAmdFnS3|q|QxNf{E{#AUPv+OL zwLtHAstMR$A$@I4&XqPzM?JP|kn+?6W ziOt5uOCo0B#|Bpe6&rz#pn4t!?U9a9piq2D-MTZpn|mWqYc;!6mp z8n=v$ovTD6s=(cJxuA%DqY9;8*P^8xrwZKgE(EE_N ziEcB#t&kSOuliNMS7wuw9D`qOm6enqr*A)gF~!k(xjMaPoUjG$7)qs}&!e9nRmnufJmSK+nB;2Yl5IYr6tE0*GiHr~22(OH|cTy;yu;pE!ADC-w#{n;tezA?h42d%GJ zBc|s=>8SdA(eu9my}FCM#!d>o2|IcPGTHPBIcJN8j9OHKNOV{iHq#O;gw_3mv-zkx zMbqdod+nJ<$U9%BVFg8ugD;862jv?Z5GD|(cj62Fdc_Q*#ht{54Y__yRr45I1TFBa zPGrQumFn0w>QIh!1LZATP9~W6DWh(&O!dxyfF*b0**>>yvaACIqW0AsMWyuX_*uMu zY2HcvUg`VF1cUz1Xe{Z_4cfJMAPScy(IGgvBw8lwa&*`9{ z%0l()(q6*i?81}3^3@<0Ca7v3z;eg$*mzXwt0_W1H3@{;0#O}7Ix^@AfJ;sXG@~p7 zaf{>$FDqk1>eX9@mS~SI0=LJ>BukUvn1mf?mhR1b4_-6998J(uR|j+SyenH2#i0Q| zN>zR}sPVZJhnCFafo{+ZWW=C520#s%8H^@RRXH@yPE~Yno<03TiTpN73*VKDy$<8c4-FO>KX1+zgpSuYYE61< z6<-c1Em`Ix9)gk*UpKc^pB-3Wf@MG1W{j=#vi{E?hW&i-B?e6r)V)(yE#MxZ5Y&Dw zd$baVuGeIb$^fO%7EWfZ8s_S@B*jQ64gCq#H*D#Hn^!d!Gu1A?gm`AtcJNdAl}?L_7?;xtZ=Ga}Vg=wA{S z%VnGday5|F1lR)DakN>=_Y^%T&ViMeKHh$+ly$6$baW{fK2+Qq`Sq-w$Nun#AlH_+ ztbZrke^F07#aO-h*oag}F`I$ERl7gk+|fpyo)!b`b^&ca z4d#R0&Qx$;-#}*=!0seD!Jhsz1ElsC;F_pikCC{+q%qQ@!mQT)|hW zP5QTG|JOs-z(ydwm42()|Ct=FxY)mE|MwLCkAP`KxPV!V#jn)-v&6RIw|#NA zlZXQS|Jk~_l((2p&_=b2g; z$o_ouF6$G?&o@tBL=TXt`4>s#pAq5!S9$?8g+0D;26aqq8f`^GD$IvGw7^z6EH1U* zsJk*c;8!lrWbOMHyL7;QrXX5!Z`6(%KJehU!den`k}0sZwMl=6>KjKKeI>%uyaUMJ z2av);+igiV??=R==g@s!)}nb<H8-BgXeDpdijF~g#POaZ^!!wd%$+SEm z)FenpF8$Aj@L&0T{tSp%OnvD)23Mb}KY$-kDJ#W4SlJtbMPo9~jVmMOG}8BVnJ99x zoL@rCZhw@siv^xH#p&3+QOGg_AOOeFz>iBBZ7=!3k7nB!h_R%D>(uGeKe%sQhID() z4&Ki)Yd#cD_*Nq}zDv!IoMI1+f$HQgCEulUoC5VFKU7eyFdz8!Ty_Y&G7-lEMU%GC z8B8mxI+Fc3U{4wTx-Vp}t)Tb|!6{hEqc|DRIc7fS+UM$-(1ON=6mCC(o$XC@=pXAn zj7zhU%IdinuzqRIPQ*HT0M_=^r^O_r1`_8RF5MeT5Rt^|>dhRyg-a6>eK7CJ_&}qe zXyju6#$-bS-=uMwN!yEh_otT*Bjv$Y!3>FgX+~HQPL8@pfMAMG8u5HfT@}ZIx%(Yf371WY%zBeiK{kAH)>4A>Pq0if%ao z^KgT7=!J$4zc!&@6AO>A z_+JcS0~RBhcJTPdv^14_Z83yfuc17e85ey8#H5WP1pE4t;3 zyTP_`i+pc~NID;;&C8-UXC(q&*Jquh^Y0O!6^D&Pi#tHJQ!{?&z7%Y5%EsvaRW=Xf zQGM$vg(sd=-tDZ^Z9ZTT28}GP-kQl1lm^QXRy6?WtCzN;!F8mF>Hu1(=yLxXP|MXUmB_dYAEfxRl+$BV1AqU!N}Z^(BuL45pU+B% zUrn%o2V`|M=30*CUB&&Y4oYhW^rf8vE9mrJ3QgV_sZx?t)EshOYNXALDE-Nq9j)BA zMD*j$;cNtv;^dQQY7A$wd2&nvM(7*nenoeS45g9Mn5g8O*3~JmAUYnN_d`Y*#9Um1 zXsTsWn?WybxnaID$ndfT7M&Et{!Yv{Rw+^4$m7OBt$V_SI|ex217Dmk-5ee`>?$%d z%8j+newWs(QYCiqO(LLRj!00t`***%%LtTo!xtP}&~J_veZ@V$h+N?0UL2l*BpnYF z<03tc3pHUaI3JK)jk*nxvT-IH_2Te%?g;gznDt7D0r~a32j1R?{UIY&oJy8QuJ{{E zMZSFlZ-m~R8;AKGd*839ZdS~|=}BciB#+`uW$#}?Ysf!STC$CngW zRM_ii#T-2Q{wC$iP`b^N%?Q-mr0f@S@b7|cGD0uR&{k> z9QG%5U`uJ9M}Ku*WmeaLYxRWO7sufuGTD76zFoSPY4kwOkBHAIdsPnmTfGx9o|5o( z#gNMMoO*Mn5z(_}G{Ql;aB6>cc|uJE8u_@%G3G;1O9o0p@PEE@ zQ+&TJh`Fl>EU*ZzS!e=3i74Y%d9Wy^lu9fRE=BJ=D{$&6;2bxn;FS8Vv;zC8Shvb> z_Fbe>+YZ11NL&EsOH=>n4d-udcY!3ZW<7EGDw;Si?S}%LgLi>dX4KI*+B-~`q*$UU z4C@ac^v%FfO3F1wDjQ1cg1l?(?cDiEl?^yOz3Cwua*l8nw!bko$@ni?~RRQ zzLb*T`>K#sKlhneZm|bkP1B_&*==En{*o;zuclBG^Dw5k2=c`!(uu{&ex(|c)Y%0I zaZrjmJ?xS0?o~@MFEi*DG|A5}m11a1s_nmrYL`x)(E4sKkP5KY7|{V!U{fWDSW3tnby$!b*&8pjQo!kFQ{LJW;n*D52@>A757VvItAx zT;_zqO&XOTkrh2$JBlG*Khixq+dZOY{;v5yt6hhab{w8+)A-$l!$6Mp7e%fc-dGBn zdBmoE%G^1h`0o)`GuVuUmEv-GA#Mwj4iizll8!mI|4Jj21Z(NOxAdahQ_Azj-jN8 z%tpE$S3Y$2BxP~N`*E5(m-*JH_rv7BWn}u%Q-#A%(&|MLv)^s*a!y+joMd*G*{2n& zKnonVKG()&Jf0ojESU*$oZ_f4_Y0P)>yMsf6BU2I|D;`rZ4-o3w1}U;W*8ZXEBoMK zVcPt2taBIcFwyAv6j*Ov>!uK$rj}l+cG0$)xm?C$2kERi~+dP64YjNmTUsk~)oTGcqpiQ`RxNNj% zx9CdIj2B~Kqd%Ku0}c=SyWi)?1o}DlMSC;Mhb1^wR)9xjxuM0&Iaox`o({RPdShGk`?l3G+hIb5^R=)sw(+|#o{#LEAL^&pZ4OOo3a*`UupYv~) zIOJOqIxcBQPAT-4N;*M*3n>!mfPl)xP@@mxaFzB(zWjDN)Tt8JTIHduUs0mVLHQ+( zo=d*5PbR8h(Zq2OvncxVGrpZp*{QHM?>-=qQB3k$CTS#T9;z(P!e@~qprbI#aBiHo zKx(WWMcd5|S2ekfwJbj-~VpxebS@{M3p|08N;5nmRhR7UM!)@tjZBwn2K2mAf}k?#v=KY zg0+Q{%Q#}8Qv>6K9!Q6NhKGwDmN0O}ELAzI$lh3RTra(#rEGVroJ^}WJBo%+=WKz; z#pxbzwT$FuN0peY^ep&_2T#dq?#ufkgibDn*6N!r#D1M7mrTA-?1rtYifpmW_(cND^); zwvz=sb1TLGFVoU%nfnK_V?zb83Uq&#}i9m*y`dY5dh~xn{Cb4>BH>K zKHC{rXC7@#T_i7YFEjWBPim?D%mwqWlby(+S0c%XLD8lgKV`(r>5r|vcBJ#t{>0QQ zbZAb^d}W{^^HkW&RjSeB)trt|*04a276dh3pwYzZb5cTCdE@!myosp}*nr?t-OM!d zc$MDfkl~qmwWn{+;Mghj*Hba5T$RBcDDYDfDgM&-t=lILfjT6XYBoMQgH%8A&z#<&Z%buWk9^9K z^$D@H`>X66jJ>W%hb`?Hv8(bv)!rqvXrUy;FILDE2TwS@JsO80_Iaa^3a1Kh+k3!~J$; zRN;!iqjWdT-!p3rj$hMo4;A)+MuT-ImjLsIZe^|hR&$%158ka$A_zQSuorYLD@8SS zYUze^ml6e1XB=dio42cb1Zi-ipX}y9d->c!qnpzT4rYA{-5+-07d7enEfuJy043?Z z$DsFE!3&3>T~76#{(|=lGCL*2;S6dZ4wPUw-e1LPlNX@MKc-Aia4@XYnv(r+V%E&M zem@FfNcyo{R1C3Cm6Y@2?Js&ov{tUbU(u_WrjG8U8_>+ql4|>aSGkGi6^+RX>V<%R zMn}E&Xv&yyn)>Np=ss%q)a2roRGWG2S$)(h{MqhS(T6P)2&6s3U7DQujopt_!(YkK zV)l7u-@V#>@v@@npE+?`Mc{N%5-o$kITXe49b?n7xV`+b*E3mLf(}A}B^`Qo_xxp> zO^ny#8rknpK6R3M19nb8-cSMQJfPWGr$r`0ejro`;m-O;LVi-pu7 z!P;3p+4AtNDxNHU%^3r|4+?YA(T7QHHBN0xJ8DLLIHim2929%${ulShbh`3H@(9sH z@l0d5n7vxXu70~)f*-avb+VM;b5dwqk?s+d{x|$(x+YSuS?u(6zj}W zUK$-P6Gp?1jymoU(!W=!()-F5)HgnD9?Fs5@i^je@omx9U=@^c^C7rWPDoD1YQB)S2Z&RW51-DAZie?gi0Vg3>&xDf)ZV)J$qBNToL^3pWPp)6Syq@n{k&=KqN^ z;y74vBu)rI8MP2S-Y(t^LPRIWQ>5h$#jxwZQcG$E;!6qVl=r>CZ5 zQgQe|W(Ms?OhQt$J~@QTdRydqOwGbq;ihg3L_aJtkR`%%3%9+)jG}kpfpKvbs*#%Jb`$pGgd{~9 zh#c@jV38ZL8X(TUUYE}`j$w~?78F<940Ghi-zbOXH)jv6Or`S4m#!8mnWQtmj~DW2 z$OhwlozzYwWe-16&66%ui`6g>_x1DT{7ko+Oglynrh1gTK2Te31rf8yuYcFc)B~TB5A+J6C72sU=E${W^Xh*{K=8h8=#z=!`Y-YbxVV z3z*wKy`h(zC%FayW&MEDeqH_WquxacV^T`>9MSXyE(aJ5rfVv1YZr#`TfMZEt&{x4 z!-Wvd(`bxeyTjt(f~4-OC#z5J79W@GhOBTxx_kIeGl#V`I=joec*JdZ_uy_wRfj5n!W+y?ett)VlEjDlRm7YpxHG-I8 zP!X$EDO!mI%q-{~)%$4T;l2v6sq)FZ9XB)u0I4+sY;@JfDG^|hEG(Dyyw*rY_ls=y zM`F#1jl=c9FQnbKyw6q|v+WeOIE6MCXZF;kPJk# zJz1ZB5@Jxk0HBgbBW=(BN~G6-wAmv-nmFh)Y?|Y@Q5#`s!+sFHlYp*bASHRDCU7|= zJyFPA#ijk+!m1y{dps~({q}cywDNa0Qz>)r3XV69zBCeF)y+hh)nuwTq_&s)0p;xq z@PEa>!Cr2Cjs>Vy+pgL(-(bNWUyk?_3^o5Ta_E9-_G2P-c@OcEDTHh zj7q%Ty^S`Ow|`fpfZ$+Jz}%>hXx^-pnZ`?kCNrOIU1<^KD+OX?Nz4|ki1%|e!nl%r ziQdhge}6fvnQn{HtL0GMUQW3dkeB)EjrUYPk6%}fA7)5EQEXZS4OQyICsV$`zY2N6v|hDKM!>%b&C*X?d|gz& zIJ$`K@JDT>N-RPfo=KO}3zxDCdtULIeZfst zF_xq^ctnpt<^5*bWhN(iHUyuhBXlOBGKy*|1@XWsAk zcPIP&)2DO5Xv-$ZlSli<4!RF1iXJvH9WpTtr8L6E5Bt2z_LBo}?KCuo48<2Eu*<#y zjW3?41KEwD2#5fpVA1Bi6;_6fzg{n%4B&&w9pZUh7&N3q9skG%!_Sf*jM`8_m%HSQ8JekS-7gVAo)5M%xXCuz@L(r~so`>lAQ^ z!7c+R5Q&0AhnqRwKhl6v7G?W2KOf`*V&l|moxSQ`Y44iz-~i~_3|5OeK(2n^oyEec zi5rj2eC7gh&Y|p_xKQyX!RxZoi1G>6U&!G#>bCnF@bU+xO-~-0EdkP6dHPlh+^FDw zF<`#8B@;kIC!+-h=i%19@#?pT7QjT9g_d@6zL+-wMzrR7asS?pYE-*^@SUezSku|d z>x<&O9Pk@A=J>%~#s4}BAkqp9iT~{9JwUqv5Yonrad@*zr>?E#SptX&>$b~v^nk}3 zXy2&PvO3_wovglW zqjTTr_cP}vRkQEI6jB}d9y1?*1VSvk2QPToAP+?j8d;`f4UkAt$FmYgW5U zmCsc}Q#aqo#xe@$@~4CkHz}V-6E!O8V2nI6VP{ld>$_@1;h=~n#=&()Ac@!J!oM(8g11PKm9@_PJP91V8YV183XA7GZQ z|I##=?_)r&q1@mk!BmVo$H{@tQ*rh^hc*G**(2HV(lW$mUbE3FPOg&Dgzf4EBbK2y z_(#}_4~hv-hso)r2ni|_gZMKFjeAs$66hlwi(bl3jN~rWT)x~Avdht5Y!fxk`mtVr zCyTGh`EYYmuQGx%M+?Q-PD=FEC6b6!nbBJ&8R5iB&{7IIV7BO464&uQojWBaH0A$YI@wt57hL)j@4Q0w_5dD@efeRaTlWF;cxC2r z^dqn1Eia&uIZaN(Ou8m%aX6f4!$F@==87_6*Nv634)g zt6F-W6tT8Lw8nn!j!h-SZ)&;~?G<9j)qhd_clIMoRgg{ORVT!tfAp-5D=sI5V&;9* zh;Q&=p<4};ASkt$d93Vvfcx^26w&&;xmeIFR%t=8w5`U6Z>2x{fUd@^xuu90=pU;M z4LdD~nS+Oho!ky_6Jeyfu5y{=_7R6bqsh&n3-D)=SFdG#oWHM5xV*V$p|C<`W~Aav zSIt#TsxN5!)DNffaE~Gj?cQapC%b|UMYCj?3U$Qtd1M&Y`bP49?9iVOj4YoGSPU)S zK8#fPS0kowAv^3$jC!Cvx;+LK(#ydgi>PaAsbP*eITU^^$1#{N={zqn&fx z%-J43{qtmXdHmonLp+V4g{`|X?n+&$DUa&74$a>=IlXyijLz>k;E!LDSNVdTM#iLn z_-*43aXIwhv%M&r(qRRCCkR(wF$X(@+)u%qo3D&_pIgcieZKW5P;#r)U0`(4c znu}d&%;M~tHlBeAshj`K#SVKQ@FSWw%4s#$Ui-T}sM@@1s^t7zci5h4D+eo^w)c4I zk>n}7u7Iot){T}Y?^TlS_TW>n@JQ9+=M#G*T0c5VCcg8tXVT-NKJp~Zjml~p^~qW| zCB1Q*?L?XuNkvhhcQ;ux;A1lU@{(mQ{r7ZMSs6Qnj2!WX-?Do7Mw4B#^;%X6+6KOE zSDE{P|B)@$=m%H*f?ejk)OBhchl(m^!F?86<3)U~`)M??363Pq5)Hb~ zNVEJGfY?&@xIHYXII?;RIY&r8a>pSs5+ulH-S8lwf9&g*TTXP7S)6!kkm(^@{Jd>e z11!Q&7XZ?}-v^z~i7Ye@k&ng*RLM16zc0Jbpg8`^mD(b3{OSZVJ`?_ch6Dm%xg8SE zDl6_mJb5fERP-xO9I2o2)}cbOVM5ViO^PAS=(BUyk6isD8K9vE=hHm?9vg8{baX)? zi}#HWdMF?BqV>hx<>o^c(Gi;a@Nb`VH(l*>bVG&HQkH^pBV2-yf4qe+>a><0hsEQr zyDAx<`HUsy_TkEcGX_&A3J+zEA9hgwubZZr+frU|XIP~`u?_z10bCmCas%lqTq-xc z2+UXp$gETM{d0*>vEEF#>2U=XgSi}Mx}0DzVflOWfp-jpQuOcZam}oC*Ikvawbf`aadgvf%DyRB#IWTBUDrrwSjxXcs~%FGxMlKGq+ySQ+Z5ulR+S zGFL4xi;VgQu9B0USq28-V-DIMK`J$R!3P_MdK^-stI@pAq8&89NCNzMH(oR!wTk8t zf0?_Av0#BDxv-P&S2dJS4x@wbvN3QkkEg6dcGFfa&NrB_+TGZ^qDE3EO%Yu;b_sYH z$os>dlb47?i-)>kwBT@MsaVH53p4mJpX$+PU0GN8*+=qkT8h2uo7=t@s)A!iR8QJw zGn@K%RFB;Pl`2k@KembJ{9xNTf3BB&mq5+N#^FyGYKf|Gv}E$9DnT+tM?CCaU3r8J zWr;}_WYO{+eqFA;Wul7rj$laGlYH1tPjq6LwoMXc!Q2&F$ws#(r#nmspC%Id?#hEh z&_0*1;Qh0!Q{UsfV!p(Obh)J;w{>~aUdV&sjN`3GD61JR=$oD)8K2)u@OzY_5?b^M zM*LZS)V*^o8)-RaoYTimC>u=A1P!#XKDLCO60C5)lB{&JW-gUB8(B*xru?{TYC20B zecr8P>=GtWDs5!?OV_=)fD%dwn~h0tnmmI)arT2#Z|DccQd23vxAfofQai5Zsz>FA z|GDt@<{kBS0xrJiQh;7lt>-0DmDG1yopf6xyRfOJ3tTJ{4{zspXw1;8E2W5$ZsL77r zr`=9(OLm#f>tSyEv*Izo+;7Tpm~IvF(_Kd8IAMY$^GD@wT>Y5DC1i;xhPa6P(xWBb zWZw04wutB{^oFV-=Cl4NtdqdT`2!f*R8HN4q zmwSCm{^dSMeZzsxM+uR_>RammS}&xKeIMv@y7e>mXGxJAz3$Sg$rtYjFbBS$Ockl+ zDwapKrgusJXL;Vr;O&Me2T^MkDzr5a*PSuUBt9`jl=RnYIO!$!jI@Vazn)iYmJrQo zSz=Z`ocdW|a|*vWaloZn&6Bz$NzS{kn%4HcbUDV7OgWBW>!~K_KjYUTi|HrG@+Mnlxm$tKA!4%g9&Jr=_FmBct$gHwErtEc( zVEo$)agLJ8llX^Sy*85Sf;{YP&O75?B{F_H4xVpi3e+f6_P5_)jl0|KE-zd*-xsXU z%Q0ztpjz%CI)$-Ab`kyZBB7)4a*Ho3x%ll^T%~ZH9gXl$8)GW7v4R|8^CD{tPnH9< zwYl{V3}$6kt6r(A6p$Ic)l@yk)Z82zK8|PXYiRNCyXr8{Zh1GQr$X!;rJ8(G+!ss+ z1pm>+G$mtAd9oPnQ?v$C`CJTv>Fg@f{m)2@SGT_>=&@B=5c?JG>(_Uvb2c*pr@UOu zf6jre%2P(CD>wU!A+VRM6wUThN*E?m=QASZ47Uyv6XCZ8y{M|?GPks#I z5E8KpsobvLZWfsV{w+*j;KcPAISj3hTwJF}o03#M<2|KMUc$6}#RWQBDaLGG6?(n# zdFkPMAsP1tdAv&{)nmTr4~a~hD_gmEYq3@&V5AU%mSOkR)!qkE=H<_P#PEAhEGG}# zswZnSGz3~Aju-wqxf*$dRI$1&!aZY=1=cEm3`|c3#H=`*#f|B5CXXMsOpOVw4=8<+ zY4+!pszYttl8Yk|F{_26WzZ~eoQuXa(!IKu_4?hG{?td!Rv0%l_xv=wZcO^h&)usq zYFNqM(F}bOF|rCzh7ErkdPHU#W5AbPs47#w@vZcyZo1;Q_y>dnm((2!s_n!Xiq
    W?s7#k(^H{Qy`w<(y8uhs}AOwC2*GS%`13N%srL8=bW#y3UWr{nU;1Iy7xR|Y`a``?l1&uT%RqiyK|mA`kR*~NC=!GP6j*Xba+D}pf*>HENLX?bkX;rKSaOb%C1(%?ghg`B zch)0%JfG)R_x^Kl-Ky^ot5$aQeJAwvbU*!c&-z|~dDa_Sy_Eu?jVDGL-R`yb4^zC6 z5lY^%Y#`fSoPPbbFfuB<{Rj5IW7WwcTSJB zdULRoP}yT)Qfm?s^zqG$();&+Y_0B6QYU*X^`DKL7zb1;)Qv^ zNi37)iuzz!^9d~u)K5$!L?l{k344C@~Vx2MeYnuqr~5<5qhs{ zf2zP`{5I9l@`h<gL?lmVUiD&@3BfYC#JDRkR|kVW}`16IOjlf4F~Z)(vIz$MAz* zGIfTC)&iQ|^q4nY5q#l~bw=52%%S3zBszUdT#qJ$aLHS5CfIZ83pK-QuE+=#Sf-(! zxD7*@y;LYn%;g?rMD!|xTt~rB-NZD8;wFR?6c9kDHIA2ZQ6r!FL>LaQiYIjNb+97J z)Clw1nxPzD6s_ipGRi|ZW;PP{1U!b!Y4WR5Nr>$o0>rIEl&t5318ki6v|6*aRuvXy zduVS73V~DOoe&%uYP!J6*q4mlKS#o(tm5?A{HTk{q9UMf)8W2R=~X3j)7`5fvE!<= zHxKU>-{E-=zht!NtdkR-c<|6urQVW>a69-`;q?@)FX%gxN?`A4tLkP}a>I3H?XgI- zkw?TRku&BIc5pM-$6qd1I*dhlp$GS99bW#<$~HCfUT1-s7H+mAxEfE3kMJJ3AVbbS z#BM$l>G8I4yHmCMWh>)Q4sW&fd%aYM`jan(lJA3xVpYgZ*SS|^R^4xlp@XOF0MzF4IISk zrFL(_rr7HacE}e_?WTd(t4#p!`{c8 zB~F(w&w$=JFh^rP_liaHhzy5%dLp&YUqHVrMQ0%PzX{+mYh_VoL@t!R6u{%k_o+dIflaP=zMGK6&Quj8 z>Ig})k?GEGG9?8+$fn)5X&gUoA%6Y8FcIcpw|;!|w^mg2gd4!K&<&pPn@QuzU_I}qewdLUuv^E7!Y||&l zXgf6e-ul9|R*m(jR%?pPM`x^(hy_{@g%+O(Gz*^a{&v!Tx&!b@+o^Lm+TxL~*I92* zzR&cnU&w}DTxeG1DG*VAl`?}LWpOz11%2DJVwRntKXH{X>*M=fM^NA)gLzXv{iZH* zFneTw%CglxsEP6cyU$IUH+t| zw${>6&XhH+N@{^egkPUB^Xem1!dekDM8JG*@519XYpGDzK(Q;V5%$973wXTDU$8y4 zHEQ(3E1Z9SxiOnX`4hgGOq@neWN59QWBg5IJf8w0ya+KS3VHKY^gF^L^^ZvIa?FB8 z?^g)tlc;8njq|-55?fz{aAnYTrj42->gyIt7dXDAr;qSF^{1(5+=$^MU0aKM9iOqN zOEWm{q=Ozlb_$_!4&GCzH7N?%@lC?%A-4!e9me%4mb2cTPSiC|?axe=tPZ3kl#ttv zHY}xzsL(II5SgSRlyp?)@%h+r+4I@wiY2#WFHde%`*pKqq)`L}EN7dv)%CSth8I*1 zZj+tMY@{#ZyYF04=jFFLM#lwx1sh?_Sq$cDp<`~Po2!)k;6#+z3QIE7AG=H;AbNdM zP)}e{rX%vz^rg3brhzvi@_@Fy>EGjs71lL&<;7BUf?hu|Dc^BVUn}+mqUV3NWG|xfMLuaYP;NV z?&E?W$xdSWd{pkV#TQ+p(D<)Jj^7NcuMJnn0CE(snd>oa-`H5ndet$G3o=?mGhJ>r zo?_m4xf(HeTs`QB=JPxZI1=OYnDG?;)~-CqBzD@X^@-VUdy#Gx;KYHsr>=?BY@Kca zM2jjMh;8WE>PV5sK!+i60X1IM1q#g^Qox(pr36gPfD zonL{lexP5T{UfZ|Xn@Hd!1)Sz!1Kqj$w*3^#!=*@aJ=qyST3@;drx@Jw1`Z@=EVcvRIlFLqbX>m=Z3ppInQBjrh{yh zQjX7PgF)bRR)+e2W?Fmufyl^pzl30V&T0^nnpLfgVf$@(C*as12?(?tfj~R+ z!0`XX4ySu{8w~w{5=fX7TLXc+>o$v*1^)QB0uT!08cp2*QH?L)z5kWDsHX;4C2prq zVSNTEjKt0c>?hs%9aZna3_>moWQVq}>hL@-EAP;J9w!tB=V=(@*)hxz1+3t zK|HSxGcA82LxNxaKbV$=bY)eCjTS5PjXG|3d~`jJH!@ZmR3{nT-$F`d{&bO zW>IVD`H*iQf@xu6NRt(+R4R|}2vx1HnXjuWcWgFc@OY}|77P|GCf?4mHf=m^@;NB9ChvT6wj5r#% zml?Cy&-^BiKj(+&4d@31qGWZ+jdMz9?=1_*SY~CIQK)A3%8`W^GTM60bo5H?CUNcH z*(*1NGN7AbrY>}_Ap}*T`Ns^+fJxD`uQVcWy9Vwc%LVEU;Lp=M;<41Yh?&&N{<(#J zt{fdM2vdJnEFAL1^>`}TRchgIkk+_|E?({x*6rvsIV0ewAeA(h`gJmxw}t~fRXMw2 zNdlqnUF-;B=FT3DOrwE{c-`egwhsz#BL~YgAKdt?Xe<~42v79JER=uPK{#}JZb0{y zMC`!j2ZU3d2YDCXuQbrvBJl;)TpuQF!u0evK393>PI!DFt=w3jL?a@3Tp#bEK%Bbz zy?WTqB-2;5+>A@6ya=YIiX5Hp=Sj5vthtVJ?Mzy=1x%lBsR~Ny*?||dgqZ#@#lFTJ zFkoLOrF%5r8F6CKb<|Xmu?vMHkhXAAY7IjLJ#l050V>Yd= z+5lw^zg?hDYV%-1HKMFB`vvDdk9L2IuV~L`v8U$t_|(H#5#{3)N|zifJbz;2xXe~T zk7-w#bmyCWJ_r%*r--|`AJVI<_6szK_zex(g92HlP{q5kOHSiiGx+4vsuL;+`z6+s znprQ>SU&UG2ukXKpg5NEpBV!{0k$^^ujp5Y^6)LBCna@%L{V)7c8%rO*tn=IT+t6u z-|w6Ynfx!tH!lO7zDGjw07%WonClaf<%c0oYP4y5h$FQ)h#1R$~ctQhU_(L-5fL zv-ha~y!SY7{>XWM0u1jLLR{qk1VVmxlFkfh+3*Zyf=k}h;GC7782OI`e`7#zG$@jo zCp?AK1Ug`=^xvB2dxC!hD34FS)S&fi7XIp^`+G&UEq6N>|sz zd)fkfek>gBnq4AMS!bWXR4eww>R-+G(1UT1F=N&Lajj}jgKwWO*O6ZFu!~Fd;;2}s ziYPmfkBqWboUI!!H+{;<o7pO~KaDTydF+P5P2_Tmn7`q&@UnWdmlRs;V~rc>0Om!W@+8 z8r?pDpPsW*-|VmL8kn2kWQ^H)cqo;mIxf46=A(U(wDVbYbHy-hKD5jKoa3xO=|q)w z*TfS^9yg&4o#c)LmeHaIF)4c2>{v6IP)M(|SXv65FGRy$dX19ma|N_jxy8B`1FSX) zxH|jX#S2rdY-ROW%&MX27OO6c$FvdQ&8KmO4iDU$@Em&x)#DP+(!p}9! z&D7oQv+8D9pPs-X3D|SouPdKn;jzj=9~y41RYbtq+-SSk&SpH=p&*&6tql-d*GfnG zFDV(#y9$UfYrE{L^LRNV6`hTGvavAT9X732e&?yxvb`Oj`@P6bsu>*E%gI*e%eM)z zX&>!vi)2=c0%Rxllgw+e{n@KXHphi2Au{vY03Bh~-D@5jD+MF@EHs&V4e2lkL3|(| z1<$0(|FlDJhVFy)V}JfqpEXk95v!(O~i-csu zrm1>SxhioyUq+k}#%~{%IGS%h&AEgzKR#q_>LUaVD5*oj0W*)j1^>g!Zx;T^MuACy zjiTN_y~wgRHJGFx!=XCg^obW@lGt0HSnR+yvbpSlO*BoRW!9DkcSg#{0?cVb;+7)V9)gB7P))p$ZOz#%3Nl3PAioD_92AjUp zcFTP!^29@)cGH89x_EcC zz2pgL?cUAKZ&CtI&NsEsWDu?Xma^uJ*m|VZ_87e8390J-=7^HD_V9g9;%H5SL}wXJ zt}dIuGQxh^NdHjsVld2mtOHgx1+<0NTBIX1e~jWp}&-<}*;?@H`ZWu;Y` zU6~r}O6az0_Fzc}sn4zKnva|uLk29%_m}f%ZZye+jX8U%;7|8H=c80!4=;5Z3JMI+ zeQlVlIa?AuwJN{6Vu4v6{gwgd+WYy?m#Y{ftoy91t83rza8{g6l{y6lh4(S!!2?_@ z(%G(NTCZ%B#i02nx}WIZ<{Bp`xdi4m)D(nVhWD)cEroJ&myp!z468?@UFhMjUOC$$ z;UcS`-cs*o9zeb9#KgLa?M*$L6e1e}WMeYK1gxVv?U40*smoR)zX<%Camm>n_Q3 z8ZX7P+J>E@GlruV(O&K9m#?*F1ATnOWK$lOFMP=tqcjL~^EPH?&9 zQR}5yMn{D4-DtZU6&9h5(xuq5=+;tr>y%fCwb$&rQO_y~yq(5trYhs~IPb%B#Cu1w z8JRQYPpn^~HK2v2G9+nSrvu3^n?73EVpA*}bxv-~>hBjZ!g9Jmscho~&tDHhq2S5_ zk3>E#+gZ$O>$r5H5KkXWZ?ta@^cTs8ejK#T^LiM19y+qf+>@Vm_)xk+lUh+;yJgPK&Mut0{Nysd_P^Hk`fH%ZBZDP4^=HtWMa(#A zBCwSKbEsqStuiHLhrMTbOoH1C=y;QBFf~MiONij0PWB6v^r{Py$P%gjVj3nGtnN@! zi3+!Y2x9ptL8D%gFRAzeX%3^&?V>Q;eRshM0admm33SKS+~eIjW?9Lb8p-@0r=sk= zGBlWQBrUIdjAy};r)s>KKxcJa=w72WjEHNC!rD5n+uxnxSaw!(#> z zHOnQJu9*quv%5F?DU72?;X{*YSF3eH&nJGEoZCu*2D_Dyu~o`Ed2IToIgMc-ehui= ziu3Rrqv?jT?ISPGuYKEk_d*vpsqTtguK)>5l9TwdrfzV2&M9cZjX~*ykArW0YS8!r zTediJ;qbdk@P&fAo{82Ri^zIUa$c7D~C-qRJ+9XuGe0s7v*Mt^}!4W%3)rS zO)Za(z5W&}gR7exR8jF(`Vkcs)tRpkVaTMX|IWf9!jy431S$Z45DuLBG%A7~YwIf$YdCLkKYy8r0=3#h&hGhbwuk=8Nf8_|V_w8tmsAt%=X)udsO`z?FZ4|B>Mv%~`0o{LKalNaF% za;2k@J(fPW>v>Kg6^%@!Rly<4E5@ZtTkk}?WZcx$XO9f%c*$T+oLt5h8Deuoh#rzi zJnET?G}8V%AYaXM^GeRc2eOH=x;J0CHZ^Ls#z9F8>jS4Aex{n-@ju!LJLb2p=Q`!r zJ0DR$^`gXo`13q!P)A8dMy7A2HeUA0=LTGl?efWx(V@A^Cl`C;7)m|k5xhklU}<^C-Mb35w@ z{KeFn0#+85YZ+CLZC0k9_FRvywV=S$n<67wJw{tqUttMySQ%81`|(^;&_#Ivh$l->OGdP# zKw+cC1~NYTD?hdT!G87ee!SmB$r?Yx`T6;>g`Dz?OAuK9C2?_a%bCZOqc4bm-+s6l zH!=n5cz1ttp_tbF?WFc0VNCVF|eM?=$hu|0<1tVO?)Cs*O&8&#g-+syk1a}?*l(AqZTM=GV~cZ3+xG(_#7 z+@6+ayntT((gnLbXWOQpK(kIkvNpg{%xJao5_flcaSm$k>GbIifewzEj2>mJU)Shc zJk>Y1C`X|&3G}*BF)FmIJ!WCMA_3KVeV6#p3+-^zsRPdX84`I|!Ih&G!ed+cR->Yq zf*yN?RqF}M5N6n?l?4H2Lh|1WQHCo5Yt=vh{GLdklxl9{$8bg*HINo&uqJrlpU`kr z%Af40fX&Xv8G+=}rl4v?@uW%Y_oDCB`t>M1j-RrsK5S;mbh40n86P zl|;sd_gwZ%knMIy*+}L~ z2k!8@n_HPILb+<12$@KdlF4iJ0q?(@CuFPmQdRsUNxMg@CZ0iGMGi(vQje_{S2OHK zIxD<>i@X(lGK=p&s>tb z2?{Cd$0%|V0a30YJ6(^hF1k{4#+xX$xL9?$VqLyrY#>LQil1)Oj}-d?^+Rjxoc#QJ zOD-?Qe*s&Z<-mvGdV17mq)UJ_^?Bw9;E8M{d`TZ*2MtLiqfk7ypSBLSCuwo$QY+hK zaM!;Ujat9yoiA+bivige|5SlBH!+CSUoxD;XD-U!1ZAr9v+Ou8WBSK?+IYqfmxhc@ z<85OwIV%IhQ@a3l2K}QQcafM#lI(~)xt185-yTLp4qTJVYPgIBVyS`YpieiU7tUdl zhlXTou!z2PCMbD%c{Naw7?U;zk+SkD)v5Fw-}VjI2&!m!f5pbJShs<6T;PQ!ycz4aFA@&%o}}SwF=N}E1u8)$AyO(pb{jp@7RWK z;MGHP2rVMzsClnNR3}`-xqOLjI4dYT*G!*aFa*^S$tMF{(?>LHL~2 zVd`HgJxOu8NomTpeZh__n>!^ilscrC{!$SBcX8h-ZdZH*&8nU)z=5 zQle3`e=^&@t1`WZ6}1<)r@G0(=c(N|Imxg+NRBOOJ#oCXEyeVx+ev*}$MvCwXC<`K z2;pP1)3vaZZ#Pbp2W%2QyzGkD!Dwlu_ zWt6q$SjxDSZZF}{do5iWa6^FAeqZ0tw%}3X#%^_qs)GA51+rYCXC`S*NY@1-6%Y`0 zoGnjXqDtwE1S_+`?y(#oio5kbMN2_+6P7PdA!}<%h|WxMlbzi6^bPfLM;xt{pWmy^ z;83@YgI~5z7qGa;$z{@~1%eXBcRxKR*MU9PnKPjG4xn+xq5julfrSxmVsU{CYRJy< z-STDrw;adE`w?-j3HUn-@F`8`-e9-}^b&i2rlb1!rsn1j2OoUiX1V|Cy;||%S{uaY z8t$^?F2!_N(e9%20fj}24C5xJ|9W7k3b}voytv>NpI1(q!m`pKiL-f%{{|u|!FBDE z=mMdv4qkTt3s5qve}QizmBR+!Q%K2zS3L5i5zIlwg{58V(V2E z(dA)~gz|cDZ6OK0+`r8piN+3_L~y*7QJu)?|1x@{zFjqzTwTV%U(BO$e!iQQ*K}df zW*|hIssEGfL)ts5IYpCPva<39CD`Fe++W_{Z<`F`RC9WL7uC%O-$2=b!uc$!&BHUb zw)&}qxtdkTd_uTG$+WD#oPS^GV%MgEL@oBRu|z}Sb0){U8zuMZDm=&65UqQ)EActi z26faUm9v#StEYU2&#@eb7abXvTE{xXWnISOCye_)frsH3NXh@6oB-^F8EfWs0>-Li z!^3`Qk?Kh+(L1o&C(<<`aDp1&Bgi7_c z-t^QUF{tNqepSins7z+~n!hn?CJ_J2zJZ^H*ezr=ORK1zwC?LQe&CRmDz?KD{V=M< z`dM%3|MobUV6WKW_M?^NB~LOFJrAff5@YFi0~|8GPzdj?CCy`p%s!h7yio1=kmGPs z*Ia*YWr5->N$kOj#reu~rgcK*0+;BeavmtH)=uD-aFvpr*XkD#hpF}SvTIh@^sQ?w zdn7K{o3AulbsWAV#93kRIjMi;SOmf0@J-3uG+iP)K-b370>|BW%__s-#-}@$KuHh= zcSihi9;Gj0PAoj0O1(OVJ8yL>R}Fdkj@3kWn`L{xS`Svn6~X&9qxb4oD0;-dZtf8} zo9m8tZE%!9z0`|j6(Zc(h-6@ckS-X`mffQSg{6KfCWq6jy*MN+_?G)fyq-Lm+?n+9Owg-?EWhUiI3^1%J@#c)rF`u7 zP>qXgUR#!vi<$WRAHiBNy1N*WsZkIG2I@K%k3jE^XeeSovR;2i`|`7N-!n0p#9`Kr9EH+p}!PJc{AjU;C5mkO5i6{^Eh zuE-JP1z~_~mRkNl&y`*_=Gof~Gbx0dQ_X`0rVmK4vO!M0euyCFe^jWx%mHSvUVAmE z`nWR3edYCmYVN$Kx*)OdWx0!h#qfF#&-Oo}`7mir=<5uIyBpG} z{C`HwKC`Us$5S6R$JsP(Qab#MfwijwExW7XG8p_&*nmPUm!eH9`IH?8|7*!yj6v26Oj0 zY}xs*bt%0Iz$TdeD@OL0uhSk2cvsnvdVW^nB!Yr{NA-Q*fvx)+Ylt%#%xuAn2dXD? zD|QKNJ8OI_;7bC{Fcw&fF{1w7ZZ$VCu|s-B?Vm^hSQJ3@c!jBwd;gui+)wT0Jr7z! zR71OdwtSBZXt=yg8eo$WfDRi!YnD10KZt~bIFLbSODWxtSG9A42fC=(W(14TgT@zA zI(dFI#&|hg+5#d!^S>Jy!Jy(ukRUpXu@$&$zNDS>_^;FU03+o3I;}ZmoDe6D_}3>~fWII6r^x{VFngaB@SyWhId?~>6)#pb?IJ+<#K)p7G{d6E`EbS*a_+zR--(lcR zh6ab39qN-QB8mfZW+`8I?=No(3`gXzu&`ezcY7&l9skDu?vF)=VQ!09&;A4<_r8x| z)ZI(4_|+H!@Kl2`JNFAGQ}jX(%-R1-A};$;%B!+mazrPqi(zh0i_H5i(Ta0RWvZM@ z=JpLHiM3y78v`?A&ELgw7%>+yO#Gx0e8!*!y1K65wu%Q)1dQi2rpM^}QDkP1B3RBB z{(z0vXOms`l_C>VvyssB*1)w>>tc34<2R23#(D6k%{7^%<{r%G9Vb&$!3#%~-Wqi$ z>NpLW-c=3FQ85mqP%kzob71~zo}O=Xw4^vHC^dI#E_o08%E&{MW@4(5w-@)|B8W9T z8P{6Qxzn4hlxxD`vHMKq=w7wIt6kyeTF8bRUyS?9(^9^i|cz zMULv`yqTF5`rJF!QHtge&01@3X%ZgZe?qeZDN9=U+6xg3nJQq!vU5eHptOeHif}#a z#sbm`?jhk)x-0TC=BlL&)T0pi<}>@N?Aivh{w$tvW|_ZGM2gkNH+RJH8>^)&hZ8@F zw>}y$Jyk0fpxJpCV;(~GvVj^x5OAq}kn&-`Xx3p2())=5D{xj8WuhnC+>?~GG8q=g zR^uk09Q)gP2cBhgdzSP;FI7SAEQ6x93Fpgi7K$s?WEKzT_^I~~36f?WFKg~3N-J~f z>tFN-nVnmJMD`W)Yz|c?jfZuE+KBw{ zLqUe>>7iu!IFv;ricweUd3-bPyK#~ti8sY62oQy_;=AiNjnrmv)j3^JmI z%a%!H7OcwetEI%lsa>X62kIu)_h*Ja;c9m9_OEIlQ#Ilci_tk@^dHjnr;3DtRW}ec zcLx=9GOp_(^zL~<^HyR~ew^!f~t1#$@{=95t}@WF7-$8s}fI0X0dTc4gHO!GkB&_rg$^KBYDTDj}0+h#lt<+|P_l!A;u z@IY^6+z=Z5wlJ+)>=pv&zNhbv%ZO*5o+@mfO(4>@?Kt=@nOw$G z>GV1}n?tFs$+Cki-h6sn$2cw}T@En(#AIB z%Z&2CW-GuE%A=|m(M=ADa81Cmyh^%zOVp;-e?mF4`OdfPtTY1@+^x8^SBnPcn!C0& zX<@dKn@3fTdjLwHSa*ggz*mJkSIZ?>{>DcXE_3U_NUshBfsOk({D~lnJC~=hUn@z2 z=Em#d67|G`WS3+{?MBz;4O-h9y&vNe*09(oQiA&X(c|bx_Aa*W+DoTV*%qoEo+~D^ z&x&O|r9z`%$L2ntP&!t^Hgyy4YyFfaX1}Dk)o#2&WMqFxs;oz$bC@44rV93xbKv)R zBqPLqV|H61>lWYKzK0C!mjanXMXhzu3QGRv{eQF<+|H61c3R`y8CrnO2ey8yhZMNh z&A&03zN=eUKy!c=(n<-By2Deg#((rOcpd~BmwTszE~2J+78>j3ZDt}~xcOPo6KT_Z z(=Ws&yO%O*s`4>2V{B2zEb-Gz+yZz?Q;O5NFn5yf7!pZ~MF^+yG!>@2?Fub#Wjjuk zjQk48e;%_tkvsS3$tUm9$DOfi-AdW(*H~HVn#Q%$G&S-aMGnL)y`ot}#*wL0dIsO7 z>zj~dnPkp3{n&=0)rFdk(JWG`*3b7YllwW9qmnJehhli92zTU&-eaQIZ6xt8c+35j zNj1*)Xxj&Ct3%gukV43RauUhzg_R?M9S~o^LYfJ#rbGd}AG=tZ(Y7m&A?clU-(GqSt zF~?hgS@N0yYVZ>0dg-%DpTG~KBwvc}aV_V5e0@Fz+apE%-QW^6o58Oz9rv9BS7coo z)U~O&a5IJ_lDrcHg05E&UalI)qNiQqFl`%vD##CAZ;t2c9!!rlFW#d4_BwySOk1+7 zLj1WopGhgi_EV+HtI1bS1WH<4zCvZik>-S3H`olylcZJGE1mcJyWVh_$nnpt!^Cp~ zMnghJyFV)jdO1%!JuobGE$b|i`43DMl~uIu~PieY_kqV(L|El|kS2nX5yxne*so$U;~bhmF$nvGNgz zhUg5(;f3jyWmU;Y+*=tG5G{@!*r&>Fm(4Ij#wP36%`sF?`ziJAM3(^z^ONx(4TK^* zM*2<|XSIH%#;Ae>^E!wg?uzN_jlN>0y=O&}j0w_xv)Pe6a9W08dwQ_BCcjmfF>Z_e zXydD}TQ-KoQIpqWVP))u>vzbf-{u44k2%?ogV(=qUFtuNP4Yzr;&&|RIX#WtUV72W zrIsy>egZEiTiW8ha2~Dw!2P^=Wfh2)*VrRf$c~_LQ5~WOrUHRngkY)gm)ur{GFc6C zNG;4!2s}~edXj*>Uln?bl$sSUeum3(Vn!!>No!rGbxLot-GdWunuoz!G{9 zee=Yd`s?&v;PWhDVSJuv+CI1^l#kfT&q|MJQjsDmw~eVt>dicTN8yXT!3EMgIW?IDaz904IAUVIsdmgq24(f6Z&{eU(;Ot(?5=yB`#3{)dgYH{kT z3S{?XVDhf;I6#2!TbDXil9J4tzze((g0j(PnYce*EncTdUy8ZQsozOS;oQ`qziC3o zBGgJja^{M)0HRl_>xw$j{!XTyNiV3onGNtB{XHdq?Wb_<>cJDDl-45Kd#!MQQE3PH(5*u#iea z2Z+nM^gn!<7BS8Nf2tlKW;doH-tFo16k1?Vpcq?UoQBug@ZAv7Mz0D*B&x!j&Y#hk z@1PJapjUo_zIHe(^-9J1Jng7*u^n1Ts*%jfY+g0!8dSY;lLf8IwydlQfr%F-G#93L zl(3694ywE}@Cx(4E_W)^(n<>2fU zr=!3!z6O)7x$}h*0!yBmwV9W0V(hPU5_>)spv9z@qlHNn$_vNvw&1mDCl3k*KX=Mz zvAk*KjG>2hwsn!q9>Fxbkf`3rbfwrXqk6Xa4SgFJR>pN5;?K+nd zV4L>>%!UMBE$7K>6oH2nv9Xbe*9d}716gOU{hAFJ20XF5_KWk!4b(U+kR}P#L5E?y ze}mMYK+v;i65ua46>YL|=6}He z*xdlx*tvNcr{OyA9!W?-PJo6}ST_NvuK)TTC&7ON)A3X$3f-%&Zw?qU08~fflOW+jikM`W+ z!pg=l7!ou%f01##Tfl1>`BHzf|2auOPh;j*)xp8>0EiPKBjr!L3r7tE!|Ldt>z&*) ztfvVEF&Y&WcvbHT__WaH^ZLhd0B8ci$X+Qi+sOoZ$6&CD`(a)5&%_{L5xBUze$kC1=QoCFQp_-dG z>dny7547~#hXg0+W;hUYdNbMP8e(Z0u%)N7NUxoo7}MmYR#s5J=AnD~p|v$g@alSX z*M$4J9GiOn{q0FFuQdhNC=;-G+maoA0@5!rc68Lw)ZnK&IyKv_A)ay2EKTyxwt4O! z+1IIfu*i$eVYJb0GeJY}tgNgD;2+D)o7B7U!xLGhrMqRPn%s>*YIAO+$;6L6%Bc$W zm_0*>BN43m^zW$M2*D53u4bUk7rm$eb<%lXq!P)()QWweZOvBM#@bct1S&*+%PTkb z*0Nfdmc~8W{|9WB;zcFoR~1TGTD&~S{NSk1(bb{(LL?cx(g^jWRFi%%x=-VhoY^*-n$qOe3GTpoml#rSpGQ@L)s7f6>@M}9_F<7+L6Ok zVZ9#z2c7tR-wg5@@m$^fc;DOmGFd2jc>E4 z2;~s;9Eak01h5twnZ&ssD#{F~09%(;s4%{6aGcJ0Q{>A0W?L=+X@9?&f~PHo6sPG^ zNobWe%P7<0)AeU~iq?PAkI*IpVhCXYl*B8n!AXYlap|>kquSe;9_GLd@X4>Cm@`{8L z+U%*((#S-9!On(#3ON7w^cZV07AP8gGY=GY+rqj~u2b>!iJnozP&DrC@ATykRp^g6 z+K-5WJs>r4srG1Ld%N7!izX$hy|~v8eXl&;7_Cep&3J&e0NpBMr@UoQ=-?oe z6#i1@ypc_nfwkB8UIVs@KjA6{IUppl;SY) z;sH9R1^RsJUBN9)W+fcP9lIaKk=R>6Qf=S8Xsns>o}(bPt|Ao~bXkP6JT>*S;y(>- zJ$Yag&icg!({Wax{Z?U+nwv#u%kQxNA#l)Gq7m=PFy~(KBo>K_Bsw~JIgVH8eYu){{BO)%#aXL68F)cX50?2%o+xxCy2#rtXVM#3SdO{n_G#J zrnkrG49uK)eyf~TVzSjNs94fDgzWa?xixPHYGz5%)va=^*>d&L+^VJTz&FSvd;9lM zeiO?UcIIv}oLZM@A?+POf$spji#FV<=uO!|9$p-Ne|}s1;G;{93@w-XP5*|#YAP;r znn=WpcxX)Sb~*z-x9!g6&M4qt>UcQ9fD!-w;Qdf~ z(fbmrSjYD$>02gT%KH(ottkoM#iGz*m&OqdC_Mh-miW|E{g8E?I6h!-JI-kJe|Uf4 z4ViS3Y6YwO8dawP`z{Fjf1$x4e=7o@A-_T3aNGYM-g=*=kEe1l7^f*6TTq0`LW zQ!0p5t$;$)1@u|z7)LI&a@fe_sBA}In-dAfx+$_z{xE`S-qoz!9U#23B1Y#24xfIZ z#Inw6*vORNn|4>f3)( ztzYO!`QTbiPQE;es)mEu9R04v2LhrzknQg`Bir!Tj}@%(Kh5}z-+3v1Z-4(9z}65q zRI=4-V=fM63Do+XuO@nghi0_}ghEHybmeL5j;uAew62#f=j ze(~j*Q&hma87e7({JiTU4`dAboeyq}IQgw2_-zymw(s2<%(WX^*{lU8Pr>>ILX7%@ zt+!4RCV!Bys-#sUPPhPokd^lyJTWA=t?$PZ|2jp5@#ON}{U5t-Ec=}SjLezCTv#A& zj$r}c$ZEF9tR;aAWyQ9i{W0upU})$!!Z{hSEP=74U*L1=%Fki{1ZRG53jDxeuUB9Z z{B;U**TqnEQ~L>Df+!ETa()T$7Oj(E2Z6z=WaAm$t1$+jej}n;0ykEF{WQ1mj~7Xo z08712w&pLQylU{2LyLBT6S(D+5b(wSx4Zv4yWd6Se}w_F5&u^h{(mG4Y4``O&LM@B zib-cqpt*2x*$sVGYop#z8v_7_;d!P66yA?X@*ZX<+? z{$4!&d0PZ;b0gmcP36piR8tv4>|SK-S#}iC{suqt?k1sNVTyV29f`Jk$GpuXFPdk{ zEDDoZrBqo9n3fJ9zVelcSsOEF_IB_ODbX$6LD<}1xG48dSZDm;U~D)Q$$p~0y*V*{ z2sS2U_9y>4&_^MF?<@Q}Wril8Lw-X_oQ#r zOfr!UnzfWkY~dOkvr7~HZO^Ld0L*fY!Qj~s$mA6U#eSe8<{u_@3ulM{hNA{OOkTsRwBOMK0N%p$N_;R>oBKH&xNU1McH z$aG-KL{hA+IS#_J8?rC0%7&hYk7%c-8kvRXYNCu7M!aO!SWEEI;HEL|a-}1QJ$KCe zK?L84ty}1tcbF;)5gXxRppeX%aU2wMh^AO;TOOk8vJMNnXCL!{kw4?NxKzU9#)jNj zhrMO$y)=&fjU>L!R%c#aR&}n|1fn^Yul;R0p2CO$h@AdyPyNFkef9XiX)1u@ldd6U z@@cs~H_#`LEK~Mq{EIJcb+Ke=Ck<)8aN6g1BN?iK@!py#>}fQ!N&%B-$$6-5FwM|X zbS8>FudZ%#kj+M>D8D1_$hve;nKg~4q%p!}N9Q5yjB0<&8`_b?7Wb+K#AoBM)5p_7 zhzmABYxYrCBOEy$J*!)-dMn+(ob)*e6AmK;_GQqT1Y#;S!Cp-b-1$+(O^`S_P!9bn zEFkl!*nFUnIkPvd#^+L!s)DJ+v}I}kTKtx zFskXmXeaFLK;vdAB<5jnW9G9xDBy3>$mPwK_>;r+<|DUu#jPJ#e zM9kBRXdbF5}HU- zy7@ZBceGk61Y8YuiMa1_n1@|q94WC*KOhJGU+legRF!M@HYx}biiitTK*AzLN~A+2 z6zT4e?(RkbK|%#|(OrvF1f)YkN$D;TkVa`1aqdT1OSbQOe&09F8Rv{M#@YYuv4xxG z?s?C7&1=r-CRXi8u#B6N{N1d%H*a03cNW=0tkTCebLN~?t`diSW}$%gfz6%tzLLxv z$coLUgWKf{>vPM=aF9o7ze~+{;v@x$ZRDc7*I0||nvkxw8+)}f!L5v9d){@41(5#1 z(}i5a)^hIkRFqPYvLQ}M2ibQSzieUT?%Mi0)hon{)SJb!`37Yn4jQocadRJN;2(pV zIP}y{kMf;?lA6F)T3nNp{gYp-3Motnw378intHYPGNZB0Ncu(}bX!%rv#zdI=Vy!dF7NXUTrdsTag#~|PC zQ?=lI#gDUc+ZCoJnTkublxfp`ROgn%OVaKZ72))Tzs^7uFu^N|%z9o8(o3s7!7sDz z(VCYRiIP^tdFN2Cn%mRpI-Mc;zOCo`mG5LuUrM6P0{6;69YfZ5R@Oo*f`qg9aI%}P zv)lGYlSWr!3H`0oPkq!zNHQ<{^tqQ7MZ$S)JVerU$Cjnybj~iGBX!fVlfA&e-9?KO zEi;CxpfShBsUV(!s4%mc;*oM7p1q-}Z;P^GhA3}jALNa+w75iySxi)*$UyMd z88v>}shGaw65O)Y@e#!!LOSbgE*Wco)(fwNQ$ z(zy_#+i4(ko$Llt9$lT`NkhFSJz43I*`^mlVvMoc(#@@EDzl1dSmRZ_)s=m#lpnH2 zWsi4Dr3SXk?`8R7Ui6wzlHy-^mGc9Rn04=1a0?>s&1koaFRJFb4j&Lmd3;C;Ymw7y zQB1R4zRJ~@8+#TDb|rUEaxGKyOYvW%Y0l%_$+Y4^P;S|quC>kF@)J`^ z)hYFLI7yaypau(AhCcvR?*q-gA3VFzecWk@Adf zSE1T>Y7SD4#+5Xsm3ohj#-6Kju9bNz%ZKkTCk>Ma(vrDwP4-><;xHN)ZND(=0%xZy zyPZolI=uej^HW#B&}%lluO@6$R*0a6wTX>?z;w9Vu$wLQ+7PxBz_5#DLO} zJW+oJ?IoeM_6JIw(X-EKD5%8eGWfww;CrTnFoxPd(%;t%+S-XTK<#cn7yjt?_`yf8 zU^!5KgrL7Q86ydlwsOKJ96YeG3ZebzmOFR_dRGN$<3Z#>1_&nL!lq>Y6M3)-hE->0 zdkPg^kN_Zz?VL#v9k2$qC3I*+{RVWF1!xElr=2N|4j=W41TaodDLxR`BLyNLZ1DNC zg1iZ_KzblXs-uLwR2Q}v3p)h%uE$RTqQz6%)-zC=0|?m@0Fh9uHfvElm|CDu=NoNY zs5Lu*X#{=kLXZa9KgtD$>DvoLDmEZl&~dSzJi-RSw_*W?RZsfZmL9bP)ByknYykuh ze6Ufn){jpe+n)Q-_SAoqLw8k+Wd>Hc9pt?D%GX1Ra-M<(PX#MX8#(2GYANK2xd{K% z5oiRWedvLRm-1@TY&-^&wT>`lF4-rJewMm8Y}c&Y+@*1V9YVs_I7&%`yvZEaiMK8d{~c zmIGT7-u#0Hy?uh<2Ya#37r@p+l~0MCEB=J{)PO)4ypGSLC@9Yzz<`s5{vZVBe{T!1 zU_0DDKz(8^KX7R1SDoomN7>sOA~nT_vr`}aWE+sF>Wm0L+)ykyPxUUD>@?`MH4njU zlwxRFK;PUwuq!|9zN+F^pjN(uJyEo3;W z65nR)3&D{j1|!Uwj#_}j{RCSD)i%Tg3BcsD~Gs)HppDoz0 z0ygxisRN>#xbIE&HE-|hzId-OP-B_MtpU7@*RNl%|7fDhMj)E^JA|kwPJ#4)`PB!A z-Cft-o*rj)_>B}I36(CoW|V|B1LrKqg2L~b4zQ`7@>eFK&R~JIj-#W}!oq^(s*JjN zjNQGN!-W0SkA!9RbFVDNt1J#vJDg8}x9CjsGuJ z{pf#-Uu#cH!;E^6OOg0&K%r$X@$&`+C8hMu&CSuTtxIu+hK8YMSlX>vwk9 ze|dz#nnqNCXJc*)PI}dP8B>H*!n~fOjFvxsNk-&sQi$^dj%)Oar6pQpJ@c+n^U=J$ zoFgfXmzk~4-!F4#%=$j;;-J-BHSzO1wqF7V-K7VI$eG=AUyF~f#7kd#m%LhB8-8Zq zdYX`>JBz)%eRo5$&A8x4a=^Yu-*>-)cn&OsX8S(nA`V&NaRnt-9 z>Ran7g%qWp+0$+$%<)E^CD(hlJ!Qs3UxuE)f91xoVJ}EL^JeA8jAhu?kC}$Tr3)-~ zKd!I8S5sGa*x%jA`Ru+m>a_bkC9J2XCt_p8(8zC4_pRWk0`;%!y)cQ`u@{W!S56E( zkp%*v?)U^|@hKQmaN^Moy`ZOhi0J5koxT7y`Zfm+`eg;E|XGG`m zy;^_P{Z&b^-SJ|o9nbI4t^x=r)~rRZMdj6Mo_!pDZ0(*i-Zi9n-;k7_jkw$d=mhh1 zu2MDZCFq4Y9oT)1+B^-9JD;7MJ-@sx(5DZQ9FEx0wSq)tLanSNOgL-*o%#YBZxGaX4cg|_jV;WBKPT>Uk7pPQw z%BC`NlB7G050|CFib|g?d+bPLhZ1Klb@%93&)fP_1b8@qH+IQ<_}1S=GCHC@w?vKk zcJi~v_qSDMmkU_J+y(6Sr@a=s4mY$nztvz-BdRPzgU|JPX>~3XL+0Aq~8Yhj!UjRFpGXZ(*34GX__u^ zsLDgoX^c+5Ui;efg;&=!JN9-qSE6t}(uX{yeg8F;IFsU&YllJqq0ifQeGQvPce=b@ zAsNL4QIg8rNiTybVC^v<{FlQ%MWnw|8>JwZ_gdz3>x-0>?6~E@OnWD}p;r=nMam?7 zHu-C1WzhcnthNbF$+k1i<`cH(i8R&CyBCb7mXTUn+zx&vxB14S4&oxz`kbvwDD$}R zUvp*~AtcHB!%2B*1V*OZ7g!}#)Gzga`XtXk9uX^)>u;3aD<5}|8!@-kUO4a9JVn&7 z)wVF9USK_Dl58V#Rl4Zi4f=tcNikUmbE~XjWYjgjuDR7U4^#igdA_n=zGsD z48J{<8#ZFs|1I5=V{a*y$Ih~2>Y^k)J{)8Nj608XdK4TIQW~JCtfW-Ndu>xtB2m{- z>f5d=J--mAp9L z#)_JRG-mhYVNxqW@< zqgj_DM^pBxE zKQq;?mChf2Q5g(>z_gB_>HARf$b=~`Po2m@L_5uD`rASK1B4w7L&MN=Y$j#rZF3C1kMA*=$aa$e^07F_D!ob zjYOU_Vx?oQ#@UO7NWA@f!=@B7dw#k~?(6hncHgY`@>eP;3TYY{*PY*W@AKz|JiTxy zyI0Ob7RU3oxbb_32R@(Qus!O*f<^wgQ#pD-aWL~RyG-xyMyo{n{gop4JzX(EtykoHkI$nni ztW@h%+dTzJgr0E0z2LxaA1s4UaaiTe_Px)1J(tOYU@y6sL*I8h`Q2b8;knTVIu(k6 zjV@dF^A?+kYK3P)!&@mRXFh&Ww=+GQBzMqgwraw%I*)ahWMDAl{aPDxi8lJg>ciew z<$AO4d1)BlAlLif23sL{@kDMhXRpoPRg5`dnJQ7JN~J){F%~T|EiCwE_Da4UX?f~jd2(AA-sb6 z=Q@xfhc>DdAaC}=FhLpV&D-*7-z(GgrFkUAs3i0geC!5RD(<=F)6ZCz@;VE=#H+GB zXx*#wl1oebe1RL;LBe{sb-#5jTw-bYwE)R}=QWo+>3GNYze!g!#S%y=Lry=JZ$l(+ z?Q|TkpZ9SFsr-G@(6%-)Aj2jXRA~Tut@thYrvn*Q<3i z-u}UtHdL-hW@ja-Ct#ng9Lg-d5N( z$9$J?YU@m)_TlKX>Kj#d*+t!_U^rHThJE`m#eKHi&0dWwNm-jP59Bg=FMo%}z`CVm z?T4-eJSTnZ7c;Zc2u~X);za>vv9QSf&D$IT@}tO1GWOL?jaI`K;a-52d$l-9GxZ{Tf^F$Ju)dl?gX**ixu%H5R z(MrB8Dr(4$W$VGE+1p&!tvY(+CqPE=r~O}p1H1{b#pjizRE;Fy>hPZL2h!ZpyK^PG z21xb3o$+>KBu{|5%JSS>!5@-5uTgBUF zs}rujqfJ!lz8~2kjkuA&mKJ8$C_JM(I@5Pka@hs;5uyB!b>D}Y5G$0)`ju6;(J51x zk>qed1*o~F%B==k56>WfTTvS$n!#_^DMa|RB<7vvUPt34O<9nH@2TMhH-)eXvAeVbMGdj2w1#SAV@ z>@j68gRr=bG!^dpkxWxlw&{AUFkV$Ie{@&v8qS>y{={VTbTD(3Nvv5MXc$QZE3}$>eH?#^d*!I32Xt>$GcIfuyxBLBNF9HESh45BP9w^2 zyU@c8Q8`XXMaJlMiSQHgb#3^7~VT%fhoZgq5=kGZKfJSMu+*MSU!$4XJuzUy2xxehS~M% z;l)e|P^z)k7R0*zhKO`fQUe=;PQRWE_}Ukos-S4;d<-q6+jlvX9k(4lIA_ND{sHBd zqbSg>SJ^qRoT^fmj6ED46`hoiwzv9xo%=KGJbsw5$lXYsh1)DLx%srkP7=1Y z^SkeAsQY;Pwn0|QK&6F(sf$MCC~Wt$J0GdJ%(%4z|8mlMBoz%DcR}_3mwoDPRqbA- z0@Z{~g3Jtlk8^L4T>1e4cV_G}W?+gP=Ou{uB$c{O{-uJtIuhnku7E1#K?+*g<$4rD zIogUbZUsL(!`5@dD2=%|l2_}4Vil+tJYIWlv~PIH?J{*|Od5wdjD!Es ze3tA-ZjNQ};&cjLk}|o@mqbFFCbZ<8PJ?vPPS{UE66tZ{h4_C3W{AQrNP0e2A7Jlw zTtOw`m!k5ti2p&8mxR2=mX_5z5S%4A>&8Dk#|0Q>Z@DYV<(|h?e=zdW=a*|CTUqM+ zNFrAI({Mwg$Yjb@E~K2Fr>v495CeJ=l0@#CJ<{tHOu5Kkc^1@mk`(Eh|GP z=W7{MR#a7u@k9AqySuwhO-jx_hofi$cEIbwCFbrgTEh%ktJ~NK zE?2#4k}z=udic$kBj(wPex7^6H}LTS?#7YXCzJ)O zz6dq3C_+pTKzx&ZDw%X0sJ1-9<9Bmd09-^jI>yF+bUEm>0F%4I0|~(hkSNzA?$6Vlk_fz}28#1mEJQaS z-J!(W016XN32VjlNd^cn-TbBuI#G>xjQ{|sUSs_irRs$+OD)?Uptbrx_z>{JjN%8M`;=WEgTJ+;ImWmZaHiCi#&=#vF=1OOx*j^lkuv$_37_E;JBK z1^VAEn3EtqYRU&zd^IAb_S`Duoe)H}=b)RagKo^1E;}4KCA^uyw~Fn9c!&x>?Yz3L zGqNaXg?a)Y+;~)X;^ygMsHrp9=1F?aCs!t< z!RNg;<5ba2i=ksR#66E%5p{52&F6?6uIfP4*oL+g`=gNx)dYZ937GT9qnb*CZuzDS zS+Mp1sduuYiroy|R0*0euh{6(is(EC-(reOmcqITE?L0`mk3mX2;6Pp68!hD{(D&e zzj;{cnspvu%lpDV_rpAZ!FIs1{yu{AVHRR!&ssiv!2n^ltT1jJMrK!0^YF~v&)n2x ztJz)`dZcel%0*(&zC<1B{gs%782n;_1=;ual}iqp)<_2Rj1E%o>phASC-93fk5Tl} z6q*?dY}_Kt319c&R;_q?Og5mz){$KMBZ2d=%?W6h=iVCfZpuA7(#W%12>J|Y@c)Ue z7CtMid$N>Ze)9}H0CEeteTiTai&V&hcp?es%4kwhI_{Sk+5^mp$$(qzVn-L43y6up zwH_mLEcdH247E>(^NK#)nn(nbCitcaI0r7(8-SnFZ86Se8;z z?@T+%dsBc|LSM^jYo!)jq;88uI}&&V6!}?F-d=zqa!hX7N^1+KN2Yk2A|ZG&|O{V}}xX%s}K-^cdd6a%YfHt9|;e!{I?& zRO5)SL;BK@+dqG2R9BCPM+QS`XRJ0v|YC76lBbQ`b2> zQ$)ACnmb3Nt9zM;c}Z-?o99-sZIan(&JMHwD9~67XKLm{xH)}WVyB^;Or?0=3kYs%Bg)Pm~$B(BZak#-V1EwDN?|31j)DH6PhT^30MDg zfu1i3is6KN>;whvC`m=?QgD4vvJhP{u1 z-5Hf6V!Q5pK4fm~%1@VA=ccEZnZk+@NHej10F{rrC}O0&=Nrpj4ouMR3fH-x;Ge>e zU=NT2bcO`SRaBDr|LMUeo(7q}2J!!>XVfo%Ggp}M0Us)&+ zCj^1glgY+vcdy_Qr`0HHdniUY$P$B(P88J`C3wtiya;vzIY6);p-CNdP@ZO8k5Zt# zf+Qz8q<^M605Wmt%9mt<63M?-*Bq!{1#iuIg1rqu_pdpEZPBW60?<{r-7#2D>6wpl zXMn@$Skc})V3`Jbm`qXJ7jhtZ%ooWxuIWJjcmskI4b)E7KvVz$?Gq9x#?LV#i7#Fs zO4XIbHL#d@8X$l^Bxo8`%3KX8C`jHNuGi4Q`M08v{(S4*-`}l%!6UV|a z&OxP9InYQYwGI@UBsrRlO2kqCrMqd&lV!(z4JM${$I^_N0G2yM4OzpkSwHF?I0vy{ z*tCWxumE-Em_We&cRBxEPEZr(-_!Y@mz@sJr>#x065tvuW0m0`O-IC=H`(vr$pKKt z=CJ)*2@qI}|7(FYhM$v@V{BsbkjiWCEdqfUIXr`fX(^+7u(!LAkI2tgmXr)B@l$03 zg`94LB%{cB1;8s&H`FJ~g}DhC$=!?$sH=^{HZ(FSsse!+ghfR~+_d@!hl9W^k@)D% zEeJZ=l->;n2|8>V6E)COuK_?Jt9=C$bo>@9+Y+Z9?60Kkh7~>8wK~{{(g=NiBwlN{ zae;@PS*t>Z>vDUUqWsMZ@~Wy)L&L*P*=!|F(NR&{Y&Bc~^u!G>uwWvcr-D#|{yd~s zOwO=zUEj)#Na?Wd9V_c!YLM1GjqO5G+N;Mx+pa4gKux}~bTs7t5 zc~f`6Odf*+O&-fi)r$v&r+2##E7E=*Zc?rHdr^F;-s7E1ILNrLulM#Q^}Nsoiw`I3 zXcS%dfWBM%*4wil%y%JGB_iD$k1RbSqZgExTrDe%QNTfnm$$#FiDahklzQ)F&R3HLixuI4vM3rqfKOwO--Bm1L{V01H}OU)Hf3S zLL67NHdYt-93>VH6UQxP)HIS-{r$B!%{V=Q9^5r*_JG8YX}*5r+o@9vXmIG@!r^6d3}kT+>Wq3 zFDJ*|Np#T*F7$CR_R~gTVSZOA<9UgJPFe(twB!b!;l(A2$ZI+wLRpLO2Typ#g>RXa zt{D-OeSVr!|HYueRNJgFe|DN2mq$C9 zU-Uq#OqiIvNkMm>-Tpq$~sl3vX6iJz?1KA%C=^#E*%Z5b`C zJoOSw3Pv~>PjPYahe(hxrnWwypS`N4K#);SU_ITE#DCuGDmb(3|MM87VuU9y!Kl9}bdzj?0 zv;LeXlfIXD3F{{T4NrY&;N$NXIly3CPQweYYE^sYb_gEssnlWxXj3g-29(Tv!$y=g zB?r-hH_oyPVg(5ubE-imJa&ZIcg41~vz4KD7^ZT}!cWo7#QVn`Y;L}Ng2$~!Y0>+D z8WDBC!#N_ukoCh_xZT>-e40pNF~0=&HRcU!YYCr-nX>5jU8SkUDK4}*^qv`7lk-b< z*VqWFXMzLuhJFG#k4^-`?)B3_4(OI$_O>|ig5xo^cC>z6%=`d+Ps>a35^!D1>7L%+ zwC5MM+CMRfBuupi>U`x=<3sC*T!0f-|D(+rBx1WPpJ@Cfu(=?9DdEv@@K~GUgC8$U zMdc6-oYDiwIdS-FR)dot4_fs7FMMugr~g^}h@O&r)x+?Z>{Puj>Xg(8~xd;9s$ zF2lLX#wu`T0&$7o2$`x*RgOlhylggGG0oAF-^jL@1Cx1zw^gz5_thT!L<(!@l|_J< zAk5Q?m-Rhn+bKAos%UEVf}B(DM04}=od`eO(QN>fwrJo1Qdd`>XkIMit9`1upRA@d zUA2wk0vw&%0>DPDtBRLp#q7g_SoU#OvC$Un4qj_}`}}CRQ<(>{m|WOKii0gid>RF!eogzM0!pB!f%-18L;D7fxWs@IEG+xp=jxF~2Uy%R z-pj1?i=#jsEO&syPfpFS19r?W(Xa|7 z3WOP+x?3|2Op=3T!9vvhvCIMMxFA=r2UR4m7&6QHSm#A*?tw|2juHKgGM~M}z|-J9 z;+~Fzw&Q`8)HL5ufcM*`)C;RAlJ)u&N+ z&#eL#`e`+?<0#1xI3DN;|Gt6V=)Eg|JQsE8vM47D^@JW+JSxrv6wu{O3%ZSGVaLTh z0Ltj9(_s`p3bgn$;om3l&))reSpPk&=)(#^tYTtfT!Bmz*ZNXyeG z{dy1wRacdP(*34=5t%`~4-G)J$+nIr-N6zEQY~4S?DK74OZQ_kGBT>EsdY6`dF3Dw z3|oRHeZ0vP;DXf$yV>ySjcQ)aX@;3}m7=uVc*Lm!nFR;B`U&@fESa6eHW+-LFh zNC}YI)SUsM25f9Na5`t^f{NWbp8bb^82U@{^y$E%ng*nbEJK_=3dWYnfj%`vI)5+m zDOM00eBc?Qy|gRea8l6aKJwp6gYAm=yR6;~wq6b=gw+SJ5N@rB>;CpTN^+egYx5Nm z9<|e*r||{NWLRDtY_)AjVh{Uo&pR; z;G0GL;*AhP*1(q+q8IuN#%|Tl2oPNUDZpo4Nm$X*w$|phA5Upke68Qgw}Rp34lQ8u z{x@rr039MAP8o~`lEOX&;ypr`JPJh*AO@0Jn20l=>l_^khWeAheJZ8&SF9p+tcsFt zW(Bv{WgnR2Wk0mZxR>o9yFZ{E*UJNwxDNRH1(quboPfmSs+K!=x%L?zcOHLMAK|$D zr#3D*vuHQ2)QwQ9_bXj#?}Xtvm;tzeeo5BXSm4r;rdJv=O-mLO$;dMp&#ur~cCNNQ zOZoLbOi0a@|7t=uWV*Z5hl#L1p#budO-IgH-35+?7eEv-038M0_!YVo^Uo-NLmQ(u3XOrbn# zmAxiZBk$7_TPC2T*nzxj@XeL<#!a*Jd-p=31hs#g;4#;&dEw41v0V?G?=eb=`wU@7 zN^Z7%yG(wX$Zw^o2*IEjscfcWD8VGYlFpXzGQfLA-HV^jQ_NSS>I#;|v9quikY;kj{MRkNy)Vu#tfd6o3{EP0cuZ zBV(X9a{fZmRh=xMhuARNh-VsowzC~%_ThM9f&T-qo9B`Q*JoJ{Kc$`@+de$x`SV|^ zglkkO6&IZSD5V|e5u}FKlKk3Cixjkbd=k>mlUY#6>HJJ9AFjiKB<7c0_Fbx*1{S9o2;khBbVj$=8kUw39L`n4{9XmP5Of%}Aq?pR@N3hBz{o_C`6 zZF<|n4E!Q!J2`9XsSdZr_LrTiyW3(o3vcP(djheB!lec1RY1IOi@u}y;y4rQojWs> zj+&~fbIZX4hb%=vzb*B2JddLVQ4O6T6`_c0>WJCnJr0&|ug_-YIlzA+lvu79U=z%c zk4k3GyKvKOElU}03Dc#04|C&XIC}~f+Bb7`K9tjJCT650gb`-hmP&h3n2ii$OkO80t;lIlz)_5R z_TBIuJJM0XF!Vk~h-9&KV*_`E*CpHgfdls&;`zG!7ce+VHcYsNrk0&w{KN$`=H9LT zR&Q!vjaE{Lo*a{j*-A~a_LnQqMQ>c=j9lDfT~IR1D!oO3-FSP@b~jwt)(^&;R8MuV zinG62Qq45L#)`7>$v%#JokOlvD^s8QL@EHcqt~i(&tk6HPSz>1(FH0^;tOzH{d%T{ zj#MFUZ@@xg_=TZ?C3?A^G^3W&%g^QHxdl=nKwM$S4|w(@OrpoDv`Is&H*rQ9dHc(_ z=l99}D9MMFs$as9qpo8=?ybee;8WWS<7%|f3Cfw!7cS}ZSrz@6Rk~7#I ztmTkB5X$$Y94YrutW_pBN&Vt}&EOYXcj1>w&w~yIN7$IcbgnjC*_z?sNu9swWF+6N z^LX5>)$Xj9w!JBbLe_{?jPfpbWzl?3SgZ9{aKXyU<&(c8J*6MQg3Y+&*{P@R6BfqQ z@!2i~4REvYo)3(5UDkkZ)88?NtB}7Tp{z}Vh>OvKr^1_c&Yspdq-N{aQaM%xsJVOkH`rwLp!bxZ@279BI!@bsf1sBOkqB+9f{w zDmjGal!pACRApUnp<96VERWvf)O+k}acqxVp@}K}3lq}Dn-twN_E)|?4sYD;4%mto13cBg=$2F?%loY_VdnC; zr;O&T0{)72in6ibwj!n~%TF>|z{hG zCoykPTM=h6t0+;2G0M3tX@)qMBRq>NnBgC2`Tt^{mULvY;HWd3y)RPN=I!TT;mB=& z-a*`KgUleTWRB&uAsD6VD%|kKG$`7&-_n4)8>z*1up2#upFoj=r8sr{cA{M16eOIM zBLkJA;dtz=xv^zsW%fV5&UFmXNs%HzH1;1<>9T@fc%$?p19io zaWR6$3uvs#GIaXg>%W|&T!3#U!lzfdJG8Ag=%>>W(EAK=N^88kmaU^JLKH#YJnd&RLCD^@4fz zk-`iw`V9ga>P9`}Bca0vpp4x2t9D1@@Occm3}%*P$T4qRtqBc0Z*sjGJw$iNLJk*Y zN3l}4I3YwQ#YhKh4`7Ou30my(=wT2;dUDe9Rum)~qzV*qc=>$`+z8-N77o1q%H)^2 z1^q_=GCUuqM4_PkSYQd)mv*wVU>-ofk(n_){LEmZYWw?2PBKfE@}NUUM+-Pm~wP+*qYOz7v>1klNf*d?uGs^aewcpP8|4C2c{GqtVIYm z$~RK@17mjUmykkwCuGk3+5&S zKJ~LRpnae~%qxAgDWS&?xjDoPcu$P=bJW{<0_#Pz9iLx|%I?moSiE zFBTU_NznW13858sTT!5z%ddGk1Cwylk4=wy0!n9)z`1-kV?RDymse9>Qo?Ejx1 zSD9xzbpqIb&cL|>$%#Xc!?EI5S!j5^06GUjcVw?)I-ZU-VEK_B9lf5w?`6q}+l$_1 zT;j@_adNWtLnbB?k2qpf@(bMK-1T-gc!BvmdLK|i;)qfL9UPVO0E75LVgG#(P*}vT z_I*HrsB|;ni_~a=)8pnQHvQLUe*ZHT#9!5`KDPylYyWy3ejja=kcKL^^Z_E=eo9?w^tC`h;7hfh_{Ud{wg6WJs*xj^O-GD@_Dud`hDU#7-3NLyVrt$1c{#iRN#Hq( z#`V{P9ic5f{qL3@E!)3adhC2d=j#8?EhR3hnVCr+tMY(Ciazg+@-?@#C<5J%Q918} z*DRWy`MbvnDsaya*Q2AZT3dpnJ1g2z1NNk*^z{FdxzbkJFOKooT^WOvn5kAe+-*Qk zsOw)c`U!Y`dOm}Ls=zB)UV9%zQc2;hRTByBtv

    S(XYCq96e);g76@2K7fFo28M7 zt*w72%KUUA=SrqGV`0`tTjG#E75$Kn19Cj{(F`3cvD`ZgrG1CF?D+M!M1*q?!kF^) z`y=z~>-yi4Xh51VZU(at**-p$McS3lT}ff?qaa1d4G0drwf~;;EpId(dAB|iXa42` z4vqKg*qhbTTZS6HNYs6rtoeX>@wMUkMf`w|ptf^R!($LFCGX~jwA`85lwxOR7dv&S zflt{KojT|DCFhEVe6|(Ncfd9ZB|1L|d`dP>Xo_Tad`PZ#34hLHV=>^Q4~*;b?2R2P zSUU*359sS%<3fZkQP&MVFy7PB=#>vQr5C#MRuInB9_xGyv*{vBZT-R4+>iV^#)^yo zOcsJ!gWWP(a|e$L4Yjti)#On2+^^JW0&KNHt^xH2gvid15{solGB(68 z!5KL<$}qa0_9E)9eupi7X%H5kMB3yc#1*G|$>5~jKFt2SEo2sC{b^BFJvQ`PS04qC z6W)$>%^brsnFuh63L(h)1`~0mnlI({DrPA6OnbedZ!8RZo^5+M3o-SUGOXy+nV0Te zsbc{hMXFiyGxKfnQQ5k(dBN`7{kDw7xUJXDTJepH!IZjuzaPoN7Erk%GljT zGX~MSS`t1#aebRh?y%PW6{+9a&egNqT!it{+etMkXN=cY)XC&r3n8u=& z)D#|Pdq^Mo#dzTbW;k=Nb{vI-dF!aGbDBJR=Y>+vSXF>Uc!+flN@>1IneJ2yQRZ_L zgmbdA8oSCB|=m;WTUPZ%O2P?fxeACNCxKW#a8Gp?G%4_W)A!%*`zK zzCp{HYWBR%l_IyRF0Md{$H=k&P;D=CnOC+gdZIR`X`Ng+%xNqI$M>w=KFtl@t`#e% zH(f+4UTdD2m-Bm{@6_6#D7_$07tvKf9&2vAoax&BVV?%RJwOzFtY= zRgja(j?eJ$u1)b1ue{2f4 z?A%}3Z)18A70|$~TT7zKNvz^KIhRP5mjeRcj2VpdnMl6vbL*ONG4M=M15706U)c+C zm*Z;-(p9>jH5;~-6mRjwUA9t8w$a)*U`=B-xEJ&!j1U_}wOd-6>>|}RwEc)uVJg4N&kM`(6%qp3Co(>sd7Zq%vi|$`KM_;#kICdB4u%Iw~hb zn`@40cTGoBiQVu;d-w+VSXTj3V1E@k&V7!~lFqW&fG=J#V9m!B{|i!MvR;brM}Xko z-Rk`%tJ5r|yRXp6H1y!=d>)7UTliR*+#hl5ZZ!a~f1}}|HgV3KTWGuO_iJQ*0KGxu zCmDnizhMV)!awcR6ly3EwC%pP653yyQ$J0?Cq4PX%F4)nqN<8q;_^=)M5=U^M}`%{ z27)NZ8ibk3ignuIq44rcCmiTfo`XxL5@YR%2onwl^rb-uj9zwau7u#ma0 zSo%tRDSG_i-1e%@JvXWv!#J^6T~QXbVHRsg14Ne)%Ek4%ZY3I!r-_$6 zb{jcGPFL0_>+@wijL(;A694~+r35X1D zf&o0*0|2nQoEL{@!B>+iDl|$gM|oHZQ+)9XV;-BCJy+)@vF5ivsswi=;Q*NnmnJCb zbdR@C;OPh{mX}kMYezXvK>&Z2pO#;I$xyY(dJz8D!K-gzbAK-kBox>XeLLpWXFEd* zLslgnB*k61anPsZN=5vM8U7;tiwsv@1WcxBanprf+$4!Jb=JZSgg$SHJuZ}D>h&4@ zm`@0j4G3f;&*{otj7f>^;5so4&|~D-Ax^&?$O_9KAk%@vB(;SFlY$pgc&^2a$1dM< zsTvw#n?If-!Xdtf4_%VwmswT-K|?=J$q8WI!Htk(ne^1C=F5BVEla8RGI#AA5vnK< z2p6}w&x_w`=T=U;9=_A=Sa8?lqwL0qjIU+NT|b?LUuG~4y&^WJ>`O5Y7V$MMO4-sl zo0i(s*Ap@s`I1Sn6)AJNYlMob;s=IVlZv<<_SfF1(VO*6?YuoXDYiRwjcuB%EUzl- z;l@hq8+Go%RY#_GWT3EfU!nhmk0xR7Np`Yffu2#~xXaZ^eQm7!gZyTXXLZN)D(B<3 zAI_ENK=D0uPqGL{Stqq5Q~Jw@;oQzFNZFOclqZ34TYFbFh@VM06ryty!RgtzBWj$%_okM3nP~s~J!)h!>cCl{uHb@&+X}vT2Jml=5BGQbATS6O z>VK#8?{58dI{rO`|K6>CMaDlQ=Kli%{*oz+&Cbv18K3~Q6`A$Ba$dTRUGBJKx?Hx9 zXE#As>(ad6-=x2^v4J0+7Qc)p~y&L z;o-r4+vLXpjO;oBw<*9t-~@1LP*PY|?9tM{#i zN5XK!4bQpoPrf zJ0T_qcJSxu=;o`(UcQ=bEbtsIurtxH@POC&dsz;V#F>l^Q;CT_Iz6tdYVYtc8^6)4 zC%YYgcWZuP`UXxfX*~265(BThSSAL@K6gpVs0Ut?E8A!-{9Yf175rK9yU5nDo=*5o zgO|5uxb)QtpHT4kp)x0VBw1Kv+cQ~x)Kh{dpBaCq!Mzk7^X2)n&v8wmk_*g z7?>2`?Xc{YcdLO7a{F4QJBD(UZs3i`PIExM?*jj)}#Ck4wXI zkKp_5+InlAltwJe5H|m7$v0xCbtEkBF_+;S->RF;)Nqxt_DC#Td$7RvPszTR_y$he zi-zEhkQtm26Ml5(ZVi0osg^zA@pG=CCB*W!B90O7+;=)^_;*~6M35uy<6JNq>;p&h zrO;=u&3(ODOYthdQyy0*3M#;H(;yax zo-NF^lmGZZ)o}s4^wTl#x=>;YpdMW7@s@&t4P*a*e8XZcOK6nYXYFhbTg3o0h0|%o zMr>{33E>?aLP~Q`0+l1h4%C#N$FAjnN5+-#_6d9*xcHr_3-bgiA2ce6P}x;(O0SOSDtt<^r%HBTJ@^S}^>f z5l`e&_&B&gR&5yxo;*9e{rsB)dTlUiKAZh5&H3orH@j=@?-xuH-ptN|uUmkA^FN2J zX{1|p2p|_z4=+YWb>t{(xfuMEC=T;F*vZ%d^l92H&Cn6)_zn>Bx$dv&zBE)c(~~7H z*=XMUxiH=_!iG10QBJ4PYG}0RAe>fOYIz5sRk3{cr?=NS1ZnppI}%6K+jyLKs@{-> z^X7isIez@8Sv0_zuttiu;F<^5q@RLCeQQZ|rn$uaGU4#>0J%bY827M#^X0?O5{dDG z|3`b*8P!y_g%u+sRwN6=VHjh8fS@!*jFbpNClpaYki<}<1PMx$k}w2NV?`-R1QG{9 z5g0%~6bMy@5=ubCC@rIgM1+780jckd&U=Gv&HFLG-^*HA>#qA_?{oIq<@@%%=iHd; z^4Y;CRcM?Fdk!p4+Ai{(r|vB}b#ij*yq&~NbO)ZIQ`Z2jZiFl}I?Cev$~-laD(9@J zaIR|ro8Al=wSf-lh|Qb#(3?p@hsICf1$D!6QPfyD{`q9$s3fYS=AW(Nsd z6%QZS*#veypV2)>p8NR5`pB(&wwS5LU>Xi?QV-05IurGwC3vpe0cF>lj(&{lQWfC~e+~~5^tJ}s7irb8)JL{V?W6g|rVIzmLsm>po=^9~E9LFb&`)!sORGzwd_wP@@eNzkZCv=$=LXLyNmS1ZdrRfIh;($P&x!EPC4WYM{zBq9^2K|8y4!g zhqNi|_{>&g$zJ6I(s+-T(`lWWZyX|0CpSlfCq7BsjQkhPM@u>~$nsK%Fm)k#J?yWX z7LW=uTFHF(fV6zp7e6#>C#1+o3m&U|j_SIS5N&Wci5Wq%Ll_1JBDS<1#ZKL}eimI~ zXoA~8WW}ymvlpFBDG{IWY!)(D7&+%;O6#AR9=Ufv zE;Vdd;d!q9{CC#cI?XW!dRJB#Cju1I;p^_^kTO@?u{i4VX#}Q3bfj9A=?I73kdo`= z*LO5vU2OYfR+f@@&jg|N5!p5fwW%wq=SyRl#l5`bU^%hQE$4M^*N=`omDNDJrMvd+ z?bW(VBKj5^e6a=fXP!wv$ zX(Vm60n$`q^jB=-P)mrUYEcXLR!~Ql_n;oD3a)!J!?iA%nBYLfRh=#wLA&^&5>L}*Is@;wzSENl4#C1J>_?#{|YX1BsZbofkup@CBkAvJ+{M_(3z@PRvTVyMO3`3 zI(?I>sX)-`-d6rc@>cilA9c3>I$<SS`2 zYwrxIRVboM^=s@e)176-B=5kNyw~AMCMIrO(pSwFj7n!m=sT1Jvr^_VA!Vp_oZQUO zPq$Lk#dd|Z3;w)_l7+w(a*9rQQe?XAH~8xrfCrmPPL*D%wU7$%*SBf`$glKttA|>N@xUb*yBE=xVyd62^7-K_+WQ$5VV-}V?D^m5K z8|xxH23ah=T}|Y}Xz!{3HSCPkd-o@ekm(ybUd+|j#VrvkcDOCUEnEpMIt+a)<)0!tu2qGwsWSKD_p#{@w#GlFV({H>S;t8&aZ1(Q6-?|5Z8#- z>3f*|ep3BGL1@@gldX1_GY2#~{=yfp(4dm|&E!?Wwbf$nwjd@o=g|dzaHH`|Zi5$A zDw+6J6spaLZyPyYyb)gL?oSNMVBwz$XZ(1>rO`^WM+j$i4QNsJ3zWM%mHGM7N=zmVsH7AY)6WVp>A z$lF_N149vZwL+k75s5~-d-K-YoJe%mjc9kmGLrFoLLZDnud!!(3A|Za^GITGCd?ZS z{W#S8$=AFY6!L*RhIC$y3c8hZCqDJF!MlBD9dZ)67tQl_IAP0K!yn=A%A>K$iD_6p z=MPmECf+KKw)+1v(`A`~X_{5{E+!~;D18HW-vHowu}|OK0_P0@#iIF1{{A;K-XrDH z%{~FupVJ*P(N5gH+QW(l#FCN8DR!K34Urg$k$jeEgwWm2v~FUTWjCJ7qfkppkthlT z#b|3c5?U2~1hu)Hw54-;#9#PpkkzRn_ULz=AWB{s5pPmGcw3RejP5~I+=HcK-V)&{ zx`A@&wmxsKc`_8@!%ap{<0lPGFs9TQ^(#;JLeXd*3;+9d{Xsfp`@?Zyf{bglA08T< zZB-^4sHKzjP7L2Oy!1Lv+0)$RV2E2!QBKU%{QYAO?Cp%Tiq+LkEG3fS^^kJn*+hPd zk%6#>HR0ic6_nuTn{BACcA?0N^Y?i}>D3=bbsJrGCSf??TUR6W4Vyu?O=onu>#&5v z?xKfv4Hh9Cl(eTQbq$D0&0yje82kv`hxrM2>t~%a0e?9u>m4(lhE^pf!OH3@sc9QlOFe%^;;ugIk*cN%-1Z^r(`kGYfs5y(xdY`U^GhVTGXGu}GlE^B*fh zOUWl)gsj$82JG=@U}=0zD&HJj$q92)HXw4(7aTwFg?{9RKs6CCy0+x1cm;h(6>#f^ z4bty1fI}FZ`?L`P?Xjk57Fpyt-n*7ftWAIj0javU{+}w+R>7gam-!|)1cKZUHd|Av zS|kUq-068PaC#1>+{yFnQa!hON(a4B`Bix7=QXha64VF%r(N2kA&ow+im9mm{uk5h zx~bJ`cgWC{fFim7rYLr|Bviy@5y5u%veboLCsqF7`dfcEROD3BEwa4%c!>Vs6DuGvku(~r~#wP6ZvP5tG(&#%wv1OlzTHdN=I-OK%(Q{$bmV6 z0X0gjm8b%YK2p_X?cYf00&N(JZs+f9aBLuNVkRSXHU9o{Ksozh^qhUUh7u4zAW`xg o-~RVHfC%#3`~PYE&#l(Vx*OPgAI7of_%+~XZEkN?V2Y#s3j^lty#N3J diff --git a/docs/img/log_search_advanced.png b/docs/img/log_search_advanced.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ac422ee6986906d5e456496a0103c7a753f50f GIT binary patch literal 75367 zcmeFZXH-+)wl@qYN)fREDpIT{Ri%Uuih_U$ilK#21(6nd3sstefDMq|M0)5Y389D- zL3#<0Mv)pwXdys=y!_9(=RWUv#zn{T{eIblk-hg^bImpDZ_dqIy(bzRY!}%W7#KJ- zA3b=+z;N7$fr05L%dvxBXoB?b3=C|rS88f{nrdo-dTtQgSB^Fe43FN%CmesSZ+x+x z43$9XeLNNQxi3W!rB#|mwY_@nv)+A{qs+*=vP@T_-bg)cx_64XovFj<6g&5^)`$Sr zW6Yj>qN93a$3-n)QkO_$K|NFw*&j}(H+U0JbN&o^B-gO-&y9`+OWjMj`J*eIi;J)2 zJ13)PCgb^eri+m&w>((c){f-QwlyxcfEje+YTtcB?eEd)!p3I)H+UFsvdqYu-2iaR zOxvYSvOP3r5VT|HjyL}PN?ar9@_qIP+kH|(J#J{J_U^UiBst5=&Nt(jR5M*Y zkoy%yQc~XR=$*fr!s6r4*h#vn;Py#Y@$1O2e348AIHE&2|6En7mf* zy>-c55@$90rQMa9X6>p~*LBJL!8&!Va@5jYREzV&7W=a!yVv$t9a-C7`i1qlG7&y0 zwZk@s{PzmXKKk2w<^RTudW3en-fb7M!wWsCP;TP$VNlsZ^^CiVSxI_Tv?kc0{=JQ@l|4t(#)Z_qA7oN@s@NON zFTJc!gFqgHE0lG(>~)6m{(!7UslBiG7*yrif@?TT%WpzuB9j^{7+D`3Ii`2CQ1$FQ zVfQaM@lvwL06A9q;;TxX%i`7z3O+e!h{oo!jkED$|3&era7jN#$ z-*vuwDarFL@UD=}u@^U9EL41}2&s5g@v!2!O=(B$z={-K^6?mruAJe)p23I(7VsyM z`rH6ukUA(apmAO{LOitlk?py=Cna~zPrFIUvBO#5KsTUU-psKi7X8Sdw%_hXCut;k zCz<~S{s#Y^o~iAu?I3)n=a;EA8(%idQq2NR#(w8{n2;T56*YCT)vL8#>-_a2xfZ$c zTF`iLVU$Uekws%LGSi~DpPBQsrOlCZxqGvWL3Z1L;DrO%TJdkTLR z<`%wu-aa&MA8YSl{j9puUc$&tl*d50DAhAW8U`ySm53XZ0?GOrLw&<6=+UqJg{wxN zzP`#y$}}z9O)dqHZwFah+MR}!qo>lZ;|2(B(KfX+01*d~55VZ*FVzX2#h%raV2+j> z9p5@;E5t@dhP_bBw=lh4242Qq8q51tfC}Am6+0D#k+!rkt%JgO>Zrbb zirBeSVTy?KW27ALff*wJOkQaC? z@Ji#8pix45P#!&pVVU8cDpZi=#c|RJ|4UzaKcC)kxGgSwvrc%+_|2=13(bJa47CRNX*R1jB>37kDWcuKPT zhxJd`^{d)qiL(+YX&x1<}FnQ-x zVjHeI;HUd+{94---<0-LhLG&F&)44FkiSNHd`a6)OIX{l)qC1-jc^SrguWK^nDw#T z`@8WMlg5+PA4TgZ+{$Eqc9drTIB1wlW#!!Wf3`1)JcSG;er{mQoy{5scXbOdK#V}*YB$x4i zqbs0~pu6>hK`%kKimEa<_F!B{*k|Lg7J;C@upV2HdJT&N<8J}=zn`uIU()*OATNHg@-pmu8jLT_1 z6(l`ns7ntL%ZS79AMPzU5rjZ`oO}@N{z`a5bOVos`C7e4LwoMrl1*e+9&8jW=Q})W zPm?Zka6%=ZgaRvfmmg#R%`u)tA|JpJ;;|_~QgI(#n1zE#wcDlNB@C~RrM_oq0#)f|svl8pWMt5^uhB?9Ermh%p4!q?#Ax((um$gkGklj} zn23z!n$Hi7sFGy3XBQ@SWE5+9hOTG(8a`Ic1Lt$n>HPK$pM|{8fRi8(SfS_BH zE1t-F;L{nm@pSWaDG2@`!EKGQ&#bpL+sMN*jRnOQ16<;83&)sYY?x%W$w zPIby%4=gv7I(kZ#f$@)*5L<~p#8}2{{4>FWyLOkEj@FC) zR(DPQ8^vG-MhW_{zca~wMYRcY-}zkL+dne+5Bmo!LKs4XnQrl&DH5H$^_NX`s|5$w z`eKjwF#UB``TBx|J^Yql^PfizSY7Yf;|hUaKvK@NN>FNH{@2GKHg6eH>=^G~7Gx3Z zdwlfb^@(a1K!KCvC$o>tUHfvU)?^k+CMNzSEtmI4FWS7ZEy6m9m&m1QyWg2q{F~?| zR!-S{4z4YTuz``drSjYhNV`T6f0d!s^USAA_z3>g<-gHC(5~-1f)gBssPw;aAFTR` z?bM3QEtTUMf6>YRH<}Nm7y9L7{~~taQF)=(qL+y;sDt-V2(Oh97_Lf3E@fHBoWOm~ zaO`!S&SjThA2jB%pN`G{4pc(51T~23#?c9p70`zYJ_qW2yf;DV>ZzKhpL?+z_^$&{ z{w%NZJLC1J4(KYBRw<32F7tk%ak!Vn$??Vt#`^1VlJn zS|La6P&;H`GPP6}oKeB;UoA!((pA~Ksq^a+tQQ?H9ggsl=58ZM@B4TAIA)FY`W9U-Ft3x%=ZK18g|lon4ltC zo*hS*_>Jmlof;X2VaWYvl^wS<*cR!h$%l2FR;3N}YOU+hD?TUjq-5X0YQMGQ$zkoy z3os!_qk*J`cWGdNQsR@w8TA=Om-wFiIWG?te`Zl^n%tc(Xb!@6Q`^sH--;aG*RZg* zgzVa&`Ld$~*nO8Demq=tn}Vc6<$54LCYuvDzl zHlVoF$r>|ovZQIDebcq&19g&X0)ce zoNr9d_+^Gm)s$5>>VrbiLB+rLz7N);ucR<-M_C?$_XO&UWf`Jl#WDH5{4dz2IUiPL z%H`;`L`#?Q?(yvn?NwEI^+njF`%gXsZ=_9A+UIx{lDrd0b5_L2O>!ehgtv zD$=s&$;*hlkY#yfplToEkD5#9^;=egY>kWb@-OaH&y?;#b8Gz@(?+~QcoR@Byg7Ke z>O7r+KhrOcpxs@6I#W5v__{VV)tZ<z<5a>c571O;JX?to48=4DW z^G8a6b(PO~YvDmdI@q0DuaS}LwDD(p>(TpJ@~ywOWIZ3hLnqgZMJ~R-bo?-O*=2>v zjAzKCvZ=EZ@Phl(1CJjN*ZN4vUc|JD2Iiw}!i<$lv6zMA*RB zX4L1AtdgmvH{w;`oo3L*HH=|syUM-N9)uAJEisIBDoBzl~W*2`_T z!CM$dX2*}KwaR;i1AsVt1!LYG3#)JSdZUGYMElJfuKwib5?Bh2Br1ZgSc>V~w=HU% zf4{#xc6|)mQq9xhZQu`{E6>4H^>3>U*vx@FPfiWRE_*Jj(ynxPiR~*Qdjf#yEOUDv zV+K3|C=vi)#VjJqP8@ca6N2m>PomIrLYvh4!-K~*4M2v=e$NQ}&RYa4urdl*i!l)+AU3{EKb=agNh!}>hy*?Z5BEj>TpF>I|a;-jO`-k(mmb*1S+@+!(~!3 z&{0@^dL!q39>C5t9|?b91*UWo&e(l_lG@O*N($6w^Im?&Y0^YnLT31I)pPfl1QR3c z4RVQ*$Os!Qc;NNYwD-Uzlaz@w-VQYZlRal@_k_&COM%RwN=nR`6%u}C8PaGTu23Yp z2xD)QR6Q~!=7{?mR~t|K(twM@vMd^)jt=y=C$fZp*cv?Xi%;Aee zulcT5SPCxb+{K|XWq?gc2dWtvbQ_7S%~%{9ufkK?Oni~a35F!#U?r}ZXLl!ESBGXT zcUT-&-D7s#H|6a?3%iSrR@**&M&Gv&HGwnnIW((q^}5TMH}BooQtj zcd)_efH0W1;S1t&Z{hO^UyaW&I=%p3)(K+w@-dE2YiV-|-^nQ|q_n8Ar}nzF+!Cse zrqt|=a~Z{x$8+ZMM-Wc2=9kWoW^up|AlORfZF#haX@#&AubJ$P!WfKg?Fhobug%6G zP%`v*De@7kv-s4&8g2*O>8P|hPTOC+L3fxX<%=i+hA#`JtxBcO;Mc_@7bB8VpDUtpmS78hOb5GImmN; z$W2G@Pv|;m#fupe@ccgNORjMvk*)pLKtxZC1nZ9n4{znFWy2KR%M5K$t_~pxZ~M}G znUZQ$-49+i|DT1`Tyy=G_%Brjd(XPFqk_@m0}+OsNARpU_4$KHFXAAMS(kgoq|yb= z=_JOo*@8{#6&tW-Pw)vCfPV9#%PzeIZi&0nGdaJudMX&0D^7Jz7gg2O{ZNf}Ze8P$ zpTp-#*Q^}rF4=%%oRlI&#kx1x>I6K!U>$Uk#k)&pp(ce?n!m&c#l7g}9|jvwLx#cqtOlQg8`s(9y1d52D+85K-|QA>97`06CF8nL znap^f;%A%I)ChP_z{2_!{|OYuw)fb|DqC;yUVS zKGe1eWS`cBf7xKxF*m?@=FV|{F^7_F<0wPC zTrx84}Lokb|uNW6^w#Mu<|wR!p}m6JkTmV@$+*5`tuPMHQZpi6E!X}*RZ(SIk)Zr5A!;Q zu6AT6;TM6^(9}O0?etwU#PZl|Fa98njDmCa48a$;k9qfX44R%NaU#v8%jU#sLPRTbHKp z8eAt;f9G+|lFgVEcAEvW^HkykOHRaTbq#;sGh# zOcPF7M{fo_aLbM*;U9K2;O!zeg;$-POeogkBTQ;6KZ@Oiz54P3Dp_1)%mY1LgFcl) z0JJg>ZZ2O8I(ZDrShHSjEL(%8caxv7J$g zQFb(+l%bw3J*XZu@w)Re5=ob_8zTwAN*Ct*N>vLf9ak0*J!OMtkoj3cBQEtV*`MHFwI+Zn$8 zD&9f5UR~7r9wEYt+nW^eeOO{|>cp%|O)#1iDJ{aVp2C6IB}g<7XD(3dpw5ijni`%| z;h;U`$nh~17@eBQT<;a!Cu~-PtxkDAI+B7K0sd~7%TW8YS1ozVm|p%d(6+i3IR45S z=+eSU<4*T_D}%c&dukpL*6>0%^%=tJM6q{ECau59+Y^NKhtq0`_xh7{i}mqM13C$8qsAfX0%6E< zDr5H+dsn^3op`h%_gMq9*32Ek#+_`UF!M!<3N6Jb=S`U|H$qb;6y@+JOSr8B3F2Qd z4t1ne?s<6?&vo2wIghbDBa?_GCRNlP~ zZyZ^|?nQwx&Kncf_3PyjeVaPS!?9Y=Vk>m%-5QtO)K5E5?jo5wdjHez1{B{q`(e3g zrZM~I%dY+TPhQzFHksxdFBn(&d3KENd?L8jo~z6Lc2wd-RiQ5J9hNO*w?-72<9L#Q z7#9XC+7|G-t{d@;?$696`eob$J+kjY&7S0!AKF-3s@GzC0jAYj=7}xUSfGWX=4S#>LDMe=%v~wociJkr@)m(=g34)#m3)*QNwiqpzy$t zzFMvBPz&D@j(DeT81$fGj5n_@?f6A1<(e2Ca)dTobVqeM8j*5L6D-lj)qGlWh3(4u zjHSSzsLfU3wB-o5Y5^5g?IO;&`Ep`Wx?ZJk1G&+V{Mpvl#%Gc=5Z?Q$Lx9^b^&8-a zTWwSxKJ*OF*2rk#lA*lTtxbs4Gys38zQrD^Ctn)}+)f~_&j=tJLssA;*25JN2GS+L z9E|?xE$e#vja>-Ou$TJ24`nit*cx$T^N1PmOMFCFO(r@*sBA)}lSA5KdDIM7F93BU zJS*pU#QSk{+}qU1q2+$q6LCmasJU%r}LV4cHcK8K}VSx(gzY_)QrbYKMlv0(=3 zU0I5`Dnr1>pEQRXWI<<) zLs4>WPJXQvf-|*(txMYfcu{rXqLcVYA)Z+TTVYGo_Fi`LYSt1X@_v-|Nh{o*fk29O z9kaiQPFpA#y8Gd?Locq3pBC+?c0nft*NiI{aeb3tP~qLXh7~-&$U`ZYCt)73PZnmG za>to)T4=74U#p3a=&K&B1Fvc`1ZjEZQ}-bb?1oN*VP@cX&*AFi)y=Dg`I?uc4LNo`ZX$SU^9@Q+tJBMk-O~dIUpi|1>jtp_H;d{wezO=}xZf6tFj-Yx z$^6D6*O)@Lvg>uK*jBnMQ5=}j*QkJ#t2efJ!bm&T=Z))Q+bncyt`H!NQ^v#QSe>kK z+qImy7^)A%PM*&c*%gk+>TdX8(``1re4PMm?~$yEKiv zrTXP9bVg7iDWkT7OL)1DgC|z6I0fx(o@zwv4pwyh@ZB(w?ePq&O+CIYZ(o2 zn!9h7!nS5uX|{nFQzoU|Mp&Kg;x<8EvbLj}trhw7_Q;N>tk=nq`=AEpmFj^mw^NDo zt)cuY;>Jm0yvIhGN`NJJ+^M^0XRwe1Q7v?`uYJ-HDi}~vyX?m53DVi2#b|-na<$|) zp3T0+#XD|4neorxX*o)}M!it{I`Ww`Wcx<$2DwPm&lpI0((NaBYNsc_1s3?;HSI2P zbC~AtJh02z@Jv(4yLcMmr*>BYyb|SHw9g{yWXV+OzX1oRG=ZlzkgHQXWa^YHLAjz6 z%$G?~^1K7=H0hGe4CK^bIDm7b#U>fR4d*ScIZnyVzMuVnoCbj&Bm zI3gjKghv_1)n8;$FNrh1XF^%z_Y82nct7Qc*KD_??NC~+&tMX zpEusk*b4@DR|ZJ_hRLr|Jbz;>HrcYWY-F}-Z@$aZ%=u|rEi-C!eR9!rhtSGuM!&@q z>#?Vzr!!nHqm#{LQ0;x;M~v}R;6&6FCqIo!z}qv1Z;@B#cuTFeXyPma^ASchr)9++ z!(c!P45mA5lSPFimWx0Jo&u3;+xIwqmaT5=uL>Z@i|nW<)s#el)RyrIIbNRjgV9WI zV@ZLFQdrTRgLUJ@dp_(~$*(~HnLsX=5cQYsLXyW;YU-C&1Pt4b7~UKVh!%8sKEZqC zI!4Csm9L@AQMOMGgb&QkHYrlnv#*vWNEb0B(99s?tXXBsmm8(407B*+v~rG6P*6j~ zj>q%a4hx?u43M*NwXnx`|QE6YmZ7ldRu+NM&k{r$DS{tZjPlQW&A6F zBokQ$cdG>I>+O*|^I^Z4O?8X2RdH@->mgW^iGb@ zbV_+#skU&u7aLt_=mx?(`EF|HdHxtXXgT>fywf^GBFmiGV|Lp?V#ib3{let^4GL&& zc<#*;yy7GV%vBjawHaZ#enxx!LK%8E^@YScIdfKXs)s!MfI%?kO_#Ty`z!x2rD;> z5yQzULo3~h=?mY#1H~_a$=xx2?ObzyG?uj55lm*RxdwbHy|6ptKIymeboIMoCPUtZ zyH&=np9$aKz2uUEO56S=;LLAl9y@Wgl(%zMh9!t>MZMr}2O`ZbE)yecl^eVZsn$eM zULWV5Zie-re|u6Q1y15%w*+XDu$haVGw1ewO&E6n=?UDI;q4!~%Onz5G%gC*ZPYb@ zQvKi46!9hvU0f!SC-nE)gBnWA&Ak#5<+kFnGAghcp8by08n7q6rry4C;liG6+#byl zW0IS=M`)uw{V&c!QNsp=F1#V$PNbGTLS)+#i!XMxnrLes)%0oQGLk^nQ-AHhJ#^$@EIE zDd8A=e@KlnlcYLDn(Aenr zu2^d%A^ceVrtyyS+=;=U-5K9fLfr=;zv0HlK>r5nuHIh72hpIt&`OE~^#WW#k-kQI zS=akXzrMHsWy6YBTHXLkA4+z&7m?lhO~lI605*~4bc@g4TMGN-nfLNelQs>$*oK?R zXub06{uS#Ho+(q92i#Y;zd8{!q|ob$zS;Mj5fUSGt|D9ca;cN8gquuQ7>AR^aQ(0} z?|__qVKvBneup_Sh{dZ4(l9E!<15~`(TIA6Q!WJAs_Bo`nmPK!s10BAdkno=(>FRx zt6r%=*e3Kl*UfsStW(_!3mOAN92_Q3LOkaiMKFf*h{c+h7Y@NnPiZpA*rc1kb#Px8 zUqN!?@dwz8nN6OtQEn;4cVn1Zf4`tuKbA6LJVVaf6&>$sjS3C)?Y{uKUASfehm$I| zFd0S@93qZ;Clk4yRY8Lk{`pPmWx%t$mNb1WQF_De%yB8$9hGLr>vc868% z2aQ5wFzbF$fJaW4DeLTp#;IrLFU0zM#ri zCmfPr%6OzCY;CC?89#z+xSq`S%N@2`{W{e5+GY#`Q_Pi#0}Q7{Z!3=1rhVz?VTBk& z$c=Ml!lp%|)t%T^iT-F_);sMwU9VcCK$Y9hP{b>>Y25oBgKi?{95yVkI8ixYvDHF9 zy{lQVrd!+Ls-=lc|N9Yf852s{Rruxhx1XKzCt^M;bbCgK^=0l4|4%XFnOS^9peu*AQ2yJ_>}n2r z)!myTE>?e~s`?*Z|NG^`_)RWR%{f{R-6T25@QkMRSx$SuO&VpvLVE?&Xn$l;DpmlpN;yftmb;lc9g+R``uP4)d`8 zA<1|&`Pspfw)huY+SZrEuZJo#;CZuBo)3I?kx9cA$$hCDR< z`?=jZ(D9UK8P-?-`(O?mNBVyes2$M2pr-bgZt%b8a&Q^dI3^wAxH#0;J$CXx+xef) z#m<%K`ASV4sEze+{HT6C7;E{LWBuC!XSN;;Q2j5>znt&?%JZKf{lB{OKUw9!fBRoM z`d`2F=Lq?~KIGp%MDWVdD71}8ZJFW~SbX$@Lo+?WGe@(pOkRPjAB5@5ZMJj71#_LD zbvUr+wm8rlR{tb1HQB)Cp;CH6>B!Kl!FZJ^+r3`t1Ri^rbH%=cCJ@%h0k#Xbk1Bf1>ZH9+DUbJ>)f-HSMiKm=U8b_ zzh0G2UoWk$`F#@SV~`9Q4d%w_*5U#yqZFtPO>H#Dvvj0UZ{vRQF_R`F-9F*4Y~dhB zX}Wxnf+-#CxO6b(d*!)>28_Em=ssr;NVwHzepb>!9IEp~)6j3HK~Tneo+VdB{vMTn zfbD>rkeg#PiphrY#nXEsq>Rc(bGY5IgR#)WHACV;W6#LCz)OYScDZqN4-CzG%^rp? zM^MuTv#*MyU(|9sv=S2*-)hjaA3ChzD(yJl8_#3|Hwp(LAJBdbemAPDpPs zMHyNbh2zi0JW710jAyRjmM4F|vpAOy>LM)m+;J{bPfyPhC;9I5Rib8g@BhhOt{&Kn zi|LpM6U&2qRS&B|fQl1LdGNT1fk?G>#K$AXuVSv;adl3{qsarD=A{GIox@05Gc2`b zMmEmr`1wllVis?wv2TjECy3)Ikw zRg;jyuZ2KAm*y5lOS^z;Fq79WUO3^6V=K_{zb)vcft?n63hzF9=|qzL;BoDB^TE#o z4d32Xiue1zOwaWw690Dj@XW61-a*}@bhCKr+<^reWOiBLXeyOeJ85%L>%Go+Y@=qV zL|XA`QmDfTKe2k?jxU1rODb{W*zb?}14E^d#Rj-5ZfeW^_0*SnRVRo=Q4{%#m$*f@ zcb3cied;LD_+wEw$m%s?DdmxV8|(6LFYuy9&{BF^b&QMS z)}wSC7KpkcVnkb<>j#eQ$A^OUsth4*+y@nzVQiN%s*;%rmNfBU9BnZc*BtL^TnLPHk!OvruZQLh~ zvabC#PGG2%KR^c#`wmd?u1=@pj_$3%(DmOZt9}*X-Zj7x4g+A5-5Fc1xw*v|m1U3s z;d*zP7R;cub7WD%9XH+W=dsI4sZ>D~55rTc<-9{>AYSNxaVbXF{*rOjAKV$o+056q zmd=jh2hR+t37TEtc~@HA*xihI&yAZ?RB~~zA~ibHeAD$+E{l%6knB%>VN+*i+Q@ZW z;0Kj2=K|o-U=RS*Xd8yhGu zG;fLX;Dlt)F?A(~4QAd8J=vO-ymu#x9sCZ{#(^;{@T)P>HC1}5Em5aKHPiFmnp<0Q z8++3gPa`9Lt?@aZH0KSJbEStQpseA(fzy~Ubdb3O|DOyjgiWs*n)%u>?m$jbM?wnk zEk(&S4uIF4&f6?}v>vQ)%xcWe$(h-2Y~x;L!X_ISDkUs`t=X66599hn6|V>R2NU>I z&UoN|`*xZA(p+<43T~C-6j`$i0rpY$DRfVlh(En=ESSxNUppAZ&2@?NN?0x|ZmMiC z$@E6Q|M`fMC^9p3YE;En&w;F9wWqRo1}#NUYumSr$7k^`@a z9$v}(A8rqbp2a72XVm9h&j=U{d)bur*9!3Z0h%!4RqGXyMTB|)>B1_;DsXVLfpe)- z7Xl3rAl%)dT@31}6fQw}pI54J_<5FdF+xx`cq;zEx&BL_AuacV+3>fWr}Nn*(7;cy^}riCX<0xKvjLV`oLH~FAl!nIRFFu_ zGE5*&8}dIlh?A_IAT~W=H)zO-#L5>j^dP2$l{T?!TEmDG6)1@A@8H>5F;H4U2RaMD z?6*vb^n0!Hbg4!^hgfI$)MH2n8lh!XYUOPh%P&uVF6NfTy|?EDCdVF7Jp=hvY6g9b z&Tyb9=%aN}Aa>=StKO~Vf05QHJIe#ml>=_M9IMBJA$2Va<51w}*?O3YX~4HY7s~SD zU6TLxR!!y%#c$0o1I&ZItjFBIxgjGK9^%$3C8h0lh|PU956rtWvR-l@k9>~bLL5u8 z-7|l_LmBh{CQ}4Thyoxp*9Z}Qq}Ci*`C)JUn08~GP4e%;H;_y2sR@p;z-QyeTzk96 zb4BLn>sbM>0>;nj@VPf=&Hd`5uPz^87+9tH0pS8CWv>=7A*Y@1>GS&;M_a(qGeKdoi%y)T7``q2#rt-Re9}XOeslAH z9NI$CI_}gU5BTfTmzU;BXC?l~^}(L1ZXftxdFL_tASFCASv%p$kf$5XU;gr4#F5; zTo`v6n+M!8K$~7)4J^UfiP0uF_SS#Cl%5L&q*n3{7$<-8uE@)0_YPDM=l+98{}Ff} zmif*0_d2zlh<77Y@e?PYrux*rPGi0?-5k?)6~&F>HjYMN*|199yW6coRZU{_hxDt$ znKaod1E@|$V5rik*UC!?Rh1FoybuK%czi!EPs&Vd$ zOzL2iyh)?aggnnE{%f-#w&Y>7N}q~Aa`t-Qtgu}i3e1Dtb`hzSjj3~u0BvOUJWk0D zYS@hBR-$IYbchA}gSdLc$WH9Y-t^ap&UNz+E_&oX%o8{ zRFm$%XhqR;zQD^#f%T>dZ#-CyZ^1RdI z2F0vzEVQw@*YC@FrS5x_tGskhZSbD6Z}mcg(FB!;(fjA-?=IkpOzXP{Jzp$pdgE6q z$xH2y_9xr4!lJgl(i=|oI@HGvihW~y>GDKAj>@xtO7#EDarD`L3J)h`yv<4Me~lG5PhkOy+6(cdTRZD%+6H#E0waka!pfKDng13W4z zZ(}?!mpAGLp_VaXrLqZPoSTNjGy5`;+XOuL6X&|fJ8T!|-+=x(ID_e-ADR8>j`Dx!y8qs~pxe&%Xnmp|_B0^1~J2_;kfTwAw;C4jOkc zzi2(ctHDjp+#TkNe3p}m+wrkgYcX)P;t!<2ErQ{RlK=cK03DtMgICgyhPgbte-M`7 z{eyK$Ph4^+YK zN=SpTFb1Kyece@y^!Od-fpS9#-Zr9*^$rvfL!M$Fv$qH zsgkfPfmxPl++&FOm2auyjHzF8oCzTAaA_+<*AzIpK{#ZU)o%Utyd;mE_S20I^{zFEsheo_6b{LFt;{r}FhCsxi_oW!>f1Kp(m6|1xi>>oe-`0=Ba6uAqb zD+Bpy3g$kW0}D8|uu-Y;>hZ|=n9fVNmlu?{&Pu9R;*E^Eo@hx?X(84+{>r_?#N|zZ z>m!RGHSE4RM^b*SxDbcawz+t}8eQ(`o#l^1k^%1{Qb{{->sa{jyD{?6H-26*{Wjh` zz;t%wBFLlwfHwBC=ZZ_Lx5UrVK<{Buu&mOJGBEP3iSe}W^UBN7|Fe1hV|;d#2dZ6- zYpMVu{O0v=2*KJKv*Lg9>hC-*!`}i?jtxb>OA2zYf3{orq(8jAv6^hye@iXt!UeA0 zuiFQM3XkqIrp^h!cCcG*p1JO8vWD*RsKOA6b1w%-9;+K4dtc)QLww7C{iOb4GyalQ zETG#L7JXMFp*uy{ObMeiJdhprFkT?c7h84b(`PR1S`Bg*?a!A5l`tucB(aKbt-`f( zUIU&-wjXNDk?@1+<~%?as&9E7HUIiReWcQx-ibumb#O`6^VvR0E3uJd78Ze;_cqcS zI@x3v_VV_^20fE}liKLgQq?%RqAh$cP5IU-u9uI~3u+T)@*OpjI`NGfNA91+GbSZ3 z*mPV#%&ju-TmiUXg#`SJIC}%kY*G>yCIx7;jI7Jzrm&J>Uu@k89i+nfOO1EU*3syi z+9pIjVAdcEFDYbea5A5WPvt*!11wc`2WgmkT|g0cPyc5Tb%*?-&At8~Aj)@Iyhvcz zNI*W#x!xoPx06Lcn)KH1WtnZ^hLhLOt-|ZE=HGzqwhN2ov7LUzPMZQ{QDdyxGsflh z(g7B2Qrz^pJ#k^1ezA!0*5zA{rWJSF9zQkiVcM3iUcbT7Uw`|1|0`XIK^j$Opo|d~ zTQ}Z`exYOXK1W9ZkN(`HE?nZ?;i_}TH~5C)^USfp4r1Z!7FHVv1?RT9jOW-4Njs+)|Ubgva+bCUWwPz#AW1t8l-J5+! zl@53;Mq3AHJ$dR@Jy}Y){KOjKix0|f6f-eitwS95R=d@ZcKQaAz$Bh`r>UUyEo95`#G_ecZ@xVQ0PX5dxh5Rtwc9VoYuxI@F}E>6J) zifRdkGYVgq0Q<#2()qKbjJ!rVT6g0UukAdg5qCz`Ug6e=QYV;_Mctip2!dsdD&wIb ziN;-r+!|Jo=>x3#!MCPQwJ(O{c3sxWSd#;u_Pv}nEx`gm4Ijm=TSJy+lI4dWzHyRL z>)44K(oYy1i7j%@sdt5xFJZ?Nl{TJvt*q_`CHz_~@|Ki-<#FDUvX8W2J-k#9GYJl+ zGB}%)47=(}f+V+@uJ6#^Y7YKJ29nZC1}dt(Y=7`gwe4|Q|J79OxWNmCx}09Axj`kxmz_`@ z9JQBtdiI$D)|A2d#@D20{qC+w*Otx*;GA& z#5&ts3HwrH?+vbcE=gidAU{dVeiwE-mhb?q#a>fb76IyikoSDfGMbGI_4NAUl95y7 zvl&RYVGKbc-;0;~&_E^iAamrNEN?~2qw#N!FSC%?9xX@1>+hUidcs2z{9XX47C8-` zmd?opC+{o+C%5QNM*^&36*V9#gPOW3l-KD#i$L65#KDI!DiS00t&Lx!0IEMAN3ZBw zJV>UWc{*2}=b>9vsXJmUG-S-NwEV&_oga~%cS8l_nW$a8!9`0l_k38=+oB9Zj+fW! z3=S0|ar@4L^_)Vl27Wg4{G2#lLHHsqssve1_8-A11P8Axw=3$qE^(1 zgU+VGb?Sw$>6T7<+r`mtmGSFN1@hI}2Gp{i^0m#wAr}_&f1s9PE2~ZBnk<}t9RKh1 zz#P8}O1hTc)&ehAf?8pHuDmZYo;;vt0(9fqa@%b|jBUH5(+zFkac}*0Z zY_nt4dRGie4-oqT07*hpvVX1of9$7MWurj3$O%{UPC}d zY6zi6NoQrdFZd2x* zZ<*tL#u(3dMvugDs>s|YuM>)A2-D;))0yML{#{rp`TOOCF5TB$pW|!6ei_U#pol_c zt}ksqgHPGF0EmeUhtvUy4d#ViGcVF;hrF4Fv2g?)M@`v>RZBFhDhO7qlUDHPYkcjC zt4|&G6HpujN}#@@22S8$CQd>}?>R_5 zj8M$Qn|G)wJ=tz2ny~~BBC~f@me622rY$AChG<;>)LvdWPASzYUYEFgUEq;`X4Fs? zFb9kqzNIsY>W3ZC!|HB1y}8}>bFfIH_}TWzny(bJ=$_$mV0=+BD!-{OA$K&6!`sV4 zr)|un#L$TsHQ3!wfPH9R{4%W7SwH-(-#{dAgBxymDVyeoC9Sro8@voZy;;_aHsZk- z51<)B9V@|uvZZT_{pGsqUXX>^%8o8*c13vn-ou%qc80Lwy_FGwdK<s`=L08&Tf*{{IFFk z5Ol|K{bG*)nA{hoLHQop;Jkg zcMhPo1NqH4@{MfW3|6?2g(SEyS)b3Qdb3TgT>viM&DYO^~SP z4TnPSm50qFwWEHBtb#93rCa2wQ|iU;CIq8VjncIzi^CZq&XW^}Lb-frC?m1xg!+ne zvEEfDRQVz%BbTUMZS^C;Lv`(AOW1R=^X1Fp1d^!M*%c*WC*9I@=JiT%olmD}XDv0y z5;+J)6`iMA&pMHBXxXY0jjMc8WN&-pT~>x%xXxidMCcoVVSErUD=fQfZ!zg63FIW@uyu=@}nKDt}9){|TJ&3nc50nN91$D)+?%l)^IT^FMdUr3@6;l}Ro zXoPBIM&*8SbeAIkkgPuMmu)8^`sU1xvtE2ARw)K4Atqt`Fjv-KSC;Elyc1^sLuq|v z(Q{x1+Qlq)IuZ^DC5$!weZ)`?8gyFo*p`Zc_UQGT2D_>oF<=NpaUuDMlxKHTr_t=W z>}i#^QEq8&R4`C_DO@DHn#KwGJQ3z8(K*E2fPExc#oE%dOf^2$cFily#b=lvi^%Uq zM6{x{i^`(lep442r)zj4#MfhnJp$<={8G+y&6>XI5&mq!Z@d(YD=NAZJacIV?sb8p zJ{O&MXyf?HI(v73ufL<64XoB~&{ZXL;iY}mM8?vs{G|#@riFD-tB^5kIJ4ZGu>Hof zN+;qI(j?j`n;FJ|NLN{a2RCIU5xuLKVZ>W`7@*0;q}#}$vg8#)ZMD${P>0cSL7vHq5ZgHCy^=;T@J-+*~UrFN62b>0x*+ z&~{0Rw1r%kzC*r(qoneVE|F1D6Xkt^SM{5rIxdbCVb>_Sl-EW>;7T(Hrb8#~?r&8< zK#jG1yeNp@$4zaJ+LG%_B`3WjzMvC=%Ui`L$ehYzJU7$VOszO@3_^g&N&IMeex<+@ zlQre#~n@{r9@ZK`P#&nQgGhzkNH|`v2mdEZMW?29nA!ak}sFU~ajrO)W zMywVbdU>Z3C*CmBt>S+bT)9_`i)1nL`JrpC9mq>XCudhvpW(AW8`GyDG(yE%OK=qT zVcRUZ@ea4tt^#!#8NgPN(nwd#9T;L=o0Qz_NDn!(dWjfDBbZ-n*KL&MRXW&=A7E)j zhGIeA7XsSt7!)jMetV_B?IY>KZSS*;ryxaM+Ey|VX>!FY>n8vJE<-g4G zJhsh;NV2Tg|G+U(jFc4hLL&+CI^2JUOx0|dq#v^PUdeU4Le11ExPAXHRbuQ*;pnJ1 zrRDI7mtq;lAf`||gw5uR1mhfDlq~Tq`$6{kl-gkXs**SxsA#HOPGK$X?5(@ZcI)7i zVKRqn4cc>0xT`KNeRgr8Rxt7P-k{oC$f^=$_-U7?fRwJcI^%dH86I*hj=n=wOTwI2 zqw98Iz*b>}>J(;+5Ug7ZztAn-jL0WJm{w${M4t1I35R-RF|ai0k!fkltMXM7C-o%b z$uMWi=h*Qu@YuLXYfYQP@UQaMrUa0|a)B59#Ka4je~IYW#l4)7B~*Gv;QV>afL4={)wxeiTELpaR`bDTay>3uh?3VHK}1>E z5#}()OMu0n`gJxAcN!Rwfux%0pK(UCdt2NE5wLvfqTX#Ew8}&$3|3sDh_{SXh`~3x z5N%%hOdWLkI@jMI7q#>k$B{hftH2@C>!pSTd;GBENDmL`OB9@G)FIR3;zoZi^bbqd zBu>37NZ`tb4CL=%oXgOd?3&dT%jZ*4Z9n{8%<~nVi(L7(x#`LB zl;3P2H!#hmDP?(x4^<)OnRYm(_L)1$;enG5B);CNe57lQkwib<*OBA_vu}Sk5`{gE z(XaNlXkM!9{j5+Wtg1;I6=|y|Uk5n?Gm^^XIzZa4l`%}`6?pmGSzRKn3SFMfj|Y!_ zdAQ<!>e+gZ?{9Mo(s~ReeY&~yj}o3DYT#^1bS%`3b(0b7V-;6(;FIa*JKH zzo}b_=({g#5St2HV7&j!#qMB#y8E3raEQdcRn#v#2cCaJeOVxh!%cd5aMnCiHAq0+E=$-M#&3y!?n ztF5oDRC^;e#)kB~8_0|pEnVLou7-B)8iZmkIb73%7WJ!LaY#}TN2jcly?zGII|Y3R z>Dn40mD(-z1YRTP0H!D+k8ns2B*^uUbTb~OAz0mE*I;~Jp^iEXWM*hpg+;hfbNnPo zSH1?y-5u#_*w=~X*&`GLK03?|Re~~yV9l=lJvGOH{g~)$p3vx&Kb8n_>R=+W5TKyL z?CrH{7SSbYZ>aH9zbPCeO}{B;<>s|A>S(b_)$v`=eR00alGyZ+ma;Y_gec#6qLVlA z`6`#rK+H#v&1sg)o)5`txzh|00AkJODa!U8r#Csj67@>uJ${(6FtxJ)Oa?caiXSrH zAi4f(mjysry0R;<$cL5i8NGWWEU2_=cnu{CWH7wP)S+unoWPNi&exU&Xf2ky5{CBJ zpjs>q7rwh>L%Ls;&tsJKgJIY=9=OLWEWp^ZQJ#gk{k-lK7)rs0HYUgEA8 z5ZxS#RT{*BqAXfZ&yu|+Fgo!(Y4d4mOTg#E(_zUp@5z9bQFDsylhrWGF%#z&70kvg zd8;5Ev_-8)l4yc1bzL_`djroLKG^;HI`xqIx`zJ^wKIZ8COLKu4tVb|H(x?=z6~jWR^M>0~6L=m4r6I~kc^sjyL0`#?Yy zxJQn6{K;N;ySq0yd0XaQb~IaWFA2e(-&^PPqe92X`KLd6R{?;CA#2s0*&|k}}_lddyIi`2U_j zBW=$J@Xh+e)I-t+ZMk0%^)Rp+T?z?dJg30I6U6Usj&i-AJBB(_xz4Tl#D}Y_%^dDw>`~q{80(2XZ7w0gx2|h7V z47~5*WLM4t)5(WC{B~(Omch6?vvvRGo%`kDxqnakalOMRu3-xk-TyPi#AH2A3=Mz6 zn_bjCAahU0LViYer16)P#}M}Ny+oKpVsAC}lH$J5um6xTU@c}4R+_eKsec9ty_lv0 zX_Bb6+JqZT#p3N>i*3sjslC6vEIAARK5Zc{{6_#W6p`|0%;qiNvw#0d@z?j&kM^X2 zyDpj2)9kkXbLVYYc`i^S=Ko;T{k4r%`_5D$3IGs!?wWRn-h9*eLa@Yn7;u>0Oo&x?f?6xz5a~(OX{f`fBN^q_y11tSuheJ;F%YKfA_%uFD|OE zim(k06%_;T1h}jE8h(tQ3#$%!C~mz|5I4uyc&z2V0f^MWh%uXT6&nnsJptKw{H@H= zzc7JCBm@2qZx`tGJiS(s@#x)R4;6YATF6Ks>=l)7hP0W6;v1YKF?1O`DNDq(A-%a^ zsldmIHpE=xyNImW+jWgJ%{#KE28?IsQRqhv(YKD@<&Je-aC&s^=2zh`fUx?sZbR@T z=mWjWtFap~!*YSru~C3856UOsS#hHz6)oxFI<|HJU(6U`BQF5>SW z5BzrfSU_3=Nk{hR#M{rRsI`mUu-RV;9;xL@Yth@OQao1X-{e$^9A8^D9itbXt97(k z8$FlJai;T>R=~Jv;_gop0iLx^AO0hU@YfsXUti?jR%--4LIp1)6XPj>+R0EBnRAvy z2mYZW5~}hIVP`~uVnyX~;sF*L@oXlKM<5)vtV{A{ooNZknMaDIC6&JlrruRdhH_|) zdCb~4x11}hoZb@bP~?`^_kz7LeQoBH5fM2AIf_aE4%zll;fAL9IBV3npWh~5U2$s z{yx4G=!=P~jX?&FiisyolBsi2NJ`^t(sA2dXz!wUeSRc!85viV7Fm90i>1q>lU#t! z{ROzH0Q{UwI;yjv9u29A;vbG;tP}HrD`pr%>Fu6Uee^RD=g)2|BrDmi-W)aZo}3mn zKztU+n(er*E3~wd!oRdKcN?gh`lY<4aldrTm2hB4X0qG`Uuay?}*#Iy681a>}tq0EMn+|AkcpvY0>nB$6w8sE- z(PjwnvM^v{{3)c;;9~b3E8zO!VSO3Rd5A|+sBlBs#%n7`4EfqW%cXYL1^Kh)v5n?t zKi+Q)2i36neX%F1&Rds+1hOsoFJyqRp*WJVc zq188_)Ui5}i{gaKvu6w{+zh9Jty9e_l=VWScZ#dMq`IYhJzqq8YFUXiu-ryFaMGy?46f0%_{f*+6jWG=td{m(bFL$Uvo<}F`h6aM!s<4u92J{B z?Ipzj=wQ&gw)1460fWE%iO_lp4Y>$ED=b8Mb;xwPpWn*Q2p{FIWn(Xng{bk;I{jP><#Xgv*L7s9ur`Kdv;R|x61k6`8n*)xGzh|@mX=Kzc zvpZA>yq2urc`5hP>o`bgn1vOV0+F$b^s8L2Mj8;$)=XIlRj~|+v*}c7CYdPQ*&DQ~ zzDnW9^!&&}*>j?*EOT+9;y?lEUjx_PA)-|cB#EQ5Xr575yvRt7&8~6>&b6gdRn%%L z6AX1to8#SzAc&7WUs(t=!>&UGL$tzUt-v(#!1SD{W_HYg9jsYu>-iP>ys+5 zjQlqLAxRQGAY~05P*$2KE>ET&`KmR!SqIbMr@RzqYWKaB*buQb+ps-w4bJkFjzD_87b{r-rg#!VR5ya zbvKj6r0{ae8*M$v*ln8TOzFi^msd$k?B^{WCaVqeAD%|WNkK}nkKW!l{XIUJ%H~hH zS6?Ds^?GEk{<_TTv@$_|lyZn27((Q!SnnG0ol4=@8xF7=qg9}FsglNSv&6?cgcY3o zePGn5XH$?iBZgeL<77%XRzpUPRX__3n=22k+|(NKCz zgSgT4%2olgMdpzcD+>NBBU~f?a}2@|*=l3nknw#E^J*xLci|hXYrdUq{Q&grK@SIL zg^XexM&tXO#0s2bPx%&PGZXzFsI2@1^FJ&YlaX-m{0XaE{Ij2aO{chwnDmA^f|pr* z1EQot*9Qo-aBOJS16Ak|){i_aXZ5=C<@lYgK-VJUnWyjWo44}}R7`C7aPR%(;V=nQ z%y8NL5DO@(d6lgrPRAx)_MFnSC(M(OTEv6;G4irArAW40y6eUqcDtFr(_jkN-ICiZ zmCThGAs>kqA=~gh@o^3<-BHNYR}tDfItvVOO#u(GyT-YOLo_R|}sn^@fHcWqx&%>GZ7> zxg9$rR?6#FFr6!X<}ucRR=|cU#Yw27bk$!S1Elh?Uc)GP8>lB%e7=pL>BMDh`a<0#JW$D>fhy$Si9Ykg+ptN$d{4z3;s5v|%x-$l=a$ER1S`FYaa^7yD1^ zpf+$JugR=G=a@dYu3{m)C0XS2Qs1T7x5bDGp`zekO!GG!>izo;r?nOR%o?#L#j;O} zOO6%&BWLcm8=KWLsejt=*L$xp5I#?fc^2D$dd5G@dGD=1e1Y$dIWhnE%m4qH|6k50 zcuRT?JXD2^jZLtw$2C9Isa=vl9u@^dX0*%ybguu-FZ|P!6Bc6l1(DOgOx~K5`T>Y0 zW_s$!WdGj7{%;6i%=Ff%G(so$hMrlgil!E%b0{aC3p|2NK+784C7qs+ym&VJ=tUM# z^ys4}(gJOnM4PK2`h7|*ICHwy;t6p5-qteIaA-T#O6zFgA*4g6w|`FaNgAZTc`jaL zgQsw9^2!#E|GTiwDAQLS7_Gy9;9UL|bXua3Y0Sg(c->MOL#eUw#l^Ii z{s1CAF$5^%wpY$M>fK+**3+BSS65+U`|UQ$v-!Em(Z}=IelUj@lMh!Sw0g77(%A#< zGjN{xz!>e3^o*RL^y1#{+4auE4S(bHf25~N`ybO-P0jT9x*rko3)1(9zV{u_LAc;Y z|1D7a9AdBeC5LYqxOMbK{Y7l}Q24WGZlxvL72dn1sdudVzFyRwhlMEZT3u_8mBL|6 zsR7{)9Zt2PRwp#}3#b3F%Mf=c!^ag*)384`b3g^8=8aUJfj(dRPWz0@by^4Ihc`G@ zT{`U138%lPf=K95?)vTAepG1HU1|CyX^xNZqQ@OkFGuEI)o>crIdsLN^NeGCEybAM z34sUFreqGtmplhpO3&H*+G)N!^>>l>|JrFm8aEo*yX+^VUAi_+%nCi&#?&@>Mj)T! zx>GXrLwtp&NJCo5DppbS5xG<4Jo9`Ti{lv~hiMH9=`Y#INR*;a@`b8zf?77I)&*BD zYvgNwJdX^xt3TCtKj*2vndCnn>eA;JOMqK+Jde*dwRn$JQ6EwLX#BKyexz=RT(O49 zsQJO04L+kR5$g96afh%gGKjO?c3j)@oFR`{xofO?^JI&#Z5Nby?OK~w5lq4WXjt&R z;XJ8eKSvxFDY?PHV{R^NX|7zP`CCxV?a%S$x;|W$@pIoS4lDIs&Gzf>7tna`7tACk z4T^LqCFj1!UDPS)@uZ2Jo1R;6)qihcJ!qi*&SP`854Sk4phQKLgO1FN3d$C5O8qK# zG_iQAnU{TpyJ}2vE#T3;X7U5)$;%2U1p9t}Vx5`|-pofA2Cv(%Y-^rsd-+#ITyJ#W zG+^-SN*Q<(o5M(PtFQAxx$pQq`d2+;xXDEj6_QpwT+TLNT7E$B0ImLYuUzXU+61b5o$u%HK?9MR8pf*;rO4nh#vobZVItB*ang^Jhxc-$Y=&*+sHtmsB}=%8g{9 zN1RB18FhtS!81&2-yNstqr<@<;1Lj%HMqM`G4Yvth5UFdJL-#-NVP`%wVLiU-mZ~v zGD?r6-5qqv@!lPWhj|;EZfgHKH0`tO>S>xGBk>K7pqW6>y~*rEB!)unAABpX+CW1u`sVP|cv)C37$C?BftuFv9V zx}Brj*iDb?=Mk!G9!H;;2B;^Mu#WtR@xHgdr%6Xa=hnizj_LUh8U}9)==gjEjJWd zk_FGy&Lr+&&#n)4bm`V=VO-@X-EA^^PUPGM`(BwnOT}sDK+UVz;xA(3Uh(%DRJ(17 z@_(V=)Emn{Ej`U6tkhm@sZ?rqv%s#)6&~+^s)r#tU~kr|9`p-cmHe1bQXr4V3!4H3 z#0%oSt!OUJg2vO^Vc1MRcmzv>f0dPw?dyd&&F>CBLp)@rgC5TCyUm?9s){*X&X7(} z;1Dj$v>vU_oh)XubeS3~x7I}_-_=dRP%&@tXU|88uBck$_t?rtFUWsy4vB8Kf~*oI ztGrXS%ABEMj2=ck6hsko?iW_f2=dB2-x1#WB=O;pl{%6x1I9RzF`R<$9t#)apGVXR z7Qb?uhL%^XN1*^MOU}^zd4Qkj4Mx$burFTYR>wH*vd+UDdZHta2SaUD?~FW~b7&`4Y7kw@Ht;oB$B4M> znz>(V!sZ1kY5QaFCxzaeqI+NN+pfrUe#X_fP0Me&Boqru<`M?0y#pYR$KR(#nb<4I zwRWm*gX!z+5N}$kRDWsPZxLmmv!{9Ww%h=UssfYY6%#`UE&4Fnix6AaXPO__{F_%4 z>*6c76N^1Dqq=g7+q&KO%Yjyst!zUNd6eNtpBv-z{8ye@Z~JxmIDNqphzf@^`_0MA z^vc8bO76Wjp`q4i_`8Ku9~@7}9ElSHI?W<@0~;u{3Rclgxn+@9%krhr*m5cJc4&5c z64Xzgnl@o0J->){0fT+(m^@e1OcD)LAcd^Fr+3D*Wo1^wR8f6#p#9NpZ*5(B7Vi7a zW0%Ff29q+js4jXnM;l9)g{O)86idR(TJLMcIfqPsD7GuI{m2%_fuI%CQnq+# zIMwwj|MIXs{=)@z7*AebiyvN#iFbZmM3rxJJPa$2J&&7$?YHO@X02?6u;Vk+SotCO zxI=70S?Km zd#FBMXxTmVYgH?hj0peFeF%f&d%Z60CQEYO16u2iZN&}qikzpbX{N-v)oy&{d%QHzg`Ek|AFZQ;@^$O#vQ{^))r01-drwOi@ zL0WIG!Gy~y`dpeEX5EB;!X;F(=<)a{6T3yag_C1O+ynB$uwAAP-mGe=w9#cVC1gmS z^Luw%<|imz$w#%bf8rX?4cZ)J-ONGB_xHfcL+`XN@%IZMXW+K$VkcAWC&uePvuag& zRGjt%BR_4MIMLR{4+V&^X`L~#ZjE*qs^Ar;w-<^+XzvbK(i8%}OAZFbeXLjX|z15dcY=6X~FvsD>LeHInE(>YEld;R)H^hoYV>03V zMWqZ3x|4R^q^I+y(T*;PH83gDhNjN(@mB0+Y-nQ|pNW6-ou#%2&U5Cx8&{U(o^5ps#E=UGR6`H)nme}bC*&HW}~CJ zrjdBB7NI8sF`F5PgfY4y2*0Js{8rU#%#Id=d}7iT2KFbWUF&}q6E>Esdt`3eTJ2}h zwKdrocT2oX4YCWK8wD?&8ZzQ1PMqI&*GLVGZjrXzd|oM82Kg8#+*W)H0a7X`4t!(5Un2Q- zcu4nKsPGdg{JY9EQO@B)n=-+eY=l3wH~yw2+oH!z(35tk*reQ zvyF34CJO*!X6l5kLZBO`=HIC@hS`AJ_j|edIaP7iGShl9<>)=Xr%9W3a$$63DHzt; z=CkaxfX*k7IfgdLc%#F=sI)W7b)z+rMzn8P>n55DV@yl&YK!EMu3eD5qzTO|=ggIyI9{WTQqm(l?o&=Apre ztBXEz15>nA>(*0`A~;=#mq3stwkMy zgJw?AWJ%b$*Xpf~!@9}(wpSOGUzI5CH=M4Ri0ZC;o4M6#e%W8ZZ3skKiQ1Q%%N1Ub zG*3Jna0mn_drJ~Nv~GV>-ix{vl#DU4@FZE-*y$MCALUu+@^{0-<(79HWgz$Cp{JRj zI^WuOAMg%QAz_|BmdgFST4OQM=!6U^=%SYIt^g)TMj@>})e|@PPBSTNu-xM#tDu%oOrG=SJ*ildtW0N^$qQ0zZCZ z|A2ezk>>o0d9VhG`;WjMAk{|YfI52aJfN%E<_FRdTgmV5;h9s0bMb~{>}ykZX$c!T`NdW8UapkODYfP;#eA0Zt#8ZHQOFjAt>y-%IqtE(dqIuhe-xNCiSo4uA72+%j#T6PG&~2x&Pt$b(~4Hve`5pkOI5z3%>Bl|C3r z=Z}9P_hoy5EF0Z)lw(`??oB?2a_S z9Ui&pYO9?cm|S#KN>-TCrtD?IPu~1h-!FKycjit0&qEg~_U?|p+_lJ^wci4(mLz$G zfFamgn`7$%`+o3>aIp%e>Y6~eDxg6obwnRCnMqimLuh$uZd&ABOSEq)jg2lPAGcz@ z>@@tN%qwjRFU#Sg*)SJ2&9a#K+>nQ-&?9ZKTU=~@OER?Wnsh#4!!dKyVrN_5?2K21 zN5E#md?PpWsP=6u)}m#9!y|(Ulex58c{67Kh-kPG??VP9ymhW^AS0v#@QB&&m)_jIVC_dNw8cnUJ$Q$v&2j;!^)@XRyzRcY~=Y0$M(A6)DoA~0kX zb+mYA{e|Z-f<%I7F&7$HHnaKw`^9q5kWOdNJ-Rh=Pme{Yk3lTzZ<;H3!wVcl0#}4V z1bhmH|B$j^x?bAits==SV(`~yhCMeMY*b3 zDa(zFnZvJqljqy^#<)((L(YlA)S($nz<7^A4M##hy}NB@p+*O&GF-IDW`KC1N}?t^ zWgdoSYG5pFkKPW)uGz-Ni9=FC6Ax?A!LqTW%%3?z-G&(hrr@L)j>kZ2<#^5NQvj%q zYpg!HyT%9P;1S=YD@hjZ71fux$p2)yu=0>j{5A?ihZ4*K zuxn}c+cg7|qhE4e&P4JuTV2fGk7+PG(pjpc>3T@peWp7UsoXCyl1<-E7VmERR}NtZ zraX)^V9lp==AFl~a?IpoiVRS+utA+!=%Ivrt~+Xem_EkFB|M1Oa|o@+^w3MoLbU_9jEn+xa0*fv#L8UdzI8@$4^X-H=`p!* zB|}6_iyYEJXVJA|a2lpQQsXpsROYw-M;-D1D6w@&JkCMqMLKHrg8!g3i809s21EUH z0=GPKttt6&vO^B*#jmniK6yL}R(nP8n?AXx3qog$(m*Us+p}HRfZ1PmxvU+CJrz8!b_#L7rom0o>HAyj znt@}cW(EDSsrzs6j!-a9E6;YkPsg2aRTCkki=IKB$42d6a zR|1BQoBN%~D<>_riM=iJO*?LFO*x9dA+)xx`Y^l%FJ_(@*=i`T&j#Ht z>yjTdaf=^XwXl3pnBrkw-bx7smn&qg`0BKSgq&QH>)4)MGg%C*HE|k5Len7&7W5D( zK>6v5)XUQv;AT=txaJwZ$Pum>?^o>9DV$qCdu8$Kkp1b+K+{+k#{~_)1o4{4m{eu1DWVBXYf7IlXAb zTT(sg9t{3$HLdnzY>h)SdPOz8wq-xI_Eoe}iv4z~Y+a5H{{FHM-^_|dzB(AQ@FwDO z*Y4}OSuwJ+p;#MOEm^7vnq;RU`$)2`QfI8iNAVyV&wKZpg||_jOt~#kNF5ywG~bV{ zZ2JIwDE)jVLiUt%;;fiOW>LsH$h1}1m)Y7|sMa?jE}~}<@VcTMa<{76@jkf4>eDax zYTwyBRL}TtEdV6H6=c6hP}X+y(u`T}Yf(ti4wF|YPA(jua2)2k8as0MD6M1nyb5;4 zf^ync5KMBuFI2g6Kp`d+?JhY##A`1fGWzHZ9aIT=DOz9py=?nCG#+IdxBZ6owJKhY zY+l&SHoB!y_e zzve?J17RQ(RbxxZ(Vo31AVA1A=*w7FN&djbbfx2%b)v$fk7F#68iiF>?ELu$?|UNU z*gR0WfHd_wao5^0W&EegK85D2p8ILrE z(OTr6b=bJEf3sutSgYX!rAOw42mZ0eXcsFGd+vu!KP_^OW2#5bc#8Qt-=?TdCwG_6 ztRT`dH7ofux8+AVQaPqqkwUvG%MlQbMp{0{_gqa}8@>;bXTLaYzrBVQNj8ox&N_Np zzTN)9wl*mXK?}V`uGr^@39We)+7eqygT0ttGoz4Z9Tzb zKeCqdfm?k4#Np8`a1*QbhqykH%o)M@(e zn3YDW`F!#>2&(=S%=1(4SM!0P>Xz#|yu9CL0CK{P^&4jbfz6pRuP3V}`~2$>9P}ls z=Ii8~XM8z=lEr-;>Kg~AASa#DqSxiEE>nYK&)0&yuNg_$I|>fUb1_(7QECDd6qRvIR=X6iJa zQZZmoDA@j->I)~?35u6Vo~Y6Wvs{tOGt!$T>%rK>og=5?e-!p;+p=D5Fe1a{P3~e; zGD%=!{!*_>B31I<{6%JbYLy{67wR~mi{kLl)g2hv8p5;<7JKM=iCCaYLM5?80ql9> z{>wz^GF{UnR#`NxKC~Is4Qb}t`OYO*5WJ*5m-dVnh%;pzemh!Wmi^`eHYZy43mdGe zfY<97!m)KkEi)_Yk(H8`Me9v zd*M^V=ZbkLrN`6Kw3gBwq|Tlk+rXtxqB*or+JAZgSfV*T9(}H?l7TcqKI;op72>c) z34EK9neDz9?p)yIHrup-wh^K46c%Ue z&JpWN7)+&~m!AQ{=XBqH6Sh4#6~!tHvSA4{HNpqZ&HrVJAHggQ5Ehm<-?c;k!NuG% zeZEa0EfOkkrRO(@BVTl$6T2-^alJU3bYkG_xdUw+fh_81nrzp@m-9I|vqQ-uD~|I` z>>)#$aP zeD&3Z0C3&GRc^z+N`W0$1diV_Pem1`VxMD;Yp80MaTS&DE6}a)>h18dV%Zt_ZRENa zaJ^!JO}1cX;3kXT^jiNm6PkQgGsPN!uml6{dwMn47tQ&+ixO?FmUHLOuEZCJ(rhpP zZzJ(WZRoi1kypbaeB@7UOueMzFJxtk>9L^X3!3UQO<&@Li*`-Uf=x&)+2`5srd#}^ z6xXWT+O{*IK`PjHp}x9e>HTkAiKTW7NF# z33spK|ANH-10k!WKVZ7BD*JxGs6Kkvr@BLR5@`K($rvry;Gbb(;elR4W!oA232*+z zT>h)uMp#|X>f0`nP%`_P?`U&*M%?3QAMD!=Xb(odM?E(fnPEnV!(jsHSP%rmCK zU5-JEke#N!>!RX;@EG?MhitkUhgMCMfa*j{hprbSgkaYYh#pmopRz^f44k zx(9JCrVhvO)o8BCT4G!S3x0HKl~(poz7x_~xwQG~(@8i`hn_lojN2<}h|05G7(z5< z;F@zo)I>|96}Bbva>34n?Zv~sIw!%m-aJ25|7t1!?K9~I$0$vHvd?^jq`c)`pEU;X zxbc{I*WS_Zv8W&e`&0Uw_~hQ>q8IHB$p`U_#?z-dX3WC zyb$Hk)}$sb7`2-Q+>JWUBW9GMqTeYtT4%R;B5|!`C8_#JPyK2!&%CG{Xi0WPbfR9w z_vMdUt^DPXf!TJy(dM!D+A`C7R|@5gQubJTKdY3wTnBp5w+oP`T6!272T8ThUWxG@ z+yhwwF;0+r4dwff*gm~C+}msQz2}3%ru+vr-2d8AzuhF{#r3MC`X(@ zH0qoqf3P#W)Yd82=k{bK8V(7cRN>?Br`2QK+xCn*B37Z8Yu@ipHC89}BcR7nqu6a$ zyFkfuJ<2JWnMn zb?w8mWI{7_rPR^_^n~t>8JlQWEY#^)=_Q|gHyo*%#mNU^XL=9OF~Yxg#G+jOGQj@t z?|;z1WrjqKGDd6L{kDB1ue8PqiKxNoKT|XXaWOaL$)wZOuOJKdl&>JboJ!o-E#4knts^tS zar+?U-jYeBGWj^MM^4o3$%uT-a-<*%P^h};Z=dBBM63;u}xP$fEQb^v$UW8PKoZ$R#}$+fvY&s zd?92`bWCG;@3wVZ7+FajF1}Ip`a{JXX=BGR{l%rTvGREl;JR}wN(HZ_U7l;N+Bm#j z0dF^S{o+X*MXlc^|io2(c%WZq{CM? z+&-SH#DG$4VnGMy-XlY`8tHv!2WjdxeaHH4oD{tvoJTssx^7qbrb?X+JLi(Y*`2&Bd9mQ_Sq4MF-ClIsA9iaso9j%ZT~ttR z#@)m+hp;%o?tw}3Ah>|cbd!8&nD1t9$k{|%^F19uSOO6GYfG8E2L6tL!t>1J-dNE$ zZP27lArmuTN=G3wusFFIpRrw#H-)zHK%%^nI{@Yw{Z^xtIvV8=c*XbB!mw+_d&|`)J zMhz_0tM#g0Yq!T}ElG+rGkPcdy8-y$k-j{2MuDWo_abBgVLPEfgmg26Vh;q$7_$8Z zg8M&^jPxtUAAMibngg#C?)VN%B)FRZ3cU2dHCOXK$M%M_HzXg!8A3U~j<+czpO8W||J3B76gr*>w) z9hc!?^sCDsT!;nyG7WGkUXNl=?H-dMwC&@02^F^QYJCh|6q}BW9dNIh;zJibh>L{a zseho*y4D=Ok&6}BH@@*X9yuf_fvW+HeR(MUQfBr@CH+`wwBS{=W)9Eg9lCRQu%M-olMt8GaO^M zIsj2&x>cIWikeTzc7QE5W<-s34U7Uq)4xbXVv06P?zAXNPm&G2PpB|cJW#vR36HHj{DoGOHODU zYY?4oQW{)lW;QqDe%shyvf=e|&p+kL-Qouom>aTR-e6365>1(@i8;LDryVH$ch{vQ zK|U@n^*06RHeio!r!DO#vK?~7bD^SWsw>GuH#qQnVeFy%Hv{(EXFf_5E?9))gnqL! zn}ZSc3Lp(NIQIkK7_SVuC?eF&yP9M_I8`WD@j6~}fdATf||%WxJA+IJdNB;B8Whh@fV!za>IwG5(KCrlB7ognO_fNBxCc)l6^tK<&I68bIn zcEHPX4&$-~Q&O2B46as10bxA)P-jnYAdX&I>&x6ZOgUMFB-L1unAKe~&UT`Eym%=F z-d~>(9WvFqLY(lflPa2Zu?X=#1+uf&AK9w&x+ zMYg&LA=mE4@w8&}=$d6TQi<2{KWig+CcR?LddKOmL*Md+k?C#2#`}>4Txo%xruns) z`0s#m%N%UX-67LfXWTWB4gtU}&T=vICD+F{%x+7Di+G0dpKx*-YTNFfDb=K+HNS*w zSUVF;6WOBK%<4IFwX3maH8s^(M+TP*4tXc@N2=2g!b4`YV@(RiulDU~39lgSiTbC)8@@)9E|hL@1E1}}RLMARzhdJe-kV1Mx#;ME@#UFdl({IG z{~OS3r-ajRgS)$a_co2z0nEZx6i{108bu68vk&4X9^ zuEk`v8q*$)4pC`jeB1kso5ESPZM$1p2^dji0@95g6v#2_U@M=H`v#wn@#$+T&Uv?c zW~fadGr!&19t!EB^Rqt)t$fLqN!W@yMrx_G4oUiM>a~FK9{cQ;CrDjFj-nLRlwsYm zqkL5#c`I#3$Am=?Ynac;Rk}4btf5#@=FKJEpA_ri>b0&L`c2JK{yUm09V~ z^=&OvG1v4IfoHl^&58$+_!oIwcdU%31q|blua$paVDD=@+V6SH(iqPDJKDXcUYCOm zPKOpWDfS#gO_7)ovum`Ib;x>+{)IPevlg~)^NIUt@Z2_ zaUc2Xb-DN-t?7 zn1}N4*MEo;!siiPo3Jy}Wo>hUf>sSJqGv*V0i_DyVTj_;(Y_$YC-u1JD`wVkfxH2< z+zsiXbc~M&p85tKqD0TtP_ofswl5mshvJR3T=@EN78|d2o|4mRcMo4IE~%C1Qjgh^%?1UG zG4qb$A=0)8kdt%4nwR{{m+yCZL@N=XDy8yKf>e*>%tJo+42!kTN9kNbH64?yEWd-a zBCg>ZZ>YkV1=#$o*vvLw4;gI+xVRk3L>|7Nb_33-SQOmi;32F^_6_ivd9*(|Uek!Z zQS6>kDG_u??qd*q*}0m5^K{nf`FrE02~eaI zgri}b#Yb^=4%D99?o)*2C9ILT@K=Wz2AYhvQiB%u@>FW%V~uRw^QcOSe3PQ|Oee3f zz9=GTb*9mKXE;$EluvXh^3bs=7zklogtX%Rlh@D{4-`Q3Fg>@ZFPiojwcE*gEiybO) z!YE!tXwa6QDQVOb6uM`UQH_F{->5og7XuKA6Rr?_9Bub@4fXwwtYkn|)hl3*h+o3o zn|EI=13gyrDv~d~r@PU~0SX=#l*Ol&7o8#TdL2JzdZ)6M?ur9DqWwX{<>H?;jgEb} zZGl9Bz37%t32WTT%#kj!K8b2-gJm-&v?_z_=Uhi2{xK2Sw^?_W_Bk$M+6!#>-SsQp z`F%2!Kl}_NtbAbd!i_jx)MsWb;EA?#FqxAP$QDJFeoc8s7vN5@Vwg@?u9rxN&-=hi=qLmuTTZvmZtyBQJ0*ZZ#dWTH zrmE#i_y{ECF5o$}n~(j0M#H3cw-(WnAz9E~U_vJJ={b2Vc$sEtQ7pT#w;IJwjbb$o zcxL9bJj*huD3Aoow>E6J7eWg@)wE{%nxW6@w+AP@`_Am!ma5k6D7oVUFY$5USaFP} zr{`5BrXt9?SRv9f2-vpfdh@L>tAW^i%R0Ll*VZlNMx1@!2*t|^AekdDQw0x)p!w4D zfrLHzOz8#mogb+_wI*>N07Hw8KmTFQvRt_Q(N-L~HK6Vt9b0iEN8lIz2W!-&TF=*9 zpd0OEC!ePqrTd&R{yNUcN&{2V^vqLIGBW0{mMZ9xX~_OBk2enX-)qK}_^MiK_2sn) z#-cph9cGM0XU*@)^jQN$f>_-d9Hjn+N&ju#STnkRHRHYrT|orA|~UG7%imRo4RXnIvV7GhB>m__4sy9XB|lOBTcD%BNp87 zXE!y&9;<7`y<0eu`kA=#d>gRXQO`ZPgR*2#yI(qxT!LPup$s{`+iF6YhSZhp(u*m- zH55c3^`qCmS(%&EP9IZJ;W<~o8Z-ym%_gT$)d9DBXZFLKNJ(ttMFv|=tI}1LA@gCP zOa1wC$z#Xxg4JV0?+k1^ z`eiMCh_P}Q9+FCN8+&L5$3JQF!_Y|iRwzJx!$1!=799q%!`2|=NS{oI_BxK?eb%~oVZ`)x{~G;;s&9xc z|JMm~ti;CM3Gn9k<}eT=8sWW4@eN8pX((QFF31!PL^eZRQM!;$A8Fgz8#Rf*XaFqD zu%&Fflbqe_MKvuvV*Q&gNEG^npXJ(wM_M_8z`iRHqi9*H)v?#HYkIzytALyfAM}QH z`=>$)SjWW~OeJ4KXn~|zd+p}9xMgG4A`blEj#1*#a+ttu8`{nN3ENEFFT~5)ysgI< z@E58K*BflW2Jh$Mt~ws22occGy*1LtwO{T}&R9(sodHxD=+G54xRDcurb2Ld4p!EA zT4%`jr+nOGK5#V8^+P`Ch1^PceJDOV_po0cq#D-0;S=bbsqhP11+Cm#u~@#Z<-p3$ zj?+qAfBVI!MuN+~oHmbJJKLN^lgIDl>Kdhb5@nN6I%)ZBCP5gHc(n zS(8E|c^MrKBvpaMp_#R7i>W$rVj=S|;PE1tXnktYx0&FA7%Q?$PpCcDTWGz)u9c90 zD9{UkOwN!-`(iARD_z%UQ*i_%+p~-Ny!16A4a``My^`+M8le^APHpHIx9`W@iIq8b z@oKQeN1O`j zim3EHI~BU8Eh)@;F2xsVQI<#idOaS?k7B+iJ@!Bw&n_cHdXI3caSS%I_;Q33)M*t4 z*THLj{ghPX@+hA#z*s2O%k8MQ?VE&~QqSxnC4afr*`sR34xk4!@g! zN{NTk(P%kL8glE<7^RdwUEP5I57KXP>ANJmK4uH0$4sWu|oaR0w{&7gj$I zVtMck$g-}FWDxiWwr!7@6KH&!6g%9GPRM(haz;D0{fqfXwtP)q2QysDG&@g~$X_}X zrE5;*nS!k-!fAi&tXF#s(QR$oh6#D#NN{y z8W`z*L|zUx2;E=gG{0Q=gO-a4we)gEdx541z1%Jlag;K%H;$b0L0V95pAu=_#+J6M zcnAdpsDVk}K$Y153?;V*R-=JbgGlE09P_>+XVjPxJKEqyg z=4VHx)0nF2880}IedhdpLTTO*0Gi`7zEDDPoQ=)^SI4Ow3Q1e#6o%!+rzxe&ZK}zl z>VO`iT2^AN{f#b@ocGLxC%gRgQ=hSQu3Kr9Lc_CQvm@6#rClZ-$P&f@=`sPHMFn12 zuY5XR)3hw6n5_i|F5xkd{tGVTU#ozEpyPH5AlTo>Rt+f>EkUkqBBr7e{!=ggpLC{Ousiaz9F2nQ#a+UI9Ih1 ze=+z+1xa!FXK~v9+6*CKj25T0F1OhYvWiz%);<>iy8H>)Q`YiXDR?wji^g|j8dPZk zL99NMy!LkpO@aNqzt>f%Sx=Gz_oPK}{_(WcxpTnW$ord`qM*y_AJmt>Ef*>-4`!7u zsnTMsIdir@YJK#q|Y;SJlcWgc5bbmGkBtL*I4V^^f;` zi(`GMW}}n|*+5#V={f<8!+(5FH&y4YDzD?|mR9bnvE46U?vqL?oulgr1 zey-(3>L=5Is3s|=tEb)AAA4Q|CX}Qeg?i^ta8oTYnhT?a= z=^fK(9o;nT2_wBcbaOZZyaf;uA7)gk`yI{0y9M13R#Sa~`-G(eM!I6!%471wxHH6& zAI!pv^N|f|y7CTJL(1Z^{>u{}C-(8rZYb~zlvumjNf5pA+T`E9pS49nH$FXNKi+$V zbMylvU7L7J)gi1N#bUk!aobh`u~{9jnZ!|C=-FA9(|&$@+?Gw3ms%18?=iwKm=KQ&*#=Fg+vy2Wqj>#VPI?r>IdC< z{{Xj>$RPNBNBsc!y{f^#CHa3piMWT?#j{b83^&DT2LFC7|J|*on2R!|&l@Hx`+K!} zVgn0OKG~st^WX2}y|PR3=kS^iN}cRCT#dTP)sX6&6D4cX>vW}xj~47SWn3WD=}IN0 z-0F)IntV~AMA8W>Hp5r{hCcr$TrMvqR9EIb@gFlAJC28@F&#z*n7yOpSYl!84+2d0 z*u5AKF z(HlE`eWv6_1p0py`@cB%;4Ss}P5L~cHx<9-o@%euI;#dJ$*DL#93YUA?$qaPRlb@UaU-n=1GtjHSO-pcd+DRXO4vE3 zBmP2ND>jgB>Lp~2Vh~~AOfx#fqz0)kKXDhokM>4VZOgrnXhK#wvbdgWad>s2iXV&24W?d1JQ6X7w z>IFA6rp4j!a5ezMpzWB%+5 zYwm+dqGbhxU8)d=E?Gor)O9h_MwWwTV`pD1y!K)PLwaCdpT0sMXh;#4Vfq{5e7>*5Y*f`4I+`wtPGAAt~iH{nr9t; zU#IT2Om1ho6wTpl$%Lh4xw|3NMk)eBjL^oXjN16|M6=A`SVTTte)MX|K|=`1El@Ac z6@|S68UZk`szl%3^OK)FM>&CiP-Ux^ICQP?7^bizY9~39D$Q&PjzNOV7OWt8(vKmr zwapkskYlvt~-4ZQP z`;jNouJu7THCK@ad>g|{Rr@}WpqRNBiGTd z(v|SMS|adAB0Ic)O1B3){%deV%6xv{)dMwglOXV_5w@Q23A4v4s#(s_WKob6WTR!a zlWIA55U9X5?Thwr$ZmYH!>zLB2NV4hH=MakQ8M8POEM>?t%@dg)r7k#2qhw55*Syh zrw|k7d8O`D*I_?@Q;?olJM?MvQY;cy!a4p<%9;AOBu*Wfm&2962x=yu2 zuS;SbNgIhi+DAB6@%7JQSLLzO`r~^X0q zA?;b#uVdjZ!v%|C&4$ym%r{c9c68aL93j~ReBMz2qY-||Op;Q62Nz{ga{QzojTRET-szM5Oi|V>JJzA^c3+dquTGo|y z=*0X4xQ-^YW{6BR$oi9{*vVg6e?S8|>F`<*>ks&5lv-1P;XBlo{rML($Agm4nAp12 zLuH0K_zOmnFjtXJ`x7t4o1_Pag-|%&NWftg%L&GFHnOqJ(yG zH5-$9;`XH`$k{i}weLQJWZ14Do%J&5q&?%c=clP!&s>77o~R99su7cN8BqSY?55|h zH3`eqVii=)J631X-TUR8iiLTJ3z7RVX5qhhZ^+ms>t^7)eJA&-hpm?nwK+wb(pVbiMplRs-NY zLn?Ociy9lHyu&IQA{-l{P+(W_aefLW#T>ZzK-ikah$SwcQpOgiddVIzi=Ru8($N z;^$>bVzI{7#?}Id&k55_o=DjwPKtZ3`25rUPG1xu*07d_Tdb9sLLYXme(*7SeT(kO zXH0Ot-&jTBbp6KCvAIwOgDJ`jX%Z9xu1i?;ZjKfkp!~C~)ekY?2#6xjasw7WQzzv0yy@V>nH?ux2hW zU_9Y?H)_mr+O1_)2()MqF1A9~Zyrw;?9tGQBG9oo^e0%a^q17GZPB~O9ObE+BTul^ z>-F4Wy9{35aPW@L8>WEH^fw-hpN#m_)~8KdeEe&)f?<1p$Jn37k6KSEs?Ja>0Kbke zl9X|RH$NHQ40y|U9vpwY=V+omP6|1`cb7d>9UGOp+5>d} zc+{U#n|N}2%q4I<;|MKzuU6x5vZe;U;#`|hAnLO5rApLIdO!M{!NGxH%r5Z;#(hwP z&DJjCwdM%Ux7_2iIIA$xp%8QGy+EFP7turRgZ{9rugk6%B;Y}Crk$lUU|w*oNsUuI z(ui^}pHO{s5lM>?%bGnaBHOaDtUguxrG+FtJ*wl^M^)13JMrPU#2?XjoNZNDhG^oo zxM9T$^^-W|pCK))W~zbx$`C>FQJld28Au&k~Y>tpl5mEG6C=HklA zq%L4-g1UFK+X!gd+4yGL(z)REP@JpA=9Suv!h*`fJlDo+8zTZk4%ml$h^a#t@BTBy zU`V6<_;(ZW6;tf`+(JH&>v*=GfBlqtgMzy`x>9L9WE^?DYcA8-dr4!k^(do;Tv^k0 z0<(opI*Q3b?rEAa`&;J+n?s8$VbxS!DemTk(k+IVc)m+#r&_EQVtgJqTZ1@ETb?mO zgN@l-#@+C>KUR(>d@U)yv~UDfFYB>@^SMxBi*Lxb|3ljU=>_l{ShIB3hJCaF4bf#K zftysXp_QyFE)&k_2Z_X;!{+Ig2U!TSdy>@)t@HdcPg%K z$8;J^l6;#6HgwAjR~4Wx-%e63S3&Opj}feOKMPDr1uBG}H1jTHpMzWm(p>g!%Wdg7 zZO6KwCfwK}d`RCEjf*|%EdKy|*dUP%pwuh|2Qv{CmSNNL>k}9D(Z{0Z+*#8z?EG6j zT^k9(tHzDUmlL5{yO0lJSxyD9CQ3ms*H33|N!L+|1Qhi;4i7oxECIm!)sXVck&+jn zAbg{%C1ju7?@4-RV>HfWIuh5c#0GYaR(dLw;nY@=DEf1ML~l?^*2#7%uVrR!gj3c! zC~nNaIuWxR%mNM2m@gheCNyhZVEITL0R-W$1kV&dkhNK*KTa>Uu(N*E&oPcjr^J5{ z%9!I{meMmCA%l(YiCH&I?tKf$ZcKLLWI)zW zy0rL}H0|@tJ!e#ppd3bpT&3qzF~U2vt~8i!sNd9Nhn7ZDRMUQKwBz$z~%rOP|>;z zB!YDQ=7V|~sg|&D-AZXRw64KncRtJ1&?WAST1IhD=z|_jsYd{d1^z+c53My@_C;=D z05(`sV8%Ld;g1a2HS3J+qh;+DpQiG$o^Ib|rjtAULAVgzM4H5jf_tTKj>-~ax&2Az zE-^R`nO(1{4!mwRWX`u6e=oM0kf_Q^m`ShSsyPQ9(R@*lPs8iq0IsFwROo$KdEBP6 zoeSv_c8X#J9ZG+7rEhsiPa50h1j@&>a%KcTlqc&_qgZB8wRJ&nMgpA4^|JgeMxy~* zU5M^$(qz*IeuHNy?Y+)f>TLC8;g<_aKGx|BN{DY_Lpvyd_Sz^_{LIQTZTq33F&FfF z+x}L+_F4pA&zf(LCD0x^uT|hTl~jKF@r7kxTtGA50dY#ij6LX(S77hp4^Z7BS14pK z`y6SL0mBy4BY4fWbA~Q(_(-~c#W}T!GMyP{Kr~hmv951u2i9G?AypP>S#58^ELSni zMVhROkHXB$%-gN~H#`*>I;5Pa5&77{R^ZgXRdPn7uS@ zmWQQDc|7&RQu|ZJY1zM5__f8lW!ve_Ctbx3w6&_i2ZI(LWqOW;qC}xKpzcHY$Z`L^ zV#zj_riRL3eH9>UfIace&w};q(^a6lV^~l|pQM}9&X?vN+y^Ih*y!`dk+V$Npix>| zZ2b<{zJ3z34j*VGi-c{jG-b)ACyW&OFdR%A4hZA#VJPRLuIL+akp{nHC@%$6r02}z zL0oq$m#rfWM~=#ant1UO3mk~~3NfY(_Pc^ihJPqLU!i@9P6h6)9%%K*MO(#%FbBkd z`&(LO7HXumxU@|oQpSGQ`<)UgrBvt~8oJ)&FZqgYS=YiHxQ&VIWN>-!X2qb%kBtG_NGDxo zb%rG0Mck_8ogS`N9oKKUqZf705u%5oZutQz!5 z=XIdfy0Ja)3VwV(on%jeV`uee>-+OVe*hzW3h4XVe1Sj4`2FbJOe@aKWaozk67L06 zgs`r?3Gz7XcuGkDctA~~CGGlYHvL*>#;J(769PYGT&Z~J-(K>qyM}R7VsN4|sQ1E| zM{OM|<=%lFPV^MJ>hxuYV`;ocj%bEU0W1?mgLaFv>l5g?VqY!2XbhRHOiTi}-qU)7 zANxdqyrv42SonCkU1djGya`)4)eHWf)r38vOl6$iiP6ePeI*6Jq1lS_We)|Gi^;kD zjL{W~IT)1|5pKKNgf%yfTwG0a$1MCo*_(E5!G47FnX&s30@YXzo`k7K3LpbZ2tX*B zeb_`2?&ywGz4>DAntIxw>bOlI(pKx-q9sIZ!7)XeBW_SZl$U388yw_e(Wo?ObtdQJ z?hQGy_uCWhuv65Hd-%}`!LxDl|;p5mJx2Tq1pRyfk-W2ePp^#ID>hKS73AfxwLje?8QuOR^e`sk_yvM71 z9wPs89#bU#U%uu4e0uPlirW9&$8^Sjc1f3TE4(88I*|B_hGPF~G1nfP*mcT-AAY~e z6QQ7#EO!J2hTizckm31DpHH2hK3%Z%^naG$(Q(0?a=6a;J%XJSCuY)6C1u!mrvA8l z(>>+94oB8qt2?RT9oGdFOuXNPh1*a9&9Feqy6g{)25A1FxxuRr)NRUUUH0xZ)Bgjh zFH2x)&TnQDtRAww|2rc8Pqe^3nzDtu#f$~1e0NpUlacwu@!F@MzggAu z%hW{NBy!o_mf9^RG2vuc|9ahDJ`KxL1dH60tpB%h=>Pd|;c_fDJ0_P4@BAbE&i{&| z5b((3uE9SsMIm>H!WE(<&xL>DGzBGdQGzmI=Bg*?<$nqC|N3>siy}WET57NVY4fiX zj?YuVN1R4_{}iq}O}%ga>eTCfj1;X~irq*C6TwEbf_Z-%-e zU}~DoWc4;fo|Bd87SIxB)CD=+$bTthq~BZ;$;78Vj|@sPhjK8JFn45z91kp>edge# zOiyT}`D*A+Y`L*UG?}1i(90|K;kzw52Z8cADGMjo(s1WsAHnGUuo4932oY_Zk$Uc& zlLFp*{n&ZPH<+_Rdezsx#WHxxCp4YW2krm3Bxc%UI_q7a(Y?Xd8cM9iKI`P9;Q1C` zQx)YxF+g1C7=8o^8lyxxBtXU4|!lHeA^|7`2M~f57vKrMn zz6@~6;Fiu;dV+*9rx&rj48&Fu?^@=-s@i7$7^{sEmmI@dff>y?o4{kgTONVI6c-$Z z>HI1@(=|oWin@NUdGMmQXIv%3-oUCDj!Uei3{}ebNk3Y*Cr> zM{TZ#X(>={maw>UxTmLAa$=nVs=VCvTs%aranR>2y&+oE7JR(1F@4x9xWfp!6hzl* zy`1ib%y2%o4sbJwyyOJ2b|L5>zgIM}OK_w<>32HBD&e*>aY6=zDmA|K;NwG+zR=2s z#oQ)v2mSJH%ElvC#&U`x`9WpHy0GIFcp~WGmgnyT$h1lHN!~HpK_okE@3mWU485S- zO=7fn0$SBPg{pl_MhbtbMY&v~O65dkFN>>NdnP$5p}4=@8LGCl6Kto@l9S2^B}Pl3 z<)lD7sqGl@NkUeRVsPVW@0dtlZD32V5aO=4?O`sO7Sk@VV#M~>x4l;g%aoKjx_eAN}H$A&6#Ke0SPc#lT{TavK1ZmOZsoORX5y#x_0rOhu7QZe5 z7z8x7ZSZ2Ald;c^x@DL^_13cS#FFKMPnM>-`BH8b?CfE-AS7f!dkX)P%V1l+M)P_j z6R*8f)RXWqU6U8h2SdeWeZ3HYAjA^-qoLd)Q}SwG{0jqli`+6RxHEB)YhEv^@+e2U za0|t|Z&_wjP?({`j)baj<+j@;<8`w7vc06jb3$=o zNlinFjWN05x3PSgF({2fHk5Yqf@?R`mMkLrGF+LeRz{!8lGG|Zm-QnP zy9W?+tB8JA<64MluuVpayl(lpy4IIKs}4DBz)_!hz)X;;k`SVaY%^tg|Cr7Zzt0UV z)l0T3f1aW}$tgJAIo@mdpnR%_W?GWXi+!}EyJ?PXiE?*mV+ z+rSjjP`7^Xs>Z`xFv2dOcRaa|>|6LV=m2w(3BOt9y(oh437>y55twSc?$DGgf zJgzCZz1SkCWi&0n#4`qtXPxHPHIM)#W|UcMRLorjA1J-gY^#IP;&yr{<(|ViR9m+8 zU#3Ida>5M2Dz|M_ywVsejYgjEk@&fsne7~R-^$2_x)o;zC7kB_#u3z~oRsP5dELs; zbi~6ZPR%H_6owKTD7h{^`6YQ(l^1tYfScyT(=JYfM)YKEcT3y7+fH4)KUf-SBB@_% zQ|GfQpyMQRbM8jnu4HMwKe72kw*keNn4vYd@ktAcPV#&V+BQFp;Qsn>ZHC|I%_DtNC)`s~b$lNW_*8AoeF2nS6+yhQK51@j zJNThV1oKBtHcmPX%LgXS;)Z1%=(=0931?f>NZmwa-cDk&l$@vA;Go)bNanCTf>h~& z^%gLKhYrqTW#oIAuL+r$l?RZPdEj_*vgw1#<>>nGw$ijdD1mOzs?=*I+ols+>$fN+ zk(HfgORQCcjHUW}9C6&)Q#NaPSgv1WkzHBLpAk{qVwvbhRN9#-tPLweEZC+EUVsD3 z9)#JeIvssvqF`q!Dvc2t?{->G%B`?mt&k`Sus#@!FtyUn8ztB2ADZX!(m!>*be5D{ z-tih@)tDV*i|t>4O6880lmQ>O7J9;Mh8E6KuX+DU;GeWCYgNtp;u1m7IY>qZidP!- zw$&NzsKuA9aRI8{%7NgW@)B@qh~sYLD_~vx9lvCU!}+`E%b*&|PfR1v2P6+7+*i-v z%-ya1x~el;Uv6%@QS@cS1G@@&q{8j1f1mVo?U}X}UnDEhplszs;Np~3{%c2`%I6P6 z%o{8C4I+|(5sd)`x=rTb92NJB*K}opO;5q8Q~3#_R3UuUwaURQ76w6P#mN`hCyH^W zou8_(HNfJ*$L22{$D-2N>2?Dv&iQ}Kn7oo|Ef(Pz5NluBmWa7>h!R{-Fs+ioL%%JVQo`ZKG%Ndfeh0n~IpP~!BuY!%RGGuJ2E@nh!7 z?uMW7tM2l6-#1{q67-@#Q&0?M*Vt{*_o%SCkJbx_UVSFXPS0+H<16Bw+yK1rD76a~ z9j%VDZ7zq>)*POAS07)lUbf{9nP*O}tkO{`_0d5YZey@f*;{M%w~sq1AVz40h0zvW>>OU+k2(1a_R#Lc~+KMSH~~V#ARN4V)U4z zOJ_f_NQ4zWx>vOJ)j{RTa$xJcaFW#5a`%kcO1Ucde#q#@*6Xe%6GU=^ej{IQp~=|f zM^1txKE{%UB>r^L$~QsGaW&XY-CaD2RlMogRZi#n&jeUQQG30_XnGqpIu*E{G z=L8!FS^^tVgK>n;J^2{K<7z|hudrLa@w2YK0#?HJWy^xQICQ<8-(kHEWU<~MTP{U! ziC?Cqv{)(x4d8;bM-7=EHfQ{YmyOJrjeEercQ&M(;+!9fuTB++x}9C{db8jWCesox z1)*G*9TYgpe$5_sl7`~V`^i@^yYl+owqtT&L~Cifz3gTg34N8Y6aS?plqvN+!;=y z4R3+tuH9|6>3&L4tz3FZK7QH2G6c75Ia7DSJOv%Yc*7|dgQp3?InXv`@&PF(Cr`A? z1hHE_OdecRO1PLUpue5ZZkV<{s_)&hhtA?@AdbOs9ZOj6Sk1xqq zT&~s7Rl9*+hDPkR+s?PiIo3tt`u2&+kdNAe_Fh_$9lyK)dy0@fe?^nfGh~SO3zj;v z%wm1Q!aHWC;TYJX9AzvQJP!adikHj#ixRLqany*@S} zgM+ohrA%=S;P3|kN0C-~$yeK*sX$9|eY)R?zXj$Ie$XRO?M#S_Zx>mtsL}ND| z$BpJDUkd`nUtU?3;7*OBV1=tIS`yWGoM#5+&bMNwSTG))GmvhnrVW(Gxvv0d5oco| zbp;YCKFNlM8A`l$&pn9(MlIZ{t}W~qD!TF4O((9=V$fc5~q&lf~+3V_e z9}ydPbgEkRrQqz<#~X&_Q*P`RLGwRb%efrI(!AD=jb{;x!S!vpLTcfVhx_91Ag2!Lzy)!&WWg;H;JE7}{T;y>Cd}v_rHAHlYmerrxPEpQ&xUfD}jlHYRWuac>$}=m) z*AvSr<)lKRpJd&+BBnm;Kau|912cB8P5%DI_^+j#wUAVjS-NvU1WxR=#iU(^tBcuA z=S~#AaYkT~-4}EC294+_>!hX;KcbHw9xl-7e>M=@y5+?~}xx&kol-mjZiTZXgU48y)( ztc?bWysbOn*`AyJ;9X|*^Hr>=ed=uSZChZJYjoQs=X$V6MzN4pcn)f3j@bwmgq7HN zLuDH_saDnC*cJPy5_oaCMy%6jB%Nu6ITH_&?iu_jJ#3dcx^0p%Fu0fgqqyFqX?0Smp z&`rVja&P==A0038^_lA0vR|@q^!^lEB)0wpyI@`et`af3wDaQ?BZMKS$oexS|O~2=8B{sM@HRivdq4jybj2U5XYfq)|o~ zEsD+zR0Z*xIp?1?DXHDZ9-g)>Q4WMlO3;ys#={Hg%-oHh$Zdp$*P07#P|+;YfP(TA za*Bhd@Y%gt)4WoWmtT=Y(6x*tPZm8>B`O50qGBL~=4UN^~}5nvW|(NeH+ z6~va*JWe%h-TsnHHaM!FX^b4yc{c>(^vrfNFWN775p-71Ypra?en^9pxyG~Kg`}kf z0W@)XV>h16DehgRcrF0BHHg;`)oppR(vJ?2shi;!1^g>CHTj8T+?Heg;_`RUUEa1^ zNxdIKCseomPfPG`2EzKOo)G_YZ|8kwDlt^XpW(JwV-0NS2R`ewN(yPZJJocZC{lIr@E zUy@Tg2K*R}vB(M?_fH$qlx9Wb+!0Pb85|_M^PQ zHU|qpeO?xG(bSO1JBzJ8#q)l4XDeFy@OzyXh=7SB9e)sB60CO@;=;P}5S4CUQmfK* zGL`Q#)AOjMTl-y~1Sl4OA9Vr{ZCi5d=txB@b8zXsqdzj++OfbZ5)!j*quDNuQTDxB z=492;w#DM!0Clwf5r|gZoVvBBM#S^QSVWOG^vBc~e8tiY+}>29gy)Woi{`|H3XgVkID%2uWihl( zcBaW4ppfS0w|w?=7>m^2+Qi$A*^9>Z*VtI{_TL!V*Vz}-#I28P=S*mv>(#pM6wPLS zp{!l*IiS_7ZHU(kIh9=5!N&*2DJaw;0*3pL+e}Jjj`f2?{^r*~QTo8u2$%h(q#BP! zD@c7NWA%w+Qj^!hGH?I+vlnbzVBAlta(UE!OZ&HJ$+}iGufH6?WiOgUUMcx#+J=z& z+|_q~^TaW7`tp14Kj_zDN?bS~CbUUwPaiPy#~-?&XH5bOqu@WF`FaGyu#2JyGqXN7 zTeI|wOHw`s-yI`B^A;mi+)aFg?S7?tKIU{PYrt+9d#z%8Ar_x98z~z^3cwDy09aI% z&-83u(Hq1Xpc#YS0jG*9w+n`_AjKVD_C|Wi@MFg~$9{@q!EdeNklhm-$)xSl;H8y9 zxSrxS=Z9Nk)2B>wLrjY$K7YeYt6uRIYRcj}WggS7xm>>5xCrT-%j6vJot$?C*X<}y zP_BVDcPMd)$FG;`DLzXDjgA0AGsLb_^3iZM?J7S@$)s@NdO+)lZgYF7`r`2qWnUQ= zCV*e$)j`NZiwwVJx7+gXl-zD~hm8CBe5Z*I$;|myz_jvRh42_yjq44dzz_Sk3X|Kn z3=Mx2d#I%+6*;r=C1n6Onwe)VC0`x%BBx8dxQP1IwWUtUbSi=ZZXbXBq2E2tw{8Lv zv+%6&SjprQOBX+q*t^GPAKc7KFEw-}Dp`d%WkTEFlmNwe1F}-A#ROh-?mtO3t^N)j zX8nnugSQ4jCq4Uiw}o5qH8T2FBMs{F&G)49k<#6jr1(s&5{5)^O)uc^W=hRi@)h>* z)P45fMQZ3p zsX=;AXi6ucNazIk9_Afq-tYY^cinaWxOd&*uP2MA?6c24^|$vvv5ByuOC7a*{MSmP z!&kUL+ZERlw3u~JPu!<%i2#R`z7Uqm^zD^&T{tZe=63&&-OSku?O0!8FGUmFxoBfRbB%p6G^Vq;RJ z!*Ucv_9EhV*OfL(@Km+W+a*SswJ%s+9c zNwlWRdZnbIfUXPr$5b`^$GMbXEM?=U%fp~0`KYXU!RlcBD-?5+3t4j`DFbu zeXpIF8o{E&v-WFFO*EkOMbc+DgvGUsIi}6`-%qI*84M<;vtpSjT^k{$jKJpe<;&hY z?b-Yz5e96bKmos-fD>A+?rH@r%^~#d=aomH<-=FJk6n0mV8@1Cfu=Ow zq7C=Mu6TNg4?ZFK#dY43-GpJYlZuzpE|gmtMzSh!_Q>uWRhFB#iYL;60vUzBb3Q={ zN3NCbVK<`)!7*FZ+<B``qv6K64>%8EUrU?_3mpdcJhQEmn(Ybpc6VSF?w^ra58~ zu(-mbne4oVTQHV#iFGqds~&_gqNK+*p=?<9n3J1;Egf7KMnMb{Tlg+FVBr(Aw~nHv zM9;52oh)10uhu#>JXSjmbs_33HP9c;MJC89xpFYmNvXd{$ByB_G6*3djQKI;TarjP zGyPXi;9doZyG zW8C=NzD)m3dE~p>dB^IElz>u6KB^av5{&PS8&P`@KS(Xiqwd$}{N@xe*x|@nd2`gd z9#v7leGIM~Pp1iuV;|dI8Z$V&&fc}ou;WfW>fG6L5NS9xbKkka4laU!Rj+*uU~sua zoeK7EU}jR`g3Ms`m-A-7zn!L^Qgmfc-aYyIoMbAXh!WsPvSkHRVi{&mV)68Ug{ z8)12Ir*%xCjgt-7ttfs3uu<)=_Z_IeQJnf{-Zyx8)x~J|6}@BMz}D?m5`OpkR_fz$ zozB0()NMhMxig(sLY&`j0~G%4HUDuXu6#tGG+yuj8h}Y0MG(oX#$Ea~fyx57NJ3zt z*pI&Ymk_sQj==7zguY(`Fi{$Szp38=4C+_kKOqa~?rMXh&bJEr;S)(2z~|jLnh$=U zoxkLKQGXSPv|_yJs`RsbbN_nFx(0yCl$(Zs9y5F-)8(6h7g8@w=;$Pu=Ytd;s|_bD zmP+jby79vbyIp>yu%X0az)M1#{rQMlRJ<>!iRC9;9H`+VCfX-iIhuGYrs}5g$zQ6) z$nt0-hi>9{#ebm1@BFO12viFTwaAY}{#F)ANuXM~x0zbWerXonNWg%20)~(Ms;bXj zrUUfh-@GNx^9w2p%$RrpQ-{hnp8bh>|0QdE_c_4S@711k_&bK}TPgnYVJD#ZqvWqc zzoVM}kjT#uC{*%S(KnR8tbinW0O9JNFFZQJ0`O6(CBL-}%LHAaJb9eLgK2r7kO6Qd zu&59pMn_uq^k(O7Umqpzbe|))B3RdPjGrktdo~|rFpI9pf2vJaH{L$IyYaq!h4nK` zX=>%shxP4q$4D!=&y~F_9-2`>b$ti{ic~*&N^pY(UC}_8`$QhMM3U?ii@+7ABn3g^ zbuTqxAdE>R%Iz4BhNMypky@(3cqb7-ecp%5!eSi(!rsF}ftlk`S%SDW_O2ZnJ@etZrF+^I4eYW~+3Q_v0nwyV^Yu zyADdtsmDY$49$ijaxh&}eCKrcQzTeU)uD#Z0zTOFMid@ax0O39{^*z8*xpQkU0)Vw zu^F#aQ+zlv)IKG2G=7_V-wXxGE|ZnRbo~g2`Vp*%*g43SQXaRDpc6)l?Fc8Yp8)6MYkXm;1E$pmL?R_Gz{ue^+BWQpewGIe6b z5Ji-%oS(gt-DtRYRDB?R6!I1}Xv7Dz@|#N+L3 z_HLN2TcKzy8-}M_YZC`-+SL(jbEFzNGf_jLS2KGpwldeo+w#s9Oq3XuZniB9>Fctz z15=Xu8%O>Wq_TWR?PP(xedT8AdoR<({WIoi^<(B~jZsDF%#GHbra5RWD4|}?Cj#AlT4&>jz3hZe{-D_VQubON%(&PCrDL+^7lt7i`*KX=2JkPdN2qHg zUCB}+^te$M@Tm3Wa{0nF^E>u*s*k#$=uLhraBLoUG2x_Up1Ak)A zz)<9Q;{Fkhu8{*p`E~Kegg6uG@bp^>DEIcIpvSI;ndgXmhmf(u%lm@fXyAy)mr@N z0qn{Wp&)xxCJk@N zg+uVF3yXXMLRi0@dsF80rF^2YNXE38wECk?EL|MC`%Zn_wdIq_K@kH|Xn>c~UoO(N z>}(yGT=0pi7wwQ7?tRf6O)-9;Pb!;RMG&<4`~MW`wN!rJTs)Se@R5o@_d(wD*l>?p1+H8A1ZgQ zjLfmFoBisXkZ4NzIx07Bpn8uGVZF64$Ng@JAcd(P?^l?a*!3e8^jE+_J%shFKxsN1 zg*arJ-L>5(*xEw=(o!DAs9awbj5>3X$nRmug)u(xA-m*VeAV-)E}TYf*0rK>*4xZG zZxVs=YWRqS4p00xcQjK|NNP*Sx^po5D6b$>Wno`C+bds%=HzvO6Fz%rO{0df0^P2f zq7Ab(L$D}5Av^MIxLy^jJFE0nm5kIV(~(WJ8O7blW}LbHUka)RtL$s!mgDncK!F-& z2!4xGo;o=`@K>XOr}wWJVQp`=>9gn@x(3X`Y;tK$rS4sxTJAjRzof~&v{PhA%J$_u zAZnsgQd)*|yZ|C5AP!!Q}?Mn2h0JgQ49sLZqy@d@<1Te*b-5r;CaiBgCi$Ld$ zOKGKY5Owy1ZNr%IG~BdiFzS+35nGa<(eT)ym8T8)l{ZIJorGjARHHdfL;rFxwXo1y zNSDeYdBF$p%c|XKE!>vu-8J*_cw_7et=d@ri?`;Akh?GYGb#k!XhtW_f#D;vm^37z zhPz>mU4Ali%z{4g3)FIfZ;W(^T9I}4{NN^AE_kth(50nO-xe3IGwvM2jPoJD>GFJx z@|4P(>>Pmd`-&C}B?vKOqQXiGhHnJgb-Z$7D%&+J8mqu=>L8p+OF9Q^I5j-4c01%h zwpl8=ywy^_@KTUV|B6XkU}8cQX;hX;m3qACEBi_70On#d?sb-)I<< zkyAo)^}S@fQZ|>CNp#XGxB<%%ei6N5>%6(AX$hiXQo968d zJ6oGw*}9MZeZqD>l8=lhA%kMh&GW`gar9Y=p*_UK%wBUga+_muQ^75%hc|}8p&Q)2 z8M@cI-cbx%%U_kP4MKJdY%B{|!&OZLSaWI1M0vCD9WTraa#bS7wpVp3L`Q^IFAl$| z?x2F$*ePJaXY+W=Y?!CQ+ehO1mWle7BnwHUF-m>5zA%JA#FqX&?%-M}vx0F@HY zz)^M=`+J%%tmzqpd)+DTL#pqt4`n|rq1QiolssUIEKWpIpW7J{rE7UdvY0m%K&Z^m z6nT*uA-1S%>se$r$6LlmRO5p6k(!6*VQ8**ah~l6JDo8_R4R@fUNRQ1&4D`^c10Uw z_CAOTGuvX43eCwLsqO_2oyy{W5BJCxabwpEu7*8HYe{$qX=SFjUz zO(pULE|)>XYd({aMnyG*EEUV;J@xr)dU27#mpz{~B}K^D>s9`4b;ycA#}T_5!=>P| zh32yR8G;3^FH5sPIx=N{@YA(Euyv(zq1L#oMg`|4yC4W-*C)rj-7rLRFn>n=W5#Pp zBVBKpDL_ygpZ?(;)2$bo_))Z>+j#-+m&K=VfTLLw_<t8RRJ+wYVuD?6BVdyGk9y6%2o zDJmT}Gpw7^lMn&-?HJt%KYxGM_5@w5@LptlU5Wr2>r7=0B=S94gdJ`AaKSo{HhmtG zg{&0MJ<%~T_0%*VbPy{uib`4O-Z%s2q>nSJK!L6(?b!qqWsF{*v8BLCEO%k7e_4aJ z+0jY&Zrqbj*M-(<$ylcnBy8eUU*_$8eL^4A6W(8AcgBD|S=X#fAdu^trs>Q*<>Z+N zd08-o-{4JtQ#fAed2CsmOB=nN&&UEdgEmRFTVaD|Z9&13eW5<4I)nkoz@XM6&mt$v zo4cC$paX1V0m2!E8`&r1M5JZ!^PkBU?aJE8ezal}iYV>85cRgjLU&~m4{b3Yk4$+P z)ehz$o-pGn{cZbQ!SI0>Ld>RN>Dk?g&&34)I14&Z)`8`4LSBDd<>J=J-9E4mmxcZR zLB6^aJ#{ViSVOuy56l?ZTac-t!xcPi12>?xItl=~K6#ORV|O}DGdV_NOj|l!85w3c z%!*gb>voVmcNvGCC>$#;B+_eOIH@%AW*eU{HCA@8S--u$zm4YWpWO#%21thMF6N|GhbWEvgAzhj+f~qmbS=1m4r4vA=)CL%&FL-epC_@F$8{0k}kuzVn#EKp| z@=GgxtlDH~*H@%l=0}I$-|2LsA5qQB_B^)LY*;^XkRE&uS8V{zFLnTuOLk|Fbe{QW z&5fFapOoBWxaz*_5-s3HB^W1*jH7(UVjW}cixnx& zx(M9G4tAT2cVmv{Hh4k+{8`|T?mYS&taP*TZJf1e^ir8b4+cyz+@a(?S+R)Mu9WH; zC>tvs*ef{n%qJ`1EFDf)5?$7Vq$f&L~gaw&9!TSMSDJKEe~M{!IT1I5il1QyK}29$pcYM^rU`oUpV^} z+EZtXSvvE(o9nE$GI1XUbU3}iM4R3gVNE$kNjSi6U=wf=bA6LafqKj7^i@PA@6?p zgw8B@Dxq9%H68 z)kCj5@&HgFHbWy2t+3u9raIs4ws`JyPOk%6$w)dq}y7 z@svPj4so8~hU>1@Z^@HXnuKFaFb=eti}AuXaR1TWXH6IQQ6HMZ%{=`ER-YuV(VE*7 ziw1I=Vnc^OIjf(o>1X2Hc2N{yr&R}ck2lS8R!}|v>EW%O#S~W{uc8mn5t%)tXa$rL zha>4M#uPPUi@CilyL_D@gZh@DWj7y;&u8jQ^dr~crZ+^G$^x^hBm-y1-sN{xjS7S@ z^LNOB+Fwy#-xCz`m*(sa2wmhL_6|f31Hsi6*?(f$=w>Um$b73@6+0!^^cvtfuXe8s zEMD0Giru{BC0jLKudVomg<=QoOrCzdBPN@t(PC@6CKk- z!edET*HI+a!aNMVN$lLxf+9kk1|CX=b|~^f#HE#in(JnKe_%MO=u7a`oJAf(wl8 zR&_i0<^q}c#3=6_c4D|l+w(%SN(Kuo+cFgBozHK3-a9_nFm(wxsalJHOl|jRR3@v` zE|77Yj>>LLh#l0E)4!uU;hgX;Y+8MG;`h;g6Ei7Ho^OxCZ3&$ohm1ttC?IOZsFmU= zx6M<(qKp$7@94q07*|yFm!}nB*ALOQGkHAfogsWx6a{>&+E+I0)9eKuJ|HMWwRq~3 zE~75|_8a|U*~bzZ&VE5$3!9@5i{ zDeSS7C04NrX-b9C&KGL3aOg2)JrmmMpkOl0zKAVMEuqWK!MBx!nPD*>EXO{LQ^n>5 z(iR~`f%7OOQ+e%&sE19!zyX-(ktLt3&nGmii?kb*TWr?e4Gs-zdabJl^Vd}*t#4Xjc_agF)VLHXoW6Z>@3H_{U<#vtQLGw?6v)%4eWrGv+o?J4xPcEaI zArrj$qKVLU6OJ>Xuk93zZY3|RA0qg~5`vsb{R01tpUpJ&^Eg5jqSW8wXA>BDSN4Qq zm0tom-JBENZ&Vha3)JMhaRv_!c*=`YQ4a@as10=bQ31|Y^`w6w$(yFB;&IeB7-_(H zP?vNnqPmY9?Zx?RFbhXC&6z-cElwNziZ!{M{)N*9dFO5R(=&EL7?;*xK|k~`Ms^f3 zx)ZEZT_iKOHYnf5N^@+nUpe4ee-#u@4aB0)uRx3T?bvkU9PU_^?~k{fGzB+8S{D?; zO%qXh6v9{~Vei;YGpi3J=i?)~fKBaOTJix9M}~@98`F)?3nd{&X6QMsaVM2Sax9)j z>0W(b{%v90sS0sm9J%T(N@bCyu#>H09-2Jg@HSI%2wU<+Ira~(X-JiYW|G%{yJS)1 zg&Qi~0lO z7i>Zwr;8H!`$oEPNI*&PnT8?*u9%ZH#&b)9oN(I8rbZ?5)8*o{b=XtwO@zFJAywte z7Fe_;LmN{EvOA+JB_J0d@w(jn;}d zHn>XYg{)He^&x$Mb*~>UG(%Q4cWEVH>2s|UL6iB8A)6?oFmJ(3KlPNzX{bml9)PI- zGyc*0uFh3$LZEyEwcK0C>rlVNEBpFyVSiGb%a-2L{k90v!T%7;`J3*7Xj!MJaDoi8Y$P=Pd`{mjy;BJC)ZeQ@U0Q_vB1(4mwU_*h zt=9*;tq*=7LJbYMjf;I*puupS(R=?J&*)un%O?{Cekb0~cCFRp%ooc_EZCkq>(dw@ z{pG-av(8iDE=V+k7Nii)w#-L20n^}26v|~0;|4YDs*NR~N{BO(_U?i?ZIugc8BQ&R zY}nnz(!(9vlH$)|w%m4BOwUFa`{pyJTIZ))#{;CVvvs=Y?fSgmMM?;=WgMj%`PSgR zcjYZXyE-3>dXQE`&9*VWzvmtqOAWH>h=Ex5vlqCJmg68%TcyUHu4~X>`f=f`L%}tA z#M7kBkB22)b;KdG?haMuZqA{UG+fpAnXWEVwYpH?LpwN$#1KrFtOfYD#IT2LxLnF@t`y^GGAp^=9ZId z29w9C)P5cOnZMySN~h2*pjnDXAktd`W=6V_^xjeJr@8><1%~zRBbG3KSw%K%2Ygg& z_CZI3zD3K_N-Z)eebENk*{3+rg5@OimNVz7nwcR7xz-l4Xm&945l^~wQmmlM0Wh1A z#mdOZe0Sqe0lHD=@qO*XwOOqNOn`lZ{v3hz{sH!mkWZ*Ca^^%}=t2)M(R#Zhj1XCn zkZ!>>?B2?Acl+}Sei&liv@3@=bP9t;9%|69!*Pd@6|YCrxm|)U#9}+xO=;L}S=pOB z+Ycvql;OH}#_jpW`)>AmDbdHqh3D=hZyHgQ>4J&UscMvWkO6k&nZrykEgiZgdwq@_ zN4z+%CzX0Gnfejc#(Vm=(YAdqP(8jXddau7Q`67HR?J+?CwBG|b{-H$@A~o>TaY(U=JB3rV zYJWNN2|=RPQuWrWmt$yxLB1fa&?3r!!nKMNqWhz=9ThvOsQxAM>BmdW zW`+1>9j=Eq*{;G5;akdITW3WJXWN$STbwQI5*}>S(6NQkeqLIio6rhODjByFC2YkF zok?U0s^QHK?tp+y`r1DhI?WC=sK>_5SlDc|2L>b7d_P(|9EzXl!~`x!7=wN$I%(yN zZYI|YriV0TFR}4(=f4sy zg*f8(9dcc3mliII5S47lT{xEY?sR)$@DriT0b$NmEji3*o9|);n$HkgjBPj9`W_Am zs#eEk((YXxnlPy1JK+}ccz-e0WTOkzvY1R`KQJ?J`6)3zib7d8$CU)a;JPK=U!YCB zMO=&?7JRDbOl$z%?Of<=-x(Vj%>RLv{mTILI7mc2=jc7kIG7GiUGT$j4mY>!P@qI|SV&O(% z#>PVC0p8oyPLsgjC2HS<08gNHSTG@xQa5UMzN{2}gm%sDS_Irk!;_HAv9EdhRM-)&r-EVsQp9_(KFR2xjFc<7i6 zx4G#4xKLWxgTBL)x2oC|vdI65wrKvbz587FMo@m$g$i#@SKc)5PL}Vq(!ahjnL;Ye zxXd4v9mgVmP`A01ck#2GyPk)tVNE|3>;xn$?h=scXi%a>wEAwAn zgdEMe)kw6}ou8T~xs#H3JyuAU^TPK!mcOJ((l~bP|0ls_E9 zi+p5bPpY(ulhZv`R@PZQ-xa05^#0#3W^=_M5Qs+3faUB7GiH+UBB?y-7xi(pmIuYl zjbeBqD$4(U|6is+evTYv$xr&zhJ8-v`qfFrUUswdKeYt$dYcpf_TKN@`{uEDeQcU4 z`sPoK_{EE%)8AL@H_N{o@ZyDlY-$AH%ljjJ9)00h!Ikd_@o(Q2KM&aM+b6fefBG5{ z5`(+{_Rx3k^}b0$GJZ2yjrC{JkN{27{O1Cb$O8As(jgUo-Z05sJH8{tzkmBJIk{{2 zJ-O(gSL?aen16rhJ9T%H`rIn3RRrG;4E;|ju1?-R{_`*WV?h5H&`&h*j{*JD1O1>! o`=S-VS2K>oNDLu}AWc2dC0EMsjG5`Po literal 0 HcmV?d00001 diff --git a/docs/img/new_auth.png b/docs/img/new_auth.png index 504f0b6d44a7ddad7d18e8660239a5904bf42a0e..ef583276370635aee8163cb2d274f8bd6dd9c518 100644 GIT binary patch literal 79695 zcmb5WWmufqvNnu61PcTw2@otmaHj(#xCi&(H14h;I8AW(;Lup(8a%i)F2SL34gQj| z&z_m@?3vl~{d=zN)$1v_S5@7$>grHMc?oO`QVcjaIBY3Nab-9-R4X_*_$xG&$4}(^ zhabPdD7O$3Q}s2ow{&xpt^|smixPh2S!ajFFIm4dbAB*JvtujjWzSM9~kd6;i%2whT=89S+GbX zKNrOmzZ&IyHS93W**kQypUh|Y+=d>60LZfA%@K#|I~)^aN=*&9R(wXEist48|NVeo zz#*1bFz!@QFDW5Gct}DK8h-OCv#ZUmM@o<{O&oosbsz%m;8xa<@zvIYPSitL&4=R! z4$jdmn$Tvk(J!Ipnnu!%;7`c*@cxd2TSJ4HKWHjlf08?LEPmWf>b1X2H?o(mA0T%W zKfOGuo-uS}mVWZ(C#EvuEzSM06?(6k$ERU?gymSF-UcbdFOF$LAhe{l!8pa`D?Xc; zW=ZlFMSO498Qgno2CwGo)2_@+XoK8Grg3SDf{70gp7&#Zqdg7MEXP+cv>f%iE7FVc zGIc3jUt)F&9I|KcePzD%O0r70ox%-HM(3O0(ot9smpEmH)!p)6&XG^Ay zSWv(L_%Zxyv2`lxJ-LIETMgjRB@s~+k%|EX+wd=I*qIETq>Y7n1E|pu#|-#Z0%)R9 z#0_XQ5V-@q6wzt}b+hm%{X9m|Z~}9)DAEwN+G*{u7vNmm#n{l^x682M2>VH)1svf% z%@GTWCe6bp5jBm*UPp5W_$ZAMb1mh~A!*KfQ8R-^dev8+{1{oa zU6nY>L^BQ`?TA>B3VDu(mWpQbDex1=r_@hdpQLiIlv2$luxL&~__{u>`h0wK%y0jR zS1N{fCx%?oFwc1Wy)s`>kkgm5kh3URI$*SQe}}QKJ7Pnc*C(%JLGgRpY$Ysuo4Bup zZ%oKG;J$`CWS&Gxf8A9~FM2b{yvuD#a4vX`ejZDx`&}dKb$6^5t19gjowLd=gi}dN zd+wb_gHyRv^4Xgm*f`iYgq@$=hMhdwnO&9rl?jS5o$*dpewBZfMb*11R1q8gZEqGJQJ4_tm6{Tct5iQ4oR94vg2@EKU;I)AFh+hr9#!Gv~voN-3wQCr(`88!3bc`WCi8C}o+`!$K`hNbsD12eH2V@aB`KUaBq=|LHb z8d&vEC3A9g3T=8OZ>;!OBR0<>H#tkQc(#nM{A>OO81lYE6XwsYH2+>e%CpV|bRj{Z zn=YCDntz`^w-KY!YEfs=bWy_NgV3uMtQP*3`D4qg-Q`~kwy(y z``gvK@L&o~a$Xz=PGA&suSTzTRG|E>Jb3|sLBVj!u;3QT))vb(OFv7nj$TtreVC3y zy^mA1qc#k>5moQmKwN+6J}UT4h*2oR&C-p|gWEI8Q`4jDV)vxSqG6Bj zq8IKLGgLfCht45-0NHLkPEjD_ZHwujb@B`faOJ=M;3>724rL5 zrLSlFsTpF?mlBC(8kkM>O{X)glkzhxD7>@jW!}q#_nhy%BAh_Xq2v)-gb?ms ztr}%ck;a!OR0MbvxEz&TM*ZcqFJ)dQZnCyC$-2%Ko2Vx+y;jim@d!G@7!EV4oSEsH z39QuT^H1X+7AF@d=eJ3N^(+o~_d9OJpY*I!tjerrzT%~cqluv7r#X-%mvNA0l=0|x zT~j|jKU6QpI z`buJSaShDXFT?%01zJ7|9Y0ykw(8w0-cw+DsYa?K&?B>QaUTDW?vo}xpnrSnX)MTCAl|OANkJF5s+N0YiI;3R2WI8My zEuPUkhOif%$j1X!fe?pt=q||9&C}++SIeK?SmmMP?Q&Or zhj-)YQ+w4=^tLFw;>SFEhkr*;bPuK+R89^x{s|FJ=g{hArI^fcvSAkGJCA9plix~VN=J_jrxn@U4kw$>l#Li}e z_CX!XqUmz0%c~XnhsC3&OOym0tfjR@vX)GbhoQhd)YvCHg5QK0-I!17_d-u%8<)?0 zZ7FI<1%=jyCvP~2RWY zzij-VcBgfCek_vyutxzRrE-7i!Es)@oxa+Hc=&qBRRKv(@GAPk@WiO&RkuQ9rnT^; zSLp4Dm&1no?evN5^)i3kjgK#9JU18ZdI&E^8C(ELS~Og{c8x;TdqhARJe-tetwaVM z=lt{t?oS25d5Mue48Lm@xNqEWE5T7uw+jP5*KokSHUGqiIJ2OG|Db3Z&@fv{+(2P1 z_dP#F7r)xY2XNTAs`VthtB7fj8AyI4#|se!f%7@bxrE zKQfZkgW%u*a8lxLKe)l~En<3om}=lYLPh3R>O%5IIgZg#6b&-Xq3)7-P8g?A;y>XL z<44rFG3u9q0>q0Vw;Ihw;WJPMMYo$hm$Jb8@H)#5zX%FYA_(IS?WSX3l){T89F>J1 zx@-lSD$vCyFQ7FDm$VsQ?6q8I0Us{eDo=--)L6wI>WP>Mv*3{F0q_`#eh7c_IC_9U zT;mDai~hSszwZ(Ohgj?N{O`B?-__gH@F-RSXc>zxl>RGOGW;V3y!ih`7=S+|ZM&Z} zsBy7bHlPdGD7pIxV{w4c};0EQW>*1KY0JU z=>h)b&qs^>tR>_E_rhy9BD<%5)`R|u8~j9m346!YbN4rn{oQBuqh61mNVV-w`A5s= zKKQ}Ub8i?M{iD?>td9;mEz^koCxQb~G0tozpfk_@J218A*(x5o>n#Rf639m7Ur!#RkIA?m5HF}RKK16{dVZ*!A}42s4EE&c?lx%6|w=< ztOWp z-6;#ZyU?4q@Ts=>a914P$rhG+3h-z6d6zCzb;3~*!PESx-oBE6A+l+KV37oX^;f|M ze$iH8I2Bv0PH5eIg!=MpI-<)B9;Mn=XS5NUWuOnId5NvZ-v%Q81IDb5x%Fh%teB~mOv zvA&S`!C*{sE;p0E!TqQTGG~Vr2hcfXZLsBvj)}uZ6bahW*rxY6 zU*5O$<}Aqus4FBfvLCVW-QPdSs*R|&)q8L-g@bO%FUyCRi*K_3$MnaUXn#2yN~g+&-i`_pu-$Fi8t%*Zw%b0qRdhJ- z9;cQ!k*fEFJNw#`#8m5xJ%n4i9Ua&jErj5Dc{P*z#@vxz-uBB9-*oo#Bugx|y=t4; zvmG^;aqX+wjAFe@a}tf}f8ML^6IEwdw_E75- z^SmpLtwmL>;iHdaC^`;rq#1=_ z22WiS{xaWWnPG0HK=`q%%B4zZSIN|q{Pw;ml#sS>3u8kq({J0nt%jvC_@4i6pXCBo-OK_L(gr6pF~)b(1|oWA-SsDRhiK}@?SRX zk=m0*Z1S)M>iJCAwnPbM4G4VJC0WSs90lwn;)|3DUh&~1c#W@CZeQ`}dd4qNVl6%h z&#h+EJ<@D>^CrJCBt3{Z98|!dq+>2vrx!BZwuo;NP(#`b39|vNxHOWVLLM-rY#-dA zC2Hp`?r9IXsBFH2Q)uWIesZ31)O#Iu%k47{K0{M&6kzLHo=-krxU;H>M)&pEXkBjx zZ{CKT)=yI5k%hM{c?*eJc^fa2d`P6~-ZdLP%5$7^Ru^cGp&IGVu~&aNI*C{e@($Qr zF7FU)Dr3CAnKM`YVN~#R^j+Pu+k@?SE6L=Hf%CPWyNY2zbBgo)hcTWz+aNug0EpUR z%7mF+VJW%ELt%{z1h%Fch%iK@=-qi^WM~oVec5m%>gBp8xn18febnOB{K(FP<@XB6a^>35WaCLk8J@MK_2uwEm3~KxN1)xgF_L)nN zY~2mt0f}qNj&6Y%^rO)9j>|du-NF^-6_)!Q@TPM8Mu~1-Z3Jk;5H~UpDbqUo9xOR*{i0u{O)vCR!$r*cPKdf6)@G-R6$HlrVBb#uUY2wvnclCJbX;tEjA=KTIlD z@a)AlG!-(G6Fg;ZY%QZJv;OWq@93Ip>-+pt-haf0wy%tybp38ZAC%OzoE!l0V6Y~t zSiFX2%6%?F(dMECB3pBXLouMc-N2sGc#9Im(Fm>A)if{4-;Ic9u0@|dSh3r20oB7P zZDalR6V2p2v3=4@kLS1uFBb$6Ua~+}cHR(vNPjz1k&Q;hgYJ7LMO*F-y~-hTu&4SI zK^jQwaj`>6nCKJ0K1*IOa)Z+y<4OBk`!bPSY-K|XPjKC`^yguBVRTmcQ*+(ZNsPfZ z7Jxi&U{#whf`o5!s`ruN;KP_S(xqmYr>nV$)%C%W+b@C z&syY)C`PySX^!o-Z|vR}fj)261j{y6%a;?BSta=SYJF&mZBbgh?JG#0j@#Qss_)lZ zSM&O932kQjjZ5v?{FJ`?_9B0iUTSmz)0tB{j$Dpvh!8E#9fk+n%&bJ31#^3$`b?^; z8q$>b65xy;^8^EIYjf^13PvhfMLcNqSj~`R={8*befkcbhTHUOQ_{8X1o}xD@ln~$ zyEIT~Xvx!s3Ahti8=3>tT5R_%f=yeA@;7@w^!)ILrDhWBZJ>Dsa#MD&GKDdYQZCS zLigddi0BVs0So$PC+dbR5$pN+`W&#S*d9Kt93I%$^uA9;wwk`R0i)0CW;yd4F&PK| z!_ak8fMfh(w9$F++OJ7VApsSnGmwC4pwA_$)lAFsB#FCfMZ@g1IEUTk0Opxan04Rz zPZ+Pr?eXDxcaItC$y)Q%Lh$zK3XYI-vh8{HqBa7Pn{c@`!iw~a+ubi zln^a~;cf163srQ@GPoUHuig;sLb5m_ zY`%LJEVbrmcnMWxqE7;Qs;{x*VN|c*L<&8O5Z*y`u=-S6fhTw_yVv(>IY3BI=<pvGh}JQ_Arlti;a~+W47>-lfNAt4#boHO_fyBk?@gr*nfN8S|c9^G0>K zo`q_(_ZE+zu|vuG6yuAC8s3S7a@%Ph@Uau4|D+jd8i(SO*w>9YNPpZkmow9Py}Whl z1U_(Odby_Sy0@$-NA*ljby>{Gd%*ym6IQ2R%7t}?t=e01Q)BDxyYpIw1z6eI@^y`b zdAW6*8gl>RCQt)t;PI`{a1*=nWRiGv=jqwJ(6xjuz#D+r^)4qF|PPG6`Nmq z2F*IOw%UB%3cTKXg;jTh)a2e+K0+;NJrr<}E0Sa!P&?;`0(2$5g~$a$Obt$C zs)6Sc96*TqZKr3Lv13-KzQ7VojB%0l<=tdfi|M50w*;S7-x4N`lG#euy*V>2Z3ZAQ zkXhV_M5`33;z7XeSzDanah@%9;*DqS-U9|x-Fgyl*U0_r?_FklRVY;`R_8wEW1m<` zwmJJP+I$DPI5J{9%i#~nTHj0>Z)!OY*Ev20b?5dB&Ds>rlEOr!q$zz`qYDKnm-9?+ zRM)XR{59+7f(FMWX7Em

    +&`&U&o_L5L2A%KdUs4N!cuhgzPTy4_w- z)fL}J0fh-KBJ8+2!f5w&JJl+9J`+|w%;~4IAjFD96{uZjCjye-Tmsq00K~OTZdsl+AV=eni%YGmcZQOm8**M&L*{xJG-8-srpstu6v$t{Rk3& zV`HLtlYKsREq5$YSr~^e2)5+2Qa*n3JJULHW@fOlq1_U5Uu01q5L&K?4hH0-MN6dX zj87Irq~ldk%@#jDP{%^gg^`Dntk|o)e&>j`OoFMsGj1sPOugtKv!>nNwh798LjR+7 z8bk&iw?tv1Gu@TxxV|NGHonvk>=6--dUJ0fAqA9Lj^Rl-es5Qa5Ei0IhqIb6I@3vT zwjnGWHz&Rur~U#maJwO8orss=Zd~#`k{6zTw(X(%d^`0>BI)FxE_`T!GgCF(BJbvR zqYpl~4Yj(3wt}(qbpxwx-}!~#?+l$}J6g#&F<-Wn|Ko}j4p3sSuZRiW-`oC2Ll~(3 zN@ce?{&S@J^~4}3paN=SfIj`NhWsBVDgjkMCHmZZ|LBi@W&#_y4~H zh`)R+Ky$w`__ytg4_Ge^99*RCeTMF}V;{hh#KH~!6ZJj||6lC;X#8#ezt#4Q5CV!| ViCX*;*6lkvWh4~Di$x7U{|6jZFJAxv diff --git a/docs/img/clair_ready.png b/docs/img/clair_ready.png index 3871218992a78b45e1595b09716d80e1855cdaac..fc2845ec88b170f4ba5e476f68013523ae2bcc79 100644 GIT binary patch literal 59334 zcmeFZcR1T`+dqz4t)g37yQ^hfFO`)!v^+p|j?T7c58fvx(dg+K-|gCj2*b7F zu0$scrE$R3%5w;IT=x^Sp3+iM!9=7exT4>QJ#T$-g{q67E@9iSZ10AjG=*cd#kaR-CT9u@p+#Zc^W#k^SBrmg7%L zdv~ODn>UTtH-Nkc$1Cd*FC~|-t7ZN*DM_JURcj)K$dmP}#kcdNoOJrLi-XO*A82vM z8diKfDe;u_-9+I5E_?sC1MU>)c=@h|msVdq z)B9s-zb^JAXrT|KUE`Wwu-q$@e)8v`Usp}v;dFiap}j44gx?_I3U^@?(>!O%%y=+9LySL7$ zWN=)xCQm;z5+Qvr$Xe%CFO|Ibwm@wNu<5g{owXBv>)xI8lV6*-{&c~2FTW06)DAZF zLf^yhHb`-kO%Dg=yhtB(WF=FQxfD`MZ&t|*k%&rZwj{s!;sUi6Ws%bLRdTKx5q?X? z^x^10B@WsP!VfQ~%KeOaEx*!o2pha674#>VX7UDld%MhNM&6-ZJ(#q{dKSKs? zRenUP(yIQ5K_TQNZP?b8o8Oe9Ki~aMf9I*)XZk<1eo8@Fv^VHGp1%J~c1;2xb? z$T^RC1_jExwv{>H7OU@-po_0L$T+z)p0PfD>U>4={+0Jnu3foW#qdz6=d;Xrs|8qh&}OxI`&K8dP3(5(Tbuf?m-}QiuI67GedpM2);ja^vQ_6}bfsR2$ix+3 zl&wu}#rw&`$pGg&wd4>A$W;i9Y}iRi`}|iaK)Uz&xD|y-yksfS+Bu z+ukVnU1&%TcpH!+_v}<7NBc6bYeL?Q$F|H%WO*?jSv#N9^47I73LlRNtV=ju$IIa_ z;^S`sdW@n4JK{}*^|{9%c^)w?jFi85Cn6)_D#DWDEut^N zV@v(!!JDfDxLsg26F`*LLNEO+akUF2(eN|RK#)}L=8LUih_-*q+(u2YW#8+&oBN~Akk|{o^&Eleu7E|?8P!a{HkkoR? z%}2pDRt{G|m57B*Zqx|cBgVFFNs=GP|3yD${3|rcyTluc520^=@H_waa+To3#JCR} z`w%(kW8h=#ql!JPk*s=Mspz2CXasgYUO0(~VijYNVt_J)e-h|2>I(c6uDPzsQXo@M zFpxSRw?e(LB6K9wEfi&D4oj_%HhWzkZ@_pbh z0r>Kx?7Z&;>!%LHAlTgD25l!3CsT zGA!8>B?t%Y8yei@0G98}30L=kkA$Rn>-i3h-#PwH{hX=gzZyLhp2PmrtUbD&EfNzE z(+=bM&XuGh_B`N&SFFH$mJcR3pc3mQH9BI7ja=01*RPIV5v}}X(_O~Rr7oDfEDVQf zfTxOV4U_l1?MD+)DdoCyLbS|(i zs4rykNZn7k|KWkmeVhi1x`!H{x_<|F(QpTSAHsvUAFOdvL;ABw;@y<#RFxMouVf!) zU(}&w8qps$%p=gzM;!iayA1mPxU+cALRxoe|n<265* z0h=i|Os%3wvWvqWIIwFrIFn^)W8i5BF4wlGcJCiDNrpl(+1~D$Mg*{I&{VOi4XC`R zGSZpwvBgDXO0R0|Wchc0h993F^G;;&)=`eM1)oKNVns)gdVlO!_Cv*e7jd*nB_2Xv zKIfG4(#m)qanE&lJWC^(kL2iN`m?s#x_AMObVpJlH*s#$!$$W^<4i@GMuY859~ReS z@12z0gq0;2CyZ}Az~0(q6Cm(!{unBnG~b4b6z*sy0`-AV5B$V>EW{V$iu0aD>g4L^ z8tvM$2czL8<ITiCr^0v^n&d;56uO?o-qDf@D zCE4D;uw1FE&WMuQ2&&KR_>oteIA!8X$#Rw5Z(Dss7#w@VhE=fhELp1G-(J7Icb&>b z%TyET3(+B3s(PuCUS`FkGWIigg2Yeptq<|K`UOjxOj(>6-Lj(I5`>Ls$rYIKhF_lT zDE>zF%vhOV;?u2&=9p$CVT+w6uja12l?~gd-h#48fVAKEvJ+9f80Z2|g7XAbA7h_o z>02PZF&I`!XOP#vFiz2PbZxo86jvvNvO_of@XTqFP+KqpbrQqn*+mpHJjErBkhH=2bByV(`krYdNIq;O|QzM?z#jCCKKYKHXgX5gu71O7_Iz zt@MS-8MA97ExWLWsS>6JR+m>j`T4Usa87gf5YPo(-FU37F8c0}H9Of5-l|qIE9vqy zX|wln^<@TlM|(){IGVivKIMGoSHlQ0G9|K?&z|V{l5e2seD%f~NZVP_oY`$0w{3=Q zhhDqU#!LGmA~IU(J5_jcLKI)V$Fn`X)S_TDmmFWmo*aq1u3Hr&H{=t-l4(n+D+Fny z-&LwydCBYWA^IWJ`)6-HWRvi?l#B6?8aO%c>;e?}Hl`q0DB^UZ`@>)p5rClt;KPNV zJs~5fyrT3UKOD9xcxn&WMxOj_;Mp{IYP)N&i|;nOis}x zxF|D3_t&|z%|j*d6AqRUnvbzwPF@L`a`SJgaqiB=fu|izN0Wwy@;7NdxwO|r{-^c+ zYd1AlLT#?iLFZhfd|cA-2?7-?8yB9;+QDzIu>4IHsW0ZfULJN%feGf-d~dF~as4Rt zZ_8QG|FfD)nN>1DzvbmtL(z4=6;eZEulQHNkcCFlU72&KzbSt8 zKcAx#S*YDjj#gyJ@!wzcibFja`D~=A_VvGs7wFQpx1b!$v5yp>1NVeW$=yPWjFKI zC~3DOG6V&=hAcyaEM&Wgag7|?8c+~(9w}h2k}zNA+G{%N5zhSW-ubeG%=2a1pz3fXePJ0>b{*r=T}p*mb0QXTp~x@Egb;cjJ6aHWyLcnt_udzwr5k zlId{EF!Vs~Uif3>CINH0Khui6t59!)l27B%Kxd1d?VGnftPCYJ_PbOm!KF+|4KTFf zTHK^R8(I_kEf=~#21<`)*eKgmAD|CzfTb7jCE(Q5HECPmUx4ug(YnV|1^k8oy=ga$ zet47B*GxxPaL~Xw?sK$U?{asZbfZ4}yI5pVcIBQW? zc(|QkLa&z$I{(!r!=>7`7)YFK7OYGkl{PRmpHUvx=7Dg5gTM|J-g3}DH~=n^7uA?G z-Z1OmZ#+L!KMHWp-S_(}csp1wnkrSdku9)l*(JBR42f!a!T(C)*=|Cyu6I8|cm$Lr zU(RFBEBCXbmhpvxp*>8J5c%yIs>L@?rY3fR)uuToR6c%h7Uu!qm{?IDR7nP4Ul}rN zWxAYrk_2`p*oPf#4C}3?0;8O!9J7$i5{C-qwh%5uB13~@m2499<&##5T8Zt0ghM~P z^<+R(5(;SCL`5>u0i6t80xZfF_P^&TT4*gevMh(_N_rleJhcxz*e1tL84{yTx7V#V z9uCXMFW-Rc*RJ@o#x0&}#NS@6kOsRL*`?_sdbm*o`xNzgq$$WV7gPH-K=JM%>!u%Z zCRjO@X%89#QttWadN618(1OksKeUnsX;*G(S;?(HGFOj;!3yE9mliLQ@p6VJ6zC7E zM{%ME5e;;)%Z|w~=9nCC8QAfLP5^QA5~x3iE59Uxk^&V(c_zi<3hS0jX#bYsz{(Sv zy%#mTxkAjdLzVT*A9265aYJ6@=1f1J*5t@ka&tPI=0)c^8H9P}0+qMmB(p%RbLcE^ zrq&HJ=(Dy@IB|Slapdlo8Gs~+9gcV=j#XxS!@d)8Fg@ro!IL_ATDOHKdS-y$vycdr zCdnu9G(OrTK8_>!mOT&{5BbDg;9?`Br?c1Xin8Y;Sr&NMkqo9ztrjm}UyKI1#Z*ye z78{jk>NR5m1%s?V<(FJCC_FK0XycQsGa^rW6M$uwEkgO}8QQx@g}-#%3HzBeZfa2} z{61zteJc#s)=0yrIGP{FsJFAp7+(Ad<9TL9XPL?Zm72Gfk$5)ZpLorYx+4n?47gwV z-E~dHSILAb<|hgxN2T2O+M8uR5!VJjQ?T&Sw z^*QsE!i-)YEb_!z@^~`{Aiwo=b5%mFI&luje2UnwL}w_vw{VhzmZ)FBaB1ceSejO&7NF$PLUi@xZ0}&|7t19-YQGb#44WEwa3(&!xWy*33I+dC?g+hG+_<`4PS6|F6_{*PFUOu}tbjMaC4?F} zAQ=_)Vl58Q-|aIzs^a`DiX3afOXN4y5mpC7$BD zOyI&ks?hMzDd}oECl3$Vx^{a$zm>p4nfl75#YTr67e?OGKahm&58@BTeFR8nxldIH zYTWt>vNHkfgT*WGV(7Lq*Kr<=lPGU%3o= z*j~6*qT&qUJyUU&LO?~`(-wDQXq#m=ReDsze1dEZ2!qAfs#hFs%&o{Y^uJH7kC-4+a4HeBc`wD4L{_Iq-) z+FsO(1hu3ju{y;xoeQ%LTJ2_%^h31D*oLBj&9hw)7x#~mx0nyT`a;ZQFnbL84@}Xh zJd5ShLZ^l0`3qxc+nL%Jr^S>Ta6@@cq2B(%8O)3?NKY5U>kR&a_CUN*9+qvKhFkQF zlvsGZx3P0nwnx6A&~};TZMON~+PI)2+w|tfG;Z()@pgPYl1&mvnbv_)pT=2`+Th5wkl<4GCvr)aCZeKmm-ca?a4SY z%=-XCvCovw`|NH?2*poC zrb{h~fuo+t=Pedun}lItpF~5dFLiJd`)2!Z-0{U*Fu#Rwy8|BV4yVFwy$ON+fmY2J z*TxDF4ry(B?~UwQ9-`udr**0@#=&_e9$-1M>r``n2|csWf`u#?vP)t1**71YoCvK( zdbTv{bL($u^x3+0m z5nB~|1Er7v!;3iOLmSCA-YLX;wbmFx4p)nB5__FO;DX_4$)eNWr~q1Q(;%eo9#+Y_l7#kdcf1TEUDy8N?C0{{oej9WrXpg$z?PY zJy2@IoU~?Y5tm>ny>*54;6&C7;5Kz+)wbx9k=ryMY=Z)ItYr8#N?KrI*#jqtE|U~Z zx8ByGTd@Qj9pEzNS#r%DNb<60zqPwC9j{56{0wb8dSettJedhf-W)j;BOv{GK!Gng zcvI&nGHlB-BxfIbwpj73GBf$?UaLQ?bcFQh7sG2q4h6Yr)>qU?=C(GTET)mWXEC9f zEx@H9H^6FC-Q*D=YOQeGq~fXuJ5lus)Ef_%65ZDmt^nN`Uq*Cf1hX@>e--hskkrH1 zb27<>mzj$$2}!u`bo2OerA$XF3+YZr1GtE#ExH;IVK&QcT2E+j(jGo1=4v{wmfk(7 z1GgMvm=Rb~Y!f;YKjW3`6X+Zac|HAjx)D*(u*L>z`j&MGpwYUrz}w~_ml57|Ineb? z4{VpIt9=D|nJ;$+4L(Pd9#nhK*|v+*#Ms`Yj={1EfRd7^nBdO8ikK`s+GI`iWVt(x zYn_#Qx*PpR0I6&1s<0a;Rl$b!oL@`R&E#)8w@rPX!_6ltjxM0t8F14_7ln2uv4-I{ z0@Xek3Raf~e+@m3hzf_*T5WGGJN%)#bs6_#tWD@P8;cKo!p5(Ed*~_E2E#qN7ZS@c zoy{5>%9YIvgBtQrR_bAzB~9A{G_x7%ZL-nM8B}jvnu6&fO_WA)MwPAh!AxT(lY~O1 zdinmq9~oyPMi`OXYn=lYZWqhk+Z>+;n^0K2rl~kZ9GPAVE8MqA{?j}o;*iq#Q`_xTPRnl?9QHx^MB8xqN*?6e%e;x=FlJJ9s4xEjde- zkHw|Vv0UCKcRqo7`#2K=92X-)YOgiP_8nbc!Qra1YXh|vHcJFQXH3IjgwWIZuB_jY zkP2ATM)0+b8FSBe$+tjQ^Jx|9d5~`vw!D*&RCq_=RA7ed!uK|8n?2oz35U>uEDUPp zB3@IU5uH^`*^+kQc$)Pl8N+b~E)18o% zVPX-2pg`R^INin@`aUrSwuZrq&5=GD;V|>AnQ+_9v+Q98YP}tssw@FvUib4|PAnB_ zSZ^=FI6evLorF>f69a?YIO>5@b-TM3J0_6Uez_M{4^E?0I>Nw<7y)L7SdT+b6VcjZU+ zjj5-w=QA@+#7{HWSP%|h6*#zwJzAn@`lvAR$a%9g!nWc|-jj^_OcAw7UFGL8sOym|HKlc-c!o*I zp<#>)EO;A;#SsoSbq+U%IOSKGZwNRzEmiHt&nz;zl17S}r_u0NZfuZf;!lqbg&ET6 zQA?98aB%vgCwO`6)*KX;B0^o@iw8m~=B3m~x<=5cFtC%GoX*u zDw(}^btM;;BZMr8zgZEGmM5m4$0i^hta4sI*7~_^$0|WYR2!JJ-dMkEIj6W54_S;B0 zh9Ii`WI{@f3>$OIuojQ}K~u1XP|jqa&yS8Kg=50Hx1*+iG}DZr*>24d$v;qE63&@4 zSmeJZcwp9AH=&aYC`?d@CK_|as)}t7gYrw$EIbEK=R7mIigE=d#LGkI z$&Yt0u0VpXx4~l8*R|c6jv{CA*2>puE;LCDG|^vl2{mWVY^A7knbEpnAS6c+*vt|{ z0{HgH9hI+{9yZcVOjlgViSI=owe}0tuF`w5T*jHWjYU41By<<(pXGYj`#NLsD#@om znLU0^m{yid&7mHjimNJ2Gkv!`FzIxzm}Dxj-JlLHmXK%;JgD;oZ@*0vKIZbQm(4j| zA>^lB&$hc5G=%h*oq*ulQ3@r3X^3gr)kvSoYa-Dhwo;~KD3M^SW>w>KnV*0;*LnH8 z9#aJe<}5#K;7mEeV8L4htTUi;{0+MLhzHM&nR8NF@f*043Hb4np#FPp{CFJ}LI~Eu zr!}0gxsuPPavu;O{rH@6LgQ7g0=eTFS7z}S7M`BF(?7l_HV1u83kU0ti$zZaRZQN9 zZd0;%0|XAnOdO9g7fr24Ft`BFLG&nvs?9^!vB7E-G=>q@I|1%(a=dRyS(VmqaH*u` zGAb<+u-^X#ILhB#N8}PVuyX&H9lm5Tz9+%NFJ2zT?P^?!&0>>V-JnP@F_64JF{giN z_sR@fg39JPv_m9yT3Un9r2p#f9F)t50}%!@5Qra)w%v?m=-McCo@cByw>%9oh@u4N zU2WVDVA3k$&o;$2X&Oww#e8R1Fo*g~4+&22N83-&fq-_pGqi}`rm z52Rk%n!VBuMb4L}8o#_-lG((c8p-cOPE}=`7ZioTI z135(~z!X6meVVqN)I$4Flctu<>j`Se8vMq%a?qFfyKc8KC^Bh~V(}1J8P08nY;%!2 z7bI`bK!V*;_xEKM)E)`~VrO#TOnaAcRxKAzE0r87j3S-fUM$~}%qrqu`UCfpf{7Y! z8Yx6QcxK#!JwTHtmX2&^cZIaquA}_$l4BG77>HE55n(uZX}{Xq^Dy6H0{M}}&tE^J z4kyoCi=V&AeAl4zDpbI38G4L#7rA7~x4Q?CE=f$I^MAMk>9g*te^h#^lwenN-``wmSY6Unu* zIo=~}WT6qb_>KJ`DUo%@+oNlpb%nm$tllZY?yVvPkW0g|qu3OFNFJnMmB1_984A7&C^=PVN4>f}-Z{`d@Y6zI$jS4f>2lRghzt2z zx8cQ z&Pxn(l(}C-jB0NvM|f{bE!c8wol^7#FcY;2U`>l0S`NwZ?7a=DUb;P%@ZPn~iCb*D zTVh6H9dmb1C2vNrYLr=JlKIsrc5lr-)G|(dj3R~#=%R@$dl%|@J_QO*E) z=&4?L(8PFQ*(ra~nT^bUS@WxC)a>#?*`6NO^W_%_cC>c(&Y_D#c-8Rb!4#LtOwpjDuR3gvPaJVV zVSDqZvd;n_Xv2AXceQPv2ME+>sxW@A<2GibULEEzV+=UP^YhpEuCa?PmCoTdfqjCn z9lFb#^Y+RL_yxtU$jSVviXt`Za0L<6D(($hkdxDGG&i2G2*-nUQfH!Oqi}Q%EoXs^ zCvJMHKdAxOHuVoz&DaM8ZT#5n!^X5eaA3zh@FmT)2hOqzXP}ZZ10PN^#n_gZRE#Y5 zzQUqjApvfqoj+fDbYX6fY6?61A=3<7aZZ(fPA;x9qBb^7oS7Jz3VM)pJ1Y-Zx;?Ev zAT5o*Rpc$C9+9LE>j*sXe^}=&KGNzU9%WTwS)Ad?p6utm%N3JAQ z_pPO_zzi_B@u&a#>6c#X+U)v3tI4KcOc~&$n@pb9g$F_z-SniI*iWBFw+7+8mFEI%S__PfZni{k>Tdck#R92gyvkZ7SFVAjy@fiAuneLNL z;9~>2`so+RIURAiVYaEnli4Z|jK|A|>j|3&d4GTE^3km$=GyVu&7g2b!8DW^9EBR{ zW6DULJE?ZL#q8_fZkOCN)>eF%B}mGvW!a2@8Z20*ZIOO&@--b9i4XKK`L`Wcs>z4e zIJDEP80OPOe6Sy)DV8WdtJV<1pMG0J0}nc_(p2oez1+bPmNFxuSk@sN#^pI3G~eVB z*l#^5N*yCeQ(ld=@I0M!!-Nqf5W5!}*J&ooh4lwwfG^(esed2ONM#W4r8uALz8|hEZ;n-M-?qLT6}Y9XaC6;+rH+*B|)R$=uq5lBOm%MPcp8u&$*$=Ol*?r4$n1 z@~B({*SeR*pgYCyZQdAH)e4EV0$cJ(h-q4nzW*? zI{q;d2YT=H^C6$?4a=(;Zw~h z&HVIdq(p`DtXoHkSs^dRkcs+B9K|$=g_E1 zz-tu`cf(TZC6deNTYzoIEa4Ma@|5GPq&1*-P|J?3ur}XG6&>6q=@23p98=qDUPL6RtqO>ySFAx!(ZHAaqE{tTZvz zUD+nQsee+R;p2JUD?}-rO5iu7_jl-QK;x}nP;DW>LtZI_liQd&GyQ0!SFHDnoTNii&X{dh7x(6Pq`*;FHOEx+Tzr~Dcar0TA$>dr7r0dzx|8U$<@Nw*KDGV!Md zg};6qeUALkWby1r2-S5#-MW=2cOhko3E3DO$q4gd2&}2kJS?J%@N=IyEuDH6#M&CF zvW|xeD#bO^SQ1y=muI+J7aZ*?E`JCv{|1TFy;Q|K~x` zSvkHG*T#Q-mGu8i+HvWua9^1m`RUvW<-cYA@4cQcivJ!vWKH$yWe8zcxY^+`&t%-u zh_%)#?fFIV|DG;@oARGOvazs@X>)iP==hk|i}D@6J^$5^ zVKe+D7g^BVLjWFXIVPv^fc|NrDhHGh8IXk~U!{=o3p)q(#s>zI_wt(@+gH! zE(qOW{p;!zd}l!X$Fng1O}+1Fo&oU}Kt$%lxgO_V4@&jVMgrkG>5~8Hfd1iZo~55P z6}^MK@w)xD)lG`eMo#!INrV2T2k)fLTF9<~yH_9mZS}KmkADRbe}l*wm?(X@aB;&{ ze_Q=5KBDwB#U!pY{S6`<3;&p+{{`rOKKao91?WFf?*9Vxd`J1e7WDr$3+iHmdH-LS zSE|0qk`SPfMcQ)tc9Rw5EHB-7fn7lN^k>JkmJV(|R)26zEH5~>;M)Z>ukB`H{rJmh zMf_?i$OSS#K3yiY5_68L3Xmoj@oh2GWmIw)t_X|Uz~*wUQE8a^Zr^m&AwK(HRl~c?LD3xo)@SALe5rje% z{VSbd-+jf2rl}17P89yHtz6}4z0&_L_xLPMX*jNM-BVdpKY292PiNx5E6*#I5Gl5w zm|VCzK5iZ&Imq31OX%x&HoDA-BFSW4C`6qZHdRoUMWAsT^^kBfiKOz@)lYeh-8w{7 z8&nSr7RS>!nLLk(a$+ zpSBcMD;i5XtCap^pllC62>@V$2`uAU8$QVXpTzndY!Rk5q#LVS}Nw|@NVqk&qd z23C#jN3vJSh>kT-aqCG|kD8j^ekJok-K!dFo5e&gA69(0AXStG!~Wu;$IZlqhMa`J z=ue;Y19al7fiVw}%`Q)=@A?pbQw)hCYiuG+?J>&HAaIIW&&FigP1*e^++;zd-qt6k z9hv&ckXm?=_jqxG;GA*LBXfC3BzP||xwsEsH?uN;#DYQ(GodM_M7xbU4J#+E^-hEv zta4?h`?bikhP$IV@9lE=onb(E9N{?dT`dN8bOqf|OLwaZ@^POLsmgyeX2i{XSlz9> zZ~4#b{{N>oRCJGMKy=MgUi9RY_w-u}I*i-(SG^Tq0l^bYGx7nMl@A@EG+;%c;RTup z4~qh6xXp)DPlyCVlKRmPRfLoz0&{ywfWO4M%&;NEleF)uFv&an+ zi$qVajTS^L$UJi#x!}jgNKJVGwX+-t4a{8-n}12_d3l2U>Y7ms%F6j^xdDcyfhQ(D z(kpH{A2I{QY`hX=?%!{;ft}LC2Kpy-Y7A)4yCQ;&Gh05oi%)Oee3-ku%`h4vAWdRE z4(vs;RZXV`*+n9JI^*sUip&mOHRrSKvlOl~WJO_@(h(wLf13K5 zNcWeR5>5L*Uz4h>UUTcdPdd68f5XsrX}~jwRaR?#yUL^)%bXzE&;o{s1y*2^z7DnZ zZ_4WXQQ5XleDbXo@PM)1d3~#4)Ht_re1rI7km~*VP;(1mR@&O$;5_Z4t$Fd!1&5ug zp@)=L&Jx!udi~I$lBUDElZU-oA2;clq~zgI5BmD(#ge}5rBx^Ry)v2eZq7GHSg;=1 z7xUhBrk5@O5ok_BcH^&$eOLbWpnrQXFU{jsepUW=!|}e1l$`p?2BEz>I$qFa@qAkty_rNy%7i06Yg4z2#Dbc(%%$=Byj zS!HMk^`BCIarg)1XS<%>leY26s${clX-%7|uwAYKUTmsfN93E~WqWR?1A3tllT{Fh z?VJ4k{;zqCk~DpEp5pnh(>*fFuUeK)ZGK*a#6&eTUA6-OZVQ`&Jf*<(mhbX~XuX~~ z4hW2<_(5Lso00izeLEtFDLT8gH1)Mu%+d#rak|%gQ0$MRWg})GJh|()Lu>uc&C(sd z{1b8ivCYw?<+##K!97R}FVM*sQT-KssOu+ep)8bg#ewJf?yjUGnui(s1}D&O(WH^c zp5$b#nI8<9zl^^lQs*BsQTvusNbpaxgm;dbV#!!%$F4YV|C)Y~P7$~6g;4cmcbSLx zCz(*9y2O2~r?-#esrYGoUqIOyylih`6IrM6P@JnwJUkt_oA8y5rAh{%J^?%7mvlPa zFgB?Q$mIjOjQ+fH%V7ZVy|3`p(o68k>tM!D`;RA(kHORTgR`Y=Qw>~p2)0uTB~I-Q z1*q!2@mIs?O&_PBgT{hc|K)(}s-(#-TzQa1WIiTJk1~NjOhLfeuV!fN|_= zp$?&OC;wWKq-QzGYcady7VGPuKlAZ7JXf5w@8t zBbIK%!Od-kqio1keCay8+A}vl@1SnEL12ESNN;0~?fjZ)jo3dh#zqgZpTXESG!Ani~iJ-tnn*fJk757vBTv_#JLKn1W2DeY7E zYOh6sJaZ#?BWBjDZ{42!P^Tirr)i2VFEYrdQx5Y|Q@-e&z(=K@iy~Y->h2x%j+Q5l zjc^*Ao5a`L_(x((YD0{aR}P|S5BA!aPcP5z#yMSNkyy~^mHgx6loK2!jbY-0ewxo* zEO(pwF?H5|b=*BQz7k(5W0z{D`LfhsKakU8O?TzMuyiu}ngzZzr+j_#hDm=*6SAKZ z_OnF_i2W%ORl>GPG483tHubC0BEImWI*%d!VSpYMtT|5V+oCb-#oX;Y;-wgmphE@x zGA|f`ZVz`CVKNf@(H{LfVCDGy6;_76s7$>c7F&R}I{&b|xHQjJ^P%YrOGU5Xq;u0+ zlMiPZ`Yq3g|3xmkeQ#Zl&^_TVH~!ImVjWweW%FtsD~b{*HQ1?XtZ3>qAc%15zsyO2 zi90>x0kBNA$OU9qsGLML?Iltzlk^)S^T)spm3LFG#&sY+UtoEa0n~|QF=$Nk>6x9( z?uaoSH(8e^ATmtV&jhTj||zLKaw$n{D2dLRrrJUqs7RpENoF$^C^jE9Pmg(7smL)KGFnW! zVJ6}BGJE28Ox$|;rW56b-9uM~#nR0~u}8K3uLsnNwiSL1J9#+^PQk_3x38V+;}5CA z6k(FVuUE;>_>ireSKqY^g+)d5WF-|;J$x9gcq^-h{?koW{{0(@Z}3+v$m*m;#S9aE zY-Atr4o|q3_M(LgZ7}ZBdbKLbW^Q$l+@zQr{da!!HZ>;)@6{^s@(rgZ#w5b-87E2)GrGxS>it9gc_9w zo4GC&d@k*vTIxFV3gAP|E4~T0`Po$(^_-7Xe;S?$5-w`dxsLc9{OI;f|5#DozGHV_ ze4@;w=MPVG68xVxcA_%#4tph?MrZbH(ASwLL3^;}MUO;QV&>4f*TIzNZg8}kBAyot zO#C9hAePTI1Ub%j^DAdo^#O>G0K*9zIvAZbAQh)jg2e8PdA^iIbBTS z2%cAa)w0GXIDO3hv|79SsADrICtX#AKc6%3NBKaGe9sBmOb~5gZ1Jj=D?}-t?ib%K zBi#knZtbj1;WAl{J0t8C#$TeJF5_5b6s|Z5q!-Ps^eQ_=T9}Dql9aNAb(M8fISy{0 zR(O}YjOxZ;NGXe`?sORWW)haP6p@;GyD#1Q6?J54nNt&AwfJk{o8wm(PU=gX9F~d# znH%PkH4(N<6Kpfk2NtIBrop}9gSpM})At?CG*b7Hp=X2n1%+}#5ye2Qa69B z6ynG1MbG2>l%D-_C$e=3bAsJmo9M3dC*d-aa+3{D4Z2-h&;o$+9%WhRY8kV*Y>N`r z;jWldD{ra5HjOcVZP|o#UB5_(D(aE;Zl=)C{1!0J#}!cCWx-o!VyIm;JD#;V?PlDL zE;B}>hZn?S61>}a%lnxD54JseCrbr}H;P5|Hi~WtriU?KN7>VbS}RjQVY3p>_km+PkClP5yEKn- zbvqq3Eq|>P8fv;>+Hvcp0wxmr?e>S^1#1n)>wW^ur==%uAE)Cyc3Jw>wm0L_rYy8` z?RkThzx4RPaw6)O_%`cAZ`?#!NP9!?W_9*Jfrb@WXp|p8j=`xB&5Ji%l)%(dg2GNjGAvxC-77qbw06(72nC^kbtnHG=TH z828!hcbUMw^ZN0geLn*sHK6u&F(P`cM6)*k`_rtT^+*+S!xEk#ADAo2xJ-s#Q@`(} zPDgRWU7yj|yUwI`DH zuEW&*aL9*+qt~==GM9lseK9G6cv8i>TSYlA!DFTZzQozCKkL zw#)R4cKs&p-gax6yE}X}^}y?6(CSzu`rgxPRNn#*=wzJ~qO;I6{e6uh69If$Ir28F3VQ zh}!0xy`KBW(~L0)TyD;iz=?7zXKPUChAu4(3fWBdKlLkIwozA6VfRQxw|KVb@g{IZPteaZMMUWK zqHVq=ysRa^QDUU*WwOtohl(}tzj*2$>E&7-BrYka4yON|dx6)H44 zvkG$1w+r2EMiNKl4Vr&8oR&phOx^cVHV{4rmOYSL+gR4n`bGr5ZU60+SL!BYLBWB| zgsP>9{@To#?eZ(&Jz0*)i{0|u`9J>)fMB6J8?Cj~`eZ+f5__Te8-!t8qs|!tc}kL6 z`aX%T{Wz+3)UDBh*rjKYeWZ@u30VK)D){H2jaDW^(|rY!so*P8KK*EHZK}BDj~$ro z+|z9}G!MBv>n~JE1pTKUd?L;!ET6Y zA^~Z#mZ@^Q;d=Jl#6vY@9yFF7+jQhDS>oX!U1QoYThwoI+BN0RK_n-DY7Jb^UQ>VT z6Z3#y*8@;2LDe`4aPy{YCZ=5=Bk82RXn5_hj#i~R3du1EM2v^Q9&%OJJPMBA*B>xkpBipc(;pm0jn+6@6ejh{ z&!{xh?dVg1bw|X}Sc`@L4^(KokZLW!`?C{W<+%Bw#WVhWXVRT#2!zJhIp>PDgP_8m zMo@E-i&qE(RX!$Nrv!jt}3h^G!BbdUJ@W@6w9uyQ5x%DU4`b zvm-5=z>G1GO4XGYpd0P4QWZNCwW{d)`9M!x_1z=`*8^Op^$P)^0>~OrI=h|2AKzE} zfMTTqcaF2pa`ro&wYSQ@Yme5Hd*v>__HGL(zu~`PdfPYAqhF)+Xhle{K~%ir!LhEh z^2$C%(=}DWeWo&%-+>=G>-X~+@lK0`DvE??zdgfUUZyIqdBbb>V{5rb?wj|)8M*mzZXh7yJCLd_*X6Wx_brzE2L}Oa09atuq3oC zTI<dhotrncg|2LvQ!ht-h<1Y1FTI{&X|vxSJ&?ts z;nPiG>etx=o?_JVSEpUy?65^zUkqL3zk;P`d>I-W`lult5AF=~fV9ao&Bc86sL&9d z<|*Q}Ph5Vjrte%2%0fl-oMtN4W2mzYCd9od!Ps8_H`&vT`{E5h3oF&uamlsW0l6`F z(OLEol1`w!`3iFN`Wu>a=)*Iue0WAC(+@GQ?$?u#qa6BP9(C7T9jWzeT#uxw@c@J- z4fgA()b>WF3<}`+zhil*64ws!7QIqVlPGVN`gBmEvzm{aUTSBe~ShHL8e&xfQ z1EE&$aIIfuu4ZyP=^Rg85ebQ+hiOwm%pxRQ;C_CRq!V{Ri=(#^{~u#t9T(NQwk;*n zA_CGP(j`bYf`Ei{cXxM}ib{7k3^6ctGjz$&ox{-GJ=DiO=iTQ$=e+LU{{CAGYv#G@ zx$a!gYH|fuEk=z6OIl_?pv(^E`U~}gs(U40J|nx6A^(B*xdCN#^0NmXo|>Kb)6hZ6 zTLaLPfPP_4&Kvv&UQcI=q`bl}_bC+}OGTR2gjTRoWaY?JUPrpW;`VVCL+rHEIdz-=gZLf#pm8aX#UGJNaAh+fD(W(s9dHtobZ5jXEl7c%`3I7K*YVGH1d2hoX z?q8QaEYY5cWOMMjMIF>{6B2`W6Z?G~8o3vW_M<(QUSPekSm|ATtnWsoiky9otvPng zv}>>{P93aO;2o!-r`;P>u6EdW3a4r$Q45LxuTH?f{rOl0R&GUIcn66mXt%}7FBHkD zuk64|*J)60ZP<}umT!>U-H60ScDze3y6qB%I;-4hy@A*XZ2goMR-M0K`-zUdNy>v` zt!=vqAJN?{T$(75zj?-yFOoOZJ|9QJ++xceY4eMO;QYvB{qh&;9LOp9nqc!aWI-}A-L2m2(N`_WdruF1P%6n9(O z(m>q@7En;Cdz}_CcYV9<3C)_|?VNUTu3vac^B;RUMXha+Dm5-<=gxW#X_W7;fb*5%93Z@XIg#W%BlC`95&!?c=xxr>^Y~{$J($e?r$At;Zn@aeX1a$iL`; z{fqk2Pk)SSG|r_l{il;TV}aiZ{-|TD1OHja z@SPlLw5oV)@BC>(e{sdb@+b(BHl0df4nj@gUp^A?uf&d{^ijdaFzsfu=t{d+`3NlY zmpz}xYkZ8)!rH2Bem%7D0-$1hzl!GtyJ1v4s-kY> zX8ts%ob_WG3No7RU0Y6uyV+D=TtE*F9V64>XJ&Qv=Z=e4{`k6idu(rNi7G; z>!q#gXtdYBlfOKM=U;3;huyIs2D+=mgPVd6r9iFzz*Beh103@L9&whjxyU7(yYPHizJx(d#U`#U;xE1Wzbxc6-QyG)o#V^lcvOZ3 zy>$HX7KwMY;PrL5Ob4%d!&jVY{^tYdQ{=@8#~=}u%a^W0&q}>l>Ka$!xJt{?kDg8( zi-bd)ABPOo`Qq>P_UlJjLpTg9EbK&>AK5_@gx4oFaoQL8e>Z)ol`g$nwW*uY-0beA z+t@QH8`@Xiv^*U`SB*=oUrx23_5$vGv$*J|#fP5__!0YWg1t7@6VLn7gBNyat6TEe z6#{7=tv|~x@F&>Y6?QsT$32)3Jl9|w!jQ68FSqD7URYhP#&~JftIh8^!gq0vu)k={ zO;c0i1j_}3^bZ7Y@o)P1$v0IM8^!pAPe68%#zN+1?v_Z%`YER~tuE@$zL@7@e;1KV za7)?K)1g6!dLEK;jm+~qKofCBfAqD2aIUfgII8_L(jkB$sX$v(GdmArKY7(o<#Gs{ zO}X!#cQw8yYdrsnY^w#ASqC{UFQy)hW_`BXoS=typIe{h<~O7yWsvY_Z9Y1;odmrB zasWl?PRRiOp+ajO9lp)N#*~}dhXNQbu(;~cc5zu0j<$Tginjv3LA}aAvNpGp4%-;= zMIv_`7boJaUH8l>g5J?Fy>jDMP^c_S?u|><8H(V!6^UscPTV;hrVTkCp}=Tf{mk>U z*LLS36**rqoP0#N>Oi?&a@l=nQheIJw?CvBmXAd2Jv=-KTw_fEZ()VEZt9)$QTqr- z?9PF;IS$=JRT>|T6pb6Pr@lB^O7lFu<6p5~KQc^l+kTa%Uf(i(OQL96;U{RHjeSO1 zmbo+ov>YyK&=%In3%l@*i&HPw%w6d`1L*K7I;Nz67319jUuMZ0`wO}YdM%YAfZpD| zu40$`wUCdY-wKD!==m7u(3B*t@0fi07>e)yOUHJhPO$<)Q`n1jZP%bg zZ)d*bZ5?;xQ%w^|p&=tv^1F%2t70?`p~fRsJd2U*y{VIYc@bfrV7xaC&*@Rt3mw8|~ijvK)~2<`%$*lQ=!BFCeGU>&%R zvvPPPVqgmM=(az1*zlF%pqsJ|c-)g$#n0*u_MBPjtxXq;5p{VhDujC|R08MA%H3JR zu~O2QYMddobv3;J#(dVYv4m-sIGuoL=~R#<%k#vNh+n-lg$on=-08AZTD9VkuE2w) z+*ItV+e0LK`#K?(;~Ac*J-IsESPr4055HIp;IqFj;t!$km~-|fKDZly*rxwMEa+Gr z!!OORr&qdeJ#7iC(sey_<$`x7(i`5Zwa7YSK`%AZ)UW=bEtN`|MGifDb01CM(@dRH zRhw~T&G$+iU5j*ys=RWXV$Cfb0&=ckZFYbm!u(dWl9r3D;pD1I%BUSWPUz5-V$Ypn z>=0|@C1P6(m)a$hJ@0nP*SRDey&CUd{SO87EE=)_b=b08zZr(tXM2nVTy+&LS1lt* z*c*nNlxV|~(sFUR)r-gcnjcSrD~$bcIg`6UQu)#qB1oLR^34UbP_&K%En5fmXEDZr zOJId|Vy?qJmt~bo_?dpiwfn|a)wpxykjEx+5hDNnaS6kO;vI`!LC|!D^K2T@mK+iO%ciGuE)%d_8oE;VH2=*9n~}W` zT`s#NWc)JL5j}Nk8p@B;=6YpzEbr=9?N6(ZIQfrA`u$*7>7(Y&c4X^AhLcr4`SXFG zy&W8u!^K)H`E_s>8ASukG}TR-JPxocdEvb2B%(dFW_=FPUT~-+n6b&VOEk6UsPp!m zZIhh#3-iJvE)9#m=Q_Lo%sl8g8z!jaax|EzL(##1C0~C{KJO~6R;E{jyvE>e(Y`0V z-NyTauN*wngiY3jJ^6*?#u5@6dbY5U4qDxx*iD_bzAZN(ah)e$0Lu*vHHnS>T8ta< zDezs3zC2Vd(w?_pC?%emY;9QTJKo{0|A0EzaB17N61MA?H7bbR8hM^c$Z_L8O>erg zsQ1+8tM@Ro&n@p|i`!wbG9QCyn}Y87pdNz<&%ly2j&~-xLc4wf!$ZDN-P#2&vnJ6J zNtvGc%mX&rh;!ua++8>|o!tZWzJtGv8@R{s(CcICeH;O3Zsl8}UG5j?K}r}&ag^S* zd>i>Lf0@W2Qa*|n+@s~j8|zjO)6pLX>OFf-Ik4neHuhEW9?P#OwH6F7`8oVut! zrTmK0Rw3ub1tAbt3O-mfieta^()IVOE50XNX!sbKp#?JHHvMu(MuS7N--G0#yBk-m zEvW?tYk_&L^sI9ueh^x1sj3(2=Y+O#I}>@F%35x`VrEGyDe=p8Z@Z4;wvOR&${uTM z`b^HGc#%cFb6r3!eMpX(mB8qJ^0ph=Fj5Nid$UgB#A%r=ztqsIGn@QgrSPR(>Wy%U zoAb`{fR=tT!2_2h@3_-~8@+SSi@~%M&{f;RM?#jA>|3sF7K>)ByRy{c>xYGcfrE9e z(>0^P^!KWswaU@}f_pna&p8H~eD95lN>st#JbN>r~3 zWuEHc*};dw^z#&e;0C+5`jA6%n_EBw@p~_jQjc(PvcA8zagW_dNzMDo_fjycIQt~v zvhbzlwz8%)`We`(v-x)e9p7ID;!)-2GPh(ZvXsxam^n8)9LvVBQU!Zz^MSfI4fIE6-yYJQoG!p9YZ za0>VMA;GPP^F9H5)Nd_|=N%sgy`6$DGLmyDR(q`-E`zn|uBNpbXZ=f%n%t}o@6+eX zYZW#d1BPdS@NL-82WAh8214XeUPjGDzF9@1xP^jDC9ejBk-@`I`<8JVS4`?#i z;-Np3-wHDKvGFpRu$jxHZIH96;6pcS={N%SfISbYfA@y(?OxUrqYtakT+Ks(8v#CJ zJ17`KMXk9;tMz`?MzF3X9OMED_O2aG@MoG(o@aVzk#9FYEaWzQk*jnqbUJOv7ReGl z164$cWS#hC8^{|}>RixOn0}Y}gT!w7UV`h^G}!;%V1A=Np|#X4@DN$oq%+mOMeKCJ z+fJR9+vK{wf_M+HUHg7HD3N0FzOHgP+D33as0l4mZyQRLJ2~hp%-a8JDk1WApTglV z`{$UEZxReDHjSy;8@X^XduiETT&Gj+QX+w~4MVTy zRMo3JL}r{8^@V4Myg1BG?YfpQRbz1LsqTTj%jg^#T>fj#vXG>jz>3}58KB>RPH!Yp zNs{1KtroM8y2k;jl@P0C&anya)Ad8!EXl*tsV}toyyN4D2%4E(FEEJ| zQR=?B2A7p&jB#}aKiSzKoX&R=rCv;Ov#}x89WgluSnDnhV$|}CN>k1xHIDl);)e$m zR%UeKZ%C%6TFtC`u0_X_b5LK(qNS z8Ah6-hb&C2X7f^O_hhdYJ~6RIGmBu7qi*Tz3;cdvwGDsVlPyMn?FM;}V#5v34?*`r zGicgMtzHSR*POo8J|=a&(-cl%#&~&{ebXp%MW(F617ig8|U4mr%bqZO^r#f#eFQ3dh2WMn=^lUGO*dgrY}uo-^Dr`ZZA#pe`2p?Z&W9oMjBHxt z<_!&AG7BTkn}=g#=Arn`v&eE72jjrR#tl>JQvUwU1V0i z1ypwt=|)r_77w3#y6=&n+T-V4O_=0NVHOgKp~tGF1LI>;xoq4sE`!*;+J=NsC^U`l zsfKZ*+Du}z1aoezZnKnEi=uv`W;mdmKa4L|Xw|zY!En2noO$cNTf=vTo@%c-nZH_L zFnt2s_y|AVAeQ9M&xFj8XvgEG2yEDeQy37%BH=49gT@(AIsJA@?>(KpX^V}#YSHz5 zWsJRNyo>C#{a@Ae9BXwz3iVPPR9OYj_6V3Cj4QZ{Kgxb!#Ul5MXE`+7B+t#Jid8*Y zurMKz_yI0#2oRDYp zJ{-@P)>Hr3=uLr&t$wa@=t(x=94Q10F2I@qDK?Bx6DW;*pcwr{hIcRZwL5^UIy zpt#y*gcOU`fpLNu&rh{O;7#NFn)t#)YJuKmVQz=`B%%goyT?~W2d@gQfoC@ldy8l~ z6O;GcN0AuciMdjUm2j3}% zc~5owfL8}9T-SR+ot=P7;8VR2*@Vd2<4OO5+d7(kcjPoc>5!d+gvkmGZB*re)$ z)c8K=s#zz~T>{{zcI~xOak%M%JTQx8T#tikdCY$2%uzY?R3+Id1WhoHa*kDoZ9{UL?Ob~rOz{TpDt?=I_neH}P>3}*3h(^cGwpC5%~ti;XrXSC zevT=M)Qov-6sJVQmsw9x=tL0E6$1YEGAja2?K`S zg1l*$enIxu;?Tr{UAEZhZIR>>avFH`<&>3Wi!YeZ+$M8^kQ>AU`;I~b;$s0%VUv#eB*#MP+dl*DK)1EeJ6fY z)z-S9vR2URBBJYz+#fblm&|iENNGaO{{;)OULpUo=aWO-IT&fV=HOke3F!v|4endV zBj>eHl{McD`Vj3}FC0+NLqR@pfJ(zv8)K_Mopcj|tYQ_p*i zKc2w*guYb0fT$zbtB@af%U&!3 zAo!cTVMF*X7tV#kX04J!T~)sY&aP_6hF*qzdOP6)Jt`38@)Nfjd-IrxNZZ+=NX1L8 zCN{i)ohRJTe;f!eM?2{MrIb9yOZims{g`QQN}h?c()y5C(mr3aRq67__9GeoXSwJ{ zYVV0A!SQ*1+EBr>==Xv3qEZiTm~R@JD4peUIM~tJ>#Q`dL;u$Z|HB?JW_;3Ad%Zh0 zlpjAX%ttggO&^iPuZVW#RtE`%DcLqIR9W4Uop3?os$Og8w4+8yaXZqXb+{?} z{skJ^kzYDxwscukHcb zS!_}xxG_iV=B1iFq_hwy7`8UcURIvryu7a~;%x&Gk7MiU4KA-2S&iv6d?r>t6)T-g zWU_((blxCK&5<6~bk|xU`7zB;`k{x=yZi=5UJ^&2seL196m&HmktZhZMM{GrFTP=Y z13TV+lLy(FBf{~X;T(RkRxP--m$dIWZ=3$PKXw!}6^AA!iV(K(tk^3oHhM&8vE0R6hr%H7%^+7Rp(Y#aE)@ zR{50EvEVswCs>xS);Z|O|0fvzj~zIGQC`8oQ1^iIM-w>L$$FV-52f<8!5+S-Y_V$L z^jP(baE~7arjdQEU+f6}Afws(a_0DLnSV4WaQN zGW4xy8c(sMB+uRZ3&m1Ld#02iM%uL@JCkm%HrA#gp{G$T^b~jZ#1?mNM2*oNE5;G& zT*IM5zVO`ZgUDmyB8qP7Z^E0-BTq{?^~aq#xzZkj%jEQ4f#41mOS-gTuC%wVE zn#6F1MHI&T>Dl|otY>){;m%+N*+Xzm&KdXOrFd?pO-c;H_Gr-vZBIPTtyU$Ew~Aa8 z`@~H-XAynr=C8OZ=jf7YDk8(a9c{H}PLjI+_CEhq_)gvvq{l~WYAZ$`Jx@9=PXp?_ z$;8O{&GP1Jhx)A6zS1K_Hqxre z5}IbtLPrq8?e>WOHwV!%}P`LA8#Es=ZI-nQktnnJoBTM&fKeHHL0VX@cHeT6bWg8bE(c82`H)#?#>$t*Kh23Kyc z{oarJ^eN*`KcdgGDuB8c}2?=f9}BVa`hE_A4j9rn;LLX zTiwj71v&lPjT(q2m3)GI!Y3HeD|QgCiGuF9Q!OsjUF9Q}uv^xdo6^I>i|IGIn(rjY zCAqUtvb+&a`!nB9p7y?GIr|PM;p#h7OrxEfNLCA4;BSIZm zHyaWVjsXc1JFPE5^1t>F%wNdvUhp+3K&kKu%Ou37pLswy=M#Q?hlY!2)Z1>zVxFXY zA)9p^spEX@I<#5|WsPF*>g9@Etlid|B@5~$3vBC=HSzP$#C&oQ5Ghcns-&z%Yan2h zGfr)>_xxEMYmoQvLZkphSJ^BzUo-XIy&0W9f+tmU(tDqRwc`#E|6UlVv6>f-bMOsm z*KM_p;)Tx+*UQL@zTRGTBgX`S05-Xr+YmXAbygf?qt1Rojf;Eo`Ws0~yYEG42ZN=7 ztghnV2JIk0-3Q`OsXT*xWCQcN`MB01)m=bOJA3Fm(kr zl|F^F=GJjo$ch{6YKmRFvzuYExO%>e9d9jBN79t-tgifeumZn^_+Rrz?xOme~-VZiNyd&uh7(EwtUA*%hk+)R1!9bt9Yi>Z5a;2)EsxXFnB> zo!s4T9HXWZl4`Z;ocV6m`8Cu1IKj?zdgM>vmd=0c=G{=^unk8wnJCF$8k*BP;5+smkntv?LDJ)%VkrC4&9HvWYW{<-^{t;%e)#eA);3VCQ1C}B&!Qse{h0ezer)*SiQLyzEUC!a zgd3*F%N2* zyyw73NjuFiQ%^8Ix1~5x!LPLLeMhJ)Wim>3t;e}=_MJ{yDN<{Km_45?g4@4;tsZs< z#U%%g?@|ri9gDbFF|BlNykS`wqntmfm;0@IR8U7D#wR4yF9C*|H_?j(eq)Y`k4F&} zZiR;^Fzud7yVQC@&^s8MT8>JPohRTaoSz7#O<@*4ko{6~8%#?VQ*>BYsW2XRFfOO! zWv3WiUrMj0aJjRpOInUY^wz5>+61(PSn1beNFWhFv-0FG!^)^hII#&j-=e(L0 z)54uVYrG*p^%%QPwCEIBD>p3Wu6AZrCRtUji>k$}C1g_ja`SmV&+COxXRX7XA}f22 zQAuF&6F0EHMYPrfW9L=1T_Cs1;G$Ug4|OTJw(`NBAE`b?*6!ummyjdGw;sP>Nc@m&K5RBDpdA13&eZ(=XfC90u9N80M%J#K$QssA^xN{2XD&THP+^h6^kNn@CwlO@eF&U)&8&3Z{nf&J>RyB|Ayas+z?)d+8 zdKw3zEZ{+7A_&Q{ehI7%l=jaUDTK;pcB-Rga;%BAVX@owcCy{mU$zGba5oaVm9H!tT`{%+6CwVZkjDI5Vc%Pi3g`8`Qx$6kfk zt&QEZG1C7RDgPnRe=w>rkIWNPH|L)BoT6Lci)OOOSrf@SJ{X|5j7cag8b>gEDf8h; zrqFcF&TRzm8eGx%;oH*l@KSHd&c);APQPQET{fpNA6W8bh5NuFwmF$QMuly+^sV2f zf&c+*+oMwAru!PT-07UVp8w4YK|$U1IinJa8$`48C(!v?LP70`LLM`KNIF4Ze}D1# zzWM4uD9$oOJ6bCJ=Gr=|{U3S%KgkD024rR~;g=>MK&_kzHV+x=ZJ^UrKVMA8PvBM86cT!LFNSP4y zdVgBi9%`k9c2ltQ$V5s7s5edEixIY0@#fJMt4HH6XU8Ea`hA~o-16u&;$%=FhgxF|MGPG%o=l2ckn zV7g!9h6P&AG#Y~3*5`pZGx1r7ag@VSBkZT|g2*E!qHb7j_q&T`s2dh0-|2n&+UghB zDe1PHyS_Vmo@}w;yYenZAEy@yM>u?~lbaHL{QB0-1n-`JMO4Z8mPdbTVzFk|Jxv)U zEs@hr-Y0mCw<;>I3HMG4l@xl7tM@GR>+PviiwZy&dW+?jKH{``wDT#c(FBiA;6-@r z#c2;no?!K>>DU1c$YNL1FV6n>hfaeVAs~Y6M-c^iw4ckQ#A`xw%}C8LvqQgJw&m+= z03QWOsJ#m5+$32yZC4K^{zD_y(w;y-htl{DB#6X{WwMZ0Vm1=F_XgW*<)CHOZ-!Q0 zAbK%XUuU|^roRU!i|>f%PCw1m)zvXyy?a8!Z8s6r4EDa9Iw(ay*jQgTJc6|=cowHR zjjLPb>Pku?x8DKGJmheincK&ZR)a>AQ~4WSk>C|bJK7%475f`nn7cY~kn7=w5<(Zh zesC_I;!t+hmc60F$62B|mptnl$7v1d+|R98_LmSV-QhnwsKdR0d-)u9B6}=RD+>VW zBTU6h_L+u7%X|VFUihdM`EP0n2$~CGlV%2FXUtKamKmXS`BBZg8=obOZWYB6fO$j_ zL1VQvl@UiBmRE1+NIk5Gq5ccnO@J%Z(|q>`iJeLd3&?h{*qvVIPCIQr>0RgCAWS2WG#;&Uf$$TsP=8FTQ4zf6Pfykjuub#2ft+C2GVaa_&*AeJLw`|vi5m^90_w25V4V=+?r%Tb+b5q zXw!H-O;_Y*)MHN%zuvVQmPp%|D+{zC@@4SW!n_>9eN}?uE|-7lbEb(_#s|PYYMCW1 znQ#@4O0&D^yVG(|U$>cWxW$j4Uhuc?trR0W1nbYU2v`%>XuExwn>~#VF});dK5}3U z^YLZl`W2<^4oRusl)VlOB`b@C9fpdPw(HW1mI~iaIRmznCtnUS)B}~?pH3tF98P^R zvzZo`f3p4%l~4Z8_EupxZW082C45KC>-9=gxG1{~paO2ubUKaxT~P3!t`bWoOD_Ue zv+zMCND%8%-f58+4xnBSWXNw48}V`Z?vQNx%e zR*^`ZP(k@J*sh=2sW47pO<3P~`WXf=+XyI2=zYmlGk8#Mi=H>9x0=*heMlsLRkVND z+b=)0k~{e8O2Q8ybmG1jzKf&cv^n3HI#(L+Bt#h7VO$~eVUiWhORVeKeRbDIm;^tN z1X$*#tJ}I)UzMQ4YU5#*VyW63RgeO=;`ur!!ju2d<-a-Pf4d|O_(Q|i4eklA4@a`a ztRKT=Rp*N1MH6Sm*5zF4Us8H3!kL9dk*Zpe@%r~5+edEuc`C3pxkRD2y4I$*CA{$!D0X!PG5XxNw49g+UZ<92=qCqge!Y~Wq}Fp z05KBGPZ%BSm18dQoE-aLyBclqQE%*C&~4gQ|IQU0+iB(m%hJT*m{r@+3b34rrtbd- zydt3U;1^yZ=uKMVuYs4pk)$E2xRvv`lWb5ZD$_lX@n0Uqzb+aa23%IV8Vh^5=Y9#) z9ewDwpqG{lAq_nzLM`9#)O?nD7CpYgN?oY!_r|o~qc%?e#F)JxX%Ol?pQ^;+K}TS^ zJ}fkS$3?wbb)19S79f{+J7{iQao-tv6i)xy77T4(pM#E144Z~l>_hDH(#~HIop9gy z$jMSUa~DTg)0ghgrVR5o*3g5lF9p(R5+kxuV{AbYWKEyTOUPXfim= z{F`{--&FUH%PgZnX_}qVtDJ96G>nTcvwZ1S{KmujYsse1yS93p-duEE&$#;VkYm3J z$AQvyjobTtsiQ4oE3;yrADuZrFbbh;&TuIE*0^Xfle%cgKQsky*v}|ZtnF>Kk2#f_ zTbU(drSu>28SwIrrH_@Z60lXxvjpp_+l#lndb=NcVTLH?Dw;Gh8#f4Yxy(r7q9R_7 zjXAEXpoz>LmRwaQ8npQYf?lptqrrvAdtWT%DsrUe%ZXbcd& zQEh}=omN!8Kr>(e-~d0~s4+*&^wZmheuK*Kr$?_*K&>LVU?PiKM|NVeYXZ6$R>^n& z2(Lu$@GK^t5xUwsDEd>dh_^iPNG{+h@)tCX{BPa=QwlqUPb80~MoD_j9uu85PLg)- zWyBO&l8_$jC0hP}Ks?9mz)%(z9^rFA9iOx0rxVt0@xKMXtXd2X&_0&Q%^wTt*a!9; zwzR_z&Rft*G9T}6bA4{1q7+1EyJ+-UA56t^Lz63ZUd>-9f_$v8Fc$*BlxxJ%8#B;iwn=Bh1af zsNM|-UGz?H9lKZxt_=Ps7ymctdlZ#Hz$IT+mGtA6u+idPYLm=QbT=wS1gsIQ~B{AONuzQ73p>EqMOVADi$F#JTrjCRoly&Sf}ND|?fy&hYz#u7_8EtMod2&ivx{?Vf_ZQXZ;Sri_xA(OJ!-~9QP7fi00HPjo9P?|?w?tve2>H3{8y=-vW;kS z+tX_QMV&+r;i(4@t=r~bbn6BtCISrQhvYTxPw+glvczhawW=Dyt}>z8nJZuxNNgnMIt&p129 zV<I0HFOOo~iRv`<>&Oi%DjMy}{_EWfIr~LptTj(8=1NF3`7O_tSOIbSz%tibeL_ zxz%uOSdQ^Lo8r2vu+q}~Y65`;Z-xK5%Q!Euu<7XCbUHE_hQa@KJ=lzBH3f) zrN%cizDU&`xlDd-a&JvuOY$L#!yozR&TSyI_2q0qUKba1i~Ef2%f+-9Err1QMrItVL;+Z0p;e6iphsb>ugqdZ}AyfJ5N>H0%dvHFIIdep=jG+Dk9@?`nYSa0xf zqVYD&u{#J~@!g$F+0UwkWltymjI_p=l&nKt^MdwWqw;ucf(KM@Kiwz9ym$9S+{oX3 z=V|w%u|B=)WQP8Gd$7KaU-FsE?TbENgdP}ZTIneC?yC__xi(U?oSg`Jx(5^5Yzf1>Oxb%R zpIYX+8L1cJB$-wZAB*)3EJb>bn{s?^dLBlxh{HU*`Q{jlh|I;CPVa6W_-a%pgc-8l z96R~}Abs^nLA@2CKH})ZLP&G70O_xxj))1#C|tp3``WS}KD(lRBW~%u+B&ov>B1gq znjCk?({`x2G2`JNRMaQ7f~g4swUyU3?17C-kY;T`L_x#kL6MOgcOT7JoV$FitledKJ-tDTpp)sQx8gGIe@<6^kyo* z^EF9~v#)}$Xze(dmGa{zGFlbLpAd4@V%py)=9A% zj#jl;A0AR5SlE*IDNzx>={BfR1oXwJ!ev2Vi%NBN12Hem?J~S;0L8xZfy)vYhYJrw zhSVKQOOVbdC~69ove{*9je&GE_4`o@Yh>delrHrJagzRH1OKm&RmglS+=4&5k2^>s zKDWEynwG>_(nC7lxy6^7lIZOV={RH&|FP-tc9eV%aT8Y%R)&oA*s7a+P1dPI0pq5k|0RaJ+ zZwL-zh&a{0Ecpgj21aYIdgqJP!D}WWHZk4honk-4cbDU&a)VdC42ZWzCj3tkoLG*l z5XX)jiyqT60?iT^Z~ihkfkKq*B6$K7$19v z0jsJt!tUPeA8Nc|KLgl)&76i-OWGHW{K^%bd)MwoLGy_O;`REH#b-dLq;^|uh1e2r z+!eR);f}-38VFQeZ2Sxz`Q+1j6=o?83>_lLIAB&V@?1`lf!v$Wk66F;F;%g-7U+JL z=G0E*+ibg&U|?B}oxGIE#BZkk4ZYvXOKaZC>F}wi-g)Of^V_Bi`)1)FzFExn$vc#6 zyQiegbb-dH5QZo$PL#*T3J8Z6Sp6B}WY~lI$X+NUMA>S3s0Bfo^M@9KZz`-MiS<%j zP$*f?Ce5BZI@*V@)a_K;s;X>^Y1kaHk*}J5i>}bVqE&qrAUT!K98e$SMhbzofSez4;QhUPT zGVjbVj7)7CW+CHIy0t?YK6E8Q;zF*^fC&W#MYnlEr2ELVbJbug|3$#)dF0&6|0*Y?v3SO=mLDgV8tU@&>}U-=##ZmxM}Y28bRdv)&0s zhYT(^JOdX9jt#cY4DkBClM1S~zF1!tzsJQKO8+ievF*SZ>P=+mup3g+jK|~4faB;c z8?+Q)!rZoV2YZz#K#MQ`vlCVGJuDYglymnD$=PwU?G-X8zD4FC0dweMChSvyBnp+s z!+^Mlw=f!5IJ<_D)w*gRmpQkJN;c3tw`3``(dI>tldpsLL1#1>{da%qpi5Ltt~U$K zYKWVxIwIpViAMzy7sK_OBAOsDwPb~lHCoQMZAdx;|LX^qx_ADRz`Z1!GyzlWuWCx) zD7~4DmKGy%$H~Woa(3VZCvVE{_&byU+2u3U+tq^~XZZY)1gIq2sw5zsacvGvcug0F ziLC-E?0353ClP_)V+=sjv^Xr?d;9lEH$QI$ouMu*OeetgcX$1I+$g6P@Hh94*w+%-O*@-OHJS6(zyucL~%H?OCaB@j!e~54(VY6`dTz5=PL$a&dJDkq$3QJgm?L43E%6E-c_>Uf ztnb%AVD`SQ6w%YS{?QnHFWcdIficQ@mqJ2EY^WrQjUkk7-%-(>*rSb)M2>RanE*(c zNGvg=p1Y|b`Qj1kif?&m8gF|(jZ6VpJ;L>}>W+#9y`rv#fW+%elFYGrC5?68h~%sN8(~U-=J3M@Kzfz)yMG`Ak?8#OEK3 z>UEZ|oz^`oxgcQogyHez-ECu9QDJwAl@F$1r*v%i2=bmx96F;Euk}ha19?GwRfxyc zS!Wm?f0jPs*U6<~iNZ`G9!fu`6Gd~kQ&m@}`r%+{mNBM&!&Xj9QKI*7uc(S0>dtnPtUeZ?z#1i25Hx2 z3}_05kJTM0Fa2;02W^Ic~yks^)2s_X%+ z@0tP-f0mmLxy>#_A`=;ska6m^m>9O5SzI^e+R&BtpS}eY>^yHZVQ=IK{cQbJHA;Rn zw9x#6$xkyPMW)vu-WA^p=t8;e_3jYQP<#v_LLH_z$D+x_&NRww+eZC!pP_A6l z2!Q_^3g3Rzic0eI1QQoq8F~FL;>DRS_O##v1OW3KizJ^T;0ltUL?0?p^mCKSS?YMF zlfu;AE?Lf9+}dHsDITHG!|=zWN!8nB`;XMeJScPy_{iujVvR3Tvwm{*yL6Y{M$tJV z^nOPFwtOS|whXC*oIRYhCd@MD#`8Q)$z0Ugs%Jl^bQfRHGQ>Dq$RSxIK^JY$J5Fp<^epm zc_2xw2Yki5QTNGNf-mF`k{!^eknghwXNPvPYO^j|6nJ4KuGx8{oLHw0iX=4c$J$tZ zaoh19yBdu^yqO7_P+6c=YroKjD21}yseNWhZy(IEDQLhvjHjNHtbO@?$$8QHMv<x3BS$xu$mJASGjAf2? zZPXShl(pvqWdmG`{(iI1Vxi~7OJ8$zC;o7UXK8b_4ah{0=?{biku33;5^j6CesGuO zi@UodM*N+%!=#1Ikhh_A^z+HFeVo++bw0C9F44$YHPKBh4!p79j(D4f;zp!Cs;@6) zSrS?}Q0BvZkEdc3kKE`#DE>gUQsuYlFJ#ic=>MS+vHact1HjGh4OeC#$1u1jG2DWS zvv6l==N`C;fcF=DiJe#xEa8+gdEHh%Uom21 zP@h2A(J)g~Lyd{D5`o)`T;w?aNyPqd;P~lH8Y)G+DMG4tI?-{t(C6=t9M5>bIPSkv zpsxr*#(~t|t&+VOe){t=wOf{k`xBRl+VW;WW1RfBUTa9SYAM+PzJS5hd%DF#fK}L~ z1W_QcR+ZhzU5SscYaq%NNr}3i-*_6W>w-gHpYJIG^GeNOx5exvDC(eox;Ys%j@ zIn;va*!ok0w{SGw8D4^Jsw6iNWr^g(<`P2m)GdR?!zY@N;TYxGWUG)iu=~QdMc#%) z0@&oe9LrK<&K`$Nh^*WK_=Ht{+bg_d?O~wjY{tTw68eh&yn%w9ggDyp7p@NFofb7A9@`Rzsk7saiMqZ|x4BVtl#) zq?g-LjnNTg$=<(_{#Ao#5l-JKWFycMS2{V3jigT+k$VXG&;eE5_~vOm!EuUOT z#f`n+{xdp_ojhB*d+auv{sADIfW5TV{F-jcMT>TK1?$lDB@ikXkS{(Q((`5wI~B*E z3>N{IEh0v!aNNC+>7@8t`HUEg-Eo^0HTo6lSCy_eyDDGk?>%xu*7~Ci3UC7}lf4Z% zZ%w>b3^-q_Qsc|U7o|F*qd&qQ&aTOwoFM!0Vjaq}y=??ByQfBoJ=O@u%&i1d@iqFJ zXHna6H|>K_Kg7!v(1ubF`wL5iG}XDxx~#-yBR^(EqBb{a1t$uzo3fcOFLiMw_jr6K zzp8q&eK`2BJ=pOTUg3LH-HUlF@=HWEyWLix`xvIJ>`cKiwy|-tl z39iAya$T>9;?rWNU8SS=++MuvV#amXDFK!4d|BLAwEMngC{U4t&h}UL z4jV#_5wre!f82R6#)ocMfDWkm?#{H!P^Fwg&3#bpi!6q&!)qcx#Di;zKxA#*Mdj1p`)d# zrMW!wq$Z-Iw&ExOTAGyEn)PydW5=DO`O^gqi%fvpAN13Hj8vS6o)8sH4hrDs zaH2kr00&xAj}S>=Dv$ra_TD-w%I%9A7X&1wq@+aw=@5`cQ4m2wx{;CYjv+<5m5@eJ zx?#wnBnG4Hdxqz%8@u7Fx6~C7 ziVvJ+7^`mr#7e$E#1s_*2HPu!Vrj6-%$|E#Gnf+=fG-$`Sxq3fSkAD#n4fYA+`PL; z2kO%BtA{aMIEn!UyO7r(B6aq4t(M}6A(m|xB`Igl+V6v0O802ImLu>bB(vFaOXi~J zLu1~n)GBL#w1su|ly^KV(ljBbYV>a(6B6QSuep_MbASM1AKphv0;a3K*+cWA@Tb%= z8b*CD&mca5tLG#?v~%{6IAjrTFZbTyXYoY01>eCxy$%$fj$C)@tCGe+cSnD+Oe^8u34+{2u(C zC&SVp8D;g`)OlDhQ;J_ch2uldtBOoa)SVQ?ODe3~epM;FQZ#Szc+Ixb3LV>xzhd2R zZlRl_O^_=_FjPp!VUs6TLdemeMI*{zQhiZ~7~uKpy>yl6 zpqi>CH@*1`wfA);hBkJO@=|M(3sCs^$RauT_w<4IKZ2hena4|6-vGvwY`;Xf>jp3z zY8p0YFtuQ+*c#<3&!Fd9;+LO|#k@@?F8t~SA+)tUE^pLDptBaiH%ox$B3IqlmQ81= zbf;1q)md^-G9I~n(3P|-Bd(^e*n>@Dn$PwM=Q3~4KUPPV~ z3Nz2Xw8*1YVX3QbC0DENIA)sU<^=sFtF*dyy!bOMs`BW*my#TjnEu>9|Hn^>xtWPhRuUmHt04c=-G4}2|K+0$J%vd?ZOq(# z;qSp@IZST*axK?0;!WXSTQagy1QX4OX%tZP5;(x{^R)P=DSF~IyZr^lR*!>mZe;MU zu=6joh_vKaZY8_Ht&{zAqnA2w)P2FELTnjn$u6l#T~Ve?*meo}WvhKFlgXLQdOuui zY)ucIsN?5xZ!SW)CrRe~bf)?0n9nvfY;1r4bPkK(TWpVhYGZLDRxL;VR=&Dos9=YP^K%R`qPiKT0&1+~WoHqIW!0 zVSe!<$g!e{?Pf-|e2zNXu&a)Wf#(5Dw&v#M=q)Y9Ushk+aQ=kY@_g6%o`AON?tA$F z+S6wLu~}V=pDv&b=({jes`m?QFfvBQDU03cHM^7NTyc@3sdL{=IwJSZi+KwCy@qNG zSG_Ca*vw^+9K{!ny~OasqgBMisd4W0TuiWDZJF(<(A$^x_@kJC=Jxlc?f6rpe6gZ= z3}kX(D%m|>Q$X1-Y%zZ!zT zVg-11y(7%xqt8g3ar#Unew7sWgO(QRa$&cY(IrgZ9d>j&tKrrI%aTBJz{rN(aW}B- ze#;K|JugX|Xl0Z)k&U_LFFU|d5}RjcmVC{k`{10R)@abY{1*lJlie|a$Jc5DaSC>i z7@IIu4A4&8ctt6&IR56SMg02yQBo^9@`2-S7sxC1E_9>97_j#Nd&lkC9x*~5-sYnu zje8JH7i%#^z0>pcMqi|O#I6ffYfHwb+arKsl{c50O#2V;3cI3ZQ~StgMVz_d$Lyck zT%PkGXOEs_(%@4I#MjIQ46PXlH2A$WQ5@2K1!nUfc!a9(DHdCe%-3ekS=lAhIazpkyRNpq@4ev` z?Vu$7C@BWTGWV=2b+o(vqZ}64m*ac*n@@Ttm3~p|`SCI=Deq3ZgzG$2;?8G?^L=x@ znfa_QUYu{Hk>B?~J#1Ph7FTP;P8G6>VuRbqev)k*hlf~=Z=D#C`aW}1Mfzhkcm)qVNdP8*p#_XoxC}OQw8AT~fzyA#H4Szc~h>oY3rQEbL zta1}_=_~LdD=Q|d{W0~zX5@k_>K2C4)rSmtkCRzfZ8Z}w{iwL;MM)K5lL1V4x6-T+ zle2d{JqrcAPaYm;St=Rxj%X+b)Sgo>SFSn+VS@B!a&5FW`K)dD$Kgr8&vF7ce;zJB z$wo5+;$K)Dqfj-ztvV>0NWI+DFwT|nXXt=#l}1-%;KSS~QfK)jadN|BN`g1fzTD{a zl~6mspqgsC*eEiI8*b2h6SnS$cZIgb;=>b6@Q@aQK8(c05t@)kAcwWd=Zj#zA&TSq z?2}~+5yZtTW_@AZ;yT>=T3R(1L1EG|0s?Lsl+7Jo zZ(0OE>xpCks_03q@^D=^O1rkbtzddy(p01c6S^b2 zppdSSa)&~ZZ>%wtLBxH-{CY>>m4ZmG+r@Wd&$bs?Nuh$)D>D&qg}t@*tYTv(2i8o- zJG{D+g#3+t0k~5lZv(bfXx=qX@Y8L3zISW+uxFTB;8fqKx1T;%(x|YSm;`#A@<;XN zSb}|@dmlt;;Y*1jb<9QP^Vce&K+e19>V(A6gv#6Z2z<-@cA&Y&NAd(Ish&n>&M&WL z;59`}2t8{iBxF3~I1?-WWMdbh{OY~FBa{E@Vk;X_Z!(&KQ^yVQ54QJ8SE9CaA{z~W zwgi;~W<-X)xGxk#Tr8NXL;zdMYD0>`i4u~BLz6h3k(yU@F?$9+R6BQho!*&1@#2v+ z2G6_KYm6#MMZw9n-I)X4oAH&`RXR&dj{m=qn0HbM2MC$eaL8Ireg-sCCA|-6_*nVH)x#Wg)MH?C|<-KAfAuo z_gcUdV8J{rxlFQ`M5Hy;`p5&O(4pcQ3PWo5ghVllXtiVf}GNt!4z@yDiA4 zsF<$mY^#&2L}dwM4y$V~Tnq;BHG7D^?i$3JONmL?Adfd4*yd(&Ib=xUE5Zt!JvZy0 zCF@JOX*00!DsEVi)H^g4zy1j=o{u7}qTQb5r0Z^15dkY;<3LyEBxFU8{-N;}4i%LO z_}mniwYl*Ic`eV_mqYjpadHz#}KYrv>S*=N7WOgdZ4{r3*DgUxn zz)4$DtohNeKGDwU52iGm0snkW`m!yaMLsS$`5LI?YrhDLke8Qt#%nEO%3X3xxbdg8 zF{K5+I!@4PIW2Pv_PY-h!m(V;F7%RF$J^zh(XtP{jc>O|)A8JS%>D*sV>o*!R!9+4 z^K{_G`xA+w=cORUHAPidIqZ1-4`$fGls&k{)p7g6+m)QM?i^e&ewO3Aj)_>6m6h{r zYaWSDTh2|6`JFI(_C%V6=&w)5j=!%eYg{lV>z0ykMyB|wP7f_I?5Y7m(wiuoJ; z(Eaf*2|YYyk3dB5!qo)oJ9X9)SM5GnP~lY?J#^Gg%=yAYHKWOvT4xF2#D^DheQWrF zZa`59UMYI3bi=Y0vnxxGWa(Rkmfcj2Z<>~)8gCNRJzh1 ze;s(aUAJB1%L7--ZpNdo@Qwnrj&6R~V!Pp@ZQjac?3%B|(chM>Y!r5?(Nq)t#C{Av zvf0fiShMK1P3|i~tS3Oz@nxM@-I}Ka@Px`Lk^DY}sI z`r;d}F8hh~7(t1B4~FF@>Rs3vyw{l}j%Qr-n6$CI99k~i3F+>W@Pc<0O^Cd8;!`hfH+p>P?`A1IWBhKz5FyNd#;Z0E+NV0 zTQpX0&iTU^8i+KuQKUKL8+b;fl+kV?PIVEN_R})u%)%#}Exg~pxk^a$<{0pc?yd4V zToTI3UmT*;By6!b&*wnyfU_0agUQpP?M*5BF_ z99AMrEFEXH{$}-&I%E$EP`CXR^)X?tn1-&Qz;UCv=UT)vHJ3j+UKeF(D?+3 z=PlZI3i!dfFDI&SF=VMku~><8ZjeTdB|eV1?CVg(OCiIWjne7s{ID(Du6^f<*xhcG zS1l=?V%-$)9W372xS*JN9hk($r%x3`3kM1$ptlvKm+qKkl;0r+FdPIb=LHQ00pgMw zLhIY_yeq|=+-p9~S@BiRn-lRR;chdcxX(>naX!t^5u0K|)T~`JV?Am}@zCtJb9Jik z^@Ahh?D);aoVU+JM~^MPIX&OpDzr)&V>bkim)fCwm?1D z&!O&-m!Yh=S1(#?Dor}D&zX6V*Xbp9UL7XXn0Z}(8>(QD0uIeC*itmYuLr(J+ZvcY z=Dz+kSkl|Q%Z8(@&(T?R?wXjpZJD8{$rF7Y9Bi1GOED;Y*6pM&DYWG;`}unWCJrG- zj_y-Mo9@!=0H2|6%n#lLWGg(G%?!s3+5o8QI)6>SJ%45iB#gjzf4Rbpn2^HqYr!oD z?Q2W_UOK{?Gozd(H`jb$34g!+mJ12=#Nzs!r4Mn_k`HLHYgr~~)i8oob)%psb{w}$ zBkS@_9!Vr)_R+p3bm5!)dh2@yzIk9S19g=uW+d&U8PRR6y;QD=1Oxl07KVeU^*Ses zH|R45d|vb!MDK3S47E3IMQ77_#VEZ<52p$9ENA@iww+Hz=S$7#wAy~5X84A+Hf0T?WOp!&7`<*1qIesL#}%> zd6$D7n(J^=U{u*m7Q|#(#Md$-gJXmHb~wqBdu~jvKGAUdQliYzC?`5uaL{ad`su;h z{o4}PUMrXT@tX{S*WwFf<*JSJGba^#4%g!J^tG|w$JPxX2PaFhfc2sGF`*!)}E@9LrllyX7K@KFmcvnS9wTQ%u=?y0_{wmTm#A|;F?HA<=xwi>PHh>z3lVy z4oSmhm#5go_LpVnFk=_634^3f{S%_`3!b7YFokS48EMJ6H{@o;M@?l_c<_Vw(BYO^xXIJUGd0L%2v-q8yq7~N}P!T@dH$W3rjzs=4~m*=D) zenO=3pbR>>BVnHy(ErUhY|{qc@8mV))(Itxvw(|{%EKN$b**u=wf=ElxC9P)Ea+H5V;ET{rG0{aqF6Ai_ z2ddjg>vOVlAU7G}CSsrErku);;}i^hCIP}1)pl{(c5ADc_wh>(aoYBuAgetcqb(Ahx2# z7W+wpEq1JqH@C=#kJV4Goad>WRc|~@U`SpLz{VZkJ`co53rtYvC_sjey7r<$)ry#a z#Q>dBmJ~gwRx!JWGQH~NexXeY2kFV-HCH_!om_LC&*)1b_*>D3Kgasw8e6KjH+}%& zS0+8hs(W)V6>wz9o#O%Bz8@7N?l&aYJ2!SA+<53dwqoCTx^r>x8tfp{ZbN>!uJgEl zO6Zv)zb#7bJRdv6Oma@&cKW#!@;d4`-7qrmCCy9YTq}mvNT!sC(^z8_6N4_suax`z zDMnK#n~a`=a1Qv7knQgQ$(uFbqmW2c)iJtdVvJ;G2+&u2??%?$u5f_vlXz^$oLAtN z9NILb`=CeMIMSHDx}%?SG34;}o|ts?s>u2Irbg70voc#}DCt|$qX?R!JS$m6PS(u^ z`5jGrc3c|VFQVoc_|CPi1QGf+a!TAxaSHF&a3V&R(r1HZ+B^jK%SAPpgsgh3k?Z8C zOaMDTHB^F-1~(bHyZYqN)GZTV>RFOW9>ei0CN=&t$oim_d~YR2VdQJ?tBxejXtE~- z%GM+3oN2cvh9Skoca-V^O@`76Meh>Q(0b)syVDu}+QP)&NR~nf2pytgMjJ&?QQ5Zi1RafyvMz_EYYMi!dEPo4%gqK%pF}I`ho5=D-L*G&*-~9 z*Kz5RLz}oM*T&M#F?GpPfsFk(6E3AESjTvu$#bLwYt_ zTas*jVoo?fD^{$l)PNQPgj1#zxV6B{nD9ls7_PnZ-xsz-V9&VvAdCF?YNbGMZ!>lujY+<_miiiXA)NP8F6(%hI$D}K_49% z8v!%#WrC>Kxm!O}Ea*8ZKO?f8FxrQHH1`Z**k6gH_kI3+xD6=E$Ax_%!SOXwEOc;8 z`TCwv$pfo?n&8oNzDEiD>Re7Vp~plvb9?&emc*`TTF_hTWjK1_p8^r<%z*|Q5Grgl zL5lpY8)0^Z=?WxN0OeA;l+f3ziX;Z1t=*REITz*nHJY^A3@JKFxD3Ib6_q1IsF{FJ;6l|L z{6uY4z&ObbKO_x(k{qFq+_qGTT0q=Frl;A#)w<0h%&jx^TphSOEl#y~Xsz)j<|Tu3 zT8$hcwk7?u$DV6Ktq`?h>bz7IEk9GXc=_72b64*;T<$XM8q@P!w^FfIn`Q&-5Qi3G zL{WA*mL+$O6%yWnef8s(vHuC_l3)3<#>hS7eChNuQE4?U=W+g0@X5)9E)8hLAVMNi zGd*+iRj2&l`W*sTTS>u*5~S2KC0L=~+dlFzL;C7>_N;?X5(TW4av6kBRx+!p^<;HI z(Hbsqt=?Fe@W6dsNu6Il;*P?8;wwoP`SKuQI-22)4Y9Ld(h?c_!0cPXmO3TZx&#DW z_l@^K=IDQnGm@;HnLSGHS242YdXx1uiK%LY2i?_n^K}5e>y7h-NK6|3w6wQDeS=yo z;9#mQhp5Nn93!Kx$@{5PpuaPue_H-8InbB4LfUSLmi%=H{qv6Pa3hmNgv4xE{Q`Ez0+0v`_S_ zMcMqLM`alpjNxl_JvYH|W1raygxpsm`Q&6VzQWXP$a*bh9o+J6_uO1AO8%q|l_-^~ z&sSzp-&pa}MmA3v6%cg1sVDo$&_eUVLr3M@dKP^s8AlxOt~z&7d`n{VPD!$k(AH>+ z$i?eef634oH00CD=cPQbClCQJ&*>%Gaopvkwfnla3vd#AeE_C+IBYb0)mWKnKj07- zesw1`tMOb?E$nV&%jdWiVM6j1@=-59Y(dsb2Cs&JCcCE;E$jWzF~Ofpm|M#1Sm#eFCfrg z*7V4s`bKoWnpmCJZ~1;}Gck$p`F@3N=&JhY^;MnF(}!sVB;4{!v7%{|7-zR1xq8&e zC<7%VaE9y1i-!MVOl$RyGAQhX|f2j`u)B+Q}JhLBI$<9A}QFC@xVI6HuMHv70ynyyqqcD*@h1Z z=Sb1@2KlC{j$4SnsJ+c8F$0ImCZ0e;#g)Bv^32!1pBQkd*V)Lm)1J>rANPbAI*h~= zm!;LR;K?EhKhN;55|SMlRXMm!rZ#rX%!b`052|MFjMFs%X_(c&DH8MI64GNV@;AmD zdrUS0y4{3zv>%n^uu|9dEO!>}BwKG0dI#9#3BEX*j!#Ss4!nA8JYSkkIeln+p=9_m z5swQ-2sc-pQ6u2BvEq#z6bmrv8&jNg-EwTF8^e=VJwRMt9s*yFvqd36;riSAsmDf! zZvwS@2X1svM-{dUuPkMX?AsA1Of!gH!l*YKU6(&cIYU$xkXt;kx8ZWYt(Ys)FLO>e zS50c#@528Y)476uvq6T1hWT^-Fo!4Qx#wrqHX4S~LCo|IrOSsGbA|(L;$@IjPRywJekNnKfj)px#M)$ z>BT8sM^f3KXupfcK5v3Wf2z<+s`NzbNjV{~Y;CV;BtzuN5Oo^&kL@b)mzra%ZW z7H+y{VCAI}<)wkVZFE^wCZ+!6+Ug17kjaHatDz;|vE(A+U$VW*@OpaWjqJ-iaE}(`tX`}BrH3;L>4m=iFn+Dl>=T?q z+hCYxUFvlC?e3_$O6Qu?alH`?2E4^2KUaVBh|op}^D5bWPo&V*Z+YYxm{_~Y#J`ez}P>EC3T z+NX=kn#CA^TNQe7X<7SHt4KFCB}@M@SCoN2qeDnD&5jXp8-&oSn}+OV-1C9+(!>Wo;mOd%6} z{NXX^>8#aA?%_MJpxN^;E?&`czfJtd%So6VZ81?(yAv}w?wY&QpRfAgCm9y5$=9Qv zxMK#~MsaNq9N0apG56i?qz4VVT}asbg)hA7Fyx&kMrj z_z+83k~yd5EE`z^Y43H2+MrU3(G}#0(N$;bIEdwr1o7Tb*kY=gjpd0fk`j}a+AlbD zS|g4Wz1;76=W+Ul{nm>0bf76WCu7*`X(>2H_~p2kaU9}*iyp)g*S4J}eX*fe*Jw9g z{46kSZnw0a#}E7WZL8^#P85XGgPBMEOV!os$ z*@Glh68;`F+lN=-y#$}|*x7N4HM@d&mEykLa=DH~4(c)t$2-yQe}DJOhire0%e%l! zxjWulQ4}6HBQ^A$KCoD$0f7uXRqK$DLh<^oqdKigzfBT1rOY zjy>8^1YHqi>iTwg)|_!4jK7Q9qgX;fu5{_LG(z8ApT>rvE)S6D<%GD{Y$yf+qz=;TnAeZQ<`Q(_ zLpPzT!BAG{+xdzYBEpc$s2)l&Yh=u*h?rvVfL(g_y(^aryF1S` zxhilq0eyYud8sHiQ+12j=NdsT?9{Lz#&!3TD3OiZh)d>XPy3G4X(<|l$ol5}z9kTe z&+#|}&|fGYQ8ow>@!RpNZaRPBvr3Q^#hnA~gkCyN#bYDGe^Ik^kLRahs3Wz3`!mU{ z7ShPcX657ikos#1>h$cumNaXZS<18rY2_uf5wU+3-T)bO`~xys;T5Tnjt|6J)4Iig z2TI#(cMYVQ#M@`}mv&2xV-!H*e1gpteowj54}0qN<830ZxHxw-o964In1yHEHSHW2 z>s-yYF3y&9P9NcbM@+wE@kDU8c)4t40__Z-q@MQZqk!urAIp0`3fA4YuXs3>UVPA8H)AVBRu{^_tPtTi)YJdW=ei52>*^CRw z8$c^3-@BB?0^Fs@4$a4{je@9i@<>zb3lE+4y2h-!GD^7LQjeiifADsDAA4aW#K+d$ zXZ7fs=?IMb8#S``v89gnE%CvN&!3U*X17UaPJ(g7$^K={N0yoGI`bJ#Cn#(nO6c;;bd3p` z4m+uwQ{x9%traYWUTiZ)$g>`gU#H{wyc&Chq88*>nxg#MgGj?e zlKvQ_DW%u2RD|mxB24I%jk2yfI}UL+Y*9Du=WWVm)XcRQ?^cnss^*IhKBU$wXhDVVXPx!>N`5&_x+|e7Wg9B>yKc@JB_DCXD+w(>#4&nxwt* zjNy%xxzk}@NS9BCb8?NeFzOcLf&|A@MB&s}(YPCtbL711Axwf2dY*RVG45V}KrN+| zD%pZ7>ktjRtjJH=w$x{6VoRdLu(B}GFG6ioVlsZZRVO7!$1_K4;BzvdEzKy%lS;ib zm_aSLYD5Zkb!Ydxp8%kY^(&QLtlu@*b(vnj)otYFPn-jSHGuM`GN|5)QB53vMkS4d zYJWErKVh!26b1$&du~L{X%;%(xu`=ykT)1PCOt#a=&>C|-=agsiL!R)I$!V8X)N-T z*tdg4oDBE#Z^m3R?cD^LA~p#5dtjU0`5Zfj5gd=9_nY8>~ z7_H?bNTceBD(XBRxk$2SxO(lDPT#^ZQhVJBJl+oHmIm`m8NKdvdXW6S!H@mnbf2+y zi4j%f@wS685?i}-YEefrxkOvQVWwKL2AuHT9V%?qR^sHMwgGlLt326IeB242%cyYg zJaprK#zgaOM_kQ&7Dn8cNoRBE?OZ$oW7w@RtYl|6{}!U7^SYJOI+;7HGnrzn zQ$EBJS6}@4^(@L-X;&44!*G?Z)amJ1ZX>;7B)rTO2f}Y}KGSsDbVGja20dkmw4I@@ zkAu$iPS0*<^rmSaY=$oDv!!v7b!axP~0(F2dH0hlyh!@32HiY zYOX0Xjk?;YW0#lsuJQHf3fCsb&nXb+6dMi_ofbdezEq*2S1HfX7nuG9=lwvr`Ev8@ z!v;c;q8sMhLy~$|QjwA`+RRC(;HYHYPHqq10)oxOGRZlinf@vozT}Gx)dL64(#;|w zO9z@O#NKtY(8BcZ`12p$&NKwZGy^oP&RP|f_?&d;>`A+KE7}x-NtqK&Auc67&{VwPMK;-KtQd4H#s?zqX0hmbTw^vT;CxhN?*KG@{__8 zokMrp0(_x86mYaP$?sF=A57o-Ow@H<)fUz)`Sp1>kn2?`^Usz}2878lY*5lNiAQq3 z2kSb61T_M@KcG-kv;Y4vt7(p6>@YLNHR=PL_M#+Gq|z_@fl@{>a<^iA44- z^vXTn$-RRfDsT@|w@KWzBW#bV;X|ZM2-vEC^iO>IAx1L$c(|Tvh)iAdEp|Vj`!9rZ zb1==@4bwVI|9D1MS>w}{D|BTFj~;0J^bhZ4p;>kcPoW_H>A1hG>CgxCT2nUd);#;) zG=B2o|1XjM7ZP?av~}8{h5qytQD!SzVmJj$oZ)Tc_sD+EeT}<(;4eM>zc8nXU~969 zt;T-#CR#|8OWHT`vKZd7K8sMxkvpt2LCiJn_8Oxq-BDXrgK!D|`PM+sgL#>aj%Q2 zK`H&stkUR`mU{ogBICyclT9m-I*D40v00MLoP+OS)#ilU?eP5L+dYVofpOU-Y%Z4tVu4Tnq zWO}idqThf2aFm6(y4$4;y!VvbK;@XQuCbP|F$20n-nL%d8GCNkjR3&khEV z36Q;GnWjTw_ltDI&nGk_h8F7adZ_!;0GYSA;KOl!kmK(8{$N>fb&h;&sph0`NZet` z7ObU3OCdF}>2yEMp?UJtqU&NuI68`fR$OCU-J1e@1Ae;ndc;Bdo;VRpkXXc4GDJBf ziAR?nxSC?owUTT+SO1ByNw9Al-T*v?Pwf(F3(~cmEJgw~_@J`_8iR!!c;u|EG1Diq zDfRmdnLv1bbTTsKA9U#f$^GY*qe}@_zt2cDSVn8yyjOMa5Ncc|`TRa({EYscZ3lnk zw4O{#EY^UOZp!q8z{kGb@4=jbc2V-l#*&htz7gr6^Q-R z>IaTfsbL8!nPh>~D8(((2=6sOKtKNsPKmU!sFmtw zYw9YJV`d7BsGU$C(fdZ%y}+MyTJNb$>-6*5X>&XhOUl6F(*CmIE51w7BG!rZye;R> z2F^WqGMG(6;%V^B6YWE45nh8p>%>BuvrLx((G30mIN_^vTUqbTq>}D4cFyScLLROG zt*aJ=^p7D_$L{^A(n-j{av!F#^3&#-85f+5Q=VnQK|zv1VBFHZ8aiItrCy#!Enz^PTGwx^sIm6WDPfh%I>N$V@g=5x-*cRYs*~}%64d$w?)Ft-&1f9@ob^O&V`XJ=ynn859vq3Q+6EWAHEl%VNJDvDOFYZ1Hj-_l} z6_49*Uh(abshz_S^Eevh*eb5JuV$3=c1`xUgP3g;G4eee8xXC0bsu5pa9q`l1N*sE zpI;^;*~v6G9bYC`I(z`?(TrJ-apI)CWR+_7G0!SdYsz91~n$5Bz z$4T$4o1ThrI@9WFt(mu`gFkMB9D+sE~o- zP%4c8hU^?B*$m2itu>APj^X|YP|)B{`7Q@&%D8&sCK9BGiKToi@Ng3fDb}qD8I9Sy zs12H|^cHDvHz(HFWSwmvIol2N8O^ggKN~c z&`O=znT0Fp=d$->?ic8df+Tm&{P(A1AE6@vkL+KY{gF|BM?TroXh`S(aNy^g^2ZP+ zVYs-Sq21Btg#SK=12(4lZIy1Xe}9UQ6zxcp)RQJX_&Ys+_$CmAhV&PBqAK6Nla(`> zD1Y%C6ceQ!-rIcmm5*EK=c8Dn-E@cjSwT)#853NBC^}IAWzm%cX7Fe0q$E}=7w|S3 zzQmyS5UyA3Re|=|drFGYKc@MI!O>_bRmH?}pL;R_Eem|E*vjatO3(d%k)`>zAX$%i zielT2Fw%Ho$aJn!3fXjxUF3IxL*uPjkGdqV6sL#a%(H)fFl}+n+CmOz?Lk&)i(_bJ6@kx~iN^tG=9~@y~hl11M{-GtHNfz(#+L zE`CTRI}6i1cg`o?pCiW~a>a3jWJfE^!TR4vOduuMNgDo|{Bu_S5N!&4Tu;sp5utw{ z@e5iQdo4Eg_$z}cb5oyp*(Qy0ze=PQUv3?18OI;c;Xmy4 z8^rhzd;N#Kez*t!LHobpZkhj}{cn!if1cwHefgi~_#3SHe?2g9?vHsbM%#`kh35+T ON8z#Zqtb^aul^5!^Guuo literal 107750 zcmeFZbySqw7dK8Rg9w63H;PDubb|;eDbih%!;nJ`1EK;dX%Nx~4Bg!b64K1j-7v(^ z4a0A|@h!dg@8A2rm$g{y;W@R>K6`(5oc-|jshT3uHR@|vSXe|)9zS}9g@uoUg@qFe zxQcnRn&o>B3+p?3KV3QYCzB@@jv&IiN#JsgH6oE{hY!oyy+S7T239KF+JW^F z;kRSDZ=DYxlVCCHha%GTSu6E2Bo6tly;e%4HFc#BfJc zLh9QDlZQ=asR)UutOT35IKG89`?of>nbs#~hTWfbVmWojMWUCPNlSQm)FWHt_WYw4 z{FObTZ5@b>N3)R4P4``TiyR^RZV$gvx+=yUv(1r`aLD?;Z+|};vQrP%Fx$w2N{jd5 z4`1iSIv=Htb^?4WioP%RiE3T&9Z2utTb?q-7Vi^TzBCc}*js|s3|zA|fx+Qz`q8~a z)GgYR5{;{T@mfj#B;TAfQroW~Eax*M28MA=j6}YUVsPZU>)}5zp=gVYi~7CH>9^QYl}BR}Z&Y9~ngoqgJ@6 zmR{myT|Ov?lIoGod0r+n|DGV}VM18$0;-CG{#tTU(b%k7)m|)vrk{h(7lwft%E$Yx zaiM!=a>M#X1lU_Ms}Ifk0>|D~Z@0T1lSgcS>X-FWsd}=?JbA@s_U+xytRWSX_uKf( zDkN8H%mgk6HlCSvH}KI+l9W`m*SiRJFu1l;Rf+MoZ<^gRslxB>p|@|exlg@vm>(_O z%W8cAl}hsw)f7F`AZJ@JZL^tNYriiwGxP@cERun%*lJW`1IOcP?Q22vgBNcT+o+3j zN1yP~n-Zws0t>sjEPR_ z+kff*oSXkmUq$SgCJehO<7_`*%gS(fY*DfdV+?7;VE6=i2&R~{EZ0C74to>9c zv3g-=NdDE?=i-KUIV0DccV1!Lm!U^p7fiXb|AMdk`&AJv-C2Tj8QwQoe2k>sFSOP1 z$083nd2euDWl6c7cXj=%brI199^@;wGv45rMDhtPB;-$$>z<)Rs_9*dSxjRg!cHZrqD@^`SL z<5q`&??5|f7H_>v)zYFGdPJn5JVgOZR<7V0X(- z8Yz(daZveGCYlBK5!8WRy!#;8=urXV)}3T#&kxD(gRO2qzy93lIrDRo2X4=GzHfZ6 z`&4}o!NIShkxr>Gd7tmo^-haUg-+Q{(N5e>Lw$XHV||-3wi1ak`4Sqd8(k)!Hlr^d zYk!G*2F*fbF|R4D(cAMMa364mDe$Lz!#~)bltqpIai5a?_l+10^`9Z7m(J00I3)LB8< z3ZL4H!V;-<1+NO03*ZV|iHjHLvp)p#l}VI8C>yp*gs&lBz*^v5*@#{8u-{iLb05Ca zSenoI-Pm+Qi86HWdx;Z;63vb8OzBNAPs!EXIJobl=9BHSzHhL9b-(;pwvGAyw^Viw>)c59fbI)3QT2>Tt6l4_w70MNEgxa;yw^g?dwF#@dxu6}byQdw{&}hN_#-}k*-o?+T)qWJFvkVc;NHw#%5iA_4kvskXOnL zU8FIMMm@&-#z)ms$qoXa#l1%s>4lAjqbGAE!8E}!&e;p zY)tN%P??<7n|K>~6V^vS8joCdK5rp5LQbw8N1s-lu${D?f({{zh3m=7rt8uqW(>T- zDWZ`ilsBvHZF@volZa>Cvt=CR^YU{B0tD}hJ$LI^c#3#xZfi+NO-@@Ov>{t1D1JI4CFh zPL@^0RUPd#>@4jV6GRj2-72`7!@7Hu=ELJBE>CJdUd=pJHI^>-jJqiNU{?vFQB9V- zfL}kL(&ty}{gnJY&RgJfByDmX&j~-rOYI(N6#}KP4-c9S&7I5|7rk7ET~4bUCtXpc zT9t#lgDZB9c0j}_ToTR!Kl7HV>!}-|3ZR;JFm0po9QB>{`@24|PpZ9Yy;5Iw=WTWk z-O608SHOU7JeHRQMlq8I)wsQrnZJf;uD#c@0awP|#8H}0Z1M^C`IlLds0A{Wm}4WXW6C?3c$q~=gz6O`|gmpztQ z?4-?Qz>%{#Ar10B!=AwgT( z8y^Gfib?5s=R<|{Ps0^%Oe@?;N7DX>FGm6q6jR(n#;(=i`4Ys^DF?CcTEV!fB)axu zt9^oYe62v#1ZeB&=(G_#>5_v;+v|3pSzmF&o2qiwpa_9j(Hi=a>3%yj;>yc+R3%__eQ(BGn%Iym2V$(#FIG;OAP@b8S>xq}lO$s&5q ztSB`*8>?;%7mJHDiEdUhoSC)W{|VmvX(|@LIV)#<+LLeCFC>$&zH#F)-cHiUG2?#` zdkwO)Bi?o^rJ`a1q_z7D1WGT?+9sDf=6$fMa|`R)9W2w=ckZ+pDk?N=ynMce)1Sam zfAlsG(04q+)tXg*M0Tu!zLFLS0!t~K+`)tj1kR83-LSC8S$_OtKY4a{8xuubvD4B6 z>#3@USvrBZ&7V72SaExSoH4zzuq3?1FpnTBusNd_$idM~%uAB_w;p1c=O3?mm>GZT z0tQMl>#06vlyh>mVie>S;O1qPy2i-JDB=3tTI|^)g+GR4{*q+21%sW%cz8TLJ-I#k zxt&~Xc=$v`MR|B1@H}|Hh3UcN=IsbJ_u_JNyYu@bf6nvB%FWW%&KYdy_^M*!+zV>@5@R2 zm`v=cotKq^{v$h(m7^PmG$|p$2NJ(6^Ha;e3H^_edjB5DCoC%PpF{tn=|6`4AVo~w z)y@jTr60VI;*;R{>D?dwC3t=?>OUCw`>Fi)7IQ38*CcrUb;MHFCWo=Ov9M&Yo;;G( z^1|MjBB+bfu9rp!UVi|vW>sLLmh=e8uy5cM6#*HfH zj!GT+*9vv_bYRw^R%$G73E0{1XQfT14;9{MnLgX#cNIEw?uATIY}O~6ORjrM z(`+Z*m?`(+G$^x$!T}_VGB2>Oaqxciu=)&V0-Rmz!vD+GKL_5%!wYBt{9Tut6q$&< zUh%%c6yxo$H7vhg?8kHgD6al>!y9?XX&hA2Ur~kWC_{0ZSJ0NiH_P$u-}HLH*zft5 zd;5JB5dM|E?V@i!E#R4=Mk{=>Mm=(%*9>=sH#Ge2l{XaODqW zGgg)%87)uBtY!LZ-D7-8LV|b7{I}})66a+T_wm!In}4Cdzp0eT0psd~|Aat_Q}SS@ zP2XUeqNKvpMqq(yGCax{4?4<*qH>-^RFi#efEQl$!EfgVt)sUfb_e7eXc)I z=2z$3f8`2Zfbn+f-ytS8&P$n@zd3$v9OI`LVY|YRW61nBoMr^<)BRsXNiH2{TUCuiBW{epJaMs*7mP)v5(Eps={+&U8}=pub_f^jBGhcFn3dwT zuwWgU8w5DBSnF?Lt!I`ep+p2L1kO6P1gA5Y90?Bv5E=ZE4Ml>0{n5j35d||hap^>T zx1+1Nbs%Ax^c*{ew5UnvRL1Dh-$@q(b-(pM5*wVxKErgZCc z=_3RtuwK}xzSZFBkqe>bJvaup>feG#`nG-WzL7p+>Z+OBmwym2kq$+0HHzI)-ApVT zbOW6Zu_UW*HRKQL4oPF<7{<$J;gHKUW#OEEWkA`wy`TW%q8Dq#;jgNFcyq3K(ntwF zH$L5gkGN81k^V|0%zzkRb|g~I4zt{Ne-)O!pqN1b6-p5CLiGzBI8VO+h|sVMb`r4} znMQu1#WR_L(c43uXF#r(qO*e-Bz>xyQgzR4BZOodqB~=>S)}7syB?rO*sefHxeiE5 z%Ej~FTY(rt8*qO}+)n`ZlqcYgRvGvGqMXGfrI{E9$J5QY560_C)1DtHK@G`j4;)(< zWz4z&bw}TbfH-a76b*t=Qm*DEX*AS2HCIpE`H>0#(_dn!j19%=C$azr?-o*I3V|iO zghDsN>GCjofA&^i*>{&1^H+$82+8}KT^D= zn|n!yagOKhdCfbmpwYn-4j;>Ek?aK7RT2!5 z`$=>|U#>Y{N-9vC`U4BD3CP{_!u*)^B(^Rugr*|p8e}idV10=$zC)G^>8p2eIz*&Q7S312U$%6T zpGmpyzDL4oP@H%%E_A=CY(-sDc46GJs#Q?+%dO(N3RA_(k`8`VXvOpE`+PG zZV5_+QAzL~Y>tQ@bgdt8dHcxLEW4Qk{ z+(Hi$L}E|=Th;nK8YjWVyjv2ILmn;5f32AV*UZe)H&ErV^syF zQ7uA1M5tntN*@;_)j1J>3naxuiCV7+cx0w#n;6g62*bmNpvOxw93~jbypQ=`HMk4prJ4 zTz$tYJPT=?^OgM@{5=dxUEPBt@-v8)q07W{pHL86N9D{>^`8{2U;c`iF^P!(z@FV8 z@kESE`(Pr4F}mHlrF_9eH1+#hLrL#$@bGJ&R=0Pu&v)FE3rXn}Iw;L8bsb3uFSbMF z;J`Lwb?BK^HNvGf;})?vFLXKe4312$VFu~x=kB;LKt{yj@t$Mbf(h;|yWmB-TX2RM zf0;P3x*6E3kppGR-AsGg*-md!Fr;e&Ue2nnbSEeDPTO`=Wv}|>#hz0Jq2t7$mF8B( z6MR?~dVL5fxDW(u2qUJBnf6^|LUItUWG0vO&n!>trYTQg0;Uk0voIQCk>yqiI$N$B z>=4}8lW#A| z96lbZj`$xgf_IPaJ#6|w7)I6TRC5-?@WhF2Oy|^Nsf#5!s8Ot^W_x>=r0BWlLM2ZI zpVP_XnzQ{iCbOO6h8D#PH)%hY(;mCDckww5#8SvmfulGC{JXYXlWOL5?){@7@Py)x z$+F`4spTnMc^j#ljQ#8Z*id1u{+|3fa3WtMzOb5TjbRdX*_{dWt@clWFZk$In~g4x z9wm*tXe8YfkfJbrtp!=}_bNF;)!r8N&QFzrw6q-vUSk7#<<{K$3B^|}a1slcd0}&* zY(n^l6BVIi&E>G14GYOed*IQO*Nj{so4o&J>yc2-gV5fX6=cm9coC(Pf^@Nh`BHfZ z?&r_`$7e}SmpMfy=33VjL{8od(`rmkZBw6Fyz3XY>9HFfj+(AZKq*U~wC^Ad5kcgR zz@eO0yVLz@WDQjWOnik$&GJx;F%be^6fkdUD;#;Df#fjt1|?Y^c=kL{=|H>|Dih>D zLh_YM8G{e^CC~K*5p|IE@h}c}z0z4MGbpeub ztJhcYbbf|Mi9*6;vI6PeZ*G%LwKXjqRe)7(-#WivS(mif;}(KN0bq^96Ibj!EV*Dxl!dg z1449sus>$u$y2FZY;0klNO!4CpYo)yC?@C57y^#y(9iS#gt9*@3N;=^t*bU#wUKbW zkA=);AobgY3X!ZtEhYVcA2E6;Y@~QFKYF-I1reuzO*{V`2Uuy;s^&Ri3 z)4*86ToibzGy~{sw~j3+j2Ftuq$kkG7$;R$|Faimv%Q9hS{|Mo&8S!@abrJ>pV>ZB zUu8bt_qF=Lb}7;mIj;lg`Ru0{=WE^teCW7l52`^4$G{Lg$@O-KEhnXwCH3TsBlXNa z+9IYR6+1JZnfAWN6u#T<#htwoJfpo(xp8;fnkdw!y$V7Qm$p-?l|t=g_8 ziCo+tf}oUFw0WL$i8pQ@X?xV%zyp*$V}xCu8Xq4el|u;8WWEm-e3BdZ!bSZ?cTxy5P-6D1DaJa*cOi`mU<{x{ldf;EV5sP8k)4q%&^?MXUVyOiTNBecml7Z0dQLxNMcu`{!`AICK6aBQhL6 zaG!F)F^7G7vzoo=0U)%q_E>wY;B;M@FbWbip)4H}^rCgMINyNe7~>iVynfMYxo}Wm zbTBgZs)?Z56?9^rnK4)jUR13!jj61huZr1w2Q9pGUP#F+8#(gZ4&RRh63^&a3G>pq z4_ASAtXRyAkzZ+Mr1>vkv^XZFR_cg&*v$52RPYOyV3YFoSG=fe2XzAo)~*Q$|V)kuMO z24I?f0wwyw$LD(qcmy{>8^!L6ifPGyQoETDwBno%Hfnv(XIInLBd{U!?3Ir=_udk5vO&ETXm zA?h75aB{9{ZeJX+BWi1pG6`u1Wsd+h54$a?<63$xwhetYB^8K)u64NhM2{7h1n(}? z#i9?ZX_rxn$#OFvY-s14tw<;XOnn*dMT}MFI5{L^?0?9*J$+=$N@6f^ju?uqIsy>O z;OpRr+!Uyj_S!{>=F#fKP9N4lY+$e2wxV&rV+S?~5gWX3fykQS#{3kK1Q3(0f`NE# zQ)Ia~99sf8TkLX;nr=~M<->ylUxvcDrpSk0f$T_09Le%``gC${)RwnvOV>KA*BD_R zw|mFK@@XW}^*-x*jKXdJmorPpDRE$Ar3ld(p2EkIgL6TiE6@d088Z7&31Q;?xP_^B zdTvZpI1D(1xRH(=aL+3!}@!=_P_>gj27%_EfsMWRCLXRSM=zG2;b9yXFKUrurbNsL3rYu|$vywNPwAQ+!qjrOO!qT{5 zejHNFJ)5l!y8==bG~3SrB{h9p2v;{1HFq8N9PAemxlAeQca@*ZaR(xD$hzQpV{V!= z^I`${Rf7rs(;wHbPYf@2dolJn%ze_1F#YIg;$0gV4k^4*(ot?!snPpN`X2+~(hEX9Y8PTB2 zuz>Hk`W#R3vEw22Sq3yQxnG&7-`Yt;d=Kb6m+#9&RyXHxX&Q$2LPKe)0A#N##I`AYE*2mI_H<9Un9ZA{kg`~pnyCyTP9?) zRYHC-p{{K~GbAP>RkX=RzF~M4o95vFfZS576E?mUGfd9Dw7h&4=JtiTL?q}~ZR2xG zLGX&i)F86Q(J5Q0bnK(DN1NLl|H0elwt0e76?}p=TIQ&D+|jvedv1d~ZQ1}-BYonC zvxiEQfrI?V@M? zJ^P4Qj)A)ZHDz53l_`9%8e%7M2P?F*KD^-S zBc(5bkmXcGp%tNn?q*F zwn~QO+P{NfoS;_zdWp!c<-vg`^Qv+^K4`ND>cbrz-b%iXKb?$Q+A6A-lVH7zcBtbl{9M~Nnn*Z8 zmC#bN>DnI1H-Fx}ZLxgW;-c9iL?#P-+PAv*)))1SHgYo#H+N!pFokHn zi%fm|m>M`0Rgg=G$n5P)HPjlG&mspsA|9hx+a$!Xj2ncO>i30_dDHMrtg_%Vz;c%7 zXM^23PF?+=5)t_Vvti}8w>sv=FrN2qG!1L`l-1~=_LPNbnLAHo0?P0BZJo&iEbfR1 zLVf8J$^mmV{uCCn*+APlExnSxAE&E!Kkqx`OnmIk3IV{Rf8PKRlW79Q%t`Qy;{&6F zSFHfu8VC#P~p zPl~4v%Go5_m$IoUdl2swAZ)sZ^3FQ>T-}$E_l9Fb$mi5mka}ax-?Fb`hqQldpwO+? zI;Kq3)j|ml&5I2^Y!Z=z?QvGD>`9~9h_FK@7Tm21-h~R1#$UruTiZFr&z%A0K`W&$ zP0L~%O6s{_`ct5Groc#UG~YALMvtEMM;XuEKpw=n%5qI`%dM`X8XY+Gh2^YH;ifv$J7=SG6d?E*c(Pdd8pjJ zKX$6J^fQRcWgsklwXD=u%yJe7p*iw!Cfdra22LoxkU`*7N^RTvsG7uZ`x$#~<P=S{8&~G+7oLh53w`Ro6ep-Uz22O`v*=Q& zULW`QSsCvet`q5MSGVLk9kaYC3Ukxrz|BtDPOc7ZAEG4hv(um(OSneWKA^p!RF>d& zfs`A|+r`<3&xr{vJ4f|^d@tt!{C5N<`3omTfeStnKQdmZuFL+M>cgY4J-CKu8(D+q zjzfITZLXmHo&zg}|FzjKWZDS^xl@rTdicyrZPY>-hRB7KG+OSl7wdoxCg^Hbf|*{ z-E75{@-&d^F`(10J}nLJgfBAHR4uO|=Yr^RcW*oq#KBwRamJ+T`-WcBt{|_Ur2{to ze2mv&HynF9O!<5=jiQ8WoNbLVb+}-coNCxLK$AV5;V_ySN_NpmW$!u`IYW= z9_V1c0VUnOkVqaF!l8gnuC1Z^U6Fc{l$&bOF28{aosWzOezC!osg!d?3S z?wUM6J70dtD8l!~fQbPOlinHb#JpD4P{H1_20wFX<8sJ;PNG2t$lP4AF{66C@Fb@h zuzyG;UZU~BaDx*j8g{K4ZlgU(A!~%x%GSOy?&Yjm(AuD6s$1C8$5^;EY7}w}ZZTnP zX=`xq_w8_4>x8Ed5ns^LSEo)ayfB${J3rxp5c`cgT0fG}|ATK82~E~$+q^?uE}bhC z%St)ehG~NV?VQG=&jEUMosrnBp5@+jeCE%@(gO?5)Fmb8B%UK=-K?d@x93`sN9o97 z=ixS?gVm4lZ}Y*{Cer@Pi>d*(21x~HXlM^Dhys&*S7Kzxx;#Gm9M~n#==BsmM2ay4 z!%`ld?*j|0mzA1oU6%BphG$^!g&0Iq;oWI&4uPkgrRJ~B2CE*<-%%))3 z9;I8H4DfrGYNX}TdK!?yG#f{Iv%bh)m8pr1DD>Tm@IlRPMoe7ZUG_}^YvzbF-~FwGp}Q%fwmdTEBhv;_v8L18TgDv_obZZOr357PpBeu7)X( zn0Wb)FEp>yglGG@b?7rZ-lD0@Zgw78;D@(H;h(6ykeR~si^)CkpphzjT7Q&uOXyrP zpoaj(j2G(nrIUA<@%(g1cw}kXBCJl_M#3Pr#I4XMkuqO5?@r8!tKr2w>|McV19L>F zptcbyWm_C5SNN*(M^Bo8r#Y=)#8hwmUWl^tLv3=pFsaxUt za3w7-DzeaUOsTN=;>CxX$DOz#$$OH~S36E}hpMzEhL7(X{w$4RPgC01RNF%Za&Ydf zirbz$s(NHm7d?q1o+@V4b-ZmjlX#?B3Edw6j|vN40k%Rj6Fd}7*QgfWF#u1+tjE72 zD%P4in6{#vCy6=M?1zR3P6=&i5 z5$y?LZ?T~Us1JoBPY$6|Cs0-=zQC8%S=i`ywf-pskvi5XJ@6m|cX9~DSXxMeXI3Hr?d1^=K z86T18GrD7Uf{nju|GC<3`NJoL4Iy?qK}WAO!lncT=WwP&iB z$ww2xz<<&NK61L3sUOj&idf-Rw(C%{8(*C29KNDrhsl+_OU^8;^e$7w+#(I*@X4>r z>rUzccJ3|nZV8^La%ut4^E^i|stAd(`6c|N+2!uEL*=urV&L3p7G5aH_UFKp8?loX zmnC(MMvCRBa`+i?N7V62ed~EsA2P8(1w`FL`b1w<3yRp))=wUx75T*-jT)W6CJfHQ zb%8`temw^xgAEppgSP&}udnV;9mmL|CFV~QNd!OAAfs5HmtUI29y@_SI4+U$>!;)F z5%$baLu_c)Sv{VIGYB0f+6p`WC`{ zX<4d^{!Zj6H10pNiJ$>-I39lw^CX)QsuObe#e2O+Avxo0RQI;;fSA~j@2&1wtl`<* z64=vc!pS-VKJ@mKm?}w4WVZ>7!dxwU%v>(weAx8R@bfaK;ly~sgv(?nc&evVI4onU zUtseE6fxGm8Lvi(!O#N3B){FnOM6$<7EHLD3^N7;<4R%ADWRts1PiR`!VI2fK6}{O z51VF;;?x>l{k{`SW8$07c+A(&4T!hi0k0}N_CS4CgcT;ZDfvK>*7lm76h7A2(LG&H zmxHDECA&X6wU&ZW;z;dm%sV|63VUeUG#aaAM&-` zM|c)#JnTJZt%8)$@HWR)?%a_)%++^NH*hq+19&389yNk5;k%`K8#c))?!ORR?`pd@ zuB-Zl6h|9K+8ah&11&eUyQBq>v46`!fiBvDSELOAN%NtAFT_(e5jm_|^=I5PZE+(b z>({u3L80Z8x#btaem5|6y$K*o#p|kRp7g_6A(ZXubspx$t^S%^5I;GVnbY$rADNGJ4*?Dg*g!ns?nQnbOJ@s3UEiCfH^mhnn9fI)FZE=t`Q zG?(uFiu-iX?z&z0{<|xMs{UT>Om=ILYo@6gd)ApwzT1j+$iS6MCsn%99AzHklGJOd z+W1Zqw!^~ypQcZaKJMueJ6Lc65eZ|Z@GHs3`ZYCy;kqi9#&NEvP$Xfp6j$O!r-q&L z(90O2iwhgn)-L%e2gbHpMsyYI>J<73VkJ+ZQH6YL!PFr!jj_3S zx-gKd*KMXbV$rI%k%go5rcco;%QH58%E2hf3KDjOq3I`>ELoDThndG+9)*a+jAdCBI^4Uay{fH?r%+v-XqsD|Qj6Bc<@zQx z@v{3%nH#I7`MuX5KjK9Gz&N1+76U*#c0uzd zs-#T&XwwslF24oIB{^Tr$-8x9GMD7Kyt_USQ}!hiY$3iRlbu066kfR~ zYxtK_u9t&whVAK+eGnDBBr zmhMW5;P|K!RFnn3Fdy3Bf+o83%5rXW@k2^h3M9cTDH^vem@ro`XWRXl8xdE`4!(p8r-~2~+t|*Az*2F~GCLtT63%@_1Xa4k>mghZTP;#XCL01o zWh8R$%7kuphN(hX-z7p={>Rk^U`}vt$!KbEd1`r?u)A(E9BhIfq8jf;dS(*t7KYpF z&NyqGkz*htG7I^$FmbNxcBe;7b4sb%u%@nn-D)bBR>t579z<){_cRTkB z`_z{b&YXSvxIOSvLGub=iJZ&yJ@KU5h=7;OIY(F<$O>ht7A3_@a=s_c@B}|>Ccntf zbm=p2q(0#bH7Bf+7STMIrC~lCcUVbF8`d=xjET;k=BkQP&kdZfB&i=s3RK#A&JDy3 zkMC%0=DJrt%gPBYCrf+CO)<4(8m|`GS+P9<8A;61(QboEY=7goGa_~+>;oaP!-5AV z8{VbGG**fA__&&ndmd?MLlVi1#gbyFiYX%ETL z1%D@DY@2IH3~Jl_Ff!bQt!oZ(YnphDCuL{3bv zw~gYjH2Jul+M=X_mWudr+GB5es+lO3lnGYyuv4%uz3UPj+nc-ha2MWC_fsYeOo6F- zX7z@@Y*O20y#7i?_%;b%#bxS<*mZ}?j)W&a)l*=^FW^%}z#mdrrk*0AYMVz!3B1}S zkV;By|8pi5^JeurroOdz`*vu+kDJ>H18nnIowL>J2|rf`VOWi+1&(Ahk5%n0yahD+cf8*lctgcMh6`!Fh z|EXI)S_2&KkeJUN6*N>&Ocv7oq+CCWoZJYr02`Bi?W;f8?Ej#r>_;Uqw-D>k&fUL* z^VP{8Y`E|Z4gY!L|9T@+i>bojv~c^|Qs7=L#{cI@s?Z~;@`Kj4jc}=1Ah_sD?!syd@-^kS8s4rL(vq@p-wqyLiboHl)6d)l0 zr}l8q-Sa=7;ot219ge27Fi@e&P&e^&LD9ePYIPg~6$KZ*QLSfWoqi4_Jj zPOoJF@(LSse;e`_GLiKbbJq9r#C~PP{?wnRrWh%PUKl6-Vv#?ml~KiLs-XE0+n+Cf z(HBDy0B3!DYwfS3^T!x_W=23BL9W{0$R}V>SB6B-)L-`}$K*fM=IJdA(W-jxKV1_2 zOJ6WB+-XO?6fw z<}@161!{k?{$G&v?}wCo7^35f)_!&5f9^vDiUF{L15fwABU+FYL-cFy%)dL0H4e;a z{3AlY5avHv{f`L!BSQby&7aiv9~Alrh5ili|6zK5my~}D**}Ktk0|ce(p1Ku{|n$( zR{I~n=pVo6S90;Y`26Eq{~zdD_vbdm{HKeqN;v6vwuu~RM7!6Vp=uGBd%#Z>W7hHD z)zo0vLby1$>gNX;$XlB~Ctn^*V#34Hq(8nb?61CpYP>`@V_jh|To%nYsTb=>6c_GE zlC0gX@!FZcJy9{`F(Kf!JuBe4*dbuu9V_6mG1|Ps#h-(6kFx5D&Nynkyg&*!o~V8l zZn#9BWinhIx7%&iA90H>x6wGM*d#+e462;XPiOI^W4Y_Ln+0t9Q%Wp-8T(BFjvf8b zd&%lEXVXXU?YS1jQjBR5vGn=&p~s5Ee~a(aAGr}#Z};D09Wez=f`c!d>tGkNxTLYi zm=zLV`dC&uSZG6fIo1+hJ9B{oFTPiVG06o9I2^$)a7fE&Jx0y#mb*W5dANQfRZPcx z9Nh4fjS{~vS-O#=KRW5SmB)_{dWuNqo?4U)@F4U>xg{%`UaaZT^fHJzo1J3#9HkIS zIZ)I?^WT*9>*J{qjq4}9cKO3}yWe_qtt5*Ua=z0(ArT~ffmCPnldqk9Nq9}$K`xjW z~On70weLjRrcEQH!eK$TzIyKG+y5 zt@;iWzU{R?pop-Hkc{>@LM09t7{@DwQAgcVOBlWPHtRZukC#Rsy}L_Ygi$Ron;wue z{8z#+ zYuTBdIr;NtmGzq-IqV5XoJHNL9E2er)O%5rxK z(6f2qSJ-~~fi=m?;&g%Ga@0Cf3VNDee>k2y;0;RxJ+k=kZ(6}Ov873ocW*TF{(((g z93%*TROO7HHb&OR z>lL*d%F$M(w^Vcw5Z|gRb!exDY-j+^D`x!8f;K<0s;gndQW}oTOr9>vKenE%azVNm zLX3AT=MECLd~MbS(iF#p7;2Jb@^l?~+^qm_*pn`{l4|C4lG z4aI?7-3(Q4js1i6ID$OWMk(lFX|igJk?WHo;I~8JdZemq!BIKppW0Bczcjf#9mx#g zX%Lxm?czdW*yEM%&E3NPdhFIFs1U;@u7y>?E{kB`3E) zsnoiM9j~}{vm(BnhGWNfnlnHz<^j8InpnAMqo3XR@lO0u^2h&9D#&nM(ZU;kraSZd zv12|SeuEUpe9^U%?C)n#WF~vsA1pP9DcSSpFIJcWnx2jC7y4gtT+CB6W=$qqfNCP3 z8+0Y9rM}EB5J@^hfNkM7iUL2c^VXm0EG-Q#WF$Q za5@=>j(`duwfWfLgwqVEabwdKLX`&I7i!xX~BJoIZaVguzF%9Hu8qJ{X+p zI&C=L?b6Jhz<6 zG0@?V`hl;FPI_N@y9pQ3E50@9+ylUMtlMe3ZGDM>hl!&4W9!|;@5oIje~8%9Crvna z?Z&go$@%pUEXvo&KFb#ZF6ez$Q%m;H=PS|_!;Yav*=6!(4}KUKtIkjGp1>o1n_iV0 z(&x@hZ^9PBrP0S8S3LMsk@=O=aRqg|o%>y;=#l|<3%N(QSyYt@cPm3=O=rJ`lIOyGnXI6LH5;EGEZG-J;r)!`m%nJANBrW z7&?)lm7e$*^mefH?S@;eTPs-_Y4D4qndJG}v1cLuTbSK*s&t*jG@fVl>z2D=R;&Uy z6R_S+nyYeI$f0}YZkS>9TDR4OT)hgT^O~We;rR}#Q=YVy7%9I!(={wL(%HZv9W1YP z)6}g;5E(3eZoY(SUUBxiST{`$mpmNpLAMj~k-2JdD&~45^ILb@Qg$^55)!sYq1De# zE-U@dD#6Ed!I`}`2V=tfApd2I?o+J3_s=S6@cpR%hr-+3dc#nlm`m;ht|<1X*m+cR zTUOidY;r{^hP!I^C0sRe`9d1K6S1GI4rTv=Ng!&3XXDw_Z?I<^VD>u9CedA|<-nq5 z@D;IG*3;C3kICnE6CtQ-qB8@ZTTEXm8ny#V7>l#rawOwn;rSJkIMeo)A=&zO>O#m7 zjS58r(FY87V(r$U?d4LKbuw@GAGZ)4(VL@8Ae&^h*Eaj*Zg6R(Dp+ZklSi2q`Yv(M zJX}8vtuL9un2IHr*1jmqH++h*`qzP$bln)-tg`1FkJ|})GU~SpH03ZU87j<7^07a~ zz{&LN#N^wkqk+ldp+oIyPb6Q|%ml0K;_PuZ6u>Cd25 z^J#hodNdV-k=r_*%duMlP7+;!`;VX zQyvX-BZ>%5vM%2ps}RVyT%vqu8J_KUXL}s7Ri7L5VhB|UHuP=m6Ilp-$UB}y!h2e? zmXmv}L8Ex|S#DiKba>&Uw8ghK3fhsamh6p{s?ZxD?Ya<*Q3fK4%v;6}Bx~n_XyBMj zg5)1YH63Ff8Vrt99dp5NS7^S1&l|$F8@VpAnAok=#W&0L2O|8+96BfO@i^lDnM3|9 z=Q$|fG??OU?y2!R56zSTk7C`&tYV^!+1cM2@VlFjJrP7d)i>Aju0A%0XrV%BMN9ra z_TDn6t}W{V4TJ;&!QGwU?oP1a?hq^ocXtc!1Pw01-CYtic#wm;ySu&3O?SV(w{KU! zzpv`6Iz_QhQtZ8#j5)@bbFC$x%K>C79CmUO^ZHHiR-weK%T4E**6ni3gT|mxn%IgK@em1;EbQ%~&@K!b$V&!wWG}Qm9$;2If=i%qEM5 zxLSWTG6ifB2jPvGxZ4UV^YqjdA}@M4z^0E~xP`lN9y-5o=2p-7jMGW7WH{%oY& zjgauV0~!`W-(ONDzu2+DO*)1!Qt|8D>NhLv=mA<={M?LBN{x*iESht1pxr%xBlA-&4rMN!#R8ltEj|VfQQ!%#1Bk!j>hr5G% z%)FnaU|p#>u_ywa?YmU_VN(Z_`$qc-1#$GemWUmtBjC}_Bdk4ge%UTPJzgn6rsvG__Ja-uYyZwoU5%PC)XNo}r5lu})9b?j`vP{L;EQ&ShH zrX)huQgeX8>m)3os2K*0`elNg*J*5k!HnU%xp_sStFF8^>#^{Op=GD|%I}lI_Yf zO7D2->0wDpTG(SH024!w3RqM#prC;DJ?qc)(P>h^@K4)w#e)AmD@KJNPlT@o?pF{& ztq&PbXWrZ@Yq;Vdu8$hQec?YRU~gz?D~0?)pDQbP545{y_N z0{*Ox^vSdfovfCIn}_?Nc%OQcm_cQf`Wb`YEJxc(#E_RYpcvE{Lj`ND@eDi^KtIq0hPq++4I`SszC_NH-cu*J&!0Im*f2?IVq{nB-Eh zebxl|3KiJs@=T?A?pn2y9haAr6Rwr~vj81ZsN*S`dOQ<&Vo@opRCAK=4pPTuqOK;H z52+}bt^Yx)N>9qjMvKHW|fI4VWCbVarTXJ1EHl?4+H&4=y^F2hDS z{HDM)N$>0J_{Ok0fxkQjPCdl>Q{0+<-tUht_(1V@b9E%32Ae)e7RQsMVgrmK0ap-C zt?72Rcp$GMytDnH)H?TBrqHEocsiH-LZ5Vxr^`dJkVC>WM-n?8Prz7YiZ?WM2PhLx zKw9qI-UELTv*A$P7>4=1Xu()IhW^x%*H!an>g>*N2$fvUF01Cenul@yoK!=1`09cP{9&b~3PKUbFdMxp|>38}g1|Bzm?WEFbf{i=#e)LAT2EV+BV zZ)vsaN)$%X(7EE#g)KMc0p6{6Pt;Z;nmczfrK{Ui*nNfkR)kI8T~nGEN69Rqu7GyG zgpN8%lIGIjpsB#Z!kkjk&0AsR;-cKU)nQ!qu1$RgYupt9m%Rj-n(aY`IzPrRl*XJc zFXxsX>-I;ov8+qf8UW+P3Oq_$64~D}hQV)HnjLXuR(ru9bys@XCLTo)P_#MbXJ_i78r&4 z)U(v!J56WN>P6JD@(fHD-SD1|3WLTI#kSiUL&3z!V>87b~(rvnTe_08R$o_Cj)CrQILg3^Szd&}rr%3`(P0vB2P z@^a4u^YN*+%i2wZo%1`AhGbS#MVTJ#6$j}9?2%=_dZE)MZR0`C?kNXsiu`MOabWKm z%O5UuZBeKs%SVF;v*zV=xF1Ud8UZgP-g0gp@tGBe7A+Zs?QpdN&ek7NhlA~=snHAh zN1d_eFAC^Sf2M8@4M4|qN;rP_-7i2D?^p#<&l%u*(3PrJW*-XFL>59yY5B`Nvznc} zAumFKRPXVWMP&@A;dDOt>bnCod}Uce9>60+_?lk3jYd2RUNq2YTWocAp0;ecUJaxA zQTfcmLE~$64!!{I<`4xLNGsq#9D>Jy&Cj&iC!WI-{>SfFO7=bF1_k)$(LGIxrEeey zUT^(b_B%)bR$!t>iB;(DE()fCdMB5j3W!F9j^NS!+VPD^#d5pQ;iOq>00_M5E@5OP zwfvzJ$Y+rEkPTUBqw1CXJ=RE zuWQ+AYt5(FaqRtv@E1r*_*R2Sfu&I!1Bv<1{5XdpN8rzxD+yR0T05Uv{!xFHX$gtU zKbXu$gYUBJYspjjIjZa);z0-+UpbbjLUVcQ>y+Z2p3#D1w4m}YCy~4HjK?@x-jgnh zX70m=HCQFz9*7a%GwDz&hx)qZ^3zQN_i!8w zDlUM!nfgUz>1e5E&T@aza)DV`wHwcu zE60HpyLMi5-9pd1D@pC=&;v~3*aUhVO_@?! zOV|G*qtCx&n!`BU^D66fcI*7Z4AK!?j#HAQY7TqGD-b$2h-dFyf3d}tt~kIDOnmV12ph zepEFema7B;Y0f|#+{A=wUK+sq~*0G%Q zoOc+Pfj6J(j_|($45#==uFWK;1+`RNP0&=CY~82?5G5`35875Y4BS>-;wI!t zFACt>^%0xi(+?5MXfxo~TQ4Z>Xj!)t>F92sL^_D$e6?!czMjZmE6aTM$LmT$y@tn$ z8|FP5boeET$rgUClyR%feK~D79!)HaQ#W}w^lYdVDB`hOs0Sge-R^PR%c$?4S9Bs2 z|J3yFeys1AO5(rtN0t3>wdii$dF*|^Mu_<%We8r8!2AB>hjI-(zH=uBvb^UO&k|Mh zS;oV@u_*wIpt+{qATx8jMIeb`3WT`5QLV@qcL`cnrrRt<+P&e}a%wWAlEcA0iE?Y*KmX|1#7G><;k^YW>ufu^NK9y$GM3Qee5r;$>ZZ`~{`}>(dX+w&-kwVuELf4p<7< z?%kQ2BS}g9jk}6YtBzL3bt4|6Bb&sSwO@^h3q=A$Yq_F|Qxtb-esFhf<+;g{VS2Cv z-zy3-*--uh&og(E_i^bA>u`6nSjnS3jIPL@)c;794lG1#DRBEMN>RKVUH!&$!G44f zEf+CPm^VF_cHQycsV=yt?A<-y#GYICrluH8u)N)8;cvYX4q}~Oau;w=&M$sV z>!?yVeO%B2*m^)&9f=Fi)BV}N?c?KBdxqED+){$&oFZX1>_IroFlF;R;3$k`L5x1j zNi=lRZVU)%(`)tlL$+KX_UFe8X)WD?&j(pXYErhU2I$Sz*z}$rACy3P&5hsnlrtxb zRb*Xp<84xSN{#7$jA`CVr?8h=;P;CYxRN=pvxKlgKU2y0g&#aiH^W0t^n0Vwe+I~+ zXMns|oBQ&aFyrxoM?gy8Zf9id>A@S<3w_c133n&f7+;qunrEz;-wRY^jM4D)b?JjM zkRNF}h-@C4fj*RH;{V-k&2K#R4GEt8REd=-s&<5r7F(5|Dgl-~9m%;GY?PtD zbCP>h4mcwY!(3Z&R%RD>Ns>TNi-GU$e9jbz2c(F*`i_G zCGFeW&o!1>_7%cB&$+F-Z^>h@0s z9=`NIDdRo~V%25+uXhm{-24$4ocuEBH7jZ>4_-mv#uuNu9j1obWsQ$Cm_xn2=pI1B z$zR}aEImr*YdjQ^&pN_cjZM2FzpzYoF-2`sNuJpv4yDGXYfkhBR~l!)$NTI_au=UE z4fSupKa996XR&VWs9x%hsTKEP8EUlV(UR%3aa#i$`sk8Bu(w1o4W}wFCNZ(}G*FhB zuC(C{Uj#k}+c6)Amx?7asxy(ir+ut|Z__`Na>3=-025;XyA4Dq{*0GEuIpp^#e%hYxv{{A8J$+j9gv`WU(egv*vRR)8>f}rjtls88E(p^dBd%M z{Wy(OpPdbvuIkq#D?qY)?*(MY?)yyBa`WfExqaN*ombpTa8gYNXx<7yl5O@%6yGBf z@J`c3;F1YK{^jGDA}F|Y$nU;H4_Qi;{#u0S;Rdsk=Y~L;hlY;w0a}qX`&03&=8Saz zfO4KT;K&feH+k^4NL&Lfm3dt^@z=+1)jcE#*kQ5T+YrZ5 zNNJnp(|HK5TJ|eWgEff~!t1HH=7k5cB-bCD+3lRRQBtmYmlJ6Sev~jFZ;F(=>@oKQ zha+M$*G*Umu8vgm?G|+L{hY!!{a95up?|k)@u_UVa-B(BOlCyzc0>u8%^yK*NE_=N z1PT!Z4dkz1ztr2kT2r)!H#dy{OAm#|Y2QZ?)`{H%80QT;c`0v2Q|;giz)!fWCed1x z{ijlmG%Bh-w>V~!7`0x{1|~E}bRs4?EiIy@g||Mt-*Oq4D!U0i@Yay+j~C@xXvWRX z&FPK1)8RO5ux4o-xi*b}xj7#Rl9GZ0tT`4m3=A_^b^FpB@hC9bXG!AubQ{1lFqb50 z9V{+y3kB?5)c#T8IOlK5Cm=F+Tuq`9sUP6*Mum z*atXH>#AL}DRYtZi@~9xeogH0Up^wzsFh93cTk%zL_*bqcf23ByqnNl*S|=$l=v<% z+kA%l;PdBCrW{J9s9px|KCs!95GfNKxaqLTOy?_RX!)Y|%W9=VTPg^Zm^@VZKwCFT zZ%^W$M~|#p6nRk5Qp7&A@p2P1hhVt|Lor$uv=djH5A~3wDEK&$?L#W-QV@!Kd{LKu zm=O`^#z~G;tX2umazK42`eX$%=#^erV~`u&;nTt=K8+wyNUSF{gv!r_a%02GZz2{2 zCzcApff@DBkD6(Xn#Ao$4Jh{|S0VY(bRgg@$@ja0Oh|y}yJ^{~JOSzE6Trf61gV4)ja(5 zxR{wz)Yi_fst&AWVnV5?q{J3BayBABDEZw&^|;_(lDOJ-P0U5}s?gK&RjpWNKCYG{ z-rnx+EVbFbfWvllUJEOV8)f!k7+M2=~fJ^ z7tSwU1&Dino-+GXK3Yq$YN=WM+x}1us-%l3m~-y4v$F-XNjL7N*cWf2|NJ?(gj9yQ zJXl-mZnYL$AXbYvnv9eBKIy|IClIvD$ft{@xb=1b+k3kf9 ztBHu8h%Cn_>mA}gk#6W)gLIZ(Tv=?ECcK=BsUqr4h4Sy#o5gPzxjp~npM1$0OgqEV z@@{dKd@a(B6(+nxN}R;8p+SvpvOGJh(+~+2_j5soynjZy(hD4?t*nkzXO}8Q_0Vvh zF-EfnS8?XmpeC4HBc2)cjH_O7n39s|Bt z!-3kNxUR>EC}lD2>n9k>fguzPLv;=4TiAX(`?)$xKqVv6R#Sqi?Pjo0Q2eahAHd9V z<{?5tLM}iCaiOZf{yi1+6X3ZvVPdWU4C1rm`>Q~kz0&%okgPbhlamv#3sH3C zt@{4*$PhcWB4|+B%pwxf^5I+1P%_(ewQ-aho7n@uu9asi^WE3Xxa{4JS>R)qARs}9 z*bjSd?R}TRHN#vsKhk#m11=f8Iv+*86y4>Zc1knBkmRp@8!fm*AtzuDYdyO?@Cr7no6pWru6aJ(BK8@1D zjLJwRBk;VNrqbD%e{3irh==*4A)snlC5Q{`qlWP*8RdPR@WXlWIfVqf(NJR(c3a8I-sH!%^urf_k^4CjFSNk$c;)>xRV)dzEsDG8pWJ$8fPz$B7i-1*?DFO`MR#B9 zuXqO06KPr`rH{;s&XZXLCQk<^1p@EOx~4mVS@h3kb>@Fpzo~H zAm`LRxDcYD=0**xC7)`pIwrc(eL#bJ)K>C^a)KoK^3*7`!L=&OW&Y8IV64};!#NB= zAz5J2C{BTD=P50!rkHOX=B;=UCElJ>KIhqC53W0IbWDN8t5%SfqMWRJjQskN9ByR4Cid7(d0VU!z!&9*GgL~^CheoMA| zQ1TaGheDR0*P+Cr$Wp;t13CG+Dzm%zT0JA9Jfn#1!g~d5K-?ES+!skRQziOJLhP8j zu3Niq+9O@BAbJM_Tv=A>TPsk{l?u|&6JIe4XcYHwwIG585LFw-1iSh-dFF;>o*mqVyeEJYqy^caV+`Y-r&Xo zo7){W_MW<30pr{Re~`DvRCr5wsRlEDch zbK6asQ@h%(%(I%#{CFv0O`fUH|Nc$EWyt%<61N(sUF_f(L&NaoxUjLV6igDi`EW2> zE!Ix>?@;3q>7#i0Oi&Jq09Wv-)jnQgCsEf6`w1AKTlFZT^UDYIOJ$AF$_at^Z~85> zt6-Hd#Eq*^jsaU=O}yzyb#q-}pxk2q^tw4q+anU62cth!nF<_tk)$bg3?$P(8~wbg z&UhFEppXiFNGQ$v@ipjc0onw6Hm0Ve>_uTExK4OxH#Id0Zv`0# z9IR|Yr|>0 zr8>6^r#Zr(lC1l>On87@1dPdg`tn_5v)1faC$1d2>thClDaA;CNNEB`{IcrX5VmfM zaqa;4yGLIms&#rp%GJ3qzqDZ5l}H{*7d-jC-!8ZuuDCODaUoAVypQwK5~V8eHz0bZ zr6}915Fk-CW#w-gbbR;6od-qMhx3ioO^!5?1bndQgp3_iiHw$N#b_LoU-PvgG&P_# zCo^fsl(B2evJ??0bES;^6q{-`XRAmZua1_Mjtm3<4HMoXnJ_vkZ#cIUOq~y1%dRE& zDtDg=dZWLZPl)PeeD@UKcAkXk-e(VG?`q3qIQ0jV+M$}Edz7k~#;fHzZhEj!70#;k z9|Dy#Z?UnlH+A^e`bCSH>JSL|OQ;N0#2o3VrZU~+%be%t@@r~XEtcAJ%72`;+YuMd zCs2!47$5WI&)R$KITl{PPBN*`d&m3D%)jG{ntTE{v|6)3f%)PRv+BjRX}@G`_0`)} z`irI52v@?j|LiY5;bpv=qRZxV)8x`iH%Pik^(4-@Z>i=wt4Sw2A2N90Ph!e`a)^gu zpv}hwgU};O!vzxbG{4p3YY+6|Mssq^&Gb=fNLiC-w^V=ik9H%BbCbf8U_vbE+}$x7 z8)$7!diBLCh1BzNU(7*Vr?SG_uNCa+n>*9(BVxn0zJk)HDJS?cJS%O(3acrz3~($R ze7p_@CWT%fN}@c0bU*Mjm>J7sS3@`!<;DoF>uKQ-2>#ym$ml9+}xV>48`@6b5F&! z@Wn+%tXE09w~D8Pye{%e_hKR<%RsGWOfE_p&7I@@wXG$*Jc!TrnHZZh6kP~SGVO-! zNiNvOiB{Te6%7-j$9+-ynXMg4O#!eaoe&?#m_O4{04mNQAhk&=5b@T_b_~#}K6;`s zeWx?2Ofg5hN<0N!BCeZzehoUMNi|W>?bQ0j?%9f{Y!0?kD8+_IEfH>1dQ*U7HSQ;W z3e`-vM2ZnGZdgL5FxlwWkZJY?PSiVom150Gd8(dhRWYosLDHET0}JP~g9fw>IP2xK zP8IyzqUPs?j0UwvqhD{K+NsUyAE%Wd_R^!Yeh-{SRL-N8GuGVxXI18%Wz|y3inOR7~{AKNrZU<9Jrdj%1_tm+e5B)XtneJyD>*Fpvt&wN+4`soSuEW}qBwF^ z8pM->!siHEapwfAPx{v9d8sy1JoZ^6gVC2-2Hdnw9?maO!@1)_uKeCN(r-7ZOMxHQf<}b8)dOEWV?Yog2_I0 z?P_%dLccSdNwCvU8O76-zxw4gNXUXgWyq{>kQFACoC4~f_ZckAetRBQS%|}BpX+f- zW>J1pASl_a*wwl%B)&)2yO2Bm-~ekhh!u7thq)~H`Ho*jc%w~HIC8XMV9t2PB<_>{ zKb3WdRs9-JfHxsnP>WUGv`bA1$6rhFtz9VoZnE4ffXT4O1>F@Wu*sU2Xa3tBitgB< zu#uIL8gR~UR;Y6hL^3Jt`O!5atCq&3UT@Bp&CMD#>F39TQd#oj*O6{rWxCEnBq-^= zLSyLNMqt$Y*(6F!zu=6Q&ihfRXQHE^Z60t&{YMQYVoovk*K_FAV{n8UI!rAuYGLfUL3 z*(st6>k2)emG&-LY6x_a*Uu6DImjdVKIes|o1Gb~S}#-?Xgd1)C5Oh!Nzs*n!>r6` zh5zchJtNv^Jk&N$4UK8KqvHifW6D0adG({0O=xlj8o8D#si#M{VRbT_m7JEI zyEvoX@{F>qX@XCqghZ^~=$#8J`k=mifAZ3lX0#Jl ze#GkLsiALr)F%P8>Z(N$s-7w*CjrA&R5Ks^6w9228ALjrxHpLrQ@KLJni1V%Ko|1( z9flBPmLHq$l`){ZJHEd6DH9rrBNgQuc@4SBO$Y*k0d!ZoA1HOrm({! zBO`mo>r?#QTL3+21voKI9Qt7IWSHRW{n0m2h{$uzBhG7wg>YFsi_%`Kgc_(Mvaxs; zfzMdb6a)~?h0gfeFM?W7vgy1b4DI(Q8J?Hek$7Bw)@?Vh-^ms*c)!TKheJf{1!~93 z9t5^h?PrT3?(*3?%u0a6?dOkV_?jAcN-BZU8iE91Y{v~*(l?5;@&A-AEXY-p> zAVr$|MULto>u*%!Gm1)+cCbN?)R2m~(!Hs{E2&e4G#HEh&{V_5k)1Hf6!T9c``gF( zf??qtU%Ux>Kbyml{mB-k;PpD!`@b97|L!u6V!pA7 z=xB49m@)pN$$eQOUrfR9t|4H*`q%sXX($0R%9r3Bpri-{pwRyNCsJpfeK3 z_V@7d7fcb10s>4$FCxUNzuxyh!vFJs@GW}>_%~B5posq@uz&N-=o%ETi_(d(AjH2v z;eY)-bMFnX<<^C?2I)WJ=3k!n&zI+%5Y&+F_ekZU)s zj8E1l^#7XuZ#v@tn*G0wpZ^=}e=}PCpe+Bt1{q%;fvJ0+ z94~aUZd~9XN8rS4)G2=mf1aBx-3;Vro#4p4Aw%LM!V-Xq5-d2ZQXZ?xe5|j^)R$7i ze>`!0si|Ct(7$35?EUv){okWlrZWlACa7Aex$t>oq11vr0;?Uepuq43*2iCu^R498J6l%NhZHXY6G4G#y0W{Qk_IxWR zADdF8h4sYPKzM$dZ3;-h;LlP$>x&_6E_|gb^!IkCvwWt`4-XB3t6vY^6+X8lr-2&ThN>+NVuq4*Ty zo)px~xGzN_G6E-xMI)Oe(aPxrYd`AU(>0_@3Z}jOn>^fKv|4Hw5XyOl5$C@WISu$8 zBvsB^baTMcoK-VYzt=^z!5KT^^I=0A6qF6976(!?E(UL_dV+XRlTUhb2IiZ1%)W=I z+iJCB(MqSK2hK^IGOm5!nm=u{OfBiWoYFZIRPt`dmWp6kjB#>)y}P&+I4B+#^XSt| zGFD3P_qzU1kJo|yetDinL^jm52iZi()+$e8m$Ie7Ggsox_B=YCZ%rZxDcxYa<6Wm~ z!8iwEJn2Xch2Hjgyt=6(f3g1^x`GWkZU1= z<_3xX-aY@Mcg92j85!yL>?9UEuNY*>qx~hX%%uwbl@{li8mN)k@TJofCz>Oj47|Rsx!+-pf zO&t>85Lj@1X)Ph7bDXp(eZ&m-mUIjz$3qEFR*FRJmE)|N2k#b(oJlBAl$$WV4{{;r zMum*2AsVtY7Vduii9RW!(y**^9~!v3Anrvo`qu0J4M^u^0GGPl?X-Ul=iD+w=0W-X z0t6vbX!Yyt2XgGTB-LZe3f@F~FqZ!nhh-fLj+-SntbO%2j3arS>^MIbMyCl6H1ER- zvGd_>wEs_&^SAHBA~mL0y;+XqXw;giA}0&ZYU!%&ob{_f*p3$ii6d8#n@t z#FQZIIV+~h*MsRXrjp5lxFo4zFD3cvm-JP~EPMBvsuhkgHAduIk9lYO0+SciozB#0 zSv1g+sadk=;Gu0Yf6g5k+lcTQJvgy>an1LIF2qA?zZSI%1?^?X+mvx7Cnov#1I$xlkxQbbGoJFn{Vt~9fjC2<{V~R50R3Daui!z$+DMO%ZMzIV98{P(REdZ%v4~@e*m@{p zL9e!`N0Q%i%HjTKe2x{jR%OM-rCw+a$&PFB6qhmNoX}R4FU5I(#@O$KZm260%fpU6 zZFT`?J|a|h5avm_s1f*5w-Iv%I{B9vV10asrb z{B;|+WY#MQy#eb~F5Kf3iL;oCU0AXw&I!teG5HANBh2pf7)WV%GYoAmAFM*-*@4)~ z?|n)UAfR51*>H{&g(7zkcOF%A=GvnFZE2)wm~Pj>&l4DYz5X%fh*LT3Ii}7|oqx9F zIUQuaS)~(*U>C{9+VW+z-BoKa;tmKVQf0-N<}`DW{Ih`(vAvN418PNBH9kTE`|HNOlD{KsB_$5|bi@FzASp5o|$`jYStSkS;a7oVEk{C#|7jEobWGP_e|1qF+DXpui z-`d7pS^NX5zKSC2VX=*i-Q34Hzi;0W9O`!2t{+vL&2UHBuHX+t9l=i{o((6bdliUF zEAzf#w#$8nSo4ug{WIQr)17VaeeykZxyE!xM+UK}ye3crCY!;;VpKDMWcp{;N=!HU zIzwt9gN;;uc>J)YhS{UXCst^24LoOW)6U75QTQlGhvCF~h8;Ubj17fbt&znRD$z&< zhJ|E9fWn|qyy+xUN)!&-c4*v$mkJ?;A40=ALKp@rH!l|QLUYI#NTMbc@ zl38QCGCL68lYbnhxIrh;H{w<_{4vks@GGHx{s1~Gy0J)I6TYV;Hw@X5>En7sNf?4; zc@YInqAs={UAy{PG_^IwV#~WS9TbAa+Sg(1R=@iFX`70};(TP0U#I7Y-ad?4#EjCP z3`Y*yu@HJhdN3U?NZ@fqY|Tz`-RbWaJ49e2uzv8UP+GxUUfsL2TuQuSBhNJ3YEFo< zRiAZIg7T_F_f3@R;(DOax9;2v-V64s(n-@ZLfOWKw7X!67F0ul@t-kb^k^yRyfP_r ze+k&K$%#|yln~X??bE%Or{5L&T#BJ?p3(wpByy0*RlT!zIe1?e+A|*;Jj#}&CWanc zx5WDtogAAR6Zh!ADkq{5ZQX3~#`$CuwUE9%NtHX!?3Ve1NYX&zDAcs}lvdXv!YVAR zCQP*A_F86p?F)a8dVH-N3%SQnWsSerY9poP}LP$F$G;8lJJ6TG1VWbF#+;5Lgz$f zt5l3@%Z%&Q8QUHqR=`At*w0EB!Q)Y=@cLW%>?y+NYF)vpmDn{0q2RgNPizQmC}9^kx$E!2%c( zsP7%sQX)XtX(=d-Sd}4bj8c(myVt*h?e35|1FJ4Zh>Y`Z<4X5F1B0UXBI?Ftpu_g7 zHM{X?Ix_0fk8k#P<~WvjL)4sUgx52<6c!)v{bGRQ!U^qT#Udj`Wou8qYxJ5O80JEX z>8>dQ4r!(zB|g*S5WwLEl!&uLdpK&@ZNIwC_zejb zq&(ti&WaItFuT zl}AD&5(b5rd~{`d!(o1Cl&N62MPy&X6>#!VYT1wT6K(QpufjnspNUGvq9%+Dh>xYYR>X_ z3A{`MS{T;d&hNl_LvvC3-Cf_kei|0fS~MizFHSgqXzD6A7@QD>61%q`UX06lB8EXt zXd@GNl45-KCN%=8=~%*zeRXHf6E^%q&tmIO9Y|uE4{yi3nsH1KIdWvdIQtBHFzF`T zzK>Y~f+iI+ful{0n^EjU#=204&2)=HtE2JF*mK_Q9Cgho(P(Rhqi|w_Nv5+$#5a=r zG`4qOyKGS!WKK%7l`Q)1tU?^I-^%y)EdLMNer6{bgq?A{?(v%8;GN?Vt4C zhGD%P5ch<>HBYRIQ^{OR5Wk8T+9a(lD7JR$NAf=oV?c!~uM29e%ZaEOv}tV!c3_5i zBfgHl0>*cMWs64FX9^{db2x$ZtT~rw+`VkXRZu!ukpqF( zOjHb4u{{iXS=!D;?!F{A^bZJElh!fNTdy-`^6Vrlyo=-Ce5n#+tn`_O+wU*>m1^{f zRg`z*=~1*{Fyk(JmDE`-=g}~t;3gZP4ps50QK(^iYyfGqm#>>lVkx{||H6~)##h8$ zB~~)^N=D0&&WwMm+!yKKaotK3)eoj$Aq*C*7U_*W!_IhTSF^HJnNhl#{1yXm`*uliVe*)ZPX zkgX+U;or-PYG)kXDc8~y6T$8PiGJ~_IvO%q7J|O_>zkPJfn+y~c@e+t+%>KTbecCe z(#Q8bB7<#uC;7TIsN@?O*HsP8GuEmiBQ0enaTU(&KcIa6ol_f=6^^ASHZvb3M-IlC_l-w?n(==isUD*DMEJrl#bqW2U3&q+u^#ol$4?{psousvw3(tWv#80A!wv(~IRs{8g5!95VliKf z&nYOAZnL~j@&oI)YD9?7tP$Em3ZSYVe1Ee-PRUPZdTDmU+=^Xopy}#_SN!7?!CQn!ry2yN2&m68O2C?a0QS~%yN6#=jIwQQikq_^aT!B@N6Os6ra&Xa& zP15WoM^u_+Ic$_JhN%7gjxym5Md+B3Q~7#5Lnj}v0&eB{<Hqu?_60# zd8HhtiQ)EAN4I|aG0m!b#bym6b&i?<(40QO5sL1p-|}Y$<*D3pf-al7F{P_8BaI=# z?xJRxLH?@(;%E_N-Azed+Hwi|9)1GMoE?N$bMI23FN)UIQl~R=vzK(8Gw-9u-=Map8&ze<3&B%w1Pip<)}$Qev;?fmeEp2qG7eJYN2Z15cNifdR{)vGTM)l@F{@AH;>ROObYO}vuWFZKr*n^h_ z@;&2WodX$seTx=Owwq|zMWeYgjz3&0bHlqXxi(A!YOSlc`1&gxS06ALawd%|`ak-~ z+}7QEU9r~&H&&J|#$C2YY{~CmYa}t{5q@-`gx)P^>vajA>YinOLcA$BZn~22 zec_6s%R+$q1r-S#itD2al zn2zt)%Cb9u$r_dRz@y$l@MZh?ca9Hd8=+%ugwE;SY~a*ejMB| z+x)E6W!QUCXJiU`r!sq!ehwjRy|$WjRYNM?aeB2HQ-P1}+^E%RoM0}8gBQbZl6-2r z8CJl1v=iBvFI~tuUk}KocQo~5%)6cNmuOzX9J)Ids|HXvU+r-qZ%q(Qx6MXb-t3)p z{dgDQcr|Ew(Qe8Ft4fDaEa@D%$xF>o^x-mWkOq_CN4B=O)+R6Nq5B(}ggkx!?iHSB z?{|R%ZqY&yj937pbL4q09AY5D2taE`74 z>>#vr!O{8v6DaesY(q;yF)Cn60|qn!iN?^3@iXdRToJ6|^;s)N(^#LnpYn|ZjjvM+ zvr{o%Nh*{Fib>&2AX}s{vwS=54B`?gs(vh!)4qDR%-3*t-guu6qK~LQ`Dvj&**o!n zdx4&*g02c7LPYoZRe=c>fS@XcZQ(ZsrxR^zKC}up;50jSlY7(wHk}>k znztjLwlt_AF1XXxb>i2su4Qq6-Ifv1}}lfm9l>Sp-R|5wi!pndGc|t9Tsi*Tw>V zv!b2ozEd;bM3hkvt{DXGTb;wKcNTkxQzObD#BJJns#h=D*BNa4t+QU3SWM{h;>09A zgy*8j=MZ`R)JQP5wPt0~uaSaLZqWgp_lZcq%kTmB_SfAEt$Kw}%8fW1+!~K97u@#v zp05ks=9&_e30^xxmgN`Ei_;3Q+Ke1Eq7$H-lBpb-8ER7)rlNFa(`lmVmxZY3nhbkQ zY64Y+6@pHmtB#Y97MY7`Kt++h+ps$x1Y#N zA7OKr!ZK#Tw|6P)v;zZ7rvlg8(luqPOjS-2-*yHNYuw^!#$)vL6C?%W_4h(&f*U?@ zA>1{D$5$~kT6_cAFaBw`4ZRvQNdGnrWH!#%*LYrOLdQAz^XB-N;>tZ+@P!$!I#GN8)}=RDU?8^*;-vwC0rl zomV@S5&T#ecDcuZeY$ZT5y@cpIq+Rbyc}22#HUKi=0&a~zqqUg77v^RMs%h1wJwOK zqVHk~CRC<@A(Jwz=-C!X&aMzEY9vMRTPantUvD#VkR3xBKADwuM{=CX-xeAwW*Lbi zNaj>C-jcBRxvle&!t(P`5#dSHOAGo*SG|Jn6Y2A{YpHE}!B%u+2D#Nu@`(=1c!x@~ z9P(wiQyXyZt8lvKKqxamSIr-Weo>t_?BwKn6slte3}|vld}v_qUqO-9R#Rz> zjcRem%Zb`VJe7}&4zL|wTLPWZn75(ltr1ag`vY!Qi(;g(0MG7YIiBc~(srs(Y+KnQ zz8|I$$#)N0kkLS_+}#ND8YS~8CPcGziPG)mIV;sQB+|pUa(J`YaIYR0p(wG= zy-^$G%mjKFS|AtJ>2+&x%{^~5@<#uuOaNSVG`B0>|HIf@Mz{4O3E#0}C#IMgV`gS% zW@ct)rkI(TnJH#wW|rBG8Dw^B#r*nzp52+*cV>3>9DQhA^-*7`>vnZjSN&>_XaMQj zwp->6jrctW<`|+mTX+_O2pE7`ch{%bhUbq^Ic~B@k}zM}hV`b#<9JRDs8(v?j(W8Y zd)DoKB9xSXp%tswPz#Hb5KvMIbmLdLWVIEqjHkDj;6x2GD!BGL@YicO;o)>d_PZ8fNfW#9@YDiEQfq+{5ewg@Ysq%(p~5Q`#@kb@#K z!)*?_=rAmhWq8k2R*YWN!u=HvE8(5ovi%ioLMZV!0+p7DGCFR$2|qlgi$oO@E)=ZB zNX}w|B>BiU!9!!kMsz93R;&rba~Tjo`V{C<_FT!9to}8Dx~Kt_;yI^v$eIZE-lBr$ zK8N^$l(5W*_DYE%P%D&oMM#~}s72F`>CVngdP_I{7LjduapKpAardaEwiOnd7`JZ* zX)mP1hnVc#g48Rjw`tuC*s+b$mEGUbLG+o1N>UI88ow>3qT~clJIEEv@uVGTpPl#$ z(`Fdz-L90xXTE~4+m_M6o&}FZno=1zHKdi>VK!ANWTz)`9UN&r=?i6@dHOLTgzWvu z3R{j0Y$aN$*6;fDhOfvzDQ$47J08V5DhqMNhF7D+?3R;JT+zn_t; z5l~D!s8xpp=^{t6MM1{4N6h7FFkQml3IGmx=*a2z{_vjldAWEWhI~rNuc6=hxYn1= zRVB0fHkX2XYrdgH27Le@#TUKitr zu#H*BjcQ_N=Y5Sz$bsqO9gVfBoit1noJed$dZ@VQ&rQXK=^zU(qI>mj*nvZ=R*26- z6C1AYUyV$4+p!p*Ajx44aLfpaDG=6h@FoQAn8z$Cf@VJz@ep4SAwDjm28SPZ+@XA3 z@>2-LeS{2wA55uNC*rc=AUX^pGxn9MTMvq7;X^kCQaACM?)h<=_UyNx=Qbme`nyqR zCgU6w19kTa!nMb!%A9B{hEO-HJ7z<4P$TBqC+XYqRhOrkz9g*~psjo6ot-fPehzsu z%{cRt4;=C(bCwgNR#Ul+mAy@15($qWj-ch&Y^8xcH`p9|)QQowTtI=IgIc~vW2{`8 z)}?Z8{46jM&wUZGWMF}rCoXb4yr%fTvetCS)mwZ8Ie3~;ke2!8x3vIJ174f%dy4L# zLmM$J9#^*OYbrbKR>(%3<*X$}z@$xa4ZK3j9W5)PrI)n^IU4{!u~Di<3%%px=J{N5 zd%@;4+6*F3+d?NBIaK{9%PXo!Lgq_vdc8?~J**MU-mD5JzzOCtH_3CA?OtobZl@%V z`?9LwN@UL#_d**kR%-3`u@O5l{b@bnh_hSqmgj!0N_xCT3CVPkh$<4(QJgB>O=R6D=v&&O?!c8NTkSp~1UfcCW0 z1peM?S?D z*b^~W@-*&qySvq6Zv69Jaf#Y&E}4y=OLM9?rR(CGa8)-mQ3DOM3niEz`$7qarX~m( zO2os2C$X%I(AW`Ojjvhh*_3vsuL-)S9O7K>Pj${;zWo^^@MemI8oL8i%NN>KMxyfWpa3d;mGzqn$Q-=^oDyLqw3L#fX#A$^=hW{XWUp$ z*eNLiWk@E^RHshq-D1=NfFNKY(_9U_!zo0UJPGY-@{E0YJE{NTqOQs+V%ZqDLFW$! z?Tpbz2{x@sJUX`SnJXn=9*QVWnqOhC>WYGRn7re6%`9waV{#h(5@R~DE}FSuQSdQ( z)Axi=(Yf89>Yqs3eO~o7O!;z4yYRROWDc=Jd;N^i7o^I4dq2sK9aQl-VkB~`w}~f@ z6*u7{AC+}dg5A5^^IHwj3~`Zv0ZO^G(>PCOsOZq_AMMyFfoFokhKPMDfqtr_0I(eB z81L2&GWtUvEsIQC_bT;jVzaHo3J8}Y%##`jmy~Zw&C$OjY;gFVH=l9Y=*R=A?p#ys zd5>COjw79}^j6jbTM&kFD&puTQ0%gO`5?mfpgD1fFd z4@s_8(pKHGU%MyDBbarh1b7uMqa+t)R>V#$WLT4bh>->BV}cWb}uE zixv|bK@A4(gPUV%3)4;<7F9P_-3+?8q_Kp zJ^IilI)fxRZdfZ;Y`9g7+ss%Fe?0VyM*H@lWN1e&FP46H3Y zoOug_F&3;{iakL@99LYNInu1}zu1$dI(MzI$vfn&?rNt+f^f=<|5ocCX>h@*UdrKJFV(Gh7 z2a<-)Lw0IDsx?p=AWicen+7}%}#noW? z-n4n5-G@dgvD~|9?{4bm2vU#r&0ES>q&)-Be-aezhk}g~S?Yx(mY60kPZQECuBSe% zqjau$M0spHwRo+%N1XceXrV&EUW#0~jRA{MkNO)9kCT80cmmvDHHD<8hIWu0fJSUq zOR71As^qVA)CbAe#&JGD)M#WR0|6BnByF;DULVn@f9ey;J(Smi07Z(Zio57ZA%k|= zKMZSRZYfE{&s(TeC`17TzU6jUD^K_5wBgLdvAiW6O1z&a8Ib(eP@b-? zgr^h4%1h)we}N$U^TP0$FTYs`3E3{yyg;u`=5KtF{0{Een5q$)oycXGk9A0}O#H;< zSaptmu#L9+?CPm;VA|)Glc6nW=fW89>&}^G~D%!R&xR@Q2@-EoY_l zp0~?97fd($bgDv*&!~-^8ooJ&G}C+VOn6)B*T}2sSW=$T2IqU~JU*z1f#j71clnB= zc4v=&CHyP6dx`EEcWE4x43O74ehBRknp5xcWtKSg^;Dvko-G}AeXPnY>*2~@M z6uo%iuWLS2ZT+UcYlk#kt6}hHz_HbqLuO6-jkWbY4aX~cUl|uqWVHGvLr)HY4yFg4(n0R#~~4^HIf5W z6J$I;zE4qwG<||;Z{2(lX8u&x)xd7}{!Cz?|LBL?uy)XGi74cU7#QWx0j{pg^htPV z`Gn6=^h{w`OOlvi*Q8n?u@$OzDhT;{)jwtw5CRVz&}EHsw2rH7B~LBIS*VxTEc63i zpjYqseR4Fzs3P*bv3@rl>outbd1uxqAt9d-g4gh;cu7#O{X?W{S(pH`+qsME0T~Io z78}m}A_+uytEBVil@~omD>5+6)&;#oww)M)7aaqqP)^3%P!7u}!PM8vbo+;Bw)*Lmno0yWT- zBL&)PQ}({`rQA}*)fub+gdESmjm9hJKWa(ai`{f!m~^Xl>*IS$NAe(dI5ocBhKWX^ zaLOV<`KWnATq{9LK<>cI!g6A5Jbg4;VE3TG zcjXHP)vI#GXJM%nlTRSDX-k_a~&=@y7Mv*J2Q4Cq6fN%;u5Ib#bR9XuYGfsqFJ)N*2*Abj5`u-!4 z8i1G8l;@;~?e0p1ywMGx3;dp$3&DYBOd~#7vsqUxe}=;jr0yeiuVOsJ_KNoKh|hb~ zAm-!#J_@u)qj=93!@&VEsdVLh*6w>v-|xzEj1myXPsDk@PC+2x)=Hz3RoU-)kF-#7Bq?U5JQYb+i{%t#=}0(mm2Nl4}+> z&Cq#%etAAlU&&}RylWu;_I-Ay*$vOitxZIrh}bYe}dg2`O>{0KZey+F1xd; z1dmMOprplkw@X+J=QC{{c6(-Yd7Trj&vPvVRSi_E5rKAEVOeyX(*yOK$k#zX;MueHfVm1vy&5iIxB7;T>dyeLlB!00pEqg~@(6=jJ8AoI&%pcN1LNqhyi!x&? z{bx7keU?Xa+F7u0iRN|HS7g1#&_+exIVHJER@FkBp_XWmrP!4pG znzaChHmUc7coPR5yrd(eya~o)-u?{4xPe8=3C#@1k9D>p%Y-XAlI;|iuFGo**gHaGFHRbvxP^C zxd$E6k9J-=Ej1PwC@jw7_V0GDa_-Ae)!pTZvq`LQ{=UHbbuRC) zEcpHXNF$rIqdZjd%=OFVUmPX*y2gq5VMSoX4l9es^@~M)+ z@uGb%J4@(&!Acuwljbg#pJ6S0a_*#XS;x%W$WpAsK!VL`Q4!IlvLdLYaWng3CK47N zxCzGnUEmUpo|ljSoTDWuRP5tOX&G!DAx`Nm=I!*}s$iCFj1m|Cn}BI+`;9fBS#JH!%=@sF zH43O?9%74E0$4xnQG+`9p*_Cf-03yQoPX@Klcf!hPh`DEJ2n(j)u2$l<$h8Au0<0Q z*0!U(H%eBRzi@+Fx2i~FEm9ip)T_9u4&dsR$4ZbTRPEDlt>SLB>{ z*8*$ITFB(}^dL0Azr1(gK2ue+hBm*&tZMeddQLVy=GesXg>=H7aP7ze?Or}rn-eO0 z(JQX;uV_C=yQ|dWqqCXrcE3Za7qh2@2sPZC@@BLXW45YHhCJd^xu|2#)olqX8T0EQ zXh4s?GnD{nUHBU54|I+G7$vjv^*x)v*Z9L62Dt)Qri*G3$LC2(VXI~Q6`TT$_p?Nl zYjQNP-J7`E;{futTDg*2Q`Kf(2P-~HbMpzVr$ZTUgtJ`yzatkTu@3R#_wQE-zjzvc z33%3g{6{*jZHUR9NFXVhlhO?u^rC*F93u5yuZPqVRrkVjXw(Ncc6Knrbr`B2N6hDbED3~HRGy-9vLIIK$If&84cS+W+gqa*#A;6e1ZK=;ZMLIc$HmT*oNZH0;cy&Dr4$Ap+C{_gxC5?*mw6h zY084gdtP+I@FzpWN)WYlnbtwCW(b@F>XfsgVBGoUSGXYd|bTp`?1PA~@$6pCW08qiz zNUK^D+aLr3KscbG&u!H)Tcs57j%%?d_3S8zUt+-cZh(OiB+XLi2|heYPI$UXx7k`F zY0creCL?lEhqy%pQ$-%|fE-Vq6!70d^#kGwKcF(_3R8cH3O4VL^&XP9YV}p#c^o>1 zk5~Dsno;t~f($@l6d_CJ&k5x3cYQ#lv*No@uOD9SvVC*F59&RnLmxrQ%{#72FAc^D z*p2PCFL2%X^?M`AkewPNhf&r)A0W0ghT#=o{=k&+-Dx{+=skw%CKLFa#K}t7Tkd>VsMtl% zq+k?{4{KL5%HFnQ%NOJi3L4xj^D7)W3&A8XiBlQ15Tz?zv*1dcJ1Y}9_db;<{6;$C zyT7|!xr9!3oA572^&AOyh1xUL0l5(rGPego(A1WGkn`?`e@mBDeHcabyKCyk(*TU0 zCX#YEv)tmn{8dbpk~CLAU=m%D`rLD|x4MTE)HM!5NxmbzHF&tDv|aP9n^8;D*&rux zyjV;EZI7k>eZFPwQ4Rcs=Xy)w-8<=zDC@bn2Q98jWhkK~ zS8%jr8sOb$08}6lWHZQu6<}6(|LogWt`G(B{WcWKXbt^Pre(izc7y%RweHGh2WFty zn}D4w<1vhuV#Z&#@kl8G)SXz`-ps<(g!K3)UwF+p<>GpjK!eoXT5G6RUJQ3;e!b0j z7kj7HtWzt};Fx!za-05rH%;jG$z7a56fleCDzk@b1n(mz?NrJzYcBSRx10Ko`A`Q7 z;mI*hvV(m?aks+P^_q}n@@kl%5f$|ycso$?)DkB4HPG@lb{Fb6_k8wuhO}s z=zj1fu~0L@x72N=yp=#CH5a)h+NGHD>PA9m7s7;O+3McLTdL5%K|RM-22 z22_v4VSH`tm{ja${i-?poIdq*#2mhrVoEXTzjb;x;nb>a)OncJOs;GaLoBW^YFHDu zKNnr7$~mVaTQP+}^4+veZ$>lwy(359!yz=)A=PSOJyMEmZ>sqcEMokYZ}bXF;acl> zNUOsfxnjB>GHu&FUM+eVB?>^{4wFi_Yq9=9`X=TpwAsn(uM{|3qt|qYA6j&%(O$dS zu~noxrkff9Uge$5qH^c%9)(zBTjJwg23WOWE!3%O&g}Ot+qosE5{uo0{mm_U%}N=5 z_7i+r8@@Ch3L?Cu)Ut6!tn&nG&iZ*p8lsVaM#L`S2{T`91kDM-a|iU=_h6YIsYwt# zCS5aIoPRcV5urm38I!bpWADo9NIgN42ddcS z9I?8xROobV<{4ZHQ!CNP%?P>;Lf_XiFJa|gDOAxkt7N!_2?ow0yL^Vt+r*phd}Aw= zOB+vFePz61VgzEZjFL8!dX7!$#5UWb=3AH(-l~}zk4H9_Ka?1_NojO&!D?2)Dqb1; zZ2N3Bk7)O@ZH2r0w|YCn3eG3h6FvCI4i(MLh~4VOvL4Tz=7lyL^xH<_yR1RUa2)f{ z?nGKr7hw5#B{wYFh+0h~;a8LyIxB#y@gP^Rnryg{oAsV-q?Fc_V!D^|1^T|9cj*wM z5&WzbX-DX`j=krbRZ%S5!hR1Ym6zb9w$HPpuu;y-+N2AqF;{-G^LID;_I9JX(H>N2 zKhRhod%Td@WbL>=K&w@7CHsa}YyX^V)d_a=!5$&{05q@%m^S|{b+9{4;3Cf?hQG{1 zka&b}{YugxWA0DIW$A2eVj+_n@-+g^Uiq~G%u^2wep@0m*4SUHsEVs6C8z)4Oh;>aw9WjuRlxL-Z_6<7Bz5I^oJIQ0bph-Ci zuydu{YkHuQ8psye8n$lKP&Oelcc!#jzDf2L+%LdRww)fmC3WJxNRyN@rTw`GGHFvg zE-*5oofLE|X$xJxByXnhwx&%@Pu7f&7^UpdL3{p21krdY!8k*^@kUg$RS2@y0oB(q z6|@r}uo8)9Y@)#A0LjEgI#F*`aT*hz)he2Z%=_tRHA|f zG7Ic%fP8~3Ek|#&i38^KmKRg0H`79gm8-$e#tD~`wpp`oZG-mU;*;@>d<2icyZ9A= ze5`XoeM{C3tqYH_I`3yLI>9_@EC;`IOIy?SFq^6VMANmg9j)j}`62Cr0xr$3H8Qo2 z7$RVMPl$vDLmoq&q3ZaXLh&ZilRBM+rmq6}d6UUK4O$~cdwPnL76*FSy^V0JOaQ0N zqN<;gBS=q~KQW26zw?ZQzipOzO=C`m6mQl4`WdBTdfq%>%Gr=RBU+%Lr$(SMT7|B9 zg<*Vgr#a?3dQTILon^u`BcNV?9o9+q)6#aER~u%yO1S%Bil+QGP;l?encQeT3BzbY zwKPc$;8FV~!1vv!3{~~3E2jzXmS)AAINZ_E*$&!F-h{`?q7u(tc{H(!jy5U!{m07U z;tcN;jbI&0sJEHG)FftrXhx_1D`mHo{3`GUX194I8Ic8?*}hjnn&ZAMCA|AY&ZdR~ zE^8~abnvS}_A^w^`+h{|!i36glSmSJckJ--{mS}!0|Qon;W>3J@}mi@zy^PoLw+Tu zHGVD~6WK?Vr9%nKCn$K}e!iOoCThlykYg^paBXzGsMATk!M8ypLQ2=QO!%VnY1MR& zYo|fcQhwDut`^*S47s7qoaedU@?l-ipq^0f*|?!XTk&S9H-7J9aCOy`hj)F*aO?== z($R+fWTRxML)wKe=3Rn!M5$?sVy3sO3yj7vvefp91giX9rj8?d{{q&n&1x$1goHzRq;Od$LKFFr@qVA9do`_dl!7 zk^i1P3l)%;y;|CnP&*f2QDj7YEV}rB@7Z@#cUT$k@%9To1OF#^2ixM9*o!=q7k+LK z!aaLD!mBmu(Yv%X^E+FLYnO-xbC=?j2k{&Wxb8rHx2Eq~c(}&heKJD*(~$}sD1D&z zY_S${QcEwc=z5snux@?Z==^n5>Jjss<2$^?7K(1|o$qORQ;}30;mf(bC#Z^7Tux|r z!E==mK{k2%aU7l|DX#Sbz)j>5N2@t`9^l~<-=c^UMG$AOh~qy(W*?HwQ3AHk+u|K- z)!IucCW{|pO4MdWd$ATge0$RYIrh1Wj%}U1<-b_~+xVZU z+D#)n^w+MpdxxyAM~zn>08BP_W+dOi$K!reCha{(Ce%^ub5r&+j&>xHx`N?|J{RZtr-sI`RJzXNK9!pPNMc zBhy{<3=W5lPCF9e+tn*U?_f{P#!?(<8TD#4tRH_vne~qJ82Z*%whTS(8`huACSFTGnQ`~Gxu8o$)nI1Z_V2h(ov4;8 zs=al-dk+e9`w{-xW$ovFqs=8Z7`x@VwO2zW*GsSyE*7-bVcdb<29XzTAKZ}RCTtw` zM#4gAb)=u2g^z2q26~t6bi{Lo!t$HRt|EFJisiYZjP0emr~4f(w(lHGB~fAEm76uH zQ$a*VAF*Y5E*R3LFr&L~a=Vz(Ul-mY@J`(;mG!9fjDtE#(kkd5-XLuJ#P8s!lPtvA zAjp}e5dL(r|DHN&ComY5(WJf=sp?#Q$U&*M|Ka0fi-Hm5o^$ANmr^IwwZwe5<1eCh zHEyLeGL!p4Qk=IFExvcKUvhv3R=@i4I91ua62+^p*pK9^lAz4V z$2N->+Tz@ttq$S$BX*}&F!@N~Ol|WnT?t~cUsq`B)*%ey3>)n2!}&ox@bEW6f{qIK zaolmAhdpP$tNm~IIuqADQABe-1F9kOz2*INA;fnPs;8~X*M7gd*zR~PQb=9V6Xlj4 z2KMfTU_=ijSqM~3*;aNCsmZ>@t7MzEBlXnIYw@j>CKIL4x#=;Apa&7>y3<<$(sQ!k z-q)aXRziGQUmeabO%|6szwPya*LA&2gV`-uJ9fOuVKT<0yC8%I!3{G#=I;lgbP_Td zAw!+t;^Y_+w^0_A#0#XYuaM2gzUkgvFDi|s!!J}>`mYlh$YGqiwqqlq5ahCci|9QI zL?m!+>h31M&trt_*7BY1FJJOAtf?eOn)0$>Nu_^HV&hL(Q2eX_@pd8 zx?9R{wU0Kp6k7X=!f30;)Dh}ETg3Cyd8(dh9?f%b=cO~rCFnkEJW;KvM*xo9oAC>{ z?(xDG^Av4wJ$cCf9_5$*@cU~1_@U*<5tvH+9YVMGqLGZeux41f^mxn?bGbJPgaKYG zv*JyV$^^==y&2*Bh2bdCvvR0wv4ry-2%q{^e1$d5))OQ1)Vg!wzux_dZ*~B&g-m!z zLvS{6RYX_|2lptMZ)$CuNlWT2@WW9LUMwrM)+4WU0xR^#C*SY9cPh{RKMd#ouxTB0 z9kOeI;b-r4YtioqBt!X^bYJWbWEtu7hv879wZ42)!&N(+NBJMYq z{jICf-DKy17hT$Hz0_m^JVZ%{TqnDN-99e_3%67&k-i67juQ&{^ed`iA=|M2Z~PRR zrrq0&aU&V;)=dky>Td`+%dFqm7~gvzjg-2rwQB&s9NNv}Ga!`maziy6O)BLdWju+n zK=)`!3bFG8?+5AhU)~CXfKM#nU)0*)vTK~#XF|;6n||ns|CaW_9cQd{!sl$WCPkb> zlAJ`IPA^|-KXI;U*LD=>0@vq%MbgW|)Ml#-k91zS91ZQAX68M@_I@J~Zcb9l!*{D& zkyIDmzRX)KsWv>eg^d{i^5cq|J;^vv3$)rSj1-?z|9oBrrGL~t(waAww}?Z{=82C; z4$w2oKR@;S&B(y48TBPR-Rt0;P%sZ1Akjh9kkiJE?Tx?VB*Xj1rx*+C z{rKxEj&LKyXA*^Hh*}Ct%E$JHs((POr4at~fA?ecKAy>;R*v?hCk;T((7W46qTun? z!?y^{KfGrP*1*qvUSu)F?oSF)>T!fxZ>lG3%l@kUwpv9I#}snv&Oi3K$RK0pw-19> zXtRg|>4uIX-eJj#ivR2+i^5EoP4_$2Tkzz_0OVZtW`gjXCs(Rt{aX4eHH z&uO{|TS5zFfx7_S0+^ous&;r|thGhrpjVpddXys?UVdTT!ySk2#KUHP_82_2{IECZ zKU&THASD8YoQHk|`AR5$<4*4Q!hL~hi@Si!R*&M4Fbn8MwKmzxtbK8`?0s6^IP$W;4QMRj{D=tPsi93piGPI=S-h!dD)u?)EsM8k#0({uF%@>qxzsP^vNDZY&9TX zP8`1n&#Kh%dsfKksR0jxha#pEZ_GR6j8yMYDeqAe?|Tz(`Zdin>^~wS?;Q6$7z2kp zS>AOR&TY?fF*M$wGq6?k%Axtv;`YP}EYPTIfBT+lmIzYw`GS+*4)tWa3uj5<)l~Ki znr6oNWZ1F(v8s2~rS|aEZ;_&{kts0B=GcpO6L?yx4CF)GzxcXgc);zc5IpM7&7N=0 zil|bWG9?YJN-9A3v+_VA_P<lJ~D-)IC5p6 z*p;8tZc^@Mi@~Bkjl{tdnPNLF*1E$IC6g_y4Xo_Q`v$$6r*lMY#TcCRg-?K&Y`FHH z$;|&xwdrty^WzUR409v;9os@t@&w`$;4*D20QDj%$>6@weGABo{dGkIPPI|bi^HhT z*S}}#RYa@vQX2UY5QfA7JG3>nxxQye4}8fShx_=(rElQFUm3{{X`4FvzpNY{8r<6F zF>TzZnMD5h__{L|Fqi;WFOOA@e+R4y>2v=I+LPF3#9i~6`X=E}_KXOE<=b-#8pv5E zcQ}+yXV~Sd*12)Vo#%avyvybwA(*B8UJWZoiZCjRj~|r#*e3r$dpdv){$)X*hJR1AI|K6Z^&TW zvVV2qgQfs>hd}t0*1ndSz*wx~Dl*=*U0p)unWhVXH%oqRb5-ZzX{Uzi^h!MD6b|Z0t78>b6X63UoK>pyo zqVgav&eIaOOXSo2#ie!ibXjHluYYLn19mBZ5A!!i#6LGuNF7W~VHx=UZdCkj)ABDG z0$b!C0(u#Tr2T&*IHr(&bYB?L_($T{zi*%M{WZb<(W^rLZi4^E_42>uAw_KDf6m4K z56<+rw+bL=1*qz0<016_8H1p_CIdpuMPnn@;`(Owg`w@;{Wa>|F@9M z9}rZsAKgn5>i-ci_wUy-{aJ~)i-=O!UdMh5u$hBHVd;D9i{b8fMW+t(Jc@KYooCSEv z1>*X=`1&wPy!Eg8UVL*?R|xNlOh~q{_A(S|UNf83#!DeYzk3R?jPxefpv&aWm5B{Y zc)y#7^m6Fkd7R&3e%W?H>H@P~3~EU9=r*lGBip7j!~Gy*cN5Niz?r=kG2H$JC;!{? z-Y5DC!XBi%i>|S5iYMD`R3bZJb`dqCIwnF5*<7=bDiqY}P#>cDOWbOyLN1faRt*S< z9b8->$KnhQUNf-Q4Z!RE_VU+c{4cM74yli&3J*Ku1D5zvOVv&!3Z3@)qezexitvlg z&PRofFcfk*gI|3CZ6AfxUujeyZDRdvgWEf@!hcB0lMp`-51VZcEI%{;im3I&r0Wl; zp=Ny7RM%7|%t*Y8YmEO56uYJ!J|KK;b=2_Dpibd&M+$u7{6=rTEGo6AK|ZC$hVj`B z_VWza&rA752L8eGfDG%tU>2S`g{Ck$GHXJ<4V=Xmt2H9B>b}S@qNbe2Fa|O+68IBz zr5z1~=Kz;zf5#%rMX2C=Ik9zS$#5uEqoyllaWXH2yi#$ufraXl6O){Y#-WI*k~>CQ z&lYb%UwSVMszmW2;=*RKKF)2dpj~=w+687jKP+GGE}K;U^Oy^XF3|!lqW#n#sJctC zy3HuULLlRtY)grq3g+|p$Q*whBPK_`+?bfEx5(c$_^u~_K`(MbTPY?Yh-Pc*{*L)> zMtuTu;yS!r$>Cn`9i5wOrVXuuC7@D2Si-_C? z)CzXo0pdyxOTnGtyHk)%_K7s1U(dZC2iei}wD`GG)es#l?&VJemmjk#C!e4-B zVbl}-sANG%w}IOpn0(3IJ`?$2o)#O zp2Wal3|e1hB2(%YwP&?AE2pd;dOefKY%`lXafAmdaH>;JZVcmtAE>yu2TlcZ6t#Yx zYrVgQ?z+D|qk^S?uUQ`%n+Vxgb1N05@|XEm82Z0)AYc(`VaoY8p%d?qbczTJ3-lbx zmP1JM=|}VzDf>kJkjm}KIW;Q!%5?ug;i&M6)EuwxKWSWuv)V}p=__9BfdQ7nL*B^v zKE8W$bHIhk+XTQfLDFtKj_x&y1J)+8`)C zVzM|nBk>K095{@1>IN0cTbzB$v(vS#f+sID|Eh)E)NSRf=k_6O(Zr^x|kN zb0s)zO!F8~c9X7|mP#%UQ99hYRYJ_}II~q8*DZ(1M2J>lyuW*d8D5||pl}V2;Vl&)>`f;MxCkNVzU{+GXfwbHceH_A*26;_GChUo zPW^7Qe%qwU>{c{YD5pUMH`^SORc4BIL*Qa9ia1QWNkao`@VF(RN9v2nud?IX%$Z-! z_zcp2Yx3w6$--ymJQkJp?^5n{H2>iK4^pkb4((ty$Hhjs)#W@SQ#X2hZ9cH1xL*4J)^~eqEt|#6-m+m(w%O0 zPbC6jR-+XR#*X#oDjd%;6Oe)uwtwiWwZ;SF3dTRu=`@tkePD-EEd8X~5=@ABZ3Z*a zyGMuZirooS$G52px{MO{*%X5#c-|31zTegWv6^D|RlBc5(0l1VyZ49$!({)7=@QRMt#2;gd|Gz4e52N)n#0iqd*Dw8z(2@CN9w5prqAyf|dB7>3>*f0RTJLHHi{a*2+9#n~!-_OZ!Og;ERL1^!xR!XxGQgU~2og4FAdDeT!@QDj45s}ROyr#`gvv$^i$Pa>a`R01j8D=BlhGMWnxM8~`q<$F=eY4H0KK%Li@~zfqhR1(o zIwgj1^EQfOYZeizmvISf0?l9`Kj?qS%q2fkS)eOoGzoW zMJ46%yZIhs&25nGc}_bMBH)-8|9Y%3i|R7#)JPzm5pI|$tQXCXQ{P>YNV@_w%oO-w zS!?AgL#{TAiYu&1D!390hPN?eBPJx_{0AFLr}nR>YgByZ49fxy!deyrmG5IW<^rwM zkoVi5i7Zbi9&ewxf95mtVV$*hn^&*3ID%$LdU)z#m4;volqTe*)0)+)F-yZWM6L+|iV0np1knjb+LmlHJ-Vp)@J-e>%GDb69p){qQtD!N&9YBa?W)|2tw*=q5q3T|JO(P+lcw% zzf75uL(M<71SS_UUn`v{Uo46^yNwPN@%~c$cEduoju-f2jvkugb18a%cBGlVl~h5x z5~D7x$AS$eCOow2u4c4jH;%wNSg%gtVWcJP_vxwoHq`DfP~LnjY9tVlA>U=zSMO(F zN-3iL%t>O*~(Tb(OLQLqW^ zO9VUoJF*kGjp%gaWKcOz+9K6Ci`Oe#d|lwP_yf-JwRg5{J!Q!U{ks&CWE3hQ{bA;Y z!@+W70bL021vYZL?e#~^=4Q1n`G{c+@aZL7q9T7ZRO=A0dXsFAsu&PeBn|1tV*fy- zEyv8p_Q%@mJlhf8e97kb$t1Ocx@=KT3mV1^`VWfVA>+fE^T>c(DzPvdUs=0U7K+sh z&gmSYwmp{1%hOHl@d_0^ALO!m86#C*yNnbME@3`J36<`Urcz0ixD8pk`=L|p;fpdt6 z{mRtZr#K=5{ZN|`nud^OJVJchclp}EZUGH5>qYXkdcphzDJ_McD}@;}HG4=;7`d z+&FMfrO`Vhe#}E(ZU@o9rkqL~-sLu;)&nfR?Fa6qsW)aB@{a+~#&tJskD>Ei2aZh< zkPz|kh4*p@?J|Pwuz!qlX%xyu3bd#qjorrI?!ik3`U_@7zgBMpy7uZhk3D(#jj>Br zg&>+n-)5$9SnSI_tRA<;dWWh`^>W3m{-M>@dw*&zDrNj z*+sJqxaj}%i@k(CbUQEBSmveJ_ObU?SC_a_UHYl?bUf${MdOgt?%`0&3I6_vV z`#V~WmKWtt1BwzxwfH&-FgcbjSm%(m4jb)@wgvH31R;7twU4-1&5NtxPc4}C8Pk@< zdvxs>;kjiSZ_L{NkG;1Ht20^FKm!4SySuv++&#FvyL*DWy9Afu?(Xgm!QI{6<*rF) zX3sun-*e9WfB*2nS|8o@b-yKDRb2&Bm0%xl2j{ZWGOS-=1kxRT$6QZjHbh&ha|axF zQx9Hj-QO$d5GXnO)F4DR?Hh=1H)Kxi5*#9anY(tnQi{&G+rR_<5%r`uo8rvCJWe4M+Ar}d?%oFIxsIN#S(pkHh$!1tcj8Z$1en$Uzc;1&Yow@HRWrAGB zG#XJ-3SiE9NFZ);VP-7}2@I7pn;18&87Ay!|GFXiAK9cckJwgNOl)W(u^Ol}6$J7+ zZA%NyH@e1!+>$z5JIQNH(vJX8KcuyFnw*QQ-Eu1=ScIUm4puN)MsG$q{{rjNRcIU| zzkL6m3WkaqT^1CHt>?B-$QFx>61;#wg|KR2magm2IkUJWTW{bENnuF1)3JHDlNdqT zIM-)Ln69Q52UBFyQ-~rfG_AlkL@g2UA@dzz3S6f;9-w&y>PT((b*BQ;z==FcO z#b}uTEi^9}vFKS6|4**z7Xm(lNj&k<|JWq%pRR>pzb9e$$|bTAg*eV6zQ`(ON~zrgqz8lX7=BDyB=|MJE#;Q%MW|4;TmQ2PIQ zwSi!AQcp%=w&SzT1? zzoD(U-Xo=rQx%RCtDymq_6$M1e6GU)lfQ>v_| zSmEQy-^kL;2O$U1&i^=I{2zoIpA^CaO9%W!*;*tkiudu`r6(>R%Bm4*V4l^ECgoWU90 zZpEtnZc(umDMGk6@xE#kJ=5?^Vx=M+f6bFgC?NUgq(JWwlSGqV%A@~@Q*T2%{paUX zwY{sjZF*`yJ#W@yY0Q`KR5KAzMnjPMwqLop%i4^(T41qwJy762UvsEEU$beu7}^So z^tAugwAPQn*2wRWg7d$K%HKPyi-^u>(nJB=eskcVdOh<65NO5$`;zI2APeHT%Ub?2 z7cZ3zrpo@wmgx5y0X!J*fDN2`XE28Q56zW2BfJSe7@j>r)2M6u(Kz&PdVRY2DzOg> z0Lm+ICSbJn)~jVeRUPDy$NOwGDt}54T|m@-Qru7PKj?tMeUP|AJ{W`xylK2Wb?;mE z)ukWD|-d4O9^iv%BQ)u(A z0OrG_1=_{dEyXBI!-{hNVg2h>e4a!B3hxzbdZbWPc;RlCDe1ErB57MKjPP51>x@r8 zY=6maLdWq<1M+`6Eb{r0UaTCQvZ*MBFQhlvNp*sG5LaFkZxCkwF$+?hgP(om#^1au z`wkG|rCtWEYPaO?9k6Uaq}gyD<4v6qA~~UE?3a}dAL;Owv%!o>{@TYs%`u-Rp+7i# zFD`Q$_e3S5S=m!(M|cX<0JmEZjzn)-u0w~HW<5V@W~!or;Eb=?@IIP zT4ZUy7w#F+OqYm1Y(zm1rIt^zXt}@G1fcXYkQ~?{@hO@k~6xRSL<Da?Fa{U6oznt0W6Sx|k zCtmTQBYed$En$G*TwC^5!eWX(RumCBp%@tBwnN86+rDkIYi~dW6ty9&jd3F7O@BtH zUk=hYrCay7F!en_#kbg1KY6_q6@q)#5z;yL$SrxsqR_C}HHf-qVG-J*)mM$S)~21#DneE{SnpZsB-S>9GsO?8~x! z^nj5dcmLu!hv-I`6R+HI+)RaAS>4#>nLJkw@km+w)D|!s&ze8zRn_f}V3(YhraTQN z`}wi{lW4V*tkUddlU`q_1>43^6K1@uB&I2r&qLv z>#F{~n%w6%Tz`@Kp2Fo}gA+=-qwTscE@pmI0s?vBZVok-iae=LJQUkFy9wndJA-U= zwpjb}6e`{;T39nO9T0#l%^s{Q#(d%}YrcsfD zC}R*o{i$gAeh|yT;jzz%ja$x;5M-|4vq!(@I5MFwd`7k^Z^#O{9UHY@Qo>hAz@3=* z#w!vT(?9@kw( z2NjlJiD*}ftkEZ7D{JVM5kdQ8PgQ?N7X^z`3Lz^z&iyc*8*tX0=3JJnQG{f%&l>^L zwB(VCp~JrsHu|ku7cC&m>5y`|h&w5+8a|~JIoLCYEL*1m)>PddvE{uAd8C2Un<2CPbT_Wrp(lo?F5_@aRqs6)PijfX zKrtJ}M~dc^<%tYx(7nlyqIyPTd2+WO^33PfzJN!Ygm8n@ijEC2ryoZ6{?1C)e#uA5 z>qnH8==0q{i~*Qa;<`taYiYUK5A(vUaln zUB?&ETDeivlKp#7GG(b`f2kC9p*x%agx8iFqiIC8JIn4D*7_m2?cVOVyrla*^cW{C zjm(v6Dviuqy%}!SVTTVYDVUT9407e$t?<`_s{Y(m@BRU)tGPN+Tuav9yoj_Tl!@fo zS;_ao2QFh}$1&Onmz8=j!~V7oXGnmVZwIqzZ$qpIfZQ+7C||_d*r}m%)C{2!gJ1-1 z#@5aW+oLJ?->&+>lB@eP7Wuz;xRak~p9Rd^;-{7mt$9j#u@Eyd0a2g z6a$hqVD@XtetK6B2aKS2HmMrE(cfA(YBk#MH@H)l{L~@ zHdLNwpYy@dNv0k5S~aRNKO$tZ7_un>*MlUBD|j)?Ji64=0*mM$StuZwxe_l4BfG=i zq1G@sL`Y^e(W$&FWUsaY*CdY3kFfMKx`e@76)TU?oBBG}ep3q;lkk^2voC$BZE-#| z;|WH&m9a9cxjR5R4qK&ge+*248uPCk36l@IzP%5-Z!i;!5v(#j!cP=63=a17()6D+ z8PG3tKHPQR`T$LE(M|E9fd)hrB-JIcoXQYd$jzii{Zn{&-% zLr|3z8W6LM+%%m63Mks50E6S5`p_E>c7YK1jXrIw;Aj0Ep4MTFL%U>aWlm#D?&i$_ zEw>eJ4ym5mmxv@sbC%3BqBlZ;O#5+w4y>^>`^)yDB>{4o55t0(p##<_P4!Ra0R*%Q zK%3N@zllJmFP>Z+I3uu(Nq;}oX$|vMUxaZsJ|Q+NIfe$L*3gX46ZuA8M+Kl)w6>WB zdy9wmp;R4=)S>hCw15{H(s0Ly)rFZ59;z8oVv;2Mc2M&vfrB`@;H;yai-?6dJ7Z;J zBc^fH<0T(5A%IE=adz0iHm_WO+j|y@)1bsvwYnLWVEtnzy zGjaxk7GZJ}c?vh@ZNo}jk|}8AVQ40~IS}odFPwt79`A+?>=q}~<#0l8s}iKldzWOg zGxfZ$ae+E{O$Z9vGTcv#>sjNtZ#}XlM^VPx`Mi9bj?W+}4wJvf+p%*RGnxM2x5sSnwLU8Y< z+!~WhNJM%ih(c^$M=T9tW^zSHX%KqOS-j_Ez@oCIQBUvg7D3VpEpT(FFyR@l)F|i6 zECmy$K7rdVaJbhAhUG(TCyGrNe{*Fz8?zLbuohuvOqQ78=cghx{VlbpGX7CO-Lr`% zs2<#+vz9#A(iCop?F?y`p&FiTL#mKYfm^;Rs?^B; z@C_rj@8>*Q?JBAqdJKAyb&R7wi&?hYeLSH>)0=VePG~qz(9cUb@I8WXo(JpWvqZHx%?5>~v$lxYOb| z-G_8vaz_pOkGD5$y&w%vP>H;`xX7czL$;JMqie1y&AKF(=}Ro293xQD_J_2(BfsP0 z4dJ=|z$q&)%k?KW!dXw39r-lk8hppHdpp?nCVoFbUOwZZc@*c7H?BM%kTB6lPDVGK z7H$7XnW|fBPV~-N!GdV?3`4EviPt9BXM){kx>#0*U!9C@Hy=KQI&QCsqLv`{jI2KYLhq-N1P`E zL>(QjZ)#AL=E|6Eh%8=;Ry@?*ZNnuM4xutv&UqLiEsT^?c!j#-%gW5Vlngk>x{fHg>>=l(BV*{A2pf} z1sr)O`*4XSr!wNaFT`7}LZLVa zKoMATQ*_Z~bed}?>0}H_sCf+(hg1E=n~p*QQC-YgoXff(Qnj@e6l&yx@CMSOPg%rgpXjIqBKk zLCdQS4G63h`m^mCM58a|0G;>fj0y&ViUvYCBFz^Qu1*2wxtkT^r+G zFnNV(bh4%_yt*N~y)_UN5t_aG@I@wmJ=)dX^i<(UHnK!-B7Zycz6bJ?3QzVO`@_=E zAiJlmrK%TP0>jH_kWc7R-&e#&Xb83mQ;R)qoyA0i;+c6uwy$($8l3eM^8$rh_p)3y zqW;v}7DcU{MIFl+vsLVAEiAfsxx`#IlY-8saqj(+-2w<}X(FCB%!AzX#bYT5E!0q( z65`j&Gc@CHQiV4MES6Iyz8D+}4e)!$D(jDg8c3_~?o>;vfLd4{E~;Y)=q@!f2y$bY zrF0cwX@d+vNBt!iN|hF|XG0L-jl9i}sO~6sAuVIpVV~QWJa$>O!`k^0JkQ;q#}W*R zfQb!X=DYV3ZziiK z6YL*Xe@eSb>zowtNqs7vlMrAA7|Yaiig9+4^y3)JMv0Dp`?P3j{s=iF@LE)u0atrB zRN=hIcNowU-kkF_sYY3vXqH>VoL5ZHJHVjCOpZ_!n!CDPu7z1-8I5UCCqjkc~RzS#XUph zXIKk84Tw1UPTJVuGcF2FP=j>KsTJf*n@ZK|SHrd#}PK~)PlL(;Xxk2T) z#|vRU-$_!-0qajuNKE$-6&kGPA7tC2G%%j|7+E?`U%Ggj)M#5{^1WGPYbR^<=ibkT z)ulqCQuX(lYQl8xsUzw0Z{mStP-NTb8tR0vO!toaUU88YOOE$yv<7?h3&Ml!&ItMD zG~=w=Z*s4@E2QUyR?mgVb#(C+dK7PPDwTyFUrs{6-7NZ7kw}42O5h) z07uf(avj~y9Ea9~u_SiHvUAMH#gSI+U1yqY3>W=*3-IsT+c5#<7N0HB!<(Wq9VE;$ z2#cQ+Jl;Mn#<>o6ss6a@tn)U2<>||zm}K$PJ(5xS>Rw{$Hu#mDMMr46Ws3DP@A&G za89BDEzsfUNgm|-5t2tMU@;ZvNPFkw6LOZTx-L-!pR-2TLta6X2WWj)+0$#0hI_mt zWb|bsb(!G~`FeVqQss{pdoY#*)(Hr^h9|SE4<*Ke_hHUCzS_u(ktdi53FB*B%&4kOPi;f+IoG!K zwtz@XtqW;#zJrS8wI98SAY-8!FpVShvv2Fq@TdMAN2>ed63Ho(Nd#I9Un~~k80%G9 zDjL4olz^ef3119jKzN1J8tSSwH9TF|;6S|F^&H4ODW;7JuBhi?BJixbKG^!{GtB_0 z6}-_(DLX5{ZkCB*^AvU(<=2p;_LO1gKau?fzmZ5Db+tsO8L4`Qk;}Gt7DQ>MLLVs-{aI}4BG>4GHT!TC=SoJ za%(lz!Y-dQ1#aLoHM9Orot$o5Fx%_Mvusf&_GG=KZS{fK_Y!ElHkL%ljT?SnaxF|8kJ#c3BE% z+sDh-3`UxQ)`SoPlbiM*?13<5V&+T6VH+04b03vBP_140=Gx-6%_ktIS4O3tXSdH6 ze)cRp*ordY67GyOWpx~~7v5dwVo!_X?K&@Z+?& z^B0M^D~*zMiGJedIfBx{bizwQ_Z9d&OTP(UGP%|8F4+W>?b-l zeu6$#=?^HXIZb&$2|d6xGcFJ!61~ymgb5i+qQ#sy@j^3mi`QtoV5;G&;~N^|d8KY@ z7u2f&Tz{;ovms0q2v6)e9QCRRe_3UjXYd!>3}05ws5RuHAZ8}Vpain%JynT~D}Iu` zkbgVtno8UuIyiB<5nO-k=w011+xKjdHE(|nV#08KsVdv`whjeW8{l6~dyvf62~kAT zx24m!&<41q$D*UTkW-B-W}${sd?iqI{Z5!I&;s6Gx8NNT!Bfs6zE*g<{bppe0PnVa z4}Dg_I*&QQb%=;$LV*F~`4j_JDBp^R?l|VqBq?5S6^3&`iOi!*jUJZB4&Dl#v8`jwD58ireNsm$SAe@d3cIf) z?Wk|lz=i4%uQ|)2{#c`D0UR#;w zuF-1m!ezzw#ckFBy&@8(R>+*}Y-E5e`yBp2&emdaaLuW8bRCHX293iaZ=)+mzRo1< zMO??}z{)0$R)~G;*Ko0J>wOyZxqLWALyqOebL`#}A?_&25)NJC$dvct=;ViqPYNrM z`^sASmrrnbLzq!oF?R~WklrQgOu4~va_<&r6w`?&cp}Y7zWOWez7m4NE=+X!$b7;$@m!#sD?3J?oOlJMcUF@@* z&?BLJIm|IgQ6%Ef?bkTCMoTfBp!pp#KbSmzP!r0h-&$A0qtCt>`IBT zivHmwkTQ!qy9>k4Eam~N?_+9@(5RM19sK!|?w2Bxav?+V z2FJgJHsp>?^X1)JoUqCtrl|cLEX*W8%oNoX#J=U2G1=ZyNw)5JAIpmdT`EI6ObHl# zDEgAh0T~lG|HFFW@{)zxgFpG$i;LyJLK*!V7zU7;XjihYJx?HbAqx4GYmHG*n{NYl zsu1k=I>=qCFH!7Ypdu-c5k~tTa)T;ub4ZObrM6jrc_2Ic$lzD{%UvrUONS_@)Y^i5 zbLemL-ps3}w)>2@?n294%Je2exlT2%L`bBWmmTXD1oLK23vq)as0lM?Jx!6d$J6rr z$t_T<-{{vGb9F3Cl1NtuL!9F)aQFRUxBn;MKvTT#DvIM5he>| z+6CQ+H*bAXG6wzgIH@V>kf2W((JC~A`6TMHoOnV<539^2FXs|3e5w+(t4hu8uf&*n zb~c#-iQsvy9+Q#|QsNS|Zj%nwlrGfd{p0Gxjo}%cPYgCiEd+2CwrD_F$wIOxX1IWo zH}45e+S^?;hsNcsjxAx{#sYkzqc5gKO&ZC3Z|%294*aRzvfMnSgqeM^rct88*fO#P zao@NboRhm1AGt@b#9YqbcM2GE%2QJ7)-x+h9tOUk!^C=P!tKU9p7o`u%jaDiVz;xU7I|s4R7gG z$JT?r;uR?pT_OvO&NnHU69WD|4ZM)*dh~8M5f~Huq!7Z-d};W)=YdU&?Ni8Tv*%KD zIAe$25W6{V#`-0_shj9o?`Y&z_Uo`uTHE5_Qq@>>xe(A?J3X$Cm*jjtP~D1Ys0^-1 zctVhP9tuQkUbQhFo4)m>BN9PFnYdk|_TeJeH(q)!#GHKE?!s<`!PSOOi|57!5^J=d z>$xqA4IDQd-YQ&lk#~N>nQsNYi3qcB5NaG zK%d*D?n&?{zKFEGRrC@VHbXUrt5Dh5}RkgvK~ z1uhG9wEL3E0KCc5E2v?JHk9}=ZPDLKhg3Hj?vnEUM~5kHNY|=e2}C7ho9xx_=QNvx zts-Y#Qs?B$e0kI`Y}Kb3ropMTM<4DxF|I`N0YOlWpFgQ{d0G_jD?zs2q5~0}6q^)m zTU(GPsE4L3>J0Rk91fJfIiS?GR}TT)^osS(;yWti2*delOpSl%($C=iaT|O>RXdQ| z%$N3OjH;VrlgD>fuyqG~$~kR4UVA4?Mw_Rl6?Ap$H&TFOC~WLt0fC(60T?69*g&w{ zaiq~v19q$55vi*@ghMNtva9Ym%G2XnDR(no!z2$$up42KO8PaNf`;!dMcDaUjiW^J z^SEPLD9&~>MR~2=pBLf_p?zMapSTp$0}PwHYo9svu25fr(n+{YB*5ZizBM4JnVBwo z*<&ybt6N|U7f6aP21j<(rYa~VNX4Tkqh6MeNA#`1*}AnVM7#y`=juAS@-&l;$(2we zL{*7?t*8?DsBn?UJNP-Df!3%0vPeSc2hu!-Iz>epGZCHpwNx3DkJD;?h^{da*GIki zqT>UM?EDnVrfO@CZu2>gt3@FOUFH**^`Y_WV>sUR4rN6=-Mkq+PQ%~5 z6KFx#R#uud>UH_3R(Mp`E?mhfEK?@X6DJoA=Bp|-j;_^(^36}lEo3Qyo0cz6n3;&g zGWC!u>l(pCcY)pk30D^U;K(Me2W$&#gE7pD_6%-zEK_7ci5MUD?>cl-X;EQLok~dB zFtX393^W2iO5+LW|4dYKRZDLExdo9(MR#KALCh{Ng6Pyox@f&&~p#QAbxQ(2&RYT4aLOz83hnTz8E4{MvDI z#D1vOyX;w1s?wcXVoJ2ZtoA*l`?)Q-pGh}*xSkiRQpeZAadfkN6= zEwKLTR#o8NoL2b|| zrn66f(|nb|kB&<9RK8}DOL(jVXcP9|A)1C+`xd@yw20)UG7qD7HvG7taQ9g3*0Eze zplYf~EA_KNqK_3N(5KV*l;P_USMLE_yg2WxK&mmxWMre;O=@qBMb+IjVa}IRuTR5L z6_Q?zRY7a%TRpa^hxvCJy_kO_UuE(m47zR$*L8%lPMxwgD+Z4tH3M|c_Ol70!-QTM zmkT1 z5$OnJK!W(p2aL01S}vP`^IY%fx=xI^eRI1Z?$j1~NqEH;v0MrzJh<5SAy$Z7v4OMS zjHymleXe~SUyFRCZl z09UaD`mhO!5*}8djI+DsiQwSLgiNQ`wlS9wOLj9w5lpY2}A<$eT7ouA{P*7WIk=@!^8o$ibrF91` z8UW%_t<_Aoi&@|_Q<@>jExCuzs!=qTZXvs zid6#C*PO`!`J@^h3Wvx;jhT%s@VFwuIAu#$J+PDObkW**6|i^;En}jVK5)s~yZlVO z%2pefRNGA=nUD7c`kI!x^Q`<{)Xdh#J9_3#Hna&U2-Ck!7fM0=_ndip%SExe!C9hM zc%xDaC+&PU$@%oVKIw_xqk`u~Hvz3>$TC8X?(~L_4r_L08Oq7caP0*yLlhP%M%bzm z3#pov30sMC#Y$9PTWe4pxvD-KKGjC9o#3t9T7jlJJU$q9kfx_GLC+|@3!EOrCS`ku z%5YwE@y;6n>gs&|WWt+cyZB}FQ3`r*Z5i^eFkQZ;->l~+VsAYI=GL|b!b-7i-;u35 z5h$lC^HKIOvs%Q9W!yDKD{qbAFiRm==guOT z#x$J9-AAGDjbjD`OC&hRJ;HKo29YjsO(!F(uO8h$$+6vL!T#MQh629`lt()tPE^IE ziX3%<%VEXMA8IEjP3-<1KF1^5JZg!+AAT+P!!h zbHlVD`LLqVb;1{eOLd7BL;dOa8V1KaRxCMZ>&Mtis_AUhUHzXa*bR~;#s!^JS%Y$4 zGKweGa^lFkcq-Jzp9a z7SGxA(#!X(53>s_#yNofBVAJvaP8*Sgqm(SU5HF3@%|=Uigspz*MIR!MC&Y3`gV*r zsFbGaF5YBijn-fCJf^rq&pa+piMZ1Cdv(6IWZRWMXo}Y|ZIfJ_3T#;D4loZZ7L+{c z5J_{r@N0gm#S#(%aY5=`n)A2s)RyhE%hVbhUv(#pn_N6hOG}S8_{v);8u`4IXOud; zvH;nb{kTmo%S5aqVsKL58qWpRX0ZamJ<674hNpbL=1I=p4uyJDg^d^XYLh7 z^IgV_9eB-e8@C(D+%fd9y+)K4O|oW~XHTL;xNXsffgc!) zt?hBdOUWTP*aUE9hwZzk%vdWpCIfGv4gbDt(ntalR00Uz*xr zX(&`Mr{oM{TETlO!r*#W6bFG8sX5*y!CZtrvoFjpEMPZ!?@i2b3v&!xW;1JRrcKw# zH8L4Ur7Lm^b+(vq6ZNwR7nq7);yv46TiB}c?4x5kK1D&bDAxrr5p5W5mTn6NcPZlY z(s625M5rk4aXFS3!jUIZMSj9rYB){MXSv0cRd6)Cr^>10kCa9l!e$+984^qvOPrrz z9JD(e5&)f_QeAZDTIRXJ0k?`L!B-rX>1I0XW!ejciKXCKnQ;^b`je-Xn}s_0gh;}B z5RHZ4I3M-<(Y6XuNKXh`sSaFz<~(-71wkbi%}_y>Pla;osXft~;C{q(z{X2BcBI4B#m& zNQ+a2L26eC1U4KF-dZhagC24?1IsWj;xf^RAP8 zW-<3=aeeNtU;*?h_Px2h$vJ&oSAYAcjS|UkU&@onh3ptx$E8Lu1W0T`zYKD5mPdny zx%Qd&$K?Nf`LrdDpK_#@;>z7ye2>LIRng`BJEUZqlK=N1l9m9dLE~9s0akf68UkeL zawofp@Wc2VnnvQc-F2-J&sKdi1iyW4+qTEUVWddUo@TuXOsOLUF7U(-{Xx%iP4&W) zh)6B#>U6H_KRh*sYW9rU!qR~z>>j*qkRC10muxpNtC*|p6SALU8}y)NzNlGjLAVQ&#(eDT``@Lkb1F2=L|7lvz`DQKBdbWr&3kQL71Jls* zaXcP%35kiUzB@BuUDrX}DfgZuggA$$T+^J~q-U8g>J$9zFi}?8s-qk?G4sbh4P5^I ztWTGG{sRa5`?^oBP{UQ3B(I8WI8oFmelRjO)Um8y^A_mzD*Y1m{eHN;S{&jaPQ4$C zXkvKo8;?NQJ#=M8aSTZC`;MjX~YGpZYn9fS~|?|bDJ9%05d1J9yhEgva_rEH9p2lx+VFczp3$1QCbehT9X-;eeg}GqjTVfPEQ8M?mcZs0Y8V$b zlT(qHuflAR5T{t0trh=CyOgbnwe)@J`&6j)^nilt_8&7z#Q5Gukd4!d4rg13q5 z)W=t2QU^nO{8)F-iu`NN^y}BKGM)GxTm!aFx!P$_?Kd^EC@FjmT0*HC$l zEi&~OgQKLA^_Jw~n4bxM~vM zF|p1007}jW1Sy+&18ys%d)SnCwuX)&BGjJ@wGU^kvUTgZd8L2&fpW^x};zGQ_zr2V}Djy-weGv&`Q=HB>4bC z7>51SS@x9T^S!FUTCTT5;yp&-wBk~Kdei^~YMEH@0rj#m)$(+~5$IJ6wNJhLYSmjR zH91$pbf8dWwFq5ndE>Ot->ktJ|Ke1=burezO|OaeIA=XQH#V)r?78sW%>WGZg$WFz zC|`z2IFs=-^|P?N0^4Et9OQ zCrrh-H?6h6f+e{Aq=Fu~!=g*owtcpn`3RagmXd;3C?ZMz&be=6UAbqm^QJ_gqP2yA zmtpk;vvD%XXO}9A`yXmg-sx(KIX^%=y|`Mn<6{5R;zVD0Ie)mCS5)u|hy7UGV8_u` zoS=46nlTB~w*G)PVDv#17P75;;LIpiuIv?^W^usgz6$cQ6K0Jn)+PFM2am`olE*aG zc>#Y$`0RNEUt{AyWIf?KZLs5;ov5ceEVT}W=Kyr}`tm%{W_444XF5`4W~v>u$jV@X z>7#iXdX?EFrxPKNPCLVgx@G82Z?e6RbYD&@%7f^ z;+B%^xy)1*+=9DQtty5Ef^84jA0=WU0)3)dY$TWiyFs)7RxZIcypPCfW3=yOrJbf* z=Mz@I!Y#!Gv|KyqI5nc}WZzv5#PABPgX(KA=$rZ6Tnv<5;k11!353~~i=4?9g2d+j zP&t)q70lAkddz5@HAO;i_&mdWruMLk09uhqe7qcnTX_YGD^moaS1<{P1~Jg3L! z6FyFXfT)LK$4*x{n$8Tkd{BzpnYJR0bVoV87-3?G4?%*sb`ATfe|)M{%|RwAa`w2c zviI$v*ENI)_aO|C{Dg@IbBJl5%}VDcv`4>JC%v<(kUtW=78+Gu$(-Y0niaT2g`_hd zM)*l9Iv{L4sKEEK0w(|QTJm;C&cURk4m@d9yg!^}jNvgFTWiZX_H^0SnSw(t@;l1$ zd*2%kwgHPO2>3Pf=4u&SH%qD9%Tq6IzlxyMk1N9}4uBbh6i8G$zR0QSN)Pi9>$sE_ zM~CIZrd-MCf;w?c>U79mTUfcEA=@rPHk#_So7Nye@hrox<`~Q9lt%{evc*QfsbFq`csI^*jk1jHjC3j zXN-{)#Ob);3nGveDxT5b=ueO6uM($KnTW*O3~$kKYQW4?CiIPKKE++5l$NK!r8tFm ztFU_Z_%iIt*`<$#!!j0^HnE(*n1hv}n2~+=wha1*LJ=7Fop}IkMOw|DJ&7u3T zmfS>;!e+BVBz_;LwWoc=l+C{&QR0O4?LzqSmSy30UxZWbkw^QlPpyqUvI6kwgO zja(zaHx@%u$CrAbpR3_};!PK_-^uUYby8LVES_n>jHu$Z99-lmIn0c7{{^I?J%wA2 z0!qJG^_T_u)~O5a<936A0Mqd%Aufv4^f;ykioy(-L3exD!sVmnSJnt;CAy&j`>`k8 zy?rb@ifyW6{LEHW9(bY-?yv|u$MC-0LJXbFmw5>WyF$C>`cJb-b)&~y`4%VvCviQh z^zBir*mALnTZZcOQt+~*bF-E?JC`o4u@XRr&kBW0WeH>y8*{){ey;?p5$`-}n(d2a z&)xkB-oSlSnLK2J`@!GgL8#Z(sy;)?djEm~8)0EBr<<-?o&!htS4qOHtrR z(U-C4Y4Rt5d$J#@1qC1EVA*H)F&HAUM>V+NIUK@=R&;413bV4wb;3g%V3Ct!IaZkt zVxD;YOmpaN^f#1sGj9tiL|wvWco|@fiVH_=1s@)s2xV`6=GBkz=uGv@>(t6gc0l~7 zr1(&h(>}gV-P7~8$4#c6{ zyAJvax@i5=>Alnac(x#PU4lWX^qgk%T*G_a!i@S1r?-vC5FAJ4ys0PEc;EN%z6bxA za9O!6`knLyc}xMB+yXf9W`5FnrezC?9;}u3%EtLDWX>qU`!(+a=oPqowH>Q=uimr9`GG`Zl_EKNzStWqxcz| z_CZkLI1QAV{H2Kje&vId8sRV7CQb`T8b;mmoZC$rVCekbw_i4oH?WZ;pXX$SGy>-1 z8CtZ3pB=y&8cz3qX`svaxI>zOBrXqMd9n&~m-L(MZJhu#x3;uX|M>m)A9hox7RU~A zoRfY09Hw=XM9!l0A2WcWJ=pe6J7+5yXg1lSa2L?}Vx#l|^bR>E@YQ(X@i&UDrOv3%meox>1*b-I~p zn6l+a{eKMo3K+Wig|z|0|PQ7}c*!IiN^N}Y6lsk!F{cZu0@Lk8$ z(eKx6;^CcPQ0-kN$6j(v({107UiOn|P2~$jLd@{61b`rsqrB4~Z^m|0t32=J^7zYHPi;A>v2#`*!f&foC_@ z_Ud4PCQ2dSr2yxB;gkM|+2BI=_T1x{rviYC^ZlZ>CQ>Exs)1v`@70LT_#g_hN7j4% zo6~#{@jDTG`cnZvNH!8cK zN_g{0gGo38an_ut6W5);V*U z%fCC8=bi!VVzD+ROSE5LYRviY(dW#0e!=+H>ykSFLxW)2uz&P1I#bEO$^V6AH)`9b zt@ldPXNS9gI1Sz}g5mHdST zBUx{sPDbbHMWbKi+wuZ|0Y}`2`|#aAuNs9>{DPbZs3Qrf-oVfI9-rxbyDI?>`EpI+ zxiMM7gTv_tO8yt1bD);RPh!zw^>RANXxx{qY9Y zQ~|o2%OV=coUg^`D>GQUfS3 zz|#J8toW}}{`0|1?`24O_=Ea}NSK0O2I7Aq@86#_08oIld;$3j761Mo|MuVq&=qBG zAHIgRZa@(SjJ0Zs4+}b+_8~dbTy{ zDE~jbf2fQ%5pdYVcM=pud@>9NvbHcN9=PshG3|~|AK{k@LDg#`_$oUxV&m@L<@Z8R z(0M$5OhwaH(DZJQ_TL#}2M;vfvtnU2I-$2aH*LS#SOTeUoSo9~sU*k!PnZT6i2x19 z+%Sd1`8@=R0^Ke(Nb-qO{q5 zOj@L*oua%z3j01Q(NP^qwlF^+Wf`^m)?f;++8H}3B4c6VmZ z%y;g0=AQeHhd;aD?&_*lt5#Jnzxoi2LxN(k4#GCobGA-HcJ%+_a&*368j_y-9{#jf zAT3&wOPOU>nlydRvtL?aM^0eh10gRW0`;jU>;RY=!BUXS7KG?q=Go_)MeHH$%g|B#-yE(IT3Z z=`(#8x;xaRl&W2`D3DF@td|hB%EH%4{aQu? zEK!1`$3F3@6gv(lHHcvoQVC6~3kJNdNX0aQ>1UCDFJ6sG zG}Uc1rjy3;U)Kiv{2jOM#^=X>b2f=qAU`vFed7Le492ymG;_}AF$r_>9P@p~u!QC+ z)CrrSQE#qN)vmvMg8P;984mS#ztWsm9Eo#!yq_=~F_4b=cZodLC_G=3EXKQU-!I)D zymWgRUhlucUNMWv(CuOB$EHP?s`$o+BcP==tQ25Vo@oUs32OzIq74kUJcPRRI8%_L zsSJCeb&OoA&bPZEsoTo3#H5U*SAT$%iYE9{ul~SRP42}5)UB4!2wcc}GZIqC=f?J( zSmTK%pNAR& zScDV7P~WjA0R;a0rnvszlt%~u^c&$uJp{vH{Fd^uX8=-&l9th3+Jz}J(1#{ap(DDh zmW;7XI?2q8TtRmGOH|J+?%gatnssf5+4~5??fp^QXP|%!Ts6*YO)@jg!mXmsp2Si? zM=(}+jI@;bd%OPQx%#}`oI%`a!I>0Q$cbGECCOa%7^{8_NLr+Vnu_;^uQuKB&x-;Q zT&%IkBdjQpBk4;X$ED@#G%;6JZ*>y#B)lv2MA($nXCNO!M1S03cHr2B`7Hlx&6mq~ zsda{bX7mBb5OrWkonw=kBK;pu5QM!FI=w;qi3pPeo&+}{cl$Nkf{$8=pg0onM8B>w z2H{#F=>HlGasFW`^whyblOGB+Q3)cz9WJSNl_;QAweT1xqZ*}B8xpKdtl4nnr{F|m zeaZ(mZj3<~uB{am4Uw2Lxdk?yGj%@#j24*mVRT1!lX-fWB}vqYMyR~E$e_u5tEv(_) zT3|tPG`n&%S|fT>B+^-=spgsGVdqHuO&(H9~g%?X@v{;9CdT!)Bc^U3~BF*h#|+ei?~$`Ea6l zLD6xHx>kwy`fT{+>$FIHFnBNNx)!2Y6)gNR0T?S_Z^-O$o|_pGrYP@%t=jxnmvVrb z0G+BJDazZ1g3n#iBA+aig&oqj?;zV*rJMTMFml>zD$l9GRf#0B4rhe^2)fYN%8$u0Y`KCT_d0L8WnoC9R#?^O#D^L(_;V0wmaSh`S&^u zq0@>4e5ECY2)yKtC4l;n4l>~UlbB{3Kc5Vg(qVyY|E9@4&gVp?kZbN(8o7l?EZKsX zP>Idi!ZHXm{BQ#rsWxD@OG+4L2M_#vPow$tZh4Bm+U0`GcM^*D6n$fO4N;6oahnV| zDcmiij(k9$8a@6czX;s?J;Owu&!Ju9B9?^?I}%k22octjR{V^wLNe*lH|uA+A~|WK zd-b@lh4$709|gzGRHAw^I;2N2L&B%YjXECmE%|+#dBeQSh}5b1V4)(sOBDcVg|FD- zh?B=R$=9A0mvR3I4+1tZ7j3U9Rh2qV*p-Zi^w%qy}cpm?g$s;!Jq$T(*rCF}Kpzw*4sGHN* zTcZ{$JAq2|Ja|21C$>0`b<&s@H)y;C-t)`bAOkESYaqO&Wll0%Z=r2@%FR#BhV5+b z$Z&;doyfgx@sw$g3Ssg$qHx#BUV1#PGro|4Dr~M3IBV?Pdt&vH@ZI)_5nHw^$bUe+ zy;P)ygIm9|-<&eIfjyxL98KV<*TE?>=;)tbn-$KSzSgHp-|*VG;`a5lMqnSt38Vsz zMV1azlB)(~Un7jcRa^-T`@WkD5Sq3jXN};iwG4P2FNeB-NT#6{xCYD`sj9CCrN{`ER{#TUf|RA%fy5= z6cdHnoGu#VjQT!=PY~*4O*@;Q#p4af56Wz@h#+6=Mz$8bRt1Y7H0_mx&mty#N@xQZ z6pvqbXk-jJRjFy+kk)+8EfZETvkQ^w3S7*y400|Mg4&|&eYSOa2l^o+ucyPGfUblMq5`}K0c;S1_ zsQ6!F^(u&QzAFLUS{2+@dU!eXUc7F% zD4lsk$8Nj1#H$jT!XF%CSPM6k#QR?jSU!|@c9{$fnmSU>bbZ=7AkcW7s5qiaSt`qP zaqKUx@tkc(=%9pH3DO&ZGo^ZYuTH~ZkJfDwPMQ-`EcrqwM%1w9w82DGR>Z!P%|{JH zf_0pLR`ulF>xGq^Zhz~ppRQ@vWK2-`Z;1!ZdZ2$Hf>lZ|_?>Jgf}Vb6Q5h{YK^%n? zEEBIGXH(%+#d^J7PROQuPZ{db7?z`4RDbh(>b%)0zrJN6YkqCgT-X5VN^L($l&0Ox zc_(C_i2J-Rwr#PzIhG8gn{UZq^)h`a11!>>-H|v`G`o$~Ly361SpCqsI zopOI3q#zy#G28!bnGpsc&S8_=EWDR?9V;Zf@@C@0^7Ctp%m@Mfl|#Uub}G512GD58 zLYO}TpM%|sU;pjy*auvlH_Xq3NpYuKx?W7a|KULAs_ruA(Iw!D^|SUg(eZuWUL4b6 zo$Fa^#L3>tC&UbGVS>EE%AW-L@=uJi^xf9dweEvuljK07KbArP%Jzvcv*@(IeHF-A)e*QT zO&+6MwMiB2td{nuDSo-c)tCw8N>rWg^U;6Y3({QYy>$n%76jqT4|f(; zBK2RJrN?JveXkYXxdUjj3Bs!;Q<92DsS^qTeopyy#9=GjC@ruNYzgTGsnX&N@kOTM z(atyc!bwHm+5;Dla>5sO2UZT5=g4-n`ECJEv_Qg7(t>;g7JNjkrto}^X~-2}w7Pl0 zOG%JFOmSBfPqac0xCLEJt ze+{CU$zG(iP>MmqF!pVFLYW-5R(k-hZMQg5$mhBJnwtZ&?0$AbUyF$FE?r&9CyU1O z)G_EMCIq-56q;nNn7-n2+8_oJCK@rz)wd-SI5UQHM0ROa8V?eioHMFGUg+Zp-_|n` z;S*S#GvGw+=^uyfqcqSDe!MN~RJ%}}7-g<4hoz|y&mBl{BqiRG>PwH{37?qPf-N-_ za9MtRhxla3X8-I>cS}q08oXrjvp2RFw=|S=g9{0*fUTS<71@5Cf6)0q07if@CJQbi zkM}KuVwOO7R21U=jn|Hf`o`HAN~U6=0I<@4q|Rn8q_Xl6Y2MftGV%`|`VWHSP6Tux zy!}V$bWzU-nH5k&6!1c_^`F%6kdn_+VP{97t;Vd*z{|Y2jk~_dzgmPd;6o2l&sy-EoQ0NZSx#_PWYeTc8PT7H~9?PnEpy27O zLB7Iz8a{vcJ{);9(Kv11!yGLgnEAjNM0^@R_I4aw_0Aa%tUSbMHT%$L6(*Z}(tJA` zhrC%hR0V>-#P!;;EMe}1H2PP()VR;$8BPRiHj~6=((Ju_ z44qoxJ5J-Ux8ZukzI8Anqe-8Wk{!jDP?x08n7fmkUPtSHV902?+B5mxH_tb^kvUBb zm0t%G6mW=%V{T8D=(|Ki@jL_mMmUKgV6n%?$NZF4dba3L5j1f@QHd_g=OwU}Wx{b= zSES%2_ua#6pDne-70E#N?goP>l#tx{j_ zAwKWbv{^2hi8erl6W20T6dFRO)>6e>3KqKkAIRCjqqDC z(a~>K8>)Yf0w2hl`03ss`}r9S^JDPymzlc~On=e~)woe+Qkf_*2AP;vs}~6a@vAI` z8OO<`k44t0;h^pF2Y>|;!-2*LEM=|5m2e|#0in1gdJNL?6pmo`hwd4a20Kor4jI>} zTr8(c$aFVk?i~<~8%U(P^)XOa*ys0sqO{!j7!2o@Vl6TD&iKcH!7Yu)VZXzMr z%K;>zz#R;o8ocOH2V~1k)wXy`ylG=N{EpuE*2gY+i2yP9f%VlIv*E;d+1kMwr$5bx zlj2nU_!dn?&PP(&=NlZdxx|!Xs1m2ck?}c-Mj#=G9?k{++Ralkkh}F>rmp|`FG~mz zgMIH1F8V^emARXN+Jc4=;^svAZnu`yz172$;IP3{%;q5w04hu~biB&~>rWn)SPr4z zf0g0Lon3DDi1xP2P}c5DP;QV?lC?we$FDTj`Gc(?9!H^tR?xMjG@mk1xgd`eN<-Tc z0Oba^W^KV<8<5MWC-tL75fA4%OV-(QGNs;Y@LY1I0{yAe$i#gufGq zk-B;kx^jlFUpqQtqE(|xP9xNzz|^~|MRn;bn6`~lUoUTZoMH`!_0S$?568UOO(wU} zy9%`6yDSgb*x9l$5eFra=g?){eIzZOI3K*}q->GEl?)(to6Srw%3Db|Om8v_pv}3; z`h*#G&%<1g@~6X!vh4x&C8>tb);XX4!}>ceO`K99ylEh+mEc8xK7!@l0_{l}JwHZh zZP&!1K15Ryd0dRPK7Suf$#tXLuXD{TsgMihU2 z2FclDHu`}d%7}2nYL;trA`C=fA%YQC}m z0?|eymi{i1G>4(Al^VQMP0X}~MK@&vp5lnF0@M+pE`yI1GSK`Db)WuKO5;ub?mBp^ z5}X*p8&;>#t!FP*!%;Wv;KN!!_~bsA1LR?=2|;+Y~llWiQ(#1 z%oXl*gbO)9#;nvG_W?+OG2@W~?ovZ6>>vQFAT#H6RGB`M$il}W!Z{lmpPM>^TVn3d zXiZ_vX#MsYI#U+GZ8Hzt3iyDFzgtKc~ow84(C$7q;;vj={Wm98UEFcbY8J*Ss zk8JBaP?gF#^04>c+fzPp6n$WE@u}3NI_2S)1r=4hV-UN_VO@#k6c zgEztLuX=>A<-05#aCje9fO|r?Dx`DuRvC2@D(-o%cY?Lvt$L?$I}m^U`t{gNr-E$0 z(m;5iW;>|?xg`~3B2cJB_cA=#f*%Jn#G}^bnq81O^4Eez5i3-=4LUw}JQY(NexKbM z7JrRs=%&|-?&HF>CzJKV@M0}dS`rw}lkSK0!L7)wUbqlJm74qcnlsX1?%HabF!d;L zigYAXjK1^NEC3U|(a@^=2D=IQf}wOEpT(;*clp=E{)qwgeRJ0_AHz(b&#F_Ui0?_7 zp`6l@?}|W1U=Va&&!tD1U7S~r;NuJc*6yWNyqe-vQtrrU`%`K~Q)SvIHtjt)KYETXM zVVvB206aC5r6^&dqogN8iU$h39toMGYW< zmZzypMpY}3re77^+%jc&A_TTW*9N~z6H6GECDmUUkpFLPJ+ zg^KHJzOZ2Z>89bp#?5!)y!Y#IRnP;LZ4xGJts$A(X4^C$?H?WwpZq<_ODouwf-EXS zS}VViM+r`E8(NW@(*i0g-@J$Y)h_r-TNQ`r?hd1m}-scgl=>@7kf-@d%$Q^aXnBia&WAMN_Bmbq&q6sZ4o|pz$*H- z6FgH&_3H3aK61)P!cjQf8X@Vvq{tOa07aur2L;mQsI98IMf@3#l>4BD(pR4&P#AQ$ z9nm-FNy6fX@5r0;wm6DIfhL!#eqv@9U>{$kHeem_V;1X5yPg7)Qd%w3ZyKyATgb4M zUI`+>7>Px8=w_Aqf3$z4ZnXlam2O6ZIrvz)zwf;;qgZDwh`T7~BZk9?p*WpgJ;#2C zb_GhG|@85g^x*hRAtCi)n>c`wWfX6t* ziaTV(7pb?@Uux@gsMx8M9!H~{l{WwY^|s|6<@ztH9x94vS4S?+7mrN(HZR$!0l~vb z;Z0{T;COg=ab3Jk5BK*ues8bH(%>a8S6A#P8>}c2GuY(a~WN^C*j)bvgOkdC>wde*F!QyjVWd4UE)%ZAg9r& zU!^w13*3N2Npk!SnMapeSD}O^MgSTgh91X zZXQ}#OaxPk0XZ^$hdW)wm4xXXY^iZF;h_IBT~W|7}w zqNP|=LrF&n>VBUg(HV@L*>diBg!>I|$WAiJn%$2o%ya~=3}BH{qPDCF>gfA2mq$P< zHn{$B+y=oobY{SnhD5_p# zaEntcBGV@by563rp2^B~ZiZV}JB1-3sCqQBW^WxT(xQ??S0#PRXW?6w_~$AOqIbg6JYwKK9u9BcEU`IV1{ZhzcUwSjZntB|*D!M!A-C)1| z1-D=P<#e4eOUG@-2vs?0?@lJH_xf7{i`@q8`{Gf012|>@6-laLcXr&G(eZw#+EoOj zhh19TK;0ku8U!>_hl1o%hrFq`91cWKS8}42_n4Lr5F|y$pEOnvL>UWTuF*w@LT9y% zYd{z*@{mB>;kqhC=#wJCW7X|TuU9~3+H_b`@%vbF5M+{`159W z%kc=uaabhqBhtf>>HE?%oVuSCr?}^%weE>MH3k^o+-kS3Ek{c|?(7@b-hsEKqg(Qm zl8c)M>nUUjZ!daI^NL3ts>;EuML&8hcH%?pEPU_Fj~VhU)?Vdp5#8z7mVUyB_7BYO zF`33v3;XZ(lpmf%pONC}3KSS+Sd^i`{N7&NDPcW!hQ2*b-;)FB=1vk+-G&qt;j}w^ z0m&Z_;o-&B+5uz`p-FiVnPwHLg)tvPn^@`_fJ4EOTNe^ni|4m?;TO}!)n4Aqu1ZsvL>3S92G{e$|Mdl+~T@ ziTjuwX2?NEm+maIYglLa9qMU%sGX^-1eoMe=d0yn)6 z399>=y%eH!b+5%RZU%OwHC}w1T&9gu<&bqJ7dPm$5)8QVpLGPCJ8$=TrW>pI^$4u2 zQtg!mBdtUerg<5Q#I5u}kyjT@IeSu1c9`RD`l!Lv*qnWfTegDn5vPyAnbC0f@W|$95}`V$(s8H> zN!8eKdCW$?!M!loTY=wwD*#p=u*OrKN7!q*`tf44YG=qO|GOOP)fv)gGQ(X-eV>Ht ztAoMkGqg)K5lRRzr(tH?6mHo03O#-~tcFEl$Iaj={U)v)`aCdhht;Tq=|Y_s(3{1N zA9Ryki(Ff=J;+H4Twj(iGKwQ`t_!}5^?Iu$ERx5iWsi- zm!wMP;az(G8mgIi;l~Jzu6x!NxjxUpreD3i?(_Iguf7dTdf6Q-0<06NNvS2G7_ZJ% z5EUA~?_8D>(@2q~Ngr9^5S})kCYuspTd1aG5MOhjG^gDDw4g)-+WFTX;;{B!mtXMr zJc+R?9HAUopKBD9l23h!a5?P1WkdBIEAYws17V?p-QeYudZr}(i3~yFv&JtX-C2{M zf(NwX=~7rzLf&LsYVxNRj2=D_BK%K%VUkICNQgYITf~%^4h{MH)1CT1#!GP1gJ#5+ zShi-tEDuf~9E2S_yuCqIVWS))rThBA#n`s;RnVt4K2%%GReD4ee_th7c@EzPEOu=USBu!}!&Vuts@>d}^u>AD*Y*wptp?PDjE^ z`jXN&MhLH@E)l%*;g)X&q&derQc@vPy@$pn9tPAM)Fs^;-J!E9VuISh??Anxz?5)s zZ1A(n`Os$7hV={1!s`8VGs0G55JxGm(GD(!;xTV+Y6x{=7no8|6O*|o8hM#{;zbIZ z$0(KeLJoXiix}Nee^ul8Lud4GQHI;XY{Eq~~nBZwv;b@dXHhtclLvh%Lwwr=nMPuQ!F3iNm? zw1*1?(&wQ`%j=bAHSfj34I9^S0R+r)R@x<_QgQ%Q{ErmQ6PH=sNmzfV&O`>WQB{qY z7g+Udw$_0rai8`0YgcI3k4h^mLhSG)c}#c!x;g~sv8hTl)A~RMH4;xh>$!^PBo)WL zv{Ta!6bk^InD?of`Y=e%+dRdFtGO8HKUJ60#nVKULpV!4hrw`Musb@$R(YmAUjvfE zC4s{|C9v2_g7ftsi)QmRZH~!#yYcEe7X0Q>h~rVi17BbT(&1}Y0BCydquS| zPx7L1Vqx+`hkZuTiuN!fo}}Q`Tp0yiazOTafQB^ckBiVYoV3~n*MGi~4(BQA-RObs z2`Hafo_2g+mE+51_^9d1J|o%IWMHkDOgw7?xO!3j)VexhtUZxOYt5Fil4hMntoGxn zD4bUh{qNYT4~o6NmRPC(ioNzUq|$J;r$k>WYwV33bZdb@jVJweFE9wahfJ=~nvtJ> zdF2zLR0?S}TQQFnc-nIQKv(^yiS!{&Q5J2{RZD@=Z{KvYO~a5u}?dn zwaSkkdT9Vx@Cp?c^x?FOK>;0auPx|^4AG(@R+Z4;FE1~8%~))(zv&T|gQ?#9>s$2V zJaA^cX45maag|OpFch_}bbxrd)MIh#4(w0INWWhwi_>}3#E8n3;HAEeWeO)}rKKS+ z50LxKUkC~fxsu;`$gEQauCXOOP+MW6Z2r1J9``@s;lffG%fnqcJ6Ltk&P24vCL4(sM z^HhGz+%XZJ1cDqJ0OJ)+ufIVZ10sJ$f?x zZYqdU@s0Cl0>BKFxXl>5+$8MSAGvSnm2Caes=&j(l=z>pa|7 zlZ!!q$gWcWGcdS$6fV2Mxfp0r6gT7YpWPg0nq1519m#r-Pp6)%uJIvaHh!TbYiT~s zMuZ$9aZOMSEt#8f&fid>e!T^$qTMl49(;I0fDEzUZ%WtO>b%c=vr=sUMl$#yIm~N1$SRUWOdgpIEZN(>&Ji!&djJpG zz&FoUSN)UG+JKrVJpPs3nUSx)9!mhd-;44uslWdc+%jl>#>kE3)dx)c5{JaAgJ6wO z7zJ9N$@6ga&X5}xTik%z{;aOfJ|;{jx!51GeUb2QIoL--6$5lPf#PUL1&pQS=9nYhP{X`%udhmDcY}A7* zX+vgd%9w-@m3~DQ_-}3lKh<3#9TXQmbWI9yrl1%Quc9Rov(+~!NZ94P3lQ0|Y@_4h zdOz^sT;0?xb~cC>c4h6-W0_F?GZ6ledU(o!Cv?n)2u2i#5V-X%&N{7h)nW8vISZw4%@;zmtcKNua{NNj?e+ZMN(Z5$!u8W;r`T#4A0t^q5q3teN@OM*& zax)a7rto(xDS4s*b1;gkli*b&ch!b|x;!wmzoc$8v^-uyJsh*yZN^H7Us9?pGO6B zNUaG!@mUEH&h$*QF#hn#joJQ8;Bt3k;|(hn?d|s74pnTwl(FYeGUF{Z8AN%BvQjTI zrlcMuvo9i}3_Pmm_Gb)wXBIk2n9pxNHs0~NrcG2;Rej_|SI$INs|fX|7E(1OsNa`k*sCVh6~97xI+I z;(8u)m?{3G|YpE{#nEtOa;hE1bE z0Ccqqo#TTIrWjAtGqA4*cyHK9ezQfGvY>E9e(`N}#EDPY{$J_99VQFuR;%MDk0$*| z429C~ccrZJw?~dY4v|=Jd&2Gz`l}z?(27=ETYI(ovm z7+JP%+kB%r4R4OQzlC@tp2ffcDCDD^UQy>S@FcwP_YSo#kDXYHk^Z{*CSYskD)R(O z{f^+CyZiL#;%yzv~J2(r(8O-2!zzhdAKH zdHwH(-_>u%D{Rq-(Dk+pQ;bVl26?k0InU{5pi1BaCG({#9^}Xn+bf_DsJAVqC6bDz z*=|lEwwv7vQdNm5c33$~A60I&VJ%&3`g&`C@h(=pc?+*YT~JXDijsvKaiexTyu)Xf zp9u^%Vszb|^i1_?ZC~RO}6voBU|YP8D8=`A2OgWOD}W$Bl8*f4HZVB3)peLnO(7SNzk*7PqK&$6mWXn=8M zo2-57oFWY zQSUikBxeDA@Gb_+a7Vq5;-%Er*urjXJOXCKlKa1sKM^GvJ8xV=KihnB%%obOXZ~I{ zM)lK8`lJ!{ zBJy>_YUhZ&@pJ)zo9oEFQ+5ng%ZK7Gy*3J6!gNXHlVpcSf--i~gb64sBEOc=U_s&w zE)c4M1!}$788Q=%e-j9RM#5kJ&HHz67j^Qv9xl&HX+sm3tt`_hs|6fK?wv39_r)8o z5PQNJy{_;sJ4bOvNBAC$d2x_DDA;vPrq;RlcE(R=HRf$T%k3em^x+$qf?K&ljgz-8s&Du& zhoHzik&~XMNcVNXP3PcNYWdT7VYwpuIXcKmfvVG>8avs>2k&~FA>+>cw&Y`yKlu=S zFasC-ws#uir@es}D#$GhfPFPvfv+KOnGh!h;keE3tYEkoNhJ610*W08;=Men$Y<_T zDma0<_fYJiQuB$_(p#f1yPzg5DVIAM7>^Pgbo_)v>v|P8A7Y#%gy!=m6R2SnDLZTS zY@T+%whNJ3_pUg_T?D3M&SODzfT>Pz{qs{$0b%=jxf$WZeU2Hwq_>#7m7ZOCv53$g zYAX>q?DJVX0~kKR#Q|#o#goEqZ)c-j*d<51;yuTCLpt@_+#FHgoW?Z1hPGZipIN4` z=W=!U%bY!9`TRwRm8a<MFW1@dAr)w$A7Ka6()t zrFxFr$)ffWG6~nHXHh2YYbN07*6NEkusm}c87hLb%IJ-^wd01v*!?}3Tf>p4$S~b_ zh9cI3QuuH()fQvlXd4?p%d;jm2drE=y73%BMHD!~h?eFqR z6gb)J46GC@_E2twp2!O-g@8co{4f&+RK!91b@B~M5ya~7gP6vr!su=1!S!b1V!Xa$ zNx+LMEapR|J=+VVO5r{1%-kCH+qELXmgJvln+Ppdl@FktM&AJ9$`in74h^uTLp07b zSku`Qtb*k@lEEkU652rY~4yuoskyalTmO!Q`Re=;xL{YAJ5 zdSfh;fA)QxtJ7ceH$a+9mEQv3o|a!+|Ewv*{2&5-GNa^@rNUvsu%m%pV#TghF zP_7tizJ!J+GTpNJI}`pq4yuHmXC?d;`}<#@ll@x-7|=pXDh-y!;|OkLWyRxp`2!vC zc(ycIJwM}7HRgKysJFICkt;ProkHsGa}DI zBF5A9DuKUOsEql$XBSg&7t~MuFB0sp-~Ig&po6mpaoNY)R6zl3aqhb#so)J7yWec! z*dLgjTKkV0o2&<<9X_4l&>-UHBfte?UbsrnCbzHGZ>vBA>#Z9gP2>X37A z%xr`S;a&5Cq+_?IE2ZTyG&;0}5IZuREzTX9bbqap-y-2U=*+g%IGJ8bMZ@d&T z9*W+iyVw7g@TF&TZL8lviCj(%4|Ned*6kol`&;ylflxh3hs8Z|4M}#9@4%WTSC_qCq7Tzb$?WpB=HvAS~*??;ojHZY5|Gh6c z@8MXUmA{@sFOfsme17c2_PN_(>*;f-#=fwPurTn&R=Pd-Qf26OWJ7sM1FP zpzpGr=c82iB8UtY9(gfGTuEDg>t}>@+YW5+xygCYwSQ>T{H^EdKa7&*0G#bJb&$u# z#>RZL2}}$jukoy@>yT1u0yYdtZXg+oOaxzBkR$2VuyRAQ7r@_e)@b*%@cH)ve?f~I z2Y_Nt+VB221^4OEC#Q#VI{6b`{Pff9#WUGcG=?mq^5l5Sqe$5t^7-ZEVmm=87bN)_s?DZW%up_PNz8lOp84*Spz1f&`CWb~ zM-*bFLT|~s)-bgTov2*(1nj**t9nxNNc(T@M>*?hKqO%5J;)HOn$zu?!8=Dt`Y0`pAx!XH*9h5@XGQ}HlWKMaUNyCth zTsLo+z=PA__#AF6#BN=bN#YDY+wvXes_Hw*f*OPOu2714Y=1P#YQc~CO6LjW3EosD&~l% zzaoEs=t=eusNTmpH7)Pd(Q5R0MVzuX1=|5AH#xb^lx)0j(_Ublj(M!4P~x2hKg_Yl zf-$)_)sJUBI;6};MM*hS9Zs~UbNcpv*JS$pXm>PXMu!KS#?Ppis$v619YzgC5kcnI zD}B}JqF8Hf?}Kg5;VZ3N!97!N|7N7a?*7ZP;?^>HE18a5?s_f6%TnDuE^8>BDvhJD z5ivgbBjn|;6vAIXyi^Uc_uh=}wr8u?MVX~^NQ&1ij1ZP<(Wlb1mD}AxbJeq17Zt^{ z;taZ3mAP+g6zO7~f&by1)_uV*Uhv7Bb{r6)o7c)sK%L(K;P3;aIX+{*PmpRoJ~ML^ z%TI1ek1^!+ef~k@_r&LjfnV<9+_S(b@9Xk%P25?I4*3Uz4oB=Y0D4gM&*X(4H#Bp2 zTiEiQIra)Cu@smAgN5mL;<>OgqpQB~MzX^!T-GH{wpuCfg_aDNH*9HhRj{z;nLUv= zd_4MF%9!W-WqO*pS_Y75ipC!Y@`eVaq>nbt^p<0LS+`iJS6j1k7NND?s2$p(fLQLi zqE|9IwXVFsZnL9V-IhMxyF~Q1k3TJ*RStN1ed6$n(lSpUGahYUSeiaJt)tMyW`}U_ zt&uEN()IU@n_ zCXiH48P8vHcIL|tqa5WYF#A3+x=^4?3kZLZxN8*(-5Hj(P{vH+1)Q%tUnlV3Vi|tHX zK9q_)>NCRbYdL}!;E1EL9QDuz3kywsPsvbp*{x#qsJwvmd9vd;+=YW4jJE}aBG4mC z;zUUaZHyods@){;jh$))os4ELJysH+F+1ttR--G}ip%KLYQ7h7kyz&Uxdm6?NlYo! zN_kSXY1fLkw`6OkO17|Kff~pw4|+X{xt(W`Z{Waa5)Vxz9b*zM(%HGp`rLLIv#CES zKt6wz(U`?amX%LA#>J)H^KhM_0O=FAg?*zVBs+oYPpi;04WWt*>@VNg(~LJ_ zTs=7Eb5Slg?F7*=qD4EtG1qo~@EjYX@{8>gnuXlkiZwP3okBybomR;DA7F(^LkXS@ zxYeRPfNR-61{V)ObPP4GiT;8bM-q1>eks<;ituM_1%+)~3aGm#w6b4EJQs4zz zHlo<4lcG3&oCd@7t-RWi_O^oc;S*^`9$qAB#q3|rmBy2^-S_lbn)%CF7MDrq4^XjE ziUEtOYZ4v#FTZ4W{dWkI5ZGP4l;ZQ$3uz-px!3wORim_K}Bv_W8^P#K_j=e}+_lp*kh7$k@3v3wBL+Eli$lpN|Lih)k|8aw^iF z%nUE$zAsv~SNyEs?3RhNk{W)>vtMezXDJrMmagj?v72)|nzz9vSQC?uc~y_9{h}iI+Gw!l+Px|^0lPs`UO0BW?V^*2Yc3_<=N(v%o4(yA>=bfC;`^8PgVrFr`-{uAm% zZp!YPmli>rhtP|DS)r8*ulxUoB_OEu7ees|XZk&4gB&wqMGvfhgJSM*5~2oQ|t^TPaJ!?QB^)a;2Z`SbeHlmZ)WKXK<)4&03T(G#uV};~A~2)g+3% zK6?tGjxeg79h*_A5XrBVr4Exv=_&bXv8>RtAx;O62Vh9u9;p-6TYXi{V2{_X!x)8< z-7{MT4|~oMb5DQxGNyC)klisSrSj?>uK6@soG$#Rkd=p3eGK!INB6ck)Fq>m`qS91 z7McE3-%?={`7iMQZ{PFxpE;V48NRyu44hS{@bg&bq9W(wn-RqBPGjpOQ2?yR237>Z-=Qt0!}VzdH^=A-qWmX5Xzn!( zz_FmK&jlY&pl%YOVFG=)uJ%$MZ7K zT?AjQ;7p@^deoO*MMPBvUtwX<0z_B^8U7v&^bbi@j)*K4jmv)i54W%rCz1gFkd54G z>71A$1om<~jYQ&m0d?VQ6_>s#z;h`r#Ur|7Ki508L}*OTGrJ)5K>F!?eFfgq{El>f zqnjujV!o2C%W+n6SRU~f-3mt~#ItF!vIm$S7C$zwt25_oM_&i{8CB!mTt3*NoQW3E z(~r7Oe^*aQhTUEXvFPs8K?>hsN97R9f_ECr+z}5_?BQp1~Cz&25XOs^h!#6 z2iMJVIKw;HLkIf$c@_Rt6{19rbl}CU$#=Xsz>&2wW?yF{?9UIKwfHneF@w z!*L!$(5^vO^lGs^J+_o8r%2A{oE^HY|8;80XKJttw0%YQ(%L%CMxxj0d8LC-ztn}tUQ6v!ESICuqJo?Uvm0IL=3rkRn)RGec#nI3 zMlfx{obh@s<3s(>&)lo`dnk5JS)|#eT7&#(>FIet@bUa+d{LG4Z!qrQ`Z&R_Xlpu? zU+B~4oCN?}jBn4zj8dGW3y;<3MK$%@G-pIoQ-g< zoCx{}aNc^Bf7S4oFq($b!NBwJu6|Kw%>0>IW@q6zY81#psB227u*V`R$|OJv9CfbE z&;A75c6M2~Y>h?8!(^P+uv@~3jo>8MxxMJ{d-fr~9Y653%+}EJk7lolDeymWkQKjd?50 z{dcw$85_EJuxDYob69up*iAQrcgOQ<>1I}{*2+VjUkLW-Tw_Q6G#W2V%gh0OlHvJ& zOm5LqsPy=Y01sfGt4NU*uwUayq07X{I>>c@z~S6m;Bhe8pZMNsbg)BMm?YU@VVLac z8PS}$rC7IYf*xD%h!;+Okv?$mzaFAJIjB=7eYt3Ad8BF}w)*@_fi}(_qBr4aU|yB& zjbg^DAX4)5^ykNO#j*^HXlNwjt{)y-%h_x)ZhU%rYojDVyS@d{@K27~1_J-5z3+@_ zYU$qB7?lVJ!Ua^6q9D>i1f*j_k*0*+1p(NNAxYf#2~e_a(0T^5OsOzt)>iS;@(snP)$H&oleXoXoczTA7FDsiD@&%yO;>(EE8ch7XsK|B%8 zYEjTa&!Ax++!^QiQt4x{A|M|$bvD);SJpgNdLey+SYzB)9;M^_sCfOtp>ejH_uq`` z*OlMes2t_ydNda$ezKv5n2~1PcRA;4$cOH6-XD{Lq?7tJgT)@RluN5Af5I`+z}^LL z*^e_D3^Udi5~b^GC&xobl#j{>u1?RrKQ(&0 zt?07*iwt4Y0M*a_S_%7A3S5%nikWf?yZPcVQBSf(uFpZC&)kxnVm@T_U>oPvhN1ih z>aXiER>VvFb!k$kQ(rn}eVzSdOXvpc*HmDYfHOOre2wRutOA*fNVPbozY1n6c|K z^`iL06v1<12X6}0j&Uaq4tDFi%dFh1OYa{zjILxEDm0CplM}ZVl+$@-gG+Zm^yz~XZ&%iaIJ}fPRY_{# zQlvQs&J=67=6b8jLk(|-)W2#n`x>%GTj?S`U!(^1%hmQC2| zXnzfV(8Np6{_ty@|1#422~b4MMG3i*Gv;tq!CZzeK;7gboWc9|-0CFIB zkzmdfI3B+tF+fFm#q)>yW|feM0|Tb(v=Xo9{>iLhtpn`f=vSv#9l(e<_#Ul)0W{4G z#GF$&+3Rsw8nGX8gdQ`WDMxM;ABBI0g>B5uqn?jSRIlb@686rZAZz-3;=${5{?9Qs zt8d}wc{fIEBf~>k;S3Ji>azH7f&8blNi{`G?o_SSfeo?I;A(0^stL`y*K+-P>as%g zOcI=OXTDEk<;t)+?|*Um4#cRW0FzaJ%Rrw&Rt@rg)wT7>R>jXMdzX+r@TGHs{u@my z3;M~^Q2})s!T4R(l=%5}hg50H`o)xLQAb&c-zl`&LpweI;y^p4XEpZB?merk^TjlY zrMuQKo8SM=z6o5-L&5-p_g}pAA7Jf};R4>=4_JSrErZQ+X#u9`b-7!6x4Xy*!US@D z(#?)A7T0B!LogWF8WOFJJ6#MCQu_}!RIQcAJ4{=5ZDVzq8{mUw>1+BxzLWo@OP<}^ zTnkX=#oj288^+Su)2bxHCpBuDi`%60UDxj4jEv(bbveOg<@X)!yGFa~J5={*bXX_h zg!~^}!vDeOcVH7U0nAeD@ZV>R_KaOR{`ZB}oM+(cA!Xh}=gMx+*>~OZ#61$o_Z|KG zE{H;U=hO`Rd#d;1#9zMOK0NT9`C8`N2!B@0Bv&VFl4EwQGtb&m!K2p*>p|QT$$*=( zl)%vB%C6HPKPfTjivYu&3CRa`*bu(8g=>yA?&S|@Wqt%4NU`N$(TD2%89G>l@Lihj zaXE}Ekl2L)6Q09XwV5jY#tAkzt5`hyBssQ_!A^T06DVQC!5{iJP4$JJ=W}f`4-SQqXm~v2Qbd6%C>0 zbcUo*lL)2}BV}tz$e-ge3qeTibro&>2qUj?$vK~bWu!YQwHi4HgTEHLnU+mvBt?d| z&3hwj&v2Y^COFPG?st-M(syNWV5{EFvv!K9Nt@}16=be|?RY*r!sUgEd9|p)XU8htxqZBbJ91AN-&)Q>U(-L}^jD2yZ zBRRQV_AnC zUE$7&tsQ6R4ZA?AlmL_aazVmx=C_y$*A&?eMxa96_vmfcn6)N*_l$$|Z|1kQjL-*Y zrn1`2@?yKjDuC46*I=`W>c81T{lN|nm@hbV`rp3%MHNH<0AfW{I0&VHST_gbK(s!_PChlwCx)E z|C2x_{=V)1@Mj{e<`RFXkveU*&Uf-lx^J_5*E2UvB{s*Va_!-aP-uF3HLa+a)P1DT z{^P`kTDJ&L4xN{q#;vXQpFK`1Ut9Txqnr*zS*yYo)odrSA(b zGVinTOL^huv@q3+KW?QW<=r})Nbv4^JhmYP8Vz#Jy<_g6Cg+sEj1gD_-pVb{TeXYc z>=g!`@4L)&ru!7|fbsE^cR)U`wXSTDr8XLbeJRDbIIyGyk+RG;cGkQ+e?Q3KlM_7xEKVDCbXsK`$`A0(~s|90m>uXc=9iCT(&RRzNSsA>HlyfGq z%n3ofr#lY!PVV{!6m%r#p$4iG!>i7}v0*?vsGO0ld$QY+n!ZGk6rS(rRp$?es z`h3E;s>ZOpTNws8O1fCZ+~H%6UXE6oIXTstD-M~3HYeuGNTxzjiDGqFEburHY+oh0 z@7zpfF;rzMv$-el=~4_yg-%U8(+%xb68(DC)m~sm)=<^% zj%Am^-*r-|k30ecHUqV?W7MM;pFgasMdlydIh>!)BX`eew+a6Ci4mPr#T>L~s4cUX_$iM?t%YeBjwOHdxyDxcYLL&CTQ*8NvBGZ0g;q z4IVHG-ge!$a|V3tIm|;RgrJ;-74(Ax$0937<=m3S>CXPr9S>GLJ&D-dwQee^=F~vE z(c)M|oUjV9*BaK>VX0O0{UCL#%G3-8L^2bI$MP%X=f?=gG6&+z)E}4w-lNwo8R}vG$Wv&zQk%Q7)Hjo>qsv_^#MN|ZJC&Kcg3>y_q zg*)?oda71Hz&;Ui2q?Rg`$oF5Ooun5geaz-UB%&@c}zx9&^LlCW~8r~*y>@n!je4lN^q#US2j3-X{s^lo>?YkW01JxlJVD!(`0S$x~{e)Cy?G6xu&D@%T3lofvjg)kt;nHxVAW1 zAAYLC%J?o+jEnQ$<1fB+u;OapB9x+Z#Wwm-s%FYHHEOx5(=`0}xy_1bkwVSstAAUpEd|&b5<@{lHevD=W zI!1l%E$j){z7Bcc`qRl%8)$U9(E+FE%u(w*z(ZNS(@|+k@rdV-USlI4*si?i`JAE_ zye8<^Pg$OL9TVMq(M#zoIKZWB>Fq$pHL2Kr_@H>lHYE>ytin+*-d|JIFZz@k?&Lz4 zicS1lHUP1%3BuwEF{00O*b`iq}Fe9b#*b~eP zo%DJtgJByuqiT~b-t^wQuz^)VyT-B#g;9aCo1Fs^a6)U{E%Bd_*WB9Y-t#Wq^kqW0 zBw0%*QE{cJ#^{Rh<80G0)_y%>?Zod8FOG*sl7e<(m}q{De&VywwG!h>5)+pN;#}WG z-h-H(%0v5R+ps3)-%vM(W}S8q9=QJg#dQbt%t!JZbNl&1qcPzXk6_Q&(I?}>AUSP@ zE{QO+PGa;?l`H6#FB}o$eq454F>Y%WFBBm)z%0KM7P|tZu_d(YCG#q5*ubHwj^voE z9iGh14mljy$;MtShA15dRB1HSbYPP}Enp6Np|@|}KLmS2j&bZT(cwDrLFdz7e{c&4 zsrr1oFi^PfJNio1V(Rj4le2adsoEg3ZjHdPn8?#v`*M({bXO8urFS}l@I{N}80Be? z1>V%_>4!rdG!E6*UwHk_YId-2TBO^1#5FP2;s0ftOZDQciCLxymw(Hq39z z&kJ`pZ;5O$F18&$%gXCVJ07EIm;%h`{j}yIVMBL$#%O%Pi+GN7h`OKt%*HyE>{a@n zrkJkrYZ14pP;`^RVPJhCr!3#kIn7QRazy#o+c(NyW;z0Aa$GUWB10Bpd&h}}vc{PD z!>SrxdD4!F!rW8%hzxu0s-4Y)@*ycU2(Winw2lrFt)ADbXum?k4SiO(=Ti$FlZAYI zgmGGA5S#jn9r;;Pn`@rw^68u(={vhxoU4GMG%#?D`r0PYj5uw;C^=doKscgq>+aG1 zNt|2P1ct29ujb=gg}K7-2wp@EbQw-G-_oYWlc<87* z>2^GQO?g-s8Odz^tM?g)2*d_2`+D5zMf>M_>dUl|JDh!@Eic7rEsW`N8V>#(`s{) z;&N4j(l{W)L;=N1rpTRvLkkkaRR@R-{BWG9o|(1t?D8Ni*n8t`D#k?PwM~l;1Bdd9 z0OhPhT`gDn<$-gctZ&&MEQ_F^Hgc%RH`&}*ZsVPXpmpV8v07bF>EE(yJwrk`i2A)` zSwoTjo^^#q zsu%J=U!k)B1|J!b#nNPDbr~PLN~-;KGW5+;8T`YsqX-uW^_}ib5H&=Dvua$$vJV~20^5d*Dip=gHA4u(kcg)aWp8M|2AWiv%5*W{D0t}7nHzuL#L*FThD>5Vvn z=-J4~nmkF|3@zZ?TP(X|yfL70r%lyIZKqASBJQ9@ZApO8>MML72bKv;HMdyPm2b0> z#D|`Ec3I%bD2LxVP?NczVgfg{+W*;%q;qe-TEX>8TsfzwNnVG!y%*VL8(!@b`h&XK z0uSp^5&7ZTr>V8bvL~NQgP0OyB^Ge5uOo4gR7LmhR=BAxXoNabfg!!xs8Ba0!I#-q zrelCAb*bt?lN^1}(|coZJhB5q30rGRU8=S%i>bTM#>Ur6O(xf!XH#o0#q^qmcA;DJ zs)xG*_?1LD9(YKG3Z?0#<^8r`C7b`MnlTVo^x(sbXe%))bffCl7>LQd;S||>f`hi2K3f3UVP|EFZ51uZc zQz(wqR~pNAY;<(~9|uf;u>vpOrkxGASHh?;Uy@8+hBwsmdA`=0H8 zGu>{L2}hg9S0?3dJenExTYf#@5-LjgtHlC$9O`4V`$U=R`>1Q6M<02I=Bo_VR8em} zEVO70RM2>;S3W*qIgS7_U(;9JQFBl}cA2hsBi5nxrr1p=A}P3e`Sg%8*M;aIU(}@U zmxThkt9!0&nPw2cuKm*!&(sgr{i;SGQ#8d8T3Hj8z#sTUmkY(Z7E1Iz$0kRRBEvdD zZF5Q0Qfe>WhRP5A5O=%Z$oFKr^lFNA*ZU{f@|QRg-_X3%qHS0IEj; z1@R1MZM^_kUu6EM9)*SMG1#s#bD)AUZ7=?NC${_qp%2J-75WNG%65$v0*jfRk0y+H zmvI0npp+c2Hg{-qS-+)?f0_pl1fI1ke3Z+O)fmlym4Vv+^y0AG?d=+C20(P;vD{?+ zzuCKG0gQdJ!Fl%IzT8}0zW_jNmcnkze@2LZ0y0qqjJ++UWpKO3P6Hq&S-Ue3;-69f zeADUzj6IV-wRYR`BLJd8MfX-}{$}R?kw7&Uz$Q5>iyIfJfwSKi^2o2iVhGp$CVs&7 zDn*7CZe0RkLpeLX`3YOi5s`idZrfM$iU1FKvk8-Tl z8+@pYq?9%v?ckojIayMm@#tAqgb<4Z@8XT^%CU!_vIO z(^@Hb$vyCUao1;{t{}pmjJ#jSQvYO!jGvUBw4aQhte@e}TM57HBRu!zkjC<(Hp`~1 z68S*R^aT!I_|AR%IJV1O_$udRrbHz<4-a5HI$DF+RVm=Ku}*JOP#rcu0fOw5FZ@^GQ zjW(%5;kVyz4Pk^VpmQ6**_I60Y>LQVffomedVRxz;_YJUu{N;cJz>_jU2rA>rCsl* zYkAw1(Cu`APXFgt$!|URMROq_5yZ8_Jhtn!0|&4YftZvqg3FlaP5`y<M#h?(yI%%7%4BP|)BOD?+B)9X%k9$xeS>)dBI$bX$z;uK&$8$Sx u=mN#~|50c=Z~Tu!|D(`<=Le95HrUFHG)2a>-)QUrUfLJ+FXWxGi}*k8J(F1g diff --git a/docs/img/ldap_auth.png b/docs/img/ldap_auth.png index 32bed1d291d5d19de45ff56405ea5f866fbf64c2..3db4bf9f283a17ddf745e18321e2ff80c644257f 100644 GIT binary patch literal 95955 zcmeFZcQjmW_dl$Yh?0VYC@F|8dM6P?@4XXs^xkVkbcq&3Nd(bGoiU72B6@G5&Jewh zItHV>^8LNf^IPj(%YFal>+HR+T|RpsF&b(LWVdN=}UyMa6~jn9;^ zsl(Y!Fr~_G7~5yhQ#D?b5D-H7MDU))eiV>veML#wh1YFBNlH!B@gZ1-h|rs!b4p{H znA6e@vyGY#9mJq^gBo_PntkVCYe6^~DEIfjbPR~X1YV`T_}!OAMMdBKivpK3ANS!p z9&L0so7b(|2lzi%J6kr}O>tC{>f?)Gmls!8?1pAREHpSTNLED5ScJ(|mh8X&xh-di z!(@*$kY@PHfm}R@nWC0YTwWyM$>h6U8$!_yvaZpT{)G4u6UP8d@tgR=y{6#|`)FUmNJp`}4fo_vEoBKf-GD zOP4z)$J$*9()ZZ&%^~KXcFNL|Q;Fi!38@zT`SZ(tr(0ci0q+Oh@#a$`yBZWNKY4x~ zNFw>N)Ss#`e=6$ox#{iWrzN7Vmf8Hf>iSP-AYV`IY?!0`hbAeROQLCZQBQhEe=#3M z83OOATRIL0U6h!84zl(6xs2rWiX3p~>teM>vc9d6YNhwXkv{6e`_p>I07v_1lR`%C zymUj7Y;H74^l6Bd7Ihz?q~Ja$I1JE~Y-4NXNY;Av=dI8GWXYUpVjekSWtW& zi4B%vBEcWA5M79Po=o({g4qCHC?ZIM1RQCae{Vc2V3>qFvLK)SE8bcwvm4nQj&G|h zFNu7sGB3GQm?BBU9wpUx+1O;-A7qbS+a{AOllaSoXplT0>v$cLjB`&GkUyaDL^oqjQuyG8fLK036Uw9fsyW7+v~zFMc84^9b)wy`d# zikV8A3UYb`#tp;^yc`|bdwC@9B52#<7Zg7}AtA{ov3Vc)p8tLJ`?dFq-|uK< z+bi68e(+KBx7A{Z73;p3`+E_^&&(U2AHTKy@orRJOSB})>(kN4qeK-JK(cdB+dCY z;H~WgK63uEhf5v;qNEKZ4Z0q>9>ps}nIziLJ+?)BahVF4zM1CBy33}^ODpxg_1*KS zS3j#{+6ToXsg&o@(!PlE~SUe_=OgQX-a`<-0U!;Rs)NcFlfF- z+Xx{=s-+G73gyZ~FS-}jd!N0O-HiQp+U>MM_DY@1(!tW6(!x?Zov!h9$3({4eP8mhraK!q_dQ;U{x8iMpc4Ugfo4zng#iJm$Gy-5kkdTfmxNpyS$;+ zmiBjDt0xz8nGvJ&9&tAHE5aNAj!(LA6JJ2--sRpPbQoDXOLtNCY7G}0KH&q~VVfQD z(ep9%QP{bx6RuIOmbRB}H1KslU%ZHmrWbfDLJlI2Oyuk`=n77ZRNGX0Tr5^xJeV~o zu|~AE#(l=!!yRp62F-%Rny5oUylOp-x8N&@kiZ5S2*!U{;+G`5WUim1A4`BxU}B(Q zK*jOqL1zFqV0VwfqO7W6o8=gi1R65RBW->#uQ9JQUmQXd^0Y-QbZWjUwD_t3X9wq% zOdu1K0lA=fuO!Zx$MHrFKth{Fby@<_jn9Y}@82Dx=88jJ2+wn(Cg4tTq=7|0*{4=CL?X%;oD=Ct@JD$8$C9pmULaQF$?s zRpfc<^LQ4q=O~rO${tGW$^jj|OZo@%&jVQ}pNFd4QV~t&OQX%4$&!B?rz*~te@lyi zW>j}fzYs%87Ipfo?G7~F^wH8&b4^*6)CSJlXK~>|;xH@8eTv0zPF>rj+v*(8^cakp zp-NSy!d*;ufWbqPp}9PLYdueW-%3sMTK9orqYMyeE8p9Ft8o$l95R-!X#>bE$&YrX zCbT&7P3zQbTvH&Q1&YaN8?}MW~;JA*sS|3;p{HTZDz#asqtrHzNWEIJ7c!8y8NRH zAQcptYM45)&9Xzi%fN}@*!?+NI%T#G;ww2&O9SWvKptrLW>TPEpbN?yIjdEmrEPF% z!x%abGpd{ci{&)d1egT-T-09N#Ri6ePa8^Jm3*uEGmG06-qxAiNvaB0RV7ZNpcZZ) zSX`}^Ri;3QY==M!I(`;{)25C52p->M^xs$B=J8EBW7v_h^(ldhnwNUULQ+6RVC`!7_j|EFH!gQhUDhCQsLV z)_ZGzD^6?K!rw+F*>T=SJAhH~X+Is9hoUpctZb@;k^S1RX3d;A$Xpn>d9+ zSmKuyyC3HvWIN^{rEwk|>PlZnDAhMZ#T>w7HQUw zXj|u63!8EJzdX=7@i@@EoPT$vcVV=P-j~j~+NMvUW%Pd*z>fy6=PW|;ce#+h>IAA1 zr^&~b2i9$@9qI{r&Qh45nDc`mj}`s%$phE3d9fC3NT@)XkRbE&M-l!CoCu`s-ojXM^m@;va~1){o;llab_bl?!Fu+ zd3uX5LGz_t^4m971Q(TdLn?f?Qs|y1_t~8)@zr8x0F@VJ?eUfV$F*?x#!X`LxCk6P z5~i?!{21mWNOYx!<=_7|;Pq{CabB62k^C!AhW{SZ$JuzINT2{kIArX5wt~Vs;XiIf zCi}tl6)e#?aq>901e7v2e}u2HQ;rzWZ#@kDtQHeHzTZVZX`m|fGpDlo(kL%24dAnxn5uWnV;Bn-pcYWRYxJ&)t7m{_mv=Bm}fJVm5uP z&fJBf=)#6C!xaCvoV_Ss!oA;;dfG3dtzFcDZ%s;rpZv30uKx=9yTf|${VIxo7RmoS z&Ltj!`c8zoCclS}WKl@;CF{RD<+Tbnd1NT-FZIUX+^mlOcV}59Oy7HkT5tW6 z=B}akVKT+!tQ>#hA7VVS1`{L)#1CLOfjURk7peA>$Y3)2gi=*zw@Xnw$9FBcn^y@0 zyAOA2~z1rIp!Q0l%Z? z=UXdc>^j&{+hb`{|7XuGEsn{;HV5sYW|~W>J=DX&Cqq094a-COAx4!%`X6qR_OKoy z=SB~on{(`PRN3W7f+|UHfltNkfT|~6dp>Uz<_spa%Jy6-|j=SDq^b}`3>BpR+nGoFa*~i*^t5Ux+0P{IPYOFp%a-&_Umal1mxj9Sqo!w9_b1s z53hEnZUu>5&0L22_O}Zc`GuR3Zo-S_mW$5lSF!R_rNk{~z1h8|?TEY&i239M>Q+_M znC_WTW8GTA=4$h^dBcNDy(Uc!Ykoy;AKNxFC|Fc^a@=6oV7IF9$&fTF>Wfc%M14Kv zVf5`lnko zKZMd^WW-1780U)E6xY~0%UIL4&o$z5GYfh+B6J<4^!2K4hh|rVac#rSDt2^HOr;gI zLg?1t5B$T;`vxn@rik03);a=l=PVExE9Q>Ye-zlyhgjQG70|A~9=$|Hm%?sc9`5*V zNnm1FzvjDAKxE*%n*hA7ypU4vEgRv$pi+?W?JXw`lPK5Uc~3|^7(?gWXO2gJZn{%9 zpN8LfIbvVS@6urQ@QNb?bBa?;;EpXWcF>Xl%*N&qBy!rB-G-xWO-Q$r-g;g<6xA$y zi8%1i^0}yQDmM`aHm^8if}tSquUH;~-sW>HsIoMLl;rmoV)Br}O4Ijy9GI;JePIW; zO6~we@VvP(8}=Yfd=-$!_>+ya8eEWslrrA+dDn6XL&tDE;;NepXh`oqUY0haK+LTt zN&8ycwGuabbVqA)?qO%(PhF3)jd3Qqi+dsHYv_gxp}o)P5nhZ*Jc;AhR(Y0q8guR-(i#;8wz9L()){;F4P4rL8(zVj8bh z9Nn4A;~i2zc))D>twQ?z4I*?S^hvJwL5$M2XH3!b$O<;?3Kh-nMUk@Y|ISWT*^>=gk*b(X5jZnXmO{eN&WF^B@i?`Gt|vF(ekA40N(nZL}_0RBKXq z;4!e)Qe8XPUGep#u7YZF^3En7AO|Ip*_NiS=CtP!N;C~ng>BUkXdfQ}>!0b=ON3== zYK1v4lrf>gBh3SSYahG$z7+iN)h%cx+HPXWamEa!r#eJVgdC@v$;+Ct7Qf-(hRL)O zI!PL52Tbxgarpr{?tQxiUC7d}eReA+xYUv0IfJ}OhXDYKx!Xln;N5`=GExS(@W-v@ z*OMHsG>!wSj)p$SM}@ngYkaP^m(`C$P#vY^6pTA;6P2buPP_|tuU0HwHkZhEX8jdl zTc3Y6OYEho#fzAY(GcCoxgeW4>Xym~La#!_o0gyV5rIp>o;_1@>v}vMh|0=!uLfDX zjGRZhSE#uI@I&`kUcs`=f6lkmNkOn*t^_^fJXIRbJgx(&yz8BEZR#f2adt3lje7E@ zYxN_Qt~=X>wQ9Q>mNhFEIcIXmrLin7^imr5Cac?upYG-=UJ~o3Ad4XA&w)8~YXfSV zs>VA+r}V-sTL<%F6DYJ*y6r`*GC99;_Ueoa!N>TI8gmXKji<57O->t0QqyIF^y<35 zZ*^^r1=}F&5L>sAW$Rrd0mJWJ&4~_G9z;NVo(NHS@P5penj^Ifn6&d2gD!j~bgwYL z5q|guWZ}wdA-;B+fyPp8HHpzY|LxC%6KIv$xHT7d{8nk)5C%fKXY`s?ypfZ`);e>5 zLx0}AI;`tVZwAUyUFDkMV5aXXsnGtY_LwzA)W}@?QZ1XfC=RUe4eY1Y~0z)Kv{+(fFsYo77!3t`XmQ&`U0gSti3ymifo%n1;+<QAq9&-c8CXXGz(74FT1V3_`Ms0hCKow<~&Q zH8|8|zRwrsRf=_i71YCcDNo{k+xo302aR{Bpu1H|-u}Blv(Ip8A(t|wSK1o&gBIs^ zpF@tv=Q*651}yt@uKn;NdwJPouP^FOY;Q@YE_nqTlt_i{Z(L{36*Uz=R=duxi-fye z{4?ib(5>AqtA{BH6vstr4C2dA?S?x5MZY^()Fk!^T;;W9-G*%>jH_SP?4F6s*JBoO zsgrp1vDLqU>L&3EUiGdYYdPJ7ah%+aUjh>e0qSnb+A}9p`^Q;zo^_r>>fXxyNH4k2 zm4+`enQ;XKeIsrzHB3O8DWY0;u07g25ai)Jg9u~EcL!O`gfo}`$Uq*#!<%=oA(&Av1qkp>m**)6WqDp^p^4O z^SVTC&RD;Uw(NtxSFvKEGiB+>A!%lr!H8ZQ;Euu3tSGI2IAM^w_JIY>9=Tei*-}H( z>dAx(;kFtRshH4m`)?`U?Sx9;;t;Q-+8P9^P~L<_Dj@0KwuwhNWfPh@Uj~!<84Zu3 zB&ruyacCeH<=dn@B7voWOJZ#>cfzE&-KkeTto<&+^+5{t>E*D@j=YfXn6|ohLX{md zu94s{(`_k{9pnq+$jKRLeikEyc;2^!-H><1$9$X42}rB@`64+mTLRZZld;s!<8Xcb zYW8D!!0r<;(&a0u)T}9Ao8aATRrncTc6;vl^4^~!0Qg>0U*FmNE!1dDD=7G3^L9Cx zLC#!pHm2yJ$1bn0$hHa^wjD~aJ%e=9=6Vl+0xxSAZ>k_$c`P!M)7>9&UOLUlM&`F& zw6#z-fh>&o0(}7OGo`NX=KGtSuIR&%*GYyg=wQjS$xx!ASLv&qhC9JDPTnCQhc7Vn z?sXW`TGcft+&SsW5Lr>W0~ibEhTW)cfJ{8<6%Q*-w}!gD9bzOyZ({T-p0MM~*Ll(AXR>eKq78bWtxiE@L_`c+d8`dUu6 zILsuh)9E}(BQRSt(|rqMa8cSpRqEfMIFf-*&>fS=M5!KQRk#hjnYwAv`gk%x>$r_> zb8kLf*0|yhLmAB1T&KZ(4?W|LVZO|-h^xy8rYeL?ja^_7b<1sgwZ7g^#2F|}0e-oj zQ?Fwn^;SyQ)T6O%qh+hTA`OZeZok|+X5ax}&ZU6n+#hEbJn3hi8z+7Wv-y)t7j!XR zKygfDiQeKzw(k11e~HfnV&ze$4t%C`dB0Ag#-!RcYr_Y+N3H&R9l=jLqPtMB2My5dZ6IA=6PYckF;38%7KU88wrEr+ z=dZdQ!G4~bsEcr0E{l0CV!Kaui8BWwZNFJa4?lF zds2JjJ$S6Ds_9tWh&M=gG9>hTu`bpzJ=u1;uI%qG8mg z)gzyr31w|@VF${|8iZLufsB5mgZ>Wd!>D@Bx$@Sd?g<{qv_$2(@P@a8TImq!!fHi; z8GZ-|{5>1#)orIMfo4c;$ahI7G=ggBcT7V61fP=>0b6d&ezJx66|=B+P1zgg6o+vgXQT6NHjP#RRa4OgHb^4;pF;XDSles_=GzM3 zijx+V$a00Aeu|z@-W!+$&o)T8xh@=ka58Lw=WC*u-HQ4OU&|88)rWYm> z3O8{LKiMt9#}9{MyvJCv^|P3T95KkQ+13kc9a7bx8ll(x0b3$-SYY4=Ae-ZJ-e##Q z7PF0QS`_!hO3g(yU$2kFY|hH&?Yi?ztA(8VBVIZtH~)e6f~FZmgW7rPSx}v^%oG(D z7S$`{k!}48;KoaC6Eu&jkxdzm7@4JpJ{##bmKr`L9LVSHykAr6^}^z0#xzW;?^`3-iY!3)^_p271EJ z;S0LA4>|mrc5ZjFIL6ut6ndr*x$i7;8US!jIMP4ab=0`Y7ONc#2_2fhGz$xE(fdH) zR(QAZh?7R3l*`_DrBO|%_hhS(QOdO1dj_AT#|&x1UFB?}+s06sM^`p(?4rGz)usE% zSR|;N#k+RFsN{B}Hd~;=UK#W4spw>cF8?*nrTizf1YSbublW;R@1l#;%zn6V2JyU2 z`~xR1K$~KUo-^H&mhU3@lvkv2T-b9`s^%JH;;@vpYc@5gIzlu-o2`S7^2% z;OE90VYEMYm0u)WV*y&A%ayDrM7G@aKfD9Kbpf46TiSp`FL%^(T^k%Iw{xbiDOen! zX(bn5NU!3K$(1^pb7$bWw>^Pa6()>y?gKTnwl@}*G&|d9nuO-B3wrd$e14Fg^Un-9 zYKiB@I>!%}^f!461X@4#8FvQ?SEHW^3?Epydz@26Me0KoXOl%#tUlQyGwoWiApPcN5lTbYj$XB`DeFGvQHY#5(&|`b1XnPY;$twalIKTs>WjX zs-hpg3HPF^-D2J{JCwv@L7Oq3^FDKhH1f9#-6^mUI9mmJjPrNbzh`?``X&NRt( zm4C064;g+i2=8E_SOoU*q^eFk{?seA`xEl8=D0%tTcY{5w)x>M@5esBp`@6{Zkp>U z0vkz~7w!n5v>YFx7B{N=VcZ{`1l%ZT{d_f*4COjZwV#daObLVmA#h~U2SiksD_n#l z`X9SyVYhMjF3K-uJ~?hpfiUA^06p^zp$3=6oWYe;JA&%|Bg;uk{Xaa^Dj-lW7yfjt zWPQG8aBOhZ>oF(?>$<~Ln`ELk(~)^L8B zv!Xb?J7u)8SeV1co_(z?(tK-w<#M6;+80LXwKUE*h=JebSM-RjfnOqB`kvLSkRdE} zmFzuIb|BW{!h*vC+zr)k(ZVa0!W>27>v25zZO;KeA5oKb&(PM=fnmEHT)+H{c_%|W zt}dE$jRRx#LwhHBfR|gPY#fv60(HwJ+NO6FbI0H9c*i7x9~4YyzscyZ%dC+CvLN)^&?Y5*%BWC^tmTn(tzXlWw3rJV^(1S zNbREeY2(3SuG#R~bg15PPA>z6@2oRByk545546NpFd5PQZI*(#GY@Oj@~rskNb!^b zrpbnK2^;@&DK6Q29Q3n^$9m$j%{P-JlBoQjH10jM%5n+QUkoh)qQ9V_FO1-cw@|2F+V z>&mh(eJk7=mu;wf-lDYy^)8rVZn|l_`QvXETLk8QNJBH~S_I)c=h<=cbTr+a&-&8Q z=#?7M!9yU{M%XN!?eTndB=lQhxA7X2mpR(n|E7*W9W$=-PeW8X?s?^1d~^zHhX1_& ztnb*fIp4WQ>Q{(@Do$OFHiz)*kVVDKWUzpj&*%q8lL}gTTbVHI{SJn|c``A z-8` z0a)|#9D8BzXV!$V#&Qbnoj0m-zbc8;7ZlNTTX*j|aOVvJxF<9&K4=RuO2%YNmo>c; z%+4IQB1m7*gBi^2F}hyP(j7LVuznoO+(5UW?$pti%RbtR=gwbfJV|Wd%?5y|TSx}0 z9J-+(fb|)LZ#p zIuD`?Ot-n8Wizy*p5I26+zX(Ivss?WHVH;D?U1Jt_!29v&tbuD&ptRa>Zo)Kw#zl`{_{bP?I&%JIUPFcfp{#96o{{=ug_N@7i@79N0=|HhkDISL(V+?MFXTpY6+a z%|dDO_|n7fEwT?fv^ipv>q2I#g$iFsrxY}y!y?1=v3X&x5DGo$>KLN2t<9>IuzaQt zwn#QB_0~CHV_0<0`AMMh~?A-&i>F^+t(x%WI#6P&1rmPxT)%+1oDHP(P%W1_@! zop0cUWQ^}st?WcR0)fF5s%h7E%9BL<^2m;Ha#~Mrp1Yg^%=mOR3t_O}^tM2OmN;;; z0p2idlH9vTU6&Px_|qI0x}eU{#1>Xz24F*z{epYJ6as=&cfhMV1n$O%>mJV0%#^fF z;^jnHC;1eKsH}(5Z>hX@6j_f3-)YrqhBJ1wo&Z-4HAc0sJ z&!OMWsc}E<-c$zS5@c0}5#Hfi0$(>jxyJ-Mw;VnhqqwhojAkFWaoY;S{r)zES&Hs> z7><65_O>F$8|pJGyYA738g$inM3O9mJ2cm_08~sLjX5a9|GCMZWw3C<;*z)e?D zcGEIlH_34gbZ$CT|Fc*{lo@)m>jRoj?2!a{oV%VE+>DZoYqY?zMm{g&p#9`8#?df{ya3Qv9^{JAJ(9M;Tpj%^r9?UXs1lJ$xfc^Pm0Or(7dvm#aKSZt$f472dE3 zVIl_)&sAfCPh!a5X&BHgr#XmbF!s2j;x_i5%p#ncRffeSj*d?({=av-L1`6+*Qx+8 zm;%ZEv%#CjUW~q83z%B?o!7&EMb=&;;S!A|bpI+~k!t~Sxpc4d{wvb<8u>Tq3H_@o z+^+>}JeNFT`LD=_Ovo8A8!=znBh0ETWs{tTXcaZh%@s*1 zs*^Wtm-)laYC3alg2HXNO1MqzTz>Cwiu?;SO!qVN@vZ}|n+`#5Y74jV7;A#&JM3F; z5m@9^vFwkh&xq|e`#D#fYxC{-d2CLzrlek3v#9EJmfykf>n>@ZId(TmR4)0qJSuq4 zjYx9~$T~2s%F=@3n1QfWG&i}jvcGB1X16Eedfjn?SWg-@uA0a*az*XV^RK*X1KO+c zF|=;4%868ZwJezwg;hGNn;j6YMeH2IagWr2!?CP(5Id=hA&`{o7SxrnvQovyS>mH{ zdP_Iqx@mIA(bEZmAAaF{^@;3sJ=@kXQkBuRpr`N z=bGNJB3-lj;4;Cj?ZDH0@X&dV>}J_*8Snt+rU*zA$#t*^FQR;5Rye{ohR-!L3?C|HtA_i| zy*M4UwYN)p4l7koTZ}7d&?oNIF){eLI5hVhc2_etCPsU48Z=G;e()73GLlxl9U zT_nk^t)mmac<(-yw)WgqVggC#gDLuFqm zr8shCW40b@CH}^7vEM0;ATlJ}#UB8jss2<=dsQB~^c&Ylt$qMpudZ#z+YBA3zz56% zZ?%v+^%$241bh7u`^^gRgkBO41qb}-RO!`0a!-c1gIf}+CuUys=^LRBbw{HlJT8UL zu<0N-wQhA|#dfFw&QBS5@6z!yE;scD zwZ2(d&M+8Az9&*&yWzI~=IYqyK9#ZM3eYn=M_glbug1t`7S855isRZ85nSc2{Bd^y zKATgzJ-289h&~57xzQ!n*&QNQ%16i9kAo*L5d_}$(yf6zk3D$lZp>v8Gq1}5Yx$v= zYfGQF{h+dp#7C_sxA=#eLP(*FYs13&20}1IUN8S;o|bFQ_alHd-jJsN`V4oImr3@t zEzGgoq0c9HnSxzf+)P&Nx&7kfs~K=JU`)`)!%=Ra{EWa_3|13-fK=mSMnvp4OG)?L$s+;F9@-bP1Ur;`M-s+0eIC5wbuy0)};5u?IEmZ3V zbLPh7h5y)uZ@0B>WEGh8xrl=$EVYDG=SZ;u&XZMaSW8oOe)yCtmzG4Wv414y2`=ns z?#2w%x3a8O`w)oEv+Y!tL-{w<2k#=84|J1C^(fxC^y$5JbPL$f;WFDwShpu%`}^4dCyk9GBce@1}Gf@!AG zaquB6kKIz->7OEbERuRaD(wr+sjm*Qj%2?EyV*wL1i`~W`u zMCiss^Reo+kt%3sdp-%1p`&~;rr>(Y?>?kl{zPO7C+f4eVOG|fw8h{Ip%T!>aTUU0 zqUZ2II$Ow2OMU`v$}yPv{ZUE^N3L!#W#M><=XrK|g|?;P1nk?8<204gz?ENy@tAk! z)t~YSQpX%Ku^z&LwRnlTn9ljnK(xAQ>6hHos+rx?@~cb~MSl9Y(8`e|LBSz41RV}j zD|EbIWGw;fYaPfc3--;EsWwSN`A!%DG@C`UJmknK-k`^S^tW!Ux;|;c4lnuN$e_6C zTt{#QT^F^##jb#g#Y#lUB|gwJU-80vQ$pl)@R7@e4#%`nroM-LuzAfrS$?;&iH}N6 zFWiC@Pb@4zXJ~&Ty~hSg`X#iRWm~jX0s>sm>FT9eMZStnvM`DfdXeosXaT9kQ8zlx zD)6P9W_P86+&<~Sz7{Wj=Ii*KvqqnmgK;5KVC-DQk1`S%2z@5w2){F-xca&&g@J-- z{;IsHU264vEa#@1q|$cA_I%Jo+%>nI>Kl2Ug>Hh^tjiKL=_3Eb%C+8lvr+DnPMuj? zvq-d3_F;rW+mMMo`)nuf*EU5h8@uK+Qx-sCUyv!N!9e?SDWNK~bAq;ijO`_rVV?Kk z=f|r@mcoS64)TpS9+I>PTc5VGddO#WtesWp_3G`W!Me1eZF^_vAFYf>z^;{v;9J~f z^}HH@<)|3%NngQ;Hq7JtqP=vA-qZ)$Al5Zzy+C>$fFOI(2Tp_|+AsE|+}6#DAi}(Y zF{jp@`Y*#mM)DgC#<9%xD6%Q@t5J7P*jF>&^>a(LQagU8Pqsw3kYrP|QuCUMF*!7N z%E*kEnUNY^gL$#TZdUl@`n?<)ksMWiNr&-5vw3ByV133F8pnwPx!&tHAx1u4cvNQ0 z$O0_~sqO_))aoas>(PVVg`WP0-}wJ}5drYu95N>XLmcg(W~Tfp((f*uUFh}_0Ni#af(^Wo>r ztf$LcyV?g-CA5KS4+e}I&FC1FozHV2GQN@Kf_Z5_A^U-^0uuU?uT&A*FeF~wvcNxmm~Djqp7!)b&Y&?0>)oV^j>9`*}?BW01{K{Qra7Z zyT}T5tx0!`KY7&a`>LUxgS+h5>FU$;p~oi86t>^yuim!70IeF3|{ooH#b^%E?(_vU*phIX7>q@_H2RF>@ZhQ1Nsbahv>h-t;@wbT^b5G7D3;DSuZag<|e1wTL3H z4XDjmGimiEnE9YIY8SDHJ-|DPi}QME{nh&gRHk`SFF+9m1Qj0>olc@ z&?@y3OBi1Ju5=eeGr{0>XG7i4z4<^EK1wgfO{vFK6M>$r^jp+!%NQ>$hn%S7L)qr*S-mFHi=!=d~cnEoXVK};{=|6t2|@*;V?mb z$z+r2TE0qPYnL0a;#V)Z{SDc9&a5pMlrAlkl_e-ANoUQ4%u=7smuxm(vriuieXDnd zBbS&9{OWzmj$A3iMWz>T&#UOa+s3hh!yR?L%M)?34D|w^@R}8EXZjN2O@jpW@`9(0 z>YA#q$JiQ@*qlQWpd7vu#wIPCo4wDL>7?6N#*KPL_R9F0K<{OJq9wd0#kpQR3g;q4 zDeLZ7t|iO*f4s>P4Lki+0>Hlcrx8bEir7s0FRkGHsO(NZ)$m;Z1vSK}Ou87kn%>bZ zt&IKXb3nxq*#6Eh&FO+`jai%I)v5#%g;{JNJV z@Dynt`s-YkYHct_`jxQi1qkjUsXU1Y%30=%unUpa<+!?EqP9=12Q=!fm#D}N5z}Yv zNYXpg?O`{s)xpf~2kwX&fEb3ZU8Dm+P(AnX=aTU5mGc;-b;^?Xs4|lUzUOgAVaDx3 zp*ajt-*_wHc#3z)tMph}kpMgw;rUy@`Qx__a zo!{r*n%<}N*!|8PzF%W{+M6Zt#=-MEe0x)265G)CxLGuLD$76E*QPnSvWC*NL1kX| zuo&RSi=Cha3eNhJ>aC{v74x{`Zk;a%94$Y{qb|=~sr({rdTVDaHOCm;`q_Ca^<`ru z)GQP<-USCZ(Py@!Mfi1ZELpO`W%zr?9EoTJz5Wy+3fZ}QMeEEVZh%vlieSe?cw?ia z{E=qe{Ui10IfcyWmWlk6w;LAUP%SRNvX^hwIfr!e9%9@^xoFS22`<)4u%NvUuatJj z)IRMXj)w|;xXYp2f3S!Ysk4DN^`9*?Pnz`$*5-eRGv*aURIC5&Lam^xN!Q7n^+T~8 z-j|*su3vBaD3o=H0*PCKH7f5YrMLuXsLv&@&v?AF%{T?DG|r;50$S`d6eSFyzRL8b z$(h%$wJXRnDX~#hOr9af1Q+B(lRW~?+*C1YJ1IjQzJ~{;#E<{R634A7A0_x=ea4HO zh?iy`HpaJz?MngAR%Ub@0>K`yvmc5o$PE?tA$_t;V>U}1l>5?hp-OS-oTH^HuItaX z-p%>b2AsZ4pijAGPadYNNUrV%d}*~;7ls{0wAebF*ABW2`Y}WDWFN~HvD;*NisFT( zV)Zy|1}R&79nIHvv^Ohg6d9YJbAsvr^S=PTZQFcX2v6B2z12@FB!_-n`Uq8>fH}df z?me3Jn;mpuKMVS>xOqa5sF?M=V%lai*OBWThqDG4yX83MD}-kB|D~kn5gZOM0VNj!QFw zu@!WDc?e90N+)S?3g6MgRHVF6Ei=>=AZZDEs*PMlzEml=#toIf(0CV5 z%BOw({`}9|C!@AM&r>RlK8p@SEkrO^D&b5Dd&E*NUzc;@%^t~&J(xTcMN zFemAPKP}<;Q{kGJm##J}^<}7)N{URK4ud(=v{qiJq}g4vYQ~Drh7xLe3*KkJp>yH| zhSn5G2&gN=p*ZyyoTlZ5zQuvKCS}?X%e0owCz%kisFF3!&UkD;+oc%F_owXHQOC^b z93CR5EYvpvQSPpgKmFx7*Xg^0Rn=p4$L(L0y}5b1cUx6+#MJ40(*br&#zHFxhwUoX zkBc4T%BZ^O$qC#{vCrD4;0tLYj#D}U|i6K88b-Z}svNLlla!lv)LV7c4UR+(7l^otb zv^$Y?dV#K*bqSxBiX>*6k&7}#Remop4TDQEh&rbSIQbhmP;gF0PFFURq+bl^p3<*J zw>XDNJB6NN8v@Qs3eU#0`#^o-3t~2vF#Y{^OL~8n6#E`bLEH<@j(27k#mvEF1|7^= z@o_6@5Q4!kYVNTm96uihq`5fG-2H)n~j^VynFQq+?pKi0PS7XlKR z#j4?+Q%-$t_cq|gJ4?9|hbLMHJ`qGq2r$s>WO3KjtRfo;fyNQMPw)0a?{IU?i@lc4 zMCad&#Dzx!NA90z)~*n9X@E>fGnO5H|F{e<=+iZ#-H3pp94ug+-Q7NET%joVwq$Kf zC&F2p!f{MnTj0+pyE?F24RA|I-i7%=5~WBZo+h___Cr59l9UufU%NT+dYV?xS54H~ zqxutkh)a#VY6Cd^dUhH@YSERG^OHqigjqfYaXw1z z=jv7+(s>%WtuQ`W;0+^dmLb21Kc=*I!Y$GUM%%AH=s^EO*{Z3Hs~06Cg9j&cg$KtE z1RIRbrXCd9Kul(*yb`u(KId!+J}kK_4e66KLct}zE*43em8=X6O{hi^0T$FVpj4iw zDW(eR&23uY*)yj_@li(5kiykQ6{Kamix$d7|H=3NhrRa6q6&oO+ z0-+0vpn~)!gd!p}gdSQbVneAPN>Lzm2rUUM34|t~fT6bp5<>4GbO;avH=eWizI&ge z=lgm8+@Gv9pGDSKV~+BUcZ>*zI{C_5zCEtc{!u-01;So}$f| zO5{^e0tBWG)65`+ZgPRiB=?fxp!PJ&KpuOzo|3h$lQ4^+!f}1JtFdz6jJpjf6!@Wn1gBf42aDvL z|2UMxfsd{5Be{2cKIfr0_9pmY)|CTwBP;qcZSGqf%4(vj!M1FxfOKzKCf9{ze>pdP0)|vUOAjUJ*XBv2Zk%?|2#LpCcQHtmVqhpZ zwKC$ZF#fCg{e_B!=v>1*u2>nRW<oGHkwImC5)n_(s4@<8LVx zzj!avbbn28D>Z)=qPiVC5r4FM|G4pAc@%(gIpfXWu8jXh56SMDGW%O9$G|Tt$A;>| zBY(S6>=!*mGqVl-M^ND(>AXrQ4~xn%ANqmgZ&w0;%^iwYPXhhXul~dOh1mTXZ8N}m zn*Wd6=$|VwS6M5?A_2rdqB8&b@Rlspp;YjS{2#NXf35^SVXXx6f{|Q*+#vtBkyyNfF9%?EW46>vM@ zBQvEsZD~VNEXc&dO4<{z!8}kadB3CZXJ7ZD>kjxGvxKVSKO{AMxrOBp}b%D#F_`RpE~Y;9f_#zZ44L*b8I(%=Wppen9C}s=#Lw>n3KEv7Dk}!SSxe51BgnXN;61O zN~_U}QT5+xAEi0`8FIMOWNTBakGq)8i$=RZ_2v_W;L)SP8zKp0s+ zN!7r)$NPw$qkl)eV=2IFZ1nRoALrp2e&)zT*X}-~Qux!}iB!s@z&VF;Xtuu(KQ8_pE-!wu*Q{VZ$6y0LoxMHQy36ZBf8#%j zCa!&_ycwKg1xiJVx*^J}_flzNv%PjrL_v3TH-}`9Y}KDN4W8Rb!e^VJfi;iF!vmKW zCztzzXahDfg3_pxy&ff`6|}52E^vZBk}4ubLh`2yyb0cEqh9MB8S3wkT>vdvM?$~d zqwl?itc`w4xdQgtTbzmO46aSzL-Juw%6`ZA>Wnz}jFn~86+v8x_dMWsHK~QqYruYf zd1oXlEyfQ=cfNUJPu*qZUr8DZ-87T$pmBp*T>>vpef8G8lXEj1+9`#p!$lg({vw)Z z^-J08sfO+ZiNQ>hyYFWoiOLHz7b<&|@90-hu{Z?m-0&UW#;`d>R*jom{4aX*`IBGb zGp{YiicZeIw|ctV5?-dSD!s8HyH{uH$9qOWWtK{J`XrG*dXljEp@h>|m^yh=i#K6H z`33pPwKaZ}=|YtO?`V}4B}hr4^jHCn=vgYDzW^WA=>pA5MN-ERg#tD8)-IHq9lf?- zNG-Br(SFWolc&vcGro~RPxFTbd^ri2vW5ac3$8r*H?RK1MX@bvjMmZ%5L!dcq;?3K zFd=QW$07%)II`1Q>Tx2SskYba$#*3-KJn^e@DQGTt)POvtae(KIiF(*p%+{u-W)EB zIKnNm4a8DwL*Marz|5A$t@6^QrQ0)t`Au+E!C$3;eu2s4ew%5`){g3nNv+Z6< zBc}~n`(*a9M$q>{p6n(;?~p+&5Po%6M5rb;FEyZ}#1Zk(X@(*(<7&fhv{WaKz2s80 z?JY)}uX8lxBL5ck!xKq&Ol@>ihu>?3BZF~l(a z1@?mv`P>3U7x_`GANfSzl%Lj<@8B2Y>hs!fPPH6e*@OT5eBJ1*NC!j6gxOe2@>Cs&=^DkeWh1p1anyA0;Ky{2o=v z9NK3c$&>)|p6&q4X-*W=u&u&1kyt})4tZf47+j+9skWeGTGCvwUcnaj*w6muE$hOj4D| zBT*~zd`=(wo7-EQWn#|q@a&{5NT45WBvDgtp{IlsII}7L{zP|;l86WYjPi!}HOMkO zYp>aTPPyEWq2qD6;MI={#66YF%Fu)5%DZs8y+z)w>w^WNXRjFIAlclCG&ZPslFZmd zPp{30uEjdS5+68dt3Ph_1Dcq4W{Uyd5B*KaqbZrB>WGanKuOLA zhi*`_Zv;(7g`3RR&`33mSI$+)ipj%j)mzEjh5hq6*-^Ryf-=`_Lj6OeeRTWuiI781 zixT)g1D)yI=RVI{-a}ThNGRCJ zA>1^@Mwj_R%RKa!(A?=gXZ%4kMke{euft0O$3J=XJr@h~%C;mGJsM}c+pw=Su9+E1 z)m}ioZB*B^M-Y{X9Ot!i%JVrTn^Sg1|1 zTbEm8_xT1S$3eaL?NC-ZA z*k|=So=d`!!gojnogOZ$^~9#p(W~~aQ(lz^{Owhv;>AtJ`{eR$Of3AEd+@A-!L>fz z6LUXyo;cPj~V6`@st>*mk0B5q))iFsI)pSa;I(gUS!>;c|Im&0@Tml8%# z{eClvRO(U4c#;j=>}Bc|izQ6p`aWdkr#Ap=kC33i4lQ1QbJ2T?xSW9wSN&+dAf&1A zMT`2*s_6xrB)?1P&y4a;~e}Kpb?CJEQlK0l`IQl9?xEA>0DyJE?V0< zZ1}U~tHyaL%dG=&2WBk+1IqduE()Cf8@EQwb>eTdR>JV|Vu@XfD!G z8)1!;HgK^qeogQd50csq2!)kGNGP*OmU>6r{F zYakzcnG5K7npD};Uhr=}Q)b=ekl!qa8SV+1Dc@3mndJ^{`)JOreW(5QRUY~>0Q41&Wo z7+6MNz6(cWKL?G0A}S(gv)Q^ zKdf@BG99Z+bOh7l$WyuY9WQLn<&5%lT)bG|P(@%h56H$maeF8=b1mD3*(K#O5tgxz z3AZIZAeqDR9Skq<$nX@yyBNwbJ=v(5m^)W*X9TFSMoOBd>!Y`#8uvUf!Yip zB>`0REOXpr8^y&;Mjq$UrND!6h#E-`DH}uF3yxAI%);iJ!pm}Qi%RSjp$hd-^~8;V zVE0fu*-l%j$T2-={;q1lxrF<&v>K2|$*zAyg~|9~vmEPB8Jd!1BkKovd0KO+pVPV- z7TomrK3-aMOQd!gb_lEn6>pK*E@fCecY$p{L7~Qe?nZ_RQ=Efq<>RQi>_=9Eh1tP3 zm+aslq87938c^M~6dEa0+Uq6fByOL{LW*eI%Ovwo@5vmdJh<6549(teHAQ*Zxt`I| zTN_R8hS#>dDC0+7waTQ4mox1Wu14-gDTB6DVp@CyreA$>3F@?++_vzqut`bst4(1% z3h~dr-W*;`zleY~UH5BS+uR$da+4RHA^N-eP zL|nP35~(Np+$a%yC4=j&K$`E?CCj59&i8PiQWNq$cu;Kg%9T#}!|D6$a=LQv_

    - + - {{'TOOLTIP.VERIFY_REMOTE_CERT' | translate}} + {{'CONFIG.TOOLTIP.VERIFY_REMOTE_CERT' | translate}}
    diff --git a/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.ts b/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.ts index 49e00d741..115253fcf 100644 --- a/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.ts +++ b/src/ui_ng/lib/src/create-edit-endpoint/create-edit-endpoint.component.ts @@ -118,6 +118,7 @@ export class CreateEditEndpointComponent implements AfterViewChecked, OnDestroy setInsecureValue($event: any) { this.target.insecure = !$event; + this.endpointHasChanged = true; } ngOnDestroy(): void { @@ -210,6 +211,7 @@ export class CreateEditEndpointComponent implements AfterViewChecked, OnDestroy payload.endpoint = this.target.endpoint; payload.username = this.target.username; payload.password = this.target.password; + payload.insecure = this.target.insecure; } else { payload.id = this.target.id; } diff --git a/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.html.ts b/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.html.ts index e7bcaf757..9cd0b7b1a 100644 --- a/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.html.ts +++ b/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.html.ts @@ -74,10 +74,10 @@ export const CREATE_EDIT_RULE_TEMPLATE: string = `
    - + - {{'TOOLTIP.VERIFY_REMOTE_CERT' | translate}} + {{'CONFIG.TOOLTIP.VERIFY_REMOTE_CERT' | translate}}
    diff --git a/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.ts b/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.ts index 602828011..386cfa6a7 100644 --- a/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.ts +++ b/src/ui_ng/lib/src/create-edit-rule/create-edit-rule.component.ts @@ -422,6 +422,7 @@ export class CreateEditRuleComponent implements AfterViewChecked { pingTarget.endpoint = this.createEditRule.endpointUrl || ''; pingTarget.username = this.createEditRule.username; pingTarget.password = this.createEditRule.password; + pingTarget.insecure = this.createEditRule.insecure; } else { pingTarget.id = this.createEditRule.endpointId; } diff --git a/src/ui_ng/package.json b/src/ui_ng/package.json index d3c626567..a9cf0fc4d 100644 --- a/src/ui_ng/package.json +++ b/src/ui_ng/package.json @@ -31,7 +31,7 @@ "clarity-icons": "^0.9.8", "clarity-ui": "^0.9.8", "core-js": "^2.4.1", - "harbor-ui": "0.5.0", + "harbor-ui": "0.5.8", "intl": "^1.2.5", "mutationobserver-shim": "^0.3.2", "ngx-cookie": "^1.0.0", From b300334764e9236e2c206a44bb1d3c6be35e47e4 Mon Sep 17 00:00:00 2001 From: wangyan Date: Sun, 12 Nov 2017 22:49:06 -0800 Subject: [PATCH 48/83] Add screenshot to monitor TC execution --- tests/resources/Harbor-Pages/Project.robot | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/resources/Harbor-Pages/Project.robot b/tests/resources/Harbor-Pages/Project.robot index b4fc01962..ad88260f2 100644 --- a/tests/resources/Harbor-Pages/Project.robot +++ b/tests/resources/Harbor-Pages/Project.robot @@ -161,12 +161,13 @@ Do Log Advanced Search #others Click Element xpath=//audit-log//clr-dropdown/button Click Element xpath=//audit-log//clr-dropdown//a[contains(.,"Others")] - Sleep 1 - Click element xpath=//audit-log//hbr-filter//clr-icon - Input Text xpath = //audit-log//hbr-filter//input harbor Sleep 1 - ${c} = Get Matching Xpath Count //audit-log//clr-dg-row - Should be equal as integers ${c} 0 + Click Element xpath=//audit-log//hbr-filter//clr-icon + Input Text xpath=//audit-log//hbr-filter//input harbor + Sleep 1 + Capture Page Screenshot LogAdvancedSearch2.png + ${rc} = Get Matching Xpath Count //audit-log//clr-dg-row + Should Be Equal As Integers ${rc} 0 Expand Repo [Arguments] ${projectname} From 6d7c028729809568921fcecce990572fbe6c35a8 Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Mon, 13 Nov 2017 18:04:17 +0800 Subject: [PATCH 49/83] Refine the Dockerfile Refine the Dockerfile to remove temporary workarounds. Also fixes #3587, to make sure the configuration files of rsyslog can be read by uid 10000. --- make/common/mariadb/Dockerfile | 2 +- make/common/nginx/Dockerfile | 2 +- make/common/postgresql/Dockerfile | 2 +- make/photon/adminserver/Dockerfile | 2 +- make/photon/jobservice/Dockerfile | 2 +- make/photon/log/Dockerfile | 4 ++-- tools/migration/Dockerfile | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/make/common/mariadb/Dockerfile b/make/common/mariadb/Dockerfile index c0e669a01..1f0435c90 100644 --- a/make/common/mariadb/Dockerfile +++ b/make/common/mariadb/Dockerfile @@ -2,7 +2,7 @@ FROM vmware/photon:1.0 #The Docker Daemon has to be running with storage backend btrfs when building the image -RUN tdnf distro-sync -y || echo \ +RUN tdnf distro-sync -y \ && tdnf install -y sed shadow procps-ng gawk gzip sudo net-tools \ && groupadd -r -g 10000 mysql && useradd --no-log-init -r -g 10000 -u 10000 mysql \ && tdnf install -y mariadb-server mariadb \ diff --git a/make/common/nginx/Dockerfile b/make/common/nginx/Dockerfile index 1c85bb5e6..9f6bd4353 100644 --- a/make/common/nginx/Dockerfile +++ b/make/common/nginx/Dockerfile @@ -1,6 +1,6 @@ FROM vmware/photon:1.0 -RUN tdnf distro-sync -y || echo \ +RUN tdnf distro-sync -y \ && tdnf install -y nginx \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/make/common/postgresql/Dockerfile b/make/common/postgresql/Dockerfile index f849234d4..37fbc1095 100644 --- a/make/common/postgresql/Dockerfile +++ b/make/common/postgresql/Dockerfile @@ -3,7 +3,7 @@ FROM vmware/photon:1.0 ENV PGDATA /var/lib/postgresql/data RUN touch /etc/localtime.bak \ - && tdnf distro-sync -y || echo \ + && tdnf distro-sync -y \ && tdnf install -y sed shadow gzip postgresql\ && groupadd -r postgres --gid=999 \ && useradd -r -g postgres --uid=999 postgres \ diff --git a/make/photon/adminserver/Dockerfile b/make/photon/adminserver/Dockerfile index 898881411..138a5ac80 100644 --- a/make/photon/adminserver/Dockerfile +++ b/make/photon/adminserver/Dockerfile @@ -1,7 +1,7 @@ FROM vmware/photon:1.0 RUN tdnf erase vim -y \ - && tdnf distro-sync -y || echo \ + && tdnf distro-sync -y \ && tdnf install -y sudo \ && tdnf clean all \ && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor \ diff --git a/make/photon/jobservice/Dockerfile b/make/photon/jobservice/Dockerfile index ee3d353f7..f8019d8c2 100644 --- a/make/photon/jobservice/Dockerfile +++ b/make/photon/jobservice/Dockerfile @@ -1,7 +1,7 @@ FROM vmware/photon:1.0 RUN mkdir /harbor/ \ - && tdnf distro-sync -y || echo \ + && tdnf distro-sync -y \ && tdnf install sudo -y \ && tdnf clean all \ && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor diff --git a/make/photon/log/Dockerfile b/make/photon/log/Dockerfile index 7b31c75b5..1db6314b2 100644 --- a/make/photon/log/Dockerfile +++ b/make/photon/log/Dockerfile @@ -1,6 +1,6 @@ FROM vmware/photon:1.0 -RUN tdnf distro-sync -y || echo \ +RUN tdnf distro-sync -y \ && tdnf install -y cronie rsyslog logrotate shadow tar gzip sudo net-tools\ && mkdir /etc/rsyslog.d/ \ && mkdir /var/spool/rsyslog \ @@ -17,7 +17,7 @@ RUN mv /etc/cron.daily/logrotate /etc/cron.hourly/logrotate COPY start.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/start.sh && \ - chown -R 10000:10000 /run + chown -R 10000:10000 /etc/rsyslog.conf /etc/rsyslog.d/ /run HEALTHCHECK CMD netstat -ltu|grep 10514 diff --git a/tools/migration/Dockerfile b/tools/migration/Dockerfile index c20665d78..7ed3b2716 100644 --- a/tools/migration/Dockerfile +++ b/tools/migration/Dockerfile @@ -1,6 +1,6 @@ FROM vmware/mariadb-photon:10.2.8 -RUN tdnf distro-sync || echo \ +RUN tdnf distro-sync \ && tdnf install -y mariadb-devel python2 python2-devel python-pip gcc\ linux-api-headers glibc-devel binutils zlib-devel openssl-devel \ && pip install mysqlclient alembic \ From 01390e218085c54d3627069125d3d808e431abfc Mon Sep 17 00:00:00 2001 From: "Deng, Qian" Date: Tue, 14 Nov 2017 15:10:15 +0800 Subject: [PATCH 50/83] present config item based on installation of clair & notary --- src/ui_ng/lib/package.json | 2 +- src/ui_ng/lib/pkg/package.json | 2 +- .../project-policy-config.component.html.ts | 10 +-- .../project-policy-config.component.spec.ts | 88 ++++++++++++++++++- .../project-policy-config.component.ts | 64 +++++++++----- .../lib/src/project-policy-config/project.ts | 5 +- src/ui_ng/lib/src/service/project.service.ts | 2 +- src/ui_ng/package.json | 2 +- 8 files changed, 138 insertions(+), 37 deletions(-) diff --git a/src/ui_ng/lib/package.json b/src/ui_ng/lib/package.json index 0baaacd04..002c69650 100644 --- a/src/ui_ng/lib/package.json +++ b/src/ui_ng/lib/package.json @@ -1,6 +1,6 @@ { "name": "harbor-ui", - "version": "0.4.0", + "version": "0.5.0", "description": "Harbor shared UI components based on Clarity and Angular4", "scripts": { "start": "ng serve --host 0.0.0.0 --port 4500 --proxy-config proxy.config.json", diff --git a/src/ui_ng/lib/pkg/package.json b/src/ui_ng/lib/pkg/package.json index ed73066be..7346d66fc 100644 --- a/src/ui_ng/lib/pkg/package.json +++ b/src/ui_ng/lib/pkg/package.json @@ -1,6 +1,6 @@ { "name": "harbor-ui", - "version": "0.4.0", + "version": "0.5.9", "description": "Harbor shared UI components based on Clarity and Angular4", "author": "VMware", "module": "index.js", diff --git a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.html.ts b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.html.ts index 5037c9c37..04b17f327 100644 --- a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.html.ts +++ b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.html.ts @@ -11,22 +11,22 @@ export const PROJECT_POLICY_CONFIG_TEMPLATE = ` -
    +
    -
    +
    {{ 'PROJECT_CONFIG.CONTENT_TRUST_TOGGLE' | translate }}
    -
    +
    {{ 'PROJECT_CONFIG.PREVENT_VULNERABLE_TOGGLE' | translate }}
    -
    +
    {{ 'PROJECT_CONFIG.AUTOSCAN_TOGGLE' | translate }} diff --git a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.spec.ts b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.spec.ts index c98e7af8f..640fb6913 100644 --- a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.spec.ts +++ b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.spec.ts @@ -1,3 +1,4 @@ +import { SystemInfoService, SystemInfoDefaultService } from './../service/system-info.service'; import { async, ComponentFixture, TestBed } from '@angular/core/testing'; import { ErrorHandler } from '../error-handler/error-handler'; import { ConfirmationDialogComponent } from '../confirmation-dialog/confirmation-dialog.component'; @@ -5,13 +6,88 @@ import { ProjectPolicyConfigComponent } from './project-policy-config.component' import { SharedModule } from '../shared/shared.module'; import { ProjectService, ProjectDefaultService} from '../service/project.service'; import { SERVICE_CONFIG, IServiceConfig} from '../service.config'; +import { SystemInfo } from '../service/interface'; +import { Project } from './project'; describe('ProjectPolicyConfigComponent', () => { + + let systemInfoService: SystemInfoService; + let projectPolicyService: ProjectService; + + let spySystemInfo: jasmine.Spy; + let spyProjectPolicies: jasmine.Spy; + + let mockSystemInfo: SystemInfo[] = [ + { + 'with_clair': true, + 'with_notary': true, + 'with_admiral': false, + 'admiral_endpoint': 'NA', + 'auth_mode': 'db_auth', + 'registry_url': '10.112.122.56', + 'project_creation_restriction': 'everyone', + 'self_registration': true, + 'has_ca_root': false, + 'harbor_version': 'v1.1.1-rc1-160-g565110d' + }, + { + 'with_clair': false, + 'with_notary': false, + 'with_admiral': false, + 'admiral_endpoint': 'NA', + 'auth_mode': 'db_auth', + 'registry_url': '10.112.122.56', + 'project_creation_restriction': 'everyone', + 'self_registration': true, + 'has_ca_root': false, + 'harbor_version': 'v1.1.1-rc1-160-g565110d' + } + ]; + + let mockPorjectPolicies: Project[] | any[] = [ + { + 'project_id': 1, + 'owner_id': 1, + 'name': 'library', + 'creation_time': '2017-11-03T02:37:24Z', + 'update_time': '2017-11-03T02:37:24Z', + 'deleted': 0, + 'owner_name': '', + 'togglable': false, + 'current_user_role_id': 0, + 'repo_count': 0, + 'metadata': { + 'public': 'true' + } + }, + { + 'project_id': 2, + 'owner_id': 1, + 'name': 'test', + 'creation_time': '2017-11-03T02:37:24Z', + 'update_time': '2017-11-03T02:37:24Z', + 'deleted': 0, + 'owner_name': '', + 'togglable': false, + 'current_user_role_id': 0, + 'repo_count': 0, + 'metadata': { + 'auto_scan': 'true', + 'enable_content_trust': 'true', + 'prevent_vul': 'true', + 'public': 'true', + 'severity': 'low' + } + } + ]; + + let component: ProjectPolicyConfigComponent; let fixture: ComponentFixture; let config: IServiceConfig = { - projectPolicyEndpoint: '/api/projects/testing/:id/' + projectPolicyEndpoint: '/api/projects/testing', + systemInfoEndpoint: '/api/systeminfo/testing', }; beforeEach(async(() => { @@ -25,7 +101,8 @@ describe('ProjectPolicyConfigComponent', () => { providers: [ ErrorHandler, { provide: SERVICE_CONFIG, useValue: config }, - { provide: ProjectService, useClass: ProjectDefaultService } + { provide: ProjectService, useClass: ProjectDefaultService }, + { provide: SystemInfoService, useClass: SystemInfoDefaultService} ] }) .compileComponents(); @@ -36,6 +113,13 @@ describe('ProjectPolicyConfigComponent', () => { component = fixture.componentInstance; component.projectId = 1; component.hasProjectAdminRole = true; + + systemInfoService = fixture.debugElement.injector.get(SystemInfoService); + projectPolicyService = fixture.debugElement.injector.get(ProjectService); + + spySystemInfo = spyOn(systemInfoService, 'getSystemInfo').and.returnValues(Promise.resolve(mockSystemInfo[0])); + spyProjectPolicies = spyOn(projectPolicyService, 'getProject').and.returnValues(Promise.resolve(mockPorjectPolicies[0])); + fixture.detectChanges(); }); diff --git a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts index dbf623534..5694cd021 100644 --- a/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts +++ b/src/ui_ng/lib/src/project-policy-config/project-policy-config.component.ts @@ -14,19 +14,20 @@ import { ConfirmationAcknowledgement } from '../confirmation-dialog/confirmation import { TranslateService } from '@ngx-translate/core'; import { Project } from './project'; +import {SystemInfo, SystemInfoService} from '../service/index'; export class ProjectPolicy { Public: boolean; ContentTrust: boolean; PreventVulImg: boolean; - PreventVulImgServerity: string; + PreventVulImgSeverity: string; ScanImgOnPush: boolean; constructor() { this.Public = false; this.ContentTrust = false; this.PreventVulImg = false; - this.PreventVulImgServerity = 'low'; + this.PreventVulImgSeverity = 'low'; this.ScanImgOnPush = false; } @@ -34,7 +35,7 @@ export class ProjectPolicy { this.Public = pro.metadata.public === 'true' ? true : false; this.ContentTrust = pro.metadata.enable_content_trust === 'true' ? true : false; this.PreventVulImg = pro.metadata.prevent_vul === 'true' ? true : false; - if (pro.metadata.severity) { this.PreventVulImgServerity = pro.metadata.severity; }; + if (pro.metadata.severity) { this.PreventVulImgSeverity = pro.metadata.severity; }; this.ScanImgOnPush = pro.metadata.auto_scan === 'true' ? true : false; }; } @@ -42,7 +43,7 @@ export class ProjectPolicy { @Component({ selector: 'hbr-project-policy-config', template: PROJECT_POLICY_CONFIG_TEMPLATE, - styles: [PROJECT_POLICY_CONFIG_STYLE] + styles: [PROJECT_POLICY_CONFIG_STYLE], }) export class ProjectPolicyConfigComponent implements OnInit { onGoing = false; @@ -54,6 +55,7 @@ export class ProjectPolicyConfigComponent implements OnInit { @ViewChild('cfgConfirmationDialog') confirmationDlg: ConfirmationDialogComponent; + systemInfo: SystemInfo; orgProjectPolicy = new ProjectPolicy(); projectPolicy = new ProjectPolicy(); @@ -68,25 +70,41 @@ export class ProjectPolicyConfigComponent implements OnInit { private errorHandler: ErrorHandler, private translate: TranslateService, private projectService: ProjectService, + private systemInfoService: SystemInfoService, ) {} ngOnInit(): void { + // assert if project id exist if (!this.projectId) { this.errorHandler.error('Project ID cannot be unset.'); return; } + + // get system info + toPromise(this.systemInfoService.getSystemInfo()) + .then(systemInfo => this.systemInfo = systemInfo) + .catch(error => this.errorHandler.error(error)); + + // retrive project level policy data this.retrieve(); } + public get withNotary(): boolean { + return this.systemInfo ? this.systemInfo.with_notary : false; + } + + public get withClair(): boolean { + return this.systemInfo ? this.systemInfo.with_clair : false; + } + retrieve(state?: State): any { - toPromise(this.projectService. - getProject(this.projectId)) - .then( - response => { - this.orgProjectPolicy.initByProject(response); - this.projectPolicy.initByProject(response); - }) - .catch(error => this.errorHandler.error(error)); + toPromise(this.projectService.getProject(this.projectId)) + .then( + response => { + this.orgProjectPolicy.initByProject(response); + this.projectPolicy.initByProject(response); + }) + .catch(error => this.errorHandler.error(error)); } updateProjectPolicy(projectId: string|number, pp: ProjectPolicy) { @@ -99,7 +117,7 @@ export class ProjectPolicyConfigComponent implements OnInit { isValid() { let flag = false; - if (!this.projectPolicy.PreventVulImg || this.severityOptions.some(x => x.severity === this.projectPolicy.PreventVulImgServerity)) { + if (!this.projectPolicy.PreventVulImg || this.severityOptions.some(x => x.severity === this.projectPolicy.PreventVulImgSeverity)) { flag = true; } return flag; @@ -115,18 +133,18 @@ export class ProjectPolicyConfigComponent implements OnInit { } this.onGoing = true; toPromise(this.projectService.updateProjectPolicy(this.projectId, this.projectPolicy)) - .then(() => { - this.onGoing = false; + .then(() => { + this.onGoing = false; - this.translate.get('CONFIG.SAVE_SUCCESS').subscribe((res: string) => { - this.errorHandler.info(res); - }); - this.refresh(); - }) - .catch(error => { - this.onGoing = false; - this.errorHandler.error(error); + this.translate.get('CONFIG.SAVE_SUCCESS').subscribe((res: string) => { + this.errorHandler.info(res); }); + this.refresh(); + }) + .catch(error => { + this.onGoing = false; + this.errorHandler.error(error); + }); } cancel(): void { diff --git a/src/ui_ng/lib/src/project-policy-config/project.ts b/src/ui_ng/lib/src/project-policy-config/project.ts index bf00419bd..1f4a4fa6d 100644 --- a/src/ui_ng/lib/src/project-policy-config/project.ts +++ b/src/ui_ng/lib/src/project-policy-config/project.ts @@ -2,12 +2,11 @@ export class Project { project_id: number; owner_id: number; name: string; - creation_time: Date; - creation_time_str: string; + creation_time: Date | string; deleted: number; owner_name: string; togglable: boolean; - update_time: Date; + update_time: Date | string; current_user_role_id: number; repo_count: number; has_project_admin_role: boolean; diff --git a/src/ui_ng/lib/src/service/project.service.ts b/src/ui_ng/lib/src/service/project.service.ts index 6220b7574..341123dd7 100644 --- a/src/ui_ng/lib/src/service/project.service.ts +++ b/src/ui_ng/lib/src/service/project.service.ts @@ -74,7 +74,7 @@ export class ProjectDefaultService extends ProjectService { 'public': projectPolicy.Public ? 'true' : 'false', 'enable_content_trust': projectPolicy.ContentTrust ? 'true' : 'false', 'prevent_vul': projectPolicy.PreventVulImg ? 'true' : 'false', - 'severity': projectPolicy.PreventVulImgServerity, + 'severity': projectPolicy.PreventVulImgSeverity, 'auto_scan': projectPolicy.ScanImgOnPush ? 'true' : 'false' } }, HTTP_JSON_OPTIONS) .map(response => response.status) diff --git a/src/ui_ng/package.json b/src/ui_ng/package.json index a9cf0fc4d..ec25577c2 100644 --- a/src/ui_ng/package.json +++ b/src/ui_ng/package.json @@ -31,7 +31,7 @@ "clarity-icons": "^0.9.8", "clarity-ui": "^0.9.8", "core-js": "^2.4.1", - "harbor-ui": "0.5.8", + "harbor-ui": "0.5.9", "intl": "^1.2.5", "mutationobserver-shim": "^0.3.2", "ngx-cookie": "^1.0.0", From ef14b1f30875d4b3dba30c8614bcecbb23bdea75 Mon Sep 17 00:00:00 2001 From: Ben Sebastian Date: Thu, 16 Nov 2017 01:02:09 -0500 Subject: [PATCH 51/83] Use dumb-init for Clair entrypoint (#3361) --- make/photon/clair/Dockerfile | 10 ++++++++++ make/photon/clair/docker-entrypoint.sh | 2 +- make/photon/clair/dumb-init | Bin 0 -> 46400 bytes 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100755 make/photon/clair/dumb-init diff --git a/make/photon/clair/Dockerfile b/make/photon/clair/Dockerfile index eb319e85b..5738789e4 100644 --- a/make/photon/clair/Dockerfile +++ b/make/photon/clair/Dockerfile @@ -1,5 +1,6 @@ FROM vmware/photon:1.0 + RUN tdnf distro-sync -y \ && tdnf erase vim -y \ && tdnf install -y git shadow sudo bzr rpm xz python-xml \ @@ -9,11 +10,20 @@ RUN tdnf distro-sync -y \ && useradd --no-log-init -m -r -g 10000 -u 10000 clair COPY clair /clair2.0.1/ COPY docker-entrypoint.sh /docker-entrypoint.sh +COPY dumb-init /dumb-init \ + VOLUME /config + EXPOSE 6060 6061 + RUN chown -R 10000:10000 /clair2.0.1 \ && chmod u+x /clair2.0.1/clair \ && chmod u+x /docker-entrypoint.sh + && chmod +x /dumb-init + + HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1 + USER clair + ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/make/photon/clair/docker-entrypoint.sh b/make/photon/clair/docker-entrypoint.sh index b09f4a6bf..8c9edcd9c 100644 --- a/make/photon/clair/docker-entrypoint.sh +++ b/make/photon/clair/docker-entrypoint.sh @@ -1,4 +1,4 @@ #!/bin/bash set -e -/clair2.0.1/clair -config /config/config.yaml +/dumb-init -- /clair2.0.1/clair -config /config/config.yaml set +e diff --git a/make/photon/clair/dumb-init b/make/photon/clair/dumb-init new file mode 100755 index 0000000000000000000000000000000000000000..2fb1fa1374a8dcf7e523b7863b16c5d771003a5d GIT binary patch literal 46400 zcmd3PePC17`TtFu&=d+cC`eV1pg~&!Z5=8BD!Guz38qp9D2gas8M^5dF=U3C&mb9gBC|E$Cr9vwT-pl2sh_(f!`F);qlfF2&egFJbN$x!_ z&w0*sp7WgNdCqfA)_Qz5r;)-Ra1nJ{4` z$2Q8&^-^O=+uKVs;5~jY(aHSNWVha4eX&@9%a& z2+UCL8Yu|jm}2<|?_!w_cw%TBK7)BhZ&8V#iDMJM0W?Fc00fRxbE+WdM{?u2vC7Nm z1BtW?06Jz0{5_bLM-~0As>490$P{%BzL-*@#s}j&l6T*)kqT5>DyRI9i@N#cC_&Kt z@pv4WbC9W2SK5EUbG9Q#e=^aVE!1Vzj`o9jmvH0@S>y>oKA|cjkn=LYqqR?YD+{Ql z^S`2ot13?!(AEN4c?y8AlC4CyMT=`#WN0%ARgA}LCBfek1Wu~$5|pG@{S)=mDZF3) znM6-?b{KW`lHo>TVKA@YO*@h75sv@Rbp&lpFSOlgS*^Yp{kskM>iKkzqLWYrK~CTm zXx@%G20>mk2(lM_Gf6<`=IROl3Wsw_M^bV^hw^1tJw$3GNQZY-m*iFFrY3o3KD?j=6 z5@7+Gq~eRo-NTr2xaiVy4k#S+4_~~6GUDyak{r6YMjY$v$FY@^zkrpT-~g(6QUQP| z9jr>7!Ax~*XODkmFSH>^XyCiWH2~?R0oUFD2?E0xprZN^y0y5@vKL9F)4ZiEwzmke z8A8CKKZkm~z)n$xc++C-an$LXK}M~<_vq~SJms9+eOd7(tgt>}4le;bxjXJ363kmp zEh{yFAxiTiG!~>@D`zomzu$m|s>*hd4orMGrjbzs_!2xoD=L=basPG7xk%naf3pk9 zL8ZH^IheN?&w}XbR(D=NT@!iNCN8S!!zY+`_H~r;>x+0x*Q2FMSA^QpD!}UNmHlXc zET!6zx(LayAi1wTbz-#9iF0u=v;FJ}FD9#| zydKmp&I;xoC7MNF3gXrOwsN#mMZbN@mmvIKFT^zcoxvxY)aPA7#ZnZiWSDtd=F{|R zhh&cU92o$sZ#2q*dY}E0dJjmiak{EM2AJOd2lF1M_5x0I?_|J2mY~$Dmjln@zxTday{UI z$!r$~mG@&fSQJCSqVpYARRb~P?v%jg ztkCVSMhoKd*~^MYM&@Iv&Ww;ElyB!T<(o~JNUO9zhlWdzHBr^*-Ly`&oo26ka${J9DpnI#$_Y2HZ~4oBGJ#uydE>!qzna>#iVBW<9!~edV7sNx{ zf18}QmOo6F^H$J9;1BhdWq7y{K=c;?^3*Q?@`_%N?dX1;<$1JkQZEN&?Iw`0-g0BI zN_oBIisbVvpyFUG#5FbGsI$4TO+J7DI~CBFDkGnzPC)yzpZ*&dN}gVgHek6i_=-8z{-^QpW2xmv+19+NXYRrK@4}IxQQ1JIqV#`Xxu_6%-=U(Sx|Fj_$PpwcPPb!aAWy%HDc6619^k8zzT$Q3ZjOgy z{@C`*49T>vo_Z`i668!g56V{4Bc%~V$(-+0`tc1EJoc>$A+hGG{ z0=_e8{L9nu;Zy3FvQ4y9Qp%Rj=dplvx|;{t{X?+Gix#lVW2UcJyawG*4SZ2=k)SdW z5DY!ha8b>?&7^6o$G--TmYlQV`O(3-vG|2duCeOJ7u84$r1`9{ZoxcXbZIqcSId;$ zUgf+YhOQ$C_+!Xi^`D@Fa?+<9V#+}&z6T=v6+nbAV9NP<>U$H=qMXz_A@s)8Yi}7B7FnL99Ylt7yR^Wo^l<8S&0~=<&pu1d?qSMywVqH?+CWit8`{Kh_>?a7 z8DJ5Pt@O}%T}@<$@a1fv)KSu}ham|x9FKH{#f`Fj%1KqGbZ2c~D8OtPj70TfELH$d z6qOcB_h=cSvBKNn&_E-s3S$ zvd^IKaHCAITmt}F6*AV{ZUUgtE-~~DRXaN=aA9ywiVzqYhrMN`QY850yw^!t3Jk8d zyo?8=phe3|c%*rlSz)FGQ=NJk52PkNHk2mc`M4l_kSP1XAMAp!@cLz_0@ExL$YMTL z`;-oos^rZ_s$!W#;5K+oox$mYgun&y>Uzr$kVJpV$S3|_7o>F_n$)8yMOG)s?dPYP zyz(Bwllz6Y@N2?kG{?keI-xG&m_+V&j9z1rOk4FdDZZ7Mf7;!S%)n0i^j}T%nYwuf zpoyV>63n~{{$Qt<*YLs$xBHZ@Dt`^$)bGeI{9;yc^>|^b7=9Xgw?y6JO~ENsG2Zo- z(!Ze&{`6_2!A%>w`(?YZ_F4n>RHXYC%Xt+@6L?Ghxe37U0I)YQLtO}|txqLj82+0H zmVY8>8%2$1fk_z|!UHQDISD!5)DiXdma&QUAl7Yogzk|Ar9Q!D(!DjrWyE5fzcS^# znbbD%){p)`58$l@^nky5%kKY8K3$AbCZt6sU5F>SAr4JA`cDW;R(QY{op{hIW5$W0 zSCFzU1;l^tynhl?nptFY9hMC-REmt?v`K+M!Br+9kip_HXZ_mGwB<-vEV17M&u}AC zPP-%H-=UX!OF^P(F?0^?dJDI*=;T_$3gV}RDSn4FI0ejm5SboGnnA&pfI9-8NNhx6 zaAgYcA#K35?mGFz1Xu9Ld6)Qn9c)EUZl_D!*y&m~`8rpb-;wH5cDNOv!_2CVSRgBN zF-!a&Pwp-PCW+5i-x{57Gr8B@};fuWRt zu^T*PmMFhU|Fb0bn8fg5V69ttMtAD$9g3y)ci`K|&6$ej;lJW3I5jW8 zBzcWh2wWdr?MR*KcgT6aK^eh+sW)4B>qAr1&h&QB3NLqfp?yq_r-7RzV8m`FSEqQOIf(94=$N|fEJUy6b(GW`TnHaj4%TU65t8#@V8hGNW}#m@d(+w5Gpz=?1WP1SOQ(gkptOcwV?o0pg~Zw zot`qwDGe$D*6R9f(l9ZTK)qP3X&X|@eZfulH4YFo)r^8h34%|}J zK1ivG&J3nEtV~A>n3aO=My(XNIw+r=QG7KDq&M-rRLaXjUTPw57|%m3h*UuzrnX|u ztrzCwB|+&L@?a#zju%GFmPx;L5nUKl0&g*8!E5TJq}sz5^m|^HnwNsp9bnBRpkU>- zc&Fuc!#MO3>^Bltz-ufLc#9I(g67(EB6PU5+y=mvL^kAr#?5N@3S{KP0l=%&7TMIB zcmrTYL9-C(xUmjr%zTkh{8(nPDAMhzq zu1T%%DV`0g70vr1o(^rUm@?FF zQ}5$XDgF!=`ALI*jl``W-WWCIhra%k25mNGlLx$qXa5j&GOE-ILxDdHQ}idziwspn zx|e*4BUk?#^KTYZ(wcel$24Jr>Q{U=eyPG_7RsIYFqnSVm9(g1^a4Ks^N!%mTV7#g z*FV{T2l`WHPGR*=s>TbJ7W1F%{287-)sLs#c(@hvxn6ymT9Jjn?E;eh(x-eUy~ik@yK4*a zTyJ@DE%M1yZTvZi>Hvl zqZ}eNOdrTIQYZYmky6rrpl+dAU}ROtp@yVvrP=UvkjxYQLaFr^)9WJS=s$;%@%0AC z^W!wDhe7W@f;aVb6vZyUzEm_~Se-K>aso2I!Xj%^>#s5(M`lf7&RJQ||B;xEis`jz z#gDb1P3=M%7Fo1he_wqWuoRWsFVK6UZ?2~faQ7fDxfCP^2KLBv)C?B1qb$0a9{GYm z?)fk5!1t4dx;%=S5!h}rWU%f;;9ID#lH zX8(yBt77)+j+goSyNEA=ff$t4Hh899_q3y%6JyzyWZLZb$h z_bOk*sz0y3G=}8fXPAjF1u;vw`JtwPvzfETSYj4+HIsj$zePmsMzhsLV=zKlPu=d2 zGaMjYkXq2c#5CLz#FOB^iA72&Eiqg#Hqo=Po_|G*HxLi_Kgn_H6$eP*T-}=xnKQ*; z7H3u9DgX@pQT+jIoRfJ?(U}uN;_OpEOVgdLH z*HLq#>aJra`i#}&|w|+n1^A2O^@kkW%A>8!G8tjo1IOVmF07`KYArz7z}Nna^g;c!u9cZ zJ5%UU?A(_fS#0&1j(f9@={xQ+n&YZ}Il(tf%x^Fil-)k@&7)og zvgaG1PJRNf@)0eakrE;&bY)}8eXP#Mswt73OP%m3aZViQZT<^ru?1sV)i7y!q;7hh zwSFrERo6GfjgZZ-1^OvmM5HZQ|5zfZR`6_j4xa9+;R)LHNB~ch?=$igVE|zVZT%$1 zeW+OZ9FfPlCt%ZIVt1)kS8&pOse`=pve>kF_D6@Z=p3xww`94?F4u2%D@PL4)~*3= zy#W01g?wLyp+*JOgu>*aX;c4!CK8h4|AU#IGYSMr%zXGaHVq~Mfq6vGI=+K-osz3_ z$}ZB6VbQGVOasSsFl8?sV{ob{_1bOZ0hD_#5=%+o$tTj~o*`oCLOjPE-xOeJj0~2~ zTw6R;X^^X|EOn+$8LUI2m}zBEhDkjKi=v=?jwb(Gxrm^>|9>dPP!7J{{|b(YTLk@~ z|JJDZo}hdGTOlS^3i=iQt(3SCY?oFOnPV+lnCJ;%E ziA-+q0I{I7%(1p+Aww!@7woW1A9C(|;%DG%msr_3PuX2TI%@WZklJ7>dM-IfpOW$^ z6K~#4I?)8k_>yy^xE5vd(pc>w*3~Pal9lLGSZ|lajh`fvMI?hUD4nlzNp+j1_<2aB zl4A=ov07hutj8Cu=h0ZLGToT8Q?RtGL@Po|taZAh6+U3~SriG!?v)m{KIpJP1icTS zkf5-4-U5%bwCmT?6c;PnhpZTl)xBaPQp?}Qha`VtVxk9HEz0U*zl!f57n9!B*T_ML zu6VzEHm9$b_jUF_|7T(ozqNTA_dpyN&j{6+%vG@grZD2FW~v{-(Da@o!C2HLze zH#h3v@cQs}1Z*waTH2cr9jtC?Y-w+4)Xkq(A3Ta7bG0<0iTmL=yPq80t9(jbRrlE3 z`s{jWvB=NCKb!gy90fjSj0lc@Ir!%aU}bST9n_qfaIeQ;EXZ@RV{jUhIR$4;nuZg zEGSmgNU3v~u4&a)S$s;9{(9idfoA#-I}mmxu)^KG>;_tdolR>+j({(_+a2|%rsx+K zugWf8_BNh4Ic0Wq;+4IFog8V>*RnA3KHzLq=abFf$1iZwJ65R`hcYPAVzn5C`dgHTRn&71*;G!Omh6A40y?k;cFY2^;H{y7%1k&-g|TQBnTA#h)PD+JQL z@(FXkv!}Qtd&gTQ{dMdzm?6LJkIovi2{Tf7sq0Mcu6WE>*aRH!zco6VtW$_DQF#{M z@RLy?shmVuSBu;YTl=i&+fhmA?e39ww*!_-iZ|qT`kY@qdRb&DoKa>;IWO%#?lzrJ zR(z}UxX0CrZ=#fbKtgziH+qNJC%VsqP17Xh27@{ne@ypfKBdzudiJsGy*|@^R@IZ@ zbMEztbH6e*{KKUE6slxs7mx>fOq1N5?oWH5b1=0Tal(@9?&=Kh zl9b)>Vn-#j*I6fq$WAbFUNiZvt&`GLVHq0KV)^`Wkh)`Mx8$r@A!45i)>ed6zEtVQQk$HAOuSl~Rq6}iKss$6ItxY@7{P>`NS#jzGrXD4?#2Ih=)wCiz zlQna_WJddf*ZFZ#hEzZMTmAx8iJSE1{|hCVT!n7z@QJfe{VR8Is)p+T6O)R#g;p77 z&6*1&x%=DI84~tGA>OmHYxFeCudI~#hmhk|s~CO`Wx=1Ex5N zu@}N7fL*+W%?xZp!VjFnOwBC2VH1%8rK=zhnRsgx)cSC1be2i_rztSh9eL1Um8y=X zO7dZoN8ET^GSw0q1_Csl1H)!T-4={Y%q`AU^}F1do+Qbzh$!{$#5$rr{S8DUq8=dN zcCzd$cvsiL5#CTI0{Esu0{Ng6 ztillEF<<$XCl$|;A~W)%o^-5>Y8`wj`OYu>Lw!!Q=;8$ar?D;uGT`;I)`c80K;?L& z3(}cVhsL~ey_scKt8bv9{${u}kj4kze>YzvxF4l*_itS!thu9xCblcwx@I~W^@57& z>O9nh4Oo<<)@k`%I>o@DN}YHsv^}GZ!dv)Lhm0_0Y+}h!-v&9j)6yHA zO%jo}pRb(vi8puTJHHWSnw?6stRe=IlvW9mh51;UdAC14%@_Z`P%lz?dztS%505+1 z;PTHjK!c!Gf*1zNLA>P$QFjn3W~B3ipmryc+d%8@PO^e zwUY_e*M>%Db8!THgXe6*${g+rq$%k(Erl3&Ze25mlnT4r0v(j}0eii0i&4#n4#uUR z6CUl6Shw?)kEL~KSjy6;kM~==@p`?(r<@B;8}HA`&;A$z7!JXseCxlOMW#EjJLN6h zX8_KI3zh@cMeL)E59~r!Y}cpgTjAIBTfIt)wge4{m9tE;ngfYmJR-O%#Ss{WLaBs3 z2{wHY;uzpv@#G$_P_j%$fQnc-MEO|O?DCnhMWQPhzuKeph~f9C_;B%+ZI2#Px=?HP zms0w99RjKH7TDO^WGzQNlU_WPw=tPP0m$s%P<`k{7qHq}#YndWTIB_2I+`aA)2Q!xToTa;w!H zxen;T8Sz+_RI**LgZsM<>Z8TV3+1CZ^4av_3=ftz6p>7Obq(cKJ}qyL2d7;lhW~*+ zf|yr};V7P{YbkwQ%MGqdbp$3*dzl9Ma*eq@^vi+$LYE@18$G&@_ecz1jo$E%xRvw% zT#j#KSpSaPZc~Qo7tvfnN6<|cxh>I~xz@f&4;CmTXfrIJ7iJ#thOTIE z=ZG ziyjs0?H0NFMzPccqYa^JDkQ8VpGy-^Z#j3@*1`jW z*yUITH#vA1$d{4+VxRNXysm!Uj@r}O203&tQTE$Q+Jyms^rT1Y53i$}a zD5>6qo@gK9l`GXr_}uwgRt>1wW=fS0rNNOSl?~UwGywgA%10CNPKA5O_;EI^UK_pN zq(9E#p#Ebv*43P_xiMe``UFX=I6P#apNvlc$_+5YGO{6iTSE_1?58}DUeDIb3Wk6@X!#V4=M6xA^w$wqFGTzeWVp) zev0}Az6c*g_WB$Jm2E&hKir6}?eGcz{9vE~>)a=wPO07G4 z`+%0U|4j}L1d|WX0)z!f%E+{2G#d&ye@M=gqD&Dpk?Uw~z0JG1+TkV}f+mh#-JZd1 zk+Mr+zA1=ULz+ALjI&C7GK9jCsb1e4_d6ESKjkRV+Xjo&t#qo>Phh=Jwl2I&y9$<} zF*?c4>%)>ykPhfL5fclAM^U*Wffd#=ME=-C--8Z&r5)H)-*adHr`#Mxl#0jM<5tdi zL|+#yQ}wRIkWL{O@RoR#uYJm1wNj^*oI^!n$uM_Op0CmBcvK=9@)A6bm$Vdh7>9+% zcuy%4tC#xdzkmW#1d4D|_aB4YpNUvoLtcb6BpO0A^b1gphAPXj-@N34!?K>~EsV{K zOqOASO{Ipc7-4lh8u7+sRK_cJ4-V|5H3c*lv<>*+)v%i&ua>_R5Tt|VusW_$^_IRq z_F}|<5rfiP;BkIgj76wF5$ydix1$_r=@IjLFcY*j-JnT809GH7Km->+%lQbaAL5Gu zY4t{eM0&Lw(OBv|N3s6>4oq)@WB!h2gQUtc*%!%4uN5C<$@2PrqE^uHIYf) z9=O)A)3}NJ0Pq{0ew9THiIofQLXSEM``s{x%MKztxrvtW=(nj)f;-{SkEBXUEsO(u zaPvA86V_Vf_BJJz_VMIZON2l+vAxR|DO`v>za<5{p;-%=f~_}YR#uW1@oYEnNgx2c zxO1aT{RQ;&e7^TLjkX#SI}|du8cBr$o(5!U8!gxq-%}Fb*eN7yOpT;gQ0dp~qUWeY z+kBmFWrDHOHxwNK8Hp~2ubyJ+5bLCE!u~c0)(r?=V~Z9`?WU=C#pWz1XeGBM3ttb1 z6lV1jY|fIu#6ZdjX;pVo>|V)M0@3ey!+KX|eHuj(1;*+VDc)S%m_`;d$$lo+o0xpm zL`D1}mW03|Y+ohflPNL;!5}e|OH?5R#8azZi@F9e|jd)jrd@k{lGdWIz62iJL3yi!6289l6xBepbQ+~ z2>cA46gOghuXpb7PiN7&CT2RTk3i6L2>1|kQ(!NfoIUQ*GP~g|xJ>&14@TU! zxG|M-UZFxu(E$Y)E;_laxb0IC&x@O6EjIm{{(|oP68nL^IM@*FHAxW0ro_ zht17>*wEs*VGrs8Ua!W)-~DFv00B(=h>c57hY-dlyczxB{e2wqu>QwEI^7bSBKYq^ zqo&u=0;i#D^&!J5lRZJ>DZB^USoo{JrHOM37{-WgK$ia~pkc$;e_{Xg3e~3IR3QMV zLFB-eaJRmJv!OA*oDcnrF#zJmVX#Ez630q#D1{pF8S{jy{5MT$@Q>4{82E=8VLem+ zlm^7a@%+ocNdAk7+X02D`=U4F@m5nP7HGf!J}n72e8SylT~S{IQ;-M$#3~nd|TjL z4HGxk_01qJ9AyBorg$YVT<$8n5pjN_pb4iG6)sa|o8aXfbzVL@sAz#QI~C7o$y zyiA#mspcMa3THTqrr}M*zfqKeEp_)OO+I^55iG;mWAX1Q{JR$aZls(l`atxedlaIV z-J=ls+g;ODPtJVE97@5*PHe()r2pnqVu+f~J}Vyrd^9-Q%CdJd(>}c|VmTeO!*v-j z)qq;jhoM8z0VXSVN0p{R_Z-FJ5fa8Z?ewZXw4xuRxP(X=3j6?TaT?#fkIXjX{R*6m zLkYuDFToR9N7Rnoy*~g}2i5l?JO=U7H$cnQU^K_egD4bkl;(?`1_Ty#%q#y15|rKX z27e|Z{{n*}qn!H#1*g~R$EAo3)IF(NC?e3@A;l4*v-<;T&R5tdy-yF3G-plV5`gW`{%Wu}$g(cW)XUfR!0m8ljn7QCm8M={P>n+cr05G5e?^23l`6n+o z^w0cj&yh{uc3scu^5XzfykkDuN@%g4IG)XHq;7UG=uMOlFTapJ_uqipZdFUgBpazem zJBQ6nbt~|eC#<~l9(^L0u7d7ZR&pl3R(x-#|B?gE%f<`AlA}E{un-UJnW2oLEg@^` zLPIo203q!pB^T$aiLp>KJr^4pR-oVi<<+9KOwfSx-+d>T-4 zW6nMPANZnwp%=`(+*pSszCFYL>Ywt3l6MXRPt@E(mHUOX zMS@i8|GF;Hlt)i(Ooo7_lL8{e*BW6%D{T7J>W5$l0MkJx9jdI`A&Qmn@Cc<2l#H%` zkMz;3vK0LiW5vceVaeywS@DLzHeSJ)RS+>m(#YDC>M6`l%#U(nMq}((zzRm-Y2n(H z@b7U-^K|Vlq#Hi$eY8GFA7I%N7R-|>N8sB)9pZiV6kp^%Fen&{ToRcG#r9@zWeP1f zOA)AL`h*p(TIq#PiDHFL7){3EbMQL11};X_+CtLNQs*t{wfB^HcKwIo#K*3ZhaiIC ze9FJG+5FkQ2~SulHfw>E+H^J{Ofws%O|4CeZ)YZtz_LA7Z8ds~_-jxi%cperH-q`{ ztWNNUFZxHCdI)Ky6YE$kv2C%3w1`8b13dz-I3dYnsaf`Z;N}xOhrG^XUh!sxLLF6K z=UZ3i2|m;3US%;hynkze@nDkks8F&OYu3F;=5KUnJiV!`lpZ5#uUT<2ropbHVTcjr zGaDB0Y#Va0Sk5M%2c0R%c6Js^oec`jwnG|fkGYW!fBa~(Nw{DR*C6Y=!aW+Gv97Uaq#j zZNi4Neuz$<&~CCCYV_mu0m`F}DxbZ!7@`Qp7~HtsNLJx50!YLq@iUvW7$I!5?-URb z^E5>D{h+WBPstethVc~YA^gMX>OxFqG=*gk@{3aO&FQd?TWO`Bg}AXvKAJ9{H5a8% zw+B}0sc=P$8)uo6YFSN}yUj%>gJ7(eKB#}N6mNLB%4!V_| zxJ=uaT2?I|x;A(=)jtS`SoI4q!6=uS!zfW2{D0O$|7G;`kbgXVEfPadBH!R1+f{&g zJ+{2Kz;}zccI)?Zk0V_FkkHU^o&djUV@#%f|1TR=+)q}-aeCi>*Yt{ImQa=(y_aq(*{r6MKA~F0bQuIai^00r- z+A;KSpZLrTNX_k}m!FEE0~iPGiA2pu{nxBbqm1RcjlKf#VoJNvVBsnZwxz2sB+8+w7Nx#Grorr_Dd{w##$ zI3TLxK3wc@FH|a%HyaU4ev`>ry~bLWf&Eg%#9&2*p9hVV`OHi7x2dCrMxO#^PxL+$ z5;Abu?=;%O;|QGPne6ai3`g9nNDGx~Gq zzly{=9mK~7rP~!;J>p)${|H?~F`v}Gxik<3T+1kPJLal$p^U@G@A3Z~sEeWZFdy?_ zGY-Mn70go1mDn~$3`AhOCv@Cz&o_O6Gf3X});ZD12Cl*l9M^zVt42*I2EdwcEK@Vs zEI+O~U}1r=!$UCc+9DL%#C^6&(wK(6v8H76y zvc&L>Mhf=8FXa5gB4$SbA&)saPNin?vSMf#7=(t;I;-AH^8_!)#Srby&#D8F1nq4+ z@^B;FQc0^alN+JJX?eG2a*C5 z>Xhol)`5N}r5Ld8f=BB+UGlFq08HY@`!Axe6#ppt5(1;CGcB34nwcF3GD!Rr1B$QU1kEJhjbH%GGwo#{0A>R;o3T+KddSSeKdO&pkj+NN>kF`C)9HMM zZzRLBI)ggjg)k8;6MV_jv7JHk?_VHo`M$&oOcdIeA(g0~Lduk$Eh!*y`R|C1mVVyN zW$Q@==Oz-J%_0X8{CbgRNn>Ho22p+$kc{Q#4$^U=1$*Q}=L2&f>Ev!~F?k^JpNEEw zlF#*)Kfk;oo?wHLV=L_- zTTc%3?4SbCmg^<$(+dAb5*z*kJwfCjrzC{{$`} z-u5bJis4S|#vi8b?J#a8I)&0ooxH;?_xwZ*rK4A*S|5Tm$Fy6H=TI7u@i`A8jD{nA zK3#m)PWY{MERo}vtsSP+DQ9+{0NP>V^;VFUH0!pBj)OSJ4d@tm^iB-jfwtwR9ZT$j zVCs+XlXH=QBTULIZW>M(vTNh&M8Ik} zp?7T}6$cZay#{0GmA@S>KI<@^(#6n=U{fk6J`+V9x_+PwJO4|fBf@|nWH&`KGKpE_ zGncK+z$y2m*i+^DW|9}AsMN_eaE@p-hlN*N0$5`kA7Vou_GbtA9?Jm!r7;Xsd_87f za(un=vHmRd=vDpr9p(LPoF|eTqS1K*zF$XU`SK;4FZ`SJ{Ye%O!)M^qOYnQxhG*>p zV29P#MK%6TF0@MOD*l3uc0db(kJq$SYX)Su(oo@i=JP3CNAZNP+nr~X-Ptu!bE{kV zFuO(!{SLLFv(mBWjtFAzGRlU4JkB;mrgK{0K0QDyryzJwbU{3~@g;;@=5}_)y>c}! z3Lv>j{E)k=s|zvbyWOT3+-^vKCGFfHDNWJaO*pGv3x77ixa_Lv`KqdYEbSKq8M(bn zGF5q<+X9;rQS8rvkfE`M1cY?SZc$E4auuRmJG~Y2?)vr1*Ot36U0oRLGncH%#OI}A z_yEvng*Ec((DLD8>Bo5U-~gl~pBR%Hb1QWvN2poaeT5uy9`rvXpD-C|tgt8Idw)5r z`fLm{Rl)2nIYWIcLd@1SR&^8+y-nV(LwFj3P0^q3qP*;#Zlzj5C8IOWy@59X@?u=M z@K=D9ls#@Zgc2>jOmbj938-5!Wo6w&Jt_H|u#ubxu*?+hR@~1o*K&{>odY-CS=5I| z9{Caf)60kW-(RlaTi@rV*zEV?;C3G5MEzIx8wf~nd)~qdt0SP6+&#Q#hTMHYz>SFP z@kTSX2#ef6nR(W_moF)@=cVH-a0T2Cy#+GZh7yo2et6E+#k5CssTiWoI6OIUF5@TL z$CTrrApX8eQjQ|vyBW7Zc*MD%L^HMnAw;X}a65G|^Z+`cwDqnptZ-iheUp@W_qZl7 zMUAxkq-5%X5$;x2KffGi4S1ssL0@zN3mvwjkf#}3f$d>1Mah?xNc}e0Lvo%EyiV(m z8O=zzZh>R(tnu6O3y;rK{I8>>TJ1|r31r53ri|6eqZgG^1=#3SxmnbURflw+G#B9{K~6V;eltH7+WNn5PL? zww*Y~om^U~NVXho6rUj}1-V^DyHd(F!$!p=8R9b*Bw*_$1`khiFcOgq#)!q2ZXY9- z(n?D_^fRD`LtH5>jRR%;SH6Ud|J3X#cVR@bo8Sjrb01Eb!N_ZAgc7k7YK0wYrX49u zT2yQRVQIy`oWApQ4HGynjZk;&@C(|p;w+`Z71+t4lVA8(@VHG3?FBM8g0W4#Z1pxq4J9nCI*1l8IxWF*vH8i|aT;aXP9--*YGn)SlvDBL<}EV}$@BP4VdpyUyY zLf&!A29l=jmOj#Ou^IAe#5!TQTTo`JOqcMYXcWDd2^t1w#Tq;7$T5_@W zd%3QLIEhu@s$~C_2FMY3p4bM13`srXjP_&HZD}Op-2ilZiFYkp1&kYMTdq?(g|9vX zVxaxN5A2o!KT@AUJ0U3Ko)j^(9uH95MzoxO?nl}EbU#*KOA?zrN?Do6B4@OYai;{^ z3rLW#Pxk@k7$p@BS&dME5CmQP&>ar3Q@!rR1JTV#r2v&hifip!{s` z09c!WWFM>?rGuX{`l%Q$MXdoPy#q>Ov(YYhKO}}neYc$Rd&=R+&uJtNfS3I}<17I4xehkhmj1^s!HV)Yp z5LoCMHxA)5#0e2@Dj?TPBZ_;T#L!vHMC8Gm!UK^3$z~kgf#EWjBF`xshq91rF;W_h z6vSTP8Y2qU5It31L?3ByA!FHk642f7@EBt+mI`P|+lQ=#9ob^3zBxJG+EvI*+Qs#? zHCqfe%W?s2;=5Ui1X~_bINwo@MpCEOUIM@Fzy>DgS2*-|y;~Crw(CGNUXOD4wFM*v z2*m|JQK_RTt!)4jeG@2IU@{8u>^C^>TzpW)(aH1=2Bw>n>DvdUA4Aw@q9G@8)+gbA z(wAO?^xpooSbpar`d|*mH61fOL7!y3-}Ke{C+hKw2m*bR1CqLX9I*o}C$vvMQ3z5>xfBRsRnj78 zoeom-rW3Ohyifb9d^R}^pTtuy4B%*kPk$6B9Z)9et4jJU5;OQ-(7+qH!1FX2%K|qB{4!vjtcxX_K;ih9D1ShF0zVe9E&N#6 zGCR~JAH@-vi;J2PJ_nqdzt>+QcW3+GNs>qmDKxK*DHO=inuu@K^LHj6N2Kogc;J*) z0-WKm3EVh9r2Lk**yos`4q{v6H6$m&CuV0tB1=k(M`>T=R!+I;HkLTQ=Y?XCwN{Fa z$2dHP4KYnZYdok)8wpmSiRP1q5xGZ~2K8I+VglQ(Xu8-BSZ$abmc27`iB0D9VTIz-_ZG{MJnouXjm`X#d0qW?py%hEZb}`2#I5k;Tvr%pFM(4ZnbmmPufJw0n6^75;#6t z?ae*~T73&MHU;4TxZ?Cox-V*`HC`zC5vR{02o2LR@!^q2T!0sP75tC4YM-fYnfPe4 z70(TLXtFO8zutz2U3ggDh~%%U@esqqkCFdy6|!2O9e$06HPzyq+i*(O?*{3q4gWOb zVUYhizQiJ^;V)u%a{8zV0_ znHh7Ucdu_}xQi7Rgp5Nrn>N}ZKK(U16K-7jgBHsp(@AS?)mB{EqDFn`n8~`SSqnEF zta|L|ffk%wB>w;+}uTOW%krS27%*ZsXpi=Bk6$2esaSyFp^;B|sqiNNFP# z_SG@mJh}xcp&``!y4-^SqZxn;GjnKGV(Gra8n`v#|Fc5iL%HV$kR)EcmDI`loB9-A zts9Cq=O6$7VrId?x|ha9e5RV1>sR13qyNzYC;@6JicoAQiBA1*{pOu0e+@MH%{|O* z?*F1)r+(!g#r8htC!)NQ!oE)~B<{^T2C)sEry1r_UkB6DRB}-ja*(~F?;<}3O^Wr% z(}F0?doG4EF^4n@K8R&!p^w_F=mX743hAL~yM%xis4pIY#!vyo=r2g%Nuyta$Re7Z zVwk#~fcZx}9%wdbNk5-}#jqX$&Iwc{167*+F4Y8dXqvk;I{5*wI$E}Exfe~K{&nH*rLu|P1(FuK9Uq?GVUO>Tm=qkTr* zuaMDMh5h4~2=5kRGkDXq|G^tfhNC1Zn$?m&#o=vnI1+{)cGD((gE_$M-J_>@k$e8N zNOiJEJ&F)^Q&FbRR-{Xz;MeLG5QJ;MaT0Yc1hsYGp4j2Q%yk1j1oa zJ}b(vP$|B-G|Sjr;xRkzWIMECn~OH^u+uf3zGS!mdPh9> zxI27S3{iLrhqIyNeBC3XacUw+g>g1VET#KWC1<_()SL7mzIoDwE9ho{Jl&7lXx1cp zr}OP?@X|{c7iUH1zac~)q-`?}N|Y(cq93@#a@*vs ze98E`SkLU!hySIZSo#Gz?ZZU@r62Jj^Swd-Gm2a`HL|X~%y~*I{Ribxd(nx*f&Pk3 zMBdM6kP_&=lk|s64}3g|Z4fuECn{8F7WuO@+}DotpOtUDj1(QGRe}K4AK~8OC1ANY zC|E6){s~3kSrX-6(}Qwq_u=#;?N%U4u}xjtuklLoDWw(krD=5#bl8Y5Pq2rZgl{i< zAOx`JGB^~8AAIyHLh2%4w%V(c(Rjcu9vCcjZiStF8uUetM|Y^1e@M;{98}Q$4s=<4 z9dO3%JH>XN&@W!Lz8`&i`-L9yzN|t?=KQ9(fJn)!9A@czh@MzE+DQ4Zs!tQ522uIx zaD7u^UZH<eb;90rKkY)F0uJ4XllF2!Hzk*5>3((>1>cj7MxBZh!(hyyQtJ>fa|vn{KU$ zYn5nK;@9+R5#lajco5JMsOd^#LOwdDA1b{(5IidujUx{HAr-?u8w$n!u<=w}D=-TY z{o1_%zX==+B*|B*)e_oh=>INMnvu%tF zCFQ*s0m7jW94kWe%Cil4$2mmj4)Hft%(OQIMZkktQ*P&B3WSi&V{1!e_+}9Ju*cHb zv{I_KrkGHp3rDem`2dSN$IBp~{6^d;iw18&gI^)QoGI^+OvNRxxby`|DKkAs)y0js z#SuxFS|;JBL;_D#Q}*$i6E;&B0)R@+eQV#P$EY8HIB%@SQ5*tDf8}5)RPWzm7XqE3 zW8u0=>?i*Z$}l+&F?(KoO2rEu$rkh>Mtkx(vDnH?t;~6#_^T}&5dTjqq5AALP(3p8 zu-gsg7gbD+yA>^3z^`MQ>6>6-bDqB5DPkb3}R%n`XJ0mmE18UxMN!hJPm5Q_VAjN{)RFG!TQy6Im0zd6MKnUQ-9Tf>5mQyQYn6^Aka3DL?I1149Y0Rz-85rqcvk) zDDSXfw@}50R5^oczfYgqQz(!aH)14yPV5d)u?eABuwlV21(>C`W6I4W4rTJ^um&11 zRc^LQ5ggjgxXc8WoAO-}`>*^@H3;JV9Gdtslw>>&rg~x>@J7aR&gA~2?{emQM7${HOw!CVl4BVe z`O<9S&9{=gc>)Co5yr}>P5pEDaaEaeSFq1962>tqA;&ml?(}@yE z0%{ZS!q?pdf4&Z&-{H?m9cUAi4aQ2w01m~aDX446nXmwL9gmp_Mn z4}Z1-KW`*WJINW(Ww0b?PPl?H`f+9%F92ctd5<@{4VEN+F~Z^A9LvH<%x+g_9fUy_=NTln<2J4bEfAHMxZY_2!EgH7N7D~9fmEm2 zijs!?fYW2%D?HZMP@Q;~j@|GH>A~qx4}TpXY`5~U?`Bc63mff@(YT-|m71~9f%VA9 zDw6rp4N1PHbG+c|wJ2_gS9zrk4xnd|9I?EBvf$7#zo(=Rjqph{5wTpzbN#b%g4mLV zXX6yHMKF?cjDy5m8Y-3ykhw8~sRM|^jB#O`l>?oqs)!4E-Vj zBcl(73#2@$c0R%l#WEvn){Ug}^nO-vFddDkV00>$kpLD=y zHU{npUEayE>+$18xDgS*5GHTU>RT7I4e-Jz_1DDw{uIRi{`uVvgh%ti>p#R=rZJD) zN_(m0;hB5{LpSlXAaPdT`cnB3#)c1&dP6mtDyVQ1uMpVZuNR@=s0=OS(&={c7>{P+ zD;+B?P)>0%j?OUny=ti6X+$x8ONnw&NzZcBwzDiIAd6HR1@|M zsEpO9fmw`Y-(%xlj+kqkNgYr;Sf>8UA0za5zm0~Ixb_QlmNQk}cbIC@e`G2#*?e*w z28;WnYOu;^$;W2M{81wcj5#v5gCjg_)L2WRY;C=QOGx4 zX|2ZmAI)Xr7QR~hc%dMA0{)>BdC^}QR471K3v3!4vtrQ?#=VnwAp z42<6;{@xX}SKBkfITI>LWQ?m9@i6`7Nv~c@GSg1NGb>^#gXAZ+dLE*Yl<+KdDkdxR zZ!Dw;vNq#++L(P)>=-DNXUYNk=|k1dq7T?{-jPSuDtwgVTsec8@R z;zBSLxWVTsK9xg&l=Il!!J&#br&_`HvaqI)T4T<^KH`j2hE;)^V`~gij z&Cr@Z(|(N#TyIM76Ey~Dp}n3+$Mk|1^D6Nfx?BuHI2uRnaY4^BbYg}3E;&W^vI+cP zEd7pipM~?(NkX3s>`gRp#iuAl46$IDVwn7o<#U;s$l#{ZL13eHb5Yy30*Mc>Z;PYfOa1CVjU7ueoWjTUsUX+WgtI(~5& zS^UuvxVHpDk6RCRz*uWEvFPJK<~n|NzmfsP;Zdu4IihuNxXPy83lSps%s>Dfb(eQ% z9+?he$T0iJazFxE4&>}be~4zhKg3uW7n-z5m|jddgX8s}o`xpR*u|&ly0^p|I` zc=pE%u(P-xi_mQhM&kMe@}{+OrAZ56tp^KtgN3y*fXbJnQp@7&jTP@sE;-!;*1Oj+ z+4zi8Z{FNnVIr>(Xx6SGSxR{KALx=EVs^1~FuJa#qZ#1Y2vZQ-U27VEVzi7bL5-G3 z^};ATF0J(fHc|!c2gFv;A2SE)k9#NEdnw1mi*s8wD~d)ee?ksN4paLm&G_e#keKmL z;}OZb|NV?FPtJIa-;!foHUW)fbT7T;BaW`W{HMd}Y8O-;av@CVbak8j*I|^?Se2ei z_XS}4CZidOc5;3(c`E$?Nmk>Fzr;w=!gBlfEiC*RpG;a? zN?#-x(R(0JK5yrP7<~d~#%jIt;U4I@{P(kckwAw8rFm}DeLb$Fop>3vB`+Mo@VJP4 zzIjV(>BVcvn0%)yhROgIY>$hFaP3KU7Z(XW+E&NnrM|{RPB$)y!c-$-E8z)uHa8$1Pg}LWD-5y$i^q(0a;I| zubBv3pxov0gh>|w@TZMye83|}c%an5MxIAlOam4u3oLS5C*3!Wa6o}PO8d0&iA#aO zS}I>b2|N|;Cxdue)Mb|V45AE?qXTWL2OH@g7~Ji>Q(eZyhai{cSJCY+nS@wNcUybs zR&${1KnuSw0^2uq*rMjYv z)Eu5i0*(w9a7`Q+Np)7)l-(6zm=T7M1COn@rj;#mRPZF+~ty zRJaE*)`)*kUeQC~l=?-BwRfRD;HsLwhUH_+Av1{gmlO?G|6WSi85rOejY1e1omDBy zhyK}#+ba0-4BwG@1zKj&kRu3eX_hRZ6W>^wr~r2^0b&lnsSv7cmK~*Nbf@@$)5Um! zDupXat^_vd>heW3L_ngA-qpv(aa{K~k)p^WMbef(6f3eP zZkSM&c%&3LwOKpjkrc_Z^}&dgESpiJz1ul*&AZ+6e(=L_YC5zP(Mp1#FbeO5J&;UW|$OW2GP+c%Uir8&x_V;FH@AghQnL*O#9}RAIc4pq2 zdGF1eH*a?Lc3yY~0Duf;@rrNLL2Ue}Fo)&lkKxXbja`5O2}|@g7CzH}ks55r7jlbo zHl$bGe?m{mwp{%hz>?3eewQL_06G8p)XEP=^yZJL_1Ap^JCt5)K<4mE?fCBi_I*rZ z+edu-{qk_^QW6_KCR;8hY3Ijb0Cv1KvYx~yjzGk}gpw_wZRL&cg96#sp;1^83$qoc*~(`1fY|{>XpfLojVx2+{2?cl0cQ^W}G+Q#Ww&MK@W?)z^Ug{QLBR z_x#S4pDkZGaPhsSq^iOJO(lPXwTEVQmwfYYHB(+AN!Lq!0 z2o=B^KSdS~?+BFrokQ5~oErP`!~4DkK&-#veJrh~o_{ySmaz66yflV=Ct6bYE7lhS zX^IZPbif`p11c#|@NXl6O?3=9o7MDtWhKKdR%St5bdgefz~ zr+X~h@=x(e*RZ{u;am1J_pE8#$nh?d`wq?t+^diw3P0kw^M-2*vl==xW93X&*b*lS zf5h>5R^eRNM2N(@(XitRbC+r|ihoRGgf$m!u1pq-!X>$^jn7;D3?EMo6BlB^@_{L{ z=$d=J;RjxswGYCdH$3hOH*eVn)stSV@O&MgLnMHz7AuYMQO7aUiz1{v+U`W)6@+a{ z*@#@0n}HzdPfk9e8v|0gyZBs}cic0kML+NI_>@!dEyq5^GfqBl*e0KvGTiA?JdsG8 zipMKRmd6cLmM`Q4FSt%dcpmqHf^g?7&vCgwW0boH1yTpVx1$6q`!wZqRALG$gdkAn z1~!LuAn3i^vN=R#<)Jzm$My}&7A_a|oaH)pUf8~uh{umgQUL)91DV+$=bZOs_VAt_ z58UTOkLp0qkD+eVS(Tf2Oo$H{Hw-BoT!2D?+EZr1a0Pel+#)f(U@5x&8BwbT3( z0^>sV$igB7P@lU=hpX|yyNM#=W^tG7QW~y%ct`;h96i%_lZr@2N@;k;ut5Qb@@1?n z2`3-qe2Y}XxAFpAMhwmogLA@7JDwosD2%(7?L!yR!Spm~t!0CaJPe3~PH-^9OyRl; zeTL9yM6RGPBj~cXWC_|Lg@&Bf=uwy_bi*Fis)K469mq3*3$^q)D3bsc-1tb4%W+vT zY5kmG<%~3Vf*L?8ITU@y_X}QsZ|^khM37Ek==44T3VX}L1x8N~u^u-RmT$}ok3UT6 zALKvPA71R?^D_cn7^Z2Eq=i2(gw6L#j>w2k{wh*G4nb>~L99GW>;xnrvK==V`cQ^x z*T{1k`QEAcq`OF#p>7S=+j9&yTXm!AQ#ppTp^Dlmvf~)^A*?5S&w|p(VX3EyDtmm~ zmV$>yn8G(QGd$}$d1)V9Cx_0M=DxqkyP+$#^GKHosxXgOjhh>R7UAjcHb))^JEz#vrp7+Co=5u)W}3?^hom1!QpN-Gwfnr zW`CDiZQa@KnYj}gx1S9kKRkFkbtE-;didbr@lm!nk~48|aw0X%`WPuXi`q%1Z2{AR zmSP$rRU*{_g6dhPphOT*9e8?AogMPycYBDjg)p@L-Q=z%#NF z290etPM(t|4YVn2Ofl>zd=52H$a##)eK=OYfj>ef!Xi`cay1bDA+iLDI4CN8x+Xd^AoUblRJT54V(=; zNOH{al&j{<+vP-Hy8;$ic2ClTmk$3A9SH(3WC^R;h zb2779l%VkG06bLsPm5ToK&2B?CUv9~`oRT}p}vC)p_>n-8M=xrseMLB z6YTj8dfc(6*~DT#?c}VC6f&}$g47S&$de1LfhKVQ=NL{L+-%vbWM20HIF*#ZwavIz z!FSw<*T4o1v$mM@O8KdwN)k{g9;u$PY0^kmZkx2gBUBP!w1u)}nNSfa+j%FzI>O1o z$6*s#t_VHGG7e0+?80#un(Sa1gFc3%ZB~yg_;nePL#K=cwo)V-Yts2Aw_EjA=yYKq zkW-I7RD&jkf$Ebx=%RD;XwhWDa@Z(W7|tCuDNl^ZfmRs+8j5t2G*b^U1@4h5%TeaB zLl6X?!NMU;K9VQE6WSPe9pA|~Io&$0`NR2yBM5AiB14F-fn&XH_=VP_PCh(g{g|s)P_KB{UW)sWN)j z$de7Jh7HH&jS8h9&|+dCU^Q(=;CaGDk}EYD{$V;g{BLAmY=sv!Cq`QFg^o@K*(}sS z+0u$2G{osw&W5ECvIe6U%8Sn_htg$Bswdzf{}xInTyoP1@ddr zX_3-sE=C6Iha9?U5`&G+I~Xh#BlhXQ!CW8~GD6^P1?ep8rWNGT%YkjO$7Q$ctZ>GV zb6a#pb7L=J@+0?uXlra!!)=d!xUI9Xb?5E(etgDu3Qwo`=BAEqcieeT^IcoIKYI7} zmU#P)`?`K-`3s-_*zfLs_>oT?7#e-_@X05hocheE&z?SGWK5Brww{{Jxt_oH%;%nE zNzW6mH2zsET!blC`Q6GP!?n39&iXO$U}@=0+txEQ4ajA6KS#b^*J+~+BZCFHwwuv% zS{CKg)^q?163sUqtZ=BOXsuI&+#7gqFRYW1>rGpBzdBJKQfxdqIi|&gds}jU2gEY4 zSI@|jM!Z`?;jiyi@jvT0%&(32X!v6~p4ago>-c**{tq4Z^qt(@cary=?CD$B-M7H| z78q8gEOlgr9Z4Qxwqdgb>)DNUWZy}Yb(52`3-s*Tr|3DX;rwr$&}6z^M6 zXrWUpohWQ$x5ZK35Z}ULceb>)qr3@)t*nV~G^T{qCqSrxnzvHnUT4k$zp{P`|ZvMHINYqNRSF!CwmdBedhOXO6MhLT7A8+m`09qCY4fHi(U%T3?6F zDF@2ik7Eq^k5TS$d*|{dGv3}j*7{_7Gy5pACUGpF{BO(UPow;?)<{%S0pIu-7CH4Pcd*_!nCEK^3ZAiBB<;IcrzCyg6BO}?~IoRGj*t+ShXnF)jjsns7 zJsg)#udl;ymILMg7{?pP{}|BpW|3XzVuy(+xfGgC>g1bHYD19W__Jt!>}J0 z^dBOQ{1YUQ3caXdxpA_6E!OZ#Op!PuNtRXa0VuuWcIo8$`fkDlJ7Xea9+mwzLlX$w zo7k7=gQHKh(jmjEXJk~*vF;ljkmVaaWi|Y`jtBno%uP|FKBfkgV!A2PuTz-tX7G#x z4=!1P-iBidAJ3*(B8vn|xDGw!UIf;52So|Js4v zQ0f!vCkm@$cVjM!!Yi9RE1uoaL=P6 zrweCP`2`i#!q=vMA7Hp&QpRuA_{|%{9|bOv7|N+r<9BWl|4kVK$5nRu9HqUSiHi{b@n|NlYsg{$3jl|wlK=n! literal 0 HcmV?d00001 From 2ff41664b254f743984f54f78b27c76f5d18e110 Mon Sep 17 00:00:00 2001 From: "Fuhui Peng (c)" Date: Thu, 16 Nov 2017 14:55:44 +0800 Subject: [PATCH 52/83] Add setting.json about skinnable #3241 --- .../app/account/sign-in/sign-in.component.html | 2 +- .../src/app/account/sign-in/sign-in.component.ts | 10 ++++++++-- src/ui_ng/src/setting.json | 15 +++++++++++++++ 3 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 src/ui_ng/src/setting.json diff --git a/src/ui_ng/src/app/account/sign-in/sign-in.component.html b/src/ui_ng/src/app/account/sign-in/sign-in.component.html index 359a89b92..e19d06e01 100644 --- a/src/ui_ng/src/app/account/sign-in/sign-in.component.html +++ b/src/ui_ng/src/app/account/sign-in/sign-in.component.html @@ -1,6 +1,6 @@