From acdcbfd6d0a6690ccc7ff443c8b1185e0884ef13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 4 Oct 2018 21:29:11 +0200 Subject: [PATCH 1/9] Allow to override ISO_VERSION for devel builds from builder.conf For devel builds we use current date as ISO version. Allow to provide specific value, without marking the ISO as final. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1ea986b..cd8da0c 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ ifdef QUBES_RELEASE ISO_VERSION := $(QUBES_RELEASE) PUNGI_OPTS += --isfinal else - ISO_VERSION := $(shell date +%Y%m%d) + ISO_VERSION ?= $(shell date +%Y%m%d) endif PUNGI_OPTS += --ver="$(ISO_VERSION)" From 285516599a5a9da158502f2dd3ad93be47026851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 4 Oct 2018 21:30:25 +0200 Subject: [PATCH 2/9] Set SOURCE_DATE_EPOCH for the build as last commit time This isn't exactly "last modification time of source", as the source for the final ISO include also all rpm packages from other components (and from Fedora), which may be newer than installer-qubes-os itself. But in practice it shouldn't be a problem as most of them will be only included as files without relying on any specific timestamps inside. --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index cd8da0c..72b625f 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,9 @@ PUNGI_OPTS += --ver="$(ISO_VERSION)" INSTALLER_KICKSTART ?= $(PWD)/conf/qubes-kickstart.cfg LIVE_KICKSTART ?= $(PWD)/conf/liveusb.ks +SOURCE_DATE_EPOCH ?= $(shell git show -s --pretty=format:%at) +export SOURCE_DATE_EPOCH + help: @echo "make iso <== \o/";\ echo; \ From 332be8e1e3e1006013772528078914f491d14c1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 4 Oct 2018 21:46:15 +0200 Subject: [PATCH 3/9] anaconda, lorax: drop rootfs.img inside squashfs Package root filesystem directly as squashfs image. The most important gain is getting rid of greatly unreproducible ext4 image creation. But also it makes the output image slightly smaller, and the build faster. Also, dmsquash-live dracut module is not needed anymore, which reduce initramfs size. --- anaconda/dracut/anaconda-lib.sh | 25 ++++++++-- anaconda/dracut/module-setup.sh | 2 +- lorax/0005-Drop-inner-rootfs.img-layer.patch | 48 ++++++++++++++++++++ lorax/lorax.spec | 2 + 4 files changed, 72 insertions(+), 5 deletions(-) create mode 100644 lorax/0005-Drop-inner-rootfs.img-layer.patch diff --git a/anaconda/dracut/anaconda-lib.sh b/anaconda/dracut/anaconda-lib.sh index c0513e9..cd7bf50 100755 --- a/anaconda/dracut/anaconda-lib.sh +++ b/anaconda/dracut/anaconda-lib.sh @@ -101,13 +101,30 @@ anaconda_live_root_dir() { anaconda_mount_sysroot $img } +anaconda_mount_root_squashfs() { + local img="$1" + + ROOTFLAGS="$(getarg rootflags)" + + modprobe squashfs || die "squashfs not supported" + modprobe overlay || die "overlayfs not supported" + mkdir -m 0755 -p /run/overlayfs + mkdir -m 0755 -p /run/rootfsbase + mkdir -m 0755 -p /run/ovlwork + + mount -r "$img" /run/rootfsbase + + printf 'mount -t overlay LiveOS_rootfs -o%s,%s %s\n' "$ROOTFLAGS" \ + 'lowerdir=/run/rootfsbase,upperdir=/run/overlayfs,workdir=/run/ovlwork' \ + "$NEWROOT" > $hookdir/mount/01-$$-live.sh + # satisfy wait_for_dev /dev/root + ln -s /dev/null /dev/root +} + anaconda_mount_sysroot() { local img="$1" if [ -e "$img" ]; then - /sbin/dmsquash-live-root $img - # dracut & systemd only mount things with root=live: so we have to do this ourselves - # See https://bugzilla.redhat.com/show_bug.cgi?id=1232411 - printf 'mount /dev/mapper/live-rw %s\n' "$NEWROOT" > $hookdir/mount/01-$$-anaconda.sh + anaconda_mount_root_squashfs "$img" fi } diff --git a/anaconda/dracut/module-setup.sh b/anaconda/dracut/module-setup.sh index 9f4e9d4..deddd08 100755 --- a/anaconda/dracut/module-setup.sh +++ b/anaconda/dracut/module-setup.sh @@ -7,7 +7,7 @@ check() { } depends() { - echo img-lib dmsquash-live + echo img-lib case "$(uname -m)" in s390*) echo cms ;; esac diff --git a/lorax/0005-Drop-inner-rootfs.img-layer.patch b/lorax/0005-Drop-inner-rootfs.img-layer.patch new file mode 100644 index 0000000..7e7a5ab --- /dev/null +++ b/lorax/0005-Drop-inner-rootfs.img-layer.patch @@ -0,0 +1,48 @@ +From cfc809df64e2778e51d47dc8b4466cf98efe8a2b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Wed, 3 Oct 2018 20:00:19 +0200 +Subject: [PATCH] Drop inner rootfs.img layer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +Make runtime directly into squashfs image. This reduces largely +unreproducible ext4 layer, but requires dracut module modification to +properly mount the image. + +Signed-off-by: Marek Marczykowski-Górecki +--- + src/pylorax/treebuilder.py | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/src/pylorax/treebuilder.py b/src/pylorax/treebuilder.py +index 5d4f8b7..b804c2f 100644 +--- a/src/pylorax/treebuilder.py ++++ b/src/pylorax/treebuilder.py +@@ -212,17 +212,11 @@ class RuntimeBuilder(object): + generate_module_info(moddir+kver, outfile=moddir+"module-info") + + def create_runtime(self, outfile="/var/tmp/squashfs.img", compression="xz", compressargs=None, size=2): +- # make live rootfs image - must be named "LiveOS/rootfs.img" for dracut + compressargs = compressargs or [] +- workdir = joinpaths(os.path.dirname(outfile), "runtime-workdir") +- os.makedirs(joinpaths(workdir, "LiveOS")) ++ os.makedirs(os.path.dirname(outfile)) + +- imgutils.mkrootfsimg(self.vars.root, joinpaths(workdir, "LiveOS/rootfs.img"), +- "Anaconda", size=size) +- +- # squash the live rootfs and clean up workdir +- imgutils.mksquashfs(workdir, outfile, compression, compressargs) +- remove(workdir) ++ # squash the rootfs ++ imgutils.mksquashfs(self.vars.root, outfile, compression, compressargs) + + def finished(self): + """ Done using RuntimeBuilder +-- +2.17.1 + diff --git a/lorax/lorax.spec b/lorax/lorax.spec index 6b9684f..df978ee 100644 --- a/lorax/lorax.spec +++ b/lorax/lorax.spec @@ -20,6 +20,7 @@ Patch1: 0001-Allow-specify-gpg-key-for-a-repository.patch Patch2: 0002-verify-packages-signature.patch Patch3: 0003-Update-package-verification-for-dnf-API.patch Patch4: 0004-Remove-branding-code.patch +Patch5: 0005-Drop-inner-rootfs.img-layer.patch BuildRequires: python3-devel @@ -126,6 +127,7 @@ Lorax templates for creating the boot.iso and live isos are placed in %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build From c74ac9b3031f29a8b13dbeabe367748715bd9b3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 4 Oct 2018 21:50:53 +0200 Subject: [PATCH 4/9] lorax-templates-qubes: drop dmsquash-live module in efi initrd image Since moving to squashfs + overlay fs, it isn't needed anymore. And size of initrd for efi is critical. --- lorax-templates-qubes/templates/efi.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lorax-templates-qubes/templates/efi.tmpl b/lorax-templates-qubes/templates/efi.tmpl index 02f9aa4..f384e04 100644 --- a/lorax-templates-qubes/templates/efi.tmpl +++ b/lorax-templates-qubes/templates/efi.tmpl @@ -43,7 +43,7 @@ install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/ runcmd chroot ${inroot} dracut --conf /dev/null --confdir /var/empty \ --nomdadmconf --nolvmconf --nofscks --no-early-microcode \ --no-hostonly --xz --install '/.buildstamp' \ - --add 'anaconda pollcdrom dmsquash-live' \ + --add 'anaconda pollcdrom' \ --omit="${extra_dracut_modules}" --omit-drivers="${scsi_modules}" --omit-drivers="${extra_modules}" \ /boot/efi/EFI/qubes/initrd-small.img ${kver} runcmd chroot ${inroot} rm -f /proc/modules From 45c201932bef3fd6b103791ebb243dffc52e90fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 4 Oct 2018 21:53:57 +0200 Subject: [PATCH 5/9] lorax: use $SOURCE_DATE_EPOCH for timestamps --- ...E_DATE_EPOCH-for-metadata-timestamps.patch | 102 ++++++++++++++++++ ...ve-timestamps-when-building-fs-image.patch | 34 ++++++ ...EPOCH-for-volumeid-of-efi-boot-image.patch | 40 +++++++ lorax/lorax.spec | 6 ++ 4 files changed, 182 insertions(+) create mode 100644 lorax/0006-Use-SOURCE_DATE_EPOCH-for-metadata-timestamps.patch create mode 100644 lorax/0007-Preserve-timestamps-when-building-fs-image.patch create mode 100644 lorax/0008-Use-SOURCE_DATE_EPOCH-for-volumeid-of-efi-boot-image.patch diff --git a/lorax/0006-Use-SOURCE_DATE_EPOCH-for-metadata-timestamps.patch b/lorax/0006-Use-SOURCE_DATE_EPOCH-for-metadata-timestamps.patch new file mode 100644 index 0000000..07c48b9 --- /dev/null +++ b/lorax/0006-Use-SOURCE_DATE_EPOCH-for-metadata-timestamps.patch @@ -0,0 +1,102 @@ +From c90eb097d7006378155e06a3d1e8148d61da90c5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Thu, 4 Oct 2018 18:16:34 +0200 +Subject: [PATCH 2/4] Use SOURCE_DATE_EPOCH for metadata timestamps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +This include .buildinfo, .treeinfo and .discinfo. + +Signed-off-by: Marek Marczykowski-Górecki +--- + src/pylorax/buildstamp.py | 7 ++++++- + src/pylorax/discinfo.py | 8 +++++++- + src/pylorax/treeinfo.py | 8 +++++++- + 3 files changed, 20 insertions(+), 3 deletions(-) + +diff --git a/src/pylorax/buildstamp.py b/src/pylorax/buildstamp.py +index 4219944..4376784 100644 +--- a/src/pylorax/buildstamp.py ++++ b/src/pylorax/buildstamp.py +@@ -23,6 +23,7 @@ import logging + logger = logging.getLogger("pylorax.buildstamp") + + import datetime ++import os + + + class BuildStamp(object): +@@ -33,7 +34,11 @@ class BuildStamp(object): + self.bugurl = bugurl + self.isfinal = isfinal + +- now = datetime.datetime.now() ++ if 'SOURCE_DATE_EPOCH' in os.environ: ++ now = datetime.datetime.utcfromtimestamp( ++ int(os.environ['SOURCE_DATE_EPOCH'])) ++ else: ++ now = datetime.datetime.now() + now = now.strftime("%Y%m%d%H%M") + self.uuid = "{0}.{1}".format(now, buildarch) + +diff --git a/src/pylorax/discinfo.py b/src/pylorax/discinfo.py +index 9dad83b..311bae3 100644 +--- a/src/pylorax/discinfo.py ++++ b/src/pylorax/discinfo.py +@@ -22,6 +22,7 @@ + import logging + logger = logging.getLogger("pylorax.discinfo") + ++import os + import time + + +@@ -32,8 +33,13 @@ class DiscInfo(object): + self.basearch = basearch + + def write(self, outfile): ++ if 'SOURCE_DATE_EPOCH' in os.environ: ++ timestamp = int(os.environ['SOURCE_DATE_EPOCH']) ++ else: ++ timestamp = time.time() ++ + logger.info("writing .discinfo file") + with open(outfile, "w") as fobj: +- fobj.write("{0:f}\n".format(time.time())) ++ fobj.write("{0:f}\n".format(timestamp)) + fobj.write("{0.release}\n".format(self)) + fobj.write("{0.basearch}\n".format(self)) +diff --git a/src/pylorax/treeinfo.py b/src/pylorax/treeinfo.py +index 4c84006..cc1ad3f 100644 +--- a/src/pylorax/treeinfo.py ++++ b/src/pylorax/treeinfo.py +@@ -23,6 +23,7 @@ import logging + logger = logging.getLogger("pylorax.treeinfo") + + import configparser ++import os + import time + + +@@ -33,8 +34,13 @@ class TreeInfo(object): + + self.c = configparser.ConfigParser() + ++ if 'SOURCE_DATE_EPOCH' in os.environ: ++ timestamp = os.environ['SOURCE_DATE_EPOCH'] ++ else: ++ timestamp = str(time.time()) ++ + section = "general" +- data = {"timestamp": str(time.time()), ++ data = {"timestamp": timestamp, + "family": product, + "version": version, + "name": "%s-%s" % (product, version), +-- +2.17.1 + diff --git a/lorax/0007-Preserve-timestamps-when-building-fs-image.patch b/lorax/0007-Preserve-timestamps-when-building-fs-image.patch new file mode 100644 index 0000000..e7d8318 --- /dev/null +++ b/lorax/0007-Preserve-timestamps-when-building-fs-image.patch @@ -0,0 +1,34 @@ +From 3457b203feac0af5ee5c388a6c0351978dadcc1a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Fri, 5 Oct 2018 04:48:09 +0200 +Subject: [PATCH 3/4] Preserve timestamps when building fs image +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +Even when FS do not support owner/modes, preserve timestamps. + +Signed-off-by: Marek Marczykowski-Górecki +--- + src/pylorax/imgutils.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pylorax/imgutils.py b/src/pylorax/imgutils.py +index 25c300d..942695f 100644 +--- a/src/pylorax/imgutils.py ++++ b/src/pylorax/imgutils.py +@@ -219,7 +219,7 @@ def copytree(src, dest, preserve=True): + If preserve is False, uses cp -R (useful for modeless filesystems) + raises CalledProcessError if copy fails.''' + logger.debug("copytree %s %s", src, dest) +- cp = ["cp", "-a"] if preserve else ["cp", "-R", "-L"] ++ cp = ["cp", "-a"] if preserve else ["cp", "-R", "-L", "--preserve=timestamps"] + cp += [join(src, "."), os.path.abspath(dest)] + runcmd(cp) + +-- +2.17.1 + diff --git a/lorax/0008-Use-SOURCE_DATE_EPOCH-for-volumeid-of-efi-boot-image.patch b/lorax/0008-Use-SOURCE_DATE_EPOCH-for-volumeid-of-efi-boot-image.patch new file mode 100644 index 0000000..02c0cc2 --- /dev/null +++ b/lorax/0008-Use-SOURCE_DATE_EPOCH-for-volumeid-of-efi-boot-image.patch @@ -0,0 +1,40 @@ +From 7e29418e9a5692c1f5ff7327929cd48f543d3d80 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Fri, 5 Oct 2018 04:48:57 +0200 +Subject: [PATCH 4/4] Use SOURCE_DATE_EPOCH for volumeid of efi boot image +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +By default mkfs.mksdos choose volume id based on current time. If +SOURCE_DATE_EPOCH is set, use that instead. + +Signed-off-by: Marek Marczykowski-Górecki +--- + src/pylorax/imgutils.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/pylorax/imgutils.py b/src/pylorax/imgutils.py +index 6cd67e0..92de296 100644 +--- a/src/pylorax/imgutils.py ++++ b/src/pylorax/imgutils.py +@@ -398,8 +398,12 @@ def mkfsimage(fstype, rootdir, outfile, size=None, mkfsargs=None, mountargs="", + # convenience functions with useful defaults + def mkdosimg(rootdir, outfile, size=None, label="", mountargs="shortname=winnt,umask=0077", graft=None): + graft = graft or {} ++ mkfsargs = ["-n", label] ++ if 'SOURCE_DATE_EPOCH' in os.environ: ++ mkfsargs.extend(["-i", ++ "{:x}".format(int(os.environ['SOURCE_DATE_EPOCH']))]) + mkfsimage("msdos", rootdir, outfile, size, mountargs=mountargs, +- mkfsargs=["-n", label], graft=graft) ++ mkfsargs=mkfsargs, graft=graft) + + def mkext4img(rootdir, outfile, size=None, label="", mountargs="", graft=None): + graft = graft or {} +-- +2.17.1 + diff --git a/lorax/lorax.spec b/lorax/lorax.spec index df978ee..cb247d7 100644 --- a/lorax/lorax.spec +++ b/lorax/lorax.spec @@ -21,6 +21,9 @@ Patch2: 0002-verify-packages-signature.patch Patch3: 0003-Update-package-verification-for-dnf-API.patch Patch4: 0004-Remove-branding-code.patch Patch5: 0005-Drop-inner-rootfs.img-layer.patch +Patch6: 0006-Use-SOURCE_DATE_EPOCH-for-metadata-timestamps.patch +Patch7: 0007-Preserve-timestamps-when-building-fs-image.patch +Patch8: 0008-Use-SOURCE_DATE_EPOCH-for-volumeid-of-efi-boot-image.patch BuildRequires: python3-devel @@ -128,6 +131,9 @@ Lorax templates for creating the boot.iso and live isos are placed in %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build From 94ccc1a19a1c19a2a59feffa39e77f4711fc699e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 4 Oct 2018 23:51:29 +0200 Subject: [PATCH 6/9] pungi: add patches for making the output reproducible --- ...E_DATE_EPOCH-if-set-in-discinfo-file.patch | 45 +++++++++++++ ...2-Use-xorriso-instead-of-genisoimage.patch | 49 ++++++++++++++ ...03-Use-constant-MBR-ID-for-isohybrid.patch | 34 ++++++++++ ...4-Make-sure-.treeinfo-file-is-sorted.patch | 67 +++++++++++++++++++ ...-repodata-mtime-to-SOURCE_DATE_EPOCH.patch | 60 +++++++++++++++++ ...h-createrepo-to-clamp-repodata-mtime.patch | 53 +++++++++++++++ pungi/pungi.spec | 17 ++++- 7 files changed, 324 insertions(+), 1 deletion(-) create mode 100644 pungi/0001-Use-SOURCE_DATE_EPOCH-if-set-in-discinfo-file.patch create mode 100644 pungi/0002-Use-xorriso-instead-of-genisoimage.patch create mode 100644 pungi/0003-Use-constant-MBR-ID-for-isohybrid.patch create mode 100644 pungi/0004-Make-sure-.treeinfo-file-is-sorted.patch create mode 100644 pungi/0005-Set-repodata-mtime-to-SOURCE_DATE_EPOCH.patch create mode 100644 pungi/0006-Monkey-patch-createrepo-to-clamp-repodata-mtime.patch diff --git a/pungi/0001-Use-SOURCE_DATE_EPOCH-if-set-in-discinfo-file.patch b/pungi/0001-Use-SOURCE_DATE_EPOCH-if-set-in-discinfo-file.patch new file mode 100644 index 0000000..a1198f5 --- /dev/null +++ b/pungi/0001-Use-SOURCE_DATE_EPOCH-if-set-in-discinfo-file.patch @@ -0,0 +1,45 @@ +From 1b0ff7f98bdce87deb7bc61d6c227be21fa43a94 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Thu, 4 Oct 2018 23:36:15 +0200 +Subject: [PATCH 1/6] Use $SOURCE_DATE_EPOCH (if set) in discinfo file +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +This helps the output image to be reproducible. + +Signed-off-by: Marek Marczykowski-Górecki +--- + pungi/compose_metadata/discinfo.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/pungi/compose_metadata/discinfo.py b/pungi/compose_metadata/discinfo.py +index df61ca0..758feef 100644 +--- a/pungi/compose_metadata/discinfo.py ++++ b/pungi/compose_metadata/discinfo.py +@@ -32,6 +32,7 @@ __all__ = ( + ) + + ++import os + import time + + +@@ -43,7 +44,10 @@ def write_discinfo(file_path, description, arch, disc_numbers=None, timestamp=No + if not isinstance(disc_numbers, list): + raise TypeError("Invalid type: disc_numbers type is %s; expected: " % type(disc_numbers)) + if not timestamp: +- timestamp = "%f" % time.time() ++ if 'SOURCE_DATE_EPOCH' in os.environ: ++ timestamp = os.environ['SOURCE_DATE_EPOCH'] ++ else: ++ timestamp = "%f" % time.time() + with open(file_path, "w") as f: + f.write("%s\n" % timestamp) + f.write("%s\n" % description) +-- +2.17.1 + diff --git a/pungi/0002-Use-xorriso-instead-of-genisoimage.patch b/pungi/0002-Use-xorriso-instead-of-genisoimage.patch new file mode 100644 index 0000000..bf553aa --- /dev/null +++ b/pungi/0002-Use-xorriso-instead-of-genisoimage.patch @@ -0,0 +1,49 @@ +From d33b8f9995070d68472c25779dfa543d6d7535db Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Thu, 4 Oct 2018 23:37:35 +0200 +Subject: [PATCH 2/6] Use xorriso instead of genisoimage +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +xorriso make the image reproducible (given the same input files), +including support for SOURCE_DATE_EPOCH in various metadata. + +Signed-off-by: Marek Marczykowski-Górecki +--- + pungi.spec | 2 +- + pungi/gather.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pungi.spec b/pungi.spec +index 6a23a63..d7bdc66 100644 +--- a/pungi.spec ++++ b/pungi.spec +@@ -35,7 +35,7 @@ Requires: jigdo + Requires: cvs + Requires: yum-utils + Requires: isomd5sum +-Requires: genisoimage ++Requires: xorriso + Requires: gettext + Requires: syslinux + Requires: git +diff --git a/pungi/gather.py b/pungi/gather.py +index 20cc33d..15dfcee 100644 +--- a/pungi/gather.py ++++ b/pungi/gather.py +@@ -1709,7 +1709,7 @@ class Pungi(PungiBase): + clean=True) # This is risky... + + # setup the base command +- mkisofs = ['/usr/bin/mkisofs'] ++ mkisofs = ['/usr/bin/xorriso', '-as', 'mkisofs'] + mkisofs.extend(['-v', '-U', '-J', '-R', '-T', '-m', 'repoview', '-m', 'boot.iso']) # common mkisofs flags + + x86bootargs = ['-b', 'isolinux/isolinux.bin', '-c', 'isolinux/boot.cat', +-- +2.17.1 + diff --git a/pungi/0003-Use-constant-MBR-ID-for-isohybrid.patch b/pungi/0003-Use-constant-MBR-ID-for-isohybrid.patch new file mode 100644 index 0000000..2f5910a --- /dev/null +++ b/pungi/0003-Use-constant-MBR-ID-for-isohybrid.patch @@ -0,0 +1,34 @@ +From 61ed5d6ea5b1beedb59b3962d0df99f0b3c69402 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Thu, 4 Oct 2018 23:38:57 +0200 +Subject: [PATCH 3/6] Use constant MBR ID for isohybrid +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +If not set explicitly, isohybrid choose it randomly, which harm +reproducibility. + +Signed-off-by: Marek Marczykowski-Górecki +--- + pungi/gather.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pungi/gather.py b/pungi/gather.py +index 15dfcee..6f52bc6 100644 +--- a/pungi/gather.py ++++ b/pungi/gather.py +@@ -1731,6 +1731,7 @@ class Pungi(PungiBase): + ppcbootargs.append('-hfs-bless') # must be last + + isohybrid = ['/usr/bin/isohybrid'] ++ isohybrid.extend(['--id', '42']) + + # Check the size of the tree + # This size checking method may be bunk, accepting patches... +-- +2.17.1 + diff --git a/pungi/0004-Make-sure-.treeinfo-file-is-sorted.patch b/pungi/0004-Make-sure-.treeinfo-file-is-sorted.patch new file mode 100644 index 0000000..dbd62c3 --- /dev/null +++ b/pungi/0004-Make-sure-.treeinfo-file-is-sorted.patch @@ -0,0 +1,67 @@ +From 57e49f366a34e3d8fdb020d7f19bc2fec8547ec9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Thu, 4 Oct 2018 23:42:19 +0200 +Subject: [PATCH 4/6] Make sure .treeinfo file is sorted +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +OrderedDict used by default by ConfigParser isn't enough because order +of entries being added may not be deterministic (depends on directory +list order). To solve this problem, use SortedDict as a base. + +Signed-off-by: Marek Marczykowski-Górecki +--- + pungi.spec | 2 ++ + pungi/gather.py | 5 +++++ + 2 files changed, 7 insertions(+) + +diff --git a/pungi.spec b/pungi.spec +index d7bdc66..dcb1986 100644 +--- a/pungi.spec ++++ b/pungi.spec +@@ -17,6 +17,7 @@ BuildRequires: python-jsonschema + BuildRequires: python-enum34 + BuildRequires: python2-dnf + BuildRequires: python2-multilib ++BuildRequires: python2-dict-sorted + + Requires: createrepo >= 0.4.11 + Requires: yum => 3.4.3-28 +@@ -44,6 +45,7 @@ Requires: libguestfs-tools-c + Requires: python-enum34 + Requires: python2-dnf + Requires: python2-multilib ++Requires: python2-dict-sorted + + BuildArch: noarch + +diff --git a/pungi/gather.py b/pungi/gather.py +index 6f52bc6..1035036 100644 +--- a/pungi/gather.py ++++ b/pungi/gather.py +@@ -26,6 +26,7 @@ import urlgrabber.progress + import subprocess + import createrepo + import ConfigParser ++from sdict import AlphaSortedDict + from fnmatch import fnmatch + + import arch as arch_module +@@ -95,6 +96,10 @@ def is_package(po): + class MyConfigParser(ConfigParser.ConfigParser): + """A subclass of ConfigParser which does not lowercase options""" + ++ def __init__(self, *args, **kwargs): ++ kwargs['dict_type'] = AlphaSortedDict ++ ConfigParser.ConfigParser.__init__(self, *args, **kwargs) ++ + def optionxform(self, optionstr): + return optionstr + +-- +2.17.1 + diff --git a/pungi/0005-Set-repodata-mtime-to-SOURCE_DATE_EPOCH.patch b/pungi/0005-Set-repodata-mtime-to-SOURCE_DATE_EPOCH.patch new file mode 100644 index 0000000..b1eb1e9 --- /dev/null +++ b/pungi/0005-Set-repodata-mtime-to-SOURCE_DATE_EPOCH.patch @@ -0,0 +1,60 @@ +From 8eaee0ada8caa8b509b96867b06b876ef606d64f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Thu, 4 Oct 2018 23:44:06 +0200 +Subject: [PATCH 5/6] Set repodata mtime to SOURCE_DATE_EPOCH +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +repodata/repomd.xml include timestamps of all the other repodata files. +Even when those files are created reproducibly, they have current +modification time. In general case this is a good thing (ease checking +if repodata cache is up to date). But in case of composing installation +image, it breaks reproducibility. +Avoid this by reseting mtime of repodata/* to $SOURCE_DATE_EPOCH, just +before creating repomd.xml. + +Signed-off-by: Marek Marczykowski-Górecki +--- + pungi/gather.py | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/pungi/gather.py b/pungi/gather.py +index 1035036..dbe38f7 100644 +--- a/pungi/gather.py ++++ b/pungi/gather.py +@@ -25,6 +25,7 @@ import logging + import urlgrabber.progress + import subprocess + import createrepo ++import glob + import ConfigParser + from sdict import AlphaSortedDict + from fnmatch import fnmatch +@@ -1409,9 +1410,20 @@ class Pungi(PungiBase): + conf.baseurl = baseurl + if compress_type: + conf.compress_type = compress_type ++ if 'SOURCE_DATE_EPOCH' in os.environ: ++ conf.revision = os.environ['SOURCE_DATE_EPOCH'] + repomatic = createrepo.MetaDataGenerator(conf) + self.logger.info('Making repodata') + repomatic.doPkgMetadata() ++ ++ # set mtime to $SOURCE_DATE_EPOCH, do that just before creating ++ # repomd.xml, because it includes timestamps of referenced files ++ if 'SOURCE_DATE_EPOCH' in os.environ: ++ s_d_e = int(os.environ['SOURCE_DATE_EPOCH']) ++ for repo_file in glob.glob( ++ os.path.join(conf.outputdir, conf.tempdir, "*")): ++ os.utime(repo_file, (s_d_e, s_d_e)) ++ + repomatic.doRepoMetadata() + repomatic.doFinalMove() + +-- +2.17.1 + diff --git a/pungi/0006-Monkey-patch-createrepo-to-clamp-repodata-mtime.patch b/pungi/0006-Monkey-patch-createrepo-to-clamp-repodata-mtime.patch new file mode 100644 index 0000000..ae3bce7 --- /dev/null +++ b/pungi/0006-Monkey-patch-createrepo-to-clamp-repodata-mtime.patch @@ -0,0 +1,53 @@ +From aaae0547c9bfefac7aa0d431cc4065eb369a7605 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Fri, 5 Oct 2018 15:26:36 +0200 +Subject: [PATCH 6/6] Monkey patch createrepo to clamp repodata mtime +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +Unfortunately some files are created during repomatic.doRepoMetadata(), +so clamping mtime before the call isn't enough. To limit changes to just +one component, monkey patch createrepo function. + +Signed-off-by: Marek Marczykowski-Górecki +--- + pungi/gather.py | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/pungi/gather.py b/pungi/gather.py +index dbe38f7..9963dc6 100644 +--- a/pungi/gather.py ++++ b/pungi/gather.py +@@ -1424,6 +1424,25 @@ class Pungi(PungiBase): + os.path.join(conf.outputdir, conf.tempdir, "*")): + os.utime(repo_file, (s_d_e, s_d_e)) + ++ # unfortunately the above is not enough, because some files are created ++ # during doRepoMetadata(). This include: ++ # - compressed sqlite versions of the metadata - needed by repoview ++ # - group file (compressed and not) - this is needed, so the timestamp ++ # problem needs to be solved anyway ++ orig_createRepoDataObject = repomatic._createRepoDataObject ++ def wrapped_createRepoDataObject(*args, **kwargs): ++ repodata = orig_createRepoDataObject(*args, **kwargs) ++ if int(repodata.timestamp) > s_d_e: ++ repodata.timestamp = str(s_d_e) ++ return repodata ++ repomatic._createRepoDataObject = wrapped_createRepoDataObject ++ ++ orig_compressFile = createrepo.utils.compressFile ++ def wrapped_compressFile(source, dest, compress_type): ++ orig_compressFile(source, dest, compress_type) ++ os.utime(dest, (s_d_e, s_d_e)) ++ createrepo.utils.compressFile = wrapped_compressFile ++ + repomatic.doRepoMetadata() + repomatic.doFinalMove() + +-- +2.17.1 + diff --git a/pungi/pungi.spec b/pungi/pungi.spec index 373e79a..31d3d6c 100644 --- a/pungi/pungi.spec +++ b/pungi/pungi.spec @@ -14,6 +14,13 @@ Patch3: disable-efi.patch Patch4: Hacky-way-to-pass-gpgkey-to-lorax.patch #Patch5: fix-recursive-partition-table-on-iso-image.patch #Patch6: disable-upgrade.patch +Patch7: 0001-Use-SOURCE_DATE_EPOCH-if-set-in-discinfo-file.patch +Patch8: 0002-Use-xorriso-instead-of-genisoimage.patch +Patch9: 0003-Use-constant-MBR-ID-for-isohybrid.patch +Patch10: 0004-Make-sure-.treeinfo-file-is-sorted.patch +Patch11: 0005-Set-repodata-mtime-to-SOURCE_DATE_EPOCH.patch +Patch12: 0006-Monkey-patch-createrepo-to-clamp-repodata-mtime.patch + BuildRequires: python-nose, python-mock BuildRequires: python-devel, python-setuptools, python2-productmd >= 1.3 BuildRequires: python-lockfile, kobo, kobo-rpmlib, python-kickstart, createrepo_c @@ -24,6 +31,7 @@ BuildRequires: python-jsonschema BuildRequires: python-enum34 BuildRequires: python2-dnf BuildRequires: python2-multilib +BuildRequires: python2-dict-sorted #deps for doc building BuildRequires: python-sphinx, texlive-latex-bin-bin, texlive-collection-fontsrecommended @@ -52,7 +60,7 @@ Requires: koji >= 1.10.1-13 Requires: cvs Requires: yum-utils Requires: isomd5sum -Requires: genisoimage +Requires: xorriso Requires: gettext # this is x86 only #Requires: syslinux @@ -61,6 +69,7 @@ Requires: python-jsonschema Requires: python-enum34 Requires: python2-dnf Requires: python2-multilib +Requires: python2-dict-sorted BuildArch: noarch @@ -86,6 +95,12 @@ notification to Fedora Message Bus. %patch4 -p1 #%%patch5 -p1 #%%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 %build %{__python} setup.py build From 54352136b837c2e06e221840d7ae65b531ed4896 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 5 Oct 2018 01:02:49 +0200 Subject: [PATCH 7/9] lorax-templates-qubes: strip various non-determinisms from installer image Remove various caches not really needed. Sort group files and packages list. Strip timestamps from gconf file. Clamp mtime in fontconfig cache to SOURCE_DATE_EPOCH. --- lorax-templates-qubes/templates/efi.tmpl | 4 ++++ .../templates/runtime-cleanup.tmpl | 13 +++++++++++++ .../templates/runtime-postinstall.tmpl | 18 +++++++++++++++++- 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/lorax-templates-qubes/templates/efi.tmpl b/lorax-templates-qubes/templates/efi.tmpl index f384e04..4c436c8 100644 --- a/lorax-templates-qubes/templates/efi.tmpl +++ b/lorax-templates-qubes/templates/efi.tmpl @@ -4,6 +4,8 @@ EFIARCH_LOWER=efiarch.lower() EFIBOOTDIR="EFI/BOOT" APPLE_EFI_ICON=inroot+"/usr/share/pixmaps/bootloader/fedora.icns" APPLE_EFI_DISKNAME=inroot+"/usr/share/pixmaps/bootloader/fedora-media.vol" +import os, time +SOURCE_DATE_EPOCH = os.environ.get('SOURCE_DATE_EPOCH', str(int(time.time()))) %> mkdir ${EFIBOOTDIR} @@ -62,6 +64,8 @@ install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/ runcmd mount ${outroot}/${img} ${outroot}/${EFIBOOTDIR} -o loop mkdir "${EFIBOOTDIR}/System Volume Information" install "${configdir}/System Volume Information/*" "${EFIBOOTDIR}/System Volume Information/" + runcmd find ${outroot}/${EFIBOOTDIR} -newermt "@${SOURCE_DATE_EPOCH}" -exec \ + touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} + runcmd umount ${outroot}/${img} # verify if the image is under 32MB (max size of boot image on iso9660) runcmd sh -x -c '[ $(stat -c %s ${outroot}/${img}) -le 33554432 ]' diff --git a/lorax-templates-qubes/templates/runtime-cleanup.tmpl b/lorax-templates-qubes/templates/runtime-cleanup.tmpl index 6f89765..cfdb60e 100644 --- a/lorax-templates-qubes/templates/runtime-cleanup.tmpl +++ b/lorax-templates-qubes/templates/runtime-cleanup.tmpl @@ -357,3 +357,16 @@ removepkg cdparanoia-libs opus libtheora libvisual flac-libs gsm avahi-glib avah ## metacity requires libvorbis and libvorbisfile, but enc/dec are no longer needed removefrom libvorbis --allbut /usr/${libdir}/libvorbisfile.* /usr/${libdir}/libvorbis.* + +## make the image more reproducible + +## make machine-id empty but present to avoid systemd populating /etc with +## preset settings +runcmd truncate -s 0 ${root}/etc/machine-id +## journalctl message catalog, non-deterministic +remove /var/lib/systemd/catalog/database +## non-reproducible ldconfig cache +remove /var/cache/ldconfig/aux-cache +remove /etc/pki/ca-trust/extracted/java/cacerts +remove /etc/group- +remove /etc/gshadow- diff --git a/lorax-templates-qubes/templates/runtime-postinstall.tmpl b/lorax-templates-qubes/templates/runtime-postinstall.tmpl index c2e277f..6dae1cc 100644 --- a/lorax-templates-qubes/templates/runtime-postinstall.tmpl +++ b/lorax-templates-qubes/templates/runtime-postinstall.tmpl @@ -6,6 +6,8 @@ PYTHONDIR = sorted(glob("usr/"+libdir+"/python?.?"))[0] stubs = ("list-harddrives", "raidstart", "raidstop") configdir = configdir + "/common" +import os, time +SOURCE_DATE_EPOCH = os.environ.get('SOURCE_DATE_EPOCH', str(int(time.time()))) %> ## move_stubs() @@ -134,6 +136,20 @@ runcmd mknod ${root}/dev/null c 1 3 runcmd mknod ${root}/dev/urandom c 1 9 ## Record the package versions used to create the image -runcmd chroot ${root} /bin/rpm -qa --pipe "tee /root/lorax-packages.log" +runcmd chroot ${root} /bin/rpm -qa --pipe "sort | tee /root/lorax-packages.log" + +## fix fonconfig cache containing timestamps +runcmd chroot ${root} /usr/bin/find /usr/share/fonts /usr/share/X11/fonts -newermt "@${SOURCE_DATE_EPOCH}" -exec \ + touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} + +runcmd chroot ${root} /usr/bin/fc-cache -f + +## drop timestamp from gconf.xml +runcmd sed -i -e 's/mtime="[0-9]*" //' ${root}/etc/gconf/gconf.xml.defaults/desktop/gnome/interface/%gconf.xml + +## sort groups +runcmd chroot ${root} /bin/sh -c "LC_ALL=C sort /etc/group > /etc/group.new && mv /etc/group.new /etc/group" +runcmd chroot ${root} /bin/sh -c "LC_ALL=C sort /etc/gshadow > /etc/gshadow.new && mv /etc/gshadow.new /etc/gschadow" +chmod /etc/gshadow 0700 + ## TODO: we could run prelink here if we wanted? From 42fa533e79ecd49b8fc15460f0cebb7c80da89e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 5 Oct 2018 01:06:55 +0200 Subject: [PATCH 8/9] Import unmodified squashfs-tools package --- Makefile.builder | 1 + squashfs-tools/2gb.patch | 11 + squashfs-tools/PAE.patch | 159 +++++++++++++ squashfs-tools/cve-2015-4645.patch | 29 +++ squashfs-tools/local-cve-fix.patch | 11 + squashfs-tools/mem-overflow.patch | 33 +++ squashfs-tools/mksquashfs.1 | 146 ++++++++++++ squashfs-tools/squashfs-tools.spec | 345 +++++++++++++++++++++++++++++ squashfs-tools/squashfs4.3.tar.gz | Bin 0 -> 182550 bytes squashfs-tools/unsquashfs.1 | 66 ++++++ 10 files changed, 801 insertions(+) create mode 100644 squashfs-tools/2gb.patch create mode 100644 squashfs-tools/PAE.patch create mode 100644 squashfs-tools/cve-2015-4645.patch create mode 100644 squashfs-tools/local-cve-fix.patch create mode 100644 squashfs-tools/mem-overflow.patch create mode 100644 squashfs-tools/mksquashfs.1 create mode 100644 squashfs-tools/squashfs-tools.spec create mode 100644 squashfs-tools/squashfs4.3.tar.gz create mode 100644 squashfs-tools/unsquashfs.1 diff --git a/Makefile.builder b/Makefile.builder index e897b55..bdfee69 100644 --- a/Makefile.builder +++ b/Makefile.builder @@ -1,4 +1,5 @@ RPM_SPEC_FILES.dom0 := \ + squashfs-tools/squashfs-tools.spec \ pykickstart/pykickstart.spec \ blivet/python-blivet.spec \ lorax/lorax.spec \ diff --git a/squashfs-tools/2gb.patch b/squashfs-tools/2gb.patch new file mode 100644 index 0000000..33e9108 --- /dev/null +++ b/squashfs-tools/2gb.patch @@ -0,0 +1,11 @@ +--- squashfs-tools/mksquashfs.c.orig 2014-09-13 11:08:27.352318167 -0500 ++++ squashfs-tools/mksquashfs.c 2014-09-13 11:09:36.701132044 -0500 +@@ -2055,7 +2055,7 @@ + + inline int is_fragment(struct inode_info *inode) + { +- int file_size = inode->buf.st_size; ++ off_t file_size = inode->buf.st_size; + + /* + * If this block is to be compressed differently to the diff --git a/squashfs-tools/PAE.patch b/squashfs-tools/PAE.patch new file mode 100644 index 0000000..d2f29fb --- /dev/null +++ b/squashfs-tools/PAE.patch @@ -0,0 +1,159 @@ +From 55f7ba830d40d438f0b0663a505e0c227fc68b6b Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Tue, 10 Jun 2014 21:51:52 +0100 +Subject: mksquashfs: fix phys mem calculation for 32-bit processes on + PAE/64-bit kernels + +When adding the code to base default memory usage on physical memory +(by default use 25% of physical memory), I made an oversight. I assumed +the process would be able to address 25% of physical memory. + +However, for 32-bit processes running on a PAE kernel or 64-bit kernel, +25% of physical memory can easily exceed the addressible memory for a +32-bit process, e.g. if a machine has 24 GB of physical memory, the +code would asume the process could easily use 6 GB. + +A 32-bit process by definition can only address 4 GB (32-bit pointers). +But, due to the typical kernel/user-space split (1GB/3GB, or 2GB/2GB) +on PAE kernels, a 32-bit process may only be able to address 2 GB. + +So, if Mksquashfs is a 32-bit application running on a PAE/64-bit kernel, +the code assumes it can address much more memory than it really can, which +means it runs out of memory. + +The fix is to impose a maximum default limit on 32-bit kernels, or +otherwise to never use a value more than 25% of the address space. If +we assume the maximum address space is 2 GB, then the maximum becomes +512 MB. But, given most kernels used the 1GB/3GB split, that may be +unduely conservative, and 25% of 3 GB (756 MB) may be better. This +patch compromises on 640 MB, which is mid-way between the 512 MB and 756 MB +values. It is also the fixed default value previously used by Mksquashfs. + +This patch also alters the code which imposes a maximum size. Previously +it was believed limiting to the physical memory size was adequate. But +obviously this needs to be updated to take into account a 32-bit process +may only be able to address 2 GB. In the process I've also taken the +opportunity to limit all requests to no more than 75% of physical memory. + +Signed-off-by: Phillip Lougher + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index 86f82bb..5370ecf 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -304,7 +304,7 @@ void restorefs(); + struct dir_info *scan1_opendir(char *pathname, char *subpath, int depth); + void write_filesystem_tables(struct squashfs_super_block *sBlk, int nopad); + unsigned short get_checksum_mem(char *buff, int bytes); +-int get_physical_memory(); ++void check_usable_phys_mem(int total_mem); + + + void prep_exit() +@@ -4053,11 +4053,7 @@ void initialise_threads(int readq, int fragq, int bwriteq, int fwriteq, + BAD_ERROR("Queue sizes rediculously too large\n"); + total_mem += fwriteq; + +- if(total_mem > get_physical_memory()) { +- ERROR("Total queue sizes larger than physical memory.\n"); +- ERROR("Mksquashfs will exhaust physical memory and thrash.\n"); +- BAD_ERROR("Queues too large\n"); +- } ++ check_usable_phys_mem(total_mem); + + /* + * convert from queue size in Mbytes to queue size in +@@ -4879,6 +4875,72 @@ int get_physical_memory() + } + + ++void check_usable_phys_mem(int total_mem) ++{ ++ /* ++ * We want to allow users to use as much of their physical ++ * memory as they wish. However, for practical reasons there are ++ * limits which need to be imposed, to protect users from themselves ++ * and to prevent people from using Mksquashfs as a DOS attack by using ++ * all physical memory. Mksquashfs uses memory to cache data from disk ++ * to optimise performance. It is pointless to ask it to use more ++ * than 75% of physical memory, as this causes thrashing and it is thus ++ * self-defeating. ++ */ ++ int mem = get_physical_memory(); ++ ++ mem = (mem >> 1) + (mem >> 2); /* 75% */ ++ ++ if(total_mem > mem) { ++ ERROR("Total memory requested is more than 75%% of physical " ++ "memory.\n"); ++ ERROR("Mksquashfs uses memory to cache data from disk to " ++ "optimise performance.\n"); ++ ERROR("It is pointless to ask it to use more than this amount " ++ "of memory, as this\n"); ++ ERROR("causes thrashing and it is thus self-defeating.\n"); ++ BAD_ERROR("Requested memory size too large\n"); ++ } ++ ++ if(sizeof(void *) == 4 && total_mem > 2048) { ++ /* ++ * If we're running on a kernel with PAE or on a 64-bit kernel, ++ * then the 75% physical memory limit can still easily exceed ++ * the addressable memory by this process. ++ * ++ * Due to the typical kernel/user-space split (1GB/3GB, or ++ * 2GB/2GB), we have to conservatively assume the 32-bit ++ * processes can only address 2-3GB. So refuse if the user ++ * tries to allocate more than 2GB. ++ */ ++ ERROR("Total memory requested may exceed maximum " ++ "addressable memory by this process\n"); ++ BAD_ERROR("Requested memory size too large\n"); ++ } ++} ++ ++ ++int get_default_phys_mem() ++{ ++ int mem = get_physical_memory() / SQUASHFS_TAKE; ++ ++ if(sizeof(void *) == 4 && mem > 640) { ++ /* ++ * If we're running on a kernel with PAE or on a 64-bit kernel, ++ * the default memory usage can exceed the addressable ++ * memory by this process. ++ * Due to the typical kernel/user-space split (1GB/3GB, or ++ * 2GB/2GB), we have to conservatively assume the 32-bit ++ * processes can only address 2-3GB. So limit the default ++ * usage to 640M, which gives room for other data. ++ */ ++ mem = 640; ++ } ++ ++ return mem; ++} ++ ++ + void calculate_queue_sizes(int mem, int *readq, int *fragq, int *bwriteq, + int *fwriteq) + { +@@ -4890,7 +4952,7 @@ void calculate_queue_sizes(int mem, int *readq, int *fragq, int *bwriteq, + + + #define VERSION() \ +- printf("mksquashfs version 4.3 (2014/05/12)\n");\ ++ printf("mksquashfs version 4.3-git (2014/06/09)\n");\ + printf("copyright (C) 2014 Phillip Lougher "\ + "\n\n"); \ + printf("This program is free software; you can redistribute it and/or"\ +@@ -4918,7 +4980,7 @@ int main(int argc, char *argv[]) + int fragq; + int bwriteq; + int fwriteq; +- int total_mem = get_physical_memory() / SQUASHFS_TAKE; ++ int total_mem = get_default_phys_mem(); + int progress = TRUE; + int force_progress = FALSE; + struct file_buffer **fragment = NULL; +-- +cgit v0.10.1 + diff --git a/squashfs-tools/cve-2015-4645.patch b/squashfs-tools/cve-2015-4645.patch new file mode 100644 index 0000000..f69025f --- /dev/null +++ b/squashfs-tools/cve-2015-4645.patch @@ -0,0 +1,29 @@ +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ecdaac796f09..2c0cf63daf67 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -31,9 +31,9 @@ static unsigned int *id_table; + int read_fragment_table_4(long long *directory_table_end) + { + int res, i; +- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); +- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); +- long long fragment_table_index[indexes]; ++ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); ++ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); ++ long long *fragment_table_index; + + TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " + "from 0x%llx\n", sBlk.s.fragments, indexes, +@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end) + return TRUE; + } + ++ fragment_table_index = malloc(indexes*sizeof(long long)); ++ if(fragment_table_index == NULL) ++ EXIT_UNSQUASH("read_fragment_table: failed to allocate " ++ "fragment table index\n"); ++ + fragment_table = malloc(bytes); + if(fragment_table == NULL) + EXIT_UNSQUASH("read_fragment_table: failed to allocate " diff --git a/squashfs-tools/local-cve-fix.patch b/squashfs-tools/local-cve-fix.patch new file mode 100644 index 0000000..6dce1b2 --- /dev/null +++ b/squashfs-tools/local-cve-fix.patch @@ -0,0 +1,11 @@ +--- squashfs-tools/unsquash-4.c.orig 2015-06-24 14:23:22.270710744 -0500 ++++ squashfs-tools/unsquash-4.c 2015-06-24 14:24:13.671243487 -0500 +@@ -35,7 +35,7 @@ + size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); + long long *fragment_table_index; + +- TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " ++ TRACE("read_fragment_table: %u fragments, reading %zu fragment indexes " + "from 0x%llx\n", sBlk.s.fragments, indexes, + sBlk.s.fragment_table_start); + diff --git a/squashfs-tools/mem-overflow.patch b/squashfs-tools/mem-overflow.patch new file mode 100644 index 0000000..1450fe9 --- /dev/null +++ b/squashfs-tools/mem-overflow.patch @@ -0,0 +1,33 @@ +From 604b607d8ac91eb8afc0b6e3d917d5c073096103 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Wed, 11 Jun 2014 04:51:37 +0100 +Subject: mksquashfs: ensure value does not overflow a signed int in -mem + option + +Signed-off-by: Phillip Lougher + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index 5370ecf..9676dc8 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -5193,7 +5193,16 @@ print_compressor_options: + argv[0]); + exit(1); + } +- /* convert from bytes to Mbytes */ ++ ++ /* ++ * convert from bytes to Mbytes, ensuring the value ++ * does not overflow a signed int ++ */ ++ if(number >= (1LL << 51)) { ++ ERROR("%s: -mem invalid mem size\n", argv[0]); ++ exit(1); ++ } ++ + total_mem = number / 1048576; + if(total_mem < (SQUASHFS_LOWMEM / SQUASHFS_TAKE)) { + ERROR("%s: -mem should be %d Mbytes or " +-- +cgit v0.10.1 + diff --git a/squashfs-tools/mksquashfs.1 b/squashfs-tools/mksquashfs.1 new file mode 100644 index 0000000..ce0acd1 --- /dev/null +++ b/squashfs-tools/mksquashfs.1 @@ -0,0 +1,146 @@ +.TH MKSQUASHFS 1 "2014\-05\-13" "4.3" "create and append squashfs filesystems" + +.SH NAME +mksquashfs \- tool to create and append to squashfs filesystems + +.SH SYNOPSIS +\fBmksquashfs\fR \fISOURCE\fR [\fISOURCE2\fR \fI...\fR] \fIDESTINATION\fR [\fIOPTIONS\fR] + +.SH DESCRIPTION +Squashfs is a highly compressed read\-only filesystem for Linux. It uses zlib compression to compress both files, inodes and directories. Inodes in the system are very small and all blocks are packed to minimize data overhead. Block sizes greater than 4K are supported up to a maximum of 64K. +.PP +Squashfs is intended for general read\-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed. + +.SH OPTIONS + +.SS Filesystem build options +.IP "\-comp \fICOMPRESSION\fR" 4 +select \fICOMPRESSION\fR compression. Compressors available: gzip (default), lzma (no kernel support), lzo, lz4 and xz. +.IP "\-b \fIBLOCK_SIZE\fR" +set data block to \fIBLOCK_SIZE\fR. Default 131072 bytes. Optionally K or M can be used as a suffix to specify kilobytes or megabytes, respectively. +.IP "\-no\-exports" 4 +don't make the filesystem exportable via NFS. +.IP "\-no\-sparse" 4 +don't detect sparse files. +.IP "\-no\-xattrs" 4 +don't store extended attributes. +.IP "\-xattrs" 4 +store extended attributes (default). +.IP "\-noI" 4 +do not compress inode table. +.IP "\-noD" 4 +do not compress data blocks. +.IP "\-noF" 4 +do not compress fragment blocks. +.IP "\-noX" 4 +do not compress extended attributes. +.IP "\-no\-fragments" 4 +do not use fragments. +.IP "\-always\-use\-fragments" 4 +use fragment blocks for files larger than block size. +.IP "\-no\-duplicates" 4 +do not perform duplicate checking. +.IP "\-all\-root" 4 +make all files owned by root. +.IP "\-force\-uid uid" 4 +set all file uids to uid. +.IP "\-force\-gid gid" 4 +set all file gids to gid. +.IP "\-nopad" 4 +do not pad filesystem to a multiple of 4K. +.IP "\-keep\-as\-directory" 4 +if one source directory is specified, create a root directory containing that directory, rather than the contents of the directory. + +.SS Filesystem filter options +.IP "\-p \fIPSEUDO_DEFINITION\fR" 4 +Add pseudo file definition. +.IP "\-pf \fIPSEUDO_FILE\fR" 4 +Add list of pseudo file definitions. +.IP "\-sort \fISORT_FILE\fR" 4 +sort files according to priorities in \fISORT_FILE\fR. One file or dir with priority per line. Priority \-32768 to 32767, default priority 0. +.IP "\-ef \fIEXCLUDE_FILE\fR" 4 +list of exclude dirs/files. One per line. +.IP "\-wildcards" 4 +Allow extended shell wildcards (globbing) to be used in exclude dirs/files +.IP "\-regex" 4 +Allow POSIX regular expressions to be used in exclude dirs/files. + +.SS Filesystem append options +.IP "\-noappend" 4 +do not append to existing filesystem. +.IP "\-root\-becomes \fINAME\fR" 4 +when appending source files/directories, make the original root become a subdirectory in the new root called \fINAME\fR, rather than adding the new source items to the original root. + +.SS Mksquashfs runtime options: +.IP "\-version" 4 +print version, licence and copyright message. +.IP "\-exit\-on\-error" 4 +treat normally ignored errors as fatal. +.IP "\-recover \fINAME\fR" 4 +recover filesystem data using recovery file \fINAME\fR. +.IP "\-no\-recovery" 4 +don't generate a recovery file. +.IP "\-info" 4 +print files written to filesystem. +.IP "\-no\-progress" 4 +don't display the progress bar. +.IP "\-progress" 4 +display progress bar when using the \-info option. +.IP "\-processors \fINUMBER\fR" 4 +Use \fINUMBER\fR processors. By default will use number of processors available. +.IP "\-mem \fISIZE\fR" 4 +Use \fISIZE\fR physical memory. Optionally K or M can be used as a suffix for kilobytes or megabytes, respectively. Default 25% of memory. +.IP "\-read\-queue \fISIZE\fR" 4 +Deprecated. Use \-mem instead. +.IP "\-write\-queue \fISIZE\fR" 4 +Deprecated. Use \-mem instead. +.IP "\-fragment\-queue \fISIZE\fR" 4 +Deprecated. Use \-mem instead. + +.SS Miscellaneous options +.IP "\-root\-owned" 4 +alternative name for \-all\-root. +.IP "\-noInodeCompression" 4 +alternative name for \-noI. +.IP "\-noDataCompression" 4 +alternative name for \-noD. +.IP "\-noFragmentCompression" 4 +alternative name for \-noF. +.IP "\-noXattrCompression" 4 +alternative name for \-noX. +.IP "\-Xhelp" 4 +print compressor options for selected compressor + +.SS Compressors available and compressor specific options +.IP "gzip (default)" +.IP "\-Xcompression-level \fIcompression\-level\fR" 4 +\fIcompression\-level\fR should be 1 .. 9 (default 9) +.IP "\-Xwindow\-size \fIwindow\-size\fR" 4 +\fIwindow\-size\fR should be 8 .. 15 (default 15) +.IP "\-Xstrategy strategy1,strategy2,...,strategyN" 4 +Compress using strategy1,strategy2,...,strategyN in turn and choose the best compression. Available strategies: default, filtered, huffman_only, run_length_encoded and fixed +.IP "lzmz (no options) (no kernel support)" 4 +.IP "lzo" 4 +.IP "\-Xalgorithm \fIalgorithm\fR" 4 +Where \fIalgorithm\fR is one of: lzo1x_1, lzo1x_1_11, lzo1x_1_12, lzo1x_1_15 or lzo1x_999. (default lzo1x_999) +.IP "\-Xcompression\-level \fIcompression\-level\fR" 4 +\fIcompression\-level\fR should be 1 .. 9 (default 8) +.IP "lz4" 4 +.IP "\-Xhc" +Compress using LZ4 High Compression +.IP "xz" 4 +.IP "\-Xbcj filter1,filter2,...,filterN" 4 +Compress using filter1,filter2,...,filterN in turn (in addition to no filter), and choose the best compression. Available filters: x86, arm, armthumb, powerpc, sparc, ia64. +.IP "\-Xdict\-size \fIDICT_SIZE\fR" 4 +Use \fIDICT_SIZE\fR as the XZ dictionary size. The dictionary size can be specified as a percentage of the block size, or as an absolute value. The dictionary size must be less than or equal to the block size and 8192 bytes or larger. It must also be storable in the xz header as either 2^n or as 2^n+2^(n+1). Example dict\-sizes are 75%, 50%, 37.5%, 25%, or 32K, 16K, 8K etc. + +.SH SEE ALSO +unsquashfs(1) + +.SH HOMEPAGE +More information about mksquashfs and the squashfs filesystem can be found at <\fIhttp://squashfs.sourceforge.net/\fR>. + +.SH AUTHOR +squashfs was written by Phillip Lougher <\fIplougher@users.sourceforge.net\fR>. +.PP +This manual page was written by Daniel Baumann <\fIdaniel.baumann@progress\-technologies.net\fR>. With some updates for 4.3 for use with Fedora. diff --git a/squashfs-tools/squashfs-tools.spec b/squashfs-tools/squashfs-tools.spec new file mode 100644 index 0000000..ee82ac8 --- /dev/null +++ b/squashfs-tools/squashfs-tools.spec @@ -0,0 +1,345 @@ +Summary: Utility for the creation of squashfs filesystems +Name: squashfs-tools +Version: 4.3 +Release: 16%{?dist} +License: GPLv2+ +Group: System Environment/Base +URL: http://squashfs.sourceforge.net/ +Source0: http://downloads.sourceforge.net/squashfs/squashfs%{version}.tar.gz +# manpages from http://ftp.debian.org/debian/pool/main/s/squashfs-tools/squashfs-tools_4.2+20121212-1.debian.tar.xz +# The man pages have been modified for 4.3 for Fedora. +Source1: mksquashfs.1 +Source2: unsquashfs.1 +# From master branch (55f7ba830d40d438f0b0663a505e0c227fc68b6b). +# 32 bit process can use too much memory when using PAE or 64 bit kernels +Patch0: PAE.patch +# From master branch (604b607d8ac91eb8afc0b6e3d917d5c073096103). +# Prevent overflows when using the -mem option. +Patch1: mem-overflow.patch +# From squashfs-devel@lists.sourceforge.net by Guan Xin +# For https://bugzilla.redhat.com/show_bug.cgi?id=1141206 +Patch2: 2gb.patch +# From https://github.com/gcanalesb/sasquatch/commit/6777e08cc38bc780d27c69c1d8c272867b74524f +# Which is forked from Phillip's squashfs-tools, though it looks like +# the issue applies to us. +Patch3: cve-2015-4645.patch +# Update formats to match changes in cve-2015-4645.patch +Patch4: local-cve-fix.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root +BuildRequires: zlib-devel +BuildRequires: xz-devel +BuildRequires: lzo-devel +BuildRequires: libattr-devel +BuildRequires: lz4-devel + +%description +Squashfs is a highly compressed read-only filesystem for Linux. This package +contains the utilities for manipulating squashfs filesystems. + +%prep +%setup -q -n squashfs%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p0 +%patch3 -p1 +%patch4 -p0 + +%build +pushd squashfs-tools +CFLAGS="%{optflags}" XZ_SUPPORT=1 LZO_SUPPORT=1 LZMA_XZ_SUPPORT=1 LZ4_SUPPORT=1 make %{?_smp_mflags} + +%install +mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_mandir}/man1 +install -m 755 squashfs-tools/mksquashfs %{buildroot}%{_sbindir}/mksquashfs +install -m 755 squashfs-tools/unsquashfs %{buildroot}%{_sbindir}/unsquashfs +install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man1/mksquashfs.1 +install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man1/unsquashfs.1 + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%doc README ACKNOWLEDGEMENTS DONATIONS PERFORMANCE.README README-4.3 CHANGES pseudo-file.example COPYING + +%doc README +%{_mandir}/man1/* + +%{_sbindir}/mksquashfs +%{_sbindir}/unsquashfs + +%changelog +* Fri Feb 09 2018 Fedora Release Engineering - 4.3-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 4.3-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 4.3-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 4.3-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Feb 05 2016 Fedora Release Engineering - 4.3-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jun 23 2015 Bruno Wolff III - 4.3-10 +- Fix for CVE 2015-4645/4646 + +* Fri Jun 19 2015 Fedora Release Engineering - 4.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Sep 13 2014 Bruno Wolff III 4.3-8 +- Fix for files >= 2gb rhbz #1141206 + +* Mon Aug 18 2014 Fedora Release Engineering - 4.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jun 13 2014 Bruno Wolff III 4.3-6 +- Apply a couple of upstream patches. +- Fixes issue issue with too much memory use under PAE kernels + +* Sun Jun 08 2014 Fedora Release Engineering - 4.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 14 2014 Bruno Wolff III 4.3-4 +- Even more man page fixes + +* Wed May 14 2014 Bruno Wolff III 4.3-3 +- More mksquashfs man page fixes + +* Tue May 13 2014 Bruno Wolff III 4.3-2 +- Add missed option to the mksquashfs man page + +* Tue May 13 2014 Bruno Wolff III 4.3-1 +- Update to real 4.3 release +- Added support for lz4 since the stable snapshot +- Added support for alternate zlib compression strategies + +* Sun Aug 04 2013 Fedora Release Engineering - 4.3-0.19.gitaae0aff4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Sat Jun 22 2013 Bruno Wolff III - 4.3-0.18.gitaae0aff4 +- Latest pre 4.3 stable snapshot +- A few minor bug fixes +- Improvements in getting status info while running unsquashfs + +* Tue Jun 04 2013 Bruno Wolff III - 4.3-0.17.git5c6f0024 +- Latest pre 4.3 snapshot +- Includes fix for mksquashfs hangs +- Switch to get pre-release updates from the stable branch at kernel.org + +* Thu May 23 2013 Bruno Wolff III - 4.3-0.16.git84d8ae5c +- Latest pre 4.3 snapshot +- Fix for a rare race condition + +* Sun May 19 2013 Bruno Wolff III - 4.3-0.15.git27d7c14b +- Latest pre 4.3 snapshot +- queue fragment and empty file buffers directly to main thread + +* Wed May 15 2013 Bruno Wolff III - 4.3-0.14.git8ce5585e +- Latest pre 4.3 snapshot +- Includes upstream bugfix introduced with the sequential queue change + +* Sat May 11 2013 Bruno Wolff III - 4.3-0.13.gitc2362556 +- Latest pre 4.3 snapshot +- Sequential queue change + +* Mon May 06 2013 Bruno Wolff III - 4.3-0.12.git9353c998 +- Latest pre 4.3 snapshot + +* Sun Mar 31 2013 Bruno Wolff III - 4.3-0.11.git8228a3e8 +- Latest pre 4.3 snapshot +- SIGQUIT now displays the file being squashed + +* Wed Mar 06 2013 Bruno Wolff III - 4.3-0.10.git6a103792 +- Latest pre 4.3 snapshot +- Pick up some more error handling improvements + +* Sun Mar 03 2013 Kyle McMartin +- Move mksquashfs to /usr/sbin, as per UsrMove. + +* Sun Mar 03 2013 Kyle McMartin +- Add mksquashfs.1 and unsquashfs.1 manpages from Debian. + +* Mon Feb 18 2013 Bruno Wolff III - 4.3-0.9.git3ec9c8f7 +- Latest pre 4.3 snapshot +- Better error handling when space runs out + +* Wed Feb 13 2013 Bruno Wolff III - 4.3-0.8.gitca6a1c90 +- Latest pre 4.3 snapshot +- New option to display compression options used +- Some error message improvements + +* Fri Feb 01 2013 Bruno Wolff III - 4.3-0.7.gitb10063a9 +- Latest pre 4.3 snapshot +- More checks for bad data + +* Sun Jan 13 2013 Bruno Wolff III - 4.3-0.6.git6c0f229d +- Latest pre 4.3 snapshot +- Quote and backslash parsing for lexical analyzer + +* Mon Dec 31 2012 Bruno Wolff III - 4.3-0.5.gitc11af515 +- Latest pre 4.3 snapshot +- A few memory leak fixes +- Additional checks for handling bad data + +* Sun Dec 23 2012 Bruno Wolff III - 4.3-0.4.git99a009c8 +- Better checking of data in psuedo files + +* Fri Dec 21 2012 Bruno Wolff III - 4.3-0.3.git7ec6bd7a +- Better checking of data in sort, extract and exclude files + +* Thu Dec 13 2012 Bruno Wolff III - 4.3-0.2.git54719971 +- Pick up a few more changes to better handle bad data + +* Sat Dec 01 2012 Bruno Wolff III - 4.3-0.1.git0be606be +- Pre-release of 4.3 to get early testing +- This update includes a bit of internal code infrastructure changes +- There are lots of fixes to better handle bad data +- The final release is expected sometime in December +- Until the release only the README doc file is available + +* Sun Nov 25 2012 Bruno Wolff III - 4.2-5 +- Backported fix for bz 842460 (CVE-2012-4025) + +* Thu Nov 22 2012 Bruno Wolff III - 4.2-4 +- Backported fix for bz 842458 (CVE-2012-4024) + +* Sat Jul 21 2012 Fedora Release Engineering - 4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jan 14 2012 Fedora Release Engineering - 4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Mar 01 2011 Bruno Wolff III - 4.2-1 +- 4.2 is released. +- Bugfix for bad data causing crash. +- Include doc files added for release. +- Big endian patch is now upstream. +- Buildroot tag isn't needed any more. +- We can now specify CFLAGS on the make call. +- Compressor options are now passed with the make call. + +* Wed Feb 09 2011 Fedora Release Engineering - 4.2-0.4.20101231 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 11 2011 Dan Horák - 4.2-0.3.20101231 +- Add fixes for big-endian machines + +* Sat Jan 01 2011 Bruno Wolff III - 4.2-0.2.20101231 +- Pull latest upstream snapshot +- Includes check for matching compression type when adding to an existing image +- Sample cvs command now includes timezone and specifies when on the date to use for the snapshot + +* Fri Dec 24 2010 Bruno Wolff III - 4.2-0.1.20101223 +- Switch to 4.2 development snapshot to get new XZ support +- LZMA and XZ (LZMA2) support are now different + +* Wed Oct 27 2010 Bruno Wolff III - 4.1-3 +- Rebuild for xz soname bump + +* Wed Sep 29 2010 jkeating - 4.1-2 +- Rebuilt for gcc bug 634757 + +* Tue Sep 21 2010 Bruno Wolff III - 4.1-1 +- Update to 4.1 final. +- Byte swap patch is now upstream. +- LZO compression type is now supported. + +* Mon Sep 6 2010 Dan Horák - 4.1-0.5.20100827 +- Add fixes for big-endian machines + +* Sat Aug 28 2010 Bruno Wolff III - 4.1-0.4.20100827 +- Rebase to latest upstream. +- The main reason is to pick up a fix for large xattr similar to the large inode fix. This doesn't need to get backported as 4.0 doesn't have xattr support. +- An option was added to build without xattr support. +- Various source cleanups have been done as well. + +* Tue Aug 03 2010 Bruno Wolff III - 4.1-0.3.20100803 +- Rebase to latest upstream +- Prevent warning message for xattr for virtual directory +- Fix issue with large inodes - BZ 619020 + +* Tue Jul 27 2010 Bruno Wolff III - 4.1-0.2.20100727 +- Rebase to latest upstream devel state. Mostly xattr fixes and cleanup. + +* Tue Jun 08 2010 Bruno Wolff III - 4.1-0.1.20100607 +- Rebase to 4.1 prerelease with xz wrapper +- Provides lzma compression as an option. +- squashfs-fix-unsquashing-v3.patch is part of the 4.1 prerelease + +* Wed May 5 2010 Kyle McMartin 4.0-4 +- squashfs-fix-unsquashing-v3.patch: pull in fix from cvs. Thanks pkl! + (rhbz#523504) + +* Thu Feb 18 2010 Kyle McMartin 4.0-3 +- Update to release tarball as opposed to cvs snapshot. +- Add dist tag. + +* Sun Jul 26 2009 Fedora Release Engineering - 4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sun Apr 05 2009 Kyle McMartin - 4.0-1 +- Update to release 4.0 + +* Mon Mar 16 2009 Kyle McMartin - 4.0-0.20090316 +- update to cvs snap from 2009-03-16. + +* Wed Feb 25 2009 Fedora Release Engineering - 4.0-0.20090126 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Jan 26 2009 Kyle McMartin - 4.0-0.20090125 +- update to cvs snap that should unbreak big endian machines creating + little endian fs. + +* Mon Jan 12 2009 - 4.0-0.20090112 +- update to cvs snap that generates v4.0 images + +* Tue Sep 30 2008 Jeremy Katz - 3.4-1 +- update to 3.4 + +* Tue Feb 19 2008 Fedora Release Engineering - 3.3-2 +- Autorebuild for GCC 4.3 + +* Fri Dec 14 2007 Jeremy Katz - 3.3-1 +- Update to 3.3 + +* Wed Sep 5 2007 Jeremy Katz - 3.2-2 +- fixes from package review (#226430) + +* Tue Mar 20 2007 Jeremy Katz - 3.2-1 +- update to 3.2r2 + +* Sun Oct 01 2006 Jesse Keating - 3.0-4 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Mon Sep 18 2006 Jeremy Katz - 3.0-3 +- updated fragment size patch (#204638) + +* Wed Aug 16 2006 Jeremy Katz - 3.0-2 +- add upstream patch for fragment size problem (#202663) + +* Wed Jul 12 2006 Jesse Keating - 3.0-1.1 +- rebuild + +* Fri Jun 23 2006 Jeremy Katz - 3.0-1 +- update to 3.0 +- include unsquashfs + +* Tue May 16 2006 Jeremy Katz +- add BR on zlib-devel (Andreas Thienemann, #191880) + +* Fri Feb 10 2006 Jesse Keating - 2.2r2-2.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.2r2-2.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Dec 1 2005 Jeremy Katz - 2.2r2-1 +- Initial build + diff --git a/squashfs-tools/squashfs4.3.tar.gz b/squashfs-tools/squashfs4.3.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d061b5cec4941cfb62641d5186eae0d9bb108924 GIT binary patch literal 182550 zcmV(yK?(=NJ4#gI~nnze=F+r?!^Z$JRJDtw@wnx$Xi7c+HsEklERW3}S#C&4JM9!2*&AiBrOjRl_ zz3s$8oCrCcmMYP*QevviG*eM+bukvY>Izw;__q)vrP85HuEfIBJX%b1DKRoxX6DqI zrQP))|(O6b>sjSe2uuB2oPc$A` zAw>ykOr9--DN|KqjLp*2;|U(1M=~i*VKOt;iOgJ!Es<$kHFIN#dYWRDDITaIIuWJH zRX$W@9Ah;H$yH(InM%iaT2vNGD_cDYI9b&D*-xnc7iC=-@yTSPkvKUyVMQJk=|Y^< zmC1E!uQboFrl=^bOVTE3B{TStVjnXzC6P$GiL#co77BI`;RkJBZ*TD&xzq(3k;tFFM5#(l4r8)b8|+~{otm<`hj{%zCf*@F ziC-0|XFtK`_#1uxdp1@v=6}w*K6}NJkRGS9N+ybXdXdE0m$y+M>ODk!_{T(iuXFK2 zmnq9~czpI!Y#y4z*10Ohai)?A#;Ox5&U8^zU$($4% zZo4ip2`z3AKZ*xW#g!@xmGNx!G$OT(-J0op+pjVvThRo)E!3P=C`LL{!Y*v3a*;`R z`cL<+w{suAVBK7(3Tr<#r5#J@6=N`aX@zCu_PfMBO3Mvo7R_>Cj_4A7e0fP4P~}J_ ziUndd47T~#j{CLSE0aF(!%ZwRYurQ(JT{kE*320-meNk?)tQ)-fbOG)2uE6+DL;gC zJqfo|k&>|IS2hs0QEsWm>YCIF32YpFnvjAC&fLTRB2!+evYCL6EmZLfO)YNL@@T1^9x|Ut(EO!bICE| zn|(?8_a;YJI)~!F=|o+%ku0qf49Vs)HU^OL<@{j9WZEctkLBG5KGt1i#n$fO7h=UP zB0O~P!tU_!9#Y;5hfh^eDA?IiojUy;gHO!0Dz8ZE2c@(W%uk9W76|l3rAHcSEC~8c zZN;!2TQ=0Fnb@(6mO3;*;G*^%`^sw@N~@i~0ds)OT`RWe0{zNLCv_&-mlxsW)PDpM z=O_v(oXa=)J35w8!n8q7&j|{p01i1cNzqk9lNNW{1 zLFApl+5Czt++kwGVb^?r^YZNA^A@0Qj1eopSdLcq_gMkR~%>?#bR~3sq802;n@9alN^GZFeS*D)2I6K<<;pEXhCZ~MUm=)bMPQouU zc&5wP)C^n2mZroD3I+mTbN} zdHEJ0h@yOQr7GI{%L+b5NndIa)|s(Q7`8tt@H;>lInRp7tSF=~<+#BJ@)SA4wty!q zY)o#-1#!j9%|2A3Ne9<81OYZKs=1sj>J6TJVx}a8(AF-jEm$1%9_q&cM8MWK`I%<7^H*>H?O^5+L`hDkzQM zJT}Ix@qv@WfN<#MQN zg=Rd07wUyLi2+En%*=Q)Vn!89=@oumIT#3>8WnHFcGYAS^XWEO|^5gI#Yo zRG+CA}aFWvO)cGJT8%!MvbsNS6!F_6~Rr`SrknZd101z={xbGOAh*Yh;|R#1y*XIr-Ej7+;-g<#$(-zsbtian=IG2yu(2zdK+A zN)3=H3TOmz6`7}xb}=Dky=3IT$}t%?j0E@sN=1;(4JrPtHji8`BdJ!pl4c`Q;i1!k#Qr2sWC{?DUrRq?h5SDGaVbfeB z7$=F?2iLxKG$aAj{53v~#kt9rLuH)ej2bHHQPbtrx7k}nML#aA_@-1{O^LJmD0?q5 z(R7M@)NN}q#Ym5lh`6?FInL!J3vBC8Io*WAV}lD$qMlg|V+%Tu!K#u;QGjPF`12yKDAAJRp;m1gh`x>M)awb({W= zJCl?f4ga@KB>w&LSN??Oe~vu<`E&g6{I5TtBf#eT?@|BJV>FpC~A*$I7&43WSFsd!bm$(JzWRhi1Ac^>|VV?BSp{z&?r#rzUYm zyb?gS@AdZg%sq%xfO-)pCa$lZV~lq$#-yN8sdDx6R~KjC7Kx&o(&h}oilBNxY(ArO zoyg25l_kaztCprTE$J*vhzl3GXbnMP)T2c*34ML==GF0~TN#&OQw3g<@v)dM1yRz_ zo|I6sHqm@c7;yX_t0<06D&lZfD9sFc{9RA!)GPaL@NZXy=Uh~R@?ViQBe?R2pxy-~ zUR=yeHI;r$seQ4MGcun*`MD{|(2=c=pnUL(-^&;j5wCJ_gD7RLp(I2S$wkNsmJ?I< ziHL3WcZ|MLB0(^t@!QxH)l--0=ki+TbxykLpAQ!mI&P+FB-a=T;Vgzz$K&rVaOQ}IpuLom zZ#kMs?F}7@aWd%>d6$B3d)CpU^qVS1QoGJUw){+#s5hF!a-u@1l!JOd7OiK!{doND z%W^awl9Y_(Y1YS#JE<}mgkURu3HBedbio9Si*hQ$2%rkJ7W;dKaIl&v3VrRl?y+1*o56qzHd+X}(5j6`uIK&#JzqYMu zfK`@&3mT~5t2_sUd=!h9q?fin2ogY!rP+&*3~YN~(H|#d1OqGk!rabv`kfcg#j7ZQ;?`G#ed9h*ZyXT0@EJW8cyv z1j+ZDg3|_@;Y_=;66E?-*CEW|152a$?ei`oU1?KQVI>sm<{mEs6o2u+`mXFLO>aK6 zgs3+=AH?L9pLq#XT%@yxk-lc2^U;Gaw=q_CHkT6C0;@KFNoBmz6&qDqQ_UdWplMZ= z#6*%xLhRD|f}kSvD`bNTx#6%?Bw!fOfSW0fo&fcN8v&l=1mUi`3a<3h!6~CDDRE?Y z@ifV@yn7QD+F~%X3_iZz+2dYJBYj1H!byNx5hK)1H*a^UsotBSxioWQM0Xr~+Zc0A zTnq*{E=U^=4yBmOvTy}Kc=(6QlQ*wg?r;;*?!YiR;WBg}ArJn5zddkY)=q%P1fmB` z0{DR9`)Iw5kEtSLNZs{DPBl?8vD-|lg%Wj&qW|OATc)DZW}?mup|{5G}s1a^y|27n6?JoR9Tt8x)|@S%eey?zt+faJ0Ir|XJ#37 z1ypJpHfEN?LtJ5;2Xe-+^#diivsaQ?^bAjYFGcwA*}FG*46lvo4s9SBoS)uqQ1r6D za%%4?Vh+c_q-I*p?{lFhiVkeBGCudZg~U4@2ld-&X~w0@TjhB@N6c0MR%Tjf3@Nv0 zf)liVzIlJ}`B}UjjA>0>CaUj$4@4Zt6cI4NZ+>~di{E;RuXPem`UBMnsXiQ^5?#W)FtY4kRZFS1|Zp<8$F{p9U?((lC;H-z=Hhm zUH*OjJ?ag`KD*vmisU?9XRba(UciVQM)S!JD^<*}e3){ofpl#TuNdnpk zyK;)TB=|htlG?ZPHTMFSbRwCkI}DOOHY_J;CIsyc`FQXz2Vq598*KS9 zt`|RW`$>mUWpkTjT58I}v`eUi9)O&;1uvCHr$U-8{S{KzXTkXbWdl@}Yo7IX29F;- zA*e@J`uw=t=C^IfhY_9c?R$XsBCf%Ix`0qXg$-L`s6EGB7-)X<0pTY^npYhwHesKrM^`L5&ElL>2COyQbqvc) z3M*{mskT!(2=tfK#;&j|%P4H=+l24KBU!$cMN)X3bKk@hn*D-n5zjjxtZKiAWdnHQ zi$&|xocd6VDw+yL#7k?3Yxz;s%c04APk4B6{w$`Gh2=lXaTQvOe^{4PQ={|}QG=>w zPX~kZ9}%7|=ngRI)z3Lkw_!Zg{1)yLookx_MBIJIz$n=RIT&_2l5m|4R_Xoyz`pL&_=u^AX9M@?@RCUi5s~|}{v1WU&vd1^wa%nvx@`)< zm#mo`t2B5YMYpnI@2l-7J{TuU#onOILi9cdgu9o~A2~TDzVhffHuaXLLCV}mjv$^c z&n%w$(dT?6uE$lh{oo6a7=91NdO~CM_m+e8_xxyd+)$}8)k55dez*BF=pspJzrBf; zse|{#pLSs^u1gA7tV#a64R__8GM|+{Q$pBk)$RuX{6A}awd?r^5upiOCzr)n%Hz7| z2n_z}D(7G6MtACqJ#>LSja&vpOKr=xV!!=JO8dlzCc!gTU?9H6X%PnKUw`cfAHVij zzYSKt?Jd7OefspTF^(sct-YnZ79lm$?$4u^GPG-pTp~w;Op=>BdiG^kyhdCShhff$ zoR519lW%?(`d#(+nsSIB`{2%t-{UMIyNF2|vJAcI(pXFU? zS=i+z2}?O7kj&Qzbbw+zijEAs15C89?Cc7W#Gk+YTd(e}p6OXYQe@{W?qb1APd}=w ztLt6VNc5>UMjMIJc^JRHzYd>H2K1ll1rYZpNbQ&DWZZ3%FbDr+$+`dnV~pfD*fD4owoIUoAe3knbRRZh3fiuLV}Hi>mo^8zkz4pC(dvY(;10 zG#~X*X~-Jw;3!r}(MPZoO9MTmz@GFY%f2XcCj#_7+(@y#M_3A@&?)YW{A5pY{wTB( zWQC`C|Bo1LiYZM|%*UPo9m<^Hw|kxctq#}-R{EBX2Fch) znC93C_SBSMm*E-k@>B7iOVHi;{d=JNP5P(PWK#s0;v;y1=;Fx`_zA`57|{kAbo*&C zf&S^iC5lnz@aXj)6?QgSSh@fSXi3~zmM{ux!JvO0#|sF=HkwNCmyS4j!{_aVR#faP zUO@k27)bSC9#J3iyXi*$TtRK_3}qNQ>GnfZEj!#PPtu(Zj4aLsy_C=q(lHYr5f0%V z!O+p%^+jeno$IF~YY9)w>Rl=)Ws%#VbR=_(7kE=N$QI_E+ejbG;Qo4DsdcX0e4W8P z5IiMxm%9#QfY4fKwzi4df^>|L6M(i8Om$F1BA%nQXjnpF9AxeBiIn+gk}JX>XG#Ii z9P3G{UY*b;zwpUgE~Zy)g<^GwK`ypIp}8B~Vi^1p%H!;nwOcj&xwjVGOhM!lD(4a;2|ZVH)9IC;HYeqGK~EXh98f`Ck)A z=F=41(QRBUFikVkYRj6?l#{WyvUp)tnaTv2Bhi}Ja{)6GmP%~zLkzzog+Xl8n7+-^ zH;zUoMvhc)Xbv>Th6xzP;-BGTY$uJ#6)(t}(0j78Vy=`TBfxq)xsk0p&>%K8i8z!t zA+4G=6i%GN0?`j(MQg^@msN-8y@tF#0D^3W9ZHaKj*Ws2IiA2yJ`e?o{YG*4*P0cT z3h6}wGF@K+!p$KSfi}X~>6*QF^ByBtmOR3{l>-z`2} z>_~Mwqmyx#yrp5)38A+T#cEmgFHFGj$q9+eA7!9!EtA(_P$DOte|9zF(&q=c!EUP)P$%F$(9EP z-RcL$HHwT*esmLEjSjVzT=aEB!l89HwK+{NcnIA~iPwkA;oAuZr;(kw7;Y)iOgKde zL7`Y8zIKSq<$I#k44qafHO`epzP(HNn#We1e@+-)bT|cKE>K8>y(wn zV(!*~`R4vSLnlmXcQvNKZ+#;9rpGi-hG2^v5p}}~KlCGH1vJ?}C1$#3Zc5ZI8l63R zQN&+#hhKDuUv!6GbcbJbhrco1q437q3dBsuJO&Xs2H@iS@5mWDqRVdXry|6#IDm-< zN!&z#^0w-&fmf>uinXq76Uk5DE}weKM3GP^>FMYl;ZH_xm6t=&JY0^Vd2?z6?%C43 zVeqE&3vNcXfuMkbAk60PGmbL1vCaB@Z`7SRzjJ61U8bjiJ%}%k0-??mD37o{6w^MH z&N38#0Msy-2?uvb{0%WA`u0~V5=zGAy;R3xP-G5+d60=4ADUMkMbOED0-rZUn!7}i zn!N63fCANx38l(vTn>@^YO4N*)S2|ci8mihRECEyq00e)a z;*CWu71+R^y6x~v`PUFQy!fWe6oiF|vXM7P)LL<(7P_G%{V>Fh7m4G#K1ReM0eix1 zSi;oB+2$?2l6s@y1B>$eWW*=eI}zU8*!<7V(UbEuRsk%zwJQup`7|PonGMi}k1{E9 z!Ggi0r$IEPkUZl=lZtge?q(A>1c=c9(66HX(Uf>UMF!oL$3py3=l9<(IdSy+r{qEfp;`O6u>MhCbM3m z?*%1|(Iw)hg@S_Z5`AWeUCwBlPEc19aeQ3eDNM8jw^2g(N35x`ZiOZ@6};&t{cL&_ z!P`knu}obKxjN0$$-A`IkaI}T$63fhRg*X1%<{;@;WI{&<2B_ZMO1)&waaQ@Y!hX7 zWT2r`I>~TqtkdkQty4pZnL-+b)Y~Wohojvl`9sh$(9c0%K5z#FJTUkJ-_as6pO;-K z8pY$mX}*+bH1+*HBaRF6J+C+(4!L0idC%Jf!0?6f8zTM`G%1s3Lg096tgH z=PMdd(>@5B6(TN!X8vL&-0#m=;-fPTpU3Ux`bk1QRa)%z{?xNwWc2UynIg($9nRk6_MLkTG?hNFHv+i5Z-_p<`!=X7J z*QC#xtyB!2UOCYqbPGfiK+?mLafV#)B<0u@$yMh3-%YYTg2Sm#(o@eHLmn&QtqIVJT!Iy4Q!^cc2h4~f2PXMN zHjad7TKheItazcg5ITgZEOEQad@IqvV(=F7>yxaCa^`jS1wluM>Uj3wB4aypF}}G zLU!$O6LvkpJX~hea7PMrR2tMK>4EXLC1(e>Q6~VXOSprlSAC9Q*I%j(ppE{th*nxVYKx+lza zo56Y{!Xfu_Ew^0sb7@9O6=dlC*vfB=l&yBfq~~H{6j2rq51446X9GAZMZpbP>n3o4DttX54Bmk;1aYNq1xRHY-d~`f!Qt zk@ZT3QT4Esv`-H4CMl-sjT85p1{9*h&UR{%xzVU|mXU(1$8<1WDu%CWZx1|dZLir< z`o4oL;NKMqAGQLTmnpdPRkQe{-85s;ACdQ3h7h5PTgfxQqK?bW;UNV`G`;?H*rc#3 z*oj4F0(Z`U^;(e5-l9LSL&cH>EXAZl5)T9C#IoT)oNQoN^TKd6T(nPM#aqaX^Pl#6G1c*vGmzZ;mZ~#{!@2m~VPnk`E3DE! zW`6=sPmSf%E7F2oQES#jS%)f#@zKs#@dW?|4f|KHn5EOD?h^cWfp4Z__Yt;O5U*UK zWc)w`CN=j^|K!vV84n>8j9gyr1sWAY>XgSClCNy2{i?bPq8TSKH3)%A#2-uosVY~< z@~!Hu-~o#)NgQnzddj0Hj@zD-wE-ig8ffKz&o49v14;T89lVzAw$A_YEq)C@J2EZD zj#+eFz;+9UJ)44T&eqkUA6W~#>fCZ7cb8rtPv78dr0w168J(seVvq|PT^I}U1x_u` zdcM;(2Q_j}3&-Tn1{aGsys?ga)a~LC-SOlY6n2xKS=yVHa>DyT#&yy&phZLN+Bqn#XcP zEO`jbLEN55mkc-L*_2bROL}T^ERrIRCj`PK%`5XAk@g%UcS}jIvF}Y$!sM{Yl49f_eweSw!Y{jwXi^_}F^iE!2k4@hFCGQb3#e6vE zU9rIjon>67In6g;Z{^{2=T^;hL7&~5fC|3dItQM;DV`Ib@fagKKI{}o)SLIUU+C&u18T7bC2MN@^$(-q?(p7e_B`R`n$BMj)=ckEybTGoveM zo0)d2CkV3T%qf#&UoUrn5v#xmkiaWm* z$7x&EF`0X6106ysb8eor;Y}Z<&Z2RyX)`KBHc%ZhzuFxi}lC_Kap)jLCJV`lTD4H8j zbA#|6nyN^CHhcy>!ObE{u{^O^08hRd^uv#MF1HHp;e=M9kc5w!9RWso!Y$*GBNWL7 z&E%Yjj}yd7U|gBbMc}BtWj24`81>6#b`dc4} z?34SgH`cdS5)~>Xo*$kvUL^v_3zkY*9}{3wI2wUpq%T7t=FcrY+|+i zn6^+T8wMas*~CvGod)Wz;7Zjnpf0;DCQ+H4qTd8+fY=8-b5;bpO* z=I`e!G3v>iT@?CL$yIDX>8G918EZlX!hEYo*$(8JNm41+7-e47x#X1MEM`NrW8%sI zkgSv^$I|#L$@;LihT!2OFneYfO^+w0$q7cBUR_-Y#}O^S-wP%rNe91b#|5tBMIfL{ zN)94)L!W{)&z37paWzXO36K}=fI6HFGqhP#a0T}K5^ZHX$T*>7!n&3xJC!v^)-tJV zJlJ5`o7@zT6Z4h7^XNB~Virjg<6T`VF+S>!J^vdI@&9LR|b*)a?ot0I_4~(pmqPb;g z$%=Yejyge-0CUgg8ZGF2KMR^wyC1()Il08{P<7(GEJ!w%NG0`Rpy#PE{UC{u=bo35 z&Dk2+jMWm~R<;h2JzeuwA)6%|^~nb5=X#o?f1hOrY0ROO@UnRV)-idODEiwp^gw5U zmHw)n3B(#2xk)IyXv>2pP;}`=$I>kHuHXP>T@S_!;>$7^^-$M~Rdpo0@OGfJw!+DD zrBgbY9*tC|IHNRIO>xh){00*eM!{S>5+}lvauwu=80!& z=9<*P%XCQ+$djq2z{M9ftwfNybM_U1J1vw_)c18*9Gl@$F|0Gx6)-WXl$S8+o%E5+ z>%o&wB9#=cHyi1Ecx*;gc0)L)t#&JZDj~;MCP%iKoN}(a8|8?rG<}rnjWa0`#K|a5 zhGkwHP%p`3PuE`;b9mDevlgIo%F~W`G;`A-{pnsnYfKW5@c~vgYq3-pf*gAA7dl+> zJ=8QNYv$Ap#7&xMM2WOJ69+pCku~TRYjl$m3nY>A2Uud^$|CH-(rGqaLTcPK>qf4W za5SIx(2v1znY{0o>5di*{1zzXvsI%V+OxoRTLaF@ty#iiZa{gKdN2&IiSg>{DpLuT z9Pw!+*G_KqhztH#3$dU5#2U>}Z%Hj^k_Z4c#5xdFmODM%+1uGV+9^%wFHsFsSH6zF zLYbfR4tR~d*~Ec|^tzUIFGlfl{Mf$Uq~~WD{u>v5;Ps=w0yk(I|Fx>sf7P)FOMI{0 zXoQ;3sQ-m6{DFh*7KgDLRLYA52d35wi$L__uNSEIzhb?szs3tsC_E9pS{CBJ;y;KE ze~qH2{$3eC7PiQgG~*m2*kw}!9M!ukI;4y=YhzM`V3O%MTxu~mRxYT`MC=_V=3Vg%9piq|mAbMLv%mu=00#Iy zF_04W$i*v*m-*+Z*PU=aQ8yV+$=9E1yWr5)0WmO&T)Z9c;$>zP)?#^BlcD`qdo}M$ z#(enxtvpEnh9TJ55YrZN{3$icOjuo1JB=6FeMd9XOh;;6c~_ir{@c3d{WK(mdfki3 z3DVwfyuQA!kh;CR9Jjg2Y5y%XIi)7c@PD0U`k%fwiz}BD{?ff@t_aEx3CcLY!!}c4 z52W&;3>x?l27U^#6itD?X2BwOSvHN<9yce$(5{eDeur zZSMKItv6EZwcQt5^{4?|0p?Y#4B8XEf`$mXRjev97pL+b>LV)t3-ezv;LF=+9;ir zeCmwU9@|91vWfL(K>|>YEf5B$MA#)V;F?{VZ zmcO|+WjVATy_NzWwzUDdRMN_%f}fc6Ym4t+oAz^C>ck(5v)6e#aRZSZ#(a&nu)VW|bksQE$qN%HZEF8?*4C-h z7gGOc@oe%sIS+Ja0|&3`lDdO#W83BAH98BwG1U{y((&LE3RRZGpsuv3V3vEy0Scu# zs5yL|3^~N!*6E0%?X;`%hUofAm(rlEkYbKXXbqg!=V#pI(Q10VBp(}>0_INIi ze4WR0c?#$)J8|{G5b*fl1742 zG5DO2z($Xh&Ljx2e-&_W=uzTRRB#&boES5 zh`P(@!q9wB!S@ElBh1M;8~4a_N$F-3c;PlA!3G-oQ?uo0F%3>eghOXN{!z>o)ACZA zx+h9)J4w$Z!-M6~$hzTsZJK!)S1V|sm&(HWRTNw@O?u?J)3n)t zvneO*pfZeHnUM<~vN?*9Z`mmNbfVKfiKtv;nK%WU+Bu|mTC@ft9TKQbFl!Ujvozs~ zga53w-V>1h3@|yDOMkYzw{!IK(eciUcyH_HgIC8v5{yw$K}SEX{vgzLki4g)Q}D+S zbIBsg!b~Ks#&mSf&_XAPh#;Btv-2S`%fJHE;^LUKf5m$9YX5>Kg*N}9Mmh^c%#UIV z@0cG2KSZRIvX17%J1SdH^@pmaW%ab&39Xq)@h9=zN!bb5uiQs-zLJWdw$;r)6!oPH z*B_1EV*T`M)+W`qz2V$PrM!fFbBpP;8KFYf zPv&W-d71ciWX18g&*y5oO(*QTh~zju8&Mb& zb&r={KN*+iNx1{u3_!9OPFXx9*sk7RL@0_TjTPLSj+k#YOms&O8I{1`Pd+NRmdFt^ zfjoTuo}JNN4UHX1AZe5EF>%J!`)n1jeb#p6BRXsT&h`GnLLgo@ESIC)ltB(#Lid6H+d3Ei2Y$uohpo!dioC{MQObKHgVP>EUa9S;|gQbh6GNQhA@SLl^J zTRoK#u$n+nlU|QlFiAmy!!QOGaMusICtHz+xv4Mda33LDEzWE-IZuX}iRFv)KH3u` z8CO4j4>aYMT}&uK+Bj>&qb?JbJ0|J9OLV5@=!|VKaNsa&HRfL+W?l+} z8B9{zKT9W#P74N%DmTcUa;8X4y3g_pTP=-XFVwII5l6=gu)zbu>Iz(X({n_Sbk2oc zqY-<0I8H&`G{r{fY_Nl-U%rdZfvE(>G*C^y)Ggg7=z*pZ9MFu=P-<9`5sb7XcLyI| zJu!|?F?(2CnM$$3XRQo6zkDv3A5?F zm&&hra>i_yW9CPlF=>f9TB<9LvLerMOeHboL)_40`?AA&(Y(Caqcd-Ttv3Cpb>2eF|`)}JtSHn zM_4o~;-cu-2j)P`Q8p>?a5tUUOtBUd@dN#qF!);mN!{7DFhc-icf%ARL=FwFtAQ{> zf@WQqyX-6dDuEPoz)AWusvIFTZlUf7*d08!_{$xOF78Na)+m)yDhah^=6JA2al5s# z79VF%8c5CiCbby*vq^j;Wp09fA?M_*o4IY{t5zl=TZL2LT4?C}OKd=n*`b^C3OnY3 zQ*sdKbXMc%*%LFTcISTl1N_N=2fkpB$pybgg`O*s$(<5AX%=DInS{spxml|OBT_Ht zPHITaL9$EaOF+5A!036@UdQ>-u~~~vQfE({Fwb47aGbmg#-0eCCf}`DPG}*i32d9F zhy`9D8{?QHU~oO_X_{=f!Iwll$v|LEl_#CTTnc<=3sq-84l#U#an^KWZ5N|1CjbV~ z*%s$3e*u?B#D@`y3?D|S4`uRLi5!bziVeQ!6S}I%xrV*q`SR{wFdHm2-*Ly*<5#|> zV*ZA)iydLUMT_oL>M&??!yhZbUcVjo9Cfjd({XkxRS4hIjTs3n+n&c*Qy>YE^%ik#d^lQ7?H# zL2XpGp_eWp#&ERAedXmCw1zpS9O8j=-NoPX-*gJ?u?(Cv1`l1xv<1bb;XWo~uXkX5 z5~C2p)i4#ec`vAGi4-&)>9CwG-(YOW7JXR{b&c5&Q@c$w)E}ZsALq7o)}Q6PTPW_I4%hxL&9Ozgrl+ZW!&OpaS=arb0lOn{-THU{t*;P=Wakt+FlY zPBCVPKd~b;3dT?7uBcHSd7i0yD!@}={%MTsLrIEBzrB%kIS<~Gi1tK=;Lc50aO$$E zvuavq$fA@Pn-kTehclK>VB-{Oyl|Pg$y|C638b2(2MFR+xki;f6MZs@%~4L>|Dnt$ z9AgB3Z-#P%DT0#?t=3DscWGG|we&#SN&=vpi19^nrwkP#a@TURtmiP!Y@KUchs7_Z6c@h^dcR@>Mon{j|thfU;Q9O)X{61t4|sS*@S(I z$-IHu5qJnw9^_3fd^P4^M;>>;g$}amw{WFoj1uSQ1PDYKy}iGR{_y4JclTphq}A5S z(&5h5_KTfG`1R9{u?#=!tE>2Ldt+@`|BJt_uPm?qq1{Cf zFMrx;gnwqJrHtc0$g!+!cisE{(4U$KnuuZB<3*b!iIS}(y+zWX>4*_5pN6T9qNw)N z1_*SPmphBFcdJFB7k@X0+&zXq4mlvZ$0>@5vORyfXX6m+Cg!=rH4w4fBv9lZ(>^8$ zKoX{k2CXO_-Kj85$altm-tkI&l_nE$=5aPObO~lIx-XZz=zCD}0XG3;tFT1Q(A7$=cUtSM z&I2jPCSWvSWzf*{A@zy@nDayMqNv@9j|^Nqh++H!)tY7(2g#p9;S&-qjP)UjOF=)( z3C>|D8vNdFNot~&pENtV*k1+*?bH$I3p*?2r&6DHLL^{ zbyj1tXW7liqH^P|-ZPs+jlKA~iLAEbeZW_&ZK$SDAC9J}F3Vjg$=x7#ErGC6yoqLx zBb$80hwV@sr<8SA3>3Y7Fm-xo?HdYwxwy*7#$n|@V9&N~^qobyOy||HwrOiU7Dq%| z9uG!Y5bjAM)q-Dcuk+qx?G@Hj8r^5={Lwa*D+yUw|2$2}HUq~QG9#-;$PzW(eCsAd9{1Y2?*Y%SEr+7 z(rb{+iW7LylB_bxbe20K5$q?fm!e+sB~jkbnF0>4KzySq;2m^DD&NbjYZ5CEZ5gH_ zZ~&BTsy2eIcz03?D$ZAjR5M?&*{&t`q1s972FjM#N%}42!N)N8X&-i(9M>or34&iC zFOf@fRIx2hj(VBWY3l7T+-gf!&8!~cMbchw6{3D`bjwk>L?j#2*)UbbXrV*6U7lfy zEc*EApLUSD=q#>c1`VWO`pH_0oy)Lh3YDnz?fcun{ee_lhg+*Rx|HhP>JREs|E>DEkA1b*Txaby>CF_j zHwEgeE8mxEpQ&h6zYjm|L+`Z%B#l_cSBhA*)0z06WM~_iV$v=Ea6pg03hKr(mzgx4@h0G{ z$6I%ilDd@~(q@^nU}yk0euK5d@lq(KUaX8%0}8(gY_vrEVr(5o1(T|r%`O=HV%YW) zHo0(N6D|CF=>@Is2j~flTrN_TOF#2tt5Ebqb*R~VQgIeoee~-!HM^rYmNFH_@`npi z0e80Qsm5RyT*M29wwE%a#2iyZY!V`?+87iS4^h+286T)?OiY`SFVh4jPA}N)Fph0# z7~oxQy(zh@C=M4EV$h8hCYNw&37jKzRh;F#Ins@=hzWidfvl#J2_~$n0<)CR63Hi~ z);ZTN8)oOjrmQBX3MTxLD`coXDB4fT|6vn%#E1C^x&0Zt>}10kml$Ez%8bQ{w8WQ8 zax!yPU^M!%z%Vb(jEdb#``IaRTTK>30Z3eGi&$qVc2_{#vwp$|WM;3Y>sc=-r!iAE zETwyj^)zRboV5|^rbl3NOq-~a*iVs(V`+gymv5Pzv3e=lVlmk;fTT(I*pmgQqVhI? zP~y^(*>p4@K9kej<<8cnw$2L_H2Wiq0iqA*x)FvFq7$vmu!}x|g`!(&g5(94VtTrf zQOI#q=xRXzxg^p**H0iT4#O4YqU^QUsq9jRiVdza~ACUwigeb;WfCE#{ z(sl zo=pAawXsSDSe&#!Mp$gClqsxPnZhM!@2ak~FhigzB>pJKMDH8Szy`aNH9#NM)31ZuzG?=W zBpYDfSvcy*37=B57A{paqVHL?C}fNSTDvAPZs$ho&YW5YP>e=}uK9=bD4l{Ayr%I-OAa2GcOWlZ)B8a|%MOU?_1o z1>GuQrV@P8_TmaLbHR;)YL4P1UGeN~6MLI)vXLVhCJ?JE*9M93Mjhj&jBcY8z#xij zkYR{9DrW{azP4Juz~RjPns5(Hs=+zKqi0k);2>qBxu$=@RXv0Wk0?$EPuom@Vj5Yn z5tfwqLyezF96Tq;nsS!iAz$@Omw%*WLPXPP0574JNn$JHKAqs@n@KU>LdFfgqu>$n z8X%;g;x)xPwdbxC^oq|wxS}iSg18DJsFL}DUQnV7tZ1u43^4T^+mhfnHxEjNi#S5g zC6^e$1<;&MGQ2h#5;GZlhlh_FvNz;tLw5kzn2^9RqTn)hR>~tWLyUYz1QojDlTt`7 zprMm^w}*zwY>28MxH*1pBkF(fkGB6a+Akv7whc%+|L6Gm+ABmNyB+9hoN{&EBE(h>O6di$n)WyQKqz@}Q0zHKa zk9-Z!KWXuiuj8unBVYSAfi@Q)`-u7@U&o)Y0?F6$C#ym7b^Ix-kbG^Tg~OM7xef_z z=%=Veg3GW7`t?T_Bf%4)J%VphjwEo)cb^NKSIQ-u)6S81- z`hDyD!l$Vaf;cuBUwvf31)qF>e8~mqZ+@~y))8D+Z^2xULT+wbap6O2SZIndr$|GX zfRw8P+@vtT*Kx5l!0oF7e0@zG^j0*#0>Yf)2R=kpT)ShfY(+?wD()6Z^%ocU|67rl zyWiV7n#WC(?ZaP#MCQgWfoub+NHo8@e{{UHw>K}<{MY5_e_*otujkqUWGdx^`M)+> z{U7tA<-hHN{jKBOgZ-mVJjONhU%P|yUuR{dv%Iplvc7@--z)8vFY@2#`1wBVkKqnM zvygHm?xADGXpG#^SEvWiRCVv3ihVj#JdX8s#JrYlch|4k^CaRhAk?=5lV$3>lLA*~ zRF^c%m_=d8u}I|8mXK>FR@*kxikc`6ayBFTIGVVwP_sl-Wd@AZr0J4UI^Lgb>?2lU z=Umr<$I2vckgGH$Gh$oN$hsQ1%akoHgFNlOOW7TqcsEH}N`845!_Mqvmlcr64iOGH9RVE)b|R?9^8dC{!{^DJcL;6D@5uPj`a-`y z+mELI2YcI#90QaueabPA$Zw!tFHHaO$I}1x)eh4Cwe{sc#A}~&5>-FHbNXMk{}Kzf z()t9K@HO}U>hfCq4{i8oz1?naba4OIHdemqe?QBQi~oYH{@D1h<@M|1zuUv$FltfXqFi12qibhQr=hT5%zH zsU$+ssSzc+prkRibD+MR9guPjnN&&G_i8KtKAB($)mz`!+%0ac74PGFRvUyp(rfD& z@s#vXl*M!z^^p!4$A+605TrRyP0bp1cnb|0AS;_`f z7r#~ZLmhDfu!QkTAuIFRiKN(LhlHNte#b712Q|%D_Q(G^Zx{}hnaQE=5;U7~fFGt_ zu<7h6MzFza@{1cpI`4PDEE4PLSt@iMPo*_8!NDs8W*n(KZu@T|lev+1*61W=sQzk^ zgU*c#gPDYFjvR=!Ko#H8rMDJABKTKKl?ZhCEiA6ZbmxOgYvErvF5Z*}DkdSh#`;0% zjQkM=x_*rs7N5M-#Q*tX5!EU8S4yEx`UG`2$v&Q>NXISBJxRYdqw?kF-|}-U|NjYc zL0psnVWr((0seoZy#lfT$NHcp=q?F)J&j`jw=w;^pb( zY``puRuJOP#NMn@;hQSNqXO$plWejBdUQU^dM>-23Ny87sb_-$X0wxCRSV|VUi@Hj zaxvcd>3C; zSx>eLo!)m`kvL{4$jr8Ai=UZ@hsfT%IolwUVfSKW472FHZXbAK5G301R^cU$edKCW zTQi>bu_78cEe#*zNeXY zAUJ%L1c1;P&b7GI^uq#xLC3I25r(4J&VxbIYPA+V{=h*map=5-ckyN`j(O2$aEZPI z)ZmRU=L36eG6pPpkI;O@2ZY`g8+_1t#&wz#ee?BJ9$IfH)zuDjUF+SXRdhn;6!=IVAdA754{OWM$=By1SB&QrO zSE>S;i>VP8UrvW5r6(-kU=8WTL@3VVY#L4xWC27&r(~MeY$^wj&4w6hkD6o5*POM| zR?LZQBqr8W7@d??AV<>lcw(BIynp}x020`ovcf$|-i@+e42Xo7TGpbmHmU@B4uf4-l%5x&uqIDl7y4|XD$5Mz zbjXoGDSx^oX8>{J_{E$*?{wiyJRY(u#5cY&@gaRSb7At@NE&tvghK z9Q&*&tZi##AY=^NQ}D0$CuvHvm+EkLK2(fSy%&hPskL1t-{^TM`6hDmO^9pyQm6a( zQ>T07gISJhtn^rp*T{3c`L&pi)hbejBx--_#ZLV4aCiUsc4R7wo|#LItSY!rYb#BM z7nn7rCpsr>Yf#zn>@|s|xT!J8sJi0cQep9LOO?gtetEno|nIMYC3@W0vlE zBP@|*@RGa9UJuVk+|l)xv|!&6C9w3s{bKj%>CWEX*8a}HtE2efB{|C84AL}{#r*X& znewc3)&{l8>#9FH;Z^b>epCTy3g)Fc8y`>v+N6Kf&e*@UD*MaN2mD-X|LJ`E7}xoK zZ)~jnp}oAex{e-1Yb#{`S^MJu{aJpr{ipLe>_4B-|103?)$t8C9U^twL&y<4B#Kdv zT@@X_%C-$Zv9zB{x*209(ZD2&p6{$5v;V zQ$jWLNJG&KbAOX>-Z(Y&kxd<3?b>5 F>jBjHM`-C_W`WL34wwALQdYI#Yc zM5N6DmQzWsQ|Zi9D`d5?`(j^{o?=o8GrT< zj&~lK0(Dx`#|S{=#S&ujq}`Rmyi$&noUbCAV@sd;&?Q7mS@NxFiC0INCJE3K<>O{`IvT>1t>`R&!wwpDur>_F zS!GEZsNC#I3Fccy}s&$BzKn%boohgmvobjv>+92o7-IWiIZ`A6DARkj{S5`D(RYnk|j_k@hlN303B*E!7AV}+^P6yfe6)t~jd222t7B6!}r?ODTnjyB;N*4}2bo3&)xuyTfdXcF|I} z0a0+tuurM?-*b(P!*nouhsD#+;=G@x_-oTL3uJDt<{bii2|2?zxO`;pLTx&?f zgD@f=GDDu8rM(ewtCMa=M&-&FTQ9cPSDT#ldyyQWP3c+3`cnmq{n;R$pu|8Y)x9my zYAM5jTRLXf2y;=qN83#*UkCi|6?I5-gEd~lSKD6QsA!=mP&`Ia3A?a`P7;rk z&z*@O@s4=GtR|^DDBJH0{q^!G{2kTMN!kabmSSd88}4AIEM9*jPOkL17Wr>VZH>Uc{p?dPoQi?}SivMWzZ=G^!P#C&_U*ZTp$K&#+AUJR07N zYS=ZflUmTx^jhP@F|Yvr{*3dtlhg+AiE8cT{VlG zVAs5-#wA}*K^4*VEKZ_d#eL=Ms~7<=!jK!_sCqf0NqbqYir!>|1%5#sN24&!4=(qp zrV@=e*(6F)Je1WPF5$Oa%Qx+rM3C^rmH?(@!e-#wEiEvvt<;U~q4>S!aB2i3Vrs?A z=LIQn2}z1!KVuF>fMsln*I>r>h!cHM`e>VAT}+m)5{b#(QG4?07!zf(VG$GV6LX53 z5LG&oW9@1qxpUo1r%7sF zw5{gAM783@qKdc#66P2~4dn^0X>SR3qr^#RQCr$m#yXej$z_F$YI0X#x*~usT8ogN zyNefZzDS1hV`JQ*zv0Y@eDM?|NX%KFVHBYNIA&3W5~mp<3puY{T%y2rseuvoKDZ>yeTEJ z#p`=L>eE#&8b#rG*um`S;ns_1N6q*tNho!?ShIYj00#)K?v@q0a=q)TZYJU2&wZa} z=Zh$9B|6J9Ik)Um#F3O^U^^4BPH@XSMA4WgRjaLcHXgLs?=Opnt-ki4_25NA=@#Lx ztF5(H*4k@p9n)y_J~yHj)oK_Oa)14P+rD0HEqi^y5^9(;VD5X!5tt{Ju8T41=;F4oKj(vR1Me_gjUjzCO-CY zZqJ%YYXXuRaUOiR0_w{zu&FwHLasKxd6?m~ft-j-y>!vL0Sx0%*>@n_9o-Vp<;2rR zm>SuhTyLh84at9HfG_#o|4p~ORMC-Vh=1AWBF7w16N$f3K{sMe`V5R$xMh) zL{1A}#r=lZOfwP)&?gPEV>b=IWCtw6z7_3Y5Mwe1!h*lBQ2!3@=j1#!r5bbhq^Xx^ zc2}eT6kk1!gyCiMGrFgcnN&L}7j#*qjf~(=Yi`8ZWJ0wl$W=r%cEnR+N*f!DSvO#o zl1`QrjeJfNbx2Rc_=+AXvhfmx4Rb`U!DKHdGrnIGN$-@cx`O)h3-IkbJ4^KRS_%_akQM9Gqc`I%=mpi~_TCjEG*_JjE zpIEH>RrppcYQioVPe5xPa9Sfu@dRY}T{zyt8}LSjIa!j}F7+~*;L`eq8ZSycNgFV{@@`nFW@_|S zzS(6$N;hI&OktXw89I8H*qW-Y_+d+!hU|QZ}TZ6Pt!SV09@5;Zu+;G$1Heg?qQ zOE43PxPV%4>S!EwCBwgA%aY>+>?ZqQkR21-jc9ajnj$T1mBM5S`KWT}aVY-4WVgUj zZYz;R!C`ahkJF-`(NV?>k)9(8nzd*TdgVgyc2%}YsfnQPBl=Rh?#q$ehVccK|7%HM zGOfTaI9nU%c3qr3IpbRI2o_8%MxF78ZoRyItQt#J8Jqf!SXSo@ z_!ZXN7Quwh=N^(kFHyJxC%WL`z|K%B=hszWP##@PrRI)IGO4w8$K~(BAae{sdwTHV z#n%3Iytli*b0gCtAc4e?oQSxfUu_ktg7WXJq7M zw|zu(xCb*cHl!zfDdI0e-E3)JGAz4IT%^iNA2SV~*p+4z(ExTfbU9Fbh~KMGAuxu{ ztbEr`BX_P@vrqM=NTAR|;ygu;mAbj)q!Uk*{4MGnOHe4_awmSdbNKAw5K#H)PJFm? z^lI<85{-+RS*rofsMabeYD_}5Goxcpdw$xC7;B6~PLfv1l&BJCnp24pEc5X$eY)-G zli1It-MSw?rzJ$Qp_5h{OymYvluB1c#t;GHpeQ1weNLo7RUavU#rC@*{l;FuIAxfX zOpr?D4XNe@T}NH4>&7-VR8i62&JwwekDlVA`qqo>_nmm<{_^s@hBSB>9hHKHv2&Q( z3Vggr5CCbh-%}zU9BII*K8E?U+k@5nt<~i=Kms!v!_R|3XQQ>ewhnj8RZg)$%Y*h> zt8*XP*bawe@t&LnJ6#>zZ*8osyDm2d?RINpqpiDyK{i$&K$i>O1F#q7%yD(F0+Q1D zvg>bUu(sM-Uf$6Ct#n%LwKdh>+$pwk{FVD^*_{DASYGv3z0vBdz?0~RH;Q)QC5F;I z8I9h?b^7(?)A;!+?EG5%{QG~zuTJ3tnK8HCxc%M~wq^ykW}~CGX1@s{0LX>B}s zpmt`?nwJM_tu@`>{Q+7AI^MptVTjeWo9xTVV71fgJh-o6xcUHQeBbMDrM13s<9%5f zJZQByye`+4TkE(&*X4uO@;WYg_gnD|9s;4HQ&0X&!z+)0E1G(mv8wJ%x<+74BeDPa zi7bH<;E7zM6A7m;J{`SpGGlCt9RGnY7X)+ZH%muk#?9dRB^6t^&w z+5D>G$JP0w;b6TWF;Q@b?%PdNR|M86jf|jBI6vXso_@J<)n%kg=}=g^ zwJ}b-OU>K;LMjUkCV`%3;~u$$sWLc<#=!29N*fybQ%hV43EVf-!nkF|@sDCpoKnDi zfmGE`>`g=2R)@BJ zJP6ZMtjEr|dGb+c>Ix-onKCR<&4~bhZSCckpO5{yM*qM18S?*kHahJ;wA=0V_0CFr zz0L8Tt6%j0pXJBt|5raj{{IJ`KmVt_+g2$$$zL?w2o=yQNi%tR;6 zSb6aidumdRk#oicw8k9iQhreRf{IIn!dA|A+sy_r2C#uJoN%P4ml5XGn<=KKPY z)WlVZ#M+ErmB?+)u?E1ub~Er7LEgJHOLlGi@4wytzr3*=i2vRfVn+EBUW?lbmtR%z!X!I5y)G^gH5ZE3m zyc!6RKxcTU&q-{POYJ_nQljAnW1{+fUucyWH59!;5F>}Bq(8n$PSdH>Yv*pyW)nla z#6Db{AN2kL1x4{Uh&+D-@)Z^N-h}uP^`wYy+6!AWFyw`Rnlj9~hcb5|MwOirws#MA zo*o|@{v02@+}YWVcVE0bJowYji=F-Bc;~0B7ccjAZkRNQ3^b!T))=KVDcNOEV`pu5 zXoQK3=9P%;#prSvBjIE%2$#OehBkSHDEyQ$silI<#b${!%LNR%iEE+Tobg1fM$dF{ zO+?596U63IQqKN4%SY%&_td%;v+sPtL~e{s?T36L7(QzK zHJ+!y=Eg6cD2B-EjZ%d`3eY zbC$ss&ni`z3ijW*e;*4s)v?8FKxfi;G{bt3tD#ZGCb}F614B~#d{S@n(_UL?tu5oi zB~XG|H%iUht&LS|Wi|}=tK8*!yA%Ha^ILAMW1m3Hj?uvZ6)F@BF54e3Q1-LKcyX~i z>W?OmL<9Y=7^|v3=ECE{S--ykYx1hG7^g=-#|um*hf!c|jr_B+hO8H*S=(scf3OCJ z7N{5yhWabCS-`XP`}hp7>j(y2S;gjgyw+OpwCQ<6U{UU`-Dz#Cmpk0pXa_o6fq@=K zhZ<~g`$3_HwN{&-Ne}JS*4pZZd}?vLQ^0YuRTdB(5lu{7KPHpu6`5GOy|`|DR6Pu1 zlQ&zuIA{Y)s$GvYYxf_t?zgYUn$?YV3s&ag&2pgA)z$m0wfooOmuvTHAXdBztKKMX zKe_O9U|QY|;<{Hu*aU1rYvaL2xRZ_Lb=}EIYxTi;34@mL*sizM*4D$Ftaes)C(Ess zjdlnP@l|_urJ@sFr*yK~T3uZ>_!x0|6bcHV8XK3%1Z6IAYC@m=kqFIly)>N_gi0h! z&nDwhp0Y}U#lGH*V@@;lxI-xyH|CO@-G;p-W5q%JZIhJP7=Ot&MD>l# zflGqqSSyYlN!-O}=d^&Pf_%XWyT~xWaG3Y_Dz1xwBsx&L{}q~{`y)+BUPD>7*Qnq>`Wxu=>^PCv|#i; z)3gtVLM1f7bk0IGBELErUEx`-BCtub9ZH-cZgwwU?(A>x?mv&wPwK_ND@wH)d&y%k z6X(&-N5?xaZp`HPY8vCx?#GOgLd)}H*SrK*g*2>-&Ykm)C`&T59(bc-$EYAd3^>0i zWM%LaBA730YHEX(Y(U)dk+W`c7E83t6$?}k67u;=Y+3GRL`Ih` zCPd{#+Snm-0k%J~vZ5*_olrqY4jGxcylJNQNOD@E8!yEHQ$=xYg6HnPoup5xuSzS3NI zT!ly=_!gxD^g~0=9*%ZI2_{JEAzBR=(B*E&A3PwRr>s32!S{4xlHuF@iw)=Z{d2AT z=ii_Ia|KxGKeT~6Us-Oq;eTKBKcDeO+kZYf|7W}XtJ;4$+Wr$T`!u~wprO(iq6ZL5 zPfC(98iY8NnGC+KJd$nGyRhvx_%Vu-q^=0t;6cnUp~60LAi7@!j=B`+|W>jKxw#>ScGYqjJw zAN6O`G=7)#XBDHw1GuccoC4TGisB~pAXu++T>(Jvw;!0SA|~``!rq)ij>@PCw~?qkQeHvfBPy_7v?&N13GJL0in^LhvdnQ0C;T;JZFCIvbiDaxd2Az^OMm zsaO)2B{yi45?`QZ)TF`9@<<@n@RgaPzV-$t8)X0`01s|{{;!q)|Ly)Co#oETD#-t< ztE+1ptJDtbf2@C@|DWSW%l{vp|DnD7tIGfF510SrPpSZDf0zQm)@DfTZZrgRIm4uHH9N%b7L~)4IqI*dlwH zb#mbalRHE z*yZCxN#bYI#nIU!{jHkig@oJ}8PN;nH6uCT`5Q_-f$*!NvnxNlgC-67RitN|oKTHJ zrP5NHWR?W!^;Y}@6U1I#j7Z?a%ATKp(cC(D{(6Mblu3aWcR-f+}Kv1DfV3M5{WYF%Cko zSr2GNW9~kErBbVwa=l?_0Vx&L zoJ4hrU45APQmGr2B9b}`={4iIdQDzaP_=1Qms(pnNJwYtKw-jSHApy44-LNzVD`bA z8;wf+Wx4UPWDqXcp%)}mw<9(2Hl?uVJ1fMuM7r@&b+h6^TqRY1-{@#a{!s~ME_6m+ zkrwZq97cHe$;T%rv_h!L9_q|kYE$g`dD^C8X6WdWA1M(rWK4%xGJ`j?<^WZz^{#=f`YcVaI2k0_V@I@#2l92GZdSLFFNE753rlQrFVDU`mlyd1O7 z>NuyaYA>y*xE#dbpXfjM;;F|u8+^98dV{!1^i4(bUQ6GGuMGg-s6kBhxlAzAnYHoU zyjEZA%xydO@OUA|*BzeRP=I--M)epzHRiIeTNY!d{Th2K^ z(mt8!5Pnq};zK6pABCGuao)u61XN5eDvEn@1y-j#QiSiOL4YBi>`N>l#R3)tXXwT+ zHoDNe0wx<+R}JC?sbMl0^)TDXXq-+&EZGjUHaj7ig^7N1Gjdon8fv=k-E<<1=a_L- z%#5=0PAM#c6Z|>1P^1$^3+WQH!OX{5im4LMq8v^-2#!>#PsjjGJX13_ke%|&bZM6L zu$Bfptl69fkt96Rd!~TRi{s9zHV8&qmbu9f4!Vp2e9z|%y0icbTp6Sdc#69z{*QtS z6mT+6hhYOct+l|#3!eG0nzHgw6y*KqWQs`rv?{ejf+i{zmz|K z9fn>FHZLrlX2YfY0(fAvZgdkS1kR^DWbRL~s6cA!amWb)lwUCLTOdJ_s0XTR4(&m~ z5(c*0YGS*DPN6`RmU=MEIqU|8fx1XhdI|ubBb-ZxDww$U)q+Mkl`xN-JgEgu5&=N2 ztqMeye97U?-p-ej9F^!j|gYgm;UwpI4Zlw6SmUb^j@iN92$m>md zewN|Cap4DEKl&?%Bbdg2t!njOb=366_u7p{s0oewU)aJQIM{A+7`s75^&1?RS}!bO zi0;=5)capCG0b1%g(t)XVKJVC_^ks_&n=~A7*T^QNV$#v%!}#S85&e6!KOg~qOGNKk`8lHR-?J^in%*QS^2U6 zl7C+76|O9&meVWwK$Ee*7$K3 zcE&1qu6H}a!Ag@JR~)54JmECzq}VzeEg?P_CDnY@botD3p3o8r0TOujh(dkxUebwG8C&^^O!gz{fe zJc_z-nTZXgBDi_D>b$G?KQD8_r@7ugHgf_t@iHg4>$13VxH?t$3*tI}P<}{I#sMC- znfiJll@Ddmz=tsKL--$1ak3haG>s+b44-QmdSX*1my7iO95H2D8;wfaQ^x;N@m@WcsS#-}r9c(mU)wk0_wb|r zf1Vz^{CRi(`6nM^zW>kaN@orIe^%Byoz;zvwY5Jiw^xCS`QrccIev;V5&k^ie-%I9 z+21+b+KXSlda}3sG=~4}>>urvL@4?Blkw7N#{b`Jn8xh~586=_I|rfq(*``e|DZ{) z;%Asb^=Nc9r5NXDXo%xz&v*+MdGD1AK|q;Ft_% zIeQ=htJxcM$^0h{rARxe49e7)L5W8tg;fP`=;tNedIK~RO7Mkr&-vX3SoJkG;2<+% zid7;+ia{-Ga+zGAFXIF#CWtB{qQsOeU*ZOkrelmM6<#q_5t)~!{Unc@e*AKF3PVSG zvO2Q)O>Mc4^I3v1;IKJ3R6K7ed>5HHFD_Eileeguo1{X|WjW}IirY=z#aKdpnzMhg zDI4NXEjClb2>Xn=dxDSLPaf(-4t2iG6$Hf>#7d~9FvaBsMpq;=kYy*7@d1znlL4}X zNzkhwp<@|;R)wbC;<|Xt(PbVPVDF*h%p|T@7$$zfG7612{&_Sr0ooXSOmiW~%Y;!M zKN=Bg{fH`Y?A^tmaHR&2n&uurwgbBhLbcw&<=p%|{ zo<_Q&bv9L>VjDqJ4;e>X%8pcuG)wGc$VEnQz6S1_Qbba^qws6fZ_gxspcwL;C)UP#<(9*?N2F@QPESb7l$ZNfH4k`CFSUonp+5 z&m^~^619186gbg&pS+)e1f~2drsPO`#X*cO2$nS`A5lL4BbvOKeh%3~K?Jufe9?VaYKf z+o;E*S#S08k(kn`S}jq}Z*#L0<01zOVuYvDXb@fyE@HvQ+{~_aYi_qu zR_EO{96V6GVvOAgg&|a+Q>Ku9&Ub;tMIyg&nMOh_a*aVSUD-02%%wpNb_11rp5!}m z^T$$fyd+&6!KIm_Y0w>_;v|4HlXsKYp-f+qTu0wRgYk_0Mj2h6WmFlqNrPze#NsB& z(OfTlh_J*s7+SsDjpJl0Zc9I=uHNUnQN{&xd&y9WOW@QjI*d3QZo)vf7bh-4mo7Hx zXLu0H&NNYEWWBUWp@HYfbOZmwHIxF!jTzI4Xks#VuDV3XLlCFDbZ{GX`)MLG1Q5uA zTofRW$?l^DwZ0W@gYtxti-BvG5VL0EU&pxr_T+LT>5xM+a|yT}qh_J$$d}-H#Mss~ zVN=KfR`7rGdFkVw!xu-CQ0D2u{`M}VP>G)%9L6GwHRJ8wqvONfC$I38WS-gHeYX3Q z(yic-%PsbK53o&wn*@1`KOvrm5{KA?hq#A%lpvh&A{Mo&xX?HnbiuJJd2%JZFD4*j zS0W)Iy~sK6Ge8X^9p*K}!m;p@=eGdtbqY{yM#R9_>C+vd)_}8@c;|S5mcnIuE-353q7H8Bp7TwMX|HQwC?wQ3(7< zBonYg2CjgViwb{oLx1f>Eyb2izL-87)LC+lAgg~5WD=+XR;g>+55y{z4ZHnWPuXh7 z0bE{l`EA^pctMZ8fNUtG{gY!t^e*Z3#Q8hP;{~`#&=k6bmA{!=7&!-x%0uEU(s;5& zj$3Bz5OmmNdP^+YY>L(`qR=_?ZcqiCXGUj{4w`!D$RQJ0W_wJ9z@oWSeG)0gokB#i zGaAs^fr+MOQ@S4G5~4+BskX>YNl=8LEZZSubT-`*XHH@2d^KGt~8r)vZX(JCUC4bNcJp-=H<_xnE0D@+m zb!TFR!?QSM!Vb6#PsVuA;kLnKdz?6cCaGIR?xYFjkwtX-NjBh!2Ezty#&6Sfj7Ne> zwlJ#~@n^ZYzK|I*iA*ge99kn_a+*^(kz`P^T}P~PeU~a(QE>%6=*UB6d}Rrnj1whT z9n*#an%1yYc9&S}Ax>798X&b7S2;TI2wwAHHnJO!#N6JM^pXhED4EZg0kpi5V#e?W zes837!$A|~bR6agvqwGhswQECF%(lMTf~$NTFmH@9Po52NpaKG5~9T@JSEcZ6G9>I zao{RBlEt+nvJ3|Bl16`eGkM8F9}rx(ug$k`OT09yhqtPzj5 zpq%&_Ct_|l0w=+{=hWqv0`(;Rf(qbLD`6E*OYNcWNCg`rXZJe%4Nq5{t4$v{B`z9z~;@+MOl zo0wDIDN*rGA-byhO}VqU4{KHx^Dz%#cwrL=AX{$=1=28v$DGk+ z!Kx8-wIUZQTGk{zPbNJ|R)hS^1)ONSrCCvS3?DX?8DVd0tC64?3wKiBohQpm0cf`=e$`Dq6iGKx`W{nf%0(zzC%+1F5!gz88cl$k>!W7F zNK<)`6M!|VJf%&zsZmpZevVKw-HOP=>!92cfsUdgt3~wD#LiVQA`Px{`)<_7#I=A8 zi47uQlJ3^Wtgj?pSHRb>pdish20Gsvr1`MP`^y~ zpde>t?lvUy$TZ8Tu-wV6>8IfbE(PY20!G-+Cf zth}9ZK`-->Y)g6bww99$J+_N8*yHpWU zEwc7p=4sv_zWNI`sfr~diz4+QVJ<_aXTrsZS(mi~XQWCTswBfDZHLh!;H8J(+xcl$ z>-xh>>$Uu8VzCaTa)8T3f`pH-ZYk4*Q-;29E}pUM%n=nhM`k$*CP|);x|z|3 z!4W`jQsd!DSpmF%(p3$+31ds^#so_onJC5S2MnmFG>%2mo zv8h}q#W+U8hO97>;1fImrUb7LUVr^4C;?PwLz850>V}GhYft2aX5vMrphr2si`;@A z(VL51kCliRQ7LU9XYeQSNp5;W%@wDDhD}s20aA>o5wSRz85gIm8oqjTB%f$vVie?h z!ZW-DOdTV${H&IhOxNQ?oy6;VbGLD(3;|m6GJv} zjyQH=baH5y60V~VnF)Y6h&C^b-JEemz__1bsuJ3|HQqWS-Dz19F>*XDh+uh!DoL9K z4KYVNFNoIK?%5a}@AdY3o~cO*rACC~_%v4+?w*%ZE$qlNh0FLiW0g>@*V} z)qZkm4f!G`me*rSDFLyEV&)7~sDgdz{;fUA6dW)?n6kEgm$vjT~niWsAe?#E_3G$0p6`i>U{0m}ZER&t zp{+sy2(JMY7i8dSMgB<=XBB3WK(NIU)woaY1d2gPQDa(1K_J^`#k*&Guah20bJFB7kD`QAHa|zeh~kBlnnq``pT>HC>KaTcEcQ21HYFl%=d(0#G$VzD z#0wJ~2@w!?>L&99I*8M(fbk=S1f*p%u%pxsb4{buAEuxcM&AxmI3rS}hR-ry7pVHA zIvwU_tp3)eZshcro<@Hp%y^CtJZG4+7bCfnValc=HebLUaxQG8qxz9H+9!l^Gs@{z z#9Z%)JaR_Xye0+~j(g}|vC`iD1yUq26|fFoB2gZaE5!K|kpX69z)R66*;MpU`kpf- z+u;lVMV{cLWwk*ZIa)n^X5o~{r=*X{DE|X8(ku(3Q{9jcWlBsQU%k|YE#4A$vq^V0 z$cbt*g*#39j)bSWd*zcFu};!hQ%oaelqmSHiZA7mQ7F>GqWyH&)3`}3rjW`Fc4j8` zGyTP`{3+HTW91oX>x|EysOng6fMt=`78H>#n_F)BgPWvrIj&C4(AfCI zsRkE)K9L@$;*sg(Yj2B9Xq{27MmA3!U-4sh&M??NCWU;LGPP1Q$#FWucueb^!^vSW zA1qNF8OBQDmuSGBkOdMQ{Yq0xdy&C*4i99Jgp<`WJs%BO-<=cTB(D}-|1kk(i9XsC z9V#czBV#Z5Q!VvIL*4+4nCX#|DS2ICI46F9%phIwp02>o)yz+Yx$-30`NVol2pN={ zkO}d{C?lTmxNvGTnv!=MP83H$Pr{pT>6rjR(d}l*A&cP%5%1qKZTQ(<^7z(o(vlJhR+L$&m<& zA_-o(H;=LuKmxYpPZ7cm{SOKGx`W-|3Z^@0Uh znZwE62OtSV4iHQ^X1NSNIsSHsY?~y})G6IfugHmaDk#Jd(Yya873yAmiMs_%D{y#kJ`^=0zPiggCmfje~~D`sviC zK0j?d#EgB=OlmYSE(6|BW`muN9->1OK!?)WojHSna1{bU!9;dt9au(&%{QN*Xd0eP zC^&=tmX=$FcQoFp>U0pRP;x#YM>rz#Lk3p}+=uim61mipI2B;NGMy*oi# zI7530SZkyvbJsw=FkIDn-K1a+tV9QgERX0quqwvf`aVm*2Hs%=ca!G;P`>Bpg3jaT zqohx#o6g?koy}fOTmg`r89Vl3>1nG2phqUu#|xn0o<@U_N-L2_;s?wPE!T+sgj4#0 zfO<_J)c!&I|+1rWt zwtmFA$3H#Yd3hZF`2Eg)bb#IexC`?+I^Mz$cK72S4|l2BBX)?cxre*Yzdw$@KiJ#e zIVAtxB^aGPj9+dY9`EiPMOgQGciUgo!qyQ?dm;XD_xSsRSI2hpxVWwTpW`2P_qUtz z&MtMd^V7@2og-L(1by$mfEn+=%iaB_d#|?1HTVhiuzzq2aDtV=JdY0uG^VZT9VP?) zM=y2`v6A=k)|1`6T^JI5iJ$Er@52z}alFMdfBI@~3l{O}@a4hL4(fCegwP29{BZZ^ zhj{BK62Sh?t1a7+s+5guDQqMzH~#tH6<#H=LmAr8FS-^0}&?)=XySWf^Gu#c_hhdTsJweQi7yD&KJP;v8{^a;FhoBuPQ(LwxT z>t}Y={#noirfGe-eXIbaaM-!^L-#KbV771u*aW8LT z$@QnZ_zS!T)Pud=W2nF>`kz<0i|{}?iML=oacPK$vSoM%5!dz&j=J=Gn?$<$=J_w8g>c|#U?xd?c8H9txsPyN9DpTOw9-$WX~DRsF%9$OWi0l z+O04Ew8d8BwF`9qnF^c@cg7`-o9tBrl8?FYkuaG{f78Zkh($3qWwxE;CvfE0Me*(i z;NIZsK1vBssE0XV<^XgG{6&E*m!+cuUgNd%xA5Fa=ItNa(AZ0tt(^{*n<)5F`qvxr z$~G+k{Cs$301RP4_a;;)Xm1kKxG@nXCj<`8q_T(T)HWFnVND!GIHn5KS)Wy;o@0mS z$J#U$(uAKR2+E0d{q1LOnVv@ECz(x|K5;4Qq302cNma!0>iH13@pmi+7!+TB&@7y2 zJkYU!noD1E-b31zttUqZd%%(G{j9m^O~ML62u@4&R|on8gk%qMzTswmGza^&V6X|+^q2YG%k{_F|5Ta5c~ZIH7SeS>JqQ5ipv zu138p%*#h7oy>rzS9TzFBXSd<6M{U75Mdb{I{K@^^Ka3RMy`c$8gq^U&SPYA;n{gYswMo{egeJ(g@QWtq_{cL8 z3HB#U9mg8r3i@ajGGbwJ$`HgKy}zUeiB#~c%~N2_aT8675;W#cMrg}MVskoyPpmd4 zGH&D)$4ND3=(Zv=CC>yaZQvaAh)M&WTlbYnIyc%TCJL9vo76;t_kg7{aW>`r7*RMs zMp+5^Yv;=Ozxbo`Kke>=5Vp7X$;Y^+{%5DXy!MB7XJuuz(^*?z-oX4%%WGfizkimW zTCFDAjzYRA1}Cnh4mVl=q}KUASlqDzW>eKjil4chelAQpQk7Nk3Y^(G0xe2={R089)G|&Rw6SdwqP3bou7DFIz(SH#`a6#YR)9bK}RV`tZ3Hcjxau(YLFK3VFI zfW^b4;t2aEwh9AFv@}CxdZ~f|Z`Sia@4ocFOge*d*&0_;4$}uye=lGzCRx4@h9yFM zoEuhsH9l6S0%F98W{i7;V}*BFs)q%7;kqyg6r6e#p03;dGjhqLDqg=f5&QDCa1~0e02(U>MWKP^&b;*x{_ka zHtWZ{9=4OgFh0Tn46b8q`!ejsa_fF;wL!N=VK`kGCb4lQv?~2hm$0N^pKc!>yr8*V zBom4NWV`d9vwU=xH{+-M(P-RsS;|eFZu6kiYPX`Nhg&cF%HJBYUF)uR%3zjgD^8!~ zN=BU~COn>u&1p|=(d2zLmmo8a^J`tFnWTc1dLA>KK19cfQ~--f-NVcQ;@`UQCdr^2Kj`t z8o1%qX?c!8s|d3RAW!aM-m*yqK*yTCtpD$JXOpCR#eB7oy`_UlT1B|wSAc6$8IUVjh{ckR*b1}u+`fA2d(?<_ysj2R1UX`S2xWZ2E`7bx)?cr*)|Tzp8uD>_y|uPp`g*mazg}*wYy`e;lSfZ` zwfyyc_4R6NbyYs59q7bIHrEA z*RaxB_MnfAVI}vM!&|UsJ6l_8ZFEWid7wL6q0Uw|%+u1AxZZGUH%h&&tf=1B)>{wm zhd0Od(_U+>s!g78KOMbIYp^#Ry-zFgArKS*U|^5rjfB~aF>-7&^lN%AoMk|cmIgp5 z7fGKFdq)X3&f*4GOAvgYrL;7og?)u}+5 z6}8VBt+jSxf7V(LbbqVZ7?5YV)maInO~=h|4e)oZ)SpKZI?^8;{|908QT?p~l07J` z_x^IAzqXJvM572#dj(DY-Y`Pc>er^rb~bT&-#1WkQzFhDfo!*y?}s-T$m?pEysqn= z1>(Hgt{~1Ut&Jj{bqqaqV~6NS8za&l1ZcDVc-4^V2Jgb>rp*coiclBa11xN1W@WXtT&95c*Gfdb4WO$yV0uoSGLiT0Od!jh(5ALkHwCI}sQbF!pa-oD zZ-;)rRCx}rI6?&nX1$2>Yvypu&e+2{=NiY`d8L3Z>t$-!>7bVMnoE46)h^R^j{+Fl zxfZ7F{#9P)2*Q*d?x+Wj5_ejaa_kFS3f5rw z{c4Q52QXl$SBkO`ELz`U6&&y~vRGxl1wLN(K3=JS*vd-lei>vP4em9Ooeao+ztmYa zuef_G>R1efs($VZ)8+Sb-|xqAby4R= zoNVVe#L1RPPiv!0J=Q!|7Ue= zy|eO%<@WkA{1dNzvKh?z`JLPU=IlQ@SdJ!XtNXEITx0)TUWRwL|M0WCvX1rtHr7|y zzu132$IsH;D89=@YB9}#^`236IGwk55?^GTtiTCp6LQrYVm|J>UiHqHdv?z0-A3G5 zZm%@)zpMD}C4&_Bq}e%|z`he0|F?Ay8%@qzv$v0>ua62x!47Pps@q4S;OB*alv@U) zG_i}(c+>8AV<^yK3J9wK^-F1*=rmf|13 z;Nq6<#&2;#lwXs9xP*a9bV+j+5KcS6^93>rzyd^22l@ojE3MPPrNP;sH9f(zU1u0B zA&WA}r#u)t>?A!q2={9?v5WF^zwRAy>ew{++bA2>3+I3T)!v>N3;qMtpOV#`^=J8o zHy~A)r&BJ2*Yk!67o=0z;?L0yEzpt+^7Z;DwZduBM<+B;-4O%3Zme!-R~_h(`hW|$ zp3z~AGZ4qs$&Ryo_Zql$1?Ut=)$8mHf#?<;5fsba+zOP^e~e^p!1V-ukn;BoS5y73 z@{?;}tEp%hz;k;4KtQV-;6s7zcX49?FPY6*Dz9opC)Rw-vVg{6hP67?0pQwu#{n2W z2m@Ak6*{fz!Y!Xw_0nH`ap8Its-rCHEuWh*V$ErMJ!Vy7)Vyv#2BkjH0j}ul21uq! z{$#ePN3RlKNKEV?XWj zwF!+pRts)OxFaLQHev?+6Q6mi6MJOmNb-FBj^Bo-(bR00n;MKcodHL8r^uB3@+G|E z|M1To{hy1aI$`nXL&vx-{&Trq(EoMXtIO>#`oGWd^L2JM1Y#S%+BdPECm0HH^1YRO z%WuBu48Q0MzvvAAy*k4Z@nzki*2fg(Tm5b}#V;jA}FyCIk5i?JoRbp2L2nSUhPu89*PjI05sx<_5@dRnl zBLfI}oVE^(xbf`ceFKr1G zguT~=qxeRE8{dgLYipaKCU9EY*sMn@|iSNrEjUqnt~We~kP;dgxFTX$wF zub^bZ?TkpX$wQ!Ld(T%m@K~5)t~3-rJfUxjBjEt_;)E3uBsB4Zn~n%PN^yb4``ZAW zmw>{b`7OL|x7@6kyRq{Gk7YGjJ#gjRfm%+^JZ0gz*Y)kdna_u3UI6ILMhbvYEysfg ze{hkYw_9Q=n7>Q!-DOcu89*A zOtT@~2X*?!u2A}54N4;b0Sdj&y6l0-r>m|$@xG@&{D6x=GCYSb%!Iv(d;f8tahq{6 zy+C24ZuUN#oS?TQPBI8f%9e@OQKn!^9)`TdrOj9GPO$L_24?fxigX5qpcHlzRmd7j z0kp?$qQC3@-jM#Ouu%CNj_X30#4wkTuNtK)oBwh@a!1nU~<{VUnvpO+4&Ud0#(icA!s%gTW zY+4kkRpAW(ZmybAfDh{eu??fNn;~~ zgUKaTy(0l2(1!wmD(dFQTNP#VNt>o^H^Tx!f!abgjH}Qa4rmr|lN4SV z`yQSl)k?avXeGelKNUP!I#dur--Eg*8%@%`i}#ZgJ@2AGW&uRH5&BXa-dQ;Al9Y{8 z5TAt?qjyro*%-<~3KCMnV7)@E_-Tn}0wa}Hxd3w6@RAoh$6Hu2oQ=VRaTxTjbZU!Q zCD4e!qa$0dhkGCscmp@BBXrT%;`y8iJvC>IH-meh*E#j=-wM)u&izE&%kukw$II`( zdCz>dpr%@lpK_H!xoX*3^vKio26#D&#RX*PU&eaa~3% zfC76Mq=NyVa$Q42DGBe*1CK`C#VX9jLA-`lI4*3qoUff>KI2;8ll0p>PKRg&W1k{p z+$o4Xt9S+d5nVf4zT1$5<+42@RmL}|#XdE67R z!*y-Xj_zjO(b2s<@@DC@8BF17H6nHBl2*6mui>2%<04Z4kKVd_Ztd=3@{q;H2-jGV z>Y}EVRF0@u$0wDyn8-#}4=TEfLSJ-!DXm12h>Ld9IK+v?1MQ&p6?(N%Z5d$>5S0qy z-~8qp;g0CRqu7_Fh%-{N@KmlP{gvhWm3GK+7)?88K4SBGWllMAJhWV@elJGMB{-tH zk!Zn9n>U*=gE%%V=-z699YKsMYOR&Zj!(DU-P zMAV33Eu!s0L!S?%aKzFBI>osjL^e@h%M%TLzaQqT`J&J8=qtDtl#~L0p$_8h3-^*T zbENMvZ4}EYX1kPn33xj`FIJD>_ZiS7`1@+6SA1iY4VtO;Taa^*3Zw-#aCiHJSVGkn zkt&FU(4_Rx;3D(ZHA|l4VUbs4szW<6pYUipqhCtDn&~xyXNa|ReqKU&p5g@1);_iF zByQ`lSpASU5CbY$rpAplBi-n<$NoVlex-D}*??B;xALIB()%eLA_n@pFm-s^abu?7Iz-e~ykl%12@z|=aonh*4iq1hH% zz|D*rg{ycxf;-;SeFM5TTr9SvMX19`55IDVOpusJp$;5o=e<-y2mui_j>(w2z z5;VFfz6N@8LMcB-cCA@rmgF7$=?rj9BiS!IJIoya1#7RA8x5 ztk)3V^5PioS}EuQ0Y3n2Y|#z`q5v)A3!F<34%1XB8)6K}^g8}b=@K*}70}q=0+}ff zXpuC~9PeQk_u4`U55M_CE<1Y@;*NT+yO_9JU!(4o($y%P!`n0+$J0py7YDj{l>t@( zC};ntZnPf*5G0_0S0Xc&-A(SfNjTi|u5pDS_ncG^YK*sVEs7kbv&Em6U-u)?e65Q? zboQOLqKWkoLVJvpL*SJg107nY)}zII8b)5mRO2o0VR3HnAz5IUO#fTeLtm6YB_)tT z2rK1_Dy>4x5dX1Su@gTm2)`e$WTLGdlfb3sSgCCKzob#(0}0>yr?sdA^4}`W&yVDH zTH!M{9cl7qPD;rI>8#g`Wm(=D)$&yyPrF*xR-NUeOIQzj#ikhN2-K2z4xW|qeUq7l zZX%=}_A*jrgZ78ns@?5+@k*i0b5Tv=EfpD3ofclxhbKhv$g9K>K4=&o_jv2c-cJ1v z_tH=b_K;7Oo5S7tMg-sinii8BFCpK^V9ofB2^<65Z?J^MEEHGbF!#cZxhTsK@hv7X zdUAPiGnV%T$$NOpCWH55@3!!6>T2doAxGEAaVevwh{sexnb5eOPSb*LhqmuUBi~U! zSx->Nje-=-Q;um(n5YIcuT{93zp4_k)h!mjrfadoeT*2e=*}?jrQM7;d5+a32?5S! zlH=Wtzol@}>1+B(@)33~Mj7gE$+Kh9zrxK-Fct#N%w>YP_t?J<#e|${p|dL2a)H>Z zvJ@_fK)^-LNpFX0JJZ^H%{8bKg97ZTLOK0xkO03Jq|=1%V|NKt2Ty6Q#&bzrn402cpr9UQCKosWQJ%Sdj)@P2GRGACn={ zd|{#@lCv{(q4g`;!$$vzJPSo#AY)BzCC?n2N&xQw_O^?)<>?^UnO4ox0N^w=+m@c4 zW!((KF&=<-2}6G;fIL{k2ayZF2?V1zG6SEDfU~)j(^jjY%|km%tDVEc>?*=@^8)#x zm7?@qcuw*&wkID^Sk9Hm&Aa=1yZbvQFSdR{+q@wb!vg=V#$r4LOrh<-P#idihG-u? z-#Nyub=o?aP350$_KoPpD$nT9G?uHozD?+x-b#<9exC}c=_G>G@zBmTC8beHM3Ncl!XmrE9|AT_P; z9+f`Q3OuEj(K{P<2`GGM7bHl^SO&-xUm>{gZOkdotH6*<7uB>M9?m;qZ|T=244E%DUG0P%^Cp=!g}GGMGh z*X?RFXRk(LW+?bNxiryisxm&b3N76`e@D%RhW2x3|M>9dI$J62o(8s*r)0NLxy5n+ z4UfiFACrI1#pnv+H5aojSUhB|?CEAm?YG)H*ndv{IjWb=5q={&Di8Zvv!N^~zmIdg z#V6J(Dp;!U&Z`yomD$1w+a+mJY!XgpR8qV0^E8QbJP!>MTV;NE6!)BjoehC|r~Ip! z%^f-UN9K#g$MnEzd#&5(qu9o8Nz=yWHDM@P6_AU5*T&~zZjarglb1(3ueJ~BG-v~# z(Qk{7C!^6+yd&r6fW?9>d~41c)nHJL^Ji65O-u9FE1d0MT4$paC*^&V{o*VKgdG>D zvoaez;Xt>7P%NUdrv9fXN>dm~PNuySk*#SMh-|nBNQ`xVxg%2kndAwmWWLOmN`%-K zlGH}nAr?uE#}rCVj9NZ*a(Zq#j;bkn^P%~{a#C_9%cUHN)4gbI4Jx~)DW|bg(eapn zV3=M?ONvtWOnt1PLXG3xpuYS`-?^Fslqthg6RjGga`Ajs$ufjnE4pAemMMzB$!)>` zhBOr%ZBys62{As1;PRSKjU2#{v&S!cxk)!;DGKtYN)3}q!V9)@49#ht=FBx1%bist zJY+6xoMecXmZ`XaotuX?VK&lgRp+t|#u-ILO~R2Q_^RkK-Bddi=;TfwaLC7m%wNS* zCtZ7oP6;kY$uOH}9iCivGwOM(bn9Emx?qv1ngNR1!0+WaRRSRZ*;c4=)qj57X^jkJO3Rh6>{?2_K3+}owkkpJlh^n9y97fes+mNA8ONp|9#-N>e&bo_9^yY7|Ad%{n~mkh#f-V11j>E?nm>4>)PT93m70$XWF0efmyLj1(C+^6(aB0(_g3zjE_c?Nxfy)m z1Ux;Fzaap5FCr808n}fkc?n#Wm6};#7B!CHH|)Zm9d12;v9o`C^5o~^og?TKW#Crc zGNUoON~M^4>HCUrclWnEt$u&)Lbi66N)P6x0`3m2&27s_Jv;)YCRd>4SlvGmFnBs`MmQH@q zl0&hL6CN;-{lpYotAL>d)1wyy_KbWbhmO07tk}?~OuRGa=S|A5-OF06G%i48Xcbn| zQUMr0hSbNgYAmI%f-^Ge3Q^f`ac57qzXndkoLJ~cd25C}4WOic+D;n5s5^WL5;!rT zDOWGXqO7AbDxdb}g7a?<%wDD$(R4AKl(q|T*49UOWHZK~u1BcGAFJG7AJS}UOg-;Z zy4o&^(S#D?r^9pL7aplAlXfJ0Xr#(5LD$T&8P`qWwZd0ubAjpKt#-<7Xs6gi53&qW z)~|j;6Jja}xFvIzn>VZ6Ynm@NHrsBN`-yj+rg`1Ydo-$=rLhNUGb#m97V%vBx>Out zGCaZ&so$|3^XaJ7@Azv)UjolWWw*855H{VuwEZ@_-J|&rVM#hY$~1+&3wi!*Ol@3}5XJ?KN%@z$7m*K&6!aH(*pv&|MLz=1*Lu zo}LDWgej@F)R^s&rB*6B+nM6xyRkWf3>@P z1UEAGj2E!!`#jwFx$S+x#&AJxbmZ_F3gW`!H}Su`Nep-+Gvk^P{)$^>ZYs{f=AiJO80`gT<1(9eFY4j$#WxLoeJwDycMngFe}1|1P+YFemZK5BfR5G| zz-%+LapC$FrRR6zaQYTl4gHwJT0UCi>?^PuzLES2(!V5qG$>m_TKqswfxivTgO=PP z{rn^2kbtVi6YExzwV0r|_m+C$OG8)Xoliq+4hQ7@K=!|on84r2y{et;-()NM*Y0Jg zn-AK|e&ufN&DqZWt@pEkgAMKfmUr~o?%qytM{qliO{l>_TuS4|kpy zH`3iM*Y05Dkaz8nH`%Z%kY~hZ*G@JjS}H=iZPQ`YJNoO|VYkt`WMe$42g-}Xo6xHkT>qQOn^Js&5N+(g0Kl?a39 ze!o}P+QONrl@7(x&oB0N_kReUi~MTP&xUWqXJZ^cq6L`)B8}%Cl8PP~eaE4bGOj)< zhcbx1fxK4SH#%l`4p;01a2~@Z zS2Z0WhFRI05{Ba<%s5SrAVC2&ye}dohZfY>^j7~m)CMzweEXN>Z#T=trO>iSx#J?1 zKH2+Wd*@G#q*!v%fBW?NL;JSKcBSts(bw@^>AP$Au5vG*6lHPtp9x(HyD*`(Yv>0r z&SwV(_C@k>@brhBWBbw#uwTRYmHzh`&%z| zPWE>8VHRuaffb3=i`kV_3f<-RXX>X>`5B=le(QP0sL$toN~-A({1zmG!i>?zP-^}P z6Z-_(b{YiGXV#H1KI9QcZBgi9_al8TP#ySz~=^_(~3zp#i@ z)7x}yw@4yx+3EJRom!H8%buTwdKNVB`nzd|^kt}1g+I5SsQNh6x5d3%PS<`H>XcEI zvN+wUQ~vJS9V5)X?RNcCv0Z*=H{L5rSyX+vZrP>zEY#(TAD-=PJwJkbBEz&)J^arZ z{^vdZhb;C@V3#hFt6cuT?rj|7iHT!uqIb?{B8jg|jA=8Lg6wd%aftX|^f~<6lhk(q z!sloB$BO(x!{CF}hH0+G#}{kVvOEWTw{Aaj^TFpE())Y-dUt?)z+o!nS#*x&(QT?>_x$wz}g;ymw{Ho1}_Dr{|a6VN&^+( zV**4R6|e!4m5#onyBM3GjRXWB^9j4GtM5VpQKS<{5S*Vj9h|i)@}(0hK54-H5C4U0 z|Nm8V*ogng$8v6~_+eZ%qxti|Db(s;$t0?}xMnTTq!Z?Jm)gkeCV!!oPZ z$8E2hhVAc~^+<0G69c$QQkNlb;~evK;iH@)oF%L|(FnvC!e2;K^RR?1;_yRKHfbah z2_T5V0u3p<;oR4gMw#)i!&BrE+v~yI;Ey>WCw?FN{EmnZ!5&`xKz-D=Kxn7&eIKqy zz4RomZ#Cqql|mx-Vt~8c7*D0j#!81y*Pospi8fo{Opcp2*2;SolyrYM`IA{^J%JM& zS|cu!Z?}7f38>dk32q%q_AGNdo+QH@wMy}6I=xKOAx&>!WN$kwdJ>!s&4R$>;L3el z>nUB2zS}ByQz2k`p$q_8=z9yKRLgSXNEG8E@%F`)tx zW`)c>bI|}5K4BE_1F}N5#&&S?RgWLE@uu7Grt986WW!DG#m(0J{<}8Xt}L+0dS2IU za4!U*4d)CffkD0KesLIS62K%pGJOQ~npiem3J2*Zh8h5(w^-7`Nfv^s-s>VcyE-d?598bZ&uYutNyDsyS>3oW~GhJPX@_( z)(zko%FP_51Bcc|7GR2G`d4goLRh+(b`%`|?k<(O^1NLAS1!=4i~>dgM>m7=TkT_7 zd`H^j!1LiqDle3<6M*oy(Ior^Ac1fE-LBOrsi5(JR#-uv!Y8ww&{{n=!6G*7TD>#3 ze07UbG?o9l7-bh|QW5;ET9`l;{a%raLZC(k*?`BTUG^P*3-1bOfdO8yQ^_Euc)-y3 zr2r#u9oJ{eh1lSZG&$19HI_Jl74#Y9s3!W>I%h05=arZYp=fbuO+1)v`lKy|@ zQVLJ$$W`EX!6EiPa((Rk3d^gNH}L<^0xNg5yzG!0_5MuvQmnpu3)Q>hZDXth_C-)fU7{W$|E}u&^~m^t3Hw3%r}L$LEcIZ zxaKlf;9kthnSi@+EhAgQC!z5Q7j}*BzH2Y`T0h({bQRWYj9aOBkpk8zUbH-Xsa-$Z zu!x~GiYE>%r`WC^ZdhbUYw#e{U#VT68V0!q$xF{_nM!n#zbi3Z-d7wn{{o*Y^Wby> z$C+4We~JJ496u)hi;XAWJLReT%_?E3kMtR`1KW_WFY#bs;=z80@nAx9{YbE)M`*2J z^R#aYUugHxYR}Qiao8qVGTgEiF?ml_2TcH#D(J`7R6;a^Wn3E4^B^r%(X6#Q_o-_- zXw*>`K;TuR!b9>O zru-J>0mSCCcKcS?L&Z|rf?ffx@g4cs=d;0PpxP94Jxt&GHV;!i`k%q}#p+ZwVb^m1 zPcF;s_lRI94hHwkS@vE-ik}n~i(kN}>0}sJl-v&1+QuXaa7DTs^61q|j3e>;nufXw z*F=I2)u-heV(z`m5y&OUO_2@Tpj-vUe^so`Vc&X+230|$8LH}{dsGvVM3;U-#LC5~ zQcbr3QD8$IR5D?EV2#PB61QK2DVJ;Z-lJ>ZoINW50r2xWa zg7-~U7|Df!X*q2EkgCdSFgcSnvk0O<9XzQ{hj6&2lv}yWDzu;1S;g#vWs)kI1xnde zv@9P2QoR+9kJ1UbVV@ivZton%?pOVO z_xZ`r{`T(He(Zi#?_raU_jXJZ?=Qm!n5t3V;gy{XTNjTtr{mAz(Iaonplp~8G56s~ zKV9)t;x{&fF_@IN(B&w|fzd?wb@*lRaWCs4$dk#{i6rLNorjtw6;WRAL z!(IN@%!U85nw0{C&FD<8@)P_6iI+E+$%l~RV2BjuPDo~9@8MrIzwnFyQ9pC|KZ*{? z7ymv>XYdcoT_2bS@|yaeosIQ^{jbvjUhoV5_c?ydZAI}+M<@UDYUdUFv$uP6e54q` z@Y~OB8~kDq{K8`X&REPK5%#Tvz~Ss19@D9;V@AJbj45pzz!Z_b5}2lRGCleFYkc?h z*Q7wJV~hCiT`p?Le{co`X4$f{I=z!WYf?K&dO#ZtaAVYBGw>dc_d6^n!(Difxq0YK zv3KgSy1CcF)Y7BY)Y$JJIKAMSbf14ARiuIP;m(VLKkZaPd6EuB@6uaCIW#kwMSSN@ zaE|iYY|YYLqM(eY{Gpt0)|4)JKp_RF0$F$pUva~V8OU2TfdQ8~2l_bzNL5av+}Hd) zaR^g>9^5$ZA%AHwS;37WYCS9|e}}t&3$!s{)d(ZU@_P_NPB>qkLz`wykDtBTe|o%o zu-^o-xU;w2j4>@%<-x_GUaa32#OjWQK>CK5gU3k$=?RM#7S;X|F|q-Zjy=F^y|K;y z(+o(Iax2H_xJBCG79YE*yvASO5X|Ph_fD4Ixq#Ioro%`zdP8G@dS2|s4iY%IAHEUA zv;C19QCuL-J+weZbAJ!YAYhQq}5OW zI{R8UCUp;4iDTaC`Vb@jhbrPf;;h5sQIO_c;D<14U?OqwOt;1fr?`^LNYe{sQYk4# zU~9=)7CAJus5#4}3Fy>y{!+NYhg}qxf6=ZNvG22A?#otu@!c|F<&^P@bCi&Xe)`Aj zP)|M^o{i$W8bU)20_cm)8H3(j=uX$!0GD z&uJljQ|H(A2^%oKOKhNf{6#byO3BeBrwH-Fi6vT@epdlL^mjU$Q2aCfVdM4bugfHx zo{WYkv!U!PJspm=&9CU8WL?_BD9h|1%>bED#92vUU5U2ziRf^O-a^=RZ2uzO7XKV` zFDC<#8s4KWihfZqfZFu%Iq<}H?RzIcli{|fH zF37Nr!o>4D5BJs=dY+Cm}YQ{y+FaDd`pQpw4zLOQV zq61jjP7Qz7pXC?x8}?>{F&~f0cBON4*Z#_@FFL8&w`%$7>oD6CnwR}3*oz1BDjHvc ztLmb1-X7e79|SI7iwQI{_n-N5&Bbq1O1p9h?kDcnk{t6yU_Ibvv)K z;Hc_DsZr%n<61PJ?<(hX-GY!hd>mjT>Bn_lHBIT|;IfHGF@d_t!ug~5?KNd665+62 zW{&><{2$ra+Bdr&p<}+T{!_cNO8WoR<(0Ly|%tZ%fx=>I>*&r-OMlP=HnMeF`W z>;5~_y8EP09v-p3B*6famBlL8R(vs?jvp>9U0z}Mn3IjBl5{m zkAQhTFFxyG2i~)P$P@Qy!7CiKpk8=$_uiQKj_A2@vNcT26yqVzuk0_cQ8ffC`#<9a z@g!Yn#(y>rvFJv+b-eTZ=VrVd|I(yp>}` zO-fx3O7CbN&RL)3B>TO3f5Pt{#n1n|`_e*1WtBVG+xgSZp5OmvHtdZqIjqU=nco=S z7_ZMCclWmsekAE*(+JK)XwGIsa>bzZ{z<>@Xqp5hX0g&!@p z@l3m!0to|oe+X1#bUw_eCIQj^+F~crP&Y$zIYP3134h0@3DQ~oFplA#8KltuDz2xk z^As4*8=-CH%LjH3qtWz+)8c{X z0*xBL6_W$eqX2rOSx7x`8bUvPd%K5>Gz&8U=3rqn-@SgrF7@zx*M=WVC*8rgPOq2Y z{lel;>X0nbAz5gk^<|mk4&WR7KK>4K(v!BX6p4VtKa2w%#e*y-NJ<^p(s8u~k8jau zHZ|SJ1qSzVJAV8q9>(82iXYf6&qn|_F1t)B!YJ~xEn0ezOh*~Rqy2`ygcXt6wa@)&E;+!ii^+s%(!jKoN^H??&zu)j>I7Lina=+3Gx?4Am3l^+;KYEN6PHwTrx%+e9?oWH|lWdT=<-FbDV=Qiqq|MH#0Q4<( z&9VsoF{IV-t1Qjuu7GM1K8gj{`1le8h_o(QT+pYOolBH^ zD&cYI`!R1LbPETYi zKd>{v-QI-lsrdRVOZ!$tR~ee?6cq|@27|Ph!4lb5kr55sQd}m1wK0EF6WB&#C=LIm znHMvS+@#tT<{VQL@C53{z(t#fD8Mc{%pFfmh^Fq9v=`j52~H3MVFN>%*Yr_@nZ3If zTYPzuzIM*x_BSz=W|q9dogji%4K}`p=kF{ia2X(s&K^>;5}Wf7u1Wv{y;QgBL%28X z^D;g!Qw|7v*&7YNoiapKL95^f#Pz8-u3|G-IG~dZOzMdg7|!#gdqql^6itVm$s1UH z6y6B)OsrG`KU|8!jNqf|BuH}?c}z>Sh-jJz0MT$Xmjhv=>#taMws9Z-^(YQrTi<=h z+=Rt~R){k$J=@e@_)MAl%WGwCpGOM6aOmoQk305j)R5Qi$_SFzM87o9xudXo4#7&| zi?k2NKhA;dXJ;7_uq)bm#1B-!pb;8HZ&u7H={tr?2z8SaAk8WE1&2KsS*}v-6rw;> zfT=>54l=DI18}*4GrNo2NjDaP3sQEX$dtTcoSkp(}oJ4<)t zqjYNFEo>iB^Pup5oieZ}dsZv@syHp3Pl2vfKyG0?< zAIaS$!miLo2dM^L0v;DXkJ|dg7F}A z%ll0aK5Nb;DUJUyn&OtL)urWysyQ}1xy2&#C!;OUPP%N6AZ4ZqAYhG_AtY+@M@~dC zB;}!LZd!elFO*e|s)?guzwp%#6ZuNbJ9PKwAt@%8Z?U&l^RXtR9Ea{^u zucWJK0=YRu$=y7vH(XaYSE${B`y}^0rn+}w;|5H0iwY9-OlAd8^iNA&|JFn!;HFQR zC20RH|0^f;EBief8NTu_FROCH?;gbiSnH@;H`JA%W2HyG4yGB5I%*h`hUrDryd@RA z9mt*y*4(r=%WqiE=S1bBk3C(m~Fiklqr=M_~S#Wp1KT z4JW@LwNq5;Z`a!~5E(+u36mj=?8$~R;;;hy@wYbt)d+VZzi-MIe={2XP#@w;Xg5kJ zjI9-A-gjynyp8Bs)qm}8!jKXDuSI$q@NerMG%(>5E2&Bi$ce1_{b-#0eU=)Pv)Qf!TPiOOmUc^!FV;0(%b7{~7_*4-#GL)&5zx>rzl&I70pQYsGX4%wXmyf@iS zt8nfxMdDMyIYYe)STc_wBWh#(65L7%n$7at@-dFj{*RVy7mH#2>tg5avKlB==HhaLUJ_IHoIZ)g?E;$!wV zvnSF5fivO)5Y&!6!YRN-x3l#EvnOftZIBYKa`U_G`*BTN!9WYV6e3eV!CCRhkWPmE;S~Mc1JQb=ghkp zdC#IHqlgD$N#tC!+*o1FdeMMQz7k@VC+8_=-z|v>f0@QXZ=~-^kBmD`po_mu1I=UY zz0_*O4{SD57B;@=HAq67uWqdvF}{J{PFBP)QyNkmL zug%!F5H}fy+GDu+mmzjgb`GXkPjUwq!87ubmx;uxbz?buHn&i~gI}$%2X~S+T$<a;*hZV;O&k3T+Y}5Urdi=J_2z32ZHNA2S`{8~ zyCD1npJsR;6>D&KUpuDd%g@b!=H-8L;Q}8M{dH~r-?i1X z6_x*Yo%8>GiU0a6Kct|$HUzBwCHU)0@YnAp_)F8h4~yX{L|Rn_ZP{GG#3P#e1HPZ# z92N$7n9>a`7c*yKMJqrdKE0y5O`R#2=Ct?c7hBiQi4w^AY!!XzPYGMyWJ+Fdp(!2Q zWJaUXgbqsc8Qp9;qq(zLy~%7=OS4%m&1Usxvss-po1gxC{bb(%qc9iv$e+slf81my zsvkFz>S1R?@`Nso4QFvd-YjrVjq;aw-R~wG@s5YKz<=KHkcJNqfdC0xIP>i^L69KL!w&j*JjoKEkASQKP01{ zBK^lT@?U3Tb$PW||7C5h^F{vq96#awA765Qd=dM8Z(^TE?gA-4K#Hi!_%S+7Cl|8; zemEK|!DbJ0K%H)iB=i$z0fFAI$L?r&7JSiuf72WxdaXB45rSVO{qqs*$i)EvQYk`c z_>(p;PXMR(Pbck@7dtPkaM6tAz2$FA8V~cltv_v7echhZK}UDcsp_Cp-NBmfV6Ccy zwTccNJa}Nghu?#r<8uLfFpNudi?^EB4&9zpQAng=4ugh#w z{)ByW#hAr2e`l zDv002_J_R3ODpiQ2b4fiSj*gW7bW+B58RouBg2QMo2l&bV-mEKX=f;PNwJk=nkhb> zlV_%S@}D}*%nh0)LkMqCWk5P1eI_>luji%MmAcN| zM0`Au4^fm0ZXfK|_B9($v%brUpsgs55x9Umj+Tr;taXnT4=pK{#@Tj|`rSsdRw3!l%q3FoPVp4og%d9D7@Ui6Cm((8ydy}XE7FcAzAZ#Z zBxgwAP+cno26Bp6;I}lpXn)_lE=|aFll^1x{6Az*jn+fFND} z_$(m)?GTKMzh&}|>r`uD7Uf!v+W-0d9y#EC_d*9^TSyYjN#ZDgsr|6x`AK`ut4{T+ zwTI3wUK#%XmD78K8QuBu|2K??4>7kUWn*aefHF6kyi0L#!yE^ndyS#fF>j`u3NCUU zA6Dv_aMtdCX2al(U<9FSW{ZbVANCODZdS+{;o1G$vW5@?ee0wlH=>PS$k4xw47s!p z4$G9vDKtYRgZ~~##m7M?m{29w302trXYS$~zbg5;LDr5>MOgl$lXh5hH^WAuxypH6mudbzca9>6-^Lt!8n^=n4a0m5GX0Xrv~XMnW#x6MCbE+!Rj>!lw^ zv8uK_pLCnC3&3R~UP*Nn3c|%fX2t-{ZBYi3CUD(`ekVc!TJ-ggC{CmHE5m7a-{yt>Xc^c~KEkyRW;umtk7u&z z5wr&qI37(BTSAl93qmw{y-|}cEMe5++M-wVA=|@wiY%XlcrG9%9RYG4X6}9tU`e*6 zZ4CZ_ve?vqPrTd!+SH4f<8YSH>yE`-_9v0x@VJOKXbyBp{?(({OrSuROk_VDw5qX{ zzRW!GWB94Vrl;iy#N~4r>@vrXZxx+S$G8-nU!)M>2>mFOp`<_^plv@LhQjlCi+ZUU z`y@}!QhnTc7I(M@yD_2Te1qV83j^-1!2GLVedi+{4l$qSN)Qa({*f?RHD;rZvaNoI zaTWj1y4|a9m=tDJ8sIqOOaGh9P;j04ylTh;G?$T`EF~tZ(mv)C)8Dfe+A>mS9Kj@? z1w2q(z^JVF|LXK?{wBF{vUsqSJu}k{-d+@CH~`c{Fw03mxl+>@ytBgIz0J4`Whag z&BuQ#u_C|+A`@(hkT#gbEX=c2G&{fOUuk&)RTJb0g8h`uY^5la&X@YLUt&>ykFh8o z>E#F#T?#xKc27)`6KGQ})<{na?^(ey)1~LBp>9OdU}ej6h+NtHQM3HoHpr{YZIGw# zJxvOo2`G6?A4hsV8T$_?Cct|#8v_3HO0lZtkk%dy zUwC$vFHNt;Xe?`eD(un0z%U3<2E7-v;9wPaD1C z{HNpT1rkL6;Uqmz-xroQ93<23MY+q%BrB|^pAE8UVel?aNP>M?e(Pt$*?YU^CnryS zKHfPwINaVjjNPyL{qA$jUA()sAG=@GdpM@Ydpo9y_g8W6uJW#I6=mK~8wTuJ5kT@q zHaz34v{{UmQ@_R}fq zz=%|A(zCPPrcpUM$YSuo2^XWtpY-2ygs*bjJ?kguIZ@oxS=J{v15waww;?skaCAao z#K%8v9UmW};@iCX$#2`6k@9z%o{$L*JAXvP%(Q=2>f0{Wf0OhtldJp$uCS^W!_jW> z!M6V(hgDPcDmR1lJ?affJFOq*6bEubVDes!`n{9%J@1Zwj`Jd#P@KXz>G_Y+_aH8f zh9|}*B(Ea6mFPd`{n2UCKbev8bFtkt56E*;biNtcoYkB|N|*Q|qyiYYXU#aj8t6ZJ={xVwY@+`>%g#pX@2HmJuxbQc3E#Kl zQJ!(!G~CR<#h@Dph>mRcfMq%On6%o<=tYgG-0cJI52MFZU>~k6-WV;b)UWYSF&}h`^@Zb1Ov8#r&T+x0Y5}#lKwfC{} zsInlkFKhH)^jw7fLR&9o(c7f_7xIw<&p%bNeAqp7kVz&}zNj`!@7QI>KI8$&1vc<_ zT>2iU{=^pXDYaK`Ps-nB3;E&Ez;pxfxY+15q2U{Q!P{F>PL#PG z@iEL}2y8m@6z~q2A(YZg8-P~6#NWH|4_#W?%bNQ z$$72{N0XRhenB7bhTP>xbZGoea2!SL5p+0H(kzm%av(I%jDrV`=4rmtr`CIUWod+5 zIp%xl0-1085btZVUgLH3bmuSzAUG3aMd!)IaYAkP08b0mg>H< zm>`)u9k-vhYEE(`)J`KXg_CMxQfa)8>|Mv7Y3-BKETw-xaYGK0Y`7VTiu7a} z%bNLbQKh>-v9qK`8!^&yd#K;4_T3*E{h!3ZIenl??RXre@%XK@(qg zv<@^jD?~Dq+tmE%wK&51YO|&7G%XW;1J-2N77&_*@*%e0O%1=IY1fH3!k>+L zsp|$!)NGm=s8enTzq#Sa>Hx9_{agHarTj4>f&JR+v-t69aO7gEwHvisuLo6G;fc_1 zK_o*=2C3r&knO|JER1DUNTzVC3T=w`WJ&ux#A1wekMK4Tgj4Ewv>az$z9yNYKxZWr zbwYi3e;Am{C3Ke8LkLXBdom(QWvWaVoHfXt&rb1?#4)C0s;)_W^JJVr!Sl-NMPXH& zd+wsWhx;NsL_@JR47Bsq!Rus@4rE$*eC6;8Im6$v@%Z8@$7DDstnS2xN~{Xp5m>V> zn@X$-g~F&i*(N|U7i6CH&+3%b@ouOk*E_|Ktiu!p<2(cQR#K2k_L<3*$XiB0Q<1Oo z>HY{!3Fo5xO5b+@q#~ig7P@4tm+80te*CvtK9vvgjz}nt)+;V1B%{kX8Bm(7y%L{Te!E8BjsxUWBHk5BE;u|y3fs6+mI~v0`cG1}|eqn8* z4gLbNmedI7Z7ylx%ClpX7MsIOo>zjAFh~k&+=gbTiuuW-P z6Z%B8zimcOHcr|tFG(18?!;ed35k|78}_r|+fw6(mn+nhEbue=%74z$7j!G*6)fR; zXAC0M_H=2huaww;Hv2;Yw-LOHVu-(0AX( z?e#|d7u@4}F*If()7WYNyq!9u(P$W2q6jHYcIWW$;IO{1^PZFJEy{b6X3JWnul_PL zv1^8t%uTsm6aA=kD4wFlHz8?FNJD)c)Ww8VG_dBdx&-^HvfG8fV7<38nQ66+*IS?; zX%v^&z)H+}MYCpwI;Xgxf}W>=Llh@+@6kNf5X{^+;`*AZTF6*f)+O170Vo7tSZEsY zU8|fhfKOY!mGTL7i^>4*G*O#ur?4;VAG|f{h53U1?JI;N3a53AHxGjO=()GTsfjj3MFj=VOTnr-iEG?zZ5#jY%eJ`M=`2gJt|j=Rjhj z@OHLOp1|%t**kdpLySpNY86e)%uF;nO{a(m^*MWA%<#e6dhOoJcm~l}JyE%Jet)nW z)tkcbyT}0(nW(cW^Y1Q|u$==%hi;bT7Fju*u!{_rtSJ6t<)ZUq=Xh&->v)UHi5mv0 zu3RV<_2mjTHQ`6S9`1oI-$n!IyUCQ!E1`%}fC;4xQ63$hv&KE{dS1`eF>!@hM{cSU zmegukE`zaMns}Zg*;GB`@gBw34z_7hj@#oZIHWtj=kXu+V#3ptgJ;iWe!( zV$(xv{}pUj92?e*evTMl*9{J+lW-oj$iCP%5mW?+*?s zt0^@wUj^3GjF}hrmiZ`nPI1OU6&eLlU=QW%^Hy#%Uc;)%37v6A5HO>z9Do+%0`rApiEI3wJIzu-fetvG592|k-HBYSyn5YyS-IRs zOsRNl|E~(W7wL>Xv~!3TslBEr?&$Wq>gbl4S9Nmr{Ouvd&*vRd-OD2n1e^ZJfm!sr z0(QMc^wr;u`q@xo4=enwcdgB}K;k96uCrUK&IhU$6DqSu(>OJ7$_i(d;pZsT5#J|& z(kye{Y)<-tgVxWePRrRDPLhp8MSvxb zcT5qo1ESrbDZ(L4!6BK)nFlycyU7f`(e(@|ixA%U+)YDDC+d76UbV!DQKYkc9z||a z4^@g6f}00?kmP*$`}#e#2YPF0KSpO~C+Grj1|##GXSRsl5h6n~y@4Lu9A~6JvCg1C zO8foyW*cmBH=cw!%#qbebo*&C1dez-%P;D}Up8XjCNmo%nQq2+tVIXG=(oWZb-w}Z z9e_1`OE@w@JUrUj`QZd8VM91P+DqBV!s7PuOEi{x7TV%QH<{a8fZp?T`iR#~_eWvh zX#&EwnH|W8ls8ki)$Kb2AC-)F>ffkH)Nj5`>~GHwK+pp!nQ}nMS?M zX;wQ}yY7_!NdC$neN3a!0aXd3EZ@l>RJ-#@PUYt~G`Br9rIl8k96lz2^K<>l!7t6> zQR3Lk$>=memuC!pLnkO=3r0gpDyFvA^X&Lzyr8{5C~uJyo)?s0rq4m?R9Xp9&FC4g zj#BSPJle<3rTXY1t~q4lxe`+-D!2-1rdBX~ZW=#FyzbGA?5=%yRj~V54UKV1DvL%| z0IHIIZY2JYkn+Le&kef1od9$zStlqoA?Z+1x4fx{lU4ltAFE{=z!hKB_~G&u?fIC{ zQ_Znb&iaiAQ}Mq~n$kN}{)A78-z*^Y_-~P>ly3zhE4(6ad3xyxC_6JxfoiWFbvVO> zLAjoOAayXhSRxStz4^_FMOe9R4Nrbp&SEKe=flWHPm_;=DxFz?!oXK9MRdy#O7LR+a2GH>X#| zFSJ0cB;3*9yK)+(Nb94zv6M763tx?2n^$i(Ra#ELBY)6`Fa`>)O*fXg#(KsfIdkSS zoo_P(ImcRSTy@XNVPX!^;<4Z#9D_P%uh{I(;^V9rz*7)$080z)n(-K~Nx?@YnFQTq zjGuQrwv~_Ri1~RCtq#3cFYJO9{wQwgQ4D)Pk!n0&^*P62Jc@l^Vf^)tkrp>&cHWOo zTl#nL@i2WqZScJyPcWYL5shB6so?E8B?6!@{Vruy`4lS%rW%LVqHB<5?hf#80JQ@6 zNIf7Fc;w=E@7;4RIn-<{8B(R0bvEG&P%X5zaCiUpBh@{^PzQqJ-D7<53c77uJhZ#%Q&j&IJM6GNCFa0 zjHg|_=ol)$7~7-s$RoE!XWu)k+h{cpgzl+1(QXDt!BqM(Dsgnb7~-`lJ7ZO*`A~8R zyQ$q}tL4Hs`O-HzPq&0x26Zi zSs&%9P*YdN^uMtF_BCBGgCXFSYBI*VoyIiF0KsI^v*$wPs-N3#v%D4<%pEU#oE!}A z2n@?BmVlMt&%(vO_jbE2AKi4#F4aBP`Y>N>qUE}*q*=x9Za}im>SZD%-Mn6YgWB|O z|FZmT!|A;(X|sOMK4CMWbhyuEiFPsdxk3L-Hb0j1sokugej(y#0Q<>l-|b1CLjyzk zJV05x7s7>Gkv-|aScRzeWQoBsQOlMWF6KMXo;~yc82~R?!kpg63C32d?)|U{)ivQ5 zIp4zt=}nB^7_1Rj*M~OTnkG==pef;q$XTcqfdOsj1YiWBS1fTckw8V$k8zGFY0cPb z<3WRMB!!1MK*I(0lmjxeHlBy6hd;=$_Vf-ZK4w z7`IB-jjd5f!Cd8M)s2VF`%Td~UM*q!0hzcsSEp^>9Z& zzu4Q||3MFVqn`D5)xAI2`(bGi+pB>z~XZz6{XdgWN zVdwbvz;>VMzR3a})$mjO( zq1KcRg>TVV!F?mQ#LqpLi%ZJ+;$s_tD25^Hr$%oz^?MZi`K9E0bHP2bcb!!#NE4Zf zZorSqdQ>Eil8tF+YkTJqII(jv#Z_rtbyy?=)r z6z7#`9D1F-Vfn+d+a>I`7u7Y`-@h69_iu&&rB45S2f*+oh6nj=919c~n6J2VN0>om zKkQU!zva1ljDm@qrFqT2*yo1BqJPV$YVY5B2=`3b^KDKdA3-^fH#mt+VKu+$@t1{@ z8QBPcA^?50e;ay`W;YSL+ zeY=j0o3ia}^i;8>95~m|xIp81@Hq80GU1(#qKd)EROci(Qp;e=UiYF83-jMQrb_(&no{si={lHAZ+ODPBO!a_^2se~s4h%E?%aZ^l+hW+K4GGBI1AG4_XOiSJ5V4OG#BG(ZJ1>CpKG zw2~>Ep_qa*?0;d1;Y}HoYZ3Q4^5j#eFhsATKSX}6J*JJ{;HkU)*$QE7^%*L8+uZsl zy$N=Bmt@2~zn=y>lmL!;jM950{8u1Q`mTsT>ANxlQKnP>ju|9>8*!;`_}2=@6KL8f zw}sxQE&f|<%XboY_ZR?qc6KJzN3Nn5^y-_QafhBH!*fbOA-=|h95!H~wg5{UNk z$m|C7&l~INzw)4WWKbqY{OA!sGo%D3NNbP@mZnHAKX!`PNok7I^Bp@ZPm&)#GEeO^ zs}DGUnh$vTF2JeN(+O|AYz1%y_Zt{}t7iZYB6d?{?pIG44%?s)87dp`O%J0SfpC*;csx#JR^-L>`XW2|$|*2J4>Izm&T3K6p6h)on?5TQgp zE_F6Xz|b^|(OIQSP?&sjbi8$VtRrG5hml!1*>X*{jEejjW}v8Jz66w}5UbO{czR{N zGbURzLkYt2C&IG}%;m@qj)q)MUZZbBToW61_3UD<({`KLRURh;ci>{IN3uK%oG$yu zY@*^N%ZJ0Dr*}T&OMONFLxw0@czP5U>!i;SfbevLwYg|!a-6)$XjO>i?+BtdyNkY@ zsV`^h)1D~_3gf*Ds%3wR2QK99O_!jj@02B)2!zjdO0C&3$Sx|=VfX}R<8I;f!jsa; zg=g1@n`Nj+mtUcZYC)>&4E= z-p;-pz(T1u^A^$D1cVzGrQ+rI4Z|<#!V^GwC&qmhw^}V_Ln@EGXy7TRiPTj$G-5~cIQ7`)XOD~VY`>G<@fdYI7?rS+s!j7TBnaByBY8jI2jt!y_~XIQkj( zhxL0l@Jm?q?LNkjzKa*B0FZWOE@1&Nt<}gLyI(nF6UM-NAj~SD#;@k(i*u7V2DERy z;&Uqa#v7z~1f3ljH^b}jp4VX`zUyj43`|TZEZyMoc(5a@N9Y0i=!3E0~y0vTB$iKYbo=z zfBww^R9pY1EYg8u>w*tj>CkL?Y?L+q2#0pZ_0)7L^G_2U5#%~5D63od4NX@b{bTX2 zG;MSLt5ui-I(Nt9HZv3#9<|CgHhSzk5z?bFX3^uqylzLcpp!E6v0~287|V+`H(r;7 zpOTPhQZL7rCK-l?c@^jPeO-0U1CDIcW#uI z@Y=M5wxh+kkdiQzk+32Sb}4CqOs$lpu$-f?a3h2}D(5N;%_LSy3&lI#0r}?l`Yj0X zt?2J9$?uJ*Z)s*H>^L$fo4J>k!mIJ-cyn`Gn0@<2XCSwfvFaQZj!qoN?@*Ctf>S}5 zP0l=OZ`hbhd@jz=<&hEPDF0!4{Vw*n9%h0yM-XH}zKh-MUT%wwgRmPK9Zb&!7|4<; zr5|Ic48!WXs)J7=iOF|hnAEwMa!jJ(&yp+WMyYZ(g}=Uirkpw57rrRw$ca8UVNF%W znj)2~%vUoflWy&IpUdX<35!GU5AF)jq-s~f=Wen3li&?z^XJUXZS2Jq3d>|UB>S5U zP;8bR+M1E0*#MlC=1o`_&gDY?<HcowimmLA9-w@O9nPJMB51K);O0=UYGP==(_l3vr49SI!7Getl}Cr z;bOjAG)J}&zMNC%)$j_xU<#&KjEj~Lz%8k|vEYL31?Yd79^vH^TkpE}l5y2#*rmQN zTAqic$%cflC08RpSzNS=2icoyX~8UV(J5;%Q3xPoNiUoYb=0hA8v+A|Jg#Ny2gvt zDh)>_Z>o&H?6zrGxN_VH9b_(3iWrFT^zq$zZ!~&48@p98MxzM^DQk<`?4D6jeW6Wn zl;*>4r(CVMi7ha<)s&jL1;p>t2^P+byxLw|Vp9sWjwWP1MF=%1IKP+LdLG%7ra)gG zUu1ba8O^2`pMH_#@$_;OQ++Zl3Wn9e@H4LED6{CL56$Pbb}N3t6`D*HuN>=11KhB1 zQ!-3Pv%G%=5JG?~@nwPC(8qBc=ZNCG9aPT@CNoHrAr&y@4IHLv50esLakB-6^n&@C zO0H#7v^|`rQrnu-AYk!Mtp4^6K}#jo?DP;`rUR~KjD^o!Ps0(X8^1CWqTV^1?99++ z*nF(XAJWc91!Vh<`Zr%A3MBD@)b?EvOym-B@=!1bmPr8R)F)9*|DJB`xb1fbiq88lO~hqWh}@$5U*2u|=?VsW@|==_vW`+wTn+uc5S zcDVIi=b%Lso0$O0?0OHd_9DfrSiWUb-8f1LoRuQ#cT?)jz^i2&v#7PR_w|#VML0WDeLp)eAVw zhFN}r#ErN;7zB?8V79->P2Ap$UQCM!^+y_PE_}R-)Bn-X0RRlsjOdLl1}`dTibNa- zFvQx2UkF5aPtL_30nAq#GL+CI#$5uUJ{mMj<9b_z7Yq?N{-~G1Ab78!CU8V#5dah? z{mbMkXS&6Tz&dn4;KGf`kiS(`pMj;JJAgh&C|NlrE<%W#;bqQ|$rDq(_7HBE4fd9f z;KwvL&b7_hsA0A|?`-I=-}+wBZqiZSjBL{T>#+>({~}XS!0`H6p(irSLMJ?8BIC$ zaR*(#ccV)xZ4_(5phf&BF1-YKmA;kSN&i%B3+1;xQN+tn#O-y0E9W%f`#0Ksp;OBF z^bKpTYDijaEo4B%?E9`2EM_v9ji+hvkM@IKjGl-yP^nsSuEv;Dlhfr^3>g{V<0cZ1Mlk-n;iVksJ%d`B(ZBgZIHmwtU6F#>VV1*sy-r*c{tr*#JjB z*&53VvZQDvz}e+|_P1``UER|&l7S`3$&xH+X8KxPU0qdO7vtd&S>YQl@F$({D0fzg zI)~N{nu@>>HiT);dl3v%eT*jAZoGAC#f^6-W0o%%GQUa47 z_uHJQcYzjsFcWJ zavC==4G;x?v7WT@y5HC5pJVe@zU!ED!NvVAvMjBrpXOIJgK z;l9JsQ+lLPr(x_8Vw6wv@d)YrwllWctHZ%KP5wSfCux&B6>4>o?)o6qK>6NvGHRV) z^BE2_WSE|hB~s-1WP~NC5votp2WlR0+-ZhV7Dxm%d=fmITICK16PJS?$q1tJNc<6s zo&*Gx2@*%(>3y{hN*rgYXmm^yJc`zsyTfQ!qFE44@hv?~UT3>(!dL1g0UY28Ft1#3 z+%K@c$#$ZvEIne5w^GfU)5dx0fHQ|C-!8jwMX`?_*KIFpBcsrt?KPF5at`6Oz_zr6 z-+0!zwZ{XFu@9n*?m%Dj*)ht-!E&5KPX(A!%1pWbQzpT7o5&r0WG_D5IXIcJ89^R= z(&|}$Q%l`~QqmgWgEcWn(g=giYp9F1DTlwbH;}x`l@2?%V*L2lm|xkvH1YLv+U=@Z zg#h<*YY~_?l}^SRth@K!uaZYRj^h6cIZ^@X;X@K>ghs5a=T$Tm}V z(Zb4abLvK(x)_()S@|8~1{n(z;`40*Qsg&OCJrsdJhCt+ZU;s#w#@R<38ED&zeXhq z%0sgHY0GTSi%}Zco$<>sy)|!bgZ%AvStr<}X-y%v#$VeevaBr@qDjm0)5@ruz$PE-) zzmj=tvQjOw)bZ}D7dSegmugDvS*(UfF0dO3mNizodQ6r)J2UTyy2LOkq*y%{D~1x2 zxOFnRLxpmYNsgPwAjqP}lDq(FTR^^Lj18bB%*5>Io=w=_>8(F1xW5G(CG}IgOjfEU!E@<+;Iowq21ZiduvS(5ytXDYu{# zx#3L0II>+JIh5w51RL7XSqJ)~s5{xGAj4a3cbqF3#)?HjsV!^i7t2*g0Adu0rp1hA zizIAidZG`Lf>9gFBdD?Nk5;}$M(MubEr4>**gs@H=A*-B^w&v^$%)z$^{pw%^6cj0 zpIF{?Y`($Ea7^x#^(c$$>IeaPrN-#a{&gngR1FG$PhceJT^R1=uhPts?YBr;7Dl@Zc4K&(=qV+oNQh?oZwb4uqzAv(-nQt`Q;fkOYWk4Y9Al3oPzdJDsL1ckI~xG zps`*Iju;%)|A~ND|1wCdGbmOTs=y&V0fGYpbFy|nIqQy-$0xg1WlbS1EV*ko*VKwL+!BV{ziM(WMIH27YWT52d@ zr@b7UP*%fURrkx`GDY-uosc-G{!jvNod*OAf_t1t{Dm7ah54{$+(bg6h*XqS6SvTB7?U;7 zM)RsOHH=i%DpJ*(Zx1r9VpMlaYC=(l-4fTxNC#2^;K*k|Nl~_53&&!BElTa#RfVOR zLQmW0l%^G5#b?bUv|7)mHfNg!+Kv4|zu89fMz`zKUQ_sOIX1e}L+v-7Jal{4;7h#l z7Gef79IT;{z5qh1hyjvUs}NYK6l1C=H@AXMlBe3USg{v;TMV%L2WxR6o0Jm-j?v7% zX?J8TLfLY+OgAAGH`%+qBO;p>Vdn2#FIbm7vE+6(yg=jeYW$f(zo(IIFTWq-S#g%Y zLL;yo|D7|R5%O=(R7?yl7r*uuN}Tw9`YOe@vng6P8^YBnMAYaKIZ$rt5~21xeqK1DpP4hLSSvO_)r_m&6Wvi+sL0#F{@DBqxz zMd4!JQ)MlY_CwKL3H6mwM^8LeWl$vG!{6jcPfR z)F#N$MUC!pE~b=Io6f@&Ffj{7T#RO8rjp~RI2-Uh5sv1I_{&P}LPU@6hln-Brmw;) zV7swzN1+%VF2&e7n|E`8H@I+~ew=U;x0wPsaa20;&;+N*lABOFwN!bv?}AnbO5jE{ zU_+t&4(vH3x;jmK0$$DxBF1oXZ}~9=&~1bi)x?#GfYL-!C}b@2Bex$tm4tmOIj<{u z%)g~3P;vmp)=Xm-3~Iq)5$+FT3%9x@s_BP`v4P-cb5-cMNtEltd8jpwjP=)Sr|E)a z^skZ_JjD_Azig~WD;qA^~jT6j^vqXK>qYS^6~zFZTp+KA}n zO+;1RH5G5Ar-R>;P6vC}Lfw@SsJm}PAXkOMD^1&10i0dce{~>xY^S$<%p9~!YmSTb zu{&Nyt%ApG-imRXKGjmL32K48*Pn#K3Oy6$MP?vA#kVktkk>emZbt4O^Q)G0R|;8o z`L25Px%e^$)vL?l?z|w$rHnNL%b^B9=m^9z^HYQF~V*5lPh#8N%ZnGPAYBlln zw(?AYu3i`%k8w1NnwB&yU)G4|L_>8baz1sV&ZfXHbj_aStjsxLC<_-HLCyNdDZLGS zp^MV|Wv2sAUU^ zzZf|Q(}4Per%1lgc*qI6qWZ9Kzhw(MH$Y$gfVWBR>7lYLXR>0ty9bVAXdI=U9(3wM(@NxZbG4h8B^gE%uQpyHQ^gAkz7I{K-CT=kcP*U{=P+R=^gKH zbq>A-^wKQ^Qxn?Ygc}&P4*<-O6zPqOzkS_rT>+)z%}q7vYyl{~gGzn1fEc6C#pO$u zh;9vr2q5EDo@ZLL0R;}w-o1;nEoz+PW2mx0&{$2k_%KW6Y`W2bRoMOB0O)bMx* z?H6!+Q8SG;#%?)=RGn>zB_x{xJk5vA5DN91O)Vg}sv(|tlmMCN5y33-M{n+!r88&- z|4UqYx<`fH=KW)oP?9c^)(cM5{NZVC5SXl!`Yb%n#rE2dXfey7t{G}M!qvrAM z(c!@_#_&pviI#r9(>OdIiQ)mZ`tt7duGDM!lDPTOHk=k9nsOjn+$OLlHJCQtZ6TR)0Ta!TCCD#qFKB>6^&%t) z-JvxK#zJQn6z{g=80W*E#WFKI=#e1Nf-QJuV)Du%7tR^Ek+jttGe3Ybz(|hm0?um& zE|2)49HSR$EY9^=o-!-+9uj;2^hU=jZSQYA03#M z!C5yc1H_eKCE!%vaSD0o+w_E)_ob!8&Sq5t@FYjT7b4$BBLej5O*keFPERIw)fxkG zi!|$~+pTS5lAIg3S8jgZZS>@}hK1bLwe_ZN>O0Pqpnh84_g`U71R+7 zF3jd+fX`QM$%n|ZwiHRgY{4gtatYZQ`O<93ZPGjrtWu?=a5F&d2>0w zW>C|QS(r!0P*v>#m5o;l&|xO_#m9^s=cl+C>~Yh^gu^E_r@+t2971wI@Psv5#2LT= zwnAXO?IJJT&Wzr+__%{(orrf0{_YPrPDe~6&0!-9&TzrPVCgC9xQ#NEMi?pthF#B} zS>`Aqch_kf&I|4ONwa`a))0BdugAV+=dHfx+-wFhf=2;Mmq;23RykXX2L5P&Xr{_p zLCwes$_@y>j0OV}jRjG{yHbYY`zOs8Cwnhc zX&r1;vVF3Px*%JFAAm|3hnZU$9`C}$x|Ut6u<<~)Ro$rKY@C7amRq*rs5=0O{@Ua> zpnnMZv8HHWi2oXFCcD@V2<|(kI2qcM)yJjPh5da1k7ftfZ(Sa31*_JWLsXpm8*Mu>X z;l|LCb1Hk}z!~6tmcj6Fkg1@JF;ih(f@cKSlD;G7S4xR^vbXnB^JMR|uF1Wj_dKc1 zboz=Q>2244pcNLzy+wYDg zF!wyy)5>(=WnC;^h2Ul)o10;KLI&6<}y`9aNW*;k9fH#X0xRO}bYUCB(>h8j@W`tpUl4D%lA7PeVFY%d+;lX z6`{6FbQ4AZJX@4hFNCL!kn7uM2QhT=5X{G;ovl(l_VBde!=+)iN+S^$gd~qZWyYYz z#*FUgT$Ez6lJjCu1=etL1>wo^fGRvpV!_MwsaA=`B=+MEtL&#iA7*bE0fdsCnsORdV5F8O4t6pe|psj`nfyV*=iPuigyit%GZHS#PO9kxh`X(_$&e^$`!j>vg47S>g)r2kIb! zR$F&UTot>x&SH}ueA`-7W?F+yn|I#2@0w7;K0b;CSvl6`V*SYq2D<{6{k*B|L)fAH zGjZNb9w%o(5W{!p$CwAFABVr}zPwh7-=OxY&x=G`jU{g@lZ26?8vk`GCv zcv$PrxvdS%>65VcTu-H)>~ZEbbDo)<6XJe z##ifYIAO)Zh0`^GSbw#u-4ZU%v1wjG=a#{=z}gvDB+j=hT!>oI;#Q-Kn<^`&?wU;! zq?|TVN44_J3F{N5OS#J}Q7Jk@K-Hk}`_|k}4E5OfxSGFwB#NBRBC}PU;S}*PSf3=- z;*&%lBn9Lp8q&u(3RKjAW5Do3_{R6vrD_rh$Q(s62M5(aJ%5sf=Z!LA`RwCFfxvpO zB$5bD!y!Cj7z>L*9Y|$#$Of*Zg@;g}veXxu?KD7HyW^OAhvdPeNi?L@oE(%RabW`%C#5`6`Rk0GC=2jAs5?ll=PYDYU}8M;Wd0zi*M@EeTTRw zAYY*nuz8T+O5A+6kLS&a)QC_0#%#6mHle+7(+gq$(HUCv?PYwo?6ENL=aA&-BYGKg=%UM?>B7_5wGrtp;|jAf3qG~s-LuqdqUC}92O6|Iq=XO=CR zcRWyz^)v?Lt3jkk7di=NSgarOcDNi~#Q`gf9F<$ida+OuDZDk4uBMpFj`<)bUT8co zdR91h6F%g|Q;)}Z%1tfg`6x03li~UKB*Omru`|jUz*#uJI14z12h4{JxFHv4<3|fS z7&U7AR3doIBA5`%=)itcVMUy7h1PH-=XC_ryzk--rRS_~A-Sx88Dv~I>J2oS% zUR_18i0dk3fh;NVV2@xos(r1`{~bl&&%7-7UB$(JoV0D|K%$FKe*;U zxaO~Pxs&~IyYrvIOMeaaHn5wz0b?7mtlq`L6mAz5%0xn#ekhe92yaM^77`H_g87?B zRB=YyIoa4QBgQh0k&H5tGxR|?lC$mmymrkoYy6=D?#b_nY~p6=rvL;Z`%Gy;EeXzc z-E-xA+GW?>b2u+L#^RJMV6dsKh%kH#m>dGF@fcx5F6799EMZYnfEj;ZB*e<6*LupD zP-bd8+O@cOa=LSTnhR!n!Gnyp&-IW-)ZjZ&ZyXn`AyqVSN=p}5C_F>_lb1y7@yn-A zIWO|PwRK5Ii9;~SDbHG2$}Y~t@bOF7H~3z%u$fVdb*jqnc@_#)<}(R)M$WWD*b*~C z*t^-JXT0!TBib`jHEkp%KUh{+tD3V5%7p|&osO9dQr9~xcPuZ917eDC{-JGKZzQT$ zq03Z|JH>rMgcV!cJKi~bwwKeyKBE?mpJA6W!y#~ulLAF+Nc)3H=Q0@$23HhH$&PX{ znOm8Izwf+Ry_3Mfa)o}2gV7HzW`m4~Qi6?oDn<)s8&4jZ;K*l2nwDZ_ipD`1i7cEa zHTlOu00vNZs4MbJkPbm@j9?584FtItY#rU(ZR>u!%E`D&fO*V|jQ;u*0zn|vFxF*$ zY!HTuLLF;^7OW?7%oZ(gh*GpJAT2sU7V6e4W+Zw?)g4m*_FF=*y&6hUfb8<}oW!qH z3J2LqemX(3V{9r~Z{y;|bxQJSX>!z z*YM_Y9}q_Y5B-w(z_D>Eed!gEP$WLDjqO|&#;865Ekk$#jqKN5$hjb0T`&&=a#vl~ zH-U<4wPE3+8KiyPM^ythx}|_)=fI=HUWVSHhC`HkLrbJ1!J#;!H?vFYI_3j~E?_2! z!?N-3Zrl01_6MYrfT8Xm9_{XNLW(nq9{>z)!v=(cqV=uf;8aS6Jb>{mO@@d~1Z{x$VA$qsY5*cWi9mdthNbhwd>7?M`M5=*{6q)-4%wn&Ypcj&2;A#LH zPFN6P(Odm%9ThrrDFmccjl?b&EWSpft(n2P?Y`lciS~^`gkyiW8+_ZeeKDVGTEDAW zH^12WaM1MYZQ1zPx<}T!<+@}~Vb`bXaigaCsV1hu6TBAEQVN0&-P$J-xRlY0PioVX zY4e`frXh+kvVb_isy~IA^oOveIUpzb5tYOLR&5$(Q~vepTPH66N-7ta1qn`*t1FB> zJ4|}%`?P0gb4^m8jit&vHB$_$35*WYy~1hZHm#Zvl^{=K>9{s;_$4{!k+)(?Ouq2C z61Kj%fBf^Sm&tGP>zVy^#J^BbQ`IIUAOK#$kD6|;V?K0(4_D(Zo$2^b&ED$BN069} zErYy)WixMbXPnOv@(d+1AYHT_o&LCYECJ2c6+Xo>!|0W6YhzsY@O^FIWsZ>$ zAIv^5IO_++vtzf(ptJ#VKY*8)XhMmFn1#p%m}|PREN2 zj92^tqkw~GiQ@y26+2w1=9y&g7z(&3!-G%G@D(#j?GzBQP%@F@uuMwS$}K8dC?W=@ z;4OU$im=h2eB|!T47|$Ei z9V#D9Ml54e-;8}~cC%)WrzXA?TD+1$a$#H$B)ItRR>(w)=FCa5UZ@+(fifDT6g9{& ztHpe}x z$R_5Cz9_IoQ5%S#`5t&1FbAjpriSMW24o~Wi$i>Y!jO6>WI`fKd-p`jcZ)yZ(By-; z?-jWVQR_9e$o?@TzO*t_9j-O3WsJxY=E_B(zIPe^7|y;3|6%M?;yrrz;&@&3t~(s! z#W)a0o4J$cEWq~T)H1i??<(_#jgHi1*sL+9D}K~zxpGC#z9;JPp~1JGw~Q@pr5*Av za!Ft=mhE>P=fd5x%5i%V0+Q9~z|NUV7$DT`TL3Y54e*kfT*;gol4!3U`I(*SO>lxCg=+#P@)|ZLv8DQSPQd+EgAlu5jtN4Lyr-;Z@0t z5gUI1DyJ=F6)A6LlmlZ@h6R`DHDie+`#hy?xx9k3#FK#BsI1h(EtIKkbFxg{;P46M zz(I8n_QbY^rmu*Zq2Z1#dYMXHRo}1UH)RF9$`YYcF(Q6*6u~v<>|?3 z=3L;^Vr5;h;@wVv00gjO3ENF)QPY~)oW0EP-ZMDCn4p%I1U_QMk_U%B%~$^yz4ou5xMDzrG@bBr=oNt{3}N+3K66COq97wQo zGI5Xpkm*zC#w|CLX6|5`0s>j4`K}df}bFuCVS$We zCZpo=mAC78^Y{`Q?v^+hZW0Rq0Chxbj3}1Ji~(Z^5qj$Sm1xB%*J|J zsHzNh(|}y}$BYcDYSoxj(v2osMn*V39|4&N2z~{^b*T+Z63Jg5P0Hq~*o16ujidZr z;pN{9R*Fbfh2ALJ1ak-3Fc1RzfwPz6jTgxGE~z=FTiaC&HB-ZfR|sRlbKS2tond{Q zdf!gpo9iWzn6B>l$_ES7B87kuYL8!e!8i!8>Rzw`Z1M&L-?^kc01{@zWn@mt(3^Z> zS%u(CV3&oXsp!E5t|OjmH`y0X#;JAlr=({%luyfdv)N!uSUa2HC|#o27*8?dM63*e zO<7K9%QwGt<%#ac=;TWb`&pXIy^)gCYd3A9yTR85#93+f!itCR+ey&|V8@3XK3y4m za#M}%DRSi|WPhW3QY^;InXPKMn$KI_-)UXH0up;c8m0|h94E9=D%@C7v~+0Z zQ^@{BhWw^)hTJe*JbH4}meQ4_^n$WIo1qNegIL*Zr)qA|RlS*MPa*PoraVQc=b7~s zA)XW(u^G=*>s<=J@>KMy^|!%@v%Tg%0WyweHW%WfRGq6F)4!Z_x9?2T8#5&c^>g7N zp_S+b*kM)ZIR%P;sT{$bA~jD=!G%_4f%MdN*T^%-4h3p0p1 zj$rQlv{6c~+Z{GSLCZJHph8n z*qG(Mr%=vqfFwAgW6wtfkL~)brQ;3gMj0%dr)l%drX7|sp$}&sltHehZRTN^?-9nM5Kg&8srMp?NF0ZN(f1{$tdU0Apgl0oMMBLaOzU7!{?#IUjxhl4{!o=#0(9WDTFHT21_ zjmIk;MwuFK{-iQzVB1+Dm{$b~(YVf2&{GY(7(6jja4$*^r-c9}B1&mz|M zIA3Y~@nAfLRhtaaY8^8M5`3>x3_O5sV^3J_zwv?EWs-4JLx;c)`j)qP9W*VzyvmXf zgVDR>LkfiD1H4FDqfzTR!{|}S(qJ>H6O5Ym-1Y-a=Njhsrgd~Bb=H~~EejjO7+(YQ z2~RQn)nH`$tO4Z%RKWOONU6|araK;>scxTwU9~#sU@g(Oh#E31Q81D=+k-v{QNv#A z94~@#8eK90b-n5N81hNO8j}tIy|YK@-zTszqyUB09kopV4P1vrE|AfZ*RJ2}l<<54 z$Js(}4gXqi;N{{+6M3?i_Te@By-w$8mxPctZC0bhE8KN4;czPEq#M2@IB~H9l;vTF@Dw6y^fwo?#fB@g;|7o1B^D-)o(t?>m~Q<7w3b1gA3vKnz^U zkkJs9ul+Yzf&Q4Q>jrIOY#B`PGDgYzf)r9+{fvH}gCRRCbKEm30&6zFYgt$%SW+-eHb_( z6&Y4&ia-<+K9~a*%QNF43DZrfsvKenFkPjCc=JsfnAX3JX9kzt@dY=L}5ILHkMY-(MKnKw%BWB>?ERNuGA0hn|#w&!Zr zy&A%IpcZMHn=m%wZkF|`IbfN^=t+R4N^cEaMArGPZ!oIi4rIGD81?)-?MO6OCG^?i z$Hm1)LQBzG*CtK4ZCOn1wo?-`r^?4XbmKs9(H&)W{>!F>22utXjyT{KVaf|LL%N!u zW7RPcGD#dP&cV#YOj;Qj^wx|tLX)BEgoi4$Lq(4F-kMx6Fu>L{S5Tpj%mM4^lx+2N zQ&hvvRbO}2t7e3Nxpoxr+j1JJCL_0dp)*Nn&Lb%I$y=Kvg;;cqeBfPzDPD)y>ij|s zG=P`7aq#oy4MIgQW@)LBcz{z2Q8Y~paUQ&RET5v3`lLo-7oWzm&SUYgcZRX7`(s(3 zX)NoCney8+wlJ0|%a4Z->5}IY2S=-!x9XIuN3N~z-B=3Q3SvNG*f{NiP^|=qyWyb` zrm-74%OVzDDRQ_l*U#d%3327!7uAzRQf2vpON_s-<&5iFzKS}gk*<1dEj&$ecw7BS zvhux9^l+xI9r+ijfdvQWi- zm5y7OMx4%Fa>yb+6q+z6iE<2cLNN723EgpB6b=eQ@4Iwk7%t}$R4~yk$LMkSvd|GW z{dl~wE#tUj5S7fs8PrYt61y=a32p2)Sig5a@_}k<*Bj&f;=Qwt$fFE&wb+96e#C-6 z!7;90VwcFmT|TpUfn4T(TN{I_)ez>kn;*8_e=W|a4YT8vJ~1qhx>Fl!A#Ts05IJuN z8{)A+O`^A=LXw2hplcDESO9i&6 zQ5$+*s8@l0(qZg;yQ^G2r&%9(wgeGEOGKDe9n@aVU?7SXo*RUUFJEV^ms z6aTygY@66gZt|h-0bElW8aSyVeRVbfh?2yJR;7%Zs~=$%KTcaSp#!ExXv@ELDuBq7AE!beitO(F z<(~l%yuxgqgCLx6;O-D67O^?8RS7Elz=76g0uB&>X~2OZ|0LjWsQx%$Zipt{=`6JB|rjmR+y0#r<8;DTXj^pCLs2Dp_u#|$tJfJdDBsvuqp za?KH#SDG;h&fffV^x?WW^U>#!1S?Oa^#Rrv4o018-dLucIyW57jH6Kpi8q=uGXMLG z#FB7t95Di$m~L-CM2d04QB1Gn8_=^a8;{YnDaq2vRv5*sK=D&o?5A@p_er=Bg~*zi zL*;ZwVelDOjOXnnu*k8NTW2qr5v{nLrjg8ygeu*jWa(+~vfiLm^Ywa^Z^cHQHnKZ< zp0BNw>-l!FzRKR_EL=&Jt?i_?hT6z(UB?-R22`dOlPAw}N(%itqrq8ogAq4)X+@96 zIuw!15_+1OkYC$Yq=Cn}aRZB%C!4=*FRZqnmIPOkC#6+0*%@|r;UqjfJ^qF4B$GE) z<>{2%PWE0sIe59d$N3w?2N4TZys;!M&b{}(k=Ujdy{4!mK!YHPv#BgGbf}PWypq0* z;7v_v-5I|5gn#*fk|zgVPXJENy@j_V}sK7!R2?B4@t%yT}jRIui z;H}&dCs2wR&kj*@%PX*})~$~y?c$&W6}hYZM7_9fH}d*4Yu1i zSz?Ic>%GGxm^-e#eszlK_qbi^l+|*U<<4g}nc}ZIZO!=N33Y&;V|Om@O}Z}IJ}s-fp$?2Dakyb^{4oX7+2hleuIiu`5*9H^2w3^ovBi?kkrDECS+DD z3jVOOLM?v~XC!Qsqm($)Xamft)i`{L7x(yv)m;2;{WyCgB4LO`F{KicS+3?SQGgd+ zHumUdCTt-lZ5mU6iN7-fU>JG%c}8rEc`px)6NsBVG<6V9eRuc6s!L70!;p#%!Uqnn z$OuOH53kZI33c&zdC!3YO)6V6I7+6d-*KKc^GXbQ&eU6!I6J+;S*vHMZ&zng?DpAw zCYm0$&gLby;X|}Zqe$={=-P`0&wAJaXE3B-hsHitOn1hYE$(D^d7X97F|r~>`?FR! zKcmSDs>&&qRfi2s$zFAkW! z&nLaXBceYZi*_tVvMJo>5NS> zuLgwvQ04pNMLKTr7+^;p?>xUH$gSv!p)@GJ)Yey%B`;e=#iKKcAZ$TdkJ4CND{9y; zd{I`|C4Yq@erO`Hayr#fMrNAiiO?d4IGm12WOCk1Tm1?A5hUjS@k$W zD_JLsmtWOni4{jwi!2iGmizo02zQ?KSl3@*63PhV(KW%2{fNH5Eew_5!VE==wR0o;MKSESAcc# zM+8Oi6){G#`$B>Lez|{YR_(`^FAQ>^fhAY5K%%Q;0fdY%8pXIE3Ndz6@)`OTp6+u( z6weZ&7^x1RgU{HQtbDSGFj3@S)EaexbTfz;9NbJsIjs;Dtif;R5QlJ{czHH2Y;Y=M zv)~$+7`jBUuH1^>1fmiadP-F2DM6uU1^B#S$G#@i$qRy9a|WZ#32fhWFZ%8DBB3B) zB4}Q9&t9)%_8*cOnq=XP{5p#et`)xA$I>X`Cr?ffnm_)$g-v3MKmOd@`OD7!!IKv+ zrPLahQm>(?n62oqhw=sX=Y@$Yb)B7$do?K4NY(*9ZV2!IgL8K>#cBWtH8}9aK>?4W z)_eGXDc6hwz%{Pnw6~t#@>M z(mXmmIIP>58~Za!2XO6JBt84PCV)^`G1x43t<$i=6kVJW1pY1<|wn^GFuB;pB} zn*P11O4he5%Vx8HavEozh|M_G(2}A}-enoHX_YlZ8W;^!gj>z8O>5(#tPL~csf}pR zP%Enp1Ijqxq*}$b)z(8ho(T<^@)UV`NfhV)7eL_^^^p[P$#P}FPFQ0 zOGaAth&tbmTB{%3hBgBT_ZF%f$S*RyD#mi@m0x3W4Ku69j+mQAyc-2G+JolnC0z#Yu17PLM&EzG9 zTupAb-C|0VRdsZPM;1C6{gBMfC7a1yW*D{PScwCg(}>7AMqLqOaZdJ5pYNRfq*$A; z%~qm9&0dp>=7^Pi;)YIXRclTU*6=l}CWIM_smi3};OOY5moJ)+e>vSd;mgCOvFWey zqIXRoQS}w)mFdz|$#;&i5oBPPOp%90^~Xwon;*G9Ksi&p#d-QF`6f{9Igadjm(Z3? zu;HcI_hm_J3lq3b&D=`21in7jyXtjUsFjMlsQ!891uVwlGy3bq=1pZ)Ic>uE{G4BV z{VXMGZ#k1!)kM3FuE(a;;*~+h)0&yOnk&OZO&U{RX4usCL6(FF4CikWo(oH530p!;!S(9+KB`a zRPUT|eB@#^k118{SQuGtMs@abvYE%N{T&ive68Cx+1@xiEuQWeiJ6ARmq6ri=goo* z`}|3mvp~IVB+wgP$tC0ln1`e|QAIGc7@}UkX4XPIOmO+w9#I}~&=n@c1q4n%$`*(q zcMb)peA5I%iti{t7Hcr@3ZW^%s)M*0Yrw4^9}>rV&p?zv-8$TPOjkn~AY<1yT>mn65WZLld+8G(&=s2JuIDDWbxs_HNPq+UbcpA*o z4iI6>qa^(}#IOWtUYNi1CT`A7EU}x~gqIzU+|{;oc#JQKjq-{YBh-pcU5ND%mr)DU zx^Ohc(gJZGoq{4}2o%iYd@@44Ctt3e!?DqJ&1L27S(?XexSqA6Y+GI$Ky)BC@#?Nx zW9SclsGUfJ)}v!ZCr1!b3mQHg_<>VI=Y5s7`kD3hCUY&<77*8Y)SYsSJ#-{TZbYh*l^+Kppt=Uw0hnD7tNhB_NtUcV#s3Hw zkY*$O(sdNw1xXsqb2EjkVM5QeGQKAr83$#Vx2VIrE;NvMDo;PVr=g?U6Eh>E#k^S4 z784U63mwNp#R7v6-^j`x%hmi=^sT2%XJz(Nu8e0v<%?P?jbwR+RuM`eDqeIy0^H3K z(Y-ZZag*^g-zpI?np^q+Kss-Y+8JKFEHU943@OS9Nn{oFNlf@~4M(($sZKWBkO2G7 z-(5@0JjK_Tx0c~t#C(SCHv$>EsmLLvYwLREU*ESc8}?e)T-auuaDju17|=%2k1{(| z9mZrf4i!uFxl|uL#winA(r32B%J^@_teh~f9j3o0Tj#l>$YFLq9UJZbJ6 z92`CItYj5S@A0UOB+lAr5*|PrUd%OIPeOB9H<4N80>TuT44FStXK!WJTlSlQ1^|@EckVT;4<=!mD!RsznR#lKIT9s3R%=|CJ?tItAMMgl;Gv)IoId%HTQyu0 zwJMxLBCA%wMB#ZxDQYx>52rEDn_?Uh*I^Ih21T~wtzZ(hQa_c2NC@KWk|La*S(d47 zg0BT8x-RaU-+6z~U&;-jP5A|=H1jEHEG|&c2U1)PE{e-h?pao%qS+ha5RXpM_NZNt zZyHGil3H7kw}aOxT!y@bR3t=Sq{o#iOUw4OR;fy4pO{YE(QU5*Jjhq|>BpD>jrARc zXPQK(VL;)dJ?hQhe@n?W6jj%mV;5|Wj37r+#Clsx|rl&!PX3;gkUe(Bxs zR|gkMQksWXn$QOM@DC|Qqq{RsKD5XV)NF zkO|%El7)-5VH5Zo?)CGXSIvX{!#yO*1;TdD?*Nbp??)~$NOBE3fa88NC+hJF@0K}w z!9Y2^%p7&x@O%n)Zar^cZWNyvz+Pt7Je*xCF7ReS&#RGKw1Wr>5<)Mrp>>pnIioLq z-FEH3HZf&h<2O`mvktd!<@FxAz}Rd2d-=2?U_*HaqvK*X0}RH&6->)QV9b1Y zDi~Z+UVN8WFH8+he`Igo+$otL;hhdh#$kY6mSNjNCi6FORP!CJMqnV02!fpSJ#<;} zJT%PVUQ|G=Y%X|H!{!V~#j$`UMk7QNxCyDapwx@lkMFE@y!YhjFMG$${oQ2l#Mld? z?>5C-rB2_kEw4fckt)ocuYWHjnD44g@gEPwP}y=Fprb!1BZN?%wm8M6%5xT-><7sv3*DH!=Q)Fj2I7T3BNn%FKocB5n*0X8fMGj)Lcfl8e?D$tyolqUU%j-w*p^DI4a641!-MEQfX&M2mK>#RQ*T~WZ_T6Z~J zPKJXIK=SZ(nT&A1j3$OInRcA9Ptu-TU6Hf;lA)DWHRx}=29dRbfho&>M>-5Sw9GwG zF#lj-k{)c$DL!Zy?feO|xC1)!;XY|MQ*TJrQI~yfB z-aR@z_~nM=hGY-_jGuYOkQZ)lg*|WFqHa0;ZO-pxwyqrv@|`pB^<=MUvk!+c<0#a5 zT0mac^Yk@x;zS2V$LMEJ5!3p^T+bm#saG7&>(NAIU;j>T{e9xFY@j1p8NX(%$C?UZV_&V*MibT?Znq3 zCc;G7EF}*+ZscTgj!MLf3GzfAMuU*8Ga37mWbb3wFyb-x1|y(!$F)_>#5k{V-ab6+ zY`TcdZukAcu+{djbXbft&H|aZr_%2&^Rjlkg{LSNOI<)*32YY zT%)iHSAcFvS31K%c+Dy1FU1#@ z<>_O_d-wEs=gD4et_Y+$hEu!<_USbe2euc&ucTnEx#&9Nh7~I%)WAU>iGkO4WVQTI zgGI&a4t*7o-8L+_`DTLKApzf}`!HNX{H~Un475*Pz5telJQ{0EIFcg5;Viq+LC;bn z)FSgZ2YA?6{qud)+}6ckpN=&2D}9Y$kkS8j^%EYS@ev4#l2*D6 zs%j2Uk1#o|UT6!nIq756yjn&mf-HPP=bWRo==o+0BjTeKezK_%C?5b0h ztkGU$N~^~KD3{kSlAjpGYV^PXA?nmNzh5E4)Mc_5FmG!7Dp`$E+s@UNsZ)QeFckgP4$#x4kb4PZB+t|Y+KhFocA)XvC~mrN zdfl+kn&~t*Ilqq_8E_MYO8Kv9FuT^ebk?~Bl%cUUTqp0P%Z?Oh*BtlK)Hx61h<4$Ut3RhFF(& zTaGuQ7!U|er*KM=T@d?&!psaCQ%e7SC2Y%)C5<|+Z{}G|XMw+5zBo6U8=9>AElrr? zb9HpvG-As~JM=={W{Ig~1GmR(Ng!BnZZ>>((abIeegzllx?pG=X4R|XfS5=WD{@SqO*DXfPQj3;Ykkp)=~-3=UGa5D@fz=}~7i z4HCwxY}guQ#;3B^t0@=7M&f*M7e;*0j)^`hZ?m+ImOrkbiNaT{NQg*;-O568irL7? zEn?Em&@76S0xNPaB6bDmm|U3LaI7yWKyEyMamk40Q#8t2<3v#=SeCV*kitOR+hS`3 zFRk5Cw=Z$EQ1ofItfbTkX>2l+?U2IW+7Oq=JBQE6P^V^wwVfQ0_bTwkWce7r-g#9w zu{@+5)UA<8oGrSlt>{+8MSGO~4Rav((+)^B?``f?wB|ByMKV5V=pn1@bTg=D#zhi; z8MYdEVu2*VMYwovsfU5a(jS$ZMPRS=}(30&==gy}6{fvG`!>0gZ7? zLW2y)q=XFB2a1cQ&GWxfuy{TrEH=Ks_u&3CKv1E77bv__Q21#^C``wNe;+J>F>QLU zb*hMhahjQ~R09}%sw!tO-hF!FGc>2iy1=@28-P{5t!+gQ8UKjEuaUzgcAy{+8Jt$; zR4_|U^?iC+A-c+R3{BbwWGIvYtP%}yiA}&H4-C*)?Lg{33hQX@D9B*&#m*iae#zbSrL!&uCQYtd zX!p!1nlD>$=(uQ)8_ymihZKglq$Ao}qUNyGNyB(pFMj;xr1@g!+1^Rr;}Ni|iP7kl z$D-zTx6e^EC2+0lVnJ1Z^ax|;i%XIz{7{Gc`1$$X^WeHg*=$IX?Tlv}&XOR|l_=G7 zHni9+cge_$CLOC=325Yeg5jnl;1b0dC9gD!g(^#Lg90z8sK5&*EHIM6qS1#l%o)xTxv-Mk3UR5OLmOD zDdb=Fj!*WF4r>$!KVtAA+*q=)d>3PMu5GNW-dkB)uM><_70iP>>UJ*2N$p8J!Gg() zOW3~MAz=NagC_8E7-)a);gDbdm+4}8FzPH%-aQig7d;LNk4h1hT6FJDq0~n}slk1JJQQ!h= zz|mb}9(J~}tg~%&YwT(p1IiMBIk>cqVfW==m@>cE9otBzJPx2h7n5FYFi<`DdH?js zqnD@2&fzb~&pXG!aG(CNMdS)opr-FrZXDBWV|Zqm_o&q$UrWP-i?Ge-d&f_HghqBA z?;q@+{(@q_)BV%Ky_1vV>Cthr14QunbpOfAgPr5##mnOtM<;vBNpg}BI~!k!;)P?b z8YxIS9Rrcb#88#}zPf$d_(09iZPboY=l$!qIyB(sbBtWlr&y*aWqeSV(%?fr|-lLr1&#)U5oK8GpNfR znj(X9idzE_rE(FhP+cv+kM|VNMs76OY*(?|0!+jO{O%zF7F%4T$S>HFm&pSCnKuOp zSKTZ#VHeB=DrOIG*^;Oi5M)WrV4Pax2g*tz1C*OvH-0lZE{bd}U$j|Y{m77>xY>)% zYBzB3zhwfASYI9(S|joLino}#II5evveYqN(QX1+4et-196f*0+}(S+^YY-d2m}oRG1=d@S@6mEy7vP0rUaYm~BcnsNXI}oX6NK=;(4g z^8m(0?fA^~r~6&D+6mi#Y5g}J?b~vXG2jkSzkLRs-DVY&5 zG0G&UcvuZ2n~ak-oK3pDF{}TwLGpoHVLwUCSV6RDpp=S6MTwG>QxEc9cGhQwdpp<_ zPNyuycrjUzQn~0#x6a4z7%N#FDls#8!<%}cZQMbQq8YM5o^?eC&(biDWk$w7EJDa))QJoRdGze=YNp`4mTolma2KpBBti)k>0t#;SA6fn zNGqzfS1v$|fd%uHnN?%?LqPO`ikE568--#Unm(Ok7NW{apUH9ReDpzcst@fL?JFJ6+gq@gI<=|m(dH&J^dU-{EB=vY56~R(6*Zggco(E~l=EOyVi20~ zz-9ClVsyIa?R)1grj2sd+6%+emPIo|Z-5OxM7QS#QV$62a2^r5LGp*3!V7A#ryo>D6=!ZT2(UD zGPZ6gB6pWG5^EtRzne*wj)mgR_p$u9-x7Cq;95|*C+g9??Lums z-9Uc&d=YD;2wO_-0A?gys_}=(+LZ2H0Gu`Q@u$cQvu?(6v~9JQNR9ECAS6{s6nd`d zGU&N1RyQE{e=h==>QjU4D(z6tDjb06*uij0r)A(HZO#|L&!%FF%tp2TRY7R8XdyFM z-mQb;x`m=k-07j>w2s|fgX#a#BhIZ-vDXMHw_7>jjTZ2WU@uAcA|UXa|Ej>3Y-e%& z4f@qMY&z7q{8e!HD!uaI7rT6oLX}4pUdlT7+MD<&j8T0Y0qm6+8$0SY4X7(Y!aSQH zPjcn4c%^mLaR-zi| zax^)+DIfp3MOIbs;rNlgBT#&1)E_$ z(|9}Tv-7#g)KSRP;lYws^ygqx=L@i@lf$OY7h@B)(E0ku zIwO3V1(`YunK}i?WEbqqv8g}UpGpp)3|d5(D^O)Bz-P_AJ_pLW+MS`R-PX8O*wgN; zJw2VFr>Am^754UY*4|#t&>Q(~6?XM%)~=S=0W&!4#Vd2BHp&~Ajq4b;+I|B=%H1|Y z@0d5sQ`F(nKAy4T*wycpk#dkYkJ;i(3^R=ujfR$5nM-=18;V&J&Cn+9(WOCuiF_)2 z{a$z69Q2ze)5{EPMeep|*JP`@oAyXBY}VAH04+!=+SW>jHBC^885{Z5Mw$ex0UM&o zcSvvg0sYffKAWoQ$uEbeJFhlxXL6;yCjYJ{n3{nCwj{6RUh1uh^7?uyO?usoP7%>j zzv;s|XDg&pew(Mg(%YN9a!JO!bTi&;(`L_=qI|Xg5dVJkX8dN%S77o&o6&?7vG5y9 zwQ>e2TsCTk!ZoADC}vP+$wMdC$+*VabKV58sm$qu%QjhXvbO%cIHJY}&TB+5;95yG zxwzNY5_Rky$IwvxlAC$Sd!qQN!T2HJuqi}adXja3r|e_M^?(WM{9K&;Ys zf?vsURAzQ~^y=uvY4hatIGM{e=h}kBDr_e)EmRFR6b@>in~;b_2640-c%;&9yplth z*z}*qD_Psc!iulr743Xw>D;tqu(#r?Y6|WD-TSaoOg4Tq)^%jaWD+BT;JYUsMcUK3 z1irk_;*tp zqc@D27{`0mmPGS5JAHRBg2qzH5vOXRB}l&jqBI)VgaAo)=#f^gaVwE|qX}(WnR{VA zE!|yzaQ}PgI^HIJebBIGbGF6R+#FK?m`(=(lML91#BmYJ=G4O3*x}{cv{&;ulpS)S zv-B>zOktb3{8Z8+$=GKYG(nv0CLGVh9G_+^X4UMFa-GvfJXhkbUmTt6zry5w6QFDu zHAk3~Of8)2&@oST0~Pe-A-F_#E<|v{)+@RpRVa;vB$(55*o!deW~W%-=t$Hk5F;13xj98+oZ)CIC)j;6i#4oMyuqv*2&W=8Zadh=Gxo zCV5LAQ#o>un{tl1qs+>3wwOi~KIIxg8JU-cp~oarqAnwfm!PyVV^K^g3j?&w))2*P z*48Lb_jL|9JFSFD>sf_K8GCsbxWS88fkmu@~ z*c5SeRvlTnC^s6q#Izy~4TGLSH%E6^Jh53QGctutZnvM47-;VjZy@V5K+=Ij>e-FN zorb$EH5H!mi!!kXc5XL2hhw7EPY08%c+D_Um6?Oqo!@|)&6Po`A^1v zfTL>4T=tm}*QCrjN7!{4BmD!=5y*|Ng-0PL{T>O=V^@5 zl3nT7xl`O?Eh&eEvUY^NVIeL{^}Fr`kV|D5fuS?)+;(Na-atV{!r-$&X3r)a3~X?Y zRGl(l(HJS{OLBS{R_n8?8--u^+ax33`^@;cg19Uq4f~JSwo{4wEOX0SSAK_V*F`?K z5VJ8lk9m&*!z*t-zI$>mq9!`Lq(c)|)ok1bJ^{qEC#^ntgrRe3PC^u~G0V_;$*6-q zsZ1<2Mhwv^v~j|S@KoVv|+a zhPKZ)U6N~rCW`q+UY;DoTln>}{dN58_=WsBI{mS3OonW1d{ICT8Ax+a$Owp(I4pLD zfwPTWe(w4)P~ZFN;(YVb6aaG(g68GXhLOWeP97ipR0BvaXXEA-9BXxDL01k!$_`MU zHg(Diz)B&By4G^WgKEr$uwViwb@RS+IECZAXZ{o_vK>msUlSPrU{PQbHT8VAoa5lAGcl^=@ZuO3kZ!^9YmSNQQ&|WF# zVmP1Q8DEIi5d$%s0F_*2tnSZYqdA7H+nILkx8zA&DwTUsaq0p)YfB_D&IM1dx&Ns? z$;^QAi9m~E0yBtDFRu^A?5?SNDlsP}Q!(@p_BKwiCRUlJR5MGg3ZP)nBGtT4N1PIC zDcN~^bbPvh`0Q3FF`W*WW7cV@Y$`3%fdMe04d#N(C4$*}1@ zJPAciX)N~+Coc$L$9pFyd%Mm3!=v536N)syOkp&o#%^Ja-JR2&eEFw^<)0q!JbMnD zW2BQ;g_U0IoSq&>YIsJXw(8+gaW4f1rnc_R!OuItoD|oO8qwO?yDwiH>_6E#&4bW$ ztFqif0Is^#?0b3xzNDdp-RC~hkQm)j>tQ|Mpylj`M3j+HDxhq`oFa_`wV zNE>)L_`uhUfu#cRnj9v^>s57HRnbN*$c5xi`V!R-I)J0^oPuy8X+k*t=A)}@_s9FE zTh)pOJd+ONN7yeXwRvs@9T12-7G%&x1v^b`5U*>l1{i8`_A znP$pX;WtUWELz0(h=DJ@RwyFRO*-511XjD0lw!LD(w+)1Pk1H)$}wd2;Nk)kv@@S& zUQ!q-h5%W0@fW-6TtSK|X&Tjm;t6OCGf(|a_07M;^~rB|*g^$+(?s9$=cLEPnQ;On zgwqid?=VGmr5TS@ZJvCz`q9&;Cwr&47EChcnpqvroMyLS&04`V62$_|tGqknR)oN4 zp10t9g3m!N9aF@<^$JIqlxyVHHJOjCDi;oyR+rTa%cWhEdYqMs8;@f*0pWQb^4nB0 zvENA>XM(!JgGzECWplY8Y^gAEhxDK3fm=0Mhp<)in<3t|byTWM5o`SD zKqfUQ)B?;>=^!f=M_rZ6h!srJoY2UmWipftdA`CPC<8j1vm!#6mJ_-P&NbKWV*FXW z!;!&A3w<;dA``U_>77xkj)IugnKq*xaH0&npDrnv80$SUsdKi!T({;K_!S1cY;YWS z=ge|zo9mmcE)ukd*^VR@>=uW{QYgm5lZuFTV!ov^5*+ShsXf~fB^1ui*QDXeZ^)t{ zdq;rVnWh?Nl2F6832Ta_JpnHz#ZjjeT_fP<8w~D7#}g7)%=1;dDRIqH*IfI|eSg*& zTggi;TFwk)RA#RWq$8yS-9K)g{_;YCWfV|br;gK5QuI*YhJ=U{L5A2eaXz-VQlS{X zSZJ?Aj_;sXd;L?;%;(Aj=F-|b%_FC?mvqz@^96TGr0&vrB?TL`7?S0?P=6@jg=+=7 zu(;=CP^3o6F;ssQ9S`g8`g9S5!T#Fe%qnoHFz&A9#O0%44cihQ=+W# z+5ssv2xh(r0voi`3CWkU=2ffHJ=a$=&v%~fKhfX+M!vYdq^`b0tNwSC+|76I!p}YU zpZS8&{x%;uRi1A7r>6%y&rWJ2-;;Px(!B`xPJe?`BzBh;%dM;P9&@T;VJ$@sj=E|K zDhR}Dq=Wp0*%E4KQ^E0ghhUi_L@y&fSphJ z1RFaMVta>tIo3SyrL8`2)x$}4S*!8YQav$WuO{R4W0M<@5Kp8RqW8KPE{Mfyky1Px zJAme3G6rHte5@pBjr1352n6m+Am-QIwAW_teYOF7icEMglnBcl*lIW#*T#b;0TOnI ztPN5h{toc3Vf-&CQKy`Hh1Recrmc`ocGe==K2B?FMzLkmoV$~e&$g^4s&8`ZtE((P ztC;uZPk;RRef}7Q=*IHh74v&(JQ(z{l}TUaHn|uqpMP#2tMKRk#s>bo_Tb*C{+B+j z-M#y#we`EJ_a8jCe|PP{pH|n`HrDR_DOvrR6D|5PLDnNl{v_Fr3d>FV{%`sRgni6m zY5Z61%|Rfxb7GQKa@p-%_O2C|&(|1(e(xIFQMKTaT6XEB&MCdrU3?p6m@3RIC9Ql> zJ}GSA3$jOH^)Jd5wceB_e0$cc^R8QEzO%glF#D9U6 zlqiqnzX9B3+I^4F2om)5n{l-${1aUXj1?faI4{Pyq3^_kb;Rm!DI3YXKPRW@75b0A z=%EL~QgSlEx_9rcHj>AKY>b7T?<7F7*4CER?yf#)Bri{P%ye=jv`QKNzU%hc0`j4p z%*&UL)JxbwE8W5QxaYr~^Z^UPqTNov)yr2$9xHe|Zg&U%t1Do$bA?*4@w|8B8;~p3 z>z?`VP!i~mBO|#Urdj?qG6i9ycvFGz+{-z4Uk7c>sSgga{(CYZ$5&PC0q}yYha^xC z@DhB-h!TdE=c{UXB-l@|Qer=~W%3UCTq@=l6Jd{ZU{$=-OjGv)*_T`wHi_Y6*hWU0 z+T!7GD>rNv|52@y^vJvxHD!iuSg|JXV$7hK3%38JNVw$nMXD*RJjtk`H-6&!?czV? zV$Bq#t7J(jMrQ-Z+pS@~wuGUYEIp!6M2GQ5UAm(wP}A_RDi`-K_4wI4*j4 z$lme#r6y}m_vlZ{Mjt8eAIpT@yUZc{wY+mHj<^A^Z&(g3EgmnJ{nr+e3@8$3^y_v| zw7~7$xoTyoD3V)!q;{yGcR#k1Uz6qW`({SJ*BbQD=cm==(^gfi3PFnf&|)tV3B?KT zfZ&g>p(_wcxF-^0yPa0Mt=~41ll^D^{c``bXoeDU^np6%=(a)yfVMm`Q06@D5IYJU)8)>_;iaZSEhQ9=j$l47?lS?5DUFJhr{W&j~R&ce3Q@ zC(|=VJ?Zu*tmoE=nzb@k!*WHzN9;_kE;jVdi}~Swvf4unM_G2#$(e<;-d&n}S1S95 zPmj=}gWC59Ip5)@V~#Qdw5;ED03W8K?x5X3aQ)94%LG*!Cdk+@6WDJMu@-`qBjgM+ zw^nOT`A*PN2L|a0>=s0uTy@l0^#Mr7}4Hu56x(T(c~2u!wj|C&`U$ubgovuEKs$?RnlDLva zD_^RHxb}c!{b*OK*?j!V>0a~bcz5qOaX9A)Taou2`Cy~VS1RzvT5YM<9rYfBO*5rS7z$r^u~iPv%hfXN zP`=a$WFPq(1M@kkFd5d$5Qo*w0N^=NG_J6+U@aR_?+ z7}$N_t1FlE-r8Kae$2#pEZOxH><5(Iai26!5uX(M@ojZ=bQ4KtbjJJ#j`h^9`(@GLlZGjzq z%vH4Cw0Ye~9FP_QV;(HGVB-(LL(ru7nAB7YVeeuW0Q5cRf5CleBmst)z8Qn+4h3bB z(l)y{`OOA1h(Iiu3+^Z0RdrGU#n#Os_!z@&3x13KhvEaadJ}^`!$C$7L=E0BULt}3 zVM?B8;g}l*mV@2`zdDl0lW?%3bxSp&phNGJRTpc@GRhEw)I~B5vHdEl(!}Xj5iyp> zdC--s*2ku_A=}(ol;CgdTz+yPWAA})P>63L->RR*95!c)06pQq+R|ar#~sD33`VA< zqR*~jJq<&7urlFJ!FNZiUf;iW@9zD#yaK51ko}it=fICra0`JDR}BDL08U3cJs>a8 zKOW&R_GAb#1xyEN4*Mvt%V$lqVxn989WzgtL9L`deV6*YC7C=If{v6vnZ;RzorKOV z1Rv{(e$4>{%MA@?A$L2R9j8cHntzRP!3;TC@TX#eGLmf*#+wN=(IBF@^m3NP71#ad z@F=`>{3|5GC!AS52fXS786RiT$DHO=a!Ar9xw zE#_EfRwY+lj^x;BTM6K>fN^=fF_K}W-J>2)pj`Q5dw>^A2zJh65AR{5!3(p0EuZ5y zy*5=>you&1G)LnzA^z>)%RWzG zGvkkYfZgVMgb~As%$6XO_|O{K7YsJ-0G%uZhR|C<_j&GERd3=~If;NR3ER@2ZM#0V zM5rSp>DUKbI3Sb>P-q~(O`(@+n)b>|!XtVgeXd%4FfPSF3SPhUzFf3JKrn${u$QL| z`YpGb{J?jRVMRGY{p-30pFvGISP=u1O5$9hff^^f8x$_gg5r7W-fWn=%~z2W6@o zaQ4l$fVDRaJxwb?NsqlNJNj^huyYj`^)SDgf{P|PZAq7jN4v88rm1GE)_ zY<)V&*1rs7>v52|u59`BV5T89&IIwWkpSY}XP&^_uQ7qJkP^ z<3VL(Ca7%843&+q0hO?k&wxr<6F1#R8@Q1~L-^0WlltS&xBF9a|NFf4E=6Ygi~A_Q z|6O0bzxIIde;;hzeXt7e*B)%#fAGis@3;8#-Oc_~zf0^N71-WSSLcdA`J1+14eBJ1 zv1!UU`;YDrB@J{sN`gAcGyM?*-MHir!fiL`0s!yqRDL|tIGd8tj32rl8^T_fsf+y! zx+>NoY0a9EYE{HI(y$8OtRi}gUV0=<70vfo=>ch+_DJank@a@+;+ve!Ms zaU`|N@p!novNE2$Yqk1aywzX%_>UD@7HK_gQ`OUfU?Are$+ffuXCCZx$q)c@T$ zF4E>J6rnGdgR6Ad>ZF^A!2AL>gT_J-5jxp$FedO10qPsem*cCRR2T2oQA(E#gVD8Z z=NuTU<<4Nx>7}l!zd+}M{zbPl8F9i$9wRT>Ip=^f1v8LD(zYxX=7@4|jp8eetO#NC zryRy=06*WEvRT*in>F{E3{6saLMKs0Z2RelbVN^Q=@^YwU~|@p0@MQ9aptR%6&yyhn6|`sGLJl| zZ7kovXJOJ#-$S(_Ump&%sSxE(fwn#jM(;4)d3*4o-y5{rGN2(|W_8E$oeZOst;_}S z?p{JIasQq}*yMzh8X;`Vv93`kM`H1! zg$HILw`9qO%kKH5SFP3SU^c!>vXU|u1CANMivt@=4-*HPvo&`pyN2k%wW(*+@hl;8 zaFwC$s(0FN)9G8iIkS``d%1M2NsXcjXZ4UN`z&Tm9qHJrB@}49p#lveioCSCLB%eO zk|%a!KouI&$`})yB4hTxI~w!}tJ;G!qhz+yKF@*pDJByhN9C5+63)WGSc^4k5?6$~ zsM2%5%OoevE1Aec$U}YTW|xVCZRSO!kiCQ~L9Z~ZQR|$K9QdjR;SdWD2|#1f0?=-h zk^P~`2}E64K%C*0c2vP705+L^1lAz@OOp*Xsuc|fl`U8e)=Z5$a$|gH$Hn}!E2c-| z4P{wC>d-o5lV(I}{h38T7y_~hW_?jF;grTt}iadNtI zaFAn3R?fQpYSp>7H;*3werDq* zk4Wt+4Vs;mH<{4C5juZDktUKK0JKNz=4o*|`G2*&SEt82O@32{XSWV;TJ1KU?jM*i zx)>_@Wc&UGjsd>NMaqt7QtFOQ$>Vd-awFWr+SrrU4k{+}VmJj!Hmhzg0P2mYjU!5jDSkEuYAV2$!lG$&RG6%SL`=8#!#z zEDep#|6)jD4wXDs$UIBwDp?d47B5~EVh+sF#+*WY(p~|5s7MQDn!@UM!bDdGXC(ET zl`Ks5A@zMQfJO=_s+en=2CDzBM)qOJoY&(h{rjYgi7~X;gwZg2*&tyHiuPPx#;it8 z(rYLk85z~SIOo)Ydf4HR1Da4c9XtHb?m0G%9j!)G$s>Hp$1=Dycmk_JUpKVFftP?n zD%~=CIH@Yd*#me%JcAoF>IO*T4bpbOXE@Mc-`%pKrEz)^mO+J9EI+D+Zv!X-EMJ@b z6_S9DXvhnh0|uY6)9^Y&l;k|W|L<4*;Zs9oP$)sHxGx&QEJ!+3^H_fI#4R$wd!7P!XSgKSjXf3$rEI`4t6c~#oU;B5!S-uKz@KO!aV*<_pvdT8ACh7h;K4OeqOB_ zIb+j6^4x*6pb5>ytF=_G&;7}HgRNGDE^o@DZ?y0RPG)FtTq;)?op&5;dZ)v*o`S}! zRU?#b8bm4ue28oSTrH$+dT=~API1joKbO5C(4eqOK{ zX6Q9s4IVH9A{0S4BRlClwz~k~Vv_1+beI-s@kvyxz8JOXi&Y_Ly^sEmtyX;@V$&BY z%6CAHx8KaM`_md2_>~8RbI{-NQ`qpE*(hmdqp%r&Cf+3cM%1UU4R;{nAr!EAGaf== zt?&@iii}OqLDDx(ET705U(jiMvJRCrir3mR_X7}YGrA3l`LH( z3m{+=Fj1zS-04*1-y)`~a`g_)vX+LV%CZ_nK=kvWt`hm`S_!{?bNi1H`ycPD`;tDU z#DBQEy0IF@f4H~yNBoCx^5>h!e_a0~n!_K_9R3rdIe6ss|5_Z#(%1nuJcS><0&TP@ zO{uwTRS-ffANE?;i11>+hd77&DF7TAFiQc?A0v@$-COy#adl161dBq$K&FNRG_wJU z2F+0?(mH->%7tuOHOuKFDQykKJ|owv$*Adt&4VwE1T%|Xp(#x6o75WgCRgO%>>^Lv zxtQpap=*&XKrf)N7pFfS@9pe1pT9iad)3@O+&|slIoSW}-Z6X7Q3On~V8ebd7$?5*llV?8zpYqp6GB0K7I-ndD&VXCHuAQ9j z0+FG+yu%|-!e`PG+C~y;SYoj?%$2j`_4$6)WG55=nN%6_2y^}(W6s$yX70U=Z21GS zwmpt07=WPF8(sMju!~ufUyGPe@OHAXrNg0}2W~%DGq>!R+{8uWOoKYs2`^rGY1_Ey z*(P*#a%c?ND8R5quO$rtZ#>Rv0md>4f)QM`KC&l+K$pjiPBIK7@}qhEmclIF`Rz_4 zxwC?QE#Y5p-rTVP7SZFq-R*QSgTRDRnxID*<`B$=KtkD@(S~US1j1XNHNiiqZ1c%; zEO`9jn#3F)y}D8=3G{Q)L&Db^L}Oc?h`VGIPxKWYB1d#t99rU~L>9 z4U`g1>k{w}w<$JI|;rp0HRxIi%Q>u54`0BY;MWW zbsVjeECewk%1ewii#zLTa(>B&>;+z5z(C20snzFG5wHTbV21p}<)kAiyfC>0F?7o| z3$&f(?PP6rmGb~#7)0~>7Qvjhy_qGAW0y=%IPPuoH`K*r0#x2`l+$|H?ZXM~Ix-Cc zXw1ZdR@Ho^@D^ubv5{3rujgFs&7>yFzO+R7Stesd=h~g^I~)~No;7;&@3$&`r{F@+ zL~_Rqtok;&z0m8mSLpA#hPMaoR?{yLVq30$a{De+ynTDl7KgO}XfsA)$%~5~W~_kI z7g#qPIyLIX=tXe6NyZERuqn!TkuQZwYa)j;!Ay@Vq=7|eX2Vh;bk~j_%!Mf~K7|pS z|CNDbLITglW-3X)r%p7UenaB3jMIOaDI>Aq5g8sLS_*@#dZ3U{tDlET5<}LaQx57B z@3nxpq|t7bW>j%ej5RNpi)0*xEhdtj;b8Gq1D>xqRF;aqgI_2%to^n1f1H1-uuxMw z*~fmL{Mg7bv30M|&cX5XM#$xH8Z85| z3EP5A%4KW7v4e2k1TG%qJlh6T1ZN*R{0{Tq`no6TEQ~%)-k%u-knaz&UYZVT^C1S# zTNJcGq^S<#3~osh25|>dc;_&st!>x@Tqaw75x#im*nG^h(U2REhp$K+;;EVPqYFbP zmz*&YLOGE1Oc-U4XsA%ifkc30og-DV2W0ren!mct!#tY3bnU({DB0-TM7?SQ<4f#~jT9pxc~Q6> zop0qnpxyy1QKHt@tElkJUQ=AdHvB_R6gtl89=Pwj>%UjucfG#X`Dxu7*WKcA-QW1V z#`VA(*L`nX_q=g!@Y9AjpL^bX?tAlj;Lpd72DToCy6C(04nFlKSA506c~oogoIHAz zd|yv~1IDpN&m6hCo;-XA?}H9FDxF(W??XZ3>l^vj@r%>b?8%p_)G+dSS7R)v{tzsA$@%NObZHnm7RLw|L|9DK&N;Vyu8qT)-bzt9h!sT>QS!UuY1pT z*Zt@F8+A9m{ljpAjpX!~7khS^7HzzVViB6?4d%x)c-?(VdBKCJz-yU`Kccn!Dm)i$ z&w5be?s^adEckwZLq|^hYN5JH_krl+`1W6G4>s=I|AYVk7Jt6E z{nuLK4=b=gq>TSqDZ>!e&;TrwNGF<6cie^(Z-#6=k^DaeNq8cecxTTP6wRtLJ!22{ zfY}D7X6@;9ue#%`zz}VgOg7rdMZY(mKJlzKOcgP%6NlCx0fKT3PEljbYFHw`3kJ-b z0h|QI%-J%Z<$8{5s_4p+qLkAD$IGT4X;3p2#R&Yf6ucU|pQ%BLDikfKlb3MpdA^5I zpUuDvzS3CZ-)MO8Pdp;^Ef_h)e3x+lAkke|=OdTj*{?7jyi5BMlbU~X!U{5Js#bnY z=4x}mK_30oJbJNr*nE7v^W>+!(*|ae{nViEb@~3}0H~ZQV7|}KOM#ukT{z~<>)(De z?H;SQx8&vFk#3@4x;T1{4zKq8f0>rCu)KrPNd;g2{Nw)VUi0L|&XYY=<;^&eO7ZXT zaS7(OntU?B_dRHVxNCrgKLu7fs4@acNqHzLn|>Tpqz9NEW-07q0OQ4|-2Y&b@D^Tv@-tFE77S`UN{lyDm%??9F^p8=ApO`q zZ((${R_{7XM^&9>;spKVF@iqjmQWbo!A!=8c+%hklV=iRIo$_ds2h}Cv37DY&GE=$ zwzi-nD*#DkY)eYsCu6FLWnf;7-D)@fBgw-qBOM zAjL!5NJx4cb>A-2Bi;}%t+Cj|`Ee6mmj3zGux6=dP?4wJkTlcbM`OCM%K3HAU=`nO z$)Jly5THHPv=z-n(R!2Y$I4nV1{1c@c5d{Xc*4Lc){yk$RvDKUvkNo0>C#th{6=KN zh|yeX29wNfxGs$odcOBuuHUJIV1lXT`rPk#$K4h%uBk<`6#phZo)Jw}9=~s~sj9=P z3S*5yGS9MrA3W5VyJPZ8YcN+_E4K_5x-82%+~XD~A$8Vmr-Ha<_<)KM2=4<!5rq{)v)BcShU zNBCQUy4I*ozn1V9bWWqIm@OwyG&Ms(0W|Ps!3UI^gP|S^t`CIT7Qf;A+q|C?2w{@@ zhtE7iZORjprtb<52O;aN_q2UvI6~fe`M1^KA{FU8nApizQ%cNxwC^ZVraa zG&g9C+WNJyJpPTvdzWlUR9_9jKNUhI?s6uWX)<9Lbn{2Jq61UVqYCx4twqFJ!B1FX20DOG=d7S z8*47Hm8M8UX*40)GMaQ}@ap7kAA2>L+u*h(jGzyXJJAUI^@h{Y3@*>}GN4bvT< zav%zumv38H#h(0fc)Ih-*fbsv`b)s+XJd+ii>WBz%-zo3py5@6QgapT4l25x%zJ(P z4tQWmtNUWfpXm-^|q*(}YRH zR!@(Rf8d@P!tc@|@|fB3)|@J8L*e-v9;zO&;8EG zJIgZx%xASH!&*4_E^(TA@-p@*6VK0_6f#nI)|vB!D|2d18+uJ|HhFSW_@o3@niJD# zH#2AI9e$?@jbz@z&%sFyy;tj%O1|gMKz~m|_PO|9{}TMS`*$-q?5bR9vs%bCYJSY8 z?nMVBLIs z2pL!lbp(61P5c@Cr+0jKT3hgE#ZKb&Kb9qd5=>lUWEk z+Bw`sQ+oH}=-4QC3J3m~ryCERkr|gIJmo}8b5uTW~(pN$s{?#BM&ta$$Aal$- zi}X8ux1+>)(lqdaK;MK9%yML_kt{3-7bycHwqD2pnm}d0Oe0~QimA9qi$!5LcM$JUJxDb38>bhVNDpZRc-^;wN@X5Nj- zRAI*~PFSl<;EDDyo5&-pp@bfH4uq4EvLN*Y9d6x#dk~_tLwtD1hW|@)*&^H^dQLD4 z()+Y`&3bi{B1Q{2eF;~brKFTX3kj^v8GuoRZ3}Z7-HcOT@OLxl1{*Z6we}BnP2rMxBh0jig2!f?1QUe&aHa>*qRB%<&zA#a@jhLq~>w;2P^Cg853zA z3FJDS=;ld(ok9pA-6&w(Zj0D9hrHA6Ho-x+&Szf%HE{H{OfburkV@P({SAmYk0)eA zM2ib()A8qqr{m6NQ`GG969=X-~z&7CKw`$vZ;{y3Hdqtf^mGJI8JnHW44Jxd_` zYFJikfA1CLNhoUGx3Gz{u5E|%jX!^J`b%Nc$~-65u(dSGHT(SNFNFhEhCPu+tyPk4 zQ%ROyQ`!(H(w4JaG6=MwzZ+ujUINKi?K9zLTovl?@uF5os#`5okE&Aj*RGeh%c8N> z$hB2c+;UTvX)Z3xthlHu%Zk0{V(-g}$>tM2zOa}u@A!|pO<2omSBy%o$xvG1Rz%G9t(z=B_p1ul4$W(QMrFGW?PDc7*LlvvbO!(L;Ol z^U)y7k}C|5f;Pk0i^=>6To%?%@W02sR{x!RrJTT$@Q&Yf`|U2J)kI74@BBoS%T|~t zgEoO`#I8-dYdPCDXZ0o~v2zU%e02?eV_+>{OL^1s>Df;0Ktuqk=^ho~)&Z*!K}_+` zUQd45t=nxFgs4PzyZS9^0x}8}S}ScWJ?i#hq)U&^CKt=uxOs&ZzVpdRbN}h{(=98x zQY$1#>#F#?iUoyXczB#eMjaGvr$cJfmK;n*O?X&( zL|?+oRJ{AqE8#AG0-cMK;N6ib@;lQG%LdE87T6iU(>^FY#EKD2Db*uI@?^DdnhYcg z9p#{)1!J?V^Fe>y?N2D4QG}+Lu9;NMM`;`rC2TAl@MzLE6v8mvYB4@3tbb~3i6t%0 zxnmgx=~;PTY=EIh~ zrm(!D2>$3--=c}$mRLmTg0{IOI94yRbR4qNjl^zN?0#|4RNYQIkVS@TCTw;yub;MH zW1o(~EvsD>V&|17WO2)i2leYYdzeOGu-@>^(i?VZk*!S@VAHTg5$%W^S@4zWHzN(R zQG{uPAiDQUwtCUV_C;39En2m9jA3*#Y~l7UW)!E>Y~PyEZRhCTv+_lhl$#KJNC_#T zRI)(7b9@J3I@8Pkz$M7xb^hcB>y-lk++nTdhSlnQXkBOjjG;--6JSlthX`}{mm8%g z>^{*+?`OeJbhrKHh_IV%C-&iK6h}FF-amh2YZ|&QyX}<@1~!-iSrs~&kEtDL? zbSCx^^bCldD+{Gqr9U3@dMF42Q95fRYfde>aOOKM;5)4KFj>W@(D?Jwc2ZkAIKV&+ zch~DtRXq=SlZvCo8wjSOR=<3sgmbVh^85I9Ntht{Pt%B>51Wd%RYjGmVsbw&t}o2*Lb^H!x3 ztctT2fc4^=iju2+=4<#0L!21sCPOX)Dsu6^V3l*;7IRz=_Qiz3{6YX3L^b=CuH07N z8ucuFHcl{3-AMJgwb1T1=&i0=k_v@tUQ=Z05s!+8Z%i8WsGVjs3f9i=3)YSXYsZ4M zqXyVfVD03=+9?8SX9`$5Ay_-p!P>E474-MO+PMK(e}8ms1i*Dj+xZ$;8(o&Q8J1-l zx_5H;-kAa6J8_IxucIqAbtf=O(QSVlexjJbsH+(xVEI}@J8K7p9Bb71*7L~k=&AFt z%jA|VKaX#|AhF#uh|zj;csxzTdxQqF|TP1 zZ}B?cu|LI^`KBqVm9#D}9t}-a%ppi^&bAYVlL#!pawEhDL6ptg7+UBdX33)@YJqk{ zovQ9A)K7Pmjcq%|M8l3=cfwY$#&W~hYUIZ%gQbqTY&q5KGh1iJNgp32s}JDMl(F6( zU@HN0*r0E*0k~x@pwqU1rPHcPA)U5mmL6FHYjhN%OZw*Xqussc(Ua3HuizE$%`4uK z>H}bh3#MU-x`&lMQRf}?fo)49P>y15EIKtu;>>WQp zp(^+T+I~Iy@bOhPe!GawE0%n#cVT{q@ScRO?2c4I!<0>x1N=e&a@o+Lk>iWx?45c< zPdeVyuM+W%pLLyN6QCv)_vhq}7&Dm{o$$pVe9@8}4VVm+0GRxAlwEd*hLpjRP1Ata zqbSFR5_k*P)yyX7eRpx+F(A`(K{%zSDx+mHL5jQxn1%UNdg3cR0T6sShx}|3{ zdOH~1S%v1m;4ZxTwh<0m;4x(T%!zWk&;f7 zbY3I=W{6o}OYKl!!Ii#LKDO7v#ikYI+^a7g2mGpRuPsM95?wbSIZiho610Z~MQ~Na zXs&Xme`%PJ52%3j@AE%GKb zJ+T1z@F9-xx5Pf(#V4NQylq@jdq*yk0H&{ii>Dg3S}+o}M&C$9mEva_EOL)q??8l4FD_D4!(6Z?hGO|*9T2xL%INuc07M2B@*{r9(lJG2%?4M( z@yp_>Q%$1<00V~sqY0*7H@6hUm5Bfg(!|bIB|ijmE3KpljSw5=lm9h<{LLK2p>PoJ z&NDR{&T_Waf#c7&{@eB}RY3sAR|UT0e@)#_zQJ0uhj#i?Y+uNfKWh2nd;kj0DyjQb z4=ZERO-;)YZ+{C#qnw9YX|$cJ$IdLCesF00BOMJ8#kG2<;LP$4MHETICwry!#V)2@(1N&*>~5(DRkH#|xj-?TSnRV3 zJ2c1SoPfz2gaEr`^MtI=z8T+}Ij&s*Vztis5IFXmi%Fx37l)&(A&NiPe@o8nNj&F&=e09n{4UF0ePT8w52_`Ot#TP_EmD z?RL%efkrQ<8d*4gJUSTAcdki|wkPCT!TTF&02Ts)0)&9}vOh#agg#@Cz{=xoHq}+GVQ=Y7W>hQho0Z6|I9m3jL8FPfYKp3e zC~}G^1MdY&x9VacOA&z53IT~8Ssjj1b?sLRL(i_A8j}Nc%Wv`)HHll&Jxe31kA>h= zcB(+Y(>})`fG!&Jk;31?Q#977WqNvp!Mn*&Lk53(dJTv8;g-;BlN`wA+)uUzJt(w` zDQ$mv+z09JZvI~2ye5Mhc4OR((EdFc?_;PgtzSD&#m4&`yLMzz5ArQ0%zMtDQv_}Pw>cc~?$^(~s) z7R76(Vs&HER$K=;;i?yEh!JXTSqYuKb6%vZE$pJVUnC#WJIIi6lA!=pgb>WDxv=d_ zAehmAlt@r>fq{I>ZxEkD`J_4b1E6KeWJplKapa&(2;B`3*yzhVb(!gd)(jb9oReEg z6_Ng9ciiCGF#q>l0TUQyaAb|}pARW{4R;1`;-O^(@_}Q?xh0ISuHPDsI0F)I+Fsha zP&f`}2C!ovQsR9(0~*PK^hU(VLKoAiP0ln~k_rq~OvgoND9ORlEw+D0Fpsn;gm~~u zs(Iv-R~b5q6olV3&bjPL9-_CI4w=={<8=ouqnm5w?oi)lzX@H3rs%xaq`UrY`73v%Kh>D$h@WX4Tkt0W#%yK=Z*BUZNu zhQ?%cd|kpLoK{x+o67Y6DkRmT(@qMgvr0%}I2uNxf6){+!WV}~`q?U6(kIa+HS3AZ z_PS6MCPchc(&}MEf@^%D$Oux9>Lu^HEr26KP_4|ZS&=~IAj1_@h`u!Vp%8@cfc)>u zp+k#NOu4q)TU?9Zwj+ySb@o=oLf|vuFeL7uiIVvI`ynJtwFVu{?45-BABuwk&gGFz zu|4HThJSh2LOMf~I+1EQ>4QKZ7h;zW0X^Xv1bkc$MhT}LKEkczP5v|2EcD3{TTGmQycEnaaCvv zgX9n9fa4ma{cJLlnP(};y>zMI&&h>X=@0tmq5?Qd%u$DGcMNiOfx2=E z59%nI4jl?z?}gB%kx~Aw5ykt%_ZXNc9j5SCf84t!P;eN>uyU5BnXm3oFv7Bt1nB@l zB9$5eJiND2n%Ws+*4U786tbq`0)HhpiytGAL+n|_n@nfPVJaLmABVF^2zywO&x>4g zDn-xvHqjCOP$A|R6Q{<~<8R23#stUcpQ`SdqVSc*_e`-OG;9sqn3AbbQQ-gOxr z%W`|1$^A%%w&)ml6L$==Gr@+D`D3;T3a?rBc1gtr1tFpL}-IX)=H29+<7 z!Ki(sN)l$x6OGxIhri1lungyu5j9RAn8U{`?OkXD@)#w34KG0d9icq7>DC3_@zMUC zu(n9ahOqW#ZA-qGYc~A76|k9N7YT)6(4{66GZ{UUkRmcKoebL)L~Js0NN^`J+zDMF z@sWbFC6>bQaL~4XPF$$w2xn85?x2UsDC5}P(ls4nT!pg7V-k0GUeXuUa;Pb-4BxEs z-G`l0qP{yln7aP(lw);6JqXfv|HrIUp$x_Qi(i^X7DO+W!2r{*fxggLp?)QTUeOZb zEyXBRnFaDFQFs$#eX|#YaH}DD=aC6<7-w$(ZK;akw|`H{659wfk(M0YPL5Om>V_^k zWO0K#j$oe{(aYZ|s58*)P(={Qp;qx$GVC2zp*@5@EV1(oW8+4BsYeniSal`X!f0tp zj^-IPpn z*70M&la8Uk)~MZd^0FrkOet%Q7aNgv%jm#NJznr8>tla)x}sKifXL*a{NQNGQy6Rt(%>?fTE?_@3N=qn*Yp5p#uVCb(5s054 zoF3V`weA=?Ff1q~vgRhR@Dh{;$@IpHY0UDAV5`Kq0^sL(ctb$^#kAHf74MaIlt~Ll zRjf{ox>_c4u!fiHxIF;0WM~E;)V#|@_v6xJ$kl=BCzf$E`eBcw0V$17hmf(c(6wxc zJ6f%7tUd5GW5jE)ZHr|l14l2zo{UqvruG=nsQhW9Eh;sG_$K9)NtJmM5$Bv>JGGmf zWG5w+rB&FG!IB~_>GzQQ80Np5_@^0%{FGp-QJ8VG&`2+ky#?E*z3qTebR*NAS}f z^A=iI|DUy0Y^ieRioZVhzpk%RRq+OU=6}4q8V{esMNHZ;wn}qhl@@T&>_f6ZFtvf1 z;20Q;lucgRM;BgKliRgH-^8SDJ3-i@f4O_HC_dNR0iBx9o6nB-c24(>c|&4JcKLTM zT&jVGVT((#77zALPNL0)1^51&{1`@~{(x1Vz~P;u+L!V-p?xE&e>on@Icd%)L9R7N zZ?j`1gWko$6WGqDXs>1C;nix=(RQ+TymR=BtbJ>y@^*4?aCG>r`F!UUPBHg-|B!8g zD`@}04dMMUw&BXI)~&&YikF2p6c?D`7rjj0%Wq~X;7NSfMy#5yiot~WlF;IdYVdF{ zPB-yo@`nGv3 z4*k?&u}*AOjD8!n!!C{m`CanQXXHg`HuyGR)H((t;Ez|X-1D+>?_9Z`qUEZ_cf0+1 zEeKqsrgZ8>J>s2#gu}%rnN#v8tJO&&^`mJ()0@?3*o^Y7c+fFG68VB^ju=gG0Ox|_ zz@EjkrMo02V-TGeC~2=!+E8)V3a~5EwIYo;s4X!;N4m3RX(-Opd?BlBk49r(_Rat( z3Df3zq0943kqyPQ$*E|uPWMhuo1P0A&t;XY#3?L;sh$I(rDVbF3ct7BVUFMwc!qI- zrALO=nz@_zvQ`Y8YK3Pju0S&{AT{cFMSji#x>n@a^Vg3lIiGlxOPF&9S)T%bIjfaf z)>2LfY)Y-=S6)g=DTb*XZkeNQdYi|zTy`fXwTF%5Q6pJuB#U*@!TFKDqOOL?G#ISC zH7Da2Kw#~6fWX>Ugn;0Eu#M=o-9=KUa1+sY^gm_~1#x>YuQ{^;A!e|F1dHSG!H5%w zZA6?nvfnVq^U;79#_xa(qmLZ{=;>h%<*G*VeCPDZkB#KX(JlyCZ}c|A@85mbyl{aS z>^7U89}1fK75>BXl*S^tNyw#=x^&q|#DQ&L1X*9Jbr?giWIqZDxhqF}{hCg5bQEB~8 zGC9wQjXu;X)9^dDpuG8Be{3YzZ<88vmcXNqKcI8qN8)0yvAJ&lyf;AwPMy*|Rq`uL zoc#24hJ7N3cd*{2XHj%OLedx8$-(~2K63C+@Iplo(W<9>c!&iCFd1tNho?8(% zHuQe;Jm0*UM$hB9z)kUi^XFuo;3N}Yu5s^8V$+9w%8_k@L_AngeC-?@G!G7cA}o^P z7k%0gA-CZXN@{~7pQnefv^!90h9eMn*nfKFb}$* zfnwlA8whHb&mr1E2SeJ=R2@nNbtf~|o#g70t?!iDk}9j3=XkyVV{IFskGHmoFTh^g z#uwnQZR3kD*#qhq;Ijto7htt*<_mG#w)5E-Zd>?lJa-_u0k$)@dy49V0*2Tytx!am zR{A-{tAp3b(*24YKAK&e96f<$Q- z`4L~8>sR|vkKonNyjpD}tN8QNR!osbZIla7?x-cCYZ-*;~HR3h_U3nD8N^sM}Ayp-ByiZd0<-)b!yR_~9C zN^8a!x^u8pw5o&vj2L)}H@qY2B%QC@=ZI*?pU(>AQFg(kMt4%CW64UjEXuS9+n{hZ zlT@pkPDhiH&Ew_-#lD=q^ORi4(-z(xPVf5y%YAw0tA6K%0aN?ty+@gQKXdP~3_MCZ z>Br`n3_CkHouhoM+sgtjRjhO*85zour_# zrP5ovP_-9vS?hu+N7W4dFHdf+HZ?;~gtKOc)&Bhu}``9|Q7+mY1Y z{lS*JNL^It94dsnn$+^pN{yQeRPMPzKQb+s*c;>X-XKeBC#Snd zFHf6K_Yd|Ck7V%?GH5Ai8?*5jd=(IemZ^ zz+YGu3brOPew{ZX*{wy|m$1&{==FlFD+MIWNpg%=&;ksy@bxAx&cQryJ-2G5Js?n9 z6oPY;=mx(KBwS4Ht*u*7n6k&MilwT!e#k-%fPH zs@Hg!+t?aDe@aA8Aq|>N)P*Aq06#97Dm*MP+0kkVoXLk)cRZwQh_pTF@(y++5T5Y% zwGii}32y@>a*y%z{!?7+z1CWlP6Z_gQCb2z*^JUVM2GH@=ef6zR z;1Oqqz?(IvLjw*ABt0B8o~KE)m<#F1UgoOKJN@>c*%?kh?EUMI%&wuDLMv}foMb3p zfjEs)Hq^uo*`+|_v@hrJ2P_OytCe>8ex*O@^%6svoG+_BnJmqs^95%!7y^4eXX^uD zIcgs7{(Nk7)fesQbjlLI{XxsG_BOz{K`VM1BQ&Z^%di zy%(C9r}#fa2|h)_-ZZrJyY59hy+}^}`{mBbk55mUr^h=__B@BP_T*~V6mcG@wF!Lu zafsF_@V5yjfxnj?85w%#^yqo>^p_XngjR)`2z9&76Qtt1Mi__B&yNN%Ae_AteBXe8!|*LEvX{$kYX;E^m9>|=2aGRKwT{JXfU4K2}7 zF)5-YT@d7k4m(bMG2fB(cN_xvwcqYu7_f}HW$TQz9r=*rre~w9Njv|Xz}MXn9zEVi4Rm- zSF6t!M6R~8DDrVYSN2|&)eS4oR*MlrRZ}m@>M?Stdg?`4J%u9yg!J1fFv>R&yezAq zuRLo_L?>0vK9<#)_;n_;)L|skvvV)X>LLHcXeu`mjo=E&lp9U3+-k#U_gSA{RtUB3 z{Mjhr{qL+jll`uGG0Ji&ha5MT6W-fv1->k;C7--IuUPgRc?gNSImV!wr^h?bp6?x= zHu>g|dem35tSV7m%b5vPB^!XPxthOz%+)qMXR7OyNDHcOtRiQc**$|L-Ok}rbGD|K zIjQsq&3v1!-iOw8wlv97ukD?KpLc#aq4sBLo12NW-yZbGO9h?41ZL=`B3&?4U=oFW z;q?Yca#@N5`pMDr7sq=iCwsf)U?#UuubD~TYv|?Sj7`Znxq8qfof$9pcO&R#k%spJ zrHZGNc`j+ZcS1dzrIn6trITxg2lGsiX1%Z-H=IsxJXg#haAq!PX~}EKG-I;@HgvAP z#B42O>~LdoPLX^|bUz-Z&GPmavXL~DzZ4CnU}G}LT3Ty3{V07!67#27{}@fv#`4`2 z^LuGL81%9gQk!37%jYvUR`6#P{@mZ#z<<{s+*{TE!k-7LcUM>cw6=a1|E%7(2A-Bk5#%J8(xo~(m1J|*OT?tRlsZb`!4;xL4V()zwguE59sgj z>F+<|-)pN4YzBT%#Wkw9wn1s)c|DSY!K8!Uln-Tr{>w~ac`)iMPu@L}q0lUbqd{lX zy29DuB|?%7F2)~PqjW2|9!$sy6m{mPwKzi+c$YE;tPIGD8g_s8;u_zPS10LM(eE}h z%GYOyFRf?!i^&=0yFcijr~M3X8!*iK5MO4O0JbvjJTBB##H#7z;h$Nmkd_*4CER z?&2||5YXKT@V?4sH+Z{^5?zfi=X4Z> zd{_kxj?s`iPqqiMfz&FTl#|*bU7SrB4f|;{PR{8P-MO1K)JY(3fhhD+RA^dbvme~g zO?PAPeD8E;cjt7cd9wdkj8$Fb5MgkbQ15&*j`vdP1|Pu5m-skEnHU@k^E@oRSatrI zRX;4X?Ro$3bBa|)zFO;3mv zx^bSNZ_=nE&U;mpCQ!5U;`4_@uk|tV1<;jmZw1&uv=9h3osA6mkt|UNABiHvEh^h7 zF-PFqHkhvUFD_r7WDyt0fY{#HSHgwz^RaW2Zl5&WWF>0>0nynBNC(&uPfk1W`WJny zL6y?`Thc;a~Y%FNZK9s0XCOqVV z#CNmJ!+)l%MZ)fd+xVPw=iElvt!cEXn?M+Ne`-=VnJkwE%MkS}lGW_%`FU657D6EN z@h!-~PL_jou_$yK#A~GXCpFwjBUNifL zDB^Kr^tMLCCM;LmE1?rC;YZS)(S?Y-$gZ#CnNO01cKY5cfOFK(7u}12-vUg*HsKEi z#DB&T?^KgGS&UC|fbni5Nk+nOdo8&jg|wtiLx~7E*+x>VCAad+de+KPZ{-qvgL{)M z&}(xc)@{mGUj2Bx*ZW9uAMEcCyV#bSzmjFCixrVCOs7(A{bATI_YY4oRL+)(&nEu7 z*o@rCU({^4qg=C0UJGYK(xN)JxK|#t2`;9xOjCj|YQRm1Np5WDvY20cF%MmGPm!d6?G0pT+H>*2G+(=C`NgzIzsmJl0ZhAsjTA0!RoGqIf{X9GTD_ zfR)~W78xk!wBa_)aYL>V=Y!E`G90saM1?`P$RIY6NB1vmG+E?eY%aYkkjBVJjz=w` zCUu`s_f?YxxsPI}FhRfo#X*VlxZ!OGN$HN&RWCo50 zh-^(qR;=%hhhU05mLL+qW-!vV-UC-gV`lK%yn#H!tJF<{({fmJYK<{0fTROaRrt__ zJwP^cNFy-5C4(;QOn?nn@pI)&WubrC{PDla;!^xi;d`p}TY{0)a>jX;-}tNknDC(F z)8}>fKhPlkM^CvGtK@hTCIN1dEjN~{OMFVEHRmc zs)U2=1JVaOY7E&spsa!z)6NB`lUT7IBn=MQBf7IYV>&B7dGI0E>C1 z7tbEUG|g0DONsC#!0+xK3v>VD-p=mcaV>VlH8}T>1f#~Fxuk25NV+CQH85ezQdtc0 zY**L|+2vI$l_>8g(SBVI%j%;DI?3$)9oP;Hvy}t&!=zvz_3|4DciqZ@+eVsvai+-J zK@@=bU^X~oQySDgf%Pmv>*b+l!(+nW&tSW=17q_S3D>3gMMtQ+45qXS}A@mst&&5*A=b%{*&mQlb z?D=>m1BNY(J+d)&A*(C~)Rd8dPKEzsE^Ii+x?>w*6UC#CY%GH8^hcxFsc9LnUZ`TA zvcc}y~xx6bQz3ZBVvOB&pbYgMaG-!}6ho~R`ojBxlJp^#ctJSda0G8Bz zO{vi8CMr_s|G;hA;02Y6+S7~MeD70qfzfbt*RPd47fC`Bqx(w#jfLy4C>y+|*f{pI?JUuyMH@zY|@pqMtIL01rwr zjH!eK8LoV)?gVV~ygf09ixblv4mrMb@}l>!yfmc(o~7M2D!hTSxrtD}As6-Hj@_c$5XV z;0Sovnj-bQE$m%)U6SiX7Hp~-eQU~!9ZXrWoIX*nSw(wim-2>RXZa$$;s2qv%L6HT zzPnz#Ij7~KE!R#z@?C~x8P_z$ZhiRtB~-9l$*m4A&hFkTkMv_dk#X={i}1#4pF5C3 z!iK#PVbi_DiCPluk;ex=?e6`>9Ma*}CqEvmujNE6egBnqLCsml+=M!W{d?3QoY+D6 zybo?L@!mgs=J^5mgfUdFK0TUgUftpOSDThIWxBziyFvmLEac%rKhi z-sv}AGG}b|yDixbX7*JV?X#vfWziCyQ_I-jzU-s*P2U&?A)kMn%y>fe#4W34h+Mx! zk0i=?3+IxFJV8bSl%o=_h#Vvu+#@uXQLp`!wbxVv8y5>zbhiNb*gjwyGKst@MZsCh z;{_BZ=`&_ZWU5Eq;b@FCjzq^GLD;)@a>F1u4-@Z^7QmTFCktf#M7E>WTy+M^QVHx& z(V}!LPi57(RrQR)<91DNlV%fr7|6${*-UD+R*!_6x)=b zaO|PUKk-4bEKkTj>;lgGq-Fa^s1=?)EXi$^uau|1WSY2(j7o#-U zSYA!ex}7C9KK|%Zy=@gY4g+Q-1}p-fzDpwg_y|QSwNYz!oEGge^TxHuQo# z4WQ5Nl@?gH+sn5#yB(mX4P<}T`lo+RH|vIV*Dg2L+-wrZh&Jm3~D9} zG9;He#6yc>nhq#WwaU{h&MV!vpn|FGhIdat=dUwf66tgRnc09l~J7qW}v%U!C`b%k6#R2UoaHrZGE)?AkBNuLMicd(0Q>UgBh+B&k;Gq(NIT&3M?{5Am3jNQCK z=Kh9#yxKWEJ)X6La2`TmjT?i{j_59RG@)EylqEIN+fF2~kDxd&l*zi9o1qH)6Yr9` zqkaP8ISJB-$7t|9)fLDp%71n46#rp%`_^7xswQ#MlI4|yc&Y3G-AlHPusE9RV z!5=M_A5XhoUW39xRnAzlq_t{pzy zHtk1FZh!oLySCb}3|0wa-G0$krAr10vpAJfJO!~sAfIGB(?icz^crzjQ>N;4 zwNI6UJ=BJi>{8VyXPUaiv2FzZ#x#ruUzw}?J>G?ryD7X3v_>V@mfUNy=wxY(;N3jf zJH(qB3_f3?T8a)sQr6(afORVF6oYm1__lJ6!NE>)c}<+3u=4x0*M3{MgzbqjdWmo0 z#R3F?Y18WZjuV`BJE>M}t_kZPlOM3yLDl5atH8x_Az5bwG_=|I-&#Q_EFnB(uA@Sa z1a=}eKDb1)ZDeojxVfEp&boE95-J$P58gen|7}y^M;Pi5Y{$4ityx22@j=L8LHYvL z-;i~-FH$x@g^N<1(I3~vUkCwN=$Tt4nAk>cCUKCSIT(N!&_b}CRBM3?u!%fzOOrM0 zwFgMoY!CW$BW`wxLDD3S5`2lAze1Lq{Q@}gP5&h?i`{_iU39rDNoDz}w-70gJrE{B zzslT4@NZQ^W>3f>qjDwyTN-vk0o{-p6t?uzlB{zc4!~y~|56MF{2&)DL1zo{3BO&X zSLefPYQ=;xDQb~~SuSX=<*9vF`L+MqC9A2FKpT%6+=4#%u1Ntc5;Wfi-Tt_lbJa=I z$jtyRm%THSOPEuWpWHoB?69kajXLV`6Nz}WTrUbZ;?3A#jAJHFe3%ziG5sMwEW2ht zM4bk}Y$#wtq6a=wP~U|qN28X?8ANx*6nqXi9S#eE)XgwcvtKp2Nc?DsK~%wAjO_At zh!IX48|}_gs`gqczg6dOuBBg`=;RuTM+DhY_g!SnWIiY>Vx>KCU#F(5%LV<3u-2Y{ zW?&E-emz`fd?1w4uT^N%7Pm1@zcfBpbeXRY#cv zVLv3)R$z|+X%p8(IYS#BUA?vABeMyGvN6?;r94g}QlN@Z_q|SEw4KkmTM0lPKNxa_ zKJ$Et4c0p){FNzK*hZCoqQXVF!TI6*+rQux39(ikCaVP}Ne=U3^Z2(sU*fyutqQ^J z1jER26T@198_ZOT|F+|M;b}Tw~?7p*}SA|H; za@>5bKjUNN=k&D)3(F5$8G5tB#Z%+ipn$qPd!We6+);9HboA597aqNFs_}wT#MIH8 zy{j~ZvsWy+q0wyWbtscq z+z5C{K94LHAYhC%mtbL}ncVeWNPATrSK8NhuyQ#b&PAlebCirxE#u9LTDtYgfwciqVLYTc50y5q9%Mb+O$Zp$&^5_wuRzI zuwM|eR_?rJ3Tj&nR8RF+Tx>{*V5QG5yqvqaIC%peA)t5)kL7}_QF3!ubTO8@{r1YD zc~$8Z+E!WEWfu_JXUxcr;@~GaY+bFKt}q|Xa68}9(bK0Vd#5*Q%mh0t3GHmdd&HHO z{*@#}(RO#*C&s@Z;`Xq-yzFv{*DyR4-H zO~p>qg614NeBHF2PO)C0;b1GM;hyz}_;CdD)-yn&v}=`CR<%Btl2? zB&$*sSX)z4MMNF_)VE|<+>uR9F}1!f2uAM%D?%=l?FfcfUEqjWVl5`W{l@CfX%+Ip z5@+wk5BwY)O*Vc?J~E+K#gGG4+Fr(c1zr3UUDmx_O74bLyt^b_OMeI}=~Kk3q(2bP zq{0kLfk7lZV;K;7H-SR$^T5#iEI9O{fRL->;JnJ&@*oAc<#@hgxHTdiRS_H-NrCwe z^NR5cOT)<*8DS*VO1M!gxifJ|*(`X>sFR8#G2=NPsb5@0%n77o30FKVg-bq7g4cuT z))#zBr53998RpjlFF}eN@9jVnWvm^1O3Y(&L50dy2T^W^(J78Oxz29{K6fksl|bl3 zlPF%S%SiJ->U zOY`|hUe7=Bdj3b{^~_OM&hN?li#A_ZoD9+JmDG8Z)d53Epu6i5pvN_?)!pTferiw^ zo@npMPrwGO7kpwTGxh^g3a!Wcr~I;kiPtKgO(fN;<1mxwt&b{Q%LF}P(CxN^KVUey zE?@5Np5S2a-Oqn}W-csYn=vt?)f-_H(bD4^neI_Yw1ivn-eY z)+zg#V|OBDqRf1xocO12uHBD)LSOaRC+8K_Tr2+G8+2kHX}LGQ&%N&tFsyySmyZ2J zZz@;sV6n#Ct26=ZpnuU7OUVpqScOz?VPz}SH)~$JWNP_=+pG7YFF9aaO|ixW|Giyl z|8=L}eW~`kVBP&9vBCN!@|VcK{pKRB3|r^#B;ZP6G`QFvk^pfbws}e)Pw~$YEc0*4 zFnsmx4ab&CDG?u|QRr=MhsxQMKwlHGJ@6ihdoP#6s9UvNI* ze#U5@H$|x+u-d=PEQ7?xKzv{-<&&@EkEKWq-G5&Q1o2*ZH=6)@TfK|*Hy${Zxz-Sd<*?=4Q;o23+63B%~6CJivDvoHeRD49^^NgeQx^!m^i4)K!W@S)DR-NjHN zskrJvO#lhy3}t;Y5UWl)hMu4bMhk`!i@G?b-sMoT7&RC5w8+N5gtIO4yEz=tgQaiI zMDl&B=Y5g*HIa816uO{e7sIxBw}vqY>dCKf!YsWsJpK0h-gB~(gz~e*`fc6?dK$dtEH%-oL{l< zMk#{C_2OLf!HnC3O5a;8oq|PoE`0y{vces|^nKi?#ieswgDc^>7FUX!QenjhxTA_I zMm=(|-uLUJ0EoDKQLXPSBt8|Q3oyFc|{4O7N_8;X{byuTRy{>*tp|9KXS-gp3i-JN+=%eRW> zvly&w@gDf6tU*Nm@p~-7`h!^(;oiNQEke1RXx+TXp0Z3@%B|P>+6+v9N#ysnrF^B= zEL;i+A23bA4?$MWP1+^9Z+O$v$=@7HXPy02Omr)|TEaz#v!6k&pjc@qEtW!o0+;+A zKoFH)Aq>>USuNW(R>E1k3lo~U_NCHG4oFTLQq1@hK{~Y{3aFk9MqtU+TD_11{qgAd z^duBnC@Ka5%WC+#d*ZZ3cjT0~l<4Wf;Itx)BVf9hP~t`Mn_V{a1zraAG%t#5B&0 z@?r33scQB+!2z32R=zqoXv8-H2-PS9Nf;?jqsR|&O_Zs%PHZrGUvRcS|y<&)z0_Fq18y>{gTP8Q6}Wp(ZKTfP1{ZXRpm z=8+pAMl(R)iF^4^sEowVmCEWYM%QbfX@`aO{=?A#Z!FooKW3PyYMr7CI zD|DhYI$o78Gsyn;nrqDLCqG896WaJvGwy#^*nDkc?tgPQ{N5(r|7PGRHvgPri)_t2 z?|LSuzlVkKzZpnB)6RItmDpU5P_o%ASl4E=U|pNpf_3dC7OZPGv0z;*uwc#OM}b*t z{&=&trZX5Du0>zo#Mp4H^y3YT4cE%P-N4vzt?b(kjSbhPeZPUR;ab_Z8<+^@mdtNw zM!SMFC*A#v85WdUiiob8O3iKou;wdJKIf*vHE|OQfVD5Y-&mXBej~qG3Z-DXVyM(C zgtNYd`(Db;ZYc0Arkvl`g;Tco|1;=uqu2l6Vm@)&Qmo7fuk~k`TkiV#Tg)p@=L+ZK z?19QJenUmhy&K%qegFN8S6<&5opWTo5KO_n_r{EuzZ-YU?oS--%b}UOZNh8M4XYlz zsaj)Q)EdRy$$Ejidd%y};~qUG^jkQsM@Ra#xcBdG%)RGod`3oWwm#%@UE#lh{^Z|m3I6H&lj&ws|3@G?#Y6ih5G`}rF5zOnidXjf zY&xy=nRQz0H_>UW-$bXiKC4b^eP&nd^_g9**QdBz7bEu!?#t1AHI+{B9d4w@&-d>B zA}{XXayc@v>AusY9ZuIfu18`tb&O$Mv#rH_$t-mwmgT-f?}}_Z#RP*UP@$ z#L0QR^y3XQn7PHDaYSVeMLy2r@$IT6(elw4oV!(PHH^ndwL9mW7-3xKrF4VpI*5hWX!_Dt7`Kf62*$y{THk9+A z`5k5@{Ng{&gJ!yc`tLIJkYB!u+4l_2VRxsyGUn`l6>}PJlfEy@*R&&Fzp)*8oZSoz zo!3ikyVt*}9r+A>eHARD%^>1!RUNmt%;G7+Kw?Bpj^x|J(OcsnGm3?RpIRci8 zctva80K9tFrA*sUtaVOwuFBpn6e5db_p9(!CUn-Y*E+|F6kn^)ce-?mizO-Ol?qms zv4wi~B5BeLn@7h$$uX%BJnugPIv?DhH_8L!Aw?r6 zcPRSxFsbom7G*N>esLSxrJb|TURr_*3)$kL3~YkQv~X6*qen@N=TV1+nTG+aB@Z7O zc;fb3Scx+bfyM*#Wx=_J&#R;XF);mSr`-9M`eP1>NdBjf|7d;~wT8oVw0!a9{g!_eRX5)kNi*HsdS3;)IEM8RVdCukZ}{Kqw{TAXTCMyF&3u1 zo#hLi{`m6wV^uO60=pU%JAv(>#=|M>slZyz+`H;SoJB5G+UCl4LJ)i-s z-2t$yZRwBgE?GXbK;V*;$E)`HMQ_mZO2As2r_{(QMwec3#N=YqXA27WectNz935j~ z1iPd)%9ulkMFb*q_0AGw#9iDjSR^H?we%`+%PdV;;`IR}h+%r(y?`N_){#bLjQVMN z6N*)qUI8BP51hdg&Q6m*J7P}LnNg)j+p9^NvQ8gp%b?TmQXEP;B`Qnnk%GDy64e0`_Yd%#oKdD=te7Nl8eOGO{yM3p z%bjI-4@_vcjU#GZrLeqpncLxDoNh8*vNHtsGQ-7AM>rD&SX}3nyKN6ZjtA<6Z46sk z2ECuZqp?ESNpEaVGP8~}PCOwjELJXn)JiO13`UIPsXe(GHf51&^%$D)0fiDWUU znmPt69*nL44KpB&q;x>ah7?u>BzEzPm&Hog;x~-JbkBkTEadywZyWRxexKK?zj8!| zu9zw$3uvhz>EMB^oL>!VRB07z%@JD7)m4&WD245SJh3iWi!X*i4aZm+c!5y^N!eyX z6_cxOM$qFu=_e(=pe)B*CMz+H0(Kg8z4jJge*i8ft%)5)a%(%e^Jevq=@SH;u1GgP z|GICNX%n>hN6mf*HQP@EUm zc?hEiJfWc`kCL_3)hSSRBb4K()k!U+g_#51bQR|6ib5~Ya@h*t-_fH@>~6iU?r5x- zbuyEx5#;MhjWk|VyN-L4f6O>DkS^|waTXSXMy+!>c_w`zZg9fs=`$@hg%eU5C*GRf zWX7un({(cI zrU6QNFF&$L1tnugHF-?G1f79 z)Aj)MWaA|eIPkosQB0F*wG3pyo^*11xU^ z#sK_WFiD=F8~y|Vi6f=#4_8Cf9pH>X1Z+{8)Q-b_+Hd%7g&2@0F6NY@J{2`9k!Yk!{k zz;kB@)}mAwnUIG$*hoCV(nAoDz+XMt6qAg01jz3r;#mR9KmH@(dtKD_unLDOum4XU zbsz8+e=e^7Pp!YW1{5)=APQ8FW4pM>@(a4ed{G1pKpI&a-A7(6i4s>VV+$=x`5N&` z^?H3)5O(oG2DZEvy$t+B@vpdxI7p;8L&m~7*RKVcf|df-a$*|V``99NitU(1!w2_n z-^Nq``1joh%k(5Q*72dZXXxwh`cHU`41az9Q<9F)m&94vJ%*h9qEU11+sF>}Az=Odx~ zAspMUi^w2{PkVq|BhAE<>O6NLuJ8;aeQa5KbpzSD`YI8GA%gWda!3L_5szo zCPIPufNEUWXlR=)+JB|~OMuPA3y=};T6CnKiGV1B3bj_UlWFVnRxZR-(q}~rU?Y|` zC{8!MxPX<3Y0)Ob0)AVM2Q>&ZNPN6zrkiqc1ym5#e}hrC)9oX$u!Rm?I*jp%pw1Z> zDV(p+1m@`)O5(ppI1JdYJO(p>7#(ynfDtK7hlYlm;RGr*qgib5txgejbl_+Nz(bB6 zD6$2?XRyf3aOdBxC*2h0r7Fz>z;SV3@n2q0kMgJ4t2^fWQ79@<$#%Y{Z807}3yH=#usVTwKRfseL-lK7B^ zJMzZ)i>T>pYu2zKNFO~)x-cL#Y$M^MNKfqb!dhY{aONwm`br&-!H&v5v_oN&w}?;_ zA3kKHg+j)hqouc4bjY#pw0n_v>}JDW>)P(}ud}Oz#cP;tPP3!cq5BWn^k23uXWW$@ za+EPF{%*YCW-Qx_!b5-IPMl#Q5?H2e!`XJ>%{O5HWb8>I zDqpZ+;fu7z`d%{{*jII{-Sxh_89$}X45%j?cGHwKMQ&$v-Zho_>S)3z-r_KTTWSQZ z7ZB7hOh-mY7a?E9WXpQ{_gm14PnDaC_7v8r)$3-KuXB9@w9*SLG1ls?sd8Cct5#=b zTyQKx#}rFgX+P zocPC9_$9NSh`@;NwHD0_BvXSEJg|LOve-lotfSJ0x>EI85?J(P|8A$**!<2$=Z(a2Tn$Ou5o+>? z=xGa*ME;Omm~Z5RgD(H0p>=+Kb~obeY-Rd%E-T;1qa~B={3j&x&e;)L(||6c8k; z!y{aJB>bn`WHZQVfLyuBKx(FaG(M}DT0$8Sduhy1e%yQVQ}fC36ZENK`#Qn`;hCkD zFymNj-tWJW_&cAe2aQHH&CySe6}n}Y7mXq0x1GwP#BZAkg~AAX1}M7`?CO?u_4wt} z=HBt~(Q$z+rbkd0$uvQB_GmI5PR1fYkgnsRH~6reB*(m~(6krWfBBvbTjwd)TyYA~ zRiiwx(~{!17*DZ7IG)aj*EQaAVZlZYB3fz^yM&;GrU1g+@8JD9T^rFx&4iOl#89na zjCi#sjd^;bLT3if*evpX7nYtMU@4&9))b-xoRm*?a-_ym8u|r5R%Az!8GPFuBVLN* z3{e(-iEXO46R3KB1KtCqd)=!pirmllo*(Q#-#w_H3}wKRBlcw*ZI9^P&jhhMZp4iW*MJ6v3ioVI%$mn zm}Ar5j1w{C;w`n-;D6T}%gf91`%r{|NaZ)MvSz6T0C0^fTW3BvME*tyKd)NtlrN`&PX7UlOqg!|=8hhnNL2qI? z-AKq>84$O1f1|jw#JdZ9Xn#H`8{f;!D~i{?ILB9i4Fz?ePp6kfU=zj5pCb%LY9({h*6+9&Jw9VD8A#-m7qhTclw~LE7tahjQ!S zMnrhxOd1MWvK9_>|H6H@dKq4ha=ZGbeoWT91ucbU4Fz}fW#GBNwLRU}L-PfL(UBG{8MZ2ATtCz1%#>Jt-VCYwP)f!*s z3IW&Rzk{Q{pL0meJ0G^Y7&9U=lIvlbcaxvCjIacI7kR!W zeq(`2SGF?MWC%DXrNZ9ihpH@ZRDELGnn;F`m8j_p&9EJ)Pj%&zOx`*5slAC&-+HWD1BYMrCeVmtww85rVvaog+cm zsf$!(n#P{5THSuwtJh_g{@rzpr7;1z?orK?B`)bN2Rzf=jJ>QD!;^y*=VquHj{|ka z^)x_rz2m&3L(^HXycrz7Z2n6=i6A}p#@!_Xi0hwl4o);Yz{Y7m(mQu#13%3KXqxuC zgN8rLj3Ms^L8s>^wg?sgT*T{~fJ(#{?)QvKx{e(oFmNmC+7!t3J_}5__lvOiNcYmQk4$Wut>JKeW4x9j zm{?+EW5C;s(R&Mo77}b=z`DbfZ2f@n0;39S7;OY9q>y`p-}*q7hipR$$mzMx67+wz*d zPnAyTVgkyO`EdtF-^MSh4Zee!Hxr}VRAVDzD{^bVhxqmC#z%+>ZYN8|3MB(p`~0#- zJfplK=d-Wg;&cVUykH<$ZpZzGsxXt~; z(_`1I=sC<%;ymTi^j(##dpAY&_dm`ScY=X(HKi=8p+n(B- zhUJQak6iy)|HrfRyoGKk!oZ;B9~n~tOx-za`EZnFN6q~$vycqMkf&pxQ85@D;C@PB z0&NG`VLIv#+6{!u|GcrnQ zpKJKybJ8)?<`s8rFwt&Ki(;Sth|=|K{*>tdCVeY{eZ(vepREg=s{h+q58{8V-Ctk* zL;v?J{;>YCwts`x125W;JfW6dFnPPsC2aM z}HU?u7;L_g>bOWTA<7;BJs!Qu&Il_fLWo8p_mdLJ52DcGu1%&A|OIF`f zBVkt&--?Y_OIc<1F{T3`)JMFqv_nC=LDc3Z^KQNbBeX|*y8jB0?&K#U7$~GdZdRJR zwH;P{d9uewRF3@?%PxhkxK3t3@fO7Jt8eXXfGuVSJH+*8f+A*vg}jUQFT}MjgDDen(T|7mjC3`Zm|{rI;4Fuu!DJ%K#C>w?+HyDPa%$@Zu%+Be;4YH4rMLsqnciw{iu*`x zP;ios&~@E}9R)Q{VL^xztF;qAH`Ij4yyiMt>JOH<3)NCcBu|fD?(rvQ)97LA$%`kr z(cG)u|9*LNT9?jX6ZyDJ-Xq}#G&0p~nLugLcR zaE(Uq5FFjsiOn(gMeOr|p3&HmEm#9OB~H>P8?!nP#=P-U9fa|LE%(9r7NM(uxP4&v zG;B$+jgpmUU1RUC{Q=p|8E>HFr$KBIM=ihJxvGu8IYm}mL7_qr#;Ef=S>>FOq`sZ&Sz|6(P@Ce`b@J(t8G;X&o zT#YfR-Dq>-l+;KrCL?FAstU-)65@ug&3MYW?N% zIGp4x>I8!g2Jt-DHu24ZTf{eHb_%ytV(RrU5|0)X;Vnl@0BSO0dZP&Z!#`8>e_~JZ z`F%{+|E+GWJ=iGP|81;4xY7T8jn7}QZXffM(uQyS=(Gv?`>WdrO16O;E5REb;h#%K zDCCwEgGNV}e#pkHL7&ghE%!>yz0zR|3*a4G_`(^!aYfPPbuVB_D=RBgiqp+qsWfJF zLOS6zFvo|${5o<$zcAGfhI7Xnl;@{2NPg#3S)~q~dEcXC5vu*=FI1D#4gr74H`}Y4 zqN%c%Qko<(9*YfwMv;(n9@+IZIIC7^TvNsp(#Gmu%CNVMCR1DGRCrSWSz+eJFN@LNG9C-q(A%^HSc@ zV0ElBhKe4mNJKAEpuSg0{Z>wLz01T`tF>Af%A(bhnM5ZNZ04K%TmNpKIqv_LH~-N5 zU+WKm(JSWvT3=hg;s3wJ=j-49ul}`plVR+J+y9eu`0*tU zr*428U<^Zzt$w)G>wRFu&%(%>S{&8Eg_qW-KqER7>ziPqG1#NgZgrz3jDzT3S@&v7 znm|jqVq%X_EaM%7LT)q;Lx1H#Ew}a7!`q5eK_C4sr?3;)67cvqjC!|If~B1qLUU@C zuO^*+^pVlo7k=Ido^K6AmxX zJ_T>&DrGDYA`IdbF~{AY6arHf&|Q#Vp&Xjm;Tin@@Ynk7aELHV4rLxEHc`N=zV!in zn9ew>@DK=__2BT)=gq_%FtoiHd5ZD9R)k5PqOL0d zxIKwA!v6$ks93rwUU6}21a~(HXJya)-eB-+RJ+3d1st}ta1aO;K_yg@-(6?ptM`DbF^U`1+yE`=W_@mgFW zyC{~pz-RQ5%Sx)ySTp>JwlaGh#e0%Oe&{XaK>cj@uyy?FtDQ&Uu~Z-h=xZG8h9zFv z$8H6n1X}=xtB37YEgm(Yc7rQq#w5s1f$~xp-yGgD0{Zt3+wrCDLwOhOIV>RNtQFR* zRLG@h{8)m`-VEUMW<#e}0iL~oFZf6S`Z)_K&v*BBra@(tp3MLXl!(FPaOcGr0SO)* zEv2?vM$f;Pc`_dQ#A1A(B&*4zQoG45rSxI00qKj|E%r3e`iSf8{G&|1r*YN=1b55h zBAzpO@`TC-Z+n9?;ajEllP5{Bz`S^qbJ9L_OO%<&G3CGC)!@HNx_;N+m9_G=L`0dk zEoWn3uL1@4Zg6mZ94wCTQ?aqw&X>STEy2IP`AkHeLLSTLdGzbcz1{tv7(>g*8@!Gq zaDH{s%lhwT;INd6p|SQcA0|sfUe}?(lVQl>uDJ-)riu+MJ%t_gk{x&9jRK`1+)YlX zqrA|=E8kDkE*0Za5LA3B$kgqd{i$^`C4<`+=EBMXy z{VaYneIMmFq1{g*+#_o5OH6%l`rP+sPrf&M_PvVf?|s4fUym7leo#T_jt-vwv~%oU z`kq%m0p0~zPU&{f_FDnxYeVrQl#NC9TikTR>LFTv7Wdw3aeI(Io3}vTO=LU>;j0qC@P!ca;Rd386mH;6%Nm- zX@g}lI-Dg`iehW|ipQFIRcRbhMQRavrAbAoROJ;&c?QA(FiYT)R8b%_2Q=9?^zd{t za%x8RP;@fDuQm9Gz7Q=CJ)cnS3VM8IpP%{X7ovFK7ou^YH@aW>jc!*RW^NKCpd}cW z;w}F;+0ZEW;wi$JoJ3`eSJV{w1~B7Y#yK7*{eFtBoi5{=RT64`!|X$vYbvZhY#h#G zo{i7B3Ys7EQcQ0vX%4Nk8K*n9t!kpFp7h8>0d<1QYdFNL?+PSivUTRL)qUrJ5`^Iw zye()(i+Xa^jxxA(??g4D#j2rpbPjc78T0%S=+5yDDvP9+Bm!!Q9Cam{R>cLcaAj4s zS$oyWE+-p48WBJGE|IL~(Ah#vTPEj8Vcyy#2D%4ADY+i(M#0A`l7WsR(o_-;y7=)> z5CZ(as0Z{N%DnIAB9fI`wlpqFma@Z@49N|H*hmK^Ar&%S+6um?S}gR__s};+Bl5}J zllA)#2&)neu*g-O;0vEz0uggE97{3}2C^%>yev0OWeD?~P9=cxg`D2SsVtdy_rf%6 z(Rq{)C-$%6S*3iP0n;j#Gf8^FS-Kn+RGpoqs%AoMn0}n><}1GmUk74NCHjQ8aFyK3 zh3C;5I=V(^DsQ5}Ds{X%tn-!Nj)6-E`yjuRS>Y6Kg|p#SB8$m4o5l#BR+B@OuUYBb zaumCn6dMv5DQvBnuu4OWibErM2x=cz_?=CCjO%FR1Qgh~!^Lw4%ork*AnVU%-h`9k zWKtI1Zpkak2e)$3wVBa?Q!CjOoKZ(^Li{QR<%2|;eiMecYOZ;Mv&Zch&DP{bLDBo= zNyFd9`Z%-BxCgj|ymdx@H|ukn?qGZiYgEx6w4lCP>_iN9C?Ez1DUlkUugp4pf2gAcMmJuuZ5U2xno)~?8ws&d>MLTzg07g}a3x~YG1HbMj3g3Ru_(-`q#=>4Ch!!7 z2wUK^@P;Ewh0jj0U5b~eiOML}u{Zam-_2wRRa^XHON(-VA@D}DCejQ&lCV+>6-`l?{7SKTW-p}-J)4`VTnRVnTcnqm(C{MZ6*wZi5SGj$+25Mv@Ovox&=qn za}N=g_5pv7-A~btOXLNal8`liPLY~K5aDp!{ufZs)71Y2f;k$udOmEN#0f=HxAcRL zxXGhh;;7zoxx$6RXrmkxv^Tlv=lU9hhVvR1ai1eODdr0zpGgux98S|cXt76l$B!rg z!5Dh!wVb^V;1@q3{=`0@flF%Fa0MqLQ=dmuFiu_Lryx?uA8G8i6!=3T;D!$BLqY)Xv5tbbf27E~w9|1j4 z8-~KHrD=>M>uwZ9%N|tw90*85a;a`^d*lUjMMHQaKS`h%icLt!G||f5mU8sSB~kII zR|fq~SWs*-W*5XTl_v3zpdh_8JCP?ioQ&%cv}$sUDdJ$=HB&$RFdkC!s9-jvm=9)S zG9A^a5^n7fEV9E5Oo@tFP~s{DljMv@!6eJwn&o~Ibcs9=Gvu}63dzL6-Z)oh2>nKB zDJT8t^nDU52J=}O1v7!xL%P)ZRM3WKSHQdJz!Ov|w=A100z~TOZ5i9cVU(A323TQ zoUg>fW(yz(}3W>_h<#Jx4ME?IeqmL~~yBzqgb; zMKwo96>*wdjtV8`X|IEt4@o}-GS|4}l>qfn<0Fb5`%u*cY;UO~3R?iAe7e1dYRTiB z){jWt#YLASLrFbH52!!f{7{7&l}F-i311Q6E8ZlJ6LB{VnggEiy;E*bhJiv~xHF5- z!n)Gzb%8j7v+I5Oxj+mDj3X)z7@vi(D^6$2C5A1-ZrakkWjl{ZbDs`J^QgG;kzz6- zZ+Y##e;_GvXtF^v}( zsbCw63^+1X*XXD2iqBn?@-P`oC)sMy&5)%aCS;h_VsT{EOQ{G~d=^=0^GM7x z$^%ybAjPOcu&|wve*e!vH^2WQ*y059% zjef&7j~p!RW3QDBUXdLmrM=X*F{w+zGE?dbdL4|Y=WA7v@suSoxv46mm(HDk7>OYy zRbC%u!mKzI0UGt=%_}7^kwhvJO=H3>ah4PO$?vlq)2YbrrVgO zSxK8O1EO5hct_I&vUHj#R+Mjv@g0_~n$;=cp<-wOaW!v+0#;l^ z12!8tzB5V~hF(!9C8|ZAvVf9yPqNWdJH(1X9lH#q`D`gLA!I> z2EuqdQrqz7ik5NwjswzZo-NK2ou95q5O88i!WaUEMcDB`7M|C=iGH#DBF<799&e|k z?80@CM6VY@T$y7Xl%_=vzv(ML$6yu8evzdyw_MX#rVFAR+4y?nQL{Ww>_BD~^X2iW z#6n4){39I=fFI`lD=9Bo#Nd+@ZHR#*(v#Hj9>8*M=g3HN&PI`T+NZd{lq^q3w>f*U zwDiEtJa9B5{j`Y#?WO2?jaIxY?{tB}q+Q&cEY$I+K7oQP1gGBea-f@%Ku1kBUb>jx~Nf=JoUi31iDX6^m zDlMtK_EJU-Z@!+g+~=>tUgOf>7s*-exf3JHG?ibK=n`gGO$E8@#i zz}rKgO}ToCK!@!dG3r9@GNR`k0A-Ax0I9n#$|SrjdahE5#bx(dEPBJKzuC$~JAcP9 zyNpv@w_c~954Xc|bhGB3P^M}UmY}yc?yXlny=&e!>A^5ExVr$F#QgwuzW^arI_xUB9m5_pJog%wpY< zo+me`cWeRw&^IvPF6zhcmw)O-Bi}ePJuwghGp9q=!`}-+8_gee4H8%AY zvA51P^<>wTjxH#PHhf2q`UdhGoZA(~gz1&Dt5oD8I8_}1InjhKU&vp-k-)NE? zJlK7H5d7ZTr}s6bD#&(v8n}!U3>L61<7_0$q+yY#!JrKVS;ENAL_?&}C&?-tOYY|* za($?|V0B~^wPh5oW`IwB3}^Ji-j^6K6nwaq6h@uj+UPXl|FedkEG80k3oor2iJ1kO zIDXqq%Fl08`PC2IZa7gSr(=qQbJ|ATLR!Bq)$m8aP2B1%-&$SgKMDSM#NTol?ik8n zw64-NMz&o0>*}gLx&R&xO$MP)dC+NJ=}XvSBUdo%heRLG-#7+hWJ5-shB-Hq2@#AqjCty6}P8V3h)ojz?f z|Bw|#-ZQd_+C!9H5SRp!-L zuFxgc5gSD!`%jP^bh|AI;V0;@Wdfg&oKcKBLe1Fp5`zmLKuVK`FoH=u5*osS#HP@D zcsN2+jyeH-HrFrajU7 zA_lDdyo>QLga`KFF=&VgEufwvcWIz6AOFhnL^5y_?!v_6K`!(X21RU~ISNfXyZgt7*Y3^@ypQCz>VN6BzJ*){+BT zNC|yO7O{(dWk^pk>6-^iG)y?*ou@ywa6Mc?t6uvoCkF_(<`js}gl2d=Z4hYkqVS(J z8>7EJcGvkqWVpe&5EqULbG%10BC1nI4O{y|V*P zK@k^Bq*bo{c1y%ScQH{Ns!1X^YP>dXpegM|qx?jWOq%yz)Ga@68gEmrZ@69854Ob< z1$5>Ms;z~fPdzr2_T9=2OqJ}B`k8NIPLZ4S`K<_5G{ByAP~N2<1AB&R14|8FX2Z&X zN(tIWUQ{(ySrQ&C>0SU5Q>MAS4F zO!^pYDfRm|e3S+VsWP=Z84*Xra|JohMuHOBQwRbTkRnfgOjI{HpMoQY0vPbQQ#x-# zJp-8I^y>ZD{t9 zrXwPO{R{1PY%AF9-lP9tz2ggLYYD(SP-1+V1tzv&G@CuTIV}E6+ab=qCWcBgHjN1o zQQkHFfz5F$796Wh8wi8%y6j#e{IU8zoVxLdU5N~IJ*@A z=!7Q^f@f%uQ1etkc9%n9P6=j5uE4gn(11ynt0cM?0ie8n0o}+%iEz#R;m0aOGT8%{K3)U@$cTQ9(AD2Fyryzv4i|X>dA^e9d6CN|Yc0LA} zjoYLx3#=$jW;w1-M_K0L3ZJA^!4aVWa+>C9`vcsRmuTFCdSw)XJd4%05Nssv6EwwC zivq5%k`uJh8DI+-ou6+~c`j}qJbbdb<*My2hNKeN*_%fpCKGml^O!aQoTa!H-#ng< z(Ul8SfS-pC95Lc}&T9hGE@dwb9Z9sdQ*Sms6Dhh(0no&GfGu&!o1ni8D z=%1Hv-1N>7PI8PpgMXXJ8GSvY@2EM2ANWtx$cb1_vY>=40CeZ>Fh!j-fy%&$QX9Cv ze&^QcZ}O3d698vGn7?}daa5DK9~=GF<90&&T>tVmwH8x#gfq4~4Ou(t6oh$`PZR8P+bmwhu_hAZC2#m?O7A;Wt0&r+;TRvKp*qE@gkItizBZmO!j ztc!>R`&4BFYo{M4|8Mo->Z*!BbzN2TC(?UlDgbN_?6cEzcxEO`MKCoaVZybRNajm@ ze4!QWfvLWQ3&t`pRym6hM2Ht*AvVbtq&v|$!kW~r%urm%5<6(HfEDG#cvs`O%0 zG=DX#Ays4FN)6Sj(Nm*}5v@z!kuE5R>V(EeEivJi#1Cc_yh;mWRE0~Cj+#cc@Ql;> zpeN*uvy_z-u~tpGf=R{JQtx{g{$i5t;Yp>1e@957Q@-!6cLuXdtA zqcPP|-mFq7bhX1MGB5MzrDJ8p$IA6j{FCY0&T{4?g$Et0^UULf))sj%lQa)D%)KC# znN%X{>z1hSGkRQzCe6)~-At1ZC|Q1NtLct2j|9__Cw2(m+aD5Dn(?v5>tV@{!z%+L z+ovdP4Ptp-VKPb$yQ?Qsv~}G~HYU$Pv8fot0WTiKxQjxlwFE=;^ACW@tK%OJcebCk zUcNrw`K7hHzk9s9y$4Lsp%2kU#%NNFQ?B@GPY?E=g|$e}j72AXipEH8R`^>;vKk#7 zyxQ64B&#pC4`1x=Cu^%}kw(RxdnD6Zq8hFl60)heTG*GqV7PgjN2SP$G{#twK9x-t zTGq6yo7BGv+ZU^$h&`N#Ds2@Ka2U2?mLEwXN~ zD&w_Met07L^ta;9J1D9b-dv&blG~5+5pd)rnfiQ@_*n0{@%!?VE~2yyeak&`Nkku8 zdkgno(nc9W2KS0nf_pP3_hMpSOw0>O9c2tO+$#kzDP~8V$*^v1DY#5A@v8j3o4CxX zK8NfR*deZBJjtnhU6E)ma2(Otth79(phcZ*RAtzxIm*5|UQh~^dC`IxzhK2((y+pM zyX0Vn<+Z~x+Xre*c>b3`O9wRqm9_zscfd}Ft`Z~_BL`0Va!&Eh{_Ic zt}JqP!QLryA_Y}o5@zEynm#{tv=ca+^kAg;tEs$?Xe9&mcPrVVh4iPB$HaryQ#fId zlYhdupAQfA_kK+XqBbPNuYvSVM#@=x#De0)6wQr*Pd&{>xw`MZ60&RX~Rv>!P4;=_6>`C9{UoR|&-* zcaD7>kZ3SeG`sJOQs6Dq{wb!|8)zHW{juTPIm~ftxCghL=~9_q1-9XV3-eP|Y$ z)U6nVhBS}DJD@EyVugcft1&MdpNu>omP@5`aRBr#&E9#rSi;AL@Nv)0-AS!hUIa;d zc-LIhl0Xxs@b2_-ez}c~I@HDSks#SrXSjsW87)Vot@p?&K8uP_7qrI46@Qa0KM6u_ z!)|%Ym=kRr2GvQ>0#}y|Pd+>`Y28t7>A$N7J(7JMKAqjK8EZ^A9FC-PlH$-f%e&r6 z%(m`}sDS;^D!QkS#&%v(3L0~HpTQa=?TS>=hdVEP{^}@LL&nC7AAFsu^9lJKCU*42 z9F<0^LPtwxfXYe}lS@D|-fyXV7r;v-0|*mmeoMcR$qqi5h{*R zq$1*{7oj5v-K!etN2Vo9Vt>cW-*-JzLxBOHa=+ zQ$3P$-pb^55b1EM5}~1bGoeO|^-u|gD;CpWb_Hr{pvX?Eq?a062+Ft@@i1$j!pTVHn4Eb} zOHCJZf*r+oFtx%}Zm>1@4p;Wbg3kL)HVogl>gH<_iI;AC&J;mfW0xES&8f4_6wutt z9r1`j=4vpx17d~C6b+>)V+{HfalYs{xTLJWEcBrCp!pa%ke(k@k?!DK9L+Ijj0$mc z6Xhb}`a}_*M3Qj~1VaVb=hEZr;EvE&cSKdAj!CaG<3I)3Yv;J~JPqGg9H)QRuj_4+4bAM6A z*EA1+LV}@rt;=k3C1+?Bu`Vk#|Ftd5%9)r(J{7fnb1h4=QmgY>o7tq(CCGTkk~xge zVp*X+!vL)!cljJfXr<-7o*~-87qdk3>CkVi(W2I9rIjkcQN*LbFs<4m&6=#y?wx6r zc721i!ic9BrK!#mCyMtah5HfJ%rA-YRG@h`Db|~XL~80O5I!XWEs>Jx3IP*wIj7Mu zd%Cf=*W6mQCAps{>oUL@K zaM~M}xDoGVBkMuXo0=8g2R1naP6KVi2Ypmy@v|{H@r>Q7;!k(sq5)9k`h!mqse$Wr z=iVJ$6nVhY(7O|UxK*t64b{RuXP;mIgJMH&D0~X{@fa2=E9I7*i^QB`6Aa7)wr72Y~tDbn^Rl}KAK z$+K8xDzT-#SHAsd^n*GY6K~i92G7qaAX9`2(F?c*eqhi`ms#%WvZnXd65dCu_#6JQo!t4LamK@`?+L8hsk3)WdE zO;8;t(pW^&8wT^ttN1_8gM@m}jZQCyF+^f$Io;H1DgG~AXV`XKEMPudZQxoO9}zQm z$_BF$1CU@c$~&5;7*K+9j4Y90RD!sTVjFIPX^@Ww8Nj*(`dT`C!5AF$U7>dYb465EkI; zyBP?jV{vT)`!>NVKp}yraNc!%yAmO2TFZ`Lb6#Dggq|dC6(d>K*gIFkqhGYg&?!l- zcAwKp5m3{rqpu*@xtZ+`l6-Qq?1c`F1bmUUDgUwI@&Tq&$4wluzm544m)$`1Sm0)$ z>3nkGLMXATCl~PH$vM_5MXbkrZmCMzkbFEC>aq&xBS81z3d*Qam~J(4km9?zu)F|L zm!eUSEkF(;RMyQ-buu~TV8lSR7`hg10`81bsU#4P^z)eKgR2;nnS&vjg|L46d;-ck z+>CWng{z*Sqhe7$B}aRrY}^7EAn$CAyG#*0!e*TFxtgR<+4CUbS`GxFugaDySRX1 z4|hvFRG#QO*7>=p=z$l&m!e|wXz-smc4T+&qD~K=Y{ihr3j@=k?PV^@B6A*>F-CN) zUMA*wgZpz+2rh>#N5KDmo{Z)MFGw0a%oFm&-Cw&!PqUe-3hL9lJ zr|1e1PP8ly)f{j*zMmu*|K70%A5zA(B1a%>AtDaix=B1WKEhaqznVNsx_xT9(1Pb^ zxRvMoFI$M1``a&f{z*S}4tEcp(O2MiUTz;h{Slj_Dyz!w@TfsxEex-OsY3WTo;cPS z0CqC1cSH~4fL|rN9CX@cd@@nA*{s(~vWsCaJI(M=qDCm7!H7ff${J&|4X(ka`MAz` z+8*IymyYG#J+J+wQY}(Z*eOjJbAQlZE{(f`7qeGdI-G*$cHyDm4y`ViWB6eg!y3UE z3|Y|DkUV_Sj6vTDtmsHXyT{R1N79s&=?^>)!~2aQAiIN;q3I#XG20pF+ybec0?x;d zk%klBmiF2~EC;P&pHK~U<+r?0rh`oCFnU@NDcfi+@DZzLhZ(pTHxUGhW)Z3f9acQ@ zF|4U42P5h({eTfCDf~SL-!A~EqOTZiLeRw3U9jm}h#=0^2pP0iMAc|Djo}+nG{(+( zPrQQ~qLuTcd8>j+@Xyue$v;tj9BQk`X3S~s1{AG)R1b!%>d@PnY9OetCnuWb&0XFU z^|GXky)7QMLEE=oJC|sSxBZ3bB84KQn?-{+R&C}T zHzT}-Hfe&pqVgGM@02vi;TMfGp6wpe9Vxr|C$O;JENXE(9np3|801>KohQl%^6css=%vbZa$;=O*I!>S9i{K<)z zbu>_rl0m_5r{*877!7Zv^w^x&`AAlat5?zrJ{fD;R*} zsI`0e`snbV@bAy^?=SFgm4CYv>5pKc46w2;H%_aYBQEzaGSOw~wGU{dqbW#8`9k_g z;QW?%fczdE8!Z5?5c|4dZdB(_PsIx605QC}2p4jym5v96(*#Bgb*gqe3oU|@sQOq4 zfOO3HSj4o^V#c6r(+%oK^MO-Nwa0Q*&PajHWL8ll(WWG*!<-9BZk*xCHw})FaVs2= zZ4V(Fv$89kd}YWA&;Df?o4L3cKhHmgi}@eL#yD#qWn{cHvXYur%*vb2yvrF zEy6R-t9%TPwgvV6D3N?7UDa$%%^6w{cT~1OfE7@qfqXC_(@R)M2|{%74oZkCX`P=n z5{X^v-Z?&no^Wb`Qw|32%HSCP0tBno`r+5(oz}tOvzk!Zo$~moK=$9qAmG~Y-t%--nwZ2odbhxqLC|_0%Ocu{NBsP;~rjW zb~2#G5^eA#J9AH(N!W`04LF3q8A@9Vf8izl;|FcW$0IIG<647;I^6|7?5DUtFbX#2 zM?{0G_7Isv4%2*kr0sKVGsGT?h+$ z)}q8u_vqemW!25dzJnTdehsHAe{mVJBVY{^#XL1R(u9HVffXG&4g4Eh2d|Eg3ZZ)? zIjsp%8#nWM3#jfmx>hTx*8xqC-Pc=UH5g^Gq_(3)yF}5n(-0b*N}A)l_;9x5DaX~z zfxMrG{JIZtnGA-A1$i-ew@6xi&berqoh%>r+E*>9q#-dS;EA`4)O1z?^B;W7VGZ#p zs~Uu-iJ%Xf)a86B+}0Fm`_GRAZyd;XetC6pc)b0?-cGnox}z4!D&F?7%aSAV;wV+ky1ReyZ0D%l!=z7r1noaVahFCvXXEAY(1oUB=>0@vxLcInKWIHa+oI<>t`V78)!ZtEBNqk%{CscQz03Ahj=5QvyRKtK zJO->>n#OwH-urp`*Q4rw2`jjBhZ#oqTuDR9))%lG8;nuY=UX zL;XPu9_qY3N|g{2s=kbj~~~?R+}7$C4d0 zn;;b+Pon|2luPrB4;*_)e-ks{rZb-+1rAVm*NQU+dY_K4Xql~beLPG3gma%K{gIwZ z%Ho+)^+jk+j%O1h-&}tlTBeeO3T6;lc?wOwL*=3zCVUf%=^ud~b#YhBGT<#Y%xy$& zBIF=~3FP6aNlo51XVHS%kV!fUN!p9L*2tJvu=s*^W=Y?pCrp=b=GmntI+aVb9>Yuh z(>DB}6zZm17`7_U^1(&4W6gwp0n=|Ijgo8HQCI^2zTz_$%qNI^hS(638m=ug7_9K_ zD}_kmo*t)(Sh$JIM4?5*xJ}C2L&_5xX`9eoWeR_ z0z*4Fk~$!^B@quqz`y3qasp&mYs$kPTMbb zpF&CZV0ZuM=j~Umqt~x?4kad!Z_pharnSe#*3d@AlyN$W+qad}^BdGN7~F|pIN|6E zj}X4mfGjRUiJq=i1+Cv=@oA}25W1@Hq_tis%vWlUZ4CTkd&u)J=cDEP6E1v_USK+5 z0z0a{31Y#XgvDqCetl0}q7zF#Q1`f?cLw+Z1LZP9V76D*QNm#AT9R#y$)LYP2w)XD z!(kKPye?m|VR4>Xp}pK5Q;KpTy=z3^*A0cv8yb{q{{0c%zh-M}G|UEN$gvMz+cjC< zp0bsYQ0X4nsNPZDuQn`L+AJ;HZ9+V&2+v86y~ItfGtSiB$+{HNYpi-bH++)^&4wap zW=A!9Run33`ql>E--*Y+4K8m{v$cUQsmyf9b5#N0nz;}N&Wxwz7uwB8B^p_W#La*v zWM^UAAX^s_99B;g!{*WgB;kr|xe_8$xdQy#zqgugDPk4cr31+q3xazU1w3EOJu0@= z8=MszV_OG%o||^?=hi|=Pi$xY_rWMA!L-oUaSm1A#x-H5#9YL?$=JrRg~QF&nApOp%n*%Dq@aYfuCEprwr zbXF==A%+=pw7dVe?Y&)0kn|IiM{}sW-2UGOhso{aE}TfIa+5y!4#Vg2vhKS_!m_C6cpqJ{BckKl@kAX=tqm={m;he08OsLTdkS$^Ycul zT2q;(Qt1fSR4Ox-ZL){T?=vC9=STIv=LP!`Kr4Z3{gc33sx_M@odMobnK{6_VD9nD zc)W34E`DQPF21VZRFD-beJ&SYY;PvK3^tZ^G{njv$62SVUJ$SyUsk%AHRvqovQ^5k zhZ^y&Y!GHRKcUlPp_c3>qVxGiW$zf*WHd8tD<7K4`pO4l$v5C%!<19_j%MEEj4Vqn+aHYX`8FqeXENXmLwQZ0UHDQDF134{eZ{o_5gXYR3_>E=nHowU<%;IqO_ZDEeX_Nl;=*E-ATQGJPn5NN9s=mHzc$bE+>E6#?EY~2`_)M@_CU+$D`)1W%1 zP(@uMdXQ!9UUJeteV6wrI1&aiIK|cnXvD>U(ghGV79Bp198E^#!Cw*=OU?q#59qhw z?o`Z&(2Mk~m*R-RA%4_+*taY;#kjVS4pt*m7XP-u6ICtvtQ9!!Zr*>emm<4crS#ag zu1rlneRp?FP7dp}h(r?U3=O3^kiKsF{t_5x;+>V5AmUuprg8>^K4_e$5E0mq3 za#`0ybtRl^c!?X2BQE91K!nQ610M@h%qL-kR;P)zt%R=qGzU0RPZ6HoNw0Thlaq=Y zT-NXQcwg{c1(vAi4cblJ$%xFyWk~>4Fp#L)_Xd%hr5OQ2U;*I9!~J5U_%x$-Pg0;O z5^NVY=hcJ`jD5Gfe zd{KibWzbSx+yxy7fHJf*vVA7z1kjTYsRciO#v5kQu*wxLMKk$EVqfv~9AkVCcwaHz zqdM(8HlwaacoUa6it*e>0pndLpcv}MlZFJi&y70V_qkqbVG=cs0z-wEc0Bfhp~JN1 z#dISq4|#mTdo>peoJwqkG|-ys`ivui6M#U|`x_*oL3kl;2rp^DLm@2FOnfpE{qDk~ zx^yP`h67%j#3Mn>OEi}aTQ9tb%-EQSGi;`3^sxDD#3I*a^iY`bqJK$~zd z$eJ>;t`fW-OyED0e7lwj91Bx+z_dF&fGlp;B4Eo4q?!4s892?fn{e#zpg0|j`hXl1 z(*$=dRRbo4i96q*yVQq%u!;w$Z6g zK&z#>Z#-YH8s409Hb&|@ci~$4z?{1(@uZGTi%INq-x+8fJiABP**ONtloPKO>>JL; zR`UVv3kbRR+bU3rHGu-dC&+EpDB;#DNy#XS{4+s_>Vt9IEu6~R~6X;k} z`=x$aC1VfIlZvIs82=dV{o35W$?ipUZ}Tx^g#hD2#VdX*H_WjjJ;}3tGMrNKV^8G0 z#gv3C47hZ;HMNuAX^k|duxckf8&CYZ@bUp0Zr|Y+?s5qfwGP0G+yaf+& zcAPx(Xczl^`Xk=MpFyG1^VT`6XO9^MUub*p@FkUL_eK|{2mnJtwvvro@XsV&8NYAk z>8V;gMBh)i!211F%0nKOg1ye)s~fUKifsX&a@qRs@$So=!`9)>_8xkgYXeSrK~;#w zjyT0v75~v5H&8s2$?fxL|rRlJKyNH3e9SW8S336eDG~f$m{ikc(_-E>_kd0^E zG~I?tDNR*Jqf15-u;!<5h}aaYHCOqhJ*t}=D2YieAqS;T7+^#b)byFC3CmPA2(XaY z$PH*gN=PfcN0YghM)@(I5Tb3&fIko_#Mx=}nuiZMG5y0gl*`OKwS;6uNo(n!tpyFL zbNNHEz*u%gDV3zvgUi4{dP4}tUTl=pL51s;-d2o2tI@sUa z_inLz7l8K#dRbVv^V?{MgnWUc8TPJX#ejZpI4e3uw{atOukgxOau;lhBeFGI2+R5g zG;G$}Cs{RpFpg{0IU`z1)Mwt99LR-onGQjmP>x2$icz>+B z++7NAtPm$cuw0RIG!*s;#rSe8ujl$2?}bF@a#KGSw`U6v$qE3zMwwnpAtbV$_ISqa1|d$ zLm=g6ZRSdHBi~!5K@%{#6M7~9=0qTLwo>0XH)pCre81>jcrmq2SxMjt%#Ia3r&H75 z1?nQuzHSedEsF~h78fNC42ws`mUVZZf%ria9_TMC3N@T_#xb1~AF_+d1#3L%dYw1` zRLESW?@{&L21em@oI9{FT&MxXgC<}4!iZ4S1cwrAD*{WdaB+Y@sCbPG`*#p*ns~F# zrx~;c!zEFScqR<|lXTNdQ<0MT;?%Wa2@!}IFL(Rwr-Q55%if{K_Ek_;y@!SgIol=b}Vs@vwx7J*A1|NnhB;ZZDuGa`!OJFaUlH^X-<1|1%3Uf zASV|jp3%wsY%s|!LW0C8_;1vx)CprEnz)c(uUj5w7C_WR5pkToci385biHV8CwR}+ zlM<9AOAK5na94&(rh4AXh3ygMxjySX`64@d+%VCh~%(&x_T@>E{E^Itv6K zyMSE}@cNkp|G1YxZF3CVEG!TqHZ>z)k5Dk$-cc~#Eu+^EXN%*f)YERZF}f@_ZA8#Q zI?Q?jz7>^4o|6hkDKItQ5Qi~rp2NX;x;Yms_S1Fzco*;DBeNlU4hkM4$iOY28Y7eY zEpM`|yIn7CP9~^-0Q}4cVRga{X`@My4}h&kB_0B^kZm2kCJGowp_dWfQ_yZI%2Dlk zux<**@n)P4>p~zjH6$3HhL!Z;~XD}Jl zzv+l~h%pE3b{4#yO>unRJuY>x##|IHcXWmwAQ6QVjBvrx8on5D(zLSGPWfqGgncfT zy0m&PTMu3LNCKxwvyOgv34jYChTsrkuj3NZ)g%YgclQi5T6&2BSKW1Dg;#t0Ft&n%<4xuUsc%%}`VIS>NOrACwV)&yw#xq?8rG}! z2#_Z2VXR=WE_;-`CNA+-#}8Yhn|du&QSpTyS{maf_xi<%p7Utu_~rJ|Pe#A_2da^s z@}KWGTEVpi>GS8g?kL`rz{2XI5@J+bMwn2}`Dcuz^4eye`qA(&B%Etkdb;sO}bm6a6&+WR)U;IxMn)@U{e<1j=!37HDBx@d7D zWE{F6C$4&X2=woQV!6C8mZm|qhxD!u&35Ya<8$Url;;nfa=3UEGnGQ0J;7jpgr?pk zRq|!oEY`r-@GYETn=>RC0WywLg25ZSA^1JH^Upg?Ov?#>mhsPTzuieb%C#IaNS*8~ z!#q|KGH}2w%qTpQ{{Y?6L3`OL$2=cjIpKiPnS5|541L-J-y||7y}17x1)LvP^^hMf zwh1TEY9pKrD(c5qp7b&RqNWKHHPG+RBsc^zlNH` zE-9%gM;dwFkd_5d17u>#zIQ%36Za2vRwqIfBwBW}y_Kx3u9EN3DqfT8<8KJ|bUOMd zk|6IrBU?a@5uE&el9NdwqZBJfhFQO#j#gYp+92kvlnEAEHS?Cjg;Vyo(VIo@O_kJT z`Inbz6Hdm6*7ZA&@9=(--xkgJ`&;9YB{)%NB9SJf-?z!FrCzUdkNz$;gT3IkoPCH8 z+w%33TN_aE)~!WXoPwOLGG=1QZnrndF;gq52^u~c4%zTYf(D^sz!~#~UP2ospQZH# znj!QNH7WUvjR(CtRk(eEX&XhBHm*bC5ikXaQGcKG--)x1G$20YOD8q~u#XDlgmT{) zcL+RCM||^8XRdyFfQzStzIZ;axL{3>v=-{PDBdoqv8b25gZ&q+m%IBUJ@Ak1Us&+& zdSN+5W0kZccTFrYW6U8=iIib%BH(k-E=*Ot9S-n5$?|jFFZn4@^HDZn5#OoEy?z>I z$C`u52u1wi04@5W!y{e3cd%>suP)nHKK7F?&SPI2=u7eG_Ag~v15o~+o{p1#de$bL zI#1I*!%n`l1lKjg%Z0vL1G=_BO2LXf?^0>?w0p2$ZzR9@&EYv_=N7xUvXRu+SJyW0t=_-4w%(v~)l@kh46oP< zxc;<}V8P@S?B-rJO!fwoGrW{qgyOZu?}q&Ne`yyhgVEW_Z5yu5%*Xe>cyawb+51#?Fv?Kr=tsZTk~T7 zb@CzwN(ngnYI4$plVC3cbj;IugRt5|ES8^p)%kNA=aGyvq2SdN2YO4*6cw=CqZ_>8J+%d@xK|yOjx=;ngCI12$H7(kl%Hb@o5+ z9{&hOX0pBiYx48<;oAmql+Ng)BoWzsgl6 zXu1{lLIM`;dqc}&o|?qv`Kn4JD6c(VQjDPi%&YVh)hfYIBvx~2?ifRm~KtUIah2ts%%NToA1BJd3d73XC(n;2-a~eWsylfF9V-u37@o21heZv~- z8*q_AO#`o0#(vey?4>F>xoak!x0C|uXIWNeQBom_b~RE?N{ES#qm^VEKM`EO{U1X}UjHR9|zk)eB z8Q5O>gBI7DYcg|o@u8}RIVOV4&%FIiLgd1#<=MmsFb&a=PR;DQ6ZQ=a-Mvex>v4Cf zGfPQpa4Ub5Q2PnxxDne7Bv9Uei#l0-E8Z;W2hqZ+Z;en<8Op4=crDz_84XJ_3a11d z9S`uEfPdE(MAdDK?HUE29-6#S3n~c6*PmHEb?I@Xg!v)`;|#!r7K`5{MVF#t_xU** zWZ=QQ#;GMR(8IjTFcp8`2v{Z^dI9FOBvyDP*yn+I`R*k$c|Wjeu=kf+b3(mz;mi>yKP_9F%eKejKr4pDxkVlB)NzQS6dtJ_Ta z)3v7t=VP1aOhT@4X4|=K+whrlum zuW5H?m+7Y;dujL64?WES9*x7qAyZ_KjaieVtlu-|IkE`j6NiTwgYPJ+mBfnPnwluG z$j+(ZyYnrifB;Sb^^C8AypPUFo5BX6MJ0$}CzCT&b5V{%kWoc%zv3)X!)l^IC4&x9 zYhuVI6=pBnS0cBIO|7;KlwdL*PSg;iJOyWUj}B`g7N9a%_EO5V^7}VDgtxzqe;X54s!Z8TdMMYP zvVDznky8~6F5BpW^bO9G-#6QN15DW4kXanS0*M#-r1|ppg-#BIv z){+l(TuIm?`b*mgJU)K7a*0|=^#c{kt@Ho9aj#)Kof%nVOxYViytiDL@s;tN)3{!d z9#+Pr80Yi!n09);p}Cu3hhr>QH60UyrA{WYaJDS>gi17G!+4X+Wav`TCZD-(uV8k7LoSdNNaH*UAtQ;$|lB^(e=9#sRV%vloy^L|lTI*GAyIr%~NWmLaoJv~w+|3Qnxl z7E2NwPKW%gUG5I$F@rcEuEGMVN?Ev&Tks%>sbx{A)~e~|n{wVCO7c_aq7<+>2;#h@ z1$+#58`j<2ZyvS#+4xHC%}#vUL*$0|CzQAD0TP@0>duIhC(zC32q}v(1m=4+GsY*L zy%oFbUnp>f6RG`hV@3B4UPMg3OqNFU&2lZc3(6I?@=B8Do>xFF83#NWj#mm^#7{jC zS|JdqS<0>)o!vK&llofn-FLol%!TrY2z04oF@UD_uQ_DCbRKisB5RJ^7b1p~FL=J- z;(ZtwqffNi=38UESdH3j*YoqNJDz1SyuO+&PY2%fke*lAT&p-1SAl%@xX_XA)o_Sq zbMV>2n{5uRLn~{^;=?M(A(+$JIxy6wqu4p-hS^K4s))-~df|FM73ZW7R8_1bx0zXe z`ZCw*PpffHGdj6``*s=T+@^Jyrh(8TVZ*DoS{6YM@_oJ_onGErPFr5j@MvKJFA0d7>(;E zT@IfvrV*qv=7I;$pC9cU$I4P~`DgCH8e^xkSzEJqcegs4PPKkZxB-B$27BX-nnC;< z9RJ(~*fjE}Jv&j)Z1mN@7sM1U`d#>#ZN~LPh8Qz}*QAuJSPc`UtFYn>sU+IVEpbP5 zA@kU}y{fDclc@&6YHEf2>H^?BG)`QJW{CDl){Z;!feqDd?VD&%N);I98 zy7A!tf56+#`y2m}tbT#{&HPM|3Ma{bh~ZvkxmoZ3n|?HC(Du{g-GlwskIr<`J>Za& zPuU;ICLr{oSCy zn^>-Ba9L?;DeZoiZ6!AF8J3h-{j=;Q*PGbHd{&Yb^PSf;Qj8+8iO(~H#1=lw>=7Hd zj*+8G{8v~>xhSVd0dQ2L*?aWzOz_fZ&eh`7Bb@Zt19A(m^+2i???jDT5v(It_ej&wuj{&1do3Harbzqb@Xcc=}xWoFnD!z ze7L*+qE`Dhc)D}&92)uSLh$hT087^oUICNTNb0|%ZMS6Z-NNrVtm5f8yvK;=_zrJY zrL{-+poYBcBK%sU@?uUI6y@Rg(nrOTqU!Y}#u$B?8T&T}uimcU=Ifsot9_&a;@6K2 zpUsHta%c-@k}D0c=_-|w@2pJxxTVOkN5jwXeb`3_S>oU}EMjFrx`*OgPU4WM^ zTfwi^V2Jy{JV};%=lNFQ(TE=5)))+VV`wAo@!-O=Fb2s=BUIz}EnN~avW8zAdKlGC zVLOw4dvp~W4Uak6Hx>9@w(r#t_5YJTt`1#3nDODCE&og>F8`W0ZWQ_jr4CC8j?w-U z&iE0XM3rP<|Mkn(&i}Fd9iQyMA#KP%K6-JuvwggC2q(aTg&@n$EyR)Et+~G3a!}CR zcK=L>l&wjRv0`4RDd{Qw6EgKT)fuz5!k;Z(sfF_L{vKv$tBC`I;z@m}+i%qEA}mp! zr9#umQo~hX^FnOHRkY~jt5a(Y!39~DE9ARyaWFnv)&|n;2B?E21(U znU=Rtr>?ZSC1q|t@nnDJm#2HLpY7<2wNjNMePvMMpjCS7nS<@UpSOQKq7v@yrmY(* z;8_L}y{-|${4xZveqUZQ~_xXXmfu&%iQH!!g_Ffl3E8Qg zbchMq!a4B|H9B(-^2rIOYjY{0#(+0VCzEcho5C>?ovso{3%c-diyd601CNpUwOlet z_p_)LW*8;|R~RRLrzZjVJ~JiGsKi;ZL`5UT;xfXQcn2_Rcm*t`eSWlaY{;N}v;FLu zp@a6#;m%7#2JM@Jr^ksu9WmjELy6L}rGENh?3e{Pq~-So=T4vWjVCNe8|Ov*C7ApU zCpw&S_Cm*C3$GTQ9UZ(re7chqNuHby&tT4unZX_dY^S6O!GgU1ga!E<0(XD=6k4eem$%gN?NZ|FOEhy7^%BM*sgcKKJ4}_>CKl`;Er^&!TY;2%S7Tnhb}7 z5r=!<`_E0A+&(!UkB5)$-RrjVvCVmZ(i@!R!@+n39^M-w`CK_4U-Vdy{}+kan|y}> zdIu}#Pl89N>McI&^sND z7`RT32O_7Xo=I>co>*EEa|cLQ4qqwfIr4$k_Syd)C7;f7E zl8?&_V+@l~5>`wSpm!JSwpCA8&Q_e~D2xcWP&A~Fxp63>aWKQ2J->w6G+@CcN!1Y| z&B@La!?m}`iHxm(T?{VSeYy$*Z>KJ>xQDhulMy8~CWkb{3}Q-U1?!F2Dl-j~xY%~R zY3>-Ho4g>Pmu$?Dm|^6&i6vCF#^d+bzxOPz;UKhs8>NI}Pm%W;C0Y(02Up1@@R#$` z!1x6T?*p_FmkX>I|~w5KEPdahnfc#6}7ur+H=Q;aXW!o z4>0Idc5wmcCuQm*sCUP5PZ|_1wn``KP^BeeI5;XDHcWd5o@R(xa@KjST1 z0JA&djU;S>@2Sj>Pm@Qq1B|KI(a+njC}U>p;MMU_{kE%4=3Gna#30sl=A~|-+h%xE zwo*GePkZRFq&k5%Ca$DFaG3vLh$$&a`yuR%IV+N6cbseRGhRQ6Bg^?yDu|?@E8!>O zYkY_DE++ewasgRsMm*h2yZt1kL@_aK%`UXuY45mL1U}P6a3egjfCX8DBaLyN>|wco=3nXzUvPz`*d1KWi@RLCP7R_;JRe@8&PH#lCyWkS!RSp z*B8-r&X!+nNXjP4jsUTOA(sYdm5O;|>L{wQJ) zK#j7Y0cya=uc?wgljjsVT`hWY^NpIU&&R@5pF2MMBk{lGGp68c6(g7;gOZj4rZEr^ zDDx2|VJidZ0!9q~!<3j~OlPlhrFuZp5y1FcY?Zp&!=#SNnq0K6glS<=5seaO=fO!n z=z*Y-^wP8T>6J7}^wptV&cZFmq>!^sk~WcWaZco}$^O!jNwFRSz2h*A5Hh#OC8ZSa zR8E?H3a5#5joO9*ZrFY*q3wMvSZI7YuUep$R8?}4U7J#}6Xy+`{I{W#UzKna=?1Mg zaqHqnt%&jE5P=chaG8n01SAJ8v!3|sru{SEeg4E4@h>?!Zzul`8+yKnb}5+Q;tQRN z@xJ^a?R;d$KjQG8md+VHyHMyx6-OgH0>8?(`B+<6C=pU=LADCu(1p@Z_Fa>Jzplh-KV>Y<=f?4aeRgQ=9>(%a!*O|D9{zE9j?OWGw9HyHY>f7%`iac?2`n zmn5RiYpO2Y%70STUC1*=sA86Z?+3%bF*zF<+E|il2{yg`SjLM7C3+7Y1w(@p2Ew7ZcBhJ17@UA-}cPdQs_F2m5UCQ}I#z}(vQMP{M{cmI4%^+Ti zaw;kAa-Zl%P6V?v%@KoOfKjaITli@=AwX}%172SG2l!gI`D3eN#TQmlC2#E`EK(3J zrBvZ577Vy69ix3l9foJE_8C5<86o&}GWZ=IW*xx@wFcZh*vID-MEWt&Jd6&r;@Ddh zg3ylRUwz5?Z~U2Z|F445^4jNJ|IfJpU*FhRT{ZXr5ApsV{&#c#|1~~h@23&+zJh<> z>R-vHZ?$QB{cfxcZmbRdEC8xNRln8-maGEpI*kLjA8SQWNm;~+JF z53RL&U_!d&U#WQ?KN*fiww1^P$mh746r0xYzha}BAsbAAQ0t3@ejjPhdW;;m*i1~k zgF-?@enTk^l*LAOr@N1nbr+m8zibaRZhSbVJQ!3B!$6!4uj;pRD^{2pitrq^!m-4> z%uEvV(T@j*$49M=di}Ox{4vaiZFIWojIS2GL95RP~Su%lV3J6aPFk)g>W%Fjx?dIv&Ub?b3mfKp~-Z^D0ZLKBzWvk?+ zO8vD;UK*M;1pOQ_sSG1l6>0sO=up8RClWNq#T)5qT*go2kfGI!jY(LvM1Vp-R>fpxb zwkZ}Nw>fQa)QL}6F5?SYoH44TkkFr0M)D z1~+*XCFD5p!oq4p+GL!FS9iDMyW?5$@8u^YsG-}_&anX;tmp;DD>GhE7X0G)fd#p> zXk&iBkyhDtYtBZov~LopQ;BjqOC|=2QTkM{$)+gRK?$kDuBYSetzh{WaqlK;Z!4zb zW;4Cfq}-xvWH|y?EacWN+sDU;xI0$P2pqPDGlJ0LWbHnjtqd{YW>p$s8) zVXsbY#FOD`5MpRYwrgR(;^<@hRgw=#%aU&(x@Twi%3DFg6H=Y!C*)G-7|Co!u-v_O z=PSO{lV9G2r+m#XvAn;KtQGbSjhVBQtUzE}@S$N6#JM03VgfhvzsSDWfS} ztVY_^7)T3ce19$1H7I^!M0j0=Z(MNyID5w$3uk|v1)2dk>60b5!~?R| z92K<#LjEcGYfL-PbS566XjsZvVPLr-8SXlE>D>MKa`#PfCyHb0=&H4j>E#`u(c`(b zx3f>&E=;-Aa;Y&|t$MxPqmdDM#oA(Z3?6Xtw+&~95{a?mloImY#nNnQ0GFayZ9lzi z5u;eMz!ug~vQ$w2Kt3e2EP@-W zhJmJ1mBF9OGZ6C3^xD}U!mH&c4rsD9=pn{#;%E%!p~ytAcN_deUx?U6&pFZoJwCI~ z&;0WX;dl6ja69xyWg31%zqb4^ecoM!K~m>Z8jG7E2cw07$#L#u8e{S*w893=c$cw- zyGd5gm8@P%t-G@iX|9${eGp`b%8>g;ttMVCXrhSegviL-UmE3T5D%zrTUGn0p7h8B z0M%IN(1q6gu0S%DIIZoROvu^1AvCpMOs)*&StCn6wK+BaU&-qN0Qcy|>UypoXpIn3hURU)uZyF5ofbgs$Nf)+`CrsgG92XOhA8WV^zN1|jo6|gjAdkDBxARHcEEJl-&^uU^){@Z zzK6a~Qpu0XK7Q->A27Nz!IK(K@Hug&WTz&XE7*8Y*54IgUiKLTD|G^T*5INPWlDTh zy%@{{85F1xG7$%M_Ky#L1r*>Gx#cRh=^DK*nO=(^Uy?rX-93&UJ{8{OGo7F>;775s zkZVQDv78WD4m%-@yEk=OrXMGn_{wj>*8v}2iRK~BUQx0hKG21MqpO3aa&{V&TgR)z zI$sIy6}W`(TJlRdJ5KFdI9zWff(3LJ7NobV30Fe4U3~DnBd?hh8)8AJ7PjW1!-ouy zq9X?J*FLOhH=BBkK!^FHA}oZ!#+}Zdy^@TY=-u zi)%BZ0jHC&D>$Q$=xY5c2jz8L?uMH%#8pw88ACm0I^BMGB*7%zD99d9o*1KVW`Kgr zPM>)Lq=cgVsl7V$1s}l~Oh1W}h3{wbgKyA~jgSJk0rWQ&B7)-d#GY5J+ghrpa+NR> zkkTwGt|&um8WaSz`L;@iFvtCU;ZPIUv z2D0@h-zw)4qzAKJP*H41WPk$vX!jIASh|Hr05;8VXwKfemotAbk(muiGJXo6SWJ~z zfF^D6!j;uNSsu6n*}*mKl%hxyUc&tGfcqE1%@6`L4ft2v&;57*%wzw#@yFVKK3HF0 zFWG;t-PnJAmCwJ2{b%zg=G2W9=%3RHbmQ}^K-K!o1$|P3Iu_73lBLkZZfl{^-fv?b zdp}{4n`mMd*thxn1(%uk*W(@JYYL`*xyIDaV84B+sJpxWZ0DEC+J2mcDNvJdq~W(k zPChLBh>|&JvrT6kXP&wtvTq!E$*q34)$4um48Iv!Q;R$9KW^XXGWHef8|n6wj3z_Y zh%^2MB~5NdTr?3Pie)MlDB@8;<(zaLSmtykT!( z-1?Ra!s@%1u3bscTDZL~PLTT$m{c55(M4T-yA`qN_YN$s(nfe+?}nEc&Lq$%htbqx zhrKs?cX%KQI|o#>s{D`P%hVN&%u=Hwe+!km2Lk2WXw2o81TGf=h_%n*VrM)1c`f5i>?0=$^3^ns?-O*8Ew!86Dtif-zQlCD(9=9P;@lDD9cA)8bNQd> zy&zJh)PC|L`Be7?=XkJYXEL9^!!$32Jw%`=$(jfEdoz(g*36f~{=FOY|4Qgz9O0*K zgkn4YhFjv=jyoG)+;L~)D>&|K+&J!B+i_>(f1=~g#usti`NAk$a@_gj(De^=+zC1; zxb1w3$By3te}IF|#vkXPvvEBKosBQ(ptCX6L1*K}LFdLnXI=-LjX$Y_&ewC#`S_W5bP)&W(@GjgL+z>Z9|owut_7 zeWuv|i}BaW`RDdA-Tr@d{lV&k(Efkz;e)k}8~gvS@%c;E?RU~{atNGU3r@Zt7yd%I z?NjrFeFTmKJF3k3$%ub-gZ^&P-~06U0sVbQf4^-O9RO~O{%?%_|1?Jbj-vAKdkg6Y zOkyzVv&_KMUbQV-z^M*;&IPYsC6+lApIcBTtNV!+|WcnG+C_SL8wwkOiZ` zrBZEp1grHI8wdO%E>mJ16txVQk+;5%a4PL!Q72ay9YEFE8_us9~~ zJm#GD9^&D#fX-FPn)^w9Y{{y3A^$EPce26C`IF$$DC?i$vjt@adzft6wbCNz&DO!; zvz^1lf3@#-U$l1ipY3k%C;qE>4@h&ox1&XZUvM7b9g!an9#8E)4Utc(m;-#JXFT48 zg|7&(;Ul_rChz$GFum-ApdcrxcavBD*DUZv6YL5vQYvIuJTfU`b zdB}{-&U!)K`3Z8pz(-wh{?!ODf5S(9MXlFIfYKkER0NvIF(rDr6zr;_KsK%-C69KVzCJ_>DMg{g@>=o{b5P3EDG9HeBTbOp<|VzlIa*l>12i7?{4ySY zK|!D4(-yr*fs|g^U4yBdFC-=+I;5@eox3}8yU4!9?So!c ze)Hhhw_3_P(o$5B&EI(0VZpz`Vk6+s(($yVc0oKU7HH_Q1Nx6!FWrHmr zB8&4_2kDI#9mW(UHXC7}5i^YMlgNTULVF*dQ9GHZyj|AQL0{m7`~!~;bGpfmJgqps zfmNlKxY6*yfxRzSL1cgu*jmcg$9NhEFmOG3S6pMyOo)Y(48jb6sk672EYNjXSuqM@ zdQP|0iXIuc;fwLW<3zwfziuZ?>|P!2Jm39=GNu<2{RKoglWXR0(71}--g*6_r2qxU z+91GyDTQJEY|O*gec%%ZXZ;L!3YAd{Rx|HHoI}dJ4ZXm8X+w1^QJThV~Zk% zWzz9}d@(U;3tZauonRGP9Jt*VY%LZ^VNdw<-+q%N8Z?kf_{SF@L!kBCiW8mSzti^V zIZI1SF-hcLVGGy-6yh9dsW)h=g?kLuFoO%sQcdh!LSay*-J77rVi+t*49PMdB8b1V z^aV0k#uRu-VzbD}2aNDm)lQaxCLI^vDe!+UPQb?Dfl-PzYD=rP933us=KQetQ^W6> z*lTQ;lGV%Ng)7xWVhIu+*@bd9aI%HVrmIP9hr>|w)Bx_RvQ7WSg4uFlNFqBiQ7Ny?bK}>4jkJW8VTn|G9C%rxW+1b7SLKD zLe<%WN+yfpIv>0BUNOvht;BGb3x*M+3=Ue~d!7$v3FWvwb%`??iP&YzhQ+KWj_XAL zD+MYk;Pn^Odt3!88g4R;D&&@yR+g;$*!XKLwz_)<`!DFvQN0u~sl38z9~D_iK13Y> z5*oJ2HvC(0TL4Zh)I>v2BzW0aR=sMC?CLmFh{yRduPXun-z3&iA-Itn5!p1>y-SG( zx^Yu)u#q9gII0+CIlxh2XHE}rq(;TWhGur8RY8qb!+=K5!`MZYor{TQb&#c?cPeZ~ zV3B^^Snyf$U3vCe+C;_o2jf&o^C%xzkunur0IM%9(oWVU|AKZG&S7c=8|bxN{jeJB z{Xue>l5Q6dZH+60fVv!v-X(*{*tLR@h(tYD9`QZzSr8+M9L30lEizkz>wQPZakwQI zv)Y2P^7tzr=`OCxEY4BqR3mE~OjBt30oC1{~Dz!uO$ zke!ftI&LaFgGqm!^|&f+YYn@!;yiqi?W9fg&12f7w{Pp(eDk{YU05AGD0=Bmc6qj&)0+JEoK;m=Xq4s@Tv*Zh9yKqs?s&kch)4b zvy4+EL^um7;b35fhK-%>Ywb6=og1;wXM2gBSojh!$P$L3@VZ0phcc5jjpcG^|FoeYEg7S10bdcZ5R+xtX?v}JI~9EZ{X+^ zT}m=7k)cCX*tF=TGr&bMa9BwU5a_y;SCd*jM;N)zV=%cq&rZ*2(b%0Cxod_X94>ff zVp%xt#^MTzhxBD`;ZD9j!;~*2&qlzqIjXkYO?r2sI|b05G$ zB7HkoggBGyN`^1vF1CoH=^)PGiPN-0@?;Kq6`4=o?ji#v(<*h_r*lj0HxYh)#!f7j zBe|c9n{I*Nzms%4R(~nu{|T!<$pyh2ya8wi=8AK0&dFe)Il76YbBm7-MwDQb4z&O_ zbXiMe79nAF5Elicuy;L{_W0c>YRk~DQyi!19Sx4iQrYQxDphlLT(yW#Iy{y8up#;N z;+wxCrNfZYIfn`MB)CZ?(o90&>gpZHZ#3w-0*zyJdRhF%Uk7z#7>;!GC$s+j}JdC%DmMk-#BIKHBguo}iZ~xheX$V4a<-QSx6O(B_qW}0O!Sl&(cUN|SVetZREPPX~~2b(pbxoVcFv79nV2n^*QTUmx-IV=D)x;GdQEimim` z)6n(3ps8S|ugx3TjwiW$_btDJA=zFeV6`4BqQ5R|Ct;I)gHD7HaX`*gOYHt`g@YS! z&Hovnnf{-E6Q7y>X_o)Tg9ob{Mf=~iwFfu$zhC3?)%`fuZ>)ZAtbYGgR=-R_3rU{h zmbhwz8ne#z&rXr$3?HSVQGXydyb&|k8Ro(A`{nj8t-alSDDq(A+s(ib1Lx2rRT=66 z()Q^&8VM5&DI#VIf7KhfuH?T0&q(phVA#u0`G7kVa5M*GgROZw8svF$G3kvn1aFUu zu&QD4w?#7G!2kcyYxm#DThwU)<)PrA{3PplvQvsD1)K6Or1r@t!{K0rhMb`(2hKno zIq@r7!|-or{jp@-Pe#2y8>BG6Xw6U&%`o^efUKD;0f^x*LBgpBoY9ByW@IwZrQ8@8 ze5CGsUmPuJ4yH~tgX>ccX)_onSQDfc*e>t0Q?Y^gZ4tznMW>}_nFcvgo{#SbaENfB zPFT{gwof+4D+||a{#I)|Ky{wXAbhR2UM^rGm%W?R9TJgX{6s@lv0j}4rIIxM6fj{# zte~ck@4}UW;4TGWnfdA(%npGJjCIbH?(z(piESAG({a)`Rk2Mwle1cA4rbfq+A`tC z0TigtW8WX%Z$QmATzDBH`+S4uRQ)>&5|E>1BMmrYk;u!60(g zIjLyvcTio5czsf6DD5=3^gRR72oxWOP^8z(%e+28^dwqF(K!?*vWuqyLtnHJd?`v= z%fC-9hIpwAO-ga`$)gHz&biAqI;U8lecDEKY0uX=Jx@>H(P6jv8*J73N&EC&4sanh zLccdeSu1tm6hj@TyL3Y<`J~PFhQM^a&jyp+fc0L8daKDl{~5=*-|pZmD);1ZvJOyX z+`vdi7sCL!lPV*R%T;&H@rk$@h}^qme6%z831XaRQ)fJ+N=aM%nHrGD;`~bv6AwU zv%sD926|r*p-Dx^e5h5%B*!0)9Xv7bL3F zzpWo_Hyi^TdA3jWU=8lLvp$+RwR-8sdJw7|&wL$N(S+&g!OK^zgIC8#^&B|8>1ZU?0DZE5l4;8BJ9O3vV9=I zcsC+aMLeC1M!!`&U~VFN z-7t)Q8irAcYVkT~c-aYWbk0V@@WBL5`f;apV^q9E>Yf6dQgJyn{aPt{{dASzL)}_l zetg-^#ufKc<`PQg8;`$Yis6C)K{;v9bz@bI(elZ+J6n!R;-O-esbpzMevk&zM>sL% z5-H-|Vh>WwB%V>XeeMp8evoz!`oK)e5XPvkAG?66_|tjf^D_;eB3Cd{gEU?DNYf<` zFi^X<8Rdst#aiD`E!3&oC!%l*8gfJ7Ymk0tGE~&!!A=i~i5J9xD+YTu-8iJsnRk1sCjAmKlw++>J78+QH zc$sk#cK6RUm6$%Xsg;6~{vPyW+3O={(uRVNI|%z8t&w>fyUBY^w~Y*u;p3oXhR3}n zGVUj@+N_$2S65uj7ZBSB#Y#t{$jP#q4DE4i0u{O({|{2`BP#!44BfNmrR1kZKG= zM6(BvJfzSMc4cv;?U;g_uzTp3m*kU^WuL%Bd`QxEKM$SjU^U%skuD|B!8YCmF1ry* zKV)c9xFK@L@=bs&a^J=GjX0}|NiMgy$l40O+D`6t?ywCtrRk#bcP`|S=~dp{(>wdf z+G)^_$JFLO|H)T$(+ghQkqiI1k)|3i_-$<_c2wa9->C`o_^z^bbPW7%9WUV9J!C_! z^!^*OoB0eg{XyR+>seXUeq#Gwx{~%WiA{YGj=5bltLIBmpM()6Qy3w64G0#)Dquhu zM^$NtNd(@7WKYFYuFN0m*>yBc)Lq$FsW2Y5IZ|Cf%>=W`>Dl*SF z&@~bUk)47_P&trqK4l;Uk~W1Xn|&7Ucphgn*!kk$PQtWQ0(8aA?spo=JGeh^7oi6u zeZROf#|~6Fmg#~>hwc;%A$Tm7^CxzeLiuAg#oyR*)Z*P-mJg%;f3%~ou7yCo(du5 zcA(PA zrJDTg==j;e>*E%hxb7dw1Q0+-wx#^q+k&YKr%A2B79ZCs)!y^%-M!a`68QtysaIdT zcart*<>zq1F7n^yQ%pgKX9-&IwEG%bG@X}CuC6>5n>ak0eppUHc*6&`@(7Beob!S2C_GrK9GF}I_&ll~#4@T@u zeUbIuS5DGQ&9HWFiCwShNj}M7aaUL0!s&1(U$+uChX?P|QMWg^B+q#|b&IFTlIUgl zIUM(AEjE6GzgyO89J**GoclSB9VRr`5%P4X-S+*kVJDg|<~h9W*4YFUSQ=-}Ey0XH zqUYc(82O-=x;AoFW|J|VMuu}|tXBcC@iIc%grfB2rp5u2rnK}{@=aj;M;b(gjtG`p z?$Gd7e7`9h%yxoeb)A&${JiBN@=r?~PVz4FzT|4cizOKnTQM@3vy<_Bx6so4!B_*b zAsf4=_whQDl&MAOImCpO=Ky~OG%Cai^;9i6nxOdYNIJX)(t_^?86DY`BkQt174k;*ZXp4pbhKt z+9T0hJm22iJO1(T;Ps0inQNu@tMuAf?;1?UJEv|KMG5bDkcrgrJO~pfS~)zRme(p< zW_wwJX1oh&oO>FaqMa;4y`rP_DN`V^2fO1{3%iqU!imAUmiqw!wvjE)LSC^sD!4nxD;R)*O%sg=j6_#h3N9~>r;AN!th&@1pgznCNhoxB8`TB z9V(Y_S&?}?4C^!pHhbq60fa^GIAS}2_2f?SJy#;%^Tp&*vgquPi#tGv$Q;hhwQAx* z(SqSd_V(#h5TC&1*35~DbM-{Wj_ZZcl7S!T(C-7?2(&=1=Kw#@cwf`W^RfGcgMx=E z^^#uQ>X2{5pqq@^{j-#yO_ibz%ewOkF0Gc@rI*om@lCwlDOlT?j?@?OdV#boPo44p zcmyCs=KJrH{yQ;UcQMl(J}#JeW`H(j^{R_T?dp!DU2py#CDC)y=m;E?%<$~GG&?`I z$FaegJr`^=6+389GQew$&51EGamVSirc0av;crTU4uy!6<_D;89%kt&X}R+AwAV}U zLT@;phO#Mu=F8(f+P1OzJNo$jG^!%&KFFGB?mTa zJm~f6eBj@vAQNk=DhN`X47)(^5bJ%%zC8H#Nm8$`?d>JseV1$i<-`!F1w_LbJ9&9z z*kc9C7|oipu;Nx)$-@Tze|QPFP(UON_Q=*R5 zV4*d53`QiIIaDG{XCW-l=7r^%hvnHkuzXPk%d>01@@zDi3_*k%ohc~KMg+<;4@!E; z?j~Fae=k2d8@0|VK>1=$P)-@?3@(6>|DTVOqt@z0Zg?!2(YKC*~A{Z^Z=DHsKep1Vp~4ua3~BO1YD6)foyqc>eI5~kt?2c0vv!wp=Y=eID;Sm)i7M+FIg8^Z)XxuL5G5zK%L3OaE8T; zS|8!HhfNGJB1H|q#rvN5H0Z%m6R5W}PfVyf&fW^0lmRd$WYuIlAHuV7w|*P@M`ZB7|zoi$KeL%#WTl(6%5^8b)RzB~?VOjv&qR-n@{Xn~}Ja>I_f z_M_MP1k~FYBnjT~&>P_jVGY_a`tGAws+yK^##-C9HY!SB_3Vh({CMM{@Z~;J{XZ|- z&bjGxyZ~m!e_Gw#Ec$;wT)lr||Nk{U_hwt^-#B#M*ysOg?DIpSCl8NUjX*Hi`_Gr# zYk@N!2Q9+q$dJF8qDEA~?=^W`%b+mJETfS9QdRQh(Z-PjWLkErEo0#lWxmViqNrPUPYUN<~hp#sL0=9h<|vCA8GtEbS?=r8a0wo`Xb{VgT`PH9qwUV0-ay}miU^yXVJ`j5T5Kkem%X)hnX)i7gvX+Al{ zC2HDy4u$oGB|YE`&t*L1vHbRQsiaS7#gV{tmfG6`X+JS2-A zBkOY!Lug(o;dDZX1PZEqI;dnQ>r0HXc?g{&j(Hga(b}_Kdd_(F-FJv@l_l1x1R_~w zkqs&Wm?f9lGLk0>0H!~VF096=f+y3jJ(L-~mMX`|Ho=LhHZ)xrV1yhW*i47qIuvr+ z*y$9^=xYr6xpT7xr$jv4F>;yaI8`qn?e_spK=rnO1lK1F=mUVFH{x^W}_e~piZsyRA1JZ}A%_+TpZdtttqPpjm}zq&zxH|g(v`ul+X zKBT|jHg6OQH;RQntzvn@X?~VauLf#cJrg&j~?^VI9#{ zHMmAH5gdu?KHGV|{d(`%>T6niJAd2ROa2-!`19`mvxA>m>$Y~^ahZgmrRa|(m?58u zYnm94xMwUV89;}D)AJ^9&uHVG} z{wklZp8xBHIlN&G|1`{DgoKs?KaS6F3zg$5W`omWAjfD3NMNtpy-3u?>>`~j=3_B{ z%+8V_2wwW882PyegsOJ20I{+3k= z<{bEvsPmTU^wHi0>EzmjOe#9=jPtY2n@T_55Sbl0T58nbalRQeybG#katieks z>;RupYT$|HL~}#YOl+>lyN`8X&T}W2id(G5(xvxK;6_VU3eNR_k7x?$(Csu6AJ+h< zE|yvd1T|j3E@`m_-ENEW-Y4wSYtp_K8h_-{lyyggi)1*+*>7<5!>wNLgM@n!GkEm( zp^nvWnC|02u1eq4yPPAwnH=rx{M0(yIc`K^rj+{L!@3EET}v@S9;a9m<9?qxO1yO! zIRo`$9vXX4g_)yh2&K?2F3uWtPh+RyBD8ca$#?q24EK;(rpVwbBFMJiy}e4)S;=(L54eS;tK}#3M4eBt5~s5ktD(KY;N4{CXH3l^!$c>>%7SElqbzh` znIL9WlQVHq_}S3zNZ2%Li0~TU6E`v9K9EVm?ST+ty4gvc=|(oDAy94N@J0iS^n=O4 z@??C8>t6$d*y~QXWMoeWcZEYb(i1O`XXM1n1YxGt8*j?x%xEj>c^Skb9@h z-iuvaElHA`e5+_Vl)vW~bZxaG?58QT$$9M-8Pbbdo6-*8_A$*@8%ES4 zc-PiflAkqCA3&Me2Z1t9Q?vJB1MrLdz&)sN?Jx`)xxNKhlRu)B;Y@M<9ks8u5e3@G zBDOJlpDqd};tY|wrH6t!S*^VQV0thYW_LxWAVvKFUYQqrgj_`OQ1^XZRVuTc*PvIsw3UXv@ zVb7c`k?SvTT$3|EJ%{)OjE1%P8HPewp{eR>JXRc{b|GWfQZH~#7U-;6#rUwWN=;m! zY^*|EfDzwQXH(%L~%VhARfucx-u>+;HA^c(>!b5N>{s>^cv5-;o z=l%ew^5CLb>Ni-LrrHK`r4GnieLNVD8yz@-yxqHOU*$}A*etsa&6C)R$ypa{T2ZvL zzMHHO5vK}mGCd@-V}!VNubi`*Q&-PDh8w!T!PF7_$bPu6SdLMF(ek*nemMUy9s_M< z!=}#0GC07CTtNZD>s>xpODp$@#K~d8R0>rt6|g$!qw0!K=!!QqthZvD3-8?xfU50x zo{>hr^~2u5)1T@=b1aTDwj^dhb3y3!P$(3zNTt~ihV?b&nPa_IckDAgyAT1MFVtu~ zrG;Y0P$+>bR($ECGZVakZFh^p2Xe}0X3n3&v!q4G-7p4meero1?ZzzZVerm&9HCf#tlN{8`66j7Yrw3)o9ac6noc$mt&$!jX|V`SM_k{73+Xet6lj7lj7-lO;iUTv6QuZPBHu$eV9RohlDSydk1?z$?ydlfU3daUZm8QazB{6u zX)#1_S7c`Z?-nlL*+m;A{6P;!1mCtITTS*smoyYmgVJF`{rYXGPA7kM*6wud(`ItC z`(k(hc*@)3ox_(?UcWv%T(caGysN`2<_2IRxbnAk3cMo_#|J|S8X5winH;nZpB?P) z{ix9>W@Fi6WZ5TUg;gJom7gY8fU9(bA=17C;gNwR!t2Zw;#Uvk9AuSGsYZPo$ zKq*Q|XP&yPNa%}MKy@S|AF9{w*hRsFWr>sCsdQ?+h31l-)k2O1znp@?J8* zv+Q&C;96{JMGXf5b&xCK?U^~Y@^o2znY38lOxUlYBxPg1UlLF~Nt zX@ws0n;)(ckOn7|EFhw4%yOrZOxow93hpL&TPI$$eEXU9vJ2cWto&1bR+jS?3N=4m z5pR7&+2)mZ^eZw5c+~;HO~ltwhlZ+YQdPPck(sVFTt4^FK zhOEaiw|fHk25VO{%%_02^eaj7V>&_|-<^@vgk^*$xw-9L#JJ5MGoSH|!Xz6nl17U# zk``-0vg81U=j0EKHVJ093npe`h?crR&>^~nZ+cCm7i`4h$sJoWDQ?OdVp7)EOPd8j zYdP=Z-OhQc>h9*i?7cV7UcYMn2=uY;8fv_q@0?sHY&L3Hv&LB>QYytr;*eKZX=WJlskkAEVEb|_67v~s}@(9ABa{*rR z!SJ5CRHgKJ>aSi=VVsRQQYq`yV%UM6Noh9j0(DD)m8DA>*Ah#P(q)q#c(##Ma zMv=29uyT}Y4V2hmjYVJ^7DFo`y4GS{rn@kP{-gr7iP?BYwrRpGE}$8!zQLtYNk1wb zh|HtwA*oObA_AP_PM~3N9|c?ma&f1-qMB)@DAd_K9`5o|)+LWJRh?8%tzJg5`1A^) zgG2mhnOm|ym9EZ1F*~_S4aBw=OBYSgK?sSP0-A`jCdTqWZ>5Ni_^{!Zii()*BBgA3 zPBQ@|147K=O`*l&pi6`sAuxp$n)gZsRWJ$YBv<3dF7!7ijKZav?--dT$9(+47O7L? ze+|Bf`_D}OpNH$Kq5tpt>izrcH};=jtFv`+pKggV&IW=3DCB3)hV-qw+t-t zGOB&+E+r86OMXRe9k(j|jEwINHsR6Y_n03MYpy7LyE7$gz*z%=KG#Q05paO`bwY0L zk%vR%qVWf+{)Uax7`*!s>jp6-AKiR!#T<|9>4<8{onKyU@1uVf@v@B?N7K41QMK+- zbfmkBJl^EIbelIz1p;o|cM%fZPh5k+Bx`pM}%Cp{6xTX8yiE4h@oE;Xr1P_1%mQc5lx zw2dwI0?})zSCq?72>pk0RTnC+X+3UBIeO$m^LxeApx+4#(*5>41<@Yam2(&K^wM0( zdp%hM8C<+!v=nk#L;*>MpM33Wr(0zoSSX{n!*%KzeS|{TQnuGyiCGx(Ua{-ZFjqDN zDYD%RAyw|yAjF%X%eP{i=2zVM{hoP+LXn1XC8kMUn;v; znS^_wv^>!v6{jqNFVKr_4~Jeg>904>X*74*^umNGRPEnjHj-^;@wf5I_6I&%Zgraa zAQj#kjSRS<`z_rt+7r zT)>S@;lnP{3pB}-$*nrRG1lIf;k@wln$1v!myZ=tXh!`?$?x+k)0_x|-t&}v$oRst^^#;Gb-AZJTWNT2<(jF69 zWW^*#4l@wM-Tg24($3dP>|uB@aDfC$;c|7-(@{!BGT!Eflp-!jM(G_8S6G4I;lD9Mv{67>{R63-Eaqflmd4 z48zJUfTt|+$~t2XuWWp0<*Irkjm&G(=3%%6x1YW!p~`lT0t25>|>(=^ zbCSA|QM>NfmMdargCS@9FJHvaD1AgX-N6%_7X=VE6!4x#;?UKg`;)WL;4%TW3Jx7R zzO2u?m_4C~1H8WANDb(zo%J!qMlP@09W?8|*PmRRV8Sj<%|(rLdw3bPk|aM!lBofn zi--}{+gmFDE2s&$kd9oYbipMzOB7O*6IBfoUQ&-*O}wbVSR9kFnDb(w3%0%nGeTte=JS|j5Ue#t-r^P+KnayBO$wE9nWyk%TBL2lm`Y@k=Pmp zBo{L!<5^s^-%*YxI58Ny$-6WiI#{$v#4+Km4qe@~F=Bwm#Ap+viX-Lj(Yc|o@lV)t zc>rzl{58sj;6`CTpsF-{Qb3lDSXf|S65TH_y)Is4A@<+`^2B8JCn?@y@d$^5!Kin| zbii3%C(Hcc0>|uZOmnjmR2L?N91>w@XX37|y6w|3-vRQ?1D#NGrD;$~Le_|Xi>#UA zgETxiJ)Ml2NlyYdAy(mLw?jaFbJAa)^j$ELbVT{U5sQ0+oSaSoD9G=bKqRoimCzgZ1DkcjS9*p71ab(u39b)f-*!- z1RFk#V>Gags==6C3?@UG3bH7#IA^RPYQB)L7m$cRNc#BFHmrs-sg_O+x8q`8e0ky2 zu3r_;Stzp*$fG5c3gywHAc;~r6-B*dC(hQ7bqTBp8cLw|0?{+JI0|+)7~|s=_B|{L ztxDIBT`PKe21-JpFd@!z+{*0{SHBmGn$KzPEFc1(B8I9 zPp>QeO^L6@n?VUfY&%qX&llF)&4|Y^|Ga5$wPoc7eMi=qyUB9e2x&+17*e}DY9pe{ zO8X{Dko*Lw2wV6GAc=C6mgf~G6~E+$5fr7Yv}HU-3OuKvg>tb%_4F}85aVt6okovv zr#Y4}trkxA+qX+wkkw(q2K9TK0G~i$zfsuf#1h{y zqrrFDoRJpP_bF_WvD~y5Az;Rj?3*t=erfvm+pSg^a>J@({M6fM@5${lOLVTah_bcc#1G^L2vFwRqzaN30^%f?x|m#G}Vu9{uu zJb>_G1Q5Qo@P6oCCqsh>&ONftktZB+&3MMka~j&9FZ-?hUQ?0kV*m=#3tE|wH%K&g zrrxZ~Iu<_R;H)|u<|TPV=cHjnEyM73({5306f~S!<#|-u3Gnl)R;lTs6lL&f`tfz68M0qS1Q^KiBsNwBg&!w$f9#VIVtDZwf&M_NOT`@o{2Yw zV+j8pu$4$9-APr74bvD1I?5QqKSiqG%P>7SDR2PPsh3OJyEDDhI_Oh4V2St0L2x;O zh>O2U{Ck#H9#eX`96P9HQRwhmhFYkkhF@=4s}~FB9^9g+;tws2o=!%XNWhyOy~gFi zFA3kOEQIWXQ+V6;aldeFZ4EC!eV-(YWC|_~&{fR-Kv-^h*6>yY*BCJr$Sx)q39R>c zFv?EbJqbT9CFpKw<`fnpY|(>tta*5IaI zej=i2^h=Ije!VU73G&W$rJY%_!ZjtG=>kAW%K20oXU3=_nyxs@KAlI8FzF>OU1LAY z;?k?w^nWAPJPas3r(S~HG&M~0@5KQ8^XPodhPRuY`I>$QZ$NObU!JFQ*~Ky9PnoDv zWP7Z#k|evpPyt0TuAng6UF71q=b$nq~p@Z>(c>ROFOmdSzXW zz=OACJ*6(bXSOBrjSN8c zbr2W5-M85s$omp~H7Ud$MYL;%_Ja!&B=2-^kz$l$w_k~I!-N+nY1+4UJb2Vm+`QCP z*By!{pvXQ6hSwv*4bCT{2P4Ot)Zl!wzIU!aYvPB?!Dw_Pb38$HYBrW2 z_eQx+rxK7zVp*CTpX@o{~8|+RrBg-=k>D#6Z*+L_}UQyR{u&70#kq4;NC0yJ2jBVyR zM#iQi!l9e626TwJ9x;w5<(}NCDua})R45#qOsJJlPCD603O9>|Dr#%8J^6)Q zVghE;p#d1PU^mlS3L8p9N+y(QmX&A`b^>fT>3|h zxb``0;B@|P^Wnq$YsLKUs}CRC@PA+9qx_!>`$pmMek_NBljn2A0A2mIS!CpH!am)w zbAK{+u0TH*#IcAlvVA%l&=nTQ`tR{J0xcKdWQBuuG7^K@lk6&3T+?=P_gUz{$tvzVLWk6eK8qg zf=5zG zm-&gJ*s>P81X#7?Cb^2525B>|Up-38f_l~S{9*fO2PS&(Y^U|(&Ngryv*zo!rQp)l zFw*-;J5PDnwa&>ev~qJ_M0e)=^(R?mW6odw>{IF&4y5>DG;0in1F^-v#dEe(y`a0V zp8f&rnGH`rXF2Dt9$k&OYsVLJdiA;1a>fYeUCOze>G!gJgcii=S7XB7AA<_L&%}lK z>ql2}{_1gTm{ET&beJ`UdGTTXb}A5J{sxGJn6rT?r{d1v{s4^Xr0+imq2{h0#fQ0T z$I)qe^|`QV#t7y`rn#G`z@@qCkD%my)u+&=KL(R}pNUHI*N@Yd&qSsf_2;8aUkIJ% zZ>NejeI`Q9U%!gBT@NLXeto&OyZ_T4fR*{x1%l{v5c671L~-j{EyU4tb`x`9=o}-N z7fG+xR0W=1s|_t&p+Bl=0&c# zo0%%V&)tg44*Ka$XnN02AA{xvov)24=ldUn*uBrh?D^}*&*#s??HTpwJKw($cF$_Z z>(!>B_x#OF!L4hIh0@f24pgeRl`pVQ=WnBGqt4$#70+|MZOU5CFD}oK>haU%xp}L{ z1+sZ-SIBcytIsFTO&`JB^4z@5%%ML145@Hla8B9YbGK2oE#{sCPzSt9sJQNlH8V{_ z{X;fK?=yGD{PinD%+K2&GwRPNqJEhjGJiXjBI>*iOgp^3%toERndwMA{{m+%aiRb8 zCMwUdxhGR8yI*Us;#S?+KR*0*{yjR4)`ZABG-2vjpPSR`Rnu2jZ#t0X zqhx-0Dli0l{M=LNvk%945aapb_KTN*8S`PsoIJ0)vW_j*tb5sVV1nw@0X zxz+@yn?RT%)2VXY+NV(cBZWdYc8%@P>3KFz+31mMJjqS>vOQE2$yjD;*1#4_(Hgbi z&;@)xgSEY#Mn$usDMurTH5xVdsBSWDH4$%ms)a>$7tzbxcn{O=d8<2!Uk}H7n0l2w z1@f^=o{9ySavwBh4%g^m>XlP<7nRon@m^-#B2;%2)tJRQnWkKu0<3HFFjapyYpcz- z;8UclX$wAo4^suW>2vT$ZuQ_x$MWz^sAnN2-e7z)X;o zhFI{lh>V<3W9@-3Xf^L%K@W-rH`WUU^+B=VgUv!geK3{3B(^f^FHq>95x(&n4CZ`&l-auZIn4Qbh;WYAU@_-}eu=T0pU0eY z7V~xyWisdMBhEQqkIS5|r!sFhKbtuxyyop9%4c3@&&{#w5iW4vRiCqqD5p99EQEiW zgVmhB&Dk)y?nsMlK=RdLFGZ+%SgksxW}MnUu&+WfsFvZqmk6vMKf^UEc$OIR5aEK@EF_* zdOijoouNx-v4zsC`z}ezbbX6sH-O!oYnx;0v3{-zOL*6Sa@m)Hb>@FLz!(eWg-uA>DV( zo9sH;$7^-s9l1V58+om+%C1JApq;!{k0tkmPtjIhtH-j(!zXAjueX3jGvrUvW?pZO zb9XsIyLr9c5VL;$1a0TFIxX2deTw$;dcd8#%PG3bPoMyEAlbu?~r6r*?B?PS*V2}c4QHW$Dd2vQE9SIUnMM zm6Fr=PfStaVzOubgcX$eK=SfZY~;E1lyj*aucb%4jzaKSs=e#z=&q%0yRO>oI?AtW zsj;r3kGhs-X)YDfd^(@`bvSeCW9HJX%%d)uQ~xoCNPbQE`#O^LyfXD%((@d0^4t=! zhTEJTbyE+%Nc_i9iiwKS&kq1TBmVc=!_|ky_}>p6tlh+a{2CvP|9H4_bbN5QV03ukca&|MDltPxvDscsO6=-*t-oO9Xs%lm6bPzYpl|!)81>@EW!S z|E}M}3cex#e@60eX)Qmx=khABdbK;SITcJ21$~rHPVi|llY`5I5I*%m8TCEqP3WY< zNE_(~iX-e3K-6eZto!v@7DPP@gOP8sSC~r+o`VcpqhI~W2WrG*l90kvl1SvRJ5JM9 z;c0)+2Wk#$GU~L-X(m`jjgYJ@(f4q4^nykneGVPADkh7$?}G9Bo)Vuh3r04kRA2EC zaU(T<*@f>gA>^Q(*rR6sok}msf6*;yIeCZX50PKUNtj<40aX&*=`)i;!awW}oB})d zPusoA_7z1yjlJy;p4lJI8EBNJGr34%n_rQ1kPzg24ixgIRA@TITCL{%EVqKk6ofT= zMBXhWKrKmlTt>)ZXMRcKh0F))=~vq#=^$aZVYbD5auIpu^!=uczye7a0j%nse=HEw z#x%z+st|dg6JQc8@U-CXWhBxB@Q5dD4eWk0SWC+@$vT`WHL#rAeMZWk-JPRk{r&^{ zm{VhR(7d9P+)nDIvsm5(%L-j#wu{K%=-p~9PV3+oIx3Ij(|w-GfFCq zEX+%HzAtb>!_fpY@FXvZSjFeGcknZI{eb!wYklmI_Bzxx3YH6Cj_5H_gB%#hUT<)T z*bDUh0!OewDY0Dz$~kU2B~4}P;Q8~Tonzc_VX7a=^*EwiQAr8eOdJ{XPoVX5gyf3T zK!(*%h?}zYg9pX@LbUG5(wI{pQH3#OW2hNE!6N8j;*OFid#Mm3%&z3 z?-am5Pm8?z-+~|M4%18A-yZg^=_D}hFqxrv4{oJU2{#exyli5J+ z&)E~RoFX&e`(kFr$*@BQAHFK+Op3=b-5Y2dR?Gc=_rOw(Y^8IR%1;bQa7^*u2)f(c|9`^FJ*yw=^?Q;u{f-GZrUKBb%sl8=vNr z;SgknRPS2t-mqn{Jen-5H_8|Dh8?s!saVl`AVTGD8g>{8C{!^13wy zU^OJ=aE%+SFHuTh*FdawIJ-ve({Z6tC|>ErQI?uskbXk9Sw8HwuYB2fu}R)OOB;Al zn%vM48C#M^`A1cGpr=+sxwV{~PlxKu{nrcXn^&YB9m#(D6MPMSNM$w#L=9Y3++M3>UhXfUE#1~agI!yLF( zYLDyMcDRW-Cgk_#tSM1{I;GE;hUszcDX@h2e84Accc6O5E;L4aEdg5Eh65nyV@n|Qi>_(w=Hb2=t4w>)sNa0a9w+DMA&%swAnV*RTG4`0;NuPm@?ehLU>yH~@H zw@7<*_WsRVL2meQ8sf3E5<%tVHP~Ds47E#av&oIkvDTJmR*yDZ%jh7fg?Tnz(4%QI zHdsb1Gh9o>D~B7W6-(uz+twmO$DhT~2LlL_bXLuw0Pw;obB#$bFjR-F8!ensq4mh5 zNdNvlAW-tCyf($b+3vODc_$j2kzaV4LEG~nT{xI)O^e23Q7}Bwr_5}gnG{+}zVUO3 z7O0oT`!7-6eu2*v`5%BdUOD{&eN31C*Vi}iZ24o^{<>M<@!^h0_ z>y14$>TJ_6k^&h|jWLb`=_v;K0KR&gyiqm)?78x`Lav#JHKFff$$cfGwKos$-`{xf z)|b?F)oQ@~4ojPB>>LO-+Ob)M0wFeE;fL0U$x@g`z+E}W7hxlpPF0kUR$0nYgUr%} zg?vFp#e%aS2!O*T ziGcz6Y&Ce$ccM4K^~dG%LA_z$6CWLcJU%!FOo48o!15Eu_vCi6`k@P-2%ZBjBM^Xu z*D+jD0kN^Iw_8cRMX{7}o;Sh}fLzb1eb`_KT-76M2ihKMn@dXy6X5)s7Fh zpYGHbSuR0Mg+qi}ouqy%Z~WF@Y+{%Cyh)DU3JzRpFU9#%`1s?(oUOa26Wgpb>RZIs zQHs9(?3p;&(h4}}Q*ieX{3}K1{}u=TZwn00Djau(8vr}SWAb~qn2Zn1is%54{<$}_ z8fIwn#=*uTw7d~Ck75Ouh&;#Q`0gViG?EZ1MdZU1pb&RO93)$ERR)P=ITn8N)**M+ zO!`}aDR)Aa+-}8#4j;L7O>X5)ivzs;G!VChOgo@ys8YvwjpRwPhR6)hPA`V^EV-Km zC6<9BOcw7gEz;7g;@+Sk7YiX=?)A{(wq@vwcItntQ$?s^D!sdyW}PnDL}aPGCU0dQh;p5spR zGbLSQ#SD?O5!T9AMAJoVZ1GmF7n^@mqQrR|C*oj&Js2b>N>R0Kx4f1FS-CC5Tc(B? zEZ8cBl7N4J*-X9@{Dkj!?=mPt0*y_vMH=qpb`E{?$KCpEPrw&%<@avoNYxB(XK#6S zG!y_XRd?Y0Vf&fv@I`Gg=>m_JnDhCjq8N=F8mGCoi?c;dO$rilI%7U8AI!Vvl?=zSVHv`i{y&oyLP`TG_ zk71@4fId%j(4lgCS=>)VkmkJkPDAhpp=(+;(X z=KF|OBN)Y))oR&Ax`Ku7xg`p4{-er@XQaRpc~xZ?SRyMjiivwsW^9K19Evtpj4aBh zESN1nVRtbjKt2w|Cn}`EF5PSdM-QL!TiU$)!p-A1k#=Y^7Y7KXZo6V6jW0i8mqMfh z#W&uWuMwV)*fP+_)APDYNSHqoB!;8b?(>(&avGoF%Hfm4ofnVjz%5JWUi7B}*#g1| z{3_rxFu0_H2n$rT6TrlGTS2dI&U3GoYwYHWYa6ypeHGjOh*U^rUb5gPE{0ScMX7fl z$pBrQppG--!J8`aW_jaOaCeh65M|MW2afPApnsCLyX1VsmD~`p-}$Sd=PbIx7~7$~ zL(j_I%?uJ8j$@`4eLNmoGh zgPFKS#W_&BJV%gs0bTMsUGF`%uxln33LqqR8tz7pWdWEh^oSxKi#u4E_7;f=DIJuq z4P@Wo{TqC~3{b_k?)=ujBUnzs+4@M32T89zI%60+XzaOnqz^{lK*St8Q0UOBEfxXP zZ|Z>8KFjG*ozS@9S|zTW8-kgMB}l@ko@2{8#wA7@==(2s%EV29 zc7zu?cun9T-Wl}ojERZKb9mdWH^}1O*mPEEf4=20iBnA{Iq`iO%c=srbdMlTWXbOZwV-hKI||Lm0&bWrarz~ zl2Mvf6IAJXQ8~RBA{7}UzEgc<1n41NpTPQZSVG_uxUN}c0C$^sg}jG4DWq0ykb8(j z!6k%NuBgr2B3(!ZMX8|Et6p5hZH$VempY6pmoR}3!xa7bfSEeYE|3EwZ+SP`({tpW zbZgL@m3X>giP%Yo3?knO(r`D6w>r0QKi~Fb_jcdWA(C#tOV*qKODoT9!piR)ZtuU? z@k{Sy+*Mvt*aG_l<;Ga#NOlhP5WE*{IJ${YAScP>O6k>6i5f8ucQe3p$Fnd=sx1O_ zusn7%>_JOOPX*d#C^nNXinT67KN`SrN#1kgM9RaHE)JPss`>?`uBCHFM-!euen9*> zb^?_MYl1^faE-iXL6(EHRJFPT)pyA<-4Eb0x`$8b&fuXcl`COyfr~2I;tDJdCSwvG zN62C$5>sanA5oVpkqMTd9zQfZ9UhP1U5pSjS$Ir}&H1RZBTz!PX3gGp?Pvfn_+7lJ zmf1UK6!7p<=Pf$0K=~UG7RwATHtbz;$?&jbMljePTqn;j(w=3vXfVZZ&lv3Y21*)wV}o^ zAzR_eum=LMF!L%7q0$qtC-0-i^9gG{mzNuIs_IQ#c(;`Sd(0gsTEJYAg||JoI*%0A z889uhxmcM%0*b$V6MBK<*gbRN6wd~b!i3)Z+x8v>`us@`Yjb;gTdqreQ*b_n01ycU z-7V{+VIm#1H^fy}eN;#%#6Us;C4^2RQk;a4LZg@F2a!36zM8D?xKKF2O4nxf(!j!Q-XyE=@$aSEiFv0M?Ul=Y8CNCfV z`x*Dm@v-)QXsGjI=je;~G2Q;}!Tt4z8)W~txxTTwx(?;mHdohg{J+1-r{*KgC%pd2 z-ocB71;B^e+B(RmzmmOOZ9l!V#%NO~f_edQ0%-T>z;%=*Awyt1 zAhDf`EN^pbeEhXfvL5jS&>M)n6hkVhbC36k8VuVb)aX)qW(n>|^cANp;W!ITW045# z*Qk^BN%>f-4bUceG@1J837*7;#FZj$L39DF%2zn4J3`Y8q;X^)8ez?*|HT2GSl_W}*~Fz4L(lQTVh9eyIGRB^em3V{Vqu2s2eJ>?_Gz)05a)djEgiG2CZMD zsPn<1#byLKVKD5vMMuMWy+J^Pu@ICv1`^MU^aO;~T{RZv*9@*{#r@QZH7Fy+qvSbM z5St6c9W~kn)XJ~=gasJ|uVRD6G*Lq~ki-k{A;WHNkWScGd-JvQDA@+UF1rHAqz>?| z#8zRQ8DGIHBRh$0h~?cQ3YRqKW$4aMoxN`ZlQ+q^fF@}L#*wc763)v)uqloN0SdI^ z^qr>xfY`!~1<`ZrjbdHG7D5KHgCT0fmlA`n+&5y&QB)?QTeNS6-pnGRW-TYn-8>zS ziRgrVcCLUs!A%RBMtUVnRc!F86`NtS29rPRT;e|x&r_P=jJjdP;v9h>E~5?hG91gB zvkKggEzEE*2JmMb|n`OFcAvT|w0xOjd@sAnFdnvl#P5PXHZ(JK;CON34i=U&== zr+{ur?6^*f8dzvD{g9pt*vpMn&YeJp&R|?}&Lwj-#j6K@ug|+_T7KIA>S7i=u4yNH zO?=m?Z4$|)eOsptF{Y=g!k!5$yW|Ga^LOqq%CzsU>6?*ljC2rb{m>{rgjb7^4H^)+ zQY;&~OPI_7+SCz_&cgDJs2njFEIFNzhnAQ|QA2qA<*1}279|$<+-t+irWb|9Qr|;}$BX}>R2@C0f$DJ4BR+rHl zV3`{edd?<5$bd3dkio#phY!+EiDf0G7xfWZk5)ffBr6ll#fkM7mC-=992Ky@`jmKI zIymsOf%@rL0oSk<_;)xdv5%ix4?(vGa@8U+Lli<%VXmZj%|INh0O@~E!C-kW{Ei*{ zlXlj}U>DOu1N@P|=>u zi_Tc+FEd9g&nF|gRA6B)QaWj$wNbG0bHj-ire~M;kAa=;0~sf81p=YoZR z>l<%fOSGqHuAk7-=E|vSXp(jAol#WY*-gUsD}qg0A=uyZ=l?v-SY#I=KS5tIew@h8*cnxiv(CXoE~@ z=xjJi>FA+X8eI7Q{+85_c3=FT*Sp6J%7)!3NhIxeX@aI@EuVt{`LFS*W(vXRvZQ^{ z-yCx^MoeIBCUBs=PhDBPlA}F|RZuQ_M4XhwT}5V^99G2C^MP1}hWpR7|*ktOB6lRoR0c51uN|xv;hL2EX zl;D)BR4liME~~cmA{WQ#u^8+X4mX4%x-XKdiPxHhUsK7-6led)hQ2Z%Gtq(;8lx1L zg=H+5eCPFOPb_;Bu%67BMpSN$LCe4BshH(>yNiP38EF7w^3(D!C^AWnf-<1UlwF|d zUBYoof%Tz@yo@PDBHFw#a(1yMY>CmJGXZ2kyL?fcp& z8;q-79#wFBl+TN1iMJW_E!hc4mt&SY9Vc>d3wWJ}@+5FO9d~d~fwhQ;_k^3dXVpH< zqIw7k4UDZzEOQyPm?I4WX7j0xO2+XWRKuWd2qtEuRmU)eNy;+3O}@LJo0TU~v|(H! z))||{Q=P?g(q*v(Qqp9V2psi;rsLS}V1!m0*e6TpP3f2f8QPC+1jA3wMv9M5ETLD49t+mxSKU!eh`L&fb)N%p%!q)Ze zy1bp<&-zO8GRsfXUa#FxQNLxox_2@;V~umzXF@6@K!E)NPI+kYlFlqNw}rh%_}(8Z zD-pwS-)x9t4@Shvb26I6BEcO{r1&4man(C^oMwKQI4MF4ll zYEdFwtY!D(hQYe_HdH@LJCt}LzQ84oo4-K_8;A3!ooueGF0i?wKw;T5LRxmZ)&n$j zP8F`(O%nNhTz>?5A=E#B6V=uQ1vhlUYW&)zg3M~X$%Y!iYizN#&-&CrwRH_ z6YN(|_rUJPtiEPLL6%XmfEHu33^G(g8jt8jjH(Nkk6VvqSm)Z0XyT0aQGcUmqK2VxRNB>Jxaq1;KyABlEJb_|82U3hP@!8AU91q z)L^(snbvA+e@%{dUL8{qi`vWf-^C13kc!eAV4RhJ6wFPMb^r=}q&tWz9IHa9joY^N z&W<(OaC%%0M(_MiJTlzU-hUp%2;63&(97+h(K^c0S1Hj241!OVLqhSq$4%ul`moY? z+hElx(TV7q(FNA|U_iUY4y4^XL+g-p@+9c^DV8b^kPqq6$(oj+n1|#7?HjM-=|Ou(}KGTm*sVr}9&aA{7mvt@1>k8hJ%JU2(U9cw;0 z!8BQ@pYFM9cIFRIK$Ijx9dlp@wSmDN^Oanl0!3H#axNiL{G~q|`I-axZ|rBDP<+ZH zm>)Ime3dvWj5gmxi(FM@caqJYL|2nDnVEsj>#z!zg26%u>q>xJ(X#8wQMeGoUIWIv zG8?u_8n^`;O{Wq_csai@lQeGNm@CJT1X#6Pz$!fH5Pekld6GIYiN{9DP)46NM@&Pa zOJW};ih)BiJ5y8@Ag$=I)&o#l2H(SRVPj>pw*Da5e*J=iIn`dJqb_py{nK!t;OH!m zV3OpZuaV>ddgpO(1)UIqc_xDl)~q|$d1d}Rx!V^G!a2-IA5P7QeLIno)F5aS8mI_z zjxBV8RE$gr1h@)nw04K(bNbQ+%y@Q5XA>qtQ7tMEXWqp$9bkP>5x|8Zj4Du!nY;ARUef8E|Y+;D2EOYbWHNv^x}7Euz9* z3AhUK6F<`%6}Hjsq#s%&KeRYa)XLnH(G+nDgY*h;u_st&xKYvTHkEx};BD%cpEXis z?Sz<%+ z4_H=2`>9^qM>{gy8_!aen@J2MLjXUtCSC&rT-JaNBqb_f4wP5cR!Er<-inxWxD4U#+NnwcOh4CII6XpvJ6BW6*3sCvU8 z9FJIqPDrBo!GVi?6;I3=!X}=WfJ*HTa1>maxp{Jt$=qqkYn0K>W%1)S;E!r7W;d|@ zZSoUo9udbh_9PE1w*udaA0UuAg9m)DBC+sFprl+t)RNE!??^h%*#WeT!$J9B()Vm9 zQEgNY5dVbI1ktdBwHFj6GcAokV}790=E$x%E8VC*EmPXa*RZ} zQJ;d1V_h%8^auTAn8i6MA_cVpn?0$_*)|btAy|h4XdP)g(gsrBT)Apmi_UD=21Mbp zqOtH0e6Lfm5K^qu(?&DU$Z;}Ttcu|cn9LV?6PUTcDWt;GJ8rD$Z$|5-2{u-A6=0!& z6tnGL0fSCOy;xRNlG86A!XCFQ+aP$v5X#L2vv? z9uwdV2bbQ(uOZUS48CK7CN%e(l&ZQ*=qy#uo-~cx zc{+rtWkJE@EPGG12LoR~{S`MjSd5)uOka3MxQ;fM_^R(|pD@T##Z*;ed_XvP)6YaN z2@8J7bl6zc46N0iUY;!X?nuZWzFcqkk!-Fc+o8JM4TCo+?4fp#>)MbA}1%rIS2avA>?)!YMb+2mncGQB0?2~IV%FX1v^T|ui9tnj_8zV0>P&sSVu>np-VMtj7;iAjmZ9;04>{Ug>Sy&9mdoLDt!Fl5#Iv5_ZU z`>w){sNk{5ZZ^ut$?&|LTLVnI;p7vBZsp~@z0f3rLWk?_n0G@bg@3SVG@9@@T#pFbEFN)AGU_@o|CZGX#B&wNP>@>t>phaER?R-+wmc7%BxEQ) zwkfWOLBu4g&JBR6_MnF*;yG}!LnODzM$qkBAC~gyVJux}Q1phw`U{d`^9Ze2EIT_ToPZh}r9-7MZq zj4uavX^2libU8rrR&4-~>m!WwS?yK!S}?BS8rFgNLeG}8)y9yg?yU+t%zUxgmColr z(2-QH?(m{Z&9cyrg$;yJ0xQA|7i+~ zw6+#w2{L#e-C{*Skra>4dFTVGU5m%9$Y_{@!U&l`bQ(^vMS4x;^*nCIjzjV36JZD{ zI&ml_=BluykrI)A9a+Y4MP=0lWCgMkV_&~%0t1z>`b<6mgk}h*WNmDXhbKvAU6qDW z%k1Slx(`HBa>Y`x%J$Kw3UV;R7+P=)YZA1D05JB+nseUv((+lT54DJ=kFv4_Y-GYIiwwsrADrmDrClVi_a-iSGjIie1Ep}VtinY`c;Xq| z{pQN1hY|`WXm&N~SP2KW0oos{!i-Qzp{r^6otcjbL7m=f$WO+f)P3O^b zqd=V2xHgQ7f58fV>MyYQ^Sz1ar+4Ia_TXXCV(GIuf#i*F2-GwgN@S-plC=l!B*l&P zBgld%3WW-MH!~3C_VG0e3UrxK((;qordtDFF|y~$os~N@#5*hSMPdiAbasSCZNa^O zj~t7T>-S-#KNQb63Wb}5$FCJ~sV!hbp%uO*K*VNA$O5CsF80$C=tI5l9flLP*?MbE?sx64vB^k)IO z35#`|#ck9ja*W^Fw`%pcdcStWIw+M4fwVv&j*8(P@+qd`AI0YA`U~2EWXR7ugVTvK z#Gvag7*+e7DobE>NEP93?PXDDCj$yE6vaSRxnX<@QInUPkFpCS;Jqby0xkvgy~aQZCQ0dl*&v^&;tizCBkcvB?gJ4H)oL&Ez=4xK?tciF`D zC}*ihuG{BIiimRi%emayqcB1K$%dCcr%Q5b!o;pOb$jfkNCi;^ z632|roxyuqp`V#Rv?2h}`FYtc+-!J_%?Zk*6ndJ;i@o|6gu!OJ`MsY2OS_pG15g+W zNxMcC^kZPos7FSA6uV(MOp$aAwx9mAfAI6(&a)RgFL(BjkMvFfcSUU@`QNYict^xF zC1s^X({p&L)UZdBS8(VxE=Au{HPk3wW=)h>=RjL$N+*0s?lsbD82N)HshEQPV&zN* zh95T(W&8~UVjnfbaaP?e9EA%-B*Hda*uUUP(3tI)3p;` znGG?^8q+8VC(elrBt)pa03=Gp7mRG&BsuW(#tF$B$M?smr^(Z2xE-JU?OB6&AaV>( z33t$&&f3eSK-lS!&<$1>DU|fsqc*G(k5JE`#f_; zE!qA!Tv59(jJF7TgRt4_irA?OX;0!mgnyycC<=H?iGcN;1bXdcT^DJ&IFTbqavO)ES_hEQBfO|(tuf?mw}r$hR8lsD?J5Y8>Tv9 z?hB_RS`&7ya(3H@w&z4onECgVb|4O=ZMFMplL7a`WHjmbl`ok*-9tv%<%n$ChG{e; zH=rV4LMxA$8GGt{d8UCC_2TQK7f%vkzMt(prCg%5r`Cj+Jl{wrI7!vURnYP5^b`dL zCY#6x(-sioK&#~q6AZCTc42+q^+^cti8cvq@+}@VO1Hyw$ICXh=5V|MDfWYogS4`{ zVQxxp#j-l1lrLc1=E5=Pc=T`=f0jN;LZskh+6fCgz;jw&Pw$v6=H9t$@`POP{t9}iRqWV;W%g#m%EtNQY&wx#qI9RZ<9c95OdEO>P574_b zPzHJ5UEOneDi&uzB3#!zufdSmGhCy3PvXN#d@piKXcY8|66(t1fQiNQ^P!M9n-4X7cS$a8Yo~+zjnpa=1qFaW-Q8A;vI(?P8eS(r_K& zlHptdCW#D{m3l|M zYi(`C+mo|19368gR{j;=uUEa_Tv`8?h~+BC$LsFibhGv|FzI|(Y~@r@mkEDQ?SHFQ z02IN#Mh6s=#jr;s>3&Q6Ju4aeVj9;by`t%n&;6j^@X&p*^6=!{+Gf*-%vU#5B4<5j zrKlCb9+wT9TZJ+3wFfX^K{}?kOiVg=Tp6VtKq2H}l5?U4_P(Xd2bvbocf~dNK9x`r zDcMUQ2ascXgTWA~BX{Q&n8-6RTgn4)Jp}M-;MVlXLLjvaqwtPHUWf+n{r{m~7O=rN7Fbi@$ z0kVB1b{`BQ9u7}R!#uW2YIopJ^2y0X#ob zb;kmhyLGUj&rvtCjyhG6n1AI>vTc~6zIRKM3r#!)tr}jogxSFuTx=QbF`Ehfvkb%w zNdjNTEKf4I8sZG!%fT#s@x<+ZUY&o5t?R;gY6u!}m?eJm~#_n3gVYzkK#! z)6Iv^X=2ouovYMY)(M)&OE0hS5noMI+TwKAfb}k7DF(8I)2)sF5=TP>oZvx1tTX!& zHE;zLe#k_2d3*2GkK48NH3?q~IAo06)sn6l9HPu|nrnttR#mXtmpEo1HN&yJ43pSc zD^|E>O?;qAb3x{eCA>P0Nw5oDfA+-a$ekNCMH{ulvRfBu6K^isdn)y@U9Pr4*?>0I ze_}(|zdrbh8e-M_uuV~T*h}%eJxV*~W{>O^LJ@U5I7^YpI1c3WJWJ7L0XZDNXVhTc z$E35Xx8y=7Xo0O*+Q#&0jWBeb@9Qt-buoCb`4e6~5F}}(?dgM{vg;;XsqMhubG_bu zmREFw8vi`KMlieF#gAzdofRQAhCwcp^X~KS11v5lf0Lv!`1+UZK@+JdoIgq z{DBd_$#;54k%EH_p5h6wFU&OAW4`tyl8Ftg!%EoA;w)U+W zK5n7{a};Rwp@^{6qId6yRQGSni5iLZ!9~kjBDU_8yfx;4MJRNB)h+{qZDeh!0bif#m5YBQ;924`HZvNB4 zh?|7=KUdoHTk6=vD+e=w&+FvEznR31Nj+UTTM5Id@nvgA`zRPnG@6cBMBD>72`k@A zHDjuK(m;?0M8AU$;Fx{M*gOcc(+81Ox<5%h`$Pm?6oAA;^#h5bd_~_hVhb8e=H@y~ zOfcxcK>GOZ0zvETtx_@^lVFg9>6C<}qY{y@UaZp^BE#|Gesjus16=)PbAdNh#euZu z0W$>5`|i3(C!Nc zpD>957qhB#`^8&S5)gOLoaB^76|tmZ`td5Z2y0Cu9p!f(x=He*3Q)2nBt8+|bO*X2 z@H*iGu!0l|k|;&aH|^Tc2a|cb2`EVtm~fa_o~7~LfQ}4SjW{wut%$(ALd(65(wSJi zY}Di$q?@+!?nt#15d})3I*Z66VdOb`_(cdm(-;gTO!RJ{rp+!c_Xm80E;ixEJ7Axd z+xfE7J}xqwu}G5N2|B8$m_W&MI$~_UK*pzHeXH@)oGXk+26oLM<50dg3}%CHW%`4h zP)?d@-PQzVyl8tL9`NXU<^8>_r;glSs0Sd82JaR>w5eU$_+pZ@_E!-Y;YjtC&S9DL zRTU};k+@}XfRj!&?ZZM1BS%PSG-k}%M1)RHVtwSMMb*R59$l&Pc?96T00bx5wjU{a zl6v1*fR(o-#+AT}P%nY{yHGZz69JBpaqXnG_CT4_4R!v|eE?1IrN8=Cpr=!ZC^b-Z zd$HB#8%_IKuCmVwCDg=lILXi1HJ&3+$S$F_*{;}dexhARD6lDnNQkIf>El@>=a8P9 zd=BD{O*@4%7(hv?7g!Rx*+JP5*_{i$tmgO~o%R(vYzp@!oXs~2wOyr76hBTiaAw?2 z+8};F;vleh0f(yCb?hM^Kquo7A}LbcAYGGUXxK-~4O*Mpw|-?fNTQI5Fn&^r9I)Yb zC&M@z9Pnk2RgsW{Z*6Kfe_}NqZWi4rcwOLI zDr^@#*. + +.SH AUTHOR +squashfs was written by Phillip Lougher <\fIplougher@users.sourceforge.net\fR>. +.PP +This manual page was written by Daniel Baumann <\fIdaniel.baumann@progress\-technologies.net\fR>. With some updates for 4.3 for use with Fedora. From 9e354a6dfb8dc942c604542612e73757c5b1a8b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 5 Oct 2018 01:08:22 +0200 Subject: [PATCH 9/9] squashfs-tools: backport reproducible builds patches from squashfskit 5.0-rc1 --- ...POCH-is-set-also-clamp-content-times.patch | 83 +++++++ ...POCH-is-set-override-timestamps-with.patch | 90 +++++++ .../remove-frag_deflator_thread.patch | 220 ++++++++++++++++++ squashfs-tools/squashfs-tools.spec | 7 + 4 files changed, 400 insertions(+) create mode 100644 squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-also-clamp-content-times.patch create mode 100644 squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-override-timestamps-with.patch create mode 100644 squashfs-tools/remove-frag_deflator_thread.patch diff --git a/squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-also-clamp-content-times.patch b/squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-also-clamp-content-times.patch new file mode 100644 index 0000000..6a81935 --- /dev/null +++ b/squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-also-clamp-content-times.patch @@ -0,0 +1,83 @@ +From 32a07d4156a281084c90a4b78affc8b0b32a26fc Mon Sep 17 00:00:00 2001 +From: intrigeri +Date: Mon, 21 Nov 2016 11:41:28 +0000 +Subject: [PATCH] If SOURCE_DATE_EPOCH is set, also clamp content timestamps + with that value. + +Based on a patch by Alexander Couzens posted on +https://sourceforge.net/p/squashfs/mailman/message/34673610/ +--- + squashfs-tools/mksquashfs.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index b49e956..9f020bf 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -137,6 +137,9 @@ unsigned int cache_bytes = 0, cache_size = 0, inode_count = 0; + /* inode lookup table */ + squashfs_inode *inode_lookup_table = NULL; + ++/* clamp all timestamps to SOURCE_DATE_EPOCH */ ++time_t content_clamp_time = -1; ++ + /* override filesystem creation time */ + time_t mkfs_fixed_time = -1; + +@@ -2246,6 +2249,8 @@ restat: + pathname_reader(dir_ent), strerror(errno)); + goto read_err; + } ++ if(content_clamp_time != -1 && buf2.st_mtime >= content_clamp_time) ++ buf2.st_mtime = content_clamp_time; + + if(read_size != buf2.st_size) { + close(file); +@@ -3101,7 +3106,7 @@ void dir_scan(squashfs_inode *inode, char *pathname, + buf.st_mode = S_IRWXU | S_IRWXG | S_IRWXO | S_IFDIR; + buf.st_uid = getuid(); + buf.st_gid = getgid(); +- buf.st_mtime = time(NULL); ++ buf.st_mtime = content_clamp_time != -1 ? content_clamp_time : time(NULL); + buf.st_dev = 0; + buf.st_ino = 0; + dir_ent->inode = lookup_inode2(&buf, PSEUDO_FILE_OTHER, 0); +@@ -3110,6 +3115,8 @@ void dir_scan(squashfs_inode *inode, char *pathname, + /* source directory has disappeared? */ + BAD_ERROR("Cannot stat source directory %s because %s\n", + pathname, strerror(errno)); ++ if(content_clamp_time != -1 && buf.st_mtime >= content_clamp_time) ++ buf.st_mtime = content_clamp_time; + dir_ent->inode = lookup_inode(&buf); + } + +@@ -3365,6 +3372,8 @@ struct dir_info *dir_scan1(char *filename, char *subpath, + free_dir_entry(dir_ent); + continue; + } ++ if(content_clamp_time != -1 && buf.st_mtime >= content_clamp_time) ++ buf.st_mtime = content_clamp_time; + + if((buf.st_mode & S_IFMT) != S_IFREG && + (buf.st_mode & S_IFMT) != S_IFDIR && +@@ -3544,7 +3553,7 @@ void dir_scan2(struct dir_info *dir, struct pseudo *pseudo) + buf.st_gid = pseudo_ent->dev->gid; + buf.st_rdev = makedev(pseudo_ent->dev->major, + pseudo_ent->dev->minor); +- buf.st_mtime = time(NULL); ++ buf.st_mtime = content_clamp_time != -1 ? content_clamp_time : time(NULL); + buf.st_ino = pseudo_ino ++; + + if(pseudo_ent->dev->type == 'd') { +@@ -5674,7 +5683,7 @@ printOptions: + "%lu but was found to be: %llu \n", ULONG_MAX, epoch); + EXIT_MKSQUASHFS(); + } +- mkfs_fixed_time = (time_t)epoch; ++ mkfs_fixed_time = content_clamp_time = (time_t)epoch; + } + + /* +-- +2.17.1 + diff --git a/squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-override-timestamps-with.patch b/squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-override-timestamps-with.patch new file mode 100644 index 0000000..89e5b0d --- /dev/null +++ b/squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-override-timestamps-with.patch @@ -0,0 +1,90 @@ +From 0ab12a8585373be2de5129e14d979c62e7a90d82 Mon Sep 17 00:00:00 2001 +From: Chris Lamb +Date: Mon, 21 Nov 2016 09:33:05 +0100 +Subject: [PATCH] If SOURCE_DATE_EPOCH is set, override timestamps with that + value. + +See https://reproducible-builds.org/specs/source-date-epoch/ for more +information about this environment variable. + +Based on a patch by Alexander Couzens posted on +https://sourceforge.net/p/squashfs/mailman/message/34673610/ + +Signed-off-by: Chris Lamb +--- + squashfs-tools/mksquashfs.c | 38 ++++++++++++++++++++++++++++++++++++- + 1 file changed, 37 insertions(+), 1 deletion(-) + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index c2098bd..b49e956 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -137,6 +137,9 @@ unsigned int cache_bytes = 0, cache_size = 0, inode_count = 0; + /* inode lookup table */ + squashfs_inode *inode_lookup_table = NULL; + ++/* override filesystem creation time */ ++time_t mkfs_fixed_time = -1; ++ + /* in memory directory data */ + #define I_COUNT_SIZE 128 + #define DIR_ENTRIES 32 +@@ -5104,6 +5107,9 @@ int main(int argc, char *argv[]) + int total_mem = get_default_phys_mem(); + int progress = TRUE; + int force_progress = FALSE; ++ char *source_date_epoch, *endptr; ++ unsigned long long epoch; ++ + struct file_buffer **fragment = NULL; + + if(argc > 1 && strcmp(argv[1], "-version") == 0) { +@@ -5641,6 +5647,36 @@ printOptions: + } + } + ++ /* if SOURCE_DATE_EPOCH is set, use that timestamp for the mkfs time */ ++ source_date_epoch = getenv("SOURCE_DATE_EPOCH"); ++ if(source_date_epoch) { ++ errno = 0; ++ epoch = strtoull(source_date_epoch, &endptr, 10); ++ if((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0)) ++ || (errno != 0 && epoch == 0)) { ++ ERROR("Environment variable $SOURCE_DATE_EPOCH: " ++ "strtoull: %s\n", strerror(errno)); ++ EXIT_MKSQUASHFS(); ++ } ++ if(endptr == source_date_epoch) { ++ ERROR("Environment variable $SOURCE_DATE_EPOCH: " ++ "No digits were found: %s\n", endptr); ++ EXIT_MKSQUASHFS(); ++ } ++ if(*endptr != '\0') { ++ ERROR("Environment variable $SOURCE_DATE_EPOCH: " ++ "Trailing garbage: %s\n", endptr); ++ EXIT_MKSQUASHFS(); ++ } ++ if(epoch > ULONG_MAX) { ++ ERROR("Environment variable $SOURCE_DATE_EPOCH: " ++ "value must be smaller than or equal to " ++ "%lu but was found to be: %llu \n", ULONG_MAX, epoch); ++ EXIT_MKSQUASHFS(); ++ } ++ mkfs_fixed_time = (time_t)epoch; ++ } ++ + /* + * Some compressors may need the options to be checked for validity + * once all the options have been processed +@@ -5975,7 +6011,7 @@ printOptions: + sBlk.flags = SQUASHFS_MKFLAGS(noI, noD, noF, noX, no_fragments, + always_use_fragments, duplicate_checking, exportable, + no_xattrs, comp_opts); +- sBlk.mkfs_time = time(NULL); ++ sBlk.mkfs_time = mkfs_fixed_time != -1 ? mkfs_fixed_time : time(NULL); + + disable_info(); + +-- +2.17.1 + diff --git a/squashfs-tools/remove-frag_deflator_thread.patch b/squashfs-tools/remove-frag_deflator_thread.patch new file mode 100644 index 0000000..4806e1e --- /dev/null +++ b/squashfs-tools/remove-frag_deflator_thread.patch @@ -0,0 +1,220 @@ +From afc0c76a170bd17cbd29bbec6ae6d2227e398570 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens +Date: Fri, 13 Jan 2017 22:00:37 +0100 +Subject: [PATCH] remove frag_deflator_thread + +frag_deflator_thread compress fragments. +Replace the deflator_thread with a function and +use the function instead of the to_frag queue. +--- + squashfs-tools/info.c | 5 --- + squashfs-tools/mksquashfs.c | 76 +++++++++++++------------------------ + squashfs-tools/mksquashfs.h | 2 +- + squashfs-tools/restore.c | 15 +------- + 4 files changed, 30 insertions(+), 68 deletions(-) + +diff --git a/squashfs-tools/info.c b/squashfs-tools/info.c +index 7968c77..028d578 100644 +--- a/squashfs-tools/info.c ++++ b/squashfs-tools/info.c +@@ -96,11 +96,6 @@ void dump_state() + printf("compressed block queue (deflate thread(s) -> main thread)\n"); + dump_seq_queue(to_main, 0); + +- printf("uncompressed packed fragment queue (main thread -> fragment" +- " deflate thread(s))\n"); +- dump_queue(to_frag); +- +- + printf("locked frag queue (compressed frags waiting while multi-block" + " file is written)\n"); + dump_queue(locked_fragment); +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index cf48e40..cacf14c 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -270,10 +270,10 @@ unsigned int sid_count = 0, suid_count = 0, sguid_count = 0; + struct cache *reader_buffer, *fragment_buffer, *reserve_cache; + struct cache *bwriter_buffer, *fwriter_buffer; + struct queue *to_reader, *to_deflate, *to_writer, *from_writer, +- *to_frag, *locked_fragment, *to_process_frag; ++ *locked_fragment, *to_process_frag; + struct seq_queue *to_main; + pthread_t reader_thread, writer_thread, main_thread; +-pthread_t *deflator_thread, *frag_deflator_thread, *frag_thread; ++pthread_t *deflator_thread, *frag_thread; + pthread_t *restore_thread = NULL; + pthread_mutex_t fragment_mutex = PTHREAD_MUTEX_INITIALIZER; + pthread_mutex_t pos_mutex = PTHREAD_MUTEX_INITIALIZER; +@@ -323,7 +323,7 @@ struct dir_info *scan1_opendir(char *pathname, char *subpath, int depth); + void write_filesystem_tables(struct squashfs_super_block *sBlk, int nopad); + unsigned short get_checksum_mem(char *buff, int bytes); + void check_usable_phys_mem(int total_mem); +- ++void frag_deflator(struct file_buffer *file_buffer); + + void prep_exit() + { +@@ -1540,7 +1540,7 @@ void write_fragment(struct file_buffer *fragment) + pthread_mutex_lock(&fragment_mutex); + fragment_table[fragment->block].unused = 0; + fragments_outstanding ++; +- queue_put(to_frag, fragment); ++ frag_deflator(fragment); + pthread_cleanup_pop(1); + } + +@@ -2412,51 +2412,34 @@ void *deflator(void *arg) + } + + +-void *frag_deflator(void *arg) ++void frag_deflator(struct file_buffer *file_buffer) + { +- void *stream = NULL; +- int res; +- +- res = compressor_init(comp, &stream, block_size, 1); +- if(res) +- BAD_ERROR("frag_deflator:: compressor_init failed\n"); + +- pthread_cleanup_push((void *) pthread_mutex_unlock, &fragment_mutex); +- +- while(1) { +- int c_byte, compressed_size; +- struct file_buffer *file_buffer = queue_get(to_frag); +- struct file_buffer *write_buffer = ++ int c_byte, compressed_size; ++ struct file_buffer *write_buffer = + cache_get(fwriter_buffer, file_buffer->block); + +- c_byte = mangle2(stream, write_buffer->data, file_buffer->data, +- file_buffer->size, block_size, noF, 1); +- compressed_size = SQUASHFS_COMPRESSED_SIZE_BLOCK(c_byte); +- write_buffer->size = compressed_size; +- pthread_mutex_lock(&fragment_mutex); +- if(fragments_locked == FALSE) { +- fragment_table[file_buffer->block].size = c_byte; +- fragment_table[file_buffer->block].start_block = bytes; +- write_buffer->block = bytes; +- bytes += compressed_size; +- fragments_outstanding --; +- pthread_mutex_unlock(&fragment_mutex); +- queue_put(to_writer, write_buffer); +- TRACE("Writing fragment %lld, uncompressed size %d, " +- "compressed size %d\n", file_buffer->block, +- file_buffer->size, compressed_size); +- } else { +- add_pending_fragment(write_buffer, c_byte, +- file_buffer->block); +- pthread_mutex_unlock(&fragment_mutex); +- } +- cache_block_put(file_buffer); ++ c_byte = mangle2(stream, write_buffer->data, file_buffer->data, ++ file_buffer->size, block_size, noF, 1); ++ compressed_size = SQUASHFS_COMPRESSED_SIZE_BLOCK(c_byte); ++ write_buffer->size = compressed_size; ++ if(fragments_locked == FALSE) { ++ fragment_table[file_buffer->block].size = c_byte; ++ fragment_table[file_buffer->block].start_block = bytes; ++ write_buffer->block = bytes; ++ bytes += compressed_size; ++ fragments_outstanding --; ++ queue_put(to_writer, write_buffer); ++ TRACE("Writing fragment %lld, uncompressed size %d, " ++ "compressed size %d\n", file_buffer->block, ++ file_buffer->size, compressed_size); ++ } else { ++ add_pending_fragment(write_buffer, c_byte, ++ file_buffer->block); + } +- +- pthread_cleanup_pop(0); ++ cache_block_put(file_buffer); + } + +- + struct file_buffer *get_file_buffer() + { + struct file_buffer *file_buffer = seq_queue_get(to_main); +@@ -4257,19 +4240,17 @@ void initialise_threads(int readq, int fragq, int bwriteq, int fwriteq, + multiply_overflow(processors * 3, sizeof(pthread_t))) + BAD_ERROR("Processors too large\n"); + +- deflator_thread = malloc(processors * 3 * sizeof(pthread_t)); ++ deflator_thread = malloc(processors * 2 * sizeof(pthread_t)); + if(deflator_thread == NULL) + MEM_ERROR(); + +- frag_deflator_thread = &deflator_thread[processors]; +- frag_thread = &frag_deflator_thread[processors]; ++ frag_thread = &deflator_thread[processors]; + + to_reader = queue_init(1); + to_deflate = queue_init(reader_size); + to_process_frag = queue_init(reader_size); + to_writer = queue_init(bwriter_size + fwriter_size); + from_writer = queue_init(1); +- to_frag = queue_init(fragment_size); + locked_fragment = queue_init(fragment_size); + to_main = seq_queue_init(); + reader_buffer = cache_init(block_size, reader_size, 0, 0); +@@ -4285,9 +4266,6 @@ void initialise_threads(int readq, int fragq, int bwriteq, int fwriteq, + for(i = 0; i < processors; i++) { + if(pthread_create(&deflator_thread[i], NULL, deflator, NULL)) + BAD_ERROR("Failed to create thread\n"); +- if(pthread_create(&frag_deflator_thread[i], NULL, frag_deflator, +- NULL) != 0) +- BAD_ERROR("Failed to create thread\n"); + if(pthread_create(&frag_thread[i], NULL, frag_thrd, + (void *) destination_file) != 0) + BAD_ERROR("Failed to create thread\n"); +diff --git a/squashfs-tools/mksquashfs.h b/squashfs-tools/mksquashfs.h +index 55708a3..dc5bde4 100644 +--- a/squashfs-tools/mksquashfs.h ++++ b/squashfs-tools/mksquashfs.h +@@ -135,7 +135,7 @@ struct append_file { + extern struct cache *reader_buffer, *fragment_buffer, *reserve_cache; + struct cache *bwriter_buffer, *fwriter_buffer; + extern struct queue *to_reader, *to_deflate, *to_writer, *from_writer, +- *to_frag, *locked_fragment, *to_process_frag; ++ *locked_fragment, *to_process_frag; + extern struct append_file **file_mapping; + extern struct seq_queue *to_main; + extern pthread_mutex_t fragment_mutex, dup_mutex; +diff --git a/squashfs-tools/restore.c b/squashfs-tools/restore.c +index 5e336b3..a7aaf2e 100644 +--- a/squashfs-tools/restore.c ++++ b/squashfs-tools/restore.c +@@ -47,8 +47,8 @@ + #define TRUE 1 + + extern pthread_t reader_thread, writer_thread, main_thread; +-extern pthread_t *deflator_thread, *frag_deflator_thread, *frag_thread; +-extern struct queue *to_deflate, *to_writer, *to_frag, *to_process_frag; ++extern pthread_t *deflator_thread, *frag_thread; ++extern struct queue *to_deflate, *to_writer, *to_process_frag; + extern struct seq_queue *to_main; + extern void restorefs(); + extern int processors; +@@ -120,17 +120,6 @@ void *restore_thrd(void *arg) + pthread_cancel(main_thread); + pthread_join(main_thread, NULL); + +- /* then flush the main thread to fragment deflator thread(s) +- * queue. The fragment deflator thread(s) will idle +- */ +- queue_flush(to_frag); +- +- /* now kill the fragment deflator thread(s) */ +- for(i = 0; i < processors; i++) +- pthread_cancel(frag_deflator_thread[i]); +- for(i = 0; i < processors; i++) +- pthread_join(frag_deflator_thread[i], NULL); +- + /* + * then flush the main thread/fragment deflator thread(s) + * to writer thread queue. The writer thread will idle +-- +2.17.1 + diff --git a/squashfs-tools/squashfs-tools.spec b/squashfs-tools/squashfs-tools.spec index ee82ac8..1d0abc8 100644 --- a/squashfs-tools/squashfs-tools.spec +++ b/squashfs-tools/squashfs-tools.spec @@ -25,6 +25,10 @@ Patch2: 2gb.patch Patch3: cve-2015-4645.patch # Update formats to match changes in cve-2015-4645.patch Patch4: local-cve-fix.patch +# Backports from 5.0-rc1 for reproducible builds +Patch5: remove-frag_deflator_thread.patch +Patch6: If-SOURCE_DATE_EPOCH-is-set-override-timestamps-with.patch +Patch7: If-SOURCE_DATE_EPOCH-is-set-also-clamp-content-times.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: zlib-devel BuildRequires: xz-devel @@ -43,6 +47,9 @@ contains the utilities for manipulating squashfs filesystems. %patch2 -p0 %patch3 -p1 %patch4 -p0 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build pushd squashfs-tools