From a19365123f9eb714fe1fa3a48fbab15d6df42591 Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Wed, 24 Feb 2016 15:05:03 -0500 Subject: [PATCH] remove docs directory --- docs/API.md | 801 ------------------------------------------ docs/Model.graffle | Bin 5026 -> 0 bytes docs/Model.md | 70 ---- docs/Model.png | Bin 90102 -> 0 bytes docs/Notifications.md | 129 ------- docs/Run.md | 27 -- docs/Security.md | 55 --- 7 files changed, 1082 deletions(-) delete mode 100644 docs/API.md delete mode 100644 docs/Model.graffle delete mode 100644 docs/Model.md delete mode 100644 docs/Model.png delete mode 100644 docs/Notifications.md delete mode 100644 docs/Run.md delete mode 100644 docs/Security.md diff --git a/docs/API.md b/docs/API.md deleted file mode 100644 index f1434097..00000000 --- a/docs/API.md +++ /dev/null @@ -1,801 +0,0 @@ -# General - -## Fetch API Version - -It returns the versions of the API and the layer processing engine. - - GET /v1/versions - -* The versions are integers. -* The API version number is raised each time there is an structural change. -* The Engine version is increased when the a new layer analysis could find new -relevant data. - -### Example - -``` -curl -s 127.0.0.1:6060/v1/versions | python -m json.tool -``` - -### Response - -``` -HTTP/1.1 200 OK -{ - "APIVersion": "1", - "EngineVersion": "1" -} -``` - -## Fetch Health status - - GET /v1/health - -Returns 200 if essential services are healthy (ie. database) and 503 otherwise. - -This call is also available on the API port + 1, without any security, allowing -external monitoring systems to easily access it. - -### Example - -``` -curl -s 127.0.0.1:6060/v1/health | python -m json.tool -``` - -``` -curl -s 127.0.0.1:6061/ | python -m json.tool -``` - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "database":{ - "IsHealthy":true - }, - "notifier":{ - "IsHealthy":true, - "Details":{ - "QueueSize":0 - } - }, - "updater":{ - "IsHealthy":true, - "Details":{ - "HealthIdentifier":"cf65a8f6-425c-4a9c-87fe-f59ddf75fc87", - "HealthLockOwner":"1e7fce65-ee67-4ca5-b2e9-61e9f5e0d3ed", - "LatestSuccessfulUpdate":"2015-09-30T14:47:47Z", - "ConsecutiveLocalFailures":0 - } - } -} -``` - -### Error Response - -``` -HTTP/1.1 503 Service unavailable -{ - "database":{ - "IsHealthy":false - }, - "notifier":{ - "IsHealthy":true, - "Details":{ - "QueueSize":0 - } - }, - "updater":{ - "IsHealthy":true, - "Details":{ - "HealthIdentifier":"cf65a8f6-425c-4a9c-87fe-f59ddf75fc87", - "HealthLockOwner":"1e7fce65-ee67-4ca5-b2e9-61e9f5e0d3ed", - "LatestSuccessfulUpdate":"2015-09-30T14:47:47Z", - "ConsecutiveLocalFailures":0 - } - } -} -``` - -# Layers - -## Insert a new Layer - -It processes and inserts a new Layer in the database. - - POST /v1/layers - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Layer| -|Path|String|Absolute path or HTTP link pointing to the Layer's tar file| -|ParentID|String|(Optional) Unique ID of the Layer's parent| -|ImageFormat|String|Image format of the Layer ('Docker' or 'ACI')| - -If the Layer has not parent, the ParentID field should be omitted or empty. - -### Example - -``` -curl -s -H "Content-Type: application/json" -X POST -d \ -'{ - "ID": "39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8", - "Path": "https://layers_storage/39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8.tar", - "ParentID": "df2a0347c9d081fa05ecb83669dcae5830c67b0676a6d6358218e55d8a45969c", - "ImageFormat": "Docker" -}' \ -127.0.0.1:6060/v1/layers -``` - -### Success Response - -If the layer has been successfully processed, the version of the engine which processed it is returned. - -``` -HTTP/1.1 201 Created -{ - "Version": "1" -} -``` - -### Error Response - -``` -HTTP/1.1 400 Bad Request -{ - "Message": "Layer 39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8's parent (df2a0347c9d081fa05ecb83669dcae5830c67b0676a6d6358218e55d8a45969c) is unknown." -} -``` - -It could also return a `415 Unsupported Media Type` response with a `Message` if the request content is not valid JSON. - -## Delete a Layer - -It deletes a layer from the database and any child layers that are dependent on the specified layer. - - DELETE /v1/layers/{ID} - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Layer| - -### Example - -``` -curl -s -X DELETE 127.0.0.1:6060/v1/layers/39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8 -``` - -### Success Response - -``` -HTTP/1.1 204 No Content -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` - -////////// - -## Get a Layer's operating system - -It returns the operating system a given Layer. - - GET /v1/layers/{ID}/os - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Layer| - -### Example - - curl -s 127.0.0.1:6060/v1/layers/39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8/os | python -m json.tool - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "OS": "debian:8", -} -``` - -### Error Response -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` - -## Get a Layer's parent - -It returns the parent's ID of a given Layer. -It returns an empty ID string when the layer has no parent. - - GET /v1/layers/{ID}/parent - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Layer| - -### Example - - curl -s 127.0.0.1:6060/v1/layers/39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8/parent | python -m json.tool - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "ID": "df2a0347c9d081fa05ecb83669dcae5830c67b0676a6d6358218e55d8a45969c", -} -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` - -## Get a Layer's package list - -It returns the package list of a given Layer. - - GET /v1/layers/{ID}/packages - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Layer| - -### Example - - curl -s 127.0.0.1:6060/v1/layers/39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8/packages | python -m json.tool - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "Packages": [ - { - "Name": "gcc-4.9", - "OS": "debian:8", - "Version": "4.9.2-10" - }, - [...] - ] -} -``` - -### Error Response -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` - -## Get a Layer's package diff - -It returns the lists of packages a given Layer installs and removes. - - GET /v1/layers/{ID}/packages/diff - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Layer| - -### Example - - curl -s 127.0.0.1:6060/v1/layers/39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8/packages/diff | python -m json.tool - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "InstalledPackages": [ - { - "Name": "gcc-4.9", - "OS": "debian:8", - "Version": "4.9.2-10" - }, - [...] - ], - "RemovedPackages": null -} -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` - -## Get a Layer's vulnerabilities - -It returns the lists of vulnerabilities which affect a given Layer. - - GET /v1/layers/{ID}/vulnerabilities(?minimumPriority=Low) - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Layer| -|minimumPriority|Priority|(Optional) The minimum priority of the returned vulnerabilities. Defaults to High| - -### Example - - curl -s "127.0.0.1:6060/v1/layers/39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8/vulnerabilities?minimumPriority=Negligible" | python -m json.tool - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "Vulnerabilities": [ - { - "ID": "CVE-2014-2583", - "Link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583", - "Priority": "Low", - "Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.", - "CausedByPackage": "pam" - }, - [...] -} -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` - -## Get vulnerabilities that a layer introduces and removes - -It returns the lists of vulnerabilities which are introduced and removed by the given Layer. - - GET /v1/layers/{ID}/vulnerabilities/diff(?minimumPriority=Low) - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Layer| -|minimumPriority|Priority|(Optional) The minimum priority of the returned vulnerabilities| - -### Example - - curl -s "127.0.0.1:6060/v1/layers/39bb80489af75406073b5364c9c326134015140e1f7976a370a8bd446889e6f8/vulnerabilities?minimumPriority=Negligible" | python -m json.tool - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "Adds": [ - { - "ID": "CVE-2014-2583", - "Link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583", - "Priority": "Low", - "Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.", - "CausedByPackage": "pam" - }, - [...] - ], - "Removes": null -} -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` - -## Get a Layers' vulnerabilities (Batch) - -It returns the lists of vulnerabilities which affect the given Layers. - - POST /v1/batch/layers/vulnerabilities(?minimumPriority=Low) - -Counterintuitively, this request is actually a POST to be able to pass a lot of parameters. - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|LayersIDs|Array of strings|Unique IDs of Layers| -|minimumPriority|Priority|(Optional) The minimum priority of the returned vulnerabilities. Defaults to High| - -### Example - -``` -curl -s -H "Content-Type: application/json" -X POST -d \ -'{ - "LayersIDs": [ - "a005304e4e74c1541988d3d1abb170e338c1d45daee7151f8e82f8460634d329", - "f1b10cd842498c23d206ee0cbeaa9de8d2ae09ff3c7af2723a9e337a6965d639" - ] -}' \ -127.0.0.1:6060/v1/batch/layers/vulnerabilities -``` - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "a005304e4e74c1541988d3d1abb170e338c1d45daee7151f8e82f8460634d329": { - "Vulnerabilities": [ - { - "ID": "CVE-2014-2583", - "Link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583", - "Priority": "Low", - "Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.", - "CausedByPackage": "pam" - }, - [...] - ] - }, - [...] -} -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` - -# Vulnerabilities - -## Get a vulnerability's informations - -It returns all known informations about a Vulnerability and its fixes. - - GET /v1/vulnerabilities/{ID} - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Vulnerability| - -### Example - - curl -s 127.0.0.1:6060/v1/vulnerabilities/CVE-2015-0235 | python -m json.tool - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "ID": "CVE-2015-0235", - "Link": "https://security-tracker.debian.org/tracker/CVE-2015-0235", - "Priority": "High", - "Description": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"", - "AffectedPackages": [ - { - "Name": "eglibc", - "OS": "debian:7", - "AllVersions": false, - "BeforeVersion": "2.13-38+deb7u7" - }, - { - "Name": "glibc", - "OS": "debian:8", - "AllVersions": false, - "BeforeVersion": "2.18-1" - }, - { - "Name": "glibc", - "OS": "debian:9", - "AllVersions": false, - "BeforeVersion": "2.18-1" - }, - { - "Name": "glibc", - "OS": "debian:unstable", - "AllVersions": false, - "BeforeVersion": "2.18-1" - }, - { - "Name": "eglibc", - "OS": "debian:6", - "AllVersions": true, - "BeforeVersion": "", - } - ], -} -``` - -The `AffectedPackages` array represents the list of affected packages and provides the first known versions in which the Vulnerability has been fixed - each previous versions may be vulnerable. If `AllVersions` is equal to `true`, no fix exists, thus, all versions may be vulnerable. - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message":"the resource cannot be found" -} -``` - -## Insert a new Vulnerability - -It manually inserts a new Vulnerability. - - POST /v1/vulnerabilities - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Vulnerability| -|Link|String|Link to the Vulnerability tracker| -|Priority|Priority|Priority of the Vulnerability| -|AffectedPackages|Array of Package|Affected packages (Name, OS) and fixed version (or all versions)| - -If no fix exists for a package, `AllVersions` should be set to `true`. - -Valid Priorities are based on [Ubuntu CVE Tracker/README](http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/view/head:/README) - -* **Unknown** is either a security problem that has not been ssigned to a priority yet or a priority that our system did not recognize -* **Negligible** is technically a security problem, but is only theoretical in nature, requires a very special situation, has almost no install base, or does no real damage. These tend not to get backport from upstreams, and will likely not be included in security updates unless there is an easy fix and some other issue causes an update. -* **Low** is a security problem, but is hard to exploit due to environment, requires a user-assisted attack, a small install base, or does very little damage. These tend to be included in security updates only when higher priority issues require an update, or if many low priority issues have built up. -* **Medium** is a real security problem, and is exploitable for many people. Includes network daemon denial of service attacks, cross-site scripting, and gaining user privileges. Updates should be made soon for this priority of issue. -* **High** is a real problem, exploitable for many people in a default installation. Includes serious remote denial of services, local root privilege escalations, or data loss. -* **Critical** is a world-burning problem, exploitable for nearly all people in a default installation of Ubuntu. Includes remote root privilege escalations, or massive data loss. -* **Defcon1** is a **Critical** problem which has been manually highlighted by the team. It requires an immediate attention. - -### Example - -``` -curl -s -H "Content-Type: application/json" -X POST -d \ -'{ - "ID": "CVE-2015-0235", - "Link": "https:security-tracker.debian.org/tracker/CVE-2015-0235", - "Priority": "High", - "Description": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"", - "AffectedPackages": [ - { - "Name": "eglibc", - "OS": "debian:7", - "BeforeVersion": "2.13-38+deb7u7" - }, - { - "Name": "glibc", - "OS": "debian:8", - "BeforeVersion": "2.18-1" - }, - { - "Name": "glibc", - "OS": "debian:9", - "BeforeVersion": "2.18-1" - }, - { - "Name": "glibc", - "OS": "debian:unstable", - "BeforeVersion": "2.18-1" - }, - { - "Name": "eglibc", - "OS": "debian:6", - "AllVersions": true, - "BeforeVersion": "" - } - ] -}' \ -127.0.0.1:6060/v1/vulnerabilities -``` - -### Success Response - - HTTP/1.1 201 Created - -### Error Response - -``` -HTTP/1.1 400 Bad Request -{ - "Message":"Could not insert a vulnerability which has an invalid priority" -} -``` - -It could also return a `415 Unsupported Media Type` response with a `Message` if the request content is not valid JSON. - -## Update a Vulnerability - -It updates an existing Vulnerability. - - PUT /v1/vulnerabilities/{ID} - -The Link, Priority and Description fields can be updated. FixedIn packages are added to the vulnerability. However, as a vulnerability can be fixed by only one package on a given branch (OS, Name): old FixedIn packages, which belong to the same branch as a new added one, will be removed. - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|Link|String|Link to the Vulnerability tracker| -|Priority|Priority|Priority of the Vulnerability| -|FixedIn|Array of Package|Affected packages (Name, OS) and fixed version (or all versions)| - -If no fix exists for a package, `AllVersions` should be set to `true`. - -### Example - - curl -s -H "Content-Type: application/json" -X PUT -d '{"Priority": "Critical" }' 127.0.0.1:6060/v1/vulnerabilities/CVE-2015-0235 - -### Success Response - -``` -HTTP/1.1 204 No content -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message":"the resource cannot be found" -} -``` - -It could also return a `415 Unsupported Media Type` response with a `Message` if the request content is not valid JSON. - -## Delete a Vulnerability - -It deletes an existing Vulnerability. - - DEL /v1/vulnerabilities/{ID} - -Be aware that it does not prevent fetcher's to re-create it. Therefore it is only useful to remove manually inserted vulnerabilities. - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Vulnerability| - -### Example - - curl -s -X DEL 127.0.0.1:6060/v1/vulnerabilities/CVE-2015-0235 - -### Success Response - -``` -HTTP/1.1 204 No content -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message":"the resource cannot be found" -} -``` - -## Get layers introducing a vulnerability - -It gets all the layers (their IDs) that introduce the given vulnerability. - - GET /v1/vulnerabilities/:id/introducing-layers - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Vulnerability| - -### Example - - curl -s -X GET 127.0.0.1:6060/v1/vulnerabilities/CVE-2015-0235/introducing-layers - -### Success Response - -``` -HTTP/1.1 200 -{ - "IntroducingLayers":[ - "fb9cc58bde0c0a8fe53e6fdd23898e45041783f2d7869d939d7364f5777fde6f" - ] -} -``` - -### Error Response - -``` -HTTP/1.1 404 Not Found -{ - "Message":"the resource cannot be found" -} -``` - -## Get layers affected by a vulnerability - -It returns whether the specified Layers are vulnerable to the given Vulnerability or not. - - POST /v1/vulnerabilities/{ID}/affected-layers - -Counterintuitively, this request is actually a POST to be able to pass a lot of parameters. - -### Parameters - -|Name|Type|Description| -|------|-----|-------------| -|ID|String|Unique ID of the Vulnerability| -|LayersIDs|Array of strings|Unique IDs of Layers| - -### Example - -``` -curl -s -H "Content-Type: application/json" -X POST -d \ -'{ - "LayersIDs": [ - "a005304e4e74c1541988d3d1abb170e338c1d45daee7151f8e82f8460634d329", - "f1b10cd842498c23d206ee0cbeaa9de8d2ae09ff3c7af2723a9e337a6965d639" - ] -}' \ -127.0.0.1:6060/v1/vulnerabilities/CVE-2015-0235/affected-layers -``` - -### Success Response - -``` -HTTP/1.1 200 OK -{ - "f1b10cd842498c23d206ee0cbeaa9de8d2ae09ff3c7af2723a9e337a6965d639": { - "Vulnerable": false - }, - "fb9cc58bde0c0a8fe53e6fdd23898e45041783f2d7869d939d7364f5777fde6f": { - "Vulnerable": true - } -} -``` - -### Error Response - -Returned when the Layer or the Vulnerability does not exist. - -``` -HTTP/1.1 404 Not Found -{ - "Message": "the resource cannot be found" -} -``` diff --git a/docs/Model.graffle b/docs/Model.graffle deleted file mode 100644 index 20cfc7a085eaf21d98e7a5460857f424c3d31af4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5026 zcmV;T6J6{diwFP!000030PS6EcbiDE{yg~=y7{uZCpPZ)7jGte9NRO_T<2wCC)vq* z&mJscn+*mHpg5j6xxf835)w!tTSCMHsq!JhqPl4{RZrJbUETfkA78G$&Sxi#+`#|w zF}Bd-j^lTOp6g%!`1sxFPuuG8Kb}2$`acJ+_fLO&bJ*#7ZWMRkynBB9V!!ivduL~_ z-}juIorBYZ&YR;GC#M}#$Ii~-tH+(kS8?3m-PyUhxv}g-%IXH!iD0zzCJg#c7~dY7 z%C=1bs~7hko5zf5pK6Zzw&!-^XODh(`pLO{w%3i_&(5)Z>x3`-p7Z7DPV%j}>H4vA z>4eYF)1C3b)n zTzHOnx|53Jq_M!3GOZ_63aoMxPj|*Ok6JK@gT3B=2T?qEavTnvo$>wWcK1{AM89XA z*1vMQ6S4HCr(%gjG`=@!#h-totq%IS)%g<(%CcYtR7zEb~=)=D4f3~C7p?m3OnlSFmVOQqgWLDzD{lh89XI)+>6nKMcf6sF-{X(N~ zu~9?mlfK*)j)i)c5S$ldkO*9*jGt)Q_FyW472&uIHTI_6tR9V->Tq zLsdKox`S)ej#+D+^d2d6U#h}U0w^WcJ*|_|rZ8#GvFke}rjY)Kz>i<}7r}f@P9#bc z`N;7;JF&r^sX9~3$!S#b-S90Zzb<{Q|b*6W789S=g=d-Q17;E1Ts zS@!~UUL5Rp&i1 zA}mQ}5sF*pDs{6BLQ%2Rp`t#7Dz{px%B(i2srZ0>H|%;P__U&t?5SUOocUMOKYqUSBZN>b&0n`1b9m&Xd@J$4WLcy zyrsU~{bXM{Q+`qqJ@M^p=SiBg`?v1}iiFmdRJj>VEx~817sW6G6ay4%kBfXoEy9^bWT}Y+j<6PZsfh$kG{XeqtMfw} zOtP&GBixc$N=cKPwc!MR!V&nojLfrIU3jPG3nY-0DCeD$;c`i7RnsTuq&hi$-Yf;1*VY=0kX9k*&r$m$ks5jCDD~;V2x^KDOn0^ zgaWX&8rUF@9e}N2U<;yVU=0gxxH<RCBPcM+6FUG)6v!(Xag$RZfFw#Z2)bX zN<|SD76mH0mcYgV*Z|lzl8P#3m}nYd11h>^um;Id0BajeMHOO}m@|6-T(srb1_>X4 zZJWwPr9|W1)_{wy8?ZsX2LRhTb5Yp&dJz;rmABSKIGtPOl30S1(Z~RMUvK8No%45& ztr7z_kYXin2i9t`ZFAyt0GVpF&w(`f9N=>_>vOn0@Hy)8If$<0bRbpP>EMKqCP%Tn z|GbTfuo1M@*V{nfjgK+c@2T0_ph(ubR!`|vsW{KO8rj9-0BeA$3j+nDGHV!T zVJEENzU(QOz*tx6fSIZ{MM8}fWkfZBJFLbX7y<48+~MK51Lwr_D@K@(jy@)O95e#@ z(02NO6`aBb^a1F@TG0p0MFskRxvWYbBs1&*3C=l1R5GQLEdUsrp9IBlGNe$W#{x;F zr4n~g4_N=%=JlVf&J`KSZu|wkAyaEJfMHZ-7)9Iwh5-!Y0T_nqAWO`cHLUPnE1tn& zhg0Agu)1R7IR>lBG0G^z0&BfDm1%6?wHnt5 z;2Pjsv$z&S5NfF{)H0v!-U$P^YN&;3d|&irskjWJpS3yt3`@u|`8EcMR*!{(fr5e7 znjp%AOtVZhnu>+Owinf7p;)(h+Y3dKGvb!o_JVMx5m{>63y!cBc&TkKFwqPX*!E%p zk`EIb^%*ndd&9)W>JuA5-|?f!Yj}Etat>3UwIhTCgaCwC86gJe13w<@VrC)M^eT0P z(vT2G!qS{#0;!qppDNI>6FQ21^UtjcBms84wM&e_W&OA1iGn#VQ|hi4oT6go`AW;AAv3 z%-sP}rPDKl$!s8j_0DUv-kDNJ!oAN#c_kAS4`iZ9QZP|4(akndT**Yq!S4iEtlu`)#b>+COz|NHw{K*w1Y=YoATRtrYZHt(y!m)TNdnY}cY*hB-v?ius_ ze#u8GC@4<$2d9XM^t40{CoZ))Jx{_43dqiDI6E(Nu7l4`)X=I|BCRr9W3V)=)wl*( z$AD{1XC3=dYo1erH!3=P2-EfWp&H>JC1kP>P@&R6D37(*p7Y`(H%tem`#*89M z$xS&2WAhddFb1o8?(QLhs+ecxW26?bxSTX6>2xcTDt{s&Sm?S~==|ZKN&LH%yYXc#;e@ zsl3-btL#z9(Zgh!5P~h3#D+AJMOR`fZh@O!vzyIek4kW}S9i1VF19H6*WZbMy~;ri zlvqnljct^Jy?HZZh2sRkK5Ma0zPf`A_6hd+jL}*hY@~Kw_A^aN*;k3dKPAdoACC2v-%F7M- z5O{BK;GJTy&u?L$tOgew>=W#hk{VrXsZ^>hFf&%4i%nr>3}(h2KI|v_U2k~Xb#veGW7u%Lu7D(FszOAPRE|hWCM|*l=bR!cnbI^F9}KC#H(8%BYMGG) zD+wXV^$AI0ChH7i=<&2a)@q_H#`7Q)JdYN89vD0i@H`s!Jc04UBJszPpfo_9jwa@zTEZop>4f$XLY5mE*)S$~@8ZmqE|HFnE!) z`XKkF$CVO<`8FooNOlO_C1{t+&Xc6)3eOr=l(WC|_OAoSk6pj>((YajW(&Ov;wA9l zb?BP9raCwa-W9CeNE>xoxbg&Ro||{{DOx}_G0*u%^XlYz5XZswOFJ|z$aEp+Tc`D1 zc!3>Hn{;~3@U;165HxziQ4qR+1b%|^<{2|eSA0-6=p_JM@}TE?@gKdTU%cNwVC4Ms zx%ctKQLx8;eg5lX~jMf*ysFGi}yE``8JHh_T# zArVmuDY4a&dOEqkt0@c(-(6Z^uI;*)2KRp5wCqGvFSM@ z{9D5vU;Eze{l@+_xY_gEOMd~!!ib*q?XD?25gwvG6&d`Gynchor*2%trG4A~Y)4Zr z!KlQwab<_ixHf7v@}u^;vHQ7D!}P$P6;6g_+wVF{mVM{DzYm;@&)o6r-$l-$f%@>S zZhv3y(iPGBgXh$$rv^Uhkv ziP2VvB@`GN-`((H#OX8*PG9YGtABVJhXZG4>i*k-myMGJ0rPs!?fY(jaC>>LX3~$S zxSsU^XP%RY sytfU5ib|27B;r+K8$XoPUiMWUhYFaHefB+LB+nlGKWrddAnwiq0APy2RR910 diff --git a/docs/Model.md b/docs/Model.md deleted file mode 100644 index 9ed52460..00000000 --- a/docs/Model.md +++ /dev/null @@ -1,70 +0,0 @@ -# Legend - -> outbound edges - <- inbound edges - -# Layer - - Key: "layer:" + Hash(id) - - -> is = "layer" - -> id - -> parent (my ancestor is) - - -> os - -> adds* - -> removes* - -> engineVersion - - <- parent* (is ancestor of) - -# Package - - Key: "package:" + Hash(os + ":" + name + ":" + version) - - -> is = "package" - -> os - -> name - -> version - -> nextVersion - - <- nextVersion - <- adds* - <- removes* - <- fixed_in* - -Packages are organized in linked lists : there is one linked list for one os/name couple. Each linked list has a tail and a head with special versions. - -# Vulnerability - - Key: "vulnerability:" + Hash(name) - - -> is = "vulnerability" - -> name - -> priority - -> link - -> fixed_in* - -# Notification - - Key: "notification:" + random uuid - - -> is = "notification" - -> type - -> data - -> isSent - -# Flag - - Key: "flag:" + name - - -> value - -# Lock - - Key: name - - -> locked = "locked" - -> locked_until (timestamp) - -> locked_by - -A lock can be used to lock a specific graph node by using the node Key as the lock name. diff --git a/docs/Model.png b/docs/Model.png deleted file mode 100644 index acc05caf4ff7c5bbd1e9138a3d04712b8ec3472d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 90102 zcmeFZXE@yLyEe)gj6Pa)Mv30L(MFd!gW(5)B7v&dZk;8{TATn;2*3hTQs{eLJ|0T;}3x~Tv1q8gjy!gFD_?_Ks1caod zqyz+o1%!q9&@K4feVpKC-h58(tp5!1pK+9}+%4SfT;O)jPLSJi&CH!W;Ib?%w-f!> z*FWoo+gbnjOiu3qiiH+X;PxE>A$~!D{~8?|HQ!L8iTo#AG;tCJJ{xA*^hi~r|XPu%RR&{E&^7W%jM|9tju zdl`XS!T-lb{Iknc~U$Y|o0|Ntw@jzMOnK$NEE^Y>e?(A!6jVHu{ zA+dxsKp~44l!6sfYaTs0?jtc~ULHms&#$IDhG!_<DYf?tvDV@B_|4erL?9g4^>sN*W|NqzjhaGT$A?(9MON67PKr&3+wi#}6 zSRZ4)MMRu|N`y(ln4~V`Ax`}c@@39l4ICx4Rwa8s6FjmZMaWowwRE#H2V1?c-=;4J z29`M%yGq7RxJPupYl+&AOu_CttK)O9mpl{OOsbGjZJ>~+dc{S;|k+%``RG1J`ozmajzoI-} z6a?{G*6pOy4q%fCy_h2S65_vNXea5g%^0ui&FU!3F{yr>S`;>e>v}NNpjIpp01Jv5 z6WV=jhk|JsSXaG{jbSLI82Y+Sm!};uY4&NUKe|)ft&>$0LwL|kPcm-*&>k5Ch>HwO zG>oI%cI!8_)Yz!ueLd|G_j}~*NQ<9hC_7jF<%tM|-{ookrseJUFu*pXs69H5Ha^6+ zLSoRTs0w)jgB#7135;Xb0AeaR>gPWMQ>SSFD>O`b*qltFj+l%1yASf#TpFey*uEqg zJF#wJEs}1DwGSH?=4|Dkpu0&|+ES+{sO9grV_+l4^=Iz zRZR*_{=|QNz9_SKT@EoesXZZ{wBQ>PcgY%$mGCYqpo{krSA0hxX_5DuoS+R%k&r}A z$DRwh=jqT*&4F9mgOUIfNWWsCaGsui#tuM>VaI{kcW{oPR7%UYkG9}6i@=J1Ez?$TcfieW}{Fd*%!;wSCun4F+Pw)~{NGK%GrVlqvsQ#BHujG7oC^kUwL5oDKKJ>2jwk%5!o<8&?8wZ4 zpB2+r>PZCS>)#3vE;2-M;ogGdRt^q~pdVPZiZ#T(?{~0I0McX20>`vPsao$X$IWtyQ`3ARULMX*jj1l2E9hW`wtlnf0FU{gY;DC3 zu?_{+L7cf8FgV&CLMX`l6;JyVZg6WA>H)r_P;&DyHlwuYsOjl*0#QtJno~JAlFq0Hefh1o)EZd&Kt9YV)HB?Y4_rWXjTx1C^}K+fFeFhow!@*K;F9hI zUI!Kf{vI$TIv5lMYsIUn^T6sJobrxhAkg!Q-wGD3Qwo>(LsifLkxnagsL3N7Q_#cw zfy)4(gy{(iTlK8GT4#+a8gYvJHj|-xCm$R6`s>}l5$kLgvWITAhMY!m49edt#-v<; z-RGC)>pD>$YZz?gAH>P<)-;Iwgp z(koJBj_*e(esJz{y_%P7%NXlBV71l&tXxdjPZc3B@e&S26Bt@CLt7Q~BucW0CS1XE z6_r1+2UD z6I1@cR9};4_I%iZ#{e{VUl(3{OD9>(h!HUKom?LH^9%Gni#Fq7$x}aLrldyGOQ=1%J`bG5^WG~R0aT_Zx!aL3dH45%0_Joj~ z;WXf%Q;CAyDr@Tkag^0&)KJ=B=PFN8as3%XgenDz10GuU(VAjO&Z!&>_upmzN~(;V zNbc~&(i~ruarXN=8g8}L^|F`vKd{GK?bL=8-aUzASA^>^;(Q1t1__haKroH7`;_Pv z4k!;fI0@>CYP*)?Y_Sg|C$Q0KWeECZ#^GsP86jy~$nXnjaTR$~FaS2$fsltZkxi3G z2NLX&BHfvxHruxF*q=Cjp~jIfPx@~d`w!vk?zW&`6f6CB(BbKV4vMErK=7@FJYcR7 zQ2Y?g7!GB-uWXO~b^onw#Ulvx{rY@uXl=-#HUsaJbLi}TznbB(!ZR+3Je_u`AiP=y z9<-1(#F(D_fmn}2J?k~=$TT1DE1nW4NA^`};hpVRr;* z?H>Zr1HjpTV2+tJ1sP)1js^CpZ`wx5T5g#Mk56w7jp>gnGLWmQ^Bq67?m2;kH+uj! zq8GkL%F`bW$MoxhMz`y`9tq!j#SIt+w_t4Qr?*ir2XsgGihu0_tC^5^nd4+~h)YWTI#lWBOAs)Q zXy=bq{f8`V`7p)Pu5km1T-nOAV~bi@v^bK5Wy$vV!%l6Vy-RZ_ohesGZA7zkTL-ERcNmeuX>zq2~&x<{ocSXqtlhU2+lxX`_$&fYt z4XL#-9nvUfL@7;PD7zw-#iZ2H4s$=X$(~2yxUhaOVeOu4_PFppwZQ8rNBwE3Njh3w zEJqeJf%*dEw)RQ8M{pLvKWzP9x)X`A4QGA^?bS-OJ?B~Oz?sXVY`kjBC|!wDEv4zo zAsG&l^bK!fJ^Uu%{`q<<9M3P!E?sF&NkFNB+NI4QYAJERf8C|*llMutuU_%8Se|?P z^C<2q7q}Imt=LYZ=zRS6Ahb66ZAZd4En6)01)kT7qcM(N{#RT8j45 z9LCI^5^lVl;JtqOY7*$sLU0bWwSo&tUx~cv-G1z7+Pu2OWf3tQ>{9L+7Ap`r@#goW z2<+@$$RxQpeVYu%nc?U1qGL(IPX>S^b)BlyD3%?AN`|Fl@bM=p?zo#sA83OuJS%{B zj7!yKn!QY-LE=!>a#|3n@#@r_sl=XHFYP4sw?a@vOd$zmL5HB=_wo;hO{S0+_9Pa# zdSCYq+lrc~FiCC6Lyo8IWxKtoKYiElt*=P<>+ixtu<9p*2~E1e#1^EBfm9+X`qa}BHwW7U4+AzrKP zF#Qba(yd?7LtJS>*7!vgxu$&O{7PJWp`^*)?(F+?@R})iW^)QoB^9Owc#(C=0prJJ z1hOfy@4bEyZ8ve)yL(OFU)hi^Zi21}axq*d8n>nrHfqVM9*P2MsuKVri2`#0lUhO3Ku;xt% zygQ(ZpDq0`leX;m>T_D!lo^(|o@8rWQSU7@4RC0MLaHP6mlD=|p9JDpP%THQf0G6? zoCu$g391GLS&;%uSs3)Z{e3CEeQDLIgZ6_{kk&wbrZv_f{~ZAa)jE@Whjv_uzD;B9 z71LAya+RmUCm%b^lNubt;Jo4HY83ixJ`W?%_%#4r*PwB7qt!R44Ay*oDtxw6;0~$Z z#$_{&q+kmzLh32{ODGz~5w)K%AIGOFZ5G%=X#FD2%2*wx%gElbexzTvRn**&v9NFz zR$f`jkhl>(*&Joapk~!J?!Ck&+RS>B9^ckQ*JQu>%V*2`fuYxAAX>g*vKC5vrdOVC zCaNuG-1!bM4?%E{Wz!z^C@%-Wux8Y!_oY6gFe1@rK=o`Um10`?YNv6%otvC;#< zNQAobMU|AcGbvAQ^Qh`Z9p7Zh4aw&B%M9I}L$zG}SpSORC*}%l?OvFQk|eYQ_g7rA z!^tPWh~|vHc@+qXc(m9SAeV_RullzbyVa5+9u<`tho3!pcbzSEA))MVfzM)t9Ufn% z94oQW19qO)DV!>>Eu~T08V(HwGZ;m5L}$KQ=U6x6WGtPTnT}r@7}Ij!V~ji^C{*5p zY+V|#VA`6X?T{U>reeBipmD=MA#z4JYU-ScIgQVH>St2836xZF(BQWm;H+O*Iw_R0Kx1-1r2AL;R&4 z(oLCY6Qt*wl^fO24jPzO3qI;R0^{Oj+O<3LiHTr7?hfEgYkoz+$b+(`$S`1UCf^^kt!_m3w~ar;!qax#tT7}=Lv*soK%Sl` zfJBzCF%l^*w>S3DGjv9?UXjhaa%O^;UVbJqN#i!v@D8sA(<(Iv1u0&|Ed$OnK0FkX z2PW0HQatD8{?=+E7G&!^D%|$G{*2;PC1^SUqneB7d#bad@AU3cGK*N^OfNA`sIkn`cU6BH0}aGJGDG9mbR@!`t&x6t*WQAH)Oy@0 z0L=Qcu}6(;`i&)}MeFbP5TQ3<>*uy^_+LF06I*ShmN>ad^jHy$u4&SGLh-_F7`_Cp zlu#<+as9uENyq@8_mjUsD}_dOtNbIu`1Q^T=Ii5(drBlQ>(Akz1-=QQl{o?93YY$D zbj;d1{^>RT-hr>+H?8P1Jh1faa|LUfoe!0*&Ka`bVmqGA!KAE7>%H6Cm;=Un^HlFY zL2L6B(7PxTdpq;GtT}2A=h6?)mui_c>zTM^6GIG8@bN&?4k={FYGw!Tu!|)gYH)R- z`vUEmBw}F3FIW|YCD>)z?LhXOi14PvH+Zysx`ISFc#{pphtMiH^3l2AN(1Q&cHIHL z-xRvJZ`ssE_+YpABY$^|)g(J&$`u(Nk(GnQj0!S+M*G_$?AcgdY1~1U zGXR%JBrL6Gg%A?Z#oTGDdlxR(0`q!9hb*W{&g7k;QwsjonT6HkIT6$A#0Y@iy^`K4 z^{+PxV4SWeskLiwh{k$jJ6?|}Mv69(4NZ@a6z=ROkSG%JO!}IBQRbwKAI2j68(B;G z=QBDG`wEoIIwj{!wR$2GZJB$e7-dBytsWm@9Dx*fJ40+Ka|VusWWqAyw2e#de+?zQ z!L;L!KvpFifaC1nru>20%Rr>aQceWq>X6!*?U6O@B`ZjcdaK+ceK4I3dt+IPSMOy^ z*^Tvxadf|ls0e0^Ay66d4Y;4w+Jhoa)3ov>SL-9=i3-v*Yk>FGo``4a1tUhndKDl4 z2;=XC#{Z(l6SKbgs`z(w!BHF{NhX9r)2k^AZIo2bBU-Ser5p372;TXac*~plhy~Ew zDN#BGYZ~bXdWw&jjdw;Bc-xQ-I^eTXYj&7xwq|fH>;M9dw#>#unYsP_{W;5>ImEbM zWXPfOCsL!x!jJzMCSSN`II=;O^o+hAd105mKl<=00Y&OKJC`ZF=i{ySu*u8%IE4od z!)&CIgiE`s%D7ouQzx74`Q~7Hqdf+S?Zk(ogZ!XHxpnL^q0*U2{gJ#@uY%qj>-N1V zg&)ja)FXktOd8c8PQmM*0b8(V#8_;pO~n4?CZ4snv*SRbVK_AM51`zgTOCKLGscpCoIgf}>tfwzOXe)K`_ z4JDl2@==j{6y@bQ{%1asx5dit)60Ah@E?7N3I<7LBUbts$`iMJHQxH`k0^S-DP(*= z++4eu*QXf2^{`1yd{&A)DK-oT=ByAWHSBAC_KI`1cXh@h$K(4CXyVbgf*&X7K_ zN5pMN_JI{epx{1%k-J`J@>%~h5f%l*3c(dx-NXa%bL?~c%0Kzl$-h>xb@MP7%XM9A zK@Aqj>>?dFgXw7B2KtbX>Cx!HPxj=J1Qe?D>WA?OLE9p-9=y&SbGQCJ!?`vn=<(7m44Z7j(;u>ijQsH0zi2C3e#J#BVN1>Yppo#|dH6 zP7CI1l+K8Q+*#p*w=u4|YzR4Nk7CqReRkZ@FK0+xo#%l;jnzWO=>K_3zJ5%FZM8bQjgWXB-zna9<=XS-c1*-&`iv~= z*oHhqP#SDbO#pr>qsG^cw`U~d#K5(@t5mTS4SNBakJjfdxEd$R{**+)dOn8oN;F6~ zcBi1?`Ec|4t+r<$beLGNh5o*^E#Ge+f9KG5al|ru5&hjYOoAd9%WdCcuS(7H<^l-D z#wPWoF{Hnld21MAp>7>9JW@%p-@%IooyiFl0Xx zg6i(!5q`Z_4}reO4IDXCVdPMvPnjTgtME`ASqLeCIRK%dMoe{(OSoXRkG zcXeo01U`ggI*+#%@{mce zY3bw-@TQ`Kf~K8h{dJcwc&;CwH>6x323+SYD)M0N=D5rehebO=;`vv|No^G6`YBZf z&K=f?`th)pNPewo+KRz>x&cOar1SxTA`j`rs0_KrawM1;UN87WeNMW(f=jPrrE7t; z!)$xMTifKl7Bo(?7E??0EsK?Rq=E%=yrl>|JR=p2+4@lkO!XlzR4I6Edja$(TxOS4 z8Y=xaWL8O-)RrgY@AMv56vM*=rLBUx?An6^8C%+JPa(DWxhtsJJxg}7f`cOhTW;l` zM;LYWV_bpE-NX*YYd;`UG$bs{HDk)Pm^~3GMzM?|N(If#dKlN(wTh6tY!@6XNDJB0 zHQ)KA&S?;z`s{rWE)dzrtv?XJXkHp^u{{{j@Y6d@( z!Ubl6^fNGq`g95(pk&r*%Lwa|<6!0{5&E8P&+MhpsU%BMQ?<$OsF$|FaP|~DgBcuF zR}v+Ah%sHe>ef>##iv%{5X8us5K4HR*p{bXQa1Se6~#B7VnGyyUWO0>+K0sXtJS znutWy9bNR{AvML`@{Z~_YhS8q_q}&6(!lx*6@{T%LCV@aPJ%f>+%glJf>7@M%fltuRi7rYF)d;S}&8xSj z9`D`^cf^_0ow4>NdUqhrH>Li9MZx;1qr>Gk*7lsBRp&yaH4JX7?LdK3Xld{qsEo_d z)62B7LlA%$Ko|gcd{?btF~tR}suycV5F=!U#1~Rxg;R9&I3*O?qkBK%4C#L=?s`ou zp-D96Y8gJ@;)nKaA|&pa`wR@43lG@>ZDOogCuIx6n8gYG6h!OHtfom^Ii+@Jehr^} zKvALS`xlL(&n#)iyD!LRbmm|eN<7SUYqD>Y4ra>I&_*bk4CAU31DMY!)#g~Q_(Qwv zGOS333SMv;^qxx%(Wl7=6qun*qgFe#pXY_1-I6H}cs*WucR_~+0}hSHWL1XE%y2yQ z%8SLTuqmaw3LqxU6ljOe52nOCnHmS(1R`+@8!~lrtZNb8?!UimlhB}=zg{Xv;by$n z(Rt0lL!gqVjdFcO;mIK6OyM~e_aKkgL`f$22(7$mPbvpiz$0vyQkavbr0PR$r0OPz zQENUBV*$s0dt<<5DP=crYJkI0Zx*qr(a0E;TXY;B+7$VbS$I#$(vAL*e}vj54iW>UgX^t)K(d@)lu*nAP%He3EZc(B!^Jx}VvF2Uoq0^%E(D zd#X%@yxaMbsc$o18uvk)W0|vQx)oeanhBbIjj@@0SnGgAGX-QYEQh2Wi9ja(;@lTn zaANIrayR|wzqL5mT-(owd3R`p%0*IF+5LW2YG45qsY!fIPvRmq@yx7mI~L1cBM$2` z;b!dD_@TQx6S_Rcjv&s&kBUQ7P*YS8ekRVPu9wOCe1E#%wm;2W?mVx@NADX~ui1Q& z`Hn$EQS8RJIx+0l%NBhU9DnUrcE1lM-c&fg!09e2hK?TJiqXo@cHmRr#n&!^m;(Eg z49fvw#G*xkw1&=BHdU^pf`6%cZ@!~Nlz4kqj2(K5{%F@JDp(AZ6K~n#Gx6rE)@khZfft_DUn4=P~TF0h`dbRuM z9jzrt)|I8fw|VNQ;AGItNMudU3aco3Ss}wfxgH1btl0s}F#6qKgaUYn?vJ`BVgsQ{ zk}tOAN9*Yc3rxYjEkUc}V#?+9yCoAB1r@U@zUldbk9Y(Axq=X|sCx=y97S`}ZJnAn zBtMb4)9^RA)Jo%wGz18OBRc(!0J+u)Y~XlLN=yziZ`{mfX<-4l`S1C((xrYuIvL(A zMi0Z^spu>YI#0_QVpz+Rs|>$a88R<=ZtC@`8Q_btEFDN3@dwh`r`BN?e9KlY6d{#K zbWo)J!soTJ94---MCuTpnl@L*-GIlL(b%OODhMIq>DwS^iqFrCjf|I{Bw25i7S6m$ zNjRCxqXP;>?%gp53}_D8#p2?X;PRBA$B_DQTDN5g`JEdt+_f%9kGE~ji+XlzIrPel za=%_PVDawEfVl76d&be1utg7rT7J0bEm-e*kKh7VIzGdBNysQJ$QGvJ&AciC z>Wfm|+!pp;fVQIbPrn%!z3Uec?aWNe7=9C;P!xzA0Q3+SpouZKo#xxa;9P8a75kJE z2cS{nBn2nBlEjYL*%ezfbX$}bn$-CC^!{yySnWK{J}j62q*N9=M$itZsiZzeB+ocK zntZPnKz2(VHe`!_ZLy@Sy+lbxBsu4{ET3a_@r>|%nD2C?*V+hwX)*$jABO*HxXG*2WG)RGB1WW7SyxJRfwzxF$*o8o_SpjWpTOtQ&!$e_Ca z&w>>oR7upUR);A?BqNX20N<$97?*wNv#@K`4DLK3C)QnJVS1xUcjJWFmTg|GKnuLx zA6E2MOn#2L@7JF9IaS=SED8h05)SF6K+-0}o;0{>md#XdX7t_bT)EZ~k}Q#f;kOpS zmJc%l4rp6%2?;aK2$eK*$V0~!=ShV|BN)ThWs>hSdk)l~7E!d>-z%dwb(ueB%K4cE ztWrRK(5PkMQHcAlX}ki|5{IFdOmh-5y;15JmSolpEQNIN{xS}&qx&jHKP~|Y1et1d z2|q@k1^U&*22*=_xch1WJm>f+y7Fdk?~z=@K%RML_o3A-vOxe&YzShq_$EHP{&wx> z#EUlj8d5P1pisnFrcT9%lre+*> zG*4>FfXR`X>;L7318j2ov%`bBq48E^$-Lm?LBBpGUMs;$Al$K-vYDlx6w`=K9IC&^ zri&}e_;6PBpJgtl)E#J9+DpO7yB7riK>Fz4xlb0*Ifc}O?j`mB0Rp`r^rx;L?O z6|{g@x?m8UmPIS&bjQ{&)^ifYgTfz>fAM1lxMjQ`k;lVF`M>n62dbJm>InR0iuM>4 zYdiU!>d7yS%StB?6M((Wt}m9lHDz#!DrovsyEB{g3pRiuSiRV|*xrI5<(w7pnH1Hy zM~CljL&mlEPNxcs_Oa3ddOI~a5GP(9b}Y%PweuUA^#nuk$z+4e+{b$IUujkrI+JkKj6@Xn4|7ViN*O0=!2^W<0FU!3&SwwJQ=J0W%14(NIy zAZ3l|rP1|iNEJ1A>qLoy{y|XCWgbSZ8pSq^E$IY7D=ieu?cH{yMgTzo$=;RKuoSY& zR(~`BtELX&l|SZfk_q|_6M;l<-JNwCSgT`(U+v+Bh6JX>Mi zg6r3MN}r+8LO%?K%Vr_4&Rs^f%vrAn;V{6+Jd^GwwdPQoQaIAm@g&pR-FvJ@<{5kr zo6q+oIfPCywi3C~@>o8&C0tXqMAD~=-1ZNc7bASNpTfAnQ{X#^G(}b%bTMrb|3S57 z4irN+|7&sO?R}kz_8&GE%vkg^lT@^TxR4jZ@eM^vu|?nRDN!kuD)>{v#Jb0<;aRdI z3^@O|+)lt}&P{WqI=fFnaMx!tBdm+97ZK#S*4&FZUS`~C=yUkMfkZrQaF4o3b~9EZd!|6|HOKxGRK&8#Jd zC2xY0H&r&w%e-?QAUsZpIH1GN5K;%r&#KS{`t*@0W@vTrh(lBfhEDv)y81??Ws?a0 zh~w~Utj1n%`Djo2Zy(eRv0RlI8C-f$MyMd>_9-w%FjS4V~fQw;@LbboKUmQG5&ZQ#wD(Kx#x0eay64og$OZ4xG_%^t_=JxO&1GUht@ch}RuL*E#A zR74J0u*nOiZocyZwqTGX-+J9aKWP^|+FS+5f^Sk4kqy1`>N{6JtF!1x&+(%bzQuPU zAHVWvMf_H|EnUa~^f;x5k|tbH7g~oFsi)bAd$QIlap5oy11fb^ByC8M3i=G2Si#O6 zGx)0=+l$;^svrgSU6hdqnXxPd7pfG562l*B+{efCjL`$WRY7dk9RMwh$(9MuI|c?* zzLMT@5$P!dX8q8`&->~G$_N%TlIj0~anhu*q6cz|WUB>k1he-(@k6V9OLDM*m5rQ> zJkeg#<@S8E@uz#YAksi4Sl<4`o}Dri)DRL}6(8(gcQ}85|Gi)wa6Z&WZ<++|>>-JWgE}lq4EAtfUmPBK~2KUZ*Hct;bAetQ2m?Ww6dQk(=Do*eD(gVie2}@IPBunU%_;sD?0t&2+jF6Yb2&3=WkaDcxWC4~?{h`h!RXA^ zm2Q-onslR+CT|lvy3$5Jcl6*XQVO(Y7PTWlmsKoC8GB1CQLs5sS=GF_)9lb0`Zy$S zsCgnCSxqW#=hn9^!-Y9l_Aog!M_jr{Yr-AU}s z;Qg1cTXm2enaGGq4S*QAT& zDF~+5hj&2c;Kka#ap3y5Xc#RI`t|lna6-3NFjPUOuoIm`Yt*_$^*KBW00PR1^-XN) zxc*DW83|;w3(#3nblHjUOj2)g50KQSj{y=0`)Ar;E+BP{oh|K*T09A%6F(76I$Obm zm74Vc`kaosE1y1GRu9|=7l_D}RCXQK*>_v&dy_cjuU`F;`0dlN0Oe(3s;CYW`i0jK z7mzl)RKOi~$5ucMgSK?0X5Z3EVv~)7TE=PdqJynugM<`4J>3eD2>TN? z&Vy{cXrlVkLQhmQO6EU0CkOZx^~x)jMNXUokKrj()pmH_e!0Q(kzH%b382KYsql~c zyS9O{e+HAsFnsZHSsXC|)#5@3%zzXob>R;Al6k%Lxl2L3!bo%N{RfOE z#T1sQzyp!Fsp_tAPP$j8%7a;mOEH~;z^Y63X7&c5Q2Py)1|lcSjECi4(brrmBo~K1 z;pL6gKXPl+J>r{t@3|T8SIsrD{bKFNwPq$w&!~Ap-l8X6rT)2Qzfp^|Z{g3)e0{o) zorHz~ZL4YL9Jg**Jd0LhYSM|dwr8Z{bwigCWoF2Hi&|Qvvf0Rojr~tpIVvGpiJis*RHIXrPb{$>bmN?wm zjU=)i9Bjf?wS*hB66M zoQE)NA3gP)7df6Qx(pvw$c?BT9_5d2`)h0_5HyK zjy4aWmL9vbxX?e7>TGUiKkJO9cIIxjtb8)J4aFS9V*xJyJ?q5e+^XpX&*M69{0EM5 zCYL5BZ?(?U2S8(c$h+~p$?&Q$tm|9V}C8?@BT{|nFf-}RlnUlz&+sbl3S(c3pT z3|P5@0hs>=P2ZFd3H#U33D;_Ffd!}Wz^f4>;!=YeG3{{!L94yC`zFHyoxEfp@{8kt zPol<~?s2%ts6M-{gtRr7ehyr#nEv=9G0vC?H>bxY`_JTA-|&UW%*6ejG)r%+(RU0! zJjcIQhS8x9ALeIymo$mx4zG(U+{&4vwdmAJpMXaWCC{B-zCD}C>3g(Rm6!9n6ocgJ zd35bu#@SCI&H9nd&MlI*#<|w3s7{+I?tz~%J6!hl-?1gmI;*@t!1vLcxD?D787yb( zZaS-d3kVe|5Ue6sj+AtVx$QD$iIN5mcyC=b{?D_Gg(_-SaeC0HTTtg#J_9=IYyTe~ z*%#E%7iqk(kvLW4pO2R4&&!Es_9WX)C69$@0%JY~iJPDvQs?y?EzUzlmL)qAQo$q` zdyZAYO6@QCzdtS}#0vg|Z44(S`)p;+^cOy))-LC}JvS9r?N8jm55h6;u zyE1kagnMbwm)|}vd+=iJ%eR-bYtJ+}y)Djv{9s+!#V*v^9r)e!c&+uPd~(Lfv<}mh zR;(ahvr@B?KQ2kDzk!prcDZW0SelIYGgj*Owp#l!M3zD7$_N@5s=8M4E%OxH%@^s*E`d3wfH#TVT9fnsa>1)>Jm

v6zwi{mp zc^?)iS*!j{cVTgsb}PN$fl?f5oaS1B1Y(mebr}x)aBXzsKZA&@LT-HQr0Jjto zZ^qv0ym4Qq#QRld*DR)v6Vwl~n`Trpe%HX!f6a_GgnJ=6ZuPT9 z!ftDRJSeHeG*LJwXSIqFxBbld49}9JG*uG&_76L|fnb(9kH(LjQ)Qng;zX*$ty+%t zIh!<(kHNN57?jvhBJj&lU&H8zaCu2!*P&%!;jS`71?UF;JIkDVQZDa+`tGf(;+Bo< z@iE%mb=p4Cxz`z>_rR&tt2|6M&4sWy>V2pOI7B1pug+z`6tYl^S_ z$xM}hv;K=X6aIy^lm6698mSw_?hhX_OT^S-?hJtU31ZYMV<`!_t6*r-D){|_701Ee z+|OFbR$Q#&OV+0h`Cq9*ltGIO)}x+0v|7Hi{3J*XwjA%{o^%QOgt@ai0N>6rmylcn3t1`Hn$*v@#9dvPK!;Amy-U@Xbf z0;z8S51p;v-LSrEvFMs^zxVBi5tp!C(lH@?&$Xc_a=roM=SC}j zYiC;xoBP4j+oWeyum>Jc*e!m;u=UM`NyXMr*M!ES!mKOUp!UiAO-7&hXbnNc0a1oQ zx(UZ~dMj^&OHwXaee*xDP!Jmt9jiF~s+KWK$5@zxJ4If)IahyUC`YQVqS>e7P_;cs zW!}KLyINAEfD7QAbCciYoA5GkX;fpw51AG7S;uTAOYVMK#et7-mEEiCX98YNSBjMc zU!Ihb28^iB3~3lbsaJdE9JiiLM+%I|HNJOjG`^!O7{<<+#y*M4s`&xl>C_pOq%UF3|3Nf58ar)9b3!-}{2aLxH+9*NDAg$K*i|bfO|| z{pGY*K&!FF)Pw>JYKg>ShUUyy;E7If!%Or|Jp^8U(HhpH_NW=dkN#sU8kI{t*O-_l zTXTJXz3g7o_^Z3PEQAkl>qW|s!V=EXBCaQv)DOP!JQm0Hm*Vasf@Hl2K@fim`Kpc^ zYbzuo6edkvtt!0_6d5mQQGrAtLX7ZnD@5#5GL!BRYJU9sT(oUDh|0nMS{m<~wQ5O` z6E#Lwat|)!ay8^>@|^190(pH1oKd~!{w-rULQq1Bqg8w76|Ow}L)^!Uu48#|zlx~R zeh}BvjYbUfsn^N^iQnqxKafl9KVKds{Zb9XO5daG_=tKrl?@CjONDiol^Vyt|Vwp{n~ z+)W&9$K|~9X%w4`mXXoMOlpi?%UmAx{;4wi9x{OPvQl-ob4ckIe zgMGBCJPKDJPdb)*t=a978j&=Z!4VOILz?<%!<5(l?%%mjM~{KD=SMPJDFG6jL$VkjTnP zTOXp|Z}a_0m?Z7C*}5<~F41INREt=jkJ8l{ira3uK0y+S=ddR~aYCe1)(u8KPc)#7 zRc6Vh{Z>z`(>cdl8hyAYG#m{!c}N?tZ86mH*kWkKsN^bnXjFKOVT1skjt&WKmU}se zCjgb$4zM0e9NHfYcr$r5Awcic@Mq+LJ{MU^cPOF)L@WG=>4;qo)UjC5pgB&6Iav@ zL5iP7nF6%OZjvU!rq0z0FYI6>d1L6WHr2Hw2CkZF4u%n6Z;aJVLN%k-d{Om{C!l+T zW1I_2Cw{|oIU#N3t=R_^j=kai6MNQM;%PLRC4XR1dPt(EviG2PhODX3$qKP~L`wus z%cO!yE5RLlpriVqI*9faYo~nvBY#@|HSYoW%+G$4b~{H0X`WsZURP;hAIF}}MF$7z z?H&3+8E4B%4y_mgo5}MlOk<`J!$9jc2qV?DE`u>s?mf9WpL=lH?pE5((S|w`j&n-1 zq@2eW!lBlm>j(M`0`(pQSVO9xKXwVLjT)B&R}*oc&#p(^2$QN)hB&mV@rp>)%g%|H z&{f4jzF7=P?NF2&l;$A6LdO#qx9Z^H716R3x~%;R%R!=RtdlGg{~Pu+PeMPnpA zT6H3Q96oAWNR(oY)0LOxuzSKkcK_yESh0wHC>0-9;REn!Jkp&Rc7EI0NM}EVqnL#H z8bNLHHD&pc{FBIa*wE{JNE&lFBwjRmCLJT!FHY)|*09%NVS3*?ea1DYYi6)vPUuRt zHO{WR?_=$D?4`RA{EFFkp~Xb3DRz_Aka0(tW9uiEH0w_D!pmL3@B8(Vb&~U+m`SJ1 zeeox-mVKPzycWk)D=V3P3NpsSnUfM~YL{71d0(5e1C1b?WY=}ctX}fyn!ieIU?|of zl3IEs`kGIIEpep2IBg8SK%CW>PUTM|ch(yr0lDn6Q=z({L$50u4u3N}13?PnK|5;< zyRHU79@gfuy&sMso+YC?;r&I?XzJ07bXHiNLkK%SoIX85={042Ne=(ZwUndBi?@01 z5K%Jy_-Y$#wXbFglyW#VwVsU}`X;jS>^E=rZjNzk$GY)<)uKidkqf}-;6iVcc9Bwn87bW%rRW$e#JF*rIGr%v?_C%Vdu z{rxa@W3lEl8fSFx>SxSm(Kv-HQ?8SR@n*7@zsP2n$3blJ@Ycrp>>x&tclqAOkOqz( zm+4~JWj3{z;*Xw>E7oKOw7Z#J>hduP?R!t7ifV)Z66NCWWxC(oJ0-yiawbr%j-{mX8lxH|T`!!;{BrCW@U2FHb3oao zFzZxMhq!R;b6uB-)k4%6im71QK5V-`3|%HG4iEmBt=;^=DefnJg00^7D*V&-YZa~m zTY`|fwE?`Q258F{Va<9Xk8+XFq^vV-Qz@2Z_NXpA11@i3^J>h<0SPexQTZL0B)$NU zR<9k+@bqP0Th%pw9|E8?zDCE)fnMtO8#&&C3~l<2@9cLGxp>I?#v{6H+JV&L2Ho#f z#HON;Rg}8np`BQ@@$=ZN#OTUel|$y3tNI&cCNOPMe|>gZKhmC+%y>FDiy^#P@j~%O z0bRjNqN^iym|zVWg$FnmPjK|mQD#&4XTWwi2IFW>{^iRi`giC{1gT%NJnk_G)rF$p z#*gS)T76u+YR}7r=Q_R3g?j%_noff`xQ|(_%g)-jv5^IC zr5~H~qem3P5Bf*gWz0oS)^y3^yjaD!U%*zgcYb{}ECav{aTLA_I?DcT->od5aUFtEVxB|*q#)KO4` zYI9Al-W!-AP)j1n?l=aoB;hG>SKrgx-+qCo%a!566TP{)%c5O#gi6)OI+)q>TI&~# zc~`6M>m@SIbG-+!Hnbbsk`4o}t`RW}Up8}@6fqxfJd(4E?3wk=d{6x%()?S&rx*^53PX4Z(<&UkR1-EoDxctEUYKldJ3Vqd|dn6;++*EQsaw zgnzv!E=X|Q^<)3j_lc`jnd0_6(=4Ka3o5kFerNkYC{CP#yJDSFbgJ^#O~}~H%v2Mq zC0)vVh?Bd(QxV~6$;yYOaX-_gwj@g=5Eg7QE#x?n7$3}sH!&4yUv=R!8T4=u`$NMqTY&7% z`){*aVkWPK9=_86&MTTaTf$omh0Fb4L?FmM3s}sa#yo#C{7_r+M4FjkphWUVcz;c1=lAYOAx;;nzcKuM_ZW_kn$Yk@|4@(VCrKHTdyc_oIgYzIJv+9Wr!1?vGDPlo>N7}$#KGoXPjTDxKoSm z@Zr2yVC!cR)!&T4khDf2>TPr#1w2hF{TcI$=wtZwk_WHlv{Z%x#&<>XLboV!d?=YO zzAtbYI37Zvx9)!U6P_x@B|(ixMmGKA!Ck$a08yR_72$KLrKQNH%r;L_OI7s~w|+Bmxms><@Bgs%m0?kKTf;Cg z#L!YoBO)DA(kY;HNVkL_AV@b1NJxv)0z-FqgNR5EA*IsY-SOSSbDr;b^u4b6F$4FS zwf3sL_o^vPUX$`{A06sea!hhxUw>@CX)&;1Ze17;R&!kSp=S1cFrDB-Dsy~F)iHI} zIwL8s|I{y%g)amb>S7D8P8eR@^&nqIGC;l}&e&UOLKnBGGMM5NAsA_<338(-_4Ic1AgggI2VJyOLNRvg0j z*_P=zPSf~2t-IuV;=@b5p&;1ZneSIMC$xYJ648l3G%9 zv{NbY86Xd=4IXm0(0I^o_=48cX60WqWg_0YuJblo_k^1ejs`}l?@%?Bsknl{Y zKXdvC>}9%`R5C08_C^KgOOLLTPXEcS0ScS{alq>UK1nA9FRXHZS#lh2FqKUs{l37B3^-sE$+u5K`s6j<1qLU^;^ps+0UumhDjc#?hT(%sQcW?tUITyHum^i zR7uZy>CcxQ36j3Jidd37{D3)mdV^hs`$DJloNA~0Ut=WuK|_qc;Y%tNwLygPg7jS8uPvc^Tfb&q-23B%#64Vw+Q-@WYq>u&>n5p(5xRkCa|L& z9msq&zmL?a-<>`@%wj>4Zc43uU&6$e&GvmmXIF4wHveYHuZ45zyjbmOAgFX%^oPkn z&)(_&kDLG`u0{TY9+ms37EiYNdgP*lZdenH0xcxR`B=Fh{tS-bCL`DS8Hw{~T`Zd5 z>zzLGugTIud$Q^TPeD+@@F#c6Jw{>}Zgw_C&J_}FqAqr@8+4&?lIEvPi5_IHo!VxaE6-L`g`B0WQ#th*$?*9a}h@hZvQAYR@WUX~Qh!<_1$bZQ-;RV*RVv5=rFn^XP_Wmd9w@$G{yT z-^SCc0k^a%j3@mY;x&m#Q3NR#!Qzd4tGWtSPCm9^oFFvdDk>!D4o8NU!?STl2p|2z zdcnUUp|8Awo`SoDMTzqZ zI?P-c+=-v-t!F1H$jlsZI!H|QC!$9}KdjOqC%rt48jPHJL_9dXZ;GMF@P8WoUXD>X{ZHx(o$+?D4QLi|v7ar~W+G>tjx z=RAHx9r7u+)zi@Uc+tb}-+X|Bz(h+mof~QK)uWZ{{Kw8x3^L>98VA>*N)fbA_bxwX z>mrAVZ(x+gP}s5-PTHGvCN3SM!^iNc+r#-Xiwq+JKdLG@_BdS6s1&)IlCHL5Ja~sh z$s#PfwwQu5MBweIA~c~ zfg}Xn$CKX+@SU&x<5F_r_u!HtT``eoxcCu~9D>-o9$e5L*TlNm-ndstu~OlsBLqtBbm&PNUHSzkW}mA;5n;)uM{ zh&+GRO8I4Dj>eMWiR`8Bw>mz~i(c`7u1CMn&+pFH8-Wc_D6z~Xs)pcNaL_7m$UvPr z{tx3=xYyGfdZ>!`gF3}Hv6G=L27S1v!I8t5XN-l@1F^?v>xQ(-yZ-0)M>8=b_WsBM z^aRs;O=kMhCVj_<8f7BIb_ z@q9Z$`nVTvW4<@%?cu>S9KAdBuf>DKp2sgc7k2kDW0IK1qj6uk162jRDCDoSzb^ zNyd;9<1tD{nvS}tH${_hU*gbhl@v>x5T;(Hj#rO9++m0&fJ)`0+dtrE>`l9Yn=TBB zohb`Vi?s5WS{rcfe}$5|-M9qjhs_MOXTqAstDcuC%T&4G1dIom*v#|=_0Vz&fg7-x z{j^_SA>Fg6s&upcguORSWg8R_k;#U$z`JZV6Y_r0Oo8syZ9?ZLb@q#FSK3L`RwGrF zOH?X@rUiIkyVmMM@pRpTgGzy@_yGeE0j!hoIgAGl*w*R^-9Nkc7|_T(AKy85R4?%< zXmV>zn)6mNQjHmJRt%(SJ?D0rz7bT?J(cnFIzF@tPpHE%IRM4I6E{U&r7@lxaD3ZL z+$CY-rxAdAlje8Y0wGy!dLs?F447*;c9Yey2;y)o9*i%)b94-DKVPryNagfw zYn9|p#lRy&b9C`{Ee8vISa2u|y9UC>~Fj2d3Z)>1lg}@d+|LW zeem3cd9%YqwlE@UU%ALF+lI9z=3UB6hiB46nXS5ZapcbyAt&+Sm%IYNNn*WMf`5cea%OCnM*TnDxD#mC~0sC(7B_UOs+Z>Q1#L=tO+ELeB zG_SF9{9(5oS_U9MhdEJLUE3VKkf2*3_ei<*XMI&`yUX{#BZgm77WU zcC^U`xkcSJ?dl6ta8A?LI^nUVa;(EvcTl=YwE1YAmAqKX6>wtTsg*s$j0I2`C8rsv z&0MA?k85i74<=RZ_8*I}lB;i?mIZ8?aS} z1j;a*(@KZ_21y~t8rH6inWDRn!sB{HT9-A!7EfT#s8gl~g)m?g&Z`>`TR@EY7MIuL zinMULwP*ZhU5jt9NZ~~sjsf-VN|hVX?8xodIli@fUGX`D;Zj7fc(VM`w&Kq6ti86; zCkQ3pn~z^_B+l?tKsMI;80BAvSF>nGbKT%`6q3m!&eUWez6eqs9Ti|E8 zkj|1`3foB^fjx@`qLm_#GOmGZ*!C%9BekYLS%=|<5b<$j@4dcp-98!dcL^3WBAo$ta?!NANF5!ePzP4+4)w_wex!UAvGg}qn^3W=M6 z7t$6sTkvr}N$}mVD}154ZK$P|ICe5_O>#QWNcEJ2`nJ@japRF3P->G~(30KweU_pnLVQ=_iHCCoTcZkM{ezP;?SB)JVU5o1>FS1R_)Ok1}KD>I-v-0zV&B z8>rSa`NVmYH-6BYvhJT)hL(Q1Q$F0NP7PqlA;K zefDePfLq?*QWmWe1WrHt&H~c#(vY^dHFjA#?IYGWnCeK}wN<>5si9lj%rR9T<3bkf z4-)sL5e$`2cZ9jZY-t5Mv~kg3HfNrOY$POgD6h`n7rdo za84lziRo1K>oVQ(ESqn;FG~)e+?U_@T%Gp9Y(IHo zjHHG5v0#4&o;&6>MR?ack2!OfW_uN(1>c(S4Lx0I2z#5obL5>DI|ETbWKLIV7Q^O} zsj7un$V!jEo)MW35*hqZh{v}lP6U&PZn9Czi$eV&Nb^D4dt8cgX$DO4&`cUZm0>IC zkWKN?*b9quN00RK5pd?WL=wlvjuHH$G*=TqQxdp1h` z(V$WKj&j-&s~XI6tmkN*kp)Z6?KNJ)neE;ak>-bBPjb!bX#AF$R{Hg z5*P>AF?~rD{r^?$T;-=;mX8jZdG1zZbX&zWWqxKLXp<8>d$!w%+X}9%| zh&Uhye|*~mGh6Bv3uOUBqzlSNIBP2NQk)o{y5lEuMMbxj#ZqQw)os4`zd#d_NYuO@ zKV9-Q{ckI3ol*JEkIh1&R=u&eAd~HjJe3`)YGjCi{r0kv@}t(B!_uy_`S61NpBSo? zABU3|$-EYB>)Yd?O*4n2Nkru^A|(9VtA=J5Q_cM&n_9t>P()S0D-4Ptp<{{)!e5jTwl)yuqB8ze#!FkR-75l$rW}Kmfttx93soDE;zJedjw=mnS*Xfy^{6 z_@}hFiJvT#gfe=f{>yAc>8c++#_mSqW$44!oPR3nbMYt8?z!XWqNbpOX>yYQAd!lm z_&pac{1cO%e6Gk};&DLoeG|K#&FR_qVPjbLmBBrqhBG~U0h zLjHnzD2cBu5ew&4VP7QqFw(~+t9$mF{vn{B3L&@Pdoqo3Y&~L;y!}JCxa;OMM%A5$ zd(3`6EgX{Sw?bH2|6qa@y*>4dM&9B_%(uL=6oM*E93cb!#0;ZU4u#!T%VTtl|hH6>$`7ZUm#p{ zxKicUddvL(F6&mp7!P9Gp1iFwQj>aajQBo$F{q7=2h$Vu>o67Hr(?p%0{uxVnbp6e zLcEVA0@)OazW*3a6oUA|FUmB2ih}_p5~UJ9#4AoQzFCn_GuYl10sIb$Nif@6Juaz( z8JLlR;1^I6?_=X4_#C+zYYU@WR~8^~Y;X9sT=I8qhg*QCO$JS;nrdATIslCW+M3=m zNI1fjVZUf}egN3Ufbwej|1o>O1?Vcy@@($CDm)p+MGyh!LgwHTAUj7sCnH1azC%Zo ztMlTrs`gKQd{Knq>y-pdbv6g{{RbO`zhaK$2N;U(w7%Y#X8@7>5?0)QC@=vq_H_tj zG29F_ixa@Duk2^Em;!_~a9u?r7Ez){SkDxQGycTI^KABM(OFe@wJuN>M+0IboWM%< zLhkpA1g78Ru%4kV^2m#-2QvPz?bCo1ftELJEh&SfpOP#HR|k6oYBYW%#<Et2cs3YU|G1z2tYuR$x+@hJ3ou{O!^r z@Qo*Tg{vqUD0+g-)))ZZpC_`&{K>=JOBC$agy@Jrhul|*JY#^#tqL;Y#Uuin!F@2n zV(|w6Dd7Zxd)mVMCCdhYIvLZcW3vO!ysDXpACm~IhWj82s`k4g0qM?4A?qTVKh`jBTUz7f&rHK@LeeE82|ozb^!M&rWC0z2A!l)H*zAGeDJ#{?$k; z*t;FrLz8#}D4#{MX$H|BTUFg#al6G29OuW44_bS2FzQmog^=nfGb%S}^ROONvIACC zesQ)aC6hFaFczeg+i#hE6tOYPZ>oNi^x2kH%^3=i`LE6n-rocZ)!+mIv zxqqA$aFAQ{&Mz5rk>)^4f(7;xn4Azh84Rewv4E!BpEi$zxhp+uoo<7^tf+Gbx%SRC z$*&y1EQgx_G)b-tg6NSxpDqO^gdhIxWq%in_dd;(GLFGq7WL;-8b5_JAhtT~7bMPg z0r;f8mM$eGgvzwY7SX&H<^BoMA21#4;%{~gXh7msRJy|-(lK@f zfuG)Zgcyw>I+G@X{qUZN5F~*kpvQh@1GE5)V`R1iFaqg!Fk@4Y*Upd*pHgcKJLol? zJrS2MB^g$Pz234xjFCXUz5^^)@qg&TN46&92X!wz1$taU{Hif2!WR_-A4;L?3gycg z_#^ZgALjDMT7c=K_}`w;6sDJSV1~7!P!X8 zwmw~n<$G2b!vuOwTgJe3F2F-5NVPA?<%$n5jj~Ip{*PU)3>gT?FA$MusXrqErv2Rw zRq(;+4^)Dl4*MoH0?M{rvQYdJaUl8a1(25LX1?$+zCxgi{06@QhCbM-JOYw6%ZN>ag0lFZ z&Y$13^aDn?Y?Ch!(`#uKkkWk>|GuB#AsrX$QDh)5APk5#EI6j-pT?^H0zr8Q>oE32 zQkMCNQ!x17AyGFr;mn&R+@L!HDH=E#z`N?8xEkW$OaTE4RG80NCR9haEXF^a4gLBE z7(exa9LNlqs^9_ZvIVqTM=#Hc`VUnlc!~l&A?N}k-?FM9euNnCb}#xbC&;2$M~HL~ z2H;5Ur0077p?6Pc0#TJDChW2}y})cBC7S3!h21yH+3;StIHF2{20+Ed$c+6LDr96) ziyEp|Y5rwEMd(C|I2xBdUlqOw;S>qL4KB=YR&feRkiYiX7=>B-x3XP+fOnkL0{JNL zLma6Nk*l}?wm%27oR#=FanAqfE5dxMSaO z8iW&MA;UIagprlxM@q0u>B|kw!uIt87Ayx+6zC6kC}VpQZ<33(F!87%T(Qb4icSzQ zvh{bbKm!7%(Y$+5>fcZueK?>!lO1TAq}MNFEF4vPFQRi5&A@T)RSF_HMu4&CX(?P~ z#|3(R_dY&4H0P6rp6N`D&!ijvaYSwhZ9{nM2y0|O_J7)x@6gT4+qiE1YfL%#c~V8C z;tVzT7em^<3LSiDCLRwC34t>xa>icZnz95r4f|u6oQQTWyH(!R2O%!FRY(Pa4<(mW z)W6Em)aFC^A(mpdGO?!tC1U>q8DMQeys@jzoJwqgsklRPUuF4Qp{ssAxIKYDo^?eE z+Y!f!ng=vrT}i@KLfPk0;^z|-Cxs_9iQjRCJHJZXLG`6C9mkiwqY5) zyZ9Xr#?J_z*I-*b5y&s(V!u`FAHYmhP4@jyix($7v@YUAQo>QG&@l7W2!hKyf=%Tz~CBS+3)aS3$IvtDCgZLbu&>m z9Ya=x2Uj}rQ|g6V*A`)xCsI!0*uZ2!!4LO1s3oSs1;G%Sg{GX5fbs8La1{J4gVpB) zZ6N#(W8p3!Jxv7{4~eWpp~=ZF-@p$uC!xc)x-TLlP=`Kd=U)Pqqlx<d+*4X zHL?4;CtQYjoCE3-HD%AdyoMx%oZ%QgfE3jIRhZm_hYwVHWj?U5_I9l-=nPvyz+t&N z=tjo$QG>(@^Oy*_v(@$YO=xIHS_sPn(qn_4LQe6$ zgTTls=@;g`V@!*>W|Oc-Qn}>uX%?(sK90X2{<5+99GGashkfqHU51z5K|?n^@<^FM z)^VIxvzPS=4OQ;Fl#-yM_P)E+XhqLnhsNjF?X&K+RV@qIlQS-^**A|oNggq&niB{BROtyd$ zKYx{?;x_+uII1Pt69zp;mwTGaQjWB*TTyN^_^RP9mPx&(m=%-q3|aKhYu+UP``)` z6A(Nh!k3m1bU`LoVUqiBpOQ&()j-YGqFCd&UtP;yK zpXVX@$-Ll|Y*5T}#r3DP#oTFszGB6Ej6|M>wqz^BG*MK6zNBGL^E&WtsZ94V?oQ+9Ld6&4)11>jb+FD2mZ2ln` z?g;iz9~M#WW&-Fp1_L6&kcB39A1CihKCZkWy!eGjD1prH+}DD}7g7`fs!Y$t^GA#R z3S%FAP9+7avu$iKurd04J~yk1XMmvrD;&?5hTLVcJW|Jy;pa-`RgbPS!gDM%yAfr| zQSCgwKNM4sOL(%kv&jrotrsabyUHjDZtLnD^s0v{J}gV&(xQpnm*Q zX4w01k8IU;u4b})RSiCtXgdhMWt^RC-%|A-2w^Z{6;8>S=AjJ%;4y2+s;5D`zrXo; zE}=)~IFLuv0IX{N=v)2IeXseWGa4t*-|A z^x2Cvr^A4g1o(;qfEOg+={7uc{-dn_qQbWVALqI#%Qgg+=(97a$eBb2GwmYT-~xD@ z5qQoCT(17a6OsioAC;pvFyfA>cFcB=hTa9Ak$9m-wT~HBf&w%A0xSX@vJ8~}T+{tr zziauq$@hh^EFZBTMCu_Ovm)@2uaxZ;V2C2X2*_4QW6Ph+dm@7j=9&&yu+@LBuR1FZ z*(Yg2^<0!o*T-eS_Xpu71=2KBR{bI0Hb|Bfas*luY&_^zVG<8~XMK^%}(k@!Bsu$nZdhyOCj=t{^Z$?n$!lf(7K zlh2LWxEgVJ&Ub}Z!3ZMNv;ZPUc@L=ml(9DSle#ety)G)1;z!5eht^;+86~ZD;W~_S ze*{am5qrf+^+D?Y0jD-AA?IkO6#Ff(I|vl;ZE>8F+6NN?n*x@zS`Vnlk-k*!{~hLF3VAP5FAV}O5a?mZhLnZ*-d6kpg-{@3`^Jrb0GX!Wx)%Xt-Sm4Rn zKDZt@2V~kPh)p5O2vFkT(tP#5_3>>^8{6V#3f#fiB?sKGLI%5l%XO_!@au? zDWW|)9p3@V69=T`MfR^z|JMla7x=YU=j;h7djRL?w^HpAiciXPpcEPaCJGTw z_PGDG82}cR3t1JjTo<#N`m7~ReKg*6b@cuwQ=Iy$7T`$q4}{_T=<3S;+b1~bLEmo* zkjgct_`7cAgY=@?0$^I^Q7F_{2#mt207hW}751FJF$zIeHQKHkDl<>k-h;?1PkwRY zC_x<%5{NcJ;4|v#&Hi%-1e7(a&2{2D?&I<9R}ocXY@rzl_Z)T}DndyB1qiS>bN{LT z>Tl&zgJ2sMN~?Sr9h=T;gcS8hK5nCc*De-4zCTeUo{BKkRBCb3nZFzZJQjpk*8aG0 z>f1(Rb{pBIGfrPXnv~tGp5P$%nXhl0*#1^ZN@jahYpQkoVl5|GX!_51h`>B@pAl6Hwgu4!9Jd|>~dGMIX|sA_sBkCO~85FZi!fyiZ(!=rgqnl>OVyW z^CPZHYDm*-J5tVBC$@1C?DP9!f^rL!fPhKp`c?g>rNNMhCsGAl4g8Lja(c{doVdKu zPTKfyVI~kT6J0aawSQPAtc~dOz$%MK#G*}bJ|{52EnB2KAnxwgx1i-dXP;A zbcjnx-QIR!+~7#_r8^j2SvijF*C_v9AAVyal#v;RJCg|;51$tb@W5FU!l(a{)FX^W z-Cj#`ySo>Ob3qPY(1|EuT$+g-#6PUetS$eW8tA14EHtAP>s(10PCM%A85zttvHW}< z86G0|J)a1n#oEy4#C0Di{R!$l;3|wW-U=EFc6NVpCgdaN9M9h4`_maN^;v~dT1uQV zoAW4`YrE4a`$xo{4<^i&a$*1?yY^sab)t{5Npa_J@Mu)a3fbo9Lb)i`WxmCOhD;*iDmgX z>?RtjjE*vf4P!gAy_rMhF2;BsvlU12aujjA)^BRcbN4YQoev$33MET=ZD;kWKI&=| zT6OE*_I03`(%I#9Uwh>7>~x0eXhrSc=%f{7#7t`xXE(FxC6SDECXtMjK4#0evrRG@ zug$8s{JwlnT)S_Fx`^@}qc;nOX0LM2tqz%IU5ZlcAJPpVHhRwuJ;aN$PB)4b**bQi zy_)B3qOry0>lI@;VCV8>X_in+JQ7~Ef>O48R?3;CB8eHbCTf!0LVTqzg#JWlfMRW0 zjf!$E%f^TmJ--(8lFNH)RDC=yW@p~g`aV1i*Z|NWYQ2&XvP`m0|OVb)y{mU)zqy`DX@l@3G-sX($E1l+0dHL5?`F58~1Q^Q>A4y#_P#RmcwOBD9PDdTSy+HblHg1&;Cv*l+#jgeDp>x!BC zD86BJk(QSlv3pv`P8sMxc59~(h#1+J!%|d!>N=@*?uz2@CS%)`{Brs-zu(?WCiJ6r zJF{LxoAGNfM`HWya@}wx*UV6%x8@%9*HlyF%PdW7O)t1D$i-h2xv~d_iCieA^o0l(e>X^g6Pb4&L zgCdlwbf9kFAR?`gKR<_r6<_RB&-sfAl|F8*6xX?o+&f^gU}aD99MnUJ_vOjWswTb} z*LO0w^cY-;1s$upJJ&%P$}ULa*|^Qi<5RyN+sK4ljy2QhPNT$$KAU zjRobF` zmV%Z)UwHk^0!hBKxCmtjxQd`cY;^QVJga8dH`q36FVL_W587y+GA6L63D-I-N0eeO z#^!q7b@#mAtL}qOp0#9U37L=$eAvvbqzTnFUptfT>=e6uUR-Q3Zo^}vQ*q&3Wgsta zJ(TfMY+GojrS_cgR1ACY$X@n`hx;5O46VMnjQDQbht9{Z#;7Yg$;2j{Ed)UpF_l>j zP3Eg}dIKA+Co=S%+2xOQc(TgO2O6jBl-}KdNTG(0JgI8}+6Ii5)m6~1t7-ygEDCl6 z!0o3j2{(^E;drEMn$;1^+lu*I(!G`-J}8yoU6txM7wz$K!)-yWz!Haovz^)UR8P1V z;k#6u$Q4qv8!RiKq32xRH*C&#{0ZkQF>Hjn<&=9@J}b9r@O(%JCQL(XZNLwisHi=?>l)#=c3=GfUQPV z9hS99-f2#+j3?^V+lg{K=_Y|-Xx^*Qw)5(NX;a<@aqh{u1Qvh@7;rV2!&TNxxw?UB(mf*qD5)n)6opOFg}y6j(NI{Zl^jG-zEpJWX`}K5-HMn$3@`l4%M)*( zRlx!)J;s@$jU6O@Y$AB|QV=#MTKS~U`v=L#N3mkDt)n$tXGSSP`yINa2W!bRGx?5Q>~m$%-?ow zkvBebNbsQ!pq!0HnBZShPh@1bxrArb*?!3v@)`5&ttQEBe0AyQH#V2M#lxnl+F-8J zTG0BTWx!m|g19WIr>I3qM3!jwqMSn$yWrQGV(M+a>LMd&^@cDF5exfYNn%sBa*n@3 z(d7zyT2r?VQw)8W@Ow+=8>+0H!`|XGU*~!>OJJc>@xN9g8@ZBHt4_u?>LKhKbc;Cy zu~3Ge`b!Eliqkc*qempE(7d9IPC5XPF_`Ok$(>Ra zgWUAm@I;`RFO_TXej-EswvgA$*aAG~a4>2{9-|EeVZsL1wBe$VpGA)9O!RsTNR5#Y=|aS~9`-h3RY5&P>?zSpPi zSAY*Jei-cgL=md3ab_+}-?<>;<-0QYVu`*uu^?@lOnc*#$h5VURsDP6pAUOK!rh}^ zv*Puv-nS4(7IpJB@0^_)>QFihCF{6XE2CELKL=H~r5J_xB9}8-M!Ste|#v(wIVTBJ_ zZc^K4bWiV2gCY__9>?0Ev4-pADXr(#&8%~xCg!gDoRwz(>zLut4r~HX#_pK47{9I#Xn^cVTHe; z#P)#gdcs3WH)!sCp#F*3V`5Z?VwQ3?bD~XsTHlxuZ`X|XJdQgZaLPnt(-C^GD;5)# z9~Fc1V@!E>exl5ic=9O|!=(alum#;J-95?@BLuNUTz(`vIh`;vN37{rnQJ0nnKKh;n)mZNqgrXpMR_=*=wfEb-cgU zG+J%aTLK(gCcpovH*7T?8RP7QNyTSr z%SJP@*8~M6h4;a71-(99zOuSSXbLsN_w3M@-&p_=$66AZueL3J7?X`8wvA-P<|wWBO0<_g@eBet zN>W;y1s;DthUSl)(|#JRfsu}Un1$BNq!Pt}mO9I0+$OQ{a#lJEMJDB<ZAV->|Y#FxM$G^0G5(XhTbISKB&rgBR2#Uu(*Y})BTXTE}ALkgIpe_+(CGM8Cc zJ8smXZPq^XY#$0A)19GQum1jx9=LbNb0xhev{MH3^7#2)MU$GJ@ALhu0%x?E=Mg0b7x9~%@_-G?+2on;QPjCszGvOn+M)E~DOC+6jt0SM{cE&yN zH|7bf5kO=2ubt&p@ko=%Na^q=m!Rx8F%h=BXdAV99PCvUC}+uAW^;Q_xW-+5j% zRI5SlhLgG8e0Nd;ZiBNwjpx)NhIzjH(QvMEsT8!&qUGm*0SPh0e)$>K{w^a;HcjFs z{H%=13nI7;39UX6pEZoz!F3fk1{i4U&3Q%0t>@R1&9&C-1Ka@vnjN!lwS`Cily>w>7B4ZV9x zU`V`h^evxGY0|{%dma?H5IgR%sCx{yY#dD%A1UeuYoM(pKLQ^{!|=?`sgjFszDwc6 zK5H+JEQ%o}rn#{~>{w^QT~*HP0>)~0?Z{Dw2hPTmQAkB^_I^o6u+3n_xhL_0H!~|9 zR&&c$f^xN@C_TnP2y4=kmz~t*wlf`f$S2jt^MVx!)ux8XSE@k{pK3mth^>g<1xu zZA!-cyr>CU-viJ7uTt?`!;+ox;|P zhI_N9E+U{=yfCR@>%zEYWS})xD|k3$z-t;@JS)bycERz_rPPHeq!Tx9(*CIy^m}-G zc2+@Cw!;%@Fw=3Lo5jFwEDN3^{>J%ij+ZCq<*o=iFP!)1xr#cF{?Kd0k5*{bN9M#QohSybef4u1{CmeM$@4H+;89Vcq3 z8I-(_N!RVq>4>iyeQf)b)+10C|7EHM5L4+b_&H~xsb<*l`WbFG*9SFhzD@uxz z`vbp#Zwq0BMXj}>oy+3q`nLeTQnx^tN~d|A%2CvP?LRE4q1d^Uomr7q=?LU@XkI{8 z)8u|)od@3^?065`8Ku{?vUZfWeKu17pW#z!@3|QNNEF*Orofuzs|SR1Re;Brf8w5h zY%?-pu^bGF#myT#36rYTX4NDrWFC2m^D_$P%F?V93COZ2Z|piU=X6X6JtmXS_AVsX zOHR7DA9{07`t)UxJP;ByK=xjcRA%aGGl%W`5Wzmji%ol6u`7VG=&4Q85PMu~V`FPY zN#Y@)j|8w0c)B|CuqVcAwq}Z0E)8|PhYJo`9fseW0EXsn`ep8*4D&pa0p zmBCK}wLcC!iWt8MU@(S!LXk4bo@*S-!b>I}2)h$Is+q^O#`m+JLml6jl7}Uvqp2W< zt-m-x&T$dbw1`LZxjvbmME9X0*1tibyt(Xwg=u^4JZ^X1kB@pX3bI@SudSY}=DfEk zR#e=I48dx)XGcV3&x*wDAf-1Y1q3gn{0swx(SkY)dMoz^J--!Lv#c3RYLEUD%-UdU z4g{VBXZRU@F9Ju1i{Oa{YDiRTZ;)ks@7@!5kzMF-k%oTckfqHogGLPRwql_G>)snD zesU;P>TGQqW=Net_#d`p6#1nptRoM}&BU{0vLX~j~K3%fEJ z5s;HZ$yk0BQyw#4uZR_Q!l7H4CgT?PicQh0OBGo-$)4y-B*SRtTwk&HGz;toO>0aO z%X`(R)JzmiW|A|`qvg{P>?>N)^hVYDnNC{IfM9}6s=Kwp(DOTm%r|A`?g1^bX1760 zCoSaWxNBxq>g=&q-RhkkwB`cf*E(gYSPjw%ECo#Hd6)X>tCw7PIBemvZHR0%Q4Z)l z>+7VghSm=o0oJ!-pCe#{wnW6$M9S8>b;6b_#rj0cX*r!oON(OMeO&xN0SA!0a5=(# zTsxLwr5F~!@%5c}g`V`tZNMU8OErQh}~6?=0&j0eOGehI}%4 zlIS}Q*a{HpXXFR-xJkBz4G~G-ycO$^FH4$h%oz^uPZTvh7$$z@Dri|Vr5bvScbk#X zDx{3~fR{`<=6q=MO!Eidh*;9{c60LvnH3PZd87IAqJ+4`xS*xhR>Atycf&U~#3JOiPQD zKi z9fJPFT3Bv8 z&7VpqdJeut?kta`F2K1;CZl~eYXhhwP}UVUmNUk(JbhwuV_&hNceg2yX9wzf-b0Ew zmskT4-*#qBF-=X6!AtZRs=INZ2zkwqtX|uhKETuN8)AQM&hLe{k%e?(? znO=6cS8AFYvQc8JJ^@G8dm_Avw*~}%%U<20k*%?=G8#u zb3XP04os=gGrU&rvbw56_Wf)A@XM53K$7l-Z5i|0n-H89j7&5(oc_*(8RyB`ZfHSu`+mOdqj7}&7++fjD?7ZYeN*6B8g{&chYN*Xs?TO7yKKB={bCLM=F{m zZXONZX6K$hgT@8r%&^~BDp}o4o7CpK4)7^1F6L03jaO%`dK~!{phtS1Ge`fOmR^z` zRnmDf!`N`40jkz+*+?7Z6rk+gAcUQ`BjObjg|K@rs{xIv6XV;anHAojryt_1-v5Jg8vFdr6d% zA}LGj5U&8djZdK?i9Nm}6l#roW#)yYN;e$MD8Q-oCkAwaL_3g@N9@YTqJ0t zVv|bOSb48LyqH-QPuFm)Rd8V@;p%W$R`vjHEWFj$Jk@h3DP(?d|8@~CA&f3>SZ(W& zop<`lhCGw2Nx2|N<_E@pRrTUp5((G*zGkIih^aa`p za=tExExwD$@p0|T|3}kTM@9L4UsFR2Eu}O9(%nN1ph$O0OGzUwH4G^t-91Q$ba$w9 zcY}0y4Ec_q@9+I{)|&OK``mNxefHgFpMB3azem-lJm218Yr9@-Yiw|&V`1d%cO5}l>Wl-kMx~J7kfz^pw_PZ zw*4QtJy%7((iPBvuuDBVQ0&aM@g9{F&Wttu;nhwIZBiU8FnqdgX56YeiRpcHimE0$ zu__=FEX|A1o9%px{!#MnJDXZQ`d~VD_PCWDm+yYA*<^)}e`9+?yraSCCdQ-n%4K!N z()B6zr{EA!S#*zGCHDXJs8k(O3f{5Z@&;4u6lA9!?;6K14x39DtMd0fsP3fJ%hwAr z@MsmSAV=I3{PQ3KXjamG%gg`NI|xZl9tsIVx%!LbPHKk>rEgCmObaJ9tKuS7XLg$2 zc2Xea3JaBv{bItwm2`m+HyCz7rW(Yudc3= z0l&>T7qxN2XEP&~!3kUU_-!rK$7#sS4`fe&SHBB)hw$f!;(>FHF<+BPk^mHc@fsvN zUhM?eaUyYn6k<9PWT*i5#X$k%mFTo`O1Sz~^k)7@3Kiov!`ISG>*Gg{S&8Q%8s_BLCzjCV^TO}u!1iCxy z8iu0xTr=}S{=uur@o(A2hjar4*7w&Y>V_}wSMMB0Y%UjSOS7pL_#yB|UyNOFoVpJm zw_k}2zUmdhx{exT^UJ^0WeRvfqPBR%<&0v8Dn;=#QTNSr_dzO2MAp4U#kX}o@){F7$E4{0C1k&1ynj|HB^-^Gm6qYXt_ zHRt6j>6gbkJqPE*Tx=QA{`b+v1Ms^@M`o&@x~Je!>1&sjZ8p#Rn5np0Hd}u8*wH+m zq4!08jQikIHW#}IymM^@D<~OJYD>zjSSJ~ysZzIYcjKE`1>i%C7r&qAolpKRN9s|+ zYId|wHE&(Xig7r~ncE`qc9R}&7M#tpGiNes*i_omD?e`kb$Jp!3)rF=VcE!i-XX3l zJKXe0y28{cp=x}|?`_WczicPh%E8D2s<50s5xQC2ll)g|EAyQ1M3maB3Hr{X1P|>+ zvJZB}Z@N715kTl6uP#Ua>Edyu-a2!@ox>0agw4M$0q=YEd<7DA*|NNJrdQRh*9TKM zkJtkWz^|Sv$X1=o)_Q9HtK&KpJ83bwlQNhCkC&0`0;rvRf&V)%dy=SGYf?2DNl7q% zu9b|?sW~}2P;~xYfGF!iz9uG>^~y}4Kh_kL;D)jvAfBt6o767ybGEvnAbA!7>Sz`w zy>~|xb-CnA@#3o1=qduOY_TQchg4SnAfP}WD|cMlGA>Q$=a}zYEdL6Sj7TG*E{zRI+UUtL$6sBiYT} z#0S3887lr#d*`FFzY}xSdhYPWs`I(gx%X7l#|!?4MJn5S%gUYi|IMu$7?-^b4<1Qf zR7IHUH2SBZEegMki%LsWQKG_QP{4WsW5%)m4||ry2rHEqUk$U4p^1jUldn3v2P^#N zbdVUyQaY}8$iV-SG780fPF||oAV-%B>r)%3z`MxVq`Q8REHT;mPtX+ptFEd%d$|hz zX>;_^{j055KDL?th7^pF8m~lG9h>KU{o6iEgen5R=2?A=i7r#i|M>SGzV+U*>ce86VOo2dU4Nd)7)7Ry13SMr`K2tDP2OLZkn-qs>YbThj+L;=P&4-)^Z{dXA{~ zJ>f9jq$v?GwE8f&r<+{$yc^afthWD2TjX@0wt}t5E1_3(MsG}NIec+dkl~&2Yv33s zt@b_Md?6CfkT^HSeK!P5K}fdw6%_GtrgRPl_^XwU-bJqIp|6HSDOIQ)V|r77@ddX~ zube;9sDbt#FmIeEe9)<(|LNFZ+{9{<*M=#0Ci0qziQ86{WR$oHCQpj(E@Urp_i9n) zl#nI;WR?(f4#s1JbtYz=7w7P>_iV-2^yekUH@<$N=`Khe>a#&$Ac9wbnZh?jYqE0I z1f}9o-Xqkl(P=YZAn(!WVrh2rKX76K++E+UJ4OC}@MCxXZ59BS)Sn#wu2KZyymAd? zB;NdZi$h#igZL+b1K`s6oZ5?;clo%#_L*Fs$~gEwhvwfN(nkp3=aqWK-E&csp`T2$ zu_j6|snFRA-}~H!@;`;w5i`NxE- zlj7AaNfD&op@41k5&`OWKOp1A&vK7FHm~qI7+CboqlIXjpCWJ(uef(G`+q@?MIlf0 zX0-6pvK91OE1z;gFPba@|8Kh{U_Mp0x^(85$3QM%|6~z~>slUun zplkby0N5fGojD0=5=yHwLrIpCkYY%={~dmpL!&*F83LsKB_89R5nb1Q37D_72T@Eb zc2!eIRT#5;wfYY~eSeGMetC=z@3H?-?*{`#js_Ta&6cMB+ns<0P}Y)XGA|lId8uy| zHAm88eY|j1Nm3rHfBq0Z(1wH$ezw<{ z`l1h&)&;M^C;EVXH;VKe)eiF>f>Mu{4BD#nm#j&M&l0p-+tj2)f}))!4$bTqEWmvQ zY!AIVNc8>3@Prh1qH7u86F%b!EXRN|>%%K4HwTH|-m~U?MEp0=$#bmFpsktuKN%pr zFhKTu6oxn^&PKY4*=>c!zBfQAb`__sX^M(oDh=(t0cZ9oz|vMbLcu=usOWN=}R8MfY(UGd<)q_ z4bvDqI~B%3{x?W?Zs!cKwnL){SPy!_{WvQzWl&+apIvq9{-2K5jSZ$t>=e*Icc@F; z<0hyD*(%lZhNsXiEt!hl18u*^&S8=o{Gmkpb(gpApt!|fsZ&*JDO>3yyQASb~c2AVu$ATzk&nY{SlIGa8;ZK8HSnZ^B#*fN_JFbXu43$=HFl#xibsMPW3 zbSeyy$#hg*`G)6E?{^pBf|vVNDOS&91$QH&WF#-;bDpppq&aaOVq}{(JFW}F_|_@a z(uM37zoKY`7-8->0W{RXxtQg_(X`33ghhBwoAz4NxDJm(Vz{=IZkBh{Y3Sz%JPW>Hh)2zA$SlTO{1h25Cq$7BKve`c_;?hk4SVddxRvPPlLZ=aGi zVp{dwuSHA0MsOm(SYQWtW?txVP30RN!?*V3@Xo8^s;spYB4e;#WD_G$Z#m^5@xgFkAaa{#Fv8kJ8B=TS3zi~f%G#amQ9Lk7X%m%D$7Cu3Uo6d!!3n&4K#RWK+WLVYuLWkw%&p4d62tLW)id#*Jvn z@gxfw=k^hJy_xWYlSq58`%$m1-Wo!bIUFso68YN5En=MxbKqw{Hm5KkxuBbnc2c6S zbE6W;AG;+Gq=x9_N1axujTn|___*y4jpA3rv>DP&3jF8C65ka{ln=~*ZIK;HA^ao54B*cR#h+j6MWTE_9+NH#E zq5Z^TS31?U>MaoW;eB#N93?w*qsb!y%-Zt8qzH-1G=*hMBGX4s*171bL73{I$9`E! z)th@JL-d7hwHVceY($J0ni4Y??^8>v8j1Kjxe-cxLtPksho)4QJ1!^k@<~uVQVq+z zto={Zd0f~5h^jzP(YK|f(B{n@7*M*>`D&GCR*j+A<>E^5O}iEGPbJb!)v zv4FKk$$!`KB^E{Z+c}Db8Y8_TH?DxFW2)ZDV=2r-bSt+GX9{k$Uz%)Ve1LEBMt%%N z5&Ji87S`22+9d4XqY{A>n5MVFpX|i2C~?j?&X>>H&l&tn#hXz!!(^d{z0N>}$!PJQ zBMHECT^md?LieszF{NaAA=PT3UR1&!`Cc5*+r2;w5yhJ_=>SZvB<-!_ZtY`m1v>>T z1X%~UF=O1A6LyidqwKd1p&OYR=@XRAf5)9Z8w)8#4+BY48R3-eS22RpS7U#0o>Q4} zcmY%ZsoSHdMhRhE7BPT(-&D9dEz_0QuJkf_8jS1`;J$Dj@C!^D(QevOX#sj5{?<|H zF^yvM5CJ2vjU13bQVF1t!jt-xTCXW{OWufq(vqH(Cn zt3mCXXCCdGv9z*1MSKPjTvmq4qji_R{4NY{_9r*yU)0HvL)7T^5hAC!yF=6;Eh~qo zhe{`zR~wNwDNrSgMz*?QRA}T}*d8xE(rjvGQynQDPN)8XI4U@myKEM~=zW*pqaw@9 z#-e@2bxfe#UiCA5ju4FB2rEwIqo~?Z`E|K9;Fkw_>iH~YI0d-CPtZW5p~P=?sC7Yw zw=Uio@oOJ?h&+TLArD%es4s8pHzh3*e_+6|vqq)LezzuQD*D$emSi^vW&fnO<5H~F z^AXTb(?7&SOGB_4HhmYiZa9Y8Vk&AiX>|mzxR*EDn!_RoTbf|(gB{{O++r9aSFd(i zk7-L@tJQybB`d8f1rcOfz_tq9&mQqFTkx3Bc(d9-xv7}{*+dO)aT0j@V?g@1N4Y@G>?v=_o`?Bhw;7>OExcIHl3Sorg1Igfp~pxJ5jD*M3v@t!eWZWb%50 zwjj~rqJ<~%BG%?ULU-inU2by*!Hp03g^SLI8FgAV$BSvJt=+6ph|Cz0fdi_45xp0! zJs>(j>8^BqCZ#j&p&fk$+PP_X9OCVT9fht>z`qy>SJmZ&uV%}nP~p1>y1<|;kFUD$ zReyq^tgz6T%v09yf#piG_2hzn8-h3}lOe~bLhs`7rKq&r`4{=%>;g!Z@nG)(r~VG6 zyG}m6r2k?mI&_{3ZR;Dt`|m+ftYfLGA{o38Gy@r)-G^h;emz`@Wz3U+1(&_*9ELpF zW?yNLvj6Lqf{Wa?1Cc-HHEWD&)`ujG$QEb!a)mIzBKJiw0e?J~U7%OTC1r;w-ia>72(77b$O+0C|>yjH&!N17rf>h0zjOD$ee4Z5b9>IyBss|4infjEDn zrb1Bn5gR9eQZ_Y4a#scIisMeNrggws^?n#dbffK8NsV#vrzCX8vW4cM$o;pI8 zl&UmMM~y?3N-p0LkO7@Tf1ynF^i;{UG+yr_I9VzcC1Hwo0kjxMDogW~fDpJouDdki z{gF0xO?`#Q*o9Ic10J*t$Mc!ic&_^g_X@P`JGil@oKta(QbC`ZXUP6I+~Qs2!tj9e z813?p?vmqeTOuz3;RUb`YK!kds;1O(5W-tYWfF#4qP~eeRNegD4jtMK;@zQ>rFYtn zVfSE%M1%;bxjJ%wOA8mfl@4NZ!DUFR2)(NeWLT^p)&ICp;_2#TDt=`kss5q?<#}z$}!xVM z*1z3U%nlwlRr19ICRt*&NSO<2qOxh*w1 zh>Rbi5|NypNUOp4Iy9k3``maTsNka(8Y$~H&rBxy2Wkj3kT=*aC2hXe?Z!A4={93Y z11G54+Dyg|ej)dp`lET>)<*|XqyEdU_3-jHs#Q=>=wbl1iXB?mkVB_7=(d6c(bdtM z1p(-GI-cUo{n=E+=yfQP$W?+CF~Xko5JD|tdm8Nd`pUqklES+x$q=U=2ZswN{-$-b zZ^|+D30R2k6^NZfqQL_& zRS7z;&zusTR2y-Jl}6+^B!5>SUMj(GpR)*)F4-|;g_b3zGCX{VSvBYqTIbxwt$ue( zT4eqTjg^U)tFQunCEb}P1M6sBguRtes{x_WX+?+b>G@-;pl#*WWK{v`+!vw*^$mfQs5-KKXQ(v7gnu-YVBp zZx?u@6?gHr@dI=>=CZ%k4aNz;x$9iFPF6#ZPs!wFwky}OVAoX(p66fwm-?4#$bhyd zRC6{JKMPB{s4!C=BmT|al4*!q?pdfH)2@iQ}9 znpHsj8laKHALZ&{YxZb|pp zD3oUH=Og7GlaR?cSD1PTxKcO^h&=QFYfC$4*fW70NJf0cAFTcK05k5H?P&WAM)*`l z6=e$ZFCJ&zG+w?+9*7t^K}zpdQX4bz8^boGW8SS0wDMhT$o049SX@T-p4Ngg14^4G znY14B>js*!-K_fWxa&HmqZ6Z#`!*Xe+-oNWe}dnT%!U3c?A(gs#88v};75z_QF!^{ zMtQ7~lU^Abh)(PF=WE`+95Yb`=k zS>Jn3Q1z+ouSuZNH^&FuRG|RMJNu_h{OvpVcgNIebo@3g(BHTfViwTo6nA#>X84=huvPk8j_LUX~9oez2_MU z{*P7z&jOh{^G{6rqa%;KFEW;2uRhMICHTE~LIv*5mw_#aca@cogLTb_H(Rz^YGR+r z|3Xliz3P$wW1ccl=;iM$8!0yNFP49-p@w}X$U<+cE{^5-caZ1J?G%oCL@EckgZOM_ z;~S|}EEW)d%8xbfy2IfFL^4+)c&)K^6x-fMGRF{K8fOB)bH2LOP7rn6?J)A&%B>C* zTXsK8-5}WyZ@Yf1*#~YoQ}U62^!2Lj{6}I;lytV|2~v#6*_EunAtj+Hnx)|kDu$_I z{2Q4Z!u=&KW8vldJfV3H&BciP_?&{}x;>+pBs9$0mt$*YUZgYsQM;vVl}wV;QIiy! z>Xpp!inU?rg$TF55g*Xn8alJCxBv6cgwSi9XJ!!!Dsq6})nha>Kv0_tVK||Q46xt~ zVMe$3v5gwkxqZ_kW|q-F@-+sft!R(~7X3cDU%D+J+t;C9mh$Z|#=iS-ja0VU{C`!L zvOC|NCQKeGepWtKQi11uUH+?*?Rc23kb@4b6Y*FnWVT0?;J5Dck8OLmk5{40ZPKM6 zL@4xtyVD(oYlL6_mO|7oq4Xk%R*R>a_=lW-xp2%<$~jve2ZY>=#1B>fd0GSm-OuES}`Q1^lya*vvx-Q)g|9`Xa58RBj!j z!F~Ema7quj?YXaCEz)!|lVA(Hl{Z(RrY2*3PofrZ$OJ1iY}x+w%15KjVP53a=S;$R zBa0y|_a6PGdc(EW7tvgfkQrTiZ#uwcd1i+{u3tJ|6W!W|UL4BYo%@9IS03Ks>`=*` zH)lU$T6OuG5qEz10F5EWJbr#3k^p&A{fHMnBlY8X;^c}i)~wG4@6B_ssn}bG1X}It zts0aqV&mtZyYzGH*=!T?^8$Azgh_$q@@br?A{pdg)Ar;ydQSOqqCadI(y+x?0Rr(^ zBxRb_Tcr-Ky4b!a5~0kQ?TU<{K0-yzrCO9V?wy-QL&6+LfZ zQT(!^D8WIndZs1H{Vj6@tRc=mE;D5!O)R^Fc6B}lWI(vY$ae%rOI4)2?nuAb$X{+u(jQWtiB9?BVBVd^S*IgNG%jYy4w z7Tcb;K9riZQsBN+Gbc7xof_zmdo>vp*^v z+F>y^NA~)9P~*?O7e}BM&C4wnYueIFKP2OTy1eHo#ibzZe*mSd?d{)^np2t6IluDs0R z9XDZo;--HF0F?^R$&@|}((VH`1GUk7f>pD!od$Bm)q@*FFcj4J2NlgJ0ry8lbDTKC zBU3Bhye}1>+RwOD{56=V6lsC&^H5kP2B|_JU(B@1p%ct zt5LkKGoFM^&TI;9hrq$DB%~k7k8pT8hmza)U=qi%=#_*qRdh3B9{LOwp;pKiBP@92k=yH1V9KIK-(=v_1NW&whvnLA&eYhjcUh-N~U9#hoA?iuy4-$)Y`@qNHWK%@v@ zQCl?{|E(GM1L~X3Pt3&kBqT=2wjIAQqJa5NB|Exne2r-BIOjXf9gheD9@rvq_t!)` zf2NvG4<|R(2|w2)CKz5WKMTWqMR&;tzZA`&E1Z|eF6|Q=Cd=M}kI6j3p5K@h zv>)Lx*V3NcO*J8tg6SkTDdZk$!a@ijkj3w-h*z#gu}x75S+mfto)*j=h!T zRoSL*agO6{6J`;Ix3^Nz_r-6WA+sXo2gVX=M?IBF_&dkAY!~&uqaRttfoJQVTQ4!r zWRBW9pKVH3z5NgtO)m1#RrM5@I9W!8H|^<#A*)5wz>mAt#Qatlk@Q~XjJu02IE?V? zi4+#XmO=q&*f-1Lp3E`x0$W0RI*tqyg&G=s_m<+3m|HK+06euE*t3gaV z^C@QH*As5r;Asc-B0clnTy=;uf>?(eGE)W*naXfxWwnB*Edv9JcQ_XCgTG{?bFH$eyVN{{mlow}M;}=I85pwY zo4F2=o&o73yX7eKbLz9HFVV=mn7tW?4&$X2qa+NA9G@@`!SF6)|dx9q1))aAoGTWKP0>})mBW)mKixhq_4dC_JQ zXBh1&s@APwPw7hcIsr+~)Q(|AdMTit_)y9G${px&1c)riHE2FD*K%vs4PR+yU|ucA zHqce)Ziw0En|lNi86ciWbGlVyOkQenXu(OR)%jIi6Stt=*rE=u1YK}{BlxX zh^X1TqB@@P`vkrcF5faGQ;#vhbSRRx!I!hL;aVCrCU55nj1Kply23WjfM{^8#t-{h zwWeIDowpwg)ya#hM94JiDo5a2gL_9cxt#>ndu31(w@s7|GRbM>_d+>Z%IzM!m#TB> z__$MJ&Dia+m7KPc(@0|iOB4$&H@j)k9rGB?cJtC|<}&ScB?X~-ewA3iXxn>=Ts5S= zMS`gUv^c)IN=);5-(MoC4R-J6@MZu4%^@hfw%`NzSP=q9B;aB}cE{NFo*`vcfIKh% zPwRx5H%MqTq}S|qt@X3%`s|_(KezVABXZ1%4^9H4{;1cYk+0}6m2*;{nZh0ussmIj z!Dadx{LsFizI&2XqjZ!AJ~1uXDCQSL%4eZLJkl*Ys8DL}UDqFt@W(ahm@M1-l95P< z4oQo&PfcDUOiAM%ErkIOv2`f!Dl?sYtQ|?c_$;j-KF{po%lkHjxIocoEeHUn`wK zm(9#EM|uf|AV3g}`>0M#Lz}DN;1*5L#fNt8l#{_$-=YbnR{Sm*9tWcHLZg3~uV>S`*Zx#Vo2`>31u2734q{ z(|x36;7y=PUQtTzB1)cn>-E9uJ)a)Zkw6k@mEoP-!FBCyS^Ih9>dA+}Q5Hr(J7=<-E{;iN1J}^uJHjnRqz=@I6%9X#b z_rx9W+y~*2+n&w-*mmb&Z5+>Hp?!eBWW&$LF5Men9iuM4%>5`++$StIWrT~g%(id= znJ^yQk_@_6=AN!nd+)-5NlpO0wq-wfqU#_h(L~)r5`N)^Z-P7l-Z>aupB>BES`b+^ ze$~d#2P{&q<2Xcb2`cYMHWMpqBQxY`9+|M*$J|YuaxcFg`BN!WGyLP$=#s@x9Yx&=|9kaxK!?7mk=>$WT?yr&*})>NL#GXx3NaL;1myx(_J3cBaiq@)q45u-Jvojp-4xwvsdc z@fkgHr^`>~bKD!bWETA8Qun9|Y|+jrn4Yw=zhqA<^}fY$H!v+SFVuw_ge0B$HJspU zMR9N{vN+FjCraT9CB}A@@78n###FB|PZ2hkXcjJF4FTjzHMBq-DMmL!v=JlR-e>7n z^W^KhpChWC$|DZMXlZsO@g}$uRCap^c`U|bR3M976%!@83&@svV6PQeZ79B@n>Yfg z`56#caPHSk>KPafmf%{!ux&4#?KPeF+JPs)^(;gjc%Y`a#kEMV67r^z%n@Uma&jKZ z*fdrqB%*i%_7ULSdM0vz4z?T~Gh(yu9Ve)0I~F(SzNZ}yIhGlu0}2Kx9Adu@xa0t2 zT6aD2>5hK+_Gu8IJ+T{@&BXD6F8F|+r}5Odi>SLR-TU}I;oGo6e8iW~&ykxq}$U+zQB8&WF#^!Ao&?J zT}c@z1~v1ZYv2@Mm-`j*g;`y4XsoBR@?P_V`z3xOxveh@UqfkGwp8AGUxKLrPZy8PAcxFna9WKw)vTCG=8;*>|2 z;?hlT)>cq?c0qT|*9$$Vo5-1T*Tz^&=_;XOG}%>RaYsrk%2oGjcND#OwRHIgof6-V zj!bzcU_`%8lPnO$T2yN88WniTkmns$a##|y{{vL)SX|J>sbAH;`NMSscdY4$tL%=7 zMA|6aSIo9Qu_<&|C3tpS=9X^r+|NgR;D#av13!>@cSmM%1mp^nt{(0edZI4!FT3Mv z`b1vl!i;FQ?lnZBr*%?Rz3RYr3JTOL?0FMo_a?Rj@C{ZXe3Wl}?@}~--W*wQ*)h34Y$c^MkIs&hb!FK3riw| zrpL68i9*q=A{g$><@@UVPdzMeHV}kN-c`r984;NS>wwboLcs0B87?|q{RGd%7T~Oe zjtm!StkD1zoSh!-KC%muY_9jLqFYPp_EU`-^ar+cFVBD1=fi}c4-Fu$yG$;@n7}OT z=Ce{{XPiE+?Vziim_jIMZ~xS`o%H-SV)6!K2Mk5RVlK16_+29b{xRQ*sbcI3XzK${ zPI~C{*$sKVh~pMAr4|kp@RpQ`zG+hBbSiLtzY{aUn5hYBa2faZ9@+Vr*$vupRgN$w z-u;+@k066E^FKE2jtb_Z*v=MbyHoz6wLd5xF-z`fdvI0XxgKa@!#08Ln3?p2TtGj% zE!xgq=#9bsD0aIvM-~z{pa9eU4k2k((&w*ETy2@RQ%dXp< zb(JEUHAipPpON|2Etta$1+p)iye+B?%IW)5b`C1&rcL$LCP;?z_|(eOGbjMzH_pvu z_Z`SLonzDmi9^TaJlA4w)8Xp+T5l4SEx#kId?!TmT@`oqIQ2mzaKjSSkNVYqBTU;g z+b7HY51NhC{3s=&NrO-JY^;~WV%TQrq!T%=o>9v6*Zm}!L09!T)4!I?%z+}&P zcHkYFH_}gG`H>XIeW`W-Kfa#ixA}*&+8eZGKuG*|63kY>RO}GrVoG-_`e>J6lU5~v zg5^t_CCqOxX);1DCsN-c2H}>(v~06=E|PuRTtMHp!f>v8ixYKX6}WtszC6U5zr2|a zL91EQ=&N%%mQS5(d}J!aRj(c{8rp!({%lV$CsFJb$u`%%YZY$tAAuN;QKl3Z;CKeg zzK=RE`!ccI-7oVy!N$v4<#E7*f+BcemChpvIEuzaY&bEUSyIA{z`0#xhXug-jz3( zSjH{$V;+@_;hZFbxJxqyfVj=l9j}2}3O;^i`~x1eiP(Wj`@e!6_CPy5-k##={2TGoJ}^ZiAROl{_H zcTlg}5}6dDx8_BEL9M*!2t0weZ#28iFL?aER9BoeY#A%!wC6k%V&bqY+b5MmR7tjMxi1ngEc|LuW5d;&Y!@> zgC$U2(3u*}R()$gFYXvpXgbWkO<|>@ZSjQRMG@DQYWbsePi%)zy(d+- zaT&h7wUx2M{h2`l_Bug~>K$4;;BlQ$O|6{FE$PIgY_^oOc+T6t?EHy4F*9yXN8(;! z_mEuoksQ20{Npi80fK%WK3{vBburIw{^nv}N+i3Vmnpp-MFblx<>_7>UpMlgAOYvA zE1pVf<9$^}75V?Y0Or4Wy0#qeFAX2MI5ybtEgAoAFv~ff54nUf8i!57)$u8QaSb7k zTT@a}!4?jRf(bG}CEVOKo1B8=9&8vmgIuGz(IUEMfo(_Uar}f3HjXzNL~ckEL{6R_ zh&Jvd9vO$a%Wk4mariaw^Tr_c`b@H>SM4nC}D1_@48lwpe0@ z)k#?=+hGT%1dn~y+VR=v?ZSibZE26+4(=u+{F%rz76&t#t`hULu6`}th>denwkxP% zt=^HitW;%NcVogg3qEPeltR#eAd@zNtj>@tR;xKranJDaK!ZY@dkI$WtFGS1l!p=Z z$lGz+<511>lJ2mR<_FFvPzE2nU=h}7`sYHVoXQN- zL46M;C-(`WTzLlzn5S98ZA5Dx(2eaSm77TzMY;t&u+L{sRAy3+^uU7JX!vDv=AX1~ zMNj!HYR2c5T_sq1naW%xbg$x_nt_6$_!`WcAM8ch9ep0D$!`oK-tFdenMl!Nfi6tW z0q36^pn>+@fo{x8IJOTDud)J0&J$_WH#kXrVj{IYZJeE1MX#L~r4G3|%I`;1y;F1~ zj>}EWc$Uzb$(RFDI1Y|QvVWdig0c~ZYNgpy(Y@!;Oyj_wmKxV?iE#RotZ;*8&;>b9 z(x-eZ?1J7$<3GOIOD9oQL>EV&T1Jvot@0PLI)Zt|G+RQ^%7Yt3<>bCFR}8P$;MKDv z{FW^I(cHUdI24+HkufU!g)gz!;)TkNNOrMHLEN#3eVNZek(S54>EhdtIMpY6I(Lnj zlecqKL3dXcpF!@&@*>?ULX#k-87Eq7$6y($qaEq`gQC{sn%SU*2^M|NK&#xob<#P~ zsZR=p%ZeYLgL~I)g$bIg-`T^)N%tF{fHPs}DFAnF)aL4nDk)YflYAi>k3gp$sTf?% z$IDuQs;-pCR#z5$0E$1Zr_>ixpx`$#UiT5}oLig0*9a28Aw<<&x+ONr@kxg6)pMM} zOmfv(DGa^Y(UE+4BC+3k|AQJWoO%w)t!(N`2CgEE&nGL9$)jEh<6y-MUhd3cKh-6; zXIS=U*WuJttv$q^Nga;At|SNlvx>XU`(?y4S2*V=?#NZ5_M1oCnMBzlwaSr2`iM@k zEBWfR7Fcp+suN%7sEKUBpW&DYveJMi>c)G-x~k%FOL!Q++@_+QrI^V+mJO?5Z;THLbB-`gg{iKRw0i{i1uFA#w}7 z6qALIs!Yp*Wa5>HnK|HwQ^B$j)9K!4Uy#f{Ap}%_$PMYwd};3lN8#Uf^3ua+tFuSK z%)#x2g`_8g2|BzI+~W}CXtrP!%l_NWU%nf0ayA~X4W7}SfO`rxxhTG2B;*c0pWjmu z&$$R(b^ub3xeM+yMsIo&hFvAd>Ojc|Z+Nz5{YI9<23)Of<~h8-$~(38d}9WH^YH9I z6op*yk&gR*T$Pm|@WIR)&gz^zB(o58-WpEgXOR6q8V*HfsFlgsCHVUPt<|FG;vpj7K0 zO3U&W>>hU<%wNZ;4u&e2+k7vrRn;ArcihVJ2cNRrE|8LQOBQdJ(pOmIX|d?&Y6(Dr zZYapa`3fh>XaFffVzk)T-2$T)v@2T>rTeixBdm&;weO==7u`6oU(Un}`BztcExEZ-P29#bAzbA0ntfc~ zqq0huhNY z&KfzWxhn;F&Tv!B@|suisaDC3`0+W{)l|H!+Ig8P;c#eS1_MjqbL*aMPpx=NL^7vj zN~zu>#`{TeAzbe`rGkN5l#|sg@#RJ0r}tHsWyNTUa5F)wBX-7+pg1g2`YDCg|2y9u5a1-R~!aOiygXkD||yfJ{(Qu3Nr!ck2)|`&QAy-b`;roF(q4$xWwnm_;m;;_fC`7#}p3|H$I$W?Q_+L2s zHL!mqrY9dcZrH$tY3Xl}SQ1CHSbw_*XpaY>Z?mIa+bId+>Kqg>dBz=y?WfH=NM3Kv zq;HpH|KrV8-CM7Ww%U?ycIPnIU{usH z#mVqbLac=DM7;a?r6J+|tznbU_x8_c7`#{!c0KF2gP!Ltr%xBC$%7af}O>pm3#8vbBO>ZOQ013+`^|;7FScI8 z{3*Jm=Znpi@Q2>}!Vt@E$)uJ!lco*;<2RAYlCLg4SD8y}{~a7SCeD|rDx)M9Jwvr! z+2-M|G8~c74zrm^(tz~4CS+O&j%s`KeNWO!GENjLocBGpvSGCG?4Rw)ay=47RKO4u zT9BT%$go(ESCfYvw^Mi8{Mw*#XUZkRN}>HU?3=K#Xho6x40Lgx9JlQBsX}{&ixDy_ z#?VGL9}ZGGZ#@C&3<|1uMKfqO@kZ{i)25ZZQcydTEnf- z&kD;)qAZ)NH^`anJE&XuL&Xzs_fY$3o=E$zVYLmHft%^>tEOS~X&z#IOmfNcevFHw z3_f2gk~6ZME?X1@qvJ*Mqw^2)-Z2=|pEkHVMuzYx+;2!^F*2TYxn^#VU*y-7(JGe?#7lz8rLLni4ssuw8V0WnkoQ+GPGDtldQhn`AVZk{u>% zYmcqp`Zi0LyYc67{1j|p63h`Z6X%+v*>;d^-It{`)Ky~SBsMBZ z`aZ|wDHY^pvdGaxv;c~pW{i%G&O2>(WI1YCvR{9CxZ5tKbX}oNm)Fbx^FX8h#bj}- zM*1&DfzluOqlvw^dtMeck0B=QXpQqWxo|vYMzi=lc*{bQDvkq3a!m!kZyP~cMTmI4 zc!eR$Je*{qeW3|l-C>%=ZwNd>K04(1$pyz~JYDcYJ?dbYe^PDMubvzdEHRH45W_3f zH_Xt~emt=%y8iQgQv?#7E!A69Tzq(3KZ$gfxNEo$lb^08Wc4!S2?-Oe~jab5lq^aOI8$w5FF`u$S%m-6oItl1jGnYS-E3~KosZgdIVd6-() z;Jg2=!C_KN?XY6bh8MS`t z-qj}T+9mE_=d&XmokuBmxxzOZ-ck^D8L(;hJB-n!l#&^4Snr(4x=5;xH(sBZX~q!b zO?i>!wCp*fny;LnSC+z)twp6UJnLsLvQskUa=>V0=x4xbJ!+!*4hB!_y_gEnnlp%X zJ+Xzz*aT0piWmt);MBscIxf`fb)SVjSw5{tm$ubjx!(rG4c2F}S^`bHs)r;$e^#lG zZCa(+gD1N9M!%qX?Z8CEhS0ibFQ~h;^eRqQ|L70`k*RA!azaf?-Z9vv75zWLzB{g| zqKuRF=B9MUe-b+LTq+{qsdhfjx ze%bfCmfd&v{rz`8x%bYTdCob{Idf+2L}80lWZkd#vN`w$q}IN!%*DkZN=!;k4<@K{ z42ma2*q5y1!Gj?Yo@wg}4K9gJ)1PWX_P-pQ&kmZooJEa!gSmjIgAhg<*w{K7k$YWX zHa@q;da}X!6HF|nlCjqJ!>}f|Cs$+2(6AoQ0Q$iH&|NP}XzR|+El!kDo|D4dYEb$! zYXa4kNn*Cq4d_ZF{|j@4b#Pe+D`Gtu#2FDmdgnB-}D$dV?EiG*K<{O*;wM_^eCFNpEj!R=0w zD88NndUoJhnDsYI5+MP?`@6~d(&Qnf)PBPvn}G8`7i(!IQ!>W<4TlaB+(3qcw&c4* zyGtKKF&7|ADy_geu51Rmb70M`^PHg$}Q1?+yZWHhH+jFE6g5rG50VL2-HbNpWn3E$r z(CYd{x1K8*Xen_39uEn5vBrssZ9sico0l1%VB7tsZe>yzKkT07ge)m_Dvh)~=9+L{ zWX@C)lRc^|!OUEqeY~Yw;`;{;t4>1SIz_jRO4U2O;jr7cW7{S_Lg9pCmATqamtaNf zkt?dshKqCY$r-HTh^ex7k;d^FU(7cZ8>^x2K(5aT^VPVffTx{T=Pv}5Du`n`$@^T~ z77KefTZaiB@}dV=VGWW@hfQB=a=?U4O1~^fIf?(Us>^FLxFjZ$S3jdwIJBj@trOsQ zQ6coO9pmC}`=KMQk{R8(nw2}Bs)eRUe?@k9)kHZ3QC=^2M#uvjqZ3VWUV2^IvGZ>+ zX!Ex8(ao;>*2A$11LuwX@_D-v7n~QQn)10gC=oM;oUcHD*Fj19Cl}&7RyXHOWEp1) zu*;(_0prJpTpbY-`=*x%GK+YWI~S=pcROn#qANYyJbMS10ff^%%h4WaQCt_s1~ZSg zjB8d?8>ef0*x{Kn*;1||q^I3riqLcRU`;u4JHPRYyH7&Rb?b6RMAP)7Pnj3XakeD_ z`8>abqyqc)32*M{i_$ph;KhFEZ*`ZpX-lyytH9&j{|vvZ1J%%jWG}18)oeQPu+%;< zofM{sHr!Q4@e;!HY`Q7WSn|4q)SFuZHenz6ESuADX{061v~o#WWjrkFa!D5?*&>eC zGBNkpgQk{Q#kWo*sZS|-CJ`O9Ep3EQxv#Q1a`%P5h6O`l+yL^SrI9F-QeA&4r0l_rn%^ka6 zjXUVYFAmQ=*q>y>i6f=c{4iE%>q#+alp9YTpQNfL-_Q+@JAnIh#nA^?0qMTAu`}`Z zs+R$sIjmlsiJX<4)2!kF%E)w(!k~9+Nf=>5IAlMwxa?brT-TZ^k!sDkHYd;}8oRa| zXbR;s51l>xA8};=F8;kx0;PC ze=f!KLDK0)XaZoIHY|-cey9{|r2FSYdoJv5=`P8b4M(GQ=2JYRw0zWUl>cymW5jx~ zBEW;5;efwn{j&cqt9WNrl(h%Qj&F3?)qXW!{dnx)*@_ATu_&3D{QNj+hJV$1GGsbv zM5snR^)wk*>7_6v+4_)R5Ww0{O;(kOx^9@^7HtC!M98LqOvRyHtJr3!bq#%E9n5VS zq-u6>6@$GGW;mS7w*|e-nSt$fMI>ldk*j}HN6!0H*l?RJ)I=0LK^4yLL2|?AWxB}6 zd8rkXoCxzVVU&PaZjPi=!rD27(0Tin^=t7X3qk93kgm5ULxZ}vxo3;@-Dbe?-cpPA zlMM}X?QgzIo_IM#&2$~iTyYD9#N_MY0f%fX-z1dhflpZ26S|_pr%g%_HNAX| zUb$t#TPNDO8m*?a&JHzHxmtM#UmZI~Y#ekjy8M8h-NfZ z-nq7vs*P*!DjjyEl6S9Bb_wA}n@#OsFrZsq^*!n+S3#>Mz^zfUwZ%CrlPt$ZV8?C&#TM_?Q*D#fj{PTn%w{k6}1+hk3{@u2(Iot%}0 zc-BL?94f0`(HB64{wFpAs2<8Rzs) zHAXZTwWX6Mv4v5RPTq-8;m_9$S$*NAwdJfgS{Cx)%CUI+$T%Vt%z_y~pQ4@gBVg4(@@anv+SdQILPOSCNf!Tp%rUpqkI}gl>A}ZA^ zBW8K+1xz(PzAKmS@KdQOUEW)6)3*t{5>I-4eMghATpVU@;mDiYm|hDwK({2)|9(bh zZ%k)GT-ui+e# z`3g1Te7j*&MUJSilE{3h<4}_r-0ajrw$-uIbd)_-LBA~ZLEv%K!@R25R&(M+L6y)( zkT#+H>&~Io!H=6gM`zhk4|55Xm#)~e@CV;0quSU=JH@jgR?&KeTxb=f zqr2lt+7bo_MefHB(WpcHcWZv?RJ$wkSzmQQFi3RdbMbK@$W_g5ps*h&!g#gglia8|fCTW{l^tqcTa^6;3{ECPm~S z^?f3U=5JQ#FzY~l9o?T)aZK2~vz_<~hu=P{OgDxL&5US`mt}ofyqh%F24D%l;`&& z-k@4DZkyCWY`8HAtC3$EKQ>`lJHyz#C{FUGT=8VPnS0G(e7jsnwzENKBePGw1p@69 zMU{>)JPz6Sjl^3N_>u{WXYohr%hgevb?#hQH1XYTGqrc@glgs{X0y)k zl)Y5@7=+`=)H`aqD9w<*SE?YLqbZI}^OdapdkwoWWhmy8({y z!c`uCcR~V~6N`gqHHy|I=8{#&6m7SwqzL-0rpq0@nY)nnOhQ_){7O9gb-u8UO|RH-{0XPX{p zPgFE{mJX|0SC-zJ3(9o_Oncv)uhd&-6WTWC+|M& zvQ3NT8$ubotY(RGbU?#9v8xytXR1*XH7_7yCEwyWw+`rnqRJ{BYE_LjMrqk}#x7N3 z&r3&zpsK*{EWlZ6T0lGnpSh`9j$H|kY1LB;l}|%5m4;<3pN|;6b4*U+t7Oc!A>@;mTxdfn6|~tgQ-g8y!hpXD&au4D{eg0 z(;sr4k60PEv-gcbnmr-AnR0cNahtrDI4o{o-No z?fIRfA-G%6OvZpq^oo`R(Q>+60*4X`&(xQo-c8HlGNBlC;#-;r;p|U;npVuJ_%hBQ z({(;$s!Bq9wFbR+dGQKo1ZqjpamWTI1Q`XdpiFhjvLGH)9#4-vRQ+d&ZI8NBcrBj zS9439HMB7sql9)B9A`hS!ryHf03U-&XIOoT#n7O+jNg;O#v((IG!aW*Yb=%&TlTrm z!d@!~*|cT3xbVD-4nbW6qDnB(7{slRhAQqGDqNuoDhhPqQp>uJ(lSLo8)9(B%qX@e z&=TJ7EDr;XToZTKz=D|hy_=SdjtX4=}J%rN3L|gYmkU$ z;CvTh8?G5?+2>jBTr-0zrv;W4TvzVn7&`HC44C0Rdjf!M^k+dG+nYPkgr-JqLdCIn zTQ?rIh*+qAj=}hlOlLh=Y6(~z+c#D(uq7(+epfxef_>d~dH0rq*1(YSOS(~-^347Y z6B9&>Nux=VNwdj^q@37hPsv?%PUljV$rp=#ks;k>$r{VT`qUCiTcw|Ck+e*`!<5Nc zI0Sj;nXKAo;x2S*oUjJe24EbhI;?9pIg)BI88z|p*U*{^S_oqG!|GFSseg(R=6tHws^$$qM0!p>fV0g@vzrg-TuuD?Twg?L5rtW zukVk)J=FxpU*y2~;G|i{8xDpS&$q0j4D_@7OFx87;_7kEIE_W;MG3fhX0^up#rdV3 z_s#w3$V9VHumIWvV}cd}j5la~a?c9m#f*bprj(*7vC zzdK_EA7!C;)s5p7;xlGo)%wx#7&?q7BrV3yb3eL{+l{ydjEvR8U)89}&CXPG9Dh8l z?GAo$90WNY77V^WN0-jsX8V@Deng=f$Z+No=AYa^QnDWZ1{8?!SDTPTC}*911cf(Ku?# zOb|vz^waXtfhN(m6kVWcG=~RcS2#!rc9Vw}Qw%dO#$OGfRZN=6Q0Opf=mR!+3hX%H zh26&tpk&f-;w{FLu{&KU4J-QG&7O{tc+s8BtMDABUQ$}2>K9`*)L1#<+B_V7>3;+h#Kv>yDv{rC{B*xHEH`V4p+Bt>O3Zs=AR@Sa_57z zyHgFS8!GYSorEQL8B9Ay=qbsa8!DlprnbGK7O)=HZ|9aa4%edE_A_hl<~ zU;d5_%5_6FyKsc|ZRkJj^vYfB@;Uu&aeAcr20HGZ%3z=HKz-YgR^;P}$+GNEo<7qs z+9wlVSMLP8feo(_y_Dfl0o6SMt)El5x2G*;QyhPI5Iwe|;B_nDU387Vv{=fU75XtS z8Hwi?iBU0Wm>{MYp<|r16aVezc8ApYIzm|8^n6kj0Z2IhlxwGW5?g2jI5}}!?!xdF zh$+NMy{Wso9UW_@ij#hmbO9Dg1MIK`lYLx*d=Vc#I&K)3RGXXhe#kC|J!q)xGR7;D z&37-no2DZx_glM>IrQ%S_zKJWlD#+E1`p>Cw}tfry@fC9ywlWOtW#e7(LWyCuyPv0!at&598Z{VB{#d#8|?Z}yzamN23#UGDZxSt3A{*el<(Gzj*-}-uKZu)TA&TZtapK32=iBg9!VF#yQK-f(BcMjTo51WwfGl z@y4d&Sw>qd?mn{T}99?s57^`3z>hCrin`q!&^T5)uF{+DAj=8;rM z6!qz6vy<+4^V91-T=6mFn$uncE%I>IP$cGfVZk|IP;Kcq-6QSW9J0Kp58e4jL&e5F z73hzwiMeGueGuf;dfNHuPm1Z*C;AkGnzIzj4fv%^L7yIt2|t`SQVS7~-Lckh|llp%ip91Mh)KS!(Jh`9m4ULb713fL*3%E--arwG&M zzw$3$BP9Rv4B7)KS0>v)d>hq1p6Kfdv67r&6h)yqE9k!=QrGf&yR z>+Y9s{ASo{BQDHJ#VP9SFjUt5l-3h-@)fU(#s4HQ9vm|6}&TU{j~4D z$mNsHUQlxBps<}fK8fhuUvB+y2&ORR7x`t)GXEy*)di*vFPo%rvETj&Z`b?Ylhq}@ z`7eWcB}3vfQhF%#zj)mPzK!f9X8P9_u3n+?Z^7w){1+_F5s6*W&+mZ$ulp+>I_MxG zul}a_pA9}Ls9^Hs$R)Y*FXkxo-tQx7_=NO-4b!IN7W*#IrGH^`rmIA!M3WcbH~v=y zS7lEQWrkW@p=|^0G8}fBZKF#h4+66a7WLFy$~?4pz#kA2#OWKo|mdG}GeU zpAgnPe(!koM3FWYJC^=(BDJk`R+|HNHVKp*VzkH;Ua0ap6>ib23w+JmDCqa2Xk>s)FKrr#CSoj~*=PRJbFWBCKtt0X?14*H4sYJ9zvl}3X%WZ8SX zDU#NPt|ug^UVDD|Pa2kqxbYF*KXc*L+>`JA<8z(Vsi!z5BjKyG>-*0;rtHUU*XyUV z8q8WP`icZtF8q))OzvEU&h4udKd?MUM8;g8cBWh(yuM2+#l_)rKAdKis(mEYe4_{- zKbJ)MTqWu|NP?ojC73BmowJbo0X#>5Ojo~Avyz7fzOa3#YHd*b=0GOkz|j3+^Y^!8 z-s}HigaDxX4=K9+iRQ{lMplN|U5kg6#;aBC85?@sd%9b2@5duo=?Hxlrm(X7_@!Hr z=wewp$!XT1g&DA_IL}OLrK;Pl-1ue_%@1ThKOzk84pqy~_#{Z{^INU1AHOB0<$@To zqqAD|)7;)S?mtv{^AA@xr|B04Q6Z@;4oXz7Hn#VuPsDe~6Zh*nb-Py%PB6UcZ z|K^8_bqp_AS}4E2Gsi}Fr}8+t|EK9eF7YgUy)N;h-n>2#!x|#c@kGE+)|}^(J4cuK zbbEBocMx8kQx<6YnW(;!`AQ^ZN12CxX;z^4mDEJ}MdOZ9KwfS={e5$=%MTP}&JyT; zvd7g|GMhwe2uJ0D_G3q1+eY?x{EgD)MBHA5OckPacUnk)Sc22lkMJho&v<>6BkH3C zpu+mmRmCBMLjk<-_vt{yQl!yL3GwAb7p!^`3D97wHQw`IrM*k!`K=;t2fZV*_ONp&w9J@0P#Ph(c4AsDmiB+LCD>bGz` z?|rgGf;mOET)SZV^T$wY z&Ci{9R_#4s6+iNMqIzYn7l!C=+7fKW4tZw&bNO*%oWu2>`C%Y|sB$>;pT7Q~HgXlC z0>T;Piw5w>lFAuseM)ew^;-05y>NNgB{>EWfVPmj|HFp0xNAFSi;+flqRVv|p5txE zm+_wvJiPo$$fPjau>PoDkhw}ghS-?-`me}LvP9>9z!+fqFkS%0`Qn!1S$*-<2%~0t z_KWeeLHbLF%hHq=Z6xnM)JBcSx=BD}q|~YApTglS%Gh{xA(C_1oNl&|tW7()Hk@RrdPwUHsYU z?iNCtSvSyGGxZy5xt0#EzS_&&vaj+I&ToGL&qS~`j-S@nA^&mU)i^37{51#>$%isi zm>s_D9yytmlIRD|puEH|nya#5EP6{yntQ?VbEHv2vl%gWTiY&p)-=QL&K|w#6vF!6 zV=?tAU>xVqpk;KIfYlYEA9T!72IdoAR*ue#E^+0iSX3YHe9uYlEX3wi#Vk` zcphwMBLe*qqAeTvFcqthO$U{R`BC;S-4-bZ z@cizj7q|PD8EVo{=K1-3k}+kF=!u}b+_Pi;1iKDW_ZmXVbsD-@|K*K2aRYk?Wt8eL z;){+;D(=`6U*-i6uQ(aMkByuXJnMOt46X)g0nLHafPbD%zOTP@Mb$$YRpZdQzNQNX zwYq3D*@0^Xs3xdwtrm&#?7J4Eh6~q;ydRy_!jA`r*Cr&g4Pp+r|>I#~ZjehN}oK&)1z8z5RM#tox`Gn*gq zL&9({&TYie4okcrm+E_(FT^B3@0?vY+`Pr6>4$0m@X0^8(lX&AO;+-_n(!krNbAm9 zwC|0=>Bwd6Ok4;ncDdcgHk`|t&)j42K0LwcZRF}TNa7FuzVg2{Eb;v;fWNev^+@JS zLQg`NZCt-WE$Fs_dP{gbh-wdI(-*JCPL7B8~(AiwJp0+Djd&29%WhoI{UgetHV3p4~kh7_+}Ds z(KBTs2)p#-<0mbl`BGdq?9l0Jy3|4c1d&e@Q$b;zef3Nqs2OyM*1eDQJhN{(ODXQR zwt;@>tif1*c!m#6tp;`h^A$*dD7-m2*Y%&F;1{WO6+UK%xrD8Rxr4>Dm)QE^5>v^( z0s5A*GEFqf-vGq3EjyY%Jbnqj0XS<`Ib$LIXTxN=;FCvoT(|RjCvv9wvenngG)rQ` z-}X~V{3$JaSK8^g>0xQRj-{H>d4!$F849KC>U|CWWSTOwmv*3P*sz+V1!cH;W>g1% z1w!RWnOExpR0Ml$Q&eL6Zos)>>1EywV&g?hNzFgnk54*l0b2Leqa`~yFH$pNsXk8~ z(3STlFny__wrm}=yK(6`qHmkEW!GP?*i17%+&ld;LB&be?75ijR`-SsVK7|m57Myoe4eFiPP_&fQiHpV z8<#%!)3_ylQ7^~sP9@BmA=DfDOQG@y@-hLWgOiT(S&CSuF>aF+ib4fkD27!l?(iFo z5;P5nHf2{Fr4g%7T|L2&i9W58kK?O6^#bVK96uh9Sc|6Fe?+sKx?zrCG!=zW)*JqA zo-zKwjVs>H^G@c@T3b0F|KjD2v(J-W@bu?%-n|5}T6l-lq7my@gK*CEnHf6I^_laD z{BDo7ri~kM^_{Wb)Ug!T*Bfa;Hn)#sE(1ar!~DiyzAT-Q4}nGOMLhO+EN%r11&IU8 z!Q3F*9_vN=MWdF^`h~O-?7(KyFNw&{@tr5qR7;wij+O4Nvs;h{HK0k*qL75SJ{b@2 zS-4@OXV16-sP!?sc1a>a)7WLonw6JVl6R=y`0}(}o|m|B%@TX`=_B^DSnkJ(3CEdB zhZT`lrJ8x0g+VwefZJ#etJ|HS*glmbNRdfiz7xu+>UlMEYr4Ywg(C4Ja_*50~W#$DFoSQDjBBA#L+0(OZb4-*bg2hxGd z;J7D9#!ctMhWi!1d#j40YDIpVkKiIL{ai|suMf`sgC{e2pI0+S+KsMuli4V(ex4QF zUP?{|x;!1awQrMookol)b+x3Yoow~t>ItXw#DNQi7h7&PSzB45$?65p0Z@rG+={nG zmbyxvEKwqMDcZ_&G>vFP!9cy}!U9*zsjYcTs0T0z=#mo~n+SJ72b9⁣@Nr8QvQ7 zF*Wb4#J%9;EAClo1)3$6oTbbZPCc*-e=M#eKDStQKT7O{cu3=j`nITz2l%13{9Nc6dU9KETOxp|Khr(pgd9V0_zp%)lV8D8_u;q^|=jKh=p z2$!~^0p`qktMOTKl>o``VL1_FJ?VEu?y|!hUp6DcPpzv5mi?v0zoA!I%fGX}Mxu;W zpOp;pPb=Ia6r@K!0`GfA=4jC6`Oho3aPV;Evad2rvh)%51VAki^d8XAL~}4OcI7&; zA*WlPep(ED014sKuGH+*PkXbs8I`MJdjXiSVcW!E#_ZMGxFW(Aom$`_pP2`#E9C>5 z4(EC(uK&iG*s&} zIAW=BOiOk(;UL<{>@|ontDqj2{~#fIpGiE*7Kx8axm(%vrt4IdEIEoDe{P{=F+Yzybem=PGiZMh^MTYUW*fq}elmF= zs}adpMFLd_wRFCFY!l4vP8~|G4Rc_kEwUM~!R-M0N~2KVw`pS_HHt=gPBYbeJ2q zSO_0yFpp)fa$OHKOMg}HePQMM44aS%A!Y2S=TMIhbD-C1beokQh@Yn*7{xQELDhbx z+(N(RRcohW6L?mM=j+#Vw;3g=#z7*X?D?H!TKDC;_-Q0RY~ba%)-~bC=jKU_w>nHS z7H3Ey>@A`6v{trOqRH2a_d#D2gM)G}Z~ju_`EI#yV_#{_x;lqwQA@HNVrFJmeQb^lkH>c0d3KJ${RY+o5J4XM?40N5}z?P)K2efz9XuqO5{ zdU#A$?<~6aiSaep*>46&t?|E>4u0DG?ci65cS#7@Ul*tvXb9~Io_iU^8)xaNVgrlb z1JW0h`pyy=2bMUHz1A8(lok`t&dqxb19&kXVlDaZ{+vbrw8UP~-||C5L0gu$u*GfJ z=5a$O9}KE@0t9udRFA6ty-*+VVxBs>hVF(Bip@?)NGHP=3#k5y6aI-*Y}M!u=(9E`4S{(fE(mlLXeo@G&}! z^FPgud~UN($S?DSoh0Auig*nkJiBzFP`%A6-jQ<)sincoYfMjcvXDieYj(q7t3R~x z*%`}(ya#1;6W9ck`_JvMY>@ZOySJ>Tis>xz8^hS|DL+z^58JOrwo)+X_~JQd#T?nIv%UZRej{_dt5714hu-Kw1D@pi90 zK>Q$naE|pg|MTr#NhEpBM%{!mk8?M&LH^d74`&KDayq!d-~ ziF6~R{*%tN8$YUN-^-(6sE=%7)6oa}NEN0f)>SzkRPFlHJ%y3vR$rLq-gT z_rl%fXH1&6E#tb>_153SeelXxEIRq1d%eu>K`qEZvL9tg*n?XaKBlz=#-DN2atajz z`e17>u^Da3q|*I?)GF_>NY^`S?1za4W$2@9mi?yV<;ppumgx=CMW>c^nPs*^HRbIZ z;MQ?B^4<|QY1YgiJ22iWT$&KHLWZQr{%7jcT|g8CZEFH@gIth0ZNM7<@%XVQGtgql zea0?S%_r_}DQ5G-MlEh)XQ8a~)N}gvui)JDe0&P&UI;YO$GhDjB__a(WGog3$L-uJ_^s?+H;lZSoLIyM&vg^pa?R_kFmZ>nCHwA^;^`I7 z#h82VU-6zo&#|U{SN5M&WAXgF_tSO}q<6`p`l8ulGY*)kTZSeZ16MuWGO_9(g4BuG zU>??q+N$(e(|ZKyuxPXFYO(Cd*9mvS4lgw#yxC3R^R7n{_nsJI+tlxzqDZc0{EZO> zFZjIc1?D#uq^&%I+q7_FEx(><_u8QqaDF&jq*lGG4VeD9LyW9lg4YxM{CV4x&!NKv!S)37K8UX(;gtgFwEZ8|)}_hSo0`Aj>#_Gw#q!+tcds<1h5x(fWPj znc|$(LCQ>X>#6N$VR+n(e95VHWulp(TUGT_1nK$z3Rm=<>E%RIH1M7~GADcmP&8h2 zs`pdoER}b?FoCINQUZw`v1~g9Q|4X||7XxmN6u z|Bk=@cY2U1zHyWF+)I$5^JMg~d9k;ceW@VSK|g=cp$fnn4{KV7TB;RKPdm2okClDu zGyJ;B6JTC^!Fft}Q5R0q!Yyt64Q&F5MkEP7Z8dXg8YLXdk{izpp%0)PhB^15^EFWT zBeIY<>GxR6x}Z8pz1(tszF^4DMWg>S4EyT`Ne_;JN2QT=yL|?Mj;I-wSy>V?QD^^1 zW^Vu7;r-?hHrakE=sdy}Uw&}Fux;Q&!(kX7Rv$WeCGh&t%oLO$dJl%M<*D!GS= z)K@u$f{uX~{^mtvFHjlAHH_ei>TziKXtH% zB?4LyNX;FH&$_v!O_qv%R6uDp=;#X9JCM2R4U4Y&(_0#H(u#fcJfdz{*Wm77k=Qxz1}W$f zj)`jG&%hR;X6dFExazDoErn`^j=1%t2Nk}_FNO0y4tbG3>NM;`;u^vVNKVCqPX34nBS6o!?Fd+gaaFspay51rDc(-DDq{q!tqI zFpOAP0YxW@F1lo%_hvt2lh&w6UF8g*=N)oE)wt&sQ-TU2BAaZog}BSH4@%9wh}~sj zYz_?8$xHIri`}Vz3dG?3JZ}3+7nK%`k-^fO;^0_JVn3QYkkeZKN;gV4M3D} z8M9}GnXT}51*w>w^GyD9!icb02WRt*w&9ykcb8W(Or#x=4mpkZz}l4Om;S0|CeXw! zdTSbT4u|oOym-Q?R35lHi=mJzlSbvzO2`p;E&T(-yHN^W)JeAa+)R>d#hJjgl0?=a z`;E+!N{y_cyYmvM+ykHv?oOxKJ+1Vr8Hc#l6rz{u*WFBmhW3@|X^TaH;VO!Ndp)#4 z3i>jmW=r|j4_5?_)yg7>{m&rwT(g2!{dlg=@UoJl6sshBR!L8e<}o)VoAQrU#{UzT zBT)tcI8_9_e1Sry(cd+szm|8z1qgkJ8!QxnEZuox_L4J{-sB5=9?#TDzD44Spofl_ zf@Q=?jGpWRd2uF5!afIE6yaCHEu|el+!*dMp(OLJPI~Pj{TbnN^W=@U&AWr6aPTgTZ~GlqDd6{=+F&+Qnp)+PTxkv}~AO}ui2X_KtLVfBXTg#1Yzk4V~s9*@S6Wn9gJZTl^G zOy75jcf{U7K2G7vkn~1a)XF_^`6Bgp?l5oWAH43#0;C@~+b?=Ur zWQiR~f*sywM8V}_qfJLI%)U5V&bwn6=0|iKBS;?P^l^B&Tzxn>J{uq&qk;@Up2S}6 zNN%7bd^nY0M$4&?U5W=4<<9&e>HBoj&zo&8ltjW>|Ex}1`hPU)YsjW5XeVOhdgvYz zC#pI7IASG#(eicTv&(2KFdFFM>BV{|jdo9PrB3eXEZHNR=n$$O(oOV6NpNq^JmBYAvpWz!X)!UnbEgO+5 z{Nq>ofkHc%ZE9OFS3S6|XDS`jfn4HbJF*9Cm5GD<_pWjBa8uuDOOHL`rZIwcqIHhj zDCQ(_gBb`jPj@iq(V;stZ^v=C3Bs&ajQ4NoY`B{J+W9>l8=a#6bbfLZrKQ^!2pEES z=af<{(<#g}%d^Xd)Q&LQa7i)^A>9Rg+(gt7m9@LJJ6dZDJLV3HK&tIP-OS`63x>v( z0bK;O`pc<5mf$To{@5juB@VyxAC~F8=aT^~zlLNy=5FRwo$6z`<GpL|FV?0{URvhR_ zq1H{Gc5aA(4&q>yDbiUz^ zk(Glzq6W>RU0$X*6_fy3DaEHW!}ET(@SO2<+7A`m=op0KMsV7kPOnVc5F(ADYE^`_ zveoA;%7P;RB)zyi7zVP1aprq#>n-YsMx%8L2_L9Nx(uq7BdHupZ+tzw`9Avjh<1_s zio)VP<8UQhPsxGtSgoky9sWq{s~^?QDR6@l7t+%upUPGTM$F247N?#l zxvRR%AE}Zhb`9r#=zE5MQk@I<>!M7Df>C7Ls{B%F_8T&QeFAe5Kq>kpFRQ!kYlz+6 zR;-pvd-!WP=A&z$dDWYTwy?nY)kxCS7ptTEynK~>wFGi7Oa^ivzXw)7*<8JnBjkuU zoU4q)bCvSW-4ts{kY8ZhCHF+Y3#cUX8v^N0sfp%;jzU|R&cK*cgIkM13LwO6hLEb7 zW|)MEyIMUBZWkg%V8ra(JRE z!;^Oc>Ue`+Vw$(NuPyb}Zz760-M!!|lbM4f_F8H0w;c)x$S3NWFCUEKZZ4|Avu5a|#fwjpxZAingd@gKsb(aD z{HebU+eM@vzR6gnI?kSrzBjWYL;-wNRs)W>%w>w()qbJ%kc4%pZaV|bMPvLS3_8FWb z_V4MWtdYO+Q6ct%qim}~p3>x^a&8oGRN()$_mxp?wOyNNuo5U*BtVN6inPU@wiI`F zDDD(@2$WKw#a#o15`w!sEe-(!6n6_++?n)w-*0BUGxK|X%=+>tYn_#ob@sjYzP8-g zK6j0?^%Psb@{8Ta{oE`UYl&(n@@c0@W{&s@qd}HoGb@|DNfZfhPW-Crl5YEU3gQR# zOxSz&cx+PYIG9|M))FU7w90%PeomNF=9b95Kh=@u>D87MJJWIa#`3@TO#jNNXK)`) z;)#6Y>Zf?B;GNMWBQxR%yOU<@4V)hzDRnNgZg+{&G#aNCQ(A$4E*KyR7oHK@Hm*`Eq-u86DGh>(2gwq zHg-L3qDEcYt`amENROI+I=mxyB)IwC@@tZ(%MapLl>I>HOYB7W4?(rUDO}Kv^fkA< ziL94wYrZ1CJQ#IoFK9=@*6sPiEE)0eg9oU-a7Pa`x5wtESM~Zp$u>1{_;#@xryxAv zvcR|Y!%eaAoLtbP&gj_xJ*AIiSSB~P$3ge>y#h4o8tCHzC}N=rtCw*@r{q@HOv6up zUcE^9qbLK>foE|j#YM-qH03=mnZJi=0Zw&F&lNX)$4t^15q37Hda?BQhw*<%B#HTW z8&>zba=n+*IjN2D>SdpA&7`L7L%ov7;7Bq>3N^};u90fjQTH$kuvIEi@y}$}|0s~b zER1lOeKA#EeY=F{Bz!&TA2wQi?Yj;p{fAn9Cf7+diHPm@DCvkMP|`8u^6vWU;?*Uh z|4X6&)ub|g3a&l9c-DW&&@3-3tN$KGZlFm1Cur(ag6RnMO2W9QRI{98UGuE!>peSx z$xqS=6LJ}2ZSbj%-lgoLfBxzxiA~}~B-xzP>c5>E`7L-UtU9VDZJqLRH2wg!VR&o8 zQ7D&G;l$qaz=mShyNcc3*M>7suUQo-bqU|ou-|D(FoH*Q?oN~Js$9-HTl%I9_;$nB3N zRLo;-m(Tm#?Z3FwvKNbQ7C+T-63_f+{sF~-M6vQ7)As+ncHn#0v9zTizXRl=Cra{_ zfBniPx~t{G_xkk<(XhFz*#}i$1$nQo*20QL5^Z7h>tc7$Nm;odtx(?`%W;!}YDVUN zqHzA>qZIuAD)lAJNsn%R?hz~KScip;)QqCuQ&r`vNDQ+%)gfO=QRThU!l+?q$!&+> z=H&f{M*mYa|EmT2zroRe>F&RO@SkHTjr`hT}1s1d1C9g!wpSp%E@ zm|i4#3Xhj9v%m*mGr<)m7pvUtQ-+0WJ!z&$YKYR?O&2?or<8N*0i_9B^`m~y2e;fN z+L?3t^~mZ71T`x6e}$1Xx%e$)q*SD)2FrYw5(_irir^Y2OTP_wv;G38Z_sA5gE;;O zUp)4_X}J<$JJ=r&SNip3^KUrk0i!y_>AV7ai`0+sW|>ny*Eo{CYqFU#A-}{N7f2s&iJ!-akU(uye9TInacIH(by6h}}VcS-d`LEb{&4^;?-d}&E zPEmmbZ6%l0d+g5o_5A9-@HIbsy2N#*mT&u-)w4ZlUYes#y|kMRb#`RyohkLrKXJjP zJpKNr$TI#f6J9b5_t61NW{h&5?8W_{bZB@`mF|&e(Z(Vl;R@^7{FhYm``>w{cO^)xP9F`QVvZ(_GzLeR-3;l?5w9 zeeRo@n_w)hDY4lOFDnTZk_&SuJS}j9qsMGL6LnQuJ98cRgO@Jhgxr-5`1*#4Ed!W83??cOHd7^)vYy0Bs?i)R+&aqCPkEk;3%{bnIVm zV?aCyCDnlH4ThjyPRu{Tl)6!bF^uKn&o4CN9Sv`gT|F2*3G|8d8@%B0_auensl7JkJ4H%sIa36N2X)WIT^k01;6J9FeI7UM;{*iv~q!g0~CyiQ6_9ly7sZ}pq~qlLgcaiNli#nXSwYx-B-P(6F>tvE~&<4Rt==k`gs z%4OvPfJ(E;obwBrjLO`7B_%=k&v5ByVXRH3?{UK`i2{7TKRSI|bG>q4%!74$L#+~$ zFrIXtmjjPieYoc(JXL|jNczRrp>4EcC<8onl`#^8Oo6J&2+bbT?AXn#)qd*So zCSkFMrW3cYEdBaZe8z{e-nP$IbBn0G);@eYGJ^EfIeL~(f7J|4jClKmGNyYXU9_bx zs#s3V~pCk+DSBiL9}ZY2dGqr_{+jqIbqQZjlL{(S*5yOI7483c!uC~D3Y~t zZJL!`^I-P~00kWoD#wtjQBMc=)AHcF5`-`N&6V-XCayLHe)OEFhwolLKW!B(4+sSzb9I39DB z_i%9;TXksXWD_)CBhJ83go}(|p>L$l_6Rifh>PArB5RrD2?0{~j;8HXpbOS1nytid zYJ^@K?-x;0-lsp%p^KG%qzLeH^bIkR)15|-;I_iQ>yiE&tbM!v&=>9Jd~DZGv1?n^ z+)4h>Gh^ZvC~inL6PCrS>}gs3@ZlARFiH|L+f@)S|LL)svjY4bA_2m05Xx06M@=SQ zrZj#&drqoL{kM*}_A*B2g%QvNLtuE<+kffGtNMU96(jvJ z0cWd|C)WLTuHz)oFnj0LZi)Jdyj^%qNH!!w`mg=udqTeG{h0n-e<9w~;I=l;{no%o z;qVYC_O|;+#Hn#naq<~;z_lHf%^L@SAdXsraU4hlD@s+YhJFKPy(#q!iY(Jp(H{z~ zJ?yFx5-qe$wLW$xlZ*EB3o9%QXiT7#b1xAnrxT&C#I(2XZamEAr zr2JKzME;0LX3-F8)(&&$Cu-Vk+%O_J}l91QZWMH(xxIy)4dM z65OpBWifA&y~IDKDcWcwVhY0Xew-W(2uVj9N8@0t)k!DQpgE<1=Z|GqJQw`=#R1!H z6nH^8dfsi($wRW$Mboc6#ken8rzKX8MQArU;)JFg;aCXpvMVP-S4wX@*X-S4GTD+e zi4{-@S!Wrpk?=X?efQ79Jf~f@63(;lvHux!AC&$~A(V-Ja^&XY=+xpT?Ul@1y3%V` zWQLrbNd8;5_Hkg48W@Xz*4KL-zhfbqM{Q!gw7TXSA`UCr>S6>bHKj$5Q(S7+sd9B^K* z1eyMq0zU25Bsp3Dc}a2byE&ca>PF+1PH@nuP5EG-om?&vvQWvaPaqoa-Wb*Uf(r3@ zAfuG)MLms+El(kEn2U!{9BW!=T*sfck;NCBAN@H2;Gz>O%!q7B`>Wm^TDA`(>#%b_ zq9=1?S~m3yfC>D$`WMzu-2FK(4v*V=J;gdEgLLCvv(F}Y9~Y>+kxfTm ziz0Xu;;Pk_%}kAD2YKFD*J{;ojDiM+F>qH%tk=RuR_n_M4r=qOXs*SE0jSrLn^^{& z8^00mHA&PVm3Bmv^>;)F8Q+sP*HD%(?UlLP{P)LrpO7?*MCrU5e$)4)G4(e zmBDx}d@TTjU^3LTz|qLUDTIW)sP2z;*pw8rK_BbB!hSx>3I6i)SRED=F!A6Z*Ci{^ zi#5>e;)G&*fwbc=sAK=K2T|$*na9^pkss#H#9c|+ojnyW4<7^vbYwR4xACq|rBn|q zc<4Pb32FI0{s4YL)S(`V;K@_2ADx5C!o2TVi%da4A+uLF>5Jfm$SGTq`h{3yrSZC* zBN343HYYblQzR6?G$ZRcK^OQd9G5T6y|ujrFCgFpKO5mlChwC3dApEHdzV%cZ7JMY zo2ODTRYUK-U#PzE<)WxHVbx&`knVq8x$hrAZkG`LmTx=ZasTOChRVnWz^^cd^7S=~ zOEN`N8W7us4iI8Je}0<$Xe)?N(LgtDCxsfGXD*l6WA(PXrISrF8-_l#(Xwd_83maFhN*P8}$sG~1NU8u7^Zr~5o zX1#uDwMS(K5`%_=VXSwzb{zYJpY_wNXZ~uo5tH9Gd7e_ih=7(YvPL+tn$B<7cHr%d zT`Q)QwE5UQ!fXLh(rcSo>gS^Z?>(mvfgl>kf{U>Yx5`z+-=}M$+)BLMi~A?l5nBtM zGIh;gyJaAv#U+;kI#%n&9A;FpI|9yiiMgVoj(CCB97aj^ee#4~Sh}OotsZlSd}n}` zVh|Wye^lBQv2Aw>p3J%whV<8l#X{F);aC$rJ>){VbR=x%74$^FXQ7VP&QtVg!qMN% z1pU$b$>x=J7bK5dSNA(w|Kxi7H5A!Z$*5SbTRF#!^ZJsqgS~HC6ISURYV;-IR)uo5VS9ddGv#BF zcWm((qw0(QQO6iv8eXhJJIQYeR z8_kdQ>JsQOm42wQ?Ul|2uKAd8mw?p+3PyTk@V3n#u63JhIBghwk|<(nRN3$Ijp2Z! zZ!yVyX+KnQi{84EX5xRBx-x2fr}WoASb;UsTJP$enjOoRdlVBiOQmy^Ct5;|r1TE_ zQ*#a-x2WxueIGz5B5M+_)?76`ub$owqQTnNRmgi>;N&LELzULA_ldPiaoq)h9`-!0J z!Q{VU3c+(lHwi^^vji5Hd8L16sAT+^&a%_+9PYf&AxM18SXMXMuVhg)j99-Wbdm;j zi`?yNj-;VH9n-FR@M)SMjX-b`<_gpAfzc-pYfW+IWRF67C4GOeKqq(QB`y{}!K@Wj zLA+_d0ZqZRNvVG!7JMy4T(-1XS1S}-58P8#pZ_S=OtGLY_M4`3H9*9<6~d$L?+x^X z0wpi75K;{o$svm~H;>$hI3S!hG`6(R2^MS-;z7Md`oQ37$t=zS5c)Omr@#5f@gR5s zU!*487+$9(t)WwV2FYFue`6n*DQ@KPxvENH+pE`D1$BzbAocpA&q^4(yxWa9%Ar(8 zezHI5l^3)b`-$1{GKui<4bTx6m7Tj3gYj_rfaxu|3( z6|>!i;WUa&fd^*_AEztj5wdP~<;Ka?>a9PhP#ajP+gh=mO{Dyrle*Zc_j9GbV`hLA zA>DLnqiT9Z8X$PL!)6;Tz>J*v#|}D zAgIcAZE_0f1CguIBy}j!XWY=5E5)n7Tk(e%vi}=EtyB&~a$BeObH3e{r}e{5T#Kg9 zzBDc#6r2AEf+!|4>)6`uPT`zk>uf<)&j^gtIt94Y$;)qBC2w+4*b{Qf&JC_8E&5Vy zJviDkU%lD)qrYVJ$A8=LHv!s|Y^8;Zz*yW&OWh!X;~(ylrT2Mb?Obc0ALw=-rtg5u zZc1~J`6K=7WH>iyJAOC2PK=r9&zADYc9I=X_xr3$Ht>vdj5i5>{Lmt2M`^2NxDobN z%b0g68$Un22BxxrD8ptQicdPzsOpiN{Uq6vn@0^*DwbZcv$vmEq?@~IjB3=N6_Chis8@J4@Jqn25CXrs$SGJ!Dz+| zmC|=6G#w>L)%x@0YIe=!tCH+((`TLTvf)IKa=ucmf9(8YFjc}qEB;zegM32qM{P&- z?WE)AqD4d8P!=~u!Zk^upTu8+{Gt8goAqp8AIb66Cs$UjvkEq;Wdt3{r`6hq zJ=#z-zr&_FE^#bwUl0BV2ddnI55>F|8rbe>O7)z^TxRf7+3l&0DN=r}wx>WPPI>sg zVqRZwTM}y2B-#CS6)T+6=TjfIyX>>P#&Q!>!Vh&G(ReAXf?R?VO z+EOVawKVO=hwffG8zcJJ&HkD$nn{5k&v(~hi7x_0PpdgvJ_PO?x7%hQ?YETlCFUCc zas5q6UmS<=7p)R?b!oz?YK^{jJ4ohhnQE44SfnNPZBBY%_cQ0faA?0$CH`M;$fEtC ztvwoD3hRriEA^H3d5V)86f_jI6jPFri%QN+fh9@6cW)Q>X0-m$e|A1zyQv$n*LZU5 zdiMQ7DNt1VZ>;3O33NosH&ed<^+7&b0I8*vX(G(bEpE&2H`8;Dy^>edPO`ht^H-T> zpi79uulO@+Ps*93w!MU%fH&BWQ7d^@;o+IAS2iocld4owuJ5;WY#HSN?YmY|ORIuj zoPCOXf7LtiHC(_csh8fzcgcFlhH40W>k0XUbX1RGf8W<^$$4y`?Z)5?s)&|d%%(2Z z6$3q~g}CdFMk1?N+JCj*?A+1$!}r2`>0%t)JcZ!l-8)U5pmBX4UQ8jFwvVU9p|p;+ zdueKWOaHDG|Hr^3U5~x17k5{LSC=O$<>fgKoFyKL(@UWe7)urd`a1C^Jn(kX z-6imqwsz>Q<+;np&_m`Epz_nG6V0HWBl%6Gs)5Q-6Q?SE<_cKSr0JDQFReafo=dFStwmA*>?OOpFFzi|e#QmU-qmLXGu_j7gY^#-(`3U0`OOu{>~!Q_Jwm zxBF!zLaMN0cy^v;Y2c47$%~Bh6^>&N_H?Hzs)sW?3uehtwV685+c=p47huP&;w^D{ zOXwB0tL=&fjG>xgdF0$v=7l zLp-(a@OyfUtlWI@k$Xw66qmb5SW8A8gHI8Te*hx%o0iF4hADfkpdQ8q{?)ylOMmCLg^LJ2KK~wsQfL>68{?E3T7Pgnso& zDo_3qKsQ}Cq`y`E#W$CGu=QJN&%{ZCxctDbA#IZiB8NvB zkVf`2iB5Ah`a@zkAC=~Zrt5JXoY#nF_gp^HQ~W*x(T;9#8dh@#jhp3>-mvw_PY&p* zLtv|2RG!HW-v3V z-YEQ1T#TJ5xh%5;%Sy75GH0X{TCENedj$k=!q2=_8qp$I8lhD`i46R>;Hq zvbdpchLSf}4`6P_BUsDgO1~|xDJBj^)#jkMa5Fl#(K`sILX-I|=9Tm3iDex4l{nCSk3Pg- zt+g4f0Xx~9;!xC{UXasC3maIrck7CgoNi5o?Vage;6YVRF>YyiUly4s7Y?qFZ==UA zRtO8B5<9uA_LF6@sz4%%P7pEr4nUCJy^Y48T)bs|clx&o;lbhkhH*Jhd-?m>c~jr$ zRV3puno+g+iUZuIjXb}H|2xasgURF%BY@p&uMi`K36CE)8@RYga|-uitjVx2Zpn+$ z8;Jd$(KfbnX~Zo7f8WZo+$l|WeX_`{OE>wwlfl(X9;s%)!CU&ahtB=gUq(X)4F%c`y zG`Qo`xbv)K->hlz(&fPc*!Tr3++8c$t19&vp_UFnGAv+H2Gg}6KQW2-$z7)*B2>e5 zK^7i)p&)XKX|~C39neA4)H*Bz+Fjx<=OH`!n7UI~40`dIXqn-X6dJk;Ft{Psv3|P& z4dufhwusTJAqA~}85nvGgv+d_mDK^|qS!DW6$%-e>aYhoeHFLoE3NbgsA`JSjQ zy`Pi7wUar=STH|)qY_(&ZB*DqAKvBPK%QyLQuUISzz(M#bDvdhE6zpOrlO#!Sg|&M z-QFI4_I)2QB5&Oh=0Zq|(X^=&>LE!DNa<#FA$AW=k&Fy(VVlD6rHPK{wOi!z>5VBQ z0GeCA;!bd6biQFCcF0*j;o!kJ|Mb>ON02UmOY&lspCJa}LZTrL!*gwMEZ=YCFMqjBtU0e2&)rj!~Li5l zGbdxl+=80|9zPFjg>Y{BCb?&w#q_?q;U5 zI=6G0Ow`*P1pvGxHFk`e;B%#-6cE2RMrD|V)?Z49aJqjUQPPK8o_PUtkr&Q=?%eS| zX>fx+C9LTFCP4t@o~i~!))K4o1n};_CSIx1yr!cF^>?&c`h~hU9t^YLW(M+aWmT(tC|fe;IuZ;Kr-H5 zd4sHB@C%SG6~1(tzu$3dkdRZKBNB@j#=_}cJ{Vs`PmtQ8!P@jPKU!U38wW{NxXUK? z>sn_;<~KHsLG56r7-#pU0%sm?w5!nNF;ruP_iG>HeTXm!xeR4QfOr|6htB14>|x1t zP8^Xtpux)NhQ>{DF%a*I=+tCc_swxsWu7MJ$L6YhR-CRfz5xN*6#2s~U-*GCL^uX}-dY!0mxk(=d4yf z1dRo+Is7JPx$XzymVXYq9!$V3$1$oVki7C3l|YZ5#jeFuP9YH@&AuRYH-Z7*E|cog zXNF9h^Bhb~3)~7yqjO*G7~xLdZ;MY0CHw+MYh9S>T%xrdM?B`jE{uD({w@FfQ1CZ# zqRD>5T>EWo45OsFF9)3AhJPDxbnu09$j3BnNKOm}v(;pB>X;*u5^Wh19*ZWE*0t6$@CF^`08NIcnHkI zaKJr9I6k0y!o`@_!?mm0&Tb4eIIz5p3r@DIkN5dkhaOZFBS560KqSmuE4Mz#8zRwe z>4_(z$p3Vb_{^oZuyeDR*gux_Kn3&t)8SIQz(45+D>siCox@9|i2l$)fX9KcN-{Pg z$Bx*@4h4am9!l?zS>HY%DSKoiJrkcL3Rrh?++X+NEd=X>S~M|vCH(y1=Xvdrk(^zJ zGe){ScQzx;b{Wa>W$7%D!q*Y`G%vD$`TBS_wS(&pu>$TaDKq8Y-OQrwD?+$UV1+%% zM|4F}@bN)d4?2aMo}9-O?mcpA>THZ+J{X}g62&k#k}Vu1?6tHmU24z%=Y36{>t;yd zuZOz1vA4WW5o|EshP;icmlAt@`B?yRLT01x#-rE(3PbHyDoKOqPYne7pK`snF4#x58Ts9f+){DKnI8T#C9>g=NK zCrDOP-ej}X@g8|$I|C{fm75#^e#pvr#7I4D#Pvpy{vNj}22lnCV=gO0KQ*sB6$Gv? zobXU(A~pp%S@PB#HdwdkhfddyuRJ6ULZ-jW1H?>u*~$k3v1`hMx?Hyb1|j*XgCj(s zxn70>7%E*WnW@^;S6e8sgP)jXQuvoXL-56-Hvc|6*D%U?7LzR{S4kXl-yxV5iTp=E#Y!yo=1YUewL@Aj=>fkt&_vL0EM%>g`1g_DGo zM#+uO3tD^w$)hWcepjQpb&ucL`?D&sY+|gZEt#acFT)yK)aRy{F4~KO!!{)YK=5yN zuW+WUaFS)rwc7nQ<}zeb$h-o}t#7{R@c!x)zq<;1tF2S!9TTvy^yKE`A~!l-b7@3f z>G=*$kV1cccr_rM+MO1c8u0?7z!Hh8#4u`&YCdWt*#^gz+!D!&3ijiRA+orb@}%bE zAm}yG{e-V%NLBbGcRPijYq3^J?ADa#13w8rbGCoVKzPZ2mNGe(P%hQ_tIH7*VB3l$ zMKE__uL^5#OavQX(y;nW14E{_0WZpNE<(s?O(*j$0=011|D-N5>|c{*Or44TU@Oz^ zpYc5ZkeKcaYO^b6_cYzHc55@7FB-0j_H(2at*?FcbZ%&}cz|GYp8p)G`{F+IE@IlK z?x)3o&b!a(N3uV@>XqoQO0aP@qtAWo;Y<52HM4a@*x*;l`9~{OdACX(Gsk*`%q4-a z`Ed}?o!*}0MiG9-T?@rqCFKa@rL%dXWT!{kGdH#oXb1+_z)XxhfHX}3WTewoWwy4D z^3!<@I)oos3Y8oQ(+I^L2L1eAd#y4xk?MJ39j^;yfiA|cwb z-s1CBQ??cSPtL;wR#@Oy3&5uCMg|Y8+6*VX{nLN!_lG&6Zbac{R(yfb5=9*90Q$+- zy_1|;Ml$g-)7{RdH1HD$nY*DntO_+p=5KmK5#h@M!uRWKn)}7 zqDaE*-5yc$2)z5MG7ckB0?b|Vc68WX4L#;=RU>7BQMkN4h^?@0EXe`FZ*S9FAZn~Y;8HM+DmSC} zlXyZnqA_0G$h;E_5vEqJFweCll+Suas4d^O4Ty2d=y5S3Imh-$R7MwQm_{oj3js}e z=>dI7{kLMZ^q%XX4Dv}R_T-r;U{F<5D_nVZe%as;Bz{tBH}q_h3C+BWh32S8yr`z5 zIQpRaa#+qBU!-2&xJs+MDYIPD^5KP1yE*@UUL0i@0i()^ffY4^H}Sn{#Q|w+vx$kL z9Qp)i81x$gA`@C(ZN}VY--GK+&{aC0xCnplv#3`McbV?sw`;GV&78+CDbqSt zb@d7nhe*Y_zf&U4fe5EwVjiLQiPVavzq_Th7+0~-T^h|dpKg34KS=E|idNezTxhrU z&OQ|_=u>+)7sEatYxh(AK6TXl0S2E)AP-BWZvCSx(jL zLZNTaCaD#vjVQ0&SSs@82qHO4do=4u(}-rtfrtQl$p+o>tRSa#@!{=PN)p$|RpdbN ztnR`?{P{-WaO>}!q0YdBYuNx(7)O5e3ZsJ;kv~DXnhidYZga*}ZhBa_^0cK$#~dC2yHvwUwWesH-!UgAlZdorI1U@^=PN=t zQ5x4HS!-MNe1`0*(=Y|2sDboANq(Mv3m_vO_k z;rW1UgU%o+SEBbGpGGbk`&Cq?9)Hlv;!Q3^^i#s@S6|6_!~;yMLjl@_-2ud>?mUBU zSM&tw5OPM?)DX+~Xp^e~dZ{_vBT57XI7~4#$##8#H`ZiqQ1Z;HDM8l7Wof}A_k{QH zypa0kGkP?ca&}=feAiD>$ z4b+>V$miUM`}I)GL)@Bkj%tzIk(B6KjDyeLrQ+#@#X&Os*YS$2w_k-fLzge^k9|K) z2e%*s0Uh7rG)z}zb@tg5$RhV%-MPHiSxXLs6Zy!M3eJ{QXU&wV7&8MS`?6AmP&~<~ z8q0%yo%{pLt;kwAq3G+9tAXmi5?9))(W~Y><$bwdO*+zPaoHRDwSq_wt8oVvewPF( zs`^rMK&`W##MzMg+%2$gt5*_nk8=m|lbh1&iu{$cWCzY8IIOHfE>LJ^Ba_wg4m)2X(Vz!-vVwz1Dch!I-WO=wM_iuFLPo*pBv95m@R4$Gt#obF( zg6X=_dE9zSM&ulY-&mAScj(S-sZ+by9>v;8iUoUkfFQOE+rl8VRiY38oEl61`n2P4 zwK6@$4|kl9g5K;dx8k)d^*h_HJwDFM$g35{Pp_A?gRaE8%*|wi8Uz>Q7X%E~lh{4TbgN_a)TC6!pdy94an; z>`Yjz@3+hv*n06i&1b=&yErB3+n>Bjsl@%VLc_iH9+P~}-G`ls((~I%GCvawQMsE; zX>(U}zS9M$gdBXUgt!&mNbPT8T%tLJkif<2N!$bQ9B-JR(O!~yFj-W8Xz`|l5Mpm~ z184Gi{uQubFzy4n`-YQL1Ri2z!`UH8#jiHSgN_siPkEvFjL{!UjjBiZh)3a#hS{59 zZ5z@N)ptD8#TV(Oiv708q#+@(Cio`lid$7EeeWKlMq)?Ko1CT7@bdBc;agRc0+C;> zyQzaO(O8O)^G zCi&0C#@!lajGTTB(y!a3%1L0~78qi?=p)kUWsP+oYO1HvF9Tg=g0k>pz}M)sc7|uR zuhosL1=L+tTrS#>5YL)Abr2DtHpSPfc-WpmNAi`W8+YK(&rMUwS9|i_41yA0tP-QG zA8)5>3doI$`OM+1M`;AydRVT%QoOhwtA>_2R*j5?$L`I1-@WyM@SC(1i{W+GFXwx{ z-};4OK^fq@8Lr#Z{^$ld0PfM@k&8C}5f&L*Y&<;bFO3pLY?@t1wFZh^3_F<@ir1<6 zOb&Rl7whbT6L+J>wGtcY9aatvK}jCB4FCs;U|~f{Fbiou_=xaPIL=c8kisuF)7Nmc zqmQcAPciC4=pqe5gqg=TApwU#>LY=TbF3+H(u1_6sgjos)BW^+Rl0@gT zb}IaWRKWg<6;R1^<$fYlP8lYs9bhUvrD2Ab*ol2a+^0}rf8_bdCP3tpdwae{^#jg*mD-8`z( zwr+6;{RMEG&5#4u1sc1-5OwiiaC`B%e9MLKPWzhIgVeatfIe+$i#>oFgc={!MAM%q zODwzIxrh52g*S=kV6rCVp1Z^;^sQCkcxd>o&mM5~1Rd|vJVp5WGgC&JoZsvA;B=?SQVZo=$vG(Xfhr{p>RqF&GGG2orBTZvGRrdk6qEMha!K$DDrmj zn!2UU-szj`_oAuy9}Nu-Lo=Ga*LH6_hG{7L?#c}I_A7*ucPZh6JG3zeyR~}1DIZ!T z7bdiX1XULf?flLhM)DmFq>~Cgr)%G)4GdY`Ia-W=d|=KPQc7iAIFXrz*=P7an#;x# zfyI)k8{~j%kfU*S;qqA%RCxGhg_OXhURMseg-B17xgk<+!}wavzkVw<2cY!crt7I%?G7%p(;Q+j z4S+y_Wor+(6+0dAar|90pl?Umdk4T_H^`@(N#qd+xI95tnWZ}#7V2-XH1m%;q))Qz z1j3Y?%NCR&U{ikishJ5+`mQ7%b%J5ZuQ;uYZ{m*5u(R|z9YtzJtsU$4UvsK!#!d>c zWz<#NMG{$`nurHZd9KKA7uZPGM&I37xy*O6BNsgqtR_M^jv4N;JXD*#*=uO@(La|O{Q36*byY&b@F@9CxZ z>X@>az$z9t8{TM|iEc7R>pvBbxMrH3W%G#TbD3UuaZ3OcGrkFndt8a!W|20UyM^bO zr0ifbbLvod+Gyz`S}pW8#wR(8Q%dYK8p$>}4-NS(KQ7t$SSoOn`DRHxX-M49n6pR| zk#YQD6Mur+cV4_K;zjcTQUC5o?__+7rGh=$y|SRebIN3vb#JfL9ux;Dx9B1OmdPF!!_ zv5%kQQg%if(to5&NB>=`^Z>Y>VCn0&M$u4w@Uw*60NKcg>ojm|gCO#G6dii}qQ27M zA6f^BaIz<9kMvYk%is7Owz8VGqH1B;N1#>rrN)>TkNo%`2+B^vWvKeZ_DV|7(1qXU z2Hd89VxJTp#4d`>8Cc4KSZm<3S%lHe&Hebc7R-Xr_i<{zKxH1ZM*f)|NKV;8#m;^? z8}(^39KT!ROVAVcNYP$jC4VAxzt@DMf7v)k#crk`t4fvS32VkH*KdLA6bhRKY(>=w-aQ4z|CQo483F>3D&Eqoc+S{*qEq1cMH45ZnU(8B*@}FJj$4 ze2BlCfvG^8(@pR;#:/config:ro quay.io/coreos/clair:latest --config=/config/.yaml -``` - -## Initial update & API - -Right after Clair starts, it will update its vulnerability database. -The initial update can take quite a long time depending on the database backend in use. -Clair will announce the update completion. - -As soon as Clair has started, you can start querying the API to interact with it. -Read the [API Documentation](API.md) to learn more. -The [`contrib`](../contrib) folder contains some tools that may help you to get started. diff --git a/docs/Security.md b/docs/Security.md deleted file mode 100644 index f9827160..00000000 --- a/docs/Security.md +++ /dev/null @@ -1,55 +0,0 @@ -# Security - -# Enabling HTTPS on the API - -HTTPS provides clients the ability to verify the server identity and provide transport security. - -For this you need your CA certificate (ca.crt) and signed key pair (server.crt, server.key) ready. -To enable it, provide the signed key pair files in the configuration under `api/keyfile` and `api/certfile` keys. - -To test it, you want to use curl like this: - - curl --cacert ca.crt -L https://127.0.0.1:6060/v1/versions - -You should be able to see the handshake succeed. Because we use self-signed certificates with our own certificate authorities you need to provide the CA to curl using the --cacert option. Another possibility would be to add your CA certificate to the trusted certificates on your system (usually in /etc/ssl/certs). - -**OSX 10.9+ Users**: curl 7.30.0 on OSX 10.9+ doesn't understand certificates passed in on the command line. Instead you must import the dummy ca.crt directly into the keychain or add the -k flag to curl to ignore errors. If you want to test without the -k flag run open ca.crt and follow the prompts. Please remove this certificate after you are done testing! - -# Enabling Client Certificate Auth on the API - -We can also use client certificates to prevent unauthorized access to the API. - -The clients will provide their certificates to the server and the server will check whether the cert is signed by the supplied CA and decide whether to serve the request. - -You need the same files mentioned in the HTTPS section, as well as a key pair for the client (client.crt, client.key) signed by the same certificate authority. To enable it, use the same configuration as above for HTTPS and the additional `api/cafile` key parameter with the CA certificate path. - -The test command from the HTTPS section should be rejected, instead we need to provide the client key pair: - - curl --cacert ca.crt --cert client.crt --key client.key -L https://127.0.0.1:6060/v1/versions - -**OSX 10.10+ Users**: A bundle in P12 (PKCS#12) format must be used. To convert your key pair, the following command should be used, in which the password is mandatory. Then, `--cert client.p12` along with `--password pass` replace `--cert client.crt --key client.key`. You may also import the P12 certificate into your Keychain and specify its name as it appears in the Keychain instead of the path to the file. - - openssl pkcs12 -export -in client.crt -inkey client1.key -out certs/client.p12 -password pass:pass - -# Generating self-signed certificates -[etcd-ca](https://github.com/coreos/etcd-ca) is a great tool when it comes to easily generate certificates. Below is an example to generate a new CA, server and client key pairs, inspired by their example. - -``` -git clone https://github.com/coreos/etcd-ca -cd etcd-ca -./build - -# Create CA -./bin/etcd-ca init -./bin/etcd-ca export | tar xvf - - -# Create certificate for server -./bin/etcd-ca new-cert --passphrase $passphrase --ip $server1ip --domain $server1hostname server1 -./bin/etcd-ca sign --passphrase $passphrase server1 -./bin/etcd-ca export --insecure --passphrase $passphrase server1 | tar xvf - - -# Create certificate for client -./bin/etcd-ca new-cert --passphrase $passphrase client1 -./bin/etcd-ca sign --passphrase $passphrase client1 -./bin/etcd-ca export --insecure --passphrase $passphrase client1 | tar xvf - -```