From 459ea34293077ebf83991fa83647537b28c57ff4 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 15 Apr 2021 22:33:27 +0530 Subject: [PATCH 1/5] New upstream version 13.9.6+ds1 --- CHANGELOG.md | 8 ++ GITALY_SERVER_VERSION | 2 +- GITLAB_WORKHORSE_VERSION | 2 +- Gemfile | 2 + Gemfile.lock | 9 +- VERSION | 2 +- lib/gitlab/sanitizers/exif.rb | 18 +++- spec/lib/gitlab/sanitizers/exif_spec.rb | 35 +++++-- workhorse/CHANGELOG | 6 ++ workhorse/VERSION | 2 +- workhorse/go.mod | 1 + workhorse/internal/upload/exif/exif.go | 22 +++- workhorse/internal/upload/exif/exif_test.go | 36 +++++-- .../upload/exif/testdata/sample_exif.tiff | Bin 0 -> 1039916 bytes .../exif/testdata/sample_exif_corrupted.jpg | Bin 0 -> 2182 bytes .../exif/testdata/sample_exif_invalid.jpg | 1 + workhorse/internal/upload/rewrite.go | 72 ++++++++++++- workhorse/internal/upload/rewrite_test.go | 43 ++++++++ workhorse/internal/upload/uploads_test.go | 99 ++++++++++-------- 19 files changed, 281 insertions(+), 79 deletions(-) create mode 100644 workhorse/internal/upload/exif/testdata/sample_exif.tiff create mode 100644 workhorse/internal/upload/exif/testdata/sample_exif_corrupted.jpg create mode 100644 workhorse/internal/upload/exif/testdata/sample_exif_invalid.jpg create mode 100644 workhorse/internal/upload/rewrite_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index 629a092977..0ac3dec21c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.9.6 (2021-04-13) + +### Security (2 changes) + +- Clean only legitimate JPG and TIFF files. +- Update ruby-saml and rexml gems. + + ## 13.9.5 (2021-03-31) ### Security (6 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 62f8ce01fb..c2273bba24 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -13.9.5 \ No newline at end of file +13.9.6 \ No newline at end of file diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION index 48309c07a5..36fd88335d 100644 --- a/GITLAB_WORKHORSE_VERSION +++ b/GITLAB_WORKHORSE_VERSION @@ -1 +1 @@ -8.63.2 +8.63.3 diff --git a/Gemfile b/Gemfile index 8d39ce9414..c70e1755e1 100644 --- a/Gemfile +++ b/Gemfile @@ -29,6 +29,8 @@ gem 'devise', '~> 4.7.2' gem 'bcrypt', '3.1.12' gem 'doorkeeper', '~> 5.5.0.rc2' gem 'doorkeeper-openid_connect', '~> 1.7.5' +gem 'rexml', '~> 3.2.5' +gem 'ruby-saml', '~> 1.12.1' gem 'omniauth', '~> 1.8' gem 'omniauth-auth0', '~> 2.0.0' gem 'omniauth-azure-oauth2', '~> 0.0.9' diff --git a/Gemfile.lock b/Gemfile.lock index 538a43a6eb..9d3fb1eee4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -998,7 +998,7 @@ GEM retriable (3.1.2) reverse_markdown (1.4.0) nokogiri - rexml (3.2.4) + rexml (3.2.5) rinku (2.0.0) rotp (2.1.2) rouge (3.26.0) @@ -1072,8 +1072,9 @@ GEM ruby-magic-static (0.3.4) ruby-prof (1.3.1) ruby-progressbar (1.11.0) - ruby-saml (1.7.2) - nokogiri (>= 1.5.10) + ruby-saml (1.12.1) + nokogiri (>= 1.10.5) + rexml ruby-statistics (2.1.2) ruby2_keywords (0.0.2) ruby_parser (3.15.0) @@ -1498,6 +1499,7 @@ DEPENDENCIES request_store (~> 1.5) responders (~> 3.0) retriable (~> 3.1.2) + rexml (~> 3.2.5) rouge (~> 3.26.0) rqrcode-rails3 (~> 0.1.7) rspec-parameterized @@ -1509,6 +1511,7 @@ DEPENDENCIES ruby-magic-static (~> 0.3.4) ruby-prof (~> 1.3.0) ruby-progressbar (~> 1.10) + ruby-saml (~> 1.12.1) ruby_parser (~> 3.15) rubyzip (~> 2.0.0) rugged (~> 1.0.1) diff --git a/VERSION b/VERSION index 62f8ce01fb..c2273bba24 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -13.9.5 \ No newline at end of file +13.9.6 \ No newline at end of file diff --git a/lib/gitlab/sanitizers/exif.rb b/lib/gitlab/sanitizers/exif.rb index ed3e32f3e7..eec50deb61 100644 --- a/lib/gitlab/sanitizers/exif.rb +++ b/lib/gitlab/sanitizers/exif.rb @@ -45,6 +45,7 @@ module Gitlab ALLOWED_TAGS = WHITELISTED_TAGS + IGNORED_TAGS EXCLUDE_PARAMS = WHITELISTED_TAGS.map { |tag| "-#{tag}" } + ALLOWED_MIME_TYPES = %w(image/jpeg image/tiff).freeze attr_reader :logger @@ -96,12 +97,12 @@ module Gitlab end end + private + def extra_tags(path) exif_tags(path).keys - ALLOWED_TAGS end - private - def remove_and_store(tmpdir, src_path, uploader) exec_remove_exif!(src_path) logger.info "#{upload_ref(uploader.upload)}: exif removed, storing" @@ -133,15 +134,26 @@ module Gitlab # upload is stored into the file with the original name - this filename # is used by carrierwave when storing the file back to the storage filename = File.join(dir, uploader.filename) + contents = uploader.read + + check_for_allowed_types(contents) File.open(filename, 'w') do |file| file.binmode - file.write uploader.read + file.write contents end filename end + def check_for_allowed_types(contents) + mime_type = Gitlab::Utils::MimeType.from_string(contents) + + unless ALLOWED_MIME_TYPES.include?(mime_type) + raise "File type #{mime_type} not supported. Only supports #{ALLOWED_MIME_TYPES.join(", ")}." + end + end + def upload_ref(upload) "#{upload.id}:#{upload.path}" end diff --git a/spec/lib/gitlab/sanitizers/exif_spec.rb b/spec/lib/gitlab/sanitizers/exif_spec.rb index 88ef3ce6aa..63b2f3fc69 100644 --- a/spec/lib/gitlab/sanitizers/exif_spec.rb +++ b/spec/lib/gitlab/sanitizers/exif_spec.rb @@ -4,6 +4,11 @@ require 'spec_helper' RSpec.describe Gitlab::Sanitizers::Exif do let(:sanitizer) { described_class.new } + let(:mime_type) { 'image/jpeg' } + + before do + allow(Gitlab::Utils::MimeType).to receive(:from_string).and_return(mime_type) + end describe '#batch_clean' do context 'with image uploads' do @@ -43,7 +48,7 @@ RSpec.describe Gitlab::Sanitizers::Exif do end end - it 'filters only jpg/tiff images' do + it 'filters only jpg/tiff images by filename' do create(:upload, path: 'filename.jpg') create(:upload, path: 'filename.jpeg') create(:upload, path: 'filename.JPG') @@ -53,12 +58,16 @@ RSpec.describe Gitlab::Sanitizers::Exif do create(:upload, path: 'filename.txt') expect(sanitizer).to receive(:clean).exactly(5).times + sanitizer.batch_clean end end describe '#clean' do let(:uploader) { create(:upload, :with_file, :issuable_upload).retrieve_uploader } + let(:dry_run) { false } + + subject { sanitizer.clean(uploader, dry_run: dry_run) } context "no dry run" do it "removes exif from the image" do @@ -76,7 +85,7 @@ RSpec.describe Gitlab::Sanitizers::Exif do [expected_args, 0] end - sanitizer.clean(uploader, dry_run: false) + subject expect(uploader.upload.id).not_to eq(original_upload.id) expect(uploader.upload.path).to eq(original_upload.path) @@ -89,23 +98,35 @@ RSpec.describe Gitlab::Sanitizers::Exif do expect(sanitizer).not_to receive(:exec_remove_exif!) expect(uploader).not_to receive(:store!) - sanitizer.clean(uploader, dry_run: false) + subject end it "raises an error if the exiftool fails with an error" do expect(Gitlab::Popen).to receive(:popen).and_return(["error", 1]) - expect { sanitizer.clean(uploader, dry_run: false) }.to raise_exception(RuntimeError, "failed to get exif tags: error") + expect { subject }.to raise_exception(RuntimeError, "failed to get exif tags: error") + end + + context 'for files that do not have the correct MIME type' do + let(:mime_type) { 'text/plain' } + + it 'cleans only jpg/tiff images with the correct mime types' do + expect(sanitizer).not_to receive(:extra_tags) + + expect { subject }.to raise_error(RuntimeError, /File type text\/plain not supported/) + end end end context "dry run" do + let(:dry_run) { true } + it "doesn't change the image" do expect(sanitizer).to receive(:extra_tags).and_return({ 'foo' => 'bar' }) expect(sanitizer).not_to receive(:exec_remove_exif!) expect(uploader).not_to receive(:store!) - sanitizer.clean(uploader, dry_run: true) + subject end end end @@ -119,7 +140,7 @@ RSpec.describe Gitlab::Sanitizers::Exif do expect(Gitlab::Popen).to receive(:popen).and_return([tags, 0]) - expect(sanitizer.extra_tags('filename')).not_to be_empty + expect(sanitizer.send(:extra_tags, 'filename')).not_to be_empty end it "returns an empty list for file with only whitelisted and ignored tags" do @@ -130,7 +151,7 @@ RSpec.describe Gitlab::Sanitizers::Exif do expect(Gitlab::Popen).to receive(:popen).and_return([tags, 0]) - expect(sanitizer.extra_tags('some file')).to be_empty + expect(sanitizer.send(:extra_tags, 'some file')).to be_empty end end end diff --git a/workhorse/CHANGELOG b/workhorse/CHANGELOG index 0d29061cca..4193568c0b 100644 --- a/workhorse/CHANGELOG +++ b/workhorse/CHANGELOG @@ -1,5 +1,11 @@ # Changelog for gitlab-workhorse +## v8.63.3 + +### Security +- Check image content type before running exiftool in workhorse + https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/ + ## v8.63.2 ### Security diff --git a/workhorse/VERSION b/workhorse/VERSION index 48309c07a5..36fd88335d 100644 --- a/workhorse/VERSION +++ b/workhorse/VERSION @@ -1 +1 @@ -8.63.2 +8.63.3 diff --git a/workhorse/go.mod b/workhorse/go.mod index 20344f0081..047ca37d15 100644 --- a/workhorse/go.mod +++ b/workhorse/go.mod @@ -29,6 +29,7 @@ require ( gitlab.com/gitlab-org/gitaly v1.74.0 gitlab.com/gitlab-org/labkit v1.0.0 gocloud.dev v0.21.1-0.20201223184910-5094f54ed8bb + golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8 golang.org/x/lint v0.0.0-20200302205851-738671d3881b golang.org/x/net v0.0.0-20201224014010-6772e930b67b golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061 // indirect diff --git a/workhorse/internal/upload/exif/exif.go b/workhorse/internal/upload/exif/exif.go index a9307b1ca9..2f8218c3bc 100644 --- a/workhorse/internal/upload/exif/exif.go +++ b/workhorse/internal/upload/exif/exif.go @@ -22,6 +22,14 @@ type cleaner struct { eof bool } +type FileType int + +const ( + TypeUnknown FileType = iota + TypeJPEG + TypeTIFF +) + func NewCleaner(ctx context.Context, stdin io.Reader) (io.ReadCloser, error) { c := &cleaner{ctx: ctx} @@ -100,8 +108,16 @@ func (c *cleaner) startProcessing(stdin io.Reader) error { return nil } -func IsExifFile(filename string) bool { - filenameMatch := regexp.MustCompile(`(?i)\.(jpg|jpeg|tiff)$`) +func FileTypeFromSuffix(filename string) FileType { + jpegMatch := regexp.MustCompile(`(?i)^[^\n]*\.(jpg|jpeg)$`) + if jpegMatch.MatchString(filename) { + return TypeJPEG + } - return filenameMatch.MatchString(filename) + tiffMatch := regexp.MustCompile(`(?i)^[^\n]*\.tiff$`) + if tiffMatch.MatchString(filename) { + return TypeTIFF + } + + return TypeUnknown } diff --git a/workhorse/internal/upload/exif/exif_test.go b/workhorse/internal/upload/exif/exif_test.go index 373d97f7fc..ee5883d9e0 100644 --- a/workhorse/internal/upload/exif/exif_test.go +++ b/workhorse/internal/upload/exif/exif_test.go @@ -11,39 +11,57 @@ import ( "github.com/stretchr/testify/require" ) -func TestIsExifFile(t *testing.T) { +func TestFileTypeFromSuffix(t *testing.T) { tests := []struct { name string - expected bool + expected FileType }{ { name: "/full/path.jpg", - expected: true, + expected: TypeJPEG, }, { name: "path.jpeg", - expected: true, + expected: TypeJPEG, }, { name: "path.tiff", - expected: true, + expected: TypeTIFF, }, { name: "path.JPG", - expected: true, + expected: TypeJPEG, }, { name: "path.tar", - expected: false, + expected: TypeUnknown, }, { name: "path", - expected: false, + expected: TypeUnknown, + }, + { + name: "something.jpg.py", + expected: TypeUnknown, + }, + { + name: "something.py.jpg", + expected: TypeJPEG, + }, + { + name: `something.jpg + .py`, + expected: TypeUnknown, + }, + { + name: `something.something + .jpg`, + expected: TypeUnknown, }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { - require.Equal(t, test.expected, IsExifFile(test.name)) + require.Equal(t, test.expected, FileTypeFromSuffix(test.name)) }) } } diff --git a/workhorse/internal/upload/exif/testdata/sample_exif.tiff b/workhorse/internal/upload/exif/testdata/sample_exif.tiff new file mode 100644 index 0000000000000000000000000000000000000000..6671d818edba223f20dcd707be3176d4ca042412 GIT binary patch literal 1039916 zcmeFaca&V$c_-MC?6KEtjV%o+5}~^*zsk9D<$9I65g24i4(IGNfCdGd1YiIRvd4R7 zXJ*%Pc6Zj=u_P;zVnBCS=t|vyDDTdh-LuF4j6ELP3N|fun4?*_3G7qzjxpF-TU3|`~7@AdB?AJbaXt@(eb%2bbJn5iqB*7&UOd3KacG% zV7~w#e&No3?zn$;XB&rfeCcz)((xZ(zUl&VKH9b=dz!{QFJp*JJx3Y(IzXVVocT zbbJMu^(2nxe*b^Pj{o%e&voR#+|luEY#;mc+sFJ2$DIE2U+Z`oCwvYk5dZtz`~MdE zxj(foZYWsOQ!(h+AV2>W(=KeETUpP5>_>acU@D7bV zb?mrVaP9y8e+0Z^N6dn+_w3j1Kj|F%<}vS|oEm%bPY!(b@SptA;ejIptK~OLFATo$ z%*kiQ&W!S2c;@Njrw3m!3r3HeI5akhZEm+lz}q_H%paKr-#|;8Cr*v=jB2A=t8%?? z>^Z%_@*6zUsUt@RpJ3g0PJwr3!8gyGIXS4&JpcUj>gNsW6Q`ci=mrJ`G+MnzuUFv+ z)#+~?KQsD*>iB6PcZ%ERV8>1$K6UKmnPVr8^SE=49y;;t8M8ou&v|!Fj!zG}Uck;f zKft};I{oQ0M>IaXG2(h~fJU#?_N%mdm3~0;!SCbK{rlhh_VLr|t*ccZKJkp^h0&85 zom#7T=9v$DuQ^oeIr9UgN%H+KAt@Pj{k^66(!fABY- zJw3+l+G_XHM~-UHsI6cA;CHzD{@!;u7@s=!%*m~9a7Tae$Rmf}JMQGOr=H$A=Ez~q z*wbUrpdqJmX5EL5KXdHp`#0!A*Ta4C3k|`~y?6c(9sMp|TWz^>Uk2G@PaQim`t*}q zNN}*c_ua$Kso%R<$H$&OefY$YvD2C(w~xP#+!+qWJA0g?C(k^4YHaJ|TQ_ZxJ#qM1 z?uvY@S-^oYc;v+4V@C$JHjf_d8|ypNV^kT8My<-&XE?0t*Y@||uOo+a27|Wu@W9az zoXU6n^qJA)hsU^6;pFOLIL{${&!Hpzqy4I*S_4ke(?6=}Kiog2(jPiv=<7Xf)QE7JTrRcQHEt>$nYWzhbZ&n(cZweRnF z?CH@nM^Bu3#w^%(?D(@Uy#K*hk3GZv40l&`y}G{segmFNZGW%6$MF6^UmH7h8c!j2 z&MnKc^~sULgKnI06i>skXGWhI({TM|>l1EckR3fU#+@8r`b8`C{$W1utNX@|KXvAt zW0TL+IF;cU$vYvUMwO0)IWr1`jmf8k6|e)Gih$3NM5-aqucv)E6adH%$y zKRS5o;GsVpJACHj&vUnf-#gP2u=A(SocfmU9vAhI<4m`oCNI8w;?%c3@cU1W{qgO0 zw~g`B$F`v2@wN=$;OODo@Sh%iZtTd`EdY+UKRW!)(c@2z!P96sk8x!5%A2~fGxkslWuiz*@usQ{+nayD+(>VrB-nJHs87Jzsz-g_}q89o>9Y5ZQsBVoyu_d zP_N2p9PLpZ(j7gl>gzq)bEvnc_h|p2!yi6NlV4BY=;5P!*g*Z^!<<1qq*V>*4~?q& zbiIdl{XNE`qj${3dw2PlyB_@q?vF{sIsJFLp^0;g`}Yriu%nu`4Ca;vdGgtlC!anx zcIv|&_}vG(&T$|3{vG3Sudjdbu-o5uo;dj}*#2*xIr#kXkNx?(9C-T-`;HwRJAV4a z$2I*!hnQe^58t+RA8zi4A6E0@`k^$~bKa#rqFPCt7W zqjc9_f$59*_RWw(zBJQMk5+z_t#iy^F%NEd;i8FzsDC2G?)AAJG~+j>*OIh*u#__W75e zKK#t-U(t4SJahcasV6)R-Zy^t_jtdSM;P(fJO2BQp^h(%9zK22{@7#txES2s|Eylv z3b}Q>sp8Ic_hahr{UX8^hY_>m;RxH|lc&yL`(I+a_xUp?x$W;``yot;j$nHV+sadD zAhs`Y`w!jTUg5T%+S=x#ksS}6`sx!-TpJgLm=V;xU- zoas>E-{aVGy5k9a?x^$q-CN&(4BtA0ZyoD6jBl_VCpw<#7~T4Q2X_x}4F0^2?dhWi zL@e>=bHC~6==jwHAveSw9l!RM9Uawg6HN5^mdyN-^Z{>}UQ4*gX}$LoLI(edczlcT3bw|<8U)_(rz(Tr2v7uC7lHLSpG3`MoL3%) zt&owZ7?1z;^LxpphD_-Q9`lg0?3Z#zV@gXxy4n;hhJu7O*iR(7eGcXfF7SEsv4L{$lQ*5X1kE#LIZVFWk}6QOp1&Ufk{ z!1WDfEhHl$aV>xjGf1MnR0rzr9@fJJr5f0!E z!@)C{I_XH3kaSb`EB$y?=rXqjMlp}(T$%iqlrFMWK za90F2LrTtBzzuPp2>rykIw{$h;#JV=ULN=-=a-U0f)%GSXA|WdvLdU)3mbTgo%jd` z;4mD#?(ba1+$W|b5hFJlpAuqDM5cQ0`lECwMSvpE8VGQqb@gVDzZMw8AoJ}JNy5%c zIR#m}vgFn+d36O=k+6u8RtEm4;MTr5%v<|Y139a$1x2eNbtPmau>lh5ZjFoG5tmI* zvK<6!k)BF`*_y2|)hStZiXjn(#AW0~-X2yI%)Aww zDKWykxvyZ;Cf&>hPiNjPy*MPeFrp>_6^SUQb1xHI>)Mm}P(y-=j^P^cWra!%T^WcI-krX$c`Qnd;s4evj*JIN1}m%jdRnia3Ol}k1zY42KiocEUZk-S%Y%_7GO8+ePI z_y`B!FdY2GlRWYxaW&FKW_n0WMFPB9h$&Ce#YfulC;}~vKsC}y&YExjiE7@mCqF35 zJB^nu-5I-R)*+u`WyxXXyoX8nWS1Rcyv5G6FKZRexz%JGi^%$N_+cyxH`IvH zleaJe2)IRMlbeayU#$vO>rR-d*?i%x0ID#Jt@FKpl~cH$!( zz#Zme-gK$RD?KE_--zhAb)|q9nVA*D;vTR8A-x=mKszCDb4EyB>Pa@Ihz=EAY&0MveKMIRAONks!7i;$j#^*6%1vJUOMOPY0Je!Y!X+AFAKBj}+-7950 zibV_Jc)f_c)h6U*T0{J*T8wr)+VLm?ErEcdJSnW9ay+8omTaPWl$RnuwmhkL>xr)U zAtvV%&pJA@E@j51NV1RCb3i#4Q*y}X?TQN~(a-m3$&XOep{t=Z^*-4*`nyezKqV$2 zerhaB_&Z6@0t9qp8>NQZ{MI#3w%-z7_8x(+Uz)kbss%=?thPj1O&O zyCYDWLgEm-kCFscTV*@iN)Y2oEf#V9-iGj+qUhzNT(W{om$mj}J^XrhAj2vO9wup1 zT=8i!DE$ZTqZ?R7LShniKoo(yA+Q;jaJ6G`{SE(~)tRo#-aSQ!Am>)q>tOZvFM9Mj zk0j&nx^=$$9seGVi(^vBQS{vHN9j(A07amw5J2RO#5E+MuT3bbeg)=1Sir4fHuM*o z`~l6P6U9Dz({6dnszUl}l9kl619`Xhl9hMufF9{^|1==TyZS(}vQ=Q%?k>KmZg=xE zW({H9fbQnFg#1i~8F$(wD|&<(hrC_~tG7RIQ)Y(6g#pyzVxYM&z@D^*dOd z%!IiCL2g8Li#3t&4pz^Bv{22hX@WnB&VVQa6oIBkpc0c+F!7lL&7-Co6Kza&kvKR- z4VUcNlVmH~Hz@mu{lA5CQaeBq zxGMtS3#~@Mgdjx*!bRV%MYHZLYxnYqu3iVLw|`~7cGk*YwCZPlySZeBh#cHL92;TN zKYFx<6ak6=i~vUk8Bk;BxEA7XgoGqCK)%zHA6De;dzanvtWR^%Xy?+RuZ)X6oI=U5Ynzjg(N6O=&ZnMRvfyEZdry!1<>}A z5Hc=F%E5pPYSEzqA3OT}z%j72!hcBg$ht_aAXOu6c=0WCUvQm#i(uZjhuoRtrr(yMmemM#PJK@@?zArKa< zMx-RrPhRa_aY*y_p3D39=B(Y@bwC9Re{LU&)bvG@l#F9tNqHlTrOaI|@aWyuFVmeA zfp$WmG6Oy?DVZ1~k?vKHLrxi?v68o_w`&LL9e+Lc5E&m_i-|Vl3^}VH=TLaKHQ{O} zkf|}e3j#s)Iz)e_>=&LCXYAslhnclWbN0b{9jV^_E5m&k&EnGV9?ZV~-Y2L8P23bd zNXba==Je@9M-gZ;1h|+RM`EuhfzAq4oGYq;r#iW<3gRAk=7R zQT8keqkj04yhx9+lI+l8oeEc0`Z z9Grv+vn=ISUUs2B+c~Oj+QBFS6oKYPU_!SR?1G>qf+3istpCV(&0<7V>2@7Wz2g^5 z(i&Ij${-MjB&E%uhI2rE%9h{u15^l@h9o7c^nwF?*NT!;n6oiy_qM0rvsU4vTU>H7 zS&MYut6p;IHYYntq@OwUGoi* z9}c1DgM>JWISfs=vSjHRP`f*zT2xEEZOF2_7avn+Sq4%I_&e*~Rj(t}+rKm{Puhfe zOHY=Sq(=Bj$1d_?6{_1>;L&UT(J5^qMWDe5KnntJ=w zCP~RB%UR6}E?&VUyW})y9LCjYx&}laF^WJ7Ag~T8V_0AX1-p3Bq0c~<$|HnW{F^>dlBzgi?qDDBOUt3I z^{~1UR+DKd$9CA@5gk20MSvo(4Fvp}O$-+&1~6z$*%eo8n#&GhZg|_F_<9a#*2Szi zWaLM~WTx}R%)=zCTjz4HDOqs~3{JMui|SkT%A}l2OAAXlkvOE{#|#*OfNzj|-;#S$ zvg9oHHhGd2L%XVEGvI7LKP}`0?}A_@h1Zi-C)KqnWi28kAW5Jdh9W=_ zXdVPGGK|UIi3!Me?eiwdm3^9|TT-;`SQ0|o*_AYFXFX!_Qwf>qzZQ6Si!PEeWCuL0wp6;Ic)TwkbJk#;Cs}F6 zE6Tf}5wA~K6$`_Ukf;t)BkSQV0yi{{POjyYN2o+^^H?6*5{dv22+1px(i^YyGY5D} zULArV38!e$tl92Nr{3{7JFmd@B)u~7lANRJ`p<&Zao7aPl+r#9NU|E@M5e&fMnb(C z5jY?z`QFeH+q*oh&boM6R+Mtc5)MV)qb#x8=HI}2WzMBdxFl(opSCk;s}{U)Ih%;Q z*o%ypjd(Y~5DN)5aphV_z&RuO)Kdf~0!@T~6arrBF-gYEq%7j>uzb$aebu>RR6L7r zW?@i~^z~ozF(inIkG339*I?*ot1y%(PTTo%=E!)n5gAhDsPiZ%U*%MUb6Aop`t6sDyubz~ELC!5mk}E|JGjIeQAv?>$rioJqGQ|1NcCnw850<~RC6dW zv>J$CSo3Q(pnn%pQ3up62>69J14>SSdlKRchVppmp~BYsk7pDuQ2*2CQwd5w;8L z^`3XSpCZsq2vh^Y^^okHKa{TQ@4qy#E6Zx~c1gl6sQ0{YcmI-2lk`dR-tI*Yk4#9o zP)tl&oj^36j>Osnfspk2qse${#bUk^UM;_#?DXy*<1S z`gugRML&!98%WnRtJ8|LLtW{8#_f(|wtM`%N3%J`zZJ(4r=0ugu=G{{;W)IRZIGu| zN)c!p1U3T#)MAi`5;c0rh9y%N3gU0+dR#|d66S}MS=&I;y_-vF zWRuN0C70deD=vl777 z1jz6taRZlthXtUxrp)#Ec0rzADMg@(5C9!$M2l1SkTZIRcpbOl|p{ zDJ55s&b?$Lie{)T9TaBlB2S z8a;aQ=0V_k7+DAU>XaA*kJX>@*N#ha=ANQ=$EY^yIiP}vS#%7pJ|li7zPA=tq5zxM$szn!<%vp)=uEwwiq#~~=HlPcCpKzeROA%;m1UUXrZtjDDXn9HomJ*Jk zD#52tEfjs7T%5$Pn7a_0ub* z2s9A_a6ll!;?`eel@M|O;E(V~YUW0EmE4-#peoC%F+C|bWN<(UcH4|7_3Qvfyh%5M z$leuJH}4cJIknfHMLh^z3vL%PSep{82jpZzw-M=FKc&cp2 zumIF>vx}EpOx~=| zdbCMbcfqc}le++Y$!$LG^^VUwG;{Vn5NcT()+bEDgiVNFAz_+^-7XG@gaxZn4GH#d z#=nyH$ny^VWw!|9oO&H*r}pC~=6y`Y+LdyMD>IK0fA2d`p^Bj#scn#_S4t6R9t1*M z791QzV#w%Dj4&j7L2t}}hlb3RByB@Hf-6+`fs6x%VW%CYc z(XL2%g;yQ@sD7n(pj{9^@_&fqTE|LI)~=uP?Y?Cmnq_w^##^uBEwJLENipx`UGeBh zNW6YlOJcgsfT&$yZyw7-TS5_-l5b3lkc`9?;KZf1Nf1-_-TIlJXy37!PCYx2bI3Tp zVuu2OKBzp*Tf3GXmy%;95F=OPJdPLv!N5u7MnGMgL6SD*h}1ehnfU7U>5< z5|E%e4Y+s5zhm@OF*blWz>8){P8FDQU4hw1_8CHv< zLY78I9yAA3o)(iy1Bpp4d3Gm!(q$XQA$yXZ9b>z#*HKeL(s?%@`Tr#+b75a6hBs?3 zD#$cV!+y{@7#&fx1_BX|^}2?{gK6Z#NwFe)^IM97cgJ*p>e&HM9CMksPDREchx8a? zacNdOXXzv%b!F0An}I>-LN3H+NL~#a2_(ZlbJt9Nv7rc*&q;|Nf(Vf8QA0I*(W=dQ zchA~)Oz)#!$Gc)TT=4Qzwk>fhvxdB`tpuQlNM}IQ0Z|0*2LhZDrL^ovBwSSu2yTWS zDGUoz?uJJ~l6Fzn#pzwb0pV3}bGl<7{8{^7;ClKuV!}!QvmR+V%v7cf+-!(Cpa%a0hgaHC*&ca&BSX-ha)~yZIdriR%gYKprf3>E%!a zS_1*7AxCAkfPN#$R1pb(-LPa$Ka%qHn|EtxTtLLVCO}<^s23|;FHcGH=sP zNy@?8o(FNUIGYS*L6_`X?j|a)1$#N6F>QpBQ+EJ-di*_S7n>wIYMIgu^!+&*BO=5i{(oLphsQrWlHh8e#V!KNw zbQ7}uBZe!ZRFIkx6u%1l!p-E`iRvZA0G;j@$Nx8z&gYiCRA0wq8ip;dQzGgG9n|o;AuD|S3UcXv`Y%Cg1k6{)Cdw+ZNA1Ma7I+H zvUSZM=ni7YA(2)CD)8Krn3_b?P7E_~`qx#%dBzExp&?rDLRxZtSr@dE;ytgEW*dxr3-G^g0p+su1%U$ z+27rbCZS<#ev7lO{hfD8|@JL7w)pZnhkqB7ew3qFVW^J0Q zzTT8ulyHHRNe0PX-2HkZlbzZRQAH?>p!6*1mZUx6EAHN`1=PEH&?GdBt2=`Mj{X% zDu=!TLhO`X{f4>whHEh6P^R6xcWS`7-SaH(Q!kjLSIp{v{My6ifS~5b3W8xZ$Zr8l zOI_sM5I~-PH7F$!F`3a;B6=?0>?P?NPx2s3iX{Am4Yao^hDWAar%4VqInZ&e}}4qgdOLc`EJG!jikgVAg>o_0Kn07am22-ME%HzT{rPx`Ly z6Q!*RJc=T#gB~t2@Zo(H91TyyPFQ6{ue9Va=B-SDRb@Pe z%t%+#DnpadFfT$-3R}+zV1LPFoVD^Gfww%Qe(Rw6W{5|EI+}*v8hz<*j;sTK%bMsSv4OR-)cjHeC<2W{V46?9uPF^P zS(6OBC|R2-1@Tk1=dKUwXRtGcXw0y(H;RG#@WChX;HWkW4$oDwEJAcB>Um7+h^n0@&UCAeV zdt~>Jp$B* zEL#-|PDQ~koU=lk8(Iw10X4D@G}LWP7;Dq~S_rcVDTxcxX2S)GgySM;veybLpL1wa zCc{SHAxH^&L-9!xrP z^`6s4?}spV+9pbK)q>ImQ+I*YBn~Ln{h;x0*(pGKx4eR)&YxfotJ;i9=G^K9w|U8` zm}U8m?nv7`|7Dx{9hYX-slVhzQ#ndf@~XV@I?ey5&mBdefe0*Fv~T$Y%hsNvg~{w= z@>W^K-Icn3S+Wa*%<`~m!J`3TSI))2EoRIE1kw2RHsdXP`619>GsuEli+1Onx~xM| za_G}e-gX^CqmNHG8SrB-TbaB^v_2&!0o6uSN#z(?xZ_ca(M$+b<2(`owJ#XvnKD$j zCVFngd1+6>nNPNBH_|p`l9i?r3AD?Xtm@PtFa6an@?AIA@)`Lilq*ry7~qq0>J5&y zm@*_ZaB#9C#%Fz8Na8)4(*iPXE;{8L-6*)%JWaO-RP<;r+QdbNr0ABBSNot-UyEw- zu zP`wUtzxFRVwU-^jf`=RV+&H7T5#3wygE*+!{rg=2r%wb$p!pEs2qA+?SnLW&QG#;J zCdgkpGoGfi0~w1r-iUV-P!Y!I2&dUQ z7u9CTWu>0SsRAnRjt9w}J*VXW}F@Vk#dGHjjWNP$?G9A=FR(PLqV+J`1bAOf;M_1{1KrK=WA zdQg{jf#^>H{e|szj7A^NbvzqZMNxgGxMI_nUJyZ+t`?#*AUXr02GZwvyyiN2byO&J%SK`pAL`kC>)g{%4 zsuG|B)Sc)X4Rv7?lJ%%~*3^x#ThXTm4^MGe1_ACyJCyC7KkrfJY@)ndo3;t_R`F%` zo(d>QA(PrraOlY?0&Rl8w0tYM6!Rd}YEXFNX=RQT%?>slC0EMDl!i4qmNQTw2uj!m zkj}(BXmPlY{FM%JEntZxQ(*O%RU-=OfLg#j1{JGu$#t7?)*(-Lc3*Y$ViHuaHk|`P zLQaW=Fsml-66Za_4 zy50aa=@wyLmM}43r2|DOsxzQdmUC)y=Dw@n+C^gg+LW3EHIPe&10pe6C)hMIAS{|p zDUlpP;tE8rY7WHV z%skte7A(?bhhhQi zEcfYo-|p`sL#gP|k#QrIemH{=!VE}5rMjEQ42H#+BcMGMP?w`dIHIovRpluad3j*o z&Cd_YvTorV%PhI{SO!WqU&l*(Wf_wQEDdw4tl*OthUD{}Zt{~}BwOOC;WFZa>MB

talSV=D#f3r~|6RWZ?KEGo6=)1xc@B#m*$yrmF+0>zG{f3@f{J zN`7OiiyMfBlq6={gvQw~3kdz<&LU6^W62)(1>vc!5kgeC9+1?c%4??;DOPdCp(}XB z^G;FGrOw+WNoUigVW(WOf`citx>=hv;}nC1Bjb^+{~3I!0vAG}aH(p7(p1d8G1rSy z^Ggw+2y6#|sB$9+G6XGowR6^`TN>#pS*2;VWkPV!XjouDj?G_-2{>)dDNrJ4*5lLx zZKn@3(pgtgG84oI2Vpk_iAu^5K@H0#QRPM7BcOmQA?v^;0Lc<~unR5>dzy~}$}Y>Z z47ypyt;w>IqFI@DY32_;LLv%WNHvCQ*(&A6QWpY@G1bnxZ+bS0z=MrIEw15m#{BXd zr}tiTGD}WF!Ya?ZnrC%a|GxXPiQ0l`L3ANWX;2M!g$-zxHEEH0u=enSnTm?-^M7M#k&nHHJ9@$U?kb6L425xu|Vb&siP*srefveB) z7F{w}^0b}dxXqCZXNTqvzhJ*_lDqXB90(B5um!6i<5cHdaF>!IYgly2Z~mE(_y;h* zTMhHL$QyTo8jjw9c07szMc@-7P!0*OE=+!;OS_cNqbzx)3n&I;TP6u1=T@LjFlm)R zERTfL8%VFhoGwIXK+O_@+wcp?w4v&k)nfA1sE|x)$q(&sA9x7-(zt8+VP%G8=1od; zKP(0ntW6h!gAOBv7_we@!iszeF=!GOO!7sC=He4yA}`u7+CjXx8kKF1OGpeIkB)qr zrQ^|&Kx-fn49G z%26twrm+J7W^?-LKgTfK95UK+~T+t^g*z~iH z?;!!|uTyXcVM}5Qsb8A2$^(LkUAn*+8NvwPRpdjBudH(fgMlR{w2OcR$JGlyI zt3P2H{2z*imYX4bQ`!i)}7|X$mv_k;Ztr8Z3o39?Q-T*b_k>-cw zX^(KxBEM{hte%XF>nbxe1oufhK%)&NM^6z}RiJx_su{nLjEgQiGzDAh6q?m>K(ki< z6}Pb#Lk_kP@<3})<2`R6uhJ~IX6bm1?%4GFJA%N~=vVSSUdpaax@0AXyu`{-YS&6k z2wu>n=u>uK$-)%ey_Nr6PR6C>pHfDYrm+J-eFeD(AypZa2$SmC|0tYyX&0?cm+e+> zgj09FNBwh)zWhT2NEFLa35jdhf?XK=?8s9|PeKuB7X)GmzJY>R1IkPu&|@C*;*^$LF1DPO94_B4?R*CS>HVH3TfUbmT)jJVjtT2xJcM{&A3Bu<#2W zS=y&7unH^#C2fLcd*17{C-2ZDZI5z(1RO?KrM>Elxh9^ z-c^)pp6$8pRb6%Lo^v*x?oYiAR&RgaF1_I8U9~Df@~|1~t48;bAQ(z{jYE>2nIiDu zA+Tss%^g%;VTCB?yy(WnN0Il)3y!8^#jj@v(pK$?b9Z7`JIe}7F8#c1cjEC~8`S$W z4+5wTo)(aR{#HbgV0p_{Lvn;!a5SCbVZ9DkZ~uZrlJH3vO+5*xXf4XX`>eG^az9)h-PdD#$+UW7f)=7SOUJt}y`BDO zT?7IQnK6)X|MgcHtO$cTz7qLL+S_06`D&H@8EY48S_bmmti0q@VM*w1i}3Pef=Yk^ z%Qw`HI4Wi=4Pyizg;Wq7pnm4|A+D=U$gfZDO?o?Vk1jd*`F-+|spZqKkt~V};e3!w zks0Z__0vvHZ9GaxIG=e3qeIG;Kp?0ohcyJx$TUJyT^rD*d|AEZY#GLbdJZvX=Yfwj z=~O}84E6O$qR7})vsR>CnaPZNJt!a{j(iLek`1WRMCjA;nIizH(1@WDmM_{A36pqh z0SHA~Ekia~uj8SVY2GeK42u#bAw+~p9LmC4D#crO0NfHrk~Xqo2ykOJrE_7|N}3_%y{@`OW%oY)+exrfz@?!L;mdr_ah85NLV51B+1 zPRiQ<70SkVAjJ8MEyeUG5Jp# z@&iS|B24e^-mbxKy5k*MC}|eloFq`rrAfMkIge=3r@LgAkO@`wr*O5ss1PhqGdBZr zGD+8nKXV5ZQbGx+Xcgz&vMj4k*%ixf?Sgwx({-e6&d5;yyyVhzB0;PgNtlavrWRFJ zCO>m{8x}M9>}?eN#RnJxWP+8$HZmdJJjcHgWOAO~;=tg-NXuuzfxbKI>|XK;z=4o= z^(9z2BJ*j7GH36HX!6Z)Cr5x8W;SQU*I^tud1z`P8iN3su2E_lh2oEROP3AlA5sEk zz!@d^fj+|`;HF4Up~!~JLynLftUDofB>?>eP9**E*M&K!W@%VH zXYb57v|W~Q=v(4p|0Nok@+or;6^ZwjG5rBm zS4>@=RB$6w+7lXt0Qwb@3}I=53V5GtKv@l`AjS>R>c6uHicWdK)173cc~+aX_GH|= zU*euN)mPFi9~V+^Ya!s6_wYas_jfiSiR&QDz3G=%11h{w>_DPwE;k!x(G7x~o|Yoe z5(q>E93TF;0o?e1=iwDy%9Z`9l(l6z-?nRf=50)Jh(}%=z8UL8?q7LILHznkjAp?# zY6i54;mtHEf7Kiv4L9JIR->{qT+;uk%OB7z+GGjKUhtL|occw_0EE=HdqbP;_@rG@ zwDlF7+WfG3!O~T@9&nc}hi) zhaA+Eqg{nz!-7?^U=}aCAJ`cX5)z6I(Pi(R)tRmv{yhXKaN{~om$M~C3oY2la!`oK z8zw$n*>6-zVnPxX-J0wM(_m>>ylCl7Su`oPC~XrKoV=X3^+!G)ev##8?BcXXoHVOT zWaB8$%sTe1a`LPx)p4ZZeGk zl<|U9owR;&#erzm;GDf1iicTSH!{cS-ME(7?~>=N-5}qXwet(^{zZp&!S=Hel$SBCe%A{VYis7 z5>%G`aLsh_kv@9ujX>OpwfK!mCgtlYxdd5OQnK|dxLTeOrJfyI9?`vJmPiX{IH+IdjJBU;1(b8!t!ey zkACU3Qv^t8FY=Mfq5fs36e**57e6x~S{RnL%JaV6c4C?PqFc7&fW#hW6-iLC8WoZd z6{>60Fl_z2l$@22$v$$9w=scWulAjDUCY*%S3cct$3sx=YJ3lwfba(b4vGpQz-JAd zA`*2#6oGa|V50w4yenZJykgV7G5l!3D_n9gIRr+w8QN-<<4ca-gpXge@$wE$WkN;# zD3H{Fm6Y0n1|e`0OCHf)xcK$SM@h^GB0e%X0D+8F=`cIiPCG~!^#m#CQRS+i2NqVS zpKKri-pJ)#scK>;N@`3?-+!=wvcZ?HgYcAPs3t zgO6sxHEIS#;_AwThKn_wQ($9tYS%v={K~SY)UV8YT0h--n-56JDOw%?>C+&xuh&C- z5|^*xZ-`RSjz?5J*fM0F6oNJPY3Zv^~(d8_Q|K1tf6DA-j6mo8&frW_CE^asWbY-2fy&e)Yp zHUp#?Q2$6?=Rv2NI-o`&5LQADwBqMiCt++Ab1p%_ElJxS+!$}2nGv$!FtmGveTYnH z2{I5uD36kGxo~YhKB1T2-UwVdA;=E#)6TsqvohzDTy`ly2bXs|xJd|JQOd?!VFx(+ z;p=l7BgH^K~l6&=Bv#Jz0Uy+H^nCu-}O&%Ex#s)}e&2JMC(_5FDPV%Lkb2Lw$>X zh~iU8Iix26aFdGK+4#_FZyyB8sI~MnYv-gJpdK9u6}*zuXPNA;J7B95Noe)s7g#~T zE?#tSQfNhwuxQi1>DvRYnA#N9$NNwgR1S5mht-v^noLV6L&6R`AVJAySaAciGjU_m z^Kj0rNRP;q)|O{H*zSXnw~7}$%7lr@9fULzQwBRLs9CqTICcPJI)A4KG&cfUiC*Gr zNU;%yrG-YAY%{XEaJucXVWG8G1m}ZQId2!{SROo4;vhp_(p3Qq2BipzM8##u)^G)b z;#!DCNIw0{NDCI|>yQL}Z2(;BdAFo6(v!2ayyWh79Z=3H%sY)JwOg|2$*W4_1eRxn zH2Z}*-*!PDpej#`$)u_rL1lUmXIjtgNes809e`A2-YHLks*4rpT;h_=kaEj^ep(14 zSq?HJ3gR*;mdinvUyBGym^z?O>ws#0WEhIC|FvNAX;I$UpYrmPPF2a$b~B)&Ra9~q zXAer2`i&cZA}gQk+K6;>y70|CaHY+o27=DCAbsz>`4|fr`p>Y+7X*r&7&~{P#@F@`p8W8L) zpBH4TVCK}$xkL$@_zL^Lvfb9}cuTAjsTcEZMP^8m_XsNIJE6)=0M4g`mwufh&13|r$*L{6^f{Y|yx2=(%tpMM zW9u4MLM(MHB;cG;E8N`XZlsn#3G`+4lG6b1pY_UftZ2#Ab|asnOPh3bXRPXiPo76b zDnbxZRm~4M$WJ@Rq-UTAG(Q4c%BOP3o)Z5cIVUC|!QzNEVdd8wusx{zOAdL8RfBgZ zVMk=frxwqydMG8jp*KYpg{et9%Lh58Wz-hULMr_C006XmE}CrqJ_U`H_m&Q1#joF zol_wvfx)#H!fplwxOa9O)FHzHdZGR&L1$&7(2qSEK9T@VPWZ%u)HSBuQg+Kgn$$0UB!xD_>!077tk$t(T0rm0-Zr=9^p{^s9GaxP}sZAiE<6=JX)pLlS& zp6Wd~1-B9+uy8;K|7K0fl21YY$^cI6cCkMV8{tp@TLXcJmLnyOYPe)$e{b5-jfCW! zOH=Q8X}A3;50iV0Ma{3MLip4U$S=Qm;1R6;q@BM&pBiTR&~L#H|4-gP)%a}tucIU1rtY+Y-R*Df(imLtbhpfpwtLI z?UsX$v*?u9Gsx|>KW`W3?E1}rj}WDL_4O{~ztzU!jF1TTsV#7OpP~A1RZI3kWV|eR zK!T*W?SRrwUb}TLB>Y^l8*(-#VG^beh%>BWWvGYzXoz+&ia=W+5YvDapZJ9&21Pb0 z%KsAdlOf z{KuhXmnP$pL4GdfXgfxfdiD+J*$GyjF=@$+ii9*b!Ph!1qFivF{@H=wDS4&PzsS3_ zm;@o}yJVLyU?INEvfz?VIfU;yPHg*bEQGB%3<<9|<&u1Qgy|V50?m&AH~k5N2u__o z$eTCqP1rde&UqJI1G=*s4pWd~6<66F@*N{mH4uM8t{@40+VOw$cZ^22u;A1uoDUbR z#w-3d?va1gHth?=EzgP$Z0XrN}X1}0lQ7l^xZ;d>{5tGu{0Y#u45D19CZ?+mz zW=xW$$C@}#O7r|Fk;?Dt?H06icS z9lR(hc{+=%@PbWx%_U0FH0*Z+K}iSynnRD3;=B`LNs=|chDSC~3L|^sWQSI3*=kw&0efK}`CJc@sm>Xzz_zJMZsZ zYoTAShD69qu991G!6Libe#*%8>_f&ZOOHsBPG!o(oByidX7FJ$X&~p7 zE#w03b5p~z>MH^=Gk6md?MVUjZr)}eEsp5x0Z#YdMxeM~@h1ByCr&rP+=_|GIZgG| zE-0Aa=eyYss}l4YKSKnnF%0bW35%#?e`MvLXu+mha1J0JiQ0kN2wY)x|IN9(G^|UT zWCbU}m6BQj*$6Ze@`;CGAa)Kb%6{!?3}2CA8EAe`oN7PHo$WqQDJO4!KtkfZ@HngS zEmg#b48>^F0Z{}VC_#d?|t%J_VSBW;RXvm(Gtn){KJRJ8Y$tkTO)0c!t?!_+?9L7-@t&3Pae zAW01ASIo+{AOCIgI*b5i!~UcWs2q@y8950d1x|PURq^bBJz0kYyl2$Wd^`eJbIjY6 zv-`W>Im<)*4P3z_uCD|sN8Bgvc+F~WY5PBnz)OmZMVNC76J7>P2-k*{AOlH&AO77{ z_%`3j+a)ERECHnkw`$R;NZ7kbR7$8|2O-mNR60{T@x3H4Uu##)%>|9{wged2yd{ZVrw@U~Z#XSHDecynY|$<@2u zBcEsc(jLl$aK}RCS*B#~PTG4CuDu8xt=N=YE-_sT{=^UdjTw$WkKvejc zAZwxy=pG29tisejY1VH<1h(Z_ey#PBTJVMG?3M0zu|F7BQy;kd}TY*hKU0Lrl_X1T%KYB7V~;t%d=knuG>OkSPcEkm-SqfR-EN2c`G8 z3!m6-KQQN6hkoCrygI3dp2fw-)eD2Vyh~N^v>oNnJ*PY$IRMmfIk#-Vth@ABZ#As1 z`WZ4QTA!i}33LY3nh1mkS0Skulx@5su3=3x(pw4dB`>Kz((UQnk03DblB_rsa6l=q zA?@uhS(xOop2Yh%{rsw5hqSIrkVm3D$V@=ZAe0&&7{{?=7ZU9$PiV;Wo{bO^EM*zH z=BisUXTOKv|Hxfv!?&01@)fT*>rl@-bsH!|J^xU}k3uTbj@_5`8w*kB?kfV!^}t>- zEhBLi<~|z}+RcFE;$t-1?H-me$#Nu_pz2C`RSWE%qD7W=8_Bng_5|2&eAFNM?2VkHLA2RpBRC&VDr%43@Jc=O@hh|5OYl{Q&t*+yN3fx+Z8J; zCy<1x(42GcGOJHnbg6IbUJrGy`gsKLC5%p|K$9Y>1_Wh4bwIz+Aw!BvKny~jw?>9C zBkIL|DZos*>D2ok9S>5xMTcgwSCiSNczb^jh>XhI{F*8u{z3<%Q@NHvAk;%b%sa>* zp3#R2w8`Hv39q}=8JjNc>Tbinw5>}9F(gem zl$dUBhJTBM?H`4=C5#VkWZNTvH473KtjDBSHzyH&Ew1`6BVW2YWZl+7(S`@-T-vNd zjCoMjEzY`Y zTo2D$c?Gwqz(Rfd9#eoeKLE5F1rKk|-kosmxjL*PFB>J+wiyD)yXY-z7q`ku?ZC$(ka24>E)nKIIj4l12U$@k)xF4S-~1f`d5Nh^b)!0i zBgc+l0Z6d{qHOAbK7v4`do!kZ+oj5ybtS9m!hYc*D@mLBX~(+<0%qM3tGqBGU$hP6 ztcthX+6~YkL@5hyOPXJ57B-?v5)zPLH>YS55?7~~MVC7X5yp=-zx302=!JQ?iBG{M zS!C52mpXpKDHec0lTr)QHR6xj2QGK(yf$GKEDsH(_wh4M z@q$B=V`-)HJtlxT2ot+`Ns}SHPlV+E1zRVHfsm(%nlg$&OCm7NfLRx1=_E3+5tT2p z(kv@UIOz=N9(JIf3%=set)JDCsA3Jt*dQy0=s-XZUh$Uf8y}go?Cjgu#pK6^#r;fX zNQ#s~by$59+skQdd}2<3qK=m>{Cajk(saG)BO zZcKt#N>V#3&tpm5CM~*p>GS@}A&_(IdGq&WYnW6{A_IY63+PFtr!vKFjn1&MF6Lv; zc5_mE`2dsisj@yXm(k%yd5hqZg-*TiG4h#rNETi49IH&T;*^WYdeo~Y6zgFuHBt*q z5okdKf_>{?GMtu{f7(gD>p-v0yEGXq&4#^)9jND?a-Oa?dX$ydL62{Q-`Skhkg%47 zTCig@+Mva>C8uV=A-v!M*OQS;Kj>!?9;)|okB&F%6csHBFhS*=@;NUvZ<8;1BqTAc%>}XS>&1 zhTvM#{L*=AB_idDsbjL*xGHH<%sS*t!`hs^tDb?S`#&Cm+<>OEzk7L1x)u>}xrK4* z8l?TGUf3@NEiIT-3D2V+4=?>R;T4x`hLTH?v`Z48{q;ZPKq#MF>i;rouHci?|BO&(~h}N@&1q(mvlOl#m&g~*0 zRW+a?=a8gC)387KbR?a75}w^FsA^#q3(n5GMOk9|lU7;>bdQdgUvkp z?>&R#%FZmo-@CEV(Ne35BwX6}GGF?Hp$Cv209jS)8BNd5Zp3bk)G87t6A438u1jjQ zr0!O$qt(-DO%;m<-W!rtYVB<7{+@`P*q!NVsZ=!Zo@CL$q|f~J+)NO~A_)+MO2TB` zh!>2B57mz-j%sEBBT?AN#9u zk6}Fr%U|Ev0y7nAusTmW4$)-+>_(AJ6KKYx!0#E1%m6Kdn^WEiIh4iIcBE zb4r|Y7eE1IWApN#f-oE~J!{jBpU}*fYUj#iH{MX)D?60s%ZcCqUbR5KoUR!HgF478 zPMs7dovOPI^Q{Wbi1LDs=z5-T#BG`{%fIQ85)BrXd_#2ER=PBty*1+45J(}6)R#xY znASJNdd=})8$;E6hqJ{6w%)=E)o7ObbYQ_nE}cNA)qOC~|4oqF?^VCVH*8sAfqq@E ztB9^^#>-1)9kQuP!{^5i-SY4`pe_0bOjC|knD3N{2!$B4YmXrame*{S>W13XAgEb& z(E%ye&A=$$qaQiRYdu?BVCwI)?>Qi0AI0)Mpqt2T$CfMrO(p73M|uy^RW+i{XupYi4#oREx^hAaH|I zry(>{lDMW~0^HXWOZED3_ZH2|VQW1LfSfS)4x||*8dfHT4J#P0=srdR*_->#-Y4#5 z?kCf3)ff^)-O}yjmirY*yP^F+dAm|RUB(Adx9A~fkLjjPXeX;Q-Z?D(VJj zK5`?wdmr-hE^inXI2arsbJb z3=7+6Ru}d+%u>biS>B(B1aj_3J=3NDwIR)5eE2OMdfYnSde6^$f^g-=yD9_Z52Xqlkm-j;~HCsb(e&c(>0+)*>92i{@Mm;95OU*b9OkRx-qHd`W z4A(L3F#^G7JeILC1(X_YRpx_@2ctmQ>j#EPmae}_9R?aULMG|=PGQC&o2}$U#xzGj z$ZF1dls78mC;%beq;BESpqhrVd-Jm=JaBejWblXLghw-1rn&KkFjA)d{FoVo{A?<4 zs~$MZfAOYGJ@3*^*i4YNnX6LHgQx2{)Mm3-5p_^pK^6|$e3y>UC&I&Hx^brxTGCm* zPSSq+6HrKWDegH9iR%jLID&XHd{v}=DSLN5+3nbO-QT_6f&qc(Z~ zb&~eSc2J6ZtfIk^M33>_kMi!IN8N3haB~1ka|8sFPCB&H<%+~5$Weh@3ymKNLf1#y z|DgN>xdpaj0Sk0F<5wa2BgOl~2&gilnAXoTA!+sl<0qu)W9oUkb*xgFbSr0$YRA4K zkM z-#+H}?wvdYCX@ei;t%5pg1U>)_fD7w%Jc=sZ*Xr|phwR@=b9zai(XAsDm5S|i~O`G z?GHkhf8b=5gaqbHxp~~9oAHPX#|@vk@~HC|U9+M$iILJ^@TwQoG!hNzvSB_5Ey3tL zpe}1pg90>3+x69^clj} z)$zeXroP>SO}Oeof6ncbobxTs5fIeO7u?dk({kIU0T}`mx~D27`e_N~t>Qyyk<}%D zL6{60z#hO7%z{DnC~y{-JD`8?SE>b{E z#ZWmn-umNxp)MH>L%C9*VLkPMCdG(EeP|%_=Yt{xAjGrc-&^0=H))e*N>MA9#_e2q zF3k&X)UN!z%5wX->7L#ApHKXcbRExlNu-Zc@nm?4dsl$VCL*jvw}^3!IOYOSphWq5 z$V?v|x#up)@_pk=xP9ZaM}?1_bQosc+KJ=hd_~cxrQf0r4=P(+vEQta0h*L3T*CP3bQ7H`Sz68ss*`@ETD;%#7z+*pNCM-COAmWJh z=;J*SUCUw)s7-jqt*>hS;a|}L5dFa*1`VScZU_x1Lv7O3zf;^k%B8o{?6r_(LO1NF z4H#scb_-K3%|hitc-`19(TRO5(xV9WLI1+U5^-!?JsbRkHr%6%bsU^=>+jeN;}!Yy zN6n0IgQwuqYJrg|)!Z@jyhn~H^1C(zqqx6{PRj!BW4Q%(g9Q@97W8B$h7^fTA^x9q zG% zWtQ0rDb)8Z>O1ms|F~aq8_X{zdo6&?_I1qu^1pBxn<_0dD_NnKv2xa?`}DYa_BGw~F>%ak!2UeF z=H;I@SE(C!8K;j3^KTeFJ*tAi>4InFW9)f&6`osQH(1~p4GIq-z|}+HrQdJtC>&LwRAn_vlDrDZ06~2TSv>((2AX{ zD7;a|cRp!`;9E8&412FkoG2GzYBXd2uHwM*$GIGUxCM5F1^SBu-D2$jR#I01T`!n7T3_fB>>Lj;ilqFsed>w*Svv zn(cE9`@vfcvyn($yzXb>~_ z#_^N-xeDv;Bl|J7mU&O&?!2S<6V|)sMf58S0-MnM7XH|ZmTc-R-W8jZmzt&duyo#0 zJnu11xP;pf>9eU8s}7F1pnk|PD4iC74)6VnVldm^I?CvUXI=U^R|#Dx%lrlQQdckk z@N`*V*u2yWdUklcg4uGzNZGOZDkY|;xgXdb3yhUZ7}NOlPyUE{Ep$x^4wz}Efci6^ zCHvOv`7=(_ZHIi~xctr=hi0KwWpzDNdeH-Lq@PD$M`YpC;J>?d_m36tMQ6Szuh}8q z@CbK3TDoXi#6)n99NY*|2<4cNtcm|x74P3iy~i?V;qCa!=NGUE3ov!~!Q(9dc3e62+MzMG#HQ7p zycubm{KKeCfYRUHvP0ue^~#_I)t^v?vE}zGpUjr`9L`@6K8P z-M{~bd8E{Q!>(H>)!eBvj=98fJE!8=CjWqh=iD0xv?_sO&<7e|VjFp-e$_~W_4urw`bhRut zP(&R<5VVlHz$x)-$RZ028~?w5^^J+6+6hnLUAyIOmGXB-A)Utk!!|`gAjH0PO!1jR zapy$wBTq41EG2OAfEq4y{D3(z03~RBv`0<kpiBswd0k=)s<{S!XJ9(Ui44 zPXYgy5vS~~t9Z<&pLUw3E3`A^LL5w_D9mMyAL!CXKUScxFWL&mZ~Z-&2DC8aeBgAa z8HdK*)(MBO;8F($mO^n&@0%P?*er`$Zm-rx$N|FH))e*J&X-$=`DS5NJ0I&F!T@y zc^fuQ+`SwN^b|&ibD3M~KM3-FXmE$1g?hPU2YoO9YGwhCW*YjlHshqzGUa}Cs$BeU zPV7P<$*m>q76!DjUd#mH9C4721wnf)9uK3wfUa^}`E}iAr3I7j!Wp+2teE_-zq1yY zu|xe_KkAUiD-~f#z_a*TiuAu6=d;%q?VfwecK-z@daQI6QI9T)S&UwYFQ@|7WsjQp zyw45?fK08@r35+TguQ5{BImB#e9L)|+7B_@8AjkEv6gH`kdjQnv2@%Xa}m)Y1M7l= z*lV}tq36(~$2@M+&bU=O>wfvS&%3k}<+?GaZr+YDVFW(OHHMz~y|%#k1@8?D^kLQv zzDtT+106~sq21*Zar8CbjI_f5H0FQ=?SVOm2@w!l5YZ4a;Zi;FVTT|g-ih`Jad_`x z#6BVme}?y7h9q%S2LOuoDDO7sFO(Ta93r~@W>2U&1njH@&vF**?@Vy+QSJ}6K0S!mEqE!Hs`uLbWg0F65i0)Q6W2JA&Aou=92 z#<{Azn-yYGp~(X3&RD;gbPHP4gOUvid(1_!P!7ecVbjzbsu??CAN@Ud$!DC3XQyjG z7{0jgDw=c(lVz%r%7O?ssK~$dtGP?(7I-NZ7&3PPW$53VtO&AZoaI9_U) zsxnWx4ddmiDVNBP9kc)j&}KZ^*>dA;w+L~JjM>&i!sy2&HTdAn%`9|8W=8(F|hpVMl<@%^vU6H zk0N#rp4`0W04V%xCACzHye6MLX&x`tjoWmfx}COLrd%3+?4Sh@hfaI+vvx3XDehL5 z+^Rq)c3G@LMj(ajN3}6|AR2;V@_?A=Q-iLDAKU_4wm|GUMo^`22Q(11v0)V?=jKag z(`ZKGeqdKxVA3VsuMz2*nek)yTB1X0Vkdhq1s54oKRRWGz{l^(3m`ak&tpKQk+ESr zO#IkE3(QsO$1n=y(#%zfljVjRcInakdiogQkAW3~295E4Jq{KYfhS?h`(FNw+yY4p zL_WsGMi=@`lIXIhaJJkG1+-5+svUd;_*ZXWfw|YEaYsHr5c>Guc3_rL9zJ>*;9g~3O=qEY!k@?YC{Zy$i;VPPNS$FUe;9tFg z1#UXOHGe_~wrZC#KK$|FC^D!67AD@b``cZf8V55?iX)g^wDpBPfnFl5sux(14DAQ7@~ z*tKH&iarE>a0_hJ0$qow?@;LDee@eK^w;wE-yBH%+(18Y=g^zluwT7&RuMU^CZ8_mllZZN79g)7hLuMQgGC1qN{4;;g^O$DX^P`>hz59pkIphYnh@eSjCe6jkb!xJ~WVP zADzvQ)#<`sb;vKH26fCU#_P3+iK6vl)F;G!KqWQRsbcjAj`*=-76`W~mfXij+y#?I z)Ke8q7i{)~0&MMkWRF|m>sVmKEuVJj9(fgynl*URKX1;bYHOsCKkqyCq^I0$v`I~; zRf&3SxL%6asspvMz*#jSBkGo79U@aP=+?3Uz%Lh8cIAH=;^4x7J_!(RB+o$~6zTx_ zXu_A2)O-9|d;RQ+UjE!*GDPksi{pmB#+JKyV4t!}AKM$IDC3GsRZ zHJKJ`_R~it03e{x(*Tt8>bnwslJn6?l>7pKK>gG$20II=MMv%WNSBhXm_l_b@>&uN z41MB07W+gV0}wDM#sO%jqrav13ufO`+$lFsy4B<8l(TE*T@p^X7v&cCIu@8H7cuw@ z672As64mRl{|q(CVm>{GfSt7foiawxNr8r3@~PrA`nXpLy$b>aOQMsBxJBC3@lFkx zu^H$9eReYdr7m(n$HJfF)gt_fb*gbAp^FLxK`T9ZtQGUex=5Ws^~eJwCg#^X z@@fKaspzzB`&T&s#wRTht(V9v(plYuH*=7iT58OtPHUheKi(n6k^qE69OKDH7H*FK z&}x8&3+~ZGJ5;d`(9>&J>^u-?g9OoH$ho5i1 z1;}rp)}pa;+09DXToofLo-WmM0OAPpH7#(*el*f8ME`w0HA>+|&7(SX^eru&<{Qo( z_IOK8GOE=i5SBLU7aL!puA*S4fWQIhgCp9ePG;f6WDvBgBOo@w_++7~PfB!)(KaQu zSytNfLOn8S*WzF>)KM5ZD+GN?R{g0LQ$f&bBCei+5kGd&0_2tMocqSzKh=EZksfArd7FS;DAgWGG|S_)ns|*O(j@W?=MFyUsjm(-<%j(mI)zXa zzSJi0F`yI|@smz|H=Tb8fN-e*piUvus)%>6EL`}aD&C?A zwyA>XNdO_?1%2eKHq@X_bs(@@oKHkrIOh9OMsCOdI$3xD)R0UFe`FgwAx)P-K0`NM zX`Qrlfz3IK|=D3*J35*M^| z~jOK3}A7__5*4*u=oItBg~iFWH~g?7Ov zK{9N#!Z20NYd~Mi{bqUigWIPrJ$>)sl3yLKms8!5c$4hmnH)ML@h5I)EkLzWyhaxI za|N}UsZEELgJ746+LZvHR2hh6;W|{Pr|fb70w%7G{|xCtAQtIF{!P6GqiX@(+6mb0 z!ajMp-bnSVCjm#)r{E#^&aOs$d$dkT=MUene`WH2HjUaX)0O+D?8VS);4YL~U{e+V z$*@~FU8Nf>D}?;<+{r(j^}IUjD4|~z)1PSq{sNSGG5v>J2X>xu-iEzh`|TBcD8$Dx*)X4(1s7~r*4T>H2z*&9)%eBgQtq^RGQJZGoBO56d zW-3h6F0Nq9BcM%LV9ceRDVJs{1x)>nRUEl-Tv|L*{QsUX#NJV_G!`t^-INObALJwl{iPOSp9CFf6*`8UK1 zt8oxcdO$B=+J(ut)Fq|RC)I#B)Hd1|vdUdytD`#xSXHQtiZ1PR*e!0SO)>~l2ZNU)Pl)GTQO!$3;@}|>7E+<{G zBK8T^%Yi-^y2pVC2%%7=8mC|x$kI}D*-ZJ=9> zwP~nD0}P6_tG-B8CHt{iD*^xryl}gt;`8iftcE|B0|FaQx0W^UZFnrVDyTzozn z1^{^qZoBXoAy3372E1zQ0nqdntj<|{yMQhorY`gt$f9j>;7+1d7jKc!_6F9Pl;6gS z03ZfQh=4$e(6f6<;aCR(MrD)pr>V5zdeD=4Jr*gF7AV}0dvnwAQE1UEbgjx@g z53JW3)_C9*ao|w`0O3GJE=wM(oxe>lBRyl}&pu(X=0Nm)C0(#kyE)M+$3e(PwTXy; zVr|LfRi_dmPpXFU1psx3EC|}IDY!KN!u;vR(3AQpwP=Hv^Qc45G$vZ}slOQAfGg*D zPI!ki5-Z=6#hUfxH%97;?w^z0c)fV8)G$#g+l=$!@8K4hKCXcD&um5E*vb4mHtVQo zA9bpb*+9I*M$VIg4~u>3MfgJ;JMWpdD+bxwI}O&!G2(|tFPuC)lSdcKG*}#JEr_>@ ztn-caU8|z)nplT~@By!+04Uz71_0r}3H&xDI`;qoVf+V|`go3MJuqVJ7VTQ}T?E@@ zNIz1y41$}9TFwo%!vKT`eWk%jr~ijX=M4nP;)~V^n`+i^kh@lHfz4Q8-f5Yt%p0|p zjJTAe4r$VJB;2S9`w9_LhkZ)cb)UKh+s}ays0K~9q*G547s86wyR;vFE;oEx9lX`tE zO_zEnyEVjj-4dOWh0Yq6Yf&Zx7^x%8%22h8nhe>qRCe}G>6Br)Ss82+==;`0qk?)h z506-Hz0M;b-h;6z3rtqz-YF{{cL+Bf`lYHuYCra{;T7_8*6VHBST6Ym)?y89H8dOe zSkD_|ZpbI6S}|NFA^#aXpGUo>aE~J1s*JWu8+++zf69WOUXa4Ee(Y80H$c)ZV98DZ zeFh9@)l0>0xN=|$&Y!)7)GN;d5WBT5ZR95?kmWJSROp5@8-jHO(PmBT`+PoVn-(zn z)zNdg(fR_amqOLb#dl@1eJkD; z)FV!*;%E5|YMTHkR#(Wz1bpfhzn0PD)@Z3qG3DeD5Dx%1Wr2CSdCaE2bt3;B=yxt0 z2{!65caLmF_CUbS-YI!?41mzc+NeOwN6ZJ(2|etO!3w%y1y}@I_k;8R4R3Tw0PWke zPWXkduwJ-+1JZ7*JZa(||q5C<9dsjBf|w4+!6SOTyjg_&V^YC71fFi3>_-6TA>^ zo_zz-T!=MT-DfC?LAwNidROyrsm2LJK)CX)L_h$b9x*atiu|nz&URQYeBKbLR7L^*p*MnO0}p!E*iVM6#zxAS97nm{8M61K_xX3;`j z&!ml}NUbqiXA0C{4XdJ!``JY5C1VgYpV_-!TCD{w)bW=tGdOdyo2+ksqmIztW;ulejEElnuP281upWOQ>5-S6)n6^K1mfyn1(X zB6SUbc0m^$8rX2DYklKi6@XGTBm4^{@NgTbnB~-Ipw6RgH1&IV=wRp2uss%7u78Ej zpa;J2e)Fr;V2Juu@zaLozf@+j&*Tk$>9fGJTQlX>&DfOGQMyu}PhRti|5fx~ZO`iE z--7Bb10Xi%tBZQIk@G_Im-@tz^h82ff!m93V-2cZ}JV)B}Ol)s8zyXRJ0e%SQq_)5PegOL%qVUW$8^2 zN;FESuQ6tchHctc@P)nfw*_*U>Wyf*YD3*0Yz<)2R& zZ=5WmcZ5V;ZsI*Hohl0Yc?x}-JQX!+0$v5`=5e1o)F?~*ND0P+mDb!%y5ASR4UKcD z)E1KmN=882-39j)042c)VtFsT@=d-WjP7(6Bub$cC19GmB>H<3!>;7JSI@ffF_*5FSJ)F{v? z<0G#uQO9Q}w&@{-V_fv-qZ50j7W;GM@_V^7SQ!4td`zBh(*3^hZEFA&>tzktYaG3z4wC|gpxg~M zU6`7Y8FD)J^-4MEem(wE<*kzkZk4L%D=kwt<84>|lC$`xlS_4fY5)JEE6&dI+b+Z1 zBSvadGU6BCG3>@8O?l)u^BltVSRmw=vGF~h`L6!}2sRfxb6KsY#j;8F`@*+<0YKea zDDP|^?yPlpKLJ4O+W|m*(k2N=UwC(TL%36s03qIGaAoVz*A2oVj7?FCj^0+UcypmA z3vvly5Tlqtagz&Lr5kA0drZPj^1u(Zb2iIlrD3kZI_6g0E4SYEsIt?|^1EKo0-rf# z3n#V9e~}yY%E>2T8fC?sM|Gz4))jv}y%r#^CVEaE@S)Z1Xs}a=bjg;wlu+E>jPKpd zd)7!klg-#WL5>XoN`lcU{NcX{e>%U~!085eil`^tf~G+ofh7-(+@0!Rn^ zaLau=l!!|zpE4u@0QI1kZz~hE&%Na^n84fA)MtoZQARE+K>Gjy3Uz`NvzY!t6MRpG z87r28OR9?S2x!|Lw|KP}_*w2$h3s~vdd#MrD>aRt5N91696T83(>&^&Z&WB} zZI%UxWyGnNIboVPeuzFi6nW zFRJL`!RR}z0|BF{5Uqo1LrV4n5*YD%CFC1|Tx&kv5FGS@6b=Fn+DAXu+$}G{OwgR$ zFkYd_0AI>)VG9D2;&KtK`jC0i64 zwLve>Ij8xN4>#shoi$Qzpnl8j5$%{;nsF6QI5Z*UiOWp6JJ_C2ea7fd z#pPN>qE1V7dM3lOr!;lE`D6O=3hhl70LX}eN00|%TaLCjq{IP0&_QD>hXYXBGZOw>2%QH{qZDph zY}yxV*R$rd_H@>Ip6kZfTs`}`B;E9?JkT}*5F0*C&Yz+UFLjY?SM}U$PRony$7Ti?{k~L~b%>$AQzq&}5Rsul2xVDDiP^va zC|<{#h0^>yu0Y=OO(iv1nP$qB!eEDzy2X|Bjl-0#K5H zhoR4a9`mQ@f>`f5)BZYc94*+hcf^IMWE%ZpZ3RAxnnK8!b*15la)C;+{=W^Le4UqL~f`pwj-0f||(>!n9PDTN)N z4>);JK@juI-P^~>^9BD~HOmn)z=0+X9XRRsz*+u*i3W9|-W*`LeJy<`&YjTDJBn|)4s5}9@n6XV z3pm8d3Isvs-+2mV?WTLL8Bmsm^mCFTm<>uWvU=nqz+hi5hW-3`Ot%H0P2%c1t7#1YCx|+!=g^}wIl($Pc@3yjAmqnWkaiE8Y(C08R9leck4f5Z zKT)fWpE0bUi^B^E0Od-PGFYpmTIueO_R$4B$`IIxL&9d&8@IA>U`Gx%4K!d#46rFt z7NiUr*a4oLbORIna1g;gCLrB$0HO}V;)MdbdXUcLhw4;RXLtzm!v>ynPBR2!0tghl zu^M&kl!o5Z(M99vYX|0SMcL_o`CVfKY`)A0_3deogrP8Mv9W46m;Ooj))&tml9@ z06$KejNsbA(j4mH};5$HmW0pTAX}|py zu)8!FVzsiMPfh1aBL7|SZXB7YL@(5Nj9-#T zeHj2WsAu!1tO1+RR;MuND_v@O-@MGIv!%t0uPk>9)NwRXE2kPwxRK|a(;NW>d=mNO z#N;pvANf_$(+cW5H0!ivr~Bo1J?W6od#o5ooha8mY7&;u=PcIcpa`3G51jQMXdu7H z_I?;|d=vfc#(T}LqVxl}30{^X`4;OInO;DvoOJ?VRDXw3a9>QM4jEVww5nCdqLp+X zdNzOBiCzdLdLeM^)GepJcd1WKAIRv66z(+z`b~)+6~s{ts^jE`X$GK>U!qz?%%2}? zw1m&<35mF_qJJsh$6axDT42G>y5L5f(%qxQpl6KMV`m};k}6$U4;krv^nf@^b&7DK z3d6j}a6SMbN%v8(Vq!2K=mRBC#!l9zfL;IqD7tesAjVYFrKSF4=?6hdN-hCi%4r86 z2yl0!>p;0n04UOtAL)?jf-%woAz*d9-}vave$>kOQ;=p0G(qPVv?{`*YGoAXr^MyA zb4R|*0VqqE5au1aQMYQ;sabIAqL&n)B0-%Z?B|(>bfOO)Va(S9fFey=@+m`TduuzG z=rM+_$XE^vGN7GmhD5C(rWOG}kn-HAaDZjQa1AUA$7l*x0fX1sbjrT zq)Qp8@mk&^f5yY6(iP;}58V_&+ z&_NuO6sO*qnn#d&;&^}UL;NP12Xx)>PDQhyJfcDp4>NEA&t9?3uT5;57!CG@YLM6N4@Zx zYR+Z}_2e_9!aDtu?_1<6Oz-|bdp-?pmKfcQHK?LZYQ`t#*I>W5>@C1-zkL~iRzIq5$GR-Os-dXewDdkG zdXPi~fsA6wpHFA?an2E!?pz|Z3J*QX=`!s|x$>4xJ^gJH8g!?R@&VNh2cWUCgQG_+ zpT4GDJ|oc?jDAa00}>KN_CQ8@?-cyu$Z|)(rJQ7qz}z?F{6Ib*sx6=&Xz4$qz^#AW zZoOl}J{vgUF98q&pO*nZXg|RG=?=B|ebw&;GdXpaEH&+;di8Rnw1{$^4@6a}^e!9z zY1C%8d$0grBUnMw|Em z_!ct^D6oP+3;+a|f>K(dRu=`SOM`al-8}lJkU9#ZSI~8gst3v+s(9zF3k1FZAjku4 zA>sDyuRM-`zG&*kD`>#pBLD>X)F33wI}7joz8PyaQq!Tx_Z0jANjqXLo-dkwqxe(z z{uz(;j-%vGiSA~Fz=i5EzA!ZU#y4gT3e;yN?A7b`$D6gWGg_+MqWewzvfOhY2*y0H zTQdx*Rg(__XC|1kBtb5m$Le}PSSTi<|;#olXs;@jX z#ESo}&Y$i~k?Si1UyA~&0f~MMT|^m3MW+nZY++CQoA`3IsoA@QMc&a)r1VAD3? zeyM)8qVR@Ik?|fl%WrVZX&kB2KR7Q1YgObkpfPe0S?)TXVb~%BgFhU}HvkX_n9%tK9_DD9oY3M6>Vr0QxMSA^0&4)2lm|+-B7m_i$=j9&Famf1fLQpm z>xy6N0TYTNq6h7FjC-2>rIWLijH}-vZzv?=ydX%sAsHx@Ff)RHKj2M1X7O&CAnmGV%(Y=5_89@+g1WdrfCoI7Qbl-=SAdA|G2dN_;vj1SJKCf+d4962)XHs5+(m_DYS zDHpOlK*;#ppZ2KG3{2j<2X*_IIww?6>x!UP$RCrfSpXp{R#R3Y|Bd>}yq z4WlI>Izay$A`3LX!O2sXHq^cw`w(z#I3Un~K0TI&OLkDFC;S1ULK1*5e7d_(W`lxM zn>L8yEbJLNR4e^j>M9O_#|*uWSq~ZMwE#70qo?yxYrEr7O}mtzIaLo_MPm+Y#(Ur_ zzrh=oMGqQ`)TmxOqh0o!FyIh8Ee|(y29hoAZxa~qhSZ~94A&`QXVvtpBI>g)cI780 zeK6xApsOkYs<##u=nfDT?Lt4CLZ37O5DTDIJGu>E+eRTQrGK{z@BKNKbXgt0f`p+8 zWPK}bO3+nNThX1jzd?0{kgf~X$f#LNHN}PNRFKe0uUpQZPeYe`@U#}e=8RpKbmx6; zFZ!2%t$%dHnC1RCV{U)OE~4B6<-s|-X2xT=^}6h~Gv~okCv_L!KbsT7m_wa0S|g92 zQHN2#@Nxip5dfjN8iYlVDX&*y-Umn03!(o_Mvdn9pBfqU=-=c=hlOCjnlA3TW`pN= z+9#rbHG1k*b%p`M*NK4E00=@4dk%oGa{yc-WJB&0DbqxUjyj9Nf2TmMHCUsdMm_c$ zv3d-vDyUhHl3(^fMtbj*ys|*OGVoLN?Qbh*juwrTYi?9&?v?Wa$rQivn3VPufFWlDvAfQj`U=Y@)#|Q4M2xzrc z9=&iKLW-}Cx)B5!Lw~MX!e+x~gmfML^yrJDGdez?x@AaxDBo2`u%=PXt`M=k}kyl2Ec!5nYSKSo_q_%K%|G8c67pKJw>cuo~Rv zCM<(UqXGlSRLgg6FL-d)L#Sw-A%xMn8ay&brkwhblR0=z>q0#e!Jlh#`&{PmOtSe)qBAn=L%G=Lt) zcz`sfUqTWlbUqJ!JHbvN(j`SdP@uUq)LQVYXWN~xtN{=zK};r((L{robn7WNmVZl) z4)sZ?@CP@Z`j*{kfv2u2fPRb)5nYRk79{{Ej8=pe8U96M30<&6&TH@&$6^5UQlPqk z@7%WRA0mEigT+Lh82U5gZ%-;FoZ>yZ>XwUl!DR{nc}&Q;-EtN{es0{Rowb{0>?rvi z0&y9J_mMKfykw*SA+U(;9D3olypXcw7lU5q7?5S*{F-1*KD8W-4`^08 z^WbKw+Z?zE&Br~{^p%1J@F4(z&?$lcvWZkU+pju*`uP2;0EFhZUM;x3_ZIr#YQcnn ze*r+T%S^fmtq4p#uw8|wdg`{)f3&WgEr>Rv4}nbvrT)#5MLa;-A* zlag7FX|hx?eWEbiGgr9O}@JL`=rN#t)srUy2%!W%FokjWmOXK#+U8*p#DgidKHxI7ilNJ_FOK?+(VwfL z%|fhNOO3{5zkD-`hrj1p3nZ$Gg0(qOlvDi*=#`9C3ZsX0Q_dm|K$&5I372)UQaO8E zf4f4QvFYY2_2GXo(^3!5}b;`ODbr(!Mh@efU|}7hU(3paJIO}6aeAMaj;J8WCDs|(ANi`ZYFh<0=2zj z4faRu6haqej3TcCb6f1+=p_}kXsN@n)SeUU%flF5s98;?jS0VgxmotCYvr$O#sUzZ z4W0jH+*^Vc+`tbDKCM*W_Z%B{$}_|L^1GOH7ms*y7mgKhry8;F$ zla0g$)SyHN97ip~uU%>20Q3R?Lgy`tWvuSgphG*{k~cT;zJ`8vWU)^TXGNF9c)Nt` z4T{&O9YlKe4EZwvh($d~09u71pazN{Uk89N1eDZ2UBjKd6$Gta_LonXpax_FG1Y}x zhI{Yqdsv-Eb>>H28OtW2FQrBmuU9f*4xfN7)6F>HY<>^+z0_!lc+m|d`@B(#{LL$K z$Bs=@@HXrWNx|K<7vHK<&)M?sRhq|K!tW}qL8t@N=VbGm|2p@Mt|w&S=oGZe4Y5W; zxb6V8S-=?fWgoRSvP_$~=2czPA*L%A>(@S(Nquo`h^62l>#!=oy~_NM5dfrOa;}}4 zM3*jl8A;0{p?4V8#F`{*>d=pkdOE`7RRBun8NSYX%lzNbb2xZso~+y=H$6BDURy^ijz@|0}4d0)3EBV!HO2Q${iY1Iv6s^+n7@5%lnQ1@a5gCfx%xWB;Y) zx8MGQk>gydJ45hy#v_|`m0%ndHK5reMbuhI4LLDiQReTgUbOPJW&r~0bsfly;AgO5 z`zE7G?vN5!_RPG`#@_WgKSjYk$qV-d00DZ?+x9{LN`^n+HAUxGMg%^qQ7uHBQUx-! z!-YE)5Z9odqNTsg4cEwHHEPIkP`xo!$9P4Mk&D!FcHif3j$7*OZf$;_?sV)TH3dA#3aZtDaDuxa7m&k74m#9&0?f zlC#{cqDzM7xb8jD?)8Ez?^LrO2x#)8I>TlJgHrmZok+f^Qe6%BA{3Qg@O68@XsXC% zMZ8@LY+Y)}qd|#bP?stGwmRIPgbXfv62e{q{XFQ9R$2pFMuk-O-F;*uWB zV06WN+sz}O3<01iw{{XNf8~~i*QC%7l%dmN@SH&2f)_3f{)XpT0NMUXlNQV&)P5-3 zrKE28ql>xJY2EvN_4#!x$cRJ7=jo7VlK_+qe*i$Ku7=Do5o1{D&?MS4EUfEM$NNN( zB!KvWE?Dt=t@v0wTmpm1Oq)Z%$#Yi`e{szMU{FLGHu>aXpE*(|OZbiSm$Kiz_G*@w zPBP~9(Stqj(9YOxV-AptK&{5|00FP>1#$7(^57>=Ss-*qTKfJgbh((-pnJg3QUJoY zCA8`8fvx-VA!g$%#|$Qu2l_JNuvUZ@rr=iF4^l$pY`!%!5^xt z`_ZEdT*SFK@sHZjyC4_=r4=T{lGCY-u#`V*8(APyCxyKE$#GO`*qawWtB;+Lue`?v z=`th&y6q9}lxauHEMq70qkpGDu660OlmLAhe=fFUflz}w4yCz4W28rcR7|2(NA3E> zjy*%UvoYK}`_p8{S5hA6iMr1w0VvsikZAxE?N*@&n+*iD>4KM(;EM>gsHxMi*ejzh zBmLYM_7%jc<%Ev7dM$Es{6Twx1$+`Ut5@oE^rk-En77oVfcPw3I-D^fK$hRgZFlh_ zn`N>pKi*_qIa_?c{uS~biZ<}Mxs7&Z8$B}cEkmV`x(=-LMIPjVF0JR0G)?nCY#jB3hLIOqzo=Nf{XO&-VXDm8kcz~u44I7xi+?SJYYXI~l z7_s+2&;g2~$*zNJ03c|m#(Fj359Ksa8flb+;FnITK$O9FYm)*}YvLUsT};6ce+HQa zSh|vBEI~~Pvw)c&Nd{ohLW6X_^w7L5Z~TO2+G(AzsmERVX{VUw0mYuX{Ta7@x?F$D zlNX(BALy}10sW32uBcKqtTQ5VsPDO1Jb(Tc@dDO&2av9}Foe-{7<0PdX z1vkqeDSIBJ4eu0Yfk9G;46~%fwh#wVhxtKq`INihMwPf=7bnXN^X|eCmvYZ};4Hsj zv|isSH$~qnUOuN}qV_c)p4Fq@p0EFnEkLzaJO#^5c~q}LIwex4iT|x0<>qYjs{kMd zB0!U#wJFpu4FNqF0j&a1zmCnHKGBu&T%$eth733lx9bup26ZSOwC$%pBbwr%GR)}Z zldS1b?pW20LS7DAnnwNru37+zN`OuZfL5c$B)d4Z3fMf)y=J*tuDa(Ipd&NoFpYRL zS?UblHh+lO=x+YNJ%E1^M~L?w9|Ryrv+gvzrAvtst-P=p8xrA6{h!svIv7tIoPNeoI^3I9H6y39L|w@6I6 zyIn>D%B73@=<31nUupv1KLGE_a=8sUup$71u;FL>{CYm1`g{n6ags7In&swK=HAYk z^c=cdW}5Rr#9470-Mk*lp7X$2e!-(2*-V8z@-t+l^|7-m%e zYJ|<7KEGI>sjnwmM9`D2^r-2QEIKFzQ4(r3C;m*i?8}2-2mES^L7j~Vfp*@jSX*h? ze&S^ck2nwnrK)4hN1-ZIjpl#NzZ};rm6c4o^x(&ytdgef9Dw#%69WElp+@taGv6Yw zF5ajP)q?xl%-8=5pZaivJnBWLSPZ^v>OHvBmABj_2lYXw`p*sSYb^*`n@D{YfEWg? z7J&4~zhQiJgAdHiAGOM8&=S8OEJKN-Q(EejQHzE;EU|agfhO6Cw*U^7X`m!kJXl}c zhLw@*`DubFW3r+c?1K&jmWxY}mrOTa&%09waXS6DTQgrNPS^}t9#HJL+n;c# z>B13c)=;w;s#dauK(i%O%k{Hf5CMfCQ2tKQqncd0Sc39Lv{$imkx9U0rt{n|S^)s1 z4(fss8*4Lo5`bcZI-t*!00f)@UBFX0x3!F1rW!EXtBihtEsB-NvbSOA8-us<#cmD# zeM#ay5pfXH9e{)f8WQSMJO#0au!INAr;hs=^uR=j5LsJ7ov`8+!*zps zZ#a(4R!Gyf+$ooN+^N1>TDb65&V3&QxJ9tUBgM)F`J1)j8s&5U=vnyUauX&IK!Iqc zYKSZpEH@qiha}Y&g}$FdKN9GQF4CopwBgGHmig&0024cGf^#sP07&jD0dSOLW0_(D0c1bV?=AlX}S&Eaf@?h(yYrk`MNM`H`0g4Bj<%^wUT^{AaU6%hf)c~ z6S5F%o_otI`CKPNPOIshX{k03LsEe0M70$Ep-8_pB)atB9wE{$M^h-Zi7DOcY`~qh zdrSckFbF46v?8!(Yyge%OVE?-Mo2Zn#k#dT0$Q^kPUwm;*rlLWEu9m<{JiK_P`w(m zLC;-{{KYj3AXiCE;^I51`D)pnGRqBD-h|sc>)2x@_+5(^X}_>hmv+9)I#Zz@^QdRb ztg|-VNQL@lMK1m7c;qar{*YgfcF=&Aaf6`IaqSPCC$q5#BZ-|3Ec71@|HgU}xx+ulTjpUVgW{KCT&$t2-o}aU=K4PDhE>);gNMQTgqD3J-+M&oc|G5T0xbaA<3PBLE za8Co!V+>;Rr^x~k(v{g}sP*nQWkBkXhljQFD>DSUBj-%ylB z0VCXNxsw%oq;%50b>|$nSOA#hwPq8keNRx5J^?_{E`eEz1JDy~?T8tv zL%-6Zpib4JmR#y9TB&^{aGpPaF9M(%^>QOfNHnoCBGegXJ%(w!5?Q!C?4mOo^(Gv` zRHb3eWtw(s=AFjR?8>{<^1yj;?+A!@LUri;L>3OLvucbXL_ksXqArvyc>{`Kj0)Z> z(HZIUGyCYW8OmbIt%`W7NUfOWU~)Fmc1^Th3s;O@xV4>a_M8Av(1V={g4kVmh)ilB z)p&q^ABR66K;QuM?5ap~=z^E?pamIe6BC`PaAyJa9!k_2vgG;N@@=AN>S3dtYVxVx zg6`9aWBU6Qno$=Apxs&natfcjjK6bfe(z8O%I#w(Rdi7ktJ5)cr$&9eff0}beaNR| zI`w|ugtNKHZ7NtWNS-f~%QyNnag0v-YFQVX0=%-R(bHq#wj z(fEnN>0>!dg9oVg(3W=~8TN}&znsa0)oK%UN&0u_EYvIG^~zv_1z|pU^J4EEfVlQ@ zzitIC;_`C_I@a?l+4=e^3HFeF6@YrR9DrW95>fyJfCd23&veoH0@j||fSv^HQcXeZ zEhE%YGVHnA^6f0wn5a>tw^fN#n!wxn=w_dDDdwD<4SSbHKoez0COwt~Psv=F?6ysJ z>tCzy)SDt+K5+Ut)!e}NhmnoM!8Au08J8NtAo=twHF+!Vx%Zk8 zAs(UXqWQCVBY#|Yqm)NLyEFnCd2QeQGR>4ry#23q(^eydv8YiVY2>mas~ajN_zU!D zP%@i<{vCYpUI|C|{64y5iS(HlJB82{8QNtNR}`UkmaFH-1{O$kgDqc5u^*uQAl`-2 z4>#Io*918|UxYehZAdt@j-I8Mopyk8!-R=ySgc`vvoXNv`kHMi%H)ugU|Z^iNs%qgqS8p;2L@-_53< zuGM{>GzbjE_?enF}0{Y-sn?L0ST(jgF z0Ii{O>PJwR4PPo)=~mFyLxJ~YbY6N?BO~b6WjF4u-9EIF76Cf7W@<77{6^r>-E#+S zRupZ<8S?k+fCb9cBUOseUFI2&m3lQ{->abe2-Ta{{-9ZYf}9(4kdcBzFC4f=Q2>hk zSRJ{bOmdAXqnE&bU|9MnKiY%VYcX~?8|Qu2eCB3OA{fz4$pbwPfH)uNnhl=)@~njxIw=v)S!&{B&ste&KVN_AknZc zc1cEE8Zf^tf#|GPA8ZqVKGd3ZvI}btbCW00D{>|e#HLUUfE)N#05`^k@as5PbF-WL zv@CpEq*F^BV7SGAYJRjEGiZAHk-$ViPK%LRb?A%~I;(+jBtb#4NuPzOxmC?FuLyxu zw5_hx=f~a?=#PR zGPHP6lMwNnVqTt7UTZ?oq7MPQtWm#`&M4_aYjn^YZp+U?*O!)ChUO`Bx6yvU0cdOX zM3$1VJhd{h4}{?m{($@kL_p%T0%!?C^#WtZZIn={4Av;(%~>}&juDcSJU4Q2U{Ma% z%L8ZR^aJhfH*_-&>&;{Npj@6grkipX-0~FMb@Iq)r@P}EraKc2!z*S`7AjJc@^wVz2I-rfGmpzLEZwe z*3&P_7ruRH+^L*#>+jkN(RMZBlqSl!Ov4TX(1=65P+s`yzu6ynM;>kl1CN55b%C1X zAMtToHA|N6b8j;UAuu-eV+g#X4EO1yJq2`G7Hc?fT$f7?%BVs%Fa-?l;Q2zI}`=>rG;a4U_h$Cw(`%S?ZP zcXcug1kwCfuUquzQ}>Zzi!9nL546kZGOzV)5k}*!%Eygxyau!t8z!aR)sXo}wCa*f zBLbpqdywJBkbz7I76XP@A}$#UExq^Zr>{$3 zC0%ftCT*HAd(M&?A6AILmgDVXr!l2nZUQFhUZ25D((yVe_l>^GXOn-*H>V zT;illnzL&rT*Aw9t^AWWV*$jZqkmHH;O%|nHHUo#ada*E5x;Y0kH=d_us*gPj1Fq3 zLl(WFrY>vriZaxdw>9_6e+%fty5KkfZ4G^rBhReize9r92P8ir{DF=*h=7Dz3uv&I zE|?#l$qUxWL1j-35>B!WfRJqiV+o_of;4Kf1O^=$oClj!^nvLH0-rMd?Mn5u=jc7V zWy)dMjFaT=d3hF?@ksO!ha%@?|37>0{T#=YW()qjvm0;U_G^g-DDSd-!O)5%P!0eo zse86(c4s!$#7?(JpnMe!DXOJ5nl`Uz+U>mQmLUo62$E9IY;4S*u)pq`=^h!1@Rp=R z!jw1Po|{=!04ai`D1a!F5gCX?u~^8wmG_?eec$=cp{~Yc$G)UbkKIBdB-ViP0JQP8 zjQ;6pY*3mTl0k7ad09on`sgsqK+lpt5&sw3PDK{n*Le&GZ2uu$c0>=|Cr}DmC+{$q z7}TeRYm&n%8mXt>+R(Pfia}vr749TqnhEp)6%e_&Y(xtkE%4%UVQtpm9DC!>=3h20 zIvYQISvKWpSUDx1bEDX+~htZp5xW>937?VLVq$5o^k)Pll^*%98 z@1xs77avEXiZTnmoe>?luU}^kspkK?NyENwfG{b*2(788WeC1?Vjs{mKO5-*J?d-8 zaRptq#4prByd9fKLPk9x&jndBigypeuaMQ%vTARYrRM0IVZB?E`jvLkDPOQ3L0izB zmrT=bilFC~yRG3)tA&1i zD09JttSPohXd*`Rn)Ir%4p-ar$tXh+<7&He>*eO*Z08zl4_DJDzobg&RUd8$^4$!|Gq4z|C zxgEv@MnWh$GEC?TdZhWkB1B0~zv_zbERH~YR7F=bpvFNSAwIC5S)adO2OR(y24w<9 z2uWd+nTjY;uITEpA!Iqc{t;?vN*`0 zm}@pKwOVi4_s^V>&=1ucFc1u>AUG5AC;>oV(WiY?*9SyiT`ZtUqYxG{tXzD7{$Pt; zIzXeg;sh5@o?!%vnYZHqW#|J>x(6+RivKE#k!}vfR}8)5!}8qwN}8x!?XO9U97vAI z&^wTQTf=shQ0c*gjkHEs1%46u$rPwMiJrJm3SlDH)zMJ>(n-^2XH>IJ&63!N`n(iV zmmJy!r)k!1o@!RkI^=g=Ir2%1hW@r;Eg(hL5370v&6$t^nJ6$ulHS^COTp#*GG;{) zvEA?4M-!Gvi$bNcsxXMDMfuF}9!MM*bE66x0qqD==9@_>;ohzGB|#YcATA^xtXNn7UMx9FxPEirzKS zWo!1D`To#8`sYKL-)?amM*z{fV z+RqetGHHa1qmnzQ$o9)f|Dq5#RT4(*$-S%&AEZAtrhg*e2usod6$Q9h5Dgbqx5Fgg!BpUAqFY9< z$?4bXKed@}IkYPd^rAke6}Za((5zhz`6GBREjt?LTa35hzc6t)*->>;QRqiQEix9U zrA`&Zvev_fOqZG3RbTw{AUJOV>j0voSPW^DgTl$4EE;9>M-j8+gO|a4v+_4k4YDPW_ZF&U^jsgs<)Arn5Z5tdS*E^|&tqsEmJhoDXR+*aT!|3ix{mIWj{ zTU582%`5i9nYT>Qt{TwZs%<00DqN5|@Mtm-OUi4ckZCP=05ZaeeOM1gzYCKU zc=W_?;W2NZUM>a;p;0-^gJ|eD1c%e-nQvXyO?(Iw^}uMx$XZUq9QEn38=n$M2+u16 zIc+z6?&juQ@<||3Qyujk$#`W+G^tftB%bg}p%M(y?~LC{epA|0i{|L;RWnvOpbttv z*e>E=Cj(4(^f6Og{3nb+5ghw>1m5&AA!=o<$6L=+BA2 ze$^33jLXndKz%0Ulap8Fxof)2e^y01s!r}c7qCP_2dPsBQP$P4DeFDTZ zQSUwqN^@Zgh3d0iMr7fZT17*;=R^XWX)#RM)hj0~P#~w?V~H*;Gzme=tTq7RZ6dYQ z$=&OGk%sF*&04!sOCu&>_l~q15^*@s1CR(kPZ|L*4Y0s&MnI_k0K3N@DEILA!m;q@ zK>!jks0ckcVcn_MP3!;$;Q(zLTtpFop7bp|2IG?bT((b>o`A}PjCB@_n_wtUW7cY$ z_^iJ^peBzTzR&cU_HLM4yT~Qa%Bnmtd2Y9V)1g{=#kTTN{ZxyD#!R`Ob=`w%NYzC^ zscv)btP+Vh>OT@2Q?HHG5GoFrLD|wW+VHR*y+7F@7W-f`kFe-5Q(OEe20a5z$a)ha znAi>|2WI*JIKp6vp$u^6Lj(J{1%S56zvbIhS=@wAxM9S9$0i{?o-Z&70atP4ANsZU zx_I)$5umH}>%RX)VJjLF;vr3}M@fE&;a6-f zs%A)FZgQ=K_R<2c;0ajs$hYAWgaeuh6CCRy8Y?LFh_r+!eOXULAH0D^Y{}p1Qa%ZV zjcGpziR^ecY#J(dN16rzh0%noWLm6Y6SN@W=aux2jkBjE3(e-)SE0;fxZPxgT=R^R zn>{7kH0&?{Ex-(@MYZHG(a3S~nkl4(_zXI;Dm4<%`8YgjsR+{-O8e9~pO!)#7???) zBKspPy=Tgf7(h%-4zn&5ETK;`XT|qCGy(`f*wFFh4Oa2tMc$qTZXSt2g%|T-)HM?* z4Pa;^G8Lp1*eW{oF!k=CD-?g-ZUm?w{l5+OF7Bf)UFJ0n`Qg9_0IJy95cx6vbu0p6 zjTlBK<6(E2geY9+3kyfNX}5OTDPL|feCkr%Zf%@*?C|pY+%jDy`-c{qO`o-BW}I>w zK9oEQ(*gLeX%b8zw=xeHyyAId=!54Cf~!7#Ho$(3y(Oo2EHr8X%a@ORSnCR-!0p7Y zvf@9am}=vphjFA4_~h*sSf@{(anYe;;LtfRBa=!J?k0wbR$Xbb1qS&bcX@xvli9erlT}uqt^_H z*A=W1=Tjx2gjS&u5C8}f5W*h@Kmh~LC)TB)pBcdd%8Y4agSCkPkl(bqer=*p!Dz$J zG>fa}e+dAD`_1=wDF}a{naR>PBHQh$@fQHZ0>&{^d;kPI+l`NUgi1{w zCUzkX+5{jWAcBd*RStWJXI_D;{6A8^1`Hhb@J|?M+?@Vl&3calreKx2AY=kMM#By$ z@e{k#q#pzf>`qk_HYEPRvhs30iWHxomfUVSGV3tRIzPQ#*S-})O8I%~P_ zM?;o{`JcidzCt%Vc*fWx$ATbLJfukdSWTC(Z8oH@@T{#d#@b4QdOg5e9YNx%^5y6$ zZyzZ*M2nCqVCaKB9W;$T5^Em$;!{RI0=^V~7XKH5EP#%{>n^;AU!U^I#kV~)0(1r5 zsmApQL!wVY!!o*Fx7Jxh-nvR%5R%xA2Glvf0vN>HC_+fYp$@KtI5vHtyJ?p!I}D%w zx#afIqq8pKoJ(7#fkw$*_MKC<+>nAi)>J2#3BsDz8Vl|*yj67l44Z&KpdVllpBdy}9En9WJuH?Ip33(JW5t`wp~nZ%W9FMiw{-4&88r$> zQOKSZ-n^5qGwB|Dn+VMWYJ||5M8mAej`OY6t70PYq1Ctwe`Rvz*iP_iObiRecs!a!Pi)Sv&1+m_4bRZ4;eR zpD_YLr_Ze2y4a$gaUGa%(NEf?ORcJ?n|iw87uC{g$zid*)!Ac>GJ zCA8D}Rmkxo-a(xa#`nyAH&jm@)@Y}a`t_OXie$eO()3lh)O@8|7S?d#zhHq9PS}g% zS~TOZJQz@hZxP*1O!-PU#iV->+d_dsAd}!~i@1a9FW$vh8i&e%b3Ypy#^o4c7!4y5 z8nn_SQz9bIhTw_JB|NHJL=WWaT zN|gA8&4a~pst%4n$YkC=b7Iz|n`^0o3fxEEuGzSti~4I|Mvx8b6DY&^I7Fl6{#=1n z31UC)f=R505Ztkuf{rr+*X0~)j=J>Q8j!AIBT^;{+|O11!t&JBoTnTLwok?(bb}&t z*_$xuF_2Wy?Lk&>+#v8tu%Zf*N^Fhg876oI_lsYj@~$iXZ9)XZ&4#-) zJ-SolK?!+Kqqjh|H|vvArzsYwSh_5-j;k<=9ai5uY5w<@4lla7m1g~Lim^`R6O5&(_4K$>BRY=jqht?H=|kb(!714-$4uN<$?HB0OVvTTQ%{ANZX z4JfG7n66~|26ZebkM@{8{*DQjo%4>9vrVQ2(WvfOeS)SPvZYotWF;n>Yi65upcme1 zuKUz(h45yo!<6${)*}+eKlJLM5)do@MpSgv0z(l5r2_cLhzDTzkx!RACr^A|MptyX z5k@vh_o83Yv_2?#Xc~&YJ~RS+b0QB?1-=2=KOd;|>}2_-2p?bjM2O3PK@)&W4x&Iv z#{obALpTKVdFW27{MQtpf@9+|s9-7<<2uAah=!7*NLkkshdmtEa^+iwYG0AoId`UU3u4ODcum`S)t)M-H}5x?=sD~4Kq&ZvRk>} zvVCIL&-_p7NP#|-xA$QWZ|e?4FF08joW=MW%IgU1)VqGPLfF}>L_Alesf-R z{33czt?^-b?gP!*do?s#m%XA+4N0qf*?Hpa^QuHDL=dPBuyskuxd}xdEb^s^K99O8 z#&{gnAqd(EK#X;~(<#a_{Xpio$a{{ko?@^-(TTtx(aW{;VIy6(}CoXc<+k%xjA&KP&X)LV92j4&>q>@wDNqq06AXSrQY?Ju2|7M2gOM0GAH~M+pmHB>Uz5& z<5eWzX!z)_Y;&N%p={w4Y1q#QKub<;#$lRu9b0tQ&7G1?ozTyGM@v`gQY_?AK$er* zIkY^dyH(&=X4=cY5jD&+5D?P^^|-qYpJby`3XMU63D<-v+AqTfI0uu3VSVz7oEgtm z{mS!%5g5}Vf0dUNEmhFjia1*VNU#=ysZicms9-8oRJsrWsQB%JfQ_bXAP#0n-iTz> z2vZVRG@>&oK6a36A&zk64 zw5z~6m~tDTCb8tIS#}-&cW2$b^XRuawjMb^5PkZdDIL+Sp%R2jJ-BdX9swmI8ni7y z+m?ccoKM3j7C+F@?~f)%YElC-8aAN%lN&We`xU7XEwrzT6Hq*Pk=xk(V|_Bx~*WorMe~A4;#{At)~#^A+Lf%SYg<9 zcTgi7ScGwcSD3W{-dvQ{d1N}P3}4IxkZ|P%{ZefEw=T9gFAmN_uUGA_40pzK$$mLF z?P++YUTR3c#lge`Jwe#4LPHYNIArgcth7%>$a|Oh4tB%Ong^*}M;G*;|EOmA)dNeX zj5pD}QgP7mobJeNnrl|vJfTGz^X{2LH|;vQ+z=0zeZ%Rt&v}@UuCrkyb)dUeodj&z%C8}fJ6-1`h*}h zWIaKMfDkYaB2;Xkcj{KV_oK|p8XUZk_JxusWF$4r;AMT}p!wkA;NFtxk!1Zw zdjDv&>C`7~(W?6yYe4f(>v9`6+p3>DrCxfe?vH=@Lh?;zCS3lto^77E+54Foq6 zkNk^Y%jy3)M3=Co7aL9=-s*2%WN@Beej$cDRuFbW#pF8k(XNaG0QBIE@Qp&?X^-hq z5<<`i_Se=%p@+t&YJa6sW9)qinimqoa%|+1eaKi^(!Wv0{6fg1r+_i(QGs!q?cypx z%{Ud1rhNKbw<#LfN9Qbb?c~f6!~82^1oVsmG}~mGawz6r)-JYKnE%3i$DkDe=380s zQXY5lo%)Tl(6}=|XEpl=TYTUkjdSq$sM-bOi8qe5mmNIw_5m-sN`W2$cZvYCS=AD% zS9}}P;O~dYF8)Uk5ig08pk= zUjYD=_Dkb1B9FkNTLI6Y^&e^e?aViqTaC{tVO4R7zIjK(ltVS+mO4WqXpa+X{ zWdYFRZU;BZyE&vr&>E%`8ZfKyd3fY4gBnMpdQdfB_6I&TGyuUPWgSEB*T;XX*a*}B zgJ9+YbvSf?BMVpV3kY?pAoURQfKXvbcgd0wUHTUdbEm{Upl6JL=346(TMY}%@@bcO z@~`A~FaC#|M+fn@a(_;?yZ$(ypRkOE4n;>e8c;&<8+nxk-`()Y`BiN%Zq|Bu^kIZ# zw8p?sp?ctkzf++klrIbkp%9Njc{NV4Xjmv3#s(NSn})ggB`IAs$6?z&tc9>1y6Wg1 zF7-nNx;Zcz833`oO4$R@n(rWmOj*Ak2l@w5t)MHX=A5D!=`#Y*r%=Og*4;j?TzVDN z!xP!_2jRFB_f~8TD0yB@zcuFm$%>RU^}*QG2$NIjj#eAcYW7>WmxPPuuzr0+Mice) z`?_?u5)O|Df>k=``PWYHqnSAHQmgy|F*_x`8^3iBQ@5Nu@md;bR#0nW^1G zJ?2&KfsKd)!5t%UjWS(dw#nxY%$;f`)(V4w9KLWs?ie)=6x_E6yBUiGdJ%dyM_^13 zN1-A?uJ|lHv=j?CRfP{24eFUGr9{ z%ufy{JLUJhh%RMt-`=iK|5}#`0ygv5bTCn%CJrKJ-0`x&=hp-?N7mX@h zA0ApKg`vPtB$t3bdA1v$cgoj6o+2pNT%4=n&0wKV7*QP)FlciC3qep3daCp3LTWCH zs?eAz3S##7vGuO~DW8lLm;GAw2jM3)_5naB43!rEvC9r~;4(2`hkzbxD$Jkm7nYlU zzHixXfw1$eOF!GJhrG<3ott%VkKg}`|GMJRetcTLa=4y)t+`H3B50*fc{XS&7ogeh zI&%?Ix?K{#s7#0C8=YG6%juFe^8t%}zPuoO`IU#(=j!U@*&lUC`<%i8!4rO41ymx=93JmuZ3jE6RRR-L(k zW-%E>5GgCtf3F8EXMObG*6II9FxvWt%03qsM$~!)z5xhA zS`y_jFcUCb!0U15B$XL@gqKit0uYU>HZDnW5LX;j!(TXajicVfu?{IJJ^&q-k@IT- zK*)+?Nk_7x)PQEY>w&Tm50^?fixC7>0vs01WLQa8>X%RIr&_Hy-KJ%`6#%qk*H4Ke zrB6gyhh@g0q+ghm9h$X(G#8OE!-9ZiyYVlV*I~Dv3>wjJ8apS+y``Y5b?A~qHzlTn z04oCeRCDYD=n;-hvH=q}*bHp|J;EUZ(AHrQ&M_tog9LIQk3ncwWfG=^+F}uRs&k)1 zLyGlYSqcoFL2az>VB)%lM(XHo4XUvyF*AE*5D$0^0sxg!e^3_C2{L(rML_Hp^7IKM z{fe7?xfarzb1ut@%K~lZnPxSr8(%ddsJ8bnwwWi7fkJ5@uQ?X3%Y|#HTaokEl?%{p zcb)Mb9i7#Z&xoGW44(WU6?8&q&{)|)&C}mqk+lWUZ&2NkM`F4Y zkRQ4crkgEnY=qrTbpjBRCmqv66#?WH1cs=TC3;mfU`$?AM!RIOfQ*Th@)(2@ij+;~ zJB3+!A{%6qqzNAiSS(qT_RBZAWcPZMlP>vUlX<~yoN;PzxzzJ+kp=gpB&6Li`HCd* zOVsN%2|pa@Wbp`>YA<^h99o&^JgS_aTQ{H*x-q7reobZ&jXzHiJ*$#82rO$X3#`c$ zZ9YuZ&6K-t5;pd1Z@(oJ63-tq0s`)^Hwa91xEYQczRa|&lIN;;n{fbfKXliK*Pso zTO`XbndjUbVxQ02)bj|1o|uEG?l;_NYKUFbMbGOKVMLTnx^~@vf;tau7g?0c>mZXy zyK0!RDYjmt+KoX?Y*-EHgNJf%#f)5W;#A3r06>hCj5?IJJY4n$c35yyzj_h9Kc6`cFP)Jr9ajJQx0QFA>O=s_k3frV>V)xj3wY_Oc~|2t zr*5i6GUu|+G})-XA$IQaDLLmm^hQn+|HEWq@N&e@V@ zYv?E7-k37uD6&fl`cy;O#88FL_lNM5p)G$fnnB?ZGD2ToGsRbSb_CE!1q=eMo$0s^ ziQ=XCCon#&q#+yq7t8v&eUMYjb=h)WHTbvXva{XpIw>eicI)m$xP_*=Nw?~Ahi&>* z<@`xeq9>n%TWr?;F{Vxq$_VlxL%J&5a29b#*m5K1#;9%x ze8ddfE{y9ZEiVv7ykK=a7ORd9ZP{hY%x=h9BQq!7M_dfx5RW^l0MZ<-Pz z8P@G&m`nS>Y-d{$!Od_xtS_n8Auz@47dv&#{VHrje?g{4oxCVTTT^z}6d%_`G5z6O z->(B3N63U!)vOn|SnMYRABq*92ia~S813W;6ak2xFp{=l<*+sPi?0KcN5WB6Pa|%Y z`poNB)$zWAG-z5sUkhQ+C{h-lvX6kGU}XbI2kNI=)bp=sCS8X4!$;=MNQ*0Qm7mNv z>rfG!c57!^6;O(px7(Im>ZY3^$Y~=#@>k~dP8oOzsNbgXD2ft)|;2UYcyJt#aHc-aZ4M7W1@QKhvt3cWP%&S!e9V*;fvv ze!Cy*cG_p%=$5cG{G2x3sgC);buW)z)SOR?CIVbDxHLJh0lbvV-)rcqDFdH{A!&M0 zj?xd<*V%qOY)YVjT@3*A;617k_n|+fXyucq8Hh-+OCwN>fbjV^FB~AcKcw4(uL&6R z;FneTzpf2xupvwgNYmr$+^B)BG;W-IG1XK4+Ft=~tw)vp9`4RG)oehGS-2$(OLN_=7X3yK+Y`-8PKV8{&^QoV}QxPoyn zf2>GG%02~0K1H_MMqUf`o94fzzjab|+pU>y5oy?kJ|KsdspL6r3wG|VTeIkF{Pyq++P>&7aJs; zpcaOoY^OACi1nzEdx3xV2Bg3`&AGEm>NIRb%BDXk>DR=A9Ceu!;o9s#{c@{u##OV> zEK2d@BcNHQtv2Hm*zcFY@_*B%TW-5+M zc&$8&(RALr)*(y2CQn3Ubm_>gHp!BcgV$#<1gP>8&=2MvM!0X^I;~i8Sniy%F^!s# zwOqbm2w$MpG~?rPAtU;g58Oia4;@TLK+iUp%L2vf<^cuLN7&WJ-cZl~jb!n-W!9~(a@;B2K3aajzMg5} zW}JrkCKJS3Y1oLQWx0I6z#1q8v8xq4e4z)(0wVotpeFqjj^4NA1~_J>hMXJL=gQT5 z6S5Xqql8(E6JZv^#uT@oHLH0zygd150+o07=-qGC3dM@B*F{%ZMui zP;noHSE56;bmQo~*QEqOuy$$gJd)~a@|TS)e=5MCj7~xQdQin$<9pq=Pac_V69Fin zg1dL((8p&E&YspU9dDd>nD6!|*26FWl9UYqdC+I7hh#@GAcp}5VspsW!Q^-CM+kUr zG}Zu?H5OqSWl4-=-y>p#;?rK%Cm`;ESYD*>=Ftb5!vfolK~JF*U&Nr28Udb@Ai&TA z@hMMNz$-=F9t5)$FWpnzK5dJUsOG%f_G-O552NuBSc1aB=kb*;h!PW=6lFn%uN+t||1n6P6##e<3Z9aVC z2~WOaYu%Pb?-4ujl3JfD|6+LSx&ki_h*Lb+R|6Qj4s%rw8C0ZFSv*@2wVtQH3&=KZ z3`rB$WHe%pg(R%n3vsQmv|JXbgkM1sa~fu^2!H&B<;V+@e-90d&i9h;!o|%2-rB^lgsz+EUE4;W7G?cp`Dnx?15yfFL7#w^4Ru>$T`Kxr!>mX`C`jQ= zHLLD84^Opd7h1TL@73Oa^8kwYU@w=;1_P~0$$&Bru62kbpD7*GrhW#0D;5q2ZGDLW zdAbjUEyg{LF%PWDOrZmRX^Ocx)-}+lfolC466x3K>F3(D?;fB)`LLuq6^RZL zb(<)piv|>F@T0~|On$Sl0$2G7Y|1CkXs4UGFOJpcCbTHuqnJ`g-!D`~p*Wi9(xf|7 zX;__JFwr}P9DIIB`lCT{_KAnn4m-2^uuKBa?2jDe1@ z#1#{9A^?@+2uv_NL$t7goPaMK>o$Vltw)6+6y_|;E%&2sT#|-;WS@cF)+Am#NP&7} zw~}48bU~dxry!r1I*s>3C6}5510fTTQCLXcy6$(@nujU{zyw+2;D0o_PF7bP>(gyu0}gXHd1=c zK@cYScG(@f%boQ)B^9WlZezluNipLFHC-^LyecGcO09MPHSA>23>jxs2dGmU3m#0qA))sU z%{CqVsP!8QZtJS6;a0QamaB2j1!DqbwE+;^=w{lu)ixvjLmh>Vf&Z5D)|OGDaSRG| zVMFemgnrItuGgVZOP6F7%yugR5EdDnWBozV2j#6i+wGww8xKYmx(-)yPZRrE8F!A! zCX7N#m+49|B;xCvm4-nhO18!7=g`m>A69RSC=mw%d~?50!mt|+LFBJPVFeN>)MLz@ zD>?DfRH!x`lE;uO^lK<$M7!cfNFKeQ`uI%!yjwSYqG8f*n|B#zPMH_m%xJ@`IskIX z=1!|_9j~Ji1qEuNU9wE%Me>zRjSm2nIV;WmK$Yz?#|D&iL%-fDq5jHb8n7)cAM#+4 zVbRc#291iS_+UTGP)0x>9&|Q2RF6sKi2qccBe2OKLBKnq7v$prKmrB{FjS0&$~_K3 z-3NCB+Y|_8GwZGa8SGSYBPtrT-v53rvzzqUD9FXUk__A@OHZyp7p~2OWUym~noy>L zgEb5?avPu`{DX1hv>6i6|Fx}l<+ScjvwF6*ZnC-RQgHKa%4xgm<|{AVKd;E1lf^uZ zXrh6cPN_w*+g(r2uS&cQy`8!^^Y_74P?5L_pVNv3pxhwDSlEG0Z?Whjq}_^<&gKFo zMnL5WF~zU)ktafpFTdqrjY5np$21d0pzhALB}LFdZnk({t|ud)AE;rQf(VG^;szAC z0XdEYx(s@)$&2!wUy*(dT^RakKo#pOIr=Vz46HsC&{M>c?a=1<#`$Cj;v}}Y6Q-4x zLmz)jw_w-YvCF3%R>;v*TLd(1x6Hb9^zKW{aG~3j2^bRr2z%CSx8RrB>$%{58f=V? z>0z%xqq=ynoJLslX}M0fEvv^PZvj0`41oCVT9$Uh0?P+J!lJafG~sn@k45!^N(7(> zP^qxT5RC00ABU7|5rdGtdgN17MlXW@hO32bN_t3#-52xog1*OqHio?1xS4v*Uz~p- z8&PA=4Bt#(Q0XmD*0@I(_iD0GLI`QGVNUs#$jGf;Q2y~-+^5Zr3r%%XCz&O|ti!N! z#$0Uxw9sUoI$a07XbQZL>y*TT`*WVUY-ic9;8MSk(T9!eeKj=7=fL~4)T@Q*b{S2v zuXd@>wcF|?S6E;l=w1}iM`$o9yy1aWOMJ0>M}XgN2);s4($0%%gYF2{Jj+<%HRvQ4_aZCQyb#$T2Kp|Py zua9?H$#X0oDjPe7)Q2{@ETv(2bWD~T*5|IkR#Fe)ov*g4KPm1goliq>$JlNNZTLpT z&5-8nht7^8zmud^dghF1F&8Km7>sp%8l>u5!?xV$1{xp%1bO{+Ex^d7hv7 zO6Zb0IjW8R!IHgdjsFO3LGXRkXS`POgPEYs22Htug#rffsX$R+mEsb!Z=iNt>Z*FB z$?~U{58gT1IO_lm87i2DJ>{yObIWhHDW;BV=N%1`PR*oCKG$YgJ>GYm@S;wLJt!hv-|$l(i# zePmY{-{9$2B=McqIRZR8PQV~!YX#PdfI)bi1p3M|FZ-qQA8FJW?^B>57v&)uJhXm6 z5`*_>(3)my1KMOz58Q$Jbe74Ms+m-NsR5AR@cCQ&X8uFcv395Z1XK)WrGIhG#An) zLl%lC(^pM&x$OIW^5F7d2qr)ee&$gL-R?zgx9VI}#k+pW5fFl3#J>oB$8`*b9(=Sa z=GToe)PT6myS3>1%MP2Uw_*Ja8Ds}w;*8!vNKYri>O@GE4oZPR6eu|WN=GEQG%HQqY)i$~fB-aeZkYaX({^UYck7fCCUkQr8vgCCzY#yrXm7bN7Irn% z&hdRgxV6+a45-}21I(Ov9R!kqE{TTI4^=2ZmivU-3P4+Tr#Rn=K1@~=Tx)@D{gi8w z__it>0ii-vOu&Mq4JSJx$}WW1m@-?Rv@)GR>!Zjns-W?hxgv|96>g$|uGFt}eG~r3 z`2$E4mZyR;<_8DQ$`Xr!U=KuoE6C)F#~P+yHqSVv3n!JcEzm>A8|75k3Ck|JO^Ac0 zoF*3Txm9;t>z102B;PYqq&^J?x`-SFvZ$ZwMPxb+rS^R>9%ER^`15CVYkyZm|IB4B zSAx9)Q09><0EG8JvQE4P1reD$$KR2GbJMu@^MiJ7WtIf(yQ449GRoj zSySSID*K^6^)6^{Hgu&ua`i6j7lpt_&~{^qlmhy&&UZngzX~_@;w?XM1d1dCUVfH= zln@Pp9e2%y>S58~8?&Pl00<2i6Z-W*S!zrJJ79!DiOUL_u%y3_61EbO2-Km^1q`V$ zmqY<5P;vm237S&flIU3}{ryW*PQ$XpwEQwRYp>W89D1D=T5QuTmT8A(u1USnZ1|*E zI``L#dq4h0?*A}hZASz|UPGqK2=Ao0ujEJwiHMBx!;yu%VavU*q^otAUS-8tYzv@+ zl>r$!BusEHsvFRU?PD44u}TO?!J*A|riGhxs+R0Vbl^_^g@%56jJiP`X+Rl>xiEZB zn+mZ)c}QARq7W7KHp~=AWGFkV-JIE+I&mqLK)m-ipx8hEEW>&J+D=L_Ntq zHTI%H*_8g-mVSrJyuqAh&{qQV0dpxEEV&(ZtP_kcTQZ{B_=)mnOU>=3BdE^Lw_<&+ z%o@;w(=cV{X4|w&F2(XG^Gs9yzrFGT=!Uu2Tm~C_zsI%n0FFI$S z5fhC=e@4I2Uz;3JWCl5e-W32q0^5!4-*_ie8i&9aRt(gA3OP4nZQ&JH#PCNPfoB;3 zJVFScZy13}h^Euyd3Kyo5-Lt2{Q6LK?x8mn-&wLJ>w`7)VFSI#y6LkX83f{z&|&kH z91AWUs-fVabl^bpHAC_rO_L7OibJ{JuGkdZ+zI{scl7g3$EKW;yG@dh+@_mnj?fSG zms)U2?G1^De64dI8h>(U^@$E8owsCP9CP59iDP=i%#`SQ^jh*tu)#G z=$1h0VbP&oY^_^#H>BULO9e_UJIWkA{92ft!WkUmP82Y&pOa?Z)X)_p4O!r3i|GK| z5df%+wr2wFeEEWbKAXaBqHsZlE&C;TJNb+*?r(QX$)n$hl$^8+x*G5K;5%T#wPk;*o&L6bstE-k)+1Aq$30iW$1RejR^45@ z?bFki`Qv)(hyGh#sYO5tf5>B|b|Wa1@qm)Twph2ET`F9tptLin6DAAGR`L6{a@n2< z0QAt+;zdTZ-sBr>Ch*1ZM;w9O9f2EW__m{Jzm=8%*@WUA2~$is9(rg?{MTHcj>a_W z0|#ImM5D)}5gCQ_s4tY-LdR@UyW}7qZ$xD942r*LnmcJ-ezjt0*vn0Zsa7RS_m)pt zKXEIj&d6eK%W`3LseLc0E=9(pB_CRo7=7hFd=IZQ(sdo?MY3OsgDu+p)IjM3cvRxk zp?G;)=Q7)Kq9cRnyfLavEVu1vXGAB|0qlO;_(yY@|jC*p-YB23h3iODRfGqFh>0ib1zw@TGSO8 z{@|wOn{^8=ZqhDabXgajw$#rpQNJ`1l9t-{0{Ny)mnH>vVz7=$YWz}8SM{)iXX1*e z`wU@M!wIoZF>g@fGeWpL%w^$3fF8y~0wXR4s{L zN~T{{+;S=^6@V67EKpvZYC8ZugvFD`Y1B+%X);i9&Zn#f)T3VW)~0;A^jliGZe1OC zkwrSN_<;~KANyby2#EsZuS$PL6t581%nq>K(7%wkF*OU^By6yS%zS=X5aXb#MTh5g zvH+TZ#2u~~?;4%UrY*w*Br2!a(sZ*o!*pQ6I>Z5;Ka6f^LSGm~V)nvnRw04$S1O(gkjdmGb z(BBQeNP{*woTf&VG-N7<43*G>HVS#qf)rulxh?LaO8g`-2=swDvLZSx zWB1jo&Gl-qk1e@{F077sYSL$I)G1x_=~));nsMQ1#WtcsWoW^rn>k~>ee!VbE#(@h z&M-ytlw55t0rH#2gnn2WX-tgDQ1r?5=~MlhVsb#J`yloKFvW%?B|aUtULGbjrZ#Ky z$;*oJ9fHLLp}0hd=u;dM@njE1fc2{)Kg?>Be9SHwI?yl-Ni{{5LNP?z`h=JAdHRMf z+IbMku1v_l^s&Q+R0R4wdzYH?t0=;_zK~glY#kFOy?E-gS6^6$MYUbC@{0M>6N<$a z)9usdsV2?5yX-|u;leQK)+{@%5Wb^91Nqfak0sr`XAZVVwLys@9+YRhwXt>uRGXmJ zl=N%J+mO7VqAS|mbq#WEG@wggQRGI-EYiVDEM_f)S&Y^{G+(eCCh&!C2`p|q#S?J^ zN@)a`b{v9qC~^pz33z~uxU==aE@im+^0g7zapNcM`wvhDN8Q%@9a4&LaqpfjfEhpU zI1u7Zi$WTZeiL2VFCvO1w`tn0o^|QwTZ}Vy-J)AR?=s9dOyyo1!hPLrR?Z$bfBG#+ z`tMQp(ool-WMI!o2rz&E^aFj80VP}uGfW#6n-g91oIL%uhK3DDufcE%xm@%nqzC0+ zexl0a6~GVOvi^$$DX${qH>Wzeq*qEo<6foaKn{oMW;VzreE>mqqFeEK_ddFO z1U#`hw_&Q;u-s;wJjFx{R}q zM!M2Kens48j`v}5&#_*=G@$&Dt4 z%O(O60El5w0euQmkfpP>h*u(xz>`Kmh||H)p3pOf_ITda4il5j%`He&grpKbVWxEh z`UH|H*R1z@_EFfH@aWS1Jxc+_f^v8jF#w9xLAV>5Jh6ZzegQ99Zn~9o_WF5;an7Zk zb()cXgMm)Dr{ES_)YHw{Pg>OUD+#r05)ms*t|2|TR~rCk*B;WuJqqkbSTqFdsEcy? zFIJ`nJ+6bqdTJ0Qdvodvqb`?~voOk4%t#K`jG3D+`iN;aG43n#5kM3VMwG{W)5cjDz32L) zbKmqS>)kf%tW!1VFfO#z%{r9j4nXh&g5KS|uyL*XKf?DX8qvaA2ghEGKk{!lsMC=0 zs*`^8{oujuFV!?&7lY6!7;e~Nq4#G{hs-k`p<+S5_&AmB37VBg;Y+gV=98~4=eLwk z+Ig1wGF3{&baAMkWdzuk>5&hipdI(1qfjy4FWvbFgDw7m$iqgzibjl?UU?4w6z`c+ zQ2pxM!x|8Wk~ds|5@*y~+XF?p@C}3Qh-lO~{P%jr`5fA_<-l2?#RIwi_a#y&_1k1bucOW_n(1Gf8 zW`qZzzOrdJ1@z?62eViNokuQZ;)^9b0$Twncf)`qdtHx%Ws-&VfdVrD3ws#>5InoH zeN1^i)z8t8j;`tM|4dG=?U_Umc{!*qXS+C90_A#;3z8&#P({#w{{8

S2I-wD|`gmfbaO*+*KCSaUwjG@H)Kt zeTf&zkAMJ1Lf+rsWvZEA60$ zSvL~Uan zqpiYpQe3aZ5varw$ODjYYX$vMMvyDyxJvva-Ny@gjcW3elEbifu~Dxz-lKqNUA#k` z_H$UEs7Js0HwWqbo=L=DLr(7+XTPPr+h&?=)_r=?G}Ww}cbAPq!n~WCb?GO;8+V(~ z`?KWaK;eTE_d*lmh*Kzgk>3Cb)|}UXJI#f5Jpy9lqQLZk4s17^3rRmfQZ8hK-Op;r zeo)_08BASeQg6`EDDlU*czHmd{5d*(1Z_6}5ONfixcG=SC62%Y03-zUypa1t%D}AU zt)RPGoGhhq0tFSelPnlnqPUEGFI{cOUb4lzSVK^vox^@O=h5W6>U3n!BA|3cA3HCZ z`J01q%wg?6ZquDs<9timIHfMREi+ETw3~s>tW&e#P|ds4IQh)IpN0;>8Ib%98(|5^ z=LmnG1isr5P|mO78P^=32SNv#fDVN=bfM-#=G8z=>Sw%e?T8^W%>1=;gC(bUfY~G* z4^1LmEnWfiFzqY>dKmhM0Q4+{Z*h4q{Sg2FJ$R9PqY!x7<9W>lzgF5;RdP0FgR)~UT{YL6CCp?nfUKqFg{1_;~UIq1@T(LLKw%L|j z4GYa`7%akjAa?ehJ$|U18=v%yyx~BKj|*k1)}Mt<(cv za$@WwjzHy(KoNj8SqefC6VZ^+E5v8FP!+;~PK1)1$U_`UnDappc($yw1KqWQir9#f zMy&BSrCE<6*P%~^ObCBy?>h98VFMEj>TkSd=RR)Mueh{eBTPHXMhkAS*?@Rw{tP$i z)Xdn8D=mi>99Hzw(qQwtN0Ergl3^KjSdoHDgmyjr0m>5!Kp`%{0}ym406;0f8kL~b zMJ@F&m$fntDu6x$24V4up`<%#OP;SqTgpaI zlL%{3v)(R3+3nYnf}?iba^%06{A<-mC$x8+TFAkH3s)`?5R*G_YUWxrQ+DlwtA3^R z=*=eWtyVQ%GL!dsEKnQmK0xg@4-!bW7|V1yTi-01Jk z%%@{eo*ab-mKyy0R4+o~l4H9GwH}r|#sN%(O#P^iQ4U175l5hkM?feEZ5D=rLA;|- zepTnaBTEZ_(9b@i!-0v6VchQXnKW6a zDb{s>-f_&fSXWM|XPn$kd)d&iVLUhE)PglJ)5I-1>SrCMk6im#+x55K_$HlwDe05N zx@sVO1O7QWKoN;-Hx4`XddjN;?F|5g>JP&^uWX}Bmi?uLCJfOl3iSKLuPA94%tKx5 zvI4EjCH2taVg#yN5q$tX%*_WyA0hux#Y>O~!PPhdc%tN$3cAttUnvWHL0swy3{}c1&GhO^8STd`akPYUxNcIN1 zgr|4Y$@B)iV#*+YVJr1nHP@{0^{KkQJdv9073z9z6nMdgwZ0&&J{oA%k6_ z5~i#+go{iLYqCRn^x$NFtc&|#69AhS9g~aksi9PviZI<~kcW2)Xtw(tIe1XkZ_WAIU)I0A5$6!7+I9W$@Z=dA1u5K%05*$L;_hJuAikB91_ni~#Q_lpWU# z7$ofOgbf}hoe=fl=aVPkE-w_=TOu!q+7K$ytT|}ZLYM2;-jcHN1d=vhF6Tposs_d} z=-*HKco(_dR4_|=RI5HE`K;utfjG>k$1MwvWALOa7Xaej^z_Tk4byHN$k=iF$rL=@ zJbPw|9*yYIUTD2?jhwH6jK4hWWldYxd?#|4)oj!Y`5!q zbu1BI#1Rlj;Bh1HfrW0EbJxI*V~s)r)(A6e>%80ZbKqmVS5DC0AJHcIB&;2N%#yim zOm=G^lFXc9f+iplL=pf%soe*lIJ4)L!JiI%?6oe-XRp+M;^bCNHI@wkowO{Tsatky zKXWP;oTjOxHo9u2_C2#*NOoG{?F#bA(?3_ICalqGT=t3*U;3Uuc-vh-K2r_GCNqXG zFx(N2!p0T#R$iO&p}suvS8)Wy5!f67mZnCXlxN4W{Tq4~M$lowyo5>$hEgM1R0OC` zOUMuo%VNWl)R=~@S?K4cc()Q#)xaPgfFPa>|Dau8NYkCLs8ievN-`G@W!honYFK#r z1@v;33jnP+4^6p^bM}L?P8;NRKK@Hp?EBKJZ_j*};vOA!8)K1g(nKS6L9sq5jWH_z zcI*G%z0Q;saiE1EU-99UMz-$p1ffw8fVPf_crK2>BS(Ny1`O-0N1)^yr4f4L^4KBp4T=dj-b%Z`GTq$ZJ#x~CFNz}|j=**!Anf0e*5(T? z42g=NkdUC;lg%ggoRIQ{{C=iigPmt)oR{nASE72Ad*6`yu{s`72>Cbk(W94Sw-?fM zM}4Lns&sNzJwGR3@2bD`myJ^=;m}dE4%f0(ykz=uL5hLb*p|9c;Ixh_8zy@Wc_w z;|?;|Lg&I&Bjgi-K_vn}a2!kbDFHyxCPn%ktXH)D;e2(ZhQ`hGk9C>XHOYXI2`R(A zC%Ef7`E*xJ++)mnbeWI=JaAZbuU?U_I*sK5K%cZVte=v7W>+q`H2?LLmtq(G1Nkh8 zu3b-EZihkiQxx$J-5*z`dutL`x#)l<(FB1B-^P%c)nN zx}an7WgSM4v136c7;$J0N_ylO-qb7^(y~6s9opm*lt_cd&QDw9 z%TDV;o8*>5wctK9bxL{LZC!RBp0<~qPtfPCx=-B)S59iC-3{?E3;7S?E6!J4VljTnvsxP=ythJnE>wHgS>r^e^|#+aYlyowBP}&K#L@XkZmI+hkd2(Uw|d z#2o0_)L%Fn|J7AX{q+=5kw+H|@7VZk2S5p*md+c~XAf*#)Th6vOmrydO)U-Amrlx8 z0Gi@cEwJ6d$75_aprjbQh$A45z;hS@&=Q2d!ZQ=Vjzi^z)m|TD$L-}FmEWD>0$5wn zgeh?usyK)4T|9td5JQImv(jdKY}A9miwlCG%?NVaEsS6Fb$l{fka9i^@^9&o6257f zh>3o8bg8v&)~TIp(k-~Hb1pS-XQtUS-^!I50L{5{Oo!+A;eY#I{$uQiDyR_Tz~boI z_0%PGH6+f}te>xit?fpqE*pZp+tK8h?4e~}SpT2r(1jG?20uVc45~g6s0fR6ZF(tu|6)3X85`o!T+%Z1qla2mbny{uWK^}p_<%>R@ojY&{VZg?6mQ5%=rUooe!+`lDS7*XF#IwATm&@mnqpjNaxP zmYHVAlgby{%(G4=`&nuLH0y?cgmL!dF?y#l7uIG&)=WSFDT%KN#9#IO)M1GC7?2}P zovWoD9St6jf?YpUv-PnNP+;pT&;MKiAa*4@`k+ycxyV7=Ot)qx?pbi{&d(30LmfV=hw!%290pL``xM6!PeLa=*bTS32prQH5)g~$?F_l zLWMEEhbhJ&&mVN~7X{qmF9y<2%nGE)b`wc%BKV3U@cc%g7y$w7a9%vFn~{qE20c`w z-IL`4e>69tjbD<}umurNbf`8lEQfsz{hCXL<*|T_Rf56>ArXg?P{IrCxE%_D_{<)x z3SgZEwgU(W)MNRg>p#(3ho;Y1QTLg*%VBmf?XtkId#R=5xY+=p+s=kh{<3!M2Q`3E z2sNE{0JfZgV4kK1tZuW*D*3hvkf3opDJNC;tVCd6f4QzgB%>24)63V-kT)VEDjCyevW zk_ESM#>MopmmDRRf}3(EmK@f^PfZ&kIh{9AM3eQK!RXsDfZhh^LE8Xc!|NeEbck^& zuc7Bu6GeY9C&dR?2*L0xu8J`t_{P%wdMoU{N`JPBS167^rHlYezG2>dfV?+j zBW#(ELMEJtp)q}N{yyh*qxk2t1B|$fL_PBl>gRF;9MUFu?1|XlzWB!$`BF>comMaqj8pbQP$*q$ zQkGf@Zt0A1@`R4Y4(9@vSWuq!OLCq%_*v{W03qEM?@{FXt!Ookk1FVjG&P_|kLN`Q zi(jh%2gP4^@1*zu3xAQJ52$X?b`v^!woYdehPIA|crK2>UW`Cqx`+SMKqaIpph*HE zv|wF|=`76X;(l`XmX0TU@~|v@qb|`|1A*makU5i^iRj{m?&J{fszsn;Rs zDo+M$c4~aGoeBs*rrKEjAm#c81~g zUI7r$2efcT!*d%JT206b;!5Tn`p-|BQ-9l#yZ`}e5Y&xpXQgmK%>-?ays2k+kr@Sc zn_?by$_FZlG47F|IcwdcNc~(w1J>+S^9JA73~AX^uYv`zUmIc`{|P{xBIrE$PA2Sz zHaCVof|r~KK;j69BTz;oz&8qk9hV->Gqf?mg*a$09W96T^qzwL<;d;7t7WPMXTiZX zKZi!kHLsk0W1DN+f77m6aMe$>NS03NrkeLmqGzGi0Q8x5=m0?TEeOPnv(5TByJ4zH zMuQEhfP}o3c#l5*T{(4utGKULjcP4gIJ{k$tw3xb@$F6pmvx9>2^>F;gPE@Ufc+4s7syvzIMT7 zyJa^nzoNR0#otx8R}m00Z?i5v&}Y_VoU!Y1%sY%Q0Q#h@CiycnY%D;}h#M#FT42m8OLeND4a*VNw@Yit z6F)XJV2q+CXjry-d%lm2MG%}432W~!QDk1JT1kjN9dtu05qb-eko71E}&2Tk>2u< zi!daPfH(rBGy+T&0oQ}6y7gdJh-nMf9Iu&xbta!$-{su?c1RQxde{f$Sm@TEn>})b zf|5knt^*K6P|0hH{(9f+8P#WJG_xnv(=O?B)1IZ^5CQQ<;YOg(yvu}w)Qn4W^OS`8 z4D{W@@bZgY*iYxwiGYd1FF}xJr+}F6D$=EWO2E+lP%Zu1Orv#~5qWG#0m=$wuJOHO z`c*W)@d+9>rap2tdW55KqJrD5((u`Upqisx~{s z3lo_EQ-PeY9YE~%>*+C7>asF7Vx}SETJOQ^A1w4cTdZr>S#U{svxZIgU*ETSUc204 zMfwYC{vIkJ2&@AXeUNqo|82^lnr@LVzN*gtnyHUMun44Rf~cL>lnXVaJCr*GK&;=# ztI2k#!OFP%#y+}!DBdqi56W5A3!2ifcH*NRL?SFafdSBS+o%-L2kmT-)_DkP9{RQL zkeAX9P;|Q!N1%#Fpa?)kxVd2f1_^p`n;8s#B4;O_Yi|F6MXdioZq%5$VvY5qvqPR3 zJV1XqLKnH6T41;P9P}K;gHkNNG}3tYh;901!=l{+O`g4~0fF!~)1*b+2WU9s(0tY; zz5PFO$qM4yb*(031Qc(_E51Vq8Oza|&nF-z`PL`gwCd5r096ng46hNQXc8syx7 zK7gKFKMdBf^uMKVwJwOTFZ3n0D@2BkJTS^<1lE`DN~-Cd0CW znTFp!0qqFOSG}+8-k%7oq4f&NLB_-Q?b$AF!z+XH1$pY>5BS9!FVNLGFwpSrW90|j z?8ukh-7qiFMHKE(I+~=2g{o)9SBk-6JK$?BRh&`tu zqb(r9Rsh2JW7d;r{-><~gb!g`UtVH`t{lns$Z|cp*mr9;&g;piiu>f$y<;{6%z+5r zI$q=5?ib=+4R@RBKC(+!TKCMVd-=5K)=Ay8Q$EvTgFyF^t8TuvcKug7mWoVAwEsVQ z@7>+jeWi_lfP3$nx$m3Awj_!q%BcX0B)7=6M37Xo9oyrSNtsMyTaCS`S+e31x7g0u ziMt9rDN>@Gnf2cL9qwB9k9WN@bCXGAi3K1jQk4zBIXL*;XP*OtAVo+5g)08mI*SVg zLEvDYeRh5Jv$YxrF&#B1;4%%=6cX!rof@un%{CRV6B}5!O57A}Hmw8u-BRv=tY8M0 z+d86}2JaI=yP3H;Wj)*h-R8FCf8r9jPbA=C;4eMvLeCdI$jXCYB`nJjH54m$H1Yls z@4Vzs)@OyzgL}D{)fCJ$VUJG%=z8?Mc{HY)By=1g$AOkYRx94D2E^-$$?tFak8R(( z?Aeg15}a>`?A_u*4bZ!z82oQHJdf&!+}94QOV;thodvMbk}% z{x|Kc|1qRLmII=F8J+1a$x=3C?vjg;T3dBvGYN{+-0qXRY!x>J_!Z<5xV;1@<|OPK zArpF>)^b%VQnhlEh-*ke7vR=+p6*%0&J^h%$gHjq44kvI`JqEDV|UWfUu{QX)d@bVLk)4YR*-`gESwgW}sf zV|mOKPs;VZ^-aPZ0MyZe3yoO-D!ak;U^*ZsMp{rv(;3D7i9hBN;1amcBtZ3ci{laZ zyJ-pt9S2|2g{A-j4{%tPB3PNCv8ZKbXfW^#dr-JK?b%Fj)TDQ%*6=ya9=KxlH_vr;xRN9|@XKmo&x$EJXs^ z4J)?cdC~d-*^%};2ewzE0yfvW4h|^Ln$J3AY|7A1+d;XOs>?bb!&uyIk&e&2e<8nP z4huvAAb||>_!s07Sj`fE$FUNh0ToQz5i)Ipzs_$I>Lv=)6xpREO$Q3a z+ii1Qj+qW;0K@pe#hsRCo7b{^YO*qdnFh?%xTp3PvMO1xlC>jwqxJdYPh`vi4Wj_~ zY{A9Nt}7MFrEM7h#PI2+P-F5y2z3$&j%e-)>CY=-=#WBFKYeRZ3S+%ae_I|gj&>-< zDUeYpT4zCuE_C#5QF9~jgH5L95%D;rfvP#JW(NEe1(}2%c+G0QH~Dwx5?HkoAR}P% z`Sj5WIYK6M5O-V@HyisPiKRL4UgF)1c3ZF`PeUHmuClkq;NEp?|3(lv&o$-yn+vgJ zJG@WD{u(WD=7cb&ioiUxr}$>`dRFBQ)fa@%Ij%qc7>X#XtaqK{F7$(S+%$y`lIQ z=Mvx&Sb+pgbe!dbsCpkWql(AT$TnFIV5|U?!ek<%@!%O}s7Ga=xs5kO>en=i!3G;R zoZ)~F&y%ICPneoUBm11ss>~^vT1>e*+1G+^hd91tgLk_yRAC>jEFFAG9sq!p&MA54A|3-@$U&L>*AL#tx7hK-Ulp=1lPuvp;Y^bNkj~)dH{w zH(S=QzRkf?Hcb1X%a+9Jg-f<1M}}hHBH|+m?PgA%E^xc8Km+-|a0ze;tWF77#Sqj( zPz*uw1gTKU%5l~^BgumIVQsX+8&$Xfkl|fGCKvk;tqUD+5U9A;9o%ncEyxitUzzxN zf_e#QLby&uVG0wP{@v>WhwOuUzlZ(T!ycqOYeshxDJT*jFtedPmg)=$6mVDuL`|p) z2Z~^Njly=Tvn`1aqSn~W8C!Bd_+I#F)Cx!vY3jDR7;7C^Yl*qx)P;5rR-z~CI$GYx zazL?(FdoNxAEFfnw;R}XR_A@hzcrTtm%s`n00$IXkOxQ`%Q4NWixuB4Y2w_wS<|}; z!)*@MDu&x7)NTAdcCFXR&M54JN-=zW5!+wP8rA8lb?gu=QB5>c&>AFdzd(dMjcTaD z9@uAN^^b&GWxxO?ce!abL#6ZEGU);~rB=E}D^kvqebM8>5YYIO8)uuv>&O1jncd(Z zExFm8pXm2m@_INUI9VK6Bt-nHzjXm#INMu@^e1pKKir+X3@8qA+ghTHu`=rT5ZHh! zx;8^)ZD746bM3aN?zQY2S^qMHU;|t}92U15CC+d?Wdq7S%*y9(Ao=GTS2(JfXYYR8>e5*pRUdW zp&8Pj>D^$5PIzF`Y|y(w0d2etVzfN1Nn*b&nK<^pUHAvbe?DdRmX(Z_skEPTo0}G7 zZ!Ju93GQ#(gvqV0;WCHbww6^t7HXj4n^sH2p$Q!XIhc1q@IG)x=mhy|ZNY;ix4Dk> zkSCH#fA9L4jy0^qy^Q4Vp}1-}9lR&i;>-!MP@foeH+T@qeHIU#CL9H=p1Y5KQ!as3 zE`j-|^_IZZs^q((6sA;>OI{uXcrdjOIxS{qtW34hYR(SP-(e4TAuTEbi6}c(^Ti#HD(~qdEwlq+?hJE_v&=1A2%169UNtd?dU#bwWBYR?7 z%1dyA+ePnF!qq*FsiWUz^&7%f1=9p(OU(O_5YX_7&6<1kL>3Sw>VPa_H)1uP*Po>^%qqXF_}AwW;1akS2~e^#f0(bg zEQxUz#e8d1SP`|Ad*$RhAcifRU82@4`MV;!q4gd)*sW^7By`%S8Pxvp9EM4&R1}x| zpma+xQ(#TtqOlQ{t~L||8x*!5d-2@=>j!@i)WJlV>+&``aB&y6ileCqA)w;t zs}R}Oj{$l;*?=KgF@QZ3wF&pOfO&%h0_YmFMQ}jKeaQP9FA1HMW=|Ai{By2nE$umN zeHbJ>vwivZ=y#(34hMw8ia_Aku+xFAQNPQY>xqn&S&GDaKzDQB@z-z(a0%Q|0x&5k zrym>Vh2(=^+*;jpN7v8o$!E2jw7NoIvjYt_ zl&y>!mDRYA3&8v)>X>E^+5a7jfwn4R+nrd_JyPzzCjh_BnvhkMJ9C2gD`7CBP++MhRG@IZ*d3*(d}%W=$h5YtRyX5^W$@KTJ>p*~{8x z_Juq2mUN?bEvu1HdLnZT+?NUcvicy28gTvBC@mIUd>q`=kBo2Mf(1R7cB};@LaH4Q zAaGa?&UTjsYfA$4*cK;*s`9kjguxZ?x#;_Z8*OtSQULhvT&dQ#j2~12`>@Uu_GQuZTS$U1nku2EL+ApmylDdPSPt(`I0IsJ4_`kh{`H5Ym$rx#TZ@Ov z^8erM>t?s4yaadQNriP|@vFp|*WRejV^t-X0}9o+6Lp|kwaA(svyC!1?$}9H{|4UQ zIok&6>Ey6g#9lk3qJ&g5F>ed5$AVkK0i`kc;h)7Nz$LKSC9ovuMKEm9$939G?)?P= z7;D55HH?-6LbZo{5DIbKu-m1f6N=Vs)9W4JoFP^OpxT-MFjxtfnsGo3?E7!5%RS-A zLltgpd+C2{E1F3?2;nc!xojMC> z+x@2{*0ZqDDN%thc|ES3^^E0u2y5Ld5x1L__|TXbKezTEU5Tfobd!W65ia+o{z3%YuoO1^X{U9{JuFocE zt~M`FRlw>JUf~@ilAi~GSRQ};5lo?8+9`}~Eg39Zlj;&2@NdS;&cI`b`VOF~a z1b2WFB$@%uG^}N{8-VKzpDO~{POud|NJ#FAZL120O8~63>3RUjH#eDb*TW^iCBP++ zB@(a_B9p>2guP=uQgradvS4sDD{w%1XYBNf-FhnmB(#g#J9dnhvT7F)$e0WQ^E1%M zi5hTLw=q;zboH<_^ui;TzAyfNI*3g<;!KW5F!eLsYv^Ni$noMTwsO z%t4#6KcDqK%-Zt|TBW4=Pp`w|>FwS6-TxH=w=Nuj*0e;Mh~3aJ-Ic=#uB32+Il zS_wo8Zq|bZIhYGvqQ6oqWSS=Uh#uOo5Q(4X?bzL$KI@gicBh51LtlyY$e0xhw%PEf z@Hr>@LIE*?zFW}u*+b1v44HznG*JVNIv%z&Xbs=h+tvrS7JXZ>X}G*(aBIp@aASv@ z!3GzrePFi9!5Z_mx>8nSpKD4u0}Ag$<g(P82gU)juSZT{$O452+^k1S`Y9w+vBLHkqjt2h490B9G50?O!0GB}4 zOMtlJXiCV;gJ9+0bYlGu44ri(WGAC94r02$OAfUP?9`@ULqWJ&2)DS9&fLb=Ec+(_ znEm@ztaZEj#&^H{VZreC-QRlbKWcC4nLJVHtb5*$QH-=P8W7PU;)th6D8mN^r6|; z6E3v{_pV_F9|`P}fjI{S1h~QVrozyfqS#*B$|Pz1mlYdCF3>#Q08O9yX|GJ>(fo6{ z1h@pa1QM1&c)a`oF%c0-o5xBcFGQV1fyTLd3rrN``GpR@31Cp3o=)N z&eO!jmgC|%pm4oC+^Afy0hmETL2q#L!(%&LL!P8LprLKb*i%S?B#>-hs1zoj+{C`z z48G8K=M(RFc39DWZD-9J=IU(v{&hx+opnEsl}T306ZPztb6VGMlW;=|2N(b|LF_ zOt;%v&%<*q>p=w&&w$5!p4A8#DVnV+X8Q}~e)GUzo^=duQAW1elhp$ntQ1GL6c23? zycNo~JH(+a7}9xCuS$5I(R3{)hA_D51Pu{8Ag~jzK%W31#JZm71nwgVV2}ipj1f09?}Ju=+CohakOm;)FmxI2ESx+)Fh!>q|3s?XEkd33~6G~{t4%K?p4h~BayTCuuCxVTfk@ci1T<7?qW z7EWM3U%UM?L88mH2lqV0YULYm+C$%{p)-a02?7KzIV?A{iK?9C zgQCCk2V4SN0$c)FF9EA}K!NmjKpdH2T@s8wYn4CvhFa&{oH#a^-TR3p5Ku zyWG=nx&006S+jC`cXR7sS+(E??`Vs7z5aWw_u;AbbqtGs=7Ah5NFkSq8m=eeeQ>?F z(^;al{8ugkE`i*V0GN4jEIwzmu!AA`WdL$Z?BN}M1@JiBrGWMsrM$p7TexivYjfxW zrP%wEkOP{+_-e!BS8D%v*7ykM)TZA3?tkpG0V5|57Hf?#-;p z<*!IQ$11Ve*Cj3qvb7Ft2+NW%nsF$H5=@a( z>*U-`#7~$@fJ&Dj4CB> zxp;Alj3J=8cORqWaW$pW)epowpHN*4kPoX)8)Vj~VABMKfY={OS+C3ARS-l5)F#oU zq|UewD4ysRs+}m`S=?@LK*Vp5WE2X2LoNX>0WN{8mOzwIxj(Yi&Pse>Jgx3VJS%#e z=UFS+QoY-y?O8Y1SOl(Y_!N+>#WVQe(4GSmb)8!Sf(}X3K}r8W{`UC?$I42571E`x z1;Z7xZ@UY7f=0^iqh)HM4#-#T8r$yvt4AGs0(gms+3sRi_lUo7O}z8LEUneCLgEH? zIJh3I#-`O2OutdU&O8o2oY}VgP=^?91uKyZ;+=S+umpH(Ee;YU@dCmDt|ZI#koVyZ zi2GkI0WN{nCxK{Z;fw;#1QdlLwEy#9gLnou-t%xhMq6I^-{k4{?cv=vKls+_RF*G_*|`EO)>kjh7WA>VPgj;r3OC zL)+aKw|!^!?fh_65yJwb_>2u$^NJo8_8h_c;3p`)XKU87BaYB1k@Xc}^oi1+ZWn7) z&;tr~$KCsLs|UBx?Eg|f8wzfH-D})1+ zDe)Xlyyt_!hMf`huhxVHT)|iK*d7`Epm0rG?zLc}J%r7w)rzrSM(W{j$j3A6%kO`? zwa`~tj6&S7$91VfxKtr|D~iUpChUMNmAfu`O0Z@KDNJC0UbwkLtIpGF;=-^4=BZlV z2c9Un>9oy9fP83=wzbNK zYN6Z#aS3nt+qk&|atB zVvk$$YI0Dks9t8Z?wOkPux5)0n3S6gorOi-$b!(Jih-Ga%nH z_VFja|Lv35UahjdPOYI74Jih%7YBrZ42b?zBcKEa${qi)eD+7=KAW^&`}FBN2I`?s zA$Y0)EN$>CgnRp-y`lML+LZj8$XhaM2Y z$ZN$wm2DQ=89tOK**RmU%nrFvw-jmvJ}@5uY&e(O?EQfQiuFElJ+#dSPSDCXx%zPl za0ze;tY!(o5}sEr*Ap^5k%9FJ5rLR)$n-(+BK)||cPQ{&vmLfjk2~1qWF7hbFBRkE z_|!Mxm#!@`>g{uA7#*<%>jn1n@B0rw#7=$x!V3>#FT>?Bk??Oji~qJo7~kbg*a3NL z<2yF6gX(01J9xkjE^AgT&(*}ufULE8=tcp99Xu+q(;L}0#gkp%!)kJNrYP`rfp$8d zofWjs^?(xq3l~ogmIK0Hk^V%`ZU7q$V3!<;J#wsO_2b{2OMpv&OW;ltKt@AWbe^=w z;_yLJ<5t6KwcWK2ftC<;JN#|=lrr>|hQC&>zPr}gQ^*c((Dq9VTxv~@>8AW(J@)Ao z$18;y?>%s3+hhM;E{#;IySmkOW$P3F&(jax+?wzl(1ps9vCU4_Rb(y=msoufG5<6u zfjR*#Cjb&aMu%TR^%9D2dVK-mwClo% zsndr1(IR#uw?6Og=Ux2js`v75%_YDkz$LH}30ND2%xwYUMwcVpjl9XGx7r9Z)?3O>7f&5{h_xvGIwgpV10z2* z!dz3_(j41YgijoQ(&eq(aA~XRt#po5IEKp-9z-4WJTiUMIoE)Xmi4{r9EM(79AFmp z*NA$f1V1=en~xDBI3T?S?IBhdD`JEE4i>$9ND4xo^lOumlDl@ zFi*sKHnBP1Hvv>f8Bbj#noXes|s3Fyln3E0(QQ1reiIQ zi*~t!r))%66er`0K5vcrQ1%D!a|RW*2-iexSOOmu`zwFUCBP-XCBP+cI|-OT1$u$W z9fz6{QX9+%S<(J7Zm5Is$>zMj9j|0P0*X;+h#1`kXsOJ-W1FkWV>K%5KWmmkwfXTJ z&{Xw9`XT3)!-Zay-71PlcE|uEU???F2lVZZ^{iFGCz1nd+Nd=b`uFF<{jn-cn~HEo zU^xIC5Z2)tRZg(L`48Gy_hVD1ADrvULnq5PEdYLi2T@0J%L8inSREfKyID0iq(5l- z+~VT71G-fv{249*E&(oqcoMJ*M?|Ad=9JKJv^ZcfcU-I+LZ1k@1#3(uk_X|%-451i z&e5FN5IUM~R2TTGuw4`g?YIM~GZ+ZkZD(D=;FGTLvdtID9|8n!cvhETfC_?>2Sul4J8~2o3 zoK8$j$ONmS;f3L;h4IoD*E26VGxu4}E5(yMf1XQ#OMpv&OJIovA}k6$NQK1M-UqBS zeg*Uzl`G2up#g+c$l?KD9mKIfIZ^k9>n#tk!|vHVNIm3u84znKVRZugTJk;by!^z& ze=A=zx?KcCcA^f5wGuCPusYvpkY|wW>;vjs4mOha(d&djos;@LRU*J|LCl%fPc~TnLrC!|Z8rhccAgb11$aX&# zXvzyU$Ca=WM+IB5qbA19YeV&cOyY-Z=9hwSG>>SalR=FEGy1 zrfhaHZW3f+txc#~q~;dM8O_nEg^?fbfVk)765tZx5=f#1%&w4yxF*0`2dEFIR{}R= zB}cK239EBhm!zGfb_x4eC49mWK(}RIDS@AB<#4Ssx3|z}5wMy;uSHEvris-3ieCE= zJGTj7?8&XRKks~Ka$DRC=-YDj;I7)(Q3xN!u z-B);{X+7(ET`VtF zqLvkCv+2FG(9QU*IQ`0cP+>D{ZKx&!YIJ1agRuS}TrB_^jn+&Udq_`}Uf7;@qoU-m z+tyz~DpW2ndtCLD{#S*4uu}GI6R?KcTUK=QsmED&QM?kLQR|qlcK~}pn1n+%_RZ$& zU#tUs+VU*1KjBYtSkJ(vS{20z+6^lelIYO+TX6|+32+H;3EYhYz$X)ZS-)%{6Q~!z zcvv-Ry1`vTGeMnhl;*Hfhk(kbN@k9(H&Y&`0Z?4M3qUmtfnpjIRBW_JsLlztgxSOE zy)Qj5_QZz4N?~G0+(Fc9WhH;}*oL>c$9AX}pKyXb`&xM^Yl}N)1oSnlkwVSbL$sEi z*}%>TH@nxfb~);LEWZ=|8O`PvsCBFfsi+Y611SJQuV$0tbOz4?N4AGDt4PLoBrTQ>w-sSNGNzf!j*a3HP&A|jwV zS7`q_qkU8GoNM;IiK452S_{{?Cn+<^;Kn`Rq6QAnIk7hvD1DvyUpuk8FzB5?sAk#<`zOuzB znjUx0KZQ$xOMpv&OCTx%6Bie$!bKro^rRc42k=2w*FI{`VaCy60V+Fi+D_28E&(K; zSm?&ilo}s8Zq%&-|EE@ky$o2~;Gim8H8!P!w8zD&+V0kQFG%fYAM6jmU$F{ng;67J~wSRr6|t`$4;%nN0Wr3LnGNg&04K1zhk=5d-Mf~xl(2K9 zf8K1nxjpVmZf|+%#hv-X6@{Z^?yF@R=Q{J*FCW&hk2N0G9O&uVaeA)MXrfVu%PF;7Vp^G!{M8!Hq3m`i|5fJ=Z&Amb7+i*m5lp*~UTbz=C` zWQU`K!m{wu{DPg9{GIu87#HnSW)BsB072g^XjmJ!+i~NtEmZXY+way7xPtXX|7&~6 ze|enWR=S5P)RCv8%M~Tw^5P3yW$=^^ZnIt9YX5Wj!_yU|f7!KWd}kqR-!KF8LR~T2 z=bCFO2sf=|RR!Uil2BD~pe8T$vE6cxI1QW_e!@9g2MAO#&}4DDfrAuZVFB!yajEhX z;1b{x;1b{xh%bSK1i`G%;a8(yf*Xpuo@iIddcfM80B>u34%*sq^3j|79%PNGQKx{p z8p|43l>j_;ux{;K)8DhtAG`XTZFsvpwnG8nZFs8)Pc&5N8r|U@EVEBm=3m-ba`F55 zgO5FY;pb~^9#d<)nCF+gN$~h9%gdXC4uvk^^^wR zF1S&%2J|?3vmB}~2v-&94JwEcX6qkhotyvqsC02l;pjGDwA_IWLDP^;Xmbxt>69jbG>=>gXJFsOl+xSpsRg7*Pn zZvpLQIUv)SW|f@z$#4m932+H;2`rU><#d)w99%{}`JgB|4mKYSNbf@NO+rfu-4=ga z9_uZ-acB+k3j4ON^ zDTyuER}kzjWT!W2M+COJAl#_THey|AUa0LG=5fG0$c)I0!t(ibv=>X zA=X~a+je?QpM+G%Ty?F^p1@=f7!n-*Q#NEn{#H9SfNLKV2df05-VI_>)>JgNzm!!! za`n}`p&u3exjb)t`^GEVHw`}J9I0@OR7%4h*Jwqt*YogymMaXv>HW5;I{R#+!1fi> z*0~nv)u!*T{>N{gTubomUQs_~hXacAeayrs;(dS~$4M?Z=h$EQV=e(M0WJY9ft-?n z>5OQbYQ!te=NACT>1`_OcLmzkqAbR`N{m*w)-Cw^*Uf(84%dAbh&Zk0LA}~J*IXRj z|KC`{2KI5~;EQ>Gd$M56Q-n^Cw-Q)5dAPh}d`rQ_9q#|wxj{ShcYwOhHI``2HU{Jy zcKtNwvz|>e{UXEWxHg*~JB&Ic))`?upzS{x^Fi)&)`y zzAXwN_?dGFa0ze;#F2o-9S7PR?69*^5^Eku$3DA(jZ+7|!}b*VtBa-^H)_=)t1V#N z(v1xpE<7U+KCMnZwrThW1zy5qi@v8^f7#|{Jw@UD#eus2&KhMfk+MCmYeybpCpUlr zb^3H3#$Z{G0~J5?k^-H!$P(>&k3*z(u@v8NPM8}vE&(n9E&(oq`$Pi$s^x<$bR2vT z4)`D>CT3~w(W{LQux59tRt0~x(NH-3=DLw**A71E`YT3(DpW5@a8D^CJ7n*3&cVlu zS*LitW*w`?k_D%~M%1e8!4K^iN@YDRP|t+5EY0(;;x_RFlX_}Z~`;M-x{t`L^70`(0ZhISjk z4}e(Hkf}v#J@0_Xp)Y9wt*#5f!PQ&>TmoDIt4{)C_RS7ap9IqBP`3jI&EvEd2Kz>|eO-baQXarr9ke|}aN->gh*f9zY2T0S4_zogLDwv*0h?WYnm^ zDoH;EthESwpI~?XOnV-NPmOMwb;+y`9!J&(oUsMW1&o2|jAH-9A9D$C32+H;3EamL zp#F;mGXvxd$2o=2aXs>EyMwi3bGLJ<1B((K)f@8A2GUyc!}V_V{^S3(ZS7>)rc0Ib zg{KOEi2L)-wc2sVjpjnk4YBHnS+70V^B_Ad2Rrf!Z*WGyh6wUL=kO6q@T}AN(1nkN z_qW&&R(Tk}zdn}$mjIW*Dw9CO0pVNE=OExO4fSHEN5#-6$h3_<7yHbuA92p?1HGG@ zwLbBea@+Wm@`Z|GP+^ak7wf+-X8V;Z%?{R_7ie~b&pU(X^Re<9JU_HV8x9T#w*f3O zrPdGd29YC*uZH)rj#Vc4`#7-SUyVzEOMpw@&JuvrG5rn}e230T5j5JrD%8F~SLm#$ zwXV6*lWz=cV(-hWPMT>Fr;mLPdl|0o62IN@$neg5?-msV*IMoRP|c&P{(G#y*nd)- z>9(;}7oJCN$aFyPL88&;B>2IfN}~IH==A8*sR>03Pq_o)65tZx65tY8-4Y;|0l#n_ z=r{?uH7w`}cRN|19Be9J4d0)xam{?Z{?EIK1ku}j$0DaG5%sM0WJY9fn_Ct49Ggn zwFpFEii#ZI+1mdo3UvaNy@q{UGWL`_V?tjk`yVdWTYTl?!oTjYv(HeV+sw{yq>|mAEC)oC+Vl?p zO6=DB;1b{x;1b{x;1ald2`q9zW;TTX#goB5Iax22a0hhv0_U&f65tZx65tYuNPzHfOZNwvUdhS6DW3i}M`++t0O8obedqe0 z>-ptL(N>2Ek5`twui>oY$dR6UfLHkVByOj_c`sbB!zsnd{ zrIRv{OqjIV9U5@!UBwfxD#P1_k#c#YTpE5(y!rfi;V&aZb>Clq)Uj=nnUor)01~8mf>- zJ;kHXxUL^}>%B!3)D6hESyro*a{i0!-Rjk&inkofuZ(!4QIF!SkiBKD@%@r^MljA5 zug)tA<8J^YFrZw2SM|Oid&`xks~je> zBMMo={mSfTu90V?ArIE3OG9w(<>GL;1V?|VT%P&E2J2<3N;uY+g-S!QgMI4ddc_QT z5cw=Ra0^^}&877rN8rkzV-i5XPfTCuTzap3?F|(QKSaiV;X-@M<)I37vJSV&>W%+l z{O3-($6unDe~I#2zfRU5N<{q6liys^f1$2B%VRGwlz+Tjxl~aU z1Vi|$v~RHgp>y)|yDsl@*yp~i{!3#os&k*9M8M;p9Mu1Qmp&lQe(D~<&dPGv@M7nV zCr8R;U!{BYUsh>l11?hQR>TZ z>doI2A&xaKD1I))KX_&szgEbTRS1LC(0Pecywy|-!uR!mtxoJgaJY=}&r3|5Y)}Jj z-2Ug7{YOok_#6A&C}LRFEZ$Gw3-X*9;^Hn?Re>%{`i=M0k)3jETC`Y763S&G&nnY@ zEaLV*w;VwTmA&)o^yliR2YZ5UcMJHQQD#3X#k?xDLCum;Zhg}gpKYj1y?O}7f2muH zipyIrc|FQdx$Ej%Dshsp$}A~Izcut(KkuG;Lmgb4_C_!6!UME>_KP9(g3n2-q0onZ zpD}=7PYs+@F7HuCJdtYffVjc0%D&Wis1JVE}NWXmj17#4ZUI7;%#;bptbs@$3j5PbDXbcG9 zem8#RmL{yuvqk@F>MPY-v8d+1oQb3R0x7`Mzep$su7)T#gtpg!qV=fPjzB(S{O9Wf zx0(nAe;xE73Q}j@K`}vwf7JO@DZ0^j%M zLhF}81ET-5dU>~MR)&%PE?fMUhdm2_nygj=T>wkSI$_~>E|8rPSmMNJMKT@VYqUC7W`PGtmR#0GILTj#vpM^v8&nXd)=ypy4;P(~}&D~ClG#w2Q5cD@zToItBO@iH>s z<-?w+&M$gUAzj(0=)EfbJv+Y_KPyN8mLEBq(W{LAO!97Z57RB+T67(kjfDV*_9zp3 zW&L#a-rC8!zM+0)=2O|bBW~G$d2yjiybCuDAVc@Rh>|7hG`|mmALAS<+pf7UWZ!e> zT|)Ek-oz=s7lqjm=?=nF2;M5qC!e;D)6Xc^UWY?OZRbvIG3Et$F%YviK9WOy_pM~o zb_r7SK@|KCz(I@Gj!51_k~`DlsUwxr^<$WO#Z3h4^nDxUYMt`sUn;&^0f8~veya-r zM$TLAo~%|eGLxdq$KUoIC13&mjkB(amoe&tL3@VR35)??f+RN__gBQ zM#*nN_8(Y?!3xE@13(BK|7WQOB)vT=&VHeKe{$!V=i(bgM5PG&F#00}g+Ypc2nc!~ zUFZRH_e$7+Gt}$8`i4R^F$9N+;os4n zL3VcSH?sHH1dM;|jethL)H`lu5ce4n$gBxdWmxNTj{g&spW=U*^w{ry`^O0W$zPNS zmw)9Bop(mxFb$WLf5cr%06{yzU015nwOpb8LkGs{#JSUGbOP>`rEcynr4jown(;jA z1P_efT1uI0CE`QW2NIByssCuHxQENI4YSnjf(f7xiv1M+II|K!cXIkub@Zpjw>M?C z{i`ze6Zh;N+`vNLPx?e%mo zmybvHB1I}TTP@uFXHk$~^r%RU;b@I(4p^Z3$heXHKPUTJ-3i4! zv66{>3@lKfol+!@1xkwDPS%^u{?X+_az~ZS1TwqWD{FB?_+C(Fzr3&XpVHN{^5m<< z2;*bF@5&zgwy9U%1TP%jQ^~q^{C)0S0yp1QyicR&3rzdU5ekOk^WuHb@kjh~Ys z`xqsaTop~-yTSOQ7Oi!tR}LcVSz+3{aG@(?q`=_FMVx%48tmU#zD#hS)SZ7y-xFMIb-LI9@dBmnawpjq}(J+}f%+5PEMel7JB6u*Wt2 zygcI16==Ce5LN?A90CiK7mhHhAWY@-gEvte`RqW!Ng%}z|=dUo`cE{ zk)q}avuyOp<9m`2^TabOR}K-C99$$m?q04V|KF8KAk+hbdKfosxJZo9Bi;p#c^>a6 zVL^kS0`RE+xm&1 z*_XYVOP)lP1Ee=Y6awWW$`J+`ZISEms3XrOqcR-h8KZ(i!sYw1H1jW*xxTO9QunBn z>G=1vvT+_fX3ETG3J~dte9YiKneh+m8`zXeA<##bXU9+MRLU7gfPh@`>JS_~#BN-kx25Rw0@ zqOq4!75qf+pvf9lJH_pP`jj931=a>U4I3lJqnsjzvVK8;>8Ggkt9L0^TP%{3l!?eBQ9*ol?YOGmXv_Ga)3%`Xq!6q2ViBvi*jG_W~{*eq~~A2LOk_3 z=$PC@<+S{zSw@Xl{7T=m^6c+Qu_Fv{p!9sf6@Q9}c~Ao#?kmlu*!^K{z)6|?2NsBU zv=k7kTz_qY-c20`z(H4h^86p~QUb8U*vkyFHtb1xeFJyRrAm3?Whj5PGk(DMBQgXa z!GF?qd2c!-6E!Il^|IDZ?C1y-@A4w@m#tU=*hS^@6c285pgteH1gU(WjQ?DoJ4J|^ z6`yk&{?XKb7-9Lw2Ppd|wHtCLCp-F#_ot4{k~S&njBC>&g)Xhv|q6qvFEHO}*z1_0bx^G$_C-|A=cxPt?%@-GmwmkNta^rV2?lj*B$i@pD>T!Vq8wLLrli;oF z9x)4X>h$|ks4v?~#2M7#d--Urw*VDM=)83O5O%kvS^u#rUBI^7YX`9a$khL{S!(El zZOY|;f^cYre`T7yvj2j+!6#1a#d66k^^EtTd)e^66!~EPc&{@0v$R$=pbxYO8bBbA zI=LI;W>jFI26XlnI#8aP`yA_C0DBP9tpAV_Wl7uBP#3rVDX{=3EFig?`&9A1kXFk^ z_Ao*#r;PrCH1#`FxfKkBWnnKEi!ZOf2L8shrA09p0`o^68o|EtKIZOIq5#=ogfn;! zCeM|0{jdr^+RA)%68;OM5XW4hesTdB6h*v`4s~MjD{5k-mPww5zEdsCfV-POm#pDMq469vUi;LE z*E8oCW30sFyF~^tr~?EV&vK)hL#GFlrE9M#-e*zSOTTf8++t=@DPgEK)DO6CO78I$ zT#<0U96Vp7_c=#@aWA`{l4eFme^m@pAniQhB3%EIrX)t6g#F9r`l_O&8}_?=L*#d0 zQ5&z80Z6yGdkxAo+>iyR7q3gyOhbTFB{$}X&t3Vkx;K&!R^fdWmySKf8rkd z8EE&2>graRr|B7dbcJi|Mc3SCSv2tqU^WK6Ca~KsDfG56k<3b^DowtDjWe#?r4C+J z12gg@%8b@={dHyd84RSWL#dm2ywjxz(FBD+9{J|GG8V)@>oD<=@kCh1Y-YdW`)Nik zLyYLaMK<;l22{x_WkhH0n-7KN>*rkL+`H7t`plXA`HKtX2PqH=edAS%ztv@&MK8D* zcR^+aP7K&zW6lvbW`>JnmcO8(_-9rBX~aK8nUzege>%Wa2qR(Nray6w{yg)=4Kx46 zZ75*@%G_6&2nHfr%J_m9K$0d8loGvjcIZEFxkKC4Yp-KRUWP40uIoR}A3b06Td%*3 z^)A_B+|2!A%JsM0S|9XZz!_#%&PX%IUML!*wKW;5498{)z6xcqQkmFIc&*GzCf7e5 zJuhgN)}c%`!s=$;{ztB|Ia)HdPw^AnT?8;MvvQvKOdZ-Lfa(F9jj?)|xyPUmlSh6m zX(#wB@IC1UVV(!1+0T@*pJs(+TclCXD1p-@=1_2kv%G5uieYbkr2JW7B9J0^QHlD2 zGV}I5UH!~jm2CKQ)Bd}r-gg7jI3IgwJ`0||3&b1mNx%Xb=QAATdjHWmUgkD2pP+ik zynKk1ph6t=h?lD~ESYT3;d?v>tzDUH7C>^FCB`kPV1WBx-A^2h`dRlqe#aI3JAy7E zf$Uf3{)la)nb-NKSYjWH{Y(mc0n%V3!YE?%dm&+O2#mq(m&(}7BJnt7hjWi!-@yuH zv_jO{QJ&32mIpExl>NVvZyZ&lmTq`Gg5E_C2%K#?fe^-k2nP6@uS?!%vq~mQPsaCS zW%?rwuDU?Xn~(ym<`)C@K$ym}STC4;WzU5I3kXD}3!2)QBu_VgG z73`MA_X6{f6*bTJ=0%x2sOYpHCQXuAnLM-VzfkiJpDPOWs8^3>@x>*AL3OlDxx5D@ zP@2sT_XF{mCMySZn*Bl^|3&r&|JEHrJM#7e3q;kbtkSV;J{jO~FpO?^tcClVES+Fl>&#}NmeI`uo6^#k{K+7R!-9`$lPj02W*XRnCpT3{a8BVWOe zyxt5{39?_+mpwzIOIn|F?Kpy;?6v=~H`?fKpn$9@N1Ct@{x99*FS)#BK-y%rh=!4# zc%;iU?%?SRbP1Q$uIzsjfPbx98T}y!`qE8x6|2>E|9EtlD{vazbeM=qla;&imNK$a zxJ0m@Y`6cHDy5O9#p&Pk{P%7pfXdIzAB$*rNtX3|3dyUqSBUTLCE@^^^Xp@t*-BaqCVp?*%iSc&x(R@*lRE;J#2eYq-$7)U#g*Y(lpp@c>nWQ4Bd}5>*}p?Jv&xT8pZZK4E-ON7X*j!+ zyJ(o<-70&ZSLWU?Mi!hp>6vXom)7Z;Jcv=3Tnc_nK}l2ZDxqFt&rY3)a{ZmHF3Gi{ zE^r7C)k%(AWo%j;E?38P3m6AT=_NpYHSo1-{3T+Vjoy7Z@<5rWlF`#KsU!Ig0nd03kfYU(oWjT0zxkh%1ZUoG+&K`1T4T4s`pjWwaBN%m(R%g?X2>NL; z)Fp&^#AF8l7N)LWHoBd9r=WE?v`?krK}+pTFOW0FKXPTY*Q857C^Yvt8C`!%MpT!?sj4)QL=6U3sV~IlR};LP=`}*7qw1@{(DJl z5)88cxhF2Y&T;*<5?`4-Oc38iZNydk>r|r@zy+<5p-Z`9_M_(+hTHnRpm&R;{5ZNC z;WJ{g*5Fd`Gob1{VyFXe?u;C5Lg-ydCtHzw@sD07O&=9N*ob91t5)IZixaB}CRmk` zXVuvzIoJrz7en>AaY1#&X-Ix?wzY!szEkf;eNrDMyK8AKyZ%u2R|L*4rjPaNLC5} z{Wp3M{Ko`8xCP(~aCAA1&qcijK1d?JnIpM?1{Y8#%^VT4ncpA{ff->!z>o1Gb*2Hy zuVutYsj}AQ>vZAf)vQ*~TAcdlvIfg+TH{csV3=xYbT|H7Z+fFsfg|yTPPRyT1x5)Ydgt%Azr?zh-@?Y!%%uk_?K)V=1-@&>CazTs+ zOkBN)8}>%y>ehe6Kb7K@eX@1{?mJ5re$ib?0S4^9nW4NZYwZrb6Z*f5TGAbX5U7tB z5%19jgnJ}}I&diScfsOB0H2PcYpbLmvjWH*5F;7?S`@Dwvn{K=_&N47Wd@OdB>2ht zYX=)kA&?MyQ`ApEEhQ@Wx5v?c1Se-O2(UsFDBUUPiW9GxF2F+rbV&>?a^qK|h3SNXmZYr!%Y<5UK_LfDWt_FYJ%1E3#k;f%;d71){bu z2!DE)PcEXLf(KfMJ=}!?sRQwt@gXV+cD;s@lpGLglQ4UT8exnp8d;;FO7@053x@PfNpFMYx5dqQV|10O zpzV%uk6;0K5`qI!&zFK9CE8G4qVw^7)j9?Jgs2^(HX=ldN=ueIf?$JieXr!h=I$IE z>R(~}L&QGP$TsQfD@y2ypw-ZoTF|lVdyGmQP^rc-DRkn_(fCr$q!1`!`%f+dfd5`G zQT<0EY;=hFXQI{u#ho#}CiSA~F>Xds3Iu&b!Mt>;H)dT8pS$=0s z;Ueqq1Ng4aG;%|wTeX=@P)0&*2k3d|2$R{CfbWjL{(mfhs z38nyM@FSt}8K>rdn|shKNp%Q%tDwIl&`3^p+ke~(dXsRy3Pb(5M{2av8&(?JAz#}q z8%Ko*=BM5)2xnpBL+;5L{Hy9SVFA{Kbjz0f6K0rcJLKefHO?7)#OdXq#x9r}+B z1vM!?5ny1KgxuNlD~t@(Ab3c+x_`Cgzuq0<)jbm0UfHexPDBp+7l`@ir@9hRzgzY8 zE~`M+J%Y*)GT)WoZVRUhc!pDd7v%+2uPdbSqO1!t%>qc1I9(%ppO=OzSHV!gF6DY7 zAiHwbL7gpl8&%GoRP*^Aa^96xU~W}@N(2ChzKiXU1bd*$&z;-8w|+{zXS7x+c-$Fi zP_mgUVy<2p`&rS5$9>;7g2$ed^f%mEy)8SHl4m zLSWj<#Jny4R`HblHqX;+PNx*cz(O_;OCFP`5$2JQ9mk_#Q=3VGtCl5Cy!qG}Jk zl6K6gpAr!8huabMCqWNQERd7+OBST__T^AOCRR}Pzm5JQ3kbFs1Wvjzc$V5*$MWX9hU%RKSZ_>KLs5HlQ<(?QH@&B1BcN=bg#ED z{!o65%+N^VJybq#JvZFQ;SRgjVKdrg?QO^$xCr!xvnv-y!7X%Dx%v`l*w3{dBZUcLR1Gem!xlm><8_pFDa^|f<1>F6D7cB&_9)(`?>FO* zbcUAs0^nVy+&C&4$S#3P$s+&jpq#hfsnb*!XsiSib&ymIG)W=Q3%)%T2uM+*C;6Wq z8J~n(X)~uazml}WQa18T)=JX{rO_X{??3xLWG=Jz?o>j*mCey46o1UZZ>EjEX?!Rv z3?6l$+E0-Wb)Ax_{4l~~|1B&~4;o={T>$AnNInTNk>nGYcM5o0yWSxN|0oC17p{$+ zm&|x9ig-*69+Ad>A&*qve=b1rR!Em$D$*OXums`M4~W_)=$0lq@toJXm{1DTpl4|) z7;Exwy%E5gXlj0nl;6CsQ48&I5|8?aLWnq*sMtFnfn@Rl0U?llHAq*hoZemc8x{ha zOu=(Fb4bp@5**;2Knv?_j--eE%jka>c!A=$01AG9mjjhn>g>N6|8#&v8UTve^N^Q%jo=~R2o$v3l568 zcp8nj01xyNWLZQaY7)CG`j;5@anH|FI}fE@dLK-RN&0J`os1N|C?d^hQjCEeO3V*Q z<3GkYywh9m9`@WPj=)#0PVSY0P0nC;Ku|2`5gD9gf^mvyOmxzU)CC?<9d@9%8%vF7 z=|9~F$!`1J=}ttV;S7B)8?O@i07m9B90ef^BYGJiPn=Ut?%`d+Xt_FczZ61!M7sulddarkx?jg$++75B+d*yyu@AB2IlxGF339~1Ye zHfWzq=!&MS*fOtai*GB!0`-C&I>HNNZat=SIMi(^e+q;DrMD;eyATDnV^T~EHrS{L zoH_kBYEgxDP%@52%&YSFk5nX#zWZe;>{_iW*h1efOR5dv-wS=9=ukN#Ew_w+dTcKW zp^k7jVS%D90P8K#_Fbx+i|?A0{*@B{BX+V*+2WnWn@3gOw%i5+QOyTK%^uZPuG}Ps zPccwy&tTij?DNv1u279=yau)$G1Oj|8mPnamVaJ{P2Tc8)IaC35ET5RzVsUZhBC0T z?-Z7A3Px3?vw%qS<(NGV`;X)|hvT1Nk4j}9P&+;+%p8zmTd2osk;i5t$h7*-6!{-= z0NWhsafaJP6B~Scbxr7R*9v-CqT zd~sMD{;`c<11p1BX2E|A1NLA7S+CW*vD-^WTnGD~x%v;))^MQOkD^CAz+gCt%qqQF zM^n92;qRVbkb$yiA2CZ1Mmkfs0BT*>A!j3;T8yYiTWGph?x^WnX^Fg!_A7xVVBRu_Ex|mmS=N5TshH4Ol z&wFS6r!~Ro`JS=#KVpHGQ_j11t9wlx7WAJ^04CyN!9cy5$ayGfO7rCl!d}&gfC|jM zN>s7K<)W2H=A17W`>8quhVx7YKSZyjqq6sjY=u1peIbBZ8kFjeA3? z%1{IlLS_{D$ea<#1R{w1bq%F#ffnKNZj1w9K|t;;h(Yi_`LarF-?ST$SbK%LPkT?q zqPpzR`PkF2hkJ!=(|-&Ipe#mqOMSF;~2T&<^Z7+MyeYrSB2 zuB&^MU<*25Cc-cyDFE0n-;#;6pCX?$mwIAVeVNCwv`B%oP5({wH5JFu8PvWefN1(# zHgMTkkWI7LbAWiO9hs#~woY8;W zr$}4W$)6Yb!8r!ApY|A1$9h>{jeza{%EA?7OLT3GcbOB8P&11E(FLXjrrD+Zi@cQ% zfM_$3)#&xMa80`F*t8?BN*FQcXLG{-U#g(3zMwF=@{%otG8!y@`UA*n+;p=4Lz~g9 zW?$GJ(JqYoGP4C{jy*0?x$HP+%tSb}ZhHvP;~OykP9Vn9&zgdnk-5Y2@Q$1*0gaZy z{wt{bOf{-HNIr?=D&6r9jDPTL5f}q4OG=%~#aamd5&Y2nOFzvZm@`?~bQh3If@6XM z6^S+FHTYA|XQexi#fSRq#VdQUASO3@!NVRIu!qT?qU}Yp0;-mPm+3w9!$P=QHN%YT ziF_>GHkAqxh;9LD59NK$pjl)z}TN;CaaZ2Ce(B@BYfn!gmc5jYKnZ! z`Cp3^8utR-0+tuZzFPntF-(emtYBABnoSv1ftn@YhkZZD4J?}HHq2>g4QOYqC)m6dsN6Y{x~0S z+d}yX_A?+e95e-NdV$C|uu40BF$)u+0L>ytV8&*Y3y0p6EV{h(I06g1sI^GftAPaq zFN8coh0yHn1$cK-+simCr%nIO5)@F)5}U209MqP!m;{>Wl!T49o>L3e%0!=!-x^XL}*Y_nbV1o-gnl=_z|s zYsQJ$E}(WpUy|~hmMR;9hluqivk%%gv(#xC{AG0h*5^?gGKV6wt7nafh#c$Z5*8w- zN&m4P9Zk1dX|~=u`U~iPwj)BZ+fF-jzu%Vg|5nXk`b@uyq!><( zYDbZXD3f^shUF2GZ=&W;ppn!B zhY`zzun;9CKpjw&0F6mjOm#)-oMbtBtO?(Fl7~c$|KeLfW&LWnm&OEQ>qyHR=hUbC zVQf=EZ4D=LLezgFnm}cMB2r%KhDJ>_NWPyIjg)~@B+F_+7*gu$>CyszN`3u>AzTG^5{dg zgTOqK_8(uCoKcTiVZ(md!%hrp;aa4~);<)=Hv>=aP$K&w%y zIx1z5DJ7!(D9@6&MV(d({ZZCH?vbWmk8%@hf?vRbr0nX2dCSF-O1HO6zS^wnHIiZO z5~7++YFq%~t8lFpY_#dWm%!mRKhK`|upg*~d9%OJ)mm!FR~`tNUOH)3(DZP zCO4$FV!TMwh~L9O{H`erdaWw=+yPeSBas!o z^NU?z7-_@xJ*K*Mx-}vdB#MR5Ac*3HG8XtD5~G6i2~m4Ppr90XFO@5X>Hd06z4~jn zm)68*RSKXCS4tE6+2$}ES;Jm(H@;;MQ$`76s%1WkQ13oq_^ASe{y;Z@?NLn^lEYkMH zw;Px|%~Y4joKq6;EYW%T)#OW$phnFGfw?agCzPPUC{^-|K zGphoFAe_v;sgrjKU6#@0Wc>?Jb3IEM-x;_UH0%ohNYZJQ01S0XSX0cMxla96Vd9?@ zAJ&PMOWDGUQXyU0?ZT)|>e3(5|9U4jH2~fjWAScdoKx{9ORwmr!x|&2&O>FHWNGq> z-X{$D^nQgJ1hmB_dWLk8X*=`|8>$c*!qInWxi*zPQW6W9@7(CTSu3K_?gK$|b_@j% zm5csY6{IId3i}}B`$E5?MO~RN`<5;dxB>w`y1G>7K^_VuXQuT(a`%~3a+!ipLoC(^ zvwm9Cj)}oqyIK89IzW!x3e>>=s^t5DQYtzq4o!{cS8Ry z693H|esjYGxQXPe`{ZCF_SZX6`A=%i-)XjbiHp*}zUHqG<;LP6Q?36C?~f`U z^xvA;O_k~<>pn6Y1jH$UbEfj_!na6QI3#JGI&?5EC0Q93R11ml)FIc%E+~Hn3!&)w z3c#acx8vL)CDSrDbe#eH z4|GUcm(BRtg+w5!#&ALZgZ0kfF=2Qo>0YMdA57xVh8mCJdrp{Zc4&=~QH`01g_BIe zcc(IfBiP{3J`|01TuN-Lpuxs;*|A9eXv{+zB2~w`P`^z22orY^K8K`OHF~gFBi(^w z5DbcKQlQHgdNWnQFb$v`6~})pAO*;j{u2z_qmFr86V38m19n?rw=Y;?l3V{bYd&vF zS}ScT1SubWhSTNH%|ye=dZb9#HOtk0@#!HeC&&<%3!D+KTq(U4gCZ`Z9tN)3F=`2! zNoz8}z|b@dm`ojYWpF_x!hYC)UxhN$qF_8N3D$ldEJV?Mt&D0CjK2o{$&DkAIpAp{gCX;Ywx{32%~yz&6XY(v`>l2Bwa-ebHK#Zf1qo?&l9Uf zx%oI!o`oYY;0Vw(w7y+xe?s#kNjK4MgF&=8>9`0{t8oSo%OgJpFLY)?AoJE!t~E)3 zzuvpf$G!uh`s?j_qcik-#5}YcE-hD$f`kZqALV^>IirO=&P~lb5lzW0N6$q5*Px_Jm|;xP_`9U18dg<|GQz1fJK zY%;!4j7%t8Y;+p$NTIg$ggtbBnV@=F%LqsVC67_y{rsZ#``|9XS3oR;)vH!_AO)Jg zG|@n@4(5v@*w+PAL`?us(zFF}^2}kdqXT%a3}s*_MjHLGIs?9`WMe)F-uWAWXjfC~ zrlS`tqW?tB10FVN=`J#!_lM?3zJ)o7j|l>u;L}kFr09X^We6bW&_5Tz2WTR=lA!-c z45`vyBLokM6EC}lD~KIE&C4R;aVB@G0g&7#efHmsT8sais*1+$++Gw{QvD;Yj+#f75yu%CC%KKaYEPXFThElK%q_3 zLJ2J^s}CT=?^hCsJRm>`rGzF00%<}V$g_`M)Gx7R2giAt*s>N0J}1t&v8? zmS-(3FWGVAnLFp6yU#iM>=T@|IaV*B3^}Y0^(M>+n;JBtD8N7K8VjTHb#K4xW4uvE z(rMn$kmMKX!gWd9fystEPXzck2$^SH4j>$MAWMWubD1ulMjQuG#))k*`fH_6Aqs$e z95O-<2tsx21?E%@C3yM>SP-m3t&b=i+&(iuJKc%jZ=3D)G=}OffbMmKHq@}79juZ!s>cJ8p1%$A@yBCs_mC;%mi8PTs?{SJG?bQk1< zew>Ixh~MknKkx+FuhxePJp$5Q8@7OZ_m8dO{LN0R7t|q^fsBCuFgH(De?#DCWc64ZOt5lD4a_+PUC9XhQ&<&?-$?s61yDTbB6WXDM7ve(4q*+2z(P^!)|`?iI>!4X4+S66 zzGo0KN)D%P@Qhh+ey6&7V4Vi!3Fpn5-0RI@8cv-TPY)n6xm`B&Bn#jTlHrpu@`uki zZl5tlk;zt-No+nmQ!kcd?icg;SR*sxK*E-9_7R4X%w5Uo_gu`jsMmx@1j1Cx?8E(3 zAXx|hkMS1yr<}X5*&zt|b=p6TA90Y4zR?i6<$^yOGqHtXZ{aFO4yBgA+6oxWu79~G z5JVjWiF$rx|D5*<;jC|L|7ZfFxS&0!`!X~A&gk>l0uARvjJ3Jn{??i4brVVZqb8_N zVni>R3NuDgCvpGJHDAEqPci>$_Kzbks(?7(qs{Fq$X6xSoH+{;IuTG2K!?tG6%Jue zN_~!$R56<~^8U0g_`l7acv;Q$qn2Ge{-H_|@7m^g@h>Q*N3*B@$3{qm-d}!9bo(5+ z0yV;91PRx$pXNbLGK}V`q~qk#M0v9WPXv^PKX>(j;YHMZ7EpBoqkr!0$JA*x%8r0W z0-_=n_G5y&01!?QL4Pqe%V23g!nbo*EB!c9@*Y#y_$7v#s=zfhLA z4y*zPRSKgLd`wm_?D!u8z@YR~qy3BAgaXBMs?Q$#r8m;n*p9HW zrz`HT(1dkoAEa>`>HK#%w_j3oLkPO-k@~?zo1A{vhIA^7pJ6Zkf0C<;^#1pB`)RbB z%wa)7AcJB`44MAxVoI&l7!WhE(`KJLC>GDU z_h0wejUF@egY$x2Eru!ArSx$XTrlJ-Nwu*cTk}c^)B%ARD~WxC>7rz^rIw$J<(t#9 zB)163uX(Bvm^H8Gsg)l$lit7p=oCAGW=RBd>DVH?RRIwGoI#TYS6+HF@6cnz!bd(?R`<>T!vt`y2U24AVu9>!9vnaX(Wc~ ze~3J|aeTucTH%LQJ-y_?koRDJD<}%d_5uL>;0PFds&(>pHQVFp?u?L^V%R?p3((sN z?HT=-R-b4GR1<9Z`l)V=9gH9$jeG+NvL#}B8}mbO5KxzZwMAyz>fHz+2xWr{N<&AT z>A@__ES8)&h;V+lHT9;-?@71{HnPi|*s=Y8PutT__l=4C&F=>t*fL&l98_~Dsnoqz zL_7Ep&Xwl8p=R#b+L*@At0HR-5<_D7^=|=rpx6TEIbVAoBea-fiBTE@y2jwSN4?(o z%TFXbAZbKYw(k7=C-d*Swb{Q9V*fy9?wi)Sy+jEzk-ZPmV^SJevfMB_v>Vr4lZ=SV zaWNL3WQmAdTgUUwLgEb7PmNgMjPj|YF5Ivf{#Lj&Z`t=>!!)iWYr(MpeB1UrZ`3jJ z9wU0sDJ0Ew5}=VoPvG{6_KW%+X{z&w-FN7lW;f-+Qy?xPLS~go40)k8BozUsgQ6p# zihK(bM+i$F9&iz;CRhl7&TW22>-|HHZjayUh+W)c&7XDv`*lJROoeMX8b8zw{v#vd ze%ME!{&iUa+I+0wc z%D>PWo-AHZaZ6UbjM5Jo^P)BfhTHpg;Sxh#S(6fgiTeg|7MX0sJgLcT%oRY5>;{Jt z7BhQskATP|5D14L!+&MzV`hqaRXtYRECQMIkaK6B$0`8EQYXX+{r12%G#W&*Y}ML7 z%Vfbjpm)|8^O`de>3xh`0pLk#Y{?_}1YHVrcS8=NF_q1@UXH&nILcvt;R~fnvzMYk zHO&HI|4@g%_og%c9F+N6Wmt9s>7c1&ZmeJ&rvQzANClsR;eeYmuAl~oV2mG)>XP2y zn0_z4ss$^6TpXHc3Q*aK)yf5kW_?a^t^n^$`Pp%JE1E=PY?cv*(mYH2#?Mwqlq-`{$TB33VIvu+ooh& zDlcgzLr*K7<^rp(`n~?z(id~V`?SDS41UQ!1zqZ4mo@TSuI2%G#Ue5~>+Q#bt+Ty9 z!gO!Qk}vr~6~9Gayna^&;I%?y1jbMN6YE8)c>n-;&Bhuw=mDi4+o%;Np45vDf=G8a zmKorerM`bzQ9<;0Rkmjg66eL^qt@*g+zJ{aGT9nsq6^^q`uqt>3`v0i^y&G_P6+^BALiHH)e)PtTOkv+jo4!0iCC#5LB)D7Ogz#spCu#|UATPb}TvQcb4} z5V-ENr-y!W>**Q`!I1Zdpw`$97ve(IjJMF8E#NGLUC!J`7L*=wYq4$+#!t+H8H;rL zV6uT*k|LiCo#%|TQ%X-0?Wo`@ngT%_3lWwbsz_*?sv-yt+riSbW{>8^pRU>etI;Q& z+rP4AdNOP4v~*a0SIc~-Y&)f&Qy>KFWTYTXcIFiXvK^WlQ0xjb0&Ug+5wOSigyqo`2&&9dp(}tT}94^ z7%3MFg5iUf#um^rN$0NqbfXTfi1SG3RE9mpNGg`ANq>3cuK@UpMq&t@AM>ipT7>H! z{sY=mHZ-pa9V-&jBwfjJ@Z+PX0;3}y1h#m6F);qoUEX*7D(I(@LiT}Z<##`ty(9))4IhTmUy**iI?4(e)JSnwtva_;FMvx4Pp+3vmTkN zAmp#*_NBVbZ9));^nOu$f8%?t^a_(&0peQ_r}4UpO0gkJtO=FjGubnXF}UGn+y8)_ zV(2Sbn0qX}mloX|8?_F)qx+n(Hc#+Oyjb8thnnkAdL^AJ;ab4{5oq{etD;UJ0qmOg zPs@krM+N}t{hRDnH;Lk;);9f|&9VaW+^I`OWr+#}f+bkOd>eVr0OPTs97voG9bF)h zMP8cVA9DJf%w<0~?2fllAU#$t6qB{5aDwz8kF;Wx!HE?>{_m;qD@fM@_OH^!c67;UFk3I?uAH7k{$!bRcX#@AyL`h)P93$e)#L_3;s^ zqk|63El@QVV&YYAwhu$7MeU)|#{zos@19iQKTDUr^dc8rJnl%Ux=8<;PS<;Bx57gz z{9N%e*24Vw1;IQFbyE@M26@qD_*iU#8#Y?WB7<4ou9!iEaz5Fi!VX#~7Iq&FazI$D z`1k&P#~*-DCprA3uwv1h0W18wEg{J&Zom9bBF+ODvDRjIOk2-6uj^C0>CGcABuojR z(3Gucxu=D8R^dYh@rPoSYUwV}U267723epg{6As@U?dmqGqcEiR-!$a$^!O!@p1(+AYkYYfflE1BFa>G{mv4YqLCL%5F)kW); zg-qtXH(>t~1+Ur^c4x0U+q1;^gV;&U+XA|}{>o_xY-u6#iBMSy1qqjf%2Z_UFS(2K z+jIr$Spmo`VsIqEws|d&2rP~gc%LKY%kG-On;FtUdvg!kZKQxq6<~#7*>3(BD4eTs za7nL?kQ_koe>NP~1<1o{&N*TxVa^N+Bm~ zGB}qDkCt*lOkJW%1*Y6wUv|33%kM@B0EI9Y>Cj5GF!$S+TBmyfqVONf_=k0_c1vSg zA4c?&;l`JtaGN8bU=Aiy8jSXS>ilDbdr8?z6Ms%w=!^vdg@eEZm`gSSMbz;+YeRb> zDhfbBPU>QQcW$;*P5uEL@r(jiss&H%Rdbl_CBz03N6`2|gc!8-X9`7UI(d@Z5Rwy* zl`rFpW!U?v2y+wL;YPW&8!mKrD`6pV&X*JdfuJAMH7Kx^t5-pvJ=MXkUK9c<+JF8z z_W`6HQ1)W`7!D5UxCf7@E35zEVqojyPWI>^U~En%8-0G6x?c~{OaE`W0&A=Q3IrsM z7BD*_%D|UgafXwNFF|z>2E16Yt=F3Fwa0(Mc7RIY2eV_GX^eNF7ll zyaLqS1z*UZ5lITMM<5#xXA4je?F0T%knVvv0~@st+23`d3Kj{wnJsV&t&UJTdDek& zbcnH}68YjQC(94n`b#J=;$tlyD}woX;usy;v`crLpLP1@mahO@F16;MyIbPeXZ7V4 zOj=>T@TV?1)7dErFhe!w?4u6v_KTR2w}1=Urp9(`A9>!IS-^Q9$pL}zmuP8}JylBe zV`p*99R6rZ=4lcjvAKb3xvicNf%t0p=WH;HhO8W{x9~A&%owGFd?sgVOm*2~udonM z!auj4Y`wKhP3(3dE>S8RAO#ejR)t{~U0vpIA=M#e?=Sa1=}&&x6(GBS;jny##E`?* zLc;YHh>#R6+xkk*KY@wuS&Uz#GVM`}3HBE1;-VaI>)GtX0}j$YCHpUYU==R0tIJHO zgYhHJ^F7l0KkUt>e?47+l~=$RXGknmDiGul2!JE4k3vCIbaXqi58rh1d!Pt`ET}tz zNl81s{4Qr|5dB;P{~TIzOod-cdOuQW$Uu`V)uG+oIALY8X`1^gIcFocC`29Mj>7)W zS^gj@Suk>Yy3f147e|1)wbMc^Am7$HzI%Ik68@i+FMmks&sawT>=Dev(YgpRnr4;K z8)?=RU`DiPsGLD?-IAb~tu%-Q3V-)7Ut4#z1aIXgU-R-$JppZJ0HLv+?(O}E5zs`_ zqWg2$l_|MJ0FG|L5ZbbA|&_RF%CX87HmvX@=Tlb=?-F?`u z#&+`vkSMry>Mbewg5G&b`NNplLKz=+EG`sbPILR|7TAOVfUxGmtHO>uXX_(Ya9G{l z=Z-!NI<$AUOZh!khzUpMEYdr#*q}7f_&4EZ-@1=DeORlm0F0U4l+fKpER3;ShwXa@ z)Y$XefPZF>Dcx%YpGsHPRT~P`V*Jr)Y00dng`RW;nqURM7ZTlFaHKy}kB_Tnh6dO7H*uS3s;3E_b$SaGR)AbJ0Gk_7mQcaR_MKO)``w;@5}~dWq=0AD z12jce&9MRo)z9DD9)9iJJ7LY8YMsBbE&R7NkC7{Bh9}(uTVMsS1q%Om^uLf7-KKAP T1<>dIiv||AklO#cKmGp$o7RqH literal 0 HcmV?d00001 diff --git a/workhorse/internal/upload/exif/testdata/sample_exif_corrupted.jpg b/workhorse/internal/upload/exif/testdata/sample_exif_corrupted.jpg new file mode 100644 index 0000000000000000000000000000000000000000..3b5c692de5462365fe3cbb76e419b30b496faefc GIT binary patch literal 2182 zcmbV~2~<;88prR;o)88T0tF0&wL}(&gvb(65E>A)LRbWfG9yrA(E>pML1YnvB!(uIhtg;A*ih#BR5RgS#T0m4XH;6MmXQtKuMgS5@lzK~_GXsJW(&YJVOerb*j$!{Cd-0r zV#?)k02-hG7Ty84358krt5GGyIP!x>e3=MTPI$cwDv%aRbkq({CG~Z-o!s2i^41LRO7Hq4{rX04c z2|^?i$#P^Bd3hDK7F~<|e}}XVPzYcefw0;DMM2OMMA`@#aGzM&|AD~Gz7GV2#$a)H z0+A#K3&a~_Cxu2~&{!-61FPfVJit(}R4vvHoFe}KUOR%uPRhDQ(6KGAS90x{)iw1K zBoj%>AE~IS>3yuv++@JnVrFh($+i20XYa7n(aFu-W3Q)|_hlvH8bsdUk~FSF0*T)24Ya$bHxVNvn7CI9%Y;(KvrRdvm+yA6#^%`L6>+8*>i zeDt{QN&kRkcx3eX*!aYY$+`K3Uw&O&T7JDEAt~!}Bzki)v^BCn2A2G%$o>uXAFcsF zMkDa!p((%`yj~SCzd_0Lqvu^^Mt`k(Qe}4T)Y3dX!2{^FGj5pYv@=*=H0~qLyL6taIUlt)zwWUpelp2fG6-P6W4A_yql! zP}b2j7oWCxA?@Jd!f~<2@q;>=3bpLG!}sbY-95AWszK&_t7z_KLq1uEPbR!-iWw^_ zx>pd=XGXo+DK})!VCQ;N>#JhuQJpHJ%iIL(sg+69MMh3UY0e7tPYQW7&%EQyd>#$_ zo;+{Fd{)ot`pW>u-TS4#VyCv^g=cLj=e(?z-Q#`wZ8OHXi;Hqz{T^dk{;uPI8g4q% z8Moy&F*H>E_U9rywdTSz7HG6}V%b)c9Fcx^04>bbL#^NE70W6#uy0j88hoEqs<-ds zvB93iZ8r5!6P~>dZNENPAhH~e3Ebbavrt`N@18+v5yy-b`>h0)LfJbYVU!*8o8?3rdXxO6Bgn(4r#mV9BvJG2s*YOE`F}% zTw~z;ruJ^G@;qAZ}WRn|6Agr-76hc1!nDD_X#?$ zYTZ%Xtf~a(9m^}melfPa(}M$ehFz8yPE74Mv1gv3xvJtlssEz!Z%?3GolLJPNdFGx zZ!Ha$CLS(kKRnY_&e^Z_plHP;Ph@BZ@BhhI>g}41e`jdWJ6be)I>VT8*q8IBqWgh`BvUIj zszEI!Q?Q3dM!Iemt|3t&5|ePkTglgK<9@FIb}m7uTKk*`Uo#xN!7((__;!1x*H`)f z+|hteW*cx{91lCN_-V{j?cuEj)bK0rCK6#>E}F4)XM0GkF#GjT;nTMZ6kgADgRp!O lGq1FfnI{5 literal 0 HcmV?d00001 diff --git a/workhorse/internal/upload/exif/testdata/sample_exif_invalid.jpg b/workhorse/internal/upload/exif/testdata/sample_exif_invalid.jpg new file mode 100644 index 0000000000..9f8a284c64 --- /dev/null +++ b/workhorse/internal/upload/exif/testdata/sample_exif_invalid.jpg @@ -0,0 +1 @@ +invalid data diff --git a/workhorse/internal/upload/rewrite.go b/workhorse/internal/upload/rewrite.go index e51604c6ed..ba6bd0e501 100644 --- a/workhorse/internal/upload/rewrite.go +++ b/workhorse/internal/upload/rewrite.go @@ -8,12 +8,15 @@ import ( "io/ioutil" "mime/multipart" "net/http" + "os" "strings" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" "gitlab.com/gitlab-org/labkit/log" + "golang.org/x/image/tiff" + "gitlab.com/gitlab-org/gitlab-workhorse/internal/api" "gitlab.com/gitlab-org/gitlab-workhorse/internal/filestore" "gitlab.com/gitlab-org/gitlab-workhorse/internal/lsif_transformer/parser" @@ -122,9 +125,11 @@ func (rew *rewriter) handleFilePart(ctx context.Context, name string, p *multipa var inputReader io.ReadCloser var err error + + imageType := exif.FileTypeFromSuffix(filename) switch { - case exif.IsExifFile(filename): - inputReader, err = handleExifUpload(ctx, p, filename) + case imageType != exif.TypeUnknown: + inputReader, err = handleExifUpload(ctx, p, filename, imageType) if err != nil { return err } @@ -164,12 +169,48 @@ func (rew *rewriter) handleFilePart(ctx context.Context, name string, p *multipa return rew.filter.ProcessFile(ctx, name, fh, rew.writer) } -func handleExifUpload(ctx context.Context, r io.Reader, filename string) (io.ReadCloser, error) { +func handleExifUpload(ctx context.Context, r io.Reader, filename string, imageType exif.FileType) (io.ReadCloser, error) { + tmpfile, err := ioutil.TempFile("", "exifremove") + if err != nil { + return nil, err + } + go func() { + <-ctx.Done() + tmpfile.Close() + }() + if err := os.Remove(tmpfile.Name()); err != nil { + return nil, err + } + + _, err = io.Copy(tmpfile, r) + if err != nil { + return nil, err + } + + tmpfile.Seek(0, io.SeekStart) + isValidType := false + switch imageType { + case exif.TypeJPEG: + isValidType = isJPEG(tmpfile) + case exif.TypeTIFF: + isValidType = isTIFF(tmpfile) + } + + tmpfile.Seek(0, io.SeekStart) + if !isValidType { + log.WithContextFields(ctx, log.Fields{ + "filename": filename, + "imageType": imageType, + }).Print("invalid content type, not running exiftool") + + return tmpfile, nil + } + log.WithContextFields(ctx, log.Fields{ "filename": filename, }).Print("running exiftool to remove any metadata") - cleaner, err := exif.NewCleaner(ctx, r) + cleaner, err := exif.NewCleaner(ctx, tmpfile) if err != nil { return nil, err } @@ -177,6 +218,29 @@ func handleExifUpload(ctx context.Context, r io.Reader, filename string) (io.Rea return cleaner, nil } +func isTIFF(r io.Reader) bool { + _, err := tiff.Decode(r) + if err == nil { + return true + } + + if _, unsupported := err.(tiff.UnsupportedError); unsupported { + return true + } + + return false +} + +func isJPEG(r io.Reader) bool { + // Only the first 512 bytes are used to sniff the content type. + buf, err := ioutil.ReadAll(io.LimitReader(r, 512)) + if err != nil { + return false + } + + return http.DetectContentType(buf) == "image/jpeg" +} + func handleLsifUpload(ctx context.Context, reader io.Reader, tempPath, filename string, preauth *api.Response) (io.ReadCloser, error) { parserConfig := parser.Config{ TempPath: tempPath, diff --git a/workhorse/internal/upload/rewrite_test.go b/workhorse/internal/upload/rewrite_test.go new file mode 100644 index 0000000000..6fc41c3fef --- /dev/null +++ b/workhorse/internal/upload/rewrite_test.go @@ -0,0 +1,43 @@ +package upload + +import ( + "os" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestImageTypeRecongition(t *testing.T) { + tests := []struct { + filename string + isJPEG bool + isTIFF bool + }{ + { + filename: "exif/testdata/sample_exif.jpg", + isJPEG: true, + isTIFF: false, + }, { + filename: "exif/testdata/sample_exif.tiff", + isJPEG: false, + isTIFF: true, + }, { + filename: "exif/testdata/sample_exif_corrupted.jpg", + isJPEG: true, + isTIFF: false, + }, { + filename: "exif/testdata/sample_exif_invalid.jpg", + isJPEG: false, + isTIFF: false, + }, + } + + for _, test := range tests { + t.Run(test.filename, func(t *testing.T) { + input, err := os.Open(test.filename) + require.NoError(t, err) + require.Equal(t, test.isJPEG, isJPEG(input)) + require.Equal(t, test.isTIFF, isTIFF(input)) + }) + } +} diff --git a/workhorse/internal/upload/uploads_test.go b/workhorse/internal/upload/uploads_test.go index fc1a1ac57e..0885f31d5a 100644 --- a/workhorse/internal/upload/uploads_test.go +++ b/workhorse/internal/upload/uploads_test.go @@ -358,26 +358,10 @@ func TestInvalidFileNames(t *testing.T) { } func TestUploadHandlerRemovingExif(t *testing.T) { - tempPath, err := ioutil.TempDir("", "uploads") - require.NoError(t, err) - defer os.RemoveAll(tempPath) - - var buffer bytes.Buffer - content, err := ioutil.ReadFile("exif/testdata/sample_exif.jpg") require.NoError(t, err) - writer := multipart.NewWriter(&buffer) - file, err := writer.CreateFormFile("file", "test.jpg") - require.NoError(t, err) - - _, err = file.Write(content) - require.NoError(t, err) - - err = writer.Close() - require.NoError(t, err) - - ts := testhelper.TestServerWithHandler(regexp.MustCompile(`/url/path\z`), func(w http.ResponseWriter, r *http.Request) { + runUploadTest(t, content, "sample_exif.jpg", 200, func(w http.ResponseWriter, r *http.Request) { err := r.ParseMultipartForm(100000) require.NoError(t, err) @@ -389,30 +373,54 @@ func TestUploadHandlerRemovingExif(t *testing.T) { w.WriteHeader(200) fmt.Fprint(w, "RESPONSE") }) - defer ts.Close() - - httpRequest, err := http.NewRequest("POST", ts.URL+"/url/path", &buffer) - require.NoError(t, err) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - httpRequest = httpRequest.WithContext(ctx) - httpRequest.ContentLength = int64(buffer.Len()) - httpRequest.Header.Set("Content-Type", writer.FormDataContentType()) - response := httptest.NewRecorder() - - handler := newProxy(ts.URL) - apiResponse := &api.Response{TempPath: tempPath} - preparer := &DefaultPreparer{} - opts, _, err := preparer.Prepare(apiResponse) - require.NoError(t, err) - - HandleFileUploads(response, httpRequest, handler, apiResponse, &testFormProcessor{}, opts) - require.Equal(t, 200, response.Code) } -func TestUploadHandlerRemovingInvalidExif(t *testing.T) { +func TestUploadHandlerRemovingExifTiff(t *testing.T) { + content, err := ioutil.ReadFile("exif/testdata/sample_exif.tiff") + require.NoError(t, err) + + runUploadTest(t, content, "sample_exif.tiff", 200, func(w http.ResponseWriter, r *http.Request) { + err := r.ParseMultipartForm(100000) + require.NoError(t, err) + + size, err := strconv.Atoi(r.FormValue("file.size")) + require.NoError(t, err) + require.True(t, size < len(content), "Expected the file to be smaller after removal of exif") + require.True(t, size > 0, "Expected to receive not empty file") + + w.WriteHeader(200) + fmt.Fprint(w, "RESPONSE") + }) +} + +func TestUploadHandlerRemovingExifInvalidContentType(t *testing.T) { + content, err := ioutil.ReadFile("exif/testdata/sample_exif_invalid.jpg") + require.NoError(t, err) + + runUploadTest(t, content, "sample_exif_invalid.jpg", 200, func(w http.ResponseWriter, r *http.Request) { + err := r.ParseMultipartForm(100000) + require.NoError(t, err) + + output, err := ioutil.ReadFile(r.FormValue("file.path")) + require.NoError(t, err) + require.Equal(t, content, output, "Expected the file to be same as before") + + w.WriteHeader(200) + fmt.Fprint(w, "RESPONSE") + }) +} + +func TestUploadHandlerRemovingExifCorruptedFile(t *testing.T) { + content, err := ioutil.ReadFile("exif/testdata/sample_exif_corrupted.jpg") + require.NoError(t, err) + + runUploadTest(t, content, "sample_exif_corrupted.jpg", 422, func(w http.ResponseWriter, r *http.Request) { + err := r.ParseMultipartForm(100000) + require.Error(t, err) + }) +} + +func runUploadTest(t *testing.T, image []byte, filename string, httpCode int, tsHandler func(http.ResponseWriter, *http.Request)) { tempPath, err := ioutil.TempDir("", "uploads") require.NoError(t, err) defer os.RemoveAll(tempPath) @@ -420,17 +428,16 @@ func TestUploadHandlerRemovingInvalidExif(t *testing.T) { var buffer bytes.Buffer writer := multipart.NewWriter(&buffer) - file, err := writer.CreateFormFile("file", "test.jpg") + file, err := writer.CreateFormFile("file", filename) + require.NoError(t, err) + + _, err = file.Write(image) require.NoError(t, err) - fmt.Fprint(file, "this is not valid image data") err = writer.Close() require.NoError(t, err) - ts := testhelper.TestServerWithHandler(regexp.MustCompile(`/url/path\z`), func(w http.ResponseWriter, r *http.Request) { - err := r.ParseMultipartForm(100000) - require.Error(t, err) - }) + ts := testhelper.TestServerWithHandler(regexp.MustCompile(`/url/path\z`), tsHandler) defer ts.Close() httpRequest, err := http.NewRequest("POST", ts.URL+"/url/path", &buffer) @@ -451,7 +458,7 @@ func TestUploadHandlerRemovingInvalidExif(t *testing.T) { require.NoError(t, err) HandleFileUploads(response, httpRequest, handler, apiResponse, &testFormProcessor{}, opts) - require.Equal(t, 422, response.Code) + require.Equal(t, httpCode, response.Code) } func newProxy(url string) *proxy.Proxy { From 998664b918f35ecf7d1768ce62161bc8b5a7f2b1 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 15 Apr 2021 22:42:28 +0530 Subject: [PATCH 2/5] Update minimum version of ruby-rexml to 3.2.5 --- debian/control | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/control b/debian/control index 052c3ef912..211c60ff7b 100644 --- a/debian/control +++ b/debian/control @@ -56,6 +56,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby-bcrypt (>= 3.1.14~), ruby-doorkeeper (>= 5.5~), ruby-doorkeeper-openid-connect (>= 1.7.5~), + ruby-rexml (>= 3.2.5~), ruby-omniauth (>= 1.8~), ruby-omniauth-auth0 (>= 2.0~), ruby-omniauth-azure-oauth2 (>= 0.0.10~), From 41bcf3cda5ee31d0033f8c053a4e1c708c24f1bd Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 15 Apr 2021 23:34:02 +0530 Subject: [PATCH 3/5] Add ruby-saml as a dependency --- debian/control | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/control b/debian/control index 211c60ff7b..8aed9fd40b 100644 --- a/debian/control +++ b/debian/control @@ -57,6 +57,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby-doorkeeper (>= 5.5~), ruby-doorkeeper-openid-connect (>= 1.7.5~), ruby-rexml (>= 3.2.5~), + ruby-saml (>= 1.12.1~), ruby-omniauth (>= 1.8~), ruby-omniauth-auth0 (>= 2.0~), ruby-omniauth-azure-oauth2 (>= 0.0.10~), From 9b03fe71bdb9ad38d34bdd6d4258088fe6b15540 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 15 Apr 2021 23:57:26 +0530 Subject: [PATCH 4/5] Refresh patches --- debian/patches/0050-relax-stable-libs.patch | 46 ++++++++++--------- .../0100-remove-development-test.patch | 10 ++-- ...0-make-test-dependencies-conditional.patch | 4 +- debian/patches/0340-relax-httparty.patch | 2 +- debian/patches/0350-relax-rdoc.patch | 2 +- .../patches/0430-remove-gitlab-markup.patch | 2 +- debian/patches/0440-remove-unicorn.patch | 2 +- .../0480-embed-elasticsearch-model.patch | 2 +- .../0480-embed-elasticsearch-rails.patch | 2 +- debian/patches/0482-remove-ee-only-gems.patch | 4 +- debian/patches/0484-relax-grape-entity.patch | 2 +- .../0485-relax-gitlab-sidekiq-fetcher.patch | 2 +- debian/patches/0486-relax-sidekiq.patch | 2 +- debian/patches/0499-10-relax-capybara.patch | 2 +- .../0499-20-remove-capybara-screenshot.patch | 2 +- .../patches/0499-30-remove-guard-rspec.patch | 2 +- debian/patches/0499-40-relax-rouge.patch | 2 +- debian/patches/0499-70-relax-graphlient.patch | 2 +- debian/patches/0499-90-relax-webrick.patch | 2 +- .../patches/0499-91-relax-gitlab-labkit.patch | 2 +- 20 files changed, 50 insertions(+), 46 deletions(-) diff --git a/debian/patches/0050-relax-stable-libs.patch b/debian/patches/0050-relax-stable-libs.patch index b83624f087..73b4616a71 100644 --- a/debian/patches/0050-relax-stable-libs.patch +++ b/debian/patches/0050-relax-stable-libs.patch @@ -3,7 +3,7 @@ gitlab Gemfile --- a/Gemfile +++ b/Gemfile -@@ -2,53 +2,53 @@ +@@ -2,55 +2,55 @@ source 'https://rubygems.org' @@ -42,9 +42,13 @@ gitlab Gemfile -gem 'bcrypt', '3.1.12' -gem 'doorkeeper', '~> 5.5.0.rc2' -gem 'doorkeeper-openid_connect', '~> 1.7.5' +-gem 'rexml', '~> 3.2.5' +-gem 'ruby-saml', '~> 1.12.1' +gem 'bcrypt', '~> 3.1', '>= 3.1.12' +gem 'doorkeeper', '~> 5.5' +gem 'doorkeeper-openid_connect', '~> 1.7', '>= 1.7.5' ++gem 'rexml', '~> 3.2', '>= 3.2.5' ++gem 'ruby-saml', '~> 1.12', '>= 1.12.1' gem 'omniauth', '~> 1.8' -gem 'omniauth-auth0', '~> 2.0.0' +gem 'omniauth-auth0', '~> 2.0' @@ -77,7 +81,7 @@ gitlab Gemfile # Kerberos authentication. EE-only gem 'gssapi', group: :kerberos -@@ -56,17 +56,17 @@ +@@ -58,17 +58,17 @@ # Spam and anti-bot protection gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails' gem 'akismet', '~> 3.0' @@ -100,7 +104,7 @@ gitlab Gemfile # GitLab Pages letsencrypt support gem 'acme-client', '~> 2.0', '>= 2.0.6' -@@ -74,27 +74,27 @@ +@@ -76,27 +76,27 @@ gem 'browser', '~> 4.2' # GPG @@ -136,7 +140,7 @@ gitlab Gemfile gem 'graphlient', '~> 0.4.0' # Used by BulkImport feature (group::import) gem 'hashie' -@@ -105,11 +105,11 @@ +@@ -107,11 +107,11 @@ gem 'kaminari', '~> 1.0' # HAML @@ -150,7 +154,7 @@ gitlab Gemfile # for backups gem 'fog-aws', '~> 3.8' -@@ -130,37 +130,37 @@ +@@ -132,37 +132,37 @@ gem 'unf', '~> 0.1.4' # Seed data @@ -201,7 +205,7 @@ gitlab Gemfile gem 'escape_utils', '~> 1.1' # Calendar rendering -@@ -171,7 +171,7 @@ +@@ -173,7 +173,7 @@ gem 'diff_match_patch', '~> 0.1.0' # Application server @@ -210,7 +214,7 @@ gitlab Gemfile # https://github.com/sharpstone/rack-timeout/blob/master/README.md#rails-apps-manually gem 'rack-timeout', '~> 0.5.1', require: 'rack/timeout/base' -@@ -181,7 +181,7 @@ +@@ -183,7 +183,7 @@ end group :puma do @@ -219,7 +223,7 @@ gitlab Gemfile gem 'puma_worker_killer', '~> 0.3.1', require: false end -@@ -192,13 +192,13 @@ +@@ -194,13 +194,13 @@ gem 'acts-as-taggable-on', '~> 7.0' # Background jobs @@ -236,7 +240,7 @@ gitlab Gemfile # HTTP requests gem 'httparty', '~> 0.16.4' -@@ -210,14 +210,14 @@ +@@ -212,14 +212,14 @@ gem 'ruby-progressbar', '~> 1.10' # GitLab settings @@ -254,7 +258,7 @@ gitlab Gemfile # Export Ruby Regex to Javascript gem 'js_regex', '~> 3.4' -@@ -230,20 +230,20 @@ +@@ -232,20 +232,20 @@ gem 'connection_pool', '~> 2.0' # Redis session store @@ -278,7 +282,7 @@ gitlab Gemfile # Hangouts Chat integration gem 'hangouts-chat', '~> 0.0.5' -@@ -255,11 +255,11 @@ +@@ -257,11 +257,11 @@ gem 'ruby-fogbugz', '~> 0.2.1' # Kubernetes integration @@ -293,7 +297,7 @@ gitlab Gemfile # Sanitizes SVG input gem 'loofah', '~> 2.2' -@@ -285,9 +285,9 @@ +@@ -287,9 +287,9 @@ gem 'rack-proxy', '~> 0.6.0' @@ -306,7 +310,7 @@ gitlab Gemfile gem 'addressable', '~> 2.7' gem 'gemojione', '~> 3.3' -@@ -298,18 +298,18 @@ +@@ -300,18 +300,18 @@ gem "gitlab-license", "~> 1.3" # Protect against bruteforcing @@ -329,7 +333,7 @@ gitlab Gemfile # Thrift is a dependency of gitlab-labkit, we want a version higher than 0.14.0 # because of https://gitlab.com/gitlab-org/gitlab/-/issues/321900 gem 'thrift', '>= 0.14.0' -@@ -317,11 +317,11 @@ +@@ -319,11 +319,11 @@ # I18n gem 'ruby_parser', '~> 3.15', require: false gem 'rails-i18n', '~> 6.0' @@ -343,7 +347,7 @@ gitlab Gemfile # Perf bar gem 'peek', '~> 1.1' -@@ -354,39 +354,39 @@ +@@ -356,39 +356,39 @@ end group :development, :test do @@ -394,7 +398,7 @@ gitlab Gemfile gem 'timecop', '~> 0.9.1' -@@ -408,18 +408,18 @@ +@@ -410,18 +410,18 @@ end group :test do @@ -419,7 +423,7 @@ gitlab Gemfile gem 'rails-controller-testing' gem 'concurrent-ruby', '~> 1.1' gem 'test-prof', '~> 0.12.0' -@@ -438,7 +438,7 @@ +@@ -440,7 +440,7 @@ gem 'email_reply_trimmer', '~> 0.1' gem 'html2text' @@ -428,7 +432,7 @@ gitlab Gemfile gem 'stackprof', '~> 0.2.15', require: false gem 'rbtrace', '~> 0.4', require: false gem 'memory_profiler', '~> 0.9', require: false -@@ -452,8 +452,8 @@ +@@ -454,8 +454,8 @@ gem 'health_check', '~> 3.0' # System information @@ -439,7 +443,7 @@ gitlab Gemfile # NTP client gem 'net-ntp' -@@ -469,13 +469,13 @@ +@@ -471,13 +471,13 @@ end # Gitaly GRPC protocol definitions @@ -456,7 +460,7 @@ gitlab Gemfile # Feature toggles gem 'flipper', '~> 0.17.1' -@@ -494,12 +494,12 @@ +@@ -496,12 +496,12 @@ # Countries list gem 'countries', '~> 3.0' @@ -471,7 +475,7 @@ gitlab Gemfile # Locked as long as quoted-printable encoding issues are not resolved # Monkey-patched in `config/initializers/mail_encoding_patch.rb` -@@ -513,12 +513,12 @@ +@@ -515,12 +515,12 @@ gem 'valid_email', '~> 0.1' # JSON diff --git a/debian/patches/0100-remove-development-test.patch b/debian/patches/0100-remove-development-test.patch index 8483594d51..d760415f7b 100644 --- a/debian/patches/0100-remove-development-test.patch +++ b/debian/patches/0100-remove-development-test.patch @@ -2,7 +2,7 @@ Bundler will fail when it can't find these locally --- a/Gemfile +++ b/Gemfile -@@ -94,7 +94,6 @@ +@@ -96,7 +96,6 @@ # https://gitlab.com/gitlab-org/gitlab/issues/31747 gem 'graphiql-rails', '~> 1.4', '>= 1.4.10' gem 'apollo_upload_server', '~> 2.0', '>= 2.0.2' @@ -10,7 +10,7 @@ Bundler will fail when it can't find these locally gem 'graphlient', '~> 0.4.0' # Used by BulkImport feature (group::import) gem 'hashie' -@@ -319,7 +318,6 @@ +@@ -321,7 +320,6 @@ gem 'rails-i18n', '~> 6.0' gem 'gettext_i18n_rails', '~> 1.8' gem 'gettext_i18n_rails_js', '~> 1.3' @@ -18,7 +18,7 @@ Bundler will fail when it can't find these locally gem 'batch-loader', '~> 1.4' -@@ -339,20 +337,6 @@ +@@ -341,20 +339,6 @@ gem 'raindrops', '~> 0.18' end @@ -39,7 +39,7 @@ Bundler will fail when it can't find these locally group :development, :test do gem 'deprecation_toolkit', '~> 1.5', '>= 1.5.1', require: false gem 'bullet', '~> 6.1', '>= 6.1.3' -@@ -375,12 +359,6 @@ +@@ -377,12 +361,6 @@ gem 'spring', '~> 2.1' gem 'spring-commands-rspec', '~> 1.0', '>= 1.0.4' @@ -52,7 +52,7 @@ Bundler will fail when it can't find these locally gem 'benchmark-ips', '~> 2.3', require: false gem 'knapsack', '~> 1.17' -@@ -397,16 +375,6 @@ +@@ -399,16 +377,6 @@ gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false end diff --git a/debian/patches/0110-make-test-dependencies-conditional.patch b/debian/patches/0110-make-test-dependencies-conditional.patch index 67da2f0901..4c8d99fdaf 100644 --- a/debian/patches/0110-make-test-dependencies-conditional.patch +++ b/debian/patches/0110-make-test-dependencies-conditional.patch @@ -2,7 +2,7 @@ Make test dependencies conditional so we can enable them when running autopkgtes --- a/Gemfile +++ b/Gemfile -@@ -337,7 +337,7 @@ +@@ -339,7 +339,7 @@ gem 'raindrops', '~> 0.18' end @@ -11,7 +11,7 @@ Make test dependencies conditional so we can enable them when running autopkgtes gem 'deprecation_toolkit', '~> 1.5', '>= 1.5.1', require: false gem 'bullet', '~> 6.1', '>= 6.1.3' gem 'gitlab-pry-byebug', platform: :mri, require: ['pry-byebug', 'pry-byebug/pry_remote_ext'] -@@ -373,9 +373,7 @@ +@@ -375,9 +375,7 @@ gem 'parallel', '~> 1.19', require: false gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false diff --git a/debian/patches/0340-relax-httparty.patch b/debian/patches/0340-relax-httparty.patch index 49c6866613..20e139f36e 100644 --- a/debian/patches/0340-relax-httparty.patch +++ b/debian/patches/0340-relax-httparty.patch @@ -2,7 +2,7 @@ Allow newer versions of httparty to satisfy dependency --- a/Gemfile +++ b/Gemfile -@@ -200,7 +200,7 @@ +@@ -202,7 +202,7 @@ gem 'fugit', '~> 1.2', '>= 1.2.1' # HTTP requests diff --git a/debian/patches/0350-relax-rdoc.patch b/debian/patches/0350-relax-rdoc.patch index c03769a423..3bf3a90267 100644 --- a/debian/patches/0350-relax-rdoc.patch +++ b/debian/patches/0350-relax-rdoc.patch @@ -2,7 +2,7 @@ Allow rdoc from ruby 2.5 to match requirement --- a/Gemfile +++ b/Gemfile -@@ -148,7 +148,7 @@ +@@ -150,7 +150,7 @@ gem 'commonmarker', '~> 0.21' gem 'kramdown', '~> 2.3' gem 'RedCloth', '~> 4.3', '>= 4.3.2' diff --git a/debian/patches/0430-remove-gitlab-markup.patch b/debian/patches/0430-remove-gitlab-markup.patch index 1d609164f1..e8c5e7fb19 100644 --- a/debian/patches/0430-remove-gitlab-markup.patch +++ b/debian/patches/0430-remove-gitlab-markup.patch @@ -4,7 +4,7 @@ maintaining two almost same packages. --- a/Gemfile +++ b/Gemfile -@@ -143,7 +143,6 @@ +@@ -145,7 +145,6 @@ # Markdown and HTML processing gem 'html-pipeline', '~> 2.13', '>= 2.13.2' gem 'deckar01-task_list', '~> 2.3', '>= 2.3.1' diff --git a/debian/patches/0440-remove-unicorn.patch b/debian/patches/0440-remove-unicorn.patch index a1d84ae203..71a6e8468b 100644 --- a/debian/patches/0440-remove-unicorn.patch +++ b/debian/patches/0440-remove-unicorn.patch @@ -3,7 +3,7 @@ gitlab-puma changes is included in puma package. --- a/Gemfile +++ b/Gemfile -@@ -173,11 +173,6 @@ +@@ -175,11 +175,6 @@ # https://github.com/sharpstone/rack-timeout/blob/master/README.md#rails-apps-manually gem 'rack-timeout', '~> 0.5.1', require: 'rack/timeout/base' diff --git a/debian/patches/0480-embed-elasticsearch-model.patch b/debian/patches/0480-embed-elasticsearch-model.patch index df60823cd1..022f904245 100644 --- a/debian/patches/0480-embed-elasticsearch-model.patch +++ b/debian/patches/0480-embed-elasticsearch-model.patch @@ -2,7 +2,7 @@ Embed this gem until gitlab moved to 7.x version --- a/Gemfile +++ b/Gemfile -@@ -132,7 +132,7 @@ +@@ -134,7 +134,7 @@ gem 'seed-fu', '~> 2.3', '>= 2.3.7' # Search diff --git a/debian/patches/0480-embed-elasticsearch-rails.patch b/debian/patches/0480-embed-elasticsearch-rails.patch index dbc076d535..df7f034611 100644 --- a/debian/patches/0480-embed-elasticsearch-rails.patch +++ b/debian/patches/0480-embed-elasticsearch-rails.patch @@ -2,7 +2,7 @@ Embed this gem until gitlab moved to 7.x version --- a/Gemfile +++ b/Gemfile -@@ -133,7 +133,7 @@ +@@ -135,7 +135,7 @@ # Search gem 'elasticsearch-model', '~> 6.1', path: 'vendor/gems/elasticsearch-model' diff --git a/debian/patches/0482-remove-ee-only-gems.patch b/debian/patches/0482-remove-ee-only-gems.patch index 2bd5e763ba..455802c04d 100644 --- a/debian/patches/0482-remove-ee-only-gems.patch +++ b/debian/patches/0482-remove-ee-only-gems.patch @@ -2,7 +2,7 @@ This gem is used only in gitlab Enterprise Edition --- a/Gemfile +++ b/Gemfile -@@ -50,9 +50,6 @@ +@@ -52,9 +52,6 @@ gem 'rack-oauth2', '~> 1.16' gem 'jwt', '~> 2.1' @@ -12,7 +12,7 @@ This gem is used only in gitlab Enterprise Edition # Spam and anti-bot protection gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails' gem 'akismet', '~> 3.0' -@@ -288,8 +285,6 @@ +@@ -290,8 +287,6 @@ gem 'request_store', '~> 1.5' gem 'base32', '~> 0.3.0' diff --git a/debian/patches/0484-relax-grape-entity.patch b/debian/patches/0484-relax-grape-entity.patch index 431a140f2e..6656494b49 100644 --- a/debian/patches/0484-relax-grape-entity.patch +++ b/debian/patches/0484-relax-grape-entity.patch @@ -2,7 +2,7 @@ Debian already has 0.8 --- a/Gemfile +++ b/Gemfile -@@ -81,7 +81,7 @@ +@@ -83,7 +83,7 @@ # API gem 'grape', '~> 1.5', '>= 1.5.2' diff --git a/debian/patches/0485-relax-gitlab-sidekiq-fetcher.patch b/debian/patches/0485-relax-gitlab-sidekiq-fetcher.patch index a784a1be34..12285fbe62 100644 --- a/debian/patches/0485-relax-gitlab-sidekiq-fetcher.patch +++ b/debian/patches/0485-relax-gitlab-sidekiq-fetcher.patch @@ -2,7 +2,7 @@ Allow newer version in the archive to satisfy the requirement --- a/Gemfile +++ b/Gemfile -@@ -185,7 +185,7 @@ +@@ -187,7 +187,7 @@ gem 'sidekiq', '~> 5.2', '>= 5.2.7' gem 'sidekiq-cron', '~> 1.0' gem 'redis-namespace', '~> 1.7' diff --git a/debian/patches/0486-relax-sidekiq.patch b/debian/patches/0486-relax-sidekiq.patch index fd570b8a52..273e11f542 100644 --- a/debian/patches/0486-relax-sidekiq.patch +++ b/debian/patches/0486-relax-sidekiq.patch @@ -2,7 +2,7 @@ ruby-sidekiq 6 is in unstable --- a/Gemfile +++ b/Gemfile -@@ -182,7 +182,7 @@ +@@ -184,7 +184,7 @@ gem 'acts-as-taggable-on', '~> 7.0' # Background jobs diff --git a/debian/patches/0499-10-relax-capybara.patch b/debian/patches/0499-10-relax-capybara.patch index 3f60fbdd01..2218e799e9 100644 --- a/debian/patches/0499-10-relax-capybara.patch +++ b/debian/patches/0499-10-relax-capybara.patch @@ -1,6 +1,6 @@ --- a/Gemfile +++ b/Gemfile -@@ -368,7 +368,7 @@ +@@ -370,7 +370,7 @@ gem 'rspec_profiling', '~> 0.0.6' gem 'rspec-parameterized', require: false diff --git a/debian/patches/0499-20-remove-capybara-screenshot.patch b/debian/patches/0499-20-remove-capybara-screenshot.patch index 1fbe0e0e13..d16035b488 100644 --- a/debian/patches/0499-20-remove-capybara-screenshot.patch +++ b/debian/patches/0499-20-remove-capybara-screenshot.patch @@ -1,6 +1,6 @@ --- a/Gemfile +++ b/Gemfile -@@ -369,7 +369,6 @@ +@@ -371,7 +371,6 @@ gem 'rspec-parameterized', require: false gem 'capybara', '~> 3.12' diff --git a/debian/patches/0499-30-remove-guard-rspec.patch b/debian/patches/0499-30-remove-guard-rspec.patch index c374836b65..16bbda0a29 100644 --- a/debian/patches/0499-30-remove-guard-rspec.patch +++ b/debian/patches/0499-30-remove-guard-rspec.patch @@ -1,6 +1,6 @@ --- a/Gemfile +++ b/Gemfile -@@ -378,7 +378,6 @@ +@@ -380,7 +380,6 @@ gem 'concurrent-ruby', '~> 1.1' gem 'test-prof', '~> 0.12.0' gem 'rspec_junit_formatter' diff --git a/debian/patches/0499-40-relax-rouge.patch b/debian/patches/0499-40-relax-rouge.patch index e10b372555..cc60fe576e 100644 --- a/debian/patches/0499-40-relax-rouge.patch +++ b/debian/patches/0499-40-relax-rouge.patch @@ -3,7 +3,7 @@ rouge update is blocked by --- a/Gemfile +++ b/Gemfile -@@ -152,7 +152,7 @@ +@@ -154,7 +154,7 @@ gem 'asciidoctor-include-ext', '~> 0.3.1', require: false gem 'asciidoctor-plantuml', '~> 0.0.12' gem 'asciidoctor-kroki', '~> 0.4.0', require: false diff --git a/debian/patches/0499-70-relax-graphlient.patch b/debian/patches/0499-70-relax-graphlient.patch index f55c9d5837..ea843073ab 100644 --- a/debian/patches/0499-70-relax-graphlient.patch +++ b/debian/patches/0499-70-relax-graphlient.patch @@ -2,7 +2,7 @@ newer version is in the archive --- a/Gemfile +++ b/Gemfile -@@ -91,7 +91,7 @@ +@@ -93,7 +93,7 @@ # https://gitlab.com/gitlab-org/gitlab/issues/31747 gem 'graphiql-rails', '~> 1.4', '>= 1.4.10' gem 'apollo_upload_server', '~> 2.0', '>= 2.0.2' diff --git a/debian/patches/0499-90-relax-webrick.patch b/debian/patches/0499-90-relax-webrick.patch index b23ce6b5b5..eb25c5da8b 100644 --- a/debian/patches/0499-90-relax-webrick.patch +++ b/debian/patches/0499-90-relax-webrick.patch @@ -1,6 +1,6 @@ --- a/Gemfile +++ b/Gemfile -@@ -319,7 +319,7 @@ +@@ -321,7 +321,7 @@ # Metrics group :metrics do gem 'method_source', '~> 1.0', require: false diff --git a/debian/patches/0499-91-relax-gitlab-labkit.patch b/debian/patches/0499-91-relax-gitlab-labkit.patch index 0c8c3ec22b..70c32fdf8c 100644 --- a/debian/patches/0499-91-relax-gitlab-labkit.patch +++ b/debian/patches/0499-91-relax-gitlab-labkit.patch @@ -2,7 +2,7 @@ gitaly needs gitlab-labkit ~> 0.15.0 --- a/Gemfile +++ b/Gemfile -@@ -297,7 +297,7 @@ +@@ -299,7 +299,7 @@ gem 'premailer-rails', '~> 1.10', '>= 1.10.3' # LabKit: Tracing and Correlation From 684df5604e4e19557dfee499c236b135c57a497e Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 15 Apr 2021 22:43:13 +0530 Subject: [PATCH 5/5] Upload to experimental --- debian/changelog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/changelog b/debian/changelog index eb76c87467..3584a10be6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +gitlab (13.9.6+ds1-1) experimental; urgency=medium + + * New upstream security release 13.9.6+ds1 + * Update minimum version of ruby-rexml to 3.2.5 + * Add ruby-saml as a dependency + * Refresh patches + + -- Pirate Praveen Thu, 15 Apr 2021 22:42:45 +0530 + gitlab (13.9.5+ds1-1) experimental; urgency=medium * Update watch file regex for github.com components