From 6e0c33d6a9c0d661a8f78c90737210e0043c282a Mon Sep 17 00:00:00 2001 From: Bruno Grieder Date: Thu, 27 Nov 2025 07:41:08 +0100 Subject: [PATCH 1/5] feat: support AWS-XKS sigv4 --- .cargo/audit.toml | 7 +- .github/reusable_scripts | 2 +- .github/scripts/nix.sh | 14 +- .github/scripts/test_xks.sh | 198 +++++ .github/workflows/test_all.yml | 4 + CHANGELOG.md | 6 + Cargo.lock | 315 +++++++- Cargo.toml | 32 +- crate/cli/src/actions/kms/access.rs | 2 +- crate/cli/src/tests/kms/aws_xks_tests.rs | 106 +++ crate/server/Cargo.toml | 26 +- .../src/config/command_line/clap_config.rs | 22 + .../src/config/command_line/tls_config.rs | 24 +- .../server/src/config/params/server_params.rs | 23 + crate/server/src/config/params/tls_params.rs | 132 ++-- crate/server/src/core/operations/decrypt.rs | 18 +- crate/server/src/core/operations/encrypt.rs | 15 +- crate/server/src/core/operations/message.rs | 18 + .../server/src/core/retrieve_object_utils.rs | 4 + crate/server/src/main.rs | 28 +- crate/server/src/routes/aws_xks/README.md | 9 + .../src/routes/aws_xks/aws_xks_config.rs | 43 ++ .../aws_xks/encrypt_decrypt/decrypt_.rs | 229 ++++++ .../aws_xks/encrypt_decrypt/encrypt_.rs | 300 ++++++++ .../src/routes/aws_xks/encrypt_decrypt/mod.rs | 63 ++ crate/server/src/routes/aws_xks/error.rs | 188 +++++ .../src/routes/aws_xks/health_status.rs | 137 ++++ .../server/src/routes/aws_xks/key_metadata.rs | 370 ++++++++++ crate/server/src/routes/aws_xks/mod.rs | 44 ++ .../src/routes/aws_xks/sigv4_middleware.rs | 318 ++++++++ crate/server/src/routes/mod.rs | 1 + crate/server/src/socket_server.rs | 63 +- crate/server/src/start_kms_server.rs | 47 +- crate/server/src/tests/test_utils.rs | 1 + crate/server/src/tests/ttlv_tests/config.rs | 5 +- crate/server/src/tls_config.rs | 31 +- crate/test_kms_server/src/lib.rs | 3 +- crate/test_kms_server/src/test_server.rs | 22 +- deny.toml | 3 + documentation/docs/aws/1_configure_key.png | Bin 0 -> 188305 bytes .../docs/aws/2_choose_external_key.png | Bin 0 -> 137480 bytes documentation/docs/aws/7_review.png | Bin 0 -> 110293 bytes documentation/docs/aws/xks.md | 64 ++ documentation/docs/aws/xksv2.drawio.svg | 694 ++++++++++++++++++ documentation/docs/drawings/xks_v2.drawio.svg | 4 - documentation/mkdocs.yml | 4 +- shell.nix | 19 + test_data | 2 +- 48 files changed, 3440 insertions(+), 220 deletions(-) create mode 100755 .github/scripts/test_xks.sh create mode 100644 crate/cli/src/tests/kms/aws_xks_tests.rs create mode 100644 crate/server/src/routes/aws_xks/README.md create mode 100644 crate/server/src/routes/aws_xks/aws_xks_config.rs create mode 100644 crate/server/src/routes/aws_xks/encrypt_decrypt/decrypt_.rs create mode 100644 crate/server/src/routes/aws_xks/encrypt_decrypt/encrypt_.rs create mode 100644 crate/server/src/routes/aws_xks/encrypt_decrypt/mod.rs create mode 100644 crate/server/src/routes/aws_xks/error.rs create mode 100644 crate/server/src/routes/aws_xks/health_status.rs create mode 100644 crate/server/src/routes/aws_xks/key_metadata.rs create mode 100644 crate/server/src/routes/aws_xks/mod.rs create mode 100644 crate/server/src/routes/aws_xks/sigv4_middleware.rs create mode 100644 documentation/docs/aws/1_configure_key.png create mode 100644 documentation/docs/aws/2_choose_external_key.png create mode 100644 documentation/docs/aws/7_review.png create mode 100644 documentation/docs/aws/xks.md create mode 100644 documentation/docs/aws/xksv2.drawio.svg delete mode 100644 documentation/docs/drawings/xks_v2.drawio.svg diff --git a/.cargo/audit.toml b/.cargo/audit.toml index 4437918d9a..cbfc687011 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -3,4 +3,9 @@ [advisories] # List of advisory IDs to ignore (extracted from deny.toml) -ignore = [] +ignore = [ + # NOTE: Must stay on scratchstack-aws-signature 0.10 for now (Feb 2026), + # which pulls ring 0.16.20. + "RUSTSEC-2025-0009", + "RUSTSEC-2025-0010", +] diff --git a/.github/reusable_scripts b/.github/reusable_scripts index 3a192d61ba..43e3bf1d31 160000 --- a/.github/reusable_scripts +++ b/.github/reusable_scripts @@ -1 +1 @@ -Subproject commit 3a192d61baf5dc9fbd3dd494a69c8c87d0fae4f1 +Subproject commit 43e3bf1d311274698b164c3ea49fc7928562acd7 diff --git a/.github/scripts/nix.sh b/.github/scripts/nix.sh index d06c40886a..24e28372cc 100755 --- a/.github/scripts/nix.sh +++ b/.github/scripts/nix.sh @@ -411,6 +411,9 @@ test_command() { all) SCRIPT="$REPO_ROOT/.github/scripts/test_all.sh" ;; + xks) + SCRIPT="$REPO_ROOT/.github/scripts/test_xks.sh" + ;; wasm) SCRIPT="$REPO_ROOT/.github/scripts/test_wasm.sh" ;; @@ -483,7 +486,7 @@ test_command() { ;; *) echo "Error: Unknown test type '$TEST_TYPE'" >&2 - echo "Valid types: sqlite, mysql, percona, mariadb, psql, redis, google_cse, pykmip, otel_export, hsm [softhsm2|utimaco|proteccio|all]" >&2 + echo "Valid types: xks, sqlite, mysql, percona, mariadb, psql, redis, google_cse, pykmip, otel_export, hsm [softhsm2|utimaco|proteccio|all]" >&2 usage ;; esac @@ -497,6 +500,12 @@ test_command() { export WITH_PYTHON=1 fi + # AWS XKS curl-based test client requires extra tooling inside nix-shell + if [ "$TEST_TYPE" = "xks" ]; then + export WITH_XKS=1 + export WITH_CURL=1 + fi + KEEP_VARS=" \ --keep REDIS_HOST --keep REDIS_PORT \ --keep MYSQL_HOST --keep MYSQL_PORT \ @@ -512,6 +521,7 @@ test_command() { --keep GOOGLE_SERVICE_ACCOUNT_PRIVATE_KEY \ --keep WITH_WGET \ --keep WITH_CURL \ + --keep WITH_XKS \ --keep WITH_DOCKER \ --keep WITH_HSM \ --keep WITH_PYTHON \ @@ -548,7 +558,7 @@ sbom_command() { args+=("$1" "$2") shift 2 ;; - -h|--help) + -h | --help) args+=("$1") shift ;; diff --git a/.github/scripts/test_xks.sh b/.github/scripts/test_xks.sh new file mode 100755 index 0000000000..efb9915831 --- /dev/null +++ b/.github/scripts/test_xks.sh @@ -0,0 +1,198 @@ +#!/usr/bin/env bash +set -euo pipefail +set -x + +SCRIPT_DIR=$(cd "$(dirname "$0")" && pwd) +REPO_ROOT=$(cd "${SCRIPT_DIR}/../.." && pwd) + +source "$SCRIPT_DIR/common.sh" + +init_build_env "$@" +setup_test_logging + +require_cmd cargo "Cargo is required to build and run tests. Install Rust (rustup) and retry." +require_cmd curl "curl is required for readiness checks and the XKS test client." +require_cmd jq "jq is required by the XKS test client." +require_cmd bash "bash 4.2+ is required by the XKS test client." + +KMS_HOST="127.0.0.1" +KMS_PORT="9998" +KMS_URL="https://${KMS_HOST}:${KMS_PORT}" +KMS_PID="" +LOG_PATH="${LOG_PATH:-/tmp/kms-xks.log}" + +wait_for_kms_listen() { + local url="${KMS_URL}/kmip/2_1" + echo "Waiting for KMS to accept HTTPS connections at ${url} ..." + + for _ in {1..240}; do + if [ -n "${KMS_PID}" ] && ! kill -0 "${KMS_PID}" 2>/dev/null; then + echo "KMS process exited early. Log tail:" >&2 + tail -n 200 "${LOG_PATH}" >&2 || true + return 1 + fi + + # Any HTTP response code means the server is up enough to accept requests. + if curl -k -sS --max-time 2 -o /dev/null -w "%{http_code}" \ + -X POST "${url}" -H "Content-Type: application/json" -d '{}' 2>/dev/null | + grep -Eq '^[0-9]{3}$'; then + return 0 + fi + + sleep 0.5 + done + + echo "Timed out waiting for KMS to accept HTTPS connections." >&2 + tail -n 200 "${LOG_PATH}" >&2 || true + return 1 +} + +cleanup() { + local status=$? + + if [ -n "${KMS_PID}" ]; then + if kill -0 "${KMS_PID}" 2>/dev/null; then + kill "${KMS_PID}" 2>/dev/null || true + wait "${KMS_PID}" 2>/dev/null || true + fi + fi + + return "$status" +} +trap cleanup EXIT + +echo "=========================================" +echo "Running AWS XKS tests" +echo "Variant: ${VARIANT_NAME} | Mode: ${BUILD_PROFILE}" +echo "=========================================" + +if [ "${VARIANT}" != "non-fips" ]; then + echo "Error: AWS XKS tests require --variant non-fips (they rely on curl SigV4 + non-FIPS build flags)." >&2 + exit 1 +fi + +# Build binaries once to avoid repeated compilation in the provisioning steps. +# shellcheck disable=SC2086 +cargo build -p cosmian_kms_server $RELEASE_FLAG ${FEATURES_FLAG[@]+"${FEATURES_FLAG[@]}"} --bin cosmian_kms + +KMS_BIN="${REPO_ROOT}/target/${BUILD_PROFILE}/cosmian_kms" + +rm -f "${LOG_PATH}" + +# Use a per-run temp sqlite directory so repeated runs are stable. +SQLITE_PATH="$(mktemp -d -t kms-xks-sqlite-XXXXXX)" + +# Compose a minimal config based on test_data/aws_xks/aws_xks.toml and add a DB section. +# This keeps the documented XKS config intact while making the test hermetic. +KMS_CONF_PATH="$(mktemp -t kms-xks-conf-XXXXXX.toml)" +cat "${REPO_ROOT}/test_data/aws_xks/aws_xks.toml" >"${KMS_CONF_PATH}" +cat >>"${KMS_CONF_PATH}" <"${LOG_PATH}" 2>&1 & +KMS_PID=$! + +wait_for_kms_listen + +echo "Provisioning XKS test keys and access grants..." +cd "${REPO_ROOT}/test_data/aws_xks/scripts" + +# Shell helpers from the vendored test client. +# - utils/config.sh provides URI prefix + SigV4 credentials and key IDs +# - utils/test_config.sh provides default REGION/SCHEME values +source ./utils/config.sh +source ./utils/test_config.sh + +# Keep the same principal ARN as the vendored curl-suite. +aws_principal_arn="arn:aws:iam::123456789012:user/Alice" + +xks_create_key() { + local key_id="$1" + local request_id + request_id="$(uuidgen 2>/dev/null | tr '[:upper:]' '[:lower:]' || date +%s)" + + local json_body + json_body="$( + cat <&2 + echo "${response}" >&2 + return 1 + fi +} + +revoke_op_for_alice() { + local key_id="$1" + local op="$2" + + # Access endpoints are admin-authenticated (default user) in this test config. + local response + response="$( + curl -k -sS \ + -H "Content-Type:application/json" \ + -X POST "${KMS_URL}/access/revoke" \ + --data-binary "$( + cat <&2 + echo "${response}" >&2 + return 1 + fi +} + +# Ensure the upstream curl-suite keys exist before running any DescribeKey/Encrypt calls. +xks_create_key "aws_xks_kek" +xks_create_key "encrypt_only_key" +xks_create_key "decrypt_only_key" + +# Enforce the expected usage restrictions. +revoke_op_for_alice "encrypt_only_key" "decrypt" +revoke_op_for_alice "decrypt_only_key" "encrypt" + +echo "Running vendored AWS XKS curl-based test client..." + +# Ensure the client runs with bash 4.2+ (macOS system bash is 3.2). +BASH="$(command -v bash)" +export BASH + +./test_all diff --git a/.github/workflows/test_all.yml b/.github/workflows/test_all.yml index 0fa5b26c76..a0eaa56dd7 100644 --- a/.github/workflows/test_all.yml +++ b/.github/workflows/test_all.yml @@ -30,6 +30,7 @@ jobs: - redis - pykmip - wasm + - xks features: [fips, non-fips] exclude: # redis is exclusively for non-fips @@ -38,6 +39,9 @@ jobs: # pykmip is exclusively for non-fips since P12 is used for TLS KMS server - type: pykmip features: fips + # xks relies on curl SigV4 + non-FIPS build flags + - type: xks + features: fips steps: - name: Nix installation diff --git a/CHANGELOG.md b/CHANGELOG.md index fe8ceffd3e..847ac9e623 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. +## [5.17.0] - 2026-XX-XX + +### 🚀 Features + +- Added support for AWS XKS (External Key Store) + ## [5.16.1] - 2026-02-15 ### 🐛 Bug Fixes diff --git a/Cargo.lock b/Cargo.lock index c0db53c5be..c72541ff4d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -47,6 +47,7 @@ dependencies = [ "bitflags", "bytes", "derive_more 2.1.1", + "derive_more 2.1.1", "futures-core", "http-range", "log", @@ -74,6 +75,7 @@ dependencies = [ "bytes", "bytestring", "derive_more 2.1.1", + "derive_more 2.1.1", "encoding_rs", "flate2", "foldhash 0.1.5", @@ -243,6 +245,7 @@ dependencies = [ "cfg-if", "cookie", "derive_more 2.1.1", + "derive_more 2.1.1", "encoding_rs", "foldhash 0.1.5", "futures-core", @@ -479,6 +482,7 @@ dependencies = [ "num-traits", "rusticata-macros", "thiserror 2.0.18", + "thiserror 2.0.18", "time", ] @@ -508,8 +512,10 @@ dependencies = [ [[package]] name = "assert_cmd" version = "2.1.2" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c5bcfa8749ac45dd12cb11055aeeb6b27a3895560d60d71e3c23bf979e60514" +checksum = "9c5bcfa8749ac45dd12cb11055aeeb6b27a3895560d60d71e3c23bf979e60514" dependencies = [ "anstyle", "bstr", @@ -599,6 +605,7 @@ dependencies = [ "serde", "sync_wrapper", "tower 0.5.3", + "tower 0.5.3", "tower-layer", "tower-service", ] @@ -665,8 +672,10 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "base64ct" version = "1.8.3" +version = "1.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" +checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" [[package]] name = "bitflags" @@ -736,8 +745,10 @@ dependencies = [ [[package]] name = "bumpalo" version = "3.19.1" +version = "3.19.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510" +checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510" [[package]] name = "byteorder" @@ -811,8 +822,10 @@ dependencies = [ [[package]] name = "chrono" version = "0.4.43" +version = "0.4.43" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118" +checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118" dependencies = [ "iana-time-zone", "js-sys", @@ -941,8 +954,10 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "const-oid" version = "0.10.2" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" +checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" [[package]] name = "const-random" @@ -959,6 +974,7 @@ version = "0.1.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f9d839f2a20b0aee515dc581a6172f2321f96cab76c1a38a4c584a194955390e" dependencies = [ + "getrandom 0.2.17", "getrandom 0.2.17", "once_cell", "tiny-keccak", @@ -1059,6 +1075,7 @@ dependencies = [ "ed25519-dalek", "gensym", "getrandom 0.2.17", + "getrandom 0.2.17", "leb128", "rand_chacha 0.3.1", "rand_core 0.6.4", @@ -1088,11 +1105,13 @@ checksum = "44b2705be438091a343f880385c80d46ecafda93f47c95801f7cf42a54a98588" dependencies = [ "actix-web", "derive_more 2.1.1", + "derive_more 2.1.1", "oauth2", "reqwest", "serde", "serde_json", "thiserror 2.0.18", + "thiserror 2.0.18", "tokio", "tracing", "url", @@ -1120,6 +1139,7 @@ dependencies = [ "strum", "strum_macros", "thiserror 2.0.18", + "thiserror 2.0.18", "time", "tracing", "uuid", @@ -1147,6 +1167,7 @@ dependencies = [ "pkcs11-sys", "rand 0.9.2", "thiserror 2.0.18", + "thiserror 2.0.18", "uuid", "zeroize", ] @@ -1180,6 +1201,7 @@ dependencies = [ "tempfile", "test_kms_server", "thiserror 2.0.18", + "thiserror 2.0.18", "time", "tokio", "url", @@ -1202,6 +1224,7 @@ dependencies = [ "serde", "serde_json", "thiserror 2.0.18", + "thiserror 2.0.18", "url", ] @@ -1220,6 +1243,7 @@ dependencies = [ "serde_json", "strum", "thiserror 2.0.18", + "thiserror 2.0.18", "time", "zeroize", ] @@ -1232,6 +1256,7 @@ dependencies = [ "console_error_panic_hook", "cosmian_kms_client_utils", "getrandom 0.2.17", + "getrandom 0.2.17", "js-sys", "pem", "serde", @@ -1267,6 +1292,7 @@ dependencies = [ "sha2", "tempfile", "thiserror 2.0.18", + "thiserror 2.0.18", "tokio", "uuid", "x509-parser", @@ -1283,6 +1309,7 @@ dependencies = [ "num-bigint-dig", "serde_json", "thiserror 2.0.18", + "thiserror 2.0.18", "zeroize", ] @@ -1313,6 +1340,7 @@ dependencies = [ "dotenvy", "futures", "hex", + "http 1.4.0", "jsonwebtoken", "native-tls", "num-bigint-dig", @@ -1323,6 +1351,7 @@ dependencies = [ "pem", "proteccio_pkcs11_loader", "reqwest", + "scratchstack-aws-signature", "serde", "serde_json", "sha2", @@ -1330,9 +1359,10 @@ dependencies = [ "softhsm2_pkcs11_loader", "strum", "thiserror 2.0.18", + "thiserror 2.0.18", "time", "tokio", - "toml", + "toml 0.9.11+spec-1.1.0", "tracing", "url", "utimaco_pkcs11_loader", @@ -1366,6 +1396,7 @@ dependencies = [ "strum", "tempfile", "thiserror 2.0.18", + "thiserror 2.0.18", "tokio", "tokio-postgres", "tokio-rusqlite", @@ -1376,8 +1407,10 @@ dependencies = [ [[package]] name = "cosmian_logger" version = "0.5.5" +version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff3434d2a64271c79bb0f0b6c05d4995dd88396165b8aba92291b91ee1deb7ca" +checksum = "ff3434d2a64271c79bb0f0b6c05d4995dd88396165b8aba92291b91ee1deb7ca" dependencies = [ "opentelemetry 0.29.1", "opentelemetry-otlp 0.29.0", @@ -1386,6 +1419,7 @@ dependencies = [ "opentelemetry_sdk 0.29.0", "syslog-tracing", "thiserror 2.0.18", + "thiserror 2.0.18", "tracing", "tracing-appender", "tracing-opentelemetry", @@ -1668,8 +1702,10 @@ dependencies = [ [[package]] name = "data-encoding" version = "2.10.0" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea" +checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea" [[package]] name = "deadpool" @@ -1692,6 +1728,7 @@ dependencies = [ "async-trait", "deadpool", "getrandom 0.2.17", + "getrandom 0.2.17", "tokio", "tokio-postgres", "tracing", @@ -1770,8 +1807,10 @@ dependencies = [ [[package]] name = "derive_more" version = "2.1.1" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d751e9e49156b02b44f9c1815bcb94b984cdcc4396ecc32521c739452808b134" +checksum = "d751e9e49156b02b44f9c1815bcb94b984cdcc4396ecc32521c739452808b134" dependencies = [ "derive_more-impl", ] @@ -1779,8 +1818,10 @@ dependencies = [ [[package]] name = "derive_more-impl" version = "2.1.1" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "799a97264921d8623a957f6c3b9011f3b5492f557bbb7a5a19b7fa6d06ba8dcb" +checksum = "799a97264921d8623a957f6c3b9011f3b5492f557bbb7a5a19b7fa6d06ba8dcb" dependencies = [ "convert_case 0.10.0", "proc-macro2", @@ -2143,13 +2184,16 @@ dependencies = [ [[package]] name = "getrandom" version = "0.2.17" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" dependencies = [ "cfg-if", "js-sys", "libc", "wasi 0.11.1+wasi-snapshot-preview1", + "wasi 0.11.1+wasi-snapshot-preview1", "wasm-bindgen", ] @@ -2218,6 +2262,7 @@ dependencies = [ "futures-util", "http 0.2.12", "indexmap 2.13.0", + "indexmap 2.13.0", "slab", "tokio", "tokio-util", @@ -2227,8 +2272,10 @@ dependencies = [ [[package]] name = "h2" version = "0.4.13" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" +checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" dependencies = [ "atomic-waker", "bytes", @@ -2237,6 +2284,7 @@ dependencies = [ "futures-sink", "http 1.4.0", "indexmap 2.13.0", + "indexmap 2.13.0", "slab", "tokio", "tokio-util", @@ -2427,6 +2475,7 @@ dependencies = [ "futures-channel", "futures-core", "h2 0.4.13", + "h2 0.4.13", "http 1.4.0", "http-body", "httparse", @@ -2582,8 +2631,10 @@ checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a" [[package]] name = "icu_properties" version = "2.1.2" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" +checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" dependencies = [ "icu_collections", "icu_locale_core", @@ -2596,8 +2647,10 @@ dependencies = [ [[package]] name = "icu_properties_data" version = "2.1.2" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" +checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" [[package]] name = "icu_provider" @@ -2666,8 +2719,10 @@ dependencies = [ [[package]] name = "indexmap" version = "2.13.0" +version = "2.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" dependencies = [ "equivalent", "hashbrown 0.16.1", @@ -2687,8 +2742,10 @@ dependencies = [ [[package]] name = "inout" version = "0.2.2" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7" +checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7" dependencies = [ "hybrid-array 0.4.7", ] @@ -2702,8 +2759,10 @@ checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130" [[package]] name = "iri-string" version = "0.7.10" +version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a" +checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a" dependencies = [ "memchr", "serde", @@ -2741,8 +2800,10 @@ dependencies = [ [[package]] name = "itoa" version = "1.0.17" +version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" +checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" [[package]] name = "jobserver" @@ -2757,8 +2818,10 @@ dependencies = [ [[package]] name = "js-sys" version = "0.3.85" +version = "0.3.85" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" +checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" dependencies = [ "once_cell", "wasm-bindgen", @@ -2772,6 +2835,7 @@ checksum = "0529410abe238729a60b108898784df8984c87f6054c9c4fcacc47e4803c1ce1" dependencies = [ "base64 0.22.1", "getrandom 0.2.17", + "getrandom 0.2.17", "js-sys", "pem", "serde", @@ -2820,6 +2884,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ee7893dab2e44ae5f9d0173f26ff4aa327c10b01b06a72b52dd9405b628640d" dependencies = [ "indexmap 2.13.0", + "indexmap 2.13.0", ] [[package]] @@ -2842,7 +2907,7 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ - "spin", + "spin 0.9.8", ] [[package]] @@ -2882,8 +2947,10 @@ checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" [[package]] name = "libredox" version = "0.1.12" +version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d0b95e02c851351f877147b7deea7b1afb1df71b63aa5f8270716e0c5720616" +checksum = "3d0b95e02c851351f877147b7deea7b1afb1df71b63aa5f8270716e0c5720616" dependencies = [ "bitflags", "libc", @@ -3055,6 +3122,7 @@ dependencies = [ "libc", "log", "wasi 0.11.1+wasi-snapshot-preview1", + "wasi 0.11.1+wasi-snapshot-preview1", "windows-sys 0.61.2", ] @@ -3087,6 +3155,7 @@ dependencies = [ "syn", "termcolor", "thiserror 2.0.18", + "thiserror 2.0.18", ] [[package]] @@ -3112,6 +3181,7 @@ dependencies = [ "serde_json", "socket2 0.5.10", "thiserror 2.0.18", + "thiserror 2.0.18", "tokio", "tokio-native-tls", "tokio-util", @@ -3143,6 +3213,7 @@ dependencies = [ "sha1", "sha2", "thiserror 2.0.18", + "thiserror 2.0.18", "uuid", ] @@ -3283,6 +3354,7 @@ dependencies = [ "base64 0.22.1", "chrono", "getrandom 0.2.17", + "getrandom 0.2.17", "http 1.4.0", "rand 0.8.5", "reqwest", @@ -3408,6 +3480,7 @@ dependencies = [ "js-sys", "pin-project-lite", "thiserror 2.0.18", + "thiserror 2.0.18", "tracing", ] @@ -3459,6 +3532,7 @@ dependencies = [ "prost", "reqwest", "thiserror 2.0.18", + "thiserror 2.0.18", "tokio", "tonic", "tracing", @@ -3542,6 +3616,7 @@ dependencies = [ "rand 0.9.2", "serde_json", "thiserror 2.0.18", + "thiserror 2.0.18", "tracing", ] @@ -3737,8 +3812,10 @@ dependencies = [ [[package]] name = "postgres-protocol" version = "0.6.10" +version = "0.6.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ee9dd5fe15055d2b6806f4736aa0c9637217074e224bbec46d4041b91bb9491" +checksum = "3ee9dd5fe15055d2b6806f4736aa0c9637217074e224bbec46d4041b91bb9491" dependencies = [ "base64 0.22.1", "byteorder", @@ -3755,8 +3832,10 @@ dependencies = [ [[package]] name = "postgres-types" version = "0.2.12" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "54b858f82211e84682fecd373f68e1ceae642d8d751a1ebd13f33de6257b3e20" +checksum = "54b858f82211e84682fecd373f68e1ceae642d8d751a1ebd13f33de6257b3e20" dependencies = [ "bytes", "fallible-iterator 0.2.0", @@ -3843,6 +3922,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "219cb19e96be00ab2e37d6e299658a0cfa83e52429179969b0f0121b4ac46983" dependencies = [ "toml_edit 0.23.10+spec-1.0.0", + "toml_edit 0.23.10+spec-1.0.0", ] [[package]] @@ -3870,8 +3950,10 @@ dependencies = [ [[package]] name = "proc-macro2" version = "1.0.106" +version = "1.0.106" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" dependencies = [ "unicode-ident", ] @@ -3919,8 +4001,10 @@ dependencies = [ [[package]] name = "quote" version = "1.0.44" +version = "1.0.44" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4" +checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4" dependencies = [ "proc-macro2", ] @@ -3950,6 +4034,7 @@ checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" dependencies = [ "rand_chacha 0.9.0", "rand_core 0.9.5", + "rand_core 0.9.5", ] [[package]] @@ -3970,6 +4055,7 @@ checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" dependencies = [ "ppv-lite86", "rand_core 0.9.5", + "rand_core 0.9.5", ] [[package]] @@ -3979,13 +4065,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ "getrandom 0.2.17", + "getrandom 0.2.17", ] [[package]] name = "rand_core" version = "0.9.5" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" +checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" dependencies = [ "getrandom 0.3.4", ] @@ -4069,8 +4158,10 @@ checksum = "a96887878f22d7bad8a3b6dc5b7440e0ada9a245242924394987b21cf2210a4c" [[package]] name = "reqwest" version = "0.12.28" +version = "0.12.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" +checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" dependencies = [ "base64 0.22.1", "bytes", @@ -4078,6 +4169,7 @@ dependencies = [ "futures-core", "futures-util", "h2 0.4.13", + "h2 0.4.13", "http 1.4.0", "http-body", "http-body-util", @@ -4098,6 +4190,7 @@ dependencies = [ "tokio", "tokio-native-tls", "tower 0.5.3", + "tower 0.5.3", "tower-http", "tower-service", "url", @@ -4116,6 +4209,21 @@ dependencies = [ "subtle", ] +[[package]] +name = "ring" +version = "0.16.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin 0.5.2", + "untrusted 0.7.1", + "web-sys", + "winapi", +] + [[package]] name = "ring" version = "0.17.14" @@ -4125,8 +4233,9 @@ dependencies = [ "cc", "cfg-if", "getrandom 0.2.17", + "getrandom 0.2.17", "libc", - "untrusted", + "untrusted 0.9.0", "windows-sys 0.52.0", ] @@ -4176,8 +4285,10 @@ dependencies = [ [[package]] name = "rustix" version = "1.1.3" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34" +checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34" dependencies = [ "bitflags", "errno", @@ -4189,8 +4300,10 @@ dependencies = [ [[package]] name = "rustls" version = "0.23.36" +version = "0.23.36" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" +checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" dependencies = [ "once_cell", "rustls-pki-types", @@ -4202,8 +4315,10 @@ dependencies = [ [[package]] name = "rustls-pki-types" version = "1.14.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" +checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" dependencies = [ "zeroize", ] @@ -4211,12 +4326,14 @@ dependencies = [ [[package]] name = "rustls-webpki" version = "0.103.9" +version = "0.103.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" +checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" dependencies = [ - "ring", + "ring 0.17.14", "rustls-pki-types", - "untrusted", + "untrusted 0.9.0", ] [[package]] @@ -4279,6 +4396,34 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "scratchstack-aws-principal" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9bc5a143f43c1be0f0ea1e3093ed0ba5981ca53594eab4dcfed3d83e59158b4" +dependencies = [ + "log", +] + +[[package]] +name = "scratchstack-aws-signature" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66ca7b4792cf02b7d4e2f4e68da7cdbdc8d841c21ec3780c527507fc947a5273" +dependencies = [ + "async-trait", + "chrono", + "hex", + "http 1.4.0", + "lazy_static", + "log", + "regex", + "ring 0.16.20", + "scratchstack-aws-principal", + "subtle", + "tower 0.4.13", +] + [[package]] name = "sdd" version = "3.0.10" @@ -4372,15 +4517,19 @@ dependencies = [ [[package]] name = "serde_json" version = "1.0.149" +version = "1.0.149" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" dependencies = [ + "indexmap 2.13.0", "indexmap 2.13.0", "itoa", "memchr", "serde", "serde_core", "zmij", + "zmij", ] [[package]] @@ -4403,6 +4552,15 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_spanned" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776" +dependencies = [ + "serde_core", +] + [[package]] name = "serde_urlencoded" version = "0.7.1" @@ -4418,9 +4576,13 @@ dependencies = [ [[package]] name = "serial_test" version = "3.3.1" +version = "3.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d0b343e184fc3b7bb44dff0705fffcf4b3756ba6aff420dddd8b24ca145e555" +checksum = "0d0b343e184fc3b7bb44dff0705fffcf4b3756ba6aff420dddd8b24ca145e555" dependencies = [ + "futures-executor", + "futures-util", "futures-executor", "futures-util", "log", @@ -4433,8 +4595,10 @@ dependencies = [ [[package]] name = "serial_test_derive" version = "3.3.1" +version = "3.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6f50427f258fb77356e4cd4aa0e87e2bd2c66dbcee41dc405282cae2bfc26c83" +checksum = "6f50427f258fb77356e4cd4aa0e87e2bd2c66dbcee41dc405282cae2bfc26c83" dependencies = [ "proc-macro2", "quote", @@ -4497,9 +4661,12 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signal-hook-registry" version = "1.4.8" +version = "1.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" dependencies = [ + "errno", "errno", "libc", ] @@ -4517,8 +4684,10 @@ dependencies = [ [[package]] name = "simd-adler32" version = "0.3.8" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e320a6c5ad31d271ad523dcf3ad13e2767ad8b1cb8f047f75a8aeaf8da139da2" +checksum = "e320a6c5ad31d271ad523dcf3ad13e2767ad8b1cb8f047f75a8aeaf8da139da2" [[package]] name = "simple_asn1" @@ -4529,6 +4698,7 @@ dependencies = [ "num-bigint", "num-traits", "thiserror 2.0.18", + "thiserror 2.0.18", "time", ] @@ -4588,6 +4758,12 @@ dependencies = [ "pkcs11-sys", ] +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + [[package]] name = "spin" version = "0.9.8" @@ -4772,10 +4948,13 @@ dependencies = [ [[package]] name = "thiserror" version = "2.0.18" +version = "2.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" dependencies = [ "thiserror-impl 2.0.18", + "thiserror-impl 2.0.18", ] [[package]] @@ -4792,8 +4971,10 @@ dependencies = [ [[package]] name = "thiserror-impl" version = "2.0.18" +version = "2.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" dependencies = [ "proc-macro2", "quote", @@ -4910,8 +5091,10 @@ dependencies = [ [[package]] name = "tokio" version = "1.49.0" +version = "1.49.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86" +checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86" dependencies = [ "bytes", "libc", @@ -4959,8 +5142,10 @@ dependencies = [ [[package]] name = "tokio-postgres" version = "0.7.16" +version = "0.7.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dcea47c8f71744367793f16c2db1f11cb859d28f436bdb4ca9193eb1f787ee42" +checksum = "dcea47c8f71744367793f16c2db1f11cb859d28f436bdb4ca9193eb1f787ee42" dependencies = [ "async-trait", "byteorder", @@ -5006,8 +5191,10 @@ dependencies = [ [[package]] name = "tokio-stream" version = "0.1.18" +version = "0.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70" +checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70" dependencies = [ "futures-core", "pin-project-lite", @@ -5017,8 +5204,10 @@ dependencies = [ [[package]] name = "tokio-util" version = "0.7.18" +version = "0.7.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" +checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" dependencies = [ "bytes", "futures-core", @@ -5034,11 +5223,26 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc1beb996b9d83529a9e75c17a1686767d148d70663143c7854d8b4a09ced362" dependencies = [ "serde", - "serde_spanned", + "serde_spanned 0.6.9", "toml_datetime 0.6.11", "toml_edit 0.22.27", ] +[[package]] +name = "toml" +version = "0.9.11+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3afc9a848309fe1aaffaed6e1546a7a14de1f935dc9d89d32afd9a44bab7c46" +dependencies = [ + "indexmap 2.13.0", + "serde_core", + "serde_spanned 1.0.4", + "toml_datetime 0.7.5+spec-1.1.0", + "toml_parser", + "toml_writer", + "winnow", +] + [[package]] name = "toml_datetime" version = "0.6.11" @@ -5051,8 +5255,10 @@ dependencies = [ [[package]] name = "toml_datetime" version = "0.7.5+spec-1.1.0" +version = "0.7.5+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347" +checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347" dependencies = [ "serde_core", ] @@ -5063,9 +5269,10 @@ version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ + "indexmap 2.13.0", "indexmap 2.13.0", "serde", - "serde_spanned", + "serde_spanned 0.6.9", "toml_datetime 0.6.11", "toml_write", "winnow", @@ -5074,9 +5281,13 @@ dependencies = [ [[package]] name = "toml_edit" version = "0.23.10+spec-1.0.0" +version = "0.23.10+spec-1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "84c8b9f757e028cee9fa244aea147aab2a9ec09d5325a9b01e0a49730c2b5269" +checksum = "84c8b9f757e028cee9fa244aea147aab2a9ec09d5325a9b01e0a49730c2b5269" dependencies = [ + "indexmap 2.13.0", + "toml_datetime 0.7.5+spec-1.1.0", "indexmap 2.13.0", "toml_datetime 0.7.5+spec-1.1.0", "toml_parser", @@ -5098,6 +5309,12 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801" +[[package]] +name = "toml_writer" +version = "1.0.6+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607" + [[package]] name = "tonic" version = "0.12.3" @@ -5110,6 +5327,7 @@ dependencies = [ "base64 0.22.1", "bytes", "h2 0.4.13", + "h2 0.4.13", "http 1.4.0", "http-body", "http-body-util", @@ -5151,8 +5369,10 @@ dependencies = [ [[package]] name = "tower" version = "0.5.3" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" dependencies = [ "futures-core", "futures-util", @@ -5166,8 +5386,10 @@ dependencies = [ [[package]] name = "tower-http" version = "0.6.8" +version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" +checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" dependencies = [ "bitflags", "bytes", @@ -5177,6 +5399,7 @@ dependencies = [ "iri-string", "pin-project-lite", "tower 0.5.3", + "tower 0.5.3", "tower-layer", "tower-service", ] @@ -5196,8 +5419,10 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tracing" version = "0.1.44" +version = "0.1.44" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" dependencies = [ "log", "pin-project-lite", @@ -5213,6 +5438,7 @@ checksum = "786d480bce6247ab75f005b14ae1624ad978d3029d9113f0a22fa1ac773faeaf" dependencies = [ "crossbeam-channel", "thiserror 2.0.18", + "thiserror 2.0.18", "time", "tracing-subscriber", ] @@ -5231,8 +5457,10 @@ dependencies = [ [[package]] name = "tracing-core" version = "0.1.36" +version = "0.1.36" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" dependencies = [ "once_cell", "valuable", @@ -5304,8 +5532,10 @@ checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" [[package]] name = "unicase" version = "2.9.0" +version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dbc4bc3a9f746d862c45cb89d705aa10f187bb96c76001afab07a0d35ce60142" +checksum = "dbc4bc3a9f746d862c45cb89d705aa10f187bb96c76001afab07a0d35ce60142" [[package]] name = "unicode-bidi" @@ -5356,6 +5586,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + [[package]] name = "untrusted" version = "0.9.0" @@ -5365,14 +5601,17 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" version = "2.5.8" +version = "2.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" dependencies = [ "form_urlencoded", "idna", "percent-encoding", "serde", "serde_derive", + "serde_derive", ] [[package]] @@ -5395,6 +5634,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b913a3b5fe84142e269d63cc62b64319ccaf89b748fc31fe025177f767a756c4" dependencies = [ "getrandom 0.2.17", + "getrandom 0.2.17", ] [[package]] @@ -5464,9 +5704,19 @@ dependencies = [ "wasip2", ] +[[package]] +name = "wasi" +version = "0.14.7+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c" +dependencies = [ + "wasip2", +] + [[package]] name = "wasip2" version = "1.0.2+wasi-0.2.9" +version = "1.0.2+wasi-0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" dependencies = [ @@ -5485,17 +5735,24 @@ dependencies = [ [[package]] name = "wasite" version = "1.0.2" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "66fe902b4a6b8028a753d5424909b764ccf79b7a209eac9bf97e59cda9f71a42" dependencies = [ "wasi 0.14.7+wasi-0.2.4", ] +checksum = "66fe902b4a6b8028a753d5424909b764ccf79b7a209eac9bf97e59cda9f71a42" +dependencies = [ + "wasi 0.14.7+wasi-0.2.4", +] [[package]] name = "wasm-bindgen" version = "0.2.108" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" +checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" dependencies = [ "cfg-if", "once_cell", @@ -5507,11 +5764,14 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" version = "0.4.58" +version = "0.4.58" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "70a6e77fd0ae8029c9ea0063f87c46fde723e7d887703d74ad2616d792e51e6f" +checksum = "70a6e77fd0ae8029c9ea0063f87c46fde723e7d887703d74ad2616d792e51e6f" dependencies = [ "cfg-if", "futures-util", + "futures-util", "js-sys", "once_cell", "wasm-bindgen", @@ -5521,8 +5781,10 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" version = "0.2.108" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" +checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -5531,8 +5793,10 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" version = "0.2.108" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" +checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" dependencies = [ "bumpalo", "proc-macro2", @@ -5544,8 +5808,10 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" version = "0.2.108" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" +checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" dependencies = [ "unicode-ident", ] @@ -5553,8 +5819,10 @@ dependencies = [ [[package]] name = "wasm-bindgen-test" version = "0.3.58" +version = "0.3.58" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45649196a53b0b7a15101d845d44d2dda7374fc1b5b5e2bbf58b7577ff4b346d" +checksum = "45649196a53b0b7a15101d845d44d2dda7374fc1b5b5e2bbf58b7577ff4b346d" dependencies = [ "async-trait", "cast", @@ -5570,13 +5838,16 @@ dependencies = [ "wasm-bindgen-futures", "wasm-bindgen-test-macro", "wasm-bindgen-test-shared", + "wasm-bindgen-test-shared", ] [[package]] name = "wasm-bindgen-test-macro" version = "0.3.58" +version = "0.3.58" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f579cdd0123ac74b94e1a4a72bd963cf30ebac343f2df347da0b8df24cdebed2" +checksum = "f579cdd0123ac74b94e1a4a72bd963cf30ebac343f2df347da0b8df24cdebed2" dependencies = [ "proc-macro2", "quote", @@ -5626,8 +5897,10 @@ dependencies = [ [[package]] name = "web-sys" version = "0.3.85" +version = "0.3.85" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "312e32e551d92129218ea9a2452120f4aabc03529ef03e4d0d82fb2780608598" +checksum = "312e32e551d92129218ea9a2452120f4aabc03529ef03e4d0d82fb2780608598" dependencies = [ "js-sys", "wasm-bindgen", @@ -5656,6 +5929,22 @@ dependencies = [ "web-sys", ] +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + [[package]] name = "winapi-util" version = "0.1.11" @@ -5665,6 +5954,12 @@ dependencies = [ "windows-sys 0.61.2", ] +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + [[package]] name = "windows-core" version = "0.62.2" @@ -5903,6 +6198,7 @@ dependencies = [ [[package]] name = "wit-bindgen" version = "0.51.0" +version = "0.51.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" dependencies = [ @@ -6018,9 +6314,10 @@ dependencies = [ "lazy_static", "nom", "oid-registry", - "ring", + "ring 0.17.14", "rusticata-macros", "thiserror 2.0.18", + "thiserror 2.0.18", "time", ] @@ -6111,8 +6408,10 @@ dependencies = [ [[package]] name = "zeroize_derive" version = "1.4.3" +version = "1.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index d9085c2cfe..829d4f3f3b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,8 @@ [workspace] default-members = ["crate/server"] members = [ + # Common crates + "crate/kmip", # Client crates "crate/client_utils", "crate/kms_client", @@ -16,7 +18,6 @@ members = [ "crate/hsm/utimaco", "crate/hsm/base_hsm", "crate/interfaces", - "crate/kmip", "crate/server", "crate/server_database", # Test crates @@ -102,13 +103,13 @@ categories = ["security"] [profile.release] # Deterministic build configuration for reproducible binaries # These settings ensure the same source produces identical binaries across builds -lto = "fat" # Fat LTO: maximum cross-crate optimization for smallest binaries -strip = "symbols" # Strip symbol tables for smaller binaries -opt-level = "z" # Optimize for size while maintaining performance -codegen-units = 1 # Single codegen unit: best optimization and determinism -panic = "abort" # Smaller binaries, no unwinding tables -incremental = false # Disable incremental compilation for determinism -debug = 0 # No debug info (timestamps/paths) +lto = "fat" # Fat LTO: maximum cross-crate optimization for smallest binaries +strip = "symbols" # Strip symbol tables for smaller binaries +opt-level = "z" # Optimize for size while maintaining performance +codegen-units = 1 # Single codegen unit: best optimization and determinism +panic = "abort" # Smaller binaries, no unwinding tables +incremental = false # Disable incremental compilation for determinism +debug = 0 # No debug info (timestamps/paths) [profile.dev] strip = "debuginfo" @@ -124,9 +125,17 @@ incremental = false opt-level = 0 [workspace.dependencies] +actix-cors = "0.6" +actix-files = "0.6.10" +actix-http = "3.10" +actix-identity = "0.6" actix-rt = "2.10" +actix-session = { version = "0.8" } actix-server = { version = "2.5", default-features = false } -actix-web = { version = "4.10", default-features = false } +actix-tls = "3.4" +actix-web = { version = "4.12", default-features = false } +alcoholic_jwt = "4091" +async-recursion = "1.1" async-trait = "0.1" base64 = "0.22" bitflags = "2.9" @@ -138,8 +147,11 @@ cosmian_crypto_core = { version = "11.0", default-features = false, features = [ ] } cosmian_logger = "0.5" der = { version = "0.7", default-features = false } +dotenvy = "0.15" futures = "0.3" hex = { version = "0.4", default-features = false } +http = "1.4" +jsonwebtoken = "10.3" lazy_static = "1.5" leb128 = "0.2" libloading = "0.8" @@ -157,6 +169,7 @@ pem = "3.0" pkcs11-sys = "0.2" rand = "0.9" reqwest = { version = "0.12", default-features = false } +scratchstack-aws-signature = "=0.10" # Must stay 0.10 for now (Feb 2026) serde = "1.0" serde_json = "1.0" sha2 = { version = "0.10", default-features = false } @@ -168,6 +181,7 @@ time = "0.3" tiny-keccak = "2.0" tempfile = "3.19" tokio = { version = "1.44", default-features = false } +toml = "0.9" tracing = "0.1" url = "2.5" uuid = "=1.11.1" diff --git a/crate/cli/src/actions/kms/access.rs b/crate/cli/src/actions/kms/access.rs index 2574416378..2f48210b58 100644 --- a/crate/cli/src/actions/kms/access.rs +++ b/crate/cli/src/actions/kms/access.rs @@ -70,7 +70,7 @@ pub struct GrantAccess { #[clap(long, short = 'i')] pub object_uid: Option, - /// The operations to grant (`create`, `get`, `encrypt`, `decrypt`, `import`, `revoke`, `locate`, `rekey`, `destroy`) + /// The operations to grant (`create`, `get`, `encrypt`, `decrypt`, `import`, `revoke`, `locate`, `rekey`, `destroy`, `get_attributes`) #[clap(required = true)] pub operations: Vec, } diff --git a/crate/cli/src/tests/kms/aws_xks_tests.rs b/crate/cli/src/tests/kms/aws_xks_tests.rs new file mode 100644 index 0000000000..f86d300db1 --- /dev/null +++ b/crate/cli/src/tests/kms/aws_xks_tests.rs @@ -0,0 +1,106 @@ +use crate::{ + actions::kms::{access::GrantAccess, shared::ImportSecretDataOrKeyAction}, + error::result::KmsCliResult, +}; +use cosmian_aws_structs::health_status::{self, GetHealthStatusResponse}; +use cosmian_kmip::kmip_2_1::KmipOperation; +use cosmian_kms_client::reexport::cosmian_kms_client_utils::import_utils::ImportKeyFormat; +use cosmian_logger::{info, log_init}; +use std::{fs, path::PathBuf}; +use tempfile::TempDir; +use test_kms_server::{ + MainDBConfig, + reexport::cosmian_kms_server::{ + config::{ClapConfig, SocketServerConfig, TlsConfig}, + routes::aws_xks::AwsXksConfig, + }, + start_test_kms_server_with_config, +}; + +const KEK_USER: &str = "KEK_USER"; +const ACCESS_KEY_ID: &str = "AKIAIOSFODNN7EXAMPLE"; +const ACCESS_KEY: &str = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"; + +#[tokio::test] +pub(super) async fn test_aws_xks() -> KmsCliResult<()> { + log_init(Some( + "info,cosmian_kms_server=debug,cosmian_kms_server_database=info", + )); + + // plaintext no auth + info!("==> Testing AWS XKS"); + let ctx = start_test_kms_server_with_config(ClapConfig { + socket_server: SocketServerConfig { + socket_server_start: true, + ..Default::default() + }, + tls: TlsConfig { + tls_p12_file: Some(PathBuf::from( + "../../test_data/certificates/client_server/server/kmserver.acme.com.p12", + )), + tls_p12_password: Some("password".to_owned()), + clients_ca_cert_file: Some(PathBuf::from( + "../../test_data/certificates/client_server/ca/ca.crt", + )), + tls_cipher_suites: None, + }, + db: MainDBConfig { + database_type: Some("sqlite".to_owned()), + ..Default::default() + }, + kms_public_url: None, + aws_xks_config: AwsXksConfig { + aws_xks_enable: true, + aws_xks_region: Some("us-east-1".to_owned()), + aws_xks_service: Some("xks-kms".to_owned()), + aws_xks_sigv4_access_key_id: Some(ACCESS_KEY_ID.to_owned()), + aws_xks_sigv4_secret_access_key: Some(ACCESS_KEY.to_owned()), + aws_xks_kek_user: Some(KEK_USER.to_owned()), + }, + ..Default::default() + }) + .await; + + // Create a temporary file to hold the access key + let tmp_dir = TempDir::new()?; + let tmp_path = tmp_dir.path(); + let tmp_file = tmp_path.join("access_key.key"); + fs::write(&tmp_file, ACCESS_KEY.as_bytes())?; + + // Import the AWS Key + ImportSecretDataOrKeyAction { + key_file: tmp_file, + key_id: Some(ACCESS_KEY_ID.to_owned()), + key_format: ImportKeyFormat::Aes, + replace_existing: true, + ..Default::default() + } + .run(ctx.get_owner_client()) + .await?; + + GrantAccess { + object_uid: Some(ACCESS_KEY_ID.to_owned()), + user: KEK_USER.to_owned(), + operations: vec![KmipOperation::Get], + } + .run(ctx.get_owner_client()) + .await?; + + let health_status_req = health_status::GetHealthStatusRequest { + requestMetadata: health_status::RequestMetadata { + kmsRequestId: "123e4567-e89b-12d3-a456-426614174000".to_owned(), + kmsOperation: "KmsHealthCheck".to_owned(), + }, + }; + + let health_status_response: GetHealthStatusResponse = ctx + .get_owner_client() + .post_no_ttlv("/aws/kms/xks/v1/health", Some(&health_status_req)) + .await?; + info!( + "AWS XKS GetHealthStatus response: fleet size {} model {}", + health_status_response.xksProxyFleetSize, health_status_response.xksProxyModel + ); + + Ok(()) +} diff --git a/crate/server/Cargo.toml b/crate/server/Cargo.toml index 00530814af..a55d9a040b 100644 --- a/crate/server/Cargo.toml +++ b/crate/server/Cargo.toml @@ -50,15 +50,15 @@ non-fips = [ interop = ["cosmian_kms_server_database/interop"] [dependencies] -actix-cors = "0.6" -actix-files = "0.6.10" -actix-identity = "0.6" +actix-cors = { workspace = true } +actix-files = { workspace = true } +actix-identity = { workspace = true } actix-rt = { workspace = true } -actix-session = { version = "0.8", features = ["cookie-session"] } -actix-tls = "3.4" +actix-session = { workspace = true, features = ["cookie-session"] } +actix-tls = { workspace = true } actix-web = { workspace = true, features = ["macros", "openssl"] } -alcoholic_jwt = "4091" -async-recursion = "1.1" +alcoholic_jwt = { workspace = true } +async-recursion = { workspace = true } base64 = { workspace = true } chrono = { workspace = true } clap = { workspace = true, features = [ @@ -75,10 +75,11 @@ cosmian_kms_base_hsm = { path = "../hsm/base_hsm", version = "5.16.1" } cosmian_kms_server_database = { path = "../server_database", version = "5.16.1" } cosmian_logger = { workspace = true, features = ["full"] } crypt2pay_pkcs11_loader = { path = "../hsm/crypt2pay", version = "5.16.1" } -dotenvy = "0.15" +dotenvy = {workspace = true } futures = { workspace = true } hex = { workspace = true, features = ["serde"] } -jsonwebtoken = "10.3" +http = { workspace = true } +jsonwebtoken = { workspace = true } num-bigint-dig = { workspace = true, features = [ "std", "rand", @@ -97,6 +98,7 @@ reqwest = { workspace = true, features = [ "native-tls", "socks", ] } +scratchstack-aws-signature = { workspace = true } serde = { workspace = true } serde_json = { workspace = true } softhsm2_pkcs11_loader = { path = "../hsm/softhsm2", version = "5.16.1" } @@ -105,7 +107,7 @@ strum = { workspace = true, features = ["std", "derive", "strum_macros"] } thiserror = { workspace = true } time = { workspace = true, features = ["local-offset", "formatting"] } tokio = { workspace = true, features = ["full"] } -toml = "0.8" +toml = { workspace = true } tracing = { workspace = true } url = { workspace = true } utimaco_pkcs11_loader = { path = "../hsm/utimaco", version = "5.16.1" } @@ -114,14 +116,14 @@ x509-parser = { workspace = true } zeroize = { workspace = true } [dev-dependencies] -actix-http = "3.10" +actix-http = { workspace = true } cosmian_kms_client_utils = { path = "../client_utils", version = "5.16.1" } cosmian_kms_interfaces = { path = "../interfaces", version = "5.16.1" } native-tls = { workspace = true } pem = { workspace = true } [build-dependencies] -actix-http = "3.10" +actix-http = { workspace = true } time = { workspace = true, features = ["local-offset", "formatting"] } sha2 = { workspace = true } diff --git a/crate/server/src/config/command_line/clap_config.rs b/crate/server/src/config/command_line/clap_config.rs index 5da8a37052..59d3744f72 100644 --- a/crate/server/src/config/command_line/clap_config.rs +++ b/crate/server/src/config/command_line/clap_config.rs @@ -14,6 +14,7 @@ use crate::{ config::{ProxyConfig, SocketServerConfig, TlsConfig}, error::KmsError, result::KResult, + routes::aws_xks::AwsXksConfig, }; #[cfg(not(target_os = "windows"))] @@ -59,6 +60,7 @@ impl Default for ClapConfig { default_unwrap_type: None, non_revocable_key_id: None, privileged_users: None, + aws_xks_config: AwsXksConfig::default(), kmip_policy: KmipPolicyConfig::default(), } } @@ -164,6 +166,9 @@ pub struct ClapConfig { #[clap(long, verbatim_doc_comment)] pub privileged_users: Option>, + #[clap(flatten)] + pub aws_xks_config: AwsXksConfig, + /// KMIP algorithm policy. /// /// This policy is configured via parameter-specific allowlists under `[kmip.allowlists]`. @@ -362,6 +367,23 @@ impl fmt::Debug for ClapConfig { let x = x.field("default unwrap type", &self.default_unwrap_type); let x = x.field("non_revocable_key_id", &self.non_revocable_key_id); let x = x.field("privileged_users", &self.privileged_users); + + let x = x.field("aws_xks_config", &self.aws_xks_config); + let x = if self.aws_xks_config.aws_xks_enable { + x.field("aws_xks_enable", &self.aws_xks_config.aws_xks_enable) + .field("aws_xks_region", &self.aws_xks_config.aws_xks_region) + .field("aws_xks_service", &self.aws_xks_config.aws_xks_service) + .field( + "aws_xks_sigv4_access_key_id", + &self.aws_xks_config.aws_xks_sigv4_access_key_id, + ) + .field( + "aws_xks_sigv4_secret_access_key", + &self.aws_xks_config.aws_xks_sigv4_secret_access_key, + ) + } else { + x.field("aws_xks_enable", &self.aws_xks_config.aws_xks_enable) + }; let x = x.field("kmip", &self.kmip_policy); x.finish() diff --git a/crate/server/src/config/command_line/tls_config.rs b/crate/server/src/config/command_line/tls_config.rs index 58a40567d0..4c5bfa8566 100644 --- a/crate/server/src/config/command_line/tls_config.rs +++ b/crate/server/src/config/command_line/tls_config.rs @@ -7,11 +7,16 @@ use serde::{Deserialize, Serialize}; #[serde(default)] #[derive(Default)] pub struct TlsConfig { - /// The KMS server optional PKCS#12 Certificates and Key file. - /// Mandatory when starting the socket server. + /// The KMS server optional PKCS#12 Certificates and Key file as an alternative + /// to providing the key, certificate and chain in PEM format. /// When provided, the Socket and HTTP server will start in TLS Mode. #[cfg(feature = "non-fips")] - #[clap(long, env = "KMS_TLS_P12_FILE", verbatim_doc_comment)] + #[clap( + long, + env = "KMS_TLS_P12_FILE", + requires = "tls_p12_password", + verbatim_doc_comment + )] pub tls_p12_file: Option, /// The password to open the PKCS#12 Certificates and Key file @@ -20,22 +25,22 @@ pub struct TlsConfig { pub tls_p12_password: Option, /// The server's X.509 certificate in PEM format. - /// Only used in FIPS mode (default build). Provide a PEM containing the server leaf certificate, + /// Provide a PEM containing the server leaf certificate, /// optionally followed by intermediate certificates (full chain). When provided along with /// `--tls-key-file`, the servers will start in TLS mode. - #[cfg(not(feature = "non-fips"))] + /// Do not use in combination with `--tls-p12-file`. #[clap(long, env = "KMS_TLS_CERT_FILE", verbatim_doc_comment)] pub tls_cert_file: Option, /// The server's private key in PEM format (PKCS#8 or traditional format). - /// Only used in FIPS mode (default build). Must correspond to the certificate in `--tls-cert-file`. - #[cfg(not(feature = "non-fips"))] + /// Must correspond to the certificate in `--tls-cert-file`. + /// Do not use in combination with `--tls-p12-file`. #[clap(long, env = "KMS_TLS_KEY_FILE", verbatim_doc_comment)] pub tls_key_file: Option, /// Optional certificate chain in PEM format (intermediate CAs). - /// Only used in FIPS mode. If not provided, the chain may be appended to `--tls-cert-file` instead. - #[cfg(not(feature = "non-fips"))] + /// If not provided, the chain may be appended to `--tls-cert-file` instead. + /// Do not use in combination with `--tls-p12-file`. #[clap(long, env = "KMS_TLS_CHAIN_FILE", verbatim_doc_comment)] pub tls_chain_file: Option, @@ -83,7 +88,6 @@ impl Display for TlsConfig { ); } } - #[cfg(not(feature = "non-fips"))] { if self.tls_cert_file.is_some() && self.tls_key_file.is_some() { return write!( diff --git a/crate/server/src/config/params/server_params.rs b/crate/server/src/config/params/server_params.rs index 06af533b95..ea5ad2ec48 100644 --- a/crate/server/src/config/params/server_params.rs +++ b/crate/server/src/config/params/server_params.rs @@ -16,6 +16,7 @@ use crate::{ }, error::KmsError, result::{KResult, KResultHelper}, + routes::aws_xks::AwsXksParams, }; /// This structure is the context used by the server @@ -125,6 +126,9 @@ pub struct ServerParams { /// If None, all users can create and grant create access rights. pub privileged_users: Option>, + /// AWS XKS parameters, if any + pub aws_xks_params: Option, + /// KMIP algorithm policy. pub kmip_policy: KmipPolicyParams, } @@ -321,6 +325,11 @@ impl ServerParams { ui_session_salt: conf.ui_config.ui_session_salt, proxy_params: ProxyParams::try_from(&conf.proxy) .context("failed to create ProxyParams")?, + aws_xks_params: if conf.aws_xks_config.aws_xks_enable { + Some(conf.aws_xks_config.try_into()?) + } else { + None + }, kmip_policy: KmipPolicyParams { policy_id: kmip_policy_id, allowlists: KmipAllowlistsParams { @@ -337,6 +346,7 @@ impl ServerParams { }, }, }; + debug!("{res:#?}"); Ok(res) @@ -444,6 +454,19 @@ impl fmt::Debug for ServerParams { debug_struct.field("google_cse_enable", &self.google_cse.google_cse_enable); } + if let Some(aws_xks_params) = &self.aws_xks_params { + debug_struct + .field("aws_xks_params", &"configured") + .field("aws_xks_region", &aws_xks_params.region) + .field("aws_xks_service", &aws_xks_params.service) + .field( + "aws_xks_sigv4_access_key_id", + &aws_xks_params.sigv4_access_key_id, + ); + } else { + debug_struct.field("aws_xks_params", &"not configured"); + } + if self.hsm_model.is_some() { debug_struct .field("hsm_admin", &self.hsm_admin) diff --git a/crate/server/src/config/params/tls_params.rs b/crate/server/src/config/params/tls_params.rs index 5f23ae5186..605e9297a5 100644 --- a/crate/server/src/config/params/tls_params.rs +++ b/crate/server/src/config/params/tls_params.rs @@ -15,18 +15,16 @@ use crate::{ }; /// The TLS parameters of the API server +#[derive(Default)] pub struct TlsParams { /// The TLS private key and certificate of the HTTP server and Socket server (PKCS#12) #[cfg(feature = "non-fips")] - pub p12: ParsedPkcs12_2, + pub p12: Option, /// The server certificate in PEM (may include chain) - FIPS mode - #[cfg(not(feature = "non-fips"))] pub server_cert_pem: Vec, /// The server private key in PEM - FIPS mode - #[cfg(not(feature = "non-fips"))] pub server_key_pem: Vec, /// Optional separate chain PEM (intermediate CAs) - FIPS mode - #[cfg(not(feature = "non-fips"))] pub server_chain_pem: Option>, /// The certificate used to verify the client TLS certificates /// used for authentication in PEM format @@ -52,15 +50,31 @@ impl TlsParams { /// This function can return an error if there is an issue reading the PKCS#12 file or parsing it. pub fn try_from(config: &TlsConfig) -> KResult> { debug!("tls_config: {config:#?}"); + let clients_ca_cert_pem = + if let Some(authority_cert_file) = config.clients_ca_cert_file.as_ref() { + Some(std::fs::read(authority_cert_file).context(&format!( + "TLS configuration. Failed opening authority cert file at {:?}", + authority_cert_file.display() + ))?) + } else { + None + }; + let cipher_suites = config.tls_cipher_suites.clone(); + #[cfg(feature = "non-fips")] - let p12 = if let (Some(p12_file), Some(p12_password)) = + if let (Some(p12_file), Some(p12_password)) = (&config.tls_p12_file, &config.tls_p12_password) { - open_p12(p12_file, p12_password)? - } else { - return Ok(None); - }; - #[cfg(not(feature = "non-fips"))] + let p12 = open_p12(p12_file, p12_password)?; + return Ok(Some(Self { + p12: Some(p12), + clients_ca_cert_pem, + cipher_suites, + ..Default::default() + })); + } + + // This can be used both in FIPS and non-FIPS mode let (server_cert_pem, server_key_pem, server_chain_pem) = if let (Some(cert), Some(key)) = (&config.tls_cert_file, &config.tls_key_file) { ( @@ -77,39 +91,16 @@ impl TlsParams { } else { return Ok(None); }; - debug!( - "Client Authority cert file: {:?}", - config.clients_ca_cert_file - ); - let clients_ca_cert_pem = - if let Some(authority_cert_file) = config.clients_ca_cert_file.as_ref() { - Some(std::fs::read(authority_cert_file).context(&format!( - "TLS configuration. Failed opening authority cert file at {:?}", - authority_cert_file.display() - ))?) - } else { - None - }; - let cipher_suites = config.tls_cipher_suites.clone(); - #[cfg(feature = "non-fips")] - { - Ok(Some(Self { - p12, - clients_ca_cert_pem, - cipher_suites, - })) - } - #[cfg(not(feature = "non-fips"))] - { - Ok(Some(Self { - server_cert_pem, - server_key_pem, - server_chain_pem, - clients_ca_cert_pem, - cipher_suites, - })) - } + Ok(Some(Self { + server_cert_pem, + server_key_pem, + server_chain_pem, + clients_ca_cert_pem, + cipher_suites, + #[cfg(feature = "non-fips")] + p12: None, + })) } } @@ -144,35 +135,38 @@ impl fmt::Debug for TlsParams { |cipher_string| format!("Custom cipher string: {cipher_string}"), ); - #[cfg(feature = "non-fips")] - { - f.debug_struct("TlsParams") - .field( - "p12", - &self.p12.cert.as_ref().map_or_else( - || "[N/A]".to_owned(), - |cert| format!("{:?}", cert.subject_name()), - ), - ) - .field("authority_cert_file: ", &ca_cert) - .field("cipher_suites: ", &cipher_suites) - .finish() - } #[cfg(not(feature = "non-fips"))] + let mut ds = f.debug_struct("TlsParams"); + + #[cfg(feature = "non-fips")] + let mut ds = &mut f.debug_struct("TlsParams"); + + #[cfg(feature = "non-fips")] { - f.debug_struct("TlsParams") - .field("server_cert_pem", &"[PEM provided]") - .field("server_key_pem", &"[PEM provided]") - .field( - "server_chain_pem", - &self - .server_chain_pem - .as_ref() - .map_or("[N/A]", |_| "[PEM provided]"), - ) - .field("authority_cert_file: ", &ca_cert) - .field("cipher_suites: ", &cipher_suites) - .finish() + ds = ds.field( + "p12", + &self.p12.as_ref().map_or_else( + || "[N/A]".to_owned(), + |p12| { + p12.cert.as_ref().map_or_else( + || "[N/A]".to_owned(), + |cert| format!("{:?}", cert.subject_name()), + ) + }, + ), + ); } + ds.field("server_cert_pem", &"[PEM provided]") + .field("server_key_pem", &"[PEM provided]") + .field( + "server_chain_pem", + &self + .server_chain_pem + .as_ref() + .map_or("[N/A]", |_| "[PEM provided]"), + ) + .field("authority_cert_file: ", &ca_cert) + .field("cipher_suites: ", &cipher_suites) + .finish() } } diff --git a/crate/server/src/core/operations/decrypt.rs b/crate/server/src/core/operations/decrypt.rs index 5a445493cc..911f9c1e90 100644 --- a/crate/server/src/core/operations/decrypt.rs +++ b/crate/server/src/core/operations/decrypt.rs @@ -84,6 +84,7 @@ pub(crate) async fn decrypt(kms: &KMS, request: Decrypt, user: &str) -> KResult< // for each uid. This is also based on the high probability that there is still a single object // in the candidates' list. let mut selected_owm = None; + let mut found_but_no_permission = false; for uid in uids { if let Some(prefix) = has_prefix(&uid) { if !kms.database.is_object_owned_by(&uid, user).await? { @@ -106,10 +107,7 @@ pub(crate) async fn decrypt(kms: &KMS, request: Decrypt, user: &str) -> KResult< // Default database let owm = kms.database.retrieve_object(&uid).await?.ok_or_else(|| { debug!("failed to retrieve the key: {uid}"); - KmsError::Kmip21Error( - ErrorReason::Item_Not_Found, - format!("Decrypt: failed to retrieve the key: {uid}"), - ) + KmsError::ItemNotFound(format!("Decrypt: failed to retrieve the key: {uid}")) })?; // Check effective state (PreActive with past activation_date counts as Active) if get_effective_state(&owm)? != State::Active { @@ -137,6 +135,7 @@ pub(crate) async fn decrypt(kms: &KMS, request: Decrypt, user: &str) -> KResult< .any(|p| [KmipOperation::Decrypt, KmipOperation::Get].contains(p)) { debug!("{user} is not authorized to decrypt using: {uid}"); + found_but_no_permission = true; continue; } } @@ -161,10 +160,13 @@ pub(crate) async fn decrypt(kms: &KMS, request: Decrypt, user: &str) -> KResult< } } let mut owm = selected_owm.ok_or_else(|| { - KmsError::Kmip21Error( - ErrorReason::Item_Not_Found, - format!("Decrypt: no valid key for id: {unique_identifier}"), - ) + if found_but_no_permission { + KmsError::Unauthorized(format!( + "Decrypt: the user {user} does not have the permission to decrypt using the key: {unique_identifier}" + )) + } else { + KmsError::ItemNotFound(format!("Decrypt: key id: {unique_identifier}, not found")) + } })?; // Enforce time window constraints for Decrypt mirroring Encrypt semantics: deny usage when diff --git a/crate/server/src/core/operations/encrypt.rs b/crate/server/src/core/operations/encrypt.rs index 308808ca98..ee08c3ee61 100644 --- a/crate/server/src/core/operations/encrypt.rs +++ b/crate/server/src/core/operations/encrypt.rs @@ -97,6 +97,7 @@ pub(crate) async fn encrypt(kms: &KMS, request: Encrypt, user: &str) -> KResult< // in the candidate list. let mut selected_owm = None; + let mut found_but_no_permission = false; for uid in uids { if let Some(prefix) = has_prefix(&uid) { if !kms.database.is_object_owned_by(&uid, user).await? { @@ -115,7 +116,7 @@ pub(crate) async fn encrypt(kms: &KMS, request: Encrypt, user: &str) -> KResult< return encrypt_using_encryption_oracle(kms, &request, data, &uid, prefix).await; } let owm = kms.database.retrieve_object(&uid).await?.ok_or_else(|| { - KmsError::InvalidRequest(format!("Encrypt: failed to retrieve key: {uid}")) + KmsError::ItemNotFound(format!("Encrypt: failed to retrieve key: {uid}")) })?; // Check effective state (PreActive with past activation_date counts as Active) if get_effective_state(&owm)? != State::Active { @@ -131,6 +132,7 @@ pub(crate) async fn encrypt(kms: &KMS, request: Encrypt, user: &str) -> KResult< .iter() .any(|p| [KmipOperation::Encrypt, KmipOperation::Get].contains(p)) { + found_but_no_permission = true; continue; } } @@ -156,10 +158,13 @@ pub(crate) async fn encrypt(kms: &KMS, request: Encrypt, user: &str) -> KResult< } } let mut owm = selected_owm.ok_or_else(|| { - KmsError::Kmip21Error( - ErrorReason::Item_Not_Found, - format!("Encrypt: no valid key for id: {unique_identifier}"), - ) + if found_but_no_permission { + KmsError::Unauthorized(format!( + "Encrypt: the user {user} does not have permission to encrypt using the key: {unique_identifier}" + )) + } else { + KmsError::ItemNotFound(format!("Encrypt: key id: {unique_identifier}, not found")) + } })?; // Enforce time window constraints: Active key is unusable for Encrypt if current time is diff --git a/crate/server/src/core/operations/message.rs b/crate/server/src/core/operations/message.rs index e128431afc..780439f7be 100644 --- a/crate/server/src/core/operations/message.rs +++ b/crate/server/src/core/operations/message.rs @@ -132,6 +132,24 @@ pub(crate) async fn message( Some(error_message), None, ), + Err(KmsError::ItemNotFound(error_message)) => ( + ResultStatusEnumeration::OperationFailed, + Some(ErrorReason::Item_Not_Found), + Some(error_message), + None, + ), + Err(KmsError::CryptographicError(error_message)) => ( + ResultStatusEnumeration::OperationFailed, + Some(ErrorReason::Cryptographic_Failure), + Some(error_message), + None, + ), + Err(KmsError::Unauthorized(error_message)) => ( + ResultStatusEnumeration::OperationFailed, + Some(ErrorReason::Permission_Denied), + Some(error_message), + None, + ), Err(err) => ( ResultStatusEnumeration::OperationFailed, Some(ErrorReason::Operation_Not_Supported), diff --git a/crate/server/src/core/retrieve_object_utils.rs b/crate/server/src/core/retrieve_object_utils.rs index 509e7faedf..e82151d485 100644 --- a/crate/server/src/core/retrieve_object_utils.rs +++ b/crate/server/src/core/retrieve_object_utils.rs @@ -147,6 +147,10 @@ pub(crate) async fn retrieve_object_for_operation( return Ok(owm); } + trace!( + "User {user} does not have permission for operation {operation_type:?} on object {}", + owm.id() + ); } Err(KmsError::Kmip21Error( diff --git a/crate/server/src/main.rs b/crate/server/src/main.rs index 8caddd145e..4118cf824e 100644 --- a/crate/server/src/main.rs +++ b/crate/server/src/main.rs @@ -146,10 +146,12 @@ async fn run() -> KResult<()> { mod tests { use std::path::PathBuf; - use cosmian_kms_server::config::{ - ClapConfig, GoogleCseConfig, HttpConfig, IdpAuthConfig, KmipPolicyConfig, LoggingConfig, - MainDBConfig, OidcConfig, ProxyConfig, SocketServerConfig, TlsConfig, UiConfig, - WorkspaceConfig, + use cosmian_kms_server::{ + config::{ + ClapConfig, GoogleCseConfig, HttpConfig, IdpAuthConfig, KmipPolicyConfig, LoggingConfig, MainDBConfig, + OidcConfig, ProxyConfig, SocketServerConfig, TlsConfig, UiConfig, WorkspaceConfig, + }, + routes::aws_xks::AwsXksConfig, }; #[cfg(feature = "non-fips")] @@ -178,6 +180,7 @@ mod tests { tls_p12_password: Some("[tls p12 password]".to_owned()), clients_ca_cert_file: Some(PathBuf::from("[authority cert file]")), tls_cipher_suites: Some("TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256".to_owned()), + ..Default::default() }, http: HttpConfig { port: 443, @@ -244,6 +247,15 @@ mod tests { hsm_slot: vec![], hsm_password: vec![], }, + aws_xks_config: AwsXksConfig { + aws_xks_enable: true, + aws_xks_region: Some("us-east-1".to_owned()), + aws_xks_service: Some("xks-kms".to_owned()), + aws_xks_sigv4_access_key_id: Some("AKIAIOSFODNN7EXAMPLE".to_owned()), + aws_xks_sigv4_secret_access_key: Some( + "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".to_owned(), + ), + }, key_encryption_key: Some("key wrapping key".to_owned()), default_unwrap_type: None, non_revocable_key_id: None, @@ -322,6 +334,14 @@ rolling_log_name = "kms_log" enable_metering = false environment = "development" ansi_colors = false + +[aws_xks_config] +aws_xks_enable = true +aws_xks_region = "us-east-1" +aws_xks_service = "xks-kms" +aws_xks_sigv4_access_key_id = "AKIAIOSFODNN7EXAMPLE" +aws_xks_sigv4_secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" +aws_xks_kek_user = "kek_user" "#; assert_eq!(toml_string.trim(), toml::to_string(&config).unwrap().trim()); diff --git a/crate/server/src/routes/aws_xks/README.md b/crate/server/src/routes/aws_xks/README.md new file mode 100644 index 0000000000..e40f76c5dd --- /dev/null +++ b/crate/server/src/routes/aws_xks/README.md @@ -0,0 +1,9 @@ +# AWS XKS + +Specs: + +Code loosely inspired from (License Apache 2.0) + +## Testing + +Follow the instructions in `test_data/aws_xks/README.md` to run the AWS XKS tests. \ No newline at end of file diff --git a/crate/server/src/routes/aws_xks/aws_xks_config.rs b/crate/server/src/routes/aws_xks/aws_xks_config.rs new file mode 100644 index 0000000000..c91872b38f --- /dev/null +++ b/crate/server/src/routes/aws_xks/aws_xks_config.rs @@ -0,0 +1,43 @@ +use clap::Args; +use serde::{Deserialize, Serialize}; + +#[derive(Debug, Args, Deserialize, Serialize, Clone)] +#[serde(default)] +#[derive(Default)] +#[allow(clippy::struct_field_names)] +pub struct AwsXksConfig { + /// This setting turns on endpoints handling the AWS XKS feature + #[clap(long, env = "KMS_AWS_XKS_ENABLE", default_value = "false")] + pub aws_xks_enable: bool, + + /// The AWS XKS region to use for signing requests (sigv4) + #[clap( + long, + env = "KMS_AWS_XKS_REGION", + required_if_eq("aws_xks_enable", "true") + )] + pub aws_xks_region: Option, + + /// The AWS XKS service name to use for signing requests (sigv4) + #[clap( + long, + env = "KMS_AWS_XKS_SERVICE", + required_if_eq("aws_xks_enable", "true") + )] + pub aws_xks_service: Option, + + #[clap( + long, + env = "KMS_AWS_XKS_SIGV4_ACCESS_KEY_ID", + required_if_eq("aws_xks_enable", "true") + )] + /// The AWS XKS `SigV4` access key ID used to sign requests + pub aws_xks_sigv4_access_key_id: Option, + + #[clap( + long, + env = "KMS_AWS_XKS_SIGV4_SECRET_ACCESS_KEY", + required_if_eq("aws_xks_enable", "true") + )] + pub aws_xks_sigv4_secret_access_key: Option, +} diff --git a/crate/server/src/routes/aws_xks/encrypt_decrypt/decrypt_.rs b/crate/server/src/routes/aws_xks/encrypt_decrypt/decrypt_.rs new file mode 100644 index 0000000000..dcb437e6c8 --- /dev/null +++ b/crate/server/src/routes/aws_xks/encrypt_decrypt/decrypt_.rs @@ -0,0 +1,229 @@ +//! Decrypt +//! --------------------- +//! This API is used by KMS to decrypt data using a key which resides within an external key manager +use std::sync::Arc; + +use actix_web::{ + HttpRequest, HttpResponse, post, + web::{Data, Json, Path}, +}; +use base64::{Engine, engine::general_purpose::STANDARD}; +use cosmian_kms_server_database::reexport::cosmian_kmip::{ + kmip_0::kmip_types::ErrorReason, + kmip_1_4::kmip_types::ResultReason, + kmip_2_1::{ + kmip_operations::Decrypt, + kmip_types::{CryptographicAlgorithm, CryptographicParameters, UniqueIdentifier}, + }, +}; +use serde::{Deserialize, Serialize}; +use tracing::{debug, info}; + +use crate::{ + core::KMS, + error::KmsError, + result::KResult, + routes::aws_xks::{ + encrypt_decrypt::{EncryptionAlgorithm, RequestMetadata}, + error::{XksErrorName, XksErrorReply}, + }, +}; + +/// KMS uses this API to encrypt data using a key in an external key manager. +/// +/// Example: +/// ```json +/// { +/// "requestMetadata": { +/// "awsPrincipalArn": "arn:aws:iam::123456789012:user/Alice", +/// "kmsKeyArn": "arn:aws:kms:us-east-2:123456789012:/key/1234abcd-12ab-34cd-56ef-1234567890ab", +/// "kmsOperation": "Decrypt", +/// "kmsRequestId": "5112f4d6-db54-4af4-ae30-c55a22a8dfae", +/// "kmsViaService": "ebs" +/// }, +/// "additionalAuthenticatedData": "cHJvamVjdD1uaWxlLGRlcGFydG1lbnQ9bWFya2V0aW5n", +/// "encryptionAlgorithm": "AES_GCM", +/// "ciphertext": "ghxkK1txeDNn3q8Y", +/// "ciphertextMetadata": "a2V5X3ZlcnNpb249MQ==", +/// "initializationVector": "HMrlRw85cAJUd5Ax", +/// "authenticationTag": "vBxN2ncH1oEkR8WVXpmyYQ==" +/// } +/// ``` +#[derive(Deserialize, Debug, Serialize)] +#[allow(non_snake_case)] +pub(crate) struct DecryptRequest { + /// The HTTP body of the request contains requestMetadata fields + /// that provide additional context on the request being made. + /// This information is helpful for auditing and for implementing + /// an optional secondary layer of authorization at the XKS Proxy + /// (see a later section on Authorization). + /// There is no expectation for the XKS Proxy to validate any information + /// included in the requestMetadata beyond validating the signature + /// that covers the entire request payload. + pub requestMetadata: RequestMetadata, + /// Base64 encoded ciphertext provided to an external key manager for decryption. + /// At a minimum, the proxy MUST support the ability to process 4300 bytes of ciphertext. + /// Note the Base64 encoded string corresponding to 4300 bytes of binary data + /// will be 5736 bytes long. + /// This field is REQUIRED. + pub ciphertext: String, + /// Base64 encoded ciphertextMetadata that was included with the ciphertext + /// in the output of the encrypt call that produced the ciphertext being decrypted. + /// This is an OPTIONAL, vendor-specific field. + /// When present, the size of the field MUST NOT exceed 20 bytes (before Base64 encoding). + /// The XKS Proxy MUST detect when the ciphertextMetadata passed to decrypt + /// has been modified relative to the ciphertextMetadata generated + /// during the corresponding encrypt. + /// Appending the ciphertextMetadata to the additionalAuthenticatedData + /// and using that as the AAD for the external key manager, as described in the Encrypt API, + /// will automatically accomplish this. + pub ciphertextMetadata: Option, + /// Specifies the algorithm that will be used for encryption. + /// For the v1 specification, this MUST be `AES_GCM`. + /// This field is REQUIRED. + pub encryptionAlgorithm: EncryptionAlgorithm, + /// AES-GCM is an example of an AEAD (Authenticated Decryption with Additional Data) cipher + /// for which the encrypt operation produces an authenticationTag in addition to the ciphertext. + /// The authenticationTag can be used to ensure the integrity of the ciphertext + /// and additional data passed as AAD. + /// For a decrypt call to succeed, the same AAD that was used to create the ciphertext + /// must be supplied to the decrypt operation. + /// This field is OPTIONAL. + /// When present, this field MUST be specified as a Base64 encoded string + /// and used as the Additional Authenticated Data (AAD) input to the AES-GCM operation + /// inside the external key manager. + /// The XKS Proxy MUST be able to handle AAD values up to 8192 bytes in length + /// (the Base64 encoding of 8192 bytes will be 10924 bytes). + pub additionalAuthenticatedData: Option, + /// Base64 encoded initialization vector generated by the external key manager + /// that was used during encrypt operation. + /// For a decrypt call to succeed, this must be the same IV that was generated + /// when the ciphertext was created. + /// This field is REQUIRED. + /// For `AES_GCM`, the length of the initializationVector MUST be 12 bytes or 16 bytes + /// (the Base64 encoding will have 16 bytes or 24 bytes). + pub initializationVector: String, + /// Base64 encoded message authentication code. + /// Authentication tag size MUST be 16 bytes (the Base64 encoding will have 24 bytes). + /// For a decrypt call to succeed, this must be the same tag + /// that was generated by the encrypt call when the ciphertext was created. + /// This field is REQUIRED. + pub authenticationTag: String, +} + +/// The HTTP response body contains the keySpec, keyUsage, and keyStatus fields. +/// ```json +/// { +// "plaintext": "SGVsbG8gV29ybGQh" +/// } +/// ``` +#[derive(Serialize, Default, Deserialize)] +#[allow(non_snake_case)] +pub(crate) struct DecryptResponse { + /// Base64 encoded plaintext generated by an external key manager + /// from decrypting the provided ciphertext. + /// The size of the plaintext MUST be the same as the size of the ciphertext. + /// Plaintext returned by the decrypt API MUST NOT be logged at XKS Proxy + /// or the external key manager. + pub plaintext: String, +} + +#[post("/kms/xks/v1/keys/{key_id}/decrypt")] +pub(crate) async fn decrypt( + req_http: HttpRequest, + key_id: Path, + request: Json, + kms: Data>, +) -> HttpResponse { + let request = request.into_inner(); + let key_id = key_id.into_inner(); + info!( + "POST /kms/xks/v1/keys/{key_id}/decrypt - operation: {} - id: {} - user: {}", + request.requestMetadata.kmsOperation, + request.requestMetadata.kmsRequestId, + request.requestMetadata.awsPrincipalArn + ); + debug!("decrypt request: {:?}", request.requestMetadata); + let kms = kms.into_inner(); + match decrypt_inner(req_http, request, key_id, &kms) + .await + .map(Json) + { + Ok(wrap_response) => HttpResponse::Ok().json(wrap_response), + Err(e) => match e { + KmsError::Unauthorized(msg) => XksErrorReply { + errorName: XksErrorName::InvalidKeyUsageException, + errorMessage: Some(msg), + } + .into(), + KmsError::ItemNotFound(msg) => XksErrorReply { + errorName: XksErrorName::KeyNotFoundException, + errorMessage: Some(msg), + } + .into(), + KmsError::CryptographicError(msg) + | KmsError::Kmip21Error(ErrorReason::Cryptographic_Failure, msg) + | KmsError::Kmip14Error(ResultReason::CryptographicFailure, msg) => XksErrorReply { + errorName: XksErrorName::InvalidCiphertextException, + errorMessage: Some(msg), + } + .into(), + _ => { + info!("Decrypt error: {:?}", e); + HttpResponse::from_error(e) + } + }, + } +} + +async fn decrypt_inner( + _req_http: HttpRequest, + request: DecryptRequest, + key_id_or_tags: String, + kms: &Arc, +) -> KResult { + let user = request.requestMetadata.awsPrincipalArn; + let cryptographic_parameters = match request.encryptionAlgorithm { + EncryptionAlgorithm::AES_GCM => CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::AES), + ..Default::default() + }, + }; + let data = STANDARD.decode(&request.ciphertext)?; + // Supplied Nonce or new one. + let nonce = STANDARD.decode(&request.initializationVector)?; + let aead = match request.additionalAuthenticatedData { + None => None, + Some(b64) => Some(STANDARD.decode(&b64)?), + }; + let tag = STANDARD.decode(request.authenticationTag)?; + // override the key_id if one is supplied as part of the metadata + let key_id = if let Some(key_id) = request.ciphertextMetadata { + String::from_utf8(STANDARD.decode(key_id)?)? + } else { + key_id_or_tags + }; + + let response = kms + .decrypt( + Decrypt { + unique_identifier: Some(UniqueIdentifier::TextString(key_id)), + cryptographic_parameters: Some(cryptographic_parameters), + data: Some(data), + i_v_counter_nonce: Some(nonce.clone()), + correlation_value: None, + init_indicator: None, + final_indicator: None, + authenticated_encryption_additional_data: aead.clone(), + authenticated_encryption_tag: Some(tag), + }, + &user, + ) + .await?; + let plaintext = response + .data + .ok_or_else(|| KmsError::ServerError("Missing AES GCM ciphertext".to_owned()))?; + Ok(DecryptResponse { + plaintext: STANDARD.encode(&plaintext), + }) +} diff --git a/crate/server/src/routes/aws_xks/encrypt_decrypt/encrypt_.rs b/crate/server/src/routes/aws_xks/encrypt_decrypt/encrypt_.rs new file mode 100644 index 0000000000..8754bb67ff --- /dev/null +++ b/crate/server/src/routes/aws_xks/encrypt_decrypt/encrypt_.rs @@ -0,0 +1,300 @@ +//! Encrypt +//! ---------------- +//! KMS uses this API to encrypt data using a key in an external key manager. +use std::sync::Arc; + +use actix_web::{ + HttpRequest, HttpResponse, post, + web::{Data, Json, Path}, +}; +use base64::{Engine, engine::general_purpose::STANDARD}; +use cosmian_kms_server_database::reexport::{ + cosmian_kmip::kmip_2_1::{ + kmip_operations::Encrypt, + kmip_types::{CryptographicAlgorithm, CryptographicParameters, UniqueIdentifier}, + }, + cosmian_kms_crypto::crypto::symmetric::symmetric_ciphers::AES_256_GCM_IV_LENGTH, +}; +use openssl::{rand::rand_bytes, sha::Sha256}; +use serde::{Deserialize, Serialize}; +use tracing::{debug, info}; +use zeroize::Zeroizing; + +use crate::{ + core::KMS, + error::KmsError, + result::KResult, + routes::aws_xks::{ + encrypt_decrypt::{CdivAlgorithm, EncryptionAlgorithm, RequestMetadata}, + error::{XksErrorName, XksErrorReply}, + }, +}; + +/// KMS uses this API to encrypt data using a key in an external key manager. +/// +/// Example: +/// ```json +/// { +/// "requestMetadata": { +/// "awsPrincipalArn": "arn:aws:iam::123456789012:user/Alice", +/// "kmsKeyArn": "arn:aws:kms:us-east-2:123456789012:/key/1234abcd-12ab-34cd-56ef-1234567890ab", +/// "kmsOperation": "Encrypt", +/// "kmsRequestId": "4112f4d6-db54-4af4-ae30-c55a22a8dfae", +/// "kmsViaService": "ebs" +/// }, +/// "additionalAuthenticatedData": "cHJvamVjdD1uaWxlLGRlcGFydG1lbnQ9bWFya2V0aW5n", +/// "plaintext": "SGVsbG8gV29ybGQh", +/// "encryptionAlgorithm": "AES_GCM", +/// "ciphertextDataIntegrityValueAlgorithm": "SHA_256" +/// } +/// ``` +#[derive(Deserialize, Debug, Serialize)] +#[allow(non_snake_case)] +pub(crate) struct EncryptRequest { + /// The HTTP body of the request contains requestMetadata fields + /// that provide additional context on the request being made. + /// This information is helpful for auditing and for implementing + /// an optional secondary layer of authorization at the XKS Proxy + /// (see a later section on Authorization). + /// There is no expectation for the XKS Proxy to validate any information + /// included in the requestMetadata beyond validating the signature + /// that covers the entire request payload. + pub requestMetadata: RequestMetadata, + /// Base64-encoded plaintext provided to external key manager for encryption. + /// The proxy MUST support the ability to process up to 4300 bytes of plaintext data. + /// Note that Base64 encoding of 4300 bytes of binary data will result in a string + /// that is 5736 bytes. + /// Plaintext passed to the encrypt API MUST NOT be logged at XKS Proxy + /// or the external key manager. + /// This field is REQUIRED. + pub plaintext: String, + /// Specifies the algorithm that will be used for encryption. + /// For the v1 specification, this MUST be `AES_GCM`. + /// This field is REQUIRED. + pub encryptionAlgorithm: EncryptionAlgorithm, + /// AES-GCM is an example of an AEAD (Authenticated Encryption with Additional Data) cipher + /// for which the encrypt operation produces an authenticationTag in addition to the ciphertext. + /// The authenticationTag can be used to ensure the integrity of the ciphertext + /// and additional data passed as AAD. + /// For a decrypt call to succeed, the same AAD that was used to create the ciphertext + /// must be supplied to the decrypt operation. + /// This field is OPTIONAL. + /// When present, this field MUST be specified as a Base64 encoded string + /// and used as the Additional Authenticated Data (AAD) input to the AES-GCM operation + /// inside the external key manager. + /// The XKS Proxy MUST be able to handle AAD values up to 8192 bytes in length + /// (the Base64 encoding of 8192 bytes will be 10924 bytes). + pub additionalAuthenticatedData: Option, + /// Indicates the hashing algorithm to be used in the computation + /// of the Ciphertext Data Integrity Value (CDIV). + /// For the first version (v1) of this specification, this MUST be "`SHA_256`". + /// This field is OPTIONAL. + /// When present, the XKS Proxy MUST return a ciphertextDataIntegrityValue field + /// in its response as described below. + pub ciphertextDataIntegrityValueAlgorithm: Option, +} + +/// The HTTP response body contains the keySpec, keyUsage, and keyStatus fields. +/// ```json +/// { +/// "authenticationTag": "vBxN2ncH1oEkR8WVXpmyYQ==", +/// "ciphertext": "ghxkK1txeDNn3q8Y", +/// "ciphertextDataIntegrityValue": "qHA/ImC9h5HsLRXqCyPmWgYx7tzyoTplzILbP0fPXsc=", +/// "ciphertextMetadata": "a2V5X3ZlcnNpb249MQ==", +/// "initializationVector": "HMrlRw85cAJUd5Ax" +/// } +/// ``` +#[derive(Serialize, Default, Deserialize)] +#[allow(non_snake_case)] +pub(crate) struct EncryptResponse { + /// Base64 encoded ciphertext generated by the external key manager from provided plaintext. + /// Since `AES_GCM` is a stream cipher, the length of the ciphertext + /// MUST be the same as the length of the plaintext + pub ciphertext: String, + /// The XKS Proxy MAY return up to 20 bytes of ciphertext metadata for internal housekeeping, + /// e.g. an external key manager may implement automatic key rotation + /// and use the extra bytes to encode versioning of the key material. + /// This is an OPTIONAL, vendor-specific field. + /// When present, the size of the field MUST NOT exceed 20 bytes + /// and the value MUST be Base64-encoded (the encoded string will be more than 20 bytes). + /// The XKS Proxy MUST append the ciphertextMetadata to the additionalAuthenticatedData + /// before normal AES GCM processing to ensure that integrity protection + /// offered by the authenticationTag extends to the ciphertextMetadata. + /// + /// NOTE: It is important to explicitly include the length of additionalAuthenticatedData + /// and the length of the ciphertextMetadata to avoid unintended successful decrypts, + /// e.g. when a caller calls encrypt with no additionalAuthenticatedData, + /// receives a ciphertextMetadata in the response and then calls decrypt + /// passing the ciphertextMetadata as additionalAuthenticatedData and no ciphertextMetadata. + /// The AAD input for the external key manager should be computed as (2-byte length, + /// before Base64 encoding, of additionalAuthenticatedData in big-endian format + /// || additionalAuthenticatedData || 1-byte length, before Base64 encoding, + /// of ciphertextMetadata || ciphertextMetadata) where || represents concatenation of + /// the binary values before Base64 encoding. If the additionalAuthenticatedData + /// or ciphertextMetadata is not present, the corresponding length MUST be set to zero. + /// If the inclusion of the lengths represents a departure from previously implemented behavior, + /// the XKS proxy SHOULD encode the new behavior in the ciphertextMetadata + /// and use the encoding to follow the same behavior during decrypt as was used + /// for the corresponding encrypt. + /// Otherwise, previously generated ciphertext will no longer be decryptable. + /// + /// For example, let's say version A of an XKS proxy concatenated the ciphertextMetadata + /// directly to additionalAuthenticatedData (without including the lengths) + /// but Version B implements new guidance then there needs to be a mechanism to distinguish + /// whether a decrypt call should use the old way or the new way to create the AAD + /// for the external key manager. + /// If Version B always implements the new behavior then ciphertext created by Version A + /// will no longer be decryptable. + /// The ciphertextMetadata is the natural place to encode this difference in + /// how the authenticationTag was created. + pub ciphertextMetadata: Option, + /// Base64 encoded initialization vector generated by the external key manager + /// that was used during encrypt operation. + /// The initialization vector MUST be either 12 bytes (96 bits) or 16 bytes (128 bits). + /// The Base64 encoding will have 16 bytes or 24 bytes. + pub initializationVector: String, + /// Base64 encoded message authentication code generated by external key manager + /// performing AES-GCM encryption. + /// Authentication tag size MUST be 16 bytes (128 bits). + /// Some key managers append the authentication tag to the ciphertext. + /// In such cases, the XKS proxy MUST separate the two before composing the response. + pub authenticationTag: String, + /// This field is a Base64 encoded hash computed over the + /// additionalAuthenticatedData (if present in the request), ciphertextMetadata (if present), + /// initializationVector, ciphertext and authenticationTag fields in the response. + /// It MUST be included whenever the request includes the ciphertextDataIntegrityValueAlgorithm + /// field. + /// The hashing algorithm used to compute this value MUST be the one specified + /// as the ciphertextDataIntegrityValueAlgorithm in the request. + /// KMS will independently calculate the ciphertextDataIntegrityValue (CDIV) + /// and return an error to the caller if the computed value does not match the value + /// in the response. + /// KMS interprets a match as assurance from the XKS Proxy that a subsequent decrypt call + /// where the caller passes in the same additionalAuthenticatedData + /// (if present, in the encrypt request), initializationVector, ciphertext + /// and authenticationTag values will succeed and return the plaintext + /// that was passed as input to this encrypt API. + /// See Appendix C for a complete example and specific CDIV implementation guidelines. + pub ciphertextDataIntegrityValue: Option, +} + +#[post("/kms/xks/v1/keys/{key_id}/encrypt")] +pub(crate) async fn encrypt( + req_http: HttpRequest, + key_id: Path, + request: Json, + kms: Data>, +) -> HttpResponse { + let request = request.into_inner(); + let key_id = key_id.into_inner(); + info!( + "POST /kms/xks/v1/keys/{key_id}/encrypt - operation: {} - id: {} - user: {}", + request.requestMetadata.kmsOperation, + request.requestMetadata.kmsRequestId, + request.requestMetadata.awsPrincipalArn + ); + debug!("encrypt request: {:?}", request.requestMetadata); + let kms = kms.into_inner(); + match encrypt_inner(req_http, request, key_id, &kms) + .await + .map(Json) + { + Ok(wrap_response) => HttpResponse::Ok().json(wrap_response), + Err(e) => match e { + KmsError::Unauthorized(msg) => XksErrorReply { + errorName: XksErrorName::InvalidKeyUsageException, + errorMessage: Some(msg), + } + .into(), + KmsError::ItemNotFound(msg) => XksErrorReply { + errorName: XksErrorName::KeyNotFoundException, + errorMessage: Some(msg), + } + .into(), + KmsError::CryptographicError(msg) => XksErrorReply { + errorName: XksErrorName::ValidationException, + errorMessage: Some(msg), + } + .into(), + _ => HttpResponse::from_error(e), + }, + } +} + +async fn encrypt_inner( + _req_http: HttpRequest, + request: EncryptRequest, + key_id_or_tags: String, + kms: &Arc, +) -> KResult { + let user = request.requestMetadata.awsPrincipalArn; + + let cryptographic_parameters = match request.encryptionAlgorithm { + EncryptionAlgorithm::AES_GCM => CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::AES), + ..Default::default() + }, + }; + let data = Zeroizing::new(STANDARD.decode(&request.plaintext)?); + // Supplied Nonce or new one. + let nonce: [u8; AES_256_GCM_IV_LENGTH] = { + let mut iv = [0; AES_256_GCM_IV_LENGTH]; + rand_bytes(&mut iv)?; + iv + }; + let aead = match request.additionalAuthenticatedData { + None => None, + Some(b64) => Some(STANDARD.decode(&b64)?), + }; + let response = kms + .encrypt( + Encrypt { + unique_identifier: Some(UniqueIdentifier::TextString(key_id_or_tags.clone())), + cryptographic_parameters: Some(cryptographic_parameters), + data: Some(data), + i_v_counter_nonce: Some(nonce.to_vec()), + correlation_value: None, + init_indicator: None, + final_indicator: None, + authenticated_encryption_additional_data: aead.clone(), + }, + &user, + ) + .await?; + let ciphertext = response + .data + .ok_or_else(|| KmsError::ServerError("Missing AES GCM ciphertext".to_owned()))?; + let returned_key_id = response.unique_identifier.to_string(); + let ciphertext_metadata = if returned_key_id == key_id_or_tags { + None + } else { + // The encryption is likely performed using tags; keep track of the actual key used + Some(returned_key_id.as_bytes().to_vec()) + }; + let tag = response.authenticated_encryption_tag.ok_or_else(|| { + KmsError::ServerError("Missing AES GCM authenticated encryption tag".to_owned()) + })?; + let integrity_hash = match request.ciphertextDataIntegrityValueAlgorithm { + None => None, + Some(CdivAlgorithm::SHA_256) => { + let mut hasher = Sha256::new(); + if let Some(aead) = &aead { + hasher.update(aead); + } + if let Some(ciphertext_metadata) = &ciphertext_metadata { + hasher.update(ciphertext_metadata); + } + hasher.update(&nonce); + hasher.update(&ciphertext); + hasher.update(&tag); + Some(hasher.finish()) + } + }; + Ok(EncryptResponse { + ciphertext: STANDARD.encode(ciphertext), + ciphertextMetadata: ciphertext_metadata.map(|b| STANDARD.encode(&b)), + initializationVector: STANDARD.encode(nonce), + authenticationTag: STANDARD.encode(tag), + ciphertextDataIntegrityValue: integrity_hash.map(|b| STANDARD.encode(b)), + }) +} diff --git a/crate/server/src/routes/aws_xks/encrypt_decrypt/mod.rs b/crate/server/src/routes/aws_xks/encrypt_decrypt/mod.rs new file mode 100644 index 0000000000..4b5369952a --- /dev/null +++ b/crate/server/src/routes/aws_xks/encrypt_decrypt/mod.rs @@ -0,0 +1,63 @@ +mod decrypt_; +mod encrypt_; +pub(crate) use decrypt_::decrypt; +pub(crate) use encrypt_::encrypt; +use serde::{Deserialize, Serialize}; + +/// Request Payload Parameters: The HTTP body of the request contains the requestMetadata. +#[derive(Serialize, Deserialize, Debug, Clone)] +#[allow(non_snake_case)] +#[allow(dead_code)] +pub(crate) struct RequestMetadata { + /// This is the ARN of the principal that invoked KMS Decrypt (see aws:PrincipalArn). + /// When the caller is another AWS service, this field will contain either + /// the service principal ending in amazonaws.com, such as ec2.amazonaws.com or + /// “AWS Internal”. This field is REQUIRED. + pub awsPrincipalArn: String, + /// This field is OPTIONAL. It is present if and only if the KMS API request was made using + /// a VPC endpoint. + /// When present, this field indicates the VPC where the request originated (see aws:SourceVpc). + pub awsSourceVpc: Option, + /// This field is OPTIONAL. It is present if and only if the KMS API request was made using + /// a VPC endpoint. + /// When present, this field indicates the VPC endpoint used for the request (see aws:SourceVpce) + pub awsSourceVpce: Option, + /// This is the ARN of the KMS Key on which the Decrypt, `ReDecrypt`, `GenerateDataKey` + /// or `GenerateDataKeyWithoutPlaintext` API was invoked. This field is REQUIRED. + pub kmsKeyArn: String, + /// This is the KMS API call that resulted in the XKS Proxy API request, + /// e.g. `CreateKey` can result in a `GetKeyMetadata` call. This field is REQUIRED. + /// The XKS Proxy MUST NOT reject a request as invalid if it sees a kmsOperation + /// other than those listed for this API call. + /// In the future, KMS may introduce a new API that can be satisfied + /// by calling one of the XKS APIs listed in this document. + /// For proxies that implement secondary authorization, + /// it is acceptable for XKS API requests made as part of the new KMS API to fail authorization. + /// It is easier for a customer to update their XKS Proxy authorization policy + /// than to update their XKS Proxy software. + pub kmsOperation: String, + /// This is the requestId of the call made to KMS which is visible in AWS `CloudTrail`. + /// The XKS proxy SHOULD log this field to allow a customer + /// to correlate AWS `CloudTrail` entries with log entries in the XKS Proxy. + /// This field typically follows the format for UUIDs + /// but the XKS Proxy MUST treat this as an opaque string + /// and MUST NOT perform any validation on its structure. + /// This field is REQUIRED. + pub kmsRequestId: String, + /// This field is OPTIONAL. If present, it indicates the AWS service that called the KMS API + /// on behalf of a customer (see kms:ViaService) + pub kmsViaService: Option, +} + +#[derive(Debug, Serialize, Deserialize)] +#[allow(non_camel_case_types)] +pub(crate) enum EncryptionAlgorithm { + AES_GCM, +} + +/// Ciphertext Data Integrity Value Algorithm +#[derive(Debug, Serialize, Deserialize)] +#[allow(non_camel_case_types)] +pub(crate) enum CdivAlgorithm { + SHA_256, +} diff --git a/crate/server/src/routes/aws_xks/error.rs b/crate/server/src/routes/aws_xks/error.rs new file mode 100644 index 0000000000..929baf4081 --- /dev/null +++ b/crate/server/src/routes/aws_xks/error.rs @@ -0,0 +1,188 @@ +#![allow(dead_code)] +use std::fmt::{Display, Formatter}; + +use actix_web::{ + // Error, HttpRequest, + Error, + HttpRequest, + HttpResponse, + ResponseError, + // dev::ServiceResponse, + error::JsonPayloadError, + // middleware::ErrorHandlerResponse, + // dev::ServiceResponse, error::JsonPayloadError, http, middleware::ErrorHandlerResponse, +}; +use cosmian_logger::debug; +use serde::{Deserialize, Serialize}; + +/// Error Name for AWS XKS Error replies +#[derive(Debug, Serialize, Deserialize, Clone)] +#[allow(non_camel_case_types)] +#[allow(clippy::enum_variant_names)] +pub enum XksErrorName { + /// The request was rejected because one + /// or more input parameters is invalid. + /// 400: ALL except `GetHealthStatus` + ValidationException, + + /// The request was rejected because the + /// specified external key or key store is + /// disabled, deactivated or blocked. + /// 400: ALL + InvalidStateException, + + /// The request was rejected because the + /// specified ciphertext, initialization vector, + /// additional authenticated data or + /// authentication tag is corrupted, missing, + /// or otherwise invalid. + /// 400: Decrypt + InvalidCiphertextException, + + /// The request was rejected because the + /// specified key does not support the + /// requested operation. + /// 400: Decrypt, Encrypt + InvalidKeyUsageException, + + /// The request was rejected due to + /// invalid AWS `SigV4` signature. + /// 401: ALL + AuthenticationFailedException, + + /// The request was rejected because the + /// operation is not authorized based on + /// request metadata. + /// 403: ALL except `GetHealthStatus` + AccessDeniedException, + + /// The request was rejected because the + /// specified external key is not found. + /// 404: ALL except `GetHealthStatus` + KeyNotFoundException, + + /// The request was rejected because the + /// specified URI path is not valid. + /// 404: ALL + InvalidUriPathException, + + /// The request was rejected because the + /// request rate is too high. The + /// proxy may send this either because + /// it is unable to keep up or the caller + /// exceeded its request quota. + /// 429: ALL + ThrottlingException, + + /// The request was rejected because the + /// specified cryptographic operation is not + /// implemented, or if a parameter value + /// exceeded the maximum size that is + /// currently supported by a specific + /// implementation beyond the minimize size + /// required by this API specification. + /// 501: ALL + UnsupportedOperationException, + + /// The XKS proxy timed out while trying to + /// access a dependency layer to fulfill the + /// request. + /// 503: ALL + DependencyTimeoutException, + + /// This is a generic server error. For example, + /// this exception is thrown due to failure of + /// the backing key manager, or failure of a + /// dependency layer. + /// 500: ALL + InternalException, +} + +/// Error reply for AWS XKS +/// +/// see: +/// +/// Example +/// ```json +/// { +/// "errorName": "InvalidCiphertextException", // required +/// "errorMessage": "The request was rejected because the specified ciphertext, or additional authenticated data is corrupted, missing, or otherwise invalid." // optional +/// } +/// ``` +#[derive(Serialize, Debug, Clone)] +#[allow(non_snake_case)] +pub struct XksErrorReply { + pub errorName: XksErrorName, + pub errorMessage: Option, +} + +impl Display for XksErrorReply { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + f.write_fmt(format_args!("{self:?}")) + } +} + +impl From for HttpResponse { + fn from(e: XksErrorReply) -> Self { + debug!("Xks Error: {:?}", e); + match e.errorName { + XksErrorName::ValidationException + | XksErrorName::InvalidStateException + | XksErrorName::InvalidCiphertextException + | XksErrorName::InvalidKeyUsageException + | XksErrorName::AuthenticationFailedException => Self::Unauthorized().json(e), + XksErrorName::AccessDeniedException => Self::Forbidden().json(e), + // We map to I am a teapot to avoid falling into the generic 404 error handler + // and use another handler to convert it to 404 + XksErrorName::KeyNotFoundException => Self::ImATeapot().json(e), + XksErrorName::InvalidUriPathException => Self::NotFound().json(e), + XksErrorName::ThrottlingException => Self::TooManyRequests().json(e), + XksErrorName::UnsupportedOperationException => Self::NotImplemented().json(e), + XksErrorName::DependencyTimeoutException => Self::ServiceUnavailable().json(e), + XksErrorName::InternalException => Self::InternalServerError().json(e), + } + } +} + +impl ResponseError for XksErrorReply { + fn error_response(&self) -> HttpResponse { + HttpResponse::from(self.clone()) + } +} + +// Custom error handler for JSON deserialization errors +#[allow(clippy::needless_pass_by_value)] +pub(crate) fn xks_json_error_handler(err: JsonPayloadError, _req: &HttpRequest) -> Error { + let error_message = match &err { + JsonPayloadError::Deserialize(e) => format!("JSON deserialize error: {e}"), + _ => "Unknown error".to_owned(), + }; + XksErrorReply { + errorName: XksErrorName::ValidationException, + errorMessage: Some(error_message), + } + .into() +} + +pub(crate) async fn xks_path_not_found_handler( + req: HttpRequest, +) -> Result { + debug!("XKS Proxy - Path not found: {}", req.path()); + Err(XksErrorReply { + errorName: XksErrorName::InvalidUriPathException, + errorMessage: Some(format!("Resource not found: {}", req.path())), + }) +} + +// /// Custom error handler for "I am a teapot" which are "key not found" errors +// /// and must be reconverted to 404 to meet the spec +// pub(crate) fn xks_key_not_found_handler( +// mut service_response: ServiceResponse, +// ) -> actix_web::Result> { +// *service_response.response_mut().status_mut() = http::StatusCode::NOT_FOUND; + +// // body is unchanged, map to "left" slot +// Ok(ErrorHandlerResponse::Response( +// service_response.map_into_left_body(), +// )) +// } diff --git a/crate/server/src/routes/aws_xks/health_status.rs b/crate/server/src/routes/aws_xks/health_status.rs new file mode 100644 index 0000000000..d7c2fc9cbb --- /dev/null +++ b/crate/server/src/routes/aws_xks/health_status.rs @@ -0,0 +1,137 @@ +//! `GetHealthStatus` +//! --------------- +//! This API serves multiple purposes +//! +//! It is used to ensure that the XKS Proxy base URL (https://!//kms/xks/v1) +//! and `SigV4` credentials required to communicate with the proxy are configured correctly in KMS. +//! +//! It is used to ensure that the XKS Proxy is ready to handle +//! other API requests (encrypt/decrypt/getKeyMetadata) +//! +//! It is used to gather information for proactively monitoring availability risks +//! and processing KMS customer requests to raise the Transactions Per Second (TPS) limit +//! on their external key manager. +//! +//! Before returning a successful response (HTTP 200 OK), +//! the XKS Proxy SHOULD verify not only that the external key manager is reachable +//! but is also able to perform cryptographic operations, i.e. the health-check SHOULD be deep +//! rather than shallow. +//! +//! The health check should be implemented such that a successful check provides strong assurance +//! that an encrypt, decrypt or getKeyMetadata request issued immediately +//! after will succeed (except due to authorization checks). +//! +//! The XKS Proxy SHOULD create test keys in the external key manager +//! and invoke cryptographic operations on them as part of the deep Healthcheck. +//! +//! This API MUST be excluded from secondary authorization if the XKS Proxy implements such authorization. +//! +//! HTTP Method: POST +//! +//! API specs: +use std::sync::Arc; + +use actix_web::{ + HttpRequest, HttpResponse, post, + web::{Data, Json}, +}; +use clap::crate_version; +use serde::{Deserialize, Serialize}; +use tracing::info; + +use crate::core::KMS; + +/// Request Payload Parameters: The HTTP body of the request contains the requestMetadata. +#[derive(Deserialize, Debug, Serialize)] +#[allow(non_snake_case)] +pub(crate) struct GetHealthStatusRequest { + pub requestMetadata: RequestMetadata, +} + +/// Request Payload Parameters: The HTTP body of the request only contains the requestMetadata. +#[derive(Serialize, Deserialize, Debug, Clone)] +#[allow(non_snake_case)] +#[allow(dead_code)] +pub(crate) struct RequestMetadata { + /// This is the requestId of the call made by AWS KMS as part of + /// a periodic health check which is visible in AWS `CloudTrail`. + /// The XKS proxy SHOULD log this field to allow a customer to correlate + /// AWS `CloudTrail` entries with log entries in the XKS Proxy. + /// This field typically follows the format for UUIDs + /// but the XKS Proxy MUST treat this as an opaque string and + /// MUST NOT perform any validation on its structure. This field is REQUIRED. + pub kmsRequestId: String, + + /// This is the KMS API call that resulted in the XKS Proxy API request. + /// This field is REQUIRED. + /// The kmsOperation is set to `CreateCustomKeyStore`, `ConnectCustomKeyStore`, + /// or `UpdateCustomKeyStore` when the `GetHealthStatus` API is called as part of those KMS APIs. + /// This field is set to `KmsHealthCheck` when `GetHealthStatus` is called periodically + /// to get health status for publishing to `CloudWatch` metrics. + /// The XKS Proxy MUST NOT reject a request as invalid if it sees a kmsOperation + /// other than those listed for this API call. + pub kmsOperation: String, +} + +// External Key Manager Details +#[derive(Serialize, Deserialize, Debug)] +#[allow(non_snake_case)] +pub(crate) struct EkmFleetDetails { + /// Unique identifier for the external key manager in the external key manager cluster. + pub id: String, + /// Model of the external key manager. This SHOULD include the product name, + /// version of the hardware and any other information that would be useful + /// in troubleshooting and estimating TPS capacity. + pub model: String, + /// Status of health check on the external key manager from XKS proxy. + /// The possible statuses are ACTIVE, DEGRADED and UNAVAILABLE. ACTIVE means that + /// external key manager is healthy, DEGRADED means that external key manager is unhealthy + /// but can still serve traffic and UNAVAILABLE means that + /// external key manager is unable to serve traffic. + pub healthStatus: String, +} + +/// Response Payload Parameters: The HTTP body of the response contains +/// the health status of the XKS Proxy and the external key manager. +#[derive(Serialize, Deserialize, Debug)] +#[allow(non_snake_case)] +pub(crate) struct GetHealthStatusResponse { + /// Size of XKS proxy fleet. This MUST be an integer greater than zero. + pub xksProxyFleetSize: u16, + /// Name of the XKS Proxy vendor, this could be different from the name + /// of the external key manager vendor. + /// Both MUST be included even if they are the same. + pub xksProxyVendor: String, + /// Model of the XKS Proxy. This SHOULD include the product name and version. + pub xksProxyModel: String, + /// Name of the external key manager vendor. + pub ekmVendor: String, + /// External Key Manager Details + pub ekmFleetDetails: Vec, +} + +#[post("/kms/xks/v1/health")] +pub(crate) async fn get_health_status( + _req_http: HttpRequest, + request: Json, + _kms: Data>, +) -> HttpResponse { + let request = request.into_inner(); + info!( + "POST /aws/kms/xks/v1/health - request id {} - operation {}", + request.requestMetadata.kmsRequestId, request.requestMetadata.kmsOperation + ); + + let model = format!("Cosmian KMS {}", crate_version!()); + HttpResponse::Ok().json(GetHealthStatusResponse { + xksProxyFleetSize: 1, + xksProxyVendor: "Cosmian".to_owned(), + xksProxyModel: model.clone(), + ekmVendor: "Cosmian".to_owned(), + ekmFleetDetails: vec![EkmFleetDetails { + id: "1".to_owned(), + model, + healthStatus: "ACTIVE".to_owned(), + }], + }) +} diff --git a/crate/server/src/routes/aws_xks/key_metadata.rs b/crate/server/src/routes/aws_xks/key_metadata.rs new file mode 100644 index 0000000000..06d1e1e814 --- /dev/null +++ b/crate/server/src/routes/aws_xks/key_metadata.rs @@ -0,0 +1,370 @@ +//! `GetKeyMetaData` +//! ---------------- +//! This API is called by KMS to get metadata about an external key or create a new external key. +use std::sync::Arc; + +use actix_web::{ + HttpRequest, HttpResponse, post, + web::{Data, Json, Path}, +}; +use cosmian_kms_access::access::Access; +use cosmian_kms_server_database::reexport::cosmian_kmip::{ + kmip_0::kmip_types::CryptographicUsageMask, + kmip_2_1::{ + KmipOperation, + kmip_attributes::Attributes, + kmip_objects::ObjectType, + kmip_operations::{Create, GetAttributes}, + kmip_types::{CryptographicAlgorithm, KeyFormatType, UniqueIdentifier}, + }, +}; +use cosmian_logger::warn; +use serde::{Deserialize, Serialize}; +use time::OffsetDateTime; +use tracing::{debug, info}; + +use crate::{ + core::KMS, + routes::aws_xks::error::{XksErrorName, XksErrorReply}, +}; + +/// Returns the current UTC time with milliseconds set to zero. +/// +/// This function is used to normalize timestamps across the KMIP implementation, +/// ensuring consistent time representations without millisecond precision. +/// +/// # Returns +/// +/// Returns the current `OffsetDateTime` with milliseconds set to 0. +/// +/// # Errors +/// +/// Returns a `KmipError::Default` if the millisecond replacement fails. +fn time_normalize() -> Result { + OffsetDateTime::now_utc() + .replace_millisecond(0) + .map_err(|e| XksErrorReply { + errorName: XksErrorName::InternalException, + errorMessage: Some(format!("Failed to normalize time: {e}")), + }) +} + +/// Request Payload Parameters: The HTTP body of the request contains the requestMetadata. +#[derive(Serialize, Deserialize, Debug, Clone)] +#[allow(non_snake_case)] +#[allow(dead_code)] +pub(crate) struct RequestMetadata { + /// This is the ARN of the principal that invoked KMS `CreateKey` (see aws:PrincipalArn). + /// When the caller is another AWS service, this field will contain either + /// the service principal ending in amazonaws.com, such as ec2.amazonaws.com or + /// "AWS Internal". This field is REQUIRED. + pub awsPrincipalArn: String, + /// This field is OPTIONAL. It is present if and only if the KMS API request was made using + /// a VPC endpoint. + /// When present, this field indicates the VPC where the request originated (see aws:SourceVpc). + pub awsSourceVpc: Option, + /// This field is OPTIONAL. It is present if and only if the KMS API request was made using + /// a VPC endpoint. + /// When present, this field indicates the VPC endpoint used for the request (see aws:SourceVpce) + pub awsSourceVpce: Option, + /// This is the KMS API call that resulted in the XKS Proxy API request, + /// e.g. `CreateKey` can result in a `GetKeyMetadata` call. This field is REQUIRED. + /// The XKS Proxy MUST NOT reject a request as invalid if it sees a kmsOperation + /// other than those listed for this API call. + /// In the future, KMS may introduce a new API that can be satisfied + /// by calling one of the XKS APIs listed in this document. + /// For proxies that implement secondary authorization, + /// it is acceptable for XKS API requests made as part of the new KMS API to fail authorization. + /// It is easier for a customer to update their XKS Proxy authorization policy + /// than to update their XKS Proxy software. + pub kmsOperation: String, + /// This is the requestId of the call made to KMS which is visible in AWS `CloudTrail`. + /// The XKS proxy SHOULD log this field to allow a customer + /// to correlate AWS `CloudTrail` entries with log entries in the XKS Proxy. + /// This field typically follows the format for UUIDs + /// but the XKS Proxy MUST treat this as an opaque string + /// and MUST NOT perform any validation on its structure. + /// This field is REQUIRED. + pub kmsRequestId: String, +} + +/// The HTTP body of the request contains requestMetadata fields +/// that provide additional context on the request being made. +/// This information is helpful for auditing and for implementing +/// an optional secondary layer of authorization at the XKS Proxy +/// (see a later section on Authorization). +/// There is no expectation for the XKS Proxy to validate any information +/// included in the requestMetadata beyond validating the signature +/// that covers the entire request payload. +/// +/// Example: +/// ```json +/// { +/// "requestMetadata": { +/// "awsPrincipalArn": "arn:aws:iam::123456789012:user/Alice", +/// "kmsOperation": "CreateKey", +/// "kmsRequestId": "4112f4d6-db54-4af4-ae30-c55a22a8dfae" +/// } +/// } +/// ``` +#[derive(Deserialize, Debug, Serialize)] +#[allow(non_snake_case)] +pub(crate) struct GetKeyMetadataRequest { + pub requestMetadata: RequestMetadata, +} + +// Defined per XKS Proxy API spec. +#[derive(Serialize, Debug, PartialEq, Deserialize)] +#[allow(clippy::upper_case_acronyms)] +pub(crate) enum KeyUsage { + ENCRYPT, + DECRYPT, + SIGN, + VERIFY, + WRAP, + UNWRAP, +} + +/// The HTTP response body contains the keySpec, keyUsage, and keyStatus fields. +/// ```json +/// { +/// "keySpec": "AES_256", +/// "keyUsage": ["ENCRYPT", "DECRYPT"], +/// "keyStatus": "ENABLED" +/// } +/// ``` +#[derive(Serialize, Default, Deserialize)] +#[allow(non_snake_case)] +pub(crate) struct GetKeyMetadataResponse { + /// Specifies the type of external key. + /// This field is REQUIRED. + /// The XKS Proxy must use the string `AES_256` to indicate a 256-bit AES key. + pub keySpec: String, + /// Specifies an array of cryptographic operations for which external key can be used. + /// This field is REQUIRED. + /// The XKS Proxy must use the strings ENCRYPT and DECRYPT (all uppercase) + /// to indicate when an external key supports encrypt and decrypt operations, respectively. + /// The XKS Proxy response MAY include additional values supported by that external key, + /// e.g. PKCS11-based HSMs additionally support DERIVE, SIGN, VERIFY, WRAP, UNWRAP. + /// The response MUST NOT contain more than ten keyUsage values. + pub keyUsage: Vec, + /// Specifies the state of the external key. + /// The supported values are ENABLED and DISABLED. This field is REQUIRED. + /// If neither the external key manager nor the XKS Proxy support disabling individual keys, + /// the XKS Proxy MUST return ENABLED for this field. + pub keyStatus: String, +} + +#[post("/kms/xks/v1/keys/{key_id}/metadata")] +pub(crate) async fn get_key_metadata( + req_http: HttpRequest, + key_id: Path, + request: Json, + kms: Data>, +) -> HttpResponse { + let request = request.into_inner(); + let key_id = key_id.into_inner(); + info!( + "POST /kms/xks/v1/keys/{key_id}/metadata - operation: {} - id: {} - user: {}", + request.requestMetadata.kmsOperation, + request.requestMetadata.kmsRequestId, + request.requestMetadata.awsPrincipalArn + ); + debug!("get metadata request: {:?}", request.requestMetadata); + let kms = kms.into_inner(); + let response = match request.requestMetadata.kmsOperation.as_str() { + "GetKeyMetadata" | "DescribeKey" => get_key_metadata_inner(req_http, request, key_id, &kms) + .await + .map(Json), + "CreateKey" => create_key(req_http, request, key_id, &kms).await.map(Json), + x => Err(XksErrorReply { + errorName: XksErrorName::UnsupportedOperationException, + errorMessage: Some(format!("Unsupported kmsOperation: {x}")), + }), + }; + match response { + Ok(wrap_response) => HttpResponse::Ok().json(wrap_response), + Err(e) => HttpResponse::from_error(e), + } +} + +async fn get_key_metadata_inner( + _req_http: HttpRequest, + request: GetKeyMetadataRequest, + key_id: String, + kms: &Arc, +) -> Result { + let user = request.requestMetadata.awsPrincipalArn; + + let response = kms + .get_attributes( + GetAttributes { + unique_identifier: Some(UniqueIdentifier::TextString(key_id)), + attribute_reference: None, + }, + &user, + ) + .await + .map_err(|e| XksErrorReply { + errorName: XksErrorName::KeyNotFoundException, + errorMessage: Some(e.to_string()), + })?; + let cryptographic_algorithm = + response + .attributes + .cryptographic_algorithm + .ok_or_else(|| XksErrorReply { + errorName: XksErrorName::InternalException, + errorMessage: Some("No cryptographic algorithm found".to_owned()), + })?; + let key_size = response + .attributes + .cryptographic_length + .ok_or_else(|| XksErrorReply { + errorName: XksErrorName::InternalException, + errorMessage: Some("No cryptographic length found".to_owned()), + })?; + let (key_spec, key_usage) = match cryptographic_algorithm { + CryptographicAlgorithm::AES => ( + format!("AES_{key_size}"), + vec![ + KeyUsage::ENCRYPT, + KeyUsage::DECRYPT, + KeyUsage::WRAP, + KeyUsage::UNWRAP, + ], + ), + CryptographicAlgorithm::RSA => { + let key_spec = format!("RSA_{key_size}"); + if response.attributes.get_tags().contains("_sk") { + // a private key + ( + key_spec, + vec![KeyUsage::DECRYPT, KeyUsage::SIGN, KeyUsage::UNWRAP], + ) + } else { + ( + key_spec, + vec![KeyUsage::ENCRYPT, KeyUsage::VERIFY, KeyUsage::WRAP], + ) + } + } + xc => { + return Err(XksErrorReply { + errorName: XksErrorName::UnsupportedOperationException, + errorMessage: Some(format!("Unsupported cryptographic algorithm: {xc:?}")), + }); + } + }; + + let key_status = "ENABLED".to_owned(); + Ok(GetKeyMetadataResponse { + keySpec: key_spec, + keyUsage: key_usage, + keyStatus: key_status, + }) +} + +async fn create_key( + _req_http: HttpRequest, + request: GetKeyMetadataRequest, + key_id: String, + kms: &Arc, +) -> Result { + let aws_user = request.requestMetadata.awsPrincipalArn; + let uid = UniqueIdentifier::TextString(key_id); + // Set the activation date in the past to have the key immediately active + let activation_date = time_normalize().map_err(|e| XksErrorReply { + errorName: XksErrorName::InternalException, + errorMessage: Some(format!("Failed to get current time: {e}")), + })? - time::Duration::minutes(1); + + let mut attributes = Attributes { + cryptographic_algorithm: Some(CryptographicAlgorithm::AES), + cryptographic_length: Some(256), + cryptographic_usage_mask: Some( + CryptographicUsageMask::Encrypt + | CryptographicUsageMask::Decrypt + | CryptographicUsageMask::WrapKey + | CryptographicUsageMask::UnwrapKey, + ), + key_format_type: Some(KeyFormatType::TransparentSymmetricKey), + object_type: Some(ObjectType::SymmetricKey), + unique_identifier: Some(uid.clone()), + activation_date: Some(activation_date), + ..Attributes::default() + }; + attributes + .set_tags(["aws-xks"]) + .map_err(|e| XksErrorReply { + errorName: XksErrorName::InternalException, + errorMessage: Some(format!("Failed to set tags: {e}")), + })?; + let create = Create { + object_type: ObjectType::SymmetricKey, + attributes, + protection_storage_masks: None, + }; + + if let Err(e) = kms.create(create, &kms.params.default_username, None).await { + // If the key already exists, ignore the creation error (idempotent CreateKey). + let get_att_response = kms + .get_attributes( + GetAttributes { + unique_identifier: Some(uid.clone()), + attribute_reference: None, + }, + &kms.params.default_username, + ) + .await + .map_err(|e| XksErrorReply { + errorName: XksErrorName::InternalException, + errorMessage: Some(format!("Failed to check prior existence of key {uid}: {e}")), + })?; + if get_att_response.attributes.object_type == Some(ObjectType::SymmetricKey) { + warn!("AWS XKS create: key {uid} already exists (ignoring creation)."); + } else { + return Err(XksErrorReply { + errorName: XksErrorName::InternalException, + errorMessage: Some(format!("Failed to create XKS key {uid}: {e}")), + }); + } + } else { + // Grant Encrypt and Decrypt usage for the created key to the AWS user + kms.grant_access( + &Access { + unique_identifier: Some(uid.clone()), + user_id: aws_user.clone(), + operation_types: vec![ + KmipOperation::Encrypt, + KmipOperation::Decrypt, + KmipOperation::GetAttributes, + ], + }, + &kms.params.default_username, + None, + ) + .await + .map_err(|e| XksErrorReply { + errorName: XksErrorName::InternalException, + errorMessage: Some(format!( + "Failed to grant access to key {uid}, to user {aws_user}: {e}" + )), + })?; + } + + // Return the key metadata + let key_spec = "AES_256".to_owned(); + let key_usage = vec![ + KeyUsage::ENCRYPT, + KeyUsage::DECRYPT, + KeyUsage::WRAP, + KeyUsage::UNWRAP, + ]; + let key_status = "ENABLED".to_owned(); + Ok(GetKeyMetadataResponse { + keySpec: key_spec, + keyUsage: key_usage, + keyStatus: key_status, + }) +} diff --git a/crate/server/src/routes/aws_xks/mod.rs b/crate/server/src/routes/aws_xks/mod.rs new file mode 100644 index 0000000000..3812ec7a1c --- /dev/null +++ b/crate/server/src/routes/aws_xks/mod.rs @@ -0,0 +1,44 @@ +mod aws_xks_config; +mod encrypt_decrypt; +mod error; +mod health_status; +mod key_metadata; +mod sigv4_middleware; + +pub use aws_xks_config::AwsXksConfig; +pub(crate) use encrypt_decrypt::{decrypt, encrypt}; +pub(crate) use error::{xks_json_error_handler, xks_path_not_found_handler}; +pub(crate) use health_status::get_health_status; +pub(crate) use key_metadata::get_key_metadata; +pub use sigv4_middleware::Sigv4MWare; + +use crate::{error::KmsError, result::KResultHelper}; + +#[derive(Debug, Clone)] +pub struct AwsXksParams { + pub region: String, + pub service: String, + pub sigv4_access_key_id: String, + pub sigv4_secret_access_key: String, +} + +impl TryFrom for AwsXksParams { + type Error = KmsError; + + fn try_from(config: AwsXksConfig) -> Result { + Ok(Self { + region: config + .aws_xks_region + .context("AWS XKS region is required")?, + service: config + .aws_xks_service + .context("AWS XKS service is required")?, + sigv4_access_key_id: config + .aws_xks_sigv4_access_key_id + .context("AWS XKS SigV4 access key ID is required")?, + sigv4_secret_access_key: config + .aws_xks_sigv4_secret_access_key + .context("AWS XKS SigV4 secret access key is required")?, + }) + } +} diff --git a/crate/server/src/routes/aws_xks/sigv4_middleware.rs b/crate/server/src/routes/aws_xks/sigv4_middleware.rs new file mode 100644 index 0000000000..e1f4d79662 --- /dev/null +++ b/crate/server/src/routes/aws_xks/sigv4_middleware.rs @@ -0,0 +1,318 @@ +//! API Token Authentication Middleware +//! +//! This module contains the middleware implementation for API token-based authentication. +//! It provides a separate authentication pipeline that can be used independently of +//! other authentication methods. +//! +//! Authentication: +//! Proxy Impl: +//! Testing client: + +use std::{ + pin::Pin, + rc::Rc, + sync::Arc, + task::{Context, Poll}, +}; + +use actix_web::{ + Error, + body::{BoxBody, EitherBody}, + dev::{Payload, Service, ServiceRequest, ServiceResponse, Transform}, + error::InternalError, + http::StatusCode, +}; +use chrono::Duration; +use cosmian_kms_server_database::reexport::cosmian_kmip::kmip_2_1::{ + kmip_operations::Get, + kmip_types::{KeyFormatType, UniqueIdentifier}, +}; +use cosmian_logger::debug; +use futures::{ + Future, StreamExt, + future::{Ready, err, ok}, +}; +use scratchstack_aws_signature::{ + Request as Sigv4Request, SigningKey, SigningKeyKind::KSecret, sigv4_verify, +}; +use zeroize::Zeroizing; + +use crate::{ + core::KMS, + routes::aws_xks::error::{XksErrorName, XksErrorReply}, +}; + +/// `Sigv4MWare` is an Actix web middleware that handles AWS Signature Version 4 (sigv4) protocol. +/// +/// In Actix web, middlewares consist of two parts: +/// 1. A transformer (this struct), which is used during service configuration +/// 2. A middleware service that processes each request +/// +/// This transformer is responsible for creating the middleware service with the necessary +/// configuration for API token authentication. +#[derive(Clone)] +pub struct Sigv4MWare { + /// Reference to the KMS server for API token authentication + kms_server: Arc, +} + +impl Sigv4MWare { + /// Creates a new `Sigv4MWare` with the given KMS server + /// + /// # Parameters + /// * `kms_server` - The KMS server instance used for API token validation + #[must_use] + pub const fn new(kms_server: Arc) -> Self { + Self { kms_server } + } +} + +/// Implementation of the Transform trait, which is how Actix registers middleware +/// +/// This trait defines how to create a new middleware service (`Sigv4Service`) from the +/// transformer. The middleware will be part of the Actix service pipeline. +impl Transform for Sigv4MWare +where + S: Service, Error = Error> + 'static, + S::Future: 'static, +{ + type Error = Error; + type Future = Ready>; + type InitError = (); + type Response = ServiceResponse>; + type Transform = Sigv4Service; + + /// Creates a new instance of the `Sigv4Service` service + /// + /// This is called once during application startup for each service + /// that this middleware wraps. It passes the necessary configuration + /// to the `Sigv4Service`. + fn new_transform(&self, service: S) -> Self::Future { + if self.kms_server.params.aws_xks_params.is_none() { + tracing::error!( + "AWS XKS Sigv4 middleware should not be enabled if the aws_xks_params are not set" + ); + return err(()); + } + ok(Sigv4Service { + service: Rc::new(service), + kms_server: self.kms_server.clone(), + }) + } +} + +/// `Sigv4Service` is the actual middleware service that processes each request +/// +/// This middleware validates API tokens for each incoming request. +pub struct Sigv4Service +where + S: Service, Error = Error> + 'static, + S::Future: 'static, +{ + /// The next service in the middleware chain + service: Rc, + /// Reference to the KMS server for API token authentication + kms_server: Arc, +} + +/// Implementation of the Service trait, which defines how requests are processed +/// +/// This is where the actual API token authentication logic happens for each incoming request. +impl Service for Sigv4Service +where + S: Service, Error = Error> + 'static, + S::Future: 'static, +{ + type Error = Error; + type Future = Pin>>>; + type Response = ServiceResponse>; + + /// Checks if the middleware is ready to process a request + /// + /// This forwards the readiness check to the wrapped service. + fn poll_ready(&self, ctx: &mut Context) -> Poll> { + self.service.poll_ready(ctx) + } + + /// Processes each request by checking the signature v4 + fn call(&self, req: ServiceRequest) -> Self::Future { + let service = self.service.clone(); + let kms_server = self.kms_server.clone(); + + Box::pin(async move { + let params = kms_server.params.aws_xks_params.clone().ok_or_else(|| + actix_web::error::ErrorInternalServerError( + "AWS XKS Sigv4 middleware should not be enabled if the aws_xks_params are not set", + ) + )?; + let access_key_id = params.sigv4_access_key_id; + let access_key = params.sigv4_secret_access_key; + + let (actix_web_http_request, body): (actix_web::HttpRequest, actix_web::dev::Payload) = + req.into_parts(); + + let body_as_bytes = body + .map(Result::unwrap_or_default) + .fold(Vec::new(), |mut acc, chunk| async move { + acc.extend_from_slice(&chunk); + acc + }) + .await; + + let http_request = to_http_request(&actix_web_http_request, &body_as_bytes)?; + let (parts, body) = http_request.into_parts(); + // let body_as_bytes: Option = hyper::body::to_bytes(body).await.ok(); + // let body_as_vec_u8: Option> = + // body_as_bytes.as_ref().map(|bytes| bytes.to_vec()); + let sigv4_req = Sigv4Request::from_http_request_parts(&parts, Some(body)); + let gsk_req = sigv4_req + .to_get_signing_key_request( + KSecret, + params.region.as_str(), + params.service.as_str(), + ) + .map_err(|signature_err| { + actix_web::error::ErrorUnauthorized(signature_err.to_string()) + })?; + + if access_key_id != gsk_req.access_key { + let err: Self::Error = XksErrorReply { + errorName: XksErrorName::AuthenticationFailedException, + errorMessage: Some(format!("Access key id {} not found", gsk_req.access_key)), + } + .into(); + return Err(err); + } + + let signing_key = SigningKey { + kind: KSecret, + key: access_key.as_bytes().to_vec(), + }; + let allowed_mismatch = Some(Duration::minutes(5)); + if let Err(signature_error) = sigv4_verify( + &sigv4_req, + &signing_key, + allowed_mismatch, + params.region.as_str(), + params.service.as_str(), + ) { + tracing::warn!("SigV4 failure: {signature_error}"); + let err: Self::Error = XksErrorReply { + errorName: XksErrorName::AuthenticationFailedException, + errorMessage: Some(format!( + "Signature v4 verification failed: {signature_error}", + )), + } + .into(); + return Err(err); + } + + // rebuild request with body_as_bytes and forward to next service + let req = + ServiceRequest::from_parts(actix_web_http_request, Payload::from(body_as_bytes)); + let res = service.call(req).await?; + Ok(res.map_into_left_body()) + }) + } +} + +fn to_http_request( + actix_req: &actix_web::HttpRequest, + body: &[u8], +) -> Result>, actix_web::error::Error> { + let method: http::Method = actix_req.method().as_str().parse().map_err(|e| { + actix_web::error::ErrorBadRequest(format!( + "Failed to parse HTTP method for Sigv4 validation: {e:?}" + )) + })?; + let uri: http::Uri = actix_req.uri().to_string().parse().map_err(|e| { + actix_web::error::ErrorBadRequest(format!( + "Failed to parse HTTP URI for Sigv4 validation: {e:?}" + )) + })?; + let version: http::Version = match actix_req.version() { + actix_web::http::Version::HTTP_09 => http::Version::HTTP_09, + actix_web::http::Version::HTTP_10 => http::Version::HTTP_10, + actix_web::http::Version::HTTP_2 => http::Version::HTTP_2, + actix_web::http::Version::HTTP_3 => http::Version::HTTP_3, + _ => http::Version::HTTP_11, + }; + + let mut http_request_builder = http::request::Builder::new() + .method(method) + .uri(uri) + .version(version); + + // If using the HTTP/2, the host header is missing in the request and must be added manually + // for the signature to match + let mut host_header_available = false; + for (header_name, header_value) in actix_req.headers() { + if header_name.as_str() == http::header::HOST.as_str() { + host_header_available = true; + } + http_request_builder = + http_request_builder.header(header_name.as_str(), header_value.as_bytes()); + } + if !host_header_available { + debug!( + "Sigv4 Middleware - Adding missing HOST header: {}", + actix_req.connection_info().host() + ); + http_request_builder = http_request_builder.header( + http::header::HOST, + actix_req.connection_info().host().as_bytes(), + ); + } + // http_request_builder = + // http_request_builder.header(http::header::HOST, "localhost:9998".as_bytes()); + + let http_request = http_request_builder.body(body.to_vec()).map_err(|e| { + actix_web::error::ErrorBadRequest(format!( + "Failed to rebuild request for Sigv4 validation: {e:?}" + )) + })?; + + Ok(http_request) +} + +/// Retrieves the AWS XKS sigv4 signing key from the KMS server +#[allow(dead_code)] +async fn get_aws_key( + kms_server: &Arc, + sigv4_access_key_id: &str, + sigv4_access_key_user: &str, +) -> Result>, actix_web::error::InternalError> { + kms_server + .get( + Get { + unique_identifier: Some(UniqueIdentifier::TextString( + sigv4_access_key_id.to_owned(), + )), + key_format_type: Some(KeyFormatType::Raw), + ..Default::default() + }, + sigv4_access_key_user, + ) + .await + .map_err(|e| { + InternalError::new( + format!("Failed to get AWS XKS sigv4 key from KMS: {e:?}"), + StatusCode::INTERNAL_SERVER_ERROR, + ) + })? + .object + .key_block() + .map_err(|e| { + InternalError::new( + format!("Failed to get AWS XKS sigv4 key block from KMS: {e:?}"), + StatusCode::INTERNAL_SERVER_ERROR, + ) + })? + .secret_data_bytes() + .map_err(|e| { + InternalError::new( + format!("Failed to get AWS XKS sigv4 key bytes from KMS: {e:?}"), + StatusCode::INTERNAL_SERVER_ERROR, + ) + }) +} diff --git a/crate/server/src/routes/mod.rs b/crate/server/src/routes/mod.rs index c21cfb77dd..a74252554e 100644 --- a/crate/server/src/routes/mod.rs +++ b/crate/server/src/routes/mod.rs @@ -18,6 +18,7 @@ const CLI_ARCHIVE_FOLDER: &str = "./resources"; const CLI_ARCHIVE_FILE_NAME: &str = "cli.zip"; pub mod access; +pub mod aws_xks; pub mod google_cse; pub mod health; pub mod kmip; diff --git a/crate/server/src/socket_server.rs b/crate/server/src/socket_server.rs index f0aea86c11..07183f00ee 100644 --- a/crate/server/src/socket_server.rs +++ b/crate/server/src/socket_server.rs @@ -28,13 +28,10 @@ pub struct SocketServerParams<'a> { pub port: u16, /// Server certificate and private key (PKCS#12 format) - non-fips #[cfg(feature = "non-fips")] - pub p12: &'a openssl::pkcs12::ParsedPkcs12_2, + pub p12: Option<&'a openssl::pkcs12::ParsedPkcs12_2>, /// Server certificate and private key (PEM) - FIPS mode - #[cfg(not(feature = "non-fips"))] pub server_cert_pem: &'a [u8], - #[cfg(not(feature = "non-fips"))] pub server_key_pem: &'a [u8], - #[cfg(not(feature = "non-fips"))] pub server_chain_pem: Option<&'a [u8]>, /// Client CA certificate (PEM format, X509) pub client_ca_cert_pem: &'a [u8], @@ -56,28 +53,17 @@ impl<'a> TryFrom<&'a ServerParams> for SocketServerParams<'a> { "The Socket server cannot be started: Client CA certificate is not set".to_owned(), )); }; - #[cfg(feature = "non-fips")] - { - Ok(Self { - host: params.socket_server_hostname.clone(), - port: params.socket_server_port, - p12: &tls_params.p12, - client_ca_cert_pem, - cipher_suites: tls_params.cipher_suites.as_ref(), - }) - } - #[cfg(not(feature = "non-fips"))] - { - Ok(Self { - host: params.socket_server_hostname.clone(), - port: params.socket_server_port, - server_cert_pem: &tls_params.server_cert_pem, - server_key_pem: &tls_params.server_key_pem, - server_chain_pem: tls_params.server_chain_pem.as_deref(), - client_ca_cert_pem, - cipher_suites: tls_params.cipher_suites.as_ref(), - }) - } + Ok(Self { + host: params.socket_server_hostname.clone(), + port: params.socket_server_port, + #[cfg(feature = "non-fips")] + p12: tls_params.p12.as_ref(), + client_ca_cert_pem, + cipher_suites: tls_params.cipher_suites.as_ref(), + server_cert_pem: &tls_params.server_cert_pem, + server_key_pem: &tls_params.server_key_pem, + server_chain_pem: tls_params.server_chain_pem.as_deref(), + }) } } @@ -426,25 +412,14 @@ pub(crate) fn create_openssl_acceptor(server_config: &SocketServerParams) -> KRe trace!("Creating OpenSSL SslAcceptor for socket server"); // Use the common TLS configuration - let tls_config = { + let tls_config = TlsConfig { #[cfg(feature = "non-fips")] - { - TlsConfig { - cipher_suites: server_config.cipher_suites.map(std::string::String::as_str), - p12: server_config.p12, - client_ca_cert_pem: Some(server_config.client_ca_cert_pem), - } - } - #[cfg(not(feature = "non-fips"))] - { - TlsConfig { - cipher_suites: server_config.cipher_suites.map(std::string::String::as_str), - server_cert_pem: server_config.server_cert_pem, - server_key_pem: server_config.server_key_pem, - server_chain_pem: server_config.server_chain_pem, - client_ca_cert_pem: Some(server_config.client_ca_cert_pem), - } - } + p12: server_config.p12, + cipher_suites: server_config.cipher_suites.map(std::string::String::as_str), + server_cert_pem: server_config.server_cert_pem, + server_key_pem: server_config.server_key_pem, + server_chain_pem: server_config.server_chain_pem, + client_ca_cert_pem: Some(server_config.client_ca_cert_pem), }; let mut builder = create_base_openssl_acceptor(&tls_config, "socket server")?; diff --git a/crate/server/src/start_kms_server.rs b/crate/server/src/start_kms_server.rs index d11f8d28de..7a05b36203 100644 --- a/crate/server/src/start_kms_server.rs +++ b/crate/server/src/start_kms_server.rs @@ -55,7 +55,9 @@ use crate::{ }, result::{KResult, KResultHelper}, routes::{ - access, cli_archive_download, cli_archive_exists, get_version, + access, + aws_xks::{self}, + cli_archive_download, cli_archive_exists, get_version, google_cse::{self, GoogleCseConfig}, health, kmip::{self, handle_ttlv_bytes}, @@ -679,6 +681,9 @@ pub async fn prepare_kms_server(kms_server: Arc) -> KResult> = kms_server.params.privileged_users.clone(); // Compute the public URL first so we can use it to derive the session key @@ -756,6 +761,21 @@ pub async fn prepare_kms_server(kms_server: Arc) -> KResult KResult) -> ClapConf "../../test_data/certificates/client_server/ca/ca.crt", )), tls_cipher_suites: None, + ..Default::default() }; ClapConfig { diff --git a/crate/server/src/tests/ttlv_tests/config.rs b/crate/server/src/tests/ttlv_tests/config.rs index efce2fc3a1..3c89abffbf 100644 --- a/crate/server/src/tests/ttlv_tests/config.rs +++ b/crate/server/src/tests/ttlv_tests/config.rs @@ -29,9 +29,12 @@ fn load_test_config() -> SocketServerParams<'static> { SocketServerParams { host: TEST_HOST.to_owned(), port: 11117, - p12: &TEST_P12, + p12: Some(&TEST_P12), client_ca_cert_pem: &TEST_CLIENT_CA_CERT_PEM, cipher_suites: None, + server_cert_pem: &[], + server_key_pem: &[], + server_chain_pem: None, } } diff --git a/crate/server/src/tls_config.rs b/crate/server/src/tls_config.rs index 370cf62426..4c7b4cf652 100644 --- a/crate/server/src/tls_config.rs +++ b/crate/server/src/tls_config.rs @@ -1,9 +1,8 @@ use cosmian_logger::trace; #[cfg(feature = "non-fips")] use openssl::pkcs12::ParsedPkcs12_2; -#[cfg(not(feature = "non-fips"))] -use openssl::pkey::PKey; use openssl::{ + pkey::PKey, ssl::{SslAcceptor, SslAcceptorBuilder, SslMethod, SslVerifyMode, SslVersion}, x509::{X509, store::X509StoreBuilder}, }; @@ -22,12 +21,9 @@ const TLS13_CIPHER_SUITES: &[&str] = &[ pub struct TlsConfig<'a> { pub cipher_suites: Option<&'a str>, #[cfg(feature = "non-fips")] - pub p12: &'a ParsedPkcs12_2, - #[cfg(not(feature = "non-fips"))] + pub p12: Option<&'a ParsedPkcs12_2>, pub server_cert_pem: &'a [u8], - #[cfg(not(feature = "non-fips"))] pub server_key_pem: &'a [u8], - #[cfg(not(feature = "non-fips"))] pub server_chain_pem: Option<&'a [u8]>, pub client_ca_cert_pem: Option<&'a [u8]>, } @@ -61,18 +57,18 @@ pub(crate) fn create_base_openssl_acceptor( // Configure the server certificate and private key #[cfg(feature = "non-fips")] { - configure_server_certificate_p12(&mut builder, config.p12, server_type)?; - } - #[cfg(not(feature = "non-fips"))] - { - configure_server_certificate_pem( - &mut builder, - config.server_cert_pem, - config.server_key_pem, - config.server_chain_pem, - server_type, - )?; + if let Some(p12) = config.p12 { + configure_server_certificate_p12(&mut builder, p12, server_type)?; + return Ok(builder); + } } + configure_server_certificate_pem( + &mut builder, + config.server_cert_pem, + config.server_key_pem, + config.server_chain_pem, + server_type, + )?; Ok(builder) } @@ -156,7 +152,6 @@ fn configure_server_certificate_p12( } /// Configure server certificate and private key from PEM files (FIPS mode) -#[cfg(not(feature = "non-fips"))] fn configure_server_certificate_pem( builder: &mut SslAcceptorBuilder, cert_pem: &[u8], diff --git a/crate/test_kms_server/src/lib.rs b/crate/test_kms_server/src/lib.rs index 8df73f452f..5de0b93e89 100644 --- a/crate/test_kms_server/src/lib.rs +++ b/crate/test_kms_server/src/lib.rs @@ -7,7 +7,8 @@ pub use test_server::{ start_default_test_kms_server_with_non_revocable_key_ids, start_default_test_kms_server_with_privileged_users, start_default_test_kms_server_with_utimaco_and_kek, - start_default_test_kms_server_with_utimaco_hsm, start_test_server_with_options, + start_default_test_kms_server_with_utimaco_hsm, start_test_kms_server_with_config, + start_test_server_with_options, }; mod test_server; diff --git a/crate/test_kms_server/src/test_server.rs b/crate/test_kms_server/src/test_server.rs index 4acd3b7f49..6089f94241 100644 --- a/crate/test_kms_server/src/test_server.rs +++ b/crate/test_kms_server/src/test_server.rs @@ -10,7 +10,7 @@ use std::{ use actix_server::ServerHandle; use cosmian_kms_client::{ GmailApiConf, KmsClient, KmsClientConfig, KmsClientError, - cosmian_kmip::time_normalize, + cosmian_kmip::{KmipResultHelper, time_normalize}, kmip_0::kmip_types::CryptographicUsageMask, kmip_2_1::{ kmip_attributes::Attributes, @@ -189,6 +189,25 @@ fn get_db_config(_port: u16, workspace_dir: Option<&PathBuf>) -> MainDBConfig { ) } +/// Start a test KMS server in a thread with the default options: +/// No TLS, no certificate authentication +/// # Panics +/// - if the server fails to start +pub async fn start_test_kms_server_with_config(config: ClapConfig) -> &'static TestsContext { + trace!("Starting test server with config : {:#?}", config); + ONCE.get_or_try_init(|| async move { + let server_params = ServerParams::try_from(config).context( + "Failed to create ServerParams from ClapConfig in start_default_test_kms_server", + )?; + start_from_server_params(server_params).await + }) + .await + .unwrap_or_else(|e| { + error!("failed to start default test server: {e}"); + std::process::abort(); + }) +} + /// Start a test KMS server in a thread with the default options: /// No TLS, no certificate authentication /// # Panics @@ -780,6 +799,7 @@ fn server_tls_config(mode: TlsMode, server_tls_cipher_suites: Option) -> tls_p12_password: Some("password".to_owned()), clients_ca_cert_file: clients_ca, tls_cipher_suites: server_tls_cipher_suites, + ..Default::default() } } #[cfg(not(feature = "non-fips"))] diff --git a/deny.toml b/deny.toml index debb6c611d..97789d85a6 100644 --- a/deny.toml +++ b/deny.toml @@ -75,6 +75,8 @@ ignore = [ # { id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, # "a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish # { crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" }, + { id = "RUSTSEC-2025-0009", reason = "Pinned to scratchstack-aws-signature 0.10 (Feb 2026) which depends on ring 0.16.x" }, + { id = "RUSTSEC-2025-0010", reason = "Pinned to scratchstack-aws-signature 0.10 (Feb 2026) which depends on ring 0.16.x" }, ] # If this is true, then cargo deny will use the git executable to fetch advisory database. # If this is false, then it uses a built-in git library. @@ -94,6 +96,7 @@ allow = [ "Apache-2.0", "Apache-2.0 WITH LLVM-exception", "ISC", + "OpenSSL", "Zlib", "BSD-2-Clause", "BSD-3-Clause", diff --git a/documentation/docs/aws/1_configure_key.png b/documentation/docs/aws/1_configure_key.png new file mode 100644 index 0000000000000000000000000000000000000000..90ee93b73c37190a030915f3f059656851786a62 GIT binary patch literal 188305 zcmeFZXH-*NyDn^3RNxUrq<0XIB2_wyNH0>Qi$LhThAJo^pn&uM0a1Dhy@n=;v=F2Q z2%$&`H3*?Y;9I_DKi?kb4AJxN{MmmpGO||In)9CXuGe+X2u*bb;_KAc&z(C*tfcrv z>)g4kg6Ga%6ux!^_+^`WlJnfT^NO}|a+*qVa*Ud8&LCR{t8?e>eF%vC!u{IyZl_F| zt$^|~+U&jTVSYYWR|s1|`$SjQ0tP-lEYdQymzYolC%0xh4Sp*2P`r*)`Q!rS)#@9o zJB>6VU$v(*G^VF(^RRobTKY5#|2Y@Q)~Sr>vnd!6=GlJ}WBPde!Hbld$ZvB|WV4k) zr9IH>9H;OmgO=&jl3mqNk(`zY=G+R}pP`|1646^e8g-p zs{2ptdJ!~KvkJ2=4c-01uH|Kpfon64(;s+vIGV&h1;!yh33jB|WITJe5_9~7hr!}T z2k)J<`L4N-w*J`62;$YYZJdUknN4l+_U%D6;_QpJ|cEDIdS*8gy|=C)(l5l z)HP~`S^1lc=o5|6%=tp)tZbw_Fv%3xNFMD>d7AaYjHE)7uGSScUL-^qFG>$L0Romi zr}X5Jj?eiu%vB$q4(e~4q;ay039^rg>6T4m3vWOAK*D@4|9KhX7{z7z^YXW7cI_!? z?vycqVh-_$o$|9`dc&IV=1uGc?`8upCCu%|)Tdw^s6Rshn?CLIQ~GEzjniXPD2wUU zxeM1A|MUS?{pdmur{}$T{?b3P=l=9jcHs@g|DV6yB+ICA{U6X`cWr3Y<3BzPcvqXM z^u<39?iyn($K`8+_<3}j{9mVH&YtFMd~ z1B#sb8OX_51cUZRaPIA`fj`zwhSyL2AY#VS>+fh}lot7(Tk<(CslA?0bu!6DT2-&D zLgBkzlP%cZZD;GTGQ6fsnQH1o+^1>f(Rg@Nplw0s$1jz^ZoM2|VDCFWk!O$GILaQ? z_OmqeNnaBtJyq~lLU$jrRi_R`RJN_}_9vy61uRKx5N@+Kldi{+k*+1Y{OqNCl)T#u zV{wJKTY6+^=aGnXP1bI_@;^BcrINZYccf-U#iYi8t43jkUxp7;QQng&m4IYf3{5P% zJZZc?<;hjjSKQAOtbZ!b)#4nfyyLLJ^N^Q;M?7PtX3`W~F1_J*VXu2Xg0FkMU7@>7 z0vA8KCwWhM`fyqvj){NvtODFCLPSE+Jt(FQ;de)72B8%Y%R>e$uV0_7G+mD8OS*;` zE0q(^9jwjmSq=wyD`CW|b2PIa?`HKjsMjt_Hmf;M@xm!qb!uP6@_ zo9fO|u!XDEaHZx1Wn3^%=6z`<@<8I`y1iA<3umuKj5)GiK~twDbx)*^_uWwuTsrrh zliS;48b+=5+TwD!=cD*q5=qw4mPShcUS=$Wv+a?~gUcS#s@U%p{Ter$?{z)>>o`;avS#V@ZHxwd1!Yu79?Z}%b(>bCFQj)B&c_J zpUNvALn^g4AhMheZUfc*!?DcljC9TyOo_#-H?AZ`cKM0wm$iRfAu>zzQ(bfr=WI$# zh^;*lW524J306;7Q6hn}IdtAw5NQOA@ zg~;y4n^P3m?$*BWtC}3hs**fXN%7!sF9~!}x$KvY@BBzg0y&2sqL*;rQHppg#zJbm z&JA6?LrMHulp!+lj&4-X)mpt+_Ve#GqoT-zkajQ zw+Z~@fqSBIje%}PmpM(d%j#S1fwzxXax;A*G#=Xbr3b7E6Pkn#aR*yvO?#ll#&vtj zcwIjW%jLVB#sxSWYO-1K7<0=$Nc^OD(ndOy$}zQ+^z=vBeRP0wb3MGGNniN1t#SI$ zv^rmJ7`7+yxx!R%=i?-LK%c%T_g&Eu&Y3phdXD7UQ9;WMnGz{ZqFikP1`?>x#<>iw ze!RYR*vKH^HA!K)yFS#e&bYP=+0M*o2t3wJ;yKj_BcWooAB83F(1>)`mB&QH#Kib- zjVD*w;zc5&qT(Ao`Qkt9O>s6i=diKPzx6*}*01oM4it0b;)uG#!=>-Nd{54)(exz! zDCT&7$a&OeA;{jcKci`|#NN6d=BGa%H1pB_Wi-0>^py`7tOT#o?{ci2O2C!XiVNYm zOIujXv&_j}u*(I`XB`c$t)@8##d@xaD&s+F^GRt}(W~EA4H_Img`9?Eomw38R|yv9 z&vd!LQEWfkH7XrY;#I|AiOa$mg}o6b>zy$UdO!Xqxr#<9`(^ngjby2-cCiI=y>_wn zOA&S=@06zSZ<M@X8%D`F%L;oTytU7rA)=LM-@`7$4iG3 z=ONW6*^`4c2{)Z|2QPtdZ4n9;;RZ)TtzI*yAy2ridlUJUj4Ntzt+rtFrMwo$w{cmH z%8@PO*hHBa<J#nHI$4-f2B5{64OpLpaiklvwBp4CsP*~@=a z6Bx~#ZPkelK;dLjY}>0t+HqGQ4Vx~C`Ii_-KA>`&EqYNg^irUU8PzE#3|I`X=_)hYtd{ zaY{=RPD-R}*kX}@FD23tMN4A{`)l~+3fDOhx}Q-nJQv=4p-`s=dyL)=&>ONFTI@5k zK`o0=pB=7mDk*e0ZpdXIN0B9%sR1&mTsW)SAY1}|M_1mJ5ex8?w zEiOHRc$HK<wr>IeG4<2uW*&jtMVvWxJx6ZPmq9YL7^YA_52wY?+m$ z#LO`%cG4xt(c`xld1L{3t^kWYq-85 z-`@4i%e@*b7aintV8eDjLEaBT%m}K*{)G(~{U96J!;b}nn3o|2#0=H8`L*lysUodX zKKD%vrR$9r)2i@V+M}LEJ9?7wW@i967wbksVH8AvyEC2lUQfoc#Oiy ztnUVT2C5R%c&ir{g!eolZ=h_jhMRcp&9P~l6ydFmomu)7 z>FFkN=_)svV4fWl2y8-<#v~AnrlzI^!k%gJn|&XN{>4EnZbvpN!lCEFNOER!B&f@f z4&}F%P>>tqUR3MPtTzyS4j$1Ka>!0I`8{z-HiDD| zEGZ-ACOaSMawzE~`tv$=lII0#c#wy25yP;b~^uzgN?A8S*QHmVH4~2Vvc|<(Ii1cQG#~Fgb%c6@0 z;de>+H~LC)AMcWqpXmAf*GigmiB~@!?tGIrK3=f}<}>_yOGu)K8)KsJIc&#rW+z~s z*B#4K*6%x6NzM)@8H(&pNx93ZTakU~YMOa8mM<Ox!S4RkpDy!n&^ zDQTzmYU`KRHJO-PLyxsOEF16W=J?2ic1$&2%OTPUH$F#gi_T3n@j@ks)$s5+vlpR? zMcWsh{*jSU(8QEI3J~;ga`n!8NprUCN`51|QlM91q>)j@j!vKBqtWGkSvYjO=8{R5 zyH-o#XK0($Xxjyjfr$Q;6U@%lqggqIboPC(ED$akKKhQR_X(mjv)!FEH8SwYGGD}I z23dqdMrJ`0o-45vwnHZRd5y^!g>Y#{$1w6fhawZC%BZ9^263LsF8t0&WOsdx&Ie?! zfFL+3+A|w$6`9GfGBT9?cFHu=amRd%Ah=~%bf?<(Zh;)i4qlTLQ}V8gkGGAKu0a=j zYoz~4l-(5U)n;)zsUQZb$4$?W=K3`dBy>D9YXnu3^KcYT2HEvt2=t{yJK? zopd!l%^4{H3JUj-?z>@2c?d3jK5%PzMc5`0B)gzY)sQ|mgq>!vUV2{e^75t-MTWS{ z;ub}b!%mJ@?noN7OD^gqatFMKpwf>m2v{*rr?M5_E~(5x>7$Ay#`)cMQa!br8(XA` zRg$@(;rMrFX6LQ)l=)4CzSQnw~YeU($SjWMZQ&a<{y-tr>#F!b5SMMHH>Uug$?5)V4Y2^l2NW>e9Ds#MB4#x*)9R!EA z4G%^5n8c?So6JJTzGDp33`cItNb(Hue~CC6$qK5r(+{h=Q36={;Tf2|GQS(H3l6ZP)trCZ;J{JMU%o^YY>L5^higA_n`e zeMZ6t14hLJtdD<2AqalW!!TVrSVIMrZfexTOs!9|hPncWsWl^^y;*?@lJC8BaIBC((mRNA-XuZMH&N|-+qn}3a_rR!`SdhYMKQYIu7SivsmF`lHev^vqsr>q4 zLB+T0Gb%x;k*m8xZ`M}+r3$&0Z73R!j~UO>>)duhY@}FXZ#H*Dzvu*W(FInUl)Uuv z8A6uQm&v`c>nI?xF6}m&R9-q8e1kV#3n@Z7 zq8>h$f~q`2cjg*ubN^EcGy9b&n=gh-a%vp^!$o~p=18Ru!?Ags3{;%WC8$Z;byG5yWotXUsmcwnTk+I8H&$Edz`2 zpo6*FMH4txuLQVsk;pZUOh)NR+3gh8Y~%FbpH7gmv8dh~hZn^7H{Wj?sfAyrz z&R4I z5zk(&SU4RAKj4rQm7l0_WP^&=B!f?nxs7U^;uREPDoAx3G0@Mwofv z{1bmgy&Wn^y+;gz?7BslveC(51$3o$d_j=!y00hoN({%2lqUIl&#s9Ys|E*OJnZ6Y zK_)FvBV+9wJe5ShPnNsaV)RRuVwzHT>dMsL5UpNP76toD(LJCj$8 ziMa2dG$|Shu6nY5i=_#%#LG~l&Gn#Y^oks2O~0-Erm)e|FbMc^JfIp9HyoZ2+MM58CY>`gMvPTK9Cvfp*e}hfCrSs`f!zSKKF1V zc5=`2Ek>c=^K_(H1fg2gavREKm}UN11lli9y{lL&z#jX)g1&*!;GP-rjzqA?J>TxK zCDhfg*gF0dGnrk;V@K+Q6Z~@u$WQya`xrWwb$h?4JGFNCFrKEPk^1KnEe+Eo2S>qF zCv|FlFJX+sUNei~ddycLvhHog{1O|>d7!beDd(#ZdY{CLo(WfZg+b)iVvEf8P~6Ox zK%@!FsMgx)6y|WWDdqMP=47g^m1)6LTU@zQafA;XnmMmkQ(WpVGiNP9yS6zO9r>JC zxH@OouLQ3yEq2HRo-5gt$950D&`Kk@QBEaq%?YEo*>kd}M=IC?C6SGQNkh~2rHJ8*+u8j&=*>dM!+ z-O#u>5w*NKl7mkaK@2ySiUi*yK075(zx{oq!n4!{*AbyN%21oWjSF zR;%vVAcG;enXu^4gGlGiY#cIB5MTVrz6@MSt;6*rHF+3({GNe6Zd&wdcSP+9>wz(A zio3IfzoA_+_sh27;-(hLBRp&*rBmaH;(^=A51{IT$2GRh_bbHES5iQ%{8dzz2eGG& zk4_;HK0jjWD_gIY<;{OaUR zbwDRC*lDo0h8aH;GgTwE$S#wC`hylb1iQ|0bRS=iTC)wC66(^k9jz};3Mg^6T=`yM z*i=vw#fgLnxu%;m$1>n4?+XT0t5ina429Uz_l4cQaC!oNA`V1iFQvGzhrJ4mB~1|% zD$SpDy!fKTci7y*jKSEnidm?%Dlzy$1t{oUN!SS3qI0L`u&f)0i|B_-K(}j`_vaV_ zjzcfuFxKHIP2euZ0x+8jy{sCbgI zJLy~v=a)&Tsb5QLSX@OjY@u=P0 zpWqh$iJ?3VG^4iPuXq>Buk*gn1rOTd&i83yj#CKa1D=~eM77$v^y8LY6n zA)&C?L2oFs$)gE@JZFjF>HL%M>REK&`U!o`D_? z#Zc1qw|$@ukzKsBqJQ6R@woUy{p&Fa^rdS8mG9%C&kPQ(r<_ZKfcJ@W1O!Q2#4fK5 z<|FREaK2aj`pk$?R{EA=sX(QRbbXA(O<=x z{7alf8AE@2q5l!$Zw=1>2=Ncw@qc#W**fU< z|6HB<;$&@}*DbMdpvNn%-M2i_Z~V~&&0M%F$@kNTM1fKJ!lUpIs~&FWp3S+=byrhU z)2-q77{&F8>iL;3jN{eTr5?C3ChdUST71}hBg=1yOsnY=g1|~MJV$LcX_>Cg>uj+A zN){~12>8IOQ*Tt3$#MgvF;lpCrMVo-0y6eiN!Gx?Krc+gPMYPwkDPI85bSxqq4cp& zYLzo;A`FroC%hMVrk4jU%zFbS@A!mdv2rygQko3_{Brz5-F_@Aa}v`GS9<>(;;Xbm zGPtv`vp=Qxw|wW(P}p>{vANVncOhNoB+e1-tqfEtt(IaRY1M1VQ{lIt*iPmLJ4`pL zJdURQ05cI+ZfTb4K%*rh6f1MzFMQsczD;MoI~}SL=P-Bq4|>A*N_Ohb3nZeEaB{n@ zhz6*o5M38%{Y>v;oEs!4*9OGWdt>$5S8WIDf=dSd-L_v3?yRVj(a>;fPy6e`Y&`25 z#dg>tG!$datO-tgq(oxO;c}1XVY9V8K$UzUre(3at)o}V2kb|g*cN(_lK0B|kE4kt zy`%`<`jVy-%Ucev{3epJhFKLiXgHPu&zF~1cwwG$&aHB@sU#&Zn`V${)>o8F88>+~ zv8J5U=H|0LJ;`JJ%F&hEhc>3|OBMRCGE(>p>CAri`LM!aJP77^|Lk)7FXulWbUqBy zce-KT41Y}~Ej?Jf=Q&u^Sq-WiBl7YYztfkNT^Ca~<^zY>C33;AacnBtV;cImd3Byk zN=a#9zA68CYaMd}0o#fH^wzqr^HhZz3H{Buy1Iws}k6 zj9}s7nz+e_ZiB_VleA4X5_0A`Ik7U?Yjzz1X;)Km8P%@;vtAnj7x}-L62Q+m^-C$m z&1`^gSOS&I-Bc+_$+e$lqNG%oX0^`frvM}7{+^7Gp}6UYDXzgi<>nGfrTM@qH(*J9 z9bKJtYj4takMxENd;hzjM=xK#%zpZQWf11b4bNcsv-iF%_fgZ|zim9km3vY?@Rp+D zLzZyTaK+H;3yAM!oOq9tiS4Z|H%xRh$qfmvh2Ep6D<3Ctb@mB2n`~n}RwugkT$Aq2 z&P`-q{Cyi+%`$v_ASv9a9P#q2X4(wf87%3qnh zBGDi4pHMQJyUZQSOC=f@Qfydl$jl7XpHQJWO7ZLhbLiy?$0HFi;eG9s@V3DHFITg* zJBtR_OBvUGwzkJ~O*I{@ml%6m`GJ3Ic3y9DbS3@$D`ORa5K|{M%FrRNNqe{0ZkQZV%!d*K%msiiw$7thtl7*s&9xWydou@? z1%gDRe5x7DK++nK zE@p9R?n;;YW#*H-%G&D6NRbj&oz4X9<~Cbh;LJ)SAZ+P4Soa}a608+@n}=CG(x;x6 zUZ%?(QrMP5#QlUkrse&_t9L9(}R-^Mzj zb`n~p{DvmjG>Xmax%iwKRw7#hrqPCNy)dJ>scXJ#+7IfO` zChFM@{&G9-uBn0-Mpz$#BFLn-W-jijaFgF1%{Mh+W@ce^*^nN$rq?ah=~hgpw934A zm89G$Dtj^{WXvxmW2-+F)8N+ zr8^vL@(W@ZP)~XUTi$dJe_2=vOJZ}p=DYijNVq>k$@M1puhD(I08~LgXh=gB4Rv#r zUm;F*tP70mP-K$^uL>wk<77Hg?(S4F>9Z{6=zMiW}MS969)rGp`8=z!V zu>lLm=TGZyXc5P??`217iuG;_T;mOnMPEBPx)yj+Ri>qz`iV=|mwt48U?Fo1Yx5L= z%DB&d>e#iKZ3|uKAz8NqAbz*)r3Y}BPC?vYqk$k62g5FK>vi><>M6ZlE`3C}GDt{; z{jgphW}eAKsY+14iW7(JyHwX;la zZ)-Pkf3649=|+kb(p0tR7U`?>r3xc{*1h*kbX4eT%vMR}Np?insQCD#4Cg=7o~U-@ zQA-nY#l0I%Uiw>J4%jT8$1(r^19gY^l(UGl;J>nb$d$cHxR zM3w66_atkG^I>P(nLvRfP*{MWkTW~r(L9Cjoowi?57efT*DXKq|{TbaQ++llJ6T8J9+ghzkvX>=Ue!X3|5JXor_c{mgMZvB~_DXk`Q_gUAa zR2>`8ATZ)iek6IfjD!x}6-|e27ce=% z^Hr|NB}b*6+nSle2y7luT7C%$ZBULQm7}4d;m~+T#cif>I_l(o@^goW$9qy*HMe=Q z#zYq=o*Fc{K}=5O`dj9^%QYmt6M51`mBfOAP^%oB(ec9eqZ25T29LOnmV*i2(&w9* zlYv+huY(?LbT7(GHU0ysBx|L0fB7noIuNcJXdY*B;yLOp;ET|96Pny~ZUR7~rJx&5 zG+t4S+dr~d1Ci@gU}^WocawrIvk`g)2*%VkCO_Rr5!94sb9J7-DVXxYYjk5(3SKa+djl9v3241 zA?@`yt@XZ*7hL%!pRiv>c%xuhR^(S9e5Cg|XuhFh{Ui<>LR8lc<ekgdGW4cwKTl`3a&sV9<41u zhitc5Qthqn3mw7T_ocRG6*6TnFAA``j6KCBW8e3DoW$Z>o69((Xlm zaIs*Qhr3UbXo-lqb-y&hk@-MqHrEuL^YUA(}hf<;1& z^N#EREpsj5zkxq7nDH&3sGgdN4m9RA_&rBE_yU`3iowSzBm(m;upFiqp5&=#iL9%w zc!$I7yP-{-Kf{x6{le{v0&LuOZO!TqHW#)OZ6BIv`ov6FF(hVQOGvJK@O|h&+OLs< zbx8kd52?L+&q_d^)%-Tg){0rDyx*I|Og)LPwXBn7u3;czEgr$CF0 zj*f>s!*6P2^>d8my|mHN4}FUdthR2zc1l||bM3_hZ?qhXt4#Ue=}=57JCkp$*H_=C ziFE6mY1H;oe+=CI;#XnYZs>~naDdCsRF+EuXtSxY?J#-fBzP8w}uFeS`X@08W5vQLeiE6$bPnm|PGaUi$L-stE>gtpnBRQ*E7@ zfr}IJ?X8p_3xz(uSv{{f#@2AUn%e8ooE`}gv;>=9@uE#>pQSVYGeKl%s zd6~0zN?;fvX3*v|G;1x_-X`E_Anv_%kyK_yJhvXwzV&)<%JsmuBQGp*qQT7X{q_b* zKk^ReOSw^rFwBZLQmksj6H`hd6C{H={5k?TMVQSPntcX&+72~TuL|GzeTb>ae;Jt! zy^T1UgAM-Uas@J!lo9*7^M^dPYuHZ3+HVER4>|U$!{-E;Hm)YzpQ2#3@H^~|BGBRM zY$>qGy)0|AsS~L6brrM=V@bVWwX#+bTXi3pU$y}vCKex_3GnIXPn;hwI19>H4=+~^ zmTBEOnC@H1wi52t3?UD?k-VV?O$dh{_N1#lt8lS?cbiX3@!QUQ`>-!OJfuMkD}~L& zj!;txhKwaJDQy(_DH%N(mHShtgY7cN)$N3YE#CXDjS^#9YM!XnUg=mUq3P{jVrWy9 zc_z>(#|d6b6{sM%6yNlbc@B@|Aum+1u?$&^ToW6 zTG+VM{biPX6i8`tV%Qxw5fJDz{i^3YXIT8s&W`X#_*{%G37vStkNql`#C=KQFpRWu z6|+tn^1L{q*H#PB*pIA{7^sg*>2C$F?6pbDFsRh2!u>~&9(gqdsyoqoyl&iUAzfQ- zSwtq@0;qJ3r^kZR(yK9FL?>qq&x~7Ozv7kv=b?JR&VMS!X^U!}nfRL=+3#3wF%DG^ z++V8cE%Hs{QdfAD+Znyj^`wfASWvAm5B#vug^VGums-jeL6*5)Nw58*isjhP zg-W%h;|wg0>aQ089p5e{(=j$l7?kpiVBSZbWU~E{pMMdlPV| zIH{iQW}Jr1EHKZh*?&{Hg*=|~s`ppwEbSPb8QPWfQ)MjRX?v52w9^WpvyL7>9lGq! zVYSCD6%Pn(lPfG01lV>g2Mozs#%^x$WOzNO+V#d5g(C8Q|fR89{j z#%6Y3#=IR7`}Wd-du4mAW8Wv=2%$?`>94N%AOX&*8i*2BLOu9C1quoYSz2^3HY zZXFlTat@bLdoj^FLN`5X1e&p@ieKw_MKku;ufIl>81Wq{79HH)Q?l2N+=-&(Q~O0! znf`}3g1ol1>ByMRb4ooRd(>Y!U1pzY9l#L)ZZ~`F(2O=2T22wVTz8cT%5<3SvEK0DtDmn|n}v^srqOTaIi_56JWS zIr>6@|M?K#PRvvsCeQfMVhjtH3cgT&{yMp3Sf*;M{vrUp#v=obboY|X6m*m1I_Gjm zqK+J26)@Q>*;mg;Qj(4Zdf1HT`954c$Kw?=Xvc${ggD>iwGNRpqX}zYE=6Z%R@We0ukcKRlR#JlMjMrP08~O@ct>_wJ}%i2X&n!l&d)L zD2~FdA%c2m#;L_stZTVzw0Y5v=Z`{J>~6aMu7=Q)mCZSWBT+VZDGH5#HVz}`6_7D{ zt{5jRau%kp^t`J9Qq|O~*RR)pHv1y7Df7BW1)HneyTp$a{c+#k(?H6Go{euz;`~Rm z{GlaI7;(4If*Qg`i>^plM$3#Dr^y6L_xwb&2~B~X@EmG+E!q0_Wsa_(3k4j?2OH9L zKki?r6_SJ54V^=bC#`v1N=Kp!q&TKJ!NrxO!@J%v?!|@Yk&$XmZtm@m6c}gMb)O%K zxa%x0X;w{_L?(D%jk|KUx)-bj7JO4gLbd8Zy#fZ`CX2s1k^ALiv-(ts>baH1sa2zg zT&gORDsVf2gUxQU7GF6rqMx3};$lUj(<0|{Nxt}v>8RQn)r+$C@#7UO8~qzt+i-jM zuAWbOxqT*Pwbk5gIZ@!To*|0hJWC`sWkg&Dz9MEFgs(5(kzSUcjH3dayz^&#ULvl4tlT7a!$?PUoXj`?JXN+y`TS|T`pbPUBc@d`rbGjEXk;L#)Ba9&0)d*2AKYaH9pC)z*KFvP3bhg z5#%_S^T(L*2_S36QJU6zE1&#!b3SNV`6 zbz#pyCT~DxqG;NOpgYv*G+t)@8nc|JZ&urWm2_!Zf@)*s}blLNBcky!D~=~$PoFWqYLy(>4qk9=_O!5ux*Vcjkd>h_@xFtkjtYYX|s&u#%0PKG5#gSqu_Qf$BS^<25U4m9^dD2M51G*+7S zg^34A-^s>hm8XXd9M8J^<|we!lvvNLce19p@4EJzRP0Y543?TXbDCutN2(0Z;DD-< zN@Z@JF}mt-W4$(48B)Q?o#A$GL%|C+9M;j&-s3|9@9{Npwd=voL#CU*@-s9zJ zfyaGqTSzu@LY#gWek`}1TUdkL87Z3C@ypO*^|1YSq~D^?v(w zTfG{B*+6JfVCq_8D4e4J44`IN7*%T4Uu}w|Z>o^+QV=BuY3eH?MUnlg4zqw+;|)=&=4GvweU(?DAjex7hkh zs^D;WA(*qeWC0>*J*j8SeuY%}7N0mJh$o28h%?m(9sGHd3@rX=C8bA>FXn5x*^j1* z=3;m4JDZZz&T|n*zxwy;r*D!TeS4u$_enR`C`3brScY$tGqrwAMtt|(8p-?kPm8o8 zeVd2rBa5(7qL$F!>~RJ8@Sjlp3t2slFRs_-3uP@Wv)3k?&?FCvzGSzUO$2FX=>}aT zp%=nSQUhHg%O(Br!!P_T#? z`5>_LT5h+FYEMtZ+-gEDiybFfJtt)OFy4Q#`|H((EGuZ*)}GqHC%J07C7&M&7ETDY zxgr%pr2N+R#N0qm!_9*VqWJ0+ZFG=^ZsHx#H8Y?SZoXOe$&)u!0;A8ep!;^aI5Y>H zxYviVq3HUsP8odFq|8e5S9n>v;){i#Q>9Yri)++`jghUK8##J?sS&#`Zk^%C8(KT~ zzT8_1IoLlD@)_m}7jC3Qe=b%P!9TUjKiF#B%6%-jz#kpqyaV(-rbZ$(;mR?d0J3Kt zXp5@7#~B{Y(N!4mz^l#(>bKRDwSbq8E%;_QQuqi&r2XJfwY1_A7~|g*}<= zxA#pN5ITAy2>|ApR?kwT^gWC500*anF=~gaHqGstC%;huIk`o+8XZh?jh9;hd6{3v z>UVmn26D>=q36Gq|I8pjh{F$pOSPM{i3Oo}73m%Ad}1NbPM{6hDuK$W+Me*kOI^t% z53i3z-{BEgSp3GQApG$Pgpb7KW_KY4^GPjnw|Q^*V5^>LFbqHW5L;XRJ>#F zOzo$h{*pXXu(|imWHI*>ReYqse`If!hD;I?3Y2O3a~ftxP}8xTfCru59a-(44yu&9 z&N1G4(rHL=%EzYGahDQ=#yUiFJj$^P5gYa+yCGrpP9G{K7^?(iw z58R{@yIMNq`SXb;s|FAGG%GBXHu+EM*p|%fQ}inJh#`k7+?OEOi08jO{bMGM43K4< zFMOzZ{3}Ij1M2@ky)G6dY{rcWH|1z(GXV8BTYc+;YUUx&i~oV{D3xSSyIAhuR|R65 zJ3%r*0H!o3FRuM%MMOkIefJVB>19Wx$_SS(;@X9SGLPmLO>C3IzjaIXKoSeF-v)1d z71t>UOFisTtki`XjzfZSyAfTE<)pv;)4%mDS^8TqQpP2>p3aB%e%I8x*z-7ad-krM zFc`LcjhD{dg6!pDsP}vO-)^OUiFnultI|>FZ;jL(dXiQX6B?yAhK<&*?sm(hefxX7 z^#30K=yJ*%uF98dF@L@f;2$yr^JGD!U;4df{xUf+>*e+=ik1vj!qB#uSv%~3f|wpB<8!FLMubh^z7LH8M(XRj~{b_ zK0@%{=d9;06x{Fu`$pD!Kik~oUF=FK6 zQVt1uJP-77>lDxMQE(?Eld(mnoeIu!hF+&=sB*3I`@IC}UIYWyM7fbO{UKPukc2^+ z8C|m>GA*AJ|LWCs_L=SanUm$2AHVQtT7BRD&{n(Nv}Q;hIlKiMtW#^1n(}ZOr#$;E z_@xu5$o~!|h&_LvC-vvnR-Ay9GFqX@x0;QWRdv*P%ucS)u)5ItBc)fj?fGUNq^&D5 z{MT~NkbO6|M8PnuL`2rvaz}bv1zO+`)nt-0s@uT99##2|TjGZ|*moq92{5ge%IpOm zV2K)c0*wXq$*J$~9(EPnp{8aBx(w!rmmdPA#8P(V%>i`s#mNsKpzhIX33PmnxS3LZ zoY6TOr$P z-O%mli`cb^N_}zfwOGeH5?*TwwNnH|W@g&cpThuroIy({^YMwDv!)TCV~V|ep0JwB zW8|g$`Kjl+3yHx}h};?5I@p2Yp4rqii5wh^C$XKV3Wg|D`qb=dSR0T7x}8d+VD;?9 z1a@d0a1QU2<8qW!&f#PC4-UpXS4W-W7_9^uoE-l8>Eww-z@fe6F_y7>Orr5aJ zaH6`NIm)}$9Dr5mE&v1m(BNrLW(m5=9`M^$eI;8%wB(<9h{*{IAO9pj=dhX_UBL^O zEKiAOM2M`;Hs>Y)3@>mekn?G1*p7Y7SYOC91NElMEGnz2zLVVVy1VS5>qq4iU^ZUn z8f9>r?0|OSs-qrF&XT*Lw4h93g%~2was7OyBH)OZNX+d?gV*vs!r|_1pxDBy?`g6J zgQ1Y_p`mo1CBKfla5H_;pAqn@-EhfFY~U>6HL`!4HldgDeY_1v09y}R-3ypq|8gszDESC@waseb%#osN5aLmh(0_?~)G8p-5D})P#?Sy>+;!7ieeVB-$kU zbzVubK_$Cdwr_PIK))at+%OF=s9BRi)y&`E)`N*WTB5Drn3`qh=SlMyEWIVm7=G!O zNvW6+e!?-FdzO&`>&mvY4{r$UNT?a&uK#p&0|psq%{M#865waX;oN)@r<1QaMZ%Xx z{lwUz(Zr-$nPNa8FPd&1Xu8)z>t3hix}T9jU*Kd^?F(%@YKfVLNrWq{a`S3q2|4slOxgcSZ*Ijgsr*wAG3?uqD}f_I~-B{*yRK{2~wf7pwHw zIW1Db!DM&t@LKik8{YUMOAlMbCF(TcP$(j2wOT{>iBRK=Vh>#g4kK77@t#Vixw4z= zyR$Mzkn0n(1+)c!L7}f~kfJZ>xS$6C_CuZ#DnKZ||3^jyr}!kl3mNs^c1VBD>&H^g z!NsPP$f*XTSwVaIl%!>B0H)cI2Ga7PeDd_W&9aZKpOKQ-M>D>IML1+POQPBtWe8Mz z@-Q;@k5eQCPcBD9M0^0w`%;0|l&l?ol?gl|@Ey4=lFCF$S1p5Oj`mI92%v?iODuS< zlO_9Q$CjA)W8|AN+^X@%SAlupeV66KnK-Dn;+@R;^3kKIWjH1lV71m{LQ$MkT&%vGvZ09}#4!Yqm z>M#Jb(>@4DWf`5X7n{J9Qibhf=l3L>O*!>L&lu0cOG2NYw*(ed*$mu`GbU4nur3US zx=g4jw6=dP14?(w_%MKX(GcGZ5Q-ib9#L}XC|(oL&M{}Z09I#YU-T#pYK_J6CfxXK z+zSLZNFtkONrAOWy;A2F5eO+ir2qK~7q4z70;bPQmXsFY0*mqd12D%9uU-@Sz4w%5 zY`M1d@1D#5_Zdxoo-MCFi{1WBJo4Wm6{E~GpfQSJiVb!~miDh13s%v5#g8ZRAF8)H zV-Wv7bn7)>BLaPr>z@AQM&3t&gH-vchD|!d^87pUF47Ab2eZue-_j}X>Ey?zoI(_s zfOFxXs~3ObG=-U8{5>66LhvFa-+p*JW+NQnjeqAb;b zqh2r^iGAI>i)?`3b=kb!u=oEl_SRuht!?|TB3nRFNTJ!4vJDNT z)X6C@263t<;lyvo(&(cTbpo+l7H-u3l#`FOJo2inFOv zeq2GEUmZy7V(lq~q!Z{;Hf9z)8~{Cn<7-e41g!z|;&QY3dKmf+h!ZUfEGQ`8L4LRQ zl3!jn=?X^$%nEcQpKbRl6`RRTpQUU38sFod1z05~@OcS-ulvPxP73JXKlh*Sp2Y*Z z?&rZ%<--ygDl0)@X0YO;S>w?{UN-pigEAm%wHuR|#F3E7Ry_L&XwRALFAOH$Q&pMW zTOb6Z6UlAGqEjK|vCJFIfCv{y|Vu1<*5^rmu9VU6g+hN+h~cMjcaNNgx_9nAYsz4l zL#Dyt)ZWpECs9AZFC5TyeOXm}dVIKl&mZHDgf=$~kom_C2WpwW`Vv76dCdg{1r#_I zy^3EjgU)d&`KVevPy5Qvt_(rD1Pw>SmuHK0h+5)?CH1V znclj;GWVpWc=Tm|ty8UEU-0N3{a1kq!OVxTEM+^1ecf<1P0I;lr_+W9eLd+1if-3( zYsn%Gj*E)R-kh;;qCry>_@|(96rbl=_#zdV0RP>|bItmXg{-XYreRwVc^?(+lv7-P z252Sq^f~}Z8~wzDG0`Bhy5Ay|JzVc0VDZ>CX@YluuxrDQ1N+OQ?tNPF^s~Z))V;4y z;**t`QW_%xVL1S}JutJx&>^f#>Kt-84Q_-63qdALvf^?u6)c!CIj%jfKJ z`t0IcZ{+-G!O&$dA5Z^{{HvPPJpEZ_OfSwZ6?2b-z0(j;>-8x&BSTB^15q|5m)c0`@BkzSTVZG}e zYSo^zoCH&t4#rDW>gof0=JwN+XB^jHt(v)gHS~drh;@C^I({`@3LeBawyGz?Ej#hKlfv!HYQj^Zzr8P7OCQoQ$w()k#7^p2t zyZQfHnbJUFZ;>m}K#~?UQrJ0YX`26%zR6?wspn<{!F1BqDU7_~`3ttw3Y&TPW3g*? z?H0{!;RYv>5uAY^_Ep@?0Q>GCZ1{M4Qf}+(cXg%L!a6!SyqfSAswj8O}#Fs8#9MWrCQi{pykC{ZqQa#Yu_3L?Jl2cv6`xQ$u?_tK4by%o?>5?-HTx@!SCUt z&lw?>Bi^7`n$ZW<1-sUJ3kAO0`4nbY9oKk)D;j|%SgU13h5hcA2b#xe{S?UB5+_dI zZ3^_f(Ypt&b&jTfHvc|PCP^k~<4?93&D_Oj!%FYaK$1f)`EO9XAf+^1kir zm>(ZJ_a1a39^ZO!sUN3HJxqlUEHvEDe7ic?HZ3w5^%YOo-CJmo*?)WasYJVOsbPSh z-Ssn`jf{If46BT36K8>3trPJ_GmjQjQ^*r%Byq z-M7HY+bL-m=vHW-aiw&vA5?p$j&8!SG1&HY>VP8}!|G+BklO;5vgy1aZ zUw>3Fj$#@e;m3q0%^gkIM3U^!)mdfCnN2rh)2h!yYK#<$b9`7Ie|!13Xs&< z&Q|0rpyw%R4+yw2`=zM0nVMWT!F@>q0Xh~#MLP>`F&Toj9S3dMgM!CjUzW{{B1UQ1 zT-^m_-Db5^eTrK%>%0hSYVve&b#;AbYvborT^(Qh1BV*iO|93Qr;%OX)Pxh-)HGza2j~3tSmA=6hbPV?)|Z*3!Tkur(-Jw@2Ke4aFnA7B0#}Nk;3HjP zUp=yedRi-d>^MdFt{Q{@sa=^A=E9mmuWxenI3bvn@97L?T_n4+vpdBL^Y-QZz9Km| z91$t2ZY&y&HyEwb8t(-weiLVJGAdFfd)*ss=)@M5k$E+_JprvA&0w~G4rvn?tCew> zzSGXnbtt&`>7Vu^VW)CBBRT~2cw@wH&R{LKkkVHJQC{)9I`H`xM^3|R;XQ>i20;fD za2p#@)DwRgy%%Xi4$pe8DIP^=g}K=uC({%D#%!M?vY~CK(xv68cwa!hIz$Jr@I!Wb zfEw(;7jz_)Ml_egdJ3DYpz?3~_y=-2Iy1&IoIZ2#b6E1aYnLR(o>%nhJ$-y7=1 z#&c$2$~Eut+!%71MA6JbY===j?+CFXK8Hu_BMWY%xVC(!ace!d=8m^ZEbhOKJ4TuI zk$n*9NUCNe%C0^h03&Il2;_qQ{l$(@J!GO#u6?A_=+^z?la=N@!dlxR-MC4A`l>16 zU27M_?Xa>RUpTJdLy-xS#X>na1VN^)0#K9~GwzL;B%!;C_W5w1xy2dK3~oGI1Lo;| z3RgiYE{>hwz?}2t(!{4nX<^04PSAP8aoY@EW?|}*L!WH{(UGiH;tcOem& zaqLN|p`DT~DKQ23gVl`@)tYfNwx@xHpGE6Hd=sVfF0Wxz2dkY@W&3YScPU)KyGP2` z43xT>HIAq32D-{6rJDIF4uwjE=~7$Zl5!o%X3IdERA)Z=Kvzi1e zcorQ*tf%&2aBz2)Ij#BnguohtbP6|(GR`cPeNOd zx;jJFeVqDj7A`^@uTC_v&>U!rqCqzabojWw0cCQ-;xYPJ{^ zHW1n^Hqu*+o3h5y0Wz51Nj({`pmH|_PIS4Q>BY?M$8Q@v&QnYj@a6N_6@HClI^B*1 zjawg4Sg4YILDh3tme=(pO_^+T(mF;wQfw~w2{rGw(}lCp+V; zZ3b_oipqjSm&u4G?W@|r1fS;ea^s3VrE4YmHocfAQ72$)} z-hLa>F7H~t!&jJQYIcQZV(4ZZSNcE)QWiDLBkycJJH(;Jj3<0YV`}zYwiVy~BDQxG zk+xazalExA6s{BkoHJ*lbUywwaKxVo^Otz3z|cZi(*kt-x>F?pcz>7PTRQoN69Fxcmke>1cXz zWC#=!-!?OHHD<9J<@)w2mf@2zBww8t5o$lnk2I)_VIba=@N#X}>~qGAx|aHcDEVJs z#GDuhrQwJLu@!W13criP^;8dCC77hS6`vgqY8Y97WDM!-H<5$S$lJ#=y&B~1+>yrR z_~E!5;EIhmTpsBqx~+=Sb=Ec|>Gr%QgKVfG62S%wpD020o5AbI<-x-CxVSK4;rhTf z({45tog3)4HGk}qo7nFZ@AzZLT8j#>d(-SRNNcSpdrG=dm=2b1pHR*gPaiIA7==A~ z{0f13>eESC3Ht7bbGfv-!kSr|IH9qQKU(-xqG}nZm_Vp8q!RCq$|%OU2|bnP(VIJq zzVbUwz0pN-j-;D7#r1T7y&KCB1Gx_{-kldVo~BbfZ85MWX4^;YzG*8HYSHS6V2Es| znb3VCvhn!2T0LfuR+YWYGlz(F7Qc#b;*u@mavO7#up?;J#AJ(;N0V4y!VwVH%#IU~p7-!ugV_O~<=q_Mph!-hs4-6YYf%hzDu_tlr^ z0=n1EdpA`YYAL@MPZu=2xib+M(nvZwb}(&A8TA@X78JD|#G~-2E;xfe$YYVEM|ob| zs!%0%UG66rykoY%l%r0k%(=PED;*WSA%JWpepIS6G%OZXqV(U(Jii?(PVIfsaJteU z8uiO#DZ%*W(i1L|YfrKvS{6@vFKj_7xi^Mu(peFtL~H&kY7+&o!!^c(zA@YAXPY0E_WnRrS0gVE>ttIV1*Di z_^P7QjW<)R^h5jE#OJY%c_l~-uG`wSj*q8b2K&?-AA_mB04q%m6XxhgDF6M{)+GGN zXsc;l$u2v+{ENTodW{vwP0fht8^poSBlByf1IbGzi=1|MMiz@ZGInvZ>)jsPnP&&9 z>Wt$RYLq20YrRoqcW))c(NSoM2Y-fQ5B%~7pHTU#VNOSH{3|sgNd@`il_r^h)$Z)` z1INzRdO&P75jI^Wv!hZtgdZ#R3>Up#um(XCiPoT0648spZmMhUR%_Yb^BJYU?Lnz# zF_v2Fu(p@+6xS*HI=NJ=NhNl9>y^DI7nssk>#( zg?)VeF?4#>N)-o7&}JKCIE1w0-{}nz&Q_wM73?R&rog7l@OnR~N64Fl3317DL3TQ= z*3dW`Z_N>9K7#6%- zOOM~_fsF)%x+flcKlX?)p~ssnhLQ!XCw(wFUN?5hUiRz000T$vEj1fD#QpA)5DI zUOcqiDPp%6dOvQqg{^rA_ukf_uHBHq;}_hl8-eW*Be7j}4gaq*s?E=Y43X%QnruV(ai$?{i zHHgbFT!4J{BgDyM)bhyboTw|qT9bvq!Tc(GHde8FOtT7__ABr?HY;gv!8$sII#{om zR0uPql!2GNSV}__=L3fA)zB>SRb2?e*fX50-pH)j1xuUPWa7^HVn?rVVJ3Hct`NaC zYmL^(>N`jVDgl$)(=(Xif^Y}LHZ{mFq=u#QSEG-8N*aj>Hy0o`cf)560UIYN2eviQ z>}05txQ zfK+x;S7Kk>1Skt)KR)lHlEc5?F7p*=+dZc?|LNgSJ=IdJh z@p7@jDJqn+aMF?CvzE-P=OGVGGd@DCf%>MiH<{zrtf(!M%omok1?mF~-vE9b@8E$sWOEAu4+PG4Or1 zbsRb~1uE4=SLlf}XZ2eBRc#3q<8p;&dsFE89^_Lz5>6uWVa`)8H|P5bnpAuvQ7_fr zWJcI^8#M63^^FCZvmDrHOBJtfwU+J@T75Eg%DKuu{mgIEBF`0vx%Bpi@?R29V!stx z;uSmCXD1ttT0x99%&_+!G8r_1jXb>IeLBXSIV%YY-9}c1<4&e7A<|qSw+7j7gBK$_ zhVAU2D}6xOgt981G_teQEMWj!mMeXo=l)CJN*f7Tc-l;0SW-&oWRY4tU5brSRKdDJ zCa)r_C;`Dr9r-jMDw%Jbk9Q*q zqMGYtTX#cjWIuK_x*EdM4{94R+^W(wGZB_kxB#?AU;6^V;T zFVyY2g!Dge?s@6LfYUGhlp2AOvD7O03Rjp@BXDo7MZ)F#>(En84B}{9hWKS091@4e z7N3G|oPyZL3uWxKmx{9tVeBzsPm*7i>rXoc)|6w9e;2dMh$^;Rw1JkN9nZ7)nPquf zPKBm3o2I7ZDwY{yk$vn?eP6W16xYXc5b!|F!AvZF>RIjt(4oxo$A zVd0_X!j8LukhozV*2uYOxSsf_^jSM4HQkx=DRrZeQJ?y+>~ltny~I@#XA7tDR_US} zhlii2aMaig%#@t#2T>il;0k;B%)H47%;ynaQ1};be4vkoe0Z|WBC~u^HrR1|AB1Rd zh+MjntMwVcGNf>gGgCi9Nr$oMd8Ybgzk1J) znSL}le$KExRk}>m9oB#w_(Xf;B&D){b5LFO$oGD>^mFzwDUQ{y8dyujWp~Cj5}Q^{ z)J#6jh^~H6?Ys4Ilt22pfoenz69!n9A3C_mx@NZwnRwIbJ6~rTuksQn`s~R|0#4tl zHw~Kuo5e3Z#kgHAq##y{0}#8@)EcEKHNI=O7SVL{7+KJ)uQ8b`L|8oiq-J7OqH;sZ zbU4)X45YgXu60@ba`w7@q+;s*ei*V%>%H3C?awKnh53kQBBT9B{%9Nh@0P(<5~VE^ z`mzmlX};2CI^PoUoz>Ltt_8VOLrtejnoIVz&(po>mXjh$tfF|Mjc!MaByp7?>e;ri z5D6ulE_W$hfs$Dy*OI;aS~<@4#sou=Yn&tKeuMd1*#$#LysUXso$0p6Kz$0|99dxD zv#9~Pn?bykIo|9F>k}11Xk*e_FJQ{PdoCg3NQ})^?|JSs#->r;GpD62pj`@)vF+Q- zwjgg#WZ6IO-Aq|hzn%^yQ~ddMuWq7jAmVy-!{}ZGQ`Og#JJRi)D*z@$eAfhBxHse` z7EV9SPy7@w@O8~ZaGmFP&F;Tf{}<@U03kxNg=y;+y$GKU_L>u$OhYX&(Bmxvquz`T zOej4-62%lNXET+JV6&`sD-Er-0&VRZg~?jF+FV;Yk(!bp2D1Z0$#e?2gHe)jzHe`5 zQCreGLtz17%5foH=~(g#qHK)bbP>Td?)*Tpq^jtUb$gT$?mq&fLvD<|dn&ma5f7ki zkW8p*lDr}Opx%H*bx(c1zsNEb6O5Z|-~dv0u{-KYO)Dc47G9Aca?jvxrYVW=Yqn3I_ar7?)TT#)F2;eA z-N%`)kd}J)pOv!$Bv>&HcT8kKGUK^YyB6zR5v5q~y_$#^w1Cr+pc;S_*6FU%8LSNQ z-ZmOTAiS}iUbQIThRLE?x3B9?2~e$AuF97Qjqg94sGqM1kX=}2HXkuLLpt?M^gF(w zJfv{Su^+c-2lbZ-8yEVSo9+ytlsn0q_P(WD z)d*O#f#Rh6tWU>UP#4~hd&eq-y%#f?2U1@BX{4WJXWX=ZTkX*&ElI3Qmq8>P!#f{zlXWX`!ujy z2oAtCC~f2ZwW_%m{FImi7omNs_?Fl<(Cc#Ryxl*jQEx-4!TB(BF&1f!W* z@i@^Nz2ddxqr`lAEgy5iwglT@d{yK?L@x|C<-`<-JZ2kFc_y#BFdSq#i$^6-x1Pfm zDog8GK)nFP^tgwqrFHWZHjD|edy4tU&wjO||6=(Io&$ke1SJ0Z9IJ+L?#hQKFM2RzRiHu~Oj@Io#e*XgYd_r8pMR>)s zoRo;V=An_3H>dwhM}*YgVV?NQ&@O-veP(-{)ywZff@P(wR`fy7$9kT!Z@_DP>qS#^ z2#D?aeq7tAI~>pCvXvGuL7GT$|1Nb)mzrTv>R;kGup9@8C?AHr2HV`Z|8$^!uKt4F zpvzPM6lt(u{k$=lrk*4A96wC9_{>V3AxR_%%?dI`?pa$hWt+5o3>}IsP{>L()@V)s z_g@6uHvcQ&M+w9yn(_U|x)4Mk!7R*1;>WxY;(rYG0m6+~Ud<>=J;#)cJtY5@P6MC& zxrPY#xfYhw(f$iy@xLDVwjdDzzX+O`YR}2{JljtaC>TM-F*PLl??~G};kVBmk3&=1 zo4l8r#`osWqv$kik6MaxY5%>c^LMic{RHuy*;78{Ey;gh_unlM9T8C&Nr-UhGa`bV zL3dG2rPn15wLT>L6|K^TTI)rUs=G`oK=2_65PKOcklT?-9Ky>phd;jJDXPB7X}Hz# z9Zg}Jcim6e*PW9Bpo-n=2BH7M7a#bbe>L5@9*cyV(7Ws|kj43CS&9yl1|AIp-q5t` zdj%%DHD{q#UQV;yp^kV&iop&Jquv`pqN`v5;@zt^oj0g16M(!*Z88^P@Bgp%{MS-1 zF+Lb}*_oHQrPD^AA|AJOJOJ5<&UxL}1fb$6ZH?%g1oQ*Vs#r@^8p$f4=xFgg-?+Ja zu9V|us9aY%@0tn+Ado?Ts^jb%}jtLy7k76tIG zkP4}p$p2wk(HD?^FtgOx^dYHa0@!_j6?Al$&FAW*aQ0;>On(iFNf?n@=Y1==Tv?wMc>YTe9fq8YNg%Z&kDjXx;aN0{c!k(A$x;v(} z^7xY*n+gABrw3CgIxQY@k%W9C6ZxaD;dm2Lg|XdB9(ZmYbr0Tges!n{@sr@i!7A`L zc0rWV1$-45^cv}uPxIp`Ye_fc~da7c%5lORX)f0n? z(kV6bqk848-1Di`Uj^d<1LlGImGDbFH#%QHYp$2Y4 z_H?g_qHe3r&aU4Vx845{YR*A_mOveyM!CxSrDD}$%Y%1sWH53O^)7Ev$E{QFP!Q?; zUZmCb{V@DSE*;-DF1$GQCy4z?>=8~1Iy2*<2W7F3G^K8FZ;Z86r*dEQqrq@OuROa&b!F5S1bo_ODWSS%2T8-9d81Fs8pK8XK?u^}9k%1(jbuO;vA^Q5Eg|-cdplx&vQz`M8$D>x1vIj28q+BDVh6hvbgE(Y+b{AXCNB5Bw$-dO2?WlO?M6Zv}#! z8eLbtKSIRnr*8I+i1n#j=ASpc zB0>s0<8}eEVJK^)5ge<4Dk-zeh9q?&W0r|zjM9-wKb=0S4GnZO^O*9|mkzAn6TUGOh-j;Yh-EAIFi0xBb5{EAj`N> ztJjb^_M@FYC()Tc+{kRXi=s;U&d>(?A1wfSeG<(|XyP`@y$4azF!%2rxMrb;T!~o6 z>_6*@euHcfA)98U*=jl%%bC8iPDA`+{0f)y<}B@Ge@gcmE!0SEoSf$wR?GWZi_xrke*Ev4-2uTi-iY zcpQlYy^Q5_z{KP8N@gulm09tbdZx``m)JO2Jeci^HV|H@yg8ppzgdPik!O}C9ZMmH ze|$X?Lv|zrn^JmjE??!lM>8MBK;+&3rJCjLX2Pf0q+Phuqx)G3mv`z|Yg#@OUia7g}AHH=ZjVS42e--@>t|`f?A~hcA=p z^+?U-vl4C6*k_NuP7bnf#;Xcc=rol+Jk2%y-3}7kvPC3@@l(nhPuSaD&`(W@YT0#W zDHq5D9+^_uEiEwHT%qds%ct{FFW22l@ef364#by{KS4rENGMj5>86?V*5qGm1kLZJ zF*zmfE>%riGiuap^k%=1n>$J<8u0T+%5%-~iEaJB)St{Hga=BU9v|Z*(CDx*QCUkh&L4H&b%Rx z!auv*j?Sr-^HgDQ(+9+{Mx0)VH{R1flFDwW*>t?4v;Tnx_s%ZAgln^E>pl*U8k-&M zfAPEDKuZEjX0*CJO{a%XFNjgBxlV@^T6)?-rX}^F+5D9dEj%F3-}`VyTs%3TY~4A#-Pj-#GH7ka@cFr%tkG z@)oQw2&nuh(JanvTyJ^DRE_!_ZRfM;OY|POT$4X zuyh%CG1sg!J?uW4)Oln7R&B~84uNYOOGx@z~oXkgK=S~SEli!yO z)c9Pxpx`m*>P#eQhC%70%UZA1wCZfEj=KFE=eQhF_ zn|(x9c3c*xY{b)>J)w~pqOR}-lDvV$7^(H16z1>@-r3yIXr{QIU?o-gouT{0WiKEU zFQ~Migjd5C`YW_zuf9c@+z|On=8%T~2M*HMYpre^u2))*8Ik3?z~_7ChJQn&-ON$i zwB7?fg2xO3;|t9Vi^a~qqZxK<3DmmM!1SnfKy$6HUW# zlb2^z(MxsfvUe3}M*t8v*}FRwJ7$)pAZ5?lVnW)urYrq++L>Cdx_q_{^YgZh9bwgd zrWG9{F5?^HkxPp>ac0+j1kG%d5utG$n?RFiyrmd^NY1QPVI8y4mpQ!A0BG1B z+uS0-ewg&f4Mfrt3?p(|3AFy6#z+GA>h6>ONuUD|4H{;u#hz<6c^7+)?O1U+ALtkA zK|Z&!(ILucs54{==zDo(_CfeO!)2z6*sLyS9tX$; zSPx~pI9~khzY`$kUEm!qlYNear3K6}o>mkI9@t*0#A@Q#_p~TNn!&*m)E6 zkLBZ+eSph`T+B-!?s>(Z0$m_yn7-(bM~O*1@-14O<8x8ok!mS3@bsxrfJR|uQac7B zQ@1W3j?5A;j|@@UTTc~lTL81ntJCSy^egAb4{27`53EJ(c9!@C{4f+wQ;7ern0uL| zFIf~dj(Fu&jw2R)r{wj*SzPuv#Hu|&F#PpcL{j)C9HdOP=&9C6(_o~RH&%3XSmg2~ z7j&A9I%kD~?gz`ha!2xS=LbLecyD}eJTF^5z`AS}lc{QTt1uGh)hV&H;IOVPHPmad z#J-ouGwCJb^Z0nwK@NG(o!%{s&XXQ34nbON z22*4HbS3q~(TwizQjP~iibBSmk0`3d^EYjAgelLskaAyqluRZMae#Ro-nhrH>RzGt zobHZ`JvUuUWg8cyXInOtjHN3Ck2UDe)!M;brmk;2*&W8`9Vuk3o%q7ogpYA^LHTtH zumAF6#21*7;C*@E0Q>BH?I-N3&nDLoZMM+Z!W~&LO1K|_j#n@uP(gGl)EN4u zG)-Id&+Wxu8qCkqV1)qTcEozCy71__3#C$yp3!x0hGdc3nKdyP5NxiJD4i(xlTBgO z9NEzlPAF2Vg8LE>Y|^U5!*)7~>%iOYD_Oo9KU$GM-nl7_@FFhn%2)kE96GBxFYSY1 z`hDLM^9})4fI#)qdT)5l?e!U+dSfJb@Mh5ex2^%eSCmX*h}d0fQ2=jyY%G0&;o}0! zrtAg;Qh?+yWjS4BF;zmRnNz=_Tq|o)_yJOKlf7@g%8$cfcD}nv1!z^_W>N7|4*tlt zb{eX;0KKB3l&q^h`s z<_|ALP*vb~y)EtC8rIH}sUxfe#*s8@y#jR_ow@o3M^S%w1WSBCW5erwE}Y^&)uY=B z1kE^!L=Vl(fuG(!M1EjIS(u8XfAw7;!BwTj!mly$_o6!WF*cK1p47^abUq6}^fk}w zIx<#&I=M?LUJd!su~ZgTce-aOFxBs@^SnRQN?%}tnvvEvVysdp5Nqu^*_SNr1V7eho1~elOAKIXdIBRe@`bACTT!!u<8r z=b>aS8Gf59f%TWJ z=Od*Iy#bNyQslc+HE|0qp6XxjxI4T)KwI+_yo=Qe@)7=-D$HO!unDSg+rcVyAIeF~ zZCm!lTw*%h{Z$(@UO%AzVUPAHy2EA>tG?2>2alqqmDq+$60Fb_pUlw`j0B$3=w^3C zndn`Y=ylhS>b7`k62eeDN;0)SfJMRvs;v8XM56+)`N3T(ee7{Ql$HoNCWvTZ#+i;cIW8Qiz% zU!62#)JrtTa2a%zRx850La`_2_Fx24Y3O`dl;LFz`eB#cXN>{?n}ZIp&gfVDar0v0 z8z^Y6-JidTxw$+V_|g7E@0`_78m+G0d^98OonnrpHLjKJ()6K8u3$KoVS)$1Z3w}I z?=_6Pc=d?#uYw=B7E#aq1`1Xxp0>uZB;Wtle0l3Lth98)<^De?#lc0f%^U{?HyA@1)<2(K9AYu=*D0PE+j%|#8gMyJHWx)JXSt8>HAz&x%rc&;eDU6DW^3rL_><4?+jr1&9f7l%M`nymD;xKVNCQ#w(Xm9Z`PET4*%e`3d ziaZs!x>^g=XB?QiBCl-*{x&!M0~Zd0);nBwq_!M&rbDm0-=AwSP%cjuTK1vo$@liWhOG>h<^P$@9P&a z+I6;g#D*OKF=qlkw1rA}@lMc@!3wN`T#cB|LQjibmxUaE9bo8RdXME4Zj7eQPxIgX z=Tc&ygtz8NhmZf-*XXuusYh7O)FzNDn?bGr#Ml4)Wjz4Zl_)3^ye`gLf`Vg>qD&g6K1$Jd|CzerH@wu<7f zr|93`AWH+ej(;rW@ljISEfN}q$H_-b4!t)h-)wPMauuw`Z}?oZ>GUdffK-{h6mlyS zio-z6W~CD2eT}wrXKJbIuEK04Nd-)T#Rj0P4Jy2Cl+F*|-aJ?}cDx+Grq*l@Rw-2y zT5;@U5)HxBBn5iTo#J<90YkRBb22~QDZcq;{~Iv;kL~^)8YE7}M8=aH>^5pCK(zGL zk$ae{@? z@wmbh%xMfdjvQBW@{V@5SuUY%Bs^I_3q__fSBhMFYABY;7?2BaZ@Nuh7wRdY+J1}Vc=BWQ6Xh}XeNPRH*?I-N!4nED zyUp}Lq>L!IS?Z~Xu$mrRXfy@FgbIbG-kZSHD| zxYwf!D~)07z6#JnzFWDQr(}rTY}(KbsDC9_Z`AjtRS9i`} zcWlgyX)n>%3fX7K;J5|`8FMou)#}3=t1G(vzbDJJ`06B5kaSeV=sKJyJdX8>9S8CamqDObuMUet!&Qay;U+#=Re5z)8?@| zV6bff2G<`6bbLf3Ur80I&`^myJ&SQWT*E)F1V20M>Sae(h~=zUQLdI0vRJCFDE^Mg zEGmftoB}Xt447Rsb6)5mhknh67}iEQUC4kb?>_m13;Ifa01fCr0!`fa3wWOY@opYe zJlz+q|1>xXd`>WPu(JAu>tyt?`^Adiv?j3K(xd_*WN;FaDbwzIgyDdtlF;?xJE&XUWIE1mB;?!g~yN1FA^{8$R)o4Bql>k7`i zuwlb?d(-@&i8ZIn|Xpy(DCE}gtIbv4^i1FJ)Y+z8EY7&cr60TR(E<@_hoqv z{5PUr!*7?Cn)HrYW#ti$=Ii^%%lq%0W6NMn!!Tm*?+D9}gUnNn^?)QHevij`ntuNq zpT~=6uEv|edDMfS)vj=XGI}!x{RVN56GGysCtN-~jvQ5Ht@!HhgKaU{brwr1&2ijQ zS9$m7v-hLz9H3`qM||M*<3*bIrf0ysd16M>+0J!}5#~AHn=GF5Z}&Tmj@?V{L;)9Z zRJZ?QRU3Bk=b!u?I$?UpcL~_W^#DDkPtLaoI%2c04_P8aD}t~%o*?4!{$y7>Ia{zJ z%X~01Q-^&5EUMc=EYQ9rFt|*i)D>)7h01XLq3(~32Ujlg$;zyftXUP|LWD-^=R5H( zUeHyzjxsDeo;o&-Sv2&OqAg7J!_d~fpd?d*ECmkh|0EcEj(wy@ zV>jO{*0IeEu~JbPjAsj*p2cNU6&^PqcxTudc+CBR?25u(RDa2IC{{{3ff07T;#m$I zNGPuSxP(BhTlg8E8jK_33OMf&j~Vy4p;?|Us~MhFV#mH$6qYKs0+AsmS&cUg-)l?X z@6Bdt3f5nvU*DV4rw&d)M`exE#~j#%hZ{lUUj)wm>Lv^Hd3{Mpgs*T^lNhyf;$%Z* z;y)_Nxlfns&{z!HOdxk< zf#YBw?+a6RD9%yvs&0LdN690!*fykxnINR`AMJUmw9Y*nBf6fl4#XNAeAfORHA8R& zAi3RPBiJamo0E>|_#=1LJR;9yGL#vhv~T%K{&572!O8M9ThnjyQTEwiP=1d^<9=iU zOzbjLEg!a;S_U?l!+olr`x39Msur0j_P$$qNQeB0smi@!F5Z3wN~x^(vOPE49rf*D zIapljo%yE(CWp;|juKQ_T{6*v5W9Q-H#6r^ZH{@$@cl~nPRiLv!*97#Nr0-w9O?N_ zU6<~nggnvNamr%dd6&M9hGP)l%6u$`FaK*>batfM;*# zf?4utKh_!<|8kKhjT1{e zD&ZUVEV)+zvJzNYj9yy`Ah{xpK>dkteyx&S+FVF-xm*O3OUKUK^i*|mg}>#}8ugs> zn)5yPSNX0b<+w3GQJnPu(e>W(aCPnacnBdPNCeS|mZ(8=1`)k?MoskIdnZWr-dprK zy67Z=FnXC0y^RSI-RNe1^E~f)&w0-KJ-`3<%xBMHMkRnLCM^H@+1&N2-Eir0 zZbUnU*Mrp#HBT|qBV#jCz#shw(x#LnUiB`XTy^62u}iR{#l&Zdi-`H}O)#H2%Xq+m z`TNlGOMSK@%Xv@pkgH9r?DHFX)?hgOV(!DY3X)denP2I2S3Y}b{4==V5qvTmKxSsr z{`K~NTEa|c-{q@S7|_dkrCm|0T+QnFj|5sHfU^cvzlWGs_+{#_>YF>#yi;;c2Bf4N zb7uN%{T-g-h`W_#MQ0oyV(eG5QZtWH)|t(G(BwAnRvdn^poKq^&gJMOj97jD^RJ%> z{rYrd4dmy1jXsOds<>9ydx?jng0(b~?m7?<&}om1-&(~ExpiTW)nn%E_>2AWZnF1o z<}7y7s+fQdNhPGCDb_5qHK!QzGnEbCFHx4N%AUrolBdw-yvX@El{tA-peEa!n%B3I zM$%tLjYiTLRPg|4)=q%j$@xKe0Q1k6B8;zW4%QAylbd)IOW);rrX6$^-_eZ9!1H&q z*7QzzpJvJvO@!jediI1#kJAp)6uCSv&}Y)xQPV!+sj^KYSgV;)1I=y&>%ZcM+~aWwDqgabH%Nc zt~ym6MEox+mB}$}sWQ2Y9T!RUqMx)#)IhHmjEzvp5OpVqu$8X?iDOxOx|lvc)5{d! zW;#QxC(~zPcZ;I+7Dgr-U*9)qjhiqO0`HMF)PN?JZh{^%Fm<3Hbz z+8>5|!g#B5H8+i&R5T2(U7z4edpfVmRub!AYcldyx9^tPtC2qYEYi2_QMATw+`w*? zMEYbE(E<#0W?MT4&*;a%8)7PM5f96B(bj5kOu7TId8pw>K%6=iG_`N;`t-+V?en${ z-`%FhPj`(@9E#NzMjXEOE(WFvRQ%H_b3>P7=Le<9%NmcG82b_gy_9M%gly!@+HCEu zcq-KLlY%^+u|pqS@$D zO+N~M1Xz(N6XAhq3&Xgz5juzYa^lf>Z#oO_t z1Vh9k@-1Aw`nu}2JoKFo*trkl557y>1@zAgz!!YfD#`Za`gXDqeD$V66kg)mje(Rw z#5qf=AtuNgjL7Etlotv)Y#y)11r!VAEh8o8#;`At{b5O#)InuFH<;NI#W$D z8;(DEev?MY=K&Evt&I%u(hq8ATm4!W@bW;y_d!Qj!I5Jw@*>b#Toqa`Uu9@KQ8&}()dMw`dCV%aZ)V^?!(z~B`&nYe# z#F+%0R#`uLZA!nQRX4zH@}L$0B&xtLXTGJ@S%X02W~>YaA_OPk?8}n%v`L z!L?v62)zTQ;w0%w-+88+MXzSA+{%N;F&mE86>7k@bPk;E(N02kKx zo>F3de|-JQA(AUMNM5VZPnmQt(ox?UWe4>>4zTwcPf3pPTaRudZb>#ZK=5n4r{A}R z0c~sS*u};bNSI>%w>ww`x8xF+fk{5G-NxG|n^RDyzSMFvl=|{`Z~e8~aSe1H;CSkgv-hu-KY(oipEn{&d>TG)65Ybtlz=t54(@j%I&Y_ zZGKA4QV7~f_7=nYmBB`PWE-78-Z_UEjlDP3^$@Kt71}AG=<3{Ug=8khn}huLOAJTA zR$ImSyS_pJug*DiOQYxBFV*uui*@10YJSBCsmJ?5Q@*a3Z6-!`3oW1hrlTBigGj!p zl{`pcHsoV^R@EUS9*Q!Ay1IB(l;^F=p&NXPA!Kfy4mdhHt5HE4ZB z?`B)P_!)8D+$<8u?N=v}TM$%78sxBMI#Z?Z!;~Ylpp-3|-W`uhM0Cy*uPLv6iC|Vo z1@0`$&^Kmv?4ePubzvZM*(`F|4ZU1Vsz*|LW5a4fyt?u)vtvbP<1#1aZX|^*Q)#|B ztJ^j4<}KS7-%j~}rHcC}dEZ9d%w%tX^!R}jSd*gdp9g`3S{gD(9s}3#FD6V_qP(Ggpj?T6rZASeJ<7&`{JPw88b_rhP|z|9u?S-@M5-AheIYM zyOMnD6O#vVm-8xbzkQ^C@Dv|Ej0LQh^RSC#>*%{%dcu9<$eO)rd_-{id}f@lbO3M| z$5$lQ)u=9)vD9EALyf52cX$32esxNr)$3T5xjQjhDp_u*85CqTCtmAiE1y8cgEt43 z)OjPQFU>}>g} z?Ra`r*I~Sg$Jg%>FQat0FKhg1NIU%7eNxVDvFexDypKWH$4$?$zB7K*Ykyp;^QHC) zJtphOI<508hLS0Yz>-5%TqV%7EY*(>0p32kHnub9YkM+yjkv-3B!Pk73Vwg`4(nsv zS`f=PvP|;FBvwR}V!^VA<-(L%oK-3tMYlmJ=x$PiknPi8w9dj+(5RPF>eRYR0_u&rqWpdpNXt5X`bkp4XvuBXDA#-4l--NCdPmL;v<_yncpciF zrX&mB5uIKUY3E3+Kt(&?!^YG3yQ-*JCz*sV*wpv8K~4-(q8Cit`@SX{;v_Hz+q2&g z>51Q`HW82~Scs*!M~K?DgB9#Ug(3l_Qx*9UUFTmx*&L#PVI^J%;zP-L*iH1~M<6Lepk}D=*a+>?M7zs1)$j{A)mX}7)Xti5z zj*Vs|8=X03zPGRYQxE}M8H1lcTnT2rYG_LmHUi?-wU`W*KDf>)WDKtJC*vJGF~T|CN2?LtN0 zuA~nvq2RlyebAvH+zTll>U$Td_Uvt_fbccZ;+P4&XLq!JXF&riynbLfE5M)+U=knt z`GyU2AAXPZw+nI)qQlr)mCX>*HXu>woKLlL^|AHiiiF3}gl(+^nSlMeSOZMm^3rr8bf9LP++>A)4 zh8+F4dzN7a`aTsL5tju~8+>Mvx;jm9Kq7h6bRX7T6+-fjg`sxugo3-0+}%M%5HWwk zp}Lqj$H!7$<7jelqcA9EAQ4Y5GW5x*;hBdIpy6HiX|*mTPPqZ57GKyV1NwZJB zFM=9?Oj1Abskv)WVJ^)vG4=eNnr8Zpxj^49y(DrQ!Q>8+41bo}Ow98$Ib{hx*OPy9 z^SZOwXKdSv?ZxIrq3!}$M+KrY*=3c;g}g!sUt)ipt6^XLqRO~hyecf8Rw?L{!kRJ= zf-#q05Z8M794=IWa`dy$#XXOT{^%bP{f=#=p5rG^|4GlU@Wi$5jmCSS+}@(MHnjTeOYL4gg9o?Iy}uVRZL;k z#S+WyD9|qRmhd3sPI|&VUupj?iBJvugBDr2Mg|xA`nx&a2`?);&6}p0zjjSWw-LnU zO~zWgcgkZkz|?Zv5)v1&ONO0W38}11#{YFZcsVB0?>7I2sCxe>yuzy352)d zLzD(#GUeSQ?IT1t1$%*k$G21322KF3~=HZLNVgXx27PpJa_O8GY?i&&-)YKcc-Gz?EGz-gL8 z3D3D4^lH;&ZGz9WBVw8|B@htK?Q zm75ffW=csTp5ausEyBU%kd<6Y0gMxR>(o(d$dWniT{Hnj)Kb} z=N(YLTWsOjy*n&(>Xd?W8gWwv{Lw)tCX*BT??xngAfedu4)Sf5Qzy>Y}zYBG@F&GplSok}3S!~lx9t$mQ zhb6$Gh^Q^D*?gC0`tXjhSFL+m-?5plzTQ$gGy0?}O8^(zkLzTCw)v1H5evW5Tm5~X zqyPe1df8zAU1a*}w2gVBCGIC<E}z5@sgW zVV~M`2&C&I}G8uc~r77+p(eUgNNAN+mXAU(Q+>wL?|=m8N+^T-wxw&NH5_O#z$a^_1!a%S`AIJ_{@%l%q}fj(t9%U9L{tmi-J#_uPK#E%Wm}9Yw_Y7zYjMjO7E034bN5hzV2CBmT&k#? z$PsY;Qup=Chp~U7<$531YHJc;aTC|wbHme9A=#k0&k1g;NvHeBSDoHDec@X||ziz*>(|yXIqs&?!ixyuJnF)lx%pij2vQPL<}0<;Gs%WyxGJ){7`t#(Q1t z1El$7bXs^jdiVHUAjHQyAsjr2rA9{pAo0$Lg2N;`1~yN-{U$6x@hm-j4;!l6a6Z zCb)Re1@XlNDcrMRA|jm!BKHxNTLJi;2f6YwzeXR0$;2(~2C|E;cAk#nRu^^$Aw!Jr zj9cqGI-go8=iab!+FVq_j`i2R3TiH|)E};PA@U;o`tExqdUFO~lC3cN@ zv>6bCWUf2(kEd4n>McpFNt&w6AP&TW6y10q3Xl@{-!2dS8B$Ic0P9yqI-2HpldiNQ zL7EjA=|5m!YXV*$h~R%QRSWI+wjHN#-uT<0pg2=iQ3|6zUCr;J)ZfYy?w7(|B?+b0 z|Hx}$7Ej42+>ecmT~uLiQj>5Yq<&myv06GH5Jm!&P-}nWstj$?HBzkLnSUSlIkWK~ z+)IsScmX`WFwUFM73j)?zdP7WRgAmbGf?f4AAH0|Wk%*#Kn(c zZw!Wx^*BCr5QKd)^vM0wLJJ-|B}76DEE6a_>l5j$8J==Y5ri_|92`||?6vichA?=BEwb*$ks zgS?3Jp?M|LYT(VoFjUZis_P&9f=w~Vyph`Kxnv%cJvzjKbC|EQD0hLDaIknv$O`T6q#`AKy^9Um-xu}f2Q6<* z{956kn7zXtUgw?mH~khvNve31=LwMCcncbChdf_Omj6A~#@i$0=M0!Sdmr z?^`qb0O}b8q2$Mh7DJ$Aw%x9uj8 z%6cx?kbvbjtD64D+qhme1hLJxrroaRI&|vraU+I4<8Ie)Esr@n&5>K&+w+3b&np~) ztikCrTsWqFG@*|cNQV=sFF*+Wx^xx$9<1{xOmeU7G$`8j2o!#nHoq0B>c@+fZ&wrd z+AIZcqwNDi{mS-qS*n0h{-owl9@Gq5u}_qsX#l>zVL916x6BuF1?JfLZR?4EM;p|} zO|UV$lW#eNuCsn7CThTtb+N*GAw>h&-n-uittGmOt&|o^#4-MPfTskn!3=kH-&E~q zd=7P-?t49@ceEcEmze{o8RSax;bVDq&b&f3vIq_^_OQ5Cjl$;!gUMLYKYn&r@j)0Q z7(dTj#<}fj1jOEkrn#+7@ZuT8aa~fMhBOoQK>DkR=vIUGWJIyg(BYV12q<10Mwx_o zsQ2@?GCj1OiE<7&FzvpQ9a-TaN`I=u#=(6snN_M;`i{3b!R5~asIIW?67sd8t##92 z&47(hwpwQg^)QU6nC`9A0aVZQptq+(zDqgwuAqRwVCKq)aPkLZUwm4tH z^g~zQ0RLGt4~p%GB-G{sBz~v|%Yn&ae>%4_$N*~MT~M^KM@IpWYuq6>CjPMB@aLD41$I00@Vhtd)e+PXOnL34(g8QEsp$7~I@4aU2L_q% zO+bF96xp}t(lAcF0uhS8Hu3<2Mpo)lYbMR_qRTdz%$)!f>o zAJfw6f9v7I-ivoK@Hf=+Nq~PBJoyNonjOUf3G#BkGJaX;mKvK0Zs3kIc<-0?o%iFH z&M4*+xtk7xgGHx85bP?s_XkL~xw>)2D;?4o1Ti>G0#U@AN0wESHJGxSIu4A2;((p+ zX@%zQ2W_SRNo^o~(kE3cw2*)wS zDmMfCRM)%WWN*!3J{Yz)k4chaF#tyT53U71`r*`GefA>Wn3$Wrq=B*-t6TK+H4$Zu zw9`ASH7*%c57hAwZ8w~}`&7C_(SqIx#?@S0N)l36o1M_Em=q+Xq2UUlJyobryHZplEwLk67V-P`nLFK>x6? zxBi=f=#ZQU`JU*kZ`Aik_Ydl2W1qR|njA2NL0_z|q?JNNaY_G+-={xX`W|S9A!VCm zJ7DU8a+hDH8q9+B%+UFQ?l=91h?}#oU0~&$7aiMLLX}2lAnAu6p4*B&7%ucxyt{&$ zjeZw7g&k&xWM@`=q88P$-CBLdtroH`q|tddV}zTZBKLatS7Yo5cQ}goay)U3+9%#R z8f7ys_=CQ4?QRak_=uAAuPOT6dQ%NW8JJ)v%y>On%KGgZxlj^f)@)K8C=x`8u1T9i zF6Mz_@gJVa;(cs*SmJ~T>`#AzJ%I-eR;J+O;{ow1uL0|4R<5XoZsuy?zv_+DQy(Bc zM0tMv;2w-DEV;x&ylv;)pZ?PP`5quLh9ZFM*FZ+si7=a6ZAfPvWqi&1npIb;g&s2( zIP;E>Y0-c^$!2jYc@f!@JG+@IH)~p514_N>b4d?;Zl{e0WSlfhGSuIc_RguDX}?)l z^_IrfgUZe0seyHPdG|Tx*s2Xss;4}2WcwUGhk9m>n_>k|34ty4uS%kbFiD*j{uhkP zwH*W)hy8X+-#k0|UKk4fX9dq#8%lw9bRV1jMGOJHTEB$RMWqpqCK2_c|S6THeIbGDw?jgANC%`GWxN> zS66Ayg3DDM_K+vBd+6C!S~1-Q1o-ooYVWyam)`zjr5h)Ut>rT9A>As90)-VeClP99 z1hfO!r=bo8&@F5~` zS!z&>Z)9JwvzP6(&j8u83@FFkCP@XvQx|$r4nUSWfk7t*@%O*Aws#@uD<*ZCVaW3X z`A$x$Ef2f)d=(@Ax-2nyI+~XPoKbRol0E1`V2fQ@XLv9=K6y`o-K@IxgX5PT`Z8h0 z#ZkG$j08m^UG9mtfHu-PlSZW#!icLO>!@Ly-DP_(YJm41#4sMZSSBxY=jd?=9lDu! zF@N*^mP!>NvFIB#u+@0xGvxYpk>@ZT!Dk$;-KZrl5Lj#_4;J68k_v8Ntk6RU7v_}FUfk$$s=HNr`}ym~g*$Er zHI;VChbB7{U`*hv!^qaGwFjpRHmvfJL?JQM6UIt$u;luBxS<8^R-SR{tLy$nqce`5 zvk8^w*H?XD%+jnl#FqAAC0B`LBVV(yy3a11U3b0jG!a0op#O=FJkQwR%`ympc1mh& z1YBDZju)QxIO~tNU`IUYu5LO3TshX}NN&b6(i8HL7WMI9vPO zilLTRd(xg$c)-^#J;FD*2iHr8S9jdZL&`4zG2+A86TT7Cp2L@lJb@yB*$I>Wf7t*H*Ah)L6Hx%L z_ojAQm!AMqNPfr<6@@OhHHis0SsTlsam_p1C!DA4b~HhUZ*_Hq=uL&z3@|;A_ z?}}bDPj8ipB2f$$x;(}$Z{`7(V{2a2f;9zLagrs3>uqW`D0zQ`(~8X>x#d>R*6Pm5 zh3XH>(hR9MwVPX{DSTDjI;rZoL^R^n3AJ7|%3?ZlhndYU&Nh%IBt-8t?(}qM* zAreTVyPcnz*te}v6b`JNU zykG1$THHI&`!coz!Q)40b-Bb4NSYmc^PDh4^*mGC$$dO+^aYEB&Jg%bYsi*|vz>{P z*@^AMj4Q43?2ai%qPB}1N>Y)$z!PS7i7INHU3i;YxGL{4TFS%;{Aih)U*5g|sf?X!J2e@J3`nh1!_mH%FW}&grT8+uQD8r>MSJC@6dwq*| zP1BJ0>Rr#w z-fQH`6+5N;C@k3lWa*O9Lqaw50W}eKhE6O2bx_nBV@amji&8iqe~5nRlGK2p;uQPG z;b>2{R|ET8X~`>LEy&T~!lq=#v?7u1WX|z#kHYsbyL^``G15UVaC?cm z7PGQ?=cGVeIyBM}O8M0&*DRc0D1MkL4Vu|qpA*1kXkTHuI|}!poPEtSs1?9D&ji;6 z6y_pC4VEBteoBbtpKU|+Om)3yfKhlV|VZvqOupiOk5IfrL59N405zE^%tO~7a=CEjqVB?CyOWHYbrVAeDU!iSw*e- zj`Kc3q-*0`J!_PO9@>b}g-$-T;yAFKaSOER7%j4e-0tAHsOI;+wY;`FpCd#U^6C~= z`DNraZ6R%{Rrw~D9VVBrcXo39ALkee)mf^! z)g|~m+0O3dmK4fUl@N%y<{Ba(B8%#7-qQ+KG}+Pp=} z2QTDOE9nKImbwmKC%VNwS5(ViW4oc0S8JuZiM)rya1RTAn>1`Qkayh;ER<(u5Eep4 zKk$w2kRM)2Z6i-bzV%4?DT(j$3;Ke`{7a>Xxp4=fsSO!)CGY->Xo8lNQtooAThF4> z&JNgJTUx@YtA&mp+K*X+eeI^tG?&((&A^dCa0p=J!}ajX`@)Nu5Ev&c;(3(m;Ejr}{!@>jj*tPO2P-E0GpZ z&6jR?UqzB#d9? z83CcLYdf5ep}YlZlMXPqz44!Dwh?hb{Wz|%IvZh0iQ&>Zm%Y{suI4k_-DTk7gzK-Z zUVS?+%QFe!(!?ciT_67t!Upc4EUi*Ui`i_m{&$A{hkRb9+w!7Al5^ANiSqcCk)du< zTIY-u3@k=Jw0K)hfFXz(f(%O2vz8W@EvuBsl+_P3w#tXzJCIpE0aY#`Ld#M2E6wcO z+?p!gSpjtnAwqe&1Jq>(aA0aMRC2p6aawrOf`m=a`K9*p+vQUah>odZL|WgJqTEy+ zBQFjW9d}fdnd>K8&y@EYbqe$JJF+=;CDh9&;^*vcMftwc4_qy^2keG)#OjWyr60T~ zd$WU?^zK8;QNTEDE+>Dm30VAldscrYx3G5TQjGq4|_oizVy@L6CPi=^W$=hLkb`WgT5E6 z3`aQF<@H74(vb_#ut`GylIXBMPkzt#VJgml%N!rGC=M-ffK9ZlZT$NCOb_Sk9<}aI zaf|un)}OPi^h<1;MH6oysKnoQ<}&*F0x|p(Tj5dV`x3coY8^?sSU3iHzUlU|P;I)* z0=NWEhn>`HP%V?`8PO%qzoss>AE%=1B}pl;$Z!r3yZAk7!DU)5rnl;V@Z0esA=~;ca2C_~?fsK?yIwfoLjQg5R?0 zuE>EYFnl>oT6*t!DPn1ivt#5He$!>WD2PN&QJ3wU##5}q;r2n;2m>a47y3s*Rwp;)wJ3Cu0TatYS_jR2v!|dD>JL!p1 zW)31-*6RN9D&%Y8|NhZ`4fvPt`rnu8?4jm6sRTPE`z#u-R_qi$f9_D9>5(<>rxghO zI+hCP1b235kns@Dt9PZR3$U;%m9tjZTe}&yeGt&C0Y*}Zo2+dYoFCleexU!M1)ZSP z=92Wf=JX3ND-F)OF4Rjtc%WBntc={7|0239U?Qh1cb-1o*$DVsi~jE?`IjXA>-k>V zVpCF!bQJAAE80qrQ{hV5h5JMZy8M#O3=BkuseJkL>66YWrUZ99!g@_Zv?<;(clu=g z+kGnJH~8Lp(y*~|jpMJ*RJB488}C+$0OF~H`~X#M$$_O2^WoiB$Hx!tS1>Gmr8Y<% zgr%ifmEaKJf6U51pXFa0Wzp0Gl^0K z&!mK!{Z3k}oJ(5WUY9xiB4wMb97W7kNekHPs5X}HSt%tibDMUnz$Z*fLqv*p_xAFZ zVYP8zvQY=tKKsAaO$!R1kUTX(Y8!dw_|&f1Me<{el#9u+FjBe%$~1W=bT(SznY5d@S#D;8 zlkD27I8(it1GJq65`nZ)i0s_n0G>3^ab{JU6YvD@PVcsCznVbK9#L=97wP?HQCT*Y z{L4iC;&hpE@8S#OZ;xHRyS5|ZRo1+M{W;Sh!6dDuC*s#K+*&7zhJn;6WKmu1L zU2+aWj%tk~esmVvN~hNGy63-%B`3-j77PSjV0*|GyHjtXA-!^E6S3oZ^E*4TNq*hn zf(wp($&h4IUl5*v-Lgi!ti8R&Sj2z7(Z5CAQfGbTYxFD|ePUC4c7?nZmCz1=G6%tD;OBQRKGms9$$rK1dOg9vR%=jO0@#^~!F>>DEX~yz z#YSXn$zSvF6VqH8>8`XWGNl~zW!4#}-Voo)OkV7j@3^e=rYdD}tIn3IXiS><_Od;u z;d`qJ#_;!u&7WP&vL;8!@Cw|)78Ge-#%a#lt$6L+t6XkzkLG`)o-bM>p__Q3ti=`4 zWH>vtr(X;23DWW2Y1{9r#E>GKt#)+^jtJ*=c^~p;XHz|U_6`FUDWh8vtEi+`|4%(w zv`(%6Mb-=dWmE}VQpQV z;@H&m0 zirU(xDt+zet5c3a zhF6=H2YyNA`7lFU)8T#>C26CVF^9)zC4q=5jXJqTiI)#;lnl>Pq`Cr}cSRu$25gCp z?5EYfewDK5e9^k{GLGDaBi9@;w2*)qp9JiYv8832zq2n}c0L{vN~SQLPJYtEyIfp8 z>_0Y0SUA^fmv3)7gYQ^_j<2G1I@3tUb0pLy%VDxawReq{BJo!zr0$y=N^&8{$MdzC zs<;w|ZtC)Uo=Sz8h5BnXESIcdJx^I^s?t(PomP5{aQR^Y$bufc-&}N0WusgkZhbMN z1H^5GRtYH5`huY$zf2*36`TY2<&zHsbDJi%&3w6)!*_~4D-9w)HRt%kt5Q#kXBW}fWc!GYWi z?f##_9qkLyWcA_9&@eOBumufa{_Eg3D=>!5(h>f-sW-eAhaOU%j9&Z8nz$A`m&RIQ z@9rj2*~VHYjeCd&X>DiH4yz1j<=&jvsHbI0;4wtV9Js4%>R0mPF_wL0x#Gn@ge0en zu2$dX$*7l!ii|m^>Np>Mr{^B&b9lYzDID58Zn*tT%plc+os4r zw97RP$(TwZDP)ux%WSP?51bU3Om%KO3Ub}1_>wRfTO;vnX(@MQ3&R=hOQXEvZ>`_d zV9sHqhiY{sOW)*)Q)9{35o#pYgC-8X!WxUFX_<>rJ*l_mI9i}_pKW^A3Of<@{CST~ zc{Wn;lt&0YflfcC7k^h6a?-oOo)z_{s4>&lFu-V^J^1 zioKV*i=UaZUP&t`|{oH zj!&mjF)E;TvDIcxn&^DD_fVNfkwsaw8WuIoEFmN!lCF_m)uh2EGRTo}zf8-&@0JEr zo{_Z&tt%;@UdwhU?C>8{3~u54RX+rM!FD?xH-6+OF?R6K$Mbl!^{|!oX?P&OaE|PYbfim{T6I@p2Z8{%D3lTAG zNOH<_(dO!1C%5%lutWRkSeoeOmGXcwosm{BCS-2D9UF5IsoeC_^3`zPcA6VM3$<3S zr)7)dN?R<31Xn7RHLyz1u#@SvmA4u+$x%wCpI-d+OKXszbG=Ml zDU`eJg#?Y_Yqib~68%CC4eU*zIZKe3+Ot^9RL{3qGAO;CHBP2KQOd08y1Kytj&f~R zuDQ-;iPy@2D@T`lwZLJSp+CjkGz+QMTx286=?;$7L*< z$wAR5^*^a0$X6EL3iot6zs4sd6f>X%VA;*9XNRA)qiSmG9(IDZ%rxn?j-_|*T#|F3 z<*Lf47q)esCmpWS(U@|$%FY_(PU9Pxa`v-7lij0f42d9x4ZIr#P|yaV)}ypT0(GcMVq)QNv`hK3k0@rSb`uCMNQPBoh>2 zC^)s_sX7mw;}R7!Mns#E1q&?Q#pitIpG{hE5?>+hz~tjvW0`CxR!-BKHMdx3&Yn}q zYr6UmtTw!KIzkUUsjSUMc|_{h+P`3zQ250WQcBLw&&$TkBv*eZn66c1Iw-J~yc53& zdE+#S<9{^>x7|2Y{+&8GT@O@H&h1>CqEinf`*+5c0eAbKY6<^-}1QcG``jNhwT1+i7~9Y z|0@CV#(J4KUEO%%5HkLS8DL68O;G3?!b;B}SGxrC_m# z>2H0=lKxd=qmNQUJ$g)YlCf8%0DdmuoH)lQy|6`7dFy!Qt6OH78;l&3*Xhv0_0Nv@ z;sA9jek@LIgJDygbKes4*yq=GVFAI@0X#D&WDb|nqhj+u7l*8fb0-5IOheP(gYbZ< zrzq*x>cm;6ET*CtY`6>5_@$VO;XRaCUH)0;q+p;5~{%G@*tZ*Ie_ z3=$nlsi@>wl+vbLY}&=c?-y-|CzN;P=3cv3aq+KadVV3Ld0GtN|H|WJB>t8`@)3=& zZ`xw3Q$ba{u26P`}$KXMzKJ#Eju`8gX6f6iqxDYK2v)? znEtKwvpJH;3eo2WVk&h;0^`e3#ciICFh0tP&Q*ZyLn@%5Va<9e&F<$^8=WbwN5)ii zJ@5LcSun<9uVXHmY%tQc>LV#Z@|c|=Gzm5FhUUCFH!>72`i(66CfF7zZo;(z=b z55^)Jqp0BZAbN|S)8%`^VqjSB%;m+e+lBL*g^4swMO!or?|<(9uTay^0PI!===!ms z!*)+p$>2Zc>k4@9+gMPaufhE-3 zn*Hh6-?5K@!yd? zsW8%{$$*m%bpYC`C5;{S?%Ov;$`wL{%)e&>6H%1Lx>{x{L~ER6Vjlep5x8ml*R(x* z8Ac@VXJln015)sbQ)4(j;=i&Vn90Fal>!`&zyVjcnbVsan#tT|y*bn44gZMiNzpw^ znhZL*B4!DB$dHxYH^G+h0P_M;VNZQ4OcXoGZa3Bp5h_+TEU{Po3q9)*D@u&tYySNUSA!_-jx5?|*lNc8`h z|3780a|NCB|IhzndyOpP+cy0kHJZWsj<&Z;Z42_Crf6s2vJ~4U?Ee4w5LePtfMG=v zZ2+{j(A^|xBK5E3ICN7UCUSZucpgSzJIZtZPowW7GxXL~_3!CTyJa&^MH4-g$N5|6 za8=Fca}UmT_eeUQJe6mwADk&izZglZ_+P&+50$4h5|Fd*ND(}X%e*7SAINyLl4)sIPkBv*Hw4-4!*rtrN=|}-;#0<$6by=SomFhJhu#if;x=^hAlcf%Dmo? z8zcPxA7ft~7S$fDEeL`jh$tf6NJw`NB2q(lcb9aR3P^W%3^A0_Fr-L#OLuomf18t@ zbC36a|H1Rj?AgCq^{#iV75h{l>9aShiSI4tefLdD3-&*K>2@sqe1M0i(J zV2wJKWdYNR)@^EI*~VX;Lp*_qbVIvgzQX-nt=5TQWEvX(vuf!^6pyhbeH<2eyh+RO zq&Bv9<>l7HB!8XNr|^1qznxnLAG~db`HgvTO|GEH&&X%-({NPH8JJU_!_Mmu|CIJ& z_!lh0<*2Lwhbs7OYq?$li$qVmw@vu7l>I_%8R@)ra!j#%{+5Sdd=L;#TNOZ1@%iDt z^ZhN-f8Vcvst#fuKqZ2Q>EluV4;^#2&gIX5uyVP>e|EduAVlG&u{OWOr6ts^g+Zi7K4A1#ec2pu+m#&INCgkit8n? zS$z}w{dXTgi3WYqJAHVZaR?y+*>edp9yV zI(h~Mt`Gp?{AbSzBg{OFdQ^T~VshW?b@t?;IDm+U5yfNevj+zD!6n#Ozdp?lnt%O7 zxZ7zX0Vs?AM>7A#vV;TPMH`H~nUA{4>U_B2zJF=Y%B8BnaQgUMX0-)=83PGP1Q5cA z0(BY+?N|WT-jK=}bGkc|w$V;~?YKAN6ps1Sj$bEf1IZud$QP6^Cv`>U=k|hwMLSs% zAK@2=d)Nrl(5S2ZbKzvMtH~Zd(?^+eanPkyUK@NYC;Rz(tClpHwdILUo5x(-Kh6Y3 zDjmAPRTCA)0x8@c?894<1z&^s<4js|ERV13_(q^ZC8ys@_#xt0wAmG=esOcvF7lT0 zt=(iTQ+oH24g9@BBuQwtHo-SHf(rR^HQV1QPT_ueo#wwF0#T6MKkfvgZT}$C85aQz zq2?W^1-MmaqlLxzW5sh|^{Sn00Beq^naEK@b=_#yvR^Ia=${kB_Mn&FQDe)~o||3X zRf^@mJv4{P!zj;xXk?`GIOPe!#*Q^gtay>FBNU1`tYBooq^-xy9U-QI|djg5^YOaZOKu}71cmKq?T1d{{10M-UH z4L%-`ci59?}}r-HM)lsal5=_NABTk18RQA$Tw7 zy9SN{1l)8YaFo?qM*vsgl!e=UnUjF)q6E710*S23Vy3gX1DzEBzwS^(2aSG53lT?0 z$B|5zr?}S>NXOuABm3Pt4pnv4{2kADzB{LIATCQFyP>3^5I&kY)PyrE*X6nm&9fm@ zYim4-oY8gh8#UIOkbr=Uhfz6l_V$k?6IesJ1*THJeGS~I12Qwl?n*raHoAt$233Hj zXdPilaQ7%NJ}dqr@TW!ohmQK~u5LUJH;*40PSzNH)2Rx$NOoh5O*_~57Y+(KrAWrq zH!X0@kNI&W0Z3Ouib6u}V6n9`l%)dj$qTl7pWdcWcA7=^bOR&A;-_Z zf?9JAsHY}W6ZU|B-(8~-oD_fC{hG$eS{i6~J!q8RJ`LNmzW7i^UZHMapb&U6wqG6R zq2(!P=&wYjom$p4-MKbo*hlUG($&=kvI}JErhTb}8e-!f+bu|s&z{I$*M|= z70OMX)Y^B(L6uH2y_<;pxcQ{BW?h5`tdDX+MsCQ7H{3?0C8f_D@$WLIWdb`Rc5eKk zY+LO4rW0vpb~v>_BO%42#r&zU@vyBi$pW0}4D!|dn*nnfS)-UK|?sNY(Faz5u_oC%Yz5@UT92m?|NOpDW66uSxP{f%g<0w4s+)4 zY;8UZTeHDku}Hfi*=icpsT8xgp_&kP9{Gs!m6Y7ol~s6F7MW9qdVHVly>i(PxxmQ7 z*W@RfE5(+OhU#k0T3}3kq7vQ$I(&^rx*D6br{&yo&tka7tQ_kvbKO*;@V32j#hP7g z;OJ=*Z@6yTb{8tfBF;UJ2yxEm%7Q%rgG2_|sbF(MR+Yf(&Xf^85qshurK7p@R(hDB z@mea9VxmElHgK({=kq>e{pf_<8o)Q5gkCD5-N5OgNGtm>Ab-F1;s)cpBs(Z*L>C^`_z+-w;09|u?nhjfC3#X zT`AaD!A_G`>}+b1+vY4|UYBC55|A=XR600ZrnhtOne0|}2NI;d_lp{3u^1Rq9an>; z`)0v?mC-u@bED^Nt+vCe2W+I1toJNBHt+(=$-MWXk_kiVZ?NB>xiuk4tgE9rxJ@{|o$G1! z_sbFdJD&Q<8wUP#5hbRlPc;Yz1F%l9DrtBEOez)27)G&DOqsz}BRSvHoCOuT!z-e5 zD9A-QiUjeW*|Xy)MAOStAm?GZ5MtVfX=rri>7@6>&FeNQyU7D_0~I&7A3lDm=RGZ) zMwZCA4sv;U+P%6nYQCv_J~qpta2CPtJYq;Cn9vZfW@2IkNF{1e4l^+^(IC_KbR5Ti z-bdbjKgJ)EV$Va{+SNr`=7l|>_RbnG^(cY;!6LeWwKlopK7R=T(d4iF%{p%c27Nuf(S65^jD=@C0ScJk z3QJ0v%J@xb)({VkPysL_X|1TK>H>o8dN2>u;@aE~AMS(TX*}Lte2xf@;cV-p*BY2F zSV8gGWlxLBX#rml4$i5Xb_3}dKsWp!Nax?j&l})P_gL_y(1;iZP+H9+I|@xr7S-h^ z*$_MRwPcY7h(JcEh7Cp3Ww3|HGUOSkWjmkqB0SS?1yFU@{}`2H1<{QV4OF~DyJzkkE_uc+X^eg?FPqSD&_lHAZL zCXY@4Sw&U#$?X!}98Pq0Hu<8LdrNnlH)7QP`5aYZohU?y%r4$n>8Ltt1)!Y#mVx)l zVq!}817HOoN%<{Z!vA}bsS3brzr^YhnUY8!npBGmzk(MgoC*T4c~xl(Bq z)_XxCCDwc3l1nifjlUUDw_l(&0Q&ai3rF{Ptq;^$riGq-7U#zf4+fi?&tO13JvmHneOm1Itf=^$_hr16nLXmx zG#eI00741L%UsM(pQ2+VmRm0OU`pu}v81Y9nW_)|=)=H3-#qskTZQEN<{NYZ{ntd- zy;HTY7|2&gNBfgWvw1yziZcsA$eX*IX94__2Nfo>ti3y7ggk;#l+rJekdO`!j~QW}8t%M+^Ph8Lbvn3ZgfxmQdJbS1uJKBg@Lu{cyp$ed1%#o{%gTihmuaR5Al1A#qaFap*|* zR4B2stmqkvO)@YjC`%5KydE>lAQ#n!Hd3hvGuS}k{)!WMkbF($qtR08Fh$Spaf;8U z*+^&{vAfV@MWtAx6?4&Wh*_jjA4;!zsF+ZqmSWonP|Nx!DkwGp*I%qsV9&!RkSou>RU5xE zXv%3@sW*|$jUQ{}h|^;Ip7>(%Cojz(FVP4NanpuFHZ|M<7DaEu8S37!|L$C)v@a@l z4lw&@NP^**^ngtGF#~zC%?9^bB%f}gIr)zaTdg@D4S#M1vrLQk@@_h zGtlZ2TL1l=UqLXxOL&I{oF=!{>R7`n@ z_N%;6-D<73IqDS_Iq#hX1qIE@fS`3ar+11gT`8f~VdvXK`b~M@ni#brG~3nQ-kzL+ zuu|0e#6s@TwFzD(^T<&9#Rs-TCQR2zA-cb{LZHO)-hxij|%Cx8EdI z>13!GZS2lH%{4h7^2(n#-ZD;9FBE~VA7V3ecK+DVwZn4;rFRX1>4YFZ&h^LtX3^?! zx;^N7-~9`aSeCnX1nQAwHD|=n8d7*FoKcV$LsgeHb!}PR9zD-u{MrJ?7WP?0*a$UcV z)dAYtt|juX>}^3$Lt6;$z(t6rqcM{q(h7<%}fO@ zHUm1pC*P^vwFOSnVLwH84Idm0i|y8F3e7wRkRh(J0Ab&)2_XXALi-g@``L<`kR%qQay(AWO$sopg3|Mk66-l)|+oiA}G?tO8Ano-Z_L zt6bflq)(18Rk5(JFllB8T3^9-+k_>=+=Dzbwd>za5gUs*+~Ls97paMw-&oTQUbE;P z#xJxi8DlD5%M?^!o|XXpU^Jd#U$Yqc`0)+EU?}WTiMi;l_ay%Wt)D&NY5x`S_J>#8e*D6=~-(l7&420eidAX1<-&bd&dnm z+w$qf3Gf5+T})>tzE5u4S01t~h(_3LPzoF|2GAj&s=3i4|Hn}*+}0OKXhu@0+!Bb- z8gZ|mOi&^%zZxA*h8e_Mi_a^zA@jLzYh!tvfA!&!rwIP=(LW4d9w%CMnyxtd$4BQF z2o4^eL74EA?Fu1_ODWnu2tZE1t0w8{`mlLvX0R%=VQbMtea`Wyl2L1%utvj+M8PZ z7&)IZij~+|P);S#!vM!gE>NjaaxilQYG?;l$*8N59C3dbPeD$(J}y>}>S(E!Z^H#K zSHj7XhmXX3!$u!hqLE=u+3B1iJff1B=x={XyYx|fu=X9>Ec?q;=~T|x*dmqIgw)%- zT~oKltM^^CU~6?feWHP>EPf>)#SLb5nv1$g*6XZd%!;L^l{x>=feAb8bxz|(advaI zzSU7?LCEW!E2Gn`m-X!dC;#P|{*ApmGXwE#S`UM^B^{1=q$v)jEko}%SXD&a$e>27 zDi?OPtvumEkKY3ZkNB30b8!s<)FU|@^{!XoiqZreDGetb9bz;O5ARL-u^uyOBd@Ck z*zruc>RrIesyl5$XgwS{1kH8WdQKBxV|v6MS!^{`Wge9&wbQ9a_*A}YJ7LZSRQ7q( z%3*A~#*9&J6{gCF<1xLUbohb+EC*Xumr z>i^xzCzeK5Sqo6gj8LT^UP2b9-dfEhEYYZe64K3>ZkbG(IH*jvy_-Np?*Zce#1A@C z>siu`ay~_H*Oz%#x~N#CIcgPV`_3W!<&HCN*+L;4PGrE$TlyB7RFhgnCs~^2^7C8u zH*qCDh7<(^?p#Y>Kfi>cD)uVVZ+IocmVKlEh$+G*rLT6v8S_d^v99iptx8i?3JgP~ z++v8CM%>=p(7IG^2Ab9T0FMOx75y(vJKrdE=$=G&R%&3d0Ogl0W8 zMyE(Had06vsKWb;nD>vnL)?uJo{(Tz?vkqq(0B#{73+9A+S}tk7{LL-sUcLh#eQD$ zHxiEp83h+%;_e5nS__Dpa;*lPb_4#2*9pa_aGp~0J^+vetJ<0DT=Z^I9s&OB8%>z~ zNZ5z`BHAz|rP}H`Md&ntO9i2%lV>I1CfNufel1c5hXu>?nI&*h^bIf!F0{@;qpv>f`>^t zIE{Mk?c~ztV)ADEx0b#>_Fj5-zzpUwI*prK@eUl1MM2>@SxPTX^sO3yPG|ldGykk;tIs|ompK;_c|W1F0fCt%F@bt&U<_$9pbXV{O$m~s=74+9yx2!h^61O$lT50uMI#1-<8wG_&h!18L%p*wL z>4p;AlY>N=-7W^1^f#m(NO~V4Wcf3uVT%a)8uVzsCI7Gs)XAC*b0#C zOPx3ZcqxkN>Q!cm#*@K*K>E@}2vi$U51@#~I?uDrMtL#5_2A{A75&fJmfxaDPy=Ro z`YJ@iGx-Zn?>IG|B1if8=DnjI%_?gLr&;H}oqxCp;@1|k^_~P&g)f;rqj?LyAR|J) zFcbD)xUq+|K$50hHg;(&C`n*cdBAfaCNmZ>g>Mm&w~2bx^Tt zSA|54UqB?!UBFDR23OQ!(;w{k`PZYof!3vh={z7%;yV3c|pgfFTafMftN02Sy9XRJxi68Ji~X2?z4?er8VtS z`#X%_RhTl?2ci437l6QUDb5`&J2^!{VC?ieGCZPc6L8U?&We;cGI#*!_^+Gwr-Xs5 zuz-A+EuDO^sZzmef_joF@uaVgkq>8Y%^ES#pjp_sFLjCIp7bQ_*1Fc~mLDi}Nt(rH z{}}j;x)9g(XpHV+uEc8}@0%qSYjl%-38CglDbd=ibd;5Dc{x4I>+619*M%BF07($e zt?A3%8qXqtoeuErzOHmVf!>I$5Cm)gEbD<(Z!Qo#I5 zxkyvmxGy<3l0rfz%TM~Ck|8O@i--7ApPTkb79|D6V4?$_>8+1fHC@E=>gwAMNDV;i zZ>7Pi2?!Xcw6rqQ3!O-Q$MSnRKbo5d@x;VL!c3SaQoJ{a|H-E?X_-a?s1||OkE2fN zR^9)=Snl?TSR1vvHZ~)OzhQYpHNe6GWo1jhw-?EOB!1f6@lbc_{f7^V#P2Tq_{ib- zu#JtmZ5E#uEv9Eh1Ii7T$CKH2KOSHq@JXyp&x|nREXj2NfwM{PBwD%S_1l;UMIa#% z$z9J?U7ff#eplTgzH%OK6Gg?!`hK#~#qaCauN(akS_J}Ir%T6shzJPKHG%%i7+{uQ z9()!s@;f^|{_^?S955}_l8A_?WK6xxk*sL$vo8u3%^Ny())m+LCW}?WHJT)5HRUcx zV+7^qXP#KRckTj^xMfJ;x9eN<9C;12o*;VI@ffY^kjTrxa5XC`Q0Nzq3Wy)bpC;H! z$`@N^E++$snq6N5XwPM~e{SnOZdPM5=oYBwDmn4;1-O!;4<9}}KJd4W%JoO$Tfgx3 z3v&(&B@*b=Y;lw^3JncqT@4EB1X6~4XQvJ6gutAi{8DbXVxC9l!i9h6fodtZFdGx#iM4Wq*xURU>tLS^CZt)-SZ z&#xi>XJCN;f%D=8_)cX}g6KKT42)LaN6BC$>BJ`}mKm|dv{KEqUd%NV0R!s4OW3X5 zzHOva%VZ|Bp03L`rjgD3$RD1c*7LRtWQR>P=$H0TM(T zK+}-*{fMOt;nmeG<@o?WmteWa1j`fwMIow^vvm-j=Pr8s=DF5s2>cLo@+u0xOIf^m zba)pH5OWCuzT8bbaTpP1;!o_SKZX2v^|fsGPZCReY82r620`M9$M&ELEpI(pXU(^+%m1)&}`%J)b}vi=^9)VV{aR2c7BSw1s1 z7E8!KKoI2VlMryc-QJTEkLJTmfdLR*E@MRe@40MdXMFjE{-K(O|LZOl)2t=)ohHAU z-|-NWw)gm(|BF`!_4x={rHI=v?ah1Yzd1}S zENk1S$EmsfR}oS-PKkHCiaXCYg}b7ouP+q93bQpl&rcq6+Z?i@AMI_)oheJPC~yVdI)CDRkI zM2n)NRMJ%AfhX81IN=wY^`{CaPP^kCr=`tLyE;F4BFk!isxivz;@u!T zZN+w#-58RhT;t)1BQY?bd2TeQb}nhAz9vCjm^XZ+Z{==k-u-BeiVkhwrkiOY5AZX zv8Tfmyn}Z{9FC2!T%WBuwd#_QZ}Jy)`+sg`ebcOmKQ)UU`2`A71PPphkxmqoRo@qcMj|ByCp zpXh7D)wry$Hp^;o{)^}e*`g5|Q~a!t{*Nz$h|liIU(b?*;0GhI)Aqz{f2E86+GrqW zss`WD1C~JU{_SoPE2G-)jz!_Jnig9zpBCwI*({Q?nN7;kx#dW@)o!jCSHBqkpWE_R z`Xsy?5r{&&r7;qJCtb%PT1{7r2?{!mhzC4;coB1#+wcTh>g=ar0Lk)9;YI+IB_zC9 ziU0G0{++S>%cA;BGu#0`0wN~AQ=ANBh-qj7wRQwRh|Gq=VozVngzajwsGutOgKn^Y zxauQ^%sF$k`cTs46{o7#FGT49t=ruDhgge^adxPGW|sc!qlH86vX0aYG{1S&KHJYl z=eK(@tb>Vxbeh??b%^taS$uw0MHYa}xbgkKYvU^bXFq)^GzwLOobF6U78TL)IsXXn zOXVu4`~t859-yU4eW?ekz)|X*qCk&#cX0fJEcyb4xl>#jwN?) zyOIZ_+!ZoEW;GC6z8>SVU4B79NdcraLh?Q9Ywb6WaRS4F$T&DSXq5Xj)fM@~*|$1x zZ^*d#v8~jHDJAnzh_t0*QQ;n&Ha9c6=B7M#;hI`CkY_I6lQhmWIct59IMGfaG-Y_! z)#lT4yscd+$jHJcr-JmK_m7z6&NY4{Jn}oEujcK1fsOWXUy7T8o9pSe)SNpXyW$kU z#eQua>K-SR!kwb0+M76P+DR0Y2Y}nh7yD1{_>b*jgrp4pBAO!&?C+3)JRK=5E$zkL zwjjQZlCt6prU=7}6$a1@l3 z`D>FiNPCSE`VII+@P%}06%>sH>jGiY96w zFg4)U$@@rOe{E0xUT@6Mo4})uh%+-Ylc!ulc-+H6*D(PJ?!t{RGvt+dXfQcB5s9D) zbJzjL&}@}*w*ax+5kuShS%bqAdLp|=4uAN>=Y?T~3NtLVN_Ru3PQJx)dzyslSB^OV z@9;%gG2Ksx1IV6;;-93`#pXP7nN?0=jCB^<>N#r(o~M}wxeY$F=b-V~6>xuMB3XfH z1oRN03!kV=^e8rciVOdr5xvYi0OV4A*T)um*CYnifE~}SpTqt3A(;N+#7m+2-DY8< zwwL;w@sc@(txoP4u5fB$W-^L&VB|gjT|)f88CAYC ziIP5czNxG7yd?7akqT5BWqA>{11yjTeXgrB{=-EpZA%Nn>vOAtY%a|snA9vbeYkxJ zZMRYHjcnt!v_N0BXUQgfSpia@0iFq9(RWS&Ksr+Ada^k%t2w3EW~!pXsaPbN z1V9R=Ep5Hil9pM|rVLk~&LVo$(8oU~3QeEyKyamxBGTfV@Hn7ysb~B4?QH4(1F0@G*zb7g&}oPfkAv&%U1R>`XV_9 zJ9AIVHfI(ss9Q@z_+Q{RJ};k(dMNG&6ud$F-RAftKN(=gT3TA<0&%n& zkQpR{sapdlUafv^9^27|L+1U(so4u(? z#?_X@LDIg%wBFW54@KrV5 zuj-RZs1|NC!`Oo;gjMqIXJTt|_G7msNVr0e#++HHRa1sewlBN)fbnQNqoujGR^R0M z)9f|j1=Qp@9N2!4>@;8q>5uu#z&1}ulJCDitZV*ePGfHGT!8ruBNenq2g{l(ZwXE+ zKd^sRKh_g*!Ac|59VQZPA7Ty#Pus@vt6~+xCzM(RWR5+!D=^htLuPIewHa23cVCL2U#P*57p`jU4nqVX{%j!#2>iZXGiV2CB zRMTZnM8-Cbko!pJP{Vpx`!#P9pbJN~QwT0QP}P4TKU4nz0byt@t1;7>(o-Vs$T`Nk zo=am+aTjZ@07!pOLxZNhn?RBDrU1)8ZkvC3S2M7ls9@E_)ir10tv0%mnc>ZQZ857h zNVp(n-a%=3YP+3L){(#RtKw5WW9dq$nY6h`to#;VuykgcOPyHOf{^^k7Z(LC*UH$w z+pL)8V?JXMzgBWNF}LByVU#q@7|zN9`1lq66G()m#8CgWhGGh)%GJr#6ePbr5N&u-+!<9GN|=7kQX2S z(qI2wJ>-nj>IwncJQ2JzRWZ6JvE^F%F5>I4S=#Kyx!+TOZy+ZPbKH0h5s%AsbJ`m` zC4hBIOsEp^x}RVTPvMS5&6;-BUg@sdy8_a9eBCo)zn<1Y-aN)MeX?WP7pcLxXI%U4 zfYf2{9A50KWauzHY|`v4GUM(7qOa;eFPHNIeeo6 zm5T>FY1yxE7i0B~2=GVLUBPi1xX&We-@C$13!C3+!;iS~C%fR_#pRW9$y=E0XNLlvOkzndl3uMJMs3RY8HyE4Zj+cQ0N28uA zNFU(;kESqxlH^A3+|>%k&EMTs3oMhtIvmMVRv-TBZ3(v7rLC4(AeyO?iJ{Sg5@;nC zIWKE}7Sua87*eA@Ze?p@qqHSHP(I2+*K1{5M@;!PF2tC3 z?g!AOjG6=I)^>frs-t}k({j2_*ntRUJBkZ99F{j1M^0u_ITe%c-#VOt68F&yXtw$! z3RYKvjo|gQbpdy_o0?tgu>5#T;VY+CTFHQ$W@a_oo@m`7`%SQyK;FXbRyUJB-X-mW zkJ=ZyY*favg<|;?rCOB>cxyFwBbhgKN~8J$ZM-86PiUK^i})hp%*=TE@{npPVcbSn zOA7Xfm7&6f5W85L0Rrnsmv00HDq1>kA_Vgd9-C&xmC>c(%LnjlJn30-@XPNRN+F8Q z?J~5V!9?{Qy9stRb8hniTk`)h8c2Z;D^53D)B3{jduRiCj`GOO1Nmg{7CI^P<_-CY zhb4xu{}wYGS{W;(du*!8VZ!_1;K2U;5NopB#XK-pOu0<%^`7t0SK%O_X9G|Pf1020 z)~UGDM>>Jdr(=EHg!_Dsda~NIY%uW+P)R6=bj$x{NVxFX2B9))gZRKn^9O%m`f!OS z&&!uD+2|a!fK;1+cG3%86K{4g0v@LD4Xw%`7ql$n)ESm7RxLns-^E1N9 z&o)nye4dURxn*S7FRwFk@9h*7rEY|+q}cm3pr3X3F*8nk--)NVw2oZ_=ZYY}tUl96b{0VY=Xuumo3{&&F{=+7u zf^;rMsA*^q=DegM8N%3rIe>WOwiB3}*M~vJ-PWjLt9vuBw9OG~(bgcIf$Q%okzbe~ z9}#AT!sMw{LqhO4vX|PWWdMe<$%#03ZM;XZvh;;z2K^7}gs1|g5?Rg0M3nc%sxT=5 zB}1IGAv3;>NhR?l_M(o?d~!C+=}+u0k<_#|hvRVBoD-$qy*sx0M1K#eB-Mb&f9x<> z>Hsq#_z<(4<`e+G zvec;ZYdCj(<*+p-Jd*=X6@A*){VAw+aeh8sQm!3+$8=|NWqCnWwO3-knXCeoW3LMI zyCb-+P2eKYtPwxAlu?Z_qYLY{(bS@OWIMS@7>=9$Z_O}9V#&ARxhu;pGXJ&$6Fzi4Wth;4q zhTx{D<+@pjXjjU{iMrTVuQi4A_I!s;#C17);I+CDzXn6xwiWx_a;T&y56j1QaSYn)ix3I%SCUDTXu<)DEKb=Ced8tCK(p-D zmKLERsR&-K)-WPz?KgDV`V8_;PEO)6%oG%&I+zU&v<8O0{Ee%PM{9Db&$;P#2D3yy zdNk>?SWRPrx!d=PIGeO4#`8XHq@;oi_p}0E0_gvnNPQRM%11j(*M_P0{iSk zEZyXAMuHi#e3r7hmzH?l(9n_U`^Uy#$-(c>f}fH!g-|fp(aOr(R27n|N zbKypHB3|cr{w-ysR~9IJngMZicGL|K=~uVvppl#6>2Pxskse5_b#$>AzO!1Uj@A-w5%lxO_*g5vkRZ;WYb ze@xW-+9+=zBTpk?Xe3L0d~Wikh*Rjh8ZKLdEWo@B0Vq`OC=dpU0>ybb0P`_^9I?_@ z&$MN@K#cmndKIMcpW^T@LAfG^d&1&{k*x6aH?i?amrR#RQG11Kq|EgSn7e1mGG_=P ziy#%Y1+sVdN#5*+Bynt<2VqB#bOy*BUNGtw`m>^$w3A#v`R(g)|FNjwnNuZ#JI3P7-gCpCJob3`lh z65&78!oT+6x39v}0h@7uCm(g1z-#;bB*LIsrz-{wc1qs$rcBv*NlXDl9$bQ9p&}|NF{+e8!dbhCRnQGxa-@{8Bza{-YO7#5fW`(ZMCfRYXhydLKG^&Vko`m zXS0pBz;KVyoGz?xxfSu1Yx}A+eh<>|nM*3oNmkFvVphukpSAnU34^}%%n9E-p4k&P z!Y&{qVzR#{9Ecx*2!0&+gv?LP>7vJFvg$THEij=(yHVaU43DJ;%q#cp)2iXER<->( zO3~D3UmC?%xsF)u7B4pEs(2{Gk~{jHJlbb8D-uXun40l68eRbi5R zpC1;|aP=AB-~ntq4nB{IVB57WDYUKe97f%*17C%^sU8JIk53dFGoL-3Qo9-b7)z&J z#7iOIbps~gKFd5bl#m7Qwl6}uO?x_;ms?Y#^W3(7P@@p?0{lF!=&m?gi0i0z(>t0~ zxp>FgT?(f&STrzBV{@PqGU<2Cpk3n^O2{Lo-Qb>K&>1N=r=_{RS&@VwJ^q3z^YXAG zyZV1o7k^ticuKg=1RTbGiSQl85VM%|S-!_+!^O08TBXUUpBa(t=#$f!jYJFTSl#T+ zrRjxHhug!5Os~FCN3)2qCvtj{d+5o&o4JsLUbXm#tv9#$j})4En9Y<@TTWC)o$d-` zS8m+axm+qe%ucC2%~&A26@hU+qJ7WbG zGg=)@R^V+PBz&*(r(F5d5dA|J{QDmaorj-{jlB8T1k3bQnT=(>F4K>Dlv`fXQ@nQE z9PleGUDE~9TU7RW;nBpN?hgC@q4@d>2W5wK)77T59yiActxXa}j0r483JYpaO4&Rv zSOF>_(|hl{DhpL+*~K>xqt})cpI_c2G>W>&uNwQvS{K94hG*Q)dJ1S1sk*PvpNBe* zCY~r{sTr;i1in6~35zRfLS^yqx}B)e$LosZ%Idld*dY>d&sO=OmuCsQVy3grk`9|@ zjctlt4p{1ph}WQG7?ssRRNJBMV6hE?!?H#r$PA7jfNpmz+^5p}h-`n+!*#;t{$syf zZ&a;fIzv+eXh; zi0HZ82VP{Iw%*oIS3xm0pU+hwsy9PzkVEPd4RIx$!*64JQ$DucC83Hi@P& zL=lhR#fhO;4UVLA$V}lmb64)$io!en`4=zmlG?!ar)E_7Sfq(Ak3@_kkspx!3-$WZiyT_yv?nki@|<4Vj(!066jcP9VOKWIGCj(-PfsLcqW(Yk2<6UeK`~~+AZQ6q zfo**29EP@Iym~@dX|=PtY1hD8^Ke0H%5nXzFVH>RND^0OCD72cvlMI7_jQNB#9;{~ zv~DfRc*MGikz$>Tiz1`W#WwHcLI7~pWoqc26h9}7ayeSg1{!m(2YuIkD`2ir0=}iw zmIN$;!fT7P)D&uF|5o1@=U3-;X48csD2D2_3QROxGyHY0zVrhf9`g6gU2NABNG-2^ z*eHfde9R-@b}yXtN*u}0vuhtS!#QU@S`S@WE#gtAEYI(!7e*QE8r?D>T0;`n8a!H? z>7W+Fq=@uG!;5|Jm_Tyr?PJB%6vxM4lz*#~|BgMppCY%-T4~>RCW5#%CIE?g5rxMn zSUo#0`OdF!bk>sa^yLwRo1~k{Qsv0rl=r3?EUuDYq%;5swM+7RncJW7$!I0j@R# zI1dul3hoQ1kNO_R-=p-}1M}a!xn`exC4}K|a)H(?FJD$kP%9s>D9q(#vppUIb^Re@L&3fi2A%|Fef`1;|By`UtR7SS4rdU(RBS| z)`=6Yox0=LVu6eGlFP`pf2h-|Fwo)mj7|zkXESwj8bdHfo3zvMJ}`62^D0|>;~;uC z@Y6%MpIkr$DR|NGSXNWLt_ZTEA-t<2Dh($hy_c^V2Su;S(gZ7jp;p=HuGzL4aDJdq z7|qmz@12z{v#^m4Fqa$04Y5-UG1a}k5J*Yl5G-U|aGCp=E|%F*PD z8c6T@LM5^InbhEBVcZwL;V(A?!}+1kYuq-w7vnqI5pP0{7-w6m_e9Wuz>^s`o0BX_ zQNEvU0J6_L@q4nUOnoiRkC*trq>BK4X1bHq%BSBva<4~l%N=h_CR)bl29u2rMubWP zR_9khKW)c8&`T>Xz-BhXd~c-s@shwCuB`!SxkZgFg@?Lg7wSJQ8!0>nE7NYv59wDX zPcWEROj4w|aPMBFiAY$dbjvP=tjzMuI-j|CXap$6P*}(uSN^#T9a6|T6fPhSl@Y+8*To-OxL6qaCU}>HK z!Jux9K?NfF^E<Tj!^Zv8Np~kl7*Y`2$JpSTk{!NclLYrD~9OP zm*Sup+Spv@gT?sqDfM`kJ?+|e3z&vI;h~qukz>}=;sD*i#BN{JJ*^$qDHY>znP1-CaQ`KPt53po-KOisHk zHp%IEDSvB^93*Q=QkUs{t>|`Y1P7|PPs}{Rj}npSMg9O6em{tLMjxP&*8oI9d1I`I z=Q#MK=vSa%NL)%PfLby!`Wa>L@;j#&InVwTyfu&$>*X-`AdW8XmwpuN;9a0Ipaj1N zlgk!;%cTESd5V`WZK%SWV|{n#68cE#^}rj=kI4?-v>IK6fcP;7vo%m=Bu{o@b!TeX z@c@N@pV^zc(pq?;)Tnam5w9SL!D?Sj3J_|&iD`5@BYb({0ktCEVJAj}r}Girj!=af zFp0;ppZq_v-a0JGcI_Tk1OaI&X#wf(1{q3_?hfhhE@_Zb=@t+eI*0C-?uMbeV`%tp z-~H~rpZELyIma<^&mGrwu63@pP7D&UfCtYhu~5y*ZjOtv7q2^HZ1W9%QJJ3^ko&!o zYYXC)4NtXR3OBe0yX7lz=9zkx;Qb$(;pP=Gv4GpRTAO)Mt!gvnPSc@eHe3V+1qEQ8 ze_g6mmm-ruFUjX@_V{YApZx!(%z=LDJ$7zLQF91nrK+zX9hCV z;Q8;Y3jqnzPc@DLL|nO9{uh5I27VY7k3IctS70Cz-=2px1*JKuZ{tP(I6{28+)AmDX;iUN_Lfzoy@v^{Gg9n>=k#<9%RoCEP z-HkXskuzi%^zBgMkh3XFSZ>eNI8SrtQJq3l$5!I#hvzXTpm!xov z*OD|%o#o4C{Ir@akr|wygbgGdz`v|EyP}V0Fz3b_334Q31`~_{IBN58sQ|Zlc4EF7 zKiL&$;D->(Y^j-ROW$MI(EiU`u)}cKx^tEJiKuHvPb7XUAs1MpP&uFVdVa>$#P)fc zq#yK^TG8l+V8NfKWLX$==(1CF;I)`#V^qgR_X{aq*f9`xvMA*bvFmF40~3?HuWdH` zCqHC>1(f?do*sg~fT<|TL+|n$e{d=bK_@N}>IhiXi0!btc~Psk$BFZBW(! zS-Var;aeNBA6!%>J{nSe#jIxC>^G74x%wl5m2U=hQStS(Dv96hLWO$Y%3a_g8{*m# zpqwt+Jx{QQEa3AUW_ppzG_8PnQsC?hHoze0@vZJ9v=0 z;0BD#S*Z6UI+|+;>l!iJe4O>x|#&3MJgt9m1rSpo4U@^zhP&*BAhiru%^C zuQ33qtJW(DQ_WF)IHkdJA@5zj@Bo7j)W0~gN=Cf{OqJALLvTzs%b~+EL(#Ylc)0F# zvSH|C=85jZMn8PI*3LHiWRR8yK+M5wb4%OE+X1Jo6+HGU%Fh9m@w~dVvdA)+BAE-J z#7V5_acYdD0EWu!!bUWI$;k*s5>~(cL{48I7bk<9*RQYuAeQ5e&v*tXW5AFkpI~a( zX}!YriHM@De2TD?=N{3@JhN$`fC%YExz_Sm`XVECrPDPcK%-xLrs^lonZWNoXP z|FOuvSA2^(I`q+V;h}c&)GbJ;{`pf2Wlf2Y7(sBFM20NEBwZ|@I_OBPx{-v(zalJF zkWTt%ca7-*x=aQ=m8-?9a_RHs9tTQXQv%PIi+r@b_6|zopWN8f1?q2 z4m?j)=K7Tj2klLzIIG5v1|1yx4j9*3?{Hg59)?YjfjtM&eK`Doigh*q;uZaRJlj+} ze?K*Rl%p+Tyzk+fnJMHiPr`ro`-=pMO3)o-n%g6N{Q<-njY;0DUGNxi6P+@)HIO)^ zUg&Op;ES`4LBwsFw>zFYepA^sl~2K#iB8C`jl2d>drAj3dQvgReNJuXx7Tk!#>lEz z%%9xMWr|@6DTJV$^RupdnszrV69oKtW>G&{98`j zePSTbCgYo`ak+lm%OJ~vsXf&?JEqKTou9d+Av6G`>T)0RjN%NtGqb&4&F-4c_pE*v zbS&|iXWwrX6!n?p2m*x5xRL%lqo$RM*M+kBr@mbPoo~@UhD96=CR|(5t6uhooo%j8 z@8>2ZS+bYa+RpnAstHYzjMee<#Mpj24nD%{JK(aA9T^D$>t`(BP@ z8f^MU&!DV@fjry5kKVP{D5f31_Vu=p@ipq`@jn39V#NZh0eKE7%XNLpGNYc?zBg%lhRWRP25RJ)Sx)9F>qqgjTnh?L z?Uyd<;!ZX^Gb;BLXGsuJ$>3CfFN6fR%PGbVEGF#f`sPY-c&<}4m*s5@$Hj?}HYvsG zzruNC+XT5giBB%C$RFVwDw3RQw#2a}k`Pf{Ce z?G?ISqqEOyarz5GY?d^Sik0^!T)uW0bX82wZ(Uq@MTH%H_TFfC2C==36MR z*NBr`4C+7C5eK>G)m8gqE}X8*_6P}ioIVU^3TLb|`{nMh&I$WGfL+D@%NGQElzp+M z_8lnTJP!J^+r6<}6=yS#7X3dWr(n}Wrj!Unmwvr*2TF2^*p7X3+ZPTFIHUUjeh$_3v5iX<6D0^}>l)qaSG(Hh)JtSjh7hp}M0;GCOe7yWPGZ1MF4Y zNAvCxw2bbOWM?OrN5I!J*Hj8-tg0~c zs1FC=#(Q*Yp_Iw@%v%n3i6Yp8n&y_0u1td#S!XY{uoTkA^cU_T?d&*H&1;@H%+Ya~ z)T63Qh9#eeGR49$Qc0t9dHpl3)Jw$s_;9Spzx2>a45(fv`iq_F3A^1OaTPW*s2Old?d$F;Krb{Gv%Jgzyb6HP#XNtdN zH$lSXCQ6vhS5Qc)GNF1P)n0%U&(b>2luVT>*cWN$(KD@v={LC_tM&+bOmr8S4i=%3*V-<~PFqjs6E`?bc0ArQxf?wle!7K~YELYv zF%&vMtd_FqIsHd;ovw~!x%|rO$yPNQR4w^COE#QhmQYhTid|33rfi^g8W3i=yPDtA zd(dJUZ(wGcvgzPNW=0d(x(Qa~p=p-)82VN3PBw)PzGp-&&)e*WyAesi(lZBL+EJ5kGg4E8jFX#Icd4q*= zi|9+U@jmvd2{R>H3Xyney+-9X!lgjElux-w9KWlD0s;H)+_Giwl*y*_wpGbx@5}7W zmb;<|aD7{lAwG|tt`!uJZrM(L1D=4-9A?AnzEPyZI7)P{W5ue^=2$(?H?3Mqg|$hS za7i`HMiUe6t`Fp$WqDS~#)4<)u}{v*(?k#@z~o&26)`6Yx-8-Cbo%L?$|E{?ZNV~U; zS3Pwna}wpA6na5ku7%oa;gHCoG@zZDQ>$jerXu?f_DMAQYj6shmH8!245E?LYU%dg zZ9M1bXY1i?)FBp7!h0WDLCRdo=mF1n#^+t`D)kGy<2gX&Dq7n?Ad};9Q>VJR_(m-t zTlpxLHpLSr3sIhGZnWNUYM}8H<)y5wYRaOb-GBBUZa3}jg5KSyu0Z8K8SaS-8 zT1sitwW6TjoOO6?#QSOsz`oH^|cTH7okxfC= zo(M&L&+jy*y^ek-f2H{$q$3V!@|4Qh)buJ`NRqJn&`y_WKm{v*yM#E^*j-uekF4b1 z$lEVhr6~WF$qseC#j|Z~)dhFV@nq}1qv+6rc&V|t z^&fo@IVLAk`yi9qP;#sAyD3lDVe+z99WNR(BOw&AYZa@(WZvJ3z@NXyR*X*hLqX+p z+DBZ5#N4wD$zof5#&fwewzyCX5*udkt#v-!Cme=aTWIz|C%ZTsl0h2J$nVR&2_<9L zgie#&tE0Is8CUCB5SIMnk8hN=jGHd>P-#f$PSlV_PSKhsZja(!7Ll^zQ(L4vY|rC-i(mbgqJCqCk+~=)KpuF zbPY+YjW5Rv{vJKJXr)>%!(}y189qTUQNXc-7LC1g@0EDeZ~o8ym;0}lr6~e)GCJLneuSJ8fB$DJ@orB#FtOheP%``wMf3C!Uo95Z8&fHIz9m z*fde)o{OMFue=|VdOMXHsI zJzKf~{n&&8ZnA)`Fr*b(MC<9{7UjrgSxjE~ZQ;X*)Fis*oLV--!K+i8X(GF#YLk(E z4&TwU!zH!&%$5rEGVStjIE>#745l3B7oM1|jWxB@pRnLVV@br2-}-se;(TkPNfn*y zK4E6ecaI^mt?KAO!AA;A(eIzyUlXDdahM2}^$Goj#0ETGwo|`7opFz+^TZt!a#gTD zo)Hyj-Judptq1se)3sfTQP`$I++`{FhV@?{!j4ohu2wrrFx;cP0Q!9EgLK9&-OhG^ zUXxYo<@XdJMJ|ByzAy2w(|E%3Zt9957Vd74wlCVEIYfxWA0ll-CE!R2k&Q3!%(*Z_ zA4L%5#Encor9a~Ez~oMmd&Wd3En*F>n(o$e7S;N%JSO;S5PW9{ha8-ku=vuVkST%B$%Rhcp%?0C~&?zKcq*CE}%>6p?c<2sSB z^?#>9D&nXd@-w=p)1H=CK#F)G&5bO|RohQys_T)4QDcO7e|aVAji4pk7i##GZMigu zfy8LlA`{0LB-}{9_~;g2^%70}h?KNCn_P9K)MCu`1>w@^p1FGW(PPyXGd-*BHP^HB z-*UxxF0ds}GBwOw1U@!$n+>mk?~xY`fhtlThfw=6A*@W%v9SZ^qW{9ujT@iI7a)Ynz45uq0uJzbn{S*M;}b6#OJ2sxA)O8@+@P0TWlyn~mSTXDM9 zb#Vx7w3^?I%`ElvcF_HfhsRhy>T1BdbfS)DwI+w$1yRj&Lcnv)B`A|Z+E`tgjhJzX zlf2sX$1b49!pq@D1=-|B?bT4ILragy?y*qj;MYU1DO$p)1X*ICUe6is)H8c6?2fA7 z1F-36ii+nApSC{3b*R_?1$PApw-~6!td~W=?@EHpj`HUbm@>D;NN$8p3l9w z#&2bts>C^s+NXh$HZ2*Ii+UL1IWm{%_whZHY+HiyZ$X~1-mB6PNt8-ISG;4>KoztE zOZR?7z|iH*A!B~)P@mW%0hesq^jVTPODrHw8T@2N|QvV_jBgd1OkxVm9WBSb^;GyR z4mSL!=og;r?_L7oxO>(2s(hf_AgJ;bC+5Pz;oT&*`R>E*=SyH6Z7q~BgH4EAXnB~> zlgC}h3F%O)A%gOAGgGL(;gUBW5;UWRVeAz4FdISGewbpQgN4DQ`>V96S*e8`{&g$6_niJw* zAt<HzMxQ{_%sH9W=a?H-q?-|Y8}PCWOOCO&w$&=(O>mOgE?ErXT7p5d zPqtH6@Vd1aN3O6ym49h#Gomb@t6%W_B#e ztL4Qy!6yD@v8H0}7XHWS3M?kAoAS5Y-yE3bt=$s3YC7L~iF}+K&`OJUy4aSZGJ)+b zhCNwLO5&DxtXVSAAX*%0wo;lfpf)g8Z&ipyuIS%-Aio8}&bLPuAp6rQz(Ufxg{Tm& zP3-12T$Hf?9Ms7yL02pKiN%%-$X8O2JZrfRz_6bq68$e2K+=Z)u5q?MO~gp-m*#TN zkClVIzfj%W;9N)nv?g*YbEOFJW~pU51sun|`h}X>luijUA50hK!7J*RLTowAM)Gqc zGAw(ldaS1V$BixbIpbb{6K*f}s%yc=d1oCzggZB|LEG(5zF=R0$@(f6zP`Q$I+c9I zdx_TZhuhZW=QIK13dKl-p4ZW-PVxg(R@M>g`G4^co5hNQ+EMCsp?r(va54(R+Fk<;>eBc|Fl%BKq!i+`4@pQ=MI z7YWbQ)|$Fvi5%i!K09YYA>tl#CwKKTF_1i3YH~N&ve&J$p<2sl@N2GjON$}k2%Tm} zat4RYRWh2;`B^QxpUf*@-o2%f5$|`cvTZ7UE6CKfOn7Br-L*?XZeL0OKLdYQd0UK1 zZWmpzsbfFIGGyguVpgrB2R-Zqx0c*r!Sly|?*6hZL?#f5Xg0D|rxqh?Q*qfp^(MD0 z*X^($tFaF%Fq|VE0n(~6pB2{jWzne&e9O_~Al%z{MdaX7zDlgl{f27i`}9o7FJ~;O zFEIq%>HC}(tCX7z`;52lC+A#`2gPBm!Hn6?LLZ4RN5P8Dyl*KgAgfers;Y7*pC7T^3g#t3Mad-3DjOzEPm z=lS+#4c<5je=?0i=0u^2d7+1+dDB+4>7b11U}Ap51s)~{qF$^VLQ~eeIrYA8$d&E3 zMtgdISki^d`^a=BBA1yy_z>t}sM$$6i!z{4@oC)s>gXzjws#1o)FH$oU{4^_MGge9 zeBPD~g@A&Q3aRHCo1l43*T>_MF(cVL;;Q`J4dWOj!k}cNZ+?6WQp3hq=&=k~iLljd zv0%Y?$!q63U#mg7pBKJdv9EyW|7_|PUEYo(&HgpRp(j0&xN2~~Z*>8Q>R#Kb%p#q= z4v4QABJt>QV0<3^4uLc!kci1dwaMSo!?&MQbjsATmYMZ`13HNDZsZLl{q$5^dd;tr zm8;Dz^G@>FD)D#DPb0@dcNOmTd{*;01O@&P#hD1r+dd~q-VFaxz6Z3+0IH34ukD9= z=xIN&^%TDmdi8@{K3$WT@QV6xYss_J$Q{%BJ0*6u=~@r67|9gweP%n*WxnmTXQ+;n zV@l(>Yi(!I3`)zdHea>?CVgAkBS|mjc#6Hjrj9DVCjD{Y%M|Ez{S<6Fpei(e}ux{^Rzm%VRjQ~%=YMlVRLt0Wn{MyX_78B{T6UVY>s2ovm! zh+(F1izC@H&F_If16E1e9!{6W+-78Yy+au|R_KWtlggX<(@~EEClimkBJa+uoOZ4XfMc=+V(Ld$yFvbs?|fmq!N!=`{0!z6OC+!jM!Y-FNs`9 zv(a&#^pijRhY1+NZ3ZegyaH88764FI!#0F3AJ2JcA0ZS8ubDyh6t9F@A42w(*Y8tK z$>)e#j|`YpU6BeWw};rg`;!>eLT5@e3u|-9nzXuONS7-SGiUB75B?+I3V(hIP^+O5)mnP%`4jjjR;7_aZgWV5Nl|P+u>YZ?T57po7_;0>4fu!xzf)x0FELu z9Z8J*()&%6uj;IuO`h$S)?_alU(yC2y-q88cGkg6$p;^?`?i&())x)#KRM&WvdAF(#D?ZX#ndLzaCB%iY?N(=azrM z;)eCMXd8@=-d*ia)a-Hi9;z(b-HyCWI9w>2wpL5|>2rJ)3YJszWEAo50402`){5)J zp>o0jfbctr-DHO@PGI#vtw3-b0fxk+;=jS|KCd6^Pu_`liA}B;62egnvP<;W_`(VM zKiQziS~vZEwtGBB$gJy_8uY*ZP>S;M03L{@>-79ejDl#|f}5oi_~@!t>cKzl@w$3+ zLRduYonI&nigw_fm!N>~wza^ug+ph4U!)k&jdk-8XI0c0$cFhzy}sHLTdcLo_U(%~ z>&8(jgI*t6rU+{}?XT4Fa9PiP%RCFJ05jGYCAQ^dGoD*ok+(3_wQcEUBKZ;piRnFu zlXG4fql=P6(s)>qXWK%I%bRN-gJuz76+9BSV|6=3emBvK`W2X4Lm6q3Pxk2zDX+Y* zm4Z^aEN|~zn5@1!(fDt%*8YqnZf{F?@0+pLR0&<}$Sw4Lw zJK04d;1(Cw_X?K7*m27dO~dF}B}FYhdULj+T=`|B)pA7__GhwS^J+XYM^xpgaQa~^T2yMgw!PGhq#h;|GINao`XAEXW;3v%9M_ z)3*&zHS`Be(sB*1DYqP#*5#;{+KJrCR)XN`kkiPafh&3Z&6SmqvP6gU_## zRq$W-lEdbypIp<)+UrQ{R6U)gHA z|KGnOqMN7oFSZNm1N?jS5!*EG@0YN9yAi$m@0g@0)dNguE5S_|WVO0XSuM!HYt5bJ zz}E_LMhos$Z}p2J%BN%M|D)bh{9?L2M1aJ?Ms670?*F+YcDQu<$JIaHfC&dfPX1{% z&q71>ADJT{)NTLNkNQgw&0!go%t=Yk(eA3s|KXoHNI>=3KPRY|PQCa0KMilp{=Z7l ze)(h<|1Tcs0KdS4%18}y!GFHy|7e!}-xo+Gz(-I`Xk;51{&_(E?;HQi z`8?qOFz<=ZTsubPUkB!g8~|t!-|8ot)r?dP#rmvN8DTfrEuK-T4ZE5tq=_aiGpC3= zABTLM$$}1dwZZ%k?$A>C*X+9v)Y?Wd0H4I>v)u1{AQ*1?rQdCPrf-c~Ptgmg!rrfc z{fUPZc)zP;$KggfAR&4*nt(<=Qxu;WKAp|@%SsNJD9Ck&@`d z`y0PTviPKqQfq%{l>0qN!j|@`g@gNwlb9#BB1Nth_m=)l0zzG1GT)~RGQZyzI@I{No5^APxg^gHZ$$9c#DnE6^XTY=DW8N{~nN5$M1Db^03Wiliy zz1eNO+p=*7%b_<)WP;57+IzE+W;cq!kx4t#x(%?N*=``m(u}58ie$Rf2>CVu`kcw# zO6p zcz5%(r_I>@8hxTQd(Ex+)Fa-i5^yB*{po)`9mxK&jfkTYfpAH@2|>`$=a;g_vvoy z{+VXhehvgkBROa1djro0lc2)ZM1Q@9MqQzKdW^}S(agsYZ<{VNmstrlvzy8`^Y&-SYxmE>cHi^Te@fw+`90z z+aadS>n@zZ?-$q^f+2O4#+^T9IY}Gaa(fNKMkZ3e{rNNa* zugNDwx#06>HS1Z$9mDZvgv*4UZcK8qi9g1Dbh2}-X0>y(`rBR>(3e||I?b|l^c^fm z_3~%8(ueWMf@GdW&H+#DF~q#$I((cCP@^CV%{I|^ZeRXJzb$$pugmZ^{P_73K0>-J zJ_(6WO^OL*V=X*A5!h+`m%By6*8cel>9R>n%o8*$EZ^`b0R_P1&!4L_Tt9a;8y*{lFlbEbwCZzcEy*r4 zswa z5^lwdZdJKnIw4Gi^vcZqThDlk0at$eyb7#aaYWuKp&M+*TQa7Fs>t|_?kB=)+56d) zeYAk47x05h45aq#Bx4zguw2}%??Vn;Hs_?RR;D=3eAu3+f8^583dR!XJWVG9 z?XqYB_roPIU_7)ssl@I1c8(;Pm5K$CaWB=N`gjC(!IapYf}mN=p^7qT(j^gZdMbBW zA6&fUP`IKmnTX$Sbtaz}0-<9O#VZU_ei>x!-U2`>80Ty>nOvze`ZAtDircBpJ4wD8 z(GZSQ1-3gAkh9+#b(-vGVt~ocZMV=%4i8l!g0(s_$7dCBv}H8i%()-s-7m$05H6JG z*{SH{4^R4{fLT5Tz$`8XjEunB3)zVpX%+%M?OjWHjpp-WaDutSs1)IL=}#UhN1f zzF588q`NwpjHZ@P6$QfHRF~EYBk)J`5(c&`09Jngu7@vp?>fNk((Gu#pw6$FT*DeF zQsbF;LQ<17eg%fIB+iyB_HQlU5QhPQ@-ixpFvbwA4UEyXX>0CtS6KRbU#!%td)ETM zc7A$2c_ZL;P%9v}aoTi!d!IorrY(krc;5xFc$0Oj=2^eaKb*nPbSKn)_Cfk*_}%4U zPMMN*8wU~t>e|lCk-&bcfQW}&uGv|_maQtwFZg6b-stAu?lo0|DNGUcU{k4xRh4G+ z!jrXez+s zI~uR6^C5;!%Akzg6q*II^`6z4{hdah&h@k9glRX{fh8wuic`_zLe@#MeTFi zeS8c<%byf96#0{_85PChJF)KnwDpj-s1Gbo@yBi{1L8&+kQ z1Zy(e8BHCen0mE8Q-_c1z%0&7eJyZYlui@rj%kKc{e98*BU$6l@yL4G=n_xNF@t|L zTs*fJKh=J~=j@!3B^Z}>qahY9lTuXU<({?CutP=j{=GEz8F>Pw6_Y+9dB+(wN6we&@0yYwa|X9E!p1SciLserPclZ zErDLz^2W>t5hbs_Fyv_SA}d@%e#s`V1CVJH%EyIH)k|d&K$G;7O7&Kq zWTEJ2Kj;`Ertm+|=WTq&Ru}V&OM2TRB7w{ClhB?1M_RY>*JkVD!(Tq8ri}q zqo#bCB_YR?kl%+6W0UQ_3*Xhj)bCG%WoE zqlgLZc6{{@r^iPYCpzU%5zHQ%=whvWNYzxI>&M1Ae0R~G4ced-206L+^y|7`TOKCp zuwKIvhy#;N%PI{kJ|Vw&b$|Vvh&a<3mJS>xCK|O|N@4Ic8)LsHYrx!Q&n+?eSPYSf zR)}Q!!?nd-_l7VN>ZY;ZSHHxr-}%OC#y6Ox3j6gN#AK!;z)%8;a1fCHAc0hke`lzd`;GRk%_30;LcI|FNLgU2Q_z#$YUOtTJxVW` zh!>sX8|;S($0lBP%zE-ATN5Q!B6BfLr*l$s9nxZeASC>swKvk5ASVoRFzy6p)1p0w z)}^IJosI_fY%2~+K6F@fN5){*n#-qs1lV2WxHl!fQf!$atk^$Bp+JNJQcfyYmuJhs z7nAJ3+bPe!D+K!*_PofrMwpha!12+r?PZ2!)AK`9@L#i>vzh$5G{RAWp?!41_*pjE zCac7!qnC^m+;*x-#}2zYQn5mn(h;YUP-KYGb)WVk(#hTC9}ed~QistICvU|ktMcTo zHJ177^0rqxDc)!cWX-&L?}|Di^`RBIKb;$QN7Cz#zw?WZ45P$r`rAG~+9AcDbp$>(s}dMs$GCyLMpQKkkl9zte>SI`a4H*;I5 z?J$+Ixj3v9*NSfGw<>NUTbPt)vN9uZ1?m8&zt?e(O`3*TxvJ&yXE@$j63U!7Tdpf6 zr4@Yehaw(ZK)Z-n5@F!s5&6;)qYYfu4s^X54&J-EBK>mEHh z()7;{Jx?Z3_qPEaJjrZB;&~06%m@OuFCThd>%I^CBI3B-le={IBZbzHVvEajYk~^K zd6`nZjT&}{a4qHIT;)57cQ=IboB0gYb-1KbsNS7y%S;Kik3>M8n5@&VQke>j6ba@% z21!KHp8TnPFnqC6NqVTJIHd#b76xii@Esz{(v;6D*L0z`ol-~&ytE z-JF1FS4OZZ)KQ)hg=VrBztGE2%#(78^m~U=rq9;$u^V(cXrwZA2VUW=G)cOJI9qkB z$`OW;ssA4Q-l01*yDPYM5I(br7m9g%ruPZF=nrar{r$qZ{J^eL&>;L2U@g>k zhR+2|OH14s|IbR;_o4apDN|4d*#i?T>mnJe;gr=)3z%glbmmjktB}~x{GK)Bi$Xgs zVB-ametus<%1DPIbV~ZIM_&<>*T5r|>$<7{t6AiSKPm{f84)5FlGt|#J?9!ALWW~# z&ak;c*0;d-(7pOe)=VboB8%(^TvEm7*O9cRf^zA+&B#v>%9Y{uA3fU(Imz6Hm;qFDW~xK#Y@B(k{)u z=%-0wmchuMSELFQOXR(Ar@~W1gzg?5Knj_azwKlkKa1_P|Nv{ zGES$uHDAM__Ob)3n|_n_JrD^(r$FV=FR^;IX}s()p`Aqz3Lt5AUn7aU_+kR|zm#$g z0Td9AW`lMUV-r;zZiW51*j zzBohEc^d0JVR|YiiFpxn^UPh-2ZQw0s=I$ z!bmv2M3qtK!)aibUF}i+bIeEE^X`Bf9F&DUij1 zG=bR&sbLQPWjcIH6xF)st^p9*0npFyH&2#Z4gv1#f4JC>V-%QdAo0f2o94HcHK(-K zE#~*4n!#VE+;`vO=D5skTE;VJpcg6TRRv&E&PqF_(DINvxjL2LM(?`$*i(4?Z7*$}1 zg{u#P&e2HC%80Zo42A74YuIBBKQk2jKkr_ROJxOmhY^Kb7q2uo%l092vo=d@hEYo9 zn;-OWbc>y$wFyObV_pp=kf9&~#3%V`3oqfyLODr^>4J*>x+vXy9_>zM;{+a3 zyw20i{()pHjI%YSFvLy|&GKj>;KWgS<7GPFDTSy87nm#I(U(ROTph5Ho*yNT|L`SX z>-4+4p8-wj5OHWHN~P(O$!$mriGhuznX}?HAl-Mfj6R9`6AR1kn~DEmBFKF-qMUaVGbRvnkDHwalCca77c9lrPd>OJl3-@GoucIm9P5FH}_O*6TC)~ zcz7beYYiWa98iBt);Nc2{?g=fQXnpe)YPPVox(#Y&L{5g;kS`T0P?|S(HHj(?vL@3 z48?@(rg5|NgQH3SFa7E)Caa&*jWvwP``-b8n43ty*Iu$Vx6YJn=L&vcxfrqwHVOF{ zPK58VBe97n->;_?-m>$(oJ~7wcOVk8;nk!Wkp4Zlh(YR^oMLU+|KsB8py(J#UsNYi zz<|_iq#AA9k6AzTJ7Iv>PeLteyrfk&Ue6`?<4Mmn-_B@EL5w;lUY%SRy`|{pcd+*mzA)biz?;&xkS*aK3E@70G zv__3P5eh$_q6#^m*SsxdIrR)R$}d_`uK13=*z8By^2Mz{Ayp8oVq^xADqx`Bc(Nu+ zGpB(E+CP$oB*ZplH5;yi1RbbXU-uiGTwkI)n=mSVapXn4bH(P!BWZ`-kf?Fq84 zPU4`(d@s(_IZL67e}hlIUvfU#8%2Q9Go1e{-{O5gVx^^P&`)5#uyjg3-p`2Ea#cT;583m~Ht&YMwEBa^QG8IdJk@GvBZ*k01O z7fI0Ua@EO0F(z!fw!|<%a6k;nc~Tu<|P+a$RF$CzMqo$+|R1eDObjr`rKT5vX|#(O8mQc$bh&6U3WF?>}BHdSX` z6Lng7EQlAv^8wyg_Z92l*@u|~1|4O`5ZW-)x!5Y@1hl92I6NCnX57r!RyG~o=vM#Q zh0r=ZJ+s0VW$!RI$qY)VSO$Bk;OB04(iP{Kn_Pu{U#<84`U#U*v#qk&!l$zq){baB!r*1UUQ;mpWDtJ*{r zn|Ku=1`{&Nn_g=s;(fH9xqcU&w$F3I?!96J_tk8H>v+V-HkumMV(Zi{GN3hmtBRZL ziWxd;NM>-OFK&x-z<^=BV$WYXKPkTJCzI?o1Bc=V!Rg zBh$tq#`6k3v4S_6e%-5RO@=F+`+xWnn9ybk{S3_IvJCymPj=B;XT{-zh#3>Vz`ZIV9v$Xyu7^4QAA4^Z71y@33kL!uBta5l1P=ic92$2*fZ)M{6Qpr>hX@ed z-CdjD4j}|+=x*E_cW>O~F7~^#&pz+XK4*;Y*Z1T8>Ct2L>b2IaHRr6Vr=F@>8#GZ$ z?YHqvm(cGh)S`H3SjSKk{589|EZMcmUA!N=F~yqURYk}& z$SlU!2PZG}HtW70_*&NjfenSlOq;w33VpHTyh4xfC*I;rKgi5ZgexslM|lk{;oQVL zJ&Gk7V1}(bYPg)XZv0;*RklGGVLcD#U_6gcw?EE)pnrq@^v5m8;)Lz7AWjC!uG){a!2&S? z8kyy=Z#gWKKOnLR+ZS=A50~#Iw$&b~SFF8hCpF9|y*UntMy`f2-K#y)9W@epEFa$7 z4_zDP2qqK{y-2Kcval+bYty_lVEfoyG3V_TWkqJwz8K$o*|x~2 z4MGedKBW-E1i2(nSqVB{`W;f<;&DfLhXnR~IcO?}9sq*h{*b471Rx-{rGTP~W0PM^DL`p@WX@{VUK5_OO9eBrU* z%7#!lJ6`3PcvKzof&%UKwHGD)zU2{D)w1dwi4~b^>3G>RNhWo$n{nF2jn#A^ar!>% z0$U2uelziFB=}wA(q@#Za~$)B;}qn+$H(tMozE|@?kUa|1bcES(==SY*H6Lsb*$G>5{6#~X6{JQ(5Pa`SWnAFTJ#7K&RRCKN&$xhO& z+#Lka`&AlN{tvy0zsJ2DTq~ibwP*b)b32v!+>7tSgf-RM)MW|u?k{)q4)BBScd6VZ zDpu(t0|*wLgg&|(o|gx)n=+0MUt(`eI=wllf7deMQ+CyF0{o7Sg?1kE(B^QGUf7Kv z?{LIWd0};M@G#(VcT=0VYz@071gE1sDSSZQDlYwGp_3q`lw`o~IIFlr+M0nZrzxc> z$kutawaFM6G&P%lytJ8!Iy6!mwoR@SXyGjuKa(9SlA-JR@jRP-U`>2Mt!(xfEjZH` zUu1lTyN;;>hvMGrcrZ{5c1`$wPzxu6v-fgdx<{0_fPw}`R?m%SSgB*H>yjQxLUjf$ z{qYZd{7rJz@a$QhJC9B^ptKi`3u2;8(!r6QiN%XY#KYKlRz;PCLv7s0+n1j{G*|4I z+82LZbb}Z%XqF6L28c?nPQ;h98Sh(LL_bK~!7nxRtLma0dTE}*Ky7@RG%7CI;^Z65 z9`cdMv)Y=^*@V708WYcLdEA}(S9uvvS#npifl<`D^mOnA79Oe0#hKI5-sQ3Ar`sB* z$2$ZetoK9007)G;ud;;FP`IyBrjfBomK_M%;w*glZ9On0>+t9v0RA@ zd^E#>hN^!}1XI0`>}v-H{sA%jMON4fDwR1LrPKlVmf)B(lR)CXa)k zJJe)jw24UWN9+CNC$(G_gs1*2NqyX$Jb-2obT8cgG1M+pbyza(%bdOn zxP5hBMa;rMpW+s`ZX(AeM>hwpkwr2)WSsqia{3m`!(^%te`FsVEXe1_5>vS!R^^cV zqnzu`GRpzoK*;p26IRD=0#JV(Ws(zJX<)c{T;aO?#$uuf=VGWKd>4Os_zGSbIIXl@ zzC;qd8KPZ1ZllK9dup;ddH1NyJv8rXayYi_AoPsN!{1P&Xybsef%(>t-7EYHflUUY z0|{PFvu4;Zgu6I}>JM;^$+=ulK?*sHh`v?si7a{V>mRV^{grH--FCZIKH&%H$w2OT zk9(8#R*;hHOuPrpj$Pr zD1O*xl>pHJ(9x`z7UOxtm#~5U7=Wp*tc}bGCiEz08XUSCf4l)L6=D0tNkWaCGD~c( zT&N_ZTz-+-c;+3Nag5G&`QSB*3OoJF=jV-5sI&}wv_~6_PWR{7$wPBTX;1j; zW~@sUnyD*$v!VLD^x1!8?cqo3f&4y(FLVP917C=o0DFaVrZ6rYs-DO#7p8-?xW{37vT+l?kcCBbW5Pc>@?=g=r7 z0fe+Sp8AP)Th5Gbv-U-A&4-(v`sf)vs$dk-%^z$|gS(+sfKYHGSedHK6n8j*@LKKV z9rixOD60qhvTs}x2wmO(V?=MWh5Wi#j|88txaasV@3z@YJX$FOEbr zDpHS~h_1&c5;b+)kSaN@zVL998D#{BUwL?J7 z8|q?&LN4SGA$g{CU|&W@_jb<)P5O6Y5?`o7G#`+7h)of*y|;h8zBS2{yPB^r{oQe^ z0aKxv*3LQW75y!dKW5f%KYZ>H0K)jNKeqQXvzg2cs7{sUqwwt=8o~DoI-r7E^}0%l z8q?iNt+<>PY5p86)_VIUHB0kp6?b=As0qP4>5?)RfGVMDS`A6wcm?DRGF-V`7-G|_ zav&1FnH^cW!2=$B>^~nR#=oB1zkP!1_kA1fV?1GcN^lRM!&=3|R|@aX&poJeLqj{C zH*}jyC$P$Z;Yk*(Pcj$dmvzE{G)~D-je6*~0}4Y)r?zIJiI{_3QZBxY2Us%23EU9_9 z6W{`7$+w=`0>CDf)7Hf9yj-)SB|+B2hce0PILEcB4pJ8(PZG{fuw;9CdsjKrerz`h z@7u2r+6*_C<`-IzrXP@;svK!mxko#@xxr*OE26uTc}A&mo*qLgtVSd+0ZhUXHAU&L zHW+1;>I%0U*b4=rjRRGvyH56&skpe_YNM_)%#ozD39IT2&ZUF)fpxbHuzku|p1g<+ zRgGD>oBS^UzNJm`LdpMKqU3IOn2o@P4O@i6>qu9}$nEXM-Gu?B&e7B=`tparY5{a~ zQV_%q^w%ka^3^g65d9k?M}#ILRnbZOZYsXP$I=k1cXDF)+;sG$-)$e|4_I9I``;`R zeEyo$b=%TquJo4SQc<(PWpm(0)v?^!;pP)2f|u^gjTF1*QYD=>|i+ye(2Uib#jZ9aNpO}Ml3cC5xEuwnQLbJas!jwo%=hkD2OBgF-XK%=>? zeOtf~hrjFE;47E)#JM`{aeAa zgUqz#LQyiw zZ!DKAvX0uV%w2b4yVR&BiT&c0?lM-fVtot(7m>&rYCc&fLaSUres(AxS2TdL3s(#s zz2q<%{GK9rGlKW^>&@LW6mC>kG;P90PtBFuNKpUR$g6M2efOp&Dg&cY%X}pkF3V|> z^rcZ7m?Ng#ZG)RWj>@|d`5D}X{Q(4HY1Q`kf30+b`Z(A1FmDU1fB?kGuf)s$eX_?QkRf?vn?&^7f2NN!VFS z_5yQwqJ?9bJm(f|0gIcnKxsRmvRC5KBWY$9IHVq8OLbP)VxYeEt^^J3GQt^Gihns} z+nT_=Xy%-374S`w7i=2JQr6Zk@&lVac4J>&`xotI1hh8ewgyFn{=rl{P z4eZsUyvk5SgC+W(B1ENC^1)h`Q)SAYCk`Jc#*54O_oo`~AF{`G77aRXO;-1S6I6=u z>3w_*H>xasT65iB<7EO;o;jzZgd+vk|E-JK(cj^Z*(RJdn~hpAmx+*2%o#K9AJKLZz7zk!hW%-ND}3szH*(HmX{n)B#0`|S8GQIX!7yJf zL5_c51Xm7O(|5p;S*Da9!4Wr}_u(et{+4)^W%N2N>~0VLhggRuc>B)jgF3rd`v&f< zxXtm3DC|hjSWK|zyJS`Si_>7RF;a-=1tO9rw1M6D+dV=)f0mZX`ijA>=jfl@qQX*i z+6_6Y&&Z`yOm(E|Mwng>NiN1{3Sc+ago)NkbN*5~KJ*OM97`XQ3AFrThVF9#to!Uc zXa1LyPTAQW^~0=|6A$~m!MU=WR3{(Tqe){ge*F&(gHJ^0symRQQwUfu+d)`;0c?-9 z1HOKh;hF*`kfwYx#Pm728#8KIVII!5wNOtS@nx6rSl5k4N9r2 z?CvEe*5GWB#=73tG()?fHyNnwWamY|2%Z~mMCb#Y>(~u`TiMr?JzC{4JMHfNt=B5{Z~68pT?B(f!2=FBbyLq7g%JLJa1B@L>`q*?1N zOW?}Z(XCf8+-eY|#-_8-dofZFtaef(K`EhDTfL8<#IV0T(w}`Z!b0j?C`ZK>F1%`b z3ui)$F)aVARq}_bUBY{gM5TU6&{MSEjJJ$#SdX(yAUebh(8(t#c;w&QDMU_H`d5?B` zlzkq<)gJXcnobp3gB1r#<$t2@*Mh?;GNFJk^c{q;FE$eEbmAtaZ;bhuDeoQ8Wx{oaBwqQyE#aN@pvUHj#!T=yeY9^UG zQKs-eopi0o$P4e{!{KYHahDXo#PRpL|La(o1SZhFwg0Yo`G2`2bPaGT%1VrD ze_hf*0WDQ}+%mx<7!zo`^7Gt?RJ%XNfna$Ih?DHYsBoP!42@nra^7HkDCQV@LAX{k%cnWF80gD%9=hi!)s4 z&OD7d&@GVmCDqOIEWIz}ov}v)jYLCu{wK}*g=8iX5{_oAArB)b$OyXUTMZ~>Dg3;eg772K&lmXtngxx zG3D}`8B@&NM+kr-8E@ede`}FdqMv@Fucm?b$j$)E-?l;9-P_Ur5~aWJEk7m{je+cx2B?D=C}8_sRlU5vA8Q7gBikkWPKUwtjpQk;oo1 zQEL}iVx!wD~$5ag1VFWy)qfM;d(4CU*seMs_ z@%txMz~^#e6vIszeG6=VuLku7Dj$=_xfFi^wd^=Jt0CZn>4vIBnr0fBnPQLf0do4s zVY7FNWIz&8Bv5Y_xgq1_H619@?V4>`GsaP@@m9CC3_GO6${sqND!sI%7a5-?@{_~# zy`XS%zrGT6ivD-)L=S#l+`!@B3(bkSZI0i;@Doc;95Y#B^%6{s%M_FN@& z3z5(C3X@5!N}#aok+J|0Z;IeeFqn;4gzXUIKtF-i{Az}5&wpaOEKi0m_#RpSN>0Tw zd44srr#S*B1r|@iCI?NZB>LGQjaB4exj8&0-{xE#qthW11%-+Lb^Y(JI`0Kbgv{p^ zp-lsKc{|WP5{MC1!3Y$^2nPzphUrriRl4hPuMU+Lx`RxEDmY>|rw6A>3-6KcmYPTj zyX?=NC9l61`c8lWxZZCi_Tul8l2Z8iWb>y>RG|G{*7$E#bWu~c-Tqwo>9^&vpRE0v=Yyn}oEV?M)Xc8-X+B`^X}C;n8%lliDrtc|zicae5-%$-FeE zCP8?Gi{FH&1}E<|MsaXHCNpPpGtz2no^X<8RbS;RS1?bv%(1G ztysGv+orAYN^!sr>mhc_tpGqMEHN6ncBm=&JQNY|Oc5E9P|LC-W-Zj34iIKiQ3AsoR6amm4k0fr22JD}0IT zBUWr=kjoI|hUYW#=-Etkfc3((8o3oNEbDz5RiT7ucT~7-C?#4hU%psai zViYo2=5}PcYGbClI(`DKm-8nCJMHuv_LqqgXc(=QMeojBI3X_?v>T-F#Bac6($ZdZ zj6BMgijFv%I!T>$bSv4~?al0o(_K=}SFHDyzVxWm65PmiLa^NFnshqkK&Hk>fc-Ur zrhK-BYh)nl8=zG8%T94{O25>!u<<}$wsahq=;0QUDO(zASs^mNAloo7CzkgG@;($F z4d;iM<5CF8hb1Y3N32;mNe};FO4cNKPqhxZ#kI1RnKl zId6WHCc6$&H957evU7A~XW11^mzyL&!qC^(*PrG|vV2;h-b{cDM@sSeQQhk8k7RMkyB#C(eS860O*yrBMTR0)N?m|1JS?QM5)UmtBLX z!D0={Hdk|LG63^horkMEzy?}*uy-cK=gKCRRkGdOQI9SMzgH2rp*K^>?`ab{FC8Ht5lGw_xLyi5ur-mzPw0 z5D&K7|Nh{=K)bSBp*L@`KKpLPs8<$%fEMR4}m!o+fJa+aDD(eA5QijK& z;Z-Mv?dkE`$o7%MqK-vJNY{7UML2#@Gu&+5@mzn<%nNj|fR4j^rj zrbD!y?ZLqJa%Y>Whj|ju`dExu%i=#zD@FxJnv-2t@4!{pHZolyX@npCJJ=S#|}^>xmBr- zzqbvAhVgsdB3(ljP|BuaIaBpn&LKBi0HfeB;qZfwm${GVFuvkC0|f*H_N3|=#tv6F ziuD!lh#vLLafy}jQjIfPp1(L5#GoY!1;_=J>?yA26t6U@im(|O!_r#?BU}AKB)gNi zlil3hsLsPJhAYC46E-@mWUQ@6{d=frX)W{AJ8*Npc4r7Tp_Lr4k7a#XXr&;7wR{TS zJujE@2g`?WETfLrg!+VxjG?m20>I-SPwO)BJNu>cjd_7AC@K+O4^!Ws3Egr*D`t^q z)4sGkEH(#R#F4;L+N-!3vtsq3O}^N=MuoP32fDu1L*5Go%4TgaUhP)Ip&wa;I4#C4 z*g59i%}broQ*B%_?u_~Xa2QV+3$oJ0aAfDR5cqzt73XTr-m?mw27~O+U%n6w!s(xc zI{t-5{@pDI>%`QP{unhCIryhUBf?i*o($1ZQ*$h0pYfF-DpsD|2JmJx^ZqP3RKz2? z;Zac3D+1lJC!dl(^|m8bVV4Y1s^h=`1Pbgh#ksdY6P-uGc7vfr+6$9UI#?mlYhS1j|5 z(h7f@+$S&ZB{p7Y*v0)@ZPjmBUa41ndr1HOyF2cJ#Lm%=Pjy0y{{jpC{_XoG%ze`H ze8oQ7xt|h1hI1S-n@woMWs^c(MKiYE($P$e5h{lTK*5_XyQj=%dSM3qrq&9ufM_#| z-v0YF_9|?5pIum5vxMcZJ4{zF=Hp1`RC%5sy2ih>1YrF65>}5oUB3*iI`c0{d@c$+ zPHSPhZjx3Cl7b^QjK<0gBPRK?g>tsCg!_+Mp}wDeySkI>4LkcE^=G<0L67h3Dx(11 zULm^+Y^VTUn09TUgpl%E`Z@G6p}pYzY!6;}V)5qJZu<9O-9YQX?+wR25NHJJJZ92X zqE)`b@%14$U#3mPb2UIqboLvR;P6Oqoa{aMiM(f3fF|R$C-Zre_qAa&A=x!o;Bn@= z^p6>K2EgkM;U;w;o8&Bv28up)iHiu9POgogJOzY?8vaP|> z!Ix@395*A@h6>*1hHTx^9QcM!e8-3FNv|O3`MKn%cmi3{&EHPSYY)|c7R@&vp%lA5 z&Z**;Fa%%?b~1H5g;>n&lps1RR+5XM4QY=R{Du@wJ$-$|`zd$3pOGc^E&fv|iVg@x zxfoiic`}i>vNL`&$w=Ih)by6S8L!4n0@4;#`v>9usc@mr*AH}THWSWZjltmH3%>@D zII7J1pp;0-%zu~n|JKoEIo?L0sqyTH)knWo27g;EUle~{oGuVR&H zCh{_O;m`N-f(f61fX)w(EId;@R7z>^)z=UK%4I#hh-n{&e|U4i6u1V302C(z2nxJX z$O;1r6et0nV@)ZIGOGfBn2D{~S^lvMa)p$XqCWeHLofY5DfBmgj-p?s!Mw8o@{&IG zkByBjC%yX*_xK)tTeHSmSWkNHXJ=%t!PVtWAQp>j$JDPX8GFcy)_tyO`}R=c*0q`I z4S)5=0#tZ>8ymY^7zhe?!5l^~1FJbR({kzCRsQ#S{GZkOw%D6mW&s|r2$W_sCmYdH z6@LEwxgla)h9i%Vm^f}+L_v@QqedeM7n+2AZL@x_^v0#EHyv{Q8qCjxNZ<(bz9EPn z56OQY`1j@ZuhE#$r%60=l~X{;tno`Ws^%Zjze)k3djsVV@hTHU3sfW{)J%)baAIg) zJvDZo();@&W(Wx{qZxuT1@KC!lna!|{at{p%D*j?zrED&?D)NDIa8T~Za}Vp0!mAP zPu%+hn15N_ATZ`LYLbS`o$EEAA56~*S0_pi-Lz?yZpZMu{V;Tc%9>1;sU@iKZEq_s zAs?1vho}PZ!HM(e8TRlF78*vss!;PJP;49sdpDMmbW?crbpIlc{BP~zlZEc-NwvXT zLBwGm4Vdi-E^K>L#Xl45p8!Gst%b3(&(}eJv?(ICcXuAs>Y~TFWdrRM9Vge=*9}{m z?+&oVo%G$Zg1JN{ufDWu-b=^06>ZnB_y`Sy^{wvuFn+!!x4#e=>%>m|_bAcPp#S#XC(T4BIJ4ti%yIbP3B<$oR!CdUOJtt^OQpc+D7s~9xXM1hQzF_7`rT; zsAee#=Jd}GGnP3{ij{lDm`~}k))Xj*3pBb(pmjlv@9h|=eP9estv)!z<=xI6Bfq&>K%FWN_Eo9f6an_`{tdC zz0wE+y10Lxg5AT#-LF_OtUmQ(g%gvi-{kE?fdrnicle^ReDrDiu%s#Ht3I2EAW z9IuMFR=wZur*#;bpa ztWUw~ z;@I8m7%z`Q*nN@dCthBHybVQk{&q(C8>Wb?LGi*E#KPc+B?v{9KocBhIGy=#%ejf<TVcbM>vBn4Cf5N}Dk@3M zgqwDgr#Rpy_@^?HJ(a$B4vT(hw#oZZ#<4Po#LljbHCtY~`$FU%7`TZavZWHd&O5uL z$*j8nL1(Jcq#dyyq~uH?vka2F<=T@IKt|#|++K*tM|7%4$TBp%6&KIV2&H}KG0+}t zu+`wT`1|nVV1Re#FHYUO*}tWw%!HLNsdAP(hzb^JHry zo&;lw>Ahb4SlO3#c*o$gpY17}&Byn_c@jDxHuHYxIH^51V$LNgiO)P}2#zzoF()_VJx-BKa`N?&835=3*BHsm|xHhI_- zI-qdhG}c>Yt9488wlY4f71*9Hm>U*;)Q{b z4BR@}_`exVWA6aH&C#%8PxyO;=9i7@11ATpFpwtI_OvVFZJYZ(goS&PA(}jP`Pjfib$^ODsJ2gOaAbI6e;`6_x}D6(yTGgKj%8+G+G35xuphj zg0l_xs1+)V?=PRysr|uZy!`lO_nHP+Xa7B#_@f69VvM}w&g|@eUT>YQQEW9;k-zVD zB3ivxSFpcaG}bMY=1vf+$gm;la4(t|7nh*TyQe(jp@2oTW7N{fsdv=U1p!WbBywLn5 za3R!Wz;H#J>}?94OGL#i(Cw_ux=&B7-m&;3i0*l@dgWUMn%!QCF~Yh52$N>bH>Cn4 z7UAURLKVPV@_=MR2xFA}DkiI~n(4Kwqz^YknOlYk9^k)INMN^kF1!dsx}Mr^O>i$; zLmts8ebae1cK-n_&>J)2Q+Rm)Y!1;2u9r|X!OI^lpKckpw#$^c$<-*8s3@Bb6;TKX z#9o^FfBnj`tizbdVZkwWo||R6D9Mpls221!u$#Zu{NxVNabuHbl-+xYx;XR7G<8T;KasN6w1v8I##ohg~6M(ol{vGPxh{V8mJ^%9B}W-Ig5LVy3ZRh z7Ufw@_wkmnPE@$PE*l0R$|9t$GnVms=qYrn#nGHt4SMKUwVO?5!;sig!O%!?vRb*r ztw3hZDNf#=gbAC9&F0`l@)Mnjq=|llV?bV}(hwLr4 zfF07gN~pPsNiz1zwQlGw0^ZPXyD@6BhZ)qovBf#nD~o>frUkR2pcR{bxmj#CHf}Lm zOFhc%T@0hvmL^KS?EKu_BN^o&{K=Gain!WpwLjZna!u-h{ps*!yN3BifpSUY)lyG% zM~bt0dvI!;K^%%$fP0~s^O7c1@bp`;*YWm;Wg9ZrZGl8BGOy+l1b$(o+cb5m2j9f- z2n|k?CznCqiRPt}p8gzqUY&r>rTgyk{HRgzkwg_Ehe^7)VFl^Q7{g>ygJ-0g~jj0xW$$yo-0|=jR)zwRTtG zeq=$$7t5heXMI0cc+~W zJ?X;&2|hbdX*iqGC3@ko@xI2I;$;5l>#*{OOah;1ip!Sh*8rZyJUyL~=BB2d)C64; ztKaTPP+WAIRp+tv+f>8WYcXTb{gG|It$os&{T_gQK?>w-&@`$ z*4jc1I944IkNYDgY|vrRrSZ}*)uO5cN8c~;<^%lK+}W?e!7%2F5d&uukjUBtXvG^o zikTgBATl2fMkHufB|qD5NT2|FUFjzz@!JijEawneF~d1DpJbS#H?8DVhnDE@Hh|yhe|OWIT1@XF$+VFec%b~ zg-AQU&56Y#yV@_QUKcWKD{Hq6urOn*g+(TP1u&)YrKL=o)JJVPVn zxZ)BWy*`&12S#J@KBmJJH;)Ba;z;TE;yUa?M+zTW^uF|Caqg9G(D5;dkaa`Bder7d zrQ2@)GQ3&s*5-i%FT*qQi^Y+h?!}H&*I_KyyAPpOCB--ii8Cc&dw`Dg8*2|50%+Xw zd1bjlqeh=X!>gv7hsu62jhZ%tHXHL??Td$Y=BZpJ1wkjXMkmvWs7`tiyr{$qo43dC zR|I#sGIGLhgoK)MkCcFmfif_bG1Aq+Y%KlJlX#%2>Wa)f(5yuw)AxYjo<|;1fhPo4 z?tKH0t5fcnsS@n~&>-g5f;R!~+<4+NvI-TpPBd7Fba{Ql2TsB4u=^Rtv2ThV@45}7 z4UF3vdzZNEfgN8ebcB6NC?yoU`_4}#ng7g6LkD#K31b`$=rZm(Zf(n=~pbUgQn zqzWQ{h$pB{W$bCHDQYP}x*qf@?=C`n434@j%1loloSfvcu%b!?+e({pW7nSY45>67 zXQ9Epmbznx=whJb%1fZ3ds+pe%YjL}Rw-Ijbq*W~?ev;^eSj+~0oafviJ~{Nx1xG`-+`tLvVd-*_hhCTHB>+SfMrskhLz!@yolCFonIvXF!&Q6l@8xshLq% zG}hu^I?^x7P2kaDL(mV+5p@%ffJ;jIFuDkY|t zAFHd@k#XO%v7U_-Prs0gp^pTj*jzU;s(!TP!brsZN{0S`8R+5a>}GL^=gJnkcAIrL z9E#+X08d;IYqwZ(`&4tYPI90YcMvxu*lOG$2lBjBEfrDh^4iP2!tp1Y52J zeEX)=eZW((z8K({;;=f=r!ru^Pe3CJJ;%Hn{~ia~@UZb$(;8-S+20(|NvJlZ^UUs& zs7!D$T-mOvC2^?dZDZLtJ+DJLede0xVUw2ErApg(-RcmUiYl2vnB= z=;=59^w{g~G#dL6vUOBxd!J2m3=I}$VPGRu5{8{+BD?h$UupSww;QSV7WhwAm!}s> z#Yyp-1J%R<;4V^@#7a_0BP$|4w&-2@Yp^FQyUg@J9mtANj^L@Av+cm9)zJoEMM_1_ z)DNFBhv3#<`lut901|xEKyKz{SXBbQC;&;pY0_E|kM|ncXtEAxO#Nbq^n+5FC3MUQ zc@I_l#OKPaXP@`olSMqI4-;&*E7xCnw;W*bc#BO0ak&fQ;@w|wIJs*u)o@Y;wgK@~ zbqD8*`dMxEmIki4x1P3zCM?08qAj^=R9TcGOO{@FdMo;+Iw-S=CH0H z`JTqg=OZUKz2@{6Yq`t|AtN^|&mTN`wCKKW9BKC@5EGH)5EXHG8PcZIT!+lzdy=f+ zhK}$bq6iXvdLAyF%rQBBaXiqo8+zjMzSKS)gk-Di$QJmmtmCh}VsN9a$*3g>qnwq0 z?7i*s7WgJogpmk7$fIsg#t=erw2`R9hZ&7mVW-W=wx>H~ug{zRo&}0UnA?+N;rk9w zr(CE>GYi;5wQ+Xf(UJAdaAbukqhd}wf@HYP5EN@v4_MdDJhyUFRF`|`0n~OdPrD6^ zqt$Vfbxc0im&x7*UFEsAxA@%^>vFBSHiVQ*Wh=~7oL%3hGXADwpr>b;65*#no?>Ec9<|~B@88n(E)ObDlmnAu$*gu^uX+GD)6%*?MET-6e z#oRG~XZCa^h9RNeYY5Ssv>iz%}sDB80GH|m<8l1{;! z>}To1;;mMo#W1W(9p0-e3bi{$vVH`QY;fAEI%&;c72 zDH@68FfN1HQm1ra5geO<$X1A4U7<8Ha_Xl-0sws+YJ}HNG{%cMOgd} zEANwy`jz`mJs5Fmc&DzZaMl{dawuf-kb|+gIKUam(;8%oGM{Q_D?JU+(Wo${=0?2B zRd2uCExh;iIHpLgUKR)!ZA>Jej#tT;)oZ0UL{?c;i=fud^l~f! zQ`bSh%5oCyCyB#ir)#Ra*E43faSG#)W>6F>P%hLfT!o?m_)M#TJ82X)0SzqcRWtIy zbP1{+?8V1EY~D^O9@3>c?M^oxOsda$wy=M{BdjvPM`zIe(5&x--;0P-c>gX#I$*Ck zKvLAJ%}xA#hAeneSM#jIVY8It2BZFR1_L=YpMR!mDB}D+XkoyKRuUICT7&()OrvMj3LUL6y>O=uK!K>|sTt4mq~mWyz9QU! z_XEsYcFF-PR>ai7`bZ3b2XTbuw{%p{yXs$t)t0(<-?Mv)Z@t)xmNR72UuH#o*Jp#4 z*{kINknA9lvvGM4oCpgE+>^LucN2>+|Eb>*BGpDaM8!cpd}y_rfw{C-{?VPyz6Nl) zW*(mLt*wXm1B%&*1V?u`f4Y}j(1>AgF~G$OVQV=O)OpA`r8m9)t^^3tm9|tL>zp3j zz@2Pi2+lEbgP~^*7L#k>%UR65OIuQ-nMA9=?#{f$$WXrkT${qhVqsL*_WjiH#h-HX zUPNY)4|KJwG2LbECz8uc0B8YST`}h6gFu3UMk!BG0a$02n+|>hZM7l|U(QhV;=b<3 zo(=5SPuK}6&5lxJ@o==;$#Bv_PhP_T%W^E44SKSjDffa;D8mWW%=wnoWd&_{ynf3= zC`T@J)xG3yu|{>&*Lly%LJ$_2bNQVt#Mn< z&I6fXNBW)>4jn+;-;?<6IU$7yL<%2`!B#!4HF77tUUj*7=b|=%3XsTK%=_fY?7ZRL)Kuw;=CUprPD+fQd-m?<@i8fF@rvNcm zd-eWX8q99Zy5bZSg!QJRVuiVy2M$TK0b-XA$WlKmdUf=`-S@+9EjBt$RkgxNdE7_u z1(H6wC$lvHBt%zSO>v`Fbq)nKYl~Bj5T-Yb;sqJI52xOd7z2REE*>rA5`Ysd29A%B}|17y1Z%;HvM$qo*lk5LI|8J$#L zLBeb^gsOfo!93cJW&bJ6^oLz(AO%ns#&*keng&ABvOAj_+ztOB#Q#_9!WswTHdys` z{vm*~b=SFGCpzJGcJRL)6FS8PNJxTa-Jkz@)PIOX<>Lds=^grl|Hdu)e^>lB0smiO z{r|Zf>37Pcf7Jr`V<7(@pZ7aE0hi-OO%RcwJT5WU%rN(`)#ytA3MXG5wz4j4s*hGc z;_`1rWWyFpnwRU`?yUXRNc9%txQ0Z689B5>0idlc;d_JE9tYB>ikRaJfHs9&7;_gzK(gCw4Rv4pq{0>S4Zc6_`2n>E)7iWK+x(Dq>PnaFus}kS{ zJ2^Egff9uB&n@%@HS?ZMFtkJ$NCuA|7;cM;Y*v*tov2uD4Jr$O)Ph4;m;6#U>X@2N z+e^DnPW7f$v+PDlcYDq;4=Xj_QT<^cxgykEw!Sne6#pN}z5*zYZS6J?f+ScVc(CAZ z0fJkCTX1*R;0{S35E9&dAh^3bB)H2Ug9djP7#!v`=iGD8x&OO=)q7P_)Km{My}S4B zZ-27Z`YiOV=YQ17U-=cefPf64Oh|-&PM6zsu6L<7v`g-e8mQZhp9^0Nxl|cTEU=f8 zHoGR0)x+EmFE(bfbKXxTsMPts+nL(Xm;(}fi})lYwvdZ~;&KS3Nv)woa5#JK95s-= zjsmJ+5bufDNEnb3Ti?#ZBAiqkGi6@1~j> zp2{YId9^XKoCc$lPqCX(FV^|hI8s?*ye3JK)Lgqo z3h)(;`5X~_1`|r7>J9|@YKXXK0FiH=Bz~h6-3WcNeYSR40ADgyq}`q2b9N!pmuMIs z1NaL4fQu9hXt>llJb*`PnH-X)9oy~{uiN=We`IIpsuw3znay!}ogR4DwVrN`LeB4A zpA+D&@3U50z-ewSjuQQD&gWpp#>RC9R@;hKu=*2~Oi=`D<@O9_-AWaMZOCZN&DUys z29}552wAi?;MX_2*aL`1AAHGESJD@%T{QpPw94YBrrLD&J&%*6rDe|gJ08Ps5`F;ln z*vg_7k?>h`UR|R;Wo0Wr^I;IX=v7LiUS0Ls*vZd`sub~OGwltlgXAlKD2W%CHOoqd zZ3F=qD2>lYBY{J5ck3~j%MF5fmn!5s+hZi5NK=6gN0RUbM9`(t?{ z_vdg~n>~&yA#Lz;+iLrCd183+t&nXVfQau8OXeEpyETV>qZ#QgGprU*V7Z@ZgI~su z(r6y)RT(Y4ygIpY%vJ48H9r(NeHU040jP%zAUgzr1P#c1&Q$P=OnnaKYk|b~!6soq zKj8VV-}@Xz&n9W%-lnY;#Qff)14Y(+0yiJ+QZXg6aJpyP-$epd?&$PFCe|6u;TJ;w zw?SwFbx{HED_wAz4z2%v+qqVv&-MP~YL)9a;?-txbX}2w>HmV9GGjy792zp1NnLu_ zlC@Pb{qLHbkBtBV&VC$L2zso)pP}oy3$XOuwL|1v;aO7h6s!)DjIqCV0Dy*&k82_j zqa=92nJbb5Eq{zk*ZVXlWtu{lFCI9!LJz7n2exH;jr)~A#hU>Dg+*;oj^p?UgB=Dz zBJD#Nr-`IEbq)O=hOBqVgwuT8%>axjMle30%#-0q$;w`=9qv7(kjf*c5WBiVA1Ms2 z*yhuZU)U7nZz;2QO(x_%b@{Sp8bHwBu5I(x0`*?7PL0E&tgrKR-*|SfJpQ)-35;d6 zBtu1DGnoRY^}iI5Z~Zyg=qUT_-rwKd1;Eo`a8t$^0Efix zOL*X?Bw#I(Qj-qdCX%OIv6FDO80e&~YS(UmD2vb>#-5tUQ(&?N*Hr4am0CuA?;N^P zsgu_mE0L-%bJx`o+<6)Ouy@hOU8k<d}$(AE>u`H zo^iuH)|G73q5eFEeiB}!UKR_G7Z;W^nfR+jpAj&cT}-Z6wY7L{TsGp4@HDxIlHzNA zKM(nDf!u=|mZJe&h0U)&jry%4GigGRg1@yHsm!z|Ds&;SZ+{ zX4WIqTKjAa#OG*~rf_;JiKqZN6G+Gj@yHmvbcG%?Os?BH7-q-`Y;;VCtW|TV8=o2Z zur@X}>}Pf=O8ME$0Mgjc`nPEPwwxkveUOKg(l65;c4)h#E(dF~_%l*d^YC)t^} zlrjX}F%^a@^jgdc!)~FrmOa@SdLds+Rr3?w_L=JiLCI}FPqH(y8IU(Ib9 zezov?5JzzE*pdk;oUWQj&u<1G9#?+5xo z%@bQ?H~Tlb%^tYJ6R!1B#kx{Y30SGW6R^c!W28#oNh;7lS13I^^2z@DrJK1tgcr9c z9}geY60{XoCL=>2Lt+^6ZCB^bD#Gl_lK%YS&Z!+gkl8^2C+1hbiyha0hBi=I*20CF zJh-)^mn?*bp8?2N2Wv@{KJ@YH^|i?PEC-;68Eb6*tplgXW89bU9iS?nxdP?1pGPMW zF^*Y0Z$~Jf&)f%yO6%eEOVJ3Amt)?2Cx9@IAPM9jZQ`jdxV*gV zTL+BfCMNGUi_Y_a#_~6arH#(b)x8S|ES=1(L`q>_5OP;&h zo%8_wM+y=&VAr8Tqa_Oqd)?jO&l)hA&NQB%ydEpAnE@At5f{`u?XIs`YBT*) zT@}_Q{z3U0O!cYRZUlc$iG`YhHJ=~gM~-D>15h7@2Rc2M<#1g{6THo*>?~?O>~r#0FW z7%ZN^&{M;}`(z#|qPqOGkknth_&*(G3frdu>@Q^|-r$evYoG+++`$gZ%=}2D77i*C z1{46(3)<;(H2b)>rzfRR#wF)Y=FO}BW!Y;Z94=VQ$;tKpafSsvim08ksp)B|C@(kv z{r@W3C+hwHPb4kp_xo>on1A@w6u7ADLw2+c(y#w5J@xme(paB(^CbsJRIzB@On)ga zt3GNan~O1OT^lAz|326;Li5tm>%m3**M(CkJn0*fS5?IPFI$h9!Ka^}TFk`6gjIJj-JM2Q`t45y0NdvHds_2OICl>;F)IGs{@MWI0X0*rvQN3aaZToM zQLKW@t>_s2%r_hWNYDC?W(RoB9stZ2A}^ihM!zx%e?mDb0BHj9Ywt6BPSlBnHn#@r zUb6_(RYQ;31wcERwn_1~DyK&q<^gYF3!^mJm$eU;`%cl|>($;(tmB~1GHTtJ>9MK7 zN70YzOk(X$gYZ;mGU9yNAxCHmG84$dJ+6W;Nl1@iwQd`}5z{UI$QOK20P3Fxss@-5 z4-54J%M*Znnk@*QupLnyx;z<+2;{e_-U!diUk4bhXd|bixA1*`m;3A9vYEAQ|2qRe2{OOm zUZl416{&sko|4~dPb#>R`=vguMnOVD;Ra!AF{IK!nDEIV{12eU-l+LZcWo-aeZ}}Ta zKC;DEbU$$KZ_;i~N;%EWS6{?Ortz~?^GNnb(~qKCILv!!(3Z(x4caoevj_6jU0Kx+ zLA<|x{0|leMe_rW*}eJq8Nq{p^aC+qRG&iR_N-X&el~Cdpj}7qY$%!bhJwn=0Tr&i zA_W5j1J3Q?nH;T?ABFQrvP>u_@rj=vU(0-1fijT&mW9C1VzK1p_iLL&8-Sj^UN`Aj zxn9*h&<;Nj{+kZ~ijjzS)uZv^P+*_m51!pf8-YXOV<3EYOH!y_-6VL{vB<;4Z8zgE z?r*VGCGtB{KJ7Ndb;tR;r%y9{v7TvhG#(azf7rmEkYB3XYLRZG+^SH#>A-s+d+v0z zl3emTZy1sz`U!EOSV}XIWd?n>%3M|kwyUn^Flxh8zIkydD>7M~Vk~CbZexh z$jn&)R~Ju}stzLY;16`YlN-AKWj4L*2K9y$Y!ts=mTRsnwd+{BDC9CLnp3JqKiwFl z^YgxFv7>m)RcCR_Cv|`A(}p2kYYS0v*cn@@;fp)~As3z>K-i)~Fb6-*Tn~IzYKyzS z%ZLTk?*M*8(k+jFmEG&)ui?ZzQGPcUa=odJ0JorAX{@ZR96c@=Ah{e0`Ix~{U@G(b zkn*Eym7EWh`MIp}sT>eb$y8g{aywq4xD=sAF1tjSH}nK$qiFyScgn+@7*Gnyj943H zjommuyphOt%0@oFjDTGO?#IU=&bi9^1>eBS1bWup0vceSIae=FHlS+7e>cQEsnRvo ztfyV+TuZv75|9Uo_{GTc-lfr5|msR55@uiyt7m?oH zr=lSS*=SWua*x|p-&wp_I^Rt3I0BDvxDgAl>)%x8ZB2ssFuL4ZHY5vma;x^aXP~WE z!7>0J<$-=N%-515x0SjP>|T0s`UwdaCcSM4Kz$4zm=xAMI-OxJYo6 zf?Hj9jhNLV$DPF*;jRNR&EfY8v`eEWK6&k25mL9H=b9ojZZ^{&u9{UT0{kJgezFS| zZZd@d*Ui3w1|%eSZ+Nu$e(CDwCU^HuiVUAM^fiFSEx2p+HtiUU5%6$G1aVypK_?D}2ccz$SRQN6l14k)Uc<^3W@M>sqVqUKtC`jjB3S@oS_<8f%PHWVAD1%G0 z?f^BqqGEBxWjlCXa9@!C6mz3L1!B<@F(t;n8uMLhy%>4KpjMH&kBSx#Fr4N`c}Q_| zZ%RZQtB1D^OBeZNxKB?-e9rZ>kC#nOiIP;wd@lW~5BU=Bo=!uzu~F_jX0`U+O;4pHw#qjHD*zoI5I`}5oRe1lG}{rmU0HOGy)T3FJH*`9 ze<31bM$IGvL6kr!uoi|5S z`5v%FPXJ7t*zN(yf#}`quI+lz-M4d>jYKb4mh;#E`mFCn0u4DpH#!Dh2P`*UIffMD z%gu>5?W=Zh|I?!bpnA)8ePq?<>$OoSbyyFI?!WUX6~R5cC&`Al0rzawUuGrgN_%Q_ z1sS$SeU;pDf9=gGQtqbqnXQf3KA_!Yy^oSb_jRq|2Patb4ER=e_wqtTL?HG?Uo$f9 zo@M#~Zh6GKl2g?7#((?pQ2E7<19nbs95TYYw>#KThlg=E9Pi;KAA`PTqCQ1rqW|_o z&V!0F2HM`<>=RNSd0}B$H+z|WH#9Qj!`ogyvfwh>h@HA8DD|yez(>>nH4WO9BrNWd+7iTaVybqu`9%9+i5h_J@j1p6! z!Qk`SDkWzfB++G+OKy?b2qe{{Rvkd%EbvFZ65F^@_EQ4A`s6#$-5l2+tL9tkBe&Ad zc?6NGI-d!kRtkO#wQtvJ^5b<_j->>F63rpy+f|a>BlLGRC<<1(my64vXF!$?gQs|^ zgCCoAHlpRlyu%=ESz1KIs%i%S7!*Vl4YJEMCl#mdgf zbDY&LhKQl}H;>pM$jy|Kb*Y9jACaX0{i0Ao4VnT|R$f9@AAGXl3a^Tjlk?G1R((Z@O=9`hWNF=7zx5L>F4{-hVwqEtK8G?q%~5n!d}-q zEP`*gh65zpmDKk$ir%YZGOXokD^1L^mV80$MnGQa4JTrh!kal#Z**_W3=^;n>^^9_ zTMCI`)z|TIIngt}+|R|ZIX_dBKd>IUaKg=F$TpzdxgPj#5xdn|#c8rN9ILzZes8yP zwn~MFOQ3BGY&sOgK`co?c;yWvEkS`BpFwHa%K(tDAu(@B`6wNspL>Ce?NC7{VmC7w z+U&aH$e^;0X8u#ZJUo{k3mFgzaS35JGZ7%n5O$H|XOduxz>9!*=+>FcJnlt9PG*?g zl-4l++U=DrNfb_3?1sB){LQa{?6C03&tQz5{IDYK4SVy~!SA=hrMjGcn}Q7a$k46f zi<-FH|LWo;*t&Fu==b)Qn6tH-azC)9>^Q&9nL%R9F=P(h@p7VK12h z=-FiOR`-CBZlMaFP$g0I6&EctI_Ygu+r@AG zFVBZHHS%Km8t+GCQ^CVE@9{5QEjT*K>(<*8WxP+_h%v!*YGP~B_iz{`zNrm#F1>Kg z=a1@9V1NE(HNsf!*Oeb&Cb^SMzFRzV?0!bT>PcICTO5{})WBhVi|U8fb4U35Anh1N zRITB)W}-g=IJA2{PID79q@yzRH*P=!>fFR{6cxZf>~-W? zn(erhkvog!R77Q^G!}3J3omu(okjo2BLp2Rv`x@zT`Fy3Jp-HR}%R3HTUTe#n> z2+n)*ZdbcF|2`6+E#C5j&p~iJ&l6haD2sh(`BI0}u9lX(=c<=|-*_C9?F;%!3~b3U z3WTgjza0>rmmos5WujWii1vDd+^0>#y0hLk<##$FF8cLZT2sW^HqGG4vcVDQ<@p`+y^aN(59`6M{=8Ox3XV74zMhg* z`7-pHTli6Ktu8i!8!%nCOm-t(j&@<3v-2*M^G%t~gwgPmNqx|gF%ox{`D(NbB?1n` zzh9pUUWuAos6|@{{mV3oKQefJTm>lwOIMe9jv@}+Ee4mwKHFkrd6HSWbEeeo=PG=wb zp3{M`P=s~bf$Ar#POC5!B|KgR&AOVh$H=Q^JCpt9({zq1l0KNZT!%A`H)OEn;j(wRAI$`%p--T_w+bC%C5JBCy}U(fwlkkSLF%Kz;v3ySXOj^QGdY zOgc+s1ljh4Jyp7zo$vG7&0!e<)LGw@D^9Ss+`fQVQ&eO(6<=X|&zAYDqPGgKTpE6!i6-2GI*P{dPb$h--kNX>-PQ zVlTVeS&oQ>i?MtnUId;!h@sZAAhX9hzyc$@z4ova)+hsyPLnIKW)quZH&dQ2{qB9j z_7pAZ(ciDP_<&$dICB+q;vY^8g)FL(aLvlIBB3R*<`jCN z*NKedIn@~zjGz+4__nWsJ(M`0DX$C9{fJxiDPtfxdb-8fT%jOg6b0eycb-b9;;bf_ z9Iro7VrDUc)F@Hd^!>+tIv7M+m`f$4gG5`i!$Pw94_4d_;1|ndF~Suh1}!Mzisx@f zUt4E}n;wh46toM&AEtZ>;4PfdO!&9$22P{(^I9i$@~#-_fGm?{^3Tjw%6lst&jHR zamK{PqU3(B+sTYB@XN+u5E^pGCymW{+M$17FB2O&d6$}obhB1mQ_o>i__OBu(J|S% z)T`a5$_y%FzVh_>eI@vicLCTviL*7H%VhS^mBAOeUvE(fgXk0p8I}&Y^5k23Csnaa zbjAHK4^mK*=dV(0F&*zJHrcgk5KJ(X1Usutl(O>{D!F*2kd9Vw$u@j2cE z7gjW)G6|@9MI;cqXe}Kk4RfKDCH)Rm=|GcI3@|s#4!gH7_WsA#g@A*~`)N$-Ww-v5 zXaCyJKK0Q&isT_IT(SS+Rc$o?(;UB&wf#Sr}#S+so>hnGfa_t zQXy|WpLRf!L%e(@S-kYI#ZSVV2y&6E7S4F71nA~xOA0UsQ<0z(BRv*Q3At4mGA-zi zl#;b_gcAHiVtZ^TnbRw#LljK{A35vbGj=2UK>8amS+6GHy;-&x@~%9rj8S$fh^{$xU)4v8S#vQqYc z_hruSqV&l;*XVk;z^uugfTyB~AFppPVK(UA96>7n!u0MfZ)f9op4&2U=dPP#=iE$}sSL6`A@K?a3iK1hl6#el z<~V3DXO*AS$8$RgX=BghE>*Nub4vEQH7>!)mQoCx5z{o@Hy)I2dc2BPt`;EyOQU<4 zo$4+JTCHWI-=5Y6XmMfgJ%43K4W3}pu1Z>S+v-8H|8?D@&Zs%HcktW$a5<4r;Uj{WULHry?TqooUgSR)|~+^G;rL~`nKXGcX9A+%D&#P84PvuU-iHE zRaDDA#c}=ZbQID$w;qB*dWeBK8Fq@bSJ|bzKrFkEHf-2p7gdic)<#3l|G5dy9uNK2s@Ok%imOP@g%1Tz`+&TG}UwjH(3e9$#Gk*iSkO zdrQAXUXP;n{`&T+(Yerkc}Ev9vfmv~MNYdGY!3Z-5{JNEfEtwcZd;>I)8?S>@s@)v zTW|PHnVi6e9}(HZ(_rDUF^)!532iyw7W7@Mqc|(!-O=K!y>-6Lvr{I^J4Q@zJ&Aeh zlPb^2kX>5u7m(JJdjr?j#7m}-!l{+q;b4p>zerSVn{LSXPmqvzPHcupD7$+Z12;XBOIkL4qXFPWAH+sT zp@bVvj9#{aRr^PQ?YYVTHZqn`Nh+FH((iPHX0w%*_tyeoXm?6Hp{V4xG`ba)9wmCZ z10sMK>h9SU^L)81i#Nzm`>vr!gC%tUKE+{pzayKT2dFFa=j8W){4fA2)hfjpWB*7c z&x~Xn$a?dk(SKC{8P@E!6BLQnx5kJ>E$#`ZEEed-G2^%N*iFC!&v zSfEaRdb(E{z@mdE=#s3gvV0b`uYZk1tSO0h@lGBJoR~|O;yXG__D>Do#A6=|B{aE3~I%! zkYUAznCisNqWJ@^H8v!b+|J_t& zNHx3a-tJH$c=BAlMWVOtIs+rU^XuKb?Zl;Z>$6e08?OL3A@T+$Oq*CQv=!3_a}$Hq1%0-0713{Wd|4}dYeXO|@XR(vxOSr7vbkI)`h5s&^L0N?A8lR*|lKZCCEWKlsphmjk#j_n2Sy6`{U ztRC#y7V~DE3uf2yj<1J+K;cSytaj{7kubRE%VWHg)6>si`}acEkqFiTXys;RZ!(J8?gcJwxx z*HSiVuwv$!BSR4NnMEeFXUf39v%Qa6SM0?$CyR#!r zbEiasTkHwO7>X}V*TnW^R*n&R_y|Q;?}BU5D5WCECXwHlz>|gj#wsPXkm@^zPXgw9ZDY4!MRZ4FD3b>!Nb(;?_ zak#mEAFQ+9A1_QDLQ;Q(7S?z*eVt8fSK2DPX1=q>pLCyBKht~k=Sq6`i;auw+iabx zR;(jT`@Y>OFX?`4*1cA1Bm` zn%Z$f*s<+eHimc%mrCy{^04fUh*s_I;%5k27~n$9+67g zDj3^Q{_a4@YKP<49?XHkQVQ`Gung+&=66PohAOxpndwp5JmAErlsJse?e3&RO4aV z_m=-fBep_cX}L?q?QY^s8R;FwJpY=nwyUh8`yA3ldHkA&0Zt3vh4IpSj}S^q;7tl%(5Q z8p*tmD(~k(Hl+eViM1i@KHK5nB{4o4V;PY1IxLMDD*yzS{S)SJ$>A`t0-x7zTt|1I zUvmP#S+TAu#|Pa46!A``!-sn4h7!%B!C#TNoB6ZmNZ74SCryDPG%P;vuGp zBffvvF|#L9G~ew_hKV37x7a8$WJ?_i9Vt2SbZ*D^cGw!~=M$H%$#aMIA`d*X6mAnI zR>V~H;%^`PYbg@YQH9kDiuC0+veYkZ*c;ktRL}+nNDO#^~Wi<4BP|=_IKR^FFSM@)Re+qf`v1cgcT?Q=XAJOVRBiH}& z-jhbuG*44-LFPYL_~D&&ytYZ022Nj1sisZf5+8PALB)@&vpPkrUjKed4~QNnpii@1`$&v#8l_*!Yh?yP%Lq;mKq#ZvXrcI~L7uwn63`03(=Bf7EPr&ZSY!3*%@MuoL+E zBtNYY0eS4ij*dX+I9xa$z%a{}rc6@>p}6&+cJ_(?qe`KJ{gpYL1L(I9jw(j61jsfV zeVOfI`|D!RkbsT`tlUMKVL>tP64(qGWMXNfCBt{$$zCzX{iE2ivWnf{ag;=B}ehfO|o9m|4%!$WY1eK#feasOw|8TTkwy;i>~8z z?0XY)QYCW8(f$3!karXYEuP+8#Aia=e#UsaVa7DQzJJdk_8r>WxDmoTA7T$(X;X^@ zq4RydhoAfDiKuminq^MHQ$n(K(}nrZh0%a3iiElCHwM22e(oN}^dBMS*JPxwY_6Um zvfgx!$s{6=2yUN0N;s7fqM{wFt&+4BhVTErgCCJhco9m%G4DnVvqrYrIP(56?j$*i z5`NR61E&QmzVKwHwKvs?52MCrLVL;Ys`m6nA34)a&%Z46pMwjce$Xtzq1mm}{-a$%5^n+(e;))8Kg$V>S@Sp>ZCb{_5ZN3<#5D9(j|W zi3EJ%&u;&jl=1g$nXrDU*bU>T?{&)Fcx}-WzBXj=|MVz{hEV}Y<1m0P#Qyh6`{zCV zAMbx+ApU>;d=z_6Z4$=6R?H_<>JO)z3Ul>r%7C?DOk}+)l~YV)EnOc@)qRT3Od%6P z9ojLk_2M665tXMFP3NE`aa68xawZYoCp4Kw8Ifmz~eB%ZI4H~Kjv4> zDyL~rSW_4PWtTHr5xe^Roh{d(RY#@HPNsd(0{I_C;M1(wM}E`&Hxc_!{&~(Jz`j@v z3Ax+-vF4&g-=NyfR>%PTYFPA}-D1LsCPL^LB!XR`mupXQOny~WSqytO`d(E{6{!oo zO$j;K09rjjmjmE3Ki-CtNy40di~!r{if^@IH$2swLx6Y3t^i;@=m0Ecwya!aKX$@6VG}#yql^ z>5iJqlGsB*PX=RJDoZNni0Q1Kylc~|HyF?;c!h#R3Z*u@`o-94f7o*64G9WWJ-bj? zwm-??AP0aVuK;nqH~@f}r0^NxQyzxPB&BDnh4a@f?~tIu#^a|tlib_OO>7RH-_osjkQ41t`aD*T zB?n-LX~(RU(gb(rgK{0)nEqR8r|*-n9xhx=oD z`XO=zaqUEnNx+!(&yxFux;i;;#Z&>Oq|wGHS48)Z7=Eo;YPo$I&c6R zoU}&ruG=P2wYBXy=$?$Q!O${<(xtEBIj7~J@6Lsd;{*OgwQ}47lH`PIwtpGAYNK>w z^3EI(5L3zWd}z8x7v|MzmGHUf55Yw6?kKgLL*h&>BD+U3z`<#L8k zjIAomXrb3spmME3jAYVz5jw6sg@ntKBN2DiJo&8f1d#7_W4`o|Mh3rq9>vSp=Rqz_ z?g!-7a6JG}v-8fn1UrB}4aPKq17jD}bnNtmWb65(S8y`6vT#Z;{ zQr>xsDN{n6vV>)Q6DZ%B&!aPF*L_~Pa85k*7OxvFVK+h>_Cc zl9fn4@KRc@&thNwlCv$>SUb5s$UDl>4~cL-o8?GH@p`^HWD~ap2ntP9DF`g)1ER(Q zS1trdf!vY{o(pY$x)viD#gGthI)#k9>UGUPw|_fepOTa)id=j0MtPzM1cZ;gxNVMW zz=J?}Uc-GKeT-st`YSzY(plYY>}U?$HV}5sy6F9M;;w2-^Nw`MWek+rE4C%R?ThM4 zp3{9#*)93hm26w;F*0VtoXZy4j}Rjg*W6Bt5Fb~X^$>%v2lUl<&(h7{{>$hE5Rd&a zemekf5cg4TkSXQU&%hVeZteyYxmdR zauZN|ibSGzEZ^6kofL6K5_^4EVo zWF|bH04-+OPl#7{he%M0@^Wb9b>&i_i>4E&*^e+luU8JVBxH73Fb;rQ;kzbufac?` zILgv@r+FDRWC6Dv_6sk0{bP7&O(-Z|nZf4SYF8`nPT6+d0EXaDR=cTk$+r~!CHS;3 zbTx#0FcRXiy(<~^vJ}JpSm&kSHaCNMQO=UE|8Hvh7k*6!Le>ivp8$OWPVKCg_mu25 zuWGc)+wRuo%+q`gh}=Am?%#PAAF)6L^TUFF<>)1Ia++?w#LIw%jhN1JYYn@X>*m){ z%SS0A7b0X!Dx}DKzC=4~lBdTFWWruAK6Ry342y@2$$7Yt@Uk0}SVV4#u6prkaQ ztE;=Y)gHyO_!BnM9`u+u?@fd{?aq?Ws~kb?o&uq<6tyk5WTM!I zcW1n{*!N=5A|70yi-}2&Hj#R|K2kbZ1rOY!ou4X|V(U+#`CelSk*srEW>5!}(AdtD z;u3mI=F8D_2S?(_+XNbkFT@pcQLp6dPqgXlHo9CypsV+2PcG>*sz_Gj+q(wEva)$- zT+gYO4wmXvYi#klflKraxB4?!Qkj&}J6D%8DZ9;1NaV=b%?w(-)ia9pm8SiqOIw%Z zfGf-iA9-kE(&7c}BavH*0R-B-WRZFS;EzzIK#J)X(}11dG(w-Ao3G4y%*IuQ!rB@giOfml+_i(Ckb(HMk$72pbTv8BAH zV&*>hN2$Epk7fD>3EI_L{V}}DDuEi@wUo!*=0|xmrjZ{Pc{Jb)afG$a^P6jrVxCvwc3vr*gjc!8P*fP--@xF5-sjrGlYbhGH2dcuZuuo8ikdyqNH1-(rji!q@$A4A~Bv87+e1={hEs70zbf{0T(a z4@&-*l@bl3!&c`vjkP@TIY*ce%|@wFTU4ET>K6(7*-2}`fkFsva>@&3s_d*j;boTqJ)`T5SGa#21@teAAA@oJa3 zHULi8F141AuzFEk)&1b~wNF3JuUzvzcW5;+%V82F-N?}@3kRux)U7LU*JM*qUf4kZ+p!Gd@pvd__ER{_R^_ea& zk+59_=eP5zWTisHmks6#2o)teuK!#*>NhMU!!A=QD-j_C|oqr zej+DprRDR22HB5i_$&!%YduNSRmOKZxyuP-%K<9LX2oIT0t2UbOGSpIa2+s{sYPs0 zxFDpIJabvX$n#fa*59$x$95#Ep|eE7$=E;h86UBbR&qn;Hj;KC+@jK`V>zSF4<=QO zqI8=NnGWK$rG~%NlW>vyojt#@IbamB;&wTIX+IPwX1{iwIaUF#dVanO3ivFpXzYW+ zZQClJ9Azt-k_-(*IiCrZ&+*x6y?{L;-0fXKZox6!pA`crc0XnW7`3ZBQ6*@h9RfIk z7HkEb#8f~hvUtOQ#o~68Ok_YWO?uR59MJlOQDCAcM@D!8{|8$oBi*#=Y?h@NjNJz zQ!Yl^?r3F9}*jvI^wvCHaLjMnw zf`uSY&4pVT#pd)o(`}qdy(AMx=-DS$9z^$p_me{`P=6)juqjcrcol$zjO-nj%xvL=3UFny}{}J z)~i2?GTks;oQ#Y8x16LWlSwOiP}@K{Q{rpSrVLXaPs^_FxWP)E<|$%NeN51MUfU@f zjv^5TE|Y+GX6LAH9CA$j}WashM+t22$6g@CpZ&(BHoVmxr0*y<|S}SWQN~QCVWuLmbV5M!i@u zY>oz`5$KOOe|=lzWlw2&@>FnFJFuwasf#Vr9$n}67r%QR-*h~tbW>;#AID$)`S(() z3=~z{2|JekNzFjVVcW8-Vw>3QY37QRU&H$uLnajG3C1b4Y@DprspozrqGG?_{P{hK z&B0qdKg8gMG`^}m~fB`CgC@`N*a?l5TO|z z1ClptYzh@78;pR|RW3Cek6uWv5G|;^x8KI~_13cyu@;qlMe}d4>-*d9>E_`&M>XCs zn|WM9+^4HDd$fR?Fx{Mas`_`jih>!iHt5f|H~+N~Dv_X!Z0$gzaJRQ9;ITkoU`yLm zu(w{zv77aoJXdE^97&tbnzrSH4sy#Qk(>1Zek8`0R}#4BQAymS9BYdXLvI_V$B>Z4 z`?4bicV)bPugi4GpT0ZY`a+LeUCr?*j>prURtXt~z_nHSSc3jyR0KYeRUdV@W$6Fj zJmHuS2>WP&+0CqFIPn@SZ?`t332Vr37b2c2OSM^XI9d`}Po@ozRvTPehL0URiF@u5 zt5c7L7#VD#07BzXwm`4@lF?w8*#EsYb;;|(FP(tWoe}{-#JYTB3sOJ1yy)3M@4hnjTR2FN$>^o8eCyNj&lZ;`)}9iOaZfN)B(e#CTwP(0S83co9!RehWu=(_t0 zyMH>3D-uw4(A`mQANXo4F-80vO%QU@xqCopB1LbA&tmXONl0Bk%%9JC;B|7l(R=#F z&+c1;sZs$QDc_T%@re+zCV+I#RP3IzKSHjA!|ZW55ZXc3yh87^t~*mHXKRKBChe-* zyPr8-g$$luCk^Y=jYq3g)a9R)+2_+f;wQ>~?vK|a|FT!e$3NaWmTvYt=BbBa#ALd_ zMXP;yz9l9ek@;EQs{hP0Hf2Iisc=F@APkP@^?E_2L^V*bZ!Z$)&!ktb8zFPM?PVrvWq zjec2u{`owdh*xaJ9z9>_Ma$6!S~tV>X9Qucg7aD(2#Vd_6qe3%zEyNr6SJcr_BVXW zT4jTJvR1cCL&DFcf^L+5muRs~9|DnvgWdyg1&I>duLQ1CCB2K)9)_iwEZQ}qI(1gG zfyh|6rr4ag`+&RgMKQ9L^*J{pZdq{T%WSt7@;Eo!Ya7mr3jWWEsg+|-M~cU)fG!UN zH7>*RH*zm?6ysG0o|&$G`Hr;#vJm&q03YTxsn)a?7OP|@O=lq$vD>D>_280giz+owBR7I5f< z2zzcvm8e{Eg-u`+ijfr1Gnw`%j>*x-VMdt!@CZHy)vpEpSWR#C>&5g#ck-uEdu~_} zK?lClD?kUcD;~}gQ5+RU^|XBr)d)O&-md`=X3HSA3~NeCu6cw9>*7dm`88TZTM zuZIW$haIphuc#us6nU zf{YH*4;P#IrmVSWG?x&Y{En$xoz{ZSw}YO~O?^2#e!;z`qXE#Mv8b~SsCvU<`Kt4& zLX*y$PCj;C#gDMt>}p$%fb*V$9VapQQYtohYfh&%Uc}(hf+u8#lT>?+7d4kzw9)fZQ-a~ z4d&Ks6j=5iIThhT(mhR@dBr?e>X-C#62EOP*0-meT{aA*{~z|=GOnub>-Scq zTRNl!LApU21?fh*rKG#N1?fgw8a5r9M!G|~ySqEi!niK~_qp%$Jm=l>;_=1);EuKT zT5HZR#~i;gzJpm{=d)xYIFf0Ns^Cn#6Be;wXu1NPsrKV?>I|dRwE1+1Xn-Q4Q3C-* z=E3NZ6G3z4+YH0AHa=5)W@BGsL7G?-&wH(dt&W}sY0bB z1&$&f1h9_arE3i)agf&7Y#e_yk(*pg&0Cr`zMs0o2L*D5cQ(i~-L|h2-9?n|xF0B(U0hSgatglR8ocENM*f)<= z&sdMOYa7a_@R^U&mCr!A=~pqd0z%~E|{$8`WBx#&h0SbbZe}&kxPA{ zVJlTff3a<3LC9MP0Hg@$33N?8VpDTVSL{BZOGpKOg4=uZHV%x>^uxbo`$rc-E0d~gce3?HEGEg}GlfLnSS%dh1XkWPZ50enTI+YQ9o4iM|8O@);V zs721=siSxvA+zmgd#m+_8r0~Rwz zR<~oPa)u%l|3qd6Z7insbFIzH1xbBCMlBL3?4S6*{iEn*|3diO`&YO<7_x*=?r8b_ zDRuCB2K+zq0$|I@PeTESW~MMW5ezTI=2gqydwhQ3JHig7ZM!A#uI^ZEMW(}Fbnr@(BQOthP`1mXNO-UAQ zQS53xI%4mIKJb~(R_C2Xtx!nu%B*U6-Lz(bxn;C5Oh3bFP`*sLk{wcLD)@d7p>@6+ z14y2Z{X2yZub+S z)5;q8bF0RhnEt&#zTy?7PKvwsQ!h5}7Zmwgj_v^6?BdWf z-E?S(5hCMrMB`mR&uK#OPH``s0xpl?i`cc)BE%mRbq)_v<~%T6;>D-uKny?= z3y)e_=U3)Nspt2lR^cU@wP~hAz zzV@pxAcCu1p%T=R8}>Np+7!7h6Co5FEAOs7QAyp2!?5@HsDa^M7~_SdM&=a>8G++BX7E2t^hi4l~FkzkX=EzE+z%5QIY) zYwkqwWe9cyU%_wysKwj*4fbSc|1O|uq4x zY43XC8GXQ+>HDp#KB@M1FN|wT$i6>0s=u=6vT%6_x6<_&11hb!+qFFp0Sz?eU?;{4 z2U?X>rzS3;-u2Picuk5CTg=Y_6kE#2{AI`}eqtim%fL*jWYv@+Ev{*Y8(<3?!}_Cd z6OUe#8<*WVm&I&)GyNDLL{g8pn8>(Og9;_gJ%LY4^DI#>4TD;BGV64R{h^dz<}vGs z_A6@ykXY=O(kvcyc-k&rnxe6EMGO8QsqH6`@J1D@o>v3H0`TjR@R&XD+@<$-7yfK4AFHf@Y@-jC znG2cbdpWCdTHe85^~K_%?_j(QhS%kNG$`fBCg{7DLSdQxghNwa!=aOhGm^rX2;_?< zlL$Zq=*VE#CcC;1vgMHvw2vxK=lE-g&mBVM4h{~E;b_&OmDik)*%Qz z$8q~n#oJK(Nw;el?BnixAv>={{rlW^!M)-SY~kveIQ^KYAU~hI1n(L6(oL; zqG4+%m2|w(o3V2(=u~1pU#2j~Al$@k*z=lT8XRkquZh#l?q05vi~yIVnVbXkKXG=x zslO6mby&-bqfudUI!}N$){>M412SvDSDp8s9S3~W$UH5-=RjE)$!>QJaw*B` zo_}8Lyp-nQ6k$&I1#{AYnnEhjFOaS>#aS*@KqNq>V%!9z7AG|c((gIt$UpExtA6k_ zU8oV~bTBRkrz+k8wd%rE2bZGK)(jgQ!BOTDhL#Z|^H@zsp-j>DFLi~G#xG!Z1}cn3 z;JN945YEmlx*_Xsyt0$zFVcEYYPxZz7g$bYx9I8PKv+xpIyt0;)RC-!POy9N6!E_4 zWIljNXV+3RhAIpB2an^Va-K#(?I=iAa-#d^P7O5~Zn0*r?m+u$eWu?TVk%5*V(Y;e zrO;uqX62lFGwYZ?hf1L=eqVEt_Za|bw3qwl_ycwB{i;{-SY|D)v9|``#REK!&`3Hr z)w|nL-a$g@!_8+G%A2Z({x-u}3`eH@(`VPXu+k;lV^k&tU2z*hBh0vi;@lJL7FTam z9G9(lNDjBhOon%-ga}*dYzM=5@6~sdhDc}ijuH<0UR+ZjdX6eM zOOvx&ed zuX~0h5By1f6lpn+9HeKgu#ZyO-KREL%KD=a5SMSz4Rdn4XH;)>WH+2Uy!b-jG@WM0 zpH$$7z*BS<6S9!I@LEhsh-WNcF&bKWB8Db`dF#Y-r)qEeLev>kV?zm-tvdCwCKh`q zlN#U6E-XmzqbA1(E*RuZTBDIn`#S<%3yQ{o8*tJv7=RvCxt>1Oe)q>rK8M^)ze<2;s)xkIp#k-MVvcJdw#E`Z`etGmztSazn zHRG;+KxB zS)jq$lole(DR9`7DHEo~)}{U!(y z7V3#N@q_ITW%lM)Fh#%hSfL?uYJ6B)v_#a}8 zrnyOVc4UH^bP2|RN*|+V1OrZ>r(6JmVK0WsVgREi$ekH+^o2 zyn#BYAOc9{Go4MTqTqV-+rFcY$}i{G@*P76#^HOWmY-E~IO{cvK8MXe9c-B=q{UJoaVv2UW@}P~yqcuwb zOD^0ICpIlmWe6cUFTNp`jf>Ng@hP4;yH1DYKxq9qSIf$Cb=MH5@o-Ta{J{sr(6;Q{ z?3pxDqgc^}?u-V>JxdZ#{8ZWjC!g|hv;#E&netI@8J1vot{TqHVU8zt!?xknKGlIY zngIxDMRV`z^V+sE496Io*f_NsmXq#Bnrr zCPn5_!ZWw_iH)F{6SP6QXfMOAMK8C?0T?>R*q5&4r{zIwyo z`rS?Kwh3XQ-3|ga$qm3lvWRIpu?jA@tr>5B*Ly9IX*yfdI1V>^`t{{DZmrM}e?vH{ zn6xjL0WnbVC?-8|elJ_AHrZzAhmNwFpyazYs}|LS_-en|`IaSv8H>KlMG&-xFtM zqseBKz4+t0Wk4>9`V*BhU^S~13m&~Zj)7l-_bNrz^i>u{2mBv8#xI1=!~q8JhZ*;{ zpdJ@=ZyA;NJ%kKZWBpA2&z(A?9XoDP587SdQ4WEy(3`#S6un7C<5Myo?Pmup1=`uy zpe^*ufS19rq@5CxC=VA2tbzB47H=GFmtkD&*C+$MP)Lzt0!XS_Gpqm>843zNs35=& zZt3pRcpacV6|=3klr#7-QIS;81#{sl;1hF13*#9G>&CJ}Co>F{8TWGn>gYFQtw8sd zkz;v%$oBJ!tzlk+)#odwcTgYKbfBFE0V=11Op@7_)3PPB2l3^~kTg$GgBl$oASUENIQ-(s)W#XOG zo(&hsxZ5I%I=R4aK9Ln)U>G1%4v zFKXXpcA9!1F4i0|p8;*`HGvMHuW_S=D;1KqFAw-Gx?!ptWhuxq@LsoWc#H-+_qhg8 zz!s4>-nH0F;p~KuJBKXQMF8&X>kQX-q8Z#DWMhxy?70RTG*YuAPLS!9y5<*~dCKSN zb+v1Ak6jaZEFx+r%tll4;V`sF@8^5TCBEkIFflGYB?Oyq;MMaN@TsT(fcwmX>BD{p zXEZOn#UB-3KP!V!HQ=~ME{*PPukOO!j;(Xj0@bSz{LZ;y3;Bj#Efy}Q`>FdOKe6!G zOc&}qL3H+xD)QT?NxX+3r8&)S+ph63L=LuW=rOwdUxBC^f7!yj!Hv{n1}nfs~li8paY#&aNY zHiHSxgfpZ)+ZRpgLzvr)Xp2KL4uXT9P|&=?se*@2JDkQXQ8UOp%!%g-9!ju(`#Nur z3qtQU6L%UmXsT7Q`8r{+fCb@$NPksf;!eWB_}yg^@mtrsRzkl0g%3MLt~L86n8>Fp zX3DHa&+nh7$fbAFvhsU}8+2qKAJjx2!RpA=UEmQz#Y|8J6OX?ob4g&Ze9I6I-Ab7m z4v*qTbVKToG^Ep|ed^6n?w#k3#!uR` z-r^eA-*l#eWN6q$c=V%BrjgBz5%Rn7Df;9BNIFGJP@suh8_JJ^+tW~Sw2=sKP7MY$ z(~!Q5Gh|8WPl4OZD+XsuOE+5iDG|fs=TI79vz%`fhe}!Z+PI3KVC&%?5iDz!DysO} zsm@fUBm(_biQINo$O`9rl|9y5$37j3CN6WAIy`C?%hCkqYo17uuEE5n6=0i=%#*b_ zXHB48meg7_t^7OOfD@`>zqBEX_!4bw$C`5&vuZZu7IX~4O8cWTP5-xoh_)@guq4F| z$tJJ}0pUHc3iWD8lO(IGevjd+k7!T1iF8=rt|H*n5*N|)@H5P9Mw496Th;vZKSJXgo zrh<&ne)(=W&jx1Mf{%0=tS-j-v@np#;HB7r=UdVbZ4qZFmZRg199!%21C^hL`wPt$ z4Sz2!un12dgg08`5KexFQ~6&Id$P_hx?O-&r4K^<%DL$s-J5mcAO;y7H*~OEk3RaH zRiU*b>@b9i7}f`&G9fa9=nLMu^%b#e+S`XQXz(BM`RWO776KryyfYdU6^E@sWqO;b zx-Vn340eQ*0Wz^TB6aC4axVoZw5TA_TfV5kdM69@Nx!WkNjEbby$Qhvw*Z)V|vD%ibnI9jB$U# z8d$^a9sUS*sdy)(u=kGjFI^|yF?q*fxiNvX#lm1|CzcC9JK9FAkGBi+qDG7!ZN3KO zOWK#7fDgd#4qR*upJ$*tpXz`^b9GU4x!w`PA)LSSW5iEg^3vh9vD)Wfe=W_o+xlHX z8ES$IQ9~IY(Zttaz;=NY)Bhc8eS%dZNm3y`pT(I=K`UaoM!l`5OPnJ$%!ECi{^-=%V@!?|s>L&MED z1a9W|=dv$N7iC^|E_rZ>xcZ+}ACBwc**EsoeJ+s61GSN89lcvmpm!G)LhVF<`+jh~ z=iJ|IFbCOYcNnMoMGqzXkk0^`f^)y{W~3B)SN)uB!xn&Ossr^1)*OC1S*uyzbJ`k( zDM#A*^p00)X)_&L*X_Iubu)A*PCMQQSyScx0_>jho66RKjui5;lnJP4S%4!-NM+rP z4I#kNmZzABwYDUWDk>*1%!_m==3X?# zln6rpoT|WV{TBKCE^k3rg?i_Am6MmU$P;McTTj|lp)ua1r3+sE)M4(Z_a={XuqCj}2f@0~X#*s=-dP8mENH4g>JUa2-w)&sSYu52~i&c)3ZwqOH^o_B(9-bDTBSy4M z^X_^E6yHrQ#;dfK`2B!`mc+^J$kS#2IBCLpdQ^rIhoFgySlz6K@r>q;v^K~N!O5WK zY*gPu{SX;PX$Js(61koRx-ZqUd8=Hp#!OI*ueO+k8rR|T-IOxvFV3kERL@%>OUek% zPBD`^BUX*yjt}mQaTfneAo%JC5D3P}ic*)ZzMREsZcQuMR8Ukf+0^lx8;BI+ zlMO4$?g?f=jMcd~Ci!_YFL9VKD8Yw)e!=$P%2#9Dd9a|eBt1vFjPTSC2m^1=&WFCY zJR+IjHBAGnwBOfPRXyF>2P=%$P7GXE#1vHS%DwusRXJN~PTnS2?A469fFs!g4I^pp*%&6%4MaSR3dKCw z+$wg~1z;{58vK)OZ6r+F^)w_R+ui>Nf`U+9jt={?4cM5NrO3ZTgKEh~$=w*KI_NpP z&Tql}xvGIJH6ru84srYLd@gFANC3qPXpVZgX~-229MX0yR{7ZyrNPBqC7T~>T=53M&ZLwGD`e)oJ$KS2b4J?>CIJ4_dhlR+i z=9s++8z`uhSqd}^t`~vv0SaC@w1GH@)YR>~{|Ty3?)XV3286V1-zGSPRO(j38SG$T zw|L2wyd$NLo1Hi6grr-+=Uwl3r5ZPLwk4h1n2mJM&}UhiYI3OU$7s`Bzcqb>v)9}J zx8v|wH~Nvnt7Owdr~9O2E8!+(OPt@JZ34T+TaHUfzHU*C`jpy$+}gRNTpeR#s4E$8d>E9! zQJJX83@D2POKCu8a(vzIs+_%Hrbr7f``m`EqG!%lSE8$8J2E|HrMG5V(Z7M-e5-^9 zba$$lJ;QrT$1j)&M4+!+&8K>;SC%sqSO}f}(@-u(-|*Rc21|W{dh6b28M#q9qsDsW836yppGbF1TgY`{qg^wKGby`2!s zJYHTasMbhrT)&`5rk^MPAMdI!a-4MMXmtU+&+SU9!nKj`tq`&cz{hXHfH=QNshk^k zNwKRNG1NLm0oT48(b}y|qaVby7!=PrPc-`^-V+_cN_ixW zyWSO3tJ;~mw`k(Fnunhr*UR!;0Q&qacC6TK{?xqA9TzM66A;4=-n++Pis0o27^`oc z%+bc(YhyOdxX5XMm}kFQq|C)sjpImvo`qjf6x^>}#>;sARb%hxv&vY1f(t;P$10iM z&sv|%D3Z*%u#c_qtEdWQ(CCb(io`OemLEk!Ry}uZzGb<-DfD#wC`uKpG3@LI&DoIA zuUd8{6Q94rt04T0gz|&PJni~R8=cgjZ>k+`x647=3mB^Fe0RSV@~o|~NQw{orSTdA zxx=`uNxwh!Q>qt)ecC5de6NRj7ZeVWAxlzYvxadqE%zhW$yAKxrDu5ab4)CHJi9NF zzp_k$Vt)okayn695B3Nt@&%6X^vSpSw}wmwcS$($l1i<;_SY%@KRyCGFQ5eamXiO; z?-1{=%J~235tRoHI02q81hx17)>HoM&$ zEBw3q`tNuA$KPIWqyc`x8xMHY{~_t&w;TWGRY7SWXF_OjrA6`AKJ=2G*zMZZ8bE3i z$uYtGoyQ?T@qb-A-W5j=hJ+>zj&ak?`TMfJL-U-6`M;}ZkEWCtvxnXd`mcxDM}H&( zjNha^Tv3nW-o5HL{rA$NGQ;@_8wMxvgmM*TGcxbLFggE875GTt1(+bwr4}fl7RRo% z$YK}uuM_?522r5ok#)wq>2VKlC*%>x$n)>3Z4wYmKX7#o!d9dTjQWDPI=}L~dX#gO zMbi}fx2;z?B+Z7}cB%g?U5^)=fA^(lpvllh+J&D&F0+5ki<93w{>Rt)h*6&dCH$L4 zv!<_rQE^gTKJobbQ43%zKK&4kd?ig~vrZRTsOA8Rb)Eh9t!q<<7}`ji=uat^*>M`W zXaP>XRXqIaUq&>s^YhP$$&Ait;f0Kl%X2k0appAs&6z z&3Y1KE-MQP0VfqudlfWVtNiBQQx4}}eJ+y9o4nc^r&cnrul%mp*#y^4$ilYzpKKst z)j{^^8pYki0K`AZd<9yIg}wt>L1G<@u~y^XH=cMHPCKpOtxs))CJOc6L-unGWG-{Z ztZrxQ-^o60k`Rc@`0Qa^E|UMRX4Q|!S@q){wbbk1`~N@9*vAXZ{y1s>|HJ>cm+1d< z7l*&))51Hp@Sp32C!{Nx<$50n9PH$)0Azv~p!L*M{Fm;(&C54@FM!G`+UQ!7C6OQ( z`AR$+)@;6*!n~*6;vp8`<@I`%gI`vdVhQ~rx^4IUo4-P$x^QqIT!%qDg@OcXv+2FOVAe7o z+^7I$BwCfVKv<-(*v(m!chX(u*g%Zt;m(2nU5_5g-=h^J;K^xCLyo!V-Bf3m*%b>@ z7H;P=qJfCdx2k}xaqR&8D!(U=grm`FlmklUUN*Sc1+IQo{zW(WWzzXSpnh*-sRt_Q zr~xzfYUtu8EhRsZo|BS-ejx(gV<942U%q$JAR$xcoGkK{m!X^2rD4GAE%bBu^^mwn^ zC?SAq&r`gF_)_V=3Z2kC&q0>3aRS^E{dus*4l9$(sF<`scGKa15Kv&B;;^`kOBFw^ zA<>hMK%q%H?kW7o_5QOwBr;%Tq2O1;Vw*(dRw&=+T@-E(BF_2 zGJyWWzu*HbondHouw=m+b2=8kF5EJj7cdV*fx);U7dNH!uVeAK95U_V?Zb%@a#BN9 zIYv)P+kbaRF57#1L}SLpZR)4a2G?RiTmRmUe;N(|HlD_-4X%deZ7`3c>0j%^CBNr& z3QG9LPiT0|x|?3Q<^P`3UmyOjMNtA0l?uATnIVCqjAQaiSmSc7wArs-5Oa3*9&UD`Mb{W*(){-wg?;9QgwNJZ9$7C3 zY!+~|2|M@r?B><`2)&`X+YZXp|CH&bVK`J#hH1=&?l#z-hjN>{$JE28^jsxS4?HC@leJMJxcRsk49WGabMp@`d{z z7SRfzwT#mHmif)r*a%Z8=Fz#`G+=$p1?s2BTZKa-fF`jnRYbhjf{);rM^J;s%w<1V zuE9W~JC?L~wfiBS#q5VFo7={mO!a=j8Rwj?Uy#_oD^#X?D>*01G^5Tk##AGzbw~nG zlM)W(R;A56tks^?@;x$SPM;G2wmApvQGYAnK;S>^R7@WpsZT9(u6_k&X7TWj;xXHB z-l8Xg!=>on{Na(?QCpwU89L=)bT9kk0EP;A-V(U?aIlx6eOHUIp)>ys_HQtN6?FID z&KnH*Nv>gg%~NQwMuk%E?68MtY`=-Y_i!3D3qQ^%(2oiS7fQrI&P*XKdtFe@Xmc}O z=Oa%62ybwC7*cR;Si(1&Olu^Qh?jY6a|$%PZInpne(NFZja$Cn1>j#^ zz5jv{8%z6ji<{4Mj{K1z^YQ(ct|E=PtoH>QnLwQ%lf}M-Xf#8_3r<(%9Ge?<=UvAH zo(;Q4oXgf&L*ior7m)c*9f%H7c(fWzUsk2nXsvRwQHAGP-qW85K0T*aD&Fizz-k~N z6$*&~;3?t83e>$Z1rw`_%|6!BcW)&)bUP)Z6=}bUpYKkc+TZ$ET|`OqO)OX}G_Fh$ zYVbntqeOF_;djR#u!$_a^ZO=VKKUyE1i0K!VIY)AnO|4z`fz<&LsXS_8$3#bGa1L| zIw|YHpT_&D6m4#+y!D3X<~&A1g~=tTE1WWFqkJa72L>WbrB$eGJrPOn5N;boDk)nk zK8<})tzy!M{f`*;b17|OfH>_7)`1D`e{}Hy;uVqCW0E~y!eQ;H!eT?99c#pd($!+? zL-)wpj@Z?){@TNCGE@@g7r|Uh~-PlWHw>e1WTEMq49N^h-KRaVD`t<4xHuDS&^8Lrg zV)X`Nj0D*Xp$M}Xhw2uy>5BIy^d{pp)`!>+xc5MQODxbIK9Woo#3b+u`o@y;P-kRG#r@GgDXdkh;q9ri-AY1?Ehazi2F{jf9c^)x!M$OjoPII|3jsU^3!7YiP1*Jt>{ zS!&YQJ}C`1@HD1CmuVWzf)DI7igGe+KHbFuw&^tNQ`JW0EXLEb$}x%sD#Ed}53<^B zGnFp%=w(20Kl%RsGnoDZyB&6%0u|*!ELvGr8ft|Xvvn3ta9<8O`c>mywI51#JwysQ z&-yravFhIl{j-w8a(Kasr=A`^d9_|N->v8Iu)6MJCSGd9myuI_zH+{29YfUy%jpa_CnClai;gZg9PIMcY|xvgh|=$frZmvn?@Q1V zX>zCgBHi{-Vyw{Yo;j5-iq3J=Np!w@Qy=0=ib5Sr!)O(bE$w7B^Q{JPdxV0&*2Z9f zWdh~krF{*MBc~h?OQYPSTz$Sf`<^a8Cu*O7t4HX}*c)ZQC@bJ-dv|Lj%k;;$b?5J= z0MDX`ta;_6#%8sAs$4-uT}rX&QkJ0ul89Q$hPHrjFvX^Q=}#uxqkH%LgoIyz{bZ@H z{Fk%m`y7HoIwclpFbK`T{@JIxv8(+Hw*Fc^tI!tg+R8B|Uw2k-oa88wTK)B)Fdxz9 z_V$GEWUkUiSf$A-W6Hl^Z0-6u(-hakM2cDp=oTCN4WX#LzMIZYAD&V^KN_t4G?dlk zhpIte5-Cvi6#LQ-p?hNCR+{QVk-6sLtcRr*KwL@Rw;!xqUc_U!m?C!|tYJ?CY<2Jp zR>hAU!6ZQDGbS}k5o{P+8jGLx=(RFdf?_pVSagF7#&k^GxYZ6m{J_;olQktew)=xm zsqY?uV!<4wEoA${0%+S|A15@M%&ehNt9r+2_lY8cR5+HrUoC(5h)eef&hO|Hw_Ja1 zoAr?o<7JI2CMIs#=#w8Vl|g^L3jt*`cO9|{5%uAx-+eVVFIc;p$T?fRDCKtNGXV$*7>I#~eB8Z=lOEJ{tWm87A1 za9l9%2>yG@9^ZF=yop0wSW~{M!$4nyu`qg$C_a0xFJ`+o*wR*Wt;$VH)(^!9*cwE; z^y(F#)vtFVPq&B1s=HHJ%#%!~N@RN!a&uF7G{=r&AL3sohf*>by0K)-v>T2%pRM)3 zmd#X4oj+b^eUNa?gn2bjm&_8dVq?%3K54ZglKDAel|4C{)p^r0fy*QogHlnV%%GPJ zFjbLz+b^-KuTLqRsNG$S=JP9A6fVGOwjfR=%r9?a`tjLBHmc0l%p?nZsZ7!{?Rrdx zGrRTXcR8&0rdcP9ct>o6La_SR#@aYNU3KRMwmIj`Ggk(cG@aTHgK&F2hClAUu|iB; z&67)bU45>@d9_z55|L@%>ffPYkrkP>+LFOY=ZHAk?dEfH8l$A;rofXZ7^@Y*czE_%fhy(Y;CkeN$#@;MW z`l#`t*`tF4!v;_wVvv(-dr-c_iHvlFkm(0uMAA6P0gV`$u%ZBV70bS^4kL%|s8&>#Ua%`rKq=Ug&s6V}bL zU!xkXGf}#dYH&rwXI7n;Le=WYUt2Tb%vLT3OgWBP?QGx2!v5FWW4i10PC{F8yaGab z={Smqol@l-FLls6MZ+bw*J&O5m|SQ*6y-ouge&#rs@D@|V6O|y8LiIWEt zP~$S`N4}?4jMrEjGcH&E@$q;JTT7&Kf3C05VK_5l>Y6Kp4(X}UTt!}Vk<7qh=fMpp zauTy{?I{8GxS9ydZ1qCIPFSDHMV?X6kYSQ@}4W&+Vk%4Ae#&RfXMI(a7kp1DlbM zF#~ zCy6%7nk$}= za6QNJ6eHmcayw;*LU^^sRq-6$M1CwkZtZzaDw%iakD{&Wy@4hNkN~gSM4_T2(^eUr z{3zA1YTcZg=9k#lIvAnUv2=_*eU-JyJQ%4^K^X4Ku7I}^`a-(Z|z2KkHSg-tbG}wo)%r zuYJir>LS!9yuxnd`SAD7J%!RsDaB}8BI$Q1t_A1m>kv9V>npry5J_m3LiJyW?SY8n(G5G;+h_JcIA!aG^{$6ft75! zok997Di7aw5U7-q?(206>I>*IcvBy;tndv8z>QG=ABs&n`MjUD=&X#|`Sg<_+DEgS z=iKP*Z{g46h@Gujd1yI^fi2D*X83lMmW0QeYvDbb8+!KEqIcYEM!!9bPc;7n zWr(;Yb>p4O7D_Fz!A58q(7%^bCO5wCZrA2!>B$WE!*kP`)Jo(w8Ks6d*y=4#Xw=0r zx2jHlWtCl|*c~a$mj9HH^AEwcd7QX=!j{y}x*Z=)HgkSlGZ2|tE_X4a%8~*XY zgP4!zR?|LzN2OXBDRg$?b_O%kYpv2bS+(Q%G`sddt7u*_e?0g3_v7K7XBep`jrXc( zTY?-QQq{K_9n*6os!NA%7eA^8&0~T@^{kfLWuXcm-V6~E&Rh^OwpX=d#wISpH~vG2 zd=xx3ggs*u2E$kf1%G-asL-%vO4!9fDwdMI_K@Z-G4e7r`NNHQIvfPJWSqvK`c>hb z&NDCXa*qYu{M6uxB6&U zMx$Bv7&hlB;X2tt?`*r$`r+P9LE^fu+@}SjM^5?N8BLztIjyL1(?>4xAA@{&3b!hG zpHIVy!7xXDLKn}Y`Qi$v1o zy|`XWv)!4SskW|!v6UO2YIU4W;nK~vLgBjTrSI3NHcDnS`*4 z#3Vctn2CN_zlI4HL#H$k(g-xUKU;i@%l)xh_nHW!i~iE|N4MwM7?Vxw*GjoORR#3> zC7({LY%3z#rjiT8hsw3*PfYY%dYDwo^aw}7&<8z?f*^tF%t7}%ZvQ2zKa2Ix0U_Yo z)3?!@VEAi~1xpG!oGnTF1-m#Lz@$W0hZ)qt#8v{Jw4V6}m`ul`cbY!$NLXD43?Zm_ z>%>0@Qpwk5x~A_NF5zLCTz?PQj(pV{>`l{=VfV#)qleP60G?7c^Yc|l69Bd7Hg`LM z@WTV4u$#?)j7|Ys&$_&e2s~8QDg&wV4cxdk&Q?3MR#&!vO$8dyGwk?b(XXeTH{QXl zuI9-DVt_$;=mx-!{g4+Yqp{LRsmqIJ5&aoz%nTbN=JK{gFAsxORe26X$UvuUMJL`9 zOG&Hcal(ho`>|qm@WG2_yrlU#gSX4<>DDlATmeGkb%!z~o5lF3uC>ufBlRWZd+q)= zy4w_THL8+%3OS7+^-{sPYJ*7M+V$a8O8GO@47@MWhu&q?dV$O2SJ!8}(S$rVU-zhD zsGYdiwwMj|78>s!w-yfUGDDYl&{*zZk}D1RA_#9{m>axIaNWtbz?!L#E_nYulBWQRMO zQ;adj2=IYL$+j}!?8UKZBkPP6;+1(+qv_NX*|vNOp8G(Hui=d;q+bP5v3taL`@!cW zj(?9MC>gMLa6cRSYz+)b4u^G6?I~Z5ZZ>97>yK|&IW_Wg+Z56XavwWG_c#p}x{AcH zB@(%mR9Q@4C(nSRj#4F#zD~S3T244Jh9gi5#buj)&0DTFXf8cm*O^8ue^h(r|9*R)U`MdoFdOSGL-hENmc=@UbN}Po~+m?!jk`eEd)y z6r1;1EBBM^it$B!?S5f8o#)R)$3KeLVAzwG|1@yllTGsE+V!r=V&t0KX;ZB$BwAl0 zFFT`yJm4ghaPE+w1`q}MwgZrri}!I9((7OhqL&ICA47R`QlNU=jYp2q65{gDs2 zRzAg?C0ZUkT;XJbj^%XuasEYM9-TCaWg;iA>FCxfiSO1*kjo0@(y)K|X6zH&b&vOXat*N{wQ{-jfv-h7w3QJCw70mPHaGTW>OFm8m_7LVAZ-pKmCkp#8imICtpvMGH}+m1^3-KZ%-4MbQ$OL-Gl-5CX$Ztb_xGPu z7jrwM%gjrCeIqqpd0>i>4jV6_WgLpfJKDDNFFPw7y(^MCe{|rMAM1tVab;i>8oJ^8 z7r1mpMn$8b zQU^x~Ofl`+odr8FY;4WMT!|lDY;LE8sNC%_(l^73nE7rlwowo@Huw%8m2&+!=CD{s zkzym#VwpGO<8TUVR8UEqn9b`t-{PHzzE7t$)Y(UYmm6L+KqFfA6~qiujhS@ytWo!= zrk^t=*}YguWH${zXuRqGnFKD38Bau_>Gx>MZ?kgKxS4KE86FaM>#MQP3s&9jj1@O&yK;VLI`YDxQ;hDBz$Z2Tm!tpvgcx zaV4d5%JElJ)GIFbdxs=fre*p?%JvxwA-C%F#Q`CRMX6Y`n7NNWce&KJ&8lRm9)y)3 z<4i7rqZNcnjR890?iXRVn2!b;;);pcF`8&eQb=iRN6(? z+GwQij)Vp>^Vo2i4CC_T$#HkoEUvue&}q0Sc}j(h$SMaa<4Devd0eE>$UYx1b5+yx zX2ia*Rg@ZJ_#ZJFEShp^gg8Rx2Bbd+N+GNUm<1bx({Hl@k zi^~l?(W1OBDzx{_hVxHznp=XVhDcRB(Nf za+%;Xn+3^^y=hdYC{LYNd(9%$N?*c=b3%zo+tcg;w$Tu=kJBjs! zb-of;t%=gPG3vN6IhKS392{jw!haYdusjf@YBynbx7jdmyBo9^LMemef7 z5+S--In@?ecRHpkl3;q(TpUeXzm1g{+wmFHBv&4EHUhBr(gS!~{GvgCNJ04N4fH>I z8(7|_uPJ6E?#43wvUwDg_1uS#uPB+U_Sp$*%D@}XZsfMV&Pt0j%!|ZNdYD;B8`XwU z@c3CxZ%`Hk(ZTTY9I4)1oz_gfnleqy1QG10)<_EJr6UZSi5hCA=L`m*`1KXW$kqWI z&Z^dce_SKL@}hD==Jp{H>~mB9(%W%}pS;pv@7r2CT*_Ft*_)<|Dp0=mezt@EF{JOi zdau7%uQpZ+qZg@gsMyqTObGSFR;m=ENf7UfJd@KO=fsOaa4{+tH}k4njY($9bAVa(QSUBmV*B@NQj zigZeeASoi!Al)D(-OYfsw9?%n-67p5Eipq6jWBc#3=Djy*L7d_{e16w-sgS){QmeB zEY>VI7qe%dyUx9j<9Ff)qKXKA=8W;#NK(8eHV{rJD2Cg6#Qcmz?-cZ`)55KqM)je=HRB zyE?XJq+AzR(rvr<5JBmkXJWk|v%eosDj)9dnh4Occ)V~is}HrX8nP$$GD5GoJlLi7 zzH;7m(QW24--t=eQBHsoie=sGo~^Hsc;9_T#?gq~`sPY?7~Wq1xQPkN(Rlx5pP#W@ zi>OK*z>)VJDB!dO+l4>Gi~-)cT*mPu3bZKZcsO)?bNgLlt7)+VN_S*EBjoD?29*9o ze%q_I-}S7!?4ZgP=M8&{BZFtw#?{RT-_y7aK8xEokounKmqLh2QxN9xT;BMG4!rZh z&Om2(zZe~Y;QZ;@2~yI8(+haGf3i=M%g4W;gzfsT$2$V7(NsYdVE%gQ3#Waq?P{F# z<_dYy3~j3-;PLdmq~rvK`mF^>sV)8W?+umFqifvGq%ft0ch#N2MQYPcd=BmR{@NzX zS35ZYimkw&l3<(TQahXdtMf0}9hj6Dzbk}|Q#Zl`By8d=$0Kfac3NF`V(}dV);-MiC{-~3Ltnya3-UEBh|$?PtZ(_h6P&)vE2Dc8ATbgw*?$iSV> zxBYCp3mrMuuMS>aet8(9Po3S|7(*v|RlWpHsa8?Hd+GoB(uOuXH>=>N2A5fCRpc0d z{yWSnfu+H*;f%cURojAI_;`mBeehjBH}wk#Uh4{@`ku~3=NoH-a$k^>s4f;k?k#Wa zQ`6onU<4(Ic=Yr&)_Y$OwH!}Shd(kb`tD=?jP2a}1)ff#6o zrAMcUkS~Y0a>g`MuKagV(k9ag{HZEA+_)U$OL~FfR%ifj8pG*oHppeo@5fQeM9^N2 z)x=M*Qbusn`Jg+@qW5>)=E`y#P;YH___pAmfgLwRCSP9@3mF+y@1lE5BK7XB;q=0{ zBh{zXi(-N`Zu>*DZ>x#u6N&2BH_j*!fGviG?(1lFMXl5qQIe3od$JAb|P#kom{i@Su%$6F7c zvz@P)C44?q7YE*(_cG!`2tivw_c1iVo?SJdkL)N;pdqBa8eoyhFKJkYi%mN3?*QlA ziz2aO*^AyZi`Dun)AW+RaHME^K|7!A`F>E;OC&fyd)uZQSc6q>dLSZo&+otac-k|U zaCatO=`+iGi*o;8+tFCefuDP#hd%y$G$lYk&i4cS2d9J7jz3h&!E#L%Xl}A*-y6i!wQxTA$?EVz z`7}`-2&%>8q!ftJBU48zR>GJp!f_yq#j%Tw=ZABLOt(2oL(drn_pr6Sm0SX2vVm~@ z$T}0p=A@%6qrx`c!g%b+PxX?RsXB+OJ?8IX2p4`}^%4JE%CBH`X#Cf+hjI(FbDW8)itzUT$EB?%6 z3l^|9n9y0x76CDTA|^zFo1t9E4=-%eK3>^tpXynQ!H%pn>G!Y2olhICb>V&K#4H|@ zunMutl18K`jKdO4IEnCqABtH+n?e~?lHWKiciJQTj4k&iDs7ue&ho+9H-b8gPj{m# z1+HlCu>Wk-P8BOyal0)PviU$Gm>a2Q_`945b(`7EwbD$pR;w`yhMSc1HvwyNQ08p! zK;*mDXiCN@ST&|_71`QnW#y4C!Ud!phEoe<`$u04qIg)u3N}btNnN^9v~6bZC&@5y zVv3+V$$Rt&X!FTUTQ!}^cyC9*ctcv4CT*quai{a8Vz+M>N3B&&V67?q4#Zd-2cIud ztD0El6J@@x7+Kno`_4auc?y%%VtdgUhx#YU|Dk3LsjO#I$Tr|Mdg(aDk8<^wp!anIFoWlzXP5j-_0Wah67MhQhZ0Wzp@;5pBW85J3Yw(1ZE=cWK`P?s*={kJHR=rjB=q6~4>X$baKK z?Z^0ae(QvuQ|cie)l;Hpo$SGw=X~-s9447Bougk{oq=iNkC39LH($*L-|rtZL+gSb zm-C7)F)AmjGRXQ%C+V>n3@r(*W;-Lp#>%inN^$a{r%I(ccEPTnHnn7ajW7EuX6rY8 z#*#oZS}qHSON~3>|K`uc}cRdKT;`|Q))$|$&sywI9&{m>sl6T!<78wP9Mmq z)E4$UZ09t*Ot4$5RUrQ6Qu?+r@~v>Y^29wd-{Q2H-J672@d?_EJE7B9%}azKeP`@m z@KUUyZ=o*9Jw?b%mI||GyX8`d-y&=5NFuj`<*>*W1c|7GN|X=u8EE2cw618%2qsS0 zf*oe~KC>3dlYTwjk}nOiO*DU(qg7_x`P2j++*(E}=A!x_l%o(UjkvEhxD4xcd0zs>kIq&c>My z$V)fL0f}%+z)mPmYf!}$O;Q^s{aK*^zY+t1t=>1hlVUS?p7R8Gf6k=W4`CR-q-|@o zGfGJwqoyR++O&n-X^qs#ZKL=M&*&CAL{ss0(}?FLM}t|uZkNb56A<&ibt`Z>>7SRM zMufe7NbaAc!P}{pRy`w!p}M|CmAe`;Adr}bNk|u;%4?SHgKj(dMla>^@D;1~*`|Qp z^4*Sc1Q|zI`-O)n|5Fr;T{)AlIN2Z{cMm0on#B6lLK6x_5uKB18+GkR07DrS$WGx+ zsQ#&L`PiaVa1DjqlVmRnV}|~mnqK8r1ITP+0MY`JUm>XN!4y&*vLGqyNJ{>&i1n&O znOAzHqmy*1@Z9szmr6F0IrTOdK0SreuswOg3tGj4^#h-!MW-PTF7w{aT{>8B2_Lk^ zxg3CBKG?jYgjxZppa=bS^MZmtA-^%tGo^;;s1-Ka8yf~M5 z#M)=-zEq&^tLZmLpf&#;9tZRh=PW|%iMGzWcB`(mm;83`Bnp1Kp<5Z0AY=W0u-;E} z@I(JPtPx?;Ra`Rfxj|PWb5!}!ER{3RH><>#lC#5^XR+13gb^(FVxXa#vk=78-{J4o z7O+qqyvXw+P{^$!ln@;`nW0wjLtg}CkUPNo9<4mB!^V(8m!%BAIlWs^N&!b3gYO#T zUsOX`tM^jTcz#8tuvx?*`Y-bxDTV{Ze2X-9E>Dl|&~!W2S>`)jQ@p(mJLP5M(m4TW zo```Bq`F+bQ<3>DXrgnn6{NB!WWO&@$kWaegVb5!`C{x3uAPs8L5l3Qa9k9Q&|Wn; zqy)IxX;ymRd-DW{3*W+?0!qQErO8^VLv3$yFXKId3YHNHo+LquDgiBtj#r*3@H3Ff z)F;8U;zn2uhDMd>_oBDU3#aMIqtsJYpS){3;X7jS8bbqVb>?bJD}+-4{g1@%@y&|7 zudBO8kAxqeR44^@>hpM(+U(V0nHcwQ|OH1T@0bELYYA6fV$z$$2nGYiV^GO!0xRr6@?T9 zs42=&^VyCc^ED2IfV{2FITAFGQ6t|qN^L8EwhqQNcxh~e8gvAVfC>q ztdxX#WKFs&4Hi>0L8i3WpfRApH{ax4zOSk-?n# z^Wy>~nzLGsN?oP8?NQUyhs|TVe8rGceX`uUpx_b#)vCjblEx;fhNmhJ@=SzX*JB+H zm3#BDtKGt)WZK1_WEXzxE8x7%yUP)bDOX8}2r8~J%HZh7&)?vXaxntORZdJ+NmB0? zM2PDbj&gR!afV;|_l8UryJALEZTOVbNp~0)fk+MPyRNr0PGiA+^$W2+c>A`eu+r)l zpNq0JyWM8ePijzVjNUTK`RKD?@&1xI- zCcN~YZ#E{&o86j;*eH(sOe|P-TZ|OkgY_UW8CUcjqQ8Z@x`S<&_qZOL-9k*s_ft;?r_1o=dG{4B#co-miS;0Gxj>PLzV; z?grFsg;}Y@r&Fq&JYTt9?!12jy@_Z1X?E~2Vm*{8OkAVM0iwwa;_LgBv<)ctVtn7S z8iW%b0Q}BmL94*>B_*2}y+T!gHtpiV+S6OVJIGXn9EkFjO^x$WtJ%&3vmHQlFz=td zJN?CnB_WHsnTg^MI=*w>A|Zw8s=^sms#zadF^lP_v(uTUh2;*Lc|M#{TM&jtx=t-*k4r3( zNnyJuRh!PPDep=!3J(8pwbF6Jte-vnBimSIac9EVO_%T)60M6S{(N^OX-yhI6*@;4 zmuRN7^bvttB-ckcHnFG4k?!Kd?_z#N9a%S3wn{D164xpx_AEoN`Vq_ccJ2Yaf&6+A zSz`A~Pr|y{Tfc<$6r#4w$#gm{wLJBnwIC_9yco8O`I)>Ie-U*J zO>KNWhSD6M`ns=d)&c*3y#InEQjry9vB{wfXCW9`51twE5-A zr*8g?PxnW)&B<@460F$xHfm6nJfRa_W0Qnays|ST-eZ_qHKb1cmeQ+?P}#y?J*hvH z6vevY0!v=0?WMDF8pC&uYP}wG8A>sbS5)5BB9KN_1EkZ}N)G8jrF*-~Kq9K#-ZE8a z!A~h{nz>zHYPZ}Xmz#^sl@u>{6ts>VIfN>MLkY_{BKPBRrw7pNu1UWC%Qi$( z?Ynek_$k>a&wzZ=3=_G-NYY5k81E8pIk@a;@LPP~+VICk5D(1??}W(NvUdg`-5e1^ zJ=eR6`B_xCq=(d+Ul(d*)Jvg-d1_7TLYsR@9A)2@nSW}i>6Ms*>L(C8yLuI7S9hv? zkP2p^kJ|f_KgMJRG?BEw`b`3!P*QQ{0rj-`}#Ct>+LSC|k~T zco25^a_%j1SL|CC9=*`p{I?Md9R4~Vf|kI}s1?KczrE`1o0W^J3MyM9RD_eTNkvq> zdRoa0RF#u7Yp(;r(yRgp7Z5gl^Zt%IuePSu87tRX#F4SPqo`KWXiB2+0(Cp8w+(E! zVc%ho@j(k?*lkthDxhag!lUF*hk_+Ia-Lel-r*j=;|gSpOltF|K$7&rB?l%YO)Q_) z=X*}wcY9@uJKXo@HCN@~JW7~Bd>1p?I@h5Vrq{zs4biAZ6ZEoiKef-c%imY0y6sM@ zE5rC_f`oH21RVF~?(<#h(Gvum9N#XN8ba@Niww3Ri@QFP?z+dh&l?5g3543}DH7}o z=Q@6hU|-pbbocjrbs<;tg;V=y08P|gSrU8Y@>W$R$y{}U#B;W1IkCc3*7P2G{n#X& zzJ~@ba=IUAN1^BQET!ys{8nT6!(R7tvnDyuRJci+Olo_Hm7s*@do!ArDp^l;ZW8|5 zP|s6(vYOE_IgUT^Ps%gTOO%bN_eng!nZnj5ULoTc`l;@JVVQ|}O3`nx208UWaM40~;@rzpLuFV<0a8BpKqk}HaN_eDQ^6*+%3_A{ z4>+*%p4SA!q_$#jSxIt7Lxb2N+4D8MDjMLPNY*fAq&I!|Bcg;OvoBqP7^R8>*Q zkW`V7M?g!7NpH*sBdW9)Rx$3E=O zNZ7FMO*EqsG%CiHuhaaHzq~6MO?uK_Iy0P+n5rr##|wE@(F{hC;4rd&uYxH&{7hoy zI(d1-lBN1Zz?xXSb2o;%DEtH4^x5`UDNY~9TV8D3_E8(9R5@e$Jf#o#^6lt~3EQ*@ zdca1L`Dy3Rc>@2jRr@w&5S_mpN=qKcsArQKceY*^HtmjNc&gXXGX+ zRz<$tquVHjyx1u>v25|B4r7>82OVo|f1DU|Uze`RoL5||$$>`jBl4RYkkXUk^OeH2 zM}}O!$Dx8eh=)3PDcriG;n8F^PQwJw2gqmsi(B3h?Q`F&rC%wAfe|D_-Rq%^h{#*< zgU(kGm&V_MYiyd^F<&l^OhPoOG{EP(q3%MT^ z*9Qg3U4-bCWlf#Kcrhy;2dHsSMGKpxZObKp``}!{j_OPBUcrv`RnI9d&&e;$3cZtp z&dtuU$Qo)JF3)Awn%ueWx`%DEd&K1aUMNL0xNgO2?=lOHK9#Tv~Dda};v@XN@vJ`wv2c8}BFf<32#mF!T;`!`96^a=~k>yJM>SgZIoiTidF5iK)xxl&%D9tyYJ*D5u zQ)Yfu0rzC-xyYQUeZKA!PnaR_+}&ij1sm0ND6`CpspqO? z%=J>x!>ip0(@zf&&q~=nYl?q+GzJBSo{{Na_q}db{l!r1(3?-Oznqk|GF+%Qa9WJl zQ)G}NAAg#qK?kdD7WiVUaxpaBh*2W0FKQx#6E$j7HWyPoA)#zfn=Q67avxX~(X#Sp z0MU^e@@T~VeQJ`!yM@-Ihn)JqnuwW{?Uo44)}Qp3?t2`~S(9Gqy1i%LlP~kU9oqU# zqGOEWx$LcheQ@aSepAd<9J8uJ40_9|R-9Nx>piDK&tRw$WR-*-ahsz#Nm$U;eP&_e zP6?xXW~WRm+lNX9agZ}{AHdm}Vabc_2MNT64p{lo-n5Ox+TRVYnG5pjEk}6 z6eJ=zcz{}TRE-(Hn|$T8h!0t;(HYR|ns?n2Fnz8?DPR+Fg7bjsdd~D2hSuF*XLVRg zs6^6do1#MhTKR_vp_ZRxyfjCQP8g(I#)*@5pAzEGwqJ$2@EZY+l(dI10Z~@KZ1CQg z6Z%!OtiKj_NpHR07H&jY&CR^V@GGHBrA1`9*0mXrT6mmQ%5?W51uG8K$5fTsEUPTN zSq*IRS^qh^4H@Y>zoWDX;2h;gB)zs=B~=nyMLDJ|_vksk;$bN&&-+41v>-|EYqn5| zE}fK0r5lHMtx9FnMof&XgjEbe^hiur+9$iyUAClN$QuuSSp4g?8uQ&aK9{Qp+K)*l z!vj#rvo!&;Ek^~HI)?M^EJVb5cG>WHdBoU^`I+I+>aczU^|A%k1tx#G=Iq=xWf zmmv8Gu7q2Jm}{iI7h46RI5(#n$A3F)XTa>Tk) zw~W=2(rR8Fg6q3#9Y(Xc>XC_q_Ke`4p>5`hddJK){sZ1zJyG$PJ}cemJgfWHuf1A& z>(R-Fev~lPAc7Xn+9cOL3-X$(EtlC-1j4L+GtCh$m|BbaGay*^o!Eg|&fK88PSt+) z%inzjD)uiuDp(-ZZtSitm*>nqThRih&SFPV)#&o>=TMm$vgeG9*6HY?x41Eg$j-+> z5fm*f-U+Klt~%w_ErTV?p0cwk+fHijZ@G3T{JS*Bku?Tf0uB%T1#rHn$<`w7DyvLuq^&SlqtDssCEVcK#knlh%Yf(sJoY=4esg+sBa$kOG z>#@&xK|P|v%6f1CR!1D(d{Kd|pl?xfis4f5*l-dr_bmhztaKG`yoIG7T;9$l$(b1x?hM=ljmj{p&aHK=-wkNRd26_jm`850y~; zvxoReMrb#bOi5yP>x^Mo_pLxF#F@Fsio7vh>uVNPCF8PQ5Rg^Tw;)WI&1@ z8`2P9=q1|eUS_MBY@rs1M-8dsmv>=pT3eXSaNC8XLKqx7XfJFqa!0Y5${^Eq-NcC>yuPZDHw(11*Vmmtxqj7Rzf1-3l1IAeY68D8ox12{vD$5LZp<0&t+BhEM^BRhRDwKK(<;k z$VO_Ex}pA`JVVcz%lV#^`X(aBP+-7lQ2>KJDlq{ z6HC+|?KD&Q$MnBW+$Fu39#F_TvFYnpKCx1yJwkL3V@V{skf1_;$1FH;E3$V0#B@7sjyszmJ*X}Y(;D5qK@Ij6f`MXjFVLOY)2`j z&PHmNTh*^Sl#|namHYh1SF_XP?L}k{{jjpm*WLrJ#A>IW4LKk`z;?-O-RD%S?sZ=j zbh>0BUH6x}t+r5P5v$`{51HmBAY_U~$Lf)@sl`KuUy3%3p9N)W{Ta~7Yp&1paKPnW zYSFi?3Z#Z+TPpaNTbXSNO7I%xYj?tMXsIUKe380-Bc7oh=TglPnguRJ5SyFQTLVY= zENt8FG?lsB{%f(vLpfkC^SG-{oC?gm!gAy0V)OAt@$L!_|kGF@_O|Cp#EZ5g+5Y`!5f4p@6`Z|?e69-ud z8~UwaBKo^vY)g~lvBEL+1<}xCF*hs<(9e)M)GUPn`r}_ZJOzfgRV0s(?b*1ijoK_L zP;fQ_psYl-Z&{|^>a%|%Px-=H_Hw{m)tHDLmZpbl`wK`Q%fQCBnz&;FWG*lGk1ID; zI)4e7W=R@IEWB)bntZxU*DP}u2H?U==vb8I`tmqe%N~;mPEvFaPb2lRsxYrlX2Qf~ zF^z|pvUzM5sjWDor-cw`Ki(MD3p7`O9)`Z?*H2f5*f989Q&3$9Hm`)|%f?mVECONX zCKXE2{Q=(3qbuKbGrcP}rjOX$l=KtDFz`K$Y`J3|C!fkTl>e z8K`Pa_YIwG*fbK$d5yP6o5LwC!quwf$rlbsy6@l2VhcsKe<1yh+yl~Yu~V|Zp|7nm zqQ3v6j}dY}Hw9tfc6M##W-`0MCv6C{>rk(F{zau8Fb-cNMcjSy{p zp*%9STkM$u<-(RyV`NAPzE0o=!zNK5S|{VE+qHC)pCSH&&ja0wn86y;TNtacvknKC z7N`}F&(n8?rexZTf2zF!pG0PX}$`55Wgpx&4_4`2asH4 zoSPR}ZuX8K4{Bkj&ypv5m6d%WlrYr~W5Yr-39*gJ4yva%gs{rW#lHFGjwHhujhi7H z8agN+#K2tCLT&jEo2$KepqPULm9^rK9oWU5Fcx|8u}g60L(qVGM_ixCN#R)5UU^)$ z=6KF4D+DL&Gqmy%>&E+_##4V7U&&L>Y*V{i1dgBDrx?qA<6cpfpBF~}y68+T2M`~;H!LZW^gqeX<)#}W@4r?z@E_V`KaO{4*q31Srr8XGp z)>~M*r`1@Fjh0f-_Yj`+v~Q5A=($JnOo|u%H`HH-@};)#Dipx^nk@AMOjmOQchhWL zI*X$T-F(%qLtx8gMVfHxVZ%1~yEr2>rDGw@uaWLEtG#$tW@}+2hbDQy@f7KHM#Q=h z@oLwV`dzwI0uJ^|)OtATg}WRQPVU5s7+@QB_5!$OAO>v3nqNG@!#-UsZFFN4^X2yV ziU?LzT)xdkSfj#8+HWSu&l@rINz4`Q_14!qwr@=(mIl`0>5bHiSw1SpD~HhgsF5O` zVeG?%Jd+w`$|ozpPTH)@v5{T62p-c%z=@p-y$tvWal(#qN3CV%LU*SlZ)J5Y6f>wS zW{IYL`YpxDd$D8Z0SUoSBsrIPQxpu5{Sh9M(Wp-0rxwGc8=`#+lPV{VG4IY*D+WEW z?+5nmNsJS|-T7V}2aaYncQ@WK8<-_?Yc4s}_M%_3+3l_m&YpZRHB;26P>F;!8kbLB zmVI5$XZ-R>3w>j#w&@j&YL-UmWB>xK{%-4=lY%&O@fn&;E_L1d5JA;9Ho$)UgPeE zI@Bnn0H9>7BU@eE^$)>*t1xSWdI#-$Ljo$YbK z#3A&o)&DvlckSJBpQ0+mzU1oh5j?DOmz$-73Q5v`VaJyor5R6_3@iIi9;zsoCxJfnJ6? zzcUajpa6KR*|aN+aURCzKUnqgy8TgG7TsnM#H94qz{MwG!)O9ni|qvZYE)2*eE4+l zia~mzZ1$`~AafWU+*v+L=Gs=3rMS$QdtthrXkA>{lH$EQi0{XtJ=WfAd#07+T2|+= z0`Nz!_a_Q#t7L2=lIRAxvwS`NC~rovG(UczRdclO(Aj-oHk!#OGfP(65#X!>LD+*Z z8!PosmbyBUXe%D%y$K^e!*6^%=t>5z4JjP^(qm@)^)*?-3S$iW<7pT_ys(x&!z2~` zSCxWneU_NEvTp0gTD@xzA&?5gg~sV{!HLjdv5qe>ta5!?ovZL`n6Kf=$w&P6j5>wp z&hDl+ZKJ881BG!2hX{3$>k*pYZh~kMH5f4ItHOP49KroYm|3Xm)d)2CCi(EnL<#NwT*ae|cs;|%IizH(c z7EktPqLT~8?;a+{@(dl7kBI7kd|K&LPO@J5;!sb4YM4K{KL_WY7t!^+hXDi;!7Vch zp{1gQjSZ?*Z|>wOGc$@r`n{&cunGW6Z<-bQ!luK|N#gK8Xn~XS4OjEnN-x3(&mM^D zwpG*n(52-F+4wU=gs&!lC$ZwFR)(I5-^*YAMki|_a;GQ}=rAnzrJC6DRE2T$-dFNq znOWypRI6X|y)pWG1tj9^S!UdMzT6^_H{t2ob2vjGJMBwuH2RP^`%v~{-(?fI4%OO) zm(ySXQTn}ulR?(0LrV{86#bG=?Y6lphS{?U`WW~5yv;iFWMi=f&-h|{JvneNFCzaR z768qB#d6QxTVvD_g$n8&xz&ZqI|dq4$9q@(qd*lO%o9@R0%o~#OPV{qYzy2%%d5ok z`2f&)&oMNYst5G_LOROm@J;044MQ4-JE5Ah&;aAJ`J!@Pzgv$oTWO7JT->e&d_QVv zFEIr?oz-aYFngSSPQ2ne@`CSRqoRAgg`QA34d_r#Q%)0@{;y_tR-=2e7DT}AA$+d= zS8>@+#`|n4fd{x1m9GZiMf-zsG-jMi2RL1;mt@K(CW79&WM{QzL%&{FD=~Xz+QMr~ zd4N5T1cpiogN#q+WC7RTPdF^fRHL*thq0%{v4%@4gt?AARN17&Smo#+nlI^Zu9X5> z&AQxS&80)xqNW#heV|T2pbeK9#bx}nI;fEXOkXu>1fv6IOf{e(hmE(ST5UDM!Km@T zCiEi@?Cz~gA9spQn=zl=nY_kL4ajn0O5B5+!y3bF4NLKi)4wzbrMAp{F&6hk(%Gtb z;u-aPvlL$+fT6)0MlFW4qCO#Nj9s50Cw$x2RowVBiYdc$#oRKk-^h$A5%gigcqPi2 zU#i73cxt|cw1KDhrWy+LvR*qY|7Aim28_?U9HkT-G=OhfXKP^T-~NeqN%YlxEO5D# zu!77su7=a-o`S*y`^#*-(FU9OkjT-LCi2gE1hq&05mEO=9d0^WMYBw(IAmO}WwsUc zasAqy&cCYVzZE=;F(p#)uEkoK#l{^NNt|jjdZ}nBD%BhEzRtkfFyZ3c=4gVxUa7BL zg}vNA=n-~)UCjSjYF8Z~O7S}BLiWcW%#*+SS)$K*O7J%*zQiM8 z)$Fu;JWg9ro{VKamL`3i*Y1VBsRI|8KS3|NPSH7odZ`&QE%LrtlAu;(rjFOQP~% zqpN@)*RTwO)@>#I5#39+usnL@!TBBV_O^5>8$J0ia`;cF&h&!;Qb`() zGV!F&#tG5^EBH1VVgLDmz`YB^GHDP0b6MiC3{d=I&FprnKgIVd#VUOFRU?*8?C!lG zKTq<1ifE*T`WS9{OQFG*eyJq)7$$gqx04|iGkpASohk5w=MhRY{P|(uRUC0A@G&Vn zhZD4=|I|7USzsn0&#YSZH7c{+9{5kqc8|R4o|u@3zIlF!Th_ouqpob!%95aEm;@?0 zLKhV2`>*_q_6O+C$1~ayWt2ccWU-C^m@kaCewP1ftAQzz-HVPx2>@GcIG#zOQv)&< z^&bmBU`kB)RFOp5-xZ@6VU!}`{o#l2(VJvu{t5LwN{vr=|C~Dkg*DB5K$`Y=XG@7} z{!h6ILU>Stny)_Hoc+@fx)o$|b$-2e*%>!1nCy=R{TF207s;zX@YKggrb`qCl!k&; zjL}4D>qCB;k+C97Xq{c=iRo}Ur`yK{#nJ!FsleOi$vxP3$;!)H#ld%)NV#MB=f*JI z5`BJr#~q>lx1jyFj_8|FM?N68HeyyzXZ}8Op|dx`#$+T)U|`hb(+&IgC&iLL=QeD$ z1HT=LM?LOW>+~yqWW02*$C!8sHB6pPIU31M@HF3D$#8ky{Qt5K@-PPiO@-gqoH>$G z?X<`zA##+W{xN7+Fey#k^uv?CT6SQK@&o=0ev8p3Z5N>sh;aZ9;MBr}=~~|X*B(oQ z)gMc%0H}i58*Q|bR$G$Y-+|j#%Tk2W6^-D{1}%5pY>(mp%Uw0{W(qQY_ef5>@+^6> zaUWOJhQ0yy^XHC4Juq@h;?n1{vxxlu&(QRzP+01KxY<^3xw%gxJC*W( z>3~+K2K>`$_;LSJ_XTd~Ki?q?K*yIR5?A@ZL%1@oDt;PPw0a@>UmZdJ!^rX|@=tq} zxe^up&s+Zcz5kmRpZI~|WX&IA{oh?K$w~}(AV}BFX8x|S|Krbbpg3-peb4@n7yf-g z-aBBNPz{+-|F8G%zbW=VwfT}Hm+$|t{Qq6${{NN#PdoWRx@ z%ruWkQfqfx@pSxj$BhG4)%CDHyh)TITbHlD<@Ljvko@1>@_%(BS)dzDnoaQk-Hk%N z08>pzR~KW7BXY-8ey3VO!1+-ij#5r7@00(j--qC!w5H*c?TfPgbyfHDlLt|X0W!tL zkK)hxogWEt4qrti0P(^~ro6V|TWsI1p$*Jsk^meE`Lk)BWrEgK+ z8id8A2G$O0c7C%rS%XJyM)6RDqy?Q0{z_5wY0I{nO+mz0?~pMU-lC3_@Yt_yk7b;~ zp%A6_*@!#=;$FpRrt9mKV%JkVBu}wh zNU#*_m;9lw6DBTH*Vd=$fXhi*| z9z$GF@2V_7zJY=@el*nh5;;p#4oeNXE?Z+PUAI0z$l>!21ay2$q9)=8^{ZPCjoeH= zAvp*1@5HuD&yp+o{Q7^JSp8H_?@?BK#=s+^km$h_NKuG}Nho;nfbhJWwwgf9$_=hxeWD3`lxrt_0Adiz=o~C#s)a7HawZ*!T%)Ze_R)2|DD+|GG;z zZ}Jc|8$gPDo#Q6_Dyn z@e9#P{c?)S3GHkMJxwZ;JA|L56)xT6C6#L_Y}uZ=H=ApuQ(vKwW++)mZ<*i-oBbGv@lpI?OA%E!YS2t8GxViG)ij-IhCv8(4~ zK#cWsvw|BqGHJv#CcJqkxF#85m6fxacr-np(0sY6&~@8z)^~2?hdR+3bA!m-^oO3k zxzydhc%^Cn!hS`M1+kO_gE)GLbl4gLw6am(U?e6%>t*B7oXjZ&JC!6h;%vgV5c;Vn z$bW^qXhf5=5Jjr%eUT4W1cgLId)D(b?;KutgrcvLLxN-r@JwOZ!X|I@_iX!#1cj9k zGck@MbgF%qw149de0G>VfF`9)TxZ5x@d@66sL%elL{>wiSmcT9x2-+h%{A*1@59?1 z7l4e`hZXr_1#~mgFQ*Qq9uve%Krvl*4r$d{lB=)e04gN!1BLc)u=(<8VFCr>A0^Y4 z@9qPo3*Y6v=Cc9|>_SSK+Y{J}u6F4|(f82-03Ij6N^U$_Z;I*8mx=nrw`>wyVhp5+ zdSLmRkn+X)z_8onANDs*m4yH#hR!vf$(4B*T$Hdmmas?@uwaH7#{vrUXg%{z*Nr23 z)_T6XENwIU?T~l=)MDga+@T?(T5rhq%NwV-)P54#OR{X;(3B2N=<)mb_ShY{Zpcod zl{fTk%O^nZyWR>&C}uR9S4o_T|2@Oo^Y&Kyc0s?3+2-wz9*79hWcLROsm)hUVCT z-2GJ^m*$Qc)tOem)6#nn&^m$as+Zn8#!t<@3%OmrgYep-)#LKQxUC~+EW?%oP}0~_ z9UTS`&C#;wCsKC3_sTiK&uWjM@_(RjEfpYs^?h8tU<5RMd zaU`br(1Vjvkcf9vjB@)uq7M36d8(^4!Y&%CFDwCvyk!$}Re|#ILz@ow@s@%&hEARb zSnwC18^Y7n7akv)nD^*XJpu3v5PEM+0;YCFm+Tb3Usq7)QS($a`nzP&~4Iu?qPYKw7@Oo<)9!o&W|OES%)GP&2$~;yMPAv@p!1un)%wk##<*i zT9mgd^lLwXO|DA7ar z-aWG{gr*9Fp!w%-AvGb@2~~$jiaL_ZJ^l@74b2KE+-YWk%k+v*nge>Q(E{$gjeIT- zVJCO%Ge>z@pVk1ntAX$*i$|Bb`$4@s;R6Z=TeIyJ87vj!9kZs1raAs-_!8&XAFWa~ zW6z{TXPuYO)b75~f2{wg{W6>>(AmwVK2l=`YL;GC%qA-m^R0iRw-hg#0yBGy07vAdRhjEb<)>;JPsG^Jupf}AN?wo7~<72 zyFGT|AOdZ zs+I7mq6sI_Ah9Eyp#ithez|~X$X~_P28Ly|6AV3E=c*#REJ-Ri0NKSXxNptuPH#_g zRJSuwzp!&dHudU5SyZy(x%NP4>!pMem2~W?p4s3zjGYrO^b<7qY2WB$93=i8d%wQ0 z{=uMiMch^Pq3#@E6iswxg)ch7=B5SR^od98%N%v%HG0HJK=j71`#hdE$hlfq$VPDM z*1_#>eJA4^0PI3H6!`8(MA5}9QTz_tIkib}yV)(D!)^Zq?`Hp1VQe$LXxv}Wg0Y1g zL1V-_4lY06@}tfMYhS%Nk5=ti8Zq!D8Il-1+gTODOEgvL*RhOS(Y{7)<`8XF0a6Bi zX%-(aXUDn+?DnR6RD0A5U)7C*eU7B4`;q4T-*~HhKJz|92*JF2{No7suhDnCsq1}h zVcmf@kN2MKQH{s7uiYl2gNsFDgeqIE2vi`jkym&(jhNu%ju!sfbwg@kP!B?*l0sA<@4nYtHk!t41@nnSF+qhsPuIPFe}nfDe-=7< z<{vI{EbYQD#aWk|7=)DV{f{?NuWHPvx5t?G^^_KgXRO}+$`2j8d2n0`H>I@(7uIU1 z%2)z0n?kidgqD*(Fl90PnX=fGjqv_j0)BdhqGSI0A=h_KSe%!($@ig)%NqcIQfI$N z&@*DL0L1VCsGk|1qbift=nW_SI(@_7nKIqw(NP!x?zBB90mjbZA8KYymZOiS@^#hc ziwN61dZaZ07%`K4BI{I_u_MUqRz<{Z&n8G`cjHQ<@h*y5C|2*wieNCTT)UbwR5x~i zeiIP`^I6em(i%-=HX6jEWb|#aJGI>WfvWJjzf`+9_Iz)CxgBqRwj|)wxpaKMO(QUT z;!GFYW6EWTGy)2JO>!SQt zt^jDzE-q5>&2IpRne0m0CrUnl0=-CnYxuG>ir%f z4##f+AYR3Zg$fzqme9P)R0T2CxiYLva2Z%>(gh4WpD|fm)TM`w9BRbPsrCQUX zK$`gr`-KmrH(Ix$A_W(@osU!s+()@T%F1dIy)QGzp0)%yb8H~Z?;qH#);{;kAl@OUv8Bk-TLg|-;EHX1Q!c=TafM()nrMOU*ByBe^y=a0WcQ8hisQ% z09Y)QZlWoK9CAm$2%WRkJOpr8+J6k))R4l|E$Yn6&0U|&ON=7F;P-UD&vIv!Zw}jv zxtJ8cs5-#v4r3lE2pJ#>QlFg*BH7kC$k8BN(beNmeI$G$*0^p$dFn6)Zh7Dk8 zg?R^>72$?fH+x7Z90mRsnl1)urwcf+MhU0@OGLNt`j;9*c~2tfB{~}%rx(t-RErfe zc&9}yazPR50Hr?AFb>8@K)rHG{wg_uI<5e2Gqa`v5PUV-w=gdt`o11zIlA?hyj$OY zhYwU`Rv9*rYYtXr(Y-(|5BG&13X$MdeEWg6H(sQ0$6Xh!ZuxEm7`khvyJ%l*u-diZ zE<76#&>Z4dHVXn=ENM+RTlq}i_kKkw@4Q;TTi->x!2XK81?tbG9aZ0{x1lZs~% z=8K*fBomqBBIb($mTfKBsqDO&Dn0;4UImTv_w!35Z)54qm=)dLYmcg$?~Es@5BW)T zQRsMc=(RUAl~w}Qebj=AOE9K4Ono0hH1~p;R?u#0X{J$`b|I~4-wleh*MSL-`ih{5 zj%d&<*O-FIe;ix__ytLG&L0%|d@e@4clORu7;AP&3U};B4;w3OB{a(vF@*iDJgui& zi`vh|UoksgGI6yxTB~d*c{Z)>`k?uSulXMYHd;8EMPU&!c=;*!*3ScY>8-v6!3)aV z(zM4x*z$+)j_%XF$}ZO~0v$MtirufGfJ~2()HrdlRaX!5$LPnrn=wBe-z|CF znRVES(76(e=F9*A?>3MMQ_@Bt@m)x2xVxkjMD)@heAr_^P!p6p3Ya@m)gbww!PmzbSL@0JEec(j9g;&%nf$X^+D`7iftDxi^Q)0f?9SpSyiH|}BZmpGcgdD99eFz}qE zYDBt?36ogOq{dZ9ZyVre2)H7_Y5V@A(-!B`lvDnIONDn$v(zTGe74{k32beD@71R! zcikL|$4M%`CgafrBPdrFvxEV9uN57wgm`Qm);Gv%G5-WoH4Ljno+lw$uRhI83n}gW zjPqrdI50Vt4}`$l+dK|l+-UqFexEkNed zmSWU%v`;_0dTMM#X&sa+I-FPyST@kqw#tPG!m`nKoY|ihqKvP;?*NAv)9p#u$~^=< z9FKBo=%?lnky<(RSDierU)Qntf7<)bu%@le8Tpd+QUbW2^kOn&M~a=+iJmZ?s6@L)g(;Jv|z!s@$s2EGVeP$V^W8L z1M;U$%*g!9=b*=?j%&f7vL)owZZO<(6Th>(2kqgH3}J4e_@D}-mG=9(^yqDJEz~BI zS^%m$es5I?m)af29E2;539mH2O^-(oQEqO|-{WFr15C)0V-y zk7iG8Nx!s+Ln#*k>S)VkwLpIhni=k6uyUB};Lbo+1Z3@bcGdbAMbkuRtoXJQSM%b$ z^2ES6QLzQ%qk2WC;-UVOAffi|xUGbS!g-a~fx;s#X1_fiGF`vDpQo9pP%QPTOHv=c zJ#enhj|_XFuVLeTIyz3J6&9$#Hk_a|QEqhpakmpLCll9{I1w|VFjXC>RwEv zUZPz!7PD|8fnX)KY44^hU}fPhv;zZO))o* z1L8*=t-}n3z|HF$%SMwaV-EK?PIJ)f2-!k- z;~asMBiz``L0owpcVny$(EW)fz8X(R9}nym%CI(jtl~@TdEPj=xL@>SxQf1hwEuWV z;sj~fU0*}V$gwo8-ZsHa#cKMvEio2ezi|Is-(A02(uc9?Kf~S$;ve3Vl`TA}sWBE< zD6FMSF!Z;-`WOm3hm{-`2af7l>L#O6q8_5qQj=bqoB{#loDL#ixURC5cf04a9!M)eUX)pHTu;%3&%r0tItL0${k>P}#kSK|*`+=G3oxo@k`v2nRI=+3Sd)A?&)ANgZ;d^wRNqp%4ZXuws$s`6w*CRrABkrt*}*8>*=siTsDC3{v2-@q%a3 z(R^)4Q*{NgxO9@zV~D79^hnEDTilV>^X0!+89b~UN)5CybY2=U{XG6V&oW9Y3?>b< zgWPYO501G^bR1HhwCWe-vOc!MjzVQu&b^}gelwWbGgRB6zk#S}U{KR0(W7BqC?$Q9 zVl%MQskz@P-@K5B5_9T>l$FtdTqc6@z_Mk9QHo*C0N+Zj4fbkB_gpv}y82}fb)?38 zr||`irZ=;0r%3Ju3RbB3PCM+>F3S?hVQCoP~6dXM^HX$nZWYr*(IBK01j&p z`0d5YgmA|)`{pB< zz+wJ+``Q}4Ua`me8CAYZo-_iQgipF5noElAZZ8`KX;Fg`ml6S+3AW2-LP6UZDOHVq zptj9m?~4=qkg?_pp0DqG_mM7pr1hH=|3`1L@lvC!S`f+S)|1IWQ%5UjqbJe&2_d}6 zPL{1t*1a)fcMA5pw-zd^=xr+qmr3zAsns_*?){wS`w~R`;Jau6D8*O<#6&1Ti7HC!nZX7-HMv*9D!RS(-XJ~ z=RT|Q>+|E(=Doi4HS^SB@psl~)mI0bpvMvOOYPK!0D*LEOX8FEF0IL&TA+WA{6tVa z25aYUINH*HPwuWf#)*#i|Iu<_L5Qp6_^%tpoT| z*u98>QkJ1+TTU9p8dO-LOZm1%fd_rL5^J4s4i-62n7BS-6AXc|_CtDwm*f=83a161^G zrB@z3*;xpM#Lj9QIC%J&(WCd^TPC5%VsrDY{4V^Qy+zr@VI#ZDyZo0VNcRU07oy+2 z8~IwBGBPtgyqFfDk0EK##b}(hV*hir=+RHzRWsyA6=QQrXv9QdyPt`)PPS^)O*Id zu3uoi*P@w1TgLh@%09uyBg5Gi8IWm&iUkfE#Z#mGC$OeOw1eyenK>HoZP;NK&*oam zjmH+KLq6>c!3yoO3=Hmk!};uk1H3lpAnUzoKA}K|YShIIZxPRsEbzxqtd;u(4!Gm& z>ds@;Q!VN6n34ihDudx#0{-+iimu2CJ;5eM&-v4L75c`S0Rn9(YdCoM~Gy*Evr)Uy~36%GFTj$8ezRLf!@pXc5P2O4o(q zzg@cWoW=^|->|Ng45zQB`{(RTTxIB0ba{}a8*fq_i4~R;ucq&o`Da(IFWS>$=wxtuDX{B?!Go3O!5l8L; zz~%iE`1g=+p)yHS5=7s>*(Zd z4lMczNXM|;AT)gi>{vv*@$Ch9YC3>TPnuDd>gsk(1>^$z2E%U>76dMje%DG1a>4Z@ z{3>3cMRAjw`1sPK)E&z{gc75_tyNGO8_pI1R=iL0gC{rG&AM==daQ-Z9U!N4%hH@C zT_%H9rn>0xYfY2;CkwK_xN$GWlv>zR;@qcaihM=ekPQ9xl&*Er?E(O>6-OReXLG2P zogx41T2(KrhA)UmBMoSwNqn;`ub4=hpR{17*GGN<{egJ2ey03n5RuwG=OX5Oz!J8> zdxi#^)}RlKSP}N1gyJ{wOokw(u4jx-1xoy^N>EjrfKiVR1ZRoXk*@jN%M%o;9QQb` z1U0Tas1*82&5qu{uDiTpxRc^4i12IQ5K}Y^*j%)ulZM&{R{I)Zt&#BN4P>3gF3W8@ zoL$4!BJ6oDp`3QvG_Y;xp7PDz^OmGwHF~T7kj^7W#jq_uNwgo4zG3W zfOl&?#!|_v(eNYh7^>bz)~yyO*hbiHt7>_f&~sYN!g!a)mg*AV3@=6b z^wvCyVj!TWeEH_u%O>dc^;3rS`((`iW#942N*LZ@UAJnSM9XqnKp$1&0h15ye18XS zv9<}IojLo2iuCC(flhQyQUEbvwSDQzG)T<%li`!Q3{{=+F!IeI@0HUPxV}Ahz=A@R zuWfM}YwnH(nEYxp6QA@W z9{C`QcOVEAzh)YjZ>#1)&PvOJ2x_t+J(*6#nue=x&%aZe9GrfyV=-;mGpd-hzT#yl zirY$8{uCLpfjEiyNBvE9@cB^m`yonTw@ z_itLU^W#+*f-1y$9;bM}o69I#{kDIUYcj^Z(>uq8%g@qW+cB8C0=F(1#!*M^+(*JO z1u3+JoKko!{mn(am~F(T&*5@!{acr-#ys7&7;n&`72w+OBQnf_(3JoZwI4sdq=0u! zuyW8M4k?fO6PJC*!rljN_J<8W<`k*(uQr|FsFJ~|0v19W56h&Sz+g3>J_13_W5n55 zeiMHBRQEboM&uCUt*>N+^$915x8Ool(uereHWcD|b`?0ka|8YebqeSN*ihIwNjx0A zKyQ}ge=na~uZ`00o4bo0jphQT-$&UEfDQ(ta_Sg*Hdy}{DctV;TCWw?(3l;sJP0E9 zcG$?kmmb{r_x>JFo>$0d08~B_WSN0xR+e5k`!oM_PJRxt;HeFSyxR)jZ9mtc4JiE*o;~?+qD=7F3 zxTHvRvF&h|9BHdu=xUkDzL6tB(T9f57@y7>^x4L z(nh8Aq5XolS1&7Ir_jg(C}6wAatZkUGumfL2J?IMmroJ1+xAfa;CH>UgSJov#%-cD z1Q($=7p^Zr8SUGT$8k1lbI9QApdKz^%l6nhui>$agX=viBJ@pV^+?4^%u(*f3v2>U zo}SD0hnc4%k4{O3;{vkX<| zK#z~=6A27OXp;A)9{I(9HLkcYuaL9hYat*>5!QfpmUsm37#&hx7`frIZXkfA%~<=6 zYDOx}IR{QpmEke(2J{rnZ2-V1mo72{Q`3LOH-(VSaCuzb3FlC_NUa0VA3={{Lj6BD zgy$8FLMbZQ4Wl`#H>d1~C-UWZm1nx^mKDb_fxdJ;ub_Jsq{r(L(ql)4&8uH=8jMmF zV8*am#v{SQzps8N*)Hr~?VBr-P4p+R9-8&yx;e196@8SaT3v4h=J#RLDO_+rK*;YU zv}`N zM!i!RcX!uAIG&Qaf zYvt2g=0?_<^wmZ^O;k7sxqT2`16@@~qBwotq7?5fHA*=>U&Uv#OUY6xxmx97!DWmz6kAl#P!q zwSF?_-3(dC86dqRe5vTv~3ggmOrd4c*2HQDqDp9xNZcOw%>$WpQn)X&U;*LIAJY>?E)~nyGKtIuk*22c| zGjt8}iAL9E?|CN&*^ttq%I-9S(fForiQVFujlJhKQcyd=M^^P0P0A~68fwEwb z=*x7Kt&s^Ikxasj6Vf6rCy9LNGz-A`!+!K^Qln9<(80qe)zi~i14s(iM~v;&kO;t; zO>{1G0j)o=Qa8CL{jCKRL$!`^bv$tcaOg+K0MQrp-&jT0;MAsgfr?$)m#J}{Y{`zW zn_J(!)4S$F*o34%mKrw#S}W9U!}DQL4Rv@9Yu^|J&%M~XFpfU+(WHj~t9kP8Ih1Ff z@ZalCQV1w3oSiHuB33`-K*k33e*b>Ca5p^0Wx4RPw4eSIS1Vyl!*P(pn9ED6%feoj z+9zLHYs-wn%MpF!=sG)UCw;}?M`+QxtaEic6`aOkWY6chiC)ZBaDKZI@vgDZ8%hBgy~r| zd+`-7GE_GglA?x?UQ4|iHgZ5g$fJeNG5T1nDW$mT`(K(#V3p zlye&#kqaN73=Uk%9S$Q3V#8G$ZcJ=_HeA}Np^)mXsrU!P=7nc!(|O(DzGIxq!4*hL z_}Zq_A*pDlO9qg%9*cH$F1p4r&2yv67tMq*)WVKK;C#0wQ8o5Ol;0guq(yM8TFp+r zn5*zTpzZJUcLJA@NT*ZR*i9S*`=zad`fOdFEH={jjlqpOqRc+gAZC87m!E5%v%YNw zSG!Ea+tk|ztUmYQ2@?p&Z8#s)Vm?1MIruJHXC^T-szUzwCMc(NVQ)DrW+&+>?SRso zG_795P~1?%;vsgv!~J{U9)+zSL&J^heQdWjnEL{>1k321eN`Y0aXID6e41}DyPJTwt}XNY_*P5Q zUUw*>sn!iUT(9bv!APqeTMw7VT90lR(?^mw>EfgA^Ap+oNGBrOh4HPto1(4fw{c z&@bx+nO>Oln*(ahAHJN@ONb1}SJ>(c@>bh_KT7CE$xkXpY(IHW(?D<9KAak2B(9Q4 z6eTo8YOdG`sMypcU9=+xyw_LbI@gZ?_1p}6S_D4hg_wyi4OK`bBTOMq;DFuIuw~U= zON4;lxZvq^Dlv@gf8q*YMR4b?YnuSKw?#_pl9+;HI=aWhqz?|M1&D?2AUHqOc{HTe+smIL@*-KVpX zaCOWZ*W3D`<&si3LOMBAdf;%qY6+U0zFw&`nshIKx!ndAzOX|sE|uTdw7Ur} zc>ocGOyb6HIp`92mM_AN_=?^Tm~)hmL(yb!^HssJf2Gak#oO7w6E{99-=n3Rkmpnf zuUXHQb8y`Tp6G#>sCpZ? z(kP>ve*_kDslhap^PnI^unf4{buQpL)0q|-7iptJ2^BR8rUZm6VBz-J9UDW=_3v3a zW7rlYbj$pL6UW;X6>7r1QgAxlnVeb|HWnm1Qcz@29WOQRRe#}uA?pRSe<*g@d}uH` zeViFdA7Js9`o0n@D={iB zKZB&jPcHKt0ft?e%IxmjD6f9>0f2BO;OVD#saMF#43?XU81_z}041Et+;r>;yxfox ztId4G_zUCQ>W) z3mpX*03gmL0fXE2N{P5g@pCgneH0fH!wg=Irb~8OL6RkT)9?LLS?TC^;>$@%1UxcVtw~JRdH1BwMXZc@f1g*IxNC9n5Gv zZlQ&kuIs5lc6pRbeOEm%1e!ww=K;=XC6GqZ4rfvu?ZGUk}S&{qVeeYax2SQ3f zXrc-%1{1KVOqm5zBb?@WE;UFb-L&)U+n2BHk>E zZ|dBuZJm#cpXKO>0wjZUYG~qr{oLC7Wgl|RyK}1&(jnj@!y(Y2*<5%*vDtjD*^9( z&}m(|7~}C>16o6!yP-dD-fSVowrtaK$Ua1#Q-EVEC#$SMw7Z9{YHrSmR3R z;FqH?SMop%zSqA_AbZ`!vRy|i(p`u+>4_$K1&M+=X4cn^K&KHAXDcLfJlry-{V*{V zXY#=~2B@3O(zMoR4X;#KxUfX=vVsn&W6V9hVIN^|)iqiCf*H^22s?#pkn!4!a~iB_%WavIs$!Z@@n>mSlQz?Q|Z%n}_&Y$L>VQ zX;DY#)9?vt@Or&3={p|wdUh;@QP(p*G4@#3H)=>(136RPCy_z7rx`BtaOYp)cYSdbliqZeDh%Ep+F@xY)D}*4o9He0t2~HdN<%Wjz+kC{?cE6;4DFy&urr_r~L&kDpR!Rt!$w z)A_(E0`mhG=Vh2D^;cMkc=n#^I_iMVYQ6{1eDoIVLFtm8&?3qFWIV0q zqx|PXNJU}}&=A!n7YQ&mX?At#oWazuEckRp|?HfpgPOiXhDETg$dbI233lZW#))KT^BKmn7cC6^8Hk~Yjx z>rNYHGa8oN2l~Y9)dN*#%rOj4_Zi*L}wvW9!93fQ8wcQhs~ZaZ$k#U^Hhk{ z(ZLt?`WeeH$Dsb6Sm;~W^67LC$c=CrAmd5aU-?t=m=|^IZztQV@GqM!B7%N@44-MT zXq%Ki`J`aaJM*KR6`{6_(*hC=yIqJ1vJ{DB3+ZHaX)4W8@0uGwa6sUx_8kqQUaB^e zhsga}G`8`BlguT< z50UuW%lBg^J2zaezy8S}|1z+@i28LImMS zsV+)^9(R8f*6yd{pt{wt@04yd}iD~m{$}c-HX_B6Pn0cr;9%zAmiav^ZUHW?Yfs|w(P?M;3bPD+?`P7AjSvOL%Np*vPiCMcRnH(1) zhZy|O6DH$I><%$gZ4$FNX^4y$AdMpbpL0HB_e?JzGN8xcPe=?9zumd7gMUwZ$bCQL z2fH6Qv*6<;5`==2ukpK$Jdm5LZ-|W@yei8Q&--(nJj6>tz&vLme&ALZ9Fk|4(=JrLAL|3P#Dh@S3%NCWrUw=N{PnLo{@@7i0nbJ>G6#3y8PdP@@fDtb0$6^TgKyBauO2B29W#>~bG{AkO-~)nyZxr?7G0&J z{-?rYRQ2?TRDzW4Rh@Y8IM(Al?P;F#L}3tlxJVb;`C=$VV7)+;DUw5n+g<-O1NmAX zWP>G{hXCI`Kh7H=ce~DG_L{l9p7gz+j?T24#)t3gW`{G=6JsC;lq~pSR}uhl=IW~g zX&tmRC(~>Z4oRE;72zKw`oF(Z-(k^Q(Er5!FJJ!UKYxByr?UPA0!=2K`=!ZZ3bODa zCQ@h9Zyf#CiT-^|2U}+5ocgBy;LjQTKl4ccki3I@G5-!rWrL)&BqW&ufknNCx$Lh16t)g&tE+mc%XcbG7t*ZR ziOZ$sTz$MhT(4H_lV%xzA76@BIK7Mjc3I}KT)FYFlf|rE{K7A6i15j4*S7+r_pKzO z6=J3{TUd~*Rah5c_tEzfRa^?rFY~fTYfL1Zn7Qa@NC2GO0P!o}((_ql)S}-f9Jx2R z5taww!2`3T4DuEq8_Tp!E@XntBRb2*zMvOO%XeRXy-?)aGs(hh*8UraXXKcZ`_E&! zf2=k_?z5opg8Do!kEw&i-`3p)5R){r^1!t7FD;J zG3f_aJtvG$$v+gqUYONQ*X#BWwg2Vp5iG|O67X;3dD^nTVva4(3>HS}?@%e@>XM5S z7b9wp^aQMR0{Zt$)f{>vH)lUU`3^@VcfoQR9p{TR>K2P*6;=tk%G>5hZr+G--+KaJ zE2&ChoaE~c04%kVAQd zQQ#Frhq-sTuhUM)5fHCCiYN)qypYvvrD?$cB^%0(J!{cJ@;FOT>lKMO&K%R8-P8Cl zuF1wzTlKbTEQ6g^YTYx>{%6*Idq>uOG@9?BKn+ow+0x8jTl_HG2oO%&^9nzKD!GS9 zF1J`53cr`O%-=D~CWpn!<2y71I8x4A6NlqcE#=<^*Q?s1cWdr)5Hm8yC#s&y77G=K z$-&H#R-3z4{`>QBWe*!JC@{B)dJKI8E*p^O-M9R|PiR)&btd?1I*e#bWZ}{Lg_lFV zyT12qEVb**%?mbb@a7}TSwFsJtGc6!+#qJ$tAs72;b9S(9<$rhG%t`5U+l}|TKi}# zQjr;2@@2;dQ+!q<&2{jGx5FVBj7&>>`?%x78jODFYi3W+9yr7#R+~_73~~vM$EyJ) zdL@#Ix^VfoyYCj=tKnj1NmiEH&;G*xl?i|Eq7(p6y1$VHKUm^#8x+?&E% zxEROX{(Xz59nQrw)*q{txi)!K%wgp7^M2oLN?E?_wFuLAJeQC}d;-n})OuAS>VA}x zQ%C0hn=Yrkqv@)f+J!Jp_IEbYJNo9OqSqRf2nn2B^~L_~#VL}udv|#BdjcNHzBISu zjxHcw;ksR`XW@7aD!Av6SI^L?S?UwL;0^q;R=I_rg&2C48xFjz0CPtl#U+YDF2~_V zD0s(l&e{G9?K_G|`&>Dij$b=Q#GO#a?|~!5H^>+H!EiIj%yFz^>R@M~1mxZ9zbgK} zh9zR(*OLKMEHGxq?rq;8xwyM%xok8m9-lR28yua`Xd&t=Nce<62g@FipPi%j7n_G$ z-2fGzfP04IJ+HZ?H)=29@78ZXTiG)1x0^ogPwyZ0ImfG0*R(NUP8g)_?vD9X^2~>e zAQIeT67Xw7rAdFRp72m8@rdr4z%@E-au-_LN6Xalv>!@~$2%KFl3LF_kGxDr_oQ=gpnf=#5VBi}(CqAoY!KMNXkJe~-42L$3VIt3M zeC9*S>dbriXze)R?R5-?>=1bVZ3y*1=CkB{RMm8w%!x3rk5u;n& zMHw{WE}(yK@R*A4pew_ykp_QLcs-;O20CLCoRY9&Ev^r@mJCjNAj&Bqc>In9_qtYS zLXv9IsW_R|_!jr$Sj-B{!FUz@&EhRkai?K~`K8W)dx3R=X{D@M(M67u=y z(k&YmdC~_!&b&o0-wdF&ODn+r>K3Sao}!mSe4Fu?E;nuJVzmvYAL#I7LK2@plP$RH zk&)-`Kk!+)W zU+VtW{x?aMKjpIQe6M3nZJGA8;#%u_gBrIb<(dN6aZ5=5>}Knf0e{=l;QKp>-v>1= zh$ay>-d$ZG$J!84XeR)0+dX^y3-VSdie0zs!LpO*pgF3ogfDF2>!c*^ce5|}0bUjpxR}e;eLri9f(x zyg(2b>x>NE|KoYtL^{~x*+Ny>d@s_c8lfHSY*=C8xfXg=Y$gpRAi@*RJM zu-_rpZ(>>PMje*v_wdl=dJ*%YgtKA@xFL4s{(zP1W5poy1^X*&+op~l?PSNb?S#@f z=d|r>CZV3+g7LGaw`HG1Jyr;=x`4!uZy>=gezg^rWV4ihOOjZE2Kp?~mIqzMF%k5x zL6P4n&Q)2prq9t5^%8VuojYo5$+AJf@bc8Qmac`6^8xL@N=s#C}X~Ds~X!W$!W}7s8!< z)~K3gvn{1xGWj!Z$Gkj2HWc>;250kqsNYa?T>IiQTlTpyA#F}`HZ=;bi$gwUK{k7Y zgYzr1&m#IaaJ2SLv);8omR~uTa`o;8_!tSwg!GyjV%=7ZgT3Xt^A|lGIFLUwb6vx? zZv84P?UMJQ-*{F!&>dMZS*@ozkX6b$gpit-kSIUclP_M|ZHdYUE~y#L@BgqRS&a)a z<>1-WeUrq!3uF{umV!<}{5^*e4!J;f?%9%y?}00Nw&wuA^;bXK#F2&OILEv^|uOktNQs^?y0LeEV42vLxi-}-$4AQ;qVauKJ)c7QpWr<@u5Rx zL~Qwz*ohzOg@rAT?pGQu5N6C)GyLrQFGN&5{rh1Kz6;R-Z!{}>KuA-@8y5PQmSCCb?}#iET1vM z-f>v8JdIq9zB3;r65TwYX(E}A#6xzPUdy?NMaL8GS9GObNC{wyZ7xVs=U`mYBhbMj z*Z;7TJrI&~@qtmyF&*9NKtT5b^1! zdHH`rDE#2&kJ!P6 zm(;J9-z}0n_BVy8{{~3?>u)DJ#go0e-u)+BGMNk<&K=VHd9~`F5T3kpj)}|j@?vv? zUug@I!Y;8)2J&HRul!BD?w_9hIkW0m{$v=S^XlJLTmOy5pFgO-In88XrU~!!|HQy2 chxdep`mc5yRKC7@fceta)VouB>(R6S1CgZWoB#j- literal 0 HcmV?d00001 diff --git a/documentation/docs/aws/2_choose_external_key.png b/documentation/docs/aws/2_choose_external_key.png new file mode 100644 index 0000000000000000000000000000000000000000..aa77e97baa09218170570b677780a9da5ac34c94 GIT binary patch literal 137480 zcmeFZXH-*N)GjK5AS$9SDgsJT0g)P!?>Fuk_uluY7J(NKCt6gxA$h zRG)M4sFd*Di)fqsJ9q6;8s2uyz5C}! zEwr*HBfr2SvdtVhdt6S`9g{9VzPV9Yb8YkG%Q^X|?Er(O&bWdX%nImH^4B@vjD9y* z!2{hr^`>4F2ip&gAJ1C4`=z|9t3aV^-$Apn!ovJ*vbmvgs9cF}DbAUOhO5yB4}`fK z&VCcQk~ZHpmwoZFh9S3Ls|sWM#m}GRE)M2{m$FE10YoX?cLx+EPwOKef4b>@CeKHa zXosfON3WbhtVhil$2sPLGSr-$6@90ZFP}cIx;x`%+go9&_%ey1sic+m@Qu}?(nuTC zz$z!S9;liG(5y|LN;es0{j{Y9)&e(X->~O#8PwEdJRPq6<~HB!7tc?J-=IJ9`gL~h z!Agv}c76dIE`Q~SH1$If5Zqwre>fdoOIZ8{Awg!>ege_yK6BIJdd{c0pPxASr;q1Z zj9*E$TVmJfE~uQK`P0XzGZ#?vAO3Q?6DLCjRK$iwJ%`vi)cjk|eN}c&>z&7V!403`7d5Jq^CAsmX zD$n1{(ylv0`?n|fo_vx{;&8h`?Dn6Q;g?mpQ@VryW?i}iBkmmAsJDNen@SnWc(YsM zfs)tTGK+fk^Vbv{JF{*EO9$@#h|IT{PK{HxojGl7+-h0)aQU?Vd1Jf&Oh_ERL4_E} z{^m)qhtEmDR?YEN48KR2A?x01+C_2ysY-kQkvcCm7m_PZjI=egY%E6DI@2G(HAmQv zds!PYgW>XT4cINr*Zhav13$|uauG6*&M>y9b6#Uk{(ALkmE&wYA;4kM;X|ji5cR;Cx+nhac%sSy_|%u0jEfXA!!~*<2YP@R#%6cy&-e=k1(k4o#+`M=S9TAGcloiA7jE zQ%6{a@O`CP#Ywkq7Q8+qs2D^{PAZ?&Atc+xkAdX7zl$QGs(ag>ZRNU8)jd4VrNmzB zV+P6qI1A-nw+%Kwa~UPN_48XTv-Ox? ziymnZvU}Aw)xZa^Z~ST@GhXJFTPg=}LNdm@0k4Gh`Pm{ABwsYIpQS0yh2Y~CrAz5_ zB72c#UACNEF{%+@EfH%(LyplK$`I?gTkl!-RYJzae^%CR56;JX zAEw<`TI&-zO~?9rgGBlKP{(nPlsC=dgih}k$x;aHv1Xkxeeib}A5j7oIH*>vi9M#e!6ck7lp-jw!d!m?OG>@AUP!t zr(!s08p~kAjZrS>MV%pk)WzU+<`jZbk}~X|cImAU1S4VQ`UK-9Vk>v-jhe7+^U|>q z!yDM9bzm%y10E!;w+hWoIM!lH7L`*e<)qadE3LKt2ZeWV#u3b2f(C_&A_fIMa44XQ zraN6OtSxIFF6PyDicu_M6_4&01tywk-Aw*?-5O6CF6wUzLs>{=)yALT*S)%DFoK8b zCOP$*X~%akIqs(V)p#5tht}Ir^dDj7U?r8)Gl<l7i{jE;NvI1_llpmPK9RO`*vPOr`NSgytR3|&gAIoV$S3!5-Oj})Iq0+)2J6u5$Zj`CP}HA&Sy(=FiYW{ zC9u)1TT~|SrAPL&KqTgo!{JgNgv?5q06r}-1#MZT^d?ibk2R)8!WEd25#{P z2TexVNL~lAJmQD-o=>$xgbvfs%pA@&UFuJIpi~jB>J9re6UcH-H}+m8<5Zxy zJlEa!vYNnnn51nr%{QfCeeD|(1`a;)qa_{-dR4xS)ng5~Jt>%5c;K|&_iCdb^V=U8 z=T~q>5Mo!3giO93S<-vY{W;UENm^9&od{xYf*)%>_GWQ`{fY@+3|K$(aH(~=?9k;? z!wiPup#)H(P%^fO8?=5@Dn3G|UsQp-t=Cf!cMgzc0L+M6Rbw9iR1BCEne@X}468+_ z5Nz*aX11#(w{7Yv?wf@AYOwZeS7^{d6&a{o=yrzXlCIEPUrM3p<`i@nl_`?bYABV_ zYI?W4Ofsy;#@JxO&{~3~tB4-o7=|(v%ujsEH(u&s>9Fr>@dPtDxsyjJ(g%dEKOTC^ zq6>~uyp06S0?Q&Nf1D1+;|;oT zr7okhvUg37wcyd>*W7|6q_wZQg>r0%O&)#CF62_;mFsxYb$Kvc?W1*VDjk#KY6lg& zy+3YhI1PLk1)bS1HZIcJ+3Krr`U;G}S@GYBRxY%%L9dz;`-u;~;Q__@lGNVM&CeYs6s@ZRs3d!~x2(KfEfn z55!j4=dBlo!PF$m5H(9(fPUG|9f(feXklLlva4bkB>8)Obzp5bS|a8DT22EnP{;<; zH!UPd18tX{;6bX%v_*=irh_Q;@h91P79W{KN;W+LM}2zb$Dk0Fhff8@YHaf|ZFOC9 zVM+aDVUgyvXYoyP$m_tcJ60rCQY1}V^7gzWlje1~V6}aHWr2Q3=qJF5D9<##Orfjy zhKI4rH~I%-s~bk?c6l8xY0H-=+DNaI@I$oM`vNHz2yRD>745!fEtTlR$Y(lJN5JykuZoPg)n-?B|nYP-SrV%GwG|x z=94~KX>3Mn^MU<`ojA$ZH;(GY?^Y?+5$`4>zo$sL#EEGn%K5n#TadN7V|XI2DF+&z zhdIRa>D`$P*@e+fHQ6s=tyr= zBJMl>jN>#U--^u`(2zL2L{ct%4S14t+t6xeeZQs59BxCO>aHWKWx1LYmlFjdzfF|x zDv_@XuCFhqWax#ai3yA#Ch9yyW~288>FsylF}n;ECP@GleDalun%GDEU+Dh;%7@=S zwX6BxK6N(Wsm{!t_tW>P4zJJ%boERpopqGe3n6DwFxjurgz;gmM7;^XPolpdiJPg| zI5L7siz^~3o z#!G$R4*w5L3zc(?}g${N}M9vTT zWCr_<)BQ{f#WSAtkYX!HjV-}U_RtASrH~1;OZmx+DNz#r7EkZNn`J~(&tYMFdua>h z8QTrr%OmFoFYz_8WeAJoNw?l8h5`8D;$>TxL`|QpD%$pLY%finBAQ22HuFL^>{Go0 z7kVyhW!y=;rsUppt>0FNRn$fj7MB?u&@R*&%{8mElTEh>;Me>f=((=^>=Ute*zp|# zQ{HHWTnxm!PUEX4QnEs;(@GUd2?|CPb=K!gMVTg)tX65v>w_``(%?2jMI^eCcbA2q zYA^9I<4oMuejEOMSLV6kZ6erJ!0;i79vgzOz0#jF?pRdNxS+&!?3mRzKCD}ttrw9F z>T3=AqNk+*n^SR~Xvypr$3*LxN%6%hJL`g6}xwW~7NE45m6+;FjrZ(=rd% zZsU_Q{F?vf=j7U#Yzk%DqV`I?irTwUtc-lAvcTCjQq)B-W;!u|kL=;QKg2M1$So}{`4~*j z@?;oD+z~FplZ4C_!Yr;w09*k5NuxzStl&XQNB2}a%gn`f?#KTqCOC-LZbkPYM$nSM z#IEAqt$~C>s_#+q6VbO#O+xrt1VA1aTeZ_mn3dZI!o;1bA|IFRyzsf#|NF3i zuU;i;4f{Yss1ZNDFq{qxy4zAIttj2PXe=hts=x7#Sn@EwmsChKKdOxQP1StURG&la ztX$Hs0KlH*V@OR5P`@jCG6FG{T}Z!4gaz{F4YktBTZBr~tP8O04a*8COFKQQuX7n# zd@+jDsET=B^M;!;%7KIz z+eit44;b&)`flX=Z;S?7D)74aF$m*V>ozOQW-Tqy(l_)vjd1M=xdaemd)Sb}7hI#| zle+yyIUtddxM8Mq>^fGMbb5?{_@3xu)wxp?eax2D(gFBfLKvE%+rBxOJ9n6=47EvP zD_*ch9{J}B;3v$D3U%!xeaYLGwUUJ9?Lq;@N~UQ5^UxvuO&R!5g`_gzP_|!Wtm3gA z`&i{o?(rnZA%fLKg$x&#UDO$$Y8nV4bA3y_8O-Y9E{e z$6xarT0u`BiIN5GQe7=TYWxcQo_!q(i{v^(vReDCqVW8=@@WNkrQtEV!cb|Ok9MJ1 zuktCb!wz5Es-;tkS;zL@NY)Iafa9JWS}qRZsrrjB(nFwjqDqTGB0BhSwo~8d;rCx7 z^+kV!X|I`Y*?%bE`Y2A`Q#;*N-G2LPW_BjJ;NyC5e0ee3>%@1r zlG%BUQ^`D{U6V*IR;H`adn@_Vox!0x@XwuG(WzuXDYb257H(Y!@qhd(&>sLB+QQ@# zLUP9gpOX-aF=?;Q0nz~+v4mS+)r%gfEx+1iP|1wwWoq7AD_WJVH%} zbfeEsetM7lD8SO{fBZO*K%`jDG7JCYy1Ni>pfw$7)Lh_Lzf%U7b&a9ytm_UtHqNrx zf8ePD4eo|wysP>ZDG9n6(#HPy8NtfBU^QwaC5WNMiaN<6-3EC`Ca=>ZR#Dd_?1*^n zx}1OFKP1*fLSaH#Qv5om2tJjJX34ik+UMPpf~B5i6=fQUPV%*G2r0;5CFI#;b={0k zNIGMn#OJdloS>K1sF_?by~brL{5VY>eBNcW#yoqj&DNysiOqQ~**j2SbCKC|T)eVA zj?9gsOodA3M|WYM@Cx=WVe5UKV8xlkn)knzFrOpOjFeg$^XX;sDMugcWtLb7Og&$0 zSeIW%1Stl&2lN%$6-vkg12Rrca~dzW=$%ZO+#l<+JDG}coR6zDLM4os`6Kz`dxJUE zz)Kgd_5d1R-E85EQW)B_Yq^QZM8Huvq%GmrUZBuQjU@xZ%}a~(o8uO}25uEvr;HR=4CtprT zK9a-tUHc{O)c7u44ithK4bGb~mAIY72lGM&@m8^3;U=qT|!@;VF&n!rEAoVG=6z$p2{|-GNp`nqeofY2W-qt zMPrRDl>C8kcpmfF!NX9`k*bO*u&o7oxA7S3T?Ir3h(DG3SS*}B>y`oD&ZwyDjS)p$ z%-}bsji0C!Dr;CB&5YgUkj9=Urq}XW=n+%JfvEh8B z;+2xn>e%;(WEt6@ofL?(Em^n0Y2b?FT%#UtQCiU^n$mO(6nA_y`;1azvc<@O8bJuA zJ-^NLTVXqF{6=(dgo}FRwkQG()44P?zBc4XI|$k%+G0Y;ns`; z;S{!+fSa|D<6;hf&ild=9M}e6zY=+?bBixnu;@WSo%@p|t(_PPwXx3LjF(=|2)KsZFe`- zA157X2QHd@t>BiuTh(m#u$Iq%iPtX*YQM(=L;T21Kg_kuCOv#EOG>(F#tZHE%9q04 zOyL;DgZnxZe2D3eJt?aH@SQsd1y_hJ6R43WNFC5p=WY*%py9M1#j9Puu>vDmK_n zB!{ccBE4cJ<_})KR;7^>;&>GP&HuF?yHu5V>Z!BywUvHRy28Sx*tCf|u&Uuzy6OiM>|U8TB{1Td)QgP%;4h9=&s!L%w|og$z3Mn zMN(cW+es&-SJOHuPvKEuW!c?!RLMi*uJ@SQN%7Bjp{D2yhG7|Sf1Umr+BJJ8lojmy zMEzaZr`X8uLxK{HM^{j$n>Wt~wXqJe`jX8M8deSW&-3#kB)5sIXBpFrb_)jyX zs$MpKh`dy|O;1V8)lUbRb$c+0hM4uU?l^)vt|j7Gvlv@aF{dBERbqv-Q0ZBLxox&` z4}QzasTXo@Tqq5P88#1$2MEDn)ms(c(0AiuZ1Q-HJoVrHj=SRQ1=M>SI0g56#{ch+ zxs%R(jV_o2jQ<{Z|C0*5&`Hgxb!>5<7Je^i|4V5uSpFI~Cg0g~@%Iq<_1~}OsClco zJ*LI&zhv`Xms1Bi;4&Ph{xZq0Uex5E*8#mx;NJ$CQU_M=qVIbAehvSf)X%09?WlX9 z5zPvJ8ThnR+j!H(idbjMn+f`kV-Raz_P*eG)WxRr>d- zvVR}f%lf$;zzX@rit8@}t4*i_h1$H%ar}1M{Cgp+Nkm0VqGHy*g8454sdE&QNSe9# z>cek&$iEjAN>9w0G+xc3S^?}Z~mTn|C-bV z%rE@z%A#rIo9Pa1!6zGm!{(yg?vm0_Uc_wV-qT)4nZjU5Hvu<$1# zAT5&+AUgFXVNo>c1tUw(@MA%(53BuMx!-yn+dm_30nzT;n7D;FL7=|NBV@xRL5q9K z0t<6CT$5hs6p~V9u_X^3;NZ5F`uU8Cj9Y;S>MdZOu)dL*3GfPeq|#*7#2cX~l4dQL7xjZ6x0| zyb-uISQ97Z1_(s>>ot2Xyj>e_#woA#Jp7|KseVlLwC-&_UI9}U=ZU*fmD)w;D|==j z6y2nSnG2P~jt?Aha(>#~u$z&Py3mz}gKOw)VVi>h|Ht8Utsed{)en{*$-Fo(O zUW-l6y@`szZX476ot1@!F=1*{G(z-S&|X+?O_7sX{H}U94=cKp_I!ao5FcUV4@X1E zM{v)kTN0@B)X7GC)dFy`!DXd_*`?j2so>9kcMqo0${};ogN#kNiiTRL)QU^hibM7( z;aXNQ1x_rf&3FAm^@=i-ARP$(H0cl4QlNczm}AY|NT}ii5v$hQ-SND&KJIc9!tXVc ze`$a`T^H*8b<&EmRL@AU@ynpLH~-K>dkb}vrAH2p3pFpUN=yH_NN%rDWwR>=8l61I zbD=_|`svH=ujkC(T>qafecJl_L_N-Xed4heRrFn!uRis^Tj?-3Ho^FNxvze-8L>9oXzMZ4%DW-PSQ>dG#^m=opZ#M3#7TrQ^T=syhPJM^R@V1HK8 z{=vVO)W5HemTvb}vN#fw`f8kT(%5F7o?U~7;Uzx*RJ=^}O zg>CY3$o4zhxgkzc?^FiQgs>4u8;M5Jpa~)BfzG>|S;-=t+yGd&V7t4`&{!F@Zd(hj zow^KAJx1&k~RT_fJh@R9UH}62P~T z!mJP>*y)`W{=-`^n8XykFMYR&$pk-9uk)({E&>J<2h>5#iml97M@o38OS`RfYuwvC z#Fhbm+Vnqoq1Mn*X)ex#jrJGK{fYRreOWNyC%HoU`3j_dpXPY6&vLC~s4)UIGii>X zoTO%l5|khmEDNwJX3%k~EtJI2&Xy-s1wE!=liJtsaCv*F`ysSbvdQ%0qnz6$F6?>f z14`wAf=8=js};7!sK~#(%m4Cn(^u6RF&2LPOU}V2Hq--RAoSvwl|0qMps;XQqsMgI z`3$+zo@b~GE|L$Kf+tgD zq)#hnKcw}<74*_x=deSZ&UF~=Yz;i?4sd<9*mrXM%h~@r`%hfda>@NK)^_Lq1xm#y z@J;n@hH0fsho7<*k55iEc!F!mXRZiQ3qy}R&0pU<0MGFaeoq=!|FEZj=W*Hh)>dFY zwcO8t);9I!b?bK28H1!`(hS71?zodvkiTDvuwxDHpvgLa=2F*)m*mIekdI3ky9Ieq zBrkb;k*Oj2DC61zdB6_WX4Xn3%D10{v6ty5DZtY2g$@OqCH-$m{r{(K^H?t|qHre% zKn`RO?@fkUS+tJpQvXS`*r*^50uVte29w@kSCDV!fo5$GioP<(#V>E(e?lBmXs?@A zxWiN`@uTn7<-uROis!z)in+3|o#BIU00U2}bnR>E`S(I_)4o5`d*vrD zSh-Iff;8898{~|?gv$eexWBXWsTN+p;H^m*T0!~=W$Gp)BW=UbaZqn zr~)TID7w5Rm?YAjF8dCaR$HY&T)z3w*tIw8x1RtOaZ^vjX*8m)B~i0sT7x%UE^Kvj z)`x}1bky%v^47TSvPoOGNhmcf zk9(J_;Im!aP0On@A-ivSM2Md3EYL}I9Q=u#!pKz?lUgANoBs0>%BwkQk?zW?ut5~A z=(xdsvO(`?x(Pdz{Gd?iBiiqyuv?N)t}1(5G*zGHgS~s{Z@0qC(CjmT9nMkJW zMmKXMd(1}9^L?q<`N9l`$etBEI+{fF1@s|W@d#gU=vGX`V@!p0BVJ?a9%PJEkDmM3 z7wo=op)*u*08DhBZWxWqsS;4LteHRLL5M<{lg(=ZgB}s}@kRRGub9%NcK0)%&DdI8 zA;x+yOo3*o8^|gqkia_L>~D~zuboXIK~{!fNP*~a4b4ss-wfrp%A0cjM2&w# z`~UaHF;xy&L6SP~>Whqa9n{jK82TkTSO(Q zdoemguBj4YJznGVPSSNh7nLEeJiwF6v}@l;DsYJO4;yo<%58%oJ=Q1u!p3m#bYT)b z*)+7ej6Fr+pfo9pL0~OT-g{@c+HR6FWRr%xO=t&Xw%*^6ZbKA`Hb~NpJ>HN5@~D2M z6Q4r8F)IZy0TXpI#UHmID2Vj!GXX2=hnA&;iCz38|H$*=$v5T$-|xfESHi=T@t|mB z;_DE?s91L#Z|&Mdz2yXAVrKeaVSs1*e#Aa;cft=h-^}hemEH9kkBH^va~`h+b2SGN z&|JZNW#yRc*vZZsW~%ABdD&@aRcWvCMDu3wEcaX0kCVPNZlq<^}i`mD00jK}Fq0T>m# za=G0pN?w7k+8Mx+^bh8h9d%Z)5c-?6>vnGK?P+)$e}-ILWBX5gTjN)?; z-u4uwjqE*+5eE{_X+dWp#H+&5Ylk+6eg{t)%QmP~qu_Cx*~8g>RZDNoNd zg|#JjpUgI7Og8Sy@oustXz2Dh>rnb(-u9XS9{16Tq4PgA;m?n$JrPKryEmYh2AID{ z8f(y|Mn+#ttVFQ!=vme!b_yyuaJ7`-eA71Ouo$5|d${*PiEgU6^-KtbmhAZb0_De2 z&KHffTIF+Qy}h-g< z4ChyMCT-ki?>^#|2n{)euaf19eJ*FpU>)@-4nJ?XfWigzxs7Wt;C1kfpPf%^L=HO4 zQ(~3x!6Wxufq0w1LW@3?FkL1qIZ*e|!ZtA&Kbh=@8%bIn&GM1PsuTb!T_{x=o-&(e zjrzhIzKYPJR*u^~%x9c7hR?$GWtRE1xi&bp zonWGkbNc)BO~cvPywFQbrkxLlPnh?Pfu_Fa%wW76pmpY97n^NGQ@8W=he`bhr_QD) z69e1BA8s5DlFYyC@16vKZJe*E0s3zA4psK@OwMG_A{mTt;R@x#sqo%^{x@S>S0NrgZ&RUv`$uL zKTIi2(v64TAYicw6?+p-CELE)x`P99LCw258x)`SST@i{_@JA+A++(Ei|B{Q@ze5I|qnAGHO&c4y@Vs*|zH2 zm)^WO7k#_fM(ym z-zL+^rwm{ytEZ#0G1;a@+?Ws{ETP4*v9{X9k(^a&^(Hutwjg=9cCw6IHxg%>CR8`d zXSwMBJ_M?5P*2`O)hoVJW__&p>RkMbQ{A7ywE=orLRxWr)i@w3#i_^3qqqx5A=)#8l(~btbb6U`W%eap={ZZHDK_@JZ z^}3TqE1j=6#C_#-Abkb=*y`j;%nH5cg#VHK}bM;tW1UEGyy0JfHb9?V9VT1kYw+C5n35+u)9rqz~eto(J-tPAzrd z8U7sq`T8G+%q{RRf8jxe(6y_^J^Se7Gp+ti4IdXO+(tGXD^_O{e#}BVNrOU~OC%#a zXpWVgUf$Hq5f!6qfgBMZknYnS6E(Zkc1)9I&AH?0nVkU%_z{hF<9bDHsQCYfMHk*t zq2H04=2!WOy+2`lxKOp{DC@kmfRN42!PRi^opY(*Ed9CovsbR+{2rvdOHCZl_Bw0c z?D_##xqi`QxTIjD+*++Bg?S*aw9mHc$xwlwpju?e4KC8E2$`@Dzl0l+Tv+JQzz8fe z(9qrBsREKRRWzJ>lXwT*Y;CDB46h5I=k^sb)yl{|g>aBAARa95(-98}IM~}#aRT`v z7e%G(30F+ZHuIU>Bypbd0 z0&N%4aG4%nNEkkZi_A2mP1L7+KLnS(L5!)Spm8g8<(7?;51B$jp7vnmKwrDK=G&NC zWJR4`GyWq_IOED_EzGLVI zuXA3A8pRbU5O$2Eor}UISNj!l?lrt}QXg0Aa@6Q`DE^h&3)+`KVix#_q?~e#=D1p& zY|*tQ!Mv($wyX?zD=)6^+N%jkj-6jx18gYM?wR9;*)ZRS>5F|CGP6wMtIdm|R?8l4 zBVzL^$s5_W>;u7%^EEGmq1GR5*3C&aS8m750!pc_tB&IQDRksDe!aDrtoNKeXQQ}~ z6UpfteH{ArHW(Y+jtMUATs|D|lC?cQ;D>(VcWC^$bh$)D_;HEJHW?U^PYrX4q^40F z;rvHA;TuZm^s0@w)T)&u!=mZdz~LlseY;R-{rggM^CZgg>no|~3ZF6(;i7TCA2iBT(7A&ojt+YO9UF=#8NUJ;6q1AXlH`p%>~&U~9;! zK*}@;mE2k(pB55I#E|OySwBVn7tw-r8zUKSFMn~00b8mlyN|AE3v*Gri`2riX57yf z?{bMf(M}H4tV#8LH4zy)zMw>?G2&8dlar?pWv0F_TaEZ%@3$U*YWJkomE0L)0pey2&id!O;{_{ z!#81H3h0V8y)q-)flpkt8b>%p20wreF~e0szybswQ)cdFTe8A5$Lg!p)itBDbS*Xz zoyOltjZdeS)O6BBRh&N=B89RECZ>>I#_-+@@_7nEb8hJ=;PswI-Uk(rCJN$*njj}Dlw*t@yOtxW;cga z3LD-Wr@7XOC{~8-xkL>+Otei*(5pe-IN2aW)reg8xEHblgho^rsbNq-8VoL6EpYcq z+k^x$g3MzZ!b??eC3r8DrZP`6_fk8Sx=Tjg^ft58ySr|4L(wo%B&<0{@&c?Up>&ve zcgL_Sg}({hodB{tz!=GV(Ta$rYM(|%Mf$=Y*p)=xFo$lm2~OI{HLRf>sJVhUYMwwp z+o_2BZ2NnAgg>R(hjop3z7kwN7m_`HNc_^7Y`fxIo4}5IWII-7EjkNZdkf605TYLN z=PsKp^|{X$mooX*xlDiFz%=&;OLJSm0aDFDyCu45cP)F8M1)`J5#P|;C5u?|P?d=) zimTSNT1URh(LqjT1k>rgcPcZjVG#zwr1j{*oE3aI_^budaOtQo;cnhFIp6V(hG5c$ zO8@?S3APCOTjEY<(zOu1=^7C*JmRo0qjYO|(4m2=ZveLw#LDr0b)w*%^A%WwBHx91 z$&6rQuAKTy-Nr8(wEWj+a2~@*%W36SbbB(y#9r&6%DRgYjQ`lvC_CPUZ52;0MhGX_1TTXj!&%4wh z=I8~?b6=3`?L|6?B)=5aPWAujk((UUTzROE;DHZ!>f>Ticg^LCoY|ani~v`z#?OjJ z4?ZYUK&1$h(n!a|7qjRBn3*x6kETSrKTPu!AYx&qMzf4a%#B=Yi zjq+pkib6UD)%L!-`7L3w_hxEh5ol$|DK|_5@BY1Orjj*H+AjiDdz>!FRuNNG6%fd^?`uNneQtF3-1Cib`J3I21XF zU*=Cu8yda{N-aJ#>RlYl4U||JD6WMSQJ5Rw`QdI{LA_tcyOBPd|F;MVd4(!wVH!K3 z^o_v&^>bVww1R%7OH4Dd|;7C6>N)x5FftL9XXDVju)+Zj9Rbyc-+iT6W#2nS(q7u^@*hdQ`@9F&y z4e1`&;}fYb?2tY^-xrTTKU_k&6~WXp$(w!f1qoH5qLomp#vO-|Z;)v(lO2M7D#{I010nVI zrqOfD=^B{J0!Er0hmz{7H>XEx^IbFePDCyQ1Qtu)YfKU23 zn(*cI52Ia}>rYfpF~Q`D7&MYozzoe_(l`_H1;8RNkDRG?$Zih!)i8mZjd;bh%5Vm- zA5>Or>khS*$FxiQC-+KCChldq?vwV|tgrpkmBQ23mfA*9Sg=rQsT1UrzwH#`{hC^m zTBj<1`0SosDm|Y^YT(b@TI=SZZ~jFzx*2M^T;LbsjbR4(?jbH z)(Lpr+0XfG>VavigNzfGcxYxsXml|NDwM(c(Dt}Fs zt1me<8F~5iUag9t@&0D#U1jV!iR(*S4*dC}y_MtQ#pLY;86-|%;YD}UkWr4s{?2BY zVl3iXU)AFH?0##rpOL!Hc02DnfC9CbLYjT1$(EHgEf#*bw77#xl5MHqj6po2UK`jV#eaI&WG`Hb@JSm$r~}XHwco`kSbk*O~p;*>1T} zj74UnR_&tErvv$*qk}+dD$*F(=o~yIdh@_t{O<0o@e+6!g{=*%VWno1uC5TMl2*?F zVmA@(8GvZY!DjYZwBC{^)PI}QtQT>9?NeC9_A<+5_it|)w3EcxYRzv&khfFNMQtJE z*%~*D2kFA$Pu0O252r8)k*|xS`btb!=zk*WXP(sJ%Na{3QW;Lay+b?L$tAqR2vE2C z8uY$lAUur6Z?t*1bf{u3ZF{J99i{N-!^7SQYE6hbl>rM^Hh`SOVVOz&ksC1^ia}}2 zF1YSBSpv$+lvOWAY(9`*O->^Kmsx4tOD}A_VTif^lxRxwa$=|h4`PyB0 z31kFAKC2e?NxKo~4NSJ{f2^xK7Yeh})(#aBPLqjE2XHE6$O{HHl=0zK^r?yIFg6K5 zOeOLFWzjl>sD012TTX2X9Z5otA|%yza~O0cK2@T3P3yHE1_!LOk2=je8;Iqq*Dtlg z9ocA*tOM^I`fP&pdM5#BjMGMdlx9PFLjU`XvEm4UU6=3_%Z7j&E`EbdzWq%P_Dj^t zjz-cQaz50v*c_hetTpwVgGPL<)RPv3VP!uZ*k;TCKT`k1L?+FCAYOFuoD`f{8^VgX ztaQ>G2I*w%i;h3f&YbJDpQV!*Dkf7{Y;dkUM*3N@#>5RQu#=4QM7~oBmu5sPCC@IGQn$UZ||adaS0Po(Z?Fpf0!gugeWaHt>D0 zt%7#u;eyv4JqAkp%>1XJgPUlKQT{ep|(C?k-(ekK~zP^99!wP>^MuC)5ZYVP)NAW z%%yZ=|8#kQ{{Ld{Exh8|vhCr7pdkc@5C|6B-7RQvcMI!X62mLiL}un=>CX8|tF?)%}Q!OJiJ9TzkJsd&Dzze;fY7=M%xi zo0r&h#P9U1tZJkLZz_}7>@LGbn)qy4SiW$aY_jvJ^0R%q(+XzT!C8uXB=R$s9w?Ts zNwUe4sA#L6FL`Bhxi7!S;Br5zllEckhZXF-rVvCU9RR}dSlqv%Ao7soWiV5+Y0kf; zDphU<%R342^aWm&k}E-mGfCbpw9_n9xJ`cRR92-O+JHMB#zhMAuw$8*7Tc}}Jl_VQ zZdlsQqK8_$>#$*FCuSaU4R-wEm2;ORjNFwBlfiUFcpqr!K)vl&`OINiJI-i4unROE zwBR1IIw5fSlH8Z_j=a=mvx{nhN~L|8EqJiNTY|_mE|zN6NM^M?SpQU>EnuGyUm^Ds zJiPKBA(*m(jOoWP=&sI)Exz0uqg?g7i!?Van!L!w=JXp=E|9WO7n{B0dXU&|^lfdL z*p8I@!IxQ~txa*y!_ZwGj>TXIvp^IMUtMc)yAo535a4c)NW1FOT;g-Wm1a7eLf$HP zY*pj#)2csOHR@CYmQ5GCBgoJM$@N9ba%+#kUopHpw4Q7%ZNIr^J-3@N8!a~Xur;oh zUS$VmQrj+C6})w))!kn=-xD;aG#TQf+a40MeXNH?wYD1AJ_X8S?N1+~!*>q^T0P-Y z$DE-TpfiAhiGD<}^l)h>R;D#Q;zer`a<{))f-{mfkaO#Fgo`S?G|-n=b?I}oxm|_- zr|@%0#NVCM7FLv4)CE;yu;>Kz8UBe)(`0Z8H1Ra~!@qC6#p{dr&b93mg&#Y#5|OqG(*Q_$gJyFObuLpaj?Hmj2^{6iYrJ6y1zlk3p}Ij`GMY^f%T zB*}RXTm~a!3s|3HuHGh%fWr^-3^IhdbK|^v1P(Y_?~)ifIZ++3X{-EZ^3J6VkU$gG zOh#B$fcliA_02{TB+t^G<(O89=j~k{&DW>{(4@(bv)MqL=Go4`<|I4RGZUa&fUKu$ z050vQLLaW~?B+p=@Zw3xt#;%3s-F!L^alb_rG5^QjlNlH8?MXa51F0SOtMf+-V&oN z?wo6@)&ZUJvjj?feaQAwt*>mvImUUdfqe$72&@JRlq$ z+=OCQF9K{Y$W+`sng8uU zZ|smo>B=_SZ7#D~JyFE>`Bb$WWoziA0T7+y(XNl0q$yHC5o<42b_|AON z$WWVDxi4cWA!Di4s{$lpmo(x%^=c5%%-y*Fe`s}r*zQ4XInzuo6|b)mjcH!~)w2$Kp+}TWHROBssn+%4)7-ASM=a_Lct!omprJw?Cb};9(=? zI+4TT?2Gr~Jn@Mt-FvhWSaDg%|2+`jX<<%J1~s`P)6sqzo3FHFIPA$Jc|azd z2_;5)BO>!nPISc9^5*~sTr6h)EAJ=wK!DuUZQ@_MH_@1!O#H#yV!Q?9z0ls?90dn! znEUMHV9tH^&7bm5W?CUr(_v`u?FufvoT zvtNF*aQ{GF6PkjfV#Rk6@%%HO@}KATe*-i+#CuWb9Qt2p_|sFx-)f})cgDXF8T`L- z1jJx9FaRSK<2=h|)M+>~cICg#?|;@JarsNGEav?h->Z-3jQ#;&Rp|FPJFKEjMX z33b=tZ}yz?9Uxcq#Jo0s_n*u9UyBkA{P`R&7jipl7EMv>amRJyV&K}-`yXo=EdvHB z`09R4*g0$h_peWLL%Qb8FkqI@X5KR;kN}FL)`W`vCenrEd{&m4xg`psa_w9H54-x; z7x*lc2fMMHc{MmN6`?{&fF%jQ;jsaml_{9tfqrs_tA0Y|y3IIFl&AZ*0L{vAt>eS~ zCofQCNJlH~FYn0#>J$5uzAnVSUQBE4boK?X^v_3{9|XP)A1>oSybWIdE=3NfaQ7`2 zOo@=^I~BNIT>@#?wtw8U^o|VP@{ywEPf71~qSIVDz3O4tcs2_qi^-}(FC*(SOJNScH*A1q6)`s0Zbh4`^J+jb<|x!xr%|V4 zG#kx~J%=!S7s2E7{Q?NQnHRo*IBl0=!jl=K#t2U&o1FKyN-ElunT`C&Q})7YK6kXD ze|MqHjEVKIJLIPQ>nR9e>@Z7N#}|VT!m{Qn$G7E>+3!tYdwH+$HIj*iZC#PfivoPD z_b(7o<3E3Xc58a`Q8JyY>f&f}`Iy&fh5*FrS4Ae1qL5jxC26VRCyqm}M}ds<2y}li zjc-q)OV;6blKKj*%hwq1^zZ$xOyN9G=EP#q5vo6#vltrbeIJL>ABKy##P6?75i>vl zavMuy?Fsm7`dFdWI(qNrIC;OQ+h*OMSCKhQpX>FAwI@-1{!yCjODwn z`d54R2y#@W0Mr(X>6|M5Hoax7Gr3v0I6h65aiN{T#FBi8YqzaBb*+I4Op1jL$n7~~ z1fjv}Fu2~w(>4BXq973{_PyIlPXT5qUb6-wc}q!19)oe5VTb^0DD~OzUL@|_{jEaL znKS#{jn%+JjH|<}$4Rqy&r3IcWH^<_dD-DoR?_=TcrAf zIBed=gBpLf$^Eakh{0-R8%WUVhQ?;gExu;*x*o@Ufje7tSrIJPYo*D0^@em$Mt>xY z{p@#ii?}4_4-`+yd<1XVhFJxmAGvQ0f0-E^W6p9AGU0g~%vLlcW9u;udg-GijUPvL z09|b7F$Et~Ove49)4_OYRx{KjTWmu7++F_p~V$=_llny|D264spg4C&;Dcjl|^r~Kr! zm}H2VA*KGq0Eu8=B<=Y`>*8X)j?K5P9)RS`O?C}PRIAOdSD401x0U|UWdd0aWkSrm6OcNU4$0sb9cj4DtNEh!u*bM3ibg>pq!{X7H+4 zx~!MYHQA&seLvQw9{U9~^cqIAo^P67$;E$O^(64Xv+jqp2QV@gJZRokowh$3ya4S@ z79}IeFW`09wo8c<8wPYq=Pna+^Ga z-0S3pJU2gzM%&XdKF~>!*=UAfzRf2XC8XYFazgin4p8AO(x1;Bbwy`P1MN(qXG=A1 z)fP)Abi|*9B9P2)WlvoFP7NorAFNhNmbM@6Q2VQlGKU)?KrE8w>D+DfcffD4}Aj`7{S&%l3NCYv2;i9!|7 zm{{P22s-UN9cCctV9jFoNx**S4kFbM>L?F=D}C77v(n65-;HJU_?F!=rX=G?k7rCEyLRWt*T&AgL%zX?r)QF*in<#HtQU<{(jaWNs zO(tjX+LuGZj13GvXxATwsSYPF9VgNz74Q>uJ`B%?qp`Awq zT#`2|u_*LR9mO5%BU&fhVqOer-CcvK~(2D%r0jfcKx;s zwV^mc<-_(T+d_ni_kM(;ZFC$OXCkhc@w+6Zg4Bu;NsJk|7DO7)o}+!FhUtB(x<0?o z2h%TBGU3QHIxUV57zHOX{cga!KebKE{<+>pOYzS2`Ba;-*-Mo1(6s9HG&?_q#j@Lb z$AeS`)a}gHJM*<~Keis1L~JJ8-f~zAh3||RMcc7n6`toXzU5R;6Msbn=Iaf<=hL}d zhZu+yDhInlkNCa3^GA&U9w?b?-a}wlq3iC?B!EQ=UO+po^eJH6GkHZKf$V6zdZf)+ z%p%GMPJ-q zn?!dgv;FG(V5xkdMsL27E?8$sw&dyiP^QH}kkQ2m7dO8V8sh8A2O$jzgDoib<*XN$8sas}xx#j|oe7Wz)}+;Mec6S626; zPG?3AxH-4swb~35i))M)DaaLuq#0H(_vDiq^`oZL6me+P@9P2x&LQdtet7IbJB%9r z>7>Xs>+O#U=E7UgencCYs0yB{o(Q-~Bn#zU>LTMxj;PsfnZ0N-goY#bDeH zaHm;Z*bgvwi|%iC^7)$b{5cvhdw)JYl0DzdvY~K9Ao8i(eK{r(4f{+fRVaxLG*8P~ z9aD5U5YcMQMxv}uNvM<>Q&cty#)#seAW>e7qDK7O5&VI8KU^A6)}~G28&qjL(T_&jPZr3VHJ<Iw-p$2 zZVJ9<7DA0n z5jx!vBmP9etjvZ0GaySWm7uxMeDWFk=2)GNkTPmEFyMF=;C#!J|565W*@}yh0C|q z$=80h9zz`atLl)wf@!23w0yv_3giWE1NcRplz)6_iYZ;VYN7j7uG5wvK&>e3fz4q) zr4pEy*pdeFA#4h%Vo6=mn)$Dl7EwZXI zsYbb8l}um_wxZpA-hkyp0fCa+Q)Wgn5osni{V8>Lgh8##;_K~!Ie-YGRR<*^@0K#3 z3Bz_?S4Jh^%G(crrd4Dp#!hs3uyBcQnHUnt+hC)18(znPv0vwq%b0*$XhW#WFqO{1 zy$em0)!ysVb`@O;BzHIB*g`;UTAu?x|$z% zJG{3vW+%dJwU{IKuo|GaDVU|?DvepJ#q=I7Sp3R7Qj2it&#UA2D=}(_{WY?PsRLeY z>mX2z_qgXvG<(P4==5ajj(5$l{%#~OKLxMikR7f{i^xdxLIRL+=~bI?PlN}2%u6%Y z`9OwoUWx%!0~OR+oq;b4FU!jrEG=)y4L`~g?W%Syr6~cqL@8kG9;a-j8XqVX z1|6S4Kvo|jsQUdfCDv($unz$tG|5{CwQd&TLSo4)@<9>cY4 z!+;oIovQRctgXLrbaYfY(ET1U2W+0jMczj%HR>b!?G71a!TB1C9A)n#Mam*>ihniQ z9y&&(HdvOxnxixKY`y6%D@qG(}Z=}9MxrxPL&?^>|qc-lnRWoAcyu!kX zPal&sxI-mW9QinE-nA-axWI9N<#RR6&n(-m3Hfy-^zzdOr;jhJw3a8M&LANf%IPQu z@BeB`e}#@~9r}6e69K2Ga~?@rTKfnt6+YS0 zVaMZx`PqqIp(E*Bq%RQukVjea8w>n(Gxy_LIqzciSEic7a9>K&)x9Ka-n`;ZPux z`Ei3AKWo{|VH$V5^U0ESFljvSMbh@&b#C~m7I#;Xnp|foVDZED@xChwU1L&l)Hq5RfPrn@#L3t#@|%=ZT7~8(B4*mpyZKXI1)RL zZpra^aXyhR@qx{H6S-;gG3c;N)?yBKW-7mPv9h!G5Z6TL8SLL2h7`UpkVuK`-t4xB zOq?dny(o@rYh#cx{{FJ0Fm2YZ^VRREB?}RPuX&Zu$t>OCLWWgpN-8H+-UU!8tx7i1 zQ`5{8AT{;^2HS4V-`-9ai_zNcR^i%g@|J4Uxbj~f2?~Wq#$7i!=D);3L;HArd~o)q zO=J>U3`|WnprO-qKw&Yj+`YKhbOWW)WztjYYWC%otxnFFzW@;CFSs4%v{1AkPEgkuTecbq`uO;~ zPrN)opJcS!oTvyf5eI5So49r(DRk{3zT|3hcbjh56Rryvn$AGUC(-Oo{k24iF#gyr zE4Y~Kmc57XeT$wEo$=P-1H$W)xF`Y}VzW`V>kDT$zk^87Vh84Q|M5@!*Z5u!7HAJ% zQRbhPt+(*8#HHn1c1-jw^=L3v9XZq&4{+*K3{3T*feHt=@&o>2!+1wF=Ii6LQx6qp zDpbjMs`k}Pt_@TOf3e&BkB5V0#uS9fMKmWh)iF5EdnKLW=^z9P6Ot;vE=Gd(%wH63 zuF`?^XsJ$O8q0x(iYdhR?G>x40s1J9*VP;CSIEfI6%Cb@Yw5|Z1bSE0t-ePhn|)E^ z;XY8|0k#_Bd3~w=;eJ9#Gx-b!gHI;v`GX1S51}><-fEFH%C(mwbK&;u8$HhVHaEEXPPY9vF^6LCPxePYK^pCxr6iV1xGSV4IMm8ERR4bDGJfY z`bA?vv|OluazfQ1_<5#OTVAn8W?!)7ZE&>@n5QdfZ{{rW1;C~rt z1fuRZ(*16)_@HLIilN8F5U&F|Yjik=_gTI}*v@FO>61IVzK%|KQnq?;7m$MY_U&6M zyfSN@$+fjlJT6*&-+h<09I)9v7i%Dd(CS9Vy-t(^b+S)jEfVB?J#J*|I#y*vFoKr_ z&o*1`ejuI2>FKOW;JL|FVVsyvd}Yn5+F0=*q*h9v9s>U}s>BzK6|)0h?8D!fPe=?a zX8RX+r2el)9&gI{h4frEux zcesnvjRl*H?ZFbF%FDmy@eU{^S(h-AnGQ_7yl~GJ{_>U$d!WPyE*PcNZ8gw#Wx|8b z@|IoSvo#M0{S8idGa9l&RO2Mh=1wt#WXb36TfMGTv`GssNd$=mJo8rD*Q3sMMoRSg z95!J2JvPAlQC7Xf!wE@rT0*a1Ulq@RN3<;_wx}&veyn7^#IjdA2TUukY_UEb(cTba z|LOw7O6I}LK4f4s(in13(j#a#rsyFh7Gg7A8mdOtTeLL?aQJh4b=Zs5bBF0N!&-gI zhLCCe^sBWGy3LU8nq8OSN0)CEJU&b9E*tiQi6>lV$F@gNprWFZ7uqgVtCl6Vb6y@y zE1sYFOc!e^>l-fxNP4booVl+wI;lU*$#!K;V9{SJVkHi7dl0Ycv~k$pmej5@_#ka^Z(mD_+AWCnUm$ zlc1lV7=Nr-an5-KZnF4j+`8}$-t_P0REXFV=GSlp2zf>vjY+bP)HGnL^|%EUMQ2kk znwwKi#p|9WWwxeo6wY_9Wj-EUHzZ~=Xljbi_AW3uKey7JuQg)u)$j163X{wGhH8Ma zc)D2i>&$&?7(6PTIH^!r4Etk)qDqhxLAgd_TolkT^MKPjCy72)`788N^e&z4kIFp8pZrn~7V)Ttb5Jd~73W?bg}T&+~Y|5aC+_>sI}@=!9Z zwAb}J1*1Z>n%6*tnaqDWN)`R1&?ZcQ(_q86&T~B{zt-fywaN2Vc*>BOAv}0LtQ|+W zi-NvC>s<7a*#@4Qmp9&BE9%aM&1Lr@{|xPDyrco+JB!I+UW-b8)d#`X-vHp_VDX{a z$!ww8g!dM@54+ln(oRfEo557Xh-G5RcYOz-Rr_4qBWV($U;PQ>)Jr{Tz|aY7Zk?mi zjOOXHYaeKlMdaIQ^W}EG$?ns3#i5xa6~XN}dX4WI@9@j2x6~gFYsPAOxC(5v8u9@2 zjaq(MBshvnUIShI1(%t{$I4^7MW^3rOafcrFiV zld9FilU;DPAX_RXA&_vnNvSXDXle+%noihMag>tU)W}HW?&^>Xy^!tv$~V8e8sO1X z#@uo+R@U=VgE4!f^K-;pe7?J#2)yI>jA(M+7m`gAAG^Ml48@qLIJq{qN|QcX7?n#- z9-s3KA-;t~SU@*kJaUEvPEM*6xYBF2UlBPvx~eRab(e%R8D3r8?#9atD4s8; zYL)5~Vc0CUd^o|Qwh5IqU(eEv$b>e_?W)pl-o~|y9X#sF{suy>jQMMas8plvH4YcbGY2wyQ3f~?Ts^Q(q!5>>u=mN=`KSe%+=1aaV zRv%{3yb2coJHww~@OLI5$?m0GlWHbls-}V!^-B2ZXGkg~H@BC+L)lQD{R5?R+S^*c z{lr&Nu*^+8EttI)d`j=q*x1?GsX-i4rZ#-=^%i1*gPtQNRoc8JO?iT#AXX4DRd2mS z_<^}0qz;Lk$zfLd>=#NlBdu}v#MRDtu~lDQwUfA|E`>+5q{2roo3<^9lF=5m_V7@8 zC#4@clACo{HlJFA@wIi@8w9V~@@D-F*s818LDjeu!G>)g3=+nN1K^@i^ChTPqdC)0 zPJt4Sv6&fuZbMphH0tv9uL|G8ALePaxZ7h{SuDmM+g6hUI9h!-gD`ZZeW67HcBa;O z-HY-qq+-UhmQHSNkYCN$iR#&9W%S!__8|_qfKYC|vMQMh6%y3qeq8%_A{r6+UJV`& z&SCL-cb?Ua+!}{QBc%I|o#OoRQuRx5fK}uk`5SIuH_iLH0Z=@@Oh*3{+v#(PFDor1 z>bSUZI&mBvGsanCnRm&WtMuryQjEBB>5YnhqGQYdtUgS#^48VE^@SD`8T_ z!%S+KCQO%RQLVWBSk0xvNmvS!=GwI-3L8Uveb zI7rVo+xhkse=we%AA7y3Aa8_kP4-xTM1>|xEW!}%D#Pb39Irb}Q2itRk#D!GZ@kVh zi42qV!~?bj;h6l)_?r&MB~x}`&hV~v*#(tiFJ2?EGfAa67(wc6MlV$_)CoG>PIR=N7&T z&xZY^$;x9oe}z|w=(RgYNfFAJJ7#8gba~{hGpm)*>vPvSlF4B z9gV|eZOexIi%`6lJ@iwnR>Pxeevzu>e}=oPFdE6pA7zz4GYP|m$RF^lWXftLaZKhT zM^Eyer)r}mzPk<)7M(X3%9u{5)&>{g(j8kIOa-w$)_brnbUJNxV_lwrMfO_5H+C4Q|HX=N<0 zzjtY3Y0aI zdPcNTMKAjZcfH;Ic1rJ9?1B;H+EX-pLF5%8sl7~NruxNHX9Xl{Ca9WYvJHc0p`FE- zK#o(j|Jtj&F8x3p!48hF12DC0@R(;w^nT!Z>`o73W+jc2~ zIc`2DF5fh^;?8jxNSU)fx5KTnt8^MhP&X1@Z;xm9qySwSNC(%|Wn*{@Cl*4NY1|h4 zSU;0(S!~1XNZn(Mvllx+xoshVXXTg`Vo1SFzlL;Fep0-c23?6pI*EJXZzo<~hC!s> z94j!eYMQZ(du`f$-<5z6@+oAxJ!rCFCbg=2QdRIeO*&6yw_wZKndL(1xd#aCsoMS8 z>T^jB`1eBHsE&wIk}dB~Q_|;^>ouuqf!j@Lzne@Aq&F9Ua3xmy@s>lKs0`#Ceb8kv zQm1|_$h;G=;AO6l?do_9Sq(|qlBNYQzUb*5&VuUz*DR|vmI-btX7YAQLTT&U+-&30 ztqe&`{kkIb;C4lMPjPge53$P*Y$U{vhBx_Ea&O<eMh`!N@&rHatjc7_H|Ttk zEZ@2tLbW|TVIKzg>PG(7@S>N$qrFi&`b&Zv*qw1q@Jz}Te_-a9G`t~yv2iwc#>$nT z5((XBAs8h0){6;b5Rh@Od2F~38oYD+ehPa`I)dFW0Q$N!l9{^Z00fJaikBM;ijCFz zk^)SB6L|qXy9_pNw2ZnAL#W+|_}h?0U1A_n6_KUMWHNg6aG@~R_x)Hu2X!t;P2DQo zN1#r2931EN%OC(@{+s8#5jIQyMqsc%nN8RY1)=T3)8#i#I)*Tm?aHi;x~m(LN{m-0 zP3_soe*DT`lB`#~y0Wy!oN^b(Rtt}m^v?)=8?+#SG=#BEuRUl9q-0twFIZYL1m%aepJ>+{^x1v>(er9=2?G_F?*%oUSZ^zAIb8B;uO? ztLmJhCM99;>iJDTU@i4fwR{zQvdU!c6I zpj1_eW_VY5Z|^Wj%oLqE-;b0f?5KIKB5AorL?h1|UvD;zA4}}>j7(J7)H%|t=xcXr zDh=vI!>BY2p?uqzS2G>mo66_+i9dUlRu=WIz2Xe39##Tk6B45l(@Ny-e)iL6h7};5 z0_2?9_L-_{ z^*?kDhh;d72gXdpVrWukn{2Xnv1sX*(U%>iEPU@V%rb?u&hg^0Tr}2VXoqW*bp<;K z@)k~$it2jNe9__ZBHHin5uoezl%*A7M?N@v^Vp;ck>zo$v88F`TQ1<5?C<44eLo;i zl{4Rn(4_OV`tkN;bc?fun4Kz9ar+n62c=HGwv>Gtc}m_QpQkQ8cSTu8TuYeg{MgsU z8J+cb2`M)rt(1Odj2|o{0_swgGYj`IwYOC=7 zQ6E-1@;krwP~k_Cv@&NYU*&#v@P#3k|C|i6m&P4f=&JY*72U80z6P?^g(SDdTl4Jp zyp3$QD5SeU(^xiSAO(NaQMpg(jE!N_zAWyVjl=XzdsmM;d?AoR<+!C7ldiouA+Xhb z^;oyF@g>5@>j%axEr!icgeRvn`&)z7#Zi|zj5ew_hBmD-KJJIyrOsd0g;yBvpg93@ zZxW7x6=0l}ondmSRO(40?a4MSd79bX$IgJ6ts>)Fu@OrUU$^~hWI~YJbn)r@Jv!|+ zmyfy#B(iiG4=U#Rz?Em+x))uv(Jeu?!So6iL%L&hG|5t>LOfqOQOX*#@b57&Aej!O zc*e{+zB}P7hQ81(nld3X6k9~!$Hq>VJ3YM+R@72I%F?BMDJ2}!YeH(fz45D(9HnKh zTY7Z*yv%$uyp^Dbx7><6V{LO#@2eqcd8i8=BZ=;$az(KnTsH4v<6NyVMV)T3mi3`pTV9I;W|g@dk`@BQ09x z?^09rvvGk3jF&q`6(#VhsCO3*3H33_Ey~%uxlXahV$$Pz=c8-A`>rpj@o8@K6 zMFxv_-*q*kXu!P}UaZz4JNSOZcSi(`oAMq(OX|0@M#zb!)6*@qPsS(1L(wjM8jE1r z?Q7!fxSrIS;3ADIEluk8Ua#@B23mHUuQ?^i9mA5#Qrv?%($1$U-|YNdCiTBiGx0Q9 zNQ{h+l(LjrS_oIjh+5|Y|Q2(4yl@{alk{mbTl&HjWk^j_wOi-JdJ=!E6|3xyLc1X;TAxW=vWwX&AB}zy;anelaPA+@MlC5|ns=ya4z`}qUj1_*{|2yC!uJno49c$`&u$MTB^C}t)Xd`5 zEKHBOvx6Q4wmiC&?#=1yM)l3TO=d}z)Md7irlW`zw+Xp{#bXTG&!{rGDvYibAMDiX# z3Krwk8mm1Pw?cd9sb2((Co<(UL$~uUah*vt#qRGK4P2qVb-XBA5J?*@&KzAF<*WMI zJU?#Sf-Q+so?GTRS~Ia_uIR1%_Z7Q8kDk#$4_*{+S$}Bw?l&Qi-hg35x@20nMevO; zDxcE(qoewY@1t5v5=S_ML-}69`ZVtlBvUAhrzE9oYf*~l)Dme^qV*%9b}x?cq4r1ojD7!7)yV2&RHRL=AaXT^ zsU|E0fzi4B-K}ho+1VZR?qF%kwGBV`{<1)EQSaw2m^(++YOMXmZ8vb+W%oQjCgl0u z7G3i0(v+>GgjMYS|LJ`W5CiJpU+FP%@STYN!^_-F=l)|#B!IPuOKMHI&MoAzn% z-|lr6`PS9!w?2{Gg9EteGZ)imF6)&qoy=tA3yu+DwwSQSCdS^ePNbM}t5D6q^Km*5 z2??8{$|=G*Q&r`-(HdV)8syR_ymHgIR2H6}RL|bp#+7Qf_Q;kBL!>4xac7be^!=o$ zT&fC^A-hHGk!ytg34jhNE8}0l4K<2{-V+trbiJ7lC?N?aimFUEVf(t&X)>gbv&f9| zkNDBD!uwKQKq+vhW;OuwoM2Q%RD>HRTEA@suK1|eo=A+#_%Mu+CyHffK3GrDdzj3w z2=S*OhU3i7MWscFsUi+|O`_FPjzj$^*H_61QvZh#MpCRX_ ztg7uGu|B==75t{;XGt#M+UBMb`X=U;0YJbqbfhtH)J zZIZR)$@V9#o=nyAFe;W2fd8kk^|wD`v=H-9O!fo>W55aT7) z5f=mcir;dnqTQEi#d_sM&B!)i6_A7-Eh9p5e!a{%|6)SdgI6F`Md*@|j*d?6M8<{~ z181^_RRc*h4uL8A>Wf$x(DImOt0crhQTB{`)4-)_L6GZIx6xQ_x-p5$dK>O(#usjm!Y7WlyzfKbSm1w_tatyC~uF zw@K3f@T1(b00Lc`{6dkrJ_TKOo)Np*vIh}1RH>=0-i;84mKC2pEM-5i<~s&O@taq$ zq=>J!epO>EsC7<+T_1f#iaH@nfuZ{wwB=tAjL-t;=v| z+}u!s;v#7y0NXQGBolF?ydwIy51*iTZgp_DwQDYKGUO}X=t#mYyudg32Kzt0Ukfi_ z^liLdY>Qt)KpWZASLfoWZ!azN9VF%W72JR2p>$Q6$yOF9Umz>8f|{@hUVX& z>dgns$H%ufnsMiRwFF0_SBf}YuDiL3$0z>sKP$PP*q(=g#B-rs$fVwn)Ms4=8T9BZf$re)@zKFzn7{!20h?%~OTZZa5}I zMs{*H2T#9GRhTgZAgdYM zJYOHL5~q>A(HENt|H7C2qZ2zKK<9^i9Q>DQ~wDY@eSH1 zo4D>F7Qm?0VwDC%K2w`G6N2DTKH>bn{0(CJ$9u8F_mgwD6dUF*)BYG_DKS4ENMo1{ z`V+SB6BwwekDn~Do{K25vav6Lcn%RdbA znh`1SY=EN;;){P>$p1cweAX=!2@9r{>!4(ccx)II@$vrJsnjC43)oG^-TSre%Q$Om z$F}x&hVp;(ene!?8z~a3MEL`oQhTp=WU)BkPz+hQ%22G(We9vS$5QJ)0gbPzL@XDSzP#>pE&ez$|FT8)+{fq`OUnBJEQD0Q+|&;K;@e^|D_qJGB5Dme50 z$v@g_gj-*$+c0k~jL=nuG@ARNdK)eM)Ho+jbNoM;=br-q2+|mPPK?}CfG_j$EzAcJ zbY`PQ?sm>5rikpr47@j0ZIw3g#Y!E*N2P9;*0q;mL^kWuPIAlg&Fa(El9TAQFn}BT zfzCuh3Eqh;N|fCt2HJfN%+4lT&J;??Y7Dcn2@3ixR5_v6S&xgBJ>IRNV7E@5HRlhQxwukZ;@D5v&6g@dD>3q~r6Z#bi3|5mHKVKtfUq{Yy0iriTz=9NLw(&aj3D%cD@Ej@9xz=j197fhPo~90VwkwvG8zGN(#Qt=dq?o%PzNQMcqSN&1LBc1R4bx_h5mgUF5L6@x z*sTA1^*P5h8Ce4WCdmHt3}_0Jay4IH9VXz{C(7bpaXr zmeK^-2+21ZRn*F6dnKHO>S;~B^Zq(I&ITIq-ksN|8>gIgV=)d?83ifZ@@kU{OUcQ) zp`un-4~i;-N7Pn=+vVSmbQ+nG@9UbLbi<5}^Ru2TJE`8qd#75>51pT%nG~L&t`;(Vqr#6zyZV=?~5bJ+Uw|Md8Ch#jn~94s17 zD@eask3ZIb3#Z49_|*&aLWzWon0xZ#Z##G-2aaMF=s7(OKVy-8syAfB`M`dl%3i_| z4k!_X-jaQi5s*2R!J6zGp}^|m$6@V}uJUPCgUU}AC#tYsYYt=iGX%T1Iy!lQXI$1C zNsYr=e|Z*x8?CMTdoD@%0rF#0O(m5uI0axwSn_Ju??Px~MX^bgg@>-f5xZ#gG9g^n zRz6p*z}@;@qY!Z?-9J3+9q8#M2Ae0*X}SyYFgwkbKNLT_op#Q)oR)jvCY4B+z0)gq z^YwUX8Y!(>xP>mCzl$%ER3NC@&8#5GhSU<%%X~-ae1b@J>S5==7P^#;5mo=`xf!;& z>q11M^XUXOyXycyRC7-ru;A}V%BtUWd~*L*#_5e*)GMh$dY}bp00x?(VgUasX@n)l7d1zTFpG8bjEvRH8qpRk5;oRg zzeJ`o!#H_m*3%|7ER?!Smc*r0C3QX`R&7n{XmL%(Y?B@i`+h*2k(AD6kRTudj*oxQ z$nPV*A?vX%}IYAh+6^$sAp4wXH?`r581>6gzxT_k9Ox@mh z%iVc5RerD5gOUKU3ljBSh8$al*I#KV^okkvS`@OfB<{hTM~`-&h-l6=CF@%0uc?99 zwBBY_>;(c!f#jwi`68l&3U&wX|Fv1aLHnFy@$5xS(N`hQ83yD<(~zn81NpCovyP}u zznB!th=6!Wk{gIOg%&87HXt9QYOzpdjxb%iY&kFb(YhzJ{HhU9n2GPOato z`Z`TO2~MW!xtw$5SOKFKuoYu>s;Yf&+7<0g=PsSTvYNG{LH#%oiZ?AREUePMAdYh2 zm`P>`*yylSjBI%yeQ$Tu1a()^UIRzAOV7H;u?x>mncRgYXL zL``OWK|yxA7Tle}0|a*{Gz52d4esvl?u7(D zA8YOIf9=0}_1@?1T%3#KsZ^!Dnlk2)caHH6tal|?EDQ0~KcO5evbWcMoB(PNftXk~ zVLi??5leYn{Pi7C@uwESlV%!UW8uL|9|o)}GIwJ!_A}3SF^kavtiqvHV<9CNYjno@ z4$yOQ;S~~B$RA3(m2*e(wPS!nMb!f&%%C(zi2lb!4b!`1-KE~~@#q}8yy>ce8{w%|&<+E=c2mknZ4C4g1q6gf`x)K0C=x&{R=s>G-9D<@Vi$IQf8TevMTfY4 zpOB=!MR&FP&R!p72r!8GWtA9o@#+WUoVlUOx1`Xy{xxwA4el;1aN??BE##pkWv3S| zzZl~ZM<;Se_DV6HsD0F~=qx3;7EF!_3&LfG@oyXc^NG!Swl;C_@yZlF=i!*|xEhH8 z=e950hR)rsO4Y6!;#Hy{rPYK z8mGMNtpij4+5B%&0OcXTcvzMCm{O_mJqG9ynyp$mqXf0H`z42NXXYLHi1=9({_GPE zZcjZu;LAv^crC;f*bWaj-=XA3#G<40{`kQuRX2F@nX!->;H8<&)8~7xhG7US)9HlH zGe*|VRSx7ZEBBZi`Fa=5$L75JWlA2+pv%2VY74Q-WJPF;A_*wI#vMK3!I;0|Mv5j) zGuxP)w*ac^-!ggaa%vPugC>iW{eZm9uJj4BRR0`c!0%KeNOE(hk^gh(!a(kij?ykj z90e1OKgAbYqFXFXswK$&Y`ckZIjs;M&IjcCf`!r9-q@Q{9w2A3G3b91y&teN!84L> z#{zkH?0uV&uGr9yNxIGs3XaJc%u2>rb0*!%7>rq9m=5R~nDFDHtuz`auye!3d{;US zkRAYb*RbxBYryTzoj4L6UVh{+VWz+V5YTeZ9W?)OzQ>%1$n9oa3!%g~$0fJ_1H zO7P(EjX`iRDT04OsdhF7-IFSbo;WfQer_bqrRa<5+L>=HaYiE2BM5<+h~NsH{jcr$ z`Zu%NqIscx5S8}PemEfR`FBNNf46B-JZp}Dq}W=&h*523wc!p`%iz% zM@39fcx|AX}6h^E^85bH0_@ajvF{|p}dIXxP&9~N^X zyNC5iG&Np_*nfEd@fL!AU|^xSa6O0re?ww`5Z+tt#g`m0XyrfLL7#VIk#q@fFc{VR zYpj;yzJS`o|9V}g6yH{3**L|Xp^f)1cT$36FPN3dd;re`c&K3T+dQ4dSFkWJv_i_u z{ege|Q2++p%;u=aj5Qbj7w`i6EwDopFCqUmA*mmZ2gX2MupFz&P%b*vaAaVhN$?dM z&;LP#fFuuoXuD#n84p(DVdWWbJNkb?SbXwe#=rUdw?9zOV!X$bUF{v4D6qIR!w4<$ z^L_puR3fPV4kw;r^f>*)IR-Y-M@6D-{sRy9hxwSz-j84BR9s$+8U5vRC{!1D7@3s` z&oaFKdY385n|IJ`wyb4rOA+-i+wd<@CJ@!W6-=C~a@A(0{clhFJ7->XiV${?+|_3+(}Qb zTMxeOlz?uV<8F$`-|SvDe_F0QA&#THL73aF7_;_D0K=gWjrHpFh?c9qri2xf)sN0-Z`+*Vc2&^qH31Xs@TraJ#u#a&RJ;Q{L)! z!#Oq46=?sN#AD6OZl$5uDlquZZT=50vfe*~hyz6KoW!dqM0xQk_yp9-l+u?OydN3$ z+$Lg8D*-<@cAH*9_&MY{GY~JR01%(dmv9l$`S~srFEsAluo31d%WqG8s}A3OPtI+M)lG%lBX76%0lb93Ffp z5 z-5-Ea%Q$hn{sEvpv}+SRJ%O-N>az~8RLVaF27{bOdIbt9l@{^Zoi2nU7D}+g>!Q;NW1MUG@l#vz3&3%Al*<2oV2Qsy!?B1yJyr%(#A~0o z?2qp$l5Tc*F)q zTYdyc(G?2qcZOvl+@Zw@fR9r%Oju1F|5t1EfB*152DHrTv%5d+e*D4-4jLB<4Xvy4 ze5!DUd`*wtTKeE{ZjOhwnfB`U8M@n$zF|jud+g2@;OqAF_4yR2l(bFU)28RVdyR~& z_9d_Onr^N3vxCfvwO^65Rp|_(WCY+Ebqu*#anp=tc{eO`0e}0tp z`uQ6A&qI~Qs5@FTht#{WqGvf2MFw}de}iE(lq5<&Q=%%n)fKy#IPsV$_-22~_}4k< z8$5n7ORQh#I~gx8=}$IOlAMnhRo6^fZyJ(4n>jYt_9TIRpfe{UW6T0?cJJuH;PuvT z-SB@J{C_$r|L%o^B=nxJuyBWR#miaeeM+0nT~l`N{V7`VIl)dkWnQ{xa*b(Yroedi zt;NJ>J>|*-#^x!z8Vk*-f+L=*QRAy_Z6@arH@7!YM%|&bJvnOp`;*ChLZWShv3)H2 zl+S|fu?Z8sfqxxE)^+*}?bGp0hGPeap5nPUOk)NED~>s{;r@t5u z%zwiE0t5U*Qsl)>N7fp)9-WO)NCaw4t24CbIy?k7X2$U9aPG@d=4NN;NQJ12XSX`? z!v9Jz7=c4`lE8U&MF{_nQI}j!e(-t}_7M6%n(#lRiWmVtkz5GxD>Mv0HMCsHUBw!f zqd*>i2J5q;K4nIIF1IJ&VxB3Nd(s{e1uY=oip5V#M#?hjLgg%K^+T zKg1)JsNHKUHaB+#A8tLQ_qYXYzR1plx^BGbSw1O!L@BU!M;1vwN6Er%NJcad%y4!1R`|Th7akS?<_75Kh$OuC`na2@#Rh>*+;*%3QFFY*-A;TV<+g??x_rlxf)WGgDwT!;484Fi z;Zv|^Bdol9C6QYl)$8*l!YDM>fp7^IP#Z~hYcu`09#ifa>(@;kA z>SRWimhzRpjof6j**AD>(OS;c#LU;23V~Wr9>xeqvast)ftw!lsqX+YM2hjqy$(B= zMC8@}gQGJh`9m*sE3MXm|JpbL{vI{qSc&pw2B5j&jLIy#-5(|L5w|Am^cy|M(N;&3047A*65#j z^NSGI;m>e|m>xZn^F*}wa6F#?G*ReYl~JPE7=>($4e%4=Dn7VXKS!9jHwRq(7IEJx zWwDF=mOej#u0<9@ug}D&Zk!ptP+J}wV^zx;(c-yVCj=Y z)E^t=wzqNe)_1mc15a8=qz6K!1dk@3sAx6Xq7bndK2~@ERiFi*vfl#NCI0cY$ulKO ztCq0&BhGqwTduA^Q{E(2YlPNIaGKa_JfM5$+-Sp_WK&4|(dO}*7Www~d4|JJLk&2}j(`j`0 zk$b4g2I|I-E)U8zpAdVKzo4Ea^sI3LJVo2e)}LcjF;dVDYHaM($MxPF6((LdJqD3JG%5B(e3M@10O zepQbAp$Amzk(^|jh$AMmZbU$xbfdq}oYGdsgDbmH``Q~)D)9PU# zKXI=61MVy0{=p;X9NekGJkL(&Bgp=xc@n1=v(DoQuBLI7$|bGp`<@wTX=+~H(9-0S ziE9v?Vt#a&X7Ayz8FiD{N*4e5YRj&><(@k}DRx&qpwwLDZlTPS?r6a)aet;*G+P?f z4-Ii_5%Uz9Dp1=tV3tqU&5(ckH8|_*iN{X*Yo>bag#j#}O}d;x)IlZp&Z-Y9PPVRs zfTxtF*zsyILx)ZZAd6GHHlYCxN4bA2pB-MQ7)s=q;vVXpxG%-IE+Q^hoK% z1U&B8Em!Kbvi+m%SdE92uj4vAaRogeAIq0B86M1yLLCo}AUL4(qD!PdEV2Y5bT1hE z?j4|r|MU#Vy#-xdxKg>@g{Jb93&ld&m(uu*ppI}|U0M_t{8nHJw+`NW2iMp0WlJjO zOmqZB#3qCU`PEvjWG6R0%t3YvLQ6}DRt$M5TEo4=(D~*b>;38JH$X774q$tG=@k zf0iI-PeXZgS2}d}`*)sZj05F+;iPjvQvt{3Dw{JsHn%~T+mn6O^R>XK^YICy2@{%f zR;`*M4_TMwSN1Td_2Ind^6d9hcmmxBlvg;3AJPDrOrALzXYG!|!8F0tN7QT0k_gd3j7F!U zoOu&!q!+L$sZ;k>!%(Gj0G;7fgD-6AZ=#u;(GB0C}Oh@Ap{H?IBL!jFbGS zV{r`;P>)d$pVbY?V4evC?$#xmiZ*!@D9nvp7(I)0&$TbFKYbfdysM1m-;ogC_~13* zWN=Hp#kK(4wuXQUrRx~Ii+wn9w ziK+I~M}#JV_L+3yzelYDNr1dfwgVm5lqB^w-%z>My`T8RPPgYykA-(1A#e}-C;Au^ z=S_uVBxLP7>4bMBB@@~g_HFUU_nGbMm8;;%kGB_;#V> z>OWL;)11oJYRpN(^`w}Y-SU~KUAf2tdKW1Sr%dnDdz=|hHJRve!`RFaHt+40$I!y1 z=%-h?K1xfNa|cEjTQXcp>2$WAxOw(o6S3#%CC^t`iKWh=s}rt=T>frA5x8&6CG?n^ zYkp(N;WQ}WxzPI7a^0gq+2mf*Xl}xOKlUtTgeDf3-7>STzoVk8Oo1W@lTj@cD6uMd ze60DpB#Dro#OX85C?kLjogT-K-=rR20axZ>s427EwYe>;m8<6QLXV3mX9?JNfzk>i z=?QdBPJR@A)*P;WZ|^Y}rHz|W8=JR%?JNdjm(IG=35@ELN{G<)SVR{F0swyzu`A7w zYm}ENmun($h34VhkQ?01l}iu4x`1Y8FI8P`yCI5!=mlmZcb?$f@I)7U2F)7b@2M5< z+r71OrwcU0_};Mg7f94N)E`^-&+s)W<|13Fw30V;6M8}oCz=n{mBdvMuv<-f_sk@e zsz2mQhFoo4UC_9mBYB>`(9wMrax^b~UMt{os?f~EVLor@$VUl^F=w>5x5wpmfYIB* zmUFFJ3$KCr|*llkfRNmcx0i%FV*)NB*YI}#L>^3?*6pW;rqX9{da zaYs;YQpiBDkO~cp9qa0-)-ODaQdUMHJY9_2!JwY&>VTX0oxxi_H!p$6Op&FmvDViU zf#5iZmc?~m`P5vwed&3pd@ra%pNJU+nnv_lB`F6_1vcmffr<8`ZeHAFqch3IM&c-6 zvqiD;@}?rLK+CdHN@@I2I@3w$x$XA)T+JDvzq=gh9**4}%_4mrtl{*~O^^I$I{pRICoG%Jl&mFrDI z2gp(8ftWeg=ELuv$AUcgZ_zJlE8{Q#ctoVwey!GYOCOAMEh`-O-NqSkZ>nYeW&7|x zRfNFR*jM(X@ zi{RYYOE2&*Ws?>>*Vk>jNbgUj$;jv=kH~Q`^!!@Sl5Gu$^${ckf1~a_@A}Dif1W@e zK_zqv%N>!9Gi!Z$=^^r-jVFy+RyKsCm8w20vpD|}EHuR;(m-X5n3QBvySG z%T?a}O5+jb8QSG8!~i^6@}zzwbbbkF@NY)=gNp@6#mHdHSH{Hrg-x z!X@kmjcVgp6d=|$3DRgc!FHyWZF7S9wBVEZ9m0^vFBts^%ECE==8RE&9v+lN6zqPR zv5mcB!keE|uC#KU93AN~^+1;H&jR=%(O1y!?enk=N>EPhziO5TWAqn3?Q9Kz#B%mz z<7yi|a#n0(akAYhjBt0Sv{o~BI_XZG*s|H2xSOqON~*oJ|iQc$4I83%`xa3|4izPPOwzxMoD3I`rh$U z>ZVge_&P2T^aB|PfcJ@s*NrHpb&w^nuCAm*x17szZ|rmOYX`avDpuMuXw$_kEG79x znO&)~z!*C#?~q=PTTV>39aUY8b`UyB{Uw#Bx`=4!l26rAC*$w;bD*F<{l*^>Q4Yu|z8eh)gpj0b@wY=Vu6P`5 zr&8f41}R>{MEiL=9ZSD?mZJzhsgnp4OiB*&nJKMM^-MArz4Y1q<9U63BCvg|taJn*OUKL^= z4Fr9$gTHfV3;GtaE1CfUT3V{0H7A5Qs)fz=wV1bEuQ|K8ytevPqklsHdVw%ocWpZK zhSIwEc8+KI75N{7CfO=nqel1zg&)8F+%JYCieaFhjZ)`W03A1z#V>!H1qxcsI>T~!xRo9Dar#baTc_ztOhqz8 z-ZYcE%6TymL=wv`jR_K{0^eTl=atn+#}{u#7LcfLuIoqFEZN-hcUxhdy)vI;$p%7P zhm6_Rcaftv0Q_54g(v4lpVqTBVrPq;r3kQ!?fG+LGN$v8vRN8q_B%C!=*5`V_# z7ysHjlvH%5@MfnY;>3fxwJRofxM0!#{PYaSfD)KYr@D>nN64yyWCSeC%|&GzbA1i5 zmD}oKJS&Q##*WsjkXUQSM_5lQh~Zfmg+dtl0NU18l`ARVwn6TvjicMo^qVXIutjzO zw|f}z`#Q!Jo$(Kb?YlVn2S5#PWUfRMQk;KJ>c;RAtWjT>*7!GfnS3IXTyU zj>N$EVjI66|5gSqqvOubhQbeT`z)4u;Sa+`{gN(|m#IzKlrs%U6q^ldg?=>fsB=jK#?EOMEA`(Ed0Y5l1e=>GkY^y^A?}+QCAX zV)xSlLOZgz>MozA6rfu>dGufg(pD}MNvt+AJ^|?{Q-0-^JWgY)B&{~TXK4?+($kKY zTIC<^Jaao25$~CJkU~-dBk*u1yx`B?6%Hmxs!w6(F}6-S;aD1 z>w>=4Cf;H#d>B$*V`;^$*+Y6c#Q1)gYpo zq%)nn$@L4Ekehkgaq0^KCVMIF`uTn|+Gqe1GbEv`WRj z^_XaX&k^(Pg&oKx24WVD!wD`$gN!;iyBDl?>&|pfb4>dQ+M!Cw?sWVvLFsyVM!plM z-EwX%*Lao`PB7CB}(IJyPXbVX(UbG5NJx|z7^oZ{j)l8<<%WV}$v;99PGA9!#W z?lhSsEokSMk5=XM=<#^5c>tlA)2<~n(6D38iRE0xQ^fsppPgQ-C8=XsS9#4AplxGY z#NTPUupe#`eb2C{gyOd~)bHj|Io)7XDRIeh9=87IC$0*PrjS-R(OuHC7;XM`vwLRn zsm|q_+baEK>nh%WG1`p`DSJE8x~SvDEW){=q7Vby2S*DLx$v7z%nla7UgMGj;7(o> zZSGKFE}=KRfUQ*XTxxPNIjdo>;8dY%2EfS~lcF5|UMpi*1W47It2{ee*c6XQ&2q%! zD8v%~*k-X(Q%$N`BV$^ioe!PL=j=0WJuB=~Q*(H!6!7tL3X3D<_aD^TpVK46kco=y zm?^u4(#+V_rFogfA6Q~bLC#*5)~5*AC)`R9wXWHFekn2t~3dYMDtxIx+i~l9-%ym2NUMFLFaFIBx;N{yE$ZIdB~D5`hT~fVT|t!feyo) z+PT{nuL@SqmRKIVI{K84zslour0ScsXm8H=YidKG(vFYz`eNM@JsET-i*gRR%p~(z zBALmsTly5B{8EB&WV2;D^kiPVWGM@U^)Y3@cN^n!tedKybL*3g|8iJz4c!?#2Xm!d zagrM|Yl#F&d)~{|vf8g_EROV)`RHuStRyql<>lROs1nG}qr_gh)R*;i&Cr^WtFoKI z{Z#K3Cak&!v75ZUTb2y?;~aeOqB15H60-ivDgFbpwo|Y!$;jS!_VE;MVfvBdQ{9yKK!~$Px7PJ9-)b5NTuUXVZ$&PNfp^sqL{Q{N}D}B!Ndp! zdH?cTR??)yAaxYkwuu2%nT@GD>0_ax`CL=VsfpZf1|~QBZZ$c9(r)plcAUAv@wmC6 za`WUJ01>E*FnMw~exNPn@5Ay5!D7reaFZPJGHEcNRT94mfPN z8GSx_J>lJw#@HJ8my77dAy7le`@WHCZFLVN-!j-E5Pre}i+^Ou!WQZ1b>k+|1KPTo zj^{{L$zXG<-|AhfJNp>B<)G+|q=gs_sIU2bHyHb&OK>0(e8Ha)t}|G2b9W%~inDfc zpAvUQ;vuLH@8%@V1AvouCa`b~Dl8owDFkiQjdr&c>@#O^+c_I7>%*bL;XUrp*mNux z>(IhgA{+_QP}0XKt|4m^WI)qsj$0e98S_I+_RZ;a#1NFtSn0~v2yRj<;aB^3oLP`1!wNRsZrxz z_<(rF(z#~T{Xtq z0WbAqvZ431B2x@m6*6;ESpR`)t<-CpHPJMz^ZK2{N1xwmbgXD7^peN(EC+m&PLZiU z1rafWPU=~dnTm%*c5X%~k+77ACE>|?AQ`VQdf(PU^G5U(Q)x*jLHC_`B(i1C(Eq4ABBa5xCJ(qNp$376@~g* zPxtQ4uFaPrY^E};&~NdZ?SSqEMyzk>+%;umQ^~}g_%<^D@6mHUfpx6RQzzxaR`JU+ zpc|3!e3hx=)o!|1X-CtIz)zh8wcd?*JS-0eQs?6oYNc6aPNTzv0uV6D2NKjw` zVGb-t^H}68FMS56|7$}50r+<>1?{jT`1IR5uVe0n&VQ$g3%-dj@CAcejQp>`kUA_> zc(98WG^i%H_L|$pJw0$99`HPUWjc>Ozel&<_AK3zIJlC^m5?1EUjV9w+NaDPX}#x= zH7g9&?7tFr0tD0~IEml*kn%&vv|Q>{?fLF4z$_GwSKGft#2xrbNxxmxOsUqG0O<^* z)%4EN%PsbB02{KB&)AD9RedAq4qH78k=vntMUx`AoDG@6ipC@Dc=wbqD z!fV=U6z8Waq`}~{%~K*_SaqlzEXtSLaYewRN^~U@(8HGxokkIirL38KLwZD4j7xhR zNR%Kr9~C;)aD7F4CZ3}hQ`Bt1DADlABQ zPgH1}Nc(2LWgAMNG4443RMR)}e5n7!*onCjnG(VH0#jW4l;1IMA$+^u+dgD0PDMk_ zz2mg<&|oDYXt1J6bv+-J(w}PUKRm1r^)u5%>QK*wv1c2Oetv^Z8AVORA5N|;e(!W70-^;KUCu1J=^CUP1|SV;QLtv=h5g4Fm0S^ z@7(UENSVQ&2yhfmD%yIiQ_i9~%`sDsP+-eI{!>xY*L z5WAMY-|0wf=*!@2k>;O!Oc{>howK0eWs?FR{YlOy@#hl)@5(Rx#JL^F#`L=%ZI#fO z>dT!~m(FQAzbO7*c%r@A{MF`gCS}@2e86CYpdp<_YxFDs9q6^(-Mk7fa}Z0HcGYW44~som zHMwg3$8t%q`7jq+0g;2ra8=^U0s#iEHhMARBJ>uB!tA^83>0;EzRH^=>;Hf@+9=O+OGS1J|bU?GKaxZ{%Bo4XQqXW`-pjdxitO zn3d*p&uilxZxnE#1YlzUqhrDQpx~?+@bxobk^jxtpZ7d+5;oKv++97CwY-8=@AcZa zr8k}MPVV{pVEB|~!h(n_72O0wyN|rD|4!P7xskAESi;Pc`))MQ?`E+FWe(-N?{fe6 z$x3gTtRdk)E&jg|v1h~h$+#UP{Mwi@h5h>D-~Pw{b3{7@fu+L!Tu%FUGy01;inM|L z{~!FP@ch4AiZffk>rXc9SK@T*6YQyCnpsV`Yxse`_ z071DM#qW8KeJ(Nh79T$pNK@>Q#%dZ#>B5>Y>5^Wsh=u-6&tx-f%a*tvxFW{|ehD6@ zLNM!R(WG+J_(Q%|yHJBni6LEFv{%vpdT4xR;hBJ1Ub98YWtjN;3Va~>{nw&rcJLOH z!|96$&!qraYQ2)zi*`FKr4fZ#Z+Qtg_1`9OSb5Lr9pI`D&0C5?C+O?zQ>)ihl>l8* z&3bJaQUvhi7EJC7EMJUJo58I6g5LSSU_T#Aqu0 z_GRpo#bYnYPH7z;OggoygpuOet*@n>*i9Y?MpQD@aU8zr5;BQf*yJdSb6SnM7bWn_?-g zye4J4KpW4p6)RB5KUA%**KL7F**b;a$}5N$KmI=A_MWjd2ELz=sjG_=WDsSMe;a5gJH9tpY?bz9na7+Rrt7lZF@<| z#RZctn~bJD)RmXoCGdop9+EJ$P-V3wOmN-lQvYHDbj2I&hQVlH)u(%2yZpudAXG$+m4?eI}*}mzgLpQx2>5I z@ci@_7m9tafjYE56ExWGnPQa3*zkHD51$wvNqbQCA-^ zu71$ccUQZzZ?e3+9HQrWD_N_k1gmMLUJ|+zUm8>;>2MdJ5@k*OSzK@!C;my--QnOB z!ZOdN!_*#+sg*Rlv_`kfU@Nkyu zZ4>qtwZ3?s%SoW1}lqSOk+j6ic{*a&FY z(RyXASX#|Rw}jh=+7(a)P|QfIHC@Cp!&7nE9hUt2ELYFwzLTb|zCHs8mhv<*if#>d zF)2YTZ-5lT?g~BiJ>soZAy5>Bz42h;WopBZtq_4pA{nh3tDdS6{`R7|l?>w{v)+Um z0w4jeGdRv%r3^wURnXG9T#R(yu=A^A>8{NEg#TS{Itmbyu+(b)bYWhaDqeW(_*8v= zzBSNWbOj0MXDik%X7TV~_-VG~6poL4ps@N4HIkc!Vqsj3CSfI(-L{i+6FgNRt5;3G zGwKl#fb^`u$TfYO17CN1Hwb@&rCT6lDs!_R@{tb{!OHRL6e7_7w(IZ)GUYrJ%H{R= ze*8nOY?Y^LI{!B<&PnG9Smm)QQTwF`??$NI@fvzxU+A^{BxHV|uc)F(`w%GBd(-!% zMdWTcRi#FS0i4+rG<%~$d|1a!PFs5qjlI`ez(C!-yf^+%^?$J@QcUxrMp`gJ?TB}bXHsq=F^#gn|Z1Y z9sY{Ni0W!zDkn|*b9Cc9#Y?mGL}re=8n-T~)T8U`B=!#j@)cn6Mx~mlL4o=on5tkF z)3=L|?T+^t@D|e*-w@5F$9#eoT^9$F4;L!otXm!%hA(0c3zvAD_fHCm@}kg1*HNTe6W(Sy46QJhFj{nux=SUa#oDr5cmy$Fv%>PqngBKI`|N?=JIp{k$3Q_q*}f^ z6|u*Y#$psp&KatzuNyG=?9qa>*8VL%qSeQ>RPLDUdH^(({=C@heEESJt5oBv&^5Iw z5^}CSk+ZiVx)+#&zSWI5PyrfOaR>H0GjL;pelNSjBY56k*A|~>pD$S~r*PkHoJjGz$}+gNPh$}A2EY;E-3BrJj8vt&?31%bcYiLi~$Jt zAgwpI`!KJJ%M*I4BbZT-zd1s?-majitLX!tA`8=2_z7@RnCHET1~REN6qAYy0eaE} zWHvV9eW(KA{MsMr*2K`Ldhh9}UZw#1xJ)>U#jRq)Two^+3r%q_?jli>YcyAFPDEG` z^2PcRgbvgL2@c^-O)eb?)j2bw?o5uB9Pj^}YI_7-R9@)$#+yzOtUFKXY|d4hDC5N6 zkPI;94NB68B4V{$7e4vII45(O`)d~rA<_;&s;;@4A4AP5g&sca{tVa{iXV!VrG?VN zVR#0}eyERdDpX5REH+r;whR;oQ4ObZf;8zgMn!6W0SX5hy3s?%M{vLZyuyc4@Xn5% zF?yzAuwiz7x^+!)v(ynq(3}Zvzv9VpEIx zB+Z_F>c9QC}bY!vl zg41kn0IK_Q7JozxhR_JA7Hee6`#fk&J=xTpm*1Wa zmhj+IQO7GjPL&u68mq5xX2-r)mNH^i`*^%qe|deVZKi@IJ`m*xciB~M#xBdbrD;ti zqAK-S@s_e{VnA9To!?POU;w2rF?!woCfc*c#1WAG*ZT`735+_zC!W^%cNKx<^fy>YiZu7Qz8yExj&2Ps>Jrv?@;1>ykch)LK}bM=yf6|ITZy@7pe zG46DYc={(R6;8C@8Vv2c7>fz755IItukH|ewrO83tJRl2S}ir2a~>Cvpk=?;twJ>j zi11Fw70R;=MBeY78-#a#cRrYNem8j+b}W%j;`iA69X?`oL9$EG@l0?2u*B+fkb?bI zO9_jVQC(Mlx(r7xt5YX@uPlrs5DhHClv@rMLq53Lo_8V){=P@T=e2oZ=O^sqg3X`C zH0E(=$8ftsSGu1}<#u)KCwN&~YbY}yi>p)=Aw8eWVp_qUz-h6FjX|r{-tG!b^cgTezJ+5EqUAZ z2=7#`)+g9Aifx;a4h zxJZ5f#{N{{zO5{yyUv>-vshHeTH{X``0T;2m&`Qf3PWgEVvB8sI(v5Bju$d&fmuy_ z2bF0=I;EoY?M4c&j~1$@Pnt(kM9?t4vH{luntU)|7|M~fMsLcneVoE7p(xUCrxFB} ztxt{)`=e^5F-W@VQ>S{2wN^gLxw0MVD*4)qr96(eMaMB($J!rOlL5*Xf{*N+{aEi@ ze!-UTx!k(b1d`$;#{0-@oEn0QD)H^6-Lx{Tg!vMbe)T@SsoZ-l(dTx70^bqfjMRS9 zcO!Lct3!Xl{uF#X?pDp9zCFoRKH|V^>TrM`$$?MLGs55bw0)Z)!;keIFP11ix5Fo_ zVk0xW-a$Ej}GT+UuN3Q7`d?GJgU2+b{f7}tw zEh*)#toPtdFRVx-4=Hy5v$!?q=2A(;(thV=ZB<(lnb=)p4GZyR!7n0Hlg4_=TDW!J zpfnu*a!crWG_M*b=_JnB>UosZz|3s7N}^1u+%XRLlnyvf;egN)>_!=# zfKFR@_ejB}c$`HuSae!V_Z9tD7GbKb4C*37;iEpo2ak`lMYp8s<&%yMPhxi-Io^Cw zeOB?VEJS&SCvmNh1%=Ls<6XODj?y-sdM( z$SLl^LP4#>(kcmf2{P$Athtn@Rp5Z*U^=0Of@eATBxD4dDNz=0jr*Jr1GVY=7@rg@ zI^1F1%m+`_6Fzl7SLn*aQ{y=|t0FMtk&LKGlHA-z91u)Y84omRG4*uF-E9R;}yjr~h?J#`^CtblO*?@jyLrrcCOu=@ERFE5`b#eX1@YyCw@lrLSBljCU0-PI$%}Z30{ghqqz2Q4oT1-> zOF{Z6Smf?@9rM+0g)f9xwnj}YstEX1A!nRKnU&xg1cLg5Zv9}g1fr}lHl$Z;NTG4CAb{ig1b8h*Kc$0 z?fZ5=-Rb`Ojd6YuMyRuESJkQ|bI!#LIbF^oJw7{=a}aM>`-b?j-!oZZot_>cNJ3@x z$l_t_XIJ~K!8c>KgE$#@ITu@8;ULpEsUdDBbDWT~O0eQgwPdi^0PPa`*>T$nX^$NP zqg=#7tHIml*by((P~&Pijamb9KDw>q=CQz8E|6gH?y1V3?7I29VfTj>J&881(`+0QI^sO z*4FrnsOenNesh}}%m&~4b7D!%J(^-MI#RX-_~O#sb}mRm6@;cW;*-kwn-Ovj&IYJM zSYAEgA3|Z7j=v%l(WanS!&r`=Ije5VkD?3MnJy| zUo(^R6n;AYW{6sHLg^9(x%APZ$~s3A;&4c&MVYFzRkA~^becPjw<(h)ML~uKW&Up3 z=bxDn)Cjp8f6XgZC$o*Hy;7ylO~#G3-0%F_Tf$8AsN_J=*A(JlGC0){m(J_0WvZp>z^z$GhOIaPATo5DN|($WIwSX;+tmfj7nZa;*112CNn7&1I@LWT9EnJ?vrO7Svm z9x1{aHrE`wle?2n@!8-bTSY(k@!Vg37 zDXiZIjG`^6uG8Y8A$|4A4}4D$o9J}klluYe(*+e2g7+xceo|)HnWiN3Eg084LP}fI zq-$Q6rD^6ecH^H+YpwI;!zP3zq*@(>T^4ygx;1Onb&SLCx;S-lj;^KtD10E9oGuBV zq16?%$bnPYRCSFat;Napk8~b|;wfD8I4tEvheN0w47~yL*r%zSEJQWJ&O|$+-Rwxq z-tz1vCZf?LbD2RF^Ipnpp;DU+!p)8D5NO!bY~K@+_om>)*KQMCAb-MmNjmC}Cl#fL z-iM2oL;)`%CT`6qGE0*yD{}i!&!%S*9X9DlG&fZ{`oi(vYr)YQ3l8EcpWh{=Of;os zFA)@O_BG`P#aR{aIe%KxQ1{FW8dHD-6t3;gH3p|YcRXkayIGY$X5%f11#}X3y*B$| zH1C;`7p2*av)W!VL;^JhH4`<7%?-Yc zWzz~4<0NAh5PqFy%C9aiC+Zy8y}&tm(R^G3_CmCq?Hz6eb88idZ@8xS^Ov>l1HVc0; z@tATqF#M52KqZ1^jxCBUo~aa_YeG8so=_U06X|R)lvV zlg6uWO_OosZ3eRdT!FbkY>=@%qld~mR=!wF`9Z(ADh!z`N_3~mmgyA0G4qLm;JH>y-#=&|xAXsR%4&|p@_VopG-Hygmnai~+ZQ@bm|Dx@uK6NRLZG-|@Zst?t3I_tJ8zeki?L1tqYcDbiLg>jyn{B^{?K13r<^?kEWX|W>I{=e@a|zaQ>%_>5yRv$JGJl5hDkqf!iuqK!Lv>EN4be4&)1a?%>nQ3 zAuGLP~COCRnjX0`Zn1onk z%0tQg0V-hd7tnEXNQ!N4bjdccnwv>_nLsPJl`ywllK%eWewbf~**|BZR8y4S*>WN1 zkeWqtvmgeE#7!+>%v`6pB!%6uGm*(XPD={~3CY((NAa0rP-E7uH1blIk8f zAH%0u9w#);Dc*!?xc#Q_J5n{dy5HDkzJ$_&i1Jd@hJ90ZP*Xs<*X{SCHa~WbD7Q@H z1Abo={`=0&OX=&D6xA@^x5k6JOXm)sB{0q_-_s{@p8>48R@;DXd&fHmkhZny@Bii56?BT@bf^l`(?8*h4=fWNFoVz^c z*n?N%G(w~4oX$!pZ!D5vspsZinqaEU9z~t;>O#l5ya*741-M{PnPDN4Yq$lsen~*MLT?WlY&q9y^EC zuh%Clw<>$FHhIYlWI8X_57%BkTuy><_YT3Fr>~3h@UX&yPel-!J zZwM)3;K!L1rq~kzjfUT?7{i!^8OIL;QPaSNd~>{EHL?+|Q^{j5Ydqu$KHC;KHEaSS z@xnwIW0~eLE5f_iVy{?=OGk5#Jf{N(nf%ON$6 zF(Km@??u+A5^N8wv1?MjeU~oaR@((N^TQI(bgZ{`KOE?K+1dlmX0tI$DtZj$e{Z^3 z*09&#j@7=zGMM(^VX{1)Zl#!(CCO1Kd5s8(N|7;>+w2i0u+0Yu)F2gD8DUto<&98EBuZ zrpvR-d+&I?c9q1s{fvyf^EM}9xj;9__?f#Y6`sdZq z@?+}}Wz$^UYhyk6fW&Xm<&NUblCP1m#LnqAvqd?N+v&LL0BAchxnD(Jti?CSVttNc z$XjeGH(Y{|C$})Ky`uEIfD+PK7)}y%lJ^nWvCFOaX6>jijA(8;lHKi0j(CGtlCF$5 zL$PFtO34}5K@1AtM5}6a7QGj9kZx6}&GlmCj|9Fv+Qi$EhlSZ6&IBNzhk9d-`x{@x zcJGIsykE@@6x~QfrIqyWER-cuoDa?+SMu3T{CP6z#Vmz9jyuH(J!hhrag$VAKcw*< zCJ*|qzX9+VF)cqAk+3lW*Lu4*_e<8-^yMa#Hjzgd%+bPH8F0lBHK7em(k+jkmxK7t zO9KfEJ4Y<1+F}xpOZABEm=jLxJfKt?W3_wWp6L!FAPOfc+g#TQHs0-S$mPE;o?Axw z1KZ$Az5J`hQ+5x60UO;UP@vHDhSnE{K%@_?OTPR={dS=(0Z@v-hu(N;+*!2I{$stj z@{y_%qm9-1-CS?YS9SM-wp>YE3aP_XJRlvwSmZ(2bW%bDx^sG|%$tEsr${TSQS6rY zOvBR~L0VbGxb;Sz$!w4=keB&YhI0D?EK#)&cVPNC6ITI`M%WmTLC|^y-*H=How?L* zk$9b)Qr>@ODJ2-Mp}<)3O^WI)tRK4BbuUVX^qvS}FM|%&Z@^nD1Y@9Xx%?fTzKvwbXtpK?Y>|>=SC@Ux`zM8GSC3yj4H5iwH-ab(nqtNsBE0PPwd`bM zYP!8=IBq)A3E*!_(`78f^`pmE?X|zYrV`;lGoTN8BrZf2d7ZX z_HHv01eiPMB!lU-&zj? z+D0-%ty6bdL6_-Ss!pn{YX=kcir?l#i8-)6Z_jD(3h8eoqXbMD;soitPCZMpeqEFJ z&1W68gzT8R>T*RO5i;QmDLspOI#Rq)*M}9mW&BL~`)Zz?hwmLkpYlCAyN#WYbh!QW zqKRJo%86HMLX-LELU2eUw+TlU%-;g$Q!y7@N=*heS8F$D81rrTy|Oz^oZhH7Zb|on zQ%kL{Za%HL-g`-2jAz;zvZ?0nGzMQU13nyjrT`+A7{*1@n@_p6ZL!{0nzczm^@W;w z?h<*+CyKt%!z9b|kD-e<7yGMB*13c09ls85S)XBRKWErL={_=)cF+@6Whf|%@ilnC zrerxJg}|>>3htu1Wk~N4HjbxoqPmCxCPfcjg2y%WGJ(lKqF+W6G(t&IxqWkFJ`56E4Eg{a4jy+8C6;nW|5FY?hov9+3&6xl+b)BK)SU6j~h2HKJK!y6`Sr-P6PEeCl60qzpdBD zC-u+jN8dK%ex)pY>(CSwESk6lsxCI=;w{>+Uvm<(Wjut1Ax=o1V{b6HTWr`G#53#N z->xawauJ2qHkJV_mOs)tZBLEdt8+T1b_d_;!kH&QErHny_ws$`9{E-;-g+^e|!vRZO zH9JK74JIQt0nmNjV49k0E>jcBjXJ>m0{#w=#6nQ8cIP0Pjr%5$eii|~2Wm%BQ%sR& zCMz$W>^MWJKml|3QYczX0|Pz`&r|443=7};qlQcQ1?Hc{xF>!BkcUTtGBLqL^9+xB z#=>IQ)g1;5Pvf^W2(B^@w|OH+{6Tun#MC?oX8)DTQ}X8jK@|V~(J%0go{34j8V?27 zx(@3f{{;zZO)~uCLD-vcmKKh@Y9kH8aBAAy0_^d>r}j@j5>vedK-RJRX=JmtN(Bl9 zU-PplvaRJ>LG=mD^3^x3?)gNtfBYS4Zrj03SGLyW_mW7k)PKPSp8(lD6VE>K4rgg7 zDGGw#DkoQwNXW^W5_Kj{*7KB_T|1mV-y{(fGE)lRC=eq2@$bK<_4j0>zXRB0@e@UH zf3IkP-0>KiDHKB9PCzBe_F&g(z7Z?mBL(1gtlJI00&v@68GLDouG}Oaa`(to;y3*Q zg3GOXWH|GjMS?FFp5PN=DeQCrxFJk&;l~d~+FK`#{y3Td=3L2cv$^5%Uww*;ocT!H zF4hsOLrjlsfY4me0gp=*jVW?)gWco9^FYx+QU{O}@?=DWgm@OpiJg{Z%zu2Lf4$qt zXjlWn4Y58AsgRg z94n+SFJ9)JxJggl40NDLwPd)AYe_bDOQ2-~K z15qcNNf(RHMMp3?^g-)AJMIl`|NN4~bZFmw0U+GiJv5=vYoCrg8D+t+8f)U%PmS8I zbxRxd$G#p+Ved|Bbg|n#!?`=%lenw3Kp}78kbr$9?e(>^+3OZ%cXCYxMHGmr&-MWH z2#F}NqHgwF{GJpv!(=HG78cfe|Av~0NlJp|+bjJa+AW_$yr-PH!*Hx?tsOBetJgje zeYZ&1`}gPm=QALt@r2(k87A#J?@ojR2oMWC%U=$4>+N&piq)dTyy7xJykxGf>%9nR z%{!a%dwr3W%)y&$V&~Z&Ywz!5WF2?ens;`*geXJ5>sdEGpGtZGN^g*W6?Geb7uzzAL*t%Wd{?kOLI zV+FDa;mM;!?^5wEq`GKwmxpRy)HjBjwGO4@;@flMCDePun zfVJD5-Wt{w_|oqi2cT~Ka|h!0e4ZOn2%)r|xU16M*nP!KziKLFF$aGHUUd(E1z>cz z&;rnJL=lreI_Dne3i#HhBK1QyDr1*xs#etVQ5W||UnNx^8p%lh;9_t5jr{#Blj`OlcKM$d9x%TDv@@aueeYRo$wsA}-`% zjakYAAoE@Y7YyvXSG52t$7+^!(+$w9!u;?WLoBAp2?HH6DU@0$kURUZ%jWYQ-Rh$& z4DN&n!o$P#$(rl{c;UvV-w~hN5xv@6MX0(k?uW-P-#MqAj?G>dAOX&JJNeNh#u>nM^3r5VO46pk;C6I+62CrpqKzQTjeh>Y5S(gRCYV}xgf_y_B5NyFv202KLM1P z?Q$lSp4Z+KotC@~S}0r1qxYymH3|^{YCMUrDiDsM(9!TTxQ?op#Z0%}KftkD&w~8F zR!&qyYCI%yWEl*v1#IWj8W(D>OQm~)uRVPScC z{@A_b&%LIcW4ei?(^LuMLmcne-+eWK^0>!gyZ;Me-OfSC@zFc<=C4Z9|FJ@UFDkLw z6ZYE76Ir|lD>{j41EBTXs0YPYtLB6wanQ`g(rE7XX(fc4n#`K>TTB(#W%(y4uv;w# z*<#@1F#j z8y11VODZVIKI*epZ-N8{T@leqmAM4XZRw#R5@(l#nUDr2a}9QVZ-T6#v3t)O+N;9Q zQ4*U=QGouh9KXKtX)cP}L+P13Gi{gKbZIj+DN`jMxkHDnPSfP2G~{ic{Q<`^LEN?L zv-7wS6i$xKgs!xkBWzGlr3F1LpGHi}V#W>@RBg)JY za7eh}F?lk3&#ZG^Wi*-1=eG=P#@1d#HUMs4i0$S+S7latSlJNd~8)#Xqd(>dz{}-%IjOPR7%Z0;>psqv3kNFp+*#pqGIT&}p~1 zZ6=s%zLu6|?-{|5(^4pJSkxNmY^AU~%?*#-|vQa{6qS=}|j{jOZYv>6mDkd?8d zya2XiYbr6KkU&6097DP9?nXgKmvB>rC8trPF4LW}$kXp=xH1{?BtWIzmKPXA*$s1+ z4H}(%rFIwT-4|I4h#rdojjJ4AtYwcdYOevrfO{=Kw;h66Q=v~6JkPd?#}_#$c;#+$tqk){%Rk2n5JiaGoD95kvZ^qXu;#W zT;hj%P>NI4gjWFw*+e2!HHbW3pghl%L~P1L>;BfRis3JR^S5tlA0QKjHWSoJ5kvLG z$LblJ80ff1Fb8MHP86g~*w%o+qZ(|5Sq8$2sPbi=;Y1?0(R4e-LA7xTDzBXOK+K2- z7>1e!rcL36X-{fC#QQ!xm&-$G&lVhkYNyrVYIa24j=mA3sQ#T|QI;AJud7~qu#%3X zogI^L)~qEl6xLL+ys~L$KWYv0-BH6i-pNVuQ2}u=750Ic>VrLiBi3#wrdbByE(NrgH{~FM%DP5;eO>(b-&w?pREv;24sz_AgJ2$v;FWMLsxyP( z?ALoAzz<|X@|!D`lNC4(&emnq5%}*{`i`3g{GeecQ0s4%(_T_)7k0ADQFKH1$;9F}4X8!{o4(?WKu67bZnyo1TkO|VmcGq_wGVG{nK1@Lcv zCBUw+r&IiO=zD0erz2%a;Crvl0H;(Nee zp#v6O z?kfrLIIKQ{8|!QyN#3uUDdB-sa8d#G^3;7SUk0ZeZg|!B4?*oTNzn`R#eYxQ|KndQOG5rQk!4`iL{i1HTDK$ft=gYkLXYbd?a#1x$^P^pd{@{Fq&dWU+r zyZb%m%aIR%{QbH`4=gUGY#vS7tPSqi>2_#^1TE^i4-8>>7sx#@)=_; zvsO{8KkWOFgSa7XN^*4{!^PWYAwD`LgoTrZ^`?s;35nc)}wItDYh;eQn*EvfK(*D-4|UYP$}1 z?nb*`y>@Dl9)9;;6;d(UnS%EXE{aK&myD)|(6pK@h=6Ve3y1NHs9_e94=4t=VoJrX zg0Z5y`JBB#>3Eb94w4v@gDo&n9CaW#l-M;ywv&! zc4TeD@VV|8+<$hX{>h^P66Kuekrs(ho7T>X1v$l3Q3bl7y}g|)zYGI$Ndz;}Hvy*V zFAnlv93kPgT%9cm1aPmbij9nR1we)J_4aO0v5|nu$H04iVbY_~au=YJTpft{k~v2f zC5e=&Gz8|Q%|b(%Xhi$+p|wv7IRAo3o2SBhc{z&vn8$LvEkAi=fQS!C#Mbth#qYf# zshMO2iE+9(>9IwzQ6-z+xv%nVh68w_&1~;;FcJFnmOB%c32Yr$gAQfCBkggCuy>(`8;?>nc2v^2ieL} zd5sw{N9>9Js=v!Uj{1rU%@+<3bNJW5@gFxInVH{f>57$cWUd%Tq8P<3fY&LLVZuuk zV)UusGv*XuJL+mgMOr*~ z$nYj)BAq{U*b`i)Hhbc^CvH9^kC?efBnI=?g5Ar=U5l6zwCZ9*S{ajFNbP5mbI}< z=YNvIfj^SV6v00#r z#S^LJ#$6_~cH_lAmizA~{l8O*f=wlD-QYo#Th5(jTV7rD2k_^e*rWgf=F?&^6VObQ zaLuY7>bHjGui*rYfGLrB9BaQt1bChXcbyUPjn2~eysj__^tvLO;G~mo3vIaq1Gk0B zFJItkb?b5GT=qru^oV(R5%tXgt3&7Qm~w0OXhn$-Oi40UtB|rrtiu#2ueMbdewU|Z2^ z*L;BGILh{JPB=bZ5dx>PptKg=qeH0uzYB-x9W6fR%!JNY0KjvfX;e$!($Y%7u_e&y zer~#+A1yG{T#XO_sxmI79GCA7yD60@yat4VySk+{PZpX! zyEl)Ta&><>hG&(#hg`OX6ZvR>rbTOswEg)1?{FmqccJGNH#&E41s&ITe# zH$c$&@Af4+s%<=9o|&7HP~!BpSPXd>A2xzsP+?}Se5$gqJR$7qhA;tJk4bkZ$Tz2) zuQc75ekfv*CUTCCt;8Z`id4_Lw~~;6R_w;}JaCJ_kxbd8n7F5BuEn)1 zi#!cP*?bxQ5c>JoT+ZKn1yDR*W~}Vn8J7y`SzU9GCsIzIua5#Gs_!+@Z_gfd{Rv8t z7lr2>(Ry=G58+XN}34hU0XeATP8!9%S^g`f(FeLM*#Qx$IV1p#%Ko@+0B=h5TQ?ehr0{P*sRhlc0H-1$0cg z0#bQub=wq8-#4Mo&(AxughZnNbx+{HEm$*-kKU^tB>7FTvB3ZB=K zw9V9_;rQ6R`5E3;MZ@txjo4>^+w-?h!e6&Wbddlc33A-icfRbZb;9t&Y0kPiropL@ z|8mGbKxm})5f#wULkAkZb}TeP^+vx78S1UFzSGgm?C(dCn@Kq|_cGs`w0n2}=)2UK z6R=4v#@{BKl?F(a6>Qo&I_w6Qh<3(vMS+f0C8~2?N88@}?45}JX37&D>=k z<$oBMOaU}3U>|(-5!ioX&O;&cV#q;w*MRJEYF~)C)@>7F< zinEJ~UOw%lVs)0ig5%UQ#h&l)tkI^Qs%X`eb5Bf4AS}QFhU5eK4%-brzBsMh_?XUH zAH`(o&RN8OU7(Qr4RT*D_&WnbY>dDQs5j_S+r6dShAP!=3|9nNB3ne&M>1rjAljOU zsbh=pe*(&Q21M|ULVs-jDA=Kl*8G4(9bv>Q*OPWz`&Gx`sLxlwT?JPiDDmXTo#P7Q zf$v0JAy|H`kJ9*j_6l%pFR|#ani`ic%F&lGR@B<Z5O#f6``41y-8p6@lzS1iR#|}3vUk0PTm`i9rMmrN4FTS49Qgpr zYXaXWPY3dE1_6?Nu5XDUX8qNY^+A2nwoi}qxA=-P46q3H}X)!!5)eWAaS z65~7x*pwPqkc9%CCc+xH`H%1OCGfiiDj&&@ue?lS(hC3EWJY1gcz^-=*`(vIp7!`d zSUubyGq)9J8y+SC_Jkn$A5w;YUmE{X7NCq&f?dZ2X${0$B-5TSw9#~**nr>v;~{`* zn-@h)ilz(?TYd6x4>eG%?yZ*U8;Z3^p*^7i?t{CV3a7uG;i-bsoBgmhTr36m20!?V^KxwZ{L`^AiJ_8AC%u$P-2wzuQl~KyyBUQeY#;85LB}q=} zKM%m~XZE!0|GymARUWn_k?;8{T#o4ot2vjC9@z0tE{C%OR@$Y1=L`RB%b`v~57{jc z&t+wr-ou81Z@eMyt&3|27EEjAbf z)s|tlqq5lJNaxHc+v*F=?-!=?0}#flW!lADy-_4T8iC3cto#8YbDN?}4U6XWNsaWpm}mq~9>l zE7T)i{{BJbmal=-fF~cnH9;^m&_!{?4?L7Mo2`G(U596j<#*{1_E4*E-=gFJA ziQ_u!ZJ@g#wF+ejQ0gooq0h_Go|{s;*rO)M!RO6qs4yA|#i?uwC@W)lsB?Ssd!dtM zhZ8{PMBh~RXbRSC0irj3==H1Fg$QwdI2h0ZPnx3z#1Z)bMV5b7Isw9V`DP8{t1GRK zll=$jdz|%5usTM50B&RLKoBGa2=GQ`Dc#@SpRdlFf3e`Q!QN>5DfC5di--z?MrCAX zA~+pslzISY!WsnhwCBtd4?x@)=zFVeBsTSa*X4YoVBA)EtI%45G6Yb^#V#TdGRG5Y z#-vh!nW-@Dy1%_Fe{2(Ubw!uk@@pC{=6893M$SLym~hK>t0ez1L>(t}wBT{E>K_ro zoxUdqG=nQtgb%}Go7fVE46Q8-1L*~sj0^T!r3xbir^TVnC4lI*()KeT@}Zxr#=YA7 znA)Hr>BEh)WEx)X`fvu3+iBg-^r=wLET8j!o%d1UjSk3>3c~$+@jL|(U>2z$4zkgr z+6_twVglCvRb^+9VbZvh(}HzUNzAK*kImmu$fX5)F0AAVm6&o=vFcSHYF+^MMqB4e zwk;s+=y^JWm9JgIy$;=|MQbykPY4j?LN|(33~xehjt}-3^xqSKv^aI^&BOZPwaffb zjYl&VC3jcdTd=QT3YG)TN{qgKzp^~NRcqd4coGyLEWH5NLmF%VbJKQZM|#qArmj{N z6m}Btc)syP%%)$Z$`JiJ) zMO#IcvqKBSNR#0x0#jLnai{50%?OeXk>!TRSNDroqZP&uv{#3kPKqM9=N@i&(wa@h zs?yl}m@}2e9lfK5PDG1%9Jpo8vy)9NE@gyI;s&ksx(J4)OPAfP5vsZe{^~5CJ$AC~ z+3UDzThaR#O)Q48w^v(bOXqyW(_Nd*^IBugrZ$!{71DsbtT4;n4_iJ!3W{-UZ)Vq% zSD7ey)Y*J%0-MD=C%Mw)M?;?xMGz7}sjAcNFG7bcFms{cy!*v&-jXI^NLliu(e8h0u}UO!A2e$@!E|SD=Qtru0=;Fy#>s?7E}2_nVG}{uAF&6&T*O9FeHz| zi|TFS%3gMNBMS?(3ld_K#P1g9-uZud$j!mqL4^_gpa3fm1-tVCYDc6&v*9)BugB|! zm9WZ=2~67kBkx4FqlK0wm!-6gG>@U5ukV9Ln7^4v1G=n|Xyj6vxbX$jcjA+&AA1u? zn!&eTE0;z?a`SNC*&8`riJrn=3 z&=)303^ys9@SMTOg!#Cu5${yMi4BW)mklAg#4XgMtdd{b0VX1mUrj3o1Kbq^ zGQMF1CR_93MQtu5z2d0eZh}JnD zB)>N54kwV*Q>fkd$c2Sg2{h~p-vfOa-Q*=}Y3o8W+8n$MlDe7N+;X`IO&TkEBxXTA ztKNYNb6OBL3~YT4_lhmKkgZ6y+HBE6RHa16uTwx3*^-Z*hFh5q~kQWm{?TM z+f;5R5re`X&)Z*J6$E}&gZacvFusR7Nt3ciDjFdvg2Ae>(i>%n#^Y>Bipu4Dm(!G& zoU8IIAQWeOpq1MsF}zs2GFjXobE2!2K^)_}+HLz-{*9`@XKeUjWFi(X2@p9U$+2`S zWz_5M$sfI=1USilcy>{<4K`7?^=6%LTJ{pZnXWlEt*{+MGn{q0tBnCy`mBFBsKR=nshL;xm3+H>g>4k*BCm97e>)Y{KtfV3PA%V% zy1&pU%RxgM2|%ONX9iynJC`I+PNG}UF9b$?sLp43Ar}11VKemTol9w|2n(e7G;U&k z-+HaqVQ{uup;E+Yp;Jx(FlOde19Ws}kSzwWLk=sD)#c$FR_0Kq&K<8sO=t$=D0*<) z=@yX>o;b#U?((4o06Ic^}7otNF(XeeHBx-E~{=jU5P^IDN}bLO?4j8I}s zkZTA!y-|OOhVdJd56^C#quK=z-VQ`PLx}v%r%42c66_gfy;;PEp7`Oj9({F7RZobk z6k*4`-kFu-lTxH#8s&#*JMd2{q$@KtnWq6^iI8NQc zmJfB?`1=ehf^Fae5lVP9yWNP~_ z)MXS%+fP!3f>qKWn#YLVb_kkW7D^`;4hOtSe{rnXw45rPMw4aKop zNaW=p2Tc1%PgKA~G73zhm<+9QXbVF8#KHYyAedrxwI{+9CW*7>My*bcgcRI)&TmeS z2jzBbhlJ`+u1J*m3kIq+{pTyxOz-=!L0a0t#!BzxtmF-GscMQze$d9tH|>4zsq3o! zGcqzpk*m8GbL5|sfN-+VRfmSOehKSN6nBw~AP`y{l|pwwr;Y%!z-!QnFa5$jPFi%9DtUQ2i% zX$cd*(CBSFbW&|JBf;f90ZO~F3jtlY?!hozP)MbkOSQkH4>MP-c__~P7(qDLzdBy- zT3%~BFhwv{C{001NvmB^r&OjPPp{Kt6d3&JIZ1VL%)w}Nz-z752CRn z(P|}>o{Y$ZdYTNyKSe_@kKKan zXOJ^$<4A;pQ)p3togdB3^&g(QN^*#6O}|2f*Q~WpP%!T2SAFqeeEEfH@@D=UKEBp8 z)-HIol{eTX#brybi@_#xb3{z`vDOdA99^Q}*yQR?R^{z>7$zDkb6*u?Zx6*XL>7P-PHc9>dHzVSDt0d7(bhNn_u} zov|Gtv$+oeRaOOC=awTrC>7b zM7{duh`cifin22dDq@7B^Pc+@dULOFnx5?7ZW`TQ9$0(ob&qn>l04Vh7aHL-nPAMm z{^}W?1%MJ1blLbwehEB|V$lfLUJp)pgtp2^+J3D9dZi>q#Fc$Kae*O%`Bd~B8D5cA zH(8~{oLZ|ys~~kJ0;7i%A&>)FKKr9GWEg7jW23<{#UCnd5SZ3*peaSocV5D5;Slq5 z(@!ROk{K!)!>hv^!Hq&{L^{3mkH7*IZAQG8 zG1ck2!Rnf_KjkBLs50VSWR>s`vNBl6uSUVlzqvZEb*pggV~!z7HaFw(8c|A~7BleqCDvefC`rK0+-EP9^bu~Eq>D7*UjKq4Ic+|C zF5*2-(b z;`#1We9Ju?ZcNK^i`yQ1OtbfUb7S|_ZdSl@{pSz74NSVK>Ps6K&c*3)fpC2FToJaV zs{9WQ$1}E>TZ+g#}H#7dWr z^Xidz$_yL)prN2A6RAf&ayncTH+#J~*{7+#*{E*M@UgDCJ+E4wC&>Qzm3B!wjm%8B zl0g5k>6+QKH(`^vBzbozanxiMS0f&RMav4RiGo+GO{ulSxaz9<@I4SA*Wk1Lru|uB z`RUbC5450Vn7I}Qod|FAZ!R|A!uukZ*r$Fx`}$ZiLq?it)>F0x{1by-Nnp{F^m1Sy zdJcFIw!}Z254g?7s;(U}^gFCR3?Qd9Ai_j4-Xbj}S6fU*em_EIVgp}0mC|b0%BB)PGEhtx-jT zrhr|d)-(T!y-2U3U_MpA@OhEmT1u8jRrjL#ajN%g3`io$9wV)?t~n@ZH)1?b9IVD9 zoxY+QhL%|O`Qmcf?_LW3&Ya!qqMS@NPG-y$Or2D*9{Vk>XyEQT1bSjFM_$O`mBSKz z9F2;c)y1#P)ccKqFmQmSjn7Ry#g5K^>Q6loIV zf}rsiY``G@od9k=%F>tDq={9%h2`*8mVspA(Y?va1M3SeAxRdV3xJcpEXtzOR7XvG zKWvlpUI;!FiGW$I!nF2$1rVjIuwHOCn?Lp{&^ULKKA*3*mzZPE5U(&2mmZ)}$bnZv zvES^?;&T_B8K}B$3b34Q67G+sf9K$HFMP+G!(k?y&davxY!^i?ZQhs0lkl~+Wsyz? z+^IQzG@bWVJp?x5znB4b=+}h&-m8t3vF<`~o=rtZ zzq8bc)L{wELW&@~r%9mKj$ZGJ`AS1n=W;mz`fB)d!OVJJw0MK#4w<>qaEpBaOH)q- zQ4!U20JUTDJDc@B!^@PNQkkpUKozpUViE#+-4@y&rF_IN>0`hLDj6Wp#AtBXvKCKb z{=C0XEe+c_Z@PhoPAdKzzr3BykIjMu!I&(|!{TkQ^?7mHU;ev}E;OpthqV#yFK;Nq z*9UGvjq9ip5%^pch)iA_Hm?K?KfyCI{m2oINsed~e7HSoJ?%In3L}2whRdEWD+uCI z3#Ist)gbn>mGW%|+j>H{9RIQ_t~fB?(CJ9FhSC(nCT~I4zse2!dgzi{LrZ^1|7X+l zWRmwWNzPbqJbE)GZaS%HvRR+j^Zct!op2ScpjI7sB<6d=-#Ne zl7JctnMo)%8k@P&*Vm-(UoJLJ)_RyNF0}e$C=%BDliq*aGcop~I9~62Q}4Y7A`?%g zJpNqWS-ri_t?4dA?=iG0}+c{7e?l+NoW z0%#zUvX^iA*b+~4ZuLgJiRRZOJb_4B1ZJ@NZTeg{r8ympPSX>IVKaTtk&4nf-S86X zkE1gN&$`n@JOv~D`J-#^)GKnL`LuD}&W^Jjk7i_}$;D}f;4aT|5i=k_0qsz;AYwE-yDgu5Rg8T}w)bE|5KmA!$ zZeSijLZnQ&WTfJwFR?=pi=fGDRRNh$&{;HR`C!is06y91{Hh297H%l8jzu!d7|2VZeFM&PN zf?3OS_Co*qXQ0^(0ncS}5Kzn^0h-SsjZg+AUkSL@xg0@dHz(1mN1KwHt_Y30I8^pU zlgFKINX+d$T09Eku-{oEwc382$XDs>%y{o2LoS_Es*#8ldR*9qm{q7k&%ol7PKx(1 zZ+VJ@&-~$S`{-6>B#$bx-;cfCsBC8AS)>BhS`e*9#Rq^iR?=S9sZi_elnwiB-{ojA zhH6PVApkBSzkWXNG$=XhK40B%JYG4YXl=pca=j>OO-f-a+zQ6zllEk#%aV5zWbbH9 zYY!aF71QT)J4ArP`Khi+6%-pwb#Lvv8|=d-5?ur`%MLo1;;oVu^hhuk-DWYX)zR+ju^ z%cH3RrtC!AFZYecyf%)vM@e@kO*5MyGOq!_(Xv!750%yKFq$yDscIJCTL|gVj<__5WkF!XZq`RcMyFeh@BRbc-^SrH$lP;Z=bYzp9`VD3 z-#tO(09pAiWln z7Y-gG7A8Ug`_%kym2+z zi?#d--aVPCU~GvKGy&w z!9y^7r!%y}nBd#x5@V?hZB<)rLu>51v(^SQANKK5Q`(XlpdB9GkD9=QsIcNZ!Qct9 zeEL|`18T7jfOJEPO37JzIEC99p+U6jpwGLVeEljYDw0&!ea#NX;htw#8OLfV>bYy$ z{q+_J9=mSE;Iw0fLH}Fe6d7$f@7VtdC;hbsU=Py$_UN7^olIsmF3D1`tE@Ixlpk6^ z@NKCJ7IBGgc0RUFHdDvUGCuTyreU8b`84%2wiIbqf-`tOoTcs&D5kG`+AGhU1Mm4i zz$gFspq<~mACfHn+TnzVoP%}W;yg#Ft2V9vo;W_~V**dT-K$@*;)2aMr}0k(#&K}8 zUKgo0YJp2g{Z5EUbC|d&?c9pF{7?{cx=G@vvhtzf8qEjRB2N7pjmEH ze+nss4rB*{IAUgz&)%Ew;8|#Bm6l-Es2m=OZ?%P&N|ookUecY#j^zc&(0jG88*Ep^ z1WL?Lr^VY}5op$%Sw1RW#Gfh@jS=4nLCkrBP%LxLTU;6Y&ad1`E~-;s1e3i(583u% zrofMo$9@($m8j9~VBv|Ks>E&;i|n&G_SfRq`ip6i3R2Wg2cz9Z>KRj>CX;BP z#uij!5j?8tg_xh_-m_oezx)ts(kKx8$Yg=+l;I88Gd!q1au8oj zi9<4%hp?x1nTpv=9wdKK+|TaHZtdkW<@xSro~@OrAX?v6fR>C;U9Uz=GU<+MjbgDtSjqiPa3|3_F5 zh;-^?2oBT_88j-6t_B3MR@*;Jak)MD&A%?|S^B~^o};l(L= zQZFs?L69y{s7Y|LsCVdW*{K-V{@9hkhp3A5=IJX4+GH|y$MdPcz3IxdWAX;;WdVKY z6cuK%us@}Anu;u3*bG>O2nn-Zr||D$qE-qftdcidX1YWapW|O7{)=2b@t%QtfGXY*h zn^?;5&Tg9wuDI=nuxWV%B=#t+g8o2Z)$3@M&p_gCZ=8l zL`;Hr%XbX&cY`9VCFs5y5%L1cyBopIfhi5oR^!0JKNeMS2jPlVrOYHhh~Q!W#l#ZB z-QCC3a{@Nr89ugfrQ++BN%Nx&URnmPo2I<2wyC>HCyp1=g8F<~jh-Ja4i-tiH5*O+ zZO|)0ZhD1-qfEL;BN9Q;hv@vI1+JJ@!LNG zv|(rP0#xo1Enx8^=Jg{{S?Orni#n}wEnmI{_pC1p6625ZJl=w%=IZxjr;ma>e4s%Z z&z9#t_j3_*y}%<4jw|^NR*A1FD@#_1xWCgRNI83g#FD-eLoA))mtyto28T5D0*h|ddau=l#YOdAVK+tH9TDhG<$u;OlJh8S z@TBn=d49y!o^ip}+G;7hx&HP^%8?rjp-k3z{vt)LVX|>N*EsHd^jYfE%=x&RlrA-r ze?+bIa;z80JX=4lN}WQWJEz>Yoxs*u+Qfumtp@wK_3M+uv6JEXfRJh&^A}M$?xlQd zrSlIpE(u;YDjv2D?s%8T6<=BA%8jb0LOX*y70i~voqOhx0G0k z0e$imtQ~{cRI}xSy$uB9C#31I~~sD?k~o8c->{U&^RF@NL-C@3;q&( zVlWoD!Q|3!uOG`=pOd1{t}2J4fWVMoW{Y%BEf3)*zx7_BHX3|I)!Sc?V@aPFhaP(< zw53L#?`RVD$x=awO{P06jlyQN>!tS2JH?8+u|)ru@)MZ&T*~IHpAufzGk$PeY16HD z*s7snhd5gHG0eE0{kFmRloOLT_9Lh@aiU7HS~%pDz`!2B7inErt;QfXc->F0}8*AH1gV1}9x zTad-?pF5BV`K@pG-zimn-A0zI^58a29J6f!J-4bp?Bc+PT@~4Guv6H**!O@OzOsk4 zKsmM>V>hAxe#8$6*vLMJrnUI}p?l=egGvzhs$d^&$l}T?i!B~;q7v#- zzp+!FUEu|`wMrGnat(LFS9&39y18d04l!oC&0N6st1T>-YD>&yXkPqhH$I+)W%hF_+wpjP}g1i>-JyRn$&*AYXGs|Bs&oQ~pPY znE_h4O01@13pJ*li?=~I)H!D)XW6&en}g37=z-Lhl()f=#jfJxDa7d0YVGHciXLdt zwZRjo(_!)2uq$37CX48?=#Sbv37=kG|0dU3GStHeJ96ncFk+UVWG&p=R`qj?sde##rShH6;P&$8o%>|_ zZZUc^RE-~>PDfHof1;2WS$a$naDTs2Yn@=mt(z%x{KGnlQGX&l*Sl2_5%aEpA*#ir zA;IlnXAWe}#FwBfi#ctWR0p@XpQyU!%Qr&pAm+#Fy1eWygC2$9SBqBjElKJ*&93%L zi5h-YBPxw$rkM&stK%g@l$#0Vut~|gFLAW;;|jsXcq3m+$Qx# zXMa0Yu+ZX+9U#EyyS&q{cM~vx69*jwrtwfJCB|}TX3q9NC(C-z%a4rl?XK|WX}6+nF!Dx`!<@*bW#d^N(qQ-93-6C=Y8uolb#i9#C2Hx? z2DTb-$zhErIl#dlx~AdabXZ*fwSLd6x$264 zwEEepL0<(9U7Cw>t5dw)aC;oA%*_*Rt0vn;Noc)>67bINn(a#K?5|8#287k>f+_fV5$F>e>l2)HPA;Mh} zoU(z!6v(~Wbhq!vlj?hFw_-Ke!iSW4kXFmOSe|yUDYoEjqj^7^GQDi#bUL;ezfi3^ z^zjTya4x3sq3l8G%W~3TP6)GkLGChTPx(>uUpsbE6NJ}@#jhj+aN%KABM4XgUE2xF zTN}L*YgS*vS=MDy@)nJMD1Mn2{Dg8Oe?65~Ziaf|c24Qi(d17sTblc<;I%oIhs#{L zCy@uIr?B>IxH5Br$58M+V7_rqt;3jn{j^1tIe!R;Qehdb1UwxyaM)hzL4GUEhds^} zJEjZ$z=A`ux}m3WzK>FAs|<3r)ubWkmO;13)`hV-jWU2+;fCAmr`zKop@1nLT zvw3+L2#W-r1s-m0Kb{QL1qpjYkM0^GA=UdoO@fW26v&yX2k$&07(If^+u|sF3*ATT zmb7lCQlIDm>NMDSI{LBr{gf$tCDLo4c$7zGaV&@@>6c%&xFKO6|q2 z?IvE5)A+VobadtCv|@d_y}L9dk9IGDlFuvT1;y2RdTuM&W#!L(hL@TIsOzrL(axO{V7b<3cD^jVSF8gvwy|q$8 zzx1k8n-QVQ8SZY$?aiCi7Oa%(Q;Y4q-M8*3N-|{Z{-MlXiTa8D7wDU4{zYQZB6FAG z`PPeQ)qcy3_eU*cohn0nq zkd3qrrq@*5-QkOO76_5l%B8G=mWA2}VONch395@)5Rl|swMx$v`Yf25r zK;Mc3rc(3#G52M$?QB;-D91s(Uh#GMb*@n+LaNJPpUWw3KOp%?;T%l`@!feG^OKAK zVJ73qQRkQNy~{3_64iZmP;2wDPaguSB_y(%g44jiWCe)U-)WUB0 zl$SR%#~_O06V3U~q(a)Sn4#`S)8#u8hvhBuTfFdB*P&`!q7*Syv8=ldg$~bga%2lJ zRs2eq>vT&=2nh86tN8u*psw^Hf_BxzQtei&!35=^qg1P+eCyOXdXbRw%ZYjDj@1%( z*b_k-i&38#)GZy=bMH6sl_lHO{EK{C(H*;{((pHllF5 zEn0i(ULn5QMJ-i!)iC_tHI+vGaq;YugAn| zLFXBQyThzQq5PD5k;d!Rat&sM&WHXO^BRP^ZqC&r`}L3SRizz}D5bQ!uhaPKhP8*F zf#L)Y_cycJ+JZ3f5;B!@w*n+nU}jbSQ1&acxhA7A;7&S?Z#O)X+G@sn;f&ww*WuPU zG2iV>S0=6UMiEDr*XW+tJyGM?)9)kl55*M#V7{~-tqXVvXEwemlz#s(5LXJz)TCZK z{_0r(DbC@yO*n{Wrx>2hYPrQ<`VA0BWSJoZSdlF-gWHM4-0yw7$HIun1K{ee)^rH?# zo;%?!dLgeKL&tE(Aj?9wz{rxr7g7tKQ$-B zj4h!K2xDQb%X#&@ngNQCyDe?c>K;|f1DJ1hFSh;yW|e*bK+Tibirm7T2Z`LVM%f3+ zk17PS3mopur_A*DLjb9?Dm>aV%B zQ{SW3X`-R#DqKenl)VL~w>yVH+u{5}Y#vG(ts-ODORzwgMgW%LGLNca& zK4e~SUQ^?mcsZ?-^C?N!vy+HPvGxpt>2YfqT`SFCZ1G5%H0+;KhH=zUHcInirYPMXb5()8etn*uyYzd zbl*4U9^P;!VnRqK;@HhK6&}FI`JiiLvo*|nGQYQdfk?>eVYe};yP7c+ORemvFO06{ z2wUy%>fC}1o(cG28TDf=B&4wgS+%4;K^fvRAz7`TZ{DJxPzo)G(TtTz2m(ol^YPh% z)|zK{cc0N?>(#p2Z`mX*8c-SBP-w^C{4DV`FsByi;Jc&R>6_1Pel-3@vu2fdmJCE! zkS{m0n&*6>xGxhw87Mt&rbsO&&-#FB7wCgBYE&!u?M2^UeoGyDi*QDQ!lKVdgdiP5 zkAvSO^eqhCFry~}#^w5i(@ZA2T!=l_zGq)BEpNY5+6c~DcTZ4Chfcp7)M`lL4@*1= zJ6|JIyE#rZ-RI7|<~jt6IQ?%{i!~D_=m1>E+FVn~ZFKQ-do%#YK)+4JaanHr(^i?(FcW^O~S!#seOtXh=^5M_5F{E5KY@I=LDFisy;6x%4;V z7H7@#o_Stgo0I6VrS97Xn+Y~)p7T!5Vu!|In3J5G&!Jj;weZoTvdQsUtp`9Xx)&%V zKdo8^M85gPschNmn0%8ujqw8cz}0IXhOtquw$e#F!qbuIMdG5V-aO zqCT?}wzNsbLikK$(aqX{d~xFT$e!fbZHuZ-9b1vqqN4MoAI|6H@H}DX<_6YKNF8eN z#zgGUklod>h*ap4$2eU5v9$A2pgBTQ`sgS_~<9Klx&9?em>xkZYq`?HniC{l~nTVVJqU0 z?nw{(DW4+wH@wL?)!SS>bYx3kk^_=%%YLf&1etWSNF}4npf6EY+xDK4qmy$LXruIT z4OR`&`ES`L<@uuakt#Q;aUoPsWBFJ?)QpD!&UL95T`!Eud(uec6ZZqVTFn~K~pyna@j&$<`8n3HTQq9|y_1Tb&_ z`tweqZ4Bdfh%tKWy93{~%1yd({aZg{LH(<&8h8X0tii^lTqQp3usZEo6aSU{rS>9f zXrT6|_$VQ7?V0aSQ{y|NNd;-XEH7RiuO@KpE+qx)xT~H!Cw_>PA>RE~i(#=eotkcs zW7JiC4S)Z!$>Y?KWHH7L2eWbn+4-WF6(=cjB@Q>kKHq8R zcD`|>h7*MVr<@ES$4a*a#HX?E@l{B{<xqDvp ziChd3T%eD98WqugxG3-E;zwHQCQRNUrI@zYo_=d?F+DaPU*zt?8Q7%)KS6x@7dG4b zKYPW&BiF6RoK{UMoxye{CV~=_;RpTQJ&J8;*iECZ7oSEIV?UE16^GLM3k9Igu%X_wp9zTil zB(q)Ct5M|qrs`i*L~C3idCUHAd}#wVk-JQ~X8uBL^6{6D?}AUz@<;|B5JZ(yMsKfR zg=7W!Uc*-hH`j5TunM;D7z za_%~gUvv`v_3JF4POub>RAFQLlMznA*;!KPcfa?l!8 z>!1-WY$Q>i*a@C-prb9d*=w${QyIdBl>N!l?d3j-4~Gxpr!l8*ui)Ts>m0Wyhj%N( ztJis_hSkf>Lfb^h+$Y<63{4Q6B#T`hEeBvllJ1QTJw?txTiSJGvh!4C=R;t1PWk}i zkmCY^btNm|-GJiB>UWjgLOfq#TCQEge8$hxBQa+_yS=UF_1 z-t2qRnT$f9+S-EE&Z(?nj>v1vvR4^VN?mJt%Anz1@%q$QfjhP2(oB5TUcY@IZIG+Q zvlFt0gfISkX7!VqOD7(!)oSzIm~yttv&%<1zVUp?oLL>9AqOB8K+<5haF{ zwgsX~;d`yM+E>1ZbVT!+^>*S$cH&B=`xvw{oc_c*+Ql90?@%CQp)FJ@`CXxMd&Op1 z2w-&NZhzc!+=rHRrc(L{!)0nyg!gxdPow_K+>p|(TUet;y{qC&8Z|S7+(j-gIzOZf z#%l(?tw&D_r;DQg5Tx$B4hU$$?nD5dOcS`oa(Mlco6E>Kq}vU?Z$mTzJxz^KO82-^ zn~dq`6?v_q^9~y7b;qpbM!V<{o0kl5ZpoiaKD3!Df*@x&>`ELtEVYN2hrD7Gx|>S4 zM#-pzJ!XZ(d6?$@Fe4?;D`nIF_y}JMtH2HQO`0jqeb&evx7oMZF%9zmdbjECo0dx} zm(L+my7$g|SAD{0rP9moZ>eIaqM3WrJ=?SNvr!EV?>pWwoj2lXrFm36{)Lk|??Av- zkZ(9MVkL94rZP-4abh?SZ?QwKz?P?Kaeia!4*{edymqq=1e8IJbXMn;72RvYY3q~u zrYB*FZoHQ)Uv!8Yw{RbajBX~Cwz8-}8NywZ*u_cf8q!jyiAz&#qTo(fr}yW(c_>pe zt9RLE?YfnU?fk(K8%?sb0S$}ee0%O^e5~biexvG0(>cy2ALtJ0;&;pSem++gq;%SM z`G$GmYK=l6U68PyX?CyRv4?0fJOSMqNW@8JBB5^@QY0xv8F$^@=Yv7nPTIjj7UT^M zB_dbo?a=eI0= z)cGt2QtTa9r%x$abF(k>p#E^EABAoyitK}1pz|V4;LZ){ZQii-jE~XZ)SUqs9~olb`y(Db~I@FH@bc|1xiZVH@E&}@H82Uzs-2UHX;tY@+UTl z9e3-O%f8Upg^Z+P^fXO#R-G|At)NZE71vnxmZ=oVq| zdMX4*O=K%tGo|Vh0dtjEKPfFkYM2Mnt*`8fYxQ#VItS*0+&%CNh`SVlgL91vwI zEked~m$CF+I;QUIYcF2V-Ntr>-8Eg*7H6ims@Gh}q|2gNI+)mh*xlQdN=oYmtRV5k z$^6hZ#!xFlZ&k0Jl`Hf%jkj#}AxR8BEz*BaHCGNeJol)EpEg7;C{Um(<2Ja^T@OGgiswzrnCPTd`r6Zs4$Ptd62-Y8(04ok~}kzFhPlAGB*{F z%ej@jJbzVT)JI{-XZ|j;$CG-|^@8;$S?|Gkd2usUk=GxF-3-M%j}M7D!kXW40-lMR zQEt@N5l@K~<5we!l`qr8B&J@bvf3ree;SEvx!>2HTII0X+Dg|>JJ9Oc8?f`P(O7JK zU%XA1$|!CA!gH%Dpw&|P@)_TE4-~A?57ZvLapXg4+)l&cT3%^o&yds>7;s1?&xhk$ z7%~6CqH7vPcnwIV>n=ErGcH|(>R+FyGcXI;R4_e9u0<$|ji!;MQ0T_Qczq??`N`F! zKoyKd{n4d#7&|kJ@Sm>w{PFmZ;gTO~g^}}mG_Z6l$J%jKVd{RHQpFzPOgm*|p)sE^ zf1Or)CuvrA)GObH#$Y0_`q5YvA%r9`=AC@b(OgKLT_eLOo_vBDR48maj|5V^h=N3P z>dO5^yNOYsvi~UKE?e}MFI{Ehu7u93#v%@c*Std{7FYlZM-pg2Y8m97^x7WBA$Jbk zl+k(Ye+xDXQCVWxH}>>y9*i<8NRHR5^@+=nS>(aW&4H$Ro3)&=Dv8`RpE7zDzecw& zLkKYiQ!xuvlZ0$p+9r+y8jRKW?!f8H>_ckYtc_m127%Rb3wf>8;`q?>{JqOgs@+{i z4!ho|J0XqFGsHbD`eA|u7!XQL6r5k|jN;Mh`^#rwPOHGgW0NCQsAQ=oyunF61^-z({H8qPhy^>PNKM-neN31zaHx;0bjNtmxb_3+Hv?Gp)vj=sSJ=6=Sh zM@e_PJo^2|Qn>e>MO-O2&tG&aX_9%Iv3QZXA5T$c+qJqUIOXxXoTT5_`F~!HJ7F+% zUGHU7E#Ca1&hpS!yfQfd=fe>LG|-jP*S@FCooJ@<(ps5D`PPLl6Wze(PmSGO7oXGC zz-Ke5@sXv9yDzpc^B0Z9k?$&Qggt(oJD)0vu6?O`g;bS20@$v$nT>}K(M)c>RFPuu zBRVxZ^>ofuPq{2*O1EPyZ5GgW1J^Ov$%snEY)qd!$e8;!uKbH4hW;o>Meg%r9R2gDry?~6+ckGduuP`X=?;e)57 zUk_g9e2S3+#NON2iRk5Qf_j!1<-=t^loQ(uZwZ^mSLR&)A|OESK`=35BV4}y{)%g8 zFc9J6v;fe`B^nuZQfbBu`+xt^&g+vaoo1$oP^;#7AOV%@oh8WlF7;)O&!n;G01kq2 zjDmvQzoZg?o3q5>Uwx*0*Mi_=iD7=}cjv;1pmn~rvLT~i_+P)FOR3=iu6DTuJ=Z)7OH|y0F(Ofd&MnFb|XiD1Ic3 z>P(@;iXxz+X`bwH{-uKXOT$0w+$!TV`^($>w={mAvOk)MGS4rw{Qs*LAm{$!%IC7D zb^`g*zx}QM`qBUU_5ZpQ|NX)LyEy;-n*8gTe_fmo-G}?TOKncKi)3I-^gAFF@a)WO z4;EZpfZPGid_wU9i1qpY7zwjc9My3Fto_ytW%d0uF{%F-cPH*g(vx7bulwJ<=@I_0 zWoc9!##33fmv{id<6-a|>}1wMdFm-t$0;t(R#E}0TN4qTm~5s*lUea&(DRQul7!d` zW*&5y?Z9g|{EhTMa?W6~wij;5Y2&*!3carHi{^l2tHqfqsD}vTNy_1E+BcZJK97;! zxLsI8a>rRVeb+W3S1l?KD^g42vUqhfw=jD#`mCdLQY3PCgc92*MUFTL`es+Or|dE>T?ojhBK6g@Z}nn zFt&bgm6U3>(nXMejCDR<<%_#`O}=@@r`>|jsm5nL1I=at!uSs-eGh6902LL~jGwDF zcgo~lE;cvTY_!EA+o{E-oU`c)#+3%7Aqo&y5_h&eKDXu~_}5kAUsdJ;WI%W&lUFX8 zhXu_4eDY`LJ=FeCkgi3=BLGs}e-xn~iZY9WohuF~>xQG=T9CtWLu$kG#B-|eAvA^q z(b4@e{e2DRNoN}{M6oDHw#AiQWtLQwFwh)AI4g`XMy-*h>F+(nptU!W+Pzy0rulNF zegep#b&A>Mzkhv$Nf>DW6nH6WQ$WmB|76n~37wb@*z?B%HYz@uVUiMwL{puO;n}R1 z8T2BVrpZqyBelnOgcDamN>Qce~r){06MsAfjiekZ<&v!r{1+8?S~_Zss+9gniO< zlQ?YgQ_Q={)qj~bdCSyPPM+LM+yV17|#-k6V<}!Pvd(U^-4O$bw?oDMz zb$xxNsg#E|=O6T397Lu_rfTtWiO+o6U;ou9VtdsqE0zb3i>%fTC)lg|0oE6~%Wink z^aS#-2V(6Hah9@k)5^5YDVkiDf7NF zJZ331nU*q?ETa@y4*ehDx}rO`>9-fIjdfXKX<}5$#qUJyn+3ctsJfBJvT(Q@56o6U zo{io|7v9a`7zxjKHr0y*C}bkXof`Arg>)b4G#-kF)D&w7%Gkdu^nZKsS;V_T(#hb} zLkEh`S1f@)(19km7oClwH>XvH!S>xxolJ)WDn+UZk}E%n7^dtoVShxUs^4RZ%%_-h z&BmodU?*lG{F>ZdyQLUE?42A%RN_=YFR+tek4Jq;)Cv5wh71!~^0QSZgd;ynm3>NJ zTh#gzbD4+=pW$HYk-oqEip_e74$I2@#D-ZcnIq!GI}I5ioha-G<+jz3YRnN$mE^mr z3gGWsO zrf0yRth5M-)35jVb+AjOiZvy`3iXW#?CE#l2T@pN`yFf;)pw@yEm?j5QiDDNuk+QY z37d9{?N1FaXhE@L0<5`&zVD5CO%apZur-tZ<_KiJ$V}aOu0jf*1@=DhDFKz-w)PZdaUt2R2Ol+cQ0Np8zAx$LlPPdCS@qAh#W)|ok3SE3nDWJ{UDnoN$LPfT}; zge$ahOO)Bb8yP$%SUId!o1%(bqEF$uzbw}!p5=;9`ztE@Pr2eh#xfefmR6&1MrTIQ zd0Jz+E1e}(D7}7`z+7NxihaWAbOfZTX2Pt%@kfvpnT#00dzehH3mHNsm*qXdEBiXB zPb}VVD3vytMS-~l>npJfgr#c7CC@h`kBYFGk704=)l(8qJ;}KrG#&Z!#uP?_@z7e1 zZs|9YU9Wj$G5YkWzE+ihtQI;v#Zi+0a*;4R0Yro-z`lNAfSgI+3ybRWjr$l^4-BCdMN8bAnzaJ>|1`3KlIebdv*>^M6 zop|X7IKQFZ$^yt$F0J~jv_w|3nJ7R}5}j8{!}AJPq*9Cy!tPFV2Z>5CeqQ^r<(VRQ zWLvk_XxZLYuT;wIBWP~#*u|15B51UlSRM_XZBO(?i>(=MuU-@J0A1UiDT&5gmR5{fzyVC|-9h0Hu4?l{p4nHvWnhP!si<0Ffya7DG|=^A zqfqF0HD?x2vj^|L4%UBvOqz%Ao0&OpU4^a-rR@ckyGo8yYs~0)RTZtSHT zrvuNz z8yx|`J5J7iee#9Ep=~U88d?@L@4ai@J^stQ_%{tHLJVjx1>W@7l6_j)sWxXa+7lwb z`mixdahrFI^qf9bsxTjz`E=7m-1Wl<8CCk5mBpXLHfE`Zd*;xO2JS7L+qt#I(x|@^ z35Ql;^IMHg5?iN`K0NT5mTX$&z9NaPE0HaZL=}!wS9RxlNq}lB?5#F>3?O{)?Ob2uvP+qkp zwhMc+HBN0QG?*f!MVr+Sz(JhI1~pE5NV=UMECU14?+nL%VNZ%3{Hq#%`TY|K`1|?# zk1Fab4(9aqNd0;&%I_bmvmqgO{Y@5Mj0}GW!38{)N@7uvFFU8GFq0Rw!`6*PWz8T9 zFgGD0+naY9MZR@)IDG4*Nd68u19bP~h}pw@t^3|#FGmA%rkLEhvFX%q^w8QHE!gGZ z{Nhzx2rzg+#U)R?J(5SE?PbgiL}7{kKEeoa80nqDZptdwv4c9s&iy{sN`qMI7UCRF zdh5LJU648Ga~p7i!Fy? zn>2EN*_kR7pCN7zsbARNDXnxY#)r2YOGk|F2{@FAuc6hf5Rxg><@}#o8!S|2PLvKp zIOB{oeWc91l@U%3v;)EkvX#@9uZ2VMa!8__2R2z3pXaFI>9Vmo6eu`KNm4Hzzxr66 z%kxA;ASc&d3BP+a3~6XUE!r79907(wNP|LDMOmm^O!LRlNBfLGCpEz^7*}-rvVTB1 zQbBY_Vk~d2?*zaaQ$5gY#)&jdF_q9UJ7pm&5Aa5a~RIP58sa9sc zi43ZyVQ_Y}SnS1;SW_JpMA=Q2Z8pEQL?WEQ+2ov_rOr z0|Gac7xB^`^J!?*yDM&vXq!}xf=fY3;yEgGhcR=JK~ed) zg8G+#db|C@66TOE;T^?FLR-VRx@6$$PgIxTUWGrm-_iR==3;%%Kk}?QyNCf<AOb%tz-XJGmjjOFkQ5m)ejdP;lJ6OYh+|HZn*dl z)UuQZF5bZ5jfP|-MbHX%Bpm*aRKd>(33<4l9(D#J#OXo6W4afh9#QqJBXPeOe@GOL z@L_x(M*E+RlXC*X>z2XpIktb^G;ITKKEuxN^r39AuvhnHS2Do6W`AHGOZ|VsLg0|# zCkO4l+vWfBzXJACW-|q3tmX=6*e!vb1a4t*|Gph<;|7EQSK}_i|HNjG)Udz4itu{c zG|e9G_cz|vzb+GiU*aFJGHd@zx~ym*CKE&$^MVDDzL9uQ?$o)wtbLZ|c^3RXR`Gw8 zc3&}2&UN6?rGHw&4}KN?zHPP;`+Z`W-xrl74Zl67(EaaP!~gp?{N+>BMwW@+Mtif# zs22afvyM3xiO!YI$j56?O9XCO5x`khG=+un)(K2}k3W1mbk#@rPVWQ_kqmyGmV4fNu%%wAg^M=JXAAiwpi@IldZJBxX!KDb)g zYV+x&E1bKW@lS+(6TdnKa0eza&Z>!c#6qN74EzTmR)G~=Gd8AaU8SrC=K8&8CkP)8#fTH}eLTYFL+Jk|}Y--I|GPM>kTO7s*&g3V+n#Xx z3f>3B=*EZ4wqZ>-Lm+3#kadVJn3zx_(t72ePtY;^m*f8rudp_W*ML_Qhj6cG_EIet z8B6Y9wp@fXO)`ls#-R7R7BDzIpmA3qUMK7WIv!YY$T0!Qm9Sl0hNj4g&FXe zqXRa@5#fpK5r7B>T`R^uGap;skjr#6T)fg%*LT{RrJbuZib&?HRGo9@qEjzd0}f}k zpr`FJ^xQg2uUV_GB_Y=go$2`@Fzg5z9YFDON(4v1lRV6vXe5a(Nl8+%Ecpt>8hr2Xrhks<_pAeqwI3|j zfEQWUb8=U7>b@qOg~E;?1e8^Y!B=C37p146h(CdR(qOH7NUlQ22FEeBX3NQ;!uFh` zLJ)9AsiI?^|6Gn3Qm+{(wcA2tc?{e<>A|99Pn7efm;-ssLxdL$c?r zE%|}Nu7*M?va6V3LfusdifXp>ozPn5=BT2-J^7ks_dbh(`GwUZ7VC+uPk03#lD8$V zS1r)&7bd|EcYyz;W)mGlkAO(zZVaIHAHh zm828p@L7OtKVV|=Lo#)NQ=!-78<)|k^Zok(dn{r#GRHj?D)+B+e{78CMcnmSikB1x z^s_{toj*AircUD2i@OId%@V>>_@Tg{I7lLoo&?|ocGRz`sAfylWcei@#H#Zv#E*Y` zoQ&Jl{bLdHXY43YET%AjP_agMz1EG+?h6H;_2QX`=M+oK#f65{)1n0m?;ayF$zE#W zC}`c@MBZLa(DcQzhrerdI`qUlKj*;Xsw*}1{C!lq0c__ZStX2cgoTyK*7>&2f0E+y z+J2P~=-Hmws#!Ra_8YM!krllK73?dXedaR4PsW9D)y;M0~y820mv&$M8h%i1@v`wdfy{l_s|{ zJk6pJ%-fUA{she@cn)t2zpX=tCU9B0%EdBr%rs!z%pA9cjKXEAk~1%;R}zw8i|BT9 zB_2*gX$r26hbATEWSuY_-tF=H;<3HtR-GUkl`2V(m&-F!uNkLCtSw!brRnh4^g`yU z7_B;91Qp<$0q?Jf*>b&v2CId-Z6=~1B?1nv8b1fa<4BwevvV$TZ(8k|Xa$?{`YxO_ z(E?qr&%L6WxaJa|Z0rU`E{D!76cpg`OR=kya)iw&66x@m_G20?cB*-vLmhzQcIcRQ zF)%r@fL2MdTPD{m7lQcCq@g#!!-$QL$#9T#v7w5&6)#7Cq{S1q!Cw8gOoGdln?bcj zhSM5aAth&`y)#{6bU;462JU+%{Ia~~1Pa8wt`uoC7Dm=^do6hEb62|EIg!9^8joaR zv@O7B$Jml9N$UUb_0>^Tt?S-`K}aLrpdj7d-O}CNUDDEBB3;tm-673_CEYC`EJ8XL zeABb z?V1V2_uz>2w1(_XxP!s3B`ntcq}=|Gd1KyNd>#q&hzlKPsjY@d-zL?x9x6YrLk-Nq zNrIgAv+_#U1?n+0%C&voMJ2pdv6pS$Yu!1I^{omU&U+Jj`<%aIJ-hYk**&@+xpx-vR}2*StU7EL2f-YgV4dy8bIZc9GA}Sepof+QUUW# zGM3#&l>ain%XyaMPK$Qo@X|dYaH?VCo@KB3b}%x$ac#??9wtcQC(p9P6NAiAtsmvT zv84a>|Lo9(#coy8U-@V_vV-iOZwa!kV4c?|?~cfp0PK6&PIa z$10t1`I1^6zWHu_=uWw{wky@z5;Us4Lm2n*cDcpK7gMdkQTX;Izeu^n&~JziW+IoL zTie%8#Bs4!)aINV3UE`$UpM;sw#m57X5UG%zdHdY-HgnPCA%ifDt=>4M7!ZB5HuDc ziYdLHzdUKJpjxu~H=Z^oS7?lrio1XiTOwZTFpGRj)PS(b;W}*w2=4a1UFBfZTAj5R z*xn)6x8#6+%?11qq#Gp(WB~AM{55|ETK{XEV5&PR92K0xom#r4rE(5-*)^qY)N|4k#SfPNHCu5i_`dA!ScmtT3A@sU#(--V@}i+^bJ* z<)a>sXl@%~y9sp@w^9G7uvIkhg=fl%x!hcKqA2{y8)7yXSO0>59|)DOoPx}hnFoJl zRtqct+AtgA=6jp-(VGPcTg%RP?@cCR?)AF&FT;gl9)3o|GBoPhx zip(KM6-tAPIA?v2q>%)c+}4_*Z@V8fR9D?j9sUi`iJB`G2fMZ6JbWqu+c~_*g3K+a za$haZwtA@~0j^@@2IE)~Utu?|Zz5E7fE~~rup?f^qL+Lr_*|K=#?6tp4cas=C z(qvp9(l8otaR`0g5J=`orFVmhU<`YXDnIW4w@!09N`M@HTTr2C6n}?GKn^s6}B6T zcK+aGUy|plNMbnD#^V~z1uyV}CE!pAAGOW^KST759=h7*c>0+ikpO|=(eD0!lXsQw z#TbGLWh`?a1$@=&`16|73K2W_X{uO~cR3A~*1?xok(ULv_LPyp@aJ)^(`o^rMlBw- z5RPp=#9Eu1AiUUGYY)5Io*`csi8O|IoQ{t@!$=>2sVQvbae_fyO0d`Z8cqECI~NZ(O_wPrh9Iy$ zmbNiJ!Ay6tm=f#vZiobOaDla5{(Q-L$Qi`VWy#-V#MJrR4RGw*U$gmC zpiZyH#|ap1{>EvIK|ZJ?OW@S))jSCPE+R*XVV0yOU~yC%DlA+?P!s)|t`hK6??L=Y z>5T!dKSFNknm4128k%B3WaNWz&8G!%w8Hn|1=M+g;V+XYX9M98BN1U~BB#7D3$OJ> z6+~W-Jo&mTnz*#K>uxX<_$Z7V9RcxG4^1np_q&~B|JIXXNCB?)=9Kw~37Hwr$C(uG z^4TSenwzxEDttSV+?tV<>||^6#t`6(BSx7e@<;7f}Bh zv;Z%;d;{)IX5Q|aflm%8x&!PS(%w{t-{`i1$lj1+yv!4)cf0be+gNCotR(`d{RK(< zCFsO8GWbw4t-{Ei@vYvVunIL|15|5o!&$brA$v4BNJ)H@Wf-lJ(!t8IJz>t;3yu3n zUCMw4p^YwY0;_&crP9*AcSzt$cE}_1^{5ioC-d<~y{ZFfkT?4&wyC?49a(HhsQF~W ziYKUz{J^J~T&flpJtkZ^(1i$$8!lRd@h%ci34PM51S?S6(UHe(4TpI-!M(ji!dd&= z!T4P^Om>qu4+{Ali&Z}kdHUSbc{QNi&Wq!Ye>@$8OEB8FT}%ZRHbx?%*{@#C>kx6F z-{BHOdk3-7YG{?&i7a9a4-RhS4GUMaUD&X{6@96It6WF%`3?EkYWFZi>6Rk2 zO;7fNvWQ<7u0*8guz9xr51z>qZ=V>r)#U08mbuJxMP4?v*XnX5a-$vEfyE z6ep5;mVkmsw&FDCn=I(gpdDV#Ww2I-N%(EGG3s*OoBrbx4rDTn@_N-In{3vh+PsQ3 zJT1G$n55maZN1(iq3HfkF8~Ppz4i4(I{uRbG}c+O%>!cU?gC!9XZ_ZeT=}Lm9BHsK z$O5|yoHcv@`qf0s+LJmu=JO%Lu9Yz^N$5JhEsLV-(OF*W2kdC!N`e2MZ)$y`# zLsvp9)=Y`Uut#L3)m(p;IrOKr%?p2^ItKZqOHGHivQL_G#rf9KX|ZG&qtUSRA3qQ4 zHq)x(niA9Ra$eNlIb~N?8SN7>QITDG&0()=knfZX;Va6RiRcifXss)2QJm8c9s`;I z8PZ{?V3ao+47|s_5d9(AJVHzxG?-Ie>fEi#OU-z@XD`UFY=)J~mbC*%ddS_HUloVLqWKhvqpLU|;!ad7 zz4{dyJT*PKCn7Ua9y?NAWRh}=@c^PkbpJUKSRtGw{Fg{DMZa;oFz$n*N|>ml1RKGW zx5x3qntnf>P7XcVp&^>1AsUz9c2EAmf!d#!+aZmr+_@<1KQa+zOImyt2A{ETG@?gjdRM{ZcjX%?s;e4 zOH2+j;UM#tR~hOpg&up0%6oBq0VmO>pp!2_GUcV7TR}xlUsd=)d3N2JBw|QkZt=(9 zr(SnGEVkJdQzr`=2qey-IxtMRLPu*vyQgHSaT!|g@1E>SbHOa1xOXK$i7-TrMIv%oO zL1lXpA(1aUQ(;RvugSweFH%sBZKF&E*B zzCGgI-FAcg9VQDhq~~fA*8PlmeiY>7>=@sje2pH(!l}DKkK^!Bv+R|X<(@W)Hd-B$ z$V7#TN7+3IJirFx`JRPib%+(JhwHEW}#wC6CMrxy}PDqqWi}9SGukU|UDOPBQ3WVL0 zShZeTX|MF2_#3k*&6Il=-|C0DgzVwI!Y8HYL|QhakceRgd+64;vy`@28TA(XeEAF~(aDM;%n*ftRznBWs6{?tc0a612 zp)Qcf{uywdG_XZS@fq<$O=J2LYUzN8C@bW>Zx|_l@z<_^{POLn zBUPUpWdY@4z4bMIHgOwyw}Z#G+mv!&ya_nJw*{(6t9Q;!+9Fu5QjU$bpJpJian>^puOT32OoHL^AHATK> zDv$-*s58J}cQC4=LZvtvGU~Bh45Jf=U;Qh7N`TJczVXMD zbY0oya9r1ES>3A$i<5~x?<(C#Px#>eqXyMhXPaSbarz?Q{>O6Z^td2=Ofnf_X{`jd zQ5D|*m_k4lTJ0lxXZb zm}{K|jnD7zWK-5*m&z~mU4_d{pI?59W0g;{P>mLkbeZom&Tr;O%d+#2mpL!StB<*X zd%Sux*knw3hm2m-dEaHGZc+sr)b`6j3dXUF+?<`FTwgUh^ zNJweF;+W^3qJV?rwXZ_pdHNZf6&t{VYkFR@W|Cd?4iv;=`AgBFO)31VNBR35Yt)~Y zJi;ffDLj`<*HmlmkQ9jDl|?`!J=w&SF9wax?EYPPstsALZ&b-Idrt2qUj<#g9HZ>x z>uO3r+7c402&WJ2*FLM68X(F2(G?Y<<0><6?^;`nB@s9rQvS<&um?-&XL@wZqn^v# zY{aB*f_NAfh7pZ|RW9)9)z>6%PY&G9CA#P34jy|&1vtXQ^uYV1L4!Qi-2Dn->J%Xi zuULCXcfrtYMhh?V`p^FV9}oBoGw3r`0I57Jc4CEg|KM9%SjRWL=y;`D3z-IcX=2f8 zS2E7MB^me^G*3eYe6aMEIH<)qYl&H7ixPT^;Y;QVypj==c{a{9YCV zN?-Q53dsVb7oera9#RPMsjY}Y|59i8YaR3-?pDt#sh z5RcL*`{k!mXN{fB8qNmJ5v0F&E?~c@V>vq#R6$d9FJlRFCc3E$1 zyEUMVX(*qnomij>3Y0P{jc}8vt*-jw^N-tUmJ#H~S1!#c=$2G{AJSWKk1Ei2Zk6|l zDeKVA>DpLr)*pBnb8K|JYw#`8v--}zR~Lh7yRhpl>l##gF$)%S%B#2f-lO7@S^R_x zQY8disc)Z?lYR3XgyVg+cVi5Bx&?=)nMnBB<|(co1;NOrLYN$~`F6b;Q-m)}Tl9zA zdx@6$_29zILzryEXBQ!L$-S?hNLO@{7yPvD-}Nujgw6MVX*>zrA!xPy6|DEkZj{JjSH7q97C&v4^J|CK*t|A=(Y|m)U9IOKzPcRKBcgb5=7q zHF4`M$8M)v?>d_?x-2qz9sdrTvwgA4s9A-VZ@oO{IJpjVZg&}$G!>|^V$nB10o^UZ zZO_CH5VFFhaV*5G`ZnXjLC|~Dv?Cy5ArXiiFAv{$yt&1EO<3rtE2`=0hTYDKLTI=! zbS&nsF)_`<)$$>ei|lrW`{+PS;w_5U;Ptxq^0uyia_VBU1}e2iRfAJSs|#U%OsWaW zc`_DVs-XUQygO=NU9&*YYx0uA54K!8-dA3tAuB^_-|c>uX6P!wawZ8mzhQNtK_lkV zLQmzlsFEH-WWL%)h4b`9S&t4~9sr4iAl`H$NNMpxhYUoQyv?_T=l*oWWFZ*g5fSP` zb~Wf!lOc_eNA|qJce+dMAx!JM#vyVQLtT#?;hw2*BO0=YQhxJZ%*rI^-it@yb1BRP zs!xibC9q~%aUw;&By^&RZd9hm1a~icXA;TCX~}|mZ1ARj8KY1aR17#(dgfIe`MmpA zNBt}2*{cE7QlE0R$yTOLP4onTDp!pjQATCB~8NkSYlRhx>|p@SeNEW_k32$C$!OjEuo8F zamcXqEt)0lfSV!yZbjkW`n(tL!OF2_oJ}ms+b}DSlZ#+huOV$wk+YnpryqIk8p~P} zOUXlI#VnMYqlPG8G=PI4GQlVR1&>vRg(*rye$X;DHQ&H1PN&c$f2VxN9X#GrM!D=!b-@_^)h42b(CO7(lp@Yc{*Fzw z<^^1Fzkbd5|9$lT_meIREb}_sH4^GBH2hLS=NuS^bh(rpLNnT5RxK8ZU+YZzi9n4OXe*jYzC^q=fx-S z;qR@*rk7o^%G;}*EcLSJR!T8S=_3%i+d2Hf;+w&U!asIVWn36BQ;}g%0(TZ)(f-?5 ze`R&A@>FRu){rbIj(;XTU`Rg`5W0bl^VJ=^d9_IqT#Y6msy#{pT>hOb)~3{d)xbS) zuu}9<;hS{A$bpdpiI7iB(3AO}aa_fand16?GJ_lznmQTG0Lj7bbzHTl5qT zyu_^XOj0C~sfYjPhg8U#>X`wVPv|eADP`<{_%E}%P09b$DPU06a30oC2S;@Mrw0Fj zPvZ9vz?Zp=n!E#V^1e;@BKj#Ije1YFw(#E$`OB*NZ=c5(!7GB~REjgQ{#X$Ifd%p> z*c|};dSmlZZVg-NfBr&$c@GPyfjc!lvu|$kKX*!YS-aj6Rzdh(LA5w??zV|Lw3(EhxOaX669S<(7_9yF`zf^0AAF$g3X>j+wo->;i zlG0<6+G7JzI9ZTn1|5cRZ9cjT4u@oiA|EOs=$W#9_ko6<*lT8Hvg(`c#G6JSxxulD zQNJvcZ@Q`TaHVx@#%+Jn!R8*%WWr4aBt+xNs-L-F1@^O=iNo( z@UYb0=^mq|Wm9g~;5BE`iT}-HEAner|1`4$aew{81#uKYE?f)VHNaYNyy2yp;!t2n z)OOM);-B~V-^a~=JQOW>Kd;!HBcMx6rd2lggcwm#;JJ zIxmxTOi#B8>i|aoUR#b|HuV#l52SgAbQFb$GfKgaHW|$U%;!Eu zE^;M>*X;|CJwDQ8w>*A&=uZc8QA$OeLd5GnN>RDgk1ls)*7{!)ous8n-%_Ivn*7gp zD&$Q0sbqlL#V_%ARX-U9YQQO9saIaKvVI|4zfxlKd?cNHCOqVN-J{xYVuYmV={=Ya z`lUc2XKk_ZNavBYk4&Ak4g)={hKj_&XyLpru}|MIlepVlWu%0iO$myCnmeQ8Fj`)iV3e&7;Fg z`8&PlPl?j&a?F=>dTa(jY><62AUGi}X1|-Uhpzvmt#&`LR%dU061X)u4+A7gjZ-zk z{NBtAiGO*C|8qYT`uuya_L*W2=8u>9Gi^XtJ0Z0J`pf+ZQcZGWAjL|{85kvE-r^Dy zlU3^QV-$0dlhV_wl@%m++IG&qALTz={8`H)AwHUDM76UOVnc1C^qz}rSPRglbeMC$ zAFgHab`K+sc>iG`xl*T4xlku2KH{2;j7+&(UvII^jbLrmpMW#{C^xVI;(POr)Td`Te|(oe&ZngCUtuW7e-E)Ma9 zoS4qz)x9p@n9#7IURgGDc7>eS4gFv}*QMk4{pTnk;TTDGgB)gHb`lb!leIeUM%Np} zW^&8jlYS&Ws(@T^g{*dr#FGVSc|Y_caO$*1{@vu~&kpr-GO&CU?2PB%3T*&t$w1Y( zD=A76cUjkj)KuKl3&zPLCpZ9FQWgHH+gevdQa)dCxsW4+MVoFpwCJ)s9Bp7eQm-Jm zUt0kQbxOy+%J#+|4eZ_>{UL22-QEOl#g?AA2e_%D0MGU%SbmJOPQ+0Bh561X*7%id z)39QBX7PMwt&4T?d;Jv^^s4_xhYWa2(ZkJ}h{TTi<8{DEk^H<=vFAh{0142nw!3qj zJf(6P02~xLK*{1_-<=Qw*!v%>xUg=iP3{+7InQUYZ&&UC3rxU_!dKh0I^`BeGCY3w z%m_xIkh3(Hu&FD)`2sy%=kMDnu%^D0$#hOi&og2tWcoSDh)o ztR(i-1aiZ5fKYiGu~`FlW!LpJ=-D8|7xZ||(Iu&}HIe*5Pd}jvERcV0Se1Z9s~-7o zNgFPW%c?FoG*o5;?RE%gf?D#fyoKDQ5)=4<{A`CNHBp~wVgQ$J2-(!iE)sazT2h43lj$wa+w z{SHh$k8e??@+};uz2Q@;t`wu-Vp6rL*H!__u+g5m$GH*@=YdFdHh;m8O=p4jrS@k| z1LD?vFSo^Jhi+=)@hB@shw&V|A1vTPwX1|Mopevuu(%sJN`>2r!@GXWIO)Au#`K-y z?2iCxVv#a`C>qe=nx};;7xc%3M@PGWmL19|pTl)pOideqD@n+a0YYl!@E-pITl}{Q zARt4U^gYdiHE7)SSzJ~f0>G%8a{USv-kd85F&Rz6VWMHOC-ZI6J2K5Y5MJNAXe8(b zYm6xmDUcF}4%)j~Yj;RL>IP>~`GXDUfEO6nsm`;W64)7>wQ3wA-q5ORPSaM!Zw*9B zL)7UDw<@tR-P&|Mn)Dcs0BH{ZH(++vyb9pT!jr=A$>Otjj5$ccdpTv4(wcW%->)sh zC}auHFV>kS0YauBTK6BrN~NleZP7&h%1mMA#&k3^GO@(`=35ng z1Dy@7lT%f_Lf2%s0hCN%-r#+VFx@6e zVo&Dl<@P%p;dL+wNc|hpakxtOz}T30Qv5`RCa_tvUhh$@`rhEfns0IUkBLN;&=_2k zgR>cN5IS6K!z=}=7fs(KP_|e_3mxmWZXu+hai!R#&t-Ssr4Enoj;B+mBfc_tL$59N z@Xj<3ChamUe5Up|Sk4w)5+u}tkoG>PM7dyA{Qkd{wQu8ff7gTz7J)}hvC#SZE*f9& z>-a+&!&u_`R-}*K;Z7Ae)XM#6qbZElfC6%XYZW~pjah{<2BiD`$@WHLs!)~+sA|}E z(4^J&swUF(4muNcwO^xkh zll)*Do?YI6bjW{OGo?r!U*P(ob2U}m@*t2B(LGjb-N!}ava9FQT}$T%zTBP-RgGD! zw@5M;k4m>Y%JG*#TWz(yE#oo^3Je0>yY8>pT&I@1%pb2(cG_hU-G%~v^Z>^DG|r$* zq`1%HVT{rPeR$BhI9{9i&ni?X_mu+bV*gMr0)=2a+lviaP%^dVnQ0+gGFv~?4F^JT2Y-n zulv5-Z(%@kx*ZVp19xxzyMicigsm*INE)G?7zJ9+0*}NM>JCm@fqy>Do)|P>0>s?a z7d|%mM{fon8QF%PSeFi(qojh3!mef;FEyxcT2ButkrPwj9lrWZ?oo~m62I1KEvre8ujBX1kCfHWx_ zf9tn?cDgjB(N^XvBN1})tHas+89HQ`zH%fO7?Q*NZ9r`n`Ob8!bG0rsRCyRMtYbka zAcM_m8ezm?Fi659=-c6j)&)*#{Dunu;a@<5_%jhopWt6ueHK!(o-b0(Iexd*TrjY} zF8B3Q+A|9K-+YU&UZ>IjYVCnh!L6{Q9<+&BSAY6T{djq>4De)6!@^$uF$npy2>I*a zeCllg@CG344)?REZl(;tr~UcI-kSpq_(5zcp|7eV7=ix(I!#L@`tph+17$BcUWO=l zvC$qas-0DCs+|Y%to;m$|MJezAefH5p_@E_?I%pT95Z7^PkY0na$H)Jn&u29()q(2 ze&acekF+rHL)ugDm}|^;-MaI@$TS|psQ>15s_ZOZj+0>h8>hJFlf2@AGK>b@>`~TcB`*@&$BzTdU?Ct@d z+AA^aI`1I+BRT>>S(tSRKI3@QiRhod<6lnyM&y%m5#txlK{2COa5h{;+NM8V0{$9+ zq}f>)=%gIx%)r_5h}ffyz|ayf2x76hHH?UrC@?>ZnBwz1XfOpQt4$RvI4pq#|GusM zOUDcxFp}|X4%7;d9clVs5jb1j>@w%h|7kW-jvivSfPvoq)A}CiM^PQ4Zxanc7{x~T|SL2 zoEo&+%|#pdC9V7A?71(;RJfWMbq?7mFQwJ*y``a{=@ktP$@+3Fh)=xdLe-n4Y!tAW zKR8k(uaj6{aa))}lVp%2>~f86?*J*Q(= zTOSb~{)JwrNh@Qk1AwV@1Rg$$1zu|LdU_vgn%$(kzHlUZ>q`HXU7dSg!$8|hJg4#g zngkF?R^2G;_I;!HF+6D^&^VTYIJqkTT}!@wjUClpE$Htrq1)-D)^_cq2h4`|W#=E1 z&9@3pOcx{7=Jjy0yBXd5)PQ(B=T*0s*MHoM z2#TIzQ2(h+Vj;R2LXcFe`_Zca0j-XY=+t^`1wY0!mTh0Z=6&}YeWn^AQ+Y)zn?z$z z&X(Xjr@`w)E(f%BWY=sJjE-%9t$?fm9*0c2fMYcu09RGd_S2@wQ?QU&I#;W9G>UZC z=>qeWcpd~X2??37*wt;fW0Mlg zC_r+;m7&%${B`oj$5(gLT^U#TbozB7gVFdj03|4ClVXUw9GuQx4j}F+e2)v?FfcF{ zsu3J*1@C?ZIY0TvM7!{sgd!=IDnGbj=I)(!KXD-R6Pm(G(e8TDSLxlyt!U?V=tw*o z!WwyQ<`uF)i?wJ7a}u5Me7kEeMk-|s|;{YqL(6s)8(1&+_u(XhIaJ{Ze`x3XwX3eqcG;v+tnJEXbvoS!xj}z{ zNiW)?Y=3Qh&ax992ZNrkAqrt}$(K(LHtO4~MnX^e$_0*O-nC+k)tapmD8xK;9y2Yg z7qioQ`gyc-L=RBBfIZDwnxx-uB+{!qjn&1{5o>U;4tE!1%6k*q5oA@8gm`(BkHX;(*X!eT65?P0EEy=u93V{ZlDzNHnmY8q z=H;C!KY6CrW}Bn}3TFK=l;e*c-8YfOTFm#flBir^iSGIIO#!f%X*=sKy5_zX|006o z=F>g1>3OR`wAt#s!$$rRv85a?HtKrqNetk2m-dP9s({yd0(}6Zr>WCIcjYougy|F* z2UK)NOXyG02@@v($|Lo}uq+3|hbJa)a_@{6`P>Kn0H-jH^vgNeAe@mkSB%1xE1-Q}UH_jqoip z!CVsJ&X{&P)!2Og(1&3KR&&`X?5Ecysh&EGWt0O@fC#b`p7t7>Aql{k!>Q!F0$;A( zWN%5|Tr?Os>*UPLyE#L;ZM@N_TTS;7N4`)ef}k#48qApMycy8yi26u?%)mC8SSXw1 zTIHh0RVcz443boB80z}i<$pVCT3WVc(dFZ*7iE*2BnW~EZp7$+)+&z01(-9@#OEPM z#502Wi~SWno$8WsJcgf)WNNU-Nfb9f=GxwP-k zC(Db2((mpau?OS?na$Y$ZLx|c1m?SPu@>*}8b|O~;<#DV23XP4szi!9TNm7c853r1 zgm0O8sipEbrN~%=Mse(A6fhoi!a|`O%-sLf3GWy*w2j9l41jwC8+BdO8)`bBX-v%It|K_Ln9FSCIdLpNxfmu_5SWy~XD@-+ zYKXiJKNi7n11271fbvTv%;kZjlmFLqOt+;rHCdI_t#@Pc4TE7P-HBf{6LsLcO=(mW zLn@RpJ~N1A9r(Y_+yFY0$Z0k{ohQ|>dtl)F0gHqA_Ob9+;m2+s zS;1L+W-o$%3r~P?#OSoPf{|UA8Q`s`L`ku#ABCH00zKck>pR7v*QaT=Hiw0$+yjSY zSZdz)kU&~mNF43#Z#-1^n9oDp!I}d#F=j%|ZfDSPAkD&N>BkvbmtfHi2(x?=O_tzTpzc8rv(QAkiw$nyEZz0Cn zI|35q$7|cW@7jJ_ZQXT0rtkCi6VAH?4Reb*Y&~o}bn^Z}#$&&8`7IqcoygS6=gru! z&#f&5UjoYf-gKwDY(q!Y`@I|`fnG1WV~)vcc{Un6*t3OG%u9S;lZDx84avif%DZ@X z|GPL=v!7u>pfX_Yn*=zxr`?16pqe|C^FVs|Fp1ZR;Zw(5hu8LHwmGI4n^>4}4{nu( znDlnruQ_6fpMIlxmLC<3eO?QH=>=w`S*Si|mw-v7_ph!&+fs6Do2_Fm zsia8nsYs#0J)GbHajzr3yYOw^I^S+U77mQ^2FCZ0=C<1&?=nt69?nQYt;C{tRz9d< zLY8Um5Y)Ym@#gjE`yW<&7Ckt3t;^9lDY8IR&P-t^>nAQxQvpSgan=c)oZ9NXJaN)`&n5(wn0B2s7I}IcGlvnc=e2BqObwol%)u0+M+I9@3 z_%)nhQbd=D!Nm0vpbGOh+VD&PGRv+pF(bhCYKRbX0&zhQD1F=kvh^QR_qPtPE$d-U6>u`t+DDvNoZDp;rX=L?ivEa>cTwa+*tm-Urj!g0Z4ns}6o;<*d$NxHI&!P-q- zH0!B79Gz=(QkRLCQ_3gYUL?jL5XOiK;=c91I#!Wv&0k+j?U?OumX5grCECph=Zs$< zlmDcrne(bcxm%GGd!)hQN2mX}zX0UDCRNgGeMLHS;J-#Ah{U0#F}XP3vA$5lJKevR zctiAbTktU~D4)ofL9=VAv%cs#`LuSx>A$^Hk`@gQO}2VT}XoPg<$= zyIY*~RJ*Eqgy8TvL85oR{R@>S1irkl^dAIqJH^Ja99N0I5wTV+AiBB)7P4L#w=2l> zw+o#4n)aW%@M#EmR~ZkhsDr{W-mgMk0>31r*4uvHh?Bc8Lgvg#;8pGU_E00mdJD{C zN59c$aHH;(8eFd~D~5LP3JDOLCYX-l(+FDqKn5kz9t$d%trFqv>u0dLnFjnUEam6z z_?3w+$Cs6XnT`w_Xo-h)FloStL0w(%QE{NLeW`~zTj(k<6K1OI@=8b20sN}ndSTu%=2f7lYkH9hq zYmBWN(zUS3-RpuJYD184(2~u})zik%(Fk|V`iey;)2>R%Z*85gr3-?y!qd<-@Ej?k5uOs_K9sM&Fi8xDtFeRnh){VB+Xf^50n<2O9PDRD8# zx|Wf&D_BGDix1; z0~Dg0Ae*!Kh1R@N-JW`aAb|=986}T|cx$$VskpUL_?o*5G`fdF0qnCf|8#Ke?IX}# ze2p$vlLn*&gOQbh$U!kbU!<(Xt4J&<8d2F zE0-c+lT#WhqYIwToJMq^8 zB$>mWl3dI|hQDPI)1sB{LfhAi3|DM(kHJISM6orHwb>f`Q##zc>O2;kE_EF~+Hp!G zwLuJLW;-In4GEq(l@`gWm;QK;cB%Fw8yliN(Df zZ<&0UlyqUH@Rg-}V~WgM0QYCu+@p{aL#jh;krmc$p2!-6F%V}(CgnjQM-d1kB@{Ic zFv^w|i!iEE!p)0gLZ#ll30|yDG^15d11IIvFoDvc?Ye5U``t0IkdZfYg5i#?9`wfT zRLN^qjD+1IzSpS-WT~Xv&n8ri;RteJ#iYqtu&p90q4QPihErXfGvU-?B;R67w+Tg> zS9i;$RD@21JzRRc4m9?a-?8WY5@h{Es!H^fnljD8t5I>TIydb^_Nxa?D_RZ-A&UT> zW{xj6Rfy1K#)wI5nlc9S4Xe{C_PovI$;&7?EhI%tECQ?)gKBZHW|98UGMBYp$ES}N z?`w%BH(E4E1A83>x3oRjL9G!d%4qYt1J(-j;vz>@RVpwWkAa&!&hze|)xBdabo_(V zpxG1)+tV%aab~n}>sp~1PGxE1STR0Sx`2r{GlJn2F4ufDP0PyyAM%aR)uKFuj23X7 z&sW?pEDcS&U6!MSbK}#Zk)>lMjHgzkp^pW15tgmXLb$-SYAF!ft~lfGuk${fBK2Lb zw)#KVWvjIuGsoqb;r54t-|%UK`f$k|&$SYwbNf;39^s4R>mZTt~HA5M)0MPyLF2)UVAe13-l1 zBPRW3;fwl-#QDHl0{+XzWf!w?o}v2wX^Rx-TAL`G-sXy-BMrItX$C^~(F%XmuUjnz zaOq_h?4EI##0fwhgeaOz3L>lkN(lx zK=?}%6r!rqwI=QXxq`6ZkdjnG{aFOHljC-|0_4o^W-=-2#e+24E8MO(HPUZrSUWr|&y6VTQXu2=EI2orrIs_$1Dz2kn*jwoIbyO$<7{Khe8VZ?f7JGQSrj<-AC zMrwIz6Ae4o2p70oeAFk!M@9FoLBSt*zK8!JH<<4I`vt8ZL2;oO7hj|jJhb!Q`mpmQ zq9quMx0?tm*op9-eD5NkCC>Z0@k?B0qJPQR4dokCSm9~~%v&lF}hfk6F}@rBe_g$=@FPL=yk-L?y;E&G>OXOPJuoo{Cs9n4gtURQ_Yop3=J z(ajZPg4+zekWYhR46QZ#&44@`vI}71DF0>M2LIHOGxK?PC_>sSBk1{jp$%iJc)lSz z_sdC8q9-i`;)Lm9zwzXBO~#b73v zL4mJ%CC%PL`rPDRK`Uaq?b!wwMA#Ljgq>-=-Te(iDq7_vRbWI9J77EHEe-+#mL>~Z zUL{Ci2Em}sny(JMha7osXwRGR!$~FCb>k#ZF50gFLO)voKxP`KMQZa1L&t6f=A%2k9PEkaX$x74a1sX&G+9{zvm% zlmeNm(wvy%SQsT7D`Dm*@>fkhte)vb-}OuOr})8~M^(fPi!3(w6N&c9DFA!@PIMO& z-bG3>MoJ5bv{uldlIJvX`;`p<+1C3@81}$}QY^YUi595n4!M5|*!pljO;C2>0Wzuo?r77Lx+z)7ym{awSh1ZXXyxy+BW;gdS)d z8*CmHJE~s}7q`t~B<{pF*g`yQF!NxY=s*b}!&nAK7yI>;{0H+in$X;R+LH=j$&OnV z^pQ~begif)M&)}lWlUI1@;93x|Eqlt^D0x>ALo|~?{UhgKcGU+2?*(622-G&Lcun(wFQ{&{DBBz`7y*DjnzeU|wiX!5E z6==0h@}6$8gTjaI*$=Q>MtXno!|b1};*rPpSU&_uD9cm)iZ{jx?N!;CJ&n7Vs|rGO zWF%`N0MoatsWV^p1O!nc5(J)w`g5j_qp==_p0L*J3qp;nw)*`r=w z>MiY6o&4a#p>J-nCm-G1&5VY!YHV|h`k*~C&^V%~ zD`tsrUSc^zovSh^p%gx;|IZ)OoD? z4XtQ!*ejls2Hx|zSG4RNxeGSqtB<;p{|+JoG|#tud;(_Iah2V|uygS1fgxuE#h3Q- zji!YOm#XZeJvFGH*;;e;yBoNPbbVjAVGRR?gs#puo5+E59?3-omJdV$*BthSnP6Uz zqoj16C+uDG-Z)(l8Qb1`D}1V1aF`fZOrDDct<)-p$wPy4 z9w7d`MTJ#=@q)0~9g<6}%$%ZgZjOp8c}&ZrLA0AMCPtCh&Ga7DWoUCf+=wLg&1c+& z@5SrOMfe5Q{XTkEman{_$H`=0*nKwyZru-D&r$nI%m76n$I!tdL_SO59Mi@vQ=_0; z!djyNGqfT3cqw=$Hau2TjB-k~PdF!DD^nkGUPK+K>hWabm4mLna&*7K8uyxf((4k> zkb}Ytt`r5Jev*S5A-2k8E_Ij3FHs56R({u_TZw;H;q8RtrVxX6QR%XZqc&7Q1H zFPrlP3Ksbsi&QGy`CT~CwO9|mrRvuXM^5~q&2`7wSZLpMt8Em(tn=PzE}1&U|A_Dowg zNsZBe+-M6bY5bs~yp8YJ>3=j&Qr7G7K;ruA!*3B{BWCF*X3J-=^e@aVp6AuC>O#(U z(&C^;M}fbhEQbK5m~q*lA-OKiljRs0cS><8~j$VOuI2p0_}^F&i&ObPpZU-6bg9B{`Bx2+|!&NjJ#QB8o=1Zv%fVWh~OC6WncIM_t%!@uV zWv2aSJY=llCoj-K!ql-JSi<+9hUt=;2UD-{S7f%VN}IDu9winVt=-yax1Bq1Pt`t`3yb(pFQ*{d@TzvHi=NL_xLht7LAfsD;V01XGNnluPcz(5 zw9F;Gko2XFapiEq-;a2k)GAcuUQ{3pf8Xe;rzokHb&>D@7rh*vFk?Fw{VRr-hWbm^ z)ob=XE^Zw4No8|h_07eQ0AH!x>+Vd>s3A8z{^tBisY(+171BZqPVi6eRToMOR8 zI5m^gOisdE$x&&T&)m1kzlh_pNf>cW= zRnIH0v>hL@;Sa&RGOC*H;X)jMtbi`oavj$JDap|{5gw$l; zU5t^ETtOj&`}S|}7d|df?oeyLx`efoGx)yvHa)aLFLS8CpmpWVGl3R6vbFvxm*^Wf{BUTtZV>GNZ1ErA>ZWN$n4`@ z_I_vuva8(iVCOTaH+RCc&#?Ik zpT+J_W%cjzOSM`U3KuekF{yrh3R^P%G58P3%y9c%(DZJ_)4qlfs*6qDupz}HRRMRJpYLgBv^Z8o;Wo%&vIo|IPqYaB3}m@Yf}N`t6%uhZx3_ALIl{vR zeeBenB0=W#Xyk9MtSqenCclUBu;L*P-)4kL2MPBbP^#5=R&zHfh~eZJIcx9G$Bk5V zLMM}x$A7s=9rf+G$xsxqQJELxDF=vog#r`qY}$M!iKD~r zYrt{f#rUZqiE2fvV@E7(^){^ZJjO;CSBRWY;~z_V{ViPmP#zPAGx$z(h?JEiFLbP8 z;?_NKO1#V{UZ~2D_VVGsd_3is5SwOV3`7FPq)>@gQVxC;?|^6XzXkgKC*I7D6mQ?$ zv=~z``Bb3MKlU6;VWe%5EvNo35o`ZB^N#~sPVTNodU3@6c7av^Mtk7lx7UA2Uu%oA zD)9&txwBS(0FL_Yb@4BQKk1Jd!(A8+vWq9z#6)GC>rJluF;x%6X)$kgNGUyrgX7r$ z^}9gbfmq(Dn>Hgja+s7SgQIfSAM(@S1-&wh-2u1xuyoV^s{q1yt#9$?nK(Y2=zkKI z)sNWv%>eO%^r>Zx&n22*Lh^6WWU2q#2;88$j`SN>!Tq}d*TVm%J-_}t#@%s?ZzbB|+;m_#e1QXHli9S8NXBluZD?WH@ z3H>n_{iAWiuCmf%zF|ZfVUhih8K!>tP%)m|{p7w5zLxnBE4djfj&Xu9p24Hhe(F63BJzKU z;G_-6Wx$$e^nSf*IuiHlB>Q5qFXxAthq7yCANr2D$rcvm1)62)8(+$TNm4~OjsE3U2egujOEP&UZR&jrek>=5 z^YGa-4dXbdy)fyY_U=%cmY!a@+HRghtK!v@6kbM5wN2uAR}l8dq_8%rBW*65LHpeUzopBO@FT42ZJj-(?BH={w zbBPJtg!;t~Ef&MQ%U_=^=%S5@_+^%r@WN!`*JT5E|Ni{uw`pq6fIDI}B#HUT=F=Nf zn4-dRm~g$jG4!*Ms@*zf<^NS*Cp zw%?k+{SZtTqAQ$M8+AK)B*jrye&2{Rp(U>UYLiN?vvF+1RGdWbi1*DG+1VwXxgM8r zf0(YlJKhj_ zsbw_Aq&esV2WchBDmHTTc=GU@y2|oBQYVBHy@%aXTMjuD2*%d`Ok!q@7KhQaeT(;a zn{lP3)aaeC600hdJ>zi?#b;WNihL*AB^>-*XB@*t4O2u}Z@JOI`6C~d+~YcdPg8js zuzp4w(bUPKOoD%sM;jxL6ViO!?1=OQc@uNF>x+uTkW_*Zw9&4ZX3SAqIZ89uPhITm zZkF`L&;qn)&zjPm=NuhHWFy>a&1eKsaP(^w`N%Y+que3 z6%x&IK4ofZr?I|Z51DRx-o~fC1u9HVH|SeS;>2}vdR_HmY)7MdQ=2HxI~g9&6ucSZ zNMp36YyO8VN5EA{jM}tj7W*HP626aH0O%)N&mbau7Cv0Kf4&1BaM>DYs}A7-4H`h+ zlH7OE@BdD|Bo#JRuhsuJzANu_3X`Ic&>!n+cQTgrH-7kG3<>Y_SRa#$&{c)zNYh?f z+E9F9Oxl>dj?Wxk>W&w=VUQW=4tViDR_U)fiJ5*V8npdx9(l_V>0Nrh!{DySm{p}c zZvoFcY-BeJDRCcG?5RpyFfFcLQTSxMrS#{$j-kcQO%kE=OsJ(9= zy`Z1<58FNQC%47XiX$2PCl@){cZ?RtgsQw^QN4Ee%Eje}n9a>qzW6Bq=pWfsF<990 z`%wbCvD!%_Dfq2lSMJJT9bABt%&^s(|I->C6Nk~Y_+9gLX&?ND;d6XWCaDqSmbCAS zC;4)b7jgP1FL74po>U64e6YjvLw;vWse6?=>cm>iE zZQdCeaY2xNstzg6Ft~w{&oZj+(Upt#*fiR$CnX0S7*YSA+Dd`L00#1O2=aesb?GtL zH>F6T3pg1A9`xF47g(;=^^FIoaxcWg=nRmr^3cqyic@=V(ianc5Nm5C?dYBeMnkXx zcnP=Te9OtQ@0N=xrgL&1Y0Gd2^h1)kk~8@lT&&XB${H%Xd6_r6R`609zoy?3xVc=N zcau<`cY5o|PKLir>B8Jc5y^khMQk@*)C?)BihAb3VZ+Ru__B99Zg}0$=jEK;EUfYYNm0=M*aaN%8P4AjNH2bo; zu|k7qkggKhfQ{8$qpZuk$6Lpwq_8;>2|7+xaIH^X&Gw zAhYh~6OXm3*I)EO^i?k{hoHxo5d7ffCV*m3TK|r0RW>E0foauI^H9x6Q&? z{zs9Ww_zQ%!I^~_9FIM=3{G1k2mDqvx9hOhk(E`@#slg+(Ex)bzr)=!Z|ohhcAEf% z+c|S!+;RigXFI*{TBIJ-mkV8bB^Uj6c2Z`!{itX_nqq*Go=E*l;)+^@;N+2);m2xO zOaA>2C+o!iWmX7m?VK_o+Xue^%?t6j2ip;W*jl8zAG_d-D&5n}Y=We6tt^>pm_in> zQ-W?wUP62vci4U*8*)!nh6zo7o`{*kzJ8AmP3>RRL1z!S6k3sL_vb{VUBzRcA+aRf z7tdq&75l#Wxkwoth}`aR>oVD!3s=6Y5%TTxE%vl%UGn44cnSPBJjE~V&QJ~+yIUdp zMVo7?8M|z*Q)#~eb9&g1ef;)CINHYZjq{%IWD^(1fKoch2^_HjIcQbD z;;we5a6UdJ!iFRO*=l?nE__1oBufJaQ1^9>RP}n|=w!)lqQ~YBgLAtMx{x#BR^#I= zv5(=xF*;@LoK^+VH-1OGn37=bSwUzd_uu!7}cgy&QkuR$^kD^#j1Yy*Vuq z+R3y!&0SR;Qb+5Pwh~K6)P;7$4%Zc`|CJ-WZ<55-$L~`7 zNfKw-%xXW1!_Fz<`??r|yxB1sCqh9#R@q~;H*mZhqi5Tnmy38tY}Opgl=COh7A+?I z*R8Wjhr3C%(XY>&e_L2(DJTJWc8RKq+m5q5bF0=^_dS|kVk+cOUH`7c6!? z1yT^E&jQU+>V?TlQ|V85&KL@~ay}9DD)+yf<_22Y64}H5WE+@;$n)HiAAv$|y+F;X zF~!f6#`-Pn^kqyft4daSHyszJPre&XUIX8?dD!sLeqkfN+!ierI>Z%fFqvnlV5zwX zZ?}|m*hg&zEi5d;Mft2p7iM9IXW0(6agIN>etmyj(w$~ zkk|9Gi%i%)&->cfa3Dm~v(W80R1f7Q}ghtMKZhq?}_?Yy|_vbfgpfZ^g;sgm5fdxe&5f$D>t*5DzR zHT=ldMwU&wH~Q9c3T8;xD?#Y4HL%S4ZAvkM{Cd_It7Jp|!>q>g)y-u|gkPoxa3pHU z!H1AbUhs}iw0=_7`)xT_D)tr=@Oc4erYD&Vy$;kw>0xmi`P6*td~b=8@)ISNmnM#G z>oCdaVjkX7$IcpRm>lz+e>w)WyUAek!K~YIQnD zvIpee45;$M1h)!C#5HA@LpD^qhAXOIKl4JT+BC{eb5^$3P@IE@J4V;sw z9bga%l4oAt!R>AcFX`Dn$FuERW#Exr4xe|G?hQ#CR(|UqQ~8dV9mZZ;h{~j$au$|O zeHt1Ek_t2tKR4L*nB6#>;K4BFiB)V$z;Z9>ha>Mz>(4dA9U_Oi8_}88Fh#O=p(bHI(LRwBiHnX6wv4do|Sf(M=fg+Z*49O(xCm)Z<(qi3hT|>0W?j{LA_s8RMM&gT|ymS?z{Ks zVQl0UDV>X2OmBjy>>Qj?UaCk=T9z&A>z$SCTc}CPhp7`l=cre_N4&2qt1W^Xmb})< zf`si4pRZ~$JRdmX(j{C^b_iEwzJ@nH&Ncc`uuWhhhXbJ~Ffa}5xn7_aqkew%Nq(tF zsTlFhL9ZSFvd$g17m6<8${3sMO_{-_A;F1kJrIs6;T_zf1r$^zU1U0Rg`5rIPdC}2rO1?9AGm20U1#V>oH+LI;ghQSqldhPg zDRek?Y&@cLCaztcmyJNb4T1}7rlFIs5CSD?;oi;qt^<9s9y(a zR1J=Ogstu#f9&Eh+@j>enq6D>6k-0-waq5}tx* z_ekW{^R1eJ;2Oce0jkaFqgOSCw1`o)(e4eK;d1-ZHt>q}D#dzf&-zYDkJOctVgRqE zI(1l500Gs()Ag{A<@>S`jUwp6bhXKW)|bQO3iD$5>jxR3u~%*^chnAPIyUzS*t4nrF3? z4jP!b<1FZDk9gw)4_wU-)$X7`w`(FwqbXx|3qVuLiC&H=dQA>qPh`pnUsIX|>0Q;& za`InD7ju=lw{vdT*ILs4YZpUMA7utX+Gj;8ucXT_b5}P51q=D(*`azf#jl7(Z2AR6 z{2rE@8nE(}e)a)UbH6yCkQ;b%;6(+ISRA=?+iwQMqfBZU(Ns0Hr>kRAo2jv$Sq9Bo zF9<~Z`sDdXd*(WJ13K&7!1(up82r_~54@dR{t%II82520-}bs+Y%2eE5Y~pPOL?zF ze?4wlk$CB>Su4kdYsQ41F~&5dFgD|R6~Zai;{lJ7TO8rqOCoGmMUrcmXdaCRAR>S` z**cCq>orAtI`@bnpZrbmI>pxB*j?vUc&SN9-~+sl9*nOl?-mlYr<}?#AmA?~51gT? z=V%~_=zlT|EGQaG!-lAZn1oSv$d+AUrnHW#q9yB&fZG{l=}$F9*+*bL?aKe0hCm?}NOV zlQk9YYttMY$hV@+2Y1S9|EhoymmqG2{A5Hq0$g#G=dySowxg}fKo#3L&YPR`GII28 zHgQQ*hXQ?cLLo69&l+jYvTLy3#8uj;CWTjBoDb$Yj|gIkVoTJJp%Bg3=1 z>2lTdy|RNjT^AA27o!ZttJ!b)Z7+8PU+W>EKj)(G3Mxp^r4@Nw%99i?Wv)*L$j(EC zaI;G9jnHl{XEgg7j5RXWN~=VVGo0#lb((l8glmsZyB!|sUs=ic)qH}-r53^G(IF7v zAHs!P0t{@RS2^<&Xrg=N>i5l?-g4HeG#3mQ97o544aPIb z^}9F(mo}J=&l>|>4=IWhL$}d)yKVB9v`Wuaw~c}M?7}51ydOy^xK%%UTN1#}0_?ym z+)SP+p})5RYrh9*m+xa1wAmBzaNjjtGI!Td`9@Es{=6DTD==53-{8nZt1?25Y_f(t zD_MADw6DOn0@@-}Z8L6SK*6u|C5enjxk)KzS9xpuZU69gw6tN;m;<_lbaXYr{@%EhD)%t<2B2}bI#=) z6<+Or_tmg6MS}z&8LPfmo=@`lGrjS88=mL}kwhg6>Y57~f0%O>cgP2Ik6Sc=5RQtG z7Yja~Fv0w(4jo{zU@6$;)7Ogak#9L>goBQEuG@wqNfN)*4{2P-l{^kS`UJ7e7$h@V z0j9dTp{fbs##|YXuWY5KHa=t{labip(NT(7}6P9X}mfbZIL)1W~NMc%!nHf_atm>roe+!4kEKZ)*ww&{U$2lS{bex^Irf_U|b|l)hY+eN}pX zxENpSQF9zKzthzLstbz7g*QU_UkiTD(A#0qB^z}t1Y9yZx- z#;^(o-^uSeS|86=&XJsXxQVHJ-H^@#c*I17TkE`_W$4Imwk-Bqcw!$Jy^boD z)ScmrMV%QiqtyH>0Wn9%vjX3G!Ix6Gs`%$-!Nue`^mOSDV;YLdYRpl7UT)`1%+-L{ z$JU2WWJ9nYVUgSrR}Fg3p!$(3ccD^{>Q*?_abehb9cxMpOh{TUas`)RZNP$t9%EMqw68?@=*2wB1B zH4pX~Eb#mAZjOH{iNXfK%r4>qEBE5imJuW;sw4YgbG2n_c)!ykPq(3`)P`_AsY3*s zva>e(cG|^F+V&U@S(oV<%QSB6s?(U8Hf`F{3vXz+7cGPy*gonyh_@J=nv)X(jofFT zVjdSVZb8P&^r-E%eWXF}h%Bp&Ti&&`c|29){aoulcz>_7#LcvtO+Q#jTMJdX=P_8= z3%!MOb4#ek?UMmifETX4w;4T}8*aE+!I3g;Hsx4J#0~k5)Pt2t_)+zHQNs^8j(iZA zmNIa)R2`#lR`|rU;{I6JIJkJkwA|NlWW-Dr^d|PQ>gN}mmP6{{Bb{Ix(f#)q>k|`2 z^#>U$O-;oPmlKzFwKXI6Er9&sv7JjcFW*|(dQ~>QYu1N-x7pejQcP13RZ3=_J-iM9 zZ%4M+W}_Q?Tr-My#4rT_)V&02lR9!lqy;rbGM9op2Nrkzbkvh3ApW4bH!4xuEsZey z!FeGK`&mefcK>R9*TLupM)-A4FSC7=*Z0!WVm2}4qG3YhNW~ z;zuBt-h@s2oapsR8f~3t)$22RFTZp2PB_DkzS^Ol zc@CGBuD~_lOdEljgE1PjX;ifNxOenegXkdYQy8?cDO|s1k_q6KD}R&Asp0W!LsYh# z)c47C$9qoeM5|4C_FhCHxzL)adlhH|*R00=JJYZEB}~>{;hZ9?p{Cspejttl$3wdf z)dQ@l_o>kv6Jd+Vw*+ejjy{$+TZ`=yxmD&l43>HUISUXkD-UK$!mQ;6p~?h{)iM^- z&Zv6$Yjx6^JX7?ymjv}f4lMw%Z(p6;nAmhdbE(?wjJ^)qC&JkpDiXb0Wqj07ZDK0~ zI*1AUQ#pTVX?13+Ru@E{vlIc)*WoJnfj8K44eB?lxS*R92tW76u>tZ6<3acTg@G@1Bt?=wydMj zO>4JWluVOSGgX_7)uE+We_o`b*RW18y%;?M=a~+HoZK@}_o?9xrI0!)<^y^S_%49lu z>Ah{?G#<9?y5(3&3hl0PKc3ku>KUnLmlYa71&Z|a`daC0>{l&6n%hq?oy~mR#CAK_ z+e5%0nyQCcVWweP36*VEypiN!llDbSNi1PTH@VmYO#y@K_Y1$D6M#o0L)G^Sy)1k; zbPn8T6hJ$d58w=@H{c*+By!b-D73n-XPvXIs6nEfBbjg4z0C>i#%QfGQgyABfeP|u zwEDKZ4(K3akdsSe+*DV3X+qSyvVnOT@xY9%x5*mN+XEYWam2-mG(F0J>rYeXfX6UN z{(cQc)ywXWX5+u*RBc)#A}V968y*0)O4qDm$m1f|IS0Wl77_09~b!s5xwC zQcu#SXT+-~xTU;YD0nCnye9)4@!>?TMN=05dnXAG##FY=n+8kb9Z=?t*wRiVxivB? z%?%KxOaQ^aQz{#e#XM%n?EBPlPBZi%OzcblF`pm29r|f!--Wrw;9*V2$bDbkLB6pa zqMLx2Sx(KCH>jf`PPmkYI}L!#)efEZ*_a(ndLh$U@?hkgiqbelvxRYP>jePa><)gm zN53Bk@7Z%p)YdIwGuLk_(M9aI=rwt+Xux}W>O&?h_euuNt^20fy+@dql%U(^eV5^R zH7k=sqKZBP#Us8=-|A70Pm%SZ!k(NWZ$rIp2dlEg=Rs9EA4+Ck4KBA});SE>T3k?O zOasu>>Y(aAu*&ZsaIQAff)6m3q>P+uva-Uj_3fVQ7j8tXSF>-}wCIj<=zx4#Y}{ab zQ9>Fe5R`YWkEqVk1Hb)Od6tNZX^rC5lAc?(Eq!x4HGt`nVo2G0?%C32)Ql&^qGr^h zKE~b}dqA_IZ4eUG+2ykWAn1o%Pzy@X#iA{0hPtXaxT%ZB^!*l#hXUwvuc$*(h(}WC z8ccM<=C~CF=Yy=lAAaD#7v8nV+YfZ189hgCD>y&Yb>J&D;sq5kYiy}*dJJ@3QLN_z zI6wnhT-{*qz{$zqH7N-{!Wp&L)l1EW7;Cz9A2lP8q+tzQhm`gG}4HkJH)|lS;*s@6LDttG`(aiH$$`9$69zn=@@d!BF9)OL>f z$HwNz+F@4izaysO2450L9&%fz%$spvo$y(j-Y%l?d_?KKB{01$6ya`nbIz5Rn)_ z!7h`!{c}5oX#`ku4k0eD9}kWZIW}TcKB>`nv%k7Qn#$#1h>lRg=Zk!%Kd;lawFuvd zpb-z>*jUf)`&oDCV7{vRs&scKg?(th+WkAj#YCNXCvlJ2*d6oBQZTPvpTSBP)x}>2 zhmn>LX8>*8#2Sgv{q!kNPGI93G?J)>9XcUbxu@?jlvQ_^rYo0#g^xMo3&9_Az~cOz z-|?q%lliG-Au*rI#&TO{C@uGmfR8k^GCK?YU6ruNA0s=6_T`{ny;>v(b+ zF1&=XoC_!9n7tAz0ezAVzdhZ`HgO#JX6GGeQ~`;SnL=cR2HgpYXP3N>uY~uM2-#_H zBIngE^*>AX_|ivWK_iN(6osI+oM$8aV;B09A2-$cbaYC6!P75wLGwuQ)ih*~GJMSo zSn$%US8vCSaJ-Gj1;@u~a({5l&sF8^M&ilTHju}eZ(Ls7-X?%@9*E2U2m!(k-rs|y zmg_DKP>wpea|hfGs4kV#A_wGejo0g?LBK#Q`*H z1*ew^rTZ?bWK>sUIZz&`(Z;MxS&qv@)HfoWL1hgf1}CL9yFZNQUmG&o z$E}!+kfM`ShTL}q+)M5VDivtw?Xxwh0n@i`(P_B>SpX=+&lmfFAx))&Wgnlu4bIR7 z&1FTsXL!>$BM8+`JULS*?Iu!4BYCGpUyJi-;+*l}9U{gUy3I~-KiA3RJ6;imcJ{q~ zclE?U`H6!&9Rs7SAObd+zoGkS8_ni3>6e{wlZ$HpW(Fa^b z_t`~=t}mL>sh4b}FSX#7BiVm0k6A!2U$sY>TT9F{4KNn#tM%AmEFTb{b0KL~6;557 zlTcr}QYp0N`}*9@0f$dGA?rCs!R&-{QLLtK_44&1+V24G7Cy4KcgTLz++Q$Zjt{`XHZ^M{mikrrzi!}PeqRjBoBu(agcNLv ztC-XMK1qKONj%%1m(QV)_qUbjZ^z>iE16xm{0#TMo&j@qndbb%{5qRf|6*>>;GDrZy+od^R;QW#>^Xz;6UFJq8JyEhe)gQf z`HA9m;|$JeCO>=r-^2OlK&Fd@MRD`70m7fjf08gq3gP1IC-hJLI9j%Q`GHG1T^5Ed!TIS2#>+i+NVeaJ7tb-% zJoray@!!zvBsGNe?}Q?6)p}J9r|0Ec2DPhpZoHS@NzAk4cLskhsKLDm2-x9>xN??m z8i>jF|HL^y_t?8*pFUxhoc~?oL8xhD6bEZdc+0wFXoA_My2`@yWYc0JnudnFoju1h zW;BPfFUdGVR`w|JmqvT=r{;XwV3Jx9bktBNggg z0SQn|C2e4@!5aJAv+ax@KJb1J{m!T0404hVp@TYv9Oy+I*lO3*-m~V{$^q^Ke33V) zTRZWr-V*-O1Qqp0{28P?*R0Ai0*PEBTXMdb{M#hes*zD%eok?!L)Mpsh!EW08xawd zpBEY$(eeip{ZA7RK_orF{?ep>m-d0?=LN5Wz7iay`)8Z~{H-CY|9gl3RENk1 z{nHzruLBw@@PFFO3(oWi|DTusPXR*k&(JVwclXW!a!_q; z?FWzNKoxrZ5?%M)SL3N1pGNob(-CF!wFVRm^%X)_d)bG811C}s*#FnF|EUDA1-x66 z_jzuwI%0D0lU0mJ?HCCkev|0U@ z`R{oB>rwwWZ)js8Qi@xF?>eJRmq}KwBK1hbMsRUo6_HuSQgW2Wusi20-}nW$e(wcy zuvWe+c@&fUz2CcIy@xOy1S9d`>Gi%Zyzc1B7pgbD_q{@W+S=N}+AeS@Uul277g&v8 zLSz8d7mDm%Rb|}T-Sz#t<`$z`dTqt*d~*TvV)t@rH5V`T_rW7>~%Hd779 zl|lonfw?5P_8`X~*|y2+9i+wn*asoKrO2I?mG$Oi24m@c+z&Z_MDK3(@!@I@wroUM zZm(&wc;<(~TKzFg(YGBk359|4^>+DztAEVV?ilaRWz<&7SY~>9;l#@G<_Lc5S^tH<(=Xk9p(_wYYlXj9XX;m` zTAKr%zEW++DwW0=V5&%^-_svnMc0^Rr+V=)ghIM`Ie5Zi@vCCZt=id#Myt&|IJ-wE z%XBY9B#jN}?qnr$sn&>s?_$0Ed9mGzR&9}~XWat|k;4&}L_A^C9)p|)=5Oo5hY*=A z88TdRr*fmI&$uyd;s8E2CQHAdZG#VCi_ zo&;C>L*a10-@BV(6BV%DoR1HG{$@PTe~5a!;eBrp12Zv5OXKlgacH`i@n^)NpE;LE z`6g*nU!mC=fv3(&q#p>k*x*6#thwBJe;!AO#%hU+%i{?Of4tzAA5V&a&;5NP6fA?w zL#kWxngFui;u(QNED7<)ct+pOK;-PB{(y9jRJqy($@Sv#LM0WvTD_^F_0~3No9k`L zFc)9?a%bb)X%L9WKXxr>GLTr4$tLajBrI{CJ#{s;?$OaSa7xzRU=(4++sn&>TQmAN zA^&>)G!>2?LcX}L+JQsi67w%FFA8^!R-TleDUN0FbIWf>Z;JJrdDeUeV=&a6B4Ck;#2j z%Tx}Ri&1I}hQgdLx3e9~vDs{IFsBPdVeMe;rjuA6ba`Juy~oVt3q-QV!|~a14Tt0S zhvUA`>s%lr_uqG|uY-i5kM?B?1kro_0#&SVEKlL7BgOj1#z768B;nWZCmBmtKSd9f zFcHB1!J)E4VA5)nj)9iLKV_~o$Lc+M(P@*eY$T3pIm6Q^d74y2z!t>g30_u8fWb&Y zIwd}LxQ;<6%=_xc*pcGJL@^`V<;0gZC);V}*v~GuaEA*h9z`2sXd@65JxPs%Pp@_! zlAA4&#e+faeb<$7IG!adU!>}lj{0CYk{}d;yQFJqm|tg_FP6}St>%=#-J?C2OiXUO zH=G}F9rI;R`}g$gWP-upPaB^qLLCOy=Qp!SgroVi-=92X-q-0GASFBD%m!4%`-9sV z)uNP0D1z(F%@ghdC5ULX+XHp|p5N=ZEB$slJm))<`qSq5mpIsTe%CM$=P^+1L^J#% z&T3xbu{l9}d)s)wxR}z9tN99rp2f0KPQKMnaB{*zHAeB?|8#pA?(_OwEG3p$p2eio z>SQTcog=8Im90lQi(Qwx@O9_)`QCW00qm=GN6xsaiki;Y@E(PkCgd@T`S;9@*Qpvo zyU`>Th!b3cvo;7Fn$%ty*mWn0{D8j#4GG~c15oTwLmQzxAob|sW7w*8^KGI6$m1nP zqll8M_U{Rcu^Vq-!ieb_&&nk-5xATx$z`zUvq}|OK}WkkKMQ`e!PaG{`el9yEFkCC zeVQ0j$(&IfKUKW(JfG*A-zaj0Vi0!MSuk(EP6dYlaRSRD(iMC6gXz%(bqFBd%^DxJ zPoaV(vivWqkPY`1UC5%xMeld_cpZdza;Zn#qAqzg*meEqv(Pl4WEhkDW?9n}|ARCL zOHcrGRN~cR>+$#L%?te<`wt3AsT6~x{QGI_&#ORA2&$&=9=P}P&$@mx0Wd6-Njn}+ z;qNE_+NVegfJjAe@FTZ>-&{e65KaC-A(IYDtfGH5P&OR^53;W~3CAe^z#xRvh(EDR zgebvYiJ{#euh1&BIksoWmEB*DK)yc{e^vh~_tyq&I>ESum6cHg=M!h1SUhgEzWS@B zI8u&Q6RdH>`TEYQ8@a)F90)o(I$z-S;X?%eHV+YS6#PV&%-HsW`wEKTezgnnik=qD zEudyF{(_;`4|kvW1H6D#;BW1kgnoE<*leGHT5Yx?5RD}hf^^LYEBm4$iOUm{VDKwv z@8M)0^2ZO17rP_s@$^n`ZEc<^vc9!7u#FB6d3B7$Pv82}oOTakG@4z(2Bgxa_eP|4 zNp-Be2)H}ADU_IahKR_~5Ww#m<_23IY&8qY2gixVFDjo-7uJCuIaaPq3uABgJ?beXYqlrpuH{YLc?T59Tk~8`txZJV$Y6A5_qJ7TA(M0{tIcM z$bX+sWW>B*DIc(6Gnt9iL-u!e#66`YGNsZxeop6yywvFa0n}3|H7f7y{+qXk=G}wp z+y_E(=kpdEQw{a-Il`ZmU9J)rK129Q1Mnr4LWVH0j2)KyTk+qz>;eVUJlg5@$O4r* z>3}@{^LnwhQ!ECt5M1x%PIosJ`TCV!XOoRyu2Fc&=d|DSA!4m3V%lxYLitt-6@ver z%nvBgtDbu>D<}juqgzz?9oHY@#mCb|;r43Pv(=Zt2jiDH7di+}_xkHUFY)tU!lfFe{B5X9_a%z5B-)G;J0H3AONFrs2QQK88kGf3s-Di8Xvbf-3tke! zt`tV}@q`8mq=MYNeCbv4`!W5WM?-m_*c_LOwfBVBtX84OhLoi=1n;BGP*AD(T$ac! z_t@U@g%i5lyI8uzFQZGa&W}g8R`){@5@gcpxuxfu)&#BhXA5{xh6i5)(5f_>G}r|n z6yRf6M7=Qn@X{#dM~b>48>q*0(Xn{WM47VzzAVtP#V<5Sd(GEpt_+*Y( znMkYsJHl+f2vlGU&McEmGTn#9vDASdw{?bq)rRuq^j!DkFx&a<1??}`-`du(J504f zZ1HfZ9mR6J#ZMq8GFuPA43$O>5f-D8kf_gZ7(pn8BzR6m<#2Oz!R2~aD2>f#5Cld6 zu3iF*vDJ2^VxH@@~so2k-@B;$^Achlb`&*sPr}AXE>`$i% z8te+c{Ghlt$JjYtX`GD&lX|m*T(DXdia1f7%vC3^GucqIQ8(ZS#q9mHYf>wkrr#?_%;E946Z&O@G-q1iQ*90hZ4^q?qW#0_ zt7>W#PSd%ZU^Ktg3smO>z|nqLjpVRD`Z(ZpUgb8RM4C2Rq=}(Osob3hv(s&8&Y5vQ zs|C=DVI5ryfD0FC)rXulnh*1>wK?D{RA>sP&eJHGcj31`>-JU=9j;cle`$?w_{-6$ z6Ze4we2e)k#BiAe`n|n$c23MnU_kZDImP zetCF_k|!D~H;`wt6KD@_D4Q?mvfAPSC5~Q$c!zzy&hdrMer#A!jBN+jbT$jYRH2mL zR}^9!J!&rKQ)W>wD>7*MRGSHLx^@4pinH706=`xt!oGlFBaG(8gXoOtp@Y!A#G7Mp zEO|u#{3*v&jpPsam%&rPv|j!%UYQvg8OBpBcrj#>Ayc_R{v#jS+uKFGJN>2bmi4=v zrf%F${8E)^As=W`ZFQg!@Vlq?s1#zUPdHxO1pFE0K@jA`cN)fwcU$NMe{pys6Y`)qtz1(03FM}2^zQ!o^W zTjT{bJ58DMEb7tU?pjTIAku)TvR`w51(~^L)_dBS9uC82PpZ=wRz$R>p;etG5$gix zO-@3}2@UU~-@qrT+R?FnlUz$7*T$4wEv38?V>m3^)x&zYn2*!O*-q!NZ_Z@A3KyC{ zEl{80pm2RatMPr$lsS6myv=xa7V?zCQT9>8a6A*j zqQr69a4@G|w^auz0+%ark4l;9SH{Tt+r74ma#5HA&WVEhwFO3w^A|If#7h4?Dy8DK zCA))C8+c5n@8P*Fq4Sj5+<(~zE;zs!<2|k0n7_3=bsIh6Q1e{F6pD!NOJ*lde3A-E zqE44}-P-oEhtbc`lcEZ%Ob4IyrFgl-T2LU$DZpIe8GZeY!jh zvN`-gA{B=@VZ4^q*cgeNp+Yz7gsP|6k~h68nZXjP*QD4}!S$@r>e=C0BwzZC%U^ro z-FAP{O78Sp1%*_i$X`>I1aQb-?(!dMauRw%}( zJne^;`y=rUaj7!3>bOyEW!-}_E-`Oc-f{KmSS81;7xp}62N_>nvr)Esvl+4a%V_^z za_NkcHX9T&BGK($HkT7bk56aL0{f+DT5Zn7&zd#GRFy>fj2q;UnR1AIW{1o9DAW1k zq4arZZ7!z_%W^9KA|cUb=Ltcj6j584U2L+1H{oC`{+21yGqm4GEF9UB1@dZ4T~2R( zLC5L#hC4p~waNYQV+yNTNCsES)`#S!_0D(RaDl(hEyQJTIr5*uj9@dmI(y%p#k*7D zlRI^c7HMg@kl*b=ij&OYv3ZPHtfple_a!=U#t*Lh<$lZc{d#|?7d9%AZLgv1H=D0h z2(6PuN8dk+3cy@xo{1;y{&f(7`ZbHmq%ANc_H-4igr=PHARLQbfqgYUYmY%azS1L)G}~hBDBrZrJZDH02Lo0oO$ZJLTzYy{H3nTu z9B2Nkaw}J>(|ir6d7fcrRS`0XUuHb2C8KCjx;4c27ut5%CdiY~#eW^aMc>E(8x{4#&X*E0ceYWI|A zp=LlD7u#7bmG;6dOoU6Lrly$<^^G)G9}XU%5&bVAKm_d+@b(k3)2PWZoyv%P+CKGa zsYzSZkn8-Ue|-ER{^Vt9=z@n?nQb~>=kxZP;I96PC+&e&;C(qfUKjGIJGq*HXC$VZK3|%GJ5!PCDs0Z*z$m_}(ay)H z#$@#dk11QNx8>Ivo6DI{r*pX>j3iWc*Haycf;pn4x7aK9=?ygamLC5w48d9%7E_L2 zkf|x&Yre*aBOE4gdLMWO(CWng$z}(U;TX#^*bt`Ko>uznH@{HwomOluADmeTf8-T z-8`{Zaom>}zlEGv3C!>pWvnM<9ZO3DEw6n6vVt*lwW;NnZ(^bGR91X>VyPgt2cyb< zMOxunaPHT{G)nH%(+O~NRr`{uQGw;)!;>xL?|Va^l+_AZEKiIVEmr-z`^2Ncl5Gw6 zk2?#fdHV=)C2(0Gi{j1y_Ob@7YTaGZjet)eL$B_xV7zmGia-SrM#M@x~>7ek&V`on#^04waU zgZG=Ur2zL8^oAgiWLs%H|G;20CVIJ6X5SrM-T%=gj4zMPN(TM{FzWNDY|^OQ&0PzQgLA-=#=>D)}MeWIqgv~yP>JBxir zh_FUa*kLr(-lEKUjA_unnq@C&!#5F!rT|qeRp_o4Kd?Ewfl;GAy?sVVv3eRd?e4E{lscsZehU}q$ivnX#CuYS>Jg}22^p9=UK6cY{z_xK^!cjPbFd)WV# zEI$VlKkn0AOw)yw=(5_So`Y9wv*F3qEW^5 zU7{4ql&j_Q9IHo{qW#|_`j>FL8A*azfnAqGudfH3QxIA!=#(-aw6wH#dg#9I%0svn;cV6NBY+u`B(QqgMc7S@_&#n38e8UW4GIS48_1?)kOx3 zO3^JWcRwa?RlEJIwN@uSN~!>$j)&;3^YL~9^%z{BcYVcp_cdiiMcIiEZ~sWUw;eMS zZi0XrLGRITuF>QS!&oT&E0$bZwo(@b(D@_96DtX|vvV#kE_fR=+N-VJ`TBI9BhoQh zJ(0!auv)`YCmRIF0cAByW-4Y8Sa*OO3b_I9c8`}eJdwtwT+e9HUq&$^`&9xOJhAJ1 zwEYtScaCZJvS|eX@DwdV3Oh95qQkNBqLeh{FJt zjRDGWC@U+!q!)U(OkBQR_K&F_WenaA0CsDZ@Og(wB2j3I6GNRYu~4ZS;fC<}@=A}j zmXK(btt>ww@}GzSvb!il?>YEkSEVVmieiEM(>>ExBQ<4I!k&e^{`nYc@ z4&#f3ARcHa#<*}Nh@T9dm#6#d6B+>T0b3a2?Tw=lxust^&G%|=(>(H(vT_rfn34s0?Lh1YV-hyDw$^jZg=n06$}zU=McxBjE+x+j=`egyfI={<&AJW!=t55^Lh zkZ;7m%NF|VxM39nvg6J}v>zt7Ez{XrYh><#be33t$WdB@gm<|Z+vV%DwN?qrA5)z- z2?Y^eEr~c0L4ZF?CL0u!U5`So&N3(^4@rM4`Lw&Qs?muz+;qgDy{@Azvn6>Ef`FAYU)7=qFs**()S!4{b ze!v-)mqFN37ko zg%fk)qCGBOHv9nTbW4CRB{K57aq{rbi45cyM2wkeEQE+aUpT&)omxdaa3t;>90;q? zvKsC;`OGItrZJ%@f6bUP>8oP_gpteSVH&kM)VupL-P4jiw#Nw*i8M|KH>cANX47@O zDeR1ljJ;uBJ{pAwo9E(#INswe+eJzis05E$9m*Gu_>+IaiyNvgNWZ(e`b^VQ$)IY~ zy`1Wv>?V7DPo}&pO-Q|;zQwuyoL5*_nDV2ne!qUXO~QMoWX>!;!Qv%vsLAcPrR5xJ zT>L$Hq!96E8@ThjAWQQ13|`{%b4ej7@I`mOg)Ez=hf5R|OO;8j9^Wh->y6?d# zy8W}FX#v#9jM>8X6(IhM;|I(Pe>(Jm-6w05>$DFlRq7A*13V%KIy{y_45BAda7GX8 z8d`8q62v%{A8e6L5oA%98nbuJw@fB-J4>|(Y>tQCXZd+sZ7(*cF~q>+G5#}oj8PKq zyu=9eu6DbN{7*Kt!fkg|4*TOak5!zkc*JB>H9yiKu^_$@JS@ zpLpM(fOmZX9*2{_vy`SnTizrlJJjW@blarsY?95BD$vt!Y@mU5k?9}J*J~tg4q0{R zaB#fk$o8(Q2evF)w`k28^MDd!0)E0e=!>*Xm+tqv zjiN743~dV#^L`-u|%$ zg&D>DR5DAxLgN%3NKxrJlgFJrNfej zp!K9Z!VZdxNC2|T&$%#9n6&U@b@;F%_4mvu8DH*Q)RUQ zGMdf>286Bn*EyT3O|F%gJGT2mf5mKjn%=j7yuR$9NF}ofK$J^KPH3R?hx4^VhJ)SI zdJKFuUu_d)M=DlsY&cVUG=$k8e&k**H~WFhZHvm`c%~H5u=oWrsEZy~8wOjT?cow^ zwe@_pIdsAP+z8`6l7Qz?*S!S+pq?*$;N6OT`$tb$r3=fyGS<6{@=`rQc86>(CS_YL z^9u=k&u#_?16y1+THmAI5X--B@k7ii_gD!5GFOkGYii0D{eGUq<0m`X_;#tWWM;fI zw>w#@$;Zf-4v*)#mB$;eeECnZlE3-NI9`1s@i)#HA{DHi-F4=^-Oo@Wg#_(7OmPmU zbG|w3`uNSn&w{p!y&KF;0kT`8RpBQ~wK1w~p~FVmVb9x8JW`BCV@lX`2w@&Khc*{! zJl2O*-^hX0_!-IC-o4PXmHMYmh$#PZoG40EGAH6jVUrQ{i@8c8HrjCF%vvMm%m_4# zfW3o*A}uotxs(Jg5o}Rn4Adw5KbXhi{@baV+wEZ>ce`s*Q%>M(oBM4@LJsvWqgDrF zv3pUP%h2%y`$~-l10pe0+L9U!8r1^5@T<^ipgcAn0c>pGy=4SXi}@x0bV21uYufpz zm~zAi6d3<$G8m2~Ff+E_*2#XIYnFI< zxSX6WfH@V+O?7A*PU6HB)%~7jo$b5W=oZ9~xt%I~G+SI9gWrM8YMQmadP%23H6rTf zSBY@w$84;|keiBY2Ei6RpbJO9@|`1pr60&&HBOK5TjxJQBk zuG!4Y7Eo6XjISE}!N`4=8EG;OXS1?}^c;d@YOhZ>N&`-(r=t3A2w;$(6xAG9<_w&6 z-8Xb$5zfS85TT_(O=b#ywJkBuAwIAUbxKQ}KyIY#B`2#tbVAD}-(-)41~NevN~8vd zpbZzxyJzn7g5nSGF-j(^*SU;60tQ-p9e9|u9D1m*|aPkno1bF9C8-Z`J$5No;;~(s0EZQ ziCm=H#uu6SX0uQA9VD8|bs|#B^MUY3TL5AnOg}#V@S$!)##`ds&%2GW@av`3Xi1{` z81x8&W$M8bzvn8=s=+GkWcBzi8#S<@V+&{cIufD_awIyId$3rk-QUag$1U>apmPlZKkCuVF-(@=P#RYNn#1|oLY4iP;pir( zPu$*Y@@B+ptpQA)Tw2B`K6WU~{P+&fc)pHat?~G$olVwa8ZV~OYRP4~P?jCo;x@s}{38VYOIVZ5&YN}R zPCjYmZ>O^@-PJEjYu}iE?e~|?yL;(&??-WScbIkn79rp5Oqr;@`BFnTbv6RAt}nPx z#Kgrq*MuX{H;3O5=qzKNuCxeLXVa00KcT@%5Y)aupucU>gOej*yG8G?+5>rsb+pHV z>&qEo!1uXpgt2v7PPO%vAAE<~Ks61&#u1>os7N4JCqh((0Vl_geOnEMUKly%UqW^1 zD`9Tgs~`eS z%;e481q?5<`cfnV5gGv`*bg07O->0KJoW>u6m^=-b``Ao{$fo)r&FU2OFmTv%#XBR zY9In*-W7zWKdlR-1@7KSK!JVsvj!^v2tMvTBYJfo)!-N38^id!)NY4fp zta{-@THoRn@tn+JGW-VX?bsXqxr6%)<5n0B16dl@2&?&kwL7qnXw?p5w`GP)YyNbH z_TdTh9+Jd;93xJ}PpJP2P^TA;q0}^v!_-(T{7(1V6kLI(*GVQ0To~$0f(p0$b0|l( zD`F&&yQ29Di(_6Z?C3)|gCYPozCeO_3QQCXE%Tg)zgjVoD*E%r5p~hZx7Z)?W{19{ zA73PJVGG9@IG>LvvPP=aAjFunCu{W#}ivRp?e9ad0M=iYzG%r~N0 zo>I$^2MJ-5-8>2i?Hov^=UnHrj6RP|B9Rheo5u(lj6n zAKJu5`)Cx}>4hh~RqJ{bdy!`bETAc`k0NTK74gGNG`q@^mPWJ%75WI*ZL{R))!J+Iw3g zy=(b4bud=eq0Q^O3>3%C!-~N6lbNMYMfysxwGp&J#NXsBpfS*_pky;ymuOY}qbeV% zH&#}H+F&(%f<6(5g59A#f5N@If6#whldQe^kmqE+_~t(}6Gyc_VW}+H3)+hVj_5?&pX}YTCrLaHBwYi;pl8DA67oH>^Cz3ZP+0&yUCg~w{RwL`qBi=qd#b9b8A}3) z?C-%+APQIkE`bg;<^{jZx0b^AT8cf}$qJFm(gB1^(;Ciqc5?NMjg6uM2h`Z_h6fE- zxj1!1*W2oPA8$HC40~K~-J>kORB_C|og`mk0Z$j>qnZ3v551q6VPu2{?N-Rv>tG#s4J5`H25y$QSF({ayk> zb@xh`dCKh<*71*77GLWmbjYn%+X6uR0>K@>i9FWskAiiUJ*M~WoXuDfTCTle07|2; z!{aa}iyo6!r{^`tm?$0*kUw0us&daSX>vSu^=^3R+c~V>0o#2Y=L4d-Hn08gnu^@} zE|_T~*JNyUd1Z*u*g!}4_KS)IFoJm6Z4`^Mj;7F~y|1^G=q;A3wW9+zeF@Znkfen| zm7Vg!#L-rXim2JG^<1qJkF$$w_s|g5pJc$TnuBb;ki{)+T|LNFm_!Q(C>c=~_OXy; zN^XE8qeiDYh=p3?_gEtu>%Cz`iF9rhDy0gg_bW8Y5a516mSQTx;Zi9g42K7XwD<)eos$6Hy=ZD`Yi(_H{ng_|g@DH$Hm>PbWEX@$Fy(MA zO3&Eo{sm0(jawhyH3(v`VdQ^VLtyVpI5&_0~^7>fu)r z{SKYeI_T}nflC38^aF%ZX#*ae%@yixs?|&f@!PokhY9UA8Cq$Ti=7=nt`FCWNK7Qh zX0i-~$6?(9NVe%4bFE3hD-=SGMUa%K=Y{(WwUWU)W**nb?ixw(C!1wXCd+&SjgesimdF3+IF-2Z#azsWey^BdLq4y8@gc9A{V8 z;_FnFvcA61#I2KUWTl=&Pk-J#(k@WgiFOUI_wv?23Q{Lw<+;FiD~m{v4@z+}ChuxnBs#KgkO-7-E}%@PtIKkMUhlQsC9w%+EEdnAF$ioMqA$oKz*T_7O^ zEuG2L(=g_UNpA|*_WQgmS2%L2RG8J-#bxJLPY{Lnyc&#E2@x^DRIae_FVII&k0@q2 z!5V*WQ5ZNpZaI^9Sk%Evy^)3j48qsvJE2r1nmH?vjWawI>3hysmu-N@11Z<;0#*6j z)XZ-tpmOD(!k$42HuZv^2Dsc*nqSA^|r+S|VAxcZ(TiDlPFenjPUU zcLoNgatCboPh3)BZ4@*6v7=n{!$Njpd^V8)N!z(C&z=oQB#MwbhD0*VODY{Q)$xMG zt-;)s>G%5+>>pYk9_APA7BwH%!*vnP&jW1h)8XV5!^rR{+*nH(p#3ma)(TZRo+muc zGJSQk^WL6sFRIGAcVWLplITE6=F7q{>Gg_iIX|g3g%a>&Jl*ddD=V%~cY_9_kn)!$ z(MOZm=xO2va(L!7KZ`lM7~?luE`b`Bi|2B4QJgKeV>q2J=PC>#mxztyvRBzpff|N1 zS#@^yhaRvjgiGs7$I(S2(=nH;bhNp|vG~4oqkhrAO#jxvdZOku%73^;JRlPR&MwMN z$O&Dh*$#>`U#_G{E|w%?;bM8oxzl^k*5lIs$ZlsKJe?=%f>EtMK&JaO;%O~1lMTxp zaunN;fMDmi*`?xwJwuo?$b|!to()D4(B?`N6$|2lja|tC=lTD-6Z+u>yRAh|4ch;U zPr&s-32U&b-7YAsTDkf%=IKU(i#%@rt#Jb^262jycY(H#mF=IM{DIjAxbDzxxnq;-M^B7CsbRI8gGL!g6-uRCS=?-Hb?!Zy%vj9&TyHwhD}j8$rkQ_@LMHi( zd_np~h=;U9vE275Jf#GKtxc-l`Z5M{vNG~1HJfr$IC(l>*9cv_egrg0ce@kbTq}We zJ%Q{8 zSHG!7?QA#zfl`z3eYZC9W90FjW=^xa)enmOk$8f~U$yng_U;eoABwD95O#IO*39?$x>ql! z+ISLUs%%4y-=D1wG~jW_*4vWS8*Cwuo$Y~Aes{=R7@ z&x2$u3+*F(8yWB8<6|_-3P!bF-*i0uIKqOHot^xrTp%!{e7u@KtLeYm+>xqLGxWLB zYU)YHPRL@zI_=4$R+Y(YcF!=J8*S;6Bxon&IVjGj3HT0jQ#CV-3~+$ME@YOb4P495 z44N3;G?pRhhc|GjR#N|;oc<(epbh=q7?kt;bE*XL88(x!YwYzoo||C<`l?kTMo_IO z56N#B8j^!l7nvAVE_;pUr?nMXnIjRb8RSi2a;@Dyg!)vq@GlVU&=jLfmh4e;dF!{=*{4li=w&aA)^QZQD_h zZN_+zr3PuUIU7dl>3UarA)80JxoloY=N7mDHyesY;Ho4R$A)Aik&db&I|N)7?fMSL zR=m$5M^_M`2{WJVSlKvQCtGrA*__^D)HrVTMwDF#?_{ikoR7DWC-YmNTvo7|9U1U> zT+k^#dbakiKeJU64uGOttsP39clS}v;^;VJ;6J%gYuzOL+z_(yqGr3|E@ZXB74^R9 zg}w5=IRZ=pass5p53~uEYb6krakLnl*)-b`DneucE|P(sEz^RJr&5Fyll=l{^WMQQ zB)N&1=_X@jR-}M;3fy^p34ai1jO0~stf`aXM|8Uri~bDJV7UQL#gM5h&3A&F9?&pf zZcgVm4!S#%7&;6Zjx(=#YO&ge))$KQvCaa$VSo9n5Q7>?DvKm`$h8eh@lfa#-m}|a z>VXw$7;wF>m#1)o(&yyy8iVA7OZeH5C5hGR%i9xGxY~JFf$dN%IoOI;p=4?xCxIb! zoisb3v;TvcK*RW0&t)Y?FT2lP_?W&p;xrNpN0?J6mCZ00w)y(k|IdL>|n!d4&;lw5qQ-!QtgFBcilM{VqZT5c)v;RFE z9n^JGXUzqM&*SNP^LwWFZjbl~smboX;w(qSZ5YJqUtJs3h2pkT9SfRp#q+d}(MCGn zzx=j+VHAjc{2zGx8m`cm>~44J<(LpNP|T>E0HJ(W_gtj$xi$D`*ea3FARPv!q{ zgsw_x|5ERMz5wOQdcXD_E&~z}3c;&gRMg8NkO!orgbe_$#`&WmfxF*k6^ghfbeo!@6G~p5YsIG`k zP?`e)DQ`b%r{g8{S3BD~R?Rsz!^US?t+rVNFEb8U zCpdbS;bZvEBn0>2ZAxLY&FWF2Nr`bhP7Mj}*%`ZaLZ~<9P;VF=u8qPe7aU1ou0`%} zMxy4Pl<)q}{{kSNZzB~m5V~ZeEY{a25FLs)f9GDC+g^D7#71ahqEIf!hxh*4iAyOJ zX-b>uWucYXZ{t!oTP6xtKSFO;_mZ*3G309tFT-YDUPeuCxb1w4*8#*FXMT)+R_>hp zm9chrvR0_qA(6A$aI*c3&?maRC|M?$&TYriXDn8io`mv3JZhZ|(SWRgFiYIRjF&Q~<% zVoJKng!cD>uIClcTqJ-7?gN%esZyn4K`S83d9M}FunB_ZGxs^z7GfYRs{nGhzCB#b z7x3=XuDkpL>*E*sS>r7$rL()CbpJHXL%OyaWXG67QSW&_NdqexgF$1S`QBhz$P?+Fx4(+E6%%qkiRH)uh@ma332dGu8Y zhQ~+UZg07jrP!jbktqmM*CvT1F(E`)bq4FNSbi27J*1F7wldeUhGcAL?CDI**veXC zW;#|3tmyglWt!~!maVGISr%7>EMCVO%(2?`U;<83dn;IkWxG%9^Z7Qk1^jW)y%YKC zzb|s}?h;>UeugQmuD#E~boDU9uXi5F=-TcNmi)A(=mpJIrc64iITnk_5iXKWsrW%! zFr}(cao(TqRAuGpz)XK;e2B#yhV5HNPt+E%Vp`rhS1XmS3y{ZNtoML*|E*hPIyWpL zcnlW_#IHL%T=n2J|?RvHC830Nw`iB_6TV3)ius|YZg~Q zM&>lhhC)%Qdc1PTgdjx?I~A3bY@7ROy2hUn^9D^in+R;E3PLg6dyQ5{tvU%2x2*&YVSFusPDAdDXMcN0;@Gy}=C z5K&>BnZ`0l;Fij&LbuxX?q%F&pIXCn<4Zb6yX#R{yV=*B@x23M0noh&!voQ-qo1`< zXE88)PF5WW)nga8wLzvcZ@Vs1(m zmX>RnH^;{efIsE$%^S=RA3kq1lI>`rhRJmgSjBlci{9v{xZF%Aw4XNJ%G>??mIIBn zryBtC0ouRS`;Kaox{Fjg;YPX7)0G>)uQ?j^5vD2@9lffqmlZFH;Nk>ZDq6%df0@vnr$_)x{P%$3lzcbmVt0Sm~ajeW4inADUF-dr|=W z3tYChRhu~!VrlcuQLk#{I5k&eE zK~l0;r{ecWr11T4g0WVspNW%VCgY1FRl12W4-(ilm?T-R@ibUh34=cixJI(H+xNtF z40QiLw!SeuudVAkc8WB18#T6V+fJIKQDd8pZ98df+g8KIw(aEGInP1Q`QCrMdbRuB zd#$-J#~5==gS^t98h!A6YT*xTePD5QBt0Sop>c7ojZP8QLv6)zXus^Ir}RF{Qj*YZ zOJoM!{;Ypv(HcgY{8;nTXNOq(ebX1myfgh$I(pB?Rw;A+t_o;*1}_dHT(E-(O9 zXEvj8gPzEGcMA^d+D88Dg+?8Z-2iinNw4M8TcGQ6KNvWa|DK=Lc+eJ^O5@#R-dJ~n zEJ6RAg#F=CU3#+xF^P1#Ab3l^FYJeijl>_0cjvjzEJHD*(R8xKnnihq(WH6+8b}9o z#BTS|W=^Y|h*GVw+BmjBf0`_I{KpE2MuVf$?DL?aX$&eQY~pO?X+JN&85#xOMla&e z0&xdBj(7-WCWp-!LaTKUJ%i9B!jJEM!jzNhcIsQjBgjpHDti~| zo9&uQ_eCKY(X#$o&N%BlLgzyiZ;Iqz;nD?`_FpuqIZIB zU2|)Q$HqNzfEvbibAFlIaPC0SamGfsO-x@TJ#kKkS zj?PtToJKd8ImW<##5q1CHyBVHz0)E*O^jsy5r+^iNo!tWHYdah$nP95L7A-d5tC|x z7cENP5jjYExWo!TJW$GhY3~s8>BXdKRjxUiLTTn$UC$lboh*VTQ!Mf7g1(NDuO?x! zfAlqp;)jc+Qk47tsS(Jo$+XLO^$dc>(n6bT_dVzBuw+ECm>dO(UtEWWpjCWk@(U0F zJSsm9YN|+m$KUh(UN6q=6}@v@2A)Ak(S%^7O+1}(Ch0u346Y(gbukynpTtn`6L2l4 z@sptEr^mKBa+Zu8Pyv!{8K7!rOHsCMSl+t9qREo=DRMW&>cfvOoxe`ft}ll$j!%Bo z2s>F&L~xg_73kner*MD+l^d|t%OR>4<8=;oAYh=$Gm^v~>VFdWLF60O8Dk|emEz%# zo$`=Zxr~7ZHN|N)JTg-d^l>AN`_gmiiJo10M*#>rRT*bBM$u541#0DOo$LLuY6uSJ zx&N0W%ezFB2iM3uE%)?_@)0s6t|q24e0W}Tze)!o#eSdC5Zrh^5X69;Y>+!NRL z_8>1_294})aR&w#hczgv$IoAt>pZ8h2@*UTuw$KbF?&^Z**YI30h64rl@tMo^S0Dq z6(uwV6X@1HFHiuL-4~P#51^m6L7La^DU+BxzFO~|ULUDbs5Zi-FSX{2uH?BXZ^6BQ z_OR)77|#VwZ*H!6A?g1j&xyO`b^g_F1-QYWQpp$7mka~&txSWQ6JZv&kT_6|5ReJ3 z7&~`?8e#GR3OOPb3vH44BKD65(GX$O4C#`ontzRY2Hk$ry(>iK2z-olJCGNIBB!czg_5xvF9e3zF zBhjeR$bJ`448h_~VHyhHp#ozlH!)C>D}*m=*?pi?luE@a$ly$G%%gLoYU~n0cB;`r zQdA4|t!$6y!Q-j4GgT@WNqfJMG8ivMbz*2foM6D{^r<~TAwcB~`wZX;g67pDanw=lSU{y4;lF#Da7m zRn4s=MDo)b^?$Yusirri&d_^c5-b0Srt)>9LeWE{QhyX;d3Nw}|7Wa51)j2LOb`lb zF_typL$tPf$^#ofBAuGaEz%R?K#1DRa)w1Tv&v{O2U?XUo$;(x@XYOcD`40LiH?@6 z(pc~6S@*VO4K`=(r&Ytwugr zeJAUeSJiJ{N0;!=Ds@AmYLnS4j~0`N-}pBHQm}8!=rP^Y?*OK%H0_5d7rGJAi~j*7*(H*R9Nw;F-Y^^(s2ghUZA1hkoNXiSME#`u6U(;P(w` z^X%jkU!UD>@&0sH_(f?NkG$d!8d1BgxU1y>8Jv;?mJqj^=_6agJZY)a(8)Z_Q{}um z4*iA7pj6VB6)wD%U*L>mn|k{vDA#^LwprTX zt+Mr5lv@ko2fc1}HG>@X5^k#J?Eb(S+o#X@*T2ptW5n$>b?1N1^zGdgd1x(^skXpf zAF}659IVUy0+pJtF*4Bqr*H&NGtbMt*Rsib2`^J&|DoCP)xCf0lUL&A!C+K@o=kKr zeqU$CHAl`g+L{ExM?fP$_XkHx<2aH?s~d6wEhYvP|H8l`h^y;QAp zMF@x7FP!H)0A5shJ_j$`8?q-#V2>agO~l&)wlbS?wKpC5McRzO!YR=Gb2POD69DhdKQzUAJU>DvF`M~z3zZ6@M7@3G=l(!+@CT7}yhK*i zv+Xk}fGQAxU+y7XLB|;Q0QNrFbD){!zKoYWU)?6pW6tOPhFJJx?`+0i{N&2pQp2W< znAt(gMRF!5{U3xL^6&I0&ytC?ZVR3C^-rRo_a7n#DvColxTEHiiMqJ+{GQGo5r&NP zrfPxV?u)cD6{8M|jP(jphw+8>TDc-d!_|xB`p%>95n$j8U8AjWA_Lp;j(Q@$CnhmI zZrDKd1?%Z(TUv51K;||p`JoMxdaNGU=w~=*xW?m<7-gdv&(Jah?BV=w z&o;>XaRH&K_XazO{y+*SV1Fbyimj?hV|?9QZ*^gh&E|@LLaq}1Aq>6IZ6+-;3b9W* zMb2QoH#8JDQ$Nq%98zo^EjXBrq%<}8mr7L;Bl@_I%4z-oT=^HUwNhSybngRv!#+Q& zep#$>cvT$80Oj<6;vj_CV&#+ijKqHP0va=LZ-76Vul7{@Mn0TI`+jFsTY+{+LsN5Y zcQ@a+%J1p`;@1n`72wmN*aW{VDGbO6Ew2|LgUq)5*lG&(Hc!1+9FD(uvVF`W`#*dM z-Fj54C@|*V$ z9-Db>nD$3={s1wup8Wpi5xEfI=Pq|wwRsmYor~*tAS2=N&?Z-|a#p-N;zkBEw0^)| ztyXJpS{!zqbNFBF0q`T9JPZ?T--GZTflF$ZZNVq*76>h$nM@mM3Uv-;6Ga=xo&}O8=%5sC}!y0M`d1x116xoMP|J?t-HGr7b<^fE=;1HI$Rw5!DIDgaA54%b_lS7|Zn!MWr4B`K4|oL}1ovL~PdKsM=kbCQ~} zdVHKYI9)m`v!xBx69MdfXPyBTGMO6E28oo?JY8u#6+bH6i6x%{EH?AWS@e%zRStN) zq3OO+Q{hX!l12-eA9@xqWUp45or=h**?*g(*W4%Pm7gZ%Ex^lzAX6yyv)Q4};C*UT zv8a1bDxb&G?09Cmx~eOYObcHWN6qW?cy|g=)&P+ni8>69C6Z4jm;bKO{x|^8qD?md zK)LSzChV`e7kt2vu6V!Zn=bzmHk>6VPbf23C zlJ!4Z&_{egdjYd5I$cguK44z59~1xm?4FKWo4fjdoM@5jTRQQ}t1Cfs z&*FT@@})N<6H9JG2(iLsgbe|g2@GeUZgR_%9Uz>Qn*eEuOsC4WL}L3JA*poMA{5@5 zLPeQ2S^08Ny==cLtJi{>Vp&NCt^Wze{&^Kr7y*J%-u(J}cDws8Il=R0a2XRqr!c1{ zImLDrtBMokM>{*vfaObS;>ONcI<4_O!#9;CIMzzT+1O3%V%1<2@;EAK5C0mgxVShr zGmQ8xMx*1 zlC8@ ze9G$q)1CwIC8?UxSOUhEz^m;g{=*|RgFFx=;|+Qb>o)juizt;6(;XW!|!+#M0#I`ydU$uH~?~xmmn_ zhDm^0?sy=i^@K{Ll?nE~=wkCMyl;JLOAz<*@jt{tcDAb zN#$OzbmgCf5f2ql0Qt}+a59ys&*@yJK=#K|qs2mEG8Y$7Z37-ZtLTaVT~F_9Me%K< zMl(cTH2RZS5<@+(rva9Gf$Y~e5zJ#NV(2y>K~K^r4P!xWAMfDd#2&Ga7Up!8A9HUH z${6}nSU4Q*uYG{EZ0-eCJc7_e^zb-QyA(T6{RoSvji)~x0qO&N-S?`IaazAk zw;#R|3d8j;NoImj3-eJsS+05un7{D`uJ^d_ad|BI4xlsXXIPUV8D%?@_#xnUEwR__ zZT0`>mP8}Lhlm+u|h!CW~?)ZwxVk3oym0Z`O4v(`O8zkmDeBMg+BG6S}go;No$m87u7swg6>T^RPSs+hl*@B{{?d z_~T+3J4qL0jUwsm;1`bNxx6ZB3NkSGiVA;o%-s!` zbjjAsfL@_AG`MBfD`Djy(w@)kl<|rueqx=kt^F8(M5KuE2Wg1&VtB%}n*Dj6#*-WN zW6QYD_Y4N!ckd#IKYdbs2U;+}TZoSj^9jF2T)8kK;QMmyvidG14(o$%)%0U`ID#Z6&-WKvikRCzm!#obGNb}U; zw$NCPzti+&cR0q^;N-qlE06==LAW=C2b5kBV?DtM&t3ZcDaI3;N>LCp9#1V8c+3wl z2eU6hL&~MQAP0b;&iTPNFj^+_d|~(8Nw`>}2FfCi-2aPU(3hQ2O|nyMUqKTQH)BnB zSlFLlnbq5)Y3wg&_k$=El91-JQ-+3{%KTT|a}!@oMPv)rw|6ufb$Qyj$Sj*Ogk!#` zw58pDD-~?8Hn1~2^ILJ}pDt8HXgZArL(Tw!{LBLiCxf2~mrxU&{o@BTm+_KDjd>4# zwn=1!LgD6+bNvNSg|q8agj-ddxkoEiU^?)J|U|(`2iaZ88)K6+nrC(7Iv@=r4DAP9?I|64v%HSTMp? zdgdTI_HD>Sx#Z7tz1LhTseIJX3L4eK9K>Ny38mvGRHt(0()ZV%NTiay6L!({6%P{r z7#Yt$25F+sQ&oN3SIgW|5}bg&!AD6{D;F!#AFda3s_cO!VL~1EWiX;c>%_Ejzd&$K zJM3aYoK;b|ukOnhGlYv@s>G0v3Q1Ys0ipr@(&$$8`-p-3T$eB5X>NeWveuPGhC?&S zXl@#POlif0o#pH?=RG~)5;ovCUDP-p*Iw3U*8OIhOo^|i+5J&gUcsrTk}J#=mo4AZ zc-i}VzIs!fx#q(~*+@jk7dHD_WW2g>*=nls-S^l`rZdQ?Yz|%fjHa^LLRXGMdMd0g z+YAVpbO=u8n{qxQ8p>gT*LeV0|G^FxGzpNgO!MT9`P||dL6W~hd6qSUqRbSFL3~*kNZYl1c<5TFzt(28^4})fg9-An@AZch?0+uq7%FLs0#z_%ms( z56{q?cmxhMJxacTBHFApr^Vj29NMi#N5IVeVwxq8^>5QN#X6`EEHnKr3r zN@H{LQuLbPa{ee4r*A4nd-8`XbYg_M+5nsVGhgZgmL{8p^BySCqd$%&5Vi+@uTA>85&jwYJfQGMBK5}Pf!|}y zL&c}{C(npfE#{ACTR9r6x2E``UtCt-9V(P7Hz^@9!d?k6C=+Z=7pmf{c-(|0`BNyI zBz^Spc@qVAi)ZhMEY!H*aXGeqd|qy5oXKoU=RnNWCjSn2trxw2O51cQvL<2_TS5J{ z)C!L>)MmWcxAM}e^#;y4$0v>5;c>k3PWbc7S5{j&f;+e6GkKuSR%xsTNX-}l^($N= zy-NW;InB%&BD8Bx*oAI%@2z_$I%E9&7@0_jCNl>9m-Sm&Hp^(yCgE^wIFGBxDNlFK zGyB-VM)R8!ZW(!yejSuild#h3)4@$+jW{0hL02HzLMB&2ugdcXN8v7+_`%HB==|hd z?1r$lLH@t9;?E({Q3WGK%@D20>7i(i8F!v+23*bMZ8BQ2z_Mk2EzA|QlSC(--iVqe z7;EvD@9f6BU+cXqIXo4-p~{=PtQ_V`?`w7zd9+6+LjiT z`5|`Wc|4VnOqySbLIW6%z=$DApbjIFj(|W8P$!i$nf)|?MXJ0=m#^5LFN7SU*Qd-3 z*!;U;cTo?Ji)twvUs?kx&-f2zWyYXYN6y>tx_9*^2GN8BU~Ft`dly(~H}s6>m!~wx z7Qci~`n7*wv>Bd)usJGd!Uc+H91RG5-6|b@96igK`x`;3Dvx@dh>(xS=X*zf8tPARo zB;6HkV8PKkJb%JTVKke7v1pZLQd&ZAlF%k9r-M-Ty8^s=6d#_ld}<#CO&>}*o#%Rb zR1FJM)({O?kcGo=`AaaR$NKE}5fds67Q$2>(8ETQe+zXunRaUkxo^mQePbDBbX+!H z)p|hPTnY#BHawt47}EDDb<;ji+Ks76Nx1W;wYU369EVGC83ja@wIUsq=VgBqGgVM= zMAw*tiJGVcOr6cKWzS9{H%yT9T_lp|K3sf#$q3hFXu+g znapt4bgS7)q~DwQOle5TZC*G#gSY&)Fl1o9P3=;v>||bFxHKXCE6zOjWIRv z4+z7k9K|8qWCR9l05o}8Oc>2@#|X1TcvAdnP__&wkZ;w7Jl1b^R#fVr7~M9)yY zNBMI1+kNCSkC!b$I|${HhKW+l-@o_zTIIH&P)2d?-&MH&HN*HzFf;%X6`zFi+nEO( z8x)$Jph>yfALGLR^%N0iFof}mk=(C>|K1hF(Jad^!75#m1Eh62j-eAO89{{0zJDYp zCT^wB5dP=Ib+*9l?d?CO&cbpQ8uB#_YAI}|humMG{P6coXLusQ_1~O6Q2Xh0gn<;ZybIW)Y?ftd%0`^I6pbBT?)iB$s+q## zgqfL{DJ>QoKxE9wYPU}T28K)c$)Qt~O0(5FARxe(KH*znKuEWjkFdmyC2a{LAxn|m zB4X8ii!a=FjFj9O?y-N~ctVb+H6Y%FtKlZvg{J|n`bvKWgmTp@$lGwVt4lb1b!R6W zDAdp!TlRQ|f)bjMq2uf8yMJtYzJKDuJyVnL*oAPr(pGluhHl!jm%O`cwAi%sLm3hp znjeh9$qgCV7o%#MfP&)i%-(J*mjY;{(t9DgYP8Gda1d7phu>v+G|vc-`jeN)8dChA zf5fz==~vONs&j?k!XyqK|Hjjr`tyx%ZOZU`&(G-|RcKxS`{o->VFjQc=laI__Msto zmz$$mUiAfOHQkBLJ;$djIWp?;Vq?9)vEoGob13k z<J5syIOOetXIzE>Ll9UiS+7>~)%RyYP32gk?N$tKes z00o;54O@<9%(REK>mk(ZjwVjVQg3(@XSMii>d1@Ym^=jf1U3jz7M+|M3G{@7o0aQ` z0rR!Bwc{|4H`oG2aU%eb83d0;we}=*rSR?s6PL?10I;*ql<5HbtdWmTrPb^U1`FYP zpYs@72u6n=z+uxX@J~!fa6xWr$sEI)u_iL|z$3T@;Gt3X?a>>`ia_$PwzO32g}2%9 zAY)^LLHi?E+71U)?NI3eX6Qg}Q+cljwAfH}@OgCF!hAfrns8ncXKgt%UQo){I--2i zQfqmG%@(3qG@C8={k+h0-E1kfaIj2Qzx}o1_xVw9szhGCEx!5OHEHi`^NxWZLn7Ruaao3G@<>A}?a%xm-{+Sd z2mH%k&xhFf#NYO>Z}Rx!@l^qdsr4?Mz|EeRjJSf3w2I4z_#G0D0nPi!hBt%*MG)G! z$L2;EjdV#+@_vV7z%@Qx_d%R`OJOX1iw?@LlJfX$9Ui#b?>Y0&>2v-Taj)O)6@wbE zL>N0EEbX-+3bK<*;8Gd3xwn>?Mr|WLLt9^U1%usy8H7r2j&C|!buS!ekjj|H!^kpH zqJYh+p!R(%jrB<*2{4r2h;$~VXPm6a7PfjmRP`CSwM)# z)o>-Y4@<4x>RV1I^*w6JhKBpEy(}D(f{SP4dlruz1mU|P+G9AA=6$~=`QQUQ)i^sV zpX$jUQo6gIUiYV_06sK`G8AoHh&=RgQE32+D{j6#Tc#epdX2VJ?y@5#0`hSwpbg{h z%I0mA{S{e?e22VAF1a$5-hGZ}Ku}ocY?mL&0fS$oDB4biHg}sjZ0c~e#8{({)eZBe zWbxcAzh5tBH(-NWr*($2D6@TAJJ5JXZ@5-_a^%Zo!}-_yl75a@*Tg)CO&31<(u2gY1CN{3l$+UJ*LJtI z@O9a!%ufgBW`Waf8}zDjPkFAk*v4GXSj&A21psqr6%Sss0mR_i2s4y=By?B(e zM5znvO?TqtkBVeTV14*+?vFuF_hB1D*Bb}lRb*yPbh8{U>=T5jKR6G3F7 z1dxT`{6em|H*+;^?5Lxu!9lU)*)oxzR9YQrIi`^@wL@`BH2gcs<-cNcy27kTBzR(Q zKY9Y5UAi+<#*XOd0Xkd8YT>Za#C?sZ{K8>8ebQXApqdOxbta*bSRVWtN$z@!Ii$Uf zh*+$0lGAHH)HnUy?{d!?w_W#gf0PCy-$sQ?Q!KDf8t&4W-EN^#q%mu2Xa8JrFDf1R zoV`;JO;Vu@*%Z4{T3FKEW624RN)>Wv^Hr}9j$>=SS-tL9ewL5FK>IBiu8vOnGJ0MZ zr_CVp#@WtDN??J_w$8#fWg#Rv#1$svMEd)J`0C>UJBm9sNtG7eX)UKIGy4K1;tquGjVa4wF?sfQiFqpJCqNc~M5A zRqoG>Bq9imbl#hI%+BoA?n6?|qry`86p(9k9bahWT^V2U+FW9>D7^IRPx~=^J#=u+ ze*)6`eZ?UUHM3ti+6FFS#KxlN4@a9SI}!sM7b?aCr+tCKM#@CdT&i1Hr4e|dl~T1m zk}c40c*s#g+~zAjgyC>`uM>&s%yfQNY1Z)?b(V%?je2}K#t=qeyB*{HEK?5hbvXIQ z_7J(J?0#O0csTB@&EyG8ctCp*k+`mR;{ccS?Wz1pZu07T#>U-4JdbWW#xo~g#vmh7 zMx5@O$vlkoM2$KVMmG271}?vprmsiyw^EQa)*KCccr>;!`)w;Q4>!lt9m5ZJOdZN( zj*AU?{#wedUj*H<@iK@VUL0Py?^m>!ZuWJbl4`73Hf0FXW(qZ-pP&%=*0Kbz#`-Jt zt}3WgxPN$ijgav?!6Y+17G7Yvi|WWV9v*zoYVD>OkQiGp znBP)36n?Rz*QiFNUGT|%Z>GugRt~ZbNdrgT2D#Q~5(<&qs2GQDO8;DrdD6L`cS8#v zqup>|FxF`N*3I@{8s6!ANBII}nR!NX(CK6p$4tjrb3==O-)mzYb8yOHHNMx>_I5Q> zB@IbJjEf(i9JGARd2pr0KHZK+EBUtcdy2aEFxOI3rf@n}eLfUJ)DyyNk;Ggj8~XFc z&5BHg7z)3vT?=6VrCKpd_Yn^%D{qSJ? zdjqW(yhd{VNmr6^oXPZ`17y2Y+7;es*c!m~_>UtC-wslaf+sqz3bE}u4Dgv=yT8I} zoH{2vF=+V~PR*GHZw4at1`on;n(b$;8yW)cbxl&py;rMliw8GIaQw5c6FjQ!;8bG8 zoA(*#w#PGor@?Y>d6`i50@_pgOS;eQRBrs6>gRixqBrOUKY)AK-c_Y!7?E*ru@ivM zleDIDNVdgm)0GFL$P+g{Tld4bJp!(SdaD_IOQpRY%oudY+|gU`hg^6FcTP%CAmZj< zR!Y=`B~@^%-n%~kJ40ub=dte?Y$Z?DMQOl$#G~~Fl6?l}oDHO>sBI96ODWuIRzO#~m z41c&e>`=E*rawk196icN`xuLynMNMHBbu73@h(f~Yb@bTtTDrvDGw|8Mdxk@N{yw( z%eGls0--NgK`744eEg{hW!8)Jvx+l`NrNt;XLDT3=bH|$X~+8*v%XP#HGvk|bJRZ8 z0Semh2I2**E*Ok1x!g5xf*WgT`?E?jjSFQ8qD*K@0&6Lgu+kTTALhn1oPV|j}2!mH6~q4OU*4qe%yEiEw%nif<$n5WGAKlEYdMHxze9LW=ze9fT^GFm8YmaHppjELV;uELt=@K+;>o1*D27euV~xgJ5tgPSWG2`)6(kR~zmpQ9xUwhnCz z4(0^@No^;;G70wSZy!CRRI9!U)_$8CFWW)87h=_JeRNc^{Srg!ID(d7acXn_hg1p;l#-v>xmwLVJKOl~bPc(;f_O}|>tek-j{5VXyn_M5 zCgs^ac>q)g>jVxOyrWKMJgGw`s~shdT3L<>r)yt@29|L>;sBS0cM={h)LPqrSpqG%W@D zqz1H8N9*6=?{BTjO!-LM;!4&qTeM2QHK*nEF>J zI$f*=VP<42r8egIPYfZ+h>2&rrhR#Sct{#I-0Au{ateUg_cr+2e2MN~a~Db>x+hX6 z7_{vfpcZES3 z;Mgj@opH3798tFwMy`90H!9Lk8{`w9Qm2$?8;&J}P&<1R_>gwBRxWjXByhet^akqA zbpSuT{4*&=M;F6M$`ABkM+NimXP%oZgby^YUu-}CGXlXKsUth`rFvQdny-rxKm$mr zx?eRGv-egREDlLrhC`?$Q}h@Pr=kbj&M(?C7TvUV@+r&?xYbWN-!su&CG&X1#(ch_ z6AGm9)7#p`tQNmWxBlY5=N{a&aW@Y%@a5=xQESuZffDs2#gcG{^AuC_%n{`C<}m&! z_Kl9y|B!(BBJW{{!|nXTiIe0Y+KubP(TFgoxZT4xi@S=ivgkI8m+N7z!oXQ02#P+lyodcMdKY-u9yX2DV8;CJaRxQd09&$%`J%url1SMpU}a3O zyOf@%VX@%s$NrsP4C&a)YKpmbicuOqw_MTA1Rk>gyGu-nw9oADx;!gCi+YYm?+kz- z|V}G&QnqR&}Ac1T- zk2^$>O$w)jRC=~`&-t$w!?rieK!d#?HO31L>(AWy#-y2OrRJbt#$2HX>0;BhzDzaNtL_=$K< z0!vFTuD(Onb%)`r68zZ~^AgpN9|zaY*hVNEO4@6(^^qldtKKfo4mS68|E$3OaWjr0Cmvi#7`HE&1cb-?Lk$d3(` z)Nl>BMf2`9TV9{&%N1Q28u%yLkoH2pc_uP41q zpl3;4Mo*Y`l$9)DxrxlnnGMqUa3aFHPk&;J;&sX0gs|<0N9j~?5K=FkUn5s_30b16 zUsil}f0ks^o<`XL?FxK~FdaKi5i5(M^ps(7Ayd^Bs3Y?)T%wdfeNpj z1HK|eT9|K?6(($FPHwTT56RnV@gjvUK2`cDY%`^ZFYw5c%G<+<;O7^gM7@Qag#I4A zKd}iO6S$mRdLy~(l&;B3kUZ9 z;Y#2L0c6VCTH0tR5HyKWTNA5D9f15C-(d$DdpsAi<*BpSRucY8*xgXN`KLK?x?Bat5LZ)k&@8qXi$m7|_rQkQ~p zh@OE#cx$2vcK(*3<&mJK5WcJPuN(rH4?=NIP3-8NzSO@?{Xg%4IVm9E)iG6@k-t6p z^^d^62UV-Qt+%O!WI3~~gmnV>?Q0<*ichsB563d@mK%ZrFUL%v8^%47m0@1>RSC7)M`&? zuLLd|TwE?^2ySkVZz~m8F4xaK`T0g}lekDog~Geh${sHdLJI)_Ft>NmtDAc^w{DZ# zy;mCLT%dqv)Qz&FY?Ffa@43$KB!U-d#=l9Li38d!G&HgtfE=!M3HK+`lK{PT!lFr} zH-_gf0B(*MQO`O@S@s`@r!P;6_5X!O)Z!-7(Oo4&fHbq$=PpQUo zz136g04CLMV=II21V(ED#@Nso<05G){uOZ?8wZEhRm8)r*0o2h`O(@+q4<`#RHGrN zzh7i?G!-5|cmZe;gzLVX7JzlXT)twd51^oj%SOl*qmX;^37jrUC@~KzhL9>Izl~M! z2Nsv(tk%Bj-aaGXgCL=}y2FFxH(q-aDdgi@JGnjv4zCZcZfTvg#<54QApn#k;E$JlW-?tIlkJvbjPE}TU6zN=VF}-hhTWv=E zYay92&DC5p;iD56;PI%mqy!$pE-eLMg@NGygyGRH@_%NwuV_C$xOYFj;Y0~-aAP=y zT#o1T%+g^t3*deSiXm|eY(j)(Z^(=;EFJg(Z%vGpMD)4+tVjMRB}MHOmwLNN<(e$N z!nfWfGjUhHZwK!|rxyvc83#S_iNuioe*6#)!k*E97Cl3)?mLUcDb;H5a=o)Da_-5W zp|Md6-}yIp@L7iwj1)6tZed}qQk(FZ4JRZS^nHIUDS=7LVGx)q&O4lu&m+!Us1&6C z#2JuM>AdkmcF8B_hjIydoW|?%*XnEy{#YJdG5Jc14_(KIG*S7M3sMo`J0biwqW}@I z4k4EVDXBI}2(w_tg-*^j^!+eRI*qL9fd&(Atih{LP?NUUJ?@9v#G=bBzP~V(zRj2? zWcp@%Q9}xn0Nk7K-sBaHuIpB(i0PvNR-{EQtp6-zl}MgSXjtGF%2D6g4Rx326?|2K&*?Wfz^-Q%Om}B+dnNT>ap4@Y`kLvDmw@=p+3U32_V6m_fYTTBX{1B|Ld=P214Y9&797mS-9x zedfWr%Wbm>F?J)WpOwdAUkABvBm9P4jm5)YVu=4p>Hz4KSVMt%>~q5DtlJZZTI3;y zY-R*~A)3R_5(`0VjyLF`>{ed?V#P8%zrz!{M7(o?ItucL!EHI~t?xW_LpMI$Hgbd- zS)eDdzG?HU(nfRL$Edz_)fag7T>U)VayAF<#eop&XCuU}Km1O+NyAlmo9$nb?Fkk~ z{yLV0sHVt$ZyK(ujQq%kF23N6wIr^74)b$${m;6KSca4%YMx4x!Y~&RM!8lo zvd_UyUMK%~l+0=(*Z}U=mqg(mq5ph8vPd;>xC+SA68w9ny{1q^&Zxo))HQIIW+1`9 z@j7R3aB(?c1S~D{IY#?`zesucLQYjFmX?m5o}c^HIWPgPWrQiSaJ4zN_#c&I3{ijb zK~ibdBY3=kAd{uM1=^K(`+&D`mye70eEDZb4@L?I3Gq#D3~%1GK~bG@(+9k1C<P*W#K8_59z?U^;U#v8TTF`EJ^v znfuA_nRZ0mehLNRyI}Ul7j0jmZk@>ieC&E8lccT0Avq}0U`moVNMDAOXQ2*iO-9rN z1Ox!A!7W0kL?p7a!bG(}PEe!K5(*a=w_;{tJ=xvOIdf2S zsmo2S)NBvOaTDncI|rvt)5zM}04qebk$D!IZ3>|1!ADH7@S}1oU%p(4-@bP}_}bcg zqorC-I8;)vx@C800FR}^C1`!@=;-*Y-iqWGeydhDA4{Q$>S3{*brX5)jY8HI>R>Y6 zGi@r(UG02xtO@kT{m`TBhWLS4iY{&E`3c08)$y~I+mVOSxvb5r^5mkhr_B6Gs9!rD zJ*mbh_d?7`z1AF_bqBbB0^SY^)%Tn7whvioY_|K}Kp&d*7O0bh=1Q%7#k_A$3Z-hA zbx}`OH(!UmkLfvIv6>rw4 z4B={9ZvR`!lw%5tA;wLb&3F$blsVn3o=|rHYM%lxB%lB^Ng9TR4jffz+{O!ZO~jEo zKv51ciJ_G3NIWDl5Gm1p+PaMc)|6_eq7DWUktNWaK|`TK=*jtHZAp#sV~Meqyod-4 zm1c8@%oRdXT^;k+v6L{t%M{-tjU$28^o{-DVqoaLQ^hnlb>BHra0H_%>c+?QA-oSC zvcpOGQkm?c(yD-#kLk7Ms(p0N=m>?Sv6x6w+*+gIyH>^^3Z>YG_czSWs zH)FPNW*vxRG?&E+rjX&VH(}tW;Z%Cq;RF4uF$P+yVm?75bYg7{W z0p%4%Jj55IYN8lEZ+;s4MMsAF4AL+hZqS#98`**{kT?`TwbeTxf45v>YS;4!W7j*x zzPOCf9<8qZiIZ4sx@#7vXG?Df9wf=T@8jvWsUe!AvD;`{pTk=iAc{Lry>$m9L3~ zGA-^{c?73A(`)txh&my)SJ+Q4Zv21zAW6Z-k*zj*&%(-?m@S|Nij#`{vz*uM=%d$e z9Oc4gW{PHtY~H0Q**l8T760!)MmMAVtS|o7m;>3XXtse?Wp`dt;lp}S7xh8)yWf!AzYb05?CgUm8wD19FcHQbX%_efGSYlwR z^pvAMjtc?xNv$TqOr;J=T=Axh>j`SVeRyOd8=q)b9mxWp! zptJV`rJ;2Qpp#=`v9qyb#9gPnDo%q)I;TiKBoIwoX}Z-8PN5}0`|F_1@I(R*RYhsc z)CBV|gLAfzu0jn{Mts+U#Tz$rHAC7n876VlWjzfw;->J6do=5o^=Q!pv}&;kVm?{SZn`|RdY6vyb$ ztXcr4RJ1dVP~cP*ZfmMhK(`eEbV`&+;y?k~rwVv|>H!pumN+!16e=LuZMa^N9*==w z-^Fzn>pmbfk=&AHtHym+Rf8-srCD3BupOF%4qZ|1&?FRVR>SO5B+vR7ORkIxn1u?P zULC51Yq^aV89D$e)T#2svcIpH_;EbRL1_sUl=w4^In9x!A%3eA$L@iMqd9%ye+0__ z6`dSsMV|mDJ?tTnf&M3^11eAA4^dm1P&b4GL1ysC0`U-AJbb(%lWxAPv$W0!p{i-QC^NCEeZK zNb?=^4Sm1gn)zqe%&b}S4-0Od=iG75+4r@tz4x^>g`@*wAr*R}%L1?yw8HhgeSDgG zwnbF*38Oh_Hi$w}!K>FgqZ?-8C;|KN@`1yF}0+F*BWr3?;Gx5@1B2^+@451j4r&7XfF+YHA6Az<2bxfO>q)dIn10 z0MYbPi`dcN{=#2AYkJTpMElk$OX%&}=bG-RkU}ops!BgP2lX~)D|uU5TIjEHL*Woz zz7k+53*Ud^GY0vYD205s;=@F{od7Rb6jCSN;edflTxS3cfewkfVIrqHL{K7|aShd% zpKjLzG!#}+{R12ahTx`xS?5qtXab6tARp&p%Ysx_%fli4`n^DS3u3M26s)`1ANSak zvOz&&KJM!p>rThd^xz6w%l!gEj5{{MeO8lC?S!C}i!C#mWK2rqj^Fuip7QO#}AiJSF&cNqo-tOM#r{+xsnAW#Xjvg4378&evxJ;}(To~?~fmuUu_4Kg{XV8^_fo0A9ZKW_vsBr;8r?AADX(W6b26` z@pG4%4#R-jIuWUzy!%{vPt3>K9%lk(GZgvI0s;a>Z#S*QFLZDUG#Y~xOviF!y^UTA z3S#?PpH8ui`7VDirtn+9u?!BkI5S3DWg?UtGWodKer}vB1_{D+! zsVccr0W}N?&Zju``oSE1n^|)iCoHb_2TkV=CDO?sF8%Xm3%|VT7?^sY+*CR5h=~G8 zsQv9A89(?sZgo6ahNXo%B^ee@Ts&_$RK6cTFt zrrG8Iq7|O^8I4Zm9rIfaohs?j5;ZSzWR>5u?Tl)8EKX}(oQ<`$d9y;p5Z&hsDbf+O z?z~vv&v?)|FC;81JbS~rH!pI*xs|2*eF;WxD4f`#p{2@pF~Ef1hUs=U($Hnup5%)j zTlO;3{R*Y8^tkTJQ%$d{_76=vE`_EMQSUV~hRkS=j-c5?@+`|?_-SJJ%pisv12cNU zsP^V%S`&`i#sMU0>FXQCitDPVYL3nm+raue7M4KM^k8?AXXfwfE04z^e0dtvFUx*< z!=CaO3q-`(h`p_Ua&S-Iq>1zBg#71z@oVtu|&7n#`9w(@7@scmb*XMSYgS0f4DxRFS6d96OLVI2XjuvzOgw z@+eH|Rq$2{KDDg#mMvDkM+9Xaq&Kq>#xiR(%Aa6P zw-+Z4pVYVjBmBMI(87gV7t6_I5ZCc|wXLXGt7UpRRw)G7V!j%5Z3NYt`jasQD=jT8 z5PCrZ>4SW$qUa#`&H&^c!+Lsp0$1yK2`IkMqEdio%8+Poe&s8Z_C|+AcmUPqdlj1f z{$%bk%iTGsrJYg<LxsIHw_S=o=VB3YNBVw|1KaG#w8-$k>r zbMUWS>D&hew2>gA&K-tTZt5eg1#=rKu}9{|-mrX0?=_^*szJg(B872b#}W?4uY}Qz z3cY`zIgdb10gEaD8!5E)dVl(dRC1T84*NKy?nD z(yS38L=1k`>xEU9efh>!!wbxrwYJL1##LSWmmcEaQ=AD(=?EBUbA|_T~A~9&S zY1~tE>=_Ywlo|6sp3)1~|>oVXl_MzkNA1^_)92)QK0{C*HX*=(?k{>LkS z$jr2KJo4KJ_rHn*a2#!78U3F@u+j{nY;tpTo*}gU`GD7##pkke)HZ=S=Sl}o6;PncE)8@;k z^~_&O{{9&h8F^wgfyJ(=nQ(B{4`e+zRhiU{O=R&!TcX02#wz#MT9`8Lei_pS3rWcKR%`YOrlSzdKF8{($^<{ z?&bR_@Q`>E$G+|LJw!T!^0Y)@%pW2~LG$G_Wm#EVTh^WEQ>ErV`Tj5pBL0~8%Ypwt zg7E)D1R?L=(nPS{!Cd?k1F%b5W^F;mf2dxA8M?CkMw?teq-4Tc*TVo%>ONZ)fUSN? zd3hwq+h{)X_Eq^?g?|@-K78kWSSPy7fSWG90X-;8OQZd2*kXfl_*!3BgI`*inS=IB z(C9Vd%Xq{VPpae$m4s^QpQA4k5#Q(1WW6hF)Px}sMr;L*k{Qe|#ZR^-@u3kg_`1Rh zC!}dq(Er)&+R>0dz3{NFPcg8)gel=-N2p;zh!`yevN(guqJ@qeJ~Zc|SF`Osk3*}~ zBrjxQZzGZ~VpH50`=KU9QlR-R|x$F#6 zjjLJJOIJ%vdP;?CAN33PWYKb*i3(TWxrX;$jCGm?b(%_*ZX~^5Szy-(v^=QS>Esdn zRLh1g&i(&28VeVYj1g|KLZ&B30Rp*>mGlYm{6qt)X&4Ka8xe9UcPtSj>P4^y2D$?$0E(w!X(=!v)ZrTbeQ ztx!PCpfnAwQdv%qV>&yScT6y(YM#f<+(VteY{bGOWHl4Jw$h!8)6@28N@W|nfJW1_ zldlnmLthi_$pzhJQmUtLkC2-utd<8iyfT3LEY$V>e8(g75N~gv#oZhQpdv%N{2H{u zs^AOSnUpCI(5F_d8-X|NdG@b$K8EW|8)T$Y(H&M8bv+zi{BkO_tE6Fd;)I1GS({wL z)Q&uogKpCXaul3ew!h)2brb0quYNPU&(g~9s_9cJLIoms-xeQUeb1G0kK?g{Nf&E` zad2S8|LFbkBN6rW;m%nC!5&DNMT(+T3j&O0%Bw4>P^xjUO}@_x_n_n61Mq_U?pU3doV_p~D^x%E(Hm<+K$@1mu2 z=kF(;mi-s$x8OZMp@EImtTN;E{3V+|fNwuneTjd7ywnbZOp`bykf#tnH9-%zJ1Z)p z?+ngd4|mT4A-lnWG<_H-muKn|m7{$NA4w_q2UR6#iOR zNHFu_^(f37vj5v}!p^-$(XB;W)rFwgP;iuTH8FM|jIjv1FRTEj=STojQc|+`0~7lj zpx6=0>8|7Q{Y0Hi@MC$^=~*%H+I zps$4%&i~c#0748i#DjtxTEf_o`y5eK)#Ob0<;lb@=A5)8XEuo>a`J(Vs3)59IBS z{a0>(&r}5&032flS%Ks0!^pEI5|bt9x%77Jc({c$xx$_&R6veW7?iM$JczG3`IauG zq^pysSqhOmo)=sm^pkf2+opmDjDb<0%aPN1ipzR<+-=8Zc|gzMI)*V`FwZv+@ru|p zHh6%v%xD-QG&JA{x(~$x_|@26xNb4=C3+4{cXfU5C(sq)V_n z3f@b_v+s+k=O!!4P|(oZ<|R6VVdzG~dp6YSWxZd65&pVAQ#5dYG)jJ}%<$Kj(_|yL zSG0@J=x@fZV;U}$J)$re-Hk_P90u!b^hYI;5}cmmwbM)(p+vh8aI z1_n5IWS`nt+Uwh|U@4Hl4ZuX>452ZG;N9S_uJ*ya=jm(i1>bZQei$Hk>7KblRRipxY`~BCR*g86|K5|QnW!+ z{w*KYQyyI#vqOG$wfR4A|G6f(u%-O3;r|%VpXi(~2k<9i3Yr9Q|2e({E|_%AkNrQx zq~!o+?f<^vDX12l*JuGbgPdRD|e*DdO=`7;%?PT@ zl^3wIgwst)Eq0i1R4!Y20VGDSxoh2n%qB~=;4S8hVa1|u0*oTp1FZ}7mNOa;fDP*m zA%57fF^6WeMl*CVRcY$2Po+rm{5cehsr;*0#Xd9G0G9iBPY5#9#D^$kTE^TrKi5SR z)q&=$>Q^TB;$ja_Y3U_3UGbWXj?Qelc)IF#U19scv7;g@=L5Tlg+h*prj{)~uulu? z4uqiBmtbi|;OW_|Yi%k}4HHlu{bi$@YVIG(_^Gb(&-rRwUXg=Pf3WFs1s@+n0oq65bwcFS}i!BoJ_Zsit0U zuhGa#;PK0XYNLbKQ{EC|amddVs+|jo&BT$U;2#_?YC2LxOC}!YN75mgq&nK&e!4H8 z`=NMVvSp9^>a?ae$D8J0@fEPmt#kdzg^@1MR7!UrKzOuiZcY={s6GBKOQlGn4ID~z zJ(hHResf9fj{ci0&HR+UQGfLNH&O^5gyTyZz4ibp{AZ%&5nW7%KEMRzsE)=VS)gHK zKZ1pY?Yy<8Gz!=MxsNwhw6`njbG98EbDu3}z00jpr>6e7!_r_q&p$9_R~myrp@bKc zqXk^&<0-A9Ux{EI`Upk-srp)kQ9*xfhBw0C-iHR;3>5y{3_Td&oiaJ@oBpTf)KDnc zBDS{0DhmI275B)osRZmOm9tZw&A))8$m6Q@b>DksJT9)K>f@w%E;~w*4uhYuu%~Za zfnmtD=w3q zlU`O6$r5tJoq5>8h9kd%-6Av+E1)8NvOSGUrIau8L>x9*Wf(=KQB&hSO{dOg#iP*V zVrwv;$_McZUSIS}`$l2o&=sw672LcFCqbpFtITD&tn&G??)&V|IgR+7I3PKSV_<+v zNv~~y>QwrQkon!mkPy__4=;g8pzF+iEDAUp3wvumVqXfim(H!6crRGqT|2P3T|)sX z)mxRtbOEeRpf-z_=rRR?u--RjlY`A<^D7@!R>6bDD7(AI>nC{i$VUJrh1g7nePa-z zBd6<;xwauJE}cZwDwk=3`4YK`MuXRS%z0WUK%I&P)Q)*-vEBv&;j0wubU!RkgQwRw z``bBi@3~N`vY~+Z{I?2xDbx(fMH@qTf2n&hRe~m|DMJm_yOQg2yKrAkg@Yd z;2{s;CG=wYE8>(E2o_M8)tbsLdnW`9ssRoiGlKvqg3@ROWe@-vWD^>4$>zV!pdcfI zsZ`jO&*wO`T-{Rm_F8xu2*c*2QwbS{{{XM#k5l_&-+cRGNW`I)t>mgyUp!H)WveAp zj_+ZfoaVi0JUz^b+*Lxi?2B*YGb}GH^-4_*H(B&&-c!xgB)PU(NOF2dqb}jLo1!{o zt>)kO0SLClZ#db{n%OMM_&BZe32#e3N|KTAeA3QvA`+RKWhGO~7WC=fu*5-{} zQ6^-y@vvb^vPZ_uCp^1sNHckTKB9aAMx8+sXLG@6)I65OLH! zrAF%t4lVbAR~VcNr*HJL8nUV-;^BBwZqEj?3Z@unhK7Mjk=RzunEZ!t zre^%km&QvgoCk2ffXToAJ%9v8QS(7y?a!s~k9Yj^4br{gO77PCJ@FL0Yu`hF<8&VF z8h=^8zsF0v&sG?bUS;^xw!+tWfa92a%d~%g@UQd8z5+PLBr9cJAgZm7tn!{6% zfnV`6V;PXMZ@a=C8TMaJ{8?ZIVe<%-Ps+^yeg#E!f__i=jNW7+53Nii|6F^2Uq@Y* zhsz<|k0|S4<3Nx>#OUYnZS4K3Sy3-2$nk01qKdmO$Wh2Q0SbyQmBoH5N|Po^hXz?N zj%(rs@u71nV>of25kMx*t?j}4uE!vE0}d44ygwj9ZEjB9dJ>b@YGwG_yr^MH_euPn zfUlwl$`{1IL--#FaKrzvQTMRJtm+va)qiI5lWQC9JwCktdse^}z@R~W2-a6?PtTLN zxygmiO`X9uSIxzHJyQ9|ujJZpo!(mH%E1}Q2-jgO#6(?M{|19<*3Qs0O zS5%zGezNJB72QsNN$l=1Q1gz8D#be0`n*KRrgx9meoVOzfriCbVVI6p#0BZbdRI8)vKN)P@d9+wW6_z zR;5S?O3731gss?ga%Ut|P;@!RIKaXft(~qOVav6#g?|U$GK7z9va$ z8O1LD-AvWz@t(+zFJ8VGqBJDWp4}6yJ2Um1G9A4CChtH0dIvz*V5tM|YvH@Z`qBph zOB+k)tpadu_&jltf~w?YRkg1u+Gb~GX{u_)LNR=ozAr&#@=@&Vfzr(d=R1-03A4R0 zF}Tp4*q1wVdm9!8hV!wkoX5>Mi9l{_xXu4d-dw321G$b_8|k?BzwJ}B{U2aJHM1HP z89=Y}&pHcF!f0gX4DV<0rrxQyzWa_lfHJZ)4!g2=8d{Oy`l{pId#w6%=O8X3x}crc z{5C67c10!4qNkw0vwnKcd=>?%Xv8NNq-#caRqa9a&cxsX4IZhJyyxnh7Z)!P`tDbkrRI!C@ zOkDgJhb+A^?~_8DweL}2oyeRSkAE-6T%_>+#-$vc3ELfyLbSc_%VS-lGqx27N2|B% zO0u>qL!y&-ANaoPac=_PS7v(%>9@D?8p!f1MU~~vyGf0@XG;LWH=RN*Q!Y7$6fTN> z$32u&3PQEiK0f^#!1`nhn_E5#+00B(4lrEr{9|*uBbZrt1*gkN=r=rD z`@?8$r&_*2RsntACoooC`5S{tFI&!Z5?cK_$~)(iJu!R^yL6CRE?e&-k)_em57m=g zejU@w<$n9&@{I8Hf^@2)##Fswp(w)P$sVgm&b9ojRS5lSGBxDxP%0Gj>4sKWNp`f~ zr2AN#v@v!?rDMvCfNCF>|W zmUZNecv==hM!V^X;c2rzFnqL1l_gwB+x@|(^I#V<1B-yC>I;yq ze|3yOomQeRIt<{~MiW2l)Wy1%?NvWMrD9nY>F!K*W2T*{;`hyP;mxI0u`;JVRSw|5 z1Y)y#wg=$wzk)?6JGXOi$Q0wUE4J-=%fYBc-0aQyfBw{PRgTj{0 zsnP9~=J_P!JL93W3~ad-5u`>{MYus7C2fGJ!FW(cn5JsAf0Q$<9RXs=|Ea zR1$wmu8?4MqboeK%=8DrC7F#uPS210)p5MFN_48tACb967ej3kamT)!5z-tC__pH( z-17ON`rYwVF9KufL#N7(1vx7%*52EwbW^yW|>>Z{5}kb@J>Shd<^&W`}6G z$9uwK^h)76${>>qM^Z*)zCT=26@~Lx1m#6p_Omc6x9#x>JkCP36H8C~C~zX_lzbS| zqzn&pr9gC902*OMiPws7T_#mfPBi*Vk871 z?aGFXX!MbLx7N{H5emnnw_De_g}SoSV>H=Dp#t5IhW&-?h))MC*txG2@}z^_&DFKR zub`tVjZx1_gDxN{{5^uMS0~Suf4CW#lCXVx^6x_9a< z6v3Q5AX_Z`zHZKu!h3)2=BnWu_6G{NGtg>E5rBsOEkJQ>k>zQH>OhAQu8@`l&(jH8O}_ zuo_yR)`Q#oRHbulu_NsY?RwTC$aMttvGM3F>C25q$E0M(j!co|Y7LMsi5=c`H|MIg zn6R0367eF0ak(6X_&ueQh%Rxw(P4=Bg%Pgk&$}vPmn{wGbG4bLv ziC;X>kgs=79ASJF%UzWrvX^y-AG#Q9 zsnfS-RF70B$_%sBbJ02l|Ctq{7PKa^!MVCDl{Xgh`TVR}E{U0Mgfg)0o@|Rj5IF4G zFMD2cL0lq;5$ud8waP}3(g`$icuo}SsYR3q)>#VI1gMOR@GEEKRab#**$hPQkJdid z%3|}XZnksz7aiO-Up*q2J~m@Or^I=FWc%l|O`4F>0q>5s{G}tb``|@Ov81Wjn~gJ5543{hzw2T^(-_S>kNC6q%%>u#BznQ; z=@ieYR5RFoo|}t^{ckPJ7EmB$zF&KiRQ`71e=P}O5kByCNTV@^#)Zhkv%PH*tX-H%kpa z(y&1;?>O4`9YT-1EW4A-yh}#F1T{v))+6S4j^Ehh`hDF8!jTPW!q?WD8sDSdw)#rt zPDbCvESE$j)Q{(_PBxzBUsOgZ^4*XvF+|C9=xo2XX8!!=OQRllzHu)m3yAbp@*jfyHW4wl z2i7~&`$F-xr^!RB?y?<#dK>;E^JIt8t}@|f^Trp&?HbtzKeb>pl@LXdHjdLhR54H0 zbXD>|eQVYNj@#w@jo?d@-q$$X_F){2?>8A0@??igvd=(^Sfd%JM5Jo37pqNeM_(f| zHksC;u{OB(#SGhxcH{rn0Kpp;Gvcx-Pq7#`UHgleBm zk;MIQwy?99y_DE;u)ICqxv+`hyiu zC`OiZC0;hT8yoR@vJ0S^O(%0+WS&8v=NBS^A_h6i%sUu6fX0Xis!ZK#;5Kq_Z5YW_vJL(F5 zsyxk+8t-gx(tGQrnWU)_ZL*|>vs@~SUDxn2exFv=M_Q|zAMAUSkv(#2;#$W&j*K_^ z?p+i*AD})SSOTf3B)gg9R?1SNTg0tV2m1Q=hhfXvuhdkMnl~K0oXROI5@xy^Yinz9 z(m#gS17UQ<&bs%nCt`c95>kZxMa914r-`EX3?5B zn9B#Ai+!PNx4KJ;pn#hu|M6+?i9CU56uH3mm_>#~L)V*!SEuq;I&bksiG@~RQFbIi z{3xT!YUzM{v60#A4R7QZ2rmr^jhK&i5V7*hG{{&YAVPL)j9Lj}A5mE=k}IjI*asMs6iPp~tG2hn$Gst01f58R zz8;1vVAnY8^7*^p1QMMq<;!|fM$x4nRlM)ADANuNUcjfYey$K@%(Rx{)R#cxU&#EJ zOkA4+g&GeSj#NdO82Y;lO2YUlz+vh#1QM`+Owu0DQHcl5twdf(CZqsC@7yBZ+XL>= zLN)(O6ufs`Vv|FpBlTG_sY5^-JM!6_dkEEds|}@M9-Ql2;-Z%wqdDf7F${KbQ?32# z>u{!K;nPKKK6L+jK^;}2~=>Vzey11=0y#fYdBqSMbi5o7ahKF{<+b3u&^gvEVF_Vr_7k# z^poDmr{)MY837icOPtBkn8o;ma6`0MuLEFR#iex;vOcwgT&D&=)CmUSjw&eHmpK@& zZ^$Q1;|{T|Z4(ykgRF<)wjQOdw};Q7cDQ>i#xJ$*nj2{cz!vTQ@}vt3(WA_@0$|5hc;i`RCy*v*@r0A~&uWc0&mC-o){t zjubjopsHQymMd5)L^(w}dnFskRtzFhu@MYzy5DgZUh<4|O;;w2lnFYE zwqI;a=97?0#=R+jav~`AA~=~jTP{2605O%&Y_>ErQG;V=q2=obblZ!sF6D9}C?dU~KG=_Tqstp+XR6=GrsB-s5rW>sk(TajWrq># z9qL>qduy3#?N=b*@VPD7h6^!$O6te3lfz}$QIX|ztw8T<{)bM3o)3MEcWVMi^2MA< zv+Cbp3_W&;9wN=wh{d2bB2yZ6BdQa}TkobzM1j&zqMp|p5dAc{s{?`9jeL8ycU(+> zP8*Skd?YVn>mq?WevA$UzrZO)Zlf93s3dCj(fX`sVAQB@Do~V9GL{Sp-;y&AihKoP zW++2K0)MKa>>D&hvC@xzO09SAgd^u0sEx+5G$SSBFMT-|6qu8wP`0iUweuc+5RO;n zl{+eV%8@)7dA)*?>QdF{+M%`OttSbLWLL?&ar2CEZ*_`jdt61ey1^Y> z#B&i{N_iq)yX_fGig;|M3?;~0MhwLA+-3pV?%8aw;3i*8?*b(o91g??w}32^jp_Kv z83~Mr_4iXWLh8iVOKlHV5kbp7hm%={N%<+PH*78|SO^Jj$B>O*O>9>t9--ThoqU$} zMhEip4ukp_6ATZMSg}~gtE(kq9Gi9Dn%UIQn5-fizrt>R@X7v7rOGgjz0`8Ewn*<+ zT1sR@)VI2eINeSb1Yg;#j>_m(r7~s8Ecq{ql_agLt)IbV7ky*a@y<5iHt6<;MG&G< zVe4pukGQ(}K}hNScz~g*g+J+CpC98>3vvrf4bDoE8)_b>lh+jAv$hGX*WZ$or8>Q& zpMY3JL>7gaS~;Ouj*vC!SK5?qqd=i5>BNj+VuQ1p;3GhWjLd|f1}#UZXrIC&?ya2D)~0jg)a4GZN#HVe$crXja=db~LlVG* zk+;7sSEEou-H|ZIF zkHbYSA2+F}P>F!vD>bc5e&;{!;-)we=t_O5ZG$^zrMrO8vRpY?DqH*vx*Ek?Qds4) zFzoopYCKs1y&G1Xfpfv~LML&U6ENoMa_gBORpzxiBg@iOtlL=^&0=fE^=+<*esuhv z%^=SqP;}smg{`Aho%5DfE>8qaA}<{cH|V8h`}QB%#4@bEAfkn^8avfn^R-S1rc_BG z=S|I5&e%wq8wkW5Q`lAQA=pr|yR9_8>p6P&eP8p2r{49dz#9Tg)lWpGP8KhW7r4)M za3)3jAPHP$AMm7a$F6tB)tO_hblvha<_EeTZGBv1l;yRU&NDcIuD-! z=ZB{_q|{P~4b`7?0ikG zb*t!?;Cy4t&R4fCys{uVG5U#Kv(EDC5p?eJJZcUeI7;#taX1u)b7Oc=MsU4Tg{7sX zl$la&g#0*mW7T?UxyEXG=%2BT4JD^ls{?NB*zlTRQ@;Y*6yW@XWs8&4fxuG}8l+tm zMfH)&Nfe>l7vc$$-YRTNHE*7Z+ri_~f zxFDGnA(_}hr^!#_8(N96(-s016FTzqUikqD`&`+GR3dh!<4M`!?HfdHL3Z0CMMZoX zXPL-hr8n<;zSQBL39|%)g5M_ErXu#Z+Rw!Ol{>DUHTCKYQ;!B7XZ6XSZrB!y4E_o#F0rR)qb%)9X2> z?tvx3>QUUbw|)CCA755d^oewsnTdVnhcKiKKQrapdVd}6Pv7a^Y;eQ1bpX-DF_m~> zMD2eud3JcUsnTK*UuiTLH^I0u9BdlhgjadJR`Cq=qem)gR!a+21h#kwBZ4M52~;5H zO*P!!H=U(CD9|l%*wLOJm3rZ3rKm|Cqa2s{Ri_&n3Q-MtEEUac5~oWJE2RiE6JKbY zAto?eyvC-5Tb%P_B#I-8yL7PeQ#dBKUdvP8dDIEwh4o7wSi6-$&eB%flrA~LK?^SL zC&;NP06odT6Fv2r<%&UA6;mr)fNeyeAS*&>h+BkxjC&r^2vw&F4&oDRe&Zg{Bt*CT42HQiOw$weIwZdVvta>6WU_NJEpd#998I%>GDv}(x$ z*t;6|R!GLJ&pbD4+Ur1E{>6=bvisT?;wc#;N@SZ2G767kt8D}SdGoTQ9h zN^d{(SK@--9QcdWqwxzCaruc zS@pTp-V+ouaEed1eL(vf1WyG=y=D2e0p7dMNS~1>b}IlJ6Dd6k>9Lf#>4#!A=Y(&U?F#?L$||DQP?VQ?~3Mc?T=XZ!cXe4oAxAG_|-C6Pc0kjvnn*HVbN^)vCp zA!Jb~>Xaf$k9hm`IxP0hE38PD0mXzqwaQ`tbvl~i!xL8~I#&(CzBwtIt{~$7U(sOArEcyvR>$?b8&?p*UN6&JwZ;s<(x6iM@CW{5Eq_B>xteY zcm(EHiaNBP}jTDD4pd?8y3cT zk(tovqfK`Db-?2wn@VB#^*)?7uv2X(IfC5IcN8UBz?Lc*dX(cXj3)XE?;0}vYlDyfhMZUiwszPVhn;~`#3MCGB z-Kr~J#5bpnPW`F`FKlcbt*HmyUrJt=N@ytUGfn7XZMJVPLAHenHRdkYpgDs7$Bk@0 zdl+;J0irih+R?SvryP+~a*S^l?TB1ZK2>NXyBNDtv=H>Qn0|yNhQ2d{XyKsC8 zy;~X^{~C1=j?M1_#^9DjH`Q;1^8p_b7p0LKFXJPWG}7STqG6zW`h6r9_Bj!J%tOVT zRE$RkHy(J3@y7!?7kbMA*anT~aCpZn<)tqq&RH`3Eqv)``*!Gk)##vfEN0f&Rx1DC zrk5Y1Lid5T^U0z7ACl}%hm$ELdNF1C2ii%+ z^Q7)!-!;RQOe9Sz&T#PPVXtgbUWFC0ve8;A?q1xv}11u2THP@&x2=+Q{HHp0;12i6C1*ctWZz7$Hi zb#;;s+)~&a$#$1-p!YrmP+h)IQbMac8acSCn1b$Xv88=Tzb7K;F8xhGlp%`Ig$ced z-f#H@L{NDC9^^(r3W;bb%uaVSFXo2fL{ZNO7&yi{&aVnl+QqiGWYeVjW`~F6XuRi( z+|2!&uWr9C)5E^ZFmA|nenc+6yvctZ$&R{zvZ$`o6hBY z*fzh@$fJin6S&B!nDEUJ-S(Z%@a`pk1~*P5(|cx0!*g>fU*3tH`^$+U;Pl9RfiHE1d8tIB+z0p(>~4Jfk-av|$e2{tgkrY`iou5b_N*`Cd8ApHaV;FII)2=hPM1>0*mT zzds_>WIRu@e48~Dbf^n0e~Fu%EVB61FeLM7pL7zBG3WbEH3E%_$z&bc>Hc)!t&ZSMn?I)Qa=Szfm(FuXM@JdJ zo(%`{uB3qCjK_Jn6k#t?KR#L-zI}L<9}1lm2Nm7a&+8z!9VM~ZIrwB{b2EEs@^GEj zWU%H5l`*f}O6N?Qs&Og5q%`EO_0nYc*x!(8)Z5>b4kIF<^+q>-&FK633X~Hhg^~J|?2LGYk%{ENJa#`{ zbT%2xLtE{+O6}eP9h=Do{odLxF0B@YoWgy9Elv`wqC~laE|6|u&NnKFBH(sQfgf&= zle*+tcQ6Zbmzvvm1&VOQAKDN}G__pO!#9?Novy}SQJ9nZVI~8khI~hq29+%Oz~*GX zM6l8{*zII*mXl+_UU@ZB{o4 z%gAP_lI?lFG&z8bHDoiruK1r*#-K_{jX1sTAeY9h&RWU0vgLN%Bcj%!6u3T)ft#3R z3LxlDAmj9SN{^B<3JmmK^v0`HmMpIw0%3O?7BcAsc_ zH{Bxv4V-WJ3&Dt79eVt76bgoCZRB*w|?(RT_7C#+;97Lu(@G| z;?D(I$DW|bCh`YiGQ?*$H&Lq;(H<_>e;dg>OG_BJHr3Nxwsexa*x|>lVNec9>$&6F z6faQVHSP>H>;uDmrKo⪻fh?mGl~`AHC!?nKFKds-vW7F=}fxlslkeP*o-r<*E!+ zEcsXX4rYY0m4E++FOyr66Hz!o z*Cl!?_3OWfMp*EBV3Vl;%_-HNCj#v8CIjld(0zsrx!r$X7Ju(YU{hsk%ngDG1d#wJ z3s5A%m+Jto$nKnoAC5;8Gmz{J_&WONNGeK6tPv5(m*&d-64bK|wrtG5be zXsv0Twk@SMMVv55gi=7MzNYh~!@1>H0Ue*qiTAwIPSz8sS6iWa1fAkJ=Po>9JpMC! z^z$1Ub>*JnrM%CTm=^&2CY;#q8m{HId#s$h3#c+!Kg82iA5R829WH0K3v%Tv)Z;$d zU+HIOVNh!cXP29wqDd2mxmr$VR5z^Tt_TizCW{XQjBw6XI41Uo@{Jsrz1^VMnRndZ zJ#LY|Z7_Xc^6aKr*8(aI@p246ma;e7e zjMwoDYHzfjhR^*j3>b@m#4wLy6L&RSyIvvYkoo+e<}duEAM4%WBEVplEvcL{4s=PO za=)^k{AuR=rUzhTUc{ZzZ$BHkwYHlrsL=uS!7msLdb}YRTxc(&S|#LWxA`M8CV^4%WCfc0?nPS z^X)3jF5Ag`D~>57pv8;KT%C=O=H6sF0Ra!l_iTIMMJtyMeQrA8rly8>ib(s^Z8$2EQvEr58eEo9)Xc;Z@IeC(iyhwxm8H`r`CwgDSOZP26Fw> z%6F52-9Z5}RXhfrJd|w7sF3k2x#Dqb4ntCMnfR}bO-;K~g)<%uh?o0Iq2I~R`#OdN z0OfdYT&dnz?=l~y?tB&K4Auv5-mqH8d81qJHgy)Z;oJi5N7>`NGIo;g*L#Bxx;ast z5(V({e9frti~A5&R{J{@t$H^^$K$y~0PYpt5R1(EX53xyl&LzfRRx@L0w)N;ac43{ zCkQcz`x5uApu>X2^ln$+>zrW;*)HIoS-=Zl7Xg&Z<&NhPH1dUAvy*V|k*lHr&-l-Y zt{Ha-(QPhXlfi};6C-S@H&p07irXLg>PK+W9zIB<%1u2#KV1uGb!~EX*wBcE{8Fiw zG8tf53E#Kr%o`hgB^KF zb=kqbDx5A#Pk2}ig};9p@2~bH?97S3(pjk`FxfDZOMcgYtxL%=k;WX8MS>LggrW!kYebw(H)u>*?E(cU1fyLjxP7n$ zFi;<7U@Ms5!)zzUj-l2RhWiDiYZXtAW^XB`3U1+T48W(cK}U_y1rz!;56=BbTv2FA z=MOhzd~O%P@51n8bv3|N>RjQ2iiPT1p7r3mP*Q-td*aZqe`PMw9+1gWng#3gMB{`Q zWxl%HeH%H7cOJ*BN{y+}qAHW76LN0{#r#1+-Vf#~6OaNc9>Ov_cZcIDM2R6%Syq{| zT6TW&O$EFRC`I93H7TP# z>+g@F$()ziW6j?MWc3b-#rO&`cH4I;QfFYI@@l`32>69tP zLqoh)Zt?NUL#7cCgQ3yXC0q=~ph81-c&}btMeMh2OshSC)IgBIn#8^cs8gmWt*fbH zqKzu-E-i7pF}H!BFaa>kl<(q5%p#7XSAe@+$j)WmDPa=hH#Hnj;XN}-%* z_9V{v&6K)66;evdu?OD*{eK>aRp<@rm)6+&w|f%(L8-0u<-m)cQ3=2|07+p4xkh z zrd@}=QpR9GSer8FQJG}ut%6n)-QkmIvBhR%iqR|=R)B*@8fgGLmt73E%p8D9#218N zLw^~Bz|?Wb-I4m*!39+pNhEM$KI{HaRo80`?q_f6GZ9q`F_xS(X$#wW^en5}xx*{A zu*Uy%jVOCC+brJCIK-rs)jRpU*lsL?OLJWayA!_0j_z`QK|6W>q?d*k;Z1*>v9ua% zJM7Il)=1yPM5t6uackxc2c1QM_XD#3DWzhD0>U=-i-MfHLKMnZFVTr#P2>>yGY^+& zX5>RElh^4+&xGEun*g}h*OOmzpM<^z86f5A|4NRzBlkJ}milf)fk<)FU8NjA3j^}QS-YD+xk7eU7!eOv;`l#36>p-NFbQk`;`m(VZ0Ye4Hmixk=NvkmR1saQvV^IUOABvEsl2Gv zr;W_ihZJh6}qeW%#+*7tDRG;#v=o37xXG>d4 zMh-oSxtUP;U7q5|Q;6bGX{Wy?ShL+TIAm?$STy6be=vtE)%0OwW(Fx2Vth9Bw*9rr zzCB$m+-B7xJjp!CL(yZfOn;d^o} ztzp8nMoK$0x!htL2}*eJ2L*n{sUq_+(x-R6R1wBv;U}uc@zffL#in`Nn=Pd(YKR`_ z<<_^a?bhowrPL-YcxtRN*CVhP=yiXBlIetNW3r_wV6&khYMmOAWm1@BHB$^M+Cp(+ ze@R(~cM(CIG+g2-ru#y}uDHce>Gm6OO`PsOu506&Oe+ual0e)5zCOQ+NI?#n4J18Ryr3`{v0md@L6#yuWWei0ov9#^|l zB7lMGcq4f-kF${M0_$?nrS{Kfa(N*Jy+#$xO1+0B8rpJfnF8gX@5s$e4ymsL2nR9b z1kNw_r#7i7jH7)cn)`c!^g^a(L3M;aQDG&t3&e~npo5y4JSv*27{xxSe1&`<4^SvV z?opX2u-8zG=q6wS8=r5{AqFjdAlQv2u~U}sfogqu-*hGR5&V-rcDUY9lZxi zaHsv0=OD})S<8267_u_w6+>#ZNwdl6$(Y?A4TO6x9@3qO|=JO~`IiA5xW zoOC}J4aC=866n)(u%2byf`T(hnX6(}FeS$Gv)?ksHPZ^ZZtXH;a9Fg?5DT%zc2J4% zp-dmv5||?Ef)w3gTWb0d1-c*BIL>l6x@|w}2YT0+SZ8PK59=IHKXhpM<-3^MawlB{ zsXiMJoQ~`=-tDC7yC0M2@@i{Yump)L02ZV*T*TgXl~{?_sDu{rsU*n}^r1g$Z|hl} zyQAf4buwDGL_NCAWP2jX#=R@2YxD3PBAGmsb2lD_h;l@XsMkXPj!9i#{QTUas<$ok zmcPXCGd3;bWLQhMWWREQpwj25t988h_4vg;;dK6Y($Sz@pnO}=RLXgGX^xB^-N^P zHa#Uk7YO^DRIEkHN-?!_@M9~&%LUnnF}{IYDO6oMmUvnHt!h9Sq<2*1+nEfU2-8aX zR)5j}GY7bs{&Br(JJA7*c>~$^qyWA{ER5o9XKD3yXbe2qcWZ}@b`#zSBE2{b+TG`^ z@b7C?A4ZXvvQLGCM7#w*Dk~Xt8@sPsBZl^G3uF>OV*LIDAVn(p^Xpq{^iQ8ZZ)K+y zGYlK@L@)l=%Ki!6I}A>frIAZR|DR(6VA6dPX=GyFW%gwi0-%j-u7mZe?N@psA1w)sQ@drvl%n4^8gyLZz zXb~Qt{6;T^g%K5+j#E3Z^KuSKuh~NsnUFUJux0rE^CwL0=tzVT=|9!9zpuup4-mZI z@P%wfFT21b%w@wZ6vtpCL;SPA_1B;HlY-yAqQh8|9{=A21sRY`31j`Udh%CR1101o zK_Ghbz3TUi^A|GODk1oPK9b_7FlzJL-#N~|&zJF~cqbt;{J)u%bYOQ?3jPd||C|1CkOV=0lL||ns0f@F=Ps|}w+5`C3iv71vIG<69Pq$}|Zg&@4+0v;Y zXq}PLikba4LOU}dzy5k)i2qJ;8K%DYW%3zvo$bXWVx(^NBH)bsKgulhrc;`;xAty+ zCI7TF$YmF?Ci8^`lZsjYPtFrbeswjbwrci}{LytenO?x-TC_irq#Qk__dpo&tSjeX z*BFW$u{YjwAxAI>VF?U~ne<+gx>sCL?EhTYmv`6alW5xIcu>`4>da(=xz3&fFPDiV z;bZ8p=aru+Ri}e^1w7Y;F+*2xhVl|QPj>x9G?jBWUo|I?`~Ue82Y-d?muZw;J{B0Q zM%~R5|8b))!v(2B36j_-u+oZoHy!~C1j}HB0VT2DpAsO~`2)&;OZtrf^^nEa3l`(o zIwwFKCZF{i``PM_90sd+sUcPBpNG1Ufw!v zUaWUNrd&wdS8==}xHP*+wVFkA+qm`7dbsoEZR8)HuC(2mMMTcT@*4RD^Q-GyGA-JA zZ}q-`iTmRn8-SE0@bdBHgEDiXUosS|3K*;~g{Hp^1t_oJ464OwVT~fsFPG@pGQyS+yFn>5U(nKzgUFPadetPl@!3{8%d(2YdcOL}HEbRpq z$h6?4wVWIX(VDN-Uy+(G|8zK(j3nd(DiK%;4ipq_fagF(mdWFld%=^mO@qfKwd@b> z0cM_ zD0o{X%_YM57ZV!|Lh5!%f)zD!z4Uf70eUewE|`(00kxsA>cW}7Fnia2 z*8ccYt9fQnlTxQ#>TOVWc&Go{$|NmM+>mc*<5Sr`&dX@m+T=>T z=~r%a`3y;G_+Mc4n`@q$cGco1_@Q{VAUeC{SkC@vdQnHqsVvN)L`9>Nk3V>9!L=Ut zl?FWjK=d3=TPbx6|?MjPx-+=D=g(80;rKfFpUPx(H`*{pU+qOo{3)!tf zOUvx8b1#Z=V^2}9B5e`rIJ(@DC3nU199c?$A2+o<`+W+y7AyE=klu2_+&zbDO9Cf( zd8l`%ut+^HmkhiADRE6gkHzzd1HhqiHzP$94_NUGH!NS?)nrP19G_^qM$~^;=)_`8 z$33>Jy{Q7FJ(YY)_lU)4UK6bZPKyF+rGT@|*$+=X>z&~u0q}1wR0jdufkLYA8`Hz~ zZ0T6{@Wkpgl?OVUqL0Pe?72WHDFd(pP|T*DqLK`md=jzy|?1emA@1_4<%i&cH2qyf| ze1Ia~d9C5CFZpGhHP<=lIpsyvyWUZ20v#HiCWg4Lyd81)n02}}ga?q#Ih2YnyTpF( zfPY-qr!VQ4#A9(QP3IXvZC&a6+b_lR452aP0Pad9hu?F=$coJMpJEkiBpCabE6_7Z zCr80_Rw6@pNaQyQv8B#CCGQ^HpGz)j{PNyU?caflZ$S3^*G3P_f5FX(H3|US+}qV9 zs@Yy7iVx&81p09vx=cdx)Ph*KWxmKHuzpe9M0hfoLf;&ekoj%8CQb&{wezmD8CDc- zy6CHe1iA%`7#Dos1GJeIFbk)U{X#Q{LaAQEn#{Q_26KI=q*lQg#nc!4+i1|vzyAcRCf?_5!fJ@gXv_RyHsb9>EpyB6 z{r8;!=6&98_E%#xs^a5DdUD3}E%lj;rh}n{V%ep|ZYO$RyU>EH$AQ6<)>cyXw}l9> z1Ali2g?Q5M;~3xHyi>*(`CgMn{-4kQ{`WBVZ?VR|5BM*S6rZnvhD}RiJhsX=983*~ z+iNXD_jIYjF%ek0o^D*P*ketyd0uR^^+RXvZ*H1w%5^qCy;3jHgD)HP$*0i%_7dm_ z`Q5DR2^8i{pJTn9k`|loENtQZ6|zp-#$!HMR5 zMUF5}nbI_B_X3at?E^fmtt825e=c>|>t?m*m~n<_FMG6 z2(j?w-u|YM^AE##7(*>i$JILB=a?EC9`9H8EjRZZp~$HyhZk#5gSeUlWwj=fTtihZ zruSg_fj&cR3(oPH!c0lLjSLa>auZ*cNR_)?KhT>t^e@#c-6s8G+{QJ zO(CB;C$mf|4z-nR#G=&fBlM1U0$|5;*!G`@D-qD*pO#u2ik2!dYwMG`KTSX29S^v! z!uFDq_-v3ji+mAG_q~PnV%ulUfini$KyrKh;@smgpftR&pDVSum^t#SvKVlxE_w9=J{UVPAZ-loP>8VwwT9!DNwe5z3jipsQ; z-`Haw!z=_cMUIclMgfDNBTe;<$3X2QugYOgsz9Zj_HfSqYlZ1hQTuA@k4h|sF;Zxi zS)e3Y7gnzF0H{PZ>bw;CG5l?!0WKSk8kt-gBi(WTuPSAh&!byGodK%15-iEblh$S0 zoxjlIQ312(Y(tT|{6+-q1F7BdteUKF^pj6K4$(mCR1p+*xhKzr=DwtF+%>i)r!d)P z4*}BAEIqY*$RUYLHY|mgUe@V|Ue;>vQ>y=0=y3|4mz-*$N?OR~KwcxA-WeX9#xJs2 z(GYye7?b(1`U1U5vw?M*a6sOu(Qm(%>IK)XTZkze|LhSHDR-znv3MJ50Z6Q%d|K3o z_M*8}rMN$zVE_{m{eZ{QpyPbdlGdcx>L+Qv{#g3-qn8SE3ZHuk#_5xvPCa3Ya=DS{ zQ1zDCzq|l;$dDN)x9YU24~1EBB9!k>f9&HMhTAZ2%;5C)!jrYS)bFvwv=Q2ri&h3+ z05wyUyKkhT8C8J|0Sa((JkN`=E1rqrKn1qzGNG@X80nZVp5ZvM%6Ua-pxVbzoYD|$ zX03VntK1aFp2bC7Uu;bdq_=V*X1L}UkF;&wPV zyd@os-FE(K(Ug22nrMttZU=*AjqoOyknfF3r5M|M%k$TO&yjkND%#Va&mQ}0LQQVS zN{@>3Rr&b<0o|-I4FE<{LEarN;sE=ennea%W9fZ3xBgp^mhZfpN>j-B+(Yp`)SvKp z0G1L^OZZio3<Rp=?AIoM^lf!}zz?Q}f2yZc+Dl!Hp_9w9)8H=gKItFW zS|vs5Q}f`k#x$tuXZ{n8@Nw;2#aZRm_<^n_&qCF)6rgcaKSX(CpD!z?Gje)$Cu#PA zY~Sa1enBg^mYAee%(p!*vDBAE$Vq3&0GMyqJ4Ec9h`9<+kryG`!TliF6HT!0z zxAI#wa#(TLpcIykO6}+c>gX^z0+XR;>%?<&CCutOS=|CY>@rCG~=)Uy4Z0QQY$e2ECPjs8ugM) zyxNb7QDT>MM9&w5g^EoDrJtx3pC}lQqx&XI^PLvc^yt*IR&Kr-DwJR|8I6t#d8)Sf zTqAuz(WnS}LDd&Rj}Fyl8RpAuOQ@I`Fy1u6-+dT5LFuWG;v-6Ie3$nves`QaSK7Cf%h!A z;pz~?(b$zN%K{^@6^XSUY1-x!-@J7QQTWaedPwu1SLeM`|6d5Xpod`{&pfLJ{|DVGlg7;1h1r?u`wrKT^tTe9le8Jv8TN;#z2LDj8>#H`&8xu zy4GcnVSj~29Hun@|6qi>@XeS)Wma>7Lg|fKuk*p8C}0Gq3<;)?u{!AZ@ne*!o`O-B zja;p0aT1A~wY(2F%Hh|Kl{ttSLISxAx9*+);*SLZ{ur;H+y4+~jc~8@sr?veM z5P(Ac6pu`yG{L%r*hJ``{H(^Qlq)A{#bK>tBOWv*PHEQh>N<0rJah~wqDQA`G-;7f zIgL`p>u$;5OjY`{A!W96e7s<+uIJkWQ=^1k7}Gq_>kIK=gBh?M;fKuEPdzGPMW_29 zO5_OIpC;%+*lcG3!@NCvO3Uy@vG@=X3aofkz05{Z)Ir3=!o(AviPbg5yk`R4H={Kn zZ|L3w_DkoAuvHXz;;=^X;ojUqUkSn|9`7e{v@Z7TrmkJf?JS*`l9Kb;1@`l_c?V2m zQ67Fed>nw3SjhvYr=%AJbUj3Nn{NRhUv7t+JT&^ubFSzaQ(4@+x1-mBW&Hg%M3@K& zv|XWi>WIWi0$zRco~;lQ2{7V}vk)d_4*BcR+d(>$HI6J5IY~bT-1et!sMTvQHXn|( zv%S4i&$aCpW9%ZX2dnywVW*{GyS8eAg;+04CUV1+{cx}}NxYetYh+onlSsx(k{2|W z;dkyw^cy=NEumGt%){gA520&{Bqov=?31>(2OkbH4)=DK?~+X;&>=Gvq!c5uJ!Y$1 zf4cFX7LoGVYkp(kM7Z+2oKoi(D0;B+u-$M1ftY zD+>wkIsu85n$2LqeRdzZm>nOXlFi`k^U*qgrb63;zt0jNm(o}tyN&N$Q#!vtgTCJH zzK*Z{1dAW<+z(81H9zL%&;Mk@c{Kw5N@#D=HfNa)aDa{jEq5to05N2!jdDTo3LLAk z^t8l}rR93)7|EV%=ok&44NGnb0>BT`ddaz)gPnltPsUUoWQ_XX6!Ovm$?6{zvXX-} ziePdkkM^6h!RwZh+hjDA`C1#H3Dd!~IFOFHT+@tU#*B}2HdaNXOk{_H7TPp%V=YKQWH+t8=zMMt zCZ4`!rUN+pQ(Cy(`2G?AfGlr9$d$tA%Kc^wt9eY6l&I@zkkDRx0pST?lo&*^rTZ1!$4+*gukJ@G@#8ZTvha3VwJGsMb|@X?>n~ z6fw8*6eoK*QjFd4H9TF8&t=-Zd~Z%w7QB7GY=dtGvE^CiI`y}k(aB9J`griRk4!uB zu9OLrq$;?i=?E*}4TN}bW3FD>8`7oBUnWqKLn@=K4SFVyRLhU}o_*L%ZE-qOWPvka z@}2@8))3et#{M)u{AFKJ7JA#%ZU2fOfz1ruGm)>b*@jDaZMn{(u(Zb96enPA{dN>- z!qkv%dX}dHqnoKd&0 zioHhcbCZaPhom2=OL-3^?_JjzcXE@Ny@HlRBYn+mEg;!bJBAM#B5 z$#Z8%aY^3;sNctr)vZqVc-J41%|KXbd`7Lr#JTsFkA#&R_!+-7ixy)H&#ffh)Rsi#|cWcgCAg&#M5j?HRf?U>PE)BsB2QC?H_lukIgo7uB zJ;^l3-%eJ#Q|!%VW5ulPei3WN?h9(wOZOeYkRo_Bb3#C#<6_iM!o+}r-zo|35I^m= z8*uXub;YDr%RM?b*zol?r!DT8nai;kHaWKgJF@IUv=Plg@EW9Q;sQWDIO3@-iSnvm zAY+cNF*?GoWXUFQD{CqPPPo}Q?+pdPgyHnIbZ6H?M9~avn0`Xso{hGWlM0;Zaw=qb@cYC8zlYmxlo7-&NRs)4 z%Bh-g5J{d9E^!eK`m9uBGc@pC?Lj<4lHl3Ehfrc5$r$==Vv+6QjOQwQuDh%0F-e#> z#lH${HpyB`MOU03!iAMVh5=kt82^$8Rj8U94Vmz1(y0F z?=s@d4OjQY=TB|4uo|5#CzX(9TbK1FQ=3d%1NgbOTp|QGsY~yz`MP;t+d#gqaO&oy zQKOU|sMmu*#_O6mLPi1E8W--V5RP_kLrwP=Y>f466?0R2-PIOnmLtDkVK*Fi!0lJA zF(m15SfyKV%6kHbG%$tPugNYxk)>qme!_ZW`T)~dt9M?dqm6W|oRz&|T+=>xFX!`} z-{uaVtr-1v6flZm9+vRkDLR+HEY1usw&1O7$EW-3{+MqoRlFJlo{ooQjvgEO+*@6v ztI`d&mP}vjxSbo)c_y?--g!c)2y@n~MiM!LQy7D#{Zsg7^O~)TqHG&_$TRCI-uQps5BSVNtu@vy*%fiZTd%_Q z7GUz&?J@~sEVyTYcle8C4jn_9XoyJV%%){>!@#-@b7isv9_BMRA=mTi!wcV*Z%lGM zencz`1abh)tP*cvZO=_`KBmSO|G2v%hEx|=0}ehzX`Rj|a#Eg?MuMQR`_1kF2`R`e zz&AgY%zgd++^ID&Lz$ovHEqt`-L}GY8Ad{?ym5RhGg~0y4sY3K;~KEpRc#*kxUBi11C=a&03f z=Iu>?K|UYP72u89LubE)~K`~*zKIYcHxhixi7q%o8i(ArA z^Bi(vT>eG}8cc{9nw=%_jrQP!l${X=I6{MA8`3$4pOZK-ppZyxJPlF}1Q-Pb7TS5lnIba*+p;=%68!Ru1s)yYbVtymNEg#qKgd2l$@~H-M`k za^iy@sQZQI3(O4tXptyp-Qu=P3MtSYd9uW@q)i6}sS{5~8^Mqh6q%bk%sy0@B+6M< zzdPXa3xGZWFLA2r&)U#za)K;<I}J<|SX$_6q+kxE8fxZSwi>8ccV1Upaj58M z9N|e%uZwKP(9DeOdJT_LyQMCqXIk1@{KCR}V=U=Ni{QhT zR+cJ%pi!=pf<>!U5W75+NG4KlK2h*P>j}#`mCtLqP+2rnwedq`xs2G6Mul3BUv|be zgHHQ>_0VRv%RpgxPCBK50E_h`Jf;T79fKiUHxw(e6%*39TQ=QNmF8@G#w*{m=Ba1E z%(%}hdM1|V^I3Fh1z?&MaCcsD-^;)r)@8TGVm6WsO#H`g$~))^?G35yX`>=!Eutvo zrGUJx^6MSIv=R26$dH^q3qBj}(my-QvB_vGoUF0aBY9pxyJD(Y8M!*2F4j&il^)TS z8q|Z8OQT+TD`k9Er5VdT^=*fB$OM!7;_Tb{bKO>){sH>wQa z+NW|qNWL-jv0SBrjlG-kk7ukrO%e~51B%fT@rVio7Bhmx0GVJi?pjJJKPQb&^XjM8 zaD!G%NIwyjH6=x)i&utwBLaVskTljvjrFKTj)SD-Ob&Fm#8GBEG0GLqPxtF)w5M_% ze*E#rY%#WK3iMdHXLfBh+`bUfD@R`=mDr88?(x|$-1~GO37~mc?n|cT)LGG`+1yve zUfPwyJ==(Rk7xlneF?e(_yfU|)vPbz40@XS{o-4k%a!iCo2g-ZdBDTceAHXdVYSsz z%{)T;tj1~tRNaFb3kn>E-9(^=i9=RqXE=S;3EFWe48qmO=aX2 z+~Vl;`=q2k`ewk$b!SHtYvU{^>U8yB_?#`7sYm>w`el`nvdHL!^&yKrlDtcQ+ zIH9>bRs>*a7EMa2HY*Q(MBt_E&nI#4d6tNZIX7sC29KjC)3=ow#)k;$w&RKG4qu#N z8LuxvdKfbn$mCCnO)8Xx4QssHa6IR_x@~7Z0BA}DcMhEMK*TsEw#rX!53vT&vk-Ma zF1E(4EBD&Ez5y_Wp!xoT_Sz;{qt0H_fXd$lWyabwD!}EYrb3}T@?P6n6@;x6 z)a*;@J|H-+z7ymvGr&py7R3~PP^6$8+TpA*Ow6Nw>E|xie1pj0Pgkh`R$gAg79{)g zr=x|u-`t)1-JqtG-ml*Qa1Yd*w?lUgv;zKuv!p0wfhU)0IGBA%EAC$fZ)hG8B&^LTd+7jinglt$eJE<~+ch$>qvD8Y8XmJL{>@ zmkF`uARAexIl*bHwP7^bEIeoV1@UVJUwBf693368S`7<(erdVJm2bL7Ob7f!)$ZTz z;%zaL=+A40im$M27Xzt^i*0@PJmCQ5`OtX}EGeWS)7{w&v&CBYkOREojqCySNmTei z4g1^k$GoC|7sFoWq*ppQGWvxUc^VQTKlS4ty* z=n4R&?H4HW^0Ho(dNw=e1X)q-zHKo*XQ@}DD99@jR!&5!_N`t18i17T;R@ld@!$ha;#M%L#W4U~#deXp1 z{2+h{+oh)E`Y}V&F58%!zpLD#=PLiDv=ja(m%V`a#i4nWy4o-vdw)5t6lsd$+>UCA zq2CZtjUhfq!jbTX`sdU79gL%(=570krW7&VeOjMv%_7DC3a7SEqxx3jEiNJUDM$l8 z_U9s=1?>RSu(mrE!}qwj8C}JiVQFEDpgVn6lkdD7c5++oUtorrv1=smgTk@>EQn-T z$;;IusFVnT5lLAerbhdrQ@x6V2orj89cWELKd~(c9L22=^SwI#;=1% zIsMpXGO4j6Hj;lI0o6e`z>O#;<}|=fyAkd{)wB{?I*E#o2g%Si%Ztt4&y}yPfjv{) z*6qSE(qoK94F1>0CyabG_&!ZB&E$Zsb$nccm=1z2T$D%Gu6`FQ-H2XLc|rmewPI8( zh$2;Di(Fb(FNfssKYaOD{M~9W#83@Q`!{#rnka8{G!$Dkt*##iC=9wQ>TX;lsO(?< zb=kb3k|Mn?KkE z#`WMD7q4X>%AJzgZBItO)j96RHYG^?v;*^LO)GS{x>X0H<={*60@DuxPqql{tIlFZ zn*}QuTzZvUtHK88z&AZeX)RmJJXKoZIO$#xIX%75bh5P-!=tnzWOU)|j!5+t35r}+ zeE^J~KRt9xzJ0gc7Rqp~e*DEbd+kdR*=mBLYWX`f2?3whR$^M+8VI@sHX#EA6tqd? z-YT5Ra`zEXG|e>_KlU@f-p&#-&;(ZG!-uyaSPX%g;*o0`k?&f2dSFrq6CzhvQDhPr zal1m^$hHX4l8B?FL|}J! z6mV|^*->uH`&|%-xG<3gCeelx*t_kU?u<_3&H<%Qu1lV(^k7OY82|F}Cwu#@U&!5g z?m-(jmZxYpTO&cp6pYUX zjn=dBxj)X1f;Wr<1^Bk-SvU`N+gCuvE9rA!S(XZF8VsFke0=Xm*gT@%l4o~ZcubH9 z^X^o0)9F)hI%kHzhK2?!E1A15`HJ)R(>g9o zY`e^RLZkJ5h2vnp64}vmX7U>8d|O7m4FbB%enyY>$%$%S;1qi}xg{7_QRn`YbEjNA zXTUNZZX6lAI%RjMlC^R?W<}_F2-$=Af`~W$(xPyzN|MZGZ%461q2j~mBu>|PLYa}z z?4y3M8x4!6cn=@$drmtB1UBx%6C0Rp5k0Uj_omg3ZlF3T-q!!xg!|?)`0I;$3NL?a zGEbc+k5*_6dnB(vwJJ3iKWq)LHe4_EBTauM&xcvc&hBm_z>04^rDvYE=-Hy((wdID534EYXBaNgL$S1DV5W-tjBBDs0y_Qa%XGANEk%X+Mdy2p!3PEJ8X}}j}_bsvB zm*&#OJTKmCN?W$KB%E*GKi6fcTx>-0Wu!v&;nxhrK`Kf0bE4Hz__Rzv`q3xztp4nR zAHCkxyV)QLii_{(OciUx>wBH^T^%ePBgi`5 zu>T5)luu)Iy7}m^_zEyoLPxIsm{9U+QBmGGW9o#NL4L$Nmdt`IGvlkc>kPI;>vwNj z&7|f1u?iW`yT4*vFFwTX?a*?C4b0ZyBYr5BXU?`>wZ{#dwMMNL!OwyqOUd)0_4W13 z9em`-x5(OCRqIdEvhw%YYN#oI#_}EH2SXG-))j|tE+l{D!q{+v0w(ZLu#7$61&RfQAeT*$js9%{n5&nqXtAmB~%4w%} zPS_B`526n7a%t(mZ~r0XErQSTh5?@9&oPMDXA&3+r1@xa{%dd|_K_hM^oh-P(d7K^ zGt2_UGp#*MCi4H@@BxVJRWe-z?f*3lNdQgeDMyt?LZ~W#056pDs@H)=tR^ZtdX$l_ z_~WB;nAuyn4^ZIsN5;k*%o%z2^di<}2(jB}=;(A&vqRfEJLW+9b1co<8;EirG`rCG<9&fHLJLKvai7G_Vq;~m|_Wj(;hUmQHX2HM%APdt}-K)*u34T-zE z=%}`uA)cwicXq#W#piT^Z6hJU7Wj;|jLV4)EVw6K-zV|Tm9s?PU(S$bo9weUM3iCy z7IJNiIsA`$6Q{@FxW*wI)~v}AJ#9o*)0Wyw=gG3-Y<(3^jb~W+oSzuyxXzL7w><+} z(}>TNoeA{oTu>)WJ$zBgR(g7`d)lYNRmDKt*%8ul^eZOt@?X6((Z8-VYS(_;HSIl) zEcS{dXiBDv2M2!SXG%dJ#G)j=I=a^3au{CgxIULU+`8ZwNc@%) z%4VJy0vXx4@k9r?cS!FU&qdl`U;b& zp(#~e0KBuGin=v6A5A0Nn=CNtU)l6ZF1s3O87=Qn=FI!}fykqb`>y$pd%F0Mph<5J zGXJN0ZAoxQNc*qI98!rT+L;nnbbZf9#Ix;@$jBTIZ$MVP5vSUcv7s!Vp+2(h=xHaS z+gb~Db+iy9pW_vFjzu4Tus@$&+3*d|574L^9UaJ5J#wQzf8g|)$Q?0ALVL&Yaj~^3 zU%AX=-^p5uqqbP9x^-`=B~z=qfYady7NlDb!EoUQr%(TYP}=+yo4?|v`-sJ{h*W*ZYgZxy)CmFJ=v z4r&kx6o0-e^GKZG9*IRf<7jP7yNtsuq3`_NaA4Zz>;4{=Bb}bwCadMFU`w;^86Of6 zS3&8i8l85A^&B(heJf-`1mG`_@oB9+I5JZFeJ9-;bxgpBN&IwOlD+8uKJ^28fcSfZ z{$N8&{gOpp_I^ZFudc)Jnfr~wxyqd5IuAlNH`=|)l5pgAVF9<-j7+ByN1@Zj+UX+$ z42E;a0!B}Za~jR-6piOcusU@va1;CqzEsKr(=9}g`iG&ZpeJaST=}jA$RLC9&d)AK z0a#I&Ye}x>$9In?#uRc1zBE2Q4Sb<0MAx8t2DE67@{Xv(YEHK2$FKVzZrn2`+3b~{ zO(pOKHw2P+QJ?qcb+=R5>~UWqda6Heg-u&ft5KHTx2WVR-2ldHWeqh_v9vyN^3JTD z+d&1O#D_KU5O;_`WV{T%(yg%0WoY=8&M)W`pLfqpc<*J@Ckr&uS@@H)y@CRf2(x}* zQYk@2QA7Y;yJE=UA>lZoeNIk3VW)WAUUM*!D0&fXt~>!Fa*-E$xYzzrOQ>{b%U$mtq|1rWVB$H|12A#HOOoCbvub>#1VfFxyi8ro;?oy^BDLieihW)cRyLHW4*nTD2A>ua+zsioG0ZT*`r(#On}U-u?? zTGb)VpFb|EN z-im!?4^=o=Dx|n7q`26+;#0^8YcMR%{t;aFp_dop4UJlB9aH8>%dq_ZzQoh1SH3et zkxDFERsIVkdvulgG0>|S0WHnWWSB!R6! z4=thy5&MXiw9aUUv3aE}9an*Dq$`hD?JiWHyg5fWNS}b+lzv6Yu#Yb&ejj{pN3K?; zy(=6T7|vp2ymfn0aheAV(1SBkS;l<#?%lc4+=#sEScmcT7o3CwzL7~Y?=Pr?oSot| znKr2lJf$JhHeRxFDSV~Mr^G(*vY(5szhde8azk`MS^#CAxKdv!pFSqvG^$zX=`*+broB-IxL4;#W1?UlCiz9mrEAw0 zvaO!|=`sCpd$k)JHdVG`9UUDxW68le+Q_@DfIkW!>lO2^P~k(7ueHtR)3Ax8UduGd z3|ZfgArr24+DwM8l*Q?aSH*^!vbN+i;CH^C61Vmi zTm~2g6A+L)vaY&We)N_gU2P#?C+dRor>Ue1PQlt=EP-!y0>&k7DTX73;i~Igr^}0v zDkX{HnzP_16E4NcKFr$=i&=zhyEcnLP0eqwvVSbJAd)@2t~Gw(XS;dVY|5W@e*_a4 zq;T2fEqJ)Zt~b<-W_|A+bjf?TdhHv$%PHX(5h2eqT629lxwwc(lqLx~r*BQfw5mt` z*sqiyL(QLlvs{qDZ?fTq@}X05n*hAgpI;$8T!>|x4-Qgp!%r*nYR50SyBxni7Y`*Z|mx|Tq7&0now5pF6ytv*C zKgxWh!;Z4D>lVN11?1ORt?)2H)jTcxfxM4(#a9nePbq_MHW$=QBdzR4tQcwgQ$!}f9Z92WNLuIZqr z+u{5n$b9PAmeTuI#y_?Oy>5+0TfLAz=%T(+3#jZzYevC~&NLB=%-`9b5=0{Q;?r4< z0q-Vf0@XD|gsQ~YN*0#~ycq!>Aaad~iku0+_&{;jZCQ`=8qRZt5P8AGvK`c5yi&XM zcL~=&_l>s+&l47@S7MSteNiZrH|nVCm>9j0-0({=@iJY3DD0NYH<{RUUrEE21XEH< zR!s`@(YD#6y&t^i9S)`=xiO?$A7KuQteoRZ0w-U%L7jD6d|_L;T!F9AEVIQ2n-Ph8W@6l8iI|+8 zT{H*RUS>b^hf>>w=Iw=1-=qYB23YT=ln$7sh9ja7iJ2}uh4~}h-rsoCD4x|6PmTXUjmf^@CQ!H_&uV|KYa+ezJ#`{cb*-0#^1JnG3u53VUP?t*|_I;SBOc8fs0$l zZ`wKSsdmye(3!L2?j(*(IWtnU+F{PW~G@UD0W_xb7 zgq%JZRq#^DbF$#CzHKL%W>&d34I_jK(5e)fQ*81gbMe982eW8;^?FTX!{Seq!CIXL zDor1+EbgvedVV|Cak>h4T>N-64cEju{SEZAmn2d;Ohw*-m@A;AdZHicue?{z9hAI~ z*Z-Emvh#8axq_K*P*nqBk@M=Bp40f0&H6SxHQ}vI^>j&;+%EP}+|pU_tgy{k7>RuQ zaLa24-GH!zg%+)41^(iF2l3c}SXq}4HJP+AX)xwifQGKa$dVW^MfS`AYFWG-)w3jU zO@D!JGH4bsM5;fpRtsXj8L3HckJm61Utxz^Z+m~1HWB;A zeO1_km`sO?lK6B;~zS^?mp zzZ2>vQUEXx3-O;D-hTi7|482*cz!{#-U!C7x7=_nO&%Z5f1!VW{rd>TwEONM`;2X; z<<;vfla-Y;P&v_FF*T0}oH@lmUjn}RQ3o^9L#AQYsanVvV$KgSz8EMn=KS*}w%AyPVIf6btf!L1p=o!Npz7bgm^3=9)n7Kngx z|Gl{<$V*Hx;A5uCIERRzLB514yoTl6g~LD{ocK2aI_*kjW^6@Wc4A^%YU?-2qJQAv zkze7Bh0zlosX7TvoZ_;-uo}Dr9;({YK`Blk=tk0RafdT7SO-!+RWuW&?0 z2=#l^G=a&lAAkgP5)3y5!VafAjrhNi2|{GM7n&R$X48Kj{_C^8900=qzaOEHVM6Yy zD*MN^{tv&003gSZ#c{$P7|{Qao64^MUh@B+;B%6`{eJvFFv+##cfF;+LE=YWL_l#Vxwb{k`uqAX5hd4bWsY?iUUViQD zClu+$3(@OmCJF@^OxilvcOZ7M4)|g5bIY7z%0GxcooNQ&tXRk3(No#23F5hiN-MLqNpz8!eNzn3AQpsSJ1I2$_o2 zM=2Cl;_xo$bGQ?cFusIK&++Qn&5xH!uQn1cY)oJLw(BpB?JNAkNOS0wzeq~5Hc{sS z?huPun8pQ+Et*J~W& ze}(?3i}!m2p}hs8xPRsxNiCOShL9s<#ksN;C|hxM+Fw$sqa|5;w##823V?Z|QL1vu zC&;)y(A2WMz-_v>cE`LDGBQI^jT*?m-K#Mtj0U<0Bqf-0Pj_8ipB@y-A0g)mcQ(l9 zbsvm}jvpQ5y{awhwDh`!n;@7UFKakD$BmvNh+*Vay+jb}Wm$C10f5s41=W8}NO<`R z%>07=#;?MtQY<4e+taL%1jws_qG|{f)sYd1*#9=Ioi1#pW;Q)iR1!Lt4`N*mQu2HY z&8a)2$C|RMak$Md`73ge+F{j_)Mjb}Q3$l%-tA@zbBUS2<_OK2>oc@Y6}ZkBE4 z7Z4`(po`Z$KO=yBXMClapl0tqpXX)KEX}8*Ki)VAc;h$s)g?1-?0hgxo)|$)wf+W^ z{WM*aOYIlyCTq02GM}Z}PiU0B<3y-j_H^Yx&zDM(6sRDriaU=#Js<^u9kdo9LPgoN zxsy#Uw_|jH#FL7P49T9O`1_Ba0$&*I)XKhmYfjUueuks#U4hpVnjBQRSi1=s)(0Sw z@13Pu$-7@20jWv5;NFaWXMpU>(-Au-??&>O`zj)!*IrP198))*o_B8d>;pfq%=H$D zGIEFG&d8o47PU`M2p*F`f1O_EWas;)d!-^Zvkl_kOTo?omeNb7!bBZ^d7ykcQpDDE z?>)ImSI&^6(N)9~e)GqQwXbmK1)90f9%ipCLSGAh@EGXY@|m&y4m4jl?lU_0cJv*l zPoYmLmKNyQZmM323stYWkau#c(8g7o^#{ z#%qiak*POhGvx_;3Uh;krOrGd@twDlty^kRW%tvH?nF3#^O2<{xjBx+1Rk>)8K)mp z2%~3iL_Ve0sJ}4N>0-5$$%w(VWI@4>j%cdz)}^L+f*UT)Q4OuLZoek;uHJ5d0VKTI zNk`==d-wU&e7qSS!gTe@*H;**AE5(qxpyPL3|vw^vUg~SY|o;&%>lfo7Z~eu;u&%1 zE|)YE(xlcR=H2>7D3^_Ht~9M>OOTpm5biAHLE@sjZ7jh-5fxV4jcfLzP-J}wX^umjd@VBobKs5@Lw&U6n5@z1&>wLiMtGP9RUylX zd+5%%)@CC5VDU{nnC$cxB3>NFa0oJ;I#_g1TS$g`nt2(*Ki;gNboOIKHn{9*LAGiT z_UK~QiBZk*Zcc!p%|bJR9>W8b2KP}bD?D;Aa)E9Y5sx#NO68o2?j!LZehUWa43vZh zmW6oTHku+~6p__{(ec;SiUb?lS|_H3nd%{3OB|w)Y@3wX~`$e|T(q z1)+GnOg>!(B2aesYzB-iW%1@c^X5rsgy6>9I$ThActD-&DK&Exr|n8}|7o8exs8oY z{|G*D&fzZzjX7SiMa=y_2E~Y!&DzAmtn$nTeNtNOuG}!P8S-c?u-{EP0_YSqv|Ykg z)>MAV48-9y_fNGsA-|wDnGG2ZplY`aQ4k`fff{Hau2`?%N(6JwpT3=<03xL8wI{GY^N*DO98^wJD(SC=3>tY1YNZKUA?5o9V9nZAcPcq#$bR;jdcmo1po4dUoij!6hPyhJAV&ot^ z%f-ZI^^&;Jc-d@LOFb5i(hs=s*JbkdY{hG_)5AlxH#B3FsQh&Qdh7qi0lgF?es8FQ z^Gfz9M}!BZ7D__?v-<<5P$U89KG;`cU;l{Q|0dZognk`CH;B{+OA;J>S=Sg@BIR_~ z)$g(3&b{`GjLc@4RYw!^ikLSuT3oz0hi5TYI=;fIw@f)d-oG-@RY)k~O+>Xug2wZo z7Wpxj*0K3hEVZT)HI5T$o#J=)TGokn8(S8Zk}Ug6_j5L9mI3(fe*fNcN*o}bnRF?I zvX^W=y6g9S`|y&(lg;L7V9wlkJ=Obgz^&#d^sqQU;||c7$>^Bn9_#{4&UDh%?wX~7 zeU)5OWu+hdEpS+}`e?s69J z4$UUbpr3B7cYy9F<5ic%jiWD!cno!oi|`3A2omvps<0yj#*rWQX0VQ0IcK=S01(1( z>jyHI*A2bEt>;$(L65_odYAivH(^MMKR3?;rgVuR=P&O;-r>E!cN+b$CwRyeVxM>R zqlAcviDhoh$pjt^nQIG^eVCZ!?=E`NkI&A!j3R2q6vo*3F0Itge2m^Ev0LZxbM8H? z=u1sP)>V;EpNkhpb)Pp}uDlKf2v4Kkz)kz}U3Qt&hc}+ko!%f3jH@U$ENW^4Xf-s8qf7oiLV+73mOJ?;eogU6F5;OStlMHa8%6Vzj~?JD<@P-8$r5Dwti~&AY1>2gxrb68KjWrli@#uvGFUOwOQ@H8Y!P(9e5V4`(ag>mADu-A zek_T^e~lIP1!rJSfL6O862fWK^^&4UmesL1jIR6nOH9n7?w!j)Z~q|apKTl6cW-}o z{;YSpW&!%gBe=S{E~|cOYVPgr-TaKFC)(hEM#9Gj3&>73*4D|dtVU2g?+-3D;c@9y zr>5dJDsBOp&e_prWvvo?&6&Y^$7iR-t)%%H58|}FaTO28UfDbJhlgHf`#Ty23Q>{} z#EU(q9fPYr`$pnl-0+D*Y3a>5nwtlhw9wX2X0}4RuDn$My<5enjo0bP7hDEI!~VY{ zCcnb6UO*I*w0UU|ZsCjc6~M-VoqfvHcsn?|H*DjxlzOS{b-+K|w)8O2W+l!LY(;M+^=bP~ZUbsJxrBxj> z-1&5Jlr8gf!o4rWO&8dqf&?FLsPT^g`Y>DWAgMsRFzaIErG;j#c|eWNLzoYTl~@&3 zm<$*e?$ep<9hAS(;6Tr3k7FpERR{Uo&0OWV;8A!G%GwJcCPJln03=5rnp{x#mum1V zl^cNZG~*@$lciOa71%3;0`P+6+NBdM{sy~wI{sSzm}F#bD8lnO_HdMP(reN9N@sZs zrCK%LsVDQ-epGB~&iTJNA;@_d!sU@?X%;=~pkJIiW5vR9u{TM`EG6Nxd&&n4KnO_p z)-6S_0qExnFSChA84MbT6)@*E5ZHEm%pA=?FrYcQjUl9mffeERE1lsw9><&V#m5SR zke6j5HU4vR>f1V~J(I5&EQRazS7aDQD9V})r`P*k%rCo)I2t_M>WxlCwliDsOGGo? zVpg0j6qo;)9nbE~rD6EeJ;?38#jAcjXq)F^z1*tQ8-j#wUwd37e7O1 zW=R~6{{Tyl7(j|q_TaQT6NG0BsqSwK(;cWHNtWFiNhM^u*w1W1_8y2nUY^*#fh;{S zNXyfnN32Gqk^m1T(T2=64~73=?U~T2*a(6?F>Km zMRH<1#SCRb-JKnG%<2l6zRARe^g9!rtVsx*Tm@YLG6Cf*7FrFSYm$qQOG&?=@#(hG z@igI+A&r27f<=%mr>jofD{1u6$Wnb!c5?EY;H9(PUTXbgUUJ!;P&ms2nSLs!?fF+M zKV&JLo*K=crlULaO4X_O8*T=mI#t9iiF^wVWX>f4`)EF(c9GM*lbUF1q##DouRb`u zww1j1U;;G2k}^x!gbh^g&BxC!4tYOb`MX71Y}hL)?MKxVTWkjK=<=nA;fp=Ru$VZ) zq>{No8dNKpBGYV+#vIzTEks0dJ*3!ejpG{JbNjJY_tvH(5a9g_L|FgL{<$y!Nh9^{ zP|8@0=k@7^&p>p|k3C8^O=MhrDylSA{0*x24=!}&qQeB!vNZIQY*q^LXkk`M1(_Fq zL4iF;!04Lx67J`}Iwx+%cmraHh-Wwh77=r`uO*2v$$gO`mk0L9IgcO~A|!oweST6B z{j#lKH=ljPfrq21Z$p7K34q81UiGmR7Z6t!wurZt=^9Brw8_0bhJ18A-d0-$9nIzr z!nkQ~SK)S9vTa5;>_U8K8w*I|XWjuc_Sq`|47?dXH&9ME(0MvqbP<$)%xV=y8pEPJ zjwD!iB|3_wb+v8Cu6<(fFsGAs0uNyk&9^Fdj|y$t?FC zBm<)lV4Z=^ONJ}Sl2T5jQkWMXU z%czTcB`%k$maFU31I!_+wF!E?J0rSd8zc2)#`Wa?LXaP!=zY0qan$^ZE@>PUlrKc| zCrzEJmK%S1X<50^c14@g#1uC!m)HdG#U}G)@B9#4u`sX(465V-G_m<18CG?qM7dy&Yj70 zxf=vNXEsXY|aLI0g9Iy?rViIh~2x!Gw zzoJ_q4nXxb2zjA@{yQf7OM|VCo*~34ah&?cIsO816Q8Kr5B)kq65g2mtgmko^ajdB z_J>>?P)6TUt*x&=B_?K?l$yKLQQ$Di5gMdAF1ZkdB^&Yk)cKXOoYT__`heF?{yQ@# z@qHyrLPGLH^b58m>!-0XbZ0#clHu!pQn)~_h4)Nbc7$DyR2xH!i#K^K+^^7*|HLkV z&h=YFlNdl296o0$XIh0~S-s625**wPi0lrVx-&5_j)$eom%QMN#eSc#&lnbP<$i&I z;sLW81xjW#V=Q-y`o8#*B>Wrn_mFT#=DQ56ypvH zfOeftM`4{0aDj^HlDXP#-dIT-*8Xt}$@y=HvHp8$rkHDFq=}O8CT2Xod9nl~^z^TS zgM%%Kirr2O>%pvCvfzaOBK|DNzzdrwo3L$03j>6VI^LSKQj0Z~Xx=wJ@%XOvYh-G| zKL7U=nt-@IH}>TuFP|>~dr`Jrs%E|2dRAxMXVkxL{ja}vjKI4*GM&y{%MOCOQAV5} z8Y@poC%^?$PlFR8|MR|9`aRjnFhMYx`C16iL>KwB!u*Bxv!ATT$H(71v@A&ec(g(zq(F}7c$37yP9DkYYNK4H z-M^25_Fv@m_7|aYaS6ll=e7Uuv+PIMFg(9btorCU_6w!?1$;U=qt!x%l4UQP%({)^ z&YmatH_jdkm6#mFt-)2kU%4C@U$q^fbes{(lM9eKheXgXR3nJP!G62$lGK4jG+k2A zEfNV_A!@hB==t=Hu$mn$zOppYR`eJv6|g&Q9SjW(Zb##Feg9JTdBoVZ`f2k~N8;Dt zcKVl=`APlOr(G?9@s4hzQWeY|-J4JjI#&79wi-l#adfOV(6Y!5@zjmNAUV=%1kw=G4~Lgn`Iy zB^}ZXS|saoWRS-e7~MmgmrG>~xHfbC@me+hdJmp2i#ZmEuFsV09POF6V?V`uT(0+R zKM4x7Fr0lf=&yavmDi=>&BTOa{Rl5st{&{Eo5tl$iT-J^PIR3Qd~$N+LsFiPm!|B| zInAg%SwyQ{Qw*e$c(3ziSz0K#;-Mxdo?s;t*Pgqi}^lsIRThh)t^Y0g&3l<3E#D7pO zB#`;0`&^>}@l>K=QnlC@lIY0Qox^eozXd_-q1oPV2a|!v*S0%Ojh-tuk?~;jToF|) zN;|91yOh#DXfOydMN(R-obYdIy^&(41gvctA8?21RNg75C*X?6PnU+3bJ(_5$r6x9 z4X@A)QEwRiJ;K5P-C}t zC(1^n_k#4p2e(Wx>y%eUXj#7JSF#@~IT$MsrpP&R(8!FgV-(7S09W$}mD`KWrE@|6 zPo)dryJLH&;^lLDOHNCL+oB9M3Bm5kIBK1R9c~U)9GFof0tGvZ-^=E=tu*5(HM)Lo zvcx>nl%lcWa(T60G?X_mNrm#j<)of(n`7nu%~;Z3e07FwOpv6%$*g};nG5aT4Oim3 zFOpqQHk>oAY)kTYpz#sLOE;W@bhop^J{cZz#|he))lA>;v z1Z8+ANhdWbT5?lJ@r4+;z99>AvSFu|R;Rwb9Lmg3Ay8VnA{Dv@&F2BW(+RyK>a*~Exw#tLf zOJGzL07%FUW=g;un+)V#e@auH<#xFnPxlKTF9Yg#~>C(Bq$PIzYPH5)&aoZUqP;R-fT1-3^V5)^oci z@1G|2Qd++IBGizp-Y4}rVz$JWwmW2=UNJzbkCq(Y~B@+EghJoLQ&m;7z45mf_^V{) zBfOArPsm6367+uKLM+ON8Cssj>CSvg2E?eyJ7fxS4 zw7X+OLe;YE&OEtPt(&q2@hW0?3Z3e>b3@!RWm~40RPA{=V90ha(ojA?8>VvVl>P7V z7nBe| zPejNC?;6P^JSrGz+Ns{{-TE+QUy6G$yXj6q`Zw?ixh~NkI9;es%lSg22L>-Xw)ovP zCqKP%na#==0Jm|ERZPb=1;+!g)#VEU6OlK+H;ssEO-W zTyj8w)5*I`m%LDWcytbg@4i2)wuK+XHTU@YHB}39vIz=BMU4?8&?p0pZQ`xymvi1B z)R<|!bx9M*=FCrHqJW{}J8_!_K*;#a~RyzILFh7m96u zF-KSZW*UAZg+EZFM&_<)+EOu5-vvFkdFSrI&}QkXl<}*34-5VfMNy%lWAL;b=|7jG^c4x2Jt6K0n&updZ~H+ zyR$MwDqcETSxDQ3?&S47lZgJsV$FE1Z#t&ahrXSIJkG8%peKF*7Er4Jbk5(ANoN2; z9{S8nMmm+Z7K^a>np|QBcpQ1qNuEM_gU6qGdvEK#wBY^y6XG^FnRb-NRQRXt#;_vx zwomb_S75=Vyu0Pm_=A^&fjPNn(ed~>aW(9xecwbSnRHp9B!JRNWnhINd2h0^JQ;~& zo-6r3Hj=RTybq*Ov1SoF*3t?d)o~nOKO*=hu@}A9W$F6BQF5WUk~oBPK!`UFbG&n*f5-A1_ z=0|AxnYR|u7GV%jl8mL9t7ALH&J}4eww*qON!5(`?zcKZXP*^7OFNoia^>tn0wgnq zI~6zsm+2B;8?2@Wwx-`xuO>O8d&v1`sa{jqrkdc-2$btI$=%bWb}ibr*)Z_TbD!AU zJMJgcs*&CBFA*#!vrRxpTIcGKJJa1U0~vLCP66raQu(~keHaxE-C7pG1DE$UQ)7wb za^nxuAPB;!;?LStfzq7}NpPIWK;%Hy^~2&TZCr%JszcjX4W01Ox5+3x@rp1GY2>UX}*@$i+S^_)KYNXt@6KrvbZ0f#%Cj&Lbbg zc2L$WA3jcW28W^xGcw7bp-3}j5ss+h!k8u`D;L{V!_<#p4orTUp{hlY2>MvJiENGldO1#-{@8zi3{wS4Kzo} z?f|N_e(;bkE-zpv(ih4CePgiv&EP)tZG_1mmgxjgBFBWXtW1i?DkL`06p0yoLMi2M zz(RCwCE_ahkM;n6?~DLk1(YCDCTIj_WBl3@i4+Gn_0YnE7X!SxJQ-1Zj+!!Y&-wzz zcX7u?4@ffw07TgNhYUDMf7QRttcm^+DvpSa{Z2KW4_vy>Y-&PR9#rk%C zB^ZKg;7nmB2oLmr3kD`66!4GPtjfD2gMaNSr`=vtkV&EeX-JkDU+9-$@pHt}^?_mY zmbOHih$K%8ey$2jL5u!P2;m)qIhqKBkB)IRrf?YZc6F+}GVTW9n=r z8zBWhM6UFZX2}#d3Us+!kvWK(eQP|*vh;ObWqeAhZe&-{^tOF@-KbEAn@>r?3(p`X zE*=FGLkBTE+6|aNm3aoi#&>60-S#J%*mAn9pEDxOn~%*cWIP*qT&`A|i)Acg8&Xdj0H`T}$2scNAB*z|G8YMu zts?HTC8db0^?mSx*J%mocEsD5$bIsP&xvAkOqnqju}#kE3)8H&f=BYQZ@i|V-i3a& z$*Bo1Gln*>eQg}i+tuv!ysiPeFm9>Zu(?tmZmC0xRa6L-)#%qh$*&fm*6C zJSU64k-w0p)0o4Gm4dX-=}tRoq=6#X=eslqf`XfxWGusCtq}oiQ!8YH`%mj40;&SY zlT;C`Qmg`<;-`7?sUI@ETHLvc}}~nmQ20#E_MQZvXf@% zwo}!)usEG(^TFwLos!2uSztGaRdbr&zs{7nt9mX1y}{yH?uSfNAi zfeHbiU|tfufP3eni`8jxqic*u5yG|&N{7|oX z5_syK7#LLGc3_Rglmw6ekT5Y2@j=P;>SolDDtgHG5AVm?$1Do=BPl@*bAoD~(D9td5Q3Y#8X}9*BbSQwDgMH;2CkcrHP2WoMxY^-nzXM*NA4~L;KrSA$Hb{c%bh#d)&qEE-reH!+ zuJwa`_b3ty%Dc>WGj)i4ibm@AzX71gkCVR~ds5j@A}YA(e$(w|_l}+Tfg~;gL7WM? zrr^}GO0ukd?w-G>f`9(vi~g#u|3Wd??*I$5yGY=7C0$xtQphnk=<6BOzw`v?C2IeniGG=yL>eedjmxdq_|qByGXDg5jtb~4lZkX?)nns>C&yb%=~=zj!HeNQ+jkq`DbN4Oo`w8h+$zr`U1uY!y=MnYAeFyoYKODb;NE0^I zV2{4ErDNTW=#9BZ&R=>AQxsWRudMD(D&OZOx2t=t=_j2gQ2)X_yR~Z9kFtA7tbR8@ zN=XKw8^_D?$vT_G3!Ma3TT;{Fczy)=%cZ$>AFO;vaWX1K7yzw)dn)bY1k!zF^2Oak zNgD6uU9!8Yt%H{cazimGbN%b&jL!=z(WG|H{jo)m12sRIzp>$)QBJE4I8e7FxZktI z>j~Dl?S5h@^UKC#v zcQM@pv?}q#1@DMvWcKU1Gd}XvFOhT;WhmtlVc*)>|#Q!CB$w zyZW>9RiJ}GUUk@EL%;GA5w3G&m$a|zvb9CRnuIdj6SdY8jEZV6wCP8ESarm z?I@0Rg$P}KzWfv7j|o$`G+nmEC>iyToAaifj_z4fex*<1rSojfqU4#7-sV(~0S zJm5;y$_*c+TaLSXh6ir(K1ZY-jh8lQIMh6pb$yy8zo)9H{pH}dFn>h$ zBN5xqpO{UYMY(B5hiP9|yCrbu~X^&q$r82qVo_Ni%(L=OEx2rKduEhY#m=sb;NEx$fw^ zmFjsEWlYcs8*+BRoVsVNH=OGJN;Y&UDCqm-`JQ1U(B61NuWRBp@3RJ`~DOqS6nq)!w~VV&9TG?R(p{GT?&mkSKkxHeOC6pwaZ= z_1+9K(+Z?w4mV5J(4+Ho+fD{q2LH>oT}=__YK@fN_(Vhj{b{WiiY?zwP*J=4FKmQ< z=^F+=&^~FP<+euMTC>70I0B6S6?7Y5M!?yHu-&k`T!bJ(5&q+tB5Tu7_Osrz7c(7& z<(LX&IrInEzBdE!88Gk(v!VXWtzn%~G0%>&uA%E6L7f)tB~Dg5`Qw#RCI{Em^hzvJ zZC~^+99&tahkwhjb|`=_C*?kgTvJ7P`5P_}L0!6M@`7dx0)*Jp`_n!J)#y=kbjMpV z(#T7na+|QgD|RKInDDuAESa({O`|qOL_`d`4IYf%kfI=VPWxp z-uxwU``R@J&x&IEi+A!UX~$>0Iv6QmMTKxeFG^H&^RYnc%fB*c?*)jxzoxNK7nS2hnJJ#`< z^%TP3K+Se>>z6h}F6q31wzW3zk4q&O61w0hH>A2kf})EJFbXt^u;W^;3A|UTM)`_= z)>rJ#N*1e<)6k>9EeM4B+(igODuUla&o9Kn6e(*i<(u_cRu4YeJhE=f{uF`-)>x4e zqLGho;m#6He=;7^8>U1PblY?ju57*#mOA-nQ8}vlW1nl1EELBWZpT``Anud0 zT+?+7Et91^pnCeu!I5*G%1?pM?a-9)(;&Ls3Fe9|y1YR($j3e4#k1$@X2+GL`MF+| zbAe!9`b~yGpitCOe}67Gfz6`X1Y7WLn*8H?%wy$j$&$}cYIvM~g~Xz{Zj3VgTe31v zzHJ08lSL+**pmxdTRsud2g582?_mom^rcgBSv=w>=^}d@-?E~h^T$MSMLRJLz{P&u zkQrdZGiwZ2b~BzJH_r*5fKD{C{Hz@AN229(G|Ugw zoV&WI8TQJb|5@Wg0#ghRs7q*Z)12U85uRTeu4&z4lwJ%Zae)b>u$fFbO$WbtzfUg& zWXO0iv>Trbe!%zjOsY&r-PnN2t3DFeos3s1xvTUh3a0jCFyb&LT#h-M{MmI8xRHj%C z`_&wsD%3?pnyrhcC+;f!AASLK@yQ(7u>-E!$Pie86?fL3ze1*;?+`w4*%B!&^ZoJQ zFzbQ%bzxb?t*0HSWc3?|3L zNjDn#MJ3rN|Lx?|fjyAeWl5fzazLK!)3(9 zM?fEJ+I0DJ*4?2a=&IUc9M>d1Py#-jWfFWZ&H0JB`W{QY)-fK}T#QHSD1_6tdufG# z8oh^3y}?%S9a;9bqa|=kqq~Z=xz5Yh^Ojfz=>=`x@-Rv#>)2uF?+ht&5}=ZeMS&S;2dyTkw0PgIR;I_xzNTYFe@wPy+;$!)jnkIDA#ks6_<>pymV03m z(s4s8e>sy|ozX;q8C?>_I8a6T{!MqANz7OJ_BLWqFJOv9t-G9vYS4m@RrewPT*d_| zM!QQndVE60DyN^JmplTWU1~sUfZ`(6 z6kuxA8(h=h-1lb`CsaV>@2?ZZP?;h5u^{tJTz0lf#sNHrFJHX9%{6LRPPO(;OtI~D zr|_M2mvpR2z_u{vTkE{PQ{F9j*oKX5W_~ziV=Q0UWY;YB8rowho%ysM&~~kON6CXl z8SLN*g~(bvG)Ys_u?^r&ExmWybKyI6yXW-(pc)jj_VX}nmEm!z5hs{$pg1;>l#vvs z3}lmJb(fNaPDmJ1VMJ{>k#kZgIl}huqm`5UKH0+-^rYsQ6X4G$mTta%dwWhYhwuOr zQ2^TXO{NI)vfjDI$ET`(vjH4aG5pfQ>j!fp3&xSHW(EV(t$r(es`EZrQVZnS>8J&QzL6VzIp+^ zNwy{HQpSwpC^%AE<4a#~j)it`DHZYx>M+fN-MlAk z&eFk8YHl7%E3jA zclRdF@_ApC=ljm@^Xu?yUF?0Wz2d%Sj4|e%Ef#PcOlXej3jvnwF1#8?71?Ny;O>NE z}bSIwq#=}h-UvnT4(aO z>vL`MhaUxqaiQ zhgv7YaAO>Ut`h)QHV?7?%df6eKp$E3w+8O!kp1U(Qh(t*vIrN5^R%oK424-7??kpQ zD42v{j7La9y5yJ!XZo&)Bm+h*AJv23mQ|R=Hv;sSxAC`U71i!>G^yGJZXQigYEttA z8VG@P#%BQj`Qxh#guqY6S`3WvU8MCft%~~`p$iYQD;j?Ch^7HI_vm2BGdIBMXLXkD zm;4K-iYNn|`nwoP$$mk=IbwP>B;o-@vA$^qQ*zl-J2Ztn2OoPInau?U8h@-|kuqHP zD{SUSbsyl~=nfthM5Kok(eapawwTRf6wc%3@_9BKqH>1Mc(3rh&9s-NpN9_@aboF^ z-`rY&mPB<940K{}UewiqtD?Jx_z(CR-&ey;rBRCv0Fehn`lhCozk@pfWbz_K?ZL1z zpN}T3{>sXQ|JMvv@M_R;a^9v`28D%r=j8ZL*#9GGO`I}I%1mi=;3AAk{3xmZFmESa zf_$Sl_b#H&5Va!_Gd3c($@*6K?PGuwO%_6Nw`^R9%f)Wm=L!lc08M)vS65dYh%BFit#-rv#gZm+YB1BN#-_C0@}uf##(J(x5`sGDZ+!qK9gr}pyA zBF9zA+McGn*k{94DX{xpnZI;^yOq@gRtC4q-yM=x4Sjr&UoBovglf&`EkpZdcfhB$ z^;wd`WUmgn11kg6Us0|1E19%g?IJd7;v~YqhVeh_PHhkn+7|TK&8v|v%fRFpFy+Oc zUFj%D;l@ZVBT0@JOxDvf^AtQ&*B>i0w5o?WFVj`d@BLD(H-^%9c|mBxfI=H~TYA2+ zZFjZOu2QE@$s3{(nz5=UCav*7nI>^#@n$Dhjfjh!8g9<;pgwCmN%`n4LTR}&L_f_; z`NSQ~+-;7jt;QvH@oZiHDE{nb=0r<^Y>`F<^{bNm>} z@#scFWm(PeC8zAZes@M*H4kJfw+5_&YQj#+$Kdw9+)S0S6X;@`5!_Jn@B~aSuaqHq zi>(NAhlGodr40x?svqbwLzQNKW+y5`cNl*Kjh*j z)Zhik3p0ttTk(V+A2iURAj=)1TCqg}K%ED()f}CRyARbZ+C<(%MLx)jmCO(ukHT&X z4EY4(!K??DDdJMSBHqxoe4WwRS^E9_9fU)onZ!iQJgKsI_4l`ZT9>OFKAKP5A}}=1ran^$t#DrPbp6-N5|~7B}zZJ74kh+#0Jo z7$o=Gy1HTrrTDvAORiV;`zE`u9Cj>j&(L(IXsDngxt!L*P}*&%Xc2_g6I`+vwd-J& z0|P4136_*M7fXa(6)x%nnhT&(&@(@iMA)u#z{h}JxVh_CP9=wm5b;v#rA=j?nFQj)s7IH zF=_)88WLeY3D9JbR3g2ndiV(HzW!~MG9F6y_l9+mhZRZsu6wM|sErtrVM8aYMK@B# zXDUG=Njo zymcma=z1bQc1OF}gafp=Owx7)n~c**bdKteA?^qpkYqjYY3(^OC#y`*^(@{ZH_K`< zVoL1b)ZRBCh056(53$MKtE}*C^uzL4jntxKAa<>! z$disV8L|`BI#*uIT$zpGCJUDqP#OHGM6o6UY}w%%jY;nt_`PRqk8Y9dRXwC(l6RAF$S(z@MW=Y2EBQP65K z+VMF&05+AdNKN2MUiEz}rfwG#Yc+@iHGApBJ(okJM!84+RnLcaBCUDLa-evMpPvZv z4PqYiY9y}=^J+{N7o3)JX<#ayb1Ijz%YT$)=q=^Il3!Tol~&Tcs61-FaZ4}eqF9}TylvP zGkiSD#KFe~38jM#p1^`zFOURw&YzV@&%WkZqtdiuo#WY8hdr~7VwYzVqC_b1dwQ3+ zj9GVJai0r3^3?fO83GZNPOeIYSlw5_!&T^W#y<$zn~FQdxYO&e2F17?)!a7VLNriv z-&zdTxz&%2D(Rzp{tX$+Kpy?_L)qtLp^#`md@g=hZfu1Uh>79!~Ii zZ?~J?U0@`K?9QMmV0ri#)2hX7e8#A%C?PuAm2z_d8Jy6(T;o0ok-oWBIDz+zBM(iM z*1p-E$^NdI;3Nk*;vZ>lU}~7Aika)a!^@6gzQoJiIa@_%K7Oz5)IZ7v<}C`fK->qH z@*GhtlH7AdMe0I)(wGL?xQg{Vq6kdE(_F0QMN~LPj8@nkUk0U?(mo(()2oH3e?>y0 z*TJ{{oEAj2KzVf*MnF-Mbjftn7FoN}m|p(Frb?B>CDeIn$aG4HKHkQP%M;uFQ2XJs z0Yw_?a{qaM_$zXG`7FXh%I3RS=y`V4%b5}(DEQs^nR8w9t*i2II<-cJUCRpk_IihQ z=FeZ>9+C)KIKf+n#gGu^&}tZTC6h@Ke#E{7U*lTkz#hs|s!U&X+Wj_C&!^Cism3F0 zXvmgHAR-H4IRR8O^5>oPl&Gra@yr3&`PAE(fY^mHA}1<{KGa# zD$7b5=au*Gh6V-%KL%!7ZWR#%&1K}1GbHcFGY#K-yhsO0y!fWl5wU2z~Z~W1n zb2l@em)4yNocEJul-yZd0WUoLzR4^nC&#%<#<^&}WDj+O?DLtSUXikHV&bphR-6>yh zshx%!;d0dNxcO4x+8{Znd{i`$m2GQ{N+sJ$gHynt^xaDH(OivkRh z%&f+BZN70tF>2<(N_BszvVf#@gu|NvBs^kzxxU)k)GITp|GJn~Rlw#AMd@+X5Hr~K zJcCDD$<(8fi8>*S6z&PTKI+TJ&_TR-kH!x5>Q$Uw4a2D~iu>((mvO4QUv4h#p#i4lABzhBaMt?3 z1$?@*Hc{JvoR$2r{No2{_DH%=ATT0ZXoGG1WMX>S9h*kNhm@pVU2HPR^54%u4yYim z4C*OeEP@etd3y~8r#tK^Iqz&t$y4=usQdcWe;@3ON~-->pajjnvJo6O6MTY3Q8%H* zQ3E0RFQr7Q@WdTyt`lT2zEk|fW};P6fR7Kvb**Z-8HT=k%|qZ~6R3Q4HeHA-iF7L^ z%0BMTTmI*T;sYw-yQKY&XU}M#NeBxl+6ntPTm*SF1Ty*MEH+6*7c&y_!VMU}n7lLW zYl>0ucq&PV;O79Iz(z!=52Tq)TJnB)1-<2LWp&9a$G?&bz-(420cO+p_wxF^k~9D~ zWYA%s!}bM5M6$B)44i(Mi6)6-w{b%JruagTbe23NfizD`DYj~zVJ3I;$-$znL)c-} z_+U~CRHEK!shdz#R{kg`=?=oJ(TLU~3f~rN0Au9n!5h=NSeFnZWNJE%i)D3Sq_vJ~ zAuHaxtJzTG@Gs<)3J_xyaidMvGJ1cEG(TA%Qz+vwD<~U%nAeoLy1MAF8tFzxOZ98? zA<mzXiU&D-t(b>qoH zA?iJjWZG({-`r@9z8L>;S7ybRO{?Oo981&AhWEgrX&J)^3mc4_8l@Ip{F(mm6JvIU z7;3p;aYj$lasOv!|Hv^`5t^7wZRp46CP!*rLu&}GJr$fQ9W|KcE0k?R$eh)kh{?oe zqSEM?7O+6KnmXARBm|8b) zMSW!$KeZITfN*O%eu%nfcjP9L_HjEt%)CFo+9MsV`-t3@c&jR};dx&a$7GBNR7{!` zRp93)JB8xEcE8CmTsFOIXUg! z{cy6O4fB<$)z&DY;>|UYJg&rYx9Sl#s{^z1+&GIy`C6p6XH(3L>LSfGvzY+V#8gVE58BW@~?sVn)R6 zQEZxdR_AIVX0Z_K-5cxVTT(-Lh%*IaUQGZL!yE7%uZ+HM)^RhoH^&RX)0*|_E$8SlRFNP5hD)}x)Gm^amd#azpIS{szC+ZIT5=CQ-QY#cRRn#pkQO)B% zqBqZ~$BsHSTBZ=?bG0{2sC;>3yaR!x?GgyhL}a)4h6aADI7LTT<1vgtD%mgu+0%26 z=YK9jN&J2$T?CkM&gTnQjx?l5XE6jFQ5XJ^E{)IPNs4Ji(5#@YKjScNZmq%a)X>+x z>>M`Vy%;qNQTv*@FyE|NcSa$d@U5VrFhfGeOLaGn`evij9@;XD_h2qin1;oy>jG^= zt8Jf@@cWclO zm!6(#FM_wZ2_IW5Ddc)AV=KFZQxDp{&8Qzw^>cCXbV@{j5`F(ZNa5h4uisbS^L0DQqMAuHDhW)120S|j9(pq;RerU*4^wdxN;)=Xq zNq7-fzPeEX6-t<5yCAUzqh`4F^G1|j6STb;7V`0Aj^Q>eAd{~OUuVLjh{RH7=BV>5 zpi7-(g<11F7H4(rGF<%$qbcQ4mEV;L;4ok6?FEDO4Y{;!lTB6YH)KP0#^&&kc-^r5 zKa3$KCWWZ`BiXqSCDZ})O@CW^;GhpV4XOwpF{PI4sl8=%IBXzV(Pmm~O{ycR{l4?i zoN`Tji>5uq&Sn+z4Me;m^{pqsBb7Ribpwxm(6kMbdC*(Hj?m1# z7da%2ww>Ut*OygfIUDgHKEvMCAe{Cx+kSb{zVov$-5{1J<}Y1LXBmt_9gD_%o$>Q# z3v;hBBcVCx-mTuPV83%tv-}vprbP+i;+q8R32yDolrFB^^M`*Ykw;!^kOh<1Z{LOX z)H=O~u@2PFa&{hBfU&sNXF^4bX1FX5o?lRukXyi%UBdP*QKIOH`l)wrLgZ6i^yPT- z-rZnFALij~{aGc}(R8h6p-A5egsB3=MaRwiAtnrCTrF*psiE4n$vQKl`c%u+mzE*? z{R3|*wWu*M<|xLA7G@#WZq!{eJ~DakvCO^D)+T~{$&pG4xb)ctQZc!2GlJ_+>Warv zfxW5*(fesP#;XgmcW|(M-f8PKB_$TqQc|$5Z$~{#25zRRUfjHkgll2Q`!1hn!RNVyMd=T&{8Hzt#-f#in0 zp#F@BYK`LEGqE>PU<}#Tp2$&2%r;e)Ydt+JU^siSW`c^kx*X)HXt;sd$6FOm9Xjy> z6W{ujTbtXGS1W}=ph~T9P4O_PDXPMvDJsr>dNVolQm__G46 z@IX;D=)xe4V9L~#ph0vRUC%3jIsr#?Bw zGCV22x8qly<6GW^bfH%|)5AYezvrm zK=P}#do&|_a%^sHHj;_@GV`se3@k^ZyNU&j`Ps6woX96%bh8UX33lLRhk7bMF^K>i zIqteXj~&GXcwftT^#rO67-JP(T2E(8NR;XY%%=Z2R&kyx50D_5h@i5k78{rN`KExm z7t)1PT$KO1&d|`%&-p7}pPKcP-O;+}_0!Xmu{`sK(#wN6)o!=T8B=V)1$2cqjjMG( z@y&n(%0&dW!|t%2dJVDlMs0r~z$Gv9004@Ai|4`tR6htLw!W*KK7w!ApF4upw&%+> zSe^1O(?#|-XGA?lR#wvtV)9GVua3DlW-@O6@Kqu+0vR5Exvz~eHfX%JBV&o5$={ot&eexjlN&lhA!flD8Qj@4wdfRK-(ah)uz zDYaU9_{t+c^i)lqHUyN?PT-g!D&j#Zi4=E6%gS~dp@_wlf4V1fcG#SY8RG=s-JO+K zFS$pL;zhssgDe4f0J8=(unTo+l&_T=;R#3w!3b{3Avms zEC?$rw7YH=h);$3!wi6udy*m5{7drpl9G~mbqN?bMa2*#zFT;JffRW>0{p#C)jWlfc>_YhTRXMBy{vLE-o*YXN=CQfcU9{!kAm@V$>@r&L@P|D! z@i3vMKiUd-F_vSfft_Sth;Y7322O{4Xe%qu3|S(>%O@PHG3N7T)f81wVnvY%&@kpX z`(9y6)ii0tUpnkLD*G7l;2g6bUs^x>y{mt2?~@Ran_3dSL@*VHEI$ikaMh*3ERyUv zyq03B;=9VypS)|j{%lvy5iUK@7TeMhn|Qg)7cNj@IT!0qzK67SVRe~SDt-#fF25;K z{PWTmvT(6#Zq{WZESc&p9qX2z=flgAyV7wN%b7{Olaiy@WjVEks^VsR6YDt8WN~{% z)amkanf?ST*QPaUn4u9aYk}io{^flPUUetsvUrzGf8NDeB7&z%xFu3h=b@9wZD)1< z{E1kBr--A6N1cnLh>}*yoiw_tO!BQ%iEeRgYNk_M3$5W_0L1zhSgy&u)%!QhPcfK; zMdQXx%wGo0Y3cErImB^S^A_x~TC=Sm5C{^~5f?#TrC&Iq84iPXkhtGs{lGW=4;+8W^0LG1k@uaXWEuwXx{y* z2X0+0s47R&B{lT8D>UK*(%8%Gq_C|`y4M8_9pc~k)$zWZ}~o= z^PUa*yq)_vx$G67b6`C7@Zvkm8q4oU!W$QLnXnQUV*S8DQfE8jxwtHd{{$vn&e4(e zu>QfQ(sUvJ6GEOIvpbBZo1PQojca-lG$Rp;idt;4a)1^AuI|zbP2=?r-TB@uwnCQ^ zV-xK?4-65_LU{X|y6w3t7?RnSnW_QwU#}3W!m0(i=^LCnmz%*9>U$PQhd3;#2V|ce zO~gy{9vqzDi@ycL?uu~L=tDVwj=7f+wH&32i;2=!37CqZV{6N?0$;LQpHqDzvf)k9 zE=5MtvPFsVy}v3^{2MypXREih+N9)jF8^hoiW_B z!AaGBor=9TsiN)y5eaxSV^0+1oQxxEkHY}@X3UPz!8UOtX{Uakd+u;zwRPkUbx9iX znNrD5pf{`>@nZ3R!2?m`Y$L<9?|a28K3hL!d6^uu4GdR86F;?HC1xHkbPZnLHMb;e zeUFO?127el0MBQ1N3Mw68#wv3AsF71jLhhs1T5wA8WY7LiL9gw&U_A?8`lCVhrDjn z+;fs5-`EhL8Scj6oGx0QV-M$%65j7i-nd>cLF|LYh}yu^r2X8{@;t5yEd>q2>lOb6 zY@fj-@j@6bP0B2>@5e)$`FS0|l=!$sTD^aKa6egl^!QmBYc&4;v1%qTsN~S{3(EG^ zOCl@T#&g^S1p6lXl=QT9#`4!Hs;gtmZ~^_atrmk^OX?w@qc2(gZ2y4MV!RaUKT~ zDx|A);(eKw*kmvgjFYr3>4mmf0+cWJ*2StZu+X7z5iCWuqgWRqiM2 zW|AF4v9|U+vqkRC(&Q&i!d#!NJHmyNbqxIxW`^9P1+_AOlfJE_-)IuDkSj^*ES7I_ zS&n8gANu!^VQs*|$o3m;Be#3-tNC~P+)`*|caZ_& zv<%FK=$*!Gj2Qe+u8M)qa^v%)39;1j0JM-b?Qy%;92D zrbK)kz89BjT$;jbhMkU}~OTC$^Qx8c;H-OT_cTy%btko8GD}=k9|f zhT^Wn-3iFj=qSNO;J(pa%9GPcvTT5b|3S3guZCf<#$+Zu*X>@0Tfx2BrNuASMb1H@ zFoy0_Dj~Sr&LY(=M0w&NK2FrJ1$N`e?+-Q&Fc3gAMJIcyBnD~!Q7fhKx`p-3vhilJ z0ooiTh(cP%C1JM*KF2?hH^Q4sd%;(^c{bFpfh8t(eKht$#2iU?r6kZ~v1ckEQG)(1 zjMVfq#%05Q5+NDCDNA~bZ%u-1L2R3*D6e-#)S6st>I%UD_BW|?jFsPz42fb6wH3nq zkIKr7;!|Kl35(P-3mW%Rr-}-kE8PadHwgQ;K5I7U^mV5S^2qI0)$=zh{bKNmv^|3# zqqBl(@z_`)B<4)`kudPz3S;)YYkn-$GLLz~%jNmHy0aS(lvqCEu8aGvP1`pBHY-1< zX<=8SFh92k4n2Ihf0g#Gd+IFIq_W0*G(upNe9li2#L=MPw2PxCpQV)>&!&lVp|oq; z^;!yixY%bd-?TH9*E# z{wT3CdUJq%mv)rgy_#GdvJ#e9vbUE$g10FIN^DQjZTeN4^|%&Tkv_a4tKN}ocSoV$ltDGC4`e5aTom8zo7haWyvSF9dK*{m=4+-l7@L4oPZd%hs@u z*;x2_r6_;I4}=7g*sB7lp=yAuD=NuvI%vWmP@eiEcCWI3yHssrr`jYv@g__~amz!@ zk{~d*uj`E_gqoJKYDaunx+VUFIal*NQ(04Xcj$V5xc9`m{u0#h%s1^FglQD4xTj2( z@7H=|WDeskpg4)`iTjBpl^QIS!{i&#}cj`Y$}_ZHBTt``OCP-Cdc*5W=|Ng+RS14}M6+AEcF27)!d9F%``tMbh`Uf7YR8?Z9cVTm5uRrgLcutwn@LNXjinn1)6$dz}kx-zi}KUGCOW zNb-eS;ZnTMd7{AHAKiMqQxS;;jaN)viIoeTFIMMSZ zTy~!>Fy$W<62Pm6JH~is{lyJbtDou8S^N5aoH>KdLcKzXoU@&CobobG{CyS&R9z5KgZUXtY zlms^GU-n!~Ed_Dd8Kvi~<5bX_ZD~fqs|n4RJ3G?i(mnLqffKC3Smyy=TY=x6#kjJV zrCQ2c&8-f~Q|P5_N`e_|Swwr>6Siwj<xOYz)+TQ&G_tQe~?F-x!W{#pE;%SdL5tUkrXDmqkl3#o-ccG zcC2#DU<&IBiOq6oXTE1#waWtE{xsE5WOZPkxW%Q))RKc)cZy}^bWNYWU3t$lHpvKO z(j0@pt?^cQpzgp(wT+5nfz^_gqn7nxE@AjS`=u7kPt(IBy@H@^6Wk!urutN8it3WOfEF0&FWXL4 zHMQY&D9w0Kt@Vq=6HI!+yGXd|aQZFcGV2lk-i=u-&YxwxIh$&q{z?jWW)iyo$9OqR zVO0@b);NuB3@^Uw+z;GE5e(J5nVGnj6{Ny%jjt0Z3-Uk6X&Bgkzj+VqI^C@fy z$Ciafuq=aRjMc(dKRhN}BEMHXh-J zCivJUP2HEo6h`!2vT+76`LmN}Pdc>9eD@Mb;<=pG&zbd8pWl+t)gG&e@Ct?&7A+Pl z(L#a#M>jG*ui<}D{r%?Vrj*9LvS@0J`DC3r(xCpL%EVXn9?ER*HGl>STetR-hv2^c z5Zq#Q)6t=p8Xxbcb7Gb}^g&J$(h6lD;chxU1GN8}A~GFf{bNcIlDt}4TH0|wEj4R4 z`<8GbB^0s4AtJK&7X2cM2%6wXMd2N%YZ{bBzibxEZo-#QGYp^bb?r*Ekk}|C^UhZl zh0}Nf1d&-z5&M`Oh7m>})7S%ZFcU$$SPUB{^-!g|?Ww#}yln~LZ+QtIv*r(lo(`^9 zXpqgm$P0BE#Km!fWm8B?hG1U&;0lS$Mu+f8-j%03=axS$6q3S}_VwKpjRoKc@dKIW zcuX!%G@~JkC_GUbYq|iCSjc=HitA|s68jmnBH56|RoX%FU zHM^gDGE|lh?H!_S+xII|siZ?`SYwhF+65qA&3DbA4TN`0B`Gc2PGNg^nY9Fw(h)UFrTE!#UA4^CO;)K zbS);`<;v#D(y@&JCYn|Jm_DpTfrc{=;t#ycA(4Kx`Ka_4n}dFnXBx-iT72{QI5H=K zI52V{%j6oolo9@#f*0=dOA(U3@-hQ=Q(Q0e>|%fNQvaf+1m@dG$=NxjkDupdqIAM} zr*623WTkc~U`i{B?q}yro8&rwZl!wqfe#ZyWRf|RMxtV$0N+NCqhn($+gn3iN6bfI zrlzKw^#^rfxkqsqWeh?3?rvrX!$yOF-;LK8Zf`&_^t zr0T9QX(E{fF&Oi|XCt=y{Sx{59dj`MwF>{qeWwAKup;ZH{%_>ucjch3qd!i!M1cu{9y-g8{PGA zwhb$j1j70Zfb0+O<%+bpQQ0yK`g4xCkE!36M;AC)N#nUfeoe1!XK+5RgCQ@vovP%D zT|ANpDEie8aO~{=TAE4EArBu(aQbVER~93stwoNA&&>|D94o?jzxj818m%OMH?2J{ zByMzfk5gcExw~dBb;aR^t&pSHZEMeKFe{0K#g)aW?BIgl_P}{h_qpnlvt%uWYIql$ z-5&^^e=k8)z{Z7qW_nJL0A6lVSDOs(js5mb=af={-Ma9ZB$0(e-JrINm)I#?8bi*h zql3-I?+LQc-nWr>?O~3022}CB0*oW)2gg52)IS(AB~0#CA#Wg4)qHzZ~N|s!mzFH#1q90`w%+X z32T>^_iCVt#2iVwi7po<;MQkeWY#_1%@}AZmE>?!O|b!G6=nB_=AksiA=%Gj=N%MHnfA}3u!oz6OeU%D<|%_J9C zn(4b!hpehBrC=XCX}N}KEl#WkIV4R)*cGYF)xMOYh>YODfw-$#f8QwTd>56y4Q>-S zx7-S5akVYGwX!Tbvwr^Ya3FvFX)QRXi@7sXn@Hq?C`xmR2A69mv)YN-z7<8C6x z(H}x=JDEofgje-y;Nu99ia#rqppBqEdA6jU99GBXr@t%-Rk|?~R(l@mY!GaG+&-t) z*I0n4nDJb?I3fCzRdL|twgrDgdwgqE6E|ae4yBKqw|{I*n)oKeex~3#;#I4a4Y`U- zG}|b7sbRLsDt!&cS~7wN_T(a(e!Yv1rx{G~ZR7Ct@dCn-1a_4)>HC=Pt{d4aju_`@ zbql2F0#Dy)jvz5(6Lhkmdm$h?x!x=(VsICv;srO2zd%op^LG*{v`4(?+N|YntR#C$ z-+zH*g}|njL8r@WGBFLeWQ75eqeVx^(oQxB1&3kkctPhOd&-`h?uGNAorbu(&)uv% zl8ha<=4LyqlhA05Ga)Zo^>&1hsFI9AghEUAziIQF%t|!(BpQRS@OUrsNdP7)97{mY zgP6B!_-;Rz(MSVr^BcPYq*+Vmw`aKTTg+OPB?9P6-n6lwWS9nmsJ!Xa<{c^_twK%& z{V7@}f9T<3*~HNGoZY(=Z)_j`K`rnL5S2%Q^2kq4aUV z2cpPK)I#95Z3H%=91=AA!M^`Js)L+oC0RC>UQf#!GDa*lVNNvt1+NyNXh)uj#2}rZ ziuew7*&&+({iN`TT<9Unb`(yHb4bff? zxvca4d5pOD-QKIODwY!*%&0a~Jxh|@W?9Xd`*+d2KZ7d5d0w$pj@{(_@&X>Fjc3qhJrx5SBnY5Vr^YRMBVu0 zR<%$13*Jh*Hq){1zHY;o55@LO-;^`#(IYpEM}}{8$JWYH|Az=tt=!9U`_cG}f9w#2 zKd+|R&Qc3zqG347P?l~5+hEdvw)VgmrT@9LbH91HsMsHUhmCSO3CN3+Ur~^M6H%Qq zD$b+iQgWzjjxV>{%>a&j+gz1FS9EdZ?g6POJkM=o%4Du7jW{lp4c=>Hp|*P|vXw?C z)Som#ol8U0i9-=neS6b)ioX9nE5YuQiLN>VjVojd7gh>uxKhl%*x0>Uj@o%0))h9A z2J4w(gLSVvuz4W4pq|(t zv}K`{A4E|z5991p@q(Ncus-pjLn;gAgk}1K^t3OQ0uLFJ-=-i%@ zsEerN)J5Y<`;U~?;w)eDY!s>_uaX>G-cC-dXR(i=e1sMWdFf^-kq*tQs;ROi(mh_b zLJD}B7?-z0==eM)@4f%vzW=B*cD-8br}3k$q|sEk`e>D)C=@w;Ma}UsP;@SnIMgOp zW(ElZ@#M=l6r%C#i_gMME4x+^+XqrAZfgriVyIsx&>|52uh?6;;{!wI;ja g|BfUNC6*tb6M5&!&?;|gJOlnDL}Y}E1$BJ>57UpSKmY&$ literal 0 HcmV?d00001 diff --git a/documentation/docs/aws/xks.md b/documentation/docs/aws/xks.md new file mode 100644 index 0000000000..626ef6d6af --- /dev/null +++ b/documentation/docs/aws/xks.md @@ -0,0 +1,64 @@ +# Integration to AWS External Key Service (XKS) + +## Background + +AWS XKS (External Key Store) is a feature of AWS Key Management Service (AWS KMS) that allows you to use cryptographic keys stored in an external key management system with AWS KMS. +It enables you to maintain control over your keys while leveraging AWS services that integrate with AWS KMS. + +**Source:** [AWS KMS XKS Proxy API Specification - Background](https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/xks_proxy_api_spec.md#background) + +## Architecture + +The Cosmian KMS integrates to AWS XKS and proposes a novel architecture (dubbed *xksv2*) that solves the traditional XKS performance issues without compromising on security. + +![xksv2 architecture diagram](./xksv2.drawio.svg) + +The Cosmian XKSv2 architecture is composed of the following components: + +### Cosmian Confidential KMS + +This is the Confidential Key Management System, deployed as IaaS, in the customer AWS tenant. +It is responsible for managing the Key Encryption Keys (KEKs) wrapping the XKS keys in AWS KMS and for answering encryption and decryption requests from the AWS KMS. + +To protect the KEKs, the Cosmian KMS runs inside a Cosmian VM on top of confidential computing machines. Cosmian VM provides strong security and verifiability guarantees. + +The Cosmian KMS is deployed in AWS infrastructure, solving the XKS scaling problem, as it benefits from a stable high bandwidth network and can easily scale to reliably support large amount of transactions from the AWS KMS. + +The Confidential KMS is available as a ready-to-deploy product from the [AWS Marketplace](https://aws.amazon.com/marketplace/search/results?searchTerms=COSMIAN+KMS). + +### HSM + +The HSM is responsible for storing the Master keys and securing the Cosmian KMS keys. It is deployed in the customer premises or offered as a managed service by Atos. See the [HSM integration documentation](../hsms/index.md) for more details. + + +## Deployment + +1. Deploy a Cosmian KMS in your AWS tenant. You can find the product on the [AWS Marketplace](https://aws.amazon.com/marketplace/search/results?searchTerms=COSMIAN+KMS) and follow the deployment instructions in the product documentation. + +2. Configure the KMS for use with AWS XKS by filling up the `aws_xks_config` section of the configuration file with the following values: + +```toml +[aws_xks_config] +# set this to true +aws_xks_enable = true +# this is the region you Cosmian KMS is deployed in +aws_xks_region = "us-east-1" +# keep this to this value +aws_xks_service = "xks-kms" +# used for sigv4. The values set here must match the values configured +# when setting up the KMS as an external keystore for AWS KMS (see next step) +aws_xks_sigv4_access_key_id = "AKIAIOSFODNN7EXAMPLE" +aws_xks_sigv4_secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" +``` + +3. Configure the KMS to act as an External Key Store for AWS KMS. Follow the instructions in the [AWS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html) to create an External Key Store. + +4. Create an external key in AWS KMS and specify the key store created in the previous step as the key store for the key. + +![Configure the key](./1_configure_key.png) +![Choose the external key](./2_choose_external_key.png) +![Review the key and create it](./7_review.png) + +5. Enforce the correct permissions for the key on the Cosmian KMS. +Make sure the user used by AWS has the permissions for `Encrypt`, `Decrypt` and `GetAttributes`. For instance, when using DynamoDB, the user should be called something like `dynamodb.amazonaws.com`, for Salesforce, it is the user configured as part of the setup. +In doubt, or for testing, grant theses permissions to all users (`*`). \ No newline at end of file diff --git a/documentation/docs/aws/xksv2.drawio.svg b/documentation/docs/aws/xksv2.drawio.svg new file mode 100644 index 0000000000..930f8caf82 --- /dev/null +++ b/documentation/docs/aws/xksv2.drawio.svg @@ -0,0 +1,694 @@ + + + + + + + + + + + + + + + + + +
+
+
+ + TLS PKCS#11 + +
+
+
+ + + TLS PKCS#11 + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + Confidential Computing +
+ AMD SEV-SNP + +
+ +
+
+
+ + + Confidential Computing... + + + + + + + + + + + +
+
+
+ + + + +
+
+
+ + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + Proteccio +
+ HSM + + +
+
+
+ + + Proteccio... + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + AWS +
+ KMS +
+ + +
+
+
+ + + AWS... + + + + + + + + + + + + + + +
+
+
+ + + AWS Services +
+ + +
+
+
+ + + AWS Services + + + + + + + + + + + + + + +
+
+
+ HTTPS +
+ XKS +
+
+
+ + + HTTPS... + + + + + + + + + + + + +
+
+
+
+ + + Key Wrapping / Unwrapping + + +
+
+
+
+ + + Key Wrapping / Unwrapping + + + + + + + + + + + + +
+
+
+ [ 🔑 ] +
+
+
+ + + [ 🔑 ] + + + + + + + + + + + + + + + + + + + Text is not SVG - cannot display + + + + \ No newline at end of file diff --git a/documentation/docs/drawings/xks_v2.drawio.svg b/documentation/docs/drawings/xks_v2.drawio.svg deleted file mode 100644 index 90fb1a045b..0000000000 --- a/documentation/docs/drawings/xks_v2.drawio.svg +++ /dev/null @@ -1,4 +0,0 @@ - - - -
TLS PKCS#11
TLS PKCS#11
Confidential Computing
AMD SEV-SNP
Confidential Computing...
+
+
Proteccio
Proteccio
AWS
KMS
AWS...
AWS Services
AWS Services
HTTPS
XKS
HTTPS...
         Key Wrapping / Unwrapping
         Key Wrapping / Unwrapping
[ 🔑 ]
[ 🔑 ]Text is not SVG - cannot display \ No newline at end of file diff --git a/documentation/mkdocs.yml b/documentation/mkdocs.yml index 03c33d3a98..188c2c0601 100644 --- a/documentation/mkdocs.yml +++ b/documentation/mkdocs.yml @@ -74,7 +74,9 @@ nav: - Other HSMs: hsms/other_hsms.md - Integrations: - API Endpoints: api.md - - AWS ECS Fargate: aws_fargate.md + - AWS: + - ECS Fargate: aws_fargate.md + - External Key Store (XKS): ./aws/xks.md - Azure: - BYOK (Bring Your Own Key): azure/byok.md - Google GCP: diff --git a/shell.nix b/shell.nix index bb60762b41..cc724c4bcd 100644 --- a/shell.nix +++ b/shell.nix @@ -35,6 +35,7 @@ let withHsm = (builtins.getEnv "WITH_HSM") == "1"; withPython = (builtins.getEnv "WITH_PYTHON") == "1"; withCurl = (builtins.getEnv "WITH_CURL") == "1"; + withXks = (builtins.getEnv "WITH_XKS") == "1"; # Import FIPS OpenSSL 3.1.2 - will be used for FIPS builds openssl312Fips = import ./nix/openssl.nix { inherit (pkgs) @@ -76,12 +77,30 @@ pkgs.mkShell { openssl312Fips openssl312FipsShared pkgs.openssl + pkgs.openssl.dev pkgs.pkg-config pkgs.gcc pkgs.rust-bin.stable.latest.default opensslFipsBootstrap ] ++ (if withCurl then [ pkgs.curl ] else [ ]) + ++ ( + if withXks then + [ + pkgs.bash + pkgs.curl + pkgs.jq + pkgs.coreutils + pkgs.gawk + pkgs.gnused + pkgs.vim + pkgs.xxd + # Provides `uuidgen` in the pure nix-shell environment. + pkgs.util-linux + ] + else + [ ] + ) ++ ( if withHsm then [ diff --git a/test_data b/test_data index 2d72a12b75..0f057b0b95 160000 --- a/test_data +++ b/test_data @@ -1 +1 @@ -Subproject commit 2d72a12b7548bf672fe2d6cfe8db6f36d407bfc4 +Subproject commit 0f057b0b95b1ba0d659a15dfeb781e2ebd82fa15 From ee83d1fadc8fb625e56c1187c79ca24da80d6f2f Mon Sep 17 00:00:00 2001 From: Manuthor Date: Wed, 18 Feb 2026 06:57:44 +0100 Subject: [PATCH 2/5] ci: fixing rebase --- Cargo.lock | 972 ++++++++++++++++------------------------------------- 1 file changed, 282 insertions(+), 690 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c72541ff4d..be4742334c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -46,8 +46,7 @@ dependencies = [ "actix-web", "bitflags", "bytes", - "derive_more 2.1.1", - "derive_more 2.1.1", + "derive_more 2.1.0", "futures-core", "http-range", "log", @@ -74,8 +73,7 @@ dependencies = [ "brotli", "bytes", "bytestring", - "derive_more 2.1.1", - "derive_more 2.1.1", + "derive_more 2.1.0", "encoding_rs", "flate2", "foldhash 0.1.5", @@ -244,8 +242,7 @@ dependencies = [ "bytestring", "cfg-if", "cookie", - "derive_more 2.1.1", - "derive_more 2.1.1", + "derive_more 2.1.0", "encoding_rs", "foldhash 0.1.5", "futures-core", @@ -263,7 +260,7 @@ dependencies = [ "serde_json", "serde_urlencoded", "smallvec", - "socket2 0.6.2", + "socket2 0.6.1", "time", "tracing", "url", @@ -310,12 +307,12 @@ dependencies = [ [[package]] name = "aes" -version = "0.9.0-rc.4" +version = "0.9.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04097e08a47d9ad181c2e1f4a5fabc9ae06ce8839a333ba9a949bcb0d31fd2a3" +checksum = "fd9e1c818b25efb32214df89b0ec22f01aa397aaeb718d1022bf0635a3bfd1a8" dependencies = [ - "cipher 0.5.0", - "cpubits", + "cfg-if", + "cipher 0.5.0-rc.2", "cpufeatures", ] @@ -351,12 +348,12 @@ dependencies = [ [[package]] name = "aes-kw" -version = "0.3.0-rc.2" +version = "0.3.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d3f56c4f20065fe12a323918242aefbbd7d85f8ce81dabfdb4b61726d0fe642" +checksum = "02eaa2d54d0fad0116e4b1efb65803ea0bf059ce970a67cd49718d87e807cb51" dependencies = [ - "aes 0.9.0-rc.4", - "const-oid 0.10.2", + "aes 0.9.0-rc.2", + "const-oid 0.10.1", ] [[package]] @@ -438,18 +435,15 @@ checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78" [[package]] name = "anyhow" -version = "1.0.101" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e0fee31ef5ed1ba1316088939cea399010ed7731dba877ed44aeb407a75ea" +checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" [[package]] name = "arc-swap" -version = "1.8.1" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ded5f9a03ac8f24d1b8a25101ee812cd32cdc8c50a4c50237de2c4915850e73" -dependencies = [ - "rustversion", -] +checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] name = "argon2" @@ -481,8 +475,7 @@ dependencies = [ "nom", "num-traits", "rusticata-macros", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "time", ] @@ -511,11 +504,9 @@ dependencies = [ [[package]] name = "assert_cmd" -version = "2.1.2" -version = "2.1.2" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c5bcfa8749ac45dd12cb11055aeeb6b27a3895560d60d71e3c23bf979e60514" -checksum = "9c5bcfa8749ac45dd12cb11055aeeb6b27a3895560d60d71e3c23bf979e60514" +checksum = "bcbb6924530aa9e0432442af08bbcafdad182db80d2e560da42a6d442535bf85" dependencies = [ "anstyle", "bstr", @@ -604,8 +595,7 @@ dependencies = [ "rustversion", "serde", "sync_wrapper", - "tower 0.5.3", - "tower 0.5.3", + "tower 0.5.2", "tower-layer", "tower-service", ] @@ -671,11 +661,9 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "base64ct" -version = "1.8.3" -version = "1.8.3" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" -checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" +checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" [[package]] name = "bitflags" @@ -744,11 +732,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.19.1" -version = "3.19.1" +version = "3.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510" -checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510" +checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43" [[package]] name = "byteorder" @@ -779,9 +765,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cc" -version = "1.2.56" +version = "1.2.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aebf35691d1bfb0ac386a69bac2fde4dd276fb618cf8bf4f5318fe285e821bb2" +checksum = "c481bdbf0ed3b892f6f806287d72acd515b352a4ec27a208489b8c1bc839633a" dependencies = [ "find-msvc-tools", "jobserver", @@ -821,11 +807,9 @@ dependencies = [ [[package]] name = "chrono" -version = "0.4.43" -version = "0.4.43" +version = "0.4.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118" -checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118" +checksum = "145052bdd345b87320e369255277e3fb5152762ad123a901ef5c262dd38fe8d2" dependencies = [ "iana-time-zone", "js-sys", @@ -875,19 +859,19 @@ dependencies = [ [[package]] name = "cipher" -version = "0.5.0" +version = "0.5.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64727038c8c5e2bb503a15b9f5b9df50a1da9a33e83e1f93067d914f2c6604a5" +checksum = "155e4a260750fa4f7754649f049748aacc31db238a358d85fd721002f230f92f" dependencies = [ - "crypto-common 0.2.0", - "inout 0.2.2", + "crypto-common 0.2.0-rc.5", + "inout 0.2.1", ] [[package]] name = "clap" -version = "4.5.58" +version = "4.5.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63be97961acde393029492ce0be7a1af7e323e6bae9511ebfac33751be5e6806" +checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8" dependencies = [ "clap_builder", "clap_derive", @@ -895,9 +879,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.58" +version = "4.5.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f13174bda5dfd69d7e947827e5af4b0f2f94a4a3ee92912fba07a66150f21e2" +checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00" dependencies = [ "anstyle", "clap_lex", @@ -905,9 +889,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.55" +version = "4.5.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a92793da1a46a5f2a02a6f4c46c6496b28c43638adea8306fcb0caa1634f24e5" +checksum = "2a0b5487afeab2deb2ff4e03a807ad1a03ac532ff5a2cee5d86884440c7f7671" dependencies = [ "heck", "proc-macro2", @@ -917,9 +901,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "1.0.0" +version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a822ea5bc7590f9d40f1ba12c0dc3c2760f3482c6984db1573ad11031420831" +checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d" [[package]] name = "combine" @@ -953,11 +937,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "const-oid" -version = "0.10.2" -version = "0.10.2" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" -checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" +checksum = "0dabb6555f92fb9ee4140454eb5dcd14c7960e1225c6d1a6cc361f032947713e" [[package]] name = "const-random" @@ -974,8 +956,7 @@ version = "0.1.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f9d839f2a20b0aee515dc581a6172f2321f96cab76c1a38a4c584a194955390e" dependencies = [ - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", "once_cell", "tiny-keccak", ] @@ -1038,8 +1019,8 @@ dependencies = [ "base64 0.21.7", "serde", "serde_json", - "thiserror 2.0.18", - "toml", + "thiserror 2.0.17", + "toml 0.8.23", "tracing", "url", ] @@ -1074,8 +1055,7 @@ dependencies = [ "curve25519-dalek", "ed25519-dalek", "gensym", - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", "leb128", "rand_chacha 0.3.1", "rand_core 0.6.4", @@ -1104,14 +1084,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "44b2705be438091a343f880385c80d46ecafda93f47c95801f7cf42a54a98588" dependencies = [ "actix-web", - "derive_more 2.1.1", - "derive_more 2.1.1", + "derive_more 2.1.0", "oauth2", "reqwest", "serde", "serde_json", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "tokio", "tracing", "url", @@ -1138,8 +1116,7 @@ dependencies = [ "serde_json", "strum", "strum_macros", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "time", "tracing", "uuid", @@ -1166,8 +1143,7 @@ dependencies = [ "lru 0.16.3", "pkcs11-sys", "rand 0.9.2", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "uuid", "zeroize", ] @@ -1200,8 +1176,7 @@ dependencies = [ "strum", "tempfile", "test_kms_server", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "time", "tokio", "url", @@ -1223,8 +1198,7 @@ dependencies = [ "pem", "serde", "serde_json", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "url", ] @@ -1242,8 +1216,7 @@ dependencies = [ "serde", "serde_json", "strum", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "time", "zeroize", ] @@ -1255,8 +1228,7 @@ dependencies = [ "base64 0.22.1", "console_error_panic_hook", "cosmian_kms_client_utils", - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", "js-sys", "pem", "serde", @@ -1291,8 +1263,7 @@ dependencies = [ "serde_json", "sha2", "tempfile", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "tokio", "uuid", "x509-parser", @@ -1308,8 +1279,7 @@ dependencies = [ "cosmian_logger", "num-bigint-dig", "serde_json", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "zeroize", ] @@ -1358,11 +1328,10 @@ dependencies = [ "smartcardhsm_pkcs11_loader", "softhsm2_pkcs11_loader", "strum", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "time", "tokio", - "toml 0.9.11+spec-1.1.0", + "toml 0.9.8", "tracing", "url", "utimaco_pkcs11_loader", @@ -1395,8 +1364,7 @@ dependencies = [ "serde_json", "strum", "tempfile", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "tokio", "tokio-postgres", "tokio-rusqlite", @@ -1406,11 +1374,9 @@ dependencies = [ [[package]] name = "cosmian_logger" -version = "0.5.5" -version = "0.5.5" +version = "0.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff3434d2a64271c79bb0f0b6c05d4995dd88396165b8aba92291b91ee1deb7ca" -checksum = "ff3434d2a64271c79bb0f0b6c05d4995dd88396165b8aba92291b91ee1deb7ca" +checksum = "92e3c9c7a09cb59a839d7df9cba9fe3f781f2c46fa5b56545092acbbfd3e7aa3" dependencies = [ "opentelemetry 0.29.1", "opentelemetry-otlp 0.29.0", @@ -1418,8 +1384,7 @@ dependencies = [ "opentelemetry-stdout", "opentelemetry_sdk 0.29.0", "syslog-tracing", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "tracing", "tracing-appender", "tracing-opentelemetry", @@ -1458,12 +1423,6 @@ dependencies = [ "redis", ] -[[package]] -name = "cpubits" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef0c543070d296ea414df2dd7625d1b24866ce206709d8a4a424f28377f5861" - [[package]] name = "cpufeatures" version = "0.2.17" @@ -1580,11 +1539,11 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.2.0" +version = "0.2.0-rc.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "211f05e03c7d03754740fd9e585de910a095d6b99f8bcfffdef8319fa02a8331" +checksum = "919bd05924682a5480aec713596b9e2aabed3a0a6022fab6847f85a99e5f190a" dependencies = [ - "hybrid-array 0.4.7", + "hybrid-array 0.4.5", ] [[package]] @@ -1701,11 +1660,9 @@ dependencies = [ [[package]] name = "data-encoding" -version = "2.10.0" -version = "2.10.0" +version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea" -checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea" +checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476" [[package]] name = "deadpool" @@ -1727,8 +1684,7 @@ checksum = "3d697d376cbfa018c23eb4caab1fd1883dd9c906a8c034e8d9a3cb06a7e0bef9" dependencies = [ "async-trait", "deadpool", - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", "tokio", "tokio-postgres", "tracing", @@ -1783,9 +1739,9 @@ dependencies = [ [[package]] name = "deranged" -version = "0.5.6" +version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc3dc5ad92c2e2d1c193bbbbdf2ea477cb81331de4f3103f267ca18368b988c4" +checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587" dependencies = [ "powerfmt", "serde_core", @@ -1806,22 +1762,18 @@ dependencies = [ [[package]] name = "derive_more" -version = "2.1.1" -version = "2.1.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d751e9e49156b02b44f9c1815bcb94b984cdcc4396ecc32521c739452808b134" -checksum = "d751e9e49156b02b44f9c1815bcb94b984cdcc4396ecc32521c739452808b134" +checksum = "10b768e943bed7bf2cab53df09f4bc34bfd217cdb57d971e769874c9a6710618" dependencies = [ "derive_more-impl", ] [[package]] name = "derive_more-impl" -version = "2.1.1" -version = "2.1.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "799a97264921d8623a957f6c3b9011f3b5492f557bbb7a5a19b7fa6d06ba8dcb" -checksum = "799a97264921d8623a957f6c3b9011f3b5492f557bbb7a5a19b7fa6d06ba8dcb" +checksum = "6d286bfdaf75e988b4a78e013ecd79c581e06399ab53fbacd2d916c2f904f30b" dependencies = [ "convert_case 0.10.0", "proc-macro2", @@ -2006,9 +1958,9 @@ checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "find-msvc-tools" -version = "0.1.9" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" +checksum = "3a3076410a55c90011c298b04d0cfa770b00fa04e1e3c97d3f6c9de105a03844" [[package]] name = "flagset" @@ -2018,9 +1970,9 @@ checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" [[package]] name = "flate2" -version = "1.1.9" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "843fba2746e448b37e26a819579957415c8cef339bf08564fe8b7ddbd959573c" +checksum = "bfe33edd8e85a12a67454e37f8c75e730830d83e313556ab9ebf9ee7fbeb3bfb" dependencies = [ "crc32fast", "libz-sys", @@ -2183,17 +2135,14 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.17" -version = "0.2.17" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" -checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592" dependencies = [ "cfg-if", "js-sys", "libc", - "wasi 0.11.1+wasi-snapshot-preview1", - "wasi 0.11.1+wasi-snapshot-preview1", + "wasi", "wasm-bindgen", ] @@ -2209,19 +2158,6 @@ dependencies = [ "wasip2", ] -[[package]] -name = "getrandom" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "139ef39800118c7683f2fd3c98c1b23c09ae076556b435f8e9064ae108aaeeec" -dependencies = [ - "cfg-if", - "libc", - "r-efi", - "wasip2", - "wasip3", -] - [[package]] name = "ghash" version = "0.5.1" @@ -2261,8 +2197,7 @@ dependencies = [ "futures-sink", "futures-util", "http 0.2.12", - "indexmap 2.13.0", - "indexmap 2.13.0", + "indexmap 2.12.1", "slab", "tokio", "tokio-util", @@ -2271,11 +2206,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.4.13" -version = "0.4.13" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" -checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" +checksum = "f3c0b69cfcb4e1b9f1bf2f53f95f766e4661169728ec61cd3fe5a0166f2d1386" dependencies = [ "atomic-waker", "bytes", @@ -2283,8 +2216,7 @@ dependencies = [ "futures-core", "futures-sink", "http 1.4.0", - "indexmap 2.13.0", - "indexmap 2.13.0", + "indexmap 2.12.1", "slab", "tokio", "tokio-util", @@ -2457,9 +2389,9 @@ dependencies = [ [[package]] name = "hybrid-array" -version = "0.4.7" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1b229d73f5803b562cc26e4da0396c8610a4ee209f4fac8fa4f8d709166dc45" +checksum = "f471e0a81b2f90ffc0cb2f951ae04da57de8baa46fa99112b062a5173a5088d0" dependencies = [ "typenum", ] @@ -2474,8 +2406,7 @@ dependencies = [ "bytes", "futures-channel", "futures-core", - "h2 0.4.13", - "h2 0.4.13", + "h2 0.4.12", "http 1.4.0", "http-body", "httparse", @@ -2535,13 +2466,14 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.20" +version = "0.1.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" +checksum = "727805d60e7938b76b826a6ef209eb70eaa1812794f9424d4a4e2d740662df5f" dependencies = [ "base64 0.22.1", "bytes", "futures-channel", + "futures-core", "futures-util", "http 1.4.0", "http-body", @@ -2550,7 +2482,7 @@ dependencies = [ "libc", "percent-encoding", "pin-project-lite", - "socket2 0.6.2", + "socket2 0.6.1", "system-configuration", "tokio", "tower-service", @@ -2560,9 +2492,9 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.65" +version = "0.1.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470" +checksum = "33e57f83510bb73707521ebaffa789ec8caf86f9657cad665b092b581d40e9fb" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -2630,11 +2562,9 @@ checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a" [[package]] name = "icu_properties" -version = "2.1.2" -version = "2.1.2" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" -checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" +checksum = "e93fcd3157766c0c8da2f8cff6ce651a31f0810eaa1c51ec363ef790bbb5fb99" dependencies = [ "icu_collections", "icu_locale_core", @@ -2646,11 +2576,9 @@ dependencies = [ [[package]] name = "icu_properties_data" -version = "2.1.2" -version = "2.1.2" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" -checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" +checksum = "02845b3647bb045f1100ecd6480ff52f34c35f82d9880e029d329c21d1054899" [[package]] name = "icu_provider" @@ -2667,12 +2595,6 @@ dependencies = [ "zerovec", ] -[[package]] -name = "id-arena" -version = "2.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" - [[package]] name = "ident_case" version = "1.0.1" @@ -2718,16 +2640,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.13.0" -version = "2.13.0" +version = "2.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" -checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +checksum = "0ad4bb2b565bca0645f4d68c5c9af97fba094e9791da685bf83cb5f3ce74acf2" dependencies = [ "equivalent", "hashbrown 0.16.1", - "serde", - "serde_core", ] [[package]] @@ -2741,13 +2659,11 @@ dependencies = [ [[package]] name = "inout" -version = "0.2.2" -version = "0.2.2" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7" -checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7" +checksum = "c7357b6e7aa75618c7864ebd0634b115a7218b0615f4cb1df33ac3eca23943d4" dependencies = [ - "hybrid-array 0.4.7", + "hybrid-array 0.4.5", ] [[package]] @@ -2758,11 +2674,9 @@ checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130" [[package]] name = "iri-string" -version = "0.7.10" -version = "0.7.10" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a" -checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a" +checksum = "4f867b9d1d896b67beb18518eda36fdb77a32ea590de864f1325b294a6d14397" dependencies = [ "memchr", "serde", @@ -2799,11 +2713,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.17" -version = "1.0.17" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" -checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" +checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" [[package]] name = "jobserver" @@ -2817,11 +2729,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.85" -version = "0.3.85" +version = "0.3.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" -checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" +checksum = "464a3709c7f55f1f721e5389aa6ea4e3bc6aba669353300af094b29ffbdde1d8" dependencies = [ "once_cell", "wasm-bindgen", @@ -2834,8 +2744,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0529410abe238729a60b108898784df8984c87f6054c9c4fcacc47e4803c1ce1" dependencies = [ "base64 0.22.1", - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", "js-sys", "pem", "serde", @@ -2883,8 +2792,7 @@ version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ee7893dab2e44ae5f9d0173f26ff4aa327c10b01b06a72b52dd9405b628640d" dependencies = [ - "indexmap 2.13.0", - "indexmap 2.13.0", + "indexmap 2.12.1", ] [[package]] @@ -2916,17 +2824,11 @@ version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67" -[[package]] -name = "leb128fmt" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" - [[package]] name = "libc" -version = "0.2.182" +version = "0.2.178" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6800badb6cb2082ffd7b6a67e6125bb39f18782f793520caee8cb8846be06112" +checksum = "37c93d8daa9d8a012fd8ab92f088405fb202ea0b6ab73ee2482ae66af4f42091" [[package]] name = "libloading" @@ -2940,20 +2842,19 @@ dependencies = [ [[package]] name = "libm" -version = "0.2.16" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" +checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" [[package]] name = "libredox" -version = "0.1.12" -version = "0.1.12" +version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d0b95e02c851351f877147b7deea7b1afb1df71b63aa5f8270716e0c5720616" -checksum = "3d0b95e02c851351f877147b7deea7b1afb1df71b63aa5f8270716e0c5720616" +checksum = "416f7e718bdb06000964960ffa43b4335ad4012ae8b99060261aa4a8088d5ccb" dependencies = [ "bitflags", "libc", + "redox_syscall", ] [[package]] @@ -3067,9 +2968,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.8.0" +version = "2.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" +checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273" [[package]] name = "mime" @@ -3121,16 +3022,15 @@ checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" dependencies = [ "libc", "log", - "wasi 0.11.1+wasi-snapshot-preview1", - "wasi 0.11.1+wasi-snapshot-preview1", + "wasi", "windows-sys 0.61.2", ] [[package]] name = "ml-kem" -version = "0.2.2" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcaee19a45f916d98f24a551cc9a2cdae705a040e66f3cbc4f3a282ea6a2e982" +checksum = "97befee0c869cb56f3118f49d0f9bb68c9e3f380dec23c1100aedc4ec3ba239a" dependencies = [ "hybrid-array 0.2.3", "kem", @@ -3154,8 +3054,7 @@ dependencies = [ "quote", "syn", "termcolor", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", ] [[package]] @@ -3180,8 +3079,7 @@ dependencies = [ "serde", "serde_json", "socket2 0.5.10", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "tokio", "tokio-native-tls", "tokio-util", @@ -3212,16 +3110,15 @@ dependencies = [ "serde_json", "sha1", "sha2", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "uuid", ] [[package]] name = "native-tls" -version = "0.2.15" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6cdede44f9a69cab2899a2049e2c3bd49bf911a157f6a3353d4a91c61abbce44" +checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e" dependencies = [ "libc", "log", @@ -3353,8 +3250,7 @@ checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d" dependencies = [ "base64 0.22.1", "chrono", - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", "http 1.4.0", "rand 0.8.5", "reqwest", @@ -3366,24 +3262,6 @@ dependencies = [ "url", ] -[[package]] -name = "objc2-core-foundation" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a180dd8642fa45cdb7dd721cd4c11b1cadd4929ce112ebd8b9f5803cc79d536" -dependencies = [ - "bitflags", -] - -[[package]] -name = "objc2-system-configuration" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7216bd11cbda54ccabcab84d523dc93b858ec75ecfb3a7d89513fa22464da396" -dependencies = [ - "objc2-core-foundation", -] - [[package]] name = "oid-registry" version = "0.8.1" @@ -3479,8 +3357,7 @@ dependencies = [ "futures-sink", "js-sys", "pin-project-lite", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "tracing", ] @@ -3531,8 +3408,7 @@ dependencies = [ "opentelemetry_sdk 0.29.0", "prost", "reqwest", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "tokio", "tonic", "tracing", @@ -3615,8 +3491,7 @@ dependencies = [ "percent-encoding", "rand 0.9.2", "serde_json", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "tracing", ] @@ -3811,11 +3686,9 @@ dependencies = [ [[package]] name = "postgres-protocol" -version = "0.6.10" -version = "0.6.10" +version = "0.6.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ee9dd5fe15055d2b6806f4736aa0c9637217074e224bbec46d4041b91bb9491" -checksum = "3ee9dd5fe15055d2b6806f4736aa0c9637217074e224bbec46d4041b91bb9491" +checksum = "fbef655056b916eb868048276cfd5d6a7dea4f81560dfd047f97c8c6fe3fcfd4" dependencies = [ "base64 0.22.1", "byteorder", @@ -3831,11 +3704,9 @@ dependencies = [ [[package]] name = "postgres-types" -version = "0.2.12" -version = "0.2.12" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54b858f82211e84682fecd373f68e1ceae642d8d751a1ebd13f33de6257b3e20" -checksum = "54b858f82211e84682fecd373f68e1ceae642d8d751a1ebd13f33de6257b3e20" +checksum = "ef4605b7c057056dd35baeb6ac0c0338e4975b1f2bef0f65da953285eb007095" dependencies = [ "bytes", "fallible-iterator 0.2.0", @@ -3871,9 +3742,9 @@ dependencies = [ [[package]] name = "predicates" -version = "3.1.4" +version = "3.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ada8f2932f28a27ee7b70dd6c1c39ea0675c55a36879ab92f3a715eaa1e63cfe" +checksum = "a5d19ee57562043d37e82899fade9a22ebab7be9cef5026b07fda9cdd4293573" dependencies = [ "anstyle", "difflib", @@ -3882,30 +3753,20 @@ dependencies = [ [[package]] name = "predicates-core" -version = "1.0.10" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cad38746f3166b4031b1a0d39ad9f954dd291e7854fcc0eed52ee41a0b50d144" +checksum = "727e462b119fe9c93fd0eb1429a5f7647394014cf3c04ab2c0350eeb09095ffa" [[package]] name = "predicates-tree" -version = "1.0.13" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0de1b847b39c8131db0467e9df1ff60e6d0562ab8e9a16e568ad0fdb372e2f2" +checksum = "72dd2d6d381dfb73a193c7fca536518d7caee39fc8503f74e7dc0be0531b425c" dependencies = [ "predicates-core", "termtree", ] -[[package]] -name = "prettyplease" -version = "0.2.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" -dependencies = [ - "proc-macro2", - "syn", -] - [[package]] name = "primeorder" version = "0.13.6" @@ -3921,8 +3782,7 @@ version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "219cb19e96be00ab2e37d6e299658a0cfa83e52429179969b0f0121b4ac46983" dependencies = [ - "toml_edit 0.23.10+spec-1.0.0", - "toml_edit 0.23.10+spec-1.0.0", + "toml_edit 0.23.9", ] [[package]] @@ -3949,11 +3809,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.106" -version = "1.0.106" +version = "1.0.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" -checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8" dependencies = [ "unicode-ident", ] @@ -4000,11 +3858,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.44" -version = "1.0.44" +version = "1.0.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4" -checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4" +checksum = "a338cc41d27e6cc6dce6cefc13a0729dfbb81c262b1f519331575dd80ef3067f" dependencies = [ "proc-macro2", ] @@ -4033,8 +3889,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" dependencies = [ "rand_chacha 0.9.0", - "rand_core 0.9.5", - "rand_core 0.9.5", + "rand_core 0.9.3", ] [[package]] @@ -4054,8 +3909,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" dependencies = [ "ppv-lite86", - "rand_core 0.9.5", - "rand_core 0.9.5", + "rand_core 0.9.3", ] [[package]] @@ -4064,17 +3918,14 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", ] [[package]] name = "rand_core" -version = "0.9.5" -version = "0.9.5" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" -checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" +checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" dependencies = [ "getrandom 0.3.4", ] @@ -4105,7 +3956,7 @@ dependencies = [ "pin-project-lite", "ryu", "sha1_smol", - "socket2 0.6.2", + "socket2 0.6.1", "tokio", "tokio-util", "url", @@ -4122,9 +3973,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.12.3" +version = "1.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" +checksum = "843bc0191f75f3e22651ae5f1e72939ab2f72a4bc30fa80a066bd66edefc24d4" dependencies = [ "aho-corasick", "memchr", @@ -4134,9 +3985,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.14" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +checksum = "5276caf25ac86c8d810222b3dbb938e512c55c6831a10f3e6ed1c93b84041f1c" dependencies = [ "aho-corasick", "memchr", @@ -4145,31 +3996,28 @@ dependencies = [ [[package]] name = "regex-lite" -version = "0.1.9" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cab834c73d247e67f4fae452806d17d3c7501756d98c8808d7c9c7aa7d18f973" +checksum = "8d942b98df5e658f56f20d592c7f868833fe38115e65c33003d8cd224b0155da" [[package]] name = "regex-syntax" -version = "0.8.9" +version = "0.8.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a96887878f22d7bad8a3b6dc5b7440e0ada9a245242924394987b21cf2210a4c" +checksum = "7a2d987857b319362043e95f5353c0535c1f58eec5336fdfcf626430af7def58" [[package]] name = "reqwest" -version = "0.12.28" -version = "0.12.28" +version = "0.12.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" -checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" +checksum = "9d0946410b9f7b082a427e4ef5c8ff541a88b357bc6c637c40db3a68ac70a36f" dependencies = [ "base64 0.22.1", "bytes", "futures-channel", "futures-core", "futures-util", - "h2 0.4.13", - "h2 0.4.13", + "h2 0.4.12", "http 1.4.0", "http-body", "http-body-util", @@ -4189,8 +4037,7 @@ dependencies = [ "sync_wrapper", "tokio", "tokio-native-tls", - "tower 0.5.3", - "tower 0.5.3", + "tower 0.5.2", "tower-http", "tower-service", "url", @@ -4232,8 +4079,7 @@ checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" dependencies = [ "cc", "cfg-if", - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", "libc", "untrusted 0.9.0", "windows-sys 0.52.0", @@ -4284,11 +4130,9 @@ dependencies = [ [[package]] name = "rustix" -version = "1.1.3" -version = "1.1.3" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34" -checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34" +checksum = "cd15f8a2c5551a84d56efdc1cd049089e409ac19a3072d5037a17fd70719ff3e" dependencies = [ "bitflags", "errno", @@ -4299,11 +4143,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.36" -version = "0.23.36" +version = "0.23.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" -checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" +checksum = "533f54bc6a7d4f647e46ad909549eda97bf5afc1585190ef692b4286b198bd8f" dependencies = [ "once_cell", "rustls-pki-types", @@ -4314,22 +4156,18 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.14.0" -version = "1.14.0" +version = "1.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" -checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" +checksum = "708c0f9d5f54ba0272468c1d306a52c495b31fa155e91bc25371e6df7996908c" dependencies = [ "zeroize", ] [[package]] name = "rustls-webpki" -version = "0.103.9" -version = "0.103.9" +version = "0.103.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" -checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" +checksum = "2ffdfa2f5286e2247234e03f680868ac2815974dc39e00ea15adc445d0aafe52" dependencies = [ "ring 0.17.14", "rustls-pki-types", @@ -4344,9 +4182,9 @@ checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" [[package]] name = "ryu" -version = "1.0.23" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" +checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" [[package]] name = "salsa20" @@ -4516,20 +4354,16 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.149" -version = "1.0.149" +version = "1.0.145" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" -checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c" dependencies = [ - "indexmap 2.13.0", - "indexmap 2.13.0", + "indexmap 2.12.1", "itoa", "memchr", + "ryu", "serde", "serde_core", - "zmij", - "zmij", ] [[package]] @@ -4575,16 +4409,11 @@ dependencies = [ [[package]] name = "serial_test" -version = "3.3.1" -version = "3.3.1" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d0b343e184fc3b7bb44dff0705fffcf4b3756ba6aff420dddd8b24ca145e555" -checksum = "0d0b343e184fc3b7bb44dff0705fffcf4b3756ba6aff420dddd8b24ca145e555" +checksum = "1b258109f244e1d6891bf1053a55d63a5cd4f8f4c30cf9a1280989f80e7a1fa9" dependencies = [ - "futures-executor", - "futures-util", - "futures-executor", - "futures-util", + "futures", "log", "once_cell", "parking_lot", @@ -4594,11 +4423,9 @@ dependencies = [ [[package]] name = "serial_test_derive" -version = "3.3.1" -version = "3.3.1" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f50427f258fb77356e4cd4aa0e87e2bd2c66dbcee41dc405282cae2bfc26c83" -checksum = "6f50427f258fb77356e4cd4aa0e87e2bd2c66dbcee41dc405282cae2bfc26c83" +checksum = "5d69265a08751de7844521fd15003ae0a888e035773ba05695c5c759a6f89eef" dependencies = [ "proc-macro2", "quote", @@ -4660,14 +4487,10 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signal-hook-registry" -version = "1.4.8" -version = "1.4.8" +version = "1.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" -checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +checksum = "7664a098b8e616bdfcc2dc0e9ac44eb231eedf41db4e9fe95d8d32ec728dedad" dependencies = [ - "errno", - "errno", "libc", ] @@ -4683,36 +4506,33 @@ dependencies = [ [[package]] name = "simd-adler32" -version = "0.3.8" -version = "0.3.8" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e320a6c5ad31d271ad523dcf3ad13e2767ad8b1cb8f047f75a8aeaf8da139da2" -checksum = "e320a6c5ad31d271ad523dcf3ad13e2767ad8b1cb8f047f75a8aeaf8da139da2" +checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe" [[package]] name = "simple_asn1" -version = "0.6.4" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d585997b0ac10be3c5ee635f1bab02d512760d14b7c468801ac8a01d9ae5f1d" +checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb" dependencies = [ "num-bigint", "num-traits", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "time", ] [[package]] name = "siphasher" -version = "1.0.2" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2aa850e253778c88a04c3d7323b043aeda9d3e30d5971937c1855769763678e" +checksum = "56199f7ddabf13fe5074ce809e7d3f42b42ae711800501b5b16ea82ad029c39d" [[package]] name = "slab" -version = "0.4.12" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" +checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589" [[package]] name = "smallvec" @@ -4741,9 +4561,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.6.2" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86f4aa3ad99f2088c990dfa82d367e19cb29268ed67c574d10d0a4bfe71f07e0" +checksum = "17129e116933cf371d018bb80ae557e889637989d8638274fb25622827b03881" dependencies = [ "libc", "windows-sys 0.60.2", @@ -4832,9 +4652,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.115" +version = "2.0.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e614ed320ac28113fa64972c4262d5dbc89deacdfd00c34a3e4cea073243c12" +checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87" dependencies = [ "proc-macro2", "quote", @@ -4874,9 +4694,9 @@ dependencies = [ [[package]] name = "system-configuration" -version = "0.7.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a13f3d0daba03132c0aa9767f98351b3488edc2c100cda2d2ec2b04f3d8d3c8b" +checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" dependencies = [ "bitflags", "core-foundation", @@ -4895,12 +4715,12 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.25.0" +version = "3.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0136791f7c95b1f6dd99f9cc786b91bb81c3800b639b3478e561ddb7be95e5f1" +checksum = "2d31c77bdf42a745371d260a26ca7163f1e0924b64afa0b688e61b5a9fa02f16" dependencies = [ "fastrand", - "getrandom 0.4.1", + "getrandom 0.3.4", "once_cell", "rustix", "windows-sys 0.61.2", @@ -4947,14 +4767,11 @@ dependencies = [ [[package]] name = "thiserror" -version = "2.0.18" -version = "2.0.18" +version = "2.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" -checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +checksum = "f63587ca0f12b72a0600bcba1d40081f830876000bb46dd2337a3051618f4fc8" dependencies = [ - "thiserror-impl 2.0.18", - "thiserror-impl 2.0.18", + "thiserror-impl 2.0.17", ] [[package]] @@ -4970,11 +4787,9 @@ dependencies = [ [[package]] name = "thiserror-impl" -version = "2.0.18" -version = "2.0.18" +version = "2.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" -checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +checksum = "3ff15c8ecd7de3849db632e14d18d2571fa09dfc5ed93479bc4485c7a517c913" dependencies = [ "proc-macro2", "quote", @@ -5090,11 +4905,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.49.0" -version = "1.49.0" +version = "1.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86" -checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86" +checksum = "ff360e02eab121e0bc37a2d3b4d4dc622e6eda3a8e5253d5435ecf5bd4c68408" dependencies = [ "bytes", "libc", @@ -5102,7 +4915,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2 0.6.2", + "socket2 0.6.1", "tokio-macros", "windows-sys 0.61.2", ] @@ -5141,11 +4954,9 @@ dependencies = [ [[package]] name = "tokio-postgres" -version = "0.7.16" -version = "0.7.16" +version = "0.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcea47c8f71744367793f16c2db1f11cb859d28f436bdb4ca9193eb1f787ee42" -checksum = "dcea47c8f71744367793f16c2db1f11cb859d28f436bdb4ca9193eb1f787ee42" +checksum = "2b40d66d9b2cfe04b628173409368e58247e8eddbbd3b0e6c6ba1d09f20f6c9e" dependencies = [ "async-trait", "byteorder", @@ -5161,7 +4972,7 @@ dependencies = [ "postgres-protocol", "postgres-types", "rand 0.9.2", - "socket2 0.6.2", + "socket2 0.6.1", "tokio", "tokio-util", "whoami", @@ -5190,11 +5001,9 @@ dependencies = [ [[package]] name = "tokio-stream" -version = "0.1.18" -version = "0.1.18" +version = "0.1.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70" -checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70" +checksum = "eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047" dependencies = [ "futures-core", "pin-project-lite", @@ -5203,11 +5012,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.18" -version = "0.7.18" +version = "0.7.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" -checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" +checksum = "2efa149fe76073d6e8fd97ef4f4eca7b67f599660115591483572e406e165594" dependencies = [ "bytes", "futures-core", @@ -5230,14 +5037,14 @@ dependencies = [ [[package]] name = "toml" -version = "0.9.11+spec-1.1.0" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3afc9a848309fe1aaffaed6e1546a7a14de1f935dc9d89d32afd9a44bab7c46" +checksum = "f0dc8b1fb61449e27716ec0e1bdf0f6b8f3e8f6b05391e8497b8b6d7804ea6d8" dependencies = [ - "indexmap 2.13.0", + "indexmap 2.12.1", "serde_core", "serde_spanned 1.0.4", - "toml_datetime 0.7.5+spec-1.1.0", + "toml_datetime 0.7.3", "toml_parser", "toml_writer", "winnow", @@ -5254,11 +5061,9 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "0.7.5+spec-1.1.0" -version = "0.7.5+spec-1.1.0" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347" -checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347" +checksum = "f2cdb639ebbc97961c51720f858597f7f24c4fc295327923af55b74c3c724533" dependencies = [ "serde_core", ] @@ -5269,8 +5074,7 @@ version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ - "indexmap 2.13.0", - "indexmap 2.13.0", + "indexmap 2.12.1", "serde", "serde_spanned 0.6.9", "toml_datetime 0.6.11", @@ -5280,25 +5084,21 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.23.10+spec-1.0.0" -version = "0.23.10+spec-1.0.0" +version = "0.23.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84c8b9f757e028cee9fa244aea147aab2a9ec09d5325a9b01e0a49730c2b5269" -checksum = "84c8b9f757e028cee9fa244aea147aab2a9ec09d5325a9b01e0a49730c2b5269" +checksum = "5d7cbc3b4b49633d57a0509303158ca50de80ae32c265093b24c414705807832" dependencies = [ - "indexmap 2.13.0", - "toml_datetime 0.7.5+spec-1.1.0", - "indexmap 2.13.0", - "toml_datetime 0.7.5+spec-1.1.0", + "indexmap 2.12.1", + "toml_datetime 0.7.3", "toml_parser", "winnow", ] [[package]] name = "toml_parser" -version = "1.0.8+spec-1.1.0" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0742ff5ff03ea7e67c8ae6c93cac239e0d9784833362da3f9a9c1da8dfefcbdc" +checksum = "c0cbe268d35bdb4bb5a56a2de88d0ad0eb70af5384a99d648cd4b3d04039800e" dependencies = [ "winnow", ] @@ -5326,8 +5126,7 @@ dependencies = [ "axum", "base64 0.22.1", "bytes", - "h2 0.4.13", - "h2 0.4.13", + "h2 0.4.12", "http 1.4.0", "http-body", "http-body-util", @@ -5368,11 +5167,9 @@ dependencies = [ [[package]] name = "tower" -version = "0.5.3" -version = "0.5.3" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" -checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9" dependencies = [ "futures-core", "futures-util", @@ -5385,11 +5182,9 @@ dependencies = [ [[package]] name = "tower-http" -version = "0.6.8" -version = "0.6.8" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" -checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" +checksum = "9cf146f99d442e8e68e585f5d798ccd3cad9a7835b917e09728880a862706456" dependencies = [ "bitflags", "bytes", @@ -5398,8 +5193,7 @@ dependencies = [ "http-body", "iri-string", "pin-project-lite", - "tower 0.5.3", - "tower 0.5.3", + "tower 0.5.2", "tower-layer", "tower-service", ] @@ -5418,11 +5212,9 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tracing" -version = "0.1.44" -version = "0.1.44" +version = "0.1.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" -checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647" dependencies = [ "log", "pin-project-lite", @@ -5437,8 +5229,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "786d480bce6247ab75f005b14ae1624ad978d3029d9113f0a22fa1ac773faeaf" dependencies = [ "crossbeam-channel", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "time", "tracing-subscriber", ] @@ -5456,11 +5247,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.36" -version = "0.1.36" +version = "0.1.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" -checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c" dependencies = [ "once_cell", "valuable", @@ -5531,11 +5320,9 @@ checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" [[package]] name = "unicase" -version = "2.9.0" -version = "2.9.0" +version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbc4bc3a9f746d862c45cb89d705aa10f187bb96c76001afab07a0d35ce60142" -checksum = "dbc4bc3a9f746d862c45cb89d705aa10f187bb96c76001afab07a0d35ce60142" +checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539" [[package]] name = "unicode-bidi" @@ -5545,9 +5332,9 @@ checksum = "5c1cb5db39152898a79168971543b1cb5020dff7fe43c8dc468b0885f5e29df5" [[package]] name = "unicode-ident" -version = "1.0.23" +version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "537dd038a89878be9b64dd4bd1b260315c1bb94f4d784956b81e27a088d9a09e" +checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5" [[package]] name = "unicode-normalization" @@ -5600,18 +5387,14 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" -version = "2.5.8" -version = "2.5.8" +version = "2.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" -checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +checksum = "08bc136a29a3d1758e07a9cca267be308aeebf5cfd5a10f3f67ab2097683ef5b" dependencies = [ "form_urlencoded", "idna", "percent-encoding", "serde", - "serde_derive", - "serde_derive", ] [[package]] @@ -5633,8 +5416,7 @@ version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b913a3b5fe84142e269d63cc62b64319ccaf89b748fc31fe025177f767a756c4" dependencies = [ - "getrandom 0.2.17", - "getrandom 0.2.17", + "getrandom 0.2.16", ] [[package]] @@ -5695,64 +5477,26 @@ version = "0.11.1+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" -[[package]] -name = "wasi" -version = "0.14.7+wasi-0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c" -dependencies = [ - "wasip2", -] - -[[package]] -name = "wasi" -version = "0.14.7+wasi-0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c" -dependencies = [ - "wasip2", -] - [[package]] name = "wasip2" -version = "1.0.2+wasi-0.2.9" -version = "1.0.2+wasi-0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" -dependencies = [ - "wit-bindgen", -] - -[[package]] -name = "wasip3" -version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +version = "1.0.1+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7" dependencies = [ "wit-bindgen", ] [[package]] name = "wasite" -version = "1.0.2" -version = "1.0.2" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66fe902b4a6b8028a753d5424909b764ccf79b7a209eac9bf97e59cda9f71a42" -dependencies = [ - "wasi 0.14.7+wasi-0.2.4", -] -checksum = "66fe902b4a6b8028a753d5424909b764ccf79b7a209eac9bf97e59cda9f71a42" -dependencies = [ - "wasi 0.14.7+wasi-0.2.4", -] +checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" [[package]] name = "wasm-bindgen" -version = "0.2.108" -version = "0.2.108" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" -checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" +checksum = "0d759f433fa64a2d763d1340820e46e111a7a5ab75f993d1852d70b03dbb80fd" dependencies = [ "cfg-if", "once_cell", @@ -5763,15 +5507,11 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.58" -version = "0.4.58" +version = "0.4.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70a6e77fd0ae8029c9ea0063f87c46fde723e7d887703d74ad2616d792e51e6f" -checksum = "70a6e77fd0ae8029c9ea0063f87c46fde723e7d887703d74ad2616d792e51e6f" +checksum = "836d9622d604feee9e5de25ac10e3ea5f2d65b41eac0d9ce72eb5deae707ce7c" dependencies = [ "cfg-if", - "futures-util", - "futures-util", "js-sys", "once_cell", "wasm-bindgen", @@ -5780,11 +5520,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.108" -version = "0.2.108" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" -checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" +checksum = "48cb0d2638f8baedbc542ed444afc0644a29166f1595371af4fecf8ce1e7eeb3" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -5792,11 +5530,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.108" -version = "0.2.108" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" -checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" +checksum = "cefb59d5cd5f92d9dcf80e4683949f15ca4b511f4ac0a6e14d4e1ac60c6ecd40" dependencies = [ "bumpalo", "proc-macro2", @@ -5807,22 +5543,18 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.108" -version = "0.2.108" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" -checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" +checksum = "cbc538057e648b67f72a982e708d485b2efa771e1ac05fec311f9f63e5800db4" dependencies = [ "unicode-ident", ] [[package]] name = "wasm-bindgen-test" -version = "0.3.58" -version = "0.3.58" +version = "0.3.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45649196a53b0b7a15101d845d44d2dda7374fc1b5b5e2bbf58b7577ff4b346d" -checksum = "45649196a53b0b7a15101d845d44d2dda7374fc1b5b5e2bbf58b7577ff4b346d" +checksum = "25e90e66d265d3a1efc0e72a54809ab90b9c0c515915c67cdf658689d2c22c6c" dependencies = [ "async-trait", "cast", @@ -5837,70 +5569,24 @@ dependencies = [ "wasm-bindgen", "wasm-bindgen-futures", "wasm-bindgen-test-macro", - "wasm-bindgen-test-shared", - "wasm-bindgen-test-shared", ] [[package]] name = "wasm-bindgen-test-macro" -version = "0.3.58" -version = "0.3.58" +version = "0.3.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f579cdd0123ac74b94e1a4a72bd963cf30ebac343f2df347da0b8df24cdebed2" -checksum = "f579cdd0123ac74b94e1a4a72bd963cf30ebac343f2df347da0b8df24cdebed2" +checksum = "7150335716dce6028bead2b848e72f47b45e7b9422f64cccdc23bedca89affc1" dependencies = [ "proc-macro2", "quote", "syn", ] -[[package]] -name = "wasm-bindgen-test-shared" -version = "0.2.108" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8145dd1593bf0fb137dbfa85b8be79ec560a447298955877804640e40c2d6ea" - -[[package]] -name = "wasm-encoder" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" -dependencies = [ - "leb128fmt", - "wasmparser", -] - -[[package]] -name = "wasm-metadata" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" -dependencies = [ - "anyhow", - "indexmap 2.13.0", - "wasm-encoder", - "wasmparser", -] - -[[package]] -name = "wasmparser" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" -dependencies = [ - "bitflags", - "hashbrown 0.15.5", - "indexmap 2.13.0", - "semver", -] - [[package]] name = "web-sys" -version = "0.3.85" -version = "0.3.85" +version = "0.3.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "312e32e551d92129218ea9a2452120f4aabc03529ef03e4d0d82fb2780608598" -checksum = "312e32e551d92129218ea9a2452120f4aabc03529ef03e4d0d82fb2780608598" +checksum = "9b32828d774c412041098d182a8b38b16ea816958e07cf40eec2bc080ae137ac" dependencies = [ "js-sys", "wasm-bindgen", @@ -5918,13 +5604,11 @@ dependencies = [ [[package]] name = "whoami" -version = "2.1.1" +version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6a5b12f9df4f978d2cfdb1bd3bac52433f44393342d7ee9c25f5a1c14c0f45d" +checksum = "5d4a4db5077702ca3015d3d02d74974948aba2ad9e12ab7df718ee64ccd7e97d" dependencies = [ - "libc", "libredox", - "objc2-system-configuration", "wasite", "web-sys", ] @@ -6197,92 +5881,9 @@ dependencies = [ [[package]] name = "wit-bindgen" -version = "0.51.0" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" -dependencies = [ - "wit-bindgen-rust-macro", -] - -[[package]] -name = "wit-bindgen-core" -version = "0.51.0" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" -dependencies = [ - "anyhow", - "heck", - "wit-parser", -] - -[[package]] -name = "wit-bindgen-rust" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" -dependencies = [ - "anyhow", - "heck", - "indexmap 2.13.0", - "prettyplease", - "syn", - "wasm-metadata", - "wit-bindgen-core", - "wit-component", -] - -[[package]] -name = "wit-bindgen-rust-macro" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" -dependencies = [ - "anyhow", - "prettyplease", - "proc-macro2", - "quote", - "syn", - "wit-bindgen-core", - "wit-bindgen-rust", -] - -[[package]] -name = "wit-component" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" -dependencies = [ - "anyhow", - "bitflags", - "indexmap 2.13.0", - "log", - "serde", - "serde_derive", - "serde_json", - "wasm-encoder", - "wasm-metadata", - "wasmparser", - "wit-parser", -] - -[[package]] -name = "wit-parser" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" -dependencies = [ - "anyhow", - "id-arena", - "indexmap 2.13.0", - "log", - "semver", - "serde", - "serde_derive", - "serde_json", - "unicode-xid", - "wasmparser", -] +checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" [[package]] name = "writeable" @@ -6316,8 +5917,7 @@ dependencies = [ "oid-registry", "ring 0.17.14", "rusticata-macros", - "thiserror 2.0.18", - "thiserror 2.0.18", + "thiserror 2.0.17", "time", ] @@ -6356,18 +5956,18 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.8.39" +version = "0.8.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db6d35d663eadb6c932438e763b262fe1a70987f9ae936e60158176d710cae4a" +checksum = "fd74ec98b9250adb3ca554bdde269adf631549f51d8a8f8f0a10b50f1cb298c3" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.8.39" +version = "0.8.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4122cd3169e94605190e77839c9a40d40ed048d305bfdc146e7df40ab0f3e517" +checksum = "d8a8d209fdf45cf5138cbb5a506f6b52522a25afccc534d1475dad8e31105c6a" dependencies = [ "proc-macro2", "quote", @@ -6407,11 +6007,9 @@ dependencies = [ [[package]] name = "zeroize_derive" -version = "1.4.3" -version = "1.4.3" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" -checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", @@ -6451,12 +6049,6 @@ dependencies = [ "syn", ] -[[package]] -name = "zmij" -version = "1.0.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" - [[package]] name = "zstd" version = "0.13.3" From eb4e853af92c9cced071abd04b8509b34edb0365 Mon Sep 17 00:00:00 2001 From: Manuthor Date: Wed, 18 Feb 2026 07:48:21 +0100 Subject: [PATCH 3/5] chore: update Nix expected hash --- .github/reusable_scripts | 2 +- nix/expected-hashes/server.vendor.dynamic.darwin.sha256 | 2 +- nix/expected-hashes/server.vendor.dynamic.linux.sha256 | 2 +- nix/expected-hashes/server.vendor.static.darwin.sha256 | 2 +- nix/expected-hashes/server.vendor.static.linux.sha256 | 2 +- nix/expected-hashes/ui.vendor.fips.sha256 | 2 +- nix/expected-hashes/ui.vendor.non-fips.sha256 | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/reusable_scripts b/.github/reusable_scripts index 43e3bf1d31..3a192d61ba 160000 --- a/.github/reusable_scripts +++ b/.github/reusable_scripts @@ -1 +1 @@ -Subproject commit 43e3bf1d311274698b164c3ea49fc7928562acd7 +Subproject commit 3a192d61baf5dc9fbd3dd494a69c8c87d0fae4f1 diff --git a/nix/expected-hashes/server.vendor.dynamic.darwin.sha256 b/nix/expected-hashes/server.vendor.dynamic.darwin.sha256 index 1237af0dab..80319792e9 100644 --- a/nix/expected-hashes/server.vendor.dynamic.darwin.sha256 +++ b/nix/expected-hashes/server.vendor.dynamic.darwin.sha256 @@ -1 +1 @@ -sha256-howIOhqJnUoJ4uGCxdNq34ktEMnSPCQt9yBgMaXUCKc= +sha256-rCP1q6x52b8etDMWfGmEExTzaHex+qwQKXnH+hwf+i4= diff --git a/nix/expected-hashes/server.vendor.dynamic.linux.sha256 b/nix/expected-hashes/server.vendor.dynamic.linux.sha256 index 1237af0dab..80319792e9 100644 --- a/nix/expected-hashes/server.vendor.dynamic.linux.sha256 +++ b/nix/expected-hashes/server.vendor.dynamic.linux.sha256 @@ -1 +1 @@ -sha256-howIOhqJnUoJ4uGCxdNq34ktEMnSPCQt9yBgMaXUCKc= +sha256-rCP1q6x52b8etDMWfGmEExTzaHex+qwQKXnH+hwf+i4= diff --git a/nix/expected-hashes/server.vendor.static.darwin.sha256 b/nix/expected-hashes/server.vendor.static.darwin.sha256 index 358e394ecb..3455a64649 100644 --- a/nix/expected-hashes/server.vendor.static.darwin.sha256 +++ b/nix/expected-hashes/server.vendor.static.darwin.sha256 @@ -1 +1 @@ -sha256-lc3iUbmgqSb3ZiEBjaSpbnoWJUKJYNCKNb2LYsRgaLc= +sha256-xA1xs1MHTMQRD6G5Atn2EMkZ2awIOOnrRDpMxS8VyqU= diff --git a/nix/expected-hashes/server.vendor.static.linux.sha256 b/nix/expected-hashes/server.vendor.static.linux.sha256 index 358e394ecb..3455a64649 100644 --- a/nix/expected-hashes/server.vendor.static.linux.sha256 +++ b/nix/expected-hashes/server.vendor.static.linux.sha256 @@ -1 +1 @@ -sha256-lc3iUbmgqSb3ZiEBjaSpbnoWJUKJYNCKNb2LYsRgaLc= +sha256-xA1xs1MHTMQRD6G5Atn2EMkZ2awIOOnrRDpMxS8VyqU= diff --git a/nix/expected-hashes/ui.vendor.fips.sha256 b/nix/expected-hashes/ui.vendor.fips.sha256 index 31b88f4753..94fa43f7da 100644 --- a/nix/expected-hashes/ui.vendor.fips.sha256 +++ b/nix/expected-hashes/ui.vendor.fips.sha256 @@ -1 +1 @@ -sha256-BSmBMTtDNgJJJ/5s2HyxQdS0vz/c/+jJ2DttfDaghYE= +sha256-AChuoWXjIdw1c3zFnkgHqJ74j7pYZVXUmBBDDmEc0eE= diff --git a/nix/expected-hashes/ui.vendor.non-fips.sha256 b/nix/expected-hashes/ui.vendor.non-fips.sha256 index 408558e17d..35de04f248 100644 --- a/nix/expected-hashes/ui.vendor.non-fips.sha256 +++ b/nix/expected-hashes/ui.vendor.non-fips.sha256 @@ -1 +1 @@ -sha256-D8mmERNuf/f6GaZsD+6WMSITlOJzYo7RBQiEWIsy/7A= +sha256-4BMrWZnk1CLn54ALz/7iekVjh+nrTzWTkXDkHtZ7oTI= From a9a1f364b7a3ea45f65a772453026e9be6788001 Mon Sep 17 00:00:00 2001 From: Manuthor Date: Wed, 18 Feb 2026 09:31:52 +0100 Subject: [PATCH 4/5] fix: freeze wasm-bindgen to 0.2.108 --- Cargo.lock | 44 ++++++++++++++++++++++++---------------- crate/server/src/main.rs | 5 +++-- crate/wasm/Cargo.toml | 2 +- 3 files changed, 30 insertions(+), 21 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index be4742334c..e84361e995 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2729,9 +2729,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.83" +version = "0.3.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "464a3709c7f55f1f721e5389aa6ea4e3bc6aba669353300af094b29ffbdde1d8" +checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" dependencies = [ "once_cell", "wasm-bindgen", @@ -5494,9 +5494,9 @@ checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" [[package]] name = "wasm-bindgen" -version = "0.2.106" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d759f433fa64a2d763d1340820e46e111a7a5ab75f993d1852d70b03dbb80fd" +checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" dependencies = [ "cfg-if", "once_cell", @@ -5507,11 +5507,12 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.56" +version = "0.4.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836d9622d604feee9e5de25ac10e3ea5f2d65b41eac0d9ce72eb5deae707ce7c" +checksum = "70a6e77fd0ae8029c9ea0063f87c46fde723e7d887703d74ad2616d792e51e6f" dependencies = [ "cfg-if", + "futures-util", "js-sys", "once_cell", "wasm-bindgen", @@ -5520,9 +5521,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.106" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48cb0d2638f8baedbc542ed444afc0644a29166f1595371af4fecf8ce1e7eeb3" +checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -5530,9 +5531,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.106" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cefb59d5cd5f92d9dcf80e4683949f15ca4b511f4ac0a6e14d4e1ac60c6ecd40" +checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" dependencies = [ "bumpalo", "proc-macro2", @@ -5543,18 +5544,18 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.106" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cbc538057e648b67f72a982e708d485b2efa771e1ac05fec311f9f63e5800db4" +checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" dependencies = [ "unicode-ident", ] [[package]] name = "wasm-bindgen-test" -version = "0.3.56" +version = "0.3.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25e90e66d265d3a1efc0e72a54809ab90b9c0c515915c67cdf658689d2c22c6c" +checksum = "45649196a53b0b7a15101d845d44d2dda7374fc1b5b5e2bbf58b7577ff4b346d" dependencies = [ "async-trait", "cast", @@ -5569,24 +5570,31 @@ dependencies = [ "wasm-bindgen", "wasm-bindgen-futures", "wasm-bindgen-test-macro", + "wasm-bindgen-test-shared", ] [[package]] name = "wasm-bindgen-test-macro" -version = "0.3.56" +version = "0.3.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7150335716dce6028bead2b848e72f47b45e7b9422f64cccdc23bedca89affc1" +checksum = "f579cdd0123ac74b94e1a4a72bd963cf30ebac343f2df347da0b8df24cdebed2" dependencies = [ "proc-macro2", "quote", "syn", ] +[[package]] +name = "wasm-bindgen-test-shared" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8145dd1593bf0fb137dbfa85b8be79ec560a447298955877804640e40c2d6ea" + [[package]] name = "web-sys" -version = "0.3.83" +version = "0.3.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b32828d774c412041098d182a8b38b16ea816958e07cf40eec2bc080ae137ac" +checksum = "312e32e551d92129218ea9a2452120f4aabc03529ef03e4d0d82fb2780608598" dependencies = [ "js-sys", "wasm-bindgen", diff --git a/crate/server/src/main.rs b/crate/server/src/main.rs index 4118cf824e..ca5f6ad173 100644 --- a/crate/server/src/main.rs +++ b/crate/server/src/main.rs @@ -148,8 +148,9 @@ mod tests { use cosmian_kms_server::{ config::{ - ClapConfig, GoogleCseConfig, HttpConfig, IdpAuthConfig, KmipPolicyConfig, LoggingConfig, MainDBConfig, - OidcConfig, ProxyConfig, SocketServerConfig, TlsConfig, UiConfig, WorkspaceConfig, + ClapConfig, GoogleCseConfig, HttpConfig, IdpAuthConfig, KmipPolicyConfig, + LoggingConfig, MainDBConfig, OidcConfig, ProxyConfig, SocketServerConfig, TlsConfig, + UiConfig, WorkspaceConfig, }, routes::aws_xks::AwsXksConfig, }; diff --git a/crate/wasm/Cargo.toml b/crate/wasm/Cargo.toml index 1b5b21fed1..bc27d520ab 100644 --- a/crate/wasm/Cargo.toml +++ b/crate/wasm/Cargo.toml @@ -33,7 +33,7 @@ pem = { workspace = true } serde = { workspace = true } serde-wasm-bindgen = "0.6.5" serde_json = { workspace = true } -wasm-bindgen = "0.2.100" +wasm-bindgen = "0.2.108" console_error_panic_hook = "0.1" x509-cert = { workspace = true, features = ["pem"] } zeroize = { workspace = true } From 45f30b2da7af8b0c0283bead8132bee485be16b3 Mon Sep 17 00:00:00 2001 From: Manuthor Date: Wed, 18 Feb 2026 10:18:08 +0100 Subject: [PATCH 5/5] fix: update Nix expected hashes --- nix/expected-hashes/server.vendor.dynamic.darwin.sha256 | 2 +- nix/expected-hashes/server.vendor.dynamic.linux.sha256 | 2 +- nix/expected-hashes/server.vendor.static.darwin.sha256 | 2 +- nix/expected-hashes/server.vendor.static.linux.sha256 | 2 +- nix/expected-hashes/ui.vendor.fips.sha256 | 2 +- nix/expected-hashes/ui.vendor.non-fips.sha256 | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nix/expected-hashes/server.vendor.dynamic.darwin.sha256 b/nix/expected-hashes/server.vendor.dynamic.darwin.sha256 index 80319792e9..223e71ada1 100644 --- a/nix/expected-hashes/server.vendor.dynamic.darwin.sha256 +++ b/nix/expected-hashes/server.vendor.dynamic.darwin.sha256 @@ -1 +1 @@ -sha256-rCP1q6x52b8etDMWfGmEExTzaHex+qwQKXnH+hwf+i4= +sha256-fjXhpzGfYjxyjvQ+1EWf6DLzZhEkrggGE9BEu51pHDs= diff --git a/nix/expected-hashes/server.vendor.dynamic.linux.sha256 b/nix/expected-hashes/server.vendor.dynamic.linux.sha256 index 80319792e9..223e71ada1 100644 --- a/nix/expected-hashes/server.vendor.dynamic.linux.sha256 +++ b/nix/expected-hashes/server.vendor.dynamic.linux.sha256 @@ -1 +1 @@ -sha256-rCP1q6x52b8etDMWfGmEExTzaHex+qwQKXnH+hwf+i4= +sha256-fjXhpzGfYjxyjvQ+1EWf6DLzZhEkrggGE9BEu51pHDs= diff --git a/nix/expected-hashes/server.vendor.static.darwin.sha256 b/nix/expected-hashes/server.vendor.static.darwin.sha256 index 3455a64649..b3d1649246 100644 --- a/nix/expected-hashes/server.vendor.static.darwin.sha256 +++ b/nix/expected-hashes/server.vendor.static.darwin.sha256 @@ -1 +1 @@ -sha256-xA1xs1MHTMQRD6G5Atn2EMkZ2awIOOnrRDpMxS8VyqU= +sha256-JKtQ1oKp+TK0SJnJgptAEAHGQHcMH8QVdFLlPfFVujQ= diff --git a/nix/expected-hashes/server.vendor.static.linux.sha256 b/nix/expected-hashes/server.vendor.static.linux.sha256 index 3455a64649..b3d1649246 100644 --- a/nix/expected-hashes/server.vendor.static.linux.sha256 +++ b/nix/expected-hashes/server.vendor.static.linux.sha256 @@ -1 +1 @@ -sha256-xA1xs1MHTMQRD6G5Atn2EMkZ2awIOOnrRDpMxS8VyqU= +sha256-JKtQ1oKp+TK0SJnJgptAEAHGQHcMH8QVdFLlPfFVujQ= diff --git a/nix/expected-hashes/ui.vendor.fips.sha256 b/nix/expected-hashes/ui.vendor.fips.sha256 index 94fa43f7da..556a0ef9c5 100644 --- a/nix/expected-hashes/ui.vendor.fips.sha256 +++ b/nix/expected-hashes/ui.vendor.fips.sha256 @@ -1 +1 @@ -sha256-AChuoWXjIdw1c3zFnkgHqJ74j7pYZVXUmBBDDmEc0eE= +sha256-9DF75WkkxR2ideROF/5Rk1jTIwCEpt8lPmwPlT4p0II= diff --git a/nix/expected-hashes/ui.vendor.non-fips.sha256 b/nix/expected-hashes/ui.vendor.non-fips.sha256 index 35de04f248..f475b1f719 100644 --- a/nix/expected-hashes/ui.vendor.non-fips.sha256 +++ b/nix/expected-hashes/ui.vendor.non-fips.sha256 @@ -1 +1 @@ -sha256-4BMrWZnk1CLn54ALz/7iekVjh+nrTzWTkXDkHtZ7oTI= +sha256-X2LEqHEZ7nBUJNCaK+JghK9mcIfTrPkfLzqJ3ZnFYm4=