From 414f1a08d694e4b06c2c709ee5de843dee1701cb Mon Sep 17 00:00:00 2001
From: root <root@coder-ce7661b2-testmenu29.c.ces-coder-workspaces.internal>
Date: Fri, 31 Jan 2025 12:17:48 +0100
Subject: [PATCH] [#30] Fix CVEs & update build libs

* Update ces-build-lib & dogu-build-lib
* Add prerelease stage to Jenkinsfile
* Add Trivy Scan to Jenkinsfile
* Update base image to debian:12.7-3
* Update mysql package to 0.8.33-1
---
 Dockerfile                            |   2 +-
 Jenkinsfile                           |  30 +++++++++++++++++++++++---
 installation-scripts/install-mysql.sh |   4 ++--
 mysql-apt-config_0.8.33-1_all.deb     | Bin 0 -> 18072 bytes
 4 files changed, 30 insertions(+), 6 deletions(-)
 create mode 100644 mysql-apt-config_0.8.33-1_all.deb

diff --git a/Dockerfile b/Dockerfile
index 35997a3..5675d9c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.cloudogu.com/official/base-debian:12.6-1
+FROM registry.cloudogu.com/official/base-debian:12.7-3
 
 LABEL MAINTAINER="hello@cloudogu.com" \
         NAME="official/mysql" \
diff --git a/Jenkinsfile b/Jenkinsfile
index 75517e1..37475a0 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,5 +1,5 @@
 #!groovy
-@Library(['github.com/cloudogu/ces-build-lib@v1.48.0', 'github.com/cloudogu/dogu-build-lib@v1.5.1']) _
+@Library(['github.com/cloudogu/ces-build-lib@4.0.1', 'github.com/cloudogu/dogu-build-lib@v3.0.0'])
 import com.cloudogu.ces.cesbuildlib.*
 import com.cloudogu.ces.dogubuildlib.*
 
@@ -47,13 +47,23 @@ timestamps {
                 // Keep only the last x builds to preserve space
                 buildDiscarder(logRotator(numToKeepStr: '10')),
                 // Don't run concurrent builds for a branch, because they use the same workspace directory
-                disableConcurrentBuilds()
+                disableConcurrentBuilds(),
+                parameters([
+                    booleanParam(defaultValue: true, description: 'Enables cypress to record video of the integration tests.', name: 'EnableVideoRecording'),
+                    booleanParam(defaultValue: true, description: 'Enables cypress to take screenshots of failing integration tests.', name: 'EnableScreenshotRecording'),
+                    choice(name: 'TrivySeverityLevels', choices: [TrivySeverityLevel.CRITICAL, TrivySeverityLevel.HIGH_AND_ABOVE, TrivySeverityLevel.MEDIUM_AND_ABOVE, TrivySeverityLevel.ALL], description: 'The levels to scan with trivy', defaultValue: TrivySeverityLevel.CRITICAL),
+                    choice(name: 'TrivyStrategy', choices: [TrivyScanStrategy.UNSTABLE, TrivyScanStrategy.FAIL, TrivyScanStrategy.IGNORE], description: 'Define whether the build should be unstable, fail or whether the error should be ignored if any vulnerability was found.', defaultValue: TrivyScanStrategy.UNSTABLE),
+                ])
         ])
 
         EcoSystem ecoSystem = new EcoSystem(this, 'gcloud-ces-operations-internal-packer', 'jenkins-gcloud-ces-operations-internal')
 
         try {
             stage('Provision') {
+                // change namespace to prerelease_namespace if in develop-branch
+                if (gitflow.isPreReleaseBranch()) {
+                    sh "make prerelease_namespace"
+                }
                 ecoSystem.provision(doguDirectory)
             }
 
@@ -73,6 +83,15 @@ timestamps {
                 ecoSystem.build(doguDirectory)
             }
 
+            stage('Trivy scan') {
+                ecoSystem.copyDoguImageToJenkinsWorker("/dogu")
+                Trivy trivy = new Trivy(this)
+                trivy.scanDogu(".", params.TrivySeverityLevels, params.TrivyStrategy)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.TABLE)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.JSON)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.HTML)
+            }
+
             stage('Verify') {
                 ecoSystem.verify(doguDirectory)
             }
@@ -108,7 +127,12 @@ timestamps {
                 stage('Add Github-Release') {
                     github.createReleaseWithChangelog(releaseVersion, changelog, "main")
                 }
-            }
+            } else if (gitflow.isPreReleaseBranch()) {
+                 // push to registry in prerelease_namespace
+                 stage('Push Prerelease Dogu to registry') {
+                     ecoSystem.pushPreRelease("/dogu")
+                 }
+             }
 
         } finally {
             stage('Clean') {
diff --git a/installation-scripts/install-mysql.sh b/installation-scripts/install-mysql.sh
index 1dbd997..ad56990 100755
--- a/installation-scripts/install-mysql.sh
+++ b/installation-scripts/install-mysql.sh
@@ -2,10 +2,10 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-DEBIAN_SHA_256_SUM="df9c563abd70bb9b2fb1be7d11868a300bd60023bcd60700f24430008059a704"
+DEBIAN_SHA_256_SUM="455ec3690765cff58a4123ba498921fb58fb76c46465e9659180848e997452b6"
 # Version of debian file containing the installation files for mysql in different versions
 # This is NOT the actual mysql version to install
-VERSION="0.8.32-1"
+VERSION="0.8.33-1"
 # see for latest version: https://dev.mysql.com/downloads/repo/apt/
 wget "https://dev.mysql.com/get/mysql-apt-config_${VERSION}_all.deb"
 echo "${DEBIAN_SHA_256_SUM} mysql-apt-config_${VERSION}_all.deb" | sha256sum -c -
diff --git a/mysql-apt-config_0.8.33-1_all.deb b/mysql-apt-config_0.8.33-1_all.deb
new file mode 100644
index 0000000000000000000000000000000000000000..7859015ca18050a78a767d25194975e223c0f22d
GIT binary patch
literal 18072
zcmbr^Q;aZ7&?xA!ZQHhO&%9&Xwr$(CZQHhO+uZNpvq<*lTx_M&Np+|DvQw3(33&`0
zjm-I=j7<zJ3~Xr)Eo==OJqQR07}=TFS(w;ZSl9^&82-!u@0pQ-;lD)!g8#<<75Y$2
zbPP~NcDBxrcGh&x299*@p8xyvY^-em>skVRs2_Gubxi;Okki#>F_8WpCjWatLO?Wt
z|1+$&JCgR@{xDT^0MMbkaeM$%`f;WBJWvOx$%=IG%zXxuuUJR9mC}XM^sXv>_K)IG
za#ygdYhjOogWn*%6|$Ho(543q=u>6ANXoVJ*#$&5L32zR9)PgeWt78RLV>!G0VV&o
z@d~c%C@z~81xmVZ{%%r1|2CVBnW|%eoN8!mKMv4<E3qY~0dbk>ryY3buWiB(9+8Ee
zCB`Ehjz#D7o+Fp+@pSdD4*+-XES7V2PLx8NSSEB$pLfS1oQ(ZRBO7|*&qspMKCBLM
zLGq?L8G9~zbIfoOp>f5BG;zpeV22k;ie7o{-fa-U`zF_&YSaR3VrFvt4iYo<&vo9y
zO@ax+8;qDb9?4c4f}_q&b5<BR;`3dH34}k}0M7rNuX-n8fxnILoW7d~rPY<#&#es~
zbjj(JJIzL6%EGVGkWg@ZhRSFlfjOlxnpDsdJ^!qcxs3;aKNF5z-dyAmjV&PhQvt78
zoaqRqzz;9(YZG0W^Oycy*$h@>3vHKGeJ95fih*Wi(Z9-;5%AqnV5EN46arvVyWY}r
z_0|*mXA9x(2LwZ!6yc>MAvL2~g$z<3@gAoCEuENvcZv-XNRIgif!`rovMEnW(VADg
z+M43|+26eUMh39xo$*RzN3k8KcDNRis<~^_FzMD1u_^r=sTJtRr!;xsi8=j}rOWer
zPdchRv5qzgf*HB<X*^&^73>pgnBWr!7N__9JF8(>6UT?KbhPzbSn1*sJo10PAeCqb
z1kj+_6NoN-^qoI%;3{B*Os_>|T*7(6w-m4YWJh}ke0&_|nC>2`?ht;pz4-KL*DoLi
zz8oXRm$jVDe@g?-kZjZWiL4D04VAog8o+1S*(Q?8ka9^JggSh?M95PicwA*Yw)+Mh
z=yE_%??tfOnXVU!@bxVg_eU9ABn$Q1{3Qs*8$=geao4Di4yl$-I-}eY$a+cSq~A{`
zi*`>D{=-Wi^tfP|rHUG=XZ$?DGf8`|8t>PClEcX_I*OA+msGCMiUuSj=ifSUrt<Rb
zL(Vd;kdi~9VHwSda)`lJ7Hr<t52y2YR_~aN*Evv2z;%)*D1(MuE?&?K7WG+BNvtL(
zd(akO6CBsC32P@vkhI-QR%4j_C;Vt<?8A-tjgcv}G8ZOKh)F*NWcLWC7ZB-^3z@WP
zXCb!o8@coI{()%T%02ptDtyEgBR-qY%~Cwi=1kPLeO^OadWUx~n1{-Ac_9>X2)~0P
zdm#1>o-yNYo3TH;a@a^#u7gmbRKOMx)n%``+J*d>b5*y1I>QENmD-B;3k{cmjqX_3
z2QpScAEGhFrhi?#Gpqu=ihFMZTe%HMpPrg^w{_<)w*r*5b<_rhq(-IZso3!=WUIa>
z?;z+tb@j7^oIPYul<36V@_Ysd1yMLqN-#DDg4}M7b6X_b`)@C6IQ2acHO#A1;8FIj
zL7Q@Nkb~)Qyu%%4<#qR9h_d@)$ft2zm$SD_ssyPv@>RBD;u1jF3Uy@4N6*qe01XB8
z$3Eha?jO;4JrG%5U(iOnyzd}aBzwJQ_c|^NS=~`?Zn|sg(KD=%MAx?}X@2%2+h^1c
z-F%pH`iEG%C_qoSoP5WIMV!)!d28@VuvJaNhd8duwLB3@|7}ag(3-X-_uA(Bh?}}Q
zNyk!V+Cm_lt6uVH620bg0Nl<rgt(3tdlMFuiDS^}1A0rNvxSk-ieLhUEsrnWrATWT
z97u{9xLQf8S1~++NRjy4;D=BPH-T_t(N|U~ByjfhYSs_L3Xj1=j&upsdm~L1e!lje
z1ANc86ZFOG;@X|0=Q@sZr2CW^b}xLOAoAG#fXYH$3VCt%<}nyQ5q7iE5bcx_ejD}U
zhTk4?KOoFQBn47`F9g|S6e#waxsp2c^IjZQ3TSaL%{S^=*yjNR8a1X>{+a~#I1MdB
zS6IL?;CQfRmpTO1s>ii#kI%mdsTg9tJ<I?wgXHYUqkR_GIl_)8ehUC>6LNzcxKtwn
zZC=2OXI_u~Q<zvVA4&;t%j5l?eyIK72O%L1%ro+K2jmCSJz?*c1LN_{v_$tuB9gCM
z2M(N;i7OpOmfWAIYIZxF%u1M)cNbWW03>i~1~jPd9^SDvdA2a=$4;bvSBCw;gg9RO
zPY|^t*$QAHIY4={ZZok_T}}sJR?!?do;hD7?Uk1=TC|iC3iRZP1Ed`IA^tZG;{3wy
z{$ez0Ro`I|jkE&u7>)^~AJIa`yMs_2N&Lk#e-WKaB>ESt>%N<Nq2SjoYap_xB>Z4i
z-1ZId9lDlJ<{vY{8Nl93ge<NDv$&(+F219tyoNlzEwY|THP$y2e$yeY5*{;FL~K2w
z!1~@T`RbU6N5CM)Yn7N=C;M9ecqVbq#-u0Zk@uRF7*3(<jzkPPAcL8Je)&abpZ&BM
zMWutt>M$#k;UL%FBCG-?Z$xnBkk!h}kK0J&iQsGoS(nGN_3CjnDXcc{K^3f(d>O($
zeRar5H=0#6Lu|O;ibO&Ne4CDkm{c5_LGjuf*SjTAl+OXX(Sg1tYMLw!AH-7xYnRGz
zNgz*Um#}e1nxmy8gsrzvoUdPncld;s*UqzQrx?Gn3Jn-+V1x~Oh64vQ-LAI+YJ4T<
z2{Bmsvqtul1`03|&{sZOezF?gW8kt%i}5_QLSY*#yfWXE>aT-IN~Wa%>=|@D3D9D@
z51ftWlXbx5Cf>oH4|RTck_8CLbSu<I_0Rhbg@~K4vyHl_1)9uHB-=v%Dmv63qysAz
z>xLhMH|9f*A;*%v>8CHy9e+gerw_IJOw&K<e*))?i|&v?-A42c_M|g;u1eR99J3rQ
zN1Dbu&GfrGfIyVxDg3zL&@L`vO2;SGhZaNTM|c&Q?|5o>)zM-8)=5<T+SCh!3o@P1
z9c5S6VZG#GPVSi}Gz35yy7NV7+PpogJw5%!?6zl>j`>C+0x+dP!p19+swuQAM$#t^
zmp^>-v*K^uRa}lN_rCPcy|W+9l{yX21yu1J(^>EeGa-qj>Xm#wByrMN23N$jIF6vM
zEI2)d01+5+Qn?{P6@8_(kJhOxpF>DHSU*jPJglpK=GzoRvhn$bGwX;?xG~-3m*L$R
zaiR2KF${)KF^_$DzrxU33;U`xJ`{r0J!30@wm3|ZSY@xdj^ezhUF?hn_;GRKtp<-V
zBebmt&=HYUCEBzF`)`uxJj?5Ci(5b<nkZW$${`5|07f-qmffkP3JGyPqzzxhG0iKJ
zH4JJ_#6iHASnS$XYUcPO+4Ma+^m)fSIf4*kQgHoSKU*Vg;rEV*`aW6HsvY3DU`Oza
z(nm**1t<IC{v=`#&Dj3%!}L5<#2kby07i)}_{DOKWmh7}Xai}qAK&|K4rbK}>al3%
zi#SHke(~|&<*>?7ad)L3(>s!=8`$lP+*O2DzOETSuu8AxMyn)@Od`kz65&+KbVNZY
zR<1CvGu8|V@vzWm0^i)m*&=;I4~psTB~!#DLo5tDTAty~$xZIe%<e-8lIwW_a~q=w
zrxd=aqXCAe_FWd|m7)Lkt*B0zb9%8n<&unBt6JH@E}dPkX0K4(Z*1%8qQyIl?#x`#
zEjl>h+vmr#2!bCJ+;pJU7bZn9^I}A<3^v!czuUN6pUS&Ec?&cSmVuXckj46c#3tQU
zJ%@BRbRU$$It4C~Yj4jXXaYStvJn0qI&t2<6|ioprvv|c7D&n4H>TF8-XH833R=v>
zPn610!7R=F><f9h@^>XnbiW*D9|N?){kqdZ3JF{6uYM6Z!VO^sH>X;LI&Id8^PCMQ
zsM~|v8+4CEsI4)1YEnDE2-|4_OMKT{Di@kQc@#x;Qsn}?c9Nw)kA_85t66rN!qZbW
z0gQU*viCD@*>>sK)DxERGOuQ=dN;xWmDX4rgN#d(N=K36|DE2Xu0Y!VmH^Pxo8Y&4
z+@WgLyGJad#4D1oe>7S4e|T!&6K;w&rJGEeUgJtJ>CV?5p=n+2bh)x*IQBy*u-NP4
z7A|Y}mqg~~rHy(cn~L1k21E>TNXQpr0Fsxkx+54qH5%UIt2*Wft^48fb+b8DdBcM+
z&16k(fDA=y5Dn%`gG)wAq?2Ti(xm1rloyI0;#(7OZ#vgYJI@Zd^DuD&uz@2Wj{ID6
zQ1eivZpmy)gdXn-{k>K`*nPjt_zfi&66aaox<e`%S85S+1o~3#PY6zv6p<;w+myEH
zj};Xj_qyV!zw?vPzbzI|^GRuE$jYRMLJ_aG8~%ZJI7r)%F-lT4WHwQmGXnC=#SDRf
z&1#O6ZtdqJ;T3))N=6=kY4)Ll?=c6lfDQg+ne5UDI&6$H51_7#Pba)3DA__f(QoT^
z!bUx;h#U$>Oa6=nozLo9fA_#ID)~{S3`fk#N0XrVxf61vBxGUh^-yOoEJ&a42GK0i
zHY{%xmUpTctD-Ub_BQ2XB@CXu#7tHfkU1d9bRQhTbXzbg@9G@a8k(!h=B5mtVjLx?
zJQ5Jx#P$-NE9@7rlsfRY`61ts8&YB?A(U-m1_Ro5GjcA?9qt1P`%2YS0fzP?%~|5)
z=q?wVqz1!yRnJ8q*mqpalwYp+eZ_qKn9)<uzbElBY&Nutv<RP3`kuS!(Mi05240U+
zp@GV6*wz^1jr~ik<-+L$(E@H>F_NH$9we;nyyNwQ@y`roKl;Z|eg={%?Lh*EaW~%)
z&QLjtfF*kd1UG}29`H+-wEfD&jtOh>(H1~O@flJMQ1c8YEew2$a`gj^8dwTns|x_h
zb&s=KC=R6Npif+C5k@fHS$^m;JF?Sbo}c&UEco<c=s^blt^mOo0*ht{_GEMK7p%k`
zd}4)VJ#};nAUX(K969W`@4WZ`J4^vDe9LS$mo_E?-ew)-s<BoZoM42XSdUOY#<ZOA
zuM#L2aJAs+X~Z?E)y7El#8yDsFz*Y`Ez1bs4IQG_nYb}%A;ougQ0Sxtn0954j}#Sb
z;nG3WKfa)e3fxbz(q(??q8qOf!X4vuj{Z3}1%d<08PQ<ZcJLZ~!cD7dD_EkT#oSwo
zmIAx$DW#f+s@uq{SkiA(z3Y{ys|963neH8vcA;fns>n<|`3QfdI6rA_Vnjt!shW3c
zy)u{>@usH@K#Ura2a`t*6~RPDnH`wqV@UVgQ0zVmZ*WElF=346L!U*>YEp&|NW|EF
znB>neKIr(ruBCJ-u6EHTR__w}u!`ua@rJ4d=*~l8PJpc8AEWYxU;!@m-HT>A!cHC{
z3_*5^%%9N?+Vq{wfm5jnU)U^siF}br#??mf++80Hi4k+Uqh%$uLsMBFkFLYU&knUj
z=O)AN(-Cak!7aA~VS5dKdd4J_w@N1Q62E8YHG*%KN@({yk(3uc3@LV?HfnVGHzEQu
z*G_cldr4HGo|~>zy9?Um9NOX@H45q~KZZARtl4IBc)*^yuAt<xI|}Ha5~@_sm!q<<
zTy5j!o3PT9gZD9>RoVq9keMk2&qmB7IHIo|r+A6ZakXc1oH!*w?pOMyb+(q$64_6g
z_Kmgg5L;xcZn!|Gy{t_Yab-HL8CATwZzM}5`IUxy3J9K|#9NJywzq3r>27>~IXx}X
zWrai41nD3<Zk?Trws&_Q60q(!xv5fc3&M<N+FwLA#aOajjeFDp8E)Y+S}0_M9I3!n
z;UN?AD30}jfp_Y>g+n)sNBSk6ifo#M^H)R6X#^%du+>22^=?qw?{ggqvk5A}?YN|i
z*;$c4zlkb9c=t{(HeDw*rX}LpqYvw5${;P>U|?L?V&RdrQ)k_7ITRo1*4TbR3P(qo
zH^Wb;=b<aSLiZARGg2#3)*eBF{Z%PlLgKYxt4wDGa+Q-!DeG&OFLBU=FQ49_;<xqn
z9Z)%V{N(5k;r5?6{7eDUF~oZzRGHB$IA<>0*}vr-Qts@=1x6;lRtt3p4rR00<uB@L
z{3)f`o4RYMomsdW^R}7!>3_wVbPxF=fjnD*xrWJ>d9w{-Bg21=iJai)fw@0bOFT*+
z`n8+Df()Q)P9tRhOlXzwlZBImk#)Rvj)rZnGQw;*YJ>ZDlIn0?tQ`LVL19%*eZBHq
z+2qUxQz5sIfsWj{vc}@Y<+%%pe(7o`$8*~RV8ov6&lbh^XAub#hBSE}(RX&70<Gpo
zQyR7A_i%v8p0xlY!I%l=Ah62(37%T6!@sp!eKxyp*V4t#H9s<T?%aooHAR@zj;T;+
zEoVfIFmZe$<aOpBOT@o#)reNFE018{*JpI%lV?+%gxO3Ha=dT&f?(;S6n43H*W^@R
zX(nhE+jQGq{UG68owN5(K>F-#byUf)5ANx#?c!XjZ8DX7aniSidZr~nF_A@b@Qk5^
zkA8aRwEzI9$zKEEBw*5~1#25Es^}G3nX$v=z%on2A3q`sVI9~zxKP3A9@B;f=M7UI
zLCLcfG?;Z{v$#QhAqF#=9#JL1b(EA>9;;y{UIr6^<g2g#+mG~%>c-ySyO%?75{J7h
z{zU))L|XV+Q-nox7Us=}RZ$Id4^)NgHS-Bq>t#iF56gmh)$5x_8YLL*_W#y$1-8jH
zezH3wv$e)eNiB!@OThe^dAlp!)vVDr!}puS&!u;V+oaAVCKUq(RCxt>L@8W9j#0F;
zEP$5I6tLT8mlD~MtgAFMV3rll`E$*wZ9P#ODLtPWcgY0VCzb2E5SAA5#n0?rVvN@3
z9%=UMXYFe8LBTV!t(@0oc2<xkRRhq5rjqhie_fu*Hh}Y%exWB%8|w2g@FMGbFv{&c
zE0gz_8hm#Zb;FLak*;_3fN$hVq->@eh6~_?)~Y1Je*+%9APgwWUsu)%3=1oP={E?H
z)Vw}4HJTk9Rx$r(xL|Pogb<YX(#sWUoBDOLYm8gr$?JdesUPMbD_J(v(jaItP5wP)
zcv-#xDYvSmJ&ANXo#PRB2a;kKwC<(8wg~J4-41(t{2H{Df=37jXx+@9;INJ<!tx08
zFv=v*<T?Ht2Rq@jaWU_zi_{v3cd4yySUmP2kUm;2VvA<7s3S6YdQoywPXPL5?(z+t
z{{$EnekP(FTa*p1^%gL<9H82W*-=b^?jeDO95A;rPJZ7#XU8SnR-LHVVBE66=4kD>
zJZ2JZ@Q0x?khB0wqNNNqGD{FA4#ZPZc6{>=aAaLt=@<mBpLiUc)wfYkdT_oMx_HxY
zSBYodu6S)$N7eO0`J`=~2a;!Xd|oTkB!2>?lV9ht^q{WoFbZ^>^_AOIdy#HsK3c9m
zzfXrt_)wo0;x(asO|EuQOYD2$?aXDNs&|)=dp5d#-YqGtRx%jmz*c}jdh!jz^RsRc
z%NLQ)ii)Rh7AWvE>w@#3ZtK)OcZ3R;8<STsG3g{0?A5ZADuGj(CXkQv`yJkmr9pb+
z$4_B74!|(mp<o{A%A)iED|RE7i&A2e$>v4-MGvB@z``8VvsaaU>m1SS2ao=~Q<`{u
z8F#}fi29rQGZC4!$B7~^U-%WN6UzAQNB<Wi<9(2unhSGZV~_Vn9nn$7a2FZRP=BW-
ztW-TPt0YR%9U2nFU@RpEN4@qaf7>@`KUBDnruD~H%E$8jWm3DoWEk>MbI;N$u^5Fq
z(xN}&s5G+3___L$>z=dF`N7O3mx1Wa{k~52ghZCT%`IWVm8i$aENu%XLI{9_i5&SG
z-ne&RT+d6$?i`r=D&iwC`|(j)5D~V5*W^U#(zp+(3G!jc!%x@g+*|BOw=;V@f1^73
zz~jP?$UvjH|N9NrWMq$z>_Ki#b&HlsiVDozfe#CTdLEl*u%_6n%s|_Q$Y}5wLQ*Wk
zpUyrMz%I6RW#Pd1$nBj3-%}C1qG1-J8GP#iNck2f^`rwXJ!kf^en`t&J@c|>#hN+p
z_-vSt{t3@elxOEo$qdXNY)DPrWZNtX%os1iZh^E0oVF0#vf!qR#Ce!-R{QMp;FNpa
z0`6*lL7Fh|Viib0qv1{!)|^lVdyHpk`2%UTH{AZ*8R03FBQWO#GI#R@GDm$eFyU(#
z&JuihkC^tcYfEFLh1VIo-zFQuN*{cFX+bWl??Y<Y44jqKg}%sP(`{7O-{<SGRlW0~
zT{o^pULmsrgvK&7iNK6Iwp?mDe>+o=>*MV&&`c_MSvtXNC(S1mR{9yMX|lc-X7TDr
zmwcxmDQ|;O>+(FGl9$_DJO5KU+8!~|;P%=DN7bE_VwxoG8Bg0sGf5!Sj3(cpzCVWN
zWVjIm^+YtTVl7_6E6MS_kPG90UIV=v7cpn)+dY+2wj2_JG}TY@+TV%2`jCZS<CD5a
zupC1s1Yh7yM05Na)L5HjC=+D^*H6db(d+yEHmL}r!=znLyAleNoW1UKNJ;_K_!%U3
zg>UO!L(DdY2b@Y5nyy!nx@C+trtqB2pj39m?PHFft^a;SDfKb5nh0FAIU)KCa}kJs
zE6%AU9*Yt^%<cw~Q!b=FNwGkt>b<ZBy?4V(Z*jkh`hn0z!&y;$xl_R>-?T2V5WW%f
zeBp3N<JE##@{Km+x2k!<LD;x5VM$uf)V^An!L~z6=J1i6DS;CK7+ycP>@W{aUxjGN
zF81g1O4=p>P05L*FhR!y!tj1vGt&N=V3jgXAl1EM{`JPm_Kn(WZ+2PFpq^SP({-k(
z{6EO@vd82pWy#SD0Qm7g_5vUfRA<#NZ1x58Kbs&Ln#Kms2LBK2{HH$uI~!tTWM=wb
zxby$DomVyg{QuW>7^uTM_vQbnZ~uST&NSr#vnfx-X)&Z8nXi6#$ZkNY?9N9N3OHt1
zDpr7PW6M6mcZb0QRMb{ZW+h+@{d&xt93R?5?nkCsw3Q+5pzh!{aw)$G2gaJ+QIHf9
znK}i#(^%#Pjcc&X30q)#?Md~y+4cwu1b}a9^M#i}()ZA+7x+}Ws!g0SKu`ta6N#cp
zo0XLunH&#DVScM*oo=H3ReB+Z;No|P1Ki3X(<x=Kiu3nEMk(b14Ohp)5rS5VJ1JDt
z9CU!Yh#2-1dWaQe3e{^|wfM<c)ZMfOidR91V}e3;Y502^5EN{3oqW%5OFP$rDIimr
zje0j4NFEwe<zMRv`+UFqsl|vHM<3$;8FI1K)&r;1NHxmz?oBgyMWtRn>RDT1WM88y
zZ4bu;dAdL50GVk?8}J3enQIUT;<Wm*?;|(3;~?laKQm71(lQn;r2x=D(xmw{Nr?w<
zP9Oq>LA&lBJ%N2EjBz03b+Ef4M-fco3Ghmmr*HAX-}hcFtFv-U(!tfD2Rtq8te1>n
zYOcU*OApQ-kbZx2;|3819SJ!F0;a?URV#b4B0;NVRC&J@4S?&Hv3>rquny0P>ce3y
zsYWj4ToGeHuXvvOn1t)k&2P+Jmk53q$(&;NGOgf*^Yt)_cJ!__l{!+ql#X=(>dJGN
zzN07dG%g)xBHf_80)X*H;5WFh8dd1!q*T3zn@FEpl1EvR*P^|Ek01^3A?=xeLThf6
zPE+sV4N(b})WOu_wxZ5ja3I5fxcPjeHN|R_Hq&e^ih%Uvy&#}?t%&m>`ZruvzN0H4
zEuB<ab$=H2k&%f&bY@0-h=zIy65gDv7?b+cr|7j&Yrc8q8Pr~cY;jRKYh?e=)cZXK
zrfgCF<2=bh3F?$-Zxp=^xm2xBB?rWj>7gjUnS``GEzOmu?xB;GoqM>BNqVL}fwGCX
z*62FJwCxZDXK%*`A+1kn1{;3R9+*0m4v_CC%ToqSK}Y%+FW)8xzl>?hlIp{<XazVP
z!!=jeraHxfafUggB(5>2tXTCbkTEWQjY*C5saMx>G3xJl)4x%QEK_}BQ?!K`tHre3
z2k9HgsfzSIMNf*SEelfi`c@<wJ3K#K%RyGs*$XW?R*IXZCD}@mTGkNbDQthQ{54Qz
z#i~m*wA*?!`@@M;<yuAtZTbOCnj{ZERlmLDObgnk-#Mq(H2NYzCe~b^C6Pj)oAeWh
zVOBd&^)(ieMzm5SEDdA>5Qnv+kRD>@5f=d}XE!l%+7KG<_|Z`HFyU+e?$2D_$g=bh
z;&YxU1y|f7(xT_!ubR)o2eZ?-t*FL|(D)#wZ{%VQ*^Caz9;wQ!QHhj~m^h5s?S5aT
z3$ILqut-#8&iEC;pGTmL&nC)pZ8z9Q8l^SXm`Ovf&+=ym%2EhQhbGnWEsw{5dPLLp
zKna-NK|>hl`1H%FFz#~%F=A{sd1X%5pDiM=a0Ov<H>!L`fNfb+o+~}Xa;)C=`5bJf
zL>}DXPp#M>#TV_LI+?J8=oDq9r2~L-z{~CwJ8qQ}I)VuWs73K%?CzqtJDGAyFVEC1
zmgDUn@l1g@e}AYRGf*WDMJlam!om^rl3P|Ka86Dzy881`%#si}#w6R%qMeX|hRucX
zLo$96+Bdp3k<|cIPDqk2gLy3H8`e1HeKmEmdSqh!io;H1Aat>N!PPo8yKHFoFsUCt
zfWj<$i+ucB)>*0(u+b2wV#uNFTp%*kEQC3u4@LZ2(#<9(j~QT(x8qiB1JrzQuWaGo
zKsK`$USUwYpiba++6%C#5KRl+ee@2a#ix#yXY$`Mzvp8>;5QrC;~tZaPgDeGG}bAO
z0}`n0kCREf+Zb2q2qsXXzT-Us?U&Tq2>p}z>SJT`i>hj|tPJPsGl`Jvl%diktnswo
zaA}f*idJ-UUP(5TCh9sBVk6mRIMQXipJ~)VM5OBCdC5y@?Rm24umc<rVA?eBTZJN9
z;Pp_q-Li2J*gU(h%#9_H_8x`|pyMZZg9bOMetoiVu`leyHvmsjS(k`}BHooIuB}K@
ztj=ddz6ii_gZ*ccZ8}Qa=Yu-t)}fsPQTJj|ZuXx#rh*FbKzVd}vGvj8MFqx=lwkve
z8w64b&gGkDbvgSQZ9YFR6Cikt5=-mQCFJkqKM_lwR}NG2{vGJZ@DWb!Hy@2mkPe+<
zw5(YUHVr5fd{fI<V@HOH8*gxUNeXtc*;HnMGb#AZy@X16u)Lm3#o&!Sy-@)D^8)xp
z00O76vhQy2TCiM(kr7VYUm$g|aXWuO$+HgZaSeUo&XLqp-7T*0iqJ>4h*HVmUKw)@
zBE`dm>n}ipzlo_<V~b1}M5A-L_UA!VZ;cXpNK-bm@g40(pg^!dyZ9m8v@Wm9bc+FG
z#4UNH^oF2}z8c<2QDa`%Yp?!+&RynQslhZH?<zIE5Uql7d++2L%p7=O5CX7=_`CBb
zW2!*GQRl$MCp}%hgk*QE=3uM|MdsLDUudE+rK_ugNwASR=6CPgu>!dW-wrk3tcjXF
z20bG`<7$xN_K&uf*ZVko@+iFx&YhRkL=ixF^QE5W%qps@sW#Wk4f;=4A%v-`D0cb0
zkI;Oue<KL(UlGcy$(O#mv5_$j3PUm5UE3uGwbKuKXOh<ZqURm^o}%p!X@A1!z<0Of
zKrb}*Vd;l|z`AuZzl00a7XEleaG`+#<3r<eweV@!M#CRVFr!bOcnye~WGu+$he6R^
z@<PplBRZuca_`n}RCU%pF)_=17Uey-s3#<v)an?^J?10HgXre?8x(GE^v!5AHvH(H
zi61S8d~?8<^siPn4@b|~qnho8ZnJpWtSNJ!Y5dJq?ASfym%d^#R^S}NAlA*R-PU2;
zm@$A1i1QnclH?Qu{;km;QV_vb89a#riF<(~a{g-GOC~nwh=>*NgiL|Q(;4!ytXFd)
zx*sN()zDdBHN6EZ%SwS9c~82pBl&c}aR^eLm8{eXXH3-tGe7UysFp0IGBZe=gT!vH
zIS0&-ihYD<8AyGbKKu{f1mvJ$Y_K#Xwi@A9?a3jO8X^)mvk3;;y3mETh!_aNn+w;8
zVnsyoueUYm6mO%z<Q!IrVZCDsCfzO?9z0_cN0svD0TtBGo;P1D>dwHgvAkSJulkw$
zy_YByM84~?ELq(yfN6QIDLKzf(AdR3l}sW#%tPiMpnnq7_34f!N^z6S<~O}XVjpx8
z>9gLagb=7v<P+o|`5(M-l7b+42oKshs-=HgFBqcBJZhxxbT~Azd&Z^Gj36YQc;y7a
zX6wh*c6st&Yp~Cyx;5Hk&OFgC;kvh0tO(`eb3BTtwu>ww@IBq=r<&d`>%PxF&`M!1
z=DvX*{65Sp%BICE3!N>BZwx;=Q1&_A*(A|)rkCiJ*0);I^TvOlT|Axd7Ufwm#Ne%{
zsNly@e6XptTp(V%2q*XxfBve?36(+HoWKTs6OKOqBU~8t%YM68&=%pKRr%6EiW|Tl
zGZZK_92pCihyk1vawrwBaDQfBosCZvtTj|y50kPbR`funwgAuLYfPkLfK$0r>YC$m
ztxh3unG3w|m}g@-G}Ab+Z^vo1W8Osjj*<(u$|14C^BS=6B3wNAq$3cfqtg9i(&;RQ
z^K8YWZe{L!k2ZK>573Zi(c$t!ZxQNI*YdE>x%38y^+oCeikwjZ$AQoIfo8=PQhn0n
zkY;qWZ}DH}b@eUK!L+(>4DbAvOgvZ4U5!^*mwbS14ZO<3d5epZ)Z060H`w0+p4W)(
zDqfo<_j8i4t-83lCvpu}lB`<Cs5sh~I1r4)Q0YXhD{?wXyjsz7d%&!qKN*iS8-Nkp
zMPiIt;=s0h?86T}r55lzV9H0Yf}_b;A0kVQ3xm0KMBgmn*(?@uPGO)Ql&1e;m6d!+
z3};PFq}xEg7R}uaH{BxClJre$a*k}-B!^0SA2;P5>Hp+a#9B0eRI5~DzB+(ee(PF*
z2THbrz_udLahr=m)$dJ?)&^%MVFk&rk~ws%vV}nQ<^dRqIB<#*#ya1H^Jtgt|G{#Q
zGkDD0>&Ewy$PTVHIiU`4bHSjU;EN=VYPW}h>qO)Y@7Kw!VtWQiC+V?QltDVSgd(=c
z%ebP4^}e652@Rf!1lxxeu070>H5F%i3veyVwpbt(ed}9`q&r|igDDeo%20ZzxqMF@
zArEsOD#MMW&N$Ls4*5)<Cd^@{4EH<7pq&IDOUDpfEGKx3e+(C{NS$cR8*=BTkqKPP
z81;$6Qph@})0fQ}<<5<Go!VUQEGT+dVs(}=V&oAiX9Dp@vH}1r;w>~tn7z}yNn1io
zv09Vh1*j(kA^xZRNPWjUpay!JxRsXP^7y6gBU@W%FcHzDPSNhyO^M1{WVg`{WOLtI
zht8yijyS%x*}!~}&(NwwvrxU0vA)!lbyPbLLZ8aS6uI}Xmk6ypzf>ZF7wN?Ex}R#h
zDO_KpmjWaT(9(L^Wg9Y?nwh`7u!r(lyQVMmlgFMi!|=Z?pTxS1)!SN23;uG(M+#<L
zevZ|J1E5RnT<K}G=hPc$ej#w96lboFtNQ6)bMfkKFN(;;8UTd~>L)Z`ne)MKF>rRe
zP}~*P{RAxCEPFWD2!V1k==TcJehST1%W^rQDqzX)vJG5v(|%`h&kdwjAQ(>-zSxdh
zPa5HwboSSBXRVk<?N%6s`%<EQm`)A7la8u6%YBAl)k26D*%wG?;tRk+zlfdxUaL5a
z^Q`I%9%Du0KTWo?s6}bCYnswFp8vYV6PYGrZN3DbRzaZl;3V`j*;lj~G3=^MUP5_f
z75xtTV{F#cfVvms>H(kA+1D%$YUANhJ8LD1p<dOrxHn08xUY}MK%~$q#Q{hlS78#e
zZkjKPN!njnqH(7oa!$>_j8y2}Q9XF|ETp3h31EHw3;=w3imei3@Y-mfZW~al)7pUA
zayCsYdyQ#c(eC|;hnR-WlA$-KhVcBgyze-@y7CqNe%1!EjQMS#8s1Z$zbqO=i}Kb5
zVxJ|kY&k{cTW#dtf}|y}-n{8)7H148wXy|fv450xE}>1}gnBD+L-tTKU4A$hjp+`_
zq^#+UYO7gfczsWi{f8Xo)k^l(g3uS45n_IS>Y^wD4>v((hRIk)mWT~N1b}=gjAkeJ
zXuj&<a!#SZNur6t^G#v3{IM!$#2+gMzk+wfC&lLVXUJbi_abHT#3zMqwzR8acX6|V
z2YjlVrVphv0|_ii0Bq$Z<+;#q*vo~Q<;G~nT(`FS-XA<<G8#PtX5I7%g!x+vx{7<&
zQc^I)ZO0><GZF4R`h8ns5~aR}9-WWl_l^F0ZvcN<nU*YXKD@&QWK2JtR}co3k2mDF
z;!Lan4X=921wC>8nd?DeDk|fgMf3(!bdW!4t0XrfH2)dXrF6UBWE=Hc`^eV~tTlbW
zeOuePNGYFWb(h|_0Rje2G;*aDypMM`{P^2H;(lBC&W@YLBOK~7W?rdK7sBtC!g-g}
zE}hqLU_H!bHfAsL>kOp6HrjMe1`fXm>FU4v&cHfCEpZ7902!$`OaHEZzu|?UTg&?(
zYd<V|Su%x*BG~f5+tBPjKC#aEj4kUZ@)R(u-W-v_NniIJ4NJ}Rn`~4$;u@KQnIA`v
z?-v0;*a(;a%opLel|oiu@GC)Xs*o*RLj)2f7dq?``}Lc~2du^ntdX{}oqs3&_WQ|l
zw(IfmV-)iNQZkE)9P}p9z5}{Di{>#Nxiadg(y0Xqrd#EBa$N~`e#%^KU~#^e{goO2
zFzsXM)ODY1FPl0wcfqer+dtjm!3is|Ctj`U(DPDQ8|q9t<5iDTWa9ve8-p&8nWV&z
z!mf)UCiBSFf%Q+4zn>S#j3E9zA)9x;x$J0!gF?J&$o+!&16^kY+?ktOkje{2u}23-
zJzxB}7nxI^W79agEmbbCU-S{Ga@0#TM(&qd)-_{iKgfL7?Xw%sLhb;_Q0Dh|zotH7
zE0AFxGiVaA2v?`G8s~Mpoj^!TEeAr?loB*YYXaL>HB)L~RGj(kuXCgRrmaO=%En*Q
z#D7pjP!j<D2Kp7#ZHPo#sRd59E;L={V$1s!T7wcA)KaAzlS!~fCoSffdX_brZ!#US
zhbF<z;W4R}17I#mepkxYOa%k>voC*nLtn-kqK}0}-g*djB1EuYd>NR%l33=X@U=z7
znN$Q=*z7+kbCR9gad7!`$UghYW@K&eQv;GHViqhd;kxd%(LtiFYp3j#(RSy@>o<`G
z$VJh=eGp&*CNQoK{t)FqTqhnu5u3Y2Ee(u&cDUm@AD?tod+3}b3-HjwVjPavxm5S$
z@I&%Dne-tnE@g|-P#Dj}&QLghIC=94nxdkw$|E0{)h=gVW>Dr}$A55BbnsZi9oZA8
zgZY1OEGj_LsFutJ(^SWmv`&$Z1UiZv)X%#O(g%bc{?k4F=kb{CPqV($O8gLaOedNO
zn1^+j9&p59L`AFvWWI?sLnwoBXu-H{QR7LIcvkI$6$0h{TFCo@I3blVDg(_?agy5M
zz8Ss33mv@z4hVlKElCjU`CLh<Iy9%OzOq0VchOMbMN#&2H2M|UdsNtY7Nw#eba0fp
zrg4fy`x-lAa%JCx(lC3$sU!=Ys&_nkd$)+wnz5B)8#cbpy%>+u0kR}Yvx~#)nGXeT
z;D(!;wa~4XpB2ON{m_uZCNwuZI+Q-kLNqyH3cX#6eYeSI)J=V%fHpJqUUt1)kTV28
z<`9qw9q$q$$J#Kgg&i;sY*!+qM(8xSMr`;eQCM}7Rb6B6S1d%pQ3X+0mCT1&)lwkZ
zdK-<o>;Y`KsIQX}<!ROf>BRyyHF|~@#{n8~YT20d07?JCn}p-)F+803VYE<@uwdCt
z%W-kHaSc63L(si;s8JU))`8kc)+myD4!9}=9H?<`jBXyFWGPgzdCpXEZqS7-a{Lb#
zTl@S73ZfJB^(zRX`|}}$705HfHEGl}vF#O=a{{E;+v@mxe~6SV|E2uNT`0Zbx#ZU0
z*~|pq$!V&6^zZbK-`&F-R7rix*LfIub03!SGY1?MqHJbw0F7Bi5b^3^n0cZnwb?LC
zdr(}zEf6(>_z%Pu5<pVzi<@D)x?yc>DEKNTh4~Te76uedU9fqpcAC8uey}I+3%ncR
z_b(+Ro9Zoa3*~YZ3-B7g9T%H>-o0=}w^nl-pO!k+uyNWK0%faW7#s`*{Q-!cJ;8nn
z#}4eM=S##(Ng>B6Vc=?f))$>|DQMSsQxKRJZWSCoKkm8v`b#F@i&Oc#2uW7N5Z0kn
zOSgQ8AYAZyJ!nPdOiK!XG74_$7b~i|60M%8pkhCI(BHt-DJOo}#;<}-=4OcHb?@14
zBBiK{2^{(H$Y`j(9m&UAeIWIE3p^Usp25uC2I_|wX5$~P$PF?HQ>E=RBz~8AFh?Na
zA~*yXsO^ar+w=?}6079y#?_9xg(XD9gFX>W>tikf_+AJNJy4=ChW2XO(bgkG2_@ly
zPswqxOeD#o{PFs!&$S?q2zahFNpd)ix2m`o{z%U)$d?%bmBBgUI@~>Ed}dt3@H!__
zIZ;SBDjYqDZp-FIj%)SInsl~c;#O^uCriTo1}`$t6={_*wrljNU%zeveYqb+29q9R
zmOeI5v;!xJQR^U^1&1YJMJ35TAHfvsZb04z|2vFcC<Gm)1cpBXVv*;MGjr<<Bvd2#
zH3Lb-`@lyXa-P#%_H4OS!0GyB^3*w0pbU+IL2PkC%B+Aoxq0oSD$)U@EVZVACI{#F
z<W&&TR!K<njh@yr1tr;9V6AQ8Ji4VLtPQX%<n`|@iYtdAm%VE`8&?n|V3M=qCRW(#
z^ZSoE*<I==#+F~sHYC+`q$V~OSuVHT>ccA|WVuj<z<Qy9c4!t^@rA=W9TL>U#9Ex8
zFBFZUG!06Px9rAI0`CFtD{6HkYwFc!+{DS^mZ(6OTDA6;G0DbcpzD;;79byu>2L#g
zdtq#7s<6DdjFcBapO)Ew?f0cccYO`Z)SIn)VcttSj*N7(755pj1&o^&PEE^egd|Ju
z3YZe%`<NoiO_bR=^B~j_AO^!@mF?|Xqh>P<9g}WG>VtSFY;kdtwvIyMG(ZzTkXwAs
z^aaRo#0VjvA^c|X48sjb>Vcj{ptfl30^WtM=ffQzB25aM9Hh#JG8g-wBr}4zCvKYV
z&d|8pza>ei!Wx2)g)fl&VbqCVA@_%K6#h#fq1|tBt59T}fJ8f`F3VmEjY{$%K~_Fc
zI0G-`K0kl@64VbZ^y1%Lmbc+Py(+u>=&Yzq4Z}e<18JEm-i)CHYEzff#bA8S3cLO7
zxOsO<*SnRZ9)x3{F#_4o>#`wnQRqgM`y|7AO9PoSf!-)|Mon|!c<gAFNRRGyPA^Nj
zhs&iG1YZ0{6h%2xiL7SzBqWK}hub=mvScBTm&ZWNAT8nS#FlgB5;9jb((+zVm#;zj
zZRTWdYno%y_2vz7#u#g(6+4bs4nA}#9rp^CKflv8;-`P^V)CL}m+<w9pNuL-ZPou;
zq1ec3{E3)@`vK7%A{kXQx>%G@n@UvsEQlbiqoAEiQ@qV(njVGCefr4M60$|#mKL(N
zMG>%;=RAXtJaJVUNXer$ngP(gJDLkJ|G8BstdB6Uk=S*Qp4ph3K$VM1UQ6i%hC{mm
z!8UYy*{Ie4mrs5031I<m+2Z))u3|?|ucCQ|?}1oe+q-}ie}_|)1Ao&uEH90hmpj++
zHI^5dV|}E`LVV5g()oC$pF`6fW$4++hu^<zzn&HB&~zSIyFt2QhSpFc*~{HizDiRt
zvoy%I`LHoB9D&6F5ALxczh#@=*aS(d-BrGB*y%MA*?vNKeH;m04FVIpum3e++?qFz
ztlXW+uv7ojwR>wP5t}jfYcC?l%TpD^&DfqZ()LLS;w}Nto`O?F#^5Tvk^-o{Dm}x`
zvcR2>iTrjR2P_#8FwvWYwmG~7d&Y@%8Z?5vN+Eb}iYjEc5!``|wdU~8Gm-O>M)Wl?
z%q-y;RS;)J8X<)jSVtDV@aBIml}rw>5hB&tjsF`@CS2v?vXKV#eIz9_RL~}AnJ}8n
zE_7;#lOPJh^>9yB3d{WS5B;wK8XUiYy4Ke;Rh{G>cwVs4%Ss{^Ec-BnfpD;K0`NIX
zthh+V$|E+)GwiEwfTPtZVcjq4@Yv9V;}|nO+|WLcw00@)q96p^ECq_$4DWzdajz^W
zx~@)otKn9HfqvL`l0VLI1=@H4ZE9t^#}H+bdD&MVPiMbltw3!G#d<g_jiPCl$j1-A
z(*(c9E3TL$q=KNGmYTY*2kl;|W*_%&Ij`3GVv@Wrk~*L=zBdMwEzoC(c6h(I9;@XK
ziW-{Y;hMmtV{uq{k8+!9g1EIga=<S*7D+_}t1Rb_ba3p(Gy2@rHf9Y1-t*|5Flo&I
zz?Y0CCE>;!3$kP51SD(m8t6a>+>}uO(q%eY{G6{jh#5v;DXrN<AJ#z07iUKK(yBhR
zDQq4O)XyOV76?quJ}bb!wgXKic|#HhSW)yArgxUVH6DlOHO6247|zrE5mQ<dW&JL9
zJXa#(QGu@}c@cPzT$K=Bu<TQmn+*$Ra-VlsOSN1+r|6l87mT?#?_eG=wG_~idF!45
zajB6;_(CU<MOi;P`n59e7_GV-gRXY|_?7544^=`gk?$roIm1~Au)LqI)jJKm6C=~N
zngfovRoc-AlJ!6LfY=OcQO$e5@rbNKC66REd{s$pzFvt4DS^y6^0sBIY&{BT%j~b4
z?W(y|J;Lwz^C5qe_u(_VJia;13{>UX3SVJ*Il001y^Q85POh+7WD7T7+|~5uGaS$t
z(S0P7v2%E@tWJCs`mVb&%$*BVM}oR7JrQmBZRJ8NWN>~h=#y)<JcOc$eo*Z!SRk7x
zKvGjWj&^bVMrg&GJ|3;=gxu5Af#jkER7xKb^Xlv>I1FaDBLc@&vs-DL#|f+Ul;*ar
zx_UARH{zlGXNJO=+4|s3zfjjdS16rjSzF3^dg&YQ-Gl=M3ah|D>c20uPYs}gcr8F%
zUIM<P2b95}Hq6p#G3zmvR{t>CO52Kl#K;x`xyXF~lw{FhjFhp4zTveCtuM0I0d#l;
zYe=GltY1_%9LRHsUt|sAd=w+Fu{F++g1dnPH_Gsr*!|gMiLbbPCgiWIj46D61R^Gx
z^(hTePbX6^pj};9s>#2<G}Wt~!U&eEsWU4&m623coB&(jhrbtx50S*RE#-QUICQ>f
zKR7yB!LzTQx6u^=NHTsVuR!Bu;_M9+)YAoFa%rH5KIAtX%U0&dKb^$VkkiNeL+Rbk
zU<Ib6+d4bB2rk)b<KicBtFB<Py;gAs<Z<sz0msBXB4YjAQ1>PyeUECcu{*4M2?Mzv
zadoK8h@NN}3GR?t&KBvk8vWpYr4t@eE^9+uKu!0&95M+IW>e!oSFf4wB3K!w)JU-Z
zjFh?~x}j|rfU0#d=U_RolgK0hrqlB}`nez|knO|)TbS@>aR(IAU;%gD%!{?p+?*Sg
zW>XGS0pS~0GAwGP{-+luy(Q-&=jz}F!O8Hn0w;5AV7N>R%L$eaF1y_;(d#rPgPOYQ
znjtR9wcW~oIL}`s@iLY7x2h?a09#<X*`^mTp8?FU;+0`?62xr@JU1=ZF6m%0+~0SQ
z!DEh%Fkn0_;r@K0M#Sff0UQ7n_KbTsnO=aqh<AB0x4?ps5(pdzo}B(cu@5;V0ygT_
zjD)^2Yem=@>dcD-F*ijIYI(<pAOaKf#I)xUKpwjo;n@yTn$k;FQJuXxvvm)i>_ZI<
zSVE1x!2NF#V5sqiNo)tweIV72l3%Y_6O?uue;P+gy;ltrtA6m04t`pZ5Ha~ylJ%jn
z6+I}tuxSh>g9k@1t<UW<KB044p8PHO+bI=h4H!Adc*zoVe_)#s^i&#IOZEKG$F>uX
zS3>VLIqx6VVhK3hkWm%bj0}!X$)hUPDT?u4W*u%KVSm^KDvNvgW<~RiYa9TY>kF&D
zoqK(VRLjri%s!Hr;+PKoDzYvO`G!Zd%|*e3oI1=sp~|)iTQkgJ-Aw*tYwG~0u>oBk
zyaAP2FqE@m4&osxAOu(uqUm?vw}lG28>!Vt@OGX3_adJGC7V%f9PR^&+7GKbx8~rL
z{42Db6p8|V^!&whG+w*lg^y{tXI$NqLKy5+V;3?u8CjY{2FhgMfHRMS8aZnBt%%^9
z9DW8QM6i>45kJTEp989I7s1G0m9(Y5yhch1vCzi&l2KKnn2;eLK&-vMjv0FDD^b5C
zznuk3y@lAI{2YWI;OBRx+lzuMeciU3Vu0{zz0(uu+8`i2jVx@}tj7#fyTp7*<K@le
z&V|(0!FdJ^GWQ@71wc>FE`B;OjYy&fD1;y9BzO@@4b53p&G3wVUuNC1Nva>GY1JK)
zb^uXudJoFfa4w|bGkSb6o#zuQj*@(NmCpy_nv~6Fv>ur-Q=B2MM7L8}P3ZL0D0yHx
zK5fWhiMdpL7A-xmJqK+jT=&rWo-+c{nUQ3`rFu1;l%I#=?AV#V%_9I2S%mz=#c(+t
zHaJ=p%Hb}%Go|<LvAgHR&RE!#9eaXeZ%?&MQWOsk)Nx~JfOXS=D&o@W_3KN1UEi}K
z(J)Reigo5~&ly@c*WD#KY}Q@CBQ^m_&b?UKDigo_8h}{0+9nJ1Z!HWfMf}4=wjHa?
z2}Jj?3}}K!fD@{c7w1s_4F;F7NpJT~a>c{nd8i<IfbBPI_+PL{;pDZha$a*SwfCRb
z=4ACEhRCUpF~o%XKi^d*vum41hZ0(?6<4y8a05j;ewrF~_H}KwOASKGj=^_dI=I~r
z1dtuQws~LlG;XVkUfPU1*&w!VQp+?j0%7jo=Q$m=+Y;z7eRFavxr-fz2cX18fIV-<
ziEbK7k5q>I9&|8ZhAyA0E+5Fq+S-W}@|ph0@*95R^`JqdF306uLj6o&>G+nwwG?HS
zOt<MwS|UNdr^-<xg|ndjU5~T=0@!`O8eiTg+A)!iY4zWv2U3d#pyZ9!|9;fBIgwdr
zbPa9lIGi|~YT$B{5~Jw$@%=rY(G=GkgzA)i$dWhw^xPluCAZ8lzlX4G6a>Kjn)Lr%
z5s4-aE*+y^Klk4Zp&+s6M&l!tZKQ`nOZ!NyEsuOH3Lg|ek`lFpUrew~y|wTYO;guc
z{<u^b+?>29$Aef}V1*aM$W!$$B1%wrLVg+EU`IctCi<d8^rmQTEv-cy(9aCd!p8SG
z0l6SJgS<Mt`EsxE`~-R+>HpeBQhoHk`K*Vz(*8sX<d8{Jizye2l=w#RacXh@1>o|W
zD_7ghcZA{(ze~a4sv%+UmmWm~B3Xmcs5^$-K7CDQlqSZ3WLBl2^tbR;E9L;!dc*P(
z=t_~r*j%{!)Bjsd#H5&&lo&G$MMBdIZsQx95bgYaRDK+K<M1s(f!HF^i1X>5E`8L^
zptc;_5g}t4J>-JcrQ7}VcflHg6!qcuJi@iT%2^r<-+UrU1ifV2Sy7cQ)IFt@4$x%(
zZ07`>dOUI9h+~d92$vIE7rY27qeJRoW=hScY|89k_BvOwJ4OCs90c-b5r1dsw9sY8
zv^y6IZe8YbdB?=(4B=v@(we%c)!tUPY01+g_fLzr(F7PRGZEb(jOak=l)rjYNcOjU
zDMX8z+2h6gLO=c0%HOmf<ttY`NCGE~b!mmM2z>1bh_p&~iA(B#mU8yH*9)M{5+6`g
z&Yl6EJPA@UNOH)By+z=a(L)o!HM(mkF9^_gp^i)J?uyoPxfg~=zjZ4{RnnD@DY%D0
z6XP#6S|ymo+S_C4CTBR&js;OKI<Ui5WRJpO%bif1_RAzgQelE9${ew~R`1unh4~8t
zeZ}VC4$~@*@9sEQDhtDtnZZe0C-gMmWfRTUs~NxQUCrAi$-b)Q=V*k=Z>>zVGWqyF
z0>uS7`WqPv5b95(8oJHCH10{Yrv621->P8j58{q!Br)thtZbG9##GyK=`2uWqG_kZ
zw9?IjJWWA)ShCVzpU>_g%a`KIguZ=db6VP0+usISnSLEc$&S`J9b5{x0ACFnpcF*=
zOS1!8s6!wGVS_@tnMR=2y0a~ihHQ@qq_6aCW=*m?MV(vb312W8Z-+wtBQBFm+Gw8G
z#m8RE;pI!^)Z3lE0{rtEMAl(X>q60td=;yxaukjfV5}8{dZkNy55ncD)crptvvqOJ
zJA96hltV*AzIn0fPVL0m=-iKN+VIu7_1?<8V_Yp#RY1l3;MW=@WWHXP1?t-lh+j)j
zSxbb8*q;*8Ag+3pcS^-XkX%3vauYczoTl&@cjq40x{(4dA&FF>$I%ecaQWQZy9G8+
zxSWfa&T%f^8DIPQ`~C~?3wA*763;_xo?fviuF98Xmp2$vL(^x3>-`ZqvL8-Lpj^)b
zni+myZx94{b~zUoW|+ELlEgsqr!PLEiTws^PRVX`i-%lC5M8Ya=!2u$Xf3Oa#Vs!6
zr+0`#auo_j9J*U!a5bcr4fRep5tFrI)YMyX6FDGrMSAQq`+AvY&InPSr15KKZAe;2
z2sop>w=#*l7()Q6_2(%Xd^j3#j>K@^>^6(P`Q(;!Lcyh4r97|P$`SgC`4yLRJbb+o
zBuCTYL0u|f@8$F6r(Q9zLDR|y9cRM${O)>yvUV#%?=7r^^PY7=GG0_6^<`hRTiG5c
zYo}thp=t3lZWt{;vG6xii&i70z@m%Sly%l5=xCfsCRM~CsHG&D6pmjG|KZ@KtNJI2
z#@5oNac8ImOGg=^u`amoUEOar!Wfr41nAlo8c+gi@j|+!dAa`BsX&%m<&v(?6PS-s
z5(^C-U=TD6kIDZ?5a1CIcR#0<h_5r~hli7`5A_93U?)i5bBXPchQRj_fR5)F-8OpD
zM`u0l*jprznC{>J3{^yd)58a9pU-&B=H6>4BQB;4JDvaND@0<@iyB{OX?ZMJ!91x?
zINj;*FKF>2U=%I^IS5M&RT`s3tgR=K8{bSM3Z92K>?Hh4<i*uOd->{(R8p+ixPKio
zp5@N58%%OGq&&9_MXDU)f2MY3r0=Pv@!DKr1+3grt~O~b7dLEQw=bN5mW6S1lfv!w
zRsACd%zG-GbB^Dx(q;uUmUP4M<O{01#>L*r`&Tp`7)a~RzC$@F7Z>ap|08k#B_#|N
zmO@?0pR1&Y<JGX^ux|OM=43VGCt)gu)!atmu!)NZ7}Is1^wtt8$~cH0()z8Lj&w5<
zmyXw@2q3>WmEPIEP3#j{NbF=rr$|Kyd@BH#l1Z~ss7s~{F~fkE$~F`+&P?6t*O^}G
z4szk%=L0m~SvGmTBd9lZ*?IFPC}0pFP)JzF-momFi&I;Mm-$bsrr;yt$AEx_6^OTv
z;&(TJ<a~Uq;(~?hT!|dDJddN~cHx82{+wKD3B;7oE)MUiLl~cA<V{C;o69qAP|~X+
zR<*1t)?07bMVts#D%<ZeE^#1v_Wv^?@go004uF`UNQ<@;lCUCxjypIu9TN%6Ds|N^
z$4qU>WIoG_f}xPuU;%ic*qDA6+bG95*)d8;K2>nbe0A*MeI}|!#;?+@NuyX*0D8|Q
zULn;=^JL;g9Y}lg6xq*RXf-@0`2|si)`$Aao1j^xN6mQ5^J6%`$Zm~$m2mIvJJ&HA
z)Fl;Ail$c`DB$pVvMQVlMZ{T}$l!PN#ko}}hT7fxdO(q0W2`0WvsxS_=1eB4KAUe;
z1H~6KUmzn&p8M+P;zR^J-`G|%+gc?Z+O?>>54QA*R5S<cIwAB`yehNED*d2Y8W9GL
z1Ar}aREjhps@ze<u-0d>5p_^t=+nN4g!HIF*)TNiZU~4(eh+aIFPZ=V005K&KQznj
dTA}~}l30MC0RV+PqPDTbXZr#G00004Sz1bq-;MwP

literal 0
HcmV?d00001