From a65da1ab22f1db1aaee50b5a97cc36d3322ad4e9 Mon Sep 17 00:00:00 2001 From: Guy Wyers Date: Mon, 30 Oct 2017 09:24:18 +0100 Subject: [PATCH 1/8] Added support for OpenVPN challenge/response protocol. --- src/Makefile.in | 4 +- src/TRAuthLDAPConfig.h | 4 + src/TRAuthLDAPConfig.m | 30 +++++- src/auth-ldap.m | 24 ++++- src/base64.c | 209 +++++++++++++++++++++++++++++++++++++++++ src/base64.h | 101 ++++++++++++++++++++ src/openvpn-cr.c | 77 +++++++++++++++ src/openvpn-cr.h | 19 ++++ 8 files changed, 461 insertions(+), 7 deletions(-) create mode 100644 src/base64.c create mode 100644 src/base64.h create mode 100644 src/openvpn-cr.c create mode 100644 src/openvpn-cr.h diff --git a/src/Makefile.in b/src/Makefile.in index b0eac7b..a568b9f 100755 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -34,7 +34,9 @@ AUTH_OBJS= TRArray.o \ TRVPNSession.o \ hash.o \ strlcpy.o \ - xmalloc.o + xmalloc.o \ + base64.o \ + openvpn-cr.o GEN_SRCS= TRConfigParser.m \ TRConfigParser.h \ diff --git a/src/TRAuthLDAPConfig.h b/src/TRAuthLDAPConfig.h index 9089816..4aa2c88 100644 --- a/src/TRAuthLDAPConfig.h +++ b/src/TRAuthLDAPConfig.h @@ -60,6 +60,7 @@ TRString *_pfTable; TRArray *_ldapGroups; BOOL _pfEnabled; + BOOL _passwordISCR; /* Parser State */ TRString *_configFileName; @@ -126,4 +127,7 @@ - (TRArray *) ldapGroups; +- (BOOL) passWordIsCR; +- (void) setPassWordIsCR: (BOOL)newCRSetting; + @end diff --git a/src/TRAuthLDAPConfig.m b/src/TRAuthLDAPConfig.m index d06ebe8..f7dcc00 100644 --- a/src/TRAuthLDAPConfig.m +++ b/src/TRAuthLDAPConfig.m @@ -78,6 +78,9 @@ LF_GROUP_MEMBER_ATTRIBUTE, /* Group Membership Attribute */ LF_GROUP_MEMBER_RFC2307BIS, /* Look for full DN for user in attribute */ + /* OpenVPN Challenge/Response */ + LF_AUTH_PASSOWRD_CR, /* Password is in challenge/repsonse format */ + /* Misc Shared */ LF_UNKNOWN_OPCODE, /* Unknown Opcode */ } ConfigOpcode; @@ -156,6 +159,13 @@ { NULL, 0 } }; +/* OpenVPN Challenge/Response */ +static OpcodeTable OpenVPNCRVariables[] = { + /* name opcode multi required */ + { "PasswordIsCR", LF_AUTH_PASSOWRD_CR, NO, NO }, + { NULL, 0 } +}; + /* Section Types */ static OpcodeTable *Sections[] = { SectionTypes, @@ -173,7 +183,8 @@ AuthSectionVariables, GenericLDAPVariables, GenericPFVariables, - NULL + OpenVPNCRVariables, + NULL }; /* Group Section Definition */ @@ -181,6 +192,7 @@ GroupSectionVariables, GenericLDAPVariables, GenericPFVariables, + NULL }; @@ -684,6 +696,7 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value { switch(opcodeEntry->opcode) { BOOL requireGroup; + BOOL passWordCR; case LF_AUTH_REQUIRE_GROUP: if (![value boolValue: &requireGroup]) { @@ -706,6 +719,14 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value { [self setPFEnabled: YES]; break; + case LF_AUTH_PASSOWRD_CR: + if (![value boolValue: &passWordCR]) { + [self errorBoolValue: value]; + return; + } + [self setPassWordIsCR: passWordCR]; + break; + /* Unknown Setting */ default: [self errorUnknownKey: key]; @@ -979,4 +1000,11 @@ - (TRArray *) ldapGroups { return _ldapGroups; } +- (BOOL) passWordIsCR { + return (_passwordISCR); +} + +- (void) setPassWordIsCR: (BOOL) newCRSetting { + _passwordISCR = newCRSetting; +} @end diff --git a/src/auth-ldap.m b/src/auth-ldap.m index ec7564a..9ecd805 100644 --- a/src/auth-ldap.m +++ b/src/auth-ldap.m @@ -43,6 +43,8 @@ #import +#include "openvpn-cr.h" + /* Plugin Context */ typedef struct ldap_ctx { TRAuthLDAPConfig *config; @@ -429,8 +431,19 @@ static BOOL auth_ldap_user(TRLDAPConnection *ldap, TRAuthLDAPConfig *config, TRL static int handle_auth_user_pass_verify(ldap_ctx *ctx, TRLDAPConnection *ldap, TRLDAPEntry *ldapUser, const char *password) { TRLDAPGroupConfig *groupConfig; + const char *auth_password = password; + if ([ctx->config passWordIsCR]) { + openvpn_response resp; + char *parse_error; + if (!extract_openvpn_cr(password, &resp, &parse_error)) { + [TRLog error: "Error extracting challenge/response from password. Parse error = '%s'", parse_error]; + return (OPENVPN_PLUGIN_FUNC_ERROR); + } + auth_password = (const char*)resp.password; + } + /* Authenticate the user */ - if (!auth_ldap_user(ldap, ctx->config, ldapUser, password)) { + if (!auth_ldap_user(ldap, ctx->config, ldapUser, auth_password)) { [TRLog error: "Incorrect password supplied for LDAP DN \"%s\".", [[ldapUser dn] cString]]; return (OPENVPN_PLUGIN_FUNC_ERROR); } @@ -535,10 +548,11 @@ static int handle_client_connect_disconnect(ldap_ctx *ctx, TRLDAPConnection *lda /* Per-request allocation pool. */ pool = [[TRAutoreleasePool alloc] init]; - username = get_env("username", envp); - TRString *userName=[[TRString alloc]initWithCString: username]; - password = get_env("password", envp); - remoteAddress = get_env("ifconfig_pool_remote_ip", envp); + username = get_env("username", envp); + TRString *userName=[[TRString alloc]initWithCString: username]; + password = get_env("password", envp); + remoteAddress = get_env("ifconfig_pool_remote_ip", envp); + /* At the very least, we need a username to work with */ if (!username) { diff --git a/src/base64.c b/src/base64.c new file mode 100644 index 0000000..eec7d98 --- /dev/null +++ b/src/base64.c @@ -0,0 +1,209 @@ +/* + * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* ==================================================================== + * Copyright (c) 1995-1999 The Apache Group. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the Apache Group + * for use in the Apache HTTP server project (http://www.apache.org/)." + * + * 4. The names "Apache Server" and "Apache Group" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache" + * nor may "Apache" appear in their names without prior written + * permission of the Apache Group. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the Apache Group + * for use in the Apache HTTP server project (http://www.apache.org/)." + * + * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Group and was originally based + * on public domain software written at the National Center for + * Supercomputing Applications, University of Illinois, Urbana-Champaign. + * For more information on the Apache Group and the Apache HTTP server + * project, please see . + * + */ + +/* Base64 encoder/decoder. Originally Apache file ap_base64.c + */ + +#include + +#include "base64.h" + +/* aaaack but it's fast and const should make it shared text page. */ +static const unsigned char pr2six[256] = +{ + /* ASCII table */ + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64, + 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64, + 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64 +}; + +int Base64decode_len(const char *bufcoded) +{ + int nbytesdecoded; + register const unsigned char *bufin; + register int nprbytes; + + bufin = (const unsigned char *) bufcoded; + while (pr2six[*(bufin++)] <= 63); + + nprbytes = (bufin - (const unsigned char *) bufcoded) - 1; + nbytesdecoded = ((nprbytes + 3) / 4) * 3; + + return nbytesdecoded + 1; +} + +int Base64decode(char *bufplain, const char *bufcoded) +{ + int nbytesdecoded; + register const unsigned char *bufin; + register unsigned char *bufout; + register int nprbytes; + + bufin = (const unsigned char *) bufcoded; + while (pr2six[*(bufin++)] <= 63); + nprbytes = (bufin - (const unsigned char *) bufcoded) - 1; + nbytesdecoded = ((nprbytes + 3) / 4) * 3; + + bufout = (unsigned char *) bufplain; + bufin = (const unsigned char *) bufcoded; + + while (nprbytes > 4) { + *(bufout++) = + (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); + *(bufout++) = + (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); + *(bufout++) = + (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); + bufin += 4; + nprbytes -= 4; + } + + /* Note: (nprbytes == 1) would be an error, so just ingore that case */ + if (nprbytes > 1) { + *(bufout++) = + (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); + } + if (nprbytes > 2) { + *(bufout++) = + (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); + } + if (nprbytes > 3) { + *(bufout++) = + (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); + } + + *(bufout++) = '\0'; + nbytesdecoded -= (4 - nprbytes) & 3; + return nbytesdecoded; +} + +static const char basis_64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +int Base64encode_len(int len) +{ + return ((len + 2) / 3 * 4) + 1; +} + +int Base64encode(char *encoded, const char *string, int len) +{ + int i; + char *p; + + p = encoded; + for (i = 0; i < len - 2; i += 3) { + *p++ = basis_64[(string[i] >> 2) & 0x3F]; + *p++ = basis_64[((string[i] & 0x3) << 4) | + ((int) (string[i + 1] & 0xF0) >> 4)]; + *p++ = basis_64[((string[i + 1] & 0xF) << 2) | + ((int) (string[i + 2] & 0xC0) >> 6)]; + *p++ = basis_64[string[i + 2] & 0x3F]; + } + if (i < len) { + *p++ = basis_64[(string[i] >> 2) & 0x3F]; + if (i == (len - 1)) { + *p++ = basis_64[((string[i] & 0x3) << 4)]; + *p++ = '='; + } + else { + *p++ = basis_64[((string[i] & 0x3) << 4) | + ((int) (string[i + 1] & 0xF0) >> 4)]; + *p++ = basis_64[((string[i + 1] & 0xF) << 2)]; + } + *p++ = '='; + } + + *p++ = '\0'; + return p - encoded; +} diff --git a/src/base64.h b/src/base64.h new file mode 100644 index 0000000..2915796 --- /dev/null +++ b/src/base64.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* ==================================================================== + * Copyright (c) 1995-1999 The Apache Group. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the Apache Group + * for use in the Apache HTTP server project (http://www.apache.org/)." + * + * 4. The names "Apache Server" and "Apache Group" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache" + * nor may "Apache" appear in their names without prior written + * permission of the Apache Group. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the Apache Group + * for use in the Apache HTTP server project (http://www.apache.org/)." + * + * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Group and was originally based + * on public domain software written at the National Center for + * Supercomputing Applications, University of Illinois, Urbana-Champaign. + * For more information on the Apache Group and the Apache HTTP server + * project, please see . + * + */ + + + +#ifndef _BASE64_H_ +#define _BASE64_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +int Base64encode_len(int len); +int Base64encode(char * coded_dst, const char *plain_src,int len_plain_src); + +int Base64decode_len(const char * coded_src); +int Base64decode(char * plain_dst, const char *coded_src); + +#ifdef __cplusplus +} +#endif + +#endif //_BASE64_H_ diff --git a/src/openvpn-cr.c b/src/openvpn-cr.c new file mode 100644 index 0000000..7151e79 --- /dev/null +++ b/src/openvpn-cr.c @@ -0,0 +1,77 @@ +#include "openvpn-cr.h" + +#include "base64.h" +#include + +static const char * static_cr_label = "SCRV1"; +static const char * dynamic_cr_label = "CRV1"; + +int set_token_b64(const char * source, char * destination) +{ + if (Base64decode_len(source) >= MAXTOKENLENGTH) + return 0; + Base64decode(destination, source); + return 1; +} + +int set_token(const char * source, char * destination) +{ + if (strlen(source) >= MAXTOKENLENGTH) + return 0; + strncpy(destination, source, MAXTOKENLENGTH); + return 1; +} + + +int extract_openvpn_cr(const char *response, openvpn_response *result, char **error_message) +{ + const char *tokenIndexes[15]; + tokenIndexes[0] = response; + int tokenCnt = 1; + const char *p; + for (p = response; *p; ++p) { + if (*p == ':') + tokenIndexes[tokenCnt++] = p + 1; + } + + if (tokenCnt == 3 && strstr(response, static_cr_label) == response) + { + if (!set_token(static_cr_label, result->protocol)){ + *error_message = "Unable to set static protocol information."; + return 0; + } + + if (!set_token_b64(tokenIndexes[1], result->password)) { + *error_message = "Unable to extract password from static cr."; + return 0; + } + + if (!set_token_b64(tokenIndexes[2], result->response)) { + *error_message = "Unable to extract response from static cr."; + return 0; + } + } + else if (tokenCnt == 5 && strstr(response, dynamic_cr_label) == response) { + if (!set_token(dynamic_cr_label, result->protocol)) { + *error_message = "Unable to set dynamic protocol information."; + return 0; + } + + if (!set_token_b64(tokenIndexes[2], result->password)) { + *error_message = "Unable to extract password from dynamic cr."; + return 0; + } + + if (!set_token_b64(tokenIndexes[4], result->response)) { + *error_message = "Unable to extract response from dynamic cr."; + return 0; + } + } + else { + *error_message = "Incorrectly formatted cr string."; + return 0; + } + return 1; +} + + diff --git a/src/openvpn-cr.h b/src/openvpn-cr.h new file mode 100644 index 0000000..8ea2997 --- /dev/null +++ b/src/openvpn-cr.h @@ -0,0 +1,19 @@ +#ifndef OPENVPN_CR_H +#define OPENVPN_CR_H + +#define MAXTOKENLENGTH 1024 + +typedef struct +{ + char protocol[6]; + char password[MAXTOKENLENGTH]; + char response[MAXTOKENLENGTH]; +} openvpn_response; + +/* Parse a string containing an openvpn response and store the result + into an openvpn_response struct. + If parsing succeeds result will be in result and 1 is returned. + If parsing fails, 0 is returned, error_message is set */ +int extract_openvpn_cr(const char *response, openvpn_response *result, char **error_message); + +#endif \ No newline at end of file From 880372bda4e5583c2d2051e5391612bf0e277939 Mon Sep 17 00:00:00 2001 From: guywyers Date: Mon, 30 Oct 2017 09:28:23 +0100 Subject: [PATCH 2/8] Update auth-ldap.conf --- auth-ldap.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/auth-ldap.conf b/auth-ldap.conf index 6be38a4..5dcc3bf 100644 --- a/auth-ldap.conf +++ b/auth-ldap.conf @@ -46,6 +46,8 @@ # Add non-group members to a PF table (disabled) #PFTable ips_vpn_users + # Uncomment and set to true to support OpenVPN Challenge/Response + #PasswordIsCR false # Match full user DN if true, uid only if false RFC2307bis true From 0f0b929b14199ab9dd2992ccd6cdc545bf18c46e Mon Sep 17 00:00:00 2001 From: guywyers Date: Mon, 30 Oct 2017 12:15:55 +0100 Subject: [PATCH 3/8] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9ed7921..3be9a00 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ The OpenVPN Auth-LDAP Plugin implements username/password authentication via LDA * LDAP group-based access restrictions. * Integration with the OpenBSD packet filter, supporting adding and removing VPN clients from PF tables based on group membership. * Tested against OpenLDAP, the plugin will authenticate against any LDAP server that supports LDAP simple binds -- including Active Directory. + * Supports OpenVPN Challenge/Response protocol, enabling it to be used in combination with one time password systems like Google Authenticator ## Building From dc387b1f4c3d36d4467331b595ddecf79d70c5ac Mon Sep 17 00:00:00 2001 From: Guy Wyers Date: Fri, 3 Nov 2017 19:22:06 +0100 Subject: [PATCH 4/8] Fixed build process for gcc 5.x --- aclocal.m4 | 9 +++++++++ src/TRObject.h | 1 + tests/PXTestConsoleResultHandler.h | 1 + 3 files changed, 11 insertions(+) diff --git a/aclocal.m4 b/aclocal.m4 index e509555..e5b7dbf 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -157,11 +157,20 @@ AC_DEFUN([OD_OBJC_RUNTIME],[ AC_LINK_IFELSE([ AC_LANG_PROGRAM([ #include + #ifdef __GNU_LIBOBJC__ + #include + #else #include + #endif ], [ + #ifdef __GNU_LIBOBJC_ + Class class = objc_lookUpClass("Object"); + puts(class_getName(class));_ + #else id class = objc_lookup_class("Object"); id obj = @<:@class alloc@:>@; puts(@<:@obj name@:>@); + #endif ]) ], [ od_cv_objc_runtime_gnu="yes" diff --git a/src/TRObject.h b/src/TRObject.h index ade292e..34e6efb 100644 --- a/src/TRObject.h +++ b/src/TRObject.h @@ -39,6 +39,7 @@ #import #import +#include #import "PXObjCRuntime.h" diff --git a/tests/PXTestConsoleResultHandler.h b/tests/PXTestConsoleResultHandler.h index dd7ec91..179d91e 100644 --- a/tests/PXTestConsoleResultHandler.h +++ b/tests/PXTestConsoleResultHandler.h @@ -25,6 +25,7 @@ * OTHER DEALINGS IN THE SOFTWARE. */ +#include #import "TRObject.h" #import "PXTestResultHandler.h" From f06effecc42b26cb9432edb218453882e9d242bf Mon Sep 17 00:00:00 2001 From: Guy Wyers Date: Tue, 28 Nov 2017 15:09:50 +0100 Subject: [PATCH 5/8] Fixed typo in TRAuthLDAPConfig.m --- src/TRAuthLDAPConfig.m | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/TRAuthLDAPConfig.m b/src/TRAuthLDAPConfig.m index f7dcc00..81e2bdd 100644 --- a/src/TRAuthLDAPConfig.m +++ b/src/TRAuthLDAPConfig.m @@ -79,7 +79,7 @@ LF_GROUP_MEMBER_RFC2307BIS, /* Look for full DN for user in attribute */ /* OpenVPN Challenge/Response */ - LF_AUTH_PASSOWRD_CR, /* Password is in challenge/repsonse format */ + LF_AUTH_PASSWORD_CR, /* Password is in challenge/repsonse format */ /* Misc Shared */ LF_UNKNOWN_OPCODE, /* Unknown Opcode */ @@ -162,7 +162,7 @@ /* OpenVPN Challenge/Response */ static OpcodeTable OpenVPNCRVariables[] = { /* name opcode multi required */ - { "PasswordIsCR", LF_AUTH_PASSOWRD_CR, NO, NO }, + { "PasswordIsCR", LF_AUTH_PASSWORD_CR, NO, NO }, { NULL, 0 } }; @@ -719,7 +719,7 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value { [self setPFEnabled: YES]; break; - case LF_AUTH_PASSOWRD_CR: + case LF_AUTH_PASSWORD_CR: if (![value boolValue: &passWordCR]) { [self errorBoolValue: value]; return; From e159b7c5919058d7aa6189b2ad2b4b29f1801837 Mon Sep 17 00:00:00 2001 From: snowrider311 Date: Sat, 27 Jan 2018 11:05:43 -0700 Subject: [PATCH 6/8] Added support for LDAP search queries to determine group membership. Added scripts and documentation for building on Ubuntu 16.04 LTS. --- .gitignore | 17 ++++++++++ README.md | 30 ++++++++++++++++-- auth-ldap.conf | 9 ++++-- ...n-auth-ldap-snowrider311_2.0.3-1_amd64.deb | Bin 0 -> 61896 bytes src/TRAuthLDAPConfig.m | 14 +++++++- src/TRLDAPGroupConfig.h | 4 +++ src/TRLDAPGroupConfig.m | 9 ++++++ src/auth-ldap.m | 30 ++++++++---------- ubuntu_16.04_lts_build.sh | 13 ++++++++ ubuntu_16.04_lts_package.sh | 13 ++++++++ 10 files changed, 117 insertions(+), 22 deletions(-) create mode 100644 .gitignore create mode 100644 openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb create mode 100755 ubuntu_16.04_lts_build.sh create mode 100755 ubuntu_16.04_lts_package.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ffce6a5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +Makefile +Mk/autoconf.mk +Mk/compile.mk +Mk/subdir.mk +autom4te.cache/ +config.h +config.h.in +config.log +config.status +configure +docs/Makefile +docs/doxyfile +src/Makefile +tests/Makefile +tools/Makefile +AuthLDAP.xcodeproj/project.xcworkspace/xcuserdata/ +AuthLDAP.xcodeproj/xcuserdata/ diff --git a/README.md b/README.md index 3be9a00..af0e17a 100644 --- a/README.md +++ b/README.md @@ -22,12 +22,38 @@ The OpenVPN Auth-LDAP Plugin implements username/password authentication via LDA To build, you will need to configure the sources appropriately. Example: ``` -./configure --prefix=/usr/local --with-openldap=/usr/local --with-openvpn=/usr/ports/security/openvpn/work/openvpn-2.0.2 +./configure --prefix=/usr/local --with-openldap=/usr/local --with-openvpn=/home/sean/work/openvpn-2.0.2 ``` -The module will be build in src/openvpn-auth-ldap.so and installed as +The module will be built in src/openvpn-auth-ldap.so and installed as `${prefix}/lib/openvpn-auth-ldap.so`. +#### Building On Ubuntu 16.04 #### + +The following steps were tested on a clean Ubuntu 16.04 LTS Amazon EC2 m5.large instance in January 2018 (source AMI: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180109 - ami-41e0b93b). + +If you wish to repeat this process, follow these steps on your own machine: + +``` +git clone https://github.com/snowrider311/openvpn-auth-ldap +cd openvpn-auth-ldap/ +./ubuntu_16.04_lts_build.sh +``` + +The `ubuntu_16.04_lts_build.sh` script will install all needed build dependencies, perform the build, and install `openvpn-auth-ldap.so` to `/usr/local/lib`. + +If you then wish to create a Debian package, you can then run this script: + +``` +./ubuntu_16.04_lts_package.sh +``` + +That script will install [FPM](https://github.com/jordansissel/fpm) and then use it to build a Debian package. If you then run `sudo dpkg -i openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb`, then `openvpn-auth-ldap.so` will be installed to `/usr/lib/openvpn`, the same location as the standard, unforked `openvpn-auth-ldap` Debian package installs to. + +Note: Superuser privileges are required to run these scripts. + +If you just want the Debian package, it's checked into this repository ([direct link](https://github.com/snowrider311/openvpn-auth-ldap/blob/master/openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb)). + ## Usage Add the following to your OpenVPN configuration file (adjusting the plugin path as required): diff --git a/auth-ldap.conf b/auth-ldap.conf index 5dcc3bf..300f9c4 100644 --- a/auth-ldap.conf +++ b/auth-ldap.conf @@ -49,8 +49,13 @@ # Uncomment and set to true to support OpenVPN Challenge/Response #PasswordIsCR false - # Match full user DN if true, uid only if false - RFC2307bis true + # Default is true. Match full user DN if true, uid only if false. + # RFC2307bis true + + # Default is true. Uncomment and set to false if you want to use a Search operation to determine group + # membership instead of Compare. Lower performance, so Compare should generally be used, but Search is + # required in certain LDAP environments. + # UseCompareOperation true BaseDN "ou=Groups,dc=example,dc=com" SearchFilter "(|(cn=developers)(cn=artists))" diff --git a/openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb b/openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb new file mode 100644 index 0000000000000000000000000000000000000000..8a07634ce4becd5d1bebb8708524cb0e8f8f7cef GIT binary patch literal 61896 zcmagFdpuKr{0FWZl`@wixh%wrSdxSx3FWp*$o(U^7cFG2D=J$qON!j42)W-`j8%pt zMsDTqxL;=&!!Ezm_xrp4_49b_ymv0|_v`t(zh3V%G6ar#{VAwef{t71(oxMUHyCm9{W8|32=F=;t>M>|DCUX z{?h+R;J?Grn1ehil z_7~m^2eLPM(uHc?R^(N^7=c8}8p1OC)7!lRQGxw|9T(hZC)Y9#sq9b8${!+)R@fC? z_uuZdF4R;welR$`&?&p(_h`;|H2)~Q@N4l~WIwt1uPwV?0iLiEshPo=Wst3Rte0I( zS^HOfAK&SizrvTTa594{UG(hK38luX*#3Iu2{*^XKVMO;qhd54J*f@OZr4ty%TRa! z=4@wVoLRg)9qH@+6YWTX?EEJ(cQINr$EfEg5L2Nt4VfZpAon*a>wa;_cHuGbTQZ2B zjunHRn)LzB(v&KKzPvr(?PT~t2I^)^l#N;rtUrR`begCnH&5#apFQiG+sMszLnS6U z5cL@~bQLhbi%o&5}CLtX4R)dnU#H3j2NaXmaao37J{jHsN@P(GDB@xZbk z`sLYmT%M-p3VLEExz988GM*k8#46-|IX26N2gk9wl25{^Zezu1FO?MRx?T>HiM;XZ zUQUgZxgY=WXYnnzZ`DF~Ojc~;pMb1M37KE1eGPltw0o)~N_L08`gAhr@6k8+C{8ja z4LBh~cXmDuOY@T9TM+n&%t4vwf>-}Phpxpf5wfLSF3%Yrp8GBVF8{a5fcEhJXLXlU zRW&vK$8P@LR}pU#M6YzIo*|;w_KU ztJT#J>T;Ady-p5mtB6O=a3|5`otO)53OklK{09LJu!z~v1H9m8JEec6BB0dxkxmw&QoH>AU9 z<1cH{lNb7_5=UFrCyBuB8u;PUs0#e{w*T46#RqQBzb(sVmuI}ZRHiocuz|dzdUoo` zw{zJaty(jb;?rDMTh10$vlC%;q$BrE-YKl`ma43E>Bw|RFP{l>9cj05tn`fN@!#-rN za>r9O{NJ>jpOpVm$(huZtNHNf>b*r_`~4*22aCldtg=GQ(R+)>?XN!Qe_Sn8SM}!t zI`g=F<{uSfJy;DDV9$0rovk7Lx%1cY#in2L6ZKKdo@MoW5`sh3_jcd>sS$hPGoo8H zOPVchgzqAAGFnHw-iWSKFgh3+ZS&VF;Tr-KO;FhMV?~a zral|eBKLE@GWVMmvWnr_-T?u-zVlvtE!Tr}^eZW~ad{H0(RWS@YpQOHdl^?<(udvb{#px#wb~ zArFmrTO3EyEOxekPK1h~8>_xFEOOY8)ZmdI>-5d`fl}qh-#c>+Ij)z+=+Vb#&oOj& z2m4>7Nr%n1XYMv&=A1JhaCT6zFxMTiff9%QCqGU7*b0xvp<|)Uc)pd05ZBqrcF5SW z?xcZ}a@JlQhL0@GZGLQ?$9*r z(-Md?B3owr^-wSsEgsPd)c$JM)>==B$-${8$B%7Id*hI1*<(e`!7l_R7_BP zW(sYa#=2Go;<$?Dgi?*AFAPLk*GqWU)b<&31i5EQS-ppV_gvq+ri^}HP;*68m2tP_jK&bJhFX%V!boxjh?{h%4<5YR=q{! z1*h!&RL=xv*DN1OBH!X3pEJ;JgYad(M2pH2w#P>VR<%zuUMS3C4o&BYAwrzx^n`-X zL<^lt)f|5~UVC+nH}m8+R}>{3kv+8_UKxvWj7604WX6+%p5hLH?^5_YY|5{}NBjm*F2r6aD_$jyRHOsTNscjr-z_ zPV`gf=Oo7<+|>Js$-Ap57xDH9)XUTUFd%FfR)M*!OUgKq>2niia}}cvqzJtkj$2Rd za{jCQO>}N7l3RVKt<+GL_L5p6-8R`Z_H&vzs(9xuf?*`_eUIML0Pd=WBa+{ zz_w^hp>Fd13Fl9X(-dcbxUmqY?7x=yhOoU>K9upxH?RSSUQJ)dfP^zu;2bDb*80{S*Uzl z?^=l78tZ)Dc6Jxke6cU^hlj@WxdeNuh3U$aYd&b2z@$awi3}FGs)MQnhLP2KQXNjknlO ziWBo8iBF2K*bxF%*UVISUsjM__S@$&scD_S}5G_y36 zTDt1Kw)+lwI6~mU*=O(Ct|5Po^41s2P~IF0z45pq;iplLJ5ihXZTK{=+sjG?*v0qr zrYZA>K3)$~a5K86Q~qOryP3ygTC-w)N$&GLFL*{#T-L*y%5)AEWTd55?UOjI!j^LWTU&pmAei@~i z1~dzg0I5HC)h=f>KE6Mha!9a~5|w1~q{lrMPIyOaa-6tUd-q|{gFb!5bkXEFijc{$ zTW*viJMk7yn6UK2HFwbc*CQ?AjFWdx|4shE+wuHF?x9{0Q;*Yw7gLf~D7_gIMO{G* zw~ib7n9HLc?vedjRvwIquEXwcY!mgS?I~cAwL&GmDAy=9@85pXct9txQsi?l$%qVUQ+f0X402HyCbmMi_TX1(l@3!G~=F z3x)6TiX`mZb5VXXQf_8al-7lnEUFeg`h~-YR$HwUUAyj`=+I`ECgN9T7#yRZRFaoo zRswHhuw5J^*zQ{W*(wqV!*!pWJ_p{R76j_tSJ+)h#eU0*z}6W}HLHEGbh5OJw@h9+ zmS=`^MwE=EHRLZT{K4*@$T+b+rCpv1*wvUEuIZot@93$t;ZrMD9NUvlC{cdaKDbdU zUM^6n=&Ja>*KS*oJD+^zOA;qViBy819-II59(wtTGH%b}1xB$5vVw-xXi-T=cZ} zP8YfSFfNdeU3v3gE2Tt!t^Bhs%O{1IhyAohyI5{6HWa(ln6v}YRc2WG^1f$;-fE}Z zx~+t_jPF^LPBa$pYCD+9@#fgV3r7}SXCfW@{pqAX=X{>~jYq5aaFs1LHE3#G57<|? zqH*kw7S}(1?8dsFb2ZV7JK8=;_kWk>e4{D0PSGrXmj-`FvQ=^-Jd}JBAHHICXx~qh zix`Wk=n%p9`e}~t0rXPg!OxhD?efsmy4=ewi|edh5qYTWini673xLc}**-`Q6f<#> z<;0~=xdD2OSJw{H59;#83Dbz?Yl`&aOvGiQFdcLp`r!IK(%28@?^~w@0PSxX6z2ne z@{Rn%hAjNJFHkA{ZrC8q`4OCcU|bjQeWXXfw8}%D{HBd7<$(z4K@cX0!vt9ZFI9-V z2Z3Z+tnLBiSNGCSGEbpw4h8-pm38y6v$7LxzC~mC+<$V;(``OLyXQL4weyqc;%y!j7i#x(}%a3p$pj2?nK+h!1tWR(Eie5|bO$HKin0*rlD?O>BXY>5Ol>0Jpswqp^8!J?1ud~VS* z99ETLl+vmG(jTB*bNm#YE{O1!EI}5e@QDspkdBPFrZy@(aA?ELT;~oJaz(G8+Xgpw zko{hPa}wmVRXxPD)=2kAgR91Fm=-Siqu)r!=$IiZxvO411VUHbaO#(nhSLA4-Q-fT z3phCKkF;Kjh^#Jj=d)3!>`J6=UiU06^nXdSyCB{hh8&uAKoagAHok9l6V`^&?d#)rKt4~ zb&f8eGRHm{{*g)!1k1A36NCQ~0ZYa$61I_=9({v`0pS~Xp$zOay z(ubJA76$(kv0gV4Gs{tS)Y>1-%PQ)n5rc)T<8`hFmIxX;y6CJgm0X^0(6DqqBmQ2j9B_%$Q79G!Au_dG0<)> zQo1sL!75Ie`VD5t(qc|w@n2!3;sZSN_HoNoPA{n++#L*o+3y}$=I4JBG{R=`WD3(2 z!+s+0tNDW5Z+WXadi0ZF1t&9A0gt9Uqv3L~1#>l($qz=2lDYyw@hVFCJ`|}$|Lt@a zf~%jH)cv6=4WZYMPs*=E;gKTvOy)i2ek|X3Pd*NIjm5*fhKn9g{7p%ei@l&IRG9wlAqA2wfmZznkQC}+%TmYYO zweP`CkvBw;DNHi;oB!Fx3AF-x{u<)DM=bMHn0G2FPQ>{rbn?Ht(TT~+e{`i`^ySd; zEoZ=fVp0n{)u2aDOv-R{m}qrfU4VN8sz(`o(2jGdurV-m;=kqKS*d@bzKC0rf*aR8CE+h!ZaT4$Gmpl_QVt;v{xIaBzh?X9Y1{$q)E&_2ZVO zb#nzUg};rl@A1#<#_SKh@P1YLGxAH_=Nh%oeJ<7Y4qJ4Hr3Cra#G z00Z4|bA%OOHP?C(41(%&aR$qiLBblFO*>bH`5V%RA|cd|o0AM7o3YmIzs})fh7RG} zB-s^%@Y%a~nmI47khW-&x}Ky?x;k76AYwaX5COuOOs7a@(_Kh5Wn}e+P$m&Bq9>&r z3^*~5cmihyx4wG3W*%l9!xip!3evY%#TBHVQV*iYb}$?_Ebl=(#b7nxvqjy6v~$4@ zjLPap4kKi53TRiCNeRY6_(Y~%b%ZcdpQbRH-;V?|=fWxVz3c>H0qqRRih33(An;R; zZt&rDUneWl_fRxjwr_2pc6u6--pb#A9`_yhZj_|-g=yjnwY=m@7AS^cH#=gCXfjUE zM@_@76o;mwStq$XbiYEzwQPtG*lxWg)-~Ryn0C!#3j-C9q^y1sVBt&o*WjlSuZacG zvUD*}JHfZMYytIZf*|zv;-P^XO8vpWLg>@OD6x&~RF(~{Fz|6K(GKQA>Dxh+&^6*e zpg#mjx|IG)Aqk-GMmSP*PL%E*+-2%e!oh%6xY%v%5FSDIVeO;z&E{HkpbaSdurQOb zYkhhs#us()rf-Kor*GB)SXlRZ)*3?{h)QLNX>wPgzvrTHg;bi{$#5Jqr+}lrUG#|4 zx0Md2y4j;Us&S1ik~^rl(aUf8k5Xu-oU9kY^}f_?-;XY`7p7-r2dov$$Z1d-mo* zAGyV{>z0BCU)0QBcvxqaCVuc!&I_K0;?I)Gw4Po+BPE{H_}rpUExxa8PGUQz$!L5 z?r#;2I50!Hun1(z`F7f`t8fkgGwE($b94=X8P>fnL-MuZbiQ|vEG0_E7yrKIG5=$6 zNMB$lWNJyg$xVOwDzFezzUax-N;!zxRA z0Q1~VO8ZPblrHy6%Yby4dx8GJ*5k4?%eTNJEZ5dU;buk$Z2=qIp=B^!1Tm*{>}F)L zJAzIFGvTngEU2us+TyS0EsXh7zM~khT)UZk4z(VUHmfzxuDdc!inh6IvA$~ti2uoN z`=lndxQ|Z2VH43}==i{|g_OjyD9d!jQLZ5U_vzjgG?b&Wa)y2`;2u~~dcipCeUE%i z5s(Z4FixDtVn})s(N{=38OKma!9az^(cTmyloJdXGR3g431?Z~ooch;4c8aMdE>D= zzoVT+P!Pl*czLLTJ*_% zGBI$Cw4Z&Me*8ya6q+Z{RFD>l5u=}CB~lV|ow3p8$! z0pc0jOAlOyKI(=GlMjV;HG>AX1P9mEwZ?jUEmYYd%*PEt;iyW^er#H}+U17wh*&h5 zw*>-Tf&GC#5ku)MoujAE8w08vHUy$L^#I_GfIN~i(-X!wVO}$Nd+-zycj#%~okHL? zRS~7;j8HpC6@#PHbi>t7E@}wDBX>P6mLT5}Z83v555XXC;l@vz(o2)#Gj~g0QIMCo zPBQe<50L!D>oR{-hK+~!5oD$JBSri&ROo;xqlhqcTpFtZkaA^PEf zy((JzK&=JEUkJrDdl(INFe361?Jj5)S?MSXZB!2p1!zb`&dP2^TSPK>0_w0dNXBV! z#f?YokBPF4o|1$ZEbL>VjPAjVb12$fgqRT0An!WqNQN-|9IKr&rZM?Yy2D3J1vk*Y zXOj;i4FAv|NI$({xrD#mLovs=VQZyg1EbJ~v^3-W1^SNy1L5L}yt~xzb^61Q3|aai zzKOA*Q_@$$f2sr)J_`SDx2abJI3x&>A)KPOtwMzG-}QcJt>T6KqA{`P6P#trv5q#zdx!Z~wD%s7iq;Z01om0>r{k(f);&8+C1w z7}&#!Qej)&lVT?S3qO9(F<|)VS(p-MhT`(ZX>v|aF(Qj!$B?A^Eqe5HaW19Mo#kKe z&Jx*534ev|j>Q1_%v%3+@B;ojIlCIABT^Ja?>8JSa=p>nzGO-1*h!K1?N3H5y0Xtc zLW~~=^4`-@hVf-htz9HvgA7MB$OBkl3+P@a9dwe_J&EzVpMu`YISxdPTLFGAR%s)W zri=Sn4Xu~rTU#YTEtWnbj~T+Qu=aos2b+M(I`Kk8#$w5SY9Y@0rQU$lZk*^HLw(kMlB}M;^#fku^KUTnjxo9~H&Igb+b8ZV( z@4>Q@0{FP3EV4srDa3W`oZ z9}IiV9H-xfVoSe|LG2Z!Us}8X^=k!aUu{*(Y&jl4q9}FIg)pH4{d~ZoIVLVt(D*6S z2;?B|gUDkX%#7tbcMUgdMkZ2vELg2wI1%{OJlBXxEf^Nco1qd9)w%)Xj)h|J&n#X| zMq>u$2}kG~4@h`Hzer4{JOM%P>pCk4`HJ};hj9F;c0H^>oU1~Ai{rYAHo6LCy0wsF z;ys=vX6}=M)5}0k8&2qf{_r0ZB8a~VyFSd9ah`sHm96r>#`G`L!zREc_7rmqWL0k( zOdy14Ousx~?|^vNQ=+X+Op$B94iNEAc$Tvwo_ZGo6;?oNB#J|pDII96h{j}D6j40- z5MbB?SK-*k^F1LD^Zi~h?^TWoQNOCF1gxD}(gz&NOes*mCS60)@h30PkR?TWX7#;H zyKCz|n9ANolX8uUv7m_^;Y5gK@X$*;n{=BcIWl4()R`}T^02KFP&opxAFL4?08rA# z$0ojuP{PN(fCD{bN!U_FOhmIGdGXqy*m$yB5B-*^@Xo=Q{TIPJ%j@`GuwLWMqs-7zwVc2m7$z1UX(58D9NodCF)m$U z1r{ah18(5{gp)qP1;FdWesa2SLK^H*3zkh6n5X-f_tOh(HQuKMMlthNsgE*L_56R` zqRP@QFX_+B(G&-u>%HVE6y^XJcn+%s&L`)nu&)mDXPiMn0C4(@VI(m{%#qT;1nZMY zax_tV_AKC@p69rbh{{JME%I!a zw(}e5R0J=FdpjG{F-`~+Wd;*j^0m=yc#_kR6xv0` zX{Si?>|P+ZQS4#~nHJf?_&@7|%jh@6`7LQNg6yapuzj+cfAre$Mtvsp#%KSh=(efp zED_mJvM>!t(E(HcmaB9#mU}{Lc?ptnnNCc>Qy`!hs zXxw@Hiyu&Bdf;HMZQ_|}N~?tHtRr*BzzRm~3h7{mEJ_W@=eVXQ#GQ3RBTq+MVkxNv zmI#kYXpIWM$UNW{qRx+YB&Zr5l-iiVzakGs$BSsJ*F=G}>LI|Lkc$odFE1rqB`3ax zaW3d$iN}k{i-8J+t0M@pODjQeu$%&y7&jLK^EVQ4KpKn!ey^E$Gt8H{Xj>@V7?&2V z*s`4pHtL`O6uC-KI<)!?hBus3*PA(ST*6}u&+QuI{TOD2J^^cf9Wm`MG}-^FK3w5L zicljxuw!xD%$;*!4eU?x9}fm5ODI7+Apa0SYLpmmEPA%-0$pv~S*B5Xcs&rN*WR1R zS^e-~=1SnE$9Et-AD1}}0)1Is=t)?uu zBE3C;G?NdP3_@%ezXg;&s}=Fvi?5%9VRygPJFr5rd|xg9wUzp-MKKrx^MRU$11p9y z^b7rn4i~|vM!-0{#MuilKMi)MEts27YNdNAKI>Rwim__He%LZat&1wCF{x%c97~m? z`-9vK%$!B3LHR((xqEulWd}^3*AQMiG3e%A%z?f=5$0g&O2KBjHfjrPecg0knK}f% zTaZP+20Jn=`VhhlaY$O;i5D+~1c8=Dw&Fa#YCCL*Q256kRd#HFTqnbls9@bG^nb}( z`Iv9*Dx|BV{RE~0W733zBpup<;rzIkBxjK=eV8GFC*vZ$Gjp7s3MOS+Kn6^})JO}$ z&9OO%|+d-k>2YOA7xgvVP73CpM8OM|g&L zMofv`N9iCbRggjVYAP!n#-HGuQ2DK&ehWB25s~xVsm&nHk6or$%!`3R>ok_^(SKBo zdm05nL+DvxqvS4iT|{H?%1f~0sQ@#Y+Lhtnpx28y&Z^`5l+C?xUs4aHcmy4Re#Qij5V*KBV!H~;+5vb_m%6}1?&^!1^dr}ySoA`P z)=XIfiI*J_IEj9|1kt80e^(K~r-k9fzy=w9V9UW^ayV83a0K54MdcDGrTex-;AtpB zQfq9X&&dI`Ylx%L3Ql|Q!qlg&4jV%_4|8r^ZyuPG{k#DA-tgC&E${r^B|5v!!0CHe zsIjq@n3Xe}`lvikW>Irc4Z0JEwnO;Q>7wwvi2L+CG1LllH{h?V>q)ncNj?{m-VxNZ z-DVq++MK3Pw_4MJkoNnPnE69i<0|+cl;9mWUJ^;#eUnE_WoMt4N>Y{c0^tCq%|2{flf4D&!Aw)4_jU7%jcxa zn46*yJJ#)(=ySS*fJ+R`lm59mr~>^9aEht5C$$5p7}`C$K#a2&{dsdxH9EODs1p4f zsJADz0-<*iZgf>qr2Vi5J+_%zjqV4QMX9zdQ&FmY7&1oeTw`)G-?_%x<`~hjRv=1r zYygmt!88GGF*FbQtLC(GprkmWTd@V}+oGFxES{L%a}giF%N+HXUFC?^&HF_4+5!C- z%wIqzhMU~nB&zoZxD|u12EonRl12djbJDfMF+fTb>H&g-SApOl-K=q zs5Kxo|8t|hbkUer<%pNf+UFXFfkQFye{u^|CR8yIFwkAm%Q4QLw{s1+5S$lXWX0~`%RF2nEBKB?_>^J{vEjj zlCVio#JE9EEjQfZ{2a9$3@v26Ylx}Zy0xtos_jK9T(jBCd-#16IbFI0`84tgJk|a^ z>I|L@dcZdj(u4^WCOCxQ?F8G8|lhjje)MZ!7KY@xoheb4>?>OovLrnGb(U z=Yaz?CmajT)G*z>3C{F;y=eoI=EPS)EJ2#pRS+9+rlJ@0BlzfHFFx>IjR-B&%`Q;mmT&fkG9Ge}l}jC5q*GmF4M=C`gPsFHo3!V5sbhMI(yg9EK9cHQB%Fxv#Pa>0fp?l`d4 zr}wHlc*JwN_03#DpC>J?du2g-Y}okR&{p-FTj;EtTn>Lr>~Sl{&Cd=w@b{P9mrgb` zmiqj49vLI$HFC$+IMLjO@Tywja3TV(oqW<;G#xIX+J)KSM(dl`TLgMeT0ZdXcG(#vpTX*;pA<+Z(q;57?D@e*t1ra!$ z#m?yFynZWrR>g90OZeSN{Wniq!8cDo57ohjg1Px&`O-@tvWz)~g0un*C;u2N=3pLY z4HNU-C{*rUi%eGLJ1X#g>OA&VLy^G`}`=74zw$?xU%cMLEA8CKe&)oDU0XDNET|(Q2))_HO!~ zji%Je|5~ipyxnW#_qA`|M&HU#-*qR?hI%VcDTf}rBeWnrn^B>>eiU)1s!^-yx8lKK zZjv1}!n=yJ+UZF{#-lu!BMS?s`$nS;9e;O^8dF|uP1N4{JoDVU@J>T+Zb)sTgVP5q z%)}kGe2H{%DQEnI($L2kqqZHmh?mCL9+|%Q;%PR(?GWY%eAxe!YfKm>#|3f_p5h3we4(b z=Tg9Bi|&c^n-Gtb6KNfls9<>bwx`k{>HYfjdY0vuwTK0RKa+tJZ+4aPI9F)?^NH%& z%6l?DyC|e9zkW4o4H!Emu3uO$kmN!KS};m2Tv!MzT1t-5bH0V#s3lorRM4fR?;T#4 z%Q!_6^P!DtRX09M%EjD!^|sH@?)So6U(V`~L80WBou6fAm6(&z!xdW}wO5x+t)_K) z{?43p2*2j6^Yaz?)ZQOI`qrt{6pl2Sb)x8fhjpJp$a!GJr&%@tw_osY`}XZASV9=i6$@KE8X;Ilc8yyBt4 zlrw23o@0$;9-No;IjjUbn4I+=zG?dSEh?YU{K#xco%8I}N7E`ofJKw$)~)bDJIf&H zO83VN%Rb}vGje^K@{Iiy?3|POoUNvK0k}!Cf&WF6?3E|rLob=ki`5q1s0CiiRc{;% znwJ~bT$8y$b1`+cNgfr_K(If);h^IaMDdS(BIfe9+2+n?xF)*~%URYXS0>@#JgQF~ z#KV`gokxSIk~$|EOK2pkw8zAf=vHs^xi0Bs3H%H9Imf&ghWPfm0epdB-wV<3olgE) zqNuwjVr=K>VUZNq<1-S0^PE&2t-Yy}6OW^wXg-QpKOg^DY572HO!bgJ zyfAq(|7eZlM9?oj(6`fzW7PD=*sP_8Kes~BO9eU+nrZDpTT3C^TBSlgee03$OES45 zW&;xLUe92owRwvvJ0)v6G^M|Wl~O$nitWwzM7`^q*bal0= zcXcIy!tr*KcFxP7>qqe>GTaysS&VYqq2|5wdfAL${cgqWVFOq^qbIV8{c{Ig;6x8q$J{ewyrsEufg>#*IQP@aK(qT ztY14n)TA5eTgjMR=>m6hOJiYeRHX)v&Y0Z#^^&m^Fv2pd+cwVAjvRVk$j|k4cQ+cK z;d?S@0u^C?a*5>_jf}+O0c&O>n%axJ0x9!z>H6vlX|#iV9^ZaST~o}ySq~BVnuzJ4 z>Q%1>Bq}s&Z%ns#Osj4g5+=U))vOT1CXeTs;(jx*w^F`+Haqk}BB4p#?veSATk+Mz z!K~7V$_Vv0QmLP6CFlzyByHB_cAAdaH2TfE6T!%l5uwLLqQB+#;%%y0113KjuV#(D zQjf%_HJ$tx+}#sQeXkDpvq^K_m3z5Z-LIlxeQO-`J;%5V>Wy2|sA{k6=#r4;kJgwd zyRMD!i!0^0%i*2N<0E>293qo^6-N+T)GZXLeJhnGkhGuAcj{)J~4}?D)Gj%Xtx|4b#%5aXsDs$ImE3mw5vg!(F*y!fDb%Nk7jG>T(%{x6`AM9 z`0%gc8><(L817{}su@|XsUr?b8}HS3zU}Y@GwxNEeD>?Rx}Y>l`w1R!_gy6s8mbE)%)BMX@EANGSN-0`!)f*his)PHT~J>p$0r%PS=@64 zHdJe!H|jik%BjKdhYz_}jO&b0{=Pjw7LZ|+5Phoi zoJ+RO86~B@DNE?a6Jd7Kbm0E%;?tj#?&@!fFF;?teA#Z|O|vrqx*0%fUb2X#o32B6 zwypMuS8K0XO+DfPpSe5>i&Z`&yr(G0yPA4wZzO z2`DB@p|3oUJ5U~n%|PE;`7?SIIVDj3@d(hq_%!~Wv{pDw%J9)EcI=n@8AbAe*}fQ} z1r5yz%(?W?H^`GCluE|fdyT3#pCk;-H*%URvq~}C-1)_A{gHuzhKJT3j0Pdc;PQT3 zwZGln*->}7j6RIT;weo4l;(FpuG|EU%MmnRhSc|$t;HrTlljQVp`fNB9%aURj9F0n2CI(Yb8HDIbD}D z)+QYM6MffiKsdqtw2%349!)XxvtfkJx9)4wHc@`v$vK%8j}Q_mEuueKe8cS3tqUeK zg`L+gHD-P0tNF4Qv-bQe7d`TP?Lr99t*xT+c=UjeeeEcSKq>(D-plwKU6nN z<)2#Jndg`-jNb0ac%|j&(8C@`G}(HJ6Bse@seAlhlu=Ona^81m-%aU#1xKGruPQXO zONn2!O28{-wBqh=CX|Qei?&A)1KTC;O3Iz^99Vd*OPIPV9^DA%HFBQHU0H}%DxE7? zIX(Kb`Nhh@oT|?>*R<3#_md@Ogtzx%q#y@@<+aXUJ837p<;{xjSo^OO>SURA=)?Q%7o~AcLA_wQ7>03pes3%+1-7 zpW$f7z*nDZy@4wulyVU%$2Ygb>mQ$M`M#08(GW^1nV||9_l@N}9yHZWVUAlxmzl7VGYL1nWK0deG#KRGt+Xq#IQLPD z6!lAMQ0gzjBskRF_>%JwoU1yRd`Ed6k|1x(bz4(mwB7pSJv{n03-aFl!lCk^w^KZ? zU6-4cb7MHM!Rw2~1Rh1+3$6>$a*H@+JIcOebM?>P5*4hI zW?uj~rLnPdE8*+!LJ$qAnWHLAjdn;SrNPn#XXBWH&0I2S{l|}&TuZM{NuHb(OkC_n zobFwZpaQwf_qBc-p5leCDlwG{Zh=q2P&e3>`Lv(7_?;Eq8w0iLR`rcg6LAYS zCPU8gtk=FjAT=xN_y?siXmGrzSTR)${-5d3kdPPQ;RMlbcuRn^=TkGwWZ&;l6N}(z|c8wnkd|I+_MQrAy1iPTJ8!{M>4I$mv zsQdCTEeB;B?8UsgO=i1{MT8_cv54<6a`4o5Y^QWt?zG#x_0ok_U~Qok#jpsj<_c}A zUDb46v~ZVs@LkKMX5h<5v6{9^|82f^Dz9ZIixl2k&-a|%FZHcl9o4N}|6}i~hc}TU z6@g~f_IoHqA@ILw&S(+y_3Q67pXgOWHgMZ>xv2N7Rnt1IPjuUk!Nfiy%RhX3)7tp> z^N?Sek8w9^HZf9l_W~&LlmF+aJpQ_xDb>-PyQ zre7CF={vU_p()PM`^|Yc1ubLmTMIqLg7-}NcgdHi^Uw;m!S@Ll zCas7~Q{a{@Lz5=OIB)?)Zr{|H?`|!BbmatBVi|LIyY(TL$QtG2Dphl3rpDZMgW6_q zF{uL_=&!&X*aPnKM}M%DgY0UqoB*cb{?g^v^83S@HgNH=h*75t5f=v@W~5fNsrq+p zVP8*%J|FGuG&nyNu79BNQv@$9?5aJv!7k#G*wik~-+enJz8={d1f4*9+XB3AI~W}Q@s!6rS{GCg-c`@cMRz>a%LCv>M;K4`31N0s-LVc3f8lOLq@{B zr{~`be}AC0udXlK`^}=A?rtTPrk!RM=7O&Ap|*80ttS_X?4p84#$QzP`fP8_8UJEs zt`c&b5`W@mr`r2-SFF;Ew6w3S`?#&w`xazS7hN~jVyF|^aVE9KdG#80m{rZ=L!Ptx zEELAtLe5_jdjF+>6%=BhRgvM$>ie{9mG0@3n9gO{p{acT0Q8KwXDAJeDzzjn-cR~w06_>v1s%|yL;%Q?2q?TSFWP*6D1=Xj$6MS zbpph`v!z!;IHhtkh@J<5k8eA_YR7aXPtH_qPl;wBeHk{!)oH1JNM}s0wub?Tq>I~x zHJhKcoCW5A!JzS#2F6J3xz#!+SAxWa?NO!wZgJ(v1sSA#4Z&{6N#;Qjlim6`AbMf<|e?QxW_6CnL zg-Ud*Z&mk;1)EeeOg`82f5sn-V$8*jc1W0qxk-(&t3x*uM-m>9%rwHDdi{w=^U*1e z@IE$oPB_)Rd^#^Yv0Dp`$|`UXxTUDiD}ef-G&f2dCKkIbj?w zdPeU|240OAUDbNqpI2<2{prbg(BFL_jlZ8|x?XUOOwy|Ee5}32BLMC&?TmS!S|dBp za08Svl24@_s`Scj1gmT`Y64&Sa2^e>#dcy^YPKgmX)?>@0U=Q=XruG29y?~u*fhh= zV>_06kxTl;g;%psE$CIXc$U!rOs)H$sa2hr9dPQ+6>w_R7ky6lYs|XXH2xp;wRx@= z2lIMc&#D~?`^=}e`~#{V8t7`D=C~d`nM9srrPX#|POc3|{~rKLK(xP0r!~lbeqQH4 z?Thk9OPyM0dGmjo|9vw5Cu{jnL;inpR~+d9=Xe>iS=Qs+N)+x&6r z_mK8jI;BDWpWLVOpYlcdqoq!*vwZ4*n*TjA{|&YLah!bclaBlmv{yH_bxJM&^^`vx zw>+Wqubq?XpHa(4A9H^Gpmw>p<|3ZI4_BW#ht+Q{`qB0@e3t*N_CKt4yxIM(w{_{l zzD2o3y;Yp2>AF4QJhm1E@i}WZ86nKnl7~#G)o$JSgI`d)+E4mL?b2fZl+T-K_3w!+ z)n{vY{mHJ-AGt?1KJ?}7kYbOEfYCo=Cy8#aqq+R>%^-pR?b^2#A@;4f%qmpe}`UK}e@j_hv$_DyKJaw{> zl0RfQLPve$-6HD!`^~U92`AHU4@j~ezr?y9(QX`24c-=XOq*{dt92fo%Y1bYXb+zpW1o6p3K~YgqQSnt&at_w%DobEl%m@9vRv<6t zQ~d6g#a!7zcoqNf4fY`(EE@gPaB9H((@FafVFS6!2G?mkCT|w&X`+885*se)v(-$n z<(hv;?jWYiU5&2YY)|T7x#pMEiKS%Cbzj8eOs6U94}=y)Xje{&sU|8_)G0Dx9}Y39sXdAj7BPaKgRLplmN?d$|o|1*)>asxlkp8fR4Yf>6d!20{2a z5)MD5YY$TuUhneqIq9b-*Nt+1a?(4we~(ni+59wx+b+a909#i#-nx#Q5PianBM{Jb z5-RF%Bcz6VAEo{`rjAlm`N9Gi6;hl-@=1f?*-E4XidspuuOdo|kLOfDzF2`>w(O~l z?5wvK*eK`**k5%nwdvLR>a@eR>u&=Hvk-gN@|FV!lg^L>xZIf){5LWH-e zN$khmp3vkz4&d<*?Lu-l1To*5-x++D=l_}VTTciJ=okEs$V$_&7JHoBFrx&<=FB{zg{F9$x z9d6)y_6O^~Jk6xzdD8LWaS_7EM}!H(ahy1M97-W^xF$f+kuZ8VHH;74XWA*2-$h7v z3F+ryh?I>;-wczGJi`>EMJm!y6o4>JLOMW5!x3q#jC4{(N<<`{=O`ilc+5k0!D>)^ zI|VhI%XKQny_tkh9}~r0h{84@>@Mx3kjy3NjmKz+uL0TT71@3M3XM#Xouj8Q*$a&a zNccWIjXM?S-YSieBprd$ArPJYYj%tw-38@^BhRR4^#VJU&CI#sVe(HKvLi%P1B0Y^rpAV6c z$`z!Rmk4GL!6Zm9I|wEkVb;ko3sjif3Fhe`2=h&yt}96$LN!z9uIF7@OM9hr+T0sE zr+b>cbxz@gxKWRIW3Z^}c|n@aDZp~ATgZ|`e_iL4uuIc9#qCl%CvIju=}4^8Icv`$ zMrZ9#!kz1M&U#%Tbh*7!Jx`JJrCNitP7>hmD%CN}B)_LtTMyBLu^!geLOp~Img*sF zh~gNtRiw^@^n`@;;UGjxMWj=MB&3Uj6{JBb(mDLp)k{LM6H+@wdR0a$QjiE_BY|9~ zQ7;1KQHeFW51W*pW6K~E+*PBijQl~y%2-Uo|68N0jOT^0J3UY_B#ttZE(Us?1^5)7D3Gv(!9b&vdbe9Flt{fJ!e zN6;_HB2P7BYKoP$aoh_7Y5rHOtIi_>jn#RWg!fkKs#iM&>&t;%ovV^uzj887#js&d{yrHv0(mGvd01k4lcMcE`0=_V=5 zC1p1&A!D|ztcR+sN*%Mxv3y)_W1i9hMrB`<$hJzYvYw=@05f)wl~oPU^*M0_l2NJl zIpIQC%WyHDh(W2lD|O9seT?W6l3F0@xRkAIMpcNF&8%q5=TG?@5jk5y#S~1SC|%cI z4tRL*oin5&sSCfjQI7?|SK?n1#L>gTO5Tgy5rbClJdFEMF_M)Bq7^II%3K)nUVlW& zKCCn1V1Hr6WKz1HL?=l~Yoe+BqtZRm(p{lKWwn~sUoB*FlQxK97PphXE?~S^p$lZ- z?^7h$yJ25BzR9CripUzlQODaeIuO}y{g7-?1<+d4k7{q+==!YNNakCrzy%e;b~?as z5*0|}qPYnc*8W-J*_tXVn=P|KtXI|As3M#@Dnzt;CD!ZJu>L01ANWH3CpDLaa@{zj z%XJ!aJ)!10q2@}ZTqpIpE?};aN-n-PXj4wzA%Mjhg_-jXX|FC%ry87l2>0`%CAV1` zrA*ewGGD%2%)g5AfbivFLj1!a;maF0gD+d7Bwt=!&RF_dih}tL^FG%{TQGEDOB;dBl*x4f^q&*@ z3k}z*wLxpFe~6SnwKe9MTQMoUH7_l)&}*cd_h7ta-@$mv+F(2$#MasiIgdilmwJh6 z#2u57y=nc2$^CjOUA73uOZE|rm*$&HnwAWYkef+lcI*djX*x0`l$?jj%X=Bfr0I|B zy{Qe=s^x)yu1Lg|Z5Sr^HmVKvQ3lg|lbNO^!=vCHB{Ey~fwmMKnT?d3 zi^+~i1DR<)$YgkRzf7O*ms#lBf()$%JT7m2Po(&da-f*sQ?}p}Nva829gQSYXPSf7JO&xjLC{%HsO4G+8p&V{)=Kau25Pb74v zGm5F4vJGF1aU}czLf&GgZ*2GIA2ZYWJ(PSsEg)vRiRVxK6h9Uhr|4~$p)iMYL|n#a zE`#}-28_;w+XWq0vhQmVSoGRUPf3x_L`0RK(t!la<(gS^@GJ$Iln_w2IT!TpLgH1YTn`lG4 z=m+#^t4YUg@#rrwNl!AgePwH~toSS)DFjK1t9p}S{gthG)YnzgA}4-3Sh!POjtJ%6E`YY4=JFkxP?>Ttg9eA6;wWO3^Y0L_0Fn`Y}_q#WX z_V7Qn|F~kS*!5_%n=2W_zD?8w(#!4U8i?q>@`NwX?Z4+s~?CuioJ5RZ^ znDmt~*&UCSoduSXt&S^WxM#7JmLl4?bXB;ay@x%%R zA6-@EExH{Z<0I6V1D;B)YoB2W@$v9gh?9WU^)-(D`tR=>}rnj#cnqG`*g|~1ITk0zB(H{Q9?s_To z1>Y&tMjM;KSQeHk&$Tt+c01o~{X5MEPhp<3F;f4*vN=O(G|es2Orm(ymle0lq6%3N z?bsx?%8F>uIJ;DAm2ovMlbV^RCR0_zOX`tAD5<~2=;BJjsu`3u7PF>`tZ2$jY|dr& z^i_BnwTutH;@KB^6p%5 zGV-=#;zZ+vezdcD4tJ4ZKuqW>4TyC(jduN~NDPP^ysXX1b@2viG*aK&#aro3M)Fa` zYL9de&Eyh^d~-38Z)M~cE(7v-n3)ivke6Dhyq=veJ@02r&CwU9cwxx?*BplVI!z#- zEr$A=+gELnZ<9zJiQJDOdleCj%a7ilcJhF>`Q4mj4Kk&M?iEYd5m{YCymi#f0YdFc0UXBZzeEMh)qPrCQSe z?jw`_5NaA8yb+~VStX#;*8>G`a2kOt`R8MpLt}CE5G&V7Z_q>2Zi^9d_bk6zCT$fc z8Z2*M`SW=a`s@S%7VEsxWZ6A5UH)Q&#+Y zG{cSE0Dl&V8LrKle5|=0lpm*Ov(ATAzQ|^!Y+t_tf4-znjLkVMW;-y@ewPJgPjSTh zQ!6=1d+d8Ke}&j%pJ)q+wLoq^YQn=wlLaNCG@A0*u$yPfUf$A~89HAWYPa%IGq^hA z9*Nv1lI}YY@orUjJrnAHLa`*&1%)EiLx2X-fa}3ST(5mKuM}+34*o4uQ!@FRDXd8~ zPMKvA4mQztHO2OiWZN&iR0Gz7d&S$V$xPl-%YT}(#xeqNNZrx(^$%yq0Opo;(WWKU;Z-q9tj%bT=Tba|nqGIBl6zd)X4 zPFw|}3I08i=3jT&fWT)xrTLfJ9cVJ43R8AC;{kLSM*SL($9*Oc<}|%oR@eD8LhU1@ zwsalt$EimgJk?Ie2Nq0yRXsic-)__5sX*GwzXQzuN2a&I%D*m#eyr zt!r`qC98gnQWviktAA2!)~GGPj~iUh)p9{NR!@WfI*N; z&r%DelRcg>+-c?U4+_I!bbjE!7LKs1um~gOErI&)(nDMSjqW}EP{8+d&$_xwV7x>a zb!))NXL?9h&ZpFpHDo2wLqliuPz^2PFK8`hz-txYzLfPT1P+#gC({Q11WZj*H~9Jf zr?###4F$DwB~+PspSPbMccJmr$+(+wc0QA{>8P+NAbl5C<9=&|#HN%|t5)NKY=9Q^(ld#UnQb#suD4e}KQK+#4@lMdWTE2sY$(ixq0s8N2|0L1WrDkl3p&QM z=CYc-eTAsmL&W0emB33Y+;%yF{`1Vs}k7@wsUU`|xr%+W$nz^W9Xt zc{!e-WIHAwRFjM5;0WkSrw{{?kcE2={s3rWnf_) zxekRTI`r=fArXe%tPmREVZN{uCJIEdm2}syfIly(y5&hwcmeE^=(iZ==x<`Auwmb@ z%7Q7y+%VKM9W^}>rZ)B_64^^4e?*ZIMFf`vjcqJ&p+34(-W$syZ-B^)hd+EK_-!ak ze2fy8L#3I&SjRTf%>ST%=AUA_4DZW1#Js{Go)$ua@r^< zXBk&4#ZlT^E{5n)i=c}h9ctVnaR=}xII|C`#8NByvP3ug?^noY{~-m7wQF(qc|i-G zeshAf0#JbD6~Nye(3l>6jnTinOwcb2LHgx|8v5t$Vx6`Ab)dZ{#LLc38k@gYYD%-b z&H4L@W%~JhIM8h`AJpjmaOu+D>xW+jqjevEM<;w5Z1lq+Q~-NXBr@dx;fHpDpNDy0 z4L11Uvm`MEC8h`eCO`Zl--{nETgdN!Iz&Z&-W4@{xlB`$o$~d5xcfDz(0yHhvmdT; zc=y8~_pSNiLw4}Pv#&Dx)0YbRF+@L3OaB3z@WU{qeZ9-?^22+U{w6;R$k+Ly{LEWp zp82z!g`dHS0gm`qku5VEuv`%5bubzQHoP0d5|34Pz(qr5SFvblNu=!Ql)bMZI~FA6 zyiLj3=2t6e&N^Xp=mr*_>%>yJBW!L;v1f)-Fk@|J+|S$w%`V}s&J@gucXq4&GeGU( zE~NIOTxZrW0^U!+voPzHF68Fw6XD8J*1GRF@yYiAg6-~=Z&%{`12|N|FP&t*?T~Mf zH@^M^T#Z@3>->B9sz<475z95x?v3*!NYXV96;IM}4nWRRJ8L*+5b&P~xV-_G&mT<$ z>;hj+__m`A9EiZzJ86J_PtEK@AlHI?Z&uDj?XE|W%#%7Y9gxiP3K?UJCR-1)RM*}4 z+Q1Px*1(q9NDbzDYA~%fQ1{QSYA;Xm2K?y7)$$~fzd-UeD1TCwmtzhZk|L?I=li+E zlxs2ODlq1X(M2lU;vuhS?;{cTeg#;4=JQSx>4YK!bs{_rE=2VIc_3nvL~w)pLGXHI zgZgXuv%!_V#G^T}y@;QB*`WS8*W>xs19tE4QyL$$=89*R;C@1wRCH`$*U0mt-a+!4P=1|G-tbc7%OpP=nS9xt$Iqg$n~W8Mqc9s%uV!maw6&!ZzmrMMV+G+oxI`f3MHM& zd53#avCNt2r-a}ytNlqZz&d5%y%#6>gKyN z{!{V^Ol}P}kZCg(Hl#wt!nP6q8|S4hvrI#MW*Yh{@y&*i){bO>A6js|t88FzVZQ~E zI~xu371A27^gH*mjILUXCYB>ql?{wN&ZcmD_lJM$bm}$Q)%a!+Uuy>jQKIeC(N4_o zT@5)NkNV7ZjBVjfwIk&JQm@+0?4$Sje&8ZiR9jvl73S8wz=8kA+mpvfS!CHAh=g!- zkW&%qfFcnY!ypm}fq*uAKmq{?2_g`=uPAE5jfClBAhwP1r~FjBa8{S!&UoztA-0YL zTu2y?4ZFH#W|$%9s2?_9bN8Y{Z@r`HJGwi9^7EghzwfK6cT~MsuU@@+H6m5TRW`FJ zp;h`9(yqiZ+LZubfSB#wt~5`XD=oLmm6pHFl{VvTSK7Q`;kaQ>IBwV{c)L+4 z*qeTXj0L;WZx~C#HuM{KRz>`BUm?GcL?5<7n!No*$@(j8s={Hge#8I8WBtRc6zlz2 z`LI$-S*Io|m^vU-v7|N4Yt}eu>s;muD`)%6m9fmT7!ze(b`phjsjs#sp|z@2=4mhL z^F5I$U~*{y_pQW;-;PEqMnpFn0sE!>w+4-XYQz5HORM1;np6$qtusCK64nhG2VgH> z88L#uOB;=Rz%gxxq}XpYf1ZE#^mGEEK+WcZQlK!EzHmkIFNrC-Y4ghj!rF6t?=O$iW9kB*EZ+5Aj z3|!@Qi@^|OK)oWEuCHBfGN77WgRl$n`PGq#X-zV>t7T2{aaUTCytdN3CfVK9v<|Y| z=aReJxX)$7@g!1ENu;1i%C>~@#DTw%G*l63sD-4Vdb`q4X9*=G6ji=ZR5OI4nkN)h zu~1Z{LQ$=2GApSJR#I-IaBs3oJp~hxxK~z?xXTa+CvPsNt-{CC*1gj+ytCS7742#H zx421J5dOTg^>G(tXX^vwS^sP$w)wu%Ch2!p^FDtDX%}Pvr!)dL_5sJ@p7ii%U0MY3 zugm4Q8NtvN5VUkF1(W#e*p+fral+>eV^10HqvLX^)QWL_&gxaMgs4Lr5Fh zBu%694JEWj72kT6NGUNKT0T`I1)?dLGxJJW!I<30%JFB%?pfYaE?bV+Rd%vt=PIut zpBV_}YA!vQN-v2%(PqJU$sr9N={d(?PpxLD^Q)Ioe(F38CAarpRI_8v8<)VtR8ze*=@`rfHE*83HUu3} zS1~uDLdz(|0A>yhB?vC$Fa*&ruJ;>!Sk&3zZF0fBOZk2vWB|TAgny0Fwc(b{SJ;bx z6ErW@a2hqsYfB&Vacfp*SHpw03(%C65^w(V=jwrEe2s&`^$?mN&}ll2v<{$D=oU5( zg48yw3yB$E{iFOz;IW=Q-3Fh8{w`Z*)GDJ-@FGNR#L5&IoNvLslNt9|N6)|sRysuv z$OD(wN5pdn}{b)-Pw<90q+T%H=(K zX~ecQVRUAlr->AXq}ihf3wRw6*2wD~Li0cDss`diLfkU;m3GycX>;;RA?<&r zD^BqMC*D5yJ?u$I0ApJv2V05LIIaCI>1qVZ|T>?MLDPP}d}4u+fI)4^E$ z(rws%{XXizD(-Ydxzf0ZAj2NTd!dK|2&yKyA3y7R9!;+395S+DufMRIDl;;H}zEmXiD? z8z!~=lD^9#xQ+;p%n$@`T`URCW+)2@%7A1m!K4)X(bz0sq=+`X-)Ev-0Nrb1!3T>K zHAxJ|vDC(b?^@efFkz{x^Z|X-KU{*y?Q9**0&{YHyF=kDSATqoJOv4FKjBU8?S$g0IQ zkS;68hNPbW@?EN=543>XpF|*g*g?LYWC6J@9!N1dkBV>l4~vxlq0SQ)#!;lsa~5r& zB(LYJQ#(}5XL?WhJZCEt58j+=$%KKQ+K|!I9SaM6;T3wcqP8RiU!AU}#q?EcbAqvl zYgYuXDuoqhTOlfe2WW+vF&(7`{^`T!!>lFRSplWKzE6~TkV;)krTRjtF7t795Qcy> zrLJ|L2r;{ntQ!a3_qz9s7BJ=WRlTek$xD>!39tCHO5vJ^$K>ctT$1MR_c=G z06N09S`&9JF!|5KYS8JBZ5L|JTFqPUWZ9=z19935 zsb_Hi0sLC~s@p1G7A_*OJc&|WIp#~`A_0&2Q zKQleGu8sX7lEaX8B87i~MOzrvVdMv_!Bj-XyT1I+ZF=X{I6l13d^IqkUjzGz$1fKm zkIxmt{dRNA&f9EF-ro(7y*ykCpl*=r&Y`*=Lfr*(r1wJEd0;QPMpMHuQoh zkpL&iVxc9*1<<-=nxHjIw5}*XT2G6A`kL7wz@7#tc4nrh$@QBa)Ok&&-mW)f>L8~P~ZwlYPN7jqucjf4h;T%d{jxgPu3T%xZg!&1y|-O>siI#>1ecF{S31iai} z(2l7{Lu;U6_x{;lL@+V1fl|w$$J&pwN;pAMoieP%e zd^(~0Jnt63&Ox^E+g)b-?&~&wr#R$qjuN7DEM#oM@p-q)LF%q@R5}d+ib8>J{oAW= z8Q6xu^Cd{6UzwN9kFDC_qsGwk90ugV5&XL@yGU+vV2*~1tb)bwZ)Pi&&K3L%WD!e? z@{y(0;-5aZh>GJ<8!PRb!{;82Kmdy&TAACV$rLs`=6XWoxzuhkPt|b45=-$8ts#-qu4LruWV|M?0NY1H{+Ye{n3Pp z{;aAY%At{8Pir_#HU(8ZULc{XDae0)^M%a6w3&YG$uGH1Daj>zj z4PX^xfZz}hhAGd3#q~dVrpbe0nU=fFFuL;a%&0voU*ZQnaL5B6cM7Hj)({`d?m<4z z6ztT?XL1{+?%D)p*HYOjRCY9!EmUQ3@8X^N4e)P7NuFgu zP~r}V+Pk2};SB(L3&C!jjIjSEP|y!cT9LCXlITuMiXmzt7B$Nd*ww}&Y8ElvmuwX^ zAvD|^BKXaDlRiLIhE!)>FgWo1EJZ`1U{>H2qM;Mfuvq+4{bjOzXzxtsRbm$rO_g$cJymKRx9>lwEK`ZzLw`OhOm>&Gv~vZ!xX* zX@8T54-qj<(Zn|?;u}p9O;mZKb((99p`*u}J62z>hc}b(Ri3-Tk z#R3;?y(6>P^0R*1M;{V2>CiO1t|=0uG50B%x=Ao0(47dZoqz;(nF#rPrr8xwqbbQm z2I&Zcjz$|Djdpy|d<%|H-ID1EmG^15tNmP;Af#_+{B=NlK zO?~;XAOnmp>`YDcT;Lv}_0wFWH5X`YEQ~~ai6^_NvDgy|PN9N-pn{cxH~L$J=3c+u z*6V#?S#-VPyEmM@T#bRx&dO1&9MXkaYJ;JhqPZ1fwbN8OF-|8#v4r4Cn(1*pCa4MA zPk5inLA;*?ye||W^pLq>@e|tKXL>*;^@cX)QX6kk8wJqDjsi(R3K_&HrV$pgkFc+% zsS)Dp+q-f*rnkg z+L6zkg1(7rl=WQL(Y@^5t0M6>aqr4PJw9v9uZ?H;3HPtGagy-5wN0Q zDh$Bl&T0TwL&3+X;H^|J2@3vd>dzQPY0VC!K5+(!e)*jqDo~w%PGB3@N(3w#hXm{q z|McSg_?;fFBmSI!xgA0NBa^3?1a&&;8C(c8O7+a1%Ke5<*$u#YokSY=>vrR7U(5nw z`C3UH1u`cJ46PTkbU-+mPS~qG73?yh0ObL*yQQl-Ed37XRyrsRlty0nhgLkVOovR5 zE~`^+9#f>0;j#|%6lifmsUnoQDu#b*53IEGkp)o(vMD;NV}T`R8AO1pB^Q|2uU$1` zkwzG)o)1SylJSgZFBsc<_T<#4P-t@-Rng=|y-B*FGBPqOBpqwVULyoy3&B<0fE93a zSgq{+iSM3uiy|!(v;iJ!k=!jp0`;C+YZToYa64+L_&tR4b!9#@S*y2<*Xq3JRx6a9 zzE{67R?Fz2cVSYH7)*_pyN4#5;_s|(e==O<-e_Xy2f4BJoedmyrl$RVrQKTiD4 z6^LBBDTVf{+Z*Le8!)9Q{OW~SAjNW3G;lze&o;i4*Os1OTpP5seOe_R#I+@8WSz8j zifJ^Kc7XsB&EePs5`)sC_nT~4JXo}Oev?U)|7Nnir8})H9i1dsEyx{vi;U3pd+g05 zTASHA$%asr=oJb~vLIgdQPu$6NG*bbMpU;?;JGe-8+T6>P_U8Z+(-|eFhc>%g+sGu zmaQcf4??*dc2N=nOyv-@#OHhup0c`%5(tUF;mI#CL?k$v(-4S09X7Ny)raLoKUZ!k z!9ltO14+F5oN%&w%KkFVi^ZKrH8B+4_5Kk`w{TV9ZKuA@2T!>TK**0V&~=#zr2dw1L2zb$sBVOgb~T1rYe3^D_{AX zWIW3_E%d-P+9`Z*yb+N4qlpT;!Cpgf9I9X+95j3Xyc;*mu9=9Nm~YXeJZP9l`vinI zI>shUR2wzjc;BK%#_s%^W~43r`#HD6blPyidE(=UT*(edTR7=F^D!#);+t_1OA=kn z?GGt&_Lqs{YsbrdU<@?*=Q$$q<_SpP$#arG8PP+=Xf(s6{Xrc<_DB*v=gV**VJ@cd z{yLxk%V;LiVmHh7v`l$z85If(ow}zdW4|C5u}?W?bPvuAdvdWm2#<&fk9g-0g}vB( z=5j{P06fl) zm3RcsPz(FUV+(&cW5MHf{`%^88y-)cvEcDEms?A%RGf*8N5+pI{r>hewe)Lh>942F zGEL%nzxRAA;M*DSEf&DnNx+&dzxNDIrrMV& z%o~RkUU%9e)b*zP-V?ZFpK->`aYLhvlYX;h=$Jj)u7u1-EKudKC3K5=r`FX;Gn;*#mvS~nSa<6NBs>8$1DvyywMOb8NQAY3%>lrDjrltIO_+pJCRDYhoYye zPLL@i{aN=9hy8)kQnnvuz+aC+zz)bskco%)|C~VLTMTdy3(`I~w7Yo7E0M zu=*b?5uN6FO7xf0xa;M0(T=`x^pza?si?(W`9>`|Dz&{QVm=IX;he?XD`GR{*}Ki= z-Z-XjTSoDcv^8-Br1EW=6g}&^EqsMReJF8v|*dz**uMthL*PF z!+OVVz%3lihshaOEB{xZ+xk|AgSQ`si>WCvk3{@GGI2z|C;sVuMj_p0NENk?(m_9k zoca(|PHBZ1?02`a!QGu*+Y?>7luN9&ur;pM5{c^-u%)O%S*US?_l)Qt;tPl(P^v{e%Arb zKA}FQc*8AS8z1RlyDYePsOhrcBEW<$3r30M&P8QPmVOGNNkRZR$MsGOX&V&KVUy4|Li@-h?@f7XL{2=UpHDaGge6V&#cEEJ#PCoJM~ zg1>sQu3UUtn#JeU6EVamL5fd8n|R{m&)PFk;QQ53iSKyEXvZ+bcbFC5EdC1S#^vCP z2{Ys296D~pSwA){xmh`n-F=&=9o;d^=)RKU@w*Szp=+b>2VvrwRpQ}6CYAVKgPNNj z1>ZLQ8gh;dk$mgONUX_3zO_7V;aehqosoIDd`mFD^wv5@zSF|YyPd%(-t}lLNB-qm z6qAB1|3gjkAB@Geqk?Tm|DU&~jgF$owlhf}L}2*zV;@Qdp2;L3xND!&Gu>6U?pNKqb*s9%8l7DMIlIZsy_t7*k=M)I zF&10I($kBvO%#$R_!uor1wTfUEM!F#rU3V;QR4Y!|thA3jWlPc&pC*vyUw>)?3oultPOvcLboE+p${+Kp;n~r|T_}Q`~ri#;F z4x@_XE%X1bXbtPWwCie_zdo-a7&jaO9UdQpG5AkXM=$j_F7;!JV^V+fmtmw%G9D0g zksnAM+!DI1eY~YyLkzo(k&c{S6pLX!N!jTEc6!kErnL^tGVi=9aJSx$&O1wsZ5C)c zz|X>&ANQp2buy!FD98I4W9t^h^z=dBaEzIE-UM)`_w0^WKr)J&t`=~Z1q{*YSBJNh zZRa$-e}Ny6u=b^licE4r2Tm|S19!v(?K?4yprG^LT*Y`eJCxp!Pkj3o41Hr`0>
    F1$V$ALm8H6N9`+czAUtRo@%E zjHkkdG4(y)JG}Zn!qLMXT=xqd+`g4;t#lxlW_-@TU!<=f?wJR6g@7{hRbku~S^9#B z^kW$4(h7_8Pv|oJApSkx5t>lZmHswd(_H9Hknsl3xB)VL$uo8jUY+um4f;6aLPmOU zMjJF3)_>>^_QJU6zk8PzzhcQ2goW`fZR?+)3R(x!P+O=8e8v~y3KI&cia*hG1@@Eh z&0w9GHlgBaT6eC$tw;L;@R|QM;qi`UKAPT5HJJYX84^;h((<>ite_XHSEQKtb{IZF z(w=^o5A`+PRM9s5*)ycNC-JX+aRby%MYxO2B;8TK#6}Fetd}a-z6=@Wy{qv$!j_|) zy2=;e3ViutcoL}KQqq-}k(g$4Xhk}$dr9TmC6P|?bu&G*ju6xnk0^X@m$i?`v4;?@ zBeWJ}e{ULl-x&l25*0lyP>+=zRD61J!3Gi*iHJ~c+;SMy^u zrs=R7VyVWBM$e#(k=B+osoRm0A0a2%Y}w|KeB$JP;V-gx9)70n3`4bKeu9J-Ns4SN zYhh*gu(BUw*==`kO4i6K=yegYD5!t42nuDy@w_8S&4gCiFPb8 zi&)~)Juy$yM10d=e_Fmp0LBk1mPrOZc z(?5=o$ldVQwz?0bE}L(V+B+BJocz4Bu_N(DEyQ%%XstZ?(H2Z_xUhaOjof%WE>| zVIN!%R_Ntp}E=<)gDG4i9g6o95x`$=LM_`>1{gF9zjQ1$zihQjx6AGBnY_oT^h2F2=?|=LM29B!`a;K3ybpSK_E;4ueyBu<-Kf@sE7nZ30NwF{a5Fl=4 z$=9>vR~s1D!s^a7{n5UdH+`g!T1QhKwT|jsL+hA4$LLLqE{)(#W06znPY^n3&yzFw zYBGE#Z~m0k#K$?Bd3LaRyZA}WG_@6C8AHWR21)jwh)MF&3FiM!kRSYegClE6*KRF-c(mlLc0H5Hh!P3hX@q z=J3wZ-iWLxIMK^Q0+-eq=h7M)beGoEOQOEsOQOCo#~|v4+1TTDvUTj|SZDS0MQxkK z%pGg#-E1_nOwiE2Kq?v88Vebj445KCv#^=0?jZ|3#$xcU$om6KoVFEdtYbbGwxxAh zJ11a_`XTzpmSa6vZoT+e*+r(wlK0^%qFs9knB6zw05@d zI1@h`#OygvVjezDV*b@)5HmDOXXo*b9n*2?c-!huqDz76<|`~8Dk7DfJ7@&PHnhN; zgG{^totL�m=9W+`yWN1T{24ov2l>IsBhjlf2RVXqI8e-`0;|ICGn26raTy^qC9I zzr8-29My{kAE~WqvQV17qKWytuE?BO#uZJwSZb1$XCI1#R-P?Q+WAf2uorZ6&He7k zZq?YfV%kVwsJJ;kq@|i&!nyc!HgS=o3p;pqV%&;S7-+W+q=e{G9&I)na`OEFPqPh2 z8TymVeMWXIV-5Npa<$nn`U7z5r=KFVK8uZq}`{88&imInD;Vv zb}@GPqYRuFW+hH<7G_~E93a+Z+?fnC$@Y~@-DIFCO?JJXrcxC4BB7QzIPDH?C+Fm|{pfAoGUeJG? z87C;hdYwUJ= zxckznaQFU!nR#Ff`+H1aZ}F>LaWyKRAmY1y_2;m$^8kO%Y=B0j2l*yLz*)z)CiCx) zwD#V^_!54l=}5LnA&y@6W{} zH@A;}ibjhXdQ$@W4njXhL;uxn!=g7Opy$%Qrk8@zbt=SEtq~K9uFX##yo%A?g}bfC z%$LEtj} zR^Stn5$4!7zT+{^+{vQ%@cHmndONWH#ap6LfxZIT+L`f=z>fObI#u!dH^D_oNR<`I zCpm+XO_qJa2A0-XRaRmvmHi$s0`VKayF+(b?Oey^K0>u2*sPnUUG9GT|!fpj-2KjtnBf>rq^}^U-h_dprZ9;#_5%S+sikP zT(X8bpOShfRf7eO2v!^`zVhtZn|J?}7@mrWFIF*^+tqyAcIi?Srv8e=1=@?rB^4bL z?hl?xDh30U%Ot*>*-OaM;>Fe~Z2PjnV-_7cVL6G=2qp zdRZ1LI5f#W(>8jxUwZfb#72z0?~RCthHorldQJa!0hP%A_2JzMHRaDHp7}l159+49?w*lDL~rtcFG(;E0lmDcGkx|ZMCk9a z$31PouB2^yT`;?UCNBG~aKu}u5QD5(NaZJi!)eWr^E0Ohl<&F<>Kxk*$fLd=v_Q6( zI`3Y(7D9Vr1-V=JK2O!_eb&3HuY_EWMLzaQ3_NzC>eCa&Uiqi*-nG7Qd7p6a$-!&X z_@7f(?*wa!DF4(3dPeoVFqLn&{I2xw>PlIhQ^ut>AxXO>)H&CCTC+UURl$7nw^Fc= z&tJA@l{iFjtHq-hz3jz)4E&40SYJf^x|>lD$oIoj7IZU{dZ%35y!)@%08t8VDiNPI z_@edrs~aCbXkNTjwf`_bJQZL4N?ZAtCW;sLq~e6Rbw6eb7__6VBKHyO)L$OMgFp8; zTlgzO_rEKLVh)!Aumvq=gYA$k%8C{a5rH%|_)c<>aEjaqP zM98Zf^QWlL&t7S-2G#kkU)?!%uZi!JVCdHho5Qo4h#6pZ(q-Pd)DfCs<&}S5A4ItU zt_2MI*QyVaE*Ai5+9f{8eXk*4;eH_o#~fMnqR8UedIj>&N=7n+WhQJ(M7yZE1xuSH zBX+SIvfF~}1vAX*^ziWJ5)pRHXQ=h*zE5x&L+>Oc^c~?PfAL6saG>WPx<&6>!CTy~ zhLo>am)O#qhZPZ*a&^-1A~xlfS8s5=Qo;h8u}f!ft4bx^%K>uRAt!+;Sz>n=8kQ^( zDi;TpZNq!Uzwuv+h{Q5wn;CYLu&DT=H^bSR*nG3PW>*g^*N5I})=fzhOE>*Pe(L6l zBhFgHqu4?&qeI>VfG6OuP!Kzsaqk1)lh<8G;A>%~Jb1ZW!B#gZzTbhG%H4ed0*EZa z=elvz2@`COspi#ZgP-5H1Eu20w2sQj^}WDMSAd{$pY`umPUsp;Un74=(Ilg#NJm#Sx%v&H$FsZWmO7u{f=znPY56xyQucx7W z8p{tWqWZwxcRo*!6!{Vh=3!lwSIMseH`JJ)3KcZOKUGn>J z5v5;MrOc;ibmtsmZ(-l~&Qpm`ZM=CHtE6)M?9WGso)qD;=OlvDR{wh>^7d3bMKXIm zG^q4w2~^R-ZC*i0>^=1_&+7Wqx69`roRpduOyjz{;L&yWwd9XS{CV20t?~QE`HxLB z8eOi?2K^PdSZAEoc}Lj7>;2Is%XNIGf}YTOPyL`9>wy}dHACy62pJidp_P5pH^$}w zuyp)QX@2{K%-5$Mu0%OVil;Y3-j*cgo|euD=}Nv}kpYM(ZSWJ~rF~SL2X#?w4qCg9 zkXwG=G5d4*15R!kM*VBHdT~H9?3nK3%M{82{Wqx}(RQME>;8$8DFBgpyZ=r@B^C~- zJl^&Fmmi9)-Hr>{wbEzX%;&f0S!WN8`JH*XZRvaS`RvEETa}+`Zd*Bnz2GW>ElPJh zYx~T-3*ucwltuS=qPaaf@yF$RpRM%{Uem0qe*B_~5b)w+5zyq+H$f|(I)$0ELWJE1 z+mdsqkEQ77zP6f+&NUf{iLPIk?e8*U>vsFVlI?&Hu{1RJ>`BO8$ob0*fRkl*-E7(v{UV7%t^C1f7EZoeYAYI8gCh6Y ziql>7{C`s>Cqti+rdyWrYa!st^BMd)TlC_fXyC~Rg-7aM-h&n2{Ro4Ta89ojv!}kC z@t8#Wk`+A68$u+)R00`nSuA^+-(NeOzjyeh(peds?7A<;`T)Bwi-(sAa}XbY+1)2) z80#Lq+}B_CeK>ZmEVry&VCh_t*zHlL(c5F!AD-{^u^DqJv9g;kz4p+EL8)-+bIdh~ zejB}*Fx9EKX>$L@mG^U+f84HZYWY}$4rIkj*stL@7&S;`gT8+T&I<#dNM?9wP)kYOttNf+WNbtS{@1zFQ=8T4Uw1VxdwN~xks_Y!*Vd>(0o?`` z^7DQ5@HULi4*As7hs$wwCV9?%%3u4`g9d(df3ic_Cw})U%kn(kEpoT7?2*8UvSVXL zPER&O%H(frf4?`N72eW$+B| zo!098B{`{s%<)-m>fG19R1G`-<9-1FH*~J@SK6-TF)PEg^3}Tqb)a$Bn-g0C#R|vO z&x>|_T+!-|ICf;z?Y7nI<%835y(7Q=tFDxIn_wl^E2xxbaPQ40%iV`P4S>Ogb{`IX zL!@p;)!O#s9<#fb^-If25hwDwbYd6@DXUj9%dZz+WcKC?O|(S{p#a5 zA~7(cYGc0g$C-eMfArN)IAn%#ffT>K5~36C@Vm2wAcLeW5|t7 zsbb&980Qo@sH4PP72e|$3H|VuK;>8e*?ks!OnTXB<&hx#-|4xB?m1#9B*IIpN1fYg ziD%;u@&s=Qb^J;+;wLwWsZ_(u5}U+T_@2KQ2o~D!-1{PSJWXoxXu))r(ce#nVnup4 zVioMV-W*z;{w|{@`8m$I1WUa3$O(=sqh-e>;&w^XM!(xuf7IQ;m_z!}LeQ^k^sCndV*xwURI^lYN zd6CqGE3U`2@U}+Vx*H>R#^w`KNZQxqCEq5;huzor;2FdRx(d3dNvRa)mdzb|h(DWi z%*P7o!7GfHapmr^yXEy)(Cek+_s;@1Opi$3&u-HIzK*Ao^t9nbY^WS4&nW7cok2NE zPrN9}_shJTa_D_i*Q4|<$zTaH{_`Ko6UzdUZs~<N@vuQ6mUetA!<4VZu3O@_26u>^3 zA;E(k-?WY)?b;fPAx`V+Umo%u#K#gwb-$3gr+Lx*T6iAefpP<;S?cch)zrVDB*7e> z)c=$V*3JO_2I*6=r{yN>9&X=I@DRzwU(69CcY-Ol7pdP9uW_2*j}mwO-hcT+pRP_gf8W*pMy!Bc7w*5WV7EucTim9d+(!Ia*k4~1(8qwC z2*3x(w0O2PCO*JLLNuvbMJdbTvKbhV#UX7Bl|yql>;&z;m4m*^8HuQMN&gl`Ch?Nw zwBhDT#fA5|+mDUif5e||m?IG6ZXNr5L=RBb`G8{R%4b@0#=99{_x#Vde`bsSjU}bT z<2t!1+p7DfQ8LchYov4Sk%}RO7itb-rcZdmHS`|yY#jr|^#o7b?ZzwTKlNElykBTg zBVpG?>idh)TMpR}GeNhdW>9HxjSsDj?c439#FYJ6_pYQGx%Hf$y?CwhXPh*y>y`vXmy7SgFnON+LA)Z#UXi1IA z*-_XbNxBNSON)z^gB;CfMSxwhhhi|*Ex{$cp&qXn+*ogycX8p7tI#A?s9DkLB?`*{ z_VLy`UIf=5@#pYZd!1H-3SC=}cIEP(y=K;aL^Wu!y$uo7ELDcR&AIKZqGWN%zj%KF zx_Ez-D}5<2?;?-gcg>umd&j?G@W)+`xTCKtT#u6`nXj!6MKi?cCs>MVU82V`0sfv= zP?BU6_j998s^B5K=;@7E8N05czU26>53&w%yrfuH?k2Pq^vg)qA4%vyfmS6y9iY~^ z@Uv?ae>+DQ^rDAky!ziOp4;A^A^1@ zCi%Gvz~H69j1$v>f$X=<^LdBraw1{q;&wf&wDZ@NSAuV5)_G+DylMP3*EgZTYK+C%gQrf0!{?-s7UTAiL4C_MD7k1I2^? zM*emc9(Ti~vfI-EC)Vbu%axZv>@|_WdCJepn^7Ys5?WEHcu!jK&fJQ`gR99sh7aOR zarI^Cv5%77aF6!izgFjWCTwn#2iR8wGwqYlZ$H~(rn;}VCjje|m_MdCcPS^yTfgCok`6`4r6jnTD#0r2bj@?N}`OZNtkt zoBHVkECoG3#j4ucLZ${iHDdlo$@1OZQ`2IC2 zEX&4# z?qXYNba`KlLfY)|{Myt_bx`;X&&lEEFsZ^O^S#?TZ`iSIpc8CSwlGYWH90dm@BISi zlr&8rUO-ON9kP;JfAZ%7`*=xhZHYNtqsU~K*xtIVCl|wgi}@>+gVbmBI@C*4a%-~7 z3XF`9esHPl8SQb?%O@B!IB~{3;VHhdH?jvdkLq@rKrZ#%1F{d)?wB0x0az~lcVHgt z1Q66Xd49gq@o;m15qj!!d$xCx=!eZd5XS8M2bn&QJdXED`3vu%i8tv`#-tBSwAvW+ z6s*P1Hv|-%b59L#r_3LJlm18ex3^$%_6LBRD}+86`mThCvNhISYLhq(h{kOqxpqfT z>|N+zES5l(+818SaE83_9=2qgT#l6~hB>Fk6ksO}E(V+IqCMLF=8a{Lw^sSCsGo#9 z(HYGk(~t9Bv7hG$*U7B+(-YW2Zyhvfpl6ruQ6O})Wy5Ef++MmRoF3l}Y&qHS{w`-8 zyU>-;eFtYqrFS-2KkUUPASZ*H_loyC`KQ2J=n2}aCA_cd{o2@Xy2-S%XIg#N$&=LK zx{W46+hml720H642Q5B{bRbw)zO=o8(Op~e2A76dJu;m!ADiE9q13kBO=dZJXTd#sks1_M zBJoOjP{~6Ef{6b9Gqn(n+*;A>H9T9i`E|Uh`zw1yy_umd2zo#S{1ZUlPkxwQ;FK>`{SM%I-L;NL#aJ2bZgbW zyy@STTYAu>p0ZLfO=cRh%VOAq4+@vW?gLOZiRZUFtdnC7bkL@c&1W&=P7X|360u*7 zme`;a1DP|{O&v}}MTh=ETY*#igm=ExDdQoG1MY?Phv5c4bXX{U6M8HL!6DgRD^%yNMah0Nrs)jr`9!j*P8in0<^|j2 zUyVx1gK|}*VJYur zdjR{Rqk~{O?8k^YZwe+E8W|VW!M1-o{rTRz^T%=Zmb+IhaRm|-a6vr!VkvF&J(@j| zI@0ETFvX(WrYeYZ6y8NHPip-}e6XL|mTfR3$_@~MQP)MP?azIIY|Ue16lnQl+?yI} zu)Lw@zhyr8F~?(){$RJ9lIJfNkf6G@K`-W~Dsg@lpctDs`@oW%Gvmsufe z+oyIk)|A&gYiQR8S@tNv2QZBaV3JQ5Adn7t`HYjzfFA^8{79SY!3h?4Ic((qnqMK+ z>^~6u2cfKOC+#`yrD-plGA}Z^y&LW4E7oxY0-|Zogw)L{@W1bjwYC6S zeVJGKyq;6C?L|mYg|`hd9sQ>acY&g{#E!``{1!9433RGFpN3K?`LIQ!W`+v}iy2Hpa~Zn{5f03z+=C8H%evhNO) zHhtIR38t%sdyE)eS}ir5-c~!c$~tR>vH?8cq!Ka#9ShvGnG-wT+ENE6F~c95eo7RN zPOyO#ItVnRBcU=^R-PLp1&Yyr{_~+nP~OV5`nutp#X_J}FH?s;f)s7YH^1mqaRYF-)H+iw(CDC;?s%)&|HjMRHxTne%rou`B^cWtXa(>e&vxIyS&q%y0sK+{>loHY zw!~>KG)SuMUb0OU`Ul6*a;-&9j{;VS?6r!uO@9KaVU=1X(BYpZ<~_AIoHL1&T$2w= zq|8I%yGp09)E}LYS$+Kx4KgGV5>pu0&80q*R+%%qy+1~-8H+L&B$O;7P z_uSfG!TQh0*D%rjNp@YZ!d|FDDo${o5NYqHDy!iR81rbF4H=Bp#vJwd94TeiI)H2viF6g@@U zk_&<`LF)~pG5B#wn+Y73aNc#0!Otv=uw2Eg!EA6(s)i+>wDpsxY1Oiewge;g2|7fA zIzRJ~vC$VsW5V_~FAD5fO2&4~!2%y#Q$M!1umvBKPh*+U%p1XW`CFVqP~#XtmBnNz zJ09?U&8c7u)T__xnS>^ZmHSiM2>^C6JHj3hy_wF^q8VOfR>K&ntZ4`3ys6rxw4a;z zkE&0{w@uo zwmR2YZB{KY0?#{y?@v-XBl8Ij?cJo3+pe zz$rG8J^zFy%y_U^h@d$Zc4;TMHt*1g26cx`RjHrC$-cHE(!PqNHTWU_-xqsuc&O=^ z4ER0?>%uo|ld#4JlaJS-$@`!GjbC*a=~X|e4G7eWe(}Ayln>_?7`&<$4-pbMKIcoa z=vfb%8ay}%S)vC?VeT?4cOrXesH$BJJI&{J|5eCU8Qlq~UR3DO?n!$UD}}qsxK-CB z&u4wd7;u|M19vFXcgP|7y5Dy=^UU;m09n)E@6CWDqJBZmpF;(z{VnkH=Pi3FcP-ZE z{mTto@&xAXGpn1eKbq5NtnX@k5Mr()S#F>CIINz=C;xdX>s8<{@(8YS)Z^LaWGf#8 z1}MJRuqn;|?k@&`_?Epl8Njz`x?3e-M-{DnCEQT+s*3r!QTUEEqpWd;s(Hx%SHE|) z?->SJL$hyuP_*dWWB$rs+EKHJQ)Lo$MStHQUPr3!?4grFt&vwqCe7_z;I797vfPmUh~F33oqp(pD-y3)jz1`5*`_+BNw>cxsQ=9H zQ;iZCe9bGo%w6*2O&ugcbA500iB3az-nz(e9w;(FN~GSy)h~IHop==y^sowucx~wP zD{rMRqZUQ~AY=P&Ifw%X^yLK0KpIu)9dYBoVdAr-DJX42JhYDB8W7@KRwlD`;UKnG zt*4T>Ps)83EeLrmeeH$Yvku>f73&w$Hqshkk8?V5Q?>nWy8kd8^m8wo&i=NZU3G__ zq?&ss1M0WoPnW5ms7x8Yjx-q7;(2iXShj)p;EzcQ47J;2=u+N4WLD|m*ppIS zXZ!en<)@2vax)BuW0Jec+p;*V=W#MPb-Qz%I2cMJPxU@;pWYA1r^)p-z5*=m4Tt;t zkk`*N`Oq5se5zhUR)Uwa1GD_%XcirgudBTcV?AC>U)LLTB=x8pjb2-uu@C6mT+gBQ zc2mZ(a}Nx-?I@#Z>nn&<;!Ix)y8v0g!LVqp{l1sJ1sFfHX;9p542rxv6ZYp2Geei4 z7`-}=ySS?7bM)v;96Y6^`~Jtlul^6r8nxX!v$Y5R(?!^oWL${4aQ^3O|AA`B#2Xjy zW%<7okynsOew!_(J{8BUym>l7;4QE9-?Y&7?iO1I^?d8)@UH{At!*rJQ3a~X=TT86 z1k-fEzKV4a5i#yE>Eb=Uj}c$6OqdZk#q;XPw>PTY>}rk-z?d&;y|@aCUM$OdX4>HX!uIgr z&Mz%lzIKA#thZN!sKLm7+3k>dF?YPY3^;{5=9^SqFQ;!`Ae!5J#sb5ckNVzE0l3{7dcClXOP1D=% z9lJ{lS$_77(zyjiiW*xteUnUwYc%dDKaTmflAyR94D#Im(E^Kk?)N*U`%9o3K_~D> zbyE9ywuk-udqMBrktZg@E>C4>-Sdjs9R6^i3hauh&ru#AiUyBrX>(;sk80eLb$!4r zEpj?~eejjbL)~rdwA3;0yWjrosVvh(Ljz-;C9YMsR-mkIt+b9l2Kwr1w+d@(c*O?y zTQ@UqZQi_!FG0$eFhh_Jf~Q2)TDP8yoQd$3{iRkgNtiv5mU!k6%^Nn!mN&Cf)B$># zp)IykA2BpzU$#1|{1s^`+Z9lOBuNiwWEB-z?GL6!3avfv8HoJYoeTHy4zciu7>GQo zKimL3%`BFE(5dhAXoS8Wl{8XPa>)drihGwLeO7pOa2Xb&J1s6gu3eq%FVL*=l}F5n zf44IxDK+`Hyttydgx)2aZmfjmW?C|zk|i)DIbBLzQKu80ww?;tSK;dv=r~>DJ`2Af zu_r~ibFQnZKBaI2VjOe|VN4)ll~yKVLvE0x4YDUTk`GFr1?Kup+MZhdYH|wDb0eOm zKOI|nF?GW}zQvI#_ zhEyHug{ML~k*C~BQ;L;7V%ono(ltiFa37CTi$i~+m3Vj4esqX z{M)Z(ujcjF)XT4x6{+=Ydp-F$q0mlkgg*^EAriXoeYat3`BvV)cTlPOC_2-s7HmZe zc+N+0$0tppna{@;XD_yx#YX!%jTJp``!w?-+&!Lgr(1S66)Rk$rnT_WvsWnRhJ&kt zWc8-ddegc26LT{6?w86g_z00)0*>z@z6Y&*E@_ zY>v*K&@ybi8L#;hGMOp1irzF92t!g-5?UNRQc1o7s7pCMTNBDZ4+bIxkVj}h5IdpW8C8au!fJ>vaaP2IF9YkOg1Vn+@R^BMN&7=z6^X{P6ykxFL3JKeq-k=-EY3oT8!N!wbwppDMa~2=pP4bc{qkg5w8^Q9QBa)bK!F=%r8f zCn%N~L*v-;I8h$sSm67hlBe`)}qb)KN3uShxlQiq| z8@3e5QGmh3swXJf#W@O@KY}}^kmtcd`#{n!bxSttB`k4k!BMDIj6#5-NO~keye!LM zA=hPdoxNr#1b9zDNn7adcx!;I7BP1ypSr#8P~LTyO9vK~64?uiR7?Zvmldb$EPClnW&lb%taI&+PnYi~kmG!mGqrBpxM9vV=Er0mLa6 z@g>~EqZSukCV2>TA2z3%1|=xt+1Vv}E-p%C>MzG`)y zx#xioz`EZQWwUq^BVUD=p;5t8K?Iohu;H-m;R02Mqr&5YB$<(7QQ2#V-Mr@JaOM}t z7u>z;7ZD6L&OcW114 zkzEvE)7PSx|C4MU3gg|VIyL_&_Wjnk7&HqUg{}n}Bl@XjBD-{DAi>mlcp%z!C^A&3 z!}guawCyN5T2bwQ)hydqSStS{z@Y0%JA3|%{N$D{t6eW{}6)^%S* zR-4gKgzo4HLfN4sj2XM~bF>us&|)`4U%;>%%pAM{vE6ku*WT$YVyFaP-Q0>J=TFSJadGumEp3?0KNWyUUNB49ga@jv{oK z#2c;Xi`QTw#-PUi^VxgAz1`kEz793JO1*9TyxU_X5aKV}CF~KCg9+@_4%^U-V4E@m z{Qx9uEH36a<2II~B<7}Co$}WmzIcqwWy3)tW=9JS$)`#8@s?7F4-HBW`ewh_z4Y5b zPmj`aD_E|ucFfkQs7BS&EA4+$5j+j7@j2F_yO5% zmKb>ib;L`!U6KOEBZdu{@=b@&1-*^ul2#?aq>_0?z8^)Z9Hhm>0Ir~5txM6=tKh;8#2%|q?3qJ%48~nVE@o!p+ z3X=b!b6^4wR_`2EDX7rrJUsE-2)X?U5MBpXE%r?N^#$B+BD;AwC)JCrpsCgqFLt5j zz0TE>Bfl;AyKB~l4E)#&2>9VIWCrT3nk7DbF%<9ilCns6wRo+FsL6SH-p$`lL*=re zcAjv|@B%S5SQ<$;V0!&9o>=@Nw6a1~@borDMP~o=1Dw5zestw=9_KqX{*%D;Q(YbX0VUm=%~e~FBbRT1qg*t5Kd+ul>$wWvu;8YHyEt z^Lwmvug?3}Ec5e6NXLTNvj2&H8u(P1wU|n&m6Ki}kEq9$nRcJNXXycZ71hRU7@gqt$M|`>$^JbyyI-au%{v4ToayagGO*d%d_1iIl)N71c>@(`5A zZ6orU2eI5MZ-0ks%}t<~9dGB3I{RUEp=^|vO|L4f8X@MTJJ4YsYwK6UE#hJYh?%tf zb?Lw-Y?sOIja+jeoh@_7ezLb$32NitXaJZEKs^`9wr7UDv*{3M%ibKCD41L|OAW!1 z`M9BMCl=Z48SnCz^-(6&5`EJn;~ej+qi3(Pj$5%Bzx||!;-bU%T8O(#-Ya>D(;W|f z!Gvdj|DFyieskA;q0{rIiOp*Oaz;obW52nKnhWY0Z3PN=2PL0 zsbI8Fa{~tuGuB|Jymowrc*IL%*^$pneHm7NePQtEJg?bnlEN}fd{tyfOD7ribfk}X z5gx|amWmRf=#hA_#<~bW#yLFQ)?{=T@Wg~`%aKO5o_xRvGB#Oab1efC_CG0=qSbAq z%3Puf<=7}l^b(A}j~xMDg0)WWBFOD8n3m?gKBRqyMX-Qvp#0_Tu)5~LXF+wavI6#{ zbf*>F#<7h94$na|dsDNt?!5p4&)R-(gwQ6L-+wL4jk%xL86-wo^!tK$YiTN%zB+%Z+_PmmYYhx_%LR^Rr=Q!^KZB0}hRLOEVa}0WzlK`i zx`uU^&t-(2%eWSPW(z8|Kvp<66>gz;P5lH;KJ~1u?`hDx6gnZI1>=1f`K)<4Qmp_7 zm$|*ePJeS~{Tph4+G;YTrd8}}Pg=$9|6XaDdoC|-?;V(8exlUyLCfbor+V|!w=+Yh z44QrDL*^4J69KD?=pYYtpPctT)a6CAtJmt0c%Zx$f42OtU>q@AwP1R}KtimeZ+e^b zioX|xKZLg6y!uMCv{AKxJ9`z^0+YbCz-minP+pb z9$eusxJUC17%UNMKF@_m290gKzl!&M%K3N(PvZDL1&2RQ;++CoJxBRwr>nQCKLlv2 zbKFCR3|J9rSfGHgnUtccNCcac>^VLsQex@Tu|cX&wc>hHwvxB?+36)tu-l?v8DW0`JfjbzA9eK8 z-W;65Y0aeh1HTsbABu<9K|gt!qD;RYDz-W_4fi#o&FHH!e+?JnLb9s%tX!Ldgm8`* zh{;)WbTKuy!90lV5=DtFiBQ=~=t<_bX_G1`G!XS901G9SlR+?ih~Gq8~*2Z5|djE<_0%Ciwz9 zkJHbtwLRNiG&+|8orzLih0FXD1$TiF2&v@PLh5r|w96poSIOL5nI4qKr9%13Xf{{f-tV}6D7P8e*q zlphnZ=&4)d-4#Sbugwyfb60>yXGDwgPBdC$@pV3E=DRDc=ye!`b*MLkj*t4YzL4O;`EkxytTHrF-Cs z9l!^mf|tlzi?g6L`mGaFkQm=yCXK5_JlVKrFV?L+Zli> ziqx>QmjVd($0JpvRB)@eIf~w7hI#*;6e$hY1(ZTQ*rBVNUT%U{bfpI`4DnWwfRQz#wHfKJFU^13@h8zy<>%<%5Z%=58chq$v$4AXuBHrdBN zxA(-09bxL^sFI?CUxcoD6ybtCl=ns7oSPg|^mYHoGgUAbraEAQSvpAFx34$#|9)8; z)XW8Ih5XrGTu<0j^kQ~>86pR?Nk%t3E)oN6XtZ)O3KRci-9IfxAKf*r_==IG@7znB zmvzRV;IJa8hF>4zTou&)Jwi6f7|uEJ6f0R?tEJZs}~#a0DL2&x!E)<9vc# zDEIOFaM;79Xy&!H{ui@%t^z=-rxB|74Hz7&aonJlmzF> zU5sV1J?l89Mmm0rb+a{`>Et(?B=T4<{S#t{qPD4#HM;3N5sOR)^g>MTnt&cQtuMK( zHD((^BSzSn1|T5y`ZAdS!IcB|%wwn!`YH6=P#i>{_1xLM)7$aQjtdsA>B_VAA)wdv zoMfcf&iM|jmfR^=ycv!^dPr1p+jXmnxE$HM64}}U>~V}9B*MlVgj>_Y!DNP~%6%N; z#WCB~66({W*gIDjo^vfu-MKKO6nVorfcQgCkaw$z7Yv%7f$eUYrr`8rzvB z;Zxvp68}Cm1VA$73#Z3`NEuv^`2sP{dS_z$T)ps4Jf)j1wWzMPoAZVCKF~ZXwAvfd ziYDvgBB)xY%yyT}SP?u%N|2MgGZe=*T}lVZKYDVBSCa9mC2${qpZuLK_@Safj_ zm_Hzs7HedM`Ih%H2cby|mkAv)ml3e3rM_)dKiE%i`FRY0oUR{+S(cvmG+|p3kbOT^ zfTt|ZB3E>Sa9gOKw8!YATcCg@fE#_gdrz{tJOtSd5hKSpW4OrH&4}dPe?5?sWPNdr zVaQhjM$Zp$ z7gR&^Nb`!QdalSV$6Ol({%i@TJwC~%&3w=GkLmJ2Q?POH z?!EesnxpgTqd2~T_Q^l)Cyk=NRIo8z+dKDpFaRTJdM?Wzju0{jA2*`bSFnlP>d1?G z>{$HrxEk;Ys{5?g?gIsK9KtntVEVH{?7M!{^`?ICPfGtscbb zB#vL+dV;YyQoxv74x=6a--W<&hBMsU{IewO;1x76X^R~o-Z1wNDKNwNgSN1u0@R}< zw$3Pk&w)i8gyVP$!1!u%Qd}mWU}+D-O_basiK^Z?K7@(gHDsYxsWmxH+49ZsJ~Ii zUCh=BbGU6p?N5SxKYyD!Rni(G$q!-D*AhpBA)|2 zjWIdjehln^|AuQ6WSsZ}Qr_5c#}0@(Fxxr%YQcYa&(RKMe3ytBjLQTTm>GYQAIKhx zPI$h=l>wMeTfXIkDN!`iUiKwsfC>(u$?jS!?TH0X$Cg-uzLER$mG~TDgRZw{A1YCQ zRsg1BmkkL~4zUO@;d-Au;P=ovY=xqC_r4O~Bu{Tr(nzfjb^!fhr>|#vi9QL)@OC!thMP3}V1h zi!;lUTunn`xEZc?D|{i=ny`NG_UL?cQ4#C6##OeX6`Q}hbMBWYMOIVq6iZ~8eHg3B zaPBAaI_QcWT+Z{*?{^(sfc;n9^Q7MP{5)rIV;j4(x_%o*RM$zw|Hcj%Vi;n5y z^Wm_o{Wzh5b{~Xd$##&1^w#nNb2c&2j5;kJa7aJCz4 zDVH+IrS3gj&N+rq$IRBP{pWpTduN1;t+*o_!I*X7Vwa|)PO-EUiE1oAMRx2W9=Ak* zSqK(@A@mOf&=GYE&Q9({_T94u;J7rs@ChDu7=GY#IY$=x2Ru#QHGTl_{dGo{#pzROf+{BqDI@JWgbFH|;o*ZN!`1UsO9h024)C@;gf z8Mbg_=*!N5peyEoxYYq_V;s?Eu>3ra<9OWEjF71)}@#k-@vD+boW1@+)P;;E~c% zpy1u_=L${XnV>AjD~_T>PbFfJ{Lt*ngmNrSb<}uEI}vvKlM_s4)j%IHdzo<+GC#!; z{}&dfTj6uZsp|ciK5sTZ^rghR=pBtudA|DPO?ly!B28bPx154mwdvetw-QfF(>G?A z>q*b?AKsKJUY^&XiIhDxbP+5F1HhVe=q}-_WTqxbeXrzVm*5XI8QhK zmU-(VfYV6!-%e6Jvv(7&}On)8ja!?xB zPg|DhyDYxi8V^0cyHe+|pD&Wi_#M>f(w+^ihb(sN=bLNJUt`NfC$yxO!Cr%-{e$)q zH(u?p15|_LH?vuFzVI=S-TcMI%rSxr+h@~=`D7VVfvcx~+=A6WZd_)3ykYZG}D1KT0Nvy>ai~p(W+vAyh|NkA|B8N(n$Q)uJRLXHo zB&V`cNDeEM%3;pTVWX2IXHpp}ks=f#$BDF2OoSY_Y|O}M!^}?K`}6zn_t+lyc3=0s z`?TwNKA*3{{kj)pYchcVpi^7Zq3wpj?rUV~rMKJ|az<&fv=C5eJ60IGXQ@w42(fpo zcet~+s1>xGm6Asru}F} ze}|XA1bf!3as(C0h#cN7Q)D{5;w3;B{?C>kL=IZf=*zT3vX2I@r_=r{3K+Bq!{Ibx zkOHHX?W-;@CMVeOS;An!@ntN`2x>!w3-ceptHla~50ORV^q-CXe;7yY&N zQp+Y0FziIuSQJ2Yb!`%l{a&MI-fSQtaT9)%OZK)(Gmgi3V47nZlh zrNFhveC{gam=XjVUXqg(^j`oqpK)#$u1CnC4juZljA@8>&IZRvg2fPUowEaSpOPyIT z+2a09kFp#F%^V=h2@Z@-e;{!@YjiEKS;AP&HFRLJ*g#SfTZD%4bRa|R%nL-Ie31n> zd4p&o#XU(#6`zSp8AsswBIT)YYq{u7dZ9LUN^DJ89k&Pa1Otl&u+vX}KhK<+%8krN zD^q)izsPUfcJ?lP5!(hXnKeoTpxQi>2>msZFqn8`>hoxotqaPf{yS)tcRk(4sU)$W z;eX(d)8hE3m?9lmBIwJz=Bh`2aI6S<#Eq;@C~zSwYQ_1HWwxlnJ!{C?Gwr7qDCZ7` zG4h=Ra!B!UbZshxz27Wz?ggsA3bi8cVs)ACl7UiZnD_DQ8ESn@e`+3;Ylqvz)_Nh! zv*Fk!yoE1(1at^Bk6YD%UNF?af$`;7>ypGzn5?&If`)9G*(nC0M#M!hR5l1EzRrPd zxTfzNj4bwrGn4b+`OI4iVT`od=hwfYwKnMN_h&65KzWej^yFc*U5R^U>J*Dw1qe-7}3EYzfYN>)EK|jH)47iJc_Mv$?@A2}kXYEtenf%to$CDgW4P7=f1Zs;`2 z0v*`4RD4NWm-BtcV4kL?;-GxfFh=uVqqG^Wi`B;)bXn-rVxnoU;=xUdr@E6 z`E5XzRa30&6K)(+huVzmW#>b36Afu+80SkQFibV1Ha&12;xOYlpUPBYgPUEbiS~TQ z(cQ%5?AR<`KCpsBTBIswKLaC?+LK@=r@DU!ExhTX>d4=d#iaP=zy`9YpYv($EJ`=XNYjiMhm_%?=f|I$E9f z-il1EE-NuJ%*)E9hxuwlwP=PbfjPCgOhZ;Z!K9b{kZH<3W|qbDHfJl(HAgXg_R)YT zyw3NwTm#T&RBy}ErETSua%5ROgd#@_$NN%_6){6Dof|m=Mr+e<4sbMWN;rN>uhA2t z)bV^Kf6{JeN>OuFds3O0mzSDH55oo9w6Rnd0?+@}Wc?ycIwsK730dheHVKrE1OX6{ zvZ1DOLaDp}K28$JNUp<0LNnW5aR(T+fA|j}EIL7Xk%|3qY7%-`uYU`ckjyiRO$!wO zFP8|JvaQ zAEXhr7oO(d=dQ{=g43X}TGe2x=XaE5#1mb~St4MfHtj1>7;FfhLqBHa5?v=0s7(QA z==@1S?a*W|yR#Qz_MO3K!|S$N4%a---?XtfLvGNMeG+xsBO8{_nP|`>fcr>>gEa>a z(1&YGkAwjmP`U{%^*J+hY3t4L4eJirsKs&yD?O1hwF~Jmw@M&f?n9<*eg85D9h;`= zm&5PH5GWdlCzPo&b6+mB&L$6vE=w`ec2HS^ABYt*+k?TXphmH$ax{Yxyu{Y!po|ji zz>lB26KJJ>F=h2vKfnor_;|KN<7Ck07Bn-8aCtk1j1_h9wcUCHVC#KCq#xL~CXAu& z%6B3sJmelAQ*V}W_k=M_UHNEX9E<>fCL~8i0$_{XHvD^fVKXoSLda#tX%zxkiQXrR zo4kcBo1Ww48CrEbh%}M`uA9LD9F{83x6w_+Ts>wqOx1x=tiwiZ*Q*^oK&o33T6>?HzJ58-ii+%@|z8wYi_J1{5C|Mpv%!(UfGpJel55S){nQ0Xt%bynAz>E z7$s#Hhid#BpYX;KraI`KJX`{X9bHO~u|V34m)yaE_OL6GTsmCtcmSzE36#Z_IC+3&<{sLWIwFd9AM;E%zn*_Tf!M{xQ5Wyp%Gv{Xo0I3#zg93bu*;aWSy=VDJTcJN8izeq;+XTuqqO!{@foqV6 z{a_EwEC;mCncAvethsDjk}Z+H{DAUZMk6UxxmW|+03+<~L-92FoKY@VkYgL`f!#u^ z1{Mha?W2F3&IMm?ocxqAACur?-6~US+%%b%5#QQ=H>Y{pz^iQN4!oKeG$sOGB|Yp! z2&0E%V}~n*;9W)$3eC>CA^%r?0mE|dwpB-m-RTTx7Hpg1ZKsS zXImWGf-}yY6#T&V0g?YC(tHM=oB+v z2K6&_XPtRlj%uGz0kgTLDAjvy`1HqHwiW^B7cydYvBh7=E@vm%AR27H+qISovLO$K z(5C8r&YS?(1uVatn7(BzP-n}(fbGatoHd^cgdFMnv3lh^Fqpl04RNcI9%ry*vocT- z{~W`+jyFtl=y0w{rz5!cvvIrVdG0C#e%w<8I2vcSyDEGiCSr3UvsZ zvinVaqlH%wY`c)DuqE5(bIEy#46J$rV1d^E4Qv?&1IE4ny{HbrX@(HZ7Kn#2dU%#= zm+xLj2%+WH^Z*O-h5V5)ampjMeOoxNFjY(?gYq~QI;b9^iy!!0{lt(}6) zWc-LOhKu@UD9pdt=@s-VD|BcXG$Bc~&F4I)I#Wy?fj>9xpM7{4ti;r8AkQR|GP9%x zHCRgkS#Lo1fz@cwWtUU#s;{y^p@YK}f*Tj9c|fZ|dGT=#U{l#9 zunEZoyXFP7nw%!>@QU+_JOk*1L;`!DULy22J_O)4cHWi{n|~BwATD|ce#XjvrxlVw zKG)vXAo2YnpIuy~^V$SBE4_SNy(UqeD7R+eLA9i!43;IF7gDxFk^9?uYMFAA(H1E& z;z-RqB$OnBnp0-k$?KN_eyB{_g4#}k@4%O^R+v)^lsCk{`AWDt+x&hQx ze2a6#E15SK-X01K169{wCW6PNlSHs?fsLT~-|ty7$2umBYF*l!Bv$88vv!>%VGQlb zQVL-6k-V;YR{Trp2DzEy%azsPIGL^g)>O%&owe2vryoVlL*9lpPFko#W8QS3rFy1C z+3YO(>fuywzvDx=G*^d=n0P&@4i_o;;`aAnEJ>LE$SWG%1zVeOYAak0h-vTY?ldFm z1G$;h$P+*kk4mAj2uN&zKeIdWY+LNXZNR2-AyYcXNuc-m#3x%u(%j+A`7LI!5Wid~ zQHt($sXfU>6fh|~)BEX|wySh3kHJi+y?T#{U#=p=T~uu%<`Sh%kt$Ge?w%nqRB0F*nU)I%9U1m)7F&Atd>o}| zsDfuoQ+sU*{4a{8Y|U{HR(&R<5!&0d!0B)=Jm>)olnmZulrE$7L@{)>{j!Z51PimW z+hV03dTp|%J%l}%5OIEE_sV^McY^KBsW+&JPMkbQc7yE#?&W@Vh0hM)Ch>9dg=PwB zyAx9FTH__w&g2MElM^7QgH3lxE{}K0lblQJn&IbEEhi=${ClhLB=}&amOx`!W9KV@ z0%na>K1AIn{|9>n7ASuJbJwx5-7+;d5SWx9hf5l zeuZ`?EBgt%24|yE?*?$H9l(~39cP>2#u_tANfMu(3oF`LF0Una9ukTcELMvLC!1qu zEN(Q`nv4FcV#zLUji@g~>b@>yZInwvkA#(oVgb1Q)GY#UK1Gi8a&`ky%HHA$QxQqs zZvP6Q_Oe*UJ0XBGIGc83CY_sC2+M4u(*4^LpD;uOQelh@M*$Qmb*CxJTMO}8#iJK~ zl*Pk8gp5(Br#D6qclJgSqGu7=FoskgNhXJNab%bie0{SRVG&YSD!JX2Z`LWK- z?lePXN@6&>hD&{rs4*0?<<1w9 zP9p~__x2F~NY*v*nnjK*lC||(i1X}5``QDMxD}owArF_u@2ox3!IW&r3HC9l!dwyU z0r^^YMmKDMKlIQ;Q*ej5ZCzq9>T!@kZD)4SgfNg;m0DA)?27E=zWP?z`Slb?OawZ+ zEr#K}2Pu<8I;_A@k&sP~rCl9C5w{nJ82-lbKN6C6F1D>&d6Jb5T5bP(zj-S^ zi0hcdv-*!+Ef9iA>u&pJV-sCLa!@&TN0VOSLBLx85-G7UPtA4_ANsp9>yeFH0eynr z%UFb-;Sc7uU;|eoFcJwBT^u0U2iod^uSzko<{u#cozvxYJ76hB_`gqYV`q@7AFKu< zRkU&CDyaa;tEBd#dsz`GR!72CSvNhCAb(BITb*zGU-u=J!Cz7qA2{GGDhh`=txdj! z7xFcItddl|+-PowgD)CVB@#hljggEY8BxK~9D!(%#BT@Dv(bC7l!gvjOya{} z8ty+AlHMG2Aqd|3O`1`V{`3m<#Hh3a5U{`~KGP>y03S?Lty*F2k(d zG7<23>>4MHhxW?r@QkS$`J6{o$pC?0YxRCca1&K2AmLW4)~Xtl7~|aGI8X#Mo!Iyu zSrdDfe+S$kiEN~OB*-m42(c*vSWwRl3aDpQ=SGRu)&-3uerCkQGJ*c@-AIkpl;IgQ zqSj{jra02@j$9ncnYgr5L7JBZI5+@D0FNEkELFYJbpCOC#k5Vw`3au}F9NnVGP%L) z?Y9Iv@x`9ylr3qb{vF~V!WQM6iEW4^L^`4sc}CQBDt93KDK~GZ{ls^|cO&jl? z2jRce?mu*L(x^ZLO+Uo^5<4OF&ntt@Ib2w4Z56x3rm|oJ!`_JMR0#6WT%3)sHJc~T zP>*lZcSvo^IFF@BvJcM1)xq;w24zNCjPBLr*|C>^LDKg0m?6;(FpAlKkw+NHLs(*X z8YClFPNh)$EZ@u^2cNT?O&KaXs)#Q?^BR`vEMd2!Qb-W(-TE0$&vqbDf({OGbnw`A zn-U7Kfslp&al9<6X(mo%h_#bGSU(2edd~T=lFT2{+u6;rbNJH@!Mo|Kv8s==3RB&W zTIh54&pe*=|Mu16%aHEbq9J5gLG4FbUi`C1(AC*nzBZT5hZk_8_jh(?)h2LMC2mSO z2PutK%^pB_yvwHEfSh>B*V~pNMubCG|0>+5FmU;F;G3H{+$Q2j*F$sNj!@}NmKYgf zw^J=}*5dBbF5@JlBU(epc#+oTSeZ`Tlc)n4Nhte;i^*K9$eNM+fr+qnx6iKSg6M|H z1609c!F<$&8alBexAuV*LaZY(b%x*SVV-cJ!qWs=TB}ErW|O8$!%!YnU$R8Ye!iiD z;A=7$BA+ZcDg?bzpj0c}=^;k`XwA88ign@#p6~oUUSZU##4X34GQrz6r z4=vYcgXRuJ?)U^`u4Xnk4pX!SQ<*RJrPx*K^?4zvLwuB`)l*VeiH+Z158 z(w&0cbnle)7dVc^`;n;u!yq?C;q_80S<3g>WPZm11}@J1A$$7Qa`k+;nsWAlL)Fk^ zfnQ<*I+@E%L}cZ{LtR+Z}TR=#Ejq)uE1NNkp-+V)-nb$lCDed+t?MsrNyN z10Re|luc6BbTZq3GPNhJC$<_3!NfCCg||hQt{_=Y_?t+o!1@ZDm6TB2T5TJI*+FHS1e0{R$+|IjTaly*J9^loEZQqQ2Q7 z>iXc5a*k1NoYjoa=YVjEU;V{0aE{a2((&M^qx)cU^|tOX;|Wk!l-veOZai!MLyg7& zU-=AKD(8S!>zfyqs4A0^reDRQA)@re#0%!FTB`lucRmo_x{VpzHJ++Pgf9O1txCVz zd^f4yr!npn$YWp7KF8K$&x$iv9_L*NPz#hO&QHJh@Xt(eyqf=}-R0@txNij!Vj3@Q z8z_z|5w+tV9aM7G{^xzpkA6j0^@n|nycstQ5^{UxcA9rnon>A4+@pDi&u1+{ZyUX; z3C`GCefllg)@R&Y^BUs(*VLA}^o%;I-vuGZ`*tpR#H3vs1)4I>d4d-E3{C@0A1p845h#+ov=67d@rg@x7qBmjC=Lf}OP|ru(4@xuRy1 znQ81umGIrgkG17nL#B`16MHgpOSf_T>q^|I7w7RJGeLof%VX7&4rXrCUWJ1sd0` z*|+w6R`2584(h8JzH-dhASgd*TB-j~Iafx?ET?)n)Ya>4-TP#9DE``+j zANBWI2%_jrnrE2Jj@i|x-S(&xYOL0=&Ji5j)gQu=kW@pBq9}-p?_(M?>6Fo9J9&El8^&_-zx$bnzdyO^WjhE5u zuU%c0|I1~cReCXch2L^J;uUq$eZ0Np!=AcR_lH6qs5@`iSK+S-xBeDy9s3p1)Vj4D zBAOQ5Hn~(%^JFc!zP(T8U1j2_AJ^)Z`r8W!t9mE9l8Rc>F`!lAserSp0>@#x= z*qI&I7fnl~|J?uWp4Yj_L$RuoivmlnTQAPTnj422-$v<$w;@A+^oz?to2NEoNWuN5 zKTF`s9FDp|JezI~v!jj`pX#5e*)RSt?qO|XMu+d1?+K*}zSslFMaARSUZGChP%h#j zQ1F}xi|6IMs`$?g<67mV{-y8nksADwPxt!MlMvCt$LoK*@4`KB4@;&Edw=Dc_@ykJ zQwKhH_M1h&6nr1K&R8!o&GWDGPbpS+Uyn~naOX|u!P_fxsH=`eLEq#6EW)q-4`Se4 z09g`B|2NeOc|WeRoLbP}33l%9@w_|0a%DO!0P{%G&2A_2+l3m}i%QL}$G$SZp76@N zld_8cB(pCYH8^mlbM#CG373_T_o_HASteZw9C0C8v01wl=|#D4He|WT-1v0JHPD^u zFXjGo-{0Qyh!|efKa+PF964##Uy!FW=X4T!Rm0?(Q>iJ6_|X-SjQ^s2y~Bu{Z4w(S zDvOL9GbU%t{b`JV;87LNDFw&l!-|*v&=0JVcR+f}YthT!)%LnKl%I4PL71tQIuNa$ z%)U$w$|gkr3(m5yKOT1Yms(SnuGg8q$n~>EzpiS)3dJ-cgZ|6y^*f@x3R`_z^|nsC zSbzKYm4;Ra6LKSRH!MU>Q>JESqI>}25vQBms~t1p6m9d8X>T_<7wRIjfv^9SXzum+ zs)ux;Yj=y1B}}||RXX2k9LbFB@%u5oc5b{dDZJ-V!XUFJsUslZq6liT19L=%q-J*G ztHge7wREjWh2za)KNYm<4j)f^{`Zm6(~^|UC*f^RbGe*0DP!3E=#=hf?__ZoFMXH_ ztFu>(KGtK#%k6(VRQY+yCZ>7HO3CqUf=?_~z8Vtr|L$1(p%vHZzvV#w7TovcUBqIK zl;2#*@>QI8i3Z;8M*dd(2g+(+5MN2>j;b=%7(;g)OCA6FPv@oI;fmtC`y(x* zfx^tC!H9srzx#TIUYM#xBLtfotiTVB_ZC#|g)$QINAAPYY`D$39 zyWx6oMdHQLWHX=6$P~rD4?l=C7`Ki58GJ(dx%~CWrKz?j3LXIt2dZj!8I&LHmp*Ov zquRyx$~r&A&^1);pcqy5o{r4@B@%cPw7U8vu>Fj_=_i?%>-3F@u~Q?XZib#CE#=<# z#Cu=umxx%`J}rXiGadeD{FQLFY3Jen=%Wy_l_XI-H2CecO=aaOc-K_G{kbQ~HE^dt z-kZ-7CVKAlZbgBJJ+sgJ!>NqvEl3$(rElCM`rWr@4TZb+G>EnjxS%gxQSm~ne$;z; zLGs1fO0bX0N@lFgZIOmJm#8~1%NU^5j_Jr1dGKU%#vn!k*b)fs+g&xpS-hMzuX*Ozh2#yz@S&dWU%|CNUhiC_u>I%7!%eT~?4kFC zPrXl5e=@f!?Rc+u_gtO#JFW!VoaaP+7`(fi9z@gIWpDH%u5uCsSMboNd~f)2Q{jz; z)t?+$*W|;^+C?jddqbd;G>k7n!Yb%#=J-NiVwL6*zX(yE$_a}htvAIDKOl&K#%DH4 zIj@H3cj7eO^82*OO9j`?u79ku+itBo@p9S?T@>nC)IT$EZtQ}G!sQwBgx3nalX~CU zIC%%~+aCo3o@w4k@@8%p8PiJ~P#zQM|FY&|o=bewYOGeRw{H$Uvg-1$eSE`!d*@kg zZBs;2%t~y2{@tsk40=GP>h1Va(cU&%^f4hF+V!GC4}X&^$Kx*M4t&ou^Gh=;{nTQt z))l^ZP!l7+{(Tqz4dQ87Vh`|085wuumy0V-a_%DrpFvH^ekY$P)#-(OB}eM0ls<6P5RKT^IXPyw35DiSPPPCnv!{#hS{VI$c#<6PiEYaM5(3O1m<4=u`)CnT?cG>U$UOe#xfu1VnlOIK0_;PVD?h@va;Dv_5p^E!E zgOPd^bhJN`(lft+Jm|U>wf`ch$#pBa=q-r*|oyn@frk zk?31hGoZQEJJQb2UhW)%9b)V0cYHfQnr#cnoAyY^rTh4r<@AhRfwf$mNDequs9W7L z8+yWRMbq-vgGlLLj$wq7GzmAsDexsPuaG;@WwDZqy3<-$`ggFBSCLxs@3+4T%`-k|Y@ zTm8@GWjFnI9v2W>oTFQ(&7oT!oSYc&JGW&`m6_k8ZNJt*=k8W5YJS$8Ih{HUUkA^c zVIS8UNT!a}AbdswG(WqgSG$EeQgm4Mx_58-|2T_rJ3nw@%ReUZ1N04a|FTmc^DEud zMS?b--+pnh-239&19z7H?9oZ&b&ft^E{o2+a_f!3Pyc(rel^KId9#x7uSWIvP?d=R zs`~lK&|A$}W=pqY9m4bu>&#)=uPnHR9G$o@^x!rxhC~k^KWt$Pz`LIu5UF!?UZJb~tZJ|C+w3z59zX7wVk+-$}L=Co8m~ zF7id(v0r(Q>Amk}CvJ|P%uWj|SRKOHDeO7d6J`Of@0~zl@)ciQKFMCz zZc?@9doJ`T?J552D673VtfAA?f$^OMiB1QobpK=vyOcGN*wY1($zN3;EsHVfW$It~ z-nE}z|NZ!gQzSth9Zf4oS%d@$D@#7|i^w#}xI*_8T`5NSC#=ZaB@VoM<}n=JY5Fe4 z$<62}Np0M4~ru?AKKb`Qw7xJ5mlhHR#i~~)>lN@7cpE2+{@z_1(0j+)) z3v)2T3H0Y57d0!xmtRpoJ#J5M{3jaDKRyud9N~pj*#p3(e)@N4#4H8vSCno@=}2 z4N=3Y=4mJ8t0%>7n;a~v;^#dtzFXUv7iuWlq)S6Vj5 zU<^}mXNeYj_{Y!Nh2r^_IS<=k8lU}4FLo!k72gd$zW7J-<9q2tb?HyXDs^4$KYJIA zoEnQ`UTT643}AVy(lm-1;>sCZ=A~Qj^^ukrs&q|$W3yt$V-rx}t4UnFf&qM0{AE!$ zAJMb`R_WQMxkponTPjyx=kv;1X!W|^dmsAa4oGOkV5+y@X+FlC>}_+KGZvx|D`y&b zsR;pJ`aXA6*4-I9_TdTZukH1u>2Vte%gT;jZ%fFerU^-@A@9!FH zi6e35=hoy)yf^p*{+kI4zq=B$bmB`$IdYmIR?x&26f_UyfGT#CNpLb)`Wz!5@R?O=9T2UvFqL}%HbXn}WF zn*}Xxze#VN%|5%qS?rEoKJxoZTV~nt{WZqhzNT^ z>#e`ZlZ*%Mwc5*nR=!w5WLoh2<4T^C&#+OAZ!ErX@V;G4!@sQzVK$AIdQvbmW;T)z z&ivHiY$e#e4q;1ZXI_%K6|+Q4J&Qu!Z`g+5YQ5U+ElJwcn*z4z3|v3V3U0XOIg4s> z^WN%;wy&}YOc(abB=v;gwimlOdZ})I=#K<3K$T336J*{Sv@1~%QJndMg^S=3+bU}g z5pLG@ZQ9kZSMj}9-!;~1r7O0^a&lu?t1nw7T3TN2wDgR~xJO@zj=s>YaE(jrySRRu zd@S7dHSSv#AKvz431@MbQ{RwMcuA11eAgGacjlYc5;pa78w_IDS3cBQCz&vP&EqnY z@e-dihQ1$pk6o}M*zIk9Rq(0fcBM(ld6xU;iUHQtpyHnL;*#hRuCe1>tzcsDQO}6G z!-OCD*%CUA2VaYg{BW9h1Od6V^`2;%FmZUK)|c7ExM1iTjULIuTNr72{A{J>rq_6~ z-$rs)__KvH6iXS)nOKTPvxiIIDsc!3m9wN8rx8s#3=R6%`cJb6in_jDpFXorU6goc z5I0##gl<%D#`qBAz?%w{#Mpjf$NEz1p|{WzAN8Bn>M2|jw5er1X)G`(l)YANa;1@! z!0y|^St48bc0o&5?tYzqqZmtC1A#CJKrRLnkG++|D>@xX;*qM0J!<~{mq1V>5RFYg L*CZ4sDkSxP`AKq7 literal 0 HcmV?d00001 diff --git a/src/TRAuthLDAPConfig.m b/src/TRAuthLDAPConfig.m index 81e2bdd..ed1a461 100644 --- a/src/TRAuthLDAPConfig.m +++ b/src/TRAuthLDAPConfig.m @@ -77,6 +77,7 @@ /* Group Section Variables */ LF_GROUP_MEMBER_ATTRIBUTE, /* Group Membership Attribute */ LF_GROUP_MEMBER_RFC2307BIS, /* Look for full DN for user in attribute */ + LF_GROUP_MEMBER_USECOMPAREOPERATION, /* Use LDAP Compare operation instead of Search (Search is faster but doesn't work in all LDAP environments) */ /* OpenVPN Challenge/Response */ LF_AUTH_PASSWORD_CR, /* Password is in challenge/repsonse format */ @@ -155,7 +156,8 @@ static OpcodeTable GroupSectionVariables[] = { /* name opcode multi required */ { "MemberAttribute", LF_GROUP_MEMBER_ATTRIBUTE, NO, NO }, - { "RFC2307bis", LF_GROUP_MEMBER_RFC2307BIS, NO, NO }, + { "RFC2307bis", LF_GROUP_MEMBER_RFC2307BIS, NO, NO }, + { "UseCompareOperation", LF_GROUP_MEMBER_USECOMPAREOPERATION, NO, NO }, { NULL, 0 } }; @@ -743,6 +745,7 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value { switch(opcodeEntry->opcode) { TRLDAPGroupConfig *config; BOOL memberRFC2307BIS; + BOOL useCompareOperation; case LF_GROUP_MEMBER_ATTRIBUTE: config = [self currentSectionContext]; @@ -758,6 +761,15 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value { [config setMemberRFC2307BIS: memberRFC2307BIS]; break; + case LF_GROUP_MEMBER_USECOMPAREOPERATION: + config = [self currentSectionContext]; + if (![value boolValue: &useCompareOperation]) { + [self errorBoolValue: value]; + return; + } + [config setUseCompareOperation: useCompareOperation]; + break; + case LF_LDAP_BASEDN: config = [self currentSectionContext]; [config setBaseDN: [value string]]; diff --git a/src/TRLDAPGroupConfig.h b/src/TRLDAPGroupConfig.h index 1fb41fe..e5927dd 100644 --- a/src/TRLDAPGroupConfig.h +++ b/src/TRLDAPGroupConfig.h @@ -41,6 +41,7 @@ TRString *_searchFilter; TRString *_memberAttribute; BOOL _memberRFC2307BIS; + BOOL _useCompareOperation; TRString *_pfTable; } @@ -56,6 +57,9 @@ - (BOOL) memberRFC2307BIS; - (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS; +- (BOOL) useCompareOperation; +- (void) setUseCompareOperation: (BOOL) useCompareOperation; + - (TRString *) pfTable; - (void) setPFTable: (TRString *) tableName; diff --git a/src/TRLDAPGroupConfig.m b/src/TRLDAPGroupConfig.m index c51afc6..7612589 100644 --- a/src/TRLDAPGroupConfig.m +++ b/src/TRLDAPGroupConfig.m @@ -59,6 +59,7 @@ - (id) init { return self; _memberRFC2307BIS = YES; + _useCompareOperation = YES; return self; } @@ -100,6 +101,14 @@ - (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS { _memberRFC2307BIS = memberRFC2307BIS; } +- (BOOL) useCompareOperation { + return (_useCompareOperation); +} + +- (void) setUseCompareOperation: (BOOL) useCompareOperation { + _useCompareOperation = useCompareOperation; +} + - (void) setPFTable: (TRString *) tableName { if (_pfTable) [_pfTable release]; diff --git a/src/auth-ldap.m b/src/auth-ldap.m index 9ecd805..ac328f0 100644 --- a/src/auth-ldap.m +++ b/src/auth-ldap.m @@ -400,23 +400,19 @@ static BOOL auth_ldap_user(TRLDAPConnection *ldap, TRAuthLDAPConfig *config, TRL if (!ldapEntries) break; - if ([groupConfig memberRFC2307BIS]) { - /* Iterate over the returned entries */ - entryIter = [ldapEntries objectEnumerator]; - while ((entry = [entryIter nextObject]) != nil) { - if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) { - /* Group match! */ - result = groupConfig; - } - } - } else { - /* Iterate over the returned entries */ - entryIter = [ldapEntries objectEnumerator]; - while ((entry = [entryIter nextObject]) != nil) { - if ([ldap compare: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser rdn]]) { - /* Group match! */ - result = groupConfig; - } + /* If RFC2307BIS flag is true, search for full DN, otherwise just search for uid */ + TRString *searchValue = [groupConfig memberRFC2307BIS] ? [ldapUser dn] : [ldapUser rdn]; + + /* This will be used if we're using the "search" operation instead of the "compare" operation */ + TRString *searchFilter = [TRString stringWithFormat: "(%s=%s)", [[groupConfig memberAttribute] cString], [[ldapUser rdn] cString]]; + + /* Iterate over the returned entries */ + entryIter = [ldapEntries objectEnumerator]; + while ((entry = [entryIter nextObject]) != nil) { + if ((![groupConfig useCompareOperation] && [ldap searchWithFilter: searchFilter scope: LDAP_SCOPE_SUBTREE baseDN: [entry dn] attributes: NULL]) || + ([groupConfig useCompareOperation] && [ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: searchValue])) { + /* Group match! */ + result = groupConfig; } } diff --git a/ubuntu_16.04_lts_build.sh b/ubuntu_16.04_lts_build.sh new file mode 100755 index 0000000..edcbb9a --- /dev/null +++ b/ubuntu_16.04_lts_build.sh @@ -0,0 +1,13 @@ +#! /bin/bash + +# git clone https://github.com/snowrider311/openvpn-auth-ldap +# cd openvpn-auth-ldap/ +# source ubuntu_16.04_lts_build.sh +# source ubuntu_16.04_lts_package.sh + +sudo apt-get update +sudo apt-get -y install openvpn autoconf re2c libtool libldap2-dev libssl-dev gobjc make +./regen.sh +./configure --with-openvpn=/usr/include/openvpn CFLAGS="-fPIC" OBJCFLAGS="-std=gnu11" +make +sudo make install diff --git a/ubuntu_16.04_lts_package.sh b/ubuntu_16.04_lts_package.sh new file mode 100755 index 0000000..37b7cd1 --- /dev/null +++ b/ubuntu_16.04_lts_package.sh @@ -0,0 +1,13 @@ +#! /bin/bash + +sudo apt-get install -y ruby ruby-dev rubygems build-essential +sudo gem install --no-ri --no-rdoc fpm + +mkdir -p /tmp/openvpn-auth-ldap-build/usr/lib/openvpn +sudo mv /usr/local/lib/openvpn-auth-ldap.so /tmp/openvpn-auth-ldap-build/usr/lib/openvpn +fpm -s dir -C /tmp/openvpn-auth-ldap-build -t deb --name openvpn-auth-ldap-snowrider311 \ + --version 2.0.3 --iteration 1 --depends openvpn --depends gnustep-base-runtime \ + --depends libc6 --depends libgnustep-base1.24 --depends libldap-2.4-2 --depends libobjc4 + +# To install: +# sudo dpkg -i openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb From 8f3f59b52fbe926c873d2cbafd099f917cabebb0 Mon Sep 17 00:00:00 2001 From: snowrider311 Date: Sat, 27 Jan 2018 12:12:31 -0700 Subject: [PATCH 7/8] Fixed bug in search filter construction --- src/auth-ldap.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auth-ldap.m b/src/auth-ldap.m index ac328f0..ca90dee 100644 --- a/src/auth-ldap.m +++ b/src/auth-ldap.m @@ -404,7 +404,7 @@ static BOOL auth_ldap_user(TRLDAPConnection *ldap, TRAuthLDAPConfig *config, TRL TRString *searchValue = [groupConfig memberRFC2307BIS] ? [ldapUser dn] : [ldapUser rdn]; /* This will be used if we're using the "search" operation instead of the "compare" operation */ - TRString *searchFilter = [TRString stringWithFormat: "(%s=%s)", [[groupConfig memberAttribute] cString], [[ldapUser rdn] cString]]; + TRString *searchFilter = [TRString stringWithFormat: "(%s=%s)", [[groupConfig memberAttribute] cString], [searchValue cString]]; /* Iterate over the returned entries */ entryIter = [ldapEntries objectEnumerator]; From 2850e2478b4d47991ff35db7806c201014cb8ada Mon Sep 17 00:00:00 2001 From: snowrider311 Date: Sat, 27 Jan 2018 12:40:42 -0700 Subject: [PATCH 8/8] Removed pre-built Debian package for now --- README.md | 2 +- ...vpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb | Bin 61896 -> 0 bytes 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb diff --git a/README.md b/README.md index af0e17a..4a823a6 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ To build, you will need to configure the sources appropriately. Example: The module will be built in src/openvpn-auth-ldap.so and installed as `${prefix}/lib/openvpn-auth-ldap.so`. + #### Building On Ubuntu 16.04 #### The following steps were tested on a clean Ubuntu 16.04 LTS Amazon EC2 m5.large instance in January 2018 (source AMI: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180109 - ami-41e0b93b). @@ -52,7 +53,6 @@ That script will install [FPM](https://github.com/jordansissel/fpm) and then use Note: Superuser privileges are required to run these scripts. -If you just want the Debian package, it's checked into this repository ([direct link](https://github.com/snowrider311/openvpn-auth-ldap/blob/master/openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb)). ## Usage diff --git a/openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb b/openvpn-auth-ldap-snowrider311_2.0.3-1_amd64.deb deleted file mode 100644 index 8a07634ce4becd5d1bebb8708524cb0e8f8f7cef..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 61896 zcmagFdpuKr{0FWZl`@wixh%wrSdxSx3FWp*$o(U^7cFG2D=J$qON!j42)W-`j8%pt zMsDTqxL;=&!!Ezm_xrp4_49b_ymv0|_v`t(zh3V%G6ar#{VAwef{t71(oxMUHyCm9{W8|32=F=;t>M>|DCUX z{?h+R;J?Grn1ehil z_7~m^2eLPM(uHc?R^(N^7=c8}8p1OC)7!lRQGxw|9T(hZC)Y9#sq9b8${!+)R@fC? z_uuZdF4R;welR$`&?&p(_h`;|H2)~Q@N4l~WIwt1uPwV?0iLiEshPo=Wst3Rte0I( zS^HOfAK&SizrvTTa594{UG(hK38luX*#3Iu2{*^XKVMO;qhd54J*f@OZr4ty%TRa! z=4@wVoLRg)9qH@+6YWTX?EEJ(cQINr$EfEg5L2Nt4VfZpAon*a>wa;_cHuGbTQZ2B zjunHRn)LzB(v&KKzPvr(?PT~t2I^)^l#N;rtUrR`begCnH&5#apFQiG+sMszLnS6U z5cL@~bQLhbi%o&5}CLtX4R)dnU#H3j2NaXmaao37J{jHsN@P(GDB@xZbk z`sLYmT%M-p3VLEExz988GM*k8#46-|IX26N2gk9wl25{^Zezu1FO?MRx?T>HiM;XZ zUQUgZxgY=WXYnnzZ`DF~Ojc~;pMb1M37KE1eGPltw0o)~N_L08`gAhr@6k8+C{8ja z4LBh~cXmDuOY@T9TM+n&%t4vwf>-}Phpxpf5wfLSF3%Yrp8GBVF8{a5fcEhJXLXlU zRW&vK$8P@LR}pU#M6YzIo*|;w_KU ztJT#J>T;Ady-p5mtB6O=a3|5`otO)53OklK{09LJu!z~v1H9m8JEec6BB0dxkxmw&QoH>AU9 z<1cH{lNb7_5=UFrCyBuB8u;PUs0#e{w*T46#RqQBzb(sVmuI}ZRHiocuz|dzdUoo` zw{zJaty(jb;?rDMTh10$vlC%;q$BrE-YKl`ma43E>Bw|RFP{l>9cj05tn`fN@!#-rN za>r9O{NJ>jpOpVm$(huZtNHNf>b*r_`~4*22aCldtg=GQ(R+)>?XN!Qe_Sn8SM}!t zI`g=F<{uSfJy;DDV9$0rovk7Lx%1cY#in2L6ZKKdo@MoW5`sh3_jcd>sS$hPGoo8H zOPVchgzqAAGFnHw-iWSKFgh3+ZS&VF;Tr-KO;FhMV?~a zral|eBKLE@GWVMmvWnr_-T?u-zVlvtE!Tr}^eZW~ad{H0(RWS@YpQOHdl^?<(udvb{#px#wb~ zArFmrTO3EyEOxekPK1h~8>_xFEOOY8)ZmdI>-5d`fl}qh-#c>+Ij)z+=+Vb#&oOj& z2m4>7Nr%n1XYMv&=A1JhaCT6zFxMTiff9%QCqGU7*b0xvp<|)Uc)pd05ZBqrcF5SW z?xcZ}a@JlQhL0@GZGLQ?$9*r z(-Md?B3owr^-wSsEgsPd)c$JM)>==B$-${8$B%7Id*hI1*<(e`!7l_R7_BP zW(sYa#=2Go;<$?Dgi?*AFAPLk*GqWU)b<&31i5EQS-ppV_gvq+ri^}HP;*68m2tP_jK&bJhFX%V!boxjh?{h%4<5YR=q{! z1*h!&RL=xv*DN1OBH!X3pEJ;JgYad(M2pH2w#P>VR<%zuUMS3C4o&BYAwrzx^n`-X zL<^lt)f|5~UVC+nH}m8+R}>{3kv+8_UKxvWj7604WX6+%p5hLH?^5_YY|5{}NBjm*F2r6aD_$jyRHOsTNscjr-z_ zPV`gf=Oo7<+|>Js$-Ap57xDH9)XUTUFd%FfR)M*!OUgKq>2niia}}cvqzJtkj$2Rd za{jCQO>}N7l3RVKt<+GL_L5p6-8R`Z_H&vzs(9xuf?*`_eUIML0Pd=WBa+{ zz_w^hp>Fd13Fl9X(-dcbxUmqY?7x=yhOoU>K9upxH?RSSUQJ)dfP^zu;2bDb*80{S*Uzl z?^=l78tZ)Dc6Jxke6cU^hlj@WxdeNuh3U$aYd&b2z@$awi3}FGs)MQnhLP2KQXNjknlO ziWBo8iBF2K*bxF%*UVISUsjM__S@$&scD_S}5G_y36 zTDt1Kw)+lwI6~mU*=O(Ct|5Po^41s2P~IF0z45pq;iplLJ5ihXZTK{=+sjG?*v0qr zrYZA>K3)$~a5K86Q~qOryP3ygTC-w)N$&GLFL*{#T-L*y%5)AEWTd55?UOjI!j^LWTU&pmAei@~i z1~dzg0I5HC)h=f>KE6Mha!9a~5|w1~q{lrMPIyOaa-6tUd-q|{gFb!5bkXEFijc{$ zTW*viJMk7yn6UK2HFwbc*CQ?AjFWdx|4shE+wuHF?x9{0Q;*Yw7gLf~D7_gIMO{G* zw~ib7n9HLc?vedjRvwIquEXwcY!mgS?I~cAwL&GmDAy=9@85pXct9txQsi?l$%qVUQ+f0X402HyCbmMi_TX1(l@3!G~=F z3x)6TiX`mZb5VXXQf_8al-7lnEUFeg`h~-YR$HwUUAyj`=+I`ECgN9T7#yRZRFaoo zRswHhuw5J^*zQ{W*(wqV!*!pWJ_p{R76j_tSJ+)h#eU0*z}6W}HLHEGbh5OJw@h9+ zmS=`^MwE=EHRLZT{K4*@$T+b+rCpv1*wvUEuIZot@93$t;ZrMD9NUvlC{cdaKDbdU zUM^6n=&Ja>*KS*oJD+^zOA;qViBy819-II59(wtTGH%b}1xB$5vVw-xXi-T=cZ} zP8YfSFfNdeU3v3gE2Tt!t^Bhs%O{1IhyAohyI5{6HWa(ln6v}YRc2WG^1f$;-fE}Z zx~+t_jPF^LPBa$pYCD+9@#fgV3r7}SXCfW@{pqAX=X{>~jYq5aaFs1LHE3#G57<|? zqH*kw7S}(1?8dsFb2ZV7JK8=;_kWk>e4{D0PSGrXmj-`FvQ=^-Jd}JBAHHICXx~qh zix`Wk=n%p9`e}~t0rXPg!OxhD?efsmy4=ewi|edh5qYTWini673xLc}**-`Q6f<#> z<;0~=xdD2OSJw{H59;#83Dbz?Yl`&aOvGiQFdcLp`r!IK(%28@?^~w@0PSxX6z2ne z@{Rn%hAjNJFHkA{ZrC8q`4OCcU|bjQeWXXfw8}%D{HBd7<$(z4K@cX0!vt9ZFI9-V z2Z3Z+tnLBiSNGCSGEbpw4h8-pm38y6v$7LxzC~mC+<$V;(``OLyXQL4weyqc;%y!j7i#x(}%a3p$pj2?nK+h!1tWR(Eie5|bO$HKin0*rlD?O>BXY>5Ol>0Jpswqp^8!J?1ud~VS* z99ETLl+vmG(jTB*bNm#YE{O1!EI}5e@QDspkdBPFrZy@(aA?ELT;~oJaz(G8+Xgpw zko{hPa}wmVRXxPD)=2kAgR91Fm=-Siqu)r!=$IiZxvO411VUHbaO#(nhSLA4-Q-fT z3phCKkF;Kjh^#Jj=d)3!>`J6=UiU06^nXdSyCB{hh8&uAKoagAHok9l6V`^&?d#)rKt4~ zb&f8eGRHm{{*g)!1k1A36NCQ~0ZYa$61I_=9({v`0pS~Xp$zOay z(ubJA76$(kv0gV4Gs{tS)Y>1-%PQ)n5rc)T<8`hFmIxX;y6CJgm0X^0(6DqqBmQ2j9B_%$Q79G!Au_dG0<)> zQo1sL!75Ie`VD5t(qc|w@n2!3;sZSN_HoNoPA{n++#L*o+3y}$=I4JBG{R=`WD3(2 z!+s+0tNDW5Z+WXadi0ZF1t&9A0gt9Uqv3L~1#>l($qz=2lDYyw@hVFCJ`|}$|Lt@a zf~%jH)cv6=4WZYMPs*=E;gKTvOy)i2ek|X3Pd*NIjm5*fhKn9g{7p%ei@l&IRG9wlAqA2wfmZznkQC}+%TmYYO zweP`CkvBw;DNHi;oB!Fx3AF-x{u<)DM=bMHn0G2FPQ>{rbn?Ht(TT~+e{`i`^ySd; zEoZ=fVp0n{)u2aDOv-R{m}qrfU4VN8sz(`o(2jGdurV-m;=kqKS*d@bzKC0rf*aR8CE+h!ZaT4$Gmpl_QVt;v{xIaBzh?X9Y1{$q)E&_2ZVO zb#nzUg};rl@A1#<#_SKh@P1YLGxAH_=Nh%oeJ<7Y4qJ4Hr3Cra#G z00Z4|bA%OOHP?C(41(%&aR$qiLBblFO*>bH`5V%RA|cd|o0AM7o3YmIzs})fh7RG} zB-s^%@Y%a~nmI47khW-&x}Ky?x;k76AYwaX5COuOOs7a@(_Kh5Wn}e+P$m&Bq9>&r z3^*~5cmihyx4wG3W*%l9!xip!3evY%#TBHVQV*iYb}$?_Ebl=(#b7nxvqjy6v~$4@ zjLPap4kKi53TRiCNeRY6_(Y~%b%ZcdpQbRH-;V?|=fWxVz3c>H0qqRRih33(An;R; zZt&rDUneWl_fRxjwr_2pc6u6--pb#A9`_yhZj_|-g=yjnwY=m@7AS^cH#=gCXfjUE zM@_@76o;mwStq$XbiYEzwQPtG*lxWg)-~Ryn0C!#3j-C9q^y1sVBt&o*WjlSuZacG zvUD*}JHfZMYytIZf*|zv;-P^XO8vpWLg>@OD6x&~RF(~{Fz|6K(GKQA>Dxh+&^6*e zpg#mjx|IG)Aqk-GMmSP*PL%E*+-2%e!oh%6xY%v%5FSDIVeO;z&E{HkpbaSdurQOb zYkhhs#us()rf-Kor*GB)SXlRZ)*3?{h)QLNX>wPgzvrTHg;bi{$#5Jqr+}lrUG#|4 zx0Md2y4j;Us&S1ik~^rl(aUf8k5Xu-oU9kY^}f_?-;XY`7p7-r2dov$$Z1d-mo* zAGyV{>z0BCU)0QBcvxqaCVuc!&I_K0;?I)Gw4Po+BPE{H_}rpUExxa8PGUQz$!L5 z?r#;2I50!Hun1(z`F7f`t8fkgGwE($b94=X8P>fnL-MuZbiQ|vEG0_E7yrKIG5=$6 zNMB$lWNJyg$xVOwDzFezzUax-N;!zxRA z0Q1~VO8ZPblrHy6%Yby4dx8GJ*5k4?%eTNJEZ5dU;buk$Z2=qIp=B^!1Tm*{>}F)L zJAzIFGvTngEU2us+TyS0EsXh7zM~khT)UZk4z(VUHmfzxuDdc!inh6IvA$~ti2uoN z`=lndxQ|Z2VH43}==i{|g_OjyD9d!jQLZ5U_vzjgG?b&Wa)y2`;2u~~dcipCeUE%i z5s(Z4FixDtVn})s(N{=38OKma!9az^(cTmyloJdXGR3g431?Z~ooch;4c8aMdE>D= zzoVT+P!Pl*czLLTJ*_% zGBI$Cw4Z&Me*8ya6q+Z{RFD>l5u=}CB~lV|ow3p8$! z0pc0jOAlOyKI(=GlMjV;HG>AX1P9mEwZ?jUEmYYd%*PEt;iyW^er#H}+U17wh*&h5 zw*>-Tf&GC#5ku)MoujAE8w08vHUy$L^#I_GfIN~i(-X!wVO}$Nd+-zycj#%~okHL? zRS~7;j8HpC6@#PHbi>t7E@}wDBX>P6mLT5}Z83v555XXC;l@vz(o2)#Gj~g0QIMCo zPBQe<50L!D>oR{-hK+~!5oD$JBSri&ROo;xqlhqcTpFtZkaA^PEf zy((JzK&=JEUkJrDdl(INFe361?Jj5)S?MSXZB!2p1!zb`&dP2^TSPK>0_w0dNXBV! z#f?YokBPF4o|1$ZEbL>VjPAjVb12$fgqRT0An!WqNQN-|9IKr&rZM?Yy2D3J1vk*Y zXOj;i4FAv|NI$({xrD#mLovs=VQZyg1EbJ~v^3-W1^SNy1L5L}yt~xzb^61Q3|aai zzKOA*Q_@$$f2sr)J_`SDx2abJI3x&>A)KPOtwMzG-}QcJt>T6KqA{`P6P#trv5q#zdx!Z~wD%s7iq;Z01om0>r{k(f);&8+C1w z7}&#!Qej)&lVT?S3qO9(F<|)VS(p-MhT`(ZX>v|aF(Qj!$B?A^Eqe5HaW19Mo#kKe z&Jx*534ev|j>Q1_%v%3+@B;ojIlCIABT^Ja?>8JSa=p>nzGO-1*h!K1?N3H5y0Xtc zLW~~=^4`-@hVf-htz9HvgA7MB$OBkl3+P@a9dwe_J&EzVpMu`YISxdPTLFGAR%s)W zri=Sn4Xu~rTU#YTEtWnbj~T+Qu=aos2b+M(I`Kk8#$w5SY9Y@0rQU$lZk*^HLw(kMlB}M;^#fku^KUTnjxo9~H&Igb+b8ZV( z@4>Q@0{FP3EV4srDa3W`oZ z9}IiV9H-xfVoSe|LG2Z!Us}8X^=k!aUu{*(Y&jl4q9}FIg)pH4{d~ZoIVLVt(D*6S z2;?B|gUDkX%#7tbcMUgdMkZ2vELg2wI1%{OJlBXxEf^Nco1qd9)w%)Xj)h|J&n#X| zMq>u$2}kG~4@h`Hzer4{JOM%P>pCk4`HJ};hj9F;c0H^>oU1~Ai{rYAHo6LCy0wsF z;ys=vX6}=M)5}0k8&2qf{_r0ZB8a~VyFSd9ah`sHm96r>#`G`L!zREc_7rmqWL0k( zOdy14Ousx~?|^vNQ=+X+Op$B94iNEAc$Tvwo_ZGo6;?oNB#J|pDII96h{j}D6j40- z5MbB?SK-*k^F1LD^Zi~h?^TWoQNOCF1gxD}(gz&NOes*mCS60)@h30PkR?TWX7#;H zyKCz|n9ANolX8uUv7m_^;Y5gK@X$*;n{=BcIWl4()R`}T^02KFP&opxAFL4?08rA# z$0ojuP{PN(fCD{bN!U_FOhmIGdGXqy*m$yB5B-*^@Xo=Q{TIPJ%j@`GuwLWMqs-7zwVc2m7$z1UX(58D9NodCF)m$U z1r{ah18(5{gp)qP1;FdWesa2SLK^H*3zkh6n5X-f_tOh(HQuKMMlthNsgE*L_56R` zqRP@QFX_+B(G&-u>%HVE6y^XJcn+%s&L`)nu&)mDXPiMn0C4(@VI(m{%#qT;1nZMY zax_tV_AKC@p69rbh{{JME%I!a zw(}e5R0J=FdpjG{F-`~+Wd;*j^0m=yc#_kR6xv0` zX{Si?>|P+ZQS4#~nHJf?_&@7|%jh@6`7LQNg6yapuzj+cfAre$Mtvsp#%KSh=(efp zED_mJvM>!t(E(HcmaB9#mU}{Lc?ptnnNCc>Qy`!hs zXxw@Hiyu&Bdf;HMZQ_|}N~?tHtRr*BzzRm~3h7{mEJ_W@=eVXQ#GQ3RBTq+MVkxNv zmI#kYXpIWM$UNW{qRx+YB&Zr5l-iiVzakGs$BSsJ*F=G}>LI|Lkc$odFE1rqB`3ax zaW3d$iN}k{i-8J+t0M@pODjQeu$%&y7&jLK^EVQ4KpKn!ey^E$Gt8H{Xj>@V7?&2V z*s`4pHtL`O6uC-KI<)!?hBus3*PA(ST*6}u&+QuI{TOD2J^^cf9Wm`MG}-^FK3w5L zicljxuw!xD%$;*!4eU?x9}fm5ODI7+Apa0SYLpmmEPA%-0$pv~S*B5Xcs&rN*WR1R zS^e-~=1SnE$9Et-AD1}}0)1Is=t)?uu zBE3C;G?NdP3_@%ezXg;&s}=Fvi?5%9VRygPJFr5rd|xg9wUzp-MKKrx^MRU$11p9y z^b7rn4i~|vM!-0{#MuilKMi)MEts27YNdNAKI>Rwim__He%LZat&1wCF{x%c97~m? z`-9vK%$!B3LHR((xqEulWd}^3*AQMiG3e%A%z?f=5$0g&O2KBjHfjrPecg0knK}f% zTaZP+20Jn=`VhhlaY$O;i5D+~1c8=Dw&Fa#YCCL*Q256kRd#HFTqnbls9@bG^nb}( z`Iv9*Dx|BV{RE~0W733zBpup<;rzIkBxjK=eV8GFC*vZ$Gjp7s3MOS+Kn6^})JO}$ z&9OO%|+d-k>2YOA7xgvVP73CpM8OM|g&L zMofv`N9iCbRggjVYAP!n#-HGuQ2DK&ehWB25s~xVsm&nHk6or$%!`3R>ok_^(SKBo zdm05nL+DvxqvS4iT|{H?%1f~0sQ@#Y+Lhtnpx28y&Z^`5l+C?xUs4aHcmy4Re#Qij5V*KBV!H~;+5vb_m%6}1?&^!1^dr}ySoA`P z)=XIfiI*J_IEj9|1kt80e^(K~r-k9fzy=w9V9UW^ayV83a0K54MdcDGrTex-;AtpB zQfq9X&&dI`Ylx%L3Ql|Q!qlg&4jV%_4|8r^ZyuPG{k#DA-tgC&E${r^B|5v!!0CHe zsIjq@n3Xe}`lvikW>Irc4Z0JEwnO;Q>7wwvi2L+CG1LllH{h?V>q)ncNj?{m-VxNZ z-DVq++MK3Pw_4MJkoNnPnE69i<0|+cl;9mWUJ^;#eUnE_WoMt4N>Y{c0^tCq%|2{flf4D&!Aw)4_jU7%jcxa zn46*yJJ#)(=ySS*fJ+R`lm59mr~>^9aEht5C$$5p7}`C$K#a2&{dsdxH9EODs1p4f zsJADz0-<*iZgf>qr2Vi5J+_%zjqV4QMX9zdQ&FmY7&1oeTw`)G-?_%x<`~hjRv=1r zYygmt!88GGF*FbQtLC(GprkmWTd@V}+oGFxES{L%a}giF%N+HXUFC?^&HF_4+5!C- z%wIqzhMU~nB&zoZxD|u12EonRl12djbJDfMF+fTb>H&g-SApOl-K=q zs5Kxo|8t|hbkUer<%pNf+UFXFfkQFye{u^|CR8yIFwkAm%Q4QLw{s1+5S$lXWX0~`%RF2nEBKB?_>^J{vEjj zlCVio#JE9EEjQfZ{2a9$3@v26Ylx}Zy0xtos_jK9T(jBCd-#16IbFI0`84tgJk|a^ z>I|L@dcZdj(u4^WCOCxQ?F8G8|lhjje)MZ!7KY@xoheb4>?>OovLrnGb(U z=Yaz?CmajT)G*z>3C{F;y=eoI=EPS)EJ2#pRS+9+rlJ@0BlzfHFFx>IjR-B&%`Q;mmT&fkG9Ge}l}jC5q*GmF4M=C`gPsFHo3!V5sbhMI(yg9EK9cHQB%Fxv#Pa>0fp?l`d4 zr}wHlc*JwN_03#DpC>J?du2g-Y}okR&{p-FTj;EtTn>Lr>~Sl{&Cd=w@b{P9mrgb` zmiqj49vLI$HFC$+IMLjO@Tywja3TV(oqW<;G#xIX+J)KSM(dl`TLgMeT0ZdXcG(#vpTX*;pA<+Z(q;57?D@e*t1ra!$ z#m?yFynZWrR>g90OZeSN{Wniq!8cDo57ohjg1Px&`O-@tvWz)~g0un*C;u2N=3pLY z4HNU-C{*rUi%eGLJ1X#g>OA&VLy^G`}`=74zw$?xU%cMLEA8CKe&)oDU0XDNET|(Q2))_HO!~ zji%Je|5~ipyxnW#_qA`|M&HU#-*qR?hI%VcDTf}rBeWnrn^B>>eiU)1s!^-yx8lKK zZjv1}!n=yJ+UZF{#-lu!BMS?s`$nS;9e;O^8dF|uP1N4{JoDVU@J>T+Zb)sTgVP5q z%)}kGe2H{%DQEnI($L2kqqZHmh?mCL9+|%Q;%PR(?GWY%eAxe!YfKm>#|3f_p5h3we4(b z=Tg9Bi|&c^n-Gtb6KNfls9<>bwx`k{>HYfjdY0vuwTK0RKa+tJZ+4aPI9F)?^NH%& z%6l?DyC|e9zkW4o4H!Emu3uO$kmN!KS};m2Tv!MzT1t-5bH0V#s3lorRM4fR?;T#4 z%Q!_6^P!DtRX09M%EjD!^|sH@?)So6U(V`~L80WBou6fAm6(&z!xdW}wO5x+t)_K) z{?43p2*2j6^Yaz?)ZQOI`qrt{6pl2Sb)x8fhjpJp$a!GJr&%@tw_osY`}XZASV9=i6$@KE8X;Ilc8yyBt4 zlrw23o@0$;9-No;IjjUbn4I+=zG?dSEh?YU{K#xco%8I}N7E`ofJKw$)~)bDJIf&H zO83VN%Rb}vGje^K@{Iiy?3|POoUNvK0k}!Cf&WF6?3E|rLob=ki`5q1s0CiiRc{;% znwJ~bT$8y$b1`+cNgfr_K(If);h^IaMDdS(BIfe9+2+n?xF)*~%URYXS0>@#JgQF~ z#KV`gokxSIk~$|EOK2pkw8zAf=vHs^xi0Bs3H%H9Imf&ghWPfm0epdB-wV<3olgE) zqNuwjVr=K>VUZNq<1-S0^PE&2t-Yy}6OW^wXg-QpKOg^DY572HO!bgJ zyfAq(|7eZlM9?oj(6`fzW7PD=*sP_8Kes~BO9eU+nrZDpTT3C^TBSlgee03$OES45 zW&;xLUe92owRwvvJ0)v6G^M|Wl~O$nitWwzM7`^q*bal0= zcXcIy!tr*KcFxP7>qqe>GTaysS&VYqq2|5wdfAL${cgqWVFOq^qbIV8{c{Ig;6x8q$J{ewyrsEufg>#*IQP@aK(qT ztY14n)TA5eTgjMR=>m6hOJiYeRHX)v&Y0Z#^^&m^Fv2pd+cwVAjvRVk$j|k4cQ+cK z;d?S@0u^C?a*5>_jf}+O0c&O>n%axJ0x9!z>H6vlX|#iV9^ZaST~o}ySq~BVnuzJ4 z>Q%1>Bq}s&Z%ns#Osj4g5+=U))vOT1CXeTs;(jx*w^F`+Haqk}BB4p#?veSATk+Mz z!K~7V$_Vv0QmLP6CFlzyByHB_cAAdaH2TfE6T!%l5uwLLqQB+#;%%y0113KjuV#(D zQjf%_HJ$tx+}#sQeXkDpvq^K_m3z5Z-LIlxeQO-`J;%5V>Wy2|sA{k6=#r4;kJgwd zyRMD!i!0^0%i*2N<0E>293qo^6-N+T)GZXLeJhnGkhGuAcj{)J~4}?D)Gj%Xtx|4b#%5aXsDs$ImE3mw5vg!(F*y!fDb%Nk7jG>T(%{x6`AM9 z`0%gc8><(L817{}su@|XsUr?b8}HS3zU}Y@GwxNEeD>?Rx}Y>l`w1R!_gy6s8mbE)%)BMX@EANGSN-0`!)f*his)PHT~J>p$0r%PS=@64 zHdJe!H|jik%BjKdhYz_}jO&b0{=Pjw7LZ|+5Phoi zoJ+RO86~B@DNE?a6Jd7Kbm0E%;?tj#?&@!fFF;?teA#Z|O|vrqx*0%fUb2X#o32B6 zwypMuS8K0XO+DfPpSe5>i&Z`&yr(G0yPA4wZzO z2`DB@p|3oUJ5U~n%|PE;`7?SIIVDj3@d(hq_%!~Wv{pDw%J9)EcI=n@8AbAe*}fQ} z1r5yz%(?W?H^`GCluE|fdyT3#pCk;-H*%URvq~}C-1)_A{gHuzhKJT3j0Pdc;PQT3 zwZGln*->}7j6RIT;weo4l;(FpuG|EU%MmnRhSc|$t;HrTlljQVp`fNB9%aURj9F0n2CI(Yb8HDIbD}D z)+QYM6MffiKsdqtw2%349!)XxvtfkJx9)4wHc@`v$vK%8j}Q_mEuueKe8cS3tqUeK zg`L+gHD-P0tNF4Qv-bQe7d`TP?Lr99t*xT+c=UjeeeEcSKq>(D-plwKU6nN z<)2#Jndg`-jNb0ac%|j&(8C@`G}(HJ6Bse@seAlhlu=Ona^81m-%aU#1xKGruPQXO zONn2!O28{-wBqh=CX|Qei?&A)1KTC;O3Iz^99Vd*OPIPV9^DA%HFBQHU0H}%DxE7? zIX(Kb`Nhh@oT|?>*R<3#_md@Ogtzx%q#y@@<+aXUJ837p<;{xjSo^OO>SURA=)?Q%7o~AcLA_wQ7>03pes3%+1-7 zpW$f7z*nDZy@4wulyVU%$2Ygb>mQ$M`M#08(GW^1nV||9_l@N}9yHZWVUAlxmzl7VGYL1nWK0deG#KRGt+Xq#IQLPD z6!lAMQ0gzjBskRF_>%JwoU1yRd`Ed6k|1x(bz4(mwB7pSJv{n03-aFl!lCk^w^KZ? zU6-4cb7MHM!Rw2~1Rh1+3$6>$a*H@+JIcOebM?>P5*4hI zW?uj~rLnPdE8*+!LJ$qAnWHLAjdn;SrNPn#XXBWH&0I2S{l|}&TuZM{NuHb(OkC_n zobFwZpaQwf_qBc-p5leCDlwG{Zh=q2P&e3>`Lv(7_?;Eq8w0iLR`rcg6LAYS zCPU8gtk=FjAT=xN_y?siXmGrzSTR)${-5d3kdPPQ;RMlbcuRn^=TkGwWZ&;l6N}(z|c8wnkd|I+_MQrAy1iPTJ8!{M>4I$mv zsQdCTEeB;B?8UsgO=i1{MT8_cv54<6a`4o5Y^QWt?zG#x_0ok_U~Qok#jpsj<_c}A zUDb46v~ZVs@LkKMX5h<5v6{9^|82f^Dz9ZIixl2k&-a|%FZHcl9o4N}|6}i~hc}TU z6@g~f_IoHqA@ILw&S(+y_3Q67pXgOWHgMZ>xv2N7Rnt1IPjuUk!Nfiy%RhX3)7tp> z^N?Sek8w9^HZf9l_W~&LlmF+aJpQ_xDb>-PyQ zre7CF={vU_p()PM`^|Yc1ubLmTMIqLg7-}NcgdHi^Uw;m!S@Ll zCas7~Q{a{@Lz5=OIB)?)Zr{|H?`|!BbmatBVi|LIyY(TL$QtG2Dphl3rpDZMgW6_q zF{uL_=&!&X*aPnKM}M%DgY0UqoB*cb{?g^v^83S@HgNH=h*75t5f=v@W~5fNsrq+p zVP8*%J|FGuG&nyNu79BNQv@$9?5aJv!7k#G*wik~-+enJz8={d1f4*9+XB3AI~W}Q@s!6rS{GCg-c`@cMRz>a%LCv>M;K4`31N0s-LVc3f8lOLq@{B zr{~`be}AC0udXlK`^}=A?rtTPrk!RM=7O&Ap|*80ttS_X?4p84#$QzP`fP8_8UJEs zt`c&b5`W@mr`r2-SFF;Ew6w3S`?#&w`xazS7hN~jVyF|^aVE9KdG#80m{rZ=L!Ptx zEELAtLe5_jdjF+>6%=BhRgvM$>ie{9mG0@3n9gO{p{acT0Q8KwXDAJeDzzjn-cR~w06_>v1s%|yL;%Q?2q?TSFWP*6D1=Xj$6MS zbpph`v!z!;IHhtkh@J<5k8eA_YR7aXPtH_qPl;wBeHk{!)oH1JNM}s0wub?Tq>I~x zHJhKcoCW5A!JzS#2F6J3xz#!+SAxWa?NO!wZgJ(v1sSA#4Z&{6N#;Qjlim6`AbMf<|e?QxW_6CnL zg-Ud*Z&mk;1)EeeOg`82f5sn-V$8*jc1W0qxk-(&t3x*uM-m>9%rwHDdi{w=^U*1e z@IE$oPB_)Rd^#^Yv0Dp`$|`UXxTUDiD}ef-G&f2dCKkIbj?w zdPeU|240OAUDbNqpI2<2{prbg(BFL_jlZ8|x?XUOOwy|Ee5}32BLMC&?TmS!S|dBp za08Svl24@_s`Scj1gmT`Y64&Sa2^e>#dcy^YPKgmX)?>@0U=Q=XruG29y?~u*fhh= zV>_06kxTl;g;%psE$CIXc$U!rOs)H$sa2hr9dPQ+6>w_R7ky6lYs|XXH2xp;wRx@= z2lIMc&#D~?`^=}e`~#{V8t7`D=C~d`nM9srrPX#|POc3|{~rKLK(xP0r!~lbeqQH4 z?Thk9OPyM0dGmjo|9vw5Cu{jnL;inpR~+d9=Xe>iS=Qs+N)+x&6r z_mK8jI;BDWpWLVOpYlcdqoq!*vwZ4*n*TjA{|&YLah!bclaBlmv{yH_bxJM&^^`vx zw>+Wqubq?XpHa(4A9H^Gpmw>p<|3ZI4_BW#ht+Q{`qB0@e3t*N_CKt4yxIM(w{_{l zzD2o3y;Yp2>AF4QJhm1E@i}WZ86nKnl7~#G)o$JSgI`d)+E4mL?b2fZl+T-K_3w!+ z)n{vY{mHJ-AGt?1KJ?}7kYbOEfYCo=Cy8#aqq+R>%^-pR?b^2#A@;4f%qmpe}`UK}e@j_hv$_DyKJaw{> zl0RfQLPve$-6HD!`^~U92`AHU4@j~ezr?y9(QX`24c-=XOq*{dt92fo%Y1bYXb+zpW1o6p3K~YgqQSnt&at_w%DobEl%m@9vRv<6t zQ~d6g#a!7zcoqNf4fY`(EE@gPaB9H((@FafVFS6!2G?mkCT|w&X`+885*se)v(-$n z<(hv;?jWYiU5&2YY)|T7x#pMEiKS%Cbzj8eOs6U94}=y)Xje{&sU|8_)G0Dx9}Y39sXdAj7BPaKgRLplmN?d$|o|1*)>asxlkp8fR4Yf>6d!20{2a z5)MD5YY$TuUhneqIq9b-*Nt+1a?(4we~(ni+59wx+b+a909#i#-nx#Q5PianBM{Jb z5-RF%Bcz6VAEo{`rjAlm`N9Gi6;hl-@=1f?*-E4XidspuuOdo|kLOfDzF2`>w(O~l z?5wvK*eK`**k5%nwdvLR>a@eR>u&=Hvk-gN@|FV!lg^L>xZIf){5LWH-e zN$khmp3vkz4&d<*?Lu-l1To*5-x++D=l_}VTTciJ=okEs$V$_&7JHoBFrx&<=FB{zg{F9$x z9d6)y_6O^~Jk6xzdD8LWaS_7EM}!H(ahy1M97-W^xF$f+kuZ8VHH;74XWA*2-$h7v z3F+ryh?I>;-wczGJi`>EMJm!y6o4>JLOMW5!x3q#jC4{(N<<`{=O`ilc+5k0!D>)^ zI|VhI%XKQny_tkh9}~r0h{84@>@Mx3kjy3NjmKz+uL0TT71@3M3XM#Xouj8Q*$a&a zNccWIjXM?S-YSieBprd$ArPJYYj%tw-38@^BhRR4^#VJU&CI#sVe(HKvLi%P1B0Y^rpAV6c z$`z!Rmk4GL!6Zm9I|wEkVb;ko3sjif3Fhe`2=h&yt}96$LN!z9uIF7@OM9hr+T0sE zr+b>cbxz@gxKWRIW3Z^}c|n@aDZp~ATgZ|`e_iL4uuIc9#qCl%CvIju=}4^8Icv`$ zMrZ9#!kz1M&U#%Tbh*7!Jx`JJrCNitP7>hmD%CN}B)_LtTMyBLu^!geLOp~Img*sF zh~gNtRiw^@^n`@;;UGjxMWj=MB&3Uj6{JBb(mDLp)k{LM6H+@wdR0a$QjiE_BY|9~ zQ7;1KQHeFW51W*pW6K~E+*PBijQl~y%2-Uo|68N0jOT^0J3UY_B#ttZE(Us?1^5)7D3Gv(!9b&vdbe9Flt{fJ!e zN6;_HB2P7BYKoP$aoh_7Y5rHOtIi_>jn#RWg!fkKs#iM&>&t;%ovV^uzj887#js&d{yrHv0(mGvd01k4lcMcE`0=_V=5 zC1p1&A!D|ztcR+sN*%Mxv3y)_W1i9hMrB`<$hJzYvYw=@05f)wl~oPU^*M0_l2NJl zIpIQC%WyHDh(W2lD|O9seT?W6l3F0@xRkAIMpcNF&8%q5=TG?@5jk5y#S~1SC|%cI z4tRL*oin5&sSCfjQI7?|SK?n1#L>gTO5Tgy5rbClJdFEMF_M)Bq7^II%3K)nUVlW& zKCCn1V1Hr6WKz1HL?=l~Yoe+BqtZRm(p{lKWwn~sUoB*FlQxK97PphXE?~S^p$lZ- z?^7h$yJ25BzR9CripUzlQODaeIuO}y{g7-?1<+d4k7{q+==!YNNakCrzy%e;b~?as z5*0|}qPYnc*8W-J*_tXVn=P|KtXI|As3M#@Dnzt;CD!ZJu>L01ANWH3CpDLaa@{zj z%XJ!aJ)!10q2@}ZTqpIpE?};aN-n-PXj4wzA%Mjhg_-jXX|FC%ry87l2>0`%CAV1` zrA*ewGGD%2%)g5AfbivFLj1!a;maF0gD+d7Bwt=!&RF_dih}tL^FG%{TQGEDOB;dBl*x4f^q&*@ z3k}z*wLxpFe~6SnwKe9MTQMoUH7_l)&}*cd_h7ta-@$mv+F(2$#MasiIgdilmwJh6 z#2u57y=nc2$^CjOUA73uOZE|rm*$&HnwAWYkef+lcI*djX*x0`l$?jj%X=Bfr0I|B zy{Qe=s^x)yu1Lg|Z5Sr^HmVKvQ3lg|lbNO^!=vCHB{Ey~fwmMKnT?d3 zi^+~i1DR<)$YgkRzf7O*ms#lBf()$%JT7m2Po(&da-f*sQ?}p}Nva829gQSYXPSf7JO&xjLC{%HsO4G+8p&V{)=Kau25Pb74v zGm5F4vJGF1aU}czLf&GgZ*2GIA2ZYWJ(PSsEg)vRiRVxK6h9Uhr|4~$p)iMYL|n#a zE`#}-28_;w+XWq0vhQmVSoGRUPf3x_L`0RK(t!la<(gS^@GJ$Iln_w2IT!TpLgH1YTn`lG4 z=m+#^t4YUg@#rrwNl!AgePwH~toSS)DFjK1t9p}S{gthG)YnzgA}4-3Sh!POjtJ%6E`YY4=JFkxP?>Ttg9eA6;wWO3^Y0L_0Fn`Y}_q#WX z_V7Qn|F~kS*!5_%n=2W_zD?8w(#!4U8i?q>@`NwX?Z4+s~?CuioJ5RZ^ znDmt~*&UCSoduSXt&S^WxM#7JmLl4?bXB;ay@x%%R zA6-@EExH{Z<0I6V1D;B)YoB2W@$v9gh?9WU^)-(D`tR=>}rnj#cnqG`*g|~1ITk0zB(H{Q9?s_To z1>Y&tMjM;KSQeHk&$Tt+c01o~{X5MEPhp<3F;f4*vN=O(G|es2Orm(ymle0lq6%3N z?bsx?%8F>uIJ;DAm2ovMlbV^RCR0_zOX`tAD5<~2=;BJjsu`3u7PF>`tZ2$jY|dr& z^i_BnwTutH;@KB^6p%5 zGV-=#;zZ+vezdcD4tJ4ZKuqW>4TyC(jduN~NDPP^ysXX1b@2viG*aK&#aro3M)Fa` zYL9de&Eyh^d~-38Z)M~cE(7v-n3)ivke6Dhyq=veJ@02r&CwU9cwxx?*BplVI!z#- zEr$A=+gELnZ<9zJiQJDOdleCj%a7ilcJhF>`Q4mj4Kk&M?iEYd5m{YCymi#f0YdFc0UXBZzeEMh)qPrCQSe z?jw`_5NaA8yb+~VStX#;*8>G`a2kOt`R8MpLt}CE5G&V7Z_q>2Zi^9d_bk6zCT$fc z8Z2*M`SW=a`s@S%7VEsxWZ6A5UH)Q&#+Y zG{cSE0Dl&V8LrKle5|=0lpm*Ov(ATAzQ|^!Y+t_tf4-znjLkVMW;-y@ewPJgPjSTh zQ!6=1d+d8Ke}&j%pJ)q+wLoq^YQn=wlLaNCG@A0*u$yPfUf$A~89HAWYPa%IGq^hA z9*Nv1lI}YY@orUjJrnAHLa`*&1%)EiLx2X-fa}3ST(5mKuM}+34*o4uQ!@FRDXd8~ zPMKvA4mQztHO2OiWZN&iR0Gz7d&S$V$xPl-%YT}(#xeqNNZrx(^$%yq0Opo;(WWKU;Z-q9tj%bT=Tba|nqGIBl6zd)X4 zPFw|}3I08i=3jT&fWT)xrTLfJ9cVJ43R8AC;{kLSM*SL($9*Oc<}|%oR@eD8LhU1@ zwsalt$EimgJk?Ie2Nq0yRXsic-)__5sX*GwzXQzuN2a&I%D*m#eyr zt!r`qC98gnQWviktAA2!)~GGPj~iUh)p9{NR!@WfI*N; z&r%DelRcg>+-c?U4+_I!bbjE!7LKs1um~gOErI&)(nDMSjqW}EP{8+d&$_xwV7x>a zb!))NXL?9h&ZpFpHDo2wLqliuPz^2PFK8`hz-txYzLfPT1P+#gC({Q11WZj*H~9Jf zr?###4F$DwB~+PspSPbMccJmr$+(+wc0QA{>8P+NAbl5C<9=&|#HN%|t5)NKY=9Q^(ld#UnQb#suD4e}KQK+#4@lMdWTE2sY$(ixq0s8N2|0L1WrDkl3p&QM z=CYc-eTAsmL&W0emB33Y+;%yF{`1Vs}k7@wsUU`|xr%+W$nz^W9Xt zc{!e-WIHAwRFjM5;0WkSrw{{?kcE2={s3rWnf_) zxekRTI`r=fArXe%tPmREVZN{uCJIEdm2}syfIly(y5&hwcmeE^=(iZ==x<`Auwmb@ z%7Q7y+%VKM9W^}>rZ)B_64^^4e?*ZIMFf`vjcqJ&p+34(-W$syZ-B^)hd+EK_-!ak ze2fy8L#3I&SjRTf%>ST%=AUA_4DZW1#Js{Go)$ua@r^< zXBk&4#ZlT^E{5n)i=c}h9ctVnaR=}xII|C`#8NByvP3ug?^noY{~-m7wQF(qc|i-G zeshAf0#JbD6~Nye(3l>6jnTinOwcb2LHgx|8v5t$Vx6`Ab)dZ{#LLc38k@gYYD%-b z&H4L@W%~JhIM8h`AJpjmaOu+D>xW+jqjevEM<;w5Z1lq+Q~-NXBr@dx;fHpDpNDy0 z4L11Uvm`MEC8h`eCO`Zl--{nETgdN!Iz&Z&-W4@{xlB`$o$~d5xcfDz(0yHhvmdT; zc=y8~_pSNiLw4}Pv#&Dx)0YbRF+@L3OaB3z@WU{qeZ9-?^22+U{w6;R$k+Ly{LEWp zp82z!g`dHS0gm`qku5VEuv`%5bubzQHoP0d5|34Pz(qr5SFvblNu=!Ql)bMZI~FA6 zyiLj3=2t6e&N^Xp=mr*_>%>yJBW!L;v1f)-Fk@|J+|S$w%`V}s&J@gucXq4&GeGU( zE~NIOTxZrW0^U!+voPzHF68Fw6XD8J*1GRF@yYiAg6-~=Z&%{`12|N|FP&t*?T~Mf zH@^M^T#Z@3>->B9sz<475z95x?v3*!NYXV96;IM}4nWRRJ8L*+5b&P~xV-_G&mT<$ z>;hj+__m`A9EiZzJ86J_PtEK@AlHI?Z&uDj?XE|W%#%7Y9gxiP3K?UJCR-1)RM*}4 z+Q1Px*1(q9NDbzDYA~%fQ1{QSYA;Xm2K?y7)$$~fzd-UeD1TCwmtzhZk|L?I=li+E zlxs2ODlq1X(M2lU;vuhS?;{cTeg#;4=JQSx>4YK!bs{_rE=2VIc_3nvL~w)pLGXHI zgZgXuv%!_V#G^T}y@;QB*`WS8*W>xs19tE4QyL$$=89*R;C@1wRCH`$*U0mt-a+!4P=1|G-tbc7%OpP=nS9xt$Iqg$n~W8Mqc9s%uV!maw6&!ZzmrMMV+G+oxI`f3MHM& zd53#avCNt2r-a}ytNlqZz&d5%y%#6>gKyN z{!{V^Ol}P}kZCg(Hl#wt!nP6q8|S4hvrI#MW*Yh{@y&*i){bO>A6js|t88FzVZQ~E zI~xu371A27^gH*mjILUXCYB>ql?{wN&ZcmD_lJM$bm}$Q)%a!+Uuy>jQKIeC(N4_o zT@5)NkNV7ZjBVjfwIk&JQm@+0?4$Sje&8ZiR9jvl73S8wz=8kA+mpvfS!CHAh=g!- zkW&%qfFcnY!ypm}fq*uAKmq{?2_g`=uPAE5jfClBAhwP1r~FjBa8{S!&UoztA-0YL zTu2y?4ZFH#W|$%9s2?_9bN8Y{Z@r`HJGwi9^7EghzwfK6cT~MsuU@@+H6m5TRW`FJ zp;h`9(yqiZ+LZubfSB#wt~5`XD=oLmm6pHFl{VvTSK7Q`;kaQ>IBwV{c)L+4 z*qeTXj0L;WZx~C#HuM{KRz>`BUm?GcL?5<7n!No*$@(j8s={Hge#8I8WBtRc6zlz2 z`LI$-S*Io|m^vU-v7|N4Yt}eu>s;muD`)%6m9fmT7!ze(b`phjsjs#sp|z@2=4mhL z^F5I$U~*{y_pQW;-;PEqMnpFn0sE!>w+4-XYQz5HORM1;np6$qtusCK64nhG2VgH> z88L#uOB;=Rz%gxxq}XpYf1ZE#^mGEEK+WcZQlK!EzHmkIFNrC-Y4ghj!rF6t?=O$iW9kB*EZ+5Aj z3|!@Qi@^|OK)oWEuCHBfGN77WgRl$n`PGq#X-zV>t7T2{aaUTCytdN3CfVK9v<|Y| z=aReJxX)$7@g!1ENu;1i%C>~@#DTw%G*l63sD-4Vdb`q4X9*=G6ji=ZR5OI4nkN)h zu~1Z{LQ$=2GApSJR#I-IaBs3oJp~hxxK~z?xXTa+CvPsNt-{CC*1gj+ytCS7742#H zx421J5dOTg^>G(tXX^vwS^sP$w)wu%Ch2!p^FDtDX%}Pvr!)dL_5sJ@p7ii%U0MY3 zugm4Q8NtvN5VUkF1(W#e*p+fral+>eV^10HqvLX^)QWL_&gxaMgs4Lr5Fh zBu%694JEWj72kT6NGUNKT0T`I1)?dLGxJJW!I<30%JFB%?pfYaE?bV+Rd%vt=PIut zpBV_}YA!vQN-v2%(PqJU$sr9N={d(?PpxLD^Q)Ioe(F38CAarpRI_8v8<)VtR8ze*=@`rfHE*83HUu3} zS1~uDLdz(|0A>yhB?vC$Fa*&ruJ;>!Sk&3zZF0fBOZk2vWB|TAgny0Fwc(b{SJ;bx z6ErW@a2hqsYfB&Vacfp*SHpw03(%C65^w(V=jwrEe2s&`^$?mN&}ll2v<{$D=oU5( zg48yw3yB$E{iFOz;IW=Q-3Fh8{w`Z*)GDJ-@FGNR#L5&IoNvLslNt9|N6)|sRysuv z$OD(wN5pdn}{b)-Pw<90q+T%H=(K zX~ecQVRUAlr->AXq}ihf3wRw6*2wD~Li0cDss`diLfkU;m3GycX>;;RA?<&r zD^BqMC*D5yJ?u$I0ApJv2V05LIIaCI>1qVZ|T>?MLDPP}d}4u+fI)4^E$ z(rws%{XXizD(-Ydxzf0ZAj2NTd!dK|2&yKyA3y7R9!;+395S+DufMRIDl;;H}zEmXiD? z8z!~=lD^9#xQ+;p%n$@`T`URCW+)2@%7A1m!K4)X(bz0sq=+`X-)Ev-0Nrb1!3T>K zHAxJ|vDC(b?^@efFkz{x^Z|X-KU{*y?Q9**0&{YHyF=kDSATqoJOv4FKjBU8?S$g0IQ zkS;68hNPbW@?EN=543>XpF|*g*g?LYWC6J@9!N1dkBV>l4~vxlq0SQ)#!;lsa~5r& zB(LYJQ#(}5XL?WhJZCEt58j+=$%KKQ+K|!I9SaM6;T3wcqP8RiU!AU}#q?EcbAqvl zYgYuXDuoqhTOlfe2WW+vF&(7`{^`T!!>lFRSplWKzE6~TkV;)krTRjtF7t795Qcy> zrLJ|L2r;{ntQ!a3_qz9s7BJ=WRlTek$xD>!39tCHO5vJ^$K>ctT$1MR_c=G z06N09S`&9JF!|5KYS8JBZ5L|JTFqPUWZ9=z19935 zsb_Hi0sLC~s@p1G7A_*OJc&|WIp#~`A_0&2Q zKQleGu8sX7lEaX8B87i~MOzrvVdMv_!Bj-XyT1I+ZF=X{I6l13d^IqkUjzGz$1fKm zkIxmt{dRNA&f9EF-ro(7y*ykCpl*=r&Y`*=Lfr*(r1wJEd0;QPMpMHuQoh zkpL&iVxc9*1<<-=nxHjIw5}*XT2G6A`kL7wz@7#tc4nrh$@QBa)Ok&&-mW)f>L8~P~ZwlYPN7jqucjf4h;T%d{jxgPu3T%xZg!&1y|-O>siI#>1ecF{S31iai} z(2l7{Lu;U6_x{;lL@+V1fl|w$$J&pwN;pAMoieP%e zd^(~0Jnt63&Ox^E+g)b-?&~&wr#R$qjuN7DEM#oM@p-q)LF%q@R5}d+ib8>J{oAW= z8Q6xu^Cd{6UzwN9kFDC_qsGwk90ugV5&XL@yGU+vV2*~1tb)bwZ)Pi&&K3L%WD!e? z@{y(0;-5aZh>GJ<8!PRb!{;82Kmdy&TAACV$rLs`=6XWoxzuhkPt|b45=-$8ts#-qu4LruWV|M?0NY1H{+Ye{n3Pp z{;aAY%At{8Pir_#HU(8ZULc{XDae0)^M%a6w3&YG$uGH1Daj>zj z4PX^xfZz}hhAGd3#q~dVrpbe0nU=fFFuL;a%&0voU*ZQnaL5B6cM7Hj)({`d?m<4z z6ztT?XL1{+?%D)p*HYOjRCY9!EmUQ3@8X^N4e)P7NuFgu zP~r}V+Pk2};SB(L3&C!jjIjSEP|y!cT9LCXlITuMiXmzt7B$Nd*ww}&Y8ElvmuwX^ zAvD|^BKXaDlRiLIhE!)>FgWo1EJZ`1U{>H2qM;Mfuvq+4{bjOzXzxtsRbm$rO_g$cJymKRx9>lwEK`ZzLw`OhOm>&Gv~vZ!xX* zX@8T54-qj<(Zn|?;u}p9O;mZKb((99p`*u}J62z>hc}b(Ri3-Tk z#R3;?y(6>P^0R*1M;{V2>CiO1t|=0uG50B%x=Ao0(47dZoqz;(nF#rPrr8xwqbbQm z2I&Zcjz$|Djdpy|d<%|H-ID1EmG^15tNmP;Af#_+{B=NlK zO?~;XAOnmp>`YDcT;Lv}_0wFWH5X`YEQ~~ai6^_NvDgy|PN9N-pn{cxH~L$J=3c+u z*6V#?S#-VPyEmM@T#bRx&dO1&9MXkaYJ;JhqPZ1fwbN8OF-|8#v4r4Cn(1*pCa4MA zPk5inLA;*?ye||W^pLq>@e|tKXL>*;^@cX)QX6kk8wJqDjsi(R3K_&HrV$pgkFc+% zsS)Dp+q-f*rnkg z+L6zkg1(7rl=WQL(Y@^5t0M6>aqr4PJw9v9uZ?H;3HPtGagy-5wN0Q zDh$Bl&T0TwL&3+X;H^|J2@3vd>dzQPY0VC!K5+(!e)*jqDo~w%PGB3@N(3w#hXm{q z|McSg_?;fFBmSI!xgA0NBa^3?1a&&;8C(c8O7+a1%Ke5<*$u#YokSY=>vrR7U(5nw z`C3UH1u`cJ46PTkbU-+mPS~qG73?yh0ObL*yQQl-Ed37XRyrsRlty0nhgLkVOovR5 zE~`^+9#f>0;j#|%6lifmsUnoQDu#b*53IEGkp)o(vMD;NV}T`R8AO1pB^Q|2uU$1` zkwzG)o)1SylJSgZFBsc<_T<#4P-t@-Rng=|y-B*FGBPqOBpqwVULyoy3&B<0fE93a zSgq{+iSM3uiy|!(v;iJ!k=!jp0`;C+YZToYa64+L_&tR4b!9#@S*y2<*Xq3JRx6a9 zzE{67R?Fz2cVSYH7)*_pyN4#5;_s|(e==O<-e_Xy2f4BJoedmyrl$RVrQKTiD4 z6^LBBDTVf{+Z*Le8!)9Q{OW~SAjNW3G;lze&o;i4*Os1OTpP5seOe_R#I+@8WSz8j zifJ^Kc7XsB&EePs5`)sC_nT~4JXo}Oev?U)|7Nnir8})H9i1dsEyx{vi;U3pd+g05 zTASHA$%asr=oJb~vLIgdQPu$6NG*bbMpU;?;JGe-8+T6>P_U8Z+(-|eFhc>%g+sGu zmaQcf4??*dc2N=nOyv-@#OHhup0c`%5(tUF;mI#CL?k$v(-4S09X7Ny)raLoKUZ!k z!9ltO14+F5oN%&w%KkFVi^ZKrH8B+4_5Kk`w{TV9ZKuA@2T!>TK**0V&~=#zr2dw1L2zb$sBVOgb~T1rYe3^D_{AX zWIW3_E%d-P+9`Z*yb+N4qlpT;!Cpgf9I9X+95j3Xyc;*mu9=9Nm~YXeJZP9l`vinI zI>shUR2wzjc;BK%#_s%^W~43r`#HD6blPyidE(=UT*(edTR7=F^D!#);+t_1OA=kn z?GGt&_Lqs{YsbrdU<@?*=Q$$q<_SpP$#arG8PP+=Xf(s6{Xrc<_DB*v=gV**VJ@cd z{yLxk%V;LiVmHh7v`l$z85If(ow}zdW4|C5u}?W?bPvuAdvdWm2#<&fk9g-0g}vB( z=5j{P06fl) zm3RcsPz(FUV+(&cW5MHf{`%^88y-)cvEcDEms?A%RGf*8N5+pI{r>hewe)Lh>942F zGEL%nzxRAA;M*DSEf&DnNx+&dzxNDIrrMV& z%o~RkUU%9e)b*zP-V?ZFpK->`aYLhvlYX;h=$Jj)u7u1-EKudKC3K5=r`FX;Gn;*#mvS~nSa<6NBs>8$1DvyywMOb8NQAY3%>lrDjrltIO_+pJCRDYhoYye zPLL@i{aN=9hy8)kQnnvuz+aC+zz)bskco%)|C~VLTMTdy3(`I~w7Yo7E0M zu=*b?5uN6FO7xf0xa;M0(T=`x^pza?si?(W`9>`|Dz&{QVm=IX;he?XD`GR{*}Ki= z-Z-XjTSoDcv^8-Br1EW=6g}&^EqsMReJF8v|*dz**uMthL*PF z!+OVVz%3lihshaOEB{xZ+xk|AgSQ`si>WCvk3{@GGI2z|C;sVuMj_p0NENk?(m_9k zoca(|PHBZ1?02`a!QGu*+Y?>7luN9&ur;pM5{c^-u%)O%S*US?_l)Qt;tPl(P^v{e%Arb zKA}FQc*8AS8z1RlyDYePsOhrcBEW<$3r30M&P8QPmVOGNNkRZR$MsGOX&V&KVUy4|Li@-h?@f7XL{2=UpHDaGge6V&#cEEJ#PCoJM~ zg1>sQu3UUtn#JeU6EVamL5fd8n|R{m&)PFk;QQ53iSKyEXvZ+bcbFC5EdC1S#^vCP z2{Ys296D~pSwA){xmh`n-F=&=9o;d^=)RKU@w*Szp=+b>2VvrwRpQ}6CYAVKgPNNj z1>ZLQ8gh;dk$mgONUX_3zO_7V;aehqosoIDd`mFD^wv5@zSF|YyPd%(-t}lLNB-qm z6qAB1|3gjkAB@Geqk?Tm|DU&~jgF$owlhf}L}2*zV;@Qdp2;L3xND!&Gu>6U?pNKqb*s9%8l7DMIlIZsy_t7*k=M)I zF&10I($kBvO%#$R_!uor1wTfUEM!F#rU3V;QR4Y!|thA3jWlPc&pC*vyUw>)?3oultPOvcLboE+p${+Kp;n~r|T_}Q`~ri#;F z4x@_XE%X1bXbtPWwCie_zdo-a7&jaO9UdQpG5AkXM=$j_F7;!JV^V+fmtmw%G9D0g zksnAM+!DI1eY~YyLkzo(k&c{S6pLX!N!jTEc6!kErnL^tGVi=9aJSx$&O1wsZ5C)c zz|X>&ANQp2buy!FD98I4W9t^h^z=dBaEzIE-UM)`_w0^WKr)J&t`=~Z1q{*YSBJNh zZRa$-e}Ny6u=b^licE4r2Tm|S19!v(?K?4yprG^LT*Y`eJCxp!Pkj3o41Hr`0>
      F1$V$ALm8H6N9`+czAUtRo@%E zjHkkdG4(y)JG}Zn!qLMXT=xqd+`g4;t#lxlW_-@TU!<=f?wJR6g@7{hRbku~S^9#B z^kW$4(h7_8Pv|oJApSkx5t>lZmHswd(_H9Hknsl3xB)VL$uo8jUY+um4f;6aLPmOU zMjJF3)_>>^_QJU6zk8PzzhcQ2goW`fZR?+)3R(x!P+O=8e8v~y3KI&cia*hG1@@Eh z&0w9GHlgBaT6eC$tw;L;@R|QM;qi`UKAPT5HJJYX84^;h((<>ite_XHSEQKtb{IZF z(w=^o5A`+PRM9s5*)ycNC-JX+aRby%MYxO2B;8TK#6}Fetd}a-z6=@Wy{qv$!j_|) zy2=;e3ViutcoL}KQqq-}k(g$4Xhk}$dr9TmC6P|?bu&G*ju6xnk0^X@m$i?`v4;?@ zBeWJ}e{ULl-x&l25*0lyP>+=zRD61J!3Gi*iHJ~c+;SMy^u zrs=R7VyVWBM$e#(k=B+osoRm0A0a2%Y}w|KeB$JP;V-gx9)70n3`4bKeu9J-Ns4SN zYhh*gu(BUw*==`kO4i6K=yegYD5!t42nuDy@w_8S&4gCiFPb8 zi&)~)Juy$yM10d=e_Fmp0LBk1mPrOZc z(?5=o$ldVQwz?0bE}L(V+B+BJocz4Bu_N(DEyQ%%XstZ?(H2Z_xUhaOjof%WE>| zVIN!%R_Ntp}E=<)gDG4i9g6o95x`$=LM_`>1{gF9zjQ1$zihQjx6AGBnY_oT^h2F2=?|=LM29B!`a;K3ybpSK_E;4ueyBu<-Kf@sE7nZ30NwF{a5Fl=4 z$=9>vR~s1D!s^a7{n5UdH+`g!T1QhKwT|jsL+hA4$LLLqE{)(#W06znPY^n3&yzFw zYBGE#Z~m0k#K$?Bd3LaRyZA}WG_@6C8AHWR21)jwh)MF&3FiM!kRSYegClE6*KRF-c(mlLc0H5Hh!P3hX@q z=J3wZ-iWLxIMK^Q0+-eq=h7M)beGoEOQOEsOQOCo#~|v4+1TTDvUTj|SZDS0MQxkK z%pGg#-E1_nOwiE2Kq?v88Vebj445KCv#^=0?jZ|3#$xcU$om6KoVFEdtYbbGwxxAh zJ11a_`XTzpmSa6vZoT+e*+r(wlK0^%qFs9knB6zw05@d zI1@h`#OygvVjezDV*b@)5HmDOXXo*b9n*2?c-!huqDz76<|`~8Dk7DfJ7@&PHnhN; zgG{^totL�m=9W+`yWN1T{24ov2l>IsBhjlf2RVXqI8e-`0;|ICGn26raTy^qC9I zzr8-29My{kAE~WqvQV17qKWytuE?BO#uZJwSZb1$XCI1#R-P?Q+WAf2uorZ6&He7k zZq?YfV%kVwsJJ;kq@|i&!nyc!HgS=o3p;pqV%&;S7-+W+q=e{G9&I)na`OEFPqPh2 z8TymVeMWXIV-5Npa<$nn`U7z5r=KFVK8uZq}`{88&imInD;Vv zb}@GPqYRuFW+hH<7G_~E93a+Z+?fnC$@Y~@-DIFCO?JJXrcxC4BB7QzIPDH?C+Fm|{pfAoGUeJG? z87C;hdYwUJ= zxckznaQFU!nR#Ff`+H1aZ}F>LaWyKRAmY1y_2;m$^8kO%Y=B0j2l*yLz*)z)CiCx) zwD#V^_!54l=}5LnA&y@6W{} zH@A;}ibjhXdQ$@W4njXhL;uxn!=g7Opy$%Qrk8@zbt=SEtq~K9uFX##yo%A?g}bfC z%$LEtj} zR^Stn5$4!7zT+{^+{vQ%@cHmndONWH#ap6LfxZIT+L`f=z>fObI#u!dH^D_oNR<`I zCpm+XO_qJa2A0-XRaRmvmHi$s0`VKayF+(b?Oey^K0>u2*sPnUUG9GT|!fpj-2KjtnBf>rq^}^U-h_dprZ9;#_5%S+sikP zT(X8bpOShfRf7eO2v!^`zVhtZn|J?}7@mrWFIF*^+tqyAcIi?Srv8e=1=@?rB^4bL z?hl?xDh30U%Ot*>*-OaM;>Fe~Z2PjnV-_7cVL6G=2qp zdRZ1LI5f#W(>8jxUwZfb#72z0?~RCthHorldQJa!0hP%A_2JzMHRaDHp7}l159+49?w*lDL~rtcFG(;E0lmDcGkx|ZMCk9a z$31PouB2^yT`;?UCNBG~aKu}u5QD5(NaZJi!)eWr^E0Ohl<&F<>Kxk*$fLd=v_Q6( zI`3Y(7D9Vr1-V=JK2O!_eb&3HuY_EWMLzaQ3_NzC>eCa&Uiqi*-nG7Qd7p6a$-!&X z_@7f(?*wa!DF4(3dPeoVFqLn&{I2xw>PlIhQ^ut>AxXO>)H&CCTC+UURl$7nw^Fc= z&tJA@l{iFjtHq-hz3jz)4E&40SYJf^x|>lD$oIoj7IZU{dZ%35y!)@%08t8VDiNPI z_@edrs~aCbXkNTjwf`_bJQZL4N?ZAtCW;sLq~e6Rbw6eb7__6VBKHyO)L$OMgFp8; zTlgzO_rEKLVh)!Aumvq=gYA$k%8C{a5rH%|_)c<>aEjaqP zM98Zf^QWlL&t7S-2G#kkU)?!%uZi!JVCdHho5Qo4h#6pZ(q-Pd)DfCs<&}S5A4ItU zt_2MI*QyVaE*Ai5+9f{8eXk*4;eH_o#~fMnqR8UedIj>&N=7n+WhQJ(M7yZE1xuSH zBX+SIvfF~}1vAX*^ziWJ5)pRHXQ=h*zE5x&L+>Oc^c~?PfAL6saG>WPx<&6>!CTy~ zhLo>am)O#qhZPZ*a&^-1A~xlfS8s5=Qo;h8u}f!ft4bx^%K>uRAt!+;Sz>n=8kQ^( zDi;TpZNq!Uzwuv+h{Q5wn;CYLu&DT=H^bSR*nG3PW>*g^*N5I})=fzhOE>*Pe(L6l zBhFgHqu4?&qeI>VfG6OuP!Kzsaqk1)lh<8G;A>%~Jb1ZW!B#gZzTbhG%H4ed0*EZa z=elvz2@`COspi#ZgP-5H1Eu20w2sQj^}WDMSAd{$pY`umPUsp;Un74=(Ilg#NJm#Sx%v&H$FsZWmO7u{f=znPY56xyQucx7W z8p{tWqWZwxcRo*!6!{Vh=3!lwSIMseH`JJ)3KcZOKUGn>J z5v5;MrOc;ibmtsmZ(-l~&Qpm`ZM=CHtE6)M?9WGso)qD;=OlvDR{wh>^7d3bMKXIm zG^q4w2~^R-ZC*i0>^=1_&+7Wqx69`roRpduOyjz{;L&yWwd9XS{CV20t?~QE`HxLB z8eOi?2K^PdSZAEoc}Lj7>;2Is%XNIGf}YTOPyL`9>wy}dHACy62pJidp_P5pH^$}w zuyp)QX@2{K%-5$Mu0%OVil;Y3-j*cgo|euD=}Nv}kpYM(ZSWJ~rF~SL2X#?w4qCg9 zkXwG=G5d4*15R!kM*VBHdT~H9?3nK3%M{82{Wqx}(RQME>;8$8DFBgpyZ=r@B^C~- zJl^&Fmmi9)-Hr>{wbEzX%;&f0S!WN8`JH*XZRvaS`RvEETa}+`Zd*Bnz2GW>ElPJh zYx~T-3*ucwltuS=qPaaf@yF$RpRM%{Uem0qe*B_~5b)w+5zyq+H$f|(I)$0ELWJE1 z+mdsqkEQ77zP6f+&NUf{iLPIk?e8*U>vsFVlI?&Hu{1RJ>`BO8$ob0*fRkl*-E7(v{UV7%t^C1f7EZoeYAYI8gCh6Y ziql>7{C`s>Cqti+rdyWrYa!st^BMd)TlC_fXyC~Rg-7aM-h&n2{Ro4Ta89ojv!}kC z@t8#Wk`+A68$u+)R00`nSuA^+-(NeOzjyeh(peds?7A<;`T)Bwi-(sAa}XbY+1)2) z80#Lq+}B_CeK>ZmEVry&VCh_t*zHlL(c5F!AD-{^u^DqJv9g;kz4p+EL8)-+bIdh~ zejB}*Fx9EKX>$L@mG^U+f84HZYWY}$4rIkj*stL@7&S;`gT8+T&I<#dNM?9wP)kYOttNf+WNbtS{@1zFQ=8T4Uw1VxdwN~xks_Y!*Vd>(0o?`` z^7DQ5@HULi4*As7hs$wwCV9?%%3u4`g9d(df3ic_Cw})U%kn(kEpoT7?2*8UvSVXL zPER&O%H(frf4?`N72eW$+B| zo!098B{`{s%<)-m>fG19R1G`-<9-1FH*~J@SK6-TF)PEg^3}Tqb)a$Bn-g0C#R|vO z&x>|_T+!-|ICf;z?Y7nI<%835y(7Q=tFDxIn_wl^E2xxbaPQ40%iV`P4S>Ogb{`IX zL!@p;)!O#s9<#fb^-If25hwDwbYd6@DXUj9%dZz+WcKC?O|(S{p#a5 zA~7(cYGc0g$C-eMfArN)IAn%#ffT>K5~36C@Vm2wAcLeW5|t7 zsbb&980Qo@sH4PP72e|$3H|VuK;>8e*?ks!OnTXB<&hx#-|4xB?m1#9B*IIpN1fYg ziD%;u@&s=Qb^J;+;wLwWsZ_(u5}U+T_@2KQ2o~D!-1{PSJWXoxXu))r(ce#nVnup4 zVioMV-W*z;{w|{@`8m$I1WUa3$O(=sqh-e>;&w^XM!(xuf7IQ;m_z!}LeQ^k^sCndV*xwURI^lYN zd6CqGE3U`2@U}+Vx*H>R#^w`KNZQxqCEq5;huzor;2FdRx(d3dNvRa)mdzb|h(DWi z%*P7o!7GfHapmr^yXEy)(Cek+_s;@1Opi$3&u-HIzK*Ao^t9nbY^WS4&nW7cok2NE zPrN9}_shJTa_D_i*Q4|<$zTaH{_`Ko6UzdUZs~<N@vuQ6mUetA!<4VZu3O@_26u>^3 zA;E(k-?WY)?b;fPAx`V+Umo%u#K#gwb-$3gr+Lx*T6iAefpP<;S?cch)zrVDB*7e> z)c=$V*3JO_2I*6=r{yN>9&X=I@DRzwU(69CcY-Ol7pdP9uW_2*j}mwO-hcT+pRP_gf8W*pMy!Bc7w*5WV7EucTim9d+(!Ia*k4~1(8qwC z2*3x(w0O2PCO*JLLNuvbMJdbTvKbhV#UX7Bl|yql>;&z;m4m*^8HuQMN&gl`Ch?Nw zwBhDT#fA5|+mDUif5e||m?IG6ZXNr5L=RBb`G8{R%4b@0#=99{_x#Vde`bsSjU}bT z<2t!1+p7DfQ8LchYov4Sk%}RO7itb-rcZdmHS`|yY#jr|^#o7b?ZzwTKlNElykBTg zBVpG?>idh)TMpR}GeNhdW>9HxjSsDj?c439#FYJ6_pYQGx%Hf$y?CwhXPh*y>y`vXmy7SgFnON+LA)Z#UXi1IA z*-_XbNxBNSON)z^gB;CfMSxwhhhi|*Ex{$cp&qXn+*ogycX8p7tI#A?s9DkLB?`*{ z_VLy`UIf=5@#pYZd!1H-3SC=}cIEP(y=K;aL^Wu!y$uo7ELDcR&AIKZqGWN%zj%KF zx_Ez-D}5<2?;?-gcg>umd&j?G@W)+`xTCKtT#u6`nXj!6MKi?cCs>MVU82V`0sfv= zP?BU6_j998s^B5K=;@7E8N05czU26>53&w%yrfuH?k2Pq^vg)qA4%vyfmS6y9iY~^ z@Uv?ae>+DQ^rDAky!ziOp4;A^A^1@ zCi%Gvz~H69j1$v>f$X=<^LdBraw1{q;&wf&wDZ@NSAuV5)_G+DylMP3*EgZTYK+C%gQrf0!{?-s7UTAiL4C_MD7k1I2^? zM*emc9(Ti~vfI-EC)Vbu%axZv>@|_WdCJepn^7Ys5?WEHcu!jK&fJQ`gR99sh7aOR zarI^Cv5%77aF6!izgFjWCTwn#2iR8wGwqYlZ$H~(rn;}VCjje|m_MdCcPS^yTfgCok`6`4r6jnTD#0r2bj@?N}`OZNtkt zoBHVkECoG3#j4ucLZ${iHDdlo$@1OZQ`2IC2 zEX&4# z?qXYNba`KlLfY)|{Myt_bx`;X&&lEEFsZ^O^S#?TZ`iSIpc8CSwlGYWH90dm@BISi zlr&8rUO-ON9kP;JfAZ%7`*=xhZHYNtqsU~K*xtIVCl|wgi}@>+gVbmBI@C*4a%-~7 z3XF`9esHPl8SQb?%O@B!IB~{3;VHhdH?jvdkLq@rKrZ#%1F{d)?wB0x0az~lcVHgt z1Q66Xd49gq@o;m15qj!!d$xCx=!eZd5XS8M2bn&QJdXED`3vu%i8tv`#-tBSwAvW+ z6s*P1Hv|-%b59L#r_3LJlm18ex3^$%_6LBRD}+86`mThCvNhISYLhq(h{kOqxpqfT z>|N+zES5l(+818SaE83_9=2qgT#l6~hB>Fk6ksO}E(V+IqCMLF=8a{Lw^sSCsGo#9 z(HYGk(~t9Bv7hG$*U7B+(-YW2Zyhvfpl6ruQ6O})Wy5Ef++MmRoF3l}Y&qHS{w`-8 zyU>-;eFtYqrFS-2KkUUPASZ*H_loyC`KQ2J=n2}aCA_cd{o2@Xy2-S%XIg#N$&=LK zx{W46+hml720H642Q5B{bRbw)zO=o8(Op~e2A76dJu;m!ADiE9q13kBO=dZJXTd#sks1_M zBJoOjP{~6Ef{6b9Gqn(n+*;A>H9T9i`E|Uh`zw1yy_umd2zo#S{1ZUlPkxwQ;FK>`{SM%I-L;NL#aJ2bZgbW zyy@STTYAu>p0ZLfO=cRh%VOAq4+@vW?gLOZiRZUFtdnC7bkL@c&1W&=P7X|360u*7 zme`;a1DP|{O&v}}MTh=ETY*#igm=ExDdQoG1MY?Phv5c4bXX{U6M8HL!6DgRD^%yNMah0Nrs)jr`9!j*P8in0<^|j2 zUyVx1gK|}*VJYur zdjR{Rqk~{O?8k^YZwe+E8W|VW!M1-o{rTRz^T%=Zmb+IhaRm|-a6vr!VkvF&J(@j| zI@0ETFvX(WrYeYZ6y8NHPip-}e6XL|mTfR3$_@~MQP)MP?azIIY|Ue16lnQl+?yI} zu)Lw@zhyr8F~?(){$RJ9lIJfNkf6G@K`-W~Dsg@lpctDs`@oW%Gvmsufe z+oyIk)|A&gYiQR8S@tNv2QZBaV3JQ5Adn7t`HYjzfFA^8{79SY!3h?4Ic((qnqMK+ z>^~6u2cfKOC+#`yrD-plGA}Z^y&LW4E7oxY0-|Zogw)L{@W1bjwYC6S zeVJGKyq;6C?L|mYg|`hd9sQ>acY&g{#E!``{1!9433RGFpN3K?`LIQ!W`+v}iy2Hpa~Zn{5f03z+=C8H%evhNO) zHhtIR38t%sdyE)eS}ir5-c~!c$~tR>vH?8cq!Ka#9ShvGnG-wT+ENE6F~c95eo7RN zPOyO#ItVnRBcU=^R-PLp1&Yyr{_~+nP~OV5`nutp#X_J}FH?s;f)s7YH^1mqaRYF-)H+iw(CDC;?s%)&|HjMRHxTne%rou`B^cWtXa(>e&vxIyS&q%y0sK+{>loHY zw!~>KG)SuMUb0OU`Ul6*a;-&9j{;VS?6r!uO@9KaVU=1X(BYpZ<~_AIoHL1&T$2w= zq|8I%yGp09)E}LYS$+Kx4KgGV5>pu0&80q*R+%%qy+1~-8H+L&B$O;7P z_uSfG!TQh0*D%rjNp@YZ!d|FDDo${o5NYqHDy!iR81rbF4H=Bp#vJwd94TeiI)H2viF6g@@U zk_&<`LF)~pG5B#wn+Y73aNc#0!Otv=uw2Eg!EA6(s)i+>wDpsxY1Oiewge;g2|7fA zIzRJ~vC$VsW5V_~FAD5fO2&4~!2%y#Q$M!1umvBKPh*+U%p1XW`CFVqP~#XtmBnNz zJ09?U&8c7u)T__xnS>^ZmHSiM2>^C6JHj3hy_wF^q8VOfR>K&ntZ4`3ys6rxw4a;z zkE&0{w@uo zwmR2YZB{KY0?#{y?@v-XBl8Ij?cJo3+pe zz$rG8J^zFy%y_U^h@d$Zc4;TMHt*1g26cx`RjHrC$-cHE(!PqNHTWU_-xqsuc&O=^ z4ER0?>%uo|ld#4JlaJS-$@`!GjbC*a=~X|e4G7eWe(}Ayln>_?7`&<$4-pbMKIcoa z=vfb%8ay}%S)vC?VeT?4cOrXesH$BJJI&{J|5eCU8Qlq~UR3DO?n!$UD}}qsxK-CB z&u4wd7;u|M19vFXcgP|7y5Dy=^UU;m09n)E@6CWDqJBZmpF;(z{VnkH=Pi3FcP-ZE z{mTto@&xAXGpn1eKbq5NtnX@k5Mr()S#F>CIINz=C;xdX>s8<{@(8YS)Z^LaWGf#8 z1}MJRuqn;|?k@&`_?Epl8Njz`x?3e-M-{DnCEQT+s*3r!QTUEEqpWd;s(Hx%SHE|) z?->SJL$hyuP_*dWWB$rs+EKHJQ)Lo$MStHQUPr3!?4grFt&vwqCe7_z;I797vfPmUh~F33oqp(pD-y3)jz1`5*`_+BNw>cxsQ=9H zQ;iZCe9bGo%w6*2O&ugcbA500iB3az-nz(e9w;(FN~GSy)h~IHop==y^sowucx~wP zD{rMRqZUQ~AY=P&Ifw%X^yLK0KpIu)9dYBoVdAr-DJX42JhYDB8W7@KRwlD`;UKnG zt*4T>Ps)83EeLrmeeH$Yvku>f73&w$Hqshkk8?V5Q?>nWy8kd8^m8wo&i=NZU3G__ zq?&ss1M0WoPnW5ms7x8Yjx-q7;(2iXShj)p;EzcQ47J;2=u+N4WLD|m*ppIS zXZ!en<)@2vax)BuW0Jec+p;*V=W#MPb-Qz%I2cMJPxU@;pWYA1r^)p-z5*=m4Tt;t zkk`*N`Oq5se5zhUR)Uwa1GD_%XcirgudBTcV?AC>U)LLTB=x8pjb2-uu@C6mT+gBQ zc2mZ(a}Nx-?I@#Z>nn&<;!Ix)y8v0g!LVqp{l1sJ1sFfHX;9p542rxv6ZYp2Geei4 z7`-}=ySS?7bM)v;96Y6^`~Jtlul^6r8nxX!v$Y5R(?!^oWL${4aQ^3O|AA`B#2Xjy zW%<7okynsOew!_(J{8BUym>l7;4QE9-?Y&7?iO1I^?d8)@UH{At!*rJQ3a~X=TT86 z1k-fEzKV4a5i#yE>Eb=Uj}c$6OqdZk#q;XPw>PTY>}rk-z?d&;y|@aCUM$OdX4>HX!uIgr z&Mz%lzIKA#thZN!sKLm7+3k>dF?YPY3^;{5=9^SqFQ;!`Ae!5J#sb5ckNVzE0l3{7dcClXOP1D=% z9lJ{lS$_77(zyjiiW*xteUnUwYc%dDKaTmflAyR94D#Im(E^Kk?)N*U`%9o3K_~D> zbyE9ywuk-udqMBrktZg@E>C4>-Sdjs9R6^i3hauh&ru#AiUyBrX>(;sk80eLb$!4r zEpj?~eejjbL)~rdwA3;0yWjrosVvh(Ljz-;C9YMsR-mkIt+b9l2Kwr1w+d@(c*O?y zTQ@UqZQi_!FG0$eFhh_Jf~Q2)TDP8yoQd$3{iRkgNtiv5mU!k6%^Nn!mN&Cf)B$># zp)IykA2BpzU$#1|{1s^`+Z9lOBuNiwWEB-z?GL6!3avfv8HoJYoeTHy4zciu7>GQo zKimL3%`BFE(5dhAXoS8Wl{8XPa>)drihGwLeO7pOa2Xb&J1s6gu3eq%FVL*=l}F5n zf44IxDK+`Hyttydgx)2aZmfjmW?C|zk|i)DIbBLzQKu80ww?;tSK;dv=r~>DJ`2Af zu_r~ibFQnZKBaI2VjOe|VN4)ll~yKVLvE0x4YDUTk`GFr1?Kup+MZhdYH|wDb0eOm zKOI|nF?GW}zQvI#_ zhEyHug{ML~k*C~BQ;L;7V%ono(ltiFa37CTi$i~+m3Vj4esqX z{M)Z(ujcjF)XT4x6{+=Ydp-F$q0mlkgg*^EAriXoeYat3`BvV)cTlPOC_2-s7HmZe zc+N+0$0tppna{@;XD_yx#YX!%jTJp``!w?-+&!Lgr(1S66)Rk$rnT_WvsWnRhJ&kt zWc8-ddegc26LT{6?w86g_z00)0*>z@z6Y&*E@_ zY>v*K&@ybi8L#;hGMOp1irzF92t!g-5?UNRQc1o7s7pCMTNBDZ4+bIxkVj}h5IdpW8C8au!fJ>vaaP2IF9YkOg1Vn+@R^BMN&7=z6^X{P6ykxFL3JKeq-k=-EY3oT8!N!wbwppDMa~2=pP4bc{qkg5w8^Q9QBa)bK!F=%r8f zCn%N~L*v-;I8h$sSm67hlBe`)}qb)KN3uShxlQiq| z8@3e5QGmh3swXJf#W@O@KY}}^kmtcd`#{n!bxSttB`k4k!BMDIj6#5-NO~keye!LM zA=hPdoxNr#1b9zDNn7adcx!;I7BP1ypSr#8P~LTyO9vK~64?uiR7?Zvmldb$EPClnW&lb%taI&+PnYi~kmG!mGqrBpxM9vV=Er0mLa6 z@g>~EqZSukCV2>TA2z3%1|=xt+1Vv}E-p%C>MzG`)y zx#xioz`EZQWwUq^BVUD=p;5t8K?Iohu;H-m;R02Mqr&5YB$<(7QQ2#V-Mr@JaOM}t z7u>z;7ZD6L&OcW114 zkzEvE)7PSx|C4MU3gg|VIyL_&_Wjnk7&HqUg{}n}Bl@XjBD-{DAi>mlcp%z!C^A&3 z!}guawCyN5T2bwQ)hydqSStS{z@Y0%JA3|%{N$D{t6eW{}6)^%S* zR-4gKgzo4HLfN4sj2XM~bF>us&|)`4U%;>%%pAM{vE6ku*WT$YVyFaP-Q0>J=TFSJadGumEp3?0KNWyUUNB49ga@jv{oK z#2c;Xi`QTw#-PUi^VxgAz1`kEz793JO1*9TyxU_X5aKV}CF~KCg9+@_4%^U-V4E@m z{Qx9uEH36a<2II~B<7}Co$}WmzIcqwWy3)tW=9JS$)`#8@s?7F4-HBW`ewh_z4Y5b zPmj`aD_E|ucFfkQs7BS&EA4+$5j+j7@j2F_yO5% zmKb>ib;L`!U6KOEBZdu{@=b@&1-*^ul2#?aq>_0?z8^)Z9Hhm>0Ir~5txM6=tKh;8#2%|q?3qJ%48~nVE@o!p+ z3X=b!b6^4wR_`2EDX7rrJUsE-2)X?U5MBpXE%r?N^#$B+BD;AwC)JCrpsCgqFLt5j zz0TE>Bfl;AyKB~l4E)#&2>9VIWCrT3nk7DbF%<9ilCns6wRo+FsL6SH-p$`lL*=re zcAjv|@B%S5SQ<$;V0!&9o>=@Nw6a1~@borDMP~o=1Dw5zestw=9_KqX{*%D;Q(YbX0VUm=%~e~FBbRT1qg*t5Kd+ul>$wWvu;8YHyEt z^Lwmvug?3}Ec5e6NXLTNvj2&H8u(P1wU|n&m6Ki}kEq9$nRcJNXXycZ71hRU7@gqt$M|`>$^JbyyI-au%{v4ToayagGO*d%d_1iIl)N71c>@(`5A zZ6orU2eI5MZ-0ks%}t<~9dGB3I{RUEp=^|vO|L4f8X@MTJJ4YsYwK6UE#hJYh?%tf zb?Lw-Y?sOIja+jeoh@_7ezLb$32NitXaJZEKs^`9wr7UDv*{3M%ibKCD41L|OAW!1 z`M9BMCl=Z48SnCz^-(6&5`EJn;~ej+qi3(Pj$5%Bzx||!;-bU%T8O(#-Ya>D(;W|f z!Gvdj|DFyieskA;q0{rIiOp*Oaz;obW52nKnhWY0Z3PN=2PL0 zsbI8Fa{~tuGuB|Jymowrc*IL%*^$pneHm7NePQtEJg?bnlEN}fd{tyfOD7ribfk}X z5gx|amWmRf=#hA_#<~bW#yLFQ)?{=T@Wg~`%aKO5o_xRvGB#Oab1efC_CG0=qSbAq z%3Puf<=7}l^b(A}j~xMDg0)WWBFOD8n3m?gKBRqyMX-Qvp#0_Tu)5~LXF+wavI6#{ zbf*>F#<7h94$na|dsDNt?!5p4&)R-(gwQ6L-+wL4jk%xL86-wo^!tK$YiTN%zB+%Z+_PmmYYhx_%LR^Rr=Q!^KZB0}hRLOEVa}0WzlK`i zx`uU^&t-(2%eWSPW(z8|Kvp<66>gz;P5lH;KJ~1u?`hDx6gnZI1>=1f`K)<4Qmp_7 zm$|*ePJeS~{Tph4+G;YTrd8}}Pg=$9|6XaDdoC|-?;V(8exlUyLCfbor+V|!w=+Yh z44QrDL*^4J69KD?=pYYtpPctT)a6CAtJmt0c%Zx$f42OtU>q@AwP1R}KtimeZ+e^b zioX|xKZLg6y!uMCv{AKxJ9`z^0+YbCz-minP+pb z9$eusxJUC17%UNMKF@_m290gKzl!&M%K3N(PvZDL1&2RQ;++CoJxBRwr>nQCKLlv2 zbKFCR3|J9rSfGHgnUtccNCcac>^VLsQex@Tu|cX&wc>hHwvxB?+36)tu-l?v8DW0`JfjbzA9eK8 z-W;65Y0aeh1HTsbABu<9K|gt!qD;RYDz-W_4fi#o&FHH!e+?JnLb9s%tX!Ldgm8`* zh{;)WbTKuy!90lV5=DtFiBQ=~=t<_bX_G1`G!XS901G9SlR+?ih~Gq8~*2Z5|djE<_0%Ciwz9 zkJHbtwLRNiG&+|8orzLih0FXD1$TiF2&v@PLh5r|w96poSIOL5nI4qKr9%13Xf{{f-tV}6D7P8e*q zlphnZ=&4)d-4#Sbugwyfb60>yXGDwgPBdC$@pV3E=DRDc=ye!`b*MLkj*t4YzL4O;`EkxytTHrF-Cs z9l!^mf|tlzi?g6L`mGaFkQm=yCXK5_JlVKrFV?L+Zli> ziqx>QmjVd($0JpvRB)@eIf~w7hI#*;6e$hY1(ZTQ*rBVNUT%U{bfpI`4DnWwfRQz#wHfKJFU^13@h8zy<>%<%5Z%=58chq$v$4AXuBHrdBN zxA(-09bxL^sFI?CUxcoD6ybtCl=ns7oSPg|^mYHoGgUAbraEAQSvpAFx34$#|9)8; z)XW8Ih5XrGTu<0j^kQ~>86pR?Nk%t3E)oN6XtZ)O3KRci-9IfxAKf*r_==IG@7znB zmvzRV;IJa8hF>4zTou&)Jwi6f7|uEJ6f0R?tEJZs}~#a0DL2&x!E)<9vc# zDEIOFaM;79Xy&!H{ui@%t^z=-rxB|74Hz7&aonJlmzF> zU5sV1J?l89Mmm0rb+a{`>Et(?B=T4<{S#t{qPD4#HM;3N5sOR)^g>MTnt&cQtuMK( zHD((^BSzSn1|T5y`ZAdS!IcB|%wwn!`YH6=P#i>{_1xLM)7$aQjtdsA>B_VAA)wdv zoMfcf&iM|jmfR^=ycv!^dPr1p+jXmnxE$HM64}}U>~V}9B*MlVgj>_Y!DNP~%6%N; z#WCB~66({W*gIDjo^vfu-MKKO6nVorfcQgCkaw$z7Yv%7f$eUYrr`8rzvB z;Zxvp68}Cm1VA$73#Z3`NEuv^`2sP{dS_z$T)ps4Jf)j1wWzMPoAZVCKF~ZXwAvfd ziYDvgBB)xY%yyT}SP?u%N|2MgGZe=*T}lVZKYDVBSCa9mC2${qpZuLK_@Safj_ zm_Hzs7HedM`Ih%H2cby|mkAv)ml3e3rM_)dKiE%i`FRY0oUR{+S(cvmG+|p3kbOT^ zfTt|ZB3E>Sa9gOKw8!YATcCg@fE#_gdrz{tJOtSd5hKSpW4OrH&4}dPe?5?sWPNdr zVaQhjM$Zp$ z7gR&^Nb`!QdalSV$6Ol({%i@TJwC~%&3w=GkLmJ2Q?POH z?!EesnxpgTqd2~T_Q^l)Cyk=NRIo8z+dKDpFaRTJdM?Wzju0{jA2*`bSFnlP>d1?G z>{$HrxEk;Ys{5?g?gIsK9KtntVEVH{?7M!{^`?ICPfGtscbb zB#vL+dV;YyQoxv74x=6a--W<&hBMsU{IewO;1x76X^R~o-Z1wNDKNwNgSN1u0@R}< zw$3Pk&w)i8gyVP$!1!u%Qd}mWU}+D-O_basiK^Z?K7@(gHDsYxsWmxH+49ZsJ~Ii zUCh=BbGU6p?N5SxKYyD!Rni(G$q!-D*AhpBA)|2 zjWIdjehln^|AuQ6WSsZ}Qr_5c#}0@(Fxxr%YQcYa&(RKMe3ytBjLQTTm>GYQAIKhx zPI$h=l>wMeTfXIkDN!`iUiKwsfC>(u$?jS!?TH0X$Cg-uzLER$mG~TDgRZw{A1YCQ zRsg1BmkkL~4zUO@;d-Au;P=ovY=xqC_r4O~Bu{Tr(nzfjb^!fhr>|#vi9QL)@OC!thMP3}V1h zi!;lUTunn`xEZc?D|{i=ny`NG_UL?cQ4#C6##OeX6`Q}hbMBWYMOIVq6iZ~8eHg3B zaPBAaI_QcWT+Z{*?{^(sfc;n9^Q7MP{5)rIV;j4(x_%o*RM$zw|Hcj%Vi;n5y z^Wm_o{Wzh5b{~Xd$##&1^w#nNb2c&2j5;kJa7aJCz4 zDVH+IrS3gj&N+rq$IRBP{pWpTduN1;t+*o_!I*X7Vwa|)PO-EUiE1oAMRx2W9=Ak* zSqK(@A@mOf&=GYE&Q9({_T94u;J7rs@ChDu7=GY#IY$=x2Ru#QHGTl_{dGo{#pzROf+{BqDI@JWgbFH|;o*ZN!`1UsO9h024)C@;gf z8Mbg_=*!N5peyEoxYYq_V;s?Eu>3ra<9OWEjF71)}@#k-@vD+boW1@+)P;;E~c% zpy1u_=L${XnV>AjD~_T>PbFfJ{Lt*ngmNrSb<}uEI}vvKlM_s4)j%IHdzo<+GC#!; z{}&dfTj6uZsp|ciK5sTZ^rghR=pBtudA|DPO?ly!B28bPx154mwdvetw-QfF(>G?A z>q*b?AKsKJUY^&XiIhDxbP+5F1HhVe=q}-_WTqxbeXrzVm*5XI8QhK zmU-(VfYV6!-%e6Jvv(7&}On)8ja!?xB zPg|DhyDYxi8V^0cyHe+|pD&Wi_#M>f(w+^ihb(sN=bLNJUt`NfC$yxO!Cr%-{e$)q zH(u?p15|_LH?vuFzVI=S-TcMI%rSxr+h@~=`D7VVfvcx~+=A6WZd_)3ykYZG}D1KT0Nvy>ai~p(W+vAyh|NkA|B8N(n$Q)uJRLXHo zB&V`cNDeEM%3;pTVWX2IXHpp}ks=f#$BDF2OoSY_Y|O}M!^}?K`}6zn_t+lyc3=0s z`?TwNKA*3{{kj)pYchcVpi^7Zq3wpj?rUV~rMKJ|az<&fv=C5eJ60IGXQ@w42(fpo zcet~+s1>xGm6Asru}F} ze}|XA1bf!3as(C0h#cN7Q)D{5;w3;B{?C>kL=IZf=*zT3vX2I@r_=r{3K+Bq!{Ibx zkOHHX?W-;@CMVeOS;An!@ntN`2x>!w3-ceptHla~50ORV^q-CXe;7yY&N zQp+Y0FziIuSQJ2Yb!`%l{a&MI-fSQtaT9)%OZK)(Gmgi3V47nZlh zrNFhveC{gam=XjVUXqg(^j`oqpK)#$u1CnC4juZljA@8>&IZRvg2fPUowEaSpOPyIT z+2a09kFp#F%^V=h2@Z@-e;{!@YjiEKS;AP&HFRLJ*g#SfTZD%4bRa|R%nL-Ie31n> zd4p&o#XU(#6`zSp8AsswBIT)YYq{u7dZ9LUN^DJ89k&Pa1Otl&u+vX}KhK<+%8krN zD^q)izsPUfcJ?lP5!(hXnKeoTpxQi>2>msZFqn8`>hoxotqaPf{yS)tcRk(4sU)$W z;eX(d)8hE3m?9lmBIwJz=Bh`2aI6S<#Eq;@C~zSwYQ_1HWwxlnJ!{C?Gwr7qDCZ7` zG4h=Ra!B!UbZshxz27Wz?ggsA3bi8cVs)ACl7UiZnD_DQ8ESn@e`+3;Ylqvz)_Nh! zv*Fk!yoE1(1at^Bk6YD%UNF?af$`;7>ypGzn5?&If`)9G*(nC0M#M!hR5l1EzRrPd zxTfzNj4bwrGn4b+`OI4iVT`od=hwfYwKnMN_h&65KzWej^yFc*U5R^U>J*Dw1qe-7}3EYzfYN>)EK|jH)47iJc_Mv$?@A2}kXYEtenf%to$CDgW4P7=f1Zs;`2 z0v*`4RD4NWm-BtcV4kL?;-GxfFh=uVqqG^Wi`B;)bXn-rVxnoU;=xUdr@E6 z`E5XzRa30&6K)(+huVzmW#>b36Afu+80SkQFibV1Ha&12;xOYlpUPBYgPUEbiS~TQ z(cQ%5?AR<`KCpsBTBIswKLaC?+LK@=r@DU!ExhTX>d4=d#iaP=zy`9YpYv($EJ`=XNYjiMhm_%?=f|I$E9f z-il1EE-NuJ%*)E9hxuwlwP=PbfjPCgOhZ;Z!K9b{kZH<3W|qbDHfJl(HAgXg_R)YT zyw3NwTm#T&RBy}ErETSua%5ROgd#@_$NN%_6){6Dof|m=Mr+e<4sbMWN;rN>uhA2t z)bV^Kf6{JeN>OuFds3O0mzSDH55oo9w6Rnd0?+@}Wc?ycIwsK730dheHVKrE1OX6{ zvZ1DOLaDp}K28$JNUp<0LNnW5aR(T+fA|j}EIL7Xk%|3qY7%-`uYU`ckjyiRO$!wO zFP8|JvaQ zAEXhr7oO(d=dQ{=g43X}TGe2x=XaE5#1mb~St4MfHtj1>7;FfhLqBHa5?v=0s7(QA z==@1S?a*W|yR#Qz_MO3K!|S$N4%a---?XtfLvGNMeG+xsBO8{_nP|`>fcr>>gEa>a z(1&YGkAwjmP`U{%^*J+hY3t4L4eJirsKs&yD?O1hwF~Jmw@M&f?n9<*eg85D9h;`= zm&5PH5GWdlCzPo&b6+mB&L$6vE=w`ec2HS^ABYt*+k?TXphmH$ax{Yxyu{Y!po|ji zz>lB26KJJ>F=h2vKfnor_;|KN<7Ck07Bn-8aCtk1j1_h9wcUCHVC#KCq#xL~CXAu& z%6B3sJmelAQ*V}W_k=M_UHNEX9E<>fCL~8i0$_{XHvD^fVKXoSLda#tX%zxkiQXrR zo4kcBo1Ww48CrEbh%}M`uA9LD9F{83x6w_+Ts>wqOx1x=tiwiZ*Q*^oK&o33T6>?HzJ58-ii+%@|z8wYi_J1{5C|Mpv%!(UfGpJel55S){nQ0Xt%bynAz>E z7$s#Hhid#BpYX;KraI`KJX`{X9bHO~u|V34m)yaE_OL6GTsmCtcmSzE36#Z_IC+3&<{sLWIwFd9AM;E%zn*_Tf!M{xQ5Wyp%Gv{Xo0I3#zg93bu*;aWSy=VDJTcJN8izeq;+XTuqqO!{@foqV6 z{a_EwEC;mCncAvethsDjk}Z+H{DAUZMk6UxxmW|+03+<~L-92FoKY@VkYgL`f!#u^ z1{Mha?W2F3&IMm?ocxqAACur?-6~US+%%b%5#QQ=H>Y{pz^iQN4!oKeG$sOGB|Yp! z2&0E%V}~n*;9W)$3eC>CA^%r?0mE|dwpB-m-RTTx7Hpg1ZKsS zXImWGf-}yY6#T&V0g?YC(tHM=oB+v z2K6&_XPtRlj%uGz0kgTLDAjvy`1HqHwiW^B7cydYvBh7=E@vm%AR27H+qISovLO$K z(5C8r&YS?(1uVatn7(BzP-n}(fbGatoHd^cgdFMnv3lh^Fqpl04RNcI9%ry*vocT- z{~W`+jyFtl=y0w{rz5!cvvIrVdG0C#e%w<8I2vcSyDEGiCSr3UvsZ zvinVaqlH%wY`c)DuqE5(bIEy#46J$rV1d^E4Qv?&1IE4ny{HbrX@(HZ7Kn#2dU%#= zm+xLj2%+WH^Z*O-h5V5)ampjMeOoxNFjY(?gYq~QI;b9^iy!!0{lt(}6) zWc-LOhKu@UD9pdt=@s-VD|BcXG$Bc~&F4I)I#Wy?fj>9xpM7{4ti;r8AkQR|GP9%x zHCRgkS#Lo1fz@cwWtUU#s;{y^p@YK}f*Tj9c|fZ|dGT=#U{l#9 zunEZoyXFP7nw%!>@QU+_JOk*1L;`!DULy22J_O)4cHWi{n|~BwATD|ce#XjvrxlVw zKG)vXAo2YnpIuy~^V$SBE4_SNy(UqeD7R+eLA9i!43;IF7gDxFk^9?uYMFAA(H1E& z;z-RqB$OnBnp0-k$?KN_eyB{_g4#}k@4%O^R+v)^lsCk{`AWDt+x&hQx ze2a6#E15SK-X01K169{wCW6PNlSHs?fsLT~-|ty7$2umBYF*l!Bv$88vv!>%VGQlb zQVL-6k-V;YR{Trp2DzEy%azsPIGL^g)>O%&owe2vryoVlL*9lpPFko#W8QS3rFy1C z+3YO(>fuywzvDx=G*^d=n0P&@4i_o;;`aAnEJ>LE$SWG%1zVeOYAak0h-vTY?ldFm z1G$;h$P+*kk4mAj2uN&zKeIdWY+LNXZNR2-AyYcXNuc-m#3x%u(%j+A`7LI!5Wid~ zQHt($sXfU>6fh|~)BEX|wySh3kHJi+y?T#{U#=p=T~uu%<`Sh%kt$Ge?w%nqRB0F*nU)I%9U1m)7F&Atd>o}| zsDfuoQ+sU*{4a{8Y|U{HR(&R<5!&0d!0B)=Jm>)olnmZulrE$7L@{)>{j!Z51PimW z+hV03dTp|%J%l}%5OIEE_sV^McY^KBsW+&JPMkbQc7yE#?&W@Vh0hM)Ch>9dg=PwB zyAx9FTH__w&g2MElM^7QgH3lxE{}K0lblQJn&IbEEhi=${ClhLB=}&amOx`!W9KV@ z0%na>K1AIn{|9>n7ASuJbJwx5-7+;d5SWx9hf5l zeuZ`?EBgt%24|yE?*?$H9l(~39cP>2#u_tANfMu(3oF`LF0Una9ukTcELMvLC!1qu zEN(Q`nv4FcV#zLUji@g~>b@>yZInwvkA#(oVgb1Q)GY#UK1Gi8a&`ky%HHA$QxQqs zZvP6Q_Oe*UJ0XBGIGc83CY_sC2+M4u(*4^LpD;uOQelh@M*$Qmb*CxJTMO}8#iJK~ zl*Pk8gp5(Br#D6qclJgSqGu7=FoskgNhXJNab%bie0{SRVG&YSD!JX2Z`LWK- z?lePXN@6&>hD&{rs4*0?<<1w9 zP9p~__x2F~NY*v*nnjK*lC||(i1X}5``QDMxD}owArF_u@2ox3!IW&r3HC9l!dwyU z0r^^YMmKDMKlIQ;Q*ej5ZCzq9>T!@kZD)4SgfNg;m0DA)?27E=zWP?z`Slb?OawZ+ zEr#K}2Pu<8I;_A@k&sP~rCl9C5w{nJ82-lbKN6C6F1D>&d6Jb5T5bP(zj-S^ zi0hcdv-*!+Ef9iA>u&pJV-sCLa!@&TN0VOSLBLx85-G7UPtA4_ANsp9>yeFH0eynr z%UFb-;Sc7uU;|eoFcJwBT^u0U2iod^uSzko<{u#cozvxYJ76hB_`gqYV`q@7AFKu< zRkU&CDyaa;tEBd#dsz`GR!72CSvNhCAb(BITb*zGU-u=J!Cz7qA2{GGDhh`=txdj! z7xFcItddl|+-PowgD)CVB@#hljggEY8BxK~9D!(%#BT@Dv(bC7l!gvjOya{} z8ty+AlHMG2Aqd|3O`1`V{`3m<#Hh3a5U{`~KGP>y03S?Lty*F2k(d zG7<23>>4MHhxW?r@QkS$`J6{o$pC?0YxRCca1&K2AmLW4)~Xtl7~|aGI8X#Mo!Iyu zSrdDfe+S$kiEN~OB*-m42(c*vSWwRl3aDpQ=SGRu)&-3uerCkQGJ*c@-AIkpl;IgQ zqSj{jra02@j$9ncnYgr5L7JBZI5+@D0FNEkELFYJbpCOC#k5Vw`3au}F9NnVGP%L) z?Y9Iv@x`9ylr3qb{vF~V!WQM6iEW4^L^`4sc}CQBDt93KDK~GZ{ls^|cO&jl? z2jRce?mu*L(x^ZLO+Uo^5<4OF&ntt@Ib2w4Z56x3rm|oJ!`_JMR0#6WT%3)sHJc~T zP>*lZcSvo^IFF@BvJcM1)xq;w24zNCjPBLr*|C>^LDKg0m?6;(FpAlKkw+NHLs(*X z8YClFPNh)$EZ@u^2cNT?O&KaXs)#Q?^BR`vEMd2!Qb-W(-TE0$&vqbDf({OGbnw`A zn-U7Kfslp&al9<6X(mo%h_#bGSU(2edd~T=lFT2{+u6;rbNJH@!Mo|Kv8s==3RB&W zTIh54&pe*=|Mu16%aHEbq9J5gLG4FbUi`C1(AC*nzBZT5hZk_8_jh(?)h2LMC2mSO z2PutK%^pB_yvwHEfSh>B*V~pNMubCG|0>+5FmU;F;G3H{+$Q2j*F$sNj!@}NmKYgf zw^J=}*5dBbF5@JlBU(epc#+oTSeZ`Tlc)n4Nhte;i^*K9$eNM+fr+qnx6iKSg6M|H z1609c!F<$&8alBexAuV*LaZY(b%x*SVV-cJ!qWs=TB}ErW|O8$!%!YnU$R8Ye!iiD z;A=7$BA+ZcDg?bzpj0c}=^;k`XwA88ign@#p6~oUUSZU##4X34GQrz6r z4=vYcgXRuJ?)U^`u4Xnk4pX!SQ<*RJrPx*K^?4zvLwuB`)l*VeiH+Z158 z(w&0cbnle)7dVc^`;n;u!yq?C;q_80S<3g>WPZm11}@J1A$$7Qa`k+;nsWAlL)Fk^ zfnQ<*I+@E%L}cZ{LtR+Z}TR=#Ejq)uE1NNkp-+V)-nb$lCDed+t?MsrNyN z10Re|luc6BbTZq3GPNhJC$<_3!NfCCg||hQt{_=Y_?t+o!1@ZDm6TB2T5TJI*+FHS1e0{R$+|IjTaly*J9^loEZQqQ2Q7 z>iXc5a*k1NoYjoa=YVjEU;V{0aE{a2((&M^qx)cU^|tOX;|Wk!l-veOZai!MLyg7& zU-=AKD(8S!>zfyqs4A0^reDRQA)@re#0%!FTB`lucRmo_x{VpzHJ++Pgf9O1txCVz zd^f4yr!npn$YWp7KF8K$&x$iv9_L*NPz#hO&QHJh@Xt(eyqf=}-R0@txNij!Vj3@Q z8z_z|5w+tV9aM7G{^xzpkA6j0^@n|nycstQ5^{UxcA9rnon>A4+@pDi&u1+{ZyUX; z3C`GCefllg)@R&Y^BUs(*VLA}^o%;I-vuGZ`*tpR#H3vs1)4I>d4d-E3{C@0A1p845h#+ov=67d@rg@x7qBmjC=Lf}OP|ru(4@xuRy1 znQ81umGIrgkG17nL#B`16MHgpOSf_T>q^|I7w7RJGeLof%VX7&4rXrCUWJ1sd0` z*|+w6R`2584(h8JzH-dhASgd*TB-j~Iafx?ET?)n)Ya>4-TP#9DE``+j zANBWI2%_jrnrE2Jj@i|x-S(&xYOL0=&Ji5j)gQu=kW@pBq9}-p?_(M?>6Fo9J9&El8^&_-zx$bnzdyO^WjhE5u zuU%c0|I1~cReCXch2L^J;uUq$eZ0Np!=AcR_lH6qs5@`iSK+S-xBeDy9s3p1)Vj4D zBAOQ5Hn~(%^JFc!zP(T8U1j2_AJ^)Z`r8W!t9mE9l8Rc>F`!lAserSp0>@#x= z*qI&I7fnl~|J?uWp4Yj_L$RuoivmlnTQAPTnj422-$v<$w;@A+^oz?to2NEoNWuN5 zKTF`s9FDp|JezI~v!jj`pX#5e*)RSt?qO|XMu+d1?+K*}zSslFMaARSUZGChP%h#j zQ1F}xi|6IMs`$?g<67mV{-y8nksADwPxt!MlMvCt$LoK*@4`KB4@;&Edw=Dc_@ykJ zQwKhH_M1h&6nr1K&R8!o&GWDGPbpS+Uyn~naOX|u!P_fxsH=`eLEq#6EW)q-4`Se4 z09g`B|2NeOc|WeRoLbP}33l%9@w_|0a%DO!0P{%G&2A_2+l3m}i%QL}$G$SZp76@N zld_8cB(pCYH8^mlbM#CG373_T_o_HASteZw9C0C8v01wl=|#D4He|WT-1v0JHPD^u zFXjGo-{0Qyh!|efKa+PF964##Uy!FW=X4T!Rm0?(Q>iJ6_|X-SjQ^s2y~Bu{Z4w(S zDvOL9GbU%t{b`JV;87LNDFw&l!-|*v&=0JVcR+f}YthT!)%LnKl%I4PL71tQIuNa$ z%)U$w$|gkr3(m5yKOT1Yms(SnuGg8q$n~>EzpiS)3dJ-cgZ|6y^*f@x3R`_z^|nsC zSbzKYm4;Ra6LKSRH!MU>Q>JESqI>}25vQBms~t1p6m9d8X>T_<7wRIjfv^9SXzum+ zs)ux;Yj=y1B}}||RXX2k9LbFB@%u5oc5b{dDZJ-V!XUFJsUslZq6liT19L=%q-J*G ztHge7wREjWh2za)KNYm<4j)f^{`Zm6(~^|UC*f^RbGe*0DP!3E=#=hf?__ZoFMXH_ ztFu>(KGtK#%k6(VRQY+yCZ>7HO3CqUf=?_~z8Vtr|L$1(p%vHZzvV#w7TovcUBqIK zl;2#*@>QI8i3Z;8M*dd(2g+(+5MN2>j;b=%7(;g)OCA6FPv@oI;fmtC`y(x* zfx^tC!H9srzx#TIUYM#xBLtfotiTVB_ZC#|g)$QINAAPYY`D$39 zyWx6oMdHQLWHX=6$P~rD4?l=C7`Ki58GJ(dx%~CWrKz?j3LXIt2dZj!8I&LHmp*Ov zquRyx$~r&A&^1);pcqy5o{r4@B@%cPw7U8vu>Fj_=_i?%>-3F@u~Q?XZib#CE#=<# z#Cu=umxx%`J}rXiGadeD{FQLFY3Jen=%Wy_l_XI-H2CecO=aaOc-K_G{kbQ~HE^dt z-kZ-7CVKAlZbgBJJ+sgJ!>NqvEl3$(rElCM`rWr@4TZb+G>EnjxS%gxQSm~ne$;z; zLGs1fO0bX0N@lFgZIOmJm#8~1%NU^5j_Jr1dGKU%#vn!k*b)fs+g&xpS-hMzuX*Ozh2#yz@S&dWU%|CNUhiC_u>I%7!%eT~?4kFC zPrXl5e=@f!?Rc+u_gtO#JFW!VoaaP+7`(fi9z@gIWpDH%u5uCsSMboNd~f)2Q{jz; z)t?+$*W|;^+C?jddqbd;G>k7n!Yb%#=J-NiVwL6*zX(yE$_a}htvAIDKOl&K#%DH4 zIj@H3cj7eO^82*OO9j`?u79ku+itBo@p9S?T@>nC)IT$EZtQ}G!sQwBgx3nalX~CU zIC%%~+aCo3o@w4k@@8%p8PiJ~P#zQM|FY&|o=bewYOGeRw{H$Uvg-1$eSE`!d*@kg zZBs;2%t~y2{@tsk40=GP>h1Va(cU&%^f4hF+V!GC4}X&^$Kx*M4t&ou^Gh=;{nTQt z))l^ZP!l7+{(Tqz4dQ87Vh`|085wuumy0V-a_%DrpFvH^ekY$P)#-(OB}eM0ls<6P5RKT^IXPyw35DiSPPPCnv!{#hS{VI$c#<6PiEYaM5(3O1m<4=u`)CnT?cG>U$UOe#xfu1VnlOIK0_;PVD?h@va;Dv_5p^E!E zgOPd^bhJN`(lft+Jm|U>wf`ch$#pBa=q-r*|oyn@frk zk?31hGoZQEJJQb2UhW)%9b)V0cYHfQnr#cnoAyY^rTh4r<@AhRfwf$mNDequs9W7L z8+yWRMbq-vgGlLLj$wq7GzmAsDexsPuaG;@WwDZqy3<-$`ggFBSCLxs@3+4T%`-k|Y@ zTm8@GWjFnI9v2W>oTFQ(&7oT!oSYc&JGW&`m6_k8ZNJt*=k8W5YJS$8Ih{HUUkA^c zVIS8UNT!a}AbdswG(WqgSG$EeQgm4Mx_58-|2T_rJ3nw@%ReUZ1N04a|FTmc^DEud zMS?b--+pnh-239&19z7H?9oZ&b&ft^E{o2+a_f!3Pyc(rel^KId9#x7uSWIvP?d=R zs`~lK&|A$}W=pqY9m4bu>&#)=uPnHR9G$o@^x!rxhC~k^KWt$Pz`LIu5UF!?UZJb~tZJ|C+w3z59zX7wVk+-$}L=Co8m~ zF7id(v0r(Q>Amk}CvJ|P%uWj|SRKOHDeO7d6J`Of@0~zl@)ciQKFMCz zZc?@9doJ`T?J552D673VtfAA?f$^OMiB1QobpK=vyOcGN*wY1($zN3;EsHVfW$It~ z-nE}z|NZ!gQzSth9Zf4oS%d@$D@#7|i^w#}xI*_8T`5NSC#=ZaB@VoM<}n=JY5Fe4 z$<62}Np0M4~ru?AKKb`Qw7xJ5mlhHR#i~~)>lN@7cpE2+{@z_1(0j+)) z3v)2T3H0Y57d0!xmtRpoJ#J5M{3jaDKRyud9N~pj*#p3(e)@N4#4H8vSCno@=}2 z4N=3Y=4mJ8t0%>7n;a~v;^#dtzFXUv7iuWlq)S6Vj5 zU<^}mXNeYj_{Y!Nh2r^_IS<=k8lU}4FLo!k72gd$zW7J-<9q2tb?HyXDs^4$KYJIA zoEnQ`UTT643}AVy(lm-1;>sCZ=A~Qj^^ukrs&q|$W3yt$V-rx}t4UnFf&qM0{AE!$ zAJMb`R_WQMxkponTPjyx=kv;1X!W|^dmsAa4oGOkV5+y@X+FlC>}_+KGZvx|D`y&b zsR;pJ`aXA6*4-I9_TdTZukH1u>2Vte%gT;jZ%fFerU^-@A@9!FH zi6e35=hoy)yf^p*{+kI4zq=B$bmB`$IdYmIR?x&26f_UyfGT#CNpLb)`Wz!5@R?O=9T2UvFqL}%HbXn}WF zn*}Xxze#VN%|5%qS?rEoKJxoZTV~nt{WZqhzNT^ z>#e`ZlZ*%Mwc5*nR=!w5WLoh2<4T^C&#+OAZ!ErX@V;G4!@sQzVK$AIdQvbmW;T)z z&ivHiY$e#e4q;1ZXI_%K6|+Q4J&Qu!Z`g+5YQ5U+ElJwcn*z4z3|v3V3U0XOIg4s> z^WN%;wy&}YOc(abB=v;gwimlOdZ})I=#K<3K$T336J*{Sv@1~%QJndMg^S=3+bU}g z5pLG@ZQ9kZSMj}9-!;~1r7O0^a&lu?t1nw7T3TN2wDgR~xJO@zj=s>YaE(jrySRRu zd@S7dHSSv#AKvz431@MbQ{RwMcuA11eAgGacjlYc5;pa78w_IDS3cBQCz&vP&EqnY z@e-dihQ1$pk6o}M*zIk9Rq(0fcBM(ld6xU;iUHQtpyHnL;*#hRuCe1>tzcsDQO}6G z!-OCD*%CUA2VaYg{BW9h1Od6V^`2;%FmZUK)|c7ExM1iTjULIuTNr72{A{J>rq_6~ z-$rs)__KvH6iXS)nOKTPvxiIIDsc!3m9wN8rx8s#3=R6%`cJb6in_jDpFXorU6goc z5I0##gl<%D#`qBAz?%w{#Mpjf$NEz1p|{WzAN8Bn>M2|jw5er1X)G`(l)YANa;1@! z!0y|^St48bc0o&5?tYzqqZmtC1A#CJKrRLnkG++|D>@xX;*qM0J!<~{mq1V>5RFYg L*CZ4sDkSxP`AKq7